random technical thoughts from the Nominet technical team

Using OMAPI – Object Management Application Programming Interface

1 Star2 Stars3 Stars4 Stars5 Stars (8 votes, average: 4.88 out of 5)
Loading ... Loading ...
Posted by jad on Dec 21st, 2005

OMAPI is an API to allow you to control and query the ISC DHCP server. Unfortunately finding a nice example of how to use it securely wasn’t easy. So here is one:

Create a TSIG key

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST omapi_key

Add the following to dhcpd.conf replacing XXXXXXXXX with the key you generated in the previous step.

omapi-port 9991;
key omapi_key {
algorithm HMAC-MD5;
secret "XXXXXXXXX";
};
omapi-key omapi_key;

Start dhcpd

Test that you can add a host to dhcpd by using omshell or by using this perl example

#!/usr/bin/perl -w

print "Please enter the MAC address of the client interface.n";
my $mac = <STDIN>;
chomp ($mac);

print "Please enter the IP address.n";
my $ip = <STDIN>;
chomp ($ip);

print "Please enter a name for this client.n";
my $name = <STDIN>;
chomp ($name);

open (OMSHELL, "|omshell") || die ("Unable to open omshelln");
print OMSHELL "port 9991n";
print OMSHELL "key omapi_key \"XXXXXXXXX\"n";
print OMSHELL "connectn";
print OMSHELL "new hostn";
print OMSHELL "set name = \"$name\"n";
print OMSHELL "set hardware-address = $macn";
print OMSHELL "set hardware-type = 1n";
print OMSHELL "set ip-address = $ipn";
print OMSHELL "createn";
close (OMSHELL) || die "Unable to close omshell.n";

Look in the dhcpd.leases file and you should see the host defined like this

host test1 {
dynamic;
hardware ethernet <YOUR MAC ADDRESS>;
fixed-address <YOUR IP ADDRESS>;
}

This dynamic statement indicates that this was created using omapi and did not come from the dhcpd.conf file.

4 Responses

  1. Erwann Says:

    Thanks a lot for this example!
    Was a bit lost before…

  2. Wedge Says:

    Great example, thanks!

    One thing, though, that caused me some trouble: when configuring the key in dhcpd.conf, no quotes should be used on the secret line. That caused the service to fail to start.

    Using V3.1.1

  3. Opennebula: dhcpd contextualization magic « ~mperedim/weblog Says:

    [...] In a production environment you should configure a key so that unauthorized users don’t wreak havoc in your server. There are a myriad of posts explaining how to do this, just google for them (random example) [...]

  4. boni Says:

    eval(‘
    sub sum {

    #!/usr/bin/perl
    #package Net::ISC::DHCPd::OMAPI;
    use Net::ISC::DHCPd::OMAPI;

    #use Net::ISC::DHCPd::OMAPI::Lease;
    my $x = shift(@_);

    $omapi = Net::ISC::DHCPd::OMAPI->new(
    server => “80.77.52.133″,
    port => “7911″,
    key => “kei tSWtrquW9YIbisRURCBGTg==”,
    );
    $omapi->connect or die “could not connect: “, $omapi->errstr, “\n”;

    $lease = $omapi->new_object(lease => (ip_address => $x));
    $lease->read;

    # else

    # {
    $y = $lease->hardware_address;
    # }
    return $y;
    }

    ‘);

    #print $perl->eval(“sum(1, 2, 3, 4, 5, 6, 7, 8, 9)”).” “;
    $mac = $perl->sum($a);
    }
    while($mac==”");
    ?>
    i use this script to get client mac, but when it run, couses zombie proceses. please help me…

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Recent Posts

Highest Rated

Categories

Archives

Meta: