Hi,
I am trying to minimize invocation of authorization callback as much as possible.
Currently callbacks are registered as (taken from example/)
struct confd_authorization_cbs auth;
memset(&auth, 0, sizeof(struct confd_authorization_cbs));
auth.chk_cmd_access = cmd_access_cb;
auth.chk_data_access = NULL;
// filters specify for what not to use callbacks
// (0x0 ... use for everything, 0xFF ... use for nothing/disable)
auth.cmd_filter = CONFD_ACCESS_OP_EXECUTE;
auth.data_filter = 0xFF;
if (CONFD_OK != confd_register_authorization_cb(dctx, &auth))
{
confd_fatal("Failed to register auth cb!");
}
CONFD_ACCESS_OP_READ
Read access. The CLI will use this during command completion, to filter out alternatives that are disallowed by AAA.
CONFD_ACCESS_OP_EXECUTE
Execute access. This is used when a command is about to be executed.
So I was assuming that if we register for âCONFD_ACCESS_OP_EXECUTEâ the tab-completion etc would not invoke the callback, but my observation is that a command clear interface packet-stats invokes the callback thrice
a. First with token array = [âclearâ]
b. Then [âclearâ, âinterfaceâ]
c. Finally [âclearâ, âinterfaceâ, âpacket-statsâ]
In all cases cmdop being passed as 1 (i.e. CONFD_ACCESS_OP_READ).
Can we do any tweaking to receive the final state only (i.e. state c)?
Regards,