[#3398] Made 1234 the default secret/password

2025-08-22 09:57:41 +00:00 · 2024-12-20 16:48:44 +01:00 · 2024-12-20 16:48:44 +01:00 · 6d95ccb0f0
commit 6d95ccb0f0
parent 0d54907747
27 changed files with 126 additions and 50 deletions
--- a/doc/examples/ddns/template.json
+++ b/doc/examples/ddns/template.json
@ -91,7 +91,7 @@
 //            "digest-bits" : 256,
 //            Minimum truncated length in bits.
 //            Default 0 (means truncation is forbidden).
-//            "secret" : "<shared secret value>"
+//            "secret" : "1234" (shared secret value)
 //        }
 //        ,
 //        {
--- a/doc/examples/https/httpd2/kea-httpd2.conf
+++ b/doc/examples/https/httpd2/kea-httpd2.conf
@ -48,9 +48,9 @@
 #   openssl pkcs12 -export -in kea-client.crt -inkey kea-client.key \
 #           -out kea-client.p12
 #
-#   If the password is kea, curl command becomes:
+#   If the password is 1234, curl command becomes:
 #
-#   curl -k --cert kea-client.p12:kea -X POST \
+#   curl -k --cert kea-client.p12:1234 -X POST \
 #        -H Content-Type:application/json -d '{ "command": "list-commands" }' \
 #         https://kea.example.org/kea
 #
--- a/doc/examples/https/nginx/kea-nginx.conf
+++ b/doc/examples/https/nginx/kea-nginx.conf
@ -48,9 +48,9 @@
 #   openssl pkcs12 -export -in kea-client.crt -inkey kea-client.key \
 #           -out kea-client.p12
 #
-#   If the password is kea, curl command becomes:
+#   If the password is 1234, curl command becomes:
 #
-#   curl -k --cert kea-client.p12:kea -X POST \
+#   curl -k --cert kea-client.p12:1234 -X POST \
 #        -H Content-Type:application/json -d '{ "command": "list-commands" }' \
 #         https://kea.example.org
 #
--- a/doc/examples/kea4/all-keys-netconf.json
+++ b/doc/examples/kea4/all-keys-netconf.json
@ -361,7 +361,7 @@
                "host": "localhost",
                // Database password.
-                "password": "keatest",
+                "password": "1234",
                // Port on which the database is available.
                "port": 3306,
@ -424,7 +424,7 @@
                "host": "localhost",
                // Database password.
-                "password": "keatest",
+                "password": "1234",
                // Port on which the database is available.
                "port": 5432,
--- a/doc/examples/kea4/all-keys.json
+++ b/doc/examples/kea4/all-keys.json
@ -483,7 +483,7 @@
                "host": "localhost",
                // Database password.
-                "password": "keatest",
+                "password": "1234",
                // Port on which the database is available.
                "port": 3306,
@ -546,7 +546,7 @@
                "host": "localhost",
                // Database password.
-                "password": "keatest",
+                "password": "1234",
                // Port on which the database is available.
