blob: 52e08689d244885135257e03e9149d99663045e9 [file] [log] [blame]
romanc1d2b092023-02-02 08:58:27 +01001/**
romane028ef92023-02-24 16:33:08 +01002 * @file server_config.h
romanc1d2b092023-02-02 08:58:27 +01003 * @author Roman Janota <janota@cesnet.cz>
4 * @brief libnetconf2 server configuration
5 *
6 * @copyright
roman3f9b65c2023-06-05 14:26:58 +02007 * Copyright (c) 2023 CESNET, z.s.p.o.
romanc1d2b092023-02-02 08:58:27 +01008 *
9 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * https://opensource.org/licenses/BSD-3-Clause
14 */
15
16#ifndef NC_CONFIG_SERVER_H_
17#define NC_CONFIG_SERVER_H_
18
19#ifdef __cplusplus
20extern "C" {
21#endif
22
roman3f9b65c2023-06-05 14:26:58 +020023#include <stdarg.h>
romanc1d2b092023-02-02 08:58:27 +010024#include <stdint.h>
25
roman3f9b65c2023-06-05 14:26:58 +020026#include <libyang/libyang.h>
27
romanc1d2b092023-02-02 08:58:27 +010028#include "session.h"
romanc1d2b092023-02-02 08:58:27 +010029
30/**
roman8ba6efa2023-07-12 15:27:52 +020031 * @defgroup server_config Server Configuration
32 * @ingroup server
33 *
34 * @brief Server-side configuration creation and application
35 * @{
36 */
37
38/**
romanf02273a2023-05-25 09:44:11 +020039 * @brief Configure server based on the given diff data.
romanc1d2b092023-02-02 08:58:27 +010040 *
romanf6f37a52023-05-25 14:27:51 +020041 * Expected data are a validated instance of a ietf-netconf-server YANG data.
romanc1d2b092023-02-02 08:58:27 +010042 * The data must be in the diff format and supported operations are: create, replace,
43 * delete and none. Context must already have implemented the required modules, see
44 * ::nc_config_load_modules().
45 *
romanf6f37a52023-05-25 14:27:51 +020046 * @param[in] diff ietf-netconf-server YANG diff data.
romanc1d2b092023-02-02 08:58:27 +010047 * @return 0 on success, 1 on error.
48 */
romanf6f37a52023-05-25 14:27:51 +020049int nc_server_config_setup_diff(const struct lyd_node *diff);
romanc1d2b092023-02-02 08:58:27 +010050
51/**
romanf02273a2023-05-25 09:44:11 +020052 * @brief Configure server based on the given data.
53 *
54 * Expected data is a validated instance of a ietf-netconf-server YANG data.
55 * Behaves as if all the nodes in data had the replace operation. That means that the current configuration will be deleted
56 * and just the given data will all be applied.
romanf6f37a52023-05-25 14:27:51 +020057 * The data must not contain any operation attribute, see ::nc_config_setup_diff() which works with diff.
romanf02273a2023-05-25 09:44:11 +020058 * Context must already have implemented the required modules, see * ::nc_config_load_modules().
59 *
60 * @param[in] data ietf-netconf-server YANG data.
61 * @return 0 on success, 1 on error.
62 */
romanf6f37a52023-05-25 14:27:51 +020063int nc_server_config_setup_data(const struct lyd_node *data);
romanf02273a2023-05-25 09:44:11 +020064
65/**
romanc1d2b092023-02-02 08:58:27 +010066 * @brief Configure server based on the given ietf-netconf-server YANG data.
romanf6f37a52023-05-25 14:27:51 +020067 * Wrapper around ::nc_config_setup_server_data() hiding work with parsing the data.
romanc1d2b092023-02-02 08:58:27 +010068 *
69 * @param[in] ctx libyang context.
70 * @param[in] path Path to the file with YANG data in XML format.
71 * @return 0 on success, 1 on error.
72 */
73int nc_server_config_setup_path(const struct ly_ctx *ctx, const char *path);
74
75/**
76 * @brief Implements all the required modules and their features in the context.
77 * Needs to be called before any other configuration functions.
78 *
79 * If ctx is :
80 * - NULL: a new context will be created and if the call is successful you have to free it,
81 * - non NULL: modules will simply be implemented.
82 *
83 * Implemented modules: ietf-netconf-server, ietf-x509-cert-to-name, ietf-crypto-types,
84 * ietf-tcp-common, ietf-ssh-common, iana-ssh-encryption-algs, iana-ssh-key-exchange-algs,
85 * iana-ssh-mac-algs, iana-ssh-public-key-algs, ietf-keystore, ietf-ssh-server, ietf-truststore,
86 * ietf-tls-server and libnetconf2-netconf-server.
87 *
88 * @param[in, out] ctx Optional context in which the modules will be implemented. Created if ctx is null.
89 * @return 0 on success, 1 on error.
90 */
91int nc_server_config_load_modules(struct ly_ctx **ctx);
92
roman2eab4742023-06-06 10:00:26 +020093#ifdef NC_ENABLED_SSH_TLS
94
romanc1d2b092023-02-02 08:58:27 +010095/**
roman9b1379c2023-03-31 10:11:10 +020096 * @brief Creates new YANG configuration data nodes for a local-address and local-port.
97 *
roman9b1379c2023-03-31 10:11:10 +020098 * @param[in] ctx libyang context.
99 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman3f9b65c2023-06-05 14:26:58 +0200100 * @param[in] transport Either SSH or TLS transport for the given endpoint.
101 * @param[in] address New listening address.
102 * @param[in] port New listening port.
roman142718b2023-06-29 09:15:29 +0200103 * If an endpoint with this identifier already exists, its address and port will be overriden.
roman9b1379c2023-03-31 10:11:10 +0200104 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
105 * Otherwise the new YANG data will be added to the previous data and may override it.
106 * @return 0 on success, non-zero otherwise.
roman45cec4e2023-02-17 10:21:39 +0100107 */
roman3f9b65c2023-06-05 14:26:58 +0200108int nc_server_config_new_address_port(const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport,
roman142718b2023-06-29 09:15:29 +0200109 const char *address, uint16_t port, struct lyd_node **config);
roman3f9b65c2023-06-05 14:26:58 +0200110
roman8ba6efa2023-07-12 15:27:52 +0200111#endif /* NC_ENABLED_SSH_TLS */
112
113/**
114 * @brief Deletes an endpoint from the YANG data.
115 *
116 * @param[in] endpt_name Optional identifier of an endpoint to be deleted.
117 * If NULL, all of the endpoints will be deleted.
118 * @param[in,out] config Configuration YANG data tree.
119 * @return 0 on success, non-zero otherwise.
120 */
121int nc_server_config_new_del_endpt(const char *endpt_name, struct lyd_node **config);
122
123#ifdef NC_ENABLED_SSH_TLS
124
125/**
126 * @brief Creates new YANG data nodes for an asymmetric key in the keystore.
127 *
128 * @param[in] ctx libyang context.
roman12c3d522023-07-26 13:39:30 +0200129 * @param[in] asym_key_name Identifier of the asymmetric key pair.
130 * This identifier is used to reference the key pair.
roman8ba6efa2023-07-12 15:27:52 +0200131 * @param[in] privkey_path Path to a private key file.
132 * @param[in] pubkey_path Optional path a public key file.
133 * If not supplied, it will be generated from the private key.
134 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
135 * Otherwise the new YANG data will be added to the previous data and may override it.
136 * @return 0 on success, non-zero otherwise.
137 */
roman12c3d522023-07-26 13:39:30 +0200138int nc_server_config_new_keystore_asym_key(const struct ly_ctx *ctx, const char *asym_key_name, const char *privkey_path,
roman8ba6efa2023-07-12 15:27:52 +0200139 const char *pubkey_path, struct lyd_node **config);
140
141/**
142 * @brief Deletes a keystore's asymmetric key from the YANG data.
143 *
roman12c3d522023-07-26 13:39:30 +0200144 * @param[in] asym_key_name Optional identifier of the asymmetric key to be deleted.
roman8ba6efa2023-07-12 15:27:52 +0200145 * If NULL, all of the asymmetric keys in the keystore will be deleted.
146 * @param[in,out] config Configuration YANG data tree.
147 * @return 0 on success, non-zero otherwise.
148 */
roman12c3d522023-07-26 13:39:30 +0200149int nc_server_config_new_del_keystore_asym_key(const char *asym_key_name, struct lyd_node **config);
150
151/**
152 * @brief Creates new YANG data nodes for a certificate in the keystore.
153 *
154 * A certificate can not exist without its asymmetric key, so you must call ::nc_server_config_new_keystore_asym_key()
155 * either before or after calling this with the same identifier for the asymmetric key.
156 *
157 * An asymmetric key pair can have zero or more certificates associated with this key pair, however a certificate must
158 * have exactly one key pair it belongs to.
159 *
160 * @param[in] ctx libyang context.
161 * @param[in] asym_key_name Arbitrary identifier of the asymmetric key.
162 * If an asymmetric key pair with this name already exists, its contents will be changed.
163 * @param[in] cert_name Arbitrary identifier of the key pair's certificate.
164 * If a certificate with this name already exists, its contents will be changed.
165 * @param[in] cert_path Path to the PEM encoded certificate file.
166 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
167 * Otherwise the new YANG data will be added to the previous data and may override it.
168 * @return 0 on success, non-zero otherwise.
169 */
170int nc_server_config_new_keystore_cert(const struct ly_ctx *ctx, const char *asym_key_name, const char *cert_name,
171 const char *cert_path, struct lyd_node **config);
172
173/**
174 * @brief Deletes a keystore's certificate from the YANG data.
175 *
176 * @param[in] asym_key_name Identifier of an existing asymmetric key pair.
177 * @param[in] cert_name Optional identifier of a certificate to be deleted.
178 * If NULL, all of the certificates belonging to the asymmetric key pair will be deleted.
179 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
180 * Otherwise the new YANG data will be added to the previous data and may override it.
181 * @return 0 on success, non-zero otherwise.
182 */
183int nc_server_config_new_del_keystore_cert(const char *asym_key_name, const char *cert_name, struct lyd_node **config);
roman8ba6efa2023-07-12 15:27:52 +0200184
185/**
186 * @brief Creates new YANG data nodes for a public key in the truststore.
187 *
188 * @param[in] ctx libyang context.
roman12c3d522023-07-26 13:39:30 +0200189 * @param[in] pub_bag_name Arbitrary identifier of the public key bag.
roman8ba6efa2023-07-12 15:27:52 +0200190 * This name is used to reference the public keys in the bag.
191 * If a public key bag with this name already exists, its contents will be changed.
192 * @param[in] pubkey_name Arbitrary identifier of the public key.
roman12c3d522023-07-26 13:39:30 +0200193 * If a public key with this name already exists in the given bag, its contents will be changed.
roman8ba6efa2023-07-12 15:27:52 +0200194 * @param[in] pubkey_path Path to a file containing a public key.
195 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
196 * Otherwise the new YANG data will be added to the previous data and may override it.
197 * @return 0 on success, non-zero otherwise.
198 */
roman12c3d522023-07-26 13:39:30 +0200199int nc_server_config_new_truststore_pubkey(const struct ly_ctx *ctx, const char *pub_bag_name, const char *pubkey_name,
roman8ba6efa2023-07-12 15:27:52 +0200200 const char *pubkey_path, struct lyd_node **config);
201
202/**
203 * @brief Deletes a truststore's public key from the YANG data.
204 *
roman12c3d522023-07-26 13:39:30 +0200205 * @param[in] pub_bag_name Identifier of an existing public key bag.
roman8ba6efa2023-07-12 15:27:52 +0200206 * @param[in] pubkey_name Optional identifier of a public key to be deleted.
207 * If NULL, all of the public keys in the given bag will be deleted.
208 * @param[in,out] config Configuration YANG data tree.
209 * @return 0 on success, non-zero otherwise.
210 */
roman12c3d522023-07-26 13:39:30 +0200211int nc_server_config_new_del_truststore_pubkey(const char *pub_bag_name, const char *pubkey_name, struct lyd_node **config);
212
213/**
214 * @brief Creates new YANG data nodes for a certificate in the truststore.
215 *
216 * @param[in] ctx libyang context.
217 * @param[in] cert_bag_name Arbitrary identifier of the certificate bag.
218 * This name is used to reference the certificates in the bag.
219 * If a certificate bag with this name already exists, its contents will be changed.
220 * @param[in] cert_name Arbitrary identifier of the certificate.
221 * If a certificate with this name already exists in the given bag, its contents will be changed.
222 * @param[in] cert_path Path to a file containing a PEM encoded certificate.
223 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
224 * Otherwise the new YANG data will be added to the previous data and may override it.
225 * @return 0 on success, non-zero otherwise.
226 */
227int nc_server_config_new_truststore_cert(const struct ly_ctx *ctx, const char *cert_bag_name, const char *cert_name,
228 const char *cert_path, struct lyd_node **config);
229
230/**
231 * @brief Deletes a truststore's certificate from the YANG data.
232 *
233 * @param[in] cert_bag_name Identifier of an existing certificate bag.
234 * @param[in] cert_name Optional identifier of a certificate to be deleted.
