Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 1 | /** |
| 2 | * @file plugins_exts_nacm.c |
| 3 | * @author Radek Krejci <rkrejci@cesnet.cz> |
| 4 | * @brief libyang extension plugin - NACM (RFC 6536) |
| 5 | * |
| 6 | * Copyright (c) 2019 CESNET, z.s.p.o. |
| 7 | * |
| 8 | * This source code is licensed under BSD 3-Clause License (the "License"). |
| 9 | * You may not use this file except in compliance with the License. |
| 10 | * You may obtain a copy of the License at |
| 11 | * |
| 12 | * https://opensource.org/licenses/BSD-3-Clause |
| 13 | */ |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 14 | |
| 15 | #include <stdlib.h> |
| 16 | |
| 17 | #include "plugins_exts.h" |
Radek Krejci | 859a15a | 2021-03-05 20:56:59 +0100 | [diff] [blame] | 18 | #include "tree_edit.h" |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 19 | #include "tree_schema.h" |
| 20 | |
| 21 | /** |
| 22 | * @brief Storage for ID used to check plugin API version compatibility. |
| 23 | * Ignored here in the internal plugin. |
| 24 | LYEXT_VERSION_CHECK |
| 25 | */ |
| 26 | |
Michal Vasko | f1ab44f | 2020-10-22 08:58:32 +0200 | [diff] [blame] | 27 | struct nacm_dfs_arg { |
| 28 | struct lysc_ext_instance *c_ext; |
| 29 | struct lysc_node *parent; |
| 30 | }; |
| 31 | |
| 32 | /** |
| 33 | * @brief DFS callback implementation for inheriting the NACM extension. |
| 34 | */ |
| 35 | static LY_ERR |
| 36 | nacm_inherit_clb(struct lysc_node *node, void *data, ly_bool *dfs_continue) |
| 37 | { |
Radek Krejci | 859a15a | 2021-03-05 20:56:59 +0100 | [diff] [blame] | 38 | LY_ERR ret; |
Michal Vasko | f1ab44f | 2020-10-22 08:58:32 +0200 | [diff] [blame] | 39 | struct nacm_dfs_arg *arg = data; |
| 40 | struct lysc_ext_instance *inherited; |
| 41 | LY_ARRAY_COUNT_TYPE u; |
| 42 | |
| 43 | /* ignore the parent from which we inherit and input/output nodes */ |
| 44 | if ((node != arg->parent) && !(node->nodetype & (LYS_INPUT | LYS_OUTPUT))) { |
| 45 | /* check that the node does not have its own NACM extension instance */ |
| 46 | LY_ARRAY_FOR(node->exts, u) { |
| 47 | if (node->exts[u].def == arg->c_ext->def) { |
| 48 | /* the child already have its own NACM flag, so skip the subtree */ |
| 49 | *dfs_continue = 1; |
| 50 | return LY_SUCCESS; |
| 51 | } |
| 52 | } |
| 53 | |
| 54 | /* duplicate this one to inherit it to the child */ |
Radek Krejci | 859a15a | 2021-03-05 20:56:59 +0100 | [diff] [blame] | 55 | LY_ARRAY_NEW_GOTO(node->module->ctx, node->exts, inherited, ret, emem); |
Michal Vasko | f1ab44f | 2020-10-22 08:58:32 +0200 | [diff] [blame] | 56 | |
| 57 | inherited->def = lysc_ext_dup(arg->c_ext->def); |
| 58 | inherited->parent = node; |
Radek Krejci | ab43086 | 2021-03-02 20:13:40 +0100 | [diff] [blame] | 59 | inherited->parent_stmt = lys_nodetype2stmt(node->nodetype); |
Michal Vasko | f1ab44f | 2020-10-22 08:58:32 +0200 | [diff] [blame] | 60 | if (arg->c_ext->argument) { |
Radek Krejci | 859a15a | 2021-03-05 20:56:59 +0100 | [diff] [blame] | 61 | LY_ERR ret; |
| 62 | |
| 63 | if ((ret = lydict_insert(node->module->ctx, arg->c_ext->argument, strlen(arg->c_ext->argument), |
| 64 | &inherited->argument))) { |
| 65 | return ret; |
| 66 | } |
Michal Vasko | f1ab44f | 2020-10-22 08:58:32 +0200 | [diff] [blame] | 67 | } |
| 68 | /* TODO duplicate extension instances */ |
| 69 | inherited->data = arg->c_ext->data; |
| 70 | } |
| 71 | |
| 72 | return LY_SUCCESS; |
Radek Krejci | 859a15a | 2021-03-05 20:56:59 +0100 | [diff] [blame] | 73 | |
| 74 | emem: |
| 75 | lyext_log(arg->c_ext, LY_LLERR, LY_EMEM, NULL, "Memory allocation failed (%s()).", __func__); |
| 76 | return ret; |
Michal Vasko | f1ab44f | 2020-10-22 08:58:32 +0200 | [diff] [blame] | 77 | } |
| 78 | |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 79 | /** |
| 80 | * @brief Compile NAMC's extension instances. |
| 81 | * |
| 82 | * Implementation of lyext_clb_compile callback set as lyext_plugin::compile. |
| 83 | */ |
| 84 | LY_ERR |
| 85 | nacm_compile(struct lysc_ctx *cctx, const struct lysp_ext_instance *p_ext, struct lysc_ext_instance *c_ext) |
| 86 | { |
Radek Krejci | 859a15a | 2021-03-05 20:56:59 +0100 | [diff] [blame] | 87 | LY_ERR ret; |
Michal Vasko | f1ab44f | 2020-10-22 08:58:32 +0200 | [diff] [blame] | 88 | struct lysc_node *parent = NULL; |
Michal Vasko | fd69e1d | 2020-07-03 11:57:17 +0200 | [diff] [blame] | 89 | LY_ARRAY_COUNT_TYPE u; |
Michal Vasko | f1ab44f | 2020-10-22 08:58:32 +0200 | [diff] [blame] | 90 | struct nacm_dfs_arg dfs_arg; |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 91 | |
| 92 | static const uint8_t nacm_deny_all = 1; |
| 93 | static const uint8_t nacm_deny_write = 2; |
| 94 | |
| 95 | /* store the NACM flag */ |
| 96 | if (!strcmp(c_ext->def->name, "default-deny-write")) { |
Michal Vasko | 22df3f0 | 2020-08-24 13:29:22 +0200 | [diff] [blame] | 97 | c_ext->data = (void *)&nacm_deny_write; |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 98 | } else if (!strcmp(c_ext->def->name, "default-deny-all")) { |
Michal Vasko | 22df3f0 | 2020-08-24 13:29:22 +0200 | [diff] [blame] | 99 | c_ext->data = (void *)&nacm_deny_all; |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 100 | } else { |
| 101 | return LY_EINT; |
| 102 | } |
| 103 | |
| 104 | /* check that the extension is instantiated at an allowed place - data node */ |
Radek Krejci | ab43086 | 2021-03-02 20:13:40 +0100 | [diff] [blame] | 105 | if (!LY_STMT_IS_NODE(c_ext->parent_stmt)) { |
Radek Krejci | 0bfc6f9 | 2021-02-09 13:13:13 +0100 | [diff] [blame] | 106 | lyext_log(c_ext, LY_LLWRN, 0, cctx->path, "Extension %s is allowed only in a data nodes, but it is placed in \"%s\" statement.", |
Radek Krejci | ab43086 | 2021-03-02 20:13:40 +0100 | [diff] [blame] | 107 | p_ext->name, ly_stmt2str(c_ext->parent_stmt)); |
Radek Krejci | 0bfc6f9 | 2021-02-09 13:13:13 +0100 | [diff] [blame] | 108 | return LY_ENOT; |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 109 | } else { |
Michal Vasko | 22df3f0 | 2020-08-24 13:29:22 +0200 | [diff] [blame] | 110 | parent = (struct lysc_node *)c_ext->parent; |
Michal Vasko | 6973015 | 2020-10-09 16:30:07 +0200 | [diff] [blame] | 111 | if (!(parent->nodetype & (LYS_CONTAINER | LYS_LEAF | LYS_LEAFLIST | LYS_LIST | LYS_CHOICE | LYS_ANYDATA | |
| 112 | LYS_CASE | LYS_RPC | LYS_ACTION | LYS_NOTIF))) { |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 113 | /* note LYS_AUGMENT and LYS_USES is not in the list since they are not present in the compiled tree. Instead, libyang |
| 114 | * passes all their extensions to their children nodes */ |
| 115 | invalid_parent: |
Radek Krejci | 0bfc6f9 | 2021-02-09 13:13:13 +0100 | [diff] [blame] | 116 | lyext_log(c_ext, LY_LLWRN, 0, cctx->path, |
Michal Vasko | 6973015 | 2020-10-09 16:30:07 +0200 | [diff] [blame] | 117 | "Extension %s is not allowed in %s statement.", p_ext->name, lys_nodetype2str(parent->nodetype)); |
Radek Krejci | 0bfc6f9 | 2021-02-09 13:13:13 +0100 | [diff] [blame] | 118 | return LY_ENOT; |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 119 | } |
Michal Vasko | 6973015 | 2020-10-09 16:30:07 +0200 | [diff] [blame] | 120 | if ((c_ext->data == (void *)&nacm_deny_write) && (parent->nodetype & (LYS_RPC | LYS_ACTION | LYS_NOTIF))) { |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 121 | goto invalid_parent; |
| 122 | } |
| 123 | } |
| 124 | |
| 125 | /* check for duplication */ |
| 126 | LY_ARRAY_FOR(parent->exts, u) { |
Michal Vasko | 6973015 | 2020-10-09 16:30:07 +0200 | [diff] [blame] | 127 | if ((&parent->exts[u] != c_ext) && (parent->exts[u].def->plugin == c_ext->def->plugin)) { |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 128 | /* duplication of a NACM extension on a single node |
| 129 | * We check plugin since we want to catch even the situation that there is default-deny-all |
| 130 | * AND default-deny-write */ |
| 131 | if (parent->exts[u].def == c_ext->def) { |
| 132 | lyext_log(c_ext, LY_LLERR, LY_EVALID, cctx->path, "Extension %s is instantiated multiple times.", p_ext->name); |
| 133 | } else { |
| 134 | lyext_log(c_ext, LY_LLERR, LY_EVALID, cctx->path, "Extension nacm:default-deny-write is mixed with nacm:default-deny-all."); |
| 135 | } |
| 136 | return LY_EVALID; |
| 137 | } |
| 138 | } |
| 139 | |
| 140 | /* inherit the extension instance to all the children nodes */ |
Michal Vasko | f1ab44f | 2020-10-22 08:58:32 +0200 | [diff] [blame] | 141 | dfs_arg.c_ext = c_ext; |
| 142 | dfs_arg.parent = parent; |
Radek Krejci | 859a15a | 2021-03-05 20:56:59 +0100 | [diff] [blame] | 143 | ret = lysc_tree_dfs_full(parent, nacm_inherit_clb, &dfs_arg); |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 144 | |
Radek Krejci | 859a15a | 2021-03-05 20:56:59 +0100 | [diff] [blame] | 145 | return ret; |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 146 | } |
| 147 | |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 148 | /** |
| 149 | * @brief Plugin for the NACM's default-deny-write and default-deny-all extensions |
| 150 | */ |
| 151 | struct lyext_plugin nacm_plugin = { |
| 152 | .id = "libyang 2 - NACM, version 1", |
| 153 | .compile = &nacm_compile, |
| 154 | .validate = NULL, |
Radek Krejci | adcf63d | 2021-02-09 10:21:18 +0100 | [diff] [blame] | 155 | .sprinter = NULL, |
Radek Krejci | 0935f41 | 2019-08-20 16:15:18 +0200 | [diff] [blame] | 156 | .free = NULL |
| 157 | }; |