As of Kea 3.0, starting the daemons with the command line option, '-X',
instructs them to warn about security risks but continue operating anyway.
-The message IDs for all such warnings are suffixed with "_SECURITY_WARN".
+The message IDs for all such warnings are suffixed with "_SECURITY_WARNING".
.. warning::
extern const isc::log::MessageID DHCP4_RESPONSE_FQDN_DATA = "DHCP4_RESPONSE_FQDN_DATA";
extern const isc::log::MessageID DHCP4_RESPONSE_HOSTNAME_DATA = "DHCP4_RESPONSE_HOSTNAME_DATA";
extern const isc::log::MessageID DHCP4_RESPONSE_HOSTNAME_GENERATE = "DHCP4_RESPONSE_HOSTNAME_GENERATE";
-extern const isc::log::MessageID DHCP4_ROOT_USER_SECURITY_WARN = "DHCP4_ROOT_USER_SECURITY_WARN";
+extern const isc::log::MessageID DHCP4_ROOT_USER_SECURITY_WARNING = "DHCP4_ROOT_USER_SECURITY_WARNING";
extern const isc::log::MessageID DHCP4_SECURITY_CHECKS_DISABLED = "DHCP4_SECURITY_CHECKS_DISABLED";
extern const isc::log::MessageID DHCP4_SERVER_FAILED = "DHCP4_SERVER_FAILED";
extern const isc::log::MessageID DHCP4_SERVER_INITIATED_DECLINE = "DHCP4_SERVER_INITIATED_DECLINE";
"DHCP4_RESPONSE_FQDN_DATA", "%1: including FQDN option in the server's response: %2",
"DHCP4_RESPONSE_HOSTNAME_DATA", "%1: including Hostname option in the server's response: %2",
"DHCP4_RESPONSE_HOSTNAME_GENERATE", "%1: server has generated hostname %2 for the client",
- "DHCP4_ROOT_USER_SECURITY_WARN", "kea-dhcp4 running as root user!",
+ "DHCP4_ROOT_USER_SECURITY_WARNING", "kea-dhcp4 running as root user!",
"DHCP4_SECURITY_CHECKS_DISABLED", "Invoked with command line option -X, Security checks are disabled!!",
"DHCP4_SERVER_FAILED", "server failed: %1",
"DHCP4_SERVER_INITIATED_DECLINE", "%1: Lease for addr %2 has been found to be already in use. The lease will be unavailable for %3 seconds.",
extern const isc::log::MessageID DHCP4_RESPONSE_FQDN_DATA;
extern const isc::log::MessageID DHCP4_RESPONSE_HOSTNAME_DATA;
extern const isc::log::MessageID DHCP4_RESPONSE_HOSTNAME_GENERATE;
-extern const isc::log::MessageID DHCP4_ROOT_USER_SECURITY_WARN;
+extern const isc::log::MessageID DHCP4_ROOT_USER_SECURITY_WARNING;
extern const isc::log::MessageID DHCP4_SECURITY_CHECKS_DISABLED;
extern const isc::log::MessageID DHCP4_SERVER_FAILED;
extern const isc::log::MessageID DHCP4_SERVER_INITIATED_DECLINE;
environment to security vulnerabilities and should only be used
after careful consideration.
-% DHCP4_ROOT_USER_SECURITY_WARN kea-dhcp4 running as root user!
+% DHCP4_ROOT_USER_SECURITY_WARNING kea-dhcp4 running as root user!
This warning is emitted when kea-dhcp4 is running as a root user.
