experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

further restconf refactoring

Browse source
This commit is contained in:
Olof hagsand 2020-06-11 21:54:09 +02:00
parent ff5462ecac
commit e2d9c046af
23 changed files with 1424 additions and 399 deletions
Download patch file Download diff file Expand all files Collapse all files

25
apps/restconf/Makefile.in
View file

@ -78,35 +78,30 @@ CPPFLAGS = @CPPFLAGS@ -fPIC
INCLUDES = -I. -I$(top_srcdir)/lib/src -I$(top_srcdir)/lib -I$(top_srcdir)/include -I$(top_srcdir) @INCLUDES@
# Applications
ifeq ($(with_restconf),fcgi)
APPL = clixon_restconf # fcgi / nginx
else
APPL = clixon_restconf_$(with_restconf)
endif
# Application
APPL = clixon_restconf
# Common source - not accessible from plugin - independent of restconf package (fcgi|evhtp)
#APPSRC = restconf_lib.c
APPSRC =
APPSRC += restconf_api.c # maybe empty
APPSRC += restconf_api_$(with_restconf).c # cant be .so since libevhtp is a.
APPSRC += restconf_root.c
APPSRC += restconf_$(with_restconf)_main.c
# Fcgi-specific source including main
ifeq ($(with_restconf),fcgi)
APPSRC = restconf_fcgi_lib.c
APPSRC += restconf_fcgi_main.c
APPSRC += restconf_methods.c # These should be moved ^
APPSRC += restconf_fcgi_lib.c # Most of these should be made generic
APPSRC += restconf_methods.c
APPSRC += restconf_methods_post.c
APPSRC += restconf_methods_get.c
APPSRC += restconf_stream.c
endif
# Evhtp-specific source including main
ifeq ($(with_restconf),evhtp)
APPSRC = restconf_evhtp_main.c
endif
APPOBJ = $(APPSRC:.c=.o)
# Accessible from plugin
LIBSRC = restconf_lib.c
LIBOBJ = $(LIBSRC:.c=.o)
# This lib is very small but used for clixon restconf applications to access clixon restconf lib

66
apps/restconf/restconf_api.c Normal file
View file

@ -0,0 +1,66 @@
/*
*
***** BEGIN LICENSE BLOCK *****
Copyright (C) 2009-2019 Olof Hagsand
Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate)
This file is part of CLIXON.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Alternatively, the contents of this file may be used under the terms of
the GNU General Public License Version 3 or later (the "GPL"),
in which case the provisions of the GPL are applicable instead
of those above. If you wish to allow use of your version of this file only
under the terms of the GPL, and not to allow others to
use your version of this file under the terms of Apache License version 2,
indicate your decision by deleting the provisions above and replace them with
the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this file under
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****
* Generic restconf API functions
*/
#ifdef HAVE_CONFIG_H
#include "clixon_config.h" /* generated by config & autoconf */
#endif
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <syslog.h>
#include <fcntl.h>
#include <time.h>
#include <limits.h>
#include <signal.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <libgen.h>
#include <sys/stat.h> /* chmod */
/* cligen */
#include <cligen/cligen.h>
/* clicon */
#include <clixon/clixon.h>
/* restconf */
#include "restconf_lib.h"
#include "restconf_api.h"

54
apps/restconf/restconf_api.h Normal file
View file

@ -0,0 +1,54 @@
/*
*
***** BEGIN LICENSE BLOCK *****
Copyright (C) 2009-2019 Olof Hagsand
Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate)
This file is part of CLIXON.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Alternatively, the contents of this file may be used under the terms of
the GNU General Public License Version 3 or later (the "GPL"),
in which case the provisions of the GPL are applicable instead
of those above. If you wish to allow use of your version of this file only
under the terms of the GPL, and not to allow others to
use your version of this file under the terms of Apache License version 2,
indicate your decision by deleting the provisions above and replace them with
the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this file under
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****
*
* Virtual clixon restconf API functions.
*/
#ifndef _RESTCONF_API_H_
#define _RESTCONF_API_H_
/*
* Prototypes
*/
int restconf_reply_status_code(void *req, int code);
#if defined(__GNUC__) && __GNUC__ >= 3
int restconf_reply_header_add(void *req, char *name, char *vfmt, ...) __attribute__ ((format (printf, 3, 4)));
#else
int restconf_reply_header_add(FCGX_Request *req, char *name, char *vfmt, ...);
#endif
int restconf_reply_send(void *req, cbuf *cb);
#endif /* _RESTCONF_API_H_ */

