experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

HTTP data server updates

Browse source 
Check of enable-http-data config option
HTTP/2 Return 400 bad request if no path match
Test: updated yang file revisions, extended restconf config with http-data
This commit is contained in:
Olof hagsand 2022-04-21 16:45:18 +02:00
parent 2a8cedf0c3
commit 404d05950a
10 changed files with 243 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

6
CHANGELOG.md
View file

@ -49,9 +49,9 @@ Expected: May 2022
* path: Local static files within `CLICON_WWW_DATA_ROOT` * path: Local static files within `CLICON_WWW_DATA_ROOT`
* operation GET, HEAD, or OPTIONS * operation GET, HEAD, or OPTIONS
* query parameters not supported * query parameters not supported
5. indata should be NULL (no write operations) * no indata
6. Limited media: text/html, JavaScript, image, and css * media: html, css, js, fonts, image,
7. Authentication as restconf 7. Authentication, TLS, http/2 as restconf
Generic changes: Generic changes:
* Uniform path selection across fcgi, native http/1 + http/2 * Uniform path selection across fcgi, native http/1 + http/2

4
apps/restconf/clixon_http_data.c
View file

@ -87,7 +87,7 @@ static const map_str2str mime_map[] = {
/*! Check if uri path denotes a data path /*! Check if uri path denotes a data path
* *
* @param[out] data Pointer to string where data starts if retval = 1 * @param[out] data Pointer to string where data starts if retval = 1
* @retval 0 No, not a data path * @retval 0 No, not a data path, or not enabled
* @retval 1 Yes, a data path and "data" points to www-data if given * @retval 1 Yes, a data path and "data" points to www-data if given
*/ */
int int
@ -97,6 +97,8 @@ api_path_is_data(clicon_handle h,
char *path; char *path;
char *http_data_path; char *http_data_path;
if (restconf_http_data_get(h) == 0)
return 0;
if ((path = restconf_uripath(h)) == NULL) if ((path = restconf_uripath(h)) == NULL)
return 0; return 0;
if ((http_data_path = clicon_option_str(h, "CLICON_HTTP_DATA_PATH")) == NULL) if ((http_data_path = clicon_option_str(h, "CLICON_HTTP_DATA_PATH")) == NULL)

33
apps/restconf/restconf_handle.c
View file

@ -93,6 +93,7 @@ struct restconf_handle {
clicon_hash_t *rh_params; /* restconf parameters, including http headers */ clicon_hash_t *rh_params; /* restconf parameters, including http headers */
clixon_auth_type_t rh_auth_type; /* authentication type */ clixon_auth_type_t rh_auth_type; /* authentication type */
int rh_pretty; /* pretty-print for http replies */ int rh_pretty; /* pretty-print for http replies */
int rh_http_data; /* enable-http-data (and if-feature http-data) */
char *rh_fcgi_socket; /* if-feature fcgi, XXX: use WITH_RESTCONF_FCGI ? */ char *rh_fcgi_socket; /* if-feature fcgi, XXX: use WITH_RESTCONF_FCGI ? */
}; };
@ -229,11 +230,9 @@ restconf_pretty_get(clicon_handle h)
/*! Set restconf pretty-print /*! Set restconf pretty-print
* @param[in] h Clicon handle * @param[in] h Clicon handle
* @param[in] name Data name * @param[in] pretty 0 or 1
* @param[in] val Data value as null-terminated string
* @retval 0 OK * @retval 0 OK
* @retval -1 Error * @retval -1 Error
* Currently using clixon runtime data but there is risk for colliding names
*/ */
int int
restconf_pretty_set(clicon_handle h, restconf_pretty_set(clicon_handle h,
@ -245,6 +244,34 @@ restconf_pretty_set(clicon_handle h,
return 0; return 0;
} }
/*! Get restconf http-data
* @param[in] h Clixon handle
* @retval 0 Yes, http-data enabled
* @retval 1 No, http-data disabled
*/
int
restconf_http_data_get(clicon_handle h)
{
struct restconf_handle *rh = handle(h);
return rh->rh_http_data;
}
/*! Set restconf http-data
* @param[in] h Clixon handle
* @retval 0 OK
* @retval -1 Error
*/
int
restconf_http_data_set(clicon_handle h,
int http_data)
{
struct restconf_handle *rh = handle(h);
rh->rh_http_data = http_data;
return 0;
}
/*! Get restconf fcgi socket path /*! Get restconf fcgi socket path
* @param[in] h Clicon handle * @param[in] h Clicon handle
* @retval socketpath * @retval socketpath

