config UPDATE remove nonessential api functions
diff --git a/doc/libnetconf.doc b/doc/libnetconf.doc
index c4d7353..9a788a4 100644
--- a/doc/libnetconf.doc
+++ b/doc/libnetconf.doc
@@ -402,15 +402,11 @@
* - ::nc_server_config_del_ssh_hostkey()
* - ::nc_server_config_add_ssh_keystore_ref()
* - ::nc_server_config_del_ssh_keystore_ref()
- * - ::nc_server_config_add_ssh_auth_attempts()
- * - ::nc_server_config_add_ssh_auth_timeout()
*
* - ::nc_server_config_add_ssh_user_pubkey()
* - ::nc_server_config_del_ssh_user_pubkey()
* - ::nc_server_config_add_ssh_user_password()
* - ::nc_server_config_del_ssh_user_password()
- * - ::nc_server_config_add_ssh_user_none()
- * - ::nc_server_config_del_ssh_user_none()
* - ::nc_server_config_add_ssh_user_interactive()
* - ::nc_server_config_del_ssh_user_interactive()
* - ::nc_server_config_del_ssh_user()
@@ -419,16 +415,6 @@
* - ::nc_server_config_add_ssh_endpoint_client_ref()
* - ::nc_server_config_del_ssh_endpoint_client_ref()
*
- * - ::nc_server_config_add_ssh_host_key_algs()
- * - ::nc_server_config_del_ssh_host_key_alg()
- * - ::nc_server_config_add_ssh_key_exchange_algs()
- * - ::nc_server_config_del_ssh_key_exchange_alg()
- * - ::nc_server_config_add_ssh_encryption_algs()
- * - ::nc_server_config_del_ssh_encryption_alg()
- * - ::nc_server_config_add_ssh_mac_algs()
- * - ::nc_server_config_del_ssh_mac_alg()
- *
- *
* TLS
* ===
*
@@ -437,7 +423,7 @@
* options that TLS uses to derive usernames from client certificates.
*
* If you wish to listen on a TLS endpoint, you need to configure the endpoint's
- * server certificate (see ::nc_server_config_add_tls_server_certificate()).
+ * server certificate (see ::nc_server_config_add_tls_server_cert()).
*
* To accept client certificates, they must first be considered trusted.
* For each TLS endpoint you may configure two types of client certificates.
@@ -454,43 +440,31 @@
*
* There are some further options. For example you can configure the TLS
* version and ciphers to be used. You may also choose to use a Certificate
- * Revoke List. There are three options, ::nc_server_config_add_tls_crl_path()
- * attempts to get the list of revoked certificates from a file. ::nc_server_config_add_tls_crl_url()
- * attempts to download the list from the given URL. Lastly, ::nc_server_config_add_tls_crl_cert_ext()
- * attempts to download the CRLs from URLs specified in the extension fields of the configured certificates.
+ * Revocation List.
*
* Functions List
* --------------
*
* Available in __nc_server.h__.
*
- * - ::nc_server_config_add_tls_server_certificate()
- * - ::nc_server_config_del_tls_server_certificate()
+ * - ::nc_server_config_add_tls_server_cert()
+ * - ::nc_server_config_del_tls_server_cert()
* - ::nc_server_config_add_tls_keystore_ref()
* - ::nc_server_config_del_tls_keystore_ref()
*
- * - ::nc_server_config_add_tls_client_certificate()
- * - ::nc_server_config_del_tls_client_certificate()
+ * - ::nc_server_config_add_tls_client_cert()
+ * - ::nc_server_config_del_tls_client_cert()
* - ::nc_server_config_add_tls_client_cert_truststore_ref()
* - ::nc_server_config_del_tls_client_cert_truststore_ref()
- * - ::nc_server_config_add_tls_client_ca()
- * - ::nc_server_config_del_tls_client_ca()
- * - ::nc_server_config_add_tls_client_ca_truststore_ref()
- * - ::nc_server_config_del_tls_client_ca_truststore_ref()
+ * - ::nc_server_config_add_tls_ca_cert()
+ * - ::nc_server_config_del_tls_ca_cert()
+ * - ::nc_server_config_add_tls_ca_cert_truststore_ref()
+ * - ::nc_server_config_del_tls_ca_cert_truststore_ref()
* - ::nc_server_config_add_tls_endpoint_client_ref()
* - ::nc_server_config_del_tls_endpoint_client_ref()
* - ::nc_server_config_add_tls_ctn()
* - ::nc_server_config_del_tls_ctn()
*
- * - ::nc_server_config_add_tls_version()
- * - ::nc_server_config_del_tls_version()
- * - ::nc_server_config_add_tls_ciphers()
- * - ::nc_server_config_del_tls_cipher()
- * - ::nc_server_config_add_tls_crl_path()
- * - ::nc_server_config_add_tls_crl_url()
- * - ::nc_server_config_add_tls_crl_cert_ext()
- * - ::nc_server_config_del_tls_crl()
- *
* FD
* ==
*
@@ -541,51 +515,30 @@
* - ::nc_server_config_del_ch_ssh_hostkey()
* - ::nc_server_config_add_ch_ssh_keystore_ref()
* - ::nc_server_config_del_ch_ssh_keystore_ref()
- * - ::nc_server_config_add_ch_ssh_auth_attempts()
- * - ::nc_server_config_add_ch_ssh_auth_timeout()
* - ::nc_server_config_add_ch_ssh_user_pubkey()
* - ::nc_server_config_del_ch_ssh_user_pubkey()
* - ::nc_server_config_add_ch_ssh_user_password()
* - ::nc_server_config_del_ch_ssh_user_password()
- * - ::nc_server_config_add_ch_ssh_user_none()
- * - ::nc_server_config_del_ch_ssh_user_none()
* - ::nc_server_config_add_ch_ssh_user_interactive()
* - ::nc_server_config_del_ch_ssh_user_interactive()
* - ::nc_server_config_del_ch_ssh_user()
* - ::nc_server_config_add_ch_ssh_truststore_ref()
* - ::nc_server_config_del_ch_ssh_truststore_ref()
- * - ::nc_server_config_add_ch_ssh_host_key_algs()
- * - ::nc_server_config_del_ch_ssh_host_key_alg()
- * - ::nc_server_config_add_ch_ssh_key_exchange_algs()
- * - ::nc_server_config_del_ch_ssh_key_exchange_alg()
- * - ::nc_server_config_add_ch_ssh_encryption_algs()
- * - ::nc_server_config_del_ch_ssh_encryption_alg()
- * - ::nc_server_config_add_ch_ssh_mac_algs()
- * - ::nc_server_config_del_ch_ssh_mac_alg()
*
- * - ::nc_server_config_add_ch_tls_server_certificate()
- * - ::nc_server_config_del_ch_tls_server_certificate()
+ * - ::nc_server_config_add_ch_tls_server_cert()
+ * - ::nc_server_config_del_ch_tls_server_cert()
* - ::nc_server_config_add_ch_tls_keystore_ref()
* - ::nc_server_config_del_ch_tls_keystore_ref()
- * - ::nc_server_config_add_ch_tls_client_certificate()
- * - ::nc_server_config_del_ch_tls_client_certificate()
+ * - ::nc_server_config_add_ch_tls_client_cert()
+ * - ::nc_server_config_del_ch_tls_client_cert()
* - ::nc_server_config_add_ch_tls_client_cert_truststore_ref()
* - ::nc_server_config_del_ch_tls_client_cert_truststore_ref()
- * - ::nc_server_config_add_ch_tls_client_ca()
- * - ::nc_server_config_del_ch_tls_client_ca()
- * - ::nc_server_config_add_ch_tls_client_ca_truststore_ref()
- * - ::nc_server_config_del_ch_tls_client_ca_truststore_ref()
+ * - ::nc_server_config_add_ch_tls_ca_cert()
+ * - ::nc_server_config_del_ch_tls_ca_cert()
+ * - ::nc_server_config_add_ch_tls_ca_cert_truststore_ref()
+ * - ::nc_server_config_del_ch_tls_ca_cert_truststore_ref()
* - ::nc_server_config_add_ch_tls_ctn()
* - ::nc_server_config_del_ch_tls_ctn()
- * - ::nc_server_config_add_ch_tls_version()
- * - ::nc_server_config_del_ch_tls_version()
- * - ::nc_server_config_add_ch_tls_ciphers()
- * - ::nc_server_config_del_ch_tls_cipher()
- * - ::nc_server_config_add_ch_tls_crl_path()
- * - ::nc_server_config_add_ch_tls_crl_url()
- * - ::nc_server_config_add_ch_tls_crl_cert_ext()
- * - ::nc_server_config_del_ch_tls_crl()
- *
*
* Connecting And Cleanup
* ======================
diff --git a/src/server_config.h b/src/server_config.h
index d148076..f0bc71c 100644
--- a/src/server_config.h
+++ b/src/server_config.h
@@ -340,36 +340,6 @@
struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for the maximum amount of failed SSH authentication attempts.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents might be changed.
