blob: 59a7c0597fe64699103045d90817477e1a2716bf [file] [log] [blame]
Radek Krejci0935f412019-08-20 16:15:18 +02001/**
aPiecek023f83a2021-05-11 07:37:03 +02002 * @file nacm.c
Radek Krejci0935f412019-08-20 16:15:18 +02003 * @author Radek Krejci <rkrejci@cesnet.cz>
Michal Vasko193dacd2022-10-13 08:43:05 +02004 * @author Michal Vasko <mvasko@cesnet.cz>
Radek Krejci0935f412019-08-20 16:15:18 +02005 * @brief libyang extension plugin - NACM (RFC 6536)
6 *
Michal Vasko193dacd2022-10-13 08:43:05 +02007 * Copyright (c) 2019 - 2022 CESNET, z.s.p.o.
Radek Krejci0935f412019-08-20 16:15:18 +02008 *
9 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * https://opensource.org/licenses/BSD-3-Clause
14 */
Radek Krejci0935f412019-08-20 16:15:18 +020015
Radek Krejci883355a2021-03-11 11:54:41 +010016#include <stdint.h>
Radek Krejci0935f412019-08-20 16:15:18 +020017#include <stdlib.h>
Radek Krejci883355a2021-03-11 11:54:41 +010018#include <string.h>
Radek Krejci0935f412019-08-20 16:15:18 +020019
Michal Vasko193dacd2022-10-13 08:43:05 +020020#include "compat.h"
Radek Krejci883355a2021-03-11 11:54:41 +010021#include "libyang.h"
Radek Krejci0935f412019-08-20 16:15:18 +020022#include "plugins_exts.h"
Radek Krejci5f9a3672021-03-05 21:35:22 +010023
Michal Vaskof1ab44f2020-10-22 08:58:32 +020024struct nacm_dfs_arg {
Michal Vasko193dacd2022-10-13 08:43:05 +020025 struct lysc_ext_instance *ext;
Michal Vaskof1ab44f2020-10-22 08:58:32 +020026 struct lysc_node *parent;
27};
28
29/**
30 * @brief DFS callback implementation for inheriting the NACM extension.
31 */
32static LY_ERR
33nacm_inherit_clb(struct lysc_node *node, void *data, ly_bool *dfs_continue)
34{
Radek Krejci859a15a2021-03-05 20:56:59 +010035 LY_ERR ret;
Michal Vaskof1ab44f2020-10-22 08:58:32 +020036 struct nacm_dfs_arg *arg = data;
37 struct lysc_ext_instance *inherited;
38 LY_ARRAY_COUNT_TYPE u;
39
40 /* ignore the parent from which we inherit and input/output nodes */
41 if ((node != arg->parent) && !(node->nodetype & (LYS_INPUT | LYS_OUTPUT))) {
42 /* check that the node does not have its own NACM extension instance */
43 LY_ARRAY_FOR(node->exts, u) {
Michal Vasko193dacd2022-10-13 08:43:05 +020044 if (node->exts[u].def == arg->ext->def) {
Michal Vaskof1ab44f2020-10-22 08:58:32 +020045 /* the child already have its own NACM flag, so skip the subtree */
46 *dfs_continue = 1;
47 return LY_SUCCESS;
48 }
49 }
50
51 /* duplicate this one to inherit it to the child */
Radek Krejci859a15a2021-03-05 20:56:59 +010052 LY_ARRAY_NEW_GOTO(node->module->ctx, node->exts, inherited, ret, emem);
Michal Vaskof1ab44f2020-10-22 08:58:32 +020053
Michal Vasko193dacd2022-10-13 08:43:05 +020054 inherited->def = lysc_ext_dup(arg->ext->def);
Michal Vaskof1ab44f2020-10-22 08:58:32 +020055 inherited->parent = node;
Michal Vasko193dacd2022-10-13 08:43:05 +020056 inherited->parent_stmt = lyplg_ext_nodetype2stmt(node->nodetype);
57 if (arg->ext->argument) {
58 if ((ret = lydict_insert(node->module->ctx, arg->ext->argument, 0, &inherited->argument))) {
Radek Krejci859a15a2021-03-05 20:56:59 +010059 return ret;
60 }
Michal Vaskof1ab44f2020-10-22 08:58:32 +020061 }
62 /* TODO duplicate extension instances */
Michal Vasko193dacd2022-10-13 08:43:05 +020063 inherited->compiled = arg->ext->compiled;
Michal Vaskof1ab44f2020-10-22 08:58:32 +020064 }
65
66 return LY_SUCCESS;
Radek Krejci859a15a2021-03-05 20:56:59 +010067
68emem:
Michal Vasko193dacd2022-10-13 08:43:05 +020069 lyplg_ext_compile_log(NULL, arg->ext, LY_LLERR, LY_EMEM, "Memory allocation failed (%s()).", __func__);
Radek Krejci859a15a2021-03-05 20:56:59 +010070 return ret;
Michal Vaskof1ab44f2020-10-22 08:58:32 +020071}
72
Radek Krejci0935f412019-08-20 16:15:18 +020073/**
Michal Vasko193dacd2022-10-13 08:43:05 +020074 * @brief Parse NACM extension instances.
