diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | doc/sphinx/debug-messages.rst | 44 | ||||
-rw-r--r-- | doc/sphinx/grammar/grammar-d2-parser.rst | 90 | ||||
-rw-r--r-- | doc/sphinx/grammar/grammar-dhcp4-parser.rst | 80 | ||||
-rw-r--r-- | doc/sphinx/grammar/grammar-dhcp6-parser.rst | 86 | ||||
-rw-r--r-- | doc/sphinx/kea-messages.rst | 297 | ||||
-rw-r--r-- | platforms.rst | 4 | ||||
-rw-r--r-- | src/bin/agent/tests/basic_auth_library.cc | 2 | ||||
-rw-r--r-- | src/bin/agent/tests/ca_response_creator_unittests.cc | 2 | ||||
-rw-r--r-- | src/bin/d2/d2_lexer.cc | 41 | ||||
-rw-r--r-- | src/bin/d2/location.hh | 1 | ||||
-rw-r--r-- | src/bin/dhcp4/location.hh | 1 | ||||
-rw-r--r-- | src/bin/dhcp6/location.hh | 1 | ||||
-rw-r--r-- | src/lib/config/command_mgr.h | 2 | ||||
-rw-r--r-- | src/lib/eval/eval_context.h | 2 | ||||
-rw-r--r-- | src/lib/eval/eval_messages.cc | 2 | ||||
-rw-r--r-- | src/lib/eval/eval_messages.h | 1 | ||||
-rw-r--r-- | src/lib/eval/eval_messages.mes | 42 | ||||
-rw-r--r-- | src/lib/eval/evaluate.h | 2 | ||||
-rw-r--r-- | src/lib/eval/location.hh | 1 | ||||
-rw-r--r-- | src/lib/http/tests/request_parser_unittests.cc | 2 |
21 files changed, 518 insertions, 190 deletions
@@ -1,5 +1,8 @@ +Kea 2.7.2 (development) released on August 28, 2024 + 2277. [build] andrei "libca_rbac.so" is now a symbolic link to "libdhcp_rbac.so". + (Gitlab #3550) 2276. [build] razvan The library version numbers have been bumped up for the Kea 2.7.2 @@ -7,7 +10,7 @@ (Gitlab #3549) 2275. [func] andrei - When running with High-Availibility (HA) enabled, the status-get + When running with High-Availability (HA) enabled, the status-get command now includes in its response the system time for each HA node and the clock skew in seconds between active peers. (Gitlab #3513) diff --git a/doc/sphinx/debug-messages.rst b/doc/sphinx/debug-messages.rst index 0a68366890..830de7f8e5 100644 --- a/doc/sphinx/debug-messages.rst +++ b/doc/sphinx/debug-messages.rst @@ -779,26 +779,26 @@ Messages printed on debuglevel 40 - RBAC_CONFIGURED_ACLS - RBAC_CONFIGURED_COMMANDS - RBAC_CONFIGURED_ROLES -- RBAC_TRACE_AUTH_ACCEPT -- RBAC_TRACE_AUTH_BAD_BODY_TYPE -- RBAC_TRACE_AUTH_BAD_COMMAND_TYPE -- RBAC_TRACE_AUTH_COMMAND -- RBAC_TRACE_AUTH_DISABLED -- RBAC_TRACE_AUTH_EMPTY_BODY -- RBAC_TRACE_AUTH_NO_COMMAND -- RBAC_TRACE_AUTH_NO_JSON -- RBAC_TRACE_AUTH_NO_REQUEST -- RBAC_TRACE_AUTH_NO_TLS_REJECT -- RBAC_TRACE_AUTH_REJECT -- RBAC_TRACE_AUTH_RESPONSE -- RBAC_TRACE_AUTH_ROLE -- RBAC_TRACE_RESPONSE_BAD_BODY_TYPE -- RBAC_TRACE_RESPONSE_CONTEXT -- RBAC_TRACE_RESPONSE_DISABLED -- RBAC_TRACE_RESPONSE_EMPTY_BODY -- RBAC_TRACE_RESPONSE_EMPTY_BODY_LIST -- RBAC_TRACE_RESPONSE_MODIFIED -- RBAC_TRACE_RESPONSE_NO_ARGUMENTS +- RBAC_TRACE_HTTP_AUTH_ACCEPT +- RBAC_TRACE_HTTP_AUTH_BAD_BODY_TYPE +- RBAC_TRACE_HTTP_AUTH_BAD_COMMAND_TYPE +- RBAC_TRACE_HTTP_AUTH_COMMAND +- RBAC_TRACE_HTTP_AUTH_DISABLED +- RBAC_TRACE_HTTP_AUTH_EMPTY_BODY +- RBAC_TRACE_HTTP_AUTH_NO_COMMAND +- RBAC_TRACE_HTTP_AUTH_NO_JSON +- RBAC_TRACE_HTTP_AUTH_NO_REQUEST +- RBAC_TRACE_HTTP_AUTH_NO_TLS_REJECT +- RBAC_TRACE_HTTP_AUTH_REJECT +- RBAC_TRACE_HTTP_AUTH_RESPONSE +- RBAC_TRACE_HTTP_AUTH_ROLE +- RBAC_TRACE_HTTP_RESPONSE_BAD_BODY_TYPE +- RBAC_TRACE_HTTP_RESPONSE_CONTEXT +- RBAC_TRACE_HTTP_RESPONSE_DISABLED +- RBAC_TRACE_HTTP_RESPONSE_EMPTY_BODY +- RBAC_TRACE_HTTP_RESPONSE_EMPTY_BODY_LIST +- RBAC_TRACE_HTTP_RESPONSE_MODIFIED +- RBAC_TRACE_HTTP_RESPONSE_NO_ARGUMENTS - START_REKEY_TIMER - START_RETRY_TIMER - STAT_CMDS_LEASE4_ORPHANED_STATS @@ -1152,6 +1152,7 @@ Messages printed on debuglevel 55 - DHCP_DDNS_REQUEST_DROPPED - DHCP_DDNS_REV_REQUEST_IGNORED - EVAL_DEBUG_AND +- EVAL_DEBUG_BRANCH - EVAL_DEBUG_CONCAT - EVAL_DEBUG_EQUAL - EVAL_DEBUG_HEXSTRING @@ -1171,6 +1172,9 @@ Messages printed on debuglevel 55 - EVAL_DEBUG_PKT - EVAL_DEBUG_PKT4 - EVAL_DEBUG_PKT6 +- EVAL_DEBUG_POP_AND_BRANCH_FALSE +- EVAL_DEBUG_POP_OR_BRANCH_FALSE +- EVAL_DEBUG_POP_OR_BRANCH_TRUE - EVAL_DEBUG_RELAY6 - EVAL_DEBUG_RELAY6_RANGE - EVAL_DEBUG_SPLIT diff --git a/doc/sphinx/grammar/grammar-d2-parser.rst b/doc/sphinx/grammar/grammar-d2-parser.rst index 920d973a59..6aed9925c5 100644 --- a/doc/sphinx/grammar/grammar-d2-parser.rst +++ b/doc/sphinx/grammar/grammar-d2-parser.rst @@ -81,6 +81,7 @@ This grammar is generated from ``d2_parser.yy``. See :ref:`dhcp-ddns-server` for | reverse_ddns | tsig_keys | control_socket + | control_sockets | hooks_libraries | loggers | user_context @@ -218,20 +219,107 @@ This grammar is generated from ``d2_parser.yy``. See :ref:`dhcp-ddns-server` for control_socket ::= "control-socket" ":" "{" control_socket_params "}" + control_sockets ::= "control-sockets" ":" "[" control_socket_list "]" + + control_socket_list ::= + | not_empty_control_socket_list + + not_empty_control_socket_list ::= control_socket_entry + | not_empty_control_socket_list "," control_socket_entry + | not_empty_control_socket_list "," + + control_socket_entry ::= "{" control_socket_params "}" + control_socket_params ::= control_socket_param | control_socket_params "," control_socket_param | control_socket_params "," control_socket_param ::= control_socket_type | control_socket_name + | control_socket_address + | control_socket_port + | authentication + | trust_anchor + | cert_file + | key_file + | cert_required | user_context | comment | unknown_map_entry - control_socket_type ::= "socket-type" ":" STRING + control_socket_type ::= "socket-type" ":" control_socket_type_value + + control_socket_type_value ::= "unix" + | "http" + | "https" control_socket_name ::= "socket-name" ":" STRING + control_socket_address ::= "socket-address" ":" STRING + + control_socket_port ::= "socket-port" ":" INTEGER + + trust_anchor ::= "trust-anchor" ":" STRING + + cert_file ::= "cert-file" ":" STRING + + key_file ::= "key-file" ":" STRING + + cert_required ::= "cert-required" ":" BOOLEAN + + authentication ::= "authentication" ":" "{" auth_params "}" + + auth_params ::= auth_param + | auth_params "," auth_param + | auth_params "," + + auth_param ::= auth_type + | realm + | directory + | clients + | comment + | user_context + | unknown_map_entry + + auth_type ::= "type" ":" auth_type_value + + auth_type_value ::= "basic" + + realm ::= "realm" ":" STRING + + directory ::= "directory" ":" STRING + + clients ::= "clients" ":" "[" clients_list "]" + + clients_list ::= + | not_empty_clients_list + + not_empty_clients_list ::= basic_auth + | not_empty_clients_list "," basic_auth + | not_empty_clients_list "," + + basic_auth ::= "{" clients_params "}" + + clients_params ::= clients_param + | clients_params "," clients_param + | clients_params "," + + clients_param ::= user + | user_file + | password + | password_file + | user_context + | comment + | unknown_map_entry + + user ::= "user" ":" STRING + + user_file ::= "user-file" ":" STRING + + password ::= "password" ":" STRING + + password_file ::= "password-file" ":" STRING + hooks_libraries ::= "hooks-libraries" ":" "[" hooks_libraries_list "]" hooks_libraries_list ::= diff --git a/doc/sphinx/grammar/grammar-dhcp4-parser.rst b/doc/sphinx/grammar/grammar-dhcp4-parser.rst index c6dda8de6f..f2c7a45923 100644 --- a/doc/sphinx/grammar/grammar-dhcp4-parser.rst +++ b/doc/sphinx/grammar/grammar-dhcp4-parser.rst @@ -107,6 +107,7 @@ This grammar is generated from ``dhcp4_parser.yy``. See :ref:`dhcp4` for more de | expired_leases_processing | dhcp4o6_port | control_socket + | control_sockets | dhcp_queue_control | dhcp_ddns | echo_client_id @@ -864,20 +865,97 @@ This grammar is generated from ``dhcp4_parser.yy``. See :ref:`dhcp4` for more de control_socket ::= "control-socket" ":" "{" control_socket_params "}" + control_sockets ::= "control-sockets" ":" "[" control_socket_list "]" + + control_socket_list ::= + | not_empty_control_socket_list + + not_empty_control_socket_list ::= control_socket_entry + | not_empty_control_socket_list "," control_socket_entry + | not_empty_control_socket_list "," + + control_socket_entry ::= "{" control_socket_params "}" + control_socket_params ::= control_socket_param | control_socket_params "," control_socket_param | control_socket_params "," control_socket_param ::= control_socket_type | control_socket_name + | control_socket_address + | control_socket_port + | authentication + | trust_anchor + | cert_file + | key_file + | cert_required | user_context | comment | unknown_map_entry - control_socket_type ::= "socket-type" ":" STRING + control_socket_type ::= "socket-type" ":" control_socket_type_value + + control_socket_type_value ::= "unix" + | "http" + | "https" control_socket_name ::= "socket-name" ":" STRING + control_socket_address ::= "socket-address" ":" STRING + + control_socket_port ::= "socket-port" ":" INTEGER + + cert_required ::= "cert-required" ":" BOOLEAN + + authentication ::= "authentication" ":" "{" auth_params "}" + + auth_params ::= auth_param + | auth_params "," auth_param + | auth_params "," + + auth_param ::= auth_type + | realm + | directory + | clients + | comment + | user_context + | unknown_map_entry + + auth_type ::= "type" ":" auth_type_value + + auth_type_value ::= "basic" + + realm ::= "realm" ":" STRING + + directory ::= "directory" ":" STRING + + clients ::= "clients" ":" "[" clients_list "]" + + clients_list ::= + | not_empty_clients_list + + not_empty_clients_list ::= basic_auth + | not_empty_clients_list "," basic_auth + | not_empty_clients_list "," + + basic_auth ::= "{" clients_params "}" + + clients_params ::= clients_param + | clients_params "," clients_param + | clients_params "," + + clients_param ::= user + | user_file + | password + | password_file + | user_context + | comment + | unknown_map_entry + + user_file ::= "user-file" ":" STRING + + password_file ::= "password-file" ":" STRING + dhcp_queue_control ::= "dhcp-queue-control" ":" "{" queue_control_params "}" queue_control_params ::= queue_control_param diff --git a/doc/sphinx/grammar/grammar-dhcp6-parser.rst b/doc/sphinx/grammar/grammar-dhcp6-parser.rst index 98d7e6aa26..b8ca9b9e3b 100644 --- a/doc/sphinx/grammar/grammar-dhcp6-parser.rst +++ b/doc/sphinx/grammar/grammar-dhcp6-parser.rst @@ -116,6 +116,7 @@ This grammar is generated from ``dhcp6_parser.yy``. See :ref:`dhcp6` for more de | server_id | dhcp4o6_port | control_socket + | control_sockets | dhcp_queue_control | dhcp_ddns | user_context @@ -911,19 +912,96 @@ This grammar is generated from ``dhcp6_parser.yy``. See :ref:`dhcp6` for more de control_socket ::= "control-socket" ":" "{" control_socket_params "}" + control_sockets ::= "control-sockets" ":" "[" control_socket_list "]" + + control_socket_list ::= + | not_empty_control_socket_list + + not_empty_control_socket_list ::= control_socket_entry + | not_empty_control_socket_list "," control_socket_entry + | not_empty_control_socket_list "," + + control_socket_entry ::= "{" control_socket_params "}" + control_socket_params ::= control_socket_param | control_socket_params "," control_socket_param | control_socket_params "," - control_socket_param ::= socket_type - | socket_name + control_socket_param ::= control_socket_type + | control_socket_name + | control_socket_address + | control_socket_port + | authentication + | trust_anchor + | cert_file + | key_file + | cert_required | user_context | comment | unknown_map_entry - socket_type ::= "socket-type" ":" STRING + control_socket_type ::= "socket-type" ":" control_socket_type_value + + control_socket_type_value ::= "unix" + | "http" + | "https" + + control_socket_name ::= "socket-name" ":" STRING + + control_socket_address ::= "socket-address" ":" STRING + + control_socket_port ::= "socket-port" ":" INTEGER + + cert_required ::= "cert-required" ":" BOOLEAN + + authentication ::= "authentication" ":" "{" auth_params "}" + + auth_params ::= auth_param + | auth_params "," auth_param + | auth_params "," + + auth_param ::= auth_type + | realm + | directory + | clients + | comment + | user_context + | unknown_map_entry + + auth_type ::= "type" ":" auth_type_value + + auth_type_value ::= "basic" + + realm ::= "realm" ":" STRING + + directory ::= "directory" ":" STRING + + clients ::= "clients" ":" "[" clients_list "]" + + clients_list ::= + | not_empty_clients_list + + not_empty_clients_list ::= basic_auth + | not_empty_clients_list "," basic_auth + | not_empty_clients_list "," + + basic_auth ::= "{" clients_params "}" + + clients_params ::= clients_param + | clients_params "," clients_param + | clients_params "," + + clients_param ::= user + | user_file + | password + | password_file + | user_context + | comment + | unknown_map_entry + + user_file ::= "user-file" ":" STRING - socket_name ::= "socket-name" ":" STRING + password_file ::= "password-file" ":" STRING dhcp_queue_control ::= "dhcp-queue-control" ":" "{" queue_control_params "}" diff --git a/doc/sphinx/kea-messages.rst b/doc/sphinx/kea-messages.rst index 43f1bc8257..dabd18c758 100644 --- a/doc/sphinx/kea-messages.rst +++ b/doc/sphinx/kea-messages.rst @@ -5526,7 +5526,7 @@ DHCP4_REQUIRED_CLASS_EVAL_ERROR %1: Expression '%2' evaluated to %3 This error message indicates that there a problem was encountered while -evaluating an expression of a client class that was marked as required. +evaluating an expression of a required client class that was marked as required. A description of the problem is printed. DHCP4_REQUIRED_CLASS_EVAL_RESULT @@ -5537,8 +5537,8 @@ DHCP4_REQUIRED_CLASS_EVAL_RESULT %1: Expression '%2' evaluated to %3 Logged at debug log level 50. -This debug message indicates that the expression of a client class has been -successfully evaluated. The client class name and the result value of the +This debug message indicates that the expression of a required client class has +been successfully evaluated. The client class name and the result value of the evaluation are printed. DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED @@ -7809,7 +7809,7 @@ DHCP6_REQUIRED_CLASS_EVAL_ERROR %1: Expression '%2' evaluated to %3 This error message indicates that there a problem was encountered while -evaluating an expression of a client class that was marked as required. +evaluating an expression of a required client class that was marked as required. A description of the problem is printed. DHCP6_REQUIRED_CLASS_EVAL_RESULT @@ -7820,8 +7820,8 @@ DHCP6_REQUIRED_CLASS_EVAL_RESULT %1: Expression '%2' evaluated to %3 Logged at debug log level 50. -This debug message indicates that the expression of a client class has been -successfully evaluated. The client class name and the result value of the +This debug message indicates that the expression of a required client class has +been successfully evaluated. The client class name and the result value of the evaluation are printed. DHCP6_REQUIRED_OPTIONS_CHECK_FAIL @@ -12186,6 +12186,17 @@ This debug message indicates that two values are popped from the value stack. Then are then combined via logical and and the result is pushed onto the value stack. +EVAL_DEBUG_BRANCH +================= + +.. code-block:: text + + Branching to %1 + +Logged at debug log level 55. +This debug message indicates that an unconditional branch is performed +to the displayed target. + EVAL_DEBUG_CONCAT ================= @@ -12421,6 +12432,39 @@ This debug message indicates that the given binary string representing the value of the requested field is being pushed onto the value stack. The string is displayed in hex. +EVAL_DEBUG_POP_AND_BRANCH_FALSE +=============================== + +.. code-block:: text + + Value is false: branching to %1 + +Logged at debug log level 55. +This debug message indicates that a branch on false condition is performed +to the displayed target. + +EVAL_DEBUG_POP_OR_BRANCH_FALSE +============================== + +.. code-block:: text + + Value is false: keeping it and branching