- * @param[in] auth_attempts Maximum amount of failed SSH authentication attempts after which a
- * client is disconnected. The default value is 3.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ssh_auth_attempts(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_attempts,
- struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for an SSH authentication timeout.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents might be changed.
- * @param[in] auth_timeout Maximum amount of time in seconds after which the authentication is deemed
- * unsuccessful. The default value is 10.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ssh_auth_timeout(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_timeout,
- struct lyd_node **config);
-
-/**
* @brief Creates new YANG configuration data nodes for an SSH user's public key authentication method.
*
* @param[in] ctx libyang context.
@@ -428,32 +398,6 @@
struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for an SSH user's none authentication method.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its user might be changed.
- * @param[in] user_name Arbitrary identifier of the user.
- * If an user with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ssh_user_none(const struct ly_ctx *ctx, const char *endpt_name,
- const char *user_name, struct lyd_node **config);
-
-/**
- * @brief Deletes an SSH user's none authentication method from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] user_name Identifier of an existing user on the given endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ssh_user_none(const char *endpt_name, const char *user_name,
- struct lyd_node **config);
-
-/**
* @brief Creates new YANG configuration data nodes for an SSH user's keyboard interactive authentication method.
*
* @param[in] ctx libyang context.
@@ -552,122 +496,6 @@
int nc_server_config_del_ssh_endpoint_client_ref(const char *endpt_name, struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for host-key algorithms replacing any previous ones.
- *
- * Supported algorithms are: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
- * rsa-sha2-512, rsa-sha2-256, ssh-rsa and ssh-dss.
- *
- * @param[in] ctx libyang context
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its host-key algorithms will be replaced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of host-key algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ssh_host_key_algs(const struct ly_ctx *ctx, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a hostkey algorithm from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the hostkey algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ssh_host_key_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for key exchange algorithms replacing any previous ones.
- *
- * Supported algorithms are: diffie-hellman-group-exchange-sha1, curve25519-sha256, ecdh-sha2-nistp256,
- * ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512,
- * diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256.
- *
- * @param[in] ctx libyang context
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its key exchange algorithms will be replaced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of key exchange algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...);
-
-/**
- * @brief Deletes a key exchange algorithm from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the key exchange algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ssh_key_exchange_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for encryption algorithms replacing any previous ones.
- *
- * Supported algorithms are: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-cbc
- * triple-des-cbc and none.
- *
- * @param[in] ctx libyang context
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its encryption algorithms will be replaced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of encryption algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ssh_encryption_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...);
-
-/**
- * @brief Deletes an encryption algorithm from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the encryption algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ssh_encryption_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for mac algorithms replacing any previous ones.
- *
- * Supported algorithms are: hmac-sha2-256, hmac-sha2-512 and hmac-sha1.
- *
- * @param[in] ctx libyang context
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its mac algorithms will be replaced.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of mac algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ssh_mac_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...);
-
-/**
- * @brief Deletes a mac algorithm from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the mac algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ssh_mac_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
-
-/**
* @} SSH Server Configuration
*/
@@ -688,13 +516,13 @@
* @param[in] privkey_path Path to the server's PEM encoded private key file.
* @param[in] pubkey_path Optional path to the server's public key file. If not provided,
* it will be generated from the private key.
- * @param[in] certificate_path Path to the server's certificate file.
+ * @param[in] cert_path Path to the server's certificate file.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_add_tls_server_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *privkey_path,
- const char *pubkey_path, const char *certificate_path, struct lyd_node **config);
+int nc_server_config_add_tls_server_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *privkey_path,
+ const char *pubkey_path, const char *cert_path, struct lyd_node **config);
/**
* @brief Deletes the server's certificate from the YANG data.
@@ -703,7 +531,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_del_tls_server_certificate(const char *endpt_name, struct lyd_node **config);
+int nc_server_config_del_tls_server_cert(const char *endpt_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for a keystore reference to the TLS server's certificate.
@@ -742,7 +570,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_add_tls_client_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
+int nc_server_config_add_tls_client_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
const char *cert_path, struct lyd_node **config);
/**
@@ -754,7 +582,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_del_tls_client_certificate(const char *endpt_name, const char *cert_name, struct lyd_node **config);
+int nc_server_config_del_tls_client_cert(const char *endpt_name, const char *cert_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for a truststore reference to a set of client (end-entity) certificates.
@@ -792,7 +620,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_add_tls_client_ca(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
+int nc_server_config_add_tls_ca_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
const char *cert_path, struct lyd_node **config);
/**
@@ -804,7 +632,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_del_tls_client_ca(const char *endpt_name, const char *cert_name, struct lyd_node **config);
+int nc_server_config_del_tls_ca_cert(const char *endpt_name, const char *cert_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes for a truststore reference to a set of client certificate authority (trust-anchor) certificates.
@@ -817,7 +645,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_add_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
+int nc_server_config_add_tls_ca_cert_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
const char *cert_bag_ref, struct lyd_node **config);
/**
@@ -827,7 +655,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_del_tls_client_ca_truststore_ref(const char *endpt_name, struct lyd_node **config);
+int nc_server_config_del_tls_ca_cert_truststore_ref(const char *endpt_name, struct lyd_node **config);
/**
* @brief Creates new YANG configuration data nodes, which will be a reference to another TLS endpoint's certificates.
@@ -886,122 +714,6 @@
int nc_server_config_del_tls_ctn(const char *endpt_name, uint32_t id, struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for a TLS version.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] tls_version TLS version to be used. Call this multiple times to set
- * the accepted versions of the TLS protocol and let the client and server negotiate
- * the given version.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_tls_version(const struct ly_ctx *ctx, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config);
-
-/**
- * @brief Deletes a TLS version from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] tls_version TLS version to be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_tls_version(const char *endpt_name, NC_TLS_VERSION tls_version, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a TLS cipher.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] cipher_count Number of following ciphers.
- * @param[in] ... TLS ciphers. These ciphers MUST be in the format as listed in the
- * iana-tls-cipher-suite-algs YANG model (lowercase and separated by dashes). Regardless
- * of the TLS protocol version used, all of these ciphers will be tried and some of them
- * might not be set (TLS handshake might fail then). For the list of supported ciphers see
- * the OpenSSL documentation.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_tls_ciphers(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int cipher_count, ...);
-
-/**
- * @brief Deletes a TLS cipher from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in] cipher TLS cipher to be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_tls_cipher(const char *endpt_name, const char *cipher, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via a local file.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] crl_path Path to a DER/PEM encoded CRL file.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_tls_crl_path(const struct ly_ctx *ctx, const char *endpt_name,
- const char *crl_path, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via an URL.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in] crl_url URL from which the CRL file will be downloaded. The file has to be in the DER or PEM format.
- * The allowed protocols are all the protocols supported by CURL.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_tls_crl_url(const struct ly_ctx *ctx, const char *endpt_name, const char *crl_url, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via certificate extensions.
- *
- * The chain of configured Certificate Authorities will be examined. For each certificate in this chain all the
- * CRLs from the URLs specified in their extension fields CRL Distribution Points will be downloaded and used.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] endpt_name Arbitrary identifier of the endpoint.
- * If an endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config);
-
-/**
- * @brief Deletes all the CRL nodes from the YANG data.
- *
- * @param[in] endpt_name Identifier of an existing endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_tls_crl(const char *endpt_name, struct lyd_node **config);
-
-/**
* @} TLS Server Configuration
*/
@@ -1267,40 +979,6 @@
const char *hostkey_name, struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for the maximum amount of failed Call Home SSH authentication attempts.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] auth_attempts Maximum amount of failed SSH authentication attempts after which a
- * client is disconnected. The default value is 3.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_ssh_auth_attempts(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- uint16_t auth_attempts, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home SSH authentication timeout.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] auth_timeout Maximum amount of time in seconds after which the authentication is deemed
- * unsuccessful. The default value is 10.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_ssh_auth_timeout(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- uint16_t auth_timeout, struct lyd_node **config);
-
-/**
* @brief Creates new YANG data nodes for a Call Home SSH user's public key authentication method.