Radek Krejci0935f412019-08-20 16:15:18 +020075 *
Michal Vasko193dacd2022-10-13 08:43:05 +020076 * Implementation of ::lyplg_ext_parse_clb callback set as lyext_plugin::parse.
Radek Krejci0935f412019-08-20 16:15:18 +020077 */
Radek Krejci3e6632f2021-03-22 22:08:21 +010078static LY_ERR
Michal Vasko193dacd2022-10-13 08:43:05 +020079nacm_parse(struct lysp_ctx *pctx, struct lysp_ext_instance *ext)
Radek Krejci0935f412019-08-20 16:15:18 +020080{
Michal Vasko193dacd2022-10-13 08:43:05 +020081 struct lysp_node *parent = NULL;
Michal Vaskofd69e1d2020-07-03 11:57:17 +020082 LY_ARRAY_COUNT_TYPE u;
Radek Krejci0935f412019-08-20 16:15:18 +020083
84 /* check that the extension is instantiated at an allowed place - data node */
Michal Vasko193dacd2022-10-13 08:43:05 +020085 if (!(ext->parent_stmt & LY_STMT_NODE_MASK)) {
86 lyplg_ext_parse_log(pctx, ext, LY_LLWRN, 0, "Extension %s is allowed only in a data nodes, but it is placed in "
87 "\"%s\" statement.", ext->name, lyplg_ext_stmt2str(ext->parent_stmt));
Radek Krejci0bfc6f92021-02-09 13:13:13 +010088 return LY_ENOT;
Michal Vasko193dacd2022-10-13 08:43:05 +020089 }
90
91 parent = ext->parent;
92 if (!(parent->nodetype & (LYS_CONTAINER | LYS_LEAF | LYS_LEAFLIST | LYS_LIST | LYS_CHOICE | LYS_ANYDATA |
93 LYS_CASE | LYS_RPC | LYS_ACTION | LYS_NOTIF)) || (!strcmp(strchr(ext->name, ':') + 1, "default-deny-write") &&
94 (parent->nodetype & (LYS_RPC | LYS_ACTION | LYS_NOTIF)))) {
95 /* note LYS_AUGMENT and LYS_USES is not in the list since they are not present in the compiled tree. Instead, libyang
96 * passes all their extensions to their children nodes */
97 lyplg_ext_parse_log(pctx, ext, LY_LLWRN, 0, "Extension %s is not allowed in %s statement.", ext->name,
98 lys_nodetype2str(parent->nodetype));
99 return LY_ENOT;
Radek Krejci0935f412019-08-20 16:15:18 +0200100 }
101
102 /* check for duplication */
103 LY_ARRAY_FOR(parent->exts, u) {
Michal Vasko193dacd2022-10-13 08:43:05 +0200104 if ((&parent->exts[u] != ext) && parent->exts[u].record && (parent->exts[u].record->plugin.id == ext->record->plugin.id)) {
Radek Krejci0935f412019-08-20 16:15:18 +0200105 /* duplication of a NACM extension on a single node
Radek Krejci3e6632f2021-03-22 22:08:21 +0100106 * We check for all NACM plugins since we want to catch even the situation that there is default-deny-all
Radek Krejci0935f412019-08-20 16:15:18 +0200107 * AND default-deny-write */
Michal Vasko193dacd2022-10-13 08:43:05 +0200108 if (parent->exts[u].name == ext->name) {
109 lyplg_ext_parse_log(pctx, ext, LY_LLERR, LY_EVALID, "Extension %s is instantiated multiple times.", ext->name);
Radek Krejci0935f412019-08-20 16:15:18 +0200110 } else {
Michal Vasko193dacd2022-10-13 08:43:05 +0200111 lyplg_ext_parse_log(pctx, ext, LY_LLERR, LY_EVALID,
Radek Krejci5f9a3672021-03-05 21:35:22 +0100112 "Extension nacm:default-deny-write is mixed with nacm:default-deny-all.");
Radek Krejci0935f412019-08-20 16:15:18 +0200113 }
114 return LY_EVALID;
115 }
116 }
117
Michal Vasko193dacd2022-10-13 08:43:05 +0200118 return LY_SUCCESS;
119}
Radek Krejci0935f412019-08-20 16:15:18 +0200120
Michal Vasko193dacd2022-10-13 08:43:05 +0200121/**
122 * @brief Compile NACM extension instances.
123 *
124 * Implementation of ::lyplg_ext_compile_clb callback set as lyext_plugin::compile.
