/* * ***** BEGIN LICENSE BLOCK ***** Copyright (C) 2009-2019 Olof Hagsand Copyright (C) 2020-2021 Olof Hagsand and Rubicon Communications, LLC(Netgate) This file is part of CLIXON. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Alternatively, the contents of this file may be used under the terms of the GNU General Public License Version 3 or later (the "GPL"), in which case the provisions of the GPL are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the GPL, and not to allow others to use your version of this file under the terms of Apache License version 2, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the GPL. If you do not delete the provisions above, a recipient may use your version of this file under the terms of any one of the Apache License version 2 or the GPL. ***** END LICENSE BLOCK ***** * Generic restconf root handlers eg for /restconf /.well-known, etc */ #ifdef HAVE_CONFIG_H #include "clixon_config.h" /* generated by config & autoconf */ #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include /* chmod */ /* cligen */ #include /* clicon */ #include /* restconf */ #include "restconf_lib.h" #include "restconf_handle.h" #include "restconf_api.h" #include "restconf_err.h" #include "restconf_root.h" #include "restconf_methods.h" #include "restconf_methods_get.h" #include "restconf_methods_post.h" /*! Determine the root of the RESTCONF API by accessing /.well-known * @param[in] h Clicon handle * @param[in] req Generic Www handle (can be part of clixon handle) * @see RFC8040 3.1 and RFC7320 * In line with the best practices defined by [RFC7320], RESTCONF * enables deployments to specify where the RESTCONF API is located. */ int api_well_known(clicon_handle h, void *req) { int retval = -1; char *request_method; cbuf *cb = NULL; int pretty; int head; clicon_debug(1, "%s", __FUNCTION__); if (req == NULL){ errno = EINVAL; goto done; } request_method = restconf_param_get(h, "REQUEST_METHOD"); head = strcmp(request_method, "HEAD") == 0; if (!head && strcmp(request_method, "GET") != 0){ pretty = clicon_option_bool(h, "CLICON_RESTCONF_PRETTY"); if (restconf_method_notallowed(h, req, "GET,HEAD", pretty, YANG_DATA_JSON) < 0) goto done; goto ok; } if (restconf_reply_header(req, "Content-Type", "application/xrd+xml") < 0) goto done; if (restconf_reply_header(req, "Cache-Control", "no-cache") < 0) goto done; /* Create body */ if ((cb = cbuf_new()) == NULL){ clicon_err(OE_UNIX, errno, "cbuf_new"); goto done; } cprintf(cb, "\n"); cprintf(cb, " \n"); cprintf(cb, "\r\n"); if (restconf_reply_send(req, 200, cb, head) < 0) goto done; cb = NULL; ok: retval = 0; done: if (cb) cbuf_free(cb); return retval; } /*! Retrieve the Top-Level API Resource /restconf/ (exact) * @param[in] h Clicon handle * @param[in] req Generic request handle * @param[in] method Http method * @param[in] pretty Pretty print * @param[in] media_out Restconf output media * @note Only returns null for operations and data,... * See RFC8040 3.3 * @see api_root_restconf for accessing /restconf/ * */ static int api_root_restconf_exact(clicon_handle h, void *req, char *request_method, int pretty, restconf_media media_out) { int retval = -1; yang_stmt *yspec; cxobj *xt = NULL; cbuf *cb = NULL; int head; clicon_debug(1, "%s", __FUNCTION__); head = strcmp(request_method, "HEAD") == 0; if (!head && strcmp(request_method, "GET") != 0){ if (restconf_method_notallowed(h, req, "GET", pretty, media_out) < 0) goto done; goto ok; } if ((yspec = clicon_dbspec_yang(h)) == NULL){ clicon_err(OE_FATAL, 0, "No DB_SPEC"); goto done; } if (restconf_reply_header(req, "Content-Type", "%s", restconf_media_int2str(media_out)) < 0) goto done; if (restconf_reply_header(req, "Cache-Control", "no-cache") < 0) goto done; if (clixon_xml_parse_string("" "

" IETF_YANG_LIBRARY_REVISION "

