config UPDATE rename config_new and del some funcs
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6bbc53f..78ddc7a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -111,16 +111,16 @@
src/session_client.c
src/session_server.c
src/server_config.c
- src/config_new.c)
+ src/server_config_util.c)
if(ENABLE_SSH_TLS)
list(APPEND libsrc
src/session_client_ssh.c
src/session_server_ssh.c
- src/config_new_ssh.c
+ src/server_config_util_ssh.c
src/session_client_tls.c
src/session_server_tls.c
- src/config_new_tls.c
+ src/server_config_util_tls.c
src/server_config_ks.c
src/server_config_ts.c)
set(SSH_TLS_MACRO "#ifndef NC_ENABLED_SSH_TLS\n#define NC_ENABLED_SSH_TLS\n#endif")
diff --git a/doc/libnetconf.doc b/doc/libnetconf.doc
index 1b3e4a4..b58f96f 100644
--- a/doc/libnetconf.doc
+++ b/doc/libnetconf.doc
@@ -18,7 +18,7 @@
* - Creating, sending, receiving, and replying to RPCs ([RFC 4741](https://tools.ietf.org/html/rfc4741),
* [RFC 6241](https://tools.ietf.org/html/rfc6241)).
* - Creating, sending and receiving NETCONF Event Notifications ([RFC 5277](https://tools.ietf.org/html/rfc5277)).
- * - Configuring the NETCONF server based on the [ietf-netconf-server](https://datatracker.ietf.org/doc/html/draft-ietf-netconf-netconf-client-server-29) YANG module
+ * - Configuring the NETCONF server based on the [ietf-netconf-server](https://datatracker.ietf.org/doc/html/draft-ietf-netconf-netconf-client-server-29) YANG module.
*
* @section about-license License
*
@@ -219,7 +219,7 @@
* If you authenticated the connection using some tunneling software, you
* can pass its file descriptors to _libnetconf2_ using ::nc_connect_inout(),
* which will continue to establish a full NETCONF session. To connect locally
- * on a UNIX socket avoiding all cryptography use ::nc_connect_unix().
+ * on a UNIX socket avoiding all cryptography use ::nc_connect_unix().
*
* Funtions List
* -------------
@@ -301,8 +301,6 @@
* establish SSH or TLS transport or do it yourself and only provide the file
* descriptors of the connection.
*
- * Server options can be only set, there are no getters.
- *
* To be able to accept any connections, the server must first be configured.
*
* Functions List
@@ -318,17 +316,51 @@
* ===
*
* To successfully accept connections on a server, you first need to configure it.
- * There are two main ways to do this. The first is using __YANG data__ (see ::nc_server_config_setup_data).
- * The second way is using __YANG diff__ (see ::nc_server_config_setup_diff). Optionally, you may do this
- * by using __YANG data__ stored in a file (see ::nc_server_config_setup_path).
- * However, to be able to configure the server, the required models first need to be implemented in the
- * given libyang context using ::nc_server_config_load_modules().
+ * The *libnetconf2* server natively supports the *ietf-netconf-server YANG* module.
+ * This allows for a bigger scaling and flexibility of the *NETCONF* server.
+ * By using *ietf-netconf-server YANG* data you can express network configurations
+ * in a standardized and hierarchical format, enabling you to define complex network
+ * structures with greater ease.
*
- * If you wish not to create the __YANG data/diff__ yourself, you may use the library's functions to do this for you.
- * For example ::nc_server_config_new_address_port() creates __YANG data__ corresponding to an SSH/TLS endpoint.
- * The variant for UNIX socket is ::nc_server_config_new_unix_socket().
+ * The process of configuring a server is comprised of two steps. The first step is creating the
+ * configuration data and the second is applying it. The server supports two forms of the configuration
+ * data - *YANG data* and *YANG diff*.
*
- * You may also create entries in the keystore or trustore. For example the asymmetric key and certificate entries
+ * YANG data
+ * ---------
+ *
+ * Configuring the server using YANG data simplifies the management of network services.
+ * With YANG data, you build a structured configuration tree and apply it as a whole.
+ * This approach is user-friendly, allowing you to modify the configuration by adding or deleting nodes,
+ * and then deploying the updated configuration tree in its entirety, providing a way to manage your server's settings.
+ * The *libnetconf2* library exports API functions that can help you with creation or deletion of the *YANG* data.
+ * Using this approach requires you to have access to the current configuration whenever you want to make any changes.
+ *
+ * YANG diff
+ * ---------
+ *
+ * YANG diff, enriched with operation attributes, offers advanced configuration control.
+ * It empowers the user to make precise changes within the configuration tree,
+ * enabling operations like specific node deletions, additions, and modifications.
+ * On the other hand, unlike YANG data, YANG diff represents only a subtree of the
+ * changes expecting the whole configuration to be managed externally.
+ * For example this approach is used by the tool [sysrepo](https://www.sysrepo.org/).
+ *
+ * Usage
+ * -----
+ *
+ * To be able to configure the server, the required models first need to be implemented.
+ * To do this, see ::nc_server_config_load_modules().
+ * Not all of the *ietf-netconf-server* (and all of its associated modules) features are enabled.
+ * If you wish to see which features are enabled, extract them from the context after calling the mentioned function.
+ *
+ * If you wish not to create the __YANG data__ yourself, you may use the library's functions to do this for you.
+ * For example ::nc_server_config_add_address_port() creates __YANG data__ corresponding to an SSH/TLS endpoint.
+ * The variant for UNIX socket is ::nc_server_config_add_unix_socket(). You can then apply this data
+ * by calling ::nc_server_config_setup_data() (or ::nc_server_config_setup_diff() for diff).
+ * See *examples/server.c* for a simple example.
+ *
+ * You may also create entries in the keystore or truststore. For example the asymmetric key and certificate entries
* in the keystore can be then referenced as the SSH hostkeys or TLS server certificates, respectively.
* As for the truststore, you may create public key and certificate entries, which can then be used
* as SSH user's public keys or TLS server's end-entity/trust-anchor certificates, respectively.
@@ -343,66 +375,52 @@
* - ::nc_server_config_setup_data()
* - ::nc_server_config_setup_path()
*
- * - ::nc_server_config_new_address_port()
- * - ::nc_server_config_new_unix_socket()
- * - ::nc_server_config_new_del_endpt()
- * - ::nc_server_config_new_keystore_asym_key()
- * - ::nc_server_config_new_del_keystore_asym_key()
- * - ::nc_server_config_new_keystore_cert()
- * - ::nc_server_config_new_del_keystore_cert()
- * - ::nc_server_config_new_truststore_pubkey()
- * - ::nc_server_config_new_del_truststore_pubkey()
- * - ::nc_server_config_new_truststore_cert()
- * - ::nc_server_config_new_del_truststore_cert()
+ * - ::nc_server_config_add_address_port()
+ * - ::nc_server_config_add_unix_socket()
+ * - ::nc_server_config_del_endpt()
+ *
+ * - ::nc_server_config_add_keystore_asym_key()
+ * - ::nc_server_config_del_keystore_asym_key()
+ * - ::nc_server_config_add_keystore_cert()
+ * - ::nc_server_config_del_keystore_cert()
+ * - ::nc_server_config_add_truststore_pubkey()
+ * - ::nc_server_config_del_truststore_pubkey()
+ * - ::nc_server_config_add_truststore_cert()
+ * - ::nc_server_config_del_truststore_cert()
*
* SSH
* ===
*
* To successfully accept an SSH session you must configure at least one host key.
- * You may create this data yourself or by using ::nc_server_config_new_ssh_hostkey().
+ * You may create this data yourself or by using ::nc_server_config_add_ssh_hostkey().
*
* On top of that, each SSH endpoint can define it's own authorized clients and their authentication methods.
- * For example if you wish to create an SSH user that can authenticate using a password, use ::nc_server_config_new_ssh_user_password().
+ * For example if you wish to create an SSH user that can authenticate using a password, use ::nc_server_config_add_ssh_user_password().
* Another option for authorized clients is to reference another endpoint's clients, however be careful not to create a cyclic reference
- * (see ::nc_config_new_ssh_endpoint_user_ref()). An authorized client MUST authenticate to all of it's configured authentication methods.
+ * (see ::nc_server_config_add_ssh_endpoint_client_ref()). An authorized client MUST authenticate to all of it's configured authentication methods.
*
- * There are also some other optional settings.
+ * There are also some other optional settings. Like setting the authentication attempts and timeout of an authorized client, or
+ * setting the encryption/key exchange/mac/public key algorithms, etc.
*
* Functions List
* --------------
*
* Available in __nc_server.h__.
*
- * - ::nc_server_config_new_ssh_hostkey()
- * - ::nc_server_config_new_ssh_del_hostkey()
- * - ::nc_server_config_new_ssh_keystore_ref()
- * - ::nc_server_config_new_ssh_del_keystore_ref()
- * - ::nc_server_config_new_ssh_auth_attempts()
- * - ::nc_server_config_new_ssh_auth_timeout()
+ * - ::nc_server_config_add_ssh_hostkey()
+ * - ::nc_server_config_del_ssh_hostkey()
+ * - ::nc_server_config_add_ssh_auth_attempts()
+ * - ::nc_server_config_add_ssh_auth_timeout()
*
- * - ::nc_server_config_new_ssh_user_pubkey()
- * - ::nc_server_config_new_ssh_del_user_pubkey()
- * - ::nc_server_config_new_ssh_user_password()
- * - ::nc_server_config_new_ssh_del_user_password()
- * - ::nc_server_config_new_ssh_user_none()
- * - ::nc_server_config_new_ssh_del_user_none()
- * - ::nc_server_config_new_ssh_user_interactive()
- * - ::nc_server_config_new_ssh_del_user_interactive()
- * - ::nc_server_config_new_ssh_del_user()
- * - ::nc_server_config_new_ssh_truststore_ref()
- * - ::nc_server_config_new_ssh_del_truststore_ref()
- * - ::nc_config_new_ssh_endpoint_user_ref()
- * - ::nc_config_new_ssh_del_endpoint_user_ref()
- *
- * - ::nc_server_config_new_ssh_host_key_algs()
- * - ::nc_server_config_new_ssh_del_host_key_alg()
- * - ::nc_server_config_new_ssh_key_exchange_algs()
- * - ::nc_server_config_new_ssh_del_key_exchange_alg()
- * - ::nc_server_config_new_ssh_encryption_algs()
- * - ::nc_server_config_new_ssh_del_encryption_alg()
- * - ::nc_server_config_new_ssh_mac_algs()
- * - ::nc_server_config_new_ssh_del_mac_alg()
- *
+ * - ::nc_server_config_add_ssh_user_pubkey()
+ * - ::nc_server_config_del_ssh_user_pubkey()
+ * - ::nc_server_config_add_ssh_user_password()
+ * - ::nc_server_config_del_ssh_user_password()
+ * - ::nc_server_config_add_ssh_user_interactive()
+ * - ::nc_server_config_del_ssh_user_interactive()
+ * - ::nc_server_config_del_ssh_user()
+ * - ::nc_server_config_add_ssh_endpoint_client_ref()
+ * - ::nc_server_config_del_ssh_endpoint_client_ref()
*
* TLS
* ===
@@ -412,7 +430,7 @@
* options that TLS uses to derive usernames from client certificates.
*
* If you wish to listen on a TLS endpoint, you need to configure the endpoint's
- * server certificate (see ::nc_server_config_new_tls_server_certificate()).
+ * server certificate (see ::nc_server_config_add_tls_server_cert()).
*
* To accept client certificates, they must first be considered trusted.
* For each TLS endpoint you may configure two types of client certificates.
@@ -421,50 +439,31 @@
* The second type are trust-anchor (certificate authority) certificates,
* which carry over the trust (a chain of trust).
* Another option is to reference another TLS endpoint's end-entity certificates, however be careful not to create a cyclic reference
- * (see ::nc_config_new_tls_endpoint_client_ref()).
+ * (see ::nc_server_config_add_tls_endpoint_client_ref()).
*
* Then, from each trusted client certificate a username must be derived
* for the NETCONF session. This is accomplished by finding a matching
* _cert-to-name_ entry.
*
* There are some further options. For example you can configure the TLS
- * version and ciphers to be used. You may also choose to use a Certificate
- * Revoke List. There are three options, ::nc_server_config_new_tls_crl_path()
- * attempts to get the list of revoked certificates from a file. ::nc_server_config_new_tls_crl_url()
- * attempts to download the list from the given URL. Lastly, ::nc_server_config_new_tls_crl_cert_ext()
- * attempts to download the CRLs from URLs specified in the extension fields of the configured certificates.
+ * version and ciphers to be used or you can even use a Certificate Revocation List.
*
* Functions List
* --------------
*
* Available in __nc_server.h__.
*
- * - ::nc_server_config_new_tls_server_certificate()
- * - ::nc_server_config_new_tls_del_server_certificate()
- * - ::nc_server_config_new_tls_keystore_ref()
- * - ::nc_server_config_new_tls_del_keystore_ref()
+ * - ::nc_server_config_add_tls_server_cert()
+ * - ::nc_server_config_del_tls_server_cert()
*
- * - ::nc_server_config_new_tls_client_certificate()
- * - ::nc_server_config_new_tls_del_client_certificate()
- * - ::nc_server_config_new_tls_client_cert_truststore_ref()
- * - ::nc_server_config_new_tls_del_client_cert_truststore_ref()
- * - ::nc_server_config_new_tls_client_ca()
- * - ::nc_server_config_new_tls_del_client_ca()
- * - ::nc_server_config_new_tls_client_ca_truststore_ref()
- * - ::nc_server_config_new_tls_del_client_ca_truststore_ref()
- * - ::nc_config_new_tls_endpoint_client_ref()
- * - ::nc_config_new_tls_del_endpoint_client_ref()
- * - ::nc_server_config_new_tls_ctn()
- * - ::nc_server_config_new_tls_del_ctn()
- *
- * - ::nc_server_config_new_tls_version()
- * - ::nc_server_config_new_tls_del_version()
- * - ::nc_server_config_new_tls_ciphers()
- * - ::nc_server_config_new_tls_del_cipher()
- * - ::nc_server_config_new_tls_crl_path()
- * - ::nc_server_config_new_tls_crl_url()
- * - ::nc_server_config_new_tls_crl_cert_ext()
- * - ::nc_server_config_new_tls_del_crl()
+ * - ::nc_server_config_add_tls_client_cert()
+ * - ::nc_server_config_del_tls_client_cert()
+ * - ::nc_server_config_add_tls_ca_cert()
+ * - ::nc_server_config_del_tls_ca_cert()
+ * - ::nc_server_config_add_tls_endpoint_client_ref()
+ * - ::nc_server_config_del_tls_endpoint_client_ref()
+ * - ::nc_server_config_add_tls_ctn()
+ * - ::nc_server_config_del_tls_ctn()
*
* FD
* ==
@@ -499,68 +498,39 @@
*
* Available in __nc_server.h__.
*
- * - ::nc_server_config_new_ch_address_port()
- * - ::nc_server_config_new_del_ch_client()
- * - ::nc_server_config_new_ch_del_endpt()
- * - ::nc_server_config_new_ch_persistent()
- * - ::nc_server_config_new_ch_period()
- * - ::nc_server_config_new_ch_del_period()
- * - ::nc_server_config_new_ch_anchor_time()
- * - ::nc_server_config_new_ch_del_anchor_time()
- * - ::nc_server_config_new_ch_idle_timeout()
- * - ::nc_server_config_new_ch_del_idle_timeout()
- * - ::nc_server_config_new_ch_reconnect_strategy()
- * - ::nc_server_config_new_ch_del_reconnect_strategy()
+ * - ::nc_server_config_add_ch_address_port()
+ * - ::nc_server_config_del_ch_client()
+ * - ::nc_server_config_del_ch_endpt()
+ * - ::nc_server_config_add_ch_persistent()
+ * - ::nc_server_config_add_ch_period()
+ * - ::nc_server_config_del_ch_period()
+ * - ::nc_server_config_add_ch_anchor_time()
+ * - ::nc_server_config_del_ch_anchor_time()
+ * - ::nc_server_config_add_ch_idle_timeout()
+ * - ::nc_server_config_del_ch_idle_timeout()
+ * - ::nc_server_config_add_ch_reconnect_strategy()
+ * - ::nc_server_config_del_ch_reconnect_strategy()
*
- * - ::nc_server_config_new_ch_ssh_hostkey()
- * - ::nc_server_config_new_ch_ssh_del_hostkey()
- * - ::nc_server_config_new_ch_ssh_keystore_ref()
- * - ::nc_server_config_new_ch_ssh_del_keystore_ref()
- * - ::nc_server_config_new_ch_ssh_auth_attempts()
- * - ::nc_server_config_new_ch_ssh_auth_timeout()
- * - ::nc_server_config_new_ch_ssh_user_pubkey()
- * - ::nc_server_config_new_ch_ssh_del_user_pubkey()
- * - ::nc_server_config_new_ch_ssh_user_password()
- * - ::nc_server_config_new_ch_ssh_del_user_password()
- * - ::nc_server_config_new_ch_ssh_user_none()
- * - ::nc_server_config_new_ch_ssh_del_user_none()
- * - ::nc_server_config_new_ch_ssh_user_interactive()
- * - ::nc_server_config_new_ch_ssh_del_user_interactive()
- * - ::nc_server_config_new_ch_ssh_del_user()
- * - ::nc_server_config_new_ch_ssh_truststore_ref()
- * - ::nc_server_config_new_ch_ssh_del_truststore_ref()
- * - ::nc_server_config_new_ch_ssh_host_key_algs()
- * - ::nc_server_config_new_ch_ssh_del_host_key_alg()
- * - ::nc_server_config_new_ch_ssh_key_exchange_algs()
- * - ::nc_server_config_new_ch_ssh_del_key_exchange_alg()
- * - ::nc_server_config_new_ch_ssh_encryption_algs()
- * - ::nc_server_config_new_ch_ssh_del_encryption_alg()
- * - ::nc_server_config_new_ch_ssh_mac_algs()
- * - ::nc_server_config_new_ch_ssh_del_mac_alg()
+ * - ::nc_server_config_add_ch_ssh_hostkey()
+ * - ::nc_server_config_del_ch_ssh_hostkey()
+ * - ::nc_server_config_add_ch_ssh_auth_attempts()
+ * - ::nc_server_config_add_ch_ssh_auth_timeout()
+ * - ::nc_server_config_add_ch_ssh_user_pubkey()
+ * - ::nc_server_config_del_ch_ssh_user_pubkey()
+ * - ::nc_server_config_add_ch_ssh_user_password()
+ * - ::nc_server_config_del_ch_ssh_user_password()
+ * - ::nc_server_config_add_ch_ssh_user_interactive()
+ * - ::nc_server_config_del_ch_ssh_user_interactive()
+ * - ::nc_server_config_del_ch_ssh_user()
*
- * - ::nc_server_config_new_ch_tls_server_certificate()
- * - ::nc_server_config_new_ch_tls_del_server_certificate()
- * - ::nc_server_config_new_ch_tls_keystore_ref()
- * - ::nc_server_config_new_ch_tls_del_keystore_ref()
- * - ::nc_server_config_new_ch_tls_client_certificate()
- * - ::nc_server_config_new_ch_tls_del_client_certificate()
- * - ::nc_server_config_new_ch_tls_client_cert_truststore_ref()
- * - ::nc_server_config_new_ch_tls_del_client_cert_truststore_ref()
- * - ::nc_server_config_new_ch_tls_client_ca()
- * - ::nc_server_config_new_ch_tls_del_client_ca()
- * - ::nc_server_config_new_ch_tls_client_ca_truststore_ref()
- * - ::nc_server_config_new_ch_tls_del_client_ca_truststore_ref()
- * - ::nc_server_config_new_ch_tls_ctn()
- * - ::nc_server_config_new_ch_tls_del_ctn()
- * - ::nc_server_config_new_ch_tls_version()
- * - ::nc_server_config_new_ch_tls_del_version()
- * - ::nc_server_config_new_ch_tls_ciphers()
- * - ::nc_server_config_new_ch_tls_del_cipher()
- * - ::nc_server_config_new_ch_tls_crl_path()
- * - ::nc_server_config_new_ch_tls_crl_url()
- * - ::nc_server_config_new_ch_tls_crl_cert_ext()
- * - ::nc_server_config_new_ch_tls_del_crl()
- *
+ * - ::nc_server_config_add_ch_tls_server_cert()
+ * - ::nc_server_config_del_ch_tls_server_cert()
+ * - ::nc_server_config_add_ch_tls_client_cert()
+ * - ::nc_server_config_del_ch_tls_client_cert()
+ * - ::nc_server_config_add_ch_tls_ca_cert()
+ * - ::nc_server_config_del_ch_tls_ca_cert()
+ * - ::nc_server_config_add_ch_tls_ctn()
+ * - ::nc_server_config_del_ch_tls_ctn()
*
* Connecting And Cleanup
* ======================
@@ -684,7 +654,7 @@
* To free up some resources, it is possible to adjust the maximum idle period
* of a session before it is disconnected. In _Call Home_, for both a persistent
* and periodic connection can this idle timeout be specified separately for each
- * client using corresponding functions. Unlike other timeouts, the idle timeout
+ * client by configuring the server. Unlike other timeouts, the idle timeout
* can only be set via applying configuration data.
*
* Lastly, SSH user authentication timeout can be also modified. It is the time
diff --git a/examples/server.c b/examples/server.c
index c0ce0a8..88254c8 100644
--- a/examples/server.c
+++ b/examples/server.c
@@ -238,19 +238,19 @@
/* this is where the YANG configuration data gets generated,
* start by creating hostkey configuration data */
- rc = nc_server_config_new_ssh_hostkey(*context, "endpt", "hostkey", hostkey_path, NULL, &config);
+ rc = nc_server_config_add_ssh_hostkey(*context, "endpt", "hostkey", hostkey_path, NULL, &config);
if (rc) {
ERR_MSG_CLEANUP("Error creating new hostkey configuration data.\n");
}
/* create address and port configuration data */
- rc = nc_server_config_new_address_port(*context, "endpt", NC_TI_LIBSSH, SSH_ADDRESS, SSH_PORT, &config);
+ rc = nc_server_config_add_address_port(*context, "endpt", NC_TI_LIBSSH, SSH_ADDRESS, SSH_PORT, &config);
if (rc) {
ERR_MSG_CLEANUP("Error creating new address and port configuration data.\n");
}
/* create client authentication configuration data */
- rc = nc_server_config_new_ssh_user_password(*context, "endpt", SSH_USERNAME, SSH_PASSWORD, &config);
+ rc = nc_server_config_add_ssh_user_password(*context, "endpt", SSH_USERNAME, SSH_PASSWORD, &config);
if (rc) {
ERR_MSG_CLEANUP("Error creating client authentication configuration data.\n");
}
diff --git a/src/config_new_ssh.c b/src/config_new_ssh.c
deleted file mode 100644
index a61dd42..0000000
--- a/src/config_new_ssh.c
+++ /dev/null
@@ -1,1334 +0,0 @@
-/**
- * @file config_new_ssh.c
- * @author Roman Janota <janota@cesnet.cz>
- * @brief libnetconf2 server new SSH configuration creation functions
- *
- * @copyright
- * Copyright (c) 2023 CESNET, z.s.p.o.
- *
- * This source code is licensed under BSD 3-Clause License (the "License").