*
* @param[in] ctx libyang context.
@@ -1365,35 +1043,6 @@
const char *user_name, struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for a Call Home SSH user's none authentication method.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] user_name Arbitrary identifier of the endpoint's user.
- * If the endpoint's user with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_ssh_user_none(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config);
-
-/**
- * @brief Deletes a Call Home SSH user's none authentication method from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ch_ssh_user_none(const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config);
-
-/**
* @brief Creates new YANG configuration data nodes for a Call Home SSH user's keyboard interactive authentication method.
*
* @param[in] ctx libyang context.
@@ -1471,138 +1120,6 @@
const char *user_name, struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for Call Home host-key algorithms replacing any previous ones.
- *
- * Supported algorithms are: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
- * rsa-sha2-512, rsa-sha2-256, ssh-rsa and ssh-dss.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of host-key algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_ssh_host_key_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a Call Home hostkey algorithm from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the hostkey algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ch_ssh_host_key_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for Call Home key exchange algorithms replacing any previous ones.
- *
- * Supported algorithms are: diffie-hellman-group-exchange-sha1, curve25519-sha256, ecdh-sha2-nistp256,
- * ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512,
- * diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of key exchange algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a Call Home key exchange algorithm from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the key exchange algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ch_ssh_key_exchange_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for Call Home encryption algorithms replacing any previous ones.
- *
- * Supported algorithms are: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-cbc
- * triple-des-cbc and none.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of encryption algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_ssh_encryption_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a Call Home encryption algorithm from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the encryption algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ch_ssh_encryption_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for Call Home mac algorithms replacing any previous ones.
- *
- * Supported algorithms are: hmac-sha2-256, hmac-sha2-512 and hmac-sha1.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
- * If the client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] alg_count Number of following algorithms.
- * @param[in] ... String literals of mac algorithms in a decreasing order of preference.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_ssh_mac_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...);
-
-/**
- * @brief Deletes a Call Home mac algorithm from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
- * @param[in] alg Optional algorithm to be deleted.
- * If NULL, all of the mac algorithms on this endpoint will be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ch_ssh_mac_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config);
-
-/**
* @} SSH Call Home Server Configuration
*/
@@ -1625,13 +1142,13 @@
* @param[in] privkey_path Path to the server's PEM encoded private key file.
* @param[in] pubkey_path Optional path to the server's public key file. If not provided,
* it will be generated from the private key.
- * @param[in] certificate_path Path to the server's certificate file.
+ * @param[in] cert_path Path to the server's certificate file.
* @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_add_ch_tls_server_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *privkey_path, const char *pubkey_path, const char *certificate_path, struct lyd_node **config);
+int nc_server_config_add_ch_tls_server_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ const char *privkey_path, const char *pubkey_path, const char *cert_path, struct lyd_node **config);
/**
* @brief Deletes a Call Home server certificate from the YANG data.
@@ -1641,7 +1158,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_del_ch_tls_server_certificate(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_tls_server_cert(const char *client_name, const char *endpt_name,
struct lyd_node **config);
/**
@@ -1687,7 +1204,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_add_ch_tls_client_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_tls_client_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *cert_name, const char *cert_path, struct lyd_node **config);
/**
@@ -1700,7 +1217,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_del_ch_tls_client_certificate(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_tls_client_cert(const char *client_name, const char *endpt_name,
const char *cert_name, struct lyd_node **config);
/**
@@ -1745,7 +1262,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_add_ch_tls_client_ca(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+int nc_server_config_add_ch_tls_ca_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *cert_name, const char *cert_path, struct lyd_node **config);
/**
@@ -1758,7 +1275,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_del_ch_tls_client_ca(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_tls_ca_cert(const char *client_name, const char *endpt_name,
const char *cert_name, struct lyd_node **config);
/**
@@ -1774,7 +1291,7 @@
* Otherwise the new YANG data will be added to the previous data and may override it.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_add_ch_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
+int nc_server_config_add_ch_tls_ca_cert_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config);
/**
@@ -1785,7 +1302,7 @@
* @param[in,out] config Modified configuration YANG data tree.
* @return 0 on success, non-zero otherwise.
*/
-int nc_server_config_del_ch_tls_client_ca_truststore_ref(const char *client_name, const char *endpt_name,
+int nc_server_config_del_ch_tls_ca_cert_truststore_ref(const char *client_name, const char *endpt_name,
struct lyd_node **config);
/**
@@ -1822,138 +1339,6 @@
uint32_t id, struct lyd_node **config);
/**
- * @brief Creates new YANG configuration data nodes for a Call Home TLS version.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] tls_version TLS version to be used. Call this multiple times to set the accepted versions
- * of the TLS protocol and let the client and server negotiate the given version.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_tls_version(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config);
-
-/**
- * @brief Deletes a TLS version from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
- * @param[in] tls_version TLS version to be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ch_tls_version(const char *client_name, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home TLS cipher.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @param[in] cipher_count Number of following ciphers.
- * @param[in] ... TLS ciphers. These ciphers MUST be in the format as listed in the
- * iana-tls-cipher-suite-algs YANG model (lowercase and separated by dashes). Regardless
- * of the TLS protocol version used, all of these ciphers will be tried and some of them
- * might not be set (TLS handshake might fail then). For the list of supported ciphers see
- * the OpenSSL documentation.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_tls_ciphers(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int cipher_count, ...);
-
-/**
- * @brief Deletes a Call Home TLS cipher from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
- * @param[in] cipher TLS cipher to be deleted.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ch_tls_cipher(const char *client_name, const char *endpt_name,
- const char *cipher, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via a local file.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] crl_path Path to a DER/PEM encoded CRL file.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_tls_crl_path(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *crl_path, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via an URL.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in] crl_url URL from which the CRL file will be downloaded. The file has to be in the DER or PEM format.
- * The allowed protocols are all the protocols supported by CURL.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_tls_crl_url(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *crl_url, struct lyd_node **config);
-
-/**
- * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via certificate extensions.
- *
- * The chain of configured Certificate Authorities will be examined. For each certificate in this chain all the
- * CRLs from the URLs specified in their extension fields CRL Distribution Points will be downloaded and used.
- *
- * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
- * this function will remove any CRL YANG nodes created by the other two functions.
- *
- * @param[in] ctx libyang context.
- * @param[in] client_name Arbitrary identifier of the Call Home client.
- * If a Call Home client with this identifier already exists, its contents will be changed.
- * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
- * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
- * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
- * Otherwise the new YANG data will be added to the previous data and may override it.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_add_ch_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config);
-
-/**
- * @brief Deletes all the CRL nodes from the YANG data.
- *
- * @param[in] client_name Identifier of an existing Call Home client.
- * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
- * @param[in,out] config Modified configuration YANG data tree.
- * @return 0 on success, non-zero otherwise.
