client session FEATURE getters now for all options
Also some refactoring included.
diff --git a/src/session_client.h b/src/session_client.h
index d98ac33..fec2aac 100644
--- a/src/session_client.h
+++ b/src/session_client.h
@@ -151,11 +151,18 @@
int nc_client_ssh_set_username(const char *username);
/**
+ * @brief Get client SSH username used for authentication.
+ *
+ * @return Username used.
+ */
+const char *nc_client_ssh_get_username(void);
+
+/**
* @brief Destroy any dynamically allocated SSH-specific client context (including Call Home).
*
* Function is provided only via nc_client.h header file and only when libnetconf2 is compiled with libssh support.
*/
-void nc_client_ssh_destroy(void);
+void nc_client_ssh_destroy_opts(void);
/**
* @brief Connect to the NETCONF server using SSH transport (via libssh).
@@ -229,16 +236,25 @@
*
* Function is provided only via nc_client.h header file and only when libnetconf2 is compiled with TLS support.
*
- * @param[in] client_cert Path to the file containing the client certificate. If NULL, only initializes libssl/libcrypto.
+ * @param[in] client_cert Path to the file containing the client certificate.
* @param[in] client_key Path to the file containing the private key for the \p client_cert.
* If NULL, key is expected to be stored with \p client_cert.
- *
* @return 0 on success, -1 on error.
*/
-int nc_client_tls_set_cert_key(const char *client_cert, const char *client_key);
+int nc_client_tls_set_cert_key_paths(const char *client_cert, const char *client_key);
/**
- * @brief Set client trusted CA certificates.
+ * @brief Get client authentication identity - a certificate and a private key.
+ *
+ * Function is provided only via nc_client.h header file and only when libnetconf2 is compiled with TLS support.
+ *
+ * @param[out] client_cert Path to the file containing the client certificate. Can be NULL.
+ * @param[out] client_key Path to the file containing the private key for the \p client_cert. Can be NULL.
+ */
+void nc_client_tls_get_cert_key_paths(const char **client_cert, const char **client_key);
+
+/**
+ * @brief Set client trusted CA certificates paths.
*
* @param[in] ca_file Location of the CA certificate file used to verify server certificates.
* For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
@@ -246,23 +262,41 @@
* For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
* @return 0 on success, -1 on error.
*/
-int nc_client_tls_set_trusted_ca_certs(const char *ca_file, const char *ca_dir);
+int nc_client_tls_set_trusted_ca_paths(const char *ca_file, const char *ca_dir);
/**
- * @brief Set client Certificate Revocation Lists.
+ * @brief Get client trusted CA certificates paths.
+ *
+ * @param[out] ca_file Location of the CA certificate file used to verify server certificates.
+ * Can be NULL.
+ * @param[out] ca_dir Location of the CA certificates directory used to verify the server certificates.
+ * Can be NULL.
+ */
+void nc_client_tls_get_trusted_ca_paths(const char **ca_file, const char **ca_dir);
+
+/**
+ * @brief Set client Certificate Revocation List paths.
*
* @param[in] crl_file Location of the CRL certificate file used to check for revocated certificates.
* @param[in] crl_dir Location of the CRL certificate directory used to check for revocated certificates.
* @return 0 on success, -1 on error.
*/
-int nc_client_tls_set_crl(const char *crl_file, const char *crl_dir);
+int nc_client_tls_set_crl_paths(const char *crl_file, const char *crl_dir);
+
+/**
+ * @brief Get client Certificate Revocation List paths.
+ *
+ * @param[out] crl_file Location of the CRL certificate file used to check for revocated certificates.
+ * @param[out] crl_dir Location of the CRL certificate directory used to check for revocated certificates.
+ */
+void nc_client_tls_get_crl_paths(const char **crl_file, const char **crl_dir);
/**
* @brief Destroy any dynamically allocated TLS-specific client data (including Call Home).
*
* Function is provided only via nc_client.h header file and only when libnetconf2 is compiled with TLS support.
