mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

[#3398] Made 1234 the default secret/password

Browse Source
This commit is contained in:
Francis Dupont 2024-12-20 16:48:44 +01:00
parent 0d54907747
commit 6d95ccb0f0
27 changed files with 126 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/examples/ddns/template.json
View File

@ -91,7 +91,7 @@
// "digest-bits" : 256,
// Minimum truncated length in bits.
// Default 0 (means truncation is forbidden).
// "secret" : "<shared secret value>"
// "secret" : "1234" (shared secret value)
// }
// ,
// {

4
doc/examples/https/httpd2/kea-httpd2.conf
View File

@ -48,9 +48,9 @@
# openssl pkcs12 -export -in kea-client.crt -inkey kea-client.key \
# -out kea-client.p12
#
# If the password is kea, curl command becomes:
# If the password is 1234, curl command becomes:
#
# curl -k --cert kea-client.p12:kea -X POST \
# curl -k --cert kea-client.p12:1234 -X POST \
# -H Content-Type:application/json -d '{ "command": "list-commands" }' \
# https://kea.example.org/kea
#

4
doc/examples/https/nginx/kea-nginx.conf
View File

@ -48,9 +48,9 @@
# openssl pkcs12 -export -in kea-client.crt -inkey kea-client.key \
# -out kea-client.p12
#
# If the password is kea, curl command becomes:
# If the password is 1234, curl command becomes:
#
# curl -k --cert kea-client.p12:kea -X POST \
# curl -k --cert kea-client.p12:1234 -X POST \
# -H Content-Type:application/json -d '{ "command": "list-commands" }' \
# https://kea.example.org
#

4
doc/examples/kea4/all-keys-netconf.json
View File

@ -361,7 +361,7 @@
"host": "localhost",
// Database password.
"password": "keatest",
"password": "1234",
// Port on which the database is available.
"port": 3306,
@ -424,7 +424,7 @@
"host": "localhost",
// Database password.
"password": "keatest",
"password": "1234",
// Port on which the database is available.
"port": 5432,

4
doc/examples/kea4/all-keys.json
View File

@ -483,7 +483,7 @@
"host": "localhost",
// Database password.
"password": "keatest",
"password": "1234",
// Port on which the database is available.
"port": 3306,
@ -546,7 +546,7 @@
"host": "localhost",
// Database password.
"password": "keatest",
"password": "1234",
// Port on which the database is available.
"port": 5432,

4
doc/examples/kea4/backends.json
View File

@ -38,7 +38,7 @@
// "host": "localhost",
// "port": 3306,
// "user": "keatest",
// "password": "secret1",
// "password": "1234",
// "reconnect-wait-time": 3000, // expressed in ms
// "max-reconnect-tries": 3,
// "on-fail": "stop-retry-exit",
@ -66,7 +66,7 @@
// "host": "localhost",
// "port": 5432,
// "user": "keatest",
// "password": "secret1",
// "password": "1234",
// "reconnect-wait-time": 3000, // expressed in ms
// "max-reconnect-tries": 3,
// "on-fail": "stop-retry-exit",

2
doc/examples/kea4/config-backend.json
View File

@ -38,7 +38,7 @@
"max-reconnect-tries": 3,
"name": "kea",
"user": "kea",
"password": "kea",
"password": "1234",
"host": "localhost",
"port": 3306
}

4
doc/examples/kea4/hooks-radius.json
View File

@ -173,7 +173,7 @@
// These are parameters for the first (and only) access server
"name": "127.0.0.1",
"port": 1812,
"secret": "secret"
"secret": "1234"
}
// Additional access servers could be specified here
],
@ -212,7 +212,7 @@
"servers": [ {
"name": "127.0.0.1",
"port": 1813,
"secret": "secret"
"secret": "1234"
}
]
}

2
doc/examples/kea4/mysql-reservations.json
View File

@ -61,7 +61,7 @@
"max-reconnect-tries": 3,
"name": "keatest",
"user": "keatest",
"password": "keatest",
"password": "1234",
"host": "localhost",
"port": 3306,
"trust-anchor": "my-ca",

2
doc/examples/kea4/pgsql-reservations.json
View File

@ -63,7 +63,7 @@
"max-reconnect-tries": 3,
"name": "keatest",
"user": "keatest",
"password": "keatest",
"password": "1234",
"host": "localhost"
}
],

4
doc/examples/kea6/all-keys-netconf.json
View File

@ -303,7 +303,7 @@
"host": "localhost",
// Database password.
"password": "keatest",
"password": "1234",
// Port on which the database is available.
"port": 3306,
@ -366,7 +366,7 @@
"host": "localhost",
// Database password.
"password": "keatest",
"password": "1234",
// Port on which the database is available.
"port": 5432,

4
doc/examples/kea6/all-keys.json
View File

@ -425,7 +425,7 @@
"host": "localhost",
// Database password.
"password": "keatest",
"password": "1234",
// Port on which the database is available.
"port": 3306,
@ -488,7 +488,7 @@
"host": "localhost",
// Database password.
"password": "keatest",
"password": "1234",
// Port on which the database is available.
"port": 5432,

4
doc/examples/kea6/backends.json
View File

@ -38,7 +38,7 @@
// "host": "localhost",
// "port": 3306,
// "user": "keatest",
// "password": "secret1",
// "password": "1234",
// "reconnect-wait-time": 3000, // expressed in ms
// "max-reconnect-tries": 3,
// "on-fail": "stop-retry-exit",
@ -66,7 +66,7 @@
// "host": "localhost",
// "port": 5432,
// "user": "keatest",
// "password": "secret1",
// "password": "1234",
// "reconnect-wait-time": 3000, // expressed in ms
// "max-reconnect-tries": 3,
// "on-fail": "stop-retry-exit",

2
doc/examples/kea6/config-backend.json
View File

@ -38,7 +38,7 @@
"max-reconnect-tries": 3,
"name": "kea",
"user": "kea",
"password": "kea",
"password": "1234",
"host": "localhost",
"port": 3306
}

2
doc/examples/kea6/mysql-reservations.json
View File

@ -48,7 +48,7 @@
"max-reconnect-tries": 3,
"name": "keatest",
"user": "keatest",
"password": "keatest",
"password": "1234",
"host": "localhost",
"port": 3306,
"readonly": true,

2
doc/examples/kea6/pgsql-reservations.json
View File

@ -50,7 +50,7 @@
"max-reconnect-tries": 3,
"name": "keatest",
"user": "keatest",
"password": "keatest",
"password": "1234",
"host": "localhost"
}
],

4
doc/sphinx/arm/admin.rst
View File

@ -246,7 +246,7 @@ To create the database:
.. code-block:: mysql
mysql> CREATE USER 'user-name'@'localhost' IDENTIFIED BY 'password';
mysql> CREATE USER 'user-name'@'localhost' IDENTIFIED BY '1234';
mysql> GRANT ALL ON database-name.* TO 'user-name'@'localhost';
(``user-name`` and ``password`` are the user ID and password used to
@ -485,7 +485,7 @@ which the servers will access it. A number of steps are required:
.. code-block:: psql
postgres=# CREATE USER user-name WITH PASSWORD 'password';
postgres=# CREATE USER user-name WITH PASSWORD '1234';
CREATE ROLE
postgres=# GRANT ALL PRIVILEGES ON DATABASE database-name TO user-name;
GRANT

10
doc/sphinx/arm/dhcp4-srv.rst
View File

@ -601,7 +601,7 @@ access the database should be set:
"Dhcp4": {
"lease-database": {
"user": "user-name",
"password": "password",
"password": "1234",
...
},
...
@ -708,7 +708,7 @@ connection to MySQL:
"type": "mysql",
"name": "kea",
"user": "kea",
"password": "secret123",
"password": "1234",
"host": "localhost",
"port": 3306
}
@ -858,7 +858,7 @@ access the database should be set:
"Dhcp4": {
"hosts-database": {
"user": "user-name",
"password": "password",
"password": "1234",
...
},
...
@ -8532,7 +8532,7 @@ database:
"type": "mysql",
"name": "kea",
"user": "kea",
"password": "kea",
"password": "1234",
"host": "192.0.2.1",
"port": 3302
}
@ -8563,7 +8563,7 @@ The following snippet illustrates the use of a PostgreSQL database:
"type": "postgresql",
"name": "kea",
"user": "kea",
"password": "kea",
"password": "1234",
"host": "192.0.2.1",
"port": 3302
}

