From 84c94b2c0ee2c8cd5ecaf8cb4a5131c1b9a4d8b6 Mon Sep 17 00:00:00 2001 From: Olof hagsand Date: Thu, 24 Oct 2019 20:43:03 +0200 Subject: [PATCH] recover user as config option instead of constant --- apps/backend/backend_client.c | 3 +-- apps/restconf/restconf_methods.c | 12 ++++++------ apps/restconf/restconf_methods_post.c | 4 ++-- lib/clixon/clixon_nacm.h | 11 +---------- lib/src/clixon_datastore_write.c | 2 +- lib/src/clixon_nacm.c | 13 +++++++------ lib/src/clixon_proto_client.c | 1 - test/test_sock.sh | 19 ++++++++++++++----- yang/clixon/clixon-config@2019-09-11.yang | 2 +- 9 files changed, 33 insertions(+), 34 deletions(-) diff --git a/apps/backend/backend_client.c b/apps/backend/backend_client.c index caa00ae9..8a379c0d 100644 --- a/apps/backend/backend_client.c +++ b/apps/backend/backend_client.c @@ -1317,9 +1317,8 @@ from_client_hello(clicon_handle h, id = clicon_session_id_get(h); id++; clicon_session_id_set(h, id); - cprintf(cbret, "%lu", id); + cprintf(cbret, "%u", id); retval = 0; - // done: return retval; } diff --git a/apps/restconf/restconf_methods.c b/apps/restconf/restconf_methods.c index c0cca915..0ecf18f4 100644 --- a/apps/restconf/restconf_methods.c +++ b/apps/restconf/restconf_methods.c @@ -292,7 +292,7 @@ api_data_write(clicon_handle h, goto ok; } xret = NULL; - if (clicon_rpc_get_config(h, NACM_RECOVERY_USER, + if (clicon_rpc_get_config(h, clicon_nacm_recovery_user(h), "candidate", cbuf_get(cbpath), nsc, &xret) < 0){ if (netconf_operation_failed_xml(&xerr, "protocol", clicon_err_reason) < 0) goto done; @@ -612,7 +612,7 @@ api_data_write(clicon_handle h, /* commit/discard should be done automaticaly by the system, therefore * recovery user is used here (edit-config but not commit may be permitted by NACM */ - cprintf(cbx, "", NACM_RECOVERY_USER); + cprintf(cbx, "", clicon_nacm_recovery_user(h)); cprintf(cbx, ""); if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0) goto done; @@ -641,7 +641,7 @@ api_data_write(clicon_handle h, * consequence of a RESTCONF edit operation. */ cbuf_reset(cbx); - cprintf(cbx, "", NACM_RECOVERY_USER); + cprintf(cbx, "", clicon_nacm_recovery_user(h)); cprintf(cbx, ""); if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0) goto done; @@ -881,13 +881,13 @@ api_data_delete(clicon_handle h, /* commit/discard should be done automatically by the system, therefore * recovery user is used here (edit-config but not commit may be permitted by NACM */ - cprintf(cbx, "", NACM_RECOVERY_USER); + cprintf(cbx, "", clicon_nacm_recovery_user(h)); cprintf(cbx, ""); if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0) goto done; if ((xe = xpath_first(xretcom, "//rpc-error")) != NULL){ cbuf_reset(cbx); - cprintf(cbx, "", NACM_RECOVERY_USER); + cprintf(cbx, "", clicon_nacm_recovery_user(h)); cprintf(cbx, ""); if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretdis, NULL) < 0) goto done; @@ -910,7 +910,7 @@ api_data_delete(clicon_handle h, * consequence of a RESTCONF edit operation. */ cbuf_reset(cbx); - cprintf(cbx, "", NACM_RECOVERY_USER); + cprintf(cbx, "", clicon_nacm_recovery_user(h)); cprintf(cbx, ""); if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0) goto