Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / CESNET / libnetconf2 / 15fbc59efa5e6f1f7bea19ab561d03f8852caabb / . / src / server_config_util_ssh.c
blob: cd2e9f97e8f139570361b8302f6d999abeb1b4bf [file] [log] [blame]
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]1/**
2 * @file server_config_util_ssh.c
3 * @author Roman Janota <janota@cesnet.cz>
4 * @brief libnetconf2 server SSH configuration utilities
5 *
6 * @copyright
7 * Copyright (c) 2023 CESNET, z.s.p.o.
8 *
9 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * https://opensource.org/licenses/BSD-3-Clause
14 */
15
16#define _GNU_SOURCE
17
18#include "server_config_util.h"
19
20#include <crypt.h>
21#include <errno.h>
22#include <stdarg.h>
23#include <stdio.h>
24#include <stdlib.h>
25#include <string.h>
26
27#include <libyang/libyang.h>
28
29#include "compat.h"
30#include "config.h"
31#include "log_p.h"
32#include "server_config.h"
33#include "session_p.h"
34
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]35static int
36_nc_server_config_add_ssh_hostkey(const struct ly_ctx *ctx, const char *tree_path,
37 const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
38{
39 int ret = 0;
40 char *pubkey = NULL, *privkey = NULL;
41 NC_PRIVKEY_FORMAT privkey_type;
42 const char *privkey_format, *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
43
44 NC_CHECK_ARG_RET(NULL, ctx, tree_path, privkey_path, config, 1);
45
46 /* get the keys as a string from the given files */
Michal Vasko7ac7c562024-03-05 09:51:21 +0100[diff] [blame]47 ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_SSH, &privkey,
48 &privkey_type, &pubkey);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]49 if (ret) {
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]50 goto cleanup;
51 }
52
53 /* get privkey identityref value */
54 privkey_format = nc_server_config_util_privkey_format_to_identityref(privkey_type);
55 if (!privkey_format) {
56 ret = 1;
57 goto cleanup;
58 }
59
60 ret = nc_server_config_append(ctx, tree_path, "inline-definition/public-key-format", pubkey_format, config);
61 if (ret) {
62 goto cleanup;
63 }
64
65 ret = nc_server_config_append(ctx, tree_path, "inline-definition/public-key", pubkey, config);
66 if (ret) {
67 goto cleanup;
68 }
69
70 ret = nc_server_config_append(ctx, tree_path, "inline-definition/private-key-format", privkey_format, config);
71 if (ret) {
72 goto cleanup;
73 }
74
75 ret = nc_server_config_append(ctx, tree_path, "inline-definition/cleartext-private-key", privkey, config);
76 if (ret) {
77 goto cleanup;
78 }
79
80 /* delete keystore choice nodes if present */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]81 ret = nc_server_config_check_delete(config, "%s/central-keystore-reference", tree_path);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]82 if (ret) {
83 goto cleanup;
84 }
85
86cleanup:
87 free(privkey);
88 free(pubkey);
89 return ret;
90}
91
92API int
93nc_server_config_add_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
94 const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
95{
96 int ret = 0;
97 char *path = NULL;
98
99 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, hostkey_name, privkey_path, config, 1);
100
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]101 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]102 "server-identity/host-key[name='%s']/public-key", endpt_name, hostkey_name);
103 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]104
105 ret = _nc_server_config_add_ssh_hostkey(ctx, path, privkey_path, pubkey_path, config);
106 if (ret) {
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]107 goto cleanup;
108 }
109
110cleanup:
111 free(path);
112 return ret;
113}
114
115API int
116nc_server_config_add_ch_ssh_hostkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
117 const char *hostkey_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
118{
119 int ret = 0;
120 char *path = NULL;
121
122 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, hostkey_name, privkey_path, config, 1);
123
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]124 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]125 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]126 "host-key[name='%s']/public-key", client_name, endpt_name, hostkey_name);
127 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]128
129 ret = _nc_server_config_add_ssh_hostkey(ctx, path, privkey_path, pubkey_path, config);
130 if (ret) {
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]131 goto cleanup;
132 }
133
134cleanup:
135 free(path);
136 return ret;
137}
138
139API int
140nc_server_config_del_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
141 struct lyd_node **config)
142{
143 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
144
