blob: cf19e0125a8c8a37e91401e11aa13445564a121b [file] [log] [blame]
/**
* @file server_config_util.c
* @author Roman Janota <janota@cesnet.cz>
* @brief libnetconf2 server configuration utilities
*
* @copyright
* Copyright (c) 2023 CESNET, z.s.p.o.
*
* This source code is licensed under BSD 3-Clause License (the "License").
* You may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://opensource.org/licenses/BSD-3-Clause
*/
#define _GNU_SOURCE
#include "server_config_util.h"
#include <libyang/libyang.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef NC_ENABLED_SSH_TLS
#include <libssh/libssh.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#endif /* NC_ENABLED_SSH_TLS */
#include "compat.h"
#include "log_p.h"
#include "server_config.h"
#include "session.h"
#include "session_p.h"
int
nc_server_config_create(const struct ly_ctx *ctx, struct lyd_node **tree, const char *value, const char *path_fmt, ...)
{
int ret = 0;
va_list ap;
char *path = NULL;
NC_CHECK_ARG_RET(NULL, ctx, tree, path_fmt, 1);
va_start(ap, path_fmt);
/* create the path from the format */
ret = vasprintf(&path, path_fmt, ap);
if (ret == -1) {
ERRMEM;
path = NULL;
goto cleanup;
}
/* create the nodes in the path */
if (!*tree) {
ret = lyd_new_path(*tree, ctx, path, value, LYD_NEW_PATH_UPDATE, tree);
} else {
/* this could output NULL if no new nodes, lyd_find_path would fail then */
ret = lyd_new_path(*tree, ctx, path, value, LYD_NEW_PATH_UPDATE, NULL);
}
if (ret) {
goto cleanup;
}
/* set the node to the top level node */
ret = lyd_find_path(*tree, "/ietf-netconf-server:netconf-server", 0, tree);
if (ret) {
goto cleanup;
}
/* add all default nodes */
ret = lyd_new_implicit_tree(*tree, LYD_IMPLICIT_NO_STATE, NULL);
if (ret) {
goto cleanup;
}
cleanup:
free(path);
va_end(ap);
return ret;
}
int
nc_server_config_append(const struct ly_ctx *ctx, const char *parent_path, const char *child_name,
const char *value, struct lyd_node **tree)
{
int ret = 0;
char *path = NULL;
NC_CHECK_ARG_RET(NULL, ctx, parent_path, child_name, tree, 1);
/* create the path by appending child to the parent path */
ret = asprintf(&path, "%s/%s", parent_path, child_name);
if (ret == -1) {
ERRMEM;
path = NULL;
goto cleanup;
}
/* create the nodes in the path */
if (!*tree) {
ret = lyd_new_path(*tree, ctx, path, value, LYD_NEW_PATH_UPDATE, tree);
} else {
/* this could output NULL if no new nodes, lyd_find_path would fail then */
ret = lyd_new_path(*tree, ctx, path, value, LYD_NEW_PATH_UPDATE, NULL);
}
if (ret) {
goto cleanup;
}
/* set the node to the top level node */
ret = lyd_find_path(*tree, "/ietf-netconf-server:netconf-server", 0, tree);
if (ret) {
goto cleanup;
}
/* add all default nodes */
ret = lyd_new_implicit_tree(*tree, LYD_IMPLICIT_NO_STATE, NULL);
if (ret) {
goto cleanup;
}
cleanup:
free(path);
return ret;
}
int
nc_server_config_delete(struct lyd_node **tree, const char *path_fmt, ...)
{
int ret = 0;
va_list ap;
char *path = NULL;
struct lyd_node *sub = NULL;
NC_CHECK_ARG_RET(NULL, tree, path_fmt, 1);
va_start(ap, path_fmt);
/* create the path from the format */
ret = vasprintf(&path, path_fmt, ap);
if (ret == -1) {
ERRMEM;
path = NULL;
goto cleanup;
}
/* find the node we want to delete */
ret = lyd_find_path(*tree, path, 0, &sub);
if (ret) {
goto cleanup;
}
lyd_free_tree(sub);
/* set the node to top level container */
ret = lyd_find_path(*tree, "/ietf-netconf-server:netconf-server", 0, tree);
if (ret) {
goto cleanup;
}
/* add all default nodes */
ret = lyd_new_implicit_tree(*tree, LYD_IMPLICIT_NO_STATE, NULL);
if (ret) {
goto cleanup;
}
cleanup:
free(path);
va_end(ap);
return ret;
}
int
nc_server_config_check_delete(struct lyd_node **tree, const char *path_fmt, ...)
{
int ret = 0;
va_list ap;
char *path = NULL;
struct lyd_node *sub = NULL;
NC_CHECK_ARG_RET(NULL, tree, path_fmt, 1);
va_start(ap, path_fmt);
/* create the path from the format */
ret = vasprintf(&path, path_fmt, ap);
if (ret == -1) {
ERRMEM;
path = NULL;
goto cleanup;
}
/* find the node we want to delete */
ret = lyd_find_path(*tree, path, 0, &sub);
if ((ret == LY_EINCOMPLETE) || (ret == LY_ENOTFOUND)) {
ret = 0;
goto cleanup;
} else if (ret) {
ERR(NULL, "Unable to delete node in the path \"%s\".", path);
goto cleanup;
}
lyd_free_tree(sub);
/* set the node to top level container */
ret = lyd_find_path(*tree, "/ietf-netconf-server:netconf-server", 0, tree);
if (ret) {
goto cleanup;
}
cleanup:
free(path);
va_end(ap);
return ret;
}
#ifdef NC_ENABLED_SSH_TLS
const char *
nc_server_config_util_privkey_format_to_identityref(NC_PRIVKEY_FORMAT format)
{
switch (format) {
case NC_PRIVKEY_FORMAT_RSA:
return "ietf-crypto-types:rsa-private-key-format";
case NC_PRIVKEY_FORMAT_EC:
return "ietf-crypto-types:ec-private-key-format";
case NC_PRIVKEY_FORMAT_X509:
return "libnetconf2-netconf-server:private-key-info-format";
case NC_PRIVKEY_FORMAT_OPENSSH:
return "libnetconf2-netconf-server:openssh-private-key-format";
default:
ERR(NULL, "Private key type not supported.");
return NULL;
}
}
static int
nc_server_config_util_pubkey_bin_to_b64(const unsigned char *pub_bin, int bin_len, char **pubkey)
{
int ret = 0, b64_len;
char *pub_b64 = NULL;
NC_CHECK_ARG_RET(NULL, pub_bin, bin_len, pubkey, 1);
/* get b64 buffer len, for ever 3 bytes of bin 4 bytes of b64 + NULL terminator */
if (bin_len % 3 == 0) {
pub_b64 = malloc((bin_len / 3) * 4 + 1);
} else {
/* bin len not divisible by 3, need to add 4 bytes for some padding so that the len is divisible by 4 */
pub_b64 = malloc((bin_len / 3) * 4 + 4 + 1);
}
if (!pub_b64) {
ERRMEM;
ret = 1;
goto cleanup;
}
/* bin to b64 */
b64_len = EVP_EncodeBlock((unsigned char *)pub_b64, pub_bin, bin_len);
*pubkey = strndup(pub_b64, b64_len);
if (!*pubkey) {
ERRMEM;
ret = 1;
goto cleanup;
}
cleanup:
free(pub_b64);
return ret;
}
static int
nc_server_config_util_bn_to_bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
{
int ret = 0;
unsigned char *bin_tmp = NULL;
NC_CHECK_ARG_RET(NULL, bn, bin, bin_len, 1);
*bin = NULL;
/* prepare buffer for converting BN to binary */
bin_tmp = calloc(BN_num_bytes(bn), sizeof *bin_tmp);
if (!bin_tmp) {
ERRMEM;
return 1;
}
/* convert to binary */
*bin_len = BN_bn2bin(bn, bin_tmp);
/* if the highest bit in the MSB is set a byte with the value 0 has to be prepended */
if (bin_tmp[0] & 0x80) {
*bin = malloc(*bin_len + 1);
if (!*bin) {
ERRMEM;
ret = 1;
goto cleanup;
}
(*bin)[0] = 0;
memcpy(*bin + 1, bin_tmp, *bin_len);
(*bin_len)++;
} else {
*bin = malloc(*bin_len);
if (!*bin) {
ERRMEM;
ret = 1;
goto cleanup;
}
memcpy(*bin, bin_tmp, *bin_len);
}
cleanup:
free(bin_tmp);
return ret;
}
/* ssh pubkey defined in RFC 4253 section 6.6 */
static int
nc_server_config_util_evp_pkey_to_ssh_pubkey(EVP_PKEY *pkey, char **pubkey)
{
int ret = 0, e_len, n_len, p_len, bin_len;
BIGNUM *e = NULL, *n = NULL, *p = NULL;
unsigned char *e_bin = NULL, *n_bin = NULL, *p_bin = NULL, *bin = NULL, *bin_tmp;
const char *algorithm_name, *curve_name;
char *ec_group = NULL;
uint32_t alg_name_len, curve_name_len, alg_name_len_be, curve_name_len_be, p_len_be, e_len_be, n_len_be;
size_t ec_group_len;
NC_CHECK_ARG_RET(NULL, pkey, pubkey, 1);
if (EVP_PKEY_is_a(pkey, "RSA")) {
/* RSA key */
algorithm_name = "ssh-rsa";
/* get the public key params */
if (!EVP_PKEY_get_bn_param(pkey, "e", &e) || !EVP_PKEY_get_bn_param(pkey, "n", &n)) {
ERR(NULL, "Getting public key parameters from RSA private key failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* BIGNUM to bin */
if (nc_server_config_util_bn_to_bin(e, &e_bin, &e_len) || nc_server_config_util_bn_to_bin(n, &n_bin, &n_len)) {
ret = 1;
goto cleanup;
}
alg_name_len = strlen(algorithm_name);
/* buffer for public key in binary, which looks like this:
* alg_name len (4 bytes), alg_name, PK exponent len (4 bytes), PK exponent, modulus len (4 bytes), modulus
*/
bin_len = 4 + alg_name_len + 4 + e_len + 4 + n_len;
bin = malloc(bin_len);
if (!bin) {
ERRMEM;
ret = 1;
goto cleanup;
}
/* to network byte order (big endian) */
alg_name_len_be = htonl(alg_name_len);
e_len_be = htonl(e_len);
n_len_be = htonl(n_len);
/* create the public key in binary */
bin_tmp = bin;
memcpy(bin_tmp, &alg_name_len_be, 4);
bin_tmp += 4;
memcpy(bin_tmp, algorithm_name, alg_name_len);
bin_tmp += alg_name_len;
memcpy(bin_tmp, &e_len_be, 4);
bin_tmp += 4;
memcpy(bin_tmp, e_bin, e_len);
bin_tmp += e_len;
memcpy(bin_tmp, &n_len_be, 4);
bin_tmp += 4;
memcpy(bin_tmp, n_bin, n_len);
} else if (EVP_PKEY_is_a(pkey, "EC")) {
/* EC Private key, get it's group first */
/* get group len */
ret = EVP_PKEY_get_utf8_string_param(pkey, "group", NULL, 0, &ec_group_len);
if (!ret) {
ret = 1;
goto cleanup;
}
/* alloc mem for group + 1 for \0 */
ec_group = malloc(ec_group_len + 1);
if (!ec_group) {
ERRMEM;
ret = 1;
