rpms/dhcp/devel dhclient-script.8, NONE, 1.1 dhclient.8, NONE, 1.1 dhclient.conf.5, NONE, 1.1 dhcp-options.5, NONE, 1.1 dhcpctl.3, NONE, 1.1 dhcpd.conf.5, NONE, 1.1 get-ldap-patch.sh, NONE, 1.1 README.ldap, 1.3, 1.4 dhcp-3.1.0-ldap-configuration.patch, 1.1, 1.2 dhcp.schema, 1.1, 1.2 dhcp.spec, 1.182, 1.183 dhcpd-conf-to-ldap, 1.5, 1.6 dhcpd.init, 1.20, 1.21 dhcrelay.init, 1.5, 1.6 dhcp-3.0.6-manpages.patch, 1.2, NONE
David Cantrell (dcantrel)
fedora-extras-commits at redhat.com
Mon Nov 12 23:16:44 UTC 2007
- Previous message (by thread): rpms/selinux-policy/F-7 policy-20070501.patch, 1.74, 1.75 selinux-policy.spec, 1.504, 1.505
- Next message (by thread): rpms/sugar/OLPC-2 .cvsignore, 1.78, 1.79 sources, 1.87, 1.88 sugar.spec, 1.99, 1.100
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dcantrel
Update of /cvs/pkgs/rpms/dhcp/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19009
Modified Files:
README.ldap dhcp-3.1.0-ldap-configuration.patch dhcp.schema
dhcp.spec dhcpd-conf-to-ldap dhcpd.init dhcrelay.init
Added Files:
dhclient-script.8 dhclient.8 dhclient.conf.5 dhcp-options.5
dhcpctl.3 dhcpd.conf.5 get-ldap-patch.sh
Removed Files:
dhcp-3.0.6-manpages.patch
Log Message:
* Mon Nov 12 2007 David Cantrell <dcantrell at redhat.com> - 12:3.1.0-8
- Put dhcp.schema in /etc/openldap/schema (#330471)
- Remove manpages patch and keep modified man pages as Source files
- Improve dhclient.8 man page to list options in a style consistent
with most other man pages on the planet
- Upgrade to latest dhcp LDAP patch, which brings in a new dhcpd-conf-to-ldap
script, updated schema file, and other bug fixes including SSL support for
LDAP authentication (#375711)
- Do not run dhcpd and dhcrelay services by default (#362321)
***** Error reading new file: [Errno 2] No such file or directory: 'dhclient-script.8'
***** Error reading new file: [Errno 2] No such file or directory: 'dhclient.8'
***** Error reading new file: [Errno 2] No such file or directory: 'dhclient.conf.5'
***** Error reading new file: [Errno 2] No such file or directory: 'dhcp-options.5'
***** Error reading new file: [Errno 2] No such file or directory: 'dhcpctl.3'
***** Error reading new file: [Errno 2] No such file or directory: 'dhcpd.conf.5'
--- NEW FILE get-ldap-patch.sh ---
#!/bin/bash
#
# Fetch latest version of LDAP patch. The patch is downloaded and split in
# the ldap/ subdirectory. It is up to the packager to merge the updates with
# the RPM.
#
# Upstream: http://home.ntelos.net/~masneyb/
#
# David Cantrell <dcantrell at redhat.com>
#
CWD=$(pwd)
rm -f masneyb.html-$$
wget -O masneyb.html-$$ http://home.ntelos.net/~masneyb
p="$(grep "ldap-patch" masneyb.html-$$ | cut -d '>' -f 3 | cut -d '<' -f 1)"
rm -f masneyb.html-$$
rm -rf ldap/
mkdir -p ldap/
cd ldap/
wget -N http://home.ntelos.net/~masneyb/$p
splitdiff -a -d $p
rm -f $p
rm -f *_debian_*
Index: README.ldap
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/devel/README.ldap,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- README.ldap 5 Mar 2007 22:51:29 -0000 1.3
+++ README.ldap 12 Nov 2007 23:16:08 -0000 1.4
@@ -1,51 +1,61 @@
LDAP Support in DHCP
Brian Masney <masneyb at ntelos.net>
-Last updated 8/16/2002
+Last updated 3/23/2003
-This document describes setting up the DHCP server to read it's configuration
-from LDAP. This work is based on the IETF document
-draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the latest
-version of this document, please see http://home.ntelos.net/~masneyb.
+This document describes setting up the DHCP server to read it's configuration
+from LDAP. This work is based on the IETF document
+draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the
+latest version of this document, please see http://home.ntelos.net/~masneyb.
-First question on most people's mind is "Why do I want to store my
-configuration in LDAP?" If you run a small DHCP server, and the configuration
+First question on most people's mind is "Why do I want to store my
+configuration in LDAP?" If you run a small DHCP server, and the configuration
on it rarely changes, then you won't need to store your configuration in LDAP.
-But, if you have several DHCP servers, and you want an easy way to manage your
-configuration, this can be a solution.
+But, if you have several DHCP servers, and you want an easy way to manage your
+configuration, this can be a solution.
-The first step will be to setup your LDAP server. I am using OpenLDAP from
-www.openldap.org. Building and installing OpenLDAP is beyond the scope of this
-document. There is plenty of documentation out there about this. Once you have
-OpenLDAP installed, you will have to edit your slapd.conf file. I added the
-following 2 lines to my configuration file:
+The first step will be to setup your LDAP server. I am using OpenLDAP from
+www.openldap.org. Building and installing OpenLDAP is beyond the scope of
+this document. There is plenty of documentation out there about this. Once
+you have OpenLDAP installed, you will have to edit your slapd.conf file. I
+added the following 2 lines to my configuration file:
include /etc/ldap/schema/dhcp.schema
-index dhcpHWAddress eq
-index dhcpClassData eq
+index dhcpHWAddress eq
+index dhcpClassData eq
-The first line tells it to include the dhcp schema file. You will find this
-file under the contrib directory in this distribution. You will need to copy
+The first line tells it to include the dhcp schema file. You will find this
+file under the contrib directory in this distribution. You will need to copy
this file to where your other schema files are (maybe
-/usr/local/openldap/etc/openldap/schema/). The second line sets up
-an index for the dhcpHWAddress parameter. The third parameter is for reading
-subclasses from LDAP every time a DHCP request comes in. Make sure you run the
-slapindex command and restart slapd to have these changes to into effect.
-
-Now that you have LDAP setup, you should be able to use gq (http://biot.com/gq/)
-to verify that the dhcp schema file is loaded into LDAP. Pull up gq, and click
-on the Schema tab. Go under objectClasses, and you should see at least the
-following object classes listed: dhcpClass, dhcpGroup, dhcpHost, dhcpOptions,
-dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork, dhcpSubClass, and
-dhcpSubnet. If you do not see these, you need to check over your LDAP
-configuration before you go any further.
-
-You should be ready to build DHCP. Edit the includes/site.h file and uncomment
-the #define LDAP_CONFIGURATION. Now run configure in the base source directory.
-Edit the work.os/server/Makefile and add -lldap to the LIBS= line. (replace os
-with your operating system, linux-2.2 on my machine). You should be able to
-type make to build your DHCP server.
+/usr/local/openldap/etc/openldap/schema/). The second line sets up an index
+for the dhcpHWAddress parameter. The third parameter is for reading subclasses
+from LDAP every time a DHCP request comes in. Make sure you run the slapindex
+command and restart slapd to have these changes to into effect.
+
+Now that you have LDAP setup, you should be able to use gq
+(http://biot.com/gq/) to verify that the dhcp schema file is loaded into LDAP.
+Pull up gq, and click on the Schema tab. Go under objectClasses, and you
+should see at least the following object classes listed: dhcpClass, dhcpGroup,
+dhcpHost, dhcpOptions, dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork,
+dhcpSubClass, and dhcpSubnet. If you do not see these, you need to check over
+your LDAP configuration before you go any further.
+
+You should now be ready to build DHCP. If you would like to enable LDAP over
+SSL, you will need to perform the following steps:
+
+ * Edit the includes/site.h file and uncomment the USE_SSL line
+ or specify "-DUSE_SSL" via CFLAGS.
+ * Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
+ from the SRC= and OBJ= lines (around line 24)
+ * Now run configure in the base source directory. If you chose to enable
+ LDAP over SSL, you must append -lcrypto -lssl to the LIBS= line in the
+ file work.os/server/Makefile (replace os with your operating system,
+ linux-2.2 on my machine). You should now be able to type make to build
+ your DHCP server.
-Once you have DHCP installed, you will need to setup your initial plaintext
+If you choose to not enable LDAP over SSL, then you only need to run configure
+and make in the toplevel source directory.
+
+Once you have DHCP installed, you will need to setup your initial plaintext
config file. In my /etc/dhcpd.conf file, I have:
ldap-server "localhost";
@@ -54,23 +64,48 @@
ldap-password "blah";
ldap-base-dn "dc=ntelos, dc=net";
ldap-method dynamic;
+ldap-debug-file "/var/log/dhcp-ldap-startup.log";
+
+If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
+server trys to use TLS if possible, but continues without TLS if not.
+
+You can modify this behaviour using following option in /etc/dhcpd.conf:
+
+ldap-ssl <off | ldaps | start_tls | on>
+ off: disables TLS/LDAPS.
+ ldaps: enables LDAPS -- don't forget to set ldap-port to 636.
+ start_tls: enables TLS using START_TLS command
+ on: enables LDAPS if ldap-port is set to 636 or TLS in
+ other cases.
+
+See also "man 5 ldap.conf" for description the following TLS related
+options:
+ ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
+ ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
All of these parameters should be self explanatory except for the ldap-method.
-You can set this to static or dynamic. If you set it to static, the
-configuration is read once on startup, and LDAP isn't used anymore. But, if you
-set this to dynamic, the configuration is read once on startup, and the
-hosts that are stored in LDAP are looked up every time a DHCP request comes in.
+You can set this to static or dynamic. If you set it to static, the
+configuration is read once on startup, and LDAP isn't used anymore. But, if
+you set this to dynamic, the configuration is read once on startup, and the
+hosts that are stored in LDAP are looked up every time a DHCP request comes
+in.
+
+When the optional statement ldap-debug-file is specified, on startup the DHCP
+server will write out the configuration that it generated from LDAP. If you
+are getting errors about your LDAP configuration, this is a good place to
+start looking.
The next step is to set up your LDAP tree. Here is an example config that will
-give a 10.100.0.x address to machines that have a host entry in LDAP.
-Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace
-dc=ntelos, dc=net with your base dn). If you would like to convert your
-existing dhcpd.conf file to LDIF format, there is a script
-contrib/dhcpd-conf-to-ldap.pl that will convert it for you.
+give a 10.100.0.x address to machines that have a host entry in LDAP.
+Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace
+dc=ntelos, dc=net with your base dn). If you would like to convert your
+existing dhcpd.conf file to LDIF format, there is a script
+contrib/dhcpd-conf-to-ldap.pl that will convert it for you. Type
+dhcpd-conf-to-ldap.pl --help to see the usage information for this script.
# You must specify the server's host name in LDAP that you are going to run
-# DHCP on and point it to which config tree you want to use. Whenever DHCP
-# first starts up, it will do a search for this entry to find out which
+# DHCP on and point it to which config tree you want to use. Whenever DHCP
+# first starts up, it will do a search for this entry to find out which
# config to use
dn: cn=brian.ntelos.net, dc=ntelos, dc=net
objectClass: top
@@ -78,13 +113,13 @@
cn: brian.ntelos.net
dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
-# Here is the config tree that brian.ntelos.net points to.
+# Here is the config tree that brian.ntelos.net points to.
dn: cn=DHCP Service Config, dc=ntelos, dc=net
cn: DHCP Service Config
objectClass: top
objectClass: dhcpService
dhcpPrimaryDN: dc=ntelos, dc=net
-dhcpStatements: ddns-update-style ad-hoc
+dhcpStatements: ddns-update-style none
dhcpStatements: default-lease-time 600
dhcpStatements: max-lease-time 7200
@@ -94,7 +129,7 @@
objectClass: top
objectClass: dhcpSharedNetwork
-# Set up a subnet declaration with a pool statement. Also note that we have
+# Set up a subnet declaration with a pool statement. Also note that we have
# a dhcpOptions object with this entry
dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
cn: 10.100.0.0
@@ -107,7 +142,7 @@
dhcpOption: broadcast-address 10.100.0.255
dhcpNetMask: 24
-# Set up a pool for this subnet. Only known hosts will get these IPs
+# Set up a pool for this subnet. Only known hosts will get these IPs
dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
cn: Known Pool
objectClass: top
dhcp-3.1.0-ldap-configuration.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.1 -r 1.2 dhcp-3.1.0-ldap-configuration.patch
Index: dhcp-3.1.0-ldap-configuration.patch
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/devel/dhcp-3.1.0-ldap-configuration.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- dhcp-3.1.0-ldap-configuration.patch 23 Oct 2007 18:28:01 -0000 1.1
+++ dhcp-3.1.0-ldap-configuration.patch 12 Nov 2007 23:16:08 -0000 1.2
@@ -1,6 +1,6 @@
diff -up dhcp-3.1.0/server/mdb.c.ldap dhcp-3.1.0/server/mdb.c
--- dhcp-3.1.0/server/mdb.c.ldap 2007-06-08 14:57:02.000000000 -0400
-+++ dhcp-3.1.0/server/mdb.c 2007-10-22 16:29:48.000000000 -0400
++++ dhcp-3.1.0/server/mdb.c 2007-11-12 15:41:15.000000000 -0500
@@ -454,6 +454,12 @@ int find_hosts_by_haddr (struct host_dec
{
struct host_decl *foo;
@@ -14,21 +14,169 @@
h.hlen = hlen + 1;
h.hbuf [0] = htype;
+diff -up /dev/null dhcp-3.1.0/server/ldap_casa.c
+--- /dev/null 2007-11-12 10:55:50.854093917 -0500
++++ dhcp-3.1.0/server/ldap_casa.c 2007-11-12 15:41:15.000000000 -0500
+@@ -0,0 +1,138 @@
++/* ldap_casa.c
++
++ CASA routines for DHCPD... */
++
++/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC")
++ * Copyright (c) 1995-2003 Internet Software Consortium.
++ * Copyright (c) 2006 Novell, Inc.
++
++ * All rights reserved.
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ * 1.Redistributions of source code must retain the above copyright notice,
++ * this list of conditions and the following disclaimer.
++ * 2.Redistributions in binary form must reproduce the above copyright notice,
++ * this list of conditions and the following disclaimer in the documentation
++ * and/or other materials provided with the distribution.
++ * 3.Neither the name of ISC, ISC DHCP, nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++
++ * THIS SOFTWARE IS PROVIDED BY INTERNET SYSTEMS CONSORTIUM AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
++ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ISC OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
++ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++
++ * This file was written by S Kalyanasundaram <skalyanasundaram at novell.com>
++ */
++
++#if defined(LDAP_CASA_AUTH)
++#include "ldap_casa.h"
++#include "dhcpd.h"
++
++int
++load_casa (void)
++{
++ if( !(casaIDK = dlopen(MICASA_LIB,RTLD_LAZY)))
++ return 0;
++ p_miCASAGetCredential = (CASA_GetCredential_T) dlsym(casaIDK, "miCASAGetCredential");
++ p_miCASASetCredential = (CASA_SetCredential_T) dlsym(casaIDK, "miCASASetCredential");
++ p_miCASARemoveCredential = (CASA_RemoveCredential_T) dlsym(casaIDK, "miCASARemoveCredential");
++
++ if((p_miCASAGetCredential == NULL) ||
++ (p_miCASASetCredential == NULL) ||
++ (p_miCASARemoveCredential == NULL))
++ {
++ if(casaIDK)
++ dlclose(casaIDK);
++ casaIDK = NULL;
++ p_miCASAGetCredential = NULL;
++ p_miCASASetCredential = NULL;
++ p_miCASARemoveCredential = NULL;
++ return 0;
++ }
++ else
++ return 1;
++}
++
++static void
++release_casa(void)
++{
++ if(casaIDK)
++ {
++ dlclose(casaIDK);
++ casaIDK = NULL;
++ }
++
++ p_miCASAGetCredential = NULL;
++ p_miCASASetCredential = NULL;
++ p_miCASARemoveCredential = NULL;
++
++}
++
++int
++load_uname_pwd_from_miCASA (char **ldap_username, char **ldap_password)
++ {
++ int result = 0;
++ uint32_t credentialtype = SSCS_CRED_TYPE_SERVER_F;
++ SSCS_BASIC_CREDENTIAL credential;
++ SSCS_SECRET_ID_T applicationSecretId;
++ char *tempVar = NULL;
++
++ const char applicationName[10] = "dhcp-ldap";
++
++ if ( load_casa() )
++ {
++ memset(&credential, 0, sizeof(SSCS_BASIC_CREDENTIAL));
++ memset(&applicationSecretId, 0, sizeof(SSCS_SECRET_ID_T));
++
++ applicationSecretId.len = strlen(applicationName) + 1;
++ memcpy (applicationSecretId.id, applicationName, applicationSecretId.len);
++
++ credential.unFlags = USERNAME_TYPE_CN_F;
++
++ result = p_miCASAGetCredential (0,
++ &applicationSecretId,NULL,&credentialtype,
++ &credential,NULL);
++
++ if(credential.unLen)
++ {
++ tempVar = dmalloc (credential.unLen + 1, MDL);
++ if (!tempVar)
++ log_fatal ("no memory for ldap_username");
++ memcpy(tempVar , credential.username, credential.unLen);
++ *ldap_username = tempVar;
++
++ tempVar = dmalloc (credential.pwordLen + 1, MDL);
++ if (!tempVar)
++ log_fatal ("no memory for ldap_password");
++ memcpy(tempVar, credential.password, credential.pwordLen);
++ *ldap_password = tempVar;
++
++#if defined (DEBUG_LDAP)
++ log_info ("Authentication credential taken from CASA");
++#endif
++
++ release_casa();
++ return 1;
++
++ }
++ else
++ {
++ release_casa();
++ return 0;
++ }
++ }
++ else
++ return 0; //casa libraries not loaded
++ }
++
++#endif /* LDAP_CASA_AUTH */
++
diff -up dhcp-3.1.0/server/Makefile.dist.ldap dhcp-3.1.0/server/Makefile.dist
--- dhcp-3.1.0/server/Makefile.dist.ldap 2006-07-25 09:26:00.000000000 -0400
-+++ dhcp-3.1.0/server/Makefile.dist 2007-10-22 16:29:48.000000000 -0400
-@@ -25,9 +25,9 @@
++++ dhcp-3.1.0/server/Makefile.dist 2007-11-12 15:41:15.000000000 -0500
+@@ -25,14 +25,14 @@
CATMANPAGES = dhcpd.cat8 dhcpd.conf.cat5 dhcpd.leases.cat5
SEDMANPAGES = dhcpd.man8 dhcpd.conf.man5 dhcpd.leases.man5
SRCS = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
- omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c
-+ omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c ldap.c
++ omapi.c mdb.c stables.c salloc.c ddns.c dhcpleasequery.c ldap.c ldap_casa.c
OBJS = dhcpd.o dhcp.o bootp.o confpars.o db.o class.o failover.o \
- omapi.o mdb.o stables.o salloc.o ddns.o dhcpleasequery.o
-+ omapi.o mdb.o stables.o salloc.o ddns.o dhcpleasequery.o ldap.o
++ omapi.o mdb.o stables.o salloc.o ddns.o dhcpleasequery.o ldap.o ldap_casa.o
PROG = dhcpd
MAN = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes
+-DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst.a
++DHCPLIB = ../common/libdhcp.a $(BINDLIB) ../omapip/libomapi.a ../dst/libdst-nomd5.a
+ CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS)
+
+ all: $(PROG) $(CATMANPAGES)
@@ -106,6 +106,6 @@ dhcpd.leases.man5: dhcpd.leases.5
-e "s#RUNDIR#$(VARRUN)#g" < dhcpd.leases.5 >dhcpd.leases.man5
@@ -39,27 +187,32 @@
# Dependencies (semi-automatically-generated)
diff -up dhcp-3.1.0/server/dhcpd.c.ldap dhcp-3.1.0/server/dhcpd.c
--- dhcp-3.1.0/server/dhcpd.c.ldap 2007-05-29 13:49:44.000000000 -0400
-+++ dhcp-3.1.0/server/dhcpd.c 2007-10-22 16:29:48.000000000 -0400
-@@ -440,6 +440,9 @@ int main (argc, argv, envp)
++++ dhcp-3.1.0/server/dhcpd.c 2007-11-12 15:41:15.000000000 -0500
+@@ -440,6 +440,14 @@ int main (argc, argv, envp)
/* Add the ddns update style enumeration prior to parsing. */
add_enumeration (&ddns_styles);
[...2606 lines suppressed...]