", YB_MODULE, yspec, &xt, NULL) < 0) goto done; if ((cb = cbuf_new()) == NULL){ clicon_err(OE_XML, errno, "cbuf_new"); goto done; } if (xml_rootchild(xt, 0, &xt) < 0) goto done; switch (media_out){ case YANG_DATA_XML: if (clicon_xml2cbuf(cb, xt, 0, pretty, -1) < 0) goto done; break; case YANG_DATA_JSON: if (xml2json_cbuf(cb, xt, pretty) < 0) goto done; break; default: break; } if (restconf_reply_send(req, 200, cb, head) < 0) goto done; cb = NULL; ok: retval = 0; done: if (cb) cbuf_free(cb); if (xt) xml_free(xt); return retval; } /** A stub implementation of the operational state datastore. The full * implementation is required by https://tools.ietf.org/html/rfc8527#section-3.1 * @param[in] h Clicon handle * @param[in] req Generic http handle * @param[in] pretty Pretty-print * @param[in] media_out Restconf output media */ static int api_operational_state(clicon_handle h, void *req, char *request_method, int pretty, restconf_media media_out) { clicon_debug(1, "%s request method:%s", __FUNCTION__, request_method); /* We are not implementing this method at this time, 20201105 despite it * being mandatory https://tools.ietf.org/html/rfc8527#section-3.1 */ return restconf_notimplemented(h, req, pretty, media_out); } /*! * See https://tools.ietf.org/html/rfc7895 * @param[in] pretty Pretty-print * @param[in] media_out Restconf output media */ static int api_yang_library_version(clicon_handle h, void *req, int pretty, restconf_media media_out) { int retval = -1; cxobj *xt = NULL; cbuf *cb = NULL; clicon_debug(1, "%s", __FUNCTION__); if (restconf_reply_header(req, "Content-Type", "%s", restconf_media_int2str(media_out)) < 0) goto done; if (restconf_reply_header(req, "Cache-Control", "no-cache") < 0) goto done; if (clixon_xml_parse_va(YB_NONE, NULL, &xt, NULL, "%s", IETF_YANG_LIBRARY_REVISION) < 0) goto done; if (xml_rootchild(xt, 0, &xt) < 0) goto done; if ((cb = cbuf_new()) == NULL){ clicon_err(OE_UNIX, errno, "cbuf_new"); goto done; } switch (media_out){ case YANG_DATA_XML: if (clicon_xml2cbuf(cb, xt, 0, pretty, -1) < 0) goto done; break; case YANG_DATA_JSON: if (xml2json_cbuf(cb, xt, pretty) < 0) goto done; break; default: break; } if (restconf_reply_send(req, 200, cb, 0) < 0) goto done; cb = NULL; retval = 0; done: if (cb) cbuf_free(cb); if (xt) xml_free(xt); return retval; } /*! Generic REST method, GET, PUT, DELETE, etc * @param[in] h CLIXON handle * @param[in] r Fastcgi request handle * @param[in] api_path According to restconf (Sec 3.5.1.1 in [draft]) * @param[in] pcvec Vector of path ie DOCUMENT_URI element * @param[in] pi Offset, where to start pcvec * @param[in] qvec Vector of query string (QUERY_STRING) * @param[in] pretty Set to 1 for pretty-printed xml/json output * @param[in] media_out Restconf output media * @param[in] ds 0 if "data" resource, 1 if rfc8527 "ds" resource */ static int api_data(clicon_handle h, void *req, char *api_path, cvec *pcvec, int pi, cvec *qvec, char *data, int pretty, restconf_media media_out, ietf_ds_t ds) { int retval = -1; int read_only = 0, dynamic = 0; char *request_method; cxobj *xerr = NULL; clicon_debug(1, "%s", __FUNCTION__); request_method = restconf_param_get(h, "REQUEST_METHOD"); clicon_debug(1, "%s method:%s", __FUNCTION__, request_method); /* https://tools.ietf.org/html/rfc8527#section-3.2 */ /* We assume that dynamic datastores are read only at this time 20201105 */ if (IETF_DS_DYNAMIC == ds) dynamic = 1; if ((IETF_DS_INTENDED == ds) || (IETF_DS_RUNNING == ds) || (IETF_DS_DYNAMIC == ds) || (IETF_DS_OPERATIONAL == ds)) { read_only = 1; } if (strcmp(request_method, "OPTIONS")==0) retval = api_data_options(h, req); else if (strcmp(request_method, "HEAD")==0) { if (dynamic) retval = restconf_method_notallowed(h, req, "GET,POST", pretty, media_out); else retval = api_data_head(h, req, api_path, pcvec, pi, qvec, pretty, media_out, ds); } else if (strcmp(request_method, "GET")==0) { retval = api_data_get(h, req, api_path, pcvec, pi, qvec, pretty, media_out, ds); } else if (strcmp(request_method, "POST")==0) { retval = api_data_post(h, req, api_path, pi, qvec, data, pretty, restconf_content_type(h), media_out, ds); } else if (strcmp(request_method, "PUT")==0) { if (read_only) retval = restconf_method_notallowed(h, req, "GET,POST", pretty, media_out); else retval = api_data_put(h, req, api_path, pcvec, pi, qvec, data, pretty, media_out, ds); } else if (strcmp(request_method, "PATCH")==0) { if (read_only) { retval = restconf_method_notallowed(h, req, "GET,POST", pretty, media_out); } retval = api_data_patch(h, req, api_path, pcvec, pi, qvec, data, pretty, media_out, ds); } else if (strcmp(request_method, "DELETE")==0) { if (read_only) retval = restconf_method_notallowed(h, req, "GET,POST", pretty, media_out); else retval = api_data_delete(h, req, api_path, pi, pretty, media_out, ds); } else{ if (netconf_invalid_value_xml(&xerr, "protocol", "Invalid HTTP data method") < 0) goto done; retval = api_return_err0(h, req, xerr, pretty, media_out, 0); } clicon_debug(1, "%s retval:%d", __FUNCTION__, retval); done: if (xerr) xml_free(xerr); return retval; } /*! Operations REST method, POST * @param[in] h CLIXON handle * @param[in] req Generic Www handle (can be part of clixon handle) * @param[in] request_method eg GET,... * @param[in] path According to restconf (Sec 3.5.1.1 in [draft]) * @param[in] pcvec Vector of path ie DOCUMENT_URI element * @param[in] pi Offset, where to start pcvec * @param[in] qvec Vector of query string (QUERY_STRING) * @param[in] data Stream input data * @param[in] media_out Output media */ static int api_operations(clicon_handle h, void *req, char *request_method, char *path, cvec *pcvec, int pi, cvec *qvec, char *data, int pretty, restconf_media media_out) { int retval = -1; cxobj *xerr = NULL; clicon_debug(1, "%s", __FUNCTION__); if (strcmp(request_method, "GET")==0) retval = api_operations_get(h, req, path, pi, qvec, data, pretty, media_out); else if (strcmp(request_method, "POST")==0) retval = api_operations_post(h, req, path, pi, qvec, data, pretty, media_out); else{ if (netconf_invalid_value_xml(&xerr, "protocol", "Invalid HTTP operations method") < 0) goto done; retval = api_return_err0(h, req, xerr, pretty, media_out, 0); } done: if (xerr) xml_free(xerr); return retval; } /*! Process a /restconf root input, this is the root of the restconf processing * @param[in] h Clicon handle * @param[in] req Generic Www handle (can be part of clixon handle) * @param[in] qvec Query parameters, ie the ?=&= stuff * @see api_root_restconf_exact for accessing /restconf/ exact */ int api_root_restconf(clicon_handle h, void *req, cvec *qvec) { int retval = -1; char *request_method = NULL; /* GET,.. */ char *api_resource = NULL; /* RFC8040 3.3: eg data/operations */ char *path = NULL; char **pvec = NULL; cvec *pcvec = NULL; /* for rest api */ int pn; int pretty; cbuf *cb = NULL; char *media_str = NULL; restconf_media media_out = YANG_DATA_JSON; char *indata = NULL; char *username = NULL; int ret; cxobj *xerr = NULL; clicon_debug(1, "%s", __FUNCTION__); if (req == NULL){ errno = EINVAL; goto done; } request_method = restconf_param_get(h, "REQUEST_METHOD"); if ((path = restconf_uripath(h)) == NULL) goto done; /* XXX see restconf_config_init access directly */ pretty = clicon_option_bool(h, "CLICON_RESTCONF_PRETTY"); /* Get media for output (proactive negotiation) RFC7231 by using * Accept:. This is for methods that have output, such as GET, * operation POST, etc * If accept is * default is yang-json */ if ((media_str = restconf_param_get(h, "HTTP_ACCEPT")) == NULL){ #if 0 /* Use default +json */ if (restconf_not_acceptable(h, r, pretty, media_out) < 0) goto done; goto ok; #endif } else if ((int)(media_out = restconf_media_str2int(media_str)) == -1){ if (strcmp(media_str, "*/*") == 0) /* catch-all */ media_out = YANG_DATA_JSON; else{ if (restconf_not_acceptable(h, req, pretty, YANG_DATA_JSON) < 0) goto done; goto ok; } } clicon_debug(1, "%s ACCEPT: %s %s", __FUNCTION__, media_str, restconf_media_int2str(media_out)); if ((pvec = clicon_strsep(path, "/", &pn)) == NULL) goto done; /* Sanity check of path. Should be /restconf/ */ if (pn < 2){ if (netconf_invalid_value_xml(&xerr, "protocol", "Invalid path, /restconf/ expected") < 0) goto done; if (api_return_err0(h, req, xerr, pretty, media_out, 0) < 0) goto done; goto ok; } if (strlen(pvec[0]) != 0){ if (netconf_invalid_value_xml(&xerr, "protocol", "Invalid path, /restconf/ expected") < 0) goto done; if (api_return_err0(h, req, xerr, pretty, media_out, 0) < 0) goto done; goto ok; } if (strcmp(pvec[1], RESTCONF_API)){ if (netconf_invalid_value_xml(&xerr, "protocol", "Invalid path, /restconf/ expected") < 0) goto done; if (api_return_err0(h, req, xerr, pretty, media_out, 0) < 0) goto done; goto ok; } if (pn == 2){ retval = api_root_restconf_exact(h, req, request_method, pretty, media_out); goto done; } if ((api_resource = pvec[2]) == NULL){ if (netconf_invalid_value_xml(&xerr, "protocol", "Invalid path, /restconf/ expected") < 0) goto done; if (api_return_err0(h, req, xerr, pretty, media_out, 0) < 0) goto done; goto ok; } clicon_debug(1, "%s: api_resource=%s", __FUNCTION__, api_resource); if (uri_str2cvec(path, '/', '=', 1, &pcvec) < 0) /* rest url eg /album=ricky/foo */ goto done; /* data */ if ((cb = restconf_get_indata(req)) == NULL) /* XXX NYI ACTUALLY not always needed, do this later? */ goto done; indata = cbuf_get(cb); clicon_debug(1, "%s DATA=%s", __FUNCTION__, indata); /* If present, check credentials. See "plugin_credentials" in plugin * retvals: * -1 Error * 0 Not authenticated * 1 Authenticated * See RFC 8040 section 2.5 */ if ((ret = restconf_authentication_cb(h, req, pretty, media_out)) < 0) goto done; if (ret == 0) goto ok; if (strcmp(api_resource, "yang-library-version")==0){ if (api_yang_library_version(h, req, pretty, media_out) < 0) goto done; } else if (strcmp(api_resource, NETCONF_OUTPUT_DATA) == 0){ /* restconf, skip /api/data */ if (api_data(h, req, path, pcvec, 2, qvec, indata, pretty, media_out, IETF_DS_NONE) < 0) goto done; } else if (strcmp(api_resource, "ds") == 0) { /* We should really be getting the supported datastore types from the * application model, but at this time the datastore model of startup/ * running/cadidate is hardcoded into the clixon implementation. 20201104 */ ietf_ds_t ds = IETF_DS_NONE; if (4 > pn) { /* Malformed request, no "ietf-datastores:" component */ if (netconf_invalid_value_xml(&xerr, "protocol", "Invalid path, No ietf-datastores: component") < 0) goto done; if (api_return_err0(h, req, xerr, pretty, media_out, 0) < 0) goto done; goto ok; } /* Assign ds; See https://tools.ietf.org/html/rfc8342#section-7 */ if (0 == strcmp(pvec[3], "ietf-datastores:running")) ds = IETF_DS_RUNNING; else if (0 == strcmp(pvec[3], "ietf-datastores:candidate")) ds = IETF_DS_CANDIDATE; else if (0 == strcmp(pvec[3], "ietf-datastores:startup")) ds = IETF_DS_STARTUP; else if (0 == strcmp(pvec[3], "ietf-datastores:operational")) { /* See https://tools.ietf.org/html/rfc8527#section-3.1 * https://tools.ietf.org/html/rfc8342#section-5.3 */ if (0 > api_operational_state(h, req, request_method, pretty, media_out)) { goto done; } goto ok; } else { /* Malformed request, unsupported datastore type */ if (netconf_invalid_value_xml(&xerr, "protocol", "Unsupported datastore type") < 0) goto done; if (api_return_err0(h, req, xerr, pretty, media_out, 0) < 0) goto done; goto ok; } /* ds is assigned at this point */ if (0 > api_data(h, req, path, pcvec, 3, qvec, indata, pretty, media_out, ds)) goto done; } else if (strcmp(api_resource, "operations") == 0){ /* rpc */ if (api_operations(h, req, request_method, path, pcvec, 2, qvec, indata, pretty, media_out) < 0) goto done; } else{ if (netconf_invalid_value_xml(&xerr, "protocol", "API-resource type") < 0) goto done; if (api_return_err0(h, req, xerr, pretty, media_out, 0) < 0) goto done; goto ok; } ok: retval = 0; done: clicon_debug(1, "%s retval:%d", __FUNCTION__, retval); #ifdef WITH_RESTCONF_FCGI if (cb) cbuf_free(cb); #endif if (xerr) xml_free(xerr); if (username) free(username); if (pcvec) cvec_free(pcvec); if (pvec) free(pvec); if (path) free(path); return retval; }