goto cleanup;
}
/* get the group */
ret = EVP_PKEY_get_utf8_string_param(pkey, "group", ec_group, ec_group_len + 1, NULL);
if (!ret) {
ERR(NULL, "Getting public key parameter from EC private key failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* get alg and curve names */
if (!strcmp(ec_group, "P-256") || !strcmp(ec_group, "secp256r1") || !strcmp(ec_group, "prime256v1")) {
algorithm_name = "ecdsa-sha2-nistp256";
curve_name = "nistp256";
} else if (!strcmp(ec_group, "P-384") || !strcmp(ec_group, "secp384r1")) {
algorithm_name = "ecdsa-sha2-nistp384";
curve_name = "nistp384";
} else if (!strcmp(ec_group, "P-521") || !strcmp(ec_group, "secp521r1")) {
algorithm_name = "ecdsa-sha2-nistp521";
curve_name = "nistp521";
} else {
ERR(NULL, "EC group \"%s\" not supported.", ec_group);
ret = 1;
goto cleanup;
}
/* get the public key - p, which is a point on the elliptic curve */
ret = EVP_PKEY_get_bn_param(pkey, "p", &p);
if (!ret) {
ERR(NULL, "Getting public key point from the EC private key failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* prepare buffer for converting p to binary */
p_bin = malloc(BN_num_bytes(p));
if (!p_bin) {
ERRMEM;
ret = 1;
goto cleanup;
}
/* convert to binary */
p_len = BN_bn2bin(p, p_bin);
alg_name_len = strlen(algorithm_name);
curve_name_len = strlen(curve_name);
/* buffer for public key in binary, which looks like so:
* alg_name len (4 bytes), alg_name, curve_name len (4 bytes), curve_name, PK point p len (4 bytes), PK point p
*/
bin_len = 4 + alg_name_len + 4 + curve_name_len + 4 + p_len;
bin = malloc(bin_len);
if (!bin) {
ERRMEM;
ret = 1;
goto cleanup;
}
/* to network byte order (big endian) */
alg_name_len_be = htonl(alg_name_len);
curve_name_len_be = htonl(curve_name_len);
p_len_be = htonl(p_len);
/* create the public key in binary */
bin_tmp = bin;
memcpy(bin_tmp, &alg_name_len_be, 4);
bin_tmp += 4;
memcpy(bin_tmp, algorithm_name, alg_name_len);
bin_tmp += alg_name_len;
memcpy(bin_tmp, &curve_name_len_be, 4);
bin_tmp += 4;
memcpy(bin_tmp, curve_name, curve_name_len);
bin_tmp += curve_name_len;
memcpy(bin_tmp, &p_len_be, 4);
bin_tmp += 4;
memcpy(bin_tmp, p_bin, p_len);
} else if (EVP_PKEY_is_a(pkey, "ED25519")) {
ERR(NULL, "Generating PEM ED25519 key from OpenSSH is not supported by libssh yet.");
ret = 1;
goto cleanup;
} else {
ERR(NULL, "Unable to generate public key from private key (Private key type not supported).");
ret = 1;
goto cleanup;
}
/* convert created bin to b64 */
ret = nc_server_config_util_pubkey_bin_to_b64(bin, bin_len, pubkey);
if (ret) {
ERR(NULL, "Converting public key from binary to base64 failed.");
goto cleanup;
}
cleanup:
free(bin);
free(e_bin);
free(n_bin);
free(ec_group);
free(p_bin);
BN_free(e);
BN_free(n);
BN_free(p);
return ret;
}
/* spki = subject public key info */
static int
nc_server_config_util_evp_pkey_to_spki_pubkey(EVP_PKEY *pkey, char **pubkey)
{
int ret = 0, len;
BIO *bio = NULL;
char *pub_b64 = NULL;
NC_CHECK_ARG_RET(NULL, pkey, pubkey, 1);
bio = BIO_new(BIO_s_mem());
if (!bio) {
ERR(NULL, "Creating new BIO failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* write the evp_pkey contents to bio */
if (!PEM_write_bio_PUBKEY(bio, pkey)) {
ERR(NULL, "Writing public key to BIO failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* read the pubkey from bio */
len = BIO_get_mem_data(bio, &pub_b64);
if (len <= 0) {
ERR(NULL, "Reading base64 private key from BIO failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* copy the public key without the header and footer */
*pubkey = strndup(pub_b64 + strlen(NC_SUBJECT_PUBKEY_INFO_HEADER),
len - strlen(NC_SUBJECT_PUBKEY_INFO_HEADER) - strlen(NC_SUBJECT_PUBKEY_INFO_FOOTER));
if (!*pubkey) {
ERRMEM;
ret = 1;
goto cleanup;
}
cleanup:
BIO_free(bio);
return ret;
}
int
nc_server_config_util_read_certificate(const char *cert_path, char **cert)
{
int ret = 0, cert_len;
X509 *x509 = NULL;
FILE *f = NULL;
BIO *bio = NULL;
char *c = NULL;
NC_CHECK_ARG_RET(NULL, cert_path, cert, 1);
f = fopen(cert_path, "r");
if (!f) {
ERR(NULL, "Unable to open certificate file \"%s\".", cert_path);
ret = 1;
goto cleanup;
}
/* load the cert into memory */
x509 = PEM_read_X509(f, NULL, NULL, NULL);
if (!x509) {
ret = -1;
goto cleanup;
}
bio = BIO_new(BIO_s_mem());
if (!bio) {
ret = -1;
goto cleanup;
}
ret = PEM_write_bio_X509(bio, x509);
if (!ret) {
ret = -1;
goto cleanup;
}
cert_len = BIO_pending(bio);
if (cert_len <= 0) {
ret = -1;
goto cleanup;
}
c = malloc(cert_len + 1);
if (!c) {
ERRMEM;
ret = 1;
goto cleanup;
}
/* read the cert from bio */
ret = BIO_read(bio, c, cert_len);
if (ret <= 0) {
ret = -1;
goto cleanup;
}
c[cert_len] = '\0';
/* strip the cert of the header and footer */
*cert = strdup(c + strlen(NC_PEM_CERTIFICATE_HEADER));
if (!*cert) {
ERRMEM;
ret = 1;
goto cleanup;
}
(*cert)[strlen(*cert) - strlen(NC_PEM_CERTIFICATE_FOOTER)] = '\0';
ret = 0;
cleanup:
if (ret == -1) {
ERR(NULL, "Error getting certificate from file \"%s\" (OpenSSL Error): \"%s\".", cert_path, ERR_reason_error_string(ERR_get_error()));
ret = 1;
