server session FEATURE callhome
Only SSH settings implemented,
the rest as prototypes only.
diff --git a/src/session_p.h b/src/session_p.h
index ce8aef5..5de37ca 100644
--- a/src/session_p.h
+++ b/src/session_p.h
@@ -211,6 +211,7 @@
struct ly_ctx *ctx; /**< libyang context of the session */
uint8_t flags; /**< various flags of the session - TODO combine with status and/or side */
#define NC_SESSION_SHAREDCTX 0x01
+#define NC_SESSION_CALLHOME 0x02
/* client side only data */
uint64_t msgid;
@@ -222,13 +223,13 @@
time_t last_rpc; /**< time the last RPC was received on this session */
#ifdef ENABLE_SSH
/* SSH session authenticated */
-# define NC_SESSION_SSH_AUTHENTICATED 0x02
+# define NC_SESSION_SSH_AUTHENTICATED 0x04
/* netconf subsystem requested */
-# define NC_SESSION_SSH_SUBSYS_NETCONF 0x04
+# define NC_SESSION_SSH_SUBSYS_NETCONF 0x08
/* new SSH message arrived */
-# define NC_SESSION_SSH_NEW_MSG 0x08
+# define NC_SESSION_SSH_NEW_MSG 0x10
/* this session is passed to nc_sshcb_msg() */
-# define NC_SESSION_SSH_MSG_CB 0x10
+# define NC_SESSION_SSH_MSG_CB 0x20
uint16_t ssh_auth_attempts; /**< number of failed SSH authentication attempts */
#endif
diff --git a/src/session_server.c b/src/session_server.c
index c27f34f..f1e464b 100644
--- a/src/session_server.c
+++ b/src/session_server.c
@@ -947,4 +947,79 @@
return -1;
}
+API int
+nc_connect_callhome(const char *host, uint16_t port, NC_TRANSPORT_IMPL ti, int timeout, struct nc_session **session)
+{
+ int sock, ret;
+
+ sock = nc_sock_connect(host, port);
+ if (sock == -1) {
+ goto fail;
+ }
+
+ *session = calloc(1, sizeof **session);
+ if (!(*session)) {
+ ERRMEM;
+ close(sock);
+ return -1;
+ }
+ (*session)->status = NC_STATUS_STARTING;
+ (*session)->side = NC_SERVER;
+ (*session)->ctx = server_opts.ctx;
+ (*session)->flags = NC_SESSION_SHAREDCTX | NC_SESSION_CALLHOME;
+ nc_ctx_lock(-1, NULL);
+ (*session)->host = lydict_insert(server_opts.ctx, host, 0);
+ nc_ctx_unlock();
+ (*session)->port = port;
+
+ /* transport lock */
+ (*session)->ti_lock = malloc(sizeof *(*session)->ti_lock);
+ if (!(*session)->ti_lock) {
+ ERRMEM;
+ close(sock);
+ ret = -1;
+ goto fail;
+ }
+ pthread_mutex_init((*session)->ti_lock, NULL);
+
+ /* sock gets assigned to session or closed */
+ if (ti == NC_TI_LIBSSH) {
+ ret = nc_accept_ssh_session(*session, sock, timeout);
+ if (ret < 1) {
+ goto fail;
+ }
+ } else if (ti == NC_TI_OPENSSL) {
+ ret = nc_accept_tls_session(*session, sock, timeout);
+ if (ret < 1) {
+ goto fail;
+ }
+ } else {
+ ERRINT;
+ close(sock);
+ ret = -1;
+ goto fail;
+ }
+
+ /* assign new SID atomically */
+ /* LOCK */
+ pthread_spin_lock(&server_opts.sid_lock);
+ (*session)->id = server_opts.new_session_id++;
+ /* UNLOCK */
+ pthread_spin_unlock(&server_opts.sid_lock);
+
+ /* NETCONF handshake */
+ if (nc_handshake(*session)) {
+ ret = -1;
+ goto fail;
+ }
+ (*session)->status = NC_STATUS_RUNNING;
+
+ return 1;
+
+fail:
+ nc_session_free(*session);
+ *session = NULL;
+ return -1;
+}
+
#endif /* ENABLE_SSH || ENABLE_TLS */
diff --git a/src/session_server.h b/src/session_server.h
index aa72311..6c74e07 100644
--- a/src/session_server.h
+++ b/src/session_server.h
@@ -244,6 +244,8 @@
*/
int nc_accept(int timeout, struct nc_session **session);
+int nc_connect_callhome(const char *host, uint16_t port, NC_TRANSPORT_IMPL ti, int timeout, struct nc_session **session);
+
#endif /* ENABLE_SSH || ENABLE_TLS */
#ifdef ENABLE_SSH
@@ -319,8 +321,73 @@
*/
int nc_ssh_server_del_authkey(const char *pubkey_path, const char *username);
+/*
+ * Call Home
+ */
+
/**
- * @brief Free all the various SSH server options.