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://opensource.org/licenses/BSD-3-Clause
- */
-
-#define _GNU_SOURCE
-
-#include <crypt.h>
-#include <errno.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <libyang/libyang.h>
-
-#include "compat.h"
-#include "config.h"
-#include "config_new.h"
-#include "log_p.h"
-#include "server_config.h"
-#include "session_p.h"
-
-#if !defined (HAVE_CRYPT_R)
-extern pthread_mutex_t crypt_lock;
-#endif
-
-static int
-_nc_server_config_new_ssh_hostkey(const struct ly_ctx *ctx, const char *tree_path,
- const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
-{
- int ret = 0;
- char *pubkey = NULL, *privkey = NULL;
- NC_PRIVKEY_FORMAT privkey_type;
- const char *privkey_format, *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, privkey_path, config, 1);
-
- /* get the keys as a string from the given files */
- ret = nc_server_config_new_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_SSH, &privkey, &privkey_type, &pubkey);
- if (ret) {
- ERR(NULL, "Getting keys from file(s) failed.");
- goto cleanup;
- }
-
- /* get privkey identityref value */
- privkey_format = nc_config_new_privkey_format_to_identityref(privkey_type);
- if (!privkey_format) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "inline-definition/public-key-format", pubkey_format, config);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "inline-definition/public-key", pubkey, config);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "inline-definition/private-key-format", privkey_format, config);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "inline-definition/cleartext-private-key", privkey, config);
- if (ret) {
- goto cleanup;
- }
-
- /* delete keystore choice nodes if present */
- ret = nc_config_new_check_delete(config, "%s/keystore-reference", tree_path);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(privkey);
- free(pubkey);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
- const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, hostkey_name, privkey_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
- "server-identity/host-key[name='%s']/public-key", endpt_name, hostkey_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_ssh_hostkey(ctx, path, privkey_path, pubkey_path, config);
- if (ret) {
- ERR(NULL, "Creating new hostkey YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_hostkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *hostkey_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, hostkey_name, privkey_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
- "host-key[name='%s']/public-key", client_name, endpt_name, hostkey_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_ssh_hostkey(ctx, path, privkey_path, pubkey_path, config);
- if (ret) {
- ERR(NULL, "Creating new Call-Home hostkey YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
- struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- if (hostkey_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
- "server-identity/host-key[name='%s']", endpt_name, hostkey_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
- "server-identity/host-key", endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ch_ssh_del_hostkey(const char *client_name, const char *endpt_name,
- const char *hostkey_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (hostkey_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
- "host-key[name='%s']", client_name, endpt_name, hostkey_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
- "host-key", client_name, endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ssh_keystore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
- const char *keystore_reference, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, hostkey_name, keystore_reference, config, 1);
-
- ret = nc_config_new_create(ctx, config, keystore_reference, "/ietf-netconf-server:netconf-server/listen/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
- "keystore-reference", endpt_name, hostkey_name);
- if (ret) {
- goto cleanup;
- }
-
- /* delete inline definition nodes if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
- "inline-definition", endpt_name, hostkey_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_keystore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *hostkey_name, const char *keystore_reference, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, hostkey_name, keystore_reference, config, 1);
-
- ret = nc_config_new_create(ctx, config, keystore_reference, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
- "host-key[name='%s']/public-key/keystore-reference", client_name, endpt_name, hostkey_name);
- if (ret) {
- goto cleanup;
- }
-
- /* delete inline definition nodes if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
- "host-key[name='%s']/public-key/inline-definition", client_name, endpt_name, hostkey_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_keystore_ref(const char *endpt_name, const char *hostkey_name,
- struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
- "keystore-reference", endpt_name, hostkey_name);
-}
-
-API int
-nc_server_config_new_ch_ssh_del_keystore_ref(const char *client_name, const char *endpt_name,
- const char *hostkey_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, hostkey_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
- "host-key[name='%s']/public-key/keystore-reference", client_name, endpt_name, hostkey_name);
-}
-
-API int
-nc_server_config_new_ssh_auth_attempts(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_attempts,
- struct lyd_node **config)
-{
- int ret = 0;
- char *attempts_buf = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- /* uint to str */
- if (asprintf(&attempts_buf, "%u", auth_attempts) == -1) {
- ERRMEM;
- attempts_buf = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create(ctx, config, attempts_buf, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/libnetconf2-netconf-server:auth-attempts", endpt_name);
-
-cleanup:
- free(attempts_buf);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_auth_timeout(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_timeout,
- struct lyd_node **config)
-{
- int ret = 0;
- char *timeout_buf = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- /* uint to str */
- if (asprintf(&timeout_buf, "%u", auth_timeout) == -1) {
- ERRMEM;
- timeout_buf = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create(ctx, config, timeout_buf, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/libnetconf2-netconf-server:auth-timeout", endpt_name);
-
-cleanup:
- free(timeout_buf);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_auth_attempts(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- uint16_t auth_attempts, struct lyd_node **config)
-{
- int ret = 0;
- char *attempts_buf = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
-
- /* uint to str */
- if (asprintf(&attempts_buf, "%u", auth_attempts) == -1) {
- ERRMEM;
- attempts_buf = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create(ctx, config, attempts_buf, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "libnetconf2-netconf-server:auth-attempts", client_name, endpt_name);
-
-cleanup:
- free(attempts_buf);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_auth_timeout(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- uint16_t auth_timeout, struct lyd_node **config)
-{
- int ret = 0;
- char *timeout_buf = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
-
- /* uint to str */
- if (asprintf(&timeout_buf, "%u", auth_timeout) == -1) {
- ERRMEM;
- timeout_buf = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create(ctx, config, timeout_buf, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "libnetconf2-netconf-server:auth-timeout", client_name, endpt_name);
-
-cleanup:
- free(timeout_buf);
- return ret;
-}
-
-static int
-_nc_server_config_new_ssh_user_pubkey(const struct ly_ctx *ctx, const char *tree_path, const char *pubkey_path,
- struct lyd_node **config)
-{
- int ret = 0;
- char *pubkey = NULL;
- const char *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
-
- /* get pubkey data */
- ret = nc_server_config_new_get_ssh_pubkey_file(pubkey_path, &pubkey);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "public-key-format", pubkey_format, config);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "public-key", pubkey, config);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(pubkey);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_user_pubkey(const struct ly_ctx *ctx, const char *endpt_name,
- const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, pubkey_name, pubkey_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
- "public-key[name='%s']", endpt_name, user_name, pubkey_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_ssh_user_pubkey(ctx, path, pubkey_path, config);
- if (ret) {
- ERR(NULL, "Creating new SSH user's public key failed.");
- goto cleanup;
- }
-
- /* delete truststore reference if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/truststore-reference",
- endpt_name, user_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_user_pubkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, pubkey_name, pubkey_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/public-keys/inline-definition/public-key[name='%s']", client_name,
- endpt_name, user_name, pubkey_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_ssh_user_pubkey(ctx, path, pubkey_path, config);
- if (ret) {
- ERR(NULL, "Creating new CH SSH user's public key failed.");
- goto cleanup;
- }
-
- /* delete truststore reference if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
- "public-keys/truststore-reference", client_name, endpt_name, user_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_user_pubkey(const char *endpt_name, const char *user_name,
- const char *pubkey_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
-
- if (pubkey_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
- "public-key[name='%s']", endpt_name, user_name, pubkey_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
- "public-key", endpt_name, user_name);
- }
-}
-
-API int
-nc_server_config_new_ch_ssh_del_user_pubkey(const char *client_name, const char *endpt_name,
- const char *user_name, const char *pubkey_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
-
- if (pubkey_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/public-keys/inline-definition/public-key[name='%s']", client_name,
- endpt_name, user_name, pubkey_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/public-keys/inline-definition/public-key", client_name,
- endpt_name, user_name);
- }
-}
-
-static int
-_nc_server_config_new_ssh_user_password(const struct ly_ctx *ctx, const char *tree_path,
- const char *password, struct lyd_node **config)
-{
- int ret = 0;
- char *hashed_pw = NULL;
- const char *salt = "$6$idsizuippipk$";
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, password, config, 1);
-
-#ifdef HAVE_CRYPT_R
- struct crypt_data cdata;
-#endif
-
-#ifdef HAVE_CRYPT_R
- cdata.initialized = 0;
- hashed_pw = crypt_r(password, salt, &data);
-#else
- pthread_mutex_lock(&crypt_lock);
- hashed_pw = crypt(password, salt);
- pthread_mutex_unlock(&crypt_lock);
-#endif
-
- if (!hashed_pw) {
- ERR(NULL, "Hashing password failed (%s).", strerror(errno));
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "password", hashed_pw, config);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_user_password(const struct ly_ctx *ctx, const char *endpt_name,
- const char *user_name, const char *password, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, password, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
- "client-authentication/users/user[name='%s']", endpt_name, user_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_ssh_user_password(ctx, path, password, config);
- if (ret) {
- ERR(NULL, "Creating new SSH user's password failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_user_password(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *user_name, const char *password, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, password, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']", client_name, endpt_name, user_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_ssh_user_password(ctx, path, password, config);
- if (ret) {
- ERR(NULL, "Creating new CH SSH user's password failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_user_password(const char *endpt_name, const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']/password", endpt_name, user_name);
-}
-
-API int
-nc_server_config_new_ch_ssh_del_user_password(const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/password", client_name, endpt_name, user_name);
-}
-
-API int
-nc_server_config_new_ssh_user_none(const struct ly_ctx *ctx, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, config, 1);
-
- return nc_config_new_create(ctx, config, NULL, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/none", endpt_name, user_name);
-}
-
-API int
-nc_server_config_new_ch_ssh_user_none(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, config, 1);
-
- return nc_config_new_create(ctx, config, NULL, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/none", client_name, endpt_name, user_name);
-}
-
-API int
-nc_server_config_new_ssh_del_user_none(const char *endpt_name, const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']/none", endpt_name, user_name);
-}
-
-API int
-nc_server_config_new_ch_ssh_del_user_none(const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/none", client_name, endpt_name, user_name);
-}
-
-static int
-_nc_server_config_new_ssh_user_interactive(const struct ly_ctx *ctx, const char *tree_path,
- const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
-{
- int ret = 0;
-
- ret = nc_config_new_create_append(ctx, tree_path, "pam-config-file-name", pam_config_name, config);
- if (ret) {
- goto cleanup;
- }
-
- if (pam_config_dir) {
- ret = nc_config_new_create_append(ctx, tree_path, "pam-config-file-dir", pam_config_dir, config);
- if (ret) {
- goto cleanup;
- }
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_user_interactive(const struct ly_ctx *ctx, const char *endpt_name,
- const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, pam_config_name, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
- "client-authentication/users/user[name='%s']/"
- "libnetconf2-netconf-server:keyboard-interactive", endpt_name, user_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_ssh_user_interactive(ctx, path, pam_config_name, pam_config_dir, config);
- if (ret) {
- ERR(NULL, "Creating new SSH user's keyboard interactive nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_user_interactive(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, pam_config_name, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
- "libnetconf2-netconf-server:keyboard-interactive", client_name, endpt_name, user_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_ssh_user_interactive(ctx, path, pam_config_name, pam_config_dir, config);
- if (ret) {
- ERR(NULL, "Creating new CH SSH user's keyboard interactive nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_user_interactive(const char *endpt_name, const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']/"
- "libnetconf2-netconf-server:keyboard-interactive", endpt_name, user_name);
-}
-
-API int
-nc_server_config_new_ch_ssh_del_user_interactive(const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
- "libnetconf2-netconf-server:keyboard-interactive", client_name, endpt_name, user_name);
-}
-
-API int
-nc_server_config_new_ssh_del_user(const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (user_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']", endpt_name, user_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user", endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ch_ssh_del_user(const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (user_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']", client_name,
- endpt_name, user_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user", client_name, endpt_name);
- }
-}
-
-API int
-nc_config_new_ssh_endpoint_user_ref(const struct ly_ctx *ctx, const char *endpt_name,
- const char *referenced_endpt, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, referenced_endpt, config, 1);
-
- return nc_config_new_create(ctx, config, referenced_endpt, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
-}
-
-API int
-nc_config_new_ssh_del_endpoint_user_ref(const char *endpt_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
-}
-
-API int
-nc_server_config_new_ssh_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *user_name,
- const char *truststore_reference, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, truststore_reference, config, 1);
-
- ret = nc_config_new_create(ctx, config, truststore_reference, "/ietf-netconf-server:netconf-server/listen/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
- "truststore-reference", endpt_name, user_name);
- if (ret) {
- goto cleanup;
- }
-
- /* delete inline definition nodes if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition",
- endpt_name, user_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *user_name, const char *truststore_reference, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, truststore_reference, config, 1);
-
- ret = nc_config_new_create(ctx, config, truststore_reference, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/public-keys/truststore-reference", client_name, endpt_name, user_name);
- if (ret) {
- goto cleanup;
- }
-
- /* delete inline definition nodes if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
- "public-keys/inline-definition", client_name, endpt_name, user_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_truststore_ref(const char *endpt_name, const char *user_name,
- struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
- "truststore-reference", endpt_name, user_name);
-}
-
-API int
-nc_server_config_new_ch_ssh_del_truststore_ref(const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/public-keys/truststore-reference", client_name, endpt_name, user_name);
-}
-
-static int
-nc_server_config_new_ssh_transport_params_prep(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, struct lyd_node *config, struct lyd_node **new_tree, struct lyd_node **alg_tree)
-{
- int ret = 0;
- char *tree_path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, new_tree, alg_tree, 1);
-
- /* prepare path */
- if (client_name) {
- /* ch */
- ret = asprintf(&tree_path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/transport-params", client_name, endpt_name);
- } else {
- /* listen */
- ret = asprintf(&tree_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params", endpt_name);
- }
- if (ret == -1) {
- ERRMEM;
- tree_path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- /* create all the nodes in the path */
- ret = lyd_new_path2(config, ctx, tree_path, NULL, 0, 0, LYD_NEW_PATH_UPDATE, new_tree, alg_tree);
- if (ret) {
- ERR(NULL, "Creating new path to transport-params failed.");
- goto cleanup;
- }
-
- if (!*alg_tree) {
- /* no new nodes added, set the path correctly for adding child nodes later */
- ret = lyd_find_path(config, tree_path, 0, alg_tree);
- if (ret) {
- goto cleanup;
- }
- }
-
-cleanup:
- free(tree_path);
- return ret;
-}
-
-static int
-nc_server_config_new_ssh_transport_params_create(const struct ly_ctx *ctx, NC_ALG_TYPE alg_type, int alg_count, va_list ap,
- struct lyd_node *tree)
-{
- int i, ret = 0;
- char *alg, *alg_ident;
- const char *module, *alg_path, *old_path;
- struct lyd_node *old = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree, 1);
-
- /* get the correct module with the indentity base and the path in the ietf-netconf-server module */
- switch (alg_type) {
- case NC_ALG_HOSTKEY:
- module = "iana-ssh-public-key-algs";
- alg_path = "host-key/host-key-alg";
- old_path = "host-key";
- break;
- case NC_ALG_KEY_EXCHANGE:
- module = "iana-ssh-key-exchange-algs";
- alg_path = "key-exchange/key-exchange-alg";
- old_path = "key-exchange";
- break;
- case NC_ALG_ENCRYPTION:
- module = "iana-ssh-encryption-algs";
- alg_path = "encryption/encryption-alg";
- old_path = "encryption";
- break;
- case NC_ALG_MAC:
- module = "iana-ssh-mac-algs";
- alg_path = "mac/mac-alg";
- old_path = "mac";
- break;
- default:
- ret = 1;
- ERR(NULL, "Unknown algorithm type.");
- goto cleanup;
- }
-
- /* delete all older algorithms (if any) se they can be replaced by the new ones */
- lyd_find_path(tree, old_path, 0, &old);
- if (old) {
- lyd_free_tree(old);
- }
-
- for (i = 0; i < alg_count; i++) {
- alg = va_arg(ap, char *);
-
- if (asprintf(&alg_ident, "%s:%s", module, alg) == -1) {
- ERRMEM;
- ret = 1;
- goto cleanup;
- }
-
- /* create the leaf list */
- ret = lyd_new_path(tree, ctx, alg_path, alg_ident, 0, NULL);
- if (ret) {
- ERR(NULL, "Creating new algorithm leaf-list failed.");
- free(alg_ident);
- goto cleanup;
- }
-
- free(alg_ident);
- alg_ident = NULL;
- }
-
-cleanup:
- return ret;
-}
-
-static int
-nc_server_config_new_ssh_transport_params(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- NC_ALG_TYPE alg_type, int alg_count, va_list ap, struct lyd_node **config)
-{
- int ret = 0;
- struct lyd_node *new_tree, *alg_tree;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- /* prepare the tree for appending child nodes (the params) */
- ret = nc_server_config_new_ssh_transport_params_prep(ctx, client_name, endpt_name, *config, &new_tree, &alg_tree);
- if (ret) {
- goto cleanup;
- }
-
- if (!*config) {
- *config = new_tree;
- }
-
- /* create the child nodes */
- ret = nc_server_config_new_ssh_transport_params_create(ctx, alg_type, alg_count, ap, alg_tree);
- if (ret) {
- goto cleanup;
- }
-
- /* add all default nodes */
- ret = lyd_new_implicit_tree(*config, LYD_IMPLICIT_NO_STATE, NULL);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_host_key_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_new_ssh_transport_params(ctx, NULL, endpt_name, NC_ALG_HOSTKEY, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new hostkey algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_host_key_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_new_ssh_transport_params(ctx, client_name, endpt_name, NC_ALG_HOSTKEY, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new hostkey algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_host_key_alg(const char *endpt_name, const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (alg) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/host-key/"
- "host-key-alg[.='iana-ssh-public-key-algs:%s']", endpt_name, alg);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/host-key", endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ch_ssh_del_host_key_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (alg) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/host-key/"
- "host-key-alg[.='iana-ssh-public-key-algs:%s']", client_name, endpt_name, alg);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/host-key", client_name, endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_new_ssh_transport_params(ctx, NULL, endpt_name, NC_ALG_KEY_EXCHANGE, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new key exchange algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_new_ssh_transport_params(ctx, client_name, endpt_name, NC_ALG_KEY_EXCHANGE, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new key exchange algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_key_exchange_alg(const char *endpt_name, const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (alg) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/key-exchange/"
- "key-exchange-alg[.='iana-ssh-key-exchange-algs:%s']", endpt_name, alg);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/key-exchange", endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ch_ssh_del_key_exchange_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (alg) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/key-exchange/"
- "key-exchange-alg[.='iana-ssh-key-exchange-algs:%s']", client_name, endpt_name, alg);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/key-exchange", client_name, endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ssh_encryption_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_new_ssh_transport_params(ctx, NULL, endpt_name, NC_ALG_ENCRYPTION, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new encryption algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_encryption_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_new_ssh_transport_params(ctx, client_name, endpt_name, NC_ALG_ENCRYPTION, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new encryption algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_encryption_alg(const char *endpt_name, const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (alg) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/encryption/"
- "encryption-alg[.='iana-ssh-encryption-algs:%s']", endpt_name, alg);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/encryption", endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ch_ssh_del_encryption_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (alg) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/encryption/"
- "encryption-alg[.='iana-ssh-encryption-algs:%s']", client_name, endpt_name, alg);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/encryption", client_name, endpt_name);
- }
-}
-
-API int
-nc_server_config_ssh_new_mac_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_new_ssh_transport_params(ctx, NULL, endpt_name, NC_ALG_MAC, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new mac algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_ssh_mac_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_new_ssh_transport_params(ctx, client_name, endpt_name, NC_ALG_MAC, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new mac algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_new_ssh_del_mac_alg(const char *endpt_name, const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (alg) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/mac/"
- "mac-alg[.='iana-ssh-mac-algs:%s']", endpt_name, alg);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/mac", endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ch_ssh_del_mac_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (alg) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/mac/"
- "mac-alg[.='iana-ssh-mac-algs:%s']", client_name, endpt_name, alg);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/mac", client_name, endpt_name);
- }
-}
diff --git a/src/config_new_tls.c b/src/config_new_tls.c
deleted file mode 100644
index 2fb7a7b..0000000
--- a/src/config_new_tls.c
+++ /dev/null
@@ -1,1385 +0,0 @@
-/**
- * @file config_new_tls.c
- * @author Roman Janota <janota@cesnet.cz>
- * @brief libnetconf2 TLS server new configuration creation functions
- *
- * @copyright
- * Copyright (c) 2023 CESNET, z.s.p.o.
- *
- * This source code is licensed under BSD 3-Clause License (the "License").
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://opensource.org/licenses/BSD-3-Clause
- */
-
-#define _GNU_SOURCE
-
-#include <stdarg.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <libyang/libyang.h>
-
-#include "compat.h"
-#include "config.h"
-#include "config_new.h"
-#include "log_p.h"
-#include "server_config.h"
-#include "session.h"
-#include "session_p.h"
-
-static int
-_nc_server_config_new_tls_server_certificate(const struct ly_ctx *ctx, const char *tree_path, const char *privkey_path,
- const char *pubkey_path, const char *certificate_path, struct lyd_node **config)
-{
- int ret = 0;
- char *privkey = NULL, *pubkey = NULL, *cert = NULL;
- NC_PRIVKEY_FORMAT privkey_type;
- const char *privkey_format, *pubkey_format = "ietf-crypto-types:subject-public-key-info-format";
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, privkey_path, certificate_path, config, 1);
-
- /* get the keys as a string from the given files */
- ret = nc_server_config_new_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_X509, &privkey, &privkey_type, &pubkey);
- if (ret) {
- ERR(NULL, "Getting keys from file(s) failed.");
- goto cleanup;
- }
-
- /* get cert data from file */
- ret = nc_server_config_new_read_certificate(certificate_path, &cert);
- if (ret) {
- ERR(NULL, "Getting certificate from file \"%s\" failed.", certificate_path);
- goto cleanup;
- }
-
- /* get privkey identityref value */
- privkey_format = nc_config_new_privkey_format_to_identityref(privkey_type);
- if (!privkey_format) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "inline-definition/public-key-format", pubkey_format, config);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "inline-definition/public-key", pubkey, config);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "inline-definition/private-key-format", privkey_format, config);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "inline-definition/cleartext-private-key", privkey, config);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "inline-definition/cert-data", cert, config);
- if (ret) {
- goto cleanup;
- }
-
- /* delete keystore if present */
- ret = nc_config_new_check_delete(config, "%s/keystore-reference", tree_path);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(privkey);
- free(pubkey);
- free(cert);
- return ret;
-}
-
-API int
-nc_server_config_new_tls_server_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *privkey_path,
- const char *pubkey_path, const char *certificate_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, privkey_path, certificate_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "tls/tls-server-parameters/server-identity/certificate", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_server_certificate(ctx, path, privkey_path, pubkey_path,
- certificate_path, config);
- if (ret) {
- ERR(NULL, "Creating new TLS server certificate YANG data failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_server_certificate(const char *endpt_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "tls/tls-server-parameters/server-identity/certificate/inline-definition", endpt_name);
-}
-
-API int
-nc_server_config_new_ch_tls_server_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *privkey_path, const char *pubkey_path, const char *certificate_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, privkey_path, certificate_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/server-identity/"
- "certificate", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_server_certificate(ctx, path, privkey_path, pubkey_path,
- certificate_path, config);
- if (ret) {
- ERR(NULL, "Creating new CH TLS server certificate YANG data failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_del_server_certificate(const char *client_name, const char *endpt_name,
- struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/server-identity/"
- "certificate/inline-definition", client_name, endpt_name);
-}
-
-static int
-_nc_server_config_new_tls_keystore_ref(const struct ly_ctx *ctx, const char *tree_path, const char *asym_key_ref,
- const char *cert_ref, struct lyd_node **config)
-{
- int ret = 0;
-
- /* create asymmetric key pair reference */
- ret = nc_config_new_create_append(ctx, tree_path, "keystore-reference/asymmetric-key", asym_key_ref, config);
- if (ret) {
- goto cleanup;
- }
-
- /* create cert reference, this cert has to belong to the asym key */
- ret = nc_config_new_create_append(ctx, tree_path, "keystore-reference/certificate", cert_ref, config);
- if (ret) {
- goto cleanup;
- }
-
- /* delete inline definition if present */
- ret = nc_config_new_check_delete(config, "%s/inline-definition", tree_path);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_tls_keystore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *asym_key_ref,
- const char *cert_ref, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, asym_key_ref, cert_ref, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "tls/tls-server-parameters/server-identity/certificate", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_keystore_ref(ctx, path, asym_key_ref, cert_ref, config);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_keystore_ref(const char *endpt_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "tls/tls-server-parameters/server-identity/certificate/keystore-reference", endpt_name);
-}
-
-API int
-nc_server_config_new_ch_tls_keystore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *asym_key_ref, const char *cert_ref, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, asym_key_ref, cert_ref, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/tls/tls-server-parameters/server-identity/certificate", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_keystore_ref(ctx, path, asym_key_ref, cert_ref, config);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_del_keystore_ref(const char *client_name, const char *endpt_name,
- struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/server-identity/certificate/"
- "keystore-reference", client_name, endpt_name);
-}
-
-static int
-_nc_server_config_new_tls_client_certificate(const struct ly_ctx *ctx, const char *tree_path,
- const char *cert_path, struct lyd_node **config)
-{
- int ret = 0;
- char *cert = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, cert_path, config, 1);
-
- ret = nc_server_config_new_read_certificate(cert_path, &cert);
- if (ret) {
- ERR(NULL, "Getting certificate from file \"%s\" failed.", cert_path);
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "cert-data", cert, config);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(cert);
- return ret;
-}
-
-API int
-nc_server_config_new_tls_client_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
- const char *cert_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cert_name, cert_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ee-certs/inline-definition/certificate[name='%s']", endpt_name, cert_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_client_certificate(ctx, path, cert_path, config);
- if (ret) {
- ERR(NULL, "Creating new TLS client certificate YANG data failed.");
- goto cleanup;
- }
-
- /* delete truststore if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ee-certs/truststore-reference", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_client_certificate(const char *endpt_name, const char *cert_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (cert_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ee-certs/inline-definition/"
- "certificate[name='%s']", endpt_name, cert_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ee-certs/inline-definition/"
- "certificate", endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ch_tls_client_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *cert_name, const char *cert_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cert_name, cert_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ee-certs/"
- "inline-definition/certificate[name='%s']", client_name, endpt_name, cert_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_client_certificate(ctx, path, cert_path, config);
- if (ret) {
- ERR(NULL, "Creating new CH TLS client certificate YANG data failed.");
- goto cleanup;
- }
-
- /* delete truststore if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ee-certs/truststore-reference", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_del_client_certificate(const char *client_name, const char *endpt_name,
- const char *cert_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (cert_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ee-certs/"
- "inline-definition/certificate[name='%s']", client_name, endpt_name, cert_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ee-certs/"
- "inline-definition/certificate", client_name, endpt_name);
- }
-}
-
-API int
-nc_server_config_new_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
- const char *cert_bag_ref, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cert_bag_ref, config, 1);
-
- ret = nc_config_new_create(ctx, config, cert_bag_ref, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ee-certs/truststore-reference", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- /* delete inline definition if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ee-certs/inline-definition", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_client_cert_truststore_ref(const char *endpt_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ee-certs/truststore-reference", endpt_name);
-}
-
-API int
-nc_server_config_new_ch_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cert_bag_ref, config, 1);
-
- ret = nc_config_new_create(ctx, config, cert_bag_ref, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ee-certs/truststore-reference", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- /* delete inline definition if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ee-certs/inline-definition", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_del_client_cert_truststore_ref(const char *client_name, const char *endpt_name,
- struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ee-certs/truststore-reference", client_name, endpt_name);
-}
-
-API int
-nc_server_config_new_tls_client_ca(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
- const char *cert_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cert_name, cert_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ca-certs/inline-definition/certificate[name='%s']", endpt_name, cert_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_client_certificate(ctx, path, cert_path, config);
- if (ret) {
- ERR(NULL, "Creating new TLS client certificate authority YANG data failed.");
- goto cleanup;
- }
-
- /* delete truststore if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ca-certs/truststore-reference", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_client_ca(const char *endpt_name, const char *cert_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (cert_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ca-certs/inline-definition/"
- "certificate[name='%s']", endpt_name, cert_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ca-certs/inline-definition/"
- "certificate", endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ch_tls_client_ca(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *cert_name, const char *cert_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cert_name, cert_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ca-certs/"
- "inline-definition/certificate[name='%s']", client_name, endpt_name, cert_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_client_certificate(ctx, path, cert_path, config);
- if (ret) {
- ERR(NULL, "Creating new CH TLS client certificate authority YANG data failed.");
- goto cleanup;
- }
-
- /* delete truststore if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ca-certs/truststore-reference", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_del_client_ca(const char *client_name, const char *endpt_name,
- const char *cert_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (cert_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ca-certs/"
- "inline-definition/certificate[name='%s']", client_name, endpt_name, cert_name);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ca-certs/"
- "inline-definition/certificate", client_name, endpt_name);
- }
-}
-
-API int
-nc_server_config_new_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
- const char *cert_bag_ref, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cert_bag_ref, config, 1);
-
- ret = nc_config_new_create(ctx, config, cert_bag_ref, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ca-certs/truststore-reference", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- /* delete inline definition if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ca-certs/inline-definition", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_client_ca_truststore_ref(const char *endpt_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/client-authentication/ca-certs/truststore-reference", endpt_name);
-}
-
-API int
-nc_server_config_new_ch_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cert_bag_ref, config, 1);
-
- ret = nc_config_new_create(ctx, config, cert_bag_ref, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ca-certs/truststore-reference", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- /* delete inline definition if present */
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ca-certs/inline-definition", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_del_client_ca_truststore_ref(const char *client_name, const char *endpt_name,
- struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/ca-certs/truststore-reference", client_name, endpt_name);
-}
-
-static const char *
-nc_config_new_tls_maptype2str(NC_TLS_CTN_MAPTYPE map_type)
-{
- switch (map_type) {
- case NC_TLS_CTN_SPECIFIED:
- return "ietf-x509-cert-to-name:specified";
- case NC_TLS_CTN_SAN_RFC822_NAME:
- return "ietf-x509-cert-to-name:san-rfc822-name";
- case NC_TLS_CTN_SAN_DNS_NAME:
- return "ietf-x509-cert-to-name:san-dns-name";
- case NC_TLS_CTN_SAN_IP_ADDRESS:
- return "ietf-x509-cert-to-name:san-ip-address";
- case NC_TLS_CTN_SAN_ANY:
- return "ietf-x509-cert-to-name:san-any";
- case NC_TLS_CTN_COMMON_NAME:
- return "ietf-x509-cert-to-name:common-name";
- case NC_TLS_CTN_UNKNOWN:
- default:
- ERR(NULL, "Unknown CTN mapping type.");
- return NULL;
- }
-}
-
-static int
-_nc_server_config_new_tls_ctn(const struct ly_ctx *ctx, const char *tree_path, const char *fingerprint,
- NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config)
-{
- int ret = 0;
- const char *map;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, name, config, 1);
-
- if (fingerprint) {
- /* optional */
- ret = nc_config_new_create_append(ctx, tree_path, "fingerprint", fingerprint, config);
- if (ret) {
- goto cleanup;
- }
- }
-
- /* get map str */
- map = nc_config_new_tls_maptype2str(map_type);
- if (!map) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "map-type", map, config);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "name", name, config);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_tls_ctn(const struct ly_ctx *ctx, const char *endpt_name, uint32_t id, const char *fingerprint,
- NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, id, name, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/netconf-server-parameters/"
- "client-identity-mappings/cert-to-name[id='%u']", endpt_name, id) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_ctn(ctx, path, fingerprint, map_type, name, config);
- if (ret) {
- ERR(NULL, "Creating new TLS cert-to-name YANG data failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_ctn(const char *endpt_name, uint32_t id, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (id) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "netconf-server-parameters/client-identity-mappings/cert-to-name[id='%u']", endpt_name, id);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "netconf-server-parameters/client-identity-mappings/cert-to-name", endpt_name);
- }
-}
-
-API int
-nc_server_config_new_ch_tls_ctn(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- uint32_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, id, name, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/netconf-server-parameters/client-identity-mappings/"
- "cert-to-name[id='%u']", client_name, endpt_name, id) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_ctn(ctx, path, fingerprint, map_type, name, config);
- if (ret) {
- ERR(NULL, "Creating new CH TLS cert-to-name YANG data failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_del_ctn(const char *client_name, const char *endpt_name,
- uint32_t id, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (id) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/netconf-server-parameters/client-identity-mappings/"
- "cert-to-name[id='%u']", client_name, endpt_name, id);
- } else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/netconf-server-parameters/client-identity-mappings/"
- "cert-to-name", client_name, endpt_name);
- }
-}
-
-static const char *
-nc_config_new_tls_tlsversion2str(NC_TLS_VERSION version)
-{
- switch (version) {
- case NC_TLS_VERSION_10:
- return "ietf-tls-common:tls10";
- case NC_TLS_VERSION_11:
- return "ietf-tls-common:tls11";
- case NC_TLS_VERSION_12:
- return "ietf-tls-common:tls12";
- case NC_TLS_VERSION_13:
- return "ietf-tls-common:tls13";
- default:
- ERR(NULL, "Unknown TLS version.");
- return NULL;
- }
-}
-
-API int
-nc_server_config_new_tls_version(const struct ly_ctx *ctx, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config)
-{
- int ret = 0;
- const char *version;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- /* version to str */
- version = nc_config_new_tls_tlsversion2str(tls_version);
- if (!version) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create(ctx, config, version, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "hello-params/tls-versions/tls-version", endpt_name);
- if (ret) {
- ERR(NULL, "Creating new YANG data nodes for TLS version failed.");
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_version(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config)
-{
- int ret = 0;
- const char *version;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
-
- /* version to str */
- version = nc_config_new_tls_tlsversion2str(tls_version);
- if (!version) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create(ctx, config, version, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "hello-params/tls-versions/tls-version", client_name, endpt_name);
- if (ret) {
- ERR(NULL, "Creating new YANG data nodes for CH TLS version failed.");
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_version(const char *endpt_name, NC_TLS_VERSION tls_version, struct lyd_node **config)
-{
- int ret = 0;
- const char *version;
-
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- /* version to str */
- version = nc_config_new_tls_tlsversion2str(tls_version);
- if (!version) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/hello-params/tls-versions/tls-version[.='%s']", endpt_name, version);
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_del_version(const char *client_name, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config)
-{
- int ret = 0;
- const char *version;
-
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- /* version to str */
- version = nc_config_new_tls_tlsversion2str(tls_version);
- if (!version) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/"
- "tls-server-parameters/hello-params/tls-versions/tls-version[.='%s']", client_name, endpt_name, version);
-
-cleanup:
- return ret;
-}
-
-static int
-_nc_server_config_new_tls_ciphers(const struct ly_ctx *ctx, const char *tree_path,
- int cipher_count, va_list ap, struct lyd_node **config)
-{
- int ret = 0, i;
- struct lyd_node *old = NULL;
- char *cipher = NULL, *cipher_ident = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, config, 1);
-
- /* delete all older algorithms (if any) se they can be replaced by the new ones */
- lyd_find_path(*config, tree_path, 0, &old);
- if (old) {
- lyd_free_tree(old);
- }
-
- for (i = 0; i < cipher_count; i++) {
- cipher = va_arg(ap, char *);
-
- if (asprintf(&cipher_ident, "iana-tls-cipher-suite-algs:%s", cipher) == -1) {
- ERRMEM;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_config_new_create_append(ctx, tree_path, "cipher-suite", cipher_ident, config);
- if (ret) {
- free(cipher_ident);
- goto cleanup;
- }
-
- free(cipher_ident);
- cipher_ident = NULL;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_tls_ciphers(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int cipher_count, ...)
-{
- int ret = 0;
- va_list ap;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cipher_count, config, 1);
-
- va_start(ap, cipher_count);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/hello-params/cipher-suites", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_ciphers(ctx, path, cipher_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new TLS cipher YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_ciphers(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int cipher_count, ...)
-{
- int ret = 0;
- va_list ap;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cipher_count, config, 1);
-
- va_start(ap, cipher_count);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/tls/tls-server-parameters/hello-params/cipher-suites", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_ciphers(ctx, path, cipher_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new Call-Home TLS cipher YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_cipher(const char *endpt_name, const char *cipher, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, cipher, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "tls/tls-server-parameters/hello-params/cipher-suites/"
- "cipher-suite[.='iana-tls-cipher-suite-algs:%s']", endpt_name, cipher);
-}
-
-API int
-nc_server_config_new_ch_tls_del_cipher(const char *client_name, const char *endpt_name,
- const char *cipher, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, cipher, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/hello-params/cipher-suites/"
- "cipher-suite[.='iana-tls-cipher-suite-algs:%s']", client_name, endpt_name, cipher);
-}
-
-static int
-_nc_server_config_new_tls_crl_path(const struct ly_ctx *ctx, const char *tree_path,
- const char *crl_path, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, crl_path, config, 1);
-
- /* create the crl path node */
- ret = nc_config_new_create_append(ctx, tree_path, "libnetconf2-netconf-server:crl-path", crl_path, config);
- if (ret) {
- goto cleanup;
- }
-
- /* delete other choice nodes if they are present */
- ret = nc_config_new_check_delete(config, "%s/libnetconf2-netconf-server:crl-url", tree_path);
- if (ret) {
- goto cleanup;
- }
- ret = nc_config_new_check_delete(config, "%s/libnetconf2-netconf-server:crl-cert-ext", tree_path);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_tls_crl_path(const struct ly_ctx *ctx, const char *endpt_name,
- const char *crl_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, crl_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_crl_path(ctx, path, crl_path, config);
- if (ret) {
- ERR(NULL, "Creating new CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_crl_path(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *crl_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, crl_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_crl_path(ctx, path, crl_path, config);
- if (ret) {
- ERR(NULL, "Creating new CH CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-static int
-_nc_server_config_new_tls_crl_url(const struct ly_ctx *ctx, const char *tree_path,
- const char *crl_url, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, crl_url, config, 1);
-
- /* create the crl path node */
- ret = nc_config_new_create_append(ctx, tree_path, "libnetconf2-netconf-server:crl-url", crl_url, config);
- if (ret) {
- goto cleanup;
- }
-
- /* delete other choice nodes if they are present */
- ret = nc_config_new_check_delete(config, "%s/libnetconf2-netconf-server:crl-path", tree_path);
- if (ret) {
- goto cleanup;
- }
- ret = nc_config_new_check_delete(config, "%s/libnetconf2-netconf-server:crl-cert-ext", tree_path);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_tls_crl_url(const struct ly_ctx *ctx, const char *endpt_name, const char *crl_url, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, crl_url, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_crl_url(ctx, path, crl_url, config);
- if (ret) {
- ERR(NULL, "Creating new CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_crl_url(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *crl_url, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, crl_url, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_crl_url(ctx, path, crl_url, config);
- if (ret) {
- ERR(NULL, "Creating new CH CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-static int
-_nc_server_config_new_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *tree_path, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, config, 1);
-
- /* create the crl path node */
- ret = nc_config_new_create_append(ctx, tree_path, "libnetconf2-netconf-server:crl-cert-ext", NULL, config);
- if (ret) {
- goto cleanup;
- }
-
- /* delete other choice nodes if they are present */
- ret = nc_config_new_check_delete(config, "%s/libnetconf2-netconf-server:crl-path", tree_path);
- if (ret) {
- goto cleanup;
- }
- ret = nc_config_new_check_delete(config, "%s/libnetconf2-netconf-server:crl-url", tree_path);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_crl_cert_ext(ctx, path, config);
- if (ret) {
- ERR(NULL, "Creating new CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_new_tls_crl_cert_ext(ctx, path, config);
- if (ret) {
- ERR(NULL, "Creating new CH CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_new_tls_del_crl(const char *endpt_name, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-path", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-url", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-cert-ext", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_new_ch_tls_del_crl(const char *client_name, const char *endpt_name, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-path", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-url", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-cert-ext", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_config_new_tls_endpoint_client_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *referenced_endpt, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, referenced_endpt, config, 1);
-
- return nc_config_new_create(ctx, config, referenced_endpt, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
-}
-
-API int
-nc_config_new_tls_del_endpoint_client_ref(const char *endpt_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
-}
diff --git a/src/server_config.c b/src/server_config.c
index 56b03dc..328367b 100644
--- a/src/server_config.c
+++ b/src/server_config.c
@@ -4415,15 +4415,14 @@
* encrypted-passwords, hidden-symmetric-keys, encrypted-symmetric-keys, hidden-private-keys, encrypted-private-keys,
* one-symmetric-key-format, one-asymmetric-key-format, symmetrically-encrypted-value-format,
* asymmetrically-encrypted-value-format, cms-enveloped-data-format, cms-encrypted-data-format,
- * cleartext-symmetric-keys
- */
+ * cleartext-symmetric-keys */
const char *ietf_crypto_types[] = {"cleartext-passwords", "cleartext-private-keys", NULL};
/* all features */
const char *ietf_tcp_common[] = {"keepalives-supported", NULL};
/* all features */
const char *ietf_tcp_server[] = {"tcp-server-keepalives", NULL};
- /* no proxy-connect, socks5-gss-api, socks5-username-password */
- const char *ietf_tcp_client[] = {"local-binding-supported", "tcp-client-keepalives", NULL};
+ /* no proxy-connect, socks5-gss-api, socks5-username-password, local-binding-supported ? */
+ const char *ietf_tcp_client[] = {"tcp-client-keepalives", NULL};
/* no ssh-x509-certs, public-key-generation */
const char *ietf_ssh_common[] = {"transport-params", NULL};
/* no ssh-server-keepalives and local-user-auth-hostbased */
diff --git a/src/server_config.h b/src/server_config.h
index e3a8544..e38c086 100644
--- a/src/server_config.h
+++ b/src/server_config.h
@@ -20,7 +20,6 @@
extern "C" {
#endif
-#include <stdarg.h>
#include <stdint.h>
#include <libyang/libyang.h>
@@ -71,7 +70,7 @@
* Context must already have implemented the required modules, see ::nc_server_config_load_modules().
*
* @param[in] diff YANG diff belonging to either ietf-netconf-server, ietf-keystore or ietf-truststore modules.
- * This diff should be validated. The top level node HAS to have an operation (create, replace, delete or none).
+ * The top level node HAS to have an operation (create, replace, delete or none).
* @return 0 on success, 1 on error.
*/
int nc_server_config_setup_diff(const struct lyd_node *diff);
@@ -84,7 +83,7 @@
* Context must already have implemented the required modules, see ::nc_server_config_load_modules().
*
* @param[in] data YANG data belonging to either ietf-netconf-server, ietf-keystore or ietf-truststore modules.
- * This data should be validated. No node can have an operation attribute.
+ * This data __must be valid__. No node can have an operation attribute.
* @return 0 on success, 1 on error.
*/
int nc_server_config_setup_data(const struct lyd_node *data);
@@ -97,6 +96,7 @@
*
* @param[in] ctx libyang context.
* @param[in] path Path to a file with ietf-netconf-server, ietf-keystore or ietf-truststore YANG data.
+ * This data __must be valid__. No node can have an operation attribute.
* @return 0 on success, 1 on error.
*/
int nc_server_config_setup_path(const struct ly_ctx *ctx, const char *path);
@@ -116,7 +116,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_address_port(const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport,
+int nc_server_config_add_address_port(const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport,
const char *address, uint16_t port, struct lyd_node **config);
#endif /* NC_ENABLED_SSH_TLS */
@@ -135,7 +135,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_unix_socket(const struct ly_ctx *ctx, const char *endpt_name, const char *path,
+int nc_server_config_add_unix_socket(const struct ly_ctx *ctx, const char *endpt_name, const char *path,
mode_t mode, uid_t uid, gid_t gid, struct lyd_node **config);
/**
@@ -146,7 +146,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_del_endpt(const char *endpt_name, struct lyd_node **config);
+int nc_server_config_del_endpt(const char *endpt_name, struct lyd_node **config);
#ifdef NC_ENABLED_SSH_TLS
@@ -164,7 +164,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_keystore_asym_key(const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti, const char *asym_key_name,
+int nc_server_config_add_keystore_asym_key(const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti, const char *asym_key_name,
const char *privkey_path, const char *pubkey_path, struct lyd_node **config);
/**
@@ -175,7 +175,7 @@
* @param[in,out] config Configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_del_keystore_asym_key(const char *asym_key_name, struct lyd_node **config);
+int nc_server_config_del_keystore_asym_key(const char *asym_key_name, struct lyd_node **config);
/**
* @brief Creates new YANG data nodes for a certificate in the keystore.
@@ -193,7 +193,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_keystore_cert(const struct ly_ctx *ctx, const char *asym_key_name, const char *cert_name,
+int nc_server_config_add_keystore_cert(const struct ly_ctx *ctx, const char *asym_key_name, const char *cert_name,
const char *cert_path, struct lyd_node **config);
/**
@@ -206,12 +206,13 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_del_keystore_cert(const char *asym_key_name, const char *cert_name, struct lyd_node **config);
+int nc_server_config_del_keystore_cert(const char *asym_key_name, const char *cert_name, struct lyd_node **config);
/**
* @brief Creates new YANG data nodes for a public key in the truststore.
*
* @param[in] ctx libyang context.
+ * @param[in] ti Transport for which this key will be used, to be generated correctly.
* @param[in] pub_bag_name Arbitrary identifier of the public key bag.
* This name is used to reference the public keys in the bag.
* If a public key bag with this name already exists, its contents will be changed.
@@ -222,8 +223,8 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_truststore_pubkey(const struct ly_ctx *ctx, const char *pub_bag_name, const char *pubkey_name,
- const char *pubkey_path, struct lyd_node **config);
+int nc_server_config_add_truststore_pubkey(const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti,
+ const char *pub_bag_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config);
/**
* @brief Deletes a truststore's public key from the YANG data.
@@ -234,7 +235,7 @@
* @param[in,out] config Configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_del_truststore_pubkey(const char *pub_bag_name, const char *pubkey_name, struct lyd_node **config);
+int nc_server_config_del_truststore_pubkey(const char *pub_bag_name, const char *pubkey_name, struct lyd_node **config);
/**
* @brief Creates new YANG data nodes for a certificate in the truststore.
@@ -250,7 +251,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_truststore_cert(const struct ly_ctx *ctx, const char *cert_bag_name, const char *cert_name,
+int nc_server_config_add_truststore_cert(const struct ly_ctx *ctx, const char *cert_bag_name, const char *cert_name,
const char *cert_path, struct lyd_node **config);
/**
@@ -262,7 +263,7 @@
* @param[in,out] config Configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_del_truststore_cert(const char *cert_bag_name,
+int nc_server_config_del_truststore_cert(const char *cert_bag_name,
const char *cert_name, struct lyd_node **config);
/**
@@ -293,7 +294,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
+int nc_server_config_add_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
const char *privkey_path, const char *pubkey_path, struct lyd_node **config);
/**
@@ -306,39 +307,10 @@
* @param[in,out] config Configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_del_hostkey(const struct ly_ctx *ctx, const char *endpt_name,
+int nc_server_config_del_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name,
const char *hostkey_name, struct lyd_node **config);
/**
- * @brief Creates new YANG data nodes for a reference to an asymmetric key located in the keystore.
- *
- * This asymmetric key pair will be used as the SSH hostkey.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of an endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey.
- * If an endpoint's hostkey with this identifier already exists, its contents will be changed.
- * @param[in] keystore_reference Name of the asymmetric key pair to be referenced and used as a hostkey.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_keystore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
- const char *keystore_reference, struct lyd_node **config);
-
-/**
- * @brief Deletes a keystore reference from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] hostkey_name Identifier of an existing hostkey on the given endpoint.
- * @param[in,out] config Configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_del_keystore_ref(const char *endpt_name, const char *hostkey_name,
- struct lyd_node **config);
-
-/**
* @brief Creates new YANG configuration data nodes for the maximum amount of failed SSH authentication attempts.
*
* @param[in] ctx libyang context.
