experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Restconf authentication callback (ca_auth) signature changed

Browse source 
* Not backward compatible: All uses of the ca-auth callback in restconf plugins must be changed
  * New version is: `int ca_auth(h, req, auth_type, authp, userp)`
    * where `auth_type` is the requested authentication-type (none, client-cert or user-defined)
    * `authp` is the returned authentication flag
    * `userp` is the returned associated authenticated user
    * and the return value is three-valued: -1: Error, 0: ignored, 1: OK
  * For more info see [clixon-docs](https://clixon-docs.readthedocs.io/en/latest/restconf.html)
* New clixon-restconf@2020-12-30.yang revision
This commit is contained in:
Olof hagsand 2021-02-09 21:15:54 +01:00
parent 1f0147f996
commit 710fc76887
54 changed files with 1216 additions and 485 deletions
Download patch file Download diff file Expand all files Collapse all files

42
apps/restconf/restconf_root.c
View file

@ -374,15 +374,15 @@ api_operations(clicon_handle h,
}
/*! Process a /restconf root input, this is the root of the restconf processing
* @param[in] h Clicon handle
* @param[in] req Generic Www handle (can be part of clixon handle)
* @param[in] qvec Query parameters, ie the ?<id>=<val>&<id>=<val> stuff
* @param[in] h Clicon handle
* @param[in] req Generic Www handle (can be part of clixon handle)
* @param[in] qvec Query parameters, ie the ?<id>=<val>&<id>=<val> stuff
* @see api_root_restconf_exact for accessing /restconf/ exact
*/
int
api_root_restconf(clicon_handle h,
void *req,
cvec *qvec)
api_root_restconf(clicon_handle h,
void *req,
cvec *qvec)
{
int retval = -1;
char *request_method = NULL; /* GET,.. */
@ -396,9 +396,8 @@ api_root_restconf(clicon_handle h,
char *media_str = NULL;
restconf_media media_out = YANG_DATA_JSON;
char *indata = NULL;
int authenticated = 0;
cxobj *xret = NULL;
cxobj *xerr;
char *username = NULL;
int ret;
clicon_debug(1, "%s", __FUNCTION__);
if (req == NULL){
@ -426,7 +425,6 @@ api_root_restconf(clicon_handle h,
}
}
clicon_debug(1, "%s ACCEPT: %s %s", __FUNCTION__, media_str, restconf_media_int2str(media_out));
if ((pvec = clicon_strsep(path, "/", &pn)) == NULL)
@ -464,26 +462,10 @@ api_root_restconf(clicon_handle h,
/* If present, check credentials. See "plugin_credentials" in plugin
* See RFC 8040 section 2.5
*/
if ((authenticated = clixon_plugin_auth_all(h, req)) < 0)
if ((ret = restconf_authentication_cb(h, req, pretty, media_out)) < 0)
goto done;
clicon_debug(1, "%s auth:%d %s", __FUNCTION__, authenticated, clicon_username_get(h));
/* If set but no user, set a dummy user */
if (authenticated){
if (clicon_username_get(h) == NULL)
clicon_username_set(h, "none");
}
else{
if (netconf_access_denied_xml(&xret, "protocol", "The requested URL was unauthorized") < 0)
goto done;
if ((xerr = xpath_first(xret, NULL, "//rpc-error")) != NULL){
if (api_return_err(h, req, xerr, pretty, media_out, 0) < 0)
goto done;
goto ok;
}
if (ret == 0)
goto ok;
}
clicon_debug(1, "%s auth2:%d %s", __FUNCTION__, authenticated, clicon_username_get(h));
if (strcmp(api_resource, "yang-library-version")==0){
if (api_yang_library_version(h, req, pretty, media_out) < 0)
goto done;
@ -538,14 +520,14 @@ api_root_restconf(clicon_handle h,
retval = 0;
done:
clicon_debug(1, "%s retval:%d", __FUNCTION__, retval);
if (username)
free(username);
if (pcvec)
cvec_free(pcvec);
if (pvec)
free(pvec);
if (cb)
cbuf_free(cb);
if (xret)
xml_free(xret);
return retval;
}