experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- Added specific WITH_RESTCONF compile contants for _NATIVE and _FCGI for C code

Browse source 
- Restconf auth=none changes
  - Load clixon-restconf and resolve features earlier so that config features work
  - Removed auth=none code from example (this was non-std half-baked basic auth)
  - Changed tests that used auth-type=none to enable feature clixon-restconf:allow-auth-none
- Moved cert creation from sub-shell to servercert function
- Fixed typos for dockerfile rename of restconf evhtp to native
This commit is contained in:
Olof hagsand 2021-04-07 20:33:58 +02:00
parent 2bf75158a6
commit 244060fddc
38 changed files with 159 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

7
configure vendored
View file

@ -5042,6 +5042,9 @@ else
as_fn_error $? "libfcgi-dev missing" "$LINENO" 5
fi
$as_echo "#define WITH_RESTCONF_FCGI 1" >>confdefs.h
# For c-code that cant use strings
elif test "x${with_restconf}" == xnative; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5
$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; }
@ -5249,6 +5252,9 @@ else
as_fn_error $? "libevhtp missing" "$LINENO" 5
fi
$as_echo "#define WITH_RESTCONF_NATIVE 1" >>confdefs.h
# For c-code that cant use strings
elif test "x${with_restconf}" == xno; then
# Cant get around "no" as an answer for --without-restconf that is reset here to undefined
with_restconf=
@ -5256,7 +5262,6 @@ else
as_fn_error $? "No such restconf package: ${with_restconf}" "$LINENO" 5
fi
if test "x${with_restconf}" != "x"; then
# This is so it appears in config.h

3
configure.ac
View file

@ -209,6 +209,7 @@ AC_ARG_WITH([restconf],
if test "x${with_restconf}" == xfcgi; then
# Lives in libfcgi-dev
AC_CHECK_LIB(fcgi, FCGX_Init,, AC_MSG_ERROR([libfcgi-dev missing]))
AC_DEFINE(WITH_RESTCONF_FCGI, 1, [Use fcgi restconf mode]) # For c-code that cant use strings
elif test "x${with_restconf}" == xnative; then
AC_CHECK_LIB(ssl, OPENSSL_init_ssl ,, AC_MSG_ERROR([libssl missing]))
AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, , AC_MSG_ERROR([libcrypto missing]))
@ -221,6 +222,7 @@ elif test "x${with_restconf}" == xnative; then
#define EVHTP_DISABLE_EVTHR
]])
AC_CHECK_LIB(evhtp, evhtp_new,, AC_MSG_ERROR([libevhtp missing]),[-levent -lssl -lcrypto])
AC_DEFINE(WITH_RESTCONF_NATIVE, 1, [Use native restconf mode]) # For c-code that cant use strings
elif test "x${with_restconf}" == xno; then
# Cant get around "no" as an answer for --without-restconf that is reset here to undefined
with_restconf=
@ -228,7 +230,6 @@ else
AC_MSG_ERROR([No such restconf package: ${with_restconf}])
fi
if test "x${with_restconf}" != "x"; then
# This is so it appears in config.h
AC_DEFINE_UNQUOTED(WITH_RESTCONF, ${with_restconf}, [Restconf package])

2
docker/main/Dockerfile.internal → docker/main/Dockerfile.native
View file

@ -77,7 +77,7 @@ COPY clixon .
RUN adduser -D -H www-data
# Configure, build and install clixon
RUN ./configure --prefix=/clixon/build --with-cligen=/clixon/build --with-wwwuser=www-data --enable-optyangs --with-restconf=evhtp
RUN ./configure --prefix=/clixon/build --with-cligen=/clixon/build --with-wwwuser=www-data --enable-optyangs --with-restconf=native
RUN make
RUN make install

4
docker/main/README.md
View file

@ -10,13 +10,13 @@ The directory contains the following files:
- cleanup.sh Kill containers
- Dockerfile Docker build instructions without restconf
- Dockerfile.fcgi Docker build instructions with nginx/fcgi restconf (this is default)
- Dockerfile.evhtp Docker build instructions with libevhtp restconf
- Dockerfile.native Docker build instructions with native restconf
- Makefile.in "make docker" builds the container
- README.md This file
- start.sh Start containers
- startsystem.sh Internal start script copied to inside the container (dont run from shell).
- startsystem_fcgi.sh Variant for nginx/fcgi (default)
- startsystem_evhtp.sh Variant for libevhtp
- startsystem_native.sh Variant for native restconf
How to run the tests:
```

0
docker/main/startsystem_evhtp.sh → docker/main/startsystem_native.sh
View file

77
example/main/example_restconf.c
View file

@ -33,8 +33,6 @@
***** END LICENSE BLOCK *****
*
* This code uses WITH_RESTCONF_FCGI to identify its run with fcgi intreface for ca_auth
* This should be changed.
*/
#include <stdlib.h>
@ -268,76 +266,6 @@ example_basic_auth(clicon_handle h,
goto done;
}
/*! HTTP "no auth" but uses basic authentication to get a user
* @param[in] h Clicon handle
* @param[in] req Per-message request www handle to use with restconf_api.h
* @param[out] authp NULL: Credentials failed, no user set (401 returned).
* String: Credentials OK, the associated user, must be mallloc:ed
* Parameter signtificant only if retval is 1/OK
* @retval -1 Fatal error
* @retval 0 Ignore, undecided, not handled, same as no callback
* @retval 1 OK, see authp parameter for result.
* @note authp should be malloced
*/
static int
example_no_auth(clicon_handle h,
void *req,
char **authp)
{
int retval = -1;
cxobj *xt = NULL;
char *user = NULL;
cbuf *cb = NULL;
char *auth;
char *passwd;
size_t authlen;
int ret;
clicon_debug(1, "%s", __FUNCTION__);
if (authp == NULL){
clicon_err(OE_PLUGIN, EINVAL, "Authp output parameter is NULL");
goto done;
}
/* At this point in the code we must use HTTP basic authentication */
if ((auth = restconf_param_get(h, "HTTP_AUTHORIZATION")) == NULL)
goto fail;
if (strlen(auth) < strlen("Basic "))
goto fail;
if (strncmp("Basic ", auth, strlen("Basic ")))
goto fail;
auth += strlen("Basic ");
authlen = strlen(auth)*2;
if ((user = malloc(authlen)) == NULL){
clicon_err(OE_UNIX, errno, "malloc");
goto done;
}
memset(user, 0, authlen);
if ((ret = b64_decode(auth, user, authlen)) < 0)
goto done;
/* auth string is on the format user:passwd */
if ((passwd = index(user,':')) == NULL)
goto fail;
*passwd = '\0';
passwd++;
clicon_debug(1, "%s http user:%s passwd:%s", __FUNCTION__, user, passwd);
*authp = user; /* authenticated */
user=NULL; /* to avoid free below */
retval = 1;
done: /* error */
clicon_debug(1, "%s retval:%d authp:%s", __FUNCTION__, retval, authp?"":*authp);
if (user)
free(user);
if (cb)
cbuf_free(cb);
if (xt)
xml_free(xt);
return retval;
fail: /* unauthenticated */
*authp = NULL;
retval = 0; /* Ignore use anonymous */
goto done;
}
/*! Authentication callback
* @param[in] h Clicon handle
* @param[in] req Per-message request www handle to use with restconf_api.h
@ -360,9 +288,8 @@ example_restconf_credentials(clicon_handle h,
clicon_debug(1, "%s auth:%s", __FUNCTION__, clixon_auth_type_int2str(auth_type));
switch (auth_type){
case CLIXON_AUTH_NONE:
if ((retval = example_no_auth(h, req, authp)) < 0)
goto done;
case CLIXON_AUTH_NONE: /* FEATURE clixon-restconf:allow-auth-none must be enabled */
retval = 0;
break;
case CLIXON_AUTH_CLIENT_CERTIFICATE:
retval = 0; /* Ignore, use default */

12
include/clixon_config.h.in
View file

@ -51,9 +51,6 @@
/* Define to 1 if you have the `event' library (-levent). */
#undef HAVE_LIBEVENT
/* Define to 1 if you have the `event_openssl' library (-levent_openssl). */
#undef HAVE_LIBEVENT_OPENSSL
/* Define to 1 if you have the `evhtp' library (-levhtp). */
#undef HAVE_LIBEVHTP
@ -63,9 +60,6 @@
/* Define to 1 if you have the `m' library (-lm). */
#undef HAVE_LIBM
/* Define to 1 if you have the `pthread' library (-lpthread). */
#undef HAVE_LIBPTHREAD
/* Define to 1 if you have the `socket' library (-lsocket). */
#undef HAVE_LIBSOCKET
@ -147,6 +141,12 @@
/* Restconf package */
#undef WITH_RESTCONF
/* Use fcgi restconf mode */
#undef WITH_RESTCONF_FCGI
/* Use native restconf mode */
#undef WITH_RESTCONF_NATIVE
/* WWW dir for restconf daemon */
#undef WWWDIR

4
lib/clixon/clixon_plugin.h
View file

@ -98,7 +98,9 @@ typedef int (*clicon_upgrade_cb)(
* For now only used by restconf frontend
*/
enum clixon_auth_type {
CLIXON_AUTH_NONE = 0, /* Message is authenticated automatically, Do not call ca-auth callback */
CLIXON_AUTH_NONE = 0, /* Message is authenticated automatically to
anonymous user, maye be changed by ca-auth callback
FEATURE clixon-restconf:allow-auth-none must be enabled */
CLIXON_AUTH_CLIENT_CERTIFICATE, /* TLS Client certification authentication */
CLIXON_AUTH_USER, /* User-defined authentication according to ca-auth callback.
Such as "password" authentication */

7
lib/src/clixon_options.c
View file

@ -519,7 +519,7 @@ clicon_options_main(clicon_handle h)
clicon_conf_xml_set(h, xconfig);
#if defined(WITH_RESTCONF) && WITH_RESTCONF == fcgi
#ifdef WITH_RESTCONF_FCGI
/* Enable fcgi feature
* Due to boot-strapping in first load of clixon config, a feature cannot be added
* programmatically after config file load
@ -531,16 +531,17 @@ clicon_options_main(clicon_handle h)
YB_PARENT, NULL, &xconfig, NULL) < 0)
goto done;
#endif
/* Parse clixon yang spec */
if (yang_spec_parse_module(h, "clixon-config", NULL, yspec) < 0)
goto done;
/* Load restconf yang. Note this is also a part of clixon-config */
if (yang_spec_parse_module(h, "clixon-restconf", NULL, yspec)< 0)
goto done;
clicon_conf_xml_set(h, NULL);
if (xconfig){
xml_free(xconfig);
xconfig = NULL;
}
/* Read configfile second time now with check yang spec */
if (parse_configfile(h, configfile, extraconfdir, yspec, &xconfig) < 0)
goto done;

4
lib/src/clixon_yang.c
View file

@ -2009,7 +2009,7 @@ ys_populate_feature(clicon_handle h,
char *m;
char *f;
/* get clicon config file in xml form.
/* Get clicon config file in xml form.
* Bootstrapping: A feature is enabled if found in clixon-config
*/
if ((x = clicon_conf_xml(h)) == NULL)
@ -2046,7 +2046,7 @@ ys_populate_feature(clicon_handle h,
cv_name_set(cv, feature);
cv_bool_set(cv, found);
if (found)
clicon_debug(2, "%s %s:%s", __FUNCTION__, module, feature);
clicon_debug(1, "%s %s:%s", __FUNCTION__, module, feature);
ys->ys_cv = cv;
ok:
retval = 0;

67
test/certs.sh
View file

@ -1,67 +0,0 @@
#!/usr/bin/env bash
# Create server certs
# Assume: the following variables set:
# $dir, $certdir, $srvkey, $srvcert, $cakey, $cacert
# and that $certdir exists
# 1. CA
cat<<EOF > $dir/ca.cnf
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = ca-serial
crl = ca-crl.pem
database = ca-database.txt
name_opt = CA_default
cert_opt = CA_default
default_crl_days = 9999
default_md = md5
[ req ]
default_bits = ${CERTKEYLEN}
days = 1
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = password
[ req_distinguished_name ]
C = SE
L = Stockholm
O = Clixon
OU = clixon
CN = ca
emailAddress = olof@hagsand.se
[ req_attributes ]
challengePassword = test
EOF
# Generate CA cert
openssl req -x509 -days 1 -config $dir/ca.cnf -keyout $cakey -out $cacert
cat<<EOF > $dir/srv.cnf
[req]
prompt = no
distinguished_name = dn
req_extensions = ext
[dn]
CN = www.clicon.org # localhost
emailAddress = olof@hagsand.se
O = Clixon
L = Stockholm
C = SE
[ext]
subjectAltName = DNS:clicon.org
EOF
# Generate server key
openssl genrsa -out $srvkey ${CERTKEYLEN}
# Generate CSR (signing request)
openssl req -new -config $dir/srv.cnf -key $srvkey -out $certdir/srv_csr.pem
# Sign server cert by CA
openssl x509 -req -extfile $dir/srv.cnf -days 1 -passin "pass:password" -in $certdir/srv_csr.pem -CA $cacert -CAkey $cakey -CAcreateserial -out $srvcert

87
test/lib.sh
View file

@ -195,6 +195,7 @@ fi
# Args:
# 1: auth-type (one of none, client-cert, user)
# 2: pretty (if true pretty-print restconf return values)
# Note, if AUTH=none then FEATURE clixon-restconf:allow-auth-none must be enabled
function restconf_config()