to %1 + +Logged at debug log level 55. +This debug message indicates that a branch on false condition is performed +to the displayed target. + +EVAL_DEBUG_POP_OR_BRANCH_TRUE +============================= + +.. code-block:: text + + Value is true: keeping it and branching to %1 + +Logged at debug log level 55. +This debug message indicates that a branch on true condition is performed +to the displayed target. + EVAL_DEBUG_RELAY6 ================= @@ -16967,6 +17011,39 @@ HTTP_CONNECTION_STOP_FAILED This error message is issued when an error occurred during closing a HTTP connection with a client. +HTTP_CONNECTION_WATCH_SOCKET_CLEAR_ERROR +======================================== + +.. code-block:: text + + clearing connection watch socket failed: %1 + +This error message is issued when an error occurred during clearing the +watch socket associated with a HTTP connection with a client. The error +is displayed. + +HTTP_CONNECTION_WATCH_SOCKET_CLOSE_ERROR +======================================== + +.. code-block:: text + + closing connection watch socket failed: %1 + +This error message is issued when an error occurred during closing the +watch socket associated with a HTTP connection with a client. The error +is displayed. + +HTTP_CONNECTION_WATCH_SOCKET_MARK_READY_ERROR +============================================= + +.. code-block:: text + + marking ready connection watch socket failed: %1 + +This error message is issued when an error occurred during marking as ready +the watch socket associated with a HTTP connection with a client. The error +is displayed. + HTTP_DATA_RECEIVED ================== @@ -24160,26 +24237,6 @@ are displayed. RBAC **** -RBAC_AUTH_ERROR -=============== - -.. code-block:: text - - Error in auth callout: %1. - -This error messages indicates that an error has been raised in auth callout -by the RBAC hooks library. The argument details the error. - -RBAC_AUTH_RESPONSE -================== - -.. code-block:: text - - RBAC hooks library has returned response: %1. - -This info message indicates that the RBAC hooks library has returned -a response in auth callout. The response is summarized. - RBAC_CONFIGURED_ACLS ==================== @@ -24213,6 +24270,26 @@ Logged at debug log level 40. This debug message indicates that some roles have been configured. The count is displayed. +RBAC_HTTP_AUTH_ERROR +==================== + +.. code-block:: text + + Error in http_auth callout: %1. + +This error messages indicates that an error has been raised in +http_auth callout by the RBAC hooks library. The argument details the error. + +RBAC_HTTP_AUTH_RESPONSE +======================= + +.. code-block:: text + + RBAC hooks library has returned response: %1. + +This info message indicates that the RBAC hooks library has returned +a response in http_auth callout. The response is summarized. + RBAC_LOAD_FAILED ================ @@ -24244,221 +24321,225 @@ This info message indicates that the RBAC hooks library has read API files from the configured directory. The name of the directory and some statistics are displayed. -RBAC_TRACE_AUTH_ACCEPT -====================== +RBAC_TRACE_HTTP_AUTH_ACCEPT +=========================== .. code-block:: text Role configuration '%1' for role '%2' has accepted command '%3'. Logged at debug log level 40. -The command has been accepted in auth callout. The role configuration name, -the role name and the command are displayed. +The command has been accepted in http_auth callout. The role +configuration name, the role name and the command are displayed. -RBAC_TRACE_AUTH_BAD_BODY_TYPE -============================= +RBAC_TRACE_HTTP_AUTH_BAD_BODY_TYPE +================================== .. code-block:: text - Bad body type in JSON request in auth callout. + Bad body type in JSON request in http_auth callout. Logged at debug log level 40. -The auth callout has been called with a bad body type in the JSON request. +The http_auth callout has been called with a bad body type in the JSON request. The RBAC hooks library immediately returns. This is an error condition. -RBAC_TRACE_AUTH_BAD_COMMAND_TYPE -================================ +RBAC_TRACE_HTTP_AUTH_BAD_COMMAND_TYPE +===================================== .. code-block:: text - Bad command type in JSON request in auth callout. + Bad command type in JSON request in http_auth callout. Logged at debug log level 40. -The auth callout has been called with a bad command type in the JSON request. -The RBAC hooks library immediately returns. This is an error condition. +The http_auth callout has been called with a bad command type in the +JSON request. The RBAC hooks library immediately returns. This is an +error condition. -RBAC_TRACE_AUTH_COMMAND -======================= +RBAC_TRACE_HTTP_AUTH_COMMAND +============================ .. code-block:: text - Command '%1' in auth callout. + Command '%1' in http_auth callout. Logged at debug log level 40. -The auth callout has been called with the displayed command. +The http_auth callout has been called with the displayed command. -RBAC_TRACE_AUTH_DISABLED -======================== +RBAC_TRACE_HTTP_AUTH_DISABLED +============================= .. code-block:: text - RBAC hooks library is disabled in auth callout. + RBAC hooks library