Added authentication support. The tsig_key structure has been renamed

to auth_key and moved into libomapi.  libomapi now depends on libres,
which contains the data signing routines.

5 files changed, 125 insertions, 23 deletions

diff --git a/dhcpctl/Makefile.dist b/dhcpctl/Makefile.dist
index 24c875c5..03206b5d 100644
--- a/dhcpctl/Makefile.dist
+++ b/dhcpctl/Makefile.dist
@@ -30,13 +30,13 @@ CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS)
 
 all:	libdhcpctl.a svtest cltest $(CATMANPAGES)
 
-svtest:	test.o libdhcpctl.a ../omapip/libomapi.a
+svtest:	test.o libdhcpctl.a ../omapip/libomapi.a $(BINDLIB)
 	$(CC) $(DEBUG) $(LFLAGS) -o svtest test.o libdhcpctl.a \
-			../omapip/libomapi.a $(LIBS)
+			../omapip/libomapi.a $(BINDLIB) $(LIBS)
 
-cltest:	cltest.o libdhcpctl.a ../omapip/libomapi.a
+cltest:	cltest.o libdhcpctl.a ../omapip/libomapi.a $(BINDLIB)
 	$(CC) $(DEBUG) $(LFLAGS) -o cltest cltest.o libdhcpctl.a \
-			../omapip/libomapi.a $(LIBS)
+			../omapip/libomapi.a $(BINDLIB) $(LIBS)
 
 libdhcpctl.a:	$(OBJ)
 	rm -f libdhcpctl.a
diff --git a/dhcpctl/cltest.c b/dhcpctl/cltest.c
index 904f037e..cc4bba83 100644
--- a/dhcpctl/cltest.c
+++ b/dhcpctl/cltest.c
@@ -46,30 +46,61 @@
 
 int main (int, char **);
 
-enum modes { up, down };
+enum modes { up, down, undefined };
+
+static void usage (char *s) {
+	fprintf (stderr,
+		 "Usage: %s [-n <username>] [-p <password>] [-a <algorithm>]"
+		 "(-u | -d) <if>\n", s);
+	exit (1);
+}
 
 int main (argc, argv)
 	int argc;
 	char **argv;
 {
 	isc_result_t status, waitstatus;
+	dhcpctl_handle authenticator;
 	dhcpctl_handle connection;
 	dhcpctl_handle host_handle, group_handle, interface_handle;
 	dhcpctl_data_string cid;
 	dhcpctl_data_string result, groupname, identifier;
 	int i;
-	int mode;
+	int mode = undefined;
+	char *name = 0, *pass = 0, *algorithm = "hmac-md5", *interface = 0;
 	const char *action;
-
-	if (!strcmp (argv [1], "-u")) {
-		mode = up;
-	} else if (!strcmp (argv [1], "-d")) {
-		mode = down;
-	} else {
-		fprintf (stderr, "Unknown switch \"%s\"\n", argv [1]);
-		exit (1);
+	
+	for (i = 1; i < argc; i++) {
+		if (!strcmp (argv[i], "-u")) {
+			mode = up;
+		} else if (!strcmp (argv [1], "-d")) {
+			mode = down;
+		} else if (!strcmp (argv[i], "-n")) {
+			if (++i == argc)
+				usage(argv[0]);
+			name = argv[i];
+		} else if (!strcmp (argv[i], "-p")) {
+			if (++i == argc)
+				usage(argv[0]);
+			pass = argv[i];
+		} else if (!strcmp (argv[i], "-a")) {
+			if (++i == argc)
+				usage(argv[0]);
+			algorithm = argv[i];
+		} else if (argv[i][0] == '-') {
+			usage(argv[0]);
+		} else {
+			interface = argv[i];
+		}
 	}
 
+	if (!interface)
+		usage(argv[0]);
+	if (mode == undefined)
+		usage(argv[0]);
+	if ((name || pass) && !(name && pass))
+		usage(argv[0]);
+
 	status = dhcpctl_initialize ();
 	if (status != ISC_R_SUCCESS) {
 		fprintf (stderr, "dhcpctl_initialize: %s\n",
@@ -77,16 +108,29 @@ int main (argc, argv)
 		exit (1);
 	}
 
-	memset (&connection, 0, sizeof connection);
+	authenticator = dhcpctl_null_handle;
+
+	if (name) {
+		status = dhcpctl_new_authenticator (&authenticator,
+						    name, algorithm, pass,
+						    strlen (pass) + 1);
+		if (status != ISC_R_SUCCESS) {
+			fprintf (stderr, "Cannot create authenticator: %s\n",
+				 isc_result_totext (status));
+			exit (1);
+		}
+	}
+
+	connection = dhcpctl_null_handle;
 	status = dhcpctl_connect (&connection, "127.0.0.1", 7911,
-				  (dhcpctl_handle)0);
+				  authenticator);
 	if (status != ISC_R_SUCCESS) {
 		fprintf (stderr, "dhcpctl_connect: %s\n",
 			 isc_result_totext (status));
 		exit (1);
 	}
 
-	memset (&interface_handle, 0, sizeof interface_handle);
+	interface_handle = dhcpctl_null_handle;
 	status = dhcpctl_new_object (&interface_handle,
 				     connection, "interface");
 	if (status != ISC_R_SUCCESS) {
@@ -95,7 +139,8 @@ int main (argc, argv)
 		exit (1);
 	}
 