@@ -350,7 +322,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_auth_attempts(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_attempts,
+int nc_server_config_add_ssh_auth_attempts(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_attempts,
struct lyd_node **config);
/**
@@ -365,7 +337,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_auth_timeout(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_timeout,
+int nc_server_config_add_ssh_auth_timeout(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_timeout,
struct lyd_node **config);
/**
@@ -383,7 +355,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_user_pubkey(const struct ly_ctx *ctx, const char *endpt_name,
+int nc_server_config_add_ssh_user_pubkey(const struct ly_ctx *ctx, const char *endpt_name,
const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config);
/**
@@ -396,7 +368,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_del_user_pubkey(const char *endpt_name, const char *user_name,
+int nc_server_config_del_ssh_user_pubkey(const char *endpt_name, const char *user_name,
const char *pubkey_name, struct lyd_node **config);
/**
@@ -412,7 +384,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_user_password(const struct ly_ctx *ctx, const char *endpt_name,
+int nc_server_config_add_ssh_user_password(const struct ly_ctx *ctx, const char *endpt_name,
const char *user_name, const char *password, struct lyd_node **config);
/**
@@ -423,33 +395,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_del_user_password(const char *endpt_name, const char *user_name,
- struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for an SSH user's none authentication method.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its user might be changed.
- * @param[in] user_name Arbitrary identifier of the user.
- * If an user with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_user_none(const struct ly_ctx *ctx, const char *endpt_name,
- const char *user_name, struct lyd_node **config);
-
-/**
- * @brief Deletes an SSH user's none authentication method from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] user_name Identifier of an existing user on the given endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_del_user_none(const char *endpt_name, const char *user_name,
+int nc_server_config_del_ssh_user_password(const char *endpt_name, const char *user_name,
struct lyd_node **config);
/**
@@ -468,7 +414,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_user_interactive(const struct ly_ctx *ctx, const char *endpt_name,
+int nc_server_config_add_ssh_user_interactive(const struct ly_ctx *ctx, const char *endpt_name,
const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config);
/**
@@ -479,7 +425,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_del_user_interactive(const char *endpt_name, const char *user_name,
+int nc_server_config_del_ssh_user_interactive(const char *endpt_name, const char *user_name,
struct lyd_node **config);
/**
@@ -491,39 +437,10 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ssh_del_user(const char *endpt_name,
+int nc_server_config_del_ssh_user(const char *endpt_name,
const char *user_name, struct lyd_node **config);
/**
- * @brief Creates new YANG data nodes for a reference to a public key bag located in the truststore.
- *
- * The public key's located in the bag will be used for client authentication.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of an endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] user_name Arbitrary identifier of the endpoint's user.
- * If an endpoint's user with this identifier already exists, its contents will be changed.
- * @param[in] truststore_reference Name of the public key bag to be referenced and used for authentication.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *user_name,
- const char *truststore_reference, struct lyd_node **config);
-
-/**
- * @brief Deletes a truststore reference from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] user_name Identifier of an user on the given endpoint whose truststore reference will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_del_truststore_ref(const char *endpt_name, const char *user_name,
- struct lyd_node **config);
-
-/**
* @brief Creates new YANG configuration data nodes, which will be a reference to another SSH endpoint's users.
*
* Whenever a client tries to connect to the referencing endpoint, all of its users will be tried first. If no match is
@@ -538,7 +455,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_config_new_ssh_endpoint_user_ref(const struct ly_ctx *ctx, const char *endpt_name,
+int nc_server_config_add_ssh_endpoint_client_ref(const struct ly_ctx *ctx, const char *endpt_name,
const char *referenced_endpt, struct lyd_node **config);
/**
@@ -548,123 +465,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_config_new_ssh_del_endpoint_user_ref(const char *endpt_name, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for host-key algorithms replacing any previous ones.
- *
- * Supported algorithms are: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
- * rsa-sha2-512, rsa-sha2-256, ssh-rsa and ssh-dss.
- *
- * @param[in] ctx libyang context
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its host-key algorithms will be replaced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of host-key algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_host_key_algs(const struct ly_ctx *ctx, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a hostkey algorithm from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the hostkey algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_del_host_key_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for key exchange algorithms replacing any previous ones.
- *
- * Supported algorithms are: diffie-hellman-group-exchange-sha1, curve25519-sha256, ecdh-sha2-nistp256,
- * ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512,
- * diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256.
- *
- * @param[in] ctx libyang context
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its key exchange algorithms will be replaced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of key exchange algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...);
-
-/**
- * @brief Deletes a key exchange algorithm from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the key exchange algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_del_key_exchange_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for encryption algorithms replacing any previous ones.
- *
- * Supported algorithms are: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-cbc
- * triple-des-cbc and none.
- *
- * @param[in] ctx libyang context
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its encryption algorithms will be replaced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of encryption algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_encryption_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...);
-
-/**
- * @brief Deletes an encryption algorithm from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the encryption algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_del_encryption_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for mac algorithms replacing any previous ones.
- *
- * Supported algorithms are: hmac-sha2-256, hmac-sha2-512 and hmac-sha1.
- *
- * @param[in] ctx libyang context
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its mac algorithms will be replaced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of mac algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_mac_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...);
-
-/**
- * @brief Deletes a mac algorithm from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the mac algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ssh_del_mac_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
+int nc_server_config_del_ssh_endpoint_client_ref(const char *endpt_name, struct lyd_node **config);
/**
* @} SSH Server Configuration
@@ -692,7 +493,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_tls_server_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *privkey_path,
+int nc_server_config_add_tls_server_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *privkey_path,
const char *pubkey_path, const char *certificate_path, struct lyd_node **config);
/**
@@ -702,31 +503,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_tls_del_server_certificate(const char *endpt_name, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a keystore reference to the TLS server's certificate.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] asym_key_ref Name of the asymmetric key pair in the keystore to be referenced.
- * @param[in] cert_ref Name of the certificate, which must belong to the given asymmetric key pair, to be referenced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_keystore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *asym_key_ref,
- const char *cert_ref, struct lyd_node **config);
-
-/**
- * @brief Deletes a TLS server certificate keystore reference from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_del_keystore_ref(const char *endpt_name, struct lyd_node **config);
+int nc_server_config_del_tls_server_cert(const char *endpt_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for a client's (end-entity) certificate.
@@ -741,7 +518,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_tls_client_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
+int nc_server_config_add_tls_client_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
const char *cert_path, struct lyd_node **config);
/**
@@ -753,30 +530,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_tls_del_client_certificate(const char *endpt_name, const char *cert_name, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a truststore reference to a set of client (end-entity) certificates.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
- const char *cert_bag_ref, struct lyd_node **config);
-
-/**
- * @brief Deletes a client (end-entity) certificates truststore reference from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_del_client_cert_truststore_ref(const char *endpt_name, struct lyd_node **config);
+int nc_server_config_del_tls_client_cert(const char *endpt_name, const char *cert_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for a client certificate authority (trust-anchor) certificate.
@@ -791,7 +545,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_tls_client_ca(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
+int nc_server_config_add_tls_ca_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
const char *cert_path, struct lyd_node **config);
/**
@@ -803,30 +557,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_tls_del_client_ca(const char *endpt_name, const char *cert_name, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a truststore reference to a set of client certificate authority (trust-anchor) certificates.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
- const char *cert_bag_ref, struct lyd_node **config);
-
-/**
- * @brief Deletes a client certificate authority (trust-anchor) certificates truststore reference from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_del_client_ca_truststore_ref(const char *endpt_name, struct lyd_node **config);
+int nc_server_config_del_tls_ca_cert(const char *endpt_name, const char *cert_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes, which will be a reference to another TLS endpoint's certificates.
@@ -843,7 +574,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_config_new_tls_endpoint_client_ref(const struct ly_ctx *ctx, const char *endpt_name,
+int nc_server_config_add_tls_endpoint_client_ref(const struct ly_ctx *ctx, const char *endpt_name,
const char *referenced_endpt, struct lyd_node **config);
/**
@@ -853,7 +584,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_config_new_tls_del_endpoint_client_ref(const char *endpt_name, struct lyd_node **config);
+int nc_server_config_del_tls_endpoint_client_ref(const char *endpt_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for a cert-to-name entry.
@@ -870,7 +601,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_tls_ctn(const struct ly_ctx *ctx, const char *endpt_name, uint32_t id, const char *fingerprint,
+int nc_server_config_add_tls_ctn(const struct ly_ctx *ctx, const char *endpt_name, uint32_t id, const char *fingerprint,
NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config);
/**
@@ -882,123 +613,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_tls_del_ctn(const char *endpt_name, uint32_t id, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a TLS version.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] tls_version TLS version to be used. Call this multiple times to set
- * the accepted versions of the TLS protocol and let the client and server negotiate
- * the given version.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_version(const struct ly_ctx *ctx, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config);
-
-/**
- * @brief Deletes a TLS version from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] tls_version TLS version to be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_del_version(const char *endpt_name, NC_TLS_VERSION tls_version, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a TLS cipher.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] cipher_count Number of following ciphers.
- * @param[in] ... TLS ciphers. These ciphers MUST be in the format as listed in the
- * iana-tls-cipher-suite-algs YANG model (lowercase and separated by dashes). Regardless
- * of the TLS protocol version used, all of these ciphers will be tried and some of them
- * might not be set (TLS handshake might fail then). For the list of supported ciphers see
- * the OpenSSL documentation.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_ciphers(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int cipher_count, ...);
-
-/**
- * @brief Deletes a TLS cipher from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] cipher TLS cipher to be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_del_cipher(const char *endpt_name, const char *cipher, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via a local file.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] crl_path Path to a DER/PEM encoded CRL file.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_crl_path(const struct ly_ctx *ctx, const char *endpt_name,
- const char *crl_path, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via an URL.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] crl_url URL from which the CRL file will be downloaded. The file has to be in the DER or PEM format.
- * The allowed protocols are all the protocols supported by CURL.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_crl_url(const struct ly_ctx *ctx, const char *endpt_name, const char *crl_url, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via certificate extensions.
- *
- * The chain of configured Certificate Authorities will be examined. For each certificate in this chain all the
- * CRLs from the URLs specified in their extension fields CRL Distribution Points will be downloaded and used.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config);
-
-/**
- * @brief Deletes all the CRL nodes from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_tls_del_crl(const char *endpt_name, struct lyd_node **config);
+int nc_server_config_del_tls_ctn(const char *endpt_name, uint32_t id, struct lyd_node **config);
/**
* @} TLS Server Configuration
@@ -1039,7 +654,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_address_port(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_address_port(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
NC_TRANSPORT_IMPL transport, const char *address, const char *port, struct lyd_node **config);
#endif /* NC_ENABLED_SSH_TLS */
@@ -1052,7 +667,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_del_ch_client(const char *client_name, struct lyd_node **config);
+int nc_server_config_del_ch_client(const char *client_name, struct lyd_node **config);
/**
* @brief Deletes a Call Home endpoint from the YANG data.
@@ -1063,7 +678,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_del_endpt(const char *client_name, const char *endpt_name, struct lyd_node **config);
+int nc_server_config_del_ch_endpt(const char *client_name, const char *endpt_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for the Call Home persistent connection type.
@@ -1077,7 +692,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_persistent(const struct ly_ctx *ctx, const char *client_name, struct lyd_node **config);
+int nc_server_config_add_ch_persistent(const struct ly_ctx *ctx, const char *client_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for the period parameter of the Call Home periodic connection type.
@@ -1092,7 +707,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_period(const struct ly_ctx *ctx, const char *client_name, uint16_t period,
+int nc_server_config_add_ch_period(const struct ly_ctx *ctx, const char *client_name, uint16_t period,
struct lyd_node **config);
/**
@@ -1104,7 +719,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_del_period(const char *client_name, struct lyd_node **config);
+int nc_server_config_del_ch_period(const char *client_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for the anchor time parameter of the Call Home periodic connection type.
@@ -1119,7 +734,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_anchor_time(const struct ly_ctx *ctx, const char *client_name,
+int nc_server_config_add_ch_anchor_time(const struct ly_ctx *ctx, const char *client_name,
const char *anchor_time, struct lyd_node **config);
/**
@@ -1129,7 +744,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_del_anchor_time(const char *client_name, struct lyd_node **config);
+int nc_server_config_del_ch_anchor_time(const char *client_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for the idle timeout parameter of the Call Home periodic connection type.
@@ -1144,7 +759,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_idle_timeout(const struct ly_ctx *ctx, const char *client_name,
+int nc_server_config_add_ch_idle_timeout(const struct ly_ctx *ctx, const char *client_name,
uint16_t idle_timeout, struct lyd_node **config);
/**
@@ -1156,7 +771,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_del_idle_timeout(const char *client_name, struct lyd_node **config);
+int nc_server_config_del_ch_idle_timeout(const char *client_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for the Call Home reconnect strategy.
@@ -1171,7 +786,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_reconnect_strategy(const struct ly_ctx *ctx, const char *client_name,
+int nc_server_config_add_ch_reconnect_strategy(const struct ly_ctx *ctx, const char *client_name,
NC_CH_START_WITH start_with, uint16_t max_wait, uint8_t max_attempts, struct lyd_node **config);
/**
@@ -1183,7 +798,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_del_reconnect_strategy(const char *client_name, struct lyd_node **config);
+int nc_server_config_del_ch_reconnect_strategy(const char *client_name, struct lyd_node **config);
/**
* @} Call Home Server Configuration Functions
@@ -1217,7 +832,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_hostkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_ssh_hostkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *hostkey_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config);
/**
@@ -1230,39 +845,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_del_hostkey(const char *client_name, const char *endpt_name,
- const char *hostkey_name, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG data nodes for a reference to an asymmetric key located in the keystore.
- *
- * This asymmetric key pair will be used as the Call Home SSH hostkey.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey.
- * If the endpoint's hostkey with this identifier already exists, its contents will be changed.
- * @param[in] keystore_reference Name of the asymmetric key pair to be referenced and used as a hostkey.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_keystore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *hostkey_name, const char *keystore_reference, struct lyd_node **config);
-
-/**
- * @brief Deletes a Call Home keystore reference from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] hostkey_name Identifier of an existing hostkey that belongs to the given CH endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_del_keystore_ref(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_ssh_hostkey(const char *client_name, const char *endpt_name,
const char *hostkey_name, struct lyd_node **config);
/**
@@ -1279,7 +862,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_auth_attempts(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_ssh_auth_attempts(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
uint16_t auth_attempts, struct lyd_node **config);
/**
@@ -1296,7 +879,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_auth_timeout(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_ssh_auth_timeout(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
uint16_t auth_timeout, struct lyd_node **config);
/**
@@ -1316,7 +899,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_user_pubkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_ssh_user_pubkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config);
/**
@@ -1330,7 +913,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_del_user_pubkey(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_ssh_user_pubkey(const char *client_name, const char *endpt_name,
const char *user_name, const char *pubkey_name, struct lyd_node **config);
/**
@@ -1348,7 +931,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_user_password(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_ssh_user_password(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *user_name, const char *password, struct lyd_node **config);
/**
@@ -1360,36 +943,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_del_user_password(const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home SSH user's none authentication method.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] user_name Arbitrary identifier of the endpoint's user.
- * If the endpoint's user with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_user_none(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config);
-
-/**
- * @brief Deletes a Call Home SSH user's none authentication method from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_del_user_none(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_ssh_user_password(const char *client_name, const char *endpt_name,
const char *user_name, struct lyd_node **config);
/**
@@ -1410,7 +964,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_user_interactive(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_ssh_user_interactive(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config);
/**
@@ -1422,7 +976,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_del_user_interactive(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_ssh_user_interactive(const char *client_name, const char *endpt_name,
const char *user_name, struct lyd_node **config);
/**
@@ -1434,174 +988,10 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_ssh_del_user(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_ssh_user(const char *client_name, const char *endpt_name,
const char *user_name, struct lyd_node **config);
/**
- * @brief Creates new YANG data nodes for a reference to a public key bag located in the truststore.
- *
- * The public key's located in the bag will be used for Call Home SSH client authentication.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] user_name Arbitrary identifier of the endpoint's user.
- * If the endpoint's user with this identifier already exists, its contents will be changed.
- * @param[in] truststore_reference Name of the public key bag to be referenced and used for authentication.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *user_name, const char *truststore_reference, struct lyd_node **config);
-
-/**
- * @brief Deletes a Call Home SSH truststore reference from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_del_truststore_ref(const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for Call Home host-key algorithms replacing any previous ones.
- *
- * Supported algorithms are: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
- * rsa-sha2-512, rsa-sha2-256, ssh-rsa and ssh-dss.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of host-key algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_host_key_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a Call Home hostkey algorithm from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the hostkey algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_del_host_key_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for Call Home key exchange algorithms replacing any previous ones.
- *
- * Supported algorithms are: diffie-hellman-group-exchange-sha1, curve25519-sha256, ecdh-sha2-nistp256,
- * ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512,
- * diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of key exchange algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a Call Home key exchange algorithm from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the key exchange algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_del_key_exchange_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for Call Home encryption algorithms replacing any previous ones.
- *
- * Supported algorithms are: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-cbc
- * triple-des-cbc and none.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of encryption algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_encryption_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a Call Home encryption algorithm from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the encryption algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_del_encryption_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for Call Home mac algorithms replacing any previous ones.
- *
- * Supported algorithms are: hmac-sha2-256, hmac-sha2-512 and hmac-sha1.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of mac algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_mac_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a Call Home mac algorithm from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the mac algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_ssh_del_mac_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config);
-
-/**
* @} SSH Call Home Server Configuration
*/
@@ -1629,7 +1019,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_tls_server_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_tls_server_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *privkey_path, const char *pubkey_path, const char *certificate_path, struct lyd_node **config);
/**
@@ -1640,35 +1030,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_tls_del_server_certificate(const char *client_name, const char *endpt_name,
- struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a keystore reference to the Call Home TLS server's certificate.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] asym_key_ref Name of the asymmetric key pair in the keystore to be referenced.
- * @param[in] cert_ref Name of the certificate, which must belong to the given asymmetric key pair, to be referenced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_keystore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *asym_key_ref, const char *cert_ref, struct lyd_node **config);
-
-/**
- * @brief Deletes a TLS server certificate keystore reference from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_del_keystore_ref(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_tls_server_cert(const char *client_name, const char *endpt_name,
struct lyd_node **config);
/**
@@ -1686,7 +1048,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_tls_client_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_tls_client_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *cert_name, const char *cert_path, struct lyd_node **config);
/**
@@ -1699,37 +1061,10 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_tls_del_client_certificate(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_tls_client_cert(const char *client_name, const char *endpt_name,
const char *cert_name, struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for a Call Home truststore reference to a set of client (end-entity) certificates.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config);
-
-/**
- * @brief Deletes a Call Home client (end-entity) certificates truststore reference from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_del_client_cert_truststore_ref(const char *client_name, const char *endpt_name,
- struct lyd_node **config);
-
-/**
* @brief Creates new YANG configuration data nodes for a client certificate authority (trust-anchor) certificate.
*
* @param[in] ctx libyang context.
@@ -1744,7 +1079,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_tls_client_ca(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_tls_ca_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *cert_name, const char *cert_path, struct lyd_node **config);
/**
@@ -1757,37 +1092,10 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_tls_del_client_ca(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_tls_ca_cert(const char *client_name, const char *endpt_name,
const char *cert_name, struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for a Call Home truststore reference to a set of client certificate authority (trust-anchor) certificates.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config);
-
-/**
- * @brief Deletes a Call Home client certificate authority (trust-anchor) certificates truststore reference from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_del_client_ca_truststore_ref(const char *client_name, const char *endpt_name,
- struct lyd_node **config);
-
-/**
* @brief Creates new YANG configuration data nodes for a Call Home cert-to-name entry.
*
* @param[in] ctx libyang context.
@@ -1804,7 +1112,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_tls_ctn(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_tls_ctn(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
uint32_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config);
/**
@@ -1817,142 +1125,10 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_new_ch_tls_del_ctn(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_tls_ctn(const char *client_name, const char *endpt_name,
uint32_t id, struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for a Call Home TLS version.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] tls_version TLS version to be used. Call this multiple times to set the accepted versions
- * of the TLS protocol and let the client and server negotiate the given version.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_version(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config);
-
-/**
- * @brief Deletes a TLS version from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
- * @param[in] tls_version TLS version to be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_del_version(const char *client_name, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home TLS cipher.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] cipher_count Number of following ciphers.
- * @param[in] ... TLS ciphers. These ciphers MUST be in the format as listed in the
- * iana-tls-cipher-suite-algs YANG model (lowercase and separated by dashes). Regardless
- * of the TLS protocol version used, all of these ciphers will be tried and some of them
- * might not be set (TLS handshake might fail then). For the list of supported ciphers see
- * the OpenSSL documentation.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_ciphers(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int cipher_count, ...);
-
-/**
- * @brief Deletes a Call Home TLS cipher from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
- * @param[in] cipher TLS cipher to be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_del_cipher(const char *client_name, const char *endpt_name,
- const char *cipher, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via a local file.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] crl_path Path to a DER/PEM encoded CRL file.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_crl_path(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *crl_path, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via an URL.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] crl_url URL from which the CRL file will be downloaded. The file has to be in the DER or PEM format.
- * The allowed protocols are all the protocols supported by CURL.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_crl_url(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *crl_url, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via certificate extensions.
- *
- * The chain of configured Certificate Authorities will be examined. For each certificate in this chain all the
- * CRLs from the URLs specified in their extension fields CRL Distribution Points will be downloaded and used.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config);
-
-/**
- * @brief Deletes all the CRL nodes from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_new_ch_tls_del_crl(const char *client_name, const char *endpt_name, struct lyd_node **config);
-
-/**
* @} TLS Call Home Server Configuration
*/
diff --git a/src/config_new.c b/src/server_config_util.c
similarity index 79%
rename from src/config_new.c
rename to src/server_config_util.c
index 2a95755..cf19e01 100644
--- a/src/config_new.c
+++ b/src/server_config_util.c
@@ -1,7 +1,7 @@
/**
- * @file config_new.c
+ * @file server_config_util.c
* @author Roman Janota <janota@cesnet.cz>
- * @brief libnetconf2 server new configuration creation functions
+ * @brief libnetconf2 server configuration utilities
*
* @copyright
* Copyright (c) 2023 CESNET, z.s.p.o.
@@ -15,6 +15,8 @@
#define _GNU_SOURCE
+#include "server_config_util.h"
+
#include <libyang/libyang.h>
#include <stdarg.h>
#include <stdio.h>
@@ -29,13 +31,13 @@
#endif /* NC_ENABLED_SSH_TLS */
#include "compat.h"
-#include "config_new.h"
#include "log_p.h"
+#include "server_config.h"
#include "session.h"
#include "session_p.h"
int
-nc_config_new_create(const struct ly_ctx *ctx, struct lyd_node **tree, const char *value, const char *path_fmt, ...)
+nc_server_config_create(const struct ly_ctx *ctx, struct lyd_node **tree, const char *value, const char *path_fmt, ...)
{
int ret = 0;
va_list ap;
@@ -83,7 +85,7 @@
}
int
-nc_config_new_create_append(const struct ly_ctx *ctx, const char *parent_path, const char *child_name,
+nc_server_config_append(const struct ly_ctx *ctx, const char *parent_path, const char *child_name,
const char *value, struct lyd_node **tree)
{
int ret = 0;
@@ -128,7 +130,7 @@
}
int
-nc_config_new_delete(struct lyd_node **tree, const char *path_fmt, ...)
+nc_server_config_delete(struct lyd_node **tree, const char *path_fmt, ...)
{
int ret = 0;
va_list ap;
@@ -174,7 +176,7 @@
}
int
-nc_config_new_check_delete(struct lyd_node **tree, const char *path_fmt, ...)
+nc_server_config_check_delete(struct lyd_node **tree, const char *path_fmt, ...)
