/* PostgreSQL is present */
#mesondefine HAVE_PGSQL
-/* PostgreSQL was built with OpenSSL support */
-#mesondefine HAVE_PGSQL_SSL
-
/* PostgreSQL connection parameter tcp_user_timeout supported */
#mesondefine HAVE_PGSQL_TCP_USER_TIMEOUT
#### Configuration Data
# TODO: Remaining define macros used in code, but not handled by meson:
-# - HAVE_PGSQL_SSL
# - USE_STATIC_LINK
conf_data = configuration_data(
tls += parameters.count("cert-file");
tls += parameters.count("key-file");
tls += parameters.count("cipher-list");
-#ifdef HAVE_PGSQL_SSL
- if ((tls > 0) && !PgSqlConnection::warned_about_tls) {
- PgSqlConnection::warned_about_tls = true;
- LOG_INFO(pgsql_cb_logger, PGSQL_CB_TLS_SUPPORT)
- .arg(DatabaseConnection::redactedAccessString(parameters);
- PQinitSSL(1);
- }
-#else
- if (tls > 0) {
- LOG_ERROR(pgsql_cb_logger, PGSQL_CB_NO_TLS_SUPPORT)
- .arg(DatabaseConnection::redactedAccessString(parameters));
- isc_throw(DbOpenError, "Attempt to configure TLS for PostgreSQL "
- << "backend (built with this feature disabled)");
- }
-#endif
// Create unique timer name per instance.
timer_name_ = "PgSqlConfigBackend";
}
}
-void
+void
PgSqlConfigBackendImpl::addClientClassesBinding(db::PsqlBindArray& bindings,
const ClientClasses& client_classes) {
// Create JSON list of client classes.
extern const isc::log::MessageID PGSQL_CB_GET_SUBNET6_BY_SUBNET_ID = "PGSQL_CB_GET_SUBNET6_BY_SUBNET_ID";
extern const isc::log::MessageID PGSQL_CB_GET_TYPE4 = "PGSQL_CB_GET_TYPE4";
extern const isc::log::MessageID PGSQL_CB_GET_TYPE6 = "PGSQL_CB_GET_TYPE6";
-extern const isc::log::MessageID PGSQL_CB_NO_TLS_SUPPORT = "PGSQL_CB_NO_TLS_SUPPORT";
extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_FAILED4 = "PGSQL_CB_RECONNECT_ATTEMPT_FAILED4";
extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_FAILED6 = "PGSQL_CB_RECONNECT_ATTEMPT_FAILED6";
extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_SCHEDULE4 = "PGSQL_CB_RECONNECT_ATTEMPT_SCHEDULE4";
extern const isc::log::MessageID PGSQL_CB_RECONNECT_FAILED6 = "PGSQL_CB_RECONNECT_FAILED6";
extern const isc::log::MessageID PGSQL_CB_REGISTER_BACKEND_TYPE4 = "PGSQL_CB_REGISTER_BACKEND_TYPE4";
extern const isc::log::MessageID PGSQL_CB_REGISTER_BACKEND_TYPE6 = "PGSQL_CB_REGISTER_BACKEND_TYPE6";
-extern const isc::log::MessageID PGSQL_CB_TLS_SUPPORT = "PGSQL_CB_TLS_SUPPORT";
extern const isc::log::MessageID PGSQL_CB_UNREGISTER_BACKEND_TYPE4 = "PGSQL_CB_UNREGISTER_BACKEND_TYPE4";
extern const isc::log::MessageID PGSQL_CB_UNREGISTER_BACKEND_TYPE6 = "PGSQL_CB_UNREGISTER_BACKEND_TYPE6";
"PGSQL_CB_GET_SUBNET6_BY_SUBNET_ID", "retrieving subnet by subnet id: %1",
"PGSQL_CB_GET_TYPE4", "get type",
"PGSQL_CB_GET_TYPE6", "get type",
- "PGSQL_CB_NO_TLS_SUPPORT", "Attempt to configure TLS (unsupported for PostgreSQL): %1",
"PGSQL_CB_RECONNECT_ATTEMPT_FAILED4", "database reconnect failed: %1",
"PGSQL_CB_RECONNECT_ATTEMPT_FAILED6", "database reconnect failed: %1",
"PGSQL_CB_RECONNECT_ATTEMPT_SCHEDULE4", "scheduling attempt %1 of %2 in %3 milliseconds",
"PGSQL_CB_RECONNECT_FAILED6", "maximum number of database reconnect attempts: %1, has been exhausted without success",
"PGSQL_CB_REGISTER_BACKEND_TYPE4", "register backend",
"PGSQL_CB_REGISTER_BACKEND_TYPE6", "register backend",
- "PGSQL_CB_TLS_SUPPORT", "Attempt to configure TLS: %1",
"PGSQL_CB_UNREGISTER_BACKEND_TYPE4", "unregister backend",
"PGSQL_CB_UNREGISTER_BACKEND_TYPE6", "unregister backend",
NULL
extern const isc::log::MessageID PGSQL_CB_GET_SUBNET6_BY_SUBNET_ID;
extern const isc::log::MessageID PGSQL_CB_GET_TYPE4;
extern const isc::log::MessageID PGSQL_CB_GET_TYPE6;
