* The backend socket has now support of credentials of peer clients

* Added: CLICON_NACM_CREDENTIALS and CLICON_NACM_RECOVERY_USER

lib/clixon/clixon_options.h

@@ -77,7 +77,14 @@ enum startup_mode_t{
 enum priv_mode_t{
     PM_NONE=0,        /* Make no drop/change in privileges */
     PM_DROP_PERM,     /* Drop privileges permanently */
-    PM_DROP_TEMP,     /* Drop privileges temporary */
+    PM_DROP_TEMP      /* Drop privileges temporary */
+};
+
+/*! See clixon-config.yang type nacm_cred_mode (user credentials) */
+enum nacm_credentials_t{
+    NC_NONE=0,   /* "Dont match NACM user to any user credentials.  */
+    NC_EXACT,    /* Exact match between NACM user and unix socket peer user. */
+    NC_EXCEPT    /* Exact match except for root and www user  */
 };
 
 /*! Datastore cache behaviour, see clixon_datastore.[ch] 
@@ -183,6 +190,9 @@ static inline char *clicon_backend_pidfile(clicon_handle h){
 static inline char *clicon_xmldb_dir(clicon_handle h){
     return clicon_option_str(h, "CLICON_XMLDB_DIR");
 }
+static inline char *clicon_nacm_recovery_user(clicon_handle h){
+    return clicon_option_str(h, "CLICON_NACM_RECOVERY_USER");
+}
 
 /*-- Specific option access functions for YANG options w type conversion--*/
 int   clicon_cli_genmodel(clicon_handle h);
@@ -193,7 +203,9 @@ int   clicon_sock_family(clicon_handle h);
 int   clicon_sock_port(clicon_handle h);
 int   clicon_autocommit(clicon_handle h);
 int   clicon_startup_mode(clicon_handle h);
-int   clicon_backend_privileges_mode(clicon_handle h);
+enum priv_mode_t clicon_backend_privileges_mode(clicon_handle h);
+enum nacm_credentials_t clicon_nacm_credentials(clicon_handle h);
+
 enum datastore_cache clicon_datastore_cache(clicon_handle h);
 enum regexp_mode clicon_yang_regexp(clicon_handle h);
 /*-- Specific option access functions for non-yang options --*/

lib/clixon/clixon_uid.h

@@ -41,8 +41,8 @@
  * Prototypes
  */ 
 int group_name2gid(const char *name, gid_t *gid);
-
 int name2uid(const char *name, uid_t *uid);
+int uid2name(const uid_t uid, char **name);
 int drop_priv_temp(uid_t new_uid);
 int drop_priv_perm(uid_t new_uid);
 int restore_priv(void);

lib/clixon/clixon_xpath.h

@@ -56,7 +56,9 @@ enum xp_op{
     XO_UNION,
 };
 
-/* Axis specifiers according to https://www.w3.org/TR/xpath-10/#NT-AxisName */
+/* Axis specifiers according to https://www.w3.org/TR/xpath-10/#NT-AxisName 
+ * @see axis_type_int2str
+ */
 enum axis_type{
     A_NAN = 0, /* Not set */
     A_ANCESTOR,
@@ -69,13 +71,15 @@ enum axis_type{
     A_FOLLOWING_SIBLING, 
     A_NAMESPACE,
     A_PARENT,
-    A_PRECEEDING,
-    A_PRECEEDING_SIBLING,
+    A_PRECEDING,
+    A_PRECEDING_SIBLING,
     A_SELF,
     A_ROOT /* XXX Not in https://www.w3.org/TR/xpath-10 */
 };
 
-/* used as non-terminal type in yacc rules */
+/* used as non-terminal type in yacc rules 
+ * @see xpath_tree_int2str
+ */
 enum xp_type{
     XP_EXP,
     XP_AND,
@@ -100,7 +104,7 @@ enum xp_type{
  */
 struct xpath_tree{
     enum xp_type       xs_type;
-    int                xs_int;
+    int                xs_int; /* step-> axis-type */
     double             xs_double;
     char              *xs_s0;
     char              *xs_s1;
@@ -112,6 +116,7 @@ typedef struct xpath_tree xpath_tree;
 /*
  * Prototypes
  */
+char* axis_type_int2str(int axis_type);
 char* xpath_tree_int2str(int nodetype);
 int   xpath_tree_print_cb(cbuf *cb, xpath_tree *xs);
 int   xpath_tree_print(FILE *f, xpath_tree *xs);