125 */
126static LY_ERR
127nacm_compile(struct lysc_ctx *UNUSED(cctx), const struct lysp_ext_instance *UNUSED(extp), struct lysc_ext_instance *ext)
128{
129 struct nacm_dfs_arg dfs_arg;
130
131 static const uint8_t nacm_deny_all = 1;
132 static const uint8_t nacm_deny_write = 2;
133
134 /* store the NACM flag */
135 if (!strcmp(ext->def->name, "default-deny-write")) {
136 ext->compiled = (void *)&nacm_deny_write;
137 } else if (!strcmp(ext->def->name, "default-deny-all")) {
138 ext->compiled = (void *)&nacm_deny_all;
139 } else {
140 return LY_EINT;
141 }
142
143 /* inherit the extension instance to all the children nodes */
144 dfs_arg.ext = ext;
145 dfs_arg.parent = ext->parent;
146 return lysc_tree_dfs_full(ext->parent, nacm_inherit_clb, &dfs_arg);
Radek Krejci0935f412019-08-20 16:15:18 +0200147}
148
Radek Krejci0935f412019-08-20 16:15:18 +0200149/**
Radek Krejci3e6632f2021-03-22 22:08:21 +0100150 * @brief Plugin descriptions for the NACM's default-deny-write and default-deny-all extensions
Radek Krejcia6f61e72021-03-24 21:00:19 +0100151 *
152 * Note that external plugins are supposed to use:
153 *
154 * LYPLG_EXTENSIONS = {
Radek Krejci0935f412019-08-20 16:15:18 +0200155 */
Radek Krejci3e6632f2021-03-22 22:08:21 +0100156const struct lyplg_ext_record plugins_nacm[] = {
157 {
158 .module = "ietf-netconf-acm",
159 .revision = "2012-02-22",
160 .name = "default-deny-write",
161
Michal Vasko193dacd2022-10-13 08:43:05 +0200162 .plugin.id = "ly2 NACM v1",
163 .plugin.parse = nacm_parse,
164 .plugin.compile = nacm_compile,
Michal Vasko941e0562022-10-18 10:35:00 +0200165 .plugin.printer_info = NULL,
Michal Vasko135719f2022-08-25 12:18:17 +0200166 .plugin.node = NULL,
Michal Vasko8cc3f662022-03-29 11:25:51 +0200167 .plugin.snode = NULL,
Michal Vasko193dacd2022-10-13 08:43:05 +0200168 .plugin.validate = NULL,
169 .plugin.pfree = NULL,
170 .plugin.cfree = NULL
Radek Krejci3e6632f2021-03-22 22:08:21 +0100171 }, {
172 .module = "ietf-netconf-acm",
173 .revision = "2018-02-14",
174 .name = "default-deny-write",
175
Michal Vasko193dacd2022-10-13 08:43:05 +0200176 .plugin.id = "ly2 NACM v1",
177 .plugin.parse = nacm_parse,
178 .plugin.compile = nacm_compile,
Michal Vasko941e0562022-10-18 10:35:00 +0200179 .plugin.printer_info = NULL,
Michal Vasko135719f2022-08-25 12:18:17 +0200180 .plugin.node = NULL,
Michal Vasko8cc3f662022-03-29 11:25:51 +0200181 .plugin.snode = NULL,
Michal Vasko193dacd2022-10-13 08:43:05 +0200182 .plugin.validate = NULL,
183 .plugin.pfree = NULL,
184 .plugin.cfree = NULL
Radek Krejci3e6632f2021-03-22 22:08:21 +0100185 }, {
186 .module = "ietf-netconf-acm",
187 .revision = "2012-02-22",
188 .name = "default-deny-all",
189
Michal Vasko193dacd2022-10-13 08:43:05 +0200190 .plugin.id = "ly2 NACM v1",
191 .plugin.parse = nacm_parse,
192 .plugin.compile = nacm_compile,
Michal Vasko941e0562022-10-18 10:35:00 +0200193 .plugin.printer_info = NULL,
Michal Vasko135719f2022-08-25 12:18:17 +0200194 .plugin.node = NULL,
Michal Vasko8cc3f662022-03-29 11:25:51 +0200195 .plugin.snode = NULL,
Michal Vasko193dacd2022-10-13 08:43:05 +0200196 .plugin.validate = NULL,
197 .plugin.pfree = NULL,
198 .plugin.cfree = NULL
Radek Krejci3e6632f2021-03-22 22:08:21 +0100199 }, {
200 .module = "ietf-netconf-acm",
201 .revision = "2018-02-14",
202 .name = "default-deny-all",
203
Michal Vasko193dacd2022-10-13 08:43:05 +0200204 .plugin.id = "ly2 NACM v1",
205 .plugin.parse = nacm_parse,
206 .plugin.compile = nacm_compile,
Michal Vasko941e0562022-10-18 10:35:00 +0200207 .plugin.printer_info = NULL,
Michal Vasko135719f2022-08-25 12:18:17 +0200208 .plugin.node = NULL,
Michal Vasko8cc3f662022-03-29 11:25:51 +0200209 .plugin.snode = NULL,
Michal Vasko193dacd2022-10-13 08:43:05 +0200210 .plugin.validate = NULL,
211 .plugin.pfree = NULL,
212 .plugin.cfree = NULL
Radek Krejci3e6632f2021-03-22 22:08:21 +0100213 },
214 {0} /* terminating zeroed item */
Radek Krejci0935f412019-08-20 16:15:18 +0200215};