183
apps/restconf/restconf_api_evhtp.c Normal file
View file

@ -0,0 +1,183 @@
/*
*
***** BEGIN LICENSE BLOCK *****
Copyright (C) 2009-2020 Olof Hagsand
Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate)
This file is part of CLIXON.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Alternatively, the contents of this file may be used under the terms of
the GNU General Public License Version 3 or later (the "GPL"),
in which case the provisions of the GPL are applicable instead
of those above. If you wish to allow use of your version of this file only
under the terms of the GPL, and not to allow others to
use your version of this file under the terms of Apache License version 2,
indicate your decision by deleting the provisions above and replace them with
the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this file under
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****
* Concrete functions for libevhtp of the
* Virtual clixon restconf API functions.
* @see restconf_api.h for virtual API
*/
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <syslog.h>
#include <fcntl.h>
#include <ctype.h>
#include <time.h>
#include <signal.h>
#include <dlfcn.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/wait.h>
/* evhtp */
#include <evhtp/evhtp.h>
#include <evhtp/sslutils.h>
/* cligen */
#include <cligen/cligen.h>
/* clicon */
#include <clixon/clixon.h>
#include "restconf_lib.h"
#include "restconf_api.h" /* Virtual api */
/*! Add HTTP header field name and value to reply, evhtp specific
* @param[in] req Evhtp http request handle
* @param[in] code HTTP status code
* @see eg RFC 7230
*/
int
restconf_reply_status_code(void *req0,
int code)
{
evhtp_request_t *req = (evhtp_request_t *)req0;
req->status = code;
return 0;
}
/*! Add HTTP header field name and value to reply, evhtp specific
* @param[in] req Evhtp http request handle
* @param[in] name HTTP header field name
* @param[in] vfmt HTTP header field value format string w variable parameter
* @see eg RFC 7230
*/
int
restconf_reply_header_add(void *req0,
char *name,
char *vfmt,
...)
{
evhtp_request_t *req = (evhtp_request_t *)req0;
int retval = -1;
size_t vlen;
char *value = NULL;
va_list ap;
evhtp_header_t *evhdr;
if (req == NULL || name == NULL || vfmt == NULL){
clicon_err(OE_CFG, EINVAL, "req, name or value is NULL");
return -1;
}
va_start(ap, vfmt);
vlen = vsnprintf(NULL, 0, vfmt, ap);
va_end(ap);
/* allocate value string exactly fitting */
if ((value = malloc(vlen+1)) == NULL){
clicon_err(OE_UNIX, errno, "malloc");
goto done;
}
/* second round: compute actual value */
va_start(ap, vfmt);
if (vsnprintf(value, vlen+1, vfmt, ap) < 0){
clicon_err(OE_UNIX, errno, "vsnprintf");
va_end(ap);
goto done;
}
va_end(ap);
if ((evhdr = evhtp_header_new(name, value, 0, 1)) == NULL){ /* 1: free after use */
clicon_err(OE_CFG, errno, "evhttp_header_new");
goto done;
}
value = NULL; /* freed by evhtp */
evhtp_headers_add_header(req->headers_out, evhdr);
retval = 0;
done:
if (value)
free(value);
return retval;
}
/*! Send HTTP reply with potential message body
* @param[in] req Evhtp http request handle
* @param[in] cb Body as a cbuf, send if
*
* Prerequisites: status code set, headers given, body if wanted set
*/
int
restconf_reply_send(void *req0,
cbuf *cb)
{
evhtp_request_t *req = (evhtp_request_t *)req0;
int retval = -1;
evhtp_connection_t *conn;
struct evbuffer *eb = NULL;
#if 1 /* Optional? */
if ((conn = evhtp_request_get_connection(req)) == NULL){
clicon_err(OE_DAEMON, EFAULT, "evhtp_request_get_connection");
goto done;
}
htp_sslutil_add_xheaders(req->headers_out, conn->ssl, HTP_SSLUTILS_XHDR_ALL);
#endif
/* create evbuffer* : bufferevent_write_buffer/ drain,
ie send everything , except body */
evhtp_send_reply_start(req, req->status);
/* Write a body if cbuf is nonzero */
if (cb != NULL && cbuf_len(cb)){
/* Suboptimal, copy from cbuf to evbuffer */
if ((eb = evbuffer_new()) == NULL){
clicon_err(OE_CFG, errno, "evbuffer_new");
goto done;
}
if (evbuffer_add(eb, cbuf_get(cb), cbuf_len(cb)) < 0){
clicon_err(OE_CFG, errno, "evbuffer_add");
goto done;
}
evhtp_send_reply_body(req, eb); /* conn->bev = eb, body is different */
}
evhtp_send_reply_end(req); /* just flag finished */
retval = 0;
done:
if (eb)
evhtp_safe_free(eb, evbuffer_free);
return retval;
}

217
apps/restconf/restconf_api_fcgi.c Normal file
View file

@ -0,0 +1,217 @@
/*
*
***** BEGIN LICENSE BLOCK *****
Copyright (C) 2009-2020 Olof Hagsand
Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate)
This file is part of CLIXON.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Alternatively, the contents of this file may be used under the terms of
the GNU General Public License Version 3 or later (the "GPL"),
in which case the provisions of the GPL are applicable instead
of those above. If you wish to allow use of your version of this file only
under the terms of the GPL, and not to allow others to
use your version of this file under the terms of Apache License version 2,
indicate your decision by deleting the provisions above and replace them with
the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this file under
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****
* Concrete functions for FCGI of the
* Virtual clixon restconf API functions.
* @see restconf_api.h for virtual API
*/
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <syslog.h>
#include <fcntl.h>
#include <ctype.h>
#include <time.h>
#include <signal.h>
#include <dlfcn.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/wait.h>
/* cligen */
#include <cligen/cligen.h>
/* clicon */
#include <clixon/clixon.h>
#include <fcgiapp.h> /* Need to be after clixon_xml-h due to attribute format */
#include "restconf_lib.h"
#include "restconf_api.h" /* Virtual api */
/*! Add HTTP header field name and value to reply, fcgi specific
* @param[in] req Fastcgi request handle
* @param[in] code HTTP status code
* @see eg RFC 7230
*/
int
restconf_reply_status_code(void *req0,
int code)
{
FCGX_Request *req = (FCGX_Request *)req0;
FCGX_SetExitStatus(code, req->out);
return 0;
}
/*! HTTP headers done, if there is a message body coming next
* @param[in] req Fastcgi request handle
* @retval body Handle for body handling (in fcgi same as req)
*
* HTTP-message = start-line *( header-field CRLF ) CRLF [ message-body ]
* @see eg RFC 7230
* XXX may be unecessary (or body start or something)
*/
FCGX_Request *
restconf_reply_body_start(void *req0)
{
FCGX_Request *req = (FCGX_Request *)req0;
FCGX_FPrintF(req->out, "\r\n");
return req;
}
/*! Add HTTP header field name and value to reply, fcgi specific
* @param[in] req Fastcgi request handle
* @param[in] name HTTP header field name
* @param[in] vfmt HTTP header field value format string w variable parameter
* @see eg RFC 7230
*/
int
restconf_reply_header_add(void *req0,
char *name,
char *vfmt,
...)
{
FCGX_Request *req = (FCGX_Request *)req0;
int retval = -1;
size_t vlen;
char *value = NULL;
va_list ap;
if (req == NULL || name == NULL || vfmt == NULL){
clicon_err(OE_CFG, EINVAL, "req, name or value is NULL");
return -1;
}
va_start(ap, vfmt);
vlen = vsnprintf(NULL, 0, vfmt, ap);
va_end(ap);
/* allocate value string exactly fitting */
if ((value = malloc(vlen+1)) == NULL){
clicon_err(OE_UNIX, errno, "malloc");
goto done;
}
/* second round: compute actual value */
va_start(ap, vfmt);
if (vsnprintf(value, vlen+1, vfmt, ap) < 0){
clicon_err(OE_UNIX, errno, "vsnprintf");
va_end(ap);
goto done;
}
va_end(ap);
FCGX_FPrintF(req->out, "%s: %s\r\n", name, value);
retval = 0;
done:
if (value)
free(value);
return retval;
}
/*! Add HTTP message body to reply, fcgi specific
* @param[in] req Fastcgi request handle
* @param[in,out] content_len This is for Content-Length header
* @param[in] bfmt HTTP message body format string w variable parameter
* @see eg RFC 7230
*/
int
restconf_reply_body_add(void *req0,
size_t *content_len,
char *bfmt,
...)
{
FCGX_Request *req = (FCGX_Request *)req0;
int retval = -1;
size_t sz;
size_t blen;
char *body = NULL;
va_list ap;
if (req == NULL || bfmt == NULL){
clicon_err(OE_CFG, EINVAL, "req or body is NULL");
return -1;
}
va_start(ap, bfmt);
blen = vsnprintf(NULL, 0, bfmt, ap);
va_end(ap);
/* allocate body string exactly fitting */
if ((body = malloc(blen+1)) == NULL){
clicon_err(OE_UNIX, errno, "malloc");
goto done;
}
/* second round: compute actual body */
va_start(ap, bfmt);
if (vsnprintf(body, blen+1, bfmt, ap) < 0){
clicon_err(OE_UNIX, errno, "vsnprintf");
va_end(ap);
goto done;
}
va_end(ap);
FCGX_FPrintF(req->out, "%s", body);
/* Increment in/out Content-Length parameter */
if (content_len){
sz = strlen(body);
*content_len += sz;
}
retval = 0;
done:
if (body)
free(body);
return retval;
}
/*! Send HTTP reply with potential message body
* @param[in] req Fastcgi request handle
* @param[in] cb Body as a cbuf, send if
*
* Prerequisites: status code set, headers given, body if wanted set
*/
int
restconf_reply_send(void *req0,
cbuf *cb)
{
FCGX_Request *req = (FCGX_Request *)req0;
int retval = -1;
/* Write a body if cbuf is nonzero */
if (cb != NULL && cbuf_len(cb)){
FCGX_FPrintF(req->out, "\r\n");
FCGX_FPrintF(req->out, "%s", cbuf_get(cb));
}
retval = 0;
return retval;
}