done; diff --git a/apps/restconf/restconf_methods_post.c b/apps/restconf/restconf_methods_post.c index b3cd7ec5..c7700f41 100644 --- a/apps/restconf/restconf_methods_post.c +++ b/apps/restconf/restconf_methods_post.c @@ -348,7 +348,7 @@ api_data_post(clicon_handle h, /* commit/discard should be done automaticaly by the system, therefore * recovery user is used here (edit-config but not commit may be permitted by NACM */ - cprintf(cbx, "", NACM_RECOVERY_USER); + cprintf(cbx, "", clicon_nacm_recovery_user(h)); cprintf(cbx, ""); if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0) goto done; @@ -377,7 +377,7 @@ api_data_post(clicon_handle h, * consequence of a RESTCONF edit operation. */ cbuf_reset(cbx); - cprintf(cbx, "", NACM_RECOVERY_USER); + cprintf(cbx, "", clicon_nacm_recovery_user(h)); cprintf(cbx, ""); if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0) goto done; diff --git a/lib/clixon/clixon_nacm.h b/lib/clixon/clixon_nacm.h index 83997de6..b1b94831 100644 --- a/lib/clixon/clixon_nacm.h +++ b/lib/clixon/clixon_nacm.h @@ -36,15 +36,6 @@ #ifndef _CLIXON_NACM_H #define _CLIXON_NACM_H -/* - * Constants - */ -/* RFC8341 defines a "recovery session" as outside the scope. - * Clixon defines this user as having special admin rights to expemt from - * all access control enforcements - */ -#define NACM_RECOVERY_USER "_nacm_recovery" - /* * Types */ @@ -79,6 +70,6 @@ int nacm_datanode_read(cxobj *xt, cxobj **xvec, size_t xlen, char *username, cxo int nacm_datanode_write(cxobj *xt, cxobj *xr, enum nacm_access access, char *username, cxobj *xnacm, cbuf *cbret); int nacm_access_pre(clicon_handle h, char *username, enum nacm_point point, cxobj **xnacmp); -int nacm_access(char *mode, cxobj *xnacmin, char *username); +int nacm_access(clicon_handle h, char *mode, cxobj *xnacmin, char *username); #endif /* _CLIXON_NACM_H */ diff --git a/lib/src/clixon_datastore_write.c b/lib/src/clixon_datastore_write.c index 3f4ef5c7..8ddc69fb 100644 --- a/lib/src/clixon_datastore_write.c +++ b/lib/src/clixon_datastore_write.c @@ -1023,7 +1023,7 @@ xmldb_put(clicon_handle h, (xnacm = xpath_first_nsc(xnacm0, nsc, "nacm")) != NULL){ /* Pre-NACM access step, if permit, then dont do any nacm checks in * text_modify_* below */ - if ((permit = nacm_access(mode, xnacm, username)) < 0) + if ((permit = nacm_access(h, mode, xnacm, username)) < 0) goto done; } /* Here assume if xnacm is set and !permit do NACM */ diff --git a/lib/src/clixon_nacm.c b/lib/src/clixon_nacm.c index 8ba668a7..3e2848e1 100644 --- a/lib/src/clixon_nacm.c +++ b/lib/src/clixon_nacm.c @@ -824,7 +824,7 @@ nacm_datanode_write(cxobj *xt, * @retval 0 OK but not validated. Need to do NACM step using xnacm * @retval 1 OK permitted. You do not need to do next NACM step * @code - * if ((ret = nacm_access(mode, xnacm, username)) < 0) + * if ((ret = nacm_access(h, mode, xnacm, username)) < 0) * err; * if (ret == 0){ * // Next step NACM processing @@ -834,9 +834,10 @@ nacm_datanode_write(cxobj *xt, * @see RFC8341 3.4 Access Control Enforcement Procedures */ int -nacm_access(char *mode, - cxobj *xnacm, - char *username) +nacm_access(clicon_handle h, + char *mode, + cxobj *xnacm, + char *username) { int retval = -1; cxobj *xnacm0 = NULL; @@ -869,7 +870,7 @@ nacm_access(char *mode, goto permit; /* 2. If the requesting session is identified as a recovery session, then the protocol operation is permitted. NYI */ - if (username && strcmp(username, NACM_RECOVERY_USER) == 0) + if (username && strcmp(username, clicon_nacm_recovery_user(h)) == 0) goto permit; retval = 0; /* not permitted yet. continue with next NACM step */ @@ -943,7 +944,7 @@ nacm_access_pre(clicon_handle h, goto done; xnacm0 = NULL; /* Initial NACM steps and common to all NACM access validation. */ - if ((retval = nacm_access(mode, xnacm, username)) < 0) + if ((retval = nacm_access(h, mode, xnacm, username)) < 0) goto done; if (retval == 0){ /* if retval == 0 then return an xml nacm tree */ *xnacmp = xnacm; diff --git a/lib/src/clixon_proto_client.c b/lib/src/clixon_proto_client.c index f2b73403..785b1eb0 100644 --- a/lib/src/clixon_proto_client.c +++ b/lib/src/clixon_proto_client.c @@ -963,7 +963,6 @@ clicon_hello_req(clicon_handle h, clicon_err(OE_XML, errno, "parse_uint32"); goto done; } - fprintf(stderr, "id:%lu\n", *id); retval = 0; done: if (msg) diff --git a/test/test_sock.sh b/test/test_sock.sh index a2e62054..d82c53bd 100755 --- a/test/test_sock.sh +++ b/test/test_sock.sh @@ -5,6 +5,9 @@ # Magic line must be first in script (see README.md) s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi +# Raw unit tester of backend unix socket +: ${clixon_util_socket:=clixon_util_socket} + # # client <---> backend # ^ is unix, ipv4, ipv6 socket @@ -18,11 +21,11 @@ fyang=$dir/socket.yang # check socket works # 1: UNIX|IPv4|IPv6 # 2: unix file or ipv4 address or ipv6 address -# 3: sock port (if ipv4 or ipv6) +# 3: session-id testrun(){ family=$1 sock=$2 - port=$3 + id=$3 cat < $cfg @@ -31,7 +34,7 @@ cat < $cfg /usr/local/share/clixon clixon-example $family - $port + 4535 $sock /usr/local/lib/$APPNAME/clispec /usr/local/lib/$APPNAME/cli @@ -56,6 +59,12 @@ EOF new "$clixon_cli -1f $cfg show version" expectfn "$clixon_cli -1f $cfg show version" 0 "$version." + + new "hello session-id 1" + expecteof "$clixon_util_socket -a $family -s $sock -D $DBG" 0 "" "1" + + new "hello session-id 2" + expecteof "$clixon_util_socket -a $family -s $sock -D $DBG" 0 "" "2" if [ $BE -ne 0 ]; then new "Kill backend" @@ -70,10 +79,10 @@ EOF } new "Unix socket" -testrun UNIX $dir/sock 0 +testrun UNIX $dir/sock new "IPv4 socket" -testrun IPv4 127.0.0.1 7878 +testrun IPv4 127.0.0.1 #new "IPv6 socket" NYI #testrun IPv6 ::1 7878 diff --git a/yang/clixon/clixon-config@2019-09-11.yang b/yang/clixon/clixon-config@2019-09-11.yang index dc014559..7eb343cd 100644 --- a/yang/clixon/clixon-config@2019-09-11.yang +++ b/yang/clixon/clixon-config@2019-09-11.yang @@ -586,7 +586,7 @@ module clixon-config { type string; default "_nacm_recovery"; description - "C8341 defines a 'recovery session' as outside the scope. Clixon + "RFC8341 defines a 'recovery session' as outside the scope. Clixon defines this user as having special admin rights to exempt from all access control enforcements. Note setting of CLICON_NACM_CREDENTIALS is important, if set to