@@ -1381,7 +2500,7 @@
+}
diff -up dhcp-3.1.0/includes/dhcpd.h.ldap dhcp-3.1.0/includes/dhcpd.h
--- dhcp-3.1.0/includes/dhcpd.h.ldap 2007-05-29 13:49:44.000000000 -0400
-+++ dhcp-3.1.0/includes/dhcpd.h 2007-10-22 16:29:56.000000000 -0400
++++ dhcp-3.1.0/includes/dhcpd.h 2007-11-12 15:41:15.000000000 -0500
@@ -81,6 +81,11 @@ typedef struct hash_table class_hash_t;
#include <isc-dhcp/result.h>
#include <omapip/omapip_p.h>
@@ -1403,7 +2522,7 @@
};
/* Variable-length array of data. */
-@@ -362,6 +369,26 @@ struct hardware {
+@@ -362,6 +369,32 @@ struct hardware {
u_int8_t hbuf [17];
};
@@ -1411,6 +2530,12 @@
+# define LDAP_BUFFER_SIZE 8192
+# define LDAP_METHOD_STATIC 0
+# define LDAP_METHOD_DYNAMIC 1
++#if defined (USE_SSL)
++# define LDAP_SSL_OFF 0
++# define LDAP_SSL_ON 1
++# define LDAP_SSL_TLS 2
++# define LDAP_SSL_LDAPS 3
++#endif
+
+/* This is a tree of the current configuration we are building from LDAP */
+struct ldap_config_stack {
@@ -1430,7 +2555,7 @@
typedef enum {
server_startup = 0,
server_running = 1,
-@@ -558,6 +585,15 @@ struct lease_state {
+@@ -558,6 +591,29 @@ struct lease_state {
# define DEFAULT_PING_TIMEOUT 1
#endif
@@ -1441,12 +2566,26 @@
+# define SV_LDAP_PASSWORD 50
+# define SV_LDAP_BASE_DN 51
+# define SV_LDAP_METHOD 52
++# define SV_LDAP_DEBUG_FILE 53
++# define SV_LDAP_DHCP_SERVER_CN 54
++# define SV_LDAP_REFERRALS 55
++#if defined (USE_SSL)
++# define SV_LDAP_SSL 56
++# define SV_LDAP_TLS_REQCERT 57
++# define SV_LDAP_TLS_CA_FILE 58
++# define SV_LDAP_TLS_CA_DIR 59
++# define SV_LDAP_TLS_CERT 60
++# define SV_LDAP_TLS_KEY 61
++# define SV_LDAP_TLS_CRLCHECK 62
++# define SV_LDAP_TLS_CIPHERS 63
++# define SV_LDAP_TLS_RANDFILE 64
++#endif
+#endif
+
#if !defined (DEFAULT_DEFAULT_LEASE_TIME)
# define DEFAULT_DEFAULT_LEASE_TIME 43200
#endif
-@@ -1702,7 +1738,7 @@ extern int db_time_format;
+@@ -1702,7 +1758,7 @@ extern int db_time_format;
char *quotify_string (const char *, const char *, int);
char *quotify_buf (const unsigned char *, unsigned, const char *, int);
char *print_base64 (const unsigned char *, unsigned, const char *, int);
@@ -1455,7 +2594,7 @@
void print_lease PROTO ((struct lease *));
void dump_raw PROTO ((const unsigned char *, unsigned));
void dump_packet_option (struct option_cache *, struct packet *,
-@@ -2812,3 +2848,13 @@ OMAPI_OBJECT_ALLOC_DECL (dhcp_failover_l
+@@ -2812,3 +2868,18 @@ OMAPI_OBJECT_ALLOC_DECL (dhcp_failover_l
#endif /* FAILOVER_PROTOCOL */
const char *binding_state_print (enum failover_state);
@@ -1463,6 +2602,11 @@
+/* ldap.c */
+#if defined(LDAP_CONFIGURATION)
+extern struct enumeration ldap_methods;
++#if defined (USE_SSL)
++extern struct enumeration ldap_ssl_usage_enum;
++extern struct enumeration ldap_tls_reqcert_enum;
++extern struct enumeration ldap_tls_crlcheck_enum;
++#endif
+isc_result_t ldap_read_config (void);
+int find_haddr_in_ldap (struct host_decl **, int, unsigned,
+ const unsigned char *, const char *, int);
@@ -1471,8 +2615,8 @@
+#endif
diff -up dhcp-3.1.0/includes/site.h.ldap dhcp-3.1.0/includes/site.h
--- dhcp-3.1.0/includes/site.h.ldap 2006-07-31 18:19:51.000000000 -0400
-+++ dhcp-3.1.0/includes/site.h 2007-10-22 16:29:48.000000000 -0400
-@@ -183,3 +183,13 @@
++++ dhcp-3.1.0/includes/site.h 2007-11-12 15:41:15.000000000 -0500
+@@ -183,3 +183,18 @@
traces. */
#define TRACING
@@ -1482,7 +2626,99 @@
+
+#define LDAP_CONFIGURATION
+
++/* Define this if you want to enable LDAP over a SSL connection. You will need
++ to add -lcrypto -lssl to the LIBS= line of server/Makefile */
++
++#define USE_SSL
++
+#define _PATH_DHCPD_DB "/var/lib/dhcpd/dhcpd.leases"
+#define _PATH_DHCLIENT_DB "/var/lib/dhclient/dhclient.leases"
+#define _PATH_DHCPD_DB "/var/lib/dhcpd/dhcpd.leases"
+#define _PATH_DHCLIENT_DB "/var/lib/dhclient/dhclient.leases"
+diff -up /dev/null dhcp-3.1.0/includes/ldap_casa.h
+--- /dev/null 2007-11-12 10:55:50.854093917 -0500
++++ dhcp-3.1.0/includes/ldap_casa.h 2007-11-12 15:41:15.000000000 -0500
+@@ -0,0 +1,83 @@
++/* ldap_casa.h
++
++ Definition for CASA modules... */
++
++/* Copyright (c) 2004 Internet Systems Consorium, Inc. ("ISC")
++ * Copyright (c) 1995-2003 Internet Software Consortium.
++ * Copyright (c) 2006 Novell, Inc.
++
++ * All rights reserved.
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions are met:
++ * 1.Redistributions of source code must retain the above copyright notice,
++ * this list of conditions and the following disclaimer.
++ * 2.Redistributions in binary form must reproduce the above copyright notice,
++ * this list of conditions and the following disclaimer in the documentation
++ * and/or other materials provided with the distribution.
++ * 3.Neither the name of ISC, ISC DHCP, nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++
++ * THIS SOFTWARE IS PROVIDED BY INTERNET SYSTEMS CONSORTIUM AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
++ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ISC OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
++ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGE.
++
++ * This file was written by S Kalyanasundaram <skalyanasundaram at novell.com>
++ */
++
++#if defined(LDAP_CASA_AUTH)
++#ifndef __LDAP_CASA_H__
++#define __LDAP_CASA_H__
++
++#include <micasa_mgmd.h>
++#include <dlfcn.h>
++#include <string.h>
++
++#define MICASA_LIB "libmicasa.so.1"
++
++SSCS_TYPEDEF_LIBCALL(int, CASA_GetCredential_T)
++(
++ uint32_t ssFlags,
++ SSCS_SECRET_ID_T *appSecretID,
++ SSCS_SECRET_ID_T *sharedSecretID,
++ uint32_t *credentialType,
++ void *credential,
++ SSCS_EXT_T *ext
++);
++SSCS_TYPEDEF_LIBCALL(int, CASA_SetCredential_T)
++(
++ uint32_t ssFlags,
++ SSCS_SECRET_ID_T *appSecretID,
++ SSCS_SECRET_ID_T *sharedSecretID,
++ uint32_t credentialType,
++ void *credential,
++ SSCS_EXT_T *ext
++);
++
++SSCS_TYPEDEF_LIBCALL(int, CASA_RemoveCredential_T)
++(
++ uint32_t ssFlags,
++ SSCS_SECRET_ID_T *appSecretID,
++ SSCS_SECRET_ID_T *sharedSecretID,
++ SSCS_EXT_T *ext
++);
++static CASA_GetCredential_T p_miCASAGetCredential = NULL;
++static CASA_SetCredential_T p_miCASASetCredential = NULL;
++static CASA_RemoveCredential_T p_miCASARemoveCredential = NULL;
++static void *casaIDK = NULL;
++
++int load_casa(void);
++static void release_casa(void);
++int load_uname_pwd_from_miCASA(char **, char **);
++
++#endif /* __LDAP_CASA_H__ */
++#endif /* LDAP_CASA_AUTH */
++
Index: dhcp.schema
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/devel/dhcp.schema,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- dhcp.schema 23 Oct 2007 18:28:01 -0000 1.1
+++ dhcp.schema 12 Nov 2007 23:16:08 -0000 1.2
@@ -82,7 +82,8 @@
DESC 'The distinguished name of a client address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
-attributetype ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN'
+attributetype ( 2.16.840.1.113719.1.203.4.15
+ NAME 'dhcpLeasesDN'
DESC 'The distinguished name(s) client addresses.'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
@@ -112,7 +113,8 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.20
- NAME 'dhcpVersion' DESC 'The version attribute of this object.'
+ NAME 'dhcpVersion'
+ DESC 'The version attribute of this object.'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
@@ -130,27 +132,27 @@
attributetype ( 2.16.840.1.113719.1.203.4.23
NAME 'dhcpExpirationTime'
- EQUALITY integerMatch
+ EQUALITY generalizedTimeMatch
DESC 'This is the time the current lease for an address expires.'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.24
NAME 'dhcpStartTimeOfState'
- EQUALITY integerMatch
+ EQUALITY generalizedTimeMatch
DESC 'This is the time of the last state change for a leased address.'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.25
NAME 'dhcpLastTransactionTime'
- EQUALITY integerMatch
+ EQUALITY generalizedTimeMatch
DESC 'This is the last time a valid DHCP packet was received from the client.'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.26
NAME 'dhcpBootpFlag'
- EQUALITY integerMatch
+ EQUALITY booleanMatch
DESC 'This indicates whether the address was assigned via BOOTP.'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.27
NAME 'dhcpDomainName'
@@ -190,9 +192,9 @@
attributetype ( 2.16.840.1.113719.1.203.4.33
NAME 'dhcpRelayAgentInfo'
- EQUALITY caseIgnoreIA5Match
+ EQUALITY octetStringMatch
DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request. This is a hex-encoded option value.'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.34
NAME 'dhcpHWAddress'
@@ -202,9 +204,9 @@
attributetype ( 2.16.840.1.113719.1.203.4.35
NAME 'dhcpHashBucketAssignment'
- EQUALITY caseIgnoreIA5Match
+ EQUALITY octetStringMatch
DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.36
NAME 'dhcpDelayedServiceParameter'
@@ -220,9 +222,9 @@
attributetype ( 2.16.840.1.113719.1.203.4.38
NAME 'dhcpFailOverEndpointState'
- EQUALITY integerMatch
+ EQUALITY caseIgnoreIA5Match
DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.39
NAME 'dhcpErrorLog'
@@ -230,41 +232,137 @@
DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+attributetype ( 2.16.840.1.113719.1.203.4.40
+ NAME 'dhcpLocatorDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.41
+ NAME 'dhcpKeyAlgorithm'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Algorithm to generate TSIG Key'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.42
+ NAME 'dhcpKeySecret'
+ EQUALITY octetStringMatch
+ DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.43
+ NAME 'dhcpDnsZoneServer'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Master server of the DNS Zone'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.44
+ NAME 'dhcpKeyDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+attributetype ( 2.16.840.1.113719.1.203.4.45
+ NAME 'dhcpZoneDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+attributetype ( 2.16.840.1.113719.1.203.4.46
+ NAME 'dhcpFailOverPrimaryServer'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.47
+ NAME 'dhcpFailOverSecondaryServer'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.48
+ NAME 'dhcpFailOverPrimaryPort'
+ EQUALITY integerMatch
+ DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.49
+ NAME 'dhcpFailOverSecondaryPort'
+ EQUALITY integerMatch
+ DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.50
+ NAME 'dhcpFailOverResponseDelay'
+ EQUALITY integerMatch
+ DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.51
+ NAME 'dhcpFailOverUnackedUpdates'
+ EQUALITY integerMatch
+ DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.52
+ NAME 'dhcpFailOverSplit'
+ EQUALITY integerMatch
+ DESC 'Split between the primary and secondary servers for fail over purpose'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.53
+ NAME 'dhcpFailOverLoadBalanceTime'
+ EQUALITY integerMatch
+ DESC 'Cutoff time in seconds, after which load balance is disabled'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.54
+ NAME 'dhcpFailOverPeerDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+#List of all servers in the tree
+attributetype ( 2.16.840.1.113719.1.203.4.55
+ NAME 'dhcpServerDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.56
+ NAME 'dhcpComments'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Generic attribute that allows coments within any DHCP object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
# Classes
objectclass ( 2.16.840.1.113719.1.203.6.1
NAME 'dhcpService'
DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
SUP top
- MUST (cn $ dhcpPrimaryDN)
- MAY ( dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $
- dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $
- dhcpStatements ) )
+ MUST (cn)
+ MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
objectclass ( 2.16.840.1.113719.1.203.6.2
NAME 'dhcpSharedNetwork'
DESC 'This stores configuration information for a shared network.'
SUP top
MUST cn
- MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements)
- X-NDS_CONTAINMENT ('dhcpService' ) )
+ MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.3
NAME 'dhcpSubnet'
DESC 'This class defines a subnet. This is a container object.'
SUP top
MUST ( cn $ dhcpNetMask )
- MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $
- dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements)
- X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
+ MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.4
NAME 'dhcpPool'
DESC 'This stores configuration information about a pool.'
SUP top
MUST ( cn $ dhcpRange )
- MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $
- dhcpStatements)
+ MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.5
@@ -272,7 +370,7 @@
DESC 'Group object that lists host DNs and parameters. This is a container object.'
SUP top
MUST cn
- MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements )
+ MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.6
@@ -280,7 +378,7 @@
DESC 'This represents information about a particular client'
SUP top
MUST cn
- MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements)
+ MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
objectclass ( 2.16.840.1.113719.1.203.6.7
@@ -288,7 +386,7 @@
DESC 'Represents information about a collection of related clients.'
SUP top
MUST cn
- MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements)
+ MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
objectclass ( 2.16.840.1.113719.1.203.6.8
@@ -296,29 +394,22 @@
DESC 'Represents information about a collection of related classes.'
SUP top
MUST cn
- MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements)
- X-NDS_CONTAINMENT 'dhcpClass' )
+ MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
objectclass ( 2.16.840.1.113719.1.203.6.9
NAME 'dhcpOptions'
DESC 'Represents information about a collection of options defined.'
- SUP top
- AUXILIARY
+ SUP top AUXILIARY
MUST cn
- MAY ( dhcpOption )
- X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet'
- 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
+ MAY ( dhcpOption $ dhcpComments )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
objectclass ( 2.16.840.1.113719.1.203.6.10
NAME 'dhcpLeases'
DESC 'This class represents an IP Address, which may or may not have been leased.'
SUP top
MUST ( cn $ dhcpAddressState )
- MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $
- dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $
- dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $
- dhcpReservedForClient $ dhcpAssignedToClient $
- dhcpRelayAgentInfo $ dhcpHWAddress )
+ MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
objectclass ( 2.16.840.1.113719.1.203.6.11
@@ -326,19 +417,46 @@
DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.'
SUP top
MUST ( cn )
- MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $
- dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $
- dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $
- dhcpReservedForClient $ dhcpAssignedToClient $
- dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
- X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet'
- 'dhcpSharedNetwork' 'dhcpService' ) )
+ MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
+ X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.12
NAME 'dhcpServer'
DESC 'DHCP Server Object'
SUP top
- MUST (cn $ dhcpServiceDN)
- MAY (dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements)
- X-NDS_CONTAINMENT ('o' 'ou' 'dc') )
+ MUST ( cn )
+ MAY (dhcpServiceDN $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption)
+ X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.13
+ NAME 'dhcpTSigKey'
+ DESC 'TSIG key for secure dynamic updates'
+ SUP top
+ MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret )
+ MAY ( dhcpComments )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.14
+ NAME 'dhcpDnsZone'
+ DESC 'DNS Zone for updating leases'
+ SUP top
+ MUST (cn $ dhcpDnsZoneServer )
+ MAY (dhcpKeyDN $ dhcpComments)
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.15
+ NAME 'dhcpFailOverPeer'
+ DESC 'This class defines the Fail over peer'
+ SUP top
+ MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.16
+ NAME 'dhcpLocator'
+ DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
+ SUP top
+ MUST ( cn )
+ MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments)
+ X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
+
Index: dhcp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/devel/dhcp.spec,v
