diff --git a/src/hooks/dhcp/bootp/Makefile.am b/src/hooks/dhcp/bootp/Makefile.am index de796531e4..c673df5d7e 100644 --- a/src/hooks/dhcp/bootp/Makefile.am +++ b/src/hooks/dhcp/bootp/Makefile.am @@ -30,6 +30,7 @@ libdhcp_bootp_la_SOURCES = libdhcp_bootp_la_LDFLAGS = $(AM_LDFLAGS) libdhcp_bootp_la_LDFLAGS += -avoid-version -export-dynamic -module libdhcp_bootp_la_LIBADD = libbootp.la +libdhcp_bootp_la_LIBADD += $(top_builddir)/src/lib/process/libkea-process.la libdhcp_bootp_la_LIBADD += $(top_builddir)/src/lib/stats/libkea-stats.la libdhcp_bootp_la_LIBADD += $(top_builddir)/src/lib/dhcp/libkea-dhcp++.la libdhcp_bootp_la_LIBADD += $(top_builddir)/src/lib/hooks/libkea-hooks.la diff --git a/src/hooks/dhcp/bootp/bootp_callouts.cc b/src/hooks/dhcp/bootp/bootp_callouts.cc index 688db70b3f..12c02105c3 100644 --- a/src/hooks/dhcp/bootp/bootp_callouts.cc +++ b/src/hooks/dhcp/bootp/bootp_callouts.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2019-2020 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2019-2022 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -18,6 +19,7 @@ using namespace isc::bootp; using namespace isc::dhcp; using namespace isc::hooks; using namespace isc::log; +using namespace isc::process; using namespace isc::stats; namespace { @@ -185,6 +187,11 @@ int pkt4_send(CalloutHandle& handle) { /// /// @return always 0. int load(LibraryHandle& /* handle */) { + const std::string& proc_name = Daemon::getProcName(); + if (proc_name != "kea-dhcp4") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp4"); + } LOG_INFO(bootp_logger, BOOTP_LOAD); return (0); } diff --git a/src/hooks/dhcp/bootp/tests/Makefile.am b/src/hooks/dhcp/bootp/tests/Makefile.am index 1868be78b2..692a647ae2 100644 --- a/src/hooks/dhcp/bootp/tests/Makefile.am +++ b/src/hooks/dhcp/bootp/tests/Makefile.am @@ -35,6 +35,7 @@ bootp_unittests_LDFLAGS = $(AM_LDFLAGS) $(CRYPTO_LDFLAGS) $(GTEST_LDFLAGS) bootp_unittests_CXXFLAGS = $(AM_CXXFLAGS) bootp_unittests_LDADD = $(top_builddir)/src/hooks/dhcp/bootp/libbootp.la +bootp_unittests_LDADD += $(top_builddir)/src/lib/process/libkea-process.la bootp_unittests_LDADD += $(top_builddir)/src/lib/stats/libkea-stats.la bootp_unittests_LDADD += $(top_builddir)/src/lib/dhcp/libkea-dhcp++.la bootp_unittests_LDADD += $(top_builddir)/src/lib/hooks/libkea-hooks.la diff --git a/src/hooks/dhcp/flex_option/flex_option_callouts.cc b/src/hooks/dhcp/flex_option/flex_option_callouts.cc index 49bde23d6b..97a90c20b1 100644 --- a/src/hooks/dhcp/flex_option/flex_option_callouts.cc +++ b/src/hooks/dhcp/flex_option/flex_option_callouts.cc @@ -12,6 +12,8 @@ #include #include #include +#include +#include namespace isc { namespace flex_option { @@ -24,8 +26,9 @@ FlexOptionImplPtr impl; using namespace isc; using namespace isc::data; using namespace isc::dhcp; -using namespace isc::hooks; using namespace isc::flex_option; +using namespace isc::hooks; +using namespace isc::process; // Functions accessed by the hooks framework use C linkage to avoid the name // mangling that accompanies use of the C++ compiler as well as to avoid @@ -120,6 +123,21 @@ int pkt6_send(CalloutHandle& handle) { /// @return 0 when initialization is successful, 1 otherwise int load(LibraryHandle& handle) { try { + // Make the hook library not loadable by d2 or ca. + uint16_t family = CfgMgr::instance().getFamily(); + const std::string& proc_name = Daemon::getProcName(); + if (family == AF_INET) { + if (proc_name != "kea-dhcp4") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp4"); + } + } else { + if (proc_name != "kea-dhcp6") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp6"); + } + } + impl.reset(new FlexOptionImpl()); ConstElementPtr options = handle.getParameter("options"); impl->configure(options); diff --git a/src/hooks/dhcp/flex_option/libloadtests/callout_unittests.cc b/src/hooks/dhcp/flex_option/libloadtests/callout_unittests.cc index db1cb67ffe..623419bfb7 100644 --- a/src/hooks/dhcp/flex_option/libloadtests/callout_unittests.cc +++ b/src/hooks/dhcp/flex_option/libloadtests/callout_unittests.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2019 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2019-2022 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -28,6 +29,7 @@ using namespace isc; using namespace isc::hooks; using namespace isc::data; using namespace isc::dhcp; +using namespace isc::process; namespace { @@ -97,6 +99,10 @@ TEST_F(CalloutTest, pkt4Send) { ElementPtr add = Element::create(string("'abc'")); option->set("add", add); + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET); + Daemon::setProcName("kea-dhcp4"); + // Load the library. addLib(FLEX_OPTION_LIB_SO, params); loadLibs(); @@ -128,9 +134,6 @@ TEST_F(CalloutTest, pkt4Send) { // Simple test which exercises the pkt6_send callout. TEST_F(CalloutTest, pkt6Send) { - // Move to DHCPv6. - CfgMgr::instance().setFamily(AF_INET6); - // Prepare load() parameters. ElementPtr params = Element::createMap(); ElementPtr options = Element::createList(); @@ -142,6 +145,10 @@ TEST_F(CalloutTest, pkt6Send) { ElementPtr supersede = Element::create(string("'abc'")); option->set("supersede", supersede); + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET6); + Daemon::setProcName("kea-dhcp6"); + // Load the library. addLib(FLEX_OPTION_LIB_SO, params); loadLibs(); diff --git a/src/hooks/dhcp/flex_option/libloadtests/load_unload_unittests.cc b/src/hooks/dhcp/flex_option/libloadtests/load_unload_unittests.cc index d9a386a9bd..5e7d48e557 100644 --- a/src/hooks/dhcp/flex_option/libloadtests/load_unload_unittests.cc +++ b/src/hooks/dhcp/flex_option/libloadtests/load_unload_unittests.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2019 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2019-2022 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -13,7 +13,9 @@ #include #include +#include #include +#include #include #include @@ -23,6 +25,7 @@ using namespace isc; using namespace isc::hooks; using namespace isc::data; using namespace isc::dhcp; +using namespace isc::process; namespace { @@ -49,8 +52,8 @@ public: libraries_.push_back(make_pair(lib, params)); } - void loadLibs() { - EXPECT_TRUE(HooksManager::loadLibraries(libraries_)); + bool loadLibs() { + return (HooksManager::loadLibraries(libraries_)); } void unloadLibs() { @@ -60,6 +63,72 @@ public: HookLibsCollection libraries_; }; +// Simple test that checks the library can be loaded in a DHCPv4 server. +TEST_F(LibLoadTest, validLoadDhcp4) { + + // Prepare parameters for the callout parameters library. + ElementPtr params = Element::createMap(); + ElementPtr options = Element::createList(); + params->set("options", options); + + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET); + Daemon::setProcName("kea-dhcp4"); + + addLib(FLEX_OPTION_LIB_SO, params); + EXPECT_TRUE(loadLibs()); +} + +// Simple test that checks the library can be loaded in a DHCPv6 server. +TEST_F(LibLoadTest, validLoadDhcp6) { + + // Prepare parameters for the callout parameters library. + ElementPtr params = Element::createMap(); + ElementPtr options = Element::createList(); + params->set("options", options); + + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET6); + Daemon::setProcName("kea-dhcp6"); + + addLib(FLEX_OPTION_LIB_SO, params); + EXPECT_TRUE(loadLibs()); +} + +// Simple test that checks the library can be loaded in a DHCPv4 server +// only if it is set for IPv4. +TEST_F(LibLoadTest, invalidLoadDhcp4) { + + // Prepare parameters for the callout parameters library. + ElementPtr params = Element::createMap(); + ElementPtr options = Element::createList(); + params->set("options", options); + + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET6); + Daemon::setProcName("kea-dhcp4"); + + addLib(FLEX_OPTION_LIB_SO, params); + EXPECT_FALSE(loadLibs()); +} + +// Simple