NACM cleanup, uniform rule function, change of function names, etc.
This commit is contained in:
Olof hagsand
parent
8bf5cb0de5
commit
1e4022e73c
13 changed files with 180 additions and 247 deletions
|
|
@ -214,7 +214,7 @@ from_client_get_config(clicon_handle h,
|
|||
goto ok;
|
||||
}
|
||||
/* Pre-NACM access step */
|
||||
if ((ret = nacm_access_h(h, username, &xnacm)) < 0)
|
||||
if ((ret = nacm_access_pre(h, username, &xnacm)) < 0)
|
||||
goto done;
|
||||
if (ret == 0){ /* Do NACM validation */
|
||||
if (xpath_vec(xret, "%s", &xvec, &xlen, xpath?xpath:"/") < 0)
|
||||
|
|
@ -407,7 +407,7 @@ from_client_get(clicon_handle h,
|
|||
goto ok;
|
||||
}
|
||||
/* Pre-NACM access step */
|
||||
if ((ret = nacm_access_h(h, username, &xnacm)) < 0)
|
||||
if ((ret = nacm_access_pre(h, username, &xnacm)) < 0)
|
||||
goto done;
|
||||
if (ret == 0){ /* Do NACM validation */
|
||||
if (xpath_vec(xret, "%s", &xvec, &xlen, xpath?xpath:"/") < 0)
|
||||
|
|
@ -728,6 +728,10 @@ from_client_kill_session(clicon_handle h,
|
|||
* @param[out] cbret Return xml value cligen buffer
|
||||
* @retval 0 OK
|
||||
* @retval -1 Error. Send error message back to client.
|
||||
* NACM: If source running and target startup --> only exec permission
|
||||
* else:
|
||||
* - omit data nodes to which the client does not have read access
|
||||
* - access denied if user lacks create/delete/update
|
||||
*/
|
||||
static int
|
||||
from_client_copy_config(clicon_handle h,
|
||||
|
|
@ -1052,7 +1056,7 @@ from_client_msg(clicon_handle h,
|
|||
clicon_debug(1, "%s module:%s rpc:%s", __FUNCTION__, module, rpc);
|
||||
/* Pre-NACM access step */
|
||||
xnacm = NULL;
|
||||
if ((ret = nacm_access_h(h, username, &xnacm)) < 0)
|
||||
if ((ret = nacm_access_pre(h, username, &xnacm)) < 0)
|
||||
goto done;
|
||||
if (ret == 0){ /* Do NACM validation */
|
||||
/* NACM rpc operation exec validation */
|
||||
|
|
|
|||
|
|
@ -323,6 +323,10 @@ candidate_commit(clicon_handle h,
|
|||
* @param[out] cbret Return xml value cligen buffer
|
||||
* @retval 0 OK. This may indicate both ok and err msg back to client
|
||||
* @retval -1 (Local) Error
|
||||
* NACM: The server MUST determine the exact nodes in the running
|
||||
* configuration datastore that are actually different and only check
|
||||
* "create", "update", and "delete" access permissions for this set of
|
||||
* nodes, which could be empty.
|
||||
*/
|
||||
int
|
||||
from_client_commit(clicon_handle h,
|
||||
|
|
@ -368,6 +372,7 @@ from_client_commit(clicon_handle h,
|
|||
* @param[out] cbret Return xml value cligen buffer
|
||||
* @retval 0 OK. This may indicate both ok and err msg back to client
|
||||
* @retval -1 (Local) Error
|
||||
* NACM: No datastore permissions are needed.
|
||||
*/
|
||||
int
|
||||
from_client_discard_changes(clicon_handle h,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue