* Experimental NACM RFC8341 Network Configuration Access Control Model.

* CLICON_NACM_MODE config option, default is disabled. * Added username attribute to all rpc:s from frontend to backend * Added NACM backend module in example
2018-04-19 22:44:15 +02:00 · 2018-04-19 22:44:15 +02:00 · 7650803475
commit 7650803475
parent 04a3f4db1b
32 changed files with 908 additions and 274 deletions
--- a/apps/cli/cli_main.c
+++ b/apps/cli/cli_main.c
@ -53,6 +53,7 @@
 #include <sys/stat.h>
 #include <sys/param.h>
 #include <netinet/in.h>
+#include <pwd.h>
 #include <assert.h>
 #include <libgen.h>

@ -243,17 +244,24 @@ main(int argc, char **argv)
    char        *restarg = NULL; /* what remains after options */
    int          dump_configfile_xml = 0;
    yang_spec   *yspec;
+    struct passwd *pw;
    
    /* Defaults */
+    once = 0;
+
    /* In the startup, logs to stderr & debug flag set later */
    clicon_log_init(__PROGRAM__, LOG_INFO, logdst); 
    /* Initiate CLICON handle */
    if ((h = cli_handle_init()) == NULL)
 	goto done;
-
-    if (cli_plugin_init(h) != 0) 
+    /* Set username to clicon handle. Use in all communication to backend */
+    if ((pw = getpwuid(getuid())) == NULL){
+	clicon_err(OE_UNIX, errno, "getpwuid");
 	goto done;
-    once = 0;
+    }
+    if (clicon_username_set(h, pw->pw_name) < 0)
+	goto done;
+
    cligen_comment_set(cli_cligen(h), '#'); /* Default to handle #! clicon_cli scripts */

    /*
--- a/apps/cli/cli_plugin.c
+++ b/apps/cli/cli_plugin.c
@ -346,7 +346,7 @@ cli_syntax_load (clicon_handle h)

    /* Load cli plugins */
    if (plugin_dir &&
-	clixon_plugins_load(h, CLIXON_PLUGIN_INIT, plugin_dir)< 0)
+	clixon_plugins_load(h, CLIXON_PLUGIN_INIT, plugin_dir, NULL)< 0)
 	goto done;
    if (clispec_file){
 	if (cli_load_syntax(h, clispec_file, NULL) < 0)
@ -606,15 +606,6 @@ clicon_cliread(clicon_handle h)
    return ret;
 }

-/*! Initialize plugin code (not the plugins themselves)
- * @param[in]     h       Clicon handle
- */
-int
-cli_plugin_init(clicon_handle h)
-{
-    return 0;
-}
-
 /*
 *
 * CLI PLUGIN INTERFACE, PUBLIC SECTION
--- a/apps/cli/cli_plugin.h
+++ b/apps/cli/cli_plugin.h
@ -63,8 +63,6 @@ typedef struct  {

 void *clixon_str2fn(char *name, void *handle, char **error);

-int cli_plugin_init(clicon_handle h);
-
 int clicon_eval(clicon_handle h, char *cmd, cg_obj *match_obj, cvec *vr);

 int clicon_parse(clicon_handle h, char *cmd, char **mode, int *result);
--- a/apps/cli/cli_show.c
+++ b/apps/cli/cli_show.c
@ -120,7 +120,8 @@ expand_dbvar(void   *h,
    yang_stmt       *ypath;
    cxobj           *xcur;
    char            *xpathcur;
-
+    char            *reason = NULL;
+    
    if (argv == NULL || cvec_len(argv) != 2){
 	clicon_err(OE_PLUGIN, 0, "%s: requires arguments: <db> <xmlkeyfmt>",
 		   __FUNCTION__);
@ -190,8 +191,12 @@ expand_dbvar(void   *h,
 		goto done;
 	    }
 	    xpathcur = ypath->ys_argument;
-	    if (xml_merge(xt, xtop, yspec) < 0) /* Merge xtop into xt */
+	    if (xml_merge(xt, xtop, yspec, &reason) < 0) /* Merge xtop into xt */
 		goto done;
+	    if (reason){
+		cli_output(stderr, "%s\n", reason);
+		goto done;
+	    }	    
 	    if ((xcur = xpath_first(xt, xpath)) == NULL){
 		clicon_err(OE_DB, 0, "xpath %s should return merged content", xpath);
 		goto done;
@ -241,6 +246,8 @@ expand_dbvar(void   *h,
 ok:
    retval = 0;
  done:
+    if (reason)
+	free(reason);
    if (api_path)
 	free(api_path);
    if (xvec)