}
if (f) {
fclose(f);
}
BIO_free(bio);
X509_free(x509);
free(c);
return ret;
}
static int
nc_server_config_util_read_pubkey_ssh2(FILE *f, char **pubkey)
{
char *buffer = NULL;
size_t size = 0, pubkey_len = 0;
void *tmp;
ssize_t read;
int ret = 0;
NC_CHECK_ARG_RET(NULL, f, pubkey, 1);
/* read lines from the file and create the public key without NL from it */
while ((read = getline(&buffer, &size, f)) > 0) {
if (!strncmp(buffer, "----", 4)) {
/* skip header and footer */
continue;
}
if (!strncmp(buffer, "Comment:", 8)) {
/* skip a comment */
continue;
}
if (buffer[read - 1] == '\n') {
/* avoid NL */
read--;
}
tmp = realloc(*pubkey, pubkey_len + read + 1);
if (!tmp) {
ERRMEM;
ret = 1;
goto cleanup;
}
*pubkey = tmp;
memcpy(*pubkey + pubkey_len, buffer, read);
pubkey_len += read;
}
if (!pubkey_len) {
ERR(NULL, "Unexpected public key format.");
ret = 1;
goto cleanup;
}
(*pubkey)[pubkey_len] = '\0';
cleanup:
free(buffer);
return ret;
}
static int
nc_server_config_util_read_pubkey_openssl(FILE *f, char **pubkey)
{
int ret = 0;
EVP_PKEY *pub_pkey = NULL;
NC_CHECK_ARG_RET(NULL, f, pubkey, 1);
/* read the pubkey from file */
pub_pkey = PEM_read_PUBKEY(f, NULL, NULL, NULL);
if (!pub_pkey) {
ERR(NULL, "Reading public key from file failed (%s).", ERR_reason_error_string(ERR_get_error()));
return 1;
}
ret = nc_server_config_util_evp_pkey_to_ssh_pubkey(pub_pkey, pubkey);
EVP_PKEY_free(pub_pkey);
return ret;
}
static int
nc_server_config_util_read_pubkey_libssh(const char *pubkey_path, char **pubkey)
{
int ret = 0;
ssh_key pub_sshkey = NULL;
NC_CHECK_ARG_RET(NULL, pubkey_path, pubkey, 1);
ret = ssh_pki_import_pubkey_file(pubkey_path, &pub_sshkey);
if (ret) {
ERR(NULL, "Importing public key from file \"%s\" failed.", pubkey_path);
return ret;
}
ret = ssh_pki_export_pubkey_base64(pub_sshkey, pubkey);
if (ret) {
ERR(NULL, "Importing pubkey failed.");
goto cleanup;
}
cleanup:
ssh_key_free(pub_sshkey);
return 0;
}
int
nc_server_config_util_get_ssh_pubkey_file(const char *pubkey_path, char **pubkey)
{
int ret = 0;
FILE *f = NULL;
char *header = NULL;
size_t len = 0;
NC_CHECK_ARG_RET(NULL, pubkey_path, pubkey, 1);
*pubkey = NULL;
f = fopen(pubkey_path, "r");
if (!f) {
ERR(NULL, "Unable to open file \"%s\".", pubkey_path);
ret = 1;
goto cleanup;
}
/* read the header */
if (getline(&header, &len, f) < 0) {
ERR(NULL, "Error reading header from file \"%s\".", pubkey_path);
ret = 1;
goto cleanup;
}
rewind(f);
if (!strncmp(header, NC_SUBJECT_PUBKEY_INFO_HEADER, strlen(NC_SUBJECT_PUBKEY_INFO_HEADER))) {
/* it's subject public key info public key */
ret = nc_server_config_util_read_pubkey_openssl(f, pubkey);
} else if (!strncmp(header, NC_SSH2_PUBKEY_HEADER, strlen(NC_SSH2_PUBKEY_HEADER))) {
/* it's ssh2 public key */
ret = nc_server_config_util_read_pubkey_ssh2(f, pubkey);
} else {
/* it's probably OpenSSH public key */
ret = nc_server_config_util_read_pubkey_libssh(pubkey_path, pubkey);
}
if (ret) {
ERR(NULL, "Error getting public key from file \"%s\".", pubkey_path);
goto cleanup;
}
cleanup:
if (f) {
fclose(f);
}
free(header);
return ret;
}
int
nc_server_config_util_get_spki_pubkey_file(const char *pubkey_path, char **pubkey)
{
int ret = 0;
FILE *f = NULL;
EVP_PKEY *pub_pkey = NULL;
NC_CHECK_ARG_RET(NULL, pubkey_path, pubkey, 1);
*pubkey = NULL;
f = fopen(pubkey_path, "r");
if (!f) {
ERR(NULL, "Unable to open file \"%s\".", pubkey_path);
ret = 1;
goto cleanup;
}
/* read the pubkey from file */
pub_pkey = PEM_read_PUBKEY(f, NULL, NULL, NULL);
if (!pub_pkey) {
ERR(NULL, "Reading public key from file failed (%s).", ERR_reason_error_string(ERR_get_error()));
return 1;
}
ret = nc_server_config_util_evp_pkey_to_spki_pubkey(pub_pkey, pubkey);
if (ret) {
goto cleanup;
}
cleanup:
if (f) {
fclose(f);
}
EVP_PKEY_free(pub_pkey);
return ret;
}
static int
nc_server_config_util_privkey_header_to_format(FILE *f_privkey, const char *privkey_path, NC_PRIVKEY_FORMAT *privkey_format)
{
char *privkey_header = NULL;
size_t len = 0;
NC_CHECK_ARG_RET(NULL, f_privkey, privkey_path, privkey_format, 1);
/* read header */
if (getline(&privkey_header, &len, f_privkey) < 0) {
ERR(NULL, "Error reading header from file \"%s\".", privkey_path);
return 1;
}
if (!strncmp(privkey_header, NC_PKCS8_PRIVKEY_HEADER, strlen(NC_PKCS8_PRIVKEY_HEADER))) {
/* it's PKCS8 (X.509) private key */
*privkey_format = NC_PRIVKEY_FORMAT_X509;
} else if (!strncmp(privkey_header, NC_OPENSSH_PRIVKEY_HEADER, strlen(NC_OPENSSH_PRIVKEY_HEADER))) {
/* it's OpenSSH private key */
*privkey_format = NC_PRIVKEY_FORMAT_OPENSSH;
} else if (!strncmp(privkey_header, NC_PKCS1_RSA_PRIVKEY_HEADER, strlen(NC_PKCS1_RSA_PRIVKEY_HEADER))) {
/* it's RSA privkey in PKCS1 format */
*privkey_format = NC_PRIVKEY_FORMAT_RSA;
} else if (!strncmp(privkey_header, NC_SEC1_EC_PRIVKEY_HEADER, strlen(NC_SEC1_EC_PRIVKEY_HEADER))) {
/* it's EC privkey in SEC1 format */
*privkey_format = NC_PRIVKEY_FORMAT_EC;
} else {
ERR(NULL, "Private key format (%s) not supported.", privkey_header);
free(privkey_header);
return 1;
}
/* reset the reading head */
