mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-30 05:27:55 +00:00
Code Issues Releases Wiki Activity
37,636 Commits 2,670 Branches 726 Tags
Commit Graph

37636 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Francis Dupont
c28ec9c260 [#4005] Added doc and ChangeLog entry 2025-07-10 19:13:31 +03:00
Razvan Becheriu
88c7ccee0c [#3927] fixed TLS unit tests 2025-07-10 10:39:28 +03:00
Francis Dupont
c57d680482 [#3927] Doc and chmod fixes 2025-07-09 17:52:42 +02:00
Razvan Becheriu
1cfc415b7a [#3927] updated documentation 2025-07-09 18:19:33 +03:00
Razvan Becheriu
ad5a10aada [#3927] remove ssl-mode for mysql 2025-07-09 18:14:05 +03:00
Francis Dupont
3c8b1d4b8c [#3927] Updated pgsql ssslmode code 2025-07-09 15:57:32 +02:00
Francis Dupont
e7cab5f3c8 [#3927] Updated the default to library one 2 2025-07-09 15:52:51 +02:00
Francis Dupont
854f394cae [#3927] Updated the default to library one 2025-07-09 15:35:13 +02:00
Francis Dupont
780642e3b5 [#3927] Indented SSL_MODE 2025-07-09 16:03:46 +03:00
Razvan Becheriu
1d83dd5479 [#3927] remove key-password 2025-07-09 15:40:43 +03:00
Razvan Becheriu
ff73ae4d04 [#3927] add ssl-mode parameter 2025-07-09 07:42:22 +03:00
Razvan Becheriu
485cc46cd8 [#3927] fixed unit tests 2025-07-08 14:03:11 +03:00
Razvan Becheriu
7b961f6b78 [#3927] add TLS parameters to pgsql connection 2025-07-08 10:59:42 +00:00
William Leuschner
04b4bfcbb6
[#3978] Correct reference to kea-lfc in 5.3.1 2025-07-02 12:08:15 -04:00
Andrei Pavel
4c78eed897
[#3848] Adapt packaging in Hammer to the -X changes 2025-07-02 10:28:07 +03:00
Andrei Pavel
7142f01378
[#3848] Fix fuzzers after security enforcement 2025-07-01 15:59:02 +03:00
Thomas Markwalder
245776a812 [#3848] Addressed review comments 
modified:   src/bin/keactrl/kea-ctrl-agent.conf.pre
 2025-07-01 11:54:12 +00:00
Thomas Markwalder
067ed4448a [#3848] Remove user from default agent file 
modified:   src/bin/keactrl/kea-ctrl-agent.conf.pre
 2025-07-01 11:54:12 +00:00
Suzanne Goldlust
3aa9dc86d8 [#3980] Removed outdated reference to SF portal 2025-06-30 19:11:39 +00:00
Thomas Markwalder
93260a8664 [#3848] Fix duplicated log ids 
modified:   src/bin/dhcp4/dhcp4_messages.mes
modified:   src/bin/dhcp6/dhcp6_messages.mes
modified:   src/lib/d2srv/d2_messages.mes
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
fe696acbb6 [#3848] Fix element position reporting 
modified:   src/lib/cc/data.cc
    altered data::copy() to also copy the source element's position

modified:   src/bin/dhcp4/json_config_parser.cc
modified:   src/hooks/dhcp/lease_query/tests/lease_query_impl4_unittest.cc
modified:   src/lib/http/tests/basic_auth_config_unittests.cc
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
0a85700c28 [#3848] Change risk to policy 
modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
d8eb27b3fa [#3848] Replace WARN with WARNING some more 2025-06-30 11:49:59 +00:00
Thomas Markwalder
33caead065 [#3848] Make message IDs consistent 2025-06-30 11:49:59 +00:00
Marcin Siodelski
15a78bcfc3 [#3848] Fixed whitespace 2025-06-30 11:49:59 +00:00
Thomas Markwalder
b3ded306f3 [#3848] Addressed review comments 
Fixed minor nits

modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst
modified:   src/bin/dhcp4/main.cc
modified:   src/bin/dhcp6/main.cc
modified:   src/hooks/dhcp/host_cache/tests/command_unittests.cc
modified:   src/hooks/dhcp/lease_cmds/lease_cmds.cc
modified:   src/hooks/dhcp/lease_cmds/lease_cmds_messages.cc
modified:   src/hooks/dhcp/lease_cmds/lease_cmds_messages.h
modified:   src/hooks/dhcp/lease_cmds/lease_cmds_messages.mes
modified:   src/hooks/dhcp/lease_cmds/libloadtests/lease_cmds4_unittest.cc
modified:   src/lib/d2srv/d2_config.cc
modified:   src/lib/hooks/tests/hooks_manager_unittest.cc
modified:   src/lib/http/tests/basic_auth_config_unittests.cc
modified:   src/lib/process/d_controller.cc
modified:   src/lib/util/filesystem.cc
modified:   src/lib/util/filesystem.h
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
8ba41dcfaf [#3848] Updated the ARM 
new file:   changelog_unreleased/3848-security-policy-security-strict-relaxed
modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
d1ef7da74a [#3848] Warn if running as root 
Servers now all warn if they are running
as root.
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
a71d44c571 [#3848] Detect authentication risks 
Throw or Warn if API end points do not use some form
of authentication

Throw or Warn if 'user', 'password' - API end points
Throw or Warn if 'secret' is used  - TSIG

