Skip to content

OMSHELL Fails when using SHA512/256 as the option

name: Bug report
about: Create a report to help us improve

Describe the bug I compiled the dhcpd 4.4.2 from source on the ISC website and then created a key using dnnsec-keygen, but I can not get omshell to work with a key besides MD5. I have tired this on Redhat 7.9, and CENTOS 8.2 (server with a gui standard installation), but can not get the omshell to accept the configuration, in anything besides MD5, I tried SHA1, SHA256 and SHA512. I generated keys using dnnsec-keygen, i.e. dnssec-keygen -r /dev/urandom -a HMAC-SHA512 -b 512 -n USER myomapi_key. The dhcpd was build using the following using --enable-paranoia --enable-debug.

To Reproduce Steps to reproduce the behavior:

  1. Run dhcp (which daemon? dhcpd, dhcrelay, dhclient?) with the following config 'Using Systemd to run the dhcpd daemon with the following command: /usr/local/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -lf /var/lib/dhcpd/dhcpd.leases -user dhcpd -group dhcpd --no-pid'
  2. I log into the omshell, manually (this will be scripted at a later point), server localhost port 7911 key-algorithm HMAC-SHA512 key myomapi_key "MYKEYGOESHERE...…" connect
  3. The server allows the connection dhcpd[19236]: omapi_set_value (type, 13 20ce4fc) dhcpd[19236]: ==> success dhcpd[19236]: omapi_set_value (name, 8 20ce5cc) dhcpd[19236]: ==> success dhcpd[19236]: omapi_set_value (algorithm, 28 20ce6ec) dhcpd[19236]: ==> success dhcpd[19236]: omapi_set_value (op, 3) dhcpd[19236]: ==> success dhcpd[19236]: omapi_set_value (rid, 321157262) dhcpd[19236]: ==> success dhcpd[19236]: omapi_set_value (handle, 1) dhcpd[19236]: ==> success dhcpd[19236]: omapi_set_value (object, authenticator) dhcpd[19236]: ==> success
  4. I then attempt to make a new host using omshell new host set name= "Myhostname: set hardware-address = MAC-ADDRESSS set hardware-type = 1 set ip-address = 10.0.0.1 create I then receive the following error: omapi_set_value (op, 1) ==> success omapi_set_value (object, dhcpctl-remote) ==> success omapi_set_value (create, 1) ==> success omapi_set_value (exclusive, 1) ==> success omapi_set_value (type, host) ==> success omapi_set_value (output-authenticator, authenticator) ==> invalid argument can't open object: invalid argument

Expected behavior The expected behavior is that the omshell command will create the host reservation in the dhcpd.leases file, the same commands work if I switch the key and key algorithm to MD5, just not any other HMAC type.

Environment:

  • ISC DHCP version: dhcpd --version isc-dhcpd-4.4.2
  • OS: Red Hat Enterprise Linux Server release 7.9 (Maipo), and entOS Linux release 8.2.2004 (Core)
  • Which features were compiled in: --enable-paranoia and --enable-debug

Additional Information Config file is omapi-port 7911; key myomapi_key { algorithm hmac-sha512; secret "MYKEYWASMREMOVEDFROMHERE"; }; omapi-key xcat_key; shared-network ens3 { subnet 10.0.0.0 netmask 255.0.0.0 { authoritative; max-lease-time 43200; min-lease-time 43200; default-lease-time 43200; option routers 10.0.0.1; next-server 10.0.0.1; option log-servers 10.0.0.1; option ntp-servers 10.0.0.1; option domain-name "tesbed.dom"; option domain-name-servers 8.8.8.8; option interface-mtu 1500; zone testbed.dom. { primary 8.8.8.8; myomapi_key; } range dynamic-bootp 10.0.0.202 10.0.0.251; } # 10.0.0.0/8 subnet_end } # virbr1 nic_end

Make sure you anonymize your config files (at the very lease make sure you obfuscate your database credentials, but you may also replace your actual IP addresses and host names with example.com and 10.0.0.0/8 or 2001:db8::/32).

Some initial questions

  • the feature was added in 4.4.2
  • Have you discussed your idea on dhcp-users and/or dhcp-workers mailing lists? No

Contacting you How can ISC reach you to discuss this matter further? If you do not specify any means such as e-mail, jabber id or a telephone, we may send you a message on github with questions when we have them.