                "port": 5432,
--- a/doc/examples/kea4/backends.json
+++ b/doc/examples/kea4/backends.json
@ -38,7 +38,7 @@
 //      "host": "localhost",
 //      "port": 3306,
 //      "user": "keatest",
-//      "password": "secret1",
+//      "password": "1234",
 //      "reconnect-wait-time": 3000, // expressed in ms
 //      "max-reconnect-tries": 3,
 //      "on-fail": "stop-retry-exit",
@ -66,7 +66,7 @@
 //      "host": "localhost",
 //      "port": 5432,
 //      "user": "keatest",
-//      "password": "secret1",
+//      "password": "1234",
 //      "reconnect-wait-time": 3000, // expressed in ms
 //      "max-reconnect-tries": 3,
 //      "on-fail": "stop-retry-exit",
--- a/doc/examples/kea4/config-backend.json
+++ b/doc/examples/kea4/config-backend.json
@ -38,7 +38,7 @@
                "max-reconnect-tries": 3,
                "name": "kea",
                "user": "kea",
-                "password": "kea",
+                "password": "1234",
                "host": "localhost",
                "port": 3306
            }
--- a/doc/examples/kea4/hooks-radius.json
+++ b/doc/examples/kea4/hooks-radius.json
@ -173,7 +173,7 @@
                         // These are parameters for the first (and only) access server
                         "name": "127.0.0.1",
                         "port": 1812,
-                         "secret": "secret"
+                         "secret": "1234"
                     }
                     // Additional access servers could be specified here
                 ],
@ -212,7 +212,7 @@
                 "servers": [ {
                         "name": "127.0.0.1",
                         "port": 1813,
-                         "secret": "secret"
+                         "secret": "1234"
                     }
                ]
             }
--- a/doc/examples/kea4/mysql-reservations.json
+++ b/doc/examples/kea4/mysql-reservations.json
@ -61,7 +61,7 @@
    "max-reconnect-tries": 3,
    "name": "keatest",
    "user": "keatest",
-    "password": "keatest",
+    "password": "1234",
    "host": "localhost",
    "port": 3306,
    "trust-anchor": "my-ca",
--- a/doc/examples/kea4/pgsql-reservations.json
+++ b/doc/examples/kea4/pgsql-reservations.json
@ -63,7 +63,7 @@
       "max-reconnect-tries": 3,
       "name": "keatest",
       "user": "keatest",
-       "password": "keatest",
+       "password": "1234",
       "host": "localhost"
    }
  ],
--- a/doc/examples/kea6/all-keys-netconf.json
+++ b/doc/examples/kea6/all-keys-netconf.json
@ -303,7 +303,7 @@
                "host": "localhost",
                // Database password.
-                "password": "keatest",
+                "password": "1234",
                // Port on which the database is available.
                "port": 3306,
@ -366,7 +366,7 @@
                "host": "localhost",
                // Database password.
-                "password": "keatest",
+                "password": "1234",
                // Port on which the database is available.
                "port": 5432,
--- a/doc/examples/kea6/all-keys.json
+++ b/doc/examples/kea6/all-keys.json
@ -425,7 +425,7 @@
                "host": "localhost",
                // Database password.
-                "password": "keatest",
+                "password": "1234",
                // Port on which the database is available.
                "port": 3306,
@ -488,7 +488,7 @@
                "host": "localhost",
                // Database password.
-                "password": "keatest",
+                "password": "1234",
                // Port on which the database is available.
                "port": 5432,
--- a/doc/examples/kea6/backends.json
+++ b/doc/examples/kea6/backends.json
@ -38,7 +38,7 @@
 //      "host": "localhost",
 //      "port": 3306,
 //      "user": "keatest",
-//      "password": "secret1",
+//      "password": "1234",
 //      "reconnect-wait-time": 3000, // expressed in ms
 //      "max-reconnect-tries": 3,
 //      "on-fail": "stop-retry-exit",
@ -66,7 +66,7 @@
 //      "host": "localhost",
 //      "port": 5432,
 //      "user": "keatest",
-//      "password": "secret1",
+//      "password": "1234",
 //      "reconnect-wait-time": 3000, // expressed in ms
 //      "max-reconnect-tries": 3,
 //      "on-fail": "stop-retry-exit",
--- a/doc/examples/kea6/config-backend.json
+++ b/doc/examples/kea6/config-backend.json
@ -38,7 +38,7 @@
                "max-reconnect-tries": 3,
                "name": "kea",
                "user": "kea",
-                "password": "kea",
+                "password": "1234",
                "host": "localhost",
                "port": 3306
            }
--- a/doc/examples/kea6/mysql-reservations.json
+++ b/doc/examples/kea6/mysql-reservations.json
@ -48,7 +48,7 @@
    "max-reconnect-tries": 3,
    "name": "keatest",
    "user": "keatest",
-    "password": "keatest",
+    "password": "1234",
    "host": "localhost",
    "port": 3306,
    "readonly": true,
--- a/doc/examples/kea6/pgsql-reservations.json
+++ b/doc/examples/kea6/pgsql-reservations.json
@ -50,7 +50,7 @@
       "max-reconnect-tries": 3,
       "name": "keatest",
       "user": "keatest",
-       "password": "keatest",
+       "password": "1234",
       "host": "localhost"
    }
  ],
--- a/doc/sphinx/arm/admin.rst
+++ b/doc/sphinx/arm/admin.rst
@ -246,7 +246,7 @@ To create the database:
   .. code-block:: mysql
-      mysql> CREATE USER 'user-name'@'localhost' IDENTIFIED BY 'password';
+      mysql> CREATE USER 'user-name'@'localhost' IDENTIFIED BY '1234';
      mysql> GRANT ALL ON database-name.* TO 'user-name'@'localhost';
   (``user-name`` and ``password`` are the user ID and password used to
@ -485,7 +485,7 @@ which the servers will access it. A number of steps are required:
   .. code-block:: psql
-      postgres=# CREATE USER user-name WITH PASSWORD 'password';
+      postgres=# CREATE USER user-name WITH PASSWORD '1234';
      CREATE ROLE
      postgres=# GRANT ALL PRIVILEGES ON DATABASE database-name TO user-name;
      GRANT
--- a/doc/sphinx/arm/dhcp4-srv.rst
+++ b/doc/sphinx/arm/dhcp4-srv.rst
@ -601,7 +601,7 @@ access the database should be set:
   "Dhcp4": {
       "lease-database": {
           "user": "user-name",
-           "password": "password",
+           "password": "1234",
           ...
       },
       ...
@ -708,7 +708,7 @@ connection to MySQL:
           "type": "mysql",
           "name": "kea",
           "user": "kea",
-           "password": "secret123",
+           "password": "1234",
           "host": "localhost",
           "port": 3306
       }
@ -858,7 +858,7 @@ access the database should be set:
   "Dhcp4": {
       "hosts-database": {
           "user": "user-name",
-           "password": "password",
+           "password": "1234",
           ...
       },
       ...
@ -8532,7 +8532,7 @@ database:
                       "type": "mysql",
                       "name": "kea",
                       "user": "kea",
-                       "password": "kea",
+                       "password": "1234",
                       "host": "192.0.2.1",
                       "port": 3302
                   }
@ -8563,7 +8563,7 @@ The following snippet illustrates the use of a PostgreSQL database:
                       "type": "postgresql",
                       "name": "kea",
                       "user": "kea",
-                       "password": "kea",
+                       "password": "1234",
                       "host": "192.0.2.1",
                       "port": 3302
                   }
--- a/doc/sphinx/arm/dhcp6-srv.rst
+++ b/doc/sphinx/arm/dhcp6-srv.rst
@ -557,7 +557,7 @@ access the database should be set:
   "Dhcp6": {
       "lease-database": {
           "user": "user-name",
-           "password": "password",
+           "password": "1234",
           ...
       },
       ...
@ -664,7 +664,7 @@ connection to MySQL:
           "type": "mysql",
           "name": "kea",
           "user": "kea",
-           "password": "secret123",
+           "password": "1234",
           "host": "localhost",
           "port": 3306
       }
@ -814,7 +814,7 @@ access the database should be set:
   "Dhcp6": {
       "hosts-database": {
           "user": "user-name",
-           "password": "password",
+           "password": "1234",
           ...
       },
       ...
@ -8273,7 +8273,7 @@ database:
                       "type": "mysql",
                       "name": "kea",
                       "user": "kea",
-                       "password": "kea",
+                       "password": "1234",
                       "host": "2001:db8:1::1",
                       "port": 3302
                   }
@ -8304,7 +8304,7 @@ The following snippet illustrates the use of a PostgreSQL database:
                       "type": "postgresql",
                       "name": "kea",
                       "user": "kea",
-                       "password": "kea",
+                       "password": "1234",
                       "host": "2001:db8:1::1",
                       "port": 3302
                   }
--- a/doc/sphinx/arm/ext-radius.rst
+++ b/doc/sphinx/arm/ext-radius.rst
@ -242,7 +242,7 @@ At the service level, three sections can be configured:
  The value ``0`` means no limit; ``64`` is a recommended setting.
