experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Confirmed-commit handle drop privileges

Browse source 
Create and drop priv of rollback datastore on startup
Reverted xmldb to truncate instead of deleting datastores due to privileges drop
This commit is contained in:
Olof hagsand 2022-10-26 14:34:51 +02:00
parent ba48521d99
commit 7976303ef2
4 changed files with 89 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

24
apps/backend/backend_main.c
View file

@ -280,7 +280,8 @@ xmldb_drop_priv(clicon_handle h,
*/
static int
check_drop_priv(clicon_handle h,
gid_t gid)
gid_t gid,
yang_stmt *yspec)
{
int retval = -1;
uid_t uid;
@ -288,7 +289,6 @@ check_drop_priv(clicon_handle h,
enum priv_mode_t priv_mode = PM_NONE;
char *backend_user = NULL;
/* Get privileges mode (for dropping privileges) */
if ((priv_mode = clicon_backend_privileges_mode(h)) == PM_NONE)
goto ok;
@ -325,12 +325,20 @@ check_drop_priv(clicon_handle h,
goto done;
if (xmldb_drop_priv(h, "candidate", newuid, gid) < 0)
goto done;
if (xmldb_exists(h, "startup") != 1)
if (xmldb_create(h, "startup") < 0)
if (if_feature(yspec, "ietf-netconf", "startup")) {
if (xmldb_exists(h, "startup") != 1)
if (xmldb_create(h, "startup") < 0)
goto done;
if (xmldb_drop_priv(h, "startup", newuid, gid) < 0)
goto done;
if (xmldb_drop_priv(h, "startup", newuid, gid) < 0)
goto done;
}
if (if_feature(yspec, "ietf-netconf", "confirmed-commit")) {
if (xmldb_exists(h, "rollback") != 1)
if (xmldb_create(h, "rollback") < 0)
goto done;
if (xmldb_drop_priv(h, "rollback", newuid, gid) < 0)
goto done;
}
if (setgid(gid) == -1) {
clicon_err(OE_DAEMON, errno, "setgid %d", gid);
goto done;
@ -1041,7 +1049,7 @@ main(int argc,
clicon_option_dump(h, dbg);
/* Depending on configure setting, privileges may be dropped here after
* initializations */
if (check_drop_priv(h, gid) < 0)
if (check_drop_priv(h, gid, yspec) < 0)
goto done;
/* Start session-id for clients */