config UPDATE add keystore new data API
New API for creating keystore and truststore SSH data. Tests now use the
new API.
diff --git a/examples/client.c b/examples/client.c
index 65f2642..7612239 100644
--- a/examples/client.c
+++ b/examples/client.c
@@ -194,7 +194,7 @@
break;
case SSH:
- session = nc_connect_ssh(SSH_ADDRESS, atoi(SSH_PORT), NULL);
+ session = nc_connect_ssh(SSH_ADDRESS, SSH_PORT, NULL);
break;
case NONE:
diff --git a/examples/example.h.in b/examples/example.h.in
index 6e214f0..e195dda 100644
--- a/examples/example.h.in
+++ b/examples/example.h.in
@@ -31,7 +31,7 @@
#define SSH_ADDRESS "127.0.0.1"
/* SSH listening port */
-#define SSH_PORT "830"
+#define SSH_PORT 830
/* SSH 'password' authentication exptected username and password */
#define SSH_USERNAME "admin"
diff --git a/src/config_new.c b/src/config_new.c
index d6c4c52..d5591a8 100644
--- a/src/config_new.c
+++ b/src/config_new.c
@@ -34,48 +34,6 @@
#include "session.h"
#include "session_p.h"
-int
-nc_config_new_add_operation(const struct ly_ctx *ctx, struct lyd_node *node, NC_OPERATION op)
-{
- struct lyd_meta *meta;
- const char *op_str = NULL;
-
- meta = lyd_find_meta(node->meta, NULL, "yang:operation");
- if (meta) {
- /* node already has operation attribute, delete it */
- lyd_free_meta_single(meta);
- }
-
- /* get the operation as string */
- switch (op) {
- case NC_OP_CREATE:
- op_str = "create";
- break;
- case NC_OP_REPLACE:
- op_str = "replace";
- break;
- case NC_OP_DELETE:
- op_str = "delete";
- break;
- case NC_OP_NONE:
- op_str = "none";
- break;
- default:
- break;
- }
- if (!op_str) {
- ERR(NULL, "Invalid operation to add to the tree.");
- return 1;
- }
-
- /* give the node the operation */
- if (lyd_new_meta(ctx, node, NULL, "yang:operation", op_str, 0, NULL)) {
- return 1;
- }
-
- return 0;
-}
-
#ifdef NC_ENABLED_SSH_TLS
const char *
@@ -675,12 +633,13 @@
API int
nc_server_config_new_address_port(const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport,
- const char *address, const char *port, struct lyd_node **config)
+ const char *address, uint16_t port, struct lyd_node **config)
{
int ret = 0;
const char *address_fmt, *port_fmt;
+ char port_buf[6] = {0};
- NC_CHECK_ARG_RET(NULL, address, port, ctx, endpt_name, config, 1);
+ NC_CHECK_ARG_RET(NULL, address, ctx, endpt_name, config, 1);
if (transport == NC_TI_LIBSSH) {
/* SSH path */
@@ -701,7 +660,8 @@
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, port, port_fmt, endpt_name);
+ sprintf(port_buf, "%d", port);
+ ret = nc_config_new_create(ctx, config, port_buf, port_fmt, endpt_name);
if (ret) {
goto cleanup;
}
@@ -752,15 +712,16 @@
{
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
- return nc_config_new_delete(ctx, config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']", ch_client_name);
+ return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']", ch_client_name);
}
int
-nc_config_new_delete(const struct ly_ctx *ctx, struct lyd_node **tree, const char *path_fmt, ...)
+nc_config_new_delete(struct lyd_node **tree, const char *path_fmt, ...)
{
int ret = 0;
va_list ap;
char *path = NULL;
+ struct lyd_node *sub = NULL;
va_start(ap, path_fmt);
@@ -772,35 +733,20 @@
goto cleanup;
}
- /* create the nodes in the path */
- ret = lyd_new_path(*tree, ctx, path, NULL, LYD_NEW_PATH_UPDATE, tree);
+ /* find the node we want to delete */
+ ret = lyd_find_path(*tree, path, 0, &sub);
if (ret) {
goto cleanup;
}
- /* set the node to the last node */
- ret = lyd_find_path(*tree, path, 0, tree);
- if (ret) {
- goto cleanup;
- }
+ lyd_free_tree(sub);
- /* add delete operation to the node */
- ret = nc_config_new_add_operation(ctx, *tree, NC_OP_DELETE);
- if (ret) {
- goto cleanup;
- }
-
- /* set the node back to top level container */
+ /* set the node to top level container */
ret = lyd_find_path(*tree, "/ietf-netconf-server:netconf-server", 0, tree);
if (ret) {
goto cleanup;
}
- ret = nc_config_new_add_operation(ctx, *tree, NC_OP_NONE);
- if (ret) {
- goto cleanup;
- }
-
/* add all default nodes */
ret = lyd_new_implicit_tree(*tree, LYD_IMPLICIT_NO_STATE, NULL);
if (ret) {
@@ -842,12 +788,6 @@
goto cleanup;
}
- /* add create operation to the top level node */
- ret = nc_config_new_add_operation(ctx, *tree, NC_OP_CREATE);
- if (ret) {
- goto cleanup;
- }
-
/* add all default nodes */
ret = lyd_new_implicit_tree(*tree, LYD_IMPLICIT_NO_STATE, NULL);
if (ret) {
@@ -860,4 +800,107 @@
return ret;
}
+API int
+nc_server_config_new_keystore_asym_key(const struct ly_ctx *ctx, const char *name, const char *privkey_path,
+ const char *pubkey_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *privkey = NULL, *pubkey = NULL;
+ NC_PRIVKEY_FORMAT privkey_type;
+ NC_PUBKEY_FORMAT pubkey_type;
+ const char *privkey_format, *pubkey_format;
+
+ NC_CHECK_ARG_RET(NULL, ctx, name, privkey_path, config, 1);
+
+ /* get the keys as a string from the given files */
+ ret = nc_server_config_new_get_keys(privkey_path, pubkey_path, &privkey, &pubkey, &privkey_type, &pubkey_type);
+ if (ret) {
+ ERR(NULL, "Getting keys from file(s) failed.");
+ goto cleanup;
+ }
+
+ /* get pubkey format str */
+ if (pubkey_type == NC_PUBKEY_FORMAT_X509) {
+ pubkey_format = "ietf-crypto-types:public-key-info-format";
+ } else {
+ pubkey_format = "ietf-crypto-types:ssh-public-key-format";
+ }
+
+ /* get privkey identityref value */
+ privkey_format = nc_config_new_privkey_format_to_identityref(privkey_type);
+ if (!privkey_format) {
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = nc_config_new_create(ctx, config, pubkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
+ "asymmetric-key[name='%s']/public-key-format", name);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_config_new_create(ctx, config, pubkey, "/ietf-keystore:keystore/asymmetric-keys/"
+ "asymmetric-key[name='%s']/public-key", name);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_config_new_create(ctx, config, privkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
+ "asymmetric-key[name='%s']/private-key-format", name);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_config_new_create(ctx, config, privkey, "/ietf-keystore:keystore/asymmetric-keys/"
+ "asymmetric-key[name='%s']/cleartext-private-key", name);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(privkey);
+ free(pubkey);
+ return ret;
+}
+
+API int
+nc_server_config_new_truststore_pubkey(const struct ly_ctx *ctx, const char *bag_name, const char *pubkey_name,
+ const char *pubkey_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *pubkey = NULL;
+ NC_PUBKEY_FORMAT pubkey_format;
+ const char *format;
+
+ NC_CHECK_ARG_RET(NULL, ctx, bag_name, pubkey_name, pubkey_path, config, 1);
+
+ ret = nc_server_config_new_get_pubkey(pubkey_path, &pubkey, &pubkey_format);
+ if (ret) {
+ goto cleanup;
+ }
+
+ /* pubkey format to str */
+ if (pubkey_format == NC_PUBKEY_FORMAT_SSH2) {
+ format = "ietf-crypto-types:ssh-public-key-format";
+ } else {
+ format = "ietf-crypto-types:subject-public-key-info-format";
+ }
+
+ ret = nc_config_new_create(ctx, config, format, "/ietf-truststore:truststore/public-key-bags/"
+ "public-key-bag[name='%s']/public-key[name='%s']/public-key-format", bag_name, pubkey_name);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_config_new_create(ctx, config, pubkey, "/ietf-truststore:truststore/public-key-bags/"
+ "public-key-bag[name='%s']/public-key[name='%s']/public-key", bag_name, pubkey_name);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(pubkey);
+ return ret;
+}
+
#endif /* NC_ENABLED_SSH_TLS */
diff --git a/src/config_new.h b/src/config_new.h
index ba93dcb..3388f05 100644
--- a/src/config_new.h
+++ b/src/config_new.h
@@ -84,10 +84,6 @@
#endif /* NC_ENABLED_SSH_TLS */
-int nc_config_new_add_operation(const struct ly_ctx *ctx, struct lyd_node *node, NC_OPERATION op);
-
-int nc_config_new_delete(const struct ly_ctx *ctx, struct lyd_node **tree, const char *path_fmt, ...);
-
/**
* @brief Creates YANG data nodes in a path and gives the final node a value.
*
@@ -101,6 +97,16 @@
*/
int nc_config_new_create(const struct ly_ctx *ctx, struct lyd_node **tree, const char *value, const char *path_fmt, ...);
+/**
+ * @brief Deletes a subtree from the YANG data.
+ *
+ * @param tree YANG data from which the subtree will be deleted.
+ * @param[in] path_fmt Format of the path
+ * @param[in] ... Parameters for the path format, essentially representing the lists' keys.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_config_new_delete(struct lyd_node **tree, const char *path_fmt, ...);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/config_new_ssh.c b/src/config_new_ssh.c
index 5266e30..6fed43e 100644
--- a/src/config_new_ssh.c
+++ b/src/config_new_ssh.c
@@ -225,12 +225,6 @@
goto cleanup;
}
- /* check if top-level container has operation and if not, add it */
- ret = nc_config_new_add_operation(ctx, *config, NC_OP_CREATE);
- if (ret) {
- goto cleanup;
- }
-
/* Add all default nodes */
ret = lyd_new_implicit_tree(*config, LYD_IMPLICIT_NO_STATE, NULL);
if (ret) {
@@ -264,12 +258,6 @@
goto cleanup;
}
- /* check if top-level container has operation and if not, add it */
- ret = nc_config_new_add_operation(ctx, *config, NC_OP_CREATE);
- if (ret) {
- goto cleanup;
- }
-
/* Add all default nodes */
ret = lyd_new_implicit_tree(*config, LYD_IMPLICIT_NO_STATE, NULL);
if (ret) {
@@ -303,12 +291,6 @@
goto cleanup;
}
- /* check if top-level container has operation and if not, add it */
- ret = nc_config_new_add_operation(ctx, *config, NC_OP_CREATE);
- if (ret) {
- goto cleanup;
- }
-
/* Add all default nodes */
ret = lyd_new_implicit_tree(*config, LYD_IMPLICIT_NO_STATE, NULL);
if (ret) {
@@ -342,12 +324,6 @@
goto cleanup;
}
- /* check if top-level container has operation and if not, add it */
- ret = nc_config_new_add_operation(ctx, *config, NC_OP_CREATE);
- if (ret) {
- goto cleanup;
- }
-
/* Add all default nodes */
ret = lyd_new_implicit_tree(*config, LYD_IMPLICIT_NO_STATE, NULL);
if (ret) {
@@ -587,3 +563,25 @@
free(pubkey);
return ret;
}
+
+API int
+nc_server_config_new_ssh_keystore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
+ const char *keystore_reference, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, hostkey_name, keystore_reference, config, 1);
+
+ return nc_config_new_create(ctx, config, keystore_reference, "/ietf-netconf-server:netconf-server/listen/"
+ "endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
+ "keystore-reference", endpt_name, hostkey_name);
+}
+
+API int
+nc_server_config_new_ssh_truststore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *user_name,
+ const char *truststore_reference, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, truststore_reference, config, 1);
+
+ return nc_config_new_create(ctx, config, truststore_reference, "/ietf-netconf-server:netconf-server/listen/"
+ "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
+ "truststore-reference", endpt_name, user_name);
+}
diff --git a/src/server_config.h b/src/server_config.h
index 94ade5f..738e169 100644
--- a/src/server_config.h
+++ b/src/server_config.h
@@ -92,22 +92,22 @@
* @param[in] transport Either SSH or TLS transport for the given endpoint.
* @param[in] address New listening address.
* @param[in] port New listening port.
- * If an endpoint with this identifier already exists, it's address and port will be overriden.
+ * If an endpoint with this identifier already exists, its address and port will be overriden.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
int nc_server_config_new_address_port(const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport,
- const char *address, const char *port, struct lyd_node **config);
+ const char *address, uint16_t port, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for a hostkey.
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's hostkey might be changed.
+ * If an endpoint with this identifier already exists, its hostkey might be changed.
* @param[in] hostkey_name Arbitrary identifier of the hostkey.
- * If a hostkey with this identifier already exists, it's contents will be changed.
+ * If a hostkey with this identifier already exists, its contents will be changed.
* @param[in] privkey_path Path to a file containing a private key.
* The private key has to be in a PEM format. Only RSA and ECDSA keys are supported.
* @param[in] pubkey_path Path to a file containing a public key. If NULL, public key will be
@@ -127,7 +127,7 @@
*
* @param[in] ctx libyang context
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's host-key algorithms will be replaced.
+ * If an endpoint with this identifier already exists, its host-key algorithms will be replaced.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @param[in] alg_count Number of following algorithms.
@@ -146,7 +146,7 @@
*
* @param[in] ctx libyang context
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's key exchange algorithms will be replaced.
+ * If an endpoint with this identifier already exists, its key exchange algorithms will be replaced.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @param[in] alg_count Number of following algorithms.
@@ -164,7 +164,7 @@
*
* @param[in] ctx libyang context
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's encryption algorithms will be replaced.
+ * If an endpoint with this identifier already exists, its encryption algorithms will be replaced.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @param[in] alg_count Number of following algorithms.
@@ -181,7 +181,7 @@
*
* @param[in] ctx libyang context
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's mac algorithms will be replaced.
+ * If an endpoint with this identifier already exists, its mac algorithms will be replaced.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @param[in] alg_count Number of following algorithms.
@@ -196,11 +196,11 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's user might be changed.
+ * If an endpoint with this identifier already exists, its user might be changed.
* @param[in] user_name Arbitrary identifier of the user.
- * If an user with this identifier already exists, it's contents will be changed.
+ * If an user with this identifier already exists, its contents will be changed.
* @param[in] pubkey_name Arbitrary identifier of the user's public key.
- * If a public key with this identifier already exists for this user, it's contents will be changed.
+ * If a public key with this identifier already exists for this user, its contents will be changed.
* @param[in] pubkey_path Path to a file containing the user's public key.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
@@ -216,9 +216,9 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's user might be changed.
+ * If an endpoint with this identifier already exists, its user might be changed.
* @param[in] user_name Arbitrary identifier of the user.
- * If an user with this identifier already exists, it's contents will be changed.
+ * If an user with this identifier already exists, its contents will be changed.
* @param[in] password Cleartext user's password.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
@@ -232,9 +232,9 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's user might be changed.
+ * If an endpoint with this identifier already exists, its user might be changed.
* @param[in] user_name Arbitrary identifier of the user.
- * If an user with this identifier already exists, it's contents will be changed.
+ * If an user with this identifier already exists, its contents will be changed.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
@@ -247,9 +247,9 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's user might be changed.
+ * If an endpoint with this identifier already exists, its user might be changed.
* @param[in] user_name Arbitrary identifier of the user.
- * If an user with this identifier already exists, it's contents will be changed.
+ * If an user with this identifier already exists, its contents will be changed.
* @param[in] pam_config_name Name of the PAM configuration file.
* @param[in] pam_config_name Optional. The absolute path to the directory in which the configuration file
* with the name conf_name is located. A newer version (>= 1.4) of PAM library is required to be able to specify
@@ -269,7 +269,7 @@
*
* @param[in] ctx libyang context
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in] referenced_endpt Identifier of an endpoint, which has to exist whenever this data
* is applied. The referenced endpoint can reference another one and so on, but there mustn't be a cycle.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
@@ -284,7 +284,7 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's server certificate will be changed.
+ * If an endpoint with this identifier already exists, its server certificate will be changed.
* @param[in] pubkey_path Optional path to the server's public key file. If not provided,
* it will be generated from the private key.
* @param[in] privkey_path Path to the server's private key file.
@@ -301,7 +301,7 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in] cert_name Arbitrary identifier of the client's certificate.
* If a client certificate with this indetifier already exists, it will be changed.
* @param[in] cert_path Path to the client's certificate file.
@@ -317,7 +317,7 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in] cert_name Arbitrary identifier of the certificate authority certificate.
* If a CA with this indetifier already exists, it will be changed.
* @param[in] cert_path Path to the CA certificate file.
@@ -333,7 +333,7 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in] id ID of the entry. The lower the ID, the higher the priority of the entry (it will be checked earlier).
* @param[in] fingerprint Optional fingerprint of the entry. The fingerprint should always be set, however if it is
* not set, it will match any certificate. Entry with no fingerprint should therefore be placed only as the last entry.
@@ -351,7 +351,7 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in] tls_version TLS version to be used. Call this multiple times to set
* the accepted versions of the TLS protocol and let the client and server negotiate
* the given version.
@@ -367,7 +367,7 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @param[in] cipher_count Number of ciphers.
@@ -389,7 +389,7 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in] path Path to a DER/PEM encoded CRL file.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
@@ -405,7 +405,7 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in] url URL from which the CRL file will be downloaded. The file has to be in the DER or PEM format.
* The allowed protocols are all the protocols supported by CURL.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
@@ -424,7 +424,7 @@
*
* @param[in] ctx libyang context.
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
@@ -439,7 +439,7 @@
*
* @param[in] ctx libyang context
* @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, it's contents will be changed.
+ * If an endpoint with this identifier already exists, its contents will be changed.
* @param[in] referenced_endpt Identifier of an endpoint, which has to exist whenever this data
* is applied. The referenced endpoint can reference another one and so on, but there mustn't be a cycle.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
@@ -449,17 +449,145 @@
int nc_config_new_tls_endpoint_client_reference(const struct ly_ctx *ctx, const char *endpt_name,
const char *referenced_endpt, struct lyd_node **config);
+/**
+ * @brief Creates new YANG configuration data nodes for a call-home client's address and port.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] ch_client_name Arbitrary identifier of the call-home client.
+ * If a call-home client with this identifier already exists, its contents will be changed.
+ * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
+ * If the client's endpoint with this identifier already exists, its contents will be changed.
+ * @param[in] transport Transport protocol to be used on this endpoint - either SSH or TLS.
+ * @param[in] address Address to connect to.
+ * @param[in] port Port to connect to.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
int nc_server_config_new_ch_address_port(const struct ly_ctx *ctx, const char *ch_client_name, const char *endpt_name,
NC_TRANSPORT_IMPL transport, const char *address, const char *port, struct lyd_node **config);
+/**
+ * @brief Creates new YANG data nodes for a call-home SSH hostkey.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] ch_client_name Arbitrary identifier of the call-home client.
+ * If a call-home client with this identifier already exists, its contents will be changed.
+ * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
+ * If the client's endpoint with this identifier already exists, its contents will be changed.
+ * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey.
+ * If the endpoint's hostkey with this identifier already exists, its contents will be changed.
+ * @param[in] privkey_path Path to a file containing a private key.
+ * The private key has to be in a PEM format. Only RSA and ECDSA keys are supported.
+ * @param[in] pubkey_path Path to a file containing a public key. If NULL, public key will be
+ * generated from the private key.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
int nc_server_config_new_ssh_ch_hostkey(const struct ly_ctx *ctx, const char *ch_client_name, const char *endpt_name,
const char *hostkey_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config);
+/**
+ * @brief Creates new YANG data nodes for a call-home client's public key.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] ch_client_name Arbitrary identifier of the call-home client.
+ * If a call-home client with this identifier already exists, its contents will be changed.
+ * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
+ * If the client's endpoint with this identifier already exists, its contents will be changed.
+ * @param[in] user_name Arbitrary identifier of the endpoint's user.
+ * If the endpoint's user with this identifier already exists, its contents will be changed.
+ * @param[in] pubkey_name Arbitrary identifier of the user's public key.
+ * If the user's public key with this identifier already exists, its contents will be changed.
+ * @param[in] pubkey_path Path to a file containing a public key.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
int nc_server_config_new_ssh_ch_client_auth_pubkey(const struct ly_ctx *ctx, const char *ch_client_name, const char *endpt_name,
const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config);
+/**
+ * @brief Deletes a call-home client from the YANG data.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] ch_client_name The name of the client to be deleted from the data.
+ * The client has to be present in the data.
+ * @param[in,out] config Modified configuration YANG data tree.
+ * @return 0 on success, non-zero otherwise.
+ */
int nc_server_config_new_del_ch_client(const struct ly_ctx *ctx, const char *ch_client_name, struct lyd_node **config);
+/**
+ * @brief Creates new YANG data nodes for an asymmetric key in the keystore.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] name Name of the asymmetric key pair.
+ * This name is used to reference the key pair.
+ * @param[in] privkey_path Path to a private key file.
+ * @param[in] pubkey_path Optional path a public key file.
+ * If not supplied, it will be generated from the private key.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_keystore_asym_key(const struct ly_ctx *ctx, const char *name, const char *privkey_path,
+ const char *pubkey_path, struct lyd_node **config);
+
+/**
+ * @brief Creates new YANG data nodes for a reference to an asymmetric key located in the keystore.
+ *
+ * This asymmetric key pair will be used as the SSH hostkey.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] endpt_name Arbitrary identifier of an endpoint.
+ * If an endpoint with this identifier already exists, its contents will be changed.
+ * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey.
+ * If an endpoint's hostkey with this identifier already exists, its contents will be changed.
+ * @param[in] keystore_reference Name of the asymmetric key pair to be referenced and used as a hostkey.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_ssh_keystore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
+ const char *keystore_reference, struct lyd_node **config);
+
+/**
+ * @brief Creates new YANG data nodes for a public key in the truststore.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] bag_name Arbitrary identifier of the public key bag.
+ * This name is used to reference the public keys in the bag.
+ * If a public key bag with this name already exists, its contents will be changed.
+ * @param[in] pubkey_name Arbitrary identifier of the public key.
+ * If a public key with this name already exists, its contents will be changed.
+ * @param[in] pubkey_path Path to a file containing a public key.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_truststore_pubkey(const struct ly_ctx *ctx, const char *bag_name, const char *pubkey_name,
+ const char *pubkey_path, struct lyd_node **config);
+
+/**
+ * @brief Creates new YANG data nodes for a reference to a public key bag located in the truststore.
+ *
+ * The public key's located in the bag will be used for client authentication.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] endpt_name Arbitrary identifier of an endpoint.
+ * If an endpoint with this identifier already exists, its contents will be changed.
+ * @param[in] user_name Arbitrary identifier of the endpoint's user.
+ * If an endpoint's user with this identifier already exists, its contents will be changed.
+ * @param[in] truststore_reference Name of the public key bag to be referenced and used for authentication.
+ * @param config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_new_ssh_truststore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *user_name,
+ const char *truststore_reference, struct lyd_node **config);
+
#endif /* NC_ENABLED_SSH_TLS */
#ifdef __cplusplus
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 931df0f..7000654 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -37,7 +37,7 @@
#append tests depending on SSH/TLS
if(ENABLE_SSH_TLS)
- list(APPEND tests test_two_channels test_keystore test_config_new test_truststore test_ec
+ list(APPEND tests test_two_channels test_ks_ts test_config_new test_ec
test_ed25519 test_replace test_endpt_share_clients test_tls test_crl test_ch)
endif()
diff --git a/tests/test_auth.c b/tests/test_auth.c
index 07cf859..461f6e3 100644
--- a/tests/test_auth.c
+++ b/tests/test_auth.c
@@ -36,82 +36,6 @@
pthread_barrier_t barrier;
};
-const char *data =
- "<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\" xmlns:yang=\"urn:ietf:params:xml:ns:yang:1\" yang:operation=\"none\">\n"
- " <listen yang:operation=\"create\">\n"
- " <idle-timeout>10</idle-timeout>\n"
- " <endpoint>\n"
- " <name>default-ssh</name>\n"
- " <ssh>\n"
- " <tcp-server-parameters>\n"
- " <local-address>127.0.0.1</local-address>\n"
- " <local-port>10005</local-port>\n"
- " </tcp-server-parameters>\n"
- " <ssh-server-parameters>\n"
- " <server-identity>\n"
- " <host-key>\n"
- " <name>key</name>\n"
- " <public-key>\n"
- " <inline-definition>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQ==</public-key>\n"
- " <private-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:rsa-private-key-format</private-key-format>\n"
- " <cleartext-private-key>MIIJKAIBAAKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQKCAgAeRZw75Oszoqj0jfMmMILdD3Cfad+dY3FvLESYESeyt0XAX8XoOed6ymQj1qPGxQGGkkBvPEgv1b3jrC8Rhfb3Ct39Z7mRpTar5iHhwwBUboBTUmQ0vR173iAHX8sw2Oa17mCO/CDlr8Fu4Xcom7r3vlVBepo72VSjpPYMjN0MANjwhEi3NCyWzTXBRgUK3TuZbzfzto0w2Irlpx0S7dAqxfk70jXBgwv2vSDWKfg1lL1X0BkMVX98xpMkcjMW2muSqp4KBtTma4GqT6z0f7Y1Bs3lGLZmvPlBXxQVVvkFtiQsENCtSd/h17Gk2mb4EbReaaBzwCYqJdRWtlpJ54kzy8U00co+Yn//ZS7sbbIDkqHPnXkpdIr+0rEDMlOw2Y3vRZCxqZFqfWCW0uzhwKqk2VoYqtDL+ORKG/aG/KTBQ4Y71Uh+7aabPwj5R+NaVMjbqmrVeH70eKjoNVgcNYY1C9rGVF1d+LQEm7UsqS0DPp4wN9QKLAqIfuarAhQBhZy1R7Sj1r5macD9DsGxsurM4mHZV0LNmYLZiFHjTUb6iRSPD5RBFW80vcNtxZ0cxmkLtxrj/DVyExV11Cl0SbZLLa9mScYvxdl/qZutXt3PQyab0NiYxGzCD2RnLkCyxkh1vuHHjhvIWYfbd2VgZB/qGr+o9T07FGfMCu23//fugQKCAQEA9UH38glH/rAjZ431sv6ryUEFY8I2FyLTijtvoj9CNGcQn8vJQAHvUPfMdyqDoum6wgcTmG+UXA6mZzpGQCiY8JW5CoItgXRoYgNzpvVVe2aLf51QGtNLLEFpNDMpCtI+I+COpAmGvWAukku0pZfRjm9eb1ydvTpHlFC9+VhVUsLzw3VtSC5PVW6r65mZcYcB6SFVPap+31ENP/9jOMFoymh57lSMZJMxTEA5b0l2miFb9Rp906Zqiud5zv2jIqF6gL70giW3ovVxR7LGKKTKIa9pxawHwB6Ithygs7YoJkjF2dm8pZTMZKsQN92K70XGj07SmYRLZpkVD7i+cqbbKQKCAQEA9M6580Rcw6W0twfcy0/iB4U5ZS52EcCjW8vHlL+MpUo7YvXadSgV1ZaM28zW/ZGk3wE0zy1YT5s30SQkm0NiWN3t/J0l19ccAOxlPWfjhF7vIQZr7XMo5HeaK0Ak5+68J6bx6KgcXmlJOup7INaE8DyGXB6vd4K6957IXyqs3/bfJAUmz49hnveCfLFdTVVT/Uq4IoPKfQSbSZc0BvPBsnBCF164l4jllGBaWS302dhgW4cgxzG0SZGgNwow4AhB+ygiiS8yvOa7UcHfUObVrzWeeq9mYSQ1PkvUTjkWR2/Y8xy7WP0TRBdJOVSs90H51lerEDGNQWvQvI97S9ZOsQKCAQB59u9lpuXtqwxAQCFyfSFSuQoEHR2nDcOjF4GhbtHum15yCPaw5QVs/33nuPWze4ZLXReKk9p0mTh5V0p+N3IvGlXl+uzEVu5d55eI7LIw5sLymHmwjWjxvimiMtrzLbCHSPHGc5JU9NLUH9/bBY/JxGpy+NzcsHHOOQTwTdRIjviIOAo7fgQn2RyX0k+zXE8/7zqjqvji9zyemdNu8we4uJICSntyvJwkbj/hrufTKEnBrwXpzfVn1EsH+6w32ZPBGLUhT75txJ8r56SRq7l1XPU9vxovmT+lSMFF/Y0j1MbHWnds5H1shoFPNtYTvWBL/gfPHjIc+H23zsiu3XlZAoIBAC2xB/Pnpoi9vOUMiqFH36AXtYa1DURy+AqCFlYlClMvb7YgvQ1w1eJvnwrHSLk7HdKhnwGsLPduuRRH8q0n/osnoOutSQroE0n41UyIv2ZNccRwNmSzQcairBu2dSz02hlsh2otNl5IuGpOqXyPjXBpW4qGD6n2tH7THALnLC0BHtTSQVQsJsRM3gX39LoiWvLDp2qJvplm6rTpi8Rgap6rZSqHe1yNKIxxD2vlr/WY9SMgLXYASO4SSBz9wfGOmQIPk6KXNJkdV4kC7nNjIi75iwLLCgjHgUiHTrDq5sWekpeNnUoWsinbTsdsjnv3zHG9GyiClyLGxMbs4M5eyYECggEBAKuC8ZMpdIrjk6tERYB6g0LnQ7mW8XYbDFAmLYMLs9yfG2jcjVbsW9Kugsr+3poUUv/q+hNO3jfY4HazhZDa0MalgNPoSwr/VNRnkck40x2ovFb989J7yl++zTrnIrax9XRH1V0cNu+Kj7OMwZ2RRfbNv5JBdOZPvkfqyIKFmbQgYbtD66rHuzNOfJpzqr/WVLO57/zzW8245NKG2B6B0oXkei/KqDY0DAbHR3i3EOj1NPtVI1FC/xX8R9BREaid458bqoHJKuInrGcBjaUI9Cvymv8TbstUgD6NPbJR4Sm6vrLeUqzjWZP3t1+Z6DjXmnpR2vvhMU/FWb//21p/88o=</cleartext-private-key>\n"
- " </inline-definition>\n"
- " </public-key>\n"
- " </host-key>\n"
- " </server-identity>\n"
- " <client-authentication>\n"
- " <users>\n"
- " <user>\n"
- " <name>test_pk</name>\n"
- " <public-keys>\n"
- " <inline-definition>\n"
- " <public-key>\n"
- " <name>test</name>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>AAAAB3NzaC1yc2EAAAADAQABAAABAQDPavVALiM7QwTIUAndO8E9GOkSDQWjuEwkzbJ3kOBPa7kkq71UOZFeecDjFb9eipkljfFys/JYHGQaYVF8/svT0KV5h7HlutRdF6yvqSEbjpbTORb27pdHX3iFEyDCwCIoq9vMeX+wyXnteyn01GpIL0ig0WAnvkqX/SPjuplX5ZItUSr0MhXM7fNSX50BD6G8IO0/djUcdMUcjTjGv73SxB9ZzLvxnhXuUJbzEJJJLj6qajyEIVaJSa73vA33JCD8qzarrsuITojVLPDFmeHwSAoB5dP86yop6e6ypuXzKxxef6yNXcE8oTj8UFYBIXsgIP2nBvWk41EaK0Vk3YFl</public-key>\n"
- " </public-key>\n"
- " </inline-definition>\n"
- " </public-keys>\n"
- " </user>\n"
- " <user>\n"
- " <name>test_int</name>\n"
- " <keyboard-interactive xmlns=\"urn:cesnet:libnetconf2-netconf-server\">\n"
- " <pam-config-file-name>netconf.conf</pam-config-file-name>\n"
- " <pam-config-file-dir>" BUILD_DIR "/tests</pam-config-file-dir>\n"
- " </keyboard-interactive>\n"
- " </user>\n"
- " <user>\n"
- " <name>test_pw</name>\n"
- " <password>$6$xyz$lomVe5tZ2Gz9uSKKywzXuPcHhqjIByhBbqdUTx/jAwUnw7JRp7QHd4ORiEVqxeZg1NEJkHux.mETo9BFPSh1x.</password>\n"
- " </user>\n"
- " <user>\n"
- " <name>test_none</name>\n"
- " <none/>\n"
- " </user>\n"
- " </users>\n"
- " </client-authentication>\n"
- " <transport-params>\n"
- " <host-key>\n"
- " <host-key-alg xmlns:sshpka=\"urn:ietf:params:xml:ns:yang:iana-ssh-public-key-algs\">sshpka:rsa-sha2-512</host-key-alg>\n"
- " </host-key>\n"
- " <key-exchange>\n"
- " <key-exchange-alg xmlns:sshkea=\"urn:ietf:params:xml:ns:yang:iana-ssh-key-exchange-algs\">sshkea:curve25519-sha256</key-exchange-alg>\n"
- " </key-exchange>\n"
- " <encryption>\n"
- " <encryption-alg xmlns:sshea=\"urn:ietf:params:xml:ns:yang:iana-ssh-encryption-algs\">sshea:aes256-ctr</encryption-alg>\n"
- " </encryption>\n"
- " <mac>\n"
- " <mac-alg xmlns:sshma=\"urn:ietf:params:xml:ns:yang:iana-ssh-mac-algs\">sshma:hmac-sha2-512</mac-alg>\n"
- " </mac>\n"
- " </transport-params>\n"
- " </ssh-server-parameters>\n"
- " </ssh>\n"
- " </endpoint>\n"
- " </listen>\n"
- "</netconf-server>\n";
-
static void *
server_thread(void *arg)
{
@@ -368,7 +292,7 @@
setup_f(void **state)
{
int ret;
- struct lyd_node *tree;
+ struct lyd_node *tree = NULL;
struct test_state *test_state;
nc_verbosity(NC_VERB_VERBOSE);
@@ -391,12 +315,26 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- /* parse yang data */
- ret = lyd_parse_data_mem(ctx, data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "test_pk", "pubkey", TESTS_DIR "/data/key_rsa.pub", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_interactive(ctx, "endpt", "test_int", "netconf.conf", BUILD_DIR "/tests", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_password(ctx, "endpt", "test_pw", "testpw", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_none(ctx, "endpt", "test_none", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
diff --git a/tests/test_ch.c b/tests/test_ch.c
index c87d089..7e8f72d 100644
--- a/tests/test_ch.c
+++ b/tests/test_ch.c
@@ -35,6 +35,7 @@
struct test_state {
pthread_barrier_t barrier;
+ struct lyd_node *tree;
};
/* acquire ctx cb for dispatch */
@@ -73,12 +74,9 @@
int ret;
struct test_state *state = arg;
struct nc_pollsession *ps;
- struct lyd_node *tree = NULL;
-
- (void) arg;
/* prepare data for deleting the call-home client */
- ret = nc_server_config_new_del_ch_client(ctx, "ch", &tree);
+ ret = nc_server_config_new_del_ch_client(ctx, "ch", &state->tree);
assert_int_equal(ret, 0);
/* new poll session */
@@ -100,10 +98,9 @@
} while (!(ret & NC_PSPOLL_SESSION_TERM));
/* delete the call-home client, the thread should end */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(state->tree);
assert_int_equal(ret, 0);
- lyd_free_tree(tree);
nc_ps_clear(ps, 1, NULL);
nc_ps_free(ps);
nc_server_destroy();
@@ -173,7 +170,6 @@
setup_f(void **state)
{
int ret;
- struct lyd_node *tree = NULL;
struct test_state *test_state;
nc_verbosity(NC_VERB_VERBOSE);
@@ -185,6 +181,7 @@
ret = pthread_barrier_init(&test_state->barrier, NULL, 2);
assert_int_equal(ret, 0);
+ test_state->tree = NULL;
*state = test_state;
/* create new context */
@@ -199,25 +196,23 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ch_address_port(ctx, "ch", "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &tree);
+ ret = nc_server_config_new_ch_address_port(ctx, "ch", "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &test_state->tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_ch_hostkey(ctx, "ch", "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
+ ret = nc_server_config_new_ssh_ch_hostkey(ctx, "ch", "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &test_state->tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_ch_client_auth_pubkey(ctx, "ch", "endpt", "test_ch", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
+ ret = nc_server_config_new_ssh_ch_client_auth_pubkey(ctx, "ch", "endpt", "test_ch", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &test_state->tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(test_state->tree);
assert_int_equal(ret, 0);
/* initialize server */
ret = nc_server_init();
assert_int_equal(ret, 0);
- lyd_free_all(tree);
-
return 0;
}
@@ -233,6 +228,8 @@
ret = pthread_barrier_destroy(&test_state->barrier);
assert_int_equal(ret, 0);
+ lyd_free_tree(test_state->tree);
+
free(*state);
nc_client_destroy();
ly_ctx_destroy(ctx);
diff --git a/tests/test_config_new.c b/tests/test_config_new.c
index bfdd110..7b71f0c 100644
--- a/tests/test_config_new.c
+++ b/tests/test_config_new.c
@@ -154,7 +154,7 @@
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", "10005", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
/* create the host-key algorithms data */
@@ -166,7 +166,7 @@
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
diff --git a/tests/test_crl.c b/tests/test_crl.c
index db8d83c..126fda9 100644
--- a/tests/test_crl.c
+++ b/tests/test_crl.c
@@ -144,7 +144,7 @@
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", "10005", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
/* create new server certificate data */
@@ -182,7 +182,7 @@
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
diff --git a/tests/test_ec.c b/tests/test_ec.c
index a8b67be..0365816 100644
--- a/tests/test_ec.c
+++ b/tests/test_ec.c
@@ -216,7 +216,7 @@
ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10009, &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "test_ec256", "pubkey", TESTS_DIR "/data/id_ecdsa256.pub", &tree);
@@ -229,7 +229,7 @@
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
/* initialize server */
diff --git a/tests/test_ed25519.c b/tests/test_ed25519.c
index 96c0953..2767ede 100644
--- a/tests/test_ed25519.c
+++ b/tests/test_ed25519.c
@@ -153,14 +153,14 @@
ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/server.key", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10009, &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "test_ed25519", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
/* initialize server */
diff --git a/tests/test_endpt_share_clients.c b/tests/test_endpt_share_clients.c
index 7ba8e8c..f0c2f75 100644
--- a/tests/test_endpt_share_clients.c
+++ b/tests/test_endpt_share_clients.c
@@ -196,7 +196,7 @@
ret = nc_server_config_new_ssh_hostkey(ctx, "SSH_endpt_1", "hostkey", TESTS_DIR "/data/key_rsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "SSH_endpt_1", NC_TI_LIBSSH, "127.0.0.1", "10005", &tree);
+ ret = nc_server_config_new_address_port(ctx, "SSH_endpt_1", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
ret = nc_config_new_ssh_endpoint_client_reference(ctx, "SSH_endpt_1", "SSH_endpt_2", &tree);
@@ -206,14 +206,14 @@
ret = nc_server_config_new_ssh_hostkey(ctx, "SSH_endpt_2", "hostkey", TESTS_DIR "/data/key_rsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "SSH_endpt_2", NC_TI_LIBSSH, "127.0.0.1", "10006", &tree);
+ ret = nc_server_config_new_address_port(ctx, "SSH_endpt_2", NC_TI_LIBSSH, "127.0.0.1", 10006, &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "SSH_endpt_2", "client", "pubkey", TESTS_DIR "/data/key_rsa.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
/* initialize the server */
@@ -260,7 +260,7 @@
TESTS_DIR "/data/server.key", TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "TLS_endpt_1", NC_TI_OPENSSL, "127.0.0.1", "10007", &tree);
+ ret = nc_server_config_new_address_port(ctx, "TLS_endpt_1", NC_TI_OPENSSL, "127.0.0.1", 10007, &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_new_tls_client_certificate(ctx, "TLS_endpt_1", "cert_client", TESTS_DIR "/data/client.crt", &tree);
@@ -279,14 +279,14 @@
TESTS_DIR "/data/server.key", TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "TLS_endpt_2", NC_TI_OPENSSL, "127.0.0.1", "10008", &tree);
+ ret = nc_server_config_new_address_port(ctx, "TLS_endpt_2", NC_TI_OPENSSL, "127.0.0.1", 10008, &tree);
assert_int_equal(ret, 0);
ret = nc_config_new_tls_endpoint_client_reference(ctx, "TLS_endpt_2", "TLS_endpt_1", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
/* initialize the server */
diff --git a/tests/test_keystore.c b/tests/test_ks_ts.c
similarity index 90%
rename from tests/test_keystore.c
rename to tests/test_ks_ts.c
index 48322a3..fb179e0 100644
--- a/tests/test_keystore.c
+++ b/tests/test_ks_ts.c
@@ -1,10 +1,10 @@
/**
- * @file test_keystore.c
+ * @file test_ks_ts.c
* @author Roman Janota <xjanot04@fit.vutbr.cz>
- * @brief libnetconf2 Linux PAM keyboard-interactive authentication test
+ * @brief libnetconf2 Keystore and trustore usage test.
*
* @copyright
- * Copyright (c) 2022 CESNET, z.s.p.o.
+ * Copyright (c) 2023 CESNET, z.s.p.o.
*
* This source code is licensed under BSD 3-Clause License (the "License").
* You may not use this file except in compliance with the License.
@@ -136,7 +136,7 @@
}
static void *
-client_thread_pubkey(void *arg)
+client_thread(void *arg)
{
int ret;
struct nc_session *session = NULL;
@@ -148,14 +148,10 @@
ret = nc_client_set_schema_searchpath(MODULES_DIR);
assert_int_equal(ret, 0);
- ret = nc_client_ssh_set_username("test_ts");
+ ret = nc_client_ssh_set_username("client");
assert_int_equal(ret, 0);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PUBLICKEY, 1);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PASSWORD, -1);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, -1);
-
- ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_rsa.pub", TESTS_DIR "/data/key_rsa");
+ ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/id_ed25519.pub", TESTS_DIR "/data/id_ed25519");
assert_int_equal(ret, 0);
pthread_barrier_wait(&state->barrier);
@@ -167,14 +163,14 @@
}
static void
-test_nc_auth_pubkey(void **state)
+test_nc_ks_ts(void **state)
{
int ret, i;
pthread_t tids[2];
assert_non_null(state);
- ret = pthread_create(&tids[0], NULL, client_thread_pubkey, *state);
+ ret = pthread_create(&tids[0], NULL, client_thread, *state);
assert_int_equal(ret, 0);
ret = pthread_create(&tids[1], NULL, server_thread, *state);
assert_int_equal(ret, 0);
@@ -188,7 +184,7 @@
setup_f(void **state)
{
int ret;
- struct lyd_node *tree;
+ struct lyd_node *tree = NULL;
struct test_state *test_state;
nc_verbosity(NC_VERB_VERBOSE);
@@ -211,12 +207,23 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- /* parse yang data */
- ret = lyd_parse_data_mem(ctx, data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_keystore_reference(ctx, "endpt", "hostkey", "test_keystore", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_truststore_reference(ctx, "endpt", "client", "test_truststore", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_keystore_asym_key(ctx, "test_keystore", TESTS_DIR "/data/key_rsa", NULL, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_truststore_pubkey(ctx, "test_truststore", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
@@ -251,7 +258,7 @@
main(void)
{
const struct CMUnitTest tests[] = {
- cmocka_unit_test_setup_teardown(test_nc_auth_pubkey, setup_f, teardown_f),
+ cmocka_unit_test_setup_teardown(test_nc_ks_ts, setup_f, teardown_f),
};
setenv("CMOCKA_TEST_ABORT", "1", 1);
diff --git a/tests/test_replace.c b/tests/test_replace.c
index 6f43d40..2fba3bd 100644
--- a/tests/test_replace.c
+++ b/tests/test_replace.c
@@ -167,7 +167,7 @@
assert_int_equal(ret, 0);
/* set ssh username */
- ret = nc_client_ssh_set_username("new_user");
+ ret = nc_client_ssh_set_username("new_client");
assert_int_equal(ret, 0);
/* add client's key pair */
@@ -233,16 +233,26 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- /* parse yang data */
- ret = lyd_parse_data_mem(ctx, old_data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &old_tree);
+ ret = nc_server_config_new_address_port(ctx, "old", NC_TI_LIBSSH, "127.0.0.1", 10005, &old_tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_hostkey(ctx, "old", "old_key", TESTS_DIR "/data/key_rsa", NULL, &old_tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_password(ctx, "old", "old_client", "passwd", &old_tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data, treat them as if every node had replace operation */
ret = nc_server_config_setup_data(old_tree);
assert_int_equal(ret, 0);
- /* parse the new yang data */
- ret = lyd_parse_data_mem(ctx, new_data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &new_tree);
+ ret = nc_server_config_new_address_port(ctx, "new", NC_TI_LIBSSH, "127.0.0.1", 10005, &new_tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_hostkey(ctx, "new", "new_key", TESTS_DIR "/data/key_rsa", NULL, &new_tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "new", "new_client", "pubkey", TESTS_DIR "/data/key_rsa.pub", &new_tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data, meaning
diff --git a/tests/test_tls.c b/tests/test_tls.c
index ba427d7..90970ee 100644
--- a/tests/test_tls.c
+++ b/tests/test_tls.c
@@ -138,7 +138,7 @@
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", "10005", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
/* create new server certificate data */
@@ -168,7 +168,7 @@
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
diff --git a/tests/test_truststore.c b/tests/test_truststore.c
deleted file mode 100644
index 9ed4143..0000000
--- a/tests/test_truststore.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/**
- * @file test_truststore.c
- * @author Roman Janota <xjanot04@fit.vutbr.cz>
- * @brief libnetconf2 Truststore configuration and authentication test.
- *
- * @copyright
- * Copyright (c) 2023 CESNET, z.s.p.o.
- *
- * This source code is licensed under BSD 3-Clause License (the "License").
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://opensource.org/licenses/BSD-3-Clause
- */
-
-#define _GNU_SOURCE
-
-#include <errno.h>
-#include <pthread.h>
-#include <setjmp.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <cmocka.h>
-
-#include "tests/config.h"
-
-#define NC_ACCEPT_TIMEOUT 2000
-#define NC_PS_POLL_TIMEOUT 2000
-
-struct ly_ctx *ctx;
-
-struct test_state {
- pthread_barrier_t barrier;
-};
-
-const char *data =
- "<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\" xmlns:yang=\"urn:ietf:params:xml:ns:yang:1\" yang:operation=\"none\">\n"
- " <listen yang:operation=\"create\">\n"
- " <idle-timeout>10</idle-timeout>\n"
- " <endpoint>\n"
- " <name>default-ssh</name>\n"
- " <ssh>\n"
- " <tcp-server-parameters>\n"
- " <local-address>127.0.0.1</local-address>\n"
- " <local-port>10005</local-port>\n"
- " </tcp-server-parameters>\n"
- " <ssh-server-parameters>\n"
- " <server-identity>\n"
- " <host-key>\n"
- " <name>key</name>\n"
- " <public-key>\n"
- " <inline-definition>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQ==</public-key>\n"
- " <private-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:rsa-private-key-format</private-key-format>\n"
- " <cleartext-private-key>MIIJKAIBAAKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQKCAgAeRZw75Oszoqj0jfMmMILdD3Cfad+dY3FvLESYESeyt0XAX8XoOed6ymQj1qPGxQGGkkBvPEgv1b3jrC8Rhfb3Ct39Z7mRpTar5iHhwwBUboBTUmQ0vR173iAHX8sw2Oa17mCO/CDlr8Fu4Xcom7r3vlVBepo72VSjpPYMjN0MANjwhEi3NCyWzTXBRgUK3TuZbzfzto0w2Irlpx0S7dAqxfk70jXBgwv2vSDWKfg1lL1X0BkMVX98xpMkcjMW2muSqp4KBtTma4GqT6z0f7Y1Bs3lGLZmvPlBXxQVVvkFtiQsENCtSd/h17Gk2mb4EbReaaBzwCYqJdRWtlpJ54kzy8U00co+Yn//ZS7sbbIDkqHPnXkpdIr+0rEDMlOw2Y3vRZCxqZFqfWCW0uzhwKqk2VoYqtDL+ORKG/aG/KTBQ4Y71Uh+7aabPwj5R+NaVMjbqmrVeH70eKjoNVgcNYY1C9rGVF1d+LQEm7UsqS0DPp4wN9QKLAqIfuarAhQBhZy1R7Sj1r5macD9DsGxsurM4mHZV0LNmYLZiFHjTUb6iRSPD5RBFW80vcNtxZ0cxmkLtxrj/DVyExV11Cl0SbZLLa9mScYvxdl/qZutXt3PQyab0NiYxGzCD2RnLkCyxkh1vuHHjhvIWYfbd2VgZB/qGr+o9T07FGfMCu23//fugQKCAQEA9UH38glH/rAjZ431sv6ryUEFY8I2FyLTijtvoj9CNGcQn8vJQAHvUPfMdyqDoum6wgcTmG+UXA6mZzpGQCiY8JW5CoItgXRoYgNzpvVVe2aLf51QGtNLLEFpNDMpCtI+I+COpAmGvWAukku0pZfRjm9eb1ydvTpHlFC9+VhVUsLzw3VtSC5PVW6r65mZcYcB6SFVPap+31ENP/9jOMFoymh57lSMZJMxTEA5b0l2miFb9Rp906Zqiud5zv2jIqF6gL70giW3ovVxR7LGKKTKIa9pxawHwB6Ithygs7YoJkjF2dm8pZTMZKsQN92K70XGj07SmYRLZpkVD7i+cqbbKQKCAQEA9M6580Rcw6W0twfcy0/iB4U5ZS52EcCjW8vHlL+MpUo7YvXadSgV1ZaM28zW/ZGk3wE0zy1YT5s30SQkm0NiWN3t/J0l19ccAOxlPWfjhF7vIQZr7XMo5HeaK0Ak5+68J6bx6KgcXmlJOup7INaE8DyGXB6vd4K6957IXyqs3/bfJAUmz49hnveCfLFdTVVT/Uq4IoPKfQSbSZc0BvPBsnBCF164l4jllGBaWS302dhgW4cgxzG0SZGgNwow4AhB+ygiiS8yvOa7UcHfUObVrzWeeq9mYSQ1PkvUTjkWR2/Y8xy7WP0TRBdJOVSs90H51lerEDGNQWvQvI97S9ZOsQKCAQB59u9lpuXtqwxAQCFyfSFSuQoEHR2nDcOjF4GhbtHum15yCPaw5QVs/33nuPWze4ZLXReKk9p0mTh5V0p+N3IvGlXl+uzEVu5d55eI7LIw5sLymHmwjWjxvimiMtrzLbCHSPHGc5JU9NLUH9/bBY/JxGpy+NzcsHHOOQTwTdRIjviIOAo7fgQn2RyX0k+zXE8/7zqjqvji9zyemdNu8we4uJICSntyvJwkbj/hrufTKEnBrwXpzfVn1EsH+6w32ZPBGLUhT75txJ8r56SRq7l1XPU9vxovmT+lSMFF/Y0j1MbHWnds5H1shoFPNtYTvWBL/gfPHjIc+H23zsiu3XlZAoIBAC2xB/Pnpoi9vOUMiqFH36AXtYa1DURy+AqCFlYlClMvb7YgvQ1w1eJvnwrHSLk7HdKhnwGsLPduuRRH8q0n/osnoOutSQroE0n41UyIv2ZNccRwNmSzQcairBu2dSz02hlsh2otNl5IuGpOqXyPjXBpW4qGD6n2tH7THALnLC0BHtTSQVQsJsRM3gX39LoiWvLDp2qJvplm6rTpi8Rgap6rZSqHe1yNKIxxD2vlr/WY9SMgLXYASO4SSBz9wfGOmQIPk6KXNJkdV4kC7nNjIi75iwLLCgjHgUiHTrDq5sWekpeNnUoWsinbTsdsjnv3zHG9GyiClyLGxMbs4M5eyYECggEBAKuC8ZMpdIrjk6tERYB6g0LnQ7mW8XYbDFAmLYMLs9yfG2jcjVbsW9Kugsr+3poUUv/q+hNO3jfY4HazhZDa0MalgNPoSwr/VNRnkck40x2ovFb989J7yl++zTrnIrax9XRH1V0cNu+Kj7OMwZ2RRfbNv5JBdOZPvkfqyIKFmbQgYbtD66rHuzNOfJpzqr/WVLO57/zzW8245NKG2B6B0oXkei/KqDY0DAbHR3i3EOj1NPtVI1FC/xX8R9BREaid458bqoHJKuInrGcBjaUI9Cvymv8TbstUgD6NPbJR4Sm6vrLeUqzjWZP3t1+Z6DjXmnpR2vvhMU/FWb//21p/88o=</cleartext-private-key>\n"
- " </inline-definition>\n"
- " </public-key>\n"
- " </host-key>\n"
- " </server-identity>\n"
- " <client-authentication>\n"
- " <users>\n"
- " <user>\n"
- " <name>test_truststore</name>\n"
- " <public-keys>\n"
- " <truststore-reference>test_truststore</truststore-reference>\n"
- " </public-keys>\n"
- " </user>\n"
- " </users>\n"
- " </client-authentication>\n"
- " <transport-params>\n"
- " <host-key>\n"
- " <host-key-alg xmlns:sshpka=\"urn:ietf:params:xml:ns:yang:iana-ssh-public-key-algs\">sshpka:rsa-sha2-512</host-key-alg>\n"
- " </host-key>\n"
- " <key-exchange>\n"
- " <key-exchange-alg xmlns:sshkea=\"urn:ietf:params:xml:ns:yang:iana-ssh-key-exchange-algs\">sshkea:curve25519-sha256</key-exchange-alg>\n"
- " </key-exchange>\n"
- " <encryption>\n"
- " <encryption-alg xmlns:sshea=\"urn:ietf:params:xml:ns:yang:iana-ssh-encryption-algs\">sshea:aes256-ctr</encryption-alg>\n"
- " </encryption>\n"
- " <mac>\n"
- " <mac-alg xmlns:sshma=\"urn:ietf:params:xml:ns:yang:iana-ssh-mac-algs\">sshma:hmac-sha2-512</mac-alg>\n"
- " </mac>\n"
- " </transport-params>\n"
- " </ssh-server-parameters>\n"
- " </ssh>\n"
- " </endpoint>\n"
- " </listen>\n"
- "</netconf-server>\n"
- "\n"
