diff options
Diffstat (limited to 'src/plugins_exts/nacm.c')
-rw-r--r-- | src/plugins_exts/nacm.c | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/src/plugins_exts/nacm.c b/src/plugins_exts/nacm.c new file mode 100644 index 0000000..5ab8daa --- /dev/null +++ b/src/plugins_exts/nacm.c @@ -0,0 +1,223 @@ +/** + * @file nacm.c + * @author Radek Krejci <rkrejci@cesnet.cz> + * @author Michal Vasko <mvasko@cesnet.cz> + * @brief libyang extension plugin - NACM (RFC 6536) + * + * Copyright (c) 2019 - 2022 CESNET, z.s.p.o. + * + * This source code is licensed under BSD 3-Clause License (the "License"). + * You may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://opensource.org/licenses/BSD-3-Clause + */ + +#include <stdint.h> +#include <stdlib.h> +#include <string.h> + +#include "compat.h" +#include "libyang.h" +#include "plugins_exts.h" + +struct nacm_dfs_arg { + struct lysc_ext_instance *ext; + struct lysc_node *parent; +}; + +/** + * @brief DFS callback implementation for inheriting the NACM extension. + */ +static LY_ERR +nacm_inherit_clb(struct lysc_node *node, void *data, ly_bool *dfs_continue) +{ + LY_ERR ret; + struct nacm_dfs_arg *arg = data; + struct lysc_ext_instance *inherited; + LY_ARRAY_COUNT_TYPE u; + + /* ignore the parent from which we inherit and input/output nodes */ + if ((node != arg->parent) && !(node->nodetype & (LYS_INPUT | LYS_OUTPUT))) { + /* check that the node does not have its own NACM extension instance */ + LY_ARRAY_FOR(node->exts, u) { + if (node->exts[u].def == arg->ext->def) { + /* the child already have its own NACM flag, so skip the subtree */ + *dfs_continue = 1; + return LY_SUCCESS; + } + } + + /* duplicate this one to inherit it to the child */ + LY_ARRAY_NEW_GOTO(node->module->ctx, node->exts, inherited, ret, emem); + + inherited->def = arg->ext->def; + inherited->parent = node; + inherited->parent_stmt = lyplg_ext_nodetype2stmt(node->nodetype); + if (arg->ext->argument) { + if ((ret = lydict_insert(node->module->ctx, arg->ext->argument, 0, &inherited->argument))) { + return ret; + } + } + /* copy the pointer to the static variables */ + inherited->compiled = arg->ext->compiled; + } + + return LY_SUCCESS; + +emem: + lyplg_ext_compile_log(NULL, arg->ext, LY_LLERR, LY_EMEM, "Memory allocation failed (%s()).", __func__); + return ret; +} + +/** + * @brief Parse NACM extension instances. + * + * Implementation of ::lyplg_ext_parse_clb callback set as lyext_plugin::parse. + */ +static LY_ERR +nacm_parse(struct lysp_ctx *pctx, struct lysp_ext_instance *ext) +{ + struct lysp_node *parent = NULL; + LY_ARRAY_COUNT_TYPE u; + + /* check that the extension is instantiated at an allowed place - data node */ + if (!(ext->parent_stmt & LY_STMT_NODE_MASK)) { + lyplg_ext_parse_log(pctx, ext, LY_LLWRN, 0, "Extension %s is allowed only in a data nodes, but it is placed in " + "\"%s\" statement.", ext->name, lyplg_ext_stmt2str(ext->parent_stmt)); + return LY_ENOT; + } + + parent = ext->parent; + if (!(parent->nodetype & (LYS_CONTAINER | LYS_LEAF | LYS_LEAFLIST | LYS_LIST | LYS_CHOICE | LYS_ANYDATA | + LYS_CASE | LYS_RPC | LYS_ACTION | LYS_NOTIF)) || (!strcmp(strchr(ext->name, ':') + 1, "default-deny-write") && + (parent->nodetype & (LYS_RPC | LYS_ACTION | LYS_NOTIF)))) { + /* note LYS_AUGMENT and LYS_USES is not in the list since they are not present in the compiled tree. Instead, libyang + * passes all their extensions to their children nodes */ + lyplg_ext_parse_log(pctx, ext, LY_LLWRN, 0, "Extension %s is not allowed in %s statement.", ext->name, + lys_nodetype2str(parent->nodetype)); + return