Fixed: Fail on return errors when reading from datastore

2024-04-24 13:48:06 +02:00 · 2024-04-24 13:48:06 +02:00 · bd290e4594
commit bd290e4594
parent aba5c68fe2
10 changed files with 87 additions and 20 deletions
--- a/lib/clixon/clixon_nacm.h
+++ b/lib/clixon/clixon_nacm.h
@ -62,7 +62,7 @@ int nacm_datanode_read(clixon_handle h, cxobj *xt, cxobj **xvec, size_t xlen, ch
 int nacm_datanode_write(clixon_handle h, cxobj *xr, cxobj *xt,
                        enum nacm_access access,
                        char *username, cxobj *xnacm, cbuf *cbret);
-int nacm_access_pre(clixon_handle h, char *peername, char *username, cxobj **xnacmp);
+int nacm_access_pre(clixon_handle h, char *peername, char *username, cxobj **xnacmp, cbuf *cbret);
 int verify_nacm_user(clixon_handle h, enum nacm_credentials_t cred, char *peername, char *nacmname, char *rpcname, cbuf *cbret);

 #endif /* _CLIXON_NACM_H */
--- a/lib/src/clixon_datastore_read.c
+++ b/lib/src/clixon_datastore_read.c
@ -817,11 +817,14 @@ xmldb_get_cache(clixon_handle     h,
 * @retval    -1      Error
 * @note Use of 1 for OK
 * @code
- *   if (xmldb_get(xh, "running", NULL, "/interfaces/interface[name="eth"]", &xt) < 0)
+ *   if ((ret = xmldb_get(xh, "running", NULL, "/interfaces/interface[name="eth"]", &xt)) < 0)
+ *      err;
+ *   if (ret == 0)
 *      err;
 *   xml_free(xt);
 * @endcode
 * @see xmldb_get0  Underlying more capable API for enabling zero-copy
+ * XXX: OBSOLETE: use xmldb_get0 directly
 */
 int
 xmldb_get(clixon_handle    h,
--- a/lib/src/clixon_nacm.c
+++ b/lib/src/clixon_nacm.c
@ -72,6 +72,7 @@
 #include "clixon_datastore.h"
 #include "clixon_xml_nsctx.h"
 #include "clixon_xml_map.h"
+#include "clixon_xml_io.h"
 #include "clixon_path.h"
 #include "clixon_xml_vec.h"
 #include "clixon_nacm.h"
@ -1196,7 +1197,9 @@ nacm_access_check(clixon_handle h,
 * @param[in]  h        Clixon handle
 * @param[in]  peername Peer username if any
 * @param[in]  username User name of requestor
- * @param[out] xncam    NACM XML tree, set if retval=0. Free after use
+ * @param[out] xnacm    NACM XML tree, set if retval=0. Free after use
+ * @param[out] cbret    Error if ret == 2
+ * @retval     2        Failed on reading NACM from running (internal), cbret has error
 * @retval     1        OK permitted. You do not need to do next NACM step.
 * @retval     0        OK but not validated. Need to do NACM step using xnacm
 * @retval    -1        Error
@ -1215,7 +1218,8 @@ int
 nacm_access_pre(clixon_handle  h,
                char          *peername,
                char          *username,
-                cxobj        **xnacmp)
+                cxobj        **xnacmp,
+                cbuf          *cbret)
 {
    int    retval = -1;
    char  *mode;
@ -1223,6 +1227,8 @@ nacm_access_pre(clixon_handle  h,
    cxobj *xnacm0 = NULL;
    cxobj *xnacm = NULL;
    cvec  *nsc = NULL;
+    cxobj *xerr = NULL;
+    int    ret;

    /* Check clixon option: disabled, external tree or internal */
    mode = clicon_option_str(h, "CLICON_NACM_MODE");
@ -1236,8 +1242,13 @@ nacm_access_pre(clixon_handle  h,
                goto done;
    }
    else if (strcmp(mode, "internal")==0){
-        if (xmldb_get0(h, "running", YB_MODULE, nsc, "nacm", 1, 0, &xnacm0, NULL, NULL) < 0)
+        if ((ret = xmldb_get0(h, "running", YB_MODULE, nsc, "nacm", 1, 0, &xnacm0, NULL, &xerr)) < 0)
            goto done;
+        if (ret == 0){
+            if (clixon_xml2cbuf(cbret, xerr, 0, 0, NULL, -1, 0) < 0)
+                goto done;
+            goto fail;
+        }
    }
    else{
        clixon_err(OE_XML, 0, "Invalid NACM mode: %s", mode);
@ -1268,10 +1279,15 @@ nacm_access_pre(clixon_handle  h,
        xml_free(xnacm0);
    else if (xnacm)
        xml_free(xnacm);
+    else if (xerr)
+        xml_free(xerr);
    return retval;
 permit:
    retval = 1;
    goto done;
+ fail:
+    retval = 2;
+    goto done;
 }

 /*! Verify nacm user with peer uid credentials