2010-08-06 17:37:28 +00:00
|
|
|
# $Id$
|
|
|
|
|
|
|
|
require 'rex/socket'
|
|
|
|
require 'rex/proto/dhcp'
|
|
|
|
|
|
|
|
module Rex
|
|
|
|
module Proto
|
|
|
|
module DHCP
|
|
|
|
|
|
|
|
##
|
|
|
|
#
|
|
|
|
# DHCP Server class
|
|
|
|
# not completely configurable - written specifically for a PXE server
|
|
|
|
# - scriptjunkie
|
|
|
|
##
|
|
|
|
|
|
|
|
class Server
|
|
|
|
|
|
|
|
include Rex::Socket
|
|
|
|
|
|
|
|
def initialize(hash, context = {})
|
|
|
|
self.listen_host = '0.0.0.0' # clients don't already have addresses. Needs to be 0.0.0.0
|
2010-08-14 20:21:14 +00:00
|
|
|
self.listen_port = 67 # mandatory (bootps)
|
2010-08-06 17:37:28 +00:00
|
|
|
self.context = context
|
|
|
|
self.sock = nil
|
|
|
|
|
|
|
|
@shutting_down = false
|
|
|
|
|
|
|
|
self.myfilename = hash['FILENAME'] || ""
|
|
|
|
self.myfilename << ("\x00" * (128 - self.myfilename.length))
|
|
|
|
|
|
|
|
source = hash['SRVHOST'] || Rex::Socket.source_address
|
|
|
|
self.ipstring = Rex::Socket.addr_aton(source)
|
|
|
|
|
2010-09-08 17:06:31 +00:00
|
|
|
ipstart = hash['DHCPIPSTART']
|
|
|
|
if ipstart
|
|
|
|
self.start_ip = Rex::Socket.addr_atoi(ipstart)
|
|
|
|
else
|
2010-11-02 22:37:11 +00:00
|
|
|
# Use the first 3 octects of the server's IP to construct the
|
|
|
|
# default range of x.x.x.32-254
|
|
|
|
self.start_ip = "#{self.ipstring[0..2]}\x20".unpack("N").first
|
2010-09-08 17:06:31 +00:00
|
|
|
end
|
2010-08-06 17:37:28 +00:00
|
|
|
self.current_ip = start_ip
|
2010-08-07 06:45:02 +00:00
|
|
|
|
2010-09-08 17:06:31 +00:00
|
|
|
ipend = hash['DHCPIPEND']
|
|
|
|
if ipend
|
|
|
|
self.end_ip = Rex::Socket.addr_atoi(ipend)
|
|
|
|
else
|
2010-11-02 22:37:11 +00:00
|
|
|
# Use the first 3 octects of the server's IP to construct the
|
|
|
|
# default range of x.x.x.32-254
|
|
|
|
self.end_ip = "#{self.ipstring[0..2]}\xfe".unpack("N").first
|
2010-09-08 17:06:31 +00:00
|
|
|
end
|
2010-08-06 17:37:28 +00:00
|
|
|
|
|
|
|
# netmask
|
|
|
|
netmask = hash['NETMASK'] || "255.255.255.0"
|
|
|
|
self.netmaskn = Rex::Socket.addr_aton(netmask)
|
|
|
|
|
2010-08-13 03:11:30 +00:00
|
|
|
# router
|
|
|
|
router = hash['ROUTER'] || source
|
|
|
|
self.router = Rex::Socket.addr_aton(router)
|
|
|
|
|
|
|
|
# dns
|
|
|
|
dnsserv = hash['DNSSERVER'] || source
|
|
|
|
self.dnsserv = Rex::Socket.addr_aton(dnsserv)
|
|
|
|
|
2010-08-26 19:34:53 +00:00
|
|
|
# broadcast
|
|
|
|
if hash['BROADCAST']
|
|
|
|
self.broadcasta = Rex::Socket.addr_aton(hash['BROADCAST'])
|
|
|
|
else
|
|
|
|
self.broadcasta = Rex::Socket.addr_itoa( self.start_ip | (Rex::Socket.addr_ntoi(self.netmaskn) ^ 0xffffffff) )
