mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-29 04:57:52 +00:00
Code Issues Releases Wiki Activity
37,665 Commits 2,668 Branches 726 Tags
Commit Graph

37665 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Markwalder
0a85700c28 [#3848] Change risk to policy 
modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
d8eb27b3fa [#3848] Replace WARN with WARNING some more 2025-06-30 11:49:59 +00:00
Thomas Markwalder
33caead065 [#3848] Make message IDs consistent 2025-06-30 11:49:59 +00:00
Marcin Siodelski
15a78bcfc3 [#3848] Fixed whitespace 2025-06-30 11:49:59 +00:00
Thomas Markwalder
b3ded306f3 [#3848] Addressed review comments 
Fixed minor nits

modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst
modified:   src/bin/dhcp4/main.cc
modified:   src/bin/dhcp6/main.cc
modified:   src/hooks/dhcp/host_cache/tests/command_unittests.cc
modified:   src/hooks/dhcp/lease_cmds/lease_cmds.cc
modified:   src/hooks/dhcp/lease_cmds/lease_cmds_messages.cc
modified:   src/hooks/dhcp/lease_cmds/lease_cmds_messages.h
modified:   src/hooks/dhcp/lease_cmds/lease_cmds_messages.mes
modified:   src/hooks/dhcp/lease_cmds/libloadtests/lease_cmds4_unittest.cc
modified:   src/lib/d2srv/d2_config.cc
modified:   src/lib/hooks/tests/hooks_manager_unittest.cc
modified:   src/lib/http/tests/basic_auth_config_unittests.cc
modified:   src/lib/process/d_controller.cc
modified:   src/lib/util/filesystem.cc
modified:   src/lib/util/filesystem.h
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
8ba41dcfaf [#3848] Updated the ARM 
new file:   changelog_unreleased/3848-security-policy-security-strict-relaxed
modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
d1ef7da74a [#3848] Warn if running as root 
Servers now all warn if they are running
as root.
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
a71d44c571 [#3848] Detect authentication risks 
Throw or Warn if API end points do not use some form
of authentication

Throw or Warn if 'user', 'password' - API end points
Throw or Warn if 'secret' is used  - TSIG

Disable/enable security for UTs as needed

modified:   src/bin/agent/tests/ca_cfg_mgr_unittests.cc
modified:   src/bin/agent/tests/ca_response_creator_unittests.cc
modified:   src/bin/agent/tests/get_config_unittest.cc
modified:   src/bin/d2/tests/d2_cfg_mgr_unittests.cc
modified:   src/bin/d2/tests/d2_command_unittest.cc
modified:   src/bin/d2/tests/d2_controller_unittests.cc
modified:   src/bin/d2/tests/d2_http_command_unittest.cc
modified:   src/bin/d2/tests/d2_process_unittests.cc
modified:   src/bin/d2/tests/d2_simple_parser_unittest.cc
modified:   src/bin/d2/tests/get_config_unittest.cc
modified:   src/bin/dhcp4/tests/config_parser_unittest.cc
modified:   src/bin/dhcp4/tests/dhcp4_srv_unittest.cc
modified:   src/bin/dhcp4/tests/dhcp4_test_utils.cc
modified:   src/bin/dhcp4/tests/get_config_unittest.cc
modified:   src/bin/dhcp4/tests/get_config_unittest.cc.skel
modified:   src/bin/dhcp4/tests/http_control_socket_unittest.cc
modified:   src/bin/dhcp6/tests/config_parser_unittest.cc
modified:   src/bin/dhcp6/tests/dhcp6_srv_unittest.cc
modified:   src/bin/dhcp6/tests/dhcp6_test_utils.cc
modified:   src/bin/dhcp6/tests/get_config_unittest.cc
modified:   src/bin/dhcp6/tests/get_config_unittest.cc.skel
modified:   src/bin/dhcp6/tests/http_control_socket_unittest.cc
modified:   src/lib/config/tests/http_command_config_unittests.cc
modified:   src/lib/d2srv/d2_config.cc
modified:   src/lib/d2srv/d2_messages.cc
modified:   src/lib/d2srv/d2_messages.h
modified:   src/lib/d2srv/d2_messages.mes
modified:   src/lib/http/auth_messages.cc
modified:   src/lib/http/auth_messages.h
modified:   src/lib/http/auth_messages.mes
modified:   src/lib/http/basic_auth_config.cc
modified:   src/lib/http/tests/basic_auth_config_unittests.cc
modified:   src/lib/testutils/dhcp_test_lib.sh.in
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
f8e9760eb7 [#3848] Throw or Warn if API sockets are unsecured 
/src/lib/config/config_messages.*
    COMMAND_HTTP_SOCKET_SECURITY_WARN - new message

/src/lib/config/http_command_config.*
    HttpCommandConfig::HttpCommandConfig() - throw or warn when
    socket is unsecured
    HttpCommandConfig::checkTlsSetup() - return true if valid TLS
    is configured

/src/lib/config/tests/http_command_config_unittests.cc
/src/lib/config/tests/http_command_mgr_unittests.cc
/src/lib/config/tests/http_command_response_creator_factory_unittests.cc
/src/lib/config/tests/http_command_response_creator_unittests.cc
    Udpated tests
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
17da0e67fb [#3848] Warn on socket permissions 
Warn if control socket path is valid but
socket permissions are wrong and security is
disabled.