retrieving revision 1.182
retrieving revision 1.183
diff -u -r1.182 -r1.183
--- dhcp.spec 27 Oct 2007 01:39:13 -0000 1.182
+++ dhcp.spec 12 Nov 2007 23:16:08 -0000 1.183
@@ -13,7 +13,7 @@
Summary: DHCP (Dynamic Host Configuration Protocol) server and relay agent
Name: dhcp
Version: 3.1.0
-Release: 7%{?dist}
+Release: 8%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer made
# incorrect use of the epoch and that's why it is at 12 now. It should have
# never been used, but it was. So we are stuck with it.
@@ -35,6 +35,13 @@
Source11: dhcp4client.h
Source12: libdhcp_control.h
Source13: dhcp.schema
+Source14: dhclient-script.8
+Source15: dhclient.8
+Source16: dhclient.conf.5
+Source17: dhcp-options.5
+Source18: dhcpctl.3
+Source19: dhcpd.conf.5
+Source20: get-ldap-patch.sh
Patch0: %{name}-3.0.5-Makefile.patch
Patch1: %{name}-3.0.5-errwarn-message.patch
@@ -51,17 +58,19 @@
Patch12: %{name}-3.1.0-dhclient-usage.patch
Patch13: %{name}-3.0.5-default-requested-options.patch
Patch14: %{name}-3.0.5-prototypes.patch
-Patch15: %{name}-3.0.6-manpages.patch
-Patch16: %{name}-3.1.0-libdhcp4client.patch
-Patch17: %{name}-3.1.0-xen-checksum.patch
-Patch18: %{name}-3.1.0-dhclient-anycast.patch
-Patch19: %{name}-3.0.6-ignore-hyphen-x.patch
-Patch20: %{name}-3.1.0-warnings.patch
+Patch15: %{name}-3.1.0-libdhcp4client.patch
+Patch16: %{name}-3.1.0-xen-checksum.patch
+Patch17: %{name}-3.1.0-dhclient-anycast.patch
+Patch18: %{name}-3.0.6-ignore-hyphen-x.patch
+Patch19: %{name}-3.1.0-warnings.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: groff
BuildRequires: openldap-devel
+# For /etc/openldap/schema (and slapd, if you're using that with dhcpd)
+Requires: openldap-servers
+
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
@@ -208,30 +217,20 @@
# in minires/res_init.c: add res_randomid()
%patch14 -p1 -b .prototypes
-# Man page updates explaining new features added from the above patches.
-# Normally these man page changes would be included in the feature patch,
-# however, man page changes generate more hunk failures when applying only
-# a select set of patches. Instead, the man page changes are grouped
-# together in one patch so changes can be made to just those more easily
-# and not affect the code changes in the other patches. It's actually
-# pretty common to update or alter these man pages independent of the code
-# changes.
-%patch15 -p1 -b .manpages
-
# Add the libdhcp4client target (library version of dhclient)
-%patch16 -p1 -b .libdhcp4client
+%patch15 -p1 -b .libdhcp4client
# Handle Xen partial UDP checksums
-%patch17 -p1 -b .xen
+%patch16 -p1 -b .xen
# Add anycast support to dhclient (for OLPC)
-%patch18 -p1 -b .anycast
+%patch17 -p1 -b .anycast
# Ignore the old extended new option info command line switch (-x)
-%patch19 -p1 -b .enoi
+%patch18 -p1 -b .enoi
# Fix up anything that fails -Wall -Werror
-%patch20 -p1 -b .warnings
+%patch19 -p1 -b .warnings
# Copy in documentation and example scripts for LDAP patch to dhcpd
%{__install} -p -m 0644 %{SOURCE6} .
@@ -263,6 +262,17 @@
%{__sed} -i -e 's/\r//' __fedora_contrib/ms2isc/Registry.perlmodule
%{__sed} -i -e 's/\r//' __fedora_contrib/ms2isc/ms2isc.pl
+# Copy in our modified man pages
+%{__install} -p -m 0644 %{SOURCE14} client/dhclient-script.8
+%{__install} -p -m 0644 %{SOURCE15} client/dhclient.8
+%{__install} -p -m 0644 %{SOURCE16} client/dhclient.conf.5
+%{__install} -p -m 0644 %{SOURCE17} common/dhcp-options.5
+%{__install} -p -m 0644 %{SOURCE18} dhcpctl/dhcpctl.3
+%{__install} -p -m 0644 %{SOURCE19} server/dhcpd.conf.5
+
+# Replace @PRODUCTNAME@ in dhcp-options.5
+%{__sed} -i -e 's|@PRODUCTNAME@|%{vvendor}|g' common/dhcp-options.5
+
%build
%{__cp} %{SOURCE1} .
%{__cat} <<EOF > site.conf
@@ -328,8 +338,8 @@
%{__cp} -fp %{SOURCE4} %{buildroot}%{_sysconfdir}
# Install dhcp.schema for LDAP configuration
-%{__mkdir} -p %{buildroot}%{_sysconfdir}/openldap
-%{__install} -p -m 0644 -D %{SOURCE13} %{buildroot}%{_sysconfdir}/openldap/
+%{__mkdir} -p %{buildroot}%{_sysconfdir}/openldap/schema
+%{__install} -p -m 0644 -D %{SOURCE13} %{buildroot}%{_sysconfdir}/openldap/schema
%{__install} -p -m 0644 -D libdhcp4client.pc %{buildroot}%{_libdir}/pkgconfig/libdhcp4client.pc
@@ -377,7 +387,7 @@
%config(noreplace) %{_sysconfdir}/sysconfig/dhcpd
%config(noreplace) %{_sysconfdir}/sysconfig/dhcrelay
%config(noreplace) %{_sysconfdir}/dhcpd.conf
-%config(noreplace) %{_sysconfdir}/openldap/dhcp.schema
+%config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema
%{_initrddir}/dhcpd
%{_initrddir}/dhcrelay
%{_bindir}/omshell
@@ -430,6 +440,16 @@
%{_libdir}/libdhcp4client.a
%changelog
+* Mon Nov 12 2007 David Cantrell <dcantrell at redhat.com> - 12:3.1.0-8
+- Put dhcp.schema in /etc/openldap/schema (#330471)
+- Remove manpages patch and keep modified man pages as Source files
+- Improve dhclient.8 man page to list options in a style consistent
+ with most other man pages on the planet
+- Upgrade to latest dhcp LDAP patch, which brings in a new dhcpd-conf-to-ldap
+ script, updated schema file, and other bug fixes including SSL support for
+ LDAP authentication (#375711)
+- Do not run dhcpd and dhcrelay services by default (#362321)
+
* Fri Oct 26 2007 David Cantrell <dcantrell at redhat.com> - 12:3.1.0-7
- libdhcp4client-devel requires openldap-devel
Index: dhcpd-conf-to-ldap
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/devel/dhcpd-conf-to-ldap,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- dhcpd-conf-to-ldap 11 Apr 2007 19:38:56 -0000 1.5
+++ dhcpd-conf-to-ldap 12 Nov 2007 23:16:08 -0000 1.6
@@ -11,9 +11,59 @@
# This script does not do much error checking. Make sure before you run this
# that the DHCP server doesn't give any errors about your config file
-use Sys::Hostname;
+# FailOver notes:
+# Failover is disabled by default, since it may need manually intervention.
+# You can try the '--use=failover' option to see what happens :-)
+#
+# If enabled, the failover pool references will be written to LDIF output.
+# The failover configs itself will be added to the dhcpServer statements
+# and not to the dhcpService object (since this script uses only one and
+# it may be usefull to have multiple service containers in failover mode).
+# Further, this script does not check if primary or secondary makes sense,
+# it simply converts what it gets...
