rpms/dhcp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import dhcp-4.3.6-44.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-05-18 02:36:38 -04:00 committed by Andrew Lukoshko
parent af0ca90a48
commit b023370a40
3 changed files with 215 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
SOURCES/12-dhcpd
View File

@ -1,19 +0,0 @@
#!/bin/bash
INTERFACE=$1 # The interface which is brought up or down
STATUS=$2 # The new state of the interface
# whenever interface is brought up by NM (rhbz #565921)
if [ "$STATUS" = "up" ]; then
# wait a few seconds to allow interface startup to complete
# (important at boot time without this the service still fails
# time-out for dispatcher script is 3s (rhbz#1003695#8)
sleep 2
# restart the services
# In case this dispatcher script is called several times in a short period of time, it might happen that
# systemd refuses to further restart the units. Therefore we use reset-failed command to prevent it.
systemctl -q is-enabled dhcpd.service && systemctl restart dhcpd.service && systemctl reset-failed dhcpd.service
systemctl -q is-enabled dhcpd6.service && systemctl restart dhcpd6.service && systemctl reset-failed dhcpd6.service
fi
exit 0

200
SOURCES/dhcp-key_algorithm.patch Normal file
View File

@ -0,0 +1,200 @@
From e6ffc27f24321017a5ad9af3707f4e2e54bbac74 Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <tmark@isc.org>
Date: Mon, 11 Dec 2017 07:19:43 -0500
Subject: [PATCH] [master] Adds key-algorithm statement to omshell
Merges in rt46771.
---
RELNOTES | 7 +++++++
common/conflex.c | 2 ++
dhcpctl/omshell.1 | 32 ++++++++++++++++++++++++--------
dhcpctl/omshell.c | 38 +++++++++++++++++++++++++++++++++++---
includes/dhctoken.h | 3 ++-
5 files changed, 70 insertions(+), 12 deletions(-)
diff --git a/common/conflex.c b/common/conflex.c
index 8ce024af..045b655d 100644
--- a/common/conflex.c
+++ b/common/conflex.c
@@ -1104,6 +1104,8 @@ intern(char *atom, enum dhcp_token dfv) {
}
if (!strcasecmp (atom + 1, "ey"))
return KEY;
+ if (!strcasecmp (atom + 1, "ey-algorithm"))
+ return KEY_ALGORITHM;
break;
case 'l':
if (!strcasecmp (atom + 1, "case"))
diff --git a/dhcpctl/omshell.1 b/dhcpctl/omshell.1
index 4846272a..2f55e965 100644
--- a/dhcpctl/omshell.1
+++ b/dhcpctl/omshell.1
@@ -1,7 +1,6 @@
.\" $Id: omshell.1,v 1.6 2009/11/24 02:06:56 sar Exp $
.\"
-.\" Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (c) 2004,2009 by Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 2001-2003 by Internet Software Consortium
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -81,7 +80,24 @@ where number is the port that OMAPI listens on. By default, this is 7911.
This specifies the TSIG key to use to authenticate the OMAPI transactions.
\fIname\fR is the name of a key defined in \fIdhcpd.conf\fR with the
\fBomapi-key\fR statement. The \fIsecret\fR is the secret key generated from
-\fBdnssec-keygen\fR or another key generation program.
+\fBdnssec-keygen\fR or another key generation program. The key algorithm is
+assumed to be HMAC-MD5 key. If a different algorithm was specified in dhcpd.conf
+file for the key, then it must be specified via the \fIkey-algorithm\fR statement.
+.RE
+.PP
+.B key-algorithm \fIalgorithm\fR
+.RS 0.5i
+This specifies the cryptographic algorithm for the key used when authenticating OMAPI
+transactions. Supported values for \fIalgorithm\fR are:
+.nf
+ HMAC-MD5
+ HMAC-SHA1
+ HMAC-SHA224
+ HMAC-SHA256
+ HMAC-SHA384
+ HMAC-SHA512
+fi
+The default is HMAC-MD5. (Value is not case sensitive).
.RE
.PP
.B connect
@@ -253,7 +269,7 @@ name = "some-host"
hardware-address = 00:80:c7:84:b1:94
hardware-type = 00:00:00:01
ip-address = c0:a8:04:28
->
+>
.fi
.PP
Your dhcpd.leases file would then have an entry like this in it:
@@ -267,7 +283,7 @@ host some-host {
.fi
.PP
The \fIdynamic;\fR line is to denote that this host entry did not come from
-dhcpd.conf, but was created dynamically via OMAPI.
+dhcpd.conf, but was created dynamically via OMAPI.
.SH RESETTING ATTRIBUTES
.PP
If you want to remove an attribute from an object, you can do this with the
@@ -288,7 +304,7 @@ name = "some-host"
hardware-address = 00:80:c7:84:b1:94
hardware-type = 00:00:00:01
ip-address = <null>
->
+>
.fi
.SH REFRESHING OBJECTS
.PP
@@ -300,7 +316,7 @@ particularly useful for hosts.
.PP
Any remote object that can be created can also be destroyed. This is done by
creating a new local object, setting attributes, associating the local and
-remote object using \fBopen\fR, and then using the \fBremove\fR command.
+remote object using \fBopen\fR, and then using the \fBremove\fR command.
If the host "some-host" from before was created in error, this could be
corrected as follows:
.nf
@@ -312,7 +328,7 @@ hardware-type = 00:00:00:01
ip-address = c0:a8:04:28
> remove
obj: <null>
->
+>
.fi
.SH HELP
.PP
diff --git a/dhcpctl/omshell.c b/dhcpctl/omshell.c
index c42bab1a..9233f50e 100644
--- a/dhcpctl/omshell.c
+++ b/dhcpctl/omshell.c
@@ -321,12 +321,42 @@ main(int argc, char **argv) {
}
break;
+ case KEY_ALGORITHM:
+ /* Algorithm is optional */
+ token = next_token (&val, (unsigned *)0, cfile);
+ if (token != NAME || !is_identifier(token)) {
+ printf ("missing or invalid algorithm name\n");
+ printf ("usage: key-algoritm <algorithm name>\n");
+ skip_to_semi (cfile);
+ break;
+ }
+
+ s = dmalloc (strlen (val) + 1, MDL);
+ if (!s) {
+ printf ("no memory for algorithm name.\n");
+ skip_to_semi (cfile);
+ break;
+ }
+
+ strcpy (s, val);
+ algorithm = s;
+
+ token = next_token (&val, (unsigned *)0, cfile);
+ if (token != END_OF_FILE && token != EOL) {
+ printf ("extra information after %s\n", algorithm);
+ printf ("usage: key-algorithm <algorithm name>\n");
+ skip_to_semi (cfile);
+ break;
+ }
+
+ break;
+
case KEY:
token = peek_token(&val, (unsigned *)0, cfile);
if (token == STRING) {
token = next_token (&val, (unsigned *)0, cfile);
if (!is_identifier (token)) {
- printf ("usage: key <name> <value>\n");
+ printf ("usage: key <name> <value>\n");
skip_to_semi (cfile);
break;
}
@@ -340,7 +370,7 @@ main(int argc, char **argv) {
} else {
s = parse_host_name(cfile);
if (s == NULL) {
- printf ("usage: key <name> <value>\n");
+ printf ("usage: key <name> <value>\n");
skip_to_semi(cfile);
break;
}
@@ -352,12 +382,14 @@ main(int argc, char **argv) {
skip_to_semi (cfile);
break;
}
+
token = next_token (&val, (unsigned *)0, cfile);
if (token != END_OF_FILE && token != EOL) {
- printf ("usage: key <name> <secret>\n");
+ printf ("usage: key <name> <value> {algorithm}\n");
skip_to_semi (cfile);
break;
}
+
break;
case CONNECT:
diff --git a/includes/dhctoken.h b/includes/dhctoken.h
index 6fc4df3..ca24d4c 100644
--- a/includes/dhctoken.h
+++ b/includes/dhctoken.h
@@ -374,8 +374,9 @@ enum dhcp_token {
LEASE_ID_FORMAT = 676,
TOKEN_HEX = 677,
TOKEN_OCTAL = 678,
- BOOTP_BROADCAST_ALWAYS = 679,
- DESTINATION_DESCRIPTOR = 680
+ KEY_ALGORITHM = 679,
+ BOOTP_BROADCAST_ALWAYS = 680,
+ DESTINATION_DESCRIPTOR = 681
};
#define is_identifier(x) ((x) >= FIRST_TOKEN && \