235 * If NULL, all of the certificates in the given bag will be deleted.
236 * @param[in,out] config Configuration YANG data tree.
237 * @return 0 on success, non-zero otherwise.
238 */
239int nc_server_config_new_del_truststore_cert(const char *cert_bag_name,
240 const char *cert_name, struct lyd_node **config);
roman8ba6efa2023-07-12 15:27:52 +0200241
242/**
243 * @}
244 */
245
246/**
247 * @defgroup server_config_ssh SSH Server Configuration
248 * @ingroup server_config
249 *
250 * @brief SSH server configuration creation and deletion
251 * @{
252 */
253
roman3f9b65c2023-06-05 14:26:58 +0200254/**
255 * @brief Creates new YANG configuration data nodes for a hostkey.
256 *
257 * @param[in] ctx libyang context.
258 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200259 * If an endpoint with this identifier already exists, its hostkey might be changed.
roman3f9b65c2023-06-05 14:26:58 +0200260 * @param[in] hostkey_name Arbitrary identifier of the hostkey.
roman142718b2023-06-29 09:15:29 +0200261 * If a hostkey with this identifier already exists, its contents will be changed.
roman3f9b65c2023-06-05 14:26:58 +0200262 * @param[in] privkey_path Path to a file containing a private key.
263 * The private key has to be in a PEM format. Only RSA and ECDSA keys are supported.
264 * @param[in] pubkey_path Path to a file containing a public key. If NULL, public key will be
265 * generated from the private key.
266 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
267 * Otherwise the new YANG data will be added to the previous data and may override it.
268 * @return 0 on success, non-zero otherwise.
269 */
roman8ba6efa2023-07-12 15:27:52 +0200270int nc_server_config_new_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
271 const char *privkey_path, const char *pubkey_path, struct lyd_node **config);
272
273/**
274 * @brief Deletes a hostkey from the YANG data.
275 *
276 * @param[in] ctx libyang context.
277 * @param[in] endpt_name Identifier of an existing endpoint.
278 * @param[in] hostkey_name Optional identifier of the hostkey to be deleted.
279 * If NULL, all of the hostkeys on this endpoint will be deleted.
280 * @param[in,out] config Configuration YANG data tree.
281 * @return 0 on success, non-zero otherwise.
282 */
283int nc_server_config_new_ssh_del_hostkey(const struct ly_ctx *ctx, const char *endpt_name,
284 const char *hostkey_name, struct lyd_node **config);
285
286/**
287 * @brief Creates new YANG data nodes for a reference to an asymmetric key located in the keystore.
288 *
289 * This asymmetric key pair will be used as the SSH hostkey.
290 *
291 * @param[in] ctx libyang context.
292 * @param[in] endpt_name Arbitrary identifier of an endpoint.
293 * If an endpoint with this identifier already exists, its contents will be changed.
294 * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey.
295 * If an endpoint's hostkey with this identifier already exists, its contents will be changed.
296 * @param[in] keystore_reference Name of the asymmetric key pair to be referenced and used as a hostkey.
297 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
298 * Otherwise the new YANG data will be added to the previous data and may override it.
299 * @return 0 on success, non-zero otherwise.
300 */
301int nc_server_config_new_ssh_keystore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
302 const char *keystore_reference, struct lyd_node **config);
303
304/**
305 * @brief Deletes a keystore reference from the YANG data.
306 *
307 * @param[in] endpt_name Identifier of an existing endpoint.
308 * @param[in] hostkey_name Identifier of an existing hostkey on the given endpoint.
309 * @param[in,out] config Configuration YANG data tree.
310 * @return 0 on success, non-zero otherwise.
311 */
312int nc_server_config_new_ssh_del_keystore_reference(const char *endpt_name, const char *hostkey_name,
313 struct lyd_node **config);
314
315/**
roman68404fd2023-07-24 10:40:59 +0200316 * @brief Creates new YANG configuration data nodes for the maximum amount of failed SSH authentication attempts.
317 *
318 * @param[in] ctx libyang context.
319 * @param[in] endpt_name Arbitrary identifier of the endpoint.
320 * If an endpoint with this identifier already exists, its contents might be changed.
321 * @param[in] auth_attempts Maximum amount of failed SSH authentication attempts after which a
322 * client is disconnected. The default value is 3.
323 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
324 * Otherwise the new YANG data will be added to the previous data and may override it.
325 * @return 0 on success, non-zero otherwise.
326 */
327int nc_server_config_new_ssh_auth_attempts(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_attempts,
328 struct lyd_node **config);
329
330/**
331 * @brief Creates new YANG configuration data nodes for an SSH authentication timeout.
332 *
333 * @param[in] ctx libyang context.
334 * @param[in] endpt_name Arbitrary identifier of the endpoint.
335 * If an endpoint with this identifier already exists, its contents might be changed.
336 * @param[in] auth_timeout Maximum amount of time in seconds after which the authentication is deemed
337 * unsuccessful. The default value is 10.
338 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
339 * Otherwise the new YANG data will be added to the previous data and may override it.
340 * @return 0 on success, non-zero otherwise.
341 */
342int nc_server_config_new_ssh_auth_timeout(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_timeout,
343 struct lyd_node **config);
344
345/**
roman8ba6efa2023-07-12 15:27:52 +0200346 * @brief Creates new YANG configuration data nodes for an SSH user's public key authentication method.
347 *
348 * @param[in] ctx libyang context.
349 * @param[in] endpt_name Arbitrary identifier of the endpoint.
350 * If an endpoint with this identifier already exists, its user might be changed.
351 * @param[in] user_name Arbitrary identifier of the user.
352 * If an user with this identifier already exists, its contents will be changed.
353 * @param[in] pubkey_name Arbitrary identifier of the user's public key.
354 * If a public key with this identifier already exists for this user, its contents will be changed.
355 * @param[in] pubkey_path Path to a file containing the user's public key.
356 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
357 * Otherwise the new YANG data will be added to the previous data and may override it.
358 * @return 0 on success, non-zero otherwise.
359 */
360int nc_server_config_new_ssh_user_pubkey(const struct ly_ctx *ctx, const char *endpt_name,
361 const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config);
362
363/**
364 * @brief Deletes an SSH user's public key from the YANG data.
365 *
366 * @param[in] endpt_name Identifier of an existing endpoint.
367 * @param[in] user_name Identifier of an existing user on the given endpoint.
368 * @param[in] pubkey_name Optional identifier of a public key to be deleted.
369 * If NULL, all of the users public keys will be deleted.
roman9d5e5a52023-07-14 12:43:44 +0200370 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200371 * @return 0 on success, non-zero otherwise.
372 */
373int nc_server_config_new_ssh_del_user_pubkey(const char *endpt_name, const char *user_name,
374 const char *pubkey_name, struct lyd_node **config);
375
376/**
377 * @brief Creates new YANG configuration data nodes for an SSH user's password authentication method.
378 *
379 * @param[in] ctx libyang context.
380 * @param[in] endpt_name Arbitrary identifier of the endpoint.
381 * If an endpoint with this identifier already exists, its user might be changed.
382 * @param[in] user_name Arbitrary identifier of the user.
383 * If an user with this identifier already exists, its contents will be changed.
384 * @param[in] password Cleartext password to be set for the user.
385 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
386 * Otherwise the new YANG data will be added to the previous data and may override it.
387 * @return 0 on success, non-zero otherwise.
388 */
389int nc_server_config_new_ssh_user_password(const struct ly_ctx *ctx, const char *endpt_name,
390 const char *user_name, const char *password, struct lyd_node **config);
391
392/**
393 * @brief Deletes an SSH user's password from the YANG data.
394 *
395 * @param[in] endpt_name Identifier of an existing endpoint.
396 * @param[in] user_name Identifier of an existing user on the given endpoint.
roman9d5e5a52023-07-14 12:43:44 +0200397 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200398 * @return 0 on success, non-zero otherwise.
399 */
400int nc_server_config_new_ssh_del_user_password(const char *endpt_name, const char *user_name,
401 struct lyd_node **config);
402
403/**
404 * @brief Creates new YANG configuration data nodes for an SSH user's none authentication method.
405 *
406 * @param[in] ctx libyang context.
407 * @param[in] endpt_name Arbitrary identifier of the endpoint.
408 * If an endpoint with this identifier already exists, its user might be changed.
409 * @param[in] user_name Arbitrary identifier of the user.
410 * If an user with this identifier already exists, its contents will be changed.
411 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
412 * Otherwise the new YANG data will be added to the previous data and may override it.
413 * @return 0 on success, non-zero otherwise.
414 */
415int nc_server_config_new_ssh_user_none(const struct ly_ctx *ctx, const char *endpt_name,
416 const char *user_name, struct lyd_node **config);
417
418/**
419 * @brief Deletes an SSH user's none authentication method from the YANG data.
420 *
421 * @param[in] endpt_name Identifier of an existing endpoint.
422 * @param[in] user_name Identifier of an existing user on the given endpoint.
roman9d5e5a52023-07-14 12:43:44 +0200423 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200424 * @return 0 on success, non-zero otherwise.
425 */
426int nc_server_config_new_ssh_del_user_none(const char *endpt_name, const char *user_name,
427 struct lyd_node **config);
428
429/**
430 * @brief Creates new YANG configuration data nodes for an SSH user's keyboard interactive authentication method.
431 *
432 * @param[in] ctx libyang context.
433 * @param[in] endpt_name Arbitrary identifier of the endpoint.
434 * If an endpoint with this identifier already exists, its user might be changed.
435 * @param[in] user_name Arbitrary identifier of the user.
436 * If an user with this identifier already exists, its contents will be changed.
437 * @param[in] pam_config_name Name of the PAM configuration file.
438 * @param[in] pam_config_name Optional. The absolute path to the directory in which the configuration file
439 * with the name conf_name is located. A newer version (>= 1.4) of PAM library is required to be able to specify
440 * the path. If NULL is passed, then the PAM's system directories will be searched (usually /etc/pam.d/).
441 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
442 * Otherwise the new YANG data will be added to the previous data and may override it.
443 * @return 0 on success, non-zero otherwise.
444 */
445int nc_server_config_new_ssh_user_interactive(const struct ly_ctx *ctx, const char *endpt_name,
446 const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config);
447
448/**
449 * @brief Deletes an SSH user's keyboard interactive authentication from the YANG data.
450 *
451 * @param[in] endpt_name Identifier of an existing endpoint.
452 * @param[in] user_name Identifier of an existing user on the given endpoint.
roman9d5e5a52023-07-14 12:43:44 +0200453 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200454 * @return 0 on success, non-zero otherwise.
455 */
456int nc_server_config_new_ssh_del_user_interactive(const char *endpt_name, const char *user_name,
457 struct lyd_node **config);
458
459/**
460 * @brief Deletes an SSH user from the YANG data.
461 *
462 * @param[in] endpt_name Identifier of an existing endpoint.
463 * @param[in] user_name Optional identifier of an user to be deleted.
464 * If NULL, all of the users on this endpoint will be deleted.
roman9d5e5a52023-07-14 12:43:44 +0200465 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200466 * @return 0 on success, non-zero otherwise.
467 */
468int nc_server_config_new_ssh_del_user(const char *endpt_name,
469 const char *user_name, struct lyd_node **config);
470
471/**
472 * @brief Creates new YANG data nodes for a reference to a public key bag located in the truststore.
473 *
474 * The public key's located in the bag will be used for client authentication.
475 *
476 * @param[in] ctx libyang context.
477 * @param[in] endpt_name Arbitrary identifier of an endpoint.
478 * If an endpoint with this identifier already exists, its contents will be changed.
479 * @param[in] user_name Arbitrary identifier of the endpoint's user.
480 * If an endpoint's user with this identifier already exists, its contents will be changed.
481 * @param[in] truststore_reference Name of the public key bag to be referenced and used for authentication.
Roytak9b32c0f2023-08-02 15:07:29 +0200482 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman8ba6efa2023-07-12 15:27:52 +0200483 * Otherwise the new YANG data will be added to the previous data and may override it.
484 * @return 0 on success, non-zero otherwise.
485 */
486int nc_server_config_new_ssh_truststore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *user_name,
487 const char *truststore_reference, struct lyd_node **config);
488
489/**
490 * @brief Deletes a truststore reference from the YANG data.
491 *
492 * @param[in] endpt_name Identifier of an existing endpoint.
493 * @param[in] user_name Identifier of an user on the given endpoint whose truststore reference will be deleted.
roman9d5e5a52023-07-14 12:43:44 +0200494 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200495 * @return 0 on success, non-zero otherwise.
496 */
497int nc_server_config_new_ssh_del_truststore_reference(const char *endpt_name, const char *user_name,
498 struct lyd_node **config);
499
500/**
501 * @brief Creates new YANG configuration data nodes, which will be a reference to another SSH endpoint's users.
502 *
503 * Whenever a client tries to connect to the referencing endpoint, all of its users will be tried first. If no match is
504 * found, the referenced endpoint's configured users will be tried.
505 *
506 * @param[in] ctx libyang context
507 * @param[in] endpt_name Arbitrary identifier of the endpoint.
508 * If an endpoint with this identifier already exists, its contents will be changed.