{
int ret = 0;
va_list ap;
@@ -220,7 +222,7 @@
#ifdef NC_ENABLED_SSH_TLS
const char *
-nc_config_new_privkey_format_to_identityref(NC_PRIVKEY_FORMAT format)
+nc_server_config_util_privkey_format_to_identityref(NC_PRIVKEY_FORMAT format)
{
switch (format) {
case NC_PRIVKEY_FORMAT_RSA:
@@ -238,7 +240,7 @@
}
static int
-nc_server_config_new_pubkey_bin_to_b64(const unsigned char *pub_bin, int bin_len, char **pubkey)
+nc_server_config_util_pubkey_bin_to_b64(const unsigned char *pub_bin, int bin_len, char **pubkey)
{
int ret = 0, b64_len;
char *pub_b64 = NULL;
@@ -273,7 +275,7 @@
}
static int
-nc_server_config_new_bn_to_bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
+nc_server_config_util_bn_to_bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
{
int ret = 0;
unsigned char *bin_tmp = NULL;
@@ -322,7 +324,7 @@
/* ssh pubkey defined in RFC 4253 section 6.6 */
static int
-nc_server_config_new_evp_pkey_to_ssh_pubkey(EVP_PKEY *pkey, char **pubkey)
+nc_server_config_util_evp_pkey_to_ssh_pubkey(EVP_PKEY *pkey, char **pubkey)
{
int ret = 0, e_len, n_len, p_len, bin_len;
BIGNUM *e = NULL, *n = NULL, *p = NULL;
@@ -346,7 +348,7 @@
}
/* BIGNUM to bin */
- if (nc_server_config_new_bn_to_bin(e, &e_bin, &e_len) || nc_server_config_new_bn_to_bin(n, &n_bin, &n_len)) {
+ if (nc_server_config_util_bn_to_bin(e, &e_bin, &e_len) || nc_server_config_util_bn_to_bin(n, &n_bin, &n_len)) {
ret = 1;
goto cleanup;
}
@@ -480,7 +482,7 @@
}
/* convert created bin to b64 */
- ret = nc_server_config_new_pubkey_bin_to_b64(bin, bin_len, pubkey);
+ ret = nc_server_config_util_pubkey_bin_to_b64(bin, bin_len, pubkey);
if (ret) {
ERR(NULL, "Converting public key from binary to base64 failed.");
goto cleanup;
@@ -500,7 +502,7 @@
/* spki = subject public key info */
static int
-nc_server_config_new_evp_pkey_to_spki_pubkey(EVP_PKEY *pkey, char **pubkey)
+nc_server_config_util_evp_pkey_to_spki_pubkey(EVP_PKEY *pkey, char **pubkey)
{
int ret = 0, len;
BIO *bio = NULL;
@@ -545,7 +547,7 @@
}
int
-nc_server_config_new_read_certificate(const char *cert_path, char **cert)
+nc_server_config_util_read_certificate(const char *cert_path, char **cert)
{
int ret = 0, cert_len;
X509 *x509 = NULL;
@@ -630,7 +632,7 @@
}
static int
-nc_server_config_new_read_pubkey_ssh2(FILE *f, char **pubkey)
+nc_server_config_util_read_pubkey_ssh2(FILE *f, char **pubkey)
{
char *buffer = NULL;
size_t size = 0, pubkey_len = 0;
@@ -683,7 +685,7 @@
}
static int
-nc_server_config_new_read_pubkey_openssl(FILE *f, char **pubkey)
+nc_server_config_util_read_pubkey_openssl(FILE *f, char **pubkey)
{
int ret = 0;
EVP_PKEY *pub_pkey = NULL;
@@ -697,14 +699,14 @@
return 1;
}
- ret = nc_server_config_new_evp_pkey_to_ssh_pubkey(pub_pkey, pubkey);
+ ret = nc_server_config_util_evp_pkey_to_ssh_pubkey(pub_pkey, pubkey);
EVP_PKEY_free(pub_pkey);
return ret;
}
static int
-nc_server_config_new_read_pubkey_libssh(const char *pubkey_path, char **pubkey)
+nc_server_config_util_read_pubkey_libssh(const char *pubkey_path, char **pubkey)
{
int ret = 0;
ssh_key pub_sshkey = NULL;
@@ -729,7 +731,7 @@
}
int
-nc_server_config_new_get_ssh_pubkey_file(const char *pubkey_path, char **pubkey)
+nc_server_config_util_get_ssh_pubkey_file(const char *pubkey_path, char **pubkey)
{
int ret = 0;
FILE *f = NULL;
@@ -757,13 +759,13 @@
if (!strncmp(header, NC_SUBJECT_PUBKEY_INFO_HEADER, strlen(NC_SUBJECT_PUBKEY_INFO_HEADER))) {
/* it's subject public key info public key */
- ret = nc_server_config_new_read_pubkey_openssl(f, pubkey);
+ ret = nc_server_config_util_read_pubkey_openssl(f, pubkey);
} else if (!strncmp(header, NC_SSH2_PUBKEY_HEADER, strlen(NC_SSH2_PUBKEY_HEADER))) {
/* it's ssh2 public key */
- ret = nc_server_config_new_read_pubkey_ssh2(f, pubkey);
+ ret = nc_server_config_util_read_pubkey_ssh2(f, pubkey);
} else {
/* it's probably OpenSSH public key */
- ret = nc_server_config_new_read_pubkey_libssh(pubkey_path, pubkey);
+ ret = nc_server_config_util_read_pubkey_libssh(pubkey_path, pubkey);
}
if (ret) {
ERR(NULL, "Error getting public key from file \"%s\".", pubkey_path);
@@ -780,7 +782,7 @@
}
int
-nc_server_config_new_get_spki_pubkey_file(const char *pubkey_path, char **pubkey)
+nc_server_config_util_get_spki_pubkey_file(const char *pubkey_path, char **pubkey)
{
int ret = 0;
FILE *f = NULL;
@@ -804,7 +806,7 @@
return 1;
}
- ret = nc_server_config_new_evp_pkey_to_spki_pubkey(pub_pkey, pubkey);
+ ret = nc_server_config_util_evp_pkey_to_spki_pubkey(pub_pkey, pubkey);
if (ret) {
goto cleanup;
}
@@ -819,7 +821,7 @@
}
static int
-nc_server_config_new_privkey_header_to_format(FILE *f_privkey, const char *privkey_path, NC_PRIVKEY_FORMAT *privkey_format)
+nc_server_config_util_privkey_header_to_format(FILE *f_privkey, const char *privkey_path, NC_PRIVKEY_FORMAT *privkey_format)
{
char *privkey_header = NULL;
size_t len = 0;
@@ -857,7 +859,7 @@
}
static int
-nc_server_config_new_get_privkey_openssl(const char *privkey_path, FILE *f_privkey, char **privkey, EVP_PKEY **pkey)
+nc_server_config_util_get_privkey_openssl(const char *privkey_path, FILE *f_privkey, char **privkey, EVP_PKEY **pkey)
{
int ret = 0, len;
BIO *bio = NULL;
@@ -909,7 +911,7 @@
}
static int
-nc_server_config_new_get_privkey_libssh(const char *privkey_path, char **privkey, EVP_PKEY **pkey)
+nc_server_config_util_get_privkey_libssh(const char *privkey_path, char **privkey, EVP_PKEY **pkey)
{
int ret = 0;
BIO *bio = NULL;
@@ -971,7 +973,7 @@
}
static int
-nc_server_config_new_get_privkey(const char *privkey_path, NC_PRIVKEY_FORMAT *privkey_format, char **privkey, EVP_PKEY **pkey)
+nc_server_config_util_get_privkey(const char *privkey_path, NC_PRIVKEY_FORMAT *privkey_format, char **privkey, EVP_PKEY **pkey)
{
int ret = 0;
FILE *f_privkey = NULL;
@@ -987,7 +989,7 @@
}
/* read the first line from the privkey to determine it's type */
- ret = nc_server_config_new_privkey_header_to_format(f_privkey, privkey_path, privkey_format);
+ ret = nc_server_config_util_privkey_header_to_format(f_privkey, privkey_path, privkey_format);
if (ret) {
ERR(NULL, "Getting private key format from file \"%s\" failed.", privkey_path);
goto cleanup;
@@ -999,11 +1001,11 @@
case NC_PRIVKEY_FORMAT_EC:
case NC_PRIVKEY_FORMAT_X509:
/* OpenSSL solely can do this */
- ret = nc_server_config_new_get_privkey_openssl(privkey_path, f_privkey, &priv, pkey);
+ ret = nc_server_config_util_get_privkey_openssl(privkey_path, f_privkey, &priv, pkey);
break;
case NC_PRIVKEY_FORMAT_OPENSSH:
/* need the help of libssh */
- ret = nc_server_config_new_get_privkey_libssh(privkey_path, &priv, pkey);
+ ret = nc_server_config_util_get_privkey_libssh(privkey_path, &priv, pkey);
/* if the function returned successfully, the key is no longer OpenSSH, it was converted to x509 */
*privkey_format = NC_PRIVKEY_FORMAT_X509;
break;
@@ -1035,7 +1037,7 @@
}
int
-nc_server_config_new_get_asym_key_pair(const char *privkey_path, const char *pubkey_path, NC_PUBKEY_FORMAT wanted_pubkey_format,
+nc_server_config_util_get_asym_key_pair(const char *privkey_path, const char *pubkey_path, NC_PUBKEY_FORMAT wanted_pubkey_format,
char **privkey, NC_PRIVKEY_FORMAT *privkey_type, char **pubkey)
{
int ret = 0;
@@ -1047,7 +1049,7 @@
*pubkey = NULL;
/* get private key base64 and EVP_PKEY */
- ret = nc_server_config_new_get_privkey(privkey_path, privkey_type, privkey, &priv_pkey);
+ ret = nc_server_config_util_get_privkey(privkey_path, privkey_type, privkey, &priv_pkey);
if (ret) {
ERR(NULL, "Getting private key from file \"%s\" failed.", privkey_path);
goto cleanup;
@@ -1056,15 +1058,15 @@
/* get public key, either from file or generate it from the EVP_PKEY */
if (!pubkey_path) {
if (wanted_pubkey_format == NC_PUBKEY_FORMAT_SSH) {
- ret = nc_server_config_new_evp_pkey_to_ssh_pubkey(priv_pkey, pubkey);
+ ret = nc_server_config_util_evp_pkey_to_ssh_pubkey(priv_pkey, pubkey);
} else {
- ret = nc_server_config_new_evp_pkey_to_spki_pubkey(priv_pkey, pubkey);
+ ret = nc_server_config_util_evp_pkey_to_spki_pubkey(priv_pkey, pubkey);
}
} else {
if (wanted_pubkey_format == NC_PUBKEY_FORMAT_SSH) {
- ret = nc_server_config_new_get_ssh_pubkey_file(pubkey_path, pubkey);
+ ret = nc_server_config_util_get_ssh_pubkey_file(pubkey_path, pubkey);
} else {
- ret = nc_server_config_new_get_spki_pubkey_file(pubkey_path, pubkey);
+ ret = nc_server_config_util_get_spki_pubkey_file(pubkey_path, pubkey);
}
}
if (ret) {
@@ -1082,7 +1084,7 @@
}
API int
-nc_server_config_new_address_port(const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport,
+nc_server_config_add_address_port(const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport,
const char *address, uint16_t port, struct lyd_node **config)
{
int ret = 0;
@@ -1105,13 +1107,13 @@
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, address, address_fmt, endpt_name);
+ ret = nc_server_config_create(ctx, config, address, address_fmt, endpt_name);
if (ret) {
goto cleanup;
}
sprintf(port_buf, "%d", port);
- ret = nc_config_new_create(ctx, config, port_buf, port_fmt, endpt_name);
+ ret = nc_server_config_create(ctx, config, port_buf, port_fmt, endpt_name);
if (ret) {
goto cleanup;
}
@@ -1121,7 +1123,7 @@
}
API int
-nc_server_config_new_ch_address_port(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+nc_server_config_add_ch_address_port(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
NC_TRANSPORT_IMPL transport, const char *address, const char *port, struct lyd_node **config)
{
int ret = 0;
@@ -1143,12 +1145,12 @@
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, address, address_fmt, client_name, endpt_name);
+ ret = nc_server_config_create(ctx, config, address, address_fmt, client_name, endpt_name);
if (ret) {
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, port, port_fmt, client_name, endpt_name);
+ ret = nc_server_config_create(ctx, config, port, port_fmt, client_name, endpt_name);
if (ret) {
goto cleanup;
}
@@ -1158,45 +1160,45 @@
}
API int
-nc_server_config_new_del_endpt(const char *endpt_name, struct lyd_node **config)
+nc_server_config_del_endpt(const char *endpt_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, config, 1);
if (endpt_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']", endpt_name);
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']", endpt_name);
} else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint");
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint");
}
}
API int
-nc_server_config_new_ch_del_ch_client(const char *ch_client_name, struct lyd_node **config)
+nc_server_config_del_ch_client(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, config, 1);
if (ch_client_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']", ch_client_name);
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']", ch_client_name);
} else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client");
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client");
}
}
API int
-nc_server_config_new_ch_del_endpt(const char *client_name, const char *endpt_name, struct lyd_node **config)
+nc_server_config_del_ch_endpt(const char *client_name, const char *endpt_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, client_name, config, 1);
if (endpt_name) {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
"endpoints/endpoint[name='%s']", client_name, endpt_name);
} else {
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
"endpoints/endpoint", client_name);
}
}
API int
-nc_server_config_new_keystore_asym_key(const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti, const char *asym_key_name,
+nc_server_config_add_keystore_asym_key(const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti, const char *asym_key_name,
const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
{
int ret = 0;
@@ -1208,9 +1210,9 @@
/* get the keys as a string from the given files */
if (ti == NC_TI_LIBSSH) {
- ret = nc_server_config_new_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_SSH, &privkey, &privkey_type, &pubkey);
+ ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_SSH, &privkey, &privkey_type, &pubkey);
} else if (ti == NC_TI_OPENSSL) {
- ret = nc_server_config_new_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_X509, &privkey, &privkey_type, &pubkey);
+ ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_X509, &privkey, &privkey_type, &pubkey);
} else {
ERR(NULL, "Only SSH and TLS transports can be used to create an asymmetric key pair in the keystore.");
ret = 1;
@@ -1229,31 +1231,31 @@
}
/* get privkey identityref value */
- privkey_format = nc_config_new_privkey_format_to_identityref(privkey_type);
+ privkey_format = nc_server_config_util_privkey_format_to_identityref(privkey_type);
if (!privkey_format) {
ret = 1;
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, pubkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
+ ret = nc_server_config_create(ctx, config, pubkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/public-key-format", asym_key_name);
if (ret) {
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, pubkey, "/ietf-keystore:keystore/asymmetric-keys/"
+ ret = nc_server_config_create(ctx, config, pubkey, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/public-key", asym_key_name);
if (ret) {
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, privkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
+ ret = nc_server_config_create(ctx, config, privkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/private-key-format", asym_key_name);
if (ret) {
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, privkey, "/ietf-keystore:keystore/asymmetric-keys/"
+ ret = nc_server_config_create(ctx, config, privkey, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/cleartext-private-key", asym_key_name);
if (ret) {
goto cleanup;
@@ -1266,19 +1268,19 @@
}
API int
-nc_server_config_new_del_keystore_asym_key(const char *asym_key_name, struct lyd_node **config)
+nc_server_config_del_keystore_asym_key(const char *asym_key_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, config, 1);
if (asym_key_name) {
- return nc_config_new_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']", asym_key_name);
+ return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']", asym_key_name);
} else {
- return nc_config_new_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key");
+ return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key");
}
}
API int
-nc_server_config_new_keystore_cert(const struct ly_ctx *ctx, const char *asym_key_name, const char *cert_name,
+nc_server_config_add_keystore_cert(const struct ly_ctx *ctx, const char *asym_key_name, const char *cert_name,
const char *cert_path, struct lyd_node **config)
{
int ret = 0;
@@ -1287,12 +1289,12 @@
NC_CHECK_ARG_RET(NULL, ctx, asym_key_name, cert_name, cert_path, config, 1);
/* get cert data */
- ret = nc_server_config_new_read_certificate(cert_path, &cert);
+ ret = nc_server_config_util_read_certificate(cert_path, &cert);
if (ret) {
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, cert, "/ietf-keystore:keystore/asymmetric-keys/"
+ ret = nc_server_config_create(ctx, config, cert, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/certificates/certificate[name='%s']/cert-data", asym_key_name, cert_name);
cleanup:
@@ -1301,22 +1303,22 @@
}
API int
-nc_server_config_new_del_keystore_cert(const char *asym_key_name, const char *cert_name, struct lyd_node **config)
+nc_server_config_del_keystore_cert(const char *asym_key_name, const char *cert_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, asym_key_name, config, 1);
if (cert_name) {
- return nc_config_new_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/"
+ return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/"
"certificates/certificate[name='%s']", asym_key_name, cert_name);
} else {
- return nc_config_new_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/"
+ return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/"
"certificates/certificate", asym_key_name);
}
}
API int
-nc_server_config_new_truststore_pubkey(const struct ly_ctx *ctx, const char *pub_bag_name, const char *pubkey_name,
- const char *pubkey_path, struct lyd_node **config)
+nc_server_config_add_truststore_pubkey(const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti, const char *pub_bag_name,
+ const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
{
int ret = 0;
char *pubkey = NULL;
@@ -1324,18 +1326,26 @@
NC_CHECK_ARG_RET(NULL, ctx, pub_bag_name, pubkey_name, pubkey_path, config, 1);
- ret = nc_server_config_new_get_ssh_pubkey_file(pubkey_path, &pubkey);
+ if (ti == NC_TI_LIBSSH) {
+ ret = nc_server_config_util_get_ssh_pubkey_file(pubkey_path, &pubkey);
+ } else if (ti == NC_TI_OPENSSL) {
+ ret = nc_server_config_util_get_spki_pubkey_file(pubkey_path, &pubkey);
+ } else {
+ ERR(NULL, "Public key in the truststore can only be created for SSH or TLS transports.");
+ ret = 1;
+ goto cleanup;
+ }
if (ret) {
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, pubkey_format, "/ietf-truststore:truststore/public-key-bags/"
+ ret = nc_server_config_create(ctx, config, pubkey_format, "/ietf-truststore:truststore/public-key-bags/"
"public-key-bag[name='%s']/public-key[name='%s']/public-key-format", pub_bag_name, pubkey_name);
if (ret) {
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, pubkey, "/ietf-truststore:truststore/public-key-bags/"
+ ret = nc_server_config_create(ctx, config, pubkey, "/ietf-truststore:truststore/public-key-bags/"
"public-key-bag[name='%s']/public-key[name='%s']/public-key", pub_bag_name, pubkey_name);
if (ret) {
goto cleanup;
@@ -1347,22 +1357,22 @@
}
API int
-nc_server_config_new_del_truststore_pubkey(const char *pub_bag_name,
+nc_server_config_del_truststore_pubkey(const char *pub_bag_name,
const char *pubkey_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, pub_bag_name, config, 1);
if (pubkey_name) {
- return nc_config_new_delete(config, "/ietf-truststore:truststore/public-key-bags/"
+ return nc_server_config_delete(config, "/ietf-truststore:truststore/public-key-bags/"
"public-key-bag[name='%s']/public-key[name='%s']", pub_bag_name, pubkey_name);
} else {
- return nc_config_new_delete(config, "/ietf-truststore:truststore/public-key-bags/"
+ return nc_server_config_delete(config, "/ietf-truststore:truststore/public-key-bags/"
"public-key-bag[name='%s']/public-key", pub_bag_name);
}
}
API int
-nc_server_config_new_truststore_cert(const struct ly_ctx *ctx, const char *cert_bag_name, const char *cert_name,
+nc_server_config_add_truststore_cert(const struct ly_ctx *ctx, const char *cert_bag_name, const char *cert_name,
const char *cert_path, struct lyd_node **config)
{
int ret = 0;
@@ -1370,12 +1380,12 @@
NC_CHECK_ARG_RET(NULL, ctx, cert_bag_name, cert_name, cert_path, config, 1);
- ret = nc_server_config_new_read_certificate(cert_path, &cert);
+ ret = nc_server_config_util_read_certificate(cert_path, &cert);
if (ret) {
goto cleanup;
}
- ret = nc_config_new_create(ctx, config, cert, "/ietf-truststore:truststore/certificate-bags/"
+ ret = nc_server_config_create(ctx, config, cert, "/ietf-truststore:truststore/certificate-bags/"
"certificate-bag[name='%s']/certificate[name='%s']/cert-data", cert_bag_name, cert_name);
if (ret) {
goto cleanup;
@@ -1387,16 +1397,16 @@
}
API int
-nc_server_config_new_del_truststore_cert(const char *cert_bag_name,
+nc_server_config_del_truststore_cert(const char *cert_bag_name,
const char *cert_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, cert_bag_name, config, 1);
if (cert_name) {
- return nc_config_new_delete(config, "/ietf-truststore:truststore/certificate-bags/"
+ return nc_server_config_delete(config, "/ietf-truststore:truststore/certificate-bags/"
"certificate-bag[name='%s']/certificate[name='%s']", cert_bag_name, cert_name);
} else {
- return nc_config_new_delete(config, "/ietf-truststore:truststore/certificate-bags/"
+ return nc_server_config_delete(config, "/ietf-truststore:truststore/certificate-bags/"
"certificate-bag[name='%s']/certificate", cert_bag_name);
}
}
@@ -1404,7 +1414,7 @@
#endif /* NC_ENABLED_SSH_TLS */
API int
-nc_server_config_new_unix_socket(const struct ly_ctx *ctx, const char *endpt_name, const char *path,
+nc_server_config_add_unix_socket(const struct ly_ctx *ctx, const char *endpt_name, const char *path,
mode_t mode, uid_t uid, gid_t gid, struct lyd_node **config)
{
int ret = 0;
@@ -1421,7 +1431,7 @@
}
/* path to unix socket */
- ret = nc_config_new_create_append(ctx, tree_path, "path", path, config);
+ ret = nc_server_config_append(ctx, tree_path, "path", path, config);
if (ret) {
goto cleanup;
}
@@ -1435,7 +1445,7 @@
}
sprintf(buf, "%o", mode);
- ret = nc_config_new_create_append(ctx, tree_path, "mode", buf, config);
+ ret = nc_server_config_append(ctx, tree_path, "mode", buf, config);
if (ret) {
goto cleanup;
}
@@ -1445,7 +1455,7 @@
if (uid != (uid_t)-1) {
memset(buf, 0, 12);
sprintf(buf, "%u", uid);
- ret = nc_config_new_create_append(ctx, tree_path, "uid", buf, config);
+ ret = nc_server_config_append(ctx, tree_path, "uid", buf, config);
if (ret) {
goto cleanup;
}
@@ -1455,7 +1465,7 @@
if (gid != (gid_t)-1) {
memset(buf, 0, 12);
sprintf(buf, "%u", gid);
- ret = nc_config_new_create_append(ctx, tree_path, "gid", buf, config);
+ ret = nc_server_config_append(ctx, tree_path, "gid", buf, config);
if (ret) {
goto cleanup;
}
@@ -1467,22 +1477,22 @@
}
API int
-nc_server_config_new_ch_persistent(const struct ly_ctx *ctx, const char *ch_client_name, struct lyd_node **config)
+nc_server_config_add_ch_persistent(const struct ly_ctx *ctx, const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
/* delete periodic tree if exists */
- if (nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic", ch_client_name)) {
return 1;
}
- return nc_config_new_create(ctx, config, NULL, "/ietf-netconf-server:netconf-server/call-home/"
+ return nc_server_config_create(ctx, config, NULL, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/persistent", ch_client_name);
}
API int
-nc_server_config_new_ch_period(const struct ly_ctx *ctx, const char *ch_client_name, uint16_t period,
+nc_server_config_add_ch_period(const struct ly_ctx *ctx, const char *ch_client_name, uint16_t period,
struct lyd_node **config)
{
char buf[6] = {0};
@@ -1490,52 +1500,52 @@
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
/* delete persistent tree if exists */
- if (nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/persistent", ch_client_name)) {
return 1;
}
sprintf(buf, "%u", period);
- return nc_config_new_create(ctx, config, buf, "/ietf-netconf-server:netconf-server/call-home/"
+ return nc_server_config_create(ctx, config, buf, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/period", ch_client_name);
}
API int
-nc_server_config_new_ch_del_period(const char *ch_client_name, struct lyd_node **config)
+nc_server_config_del_ch_period(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/period", ch_client_name);
}
API int
-nc_server_config_new_ch_anchor_time(const struct ly_ctx *ctx, const char *ch_client_name,
+nc_server_config_add_ch_anchor_time(const struct ly_ctx *ctx, const char *ch_client_name,
const char *anchor_time, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, anchor_time, config, 1);
/* delete persistent tree if exists */
- if (nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/persistent", ch_client_name)) {
return 1;
}
- return nc_config_new_create(ctx, config, anchor_time, "/ietf-netconf-server:netconf-server/call-home/"
+ return nc_server_config_create(ctx, config, anchor_time, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/anchor-time", ch_client_name);
}
API int
-nc_server_config_new_ch_del_anchor_time(const char *ch_client_name, struct lyd_node **config)
+nc_server_config_del_ch_anchor_time(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/anchor-time", ch_client_name);
}
API int
-nc_server_config_new_ch_idle_timeout(const struct ly_ctx *ctx, const char *ch_client_name,
+nc_server_config_add_ch_idle_timeout(const struct ly_ctx *ctx, const char *ch_client_name,
uint16_t idle_timeout, struct lyd_node **config)
{
char buf[6] = {0};
@@ -1543,27 +1553,27 @@
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
/* delete persistent tree if exists */
- if (nc_config_new_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/persistent", ch_client_name)) {
return 1;
}
sprintf(buf, "%u", idle_timeout);
- return nc_config_new_create(ctx, config, buf, "/ietf-netconf-server:netconf-server/call-home/"
+ return nc_server_config_create(ctx, config, buf, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/idle-timeout", ch_client_name);
}
API int
-nc_server_config_new_ch_del_idle_timeout(const char *ch_client_name, struct lyd_node **config)
+nc_server_config_del_ch_idle_timeout(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/idle-timeout", ch_client_name);
}
API int
-nc_server_config_new_ch_reconnect_strategy(const struct ly_ctx *ctx, const char *ch_client_name,
+nc_server_config_add_ch_reconnect_strategy(const struct ly_ctx *ctx, const char *ch_client_name,
NC_CH_START_WITH start_with, uint16_t max_wait, uint8_t max_attempts, struct lyd_node **config)
{
int ret = 0;
@@ -1592,7 +1602,7 @@
start_with_val = "random-selection";
}
- ret = nc_config_new_create_append(ctx, path, "start-with", start_with_val, config);
+ ret = nc_server_config_append(ctx, path, "start-with", start_with_val, config);
if (ret) {
goto cleanup;
}
@@ -1600,7 +1610,7 @@
if (max_attempts) {
sprintf(buf, "%u", max_attempts);
- ret = nc_config_new_create_append(ctx, path, "max-attempts", buf, config);
+ ret = nc_server_config_append(ctx, path, "max-attempts", buf, config);
if (ret) {
goto cleanup;
}
@@ -1609,7 +1619,7 @@
if (max_wait) {
sprintf(buf, "%u", max_wait);
- ret = nc_config_new_create_append(ctx, path, "max-wait", buf, config);
+ ret = nc_server_config_append(ctx, path, "max-wait", buf, config);
if (ret) {
goto cleanup;
}
@@ -1621,10 +1631,10 @@
}
API int
-nc_server_config_new_ch_del_reconnect_strategy(const char *ch_client_name, struct lyd_node **config)
+nc_server_config_del_ch_reconnect_strategy(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
- return nc_config_new_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/reconnect-strategy", ch_client_name);
}
diff --git a/src/config_new.h b/src/server_config_util.h
similarity index 65%
rename from src/config_new.h
rename to src/server_config_util.h
index 3fae017..6048fc4 100644
--- a/src/config_new.h
+++ b/src/server_config_util.h
@@ -1,7 +1,7 @@
/**
- * @file config_new.h
+ * @file server_config_util.h
* @author Roman Janota <janota@cesnet.cz>
- * @brief libnetconf2 server new configuration creation header
+ * @brief libnetconf2 server configuration utlities header
*
* @copyright
* Copyright (c) 2023 CESNET, z.s.p.o.
