* Top-level default leafs assigned.
* Enforcing RFC 7950 Sec 7.6.1 means unassigned top-level leafs (or leafs under non-presence containers) are assigned default values. * NACM default behaviour is read-only (empty configs are dead-lockedd) * This applies if NACM is loaded and `CLICON_NACM_MODE` is `internal` * Fixed: [default values don't show up in datastores #111](https://github.com/clicon/clixon/issues/111)
This commit is contained in:
Olof hagsand
parent
65733ffe69
commit
794d51a365
30 changed files with 593 additions and 167 deletions
|
|
@ -1100,7 +1100,9 @@ nacm_access(clicon_handle h,
|
|||
/* Do initial nacm processing common to all access validation in
|
||||
* RFC8341 3.4 */
|
||||
/* 1. If the "enable-nacm" leaf is set to "false", then the protocol
|
||||
operation is permitted. */
|
||||
* operation is permitted.
|
||||
* note option CLICON_NACM_DISABLED_ON_EMPTY
|
||||
*/
|
||||
if ((x = xpath_first(xnacm, nsc, "enable-nacm")) == NULL)
|
||||
goto permit;
|
||||
enabled = xml_body(x);
|
||||
|
|
@ -1155,6 +1157,7 @@ nacm_access_pre(clicon_handle h,
|
|||
cxobj *xnacm = NULL;
|
||||
cvec *nsc = NULL;
|
||||
|
||||
/* Check clixon option: disabled, external tree or internal */
|
||||
mode = clicon_option_str(h, "CLICON_NACM_MODE");
|
||||
if (mode == NULL)
|
||||
goto permit;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue