experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* NACM Data node READ access module support (RFC8341 3.4.5)

Browse source 
* Access control points added for `get` and `get-config` in addition to incoming rpc.
   * RFC 8341 Example A.2 implemented, see: [test/test_nacm_module.sh]
* Added `username` argument on `xmldb_put()` datastore function for NACM data-node write checks
* Added `xml_rootchild_node()` lib function as variant of `xml_rootchild()`
This commit is contained in:
Olof hagsand 2019-01-27 13:26:15 +01:00
parent 04bb05c83f
commit ffecebf32a
20 changed files with 656 additions and 145 deletions
Download patch file Download diff file Expand all files Collapse all files

14
apps/restconf/restconf_methods.c
View file

@ -643,18 +643,19 @@ match_list_keys(yang_stmt *y,
char *keyd;
if (y->ys_keyword != Y_LIST &&y->ys_keyword != Y_LEAF_LIST)
return -1;
goto done;
cvk = y->ys_cvec; /* Use Y_LIST cache, see ys_populate_list() */
cvi = NULL;
while ((cvi = cvec_each(cvk, cvi)) != NULL) {
keyname = cv_string_get(cvi);
if ((xkeya = xml_find(xapipath, keyname)) == NULL)
goto done; /* No key in api-path */
keya = xml_body(xkeya);
if ((keya = xml_body(xkeya)) == NULL)
goto done;
if ((xkeyd = xml_find(xdata, keyname)) == NULL)
goto done; /* No key in data */
keyd = xml_body(xkeyd);
if ((keyd = xml_body(xkeyd)) == NULL)
goto done;
if (strcmp(keya, keyd) != 0)
goto done; /* keys dont match */
}
@ -778,7 +779,7 @@ api_data_put(clicon_handle h,
goto done;
goto ok;
}
}
}
/* The message-body MUST contain exactly one instance of the
* expected data resource.
*/
@ -807,6 +808,7 @@ api_data_put(clicon_handle h,
goto ok;
}
}
/* Add operation (create/replace) as attribute */
if ((xa = xml_new("operation", x, NULL)) == NULL)
goto done;
@ -831,6 +833,7 @@ api_data_put(clicon_handle h,
xml_name_set(xtop, "config");
}
else {
clicon_debug(1, "%s x:%s xbot:%s",__FUNCTION__, xml_name(x), xml_name(xbot));
/* Check same symbol in api-path as data */
if (strcmp(xml_name(x), xml_name(xbot))){
if (netconf_operation_failed_xml(&xerr, "protocol", "Not same symbol in api-path as data") < 0)
@ -896,7 +899,6 @@ api_data_put(clicon_handle h,
by NACM */
cprintf(cbx, "<rpc username=\"%s\">", NACM_RECOVERY_USER);
cprintf(cbx, "<commit/></rpc>");
if (clicon_rpc_netconf(h, cbuf_get(cbx), &xretcom, NULL) < 0)
goto done;
if ((xe = xpath_first(xretcom, "//rpc-error")) != NULL){