- "<truststore xmlns=\"urn:ietf:params:xml:ns:yang:ietf-truststore\" xmlns:yang=\"urn:ietf:params:xml:ns:yang:1\" yang:operation=\"create\">\n"
- " <public-key-bags>\n"
- " <public-key-bag>\n"
- " <name>test_truststore</name>\n"
- " <description>Let's hope this works</description>\n"
- " <public-key>\n"
- " <name>pubkey</name>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>AAAAB3NzaC1yc2EAAAADAQABAAABAQDPavVALiM7QwTIUAndO8E9GOkSDQWjuEwkzbJ3kOBPa7kkq71UOZFeecDjFb9eipkljfFys/JYHGQaYVF8/svT0KV5h7HlutRdF6yvqSEbjpbTORb27pdHX3iFEyDCwCIoq9vMeX+wyXnteyn01GpIL0ig0WAnvkqX/SPjuplX5ZItUSr0MhXM7fNSX50BD6G8IO0/djUcdMUcjTjGv73SxB9ZzLvxnhXuUJbzEJJJLj6qajyEIVaJSa73vA33JCD8qzarrsuITojVLPDFmeHwSAoB5dP86yop6e6ypuXzKxxef6yNXcE8oTj8UFYBIXsgIP2nBvWk41EaK0Vk3YFl</public-key>\n"
- " </public-key>\n"
- " </public-key-bag>\n"
- " </public-key-bags>\n"
- "</truststore>\n"
-;
-
-static void *
-server_thread(void *arg)
-{
- int ret;
- NC_MSG_TYPE msgtype;
- struct nc_session *session;
- struct nc_pollsession *ps;
- struct test_state *state = arg;
-
- ps = nc_ps_new();
- assert_non_null(ps);
-
- /* accept a session and add it to the poll session structure */
- pthread_barrier_wait(&state->barrier);
- msgtype = nc_accept(NC_ACCEPT_TIMEOUT, ctx, &session);
- assert_int_equal(msgtype, NC_MSG_HELLO);
-
- ret = nc_ps_add_session(ps, session);
- assert_int_equal(ret, 0);
-
- do {
- ret = nc_ps_poll(ps, NC_PS_POLL_TIMEOUT, NULL);
- assert_int_equal(ret & NC_PSPOLL_RPC, NC_PSPOLL_RPC);
- } while (!(ret & NC_PSPOLL_SESSION_TERM));
-
- nc_ps_clear(ps, 1, NULL);
- nc_ps_free(ps);
- return NULL;
-}
-
-static void *
-client_thread(void *arg)
-{
- int ret;
- struct nc_session *session = NULL;
- struct test_state *state = arg;
-
- /* skip all hostkey and known_hosts checks */
- nc_client_ssh_set_knownhosts_mode(NC_SSH_KNOWNHOSTS_SKIP);
-
- /* set directory where to search for modules */
- ret = nc_client_set_schema_searchpath(MODULES_DIR);
- assert_int_equal(ret, 0);
-
- /* set ssh username */
- ret = nc_client_ssh_set_username("test_truststore");
- assert_int_equal(ret, 0);
-
- /* add client's key pair */
- ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_rsa.pub", TESTS_DIR "/data/key_rsa");
- assert_int_equal(ret, 0);
-
- pthread_barrier_wait(&state->barrier);
- /* connect */
- session = nc_connect_ssh("127.0.0.1", 10005, NULL);
- assert_non_null(session);
-
- nc_session_free(session, NULL);
- return NULL;
-}
-
-static void
-test_nc_auth_truststore(void **state)
-{
- int ret, i;
- pthread_t tids[2];
-
- assert_non_null(state);
-
- ret = pthread_create(&tids[0], NULL, client_thread, *state);
- assert_int_equal(ret, 0);
- ret = pthread_create(&tids[1], NULL, server_thread, *state);
- assert_int_equal(ret, 0);
-
- for (i = 0; i < 2; i++) {
- pthread_join(tids[i], NULL);
- }
-}
-
-static int
-setup_f(void **state)
-{
- int ret;
- struct lyd_node *tree;
- struct test_state *test_state;
-
- nc_verbosity(NC_VERB_VERBOSE);
-
- /* init barrier */
- test_state = malloc(sizeof *test_state);
- assert_non_null(test_state);
-
- ret = pthread_barrier_init(&test_state->barrier, NULL, 2);
- assert_int_equal(ret, 0);
-
- *state = test_state;
-
- /* create new context */
- ret = ly_ctx_new(MODULES_DIR, 0, &ctx);
- assert_int_equal(ret, 0);
-
- /* load default modules into context */
- ret = nc_server_init_ctx(&ctx);
- assert_int_equal(ret, 0);
-
- /* load ietf-netconf-server module and it's imports into context */
- ret = nc_server_config_load_modules(&ctx);
- assert_int_equal(ret, 0);
-
- /* parse yang data */
- ret = lyd_parse_data_mem(ctx, data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
- assert_int_equal(ret, 0);
-
- /* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
- assert_int_equal(ret, 0);
-
- /* initialize server */
- ret = nc_server_init();
- assert_int_equal(ret, 0);
-
- lyd_free_all(tree);
-
- return 0;
-}
-
-static int
-teardown_f(void **state)
-{
- int ret = 0;
- struct test_state *test_state;
-
- assert_non_null(state);
- test_state = *state;
-
- ret = pthread_barrier_destroy(&test_state->barrier);
- assert_int_equal(ret, 0);
-
- free(*state);
- nc_client_destroy();
- nc_server_destroy();
- ly_ctx_destroy(ctx);
-
- return 0;
-}
-
-int
-main(void)
-{
- const struct CMUnitTest tests[] = {
- cmocka_unit_test_setup_teardown(test_nc_auth_truststore, setup_f, teardown_f),
- };
-
- setenv("CMOCKA_TEST_ABORT", "1", 1);
- return cmocka_run_group_tests(tests, NULL, NULL);
-}
diff --git a/tests/test_two_channels.c b/tests/test_two_channels.c
index 16e17d2..801264d 100644
--- a/tests/test_two_channels.c
+++ b/tests/test_two_channels.c
@@ -1,10 +1,10 @@
/**
- * @file test_pam.c
+ * @file test_two_channels.c
* @author Roman Janota <xjanot04@fit.vutbr.cz>
- * @brief libnetconf2 Linux PAM keyboard-interactive authentication test
+ * @brief libnetconf2 Openning a new session on an established SSH channel test.
*
* @copyright
- * Copyright (c) 2022 CESNET, z.s.p.o.
+ * Copyright (c) 2023 CESNET, z.s.p.o.
*
* This source code is licensed under BSD 3-Clause License (the "License").
* You may not use this file except in compliance with the License.
