authentication. This parameter is ignored when the user ID is not specified or is empty.
The password is optional; if not specified, an empty password is used.
+- ``basic-auth-password-file`` - is an alternative to ``basic-auth-password``:
+ instead to put the password itself in the configuration file it is
+ in the file specifies by this parameter.
+
- ``role`` - denotes the role of the server in the HA setup. The
following roles are supported in the load-balancing configuration:
``primary``, ``secondary``, and ``backup``. There must be exactly one
#include <ha_log.h>
#include <ha_service_states.h>
#include <cc/dhcp_config_error.h>
+#include <util/file_utilities.h>
#include <limits>
#include <set>
// Basic HTTP authentication password.
std::string password;
if ((*p)->contains("basic-auth-password")) {
+ if ((*p)->contains("basic-auth-password-file")) {
+ isc_throw(dhcp::DhcpConfigError, "only one of "
+ << "basic-auth-password and "
+ << "basic-auth-password-file parameter can be "
+ << "configured in peer '"
+ << cfg->getName() << "'");
+ }
password = getString((*p), "basic-auth-password");
}
+ if ((*p)->contains("basic-auth-password-file")) {
+ std::string password_file =
+ getString((*p), "basic-auth-password-file");
+ try {
+ password = util::file::getContent(password_file);
+ } catch (const std::exception& ex) {
+ isc_throw(dhcp::DhcpConfigError, "bad password file in peer '"
+ << cfg->getName() << "': " << ex.what());
+ }
+ }
// Basic HTTP authentication user.
if ((*p)->contains("basic-auth-user")) {
AM_CPPFLAGS += -DINSTALL_PROG=\"$(abs_top_srcdir)/install-sh\"
TEST_CA_DIR = $(abs_top_srcdir)/src/lib/asiolink/testutils/ca
AM_CPPFLAGS += -DTEST_CA_DIR=\"$(TEST_CA_DIR)\"
+TEST_HTTP_DIR = $(abs_top_srcdir)/src/lib/http/tests/testdata
+AM_CPPFLAGS += -DTEST_HTTP_DIR=\"$(TEST_HTTP_DIR)\"
AM_CXXFLAGS = $(KEA_CXXFLAGS)
" {"
" \"name\": \"server3\","
" \"url\": \"http://127.0.0.1:8082/\","
- " \"basic-auth-user\": \"test\","
- " \"basic-auth-password\": \"123\\u00a3\","
+ " \"basic-auth-user\": \"keatest\","
+ " \"basic-auth-password-file\": \""
+ TEST_HTTP_DIR "/hiddenp\","
" \"role\": \"backup\""
" }"
" ]"
EXPECT_EQ("http://127.0.0.1:8082/", cfg->getUrl().toText());
EXPECT_EQ(HAConfig::PeerConfig::BACKUP, cfg->getRole());
ASSERT_TRUE(cfg->getBasicAuth());
- EXPECT_EQ("dGVzdDoxMjPCow==", cfg->getBasicAuth()->getCredential());
+ EXPECT_EQ("a2VhdGVzdDpLZWFUZXN0", cfg->getBasicAuth()->getCredential());
// Verify multi-threading default values.
EXPECT_FALSE(impl->getConfig()->getEnableMultiThreading());
#include <http/auth_log.h>
#include <http/basic_auth_config.h>
+#include <util/file_utilities.h>
#include <util/strutil.h>
-#include <cerrno>
-#include <cstring>
-#include <sys/stat.h>
-
using namespace isc;
using namespace isc::data;
using namespace isc::dhcp;
path += file_name.substr(1);
}
- // Open the file.
- int fd = ::open(path.c_str(), O_RDONLY);
- if (fd < 0) {
- isc_throw(DhcpConfigError, "can't open file '" << path << "': "
- << std::strerror(errno));
- }
try {
- struct stat stats;
- if (fstat(fd, &stats) < 0) {
- isc_throw(DhcpConfigError, "can't stat file '" << path << "': "
- << std::strerror(errno));
- }
- if ((stats.st_mode & S_IFMT) != S_IFREG) {
- isc_throw(DhcpConfigError, "'" << path
- << "' must be a regular file");
- }
- string content(stats.st_size, ' ');
- ssize_t got = ::read(fd, &content[0], stats.st_size);
- if (got < 0) {
- isc_throw(DhcpConfigError, "can't read file '" << path << "': "
- << std::strerror(errno));
- }
- if (got != stats.st_size) {
- isc_throw(DhcpConfigError, "can't read whole file '" << path
- << "' (got " << got << " of " << stats.st_size);
- }
- close(fd);
- return (content);
- } catch (const std::exception&) {
- close(fd);
- throw;
+ return (file::getContent(path));
+ } catch (const isc::BadValue& ex) {
+ isc_throw(DhcpConfigError, ex.what());
}
}
projects / thirdparty / kea.git / commitdiff