@@ -13,18 +13,13 @@
* https://opensource.org/licenses/BSD-3-Clause
*/
-#ifndef NC_CONFIG_NEW_H_
-#define NC_CONFIG_NEW_H_
+#ifndef NC_SERVER_CONFIG_UTIL_H_
+#define NC_SERVER_CONFIG_UTIL_H_
#include <libyang/libyang.h>
-#include <stdarg.h>
#include "session_p.h"
-#ifdef __cplusplus
-extern "C" {
-#endif
-
#ifdef NC_ENABLED_SSH_TLS
/* private key's pkcs8 header */
@@ -73,14 +68,48 @@
NC_ALG_MAC
} NC_ALG_TYPE;
-int nc_server_config_new_get_asym_key_pair(const char *privkey_path, const char *pubkey_path, NC_PUBKEY_FORMAT wanted_pubkey_type,
+/**
+ * @brief Gets asymmetric key pair from private key (and optionally public key) file(s).
+ *
+ * @param[in] privkey_path Path to private key.
+ * @param[in] pubkey_path Optional path to public key. If not set, PK will be generated from private key.
+ * @param[in] wanted_pubkey_type Wanted public key format to be generated (SPKI/SSH)
+ * @param[out] privkey Base64 encoded private key.
+ * @param[out] privkey_type Type of the private key. (RSA, EC, etc)
+ * @param[out] pubkey Base64 encoded public key.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_util_get_asym_key_pair(const char *privkey_path, const char *pubkey_path, NC_PUBKEY_FORMAT wanted_pubkey_type,
char **privkey, NC_PRIVKEY_FORMAT *privkey_type, char **pubkey);
-int nc_server_config_new_get_ssh_pubkey_file(const char *pubkey_path, char **pubkey);
+/**
+ * @brief Gets public key from a file and converts it to the SSH format if need be.
+ *
+ * @param[in] pubkey_path Path to the public key.
+ * @param[out] pubkey Base64 encoded public key.
+ *
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_util_get_ssh_pubkey_file(const char *pubkey_path, char **pubkey);
-int nc_server_config_new_read_certificate(const char *cert_path, char **cert);
+/**
+ * @brief Gets a certificate from a file.
+ *
+ * @param[in] cert_path Path to the certificate.
+ * @param[out] cert Base64 PEM encoded certificate data.
+ *
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_util_read_certificate(const char *cert_path, char **cert);
-const char * nc_config_new_privkey_format_to_identityref(NC_PRIVKEY_FORMAT format);
+/**
+ * @brief Converts private key format to its associated identityref value.
+ *
+ * @param[in] format Private key format.
+ *
+ * @return Identityref on success, NULL on failure.
+ */
+const char *nc_server_config_util_privkey_format_to_identityref(NC_PRIVKEY_FORMAT format);
#endif /* NC_ENABLED_SSH_TLS */
@@ -95,7 +124,7 @@
* @param[in] ... Parameters for the path format, essentially representing the lists' keys.
* @return 0 on success, 1 otherwise.
*/
-int nc_config_new_create(const struct ly_ctx *ctx, struct lyd_node **tree, const char *value, const char *path_fmt, ...);
+int nc_server_config_create(const struct ly_ctx *ctx, struct lyd_node **tree, const char *value, const char *path_fmt, ...);
/**
* @brief Creates a YANG data node by appending it to a specified parent node.
@@ -108,7 +137,7 @@
* this is set to the top level container.
* @return 0 on success, 1 otherwise.
*/
-int nc_config_new_create_append(const struct ly_ctx *ctx, const char *parent_path, const char *child_name,
+int nc_server_config_append(const struct ly_ctx *ctx, const char *parent_path, const char *child_name,
const char *value, struct lyd_node **tree);
/**
@@ -119,7 +148,7 @@
* @param[in] ... Parameters for the path format, essentially representing the lists' keys.
* @return 0 on success, non-zero otherwise.
*/
-int nc_config_new_delete(struct lyd_node **tree, const char *path_fmt, ...);
+int nc_server_config_delete(struct lyd_node **tree, const char *path_fmt, ...);
/**
* @brief Deletes a subtree from the YANG data, but doesn't return an error if the node doesn't exist.
@@ -129,10 +158,6 @@
* @param[in] ... Parameters for the path format, essentially representing the lists' keys.
* @return 0 on success, non-zero otherwise.
*/
-int nc_config_new_check_delete(struct lyd_node **tree, const char *path_fmt, ...);
-
-#ifdef __cplusplus
-}
-#endif
+int nc_server_config_check_delete(struct lyd_node **tree, const char *path_fmt, ...);
#endif /* NC_CONFIG_NEW_H_ */
diff --git a/src/server_config_util_ssh.c b/src/server_config_util_ssh.c
new file mode 100644
index 0000000..64b56ab
--- /dev/null
+++ b/src/server_config_util_ssh.c
@@ -0,0 +1,691 @@
+/**
+ * @file server_config_util_ssh.c
+ * @author Roman Janota <janota@cesnet.cz>
+ * @brief libnetconf2 server SSH configuration utilities
+ *
+ * @copyright
+ * Copyright (c) 2023 CESNET, z.s.p.o.
+ *
+ * This source code is licensed under BSD 3-Clause License (the "License").
+ * You may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ */
+
+#define _GNU_SOURCE
+
+#include "server_config_util.h"
+
+#include <crypt.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <libyang/libyang.h>
+
+#include "compat.h"
+#include "config.h"
+#include "log_p.h"
+#include "server_config.h"
+#include "session_p.h"
+
+#if !defined (HAVE_CRYPT_R)
+extern pthread_mutex_t crypt_lock;
+#endif
+
+static int
+_nc_server_config_add_ssh_hostkey(const struct ly_ctx *ctx, const char *tree_path,
+ const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *pubkey = NULL, *privkey = NULL;
+ NC_PRIVKEY_FORMAT privkey_type;
+ const char *privkey_format, *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
+
+ NC_CHECK_ARG_RET(NULL, ctx, tree_path, privkey_path, config, 1);
+
+ /* get the keys as a string from the given files */
+ ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_SSH, &privkey, &privkey_type, &pubkey);
+ if (ret) {
+ ERR(NULL, "Getting keys from file(s) failed.");
+ goto cleanup;
+ }
+
+ /* get privkey identityref value */
+ privkey_format = nc_server_config_util_privkey_format_to_identityref(privkey_type);
+ if (!privkey_format) {
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "inline-definition/public-key-format", pubkey_format, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "inline-definition/public-key", pubkey, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "inline-definition/private-key-format", privkey_format, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "inline-definition/cleartext-private-key", privkey, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ /* delete keystore choice nodes if present */
+ ret = nc_server_config_check_delete(config, "%s/keystore-reference", tree_path);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(privkey);
+ free(pubkey);
+ return ret;
+}
+
+API int
+nc_server_config_add_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
+ const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, hostkey_name, privkey_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
+ "server-identity/host-key[name='%s']/public-key", endpt_name, hostkey_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_ssh_hostkey(ctx, path, privkey_path, pubkey_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new hostkey YANG data nodes failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_add_ch_ssh_hostkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ const char *hostkey_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, hostkey_name, privkey_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
+ "host-key[name='%s']/public-key", client_name, endpt_name, hostkey_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_ssh_hostkey(ctx, path, privkey_path, pubkey_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new Call-Home hostkey YANG data nodes failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
+ struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
+
+ if (hostkey_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
+ "server-identity/host-key[name='%s']", endpt_name, hostkey_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
+ "server-identity/host-key", endpt_name);
+ }
+}
+
+API int
+nc_server_config_del_ch_ssh_hostkey(const char *client_name, const char *endpt_name,
+ const char *hostkey_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
+
+ if (hostkey_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
+ "host-key[name='%s']", client_name, endpt_name, hostkey_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
+ "host-key", client_name, endpt_name);
+ }
+}
+
+API int
+nc_server_config_add_ssh_auth_attempts(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_attempts,
+ struct lyd_node **config)
+{
+ int ret = 0;
+ char *attempts_buf = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
+
+ /* uint to str */
+ if (asprintf(&attempts_buf, "%u", auth_attempts) == -1) {
+ ERRMEM;
+ attempts_buf = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = nc_server_config_create(ctx, config, attempts_buf, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/libnetconf2-netconf-server:auth-attempts", endpt_name);
+
+cleanup:
+ free(attempts_buf);
+ return ret;
+}
+
+API int
+nc_server_config_add_ssh_auth_timeout(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_timeout,
+ struct lyd_node **config)
+{
+ int ret = 0;
+ char *timeout_buf = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
+
+ /* uint to str */
+ if (asprintf(&timeout_buf, "%u", auth_timeout) == -1) {
+ ERRMEM;
+ timeout_buf = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = nc_server_config_create(ctx, config, timeout_buf, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/libnetconf2-netconf-server:auth-timeout", endpt_name);
+
+cleanup:
+ free(timeout_buf);
+ return ret;
+}
+
+API int
+nc_server_config_add_ch_ssh_auth_attempts(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ uint16_t auth_attempts, struct lyd_node **config)
+{
+ int ret = 0;
+ char *attempts_buf = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
+
+ /* uint to str */
+ if (asprintf(&attempts_buf, "%u", auth_attempts) == -1) {
+ ERRMEM;
+ attempts_buf = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = nc_server_config_create(ctx, config, attempts_buf, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "libnetconf2-netconf-server:auth-attempts", client_name, endpt_name);
+
+cleanup:
+ free(attempts_buf);
+ return ret;
+}
+
+API int
+nc_server_config_add_ch_ssh_auth_timeout(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ uint16_t auth_timeout, struct lyd_node **config)
+{
+ int ret = 0;
+ char *timeout_buf = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
+
+ /* uint to str */
+ if (asprintf(&timeout_buf, "%u", auth_timeout) == -1) {
+ ERRMEM;
+ timeout_buf = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = nc_server_config_create(ctx, config, timeout_buf, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "libnetconf2-netconf-server:auth-timeout", client_name, endpt_name);
+
+cleanup:
+ free(timeout_buf);
+ return ret;
+}
+
+static int
+_nc_server_config_add_ssh_user_pubkey(const struct ly_ctx *ctx, const char *tree_path, const char *pubkey_path,
+ struct lyd_node **config)
+{
+ int ret = 0;
+ char *pubkey = NULL;
+ const char *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
+
+ /* get pubkey data */
+ ret = nc_server_config_util_get_ssh_pubkey_file(pubkey_path, &pubkey);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "public-key-format", pubkey_format, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "public-key", pubkey, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(pubkey);
+ return ret;
+}
+
+API int
+nc_server_config_add_ssh_user_pubkey(const struct ly_ctx *ctx, const char *endpt_name,
+ const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, pubkey_name, pubkey_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
+ "public-key[name='%s']", endpt_name, user_name, pubkey_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_ssh_user_pubkey(ctx, path, pubkey_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new SSH user's public key failed.");
+ goto cleanup;
+ }
+
+ /* delete truststore reference if present */
+ ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/truststore-reference",
+ endpt_name, user_name);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_add_ch_ssh_user_pubkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, pubkey_name, pubkey_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
+ "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "users/user[name='%s']/public-keys/inline-definition/public-key[name='%s']", client_name,
+ endpt_name, user_name, pubkey_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_ssh_user_pubkey(ctx, path, pubkey_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new CH SSH user's public key failed.");
+ goto cleanup;
+ }
+
+ /* delete truststore reference if present */
+ ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
+ "public-keys/truststore-reference", client_name, endpt_name, user_name);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_ssh_user_pubkey(const char *endpt_name, const char *user_name,
+ const char *pubkey_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
+
+ if (pubkey_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
+ "public-key[name='%s']", endpt_name, user_name, pubkey_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
+ "public-key", endpt_name, user_name);
+ }
+}
+
+API int
+nc_server_config_del_ch_ssh_user_pubkey(const char *client_name, const char *endpt_name,
+ const char *user_name, const char *pubkey_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
+
+ if (pubkey_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "users/user[name='%s']/public-keys/inline-definition/public-key[name='%s']", client_name,
+ endpt_name, user_name, pubkey_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "users/user[name='%s']/public-keys/inline-definition/public-key", client_name,
+ endpt_name, user_name);
+ }
+}
+
+static int
+_nc_server_config_add_ssh_user_password(const struct ly_ctx *ctx, const char *tree_path,
+ const char *password, struct lyd_node **config)
+{
+ int ret = 0;
+ char *hashed_pw = NULL;
+ const char *salt = "$6$idsizuippipk$";
+
+ NC_CHECK_ARG_RET(NULL, ctx, tree_path, password, config, 1);
+
+#ifdef HAVE_CRYPT_R
+ struct crypt_data cdata;
+#endif
+
+#ifdef HAVE_CRYPT_R
+ cdata.initialized = 0;
+ hashed_pw = crypt_r(password, salt, &data);
+#else
+ pthread_mutex_lock(&crypt_lock);
+ hashed_pw = crypt(password, salt);
+ pthread_mutex_unlock(&crypt_lock);
+#endif
+
+ if (!hashed_pw) {
+ ERR(NULL, "Hashing password failed (%s).", strerror(errno));
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "password", hashed_pw, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ return ret;
+}
+
+API int
+nc_server_config_add_ssh_user_password(const struct ly_ctx *ctx, const char *endpt_name,
+ const char *user_name, const char *password, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, password, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
+ "client-authentication/users/user[name='%s']", endpt_name, user_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_ssh_user_password(ctx, path, password, config);
+ if (ret) {
+ ERR(NULL, "Creating new SSH user's password failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_add_ch_ssh_user_password(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ const char *user_name, const char *password, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, password, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
+ "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "users/user[name='%s']", client_name, endpt_name, user_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_ssh_user_password(ctx, path, password, config);
+ if (ret) {
+ ERR(NULL, "Creating new CH SSH user's password failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_ssh_user_password(const char *endpt_name, const char *user_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
+
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/users/user[name='%s']/password", endpt_name, user_name);
+}
+
+API int
+nc_server_config_del_ch_ssh_user_password(const char *client_name, const char *endpt_name,
+ const char *user_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
+
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
+ "users/user[name='%s']/password", client_name, endpt_name, user_name);
+}
+
+static int
+_nc_server_config_add_ssh_user_interactive(const struct ly_ctx *ctx, const char *tree_path,
+ const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
+{
+ int ret = 0;
+
+ ret = nc_server_config_append(ctx, tree_path, "pam-config-file-name", pam_config_name, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ if (pam_config_dir) {
+ ret = nc_server_config_append(ctx, tree_path, "pam-config-file-dir", pam_config_dir, config);
+ if (ret) {
+ goto cleanup;
+ }
+ }
+
+cleanup:
+ return ret;
+}
+
+API int
+nc_server_config_add_ssh_user_interactive(const struct ly_ctx *ctx, const char *endpt_name,
+ const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, pam_config_name, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
+ "client-authentication/users/user[name='%s']/"
+ "libnetconf2-netconf-server:keyboard-interactive", endpt_name, user_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_ssh_user_interactive(ctx, path, pam_config_name, pam_config_dir, config);
+ if (ret) {
+ ERR(NULL, "Creating new SSH user's keyboard interactive nodes failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_add_ch_ssh_user_interactive(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, pam_config_name, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
+ "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
+ "libnetconf2-netconf-server:keyboard-interactive", client_name, endpt_name, user_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_ssh_user_interactive(ctx, path, pam_config_name, pam_config_dir, config);
+ if (ret) {
+ ERR(NULL, "Creating new CH SSH user's keyboard interactive nodes failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_ssh_user_interactive(const char *endpt_name, const char *user_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
+
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/users/user[name='%s']/"
+ "libnetconf2-netconf-server:keyboard-interactive", endpt_name, user_name);
+}
+
+API int
+nc_server_config_del_ch_ssh_user_interactive(const char *client_name, const char *endpt_name,
+ const char *user_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
+
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
+ "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
+ "libnetconf2-netconf-server:keyboard-interactive", client_name, endpt_name, user_name);
+}
+
+API int
+nc_server_config_del_ssh_user(const char *endpt_name,
+ const char *user_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
+
+ if (user_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/users/user[name='%s']", endpt_name, user_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
+ "ssh-server-parameters/client-authentication/users/user", endpt_name);
+ }
+}
+
+API int
+nc_server_config_del_ch_ssh_user(const char *client_name, const char *endpt_name,
+ const char *user_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
+
+ if (user_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
+ "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']", client_name,
+ endpt_name, user_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
+ "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user", client_name, endpt_name);
+ }
+}
+
+API int
+nc_server_config_add_ssh_endpoint_client_ref(const struct ly_ctx *ctx, const char *endpt_name,
+ const char *referenced_endpt, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, referenced_endpt, config, 1);
+
+ return nc_server_config_create(ctx, config, referenced_endpt, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
+ "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
+}
+
+API int
+nc_server_config_del_ssh_endpoint_client_ref(const char *endpt_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
+
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
+ "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
+}
diff --git a/src/server_config_util_tls.c b/src/server_config_util_tls.c
new file mode 100644
index 0000000..0d628f6
--- /dev/null
+++ b/src/server_config_util_tls.c
@@ -0,0 +1,584 @@
+/**
+ * @file server_config_util_tls.c
+ * @author Roman Janota <janota@cesnet.cz>
+ * @brief libnetconf2 server TLS configuration utilities
+ *
+ * @copyright
+ * Copyright (c) 2023 CESNET, z.s.p.o.
+ *
+ * This source code is licensed under BSD 3-Clause License (the "License").