is disabled in http_auth callout. Logged at debug log level 40. -The auth callout has been called with the RBAC hooks library disabled +The http_auth callout has been called with the RBAC hooks library disabled i.e. with no role assigned. -RBAC_TRACE_AUTH_EMPTY_BODY -========================== +RBAC_TRACE_HTTP_AUTH_EMPTY_BODY +=============================== .. code-block:: text - Empty body in JSON request in auth callout. + Empty body in JSON request in http_auth callout. Logged at debug log level 40. -The auth callout has been called with an empty body in the JSON request. +The http_auth callout has been called with an empty body in the JSON request. The RBAC hooks library immediately returns. This is an error condition. -RBAC_TRACE_AUTH_NO_COMMAND -========================== +RBAC_TRACE_HTTP_AUTH_NO_COMMAND +=============================== .. code-block:: text - No command entry in JSON request in auth callout. + No command entry in JSON request in http_auth callout. Logged at debug log level 40. -The auth callout has been called without a command entry in the JSON request. -The RBAC hooks library immediately returns. This is an error condition. +The http_auth callout has been called without a command entry in the +JSON request. The RBAC hooks library immediately returns. This is an +error condition. -RBAC_TRACE_AUTH_NO_JSON -======================= +RBAC_TRACE_HTTP_AUTH_NO_JSON +============================ .. code-block:: text - No JSON request in auth callout. + No JSON request in http_auth callout. Logged at debug log level 40. -The auth callout has been called with a non JSON request. The RBAC hooks +The http_auth callout has been called with a non JSON request. The RBAC hooks library immediately returns. This is an error condition. -RBAC_TRACE_AUTH_NO_REQUEST -========================== +RBAC_TRACE_HTTP_AUTH_NO_REQUEST +=============================== .. code-block:: text - No request in auth callout. + No request in http_auth callout. Logged at debug log level 40. -The auth callout has been called without a request. The RBAC hooks library +The http_auth callout has been called without a request. The RBAC hooks library immediately returns. This is an error condition. -RBAC_TRACE_AUTH_NO_TLS_REJECT -============================= +RBAC_TRACE_HTTP_AUTH_NO_TLS_REJECT +================================== .. code-block:: text Non TLS request has been rejected. Logged at debug log level 40. -The non TLS request has been rejected in auth callout. +The non TLS request has been rejected in http_auth callout. -RBAC_TRACE_AUTH_REJECT -====================== +RBAC_TRACE_HTTP_AUTH_REJECT +=========================== .. code-block:: text Role configuration '%1' for role '%2' has rejected command '%3'. Logged at debug log level 40. -The command has been rejected in auth callout. The role configuration name, -the role name and the command are displayed. +The command has been rejected in http_auth callout. The role +configuration name, the role name and the command are displayed. -RBAC_TRACE_AUTH_RESPONSE -======================== +RBAC_TRACE_HTTP_AUTH_RESPONSE +============================= .. code-block:: text - Response in auth callout: %1. + Response in http_auth callout: %1. Logged at debug log level 40. -The auth callout has been called with a response. The RBAC hooks library +The http_auth callout has been called with a response. The RBAC hooks library immediately returns. The response is summarized. -RBAC_TRACE_AUTH_ROLE -==================== +RBAC_TRACE_HTTP_AUTH_ROLE +========================= .. code-block:: text - Assigned role '%1' in auth callout. + Assigned role '%1' in http_auth callout. Logged at debug log level 40. -The displayed role has been assigned in the auth callout. +The displayed role has been assigned in the http_auth callout. -RBAC_TRACE_RESPONSE_BAD_BODY_TYPE -================================= +RBAC_TRACE_HTTP_RESPONSE_BAD_BODY_TYPE +====================================== .. code-block:: text - Bad body type in JSON response in response callout. + Bad body type in JSON response in http_response callout. Logged at debug log level 40. -The response callout has been called with a bad body type in the JSON response -which is likely an error response. The RBAC hooks library immediately returns. +The http_response callout has been called with a bad body type in the +JSON response which is likely an error response. The RBAC hooks +library immediately returns. -RBAC_TRACE_RESPONSE_CONTEXT -=========================== +RBAC_TRACE_HTTP_RESPONSE_CONTEXT +================================ .. code-block:: text - Retrieved command '%1' and role config '%2' in response callout. + Retrieved command '%1' and role config '%2' in http_response callout. Logged at debug log level 40. The command and the role config have been retrieved from the request context. They are displayed. -RBAC_TRACE_RESPONSE_DISABLED -============================ +RBAC_TRACE_HTTP_RESPONSE_DISABLED +================================= .. code-block:: text - RBAC hooks library is disabled in response callout. + RBAC hooks library is disabled in http_response callout. Logged at debug log level 40. -The response callout has been called with the RBAC hooks library disabled +The http_response