test that checks the library can be loaded in a DHCPv6 server +// only if it is set for IPv6. +TEST_F(LibLoadTest, invalidLoadDhcp6) { + + // Prepare parameters for the callout parameters library. + ElementPtr params = Element::createMap(); + ElementPtr options = Element::createList(); + params->set("options", options); + + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET); + Daemon::setProcName("kea-dhcp6"); + + addLib(FLEX_OPTION_LIB_SO, params); + EXPECT_FALSE(loadLibs()); +} + // Simple test that checks the library can be loaded and unloaded several times. TEST_F(LibLoadTest, validLoad) { @@ -68,12 +137,16 @@ TEST_F(LibLoadTest, validLoad) { ElementPtr options = Element::createList(); params->set("options", options); + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET); + Daemon::setProcName("kea-dhcp4"); + addLib(FLEX_OPTION_LIB_SO, params); - loadLibs(); + EXPECT_TRUE(loadLibs()); unloadLibs(); - loadLibs(); + EXPECT_TRUE(loadLibs()); unloadLibs(); } diff --git a/src/hooks/dhcp/lease_cmds/lease_cmds_callouts.cc b/src/hooks/dhcp/lease_cmds/lease_cmds_callouts.cc index a0a1e4b9e3..25b257f76a 100644 --- a/src/hooks/dhcp/lease_cmds/lease_cmds_callouts.cc +++ b/src/hooks/dhcp/lease_cmds/lease_cmds_callouts.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2017-2020 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2017-2022 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -13,11 +13,15 @@ #include #include #include +#include #include +#include using namespace isc::config; using namespace isc::data; +using namespace isc::dhcp; using namespace isc::hooks; +using namespace isc::process; using namespace isc::lease_cmds; extern "C" { @@ -269,6 +273,21 @@ int lease6_resend_ddns(CalloutHandle& handle) { /// @param handle library handle /// @return 0 when initialization is successful, 1 otherwise int load(LibraryHandle& handle) { + // Make the hook library not loadable by d2 or ca. + uint16_t family = CfgMgr::instance().getFamily(); + const std::string& proc_name = Daemon::getProcName(); + if (family == AF_INET) { + if (proc_name != "kea-dhcp4") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp4"); + } + } else { + if (proc_name != "kea-dhcp6") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp6"); + } + } + handle.registerCommandCallout("lease4-add", lease4_add); handle.registerCommandCallout("lease6-add", lease6_add); handle.registerCommandCallout("lease6-bulk-apply", lease6_bulk_apply); diff --git a/src/hooks/dhcp/lease_cmds/tests/lease_cmds4_unittest.cc b/src/hooks/dhcp/lease_cmds/tests/lease_cmds4_unittest.cc index 30e0a810ef..517002de9a 100644 --- a/src/hooks/dhcp/lease_cmds/tests/lease_cmds4_unittest.cc +++ b/src/hooks/dhcp/lease_cmds/tests/lease_cmds4_unittest.cc @@ -45,6 +45,11 @@ namespace { /// unloading the lease_cmds library. class Lease4CmdsTest : public LeaseCmdsTest { public: + /// @brief Constructor. + Lease4CmdsTest() { + setFamily(false); + } + /// @brief Checks if specified response contains IPv4 lease /// /// @param lease Element tree that represents a lease diff --git a/src/hooks/dhcp/lease_cmds/tests/lease_cmds6_unittest.cc b/src/hooks/dhcp/lease_cmds/tests/lease_cmds6_unittest.cc index 84c6e61962..bfe2fa95e5 100644 --- a/src/hooks/dhcp/lease_cmds/tests/lease_cmds6_unittest.cc +++ b/src/hooks/dhcp/lease_cmds/tests/lease_cmds6_unittest.cc @@ -45,6 +45,11 @@ namespace { /// unloading the lease_cmds library. class Lease6CmdsTest : public LeaseCmdsTest { public: + /// @brief Constructor. + Lease6CmdsTest() { + setFamily(true); + } + /// @brief Checks if specified response contains IPv6 lease /// /// @param lease Element tree that represents a lease diff --git a/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.cc