Disable/enable security for UTs as needed

modified:   src/bin/agent/tests/ca_cfg_mgr_unittests.cc
modified:   src/bin/agent/tests/ca_response_creator_unittests.cc
modified:   src/bin/agent/tests/get_config_unittest.cc
modified:   src/bin/d2/tests/d2_cfg_mgr_unittests.cc
modified:   src/bin/d2/tests/d2_command_unittest.cc
modified:   src/bin/d2/tests/d2_controller_unittests.cc
modified:   src/bin/d2/tests/d2_http_command_unittest.cc
modified:   src/bin/d2/tests/d2_process_unittests.cc
modified:   src/bin/d2/tests/d2_simple_parser_unittest.cc
modified:   src/bin/d2/tests/get_config_unittest.cc
modified:   src/bin/dhcp4/tests/config_parser_unittest.cc
modified:   src/bin/dhcp4/tests/dhcp4_srv_unittest.cc
modified:   src/bin/dhcp4/tests/dhcp4_test_utils.cc
modified:   src/bin/dhcp4/tests/get_config_unittest.cc
modified:   src/bin/dhcp4/tests/get_config_unittest.cc.skel
modified:   src/bin/dhcp4/tests/http_control_socket_unittest.cc
modified:   src/bin/dhcp6/tests/config_parser_unittest.cc
modified:   src/bin/dhcp6/tests/dhcp6_srv_unittest.cc
modified:   src/bin/dhcp6/tests/dhcp6_test_utils.cc
modified:   src/bin/dhcp6/tests/get_config_unittest.cc
modified:   src/bin/dhcp6/tests/get_config_unittest.cc.skel
modified:   src/bin/dhcp6/tests/http_control_socket_unittest.cc
modified:   src/lib/config/tests/http_command_config_unittests.cc
modified:   src/lib/d2srv/d2_config.cc
modified:   src/lib/d2srv/d2_messages.cc
modified:   src/lib/d2srv/d2_messages.h
modified:   src/lib/d2srv/d2_messages.mes
modified:   src/lib/http/auth_messages.cc
modified:   src/lib/http/auth_messages.h
modified:   src/lib/http/auth_messages.mes
modified:   src/lib/http/basic_auth_config.cc
modified:   src/lib/http/tests/basic_auth_config_unittests.cc
modified:   src/lib/testutils/dhcp_test_lib.sh.in
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
f8e9760eb7 [#3848] Throw or Warn if API sockets are unsecured 
/src/lib/config/config_messages.*
    COMMAND_HTTP_SOCKET_SECURITY_WARN - new message

/src/lib/config/http_command_config.*
    HttpCommandConfig::HttpCommandConfig() - throw or warn when
    socket is unsecured
    HttpCommandConfig::checkTlsSetup() - return true if valid TLS
    is configured

/src/lib/config/tests/http_command_config_unittests.cc
/src/lib/config/tests/http_command_mgr_unittests.cc
/src/lib/config/tests/http_command_response_creator_factory_unittests.cc
/src/lib/config/tests/http_command_response_creator_unittests.cc
    Udpated tests
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
17da0e67fb [#3848] Warn on socket permissions 
Warn if control socket path is valid but
socket permissions are wrong and security is
disabled.

modified:   src/lib/config/config_messages.cc
modified:   src/lib/config/config_messages.h
modified:   src/lib/config/config_messages.mes
modified:   src/lib/config/tests/unix_command_config_unittests.cc
modified:   src/lib/config/unix_command_config.cc
 2025-06-30 11:49:59 +00:00
Thomas Markwalder
b5aeb99f98 [#3848] Warn on invalid paths when security disabled 
Warn but still use invalid paths when security is
disabled.
 2025-06-30 11:49:59 +00:00
Marcin Godzina
048b1e9b1a [#3967] release checklist update 2025-06-25 15:34:31 +02:00
Marcin Godzina
365a3edab9 [#3979] bump up kea version in meson.build 2025-06-25 15:05:27 +02:00
Marcin Godzina
9a2ba84480 [#3973] release changes Kea-3.0.0 2025-06-20 17:30:19 +02:00
Razvan Becheriu
b17769a56d
[#3907] added ChangeLog entry 2025-06-20 17:34:51 +03:00
Razvan Becheriu
2ca43e2451 [#3907] use strict format for clients in yang 2025-06-20 16:44:36 +03:00
Andrei Pavel
dfbd740911 [#3907] NETCONF: Turn authentication.clients into a string just like hooks-libraries.parameters 2025-06-20 13:29:10 +00:00
Andrei Pavel
761c7d3e6c [#3907] Progressed some more with YANG modules 2025-06-20 13:29:10 +00:00
Andrei Pavel
f624d1371a [#3907] Progressed some more with YANG modules 2025-06-20 13:29:10 +00:00
Razvan Becheriu
11290a6dcf [#3907] fixed some UTs 2025-06-20 13:29:10 +00:00
Razvan Becheriu
b9a1ab5d8a [#3907] clean up modules 2025-06-20 13:29:10 +00:00
Razvan Becheriu
2332b54725 [#3907] updated yang modules 2025-06-20 13:29:10 +00:00
Razvan Becheriu
4bc838732c [#3907] use tls for control-socket 2025-06-20 13:29:10 +00:00
Andrei Pavel
2eed0ebf82 [#3907] Get rid of skips in yang. Skip was always true 2025-06-20 13:29:10 +00:00
Razvan Becheriu
fbe7dfcac7 [#3907] fixed http-header yang parsing 2025-06-20 13:29:10 +00:00
Andrei Pavel
d4db1ab016 [#3907] Add TranslatorControlSocket::getControlSocketHttpHeaders 2025-06-20 13:29:10 +00:00
Andrei Pavel
7ebfc09344 [#3907] Update control sockets in YANG modules 2025-06-20 13:29:10 +00:00
Andrei Pavel
284368671f [#3907] Update copyright dates 2025-06-20 13:29:10 +00:00
Andrei Pavel
3d43dcdc4c [#3907] Fix some paths about reinstall.sh 2025-06-20 13:29:10 +00:00