callout has been called with the RBAC hooks library disabled i.e. with no role assigned. -RBAC_TRACE_RESPONSE_EMPTY_BODY -============================== +RBAC_TRACE_HTTP_RESPONSE_EMPTY_BODY +=================================== .. code-block:: text - Empty body in JSON response in response callout. + Empty body in JSON response in http_response callout. Logged at debug log level 40. -The response callout has been called with an empty body in the JSON response. -The RBAC hooks library immediately returns. This is an error condition. +The http_response callout has been called with an empty body in the +JSON response. The RBAC hooks library immediately returns. This is an +error condition. -RBAC_TRACE_RESPONSE_EMPTY_BODY_LIST -=================================== +RBAC_TRACE_HTTP_RESPONSE_EMPTY_BODY_LIST +======================================== .. code-block:: text - Empty list in JSON response in response callout. + Empty list in JSON response in http_response callout. Logged at debug log level 40. -The response callout has been called with an empty body list in the JSON +The http_response callout has been called with an empty body list in the JSON response. The RBAC hooks library immediately returns. This is an error condition. -RBAC_TRACE_RESPONSE_MODIFIED -============================ +RBAC_TRACE_HTTP_RESPONSE_MODIFIED +================================= .. code-block:: text - The response has been modified by a response filter in response callout. + The response has been modified by a response filter in http_response callout. Logged at debug log level 40. -A response filter has modified the HTTP response in response callout. +A response filter has modified the HTTP response in http_response callout. -RBAC_TRACE_RESPONSE_NO_ARGUMENTS -================================ +RBAC_TRACE_HTTP_RESPONSE_NO_ARGUMENTS +===================================== .. code-block:: text - No request or response in response callout. + No request or response in http_response callout. Logged at debug log level 40. -The response callout has been called without request or response. The RBAC +The http_response callout has been called without request or response. The RBAC hooks library immediately returns. This is an error condition. *** diff --git a/platforms.rst b/platforms.rst index 8a8cbbed7d..1bf447e306 100644 --- a/platforms.rst +++ b/platforms.rst @@ -19,7 +19,7 @@ systems. Kea-|release| builds have been tested on: * Alpine — 3.16, 3.17, 3.18, 3.19, 3.20 * Debian — 10, 11, 12 -* Fedora — 36, 38, 39, 40 +* Fedora — 36, 39, 40 * FreeBSD — 13 * RHEL — 8, 9 * Ubuntu — 20.04, 22.04, 24.04 @@ -53,7 +53,7 @@ These include platforms past their respective EOL dates, such as: * Alpine — 3.10, 3.11, 3.12, 3.13, 3.14, 3.15 (EOL 01 Nov 2023) * CentOS — 6 (EOL 30 November 2020), 7 (EOL 30 June 2024), 8 (EOL 31 December 2021) * Debian — 8, 9 (EOL 30 June 2022) -* Fedora — 31, 32, 33, 34, 35, 37 (EOL 05 December 2023) +* Fedora — 31, 32, 33, 34, 35, 37, 38 (EOL 21 May 2024) * FreeBSD — 10, 11, 12 * macOS — 10.13, 10.14, 10.15 (EOL 12 September 2022) * Ubuntu — 14.04, 16.04, 18.04. 18.10, 19.04, 19.10, 21.04 (EOL 20 January 2022) diff --git a/src/bin/agent/tests/basic_auth_library.cc b/src/bin/agent/tests/basic_auth_library.cc index f5ae12075c..398487ded1 100644 --- a/src/bin/agent/tests/basic_auth_library.cc +++ b/src/bin/agent/tests/basic_auth_library.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2020 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2020-2024 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/src/bin/agent/tests/ca_response_creator_unittests.cc b/src/bin/agent/tests/ca_response_creator_unittests.cc index 1d64a74f5c..df394deb9d 100644 --- a/src/bin/agent/tests/ca_response_creator_unittests.cc +++ b/src/bin/agent/tests/ca_response_creator_unittests.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2017-2023 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2017-2024 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/src/bin/d2/d2_lexer.cc b/src/bin/d2/d2_lexer.cc index d4cfcb884d..5002ae721e 100644 --- a/src/bin/d2/d2_lexer.cc +++ b/src/bin/d2/d2_lexer.cc @@ -328,7 +328,6 @@ typedef int16_t flex_int16_t; typedef uint16_t flex_uint16_t; typedef int32_t flex_int32_t; typedef uint32_t flex_uint32_t; -typedef uint64_t flex_uint64_t; #else typedef signed char flex_int8_t; typedef short int flex_int16_t; @@ -453,7 +452,7 @@ typedef size_t yy_size_t; #endif /* %if-not-reentrant */ -extern yy_size_t yyleng; +extern int yyleng; /* %endif */ /* %if-c-only */ @@ -506,7 +505,7 @@ struct yy_buffer_state /* Number of characters read into yy_ch_buf, not including EOB * characters. */ - yy_size_t yy_n_chars; + int yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to @@ -587,8 +586,8 @@ static YY_BUFFER_STATE * yy_buffer_stack = NULL; /**< Stack as an array. */ /* %not-for-header */ /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; -static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ -yy_size_t yyleng; +static int yy_n_chars; /* number of characters read into yy_ch_buf */ +int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = NULL; @@ -618,7 +617,7 @@ static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file ); YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size ); YY_BUFFER_STATE yy_scan_string ( const char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, yy_size_t len ); +YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len ); /* %endif */ @@ -686,7 +685,7 @@ static void yynoreturn yy_fatal_error ( const char* msg ); #define YY_DO_BEFORE_ACTION \ (yytext_ptr) = yy_bp; \ /* %% [2.0] code to fiddle yytext and yyleng for yymore() goes here \ */\ - yyleng = (yy_size_t) (yy_cp - yy_bp); \ + yyleng = (int) (yy_cp - yy_bp); \ (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ /* %% [3.0] code to copy yytext_ptr to yytext[] goes here, if %array \ */\ @@ -1213,7 +1212,7 @@ unsigned int comment_start_line = 0; /* To avoid the call to exit... oops! */ #define YY_FATAL_ERROR(msg) isc::d2::D2ParserContext::fatal(msg) -#line 1216 "d2_lexer.cc" +#line 1215 "d2_lexer.cc" /* noyywrap disables automatic rewinding for the next file to parse. Since we always parse only a single string, there's no need to do any wraps. And using yywrap requires linking with -lfl, which provides the default yywrap @@ -1239,8 +1238,8 @@ unsigned int comment_start_line = 0; by moving it ahead by yyleng bytes. yyleng specifies the length of the currently matched token. */ #define YY_USER_ACTION driver.loc_.columns(yyleng); +#line 1241 "d2_lexer.cc" #line 1242 "d2_lexer.cc" -#line 1243 "d2_lexer.cc" #define INITIAL 0 #define COMMENT 1 @@ -1296,7 +1295,7 @@ FILE *yyget_out ( void ); void yyset_out ( FILE * _out_str ); - yy_size_t yyget_leng ( void ); + int yyget_leng ( void ); char *yyget_text ( void ); @@ -1383,7 +1382,7 @@ static int input ( void ); if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ - yy_size_t n; \ + int n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -1560,7 +1559,7 @@ YY_DECL } -#line 1563 "d2_lexer.cc" +#line 1562 "d2_lexer.cc" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -2811,7 +2810,7 @@ YY_RULE_SETUP #line 1020 "d2_lexer.ll" ECHO; YY_BREAK -#line 2814 "d2_lexer.cc" +#line 2813 "d2_lexer.cc" case YY_END_OF_BUFFER: { @@ -3013,7 +3012,7 @@ static int yy_get_next_buffer (void) else { - yy_size_t num_to_read = + int num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) @@ -3027,7 +3026,7 @@ static int yy_get_next_buffer (void) if ( b->yy_is_our_buffer ) { - yy_size_t new_size = b->yy_buf_size * 2; + int new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; @@ -3085,7 +3084,7 @@ static int yy_get_next_buffer (void) if (((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + int new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc( (void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) @@ -3206,7 +3205,7 @@ static int yy_get_next_buffer (void) else { /* need more input */ - yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); + int offset = (int) ((yy_c_buf_p) - (yytext_ptr)); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) @@ -3649,12 +3648,12 @@ YY_BUFFER_STATE yy_scan_string (const char * yystr ) * * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, yy_size_t _yybytes_len ) +YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, int _yybytes_len ) { YY_BUFFER_STATE b; char *buf; yy_size_t n; - yy_size_t i; + int i; /* Get memory for full buffer, including space for trailing EOB's. */ n = (yy_size_t) (_yybytes_len + 2); @@ -3701,7 +3700,7 @@ static void yynoreturn yy_fatal_error (const char* msg ) do \ { \ /* Undo effects of setting up yytext. */ \ - yy_size_t yyless_macro_arg = (n); \ + int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ yytext[yyleng] = (yy_hold_char); \ (yy_c_buf_p) = yytext + yyless_macro_arg; \ @@ -3745,7 +3744,7 @@ FILE *yyget_out (void) /** Get the length of the current token. * */ -yy_size_t yyget_leng (void) +int yyget_leng (void) { return yyleng; } diff --git a/src/bin/d2/location.hh b/src/bin/d2/location.hh index dd188b83fb..4145366614 100644 --- a/src/bin/d2/location.hh +++ b/src/bin/d2/location.hh @@ -1,4 +1,3 @@ -// Generated 202407231401 // A Bison parser, made by GNU Bison 3.8.2. // Locations for Bison parsers in C++ diff --git a/src/bin/dhcp4/location.hh b/src/bin/dhcp4/location.hh index 3b5cfa605e..860fbfa0c9 100644 --- a/src/bin/dhcp4/location.hh +++ b/src/bin/dhcp4/location.hh @@ -1,4 +1,3 @@ -// Generated 202407231401 // A Bison parser, made by GNU Bison 3.8.2. // Locations for Bison parsers in C++ diff --git a/src/bin/dhcp6/location.hh b/src/bin/dhcp6/location.hh index 164322bdde..4fb140a70e 100644 --- a/src/bin/dhcp6/location.hh +++ b/src/bin/dhcp6/location.hh @@ -1,4 +1,3 @@ -// Generated 202407231401 // A Bison parser, made by GNU Bison 3.8.2. // Locations for Bison parsers in C++ diff --git a/src/lib/config/command_mgr.h b/src/lib/config/command_mgr.h index d1eee35c10..91f2c8f39a 100644 --- a/src/lib/config/command_mgr.h +++ b/src/lib/config/command_mgr.h @@ -1,4 +1,4 @@ -// Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2015-2024 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/src/lib/eval/eval_context.h b/src/lib/eval/eval_context.h index 9a086e4432..033ff088f0 100644 --- a/src/lib/eval/eval_context.h +++ b/src/lib/eval/eval_context.h @@ -1,4 +1,4 @@ -// Copyright (C) 2015-2022 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2015-2024 