* NACM extension (RFC8341)

* NACM module support (RFC8341 A1+A2) * Recovery user "_nacm_recovery" added. * Example use is restconf PUT when NACM edit-config is permitted, then automatic commit and discard are permitted using recovery user. * Example user changed adm1 to andy to comply with RFC8341 example * Yang code upgrade (RFC7950) * RPC method input parameters validated * see https://github.com/clicon/clixon/issues/4 * Correct XML namespace handling * XML multiple modules was based on "loose" semantics so that yang modules were found by iterating thorugh namespaces until a match was made. This did not adhere to proper [XML namespace handling](https://www.w3.org/TR/2009/REC-xml-names-20091208), and causes problems with overlapping names and false positives. Below see XML accepted (but wrong), and correct namespace declaration: ``` <rpc><my-own-method></rpc> # Wrong but accepted <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> # Correct <my-own-method xmlns="http://example.net/me/my-own/1.0"> </rpc> ``` * To keep old loose semantics set config option CLICON_XML_NS_ITERATE (true by default) * XML to JSON translator support for mapping xmlns attribute to module name prefix. * Default namespace is still "urn:ietf:params:xml:ns:netconf:base:1.0" * See https://github.com/clicon/clixon/issues/49 * Changed all make tags --> make TAGS * Keyvalue datastore removed (it has been disabled since 3.3.3) * debug rpc added in example application (should be in clixon-config).
2018-12-16 19:46:26 +01:00 · 2018-12-16 19:46:26 +01:00 · ae1af8da9e
commit ae1af8da9e
parent e5c0b06cf9
63 changed files with 1852 additions and 3492 deletions
--- a/example/README.md
+++ b/example/README.md
@ -191,10 +191,9 @@ state data.

 ## Authentication and NACM
 The example contains some stubs for authorization according to [RFC8341(NACM)](https://tools.ietf.org/html/rfc8341):
-* A basic auth HTTP callback, see: example_restconf_credentials() containing three example users: adm1, wilma, and guest, according to the examples in Appendix A in the RFC.
+* A basic auth HTTP callback, see: example_restconf_credentials() containing three example users: andy, wilma, and guest, according to the examples in Appendix A in [RFC8341](https://tools.ietf.org/html/rfc8341).
 * A NACM backend plugin reporting the mandatory NACM state variables.

-
 ## Systemd files

 Example systemd files for backend and restconf daemons are found under the systemd directory. Install them under /etc/systemd/system for example.
--- a/example/example.yang
+++ b/example/example.yang
@ -9,6 +9,7 @@ module example {
 	prefix ip;
    }
    import ietf-routing {
+        description "defines fib-route";
 	prefix rt;
    }
    import iana-if-type {
@ -72,4 +73,13 @@ module example {
 	    }
 	}
    }
+    rpc debug {
+	description "Set debug level of backend. XXX should be in clixon-config";
+	input {
+	    leaf level {
+		type uint32;
+	    }
+	}
+    }
+
 }
--- a/example/example_cli.c
+++ b/example/example_cli.c
@ -96,7 +96,7 @@ fib_route_rpc(clicon_handle h,
    /* User supplied variable in CLI command */
    instance = cvec_find(cvv, "instance"); /* get a cligen variable from vector */
    /* Create XML for fib-route netconf RPC */
-    if (xml_parse_va(&xtop, NULL, "<rpc username=\"%s\"><fib-route><routing-instance-name>%s</routing-instance-name></fib-route></rpc>",
+    if (xml_parse_va(&xtop, NULL, "<rpc xmlns=\"urn:ietf:params:xml:ns:netconf:base:1.0\" username=\"%s\"><fib-route xmlns=\"urn:ietf:params:xml:ns:yang:ietf-routing\"><routing-instance-name>%s</routing-instance-name></fib-route></rpc>",
 		     clicon_username_get(h),
 		     cv_string_get(instance)) < 0)
 	goto done;
--- a/example/example_restconf.c
+++ b/example/example_restconf.c
@ -191,7 +191,7 @@ b64_decode(const char *src,
 * @retval -1  Fatal error
 * @retval  0  Unauth
 * @retval  1  Auth
- * @note: Three hardwired users: adm1, wilma, guest w password "bar".
+ * @note: Three hardwired users: andy, wilma, guest w password "bar".
 * Enabled by passing -- -a to the main function
 */
 int
@ -237,9 +237,9 @@ example_restconf_credentials(clicon_handle h,
    /* Here get auth sub-tree whjere all the users are */
    if ((cb = cbuf_new()) == NULL)
 	goto done;
-    /* Hardcoded user/passwd */
-    if (strcmp(user, "wilma")==0 || strcmp(user, "adm1")==0 ||
-	strcmp(user, "quest")==0){
+    /* XXX Three hardcoded user/passwd (from RFC8341 A.1)*/
+    if (strcmp(user, "wilma")==0 || strcmp(user, "andy")==0 ||
+	strcmp(user, "guest")==0){
 	passwd2 = "bar";
    }
    if (strcmp(passwd, passwd2))
@ -282,7 +282,7 @@ restconf_client_rpc(clicon_handle h,
 /*! Start example restonf plugin. Set authentication method
 * Arguments are argc/argv after --
 * Currently defined: -a  enable http basic authentication
- * Note hardwired users adm1, wilma and guest
+ * @note There are three hardwired users andy, wilma and guest from RFC8341 A.1
 */
 int
 example_restconf_start(clicon_handle h,