-extern const isc::log::MessageID PGSQL_CB_NO_TLS_SUPPORT;
extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_FAILED4;
extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_FAILED6;
extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_SCHEDULE4;
extern const isc::log::MessageID PGSQL_CB_RECONNECT_FAILED6;
extern const isc::log::MessageID PGSQL_CB_REGISTER_BACKEND_TYPE4;
extern const isc::log::MessageID PGSQL_CB_REGISTER_BACKEND_TYPE6;
-extern const isc::log::MessageID PGSQL_CB_TLS_SUPPORT;
extern const isc::log::MessageID PGSQL_CB_UNREGISTER_BACKEND_TYPE4;
extern const isc::log::MessageID PGSQL_CB_UNREGISTER_BACKEND_TYPE6;
Logged at debug log level 40.
Debug message issued when triggered an action to retrieve type
-% PGSQL_CB_NO_TLS_SUPPORT Attempt to configure TLS (unsupported for PostgreSQL): %1
-This error message is printed when TLS support was required in the Kea
-configuration: Kea was built with this feature disabled for PostgreSQL.
-The parameters of the connection are logged.
-
% PGSQL_CB_RECONNECT_ATTEMPT_FAILED4 database reconnect failed: %1
Error message issued when an attempt to reconnect has failed.
Logged at debug log level 40.
Debug message issued when triggered an action to register backend
-% PGSQL_CB_TLS_SUPPORT Attempt to configure TLS: %1
-This informational message is printed when TLS support was required in
-the Kea configuration: The TLS support in PostgreSQL will be initialized but
-its configuration is fully managed outside the C API.
-The parameters of the connection are logged.
-
% PGSQL_CB_UNREGISTER_BACKEND_TYPE4 unregister backend
Logged at debug log level 40.
Debug message issued when triggered an action to unregister backend
extern const isc::log::MessageID LEGAL_LOG_PGSQL_GET_VERSION = "LEGAL_LOG_PGSQL_GET_VERSION";
extern const isc::log::MessageID LEGAL_LOG_PGSQL_INSERT_LOG = "LEGAL_LOG_PGSQL_INSERT_LOG";
extern const isc::log::MessageID LEGAL_LOG_PGSQL_INVALID_ACCESS = "LEGAL_LOG_PGSQL_INVALID_ACCESS";
-extern const isc::log::MessageID LEGAL_LOG_PGSQL_NO_TLS_SUPPORT = "LEGAL_LOG_PGSQL_NO_TLS_SUPPORT";
extern const isc::log::MessageID LEGAL_LOG_PGSQL_ROLLBACK = "LEGAL_LOG_PGSQL_ROLLBACK";
extern const isc::log::MessageID LEGAL_LOG_PGSQL_START_TRANSACTION = "LEGAL_LOG_PGSQL_START_TRANSACTION";
-extern const isc::log::MessageID LEGAL_LOG_PGSQL_TLS_SUPPORT = "LEGAL_LOG_PGSQL_TLS_SUPPORT";
extern const isc::log::MessageID PGSQL_FB_DB = "PGSQL_FB_DB";
} // namespace dhcp
"LEGAL_LOG_PGSQL_GET_VERSION", "obtaining schema version information",
"LEGAL_LOG_PGSQL_INSERT_LOG", "Adding a log entry to the database: %1",
"LEGAL_LOG_PGSQL_INVALID_ACCESS", "invalid database access string: %1",
- "LEGAL_LOG_PGSQL_NO_TLS_SUPPORT", "Attempt to configure TLS (unsupported for PostgreSQL): %1",
"LEGAL_LOG_PGSQL_ROLLBACK", "rolling back PostgreSQL database",
"LEGAL_LOG_PGSQL_START_TRANSACTION", "starting a new PostgreSQL transaction",
- "LEGAL_LOG_PGSQL_TLS_SUPPORT", "Attempt to configure TLS: %1",
"PGSQL_FB_DB", "opening PostgreSQL log database: %1",
NULL
};
extern const isc::log::MessageID LEGAL_LOG_PGSQL_GET_VERSION;
extern const isc::log::MessageID LEGAL_LOG_PGSQL_INSERT_LOG;
extern const isc::log::MessageID LEGAL_LOG_PGSQL_INVALID_ACCESS;
-extern const isc::log::MessageID LEGAL_LOG_PGSQL_NO_TLS_SUPPORT;
extern const isc::log::MessageID LEGAL_LOG_PGSQL_ROLLBACK;
extern const isc::log::MessageID LEGAL_LOG_PGSQL_START_TRANSACTION;
-extern const isc::log::MessageID LEGAL_LOG_PGSQL_TLS_SUPPORT;
extern const isc::log::MessageID PGSQL_FB_DB;
} // namespace dhcp
should be of the form 'keyword=value keyword=value...' is included in
the message.