rewind(f_privkey);
free(privkey_header);
return 0;
}
static int
nc_server_config_util_get_privkey_openssl(const char *privkey_path, FILE *f_privkey, char **privkey, EVP_PKEY **pkey)
{
int ret = 0, len;
BIO *bio = NULL;
char *priv_b64 = NULL;
NC_CHECK_ARG_RET(NULL, privkey_path, f_privkey, privkey, pkey, 1);
bio = BIO_new(BIO_s_mem());
if (!bio) {
ERR(NULL, "Creating new BIO failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* read the privkey file, create EVP_PKEY */
*pkey = PEM_read_PrivateKey(f_privkey, NULL, NULL, NULL);
if (!*pkey) {
ERR(NULL, "Getting private key from file \"%s\" failed (%s).", privkey_path, ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* write the privkey to bio */
if (!PEM_write_bio_PrivateKey(bio, *pkey, NULL, NULL, 0, NULL, NULL)) {
ERR(NULL, "Writing private key to BIO failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* read the privkey from bio */
len = BIO_get_mem_data(bio, &priv_b64);
if (len <= 0) {
ERR(NULL, "Reading base64 private key from BIO failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
*privkey = strndup(priv_b64, len);
if (!*privkey) {
ERRMEM;
ret = 1;
goto cleanup;
}
cleanup:
/* priv_b64 is freed with BIO */
BIO_free(bio);
return ret;
}
static int
nc_server_config_util_get_privkey_libssh(const char *privkey_path, char **privkey, EVP_PKEY **pkey)
{
int ret = 0;
BIO *bio = NULL;
char *priv_b64 = NULL;
ssh_key key = NULL;
NC_CHECK_ARG_RET(NULL, privkey_path, privkey, pkey, 1);
ret = ssh_pki_import_privkey_file(privkey_path, NULL, NULL, NULL, &key);
if (ret) {
ERR(NULL, "Importing privkey from file \"%s\" failed.", privkey_path);
goto cleanup;
}
/* exports the key in a format in which OpenSSL can read it */
ret = ssh_pki_export_privkey_base64(key, NULL, NULL, NULL, &priv_b64);
if (ret) {
ERR(NULL, "Exporting privkey to base64 failed.");
goto cleanup;
}
bio = BIO_new(BIO_s_mem());
if (!bio) {
ERR(NULL, "Creating new BIO failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
ret = BIO_write(bio, priv_b64, strlen(priv_b64));
if (ret <= 0) {
ERR(NULL, "Writing private key to BIO failed (%s).", ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
/* create EVP_PKEY from the b64 */
*pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
if (!*pkey) {
ERR(NULL, "Getting private key from file \"%s\" failed (%s).", privkey_path, ERR_reason_error_string(ERR_get_error()));
ret = 1;
goto cleanup;
}
*privkey = strndup(priv_b64, ret);
if (!*privkey) {
ERRMEM;
ret = 1;
goto cleanup;
}
/* ok */
ret = 0;
cleanup:
free(priv_b64);
BIO_free(bio);
ssh_key_free(key);
return ret;
}
static int
nc_server_config_util_get_privkey(const char *privkey_path, NC_PRIVKEY_FORMAT *privkey_format, char **privkey, EVP_PKEY **pkey)
{
int ret = 0;
FILE *f_privkey = NULL;
char *priv = NULL;
NC_CHECK_ARG_RET(NULL, privkey_path, privkey_format, privkey, pkey, 1);
f_privkey = fopen(privkey_path, "r");
if (!f_privkey) {
ERR(NULL, "Unable to open file \"%s\".", privkey_path);
ret = 1;
goto cleanup;
}
/* read the first line from the privkey to determine it's type */
ret = nc_server_config_util_privkey_header_to_format(f_privkey, privkey_path, privkey_format);
if (ret) {
ERR(NULL, "Getting private key format from file \"%s\" failed.", privkey_path);
goto cleanup;
}
switch (*privkey_format) {
/* fall-through */
case NC_PRIVKEY_FORMAT_RSA:
case NC_PRIVKEY_FORMAT_EC:
case NC_PRIVKEY_FORMAT_X509:
/* OpenSSL solely can do this */
ret = nc_server_config_util_get_privkey_openssl(privkey_path, f_privkey, &priv, pkey);
break;
case NC_PRIVKEY_FORMAT_OPENSSH:
/* need the help of libssh */
ret = nc_server_config_util_get_privkey_libssh(privkey_path, &priv, pkey);
/* if the function returned successfully, the key is no longer OpenSSH, it was converted to x509 */
*privkey_format = NC_PRIVKEY_FORMAT_X509;
break;
default:
ERR(NULL, "Private key format not recognized.");
ret = 1;
break;
}
if (ret) {
goto cleanup;
}
/* strip private key's header and footer */
*privkey = strdup(priv + strlen(NC_PKCS8_PRIVKEY_HEADER));
if (!*privkey) {
ERRMEM;
ret = 1;
goto cleanup;
}
(*privkey)[strlen(*privkey) - strlen(NC_PKCS8_PRIVKEY_FOOTER)] = '\0';
cleanup:
if (f_privkey) {
fclose(f_privkey);
}
free(priv);
return ret;
}
int
nc_server_config_util_get_asym_key_pair(const char *privkey_path, const char *pubkey_path, NC_PUBKEY_FORMAT wanted_pubkey_format,
char **privkey, NC_PRIVKEY_FORMAT *privkey_type, char **pubkey)
{
int ret = 0;
EVP_PKEY *priv_pkey = NULL;
NC_CHECK_ARG_RET(NULL, privkey_path, privkey, privkey_type, pubkey, 1);
*privkey = NULL;
*pubkey = NULL;
/* get private key base64 and EVP_PKEY */
ret = nc_server_config_util_get_privkey(privkey_path, privkey_type, privkey, &priv_pkey);
if (ret) {
ERR(NULL, "Getting private key from file \"%s\" failed.", privkey_path);
goto cleanup;
}
/* get public key, either from file or generate it from the EVP_PKEY */
if (!pubkey_path) {
if (wanted_pubkey_format == NC_PUBKEY_FORMAT_SSH) {
ret = nc_server_config_util_evp_pkey_to_ssh_pubkey(priv_pkey, pubkey);
} else {