2
apps/restconf/restconf_handle.h
View file

@ -51,6 +51,8 @@ clixon_auth_type_t restconf_auth_type_get(clicon_handle h);
int restconf_auth_type_set(clicon_handle h, clixon_auth_type_t type); int restconf_auth_type_set(clicon_handle h, clixon_auth_type_t type);
int restconf_pretty_get(clicon_handle h); int restconf_pretty_get(clicon_handle h);
int restconf_pretty_set(clicon_handle h, int pretty); int restconf_pretty_set(clicon_handle h, int pretty);
int restconf_http_data_get(clicon_handle h);
int restconf_http_data_set(clicon_handle h, int http_data);
char *restconf_fcgi_socket_get(clicon_handle h); char *restconf_fcgi_socket_get(clicon_handle h);
int restconf_fcgi_socket_set(clicon_handle h, char *socketpath); int restconf_fcgi_socket_set(clicon_handle h, char *socketpath);

7
apps/restconf/restconf_lib.c
View file

@ -786,6 +786,13 @@ restconf_config_init(clicon_handle h,
else if (strcmp(bstr, "false") == 0) else if (strcmp(bstr, "false") == 0)
restconf_pretty_set(h, 0); restconf_pretty_set(h, 0);
} }
if ((x = xpath_first(xrestconf, nsc, "enable-http-data")) != NULL &&
(bstr = xml_body(x)) != NULL){
if (strcmp(bstr, "true") == 0)
restconf_http_data_set(h, 1);
else if (strcmp(bstr, "false") == 0)
restconf_http_data_set(h, 0);
}
if ((x = xpath_first(xrestconf, nsc, "fcgi-socket")) != NULL && if ((x = xpath_first(xrestconf, nsc, "fcgi-socket")) != NULL &&
(bstr = xml_body(x)) != NULL){ (bstr = xml_body(x)) != NULL){
if (restconf_fcgi_socket_set(h, bstr) < 0) if (restconf_fcgi_socket_set(h, bstr) < 0)

4
apps/restconf/restconf_nghttp2.c
View file

@ -479,8 +479,10 @@ http2_exec(restconf_conn *rc,
if (restconf_nghttp2_path(sd) < 0) if (restconf_nghttp2_path(sd) < 0)
goto done; goto done;
} }
else else{
sd->sd_code = 400;
; /* ignore */ ; /* ignore */
}
/* If body, add a content-length header /* If body, add a content-length header
* A server MUST NOT send a Content-Length header field in any response * A server MUST NOT send a Content-Length header field in any response
* with a status code of 1xx (Informational) or 204 (No Content). A * with a status code of 1xx (Informational) or 204 (No Content). A

4
test/config.sh.in
View file

@ -71,8 +71,8 @@ DATASTORE_TOP="config"
# clixon yang revisions occuring in tests (see eg yang/clixon/Makefile.in) # clixon yang revisions occuring in tests (see eg yang/clixon/Makefile.in)
CLIXON_AUTOCLI_REV="2022-02-11" CLIXON_AUTOCLI_REV="2022-02-11"
CLIXON_LIB_REV="2021-12-05" CLIXON_LIB_REV="2021-12-05"
CLIXON_CONFIG_REV="2022-02-11" CLIXON_CONFIG_REV="2022-03-21"
CLIXON_RESTCONF_REV="2021-05-20" CLIXON_RESTCONF_REV="2022-03-21"
CLIXON_EXAMPLE_REV="2020-12-01" CLIXON_EXAMPLE_REV="2020-12-01"
# Length of TSL RSA key # Length of TSL RSA key