509 * @param[in] referenced_endpt Identifier of an endpoint, which has to exist whenever this data
510 * is applied. The referenced endpoint can reference another one and so on, but there mustn't be a cycle.
511 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
512 * Otherwise the new YANG data will be added to the previous data and may override it.
513 * @return 0 on success, non-zero otherwise.
514 */
515int nc_config_new_ssh_endpoint_user_reference(const struct ly_ctx *ctx, const char *endpt_name,
516 const char *referenced_endpt, struct lyd_node **config);
517
518/**
519 * @brief Deletes reference to another SSH endpoint's users from the YANG data.
520 *
521 * @param[in] endpt_name Identifier of an existing endpoint.
roman9d5e5a52023-07-14 12:43:44 +0200522 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200523 * @return 0 on success, non-zero otherwise.
524 */
525int nc_config_new_ssh_del_endpoint_user_reference(const char *endpt_name, struct lyd_node **config);
roman9b1379c2023-03-31 10:11:10 +0200526
527/**
528 * @brief Creates new YANG configuration data nodes for host-key algorithms replacing any previous ones.
529 *
530 * Supported algorithms are: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
531 * rsa-sha2-512, rsa-sha2-256, ssh-rsa and ssh-dss.
532 *
533 * @param[in] ctx libyang context
534 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200535 * If an endpoint with this identifier already exists, its host-key algorithms will be replaced.
roman9b1379c2023-03-31 10:11:10 +0200536 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
537 * Otherwise the new YANG data will be added to the previous data and may override it.
538 * @param[in] alg_count Number of following algorithms.
539 * @param[in] ... String literals of host-key algorithms in a decreasing order of preference.
540 * @return 0 on success, non-zero otherwise.
541 */
roman466719d2023-05-05 16:14:37 +0200542int nc_server_config_new_ssh_host_key_algs(const struct ly_ctx *ctx, const char *endpt_name,
roman9b1379c2023-03-31 10:11:10 +0200543 struct lyd_node **config, int alg_count, ...);
544
545/**
roman8ba6efa2023-07-12 15:27:52 +0200546 * @brief Deletes a hostkey algorithm from the YANG data.
547 *
548 * @param[in] endpt_name Identifier of an existing endpoint.
549 * @param[in] alg Optional algorithm to be deleted.
550 * If NULL, all of the hostkey algorithms on this endpoint will be deleted.
551 * @param[in,out] config Configuraiton YANG data.
552 * @return 0 on success, non-zero otherwise.
553 */
554int nc_server_config_new_ssh_del_host_key_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
555
556/**
roman9b1379c2023-03-31 10:11:10 +0200557 * @brief Creates new YANG configuration data nodes for key exchange algorithms replacing any previous ones.
558 *
559 * Supported algorithms are: diffie-hellman-group-exchange-sha1, curve25519-sha256, ecdh-sha2-nistp256,
560 * ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512,
561 * diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256.
562 *
563 * @param[in] ctx libyang context
564 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200565 * If an endpoint with this identifier already exists, its key exchange algorithms will be replaced.
roman9b1379c2023-03-31 10:11:10 +0200566 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
567 * Otherwise the new YANG data will be added to the previous data and may override it.
568 * @param[in] alg_count Number of following algorithms.
569 * @param[in] ... String literals of key exchange algorithms in a decreasing order of preference.
570 * @return 0 on success, non-zero otherwise.
571 */
roman466719d2023-05-05 16:14:37 +0200572int nc_server_config_new_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
roman9b1379c2023-03-31 10:11:10 +0200573 int alg_count, ...);
574
575/**
roman8ba6efa2023-07-12 15:27:52 +0200576 * @brief Deletes a key exchange algorithm from the YANG data.
577 *
578 * @param[in] endpt_name Identifier of an existing endpoint.
579 * @param[in] alg Optional algorithm to be deleted.
580 * If NULL, all of the key exchange algorithms on this endpoint will be deleted.
581 * @param[in,out] config Configuraiton YANG data.
582 * @return 0 on success, non-zero otherwise.
583 */
584int nc_server_config_new_ssh_del_key_exchange_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
585
586/**
roman9b1379c2023-03-31 10:11:10 +0200587 * @brief Creates new YANG configuration data nodes for encryption algorithms replacing any previous ones.
588 *
589 * Supported algorithms are: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-cbc
590 * triple-des-cbc and none.
591 *
592 * @param[in] ctx libyang context
593 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200594 * If an endpoint with this identifier already exists, its encryption algorithms will be replaced.
roman9b1379c2023-03-31 10:11:10 +0200595 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
596 * Otherwise the new YANG data will be added to the previous data and may override it.
597 * @param[in] alg_count Number of following algorithms.
598 * @param[in] ... String literals of encryption algorithms in a decreasing order of preference.
599 * @return 0 on success, non-zero otherwise.
600 */
roman466719d2023-05-05 16:14:37 +0200601int nc_server_config_new_ssh_encryption_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
roman9b1379c2023-03-31 10:11:10 +0200602 int alg_count, ...);
603
604/**
roman8ba6efa2023-07-12 15:27:52 +0200605 * @brief Deletes an encryption algorithm from the YANG data.
606 *
607 * @param[in] endpt_name Identifier of an existing endpoint.
608 * @param[in] alg Optional algorithm to be deleted.
609 * If NULL, all of the encryption algorithms on this endpoint will be deleted.
610 * @param[in,out] config Configuraiton YANG data.
611 * @return 0 on success, non-zero otherwise.
612 */
613int nc_server_config_new_ssh_del_encryption_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
614
615/**
roman9b1379c2023-03-31 10:11:10 +0200616 * @brief Creates new YANG configuration data nodes for mac algorithms replacing any previous ones.
617 *
618 * Supported algorithms are: hmac-sha2-256, hmac-sha2-512 and hmac-sha1.
619 *
620 * @param[in] ctx libyang context
621 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200622 * If an endpoint with this identifier already exists, its mac algorithms will be replaced.
roman9b1379c2023-03-31 10:11:10 +0200623 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
624 * Otherwise the new YANG data will be added to the previous data and may override it.
625 * @param[in] alg_count Number of following algorithms.
626 * @param[in] ... String literals of mac algorithms in a decreasing order of preference.
627 * @return 0 on success, non-zero otherwise.
628 */
roman466719d2023-05-05 16:14:37 +0200629int nc_server_config_new_ssh_mac_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
roman9b1379c2023-03-31 10:11:10 +0200630 int alg_count, ...);
631
632/**
roman8ba6efa2023-07-12 15:27:52 +0200633 * @brief Deletes a mac algorithm from the YANG data.
roman9b1379c2023-03-31 10:11:10 +0200634 *
roman8ba6efa2023-07-12 15:27:52 +0200635 * @param[in] endpt_name Identifier of an existing endpoint.
636 * @param[in] alg Optional algorithm to be deleted.
637 * If NULL, all of the mac algorithms on this endpoint will be deleted.
638 * @param[in,out] config Configuraiton YANG data.
roman9b1379c2023-03-31 10:11:10 +0200639 * @return 0 on success, non-zero otherwise.
640 */
roman8ba6efa2023-07-12 15:27:52 +0200641int nc_server_config_new_ssh_del_mac_alg(const char *endpt_name, const char *alg, struct lyd_node **config);
roman9b1379c2023-03-31 10:11:10 +0200642
643/**
roman8ba6efa2023-07-12 15:27:52 +0200644 * @}
roman9b1379c2023-03-31 10:11:10 +0200645 */
roman9b1379c2023-03-31 10:11:10 +0200646
647/**
roman8ba6efa2023-07-12 15:27:52 +0200648 * @defgroup server_config_tls TLS Server Configuration
649 * @ingroup server_config
roman9b1379c2023-03-31 10:11:10 +0200650 *
roman8ba6efa2023-07-12 15:27:52 +0200651 * @brief TLS server configuration creation and deletion
652 * @{
roman9b1379c2023-03-31 10:11:10 +0200653 */
roman2e797ef2023-06-19 10:47:49 +0200654
655/**
roman3f9b65c2023-06-05 14:26:58 +0200656 * @brief Creates new YANG configuration data nodes for a server's certificate.
657 *
658 * @param[in] ctx libyang context.
659 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200660 * If an endpoint with this identifier already exists, its server certificate will be changed.
roman3f9b65c2023-06-05 14:26:58 +0200661 * @param[in] pubkey_path Optional path to the server's public key file. If not provided,
662 * it will be generated from the private key.
663 * @param[in] privkey_path Path to the server's private key file.
664 * @param[in] certificate_path Path to the server's certificate file.
665 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
666 * Otherwise the new YANG data will be added to the previous data and may override it.
667 * @return 0 on success, non-zero otherwise.
668 */
669int nc_server_config_new_tls_server_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *pubkey_path,
670 const char *privkey_path, const char *certificate_path, struct lyd_node **config);
671
672/**
roman8ba6efa2023-07-12 15:27:52 +0200673 * @brief Deletes the server's certificate from the YANG data.
674 *
675 * @param[in] endpt_name Identifier of an existing endpoint.
roman9d5e5a52023-07-14 12:43:44 +0200676 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200677 * @return 0 on success, non-zero otherwise.
678 */
679int nc_server_config_new_tls_del_server_certificate(const char *endpt_name, struct lyd_node **config);
680
681/**
roman12c3d522023-07-26 13:39:30 +0200682 * @brief Creates new YANG configuration data nodes for a keystore reference to the TLS server's certificate.
683 *
684 * @param[in] ctx libyang context.
685 * @param[in] endpt_name Arbitrary identifier of the endpoint.
686 * If an endpoint with this identifier already exists, its contents will be changed.
687 * @param[in] asym_key_ref Name of the asymmetric key pair in the keystore to be referenced.
688 * @param[in] cert_ref Name of the certificate, which must belong to the given asymmetric key pair, to be referenced.
689 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
690 * Otherwise the new YANG data will be added to the previous data and may override it.
691 * @return 0 on success, non-zero otherwise.
692 */
693int nc_server_config_new_tls_keystore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *asym_key_ref,
694 const char *cert_ref, struct lyd_node **config);
695
696/**
697 * @brief Deletes a TLS server certificate keystore reference from the YANG data.
698 *
699 * @param[in] endpt_name Identifier of an existing endpoint.
700 * @param[in,out] config Modified configuration YANG data tree.
701 * @return 0 on success, non-zero otherwise.
702 */
703int nc_server_config_new_tls_del_keystore_reference(const char *endpt_name, struct lyd_node **config);
704
705/**
roman3f9b65c2023-06-05 14:26:58 +0200706 * @brief Creates new YANG configuration data nodes for a client's (end-entity) certificate.
707 *
708 * @param[in] ctx libyang context.
709 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200710 * If an endpoint with this identifier already exists, its contents will be changed.
roman3f9b65c2023-06-05 14:26:58 +0200711 * @param[in] cert_name Arbitrary identifier of the client's certificate.
712 * If a client certificate with this indetifier already exists, it will be changed.
713 * @param[in] cert_path Path to the client's certificate file.
714 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
715 * Otherwise the new YANG data will be added to the previous data and may override it.
716 * @return 0 on success, non-zero otherwise.
717 */
718int nc_server_config_new_tls_client_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
719 const char *cert_path, struct lyd_node **config);
720
721/**
roman8ba6efa2023-07-12 15:27:52 +0200722 * @brief Deletes a client (end-entity) certificate from the YANG data.
723 *
724 * @param[in] endpt_name Identifier of an existing endpoint.
725 * @param[in] cert_name Optional name of a certificate to be deleted.
726 * If NULL, all of the end-entity certificates on the given endpoint will be deleted.
roman9d5e5a52023-07-14 12:43:44 +0200727 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200728 * @return 0 on success, non-zero otherwise.
729 */
730int nc_server_config_new_tls_del_client_certificate(const char *endpt_name, const char *cert_name, struct lyd_node **config);
731
732/**
roman12c3d522023-07-26 13:39:30 +0200733 * @brief Creates new YANG configuration data nodes for a truststore reference to a set of client (end-entity) certificates.
734 *
735 * @param[in] ctx libyang context.
736 * @param[in] endpt_name Arbitrary identifier of the endpoint.
737 * If an endpoint with this identifier already exists, its contents will be changed.
738 * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
739 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
740 * Otherwise the new YANG data will be added to the previous data and may override it.
741 * @return 0 on success, non-zero otherwise.
742 */
743int nc_server_config_new_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
744 const char *cert_bag_ref, struct lyd_node **config);
745
746/**
747 * @brief Deletes a client (end-entity) certificates truststore reference from the YANG data.
748 *
749 * @param[in] endpt_name Identifier of an existing endpoint.
750 * @param[in,out] config Modified configuration YANG data tree.
751 * @return 0 on success, non-zero otherwise.
752 */
753int nc_server_config_new_tls_del_client_cert_truststore_ref(const char *endpt_name, struct lyd_node **config);
754
755/**
roman3f9b65c2023-06-05 14:26:58 +0200756 * @brief Creates new YANG configuration data nodes for a client certificate authority (trust-anchor) certificate.
757 *
758 * @param[in] ctx libyang context.
