75f12b
From e6ffc27f24321017a5ad9af3707f4e2e54bbac74 Mon Sep 17 00:00:00 2001
75f12b
From: Thomas Markwalder <tmark@isc.org>
75f12b
Date: Mon, 11 Dec 2017 07:19:43 -0500
75f12b
Subject: [PATCH] [master] Adds key-algorithm statement to omshell
75f12b
75f12b
    Merges in rt46771.
75f12b
---
75f12b
 RELNOTES            |  7 +++++++
75f12b
 common/conflex.c    |  2 ++
75f12b
 dhcpctl/omshell.1   | 32 ++++++++++++++++++++++++--------
75f12b
 dhcpctl/omshell.c   | 38 +++++++++++++++++++++++++++++++++++---
75f12b
 includes/dhctoken.h |  3 ++-
75f12b
 5 files changed, 70 insertions(+), 12 deletions(-)
75f12b
75f12b
diff --git a/common/conflex.c b/common/conflex.c
75f12b
index 8ce024af..045b655d 100644
75f12b
--- a/common/conflex.c
75f12b
+++ b/common/conflex.c
75f12b
@@ -1104,6 +1104,8 @@ intern(char *atom, enum dhcp_token dfv) {
75f12b
 		}
75f12b
 		if (!strcasecmp (atom + 1, "ey"))
75f12b
 			return KEY;
75f12b
+		if (!strcasecmp (atom + 1, "ey-algorithm"))
75f12b
+			return KEY_ALGORITHM;
75f12b
 		break;
75f12b
 	      case 'l':
75f12b
 		if (!strcasecmp (atom + 1, "case"))
75f12b
diff --git a/dhcpctl/omshell.1 b/dhcpctl/omshell.1
75f12b
index 4846272a..2f55e965 100644
75f12b
--- a/dhcpctl/omshell.1
75f12b
+++ b/dhcpctl/omshell.1
75f12b
@@ -1,7 +1,6 @@
75f12b
 .\"	$Id: omshell.1,v 1.6 2009/11/24 02:06:56 sar Exp $
75f12b
 .\"
75f12b
-.\" Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
75f12b
-.\" Copyright (c) 2004,2009 by Internet Systems Consortium, Inc. ("ISC")
75f12b
+.\" Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
75f12b
 .\" Copyright (c) 2001-2003 by Internet Software Consortium
75f12b
 .\"
75f12b
 .\" Permission to use, copy, modify, and distribute this software for any
75f12b
@@ -81,7 +80,24 @@ where number is the port that OMAPI listens on.  By default, this is 7911.
75f12b
 This specifies the TSIG key to use to authenticate the OMAPI transactions.
75f12b
 \fIname\fR is the name of a key defined in \fIdhcpd.conf\fR with the
75f12b
 \fBomapi-key\fR statement.  The \fIsecret\fR is the secret key generated from
75f12b
-\fBdnssec-keygen\fR or another key generation program.
75f12b
+\fBdnssec-keygen\fR or another key generation program.  The key algorithm is
75f12b
+assumed to be HMAC-MD5 key. If a different algorithm was specified in dhcpd.conf
75f12b
+file for the key, then it must be specified via the \fIkey-algorithm\fR statement.
75f12b
+.RE
75f12b
+.PP
75f12b
+.B key-algorithm \fIalgorithm\fR
75f12b
+.RS 0.5i
75f12b
+This specifies the cryptographic algorithm for the key used when authenticating OMAPI
75f12b
+transactions. Supported values for \fIalgorithm\fR are:
75f12b
+.nf
75f12b
+        HMAC-MD5
75f12b
+        HMAC-SHA1
75f12b
+        HMAC-SHA224
75f12b
+        HMAC-SHA256
75f12b
+        HMAC-SHA384
75f12b
+        HMAC-SHA512
75f12b
+fi
75f12b
+The default is HMAC-MD5. (Value is not case sensitive).
75f12b
 .RE
75f12b
 .PP
75f12b
 .B connect
75f12b
@@ -253,7 +269,7 @@ name = "some-host"
75f12b
 hardware-address = 00:80:c7:84:b1:94
75f12b
 hardware-type = 00:00:00:01
75f12b
 ip-address = c0:a8:04:28
75f12b
-> 
75f12b
+>
75f12b
 .fi
75f12b
 .PP
75f12b
 Your dhcpd.leases file would then have an entry like this in it:
75f12b
@@ -267,7 +283,7 @@ host some-host {
75f12b
 .fi
75f12b
 .PP
75f12b
 The \fIdynamic;\fR line is to denote that this host entry did not come from
75f12b
-dhcpd.conf, but was created dynamically via OMAPI.  
75f12b
+dhcpd.conf, but was created dynamically via OMAPI.
75f12b
 .SH RESETTING ATTRIBUTES
75f12b
 .PP
75f12b
 If you want to remove an attribute from an object, you can do this with the
75f12b
@@ -288,7 +304,7 @@ name = "some-host"
75f12b
 hardware-address = 00:80:c7:84:b1:94
75f12b
 hardware-type = 00:00:00:01
75f12b
 ip-address = <null>
75f12b
-> 
75f12b
+>
75f12b
 .fi
75f12b
 .SH REFRESHING OBJECTS
75f12b
 .PP
75f12b
@@ -300,7 +316,7 @@ particularly useful for hosts.
75f12b
 .PP
75f12b
 Any remote object that can be created can also be destroyed.  This is done by
75f12b
 creating a new local object, setting attributes, associating the local and
75f12b
-remote object using \fBopen\fR, and then using the \fBremove\fR command. 
75f12b
+remote object using \fBopen\fR, and then using the \fBremove\fR command.
75f12b
 If the host "some-host" from before was created in error, this could be
75f12b
 corrected as follows:
75f12b
 .nf
75f12b
@@ -312,7 +328,7 @@ hardware-type = 00:00:00:01
75f12b
 ip-address = c0:a8:04:28
75f12b
 > remove
75f12b
 obj: <null>
75f12b
-> 
75f12b
+>
75f12b
 .fi
75f12b
 .SH HELP
75f12b
 .PP
75f12b
diff --git a/dhcpctl/omshell.c b/dhcpctl/omshell.c
75f12b
index c42bab1a..9233f50e 100644
75f12b
--- a/dhcpctl/omshell.c
75f12b
+++ b/dhcpctl/omshell.c
75f12b
@@ -321,12 +321,42 @@ main(int argc, char **argv) {
75f12b
 		    }
75f12b
 		    break;
75f12b
 