LY_ENOT; + } + + /* check for duplication */ + LY_ARRAY_FOR(parent->exts, u) { + if ((&parent->exts[u] != ext) && parent->exts[u].record && (parent->exts[u].record->plugin.id == ext->record->plugin.id)) { + /* duplication of a NACM extension on a single node + * We check for all NACM plugins since we want to catch even the situation that there is default-deny-all + * AND default-deny-write */ + if (parent->exts[u].name == ext->name) { + lyplg_ext_parse_log(pctx, ext, LY_LLERR, LY_EVALID, "Extension %s is instantiated multiple times.", ext->name); + } else { + lyplg_ext_parse_log(pctx, ext, LY_LLERR, LY_EVALID, + "Extension nacm:default-deny-write is mixed with nacm:default-deny-all."); + } + return LY_EVALID; + } + } + + return LY_SUCCESS; +} + +/** + * @brief Compile NACM extension instances. + * + * Implementation of ::lyplg_ext_compile_clb callback set as lyext_plugin::compile. + */ +static LY_ERR +nacm_compile(struct lysc_ctx *UNUSED(cctx), const struct lysp_ext_instance *UNUSED(extp), struct lysc_ext_instance *ext) +{ + struct nacm_dfs_arg dfs_arg; + + static const uint8_t nacm_deny_all = 1; + static const uint8_t nacm_deny_write = 2; + + /* store the NACM flag */ + if (!strcmp(ext->def->name, "default-deny-write")) { + ext->compiled = (void *)&nacm_deny_write; + } else if (!strcmp(ext->def->name, "default-deny-all")) { + ext->compiled = (void *)&nacm_deny_all; + } else { + return LY_EINT; + } + + /* inherit the extension instance to all the children nodes */ + dfs_arg.ext = ext; + dfs_arg.parent = ext->parent; + return lysc_tree_dfs_full(ext->parent, nacm_inherit_clb, &dfs_arg); +} + +/** + * @brief Plugin descriptions for the NACM's default-deny-write and default-deny-all extensions + * + * Note that external plugins are supposed to use: + * + * LYPLG_EXTENSIONS = { + */ +const struct lyplg_ext_record plugins_nacm[] = { + { + .module = "ietf-netconf-acm", + .revision = "2012-02-22", + .name = "default-deny-write", + + .plugin.id = "ly2 NACM v1", + .plugin.parse = nacm_parse, + .plugin.compile = nacm_compile, + .plugin.printer_info = NULL, + .plugin.printer_ctree = NULL, + .plugin.printer_ptree = NULL, + .plugin.node = NULL, + .plugin.snode = NULL, + .plugin.validate = NULL, + .plugin.pfree = NULL, + .plugin.cfree = NULL + }, { + .module = "ietf-netconf-acm", + .revision = "2018-02-14", + .name = "default-deny-write", + + .plugin.id = "ly2 NACM v1", + .plugin.parse = nacm_parse, + .plugin.compile = nacm_compile, + .plugin.printer_info = NULL, + .plugin.printer_ctree = NULL, + .plugin.printer_ptree = NULL, + .plugin.node = NULL, + .plugin.snode = NULL, + .plugin.validate = NULL, + .plugin.pfree = NULL, + .plugin.cfree = NULL + }, { + .module = "ietf-netconf-acm", + .revision = "2012-02-22", + .name = "default-deny-all", + + .plugin.id = "ly2 NACM v1", + .plugin.parse = nacm_parse, + .plugin.compile = nacm_compile, + .plugin.printer_info = NULL, + .plugin.printer_ctree = NULL, + .plugin.printer_ptree = NULL, + .plugin.node = NULL, + .plugin.snode = NULL, + .plugin.validate = NULL, + .plugin.pfree = NULL, + .plugin.cfree = NULL + }, { + .module = "ietf-netconf-acm", + .revision = "2018-02-14", + .name = "default-deny-all", + + .plugin.id = "ly2 NACM v1", + .plugin.parse = nacm_parse, + .plugin.compile = nacm_compile, + .plugin.printer_info = NULL, + .plugin.printer_ctree = NULL, + .plugin.printer_ptree = NULL, + .plugin.node = NULL, + .plugin.snode = NULL, + .plugin.validate = NULL, + .plugin.pfree = NULL, + .plugin.cfree = NULL + }, + {0} /* terminating zeroed item */ +}; |