+ * You may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ */
+
+#define _GNU_SOURCE
+
+#include "server_config_util.h"
+
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <libyang/libyang.h>
+
+#include "compat.h"
+#include "config.h"
+#include "log_p.h"
+#include "server_config.h"
+#include "session.h"
+#include "session_p.h"
+
+static int
+_nc_server_config_add_tls_server_cert(const struct ly_ctx *ctx, const char *tree_path, const char *privkey_path,
+ const char *pubkey_path, const char *certificate_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *privkey = NULL, *pubkey = NULL, *cert = NULL;
+ NC_PRIVKEY_FORMAT privkey_type;
+ const char *privkey_format, *pubkey_format = "ietf-crypto-types:subject-public-key-info-format";
+
+ NC_CHECK_ARG_RET(NULL, ctx, tree_path, privkey_path, certificate_path, config, 1);
+
+ /* get the keys as a string from the given files */
+ ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_X509, &privkey, &privkey_type, &pubkey);
+ if (ret) {
+ ERR(NULL, "Getting keys from file(s) failed.");
+ goto cleanup;
+ }
+
+ /* get cert data from file */
+ ret = nc_server_config_util_read_certificate(certificate_path, &cert);
+ if (ret) {
+ ERR(NULL, "Getting certificate from file \"%s\" failed.", certificate_path);
+ goto cleanup;
+ }
+
+ /* get privkey identityref value */
+ privkey_format = nc_server_config_util_privkey_format_to_identityref(privkey_type);
+ if (!privkey_format) {
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "inline-definition/public-key-format", pubkey_format, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "inline-definition/public-key", pubkey, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "inline-definition/private-key-format", privkey_format, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "inline-definition/cleartext-private-key", privkey, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "inline-definition/cert-data", cert, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ /* delete keystore if present */
+ ret = nc_server_config_check_delete(config, "%s/keystore-reference", tree_path);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(privkey);
+ free(pubkey);
+ free(cert);
+ return ret;
+}
+
+API int
+nc_server_config_add_tls_server_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *privkey_path,
+ const char *pubkey_path, const char *certificate_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, privkey_path, certificate_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
+ "tls/tls-server-parameters/server-identity/certificate", endpt_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_tls_server_cert(ctx, path, privkey_path, pubkey_path,
+ certificate_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new TLS server certificate YANG data failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_tls_server_cert(const char *endpt_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
+
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
+ "tls/tls-server-parameters/server-identity/certificate/inline-definition", endpt_name);
+}
+
+API int
+nc_server_config_add_ch_tls_server_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ const char *privkey_path, const char *pubkey_path, const char *certificate_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, privkey_path, certificate_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/server-identity/"
+ "certificate", client_name, endpt_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_tls_server_cert(ctx, path, privkey_path, pubkey_path,
+ certificate_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new CH TLS server certificate YANG data failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_ch_tls_server_cert(const char *client_name, const char *endpt_name,
+ struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
+
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
+ "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/server-identity/"
+ "certificate/inline-definition", client_name, endpt_name);
+}
+
+static int
+_nc_server_config_add_tls_client_cert(const struct ly_ctx *ctx, const char *tree_path,
+ const char *cert_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *cert = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, tree_path, cert_path, config, 1);
+
+ ret = nc_server_config_util_read_certificate(cert_path, &cert);
+ if (ret) {
+ ERR(NULL, "Getting certificate from file \"%s\" failed.", cert_path);
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "cert-data", cert, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(cert);
+ return ret;
+}
+
+API int
+nc_server_config_add_tls_client_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
+ const char *cert_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cert_name, cert_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ee-certs/inline-definition/certificate[name='%s']", endpt_name, cert_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_tls_client_cert(ctx, path, cert_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new TLS client certificate YANG data failed.");
+ goto cleanup;
+ }
+
+ /* delete truststore if present */
+ ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ee-certs/truststore-reference", endpt_name);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_tls_client_cert(const char *endpt_name, const char *cert_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
+
+ if (cert_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
+ "tls-server-parameters/client-authentication/ee-certs/inline-definition/"
+ "certificate[name='%s']", endpt_name, cert_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
+ "tls-server-parameters/client-authentication/ee-certs/inline-definition/"
+ "certificate", endpt_name);
+ }
+}
+
+API int
+nc_server_config_add_ch_tls_client_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ const char *cert_name, const char *cert_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cert_name, cert_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ee-certs/"
+ "inline-definition/certificate[name='%s']", client_name, endpt_name, cert_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_tls_client_cert(ctx, path, cert_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new CH TLS client certificate YANG data failed.");
+ goto cleanup;
+ }
+
+ /* delete truststore if present */
+ ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ee-certs/truststore-reference", client_name, endpt_name);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_ch_tls_client_cert(const char *client_name, const char *endpt_name,
+ const char *cert_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
+
+ if (cert_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ee-certs/"
+ "inline-definition/certificate[name='%s']", client_name, endpt_name, cert_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ee-certs/"
+ "inline-definition/certificate", client_name, endpt_name);
+ }
+}
+
+API int
+nc_server_config_add_tls_ca_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
+ const char *cert_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cert_name, cert_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ca-certs/inline-definition/certificate[name='%s']", endpt_name, cert_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_tls_client_cert(ctx, path, cert_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new TLS client certificate authority YANG data failed.");
+ goto cleanup;
+ }
+
+ /* delete truststore if present */
+ ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ca-certs/truststore-reference", endpt_name);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_tls_ca_cert(const char *endpt_name, const char *cert_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
+
+ if (cert_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
+ "tls-server-parameters/client-authentication/ca-certs/inline-definition/"
+ "certificate[name='%s']", endpt_name, cert_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
+ "tls-server-parameters/client-authentication/ca-certs/inline-definition/"
+ "certificate", endpt_name);
+ }
+}
+
+API int
+nc_server_config_add_ch_tls_ca_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ const char *cert_name, const char *cert_path, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cert_name, cert_path, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ca-certs/"
+ "inline-definition/certificate[name='%s']", client_name, endpt_name, cert_name) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_tls_client_cert(ctx, path, cert_path, config);
+ if (ret) {
+ ERR(NULL, "Creating new CH TLS client certificate authority YANG data failed.");
+ goto cleanup;
+ }
+
+ /* delete truststore if present */
+ ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/ca-certs/truststore-reference", client_name, endpt_name);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_ch_tls_ca_cert(const char *client_name, const char *endpt_name,
+ const char *cert_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
+
+ if (cert_name) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ca-certs/"
+ "inline-definition/certificate[name='%s']", client_name, endpt_name, cert_name);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ca-certs/"
+ "inline-definition/certificate", client_name, endpt_name);
+ }
+}
+
+static const char *
+nc_server_config_tls_maptype2str(NC_TLS_CTN_MAPTYPE map_type)
+{
+ switch (map_type) {
+ case NC_TLS_CTN_SPECIFIED:
+ return "ietf-x509-cert-to-name:specified";
+ case NC_TLS_CTN_SAN_RFC822_NAME:
+ return "ietf-x509-cert-to-name:san-rfc822-name";
+ case NC_TLS_CTN_SAN_DNS_NAME:
+ return "ietf-x509-cert-to-name:san-dns-name";
+ case NC_TLS_CTN_SAN_IP_ADDRESS:
+ return "ietf-x509-cert-to-name:san-ip-address";
+ case NC_TLS_CTN_SAN_ANY:
+ return "ietf-x509-cert-to-name:san-any";
+ case NC_TLS_CTN_COMMON_NAME:
+ return "ietf-x509-cert-to-name:common-name";
+ case NC_TLS_CTN_UNKNOWN:
+ default:
+ ERR(NULL, "Unknown CTN mapping type.");
+ return NULL;
+ }
+}
+
+static int
+_nc_server_config_add_tls_ctn(const struct ly_ctx *ctx, const char *tree_path, const char *fingerprint,
+ NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config)
+{
+ int ret = 0;
+ const char *map;
+
+ NC_CHECK_ARG_RET(NULL, ctx, tree_path, name, config, 1);
+
+ if (fingerprint) {
+ /* optional */
+ ret = nc_server_config_append(ctx, tree_path, "fingerprint", fingerprint, config);
+ if (ret) {
+ goto cleanup;
+ }
+ }
+
+ /* get map str */
+ map = nc_server_config_tls_maptype2str(map_type);
+ if (!map) {
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "map-type", map, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+ ret = nc_server_config_append(ctx, tree_path, "name", name, config);
+ if (ret) {
+ goto cleanup;
+ }
+
+cleanup:
+ return ret;
+}
+
+API int
+nc_server_config_add_tls_ctn(const struct ly_ctx *ctx, const char *endpt_name, uint32_t id, const char *fingerprint,
+ NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, id, name, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/netconf-server-parameters/"
+ "client-identity-mappings/cert-to-name[id='%u']", endpt_name, id) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_tls_ctn(ctx, path, fingerprint, map_type, name, config);
+ if (ret) {
+ ERR(NULL, "Creating new TLS cert-to-name YANG data failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_tls_ctn(const char *endpt_name, uint32_t id, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
+
+ if (id) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
+ "netconf-server-parameters/client-identity-mappings/cert-to-name[id='%u']", endpt_name, id);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
+ "netconf-server-parameters/client-identity-mappings/cert-to-name", endpt_name);
+ }
+}
+
+API int
+nc_server_config_add_ch_tls_ctn(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ uint32_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config)
+{
+ int ret = 0;
+ char *path = NULL;
+
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, id, name, config, 1);
+
+ if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/netconf-server-parameters/client-identity-mappings/"
+ "cert-to-name[id='%u']", client_name, endpt_name, id) == -1) {
+ ERRMEM;
+ path = NULL;
+ ret = 1;
+ goto cleanup;
+ }
+
+ ret = _nc_server_config_add_tls_ctn(ctx, path, fingerprint, map_type, name, config);
+ if (ret) {
+ ERR(NULL, "Creating new CH TLS cert-to-name YANG data failed.");
+ goto cleanup;
+ }
+
+cleanup:
+ free(path);
+ return ret;
+}
+
+API int
+nc_server_config_del_ch_tls_ctn(const char *client_name, const char *endpt_name,
+ uint32_t id, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
+
+ if (id) {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/netconf-server-parameters/client-identity-mappings/"
+ "cert-to-name[id='%u']", client_name, endpt_name, id);
+ } else {
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
+ "endpoints/endpoint[name='%s']/tls/netconf-server-parameters/client-identity-mappings/"
+ "cert-to-name", client_name, endpt_name);
+ }
+}
+
+API int
+nc_server_config_add_tls_endpoint_client_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *referenced_endpt, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, referenced_endpt, config, 1);
+
+ return nc_server_config_create(ctx, config, referenced_endpt, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
+}
+
+API int
+nc_server_config_del_tls_endpoint_client_ref(const char *endpt_name, struct lyd_node **config)
+{
+ NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
+
+ return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
+ "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
+}
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index be94cf3..b3e7548 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -8,7 +8,7 @@
endif()
# list of all the tests that don't require SSH and TLS
-set(tests test_unix_socket)
+set(tests test_unix_socket test_client_thread test_fd_comm test_init_destroy_client test_init_destroy_server test_io test_thread_messages)
# only enable PAM tests if the version of PAM is greater than 1.4
if(LIBPAM_HAVE_CONFDIR)
@@ -37,7 +37,7 @@
#append tests depending on SSH/TLS
if(ENABLE_SSH_TLS)
- list(APPEND tests test_two_channels test_ks_ts test_config_new test_ec
+ list(APPEND tests test_two_channels test_ks_ts test_ec
test_ed25519 test_replace test_endpt_share_clients test_tls test_crl test_ch
test_runtime_changes)
endif()
diff --git a/tests/test_auth.c b/tests/test_auth.c
index 87f6e89..631a84a 100644
--- a/tests/test_auth.c
+++ b/tests/test_auth.c
@@ -1,7 +1,7 @@
/**
* @file test_auth.c
* @author Roman Janota <xjanot04@fit.vutbr.cz>
- * @brief libnetconf2 Linux PAM keyboard-interactive authentication test
+ * @brief libnetconf2 SSH authentication methods test
*
* @copyright
* Copyright (c) 2022 CESNET, z.s.p.o.
@@ -315,22 +315,23 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt", "test_pk", "pubkey", TESTS_DIR "/data/key_rsa.pub", &tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt", "test_pk", "pubkey", TESTS_DIR "/data/key_rsa.pub", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_interactive(ctx, "endpt", "test_int", "netconf.conf", BUILD_DIR "/tests", &tree);
+ ret = nc_server_config_add_ssh_user_interactive(ctx, "endpt", "test_int", "netconf.conf", BUILD_DIR "/tests", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_password(ctx, "endpt", "test_pw", "testpw", &tree);
+ ret = nc_server_config_add_ssh_user_password(ctx, "endpt", "test_pw", "testpw", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_none(ctx, "endpt", "test_none", &tree);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/ssh/ssh-server-parameters/"
+ "client-authentication/users/user[name='test_none']/none", NULL, 0, NULL);
assert_int_equal(ret, 0);
/* configure the server based on the data */
diff --git a/tests/test_ch.c b/tests/test_ch.c
index 5e48cbc..558e29a 100644
--- a/tests/test_ch.c
+++ b/tests/test_ch.c
@@ -98,7 +98,7 @@
strcpy(expected, "reconnecting in");
/* prepare data for deleting the call-home client */
- ret = nc_server_config_new_ch_del_ch_client("ch_ssh", &state->ssh_tree);
+ ret = nc_server_config_del_ch_client("ch_ssh", &state->ssh_tree);
assert_int_equal(ret, 0);
/* new poll session */
@@ -198,23 +198,23 @@
assert_int_equal(ret, 0);
/* set call-home address and port */
- ret = nc_server_config_new_ch_address_port(ctx, "ch_ssh", "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &test_state->ssh_tree);
+ ret = nc_server_config_add_ch_address_port(ctx, "ch_ssh", "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &test_state->ssh_tree);
assert_int_equal(ret, 0);
/* set connection type to persistent */
- ret = nc_server_config_new_ch_persistent(ctx, "ch_ssh", &test_state->ssh_tree);
+ ret = nc_server_config_add_ch_persistent(ctx, "ch_ssh", &test_state->ssh_tree);
assert_int_equal(ret, 0);
/* set the period of the periodic connection type, this should remove the persistent connection type */
- ret = nc_server_config_new_ch_period(ctx, "ch_ssh", 3, &test_state->ssh_tree);
+ ret = nc_server_config_add_ch_period(ctx, "ch_ssh", 3, &test_state->ssh_tree);
assert_int_equal(ret, 0);
/* set call-home server hostkey */
- ret = nc_server_config_new_ch_ssh_hostkey(ctx, "ch_ssh", "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &test_state->ssh_tree);
+ ret = nc_server_config_add_ch_ssh_hostkey(ctx, "ch_ssh", "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &test_state->ssh_tree);
assert_int_equal(ret, 0);
/* set call-home client's pubkey */
- ret = nc_server_config_new_ch_ssh_user_pubkey(ctx, "ch_ssh", "endpt", "test_ch_ssh", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &test_state->ssh_tree);
+ ret = nc_server_config_add_ch_ssh_user_pubkey(ctx, "ch_ssh", "endpt", "test_ch_ssh", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &test_state->ssh_tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
@@ -282,7 +282,7 @@
struct nc_pollsession *ps;
/* prepare data for deleting the call-home client */
- ret = nc_server_config_new_ch_del_ch_client("ch_tls", &state->tls_tree);
+ ret = nc_server_config_del_ch_client("ch_tls", &state->tls_tree);
assert_int_equal(ret, 0);
/* new poll session */
@@ -400,23 +400,23 @@
assert_int_equal(ret, 0);
/* set call-home address and port */
- ret = nc_server_config_new_ch_address_port(ctx, "ch_tls", "endpt", NC_TI_OPENSSL, "127.0.0.1", "10010", &test_state->tls_tree);
+ ret = nc_server_config_add_ch_address_port(ctx, "ch_tls", "endpt", NC_TI_OPENSSL, "127.0.0.1", "10010", &test_state->tls_tree);
assert_int_equal(ret, 0);
/* set call-home server certificate */
- ret = nc_server_config_new_ch_tls_server_certificate(ctx, "ch_tls", "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tls_tree);
+ ret = nc_server_config_add_ch_tls_server_cert(ctx, "ch_tls", "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tls_tree);
assert_int_equal(ret, 0);
/* set call-home client end entity certificate */
- ret = nc_server_config_new_ch_tls_client_certificate(ctx, "ch_tls", "endpt", "ee-cert", TESTS_DIR "/data/client.crt", &test_state->tls_tree);
+ ret = nc_server_config_add_ch_tls_client_cert(ctx, "ch_tls", "endpt", "ee-cert", TESTS_DIR "/data/client.crt", &test_state->tls_tree);
assert_int_equal(ret, 0);
/* set call-home client certificate authority certificate */
- ret = nc_server_config_new_ch_tls_client_ca(ctx, "ch_tls", "endpt", "ca-cert", TESTS_DIR "/data/serverca.pem", &test_state->tls_tree);
+ ret = nc_server_config_add_ch_tls_ca_cert(ctx, "ch_tls", "endpt", "ca-cert", TESTS_DIR "/data/serverca.pem", &test_state->tls_tree);
assert_int_equal(ret, 0);
/* set call-home CTN */
- ret = nc_server_config_new_ch_tls_ctn(ctx, "ch_tls", "endpt", 1,
+ ret = nc_server_config_add_ch_tls_ctn(ctx, "ch_tls", "endpt", 1,
"04:85:6B:75:D1:1A:86:E0:D8:FE:5B:BD:72:F5:73:1D:07:EA:32:BF:09:11:21:6A:6E:23:78:8E:B6:D5:73:C3:2D",
NC_TLS_CTN_SPECIFIED, "ch_client_tls", &test_state->tls_tree);
assert_int_equal(ret, 0);
diff --git a/tests/test_config_new.c b/tests/test_config_new.c
deleted file mode 100644
index 72dda36..0000000
--- a/tests/test_config_new.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/**
- * @file test_keystore.c
- * @author Roman Janota <xjanot04@fit.vutbr.cz>
- * @brief libnetconf2 Linux PAM keyboard-interactive authentication test
- *
- * @copyright
- * Copyright (c) 2022 CESNET, z.s.p.o.
- *
- * This source code is licensed under BSD 3-Clause License (the "License").
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://opensource.org/licenses/BSD-3-Clause
- */
-
-#define _GNU_SOURCE
-
-#include <pthread.h>
-#include <setjmp.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <cmocka.h>
-
-#include "tests/config.h"
-
-#define NC_ACCEPT_TIMEOUT 2000
-#define NC_PS_POLL_TIMEOUT 2000
-
-struct ly_ctx *ctx;
-
-struct test_state {
- pthread_barrier_t barrier;
-};
-
-static void *
-server_thread(void *arg)
-{
- int ret;
- NC_MSG_TYPE msgtype;
- struct nc_session *session;
- struct nc_pollsession *ps;
- struct test_state *state = arg;
-
- ps = nc_ps_new();
- assert_non_null(ps);
-
- /* accept a session and add it to the poll session structure */
- pthread_barrier_wait(&state->barrier);
- msgtype = nc_accept(NC_ACCEPT_TIMEOUT, ctx, &session);
- assert_int_equal(msgtype, NC_MSG_HELLO);
-
- ret = nc_ps_add_session(ps, session);
- assert_int_equal(ret, 0);
-
- do {
- ret = nc_ps_poll(ps, NC_PS_POLL_TIMEOUT, NULL);
- assert_int_equal(ret & NC_PSPOLL_RPC, NC_PSPOLL_RPC);
- } while (!(ret & NC_PSPOLL_SESSION_TERM));
-
- nc_ps_clear(ps, 1, NULL);
- nc_ps_free(ps);
- return NULL;
-}
-
-static char *
-auth_password(const char *username, const char *hostname, void *priv)
-{
- (void) username;
- (void) hostname;
- (void) priv;
-
- /* set the reply to password authentication */
- return strdup("testpassword123");
-}
-
-static void *
-client_thread(void *arg)
-{
- int ret;
- struct nc_session *session = NULL;
- struct test_state *state = arg;
-
- /* skip all hostkey and known_hosts checks */
- nc_client_ssh_set_knownhosts_mode(NC_SSH_KNOWNHOSTS_SKIP);
-
- ret = nc_client_set_schema_searchpath(MODULES_DIR);
- assert_int_equal(ret, 0);
-
- ret = nc_client_ssh_set_username("client");
- assert_int_equal(ret, 0);
-
- nc_client_ssh_set_auth_password_clb(auth_password, NULL);
-
- pthread_barrier_wait(&state->barrier);
- session = nc_connect_ssh("127.0.0.1", 10005, NULL);
- assert_non_null(session);
-
- nc_session_free(session, NULL);
- return NULL;
-}
-
-static void
-test_nc_config_new(void **state)
-{
- int ret, i;
- pthread_t tids[2];
-
- assert_non_null(state);
-
- ret = pthread_create(&tids[0], NULL, client_thread, *state);
- assert_int_equal(ret, 0);
- ret = pthread_create(&tids[1], NULL, server_thread, *state);
- assert_int_equal(ret, 0);
-
- for (i = 0; i < 2; i++) {
- pthread_join(tids[i], NULL);
- }
-}
-
-static int
-setup_f(void **state)
-{
- int ret;
- struct lyd_node *tree = NULL;
- struct test_state *test_state;
-
- nc_verbosity(NC_VERB_VERBOSE);
-
- /* init barrier */
- test_state = malloc(sizeof *test_state);
- assert_non_null(test_state);
-
- ret = pthread_barrier_init(&test_state->barrier, NULL, 2);
- assert_int_equal(ret, 0);
-
- *state = test_state;
-
- /* new context */
- ret = ly_ctx_new(MODULES_DIR, 0, &ctx);
- assert_int_equal(ret, 0);
-
- /* initialize the context by loading default modules */
- ret = nc_server_init_ctx(&ctx);
- assert_int_equal(ret, 0);
-
- /* load ietf-netconf-server module and it's imports */
- ret = nc_server_config_load_modules(&ctx);
- assert_int_equal(ret, 0);
-
- /* create new hostkey data */
- ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/server.key", NULL, &tree);
- assert_int_equal(ret, 0);
-
- /* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
- assert_int_equal(ret, 0);
-
- /* create the host-key algorithms data */
- ret = nc_server_config_new_ssh_host_key_algs(ctx, "endpt", &tree, 1, "rsa-sha2-512");
- assert_int_equal(ret, 0);
-
- /* create the client authentication data, password only */
- ret = nc_server_config_new_ssh_user_password(ctx, "endpt", "client", "testpassword123", &tree);
- assert_int_equal(ret, 0);
-
- /* configure the server based on the data */
- ret = nc_server_config_setup_data(tree);
- assert_int_equal(ret, 0);
-
- ret = nc_server_init();
- assert_int_equal(ret, 0);
-
- /* initialize client */
- ret = nc_client_init();
- assert_int_equal(ret, 0);
-
- lyd_free_all(tree);
-
- return 0;
-}
-
-static int
-teardown_f(void **state)
-{
- int ret = 0;
- struct test_state *test_state;
-
- assert_non_null(state);
- test_state = *state;
-
- ret = pthread_barrier_destroy(&test_state->barrier);
- assert_int_equal(ret, 0);
-
- free(*state);
- nc_client_destroy();
- nc_server_destroy();
- ly_ctx_destroy(ctx);
-
- return 0;
-}
-
-int
-main(void)
-{
- const struct CMUnitTest tests[] = {
- cmocka_unit_test_setup_teardown(test_nc_config_new, setup_f, teardown_f),
- };
-
- setenv("CMOCKA_TEST_ABORT", "1", 1);
- return cmocka_run_group_tests(tests, NULL, NULL);
-}
diff --git a/tests/test_crl.c b/tests/test_crl.c
index 213792b..6cd6dc7 100644
--- a/tests/test_crl.c
+++ b/tests/test_crl.c
@@ -144,48 +144,32 @@
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
/* create new server certificate data */
- ret = nc_server_config_new_tls_server_certificate(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
/* create new end entity client cert data */
