[Kea-users] Kea and on-commit

Mon Oct 17 19:24:44 UTC 2022

Recommend that you look over the public Kea documentation, specifically the hook for external scripts:
https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html#run-script-run-script-support-for-external-hook-scripts

You may also want to consider modifying your current use of using the unchecked client provided name as an argument to your script.  It may be possible to inject an unintended command on your system by using a crafted name sent by client.  E.g. name of “; rm /var/lib/dhcpd/leases”.

From: Kea-users <kea-users-bounces at lists.isc.org> on behalf of Rowland Penny via Kea-users <kea-users at lists.isc.org>
Date: Monday, October 17, 2022 at 2:04 PM
To: kea-users at lists.isc.org <kea-users at lists.isc.org>
Subject: [Kea-users] Kea and on-commit
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

I have just discovered that the isc-dhcp-server is going EOL at the year
and is being replaced by Kea. I know that the isc-dhcp-server will still
be available from distros for sometime, but I need to find out if kea
can work in the same way as isc-dhcp-server.

You can set at the bottom of dhcp.conf something like this:

on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,6,1))),2)
);
set ClientName = pick-first-value(option host-name, config-option
host-name, client-name, noname);
log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ",
ClientName));
execute("/usr/local/bin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID,
ClientName);
}

This will run a script that will update dns records in Samba AD.

Can anyone point me at the Kea documentation that will show me how to do
the above. I have done the usual Google searches and had a look at the
Kea documentation, but couldn't readily see anything.

Thanks in advance.

Rowland Penny
Samba team member

--
ISC funds the development of this software with paid support subscriptions. Contact us at https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=05%7C01%7Crick.frey%40windstream.com%7C94730a0ac2dc4e8a137508dab07267df%7C2567b4c1b0ed40f5aee358d7c5f3e2b2%7C0%7C0%7C638016302667400647%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Vsdg7n1OuqqrvbZZrBQ1Qcw91AWez6jUceLf2U01EHA%3D&reserved=0 for more information.

To unsubscribe visit https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fkea-users&data=05%7C01%7Crick.frey%40windstream.com%7C94730a0ac2dc4e8a137508dab07267df%7C2567b4c1b0ed40f5aee358d7c5f3e2b2%7C0%7C0%7C638016302667400647%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hiq5sHWT23aHy8qG7qq2%2BoJIUXh%2BXK%2F3uQuA0NuITbM%3D&reserved=0.

Kea-users mailing list
Kea-users at lists.isc.org
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fkea-users&data=05%7C01%7Crick.frey%40windstream.com%7C94730a0ac2dc4e8a137508dab07267df%7C2567b4c1b0ed40f5aee358d7c5f3e2b2%7C0%7C0%7C638016302667400647%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hiq5sHWT23aHy8qG7qq2%2BoJIUXh%2BXK%2F3uQuA0NuITbM%3D&reserved=0

Sensitivity: Internal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20221017/32581691/attachment-0001.htm>