+ * @brief Set Call Home SSH host keys the server will identify itself with. Each of RSA, DSA, and
+ * ECDSA keys can be set. If the particular type was already set, it is replaced.
+ *
+ * @param[in] privkey_path Path to a private key.
+ * @return 0 on success, -1 on error.
+ */
+int nc_ssh_server_ch_set_hostkey(const char *privkey_path);
+
+/**
+ * @brief Set Call Home SSH banner the server will send to every client.
+ *
+ * @param[in] banner SSH banner.
+ * @return 0 on success, -1 on error.
+ */
+int nc_ssh_server_ch_set_banner(const char *banner);
+
+/**
+ * @brief Set accepted Call Home SSH authentication methods. All (publickey, password, interactive)
+ * are supported by default.
+ *
+ * @param[in] auth_methods Accepted authentication methods bit field of NC_SSH_AUTH_TYPE.
+ * @return 0 on success, -1 on error.
+ */
+int nc_ssh_server_ch_set_auth_methods(int auth_methods);
+
+/**
+ * @brief Set Call Home SSH authentication attempts of every client. 3 by default.
+ *
+ * @param[in] auth_attempts Failed authentication attempts before a client is dropped.
+ * @return 0 on success, -1 on error.
+ */
+int nc_ssh_server_ch_set_auth_attempts(uint16_t auth_attempts);
+
+/**
+ * @brief Set Call Home SSH authentication timeout. 10 seconds by default.
+ *
+ * @param[in] auth_timeout Number of seconds before an unauthenticated client is dropped.
+ * @return 0 on success, -1 on error.
+ */
+int nc_ssh_server_ch_set_auth_timeout(uint16_t auth_timeout);
+
+/**
+ * @brief Add an authorized Call Home client SSH public key. This public key can be used for
+ * publickey authentication afterwards.
+ *
+ * @param[in] pubkey_path Path to the public key.
+ * @param[in] username Username that the client with the public key must use.
+ * @return 0 on success, -1 on error.
+ */
+int nc_ssh_server_ch_add_authkey(const char *pubkey_path, const char *username);
+
+/**
+ * @brief Remove an authorized Call Home client SSH public key.
+ *
+ * @param[in] pubkey_path Path to an authorized public key. NULL matches all the keys.
+ * @param[in] username Username for an authorized public key. NULL matches all the usernames.
+ * @return 0 on success, -1 on not finding any match.
+ */
+int nc_ssh_server_ch_del_authkey(const char *pubkey_path, const char *username);
+
+/**
+ * @brief Free all the various SSH server options (including Call Home ones).
*/
void nc_ssh_server_free_opts(void);
@@ -440,8 +507,124 @@
*/
int nc_tls_server_del_ctn(int64_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name);
+/*
+ * Call Home
+ */
+
/**
- * @brief Free all the various TLS server options.
