/src/libyang/src/plugins_exts/nacm.c

Source
/**
 * @file nacm.c
 * @author Radek Krejci <rkrejci@cesnet.cz>
 * @brief libyang extension plugin - NACM (RFC 6536)
 *
 * Copyright (c) 2019 CESNET, z.s.p.o.
 *
 * This source code is licensed under BSD 3-Clause License (the "License").
 * You may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://opensource.org/licenses/BSD-3-Clause
 */

#include <stdint.h>
#include <stdlib.h>
#include <string.h>

#include "libyang.h"
#include "plugins_exts.h"

struct nacm_dfs_arg {
    struct lysc_ext_instance *c_ext;
    struct lysc_node *parent;
};

/**
 * @brief DFS callback implementation for inheriting the NACM extension.
 */
static LY_ERR
nacm_inherit_clb(struct lysc_node *node, void *data, ly_bool *dfs_continue)
{
    LY_ERR ret;
    struct nacm_dfs_arg *arg = data;
    struct lysc_ext_instance *inherited;
    LY_ARRAY_COUNT_TYPE u;

    /* ignore the parent from which we inherit and input/output nodes */
    if ((node != arg->parent) && !(node->nodetype & (LYS_INPUT | LYS_OUTPUT))) {
        /* check that the node does not have its own NACM extension instance */
        LY_ARRAY_FOR(node->exts, u) {
            if (node->exts[u].def == arg->c_ext->def) {
                /* the child already have its own NACM flag, so skip the subtree */
                *dfs_continue = 1;
                return LY_SUCCESS;
            }
        }

        /* duplicate this one to inherit it to the child */
        LY_ARRAY_NEW_GOTO(node->module->ctx, node->exts, inherited, ret, emem);

        inherited->def = lysc_ext_dup(arg->c_ext->def);
        inherited->parent = node;
        inherited->parent_stmt = lys_nodetype2stmt(node->nodetype);
        if (arg->c_ext->argument) {
            LY_ERR ret;

            if ((ret = lydict_insert(node->module->ctx, arg->c_ext->argument, strlen(arg->c_ext->argument),
                    &inherited->argument))) {
                return ret;
            }
        }
        /* TODO duplicate extension instances */
        inherited->data = arg->c_ext->data;
    }

    return LY_SUCCESS;

emem:
    lyplg_ext_log(arg->c_ext, LY_LLERR, LY_EMEM, NULL, "Memory allocation failed (%s()).", __func__);
    return ret;
}

/**
 * @brief Compile NAMC's extension instances.
 *
 * Implementation of ::lyplg_ext_compile_clb callback set as lyext_plugin::compile.
 */
static LY_ERR
nacm_compile(struct lysc_ctx *cctx, const struct lysp_ext_instance *p_ext, struct lysc_ext_instance *c_ext)
{
    LY_ERR ret;
    struct lysc_node *parent = NULL;
    LY_ARRAY_COUNT_TYPE u;
    struct nacm_dfs_arg dfs_arg;

    static const uint8_t nacm_deny_all = 1;
    static const uint8_t nacm_deny_write = 2;

    /* store the NACM flag */
    if (!strcmp(c_ext->def->name, "default-deny-write")) {
        c_ext->data = (void *)&nacm_deny_write;
    } else if (!strcmp(c_ext->def->name, "default-deny-all")) {
        c_ext->data = (void *)&nacm_deny_all;
    } else {
        return LY_EINT;
    }