- */
-int nc_server_config_del_ch_tls_crl(const char *client_name, const char *endpt_name, struct lyd_node **config);
-
-/**
* @} TLS Call Home Server Configuration
*/
diff --git a/src/server_config_util_ssh.c b/src/server_config_util_ssh.c
index bcd9bd6..d19dc77 100644
--- a/src/server_config_util_ssh.c
+++ b/src/server_config_util_ssh.c
@@ -258,108 +258,6 @@
"host-key[name='%s']/public-key/keystore-reference", client_name, endpt_name, hostkey_name);
}
-API int
-nc_server_config_add_ssh_auth_attempts(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_attempts,
- struct lyd_node **config)
-{
- int ret = 0;
- char *attempts_buf = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- /* uint to str */
- if (asprintf(&attempts_buf, "%u", auth_attempts) == -1) {
- ERRMEM;
- attempts_buf = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_server_config_create(ctx, config, attempts_buf, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/libnetconf2-netconf-server:auth-attempts", endpt_name);
-
-cleanup:
- free(attempts_buf);
- return ret;
-}
-
-API int
-nc_server_config_add_ssh_auth_timeout(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_timeout,
- struct lyd_node **config)
-{
- int ret = 0;
- char *timeout_buf = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- /* uint to str */
- if (asprintf(&timeout_buf, "%u", auth_timeout) == -1) {
- ERRMEM;
- timeout_buf = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_server_config_create(ctx, config, timeout_buf, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/libnetconf2-netconf-server:auth-timeout", endpt_name);
-
-cleanup:
- free(timeout_buf);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_ssh_auth_attempts(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- uint16_t auth_attempts, struct lyd_node **config)
-{
- int ret = 0;
- char *attempts_buf = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
-
- /* uint to str */
- if (asprintf(&attempts_buf, "%u", auth_attempts) == -1) {
- ERRMEM;
- attempts_buf = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_server_config_create(ctx, config, attempts_buf, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "libnetconf2-netconf-server:auth-attempts", client_name, endpt_name);
-
-cleanup:
- free(attempts_buf);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_ssh_auth_timeout(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- uint16_t auth_timeout, struct lyd_node **config)
-{
- int ret = 0;
- char *timeout_buf = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
-
- /* uint to str */
- if (asprintf(&timeout_buf, "%u", auth_timeout) == -1) {
- ERRMEM;
- timeout_buf = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_server_config_create(ctx, config, timeout_buf, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "libnetconf2-netconf-server:auth-timeout", client_name, endpt_name);
-
-cleanup:
- free(timeout_buf);
- return ret;
-}
-
static int
_nc_server_config_add_ssh_user_pubkey(const struct ly_ctx *ctx, const char *tree_path, const char *pubkey_path,
struct lyd_node **config)
@@ -615,47 +513,6 @@
"users/user[name='%s']/password", client_name, endpt_name, user_name);
}
-API int
-nc_server_config_add_ssh_user_none(const struct ly_ctx *ctx, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, config, 1);
-
- return nc_server_config_create(ctx, config, NULL, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/none", endpt_name, user_name);
-}
-
-API int
-nc_server_config_add_ch_ssh_user_none(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, config, 1);
-
- return nc_server_config_create(ctx, config, NULL, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/none", client_name, endpt_name, user_name);
-}
-
-API int
-nc_server_config_del_ssh_user_none(const char *endpt_name, const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
-
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
- "ssh-server-parameters/client-authentication/users/user[name='%s']/none", endpt_name, user_name);
-}
-
-API int
-nc_server_config_del_ch_ssh_user_none(const char *client_name, const char *endpt_name,
- const char *user_name, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
-
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
- "users/user[name='%s']/none", client_name, endpt_name, user_name);
-}
-
static int
_nc_server_config_add_ssh_user_interactive(const struct ly_ctx *ctx, const char *tree_path,
const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
@@ -882,454 +739,3 @@
"netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
"users/user[name='%s']/public-keys/truststore-reference", client_name, endpt_name, user_name);
}
-
-static int
-nc_server_config_ssh_transport_params_prep(const struct ly_ctx *ctx, const char *client_name,
- const char *endpt_name, struct lyd_node *config, struct lyd_node **new_tree, struct lyd_node **alg_tree)
-{
- int ret = 0;
- char *tree_path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, new_tree, alg_tree, 1);
-
- /* prepare path */
- if (client_name) {
- /* ch */
- ret = asprintf(&tree_path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/ssh/ssh-server-parameters/transport-params", client_name, endpt_name);
- } else {
- /* listen */
- ret = asprintf(&tree_path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params", endpt_name);
- }
- if (ret == -1) {
- ERRMEM;
- tree_path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- /* create all the nodes in the path */
- ret = lyd_new_path2(config, ctx, tree_path, NULL, 0, 0, LYD_NEW_PATH_UPDATE, new_tree, alg_tree);
- if (ret) {
- ERR(NULL, "Creating new path to transport-params failed.");
- goto cleanup;
- }
-
- if (!*alg_tree) {
- /* no new nodes added, set the path correctly for adding child nodes later */
- ret = lyd_find_path(config, tree_path, 0, alg_tree);
- if (ret) {
- goto cleanup;
- }
- }
-
-cleanup:
- free(tree_path);
- return ret;
-}
-
-static int
-nc_server_config_ssh_transport_params_create(const struct ly_ctx *ctx, NC_ALG_TYPE alg_type, int alg_count, va_list ap,
- struct lyd_node *tree)
-{
- int i, ret = 0;
- char *alg, *alg_ident;
- const char *module, *alg_path, *old_path;
- struct lyd_node *old = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree, 1);
-
- /* get the correct module with the indentity base and the path in the ietf-netconf-server module */
- switch (alg_type) {
- case NC_ALG_HOSTKEY:
- module = "iana-ssh-public-key-algs";
- alg_path = "host-key/host-key-alg";
- old_path = "host-key";
- break;
- case NC_ALG_KEY_EXCHANGE:
- module = "iana-ssh-key-exchange-algs";
- alg_path = "key-exchange/key-exchange-alg";
- old_path = "key-exchange";
- break;
- case NC_ALG_ENCRYPTION:
- module = "iana-ssh-encryption-algs";
- alg_path = "encryption/encryption-alg";
- old_path = "encryption";
- break;
- case NC_ALG_MAC:
- module = "iana-ssh-mac-algs";
- alg_path = "mac/mac-alg";
- old_path = "mac";
- break;
- default:
- ret = 1;
- ERR(NULL, "Unknown algorithm type.");
- goto cleanup;
- }
-
- /* delete all older algorithms (if any) se they can be replaced by the new ones */
- lyd_find_path(tree, old_path, 0, &old);
- if (old) {
- lyd_free_tree(old);
- }
-
- for (i = 0; i < alg_count; i++) {
- alg = va_arg(ap, char *);
-
- if (asprintf(&alg_ident, "%s:%s", module, alg) == -1) {
- ERRMEM;
- ret = 1;
- goto cleanup;
- }
-
- /* create the leaf list */
- ret = lyd_new_path(tree, ctx, alg_path, alg_ident, 0, NULL);
- if (ret) {
- ERR(NULL, "Creating new algorithm leaf-list failed.");
- free(alg_ident);
- goto cleanup;
- }
-
- free(alg_ident);
- alg_ident = NULL;
- }
-
-cleanup:
- return ret;
-}
-
-static int
-nc_server_config_ssh_transport_params(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- NC_ALG_TYPE alg_type, int alg_count, va_list ap, struct lyd_node **config)
-{
- int ret = 0;
- struct lyd_node *new_tree, *alg_tree;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- /* prepare the tree for appending child nodes (the params) */
- ret = nc_server_config_ssh_transport_params_prep(ctx, client_name, endpt_name, *config, &new_tree, &alg_tree);
- if (ret) {
- goto cleanup;
- }
-
- if (!*config) {
- *config = new_tree;
- }
-
- /* create the child nodes */
- ret = nc_server_config_ssh_transport_params_create(ctx, alg_type, alg_count, ap, alg_tree);
- if (ret) {
- goto cleanup;
- }
-
- /* add all default nodes */
- ret = lyd_new_implicit_tree(*config, LYD_IMPLICIT_NO_STATE, NULL);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_add_ssh_host_key_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_ssh_transport_params(ctx, NULL, endpt_name, NC_ALG_HOSTKEY, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new hostkey algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_ssh_host_key_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_ssh_transport_params(ctx, client_name, endpt_name, NC_ALG_HOSTKEY, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new hostkey algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_del_ssh_host_key_alg(const char *endpt_name, const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (alg) {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/host-key/"
- "host-key-alg[.='iana-ssh-public-key-algs:%s']", endpt_name, alg);
- } else {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/host-key", endpt_name);
- }
-}
-
-API int
-nc_server_config_del_ch_ssh_host_key_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (alg) {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/host-key/"
- "host-key-alg[.='iana-ssh-public-key-algs:%s']", client_name, endpt_name, alg);
- } else {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/host-key", client_name, endpt_name);
- }
-}
-
-API int
-nc_server_config_add_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_ssh_transport_params(ctx, NULL, endpt_name, NC_ALG_KEY_EXCHANGE, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new key exchange algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_ssh_transport_params(ctx, client_name, endpt_name, NC_ALG_KEY_EXCHANGE, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new key exchange algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_del_ssh_key_exchange_alg(const char *endpt_name, const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (alg) {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/key-exchange/"
- "key-exchange-alg[.='iana-ssh-key-exchange-algs:%s']", endpt_name, alg);
- } else {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/key-exchange", endpt_name);
- }
-}
-
-API int
-nc_server_config_del_ch_ssh_key_exchange_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (alg) {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/key-exchange/"
- "key-exchange-alg[.='iana-ssh-key-exchange-algs:%s']", client_name, endpt_name, alg);
- } else {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/key-exchange", client_name, endpt_name);
- }
-}
-
-API int
-nc_server_config_add_ssh_encryption_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_ssh_transport_params(ctx, NULL, endpt_name, NC_ALG_ENCRYPTION, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new encryption algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_ssh_encryption_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_ssh_transport_params(ctx, client_name, endpt_name, NC_ALG_ENCRYPTION, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new encryption algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_del_ssh_encryption_alg(const char *endpt_name, const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (alg) {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/encryption/"
- "encryption-alg[.='iana-ssh-encryption-algs:%s']", endpt_name, alg);
- } else {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/encryption", endpt_name);
- }
-}
-
-API int
-nc_server_config_del_ch_ssh_encryption_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (alg) {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/encryption/"
- "encryption-alg[.='iana-ssh-encryption-algs:%s']", client_name, endpt_name, alg);
- } else {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/encryption", client_name, endpt_name);
- }
-}
-
-API int
-nc_server_config_add_ssh_mac_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_ssh_transport_params(ctx, NULL, endpt_name, NC_ALG_MAC, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new mac algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_ssh_mac_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int alg_count, ...)