425
apps/restconf/restconf_evhtp_main.c
View file

@ -31,7 +31,8 @@
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****
* libevhtp code
*/
/* XXX temp constant should go away, */
@ -43,7 +44,7 @@
/* compilation withotu threading support
* XXX: could be disabled already in configure?
*/
#define EVHTP_DISABLE_EVTHR
//#define EVHTP_DISABLE_EVTHR
#define EVHTP_DISABLE_REGEX
#include <stdlib.h>
@ -73,13 +74,9 @@
/* restconf */
#include "restconf_lib.h"
#if 0 /* These are all dependent on FCGX */
#include "restconf_methods.h"
#include "restconf_methods_get.h"
#include "restconf_methods_post.h"
#include "restconf_stream.h"
#endif
#include "restconf_lib.h" /* generic shared with plugins */
#include "restconf_api.h" /* generic not shared with plugins */
#include "restconf_root.h"
/* Command line options to be passed to getopt(3) */
#define RESTCONF_OPTS "hD:f:l:p:d:y:a:u:o:P:c:k:"
@ -122,6 +119,178 @@ restconf_sig_child(int arg)
}
}
static char*
evhtp_method2str(enum htp_method m)
{
switch (m){
case htp_method_GET:
return "GET";
break;
case htp_method_HEAD:
return "HEAD";
break;
case htp_method_POST:
return "POST";
break;
case htp_method_PUT:
return "PUT";
break;
case htp_method_DELETE:
return "DELETE";
break;
case htp_method_PATCH:
return "PATCH";
break;
default:
return "XXX";
break;
}
}
static int
query_iterator(evhtp_header_t *hdr,
void *arg)
{
cvec *qvec = (cvec *)arg;
char *key;
char *val;
char *valu = NULL; /* unescaped value */
cg_var *cv;
key = hdr->key;
val = hdr->val;
if (uri_percent_decode(val, &valu) < 0)
return -1;
if ((cv = cvec_add(qvec, CGV_STRING)) == NULL){
clicon_err(OE_UNIX, errno, "cvec_add");
return -1;
}
cv_name_set(cv, key);
cv_string_set(cv, valu);
if (valu)
free(valu);
return 0;
}
/*! Map from evhtp information to "fcgi" type parameters used in clixon code
*
* While all these params come via one call in fcgi, the information must be taken from
* several different places in evhtp
* @param[in] h Clicon handle
* @param[in] req Evhtp request struct
* @retval 0 OK
* @retval -1 Error
* The following parameters are set:
* QUERY_STRING
* REQUEST_METHOD
* REQUEST_URI
* HTTPS
* HTTP_HOST
* HTTP_ACCEPT
* HTTP_CONTENT_TYPE
* @note there may be more used by an application plugin
*/
static int
evhtp_params_set(clicon_handle h,
evhtp_request_t *req,
cvec *qvec)
{
int retval = -1;
htp_method meth;
evhtp_uri_t *uri;
evhtp_path_t *path;
evhtp_header_t *hdr;
if ((uri = req->uri) == NULL){
clicon_err(OE_DAEMON, EFAULT, "No uri");
goto done;
}
if ((path = uri->path) == NULL){
clicon_err(OE_DAEMON, EFAULT, "No path");
goto done;
}
meth = evhtp_request_get_method(req);
/* QUERY_STRING */
if (qvec && uri->query)
if (evhtp_kvs_for_each(uri->query, query_iterator, qvec) < 0){
clicon_err(OE_CFG, errno, "evhtp_kvs_for_each");
goto done;
}
if (clixon_restconf_param_set(h, "REQUEST_METHOD", evhtp_method2str(meth)) < 0)
goto done;
if (clixon_restconf_param_set(h, "REQUEST_URI", path->full) < 0)
goto done;
if (clixon_restconf_param_set(h, "HTTPS", "https") < 0) /* some string or NULL */
goto done;
if ((hdr = evhtp_headers_find_header(req->headers_in, "Host")) != NULL){
if (clixon_restconf_param_set(h, "HTTP_HOST", hdr->val) < 0)
goto done;
}
if ((hdr = evhtp_headers_find_header(req->headers_in, "Accept")) != NULL){
if (clixon_restconf_param_set(h, "HTTP_ACCEPT", hdr->val) < 0)
goto done;
}
if ((hdr = evhtp_headers_find_header(req->headers_in, "Content-Type")) != NULL){
if (clixon_restconf_param_set(h, "HTTP_CONTENT_TYPE", hdr->val) < 0)
goto done;
}
retval = 0;
done:
return retval;
}
static int
evhtp_params_clear(clicon_handle h)
{
int retval = -1;
char *params[] = {"QUERY_STRING", "REQUEST_METHOD", "REQUEST_URI",
"HTTPS", "HTTP_HOST", "HTTP_ACCEPT", "HTTP_CONTENT_TYPE", NULL};
char *param;
int i=0;
while((param=params[i]) != NULL)
if (clixon_restconf_param_del(h, param) < 0)
goto done;
retval = 0;
done:
return retval;
}
static int
print_header(evhtp_header_t *header,
void *arg)
{
// clicon_handle h = (clicon_handle)arg;
clicon_debug(1, "%s %s %s",
__FUNCTION__, header->key, header->val);
return 0;
}
static evhtp_res
cx_pre_accept(evhtp_connection_t *conn,
void *arg)
{
// clicon_handle h = (clicon_handle)arg;
clicon_debug(1, "%s", __FUNCTION__);
return EVHTP_RES_OK;
}
static evhtp_res
cx_post_accept(evhtp_connection_t *conn,
void *arg)
{
// clicon_handle h = (clicon_handle)arg;
clicon_debug(1, "%s", __FUNCTION__);
return EVHTP_RES_OK;
}
/*! Generic callback called if no other callbacks are matched
*/
static void
cx_gencb(evhtp_request_t *req,
void *arg)
@ -129,7 +298,7 @@ cx_gencb(evhtp_request_t *req,
evhtp_connection_t *conn;
// clicon_handle h = arg;
fprintf(stderr, "%s\n", __FUNCTION__);
clicon_debug(1, "%s", __FUNCTION__);
if (req == NULL){
errno = EINVAL;
return;
@ -145,67 +314,105 @@ cx_gencb(evhtp_request_t *req,
return; /* void */
}
static evhtp_res
cx_pre_accept(evhtp_connection_t *conn,
void *arg)
/*! /.well-known callback
* @see cx_genb
*/
static void
cx_path_wellknown(evhtp_request_t *req,
void *arg)
{
fprintf(stderr, "%s\n", __FUNCTION__);
return EVHTP_RES_OK;
clicon_handle h = arg;
/* input debug */
if (clicon_debug_get())
evhtp_headers_for_each(req->headers_in, print_header, h);
/* get accepted connection */
/* set fcgi-like paramaters (ignore query vector) */
if (evhtp_params_set(h, req, NULL) < 0)
goto done;
/* call generic function */
if (api_well_known(h, req) < 0)
goto done;
/* Clear (fcgi) paramaters from this request */
if (evhtp_params_clear(h) < 0)
goto done;
done:
return; /* void */
}
static evhtp_res
cx_post_accept(evhtp_connection_t *conn,
void *arg)
{
fprintf(stderr, "%s\n", __FUNCTION__);
return EVHTP_RES_OK;
}
static int
print_header_(evhtp_header_t * header, void * arg) {
fprintf(stderr, "%s: %s\n", header->key, header->val);
return 0;
}
/*! Generic callback called if no other callbacks are matched
/*! /restconf callback
* @see cx_genb
*/
static void
cx_path_restconf(evhtp_request_t *req,
void *arg)
{
evhtp_connection_t *conn;
// clicon_handle h = arg;
clicon_handle h = arg;
struct evbuffer *b = NULL;
htp_method meth;
cvec *qvec = NULL;
size_t len = 0;
cbuf *cblen = NULL;
fprintf(stderr, "%s\n", __FUNCTION__);
clicon_debug(1, "%s", __FUNCTION__);
if (req == NULL){
errno = EINVAL;
goto done;
}
if ((conn = evhtp_request_get_connection(req)) == NULL)
goto done;
meth = evhtp_request_get_method(req);
fprintf(stderr, "%s method:%d\n", __FUNCTION__, meth);
evhtp_headers_for_each(req->headers_in, print_header_, NULL);
/* input debug */
if (clicon_debug_get())
evhtp_headers_for_each(req->headers_in, print_header, h);
if ((b = evbuffer_new()) == NULL){
if ((cblen = cbuf_new()) == NULL){
clicon_err(OE_UNIX, errno, "cbuf_new");
