rpms/dhcp
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Put dhcp.schema in /etc/openldap/schema (#330471)

Browse Source 
- Remove manpages patch and keep modified man pages as Source files
- Improve dhclient.8 man page to list options in a style consistent with
    most other man pages on the planet
- Upgrade to latest dhcp LDAP patch, which brings in a new
    dhcpd-conf-to-ldap script, updated schema file, and other bug fixes
    including SSL support for LDAP authentication (#375711)
- Do not run dhcpd and dhcrelay services by default (#362321)
This commit is contained in:
David Cantrell 2007-11-12 23:16:08 +00:00
parent 1c9504e307
commit 35ba231dc0
15 changed files with 8632 additions and 1129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
README.ldap
View File

@ -1,51 +1,61 @@
LDAP Support in DHCP
Brian Masney <masneyb@ntelos.net>
Last updated 8/16/2002
Last updated 3/23/2003
This document describes setting up the DHCP server to read it's configuration
from LDAP. This work is based on the IETF document
draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the latest
version of this document, please see http://home.ntelos.net/~masneyb.
This document describes setting up the DHCP server to read it's configuration
from LDAP. This work is based on the IETF document
draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the
latest version of this document, please see http://home.ntelos.net/~masneyb.
First question on most people's mind is "Why do I want to store my
configuration in LDAP?" If you run a small DHCP server, and the configuration
First question on most people's mind is "Why do I want to store my
configuration in LDAP?" If you run a small DHCP server, and the configuration
on it rarely changes, then you won't need to store your configuration in LDAP.
But, if you have several DHCP servers, and you want an easy way to manage your
configuration, this can be a solution.
But, if you have several DHCP servers, and you want an easy way to manage your
configuration, this can be a solution.
The first step will be to setup your LDAP server. I am using OpenLDAP from
www.openldap.org. Building and installing OpenLDAP is beyond the scope of this
document. There is plenty of documentation out there about this. Once you have
OpenLDAP installed, you will have to edit your slapd.conf file. I added the
following 2 lines to my configuration file:
The first step will be to setup your LDAP server. I am using OpenLDAP from
www.openldap.org. Building and installing OpenLDAP is beyond the scope of
this document. There is plenty of documentation out there about this. Once
you have OpenLDAP installed, you will have to edit your slapd.conf file. I
added the following 2 lines to my configuration file:
include /etc/ldap/schema/dhcp.schema
index dhcpHWAddress eq
index dhcpClassData eq
index dhcpHWAddress eq
index dhcpClassData eq
The first line tells it to include the dhcp schema file. You will find this
file under the contrib directory in this distribution. You will need to copy
The first line tells it to include the dhcp schema file. You will find this
file under the contrib directory in this distribution. You will need to copy
this file to where your other schema files are (maybe
/usr/local/openldap/etc/openldap/schema/). The second line sets up
an index for the dhcpHWAddress parameter. The third parameter is for reading
subclasses from LDAP every time a DHCP request comes in. Make sure you run the
slapindex command and restart slapd to have these changes to into effect.
/usr/local/openldap/etc/openldap/schema/). The second line sets up an index
for the dhcpHWAddress parameter. The third parameter is for reading subclasses
from LDAP every time a DHCP request comes in. Make sure you run the slapindex
command and restart slapd to have these changes to into effect.
Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/)
to verify that the dhcp schema file is loaded into LDAP. Pull up gq, and click
on the Schema tab. Go under objectClasses, and you should see at least the
following object classes listed: dhcpClass, dhcpGroup, dhcpHost, dhcpOptions,
dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and
dhcpSubnet. If you do not see these, you need to check over your LDAP
configuration before you go any further.
Now that you have LDAP setup, you should be able to use gq
(http://biot.com/gq/) to verify that the dhcp schema file is loaded into LDAP.
Pull up gq, and click on the Schema tab. Go under objectClasses, and you
should see at least the following object classes listed: dhcpClass, dhcpGroup,
dhcpHost, dhcpOptions, dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork,
dhcpSubClass, and dhcpSubnet. If you do not see these, you need to check over
your LDAP configuration before you go any further.
You should be ready to build DHCP. Edit the includes/site.h file and uncomment
the #define LDAP_CONFIGURATION. Now run configure in the base source directory.
Edit the work.os/server/Makefile and add -lldap to the LIBS= line. (replace os
with your operating system, linux-2.2 on my machine). You should be able to
type make to build your DHCP server.
You should now be ready to build DHCP. If you would like to enable LDAP over
SSL, you will need to perform the following steps:
Once you have DHCP installed, you will need to setup your initial plaintext
* Edit the includes/site.h file and uncomment the USE_SSL line
or specify "-DUSE_SSL" via CFLAGS.
* Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
from the SRC= and OBJ= lines (around line 24)
* Now run configure in the base source directory. If you chose to enable
LDAP over SSL, you must append -lcrypto -lssl to the LIBS= line in the
file work.os/server/Makefile (replace os with your operating system,
linux-2.2 on my machine). You should now be able to type make to build
your DHCP server.
If you choose to not enable LDAP over SSL, then you only need to run configure
and make in the toplevel source directory.
Once you have DHCP installed, you will need to setup your initial plaintext
config file. In my /etc/dhcpd.conf file, I have:
ldap-server "localhost";
@ -54,23 +64,48 @@ ldap-username "cn=DHCP User, dc=ntelos, dc=net";
ldap-password "blah";
ldap-base-dn "dc=ntelos, dc=net";
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";
If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
server trys to use TLS if possible, but continues without TLS if not.
You can modify this behaviour using following option in /etc/dhcpd.conf:
ldap-ssl <off | ldaps | start_tls | on>
off: disables TLS/LDAPS.
ldaps: enables LDAPS -- don't forget to set ldap-port to 636.
start_tls: enables TLS using START_TLS command
on: enables LDAPS if ldap-port is set to 636 or TLS in
other cases.
See also "man 5 ldap.conf" for description the following TLS related
options:
ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
All of these parameters should be self explanatory except for the ldap-method.
You can set this to static or dynamic. If you set it to static, the
configuration is read once on startup, and LDAP isn't used anymore. But, if you
set this to dynamic, the configuration is read once on startup, and the
hosts that are stored in LDAP are looked up every time a DHCP request comes in.
You can set this to static or dynamic. If you set it to static, the
configuration is read once on startup, and LDAP isn't used anymore. But, if
you set this to dynamic, the configuration is read once on startup, and the
hosts that are stored in LDAP are looked up every time a DHCP request comes
in.
When the optional statement ldap-debug-file is specified, on startup the DHCP
server will write out the configuration that it generated from LDAP. If you
are getting errors about your LDAP configuration, this is a good place to
start looking.
The next step is to set up your LDAP tree. Here is an example config that will
give a 10.100.0.x address to machines that have a host entry in LDAP.
Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace
dc=ntelos, dc=net with your base dn). If you would like to convert your
existing dhcpd.conf file to LDIF format, there is a script
contrib/dhcpd-conf-to-ldap.pl that will convert it for you.
give a 10.100.0.x address to machines that have a host entry in LDAP.
Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace
dc=ntelos, dc=net with your base dn). If you would like to convert your
existing dhcpd.conf file to LDIF format, there is a script
contrib/dhcpd-conf-to-ldap.pl that will convert it for you. Type
dhcpd-conf-to-ldap.pl --help to see the usage information for this script.
# You must specify the server's host name in LDAP that you are going to run
# DHCP on and point it to which config tree you want to use. Whenever DHCP
# first starts up, it will do a search for this entry to find out which
# DHCP on and point it to which config tree you want to use. Whenever DHCP
# first starts up, it will do a search for this entry to find out which
# config to use
dn: cn=brian.ntelos.net, dc=ntelos, dc=net
objectClass: top
@ -78,13 +113,13 @@ objectClass: dhcpServer
cn: brian.ntelos.net
dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
# Here is the config tree that brian.ntelos.net points to.
# Here is the config tree that brian.ntelos.net points to.
dn: cn=DHCP Service Config, dc=ntelos, dc=net
cn: DHCP Service Config
objectClass: top
objectClass: dhcpService
dhcpPrimaryDN: dc=ntelos, dc=net
dhcpStatements: ddns-update-style ad-hoc
dhcpStatements: ddns-update-style none
dhcpStatements: default-lease-time 600
dhcpStatements: max-lease-time 7200
@ -94,7 +129,7 @@ cn: WV
objectClass: top
objectClass: dhcpSharedNetwork
# Set up a subnet declaration with a pool statement. Also note that we have
# Set up a subnet declaration with a pool statement. Also note that we have
# a dhcpOptions object with this entry
dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
cn: 10.100.0.0
@ -107,7 +142,7 @@ dhcpOption: subnet-mask 255.255.255.0
dhcpOption: broadcast-address 10.100.0.255
dhcpNetMask: 24
# Set up a pool for this subnet. Only known hosts will get these IPs
# Set up a pool for this subnet. Only known hosts will get these IPs
dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
cn: Known Pool
objectClass: top