*/
-void nc_client_tls_destroy(void);
+void nc_client_tls_destroy_opts(void);
/**
* @brief Connect to the NETCONF server using TLS transport (via libssl)
diff --git a/src/session_client_ch.h b/src/session_client_ch.h
index 8a7e5f3..13dbc23 100644
--- a/src/session_client_ch.h
+++ b/src/session_client_ch.h
@@ -136,6 +136,13 @@
*/
int nc_client_ssh_ch_set_username(const char *username);
+/**
+ * @brief Get client Call Home SSH username used for authentication.
+ *
+ * @return Username used.
+ */
+const char *nc_client_ssh_ch_get_username(void);
+
#endif /* ENABLE_SSH */
#ifdef ENABLE_TLS
@@ -163,13 +170,24 @@
*
* Function is provided only via nc_client.h header file and only when libnetconf2 is compiled with TLS support.
*
- * @param[in] client_cert Path to the file containing the client certificate. If NULL, only initializes libssl/libcrypto.
+ * @param[in] client_cert Path to the file containing the client certificate.
* @param[in] client_key Path to the file containing the private key for the \p client_cert.
* If NULL, key is expected to be stored with \p client_cert.
*
* @return 0 on success, -1 on error.
*/
-int nc_client_tls_ch_set_cert_key(const char *client_cert, const char *client_key);
+int nc_client_tls_ch_set_cert_key_paths(const char *client_cert, const char *client_key);
+
+/**
+ * @brief Get client Call Home authentication identity - a certificate and a private key.
+ *
+ * Function is provided only via nc_client.h header file and only when libnetconf2 is compiled with TLS support.
+ *
+ * @param[out] client_cert Path to the file containing the client certificate. Can be NULL.
+ * @param[out] client_key Path to the file containing the private key for the \p client_cert.
+ * Can be NULL.
+ */
+void nc_client_tls_ch_get_cert_key_paths(const char **client_cert, const char **client_key);
/**
* @brief Set client Call Home trusted CA certificates.
@@ -180,7 +198,17 @@
* For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
* @return 0 on success, -1 on error.
*/
-int nc_client_tls_ch_set_trusted_ca_certs(const char *ca_file, const char *ca_dir);
+int nc_client_tls_ch_set_trusted_ca_paths(const char *ca_file, const char *ca_dir);
+
+/**
+ * @brief Get client Call Home trusted CA certificates.
+ *
+ * @param[out] ca_file Location of the CA certificate file used to verify server certificates.
+ * Can be NULL.
+ * @param[out] ca_dir Location of the CA certificates directory used to verify the server certificates.
+ * Can be NULL.
+ */
+void nc_client_tls_ch_get_trusted_ca_paths(const char **ca_file, const char **ca_dir);
/**
* @brief Set client Call Home Certificate Revocation Lists.
@@ -189,7 +217,17 @@
* @param[in] crl_dir Location of the CRL certificate directory used to check for revocated certificates.
* @return 0 on success, -1 on error.
*/
-int nc_client_tls_ch_set_crl(const char *crl_file, const char *crl_dir);
+int nc_client_tls_ch_set_crl_paths(const char *crl_file, const char *crl_dir);
+
+/**
+ * @brief Get client Call Home Certificate Revocation Lists.
+ *
+ * @param[out] crl_file Location of the CRL certificate file used to check for revocated certificates.
+ * Can be NULL.
+ * @param[out] crl_dir Location of the CRL certificate directory used to check for revocated certificates.
+ * Can be NULL.