+ * @brief Set server Call Home TLS certificate. Alternative to nc_tls_server_set_cert_path().
+ * There can only be one certificate for each key type, it is replaced if already set.
+ *
+ * @param[in] cert Base64-encoded certificate in ASN.1 DER encoding.
+ * @return 0 on success, -1 on error.
+ */
+int nc_tls_server_ch_set_cert(const char *cert);
+
+/**
+ * @brief Set server Call Home TLS certificate. Alternative to nc_tls_server_set_cert().
+ * There can only be one certificate for each key type, it is replaced if already set.
+ *
+ * @param[in] cert_path Path to a certificate file in PEM format.
+ * @return 0 on success, -1 on error.
+ */
+int nc_tls_server_ch_set_cert_path(const char *cert_path);
+
+/**
+ * @brief Set server Call Home TLS private key matching the certificate.
+ * Alternative to nc_tls_server_set_key_path(). There can only be one of every key
+ * type, it is replaced if already set.
+ *
+ * @param[in] privkey Base64-encoded certificate in ASN.1 DER encoding.
+ * @param[in] is_rsa Whether \p privkey are the data of an RSA (1) or DSA (0) key.
+ * @return 0 on success, -1 on error.
+ */
+int nc_tls_server_ch_set_key(const char *privkey, int is_rsa);
+
+/**
+ * @brief Set server Call Home TLS private key matching the certificate.
+ * Alternative to nc_tls_server_set_key_path(). There can only be one of every key
+ * type, it is replaced if already set.
+ *
+ * @param[in] privkey_path Path to a private key file in PEM format.
+ * @return 0 on success, -1 on error.
+ */
+int nc_tls_server_ch_set_key_path(const char *privkey_path);
+
+/**
+ * @brief Add a Call Home trusted certificate. Can be both a CA or a client one.
+ *
+ * @param[in] cert Base64-enocded certificate in ASN.1DER encoding.
+ * @return 0 on success, -1 on error.
+ */
+int nc_tls_server_ch_add_trusted_cert(const char *cert);
+
+/**
+ * @brief Add a Call Home trusted certificate. Can be both a CA or a client one.
+ *
+ * @param[in] cert_path Path to a trusted certificate file in PEM format.
+ * @return 0 on success, -1 on error.
+ */
+int nc_tls_server_ch_add_trusted_cert_path(const char *cert_path);
+
+/**
+ * @brief Set trusted Call Home Certificate Authority certificate locations. There
+ * can only be one file and one directory, they are replaced if already set.
+ *
+ * @param[in] cacert_file_path Path to a trusted CA cert store file in PEM format.
+ * Can be NULL.
+ * @param[in] cacert_dir_path Path to a trusted CA cert store hashed directory
+ * (c_rehash utility can be used to create hashes) with PEM files. Can be NULL.
+ * @return 0 on success, -1 on error.
+ */
+int nc_tls_server_ch_set_trusted_cacert_locations(const char *cacert_file_path, const char *cacert_dir_path);
+
+/**
+ * @brief Destroy and clean all the set Call Home certificates and private keys.
+ * CRLs and CTN entries are not affected.
+ */
+void nc_tls_server_ch_destroy_certs(void);
+
+/**
+ * @brief Set Call Home Certificate Revocation List locations. There can only be
+ * one file and one directory, they are replaced if already set.
+ *
+ * @param[in] crl_file_path Path to a CRL store file in PEM format. Can be NULL.
+ * @param[in] crl_dir_path Path to a CRL store hashed directory (c_rehash utility
+ * can be used to create hashes) with PEM files. Can be NULL.
+ * @return 0 on success, -1 on error.
+ */
+int nc_tls_server_ch_set_crl_locations(const char *crl_file_path, const char *crl_dir_path);
+
+/**
+ * @brief Destroy and clean Call Home CRLs. Call Home certificates, private keys,
+ * and CTN entries are not affected.
