blob: 460ca75f4056ce8f5e2c28f828f0ef2cd78e88df [file] [log] [blame]
Radek Krejci0935f412019-08-20 16:15:18 +02001/**
2 * @file plugins_exts_nacm.c
3 * @author Radek Krejci <rkrejci@cesnet.cz>
4 * @brief libyang extension plugin - NACM (RFC 6536)
5 *
6 * Copyright (c) 2019 CESNET, z.s.p.o.
7 *
8 * This source code is licensed under BSD 3-Clause License (the "License").
9 * You may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * https://opensource.org/licenses/BSD-3-Clause
13 */
14#include "common.h"
15
16#include <stdlib.h>
17
18#include "plugins_exts.h"
19#include "tree_schema.h"
20
21/**
22 * @brief Storage for ID used to check plugin API version compatibility.
23 * Ignored here in the internal plugin.
24LYEXT_VERSION_CHECK
25 */
26
Michal Vaskof1ab44f2020-10-22 08:58:32 +020027struct nacm_dfs_arg {
28 struct lysc_ext_instance *c_ext;
29 struct lysc_node *parent;
30};
31
32/**
33 * @brief DFS callback implementation for inheriting the NACM extension.
34 */
35static LY_ERR
36nacm_inherit_clb(struct lysc_node *node, void *data, ly_bool *dfs_continue)
37{
38 struct nacm_dfs_arg *arg = data;
39 struct lysc_ext_instance *inherited;
40 LY_ARRAY_COUNT_TYPE u;
41
42 /* ignore the parent from which we inherit and input/output nodes */
43 if ((node != arg->parent) && !(node->nodetype & (LYS_INPUT | LYS_OUTPUT))) {
44 /* check that the node does not have its own NACM extension instance */
45 LY_ARRAY_FOR(node->exts, u) {
46 if (node->exts[u].def == arg->c_ext->def) {
47 /* the child already have its own NACM flag, so skip the subtree */
48 *dfs_continue = 1;
49 return LY_SUCCESS;
50 }
51 }
52
53 /* duplicate this one to inherit it to the child */
54 LY_ARRAY_NEW_RET(node->module->ctx, node->exts, inherited, LY_EMEM);
55
56 inherited->def = lysc_ext_dup(arg->c_ext->def);
57 inherited->parent = node;
58 inherited->parent_type = LYEXT_PAR_NODE;
59 if (arg->c_ext->argument) {
60 LY_CHECK_RET(lydict_insert(node->module->ctx, arg->c_ext->argument, strlen(arg->c_ext->argument),
61 &inherited->argument));
62 }
63 /* TODO duplicate extension instances */
64 inherited->data = arg->c_ext->data;
65 }
66
67 return LY_SUCCESS;
68}
69
Radek Krejci0935f412019-08-20 16:15:18 +020070/**
71 * @brief Compile NAMC's extension instances.
72 *
73 * Implementation of lyext_clb_compile callback set as lyext_plugin::compile.
74 */
75LY_ERR
76nacm_compile(struct lysc_ctx *cctx, const struct lysp_ext_instance *p_ext, struct lysc_ext_instance *c_ext)
77{
Michal Vaskof1ab44f2020-10-22 08:58:32 +020078 struct lysc_node *parent = NULL;
Michal Vaskofd69e1d2020-07-03 11:57:17 +020079 LY_ARRAY_COUNT_TYPE u;
Michal Vaskof1ab44f2020-10-22 08:58:32 +020080 struct nacm_dfs_arg dfs_arg;
Radek Krejci0935f412019-08-20 16:15:18 +020081
82 static const uint8_t nacm_deny_all = 1;
83 static const uint8_t nacm_deny_write = 2;
84
85 /* store the NACM flag */
86 if (!strcmp(c_ext->def->name, "default-deny-write")) {
Michal Vasko22df3f02020-08-24 13:29:22 +020087 c_ext->data = (void *)&nacm_deny_write;
Radek Krejci0935f412019-08-20 16:15:18 +020088 } else if (!strcmp(c_ext->def->name, "default-deny-all")) {
Michal Vasko22df3f02020-08-24 13:29:22 +020089 c_ext->data = (void *)&nacm_deny_all;