 For example, to specify a single access server available on localhost
-that uses ``"xyz123"`` as a secret, and tell Kea to send three additional
+that uses ``"1234"`` as a secret, and tell Kea to send three additional
 attributes (``User-Password``, ``Connect-Info``, and ``Configuration-Token``),
 the following snippet could be used:
@ -261,7 +261,7 @@ the following snippet could be used:
              // These are parameters for the first (and only) access server
              "name": "127.0.0.1",
              "port": 1812,
-              "secret": "xyz123"
+              "secret": "1234"
            }
          // Additional access servers could be specified here.
          ],
@ -303,7 +303,7 @@ the following snippet could be used:
              // These are parameters for the first (and only) accounting server
              "name": "127.0.0.1",
              "port": 1813,
-              "secret": "sekret"
+              "secret": "1234"
            }
            // Additional accounting servers could be specified here.
          ]
--- a/doc/sphinx/arm/hooks-ha.rst
+++ b/doc/sphinx/arm/hooks-ha.rst
@ -700,7 +700,7 @@ only difference that ``this-server-name`` should be set to "server2" and
                       "url": "http://192.168.56.99:8000/",
                       "role": "backup",
                       "basic-auth-user": "foo",
-                       "basic-auth-password": "bar",
+                       "basic-auth-password": "1234",
                       "auto-failover": false
                   }]
               }]
@ -945,7 +945,7 @@ other words, if the query would normally be processed by ``server2`` but this
 server is not available, ``server1`` allocates the lease from the pool of
 "192.0.3.200 - 192.0.3.250". The Kea control agent in front of ``server3``
 requires basic HTTP authentication, and authorizes the user ID "foo" with the
-password "bar".
+password "1234".
 .. note::
@ -1096,7 +1096,7 @@ The following is an example configuration of the primary server in a
                       "name": "server3",
                       "url": "http://192.168.56.99:8000/",
                       "basic-auth-user": "foo",
-                       "basic-auth-password": "bar",
+                       "basic-auth-password": "1234",
                       "role": "backup",
                       "auto-failover": false
                   }]
@ -1175,7 +1175,7 @@ The following is an example configuration file for the primary server in a
                       "name": "server3",
                       "url": "http://192.168.56.99:8000/",
                       "basic-auth-user": "foo",
-                       "basic-auth-password": "bar",
+                       "basic-auth-password": "1234",
                       "role": "backup"
                   }]
               }]
--- a/doc/sphinx/arm/hooks-legal-log.rst
+++ b/doc/sphinx/arm/hooks-legal-log.rst
@ -240,7 +240,7 @@ Additional parameters for the database connection can be specified, e.g:
            "library": "/usr/local/lib/kea/hooks/libdhcp_legal_log.so",
            "parameters": {
              "name": "database-name",
-              "password": "passwd",
+              "password": "1234",
              "type": "mysql",
              "user": "user-name"
            }
@ -478,7 +478,7 @@ Examples:
            "library": "/usr/local/lib/kea/hooks/libdhcp_legal_log.so",
            "parameters": {
              "name": "database-name",
-              "password": "passwd",
+              "password": "1234",
              "type": "mysql",
              "user": "user-name",
              "request-parser-format": "'log entry' + 0x0a + 'same log entry'",
@ -803,7 +803,7 @@ Examples:
            "library": "/usr/local/lib/kea/hooks/libdhcp_legal_log.so",
            "parameters": {
              "name": "database-name",
-              "password": "passwd",
+              "password": "1234",
              "type": "mysql",
              "user": "user-name",