-{
- int ret = 0;
- va_list ap;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, alg_count, 1);
-
- va_start(ap, alg_count);
-
- ret = nc_server_config_ssh_transport_params(ctx, client_name, endpt_name, NC_ALG_MAC, alg_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new mac algorithms failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- return ret;
-}
-
-API int
-nc_server_config_del_ssh_mac_alg(const char *endpt_name, const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- if (alg) {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/mac/"
- "mac-alg[.='iana-ssh-mac-algs:%s']", endpt_name, alg);
- } else {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "ssh/ssh-server-parameters/transport-params/mac", endpt_name);
- }
-}
-
-API int
-nc_server_config_del_ch_ssh_mac_alg(const char *client_name, const char *endpt_name,
- const char *alg, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- if (alg) {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/mac/"
- "mac-alg[.='iana-ssh-mac-algs:%s']", client_name, endpt_name, alg);
- } else {
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/transport-params/mac", client_name, endpt_name);
- }
-}
diff --git a/src/server_config_util_tls.c b/src/server_config_util_tls.c
index 20837c2..0ee6b06 100644
--- a/src/server_config_util_tls.c
+++ b/src/server_config_util_tls.c
@@ -33,15 +33,15 @@
#include "session_p.h"
static int
-_nc_server_config_add_tls_server_certificate(const struct ly_ctx *ctx, const char *tree_path, const char *privkey_path,
- const char *pubkey_path, const char *certificate_path, struct lyd_node **config)
+_nc_server_config_add_tls_server_cert(const struct ly_ctx *ctx, const char *tree_path, const char *privkey_path,
+ const char *pubkey_path, const char *cert_path, struct lyd_node **config)
{
int ret = 0;
char *privkey = NULL, *pubkey = NULL, *cert = NULL;
NC_PRIVKEY_FORMAT privkey_type;
const char *privkey_format, *pubkey_format = "ietf-crypto-types:subject-public-key-info-format";
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, privkey_path, certificate_path, config, 1);
+ NC_CHECK_ARG_RET(NULL, ctx, tree_path, privkey_path, cert_path, config, 1);
/* get the keys as a string from the given files */
ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_X509, &privkey, &privkey_type, &pubkey);
@@ -51,9 +51,9 @@
}
/* get cert data from file */
- ret = nc_server_config_util_read_certificate(certificate_path, &cert);
+ ret = nc_server_config_util_read_certificate(cert_path, &cert);
if (ret) {
- ERR(NULL, "Getting certificate from file \"%s\" failed.", certificate_path);
+ ERR(NULL, "Getting certificate from file \"%s\" failed.", cert_path);
goto cleanup;
}
@@ -103,13 +103,13 @@
}
API int
-nc_server_config_add_tls_server_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *privkey_path,
- const char *pubkey_path, const char *certificate_path, struct lyd_node **config)
+nc_server_config_add_tls_server_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *privkey_path,
+ const char *pubkey_path, const char *cert_path, struct lyd_node **config)
{
int ret = 0;
char *path = NULL;
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, privkey_path, certificate_path, config, 1);
+ NC_CHECK_ARG_RET(NULL, ctx, endpt_name, privkey_path, cert_path, config, 1);
if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
"tls/tls-server-parameters/server-identity/certificate", endpt_name) == -1) {
@@ -119,8 +119,8 @@
goto cleanup;
}
- ret = _nc_server_config_add_tls_server_certificate(ctx, path, privkey_path, pubkey_path,
- certificate_path, config);
+ ret = _nc_server_config_add_tls_server_cert(ctx, path, privkey_path, pubkey_path,
+ cert_path, config);
if (ret) {
ERR(NULL, "Creating new TLS server certificate YANG data failed.");
goto cleanup;
@@ -132,7 +132,7 @@
}
API int
-nc_server_config_del_tls_server_certificate(const char *endpt_name, struct lyd_node **config)
+nc_server_config_del_tls_server_cert(const char *endpt_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
@@ -141,13 +141,13 @@
}
API int
-nc_server_config_add_ch_tls_server_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *privkey_path, const char *pubkey_path, const char *certificate_path, struct lyd_node **config)
+nc_server_config_add_ch_tls_server_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+ const char *privkey_path, const char *pubkey_path, const char *cert_path, struct lyd_node **config)
{
int ret = 0;
char *path = NULL;
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, privkey_path, certificate_path, config, 1);
+ NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, privkey_path, cert_path, config, 1);
if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/"
"netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/server-identity/"
@@ -158,8 +158,8 @@
goto cleanup;
}
- ret = _nc_server_config_add_tls_server_certificate(ctx, path, privkey_path, pubkey_path,
- certificate_path, config);
+ ret = _nc_server_config_add_tls_server_cert(ctx, path, privkey_path, pubkey_path,
+ cert_path, config);
if (ret) {
ERR(NULL, "Creating new CH TLS server certificate YANG data failed.");
goto cleanup;
@@ -171,7 +171,7 @@
}
API int
-nc_server_config_del_ch_tls_server_certificate(const char *client_name, const char *endpt_name,
+nc_server_config_del_ch_tls_server_cert(const char *client_name, const char *endpt_name,
struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
@@ -284,7 +284,7 @@
}
static int
-_nc_server_config_add_tls_client_certificate(const struct ly_ctx *ctx, const char *tree_path,
+_nc_server_config_add_tls_client_cert(const struct ly_ctx *ctx, const char *tree_path,
const char *cert_path, struct lyd_node **config)
{
int ret = 0;
@@ -309,7 +309,7 @@
}
API int
-nc_server_config_add_tls_client_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
+nc_server_config_add_tls_client_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
const char *cert_path, struct lyd_node **config)
{
int ret = 0;
@@ -325,7 +325,7 @@
goto cleanup;
}
- ret = _nc_server_config_add_tls_client_certificate(ctx, path, cert_path, config);
+ ret = _nc_server_config_add_tls_client_cert(ctx, path, cert_path, config);
if (ret) {
ERR(NULL, "Creating new TLS client certificate YANG data failed.");
goto cleanup;
@@ -344,7 +344,7 @@
}
API int
-nc_server_config_del_tls_client_certificate(const char *endpt_name, const char *cert_name, struct lyd_node **config)
+nc_server_config_del_tls_client_cert(const char *endpt_name, const char *cert_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
@@ -360,7 +360,7 @@
}
API int
-nc_server_config_add_ch_tls_client_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+nc_server_config_add_ch_tls_client_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *cert_name, const char *cert_path, struct lyd_node **config)
{
int ret = 0;
@@ -377,7 +377,7 @@
goto cleanup;
}
- ret = _nc_server_config_add_tls_client_certificate(ctx, path, cert_path, config);
+ ret = _nc_server_config_add_tls_client_cert(ctx, path, cert_path, config);
if (ret) {
ERR(NULL, "Creating new CH TLS client certificate YANG data failed.");
goto cleanup;
@@ -397,7 +397,7 @@
}
API int
-nc_server_config_del_ch_tls_client_certificate(const char *client_name, const char *endpt_name,