goto done;
}
htp_sslutil_add_xheaders(
req->headers_out,
conn->ssl,
HTP_SSLUTILS_XHDR_ALL);
/* Query vector, ie the ?a=x&b=y stuff */
if ((qvec = cvec_new(0)) ==NULL){
clicon_err(OE_UNIX, errno, "cvec_new");
goto done;
}
/* get accepted connection */
if ((conn = evhtp_request_get_connection(req)) == NULL){
clicon_err(OE_DAEMON, EFAULT, "evhtp_request_get_connection");
goto done;
}
/* Get all parameters from this request (resembling fcgi) */
if (evhtp_params_set(h, req, qvec) < 0)
goto done;
/* 1. create body */
if ((b = evbuffer_new()) == NULL){
clicon_err(OE_DAEMON, errno, "evbuffer_new");
goto done;
}
cprintf(cblen, "%lu", len);
/* 2. add headers (can mix with body) */
evhtp_headers_add_header(req->headers_out, evhtp_header_new("Cache-Control", "no-cache", 0, 0));
evhtp_headers_add_header(req->headers_out, evhtp_header_new("Content-Type", "application/xrd+xml", 0, 0));
evhtp_headers_add_header(req->headers_out, evhtp_header_new("Content-Length", cbuf_get(cblen), 0, 0));
/* Optional? */
htp_sslutil_add_xheaders(req->headers_out, conn->ssl, HTP_SSLUTILS_XHDR_ALL);
/* 3. send reply */
evhtp_send_reply_start(req, EVHTP_RES_OK);
evbuffer_add(b, "hej\n", strlen("hej\n\n"));
evhtp_send_reply_body(req, b);
evhtp_send_reply_end(req);
// evhtp_headers_add_header(request->headers_out, evhtp_header_new("Host", "localhost", 0, 0)); evhtp_headers_add_headers(request->headers_out, headers);
/* Clear (fcgi)paramaters */
if (evhtp_params_clear(h) < 0)
goto done;
done:
if (qvec)
cvec_free(qvec);
if (cblen)
cbuf_free(cblen);
if (b)
evhtp_safe_free(b, evbuffer_free);
return; /* void */
}
@ -246,26 +453,27 @@ int
main(int argc,
char **argv)
{
int retval = -1;
char *argv0 = argv[0];
int c;
clicon_handle h;
char *dir;
int logdst = CLICON_LOG_SYSLOG;
yang_stmt *yspec = NULL;
char *str;
clixon_plugin *cp = NULL;
cvec *nsctx_global = NULL; /* Global namespace context */
size_t cligen_buflen;
size_t cligen_bufthreshold;
uint16_t port = 443;
int retval = -1;
char *argv0 = argv[0];
int c;
clicon_handle h;
char *dir;
int logdst = CLICON_LOG_SYSLOG;
yang_stmt *yspec = NULL;
char *str;
clixon_plugin *cp = NULL;
cvec *nsctx_global = NULL; /* Global namespace context */
size_t cligen_buflen;
size_t cligen_bufthreshold;
uint16_t port = 443;
#ifdef _EVHTP_NYI
char *stream_path;
char *stream_path;
#endif
evhtp_t *htp = NULL;
struct event_base *evbase = NULL;
evhtp_ssl_cfg_t *ssl_config = NULL;
struct stat f_stat;
int dbg = 0;
/* In the startup, logs to stderr & debug flag set later */
clicon_log_init(__PROGRAM__, LOG_INFO, logdst);
@ -282,7 +490,7 @@ main(int argc,
usage(h, argv0);
break;
case 'D' : /* debug */
if (sscanf(optarg, "%d", &debug) != 1)
if (sscanf(optarg, "%d", &dbg) != 1)
usage(h, argv0);
break;
case 'f': /* override config file */
@ -303,9 +511,9 @@ main(int argc,
/*
* Logs, error and debug to stderr or syslog, set debug level
*/
clicon_log_init(__PROGRAM__, debug?LOG_DEBUG:LOG_INFO, logdst);
clicon_log_init(__PROGRAM__, dbg?LOG_DEBUG:LOG_INFO, logdst);
clicon_debug_init(debug, NULL);
clicon_debug_init(dbg, NULL);
clicon_log(LOG_NOTICE, "%s: %u Started", __PROGRAM__, getpid());
if (set_signal(SIGTERM, restconf_sig_term, NULL) < 0){
clicon_err(OE_DAEMON, errno, "Setting signal");
@ -390,7 +598,6 @@ main(int argc,
}
argc -= optind;
argv += optind;
/* Check ssl mandatory options */
if (ssl_config->pemfile == NULL || ssl_config->privfile == NULL)
usage(h, argv0);
@ -412,6 +619,53 @@ main(int argc,
/* Access the remaining argv/argc options (after --) w clicon-argv_get() */
clicon_argv_set(h, argv0, argc, argv);
/* Init evhtp */
if ((evbase = event_base_new()) == NULL){
clicon_err(OE_UNIX, errno, "event_base_new");
goto done;
}
/* create a new evhtp_t instance */
if ((htp = evhtp_new(evbase, NULL)) == NULL){
clicon_err(OE_UNIX, errno, "evhtp_new");
goto done;
}
if (evhtp_ssl_init(htp, ssl_config) < 0){
clicon_err(OE_UNIX, errno, "evhtp_new");
goto done;
}
#ifndef EVHTP_DISABLE_EVTHR
evhtp_use_threads_wexit(htp, NULL, NULL, 4, NULL);
#endif
/* Callback before the connection is accepted. */
evhtp_set_pre_accept_cb(htp, cx_pre_accept, h);
/* Callback right after a connection is accepted. */
evhtp_set_post_accept_cb(htp, cx_post_accept, h);
/* Callback to be executed for all /restconf api calls */
if (evhtp_set_cb(htp, "/" RESTCONF_API, cx_path_restconf, h) == NULL){
clicon_err(OE_EVENTS, errno, "evhtp_set_cb");
goto done;
}
/* Callback to be executed for all /restconf api calls */
if (evhtp_set_cb(htp, RESTCONF_WELL_KNOWN, cx_path_wellknown, h) == NULL){
clicon_err(OE_EVENTS, errno, "evhtp_set_cb");
goto done;
}
/* Generic callback called if no other callbacks are matched */
evhtp_set_gencb(htp, cx_gencb, h);
/* bind to a socket, optionally with specific protocol support formatting
* If port is proteced must be done as root?
*/
if (evhtp_bind_socket(htp, "127.0.0.1", port, 128) < 0){
clicon_err(OE_UNIX, errno, "evhtp_bind_socket");
goto done;
}
if (restconf_drop_privileges(h, WWWUSER) < 0)
goto done;
/* Init cligen buffers */
cligen_buflen = clicon_option_int(h, "CLICON_CLI_BUF_START");
cligen_bufthreshold = clicon_option_int(h, "CLICON_CLI_BUF_THRESHOLD");
@ -422,7 +676,6 @@ main(int argc,
*/
if (netconf_module_features(h) < 0)
goto done;
/* Create top-level yang spec and store as option */
if ((yspec = yspec_new()) == NULL)
goto done;
@ -491,8 +744,8 @@ main(int argc,
goto done;
/* Dump configuration options on debug */
if (debug)
clicon_option_dump(h, debug);
if (dbg)
clicon_option_dump(h, dbg);
/* Call start function in all plugins before we go interactive
*/
@ -503,40 +756,6 @@ main(int argc,
if (clicon_options_main(h) < 0)
goto done;
/* Init evhtp */
if ((evbase = event_base_new()) == NULL){
clicon_err(OE_UNIX, errno, "event_base_new");
goto done;
}
/* create a new evhtp_t instance */
if ((htp = evhtp_new(evbase, NULL)) == NULL){
clicon_err(OE_UNIX, errno, "evhtp_new");
goto done;
}
if (evhtp_ssl_init(htp, ssl_config) < 0){
clicon_err(OE_UNIX, errno, "evhtp_new");
goto done;
}
/* Generic callback called if no other callbacks are matched */
evhtp_set_gencb(htp, cx_gencb, h);
/* Callback before the connection is accepted. */
evhtp_set_pre_accept_cb(htp, cx_pre_accept, h);
/* Callback right after a connection is accepted. */
evhtp_set_post_accept_cb(htp, cx_post_accept, h);
/* Callback to be executed on a specific path */
if (evhtp_set_cb(htp, "/" RESTCONF_API, cx_path_restconf, h) == NULL){
clicon_err(OE_EVENTS, errno, "evhtp_set_cb");
goto done;
}
/* bind to a socket, optionally with specific protocol support formatting */
if (evhtp_bind_socket(htp, "127.0.0.1", port, 128) < 0){
clicon_err(OE_UNIX, errno, "evhtp_bind_socket");
goto done;
}
event_base_loop(evbase, 0);

3
apps/restconf/restconf_fcgi_lib.c
View file

@ -194,7 +194,7 @@ restconf_internal_server_error(clicon_handle h,
FCGX_Request *r)
{
char *path;
clicon_debug(1, "%s", __FUNCTION__);
path = clixon_restconf_param_get(h, "REQUEST_URI");
FCGX_FPrintF(r->out, "Status: 500 Internal Server Error\r\n"); /* 500 internal server error */
@ -478,4 +478,3 @@ http_location(clicon_handle h,
return retval;
}

8
apps/restconf/restconf_fcgi_lib.h
View file

@ -49,12 +49,12 @@ int restconf_conflict(FCGX_Request *r);
int restconf_unsupported_media(FCGX_Request *r);
int restconf_internal_server_error(clicon_handle h, FCGX_Request *r);
int restconf_notimplemented(FCGX_Request *r);
int restconf_test(FCGX_Request *r, int dbg);
int clixon_restconf_params_set(clicon_handle h, char **envp);
int restconf_test(FCGX_Request *r, int dbg);
int clixon_restconf_params_set(clicon_handle h,
char **envp);
int clixon_restconf_params_clear(clicon_handle h, char **envp);
cbuf *readdata(FCGX_Request *r);
int api_return_err(clicon_handle h, FCGX_Request *r, cxobj *xerr,
int pretty, enum restconf_media media, int code);
int api_return_err(clicon_handle h, FCGX_Request *r, cxobj *xerr, int pretty, restconf_media media, int code0);
int http_location(clicon_handle h, FCGX_Request *r, cxobj *xobj);
#endif /* _RESTCONF_FCGI_LIB_H_ */

