roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 1 | /** |
roman | e028ef9 | 2023-02-24 16:33:08 +0100 | [diff] [blame] | 2 | * @file server_config.h |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 3 | * @author Roman Janota <janota@cesnet.cz> |
| 4 | * @brief libnetconf2 server configuration |
| 5 | * |
| 6 | * @copyright |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 7 | * Copyright (c) 2023 CESNET, z.s.p.o. |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 8 | * |
| 9 | * This source code is licensed under BSD 3-Clause License (the "License"). |
| 10 | * You may not use this file except in compliance with the License. |
| 11 | * You may obtain a copy of the License at |
| 12 | * |
| 13 | * https://opensource.org/licenses/BSD-3-Clause |
| 14 | */ |
| 15 | |
| 16 | #ifndef NC_CONFIG_SERVER_H_ |
| 17 | #define NC_CONFIG_SERVER_H_ |
| 18 | |
| 19 | #ifdef __cplusplus |
| 20 | extern "C" { |
| 21 | #endif |
| 22 | |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 23 | #include <stdarg.h> |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 24 | #include <stdint.h> |
| 25 | |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 26 | #include <libyang/libyang.h> |
| 27 | |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 28 | #include "session.h" |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 29 | |
| 30 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 31 | * @defgroup server_config Server Configuration |
| 32 | * @ingroup server |
| 33 | * |
| 34 | * @brief Server-side configuration creation and application |
| 35 | * @{ |
| 36 | */ |
| 37 | |
| 38 | /** |
roman | f02273a | 2023-05-25 09:44:11 +0200 | [diff] [blame] | 39 | * @brief Configure server based on the given diff data. |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 40 | * |
roman | f6f37a5 | 2023-05-25 14:27:51 +0200 | [diff] [blame] | 41 | * Expected data are a validated instance of a ietf-netconf-server YANG data. |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 42 | * The data must be in the diff format and supported operations are: create, replace, |
| 43 | * delete and none. Context must already have implemented the required modules, see |
| 44 | * ::nc_config_load_modules(). |
| 45 | * |
roman | f6f37a5 | 2023-05-25 14:27:51 +0200 | [diff] [blame] | 46 | * @param[in] diff ietf-netconf-server YANG diff data. |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 47 | * @return 0 on success, 1 on error. |
| 48 | */ |
roman | f6f37a5 | 2023-05-25 14:27:51 +0200 | [diff] [blame] | 49 | int nc_server_config_setup_diff(const struct lyd_node *diff); |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 50 | |
| 51 | /** |
roman | f02273a | 2023-05-25 09:44:11 +0200 | [diff] [blame] | 52 | * @brief Configure server based on the given data. |
| 53 | * |
| 54 | * Expected data is a validated instance of a ietf-netconf-server YANG data. |
| 55 | * Behaves as if all the nodes in data had the replace operation. That means that the current configuration will be deleted |
| 56 | * and just the given data will all be applied. |
roman | f6f37a5 | 2023-05-25 14:27:51 +0200 | [diff] [blame] | 57 | * The data must not contain any operation attribute, see ::nc_config_setup_diff() which works with diff. |
roman | f02273a | 2023-05-25 09:44:11 +0200 | [diff] [blame] | 58 | * Context must already have implemented the required modules, see * ::nc_config_load_modules(). |
| 59 | * |
| 60 | * @param[in] data ietf-netconf-server YANG data. |
| 61 | * @return 0 on success, 1 on error. |
| 62 | */ |
roman | f6f37a5 | 2023-05-25 14:27:51 +0200 | [diff] [blame] | 63 | int nc_server_config_setup_data(const struct lyd_node *data); |
roman | f02273a | 2023-05-25 09:44:11 +0200 | [diff] [blame] | 64 | |
| 65 | /** |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 66 | * @brief Configure server based on the given ietf-netconf-server YANG data. |
roman | f6f37a5 | 2023-05-25 14:27:51 +0200 | [diff] [blame] | 67 | * Wrapper around ::nc_config_setup_server_data() hiding work with parsing the data. |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 68 | * |
| 69 | * @param[in] ctx libyang context. |
| 70 | * @param[in] path Path to the file with YANG data in XML format. |
| 71 | * @return 0 on success, 1 on error. |
| 72 | */ |
| 73 | int nc_server_config_setup_path(const struct ly_ctx *ctx, const char *path); |
| 74 | |
| 75 | /** |
| 76 | * @brief Implements all the required modules and their features in the context. |
| 77 | * Needs to be called before any other configuration functions. |
| 78 | * |
| 79 | * If ctx is : |
| 80 | * - NULL: a new context will be created and if the call is successful you have to free it, |
| 81 | * - non NULL: modules will simply be implemented. |
| 82 | * |
| 83 | * Implemented modules: ietf-netconf-server, ietf-x509-cert-to-name, ietf-crypto-types, |
| 84 | * ietf-tcp-common, ietf-ssh-common, iana-ssh-encryption-algs, iana-ssh-key-exchange-algs, |
| 85 | * iana-ssh-mac-algs, iana-ssh-public-key-algs, ietf-keystore, ietf-ssh-server, ietf-truststore, |
| 86 | * ietf-tls-server and libnetconf2-netconf-server. |
| 87 | * |
| 88 | * @param[in, out] ctx Optional context in which the modules will be implemented. Created if ctx is null. |
| 89 | * @return 0 on success, 1 on error. |
| 90 | */ |
| 91 | int nc_server_config_load_modules(struct ly_ctx **ctx); |
| 92 | |
roman | 2eab474 | 2023-06-06 10:00:26 +0200 | [diff] [blame] | 93 | #ifdef NC_ENABLED_SSH_TLS |
| 94 | |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 95 | /** |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 96 | * @brief Creates new YANG configuration data nodes for a local-address and local-port. |
| 97 | * |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 98 | * @param[in] ctx libyang context. |
| 99 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 100 | * @param[in] transport Either SSH or TLS transport for the given endpoint. |
| 101 | * @param[in] address New listening address. |
| 102 | * @param[in] port New listening port. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 103 | * If an endpoint with this identifier already exists, its address and port will be overriden. |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 104 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 105 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 106 | * @return 0 on success, non-zero otherwise. |
roman | 45cec4e | 2023-02-17 10:21:39 +0100 | [diff] [blame] | 107 | */ |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 108 | int nc_server_config_new_address_port(const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport, |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 109 | const char *address, uint16_t port, struct lyd_node **config); |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 110 | |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 111 | #endif /* NC_ENABLED_SSH_TLS */ |
| 112 | |
| 113 | /** |
| 114 | * @brief Deletes an endpoint from the YANG data. |
| 115 | * |
| 116 | * @param[in] endpt_name Optional identifier of an endpoint to be deleted. |
| 117 | * If NULL, all of the endpoints will be deleted. |
| 118 | * @param[in,out] config Configuration YANG data tree. |
| 119 | * @return 0 on success, non-zero otherwise. |
| 120 | */ |
| 121 | int nc_server_config_new_del_endpt(const char *endpt_name, struct lyd_node **config); |
| 122 | |
| 123 | #ifdef NC_ENABLED_SSH_TLS |
| 124 | |
| 125 | /** |
| 126 | * @brief Creates new YANG data nodes for an asymmetric key in the keystore. |
| 127 | * |
| 128 | * @param[in] ctx libyang context. |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 129 | * @param[in] asym_key_name Identifier of the asymmetric key pair. |
| 130 | * This identifier is used to reference the key pair. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 131 | * @param[in] privkey_path Path to a private key file. |
| 132 | * @param[in] pubkey_path Optional path a public key file. |
| 133 | * If not supplied, it will be generated from the private key. |
| 134 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 135 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 136 | * @return 0 on success, non-zero otherwise. |
| 137 | */ |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 138 | int nc_server_config_new_keystore_asym_key(const struct ly_ctx *ctx, const char *asym_key_name, const char *privkey_path, |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 139 | const char *pubkey_path, struct lyd_node **config); |
| 140 | |
| 141 | /** |
| 142 | * @brief Deletes a keystore's asymmetric key from the YANG data. |
| 143 | * |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 144 | * @param[in] asym_key_name Optional identifier of the asymmetric key to be deleted. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 145 | * If NULL, all of the asymmetric keys in the keystore will be deleted. |
| 146 | * @param[in,out] config Configuration YANG data tree. |
| 147 | * @return 0 on success, non-zero otherwise. |
| 148 | */ |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 149 | int nc_server_config_new_del_keystore_asym_key(const char *asym_key_name, struct lyd_node **config); |
| 150 | |
| 151 | /** |
| 152 | * @brief Creates new YANG data nodes for a certificate in the keystore. |
| 153 | * |
| 154 | * A certificate can not exist without its asymmetric key, so you must call ::nc_server_config_new_keystore_asym_key() |
| 155 | * either before or after calling this with the same identifier for the asymmetric key. |
| 156 | * |
| 157 | * An asymmetric key pair can have zero or more certificates associated with this key pair, however a certificate must |
| 158 | * have exactly one key pair it belongs to. |
| 159 | * |
| 160 | * @param[in] ctx libyang context. |
| 161 | * @param[in] asym_key_name Arbitrary identifier of the asymmetric key. |
| 162 | * If an asymmetric key pair with this name already exists, its contents will be changed. |
| 163 | * @param[in] cert_name Arbitrary identifier of the key pair's certificate. |
| 164 | * If a certificate with this name already exists, its contents will be changed. |
| 165 | * @param[in] cert_path Path to the PEM encoded certificate file. |
| 166 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 167 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 168 | * @return 0 on success, non-zero otherwise. |
| 169 | */ |
| 170 | int nc_server_config_new_keystore_cert(const struct ly_ctx *ctx, const char *asym_key_name, const char *cert_name, |
| 171 | const char *cert_path, struct lyd_node **config); |
| 172 | |
| 173 | /** |
| 174 | * @brief Deletes a keystore's certificate from the YANG data. |
| 175 | * |
| 176 | * @param[in] asym_key_name Identifier of an existing asymmetric key pair. |
| 177 | * @param[in] cert_name Optional identifier of a certificate to be deleted. |
| 178 | * If NULL, all of the certificates belonging to the asymmetric key pair will be deleted. |
| 179 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 180 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 181 | * @return 0 on success, non-zero otherwise. |
| 182 | */ |
| 183 | int nc_server_config_new_del_keystore_cert(const char *asym_key_name, const char *cert_name, struct lyd_node **config); |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 184 | |
| 185 | /** |
| 186 | * @brief Creates new YANG data nodes for a public key in the truststore. |
| 187 | * |
| 188 | * @param[in] ctx libyang context. |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 189 | * @param[in] pub_bag_name Arbitrary identifier of the public key bag. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 190 | * This name is used to reference the public keys in the bag. |
| 191 | * If a public key bag with this name already exists, its contents will be changed. |
| 192 | * @param[in] pubkey_name Arbitrary identifier of the public key. |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 193 | * If a public key with this name already exists in the given bag, its contents will be changed. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 194 | * @param[in] pubkey_path Path to a file containing a public key. |
| 195 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 196 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 197 | * @return 0 on success, non-zero otherwise. |
| 198 | */ |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 199 | int nc_server_config_new_truststore_pubkey(const struct ly_ctx *ctx, const char *pub_bag_name, const char *pubkey_name, |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 200 | const char *pubkey_path, struct lyd_node **config); |
| 201 | |
| 202 | /** |
| 203 | * @brief Deletes a truststore's public key from the YANG data. |
| 204 | * |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 205 | * @param[in] pub_bag_name Identifier of an existing public key bag. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 206 | * @param[in] pubkey_name Optional identifier of a public key to be deleted. |
| 207 | * If NULL, all of the public keys in the given bag will be deleted. |
| 208 | * @param[in,out] config Configuration YANG data tree. |
| 209 | * @return 0 on success, non-zero otherwise. |
| 210 | */ |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 211 | int nc_server_config_new_del_truststore_pubkey(const char *pub_bag_name, const char *pubkey_name, struct lyd_node **config); |
| 212 | |
| 213 | /** |
| 214 | * @brief Creates new YANG data nodes for a certificate in the truststore. |
| 215 | * |
| 216 | * @param[in] ctx libyang context. |
| 217 | * @param[in] cert_bag_name Arbitrary identifier of the certificate bag. |
| 218 | * This name is used to reference the certificates in the bag. |
| 219 | * If a certificate bag with this name already exists, its contents will be changed. |
| 220 | * @param[in] cert_name Arbitrary identifier of the certificate. |
| 221 | * If a certificate with this name already exists in the given bag, its contents will be changed. |
| 222 | * @param[in] cert_path Path to a file containing a PEM encoded certificate. |
| 223 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 224 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 225 | * @return 0 on success, non-zero otherwise. |
| 226 | */ |
| 227 | int nc_server_config_new_truststore_cert(const struct ly_ctx *ctx, const char *cert_bag_name, const char *cert_name, |
| 228 | const char *cert_path, struct lyd_node **config); |
| 229 | |
| 230 | /** |
| 231 | * @brief Deletes a truststore's certificate from the YANG data. |
| 232 | * |
| 233 | * @param[in] cert_bag_name Identifier of an existing certificate bag. |
| 234 | * @param[in] cert_name Optional identifier of a certificate to be deleted. |
| 235 | * If NULL, all of the certificates in the given bag will be deleted. |
| 236 | * @param[in,out] config Configuration YANG data tree. |
| 237 | * @return 0 on success, non-zero otherwise. |
| 238 | */ |
| 239 | int nc_server_config_new_del_truststore_cert(const char *cert_bag_name, |
| 240 | const char *cert_name, struct lyd_node **config); |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 241 | |
| 242 | /** |
| 243 | * @} |
| 244 | */ |
| 245 | |
| 246 | /** |
| 247 | * @defgroup server_config_ssh SSH Server Configuration |
| 248 | * @ingroup server_config |
| 249 | * |
| 250 | * @brief SSH server configuration creation and deletion |
| 251 | * @{ |
| 252 | */ |