While the server will function fully, this mode of operation may
expose your environment to security vulnerabilities and should
extern const isc::log::MessageID DHCP6_REQUIRED_OPTIONS_CHECK_FAIL = "DHCP6_REQUIRED_OPTIONS_CHECK_FAIL";
extern const isc::log::MessageID DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED = "DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED";
extern const isc::log::MessageID DHCP6_RESPONSE_DATA = "DHCP6_RESPONSE_DATA";
-extern const isc::log::MessageID DHCP6_ROOT_USER_SECURITY_WARN = "DHCP6_ROOT_USER_SECURITY_WARN";
+extern const isc::log::MessageID DHCP6_ROOT_USER_SECURITY_WARNING = "DHCP6_ROOT_USER_SECURITY_WARNING";
extern const isc::log::MessageID DHCP6_SECURITY_CHECKS_DISABLED = "DHCP6_SECURITY_CHECKS_DISABLED";
extern const isc::log::MessageID DHCP6_SERVER_FAILED = "DHCP6_SERVER_FAILED";
extern const isc::log::MessageID DHCP6_SHUTDOWN = "DHCP6_SHUTDOWN";
"DHCP6_REQUIRED_OPTIONS_CHECK_FAIL", "%1: %2 message received from %3 failed the following check: %4",
"DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED", "Multi-threading is enabled and host reservations lookup is always performed first.",
"DHCP6_RESPONSE_DATA", "%1: responding with packet %2 (type %3), packet details: %4",
- "DHCP6_ROOT_USER_SECURITY_WARN", "kea-dhcp6 running as root user!",
+ "DHCP6_ROOT_USER_SECURITY_WARNING", "kea-dhcp6 running as root user!",
"DHCP6_SECURITY_CHECKS_DISABLED", "Invoked with command line option -X, Security checks are disabled!!",
"DHCP6_SERVER_FAILED", "server failed: %1",
"DHCP6_SHUTDOWN", "server shutdown",
extern const isc::log::MessageID DHCP6_REQUIRED_OPTIONS_CHECK_FAIL;
extern const isc::log::MessageID DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED;
extern const isc::log::MessageID DHCP6_RESPONSE_DATA;
-extern const isc::log::MessageID DHCP6_ROOT_USER_SECURITY_WARN;
+extern const isc::log::MessageID DHCP6_ROOT_USER_SECURITY_WARNING;
extern const isc::log::MessageID DHCP6_SECURITY_CHECKS_DISABLED;
extern const isc::log::MessageID DHCP6_SERVER_FAILED;
extern const isc::log::MessageID DHCP6_SHUTDOWN;
environment to security vulnerabilities and should only be used
after careful consideration.
-% DHCP6_ROOT_USER_SECURITY_WARN kea-dhcp6 running as root user!
+% DHCP6_ROOT_USER_SECURITY_WARNING kea-dhcp6 running as root user!
This warning is emitted when kea-dhcp6 is running as a root user.
While the server will function fully, this mode of operation may
expose your environment to security vulnerabilities and should
extern const isc::log::MessageID LEASE_CMDS_LEASES6_COMMITTED_FAILED = "LEASE_CMDS_LEASES6_COMMITTED_FAILED";
extern const isc::log::MessageID LEASE_CMDS_LEASES6_COMMITTED_LEASE_ERROR = "LEASE_CMDS_LEASES6_COMMITTED_LEASE_ERROR";
extern const isc::log::MessageID LEASE_CMDS_LOAD_ERROR = "LEASE_CMDS_LOAD_ERROR";
-extern const isc::log::MessageID LEASE_CMDS_PATH_SECURITY_WARN = "LEASE_CMDS_PATH_SECURITY_WARN";
+extern const isc::log::MessageID LEASE_CMDS_PATH_SECURITY_WARNING = "LEASE_CMDS_PATH_SECURITY_WARNING";
extern const isc::log::MessageID LEASE_CMDS_RESEND_DDNS4 = "LEASE_CMDS_RESEND_DDNS4";
extern const isc::log::MessageID LEASE_CMDS_RESEND_DDNS4_FAILED = "LEASE_CMDS_RESEND_DDNS4_FAILED";
extern const isc::log::MessageID LEASE_CMDS_RESEND_DDNS6 = "LEASE_CMDS_RESEND_DDNS6";
"LEASE_CMDS_LEASES6_COMMITTED_FAILED", "reason: %1",
"LEASE_CMDS_LEASES6_COMMITTED_LEASE_ERROR", "evaluating binding-variables for lease: %1 for: %2, reason: %3",