146
apps/restconf/restconf_fcgi_main.c
View file

@ -77,9 +77,12 @@
#include <fcgiapp.h> /* Need to be after clixon_xml.h due to attribute format */
/* restconf */
#include "restconf_lib.h"
#include "restconf_fcgi_lib.h"
#include "restconf_methods.h"
#include "restconf_lib.h" /* generic shared with plugins */
#include "restconf_api.h" /* generic not shared with plugins */
#include "restconf_root.h" /* generic not shared with plugins */
#include "restconf_fcgi_lib.h" /* fcgi specific */
#include "restconf_methods.h" /* fcgi specific */
#include "restconf_methods_get.h"
#include "restconf_methods_post.h"
#include "restconf_stream.h"
@ -101,7 +104,7 @@
*/
static int
api_data(clicon_handle h,
FCGX_Request *r,
FCGX_Request *req,
char *api_path,
cvec *pcvec,
int pi,
@ -117,21 +120,21 @@ api_data(clicon_handle h,
request_method = clixon_restconf_param_get(h, "REQUEST_METHOD");
clicon_debug(1, "%s method:%s", __FUNCTION__, request_method);
if (strcmp(request_method, "OPTIONS")==0)
retval = api_data_options(h, r);
retval = api_data_options(h, req);
else if (strcmp(request_method, "HEAD")==0)
retval = api_data_head(h, r, api_path, pcvec, pi, qvec, pretty, media_out);
retval = api_data_head(h, req, api_path, pcvec, pi, qvec, pretty, media_out);
else if (strcmp(request_method, "GET")==0)
retval = api_data_get(h, r, api_path, pcvec, pi, qvec, pretty, media_out);
retval = api_data_get(h, req, api_path, pcvec, pi, qvec, pretty, media_out);
else if (strcmp(request_method, "POST")==0)
retval = api_data_post(h, r, api_path, pi, qvec, data, pretty, media_out);
retval = api_data_post(h, req, api_path, pi, qvec, data, pretty, media_out);
else if (strcmp(request_method, "PUT")==0)
retval = api_data_put(h, r, api_path, pcvec, pi, qvec, data, pretty, media_out);
retval = api_data_put(h, req, api_path, pcvec, pi, qvec, data, pretty, media_out);
else if (strcmp(request_method, "PATCH")==0)
retval = api_data_patch(h, r, api_path, pcvec, pi, qvec, data, pretty, media_out);
retval = api_data_patch(h, req, api_path, pcvec, pi, qvec, data, pretty, media_out);
else if (strcmp(request_method, "DELETE")==0)
retval = api_data_delete(h, r, api_path, pi, pretty, media_out);
retval = api_data_delete(h, req, api_path, pi, pretty, media_out);
else
retval = restconf_notfound(h, r);
retval = restconf_notfound(h, req);
clicon_debug(1, "%s retval:%d", __FUNCTION__, retval);
return retval;
}
@ -181,27 +184,44 @@ api_operations(clicon_handle h,
* In line with the best practices defined by [RFC7320], RESTCONF
* enables deployments to specify where the RESTCONF API is located.
*/
#if 0
static int
api_well_known(clicon_handle h,
FCGX_Request *r)
FCGX_Request *req)
{
clicon_debug(1, "%s", __FUNCTION__);
FCGX_FPrintF(r->out, "Cache-Control: no-cache\r\n");
FCGX_FPrintF(r->out, "Content-Type: application/xrd+xml\r\n");
FCGX_FPrintF(r->out, "\r\n");
FCGX_SetExitStatus(200, r->out); /* OK */
FCGX_FPrintF(r->out, "<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>\n");
FCGX_FPrintF(r->out, " <Link rel='restconf' href='/restconf'/>\n");
FCGX_FPrintF(r->out, "</XRD>\r\n");
char *request_method;
FCGX_Request *body;
/* call generic function */
if (api_well_known(h, req) < 0)
goto done;
clicon_debug(1, "%s", __FUNCTION__);
if (req == NULL){
errno = EINVAL;
goto done;
}
request_method = clixon_restconf_param_get(h, "REQUEST_METHOD");
if (strcmp(request_method, "GET") !=0 )
return restconf_method_notallowed(req, "GET");
restconf_reply_status_code(req, 200); /* OK */
restconf_reply_header_add(req, "Cache-Control", "no-cache");
restconf_reply_header_add(req, "Content-Type", "application/xrd+xml");
body = restconf_reply_body_start(req);
restconf_reply_body_add(body, NULL, "<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>\n");
restconf_reply_body_add(body, NULL, " <Link rel='restconf' href='/restconf'/>\n");
restconf_reply_body_add(body, NULL, "</XRD>\r\n");
done:
return 0;
}
#endif
/*! Retrieve the Top-Level API Resource
* @param[in] h Clicon handle
* @param[in] r Fastcgi request handle
* @note Only returns null for operations and data,...
* See RFC8040 3.3
* XXX doesnt check method
*/
static int
api_root(clicon_handle h,
@ -318,11 +338,11 @@ api_yang_library_version(clicon_handle h,
*/
static int
api_restconf(clicon_handle h,
FCGX_Request *r)
FCGX_Request *req)
{
int retval = -1;
char *path;
char *query;
char *query = NULL;
char *method;
char **pvec = NULL;
int pn;
@ -357,7 +377,7 @@ api_restconf(clicon_handle h,
if (strcmp(media_str, "*/*") == 0) /* catch-all */
media_out = YANG_DATA_JSON;
else{
retval = restconf_unsupported_media(r);
retval = restconf_unsupported_media(req);
goto done;
}
}
@ -367,34 +387,35 @@ api_restconf(clicon_handle h,
goto done;
/* Sanity check of path. Should be /restconf/ */
if (pn < 2){
restconf_notfound(h, r);
restconf_notfound(h, req);
goto ok;
}
if (strlen(pvec[0]) != 0){
retval = restconf_notfound(h, r);
retval = restconf_notfound(h, req);
goto done;
}
if (strcmp(pvec[1], RESTCONF_API)){
retval = restconf_notfound(h, r);
retval = restconf_notfound(h, req);
goto done;
}
restconf_test(r, 1);
restconf_test(req, 1);
if (pn == 2){