10
doc/sphinx/arm/dhcp6-srv.rst
View File

@ -557,7 +557,7 @@ access the database should be set:
"Dhcp6": {
"lease-database": {
"user": "user-name",
"password": "password",
"password": "1234",
...
},
...
@ -664,7 +664,7 @@ connection to MySQL:
"type": "mysql",
"name": "kea",
"user": "kea",
"password": "secret123",
"password": "1234",
"host": "localhost",
"port": 3306
}
@ -814,7 +814,7 @@ access the database should be set:
"Dhcp6": {
"hosts-database": {
"user": "user-name",
"password": "password",
"password": "1234",
...
},
...
@ -8273,7 +8273,7 @@ database:
"type": "mysql",
"name": "kea",
"user": "kea",
"password": "kea",
"password": "1234",
"host": "2001:db8:1::1",
"port": 3302
}
@ -8304,7 +8304,7 @@ The following snippet illustrates the use of a PostgreSQL database:
"type": "postgresql",
"name": "kea",
"user": "kea",
"password": "kea",
"password": "1234",
"host": "2001:db8:1::1",
"port": 3302
}

6
doc/sphinx/arm/ext-radius.rst
View File

@ -242,7 +242,7 @@ At the service level, three sections can be configured:
The value ``0`` means no limit; ``64`` is a recommended setting.
For example, to specify a single access server available on localhost
that uses ``"xyz123"`` as a secret, and tell Kea to send three additional
that uses ``"1234"`` as a secret, and tell Kea to send three additional
attributes (``User-Password``, ``Connect-Info``, and ``Configuration-Token``),
the following snippet could be used:
@ -261,7 +261,7 @@ the following snippet could be used:
// These are parameters for the first (and only) access server
"name": "127.0.0.1",
"port": 1812,
"secret": "xyz123"
"secret": "1234"
}
// Additional access servers could be specified here.
],
@ -303,7 +303,7 @@ the following snippet could be used:
// These are parameters for the first (and only) accounting server
"name": "127.0.0.1",
"port": 1813,
"secret": "sekret"
"secret": "1234"
}
// Additional accounting servers could be specified here.
]

8
doc/sphinx/arm/hooks-ha.rst
View File

@ -700,7 +700,7 @@ only difference that ``this-server-name`` should be set to "server2" and
"url": "http://192.168.56.99:8000/",
"role": "backup",
"basic-auth-user": "foo",
"basic-auth-password": "bar",
"basic-auth-password": "1234",
"auto-failover": false
}]
}]
@ -945,7 +945,7 @@ other words, if the query would normally be processed by ``server2`` but this
server is not available, ``server1`` allocates the lease from the pool of
"192.0.3.200 - 192.0.3.250". The Kea control agent in front of ``server3``
requires basic HTTP authentication, and authorizes the user ID "foo" with the
password "bar".
password "1234".
.. note::
@ -1096,7 +1096,7 @@ The following is an example configuration of the primary server in a
"name": "server3",
"url": "http://192.168.56.99:8000/",
"basic-auth-user": "foo",
"basic-auth-password": "bar",
"basic-auth-password": "1234",
"role": "backup",
"auto-failover": false
}]
@ -1175,7 +1175,7 @@ The following is an example configuration file for the primary server in a
"name": "server3",
"url": "http://192.168.56.99:8000/",
"basic-auth-user": "foo",
"basic-auth-password": "bar",
"basic-auth-password": "1234",
"role": "backup"
}]
}]

8
doc/sphinx/arm/hooks-legal-log.rst
View File

@ -240,7 +240,7 @@ Additional parameters for the database connection can be specified, e.g:
"library": "/usr/local/lib/kea/hooks/libdhcp_legal_log.so",
"parameters": {
"name": "database-name",
"password": "passwd",
"password": "1234",
"type": "mysql",
"user": "user-name"
}
@ -478,7 +478,7 @@ Examples:
"library": "/usr/local/lib/kea/hooks/libdhcp_legal_log.so",
"parameters": {
"name": "database-name",
"password": "passwd",
"password": "1234",
"type": "mysql",
"user": "user-name",
"request-parser-format": "'log entry' + 0x0a + 'same log entry'",
@ -803,7 +803,7 @@ Examples:
"library": "/usr/local/lib/kea/hooks/libdhcp_legal_log.so",
"parameters": {
"name": "database-name",
"password": "passwd",
"password": "1234",
"type": "mysql",
"user": "user-name",
"request-parser-format": "'log entry' + 0x0a + 'same log entry'",
@ -1061,7 +1061,7 @@ tools may be used, for example, to dump the logs table from a MYSQL database:
::
$ mysql --user keatest --password keatest -e "select * from logs;"
$ mysql --user keatest --password 1234 -e "select * from logs;"
+---------------------+--------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+----+
| timestamp | address | log | id |
+---------------------+--------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+----+

2
src/bin/keactrl/kea-dhcp4.conf.pre
View File

@ -73,7 +73,7 @@
// "type": "mysql",
// "name": "kea",
// "user": "kea",
// "password": "kea",
// "password": "1234",
// "host": "localhost",
// "port": 3306
// },

2
src/bin/keactrl/kea-dhcp6.conf.pre
View File

@ -67,7 +67,7 @@
// "type": "mysql",
// "name": "kea",
// "user": "kea",
// "password": "kea",
// "password": "1234",
// "host": "localhost",
// "port": 3306
// },

2
src/lib/cc/Makefile.am
View File

@ -10,6 +10,7 @@ libkea_cc_la_SOURCES += data.cc data.h
libkea_cc_la_SOURCES += element_value.h
libkea_cc_la_SOURCES += cfg_to_element.h dhcp_config_error.h
libkea_cc_la_SOURCES += command_interpreter.cc command_interpreter.h
libkea_cc_la_SOURCES += default_credentials.cc default_credentials.h
libkea_cc_la_SOURCES += json_feed.cc json_feed.h
libkea_cc_la_SOURCES += server_tag.cc server_tag.h
libkea_cc_la_SOURCES += simple_parser.cc simple_parser.h
@ -31,6 +32,7 @@ libkea_cc_include_HEADERS = \
cfg_to_element.h \
command_interpreter.h \
data.h \
default_credentials.h \
dhcp_config_error.h \
element_value.h \
json_feed.h \

32
src/lib/cc/default_credentials.cc Normal file
View File

@ -0,0 +1,32 @@
// Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
#include <config.h>
#include <cc/default_credentials.h>
namespace isc {
namespace data {
const std::list<std::string> DefaultCredentials::DEFAULT_CREDENTIALS = {
#ifndef IGNORE_KEA_DEFAULT_CREDENTIALS
"1234", "*****"
#endif
#ifdef EXTRA_KEA_DEFAULT_CREDENTIALS
EXTRA_KEA_DEFAULT_CREDENTIALS
#endif
};
void DefaultCredentials::check(const std::string& value) {
for (auto const& cred : DEFAULT_CREDENTIALS) {
if (value == cred) {
isc_throw(DefaultCredential,
"illegal use of a default value as credential");
}
}
}
} // end of isc::dhcp namespace
} // end of isc namespace

42
src/lib/cc/default_credentials.h Normal file
View File

@ -0,0 +1,42 @@
// Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
#ifndef DEFAULT_CREDENTIALS_H
#define DEFAULT_CREDENTIALS_H
#include <exceptions/exceptions.h>
#include <list>
#include <string>
namespace isc {
namespace data {
/// @brief Exception thrown on attempt to use a default credential.
class DefaultCredential : public Exception {
public:
DefaultCredential(const char* file, size_t line, const char* what) :
isc::Exception(file, line, what) { }
};
/// @brief Base class for default credentials.
struct DefaultCredentials {
/// @brief Default credentials.
///
/// @note Using a list as there are only two default credentials.
static const std::list<std::string> DEFAULT_CREDENTIALS;
/// @brief Check if the value is a default credential.
///
/// @param value The value to check.
/// @throw DefaultCredential if the value is in default credentials.
static void check(const std::string& value);
};
} // end of isc::dhcp namespace
} // end of isc namespace
#endif // DEFAULT_CREDENTIALS_H