+ */
+void nc_tls_server_ch_destroy_crls(void);
+
+/**
+ * @brief Add a Call Home Cert-to-name entry.
+ *
+ * @param[in] id Priority of the entry.
+ * @param[in] fingerprint Matching certificate fingerprint.
+ * @param[in] map_type Type of username-certificate mapping.
+ * @param[in] name Specific username if \p map_type == NC_TLS_CTN_SPECIFED. Must be NULL otherwise.
+ * @return 0 on success, -1 on error.
+ */
+int nc_tls_server_ch_add_ctn(uint32_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name);
+
+/**
+ * @brief Remove a Call Home Cert-to-name entry.
+ *
+ * @param[in] id Priority of the entry. -1 matches all the priorities.
+ * @param[in] fingerprint Fingerprint fo the entry. NULL matches all the fingerprints.
+ * @param[in] map_type Mapping type of the entry. 0 matches all the mapping types.
+ * @param[in] name Specific username for the entry. NULL matches all the usernames.
+ * @return 0 on success, -1 on not finding any match.
+ */
+int nc_tls_server_ch_del_ctn(int64_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name);
+
+/**
+ * @brief Free all the various TLS server options (including Call Home ones).
*/
void nc_tls_server_free_opts(void);
diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
index a541ae3..4351407 100644
--- a/src/session_server_ssh.c
+++ b/src/session_server_ssh.c
@@ -34,6 +34,7 @@
#include "session_server.h"
extern struct nc_server_opts server_opts;
+
struct nc_ssh_server_opts ssh_opts = {
.sshbind_lock = PTHREAD_MUTEX_INITIALIZER,
.authkey_lock = PTHREAD_MUTEX_INITIALIZER,
@@ -42,165 +43,272 @@
.auth_timeout = 10
};
-API int
-nc_ssh_server_set_hostkey(const char *privkey_path)
+struct nc_ssh_server_opts ssh_ch_opts = {
+ .sshbind_lock = PTHREAD_MUTEX_INITIALIZER,
+ .authkey_lock = PTHREAD_MUTEX_INITIALIZER,
+ .auth_methods = NC_SSH_AUTH_PUBLICKEY | NC_SSH_AUTH_PASSWORD | NC_SSH_AUTH_INTERACTIVE,
+ .auth_attempts = 3,
+ .auth_timeout = 10
+};
+
+static int
+_nc_ssh_server_set_hostkey(const char *privkey_path, int ch)
{
+ struct nc_ssh_server_opts *opts;
+
if (!privkey_path) {
ERRARG;
return -1;
}
- /* LOCK */
- pthread_mutex_lock(&ssh_opts.sshbind_lock);
+ opts = (ch ? &ssh_ch_opts : &ssh_opts);
- if (!ssh_opts.sshbind) {
- ssh_opts.sshbind = ssh_bind_new();
- if (!ssh_opts.sshbind) {
+ /* LOCK */
+ pthread_mutex_lock(&opts->sshbind_lock);
+
+ if (!opts->sshbind) {
+ opts->sshbind = ssh_bind_new();
+ if (!opts->sshbind) {
ERR("Failed to create a new ssh_bind.");
goto fail;
}
}
- if (ssh_bind_options_set(ssh_opts.sshbind, SSH_BIND_OPTIONS_HOSTKEY, privkey_path) != SSH_OK) {
- ERR("Failed to set host key (%s).", ssh_get_error(ssh_opts.sshbind));
+ if (ssh_bind_options_set(opts->sshbind, SSH_BIND_OPTIONS_HOSTKEY, privkey_path) != SSH_OK) {