b/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.cc index d5e5c3772a..fbedbca7cd 100644 --- a/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.cc +++ b/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.cc @@ -54,6 +54,7 @@ TEST_F(LeaseCmdsTest, commands) { "lease4-wipe", "lease6-wipe", "lease4-resend-ddns", "lease6-resend-ddns" }; + setFamily(false); testCommands(cmds); } @@ -86,15 +87,18 @@ void LeaseCmdsTest::testLeaseXDelBadUpdateDdnsParam() { // Check that the library can be loaded and unloaded multiple times. TEST_F(LeaseCmdsTest, multipleLoads) { + setFamily(false); testMultipleLoads(); } TEST_F(LeaseCmdsTest, leaseXDelBadUpdateDdnsParam) { + setFamily(false); testLeaseXDelBadUpdateDdnsParam(); } TEST_F(LeaseCmdsTest, leaseXDelBadUpdateDdnsParamMultiThreading) { MultiThreadingTest mt(true); + setFamily(false); testLeaseXDelBadUpdateDdnsParam(); } diff --git a/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.h b/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.h index 638a90211c..e9782db56c 100644 --- a/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.h +++ b/src/hooks/dhcp/lease_cmds/tests/lease_cmds_unittest.h @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -49,6 +50,17 @@ public: unloadLibs(); } + /// @brief Set family. + void setFamily(bool v6) { + if (!v6) { + isc::dhcp::CfgMgr::instance().setFamily(AF_INET); + isc::process::Daemon::setProcName("kea-dhcp4"); + } else { + isc::dhcp::CfgMgr::instance().setFamily(AF_INET6); + isc::process::Daemon::setProcName("kea-dhcp6"); + } + } + /// @brief Adds library/parameters to list of libraries to be loaded void addLib(const std::string& lib, isc::data::ConstElementPtr params) { libraries_.push_back(make_pair(lib, params)); diff --git a/src/hooks/dhcp/mysql_cb/mysql_cb_callouts.cc b/src/hooks/dhcp/mysql_cb/mysql_cb_callouts.cc index 6b72f8844e..fb30474e6c 100644 --- a/src/hooks/dhcp/mysql_cb/mysql_cb_callouts.cc +++ b/src/hooks/dhcp/mysql_cb/mysql_cb_callouts.cc @@ -10,7 +10,9 @@ #include +#include #include +#include #include #include @@ -21,6 +23,7 @@ using namespace isc::cb; using namespace isc::dhcp; using namespace isc::hooks; using namespace isc::log; +using namespace isc::process; extern "C" { @@ -30,6 +33,21 @@ extern "C" { /// @return 0 when initialization is successful, 1 otherwise int load(LibraryHandle& /* handle */) { + // Make the hook library not loadable by d2 or ca. + uint16_t family = CfgMgr::instance().getFamily(); + const std::string& proc_name = Daemon::getProcName(); + if (family == AF_INET) { + if (proc_name != "kea-dhcp4") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp4"); + } + } else { + if (proc_name != "kea-dhcp6") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp6"); + } + } + LOG_INFO(mysql_cb_logger, MYSQL_CB_INIT_OK); // Register MySQL CB factories with CB Managers isc::dhcp::MySqlConfigBackendDHCPv4::registerBackendType(); diff --git a/src/hooks/dhcp/pgsql_cb/pgsql_cb_callouts.cc b/src/hooks/dhcp/pgsql_cb/pgsql_cb_callouts.cc index 2358f17799..669fb84025 100644 --- a/src/hooks/dhcp/pgsql_cb/pgsql_cb_callouts.cc +++ b/src/hooks/dhcp/pgsql_cb/pgsql_cb_callouts.cc @@ -10,7 +10,9 @@ #include +#include #include +#include #include #include @@ -21,6 +23,7 @@ using namespace isc::cb; using namespace isc::dhcp; using namespace isc::hooks; using namespace isc::log; +using namespace isc::process; extern "C" { @@ -30,6 +33,21 @@ extern "C" { /// @return 0 when initialization is successful, 1 otherwise int load(LibraryHandle& /* handle */) { + // Make the hook library not loadable by d2 or ca. + uint16_t family = CfgMgr::instance().getFamily(); + const std::string& proc_name = Daemon::getProcName(); + if (family == AF_INET) { + if (proc_name != "kea-dhcp4") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp4"); + } + } else { + if (proc_name != "kea-dhcp6") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp6"); + } + } + LOG_INFO(pgsql_cb_logger, PGSQL_CB_INIT_OK); // Register PostgreSQL CB factories with CB Managers isc::dhcp::PgSqlConfigBackendDHCPv4::registerBackendType(); diff --git a/src/hooks/dhcp/run_script/libloadtests/load_unload_unittests.cc b/src/hooks/dhcp/run_script/libloadtests/load_unload_unittests.cc index b924b8ddf7..948639beba 100644 --- a/src/hooks/dhcp/run_script/libloadtests/load_unload_unittests.cc +++ b/src/hooks/dhcp/run_script/libloadtests/load_unload_unittests.