    /* check that the extension is instantiated at an allowed place - data node */
    if (!LY_STMT_IS_NODE(c_ext->parent_stmt)) {
        lyplg_ext_log(c_ext, LY_LLWRN, 0, lysc_ctx_get_path(cctx),
                "Extension %s is allowed only in a data nodes, but it is placed in \"%s\" statement.",
                p_ext->name, ly_stmt2str(c_ext->parent_stmt));
        return LY_ENOT;
    } else {
        parent = (struct lysc_node *)c_ext->parent;
        if (!(parent->nodetype & (LYS_CONTAINER | LYS_LEAF | LYS_LEAFLIST | LYS_LIST | LYS_CHOICE | LYS_ANYDATA |
                LYS_CASE | LYS_RPC | LYS_ACTION | LYS_NOTIF))) {
            /* note LYS_AUGMENT and LYS_USES is not in the list since they are not present in the compiled tree. Instead, libyang
             * passes all their extensions to their children nodes */
invalid_parent:
            lyplg_ext_log(c_ext, LY_LLWRN, 0, lysc_ctx_get_path(cctx),
                    "Extension %s is not allowed in %s statement.", p_ext->name, lys_nodetype2str(parent->nodetype));
            return LY_ENOT;
        }
        if ((c_ext->data == (void *)&nacm_deny_write) && (parent->nodetype & (LYS_RPC | LYS_ACTION | LYS_NOTIF))) {
            goto invalid_parent;
        }
    }

    /* check for duplication */
    LY_ARRAY_FOR(parent->exts, u) {
        if ((&parent->exts[u] != c_ext) && (parent->exts[u].def->plugin->compile == c_ext->def->plugin->compile)) {
            /* duplication of a NACM extension on a single node
             * We check for all NACM plugins since we want to catch even the situation that there is default-deny-all
             * AND default-deny-write */
            if (parent->exts[u].def == c_ext->def) {
                lyplg_ext_log(c_ext, LY_LLERR, LY_EVALID, lysc_ctx_get_path(cctx),
                        "Extension %s is instantiated multiple times.", p_ext->name);
            } else {
                lyplg_ext_log(c_ext, LY_LLERR, LY_EVALID, lysc_ctx_get_path(cctx),
                        "Extension nacm:default-deny-write is mixed with nacm:default-deny-all.");
            }
            return LY_EVALID;
        }
    }

    /* inherit the extension instance to all the children nodes */
    dfs_arg.c_ext = c_ext;
    dfs_arg.parent = parent;
    ret = lysc_tree_dfs_full(parent, nacm_inherit_clb, &dfs_arg);

    return ret;
}

/**
 * @brief Plugin descriptions for the NACM's default-deny-write and default-deny-all extensions
 *
 * Note that external plugins are supposed to use:
 *
 *   LYPLG_EXTENSIONS = {
 */
const struct lyplg_ext_record plugins_nacm[] = {
    {
        .module = "ietf-netconf-acm",
        .revision = "2012-02-22",
        .name = "default-deny-write",

        .plugin.id = "libyang 2 - NACM, version 1",
        .plugin.compile = &nacm_compile,
        .plugin.validate = NULL,
        .plugin.sprinter = NULL,
        .plugin.free = NULL
    }, {
        .module = "ietf-netconf-acm",
        .revision = "2018-02-14",
        .name = "default-deny-write",

        .plugin.id = "libyang 2 - NACM, version 1",
        .plugin.compile = &nacm_compile,
        .plugin.validate = NULL,
        .plugin.sprinter = NULL,
        .plugin.free = NULL
    }, {
        .module = "ietf-netconf-acm",
        .revision = "2012-02-22",
        .name = "default-deny-all",

        .plugin.id = "libyang 2 - NACM, version 1",
        .plugin.compile = &nacm_compile,
        .plugin.validate = NULL,
        .plugin.sprinter = NULL,
        .plugin.free = NULL
    }, {
        .module = "ietf-netconf-acm",
        .revision = "2018-02-14",
        .name = "default-deny-all",

        .plugin.id = "libyang 2 - NACM, version 1",
        .plugin.compile = &nacm_compile,
        .plugin.validate = NULL,
        .plugin.sprinter = NULL,
        .plugin.free = NULL
    },
    {0} /* terminating zeroed item */
};

