restricted NACM recovery user

2020-08-06 21:43:27 +02:00 · 2020-08-06 21:43:27 +02:00 · a7737c283c
commit a7737c283c
parent 5c3f18c2da
7 changed files with 126 additions and 99 deletions
--- a/lib/clixon/clixon_nacm.h
+++ b/lib/clixon/clixon_nacm.h
@ -62,6 +62,7 @@ int nacm_datanode_read(clicon_handle h, cxobj *xt, cxobj **xvec, size_t xlen, ch
 int nacm_datanode_write(clicon_handle h, cxobj *xr, cxobj *xt,
 			enum nacm_access access,
 			char *username, cxobj *xnacm, cbuf *cbret);
-int nacm_access_pre(clicon_handle h, char *username, cxobj **xnacmp);
+int nacm_access_pre(clicon_handle h, char *peername, char *username, cxobj **xnacmp);
+int verify_nacm_user(enum nacm_credentials_t cred, char *peername, char *nacmname, cbuf *cbret);

 #endif /* _CLIXON_NACM_H */
--- a/lib/clixon/clixon_options.h
+++ b/lib/clixon/clixon_options.h
@ -95,7 +95,7 @@ enum priv_mode_t{

 /*! See clixon-config.yang type nacm_cred_mode (user credentials) */
 enum nacm_credentials_t{
-    NC_NONE=0,   /* "Dont match NACM user to any user credentials.  */
+    NC_NONE=0,   /* Dont match NACM user to any user credentials.  */
    NC_EXACT,    /* Exact match between NACM user and unix socket peer user. */
    NC_EXCEPT    /* Exact match except for root and www user  */
 };