255
dhclient-script.8 Normal file
View File

@ -0,0 +1,255 @@
.\" dhclient-script.8
.\"
.\" Copyright (c) 2004-2005 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 1996-2003 by Internet Software Consortium
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" Internet Systems Consortium, Inc.
.\" 950 Charter Street
.\" Redwood City, CA 94063
.\" <info@isc.org>
.\" http://www.isc.org/
.\"
.\" This software has been written for Internet Systems Consortium
.\" by Ted Lemon in cooperation with Vixie Enterprises and Nominum, Inc.
.\" To learn more about Internet Systems Consortium, see
.\" ``http://www.isc.org/''. To learn more about Vixie Enterprises,
.\" see ``http://www.vix.com''. To learn more about Nominum, Inc., see
.\" ``http://www.nominum.com''.
.\"
.\" $Id: dhclient-script.8,v 1.11 2006/02/24 23:16:27 dhankins Exp $
.\"
.TH dhclient-script 8
.SH NAME
dhclient-script - DHCP client network configuration script
.SH DESCRIPTION
The DHCP client network configuration script is invoked from time to
time by \fBdhclient(8)\fR. This script is used by the dhcp client to
set each interface's initial configuration prior to requesting an
address, to test the address once it has been offered, and to set the
interface's final configuration once a lease has been acquired. If no
lease is acquired, the script is used to test predefined leases, if
any, and also called once if no valid lease can be identified.
.PP
This script is not meant to be customized by the end user. If local
customizations are needed, they should be possible using the enter and
exit hooks provided (see HOOKS for details). These hooks will allow the
user to override the default behaviour of the client in creating a
.B /etc/resolv.conf
file, and to handle DHCP options not handled by default.
.PP
No standard client script exists for some operating systems, even though
the actual client may work, so a pioneering user may well need to create
a new script or modify an existing one. In general, customizations specific
to a particular computer should be done in the
.B ETCDIR/dhclient.conf
file. If you find that you can't make such a customization without
customizing
.B ETCDIR/dhclient.conf
or using the enter and exit hooks, please submit a bug report.
.SH HOOKS
When it starts, the client script first defines a shell function,
.B make_resolv_conf ,
which is later used to create the
.B /etc/resolv.conf
file. To override the default behaviour, redefine this function in
the enter hook script.
.PP
On after defining the make_resolv_conf function, the client script checks
for the presence of an executable
.B ETCDIR/dhclient-enter-hooks
script, and if present, it invokes the script inline, using the Bourne
shell '.' command. The entire environment documented under OPERATION
is available to this script, which may modify the environment if needed
to change the behaviour of the script. If an error occurs during the
execution of the script, it can set the exit_status variable to a nonzero
value, and
.B CLIENTBINDIR/dhclient-script
will exit with that error code immediately after the client script exits.
.PP
After all processing has completed,
.B CLIENTBINDIR/dhclient-script
checks for the presence of an executable
.B ETCDIR/dhclient-exit-hooks
script, which if present is invoked using the '.' command. The exit
status of dhclient-script will be passed to dhclient-exit-hooks in the
exit_status shell variable, and will always be zero if the script
succeeded at the task for which it was invoked. The rest of the
environment as described previously for dhclient-enter-hooks is also
present. The
.B ETCDIR/dhclient-exit-hooks
script can modify the valid of exit_status to change the exit status
of dhclient-script.
.PP
Immediately after dhclient brings an interface UP with a new IP address,
subnet mask, and routes, in the REBOOT/BOUND states, it will check for the
existence of an executable
.B ETCDIR/dhclient-up-hooks
script, and source it if found. This script can handle DHCP options in
the environment that are not handled by default. A per-interface.
.B ETCDIR/dhclient-${IF}-up-hooks
script will override the generic script and be sourced when interface
$IF has been brought up.
.PP
Immediately before dhclient brings an interface DOWN, removing its IP
address, subnet mask, and routes, in the STOP/RELEASE states, it will
check for the existence of an executable
.B ETCDIR/dhclient-down-hooks
script, and source it if found. This script can handle DHCP options in
the environment that are not handled by default. A per-interface
.B ETCDIR/dhclient-${IF}-down-hooks
script will override the generic script and be sourced when interface
$IF is about to be brought down.
.SH OPERATION
When dhclient needs to invoke the client configuration script, it
defines a set of variables in the environment, and then invokes
.B CLIENTBINDIR/dhclient-script.
In all cases, $reason is set to the name of the reason why the script
has been invoked. The following reasons are currently defined:
MEDIUM, PREINIT, BOUND, RENEW, REBIND, REBOOT, EXPIRE, FAIL, STOP, RELEASE,
NBI and TIMEOUT.
.PP
.SH MEDIUM
The DHCP client is requesting that an interface's media type
be set. The interface name is passed in $interface, and the media
type is passed in $medium.
.SH PREINIT
The DHCP client is requesting that an interface be configured as
required in order to send packets prior to receiving an actual
address. For clients which use the BSD socket library, this means
configuring the interface with an IP address of 0.0.0.0 and a
broadcast address of 255.255.255.255. For other clients, it may be
possible to simply configure the interface up without actually giving
it an IP address at all. The interface name is passed in $interface,
and the media type in $medium.
.PP
If an IP alias has been declared in dhclient.conf, its address will be
passed in $alias_ip_address, and that ip alias should be deleted from
the interface, along with any routes to it.
.SH BOUND
The DHCP client has done an initial binding to a new address. The
new ip address is passed in $new_ip_address, and the interface name is
passed in $interface. The media type is passed in $medium. Any
options acquired from the server are passed using the option name
described in \fBdhcp-options\fR, except that dashes ('-') are replaced
by underscores ('_') in order to make valid shell variables, and the
variable names start with new_. So for example, the new subnet mask
would be passed in $new_subnet_mask.
.PP
Before actually configuring the address, dhclient-script should
somehow ARP for it and exit with a nonzero status if it receives a
reply. In this case, the client will send a DHCPDECLINE message to
the server and acquire a different address. This may also be done in
the RENEW, REBIND, or REBOOT states, but is not required, and indeed
may not be desirable.
.PP
When a binding has been completed, a lot of network parameters are
likely to need to be set up. A new /etc/resolv.conf needs to be
created, using the values of $new_domain_name and
$new_domain_name_servers (which may list more than one server,
separated by spaces). A default route should be set using
$new_routers, and static routes may need to be set up using
$new_static_routes.
.PP
If an IP alias has been declared, it must be set up here. The alias
IP address will be written as $alias_ip_address, and other DHCP
options that are set for the alias (e.g., subnet mask) will be passed
in variables named as described previously except starting with
$alias_ instead of $new_. Care should be taken that the alias IP
address not be used if it is identical to the bound IP address
($new_ip_address), since the other alias parameters may be incorrect
in this case.
.SH RENEW
When a binding has been renewed, the script is called as in BOUND,
except that in addition to all the variables starting with $new_,
there is another set of variables starting with $old_. Persistent
settings that may have changed need to be deleted - for example, if a
local route to the bound address is being configured, the old local
route should be deleted. If the default route has changed, the old default
route should be deleted. If the static routes have changed, the old
ones should be deleted. Otherwise, processing can be done as with
BOUND.
.SH REBIND
The DHCP client has rebound to a new DHCP server. This can be handled
as with RENEW, except that if the IP address has changed, the ARP
table should be cleared.
.SH REBOOT
The DHCP client has successfully reacquired its old address after a
reboot. This can be processed as with BOUND.
.SH EXPIRE
The DHCP client has failed to renew its lease or acquire a new one,
and the lease has expired. The IP address must be relinquished, and
all related parameters should be deleted, as in RENEW and REBIND.
.SH FAIL
The DHCP client has been unable to contact any DHCP servers, and any
leases that have been tested have not proved to be valid. The
parameters from the last lease tested should be deconfigured. This
can be handled in the same way as EXPIRE.
.SH STOP
The dhclient has been informed to shut down gracefully, the
dhclient-script should unconfigure or shutdown the interface as
appropriate.
.SH RELEASE
The dhclient has been executed using the -r flag, indicating that the
administrator wishes it to release its lease(s). dhclient-script should
unconfigure or shutdown the interface.
.SH NBI
No-Broadcast-Interfaces...dhclient was unable to find any interfaces
upon which it believed it should commence DHCP. What dhclient-script
should do in this situation is entirely up to the implementor.
.SH TIMEOUT
The DHCP client has been unable to contact any DHCP servers.
However, an old lease has been identified, and its parameters have
been passed in as with BOUND. The client configuration script should
test these parameters and, if it has reason to believe they are valid,
should exit with a value of zero. If not, it should exit with a
nonzero value.
.PP
The usual way to test a lease is to set up the network as with REBIND
(since this may be called to test more than one lease) and then ping
the first router defined in $routers. If a response is received, the
lease must be valid for the network to which the interface is
currently connected. It would be more complete to try to ping all of
the routers listed in $new_routers, as well as those listed in
$new_static_routes, but current scripts do not do this.
.SH FILES
Each operating system should generally have its own script file,
although the script files for similar operating systems may be similar
or even identical. The script files included in Internet
Systems Consortium DHCP distribution appear in the distribution tree
under client/scripts, and bear the names of the operating systems on
which they are intended to work.
.SH BUGS
If more than one interface is being used, there's no obvious way to
avoid clashes between server-supplied configuration parameters - for
example, the stock dhclient-script rewrites /etc/resolv.conf. If
more than one interface is being configured, /etc/resolv.conf will be
repeatedly initialized to the values provided by one server, and then
the other. Assuming the information provided by both servers is
valid, this shouldn't cause any real problems, but it could be
confusing.
.SH SEE ALSO
dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
dhclient.leases(5).
.SH AUTHOR
.B dhclient-script(8)
has been written for Internet Systems Consortium
by Ted Lemon in cooperation with Vixie
Enterprises. To learn more about Internet Systems Consortium,
see
.B http://www.isc.org.
To learn more about Vixie
Enterprises, see
.B http://www.vix.com.

428
dhclient.8 Normal file
View File

@ -0,0 +1,428 @@
.\" dhclient.8
.\"
.\" Copyright (c) 2004,2007 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 1996-2003 by Internet Software Consortium
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" Internet Systems Consortium, Inc.
.\" 950 Charter Street
.\" Redwood City, CA 94063
.\" <info@isc.org>
.\" http://www.isc.org/
.\"
.\" Support and other services are available for ISC products - see
.\" http://www.isc.org for more information.
.\"
.\" $Id: dhclient.8,v 1.18.116.4 2007/05/23 23:30:32 each Exp $
.\"
.TH dhclient 8
.SH NAME
dhclient - Dynamic Host Configuration Protocol Client
.SH SYNOPSIS
.B dhclient
[
.B -p
.I port
]
[
.B -d
]
[
.B -e
.I VAR=value
]
[
.B -q
]
[
.B -1
]
[
.B -r
]
[
.B -x
]
[
.B -lf
.I lease-file
]
[
.B -pf
.I pid-file
]
[
.B -cf
.I config-file
]
[
.B -sf
.I script-file
]
[
.B -s
server
]
[
.B -g
relay
]
[
.B -n
]
[
.B -nw
]
[
.B -w
]
[
.B -B
]
[
.B -I
.I dhcp-client-identifier
]
[
.B -H
.I host-name
.R |
.B -F fqdn.fqdn
]
[
.B -V
.I vendor-class-identifier
]
[
.B -R
.I request option list
]
[
.B -T
.I timeout
]
[
.I if0
[
.I ...ifN
]
]
.SH DESCRIPTION
The Internet Systems Consortium DHCP Client, dhclient, provides a
means for configuring one or more network interfaces using the Dynamic
Host Configuration Protocol, BOOTP protocol, or if these protocols
fail, by statically assigning an address.
.SH OPERATION
.PP
The DHCP protocol allows a host to contact a central server which
maintains a list of IP addresses which may be assigned on one or more
subnets. A DHCP client may request an address from this pool, and
then use it on a temporary basis for communication on network. The
DHCP protocol also provides a mechanism whereby a client can learn
important details about the network to which it is attached, such as
the location of a default router, the location of a name server, and
so on.
.PP
On startup, dhclient reads the
.IR dhclient.conf
for configuration instructions. It then gets a list of all the
network interfaces that are configured in the current system. For
each interface, it attempts to configure the interface using the DHCP
protocol.
.PP
In order to keep track of leases across system reboots and server
restarts, dhclient keeps a list of leases it has been assigned in the
dhclient.leases(5) file. On startup, after reading the dhclient.conf
file, dhclient reads the dhclient.leases file to refresh its memory
about what leases it has been assigned.
.PP
When a new lease is acquired, it is appended to the end of the
dhclient.leases file. In order to prevent the file from becoming
arbitrarily large, from time to time dhclient creates a new
dhclient.leases file from its in-core lease database. The old version
of the dhclient.leases file is retained under the name
.IR dhclient.leases~
until the next time dhclient rewrites the database.
.PP
Old leases are kept around in case the DHCP server is unavailable when
dhclient is first invoked (generally during the initial system boot
process). In that event, old leases from the dhclient.leases file
which have not yet expired are tested, and if they are determined to
be valid, they are used until either they expire or the DHCP server
becomes available.
.PP
A mobile host which may sometimes need to access a network on which no
DHCP server exists may be preloaded with a lease for a fixed
address on that network. When all attempts to contact a DHCP server
have failed, dhclient will try to validate the static lease, and if it
succeeds, will use that lease until it is restarted.
.PP
A mobile host may also travel to some networks on which DHCP is not
available but BOOTP is. In that case, it may be advantageous to
arrange with the network administrator for an entry on the BOOTP
database, so that the host can boot quickly on that network rather
than cycling through the list of old leases.
.PP
The names of the network interfaces that dhclient should attempt to
configure may be specified on the command line. If no interface names
are specified on the command line dhclient will normally identify all
network interfaces, eliminating non-broadcast interfaces if
possible, and attempt to configure each interface.
.PP
It is also possible to specify interfaces by name in the
.B dhclient.conf(5)
file. If interfaces are specified in this way, then the client will
only configure interfaces that are either specified in the
configuration file or on the command line, and will ignore all other
interfaces.
.SH OPTIONS
.TP
.BI \-p\ <port\ number>
The UDP port number the DHCP client should listen and transmit on. If
unspecified,
.B dhclient
uses the default port 68. This option is mostly useful for debugging
purposes. If a different port is specified for the client to listen and
transmit on, the client will also use a different destination port - one
greater than the specified destination port.
.TP
.BI \-d
Force
.B dhclient
to run as a foreground process. This is useful when running the client
under a debugger, or when running it out of inittab on System V systems.
.TP
.BI \-e\ VAR=value
Define additional environment variables for the environment where
dhclient-script executes. You may specify multiple
.B \-e
options on the command line.
.TP
.BI \-q
Suppress all terminal and log output except error messages.
.TP
.BI \-1
Try one to get a lease. On failure, exit with code 2.
.TP
.BI \-r
Tell
.B dhclient
to release the current lease it has from the server. This is not required
by the DHCP protocol, but some ISPs require their clients to notify the
server if they wish to release an assigned IP address.
.TP
.BI \-lf\ <lease-file>
Path to the lease database file. If unspecified, the default
.B DBDIR/dhclient.leases
is used.
.TP
.BI \-pf\ <pid-file>
Path to the process ID file. If unspecified, the default
.B RUNDIR/dhclient.pid
is used.
.TP
.BI \-cf\ <config-file>
Path to the client configuration file. If unspecified, the default
.B ETCDIR/dhclient.conf
is used.
.TP
.BI \-sf\ <script-file>
Path to the network configuration script invoked by
.B dhclient
when it gets a lease. If unspecified, the default
.B CLIENTBINDIR/dhclient-script
is used.
.TP
.BI \-s\ <server>
Specifiy the server IP address or fully qualified domain name to transmit
DHCP protocol messages to. Normally,
.B dhclient
transmits these messages to 255.255.255.255 (the IP limited broadcast
address). Overriding this is mostly useful for debugging purposes.
.TP
.BI \-g\ <relay>
Only for debugging. Set the giaddr field of all packets the client
sends to the IP address specified. This should not be expected to work
in any consistent or useful way.
.TP
.BI \-n
Do not configure any interfaces. Most useful combined with the
.B -w
option.
.TP
.BI \-nw
Become a daemon process immediately (nowait) rather than waiting until an IP
address has been acquired.
.TP
.BI \-w
Keep running even if no network interfaces are found. The
.B omshell
program can be used to notify the client when a network interface has been
added or removed so it can attempt to configure an IP address on that
interface.
.TP
.BI \-B
Set the BOOTP broadcast flag in request packets so servers will always
broadcast replies.
.TP
.BI \-I\ <dhcp-client-identifier>
Specify the dhcp-client-identifier option to send to the DHCP server.
.TP
.BI \-H\ <host-name>
Specify the host-name option to send to the DHCP server. The host-name
string only contains the client's hostname prefix, to which the server will
append the ddns-domainname or domain-name options, if any, to derive the
fully qualified domain name of the client. The
.B -H
option cannot be used with the
.B -F
option.
.TP
.BI \-F\ <fqdn.fqdn>
Specify the fqdn.fqdn option to send to the DHCP server. This option cannot
be used with the
.B -H
option. The fqdn.fqdn option must specify the complete domain name of the
client host, which the server may use for dynamic DNS updates.
.TP
.BI \-V\ <vendor-class-identifier>
Specify the vendor-class-identifier option to send to the DHCP server.
.TP
.BI \-R\ <option>[,<option>...]
Specify the list of options the client is to request from the server. The
option list must be a single string consisting of option names separated
by at least one command and optional space characters. The default option
list is:
.BR
subnet-mask, broadcast-address, time-offset, routers,
.BR
domain-name, domain-name-servers, host-name, nis-domain,
.BR
nis-servers, ntp-servers
The
.B -R
option does not append options to the default request, it overrides the
default request list. Keep this in mind if you want to request an
additional option besides the default request list. You will have to
specify all option names for the
.B -R
parameter.
.TP
.BI \-T\ <timeout>
Specify the time after which
.B dhclient
will decide that no DHCP servers can be contacted when no responses have been
received.
.PP
If the client is killed by a signal (for example at shutdown or reboot)
it won't execute the
.B dhclient-script (8)
at exit. However if you shut the client down gracefully with
.B -r
or
.B -x
it will execute
.B dhclient-script (8)
at shutdown with the specific reason for calling the script set.
.PP
.SH CONFIGURATION
The syntax of the dhclient.conf(5) file is discussed separately.
.SH OMAPI
The DHCP client provides some ability to control it while it is
running, without stopping it. This capability is provided using OMAPI,
an API for manipulating remote objects. OMAPI clients connect to the
client using TCP/IP, authenticate, and can then examine the client's
current status and make changes to it.
.PP
Rather than implementing the underlying OMAPI protocol directly, user
programs should use the dhcpctl API or OMAPI itself. Dhcpctl is a
wrapper that handles some of the housekeeping chores that OMAPI does
not do automatically. Dhcpctl and OMAPI are documented in \fBdhcpctl(3)\fR
and \fBomapi(3)\fR. Most things you'd want to do with the client can
be done directly using the \fBomshell(1)\fR command, rather than
having to write a special program.
.SH THE CONTROL OBJECT
The control object allows you to shut the client down, releasing all
leases that it holds and deleting any DNS records it may have added.
It also allows you to pause the client - this unconfigures any
interfaces the client is using. You can then restart it, which
causes it to reconfigure those interfaces. You would normally pause
the client prior to going into hibernation or sleep on a laptop
computer. You would then resume it after the power comes back.
This allows PC cards to be shut down while the computer is hibernating
or sleeping, and then reinitialized to their previous state once the
computer comes out of hibernation or sleep.
.PP
The control object has one attribute - the state attribute. To shut
the client down, set its state attribute to 2. It will automatically
do a DHCPRELEASE. To pause it, set its state attribute to 3. To
resume it, set its state attribute to 4.
.PP
.SH FILES
.B CLIENTBINDIR/dhclient-script,
.B ETCDIR/dhclient.conf, DBDIR/dhclient.leases, RUNDIR/dhclient.pid,
.B DBDIR/dhclient.leases~.
.SH SEE ALSO
dhcpd(8), dhcrelay(8), dhclient-script(8), dhclient.conf(5),
dhclient.leases(5), dhcp-eval(5).
.SH AUTHOR
.B dhclient(8)
has been written for Internet Systems Consortium
by Ted Lemon in cooperation with Vixie
Enterprises. To learn more about Internet Systems Consortium,
see
.B http://www.isc.org
To learn more about Vixie
Enterprises, see
.B http://www.vix.com.
.PP
This client was substantially modified and enhanced by Elliot Poger
for use on Linux while he was working on the MosquitoNet project at
Stanford.
.PP
The current version owes much to Elliot's Linux enhancements, but
was substantially reorganized and partially rewritten by Ted Lemon
so as to use the same networking framework that the Internet Systems
Consortium DHCP server uses. Much system-specific configuration code
was moved into a shell script so that as support for more operating
systems is added, it will not be necessary to port and maintain
system-specific configuration code to these operating systems - instead,
the shell script can invoke the native tools to accomplish the same
purpose.
.PP