759 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200760 * If an endpoint with this identifier already exists, its contents will be changed.
roman3f9b65c2023-06-05 14:26:58 +0200761 * @param[in] cert_name Arbitrary identifier of the certificate authority certificate.
762 * If a CA with this indetifier already exists, it will be changed.
763 * @param[in] cert_path Path to the CA certificate file.
764 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
765 * Otherwise the new YANG data will be added to the previous data and may override it.
766 * @return 0 on success, non-zero otherwise.
767 */
768int nc_server_config_new_tls_client_ca(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name,
769 const char *cert_path, struct lyd_node **config);
770
771/**
roman8ba6efa2023-07-12 15:27:52 +0200772 * @brief Deletes a client certificate authority (trust-anchor) certificate from the YANG data.
773 *
774 * @param[in] endpt_name Identifier of an existing endpoint.
775 * @param[in] cert_name Optional name of a certificate to be deleted.
776 * If NULL, all of the CA certificates on the given endpoint will be deleted.
roman9d5e5a52023-07-14 12:43:44 +0200777 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200778 * @return 0 on success, non-zero otherwise.
779 */
780int nc_server_config_new_tls_del_client_ca(const char *endpt_name, const char *cert_name, struct lyd_node **config);
781
782/**
roman12c3d522023-07-26 13:39:30 +0200783 * @brief Creates new YANG configuration data nodes for a truststore reference to a set of client certificate authority (trust-anchor) certificates.
784 *
785 * @param[in] ctx libyang context.
786 * @param[in] endpt_name Arbitrary identifier of the endpoint.
787 * If an endpoint with this identifier already exists, its contents will be changed.
788 * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
789 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
790 * Otherwise the new YANG data will be added to the previous data and may override it.
791 * @return 0 on success, non-zero otherwise.
792 */
793int nc_server_config_new_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name,
794 const char *cert_bag_ref, struct lyd_node **config);
795
796/**
797 * @brief Deletes a client certificate authority (trust-anchor) certificates truststore reference from the YANG data.
798 *
799 * @param[in] endpt_name Identifier of an existing endpoint.
800 * @param[in,out] config Modified configuration YANG data tree.
801 * @return 0 on success, non-zero otherwise.
802 */
803int nc_server_config_new_tls_del_client_ca_truststore_ref(const char *endpt_name, struct lyd_node **config);
804
805/**
roman3f9b65c2023-06-05 14:26:58 +0200806 * @brief Creates new YANG configuration data nodes for a cert-to-name entry.
807 *
808 * @param[in] ctx libyang context.
809 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200810 * If an endpoint with this identifier already exists, its contents will be changed.
roman3f9b65c2023-06-05 14:26:58 +0200811 * @param[in] id ID of the entry. The lower the ID, the higher the priority of the entry (it will be checked earlier).
812 * @param[in] fingerprint Optional fingerprint of the entry. The fingerprint should always be set, however if it is
813 * not set, it will match any certificate. Entry with no fingerprint should therefore be placed only as the last entry.
814 * @param[in] map_type Mapping username to the certificate option.
815 * @param[in] name Username for this cert-to-name entry.
816 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
817 * Otherwise the new YANG data will be added to the previous data and may override it.
818 * @return 0 on success, non-zero otherwise.
819 */
820int nc_server_config_new_tls_ctn(const struct ly_ctx *ctx, const char *endpt_name, uint32_t id, const char *fingerprint,
821 NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config);
822
roman12644fe2023-06-08 11:06:42 +0200823/**
roman8ba6efa2023-07-12 15:27:52 +0200824 * @brief Deletes a cert-to-name entry from the YANG data.
825 *
826 * @param[in] endpt_name Identifier of an existing endpoint.
827 * @param[in] id Optional ID of the CTN entry.
828 * If 0, all of the cert-to-name entries on the given endpoint will be deleted.
roman9d5e5a52023-07-14 12:43:44 +0200829 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200830 * @return 0 on success, non-zero otherwise.
831 */
832int nc_server_config_new_tls_del_ctn(const char *endpt_name, uint32_t id, struct lyd_node **config);
833
834/**
roman12644fe2023-06-08 11:06:42 +0200835 * @brief Creates new YANG configuration data nodes for a TLS version.
836 *
837 * @param[in] ctx libyang context.
838 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200839 * If an endpoint with this identifier already exists, its contents will be changed.
roman12644fe2023-06-08 11:06:42 +0200840 * @param[in] tls_version TLS version to be used. Call this multiple times to set
841 * the accepted versions of the TLS protocol and let the client and server negotiate
842 * the given version.
843 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
844 * Otherwise the new YANG data will be added to the previous data and may override it.
845 * @return 0 on success, non-zero otherwise.
846 */
847int nc_server_config_new_tls_version(const struct ly_ctx *ctx, const char *endpt_name,
848 NC_TLS_VERSION tls_version, struct lyd_node **config);
849
850/**
roman8ba6efa2023-07-12 15:27:52 +0200851 * @brief Deletes a TLS version from the YANG data.
852 *
853 * @param[in] endpt_name Identifier of an existing endpoint.
854 * @param[in] tls_version TLS version to be deleted.
roman9d5e5a52023-07-14 12:43:44 +0200855 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200856 * @return 0 on success, non-zero otherwise.
857 */
858int nc_server_config_new_tls_del_version(const char *endpt_name, NC_TLS_VERSION tls_version, struct lyd_node **config);
859
860/**
roman12644fe2023-06-08 11:06:42 +0200861 * @brief Creates new YANG configuration data nodes for a TLS cipher.
862 *
863 * @param[in] ctx libyang context.
864 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200865 * If an endpoint with this identifier already exists, its contents will be changed.
roman12644fe2023-06-08 11:06:42 +0200866 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
867 * Otherwise the new YANG data will be added to the previous data and may override it.
868 * @param[in] cipher_count Number of ciphers.
869 * @param[in] ... TLS ciphers. These ciphers MUST be in the format as listed in the
870 * iana-tls-cipher-suite-algs YANG model (lowercase and separated by dashes). Regardless
871 * of the TLS protocol version used, all of these ciphers will be tried and some of them
872 * might not be set (TLS handshake might fail then). For the list of supported ciphers see
873 * the OpenSSL documentation.
874 * @return 0 on success, non-zero otherwise.
875 */
876int nc_server_config_new_tls_ciphers(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config,
roman08f67f42023-06-08 13:51:54 +0200877 int cipher_count, ...);
roman12644fe2023-06-08 11:06:42 +0200878
romanfaecc582023-06-15 16:13:31 +0200879/**
roman8ba6efa2023-07-12 15:27:52 +0200880 * @brief Deletes a TLS cipher from the YANG data.
881 *
882 * @param[in] endpt_name Identifier of an existing endpoint.
883 * @param[in] cipher TLS cipher to be deleted.
roman9d5e5a52023-07-14 12:43:44 +0200884 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200885 * @return 0 on success, non-zero otherwise.
886 */
887int nc_server_config_new_tls_del_cipher(const char *endpt_name, const char *cipher, struct lyd_node **config);
888
889/**
romanfaecc582023-06-15 16:13:31 +0200890 * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via a local file.
891 *
892 * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
893 * this function will remove any CRL YANG nodes created by the other two functions.
894 *
895 * @param[in] ctx libyang context.
896 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200897 * If an endpoint with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +0200898 * @param[in] crl_path Path to a DER/PEM encoded CRL file.
romanfaecc582023-06-15 16:13:31 +0200899 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
900 * Otherwise the new YANG data will be added to the previous data and may override it.
901 * @return 0 on success, non-zero otherwise.
902 */
roman9d5e5a52023-07-14 12:43:44 +0200903int nc_server_config_new_tls_crl_path(const struct ly_ctx *ctx, const char *endpt_name,
904 const char *crl_path, struct lyd_node **config);
romanfaecc582023-06-15 16:13:31 +0200905
906/**
907 * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via an URL.
908 *
909 * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
910 * this function will remove any CRL YANG nodes created by the other two functions.
911 *
912 * @param[in] ctx libyang context.
913 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200914 * If an endpoint with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +0200915 * @param[in] crl_url URL from which the CRL file will be downloaded. The file has to be in the DER or PEM format.
romanfaecc582023-06-15 16:13:31 +0200916 * The allowed protocols are all the protocols supported by CURL.
917 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
918 * Otherwise the new YANG data will be added to the previous data and may override it.
919 * @return 0 on success, non-zero otherwise.
920 */
roman9d5e5a52023-07-14 12:43:44 +0200921int nc_server_config_new_tls_crl_url(const struct ly_ctx *ctx, const char *endpt_name, const char *crl_url, struct lyd_node **config);
romanfaecc582023-06-15 16:13:31 +0200922
923/**
924 * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via certificate extensions.
925 *
926 * The chain of configured Certificate Authorities will be examined. For each certificate in this chain all the
927 * CRLs from the URLs specified in their extension fields CRL Distribution Points will be downloaded and used.
roman9d5e5a52023-07-14 12:43:44 +0200928 *
romanfaecc582023-06-15 16:13:31 +0200929 * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
930 * this function will remove any CRL YANG nodes created by the other two functions.
931 *
932 * @param[in] ctx libyang context.
933 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200934 * If an endpoint with this identifier already exists, its contents will be changed.
romanfaecc582023-06-15 16:13:31 +0200935 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
936 * Otherwise the new YANG data will be added to the previous data and may override it.
937 * @return 0 on success, non-zero otherwise.
938 */
939int nc_server_config_new_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config);
940
roman2e797ef2023-06-19 10:47:49 +0200941/**
roman8ba6efa2023-07-12 15:27:52 +0200942 * @brief Deletes all the CRL nodes from the YANG data.
943 *
944 * @param[in] endpt_name Identifier of an existing endpoint.
roman9d5e5a52023-07-14 12:43:44 +0200945 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200946 * @return 0 on success, non-zero otherwise.
947 */
948int nc_server_config_new_tls_del_crl(const char *endpt_name, struct lyd_node **config);
949
950/**
roman2e797ef2023-06-19 10:47:49 +0200951 * @brief Creates new YANG configuration data nodes, which will be a reference to another TLS endpoint's certificates.
952 *
953 * Whenever an user tries to connect to the referencing endpoint, all of its certificates will be tried first. If no match is
954 * found, the referenced endpoint's configured certificates will be tried. The same applies to cert-to-name entries.
955 *
956 * @param[in] ctx libyang context
957 * @param[in] endpt_name Arbitrary identifier of the endpoint.
roman142718b2023-06-29 09:15:29 +0200958 * If an endpoint with this identifier already exists, its contents will be changed.
roman2e797ef2023-06-19 10:47:49 +0200959 * @param[in] referenced_endpt Identifier of an endpoint, which has to exist whenever this data
960 * is applied. The referenced endpoint can reference another one and so on, but there mustn't be a cycle.
961 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
962 * Otherwise the new YANG data will be added to the previous data and may override it.
963 * @return 0 on success, non-zero otherwise.
964 */
965int nc_config_new_tls_endpoint_client_reference(const struct ly_ctx *ctx, const char *endpt_name,
966 const char *referenced_endpt, struct lyd_node **config);
967
roman142718b2023-06-29 09:15:29 +0200968/**
roman8ba6efa2023-07-12 15:27:52 +0200969 * @brief Deletes reference to another TLS endpoint's users from the YANG data.
970 *
971 * @param[in] endpt_name Identifier of an existing endpoint.
roman9d5e5a52023-07-14 12:43:44 +0200972 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +0200973 * @return 0 on success, non-zero otherwise.
974 */
975int nc_config_new_tls_del_endpoint_client_reference(const char *endpt_name, struct lyd_node **config);
976
977/**
978 * @}
979 */
980
981/**
Roytak2161df62023-08-02 15:04:42 +0200982 * @defgroup server_config_ch Call Home server Configuration
roman8ba6efa2023-07-12 15:27:52 +0200983 * @ingroup server_config
984 *
Roytak2161df62023-08-02 15:04:42 +0200985 * @brief Call Home server configuration creation and deletion
roman8ba6efa2023-07-12 15:27:52 +0200986 * @{
987 */
988
989/**
Roytak2161df62023-08-02 15:04:42 +0200990 * @brief Creates new YANG configuration data nodes for a Call Home client's address and port.
roman142718b2023-06-29 09:15:29 +0200991 *
992 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +0200993 * @param[in] client_name Arbitrary identifier of the Call Home client.
994 * If a Call Home client with this identifier already exists, its contents will be changed.
roman142718b2023-06-29 09:15:29 +0200995 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
996 * If the client's endpoint with this identifier already exists, its contents will be changed.
997 * @param[in] transport Transport protocol to be used on this endpoint - either SSH or TLS.
998 * @param[in] address Address to connect to.
999 * @param[in] port Port to connect to.
1000 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1001 * Otherwise the new YANG data will be added to the previous data and may override it.
1002 * @return 0 on success, non-zero otherwise.
1003 */
roman8ba6efa2023-07-12 15:27:52 +02001004int nc_server_config_new_ch_address_port(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
roman5cbb6532023-06-22 12:53:17 +02001005 NC_TRANSPORT_IMPL transport, const char *address, const char *port, struct lyd_node **config);
1006
roman8ba6efa2023-07-12 15:27:52 +02001007#endif /* NC_ENABLED_SSH_TLS */
1008
1009/**
Roytak2161df62023-08-02 15:04:42 +02001010 * @brief Deletes a Call Home client from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001011 *
1012 * @param[in] client_name Optional identifier of a client to be deleted.