75f12b
+		  case KEY_ALGORITHM:
75f12b
+		    /* Algorithm is optional */
75f12b
+		    token = next_token (&val, (unsigned *)0, cfile);
75f12b
+		    if (token != NAME || !is_identifier(token)) {
75f12b
+			printf ("missing or invalid algorithm name\n");
75f12b
+			printf ("usage: key-algoritm <algorithm name>\n");
75f12b
+			skip_to_semi (cfile);
75f12b
+			break;
75f12b
+		    }
75f12b
+
75f12b
+		    s = dmalloc (strlen (val) + 1, MDL);
75f12b
+		    if (!s) {
75f12b
+			printf ("no memory for algorithm name.\n");
75f12b
+			skip_to_semi (cfile);
75f12b
+			break;
75f12b
+		    }
75f12b
+
75f12b
+		    strcpy (s, val);
75f12b
+		    algorithm = s;
75f12b
+
75f12b
+		    token = next_token (&val, (unsigned *)0, cfile);
75f12b
+		    if (token != END_OF_FILE && token != EOL) {
75f12b
+			    printf ("extra information after %s\n", algorithm);
75f12b
+			    printf ("usage: key-algorithm <algorithm name>\n");
75f12b
+			    skip_to_semi (cfile);
75f12b
+			    break;
75f12b
+		    }
75f12b
+
75f12b
+		    break;
75f12b
+
75f12b
 		  case KEY:
75f12b
 		    token = peek_token(&val, (unsigned *)0, cfile);
75f12b
 		    if (token == STRING) {
75f12b
 			    token = next_token (&val, (unsigned *)0, cfile);
75f12b
 			    if (!is_identifier (token)) {
75f12b
-				    printf ("usage: key <name> <value>\n");
75f12b
+			            printf ("usage: key <name> <value>\n");
75f12b
 				    skip_to_semi (cfile);
75f12b
 				    break;
75f12b
 			    }
75f12b
@@ -340,7 +370,7 @@ main(int argc, char **argv) {
75f12b
 		    } else {
75f12b
 			    s = parse_host_name(cfile);
75f12b
 			    if (s == NULL) {
75f12b
-				    printf ("usage: key <name> <value>\n");
75f12b
+			            printf ("usage: key <name> <value>\n");
75f12b
 				    skip_to_semi(cfile);
75f12b
 				    break;
75f12b
 			    }
75f12b
@@ -352,12 +382,14 @@ main(int argc, char **argv) {
75f12b
 			    skip_to_semi (cfile);
75f12b
 			    break;
75f12b
 		    }
75f12b
+
75f12b
 		    token = next_token (&val, (unsigned *)0, cfile);
75f12b
 		    if (token != END_OF_FILE && token != EOL) {
75f12b
-			    printf ("usage: key <name> <secret>\n");
75f12b
+			    printf ("usage: key <name> <value> {algorithm}\n");
75f12b
 			    skip_to_semi (cfile);
75f12b
 			    break;
75f12b
 		    }
75f12b
+
75f12b
 		    break;
75f12b
 
75f12b
 		  case CONNECT:
75f12b
diff --git a/includes/dhctoken.h b/includes/dhctoken.h
75f12b
index 6fc4df3..ca24d4c 100644
75f12b
--- a/includes/dhctoken.h
75f12b
+++ b/includes/dhctoken.h
75f12b
@@ -374,8 +374,9 @@ enum dhcp_token {
75f12b
 	LEASE_ID_FORMAT = 676,
75f12b
 	TOKEN_HEX = 677,
75f12b
 	TOKEN_OCTAL = 678,
75f12b
-	BOOTP_BROADCAST_ALWAYS = 679,
75f12b
-	DESTINATION_DESCRIPTOR = 680
75f12b
+	KEY_ALGORITHM = 679,
75f12b
+	BOOTP_BROADCAST_ALWAYS = 680,
75f12b
+	DESTINATION_DESCRIPTOR = 681
75f12b
 };
75f12b
 
75f12b
 #define is_identifier(x)	((x) >= FIRST_TOKEN &&	\