|
|
|
|
end
|
2010-08-06 17:37:28 +00:00
|
|
|
|
|
|
|
self.served = {}
|
|
|
|
if (hash['SERVEONCE'])
|
|
|
|
self.serveOnce = true
|
|
|
|
else
|
|
|
|
self.serveOnce = false
|
|
|
|
end
|
2010-08-07 06:45:02 +00:00
|
|
|
|
|
|
|
if (hash['PXE'])
|
|
|
|
self.servePXE = true
|
|
|
|
else
|
|
|
|
self.servePXE = false
|
|
|
|
end
|
|
|
|
|
|
|
|
self.leasetime = 600
|
|
|
|
self.relayip = "\x00\x00\x00\x00" # relay ip - not currently suported
|
|
|
|
self.pxeconfigfile = "update2"
|
|
|
|
self.pxepathprefix = ""
|
|
|
|
self.pxereboottime = 2000
|
2010-08-06 17:37:28 +00:00
|
|
|
end
|
|
|
|
|
2010-08-07 06:45:02 +00:00
|
|
|
|
2010-08-06 17:37:28 +00:00
|
|
|
# Start the DHCP server
|
|
|
|
def start
|
|
|
|
self.sock = Rex::Socket::Udp.create(
|
|
|
|
'LocalHost' => listen_host,
|
|
|
|
'LocalPort' => listen_port,
|
2010-08-23 16:45:38 +00:00
|
|
|
'Context' => context
|
2010-08-06 17:37:28 +00:00
|
|
|
)
|
|
|
|
|
2010-11-12 06:19:49 +00:00
|
|
|
self.thread = Rex::ThreadFactory.spawn("DHCPServerMonitor", false) {
|
2010-08-06 17:37:28 +00:00
|
|
|
monitor_socket
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
# Stop the DHCP server
|
|
|
|
def stop
|
|
|
|
@shutting_down = true
|
|
|
|
self.thread.kill
|
2010-08-27 04:44:02 +00:00
|
|
|
self.sock.close rescue nil
|
2010-08-06 17:37:28 +00:00
|
|
|
end
|
|
|
|
|
2010-08-07 06:45:02 +00:00
|
|
|
|
|
|
|
# Set an option
|
|
|
|
def set_option(opts)
|
|
|
|
allowed_options = [
|
2010-08-13 03:11:30 +00:00
|
|
|
:serveOnce, :servePXE, :relayip, :leasetime, :dnsserv,
|
|
|
|
:pxeconfigfile, :pxepathprefix, :pxereboottime, :router
|
2010-08-07 06:45:02 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
opts.each_pair { |k,v|
|
|
|
|
next if not v
|
|
|
|
if allowed_options.include?(k)
|
|
|
|
self.instance_variable_set("@#{k}", v)
|
|
|
|
end
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
|
2010-08-06 17:37:28 +00:00
|
|
|
# Send a single packet to the specified host
|
2010-08-14 06:42:17 +00:00
|
|
|
def send_packet(ip, pkt)
|
2010-08-14 20:21:14 +00:00
|
|
|
port = 68 # bootpc
|
2010-08-14 06:42:17 +00:00
|
|
|
if ip
|
2010-08-14 20:21:14 +00:00
|
|
|
self.sock.sendto( pkt, ip, port )
|
2010-08-14 06:42:17 +00:00
|
|
|
else
|
2010-08-26 19:34:53 +00:00
|
|
|
if not self.sock.sendto( pkt, '255.255.255.255', port )
|
|
|
|
self.sock.sendto( pkt, self.broadcasta, port )
|
|
|
|
end
|
2010-08-14 06:42:17 +00:00
|
|
|
end
|
2010-08-06 17:37:28 +00:00
|
|
|
end
|
|
|
|
|
2010-08-13 03:11:30 +00:00
|
|
|
attr_accessor :listen_host, :listen_port, :context, :leasetime, :relayip, :router, :dnsserv