+nc_server_config_del_ch_tls_client_cert(const char *client_name, const char *endpt_name,
const char *cert_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
@@ -486,7 +486,7 @@
}
API int
-nc_server_config_add_tls_client_ca(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
+nc_server_config_add_tls_ca_cert(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
const char *cert_path, struct lyd_node **config)
{
int ret = 0;
@@ -502,7 +502,7 @@
goto cleanup;
}
- ret = _nc_server_config_add_tls_client_certificate(ctx, path, cert_path, config);
+ ret = _nc_server_config_add_tls_client_cert(ctx, path, cert_path, config);
if (ret) {
ERR(NULL, "Creating new TLS client certificate authority YANG data failed.");
goto cleanup;
@@ -521,7 +521,7 @@
}
API int
-nc_server_config_del_tls_client_ca(const char *endpt_name, const char *cert_name, struct lyd_node **config)
+nc_server_config_del_tls_ca_cert(const char *endpt_name, const char *cert_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
@@ -537,7 +537,7 @@
}
API int
-nc_server_config_add_ch_tls_client_ca(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
+nc_server_config_add_ch_tls_ca_cert(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
const char *cert_name, const char *cert_path, struct lyd_node **config)
{
int ret = 0;
@@ -554,7 +554,7 @@
goto cleanup;
}
- ret = _nc_server_config_add_tls_client_certificate(ctx, path, cert_path, config);
+ ret = _nc_server_config_add_tls_client_cert(ctx, path, cert_path, config);
if (ret) {
ERR(NULL, "Creating new CH TLS client certificate authority YANG data failed.");
goto cleanup;
@@ -574,7 +574,7 @@
}
API int
-nc_server_config_del_ch_tls_client_ca(const char *client_name, const char *endpt_name,
+nc_server_config_del_ch_tls_ca_cert(const char *client_name, const char *endpt_name,
const char *cert_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
@@ -591,7 +591,7 @@
}
API int
-nc_server_config_add_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
+nc_server_config_add_tls_ca_cert_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
const char *cert_bag_ref, struct lyd_node **config)
{
int ret = 0;
@@ -616,7 +616,7 @@
}
API int
-nc_server_config_del_tls_client_ca_truststore_ref(const char *endpt_name, struct lyd_node **config)
+nc_server_config_del_tls_ca_cert_truststore_ref(const char *endpt_name, struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
@@ -625,7 +625,7 @@
}
API int
-nc_server_config_add_ch_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
+nc_server_config_add_ch_tls_ca_cert_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config)
{
int ret = 0;
@@ -652,7 +652,7 @@
}
API int
-nc_server_config_del_ch_tls_client_ca_truststore_ref(const char *client_name, const char *endpt_name,
+nc_server_config_del_ch_tls_ca_cert_truststore_ref(const char *client_name, const char *endpt_name,
struct lyd_node **config)
{
NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
@@ -811,562 +811,6 @@
}
}
-static const char *
-nc_server_config_tlsversion2str(NC_TLS_VERSION version)
-{
- switch (version) {
- case NC_TLS_VERSION_10:
- return "ietf-tls-common:tls10";
- case NC_TLS_VERSION_11:
- return "ietf-tls-common:tls11";
- case NC_TLS_VERSION_12:
- return "ietf-tls-common:tls12";
- case NC_TLS_VERSION_13:
- return "ietf-tls-common:tls13";
- default:
- ERR(NULL, "Unknown TLS version.");
- return NULL;
- }
-}
-
-API int
-nc_server_config_add_tls_version(const struct ly_ctx *ctx, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config)
-{
- int ret = 0;
- const char *version;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- /* version to str */
- version = nc_server_config_tlsversion2str(tls_version);
- if (!version) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_server_config_create(ctx, config, version, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "hello-params/tls-versions/tls-version", endpt_name);
- if (ret) {
- ERR(NULL, "Creating new YANG data nodes for TLS version failed.");
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_add_ch_tls_version(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config)
-{
- int ret = 0;
- const char *version;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
-
- /* version to str */
- version = nc_server_config_tlsversion2str(tls_version);
- if (!version) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_server_config_create(ctx, config, version, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "hello-params/tls-versions/tls-version", client_name, endpt_name);
- if (ret) {
- ERR(NULL, "Creating new YANG data nodes for CH TLS version failed.");
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_del_tls_version(const char *endpt_name, NC_TLS_VERSION tls_version, struct lyd_node **config)
-{
- int ret = 0;
- const char *version;
-
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- /* version to str */
- version = nc_server_config_tlsversion2str(tls_version);
- if (!version) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/hello-params/tls-versions/tls-version[.='%s']", endpt_name, version);
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_del_ch_tls_version(const char *client_name, const char *endpt_name,
- NC_TLS_VERSION tls_version, struct lyd_node **config)
-{
- int ret = 0;
- const char *version;
-
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- /* version to str */
- version = nc_server_config_tlsversion2str(tls_version);
- if (!version) {
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
- "netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/"
- "tls-server-parameters/hello-params/tls-versions/tls-version[.='%s']", client_name, endpt_name, version);
-
-cleanup:
- return ret;
-}
-
-static int
-_nc_server_config_add_tls_ciphers(const struct ly_ctx *ctx, const char *tree_path,
- int cipher_count, va_list ap, struct lyd_node **config)
-{
- int ret = 0, i;
- struct lyd_node *old = NULL;
- char *cipher = NULL, *cipher_ident = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, config, 1);
-
- /* delete all older algorithms (if any) se they can be replaced by the new ones */
- lyd_find_path(*config, tree_path, 0, &old);
- if (old) {
- lyd_free_tree(old);
- }
-
- for (i = 0; i < cipher_count; i++) {
- cipher = va_arg(ap, char *);
-
- if (asprintf(&cipher_ident, "iana-tls-cipher-suite-algs:%s", cipher) == -1) {
- ERRMEM;
- ret = 1;
- goto cleanup;
- }
-
- ret = nc_server_config_append(ctx, tree_path, "cipher-suite", cipher_ident, config);
- if (ret) {
- free(cipher_ident);
- goto cleanup;
- }
-
- free(cipher_ident);
- cipher_ident = NULL;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_add_tls_ciphers(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
- int cipher_count, ...)
-{
- int ret = 0;
- va_list ap;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, cipher_count, config, 1);
-
- va_start(ap, cipher_count);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/"
- "tls-server-parameters/hello-params/cipher-suites", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_add_tls_ciphers(ctx, path, cipher_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new TLS cipher YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_tls_ciphers(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config, int cipher_count, ...)