+ ERR("Failed to set host key (%s).", ssh_get_error(opts->sshbind));
goto fail;
}
/* UNLOCK */
- pthread_mutex_unlock(&ssh_opts.sshbind_lock);
+ pthread_mutex_unlock(&opts->sshbind_lock);
return 0;
fail:
/* UNLOCK */
- pthread_mutex_unlock(&ssh_opts.sshbind_lock);
+ pthread_mutex_unlock(&opts->sshbind_lock);
+ return -1;
+}
+
+API int
+nc_ssh_server_set_hostkey(const char *privkey_path)
+{
+ return _nc_ssh_server_set_hostkey(privkey_path, 0);
+}
+
+API int
+nc_ssh_server_ch_set_hostkey(const char *privkey_path)
+{
+ return _nc_ssh_server_set_hostkey(privkey_path, 1);
+}
+
+static int
+_nc_ssh_server_set_banner(const char *banner, int ch)
+{
+ struct nc_ssh_server_opts *opts;
+
+ if (!banner) {
+ ERRARG;
+ return -1;
+ }
+
+ opts = (ch ? &ssh_ch_opts : &ssh_opts);
+
+ /* LOCK */
+ pthread_mutex_lock(&opts->sshbind_lock);
+
+ if (!opts->sshbind) {
+ opts->sshbind = ssh_bind_new();
+ if (!opts->sshbind) {
+ ERR("Failed to create a new ssh_bind.");
+ goto fail;
+ }
+ }
+
+ ssh_bind_options_set(opts->sshbind, SSH_BIND_OPTIONS_BANNER, banner);
+
+ /* UNLOCK */
+ pthread_mutex_unlock(&opts->sshbind_lock);
+ return 0;
+
+fail:
+ /* UNLOCK */
+ pthread_mutex_unlock(&opts->sshbind_lock);
return -1;
}
API int
nc_ssh_server_set_banner(const char *banner)
{
- if (!banner) {
- ERRARG;
- return -1;
- }
-
- /* LOCK */
- pthread_mutex_lock(&ssh_opts.sshbind_lock);
-
- if (!ssh_opts.sshbind) {
- ssh_opts.sshbind = ssh_bind_new();
- if (!ssh_opts.sshbind) {
- ERR("Failed to create a new ssh_bind.");
- goto fail;
- }
- }
-
- ssh_bind_options_set(ssh_opts.sshbind, SSH_BIND_OPTIONS_BANNER, banner);
-
- /* UNLOCK */
- pthread_mutex_unlock(&ssh_opts.sshbind_lock);
- return 0;
-
-fail:
- /* UNLOCK */
- pthread_mutex_unlock(&ssh_opts.sshbind_lock);
- return -1;
+ return _nc_ssh_server_set_banner(banner, 0);
}
API int
-nc_ssh_server_set_auth_methods(int auth_methods)
+nc_ssh_server_ch_set_banner(const char *banner)
{
+ return _nc_ssh_server_set_banner(banner, 1);
+}
+
+static int
+_nc_ssh_server_set_auth_methods(int auth_methods, int ch)
+{
+ struct nc_ssh_server_opts *opts;
+
if (!(auth_methods & NC_SSH_AUTH_PUBLICKEY) && !(auth_methods & NC_SSH_AUTH_PASSWORD)
&& !(auth_methods & NC_SSH_AUTH_INTERACTIVE)) {
ERRARG;
return -1;
}
- ssh_opts.auth_methods = auth_methods;
+ opts = (ch ? &ssh_ch_opts : &ssh_opts);
+
+ opts->auth_methods = auth_methods;
+ return 0;
+}
+
+API int
+nc_ssh_server_set_auth_methods(int auth_methods)
+{
+ return _nc_ssh_server_set_auth_methods(auth_methods, 0);
+}
+
+API int
+nc_ssh_server_ch_set_auth_methods(int auth_methods)
+{
+ return _nc_ssh_server_set_auth_methods(auth_methods, 1);
+}
+
+static int
+_nc_ssh_server_set_auth_attempts(uint16_t auth_attempts, int ch)
+{
+ struct nc_ssh_server_opts *opts;
+