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/src/lib/eval/eval_messages.cc b/src/lib/eval/eval_messages.cc index 72324a3f32..5872f8ca3b 100644 --- a/src/lib/eval/eval_messages.cc +++ b/src/lib/eval/eval_messages.cc @@ -59,7 +59,6 @@ extern const isc::log::MessageID EVAL_DEBUG_VENDOR_ENTERPRISE_ID = "EVAL_DEBUG_V extern const isc::log::MessageID EVAL_DEBUG_VENDOR_ENTERPRISE_ID_MISMATCH = "EVAL_DEBUG_VENDOR_ENTERPRISE_ID_MISMATCH"; extern const isc::log::MessageID EVAL_DEBUG_VENDOR_EXISTS = "EVAL_DEBUG_VENDOR_EXISTS"; extern const isc::log::MessageID EVAL_DEBUG_VENDOR_NO_OPTION = "EVAL_DEBUG_VENDOR_NO_OPTION"; -extern const isc::log::MessageID EVAL_RESULT = "EVAL_RESULT"; } // namespace dhcp } // namespace isc @@ -119,7 +118,6 @@ const char* values[] = { "EVAL_DEBUG_VENDOR_ENTERPRISE_ID_MISMATCH", "%1: Was looking for %2, option had %3, pushing result '%4'", "EVAL_DEBUG_VENDOR_EXISTS", "%1: Option with enterprise-id %2 found, pushing result '%3'", "EVAL_DEBUG_VENDOR_NO_OPTION", "%1: Option with code %2 missing, pushing result '%3'", - "EVAL_RESULT", "%1: Expression %2 evaluated to %3", NULL }; diff --git a/src/lib/eval/eval_messages.h b/src/lib/eval/eval_messages.h index 4eb7f66513..41747f7743 100644 --- a/src/lib/eval/eval_messages.h +++ b/src/lib/eval/eval_messages.h @@ -60,7 +60,6 @@ extern const isc::log::MessageID EVAL_DEBUG_VENDOR_ENTERPRISE_ID; extern const isc::log::MessageID EVAL_DEBUG_VENDOR_ENTERPRISE_ID_MISMATCH; extern const isc::log::MessageID EVAL_DEBUG_VENDOR_EXISTS; extern const isc::log::MessageID EVAL_DEBUG_VENDOR_NO_OPTION; -extern const isc::log::MessageID EVAL_RESULT; } // namespace dhcp } // namespace isc diff --git a/src/lib/eval/eval_messages.mes b/src/lib/eval/eval_messages.mes index c30e59a668..7dedeb4e3e 100644 --- a/src/lib/eval/eval_messages.mes +++ b/src/lib/eval/eval_messages.mes @@ -15,6 +15,7 @@ the value stack. Then are then combined via logical and and the result is pushed onto the value stack. # For use with TokenBranch + % EVAL_DEBUG_BRANCH Branching to %1 Logged at debug log level 55. This debug message indicates that an unconditional branch is performed @@ -129,25 +130,6 @@ the value stack, negated and then pushed onto the value stack. The string is displayed in text. # For use with TokenPopAndBranchFalse -% EVAL_DEBUG_POP_AND_BRANCH_FALSE Value is false: branching to %1 -Logged at debug log level 55. -This debug message indicates that a branch on false condition is performed -to the displayed target. - -# For use with TokenPopOrBranchFalse -% EVAL_DEBUG_POP_OR_BRANCH_FALSE Value is false: keeping it and branching to %1 -Logged at debug log level 55. -This debug message indicates that a branch on false condition is performed -to the displayed target. - -# For use with TokenPopOrBranchTrue -% EVAL_DEBUG_POP_OR_BRANCH_TRUE Value is true: keeping it and branching to %1 -Logged at debug log level 55. -This debug message indicates that a branch on true condition is performed -to the displayed target. - -# For use with TokenOption based classes. These include TokenOption, -# TokenRelay4Option and TokenRelay6Option. % EVAL_DEBUG_OPTION %1: Pushing option %2 with value %3 Logged at debug log level 55. @@ -193,6 +175,28 @@ The string is displayed in hex. # For use with TokenRelay6Field +% EVAL_DEBUG_POP_AND_BRANCH_FALSE Value is false: branching to %1 +Logged at debug log level 55. +This debug message indicates that a branch on false condition is performed +to the displayed target. + +# For use with TokenPopOrBranchFalse + +% EVAL_DEBUG_POP_OR_BRANCH_FALSE Value is false: keeping it and branching to %1 +Logged at debug log level 55. +This debug message indicates that a branch on false condition is performed +to the displayed target. + +# For use with TokenPopOrBranchTrue + +% EVAL_DEBUG_POP_OR_BRANCH_TRUE Value is true: keeping it and branching to %1 +Logged at debug log level 55. +This debug message indicates that a branch on true condition is performed +to the displayed target. + +# For use with TokenOption based classes. These include TokenOption, +# TokenRelay4Option and TokenRelay6Option. + % EVAL_DEBUG_RELAY6 %1: Pushing PKT6 relay field %2 nest %3 with value %4 Logged at debug log level 55. This debug message indicates that the given binary string representing diff --git a/src/lib/eval/evaluate.h b/src/lib/eval/evaluate.h index c572debbf2..3e4c2c3be2 100644 --- a/src/lib/eval/evaluate.h +++ b/src/lib/eval/evaluate.h @@ -1,4 +1,4 @@ -// Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2015-2024 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/src/lib/eval/location.hh b/src/lib/eval/location.hh index 674df6e31a..5bde47985a 100644 --- a/src/lib/eval/location.hh +++ b/src/lib/eval/location.hh @@ -1,4 +1,3 @@ -// Generated 202408071949 // A Bison parser, made by GNU Bison 3.8.2. // Locations for Bison parsers in C++ diff --git a/src/lib/http/tests/request_parser_unittests.cc b/src/lib/http/tests/request_parser_unittests.cc index 8f1701d091..db0ff9098d 100644 --- a/src/lib/http/tests/request_parser_unittests.cc +++ b/src/lib/http/tests/request_parser_unittests.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2016-2019 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2016-2024 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this |