Roytak2161df62023-08-02 15:04:42 +02001013 * If NULL, all of the Call Home clients will be deleted.
roman9d5e5a52023-07-14 12:43:44 +02001014 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001015 * @return 0 on success, non-zero otherwise.
1016 */
1017int nc_server_config_new_del_ch_client(const char *client_name, struct lyd_node **config);
1018
1019/**
Roytak2161df62023-08-02 15:04:42 +02001020 * @brief Deletes a Call Home endpoint from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001021 *
Roytak2161df62023-08-02 15:04:42 +02001022 * @param[in] client_name Identifier of an existing Call Home client.
roman8ba6efa2023-07-12 15:27:52 +02001023 * @param[in] endpt_name Optional identifier of a CH endpoint to be deleted.
1024 * If NULL, all of the CH endpoints which belong to the given client will be deleted.
roman9d5e5a52023-07-14 12:43:44 +02001025 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001026 * @return 0 on success, non-zero otherwise.
1027 */
1028int nc_server_config_new_ch_del_endpt(const char *client_name, const char *endpt_name, struct lyd_node **config);
1029
1030/**
Roytak2161df62023-08-02 15:04:42 +02001031 * @brief Creates new YANG configuration data nodes for the Call Home persistent connection type.
roman8ba6efa2023-07-12 15:27:52 +02001032 *
1033 * This is the default connection type. If periodic connection type was set before, it will be unset.
1034 *
1035 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001036 * @param[in] client_name Arbitrary identifier of the Call Home client.
1037 * If a Call Home client with this identifier already exists, its contents will be changed.
Roytak9b32c0f2023-08-02 15:07:29 +02001038 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman8ba6efa2023-07-12 15:27:52 +02001039 * Otherwise the new YANG data will be added to the previous data and may override it.
1040 * @return 0 on success, non-zero otherwise.
1041 */
1042int nc_server_config_new_ch_persistent(const struct ly_ctx *ctx, const char *client_name, struct lyd_node **config);
1043
1044/**
Roytak2161df62023-08-02 15:04:42 +02001045 * @brief Creates new YANG configuration data nodes for the period parameter of the Call Home periodic connection type.
roman8ba6efa2023-07-12 15:27:52 +02001046 *
1047 * If called, the persistent connection type will be replaced by periodic.
1048 *
1049 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001050 * @param[in] client_name Arbitrary identifier of the Call Home client.
1051 * If a Call Home client with this identifier already exists, its contents will be changed.
roman8ba6efa2023-07-12 15:27:52 +02001052 * @param[in] period Duration between periodic connections in minutes.
Roytak9b32c0f2023-08-02 15:07:29 +02001053 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman8ba6efa2023-07-12 15:27:52 +02001054 * Otherwise the new YANG data will be added to the previous data and may override it.
1055 * @return 0 on success, non-zero otherwise.
1056 */
1057int nc_server_config_new_ch_period(const struct ly_ctx *ctx, const char *client_name, uint16_t period,
1058 struct lyd_node **config);
1059
1060/**
Roytak2161df62023-08-02 15:04:42 +02001061 * @brief Deletes the Call Home period parameter of the periodic connection type from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001062 *
1063 * This behaves the same as setting the period to 60 minutes, which is the default value of this node.
1064 *
Roytak2161df62023-08-02 15:04:42 +02001065 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001066 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001067 * @return 0 on success, non-zero otherwise.
1068 */
1069int nc_server_config_new_ch_del_period(const char *client_name, struct lyd_node **config);
1070
1071/**
Roytak2161df62023-08-02 15:04:42 +02001072 * @brief Creates new YANG configuration data nodes for the anchor time parameter of the Call Home periodic connection type.
roman8ba6efa2023-07-12 15:27:52 +02001073 *
1074 * If called, the persistent connection type will be replaced by periodic.
1075 *
1076 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001077 * @param[in] client_name Arbitrary identifier of the Call Home client.
1078 * If a Call Home client with this identifier already exists, its contents will be changed.
roman8ba6efa2023-07-12 15:27:52 +02001079 * @param[in] anchor_time Timestamp before or after which a series of periodic connections are determined.
Roytak9b32c0f2023-08-02 15:07:29 +02001080 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman8ba6efa2023-07-12 15:27:52 +02001081 * Otherwise the new YANG data will be added to the previous data and may override it.
1082 * @return 0 on success, non-zero otherwise.
1083 */
1084int nc_server_config_new_ch_anchor_time(const struct ly_ctx *ctx, const char *client_name,
1085 const char *anchor_time, struct lyd_node **config);
1086
1087/**
Roytak2161df62023-08-02 15:04:42 +02001088 * @brief Deletes the Call Home anchor time parameter of the periodic connection type from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001089 *
Roytak2161df62023-08-02 15:04:42 +02001090 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001091 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001092 * @return 0 on success, non-zero otherwise.
1093 */
1094int nc_server_config_new_ch_del_anchor_time(const char *client_name, struct lyd_node **config);
1095
1096/**
Roytak2161df62023-08-02 15:04:42 +02001097 * @brief Creates new YANG configuration data nodes for the idle timeout parameter of the Call Home periodic connection type.
roman8ba6efa2023-07-12 15:27:52 +02001098 *
1099 * If called, the persistent connection type will be replaced by periodic.
1100 *
1101 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001102 * @param[in] client_name Arbitrary identifier of the Call Home client.
1103 * If a Call Home client with this identifier already exists, its contents will be changed.
roman8ba6efa2023-07-12 15:27:52 +02001104 * @param[in] idle_timeout Specifies the maximum number of seconds that a session may remain idle.
Roytak9b32c0f2023-08-02 15:07:29 +02001105 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman8ba6efa2023-07-12 15:27:52 +02001106 * Otherwise the new YANG data will be added to the previous data and may override it.
1107 * @return 0 on success, non-zero otherwise.
1108 */
1109int nc_server_config_new_ch_idle_timeout(const struct ly_ctx *ctx, const char *client_name,
1110 uint16_t idle_timeout, struct lyd_node **config);
1111
1112/**
Roytak2161df62023-08-02 15:04:42 +02001113 * @brief Deletes the Call Home idle timeout parameter of the periodic connection type from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001114 *
1115 * This behaves the same as setting the timeout to 180 seconds, which is the default value of this node.
1116 *
Roytak2161df62023-08-02 15:04:42 +02001117 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001118 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001119 * @return 0 on success, non-zero otherwise.
1120 */
1121int nc_server_config_new_ch_del_idle_timeout(const char *client_name, struct lyd_node **config);
1122
1123/**
Roytak2161df62023-08-02 15:04:42 +02001124 * @brief Creates new YANG configuration data nodes for the Call Home reconnect strategy.
roman8ba6efa2023-07-12 15:27:52 +02001125 *
1126 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001127 * @param[in] client_name Arbitrary identifier of the Call Home client.
1128 * If a Call Home client with this identifier already exists, its contents will be changed.
roman8ba6efa2023-07-12 15:27:52 +02001129 * @param[in] start_with Specifies which endpoint to try if a connection is unsuccessful. Default value is NC_CH_FIRST_LISTED.
1130 * @param[in] max_wait The number of seconds after which a connection to an endpoint is deemed unsuccessful. Default value if 5.
1131 * @param[in] max_attempts The number of unsuccessful connection attempts before moving to the next endpoint. Default value is 3.
Roytak9b32c0f2023-08-02 15:07:29 +02001132 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman8ba6efa2023-07-12 15:27:52 +02001133 * Otherwise the new YANG data will be added to the previous data and may override it.
1134 * @return 0 on success, non-zero otherwise.
1135 */
1136int nc_server_config_new_ch_reconnect_strategy(const struct ly_ctx *ctx, const char *client_name,
1137 NC_CH_START_WITH start_with, uint16_t max_wait, uint8_t max_attempts, struct lyd_node **config);
1138
1139/**
Roytak2161df62023-08-02 15:04:42 +02001140 * @brief Resets the values of the Call Home reconnect strategy nodes to their defaults.
roman8ba6efa2023-07-12 15:27:52 +02001141 *
1142 * The default values are: start-with = NC_CH_FIRST_LISTED, max-wait = 5 and max-attempts = 3.
1143 *
Roytak2161df62023-08-02 15:04:42 +02001144 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001145 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001146 * @return 0 on success, non-zero otherwise.
1147 */
1148int nc_server_config_new_ch_del_reconnect_strategy(const char *client_name, struct lyd_node **config);
1149
1150/**
1151 * @}
1152 */
1153
1154#ifdef NC_ENABLED_SSH_TLS
1155
1156/**
Roytak2161df62023-08-02 15:04:42 +02001157 * @defgroup server_config_ch_ssh SSH Call Home Server Configuration
roman8ba6efa2023-07-12 15:27:52 +02001158 * @ingroup server_config_ch
1159 *
Roytak2161df62023-08-02 15:04:42 +02001160 * @brief SSH Call Home server configuration creation and deletion
roman8ba6efa2023-07-12 15:27:52 +02001161 * @{
1162 */
1163
roman142718b2023-06-29 09:15:29 +02001164/**
Roytak2161df62023-08-02 15:04:42 +02001165 * @brief Creates new YANG data nodes for a Call Home SSH hostkey.
roman142718b2023-06-29 09:15:29 +02001166 *
1167 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001168 * @param[in] client_name Arbitrary identifier of the Call Home client.
1169 * If a Call Home client with this identifier already exists, its contents will be changed.
roman142718b2023-06-29 09:15:29 +02001170 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1171 * If the client's endpoint with this identifier already exists, its contents will be changed.
1172 * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey.
1173 * If the endpoint's hostkey with this identifier already exists, its contents will be changed.
1174 * @param[in] privkey_path Path to a file containing a private key.
1175 * The private key has to be in a PEM format. Only RSA and ECDSA keys are supported.
1176 * @param[in] pubkey_path Path to a file containing a public key. If NULL, public key will be
1177 * generated from the private key.
1178 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1179 * Otherwise the new YANG data will be added to the previous data and may override it.
1180 * @return 0 on success, non-zero otherwise.
1181 */
roman8ba6efa2023-07-12 15:27:52 +02001182int nc_server_config_new_ch_ssh_hostkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
roman5cbb6532023-06-22 12:53:17 +02001183 const char *hostkey_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config);
1184
roman142718b2023-06-29 09:15:29 +02001185/**
Roytak2161df62023-08-02 15:04:42 +02001186 * @brief Deletes a Call Home hostkey from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001187 *
Roytak2161df62023-08-02 15:04:42 +02001188 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001189 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
roman8ba6efa2023-07-12 15:27:52 +02001190 * @param[in] hostkey_name Optional identifier of a hostkey to be deleted.
1191 * If NULL, all of the hostkeys on the given endpoint will be deleted.
roman9d5e5a52023-07-14 12:43:44 +02001192 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001193 * @return 0 on success, non-zero otherwise.
1194 */
1195int nc_server_config_new_ch_ssh_del_hostkey(const char *client_name, const char *endpt_name,
1196 const char *hostkey_name, struct lyd_node **config);
1197
1198/**
roman9d5e5a52023-07-14 12:43:44 +02001199 * @brief Creates new YANG data nodes for a reference to an asymmetric key located in the keystore.
1200 *
Roytak2161df62023-08-02 15:04:42 +02001201 * This asymmetric key pair will be used as the Call Home SSH hostkey.
roman9d5e5a52023-07-14 12:43:44 +02001202 *
1203 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001204 * @param[in] client_name Arbitrary identifier of the Call Home client.
1205 * If a Call Home client with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001206 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1207 * If the client's endpoint with this identifier already exists, its contents will be changed.
1208 * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey.
1209 * If the endpoint's hostkey with this identifier already exists, its contents will be changed.
1210 * @param[in] keystore_reference Name of the asymmetric key pair to be referenced and used as a hostkey.
Roytak9b32c0f2023-08-02 15:07:29 +02001211 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001212 * Otherwise the new YANG data will be added to the previous data and may override it.
1213 * @return 0 on success, non-zero otherwise.
1214 */
1215int nc_server_config_new_ch_ssh_keystore_reference(const struct ly_ctx *ctx, const char *client_name,
1216 const char *endpt_name, const char *hostkey_name, const char *keystore_reference, struct lyd_node **config);
1217
1218/**
Roytak2161df62023-08-02 15:04:42 +02001219 * @brief Deletes a Call Home keystore reference from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001220 *
Roytak2161df62023-08-02 15:04:42 +02001221 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001222 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1223 * @param[in] hostkey_name Identifier of an existing hostkey that belongs to the given CH endpoint.
Roytak9b32c0f2023-08-02 15:07:29 +02001224 * @param[in,out] config Modified configuration YANG data tree.
roman9d5e5a52023-07-14 12:43:44 +02001225 * @return 0 on success, non-zero otherwise.