{
AUTH=$1
@ -706,3 +707,89 @@ function expectmatch(){
fi
}
# Create server certs
# Output variables set as filenames on entry, set as cert/keys on exit:
# Vars:
# 1: cakey filename
# 2: cacert filename
# 3: srvkey filename
# 4: srvcert filename
function servercerts()
{
if [ $# -ne 4 ]; then
echo "servercerts function: Expected: cakey cacert srvkey srvcert"
exit 1
fi
cakey=$1
cacert=$2
srvkey=$3
srvcert=$4
tmpdir=$dir/tmpcertdir
test -d $tmpdir || mkdir $tmpdir
# 1. CA
cat<<EOF > $tmpdir/ca.cnf
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = ca-serial
crl = ca-crl.pem
database = ca-database.txt
name_opt = CA_default
cert_opt = CA_default
default_crl_days = 9999
default_md = md5
[ req ]
default_bits = ${CERTKEYLEN}
days = 1
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = password
[ req_distinguished_name ]
C = SE
L = Stockholm
O = Clixon
OU = clixon
CN = ca
emailAddress = olof@hagsand.se
[ req_attributes ]
challengePassword = test
EOF
# Generate CA cert
openssl req -x509 -days 1 -config $tmpdir/ca.cnf -keyout $cakey -out $cacert
cat<<EOF > $tmpdir/srv.cnf
[req]
prompt = no
distinguished_name = dn
req_extensions = ext
[dn]
CN = www.clicon.org # localhost
emailAddress = olof@hagsand.se
O = Clixon
L = Stockholm
C = SE
[ext]
subjectAltName = DNS:clicon.org
EOF
# Generate server key
openssl genrsa -out $srvkey ${CERTKEYLEN}
# Generate CSR (signing request)
openssl req -new -config $tmpdir/srv.cnf -key $srvkey -out $tmpdir/srv_csr.pem
# Sign server cert by CA
openssl x509 -req -extfile $tmpdir/srv.cnf -days 1 -passin "pass:password" -in $tmpdir/srv_csr.pem -CA $cacert -CAkey $cakey -CAcreateserial -out $srvcert
rm -rf $tmpdir
}

1
test/long.sh
View file

@ -49,6 +49,7 @@ EOF
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>

1
test/test_api.sh
View file

@ -30,6 +30,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>/tmp/conf_yang.xml</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>

1
test/test_augment.sh
View file

@ -30,6 +30,7 @@ cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>a:test</CLICON_FEATURE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>

1
test/test_choice.sh
View file

@ -20,6 +20,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>

1
test/test_client.sh
View file

@ -27,6 +27,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>

1
test/test_copy_config.sh
View file

@ -36,6 +36,7 @@ cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_MODULE_SET_ID>42</CLICON_MODULE_SET_ID>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>

1
test/test_identity.sh
View file

@ -16,6 +16,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>

1
test/test_perf_restconf.sh
View file

@ -58,6 +58,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>

1
test/test_perf_state.sh
View file

@ -35,6 +35,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>

1
test/test_perf_state_only.sh
View file

@ -35,6 +35,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>

4
test/test_restconf.sh
View file

@ -48,7 +48,8 @@ if [ "${WITH_RESTCONF}" = "native" ]; then
cakey=$certdir/ca_key.pem # needed?
cacert=$certdir/ca_cert.pem
test -d $certdir || mkdir $certdir
. ./certs.sh
# Create server certs and CA
servercerts $cakey $cacert $srvkey $srvcert
else
# Define default restconfig config: RESTCONFIG
restconf_config none false
@ -95,6 +96,7 @@ fi
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>

1
test/test_restconf2.sh
View file

@ -18,6 +18,7 @@ restconf_config none false
# <CLICON_YANG_MODULE_MAIN>example</CLICON_YANG_MODULE_MAIN>
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>

23
test/test_restconf_basic_auth.sh
View file

@ -5,7 +5,7 @@
# For auth-type=ssl-certs, See test_restconf.sh test_restconf_ssl_certs.sh
# native? and http only
# Use the following user settings:
# 1. none (eg no -u to curl)
# 1. none
# 2. anonymous - the registered anonymous user
# 3. andy - a well-known user
# 3. unknown - unknown user
@ -200,6 +200,7 @@ function testrun()
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>
@ -225,11 +226,11 @@ EOF
new "start restconf daemon"
start_restconf -f $cfg
