+Kea 3.1.0 (development) released on July 30, 2025
+
+2381. [build]* fdupont
+ Moved Botan crypto backend support to version 3.
+ (Gitlab #3553)
+
+2380. [bug] tmark
+ kea-dhcp4 now correctly supports option class-tags
+ (i.e."client-classes") in host and config back ends
+ for both MySQL and PosgreSQL.
+ (Gitlab #3770)
+
+2379. [func] razvan
+ Added SSL/TLS support for PostgreSQL database connection in
+ the Kea configuration. Available parameters are:
+ "trust-anchor", "cert-file", "key-file" and "ssl-mode".
+ (Gitlab #3927)
+
+2378. [sec]* tmark
+ Additional runtime security checks were added
+ to kea-dhcp4,kea-dhcp6,kea-dhcp-ddns, and
+ kea-ctrl-agent
+ (Gitlab #3848)
+
2377. [build] razvan
The library version numbers have been bumped up for the Kea 3.1.0
development release.
+++ /dev/null
-[build]* fdupont
- Moved Botan crypto backend support to version 3.
- (Gitlab #3553)
+++ /dev/null
-[bug] tmark
- kea-dhcp4 now correctly supports option class-tags
- (i.e."client-classes") in host and config back ends
- for both MySQL and PosgreSQL.
- (Gitlab #3770)
+++ /dev/null
-[sec]* tmark
- Additional runtime security checks were added
- to kea-dhcp4,kea-dhcp6,kea-dhcp-ddns, and
- kea-ctrl-agent
- (Gitlab #3848)
+++ /dev/null
-[func] razvan
- Added SSL/TLS support for PostgreSQL database connection in
- the Kea configuration. Available parameters are:
- "trust-anchor", "cert-file", "key-file" and "ssl-mode".
- (Gitlab #3927)
| trust_anchor
| cert_file
| key_file
+ | ssl_mode
| cipher_list
| unknown_map_entry
key_file ::= "key-file" ":" STRING
+ ssl_mode ::= "ssl-mode" ":" ssl_mode
+ | "disable"
+ | "prefer"
+ | "require"
+ | "verify-ca"
+ | "verify-full"
+
cipher_list ::= "cipher-list" ":" STRING
host_reservation_identifiers ::= "host-reservation-identifiers" ":" "[" host_reservation_identifiers_list "]"
| trust_anchor
| cert_file
| key_file
+ | ssl_mode
| cipher_list
| unknown_map_entry
key_file ::= "key-file" ":" STRING
+ ssl_mode ::= "ssl-mode" ":" ssl_mode
+ | "disable"
+ | "prefer"
+ | "require"
+ | "verify-ca"
+ | "verify-full"
+
cipher_list ::= "cipher-list" ":" STRING
sanity_checks ::= "sanity-checks" ":" "{" sanity_checks_params "}"
This debug messages is issued when the Command HTTP listener, listening
at the given address and port, has begun to shutdown.
+COMMAND_HTTP_SOCKET_SECURITY_WARNING
+====================================
+
+.. code-block:: text
+
+ command socket configuration is NOT SECURE: %1
+
+This warning message is issued when security enforcement is disabled
+and command socket configuration does not use HTTPS/TLS or baseic HTTP
+authentication. The server will still use the socket as configured but
+is warning that doing so may pose a security risk.
+
COMMAND_PROCESS_ERROR1
======================
This error message indicates that an error was encountered while
attempting to send a response to the command socket.
+COMMAND_UNIX_SOCKET_PATH_SECURITY_WARNING
+=========================================
+
+.. code-block:: text
+
+ unix socket path is NOT SECURE: %1
+
+This warning message is issued when security enforcement is disabled
+and the path specified for a control channel unix socket-name does
+not comply with the supported path. The server will still use the
+specified path but is warning that doing so may pose a security risk.
+
+COMMAND_UNIX_SOCKET_PERMISSIONS_SECURITY_WARNING
+================================================
+
+.. code-block:: text
+
+ unix socket permissions are NOT SECURE: %1
+
+This warning message is issued when security enforcement is disabled
+and the path specified for a control channel unix socket-name does
+not have the required socket permissions. The server will still use the
+specified path but is warning that doing so may pose a security risk.
+
COMMAND_WATCH_SOCKET_CLEAR_ERROR
================================
This error message is issued if the controller could not initialize the
application and will exit.