| 253 | |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 254 | /** |
| 255 | * @brief Creates new YANG configuration data nodes for a hostkey. |
| 256 | * |
| 257 | * @param[in] ctx libyang context. |
| 258 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 259 | * If an endpoint with this identifier already exists, its hostkey might be changed. |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 260 | * @param[in] hostkey_name Arbitrary identifier of the hostkey. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 261 | * If a hostkey with this identifier already exists, its contents will be changed. |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 262 | * @param[in] privkey_path Path to a file containing a private key. |
| 263 | * The private key has to be in a PEM format. Only RSA and ECDSA keys are supported. |
| 264 | * @param[in] pubkey_path Path to a file containing a public key. If NULL, public key will be |
| 265 | * generated from the private key. |
| 266 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 267 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 268 | * @return 0 on success, non-zero otherwise. |
| 269 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 270 | int nc_server_config_new_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name, |
| 271 | const char *privkey_path, const char *pubkey_path, struct lyd_node **config); |
| 272 | |
| 273 | /** |
| 274 | * @brief Deletes a hostkey from the YANG data. |
| 275 | * |
| 276 | * @param[in] ctx libyang context. |
| 277 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 278 | * @param[in] hostkey_name Optional identifier of the hostkey to be deleted. |
| 279 | * If NULL, all of the hostkeys on this endpoint will be deleted. |
| 280 | * @param[in,out] config Configuration YANG data tree. |
| 281 | * @return 0 on success, non-zero otherwise. |
| 282 | */ |
| 283 | int nc_server_config_new_ssh_del_hostkey(const struct ly_ctx *ctx, const char *endpt_name, |
| 284 | const char *hostkey_name, struct lyd_node **config); |
| 285 | |
| 286 | /** |
| 287 | * @brief Creates new YANG data nodes for a reference to an asymmetric key located in the keystore. |
| 288 | * |
| 289 | * This asymmetric key pair will be used as the SSH hostkey. |
| 290 | * |
| 291 | * @param[in] ctx libyang context. |
| 292 | * @param[in] endpt_name Arbitrary identifier of an endpoint. |
| 293 | * If an endpoint with this identifier already exists, its contents will be changed. |
| 294 | * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey. |
| 295 | * If an endpoint's hostkey with this identifier already exists, its contents will be changed. |
| 296 | * @param[in] keystore_reference Name of the asymmetric key pair to be referenced and used as a hostkey. |
| 297 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 298 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 299 | * @return 0 on success, non-zero otherwise. |
| 300 | */ |
| 301 | int nc_server_config_new_ssh_keystore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name, |
| 302 | const char *keystore_reference, struct lyd_node **config); |
| 303 | |
| 304 | /** |
| 305 | * @brief Deletes a keystore reference from the YANG data. |
| 306 | * |
| 307 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 308 | * @param[in] hostkey_name Identifier of an existing hostkey on the given endpoint. |
| 309 | * @param[in,out] config Configuration YANG data tree. |
| 310 | * @return 0 on success, non-zero otherwise. |
| 311 | */ |
| 312 | int nc_server_config_new_ssh_del_keystore_reference(const char *endpt_name, const char *hostkey_name, |
| 313 | struct lyd_node **config); |
| 314 | |
| 315 | /** |
roman | 68404fd | 2023-07-24 10:40:59 +0200 | [diff] [blame] | 316 | * @brief Creates new YANG configuration data nodes for the maximum amount of failed SSH authentication attempts. |
| 317 | * |
| 318 | * @param[in] ctx libyang context. |
| 319 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 320 | * If an endpoint with this identifier already exists, its contents might be changed. |
| 321 | * @param[in] auth_attempts Maximum amount of failed SSH authentication attempts after which a |
| 322 | * client is disconnected. The default value is 3. |
| 323 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 324 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 325 | * @return 0 on success, non-zero otherwise. |
| 326 | */ |
| 327 | int nc_server_config_new_ssh_auth_attempts(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_attempts, |
| 328 | struct lyd_node **config); |
| 329 | |
| 330 | /** |
| 331 | * @brief Creates new YANG configuration data nodes for an SSH authentication timeout. |
| 332 | * |
| 333 | * @param[in] ctx libyang context. |
| 334 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 335 | * If an endpoint with this identifier already exists, its contents might be changed. |
| 336 | * @param[in] auth_timeout Maximum amount of time in seconds after which the authentication is deemed |
| 337 | * unsuccessful. The default value is 10. |
| 338 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 339 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 340 | * @return 0 on success, non-zero otherwise. |
| 341 | */ |
| 342 | int nc_server_config_new_ssh_auth_timeout(const struct ly_ctx *ctx, const char *endpt_name, uint16_t auth_timeout, |
| 343 | struct lyd_node **config); |
| 344 | |
| 345 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 346 | * @brief Creates new YANG configuration data nodes for an SSH user's public key authentication method. |
| 347 | * |
| 348 | * @param[in] ctx libyang context. |
| 349 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 350 | * If an endpoint with this identifier already exists, its user might be changed. |
| 351 | * @param[in] user_name Arbitrary identifier of the user. |
| 352 | * If an user with this identifier already exists, its contents will be changed. |
| 353 | * @param[in] pubkey_name Arbitrary identifier of the user's public key. |
| 354 | * If a public key with this identifier already exists for this user, its contents will be changed. |
| 355 | * @param[in] pubkey_path Path to a file containing the user's public key. |
| 356 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 357 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 358 | * @return 0 on success, non-zero otherwise. |
| 359 | */ |
| 360 | int nc_server_config_new_ssh_user_pubkey(const struct ly_ctx *ctx, const char *endpt_name, |
| 361 | const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config); |
| 362 | |
| 363 | /** |
| 364 | * @brief Deletes an SSH user's public key from the YANG data. |
| 365 | * |
| 366 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 367 | * @param[in] user_name Identifier of an existing user on the given endpoint. |
| 368 | * @param[in] pubkey_name Optional identifier of a public key to be deleted. |
| 369 | * If NULL, all of the users public keys will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 370 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 371 | * @return 0 on success, non-zero otherwise. |
| 372 | */ |
| 373 | int nc_server_config_new_ssh_del_user_pubkey(const char *endpt_name, const char *user_name, |
| 374 | const char *pubkey_name, struct lyd_node **config); |
| 375 | |
| 376 | /** |
| 377 | * @brief Creates new YANG configuration data nodes for an SSH user's password authentication method. |
| 378 | * |
| 379 | * @param[in] ctx libyang context. |
| 380 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 381 | * If an endpoint with this identifier already exists, its user might be changed. |
| 382 | * @param[in] user_name Arbitrary identifier of the user. |
| 383 | * If an user with this identifier already exists, its contents will be changed. |
| 384 | * @param[in] password Cleartext password to be set for the user. |
| 385 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 386 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 387 | * @return 0 on success, non-zero otherwise. |
| 388 | */ |
| 389 | int nc_server_config_new_ssh_user_password(const struct ly_ctx *ctx, const char *endpt_name, |
| 390 | const char *user_name, const char *password, struct lyd_node **config); |
| 391 | |
| 392 | /** |
| 393 | * @brief Deletes an SSH user's password from the YANG data. |
| 394 | * |
| 395 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 396 | * @param[in] user_name Identifier of an existing user on the given endpoint. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 397 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 398 | * @return 0 on success, non-zero otherwise. |
| 399 | */ |
| 400 | int nc_server_config_new_ssh_del_user_password(const char *endpt_name, const char *user_name, |
| 401 | struct lyd_node **config); |
| 402 | |
| 403 | /** |
| 404 | * @brief Creates new YANG configuration data nodes for an SSH user's none authentication method. |
| 405 | * |
| 406 | * @param[in] ctx libyang context. |
| 407 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 408 | * If an endpoint with this identifier already exists, its user might be changed. |
| 409 | * @param[in] user_name Arbitrary identifier of the user. |
| 410 | * If an user with this identifier already exists, its contents will be changed. |
| 411 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 412 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 413 | * @return 0 on success, non-zero otherwise. |
| 414 | */ |
| 415 | int nc_server_config_new_ssh_user_none(const struct ly_ctx *ctx, const char *endpt_name, |
| 416 | const char *user_name, struct lyd_node **config); |
| 417 | |
| 418 | /** |
| 419 | * @brief Deletes an SSH user's none authentication method from the YANG data. |
| 420 | * |
| 421 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 422 | * @param[in] user_name Identifier of an existing user on the given endpoint. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 423 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 424 | * @return 0 on success, non-zero otherwise. |
| 425 | */ |
| 426 | int nc_server_config_new_ssh_del_user_none(const char *endpt_name, const char *user_name, |
| 427 | struct lyd_node **config); |
| 428 | |
| 429 | /** |
| 430 | * @brief Creates new YANG configuration data nodes for an SSH user's keyboard interactive authentication method. |
| 431 | * |
| 432 | * @param[in] ctx libyang context. |
| 433 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 434 | * If an endpoint with this identifier already exists, its user might be changed. |
| 435 | * @param[in] user_name Arbitrary identifier of the user. |
| 436 | * If an user with this identifier already exists, its contents will be changed. |
| 437 | * @param[in] pam_config_name Name of the PAM configuration file. |
| 438 | * @param[in] pam_config_name Optional. The absolute path to the directory in which the configuration file |
| 439 | * with the name conf_name is located. A newer version (>= 1.4) of PAM library is required to be able to specify |
| 440 | * the path. If NULL is passed, then the PAM's system directories will be searched (usually /etc/pam.d/). |
| 441 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 442 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 443 | * @return 0 on success, non-zero otherwise. |
| 444 | */ |
| 445 | int nc_server_config_new_ssh_user_interactive(const struct ly_ctx *ctx, const char *endpt_name, |
| 446 | const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config); |
| 447 | |
| 448 | /** |
| 449 | * @brief Deletes an SSH user's keyboard interactive authentication from the YANG data. |
| 450 | * |
| 451 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 452 | * @param[in] user_name Identifier of an existing user on the given endpoint. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 453 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 454 | * @return 0 on success, non-zero otherwise. |
| 455 | */ |
| 456 | int nc_server_config_new_ssh_del_user_interactive(const char *endpt_name, const char *user_name, |
| 457 | struct lyd_node **config); |
| 458 | |
| 459 | /** |
| 460 | * @brief Deletes an SSH user from the YANG data. |
| 461 | * |
| 462 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 463 | * @param[in] user_name Optional identifier of an user to be deleted. |
| 464 | * If NULL, all of the users on this endpoint will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 465 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 466 | * @return 0 on success, non-zero otherwise. |
| 467 | */ |
| 468 | int nc_server_config_new_ssh_del_user(const char *endpt_name, |
| 469 | const char *user_name, struct lyd_node **config); |
| 470 | |
| 471 | /** |
| 472 | * @brief Creates new YANG data nodes for a reference to a public key bag located in the truststore. |
| 473 | * |
| 474 | * The public key's located in the bag will be used for client authentication. |
| 475 | * |
| 476 | * @param[in] ctx libyang context. |
| 477 | * @param[in] endpt_name Arbitrary identifier of an endpoint. |
| 478 | * If an endpoint with this identifier already exists, its contents will be changed. |
| 479 | * @param[in] user_name Arbitrary identifier of the endpoint's user. |
| 480 | * If an endpoint's user with this identifier already exists, its contents will be changed. |
| 481 | * @param[in] truststore_reference Name of the public key bag to be referenced and used for authentication. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 482 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 483 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 484 | * @return 0 on success, non-zero otherwise. |
| 485 | */ |
| 486 | int nc_server_config_new_ssh_truststore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *user_name, |
| 487 | const char *truststore_reference, struct lyd_node **config); |
| 488 | |
| 489 | /** |
| 490 | * @brief Deletes a truststore reference from the YANG data. |
| 491 | * |
| 492 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 493 | * @param[in] user_name Identifier of an user on the given endpoint whose truststore reference will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 494 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 495 | * @return 0 on success, non-zero otherwise. |
| 496 | */ |
| 497 | int nc_server_config_new_ssh_del_truststore_reference(const char *endpt_name, const char *user_name, |
| 498 | struct lyd_node **config); |
| 499 | |
| 500 | /** |
| 501 | * @brief Creates new YANG configuration data nodes, which will be a reference to another SSH endpoint's users. |
| 502 | * |
| 503 | * Whenever a client tries to connect to the referencing endpoint, all of its users will be tried first. If no match is |
| 504 | * found, the referenced endpoint's configured users will be tried. |
| 505 | * |
| 506 | * @param[in] ctx libyang context |
| 507 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 508 | * If an endpoint with this identifier already exists, its contents will be changed. |
| 509 | * @param[in] referenced_endpt Identifier of an endpoint, which has to exist whenever this data |
| 510 | * is applied. The referenced endpoint can reference another one and so on, but there mustn't be a cycle. |
| 511 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 512 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 513 | * @return 0 on success, non-zero otherwise. |
| 514 | */ |
| 515 | int nc_config_new_ssh_endpoint_user_reference(const struct ly_ctx *ctx, const char *endpt_name, |
| 516 | const char *referenced_endpt, struct lyd_node **config); |
| 517 | |
| 518 | /** |
| 519 | * @brief Deletes reference to another SSH endpoint's users from the YANG data. |
| 520 | * |
| 521 | * @param[in] endpt_name Identifier of an existing endpoint. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 522 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 523 | * @return 0 on success, non-zero otherwise. |
| 524 | */ |
| 525 | int nc_config_new_ssh_del_endpoint_user_reference(const char *endpt_name, struct lyd_node **config); |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 526 | |
| 527 | /** |
| 528 | * @brief Creates new YANG configuration data nodes for host-key algorithms replacing any previous ones. |
| 529 | * |
| 530 | * Supported algorithms are: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, |
| 531 | * rsa-sha2-512, rsa-sha2-256, ssh-rsa and ssh-dss. |
| 532 | * |
| 533 | * @param[in] ctx libyang context |
| 534 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 535 | * If an endpoint with this identifier already exists, its host-key algorithms will be replaced. |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 536 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 537 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 538 | * @param[in] alg_count Number of following algorithms. |
| 539 | * @param[in] ... String literals of host-key algorithms in a decreasing order of preference. |
| 540 | * @return 0 on success, non-zero otherwise. |
| 541 | */ |
roman | 466719d | 2023-05-05 16:14:37 +0200 | [diff] [blame] | 542 | int nc_server_config_new_ssh_host_key_algs(const struct ly_ctx *ctx, const char *endpt_name, |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 543 | struct lyd_node **config, int alg_count, ...); |
| 544 | |
| 545 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 546 | * @brief Deletes a hostkey algorithm from the YANG data. |
| 547 | * |
| 548 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 549 | * @param[in] alg Optional algorithm to be deleted. |
| 550 | * If NULL, all of the hostkey algorithms on this endpoint will be deleted. |
| 551 | * @param[in,out] config Configuraiton YANG data. |
| 552 | * @return 0 on success, non-zero otherwise. |
| 553 | */ |
| 554 | int nc_server_config_new_ssh_del_host_key_alg(const char *endpt_name, const char *alg, struct lyd_node **config); |
| 555 | |
| 556 | /** |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 557 | * @brief Creates new YANG configuration data nodes for key exchange algorithms replacing any previous ones. |
| 558 | * |
| 559 | * Supported algorithms are: diffie-hellman-group-exchange-sha1, curve25519-sha256, ecdh-sha2-nistp256, |
| 560 | * ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512, |
| 561 | * diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256. |
| 562 | * |
| 563 | * @param[in] ctx libyang context |
| 564 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 565 | * If an endpoint with this identifier already exists, its key exchange algorithms will be replaced. |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 566 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 567 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 568 | * @param[in] alg_count Number of following algorithms. |
| 569 | * @param[in] ... String literals of key exchange algorithms in a decreasing order of preference. |
| 570 | * @return 0 on success, non-zero otherwise. |
| 571 | */ |
roman | 466719d | 2023-05-05 16:14:37 +0200 | [diff] [blame] | 572 | int nc_server_config_new_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config, |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 573 | int alg_count, ...); |
| 574 | |
| 575 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 576 | * @brief Deletes a key exchange algorithm from the YANG data. |
| 577 | * |
| 578 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 579 | * @param[in] alg Optional algorithm to be deleted. |
| 580 | * If NULL, all of the key exchange algorithms on this endpoint will be deleted. |
| 581 | * @param[in,out] config Configuraiton YANG data. |
| 582 | * @return 0 on success, non-zero otherwise. |
| 583 | */ |
| 584 | int nc_server_config_new_ssh_del_key_exchange_alg(const char *endpt_name, const char *alg, struct lyd_node **config); |
| 585 | |
| 586 | /** |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 587 | * @brief Creates new YANG configuration data nodes for encryption algorithms replacing any previous ones. |
| 588 | * |
| 589 | * Supported algorithms are: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-cbc |
| 590 | * triple-des-cbc and none. |
| 591 | * |
| 592 | * @param[in] ctx libyang context |
| 593 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 594 | * If an endpoint with this identifier already exists, its encryption algorithms will be replaced. |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 595 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 596 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 597 | * @param[in] alg_count Number of following algorithms. |
| 598 | * @param[in] ... String literals of encryption algorithms in a decreasing order of preference. |
| 599 | * @return 0 on success, non-zero otherwise. |
| 600 | */ |
roman | 466719d | 2023-05-05 16:14:37 +0200 | [diff] [blame] | 601 | int nc_server_config_new_ssh_encryption_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config, |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 602 | int alg_count, ...); |
| 603 | |
| 604 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 605 | * @brief Deletes an encryption algorithm from the YANG data. |
| 606 | * |
| 607 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 608 | * @param[in] alg Optional algorithm to be deleted. |
| 609 | * If NULL, all of the encryption algorithms on this endpoint will be deleted. |
| 610 | * @param[in,out] config Configuraiton YANG data. |
| 611 | * @return 0 on success, non-zero otherwise. |
| 612 | */ |
| 613 | int nc_server_config_new_ssh_del_encryption_alg(const char *endpt_name, const char *alg, struct lyd_node **config); |
| 614 | |
| 615 | /** |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 616 | * @brief Creates new YANG configuration data nodes for mac algorithms replacing any previous ones. |
| 617 | * |
| 618 | * Supported algorithms are: hmac-sha2-256, hmac-sha2-512 and hmac-sha1. |
| 619 | * |
| 620 | * @param[in] ctx libyang context |
| 621 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 622 | * If an endpoint with this identifier already exists, its mac algorithms will be replaced. |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 623 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 624 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 625 | * @param[in] alg_count Number of following algorithms. |
| 626 | * @param[in] ... String literals of mac algorithms in a decreasing order of preference. |
| 627 | * @return 0 on success, non-zero otherwise. |
| 628 | */ |
roman | 466719d | 2023-05-05 16:14:37 +0200 | [diff] [blame] | 629 | int nc_server_config_new_ssh_mac_algs(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config, |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 630 | int alg_count, ...); |
| 631 | |
| 632 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 633 | * @brief Deletes a mac algorithm from the YANG data. |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 634 | * |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 635 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 636 | * @param[in] alg Optional algorithm to be deleted. |
| 637 | * If NULL, all of the mac algorithms on this endpoint will be deleted. |
| 638 | * @param[in,out] config Configuraiton YANG data. |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 639 | * @return 0 on success, non-zero otherwise. |
| 640 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 641 | int nc_server_config_new_ssh_del_mac_alg(const char *endpt_name, const char *alg, struct lyd_node **config); |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 642 | |
| 643 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 644 | * @} |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 645 | */ |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 646 | |
| 647 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 648 | * @defgroup server_config_tls TLS Server Configuration |
| 649 | * @ingroup server_config |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 650 | * |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 651 | * @brief TLS server configuration creation and deletion |
| 652 | * @{ |
roman | 9b1379c | 2023-03-31 10:11:10 +0200 | [diff] [blame] | 653 | */ |
roman | 2e797ef | 2023-06-19 10:47:49 +0200 | [diff] [blame] | 654 | |
| 655 | /** |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 656 | * @brief Creates new YANG configuration data nodes for a server's certificate. |
| 657 | * |
| 658 | * @param[in] ctx libyang context. |
| 659 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 660 | * If an endpoint with this identifier already exists, its server certificate will be changed. |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 661 | * @param[in] pubkey_path Optional path to the server's public key file. If not provided, |
| 662 | * it will be generated from the private key. |
| 663 | * @param[in] privkey_path Path to the server's private key file. |
| 664 | * @param[in] certificate_path Path to the server's certificate file. |
| 665 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 666 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 667 | * @return 0 on success, non-zero otherwise. |
| 668 | */ |
| 669 | int nc_server_config_new_tls_server_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *pubkey_path, |
| 670 | const char *privkey_path, const char *certificate_path, struct lyd_node **config); |
| 671 | |
| 672 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 673 | * @brief Deletes the server's certificate from the YANG data. |
| 674 | * |
| 675 | * @param[in] endpt_name Identifier of an existing endpoint. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 676 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 677 | * @return 0 on success, non-zero otherwise. |
| 678 | */ |
| 679 | int nc_server_config_new_tls_del_server_certificate(const char *endpt_name, struct lyd_node **config); |
| 680 | |
| 681 | /** |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 682 | * @brief Creates new YANG configuration data nodes for a keystore reference to the TLS server's certificate. |
| 683 | * |
| 684 | * @param[in] ctx libyang context. |
| 685 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 686 | * If an endpoint with this identifier already exists, its contents will be changed. |
| 687 | * @param[in] asym_key_ref Name of the asymmetric key pair in the keystore to be referenced. |
| 688 | * @param[in] cert_ref Name of the certificate, which must belong to the given asymmetric key pair, to be referenced. |
| 689 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 690 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 691 | * @return 0 on success, non-zero otherwise. |
| 692 | */ |
| 693 | int nc_server_config_new_tls_keystore_reference(const struct ly_ctx *ctx, const char *endpt_name, const char *asym_key_ref, |
| 694 | const char *cert_ref, struct lyd_node **config); |
| 695 | |
| 696 | /** |
| 697 | * @brief Deletes a TLS server certificate keystore reference from the YANG data. |
| 698 | * |
| 699 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 700 | * @param[in,out] config Modified configuration YANG data tree. |
| 701 | * @return 0 on success, non-zero otherwise. |
| 702 | */ |
| 703 | int nc_server_config_new_tls_del_keystore_reference(const char *endpt_name, struct lyd_node **config); |
| 704 | |
| 705 | /** |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 706 | * @brief Creates new YANG configuration data nodes for a client's (end-entity) certificate. |
| 707 | * |
| 708 | * @param[in] ctx libyang context. |
| 709 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 710 | * If an endpoint with this identifier already exists, its contents will be changed. |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 711 | * @param[in] cert_name Arbitrary identifier of the client's certificate. |
| 712 | * If a client certificate with this indetifier already exists, it will be changed. |
| 713 | * @param[in] cert_path Path to the client's certificate file. |
| 714 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 715 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 716 | * @return 0 on success, non-zero otherwise. |
| 717 | */ |
| 718 | int nc_server_config_new_tls_client_certificate(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name, |
| 719 | const char *cert_path, struct lyd_node **config); |
| 720 | |
| 721 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 722 | * @brief Deletes a client (end-entity) certificate from the YANG data. |
| 723 | * |
| 724 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 725 | * @param[in] cert_name Optional name of a certificate to be deleted. |
| 726 | * If NULL, all of the end-entity certificates on the given endpoint will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 727 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 728 | * @return 0 on success, non-zero otherwise. |
| 729 | */ |
| 730 | int nc_server_config_new_tls_del_client_certificate(const char *endpt_name, const char *cert_name, struct lyd_node **config); |
| 731 | |
| 732 | /** |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 733 | * @brief Creates new YANG configuration data nodes for a truststore reference to a set of client (end-entity) certificates. |
| 734 | * |
| 735 | * @param[in] ctx libyang context. |
| 736 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 737 | * If an endpoint with this identifier already exists, its contents will be changed. |
| 738 | * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced. |
| 739 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 740 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 741 | * @return 0 on success, non-zero otherwise. |
| 742 | */ |
| 743 | int nc_server_config_new_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name, |
| 744 | const char *cert_bag_ref, struct lyd_node **config); |
| 745 | |
| 746 | /** |
| 747 | * @brief Deletes a client (end-entity) certificates truststore reference from the YANG data. |
| 748 | * |
| 749 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 750 | * @param[in,out] config Modified configuration YANG data tree. |
| 751 | * @return 0 on success, non-zero otherwise. |
| 752 | */ |
| 753 | int nc_server_config_new_tls_del_client_cert_truststore_ref(const char *endpt_name, struct lyd_node **config); |
| 754 | |
| 755 | /** |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 756 | * @brief Creates new YANG configuration data nodes for a client certificate authority (trust-anchor) certificate. |
| 757 | * |
| 758 | * @param[in] ctx libyang context. |
| 759 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 760 | * If an endpoint with this identifier already exists, its contents will be changed. |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 761 | * @param[in] cert_name Arbitrary identifier of the certificate authority certificate. |
| 762 | * If a CA with this indetifier already exists, it will be changed. |
| 763 | * @param[in] cert_path Path to the CA certificate file. |
| 764 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 765 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 766 | * @return 0 on success, non-zero otherwise. |
| 767 | */ |
| 768 | int nc_server_config_new_tls_client_ca(const struct ly_ctx *ctx, const char *endpt_name, const char *cert_name, |
| 769 | const char *cert_path, struct lyd_node **config); |
| 770 | |
| 771 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 772 | * @brief Deletes a client certificate authority (trust-anchor) certificate from the YANG data. |
| 773 | * |
| 774 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 775 | * @param[in] cert_name Optional name of a certificate to be deleted. |
| 776 | * If NULL, all of the CA certificates on the given endpoint will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 777 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 778 | * @return 0 on success, non-zero otherwise. |
| 779 | */ |
| 780 | int nc_server_config_new_tls_del_client_ca(const char *endpt_name, const char *cert_name, struct lyd_node **config); |
| 781 | |
| 782 | /** |
roman | 12c3d52 | 2023-07-26 13:39:30 +0200 | [diff] [blame] | 783 | * @brief Creates new YANG configuration data nodes for a truststore reference to a set of client certificate authority (trust-anchor) certificates. |
| 784 | * |
| 785 | * @param[in] ctx libyang context. |
| 786 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
| 787 | * If an endpoint with this identifier already exists, its contents will be changed. |
| 788 | * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced. |
| 789 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 790 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 791 | * @return 0 on success, non-zero otherwise. |
| 792 | */ |
| 793 | int nc_server_config_new_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name, |
| 794 | const char *cert_bag_ref, struct lyd_node **config); |
| 795 | |
| 796 | /** |
| 797 | * @brief Deletes a client certificate authority (trust-anchor) certificates truststore reference from the YANG data. |
| 798 | * |
| 799 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 800 | * @param[in,out] config Modified configuration YANG data tree. |
| 801 | * @return 0 on success, non-zero otherwise. |
| 802 | */ |
| 803 | int nc_server_config_new_tls_del_client_ca_truststore_ref(const char *endpt_name, struct lyd_node **config); |
| 804 | |
| 805 | /** |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 806 | * @brief Creates new YANG configuration data nodes for a cert-to-name entry. |
| 807 | * |
| 808 | * @param[in] ctx libyang context. |
| 809 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 810 | * If an endpoint with this identifier already exists, its contents will be changed. |
roman | 3f9b65c | 2023-06-05 14:26:58 +0200 | [diff] [blame] | 811 | * @param[in] id ID of the entry. The lower the ID, the higher the priority of the entry (it will be checked earlier). |
| 812 | * @param[in] fingerprint Optional fingerprint of the entry. The fingerprint should always be set, however if it is |
| 813 | * not set, it will match any certificate. Entry with no fingerprint should therefore be placed only as the last entry. |
| 814 | * @param[in] map_type Mapping username to the certificate option. |
| 815 | * @param[in] name Username for this cert-to-name entry. |
| 816 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 817 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 818 | * @return 0 on success, non-zero otherwise. |
| 819 | */ |
| 820 | int nc_server_config_new_tls_ctn(const struct ly_ctx *ctx, const char *endpt_name, uint32_t id, const char *fingerprint, |
| 821 | NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config); |
| 822 | |
roman | 12644fe | 2023-06-08 11:06:42 +0200 | [diff] [blame] | 823 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 824 | * @brief Deletes a cert-to-name entry from the YANG data. |
| 825 | * |
| 826 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 827 | * @param[in] id Optional ID of the CTN entry. |
| 828 | * If 0, all of the cert-to-name entries on the given endpoint will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 829 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 830 | * @return 0 on success, non-zero otherwise. |
| 831 | */ |
| 832 | int nc_server_config_new_tls_del_ctn(const char *endpt_name, uint32_t id, struct lyd_node **config); |
| 833 | |
| 834 | /** |
roman | 12644fe | 2023-06-08 11:06:42 +0200 | [diff] [blame] | 835 | * @brief Creates new YANG configuration data nodes for a TLS version. |
| 836 | * |
| 837 | * @param[in] ctx libyang context. |
| 838 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 839 | * If an endpoint with this identifier already exists, its contents will be changed. |
roman | 12644fe | 2023-06-08 11:06:42 +0200 | [diff] [blame] | 840 | * @param[in] tls_version TLS version to be used. Call this multiple times to set |
| 841 | * the accepted versions of the TLS protocol and let the client and server negotiate |
| 842 | * the given version. |
| 843 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 844 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 845 | * @return 0 on success, non-zero otherwise. |
| 846 | */ |
| 847 | int nc_server_config_new_tls_version(const struct ly_ctx *ctx, const char *endpt_name, |
| 848 | NC_TLS_VERSION tls_version, struct lyd_node **config); |
| 849 | |
| 850 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 851 | * @brief Deletes a TLS version from the YANG data. |
| 852 | * |
| 853 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 854 | * @param[in] tls_version TLS version to be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 855 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 856 | * @return 0 on success, non-zero otherwise. |
| 857 | */ |
| 858 | int nc_server_config_new_tls_del_version(const char *endpt_name, NC_TLS_VERSION tls_version, struct lyd_node **config); |
| 859 | |
| 860 | /** |
roman | 12644fe | 2023-06-08 11:06:42 +0200 | [diff] [blame] | 861 | * @brief Creates new YANG configuration data nodes for a TLS cipher. |
| 862 | * |
| 863 | * @param[in] ctx libyang context. |
| 864 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 865 | * If an endpoint with this identifier already exists, its contents will be changed. |
roman | 12644fe | 2023-06-08 11:06:42 +0200 | [diff] [blame] | 866 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 867 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 868 | * @param[in] cipher_count Number of ciphers. |
| 869 | * @param[in] ... TLS ciphers. These ciphers MUST be in the format as listed in the |
| 870 | * iana-tls-cipher-suite-algs YANG model (lowercase and separated by dashes). Regardless |
| 871 | * of the TLS protocol version used, all of these ciphers will be tried and some of them |
| 872 | * might not be set (TLS handshake might fail then). For the list of supported ciphers see |
| 873 | * the OpenSSL documentation. |
| 874 | * @return 0 on success, non-zero otherwise. |
| 875 | */ |
| 876 | int nc_server_config_new_tls_ciphers(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config, |
roman | 08f67f4 | 2023-06-08 13:51:54 +0200 | [diff] [blame] | 877 | int cipher_count, ...); |
roman | 12644fe | 2023-06-08 11:06:42 +0200 | [diff] [blame] | 878 | |
roman | faecc58 | 2023-06-15 16:13:31 +0200 | [diff] [blame] | 879 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 880 | * @brief Deletes a TLS cipher from the YANG data. |
| 881 | * |
| 882 | * @param[in] endpt_name Identifier of an existing endpoint. |
| 883 | * @param[in] cipher TLS cipher to be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 884 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 885 | * @return 0 on success, non-zero otherwise. |
| 886 | */ |
| 887 | int nc_server_config_new_tls_del_cipher(const char *endpt_name, const char *cipher, struct lyd_node **config); |
| 888 | |
| 889 | /** |
roman | faecc58 | 2023-06-15 16:13:31 +0200 | [diff] [blame] | 890 | * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via a local file. |
| 891 | * |
| 892 | * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling |
| 893 | * this function will remove any CRL YANG nodes created by the other two functions. |
| 894 | * |
| 895 | * @param[in] ctx libyang context. |
| 896 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 897 | * If an endpoint with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 898 | * @param[in] crl_path Path to a DER/PEM encoded CRL file. |
roman | faecc58 | 2023-06-15 16:13:31 +0200 | [diff] [blame] | 899 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 900 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 901 | * @return 0 on success, non-zero otherwise. |
| 902 | */ |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 903 | int nc_server_config_new_tls_crl_path(const struct ly_ctx *ctx, const char *endpt_name, |
| 904 | const char *crl_path, struct lyd_node **config); |
roman | faecc58 | 2023-06-15 16:13:31 +0200 | [diff] [blame] | 905 | |
| 906 | /** |
| 907 | * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via an URL. |
| 908 | * |
| 909 | * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling |
| 910 | * this function will remove any CRL YANG nodes created by the other two functions. |
| 911 | * |
| 912 | * @param[in] ctx libyang context. |
| 913 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 914 | * If an endpoint with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 915 | * @param[in] crl_url URL from which the CRL file will be downloaded. The file has to be in the DER or PEM format. |
roman | faecc58 | 2023-06-15 16:13:31 +0200 | [diff] [blame] | 916 | * The allowed protocols are all the protocols supported by CURL. |
| 917 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 918 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 919 | * @return 0 on success, non-zero otherwise. |
| 920 | */ |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 921 | int nc_server_config_new_tls_crl_url(const struct ly_ctx *ctx, const char *endpt_name, const char *crl_url, struct lyd_node **config); |
roman | faecc58 | 2023-06-15 16:13:31 +0200 | [diff] [blame] | 922 | |
| 923 | /** |
| 924 | * @brief Creates new YANG configuration data nodes for a Certificate Revocation List via certificate extensions. |
| 925 | * |
| 926 | * The chain of configured Certificate Authorities will be examined. For each certificate in this chain all the |
| 927 | * CRLs from the URLs specified in their extension fields CRL Distribution Points will be downloaded and used. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 928 | * |
roman | faecc58 | 2023-06-15 16:13:31 +0200 | [diff] [blame] | 929 | * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling |
| 930 | * this function will remove any CRL YANG nodes created by the other two functions. |
| 931 | * |
| 932 | * @param[in] ctx libyang context. |
| 933 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 934 | * If an endpoint with this identifier already exists, its contents will be changed. |
roman | faecc58 | 2023-06-15 16:13:31 +0200 | [diff] [blame] | 935 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 936 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 937 | * @return 0 on success, non-zero otherwise. |
| 938 | */ |
| 939 | int nc_server_config_new_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *endpt_name, struct lyd_node **config); |
| 940 | |
roman | 2e797ef | 2023-06-19 10:47:49 +0200 | [diff] [blame] | 941 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 942 | * @brief Deletes all the CRL nodes from the YANG data. |
| 943 | * |
| 944 | * @param[in] endpt_name Identifier of an existing endpoint. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 945 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 946 | * @return 0 on success, non-zero otherwise. |
| 947 | */ |
| 948 | int nc_server_config_new_tls_del_crl(const char *endpt_name, struct lyd_node **config); |
| 949 | |
| 950 | /** |
roman | 2e797ef | 2023-06-19 10:47:49 +0200 | [diff] [blame] | 951 | * @brief Creates new YANG configuration data nodes, which will be a reference to another TLS endpoint's certificates. |
| 952 | * |
| 953 | * Whenever an user tries to connect to the referencing endpoint, all of its certificates will be tried first. If no match is |
| 954 | * found, the referenced endpoint's configured certificates will be tried. The same applies to cert-to-name entries. |
| 955 | * |
| 956 | * @param[in] ctx libyang context |
| 957 | * @param[in] endpt_name Arbitrary identifier of the endpoint. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 958 | * If an endpoint with this identifier already exists, its contents will be changed. |
roman | 2e797ef | 2023-06-19 10:47:49 +0200 | [diff] [blame] | 959 | * @param[in] referenced_endpt Identifier of an endpoint, which has to exist whenever this data |
| 960 | * is applied. The referenced endpoint can reference another one and so on, but there mustn't be a cycle. |
| 961 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 962 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 963 | * @return 0 on success, non-zero otherwise. |
| 964 | */ |
| 965 | int nc_config_new_tls_endpoint_client_reference(const struct ly_ctx *ctx, const char *endpt_name, |
| 966 | const char *referenced_endpt, struct lyd_node **config); |
| 967 | |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 968 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 969 | * @brief Deletes reference to another TLS endpoint's users from the YANG data. |
| 970 | * |
| 971 | * @param[in] endpt_name Identifier of an existing endpoint. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 972 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 973 | * @return 0 on success, non-zero otherwise. |
| 974 | */ |
| 975 | int nc_config_new_tls_del_endpoint_client_reference(const char *endpt_name, struct lyd_node **config); |
| 976 | |
| 977 | /** |
| 978 | * @} |
| 979 | */ |
| 980 | |
| 981 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 982 | * @defgroup server_config_ch Call Home server Configuration |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 983 | * @ingroup server_config |
| 984 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 985 | * @brief Call Home server configuration creation and deletion |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 986 | * @{ |
| 987 | */ |
| 988 | |
| 989 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 990 | * @brief Creates new YANG configuration data nodes for a Call Home client's address and port. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 991 | * |
| 992 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 993 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 994 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 995 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 996 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 997 | * @param[in] transport Transport protocol to be used on this endpoint - either SSH or TLS. |
| 998 | * @param[in] address Address to connect to. |
| 999 | * @param[in] port Port to connect to. |
| 1000 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1001 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1002 | * @return 0 on success, non-zero otherwise. |
| 1003 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1004 | int nc_server_config_new_ch_address_port(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
roman | 5cbb653 | 2023-06-22 12:53:17 +0200 | [diff] [blame] | 1005 | NC_TRANSPORT_IMPL transport, const char *address, const char *port, struct lyd_node **config); |
| 1006 | |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1007 | #endif /* NC_ENABLED_SSH_TLS */ |
| 1008 | |
| 1009 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1010 | * @brief Deletes a Call Home client from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1011 | * |
| 1012 | * @param[in] client_name Optional identifier of a client to be deleted. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1013 | * If NULL, all of the Call Home clients will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1014 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1015 | * @return 0 on success, non-zero otherwise. |
| 1016 | */ |
| 1017 | int nc_server_config_new_del_ch_client(const char *client_name, struct lyd_node **config); |
| 1018 | |
| 1019 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1020 | * @brief Deletes a Call Home endpoint from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1021 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1022 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1023 | * @param[in] endpt_name Optional identifier of a CH endpoint to be deleted. |
| 1024 | * If NULL, all of the CH endpoints which belong to the given client will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1025 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1026 | * @return 0 on success, non-zero otherwise. |
| 1027 | */ |
| 1028 | int nc_server_config_new_ch_del_endpt(const char *client_name, const char *endpt_name, struct lyd_node **config); |
| 1029 | |
| 1030 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1031 | * @brief Creates new YANG configuration data nodes for the Call Home persistent connection type. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1032 | * |
| 1033 | * This is the default connection type. If periodic connection type was set before, it will be unset. |
| 1034 | * |
| 1035 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1036 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1037 | * If a Call Home client with this identifier already exists, its contents will be changed. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1038 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1039 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1040 | * @return 0 on success, non-zero otherwise. |
| 1041 | */ |
| 1042 | int nc_server_config_new_ch_persistent(const struct ly_ctx *ctx, const char *client_name, struct lyd_node **config); |
| 1043 | |
| 1044 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1045 | * @brief Creates new YANG configuration data nodes for the period parameter of the Call Home periodic connection type. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1046 | * |
| 1047 | * If called, the persistent connection type will be replaced by periodic. |
| 1048 | * |
| 1049 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1050 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1051 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1052 | * @param[in] period Duration between periodic connections in minutes. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1053 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1054 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1055 | * @return 0 on success, non-zero otherwise. |
| 1056 | */ |
| 1057 | int nc_server_config_new_ch_period(const struct ly_ctx *ctx, const char *client_name, uint16_t period, |
| 1058 | struct lyd_node **config); |
| 1059 | |
| 1060 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1061 | * @brief Deletes the Call Home period parameter of the periodic connection type from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1062 | * |
| 1063 | * This behaves the same as setting the period to 60 minutes, which is the default value of this node. |
| 1064 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1065 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1066 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1067 | * @return 0 on success, non-zero otherwise. |
| 1068 | */ |
| 1069 | int nc_server_config_new_ch_del_period(const char *client_name, struct lyd_node **config); |
| 1070 | |
| 1071 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1072 | * @brief Creates new YANG configuration data nodes for the anchor time parameter of the Call Home periodic connection type. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1073 | * |
| 1074 | * If called, the persistent connection type will be replaced by periodic. |
| 1075 | * |
| 1076 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1077 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1078 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1079 | * @param[in] anchor_time Timestamp before or after which a series of periodic connections are determined. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1080 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1081 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1082 | * @return 0 on success, non-zero otherwise. |
| 1083 | */ |
| 1084 | int nc_server_config_new_ch_anchor_time(const struct ly_ctx *ctx, const char *client_name, |
| 1085 | const char *anchor_time, struct lyd_node **config); |
| 1086 | |
| 1087 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1088 | * @brief Deletes the Call Home anchor time parameter of the periodic connection type from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1089 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1090 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1091 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1092 | * @return 0 on success, non-zero otherwise. |
| 1093 | */ |
| 1094 | int nc_server_config_new_ch_del_anchor_time(const char *client_name, struct lyd_node **config); |
| 1095 | |
| 1096 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1097 | * @brief Creates new YANG configuration data nodes for the idle timeout parameter of the Call Home periodic connection type. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1098 | * |
| 1099 | * If called, the persistent connection type will be replaced by periodic. |
| 1100 | * |
| 1101 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1102 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1103 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1104 | * @param[in] idle_timeout Specifies the maximum number of seconds that a session may remain idle. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1105 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1106 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1107 | * @return 0 on success, non-zero otherwise. |
| 1108 | */ |
| 1109 | int nc_server_config_new_ch_idle_timeout(const struct ly_ctx *ctx, const char *client_name, |
| 1110 | uint16_t idle_timeout, struct lyd_node **config); |
| 1111 | |
| 1112 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1113 | * @brief Deletes the Call Home idle timeout parameter of the periodic connection type from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1114 | * |
| 1115 | * This behaves the same as setting the timeout to 180 seconds, which is the default value of this node. |
| 1116 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1117 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1118 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1119 | * @return 0 on success, non-zero otherwise. |
| 1120 | */ |
| 1121 | int nc_server_config_new_ch_del_idle_timeout(const char *client_name, struct lyd_node **config); |
| 1122 | |
| 1123 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1124 | * @brief Creates new YANG configuration data nodes for the Call Home reconnect strategy. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1125 | * |
| 1126 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1127 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1128 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1129 | * @param[in] start_with Specifies which endpoint to try if a connection is unsuccessful. Default value is NC_CH_FIRST_LISTED. |
| 1130 | * @param[in] max_wait The number of seconds after which a connection to an endpoint is deemed unsuccessful. Default value if 5. |
| 1131 | * @param[in] max_attempts The number of unsuccessful connection attempts before moving to the next endpoint. Default value is 3. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1132 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1133 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1134 | * @return 0 on success, non-zero otherwise. |
| 1135 | */ |
| 1136 | int nc_server_config_new_ch_reconnect_strategy(const struct ly_ctx *ctx, const char *client_name, |
| 1137 | NC_CH_START_WITH start_with, uint16_t max_wait, uint8_t max_attempts, struct lyd_node **config); |
| 1138 | |
| 1139 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1140 | * @brief Resets the values of the Call Home reconnect strategy nodes to their defaults. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1141 | * |
| 1142 | * The default values are: start-with = NC_CH_FIRST_LISTED, max-wait = 5 and max-attempts = 3. |
| 1143 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1144 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1145 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1146 | * @return 0 on success, non-zero otherwise. |
| 1147 | */ |
| 1148 | int nc_server_config_new_ch_del_reconnect_strategy(const char *client_name, struct lyd_node **config); |
| 1149 | |
| 1150 | /** |
| 1151 | * @} |
| 1152 | */ |
| 1153 | |
| 1154 | #ifdef NC_ENABLED_SSH_TLS |
| 1155 | |
| 1156 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1157 | * @defgroup server_config_ch_ssh SSH Call Home Server Configuration |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1158 | * @ingroup server_config_ch |
| 1159 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1160 | * @brief SSH Call Home server configuration creation and deletion |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1161 | * @{ |
| 1162 | */ |
| 1163 | |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1164 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1165 | * @brief Creates new YANG data nodes for a Call Home SSH hostkey. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1166 | * |
| 1167 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1168 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1169 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1170 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1171 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 1172 | * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey. |
| 1173 | * If the endpoint's hostkey with this identifier already exists, its contents will be changed. |
| 1174 | * @param[in] privkey_path Path to a file containing a private key. |
| 1175 | * The private key has to be in a PEM format. Only RSA and ECDSA keys are supported. |
| 1176 | * @param[in] pubkey_path Path to a file containing a public key. If NULL, public key will be |
| 1177 | * generated from the private key. |
| 1178 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1179 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1180 | * @return 0 on success, non-zero otherwise. |
| 1181 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1182 | int nc_server_config_new_ch_ssh_hostkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
roman | 5cbb653 | 2023-06-22 12:53:17 +0200 | [diff] [blame] | 1183 | const char *hostkey_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config); |
| 1184 | |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1185 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1186 | * @brief Deletes a Call Home hostkey from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1187 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1188 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1189 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1190 | * @param[in] hostkey_name Optional identifier of a hostkey to be deleted. |
| 1191 | * If NULL, all of the hostkeys on the given endpoint will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1192 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1193 | * @return 0 on success, non-zero otherwise. |
| 1194 | */ |
| 1195 | int nc_server_config_new_ch_ssh_del_hostkey(const char *client_name, const char *endpt_name, |
| 1196 | const char *hostkey_name, struct lyd_node **config); |
| 1197 | |
| 1198 | /** |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1199 | * @brief Creates new YANG data nodes for a reference to an asymmetric key located in the keystore. |
| 1200 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1201 | * This asymmetric key pair will be used as the Call Home SSH hostkey. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1202 | * |
| 1203 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1204 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1205 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1206 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1207 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 1208 | * @param[in] hostkey_name Arbitrary identifier of the endpoint's hostkey. |
| 1209 | * If the endpoint's hostkey with this identifier already exists, its contents will be changed. |
| 1210 | * @param[in] keystore_reference Name of the asymmetric key pair to be referenced and used as a hostkey. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1211 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1212 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1213 | * @return 0 on success, non-zero otherwise. |
| 1214 | */ |
| 1215 | int nc_server_config_new_ch_ssh_keystore_reference(const struct ly_ctx *ctx, const char *client_name, |
| 1216 | const char *endpt_name, const char *hostkey_name, const char *keystore_reference, struct lyd_node **config); |
| 1217 | |
| 1218 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1219 | * @brief Deletes a Call Home keystore reference from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1220 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1221 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1222 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1223 | * @param[in] hostkey_name Identifier of an existing hostkey that belongs to the given CH endpoint. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1224 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1225 | * @return 0 on success, non-zero otherwise. |
| 1226 | */ |
| 1227 | int nc_server_config_new_ch_ssh_del_keystore_reference(const char *client_name, const char *endpt_name, |
| 1228 | const char *hostkey_name, struct lyd_node **config); |
| 1229 | |
| 1230 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1231 | * @brief Creates new YANG configuration data nodes for the maximum amount of failed Call Home SSH authentication attempts. |
roman | 68404fd | 2023-07-24 10:40:59 +0200 | [diff] [blame] | 1232 | * |
| 1233 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1234 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1235 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 68404fd | 2023-07-24 10:40:59 +0200 | [diff] [blame] | 1236 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1237 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 1238 | * @param[in] auth_attempts Maximum amount of failed SSH authentication attempts after which a |
| 1239 | * client is disconnected. The default value is 3. |
| 1240 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1241 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1242 | * @return 0 on success, non-zero otherwise. |
| 1243 | */ |
| 1244 | int nc_server_config_new_ch_ssh_auth_attempts(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1245 | uint16_t auth_attempts, struct lyd_node **config); |
| 1246 | |
| 1247 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1248 | * @brief Creates new YANG configuration data nodes for a Call Home SSH authentication timeout. |
roman | 68404fd | 2023-07-24 10:40:59 +0200 | [diff] [blame] | 1249 | * |
| 1250 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1251 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1252 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 68404fd | 2023-07-24 10:40:59 +0200 | [diff] [blame] | 1253 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1254 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 1255 | * @param[in] auth_timeout Maximum amount of time in seconds after which the authentication is deemed |
| 1256 | * unsuccessful. The default value is 10. |
| 1257 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1258 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1259 | * @return 0 on success, non-zero otherwise. |
| 1260 | */ |
| 1261 | int nc_server_config_new_ch_ssh_auth_timeout(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1262 | uint16_t auth_timeout, struct lyd_node **config); |
| 1263 | |
| 1264 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1265 | * @brief Creates new YANG data nodes for a Call Home SSH user's public key authentication method. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1266 | * |
| 1267 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1268 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1269 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1270 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1271 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 1272 | * @param[in] user_name Arbitrary identifier of the endpoint's user. |
| 1273 | * If the endpoint's user with this identifier already exists, its contents will be changed. |
| 1274 | * @param[in] pubkey_name Arbitrary identifier of the user's public key. |
| 1275 | * If the user's public key with this identifier already exists, its contents will be changed. |
| 1276 | * @param[in] pubkey_path Path to a file containing a public key. |
| 1277 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1278 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1279 | * @return 0 on success, non-zero otherwise. |
| 1280 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1281 | int nc_server_config_new_ch_ssh_user_pubkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
roman | 5cbb653 | 2023-06-22 12:53:17 +0200 | [diff] [blame] | 1282 | const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config); |
| 1283 | |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1284 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1285 | * @brief Deletes a Call Home SSH user's public key from the YANG data. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1286 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1287 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1288 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1289 | * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1290 | * @param[in] pubkey_name Optional identifier of a public key to be deleted. |
| 1291 | * If NULL, all of the public keys which belong to the given SSH user will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1292 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1293 | * @return 0 on success, non-zero otherwise. |
| 1294 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1295 | int nc_server_config_new_ch_ssh_del_user_pubkey(const char *client_name, const char *endpt_name, |
| 1296 | const char *user_name, const char *pubkey_name, struct lyd_node **config); |
roman | 5cbb653 | 2023-06-22 12:53:17 +0200 | [diff] [blame] | 1297 | |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1298 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1299 | * @brief Creates new YANG data nodes for a Call Home SSH user's password authentication method. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1300 | * |
| 1301 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1302 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1303 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1304 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1305 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 1306 | * @param[in] user_name Arbitrary identifier of the endpoint's user. |
| 1307 | * If the endpoint's user with this identifier already exists, its contents will be changed. |
| 1308 | * @param[in] password Cleartext password to be set for the user. |
| 1309 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1310 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1311 | * @return 0 on success, non-zero otherwise. |
| 1312 | */ |
| 1313 | int nc_server_config_new_ch_ssh_user_password(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1314 | const char *user_name, const char *password, struct lyd_node **config); |
| 1315 | |
| 1316 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1317 | * @brief Deletes a Call Home SSH user's password from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1318 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1319 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1320 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1321 | * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint. |
| 1322 | * @param[in,out] config Modified configuration YANG data tree. |
| 1323 | * @return 0 on success, non-zero otherwise. |
| 1324 | */ |
| 1325 | int nc_server_config_new_ch_ssh_del_user_password(const char *client_name, const char *endpt_name, |
| 1326 | const char *user_name, struct lyd_node **config); |
| 1327 | |
| 1328 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1329 | * @brief Creates new YANG configuration data nodes for a Call Home SSH user's none authentication method. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1330 | * |
| 1331 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1332 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1333 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1334 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1335 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 1336 | * @param[in] user_name Arbitrary identifier of the endpoint's user. |
| 1337 | * If the endpoint's user with this identifier already exists, its contents will be changed. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1338 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1339 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1340 | * @return 0 on success, non-zero otherwise. |
| 1341 | */ |
| 1342 | int nc_server_config_new_ch_ssh_user_none(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1343 | const char *user_name, struct lyd_node **config); |
| 1344 | |
| 1345 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1346 | * @brief Deletes a Call Home SSH user's none authentication method from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1347 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1348 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1349 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1350 | * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint. |
| 1351 | * @param[in,out] config Modified configuration YANG data tree. |
| 1352 | * @return 0 on success, non-zero otherwise. |
| 1353 | */ |
| 1354 | int nc_server_config_new_ch_ssh_del_user_none(const char *client_name, const char *endpt_name, |
| 1355 | const char *user_name, struct lyd_node **config); |
| 1356 | |
| 1357 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1358 | * @brief Creates new YANG configuration data nodes for a Call Home SSH user's keyboard interactive authentication method. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1359 | * |
| 1360 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1361 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1362 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1363 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1364 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 1365 | * @param[in] user_name Arbitrary identifier of the endpoint's user. |
| 1366 | * If the endpoint's user with this identifier already exists, its contents will be changed. |
| 1367 | * @param[in] pam_config_name Name of the PAM configuration file. |
| 1368 | * @param[in] pam_config_name Optional. The absolute path to the directory in which the configuration file |
| 1369 | * with the name conf_name is located. A newer version (>= 1.4) of PAM library is required to be able to specify |
| 1370 | * the path. If NULL is passed, then the PAM's system directories will be searched (usually /etc/pam.d/). |
| 1371 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1372 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1373 | * @return 0 on success, non-zero otherwise. |
| 1374 | */ |
| 1375 | int nc_server_config_new_ch_ssh_user_interactive(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1376 | const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config); |
| 1377 | |
| 1378 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1379 | * @brief Deletes a Call Home SSH user's keyboard interactive authentication from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1380 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1381 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1382 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1383 | * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint. |
| 1384 | * @param[in,out] config Modified configuration YANG data tree. |
| 1385 | * @return 0 on success, non-zero otherwise. |
| 1386 | */ |
| 1387 | int nc_server_config_new_ch_ssh_del_user_interactive(const char *client_name, const char *endpt_name, |
| 1388 | const char *user_name, struct lyd_node **config); |
| 1389 | |
| 1390 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1391 | * @brief Deletes a Call Home SSH user from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1392 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1393 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1394 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1395 | * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint. |
| 1396 | * @param[in,out] config Modified configuration YANG data tree. |
| 1397 | * @return 0 on success, non-zero otherwise. |
| 1398 | */ |
| 1399 | int nc_server_config_new_ch_ssh_del_user(const char *client_name, const char *endpt_name, |
| 1400 | const char *user_name, struct lyd_node **config); |
| 1401 | |
| 1402 | /** |
| 1403 | * @brief Creates new YANG data nodes for a reference to a public key bag located in the truststore. |
| 1404 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1405 | * The public key's located in the bag will be used for Call Home SSH client authentication. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1406 | * |
| 1407 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1408 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1409 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1410 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1411 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
| 1412 | * @param[in] user_name Arbitrary identifier of the endpoint's user. |
| 1413 | * If the endpoint's user with this identifier already exists, its contents will be changed. |
| 1414 | * @param[in] truststore_reference Name of the public key bag to be referenced and used for authentication. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1415 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1416 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1417 | * @return 0 on success, non-zero otherwise. |
| 1418 | */ |
| 1419 | int nc_server_config_new_ch_ssh_truststore_reference(const struct ly_ctx *ctx, const char *client_name, |
| 1420 | const char *endpt_name, const char *user_name, const char *truststore_reference, struct lyd_node **config); |
| 1421 | |
| 1422 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1423 | * @brief Deletes a Call Home SSH truststore reference from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1424 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1425 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1426 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1427 | * @param[in] user_name Identifier of an existing SSH user that belongs to the given CH endpoint. |
| 1428 | * @param[in,out] config Modified configuration YANG data tree. |
| 1429 | * @return 0 on success, non-zero otherwise. |
| 1430 | */ |
| 1431 | int nc_server_config_new_ch_ssh_del_truststore_reference(const char *client_name, const char *endpt_name, |
| 1432 | const char *user_name, struct lyd_node **config); |
| 1433 | |
| 1434 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1435 | * @brief Creates new YANG configuration data nodes for Call Home host-key algorithms replacing any previous ones. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1436 | * |
| 1437 | * Supported algorithms are: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, |
| 1438 | * rsa-sha2-512, rsa-sha2-256, ssh-rsa and ssh-dss. |
| 1439 | * |
| 1440 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1441 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1442 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1443 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1444 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1445 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1446 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1447 | * @param[in] alg_count Number of following algorithms. |
| 1448 | * @param[in] ... String literals of host-key algorithms in a decreasing order of preference. |
| 1449 | * @return 0 on success, non-zero otherwise. |
| 1450 | */ |
| 1451 | int nc_server_config_new_ch_ssh_host_key_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1452 | struct lyd_node **config, int alg_count, ...); |
| 1453 | |
| 1454 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1455 | * @brief Deletes a Call Home hostkey algorithm from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1456 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1457 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1458 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1459 | * @param[in] alg Optional algorithm to be deleted. |
| 1460 | * If NULL, all of the hostkey algorithms on this endpoint will be deleted. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1461 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1462 | * @return 0 on success, non-zero otherwise. |
| 1463 | */ |
| 1464 | int nc_server_config_new_ch_ssh_del_host_key_alg(const char *client_name, const char *endpt_name, |
| 1465 | const char *alg, struct lyd_node **config); |
| 1466 | |
| 1467 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1468 | * @brief Creates new YANG configuration data nodes for Call Home key exchange algorithms replacing any previous ones. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1469 | * |
| 1470 | * Supported algorithms are: diffie-hellman-group-exchange-sha1, curve25519-sha256, ecdh-sha2-nistp256, |
| 1471 | * ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group18-sha512, diffie-hellman-group16-sha512, |
| 1472 | * diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256. |
| 1473 | * |
| 1474 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1475 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1476 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1477 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1478 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1479 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1480 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1481 | * @param[in] alg_count Number of following algorithms. |
| 1482 | * @param[in] ... String literals of key exchange algorithms in a decreasing order of preference. |
| 1483 | * @return 0 on success, non-zero otherwise. |
| 1484 | */ |
| 1485 | int nc_server_config_new_ch_ssh_key_exchange_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1486 | struct lyd_node **config, int alg_count, ...); |
| 1487 | |
| 1488 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1489 | * @brief Deletes a Call Home key exchange algorithm from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1490 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1491 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1492 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1493 | * @param[in] alg Optional algorithm to be deleted. |
| 1494 | * If NULL, all of the key exchange algorithms on this endpoint will be deleted. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1495 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1496 | * @return 0 on success, non-zero otherwise. |
| 1497 | */ |
| 1498 | int nc_server_config_new_ch_ssh_del_key_exchange_alg(const char *client_name, const char *endpt_name, |
| 1499 | const char *alg, struct lyd_node **config); |
| 1500 | |
| 1501 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1502 | * @brief Creates new YANG configuration data nodes for Call Home encryption algorithms replacing any previous ones. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1503 | * |
| 1504 | * Supported algorithms are: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, blowfish-cbc |
| 1505 | * triple-des-cbc and none. |
| 1506 | * |
| 1507 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1508 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1509 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1510 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1511 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1512 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1513 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1514 | * @param[in] alg_count Number of following algorithms. |
| 1515 | * @param[in] ... String literals of encryption algorithms in a decreasing order of preference. |
| 1516 | * @return 0 on success, non-zero otherwise. |
| 1517 | */ |
| 1518 | int nc_server_config_new_ch_ssh_encryption_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1519 | struct lyd_node **config, int alg_count, ...); |
| 1520 | |
| 1521 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1522 | * @brief Deletes a Call Home encryption algorithm from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1523 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1524 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1525 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1526 | * @param[in] alg Optional algorithm to be deleted. |
| 1527 | * If NULL, all of the encryption algorithms on this endpoint will be deleted. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1528 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1529 | * @return 0 on success, non-zero otherwise. |
| 1530 | */ |
| 1531 | int nc_server_config_new_ch_ssh_del_encryption_alg(const char *client_name, const char *endpt_name, |
| 1532 | const char *alg, struct lyd_node **config); |
| 1533 | |
| 1534 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1535 | * @brief Creates new YANG configuration data nodes for Call Home mac algorithms replacing any previous ones. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1536 | * |
| 1537 | * Supported algorithms are: hmac-sha2-256, hmac-sha2-512 and hmac-sha1. |
| 1538 | * |
| 1539 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1540 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1541 | * If a Call Home client with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1542 | * @param[in] endpt_name Arbitrary identifier of the client's endpoint. |
| 1543 | * If the client's endpoint with this identifier already exists, its contents will be changed. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1544 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1545 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1546 | * @param[in] alg_count Number of following algorithms. |
| 1547 | * @param[in] ... String literals of mac algorithms in a decreasing order of preference. |
| 1548 | * @return 0 on success, non-zero otherwise. |
| 1549 | */ |
| 1550 | int nc_server_config_new_ch_ssh_mac_algs(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1551 | struct lyd_node **config, int alg_count, ...); |
| 1552 | |
| 1553 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1554 | * @brief Deletes a Call Home mac algorithm from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1555 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1556 | * @param[in] client_name Identifier of an existing Call Home client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1557 | * @param[in] endpt_name Identifier of an existing endpoint that belongs to the given CH client. |
| 1558 | * @param[in] alg Optional algorithm to be deleted. |
| 1559 | * If NULL, all of the mac algorithms on this endpoint will be deleted. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1560 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1561 | * @return 0 on success, non-zero otherwise. |
| 1562 | */ |
| 1563 | int nc_server_config_new_ch_ssh_del_mac_alg(const char *client_name, const char *endpt_name, |
| 1564 | const char *alg, struct lyd_node **config); |
| 1565 | |
| 1566 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1567 | * @} |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1568 | */ |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1569 | |
| 1570 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1571 | * @defgroup server_config_ch_tls TLS Call Home Server Configuration |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1572 | * @ingroup server_config_ch |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1573 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1574 | * @brief TLS Call Home server configuration creation and deletion |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1575 | * @{ |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1576 | */ |
roman | 142718b | 2023-06-29 09:15:29 +0200 | [diff] [blame] | 1577 | |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1578 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1579 | * @brief Creates new YANG configuration data nodes for a Call Home server's certificate. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1580 | * |
| 1581 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1582 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1583 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1584 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1585 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1586 | * @param[in] pubkey_path Optional path to the server's public key file. If not provided, |
| 1587 | * it will be generated from the private key. |
| 1588 | * @param[in] privkey_path Path to the server's private key file. |
| 1589 | * @param[in] certificate_path Path to the server's certificate file. |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1590 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1591 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1592 | * @return 0 on success, non-zero otherwise. |
| 1593 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1594 | int nc_server_config_new_ch_tls_server_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1595 | const char *pubkey_path, const char *privkey_path, const char *certificate_path, struct lyd_node **config); |
| 1596 | |
| 1597 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1598 | * @brief Deletes a Call Home server certificate from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1599 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1600 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1601 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1602 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1603 | * @return 0 on success, non-zero otherwise. |
| 1604 | */ |
| 1605 | int nc_server_config_new_ch_tls_del_server_certificate(const char *client_name, const char *endpt_name, |
| 1606 | struct lyd_node **config); |
| 1607 | |
| 1608 | /** |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1609 | * @brief Creates new YANG configuration data nodes for a keystore reference to the Call Home TLS server's certificate. |
| 1610 | * |
| 1611 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1612 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1613 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1614 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1615 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1616 | * @param[in] asym_key_ref Name of the asymmetric key pair in the keystore to be referenced. |
| 1617 | * @param[in] cert_ref Name of the certificate, which must belong to the given asymmetric key pair, to be referenced. |
| 1618 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1619 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1620 | * @return 0 on success, non-zero otherwise. |
| 1621 | */ |
| 1622 | int nc_server_config_new_ch_tls_keystore_reference(const struct ly_ctx *ctx, const char *client_name, |
| 1623 | const char *endpt_name, const char *asym_key_ref, const char *cert_ref, struct lyd_node **config); |
| 1624 | |
| 1625 | /** |
| 1626 | * @brief Deletes a TLS server certificate keystore reference from the YANG data. |
| 1627 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1628 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1629 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1630 | * @param[in,out] config Modified configuration YANG data tree. |
| 1631 | * @return 0 on success, non-zero otherwise. |
| 1632 | */ |
| 1633 | int nc_server_config_new_ch_tls_del_keystore_reference(const char *client_name, const char *endpt_name, |
| 1634 | struct lyd_node **config); |
| 1635 | |
| 1636 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1637 | * @brief Creates new YANG configuration data nodes for a Call Home client's (end-entity) certificate. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1638 | * |
| 1639 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1640 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1641 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1642 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1643 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
| 1644 | * @param[in] cert_name Arbitrary identifier of the Call Home endpoint's end-entity certificate. |
| 1645 | * If an Call Home endpoint's end-entity certificate with this identifier already exists, its contents will be changed. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1646 | * @param[in] cert_path Path to the certificate file. |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1647 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1648 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1649 | * @return 0 on success, non-zero otherwise. |
| 1650 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1651 | int nc_server_config_new_ch_tls_client_certificate(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1652 | const char *cert_name, const char *cert_path, struct lyd_node **config); |
| 1653 | |
| 1654 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1655 | * @brief Deletes a Call Home client (end-entity) certificate from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1656 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1657 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1658 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1659 | * @param[in] cert_name Optional identifier of a client certificate to be deleted. |
| 1660 | * If NULL, all of the client certificates will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1661 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1662 | * @return 0 on success, non-zero otherwise. |
| 1663 | */ |
| 1664 | int nc_server_config_new_ch_tls_del_client_certificate(const char *client_name, const char *endpt_name, |
| 1665 | const char *cert_name, struct lyd_node **config); |
| 1666 | |
| 1667 | /** |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1668 | * @brief Creates new YANG configuration data nodes for a Call Home truststore reference to a set of client (end-entity) certificates. |
| 1669 | * |
| 1670 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1671 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1672 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1673 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1674 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1675 | * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced. |
| 1676 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1677 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1678 | * @return 0 on success, non-zero otherwise. |
| 1679 | */ |
| 1680 | int nc_server_config_new_ch_tls_client_cert_truststore_ref(const struct ly_ctx *ctx, const char *client_name, |
| 1681 | const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config); |
| 1682 | |
| 1683 | /** |
| 1684 | * @brief Deletes a Call Home client (end-entity) certificates truststore reference from the YANG data. |
| 1685 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1686 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1687 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1688 | * @param[in,out] config Modified configuration YANG data tree. |
| 1689 | * @return 0 on success, non-zero otherwise. |
| 1690 | */ |
| 1691 | int nc_server_config_new_ch_tls_del_client_cert_truststore_ref(const char *client_name, const char *endpt_name, |
| 1692 | struct lyd_node **config); |
| 1693 | |
| 1694 | /** |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1695 | * @brief Creates new YANG configuration data nodes for a client certificate authority (trust-anchor) certificate. |
| 1696 | * |
| 1697 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1698 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1699 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1700 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1701 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
| 1702 | * @param[in] cert_name Arbitrary identifier of the Call Home endpoint's certificate authority certificate. |
| 1703 | * If an Call Home endpoint's CA certificate with this identifier already exists, its contents will be changed. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1704 | * @param[in] cert_path Path to the certificate file. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1705 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1706 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1707 | * @return 0 on success, non-zero otherwise. |
| 1708 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1709 | int nc_server_config_new_ch_tls_client_ca(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1710 | const char *cert_name, const char *cert_path, struct lyd_node **config); |
| 1711 | |
| 1712 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1713 | * @brief Deletes a Call Home client certificate authority (trust-anchor) certificate from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1714 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1715 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1716 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1717 | * @param[in] cert_name Optional identifier of a CA certificate to be deleted. |
| 1718 | * If NULL, all of the CA certificates will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1719 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1720 | * @return 0 on success, non-zero otherwise. |
| 1721 | */ |
| 1722 | int nc_server_config_new_ch_tls_del_client_ca(const char *client_name, const char *endpt_name, |
| 1723 | const char *cert_name, struct lyd_node **config); |
| 1724 | |
| 1725 | /** |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1726 | * @brief Creates new YANG configuration data nodes for a Call Home truststore reference to a set of client certificate authority (trust-anchor) certificates. |
| 1727 | * |
| 1728 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1729 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1730 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1731 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1732 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1733 | * @param[in] cert_bag_ref Identifier of the certificate bag in the truststore to be referenced. |
| 1734 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
| 1735 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1736 | * @return 0 on success, non-zero otherwise. |
| 1737 | */ |
| 1738 | int nc_server_config_new_ch_tls_client_ca_truststore_ref(const struct ly_ctx *ctx, const char *client_name, |
| 1739 | const char *endpt_name, const char *cert_bag_ref, struct lyd_node **config); |
| 1740 | |
| 1741 | /** |
| 1742 | * @brief Deletes a Call Home client certificate authority (trust-anchor) certificates truststore reference from the YANG data. |
| 1743 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1744 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1745 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
Roytak | 934edc3 | 2023-07-27 12:04:18 +0200 | [diff] [blame] | 1746 | * @param[in,out] config Modified configuration YANG data tree. |
| 1747 | * @return 0 on success, non-zero otherwise. |
| 1748 | */ |
| 1749 | int nc_server_config_new_ch_tls_del_client_ca_truststore_ref(const char *client_name, const char *endpt_name, |
| 1750 | struct lyd_node **config); |
| 1751 | |
| 1752 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1753 | * @brief Creates new YANG configuration data nodes for a Call Home cert-to-name entry. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1754 | * |
| 1755 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1756 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1757 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1758 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1759 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1760 | * @param[in] id ID of the entry. The lower the ID, the higher the priority of the entry (it will be checked earlier). |
| 1761 | * @param[in] fingerprint Optional fingerprint of the entry. The fingerprint should always be set, however if it is |
| 1762 | * not set, it will match any certificate. Entry with no fingerprint should therefore be placed only as the last entry. |
| 1763 | * @param[in] map_type Mapping username to the certificate option. |
| 1764 | * @param[in] name Username for this cert-to-name entry. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1765 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1766 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1767 | * @return 0 on success, non-zero otherwise. |
| 1768 | */ |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1769 | int nc_server_config_new_ch_tls_ctn(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
roman | b6f4403 | 2023-06-30 15:07:56 +0200 | [diff] [blame] | 1770 | uint32_t id, const char *fingerprint, NC_TLS_CTN_MAPTYPE map_type, const char *name, struct lyd_node **config); |
| 1771 | |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1772 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1773 | * @brief Deletes a Call Home cert-to-name entry from the YANG data. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1774 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1775 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1776 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
| 1777 | * @param[in] id Optional identifier of the Call Home CTN entry to be deleted. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1778 | * If 0, all of the CTN entries will be deleted. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1779 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1780 | * @return 0 on success, non-zero otherwise. |
| 1781 | */ |
| 1782 | int nc_server_config_new_ch_tls_del_ctn(const char *client_name, const char *endpt_name, |
| 1783 | uint32_t id, struct lyd_node **config); |
| 1784 | |
| 1785 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1786 | * @brief Creates new YANG configuration data nodes for a Call Home TLS version. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1787 | * |
| 1788 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1789 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1790 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1791 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1792 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1793 | * @param[in] tls_version TLS version to be used. Call this multiple times to set the accepted versions |
| 1794 | * of the TLS protocol and let the client and server negotiate the given version. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1795 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1796 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1797 | * @return 0 on success, non-zero otherwise. |
| 1798 | */ |
| 1799 | int nc_server_config_new_ch_tls_version(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1800 | NC_TLS_VERSION tls_version, struct lyd_node **config); |
| 1801 | |
| 1802 | /** |
| 1803 | * @brief Deletes a TLS version from the YANG data. |
| 1804 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1805 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1806 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1807 | * @param[in] tls_version TLS version to be deleted. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1808 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1809 | * @return 0 on success, non-zero otherwise. |
| 1810 | */ |
| 1811 | int nc_server_config_new_ch_tls_del_version(const char *client_name, const char *endpt_name, |
| 1812 | NC_TLS_VERSION tls_version, struct lyd_node **config); |
| 1813 | |
| 1814 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1815 | * @brief Creates new YANG configuration data nodes for a Call Home TLS cipher. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1816 | * |
| 1817 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1818 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1819 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1820 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1821 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1822 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1823 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1824 | * @param[in] cipher_count Number of following ciphers. |
| 1825 | * @param[in] ... TLS ciphers. These ciphers MUST be in the format as listed in the |
| 1826 | * iana-tls-cipher-suite-algs YANG model (lowercase and separated by dashes). Regardless |
| 1827 | * of the TLS protocol version used, all of these ciphers will be tried and some of them |
| 1828 | * might not be set (TLS handshake might fail then). For the list of supported ciphers see |
| 1829 | * the OpenSSL documentation. |
| 1830 | * @return 0 on success, non-zero otherwise. |
| 1831 | */ |
| 1832 | int nc_server_config_new_ch_tls_ciphers(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1833 | struct lyd_node **config, int cipher_count, ...); |
| 1834 | |
| 1835 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1836 | * @brief Deletes a Call Home TLS cipher from the YANG data. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1837 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1838 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1839 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1840 | * @param[in] cipher TLS cipher to be deleted. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1841 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1842 | * @return 0 on success, non-zero otherwise. |
| 1843 | */ |
| 1844 | int nc_server_config_new_ch_tls_del_cipher(const char *client_name, const char *endpt_name, |
| 1845 | const char *cipher, struct lyd_node **config); |
| 1846 | |
| 1847 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1848 | * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via a local file. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1849 | * |
| 1850 | * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling |
| 1851 | * this function will remove any CRL YANG nodes created by the other two functions. |
| 1852 | * |
| 1853 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1854 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1855 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1856 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1857 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1858 | * @param[in] crl_path Path to a DER/PEM encoded CRL file. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1859 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1860 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1861 | * @return 0 on success, non-zero otherwise. |
| 1862 | */ |
| 1863 | int nc_server_config_new_ch_tls_crl_path(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1864 | const char *crl_path, struct lyd_node **config); |
| 1865 | |
| 1866 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1867 | * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via an URL. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1868 | * |
| 1869 | * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling |
| 1870 | * this function will remove any CRL YANG nodes created by the other two functions. |
| 1871 | * |
| 1872 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1873 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1874 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1875 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1876 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1877 | * @param[in] crl_url URL from which the CRL file will be downloaded. The file has to be in the DER or PEM format. |
| 1878 | * The allowed protocols are all the protocols supported by CURL. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1879 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1880 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1881 | * @return 0 on success, non-zero otherwise. |
| 1882 | */ |
| 1883 | int nc_server_config_new_ch_tls_crl_url(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1884 | const char *crl_url, struct lyd_node **config); |
| 1885 | |
| 1886 | /** |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1887 | * @brief Creates new YANG configuration data nodes for a Call Home Certificate Revocation List via certificate extensions. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1888 | * |
| 1889 | * The chain of configured Certificate Authorities will be examined. For each certificate in this chain all the |
| 1890 | * CRLs from the URLs specified in their extension fields CRL Distribution Points will be downloaded and used. |
| 1891 | * |
| 1892 | * Beware that you can choose up to one function between the three CRL alternatives on a given endpoint and calling |
| 1893 | * this function will remove any CRL YANG nodes created by the other two functions. |
| 1894 | * |
| 1895 | * @param[in] ctx libyang context. |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1896 | * @param[in] client_name Arbitrary identifier of the Call Home client. |
| 1897 | * If a Call Home client with this identifier already exists, its contents will be changed. |
| 1898 | * @param[in] endpt_name Arbitrary identifier of the Call Home client's endpoint. |
| 1899 | * If a Call Home client's endpoint with this identifier already exists, its contents will be changed. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1900 | * @param[in,out] config Configuration YANG data tree. If *config is NULL, it will be created. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1901 | * Otherwise the new YANG data will be added to the previous data and may override it. |
| 1902 | * @return 0 on success, non-zero otherwise. |
| 1903 | */ |
| 1904 | int nc_server_config_new_ch_tls_crl_cert_ext(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name, |
| 1905 | struct lyd_node **config); |
| 1906 | |
| 1907 | /** |
| 1908 | * @brief Deletes all the CRL nodes from the YANG data. |
| 1909 | * |
Roytak | 2161df6 | 2023-08-02 15:04:42 +0200 | [diff] [blame] | 1910 | * @param[in] client_name Identifier of an existing Call Home client. |
| 1911 | * @param[in] endpt_name Identifier of an existing Call Home endpoint that belongs to the given client. |
Roytak | 9b32c0f | 2023-08-02 15:07:29 +0200 | [diff] [blame^] | 1912 | * @param[in,out] config Modified configuration YANG data tree. |
roman | 9d5e5a5 | 2023-07-14 12:43:44 +0200 | [diff] [blame] | 1913 | * @return 0 on success, non-zero otherwise. |
| 1914 | */ |
| 1915 | int nc_server_config_new_ch_tls_del_crl(const char *client_name, const char *endpt_name, struct lyd_node **config); |
| 1916 | |
| 1917 | /** |
roman | 8ba6efa | 2023-07-12 15:27:52 +0200 | [diff] [blame] | 1918 | * @} |
| 1919 | */ |
| 1920 | |
roman | 2eab474 | 2023-06-06 10:00:26 +0200 | [diff] [blame] | 1921 | #endif /* NC_ENABLED_SSH_TLS */ |
roman | 45cec4e | 2023-02-17 10:21:39 +0100 | [diff] [blame] | 1922 | |
roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 1923 | #ifdef __cplusplus |
| 1924 | } |
| 1925 | #endif |
| 1926 | |
| 1927 | #endif /* NC_SESSION_SERVER_H_ */ |