1226 */
1227int nc_server_config_new_ch_ssh_del_keystore_reference(const char *client_name, const char *endpt_name,
1228 const char *hostkey_name, struct lyd_node **config);
1229
1230/**
Roytak2161df62023-08-02 15:04:42 +02001231 * @brief Creates new YANG configuration data nodes for the maximum amount of failed Call Home SSH authentication attempts.
roman68404fd2023-07-24 10:40:59 +02001232 *
1233 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001234 * @param[in] client_name Arbitrary identifier of the Call Home client.
1235 * If a Call Home client with this identifier already exists, its contents will be changed.
roman68404fd2023-07-24 10:40:59 +02001236 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1237 * If the client's endpoint with this identifier already exists, its contents will be changed.
1238 * @param[in] auth_attempts Maximum amount of failed SSH authentication attempts after which a
1239 * client is disconnected. The default value is 3.
1240 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1241 * Otherwise the new YANG data will be added to the previous data and may override it.
1242 * @return 0 on success, non-zero otherwise.
1243 */
1244int nc_server_config_new_ch_ssh_auth_attempts(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1245 uint16_t auth_attempts, struct lyd_node **config);
1246
1247/**
Roytak2161df62023-08-02 15:04:42 +02001248 * @brief Creates new YANG configuration data nodes for a Call Home SSH authentication timeout.
roman68404fd2023-07-24 10:40:59 +02001249 *
1250 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001251 * @param[in] client_name Arbitrary identifier of the Call Home client.
1252 * If a Call Home client with this identifier already exists, its contents will be changed.
roman68404fd2023-07-24 10:40:59 +02001253 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1254 * If the client's endpoint with this identifier already exists, its contents will be changed.
1255 * @param[in] auth_timeout Maximum amount of time in seconds after which the authentication is deemed
1256 * unsuccessful. The default value is 10.
1257 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1258 * Otherwise the new YANG data will be added to the previous data and may override it.
1259 * @return 0 on success, non-zero otherwise.
1260 */
1261int nc_server_config_new_ch_ssh_auth_timeout(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1262 uint16_t auth_timeout, struct lyd_node **config);
1263
1264/**
Roytak2161df62023-08-02 15:04:42 +02001265 * @brief Creates new YANG data nodes for a Call Home SSH user's public key authentication method.
roman142718b2023-06-29 09:15:29 +02001266 *
1267 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001268 * @param[in] client_name Arbitrary identifier of the Call Home client.
1269 * If a Call Home client with this identifier already exists, its contents will be changed.
roman142718b2023-06-29 09:15:29 +02001270 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1271 * If the client's endpoint with this identifier already exists, its contents will be changed.
1272 * @param[in] user_name Arbitrary identifier of the endpoint's user.
1273 * If the endpoint's user with this identifier already exists, its contents will be changed.
1274 * @param[in] pubkey_name Arbitrary identifier of the user's public key.
1275 * If the user's public key with this identifier already exists, its contents will be changed.
1276 * @param[in] pubkey_path Path to a file containing a public key.
1277 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1278 * Otherwise the new YANG data will be added to the previous data and may override it.
1279 * @return 0 on success, non-zero otherwise.
1280 */
roman8ba6efa2023-07-12 15:27:52 +02001281int nc_server_config_new_ch_ssh_user_pubkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
roman5cbb6532023-06-22 12:53:17 +02001282 const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config);
1283
roman142718b2023-06-29 09:15:29 +02001284/**
Roytak2161df62023-08-02 15:04:42 +02001285 * @brief Deletes a Call Home SSH user's public key from the YANG data.
roman142718b2023-06-29 09:15:29 +02001286 *
Roytak2161df62023-08-02 15:04:42 +02001287 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001288 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1289 * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint.
roman8ba6efa2023-07-12 15:27:52 +02001290 * @param[in] pubkey_name Optional identifier of a public key to be deleted.
1291 * If NULL, all of the public keys which belong to the given SSH user will be deleted.
roman9d5e5a52023-07-14 12:43:44 +02001292 * @param[in,out] config Modified configuration YANG data tree.
roman142718b2023-06-29 09:15:29 +02001293 * @return 0 on success, non-zero otherwise.
1294 */
roman8ba6efa2023-07-12 15:27:52 +02001295int nc_server_config_new_ch_ssh_del_user_pubkey(const char *client_name, const char *endpt_name,
1296 const char *user_name, const char *pubkey_name, struct lyd_node **config);
roman5cbb6532023-06-22 12:53:17 +02001297
roman142718b2023-06-29 09:15:29 +02001298/**
Roytak2161df62023-08-02 15:04:42 +02001299 * @brief Creates new YANG data nodes for a Call Home SSH user's password authentication method.
roman9d5e5a52023-07-14 12:43:44 +02001300 *
1301 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001302 * @param[in] client_name Arbitrary identifier of the Call Home client.
1303 * If a Call Home client with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001304 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1305 * If the client's endpoint with this identifier already exists, its contents will be changed.
1306 * @param[in] user_name Arbitrary identifier of the endpoint's user.
1307 * If the endpoint's user with this identifier already exists, its contents will be changed.
1308 * @param[in] password Cleartext password to be set for the user.
1309 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1310 * Otherwise the new YANG data will be added to the previous data and may override it.
1311 * @return 0 on success, non-zero otherwise.
1312 */
1313int nc_server_config_new_ch_ssh_user_password(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1314 const char *user_name, const char *password, struct lyd_node **config);
1315
1316/**
Roytak2161df62023-08-02 15:04:42 +02001317 * @brief Deletes a Call Home SSH user's password from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001318 *
Roytak2161df62023-08-02 15:04:42 +02001319 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001320 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1321 * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint.
1322 * @param[in,out] config Modified configuration YANG data tree.
1323 * @return 0 on success, non-zero otherwise.
1324 */
1325int nc_server_config_new_ch_ssh_del_user_password(const char *client_name, const char *endpt_name,
1326 const char *user_name, struct lyd_node **config);
1327
1328/**
Roytak2161df62023-08-02 15:04:42 +02001329 * @brief Creates new YANG configuration data nodes for a Call Home SSH user's none authentication method.
roman9d5e5a52023-07-14 12:43:44 +02001330 *
1331 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001332 * @param[in] client_name Arbitrary identifier of the Call Home client.
1333 * If a Call Home client with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001334 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1335 * If the client's endpoint with this identifier already exists, its contents will be changed.
1336 * @param[in] user_name Arbitrary identifier of the endpoint's user.
1337 * If the endpoint's user with this identifier already exists, its contents will be changed.
Roytak9b32c0f2023-08-02 15:07:29 +02001338 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001339 * Otherwise the new YANG data will be added to the previous data and may override it.
1340 * @return 0 on success, non-zero otherwise.
1341 */
1342int nc_server_config_new_ch_ssh_user_none(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1343 const char *user_name, struct lyd_node **config);
1344
1345/**
Roytak2161df62023-08-02 15:04:42 +02001346 * @brief Deletes a Call Home SSH user's none authentication method from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001347 *
Roytak2161df62023-08-02 15:04:42 +02001348 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001349 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1350 * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint.
1351 * @param[in,out] config Modified configuration YANG data tree.
1352 * @return 0 on success, non-zero otherwise.
1353 */
1354int nc_server_config_new_ch_ssh_del_user_none(const char *client_name, const char *endpt_name,
1355 const char *user_name, struct lyd_node **config);
1356
1357/**
Roytak2161df62023-08-02 15:04:42 +02001358 * @brief Creates new YANG configuration data nodes for a Call Home SSH user's keyboard interactive authentication method.
roman9d5e5a52023-07-14 12:43:44 +02001359 *
1360 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001361 * @param[in] client_name Arbitrary identifier of the Call Home client.
1362 * If a Call Home client with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001363 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1364 * If the client's endpoint with this identifier already exists, its contents will be changed.
1365 * @param[in] user_name Arbitrary identifier of the endpoint's user.
1366 * If the endpoint's user with this identifier already exists, its contents will be changed.
1367 * @param[in] pam_config_name Name of the PAM configuration file.
1368 * @param[in] pam_config_name Optional. The absolute path to the directory in which the configuration file
1369 * with the name conf_name is located. A newer version (>= 1.4) of PAM library is required to be able to specify
1370 * the path. If NULL is passed, then the PAM's system directories will be searched (usually /etc/pam.d/).
1371 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1372 * Otherwise the new YANG data will be added to the previous data and may override it.
1373 * @return 0 on success, non-zero otherwise.
1374 */
1375int nc_server_config_new_ch_ssh_user_interactive(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1376 const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config);
1377
1378/**
Roytak2161df62023-08-02 15:04:42 +02001379 * @brief Deletes a Call Home SSH user's keyboard interactive authentication from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001380 *
Roytak2161df62023-08-02 15:04:42 +02001381 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001382 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1383 * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint.
1384 * @param[in,out] config Modified configuration YANG data tree.
1385 * @return 0 on success, non-zero otherwise.
1386 */
1387int nc_server_config_new_ch_ssh_del_user_interactive(const char *client_name, const char *endpt_name,
1388 const char *user_name, struct lyd_node **config);
1389
1390/**
Roytak2161df62023-08-02 15:04:42 +02001391 * @brief Deletes a Call Home SSH user from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001392 *
Roytak2161df62023-08-02 15:04:42 +02001393 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001394 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1395 * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint.
1396 * @param[in,out] config Modified configuration YANG data tree.
1397 * @return 0 on success, non-zero otherwise.
1398 */
1399int nc_server_config_new_ch_ssh_del_user(const char *client_name, const char *endpt_name,
1400 const char *user_name, struct lyd_node **config);
1401
1402/**
1403 * @brief Creates new YANG data nodes for a reference to a public key bag located in the truststore.
1404 *
Roytak2161df62023-08-02 15:04:42 +02001405 * The public key's located in the bag will be used for Call Home SSH client authentication.
roman9d5e5a52023-07-14 12:43:44 +02001406 *
1407 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001408 * @param[in] client_name Arbitrary identifier of the Call Home client.
1409 * If a Call Home client with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001410 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1411 * If the client's endpoint with this identifier already exists, its contents will be changed.
1412 * @param[in] user_name Arbitrary identifier of the endpoint's user.
1413 * If the endpoint's user with this identifier already exists, its contents will be changed.
1414 * @param[in] truststore_reference Name of the public key bag to be referenced and used for authentication.
Roytak9b32c0f2023-08-02 15:07:29 +02001415 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001416 * Otherwise the new YANG data will be added to the previous data and may override it.
1417 * @return 0 on success, non-zero otherwise.
1418 */
1419int nc_server_config_new_ch_ssh_truststore_reference(const struct ly_ctx *ctx, const char *client_name,
1420 const char *endpt_name, const char *user_name, const char *truststore_reference, struct lyd_node **config);
1421
1422/**
Roytak2161df62023-08-02 15:04:42 +02001423 * @brief Deletes a Call Home SSH truststore reference from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001424 *
Roytak2161df62023-08-02 15:04:42 +02001425 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001426 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1427 * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint.
1428 * @param[in,out] config Modified configuration YANG data tree.
1429 * @return 0 on success, non-zero otherwise.
1430 */
1431int nc_server_config_new_ch_ssh_del_truststore_reference(const char *client_name, const char *endpt_name,
1432 const char *user_name, struct lyd_node **config);
1433
1434/**
Roytak2161df62023-08-02 15:04:42 +02001435 * @brief Creates new YANG configuration data nodes for Call Home host-key algorithms replacing any previous ones.
roman9d5e5a52023-07-14 12:43:44 +02001436 *
1437 * Supported algorithms are: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
1438 * rsa-sha2-512, rsa-sha2-256, ssh-rsa and ssh-dss.
1439 *
1440 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001441 * @param[in] client_name Arbitrary identifier of the Call Home client.
1442 * If a Call Home client with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001443 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1444 * If the client's endpoint with this identifier already exists, its contents will be changed.
Roytak9b32c0f2023-08-02 15:07:29 +02001445 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001446 * Otherwise the new YANG data will be added to the previous data and may override it.
1447 * @param[in] alg_count Number of following algorithms.
1448 * @param[in] ... String literals of host-key algorithms in a decreasing order of preference.
1449 * @return 0 on success, non-zero otherwise.
1450 */
1451int nc_server_config_new_ch_ssh_host_key_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1452 struct lyd_node **config, int alg_count, ...);
1453
1454/**
Roytak2161df62023-08-02 15:04:42 +02001455 * @brief Deletes a Call Home hostkey algorithm from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001456 *
Roytak2161df62023-08-02 15:04:42 +02001457 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001458 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1459 * @param[in] alg Optional algorithm to be deleted.
1460 * If NULL, all of the hostkey algorithms on this endpoint will be deleted.
Roytak9b32c0f2023-08-02 15:07:29 +02001461 * @param[in,out] config Modified configuration YANG data tree.
roman9d5e5a52023-07-14 12:43:44 +02001462 * @return 0 on success, non-zero otherwise.
1463 */
1464int nc_server_config_new_ch_ssh_del_host_key_alg(const char *client_name, const char *endpt_name,
1465 const char *alg, struct lyd_node **config);
1466
1467/**
Roytak2161df62023-08-02 15:04:42 +02001468 * @brief Creates new YANG configuration data nodes for Call Home key exchange algorithms replacing any previous ones.
roman9d5e5a52023-07-14 12:43:44 +02001469 *
1470 * Supported algorithms are: diffie-hellman-group-exchange-sha1, curve25519-sha256, ecdh-sha2-nistp256,
1471 * ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512,
1472 * diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256.