|
2010-08-06 17:37:28 +00:00
|
|
|
attr_accessor :sock, :thread, :myfilename, :ipstring, :served, :serveOnce
|
|
|
|
attr_accessor :current_ip, :start_ip, :end_ip, :broadcasta, :netmaskn
|
2010-08-07 06:45:02 +00:00
|
|
|
attr_accessor :servePXE, :pxeconfigfile, :pxepathprefix, :pxereboottime
|
2010-08-06 17:37:28 +00:00
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
|
|
|
|
|
|
# See if there is anything to do.. If so, dispatch it.
|
|
|
|
def monitor_socket
|
|
|
|
while true
|
|
|
|
rds = [@sock]
|
|
|
|
wds = []
|
|
|
|
eds = [@sock]
|
|
|
|
|
|
|
|
r,w,e = ::IO.select(rds,wds,eds,1)
|
|
|
|
|
|
|
|
if (r != nil and r[0] == self.sock)
|
|
|
|
buf,host,port = self.sock.recvfrom(65535)
|
|
|
|
# Lame compatabilitiy :-/
|
|
|
|
from = [host, port]
|
|
|
|
dispatch_request(from, buf)
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2010-08-07 06:45:02 +00:00
|
|
|
def dhcpoption(type, val = nil)
|
|
|
|
ret = ''
|
|
|
|
ret << [type].pack('C')
|
|
|
|
|
|
|
|
if val
|
|
|
|
ret << [val.length].pack('C') + val
|
|
|
|
end
|
|
|
|
|
|
|
|
ret
|
2010-08-06 17:37:28 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# Dispatch a packet that we received
|
|
|
|
def dispatch_request(from, buf)
|
2010-08-23 16:45:38 +00:00
|
|
|
type = buf.unpack('C').first
|
2010-08-14 06:42:17 +00:00
|
|
|
if (type != Request)
|
2010-08-06 17:37:28 +00:00
|
|
|
#dlog("Unknown DHCP request type: #{type}")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# parse out the members
|
2010-08-23 16:45:38 +00:00
|
|
|
hwtype = buf[1,1]
|
|
|
|
hwlen = buf[2,1].unpack("C").first
|
|
|
|
hops = buf[3,1]
|
2010-08-06 17:37:28 +00:00
|
|
|
txid = buf[4..7]
|
|
|
|
elapsed = buf[8..9]
|
|
|
|
flags = buf[10..11]
|
|
|
|
clientip = buf[12..15]
|
|
|
|
givenip = buf[16..19]
|
|
|
|
nextip = buf[20..23]
|
|
|
|
relayip = buf[24..27]
|
|
|
|
clienthwaddr = buf[28..(27+hwlen)]
|
|
|
|
servhostname = buf[44..107]
|
|
|
|
filename = buf[108..235]
|
|
|
|
magic = buf[236..239]
|
|
|
|
|
2010-08-07 06:45:02 +00:00
|
|
|
if (magic != DHCPMagic)
|
2010-08-06 17:37:28 +00:00
|
|
|
#dlog("Invalid DHCP request - bad magic.")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
messageType = 0
|
|
|
|
pxeclient = false
|
|
|
|
|
|
|
|
# options parsing loop
|
|
|
|
spot = 240
|
2011-02-12 22:25:02 +00:00
|
|
|
while (spot < buf.length - 3)
|
2010-08-23 16:45:38 +00:00
|
|
|
optionType = buf[spot,1].unpack("C").first
|
2011-02-12 22:25:02 +00:00
|
|
|
break if optionType == 0xff
|
|
|
|
|
2010-08-23 16:45:38 +00:00
|
|
|
optionLen = buf[spot + 1,1].unpack("C").first
|
2010-08-06 17:37:28 +00:00
|
|
|
optionValue = buf[(spot + 2)..(spot + optionLen + 1)]
|
|
|
|
spot = spot + optionLen + 2
|
|
|
|
if optionType == 53
|
2010-08-14 06:42:17 +00:00
|
|
|
messageType = optionValue.unpack("C").first
|
2010-08-06 17:37:28 +00:00
|
|
|
elsif optionType == 150
|
|
|
|
pxeclient = true
|
|
|
|
end
|
|
|
|
end
|