- ret = nc_server_config_new_tls_client_certificate(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
assert_int_equal(ret, 0);
/* create new client ca data */
- ret = nc_server_config_new_tls_client_ca(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
+ ret = nc_server_config_add_tls_ca_cert(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
assert_int_equal(ret, 0);
/* create new cert-to-name */
- ret = nc_server_config_new_tls_ctn(ctx, "endpt", 1,
+ ret = nc_server_config_add_tls_ctn(ctx, "endpt", 1,
"04:85:6B:75:D1:1A:86:E0:D8:FE:5B:BD:72:F5:73:1D:07:EA:32:BF:09:11:21:6A:6E:23:78:8E:B6:D5:73:C3:2D",
NC_TLS_CTN_SPECIFIED, "client", &tree);
assert_int_equal(ret, 0);
- /* limit TLS version to 1.3 */
- ret = nc_server_config_new_tls_version(ctx, "endpt", NC_TLS_VERSION_13, &tree);
- assert_int_equal(ret, 0);
-
- /* set the TLS cipher */
- ret = nc_server_config_new_tls_ciphers(ctx, "endpt", &tree, 3, "tls-aes-128-ccm-sha256", "tls-aes-128-gcm-sha256", "tls-chacha20-poly1305-sha256");
- assert_int_equal(ret, 0);
-
- /* set this node, but it should be deleted by the next call, bcs only one choice node can be present */
- ret = nc_server_config_new_tls_crl_url(ctx, "endpt", "abc", &tree);
- assert_int_equal(ret, 0);
-
/* set path to a CRL file */
- ret = nc_server_config_new_tls_crl_path(ctx, "endpt", TESTS_DIR "/data/crl.pem", &tree);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/tls/tls-server-parameters/"
+ "client-authentication/libnetconf2-netconf-server:crl-path", TESTS_DIR "/data/crl.pem", 0, NULL);
assert_int_equal(ret, 0);
- /* check if the choice node was removed */
- ret = lyd_find_path(tree, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-url", 0, NULL);
- assert_int_not_equal(ret, 0);
-
/* configure the server based on the data */
ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
diff --git a/tests/test_ec.c b/tests/test_ec.c
index 43d513f..415588d 100644
--- a/tests/test_ec.c
+++ b/tests/test_ec.c
@@ -213,19 +213,19 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10009, &tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10009, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt", "test_ec256", "pubkey", TESTS_DIR "/data/id_ecdsa256.pub", &tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt", "test_ec256", "pubkey", TESTS_DIR "/data/id_ecdsa256.pub", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt", "test_ec384", "pubkey", TESTS_DIR "/data/id_ecdsa384.pub", &tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt", "test_ec384", "pubkey", TESTS_DIR "/data/id_ecdsa384.pub", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt", "test_ec521", "pubkey", TESTS_DIR "/data/id_ecdsa521.pub", &tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt", "test_ec521", "pubkey", TESTS_DIR "/data/id_ecdsa521.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
diff --git a/tests/test_ed25519.c b/tests/test_ed25519.c
index b381c6a..714a88a 100644
--- a/tests/test_ed25519.c
+++ b/tests/test_ed25519.c
@@ -150,13 +150,13 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/server.key", NULL, &tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/server.key", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10009, &tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10009, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt", "test_ed25519", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt", "test_ed25519", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
diff --git a/tests/test_endpt_share_clients.c b/tests/test_endpt_share_clients.c
index f9284fe..7099d77 100644
--- a/tests/test_endpt_share_clients.c
+++ b/tests/test_endpt_share_clients.c
@@ -193,23 +193,23 @@
assert_int_equal(ret, 0);
/* create the first SSH endpoint with a client reference to the second endpoint */
- ret = nc_server_config_new_ssh_hostkey(ctx, "SSH_endpt_1", "hostkey", TESTS_DIR "/data/key_rsa", NULL, &tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "SSH_endpt_1", "hostkey", TESTS_DIR "/data/key_rsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "SSH_endpt_1", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
+ ret = nc_server_config_add_address_port(ctx, "SSH_endpt_1", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
- ret = nc_config_new_ssh_endpoint_user_ref(ctx, "SSH_endpt_1", "SSH_endpt_2", &tree);
+ ret = nc_server_config_add_ssh_endpoint_client_ref(ctx, "SSH_endpt_1", "SSH_endpt_2", &tree);
assert_int_equal(ret, 0);
/* create the second SSH endpoint with a single client */
- ret = nc_server_config_new_ssh_hostkey(ctx, "SSH_endpt_2", "hostkey", TESTS_DIR "/data/key_rsa", NULL, &tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "SSH_endpt_2", "hostkey", TESTS_DIR "/data/key_rsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "SSH_endpt_2", NC_TI_LIBSSH, "127.0.0.1", 10006, &tree);
+ ret = nc_server_config_add_address_port(ctx, "SSH_endpt_2", NC_TI_LIBSSH, "127.0.0.1", 10006, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "SSH_endpt_2", "client", "pubkey", TESTS_DIR "/data/key_rsa.pub", &tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "SSH_endpt_2", "client", "pubkey", TESTS_DIR "/data/key_rsa.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data */
@@ -260,32 +260,32 @@
assert_int_equal(ret, 0);
/* create the first TLS endpoint with a single end entity client cert and a CTN entry */
- ret = nc_server_config_new_tls_server_certificate(ctx, "TLS_endpt_1", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "TLS_endpt_1", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "TLS_endpt_1", NC_TI_OPENSSL, "127.0.0.1", 10007, &tree);
+ ret = nc_server_config_add_address_port(ctx, "TLS_endpt_1", NC_TI_OPENSSL, "127.0.0.1", 10007, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_tls_client_certificate(ctx, "TLS_endpt_1", "cert_client", TESTS_DIR "/data/client.crt", &tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "TLS_endpt_1", "cert_client", TESTS_DIR "/data/client.crt", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_tls_client_ca(ctx, "TLS_endpt_1", "cert_ca", TESTS_DIR "/data/serverca.pem", &tree);
+ ret = nc_server_config_add_tls_ca_cert(ctx, "TLS_endpt_1", "cert_ca", TESTS_DIR "/data/serverca.pem", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_tls_ctn(ctx, "TLS_endpt_1", 1,
+ ret = nc_server_config_add_tls_ctn(ctx, "TLS_endpt_1", 1,
"04:85:6B:75:D1:1A:86:E0:D8:FE:5B:BD:72:F5:73:1D:07:EA:32:BF:09:11:21:6A:6E:23:78:8E:B6:D5:73:C3:2D",
NC_TLS_CTN_SPECIFIED, "client", &tree);
assert_int_equal(ret, 0);
/* create the second TLS endpoint with a reference to the first endpoint */
- ret = nc_server_config_new_tls_server_certificate(ctx, "TLS_endpt_2",
+ ret = nc_server_config_add_tls_server_cert(ctx, "TLS_endpt_2",
TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "TLS_endpt_2", NC_TI_OPENSSL, "127.0.0.1", 10008, &tree);
+ ret = nc_server_config_add_address_port(ctx, "TLS_endpt_2", NC_TI_OPENSSL, "127.0.0.1", 10008, &tree);
assert_int_equal(ret, 0);
- ret = nc_config_new_tls_endpoint_client_ref(ctx, "TLS_endpt_2", "TLS_endpt_1", &tree);
+ ret = nc_server_config_add_tls_endpoint_client_ref(ctx, "TLS_endpt_2", "TLS_endpt_1", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data */
diff --git a/tests/test_init_destroy_client.c b/tests/test_init_destroy_client.c
index 097fa69..a9ee0db 100644
--- a/tests/test_init_destroy_client.c
+++ b/tests/test_init_destroy_client.c
@@ -39,6 +39,8 @@
{
(void)state;
+ nc_client_init();
+
return 0;
}
diff --git a/tests/test_ks_ts.c b/tests/test_ks_ts.c
index 159b6cf..5440b7e 100644
--- a/tests/test_ks_ts.c
+++ b/tests/test_ks_ts.c
@@ -138,19 +138,23 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_keystore_ref(ctx, "endpt", "hostkey", "test_keystore", &tree);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/"
+ "endpoint[name='endpt']/ssh/ssh-server-parameters/server-identity/host-key[name='hostkey']/public-key/"
+ "keystore-reference", "test_keystore", 0, NULL);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_truststore_ref(ctx, "endpt", "client", "test_truststore", &tree);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/"
+ "endpoint[name='endpt']/ssh/ssh-server-parameters/client-authentication/users/user[name='client']/public-keys/"
+ "truststore-reference", "test_truststore", 0, NULL);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_keystore_asym_key(ctx, NC_TI_LIBSSH, "test_keystore", TESTS_DIR "/data/key_rsa", NULL, &tree);
+ ret = nc_server_config_add_keystore_asym_key(ctx, NC_TI_LIBSSH, "test_keystore", TESTS_DIR "/data/key_rsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_truststore_pubkey(ctx, "test_truststore", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
+ ret = nc_server_config_add_truststore_pubkey(ctx, NC_TI_LIBSSH, "test_truststore", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
@@ -244,39 +248,45 @@
assert_int_equal(ret, 0);
/* new tls bind */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
/* new keystore asym key pair */
- ret = nc_server_config_new_keystore_asym_key(ctx, NC_TI_OPENSSL, "server_key", TESTS_DIR "/data/server.key", NULL, &tree);
+ ret = nc_server_config_add_keystore_asym_key(ctx, NC_TI_OPENSSL, "server_key", TESTS_DIR "/data/server.key", NULL, &tree);
assert_int_equal(ret, 0);
/* new keystore cert belonging to the key pair */
- ret = nc_server_config_new_keystore_cert(ctx, "server_key", "server_cert", TESTS_DIR "/data/server.crt", &tree);
+ ret = nc_server_config_add_keystore_cert(ctx, "server_key", "server_cert", TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
/* new truststore client cert */
- ret = nc_server_config_new_truststore_cert(ctx, "ee_cert_bag", "ee_cert", TESTS_DIR "/data/client.crt", &tree);
+ ret = nc_server_config_add_truststore_cert(ctx, "ee_cert_bag", "ee_cert", TESTS_DIR "/data/client.crt", &tree);
assert_int_equal(ret, 0);
/* new truststore client CA cert */
- ret = nc_server_config_new_truststore_cert(ctx, "ca_cert_bag", "ca_cert", TESTS_DIR "/data/serverca.pem", &tree);
+ ret = nc_server_config_add_truststore_cert(ctx, "ca_cert_bag", "ca_cert", TESTS_DIR "/data/serverca.pem", &tree);
assert_int_equal(ret, 0);
/* new keystore ref for the TLS server cert */
- ret = nc_server_config_new_tls_keystore_ref(ctx, "endpt", "server_key", "server_cert", &tree);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/"
+ "tls/tls-server-parameters/server-identity/certificate/keystore-reference/asymmetric-key", "server_key", 0, NULL);
+ assert_int_equal(ret, 0);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/"
+ "tls/tls-server-parameters/server-identity/certificate/keystore-reference/certificate", "server_cert", 0, NULL);
assert_int_equal(ret, 0);
/* new truststore ref for the client cert */
- ret = nc_server_config_new_tls_client_cert_truststore_ref(ctx, "endpt", "ee_cert_bag", &tree);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/tls/"
+ "tls-server-parameters/client-authentication/ee-certs/truststore-reference", "ee_cert_bag", 0, NULL);
assert_int_equal(ret, 0);
/* new truststore ref for the client CA cert */
- ret = nc_server_config_new_tls_client_ca_truststore_ref(ctx, "endpt", "ca_cert_bag", &tree);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/tls/"
+ "tls-server-parameters/client-authentication/ca-certs/truststore-reference", "ca_cert_bag", 0, NULL);
assert_int_equal(ret, 0);
/* new cert-to-name */
- ret = nc_server_config_new_tls_ctn(ctx, "endpt", 1,
+ ret = nc_server_config_add_tls_ctn(ctx, "endpt", 1,
"04:85:6B:75:D1:1A:86:E0:D8:FE:5B:BD:72:F5:73:1D:07:EA:32:BF:09:11:21:6A:6E:23:78:8E:B6:D5:73:C3:2D",
NC_TLS_CTN_SPECIFIED, "client", &tree);
assert_int_equal(ret, 0);
diff --git a/tests/test_replace.c b/tests/test_replace.c
index 7a61cee..1fd0937 100644
--- a/tests/test_replace.c
+++ b/tests/test_replace.c
@@ -233,26 +233,26 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "old", NC_TI_LIBSSH, "127.0.0.1", 10005, &old_tree);
+ ret = nc_server_config_add_address_port(ctx, "old", NC_TI_LIBSSH, "127.0.0.1", 10005, &old_tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_hostkey(ctx, "old", "old_key", TESTS_DIR "/data/key_rsa", NULL, &old_tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "old", "old_key", TESTS_DIR "/data/key_rsa", NULL, &old_tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_password(ctx, "old", "old_client", "passwd", &old_tree);
+ ret = nc_server_config_add_ssh_user_password(ctx, "old", "old_client", "passwd", &old_tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data, treat them as if every node had replace operation */
ret = nc_server_config_setup_data(old_tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "new", NC_TI_LIBSSH, "127.0.0.1", 10005, &new_tree);
+ ret = nc_server_config_add_address_port(ctx, "new", NC_TI_LIBSSH, "127.0.0.1", 10005, &new_tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_hostkey(ctx, "new", "new_key", TESTS_DIR "/data/key_rsa", NULL, &new_tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "new", "new_key", TESTS_DIR "/data/key_rsa", NULL, &new_tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "new", "new_client", "pubkey", TESTS_DIR "/data/key_rsa.pub", &new_tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "new", "new_client", "pubkey", TESTS_DIR "/data/key_rsa.pub", &new_tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data, meaning
diff --git a/tests/test_runtime_changes.c b/tests/test_runtime_changes.c
index a7cd45d..284d360 100644
--- a/tests/test_runtime_changes.c
+++ b/tests/test_runtime_changes.c
@@ -240,11 +240,11 @@
test_state = *state;
init_test_create_threads_tls(tids, state);
- ret = nc_server_config_new_tls_server_certificate(ctx, "endpt_tls", TESTS_DIR "/data/client.key", NULL, TESTS_DIR "/data/client.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt_tls", TESTS_DIR "/data/client.key", NULL, TESTS_DIR "/data/client.crt", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
- ret = nc_server_config_new_tls_server_certificate(ctx, "endpt_tls", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt_tls", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
@@ -264,11 +264,11 @@
test_state = *state;
init_test_create_threads_tls(tids, state);
- ret = nc_server_config_new_tls_client_certificate(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/server.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/server.crt", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
- ret = nc_server_config_new_tls_client_certificate(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/client.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/client.crt", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
@@ -288,13 +288,13 @@
test_state = *state;
init_test_create_threads_tls(tids, state);
- ret = nc_server_config_new_tls_ctn(ctx, "endpt_tls", 1,
+ ret = nc_server_config_add_tls_ctn(ctx, "endpt_tls", 1,
"FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF",
NC_TLS_CTN_SPECIFIED, "invalid-fingerprint", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
- ret = nc_server_config_new_tls_ctn(ctx, "endpt_tls", 1,
+ ret = nc_server_config_add_tls_ctn(ctx, "endpt_tls", 1,
"04:85:6B:75:D1:1A:86:E0:D8:FE:5B:BD:72:F5:73:1D:07:EA:32:BF:09:11:21:6A:6E:23:78:8E:B6:D5:73:C3:2D",
NC_TLS_CTN_SPECIFIED, "client", &test_state->tree);
assert_int_equal(ret, 0);
@@ -306,71 +306,33 @@
}
static void
-test_nc_change_tls_version(void **state)
-{
- int ret, i;
- pthread_t tids[2];
- struct test_state *test_state;
-
- assert_non_null(state);
- test_state = *state;
- init_test_create_threads_tls(tids, state);
-
- ret = nc_server_config_new_tls_version(ctx, "endpt_tls", NC_TLS_VERSION_11, &test_state->tree);
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
-
- ret = nc_server_config_new_tls_version(ctx, "endpt_tls", NC_TLS_VERSION_13, &test_state->tree);
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
-
- for (i = 0; i < 2; i++) {
- pthread_join(tids[i], NULL);
- }
-}
-
-static void
-test_nc_change_tls_ciphers(void **state)
-{
- int ret, i;
- pthread_t tids[2];
- struct test_state *test_state;
-
- assert_non_null(state);
- test_state = *state;
- init_test_create_threads_tls(tids, state);
-
- ret = nc_server_config_new_tls_ciphers(ctx, "endpt_tls", &test_state->tree, 1, "tls-rsa-with-null-sha");
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
-
- ret = nc_server_config_new_tls_ciphers(ctx, "endpt_tls", &test_state->tree, 3, "tls-aes-128-ccm-sha256", "tls-aes-128-gcm-sha256", "tls-chacha20-poly1305-sha256");
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
-
- for (i = 0; i < 2; i++) {
- pthread_join(tids[i], NULL);
- }
-}
-
-static void
test_nc_change_ssh_hostkey(void **state)
{
int ret, i;
pthread_t tids[2];
struct test_state *test_state;
+ struct lyd_node *hostkey = NULL;
assert_non_null(state);
test_state = *state;
init_test_create_threads_ssh(tids, state);
- ret = nc_server_config_new_ssh_hostkey(ctx, "endpt_ssh", "hostkey", TESTS_DIR "/data/server.key", NULL, &test_state->tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "endpt_ssh", "hostkey", TESTS_DIR "/data/server.key", NULL, &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_RUN);
- ret = nc_server_config_new_keystore_asym_key(ctx, NC_TI_LIBSSH, "keystore_hostkey", TESTS_DIR "/data/key_rsa", TESTS_DIR "/data/key_rsa.pub", &test_state->tree);
+ /* delete the locally defined hostkey */
+ ret = lyd_find_path(test_state->tree, "/ietf-netconf-server:netconf-server/listen/"
+ "endpoint[name='endpt_ssh']/ssh/ssh-server-parameters/server-identity/host-key[name='hostkey']/public-key", 0, &hostkey);
+ assert_non_null(hostkey);
+ lyd_free_tree(hostkey);
+
+ /* add the keystore entry and set it as hostkey */
+ ret = nc_server_config_add_keystore_asym_key(ctx, NC_TI_LIBSSH, "keystore_hostkey", TESTS_DIR "/data/key_rsa", TESTS_DIR "/data/key_rsa.pub", &test_state->tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_keystore_ref(ctx, "endpt_ssh", "hostkey", "keystore_hostkey", &test_state->tree);
+ ret = lyd_new_path(test_state->tree, ctx, "/ietf-netconf-server:netconf-server/listen/"
+ "endpoint[name='endpt_ssh']/ssh/ssh-server-parameters/server-identity/host-key[name='hostkey']/public-key/"
+ "keystore-reference", "keystore_hostkey", 0, NULL);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
@@ -390,35 +352,11 @@
test_state = *state;
init_test_create_threads_ssh(tids, state);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt_ssh", "client", "pubkey", TESTS_DIR "/data/id_ecdsa521.pub", &test_state->tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt_ssh", "client", "pubkey", TESTS_DIR "/data/id_ecdsa521.pub", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt_ssh", "client", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &test_state->tree);
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
-
- for (i = 0; i < 2; i++) {
- pthread_join(tids[i], NULL);
- }
-}
-
-static void
-test_nc_change_ssh_hostkey_algs(void **state)
-{
- int ret, i;
- pthread_t tids[2];
- struct test_state *test_state;
-
- assert_non_null(state);
- test_state = *state;
- init_test_create_threads_ssh(tids, state);
-
- ret = nc_server_config_new_ssh_host_key_algs(ctx, "endpt_ssh", &test_state->tree, 1, "ssh-dss");
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
-
- ret = nc_server_config_new_ssh_host_key_algs(ctx, "endpt_ssh", &test_state->tree, 1, "rsa-sha2-256");
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt_ssh", "client", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
@@ -457,33 +395,33 @@
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt_tls", NC_TI_OPENSSL, "127.0.0.1", 10005, &test_state->tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt_tls", NC_TI_OPENSSL, "127.0.0.1", 10005, &test_state->tree);
assert_int_equal(ret, 0);
/* create new server certificate data */
- ret = nc_server_config_new_tls_server_certificate(ctx, "endpt_tls", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt_tls", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tree);
assert_int_equal(ret, 0);
/* create new end entity client cert data */
- ret = nc_server_config_new_tls_client_certificate(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/client.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/client.crt", &test_state->tree);
assert_int_equal(ret, 0);
/* create new cert-to-name */
- ret = nc_server_config_new_tls_ctn(ctx, "endpt_tls", 1,
+ ret = nc_server_config_add_tls_ctn(ctx, "endpt_tls", 1,
"04:85:6B:75:D1:1A:86:E0:D8:FE:5B:BD:72:F5:73:1D:07:EA:32:BF:09:11:21:6A:6E:23:78:8E:B6:D5:73:C3:2D",
NC_TLS_CTN_SPECIFIED, "client", &test_state->tree);
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt_ssh", NC_TI_LIBSSH, "127.0.0.1", 10006, &test_state->tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt_ssh", NC_TI_LIBSSH, "127.0.0.1", 10006, &test_state->tree);
assert_int_equal(ret, 0);
/* create new hostkey data */
- ret = nc_server_config_new_ssh_hostkey(ctx, "endpt_ssh", "hostkey", TESTS_DIR "/data/server.key", NULL, &test_state->tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "endpt_ssh", "hostkey", TESTS_DIR "/data/server.key", NULL, &test_state->tree);
assert_int_equal(ret, 0);
/* create new ssh user pubkey data */
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt_ssh", "client", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &test_state->tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt_ssh", "client", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &test_state->tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
@@ -526,11 +464,8 @@
cmocka_unit_test_setup_teardown(test_nc_change_tls_srv_crt, setup_f, teardown_f),
cmocka_unit_test_setup_teardown(test_nc_change_tls_client_crt, setup_f, teardown_f),
cmocka_unit_test_setup_teardown(test_nc_change_tls_ctn, setup_f, teardown_f),
- cmocka_unit_test_setup_teardown(test_nc_change_tls_version, setup_f, teardown_f),
- cmocka_unit_test_setup_teardown(test_nc_change_tls_ciphers, setup_f, teardown_f),
cmocka_unit_test_setup_teardown(test_nc_change_ssh_hostkey, setup_f, teardown_f),
- cmocka_unit_test_setup_teardown(test_nc_change_ssh_usr_pubkey, setup_f, teardown_f),
- cmocka_unit_test_setup_teardown(test_nc_change_ssh_hostkey_algs, setup_f, teardown_f),
+ cmocka_unit_test_setup_teardown(test_nc_change_ssh_usr_pubkey, setup_f, teardown_f)
};
setenv("CMOCKA_TEST_ABORT", "1", 1);
diff --git a/tests/test_tls.c b/tests/test_tls.c
index dc5b502..542f7bd 100644
--- a/tests/test_tls.c
+++ b/tests/test_tls.c
@@ -138,35 +138,27 @@
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
/* create new server certificate data */
- ret = nc_server_config_new_tls_server_certificate(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
/* create new end entity client cert data */
- ret = nc_server_config_new_tls_client_certificate(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
assert_int_equal(ret, 0);
/* create new client ca data */
- ret = nc_server_config_new_tls_client_ca(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
+ ret = nc_server_config_add_tls_ca_cert(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
assert_int_equal(ret, 0);
/* create new cert-to-name */
- ret = nc_server_config_new_tls_ctn(ctx, "endpt", 1,
+ ret = nc_server_config_add_tls_ctn(ctx, "endpt", 1,
"04:85:6B:75:D1:1A:86:E0:D8:FE:5B:BD:72:F5:73:1D:07:EA:32:BF:09:11:21:6A:6E:23:78:8E:B6:D5:73:C3:2D",
NC_TLS_CTN_SPECIFIED, "client", &tree);
assert_int_equal(ret, 0);
- /* limit TLS version to 1.3 */
- ret = nc_server_config_new_tls_version(ctx, "endpt", NC_TLS_VERSION_13, &tree);
- assert_int_equal(ret, 0);
-
- /* set the TLS cipher */
- ret = nc_server_config_new_tls_ciphers(ctx, "endpt", &tree, 3, "tls-aes-128-ccm-sha256", "tls-aes-128-gcm-sha256", "tls-chacha20-poly1305-sha256");
- assert_int_equal(ret, 0);
-
/* configure the server based on the data */
ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
diff --git a/tests/test_two_channels.c b/tests/test_two_channels.c
index 38597c0..24e7353 100644
--- a/tests/test_two_channels.c
+++ b/tests/test_two_channels.c
@@ -154,16 +154,16 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
+ ret = nc_server_config_add_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
+ ret = nc_server_config_add_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt", "client_1", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt", "client_1", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_user_pubkey(ctx, "endpt", "client_2", "pubkey", TESTS_DIR "/data/id_ecdsa521.pub", &tree);
+ ret = nc_server_config_add_ssh_user_pubkey(ctx, "endpt", "client_2", "pubkey", TESTS_DIR "/data/id_ecdsa521.pub", &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_setup_data(tree);
diff --git a/tests/test_unix_socket.c b/tests/test_unix_socket.c
index 5743fd4..351a6e2 100644
--- a/tests/test_unix_socket.c
+++ b/tests/test_unix_socket.c
@@ -1,7 +1,7 @@
/**
- * @file test_keystore.c
+ * @file test_unix_socket.c
* @author Roman Janota <xjanot04@fit.vutbr.cz>
- * @brief libnetconf2 Linux PAM keyboard-interactive authentication test
+ * @brief libnetconf2 UNIX socket test
*
* @copyright
* Copyright (c) 2022 CESNET, z.s.p.o.
@@ -132,7 +132,7 @@
assert_int_equal(ret, 0);
/* create the UNIX socket */
- ret = nc_server_config_new_unix_socket(ctx, "unix", "/tmp/nc2_test_unix_sock", 0700, -1, -1, &tree);
+ ret = nc_server_config_add_unix_socket(ctx, "unix", "/tmp/nc2_test_unix_sock", 0700, -1, -1, &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */