[#3831] Checkpoint: code done, UTs to be updated

2025-08-31 22:15:23 +00:00 · 2025-05-15 20:25:24 +02:00
parent 0e25831cf8
commit 01dc6e538c
9 changed files with 79 additions and 20 deletions
--- a/doc/sphinx/arm/ctrl-channel.rst
+++ b/doc/sphinx/arm/ctrl-channel.rst
@@ -532,6 +532,12 @@ An example command invocation looks like this:
       }
   }
 .. note::
    As of Kea 2.7.9, the config file file may only be written to the same
    directory as the config file used when starting Kea (passed as a ``-c``
    argument).
 .. isccmd:: leases-reclaim
 .. _command-leases-reclaim:
--- a/src/bin/dhcp4/ctrl_dhcp4_srv.cc
+++ b/src/bin/dhcp4/ctrl_dhcp4_srv.cc
@@ -290,11 +290,18 @@ ControlledDhcpv4Srv::commandConfigWriteHandler(const string&,
        // filename parameter was not specified, so let's use whatever we remember
        // from the command-line
        filename = getConfigFile();
-    }
+        if (filename.empty()) {
-
+            return (createAnswer(CONTROL_RESULT_ERROR, "Unable to determine filename."
-    if (filename.empty()) {
+                                 "Please specify filename explicitly."));
-        return (createAnswer(CONTROL_RESULT_ERROR, "Unable to determine filename."
+        }
-                             "Please specify filename explicitly."));
+    } else {
        try {
            checkWriteConfigFile(filename);
        } catch (const isc::Exception& ex) {
            return (createAnswer(CONTROL_RESULT_ERROR,
                                 string("not allowed to write config into ") +
                                 filename));
        }
    }
    // Ok, it's time to write the file.
--- a/src/bin/dhcp4/ctrl_dhcp4_srv.h
+++ b/src/bin/dhcp4/ctrl_dhcp4_srv.h
@@ -179,9 +179,9 @@ private:
    /// current configuration to disk. This command takes one optional
    /// parameter called filename. If specified, the current configuration
    /// will be written to that file. If not specified, the file used during
-    /// Kea start-up will be used. To avoid any exploits, the path is
+    /// Kea start-up will be used. To avoid any exploits, the target
-    /// always relative and .. is not allowed in the filename. This is
+    /// directory must be the same as a security measure against
-    /// a security measure against exploiting file writes remotely.
+    /// exploiting file writes remotely.
    ///
    /// @param command (ignored)
    /// @param args may contain optional string argument filename
--- a/src/bin/dhcp6/ctrl_dhcp6_srv.cc
+++ b/src/bin/dhcp6/ctrl_dhcp6_srv.cc
@@ -293,11 +293,18 @@ ControlledDhcpv6Srv::commandConfigWriteHandler(const string&,
        // filename parameter was not specified, so let's use whatever we remember
        // from the command-line
        filename = getConfigFile();
-    }
+        if (filename.empty()) {
-
+            return (createAnswer(CONTROL_RESULT_ERROR, "Unable to determine filename."
-    if (filename.empty()) {
+                                 "Please specify filename explicitly."));
-        return (createAnswer(CONTROL_RESULT_ERROR, "Unable to determine filename."
+        }
-                             "Please specify filename explicitly."));
+    } else {
        try {
            checkWriteConfigFile(filename);
        } catch (const isc::Exception& ex) {
            return (createAnswer(CONTROL_RESULT_ERROR,
                                 string("not allowed to write config into ") +
                                 filename));
        }
    }
    // Ok, it's time to write the file.
--- a/src/bin/dhcp6/ctrl_dhcp6_srv.h
+++ b/src/bin/dhcp6/ctrl_dhcp6_srv.h
@@ -179,9 +179,9 @@ private:
    /// current configuration to disk. This command takes one optional
    /// parameter called filename. If specified, the current configuration
    /// will be written to that file. If not specified, the file used during
-    /// Kea start-up will be used. To avoid any exploits, the path is
+    /// Kea start-up will be used. To avoid any exploits, the target
-    /// always relative and .. is not allowed in the filename. This is
+    /// directory must be the same as a security measure against
-    /// a security measure against exploiting file writes remotely.
+    /// exploiting file writes remotely.
    ///
    /// @param command (ignored)
    /// @param args may contain optional string argument filename
--- a/src/lib/process/d_controller.cc
+++ b/src/lib/process/d_controller.cc
@@ -508,13 +508,21 @@ DControllerBase::configWriteHandler(const std::string&,
                                 "Unable to determine filename."
                                 "Please specify filename explicitly."));
        }
    } else {
        try {
            checkWriteConfigFile(filename);
        } catch (const isc::Exception& ex) {
            return (createAnswer(CONTROL_RESULT_ERROR,
                                 std::string("not allowed to write config into ") +
                                 filename));
        }
    }
    // Ok, it's time to write the file.
    size_t size = 0;
    ElementPtr cfg = process_->getCfgMgr()->getContext()->toElement();
    try {
        ElementPtr cfg = process_->getCfgMgr()->getContext()->toElement();
        size = writeConfigFile(filename, cfg);
    } catch (const isc::Exception& ex) {
        return (createAnswer(CONTROL_RESULT_ERROR,
--- a/src/lib/process/d_controller.h
+++ b/src/lib/process/d_controller.h
@@ -283,9 +283,9 @@ public:
    /// current configuration to disk. This command takes one optional
    /// parameter called filename. If specified, the current configuration
    /// will be written to that file. If not specified, the file used during
-    /// Kea start-up will be used. To avoid any exploits, the path is
+    /// Kea start-up will be used. To avoid any exploits, the target
-    /// always relative and .. is not allowed in the filename. This is
+    /// directory must be the same as a security measure against
-    /// a security measure against exploiting file writes remotely.
+    /// exploiting file writes remotely.
    ///
    /// @param command (ignored)
    /// @param args may contain optional string argument filename
--- a/src/lib/process/daemon.cc
+++ b/src/lib/process/daemon.cc
@@ -125,6 +125,28 @@ Daemon::checkConfigFile() const {
    }
 }
 void
 Daemon::checkWriteConfigFile(std::string& file) {
    Path path(file);
    // from checkConfigFile().
    if (path.stem().empty()) {
        isc_throw(isc::BadValue, "config file:" << file
                  << " is missing file name");
    }
    Path current(config_file_);
    if (current.parentPath() == path.parentPath()) {
        // Same paths!
        return;
    }
    if (path.parentPath().empty()) {
        // Note the current path can't be empty here.
        file = current.parentPath() + "/" + file;
        return;
    }
    isc_throw(isc::BadValue, "file " << file << " must be in the same "
              << "directory as the config file (" << config_file_ << "'");
 }
 std::string
 Daemon::getProcName() {
    return (proc_name_);
--- a/src/lib/process/daemon.h
+++ b/src/lib/process/daemon.h
@@ -139,6 +139,15 @@ public:
    /// @throw BadValue when the configuration file name is bad.
    void checkConfigFile() const;
    /// @brief Checks the to-be-written configuration file name.
    ///
    /// @note As a side effect prepend the current config file path
    /// when the name does not contain a slash.
    ///
    /// @param[in][out] file Reference to the TBW configuration file name.
    /// @throw BadValue when not in the same directory.
    void checkWriteConfigFile(std::string& file);
    /// @brief Writes current configuration to specified file
    ///
    /// This method writes the current configuration to specified file.