"LEASE_CMDS_LOAD_ERROR", "loading Lease Commands hooks library failed: %1",
- "LEASE_CMDS_PATH_SECURITY_WARN", "lease file path specified is NOT SECURE: %1",
+ "LEASE_CMDS_PATH_SECURITY_WARNING", "lease file path specified is NOT SECURE: %1",
"LEASE_CMDS_RESEND_DDNS4", "lease4-resend-ddns command successful: %1",
"LEASE_CMDS_RESEND_DDNS4_FAILED", "lease4-resend-ddns command failed: %1",
"LEASE_CMDS_RESEND_DDNS6", "lease6-resend-ddns command successful: %1",
extern const isc::log::MessageID LEASE_CMDS_LEASES6_COMMITTED_FAILED;
extern const isc::log::MessageID LEASE_CMDS_LEASES6_COMMITTED_LEASE_ERROR;
extern const isc::log::MessageID LEASE_CMDS_LOAD_ERROR;
-extern const isc::log::MessageID LEASE_CMDS_PATH_SECURITY_WARN;
+extern const isc::log::MessageID LEASE_CMDS_PATH_SECURITY_WARNING;
extern const isc::log::MessageID LEASE_CMDS_RESEND_DDNS4;
extern const isc::log::MessageID LEASE_CMDS_RESEND_DDNS4_FAILED;
extern const isc::log::MessageID LEASE_CMDS_RESEND_DDNS6;
The lease6-wipe command has failed. Both the reason as well as the
parameters passed are logged.
-% LEASE_CMDS_PATH_SECURITY_WARN lease file path specified is NOT SECURE: %1
+% LEASE_CMDS_PATH_SECURITY_WARNING lease file path specified is NOT SECURE: %1
This warning message is issued when security enforcement is disabled
and the path portion of the `filename` parameter of the lease4-write
or lease6-write command does not comply with the supported path. The
extern const isc::log::MessageID COMMAND_HTTP_LISTENER_STARTED = "COMMAND_HTTP_LISTENER_STARTED";
extern const isc::log::MessageID COMMAND_HTTP_LISTENER_STOPPED = "COMMAND_HTTP_LISTENER_STOPPED";
extern const isc::log::MessageID COMMAND_HTTP_LISTENER_STOPPING = "COMMAND_HTTP_LISTENER_STOPPING";
-extern const isc::log::MessageID COMMAND_HTTP_SOCKET_SECURITY_WARN = "COMMAND_HTTP_SOCKET_SECURITY_WARN";
+extern const isc::log::MessageID COMMAND_HTTP_SOCKET_SECURITY_WARNING = "COMMAND_HTTP_SOCKET_SECURITY_WARNING";
extern const isc::log::MessageID COMMAND_PROCESS_ERROR1 = "COMMAND_PROCESS_ERROR1";
extern const isc::log::MessageID COMMAND_PROCESS_ERROR2 = "COMMAND_PROCESS_ERROR2";
extern const isc::log::MessageID COMMAND_RECEIVED = "COMMAND_RECEIVED";
"COMMAND_HTTP_LISTENER_STARTED", "Command HTTP listener started with %1 threads, listening on address: %2 port: %3, use TLS: %4",
"COMMAND_HTTP_LISTENER_STOPPED", "Command HTTP listener for address: %1 port: %2 stopped.",
"COMMAND_HTTP_LISTENER_STOPPING", "Stopping Command HTTP listener for address: %1 port: %2",
- "COMMAND_HTTP_SOCKET_SECURITY_WARN", "command socket configuration is NOT SECURE: %1",
+ "COMMAND_HTTP_SOCKET_SECURITY_WARNING", "command socket configuration is NOT SECURE: %1",
"COMMAND_PROCESS_ERROR1", "Error while processing command: %1",
"COMMAND_PROCESS_ERROR2", "Error while processing command: %1",
"COMMAND_RECEIVED", "Received command '%1'",
extern const isc::log::MessageID COMMAND_HTTP_LISTENER_STARTED;
extern const isc::log::MessageID COMMAND_HTTP_LISTENER_STOPPED;
extern const isc::log::MessageID COMMAND_HTTP_LISTENER_STOPPING;
-extern const isc::log::MessageID COMMAND_HTTP_SOCKET_SECURITY_WARN;
+extern const isc::log::MessageID COMMAND_HTTP_SOCKET_SECURITY_WARNING;
extern const isc::log::MessageID COMMAND_PROCESS_ERROR1;
extern const isc::log::MessageID COMMAND_PROCESS_ERROR2;
extern const isc::log::MessageID COMMAND_RECEIVED;
not have the required socket permissions. The server will still use the
specified path but is warning that doing so may pose a security risk.