Radek Krejci0935f412019-08-20 16:15:18 +020090 } else {
91 return LY_EINT;
92 }
93
94 /* check that the extension is instantiated at an allowed place - data node */
95 if (c_ext->parent_type != LYEXT_PAR_NODE) {
Radek Krejci0bfc6f92021-02-09 13:13:13 +010096 lyext_log(c_ext, LY_LLWRN, 0, cctx->path, "Extension %s is allowed only in a data nodes, but it is placed in \"%s\" statement.",
Michal Vasko69730152020-10-09 16:30:07 +020097 p_ext->name, lyext_parent2str(c_ext->parent_type));
Radek Krejci0bfc6f92021-02-09 13:13:13 +010098 return LY_ENOT;
Radek Krejci0935f412019-08-20 16:15:18 +020099 } else {
Michal Vasko22df3f02020-08-24 13:29:22 +0200100 parent = (struct lysc_node *)c_ext->parent;
Michal Vasko69730152020-10-09 16:30:07 +0200101 if (!(parent->nodetype & (LYS_CONTAINER | LYS_LEAF | LYS_LEAFLIST | LYS_LIST | LYS_CHOICE | LYS_ANYDATA |
102 LYS_CASE | LYS_RPC | LYS_ACTION | LYS_NOTIF))) {
Radek Krejci0935f412019-08-20 16:15:18 +0200103 /* note LYS_AUGMENT and LYS_USES is not in the list since they are not present in the compiled tree. Instead, libyang
104 * passes all their extensions to their children nodes */
105invalid_parent:
Radek Krejci0bfc6f92021-02-09 13:13:13 +0100106 lyext_log(c_ext, LY_LLWRN, 0, cctx->path,
Michal Vasko69730152020-10-09 16:30:07 +0200107 "Extension %s is not allowed in %s statement.", p_ext->name, lys_nodetype2str(parent->nodetype));
Radek Krejci0bfc6f92021-02-09 13:13:13 +0100108 return LY_ENOT;
Radek Krejci0935f412019-08-20 16:15:18 +0200109 }
Michal Vasko69730152020-10-09 16:30:07 +0200110 if ((c_ext->data == (void *)&nacm_deny_write) && (parent->nodetype & (LYS_RPC | LYS_ACTION | LYS_NOTIF))) {
Radek Krejci0935f412019-08-20 16:15:18 +0200111 goto invalid_parent;
112 }
113 }
114
115 /* check for duplication */
116 LY_ARRAY_FOR(parent->exts, u) {
Michal Vasko69730152020-10-09 16:30:07 +0200117 if ((&parent->exts[u] != c_ext) && (parent->exts[u].def->plugin == c_ext->def->plugin)) {
Radek Krejci0935f412019-08-20 16:15:18 +0200118 /* duplication of a NACM extension on a single node
119 * We check plugin since we want to catch even the situation that there is default-deny-all
120 * AND default-deny-write */
121 if (parent->exts[u].def == c_ext->def) {
122 lyext_log(c_ext, LY_LLERR, LY_EVALID, cctx->path, "Extension %s is instantiated multiple times.", p_ext->name);
123 } else {
124 lyext_log(c_ext, LY_LLERR, LY_EVALID, cctx->path, "Extension nacm:default-deny-write is mixed with nacm:default-deny-all.");
125 }
126 return LY_EVALID;
127 }
128 }
129
130 /* inherit the extension instance to all the children nodes */
Michal Vaskof1ab44f2020-10-22 08:58:32 +0200131 dfs_arg.c_ext = c_ext;
132 dfs_arg.parent = parent;
133 LY_CHECK_RET(lysc_tree_dfs_full(parent, nacm_inherit_clb, &dfs_arg));
Radek Krejci0935f412019-08-20 16:15:18 +0200134
135 return LY_SUCCESS;
136}
137
Radek Krejci0935f412019-08-20 16:15:18 +0200138/**
139 * @brief Plugin for the NACM's default-deny-write and default-deny-all extensions
140 */
141struct lyext_plugin nacm_plugin = {
142 .id = "libyang 2 - NACM, version 1",
143 .compile = &nacm_compile,
144 .validate = NULL,
Radek Krejciadcf63d2021-02-09 10:21:18 +0100145 .sprinter = NULL,
Radek Krejci0935f412019-08-20 16:15:18 +0200146 .free = NULL
147};