30
test/lib.sh
View file

@ -228,6 +228,8 @@ fi
# Args: # Args:
# 1: auth-type (one of none, client-cert, user) # 1: auth-type (one of none, client-cert, user)
# 2: pretty (if true pretty-print restconf return values) # 2: pretty (if true pretty-print restconf return values)
# [3: proto: http or https]
# [4: http_data: true or false] # Note feature http-data must be enabled
# Note, if AUTH=none then FEATURE clixon-restconf:allow-auth-none must be enabled # Note, if AUTH=none then FEATURE clixon-restconf:allow-auth-none must be enabled
# Note if https, check if server cert/key exists, if not generate them # Note if https, check if server cert/key exists, if not generate them
function restconf_config() function restconf_config()
@ -235,12 +237,25 @@ function restconf_config()
AUTH=$1 AUTH=$1
PRETTY=$2 PRETTY=$2
if [ false -a ${WITH_RESTCONF} = "fcgi" ]; then # Change this to fixed parameters
echo "<CLICON_FEATURE>clixon-restconf:fcgi</CLICON_FEATURE><restconf><enable>true</enable><auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><debug>$DBG</debug></restconf>" if [ $# -gt 2 ]; then
proto=$3
else else
FEATURES="<CLICON_FEATURE>clixon-restconf:fcgi</CLICON_FEATURE>" proto=$RCPROTO
if [ $RCPROTO = http ]; then fi
echo "${FEATURES}<restconf><enable>true</enable><auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><debug>$DBG</debug><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket></restconf>" if [ $# -gt 3 ]; then
http_data=$4
else
http_data=false
fi
echo -n "<CLICON_FEATURE>clixon-restconf:fcgi</CLICON_FEATURE>"
if [ $proto = http ]; then
echo -n "<restconf><enable>true</enable>"
if ${http_data}; then
echo -n "<enable-http-data>true</enable-http-data>"
fi
echo "<auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><debug>$DBG</debug><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket></restconf>"
else else
certdir=$dir/certs certdir=$dir/certs
if [ ! -f ${dir}/clixon-server-crt.pem ]; then if [ ! -f ${dir}/clixon-server-crt.pem ]; then
@ -253,8 +268,11 @@ function restconf_config()
cacerts $cakey $cacert cacerts $cakey $cacert
servercerts $cakey $cacert $srvkey $srvcert servercerts $cakey $cacert $srvkey $srvcert
fi fi
echo "${FEATURES}<restconf><enable>true</enable><auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><server-cert-path>${certdir}/clixon-server-crt.pem</server-cert-path><server-key-path>${certdir}/clixon-server-key.pem</server-key-path><server-ca-cert-path>${certdir}/clixon-ca-crt.pem</server-ca-cert-path><debug>$DBG</debug><socket><namespace>default</namespace><address>0.0.0.0</address><port>443</port><ssl>true</ssl></socket></restconf>" echo -n "<restconf><enable>true</enable>"
if ${http_data}; then
echo -n "<enable-http-data>true</enable-http-data>"
fi fi
echo "<auth-type>$AUTH</auth-type><pretty>$PRETTY</pretty><server-cert-path>${certdir}/clixon-server-crt.pem</server-cert-path><server-key-path>${certdir}/clixon-server-key.pem</server-key-path><server-ca-cert-path>${certdir}/clixon-ca-crt.pem</server-ca-cert-path><debug>$DBG</debug><socket><namespace>default</namespace><address>0.0.0.0</address><port>443</port><ssl>true</ssl></socket></restconf>"
fi fi
} }

138
test/test_http_data.sh
View file

@ -1,5 +1,10 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Simple web data # Simple http data test
# Create an html and css file
# Get them via http and https
# Send options and head request
# Errors: not found, post,
# XXX: feature disabled
# Magic line must be first in script (see README.md) # Magic line must be first in script (see README.md)
s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
@ -7,9 +12,8 @@ s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
APPNAME=example APPNAME=example
cfg=$dir/conf.xml cfg=$dir/conf.xml
wdir=$dir/www rm -rf $dir/www
rm -rf $wdir mkdir $dir/www
mkdir $wdir
# Does not work with fcgi # Does not work with fcgi
if [ "${WITH_RESTCONF}" = "fcgi" ]; then if [ "${WITH_RESTCONF}" = "fcgi" ]; then
@ -17,40 +21,8 @@ if [ "${WITH_RESTCONF}" = "fcgi" ]; then
if [ "$s" = $0 ]; then exit 0; else return 0; fi if [ "$s" = $0 ]; then exit 0; else return 0; fi
fi fi
RESTCONFIG=$(restconf_config none false)
# Clixon config
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_FEATURE>clixon-restconf:http-data</CLICON_FEATURE>
<CLICON_YANG_DIR>${YANG_INSTALLDIR}</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>
<CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
<CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>
<CLICON_RESTCONF_DIR>/usr/local/lib/$APPNAME/restconf</CLICON_RESTCONF_DIR>
<CLICON_HTTP_DATA_PATH>/data</CLICON_HTTP_DATA_PATH>
<CLICON_HTTP_DATA_ROOT>$wdir</CLICON_HTTP_DATA_ROOT>
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
<CLICON_RESTCONF_HTTP2_PLAIN>true</CLICON_RESTCONF_HTTP2_PLAIN>
$RESTCONFIG
</clixon-config>
EOF
# Host setup:
# <CLICON_HTTP_DATA_PATH>/</CLICON_HTTP_DATA_PATH>
# <CLICON_HTTP_DATA_ROOT>/var/www/html</CLICON_HTTP_DATA_ROOT>
# Data file # Data file
cat <<EOF > $wdir/index.html cat <<EOF > $dir/www/index.html
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
@ -71,7 +43,7 @@ working. Further configuration is required.</p>
</html> </html>
EOF EOF
cat <<EOF > $wdir/example.css cat <<EOF > $dir/www/example.css
img { img {
display: inline; display: inline;
border: border:
@ -95,6 +67,45 @@ h1,h2,h3,h4,h5,h6 {
} }
EOF EOF
# Http test routine with arguments:
# 1. proto:http/https
function testrun()
{
proto=$1 # http/https
enable=$2 # true/false
RESTCONFIG=$(restconf_config none false $proto $enable)
datapath=/data
wdir=$dir/www
# Host setup:
# datapath=/
# wdir=/var/www/html
# Clixon config
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>clixon-restconf:allow-auth-none</CLICON_FEATURE> <!-- Use auth-type=none -->
<CLICON_FEATURE>clixon-restconf:http-data</CLICON_FEATURE>
<CLICON_YANG_DIR>${YANG_INSTALLDIR}</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MAIN_DIR>$dir</CLICON_YANG_MAIN_DIR>
<CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
<CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>
<CLICON_RESTCONF_DIR>/usr/local/lib/$APPNAME/restconf</CLICON_RESTCONF_DIR>
<CLICON_HTTP_DATA_PATH>$datapath</CLICON_HTTP_DATA_PATH>
<CLICON_HTTP_DATA_ROOT>$wdir</CLICON_HTTP_DATA_ROOT>
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>/usr/local/var/$APPNAME</CLICON_XMLDB_DIR>
<CLICON_RESTCONF_HTTP2_PLAIN>true</CLICON_RESTCONF_HTTP2_PLAIN>
$RESTCONFIG
</clixon-config>
EOF
new "test params: -f $cfg" new "test params: -f $cfg"
if [ $BE -ne 0 ]; then if [ $BE -ne 0 ]; then
@ -121,25 +132,38 @@ if [ $RC -ne 0 ]; then
fi fi
new "wait restconf" new "wait restconf"
wait_restconf wait_restconf $proto
# echo "curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/index.html"
if $enable; then
new "WWW get html" new "WWW get html"
expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $RCPROTO://localhost/data/index.html)" 0 "HTTP/$HVER 200" "Content-Type: text/html" "<title>Welcome to Clixon!</title>" expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/index.html)" 0 "HTTP/$HVER 200" "Content-Type: text/html" "<title>Welcome to Clixon!</title>"
else
new "WWW get html, not enabled, expect bad request"
expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/index.html)" 0 "HTTP/$HVER 400"
return
fi
new "WWW get css" new "WWW get css"
expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $RCPROTO://localhost/data/example.css)" 0 "HTTP/$HVER 200" "Content-Type: text/css" "display: inline;" --not-- "Content-Type: text/html" expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/example.css)" 0 "HTTP/$HVER 200" "Content-Type: text/css" "display: inline;" --not-- "Content-Type: text/html"
new "WWW head" new "WWW head"
expectpart "$(curl $CURLOPTS --head -H 'Accept: text/html' $RCPROTO://localhost/data/index.html)" 0 "HTTP/$HVER 200" "Content-Type: text/html" --not-- "<title>Welcome to Clixon!</title>" expectpart "$(curl $CURLOPTS --head -H 'Accept: text/html' $proto://localhost/data/index.html)" 0 "HTTP/$HVER 200" "Content-Type: text/html" --not-- "<title>Welcome to Clixon!</title>"
new "WWW options" new "WWW options"
expectpart "$(curl $CURLOPTS -X OPTIONS $RCPROTO://localhost/data/index.html)" 0 "HTTP/$HVER 200" "allow: OPTIONS,HEAD,GET" expectpart "$(curl $CURLOPTS -X OPTIONS $proto://localhost/data/index.html)" 0 "HTTP/$HVER 200" "allow: OPTIONS,HEAD,GET"
# negative errors
new "WWW get http not found" new "WWW get http not found"
expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $RCPROTO://localhost/data/notfound.html)" 0 "HTTP/$HVER 404" "Content-Type: text/html" "<title>404 Not Found</title>" expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/notfound.html)" 0 "HTTP/$HVER 404" "Content-Type: text/html" "<title>404 Not Found</title>"
new "WWW post not allowed" new "WWW post not allowed"
expectpart "$(curl $CURLOPTS -X POST -H 'Accept: text/html' -H "Content-Type: application/yang-data+json" -d '{"ietf-interfaces:interfaces":{"interface":{"name":"eth/0/0","type":"clixon-example:eth","enabled":true}}}' $RCPROTO://localhost/data/notfound.html)" 0 "HTTP/$HVER 405" "Content-Type: text/html" "<title>405 Method Not Allowed</title>" expectpart "$(curl $CURLOPTS -X POST -H 'Accept: text/html' -H "Content-Type: application/yang-data+json" -d '{"ietf-interfaces:interfaces":{"interface":{"name":"eth/0/0","type":"clixon-example:eth","enabled":true}}}' $proto://localhost/data/notfound.html)" 0 "HTTP/$HVER 405" "Content-Type: text/html" "<title>405 Method Not Allowed</title>"
if [ $RC -ne 0 ]; then
new "Kill restconf daemon"
stop_restconf
fi
if [ $BE -ne 0 ]; then if [ $BE -ne 0 ]; then
new "Kill backend" new "Kill backend"
@ -151,6 +175,30 @@ if [ $BE -ne 0 ]; then
# kill backend # kill backend
stop_backend -f $cfg stop_backend -f $cfg
fi fi
}
protos=
# Go thru all combinations of IPv4/IPv6, http/https, local/backend config
if [ "${WITH_RESTCONF}" = "fcgi" ]; then
protos="http"
elif ${HAVE_HTTP1}; then
protos="http" # No plain http for http/2 only
fi
if [ "${WITH_RESTCONF}" = "native" ]; then
# https only relevant for internal (for fcgi: need nginx config)
protos="$protos https"
fi
for proto in $protos; do
for enable in true false; do
new "http-data proto:$proto enabled:$enable"
testrun $proto $enable
done
done
# unset conditional parameters
unset RCPROTO
unset RESTCONFIG
rm -rf $dir rm -rf $dir

3
test/test_restconf.sh
View file

@ -534,6 +534,7 @@ function testrun()
fi fi
} }
protos=
# Go thru all combinations of IPv4/IPv6, http/https, local/backend config # Go thru all combinations of IPv4/IPv6, http/https, local/backend config
if [ "${WITH_RESTCONF}" = "fcgi" ]; then if [ "${WITH_RESTCONF}" = "fcgi" ]; then
protos="http" protos="http"
@ -541,7 +542,7 @@ elif ${HAVE_HTTP1}; then
protos="http" # No plain http for http/2 only protos="http" # No plain http for http/2 only
fi fi
if [ "${WITH_RESTCONF}" = "native" ]; then if [ "${WITH_RESTCONF}" = "native" ]; then
# http only relevant for internal (for fcgi: need nginx config) # https only relevant for internal (for fcgi: need nginx config)
protos="$protos https" protos="$protos https"
fi fi
for proto in $protos; do for proto in $protos; do