kernelkit · mattiaswal · Oct 3, 2024 · Sep 26, 2024 · Sep 30, 2024 · Sep 30, 2024
diff --git a/.github/workflows/add-issue-to-project.yml b/.github/workflows/add-issue-to-project.yml
@@ -0,0 +1,16 @@
+name: Adds all issues to project Infix & C:o
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  add-to-project:
+    name: Add issue to project Infix&co
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/add-to-project@v1.0.2
+        with:
+          project-url: https://github.com/orgs/kernelkit/projects/3
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/doc/ChangeLog.md b/doc/ChangeLog.md
@@ -3,6 +3,16 @@ Change Log
 
 All notable changes to the project are documented in this file.
 
+[v24.10.0][] - UNRELEASED
+-------------------------
+### Changes
+- OSPF: Add limitation to only allow one interface per area.
+
+### Fixes
+- Fix #499 by adding a NACM rule to factory config, which by default
+  deny everyone to read the user password hash.
+- Fix BFD in OSPF, previously you could not enable BFD on a single
+  interface without it was enabled on all interfaces.
 
 [v24.09.0][] - 2024-09-30
 -------------------------

diff --git a/src/confd/share/factory.d/10-nacm.json b/src/confd/share/factory.d/10-nacm.json
@@ -1,5 +1,6 @@
 {
     "ietf-netconf-acm:nacm": {
+	"enable-nacm": true,
 	"groups": {
 	    "group": [
 		{
@@ -25,6 +26,19 @@
 			"comment": "Allow 'admin' group complete access to all operations and data."
 		    }
 		]
+	    },
+	    {
+		"name": "default-deny-all",
+		"group": ["*"],
+		"rule": [
+		    {
+			"name":  "deny-password-read",
+			"module-name": "ietf-system",
+			"path": "/ietf-system:system/authentication/user/password",
+			"access-operations": "*",
+			"action": "deny"
+		    }
+		]
 	    }
 	]
     }

diff --git a/src/confd/src/ietf-routing.c b/src/confd/src/ietf-routing.c
@@ -29,7 +29,7 @@ log facility local2\n"
 int parse_ospf_interfaces(sr_session_ctx_t *session, struct lyd_node *areas, FILE *fp)
 {
 	struct lyd_node *interface, *interfaces, *area;
-	int bfd_enabled = 0;
+	int num_bfd_enabled = 0;
 
 	LY_LIST_FOR(lyd_child(areas), area) {
 		const char *area_id;
@@ -41,11 +41,13 @@ int parse_ospf_interfaces(sr_session_ctx_t *session, struct lyd_node *areas, FIL
 			const char *hello, *dead, *retransmit, *transmit, *interface_type, *cost;
 
 			if (lydx_get_bool(interface, "enabled")) {
+				int passive = 0, bfd_enabled = 0;
 				struct lyd_node *bfd;
-				int passive = 0;
 
 				bfd = lydx_get_child(interface, "bfd");
-				bfd_enabled += lydx_get_bool(bfd, "enabled");
+				bfd_enabled = lydx_get_bool(bfd, "enabled");
+				num_bfd_enabled += bfd_enabled;
+
 				passive = lydx_get_bool(interface, "passive");
 				fprintf(fp, "interface %s\n", lydx_get_cattr(interface, "name"));
 
@@ -77,7 +79,7 @@ int parse_ospf_interfaces(sr_session_ctx_t *session, struct lyd_node *areas, FIL
 		}
 	}
 
-	return bfd_enabled;
+	return num_bfd_enabled;
 }
 
 int parse_ospf_redistribute(sr_session_ctx_t *session, struct lyd_node *redistributes, FILE *fp)

diff --git a/src/confd/yang/Makefile.am b/src/confd/yang/Makefile.am
@@ -1,2 +1,2 @@
 yangdir   = $(YANGDIR)
-yang_DATA = $(wildcard *.yang)
+yang_DATA = $(wildcard *@*.yang) ieee802-types.yang ieee802-dot1ab-types.yang
diff --git a/src/confd/yang/confd.inc b/src/confd/yang/confd.inc
@@ -27,7 +27,7 @@ MODULES=(
 	"ieee802-dot1q-types@2022-10-29.yang"
 	"infix-ip@2024-09-16.yang"
 	"infix-if-type@2024-01-29.yang"
-	"infix-routing@2024-09-23.yang"
+	"infix-routing@2024-10-01.yang"
 	"ieee802-dot1ab-lldp@2022-03-15.yang"
 	"infix-lldp@2023-08-23.yang"
 	"infix-dhcp-client@2024-09-20.yang"