Line	Count	Source
1		/**
2		* @file nacm.c
3		* @author Radek Krejci <rkrejci@cesnet.cz>
4		* @brief libyang extension plugin - NACM (RFC 6536)
5		*
6		* Copyright (c) 2019 CESNET, z.s.p.o.
7		*
8		* This source code is licensed under BSD 3-Clause License (the "License").
9		* You may not use this file except in compliance with the License.
10		* You may obtain a copy of the License at
11		*
12		* https://opensource.org/licenses/BSD-3-Clause
13		*/
14
15		#include <stdint.h>
16		#include <stdlib.h>
17		#include <string.h>
18
19		#include "libyang.h"
20		#include "plugins_exts.h"
21
22		struct nacm_dfs_arg {
23		struct lysc_ext_instance *c_ext;
24		struct lysc_node *parent;
25		};
26
27		/**
28		* @brief DFS callback implementation for inheriting the NACM extension.
29		*/
30		static LY_ERR
31		nacm_inherit_clb(struct lysc_node node, void data, ly_bool *dfs_continue)
32	0	{
33	0	LY_ERR ret;
34	0	struct nacm_dfs_arg *arg = data;
35	0	struct lysc_ext_instance *inherited;
36	0	LY_ARRAY_COUNT_TYPE u;
37
38		/* ignore the parent from which we inherit and input/output nodes */
39	0	if ((node != arg->parent) && !(node->nodetype & (LYS_INPUT \| LYS_OUTPUT))) {
40		/* check that the node does not have its own NACM extension instance */
41	0	LY_ARRAY_FOR(node->exts, u) {
42	0	if (node->exts[u].def == arg->c_ext->def) {
43		/* the child already have its own NACM flag, so skip the subtree */
44	0	*dfs_continue = 1;
45	0	return LY_SUCCESS;
46	0	}
47	0	}
48
49		/* duplicate this one to inherit it to the child */
50	0	LY_ARRAY_NEW_GOTO(node->module->ctx, node->exts, inherited, ret, emem);
51
52	0	inherited->def = lysc_ext_dup(arg->c_ext->def);
53	0	inherited->parent = node;
54	0	inherited->parent_stmt = lys_nodetype2stmt(node->nodetype);
55	0	if (arg->c_ext->argument) {
56	0	LY_ERR ret;
57
58	0	if ((ret = lydict_insert(node->module->ctx, arg->c_ext->argument, strlen(arg->c_ext->argument),
59	0	&inherited->argument))) {
60	0	return ret;
61	0	}
62	0	}
63		/* TODO duplicate extension instances */
64	0	inherited->data = arg->c_ext->data;
65	0	}
66
67	0	return LY_SUCCESS;
68
69	0	emem:
70	0	lyplg_ext_log(arg->c_ext, LY_LLERR, LY_EMEM, NULL, "Memory allocation failed (%s()).", __func__);
71	0	return ret;
72	0	}
73
74		/**
75		* @brief Compile NAMC's extension instances.
76		*
77		* Implementation of ::lyplg_ext_compile_clb callback set as lyext_plugin::compile.
78		*/
79		static LY_ERR
80		nacm_compile(struct lysc_ctx cctx, const struct lysp_ext_instance p_ext, struct lysc_ext_instance *c_ext)
81	0	{
82	0	LY_ERR ret;
83	0	struct lysc_node *parent = NULL;
84	0	LY_ARRAY_COUNT_TYPE u;
85	0	struct nacm_dfs_arg dfs_arg;
86
87	0	static const uint8_t nacm_deny_all = 1;
88	0	static const uint8_t nacm_deny_write = 2;
89
90		/* store the NACM flag */
91	0	if (!strcmp(c_ext->def->name, "default-deny-write")) {
92	0	c_ext->data = (void *)&nacm_deny_write;
93	0	} else if (!strcmp(c_ext->def->name, "default-deny-all")) {
94	0	c_ext->data = (void *)&nacm_deny_all;
95	0	} else {
96	0	return LY_EINT;
97	0	}
98
99		/* check that the extension is instantiated at an allowed place - data node */
100	0	if (!LY_STMT_IS_NODE(c_ext->parent_stmt)) {
101	0	lyplg_ext_log(c_ext, LY_LLWRN, 0, lysc_ctx_get_path(cctx),
102	0	"Extension %s is allowed only in a data nodes, but it is placed in \"%s\" statement.",
103	0	p_ext->name, ly_stmt2str(c_ext->parent_stmt));