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2019-2021 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2019-2022 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -13,15 +13,19 @@ #include #include +#include #include +#include #include #include -using namespace std; using namespace isc; -using namespace isc::hooks; using namespace isc::data; +using namespace isc::dhcp; +using namespace isc::hooks; +using namespace isc::process; +using namespace std; namespace { @@ -71,6 +75,76 @@ public: HookLibsCollection libraries_; }; +// Simple test that checks the library can be loaded in a DHCPv4 server. +TEST_F(LibLoadTest, validLoadDhcp4) { + // Prepare parameters for the callout parameters library. + ElementPtr params = Element::createMap(); + ElementPtr name = Element::create(RUN_SCRIPT_TEST_SH); + params->set("name", name); + ElementPtr sync = Element::create(false); + params->set("sync", sync); + + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET); + Daemon::setProcName("kea-dhcp4"); + + addLib(LIBRUN_SCRIPT_SO, params); + EXPECT_TRUE(loadLibs()); +} + +// Simple test that checks the library can be loaded in a DHCPv6 server. +TEST_F(LibLoadTest, validLoadDhcp6) { + // Prepare parameters for the callout parameters library. + ElementPtr params = Element::createMap(); + ElementPtr name = Element::create(RUN_SCRIPT_TEST_SH); + params->set("name", name); + ElementPtr sync = Element::create(false); + params->set("sync", sync); + + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET6); + Daemon::setProcName("kea-dhcp6"); + + addLib(LIBRUN_SCRIPT_SO, params); + EXPECT_TRUE(loadLibs()); +} + +// Simple test that checks the library can be loaded in a DHCPv4 server +// only if it is set for IPv4. +TEST_F(LibLoadTest, invalidLoadDhcp4) { + // Prepare parameters for the callout parameters library. + ElementPtr params = Element::createMap(); + ElementPtr name = Element::create(RUN_SCRIPT_TEST_SH); + params->set("name", name); + ElementPtr sync = Element::create(false); + params->set("sync", sync); + + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET6); + Daemon::setProcName("kea-dhcp4"); + + addLib(LIBRUN_SCRIPT_SO, params); + EXPECT_FALSE(loadLibs()); +} + +// Simple test that checks the library can be loaded in a DHCPv6 server +// only if it is set for IPv6. +TEST_F(LibLoadTest, invalidLoadDhcp6) { + // Prepare parameters for the callout parameters library. + ElementPtr params = Element::createMap(); + ElementPtr name = Element::create(RUN_SCRIPT_TEST_SH); + params->set("name", name); + ElementPtr sync = Element::create(false); + params->set("sync", sync); + + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET); + Daemon::setProcName("kea-dhcp6"); + + addLib(LIBRUN_SCRIPT_SO, params); + EXPECT_FALSE(loadLibs()); +} + // Simple test that checks the library can be loaded and unloaded several times. TEST_F(LibLoadTest, validLoad) { // Prepare parameters for the callout parameters library. @@ -80,6 +154,10 @@ TEST_F(LibLoadTest, validLoad) { ElementPtr sync = Element::create(false); params->set("sync", sync); + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET); + Daemon::setProcName("kea-dhcp4"); + addLib(LIBRUN_SCRIPT_SO, params); EXPECT_TRUE(loadLibs()); @@ -94,6 +172,11 @@ TEST_F(LibLoadTest, validLoad) { TEST_F(LibLoadTest, invalidLoad) { // Prepare parameters for the callout parameters library. ElementPtr params = Element::createMap(); + + // Set family and proc name. + CfgMgr::instance().setFamily(AF_INET); + Daemon::setProcName("kea-dhcp4"); + addLib(LIBRUN_SCRIPT_SO, params); // The name parameter is mandatory. diff --git a/src/hooks/dhcp/run_script/run_script_callouts.cc b/src/hooks/dhcp/run_script/run_script_callouts.cc index d4f84212e5..f315aaadd7 100644 --- a/src/hooks/dhcp/run_script/run_script_callouts.cc +++ b/src/hooks/dhcp/run_script/run_script_callouts.