660
dhclient.conf.5 Normal file
View File

@ -0,0 +1,660 @@
.\" $Id: dhclient.conf.5,v 1.17.84.2 2007/05/23 23:30:32 each Exp $
.\"
.\" Copyright (c) 2004,2007 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 1996-2003 by Internet Software Consortium
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" Internet Systems Consortium, Inc.
.\" 950 Charter Street
.\" Redwood City, CA 94063
.\" <info@isc.org>
.\" http://www.isc.org/
.\"
.\" This software has been written for Internet Software Consortium
.\" by Ted Lemon in cooperation with Vixie Enterprises and Nominum, Inc.
.\" To learn more about Internet Software Consortium, see
.\" ``http://www.isc.org/''. To learn more about Vixie Enterprises,
.\" see ``http://www.vix.com''. To learn more about Nominum, Inc., see
.\" ``http://www.nominum.com''.
.\"
.\" $Id: dhclient.conf.5,v 1.17.84.2 2007/05/23 23:30:32 each Exp $
.\"
.TH dhclient.conf 5
.SH NAME
dhclient.conf - DHCP client configuration file
.SH DESCRIPTION
The dhclient.conf file contains configuration information for
.IR dhclient,
the Internet Systems Consortium DHCP Client.
.PP
The dhclient.conf file is a free-form ASCII text file. It is parsed by
the recursive-descent parser built into dhclient. The file may contain
extra tabs and newlines for formatting purposes. Keywords in the file
are case-insensitive. Comments may be placed anywhere within the
file (except within quotes). Comments begin with the # character and
end at the end of the line.
.PP
The dhclient.conf file can be used to configure the behaviour of the
client in a wide variety of ways: protocol timing, information
requested from the server, information required of the server,
defaults to use if the server does not provide certain information,
values with which to override information provided by the server, or
values to prepend or append to information provided by the server.
The configuration file can also be preinitialized with addresses to
use on networks that don't have DHCP servers.
.SH PROTOCOL TIMING
The timing behaviour of the client need not be configured by the user.
If no timing configuration is provided by the user, a fairly
reasonable timing behaviour will be used by default - one which
results in fairly timely updates without placing an inordinate load on
the server.
.PP
The following statements can be used to adjust the timing behaviour of
the DHCP client if required, however:
.PP
.I The
.B timeout
.I statement
.PP
.B timeout
.I time
.B ;
.PP
The
.I timeout
statement determines the amount of time that must pass between the
time that the client begins to try to determine its address and the
time that it decides that it's not going to be able to contact a
server. By default, this timeout is sixty seconds. After the
timeout has passed, if there are any static leases defined in the
configuration file, or any leases remaining in the lease database that
have not yet expired, the client will loop through these leases
attempting to validate them, and if it finds one that appears to be
valid, it will use that lease's address. If there are no valid
static leases or unexpired leases in the lease database, the client
will restart the protocol after the defined retry interval.
.PP
.I The
.B retry
.I statement
.PP
\fBretry \fItime\fR\fB;\fR
.PP
The
.I retry
statement determines the time that must pass after the client has
determined that there is no DHCP server present before it tries again
to contact a DHCP server. By default, this is five minutes.
.PP
.I The
.B select-timeout
.I statement
.PP
\fBselect-timeout \fItime\fR\fB;\fR
.PP
It is possible (some might say desirable) for there to be more than
one DHCP server serving any given network. In this case, it is
possible that a client may be sent more than one offer in response to
its initial lease discovery message. It may be that one of these
offers is preferable to the other (e.g., one offer may have the
address the client previously used, and the other may not).
.PP
The
.I select-timeout
is the time after the client sends its first lease discovery request
at which it stops waiting for offers from servers, assuming that it
has received at least one such offer. If no offers have been
received by the time the
.I select-timeout
has expired, the client will accept the first offer that arrives.
.PP
By default, the select-timeout is zero seconds - that is, the client
will take the first offer it sees.
.PP
.I The
.B reboot
.I statement
.PP
\fBreboot \fItime\fR\fB;\fR
.PP
When the client is restarted, it first tries to reacquire the last
address it had. This is called the INIT-REBOOT state. If it is
still attached to the same network it was attached to when it last
ran, this is the quickest way to get started. The
.I reboot
statement sets the time that must elapse after the client first tries
to reacquire its old address before it gives up and tries to discover
a new address. By default, the reboot timeout is ten seconds.
.PP
.I The
.B backoff-cutoff
.I statement
.PP
\fBbackoff-cutoff \fItime\fR\fB;\fR
.PP
The client uses an exponential backoff algorithm with some randomness,
so that if many clients try to configure themselves at the same time,
they will not make their requests in lockstep. The
.I backoff-cutoff
statement determines the maximum amount of time that the client is
allowed to back off, the actual value will be evaluated randomly between
1/2 to 1 1/2 times the \fItime\fR specified. It defaults to two minutes.
.PP
.I The
.B initial-interval
.I statement
.PP
\fBinitial-interval \fItime\fR\fB;\fR
.PP
The
.I initial-interval
statement sets the amount of time between the first attempt to reach a
server and the second attempt to reach a server. Each time a message
is sent, the interval between messages is incremented by twice the
current interval multiplied by a random number between zero and one.
If it is greater than the backoff-cutoff amount, it is set to that
amount. It defaults to ten seconds.
.SH LEASE REQUIREMENTS AND REQUESTS
The DHCP protocol allows the client to request that the server send it
specific information, and not send it other information that it is not
prepared to accept. The protocol also allows the client to reject
offers from servers if they don't contain information the client
needs, or if the information provided is not satisfactory.
.PP
There is a variety of data contained in offers that DHCP servers send
to DHCP clients. The data that can be specifically requested is what
are called \fIDHCP Options\fR. DHCP Options are defined in
\fBdhcp-options(5)\fR.
.PP
.I The
.B request
.I statement
.PP
\fBrequest [ \fIoption\fR ] [\fB,\fI ... \fIoption\fR ]\fB;\fR
.PP
The request statement causes the client to request that any server
responding to the client send the client its values for the specified
options. Only the option names should be specified in the request
statement - not option parameters. By default, the DHCP server
requests the subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name, nis-domain, nis-servers,
and ntp-servers options.
.PP
In some cases, it may be desirable to send no parameter request list
at all. To do this, simply write the request statement but specify
no parameters:
.PP
.nf
request;
.fi
.PP
.I The
.B require
.I statement
.PP
\fBrequire [ \fIoption\fR ] [\fB,\fI ... \fIoption ]\fB;\fR
.PP
The require statement lists options that must be sent in order for an
offer to be accepted. Offers that do not contain all the listed
options will be ignored.
.PP
.I The
.B send
.I statement
.PP
\fBsend { [ \fIoption declaration\fR ]
[\fB,\fI ... \fIoption declaration\fR ]\fB}\fR
.PP
The send statement causes the client to send the specified options to
the server with the specified values. These are full option
declarations as described in \fBdhcp-options(5)\fR. Options that are
always sent in the DHCP protocol should not be specified here, except
that the client can specify a \fBrequested-lease-time\fR option other
than the default requested lease time, which is two hours. The other
obvious use for this statement is to send information to the server
that will allow it to differentiate between this client and other
clients or kinds of clients.
.SH DYNAMIC DNS
The client now has some very limited support for doing DNS updates
when a lease is acquired. This is prototypical, and probably doesn't
do what you want. It also only works if you happen to have control
over your DNS server, which isn't very likely.
.PP
To make it work, you have to declare a key and zone as in the DHCP
server (see \fBdhcpd.conf\fR(5) for details). You also need to
configure the fqdn option on the client, as follows:
.PP
.nf
send fqdn.fqdn "grosse.fugue.com.";
send fqdn.encoded on;
send fqdn.server-update off;
.fi
.PP
The \fIfqdn.fqdn\fR option \fBMUST\fR be a fully-qualified domain
name. You \fBMUST\fR define a zone statement for the zone to be
updated. The \fIfqdn.encoded\fR option may need to be set to
\fIon\fR or \fIoff\fR, depending on the DHCP server you are using.
.PP
.I The
.B do-forward-updates
.I statement
.PP
\fBdo-forward-updates [ \fIflag\fR ] \fB;\fR
.PP
If you want to do DNS updates in the DHCP client
script (see \fBdhclient-script(8)\fR) rather than having the
DHCP client do the update directly (for example, if you want to
use SIG(0) authentication, which is not supported directly by the
DHCP client, you can instruct the client not to do the update using
the \fBdo-forward-updates\fR statement. \fIFlag\fR should be \fBtrue\fR
if you want the DHCP client to do the update, and \fBfalse\fR if
you don't want the DHCP client to do the update. By default, the DHCP
client will do the DNS update.
.SH OPTION MODIFIERS
In some cases, a client may receive option data from the server which
is not really appropriate for that client, or may not receive
information that it needs, and for which a useful default value
exists. It may also receive information which is useful, but which
needs to be supplemented with local information. To handle these
needs, several option modifiers are available.
.PP
.I The
.B default
.I statement
.PP
\fBdefault [ \fIoption declaration\fR ] \fB;\fR
.PP
If for some option the client should use the value supplied by
the server, but needs to use some default value if no value was supplied
by the server, these values can be defined in the
.B default
statement.
.PP
.I The
.B supersede
.I statement
.PP
\fBsupersede [ \fIoption declaration\fR ] \fB;\fR
.PP
If for some option the client should always use a locally-configured
value or values rather than whatever is supplied by the server, these
values can be defined in the
.B supersede
statement.
.PP
.I The
.B prepend
.I statement
.PP
\fBprepend [ \fIoption declaration\fR ] \fB;\fR
.PP
If for some set of options the client should use a value you
supply, and then use the values supplied by
the server, if any, these values can be defined in the
.B prepend
statement. The
.B prepend
statement can only be used for options which
allow more than one value to be given. This restriction is not
enforced - if you ignore it, the behaviour will be unpredictable.
.PP
.I The
.B append
.I statement
.PP
\fBappend [ \fIoption declaration\fR ] \fB;\fR
.PP
If for some set of options the client should first use the values
supplied by the server, if any, and then use values you supply, these
values can be defined in the
.B append
statement. The
.B append
statement can only be used for options which
allow more than one value to be given. This restriction is not
enforced - if you ignore it, the behaviour will be unpredictable.
.SH LEASE DECLARATIONS
.PP
.I The
.B lease
.I declaration
.PP
\fBlease {\fR \fIlease-declaration\fR [ ... \fIlease-declaration ] \fB}\fR
.PP
The DHCP client may decide after some period of time (see \fBPROTOCOL
TIMING\fR) that it is not going to succeed in contacting a
server. At that time, it consults its own database of old leases and
tests each one that has not yet timed out by pinging the listed router
for that lease to see if that lease could work. It is possible to
define one or more \fIfixed\fR leases in the client configuration file
for networks where there is no DHCP or BOOTP service, so that the
client can still automatically configure its address. This is done
with the
.B lease
statement.
.PP
NOTE: the lease statement is also used in the dhclient.leases file in
order to record leases that have been received from DHCP servers.
