recover user as config option instead of constant

apps/backend/backend_client.c

@@ -1317,9 +1317,8 @@ from_client_hello(clicon_handle       h,
     id =  clicon_session_id_get(h);
     id++;
     clicon_session_id_set(h, id);
-    cprintf(cbret, "<hello><session-id>%lu</session-id></hello>", id);
+    cprintf(cbret, "<hello><session-id>%u</session-id></hello>", id);
     retval = 0;
-    // done:
     return retval;
 }
 

apps/restconf/restconf_methods.c

@@ -292,7 +292,7 @@ api_data_write(clicon_handle h,
 	goto ok;
     }
     xret = NULL;
-    if (clicon_rpc_get_config(h, NACM_RECOVERY_USER,
+    if (clicon_rpc_get_config(h, clicon_nacm_recovery_user(h),
 			      "candidate", cbuf_get(cbpath), nsc, &xret) < 0){
 	if (netconf_operation_failed_xml(&xerr, "protocol", clicon_err_reason) < 0)
 	    goto done;
@@ -612,7 +612,7 @@ api_data_write(clicon_handle h,
     /* commit/discard should be done automaticaly by the system, therefore
      * recovery user is used here (edit-config but not commit may be permitted
      by NACM */
-    cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+    cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
     cprintf(cbx, "<commit/></rpc>");
     if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	goto done;
@@ -641,7 +641,7 @@ api_data_write(clicon_handle h,
 	 * consequence of a RESTCONF edit operation.
 	 */
 	cbuf_reset(cbx);
-	cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+	cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
 	cprintf(cbx, "<copy-config><source><running/></source><target><startup/></target></copy-config></rpc>");
 	if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	    goto done;
@@ -881,13 +881,13 @@ api_data_delete(clicon_handle h,
     /* commit/discard should be done automatically by the system, therefore
      * recovery user is used here (edit-config but not commit may be permitted
      by NACM */
-    cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+    cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
     cprintf(cbx, "<commit/></rpc>");
     if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	goto done;
     if ((xe = xpath_first(xretcom, "//rpc-error")) != NULL){
 	cbuf_reset(cbx);
-	cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+	cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
 	cprintf(cbx, "<discard-changes/></rpc>");
 	if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretdis, NULL) < 0)
 	    goto done;
@@ -910,7 +910,7 @@ api_data_delete(clicon_handle h,
 	 * consequence of a RESTCONF edit operation.
 	 */
 	cbuf_reset(cbx);
-	cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+	cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
 	cprintf(cbx, "<copy-config><source><running/></source><target><startup/></target></copy-config></rpc>");
 	if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	    goto done;

apps/restconf/restconf_methods_post.c

@@ -348,7 +348,7 @@ api_data_post(clicon_handle h,
     /* commit/discard should be done automaticaly by the system, therefore
      * recovery user is used here (edit-config but not commit may be permitted
      by NACM */
-    cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+    cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
     cprintf(cbx, "<commit/></rpc>");
     if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	goto done;
@@ -377,7 +377,7 @@ api_data_post(clicon_handle h,
 	 * consequence of a RESTCONF edit operation.
 	 */
 	cbuf_reset(cbx);
-	cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
+	cprintf(cbx, "<rpc username=\"%s\">", clicon_nacm_recovery_user(h));
 	cprintf(cbx, "<copy-config><source><running/></source><target><startup/></target></copy-config></rpc>");
 	if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
 	    goto done;

lib/clixon/clixon_nacm.h

@@ -36,15 +36,6 @@
 #ifndef _CLIXON_NACM_H
 #define _CLIXON_NACM_H
 
-/*
- * Constants
- */
-/* RFC8341 defines a "recovery session" as outside the scope.
- * Clixon defines this user as having special admin rights to expemt from
- * all access control enforcements
- */
-#define NACM_RECOVERY_USER "_nacm_recovery"
-
 /*
  * Types
  */
@@ -79,6 +70,6 @@ int nacm_datanode_read(cxobj *xt, cxobj **xvec, size_t xlen, char *username, cxo
 int nacm_datanode_write(cxobj *xt, cxobj *xr, enum nacm_access access,
 			char *username, cxobj *xnacm, cbuf *cbret);
 int nacm_access_pre(clicon_handle h, char *username, enum nacm_point point, cxobj **xnacmp);
-int nacm_access(char *mode, cxobj *xnacmin, char *username);
+int nacm_access(clicon_handle h, char *mode, cxobj *xnacmin, char *username);
 