              "request-parser-format": "'log entry' + 0x0a + 'same log entry'",
@ -1061,7 +1061,7 @@ tools may be used, for example, to dump the logs table from a MYSQL database:
 ::
-   $ mysql --user keatest --password keatest -e "select * from logs;"
+   $ mysql --user keatest --password 1234 -e "select * from logs;"
   +---------------------+--------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+----+
   | timestamp           | address      | log                                                                                                                                                             | id |
   +---------------------+--------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+----+
--- a/src/bin/keactrl/kea-dhcp4.conf.pre
+++ b/src/bin/keactrl/kea-dhcp4.conf.pre
@ -73,7 +73,7 @@
    //     "type": "mysql",
    //     "name": "kea",
    //     "user": "kea",
-    //     "password": "kea",
+    //     "password": "1234",
    //     "host": "localhost",
    //     "port": 3306
    // },
--- a/src/bin/keactrl/kea-dhcp6.conf.pre
+++ b/src/bin/keactrl/kea-dhcp6.conf.pre
@ -67,7 +67,7 @@
    //     "type": "mysql",
    //     "name": "kea",
    //     "user": "kea",
-    //     "password": "kea",
+    //     "password": "1234",
    //     "host": "localhost",
    //     "port": 3306
    // },
--- a/src/lib/cc/Makefile.am
+++ b/src/lib/cc/Makefile.am
@ -10,6 +10,7 @@ libkea_cc_la_SOURCES += data.cc data.h
 libkea_cc_la_SOURCES += element_value.h
 libkea_cc_la_SOURCES += cfg_to_element.h dhcp_config_error.h
 libkea_cc_la_SOURCES += command_interpreter.cc command_interpreter.h
 libkea_cc_la_SOURCES += default_credentials.cc default_credentials.h
 libkea_cc_la_SOURCES += json_feed.cc json_feed.h
 libkea_cc_la_SOURCES += server_tag.cc server_tag.h
 libkea_cc_la_SOURCES += simple_parser.cc simple_parser.h
@ -31,6 +32,7 @@ libkea_cc_include_HEADERS = \
 	cfg_to_element.h \
 	command_interpreter.h \
 	data.h \
 	default_credentials.h \
 	dhcp_config_error.h \
 	element_value.h \
 	json_feed.h \
--- a/src/lib/cc/default_credentials.cc
+++ b/src/lib/cc/default_credentials.cc
@ -0,0 +1,32 @@
 // Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #include <config.h>
 #include <cc/default_credentials.h>
 namespace isc {
 namespace data {
 const std::list<std::string> DefaultCredentials::DEFAULT_CREDENTIALS = {
 #ifndef IGNORE_KEA_DEFAULT_CREDENTIALS
    "1234", "*****"
 #endif
 #ifdef EXTRA_KEA_DEFAULT_CREDENTIALS
    EXTRA_KEA_DEFAULT_CREDENTIALS
 #endif
 };
 void DefaultCredentials::check(const std::string& value) {
    for (auto const& cred : DEFAULT_CREDENTIALS) {
        if (value == cred) {
            isc_throw(DefaultCredential,
                      "illegal use of a default value as credential");
        }
    }
 }
 }  // end of isc::dhcp namespace
 }  // end of isc namespace
--- a/src/lib/cc/default_credentials.h
+++ b/src/lib/cc/default_credentials.h
@ -0,0 +1,42 @@
 // Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #ifndef DEFAULT_CREDENTIALS_H
 #define DEFAULT_CREDENTIALS_H
 #include <exceptions/exceptions.h>
 #include <list>
 #include <string>
 namespace isc {
 namespace data {
 /// @brief Exception thrown on attempt to use a default credential.
 class DefaultCredential : public Exception {
 public:
    DefaultCredential(const char* file, size_t line, const char* what) :
        isc::Exception(file, line, what) { }
 };
 /// @brief Base class for default credentials.
 struct DefaultCredentials {
    /// @brief Default credentials.
    ///
    /// @note Using a list as there are only two default credentials.
    static const std::list<std::string> DEFAULT_CREDENTIALS;
    /// @brief Check if the value is a default credential.
    ///
    /// @param value The value to check.
    /// @throw DefaultCredential if the value is in default credentials.
    static void check(const std::string& value);
 };
 } // end of isc::dhcp namespace
 } // end of isc namespace
 #endif // DEFAULT_CREDENTIALS_H