+ */
+void nc_client_tls_ch_get_crl_paths(const char **crl_file, const char **crl_dir);
#endif /* ENABLE_TLS */
diff --git a/src/session_client_ssh.c b/src/session_client_ssh.c
index bdda65d..b2d6b61 100644
--- a/src/session_client_ssh.c
+++ b/src/session_client_ssh.c
@@ -46,6 +46,8 @@
#include <libssh/libssh.h>
#include <libyang/libyang.h>
+#include "session_client.h"
+#include "session_client_ch.h"
#include "libnetconf.h"
static struct nc_client_ssh_opts ssh_opts = {
@@ -56,19 +58,24 @@
.auth_pref = {{NC_SSH_AUTH_INTERACTIVE, 1}, {NC_SSH_AUTH_PASSWORD, 2}, {NC_SSH_AUTH_PUBLICKEY, 3}}
};
-API void
-nc_client_ssh_destroy(void)
+static void
+_nc_client_ssh_destroy_opts(struct nc_client_ssh_opts *opts)
{
int i;
- for (i = 0; i < ssh_opts.key_count; ++i) {
- free(ssh_opts.keys[i].pubkey_path);
- free(ssh_opts.keys[i].privkey_path);
+ for (i = 0; i < opts->key_count; ++i) {
+ free(opts->keys[i].pubkey_path);
+ free(opts->keys[i].privkey_path);
}
+ free(opts->keys);
+ free(opts->username);
+}
- free(ssh_opts.keys);
- ssh_opts.keys = NULL;
- ssh_opts.key_count = 0;
+API void
+nc_client_ssh_destroy_opts(void)
+{
+ _nc_client_ssh_destroy_opts(&ssh_opts);
+ _nc_client_ssh_destroy_opts(&ssh_ch_opts);
}
static char *
@@ -331,7 +338,6 @@
return NULL;
}
-/* TODO define this switch */
#ifdef ENABLE_DNSSEC
/* return 0 (DNSSEC + key valid), 1 (unsecure DNS + key valid), 2 (key not found or an error) */
@@ -785,6 +791,24 @@
return _nc_client_ssh_set_username(username, &ssh_ch_opts);
}
+static const char *
+_nc_client_ssh_get_username(struct nc_client_ssh_opts *opts)
+{
+ return opts->username;
+}
+
+API const char *
+nc_client_ssh_get_username(void)
+{
+ return _nc_client_ssh_get_username(&ssh_opts);
+}
+
+API const char *
+nc_client_ssh_ch_get_username(void)
+{
+ return _nc_client_ssh_get_username(&ssh_ch_opts);
+}
+
API int
nc_client_ssh_ch_add_bind_listen(const char *address, uint16_t port)
{
diff --git a/src/session_client_tls.c b/src/session_client_tls.c
index 9736a82..185eb45 100644
--- a/src/session_client_tls.c
+++ b/src/session_client_tls.c
@@ -31,6 +31,8 @@
#include <libyang/libyang.h>
#include <openssl/err.h>
+#include "session_client.h"
+#include "session_client_ch.h"
#include "libnetconf.h"
static struct nc_client_tls_opts tls_opts;
@@ -130,8 +132,29 @@
return 1; /* success */
}
+static void
+_nc_client_tls_destroy_opts(struct nc_client_tls_opts *opts)
+{
+ free(opts->cert_path);
+ free(opts->key_path);
+ free(opts->ca_file);
+ free(opts->ca_dir);
+ SSL_CTX_free(opts->tls_ctx);
+
+ free(opts->crl_file);
+ free(opts->crl_dir);
+ X509_STORE_free(opts->crl_store);
+}
+
+API void
+nc_client_tls_destroy_opts(void)
+{
+ _nc_client_tls_destroy_opts(&tls_opts);
+ _nc_client_tls_destroy_opts(&tls_ch_opts);
+}
+
static int
-_nc_client_tls_set_cert_key(const char *client_cert, const char *client_key, struct nc_client_tls_opts *opts)
+_nc_client_tls_set_cert_key_paths(const char *client_cert, const char *client_key, struct nc_client_tls_opts *opts)
{
if (!client_cert) {
ERRARG;
@@ -167,19 +190,47 @@
}
API int
-nc_client_tls_set_cert_key(const char *client_cert, const char *client_key)
+nc_client_tls_set_cert_key_paths(const char *client_cert, const char *client_key)
{
- return _nc_client_tls_set_cert_key(client_cert, client_key, &tls_opts);
+ return _nc_client_tls_set_cert_key_paths(client_cert, client_key, &tls_opts);
}
API int
-nc_client_tls_ch_set_cert_key(const char *client_cert, const char *client_key)
+nc_client_tls_ch_set_cert_key_paths(const char *client_cert, const char *client_key)
{
- return _nc_client_tls_set_cert_key(client_cert, client_key, &tls_ch_opts);
+ return _nc_client_tls_set_cert_key_paths(client_cert, client_key, &tls_ch_opts);
+}
+
+static void
+_nc_client_tls_get_cert_key_paths(const char **client_cert, const char **client_key, struct nc_client_tls_opts *opts)
+{
+ if (!client_cert && !client_key) {
+ ERRARG;
+ return;
+ }
+
+ if (client_cert) {
+ *client_cert = opts->cert_path;
+ }
+ if (client_key) {
+ *client_key = opts->key_path;
+ }
+}
+
+API void
+nc_client_tls_get_cert_key_paths(const char **client_cert, const char **client_key)
+{
+ _nc_client_tls_get_cert_key_paths(client_cert, client_key, &tls_opts);
+}
+
+API void
+nc_client_tls_ch_get_cert_key_paths(const char **client_cert, const char **client_key)
+{
+ _nc_client_tls_get_cert_key_paths(client_cert, client_key, &tls_ch_opts);
}
static int
-_nc_client_tls_set_trusted_ca_certs(const char *ca_file, const char *ca_dir, struct nc_client_tls_opts *opts)
+_nc_client_tls_set_trusted_ca_paths(const char *ca_file, const char *ca_dir, struct nc_client_tls_opts *opts)
{
if (!ca_file && !ca_dir) {
ERRARG;
@@ -215,19 +266,47 @@
}
API int
-nc_client_tls_set_trusted_ca_certs(const char *ca_file, const char *ca_dir)
+nc_client_tls_set_trusted_ca_paths(const char *ca_file, const char *ca_dir)
{
- return _nc_client_tls_set_trusted_ca_certs(ca_file, ca_dir, &tls_opts);
+ return _nc_client_tls_set_trusted_ca_paths(ca_file, ca_dir, &tls_opts);
}
API int
-nc_client_tls_ch_set_trusted_ca_certs(const char *ca_file, const char *ca_dir)
+nc_client_tls_ch_set_trusted_ca_paths(const char *ca_file, const char *ca_dir)
{
- return _nc_client_tls_set_trusted_ca_certs(ca_file, ca_dir, &tls_ch_opts);
+ return _nc_client_tls_set_trusted_ca_paths(ca_file, ca_dir, &tls_ch_opts);
+}
+
+static void
+_nc_client_tls_get_trusted_ca_paths(const char **ca_file, const char **ca_dir, struct nc_client_tls_opts *opts)
+{
+ if (!ca_file && !ca_dir) {
+ ERRARG;
+ return;
+ }
+
+ if (ca_file) {
+ *ca_file = opts->ca_file;
+ }
+ if (ca_dir) {
+ *ca_dir = opts->ca_dir;
+ }
+}
+
+API void
+nc_client_tls_get_trusted_ca_paths(const char **ca_file, const char **ca_dir)
+{
+ _nc_client_tls_get_trusted_ca_paths(ca_file, ca_dir, &tls_opts);
+}
+
+API void
+nc_client_tls_ch_get_trusted_ca_paths(const char **ca_file, const char **ca_dir)
+{
+ _nc_client_tls_get_trusted_ca_paths(ca_file, ca_dir, &tls_ch_opts);
}
static int
-_nc_client_tls_set_crl(const char *crl_file, const char *crl_dir, struct nc_client_tls_opts *opts)
+_nc_client_tls_set_crl_paths(const char *crl_file, const char *crl_dir, struct nc_client_tls_opts *opts)