ret = nc_server_config_util_evp_pkey_to_spki_pubkey(priv_pkey, pubkey);
}
} else {
if (wanted_pubkey_format == NC_PUBKEY_FORMAT_SSH) {
ret = nc_server_config_util_get_ssh_pubkey_file(pubkey_path, pubkey);
} else {
ret = nc_server_config_util_get_spki_pubkey_file(pubkey_path, pubkey);
}
}
if (ret) {
if (pubkey_path) {
ERR(NULL, "Getting public key from file \"%s\" failed.", pubkey_path);
} else {
ERR(NULL, "Generating public key from private key failed.");
}
goto cleanup;
}
cleanup:
EVP_PKEY_free(priv_pkey);
return ret;
}
API int
nc_server_config_add_address_port(const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport,
const char *address, uint16_t port, struct lyd_node **config)
{
int ret = 0;
const char *address_fmt, *port_fmt;
char port_buf[6] = {0};
NC_CHECK_ARG_RET(NULL, ctx, endpt_name, address, config, 1);
if (transport == NC_TI_LIBSSH) {
/* SSH path */
address_fmt = "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/tcp-server-parameters/local-address";
port_fmt = "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/tcp-server-parameters/local-port";
} else if (transport == NC_TI_OPENSSL) {
/* TLS path */
address_fmt = "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tcp-server-parameters/local-address";
port_fmt = "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tcp-server-parameters/local-port";
} else {
ERR(NULL, "Can not set address and port of a non SSH/TLS endpoint.");
ret = 1;
goto cleanup;
}
ret = nc_server_config_create(ctx, config, address, address_fmt, endpt_name);
if (ret) {
goto cleanup;
}
sprintf(port_buf, "%d", port);
ret = nc_server_config_create(ctx, config, port_buf, port_fmt, endpt_name);
if (ret) {
goto cleanup;
}
cleanup:
return ret;
}
API int
nc_server_config_add_ch_address_port(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
NC_TRANSPORT_IMPL transport, const char *address, const char *port, struct lyd_node **config)
{
int ret = 0;
const char *address_fmt, *port_fmt;
NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, address, port, config, 1);
if (transport == NC_TI_LIBSSH) {
/* SSH path */
address_fmt = "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/tcp-client-parameters/remote-address";
port_fmt = "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/tcp-client-parameters/remote-port";
} else if (transport == NC_TI_OPENSSL) {
/* TLS path */
address_fmt = "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tcp-client-parameters/remote-address";
port_fmt = "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tcp-client-parameters/remote-port";
} else {
ERR(NULL, "Transport not supported.");
ret = 1;
goto cleanup;
}
ret = nc_server_config_create(ctx, config, address, address_fmt, client_name, endpt_name);
if (ret) {
goto cleanup;
}
ret = nc_server_config_create(ctx, config, port, port_fmt, client_name, endpt_name);
if (ret) {
goto cleanup;
}
cleanup:
return ret;
}
API int
nc_server_config_del_endpt(const char *endpt_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, config, 1);
if (endpt_name) {
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']", endpt_name);
} else {
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint");
}
}
API int
nc_server_config_del_ch_client(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, config, 1);
if (ch_client_name) {
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']", ch_client_name);
} else {
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client");
}
}
API int
nc_server_config_del_ch_endpt(const char *client_name, const char *endpt_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, client_name, config, 1);
if (endpt_name) {
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
"endpoints/endpoint[name='%s']", client_name, endpt_name);
} else {
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
"endpoints/endpoint", client_name);
}
}
API int
nc_server_config_add_keystore_asym_key(const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti, const char *asym_key_name,
const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
{
int ret = 0;
char *privkey = NULL, *pubkey = NULL;
NC_PRIVKEY_FORMAT privkey_type;
const char *privkey_format, *pubkey_format;
NC_CHECK_ARG_RET(NULL, ctx, asym_key_name, privkey_path, config, 1);
/* get the keys as a string from the given files */
if (ti == NC_TI_LIBSSH) {
ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_SSH, &privkey, &privkey_type, &pubkey);
} else if (ti == NC_TI_OPENSSL) {
ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_X509, &privkey, &privkey_type, &pubkey);
} else {
ERR(NULL, "Only SSH and TLS transports can be used to create an asymmetric key pair in the keystore.");
ret = 1;
goto cleanup;
}
if (ret) {
ERR(NULL, "Getting keys from file(s) failed.");
goto cleanup;
}
/* get pubkey format str */
if (ti == NC_TI_LIBSSH) {
pubkey_format = "ietf-crypto-types:ssh-public-key-format";
} else {
pubkey_format = "ietf-crypto-types:subject-public-key-info-format";
}
/* get privkey identityref value */
