recover user as config option instead of constant

2019-10-24 20:43:03 +02:00 · 2019-10-24 20:43:03 +02:00 · 84c94b2c0e
commit 84c94b2c0e
parent 44138c0071
9 changed files with 33 additions and 34 deletions
--- a/apps/backend/backend_client.c
+++ b/apps/backend/backend_client.c
@ -1317,9 +1317,8 @@ from_client_hello(clicon_handle       h,
    id =  clicon_session_id_get(h);
    id++;
    clicon_session_id_set(h, id);
-    cprintf(cbret, "<hello><session-id>%lu</session-id></hello>", id);
+    cprintf(cbret, "<hello><session-id>%u</session-id></hello>", id);
    retval = 0;
-    // done:
    return retval;
 }

--- a/apps/restconf/restconf_methods.c
+++ b/apps/restconf/restconf_methods.c
@ -292,7 +292,7 @@ api_data_write(clicon_handle h,
 	goto ok;
    }
    xret = NULL;
-    if (clicon_rpc_get_config(h, NACM_RECOVERY_USER,
+    if (clicon_rpc_get_config(h, clicon_nacm_recovery_user(h),
 			      "candidate", cbuf_get(cbpath), nsc, &xret) < 0){
 	if (netconf_operation_failed_xml(&xerr, "protocol", clicon_err_reason) < 0)
 	    goto done;
@ -612,7 +612,7 @@ api_data_write(clicon_handle h,
    /* commit/discard should be done automaticaly by the system, therefore
     * recovery user is used here (edit-config but not commit may be permitted
     by NACM */
-    cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+    cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
    cprintf(cbx, "<commit/></rpc>");
    if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	goto done;
@ -641,7 +641,7 @@ api_data_write(clicon_handle h,
 	 * consequence of a RESTCONF edit operation.
 	 */
 	cbuf_reset(cbx);
-	cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+	cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
 	cprintf(cbx, "<copy-config><source><running/></source><target><startup/></target></copy-config></rpc>");
 	if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	    goto done;
@ -881,13 +881,13 @@ api_data_delete(clicon_handle h,
    /* commit/discard should be done automatically by the system, therefore
     * recovery user is used here (edit-config but not commit may be permitted
     by NACM */
-    cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+    cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
    cprintf(cbx, "<commit/></rpc>");
    if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	goto done;
    if ((xe = xpath_first(xretcom, "//rpc-error")) != NULL){
 	cbuf_reset(cbx);
-	cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+	cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
 	cprintf(cbx, "<discard-changes/></rpc>");
 	if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretdis, NULL) < 0)
 	    goto done;
@ -910,7 +910,7 @@ api_data_delete(clicon_handle h,
 	 * consequence of a RESTCONF edit operation.
 	 */
 	cbuf_reset(cbx);
-	cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+	cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
 	cprintf(cbx, "<copy-config><source><running/></source><target><startup/></target></copy-config></rpc>");
 	if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	    goto done;
--- a/apps/restconf/restconf_methods_post.c
+++ b/apps/restconf/restconf_methods_post.c
@ -348,7 +348,7 @@ api_data_post(clicon_handle h,
    /* commit/discard should be done automaticaly by the system, therefore
     * recovery user is used here (edit-config but not commit may be permitted
     by NACM */
-    cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+    cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
    cprintf(cbx, "<commit/></rpc>");
    if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	goto done;
@ -377,7 +377,7 @@ api_data_post(clicon_handle h,
 	 * consequence of a RESTCONF edit operation.
 	 */
 	cbuf_reset(cbx);
-	cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+	cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
 	cprintf(cbx, "<copy-config><source><running/></source><target><startup/></target></copy-config></rpc>");
 	if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	    goto done;
--- a/lib/clixon/clixon_nacm.h
+++ b/lib/clixon/clixon_nacm.h
@ -36,15 +36,6 @@
 #ifndef _CLIXON_NACM_H
 #define _CLIXON_NACM_H

-/*
- * Constants
- */
-/* RFC8341 defines a "recovery session" as outside the scope.
- * Clixon defines this user as having special admin rights to expemt from
- * all access control enforcements
- */
-#define NACM_RECOVERY_USER "_nacm_recovery"
-
 /*
 * Types
 */
@ -79,6 +70,6 @@ int nacm_datanode_read(cxobj *xt, cxobj **xvec, size_t xlen, char *username, cxo
 int nacm_datanode_write(cxobj *xt, cxobj *xr, enum nacm_access access,
 			char *username, cxobj *xnacm, cbuf *cbret);
 int nacm_access_pre(clicon_handle h, char *username, enum nacm_point point, cxobj **xnacmp);
-int nacm_access(char *mode, cxobj *xnacmin, char *username);
+int nacm_access(clicon_handle h, char *mode, cxobj *xnacmin, char *username);

 #endif /* _CLIXON_NACM_H */
--- a/lib/src/clixon_datastore_write.c
+++ b/lib/src/clixon_datastore_write.c
@ -1023,7 +1023,7 @@ xmldb_put(clicon_handle       h,
 	(xnacm = xpath_first_nsc(xnacm0, nsc, "nacm")) != NULL){
 	/* Pre-NACM access step, if permit, then dont do any nacm checks in 
 	 * text_modify_* below */
-	if ((permit = nacm_access(mode, xnacm, username)) < 0)
+	if ((permit = nacm_access(h, mode, xnacm, username)) < 0)
 	    goto done;
    }
    /* Here assume if xnacm is set and !permit do NACM */
--- a/lib/src/clixon_nacm.c
+++ b/lib/src/clixon_nacm.c
@ -824,7 +824,7 @@ nacm_datanode_write(cxobj           *xt,
 * @retval  0  OK but not validated. Need to do NACM step using xnacm
 * @retval  1  OK permitted. You do not need to do next NACM step
 * @code
- *   if ((ret = nacm_access(mode, xnacm, username)) < 0)
+ *   if ((ret = nacm_access(h, mode, xnacm, username)) < 0)
 *     err;
 *   if (ret == 0){
 *      // Next step NACM processing
@ -834,9 +834,10 @@ nacm_datanode_write(cxobj           *xt,
 * @see RFC8341 3.4 Access Control Enforcement Procedures
 */
 int
-nacm_access(char          *mode,
-	    cxobj         *xnacm,
-	    char          *username)
+nacm_access(clicon_handle h,
+	    char         *mode,
+	    cxobj        *xnacm,
+	    char         *username)
 {
    int     retval = -1;
    cxobj  *xnacm0 = NULL;
@ -869,7 +870,7 @@ nacm_access(char          *mode,
 	goto permit;
    /* 2.   If the requesting session is identified as a recovery session,
       then the protocol operation is permitted. NYI */
-    if (username && strcmp(username, NACM_RECOVERY_USER) == 0)
+    if (username && strcmp(username, clicon_nacm_recovery_user(h)) == 0)
 	goto permit;

    retval = 0; /* not permitted yet. continue with next NACM step */
@ -943,7 +944,7 @@ nacm_access_pre(clicon_handle  h,
 	goto done;
    xnacm0 = NULL;
    /* Initial NACM steps and common to all NACM access validation. */
-    if ((retval = nacm_access(mode, xnacm, username)) < 0)
+    if ((retval = nacm_access(h, mode, xnacm, username)) < 0)
 	goto done;
    if (retval == 0){ /* if retval == 0 then return an xml nacm tree */
 	*xnacmp = xnacm;
--- a/lib/src/clixon_proto_client.c
+++ b/lib/src/clixon_proto_client.c
@ -963,7 +963,6 @@ clicon_hello_req(clicon_handle h,
 	clicon_err(OE_XML, errno, "parse_uint32"); 
 	goto done;
    }
-    fprintf(stderr, "id:%lu\n", *id);
    retval = 0;
 done:
    if (msg)
--- a/test/test_sock.sh
+++ b/test/test_sock.sh
@ -5,6 +5,9 @@
 # Magic line must be first in script (see README.md)
 s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi

+# Raw unit tester of backend unix socket
+: ${clixon_util_socket:=clixon_util_socket}
+
 #
 # client <---> backend
 #          ^ is unix, ipv4, ipv6 socket
@ -18,11 +21,11 @@ fyang=$dir/socket.yang
 # check socket works
 # 1: UNIX|IPv4|IPv6
 # 2: unix file or ipv4 address or ipv6 address
-# 3: sock port (if ipv4 or ipv6)
+# 3: session-id
 testrun(){
    family=$1
    sock=$2
-    port=$3
+    id=$3
    
 cat <<EOF > $cfg
 <clixon-config xmlns="http://clicon.org/config">
@ -31,7 +34,7 @@ cat <<EOF > $cfg
  <CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
  <CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>
  <CLICON_SOCK_FAMILY>$family</CLICON_SOCK_FAMILY>
-  <CLICON_SOCK_PORT>$port</CLICON_SOCK_PORT>
+  <CLICON_SOCK_PORT>4535</CLICON_SOCK_PORT>
  <CLICON_SOCK>$sock</CLICON_SOCK>
  <CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
  <CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
@ -56,6 +59,12 @@ EOF

    new "$clixon_cli -1f $cfg show version"
    expectfn "$clixon_cli -1f $cfg show version" 0 "$version."
+ 
+    new "hello session-id 1"
+    expecteof "$clixon_util_socket -a $family -s $sock -D $DBG" 0 "<hello/>" "<hello><session-id>1</session-id></hello>"
+
+    new "hello session-id 2"
+    expecteof "$clixon_util_socket -a $family -s $sock -D $DBG" 0 "<hello/>" "<hello><session-id>2</session-id></hello>"

    if [ $BE -ne 0 ]; then
 	new "Kill backend"
@ -70,10 +79,10 @@ EOF
 }

 new "Unix socket"
-testrun UNIX $dir/sock 0
+testrun UNIX $dir/sock 

 new "IPv4 socket"
-testrun IPv4 127.0.0.1 7878
+testrun IPv4 127.0.0.1 

 #new "IPv6 socket" NYI
 #testrun IPv6 ::1 7878
--- a/yang/clixon/clixon-config@2019-09-11.yang
+++ b/yang/clixon/clixon-config@2019-09-11.yang
@ -586,7 +586,7 @@ module clixon-config {
 	    type string;
 	    default "_nacm_recovery";
 	    description
-		"C8341 defines a 'recovery session' as outside the scope. Clixon
+		"RFC8341 defines a 'recovery session' as outside the scope. Clixon
                 defines this user as having special admin rights to exempt from
                 all access control enforcements.
                 Note setting of CLICON_NACM_CREDENTIALS is important, if set to