Some of the syntax for leases as described below is only needed in the
dhclient.leases file. Such syntax is documented here for
completeness.
.PP
A lease statement consists of the lease keyword, followed by a left
curly brace, followed by one or more lease declaration statements,
followed by a right curly brace. The following lease declarations
are possible:
.PP
\fBbootp;\fR
.PP
The
.B bootp
statement is used to indicate that the lease was acquired using the
BOOTP protocol rather than the DHCP protocol. It is never necessary
to specify this in the client configuration file. The client uses
this syntax in its lease database file.
.PP
\fBinterface\fR \fB"\fR\fIstring\fR\fB";\fR
.PP
The
.B interface
lease statement is used to indicate the interface on which the lease
is valid. If set, this lease will only be tried on a particular
interface. When the client receives a lease from a server, it always
records the interface number on which it received that lease.
If predefined leases are specified in the dhclient.conf file, the
interface should also be specified, although this is not required.
.PP
\fBfixed-address\fR \fIip-address\fR\fB;\fR
.PP
The
.B fixed-address
statement is used to set the ip address of a particular lease. This
is required for all lease statements. The IP address must be
specified as a dotted quad (e.g., 12.34.56.78).
.PP
\fBfilename "\fR\fIstring\fR\fB";\fR
.PP
The
.B filename
statement specifies the name of the boot filename to use. This is
not used by the standard client configuration script, but is included
for completeness.
.PP
\fBserver-name "\fR\fIstring\fR\fB";\fR
.PP
The
.B server-name
statement specifies the name of the boot server name to use. This is
also not used by the standard client configuration script.
.PP
\fBoption\fR \fIoption-declaration\fR\fB;\fR
.PP
The
.B option
statement is used to specify the value of an option supplied by the
server, or, in the case of predefined leases declared in
dhclient.conf, the value that the user wishes the client configuration
script to use if the predefined lease is used.
.PP
\fBscript "\fIscript-name\fB";\fR
.PP
The
.B script
statement is used to specify the pathname of the dhcp client
configuration script. This script is used by the dhcp client to set
each interface's initial configuration prior to requesting an address,
to test the address once it has been offered, and to set the
interface's final configuration once a lease has been acquired. If
no lease is acquired, the script is used to test predefined leases, if
any, and also called once if no valid lease can be identified. For
more information, see
.B dhclient-script(8).
.PP
\fBvendor option space "\fIname\fB";\fR
.PP
The
.B vendor option space
statement is used to specify which option space should be used for
decoding the vendor-encapsulate-options option if one is received.
The \fIdhcp-vendor-identifier\fR can be used to request a specific
class of vendor options from the server. See
.B dhcp-options(5)
for details.
.PP
\fBmedium "\fImedia setup\fB";\fR
.PP
The
.B medium
statement can be used on systems where network interfaces cannot
automatically determine the type of network to which they are
connected. The media setup string is a system-dependent parameter
which is passed to the dhcp client configuration script when
initializing the interface. On Unix and Unix-like systems, the
argument is passed on the ifconfig command line when configuring the
interface.
.PP
The dhcp client automatically declares this parameter if it uses a
media type (see the
.B media
statement) when configuring the interface in order to obtain a lease.
This statement should be used in predefined leases only if the network
interface requires media type configuration.
.PP
\fBrenew\fR \fIdate\fB;\fR
.PP
\fBrebind\fR \fIdate\fB;\fR
.PP
\fBexpire\fR \fIdate\fB;\fR
.PP
The \fBrenew\fR statement defines the time at which the dhcp client
should begin trying to contact its server to renew a lease that it is
using. The \fBrebind\fR statement defines the time at which the dhcp
client should begin to try to contact \fIany\fR dhcp server in order
to renew its lease. The \fBexpire\fR statement defines the time at
which the dhcp client must stop using a lease if it has not been able
to contact a server in order to renew it.
.PP
These declarations are automatically set in leases acquired by the
DHCP client, but must also be configured in predefined leases - a
predefined lease whose expiry time has passed will not be used by the
DHCP client.
.PP
Dates are specified as follows:
.PP
\fI<weekday> <year>\fB/\fI<month>\fB/\fI<day>
<hour>\fB:\fI<minute>\fB:\fI<second>\fR
.PP
The weekday is present to make it easy for a human to tell when a
lease expires - it's specified as a number from zero to six, with zero
being Sunday. When declaring a predefined lease, it can always be
specified as zero. The year is specified with the century, so it
should generally be four digits except for really long leases. The
month is specified as a number starting with 1 for January. The day
of the month is likewise specified starting with 1. The hour is a
number between 0 and 23, the minute a number between 0 and 59, and the
second also a number between 0 and 59.
.SH ALIAS DECLARATIONS
\fBalias { \fI declarations ... \fB}\fR
.PP
Some DHCP clients running TCP/IP roaming protocols may require that in
addition to the lease they may acquire via DHCP, their interface also
be configured with a predefined IP alias so that they can have a
permanent IP address even while roaming. The Internet Systems
Consortium DHCP client doesn't support roaming with fixed addresses
directly, but in order to facilitate such experimentation, the dhcp
client can be set up to configure an IP alias using the
.B alias
declaration.
.PP
The alias declaration resembles a lease declaration, except that
options other than the subnet-mask option are ignored by the standard
client configuration script, and expiry times are ignored. A typical
alias declaration includes an interface declaration, a fixed-address
declaration for the IP alias address, and a subnet-mask option
declaration. A medium statement should never be included in an alias
declaration.
.SH OTHER DECLARATIONS
\fBreject \fIcidr-ip-address\fR [\fB,\fR \fI...\fB \fIcidr-ip-address\fR ] \fB;\fR
.PP
The
.B reject
statement causes the DHCP client to reject offers from
servers whose server identifier matches any of the specified hosts or
subnets. This can be used to avoid being configured by rogue or
misconfigured dhcp servers, although it should be a last resort -
better to track down the bad DHCP server and fix it.
.PP
The \fIcidr-ip-address\fR configuration type is of the
form \fIip-address\fR[\fB/\fIprefixlen\fR], where \fIip-address\fR is a
dotted quad IP address, and \fRprefixlen\fR is the CIDR prefix length of
the subnet, counting the number of significant bits in the netmask starting
from the leftmost end. Example configuration syntax:
.PP
\fIreject\fR 192.168.0.0\fB/\fR16\fB,\fR 10.0.0.5\fB;\fR
.PP
The above example would cause offers from any server identifier in the
entire RFC 1918 "Class C" network 192.168.0.0/16, or the specific
single address 10.0.0.5, to be rejected.
.PP
\fBinterface "\fIname\fB" { \fIdeclarations ... \fB }
.PP
A client with more than one network interface may require different
behaviour depending on which interface is being configured. All
timing parameters and declarations other than lease and alias
declarations can be enclosed in an interface declaration, and those
parameters will then be used only for the interface that matches the
specified name. Interfaces for which there is no interface
declaration will use the parameters declared outside of any interface
declaration, or the default settings.
.PP
.B Note well:
ISC dhclient only maintains one list of interfaces, which is either
determined at startup from command line arguments, or otherwise is
autodetected. If you supplied the list of interfaces on the command
line, this configuration clause will add the named interface to the
list in such a way that will cause it to be configured by DHCP. Which
may not be the result you had intended. This is an undesirable side
effect that will be addressed in a future release.
.PP
\fBpseudo "\fIname\fR" "\fIreal-name\fB" { \fIdeclarations ... \fB }
.PP
Under some circumstances it can be useful to declare a pseudo-interface
and have the DHCP client acquire a configuration for that interface.
Each interface that the DHCP client is supporting normally has a DHCP
client state machine running on it to acquire and maintain its lease.
A pseudo-interface is just another state machine running on the
interface named \fIreal-name\fR, with its own lease and its own
state. If you use this feature, you must provide a client identifier
for both the pseudo-interface and the actual interface, and the two
identifiers must be different. You must also provide a separate
client script for the pseudo-interface to do what you want with the IP
address. For example:
.PP
.nf
interface "ep0" {
send dhcp-client-identifier "my-client-ep0";
}
pseudo "secondary" "ep0" {
send dhcp-client-identifier "my-client-ep0-secondary";
script "/etc/dhclient-secondary";
}
.fi
.PP
The client script for the pseudo-interface should not configure the
interface up or down - essentially, all it needs to handle are the
states where a lease has been acquired or renewed, and the states
where a lease has expired. See \fBdhclient-script(8)\fR for more
information.
.PP
\fBmedia "\fImedia setup\fB"\fI [ \fB, "\fImedia setup\fB", \fI... ]\fB;\fR
.PP
The
.B media
statement defines one or more media configuration parameters which may
be tried while attempting to acquire an IP address. The dhcp client
will cycle through each media setup string on the list, configuring
the interface using that setup and attempting to boot, and then trying
the next one. This can be used for network interfaces which aren't
capable of sensing the media type unaided - whichever media type
succeeds in getting a request to the server and hearing the reply is
probably right (no guarantees).
.PP
The media setup is only used for the initial phase of address
acquisition (the DHCPDISCOVER and DHCPOFFER packets). Once an
address has been acquired, the dhcp client will record it in its lease
database and will record the media type used to acquire the address.
Whenever the client tries to renew the lease, it will use that same
media type. The lease must expire before the client will go back to
cycling through media types.
.PP
\fBbootp-broadcast-always;\fR
.PP
The
.B bootp-broadcast-always
statement instructs dhclient to always set the bootp broadcast flag in
request packets, so that servers will always broadcast replies.
This is equivalent to supplying the dhclient -B argument, and has
the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
This option is provided as an extension to enable dhclient to work
on IBM s390 Linux guests.
.PP
.SH SAMPLE
The following configuration file is used on a laptop running NetBSD
1.3. The laptop has an IP alias of 192.5.5.213, and has one
interface, ep0 (a 3com 3C589C). Booting intervals have been
shortened somewhat from the default, because the client is known to
spend most of its time on networks with little DHCP activity. The
laptop does roam to multiple networks.
.nf
timeout 60;
retry 60;
reboot 10;
select-timeout 5;
initial-interval 2;
reject 192.33.137.209;
interface "ep0" {
send host-name "andare.fugue.com";
send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
send dhcp-lease-time 3600;
supersede domain-name "fugue.com rc.vix.com home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
script "CLIENTBINDIR/dhclient-script";
media "media 10baseT/UTP", "media 10base2/BNC";
}
alias {
interface "ep0";
fixed-address 192.5.5.213;
option subnet-mask 255.255.255.255;
}
.fi
This is a very complicated dhclient.conf file - in general, yours
should be much simpler. In many cases, it's sufficient to just
create an empty dhclient.conf file - the defaults are usually fine.
.SH SEE ALSO
dhcp-options(5), dhcp-eval(5), dhclient.leases(5), dhcpd(8), dhcpd.conf(5),
RFC2132, RFC2131.
.SH AUTHOR
.B dhclient(8)
was written by Ted Lemon
under a contract with Vixie Labs. Funding
for this project was provided by Internet Systems Consortium.
Information about Internet Systems Consortium can be found at
.B http://www.isc.org.

331
dhcp-3.0.6-manpages.patch
View File

@ -1,331 +0,0 @@
diff -up dhcp-3.0.6/dhcpctl/dhcpctl.3.manpages dhcp-3.0.6/dhcpctl/dhcpctl.3
--- dhcp-3.0.6/dhcpctl/dhcpctl.3.manpages 2004-09-24 17:08:38.000000000 -0400
+++ dhcp-3.0.6/dhcpctl/dhcpctl.3 2007-09-26 15:22:12.000000000 -0400
@@ -43,7 +43,7 @@
.\"
.\"
.Sh SYNOPSIS
-.Fd #include <dhcpctl/dhcpctl.h>
+.Fd #include <dhcpctl.h>
.Ft dhcpctl_status
.Fo dhcpctl_initialize
.Fa void
@@ -426,7 +426,7 @@ that most error checking has been ommitt
#include <netinet/in.h>
#include <isc/result.h>
-#include <dhcpctl/dhcpctl.h>
+#include <dhcpctl.h>
int main (int argc, char **argv) {
dhcpctl_data_string ipaddrstring = NULL;
diff -up dhcp-3.0.6/server/dhcpd.conf.5.manpages dhcp-3.0.6/server/dhcpd.conf.5
--- dhcp-3.0.6/server/dhcpd.conf.5.manpages 2007-05-01 16:42:56.000000000 -0400
+++ dhcp-3.0.6/server/dhcpd.conf.5 2007-09-26 15:24:18.000000000 -0400
@@ -531,9 +531,9 @@ primary server might look like this:
failover peer "foo" {
primary;
address anthrax.rc.vix.com;
- port 519;
+ port 647;
peer address trantor.rc.vix.com;
- peer port 520;
+ peer port 847;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
@@ -592,9 +592,7 @@ statement
.B port \fIport-number\fR\fB;\fR
.PP
The \fBport\fR statement declares the TCP port on which the server
-should listen for connections from its failover peer. This statement
-may not currently be omitted, because the failover protocol does not
-yet have a reserved TCP port number.
+should listen for connections from its failover peer.
.RE
.PP
The
@@ -606,10 +604,8 @@ statement
.PP
The \fBpeer port\fR statement declares the TCP port to which the
server should connect to reach its failover peer for failover
-messages. This statement may not be omitted because the failover
-protocol does not yet have a reserved TCP port number. The port
-number declared in the \fBpeer port\fR statement may be the same as
-the port number declared in the \fBport\fR statement.
+messages. The port number declared in the \fBpeer port\fR statement
+may be the same as the port number declared in the \fBport\fR statement.
.RE
.PP
The
@@ -1133,7 +1129,7 @@ the zone containing PTR records - for IS
.PP
.nf
key DHCP_UPDATER {
- algorithm HMAC-MD5.SIG-ALG.REG.INT;
+ algorithm hmac-md5;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
@@ -1156,7 +1152,7 @@ dhcpd.conf file:
.PP
.nf
key DHCP_UPDATER {
- algorithm HMAC-MD5.SIG-ALG.REG.INT;
+ algorithm hmac-md5;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
@@ -2114,7 +2110,8 @@ statement
The \fInext-server\fR statement is used to specify the host address of
the server from which the initial boot file (specified in the
\fIfilename\fR statement) is to be loaded. \fIServer-name\fR should
-be a numeric IP address or a domain name.
+be a numeric IP address or a domain name. If no \fInext-server\fR statement
+applies to a given client, the address 0.0.0.0 is used.
.RE
.PP
The
diff -up dhcp-3.0.6/common/dhcp-options.5.manpages dhcp-3.0.6/common/dhcp-options.5
--- dhcp-3.0.6/common/dhcp-options.5.manpages 2006-04-26 11:12:43.000000000 -0400
+++ dhcp-3.0.6/common/dhcp-options.5 2007-09-26 15:22:12.000000000 -0400
@@ -834,6 +834,24 @@ classless IP routing - it does not inclu
classless IP routing is now the most widely deployed routing standard,
this option is virtually useless, and is not implemented by any of the
popular DHCP clients, for example the Microsoft DHCP client.
+.PP
+NOTE to Red Hat dhclient users:
+.br
+The RedHat dhclient-script interprets trailing 0 octets of the target
+as indicating the subnet class of the route - so for this
+static-routes value:
+.br
+ option static-routes 172.0.0.0 172.16.2.254,
+.br
+ 192.168.0.0 192.168.2.254;
+.br
+the Red Hat dhclient-script will create routes:
+.br
+ 172/8 via 172.16.2.254 dev $interface
+.br
+ 192.168/16 via 192.168.2.254 dev $interface
+.br
+which slightly increases the usefulness of the static-routes option.
.RE
.PP
.nf
diff -up dhcp-3.0.6/client/dhclient-script.8.manpages dhcp-3.0.6/client/dhclient-script.8
--- dhcp-3.0.6/client/dhclient-script.8.manpages 2005-09-28 15:17:08.000000000 -0400
+++ dhcp-3.0.6/client/dhclient-script.8 2007-09-26 15:22:12.000000000 -0400
@@ -47,7 +47,7 @@ customizations are needed, they should b
exit hooks provided (see HOOKS for details). These hooks will allow the
user to override the default behaviour of the client in creating a
.B /etc/resolv.conf
-file.
+file, and to handle DHCP options not handled by default.
.PP
No standard client script exists for some operating systems, even though
the actual client may work, so a pioneering user may well need to create
@@ -91,6 +91,27 @@ present. The
.B ETCDIR/dhclient-exit-hooks
script can modify the valid of exit_status to change the exit status
of dhclient-script.
+.PP
+Immediately after dhclient brings an interface UP with a new IP address,
+subnet mask, and routes, in the REBOOT/BOUND states, it will check for the
+existence of an executable
+.B ETCDIR/dhclient-up-hooks
+script, and source it if found. This script can handle DHCP options in
+the environment that are not handled by default. A per-interface.
+.B ETCDIR/dhclient-${IF}-up-hooks
+script will override the generic script and be sourced when interface
+$IF has been brought up.
+.PP
+Immediately before dhclient brings an interface DOWN, removing its IP
+address, subnet mask, and routes, in the STOP/RELEASE states, it will
+check for the existence of an executable
+.B ETCDIR/dhclient-down-hooks
+script, and source it if found. This script can handle DHCP options in
+the environment that are not handled by default. A per-interface
+.B ETCDIR/dhclient-${IF}-down-hooks
+script will override the generic script and be sourced when interface
+$IF is about to be brought down.
+
.SH OPERATION
When dhclient needs to invoke the client configuration script, it
defines a set of variables in the environment, and then invokes
diff -up dhcp-3.0.6/client/dhclient.conf.5.manpages dhcp-3.0.6/client/dhclient.conf.5
--- dhcp-3.0.6/client/dhclient.conf.5.manpages 2007-05-01 16:42:55.000000000 -0400
+++ dhcp-3.0.6/client/dhclient.conf.5 2007-09-26 15:22:12.000000000 -0400
@@ -185,7 +185,8 @@ responding to the client send the client
options. Only the option names should be specified in the request
statement - not option parameters. By default, the DHCP server
requests the subnet-mask, broadcast-address, time-offset, routers,
-domain-name, domain-name-servers and host-name options.
+domain-name, domain-name-servers, host-name, nis-domain, nis-servers,
+and ntp-servers options.
.PP
In some cases, it may be desirable to send no parameter request list
at all. To do this, simply write the request statement but specify
@@ -581,6 +582,18 @@ database and will record the media type
Whenever the client tries to renew the lease, it will use that same
media type. The lease must expire before the client will go back to
cycling through media types.
+.PP
+ \fBbootp-broadcast-always;\fR
+.PP
+The
+.B bootp-broadcast-always
+statement instructs dhclient to always set the bootp broadcast flag in
+request packets, so that servers will always broadcast replies.
+This is equivalent to supplying the dhclient -B argument, and has
+the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
+This option is provided as a Red Hat extension to enable dhclient to work
+on IBM zSeries z/OS Linux guests.
+.PP
.SH SAMPLE
The following configuration file is used on a laptop running NetBSD
1.3. The laptop has an IP alias of 192.5.5.213, and has one
diff -up dhcp-3.0.6/client/dhclient.8.manpages dhcp-3.0.6/client/dhclient.8
--- dhcp-3.0.6/client/dhclient.8.manpages 2007-05-01 16:42:55.000000000 -0400
+++ dhcp-3.0.6/client/dhclient.8 2007-09-26 15:22:12.000000000 -0400
@@ -82,6 +82,28 @@ relay
.B -w
]
[
+.B -I
+.I dhcp-client-identifier
+]
+[
+.B -H
+.I host-name
+.R |
+.B -F fqdn.fqdn
+]
+[
+.B -V
+.I vendor-class-identifier
+]
+[
+.B -R
+.I request option list
+]
+[
+.B -T
+.I timeout
+]
+[
.I if0
[
.I ...ifN
@@ -265,6 +287,110 @@ than waiting until it has acquired an IP
supplying the
.B -nw
flag.
+.PP
+The -I <id> argument allows you to specify the dhcp-client-identifier string,
+<id>, to be sent to the dhcp server on the command line. It is equivalent to
+the top level dhclient.conf statement:
+.br
+ \fBsend dhcp-client-identifier "<id>";\fR
+.br
+The -I <id> command line option will override any top level dhclient.conf
+ 'send dhcp-client-identifier' statement, but more specific per-interface
+ 'interface "X" { send dhcp-client-identifier...; }' statements in dhclient.conf
+will override the -I <id> command line option for interface "X".
+This option is provided as a Red Hat extension to enable dhclient to work
+on IBM zSeries z/OS Linux guests.
+.PP
+The -B option instructs dhclient to set the bootp broadcast flag in request
+packets, so that servers will always broadcast replies. This is equivalent
+to specifying the 'bootp-broadcast-always' option in dhclient.conf, and has
+the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
+This option is provided as a Red Hat extension to enable dhclient to work
+on IBM zSeries z/OS Linux guests.
+.PP
+The -H <host-name> option allows you to specify the DHCP host-name option
+to send to the server on the dhclient command line. It is equivalent to the
+top level dhclient.conf statement:
+.br
+\f send host-name "<host-name>";\fR
+.br
+The -H <host-name> option will override any top level dhclient.conf
+ 'send host-name' statement, but more specific per-interface
+ 'interface "X" { send host-name...;' statements in dhclient.conf
+will override the -H <host-name> command line option for interface "X".
+The host-name option only specifies the client's host name prefix, to which
+the server will append the 'ddns-domainname' or 'domain-name' options, if any,
+to derive the fully qualified domain name of the client host.
+The -H <host-name> option cannot be used with the -F <fqdn.fqdn> option.
+Only one -H <host-name> option may be specified.
+The -H <host-name> option is provided as a Red Hat extension to simplify
+configuration of clients of DHCP servers that require the host-name option
+to be sent (eg. some modern cable modems), and for dynamic DNS updates (DDNS).
+.PP
+The -F <fqdn.fqdn> option allows you to specify the DHCP fqdn.fqdn option
+to send to the server on the dhclient command line. It is equivalent to the
+top level dhclient.conf statement:
+.br
+\f send fqdn.fqdn "<domain-name>";\fR
+.br
+The -F <fqdn.fqdn> option will override any top level dhclient.conf
+ 'send fqdn.fqdn' statement, but more specific per-interface
+ 'interface "X" { send fqdn.fqdn...;' statements in dhclient.conf
+will override the -F <fqdn.fqdn> command line option for interface "X".
+This option cannot be used with the -H <host-name> option.
+The DHCP fqdn.fqdn option must specify the complete domain name of the client
+host, which the server may use for dynamic DNS updates.
+Only one -F <fqdn.fqdn> option may be specified.
+The -F <fqdn.fqdn> option is provided as a Red Hat extension to simplify
+configuration of DDNS.
+.PP
+The -T <timeout> option allows you to specify the time after which
+the dhclient will decide that no DHCP servers can be contacted when
+no responses have been received. It is equivalent to the
+.br
+\f timeout <integer>;\fR
+.br
+dhclient.conf statement, and will override any such statements in dhclient.conf.
+.br
+This option is provided as a Red Hat extension.
+.PP
+The -V <vendor-class-identifier> option allows you to specify the DHCP
+vendor-class-identifier option to send to the server on the dhclient command
+line. It is equivalent to the top level dhclient.conf statement:
+.br
+\f send vendor-class-identifier "<vendor-class-identifier>";\fR
+.br
+The -V <vendor-class-identifier> option will override any top level
+dhclient.conf
+ 'send vendor-class-identifier' statement, but more specific per-interface
+ 'interface "X" { send vendor-class-identifier...;' statements in dhclient.conf
+will override the -V <vendor-class-identifier> command line option for
+interface "X".
+The -V <vendor-class-identifier> option is provided as a Red Hat extension to
+simplify configuration of clients of DHCP servers that require the
+vendor-class-identifier option to be sent.
+.PP
+The -R <request option list> option allows you to specify the list of options
+the client is to request from the server on the dhclient command line.
+The option list must be a single string, consisting of option names separated
+by at least one comma and optional space characters. The default option list
+is:
+.br
+ subnet-mask, broadcast-address, time-offset, routers,
+.br
+ domain-name, domain-name-servers, host-name, nis-domain,
+.br
+ nis-servers, ntp-servers
+.br
+You can specify a different list of options to request with the -R <option list>
+argument. This is equivalent to the dhclient.conf statement:
+.br
+\f request <option list> ;\fR
+.br
+The -R argument is provided as a Red Hat extension to ISC dhclient to
+facilitate requesting a list of options from the server different to the
+default.
+.PP
.SH CONFIGURATION
The syntax of the dhclient.conf(5) file is discussed separately.
.SH OMAPI

2514
dhcp-3.1.0-ldap-configuration.patch
View File

File diff suppressed because it is too large Load Diff

1642
dhcp-options.5 Normal file
View File

File diff suppressed because it is too large Load Diff

222
dhcp.schema
View File

@ -82,7 +82,8 @@ attributetype ( 2.16.840.1.113719.1.203.4.14
DESC 'The distinguished name of a client address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
attributetype ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN'
attributetype ( 2.16.840.1.113719.1.203.4.15
NAME 'dhcpLeasesDN'
DESC 'The distinguished name(s) client addresses.'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
@ -112,7 +113,8 @@ attributetype ( 2.16.840.1.113719.1.203.4.19
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.20
NAME 'dhcpVersion' DESC 'The version attribute of this object.'
NAME 'dhcpVersion'
DESC 'The version attribute of this object.'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
@ -130,27 +132,27 @@ attributetype ( 2.16.840.1.113719.1.203.4.22
attributetype ( 2.16.840.1.113719.1.203.4.23
NAME 'dhcpExpirationTime'
EQUALITY integerMatch
EQUALITY generalizedTimeMatch
DESC 'This is the time the current lease for an address expires.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.24
NAME 'dhcpStartTimeOfState'
EQUALITY integerMatch
EQUALITY generalizedTimeMatch
DESC 'This is the time of the last state change for a leased address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.25
NAME 'dhcpLastTransactionTime'
EQUALITY integerMatch
EQUALITY generalizedTimeMatch
DESC 'This is the last time a valid DHCP packet was received from the client.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.26
NAME 'dhcpBootpFlag'
EQUALITY integerMatch
EQUALITY booleanMatch
DESC 'This indicates whether the address was assigned via BOOTP.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.27
NAME 'dhcpDomainName'
@ -190,9 +192,9 @@ attributetype ( 2.16.840.1.113719.1.203.4.32
attributetype ( 2.16.840.1.113719.1.203.4.33
NAME 'dhcpRelayAgentInfo'
EQUALITY caseIgnoreIA5Match
EQUALITY octetStringMatch
DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request. This is a hex-encoded option value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.34
NAME 'dhcpHWAddress'
@ -202,9 +204,9 @@ attributetype ( 2.16.840.1.113719.1.203.4.34
attributetype ( 2.16.840.1.113719.1.203.4.35
NAME 'dhcpHashBucketAssignment'
EQUALITY caseIgnoreIA5Match
EQUALITY octetStringMatch
DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.36
NAME 'dhcpDelayedServiceParameter'
@ -220,9 +222,9 @@ attributetype ( 2.16.840.1.113719.1.203.4.37
attributetype ( 2.16.840.1.113719.1.203.4.38
NAME 'dhcpFailOverEndpointState'
EQUALITY integerMatch
EQUALITY caseIgnoreIA5Match
DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.39
NAME 'dhcpErrorLog'
@ -230,41 +232,137 @@ attributetype ( 2.16.840.1.113719.1.203.4.39
DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.40
NAME 'dhcpLocatorDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.41
NAME 'dhcpKeyAlgorithm'
EQUALITY caseIgnoreIA5Match
DESC 'Algorithm to generate TSIG Key'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.42
NAME 'dhcpKeySecret'
EQUALITY octetStringMatch
DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.43
NAME 'dhcpDnsZoneServer'
EQUALITY caseIgnoreIA5Match
DESC 'Master server of the DNS Zone'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.44
NAME 'dhcpKeyDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.45
NAME 'dhcpZoneDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.46
NAME 'dhcpFailOverPrimaryServer'
EQUALITY caseIgnoreIA5Match
DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.47
NAME 'dhcpFailOverSecondaryServer'
EQUALITY caseIgnoreIA5Match
DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.48
NAME 'dhcpFailOverPrimaryPort'
EQUALITY integerMatch
DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.49
NAME 'dhcpFailOverSecondaryPort'
EQUALITY integerMatch
DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.50
NAME 'dhcpFailOverResponseDelay'
EQUALITY integerMatch
DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.51
NAME 'dhcpFailOverUnackedUpdates'
EQUALITY integerMatch
DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.52
NAME 'dhcpFailOverSplit'
EQUALITY integerMatch
DESC 'Split between the primary and secondary servers for fail over purpose'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.53
NAME 'dhcpFailOverLoadBalanceTime'
EQUALITY integerMatch
DESC 'Cutoff time in seconds, after which load balance is disabled'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.54
NAME 'dhcpFailOverPeerDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
#List of all servers in the tree
attributetype ( 2.16.840.1.113719.1.203.4.55
NAME 'dhcpServerDN'
EQUALITY distinguishedNameMatch
DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.56
NAME 'dhcpComments'
EQUALITY caseIgnoreIA5Match
DESC 'Generic attribute that allows coments within any DHCP object'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# Classes
objectclass ( 2.16.840.1.113719.1.203.6.1
NAME 'dhcpService'
DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
SUP top
MUST (cn $ dhcpPrimaryDN)
MAY ( dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $
dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $
dhcpStatements ) )
MUST (cn)
MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
objectclass ( 2.16.840.1.113719.1.203.6.2
NAME 'dhcpSharedNetwork'
DESC 'This stores configuration information for a shared network.'
SUP top
MUST cn
MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements)
X-NDS_CONTAINMENT ('dhcpService' ) )
MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.3
NAME 'dhcpSubnet'
DESC 'This class defines a subnet. This is a container object.'
SUP top
MUST ( cn $ dhcpNetMask )
MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $
dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.4
NAME 'dhcpPool'
DESC 'This stores configuration information about a pool.'
SUP top
MUST ( cn $ dhcpRange )
MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $
dhcpStatements)
MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.5
@ -272,7 +370,7 @@ objectclass ( 2.16.840.1.113719.1.203.6.5
DESC 'Group object that lists host DNs and parameters. This is a container object.'
SUP top
MUST cn
MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements )
MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.6
@ -280,7 +378,7 @@ objectclass ( 2.16.840.1.113719.1.203.6.6
DESC 'This represents information about a particular client'
SUP top
MUST cn
MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements)
MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
objectclass ( 2.16.840.1.113719.1.203.6.7
@ -288,7 +386,7 @@ objectclass ( 2.16.840.1.113719.1.203.6.7
DESC 'Represents information about a collection of related clients.'
SUP top
MUST cn
MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements)
MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
objectclass ( 2.16.840.1.113719.1.203.6.8
@ -296,29 +394,22 @@ objectclass ( 2.16.840.1.113719.1.203.6.8
DESC 'Represents information about a collection of related classes.'
SUP top
MUST cn
MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements)
X-NDS_CONTAINMENT 'dhcpClass' )
MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
objectclass ( 2.16.840.1.113719.1.203.6.9
NAME 'dhcpOptions'
DESC 'Represents information about a collection of options defined.'
SUP top
AUXILIARY
SUP top AUXILIARY
MUST cn
MAY ( dhcpOption )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet'
'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
MAY ( dhcpOption $ dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
objectclass ( 2.16.840.1.113719.1.203.6.10
NAME 'dhcpLeases'
DESC 'This class represents an IP Address, which may or may not have been leased.'
SUP top
MUST ( cn $ dhcpAddressState )
MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $
dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $
dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $
dhcpReservedForClient $ dhcpAssignedToClient $
dhcpRelayAgentInfo $ dhcpHWAddress )
MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
objectclass ( 2.16.840.1.113719.1.203.6.11
@ -326,19 +417,46 @@ objectclass ( 2.16.840.1.113719.1.203.6.11
DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.'
SUP top
MUST ( cn )
MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $
dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $
dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $
dhcpReservedForClient $ dhcpAssignedToClient $
dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet'
'dhcpSharedNetwork' 'dhcpService' ) )
MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.12
NAME 'dhcpServer'
DESC 'DHCP Server Object'
SUP top
MUST (cn $ dhcpServiceDN)
MAY (dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements)
X-NDS_CONTAINMENT ('o' 'ou' 'dc') )
MUST ( cn )
MAY (dhcpServiceDN $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
objectclass ( 2.16.840.1.113719.1.203.6.13
NAME 'dhcpTSigKey'
DESC 'TSIG key for secure dynamic updates'
SUP top
MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret )
MAY ( dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.14
NAME 'dhcpDnsZone'
DESC 'DNS Zone for updating leases'
SUP top
MUST (cn $ dhcpDnsZoneServer )
MAY (dhcpKeyDN $ dhcpComments)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.15
NAME 'dhcpFailOverPeer'
DESC 'This class defines the Fail over peer'
SUP top
MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.16
NAME 'dhcpLocator'
DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
SUP top
MUST ( cn )
MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments)
X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )

70
dhcp.spec
View File

@ -13,7 +13,7 @@
Summary: DHCP (Dynamic Host Configuration Protocol) server and relay agent
Name: dhcp
Version: 3.1.0
Release: 7%{?dist}
Release: 8%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer made
# incorrect use of the epoch and that's why it is at 12 now. It should have
# never been used, but it was. So we are stuck with it.
@ -35,6 +35,13 @@ Source10: Makefile.libdhcp4client
Source11: dhcp4client.h
Source12: libdhcp_control.h
Source13: dhcp.schema
Source14: dhclient-script.8
Source15: dhclient.8
Source16: dhclient.conf.5
Source17: dhcp-options.5
Source18: dhcpctl.3
Source19: dhcpd.conf.5
Source20: get-ldap-patch.sh
Patch0: %{name}-3.0.5-Makefile.patch
Patch1: %{name}-3.0.5-errwarn-message.patch
@ -51,17 +58,19 @@ Patch11: %{name}-3.0.5-failover-ports.patch
Patch12: %{name}-3.1.0-dhclient-usage.patch
Patch13: %{name}-3.0.5-default-requested-options.patch
Patch14: %{name}-3.0.5-prototypes.patch
Patch15: %{name}-3.0.6-manpages.patch
Patch16: %{name}-3.1.0-libdhcp4client.patch
Patch17: %{name}-3.1.0-xen-checksum.patch
Patch18: %{name}-3.1.0-dhclient-anycast.patch
Patch19: %{name}-3.0.6-ignore-hyphen-x.patch
Patch20: %{name}-3.1.0-warnings.patch
Patch15: %{name}-3.1.0-libdhcp4client.patch
Patch16: %{name}-3.1.0-xen-checksum.patch
Patch17: %{name}-3.1.0-dhclient-anycast.patch
Patch18: %{name}-3.0.6-ignore-hyphen-x.patch
Patch19: %{name}-3.1.0-warnings.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: groff
BuildRequires: openldap-devel
# For /etc/openldap/schema (and slapd, if you're using that with dhcpd)
Requires: openldap-servers
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
@ -208,30 +217,20 @@ libdhcp4client.
# in minires/res_init.c: add res_randomid()
%patch14 -p1 -b .prototypes
# Man page updates explaining new features added from the above patches.
# Normally these man page changes would be included in the feature patch,
# however, man page changes generate more hunk failures when applying only
# a select set of patches. Instead, the man page changes are grouped
# together in one patch so changes can be made to just those more easily
# and not affect the code changes in the other patches. It's actually
# pretty common to update or alter these man pages independent of the code
# changes.
%patch15 -p1 -b .manpages
# Add the libdhcp4client target (library version of dhclient)
%patch16 -p1 -b .libdhcp4client
%patch15 -p1 -b .libdhcp4client
# Handle Xen partial UDP checksums
%patch17 -p1 -b .xen
%patch16 -p1 -b .xen
# Add anycast support to dhclient (for OLPC)
%patch18 -p1 -b .anycast
%patch17 -p1 -b .anycast
# Ignore the old extended new option info command line switch (-x)
%patch19 -p1 -b .enoi
%patch18 -p1 -b .enoi
# Fix up anything that fails -Wall -Werror
%patch20 -p1 -b .warnings
%patch19 -p1 -b .warnings
# Copy in documentation and example scripts for LDAP patch to dhcpd
%{__install} -p -m 0644 %{SOURCE6} .
@ -263,6 +262,17 @@ libdhcp4client.
%{__sed} -i -e 's/\r//' __fedora_contrib/ms2isc/Registry.perlmodule
%{__sed} -i -e 's/\r//' __fedora_contrib/ms2isc/ms2isc.pl
# Copy in our modified man pages
%{__install} -p -m 0644 %{SOURCE14} client/dhclient-script.8
%{__install} -p -m 0644 %{SOURCE15} client/dhclient.8
%{__install} -p -m 0644 %{SOURCE16} client/dhclient.conf.5
%{__install} -p -m 0644 %{SOURCE17} common/dhcp-options.5
%{__install} -p -m 0644 %{SOURCE18} dhcpctl/dhcpctl.3
%{__install} -p -m 0644 %{SOURCE19} server/dhcpd.conf.5
# Replace @PRODUCTNAME@ in dhcp-options.5
%{__sed} -i -e 's|@PRODUCTNAME@|%{vvendor}|g' common/dhcp-options.5
%build
%{__cp} %{SOURCE1} .
%{__cat} <<EOF > site.conf
@ -328,8 +338,8 @@ EOF
%{__cp} -fp %{SOURCE4} %{buildroot}%{_sysconfdir}
# Install dhcp.schema for LDAP configuration
%{__mkdir} -p %{buildroot}%{_sysconfdir}/openldap
%{__install} -p -m 0644 -D %{SOURCE13} %{buildroot}%{_sysconfdir}/openldap/
%{__mkdir} -p %{buildroot}%{_sysconfdir}/openldap/schema
%{__install} -p -m 0644 -D %{SOURCE13} %{buildroot}%{_sysconfdir}/openldap/schema
%{__install} -p -m 0644 -D libdhcp4client.pc %{buildroot}%{_libdir}/pkgconfig/libdhcp4client.pc
@ -377,7 +387,7 @@ fi
%config(noreplace) %{_sysconfdir}/sysconfig/dhcpd
%config(noreplace) %{_sysconfdir}/sysconfig/dhcrelay
%config(noreplace) %{_sysconfdir}/dhcpd.conf
%config(noreplace) %{_sysconfdir}/openldap/dhcp.schema
%config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema
%{_initrddir}/dhcpd
%{_initrddir}/dhcrelay
%{_bindir}/omshell
@ -430,6 +440,16 @@ fi
%{_libdir}/libdhcp4client.a
%changelog
* Mon Nov 12 2007 David Cantrell <dcantrell@redhat.com> - 12:3.1.0-8
- Put dhcp.schema in /etc/openldap/schema (#330471)
- Remove manpages patch and keep modified man pages as Source files
- Improve dhclient.8 man page to list options in a style consistent
with most other man pages on the planet
- Upgrade to latest dhcp LDAP patch, which brings in a new dhcpd-conf-to-ldap
script, updated schema file, and other bug fixes including SSL support for
LDAP authentication (#375711)
- Do not run dhcpd and dhcrelay services by default (#362321)
* Fri Oct 26 2007 David Cantrell <dcantrell@redhat.com> - 12:3.1.0-7
- libdhcp4client-devel requires openldap-devel