1473 *
1474 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001475 * @param[in] client_name Arbitrary identifier of the Call Home client.
1476 * If a Call Home client with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001477 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1478 * If the client's endpoint with this identifier already exists, its contents will be changed.
Roytak9b32c0f2023-08-02 15:07:29 +02001479 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001480 * Otherwise the new YANG data will be added to the previous data and may override it.
1481 * @param[in] alg_count Number of following algorithms.
1482 * @param[in] ... String literals of key exchange algorithms in a decreasing order of preference.
1483 * @return 0 on success, non-zero otherwise.
1484 */
1485int nc_server_config_new_ch_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1486 struct lyd_node **config, int alg_count, ...);
1487
1488/**
Roytak2161df62023-08-02 15:04:42 +02001489 * @brief Deletes a Call Home key exchange algorithm from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001490 *
Roytak2161df62023-08-02 15:04:42 +02001491 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001492 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1493 * @param[in] alg Optional algorithm to be deleted.
1494 * If NULL, all of the key exchange algorithms on this endpoint will be deleted.
Roytak9b32c0f2023-08-02 15:07:29 +02001495 * @param[in,out] config Modified configuration YANG data tree.
roman9d5e5a52023-07-14 12:43:44 +02001496 * @return 0 on success, non-zero otherwise.
1497 */
1498int nc_server_config_new_ch_ssh_del_key_exchange_alg(const char *client_name, const char *endpt_name,
1499 const char *alg, struct lyd_node **config);
1500
1501/**
Roytak2161df62023-08-02 15:04:42 +02001502 * @brief Creates new YANG configuration data nodes for Call Home encryption algorithms replacing any previous ones.
roman9d5e5a52023-07-14 12:43:44 +02001503 *
1504 * Supported algorithms are: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-cbc
1505 * triple-des-cbc and none.
1506 *
1507 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001508 * @param[in] client_name Arbitrary identifier of the Call Home client.
1509 * If a Call Home client with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001510 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1511 * If the client's endpoint with this identifier already exists, its contents will be changed.
Roytak9b32c0f2023-08-02 15:07:29 +02001512 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001513 * Otherwise the new YANG data will be added to the previous data and may override it.
1514 * @param[in] alg_count Number of following algorithms.
1515 * @param[in] ... String literals of encryption algorithms in a decreasing order of preference.
1516 * @return 0 on success, non-zero otherwise.
1517 */
1518int nc_server_config_new_ch_ssh_encryption_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1519 struct lyd_node **config, int alg_count, ...);
1520
1521/**
Roytak2161df62023-08-02 15:04:42 +02001522 * @brief Deletes a Call Home encryption algorithm from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001523 *
Roytak2161df62023-08-02 15:04:42 +02001524 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001525 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1526 * @param[in] alg Optional algorithm to be deleted.
1527 * If NULL, all of the encryption algorithms on this endpoint will be deleted.
Roytak9b32c0f2023-08-02 15:07:29 +02001528 * @param[in,out] config Modified configuration YANG data tree.
roman9d5e5a52023-07-14 12:43:44 +02001529 * @return 0 on success, non-zero otherwise.
1530 */
1531int nc_server_config_new_ch_ssh_del_encryption_alg(const char *client_name, const char *endpt_name,
1532 const char *alg, struct lyd_node **config);
1533
1534/**
Roytak2161df62023-08-02 15:04:42 +02001535 * @brief Creates new YANG configuration data nodes for Call Home mac algorithms replacing any previous ones.
roman9d5e5a52023-07-14 12:43:44 +02001536 *
1537 * Supported algorithms are: hmac-sha2-256, hmac-sha2-512 and hmac-sha1.
1538 *
1539 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001540 * @param[in] client_name Arbitrary identifier of the Call Home client.
1541 * If a Call Home client with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001542 * @param[in] endpt_name Arbitrary identifier of the client's endpoint.
1543 * If the client's endpoint with this identifier already exists, its contents will be changed.
Roytak9b32c0f2023-08-02 15:07:29 +02001544 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001545 * Otherwise the new YANG data will be added to the previous data and may override it.
1546 * @param[in] alg_count Number of following algorithms.
1547 * @param[in] ... String literals of mac algorithms in a decreasing order of preference.
1548 * @return 0 on success, non-zero otherwise.
1549 */
1550int nc_server_config_new_ch_ssh_mac_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1551 struct lyd_node **config, int alg_count, ...);
1552
1553/**
Roytak2161df62023-08-02 15:04:42 +02001554 * @brief Deletes a Call Home mac algorithm from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001555 *
Roytak2161df62023-08-02 15:04:42 +02001556 * @param[in] client_name Identifier of an existing Call Home client.
roman9d5e5a52023-07-14 12:43:44 +02001557 * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client.
1558 * @param[in] alg Optional algorithm to be deleted.
1559 * If NULL, all of the mac algorithms on this endpoint will be deleted.
Roytak9b32c0f2023-08-02 15:07:29 +02001560 * @param[in,out] config Modified configuration YANG data tree.
roman9d5e5a52023-07-14 12:43:44 +02001561 * @return 0 on success, non-zero otherwise.
1562 */
1563int nc_server_config_new_ch_ssh_del_mac_alg(const char *client_name, const char *endpt_name,
1564 const char *alg, struct lyd_node **config);
1565
1566/**
roman8ba6efa2023-07-12 15:27:52 +02001567 * @}
roman142718b2023-06-29 09:15:29 +02001568 */
roman142718b2023-06-29 09:15:29 +02001569
1570/**
Roytak2161df62023-08-02 15:04:42 +02001571 * @defgroup server_config_ch_tls TLS Call Home Server Configuration
roman8ba6efa2023-07-12 15:27:52 +02001572 * @ingroup server_config_ch
roman142718b2023-06-29 09:15:29 +02001573 *
Roytak2161df62023-08-02 15:04:42 +02001574 * @brief TLS Call Home server configuration creation and deletion
roman8ba6efa2023-07-12 15:27:52 +02001575 * @{
roman142718b2023-06-29 09:15:29 +02001576 */
roman142718b2023-06-29 09:15:29 +02001577
romanb6f44032023-06-30 15:07:56 +02001578/**
Roytak2161df62023-08-02 15:04:42 +02001579 * @brief Creates new YANG configuration data nodes for a Call Home server's certificate.
romanb6f44032023-06-30 15:07:56 +02001580 *
1581 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001582 * @param[in] client_name Arbitrary identifier of the Call Home client.
1583 * If a Call Home client with this identifier already exists, its contents will be changed.
1584 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1585 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
romanb6f44032023-06-30 15:07:56 +02001586 * @param[in] pubkey_path Optional path to the server's public key file. If not provided,
1587 * it will be generated from the private key.
1588 * @param[in] privkey_path Path to the server's private key file.
1589 * @param[in] certificate_path Path to the server's certificate file.
Roytak934edc32023-07-27 12:04:18 +02001590 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
romanb6f44032023-06-30 15:07:56 +02001591 * Otherwise the new YANG data will be added to the previous data and may override it.
1592 * @return 0 on success, non-zero otherwise.
1593 */
roman8ba6efa2023-07-12 15:27:52 +02001594int nc_server_config_new_ch_tls_server_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
romanb6f44032023-06-30 15:07:56 +02001595 const char *pubkey_path, const char *privkey_path, const char *certificate_path, struct lyd_node **config);
1596
1597/**
Roytak2161df62023-08-02 15:04:42 +02001598 * @brief Deletes a Call Home server certificate from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001599 *
Roytak2161df62023-08-02 15:04:42 +02001600 * @param[in] client_name Identifier of an existing Call Home client.
1601 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
roman9d5e5a52023-07-14 12:43:44 +02001602 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001603 * @return 0 on success, non-zero otherwise.
1604 */
1605int nc_server_config_new_ch_tls_del_server_certificate(const char *client_name, const char *endpt_name,
1606 struct lyd_node **config);
1607
1608/**
Roytak934edc32023-07-27 12:04:18 +02001609 * @brief Creates new YANG configuration data nodes for a keystore reference to the Call Home TLS server's certificate.
1610 *
1611 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001612 * @param[in] client_name Arbitrary identifier of the Call Home client.
1613 * If a Call Home client with this identifier already exists, its contents will be changed.
1614 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1615 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
Roytak934edc32023-07-27 12:04:18 +02001616 * @param[in] asym_key_ref Name of the asymmetric key pair in the keystore to be referenced.
1617 * @param[in] cert_ref Name of the certificate, which must belong to the given asymmetric key pair, to be referenced.
1618 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1619 * Otherwise the new YANG data will be added to the previous data and may override it.
1620 * @return 0 on success, non-zero otherwise.
1621 */
1622int nc_server_config_new_ch_tls_keystore_reference(const struct ly_ctx *ctx, const char *client_name,
1623 const char *endpt_name, const char *asym_key_ref, const char *cert_ref, struct lyd_node **config);
1624
1625/**
1626 * @brief Deletes a TLS server certificate keystore reference from the YANG data.
1627 *
Roytak2161df62023-08-02 15:04:42 +02001628 * @param[in] client_name Identifier of an existing Call Home client.
1629 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
Roytak934edc32023-07-27 12:04:18 +02001630 * @param[in,out] config Modified configuration YANG data tree.
1631 * @return 0 on success, non-zero otherwise.
1632 */
1633int nc_server_config_new_ch_tls_del_keystore_reference(const char *client_name, const char *endpt_name,
1634 struct lyd_node **config);
1635
1636/**
Roytak2161df62023-08-02 15:04:42 +02001637 * @brief Creates new YANG configuration data nodes for a Call Home client's (end-entity) certificate.
romanb6f44032023-06-30 15:07:56 +02001638 *
1639 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001640 * @param[in] client_name Arbitrary identifier of the Call Home client.
1641 * If a Call Home client with this identifier already exists, its contents will be changed.
1642 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1643 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
1644 * @param[in] cert_name Arbitrary identifier of the Call Home endpoint's end-entity certificate.
1645 * If an Call Home endpoint's end-entity certificate with this identifier already exists, its contents will be changed.
romanb6f44032023-06-30 15:07:56 +02001646 * @param[in] cert_path Path to the certificate file.
Roytak934edc32023-07-27 12:04:18 +02001647 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
romanb6f44032023-06-30 15:07:56 +02001648 * Otherwise the new YANG data will be added to the previous data and may override it.
1649 * @return 0 on success, non-zero otherwise.
1650 */
roman8ba6efa2023-07-12 15:27:52 +02001651int nc_server_config_new_ch_tls_client_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
romanb6f44032023-06-30 15:07:56 +02001652 const char *cert_name, const char *cert_path, struct lyd_node **config);
1653
1654/**
Roytak2161df62023-08-02 15:04:42 +02001655 * @brief Deletes a Call Home client (end-entity) certificate from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001656 *
Roytak2161df62023-08-02 15:04:42 +02001657 * @param[in] client_name Identifier of an existing Call Home client.
1658 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
roman8ba6efa2023-07-12 15:27:52 +02001659 * @param[in] cert_name Optional identifier of a client certificate to be deleted.
1660 * If NULL, all of the client certificates will be deleted.
roman9d5e5a52023-07-14 12:43:44 +02001661 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001662 * @return 0 on success, non-zero otherwise.
1663 */
1664int nc_server_config_new_ch_tls_del_client_certificate(const char *client_name, const char *endpt_name,
1665 const char *cert_name, struct lyd_node **config);
1666
1667/**
Roytak934edc32023-07-27 12:04:18 +02001668 * @brief Creates new YANG configuration data nodes for a Call Home truststore reference to a set of client (end-entity) certificates.
1669 *
1670 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001671 * @param[in] client_name Arbitrary identifier of the Call Home client.
1672 * If a Call Home client with this identifier already exists, its contents will be changed.
1673 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1674 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
Roytak934edc32023-07-27 12:04:18 +02001675 * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
1676 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1677 * Otherwise the new YANG data will be added to the previous data and may override it.
1678 * @return 0 on success, non-zero otherwise.
1679 */
1680int nc_server_config_new_ch_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
1681 const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config);
1682
1683/**
1684 * @brief Deletes a Call Home client (end-entity) certificates truststore reference from the YANG data.
1685 *
Roytak2161df62023-08-02 15:04:42 +02001686 * @param[in] client_name Identifier of an existing Call Home client.
1687 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
Roytak934edc32023-07-27 12:04:18 +02001688 * @param[in,out] config Modified configuration YANG data tree.
1689 * @return 0 on success, non-zero otherwise.
1690 */
1691int nc_server_config_new_ch_tls_del_client_cert_truststore_ref(const char *client_name, const char *endpt_name,
1692 struct lyd_node **config);
1693
1694/**
romanb6f44032023-06-30 15:07:56 +02001695 * @brief Creates new YANG configuration data nodes for a client certificate authority (trust-anchor) certificate.
1696 *
1697 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001698 * @param[in] client_name Arbitrary identifier of the Call Home client.