retval = api_root(h, r, pretty, media_out);
retval = api_root(h, req, pretty, media_out);
goto done;
}
if ((method = pvec[2]) == NULL){
retval = restconf_notfound(h, r);
retval = restconf_notfound(h, req);
goto done;
}
clicon_debug(1, "%s: method=%s", __FUNCTION__, method);
if (str2cvec(query, '&', '=', &qvec) < 0)
goto done;
if (query != NULL && strlen(query))
if (str2cvec(query, '&', '=', &qvec) < 0)
goto done;
if (str2cvec(path, '/', '=', &pcvec) < 0) /* rest url eg /album=ricky/foo */
goto done;
/* data */
if ((cb = readdata(r)) == NULL)
if ((cb = readdata(req)) == NULL)
goto done;
data = cbuf_get(cb);
clicon_debug(1, "%s DATA=%s", __FUNCTION__, data);
@ -404,7 +425,7 @@ api_restconf(clicon_handle h,
/* If present, check credentials. See "plugin_credentials" in plugin
* See RFC 8040 section 2.5
*/
if ((authenticated = clixon_plugin_auth_all(h, r)) < 0)
if ((authenticated = clixon_plugin_auth_all(h, req)) < 0)
goto done;
clicon_debug(1, "%s auth:%d %s", __FUNCTION__, authenticated, clicon_username_get(h));
@ -417,7 +438,7 @@ api_restconf(clicon_handle h,
if (netconf_access_denied_xml(&xret, "protocol", "The requested URL was unauthorized") < 0)
goto done;
if ((xerr = xpath_first(xret, NULL, "//rpc-error")) != NULL){
if (api_return_err(h, r, xerr, pretty, media_out, 0) < 0)
if (api_return_err(h, req, xerr, pretty, media_out, 0) < 0)
goto done;
goto ok;
}
@ -425,23 +446,23 @@ api_restconf(clicon_handle h,
}
clicon_debug(1, "%s auth2:%d %s", __FUNCTION__, authenticated, clicon_username_get(h));
if (strcmp(method, "yang-library-version")==0){
if (api_yang_library_version(h, r, pretty, media_out) < 0)
if (api_yang_library_version(h, req, pretty, media_out) < 0)
goto done;
}
else if (strcmp(method, "data") == 0){ /* restconf, skip /api/data */
if (api_data(h, r, path, pcvec, 2, qvec, data,
if (api_data(h, req, path, pcvec, 2, qvec, data,
pretty, media_out) < 0)
goto done;
}
else if (strcmp(method, "operations") == 0){ /* rpc */
if (api_operations(h, r, path, pcvec, 2, qvec, data,
if (api_operations(h, req, path, pcvec, 2, qvec, data,
pretty, media_out) < 0)
goto done;
}
else if (strcmp(method, "test") == 0)
restconf_test(r, 0);
restconf_test(req, 0);
else
restconf_notfound(h, r);
restconf_notfound(h, req);
ok:
retval = 0;
done:
@ -534,7 +555,7 @@ main(int argc,
int sock;
char *argv0 = argv[0];
FCGX_Request request;
FCGX_Request *r = &request;
FCGX_Request *req = &request;
int c;
char *sockpath;
char *path;
@ -664,6 +685,7 @@ main(int argc,
cligen_bufthreshold = clicon_option_int(h, "CLICON_CLI_BUF_THRESHOLD");
cbuf_alloc_set(cligen_buflen, cligen_bufthreshold);
/* Add (hardcoded) netconf features in case ietf-netconf loaded here
* Otherwise it is loaded in netconf_module_load below
*/
@ -759,7 +781,21 @@ main(int argc,
clicon_err(OE_CFG, errno, "FCGX_OpenSocket");
goto done;
}
#if 1
{
/* Change group of fcgi sock fronting reverse proxy to WWWUSER, the effective group is clicon
* which is backend. */
gid_t wgid = -1;
if (group_name2gid(WWWUSER, &wgid) < 0){
clicon_log(LOG_ERR, "'%s' does not seem to be a valid user group.", WWWUSER);
goto done;
}
if (chown(sockpath, -1, wgid) < 0){
clicon_err(OE_CFG, errno, "chown");
goto done;
}
}
#endif
if (clicon_socket_set(h, sock) < 0)
goto done;
/* umask settings may interfer: we want group to write: this is 774 */
@ -767,14 +803,18 @@ main(int argc,
clicon_err(OE_UNIX, errno, "chmod");
goto done;
}
if (FCGX_InitRequest(r, sock, 0) != 0){
#if 1
if (restconf_drop_privileges(h, WWWUSER) < 0)
goto done;
#endif
if (FCGX_InitRequest(req, sock, 0) != 0){
clicon_err(OE_CFG, errno, "FCGX_InitRequest");
goto done;
}
while (1) {
finish = 1; /* If zero, dont finish request, initiate new */
if (FCGX_Accept_r(r) < 0) {
if (FCGX_Accept_r(req) < 0) {
clicon_err(OE_CFG, errno, "FCGX_Accept_r");
goto done;
}
@ -794,32 +834,32 @@ main(int argc,
/* Translate from FCGI parameter form to Clixon runtime data
* XXX: potential name collision?
*/
if (clixon_restconf_params_set(h, r->envp) < 0)
if (clixon_restconf_params_set(h, req->envp) < 0)
goto done;
if ((path = clixon_restconf_param_get(h, "REQUEST_URI")) != NULL){
clicon_debug(1, "path: %s", path);
if (strncmp(path, "/" RESTCONF_API, strlen("/" RESTCONF_API)) == 0)
api_restconf(h, r); /* This is the function */
api_restconf(h, req); /* This is the function */
else if (strncmp(path+1, stream_path, strlen(stream_path)) == 0) {
api_stream(h, r, stream_path, &finish);
api_stream(h, req, stream_path, &finish);
}
else if (strncmp(path, RESTCONF_WELL_KNOWN, strlen(RESTCONF_WELL_KNOWN)) == 0) {
api_well_known(h, r); /* */
api_well_known(h, req); /* */
}
else{
clicon_debug(1, "top-level %s not found", path);
restconf_notfound(h, r);
restconf_notfound(h, req);
}
}
else
clicon_debug(1, "NULL URI");
if (clixon_restconf_params_clear(h, r->envp) < 0)
if (clixon_restconf_params_clear(h, req->envp) < 0)
goto done;
if (finish)
FCGX_Finish_r(r);
FCGX_Finish_r(req);
else{ /* A handler is forked so we initiate a new request after instead
of finnishing the old */
if (FCGX_InitRequest(r, sock, 0) != 0){
if (FCGX_InitRequest(req, sock, 0) != 0){
clicon_err(OE_CFG, errno, "FCGX_InitRequest");
goto done;
}