488
dhcpctl.3 Normal file
View File

@ -0,0 +1,488 @@
.\" -*- nroff -*-
.\"
.\" Project: DHCP
.\" File: dhcpctl.3
.\" RCSId: $Id: dhcpctl.3,v 1.5 2005/03/17 20:15:03 dhankins Exp $
.\"
.\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 2000-2003 by Internet Software Consortium
.\" Copyright (c) 2000 Nominum, Inc.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" Internet Systems Consortium, Inc.
.\" 950 Charter Street
.\" Redwood City, CA 94063
.\" <info@isc.org>
.\" http://www.isc.org/
.\"
.\" Description: dhcpctl man page.
.\"
.\"
.Dd Nov 15, 2000
.Dt DHCPCTL 3
.Os DHCP 3
.ds vT DHCP Programmer's Manual
.\"
.\"
.\"
.Sh NAME
.Nm dhcpctl_initialize
.Nd dhcpctl library initialization.
.\"
.\"
.\"
.Sh SYNOPSIS
.Fd #include <dhcpctl.h>
.Ft dhcpctl_status
.Fo dhcpctl_initialize
.Fa void
.Fc
.\"
.Ft dhcpctl_status
.Fo dhcpctl_connect
.Fa "dhcpctl_handle *cxn"
.Fa "const char *host"
.Fa "int port"
.Fa "dhcpctl_handle auth"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_wait_for_completion
.Fa "dhcpctl_handle object"
.Fa "dhcpctl_status *status"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_get_value
.Fa "dhcpctl_data_string *value"
.Fa "dhcpctl_handle object"
.Fa "const char *name"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_get_boolean
.Fa "int *value"
.Fa "dhcpctl_handle object"
.Fa "const char *name"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_set_value
.Fa "dhcpctl_handle object"
.Fa "dhcpctl_data_string value"
.Fa "const char *name"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_set_string_value
.Fa "dhcpctl_handle object"
.Fa "const char *value"
.Fa "const char *name"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_set_boolean_value
.Fa "dhcpctl_handle object"
.Fa "int value"
.Fa "const char *name"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_set_int_value
.Fa "dhcpctl_handle object"
.Fa "int value"
.Fa "const char *name"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_object_update
.Fa "dhcpctl_handle connection"
.Fa "dhcpctl_handle object"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_object_refresh
.Fa "dhcpctl_handle connection"
.Fa "dhcpctl_handle object"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_object_remove
.Fa "dhcpctl_handle connection"
.Fa "dhcpctl_handle object"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_set_callback
.Fa "dhcpctl_handle object"
.Fa "void *data"
.Fa "void (*function) (dhcpctl_handle, dhcpctl_status, void *)"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_new_authenticator
.Fa "dhcpctl_handle *object"
.Fa "const char *name"
.Fa "const char *algorithm"
.Fa "const char *secret"
.Fa "unsigned secret_len"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_new_object
.Fa "dhcpctl_handle *object"
.Fa "dhcpctl_handle connection"
.Fa "const char *object_type"
.Fc
.\"
.\"
.\"
.Ft dhcpctl_status
.Fo dhcpctl_open_object
.Fa "dhcpctl_handle object"
.Fa "dhcpctl_handle connection"
.Fa "int flags"
.Fc
.\"
.\"
.\"
.Ft isc_result_t
.Fo omapi_data_string_new
.Fa dhcpctl_data_string *data
.Fa unsigned int length
.Fa const char *filename,
.Fa int lineno
.Fc
.\"
.\"
.\"
.Ft isc_result_t
.Fo dhcpctl_data_string_dereference
.Fa "dhcpctl_data_string *"
.Fa "const char *"
.Fa "int"
.Fc
.Sh DESCRIPTION
The dhcpctl set of functions provide an API that can be used to communicate
with and manipulate a running ISC DHCP server. All functions return a value of
.Dv isc_result_t .
The return values reflects the result of operations to local data
structures. If an operation fails on the server for any reason, then the error
result will be returned through the
second parameter of the
.Fn dhcpctl_wait_for_completion
call.
.\"
.\"
.\"
.Pp
.Fn dhcpctl_initialize
sets up the data structures the library needs to do its work. This function
must be called once before any other.
.Pp
.Fn dhcpctl_connect
opens a connection to the DHCP server at the given host and port. If an
authenticator has been created for the connection, then it is given as the 4th
argument. On a successful return the address pointed at by the first
argument will have a new connection object assigned to it.
.Pp
For example:
.Bd -literal -offset indent
s = dhcpctl_connect(&cxn, "127.0.0.1", 7911, NULL);
.Ed
.Pp
connects to the DHCP server on the localhost via port 7911 (the standard
OMAPI port). No authentication is used for the connection.
.\"
.\"
.\"
.Pp
.Fn dhcpctl_wait_for_completion
flushes a pending message to the server and waits for the response. The result
of the request as processed on the server is returned via the second
parameter.
.Bd -literal -offset indent
s = dhcpctl_wait_for_completion(cxn, &wv);
if (s != ISC_R_SUCCESS)
local_failure(s);
else if (wv != ISC_R_SUCCESS)
server_failure(wc);
.Ed
.Pp
The call to
.Fn dhcpctl_wait_for_completion
won't return until the remote message processing completes or the connection
to the server is lost.
.\"
.\"
.\"
.Pp
.Fn dhcpctl_get_value
extracts a value of an attribute from the handle. The value can be of any
length and is treated as a sequence of bytes. The handle must have been
created first with
.Fn dhcpctl_new_object
and opened with
.Fn dhcpctl_open_object .
The value is returned via the parameter named
.Dq value .
The last parameter is the name of attribute to retrieve.
.Bd -literal -offset indent
dhcpctl_data_string value = NULL;
dhcpctl_handle lease;
time_t thetime;
s = dhcpctl_get_value (&value, lease, "ends");
assert(s == ISC_R_SUCCESS && value->len == sizeof(thetime));
memcpy(&thetime, value->value, value->len);
.Ed
.\"
.\"
.\"
.Pp
.Fn dhcpctl_get_boolean
extracts a boolean valued attribute from the object handle.
.\"
.\"
.\"
.Pp
The
.Fn dhcpctl_set_value ,
.Fn dhcpctl_set_string_value ,
.Fn dhcpctl_set_boolean_value ,
and
.Fn dhcpctl_set_int_value
functions all set a value on the object handle.
.\"
.\"
.\"
.Pp
.Fn dhcpctl_object_update
function queues a request for
all the changes made to the object handle be be sent to the remote
for processing. The changes made to the atributes on the handle will be
applied to remote object if permitted.
.\"
.\"
.\"
.Pp
.Fn dhcpctl_object_refresh
queues up a request for a fresh copy of all the attribute values to be sent
from the remote to
refresh the values in the local object handle.
.\"
.\"
.\"
.Pp
.Fn dhcpctl_object_remove
queues a request for the removal on the server of the object referenced by the
handle.
.\"
.\"
.\"
.Pp
The
.Fn dhcpctl_set_callback
function sets up a user-defined function to be called when an event completes
on the given object handle. This is needed for asynchronous handling of
events, versus the synchronous handling given by
.Fn dhcpctl_wait_for_completion .
When the function is called the first parameter is the object the event
arrived for, the second is the status of the message that was processed, the
third is the same value as the second parameter given to
.Fn dhcpctl_set_callback .
.\"
.\"
.\"
.Pp
The
.Fn dhcpctl_new_authenticator
creates a new authenticator object to be used for signing the messages
that cross over the network. The
.Dq name ,
.Dq algorithm ,
and
.Dq secret
values must all match what the server uses and are defined in its
configuration file. The created object is returned through the first parameter
and must be used as the 4th parameter to
.Fn dhcpctl_connect .
Note that the 'secret' value must not be base64 encoded, which is different
from how the value appears in the dhcpd.conf file.
.\"
.\"
.\"
.Pp
.Fn dhcpctl_new_object
creates a local handle for an object on the the server. The
.Dq object_type
parameter is the ascii name of the type of object being accessed. e.g.
.Qq lease .
This function only sets up local data structures, it does not queue any
messages
to be sent to the remote side,
.Fn dhcpctl_open_object
does that.
.\"
.\"
.\"
.Pp
.Fn dhcpctl_open_object
builds and queues the request to the remote side. This function is used with
handle created via
.Fn dhcpctl_new_object .
The flags argument is a bit mask with the following values available for
setting:
.Bl -tag -offset indent -width 20
.It DHCPCTL_CREATE
if the object does not exist then the remote will create it
.It DHCPCTL_UPDATE
update the object on the remote side using the
attributes already set in the handle.
.It DHCPCTL_EXCL
return and error if the object exists and DHCPCTL_CREATE
was also specified
.El
.\"
.\"
.\"
.Pp
The
.Fn omapi_data_string_new
function allocates a new
.Ft dhcpctl_data_string
object. The data string will be large enough to hold
.Dq length
bytes of data. The
.Dq file
and
.Dq lineno
arguments are the source file location the call is made from, typically by
using the
.Dv __FILE__
and
.Dv __LINE__
macros or the
.Dv MDL
macro defined in
.
.\"
.\"
.\"
.Pp
.Fn dhcpctl_data_string_dereference
deallocates a data string created by
.Fn omapi_data_string_new .
The memory for the object won't be freed until the last reference is
released.
.Sh EXAMPLES
.Pp
The following program will connect to the DHCP server running on the local
host and will get the details of the existing lease for IP address
10.0.0.101. It will then print out the time the lease is due to expire. Note
that most error checking has been ommitted for brevity.
.Bd -literal -offset indent
#include <stdarg.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <stdio.h>
#include <netinet/in.h>
#include <isc/result.h>
#include <dhcpctl.h>
int main (int argc, char **argv) {
dhcpctl_data_string ipaddrstring = NULL;
dhcpctl_data_string value = NULL;
dhcpctl_handle connection = NULL;
dhcpctl_handle lease = NULL;
isc_result_t waitstatus;
struct in_addr convaddr;
time_t thetime;
dhcpctl_initialize ();
dhcpctl_connect (&connection, "127.0.0.1",
7911, 0);
dhcpctl_new_object (&lease, connection,
"lease");
memset (&ipaddrstring, 0, sizeof
ipaddrstring);
inet_pton(AF_INET, "10.0.0.101",
&convaddr);
omapi_data_string_new (&ipaddrstring,
4, MDL);
memcpy(ipaddrstring->value, &convaddr.s_addr, 4);
dhcpctl_set_value (lease, ipaddrstring,
"ip-address");
dhcpctl_open_object (lease, connection, 0);
dhcpctl_wait_for_completion (lease,
&waitstatus);
if (waitstatus != ISC_R_SUCCESS) {
/* server not authoritative */
exit (0);
}
dhcpctl_data_string_dereference(&ipaddrstring,
MDL);
dhcpctl_get_value (&value, lease, "ends");
memcpy(&thetime, value->value, value->len);
dhcpctl_data_string_dereference(&value, MDL);
fprintf (stdout, "ending time is %s",
ctime(&thetime));
}
.Ed
.Sh SEE ALSO
omapi(3), omshell(3), dhcpd(8), dhclient(8), dhcpd.conf(5), dhclient.conf(5).
.Sh AUTHOR
.Em dhcpctl
was written by Ted Lemon of Nominum, Inc.
This preliminary documentation was written by James Brister of Nominum, Inc.