-% LEGAL_LOG_PGSQL_NO_TLS_SUPPORT Attempt to configure TLS (unsupported for PostgreSQL): %1
-This error message is printed when TLS support was required in the Kea
-configuration: Kea was built with this feature disabled for PostgreSQL.
-The parameters of the connection are logged.
-
% LEGAL_LOG_PGSQL_ROLLBACK rolling back PostgreSQL database
The code has issued a rollback call. All outstanding transaction will
be rolled back and not committed to the database.
and there may be a need to rollback the whole transaction if
any of these INSERT statements fail.
-% LEGAL_LOG_PGSQL_TLS_SUPPORT Attempt to configure TLS: %1
-This informational message is printed when TLS support was required in
-the Kea configuration: The TLS support in PostgreSQL will be initialized but
-its configuration is fully managed outside the C API.
-The parameters of the connection are logged.
-
% PGSQL_FB_DB opening PostgreSQL log database: %1
This informational message is logged when a legal log hook library is
about to open a PostgreSQL log database. The parameters of the
extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_ATTEMPT_FAILED = "PGSQL_HB_DB_RECONNECT_ATTEMPT_FAILED";
extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_ATTEMPT_SCHEDULE = "PGSQL_HB_DB_RECONNECT_ATTEMPT_SCHEDULE";
extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_FAILED = "PGSQL_HB_DB_RECONNECT_FAILED";
-extern const isc::log::MessageID PGSQL_HB_NO_TLS_SUPPORT = "PGSQL_HB_NO_TLS_SUPPORT";
-extern const isc::log::MessageID PGSQL_HB_TLS_SUPPORT = "PGSQL_HB_TLS_SUPPORT";
} // namespace dhcp
} // namespace isc
"PGSQL_HB_DB_RECONNECT_ATTEMPT_FAILED", "database reconnect failed: %1",
"PGSQL_HB_DB_RECONNECT_ATTEMPT_SCHEDULE", "scheduling attempt %1 of %2 in %3 milliseconds",
"PGSQL_HB_DB_RECONNECT_FAILED", "maximum number of database reconnect attempts: %1, has been exhausted without success",
- "PGSQL_HB_NO_TLS_SUPPORT", "Attempt to configure TLS (unsupported for PostgreSQL): %1",
- "PGSQL_HB_TLS_SUPPORT", "Attempt to configure TLS: %1",
NULL
};
extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_ATTEMPT_FAILED;
extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_ATTEMPT_SCHEDULE;
extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_FAILED;
-extern const isc::log::MessageID PGSQL_HB_NO_TLS_SUPPORT;
-extern const isc::log::MessageID PGSQL_HB_TLS_SUPPORT;
} // namespace dhcp
} // namespace isc
-# Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2024-2025 Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
% PGSQL_HB_DB_RECONNECT_FAILED maximum number of database reconnect attempts: %1, has been exhausted without success
An error message issued when the server failed to reconnect. Loss of connectivity
is typically a network or database server issue.
-
-% PGSQL_HB_NO_TLS_SUPPORT Attempt to configure TLS (unsupported for PostgreSQL): %1
-This error message is printed when TLS support was required in the Kea
-configuration: Kea was built with this feature disabled for PostgreSQL.
-The parameters of the connection are logged.