privkey_format = nc_server_config_util_privkey_format_to_identityref(privkey_type);
if (!privkey_format) {
ret = 1;
goto cleanup;
}
ret = nc_server_config_create(ctx, config, pubkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/public-key-format", asym_key_name);
if (ret) {
goto cleanup;
}
ret = nc_server_config_create(ctx, config, pubkey, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/public-key", asym_key_name);
if (ret) {
goto cleanup;
}
ret = nc_server_config_create(ctx, config, privkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/private-key-format", asym_key_name);
if (ret) {
goto cleanup;
}
ret = nc_server_config_create(ctx, config, privkey, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/cleartext-private-key", asym_key_name);
if (ret) {
goto cleanup;
}
cleanup:
free(privkey);
free(pubkey);
return ret;
}
API int
nc_server_config_del_keystore_asym_key(const char *asym_key_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, config, 1);
if (asym_key_name) {
return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']", asym_key_name);
} else {
return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key");
}
}
API int
nc_server_config_add_keystore_cert(const struct ly_ctx *ctx, const char *asym_key_name, const char *cert_name,
const char *cert_path, struct lyd_node **config)
{
int ret = 0;
char *cert = NULL;
NC_CHECK_ARG_RET(NULL, ctx, asym_key_name, cert_name, cert_path, config, 1);
/* get cert data */
ret = nc_server_config_util_read_certificate(cert_path, &cert);
if (ret) {
goto cleanup;
}
ret = nc_server_config_create(ctx, config, cert, "/ietf-keystore:keystore/asymmetric-keys/"
"asymmetric-key[name='%s']/certificates/certificate[name='%s']/cert-data", asym_key_name, cert_name);
cleanup:
free(cert);
return ret;
}
API int
nc_server_config_del_keystore_cert(const char *asym_key_name, const char *cert_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, asym_key_name, config, 1);
if (cert_name) {
return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/"
"certificates/certificate[name='%s']", asym_key_name, cert_name);
} else {
return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/"
"certificates/certificate", asym_key_name);
}
}
API int
nc_server_config_add_truststore_pubkey(const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti, const char *pub_bag_name,
const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
{
int ret = 0;
char *pubkey = NULL;
const char *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
NC_CHECK_ARG_RET(NULL, ctx, pub_bag_name, pubkey_name, pubkey_path, config, 1);
if (ti == NC_TI_LIBSSH) {
ret = nc_server_config_util_get_ssh_pubkey_file(pubkey_path, &pubkey);
} else if (ti == NC_TI_OPENSSL) {
ret = nc_server_config_util_get_spki_pubkey_file(pubkey_path, &pubkey);
} else {
ERR(NULL, "Public key in the truststore can only be created for SSH or TLS transports.");
ret = 1;
goto cleanup;
}
if (ret) {
goto cleanup;
}
ret = nc_server_config_create(ctx, config, pubkey_format, "/ietf-truststore:truststore/public-key-bags/"
"public-key-bag[name='%s']/public-key[name='%s']/public-key-format", pub_bag_name, pubkey_name);
if (ret) {
goto cleanup;
}
ret = nc_server_config_create(ctx, config, pubkey, "/ietf-truststore:truststore/public-key-bags/"
"public-key-bag[name='%s']/public-key[name='%s']/public-key", pub_bag_name, pubkey_name);
if (ret) {
goto cleanup;
}
cleanup:
free(pubkey);
return ret;
}
API int
nc_server_config_del_truststore_pubkey(const char *pub_bag_name,
const char *pubkey_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, pub_bag_name, config, 1);
if (pubkey_name) {
return nc_server_config_delete(config, "/ietf-truststore:truststore/public-key-bags/"
"public-key-bag[name='%s']/public-key[name='%s']", pub_bag_name, pubkey_name);
} else {
return nc_server_config_delete(config, "/ietf-truststore:truststore/public-key-bags/"
"public-key-bag[name='%s']/public-key", pub_bag_name);
}
}
API int
nc_server_config_add_truststore_cert(const struct ly_ctx *ctx, const char *cert_bag_name, const char *cert_name,
const char *cert_path, struct lyd_node **config)
{
int ret = 0;
char *cert = NULL;
NC_CHECK_ARG_RET(NULL, ctx, cert_bag_name, cert_name, cert_path, config, 1);
ret = nc_server_config_util_read_certificate(cert_path, &cert);
if (ret) {
goto cleanup;
}
ret = nc_server_config_create(ctx, config, cert, "/ietf-truststore:truststore/certificate-bags/"
"certificate-bag[name='%s']/certificate[name='%s']/cert-data", cert_bag_name, cert_name);
if (ret) {
goto cleanup;
}
cleanup:
free(cert);
return ret;
}
API int
nc_server_config_del_truststore_cert(const char *cert_bag_name,
const char *cert_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, cert_bag_name, config, 1);
if (cert_name) {
return nc_server_config_delete(config, "/ietf-truststore:truststore/certificate-bags/"
"certificate-bag[name='%s']/certificate[name='%s']", cert_bag_name, cert_name);
} else {
return nc_server_config_delete(config, "/ietf-truststore:truststore/certificate-bags/"
"certificate-bag[name='%s']/certificate", cert_bag_name);