20
SPECS/dhcp.spec
View File

@ -16,7 +16,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.3.6
Release: 41%{?dist}
Release: 44%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@ -28,7 +28,6 @@ Source0: ftp://ftp.isc.org/isc/dhcp/%{DHCPVERSION}/dhcp-%{DHCPVERSION}.tar.gz
Source1: dhclient-script
Source2: README.dhclient.d
Source3: 11-dhclient
Source4: 12-dhcpd
Source5: 56dhclient
Source6: dhcpd.service
Source7: dhcpd6.service
@ -83,6 +82,7 @@ Patch46: dhcp-dhclient_ipv6_prefix.patch
Patch47: dhcp-isc_heap_delete.patch
Patch48: dhcp-bind-9.11.patch
Patch49: dhcp-detect-system-time-jumps.patch
Patch50: dhcp-key_algorithm.patch
BuildRequires: autoconf
BuildRequires: automake
@ -358,6 +358,9 @@ rm bind/bind.tar.gz
%patch49 -p1 -b .time-change
# https://github.com/isc-projects/dhcp/commit/e6ffc27f24321017a5ad9af3707f4e2e54bbac74
%patch50 -p1 -b .key-alg
# Update paths in all man pages
for page in client/dhclient.conf.5 client/dhclient.leases.5 \
client/dhclient-script.8 client/dhclient.8 ; do
@ -430,8 +433,6 @@ mkdir -p %{buildroot}%{dhcpconfdir}/dhclient.d
# NetworkManager dispatcher script
mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
install -p -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
## https://bugzilla.redhat.com/show_bug.cgi?id=1685560
install -p -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
# pm-utils script to handle suspend/resume and dhclient leases
install -D -p -m 0755 %{SOURCE5} %{buildroot}%{_libdir}/pm-utils/sleep.d/56dhclient
@ -631,7 +632,6 @@ done
%config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema
%dir %{_sysconfdir}/NetworkManager
%dir %{_sysconfdir}/NetworkManager/dispatcher.d
%{_sysconfdir}/NetworkManager/dispatcher.d/12-dhcpd
%attr(0644,root,root) %{_unitdir}/dhcpd.service
%attr(0644,root,root) %{_unitdir}/dhcpd6.service
%{_sbindir}/dhcpd
@ -694,6 +694,16 @@ done
%endif
%changelog
* Fri Dec 11 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-44
- Rebuild with new bind (#1904613)
* Wed Nov 25 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-43
- Drop 12-dhcp NM dispatchers script (#1898423)
* Tue Oct 20 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-42
- Add key-algorithm support.
- Resolves: rhbz#1883999
* Mon Apr 20 2020 Artem Egorenkov <aegorenk@redhat.com> - 12:4.3.6-41
- Rebuild with bind-9.11.18