+DCTL_LOG_PATH_SECURITY_WARNING
+==============================
+
+.. code-block:: text
+
+ Log output path specified is NOT SECURE: %1
+
+This warning message is issued when security enforcement is
+disabled and the output path specified for a given logger does
+not comply with the supported path. The server will still
+use the specified path but is warning that doing so may pose a
+security risk.
+
DCTL_NOT_RUNNING
================
application and is terminating. The reason for the failure is
included in the message.
+DCTL_ROOT_USER_SECURITY_WARNING
+===============================
+
+.. code-block:: text
+
+ %1 running as root user!
+
+This warning is emitted when the server is running as a root user.
+While the server will function fully, this mode of operation may
+expose your environment to security vulnerabilities and should
+only be used after careful consideration.
+
DCTL_RUN_PROCESS
================
transaction identification information. The second argument holds the
generated hostname.
+DHCP4_ROOT_USER_SECURITY_WARNING
+================================
+
+.. code-block:: text
+
+ kea-dhcp4 running as root user!
+
+This warning is emitted when kea-dhcp4 is running as a root user.
+While the server will function fully, this mode of operation may
+expose your environment to security vulnerabilities and should
+only be used after careful consideration.
+
DHCP4_SECURITY_CHECKS_DISABLED
==============================
packet name and type respectively. The fourth argument contains detailed
packet information.
+DHCP6_ROOT_USER_SECURITY_WARNING
+================================
+
+.. code-block:: text
+
+ kea-dhcp6 running as root user!
+
+This warning is emitted when kea-dhcp6 is running as a root user.
+While the server will function fully, this mode of operation may
+expose your environment to security vulnerabilities and should
+only be used after careful consideration
+
DHCP6_SECURITY_CHECKS_DISABLED
==============================
mode is enabled when 'persist4=no persist6=no' parameters are specified
in the database access string.
+DHCPSRV_MEMFILE_PATH_SECURITY_WARNING
+=====================================
+
+.. code-block:: text
+
+ Lease file path specified is NOT SECURE: %1
+
+This warning message is issued when security enforcement is
+disabled and the lease file path specified for does not comply
+with the supported path. The server will still use the specified
+path but is warning that doing so may pose a security risk.
+
DHCPSRV_MEMFILE_READ_HWADDR_FAIL
================================
likely a programmatic error, rather than a communications issue. Some or all
of the DNS updates requested as part of this request did not succeed.
+DHCP_DDNS_TSIG_SECRET_SECURITY_WARNING
+======================================
+
+.. code-block:: text
+
+ use of clear text TSIG 'secret' is NOT SECURE: %1
+
+This warning message is issued when security enforcement is disabled
+and TSIG key configuration uses clear text 'secret' rather
+than 'secret-file'. The server will still use the key as configured
+but is warning that doing so may pose a security risk.
+
DHCP_DDNS_UDP_SENDER_WATCH_SOCKET_CLOSE_ERROR
=============================================
without rebuilding the hook library. A rebuild and re-install of the
library should fix the problem in most cases.
+HOOKS_LIBPATH_SECURITY_WARNING
+==============================
+
+.. code-block:: text
+
+ Library path specified is NOT SECURE: %1
+
+This warning message is issued when security enforcement is
+disabled and the library path specified for a given hook library
+does not comply with the supported path. The server will still load
+the hook library but is warning that doing so may pose a security
+risk.
+
HOOKS_LIBRARY_CLOSED
====================
This info message indicates that the Host Cache hooks library has been
loaded successfully. Enjoy!
+HOST_CACHE_PATH_SECURITY_WARNING
+================================
+
+.. code-block:: text
+
+ Cache file path specified is NOT SECURE: %1
+
+This warning message is issued when security enforcement is
+disabled and the host cache file path specified does not comply
+with the supported path. The server will still use the specified
+path but is warning that doing so may pose a security risk.
+
HOST_CMDS_DEINIT_OK
===================
This debug message is issued when a multi-threaded HTTP client instance has
been created. The argument specifies the maximum number of threads.
+HTTP_CLIENT_PASSWORD_SECURITY_WARNING
+=====================================
+
+.. code-block:: text
+
+ use of clear text 'password' is NOT SECURE: %1
+
+This warning message is issued when security enforcement is disabled
+and command socket configuration uses clear text 'password' rather
+than 'password-file'. The server will still use the socket as configured
+but is warning that doing so may pose a security risk.