1699 * If a Call Home client with this identifier already exists, its contents will be changed.
1700 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1701 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
1702 * @param[in] cert_name Arbitrary identifier of the Call Home endpoint's certificate authority certificate.
1703 * If an Call Home endpoint's CA certificate with this identifier already exists, its contents will be changed.
romanb6f44032023-06-30 15:07:56 +02001704 * @param[in] cert_path Path to the certificate file.
Roytak9b32c0f2023-08-02 15:07:29 +02001705 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
romanb6f44032023-06-30 15:07:56 +02001706 * Otherwise the new YANG data will be added to the previous data and may override it.
1707 * @return 0 on success, non-zero otherwise.
1708 */
roman8ba6efa2023-07-12 15:27:52 +02001709int nc_server_config_new_ch_tls_client_ca(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
romanb6f44032023-06-30 15:07:56 +02001710 const char *cert_name, const char *cert_path, struct lyd_node **config);
1711
1712/**
Roytak2161df62023-08-02 15:04:42 +02001713 * @brief Deletes a Call Home client certificate authority (trust-anchor) certificate from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001714 *
Roytak2161df62023-08-02 15:04:42 +02001715 * @param[in] client_name Identifier of an existing Call Home client.
1716 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
roman8ba6efa2023-07-12 15:27:52 +02001717 * @param[in] cert_name Optional identifier of a CA certificate to be deleted.
1718 * If NULL, all of the CA certificates will be deleted.
roman9d5e5a52023-07-14 12:43:44 +02001719 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001720 * @return 0 on success, non-zero otherwise.
1721 */
1722int nc_server_config_new_ch_tls_del_client_ca(const char *client_name, const char *endpt_name,
1723 const char *cert_name, struct lyd_node **config);
1724
1725/**
Roytak934edc32023-07-27 12:04:18 +02001726 * @brief Creates new YANG configuration data nodes for a Call Home truststore reference to a set of client certificate authority (trust-anchor) certificates.
1727 *
1728 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001729 * @param[in] client_name Arbitrary identifier of the Call Home client.
1730 * If a Call Home client with this identifier already exists, its contents will be changed.
1731 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1732 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
Roytak934edc32023-07-27 12:04:18 +02001733 * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced.
1734 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
1735 * Otherwise the new YANG data will be added to the previous data and may override it.
1736 * @return 0 on success, non-zero otherwise.
1737 */
1738int nc_server_config_new_ch_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
1739 const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config);
1740
1741/**
1742 * @brief Deletes a Call Home client certificate authority (trust-anchor) certificates truststore reference from the YANG data.
1743 *
Roytak2161df62023-08-02 15:04:42 +02001744 * @param[in] client_name Identifier of an existing Call Home client.
1745 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
Roytak934edc32023-07-27 12:04:18 +02001746 * @param[in,out] config Modified configuration YANG data tree.
1747 * @return 0 on success, non-zero otherwise.
1748 */
1749int nc_server_config_new_ch_tls_del_client_ca_truststore_ref(const char *client_name, const char *endpt_name,
1750 struct lyd_node **config);
1751
1752/**
Roytak2161df62023-08-02 15:04:42 +02001753 * @brief Creates new YANG configuration data nodes for a Call Home cert-to-name entry.
romanb6f44032023-06-30 15:07:56 +02001754 *
1755 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001756 * @param[in] client_name Arbitrary identifier of the Call Home client.
1757 * If a Call Home client with this identifier already exists, its contents will be changed.
1758 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1759 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
romanb6f44032023-06-30 15:07:56 +02001760 * @param[in] id ID of the entry. The lower the ID, the higher the priority of the entry (it will be checked earlier).
1761 * @param[in] fingerprint Optional fingerprint of the entry. The fingerprint should always be set, however if it is
1762 * not set, it will match any certificate. Entry with no fingerprint should therefore be placed only as the last entry.
1763 * @param[in] map_type Mapping username to the certificate option.
1764 * @param[in] name Username for this cert-to-name entry.
Roytak9b32c0f2023-08-02 15:07:29 +02001765 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
romanb6f44032023-06-30 15:07:56 +02001766 * Otherwise the new YANG data will be added to the previous data and may override it.
1767 * @return 0 on success, non-zero otherwise.
1768 */
roman8ba6efa2023-07-12 15:27:52 +02001769int nc_server_config_new_ch_tls_ctn(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
romanb6f44032023-06-30 15:07:56 +02001770 uint32_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config);
1771
roman8ba6efa2023-07-12 15:27:52 +02001772/**
Roytak2161df62023-08-02 15:04:42 +02001773 * @brief Deletes a Call Home cert-to-name entry from the YANG data.
roman8ba6efa2023-07-12 15:27:52 +02001774 *
Roytak2161df62023-08-02 15:04:42 +02001775 * @param[in] client_name Identifier of an existing Call Home client.
1776 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
1777 * @param[in] id Optional identifier of the Call Home CTN entry to be deleted.
roman8ba6efa2023-07-12 15:27:52 +02001778 * If 0, all of the CTN entries will be deleted.
roman9d5e5a52023-07-14 12:43:44 +02001779 * @param[in,out] config Modified configuration YANG data tree.
roman8ba6efa2023-07-12 15:27:52 +02001780 * @return 0 on success, non-zero otherwise.
1781 */
1782int nc_server_config_new_ch_tls_del_ctn(const char *client_name, const char *endpt_name,
1783 uint32_t id, struct lyd_node **config);
1784
1785/**
Roytak2161df62023-08-02 15:04:42 +02001786 * @brief Creates new YANG configuration data nodes for a Call Home TLS version.
roman9d5e5a52023-07-14 12:43:44 +02001787 *
1788 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001789 * @param[in] client_name Arbitrary identifier of the Call Home client.
1790 * If a Call Home client with this identifier already exists, its contents will be changed.
1791 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1792 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001793 * @param[in] tls_version TLS version to be used. Call this multiple times to set the accepted versions
1794 * of the TLS protocol and let the client and server negotiate the given version.
Roytak9b32c0f2023-08-02 15:07:29 +02001795 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001796 * Otherwise the new YANG data will be added to the previous data and may override it.
1797 * @return 0 on success, non-zero otherwise.
1798 */
1799int nc_server_config_new_ch_tls_version(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1800 NC_TLS_VERSION tls_version, struct lyd_node **config);
1801
1802/**
1803 * @brief Deletes a TLS version from the YANG data.
1804 *
Roytak2161df62023-08-02 15:04:42 +02001805 * @param[in] client_name Identifier of an existing Call Home client.
1806 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
roman9d5e5a52023-07-14 12:43:44 +02001807 * @param[in] tls_version TLS version to be deleted.
Roytak9b32c0f2023-08-02 15:07:29 +02001808 * @param[in,out] config Modified configuration YANG data tree.
roman9d5e5a52023-07-14 12:43:44 +02001809 * @return 0 on success, non-zero otherwise.
1810 */
1811int nc_server_config_new_ch_tls_del_version(const char *client_name, const char *endpt_name,
1812 NC_TLS_VERSION tls_version, struct lyd_node **config);
1813
1814/**
Roytak2161df62023-08-02 15:04:42 +02001815 * @brief Creates new YANG configuration data nodes for a Call Home TLS cipher.
roman9d5e5a52023-07-14 12:43:44 +02001816 *
1817 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001818 * @param[in] client_name Arbitrary identifier of the Call Home client.
1819 * If a Call Home client with this identifier already exists, its contents will be changed.
1820 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1821 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
Roytak9b32c0f2023-08-02 15:07:29 +02001822 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001823 * Otherwise the new YANG data will be added to the previous data and may override it.
1824 * @param[in] cipher_count Number of following ciphers.
1825 * @param[in] ... TLS ciphers. These ciphers MUST be in the format as listed in the
1826 * iana-tls-cipher-suite-algs YANG model (lowercase and separated by dashes). Regardless
1827 * of the TLS protocol version used, all of these ciphers will be tried and some of them
1828 * might not be set (TLS handshake might fail then). For the list of supported ciphers see
1829 * the OpenSSL documentation.
1830 * @return 0 on success, non-zero otherwise.
1831 */
1832int nc_server_config_new_ch_tls_ciphers(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1833 struct lyd_node **config, int cipher_count, ...);
1834
1835/**
Roytak2161df62023-08-02 15:04:42 +02001836 * @brief Deletes a Call Home TLS cipher from the YANG data.
roman9d5e5a52023-07-14 12:43:44 +02001837 *
Roytak2161df62023-08-02 15:04:42 +02001838 * @param[in] client_name Identifier of an existing Call Home client.
1839 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
roman9d5e5a52023-07-14 12:43:44 +02001840 * @param[in] cipher TLS cipher to be deleted.
Roytak9b32c0f2023-08-02 15:07:29 +02001841 * @param[in,out] config Modified configuration YANG data tree.
roman9d5e5a52023-07-14 12:43:44 +02001842 * @return 0 on success, non-zero otherwise.
1843 */
1844int nc_server_config_new_ch_tls_del_cipher(const char *client_name, const char *endpt_name,
1845 const char *cipher, struct lyd_node **config);
1846
1847/**
Roytak2161df62023-08-02 15:04:42 +02001848 * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via a local file.
roman9d5e5a52023-07-14 12:43:44 +02001849 *
1850 * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
1851 * this function will remove any CRL YANG nodes created by the other two functions.
1852 *
1853 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001854 * @param[in] client_name Arbitrary identifier of the Call Home client.
1855 * If a Call Home client with this identifier already exists, its contents will be changed.
1856 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1857 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001858 * @param[in] crl_path Path to a DER/PEM encoded CRL file.
Roytak9b32c0f2023-08-02 15:07:29 +02001859 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001860 * Otherwise the new YANG data will be added to the previous data and may override it.
1861 * @return 0 on success, non-zero otherwise.
1862 */
1863int nc_server_config_new_ch_tls_crl_path(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1864 const char *crl_path, struct lyd_node **config);
1865
1866/**
Roytak2161df62023-08-02 15:04:42 +02001867 * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via an URL.
roman9d5e5a52023-07-14 12:43:44 +02001868 *
1869 * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
1870 * this function will remove any CRL YANG nodes created by the other two functions.
1871 *
1872 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001873 * @param[in] client_name Arbitrary identifier of the Call Home client.
1874 * If a Call Home client with this identifier already exists, its contents will be changed.
1875 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1876 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
roman9d5e5a52023-07-14 12:43:44 +02001877 * @param[in] crl_url URL from which the CRL file will be downloaded. The file has to be in the DER or PEM format.
1878 * The allowed protocols are all the protocols supported by CURL.
Roytak9b32c0f2023-08-02 15:07:29 +02001879 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001880 * Otherwise the new YANG data will be added to the previous data and may override it.
1881 * @return 0 on success, non-zero otherwise.
1882 */
1883int nc_server_config_new_ch_tls_crl_url(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1884 const char *crl_url, struct lyd_node **config);
1885
1886/**
Roytak2161df62023-08-02 15:04:42 +02001887 * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via certificate extensions.
roman9d5e5a52023-07-14 12:43:44 +02001888 *
1889 * The chain of configured Certificate Authorities will be examined. For each certificate in this chain all the
1890 * CRLs from the URLs specified in their extension fields CRL Distribution Points will be downloaded and used.
1891 *
1892 * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling
1893 * this function will remove any CRL YANG nodes created by the other two functions.
1894 *
1895 * @param[in] ctx libyang context.
Roytak2161df62023-08-02 15:04:42 +02001896 * @param[in] client_name Arbitrary identifier of the Call Home client.
1897 * If a Call Home client with this identifier already exists, its contents will be changed.
1898 * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint.
1899 * If a Call Home client's endpoint with this identifier already exists, its contents will be changed.
Roytak9b32c0f2023-08-02 15:07:29 +02001900 * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created.
roman9d5e5a52023-07-14 12:43:44 +02001901 * Otherwise the new YANG data will be added to the previous data and may override it.
1902 * @return 0 on success, non-zero otherwise.
1903 */
1904int nc_server_config_new_ch_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
1905 struct lyd_node **config);
1906
1907/**
1908 * @brief Deletes all the CRL nodes from the YANG data.
1909 *
Roytak2161df62023-08-02 15:04:42 +02001910 * @param[in] client_name Identifier of an existing Call Home client.
1911 * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client.
Roytak9b32c0f2023-08-02 15:07:29 +02001912 * @param[in,out] config Modified configuration YANG data tree.
roman9d5e5a52023-07-14 12:43:44 +02001913 * @return 0 on success, non-zero otherwise.
1914 */
1915int nc_server_config_new_ch_tls_del_crl(const char *client_name, const char *endpt_name, struct lyd_node **config);
1916
1917/**
roman8ba6efa2023-07-12 15:27:52 +02001918 * @}
1919 */
1920
roman2eab4742023-06-06 10:00:26 +02001921#endif /* NC_ENABLED_SSH_TLS */
roman45cec4e2023-02-17 10:21:39 +01001922
romanc1d2b092023-02-02 08:58:27 +01001923#ifdef __cplusplus
1924}
1925#endif
1926
1927#endif /* NC_SESSION_SERVER_H_ */