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2021 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2021-2022 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -13,8 +13,10 @@ #include #include #include +#include #include #include +#include namespace isc { namespace run_script { @@ -29,6 +31,7 @@ using namespace isc::asiolink; using namespace isc::data; using namespace isc::dhcp; using namespace isc::hooks; +using namespace isc::process; using namespace isc::run_script; using namespace isc::util; @@ -43,6 +46,21 @@ extern "C" { /// @return 0 when initialization is successful, 1 otherwise int load(LibraryHandle& handle) { try { + // Make the hook library not loadable by d2 or ca. + uint16_t family = CfgMgr::instance().getFamily(); + const std::string& proc_name = Daemon::getProcName(); + if (family == AF_INET) { + if (proc_name != "kea-dhcp4") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp4"); + } + } else { + if (proc_name != "kea-dhcp6") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp6"); + } + } + impl.reset(new RunScriptImpl()); impl->configure(handle); } catch (const std::exception& ex) { diff --git a/src/hooks/dhcp/stat_cmds/stat_cmds_callouts.cc b/src/hooks/dhcp/stat_cmds/stat_cmds_callouts.cc index d13533e9d0..228772f981 100644 --- a/src/hooks/dhcp/stat_cmds/stat_cmds_callouts.cc +++ b/src/hooks/dhcp/stat_cmds/stat_cmds_callouts.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2018-2020 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2018-2022 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -13,9 +13,13 @@ #include #include #include +#include #include +#include +using namespace isc::dhcp; using namespace isc::hooks; +using namespace isc::process; using namespace isc::stat_cmds; extern "C" { @@ -47,6 +51,21 @@ int stat_lease6_get(CalloutHandle& handle) { /// @param handle library handle /// @return 0 when initialization is successful, 1 otherwise int load(LibraryHandle& handle) { + // Make the hook library not loadable by d2 or ca. + uint16_t family = CfgMgr::instance().getFamily(); + const std::string& proc_name = Daemon::getProcName(); + if (family == AF_INET) { + if (proc_name != "kea-dhcp4") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp4"); + } + } else { + if (proc_name != "kea-dhcp6") { + isc_throw(isc::Unexpected, "Bad process name: " << proc_name + << ", expected kea-dhcp6"); + } + } + handle.registerCommandCallout("stat-lease4-get", stat_lease4_get); handle.registerCommandCallout("stat-lease6-get", stat_lease6_get); LOG_INFO(stat_cmds_logger, STAT_CMDS_INIT_OK); diff --git a/src/hooks/dhcp/stat_cmds/tests/stat_cmds_unittest.cc b/src/hooks/dhcp/stat_cmds/tests/stat_cmds_unittest.cc index bd211ddb0b..936ca41b10 100644 --- a/src/hooks/dhcp/stat_cmds/tests/stat_cmds_unittest.cc +++ b/src/hooks/dhcp/stat_cmds/tests/stat_cmds_unittest.