configuration UPDATE password, none & interactive
Added the API calls to create password, none and interactive YANG data
nodes for the client-authentication subtree.
diff --git a/src/config_new.c b/src/config_new.c
index b3ba1d2..edf290a 100644
--- a/src/config_new.c
+++ b/src/config_new.c
@@ -16,11 +16,13 @@
#define _GNU_SOURCE
#include <assert.h>
+#include <crypt.h>
#include <ctype.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <unistd.h>
#include <openssl/buffer.h>
#include <openssl/err.h>
@@ -33,6 +35,10 @@
#include "server_config.h"
#include "session_server.h"
+#if !defined (HAVE_CRYPT_R)
+extern pthread_mutex_t crypt_lock;
+#endif
+
static int
nc_server_config_ssh_new_get_keys(const char *privkey_path, const char *pubkey_path,
char **privkey, char **pubkey, EVP_PKEY **priv_pkey_p)
@@ -779,7 +785,7 @@
}
API int
-nc_server_config_ssh_new_user(const char *pubkey_path, const struct ly_ctx *ctx, const char *endpt_name,
+nc_server_config_ssh_new_client_auth_pubkey(const char *pubkey_path, const struct ly_ctx *ctx, const char *endpt_name,
const char *user_name, const char *pubkey_name, struct lyd_node **config)
{
int ret = 0;
@@ -843,3 +849,179 @@
free(pubkey);
return ret;
}
+
+API int
+nc_server_config_ssh_new_client_auth_password(const char *password, const struct ly_ctx *ctx, const char *endpt_name,
+ const char *user_name, struct lyd_node **config)
+{
+ int ret = 0;
+ char *tree_path = NULL, *hashed_pw = NULL;
+ struct lyd_node *new_tree;
+ const char *salt = "$6$idsizuippipk$";
+
+#ifdef HAVE_CRYPT_R
+ struct crypt_data cdata;
+#endif
+
+ /* prepare path where the leaf will get inserted */
+ asprintf(&tree_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "users/user[name='%s']", endpt_name, user_name);
+ if (!tree_path) {
+ ERRMEM;
+ ret = 1;
+ goto cleanup;
+ }
+
+ /* create all the nodes in the path if they weren't there */
+ ret = lyd_new_path(*config, ctx, tree_path, NULL, LYD_NEW_PATH_UPDATE, &new_tree);
+ if (ret) {
+ goto cleanup;
+ }
+ if (!*config) {
+ *config = new_tree;
+ }
+
+ /* find the node where the leaf will get inserted */
+ ret = lyd_find_path(*config, tree_path, 0, &new_tree);
+ if (ret) {
+ goto cleanup;
+ }
+
+#ifdef HAVE_CRYPT_R
+ cdata.initialized = 0;
+ hashed_pw = crypt_r(password, salt, &data);
+#else
+ pthread_mutex_lock(&crypt_lock);
+ hashed_pw = crypt(password, salt);
+ pthread_mutex_unlock(&crypt_lock);
+#endif
+
+ if (!hashed_pw) {
+ ERR(NULL, "Hashing password failed.");
+ ret = 1;
+ goto cleanup;
+ }
+
+ /* insert SHA-512 hashed password */
+ ret = lyd_new_term(new_tree, NULL, "password", hashed_pw, 0, NULL);
+ if (ret) {
+ goto cleanup;
+ }
+
+ /* Add all default nodes */
+ ret = lyd_new_implicit_tree(*config, LYD_IMPLICIT_NO_STATE, NULL);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(tree_path);
+ return ret;
+}
+
+API int
+nc_server_config_ssh_new_client_auth_none(const struct ly_ctx *ctx, const char *endpt_name,
+ const char *user_name, struct lyd_node **config)
+{
+ int ret = 0;
+ char *tree_path = NULL;
+ struct lyd_node *new_tree;
+
+ /* prepare path where the leaf will get inserted */
+ asprintf(&tree_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "users/user[name='%s']", endpt_name, user_name);
+ if (!tree_path) {
+ ERRMEM;
+ ret = 1;
+ goto cleanup;
+ }
+
+ /* create all the nodes in the path if they weren't there */
+ ret = lyd_new_path(*config, ctx, tree_path, NULL, LYD_NEW_PATH_UPDATE, &new_tree);
+ if (ret) {
+ goto cleanup;
+ }
+ if (!*config) {
+ *config = new_tree;
+ }
+
+ /* find the node where the leaf will get inserted */
+ ret = lyd_find_path(*config, tree_path, 0, &new_tree);
+ if (ret) {
+ goto cleanup;
+ }
+
+ /* insert none leaf */
+ ret = lyd_new_term(new_tree, NULL, "none", NULL, 0, NULL);
+ if (ret) {
+ goto cleanup;
+ }
+
+ /* Add all default nodes */
+ ret = lyd_new_implicit_tree(*config, LYD_IMPLICIT_NO_STATE, NULL);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(tree_path);
+ return ret;
+}
+
+API int
+nc_server_config_ssh_new_client_auth_interactive(const char *pam_config_name, const char *pam_config_dir,
+ const struct ly_ctx *ctx, const char *endpt_name,
+ const char *user_name, struct lyd_node **config)
+{
+ int ret = 0;
+ char *tree_path = NULL;
+ struct lyd_node *new_tree;
+
+ /* prepare path where the leaf will get inserted */
+ asprintf(&tree_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "users/user[name='%s']/libnetconf2-netconf-server:keyboard-interactive", endpt_name, user_name);