}
}
#endif /* NC_ENABLED_SSH_TLS */
API int
nc_server_config_add_unix_socket(const struct ly_ctx *ctx, const char *endpt_name, const char *path,
mode_t mode, uid_t uid, gid_t gid, struct lyd_node **config)
{
int ret = 0;
char *tree_path = NULL;
char buf[12] = {0};
NC_CHECK_ARG_RET(NULL, ctx, endpt_name, path, config, 1);
if (asprintf(&tree_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/libnetconf2-netconf-server:unix-socket", endpt_name) == -1) {
ERRMEM;
tree_path = NULL;
ret = 1;
goto cleanup;
}
/* path to unix socket */
ret = nc_server_config_append(ctx, tree_path, "path", path, config);
if (ret) {
goto cleanup;
}
/* mode */
if (mode != (mode_t)-1) {
if (mode > 0777) {
ERR(NULL, "Invalid mode value (%o).", mode);
ret = 1;
goto cleanup;
}
sprintf(buf, "%o", mode);
ret = nc_server_config_append(ctx, tree_path, "mode", buf, config);
if (ret) {
goto cleanup;
}
}
/* uid */
if (uid != (uid_t)-1) {
memset(buf, 0, 12);
sprintf(buf, "%u", uid);
ret = nc_server_config_append(ctx, tree_path, "uid", buf, config);
if (ret) {
goto cleanup;
}
}
/* gid */
if (gid != (gid_t)-1) {
memset(buf, 0, 12);
sprintf(buf, "%u", gid);
ret = nc_server_config_append(ctx, tree_path, "gid", buf, config);
if (ret) {
goto cleanup;
}
}
cleanup:
free(tree_path);
return ret;
}
API int
nc_server_config_add_ch_persistent(const struct ly_ctx *ctx, const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
/* delete periodic tree if exists */
if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic", ch_client_name)) {
return 1;
}
return nc_server_config_create(ctx, config, NULL, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/persistent", ch_client_name);
}
API int
nc_server_config_add_ch_period(const struct ly_ctx *ctx, const char *ch_client_name, uint16_t period,
struct lyd_node **config)
{
char buf[6] = {0};
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
/* delete persistent tree if exists */
if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/persistent", ch_client_name)) {
return 1;
}
sprintf(buf, "%u", period);
return nc_server_config_create(ctx, config, buf, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/period", ch_client_name);
}
API int
nc_server_config_del_ch_period(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/period", ch_client_name);
}
API int
nc_server_config_add_ch_anchor_time(const struct ly_ctx *ctx, const char *ch_client_name,
const char *anchor_time, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, anchor_time, config, 1);
/* delete persistent tree if exists */
if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/persistent", ch_client_name)) {
return 1;
}
return nc_server_config_create(ctx, config, anchor_time, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/anchor-time", ch_client_name);
}
API int
nc_server_config_del_ch_anchor_time(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/anchor-time", ch_client_name);
}
API int
nc_server_config_add_ch_idle_timeout(const struct ly_ctx *ctx, const char *ch_client_name,
uint16_t idle_timeout, struct lyd_node **config)
{
char buf[6] = {0};
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
/* delete persistent tree if exists */
if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/persistent", ch_client_name)) {
return 1;
}
sprintf(buf, "%u", idle_timeout);
return nc_server_config_create(ctx, config, buf, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/idle-timeout", ch_client_name);
}
API int
nc_server_config_del_ch_idle_timeout(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/connection-type/periodic/idle-timeout", ch_client_name);
}
API int
nc_server_config_add_ch_reconnect_strategy(const struct ly_ctx *ctx, const char *ch_client_name,
NC_CH_START_WITH start_with, uint16_t max_wait, uint8_t max_attempts, struct lyd_node **config)
{
int ret = 0;
char *path = NULL;
char buf[6] = {0};
const char *start_with_val;
NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
/* prepared the path */
if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/reconnect-strategy", ch_client_name) == -1) {
ERRMEM;
path = NULL;
ret = 1;
goto cleanup;
}
if (start_with) {
/* get string value from enum */
if (start_with == NC_CH_FIRST_LISTED) {
start_with_val = "first-listed";
} else if (start_with == NC_CH_LAST_CONNECTED) {
start_with_val = "last-connected";
} else {
start_with_val = "random-selection";
}
ret = nc_server_config_append(ctx, path, "start-with", start_with_val, config);
if (ret) {
goto cleanup;
}
}
if (max_attempts) {
sprintf(buf, "%u", max_attempts);
ret = nc_server_config_append(ctx, path, "max-attempts", buf, config);
if (ret) {
goto cleanup;
}
memset(buf, 0, 6);
}
if (max_wait) {
sprintf(buf, "%u", max_wait);
ret = nc_server_config_append(ctx, path, "max-wait", buf, config);
if (ret) {
goto cleanup;
}
}
cleanup:
free(path);
return ret;
}
API int
nc_server_config_del_ch_reconnect_strategy(const char *ch_client_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/reconnect-strategy", ch_client_name);
}