// "digest-bits" : 256,
// Minimum truncated length in bits.
// Default 0 (means truncation is forbidden).
-// "secret" : "<shared secret value>"
+// "secret" : "1234" (shared secret value)
// }
// ,
// {
# openssl pkcs12 -export -in kea-client.crt -inkey kea-client.key \
# -out kea-client.p12
#
-# If the password is kea, curl command becomes:
+# If the password is 1234, curl command becomes:
#
-# curl -k --cert kea-client.p12:kea -X POST \
+# curl -k --cert kea-client.p12:1234 -X POST \
# -H Content-Type:application/json -d '{ "command": "list-commands" }' \
# https://kea.example.org/kea
#
# openssl pkcs12 -export -in kea-client.crt -inkey kea-client.key \
# -out kea-client.p12
#
-# If the password is kea, curl command becomes:
+# If the password is 1234, curl command becomes:
#
-# curl -k --cert kea-client.p12:kea -X POST \
+# curl -k --cert kea-client.p12:1234 -X POST \
# -H Content-Type:application/json -d '{ "command": "list-commands" }' \
# https://kea.example.org
#
"host": "localhost",
// Database password.
- "password": "keatest",
+ "password": "1234",
// Port on which the database is available.
"port": 3306,
"host": "localhost",
// Database password.
- "password": "keatest",
+ "password": "1234",
// Port on which the database is available.
"port": 5432,
"host": "localhost",
// Database password.
- "password": "keatest",
+ "password": "1234",
// Port on which the database is available.
"port": 3306,
"host": "localhost",
// Database password.
- "password": "keatest",
+ "password": "1234",
// Port on which the database is available.
"port": 5432,
// "host": "localhost",
// "port": 3306,
// "user": "keatest",
-// "password": "secret1",
+// "password": "1234",
// "reconnect-wait-time": 3000, // expressed in ms
// "max-reconnect-tries": 3,
// "on-fail": "stop-retry-exit",
// "host": "localhost",
// "port": 5432,
// "user": "keatest",
-// "password": "secret1",
+// "password": "1234",
// "reconnect-wait-time": 3000, // expressed in ms
// "max-reconnect-tries": 3,
// "on-fail": "stop-retry-exit",
"max-reconnect-tries": 3,
"name": "kea",
"user": "kea",
- "password": "kea",
+ "password": "1234",
"host": "localhost",
"port": 3306
}
// These are parameters for the first (and only) access server
"name": "127.0.0.1",
"port": 1812,
- "secret": "secret"
+ "secret": "1234"
}
// Additional access servers could be specified here
],
"servers": [ {
"name": "127.0.0.1",
"port": 1813,
- "secret": "secret"
+ "secret": "1234"
}
]
}
"max-reconnect-tries": 3,
"name": "keatest",
"user": "keatest",
- "password": "keatest",
+ "password": "1234",
"host": "localhost",
"port": 3306,
"trust-anchor": "my-ca",
"max-reconnect-tries": 3,
"name": "keatest",
"user": "keatest",
- "password": "keatest",
+ "password": "1234",
"host": "localhost"
}
],
"host": "localhost",
// Database password.
- "password": "keatest",
+ "password": "1234",
// Port on which the database is available.
"port": 3306,
"host": "localhost",
// Database password.
- "password": "keatest",
+ "password": "1234",
// Port on which the database is available.
"port": 5432,
"host": "localhost",
// Database password.
- "password": "keatest",
+ "password": "1234",
// Port on which the database is available.
"port": 3306,
"host": "localhost",
// Database password.
- "password": "keatest",
+ "password": "1234",
// Port on which the database is available.
"port": 5432,
// "host": "localhost",
// "port": 3306,
// "user": "keatest",
-// "password": "secret1",
+// "password": "1234",
// "reconnect-wait-time": 3000, // expressed in ms
// "max-reconnect-tries": 3,
// "on-fail": "stop-retry-exit",
// "host": "localhost",
// "port": 5432,
// "user": "keatest",
-// "password": "secret1",
+// "password": "1234",
// "reconnect-wait-time": 3000, // expressed in ms
// "max-reconnect-tries": 3,
// "on-fail": "stop-retry-exit",
"max-reconnect-tries": 3,
"name": "kea",
"user": "kea",
- "password": "kea",
+ "password": "1234",
"host": "localhost",
"port": 3306
}
"max-reconnect-tries": 3,
"name": "keatest",
"user": "keatest",
- "password": "keatest",
+ "password": "1234",
"host": "localhost",
"port": 3306,
"readonly": true,
"max-reconnect-tries": 3,
"name": "keatest",
"user": "keatest",
- "password": "keatest",
+ "password": "1234",
"host": "localhost"
}
],
.. code-block:: mysql
- mysql> CREATE USER 'user-name'@'localhost' IDENTIFIED BY 'password';
+ mysql> CREATE USER 'user-name'@'localhost' IDENTIFIED BY '1234';
mysql> GRANT ALL ON database-name.* TO 'user-name'@'localhost';
(``user-name`` and ``password`` are the user ID and password used to
.. code-block:: psql
- postgres=# CREATE USER user-name WITH PASSWORD 'password';
+ postgres=# CREATE USER user-name WITH PASSWORD '1234';
CREATE ROLE
postgres=# GRANT ALL PRIVILEGES ON DATABASE database-name TO user-name;
GRANT
"Dhcp4": {
"lease-database": {
"user": "user-name",
- "password": "password",
+ "password": "1234",
...
},
...
"type": "mysql",
"name": "kea",
"user": "kea",
- "password": "secret123",
+ "password": "1234",
"host": "localhost",
"port": 3306
}
"Dhcp4": {
"hosts-database": {
"user": "user-name",
- "password": "password",
+ "password": "1234",
...
},
...
"type": "mysql",
"name": "kea",
"user": "kea",
- "password": "kea",
+ "password": "1234",
"host": "192.0.2.1",
"port": 3302
}
"type": "postgresql",
"name": "kea",
"user": "kea",
- "password": "kea",
+ "password": "1234",
"host": "192.0.2.1",
"port": 3302
}
"Dhcp6": {
"lease-database": {
"user": "user-name",
- "password": "password",
+ "password": "1234",
...
},
...
"type": "mysql",
"name": "kea",
"user": "kea",
- "password": "secret123",
+ "password": "1234",
"host": "localhost",
"port": 3306
}
"Dhcp6": {
"hosts-database": {
"user": "user-name",
- "password": "password",
+ "password": "1234",
...
},
...
"type": "mysql",
"name": "kea",
"user": "kea",
- "password": "kea",
+ "password": "1234",
"host": "2001:db8:1::1",
"port": 3302
}
"type": "postgresql",
"name": "kea",
"user": "kea",
- "password": "kea",
+ "password": "1234",
"host": "2001:db8:1::1",
"port": 3302
}
The value ``0`` means no limit; ``64`` is a recommended setting.
For example, to specify a single access server available on localhost
-that uses ``"xyz123"`` as a secret, and tell Kea to send three additional
+that uses ``"1234"`` as a secret, and tell Kea to send three additional
attributes (``User-Password``, ``Connect-Info``, and ``Configuration-Token``),
the following snippet could be used:
// These are parameters for the first (and only) access server
"name": "127.0.0.1",
"port": 1812,
- "secret": "xyz123"
+ "secret": "1234"
}
// Additional access servers could be specified here.
],
// These are parameters for the first (and only) accounting server
"name": "127.0.0.1",
"port": 1813,
- "secret": "sekret"
+ "secret": "1234"
}
// Additional accounting servers could be specified here.
]
"url": "http://192.168.56.99:8000/",
"role": "backup",
"basic-auth-user": "foo",
- "basic-auth-password": "bar",
+ "basic-auth-password": "1234",
"auto-failover": false
}]
}]
server is not available, ``server1`` allocates the lease from the pool of
"192.0.3.200 - 192.0.3.250". The Kea control agent in front of ``server3``
requires basic HTTP authentication, and authorizes the user ID "foo" with the
-password "bar".
+password "1234".