104	0	return LY_ENOT;
105	0	} else {
106	0	parent = (struct lysc_node *)c_ext->parent;
107	0	if (!(parent->nodetype & (LYS_CONTAINER \| LYS_LEAF \| LYS_LEAFLIST \| LYS_LIST \| LYS_CHOICE \| LYS_ANYDATA \|
108	0	LYS_CASE \| LYS_RPC \| LYS_ACTION \| LYS_NOTIF))) {
109		/* note LYS_AUGMENT and LYS_USES is not in the list since they are not present in the compiled tree. Instead, libyang
110		* passes all their extensions to their children nodes */
111	0	invalid_parent:
112	0	lyplg_ext_log(c_ext, LY_LLWRN, 0, lysc_ctx_get_path(cctx),
113	0	"Extension %s is not allowed in %s statement.", p_ext->name, lys_nodetype2str(parent->nodetype));
114	0	return LY_ENOT;
115	0	}
116	0	if ((c_ext->data == (void *)&nacm_deny_write) && (parent->nodetype & (LYS_RPC \| LYS_ACTION \| LYS_NOTIF))) {
117	0	goto invalid_parent;
118	0	}
119	0	}
120
121		/* check for duplication */
122	0	LY_ARRAY_FOR(parent->exts, u) {
123	0	if ((&parent->exts[u] != c_ext) && (parent->exts[u].def->plugin->compile == c_ext->def->plugin->compile)) {
124		/* duplication of a NACM extension on a single node
125		* We check for all NACM plugins since we want to catch even the situation that there is default-deny-all
126		* AND default-deny-write */
127	0	if (parent->exts[u].def == c_ext->def) {
128	0	lyplg_ext_log(c_ext, LY_LLERR, LY_EVALID, lysc_ctx_get_path(cctx),
129	0	"Extension %s is instantiated multiple times.", p_ext->name);
130	0	} else {
131	0	lyplg_ext_log(c_ext, LY_LLERR, LY_EVALID, lysc_ctx_get_path(cctx),
132	0	"Extension nacm:default-deny-write is mixed with nacm:default-deny-all.");
133	0	}
134	0	return LY_EVALID;
135	0	}
136	0	}
137
138		/* inherit the extension instance to all the children nodes */
139	0	dfs_arg.c_ext = c_ext;
140	0	dfs_arg.parent = parent;
141	0	ret = lysc_tree_dfs_full(parent, nacm_inherit_clb, &dfs_arg);
142
143	0	return ret;
144	0	}
145
146		/**
147		* @brief Plugin descriptions for the NACM's default-deny-write and default-deny-all extensions
148		*
149		* Note that external plugins are supposed to use:
150		*
151		* LYPLG_EXTENSIONS = {
152		*/
153		const struct lyplg_ext_record plugins_nacm[] = {
154		{
155		.module = "ietf-netconf-acm",
156		.revision = "2012-02-22",
157		.name = "default-deny-write",
158
159		.plugin.id = "libyang 2 - NACM, version 1",
160		.plugin.compile = &nacm_compile,
161		.plugin.validate = NULL,
162		.plugin.sprinter = NULL,
163		.plugin.free = NULL
164		}, {
165		.module = "ietf-netconf-acm",
166		.revision = "2018-02-14",
167		.name = "default-deny-write",
168
169		.plugin.id = "libyang 2 - NACM, version 1",
170		.plugin.compile = &nacm_compile,
171		.plugin.validate = NULL,
172		.plugin.sprinter = NULL,
173		.plugin.free = NULL
174		}, {
175		.module = "ietf-netconf-acm",
176		.revision = "2012-02-22",
177		.name = "default-deny-all",
178
179		.plugin.id = "libyang 2 - NACM, version 1",
180		.plugin.compile = &nacm_compile,
181		.plugin.validate = NULL,
182		.plugin.sprinter = NULL,
183		.plugin.free = NULL
184		}, {
185		.module = "ietf-netconf-acm",
186		.revision = "2018-02-14",
187		.name = "default-deny-all",
188
189		.plugin.id = "libyang 2 - NACM, version 1",
190		.plugin.compile = &nacm_compile,
191		.plugin.validate = NULL,
192		.plugin.sprinter = NULL,
193		.plugin.free = NULL
194		},
195		{0} /* terminating zeroed item */
196		};

Coverage Report

Created: 2026-01-13 06:56