+ if (!auth_attempts) {
+ ERRARG;
+ return -1;
+ }
+
+ opts = (ch ? &ssh_ch_opts : &ssh_opts);
+
+ opts->auth_attempts = auth_attempts;
return 0;
}
API int
nc_ssh_server_set_auth_attempts(uint16_t auth_attempts)
{
- if (!auth_attempts) {
+ return _nc_ssh_server_set_auth_attempts(auth_attempts, 0);
+}
+
+API int
+nc_ssh_server_set_ch_auth_attempts(uint16_t auth_attempts)
+{
+ return _nc_ssh_server_set_auth_attempts(auth_attempts, 1);
+}
+
+static int
+_nc_ssh_server_set_auth_timeout(uint16_t auth_timeout, int ch)
+{
+ struct nc_ssh_server_opts *opts;
+
+ if (!auth_timeout) {
ERRARG;
return -1;
}
- ssh_opts.auth_attempts = auth_attempts;
+ opts = (ch ? &ssh_ch_opts : &ssh_opts);
+
+ opts->auth_timeout = auth_timeout;
return 0;
}
API int
nc_ssh_server_set_auth_timeout(uint16_t auth_timeout)
{
- if (!auth_timeout) {
+ return _nc_ssh_server_set_auth_timeout(auth_timeout, 0);
+}
+
+API int
+nc_ssh_server_ch_set_auth_timeout(uint16_t auth_timeout)
+{
+ return _nc_ssh_server_set_auth_timeout(auth_timeout, 1);
+}
+
+static int
+_nc_ssh_server_add_authkey(const char *pubkey_path, const char *username, int ch)
+{
+ struct nc_ssh_server_opts *opts;
+
+ if (!pubkey_path || !username) {
ERRARG;
return -1;
}
- ssh_opts.auth_timeout = auth_timeout;
+ opts = (ch ? &ssh_ch_opts : &ssh_opts);
+
+ /* LOCK */
+ pthread_mutex_lock(&opts->authkey_lock);
+
+ ++opts->authkey_count;
+ opts->authkeys = realloc(opts->authkeys, opts->authkey_count * sizeof *opts->authkeys);
+
+ nc_ctx_lock(-1, NULL);
+ opts->authkeys[opts->authkey_count - 1].path = lydict_insert(server_opts.ctx, pubkey_path, 0);
+ opts->authkeys[opts->authkey_count - 1].username = lydict_insert(server_opts.ctx, username, 0);
+ nc_ctx_unlock();
+
+ /* UNLOCK */
+ pthread_mutex_unlock(&opts->authkey_lock);
+
return 0;
}
API int
nc_ssh_server_add_authkey(const char *pubkey_path, const char *username)
{
- if (!pubkey_path || !username) {
- ERRARG;
- return -1;
- }
-
- /* LOCK */
- pthread_mutex_lock(&ssh_opts.authkey_lock);
-
- ++ssh_opts.authkey_count;
- ssh_opts.authkeys = realloc(ssh_opts.authkeys, ssh_opts.authkey_count * sizeof *ssh_opts.authkeys);
-
- nc_ctx_lock(-1, NULL);
- ssh_opts.authkeys[ssh_opts.authkey_count - 1].path = lydict_insert(server_opts.ctx, pubkey_path, 0);
- ssh_opts.authkeys[ssh_opts.authkey_count - 1].username = lydict_insert(server_opts.ctx, username, 0);
- nc_ctx_unlock();
-
- /* UNLOCK */
- pthread_mutex_unlock(&ssh_opts.authkey_lock);
-
- return 0;
+ return _nc_ssh_server_add_authkey(pubkey_path, username, 0);
}
API int
-nc_ssh_server_del_authkey(const char *pubkey_path, const char *username)
+nc_ssh_server_ch_add_authkey(const char *pubkey_path, const char *username)
{
+ return _nc_ssh_server_add_authkey(pubkey_path, username, 1);