-{
- int ret = 0;
- va_list ap;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, cipher_count, config, 1);
-
- va_start(ap, cipher_count);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
- "endpoint[name='%s']/tls/tls-server-parameters/hello-params/cipher-suites", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_add_tls_ciphers(ctx, path, cipher_count, ap, config);
- if (ret) {
- ERR(NULL, "Creating new Call-Home TLS cipher YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- va_end(ap);
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_del_tls_cipher(const char *endpt_name, const char *cipher, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, endpt_name, cipher, config, 1);
-
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/"
- "tls/tls-server-parameters/hello-params/cipher-suites/"
- "cipher-suite[.='iana-tls-cipher-suite-algs:%s']", endpt_name, cipher);
-}
-
-API int
-nc_server_config_del_ch_tls_cipher(const char *client_name, const char *endpt_name,
- const char *cipher, struct lyd_node **config)
-{
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, cipher, config, 1);
-
- return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/hello-params/cipher-suites/"
- "cipher-suite[.='iana-tls-cipher-suite-algs:%s']", client_name, endpt_name, cipher);
-}
-
-static int
-_nc_server_config_add_tls_crl_path(const struct ly_ctx *ctx, const char *tree_path,
- const char *crl_path, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, crl_path, config, 1);
-
- /* create the crl path node */
- ret = nc_server_config_append(ctx, tree_path, "libnetconf2-netconf-server:crl-path", crl_path, config);
- if (ret) {
- goto cleanup;
- }
-
- /* delete other choice nodes if they are present */
- ret = nc_server_config_check_delete(config, "%s/libnetconf2-netconf-server:crl-url", tree_path);
- if (ret) {
- goto cleanup;
- }
- ret = nc_server_config_check_delete(config, "%s/libnetconf2-netconf-server:crl-cert-ext", tree_path);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_add_tls_crl_path(const struct ly_ctx *ctx, const char *endpt_name,
- const char *crl_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, crl_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_add_tls_crl_path(ctx, path, crl_path, config);
- if (ret) {
- ERR(NULL, "Creating new CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_tls_crl_path(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *crl_path, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, crl_path, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_add_tls_crl_path(ctx, path, crl_path, config);
- if (ret) {
- ERR(NULL, "Creating new CH CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-static int
-_nc_server_config_add_tls_crl_url(const struct ly_ctx *ctx, const char *tree_path,
- const char *crl_url, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, crl_url, config, 1);
-
- /* create the crl path node */
- ret = nc_server_config_append(ctx, tree_path, "libnetconf2-netconf-server:crl-url", crl_url, config);
- if (ret) {
- goto cleanup;
- }
-
- /* delete other choice nodes if they are present */
- ret = nc_server_config_check_delete(config, "%s/libnetconf2-netconf-server:crl-path", tree_path);
- if (ret) {
- goto cleanup;
- }
- ret = nc_server_config_check_delete(config, "%s/libnetconf2-netconf-server:crl-cert-ext", tree_path);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_add_tls_crl_url(const struct ly_ctx *ctx, const char *endpt_name, const char *crl_url, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, crl_url, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_add_tls_crl_url(ctx, path, crl_url, config);
- if (ret) {
- ERR(NULL, "Creating new CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_tls_crl_url(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- const char *crl_url, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, crl_url, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_add_tls_crl_url(ctx, path, crl_url, config);
- if (ret) {
- ERR(NULL, "Creating new CH CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-static int
-_nc_server_config_add_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *tree_path, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, ctx, tree_path, config, 1);
-
- /* create the crl path node */
- ret = nc_server_config_append(ctx, tree_path, "libnetconf2-netconf-server:crl-cert-ext", NULL, config);
- if (ret) {
- goto cleanup;
- }
-
- /* delete other choice nodes if they are present */
- ret = nc_server_config_check_delete(config, "%s/libnetconf2-netconf-server:crl-path", tree_path);
- if (ret) {
- goto cleanup;
- }
- ret = nc_server_config_check_delete(config, "%s/libnetconf2-netconf-server:crl-url", tree_path);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_add_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_add_tls_crl_cert_ext(ctx, path, config);
- if (ret) {
- ERR(NULL, "Creating new CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_add_ch_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
- struct lyd_node **config)
-{
- int ret = 0;
- char *path = NULL;
-
- NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, config, 1);
-
- if (asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication", client_name, endpt_name) == -1) {
- ERRMEM;
- path = NULL;
- ret = 1;
- goto cleanup;
- }
-
- ret = _nc_server_config_add_tls_crl_cert_ext(ctx, path, config);
- if (ret) {
- ERR(NULL, "Creating new CH CRL YANG data nodes failed.");
- goto cleanup;
- }
-
-cleanup:
- free(path);
- return ret;
-}
-
-API int
-nc_server_config_del_tls_crl(const char *endpt_name, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
-
- ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-path", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-url", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-cert-ext", endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
-API int
-nc_server_config_del_ch_tls_crl(const char *client_name, const char *endpt_name, struct lyd_node **config)
-{
- int ret = 0;
-
- NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
-
- ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-path", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-url", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
- ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
- "endpoints/endpoint[name='%s']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-cert-ext", client_name, endpt_name);
- if (ret) {
- goto cleanup;
- }
-
-cleanup:
- return ret;
-}
-
API int
nc_server_config_add_tls_endpoint_client_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *referenced_endpt, struct lyd_node **config)
{
diff --git a/tests/test_auth.c b/tests/test_auth.c
index a702180..70f5ba3 100644
--- a/tests/test_auth.c
+++ b/tests/test_auth.c
@@ -330,7 +330,8 @@
ret = nc_server_config_add_ssh_user_password(ctx, "endpt", "test_pw", "testpw", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_add_ssh_user_none(ctx, "endpt", "test_none", &tree);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/ssh/ssh-server-parameters/"
+ "client-authentication/users/user[name='test_none']/none", NULL, 0, NULL);
assert_int_equal(ret, 0);
/* configure the server based on the data */
diff --git a/tests/test_ch.c b/tests/test_ch.c
index a4d5f14..558e29a 100644
--- a/tests/test_ch.c
+++ b/tests/test_ch.c
@@ -404,15 +404,15 @@
assert_int_equal(ret, 0);
/* set call-home server certificate */
- ret = nc_server_config_add_ch_tls_server_certificate(ctx, "ch_tls", "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tls_tree);
+ ret = nc_server_config_add_ch_tls_server_cert(ctx, "ch_tls", "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tls_tree);
assert_int_equal(ret, 0);
/* set call-home client end entity certificate */
- ret = nc_server_config_add_ch_tls_client_certificate(ctx, "ch_tls", "endpt", "ee-cert", TESTS_DIR "/data/client.crt", &test_state->tls_tree);
+ ret = nc_server_config_add_ch_tls_client_cert(ctx, "ch_tls", "endpt", "ee-cert", TESTS_DIR "/data/client.crt", &test_state->tls_tree);
assert_int_equal(ret, 0);
/* set call-home client certificate authority certificate */
- ret = nc_server_config_add_ch_tls_client_ca(ctx, "ch_tls", "endpt", "ca-cert", TESTS_DIR "/data/serverca.pem", &test_state->tls_tree);
+ ret = nc_server_config_add_ch_tls_ca_cert(ctx, "ch_tls", "endpt", "ca-cert", TESTS_DIR "/data/serverca.pem", &test_state->tls_tree);
assert_int_equal(ret, 0);
/* set call-home CTN */
diff --git a/tests/test_crl.c b/tests/test_crl.c
index 9b951ed..6cd6dc7 100644
--- a/tests/test_crl.c
+++ b/tests/test_crl.c
@@ -148,15 +148,15 @@
assert_int_equal(ret, 0);
/* create new server certificate data */
- ret = nc_server_config_add_tls_server_certificate(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
/* create new end entity client cert data */
- ret = nc_server_config_add_tls_client_certificate(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
assert_int_equal(ret, 0);
/* create new client ca data */
- ret = nc_server_config_add_tls_client_ca(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
+ ret = nc_server_config_add_tls_ca_cert(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
assert_int_equal(ret, 0);
/* create new cert-to-name */
@@ -165,27 +165,11 @@
NC_TLS_CTN_SPECIFIED, "client", &tree);
assert_int_equal(ret, 0);
- /* limit TLS version to 1.3 */
- ret = nc_server_config_add_tls_version(ctx, "endpt", NC_TLS_VERSION_13, &tree);
- assert_int_equal(ret, 0);
-
- /* set the TLS cipher */