.. note::
"name": "server3",
"url": "http://192.168.56.99:8000/",
"basic-auth-user": "foo",
- "basic-auth-password": "bar",
+ "basic-auth-password": "1234",
"role": "backup",
"auto-failover": false
}]
"name": "server3",
"url": "http://192.168.56.99:8000/",
"basic-auth-user": "foo",
- "basic-auth-password": "bar",
+ "basic-auth-password": "1234",
"role": "backup"
}]
}]
"library": "/usr/local/lib/kea/hooks/libdhcp_legal_log.so",
"parameters": {
"name": "database-name",
- "password": "passwd",
+ "password": "1234",
"type": "mysql",
"user": "user-name"
}
"library": "/usr/local/lib/kea/hooks/libdhcp_legal_log.so",
"parameters": {
"name": "database-name",
- "password": "passwd",
+ "password": "1234",
"type": "mysql",
"user": "user-name",
"request-parser-format": "'log entry' + 0x0a + 'same log entry'",
"library": "/usr/local/lib/kea/hooks/libdhcp_legal_log.so",
"parameters": {
"name": "database-name",
- "password": "passwd",
+ "password": "1234",
"type": "mysql",
"user": "user-name",
"request-parser-format": "'log entry' + 0x0a + 'same log entry'",
::
- $ mysql --user keatest --password keatest -e "select * from logs;"
+ $ mysql --user keatest --password 1234 -e "select * from logs;"
+---------------------+--------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+----+
| timestamp | address | log | id |
+---------------------+--------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+----+
// "type": "mysql",
// "name": "kea",
// "user": "kea",
- // "password": "kea",
+ // "password": "1234",
// "host": "localhost",
// "port": 3306
// },
// "type": "mysql",
// "name": "kea",
// "user": "kea",
- // "password": "kea",
+ // "password": "1234",
// "host": "localhost",
// "port": 3306
// },
libkea_cc_la_SOURCES += element_value.h
libkea_cc_la_SOURCES += cfg_to_element.h dhcp_config_error.h
libkea_cc_la_SOURCES += command_interpreter.cc command_interpreter.h
+libkea_cc_la_SOURCES += default_credentials.cc default_credentials.h
libkea_cc_la_SOURCES += json_feed.cc json_feed.h
libkea_cc_la_SOURCES += server_tag.cc server_tag.h
libkea_cc_la_SOURCES += simple_parser.cc simple_parser.h
cfg_to_element.h \
command_interpreter.h \
data.h \
+ default_credentials.h \
dhcp_config_error.h \
element_value.h \
json_feed.h \
--- /dev/null
+// Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC")
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include <config.h>
+#include <cc/default_credentials.h>
+
+namespace isc {
+namespace data {
+
+const std::list<std::string> DefaultCredentials::DEFAULT_CREDENTIALS = {
+#ifndef IGNORE_KEA_DEFAULT_CREDENTIALS
+ "1234", "*****"
+#endif
+#ifdef EXTRA_KEA_DEFAULT_CREDENTIALS
+ EXTRA_KEA_DEFAULT_CREDENTIALS
+#endif
+};
+
+void DefaultCredentials::check(const std::string& value) {
+ for (auto const& cred : DEFAULT_CREDENTIALS) {
+ if (value == cred) {
+ isc_throw(DefaultCredential,
+ "illegal use of a default value as credential");
+ }
+ }
+}
+
+} // end of isc::dhcp namespace
+} // end of isc namespace
--- /dev/null
+// Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC")
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#ifndef DEFAULT_CREDENTIALS_H
+#define DEFAULT_CREDENTIALS_H
+
+#include <exceptions/exceptions.h>
+#include <list>
+#include <string>
+
+namespace isc {
+namespace data {
+
+/// @brief Exception thrown on attempt to use a default credential.
+class DefaultCredential : public Exception {
+public:
+ DefaultCredential(const char* file, size_t line, const char* what) :
+ isc::Exception(file, line, what) { }
+};
+
+/// @brief Base class for default credentials.
+struct DefaultCredentials {
+ /// @brief Default credentials.
+ ///
+ /// @note Using a list as there are only two default credentials.
+ static const std::list<std::string> DEFAULT_CREDENTIALS;
+
+ /// @brief Check if the value is a default credential.
+ ///
+ /// @param value The value to check.
+ /// @throw DefaultCredential if the value is in default credentials.
+ static void check(const std::string& value);
+};
+
+} // end of isc::dhcp namespace
+} // end of isc namespace
+
+
+#endif // DEFAULT_CREDENTIALS_H
projects / thirdparty / kea.git / commitdiff