-% COMMAND_HTTP_SOCKET_SECURITY_WARN command socket configuration is NOT SECURE: %1
+% COMMAND_HTTP_SOCKET_SECURITY_WARNING command socket configuration is NOT SECURE: %1
This warning message is issued when security enforcement is disabled
and command socket configuration does not use HTTPS/TLS or baseic HTTP
authentication. The server will still use the socket as configured but
extern const isc::log::MessageID DHCP_DDNS_STARTING_TRANSACTION = "DHCP_DDNS_STARTING_TRANSACTION";
extern const isc::log::MessageID DHCP_DDNS_STATE_MODEL_UNEXPECTED_ERROR = "DHCP_DDNS_STATE_MODEL_UNEXPECTED_ERROR";
extern const isc::log::MessageID DHCP_DDNS_TRANS_SEND_ERROR = "DHCP_DDNS_TRANS_SEND_ERROR";
-extern const isc::log::MessageID DHCP_DDNS_TSIG_SECRET_SECURITY_WARN = "DHCP_DDNS_TSIG_SECRET_SECURITY_WARN";
+extern const isc::log::MessageID DHCP_DDNS_TSIG_SECRET_SECURITY_WARNING = "DHCP_DDNS_TSIG_SECRET_SECURITY_WARNING";
extern const isc::log::MessageID DHCP_DDNS_UPDATE_REQUEST_SENT = "DHCP_DDNS_UPDATE_REQUEST_SENT";
extern const isc::log::MessageID DHCP_DDNS_UPDATE_RESPONSE_RECEIVED = "DHCP_DDNS_UPDATE_RESPONSE_RECEIVED";
"DHCP_DDNS_STARTING_TRANSACTION", "Request ID %1:",
"DHCP_DDNS_STATE_MODEL_UNEXPECTED_ERROR", "Request ID %1: application encountered an unexpected error while carrying out a NameChangeRequest: %2",
"DHCP_DDNS_TRANS_SEND_ERROR", "Request ID %1: application encountered an unexpected error while attempting to send a DNS update: %2",
- "DHCP_DDNS_TSIG_SECRET_SECURITY_WARN", "use of clear text TSIG 'secret' is NOT SECURE: %1",
+ "DHCP_DDNS_TSIG_SECRET_SECURITY_WARNING", "use of clear text TSIG 'secret' is NOT SECURE: %1",
"DHCP_DDNS_UPDATE_REQUEST_SENT", "Request ID %1: %2 to server: %3",
"DHCP_DDNS_UPDATE_RESPONSE_RECEIVED", "Request ID %1: to server: %2 status: %3",
NULL
extern const isc::log::MessageID DHCP_DDNS_STARTING_TRANSACTION;
extern const isc::log::MessageID DHCP_DDNS_STATE_MODEL_UNEXPECTED_ERROR;
extern const isc::log::MessageID DHCP_DDNS_TRANS_SEND_ERROR;
-extern const isc::log::MessageID DHCP_DDNS_TSIG_SECRET_SECURITY_WARN;
+extern const isc::log::MessageID DHCP_DDNS_TSIG_SECRET_SECURITY_WARNING;
extern const isc::log::MessageID DHCP_DDNS_UPDATE_REQUEST_SENT;
extern const isc::log::MessageID DHCP_DDNS_UPDATE_RESPONSE_RECEIVED;
environment to security vulnerabilities and should only be used
after consideration.
