experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NACM cleanup, uniform rule function, change of function names, etc.

Browse source
This commit is contained in:
Olof hagsand 2019-02-02 11:35:50 +01:00
parent 8bf5cb0de5
commit 1e4022e73c
13 changed files with 180 additions and 247 deletions
Download patch file Download diff file Expand all files Collapse all files

10
apps/backend/backend_client.c
View file

@ -214,7 +214,7 @@ from_client_get_config(clicon_handle h,
goto ok;
}
/* Pre-NACM access step */
if ((ret = nacm_access_h(h, username, &xnacm)) < 0)
if ((ret = nacm_access_pre(h, username, &xnacm)) < 0)
goto done;
if (ret == 0){ /* Do NACM validation */
if (xpath_vec(xret, "%s", &xvec, &xlen, xpath?xpath:"/") < 0)
@ -407,7 +407,7 @@ from_client_get(clicon_handle h,
goto ok;
}
/* Pre-NACM access step */
if ((ret = nacm_access_h(h, username, &xnacm)) < 0)
if ((ret = nacm_access_pre(h, username, &xnacm)) < 0)
goto done;
if (ret == 0){ /* Do NACM validation */
if (xpath_vec(xret, "%s", &xvec, &xlen, xpath?xpath:"/") < 0)
@ -728,6 +728,10 @@ from_client_kill_session(clicon_handle h,
* @param[out] cbret Return xml value cligen buffer
* @retval 0 OK
* @retval -1 Error. Send error message back to client.
* NACM: If source running and target startup --> only exec permission
* else:
* - omit data nodes to which the client does not have read access
* - access denied if user lacks create/delete/update
*/
static int
from_client_copy_config(clicon_handle h,
@ -1052,7 +1056,7 @@ from_client_msg(clicon_handle h,
clicon_debug(1, "%s module:%s rpc:%s", __FUNCTION__, module, rpc);
/* Pre-NACM access step */
xnacm = NULL;
if ((ret = nacm_access_h(h, username, &xnacm)) < 0)
if ((ret = nacm_access_pre(h, username, &xnacm)) < 0)
goto done;
if (ret == 0){ /* Do NACM validation */
/* NACM rpc operation exec validation */

5
apps/backend/backend_commit.c
View file

@ -323,6 +323,10 @@ candidate_commit(clicon_handle h,
* @param[out] cbret Return xml value cligen buffer
* @retval 0 OK. This may indicate both ok and err msg back to client
* @retval -1 (Local) Error
* NACM: The server MUST determine the exact nodes in the running
* configuration datastore that are actually different and only check
* "create", "update", and "delete" access permissions for this set of
* nodes, which could be empty.
*/
int
from_client_commit(clicon_handle h,
@ -368,6 +372,7 @@ from_client_commit(clicon_handle h,
* @param[out] cbret Return xml value cligen buffer
* @retval 0 OK. This may indicate both ok and err msg back to client
* @retval -1 (Local) Error
* NACM: No datastore permissions are needed.
*/
int
from_client_discard_changes(clicon_handle h,