287
dhcpd-conf-to-ldap
View File

@ -11,9 +11,59 @@
# This script does not do much error checking. Make sure before you run this
# that the DHCP server doesn't give any errors about your config file
use Sys::Hostname;
# FailOver notes:
# Failover is disabled by default, since it may need manually intervention.
# You can try the '--use=failover' option to see what happens :-)
#
# If enabled, the failover pool references will be written to LDIF output.
# The failover configs itself will be added to the dhcpServer statements
# and not to the dhcpService object (since this script uses only one and
# it may be usefull to have multiple service containers in failover mode).
# Further, this script does not check if primary or secondary makes sense,
# it simply converts what it gets...
use Net::Domain qw(hostname hostfqdn hostdomain);
use Getopt::Long;
my $domain = hostdomain(); # your.domain
my $basedn = "dc=".$domain;
$basedn =~ s/\./,dc=/g; # dc=your,dc=domain
my $server = hostname(); # hostname (nodename)
my $dhcpcn = 'DHCP Config'; # CN of DHCP config tree
my $dhcpdn = "cn=$dhcpcn, $basedn"; # DHCP config tree DN
my $second = ''; # secondary server DN / hostname
my $i_conf = ''; # dhcp.conf file to read or stdin
my $o_ldif = ''; # output ldif file name or stdout
my @use = (); # extended flags (failover)
sub usage($;$)
{
my $rc = shift;
my $err= shift;
print STDERR "Error: $err\n\n" if(defined $err);
print STDERR <<__EOF_USAGE__;
usage:
$0 [options] < dhcpd.conf > dhcpd.ldif
options:
--basedn "dc=your,dc=domain" ("$basedn")
--dhcpdn "dhcp config DN" ("$dhcpdn")
--server "dhcp server name" ("$server")
--second "secondary server or DN" ("$second")
--conf "/path/to/dhcpd.conf" (default is stdin)
--ldif "/path/to/output.ldif" (default is stdout)
--use "extended features" (see source comments)
__EOF_USAGE__
exit($rc);
}
my $basedn = "dc=ntelos, dc=net";
sub next_token
{
@ -39,6 +89,14 @@ sub next_token
if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/)
{
if ($token =~ /^"/) {
#handle quoted token
if ($token !~ /"\s*$/)
{
($tok, $newline) = $newline =~ /([^"]+")(.*)/;
$token .= " $tok";
}
}
$line = $newline;
}
else
@ -56,14 +114,16 @@ sub next_token
sub remaining_line
{
local ($block) = shift || 0;
local ($tmp, $str);
$str = "";
while (($tmp = next_token (0)))
while (defined($tmp = next_token (0)))
{
$str .= ' ' if !($str eq "");
$str .= $tmp;
last if $tmp =~ /;\s*$/;
last if($block and $tmp =~ /\s*[}{]\s*$/);
}
$str =~ s/;$//;
@ -102,16 +162,25 @@ print_entry
if (!defined ($curentry{'type'}))
{
$host = hostname ();
$hostdn = "cn=$host, $basedn";
$hostdn = "cn=$server, $basedn";
print "dn: $hostdn\n";
print "cn: $server\n";
print "objectClass: top\n";
print "objectClass: dhcpServer\n";
print "cn: $host\n";
print "dhcpServiceDN: $current_dn\n\n";
print "dhcpServiceDN: $current_dn\n";
if(grep(/FaIlOvEr/i, @use))
{
foreach my $fo_peer (keys %failover)
{
next if(scalar(@{$failover{$fo_peer}}) <= 1);
print "dhcpStatements: failover peer $fo_peer { ",
join('; ', @{$failover{$fo_peer}}), "; }\n";
}
}
print "\n";
print "dn: $current_dn\n";
print "cn: DHCP Config\n";
print "cn: $dhcpcn\n";
print "objectClass: top\n";
print "objectClass: dhcpService\n";
if (defined ($curentry{'options'}))
@ -119,6 +188,10 @@ print_entry
print "objectClass: dhcpOptions\n";
}
print "dhcpPrimaryDN: $hostdn\n";
if(grep(/FaIlOvEr/i, @use) and ($second ne ''))
{
print "dhcpSecondaryDN: $second\n";
}
}
elsif ($curentry{'type'} eq 'subnet')
{
@ -132,9 +205,12 @@ print_entry
}
print "dhcpNetMask: " . $curentry{'netmask'} . "\n";
if (defined ($curentry{'range'}))
if (defined ($curentry{'ranges'}))
{
print "dhcpRange: " . $curentry{'range'} . "\n";
foreach $statement (@{$curentry{'ranges'}})
{
print "dhcpRange: $statement\n";
}
}
}
elsif ($curentry{'type'} eq 'shared-network')
@ -151,7 +227,7 @@ print_entry
elsif ($curentry{'type'} eq 'group')
{
print "dn: $current_dn\n";
print "cn: group\n";
print "cn: group", $curentry{'idx'}, "\n";
print "objectClass: top\n";
print "objectClass: dhcpGroup\n";
if (defined ($curentry{'options'}))
@ -172,13 +248,14 @@ print_entry
if (defined ($curentry{'hwaddress'}))
{
$curentry{'hwaddress'} =~ y/[A-Z]/[a-z]/;
print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n";
}
}
elsif ($curentry{'type'} eq 'pool')
{
print "dn: $current_dn\n";
print "cn: pool\n";
print "cn: pool", $curentry{'idx'}, "\n";
print "objectClass: top\n";
print "objectClass: dhcpPool\n";
if (defined ($curentry{'options'}))
@ -186,9 +263,12 @@ print_entry
print "objectClass: dhcpOptions\n";
}
if (defined ($curentry{'range'}))
if (defined ($curentry{'ranges'}))
{
print "dhcpRange: " . $curentry{'range'} . "\n";
foreach $statement (@{$curentry{'ranges'}})
{
print "dhcpRange: $statement\n";
}
}
}
elsif ($curentry{'type'} eq 'class')
@ -285,6 +365,8 @@ sub parse_subnet
$curentry{'type'} = 'subnet';
$curentry{'ip'} = $ip;
$curentry{'netmask'} = $netmask;
$cursubnet = $ip;
$curcounter{$ip} = { pool => 0, group => 0 };
}
@ -336,8 +418,16 @@ sub parse_group
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
add_dn_to_stack ("cn=group");
my $idx;
if(exists($curcounter{$cursubnet})) {
$idx = ++$curcounter{$cursubnet}->{'group'};
} else {
$idx = ++$curcounter{''}->{'group'};
}
add_dn_to_stack ("cn=group".$idx);
$curentry{'type'} = 'group';
$curentry{'idx'} = $idx;
}
@ -351,8 +441,16 @@ sub parse_pool
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
add_dn_to_stack ("cn=pool");
my $idx;
if(exists($curcounter{$cursubnet})) {
$idx = ++$curcounter{$cursubnet}->{'pool'};
} else {
$idx = ++$curcounter{''}->{'pool'};
}
add_dn_to_stack ("cn=pool".$idx);
$curentry{'type'} = 'pool';
$curentry{'idx'} = $idx;
}
@ -403,10 +501,10 @@ sub parse_hwaddress
{
local ($type, $hw, $tmp);
$type = next_token (0);
$type = next_token (1);
parse_error () if !defined ($type);
$hw = next_token (0);
$hw = next_token (1);
parse_error () if !defined ($hw);
$hw =~ s/;$//;
@ -423,7 +521,7 @@ sub parse_range
if (!($str eq ''))
{
$str =~ s/;$//;
$curentry{'range'} = $str;
push (@{$curentry{'ranges'}}, $str);
}
}
@ -438,6 +536,65 @@ sub parse_statement
$str = remaining_line ();
push (@{$curentry{'options'}}, $str);
}
elsif($token eq 'failover')
{
$str = remaining_line (1); # take care on block
if($str =~ /[{]/)
{
my ($peername, @statements);
parse_error() if($str !~ /^\s*peer\s+(.+?)\s+[{]\s*$/);
parse_error() if(($peername = $1) !~ /^\"?[^\"]+\"?$/);
#
# failover config block found:
# e.g. 'failover peer "some-name" {'
#
if(not grep(/FaIlOvEr/i, @use))
{
print STDERR "Warning: Failover config 'peer $peername' found!\n";
print STDERR " Skipping it, since failover disabled!\n";
print STDERR " You may try out --use=failover option.\n";
}
until($str =~ /[}]/ or $str eq "")
{
$str = remaining_line (1);
# collect all statements, except ending '}'
push(@statements, $str) if($str !~ /[}]/);
}
$failover{$peername} = [@statements];
}
else
{
#
# pool reference to failover config is fine
# e.g. 'failover peer "some-name";'
#
if(not grep(/FaIlOvEr/i, @use))
{
print STDERR "Warning: Failover reference '$str' found!\n";
print STDERR " Skipping it, since failover disabled!\n";
print STDERR " You may try out --use=failover option.\n";
}
else
{
push (@{$curentry{'statements'}}, $token. " " . $str);
}
}
}
elsif($token eq 'zone')
{
$str = $token;
while($str !~ /}$/) {
$str .= ' ' . next_token (0);
}
push (@{$curentry{'statements'}}, $str);
}
elsif($token =~ /^(authoritative)[;]*$/)
{
push (@{$curentry{'statements'}}, $1);
}
else
{
$str = $token . " " . remaining_line ();
@ -446,21 +603,103 @@ sub parse_statement
}
my $ok = GetOptions(
'basedn=s' => \$basedn,
'dhcpdn=s' => \$dhcpdn,
'server=s' => \$server,
'second=s' => \$second,
'conf=s' => \$i_conf,
'ldif=s' => \$o_ldif,
'use=s' => \@use,
'h|help|usage' => sub { usage(0); },
);
unless($server =~ /^\w+/)
{
usage(1, "invalid server name '$server'");
}
unless($basedn =~ /^\w+=[^,]+/)
{
usage(1, "invalid base dn '$basedn'");
}
if($dhcpdn =~ /^cn=([^,]+)/i)
{
$dhcpcn = "$1";
}
$second = '' if not defined $second;
unless($second eq '' or $second =~ /^cn=[^,]+\s*,\s*\w+=[^,]+/i)
{
if($second =~ /^cn=[^,]+$/i)
{
# relative DN 'cn=name'
$second = "$second, $basedn";
}
elsif($second =~ /^\w+/)
{
# assume hostname only
$second = "cn=$second, $basedn";
}
else
{
usage(1, "invalid secondary '$second'")
}
}
usage(1) unless($ok);
if($i_conf ne "" and -f $i_conf)
{
if(not open(STDIN, '<', $i_conf))
{
print STDERR "Error: can't open conf file '$i_conf': $!\n";
exit(1);
}
}
if($o_ldif ne "")
{
if(-e $o_ldif)
{
print STDERR "Error: output ldif name '$o_ldif' already exists!\n";
exit(1);
}
if(not open(STDOUT, '>', $o_ldif))
{
print STDERR "Error: can't open ldif file '$o_ldif': $!\n";
exit(1);
}
}
print STDERR "Creating LDAP Configuration with the following options:\n";
print STDERR "\tBase DN: $basedn\n";
print STDERR "\tDHCP DN: $dhcpdn\n";
print STDERR "\tServer DN: cn=$server, $basedn\n";
print STDERR "\tSecondary DN: $second\n"
if(grep(/FaIlOvEr/i, @use) and $second ne '');
print STDERR "\n";
my $token;
my $token_number = 0;
my $line_number = 0;
my %curentry;
my $cursubnet = '';
my %curcounter = ( '' => { pool => 0, group => 0 } );
$current_dn = "cn=DHCP Config, $basedn";
$curentry{'descr'} = 'DHCP Config';
$current_dn = "$dhcpdn";
$curentry{'descr'} = $dhcpcn;
$line = '';
%failover = ();
while (($token = next_token (1)))
{
if ($token eq '}')
{
print_entry () if %curentry;
remove_dn_from_stack ();
if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
# don't go below dhcpdn ...
remove_dn_from_stack ();
}
}
elsif ($token eq 'subnet')
{
@ -514,4 +753,8 @@ while (($token = next_token (1)))
}
}
close(STDIN) if($i_conf);
close(STDOUT) if($o_ldif);
print STDERR "Done.\n";

2682
dhcpd.conf.5 Normal file
View File

File diff suppressed because it is too large Load Diff

15
dhcpd.init
View File

@ -2,8 +2,8 @@
#
### BEGIN INIT INFO
# Provides: dhcpd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Default-Start:
# Default-Stop:
# Should-Start:
# Required-Start: $network
# Required-Stop:
@ -14,7 +14,7 @@
#
# The fields below are left around for legacy tools (will remove later).
#
# chkconfig: - 65 35
# chkconfig: -
# description: dhcpd provides the Dynamic Host Configuration Protocol (DHCP) \
# server
# processname: dhcpd
@ -30,6 +30,7 @@ prog=dhcpd
dhcpd=/usr/sbin/dhcpd
lockfile=/var/lock/subsys/dhcpd
pidfile=/var/run/dhcpd.pid
statedir=/var/lib/dhcpd
[ -f /etc/sysconfig/dhcpd ] && . /etc/sysconfig/dhcpd
@ -50,10 +51,10 @@ findConfig() {
conf="$(findConfig "$DHCPDARGS")"
if [ ! -f /var/lib/dhcpd/dhcpd.leases ] ; then
mkdir -p /var/lib/dhcpd
touch /var/lib/dhcpd/dhcpd.leases
[ -x /sbin/restorecon ] && [ -d /selinux ] && /sbin/restorecon /var/lib/dhcpd/dhcpd.leases >/dev/null 2>&1
if [ ! -f $statedir/dhcpd.leases ] ; then
mkdir -p $statedir
touch $statedir/dhcpd.leases
[ -x /sbin/restorecon ] && [ -d /selinux ] && /sbin/restorecon $statedir/dhcpd.leases >/dev/null 2>&1
fi
configtest() {

6
dhcrelay.init
View File

@ -2,8 +2,8 @@
#
### BEGIN INIT INFO
# Provides: dhcrelay
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Default-Start:
# Default-Stop:
# Should-Start:
# Required-Start: $network
# Required-Stop:
@ -15,7 +15,7 @@
#
# The fields below are left around for legacy tools (will remove later).
#
# chkconfig: - 66 34
# chkconfig: -
# description: dhcrelay provides a relay for Dynamic Host Control Protocol.
# processname: dhcrelay
# # pidfile: /var/run/dhcrelay.pid

26
get-ldap-patch.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/bash
#
# Fetch latest version of LDAP patch. The patch is downloaded and split in
# the ldap/ subdirectory. It is up to the packager to merge the updates with
# the RPM.
#
# Upstream: http://home.ntelos.net/~masneyb/
#
# David Cantrell <dcantrell@redhat.com>
#
CWD=$(pwd)
rm -f masneyb.html-$$
wget -O masneyb.html-$$ http://home.ntelos.net/~masneyb
p="$(grep "ldap-patch" masneyb.html-$$ | cut -d '>' -f 3 | cut -d '<' -f 1)"
rm -f masneyb.html-$$
rm -rf ldap/
mkdir -p ldap/
cd ldap/
wget -N http://home.ntelos.net/~masneyb/$p
splitdiff -a -d $p
rm -f $p
rm -f *_debian_*