-% DHCP_DDNS_TSIG_SECRET_SECURITY_WARN use of clear text TSIG 'secret' is NOT SECURE: %1
+% DHCP_DDNS_TSIG_SECRET_SECURITY_WARNING use of clear text TSIG 'secret' is NOT SECURE: %1
This warning message is issued when security enforcement is disabled
and TSIG key configuration uses clear text 'secret' rather
than 'secret-file'. The server will still use the key as configured
namespace isc {
namespace http {
-extern const isc::log::MessageID HTTP_CLIENT_PASSWORD_SECURITY_WARN = "HTTP_CLIENT_PASSWORD_SECURITY_WARN";
+extern const isc::log::MessageID HTTP_CLIENT_PASSWORD_SECURITY_WARNING = "HTTP_CLIENT_PASSWORD_SECURITY_WARNING";
extern const isc::log::MessageID HTTP_CLIENT_REQUEST_AUTHORIZED = "HTTP_CLIENT_REQUEST_AUTHORIZED";
extern const isc::log::MessageID HTTP_CLIENT_REQUEST_BAD_AUTH_HEADER = "HTTP_CLIENT_REQUEST_BAD_AUTH_HEADER";
extern const isc::log::MessageID HTTP_CLIENT_REQUEST_NOT_AUTHORIZED = "HTTP_CLIENT_REQUEST_NOT_AUTHORIZED";
extern const isc::log::MessageID HTTP_CLIENT_REQUEST_NO_AUTH_HEADER = "HTTP_CLIENT_REQUEST_NO_AUTH_HEADER";
-extern const isc::log::MessageID HTTP_CLIENT_USER_SECURITY_WARN = "HTTP_CLIENT_USER_SECURITY_WARN";
+extern const isc::log::MessageID HTTP_CLIENT_USER_SECURITY_WARNING = "HTTP_CLIENT_USER_SECURITY_WARNING";
} // namespace http
} // namespace isc
namespace {
const char* values[] = {
- "HTTP_CLIENT_PASSWORD_SECURITY_WARN", "use of clear text 'password' is NOT SECURE: %1",
+ "HTTP_CLIENT_PASSWORD_SECURITY_WARNING", "use of clear text 'password' is NOT SECURE: %1",
"HTTP_CLIENT_REQUEST_AUTHORIZED", "received HTTP request authorized for '%1'",
"HTTP_CLIENT_REQUEST_BAD_AUTH_HEADER", "received HTTP request with malformed authentication header: %1",
"HTTP_CLIENT_REQUEST_NOT_AUTHORIZED", "received HTTP request with not matching authentication header",
"HTTP_CLIENT_REQUEST_NO_AUTH_HEADER", "received HTTP request without required authentication header",
- "HTTP_CLIENT_USER_SECURITY_WARN", "use of clear text 'user' is NOT SECURE: %1",
+ "HTTP_CLIENT_USER_SECURITY_WARNING", "use of clear text 'user' is NOT SECURE: %1",
NULL
};
namespace isc {
namespace http {
-extern const isc::log::MessageID HTTP_CLIENT_PASSWORD_SECURITY_WARN;
+extern const isc::log::MessageID HTTP_CLIENT_PASSWORD_SECURITY_WARNING;
extern const isc::log::MessageID HTTP_CLIENT_REQUEST_AUTHORIZED;
extern const isc::log::MessageID HTTP_CLIENT_REQUEST_BAD_AUTH_HEADER;
extern const isc::log::MessageID HTTP_CLIENT_REQUEST_NOT_AUTHORIZED;
extern const isc::log::MessageID HTTP_CLIENT_REQUEST_NO_AUTH_HEADER;
-extern const isc::log::MessageID HTTP_CLIENT_USER_SECURITY_WARN;
+extern const isc::log::MessageID HTTP_CLIENT_USER_SECURITY_WARNING;
} // namespace http
} // namespace isc
This information message is issued when the server receives a request without
a required authentication header.