+}
+
+static int
+_nc_ssh_server_del_authkey(const char *pubkey_path, const char *username, int ch)
+{
+ struct nc_ssh_server_opts *opts;
uint32_t i;
int ret = -1;
+ opts = (ch ? &ssh_ch_opts : &ssh_opts);
+
/* LOCK */
- pthread_mutex_lock(&ssh_opts.authkey_lock);
+ pthread_mutex_lock(&opts->authkey_lock);
if (!pubkey_path && !username) {
nc_ctx_lock(-1, NULL);
- for (i = 0; i < ssh_opts.authkey_count; ++i) {
- lydict_remove(server_opts.ctx, ssh_opts.authkeys[i].path);
- lydict_remove(server_opts.ctx, ssh_opts.authkeys[i].username);
+ for (i = 0; i < opts->authkey_count; ++i) {
+ lydict_remove(server_opts.ctx, opts->authkeys[i].path);
+ lydict_remove(server_opts.ctx, opts->authkeys[i].username);
ret = 0;
}
nc_ctx_unlock();
- free(ssh_opts.authkeys);
- ssh_opts.authkeys = NULL;
- ssh_opts.authkey_count = 0;
+ free(opts->authkeys);
+ opts->authkeys = NULL;
+ opts->authkey_count = 0;
} else {
- for (i = 0; i < ssh_opts.authkey_count; ++i) {
- if ((!pubkey_path || !strcmp(ssh_opts.authkeys[i].path, pubkey_path))
- && (!username || !strcmp(ssh_opts.authkeys[i].username, username))) {
+ for (i = 0; i < opts->authkey_count; ++i) {
+ if ((!pubkey_path || !strcmp(opts->authkeys[i].path, pubkey_path))
+ && (!username || !strcmp(opts->authkeys[i].username, username))) {
nc_ctx_lock(-1, NULL);
- lydict_remove(server_opts.ctx, ssh_opts.authkeys[i].path);
- lydict_remove(server_opts.ctx, ssh_opts.authkeys[i].username);
+ lydict_remove(server_opts.ctx, opts->authkeys[i].path);
+ lydict_remove(server_opts.ctx, opts->authkeys[i].username);
nc_ctx_unlock();
- --ssh_opts.authkey_count;
- memcpy(&ssh_opts.authkeys[i], &ssh_opts.authkeys[ssh_opts.authkey_count], sizeof *ssh_opts.authkeys);
+ --opts->authkey_count;
+ memcpy(&opts->authkeys[i], &opts->authkeys[opts->authkey_count], sizeof *opts->authkeys);
ret = 0;
}
@@ -208,11 +316,23 @@
}
/* UNLOCK */
- pthread_mutex_unlock(&ssh_opts.authkey_lock);
+ pthread_mutex_unlock(&opts->authkey_lock);
return ret;
}
+API int
+nc_ssh_server_del_authkey(const char *pubkey_path, const char *username)
+{
+ return _nc_ssh_server_del_authkey(pubkey_path, username, 0);
+}
+
+API int
+nc_ssh_server_ch_del_authkey(const char *pubkey_path, const char *username)
+{
+ return _nc_ssh_server_del_authkey(pubkey_path, username, 1);
+}
+
API void
nc_ssh_server_free_opts(void)
{
@@ -228,6 +348,21 @@
pthread_mutex_unlock(&ssh_opts.sshbind_lock);
nc_ssh_server_del_authkey(NULL, NULL);
+
+ /* Call Home */
+
+ /* LOCK */
+ pthread_mutex_lock(&ssh_ch_opts.sshbind_lock);
+
+ if (ssh_ch_opts.sshbind) {
+ ssh_bind_free(ssh_ch_opts.sshbind);
+ ssh_ch_opts.sshbind = NULL;
+ }
+
+ /* UNLOCK */
+ pthread_mutex_unlock(&ssh_ch_opts.sshbind_lock);
+
+ nc_ssh_server_ch_del_authkey(NULL, NULL);
}
static char *