From d1e559957204469dd63e6413ac366839dd258bf4 Mon Sep 17 00:00:00 2001
From: Olof Hagsand <olof@hagsand.se>
Date: Sun, 14 Feb 2021 14:48:52 +0000
Subject: [PATCH] reorder clixon-restconf.yang and some test fixes

---
 apps/restconf/restconf_lib.c                |  2 +
 example/main/example_restconf.c             |  3 ++
 test/test_restconf_patch.sh                 | 26 ++++++-----
 yang/clixon/clixon-restconf@2020-12-30.yang | 52 ++++++++++++---------
 4 files changed, 50 insertions(+), 33 deletions(-)

diff --git a/apps/restconf/restconf_lib.c b/apps/restconf/restconf_lib.c
index 32b0b83d..da756d42 100644
--- a/apps/restconf/restconf_lib.c
+++ b/apps/restconf/restconf_lib.c
@@ -566,6 +566,8 @@ restconf_authentication_cb(clicon_handle  h,
  done:
     clicon_debug(1, "%s retval:%d authenticated:%d user:%s",
 		 __FUNCTION__, retval, authenticated, clicon_username_get(h));
+    if (username)
+	free(username);
     if (xret)
 	xml_free(xret);
     return retval;
diff --git a/example/main/example_restconf.c b/example/main/example_restconf.c
index 5ea1bcaa..39240228 100644
--- a/example/main/example_restconf.c
+++ b/example/main/example_restconf.c
@@ -254,10 +254,13 @@ example_basic_auth(clicon_handle h,
 	goto fail;
     /* authenticated */
     *userp = user;
+    user=NULL; /* to avoid free below */
     *authp = 1;
     retval = 0;
  done: /* error */
     clicon_debug(1, "%s retval:%d authp:%d userp:%s", __FUNCTION__, retval, *authp, *userp);
+    if (user)
+       free(user);
     if (cb)
 	cbuf_free(cb);
     if (xt)
diff --git a/test/test_restconf_patch.sh b/test/test_restconf_patch.sh
index 36b6df13..feef172f 100755
--- a/test/test_restconf_patch.sh
+++ b/test/test_restconf_patch.sh
@@ -150,6 +150,12 @@ expectpart "$(curl -u wilma:bar $CURLOPTS -X PATCH -H 'Content-Type: application
 new 'user is authorized'
 expectpart "$(curl -u andy:bar $CURLOPTS -X PATCH -H 'Content-Type: application/yang-data+json' $RCPROTO://localhost/restconf/data/example-jukebox:jukebox/library/artist=Clash -d '{"example-jukebox:artist":{"name":"Clash","album":{"name":"London Calling"}}}')" 0 "HTTP/1.1 204 No Content"
 
+# Kill old
+if [ $RC -ne 0 ]; then
+    new "Kill restconf daemon"
+    stop_restconf
+fi
+
 # Restart
 cat<<EOF > $startupdb
 <config>
@@ -249,19 +255,17 @@ if [ $RC -ne 0 ]; then
     stop_restconf
 fi
 
-if [ $BE -eq 0 ]; then
-    exit # BE
+if [ $BE -ne 0 ]; then
+    new "Kill backend"
+    # Check if premature kill
+    pid=$(pgrep -u root -f clixon_backend)
+    if [ -z "$pid" ]; then
+	err "backend already dead"
+    fi
+    # kill backend
+    stop_backend -f $cfg
 fi
 
-new "Kill backend"
-# Check if premature kill
-pid=$(pgrep -u root -f clixon_backend)
-if [ -z "$pid" ]; then
-    err "backend already dead"
-fi
-# kill backend
-stop_backend -f $cfg
-
 # Set by restconf_config
 unset RESTCONFIG
 
diff --git a/yang/clixon/clixon-restconf@2020-12-30.yang b/yang/clixon/clixon-restconf@2020-12-30.yang
index 5165f035..953aee76 100644
--- a/yang/clixon/clixon-restconf@2020-12-30.yang
+++ b/yang/clixon/clixon-restconf@2020-12-30.yang
@@ -105,24 +105,6 @@ module clixon-restconf {
                  Note client-certificate applies only if ssl-enable is true and socket has ssl";
 	    default none;
 	}
-	leaf server-cert-path {
-	    type string;
-	    description
-		"Path to server certificate file. 
-                 Note only applies if socket has ssl enabled";
-	}
-	leaf server-key-path {
-	    type string;
-	    description
-		"Path to server key file
-                 Note only applies if socket has ssl enabled";
-	}
-	leaf server-ca-cert-path {
-	    type string;
-	    description
-		"Path to server CA cert file
-	         Note only applies if socket has ssl enabled";
-	}
 	leaf debug {
 	    description
 		"Set debug level of restconf daemon. 
@@ -148,21 +130,47 @@ module clixon-restconf {
                  which may be desirable for performance or tests
                  This replaces the CLICON_RESTCONF_PRETTY option in clixon-config.yang";
 	}
+	/* From this point only specific options 
+	 * First fcgi-specific options
+	 */
 	leaf fcgi-socket {
-	    if-feature fcgi;
+	    if-feature fcgi; /* Set by default by fcgi clixon_restconf daemon */
 	    type string;
 	    default "/www-data/fastcgi_restconf.sock";
 	    description
-		"FastCGI unix socket. Should be specified in webserver
+		"Path to FastCGI unix socket. Should be specified in webserver
          	 Eg in nginx: fastcgi_pass unix:/www-data/clicon_restconf.sock
                  Only if with-restconf=fcgi, NOT evhtp
                  This replaces CLICON_RESTCONF_PATH option in clixon-config.yang";
 	}	
+	/* Second, evhtp-specific options */
+	leaf server-cert-path {
+	    type string;
+	    description
+		"Path to server certificate file. 
+                 Note only applies if socket has ssl enabled";
+	}
+	leaf server-key-path {
+	    type string;
+	    description
+		"Path to server key file
+                 Note only applies if socket has ssl enabled";
+	}
+	leaf server-ca-cert-path {
+	    type string;
+	    description
+		"Path to server CA cert file
+	         Note only applies if socket has ssl enabled";
+	}
 	list socket {
+	    description
+		"List of server sockets that the restconf daemon listens to";
 	    key "namespace address port";
 	    leaf namespace {
 		type string;
-		description "indicates a namespace for instance. On platforms where namespaces are not suppported, always 'default'";
+		description
+		    "Network namespace.
+                     On platforms where namespaces are not suppported, always 'default'";
 	    }
 	    leaf address {
 		type inet:ip-address;
@@ -170,7 +178,7 @@ module clixon-restconf {
 	    }
 	    leaf port {
 		type inet:port-number;
-		description "IP port to bind to";
+		description "TCP port to bind to";
 	    }
 	    leaf ssl {
 		type boolean;