new "wait restconf"
wait_restconf
fi
new "wait restconf"
wait_restconf
new "curl $CURLOPTS $user -X GET $RCPROTO://localhost/restconf/data/myexample:top"
expectpart "$(curl $CURLOPTS $user -X GET $RCPROTO://localhost/restconf/data/myexample:top)" 0 $expectcode "$expectmsg"
@ -249,11 +250,11 @@ if [ $BE -ne 0 ]; then
new "start backend -s startup -f $cfg"
start_backend -s startup -f $cfg
new "wait backend"
wait_backend
fi
new "wait backend"
wait_backend
MSGANON='{"myexample:top":{"anonymous":"42"}}'
MSGWILMA='{"myexample:top":{"wilma":"71"}}'
# Authentication failed:
@ -270,14 +271,10 @@ new "auth-type=$AUTH anonymous"
testrun $AUTH "-u ${anonymous}:foo" "HTTP/1.1 200 OK" "$MSGANON" # OK - anonymous
new "auth-type=$AUTH wilma"
testrun $AUTH "-u wilma:bar" "HTTP/1.1 200 OK" "$MSGWILMA" # OK - wilma
testrun $AUTH "-u wilma:bar" "HTTP/1.1 200 OK" "$MSGANON" # OK - wilma
new "auth-type=$AUTH wilma wrong passwd"
testrun $AUTH "-u wilma:wrong" "HTTP/1.1 200 OK" "$MSGWILMA" # OK - wilma
new "auth-type=$AUTH unknown"
testrun $AUTH "-u unknown:any" "HTTP/1.1 403 Forbidden" "$MSGERR2" # OK, but nacm authorization fail
testrun $AUTH "-u wilma:wrong" "HTTP/1.1 200 OK" "$MSGANON" # OK - wilma
AUTH=user

1
test/test_restconf_err.sh
View file

@ -37,6 +37,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>

1
test/test_restconf_jukebox.sh
View file

@ -30,6 +30,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>

1
test/test_restconf_listkey.sh
View file

@ -17,6 +17,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>

5
test/test_restconf_netns.sh
View file

@ -42,7 +42,9 @@ srvcert=$certdir/srv_cert.pem
cakey=$certdir/ca_key.pem # needed?
cacert=$certdir/ca_cert.pem
test -d $certdir || mkdir $certdir
. ./certs.sh
# Create server certs and CA
servercerts $cakey $cacert $srvkey $srvcert
# XXX Note default port need to be 80 for wait_restconf to work
RESTCONFIG=$(cat <<EOF
@ -81,6 +83,7 @@ cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>

1
test/test_restconf_notifications.sh
View file

@ -49,6 +49,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_FILE>$fyang</CLICON_YANG_MAIN_FILE>

1
test/test_restconf_rpc.sh
View file

@ -26,6 +26,7 @@ cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>

6
test/test_restconf_ssl_certs.sh
View file

@ -92,8 +92,8 @@ EOF
)
if $genkeys; then
# Server certs
. ./certs.sh
# Create server certs
servercerts $cakey $cacert $srvkey $srvcert
# create client certs
for name in $users $xusers; do
@ -118,7 +118,7 @@ EOF
openssl x509 -req -extfile $dir/$name.cnf -days 1 -passin "pass:password" -in $certdir/$name.csr -CA $cacert -CAkey $cakey -CAcreateserial -out $certdir/$name.crt
done # client key
# invalid
# invalid (days = 0)
for name in $xusers; do
openssl x509 -req -extfile $dir/$name.cnf -days 0 -passin "pass:password" -in $certdir/$name.csr -CA $cacert -CAkey $cakey -CAcreateserial -out $certdir/$name.crt
done # invalid

1
test/test_restconf_startup.sh
View file

@ -40,6 +40,7 @@ restconf_config none true
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
<CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>

1
test/test_rpc.sh
View file

@ -20,6 +20,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>

1
test/test_submodule.sh
View file

@ -33,6 +33,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_FEATURE>main:A</CLICON_FEATURE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>

1
test/test_yang_anydata.sh
View file

@ -132,6 +132,7 @@ function testrun()
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$dir</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>

1
test/test_yang_namespace.sh
View file

@ -19,6 +19,7 @@ restconf_config none false
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>

4
yang/clixon/clixon-lib@2021-03-08.yang
View file

@ -182,7 +182,9 @@ module clixon-lib {
description
"Output from status rpc";
leaf active {
description "True if process is running, false if not";
description
"True if process is running, false if not.
More specifically, there is a process-id and it exists (in Linux: kill(pid,0)";
type boolean;
}
leaf description {