+ if (!tree_path) {
+ ERRMEM;
+ ret = 1;
+ goto cleanup;
+ }
+
+ /* create all the nodes in the path if they weren't there */
+ ret = lyd_new_path(*config, ctx, tree_path, NULL, LYD_NEW_PATH_UPDATE, &new_tree);
+ if (ret) {
+ goto cleanup;
+ }
+ if (!*config) {
+ *config = new_tree;
+ }
+
+ /* find the node where the leaf will get inserted */
+ ret = lyd_find_path(*config, tree_path, 0, &new_tree);
+ if (ret) {
+ goto cleanup;
+ }
+
+ /* insert file-name leaf */
+ ret = lyd_new_term(new_tree, NULL, "pam-config-file-name", pam_config_name, 0, NULL);
+ if (ret) {
+ goto cleanup;
+ }
+
+ if (pam_config_dir) {
+ /* insert file-path leaf */
+ ret = lyd_new_term(new_tree, NULL, "pam-config-file-dir", pam_config_dir, 0, NULL);
+ if (ret) {
+ goto cleanup;
+ }
+ }
+
+ /* Add all default nodes */
+ ret = lyd_new_implicit_tree(*config, LYD_IMPLICIT_NO_STATE, NULL);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(tree_path);
+ return ret;
+}
diff --git a/src/config_new.h b/src/config_new.h
index 3300256..cccda4d 100644
--- a/src/config_new.h
+++ b/src/config_new.h
@@ -136,7 +136,7 @@
int alg_count, ...);
/**
- * @brief Creates new YANG configuration data nodes for a user.
+ * @brief Creates new YANG configuration data nodes for a client, which supports the public key authentication method.
*
* @param[in] pubkey_path Path to a file containing the user's public key.
* @param[in] ctx libyang context.
@@ -150,9 +150,62 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_ssh_new_user(const char *pubkey_path, const struct ly_ctx *ctx, const char *endpt_name,
+int nc_server_config_ssh_new_client_auth_pubkey(const char *pubkey_path, const struct ly_ctx *ctx, const char *endpt_name,
const char *user_name, const char *pubkey_name, struct lyd_node **config);
+/**
+ * @brief Creates new YANG configuration data nodes for a client, which supports the password authentication method.
+ *
+ * This function sets the password for the given user.
+ *
+ * @param[in] password Cleartext user's password.
+ * @param[in] ctx libyang context.
+ * @param[in] endpt_name Arbitrary identifier of the endpoint.
+ * If an endpoint with this identifier already exists, it's user might be changed.
+ * @param[in] user_name Arbitrary identifier of the user.
+ * If an user with this identifier already exists, it's contents will be changed.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_ssh_new_client_auth_password(const char *password, const struct ly_ctx *ctx, const char *endpt_name,
+ const char *user_name, struct lyd_node **config);
+
+/**
+ * @brief Creates new YANG configuration data nodes for a client, which supports the none authentication method.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] endpt_name Arbitrary identifier of the endpoint.
+ * If an endpoint with this identifier already exists, it's user might be changed.
+ * @param[in] user_name Arbitrary identifier of the user.
+ * If an user with this identifier already exists, it's contents will be changed.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_ssh_new_client_auth_none(const struct ly_ctx *ctx, const char *endpt_name,
+ const char *user_name, struct lyd_node **config);
+
+/**
+ * @brief Creates new YANG configuration data nodes for a client, which supports the interactive authentication method.
+ *
+ * @param[in] pam_config_name Name of the PAM configuration file.
+ * @param[in] pam_config_name Optional. The absolute path to the directory in which the configuration file
+ * with the name conf_name is located. A newer version (>= 1.4) of PAM library is required to be able to specify
+ * the path. If NULL is passed, then the PAM's system directories will be searched (usually /etc/pam.d/).
+ * @param[in] ctx libyang context.
+ * @param[in] endpt_name Arbitrary identifier of the endpoint.
+ * If an endpoint with this identifier already exists, it's user might be changed.
+ * @param[in] user_name Arbitrary identifier of the user.
+ * If an user with this identifier already exists, it's contents will be changed.
+ * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
+ * Otherwise the new YANG data will be added to the previous data and may override it.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_ssh_new_client_auth_interactive(const char *pam_config_name, const char *pam_config_dir,
+ const struct ly_ctx *ctx, const char *endpt_name,
+ const char *user_name, struct lyd_node **config);
+
#ifdef __cplusplus
}
#endif