2010-08-07 06:45:02 +00:00
|
|
|
|
|
|
|
if pxeclient == false && self.servePXE == true
|
2010-08-06 17:37:28 +00:00
|
|
|
#dlog ("No tftp server request; ignoring (probably not PXE client)")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# prepare response
|
2010-08-07 06:45:02 +00:00
|
|
|
pkt = [Response].pack('C')
|
2010-08-06 17:37:28 +00:00
|
|
|
pkt << buf[1..7] #hwtype, hwlen, hops, txid
|
|
|
|
pkt << "\x00\x00\x00\x00" #elapsed, flags
|
|
|
|
pkt << clientip
|
2011-03-20 00:33:02 +00:00
|
|
|
if messageType == DHCPDiscover
|
|
|
|
# give next ip address (not super reliable high volume but it should work for a basic server)
|
|
|
|
self.current_ip += 1
|
|
|
|
if self.current_ip > self.end_ip
|
|
|
|
self.current_ip = self.start_ip
|
|
|
|
end
|
2010-08-06 17:37:28 +00:00
|
|
|
end
|
|
|
|
pkt << Rex::Socket.addr_iton(self.current_ip)
|
|
|
|
pkt << self.ipstring #next server ip
|
2010-08-07 06:45:02 +00:00
|
|
|
pkt << self.relayip
|
2010-08-06 17:37:28 +00:00
|
|
|
pkt << buf[28..43] #client hw address
|
|
|
|
pkt << servhostname
|
|
|
|
pkt << self.myfilename
|
|
|
|
pkt << magic
|
|
|
|
pkt << "\x35\x01" #Option
|
2010-08-07 06:45:02 +00:00
|
|
|
|
|
|
|
if messageType == DHCPDiscover #DHCP Discover - send DHCP Offer
|
|
|
|
pkt << [DHCPOffer].pack('C')
|
2010-08-06 17:37:28 +00:00
|
|
|
# check if already served based on hw addr (MAC address)
|
2010-08-14 06:42:17 +00:00
|
|
|
if self.serveOnce == true && self.served.has_key?(buf[28..43])
|
2010-08-06 17:37:28 +00:00
|
|
|
#dlog ("Already served; allowing normal boot")
|
|
|
|
return
|
|
|
|
end
|
2010-08-07 06:45:02 +00:00
|
|
|
elsif messageType == DHCPRequest #DHCP Request - send DHCP ACK
|
|
|
|
pkt << [DHCPAck].pack('C')
|
2010-08-14 06:42:17 +00:00
|
|
|
# now we ignore their discovers (but we'll respond to requests in case a packet was lost)
|
|
|
|
self.served.merge!( buf[28..43] => true )
|
2010-08-06 17:37:28 +00:00
|
|
|
else
|
|
|
|
#dlog("ignoring unknown DHCP request - type #{messageType}")
|
|
|
|
return
|
|
|
|
end
|
2010-08-07 06:45:02 +00:00
|
|
|
|
|
|
|
# Options!
|
|
|
|
pkt << dhcpoption(OpDHCPServer, self.ipstring)
|
|
|
|
pkt << dhcpoption(OpLeaseTime, [self.leasetime].pack('N'))
|
|
|
|
pkt << dhcpoption(OpSubnetMask, self.netmaskn)
|
2010-08-13 03:11:30 +00:00
|
|
|
pkt << dhcpoption(OpRouter, self.router)
|
|
|
|
pkt << dhcpoption(OpDns, self.dnsserv)
|
2010-08-07 06:45:02 +00:00
|
|
|
pkt << dhcpoption(OpPXEMagic, PXEMagic)
|
|
|
|
pkt << dhcpoption(OpPXEConfigFile, self.pxeconfigfile)
|
|
|
|
pkt << dhcpoption(OpPXEPathPrefix, self.pxepathprefix)
|
|
|
|
pkt << dhcpoption(OpPXERebootTime, [self.pxereboottime].pack('N'))
|
|
|
|
pkt << dhcpoption(OpEnd)
|
|
|
|
|
2010-08-06 17:37:28 +00:00
|
|
|
pkt << ("\x00" * 32) #padding
|
2010-08-07 06:45:02 +00:00
|
|
|
|
2010-08-18 23:35:28 +00:00
|
|
|
send_packet(nil, pkt)
|
2010-08-06 17:37:28 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|