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2018-2021 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2018-2022 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -10,11 +10,13 @@ #include #include #include +#include #include #include #include #include #include +#include #include #include @@ -24,11 +26,12 @@ using namespace std; using namespace isc; -using namespace isc::hooks; +using namespace isc::asiolink; using namespace isc::config; using namespace isc::data; using namespace isc::dhcp; -using namespace isc::asiolink; +using namespace isc::hooks; +using namespace isc::process; using namespace isc::stats; using namespace boost::posix_time; @@ -50,6 +53,17 @@ public: unloadLibs(); } + /// @brief Set family. + void setFamily(bool v6 = false) { + if (!v6) { + CfgMgr::instance().setFamily(AF_INET); + Daemon::setProcName("kea-dhcp4"); + } else { + CfgMgr::instance().setFamily(AF_INET6); + Daemon::setProcName("kea-dhcp6"); + } + } + /// @brief Adds library/parameters to list of libraries to be loaded void addLib(const std::string& lib, ConstElementPtr params) { libraries_.push_back(make_pair(lib, params)); @@ -604,11 +618,13 @@ TEST_F(StatCmdsTest, commands) { vector cmds = { "stat-lease4-get", "stat-lease6-get" }; + setFamily(); testCommands(cmds); } // Check that the library can be loaded and unloaded multiple times. TEST_F(StatCmdsTest, multipleLoads) { + setFamily(); testMultipleLoads(); } @@ -621,6 +637,8 @@ struct TestScenario { // Verifies detection of invalid v4 input parameters. TEST_F(StatCmdsTest, StatLease4GetBadParams) { + setFamily(false); + // Initialize lease manager initLeaseMgr4(); @@ -787,6 +805,7 @@ TEST_F(StatCmdsTest, StatLease4GetBadParams) { // Verifies result content for valid v4 statistic commands. // These test scenarios are all valid, and not expected to throw. TEST_F(StatCmdsTest, statLease4GetValid) { + setFamily(false); // Initialize lease manager. initLeaseMgr4(); @@ -986,6 +1005,7 @@ TEST_F(StatCmdsTest, statLease4GetValid) { // Verifies result content for valid v4 statistic commands that // result in no matching subnets. TEST_F(StatCmdsTest, statLease4GetSubnetsNotFound) { + setFamily(false); // Initialize lease manager. initLeaseMgr4(); @@ -1046,6 +1066,8 @@ TEST_F(StatCmdsTest, statLease4GetSubnetsNotFound) { // Verifies detection of invalid v6 input parameters. TEST_F(StatCmdsTest, StatLease6GetBadParams) { + setFamily(true); + // Initialize lease manager initLeaseMgr6(); @@ -1212,6 +1234,7 @@ TEST_F(StatCmdsTest, StatLease6GetBadParams) { // Verifies result content for valid v6 statistic commands. // These test scenarios are all valid, and not expected to throw. TEST_F(StatCmdsTest, statLease6GetValid) { + setFamily(true); // Initialize lease manager initLeaseMgr6(); @@ -1418,6 +1441,7 @@ TEST_F(StatCmdsTest, statLease6GetValid) { // Verifies result content for valid v6 statistic commands that // result in no matching subnets. TEST_F(StatCmdsTest, statLease6GetSubnetsNotFound) { + setFamily(true); // Initialize lease manager initLeaseMgr6(); @@ -1478,6 +1502,7 @@ TEST_F(StatCmdsTest, statLease6GetSubnetsNotFound) { // Verifies that statistics for v4 subnets which no longer // exist are dropped from the result sets. TEST_F(StatCmdsTest, statLease4OrphanedStats) { + setFamily(false); // Initialize lease manager. initLeaseMgr4(); @@ -1529,6 +1554,7 @@ TEST_F(StatCmdsTest, statLease4OrphanedStats) { // Verifies that statistics for v6 subnets which no longer // exist are dropped from the result sets. TEST_F(StatCmdsTest, statLease6OrphanedStats) { + setFamily(true); // Initialize lease manager. initLeaseMgr6(); diff --git a/src/hooks/dhcp/user_chk/load_unload.cc b/src/hooks/dhcp/user_chk/load_unload.cc index 3a4869f063..a31042ca5c 100644 --- a/src/hooks/dhcp/user_chk/load_unload.cc +++ b/src/hooks/dhcp/user_chk/load_unload.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2013-2015 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2013-2022 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -68,6 +68,10 @@ int load(LibraryHandle&) { int ret_val = 0; try { + // If the hook library is dedicated to a specific server(s) + // please check here process name (Daemon::getProcName() from + // the process library). + // Instantiate the registry. user_registry.reset(new UserRegistry());