+
+use Net::Domain qw(hostname hostfqdn hostdomain);
+use Getopt::Long;
+
+my $domain = hostdomain(); # your.domain
+my $basedn = "dc=".$domain;
+ $basedn =~ s/\./,dc=/g; # dc=your,dc=domain
+my $server = hostname(); # hostname (nodename)
+my $dhcpcn = 'DHCP Config'; # CN of DHCP config tree
+my $dhcpdn = "cn=$dhcpcn, $basedn"; # DHCP config tree DN
+my $second = ''; # secondary server DN / hostname
+my $i_conf = ''; # dhcp.conf file to read or stdin
+my $o_ldif = ''; # output ldif file name or stdout
+my @use = (); # extended flags (failover)
+
+sub usage($;$)
+{
+ my $rc = shift;
+ my $err= shift;
+
+ print STDERR "Error: $err\n\n" if(defined $err);
+ print STDERR <<__EOF_USAGE__;
+usage:
+ $0 [options] < dhcpd.conf > dhcpd.ldif
+
+options:
+
+ --basedn "dc=your,dc=domain" ("$basedn")
+
+ --dhcpdn "dhcp config DN" ("$dhcpdn")
+
+ --server "dhcp server name" ("$server")
+
+ --second "secondary server or DN" ("$second")
+
+ --conf "/path/to/dhcpd.conf" (default is stdin)
+ --ldif "/path/to/output.ldif" (default is stdout)
+
+ --use "extended features" (see source comments)
+__EOF_USAGE__
+ exit($rc);
+}
-my $basedn = "dc=ntelos, dc=net";
sub next_token
{
@@ -39,6 +89,14 @@
if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/)
{
+ if ($token =~ /^"/) {
+ #handle quoted token
+ if ($token !~ /"\s*$/)
+ {
+ ($tok, $newline) = $newline =~ /([^"]+")(.*)/;
+ $token .= " $tok";
+ }
+ }
$line = $newline;
}
else
@@ -56,14 +114,16 @@
sub remaining_line
{
+ local ($block) = shift || 0;
local ($tmp, $str);
$str = "";
- while (($tmp = next_token (0)))
+ while (defined($tmp = next_token (0)))
{
$str .= ' ' if !($str eq "");
$str .= $tmp;
last if $tmp =~ /;\s*$/;
+ last if($block and $tmp =~ /\s*[}{]\s*$/);
}
$str =~ s/;$//;
@@ -102,16 +162,25 @@
if (!defined ($curentry{'type'}))
{
- $host = hostname ();
- $hostdn = "cn=$host, $basedn";
+ $hostdn = "cn=$server, $basedn";
print "dn: $hostdn\n";
+ print "cn: $server\n";
print "objectClass: top\n";
print "objectClass: dhcpServer\n";
- print "cn: $host\n";
- print "dhcpServiceDN: $current_dn\n\n";
+ print "dhcpServiceDN: $current_dn\n";
+ if(grep(/FaIlOvEr/i, @use))
+ {
+ foreach my $fo_peer (keys %failover)
+ {
+ next if(scalar(@{$failover{$fo_peer}}) <= 1);
+ print "dhcpStatements: failover peer $fo_peer { ",
+ join('; ', @{$failover{$fo_peer}}), "; }\n";
+ }
+ }
+ print "\n";
print "dn: $current_dn\n";
- print "cn: DHCP Config\n";
+ print "cn: $dhcpcn\n";
print "objectClass: top\n";
print "objectClass: dhcpService\n";
if (defined ($curentry{'options'}))
@@ -119,6 +188,10 @@
print "objectClass: dhcpOptions\n";
}
print "dhcpPrimaryDN: $hostdn\n";
+ if(grep(/FaIlOvEr/i, @use) and ($second ne ''))
+ {
+ print "dhcpSecondaryDN: $second\n";
+ }
}
elsif ($curentry{'type'} eq 'subnet')
{
@@ -132,9 +205,12 @@
}
print "dhcpNetMask: " . $curentry{'netmask'} . "\n";
- if (defined ($curentry{'range'}))
+ if (defined ($curentry{'ranges'}))
{
- print "dhcpRange: " . $curentry{'range'} . "\n";
+ foreach $statement (@{$curentry{'ranges'}})
+ {
+ print "dhcpRange: $statement\n";
+ }
}
}
elsif ($curentry{'type'} eq 'shared-network')
@@ -151,7 +227,7 @@
elsif ($curentry{'type'} eq 'group')
{
print "dn: $current_dn\n";
- print "cn: group\n";
+ print "cn: group", $curentry{'idx'}, "\n";
print "objectClass: top\n";
print "objectClass: dhcpGroup\n";
if (defined ($curentry{'options'}))
@@ -172,13 +248,14 @@
if (defined ($curentry{'hwaddress'}))
{
+ $curentry{'hwaddress'} =~ y/[A-Z]/[a-z]/;
print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n";
}
}
elsif ($curentry{'type'} eq 'pool')
{
print "dn: $current_dn\n";
- print "cn: pool\n";
+ print "cn: pool", $curentry{'idx'}, "\n";
print "objectClass: top\n";
print "objectClass: dhcpPool\n";
if (defined ($curentry{'options'}))
@@ -186,9 +263,12 @@
print "objectClass: dhcpOptions\n";
}
- if (defined ($curentry{'range'}))
+ if (defined ($curentry{'ranges'}))
{
- print "dhcpRange: " . $curentry{'range'} . "\n";
+ foreach $statement (@{$curentry{'ranges'}})
+ {
+ print "dhcpRange: $statement\n";
+ }
}
}
elsif ($curentry{'type'} eq 'class')
@@ -285,6 +365,8 @@
$curentry{'type'} = 'subnet';
$curentry{'ip'} = $ip;
$curentry{'netmask'} = $netmask;
+ $cursubnet = $ip;
+ $curcounter{$ip} = { pool => 0, group => 0 };
}
@@ -336,8 +418,16 @@
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
- add_dn_to_stack ("cn=group");
+ my $idx;
+ if(exists($curcounter{$cursubnet})) {
+ $idx = ++$curcounter{$cursubnet}->{'group'};
+ } else {
+ $idx = ++$curcounter{''}->{'group'};
+ }
+
+ add_dn_to_stack ("cn=group".$idx);
$curentry{'type'} = 'group';
+ $curentry{'idx'} = $idx;
}
@@ -351,8 +441,16 @@
parse_error () if !defined ($tmp);
parse_error () if !($tmp eq '{');
- add_dn_to_stack ("cn=pool");
+ my $idx;
+ if(exists($curcounter{$cursubnet})) {
+ $idx = ++$curcounter{$cursubnet}->{'pool'};
+ } else {
+ $idx = ++$curcounter{''}->{'pool'};
+ }
+
+ add_dn_to_stack ("cn=pool".$idx);
$curentry{'type'} = 'pool';
+ $curentry{'idx'} = $idx;
}
@@ -403,10 +501,10 @@
{
local ($type, $hw, $tmp);
- $type = next_token (0);
+ $type = next_token (1);
parse_error () if !defined ($type);
- $hw = next_token (0);
+ $hw = next_token (1);
parse_error () if !defined ($hw);
$hw =~ s/;$//;
@@ -423,7 +521,7 @@
if (!($str eq ''))
{
$str =~ s/;$//;
- $curentry{'range'} = $str;
+ push (@{$curentry{'ranges'}}, $str);
}
}
@@ -438,6 +536,65 @@
$str = remaining_line ();
push (@{$curentry{'options'}}, $str);
}
+ elsif($token eq 'failover')
+ {
+ $str = remaining_line (1); # take care on block
+ if($str =~ /[{]/)
+ {
+ my ($peername, @statements);
+
+ parse_error() if($str !~ /^\s*peer\s+(.+?)\s+[{]\s*$/);
+ parse_error() if(($peername = $1) !~ /^\"?[^\"]+\"?$/);
+
+ #
+ # failover config block found:
+ # e.g. 'failover peer "some-name" {'
+ #
+ if(not grep(/FaIlOvEr/i, @use))
+ {
+ print STDERR "Warning: Failover config 'peer $peername' found!\n";
+ print STDERR " Skipping it, since failover disabled!\n";
+ print STDERR " You may try out --use=failover option.\n";
+ }
+
+ until($str =~ /[}]/ or $str eq "")
+ {
+ $str = remaining_line (1);
+ # collect all statements, except ending '}'
+ push(@statements, $str) if($str !~ /[}]/);
+ }
+ $failover{$peername} = [@statements];
+ }
+ else
+ {
+ #
+ # pool reference to failover config is fine
+ # e.g. 'failover peer "some-name";'
+ #
+ if(not grep(/FaIlOvEr/i, @use))
+ {
+ print STDERR "Warning: Failover reference '$str' found!\n";
+ print STDERR " Skipping it, since failover disabled!\n";
+ print STDERR " You may try out --use=failover option.\n";
+ }
+ else
+ {
+ push (@{$curentry{'statements'}}, $token. " " . $str);
+ }
+ }
+ }
+ elsif($token eq 'zone')
+ {
+ $str = $token;
+ while($str !~ /}$/) {
+ $str .= ' ' . next_token (0);
+ }
+ push (@{$curentry{'statements'}}, $str);
+ }
+ elsif($token =~ /^(authoritative)[;]*$/)
+ {
+ push (@{$curentry{'statements'}}, $1);
+ }
else
{
$str = $token . " " . remaining_line ();
@@ -446,21 +603,103 @@
}
+my $ok = GetOptions(
+ 'basedn=s' => \$basedn,
+ 'dhcpdn=s' => \$dhcpdn,
+ 'server=s' => \$server,
+ 'second=s' => \$second,
+ 'conf=s' => \$i_conf,
+ 'ldif=s' => \$o_ldif,
+ 'use=s' => \@use,
+ 'h|help|usage' => sub { usage(0); },
+);
+
+unless($server =~ /^\w+/)
+ {
+ usage(1, "invalid server name '$server'");
+ }
+unless($basedn =~ /^\w+=[^,]+/)
+ {
+ usage(1, "invalid base dn '$basedn'");
+ }
+
+if($dhcpdn =~ /^cn=([^,]+)/i)
+ {
+ $dhcpcn = "$1";
+ }
+$second = '' if not defined $second;
+unless($second eq '' or $second =~ /^cn=[^,]+\s*,\s*\w+=[^,]+/i)
+ {
+ if($second =~ /^cn=[^,]+$/i)
+ {
+ # relative DN 'cn=name'
+ $second = "$second, $basedn";
+ }
+ elsif($second =~ /^\w+/)
+ {
+ # assume hostname only
+ $second = "cn=$second, $basedn";
+ }
+ else
+ {
+ usage(1, "invalid secondary '$second'")
+ }
+ }
+
+usage(1) unless($ok);
+
+if($i_conf ne "" and -f $i_conf)
+ {
+ if(not open(STDIN, '<', $i_conf))
+ {
+ print STDERR "Error: can't open conf file '$i_conf': $!\n";
+ exit(1);
+ }
+ }
+if($o_ldif ne "")
+ {
+ if(-e $o_ldif)
+ {
+ print STDERR "Error: output ldif name '$o_ldif' already exists!\n";
+ exit(1);
+ }
+ if(not open(STDOUT, '>', $o_ldif))
+ {
+ print STDERR "Error: can't open ldif file '$o_ldif': $!\n";
+ exit(1);
+ }
+ }
+
+
+print STDERR "Creating LDAP Configuration with the following options:\n";
+print STDERR "\tBase DN: $basedn\n";
+print STDERR "\tDHCP DN: $dhcpdn\n";
+print STDERR "\tServer DN: cn=$server, $basedn\n";
+print STDERR "\tSecondary DN: $second\n"
+ if(grep(/FaIlOvEr/i, @use) and $second ne '');
+print STDERR "\n";
+
my $token;
my $token_number = 0;
my $line_number = 0;
my %curentry;
+my $cursubnet = '';
+my %curcounter = ( '' => { pool => 0, group => 0 } );
-$current_dn = "cn=DHCP Config, $basedn";
-$curentry{'descr'} = 'DHCP Config';
+$current_dn = "$dhcpdn";
+$curentry{'descr'} = $dhcpcn;
$line = '';
+%failover = ();
while (($token = next_token (1)))
{
if ($token eq '}')
{
print_entry () if %curentry;
- remove_dn_from_stack ();
+ if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
+ # don't go below dhcpdn ...
+ remove_dn_from_stack ();
+ }
}
elsif ($token eq 'subnet')
{
@@ -514,4 +753,8 @@
}
}
+close(STDIN) if($i_conf);
+close(STDOUT) if($o_ldif);
+
+print STDERR "Done.\n";
Index: dhcpd.init
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/devel/dhcpd.init,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- dhcpd.init 24 Oct 2007 17:47:43 -0000 1.20
+++ dhcpd.init 12 Nov 2007 23:16:08 -0000 1.21
@@ -2,8 +2,8 @@
#
### BEGIN INIT INFO
# Provides: dhcpd
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
+# Default-Start:
+# Default-Stop:
# Should-Start:
# Required-Start: $network
# Required-Stop:
@@ -14,7 +14,7 @@
#
# The fields below are left around for legacy tools (will remove later).
#
-# chkconfig: - 65 35
+# chkconfig: -
# description: dhcpd provides the Dynamic Host Configuration Protocol (DHCP) \
# server
# processname: dhcpd
@@ -30,6 +30,7 @@
dhcpd=/usr/sbin/dhcpd
lockfile=/var/lock/subsys/dhcpd
pidfile=/var/run/dhcpd.pid
+statedir=/var/lib/dhcpd
[ -f /etc/sysconfig/dhcpd ] && . /etc/sysconfig/dhcpd
@@ -50,10 +51,10 @@
conf="$(findConfig "$DHCPDARGS")"
-if [ ! -f /var/lib/dhcpd/dhcpd.leases ] ; then
- mkdir -p /var/lib/dhcpd
- touch /var/lib/dhcpd/dhcpd.leases
- [ -x /sbin/restorecon ] && [ -d /selinux ] && /sbin/restorecon /var/lib/dhcpd/dhcpd.leases >/dev/null 2>&1
+if [ ! -f $statedir/dhcpd.leases ] ; then
+ mkdir -p $statedir
+ touch $statedir/dhcpd.leases
+ [ -x /sbin/restorecon ] && [ -d /selinux ] && /sbin/restorecon $statedir/dhcpd.leases >/dev/null 2>&1
fi
configtest() {
Index: dhcrelay.init
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/devel/dhcrelay.init,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- dhcrelay.init 8 Oct 2007 17:58:17 -0000 1.5
+++ dhcrelay.init 12 Nov 2007 23:16:08 -0000 1.6
@@ -2,8 +2,8 @@
#
### BEGIN INIT INFO
# Provides: dhcrelay
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
+# Default-Start:
+# Default-Stop:
# Should-Start:
# Required-Start: $network
# Required-Stop:
@@ -15,7 +15,7 @@
#
# The fields below are left around for legacy tools (will remove later).
#
-# chkconfig: - 66 34
+# chkconfig: -
# description: dhcrelay provides a relay for Dynamic Host Control Protocol.
# processname: dhcrelay
# # pidfile: /var/run/dhcrelay.pid
--- dhcp-3.0.6-manpages.patch DELETED ---
- Previous message (by thread): rpms/selinux-policy/F-7 policy-20070501.patch, 1.74, 1.75 selinux-policy.spec, 1.504, 1.505
- Next message (by thread): rpms/sugar/OLPC-2 .cvsignore, 1.78, 1.79 sources, 1.87, 1.88 sugar.spec, 1.99, 1.100
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list