{
if (!crl_file && !crl_dir) {
ERRARG;
@@ -263,15 +342,43 @@
}
API int
-nc_client_tls_set_crl(const char *crl_file, const char *crl_dir)
+nc_client_tls_set_crl_paths(const char *crl_file, const char *crl_dir)
{
- return _nc_client_tls_set_crl(crl_file, crl_dir, &tls_opts);
+ return _nc_client_tls_set_crl_paths(crl_file, crl_dir, &tls_opts);
}
API int
-nc_client_tls_ch_set_crl(const char *crl_file, const char *crl_dir)
+nc_client_tls_ch_set_crl_paths(const char *crl_file, const char *crl_dir)
{
- return _nc_client_tls_set_crl(crl_file, crl_dir, &tls_ch_opts);
+ return _nc_client_tls_set_crl_paths(crl_file, crl_dir, &tls_ch_opts);
+}
+
+static void
+_nc_client_tls_get_crl_paths(const char **crl_file, const char **crl_dir, struct nc_client_tls_opts *opts)
+{
+ if (!crl_file && !crl_dir) {
+ ERRARG;
+ return;
+ }
+
+ if (crl_file) {
+ *crl_file = opts->crl_file;
+ }
+ if (crl_dir) {
+ *crl_dir = opts->crl_dir;
+ }
+}
+
+API void
+nc_client_tls_get_crl_paths(const char **crl_file, const char **crl_dir)
+{
+ _nc_client_tls_get_crl_paths(crl_file, crl_dir, &tls_opts);
+}
+
+API void
+nc_client_tls_ch_get_crl_paths(const char **crl_file, const char **crl_dir)
+{
+ _nc_client_tls_get_crl_paths(crl_file, crl_dir, &tls_ch_opts);
}
API int
@@ -286,35 +393,6 @@
return nc_client_ch_del_bind(address, port, NC_TI_OPENSSL);
}
-API void
-nc_client_tls_destroy(void)
-{
- int count = 0;
- struct nc_client_tls_opts *opts;
-
-repeat:
- if (count == 0) {
- opts = &tls_ch_opts;
- } else if (count == 1) {
- opts = &tls_opts;
- } else {
- return;
- }
-
- free(opts->cert_path);
- free(opts->key_path);
- free(opts->ca_file);
- free(opts->ca_dir);
- SSL_CTX_free(opts->tls_ctx);
-
- free(opts->crl_file);
- free(opts->crl_dir);
- X509_STORE_free(opts->crl_store);
-
- ++count;
- goto repeat;
-}
-
static int
nc_client_tls_update_opts(struct nc_client_tls_opts *opts)
{
@@ -322,7 +400,7 @@
X509_LOOKUP *lookup;
if (!opts->tls_ctx || opts->tls_ctx_change) {
- SSL_CTX_free(tls_opts.tls_ctx);
+ SSL_CTX_free(opts->tls_ctx);
/* prepare global SSL context, allow only mandatory TLS 1.2 */
if (!(opts->tls_ctx = SSL_CTX_new(TLSv1_2_client_method()))) {
diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
index bbe0b98..0a46d53 100644
--- a/src/session_server_ssh.c
+++ b/src/session_server_ssh.c
@@ -30,8 +30,9 @@
#include <crypt.h>
#include <errno.h>
-#include "libnetconf.h"
#include "session_server.h"
+#include "session_server_ch.h"
+#include "libnetconf.h"
struct nc_server_ssh_opts ssh_ch_opts = {
.auth_methods = NC_SSH_AUTH_PUBLICKEY | NC_SSH_AUTH_PASSWORD | NC_SSH_AUTH_INTERACTIVE,
diff --git a/src/session_server_tls.c b/src/session_server_tls.c
index 6a045c9..57e00fe 100644
--- a/src/session_server_tls.c
+++ b/src/session_server_tls.c
@@ -30,8 +30,9 @@
#include <openssl/err.h>
#include <openssl/x509v3.h>
-#include "libnetconf.h"
#include "session_server.h"
+#include "session_server_ch.h"
+#include "libnetconf.h"
struct nc_server_tls_opts tls_ch_opts;
pthread_mutex_t tls_ch_opts_lock = PTHREAD_MUTEX_INITIALIZER;