 #endif /* _CLIXON_NACM_H */

lib/src/clixon_datastore_write.c

@@ -1023,7 +1023,7 @@ xmldb_put(clicon_handle       h,
 	(xnacm = xpath_first_nsc(xnacm0, nsc, "nacm")) != NULL){
 	/* Pre-NACM access step, if permit, then dont do any nacm checks in 
 	 * text_modify_* below */
-	if ((permit = nacm_access(mode, xnacm, username)) < 0)
+	if ((permit = nacm_access(h, mode, xnacm, username)) < 0)
 	    goto done;
     }
     /* Here assume if xnacm is set and !permit do NACM */

lib/src/clixon_nacm.c

@@ -824,7 +824,7 @@ nacm_datanode_write(cxobj           *xt,
  * @retval  0  OK but not validated. Need to do NACM step using xnacm
  * @retval  1  OK permitted. You do not need to do next NACM step
  * @code
- *   if ((ret = nacm_access(mode, xnacm, username)) < 0)
+ *   if ((ret = nacm_access(h, mode, xnacm, username)) < 0)
  *     err;
  *   if (ret == 0){
  *      // Next step NACM processing
@@ -834,9 +834,10 @@ nacm_datanode_write(cxobj           *xt,
  * @see RFC8341 3.4 Access Control Enforcement Procedures
  */
 int
-nacm_access(char          *mode,
+nacm_access(clicon_handle h,
-	    cxobj         *xnacm,
+	    char         *mode,
-	    char          *username)
+	    cxobj        *xnacm,
+	    char         *username)
 {
     int     retval = -1;
     cxobj  *xnacm0 = NULL;
@@ -869,7 +870,7 @@ nacm_access(char          *mode,
 	goto permit;
     /* 2.   If the requesting session is identified as a recovery session,
        then the protocol operation is permitted. NYI */
-    if (username && strcmp(username, NACM_RECOVERY_USER) == 0)
+    if (username && strcmp(username, clicon_nacm_recovery_user(h)) == 0)
 	goto permit;
 
     retval = 0; /* not permitted yet. continue with next NACM step */
@@ -943,7 +944,7 @@ nacm_access_pre(clicon_handle  h,
 	goto done;
     xnacm0 = NULL;
     /* Initial NACM steps and common to all NACM access validation. */
-    if ((retval = nacm_access(mode, xnacm, username)) < 0)
+    if ((retval = nacm_access(h, mode, xnacm, username)) < 0)
 	goto done;
     if (retval == 0){ /* if retval == 0 then return an xml nacm tree */
 	*xnacmp = xnacm;

lib/src/clixon_proto_client.c

@@ -963,7 +963,6 @@ clicon_hello_req(clicon_handle h,
 	clicon_err(OE_XML, errno, "parse_uint32"); 
 	goto done;
     }
-    fprintf(stderr, "id:%lu\n", *id);
     retval = 0;
  done:
     if (msg)

test/test_sock.sh

@@ -5,6 +5,9 @@
 # Magic line must be first in script (see README.md)
 s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
 
+# Raw unit tester of backend unix socket
+: ${clixon_util_socket:=clixon_util_socket}
+
 #
 # client <---> backend
 #          ^ is unix, ipv4, ipv6 socket
@@ -18,11 +21,11 @@ fyang=$dir/socket.yang
 # check socket works
 # 1: UNIX|IPv4|IPv6
 # 2: unix file or ipv4 address or ipv6 address
-# 3: sock port (if ipv4 or ipv6)
+# 3: session-id
 testrun(){
     family=$1
     sock=$2
-    port=$3
+    id=$3
     
 cat <<EOF > $cfg
 <clixon-config xmlns="http://clicon.org/config">
@@ -31,7 +34,7 @@ cat <<EOF > $cfg
   <CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
   <CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>
   <CLICON_SOCK_FAMILY>$family</CLICON_SOCK_FAMILY>
-  <CLICON_SOCK_PORT>$port</CLICON_SOCK_PORT>
+  <CLICON_SOCK_PORT>4535</CLICON_SOCK_PORT>
   <CLICON_SOCK>$sock</CLICON_SOCK>
   <CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
   <CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
@@ -57,6 +60,12 @@ EOF
     new "$clixon_cli -1f $cfg show version"
     expectfn "$clixon_cli -1f $cfg show version" 0 "$version."
  
+    new "hello session-id 1"
+    expecteof "$clixon_util_socket -a $family -s $sock -D $DBG" 0 "<hello/>" "<hello><session-id>1</session-id></hello>"
+
+    new "hello session-id 2"
+    expecteof "$clixon_util_socket -a $family -s $sock -D $DBG" 0 "<hello/>" "<hello><session-id>2</session-id></hello>"
+
     if [ $BE -ne 0 ]; then
 	new "Kill backend"
 	# Check if premature kill
@@ -70,10 +79,10 @@ EOF
 }
 
 new "Unix socket"
-testrun UNIX $dir/sock 0
+testrun UNIX $dir/sock 
 
 new "IPv4 socket"
-testrun IPv4 127.0.0.1 7878
+testrun IPv4 127.0.0.1 
 
 #new "IPv6 socket" NYI
 #testrun IPv6 ::1 7878

yang/clixon/clixon-config@2019-09-11.yang

@@ -586,7 +586,7 @@ module clixon-config {
 	    type string;
 	    default "_nacm_recovery";
 	    description
-		"C8341 defines a 'recovery session' as outside the scope. Clixon
+		"RFC8341 defines a 'recovery session' as outside the scope. Clixon
                  defines this user as having special admin rights to exempt from
                  all access control enforcements.
                  Note setting of CLICON_NACM_CREDENTIALS is important, if set to