-% HTTP_CLIENT_PASSWORD_SECURITY_WARN use of clear text 'password' is NOT SECURE: %1
+% HTTP_CLIENT_PASSWORD_SECURITY_WARNING use of clear text 'password' is NOT SECURE: %1
This warning message is issued when security enforcement is disabled
and command socket configuration uses clear text 'password' rather
than 'password-file'. The server will still use the socket as configured
but is warning that doing so may pose a security risk.
-% HTTP_CLIENT_USER_SECURITY_WARN use of clear text 'user' is NOT SECURE: %1
+% HTTP_CLIENT_USER_SECURITY_WARNING use of clear text 'user' is NOT SECURE: %1
This warning message is issued when security enforcement is disabled
and command socket configuration uses clear text 'user' rather
than 'user-file'. The server will still use the socket as configured
extern const isc::log::MessageID DCTL_PARSER_FAIL = "DCTL_PARSER_FAIL";
extern const isc::log::MessageID DCTL_PID_FILE_ERROR = "DCTL_PID_FILE_ERROR";
extern const isc::log::MessageID DCTL_PROCESS_FAILED = "DCTL_PROCESS_FAILED";
-extern const isc::log::MessageID DCTL_ROOT_USER_SECURITY_WARN = "DCTL_ROOT_USER_SECURITY_WARN";
+extern const isc::log::MessageID DCTL_ROOT_USER_SECURITY_WARNING = "DCTL_ROOT_USER_SECURITY_WARNING";
extern const isc::log::MessageID DCTL_RUN_PROCESS = "DCTL_RUN_PROCESS";
extern const isc::log::MessageID DCTL_SHUTDOWN = "DCTL_SHUTDOWN";
extern const isc::log::MessageID DCTL_SHUTDOWN_SIGNAL_RECVD = "DCTL_SHUTDOWN_SIGNAL_RECVD";
"DCTL_PARSER_FAIL", "Parser error: %1",
"DCTL_PID_FILE_ERROR", "%1 could not create a PID file: %2",
"DCTL_PROCESS_FAILED", "%1 application execution failed: %2",
- "DCTL_ROOT_USER_SECURITY_WARN", "%1 running as root user!",
+ "DCTL_ROOT_USER_SECURITY_WARNING", "%1 running as root user!",
"DCTL_RUN_PROCESS", "%1 starting application event loop",
"DCTL_SHUTDOWN", "%1 has shut down, pid: %2, version: %3",
"DCTL_SHUTDOWN_SIGNAL_RECVD", "OS signal %1 received, starting shutdown",
extern const isc::log::MessageID DCTL_PARSER_FAIL;
extern const isc::log::MessageID DCTL_PID_FILE_ERROR;
extern const isc::log::MessageID DCTL_PROCESS_FAILED;
-extern const isc::log::MessageID DCTL_ROOT_USER_SECURITY_WARN;
+extern const isc::log::MessageID DCTL_ROOT_USER_SECURITY_WARNING;
extern const isc::log::MessageID DCTL_RUN_PROCESS;
extern const isc::log::MessageID DCTL_SHUTDOWN;
extern const isc::log::MessageID DCTL_SHUTDOWN_SIGNAL_RECVD;
use the specified path but is warning that doing so may pose a
security risk.
-% DCTL_ROOT_USER_SECURITY_WARN %1 running as root user!
+% DCTL_ROOT_USER_SECURITY_WARNING %1 running as root user!
This warning is emitted when the server is running as a root user.
While the server will function fully, this mode of operation may
expose your environment to security vulnerabilities and should
projects / thirdparty / kea.git / commitdiff
