From: Andrei Pavel Date: Thu, 8 Apr 2021 07:22:14 +0000 (+0300) Subject: [#1721] Dhcpv[46]Srv::redactConfig X-Git-Tag: Kea-1.9.8~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c7c23451b98bdcec2bd465de6a7a4e8f10481d0;p=thirdparty%2Fkea.git [#1721] Dhcpv[46]Srv::redactConfig --- diff --git a/src/bin/agent/ca_cfg_mgr.cc b/src/bin/agent/ca_cfg_mgr.cc index 803793a686..5e873fd19f 100644 --- a/src/bin/agent/ca_cfg_mgr.cc +++ b/src/bin/agent/ca_cfg_mgr.cc @@ -141,11 +141,11 @@ CtrlAgentCfgMgr::parse(ConstElementPtr config_set, bool check_only) { std::list> CtrlAgentCfgMgr::jsonPathsToRedact() const { - static std::list> _({ + static std::list> const list({ {"authentication", "clients"}, {"hooks-libraries", "parameters"}, }); - return _; + return list; } data::ConstElementPtr diff --git a/src/bin/d2/d2_cfg_mgr.cc b/src/bin/d2/d2_cfg_mgr.cc index fd8eaf5db8..91f7325332 100644 --- a/src/bin/d2/d2_cfg_mgr.cc +++ b/src/bin/d2/d2_cfg_mgr.cc @@ -311,10 +311,10 @@ D2CfgMgr::parse(isc::data::ConstElementPtr config_set, bool check_only) { std::list> D2CfgMgr::jsonPathsToRedact() const { - static std::list> _({ + static std::list> const list({ {"tsig-keys"}, }); - return _; + return list; } } // namespace d2 diff --git a/src/bin/dhcp4/ctrl_dhcp4_srv.cc b/src/bin/dhcp4/ctrl_dhcp4_srv.cc index d2f5bd24c6..5c04ba0c7b 100644 --- a/src/bin/dhcp4/ctrl_dhcp4_srv.cc +++ b/src/bin/dhcp4/ctrl_dhcp4_srv.cc @@ -850,10 +850,6 @@ ControlledDhcpv4Srv::processCommand(const string& command, isc::data::ConstElementPtr ControlledDhcpv4Srv::processConfig(isc::data::ConstElementPtr config) { - - LOG_DEBUG(dhcp4_logger, DBG_DHCP4_COMMAND, DHCP4_CONFIG_RECEIVED) - .arg(Dhcpv4Srv::redactConfig(config)->str()); - ControlledDhcpv4Srv* srv = ControlledDhcpv4Srv::getInstance(); // Single stream instance used in all error clauses @@ -864,6 +860,9 @@ ControlledDhcpv4Srv::processConfig(isc::data::ConstElementPtr config) { return (isc::config::createAnswer(1, err.str())); } + LOG_DEBUG(dhcp4_logger, DBG_DHCP4_COMMAND, DHCP4_CONFIG_RECEIVED) + .arg(srv->redactConfig(config)->str()); + ConstElementPtr answer = configureDhcp4Server(*srv, config); // Check that configuration was successful. If not, do not reopen sockets @@ -1030,7 +1029,7 @@ isc::data::ConstElementPtr ControlledDhcpv4Srv::checkConfig(isc::data::ConstElementPtr config) { LOG_DEBUG(dhcp4_logger, DBG_DHCP4_COMMAND, DHCP4_CONFIG_RECEIVED) - .arg(Dhcpv4Srv::redactConfig(config)->str()); + .arg(redactConfig(config)->str()); ControlledDhcpv4Srv* srv = ControlledDhcpv4Srv::getInstance(); diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc index 041c3d0386..462b5958a5 100644 --- a/src/bin/dhcp4/dhcp4_srv.cc +++ b/src/bin/dhcp4/dhcp4_srv.cc @@ -4069,5 +4069,16 @@ void Dhcpv4Srv::discardPackets() { HooksManager::clearParkingLots(); } +std::list> Dhcpv4Srv::jsonPathsToRedact() const { + static std::list> const list({ + {"config-control", "config-databases"}, + {"hooks-libraries", "parameters"}, + {"hosts-database"}, + {"hosts-databases"}, + {"lease-database"}, + }); + return list; +} + } // namespace dhcp } // namespace isc diff --git a/src/bin/dhcp4/dhcp4_srv.h b/src/bin/dhcp4/dhcp4_srv.h index c8dafa1b9a..881a48f87d 100644 --- a/src/bin/dhcp4/dhcp4_srv.h +++ b/src/bin/dhcp4/dhcp4_srv.h @@ -1161,6 +1161,13 @@ public: /// @brief Returns the index for "lease4_decline" hook point /// @return the index for "lease4_decline" hook point static int getHookIndexLease4Decline(); + + /// @brief Return a list of all paths that contain passwords or secrets for + /// kea-dhcp4. + /// + /// @return the list of lists of sequential JSON map keys needed to reach + /// the passwords and secrets. + std::list> jsonPathsToRedact() const final override; }; } // namespace dhcp diff --git a/src/bin/dhcp4/json_config_parser.cc b/src/bin/dhcp4/json_config_parser.cc index db23881228..be0a81005a 100644 --- a/src/bin/dhcp4/json_config_parser.cc +++ b/src/bin/dhcp4/json_config_parser.cc @@ -328,7 +328,7 @@ configureDhcp4Server(Dhcpv4Srv& server, isc::data::ConstElementPtr config_set, } LOG_DEBUG(dhcp4_logger, DBG_DHCP4_COMMAND, DHCP4_CONFIG_START) - .arg(Dhcpv4Srv::redactConfig(config_set)->str()); + .arg(server.redactConfig(config_set)->str()); // Before starting any subnet operations, let's reset the subnet-id counter, // so newly recreated configuration starts with first subnet-id equal 1. diff --git a/src/bin/dhcp6/ctrl_dhcp6_srv.cc b/src/bin/dhcp6/ctrl_dhcp6_srv.cc index 6a1d46c5a3..db9f05049f 100644 --- a/src/bin/dhcp6/ctrl_dhcp6_srv.cc +++ b/src/bin/dhcp6/ctrl_dhcp6_srv.cc @@ -854,9 +854,6 @@ ControlledDhcpv6Srv::processCommand(const string& command, isc::data::ConstElementPtr ControlledDhcpv6Srv::processConfig(isc::data::ConstElementPtr config) { - LOG_DEBUG(dhcp6_logger, DBG_DHCP6_COMMAND, DHCP6_CONFIG_RECEIVED) - .arg(Dhcpv6Srv::redactConfig(config)->str()); - ControlledDhcpv6Srv* srv = ControlledDhcpv6Srv::getInstance(); // Single stream instance used in all error clauses @@ -867,6 +864,9 @@ ControlledDhcpv6Srv::processConfig(isc::data::ConstElementPtr config) { return (isc::config::createAnswer(1, err.str())); } + LOG_DEBUG(dhcp6_logger, DBG_DHCP6_COMMAND, DHCP6_CONFIG_RECEIVED) + .arg(srv->redactConfig(config)->str()); + ConstElementPtr answer = configureDhcp6Server(*srv, config); // Check that configuration was successful. If not, do not reopen sockets @@ -1051,7 +1051,7 @@ isc::data::ConstElementPtr ControlledDhcpv6Srv::checkConfig(isc::data::ConstElementPtr config) { LOG_DEBUG(dhcp6_logger, DBG_DHCP6_COMMAND, DHCP6_CONFIG_RECEIVED) - .arg(Dhcpv6Srv::redactConfig(config)->str()); + .arg(redactConfig(config)->str()); ControlledDhcpv6Srv* srv = ControlledDhcpv6Srv::getInstance(); diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc index a5ede56809..919a8d4234 100644 --- a/src/bin/dhcp6/dhcp6_srv.cc +++ b/src/bin/dhcp6/dhcp6_srv.cc @@ -4338,5 +4338,16 @@ Dhcpv6Srv::checkDynamicSubnetChange(const Pkt6Ptr& question, Pkt6Ptr& answer, } } +std::list> Dhcpv6Srv::jsonPathsToRedact() const{ + static std::list> const list({ + {"config-control", "config-databases"}, + {"hooks-libraries", "parameters"}, + {"hosts-database"}, + {"hosts-databases"}, + {"lease-database"}, + }); + return list; +} + } // namespace dhcp } // namespace isc diff --git a/src/bin/dhcp6/dhcp6_srv.h b/src/bin/dhcp6/dhcp6_srv.h index f134827541..c5c2bf05f7 100644 --- a/src/bin/dhcp6/dhcp6_srv.h +++ b/src/bin/dhcp6/dhcp6_srv.h @@ -1132,6 +1132,13 @@ public: void processPacketBufferSend(hooks::CalloutHandlePtr& callout_handle, Pkt6Ptr& rsp); + /// @brief Return a list of all paths that contain passwords or secrets for + /// kea-dhcp6. + /// + /// @return the list of lists of sequential JSON map keys needed to reach + /// the passwords and secrets. + std::list> jsonPathsToRedact() const final override; + protected: /// Server DUID (to be sent in server-identifier option) diff --git a/src/bin/dhcp6/json_config_parser.cc b/src/bin/dhcp6/json_config_parser.cc index 90951d4847..90e084aa80 100644 --- a/src/bin/dhcp6/json_config_parser.cc +++ b/src/bin/dhcp6/json_config_parser.cc @@ -431,7 +431,7 @@ configureDhcp6Server(Dhcpv6Srv& server, isc::data::ConstElementPtr config_set, } LOG_DEBUG(dhcp6_logger, DBG_DHCP6_COMMAND, DHCP6_CONFIG_START) - .arg(Dhcpv6Srv::redactConfig(config_set)->str()); + .arg(server.redactConfig(config_set)->str()); // Before starting any subnet operations, let's reset the subnet-id counter, // so newly recreated configuration starts with first subnet-id equal 1. diff --git a/src/lib/process/d_cfg_mgr.cc b/src/lib/process/d_cfg_mgr.cc index 5a6a6b99d0..4a67183128 100644 --- a/src/lib/process/d_cfg_mgr.cc +++ b/src/lib/process/d_cfg_mgr.cc @@ -67,8 +67,8 @@ DCfgMgrBase::redactConfig(ConstElementPtr const& config) const { } list> DCfgMgrBase::jsonPathsToRedact() const { - static list> _({}); - return _; + static list> const list; + return list; } isc::data::ConstElementPtr diff --git a/src/lib/process/daemon.cc b/src/lib/process/daemon.cc index b4d356e6b3..c2589c92a1 100644 --- a/src/lib/process/daemon.cc +++ b/src/lib/process/daemon.cc @@ -247,16 +247,10 @@ Daemon::writeConfigFile(const std::string& config_file, return (bytes); } - -std::list> Daemon::jsonPathsToRedact() { - static std::list> _({ - {"config-control", "config-databases"}, - {"hooks-libraries", "parameters"}, - {"hosts-database"}, - {"hosts-databases"}, - {"lease-database"}, - }); - return _; +std::list> +Daemon::jsonPathsToRedact() const { + static std::list> const list; + return list; } isc::data::ConstElementPtr diff --git a/src/lib/process/daemon.h b/src/lib/process/daemon.h index aa66836d09..d64445a77c 100644 --- a/src/lib/process/daemon.h +++ b/src/lib/process/daemon.h @@ -231,11 +231,12 @@ public: /// @brief Return a list of all paths that contain passwords or secrets. /// /// Used in @ref isc::process::Daemon::redactConfig to only make copies and - /// only redact configuration subtrees that contain passwords or secrets. + /// only redact configuration subtrees that contain passwords or secrets. To + /// be overridden by derived classes. /// /// @return the list of lists of sequential JSON map keys needed to reach /// the passwords and secrets. - static std::list> jsonPathsToRedact(); + virtual std::list> jsonPathsToRedact() const; /// @brief Redact a configuration. /// @@ -244,8 +245,7 @@ public: /// @param config the Element tree structure that describes the configuration. /// /// @return the redacted configuration - static isc::data::ConstElementPtr - redactConfig(isc::data::ConstElementPtr const& config); + isc::data::ConstElementPtr redactConfig(isc::data::ConstElementPtr const& config); protected: diff --git a/src/lib/process/redact_config.cc b/src/lib/process/redact_config.cc index 9a8e49e37b..8a8cf53aba 100644 --- a/src/lib/process/redact_config.cc +++ b/src/lib/process/redact_config.cc @@ -8,8 +8,6 @@ #include -#include - using namespace isc::data; using namespace std; @@ -26,7 +24,7 @@ redactConfig(ConstElementPtr const& element, ElementPtr result; if (element->getType() == Element::list) { // Redact lists. - result = boost::make_shared(); + result = Element::createList(); for (ConstElementPtr const& item : element->listValue()) { // add wants an ElementPtr so use a shallow copy. // We could hypothetically filter lists through JSON paths, but we @@ -36,7 +34,7 @@ redactConfig(ConstElementPtr const& element, } } else if (element->getType() == Element::map) { // Redact maps. - result = boost::make_shared(); + result = Element::createMap(); for (auto kv : element->mapValue()) { std::string const& key(kv.first); ConstElementPtr const& value(kv.second);