- ret = nc_server_config_add_tls_ciphers(ctx, "endpt", &tree, 3, "tls-aes-128-ccm-sha256", "tls-aes-128-gcm-sha256", "tls-chacha20-poly1305-sha256");
- assert_int_equal(ret, 0);
-
- /* set this node, but it should be deleted by the next call, bcs only one choice node can be present */
- ret = nc_server_config_add_tls_crl_url(ctx, "endpt", "abc", &tree);
- assert_int_equal(ret, 0);
-
/* set path to a CRL file */
- ret = nc_server_config_add_tls_crl_path(ctx, "endpt", TESTS_DIR "/data/crl.pem", &tree);
+ ret = lyd_new_path(tree, ctx, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/tls/tls-server-parameters/"
+ "client-authentication/libnetconf2-netconf-server:crl-path", TESTS_DIR "/data/crl.pem", 0, NULL);
assert_int_equal(ret, 0);
- /* check if the choice node was removed */
- ret = lyd_find_path(tree, "/ietf-netconf-server:netconf-server/listen/endpoint[name='endpt']/tls/tls-server-parameters/"
- "client-authentication/libnetconf2-netconf-server:crl-url", 0, NULL);
- assert_int_not_equal(ret, 0);
-
/* configure the server based on the data */
ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
diff --git a/tests/test_endpt_share_clients.c b/tests/test_endpt_share_clients.c
index 7966de1..7099d77 100644
--- a/tests/test_endpt_share_clients.c
+++ b/tests/test_endpt_share_clients.c
@@ -260,16 +260,16 @@
assert_int_equal(ret, 0);
/* create the first TLS endpoint with a single end entity client cert and a CTN entry */
- ret = nc_server_config_add_tls_server_certificate(ctx, "TLS_endpt_1", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "TLS_endpt_1", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_add_address_port(ctx, "TLS_endpt_1", NC_TI_OPENSSL, "127.0.0.1", 10007, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_add_tls_client_certificate(ctx, "TLS_endpt_1", "cert_client", TESTS_DIR "/data/client.crt", &tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "TLS_endpt_1", "cert_client", TESTS_DIR "/data/client.crt", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_add_tls_client_ca(ctx, "TLS_endpt_1", "cert_ca", TESTS_DIR "/data/serverca.pem", &tree);
+ ret = nc_server_config_add_tls_ca_cert(ctx, "TLS_endpt_1", "cert_ca", TESTS_DIR "/data/serverca.pem", &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_add_tls_ctn(ctx, "TLS_endpt_1", 1,
@@ -278,7 +278,7 @@
assert_int_equal(ret, 0);
/* create the second TLS endpoint with a reference to the first endpoint */
- ret = nc_server_config_add_tls_server_certificate(ctx, "TLS_endpt_2",
+ ret = nc_server_config_add_tls_server_cert(ctx, "TLS_endpt_2",
TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
diff --git a/tests/test_ks_ts.c b/tests/test_ks_ts.c
index 1e08a7c..940f357 100644
--- a/tests/test_ks_ts.c
+++ b/tests/test_ks_ts.c
@@ -272,7 +272,7 @@
assert_int_equal(ret, 0);
/* new truststore ref for the client CA cert */
- ret = nc_server_config_add_tls_client_ca_truststore_ref(ctx, "endpt", "ca_cert_bag", &tree);
+ ret = nc_server_config_add_tls_ca_cert_truststore_ref(ctx, "endpt", "ca_cert_bag", &tree);
assert_int_equal(ret, 0);
/* new cert-to-name */
diff --git a/tests/test_runtime_changes.c b/tests/test_runtime_changes.c
index 7c389ee..53360c6 100644
--- a/tests/test_runtime_changes.c
+++ b/tests/test_runtime_changes.c
@@ -240,11 +240,11 @@
test_state = *state;
init_test_create_threads_tls(tids, state);
- ret = nc_server_config_add_tls_server_certificate(ctx, "endpt_tls", TESTS_DIR "/data/client.key", NULL, TESTS_DIR "/data/client.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt_tls", TESTS_DIR "/data/client.key", NULL, TESTS_DIR "/data/client.crt", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
- ret = nc_server_config_add_tls_server_certificate(ctx, "endpt_tls", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt_tls", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
@@ -264,11 +264,11 @@
test_state = *state;
init_test_create_threads_tls(tids, state);
- ret = nc_server_config_add_tls_client_certificate(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/server.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/server.crt", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
- ret = nc_server_config_add_tls_client_certificate(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/client.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/client.crt", &test_state->tree);
assert_int_equal(ret, 0);
configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
@@ -306,54 +306,6 @@
}
static void
-test_nc_change_tls_version(void **state)
-{
- int ret, i;
- pthread_t tids[2];
- struct test_state *test_state;
-
- assert_non_null(state);
- test_state = *state;
- init_test_create_threads_tls(tids, state);
-
- ret = nc_server_config_add_tls_version(ctx, "endpt_tls", NC_TLS_VERSION_11, &test_state->tree);
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
-
- ret = nc_server_config_add_tls_version(ctx, "endpt_tls", NC_TLS_VERSION_13, &test_state->tree);
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
-
- for (i = 0; i < 2; i++) {
- pthread_join(tids[i], NULL);
- }
-}
-
-static void
-test_nc_change_tls_ciphers(void **state)
-{
- int ret, i;
- pthread_t tids[2];
- struct test_state *test_state;
-
- assert_non_null(state);
- test_state = *state;
- init_test_create_threads_tls(tids, state);
-
- ret = nc_server_config_add_tls_ciphers(ctx, "endpt_tls", &test_state->tree, 1, "tls-rsa-with-null-sha");
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
-
- ret = nc_server_config_add_tls_ciphers(ctx, "endpt_tls", &test_state->tree, 3, "tls-aes-128-ccm-sha256", "tls-aes-128-gcm-sha256", "tls-chacha20-poly1305-sha256");
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
-
- for (i = 0; i < 2; i++) {
- pthread_join(tids[i], NULL);
- }
-}
-
-static void
test_nc_change_ssh_hostkey(void **state)
{
int ret, i;
@@ -403,30 +355,6 @@
}
}
-static void
-test_nc_change_ssh_hostkey_algs(void **state)
-{
- int ret, i;
- pthread_t tids[2];
- struct test_state *test_state;
-
- assert_non_null(state);
- test_state = *state;
- init_test_create_threads_ssh(tids, state);
-
- ret = nc_server_config_add_ssh_host_key_algs(ctx, "endpt_ssh", &test_state->tree, 1, "ssh-dss");
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_FAIL, NC_TEST_STATE_RUN);
-
- ret = nc_server_config_add_ssh_host_key_algs(ctx, "endpt_ssh", &test_state->tree, 1, "rsa-sha2-256");
- assert_int_equal(ret, 0);
- configure(test_state, NC_TEST_EXPECT_OK, NC_TEST_STATE_END);
-
- for (i = 0; i < 2; i++) {
- pthread_join(tids[i], NULL);
- }
-}
-
static int
setup_f(void **state)
{
@@ -461,11 +389,11 @@
assert_int_equal(ret, 0);
/* create new server certificate data */
- ret = nc_server_config_add_tls_server_certificate(ctx, "endpt_tls", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt_tls", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &test_state->tree);
assert_int_equal(ret, 0);
/* create new end entity client cert data */
- ret = nc_server_config_add_tls_client_certificate(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/client.crt", &test_state->tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt_tls", "client_cert", TESTS_DIR "/data/client.crt", &test_state->tree);
assert_int_equal(ret, 0);
/* create new cert-to-name */
@@ -526,11 +454,8 @@
cmocka_unit_test_setup_teardown(test_nc_change_tls_srv_crt, setup_f, teardown_f),
cmocka_unit_test_setup_teardown(test_nc_change_tls_client_crt, setup_f, teardown_f),
cmocka_unit_test_setup_teardown(test_nc_change_tls_ctn, setup_f, teardown_f),
- cmocka_unit_test_setup_teardown(test_nc_change_tls_version, setup_f, teardown_f),
- cmocka_unit_test_setup_teardown(test_nc_change_tls_ciphers, setup_f, teardown_f),
cmocka_unit_test_setup_teardown(test_nc_change_ssh_hostkey, setup_f, teardown_f),
cmocka_unit_test_setup_teardown(test_nc_change_ssh_usr_pubkey, setup_f, teardown_f),
- cmocka_unit_test_setup_teardown(test_nc_change_ssh_hostkey_algs, setup_f, teardown_f),
};
setenv("CMOCKA_TEST_ABORT", "1", 1);
diff --git a/tests/test_tls.c b/tests/test_tls.c
index 7d84184..542f7bd 100644
--- a/tests/test_tls.c
+++ b/tests/test_tls.c
@@ -142,15 +142,15 @@
assert_int_equal(ret, 0);
/* create new server certificate data */
- ret = nc_server_config_add_tls_server_certificate(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
+ ret = nc_server_config_add_tls_server_cert(ctx, "endpt", TESTS_DIR "/data/server.key", NULL, TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
/* create new end entity client cert data */
- ret = nc_server_config_add_tls_client_certificate(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
+ ret = nc_server_config_add_tls_client_cert(ctx, "endpt", "client_cert", TESTS_DIR "/data/client.crt", &tree);
assert_int_equal(ret, 0);
/* create new client ca data */
- ret = nc_server_config_add_tls_client_ca(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
+ ret = nc_server_config_add_tls_ca_cert(ctx, "endpt", "client_ca", TESTS_DIR "/data/serverca.pem", &tree);
assert_int_equal(ret, 0);
/* create new cert-to-name */
@@ -159,14 +159,6 @@
NC_TLS_CTN_SPECIFIED, "client", &tree);
assert_int_equal(ret, 0);
- /* limit TLS version to 1.3 */
- ret = nc_server_config_add_tls_version(ctx, "endpt", NC_TLS_VERSION_13, &tree);
- assert_int_equal(ret, 0);
-
- /* set the TLS cipher */
- ret = nc_server_config_add_tls_ciphers(ctx, "endpt", &tree, 3, "tls-aes-128-ccm-sha256", "tls-aes-128-gcm-sha256", "tls-chacha20-poly1305-sha256");
- assert_int_equal(ret, 0);
-
/* configure the server based on the data */
ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);