From c914106a9558cfe58aa83f1855782e4f9782a590 Mon Sep 17 00:00:00 2001 From: Samveen Date: Sat, 8 Aug 2020 11:12:35 +0530 Subject: [PATCH 1/2] [xCAT-server]Change DNS/DHCP control key algorithm MD5 -> SHA512 --- xCAT-server/lib/xcat/plugins/ddns.pm | 4 ++-- xCAT-server/lib/xcat/plugins/dhcp.pm | 16 ++++++++-------- xCAT-server/share/xcat/tools/dhcpop | 1 + 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/xCAT-server/lib/xcat/plugins/ddns.pm b/xCAT-server/lib/xcat/plugins/ddns.pm index 0b7b272b54..ad337785ad 100644 --- a/xCAT-server/lib/xcat/plugins/ddns.pm +++ b/xCAT-server/lib/xcat/plugins/ddns.pm @@ -1244,7 +1244,7 @@ sub update_namedconf { if ($ctx->{privkey}) { #for now, assume the field is correct - #push @newnamed,"key xcat_key {\n","\talgorithm hmac-md5;\n","\tsecret \"".$ctx->{privkey}."\";\n","};\n\n"; + #push @newnamed,"key xcat_key {\n","\talgorithm hmac-sha512;\n","\tsecret \"".$ctx->{privkey}."\";\n","};\n\n"; push @newnamed, $line; do { $i++; @@ -1351,7 +1351,7 @@ sub update_namedconf { $ctx->{privkey} = encode_base64(genpassword(32)); chomp($ctx->{privkey}); } - push @newnamed, "key xcat_key {\n", "\talgorithm hmac-md5;\n", "\tsecret \"" . $ctx->{privkey} . "\";\n", "};\n\n"; + push @newnamed, "key xcat_key {\n", "\talgorithm hmac-sha512;\n", "\tsecret \"" . $ctx->{privkey} . "\";\n", "};\n\n"; $ctx->{restartneeded} = 1; } } diff --git a/xCAT-server/lib/xcat/plugins/dhcp.pm b/xCAT-server/lib/xcat/plugins/dhcp.pm index b20080960b..969370efde 100644 --- a/xCAT-server/lib/xcat/plugins/dhcp.pm +++ b/xCAT-server/lib/xcat/plugins/dhcp.pm @@ -193,6 +193,7 @@ sub listnode print $OMIN "key " . $omapiuser . " \"" . $omapikey . "\"\n"; + print $OMIN "key-algorithm HMAC-SHA512\n"; print $OMIN "connect\n"; print $OMIN "new host\n"; @@ -258,6 +259,7 @@ sub listnode print $OMIN6 "key " . $omapiuser . " \"" . $omapikey . "\"\n"; + print $OMIN6 "key-algorithm HMAC-SHA512\n"; print $OMIN6 "connect\n"; print $OMIN6 "new host\n"; @@ -2035,19 +2037,17 @@ sub process_request print $omshell "key " . $ent->{username} . " \"" . $ent->{password} . "\"\n"; - if ($::XCATSITEVALS{externaldhcpservers}) { - print $omshell "server $::XCATSITEVALS{externaldhcpservers}\n"; - } + print $omshell "key-algorithm HMAC-SHA512\n"; + print $omshell "server $::XCATSITEVALS{externaldhcpservers}\n" if($::XCATSITEVALS{externaldhcpservers}); print $omshell "connect\n"; if ($usingipv6) { open($omshell6, "|/usr/bin/omshell > /dev/null"); - if ($::XCATSITEVALS{externaldhcpservers}) { - print $omshell "server $::XCATSITEVALS{externaldhcpservers}\n"; - } + print $omshell "server $::XCATSITEVALS{externaldhcpservers}\n" if($::XCATSITEVALS{externaldhcpservers}); print $omshell6 "port 7912\n"; print $omshell6 "key " . $ent->{username} . " \"" . $ent->{password} . "\"\n"; + print $omshell6 "key-algorithm HMAC-SHA512\n"; print $omshell6 "connect\n"; } } @@ -2963,7 +2963,7 @@ sub newconfig6 { # push @dhcp6conf, "update-static-leases on;\n"; push @dhcp6conf, "omapi-port 7912;\n"; #Enable omapi... push @dhcp6conf, "key xcat_key {\n"; - push @dhcp6conf, " algorithm hmac-md5;\n"; + push @dhcp6conf, " algorithm hmac-sha512;\n"; my $passtab = xCAT::Table->new('passwd', -create => 1); (my $passent) = $passtab->getAttribs({ key => 'omapi', username => 'xcat_key' }, 'password'); @@ -3026,7 +3026,7 @@ sub newconfig push @dhcpconf, "\n"; push @dhcpconf, "omapi-port 7911;\n"; #Enable omapi... push @dhcpconf, "key xcat_key {\n"; - push @dhcpconf, " algorithm hmac-md5;\n"; + push @dhcpconf, " algorithm hmac-sha512;\n"; (my $passent) = $passtab->getAttribs({ key => 'omapi', username => 'xcat_key' }, 'password'); my $secret = encode_base64(genpassword(32)); #Random from set of 62^32 diff --git a/xCAT-server/share/xcat/tools/dhcpop b/xCAT-server/share/xcat/tools/dhcpop index ef22e45572..3dfe723781 100755 --- a/xCAT-server/share/xcat/tools/dhcpop +++ b/xCAT-server/share/xcat/tools/dhcpop @@ -39,6 +39,7 @@ if($help){ print $omshell "key " . $id . " \"" . $passwd . "\"\n"; + print $omshell "key-algorithm HMAC-SHA512\n"; print $omshell "connect\n"; if($hostname){ From 4a0826ce365f959541b3b9b95bea73947d7b1de8 Mon Sep 17 00:00:00 2001 From: Samveen Date: Sat, 8 Aug 2020 11:20:47 +0530 Subject: [PATCH 2/2] fix whitespace type --- xCAT-server/lib/xcat/plugins/dhcp.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xCAT-server/lib/xcat/plugins/dhcp.pm b/xCAT-server/lib/xcat/plugins/dhcp.pm index 969370efde..76ff2fe6b3 100644 --- a/xCAT-server/lib/xcat/plugins/dhcp.pm +++ b/xCAT-server/lib/xcat/plugins/dhcp.pm @@ -2042,7 +2042,7 @@ sub process_request print $omshell "connect\n"; if ($usingipv6) { open($omshell6, "|/usr/bin/omshell > /dev/null"); - print $omshell "server $::XCATSITEVALS{externaldhcpservers}\n" if($::XCATSITEVALS{externaldhcpservers}); + print $omshell "server $::XCATSITEVALS{externaldhcpservers}\n" if($::XCATSITEVALS{externaldhcpservers}); print $omshell6 "port 7912\n"; print $omshell6 "key " . $ent->{username} . " \""