Using OMAPI - Object Management Application Programming Interface
(7 votes, average: 4.86 out of 5)
Loading ...Posted by jad on Dec 21st, 2005
OMAPI is an API to allow you to control and query the ISC DHCP server. Unfortunately finding a nice example of how to use it securely wasn’t easy. So here is one:
Create a TSIG key
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST omapi_key
Add the following to dhcpd.conf replacing XXXXXXXXX with the key you generated in the previous step.
omapi-port 9991;
key omapi_key {
algorithm HMAC-MD5;
secret "XXXXXXXXX";
};
omapi-key omapi_key;
Start dhcpd
Test that you can add a host to dhcpd by using omshell or by using this perl example
#!/usr/bin/perl -w
print "Please enter the MAC address of the client interface.n";
my $mac = <STDIN>;
chomp ($mac);
print "Please enter the IP address.n";
my $ip = <STDIN>;
chomp ($ip);
print "Please enter a name for this client.n";
my $name = <STDIN>;
chomp ($name);
open (OMSHELL, "|omshell") || die ("Unable to open omshelln");
print OMSHELL "port 9991n";
print OMSHELL "key omapi_key \"XXXXXXXXX\"n";
print OMSHELL "connectn";
print OMSHELL "new hostn";
print OMSHELL "set name = \"$name\"n";
print OMSHELL "set hardware-address = $macn";
print OMSHELL "set hardware-type = 1n";
print OMSHELL "set ip-address = $ipn";
print OMSHELL "createn";
close (OMSHELL) || die "Unable to close omshell.n";
Look in the dhcpd.leases file and you should see the host defined like this
host test1 {
dynamic;
hardware ethernet <YOUR MAC ADDRESS>;
fixed-address <YOUR IP ADDRESS>;
}
This dynamic statement indicates that this was created using omapi and did not come from the dhcpd.conf file.
May 3rd, 2006 at 4:09 pm
Thanks a lot for this example!
Was a bit lost before…
October 14th, 2010 at 11:41 pm
Great example, thanks!
One thing, though, that caused me some trouble: when configuring the key in dhcpd.conf, no quotes should be used on the secret line. That caused the service to fail to start.
Using V3.1.1
February 17th, 2011 at 11:50 am
[…] In a production environment you should configure a key so that unauthorized users don’t wreak havoc in your server. There are a myriad of posts explaining how to do this, just google for them (random example) […]
September 29th, 2011 at 11:46 am
eval(’
sub sum {
#!/usr/bin/perl
#package Net::ISC::DHCPd::OMAPI;
use Net::ISC::DHCPd::OMAPI;
#use Net::ISC::DHCPd::OMAPI::Lease;
my $x = shift(@_);
$omapi = Net::ISC::DHCPd::OMAPI->new(
server => “80.77.52.133″,
port => “7911″,
key => “kei tSWtrquW9YIbisRURCBGTg==”,
);
$omapi->connect or die “could not connect: “, $omapi->errstr, “\n”;
$lease = $omapi->new_object(lease => (ip_address => $x));
$lease->read;
# else
# {
$y = $lease->hardware_address;
# }
return $y;
}
‘);
#print $perl->eval(”sum(1, 2, 3, 4, 5, 6, 7, 8, 9)”).” “;
$mac = $perl->sum($a);
}
while($mac==”");
?>
i use this script to get client mac, but when it run, couses zombie proceses. please help me…