+
HTTP_CLIENT_QUEUE_SIZE_GROWING
==============================
the server is going to send a response with Http Request timeout status
code.
+HTTP_CLIENT_USER_SECURITY_WARNING
+=================================
+
+.. code-block:: text
+
+ use of clear text 'user' is NOT SECURE: %1
+
+This warning message is issued when security enforcement is disabled
+and command socket configuration uses clear text 'user' rather
+than 'user-file'. The server will still use the socket as configured
+but is warning that doing so may pose a security risk.
+
HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSE_FAILED
===========================================
hooks library. The details of the error are provided as argument of
the log message.
+LEASE_CMDS_PATH_SECURITY_WARNING
+================================
+
+.. code-block:: text
+
+ lease file path specified is NOT SECURE: %1
+
+This warning message is issued when security enforcement is disabled
+and the path portion of the `filename` parameter of the lease4-write
+or lease6-write command does not comply with the supported path. The
+server will still use the specified path but is warning that doing so
+may pose a security risk.
+
LEASE_CMDS_RESEND_DDNS4
=======================
A debug message issued when a new MySQL connected is created with TLS.
The TLS cipher name is logged.
+LEGAL_LOG_PATH_SECURITY_WARNING
+===============================
+
+.. code-block:: text
+
+ Forensic log path specified is NOT SECURE: %1
+
+This warning message is issued when security enforcement is
+disabled and the path specified for forensic logging output
+does not comply with the supported path. The server will
+still use the specified path but is warning that doing so may
+pose a security risk.
+
LEGAL_LOG_PGSQL_COMMIT
======================
-#line 2 "agent_lexer.cc"
+#line 1 "agent_lexer.cc"
-#line 4 "agent_lexer.cc"
+#line 3 "agent_lexer.cc"
#define YY_INT_ALIGNED short int
/* To avoid the call to exit... oops! */
#define YY_FATAL_ERROR(msg) isc::agent::ParserContext::fatal(msg)
-#line 1628 "agent_lexer.cc"
+#line 1627 "agent_lexer.cc"
/* noyywrap disables automatic rewinding for the next file to parse. Since we
always parse only a single string, there's no need to do any wraps. And
using yywrap requires linking with -lfl, which provides the default yywrap
by moving it ahead by yyleng bytes. yyleng specifies the length of the
currently matched token. */
#define YY_USER_ACTION driver.loc_.columns(yyleng);
+#line 1653 "agent_lexer.cc"
#line 1654 "agent_lexer.cc"
-#line 1655 "agent_lexer.cc"
#define INITIAL 0
#define COMMENT 1
}
-#line 1969 "agent_lexer.cc"
+#line 1968 "agent_lexer.cc"
while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
#line 835 "agent_lexer.ll"
ECHO;
YY_BREAK
-#line 2986 "agent_lexer.cc"
+#line 2985 "agent_lexer.cc"
case YY_END_OF_BUFFER:
{
-// Copyright (C) 2017-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2017-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-#line 2 "d2_lexer.cc"
+#line 1 "d2_lexer.cc"
-#line 4 "d2_lexer.cc"
+#line 3 "d2_lexer.cc"
#define YY_INT_ALIGNED short int
/* To avoid the call to exit... oops! */
#define YY_FATAL_ERROR(msg) isc::d2::D2ParserContext::fatal(msg)
-#line 1218 "d2_lexer.cc"
+#line 1217 "d2_lexer.cc"
/* noyywrap disables automatic rewinding for the next file to parse. Since we
always parse only a single string, there's no need to do any wraps. And
using yywrap requires linking with -lfl, which provides the default yywrap
by moving it ahead by yyleng bytes. yyleng specifies the length of the
currently matched token. */
#define YY_USER_ACTION driver.loc_.columns(yyleng);
+#line 1243 "d2_lexer.cc"
#line 1244 "d2_lexer.cc"
-#line 1245 "d2_lexer.cc"
#define INITIAL 0
#define COMMENT 1
}
-#line 1565 "d2_lexer.cc"
+#line 1564 "d2_lexer.cc"
while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
#line 1022 "d2_lexer.ll"
ECHO;
YY_BREAK
-#line 2816 "d2_lexer.cc"
+#line 2815 "d2_lexer.cc"
case YY_END_OF_BUFFER:
{
-// Copyright (C) 2013-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2013-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2017-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2017-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-#line 2 "dhcp4_lexer.cc"
+#line 1 "dhcp4_lexer.cc"
-#line 4 "dhcp4_lexer.cc"
+#line 3 "dhcp4_lexer.cc"
#define YY_INT_ALIGNED short int
/* To avoid the call to exit... oops! */
#define YY_FATAL_ERROR(msg) isc::dhcp::Parser4Context::fatal(msg)
-#line 2301 "dhcp4_lexer.cc"
+#line 2300 "dhcp4_lexer.cc"
/* noyywrap disables automatic rewinding for the next file to parse. Since we
always parse only a single string, there's no need to do any wraps. And
using yywrap requires linking with -lfl, which provides the default yywrap
by moving it ahead by yyleng bytes. yyleng specifies the length of the
currently matched token. */
#define YY_USER_ACTION driver.loc_.columns(yyleng);
+#line 2326 "dhcp4_lexer.cc"
#line 2327 "dhcp4_lexer.cc"
-#line 2328 "dhcp4_lexer.cc"
#define INITIAL 0
#define COMMENT 1
}
-#line 2656 "dhcp4_lexer.cc"
+#line 2655 "dhcp4_lexer.cc"
while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
#line 2631 "dhcp4_lexer.ll"
ECHO;
YY_BREAK
-#line 5984 "dhcp4_lexer.cc"
+#line 5983 "dhcp4_lexer.cc"
case YY_END_OF_BUFFER:
{
transaction identification information. The second argument holds the
generated hostname.
+% DHCP4_ROOT_USER_SECURITY_WARNING kea-dhcp4 running as root user!
+This warning is emitted when kea-dhcp4 is running as a root user.
+While the server will function fully, this mode of operation may
+expose your environment to security vulnerabilities and should
+only be used after careful consideration.
+
% DHCP4_SECURITY_CHECKS_DISABLED Invoked with command line option -X, Security checks are disabled!!
This warning is emitted when internal security checks normally
performed by kea-dhcp4 have been disabled via command line option '-X'.
An DHCPOFFER for the 0.0.0.0 address was generated for a client requesting
the v6-only-preferred (108) option but the option is not in the response as
expected: the erroneous response is dropped, the discover query is displayed.
-
-% DHCP4_ROOT_USER_SECURITY_WARNING kea-dhcp4 running as root user!
-This warning is emitted when kea-dhcp4 is running as a root user.
-While the server will function fully, this mode of operation may
-expose your environment to security vulnerabilities and should
-only be used after careful consideration.
-// Copyright (C) 2016-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2016-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2015-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2015-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2019-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2019-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-#line 2 "dhcp6_lexer.cc"
+#line 1 "dhcp6_lexer.cc"
-#line 4 "dhcp6_lexer.cc"
+#line 3 "dhcp6_lexer.cc"
#define YY_INT_ALIGNED short int
/* To avoid the call to exit... oops! */
#define YY_FATAL_ERROR(msg) isc::dhcp::Parser6Context::fatal(msg)
-#line 2270 "dhcp6_lexer.cc"
+#line 2269 "dhcp6_lexer.cc"
/* noyywrap disables automatic rewinding for the next file to parse. Since we
always parse only a single string, there's no need to do any wraps. And
using yywrap requires linking with -lfl, which provides the default yywrap
by moving it ahead by yyleng bytes. yyleng specifies the length of the
currently matched token. */
#define YY_USER_ACTION driver.loc_.columns(yyleng);
+#line 2295 "dhcp6_lexer.cc"
#line 2296 "dhcp6_lexer.cc"
-#line 2297 "dhcp6_lexer.cc"
#define INITIAL 0
#define COMMENT 1
}
-#line 2627 "dhcp6_lexer.cc"
+#line 2626 "dhcp6_lexer.cc"
while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
#line 2664 "dhcp6_lexer.ll"
ECHO;
YY_BREAK
-#line 5995 "dhcp6_lexer.cc"
+#line 5994 "dhcp6_lexer.cc"
case YY_END_OF_BUFFER:
{
packet name and type respectively. The fourth argument contains detailed
packet information.
+% DHCP6_ROOT_USER_SECURITY_WARNING kea-dhcp6 running as root user!
+This warning is emitted when kea-dhcp6 is running as a root user.
+While the server will function fully, this mode of operation may
+expose your environment to security vulnerabilities and should
+only be used after careful consideration
+
% DHCP6_SECURITY_CHECKS_DISABLED Invoked with command line option -X, Security checks are disabled!!
This warning is emitted when internal security checks normally
performed by kea-dhcp6 have been disabled via command line option '-X'.
use it to extend their leases. As a result, they will have to go through
a rebinding phase to re-acquire their leases and associate them with a
new server id.
-
-% DHCP6_ROOT_USER_SECURITY_WARNING kea-dhcp6 running as root user!
-This warning is emitted when kea-dhcp6 is running as a root user.
-While the server will function fully, this mode of operation may
-expose your environment to security vulnerabilities and should
-only be used after careful consideration
-// Copyright (C) 2016-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2016-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2015-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2015-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2019-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2019-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
#define YY_RESTORE_YY_MORE_OFFSET
char *yytext;
#line 1 "netconf_lexer.ll"
-/* Copyright (C) 2018-2023 Internet Systems Consortium, Inc. ("ISC")
+/* Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
hooks library. The details of the error are provided as argument of
the log message.
+% LEASE_CMDS_PATH_SECURITY_WARNING lease file path specified is NOT SECURE: %1
+This warning message is issued when security enforcement is disabled
+and the path portion of the `filename` parameter of the lease4-write
+or lease6-write command does not comply with the supported path. The
+server will still use the specified path but is warning that doing so
+may pose a security risk.
+
% LEASE_CMDS_RESEND_DDNS4 lease4-resend-ddns command successful: %1
A request to update DNS for the requested IPv4 lease has been
successfully queued for transmission to kea-dhcp-ddns.
% LEASE_CMDS_WIPE6_FAILED lease6-wipe command failed (parameters: %1, reason: %2)
The lease6-wipe command has failed. Both the reason as well as the
parameters passed are logged.
-
-% LEASE_CMDS_PATH_SECURITY_WARNING lease file path specified is NOT SECURE: %1
-This warning message is issued when security enforcement is disabled
-and the path portion of the `filename` parameter of the lease4-write
-or lease6-write command does not comply with the supported path. The
-server will still use the specified path but is warning that doing so
-may pose a security risk.
-// Copyright (C) 2018-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2018-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2018-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2010-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
This debug messages is issued when the Command HTTP listener, listening
at the given address and port, has begun to shutdown.
+% COMMAND_HTTP_SOCKET_SECURITY_WARNING command socket configuration is NOT SECURE: %1
+This warning message is issued when security enforcement is disabled
+and command socket configuration does not use HTTPS/TLS or baseic HTTP
+authentication. The server will still use the socket as configured but
+is warning that doing so may pose a security risk.
+
% COMMAND_PROCESS_ERROR1 Error while processing command: %1
This warning message indicates that the server encountered an error while
processing received command. Additional information will be provided, if
This error message indicates that an error was encountered while
attempting to send a response to the command socket.
+% COMMAND_UNIX_SOCKET_PATH_SECURITY_WARNING unix socket path is NOT SECURE: %1
+This warning message is issued when security enforcement is disabled
+and the path specified for a control channel unix socket-name does
+not comply with the supported path. The server will still use the
+specified path but is warning that doing so may pose a security risk.
+
+% COMMAND_UNIX_SOCKET_PERMISSIONS_SECURITY_WARNING unix socket permissions are NOT SECURE: %1
+This warning message is issued when security enforcement is disabled
+and the path specified for a control channel unix socket-name does
+not have the required socket permissions. The server will still use the
+specified path but is warning that doing so may pose a security risk.
+
% COMMAND_WATCH_SOCKET_CLEAR_ERROR watch socket failed to clear: %1
This error message is issued when the command manager was unable to reset
the ready status after completing a send. This is a programmatic error
% HTTP_COMMAND_MGR_SERVICE_STOPPING Server is stopping %1 service %2
This informational message indicates that the server has stopped
HTTP/HTTPS service. When known the address and port are displayed.
-
-% COMMAND_UNIX_SOCKET_PATH_SECURITY_WARNING unix socket path is NOT SECURE: %1
-This warning message is issued when security enforcement is disabled
-and the path specified for a control channel unix socket-name does
-not comply with the supported path. The server will still use the
-specified path but is warning that doing so may pose a security risk.
-
-% COMMAND_UNIX_SOCKET_PERMISSIONS_SECURITY_WARNING unix socket permissions are NOT SECURE: %1
-This warning message is issued when security enforcement is disabled
-and the path specified for a control channel unix socket-name does
-not have the required socket permissions. The server will still use the
-specified path but is warning that doing so may pose a security risk.
-
-% COMMAND_HTTP_SOCKET_SECURITY_WARNING command socket configuration is NOT SECURE: %1
-This warning message is issued when security enforcement is disabled
-and command socket configuration does not use HTTPS/TLS or baseic HTTP
-authentication. The server will still use the socket as configured but
-is warning that doing so may pose a security risk.
-// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2011-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2011-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2013-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2013-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
likely a programmatic error, rather than a communications issue. Some or all
of the DNS updates requested as part of this request did not succeed.
+% DHCP_DDNS_TSIG_SECRET_SECURITY_WARNING use of clear text TSIG 'secret' is NOT SECURE: %1
+This warning message is issued when security enforcement is disabled
+and TSIG key configuration uses clear text 'secret' rather
+than 'secret-file'. The server will still use the key as configured
+but is warning that doing so may pose a security risk.
+
% DHCP_DDNS_UPDATE_REQUEST_SENT Request ID %1: %2 to server: %3
Logged at debug log level 50.
This is a debug message issued when DHCP_DDNS sends a DNS request to a DNS
Logged at debug log level 50.
This is a debug message issued when DHCP_DDNS receives sends a DNS update
response from a DNS server.
-
-% DHCP_DDNS_TSIG_SECRET_SECURITY_WARNING use of clear text TSIG 'secret' is NOT SECURE: %1
-This warning message is issued when security enforcement is disabled
-and TSIG key configuration uses clear text 'secret' rather
-than 'secret-file'. The server will still use the key as configured
-but is warning that doing so may pose a security risk.
-// Copyright (C) 2012-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2012-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2014-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2011-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2011-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2019-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2019-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2019-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2019-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2019-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2019-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2014-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2018-2021 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2018-2021 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
mode is enabled when 'persist4=no persist6=no' parameters are specified
in the database access string.
+% DHCPSRV_MEMFILE_PATH_SECURITY_WARNING Lease file path specified is NOT SECURE: %1
+This warning message is issued when security enforcement is
+disabled and the lease file path specified for does not comply
+with the supported path. The server will still use the specified
+path but is warning that doing so may pose a security risk.
+
% DHCPSRV_MEMFILE_READ_HWADDR_FAIL failed to read hardware address from lease file: %1
A warning message issued when read attempt of the hardware address stored in
a disk file failed. The parameter should provide the exact nature of the failure.
The database access string specified a database type (given in the
message) that is unknown to the software. This is a configuration error.
-% DHCPSRV_MEMFILE_PATH_SECURITY_WARNING Lease file path specified is NOT SECURE: %1
-This warning message is issued when security enforcement is
-disabled and the lease file path specified for does not comply
-with the supported path. The server will still use the specified
-path but is warning that doing so may pose a security risk.
-
% LEGAL_LOG_PATH_SECURITY_WARNING Forensic log path specified is NOT SECURE: %1
This warning message is issued when security enforcement is
disabled and the path specified for forensic logging output
-// Copyright (C) 2014-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2014-2023 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2017-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2017-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2016-2020 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2016-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2016-2020 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2016-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2014-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2018-2023 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2022-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2022-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2015-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2015-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2018-2024 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2018-2021 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2018-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-#line 2 "lexer.cc"
+#line 1 "lexer.cc"
-#line 4 "lexer.cc"
+#line 3 "lexer.cc"
#define YY_INT_ALIGNED short int
/* To avoid the call to exit... oops! */
#define YY_FATAL_ERROR(msg) isc::eval::EvalContext::fatal(msg)
-#line 1059 "lexer.cc"
+#line 1058 "lexer.cc"
/* noyywrap disables automatic rewinding for the next file to parse. Since we
always parse only a single string, there's no need to do any wraps. And
using yywrap requires linking with -lfl, which provides the default yywrap
by moving it ahead by yyleng bytes. yyleng specifies the length of the
currently matched token. */
#define YY_USER_ACTION loc.columns(evalleng);
+#line 1083 "lexer.cc"
#line 1084 "lexer.cc"
-#line 1085 "lexer.cc"
#define INITIAL 0
-#line 1384 "lexer.cc"
+#line 1383 "lexer.cc"
while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
#line 251 "lexer.ll"
ECHO;
YY_BREAK
-#line 1893 "lexer.cc"
+#line 1892 "lexer.cc"
case YY_END_OF_BUFFER:
{
-# Copyright (C) 2013-2024 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2013-2025 Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
without rebuilding the hook library. A rebuild and re-install of the
library should fix the problem in most cases.
+% HOOKS_LIBPATH_SECURITY_WARNING Library path specified is NOT SECURE: %1
+This warning message is issued when security enforcement is
+disabled and the library path specified for a given hook library
+does not comply with the supported path. The server will still load
+the hook library but is warning that doing so may pose a security
+risk.
+
% HOOKS_LIBRARY_CLOSED hooks library %1 successfully closed
This information message is issued when a user-supplied hooks library
has been successfully closed.
This error message is issued if the version() function in the specified
hooks library was called and generated an exception. The library is
considered unusable and will not be loaded.
-
-% HOOKS_LIBPATH_SECURITY_WARNING Library path specified is NOT SECURE: %1
-This warning message is issued when security enforcement is
-disabled and the library path specified for a given hook library
-does not comply with the supported path. The server will still load
-the hook library but is warning that doing so may pose a security
-risk.
-# Copyright (C) 2021 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
$NAMESPACE isc::http
+% HTTP_CLIENT_PASSWORD_SECURITY_WARNING use of clear text 'password' is NOT SECURE: %1
+This warning message is issued when security enforcement is disabled
+and command socket configuration uses clear text 'password' rather
+than 'password-file'. The server will still use the socket as configured
+but is warning that doing so may pose a security risk.
+
% HTTP_CLIENT_REQUEST_AUTHORIZED received HTTP request authorized for '%1'
This information message is issued when the server receives with a matching
authentication header. The argument provides the user id.
This information message is issued when the server receives a request without
a required authentication header.
-% HTTP_CLIENT_PASSWORD_SECURITY_WARNING use of clear text 'password' is NOT SECURE: %1
-This warning message is issued when security enforcement is disabled
-and command socket configuration uses clear text 'password' rather
-than 'password-file'. The server will still use the socket as configured
-but is warning that doing so may pose a security risk.
-
% HTTP_CLIENT_USER_SECURITY_WARNING use of clear text 'user' is NOT SECURE: %1
This warning message is issued when security enforcement is disabled
and command socket configuration uses clear text 'user' rather
-// Copyright (C) 2016-2022 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2016-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
-// Copyright (C) 2016-2022 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2016-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
This error message is issued if the controller could not initialize the
application and will exit.
+% DCTL_LOG_PATH_SECURITY_WARNING Log output path specified is NOT SECURE: %1
+This warning message is issued when security enforcement is
+disabled and the output path specified for a given logger does
+not comply with the supported path. The server will still
+use the specified path but is warning that doing so may pose a
+security risk.
+
% DCTL_NOT_RUNNING %1 application instance is not running
A warning message is issued when an attempt is made to shut down the
application when it is not running.
application and is terminating. The reason for the failure is
included in the message.
+% DCTL_ROOT_USER_SECURITY_WARNING %1 running as root user!
+This warning is emitted when the server is running as a root user.
+While the server will function fully, this mode of operation may
+expose your environment to security vulnerabilities and should
+only be used after careful consideration.
+
% DCTL_RUN_PROCESS %1 starting application event loop
Logged at debug log level 0.
This debug message is issued just before the controller invokes
unsupported signal. This is a programming error indicating that the
application has registered to receive the signal but no associated
processing logic has been added.
-
-% DCTL_LOG_PATH_SECURITY_WARNING Log output path specified is NOT SECURE: %1
-This warning message is issued when security enforcement is
-disabled and the output path specified for a given logger does
-not comply with the supported path. The server will still
-use the specified path but is warning that doing so may pose a
-security risk.
-
-% DCTL_ROOT_USER_SECURITY_WARNING %1 running as root user!
-This warning is emitted when the server is running as a root user.
-While the server will function fully, this mode of operation may
-expose your environment to security vulnerabilities and should
-only be used after careful consideration.
projects / thirdparty / kea.git / commitdiff