@@ -32,80 +32,6 @@
#define BACKOFF_TIMEOUT_USECS 100
struct ly_ctx *ctx;
-int flag = 0;
-
-const char *data =
- "<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\" xmlns:yang=\"urn:ietf:params:xml:ns:yang:1\" yang:operation=\"none\">\n"
- " <listen yang:operation=\"create\">\n"
- " <idle-timeout>10</idle-timeout>\n"
- " <endpoint>\n"
- " <name>default-ssh</name>\n"
- " <ssh>\n"
- " <tcp-server-parameters>\n"
- " <local-address>127.0.0.1</local-address>\n"
- " <local-port>10005</local-port>\n"
- " </tcp-server-parameters>\n"
- " <ssh-server-parameters>\n"
- " <server-identity>\n"
- " <host-key>\n"
- " <name>key</name>\n"
- " <public-key>\n"
- " <inline-definition>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQ==</public-key>\n"
- " <private-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:rsa-private-key-format</private-key-format>\n"
- " <cleartext-private-key>MIIJKAIBAAKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQKCAgAeRZw75Oszoqj0jfMmMILdD3Cfad+dY3FvLESYESeyt0XAX8XoOed6ymQj1qPGxQGGkkBvPEgv1b3jrC8Rhfb3Ct39Z7mRpTar5iHhwwBUboBTUmQ0vR173iAHX8sw2Oa17mCO/CDlr8Fu4Xcom7r3vlVBepo72VSjpPYMjN0MANjwhEi3NCyWzTXBRgUK3TuZbzfzto0w2Irlpx0S7dAqxfk70jXBgwv2vSDWKfg1lL1X0BkMVX98xpMkcjMW2muSqp4KBtTma4GqT6z0f7Y1Bs3lGLZmvPlBXxQVVvkFtiQsENCtSd/h17Gk2mb4EbReaaBzwCYqJdRWtlpJ54kzy8U00co+Yn//ZS7sbbIDkqHPnXkpdIr+0rEDMlOw2Y3vRZCxqZFqfWCW0uzhwKqk2VoYqtDL+ORKG/aG/KTBQ4Y71Uh+7aabPwj5R+NaVMjbqmrVeH70eKjoNVgcNYY1C9rGVF1d+LQEm7UsqS0DPp4wN9QKLAqIfuarAhQBhZy1R7Sj1r5macD9DsGxsurM4mHZV0LNmYLZiFHjTUb6iRSPD5RBFW80vcNtxZ0cxmkLtxrj/DVyExV11Cl0SbZLLa9mScYvxdl/qZutXt3PQyab0NiYxGzCD2RnLkCyxkh1vuHHjhvIWYfbd2VgZB/qGr+o9T07FGfMCu23//fugQKCAQEA9UH38glH/rAjZ431sv6ryUEFY8I2FyLTijtvoj9CNGcQn8vJQAHvUPfMdyqDoum6wgcTmG+UXA6mZzpGQCiY8JW5CoItgXRoYgNzpvVVe2aLf51QGtNLLEFpNDMpCtI+I+COpAmGvWAukku0pZfRjm9eb1ydvTpHlFC9+VhVUsLzw3VtSC5PVW6r65mZcYcB6SFVPap+31ENP/9jOMFoymh57lSMZJMxTEA5b0l2miFb9Rp906Zqiud5zv2jIqF6gL70giW3ovVxR7LGKKTKIa9pxawHwB6Ithygs7YoJkjF2dm8pZTMZKsQN92K70XGj07SmYRLZpkVD7i+cqbbKQKCAQEA9M6580Rcw6W0twfcy0/iB4U5ZS52EcCjW8vHlL+MpUo7YvXadSgV1ZaM28zW/ZGk3wE0zy1YT5s30SQkm0NiWN3t/J0l19ccAOxlPWfjhF7vIQZr7XMo5HeaK0Ak5+68J6bx6KgcXmlJOup7INaE8DyGXB6vd4K6957IXyqs3/bfJAUmz49hnveCfLFdTVVT/Uq4IoPKfQSbSZc0BvPBsnBCF164l4jllGBaWS302dhgW4cgxzG0SZGgNwow4AhB+ygiiS8yvOa7UcHfUObVrzWeeq9mYSQ1PkvUTjkWR2/Y8xy7WP0TRBdJOVSs90H51lerEDGNQWvQvI97S9ZOsQKCAQB59u9lpuXtqwxAQCFyfSFSuQoEHR2nDcOjF4GhbtHum15yCPaw5QVs/33nuPWze4ZLXReKk9p0mTh5V0p+N3IvGlXl+uzEVu5d55eI7LIw5sLymHmwjWjxvimiMtrzLbCHSPHGc5JU9NLUH9/bBY/JxGpy+NzcsHHOOQTwTdRIjviIOAo7fgQn2RyX0k+zXE8/7zqjqvji9zyemdNu8we4uJICSntyvJwkbj/hrufTKEnBrwXpzfVn1EsH+6w32ZPBGLUhT75txJ8r56SRq7l1XPU9vxovmT+lSMFF/Y0j1MbHWnds5H1shoFPNtYTvWBL/gfPHjIc+H23zsiu3XlZAoIBAC2xB/Pnpoi9vOUMiqFH36AXtYa1DURy+AqCFlYlClMvb7YgvQ1w1eJvnwrHSLk7HdKhnwGsLPduuRRH8q0n/osnoOutSQroE0n41UyIv2ZNccRwNmSzQcairBu2dSz02hlsh2otNl5IuGpOqXyPjXBpW4qGD6n2tH7THALnLC0BHtTSQVQsJsRM3gX39LoiWvLDp2qJvplm6rTpi8Rgap6rZSqHe1yNKIxxD2vlr/WY9SMgLXYASO4SSBz9wfGOmQIPk6KXNJkdV4kC7nNjIi75iwLLCgjHgUiHTrDq5sWekpeNnUoWsinbTsdsjnv3zHG9GyiClyLGxMbs4M5eyYECggEBAKuC8ZMpdIrjk6tERYB6g0LnQ7mW8XYbDFAmLYMLs9yfG2jcjVbsW9Kugsr+3poUUv/q+hNO3jfY4HazhZDa0MalgNPoSwr/VNRnkck40x2ovFb989J7yl++zTrnIrax9XRH1V0cNu+Kj7OMwZ2RRfbNv5JBdOZPvkfqyIKFmbQgYbtD66rHuzNOfJpzqr/WVLO57/zzW8245NKG2B6B0oXkei/KqDY0DAbHR3i3EOj1NPtVI1FC/xX8R9BREaid458bqoHJKuInrGcBjaUI9Cvymv8TbstUgD6NPbJR4Sm6vrLeUqzjWZP3t1+Z6DjXmnpR2vvhMU/FWb//21p/88o=</cleartext-private-key>\n"
- " </inline-definition>\n"
- " </public-key>\n"
- " </host-key>\n"
- " </server-identity>\n"
- " <client-authentication>\n"
- " <users>\n"
- " <user>\n"
- " <name>test1</name>\n"
- " <public-keys>\n"
- " <inline-definition>\n"
- " <public-key>\n"
- " <name>client</name>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>AAAAB3NzaC1yc2EAAAADAQABAAABAQDPavVALiM7QwTIUAndO8E9GOkSDQWjuEwkzbJ3kOBPa7kkq71UOZFeecDjFb9eipkljfFys/JYHGQaYVF8/svT0KV5h7HlutRdF6yvqSEbjpbTORb27pdHX3iFEyDCwCIoq9vMeX+wyXnteyn01GpIL0ig0WAnvkqX/SPjuplX5ZItUSr0MhXM7fNSX50BD6G8IO0/djUcdMUcjTjGv73SxB9ZzLvxnhXuUJbzEJJJLj6qajyEIVaJSa73vA33JCD8qzarrsuITojVLPDFmeHwSAoB5dP86yop6e6ypuXzKxxef6yNXcE8oTj8UFYBIXsgIP2nBvWk41EaK0Vk3YFl</public-key>\n"
- " </public-key>\n"
- " </inline-definition>\n"
- " </public-keys>\n"
- " </user>\n"
- " <user>\n"
- " <name>test2</name>\n"
- " <public-keys>\n"
- " <inline-definition>\n"
- " <public-key>\n"
- " <name>client</name>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>AAAAB3NzaC1yc2EAAAADAQABAAABAQDPavVALiM7QwTIUAndO8E9GOkSDQWjuEwkzbJ3kOBPa7kkq71UOZFeecDjFb9eipkljfFys/JYHGQaYVF8/svT0KV5h7HlutRdF6yvqSEbjpbTORb27pdHX3iFEyDCwCIoq9vMeX+wyXnteyn01GpIL0ig0WAnvkqX/SPjuplX5ZItUSr0MhXM7fNSX50BD6G8IO0/djUcdMUcjTjGv73SxB9ZzLvxnhXuUJbzEJJJLj6qajyEIVaJSa73vA33JCD8qzarrsuITojVLPDFmeHwSAoB5dP86yop6e6ypuXzKxxef6yNXcE8oTj8UFYBIXsgIP2nBvWk41EaK0Vk3YFl</public-key>\n"
- " </public-key>\n"
- " </inline-definition>\n"
- " </public-keys>\n"
- " </user>\n"
- " </users>\n"
- " </client-authentication>\n"
- " <transport-params>\n"
- " <host-key>\n"
- " <host-key-alg xmlns:sshpka=\"urn:ietf:params:xml:ns:yang:iana-ssh-public-key-algs\">sshpka:rsa-sha2-512</host-key-alg>\n"
- " </host-key>\n"
- " <key-exchange>\n"
- " <key-exchange-alg xmlns:sshkea=\"urn:ietf:params:xml:ns:yang:iana-ssh-key-exchange-algs\">sshkea:curve25519-sha256</key-exchange-alg>\n"
- " </key-exchange>\n"
- " <encryption>\n"
- " <encryption-alg xmlns:sshea=\"urn:ietf:params:xml:ns:yang:iana-ssh-encryption-algs\">sshea:aes256-ctr</encryption-alg>\n"
- " </encryption>\n"
- " <mac>\n"
- " <mac-alg xmlns:sshma=\"urn:ietf:params:xml:ns:yang:iana-ssh-mac-algs\">sshma:hmac-sha2-512</mac-alg>\n"
- " </mac>\n"
- " </transport-params>\n"
- " </ssh-server-parameters>\n"
- " </ssh>\n"
- " </endpoint>\n"
- " </listen>\n"
- "</netconf-server>\n";
static void *
server_thread(void *arg)
@@ -164,20 +90,22 @@
ret = nc_client_set_schema_searchpath(MODULES_DIR);
assert_int_equal(ret, 0);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PUBLICKEY, 1);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PASSWORD, -1);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, -1);
-
- ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_rsa.pub", TESTS_DIR "/data/key_rsa");
+ ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/id_ed25519.pub", TESTS_DIR "/data/id_ed25519");
assert_int_equal(ret, 0);
- ret = nc_client_ssh_set_username("test1");
+ ret = nc_client_ssh_set_username("client_1");
assert_int_equal(ret, 0);
session_cl1 = nc_connect_ssh("127.0.0.1", 10005, NULL);
assert_non_null(session_cl1);
- ret = nc_client_ssh_set_username("test2");
+ ret = nc_client_ssh_set_username("client_2");
+ assert_int_equal(ret, 0);
+
+ ret = nc_client_ssh_del_keypair(0);
+ assert_int_equal(ret, 0);
+
+ ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/id_ecdsa521.pub", TESTS_DIR "/data/id_ecdsa521");
assert_int_equal(ret, 0);
session_cl2 = nc_connect_ssh_channel(session_cl1, NULL);
@@ -211,7 +139,7 @@
setup_f(void **state)
{
int ret;
- struct lyd_node *tree;
+ struct lyd_node *tree = NULL;
(void) state;
@@ -226,10 +154,19 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = lyd_parse_data_mem(ctx, data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "client_1", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "client_2", "pubkey", TESTS_DIR "/data/id_ecdsa521.pub", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();