[#2294] also check server global variables ssl_ca, ssl_cert and ssl_key

author: Razvan Becheriu <razvan@isc.org> 2022-02-08 16:57:13 +0100
committer: Razvan Becheriu <razvan@isc.org> 2022-02-09 13:08:12 +0100
commit: a877676a6325dfa4cab34a3d2b3c91aff3cb73b4 (patch)
tree: dc68fddde735a281d9d7e83434de6d7d48083cab
parent: [#2250] format else statement (diff)
download: kea-a877676a6325dfa4cab34a3d2b3c91aff3cb73b4.tar.xz
kea-a877676a6325dfa4cab34a3d2b3c91aff3cb73b4.zip
12 files changed, 55 insertions, 38 deletions
diff --git a/src/bin/d2/nc_add.cc b/src/bin/d2/nc_add.cc
index 0d517cb4d5..7b95c80af5 100644
--- a/src/bin/d2/nc_add.cc
+++ b/src/bin/d2/nc_add.cc
@@ -162,8 +162,7 @@ NameAddTransaction::selectingFwdServerHandler() {
     if (selectNextServer()) {
         // We have a server to try.
         transition(ADDING_FWD_ADDRS_ST, SERVER_SELECTED_EVT);
-    }
-    else {
+    } else {
         // Server list is exhausted, so fail the transaction.
         transition(PROCESS_TRANS_FAILED_ST, NO_MORE_SERVERS_EVT);
     }
@@ -422,8 +421,7 @@ NameAddTransaction::selectingRevServerHandler() {
     if (selectNextServer()) {
         // We have a server to try.
         transition(REPLACING_REV_PTRS_ST, SERVER_SELECTED_EVT);
-    }
-    else {
+    } else {
         // Server list is exhausted, so fail the transaction.
         transition(PROCESS_TRANS_FAILED_ST, NO_MORE_SERVERS_EVT);
     }
diff --git a/src/bin/d2/nc_remove.cc b/src/bin/d2/nc_remove.cc
index cd9c6794bf..a927d7215b 100644
--- a/src/bin/d2/nc_remove.cc
+++ b/src/bin/d2/nc_remove.cc
@@ -166,8 +166,7 @@ NameRemoveTransaction::selectingFwdServerHandler() {
     if (selectNextServer()) {
         // We have a server to try.
         transition(REMOVING_FWD_ADDRS_ST, SERVER_SELECTED_EVT);
-    }
-    else {
+    } else {
         // Server list is exhausted, so fail the transaction.
         transition(PROCESS_TRANS_FAILED_ST, NO_MORE_SERVERS_EVT);
     }
@@ -429,8 +428,7 @@ NameRemoveTransaction::selectingRevServerHandler() {
     if (selectNextServer()) {
         // We have a server to try.
         transition(REMOVING_REV_PTRS_ST, SERVER_SELECTED_EVT);
-    }
-    else {
+    } else {
         // Server list is exhausted, so fail the transaction.
         transition(PROCESS_TRANS_FAILED_ST, NO_MORE_SERVERS_EVT);
     }
diff --git a/src/bin/d2/simple_add.cc b/src/bin/d2/simple_add.cc
index c1814c77b4..4477e6b265 100644
--- a/src/bin/d2/simple_add.cc
+++ b/src/bin/d2/simple_add.cc
@@ -157,8 +157,7 @@ SimpleAddTransaction::selectingFwdServerHandler() {
     if (selectNextServer()) {
         // We have a server to try.
         transition(REPLACING_FWD_ADDRS_ST, SERVER_SELECTED_EVT);
-    }
-    else {
+    } else {
         // Server list is exhausted, so fail the transaction.
         transition(PROCESS_TRANS_FAILED_ST, NO_MORE_SERVERS_EVT);
     }
@@ -292,8 +291,7 @@ SimpleAddTransaction::selectingRevServerHandler() {
     if (selectNextServer()) {
         // We have a server to try.
         transition(REPLACING_REV_PTRS_ST, SERVER_SELECTED_EVT);
-    }
-    else {
+    } else {
         // Server list is exhausted, so fail the transaction.
         transition(PROCESS_TRANS_FAILED_ST, NO_MORE_SERVERS_EVT);
     }
diff --git a/src/bin/d2/simple_remove.cc b/src/bin/d2/simple_remove.cc
index 457afe7125..ae213369a7 100644
--- a/src/bin/d2/simple_remove.cc
+++ b/src/bin/d2/simple_remove.cc
@@ -160,8 +160,7 @@ SimpleRemoveTransaction::selectingFwdServerHandler() {
     if (selectNextServer()) {
         // We have a server to try.
         transition(REMOVING_FWD_RRS_ST, SERVER_SELECTED_EVT);
-    }
-    else {
+    } else {
         // Server list is exhausted, so fail the transaction.
         transition(PROCESS_TRANS_FAILED_ST, NO_MORE_SERVERS_EVT);
     }
@@ -305,8 +304,7 @@ SimpleRemoveTransaction::selectingRevServerHandler() {
     if (selectNextServer()) {
         // We have a server to try.
         transition(REMOVING_REV_PTRS_ST, SERVER_SELECTED_EVT);
-    }
-    else {
+    } else {
         // Server list is exhausted, so fail the transaction.
         transition(PROCESS_TRANS_FAILED_ST, NO_MORE_SERVERS_EVT);
     }
diff --git a/src/bin/lfc/lfc_controller.cc b/src/bin/lfc/lfc_controller.cc
index 50f7470806..4f51238f92 100644
--- a/src/bin/lfc/lfc_controller.cc
+++ b/src/bin/lfc/lfc_controller.cc
@@ -139,7 +139,7 @@ LFCController::launch(int argc, char* argv[], const bool test_mode) {
     try {
         pid_file.deleteFile();
     } catch (const PIDFileError& pid_ex) {
-          LOG_FATAL(lfc_logger, LFC_FAIL_PID_DEL).arg(pid_ex.what());
+        LOG_FATAL(lfc_logger, LFC_FAIL_PID_DEL).arg(pid_ex.what());
     }
 
     LOG_INFO(lfc_logger, LFC_TERMINATE);
@@ -414,8 +414,7 @@ LFCController::startLogger(const bool test_mode) const {
     // else use our defaults
     if (test_mode) {
         initLogger();
-    }
-    else {
+    } else {
         OutputOption option;
         LoggerManager manager;
 
diff --git a/src/lib/config/command_mgr.cc b/src/lib/config/command_mgr.cc
index 8dab259cf1..53cddb4486 100644
--- a/src/lib/config/command_mgr.cc
+++ b/src/lib/config/command_mgr.cc
@@ -295,8 +295,7 @@ Connection::receiveHandler(const boost::system::error_code& ec,
             std::stringstream os;
             if (feed_.getProcessedText().empty()) {
                os << "no input data to discard";
-            }
-            else {
+            } else {
                os << "discarding partial command of "
                   << feed_.getProcessedText().size() << " bytes";
             }
diff --git a/src/lib/dhcp/iface_mgr_linux.cc b/src/lib/dhcp/iface_mgr_linux.cc
index 6b1fddcb12..bf8d6ae9c9 100644
--- a/src/lib/dhcp/iface_mgr_linux.cc
+++ b/src/lib/dhcp/iface_mgr_linux.cc
@@ -485,8 +485,7 @@ void IfaceMgr::detectIfaces() {
         if (attribs_table[IFLA_ADDRESS]) {
             iface->setMac(static_cast<const uint8_t*>(RTA_DATA(attribs_table[IFLA_ADDRESS])),
                           RTA_PAYLOAD(attribs_table[IFLA_ADDRESS]));
-        }
-        else {
+        } else {
             // Tunnels can have no LL_ADDR. RTA_PAYLOAD doesn't check it and
             // try to dereference it in this manner
         }
diff --git a/src/lib/dhcp_ddns/ncr_udp.cc b/src/lib/dhcp_ddns/ncr_udp.cc
index 43629d1818..bba4000230 100644
--- a/src/lib/dhcp_ddns/ncr_udp.cc
+++ b/src/lib/dhcp_ddns/ncr_udp.cc
@@ -333,8 +333,7 @@ NameChangeUDPSender::sendCompletionHandler(const bool successful,
     Result result;
     if (successful) {
         result = SUCCESS;
-    }
-    else {
+    } else {
         // On a failure, log the error and set the result to ERROR.
         boost::system::error_code error_code = send_callback->getErrorCode();
         if (error_code.value() == boost::asio::error::operation_aborted) {
diff --git a/src/lib/dhcpsrv/d2_client_mgr.h b/src/lib/dhcpsrv/d2_client_mgr.h
index 33eb55a398..ee3cc1d365 100644
--- a/src/lib/dhcpsrv/d2_client_mgr.h
+++ b/src/lib/dhcpsrv/d2_client_mgr.h
@@ -513,8 +513,7 @@ D2ClientMgr::adjustDomainName(const T& fqdn, T& fqdn_resp, const DdnsParams& ddn
         // If the supplied name is partial, qualify it by adding the suffix.
         if (fqdn.getDomainNameType() == T::PARTIAL) {
             fqdn_resp.setDomainName(qualifyName(client_name, ddns_params, true), T::FULL);
-        }
-        else  {
+        } else  {
             fqdn_resp.setDomainName(client_name, T::FULL);
         }
     }
diff --git a/src/lib/dhcpsrv/pgsql_host_data_source.cc b/src/lib/dhcpsrv/pgsql_host_data_source.cc
index f0e0ff1635..b595793d89 100644
--- a/src/lib/dhcpsrv/pgsql_host_data_source.cc
+++ b/src/lib/dhcpsrv/pgsql_host_data_source.cc
@@ -278,7 +278,6 @@ public:
                 bind_array->add(host->getIPv4SubnetID()); // subnet_id
             }
 