-
-% PGSQL_HB_TLS_SUPPORT Attempt to configure TLS: %1
-This informational message is printed when TLS support was required in
-the Kea configuration: The TLS support in PostgreSQL will be initialized but
-its configuration is fully managed outside the C API.
-The parameters of the connection are logged.
tls += parameters.count("cert-file");
tls += parameters.count("key-file");
tls += parameters.count("cipher-list");
-#ifdef HAVE_PGSQL_SSL
- if ((tls > 0) && !PgSqlConnection::warned_about_tls) {
- PgSqlConnection::warned_about_tls = true;
- LOG_INFO(pgsql_hb_logger, PGSQL_HB_TLS_SUPPORT)
- .arg(DatabaseConnection::redactedAccessString(parameters_));
- PQinitSSL(1);
- }
-#else
- if (tls > 0) {
- LOG_ERROR(pgsql_hb_logger, PGSQL_HB_NO_TLS_SUPPORT)
- .arg(DatabaseConnection::redactedAccessString(parameters_));
- isc_throw(DbOpenError, "Attempt to configure TLS for PostgreSQL "
- << "backend (built with this feature disabled)");
- }
-#endif
// Create unique timer name per instance.
timer_name_ = "PgSqlHostMgr[";
extern const isc::log::MessageID PGSQL_LB_GET_SUBID_PAGE6 = "PGSQL_LB_GET_SUBID_PAGE6";
extern const isc::log::MessageID PGSQL_LB_GET_VERSION = "PGSQL_LB_GET_VERSION";
extern const isc::log::MessageID PGSQL_LB_NEGATIVE_LEASES_STAT = "PGSQL_LB_NEGATIVE_LEASES_STAT";
-extern const isc::log::MessageID PGSQL_LB_NO_TLS_SUPPORT = "PGSQL_LB_NO_TLS_SUPPORT";
extern const isc::log::MessageID PGSQL_LB_ROLLBACK = "PGSQL_LB_ROLLBACK";
-extern const isc::log::MessageID PGSQL_LB_TLS_SUPPORT = "PGSQL_LB_TLS_SUPPORT";
extern const isc::log::MessageID PGSQL_LB_UPDATE_ADDR4 = "PGSQL_LB_UPDATE_ADDR4";
extern const isc::log::MessageID PGSQL_LB_UPDATE_ADDR6 = "PGSQL_LB_UPDATE_ADDR6";
extern const isc::log::MessageID PGSQL_LB_UPGRADE_EXTENDED_INFO4 = "PGSQL_LB_UPGRADE_EXTENDED_INFO4";
"PGSQL_LB_GET_SUBID_PAGE6", "obtaining at most %1 IPv6 leases starting from address %2 for subnet ID %3",
"PGSQL_LB_GET_VERSION", "obtaining schema version information",
"PGSQL_LB_NEGATIVE_LEASES_STAT", "recount of leases returned a negative value",
- "PGSQL_LB_NO_TLS_SUPPORT", "Attempt to configure TLS (unsupported for PostgreSQL): %1",
"PGSQL_LB_ROLLBACK", "rolling back PostgreSQL database",
- "PGSQL_LB_TLS_SUPPORT", "Attempt to configure TLS: %1",
"PGSQL_LB_UPDATE_ADDR4", "updating IPv4 lease for address %1",
"PGSQL_LB_UPDATE_ADDR6", "updating IPv6 lease for address %1, lease type %2",
"PGSQL_LB_UPGRADE_EXTENDED_INFO4", "upgrading IPv4 leases done in %1 pages with %2 updated leases",
extern const isc::log::MessageID PGSQL_LB_GET_SUBID_PAGE6;
extern const isc::log::MessageID PGSQL_LB_GET_VERSION;
extern const isc::log::MessageID PGSQL_LB_NEGATIVE_LEASES_STAT;
-extern const isc::log::MessageID PGSQL_LB_NO_TLS_SUPPORT;
extern const isc::log::MessageID PGSQL_LB_ROLLBACK;
-extern const isc::log::MessageID PGSQL_LB_TLS_SUPPORT;
extern const isc::log::MessageID PGSQL_LB_UPDATE_ADDR4;
extern const isc::log::MessageID PGSQL_LB_UPDATE_ADDR6;
extern const isc::log::MessageID PGSQL_LB_UPGRADE_EXTENDED_INFO4;
-# Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2024-2025 Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
which can be fixed only by an offline direct recount on the database.
This message is issued only once.