modified:   src/lib/config/config_messages.cc
modified:   src/lib/config/config_messages.h
modified:   src/lib/config/config_messages.mes
modified:   src/lib/config/tests/unix_command_config_unittests.cc
modified:   src/lib/config/unix_command_config.cc
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
b5aeb99f98 [#3848] Warn on invalid paths when security disabled 
Warn but still use invalid paths when security is
disabled.
 2025-06-30 11:49:59 +00:00
Marcin Godzina
048b1e9b1a [#3967] release checklist update 2025-06-25 15:34:31 +02:00
Marcin Godzina
365a3edab9 [#3979] bump up kea version in meson.build 2025-06-25 15:05:27 +02:00
Marcin Godzina
9a2ba84480 [#3973] release changes Kea-3.0.0 2025-06-20 17:30:19 +02:00
Razvan Becheriu
b17769a56d
[#3907] added ChangeLog entry 2025-06-20 17:34:51 +03:00
Razvan Becheriu
2ca43e2451 [#3907] use strict format for clients in yang 2025-06-20 16:44:36 +03:00
Andrei Pavel
dfbd740911 [#3907] NETCONF: Turn authentication.clients into a string just like hooks-libraries.parameters 2025-06-20 13:29:10 +00:00
Andrei Pavel
761c7d3e6c [#3907] Progressed some more with YANG modules 2025-06-20 13:29:10 +00:00
Andrei Pavel
f624d1371a [#3907] Progressed some more with YANG modules 2025-06-20 13:29:10 +00:00
Razvan Becheriu
11290a6dcf [#3907] fixed some UTs 2025-06-20 13:29:10 +00:00
Razvan Becheriu
b9a1ab5d8a [#3907] clean up modules 2025-06-20 13:29:10 +00:00
Razvan Becheriu
2332b54725 [#3907] updated yang modules 2025-06-20 13:29:10 +00:00
Razvan Becheriu
4bc838732c [#3907] use tls for control-socket 2025-06-20 13:29:10 +00:00
Andrei Pavel
2eed0ebf82 [#3907] Get rid of skips in yang. Skip was always true 2025-06-20 13:29:10 +00:00
Razvan Becheriu
fbe7dfcac7 [#3907] fixed http-header yang parsing 2025-06-20 13:29:10 +00:00
Andrei Pavel
d4db1ab016 [#3907] Add TranslatorControlSocket::getControlSocketHttpHeaders 2025-06-20 13:29:10 +00:00
Andrei Pavel
7ebfc09344 [#3907] Update control sockets in YANG modules 2025-06-20 13:29:10 +00:00
Andrei Pavel
284368671f [#3907] Update copyright dates 2025-06-20 13:29:10 +00:00
Andrei Pavel
3d43dcdc4c [#3907] Fix some paths about reinstall.sh 2025-06-20 13:29:10 +00:00
Andrei Pavel
47d8e12cbd [#3907] Fix check-hashes.sh 2025-06-20 13:29:10 +00:00
Razvan Becheriu
84934bd275 [#3907] updated control-socket in yang modules 2025-06-20 13:29:10 +00:00
Razvan Becheriu
da41c3af25 [#3907] updated yang modules 2025-06-20 13:29:10 +00:00
Wlodek Wencel
97edcab1b8 [#3968] lib version bump up for 3.0.0 2025-06-20 12:24:05 +00:00
Tomek Mrugalski
6559a78d7d [#3966] Added note about LTS 2025-06-20 11:44:54 +00:00
Marcin Godzina
02e5289f74 [#3966] security.md update 2025-06-20 11:44:54 +00:00
Andrei Pavel
2d2036c123
[#3919] Remove leftover incomplete sentence in bison.dox 2025-06-20 14:19:54 +03:00
Francis Dupont
86d582803a
[#3919] Spelling 2025-06-20 14:17:23 +03:00
Andrei Pavel
fa61ab16b1
[#3919] Get rid of most .gitignore files. No longer needed after switch to Meson 2025-06-20 14:17:23 +03:00
Andrei Pavel
0ad94428eb
[#3919] Meson: Fix uml target 2025-06-20 14:17:23 +03:00
Andrei Pavel
5a0e270b22
[#3919] Update meson docs 2025-06-20 14:17:23 +03:00
Andrei Pavel
89ca20560c
[#3919] Update Python dependencies 2025-06-20 14:17:23 +03:00
Andrei Pavel
162ebf433d
[#3919] Fix update-python-dependencies not writing to file 2025-06-20 14:17:23 +03:00
Andrei Pavel
8f20f834b0
[#3919] Fix some TODOs related to autotools removal 2025-06-20 14:17:23 +03:00
Andrei Pavel
39c1db1b73
[#3962] Meson: Fix "-D netconf=auto" 2025-06-20 13:46:12 +03:00
Marcin Siodelski
5ee709836c [#3881] Fixed config flag in the ARM 2025-06-20 12:29:17 +02:00
Marcin Siodelski
29397a507f [#3881] Added ChangeLog for #3881 2025-06-20 12:22:10 +02:00
Marcin Siodelski
8583b53be8 [#3881] Changes after review 2025-06-20 12:22:10 +02:00
Ben Scott
862877837b [#3881] Right ref name this time maybe? 2025-06-20 12:22:10 +02:00
Ben Scott
9dbe5fb965 [#3881] Fix RST syntax snafus 2025-06-20 12:22:10 +02:00
Ben Scott
27e9cc22d8 [#3881] Typo fixes (hopefully final) 2025-06-20 12:22:10 +02:00