-
         } catch (const std::exception& ex) {
             host_.reset();
             isc_throw(DbOperationError,
@@ -3176,7 +3175,6 @@ PgSqlHostDataSource::getAll6(const SubnetID& subnet_id,
     return (collection);
 }
 
-
 // Miscellaneous database methods.
 
 std::string
diff --git a/src/lib/mysql/testutils/mysql_schema.cc b/src/lib/mysql/testutils/mysql_schema.cc
index 6ff194e8d8..0a7677b5dd 100644
--- a/src/lib/mysql/testutils/mysql_schema.cc
+++ b/src/lib/mysql/testutils/mysql_schema.cc
@@ -93,14 +93,16 @@ string getMySQLTlsEnv() {
     return (val ? string(val) : "");
 }
 
-string getMySQLTlsServer() {
-    DatabaseConnection::ParameterMap parameters =
-        DatabaseConnection::parse(validMySQLConnectionString());
-    MySqlConnection conn(parameters);
+string getMySQLTlsServerVariable(string variable) {
     MYSQL_RES* result(0);
     try {
+        DatabaseConnection::ParameterMap parameters =
+            DatabaseConnection::parse(validMySQLConnectionString());
+        MySqlConnection conn(parameters);
         conn.openDatabase();
-        string sql("SHOW GLOBAL VARIABLES LIKE 'have_ssl'");
+        string sql("SHOW GLOBAL VARIABLES LIKE '");
+        sql += variable;
+        sql += "'";
         if (mysql_query(conn.mysql_, sql.c_str())) {
             isc_throw(DbOperationError,
                       sql << ": " << mysql_error(conn.mysql_));
@@ -117,14 +119,12 @@ string getMySQLTlsServer() {
         }
         // first column is 'have_ssl', second is the status.
         string name(row[0]);
-        if (name != "have_ssl") {
+        if (name != variable) {
             isc_throw(DbOperationError,
                       sql << " returned a wrong name '" << name
-                      << "', expected 'have_ssl'");
+                      << "', expected " << variable);
         }
         string value(row[1]);
-        const string env("KEA_MYSQL_HAVE_SSL");
-        static_cast<void>(setenv(env.c_str(), value.c_str(), 1));
         mysql_free_result(result);
         return (value);
     } catch (...) {
@@ -135,6 +135,29 @@ string getMySQLTlsServer() {
     }
 }
 
+bool isMySQLTlsConfigured() {
+    if (getMySQLTlsServerVariable("ssl_ca").find("kea-ca.crt") == string::npos) {
+        return (false);
+    }
+    if (getMySQLTlsServerVariable("ssl_cert").find("kea-server.crt") == string::npos) {
+        return (false);
+    }
+    if (getMySQLTlsServerVariable("ssl_key").find("kea-server.key") == string::npos) {
+        return (false);
+    }
+    return (true);
+}
+
+string getMySQLTlsServer() {
+    string value = getMySQLTlsServerVariable("have_ssl");
+    if (value == "YES" && !isMySQLTlsConfigured()) {
+        value = "UNCONFIGURED";
+    }
+    const string env("KEA_MYSQL_HAVE_SSL");
+    static_cast<void>(setenv(env.c_str(), value.c_str(), 1));
+    return (value);
+}
+
 }  // namespace test
 }  // namespace db
 }  // namespace isc
diff --git a/src/lib/mysql/testutils/mysql_schema.h b/src/lib/mysql/testutils/mysql_schema.h
index 43aa1ad7cd..a3df21fe38 100644
--- a/src/lib/mysql/testutils/mysql_schema.h
+++ b/src/lib/mysql/testutils/mysql_schema.h
@@ -107,6 +107,15 @@ std::string getMySQLTlsEnv();
 /// @note the returned value is set in the environment
 std::string getMySQLTlsServer();
 
+/// @brief Return true if the server has been configured with proper SSL/TLS
+/// credentials, false otherwise
+bool isMySQLTlsConfigured();
+
+/// @brief Get the server global variable value
+///
+/// @param variable The server global variable name
+std::string getMySQLTlsServerVariable(std::string variable);
+
 }
 }
 }
author	Razvan Becheriu <razvan@isc.org>	2022-02-08 16:57:13 +0100
committer	Razvan Becheriu <razvan@isc.org>	2022-02-09 13:08:12 +0100
commit	a877676a6325dfa4cab34a3d2b3c91aff3cb73b4 (patch)
tree	dc68fddde735a281d9d7e83434de6d7d48083cab
parent	[#2250] format else statement (diff)
download	kea-a877676a6325dfa4cab34a3d2b3c91aff3cb73b4.tar.xz kea-a877676a6325dfa4cab34a3d2b3c91aff3cb73b4.zip