-	status = dhcpctl_set_string_value (interface_handle, argv [2], "name");
+	status = dhcpctl_set_string_value (interface_handle,
+					   interface, "name");
 	if (status != ISC_R_SUCCESS) {
 		fprintf (stderr, "dhcpctl_set_value: %s\n",
 			 isc_result_totext (status));
@@ -104,7 +149,7 @@ int main (argc, argv)
 
 	if (mode == up) {
 		/* "up" the interface */
-		printf ("upping interface %s\n", argv [2]);
+		printf ("upping interface %s\n", interface);
 		action = "create";
 		status = dhcpctl_open_object (interface_handle, connection,
 					      DHCPCTL_CREATE | DHCPCTL_EXCL);
@@ -115,7 +160,7 @@ int main (argc, argv)
 		}
 	} else {
 		/* down the interface */
-		printf ("downing interface %s\n", argv [2]);
+		printf ("downing interface %s\n", interface);
 		action = "remove";
 		status = dhcpctl_open_object (interface_handle, connection, 0);
 		if (status != ISC_R_SUCCESS) {
diff --git a/dhcpctl/dhcpctl.c b/dhcpctl/dhcpctl.c
index 2a8e7bfb..cf1a6014 100644
--- a/dhcpctl/dhcpctl.c
+++ b/dhcpctl/dhcpctl.c
@@ -91,6 +91,7 @@ dhcpctl_status dhcpctl_connect (dhcpctl_handle *connection,
 				dhcpctl_handle authinfo)
 {
 	isc_result_t status;
+	dhcpctl_status waitstatus;
 
 	status = omapi_generic_new (connection, MDL);
 	if (status != ISC_R_SUCCESS) {
diff --git a/dhcpctl/dhcpctl.h b/dhcpctl/dhcpctl.h
index 8eb9c812..afe70a2c 100644
--- a/dhcpctl/dhcpctl.h
+++ b/dhcpctl/dhcpctl.h
@@ -50,9 +50,11 @@ typedef isc_result_t dhcpctl_status;
 typedef omapi_object_t *dhcpctl_handle;
 typedef omapi_data_string_t *dhcpctl_data_string;
 
-#define DHCPCTL_CREATE		1
-#define DHCPCTL_UPDATE		2
-#define DHCPCTL_EXCL		4
+#define dhcpctl_null_handle ((dhcpctl_handle) 0)
+
+#define DHCPCTL_CREATE		OMAPI_CREATE
+#define DHCPCTL_UPDATE		OMAPI_UPDATE
+#define DHCPCTL_EXCL		OMAPI_EXCL
 
 typedef struct {
 	OMAPI_OBJECT_PREAMBLE;
@@ -105,6 +107,10 @@ isc_result_t dhcpctl_callback_stuff_values (omapi_object_t *,
 					    omapi_object_t *,
 					    omapi_object_t *);
 
+dhcpctl_status dhcpctl_new_authenticator (dhcpctl_handle *,
+					  const char *, const char *,
+					  const char *, unsigned);
+
 dhcpctl_status dhcpctl_open_object (dhcpctl_handle, dhcpctl_handle, int);
 dhcpctl_status dhcpctl_new_object (dhcpctl_handle *,
 				   dhcpctl_handle, const char *);
diff --git a/dhcpctl/remote.c b/dhcpctl/remote.c
index 07a6e1d1..54650874 100644
--- a/dhcpctl/remote.c
+++ b/dhcpctl/remote.c
@@ -44,6 +44,56 @@
 #include <omapip/omapip_p.h>
 #include "dhcpctl.h"
 
+/* dhcpctl_new_authenticator
+
+   synchronous - creates an authenticator object.
+   returns nonzero status code if the object couldn't be created
+   stores handle to authenticator through h if successful, and returns zero.
+   name is the authenticator name (NUL-terminated string).
+   algorithm is the NUL-terminated string name of the algorithm to use
+   (currently, only "hmac-md5" is supported).
+   secret and secret_len is the key secret. */
+
+dhcpctl_status dhcpctl_new_authenticator (dhcpctl_handle *h,
+					  const char *name,
+					  const char *algorithm,
+					  const char *secret,
+					  unsigned secret_len)
+{
+	struct auth_key *key = (struct auth_key *)0;
+	isc_result_t status;
+
+	status = omapi_auth_key_new (&key, MDL);
+	if (status != ISC_R_SUCCESS)
+		return status;
+
+	key -> name = dmalloc (strlen (name) + 1, MDL);
+	if (!key -> name) {
+		omapi_auth_key_dereference (&key, MDL);
+		return ISC_R_NOMEMORY;
+	}
+	strcpy (key -> name, name);
+
+	key -> algorithm = dmalloc (strlen (algorithm) + 1, MDL);
+	if (!key -> algorithm) {
+		omapi_auth_key_dereference (&key, MDL);
+		return ISC_R_NOMEMORY;
+	}
+	strcpy (key -> algorithm, algorithm);
+
+	status = omapi_data_string_new (&key -> key, secret_len, MDL);
+	if (status != ISC_R_SUCCESS) {
+		omapi_auth_key_dereference (&key, MDL);
+		return status;
+	}
+	memcpy (key -> key -> value, secret, secret_len);
+	key -> key -> len = secret_len;
+
+	*h = (dhcpctl_handle) key;
+	return ISC_R_SUCCESS;
+}
+
+
 /* dhcpctl_new_object
 
    synchronous - creates a local handle for a host entry.