diff --git a/apps/backend/backend_startup.c b/apps/backend/backend_startup.c index 21f2a579..a3447c07 100644 --- a/apps/backend/backend_startup.c +++ b/apps/backend/backend_startup.c @@ -279,7 +279,9 @@ startup_extraxml(clicon_handle h, failsafe ----------------------+ reset \ commit -running |-------+---------------> RUNNING FAILSAFE +running ----|-------+---------------> RUNNING FAILSAFE + \ +tmp |----------------------> */ int startup_failsafe(clicon_handle h) diff --git a/apps/restconf/README.md b/apps/restconf/README.md index 66ab1819..292b5da1 100644 --- a/apps/restconf/README.md +++ b/apps/restconf/README.md @@ -109,7 +109,7 @@ Set the Clixon configuration options: ``` In this example, the stream EXAMPLE would be accessed with `https://example.com/streams/EXAMPLE`. -The retention is configured as 1 hour, i.e., the stream replay function will only save timeseries one other. +The retention is configured as 1 hour, i.e., the stream replay function will only save timeseries one hour. Clixon defines an internal in-memory (not persistent) replay function controlled by the configure option above. diff --git a/apps/restconf/restconf_main_evhtp.c b/apps/restconf/restconf_main_evhtp.c index 7615e808..c381c95f 100644 --- a/apps/restconf/restconf_main_evhtp.c +++ b/apps/restconf/restconf_main_evhtp.c @@ -792,6 +792,7 @@ main(int argc, clicon_err(OE_UNIX, errno, "evhtp_bind_socket"); goto done; } + /* Drop privileges to WWWUSER if started as root */ if (restconf_drop_privileges(h, WWWUSER) < 0) goto done; diff --git a/apps/restconf/restconf_main_fcgi.c b/apps/restconf/restconf_main_fcgi.c index 7c964698..9ef98816 100644 --- a/apps/restconf/restconf_main_fcgi.c +++ b/apps/restconf/restconf_main_fcgi.c @@ -443,10 +443,9 @@ main(int argc, clicon_err(OE_UNIX, errno, "chmod"); goto done; } -#if 1 + /* Drop privileges to WWWUSER if started as root */ if (restconf_drop_privileges(h, WWWUSER) < 0) goto done; -#endif if (FCGX_InitRequest(req, sock, 0) != 0){ clicon_err(OE_CFG, errno, "FCGX_InitRequest"); goto done; diff --git a/docker/main/startsystem_fcgi.sh b/docker/main/startsystem_fcgi.sh index fe3ab23c..329fb9af 100755 --- a/docker/main/startsystem_fcgi.sh +++ b/docker/main/startsystem_fcgi.sh @@ -88,7 +88,7 @@ EOF # - test_order.sh XXX this is a bug need debugging cat < /usr/local/bin/test/site.sh # Add your local site specific env variables (or tests) here. -SKIPLIST="test_api.sh test_c++.sh test_yangmodels.sh test_openconfig.sh test_install.sh test_nacm_recovery.sh test_privileges.sh" +SKIPLIST="test_api.sh test_c++.sh test_yangmodels.sh test_openconfig.sh test_install.sh test_privileges.sh" #IETFRFC= EOF diff --git a/lib/clixon/clixon_plugin.h b/lib/clixon/clixon_plugin.h index 2873553d..e6bf37a6 100644 --- a/lib/clixon/clixon_plugin.h +++ b/lib/clixon/clixon_plugin.h @@ -131,7 +131,7 @@ typedef int (plgexit_t)(clicon_handle); /* Plugin exit */ */ typedef int (plgextension_t)(clicon_handle h, yang_stmt *yext, yang_stmt *ys); -/*! Called by restconf to check credentials and return username +/*! Called by restconf on each incoming request to check credentials and return username */ /* Plugin authorization. Set username option (or not) @@ -182,7 +182,7 @@ typedef char *(cli_prompthook_t)(clicon_handle, char *mode); typedef int (datastore_upgrade_t)(clicon_handle h, const char *db, cxobj *xt, modstate_diff_t *msd); /*! Startup status for use in startup-callback - * Note that for STARTUP_ERR and _INVALID, running runs in failsafe mode + * Note that for STARTUP_ERR and STARTUP_INVALID, running runs in failsafe mode * and startup contains the erroneous or invalid database. * The user should repair the startup and * (1) restart the backend diff --git a/test/config.sh.in b/test/config.sh.in index a72a6069..fa1a6294 100755 --- a/test/config.sh.in +++ b/test/config.sh.in @@ -5,4 +5,5 @@ WITH_RESTCONF=@with_restconf@ # evhtp, fcgi or "" WITH_LIBXML2=@with_libxml2@ # yes or "" CXX=@CXX@ CC=@CC@ - +WWWUSER=@wwwuser@ +WWWDIR=@wwwdir@ diff --git a/test/lib.sh b/test/lib.sh index d74c02d5..d94e6147 100755 --- a/test/lib.sh +++ b/test/lib.sh @@ -105,10 +105,6 @@ fi # RESTCONF protocol, eg http or https : ${RCPROTO:=http} -# www user (on linux typically www-data, freebsd www) -# @see wwwstartuser which can be dropped to this -: ${wwwuser:=www-data} - # www user (on linux typically www-data, freebsd www) # Start restconf user, can be root which is dropped to wwwuser : ${wwwstartuser:=root} @@ -136,9 +132,9 @@ BUSER=clicon : ${clixon_cli:=clixon_cli} -: ${clixon_netconf:=clixon_netconf} +: ${clixon_netconf:=$(which clixon_netconf)} -: ${clixon_restconf:=/www-data/clixon_restconf} +: ${clixon_restconf:=$WWWDIR/clixon_restconf} : ${clixon_backend:=clixon_backend} @@ -268,9 +264,9 @@ stop_restconf_pre(){ # Stop restconf daemon after test # Two caveats in pkill: # 1) Dont use $clixon_restconf (dont work in valgrind) -# 2) Dont use -u $wwwuser since clixon_restconf may drop privileges. +# 2) Dont use -u $WWWUSER since clixon_restconf may drop privileges. stop_restconf(){ - # sudo pkill -u $wwwuser -f clixon_restconf # Dont use $clixon_restoconf doesnt work in valgrind + # sudo pkill -u $WWWUSER -f clixon_restconf # Dont use $clixon_restoconf doesnt work in valgrind sudo pkill -f clixon_restconf if [ $valgrindtest -eq 3 ]; then sleep 1 diff --git a/test/vagrant/vagrant.sh b/test/vagrant/vagrant.sh index 1df31a36..4712beaa 100755 --- a/test/vagrant/vagrant.sh +++ b/test/vagrant/vagrant.sh @@ -195,7 +195,7 @@ case $release in # restconf case ${with_restconf} in fcgi) - buildfcgi=true # some ubuntu dont have fcgidev + buildfcgi=true # some ubuntu dont have fcgi-dev $sshcmd sudo apt install -y nginx ;; evhtp) @@ -258,7 +258,6 @@ case ${with_restconf} in $sshcmd "(cd cmake; sudo make install)" fi if $buildevhtp; then - if true; then $sshcmd << 'EOF' test -d libevhtp || sudo git clone https://github.com/criticalstack/libevhtp.git cd libevhtp/build; @@ -267,12 +266,6 @@ case ${with_restconf} in sudo make sudo make install EOF - else - $sshcmd "test -d libevhtp || sudo git clone https://github.com/criticalstack/libevhtp.git" - $sshcmd "(cd libevhtp/build; sudo /usr/local/bin/cmake -DEVHTP_DISABLE_REGEX=ON -DEVHTP_DISABLE_EVTHR=ON ..)" - $sshcmd "(cd libevhtp/build; sudo make)" - $sshcmd "(cd libevhtp/build; sudo make install)" - fi fi ;; esac diff --git a/yang/clixon/clixon-config@2020-06-17.yang b/yang/clixon/clixon-config@2020-06-17.yang index a87c758d..460bf2dc 100644 --- a/yang/clixon/clixon-config@2020-06-17.yang +++ b/yang/clixon/clixon-config@2020-06-17.yang @@ -246,8 +246,7 @@ module clixon-config { } enum exact { description - "Exact match between NACM user and unix socket peer user. - Except for root user that can pose as any user."; + "Exact match between NACM user and unix socket peer user."; } enum except { description @@ -691,13 +690,14 @@ module clixon-config { leaf CLICON_NACM_MODE { type nacm_mode; default disabled; - description "RFC8341 network access configuration control model - (NACM) mode: disabled, in regular (internal) config - or separate external file given by CLICON_NACM_FILE"; + description + "RFC8341 network access configuration control model (NACM) mode: disabled, + in regular (internal) config or separate external file given by CLICON_NACM_FILE"; } leaf CLICON_NACM_FILE { type string; - description "RFC8341 NACM external configuration file"; + description + "RFC8341 NACM external configuration file (if CLIXON_NACM_MODE is external)"; } leaf CLICON_NACM_CREDENTIALS { type nacm_cred_mode; @@ -710,7 +710,7 @@ module clixon-config { leaf CLICON_NACM_RECOVERY_USER { type string; description - "RFC8341 defines a 'recovery session' as outside the scope. Clixon + "RFC8341 defines a 'recovery session' as outside its scope. Clixon defines this user as having special admin rights to exempt from all access control enforcements. Note setting of CLICON_NACM_CREDENTIALS is important, if set to