83
apps/restconf/restconf_lib.c
View file

@ -59,6 +59,7 @@
/* clicon */
#include <clixon/clixon.h>
#include "restconf_api.h"
#include "restconf_lib.h"
/* See RFC 8040 Section 7: Mapping from NETCONF<error-tag> to Status Code
@ -443,6 +444,13 @@ clixon_restconf_param_set(clicon_handle h,
return clicon_data_set(h, param, val);
}
/*! Delete restconf http parameter
* @param[in] h Clicon handle
* @param[in] name Data name
* @retval 0 OK
* @retval -1 Error
* Currently using clixon runtime data but there is risk for colliding names
*/
int
clixon_restconf_param_del(clicon_handle h,
char *param)
@ -469,3 +477,78 @@ restconf_uripath(clicon_handle h)
*q = '\0';
return path;
}
/*! Drop privileges from root to user (or already at user)
* @param[in] h Clicon handle
* @param[in] user Drop to this level
* Group set to clicon to communicate with backend
*/
int
restconf_drop_privileges(clicon_handle h,
char *user)
{
int retval = -1;
uid_t newuid = -1;
uid_t uid;
char *group;
gid_t gid = -1;
clicon_debug(1, "%s", __FUNCTION__);
/* Sanity check: backend group exists */
if ((group = clicon_sock_group(h)) == NULL){
clicon_err(OE_FATAL, 0, "clicon_sock_group option not set");
return -1;
}
if (group_name2gid(group, &gid) < 0){
clicon_log(LOG_ERR, "'%s' does not seem to be a valid user group.\n" /* \n required here due to multi-line log */
"The config demon requires a valid group to create a server UNIX socket\n"
"Define a valid CLICON_SOCK_GROUP in %s or via the -g option\n"
"or create the group and add the user to it. Check documentation for how to do this on your platform",
group,
clicon_configfile(h));
goto done;
}
/* Get (wanted) new www user id */
if (name2uid(user, &newuid) < 0){
clicon_err(OE_DAEMON, errno, "'%s' is not a valid user .\n", user);
goto done;
}
/* get current backend userid, if already at this level OK */
if ((uid = getuid()) == newuid)
goto ok;
if (uid != 0){
clicon_err(OE_DAEMON, EPERM, "Privileges can only be dropped from root user (uid is %u)\n", uid);
goto done;
}
if (setgid(gid) == -1) {
clicon_err(OE_DAEMON, errno, "setgid %d", gid);
goto done;
}
if (drop_priv_perm(newuid) < 0)
goto done;
/* Verify you cannot regain root privileges */
if (setuid(0) != -1){
clicon_err(OE_DAEMON, EPERM, "Could regain root privilieges");
goto done;
}
clicon_debug(1, "%s dropped privileges from root to %s(%d)",
__FUNCTION__, user, newuid);
ok:
retval = 0;
done:
return retval;
}
/*! HTTP error 405
* @param[in] req Generic Www handle
* @param[in] allow Which methods are allowed
*/
int
restconf_method_notallowed(void *req,
char *allow)
{
restconf_reply_status_code(req, 405);
restconf_reply_header_add(req, "Allow", "%s", allow);
return 0;
}

17
apps/restconf/restconf_lib.h
View file

@ -38,21 +38,8 @@
#define _RESTCONF_LIB_H_
/*
* Constants
* Types
*/
#define RESTCONF_API "restconf"
/* RESTCONF enables deployments to specify where the RESTCONF API is
located. The client discovers this by getting the "/.well-known/host-meta"
resource
*/
#define RESTCONF_WELL_KNOWN "/.well-known/host-meta"
/*
* Variables
*/
/*! RESTCONF media types
* @see http_media_map
* (also in clixon_restconf.h)
@ -81,5 +68,7 @@ char *clixon_restconf_param_get(clicon_handle h, char *param);
int clixon_restconf_param_set(clicon_handle h, char *param, char *val);
int clixon_restconf_param_del(clicon_handle h, char *param);
char *restconf_uripath(clicon_handle h);
int restconf_drop_privileges(clicon_handle h, char *user);
int restconf_method_notallowed(void *req, char *allow);
#endif /* _RESTCONF_LIB_H_ */

118
apps/restconf/restconf_root.c Normal file
View file

@ -0,0 +1,118 @@
/*
*
***** BEGIN LICENSE BLOCK *****
Copyright (C) 2009-2019 Olof Hagsand
Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate)
This file is part of CLIXON.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Alternatively, the contents of this file may be used under the terms of
the GNU General Public License Version 3 or later (the "GPL"),
in which case the provisions of the GPL are applicable instead
of those above. If you wish to allow use of your version of this file only
under the terms of the GPL, and not to allow others to
use your version of this file under the terms of Apache License version 2,
indicate your decision by deleting the provisions above and replace them with
the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this file under
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****
* Generic restconf root handlers eg for /restconf /.well-known, etc
*/
#ifdef HAVE_CONFIG_H
#include "clixon_config.h" /* generated by config & autoconf */
#endif
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <syslog.h>
#include <fcntl.h>
#include <time.h>
#include <limits.h>
#include <signal.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <libgen.h>
#include <sys/stat.h> /* chmod */
/* cligen */
#include <cligen/cligen.h>
/* clicon */
#include <clixon/clixon.h>
/* restconf */
#include "restconf_lib.h"
#include "restconf_api.h"
#include "restconf_root.h"
/*! Determine the root of the RESTCONF API
* @param[in] h Clicon handle
* @param[in] req Generic Www handle (can be part of clixon handle)
* @param[in] cb Body buffer
* @see RFC8040 3.1 and RFC7320
* In line with the best practices defined by [RFC7320], RESTCONF
* enables deployments to specify where the RESTCONF API is located.
*/
int
api_well_known(clicon_handle h,
void *req)
{
int retval = -1;
char *request_method;
cbuf *cb = NULL;
clicon_debug(1, "%s", __FUNCTION__);
if (req == NULL){
errno = EINVAL;
goto done;
}
request_method = clixon_restconf_param_get(h, "REQUEST_METHOD");
if (strcmp(request_method, "GET") != 0){
restconf_method_notallowed(req, "GET");
goto ok;
}
restconf_reply_status_code(req, 200); /* OK */
restconf_reply_header_add(req, "Cache-Control", "no-cache");
restconf_reply_header_add(req, "Content-Type", "application/xrd+xml");
/* Create body */
if ((cb = cbuf_new()) == NULL){
clicon_err(OE_UNIX, errno, "cbuf_new");
goto done;
}
cprintf(cb, "<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>\n");
cprintf(cb, " <Link rel='restconf' href='/restconf'/>\n");
cprintf(cb, "</XRD>\r\n");
/* Must be after body */
restconf_reply_header_add(req, "Content-Length", "%d", cbuf_len(cb));
if (restconf_reply_send(req, cb) < 0)
goto done;
ok:
retval = 0;
done:
if (cb)
cbuf_free(cb);
return retval;
}

57
apps/restconf/restconf_root.h Normal file
View file

@ -0,0 +1,57 @@
/*
*
***** BEGIN LICENSE BLOCK *****
Copyright (C) 2009-2019 Olof Hagsand
Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate)
This file is part of CLIXON.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Alternatively, the contents of this file may be used under the terms of
the GNU General Public License Version 3 or later (the "GPL"),
in which case the provisions of the GPL are applicable instead
of those above. If you wish to allow use of your version of this file only
under the terms of the GPL, and not to allow others to
use your version of this file under the terms of Apache License version 2,
indicate your decision by deleting the provisions above and replace them with
the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this file under
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****
*
* Generic restconf root handlers eg for /restconf /.well-known, etc
*/
#ifndef _RESTCONF_ROOT_H_
#define _RESTCONF_ROOT_H_
/*
* Constants
*/
#define RESTCONF_API "restconf"
/* RESTCONF enables deployments to specify where the RESTCONF API is
located. The client discovers this by getting the "/.well-known/host-meta"
resource
*/
#define RESTCONF_WELL_KNOWN "/.well-known/host-meta"
/*
* Prototypes
*/
int api_well_known(clicon_handle h, void *req);
#endif /* _RESTCONF_ROOT_H_ */