-% PGSQL_LB_NO_TLS_SUPPORT Attempt to configure TLS (unsupported for PostgreSQL): %1
-This error message is printed when TLS support was required in the Kea
-configuration: Kea was built with this feature disabled for PostgreSQL.
-The parameters of the connection are logged.
-
% PGSQL_LB_ROLLBACK rolling back PostgreSQL database
Logged at debug log level 50.
The code has issued a rollback call. All outstanding transaction will
be rolled back and not committed to the database.
-% PGSQL_LB_TLS_SUPPORT Attempt to configure TLS: %1
-This informational message is printed when TLS support was required in
-the Kea configuration: The TLS support in PostgreSQL will be initialized but
-its configuration is fully managed outside the C API.
-The parameters of the connection are logged.
-
% PGSQL_LB_UPDATE_ADDR4 updating IPv4 lease for address %1
Logged at debug log level 50.
A debug message issued when the server is attempting to update IPv4
tls += parameters.count("cert-file");
tls += parameters.count("key-file");
tls += parameters.count("cipher-list");
-#ifdef HAVE_PGSQL_SSL
- if ((tls > 0) && !PgSqlConnection::warned_about_tls) {
- PgSqlConnection::warned_about_tls = true;
- LOG_INFO(pgsql_lb_logger, PGSQL_LB_TLS_SUPPORT)
- .arg(DatabaseConnection::redactedAccessString(parameters_));
- PQinitSSL(1);
- }
-#else
- if (tls > 0) {
- LOG_ERROR(pgsql_lb_logger, PGSQL_LB_NO_TLS_SUPPORT)
- .arg(DatabaseConnection::redactedAccessString(parameters_));
- isc_throw(DbOpenError, "Attempt to configure TLS for PostgreSQL "
- << "backend (built with this feature disabled)");
- }
-#endif
// Create unique timer name per instance.
timer_name_ = "PgSqlLeaseMgr[";
tls += parameters.count("cert-file");
tls += parameters.count("key-file");
tls += parameters.count("cipher-list");
-#ifdef HAVE_PGSQL_SSL
- if ((tls > 0) && !PgSqlConnection::warned_about_tls) {
- PgSqlConnection::warned_about_tls = true;
- LOG_INFO(pgsql_fb_logger, LEGAL_LOG_PGSQL_TLS_SUPPORT)
- .arg(DatabaseConnection::redactedAccessString(parameters));
- PQinitSSL(1);
- }
-#else
- if (tls > 0) {
- LOG_ERROR(pgsql_fb_logger, LEGAL_LOG_PGSQL_NO_TLS_SUPPORT)
- .arg(DatabaseConnection::redactedAccessString(parameters));
- isc_throw(DbOpenError, "Attempt to configure TLS for PostgreSQL "
- << "backend (built with this feature disabled)");
- }
-#endif
// Test schema version first.
pair<uint32_t, uint32_t> code_version(PGSQL_SCHEMA_VERSION_MAJOR,
NoDatabaseName);
// Check for SSL/TLS support.
-#ifdef HAVE_PGSQL_SSL
EXPECT_NO_THROW(HostMgr::addBackend(connectionString(
PGSQL_VALID_TYPE, VALID_NAME, VALID_HOST, VALID_USER, VALID_PASSWORD,
0, 0, 0, 0, VALID_CA)));
-#else
- EXPECT_THROW(HostMgr::addBackend(connectionString(
- PGSQL_VALID_TYPE, VALID_NAME, VALID_HOST, VALID_USER, VALID_PASSWORD,
- 0, 0, 0, 0, VALID_CA)), DbOpenError);
-#endif
// Tidy up after the test
destroyPgSQLSchema();
NoDatabaseName);
// Check for SSL/TLS support.
-#ifdef HAVE_PGSQL_SSL
EXPECT_NO_THROW(LeaseMgrFactory::create(connectionString(
PGSQL_VALID_TYPE, VALID_NAME, VALID_HOST, VALID_USER, VALID_PASSWORD,
0, 0, 0, 0, VALID_CA)));
-#else
- EXPECT_THROW(LeaseMgrFactory::create(connectionString(
- PGSQL_VALID_TYPE, VALID_NAME, VALID_HOST, VALID_USER, VALID_PASSWORD,
- 0, 0, 0, 0, VALID_CA)), DbOpenError);
-#endif
// Check for extended info tables.
const char* EX_INFO = "extended-info-tables=true";
projects / thirdparty / kea.git / commitdiff