145 if (hostkey_name) {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]146 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/"
147 "ssh/ssh-server-parameters/server-identity/host-key[name='%s']", endpt_name, hostkey_name);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]148 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]149 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/"
150 "ssh/ssh-server-parameters/server-identity/host-key", endpt_name);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]151 }
152}
153
154API int
155nc_server_config_del_ch_ssh_hostkey(const char *client_name, const char *endpt_name,
156 const char *hostkey_name, struct lyd_node **config)
157{
158 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
159
160 if (hostkey_name) {
161 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
162 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
163 "host-key[name='%s']", client_name, endpt_name, hostkey_name);
164 } else {
165 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
166 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
167 "host-key", client_name, endpt_name);
168 }
169}
170
171API int
romand348b942023-10-13 14:32:19 +0200[diff] [blame]172nc_server_config_add_ssh_keystore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
173 const char *keystore_reference, struct lyd_node **config)
174{
175 int ret = 0;
176
177 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, hostkey_name, keystore_reference, config, 1);
178
179 ret = nc_server_config_create(ctx, config, keystore_reference, "/ietf-netconf-server:netconf-server/listen/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]180 "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
181 "central-keystore-reference", endpt_name, hostkey_name);
romand348b942023-10-13 14:32:19 +0200[diff] [blame]182 if (ret) {
183 goto cleanup;
184 }
185
186 /* delete inline definition nodes if present */
187 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]188 "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
romand348b942023-10-13 14:32:19 +0200[diff] [blame]189 "inline-definition", endpt_name, hostkey_name);
190 if (ret) {
191 goto cleanup;
192 }
193
194cleanup:
195 return ret;
196}
197
198API int
199nc_server_config_add_ch_ssh_keystore_ref(const struct ly_ctx *ctx, const char *client_name,
200 const char *endpt_name, const char *hostkey_name, const char *keystore_reference, struct lyd_node **config)
201{
202 int ret = 0;
203
204 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, hostkey_name, keystore_reference, config, 1);
205
206 ret = nc_server_config_create(ctx, config, keystore_reference, "/ietf-netconf-server:netconf-server/call-home/"
207 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]208 "host-key[name='%s']/public-key/central-keystore-reference", client_name, endpt_name, hostkey_name);
romand348b942023-10-13 14:32:19 +0200[diff] [blame]209 if (ret) {
210 goto cleanup;
211 }
212
213 /* delete inline definition nodes if present */
214 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
215 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
216 "host-key[name='%s']/public-key/inline-definition", client_name, endpt_name, hostkey_name);
217 if (ret) {
218 goto cleanup;
219 }
220
221cleanup:
222 return ret;
223}
224
225API int
226nc_server_config_del_ssh_keystore_ref(const char *endpt_name, const char *hostkey_name,
227 struct lyd_node **config)
228{
229 NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
230
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]231 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/"
romand348b942023-10-13 14:32:19 +0200[diff] [blame]232 "endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]233 "central-keystore-reference", endpt_name, hostkey_name);
romand348b942023-10-13 14:32:19 +0200[diff] [blame]234}
235
236API int
237nc_server_config_del_ch_ssh_keystore_ref(const char *client_name, const char *endpt_name,
238 const char *hostkey_name, struct lyd_node **config)
239{
240 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, hostkey_name, config, 1);
241
242 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
243 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]244 "host-key[name='%s']/public-key/central-keystore-reference", client_name, endpt_name, hostkey_name);
romand348b942023-10-13 14:32:19 +0200[diff] [blame]245}
246
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]247static int
248_nc_server_config_add_ssh_user_pubkey(const struct ly_ctx *ctx, const char *tree_path, const char *pubkey_path,
249 struct lyd_node **config)
250{
251 int ret = 0;
252 char *pubkey = NULL;
253 const char *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
254
255 /* get pubkey data */
256 ret = nc_server_config_util_get_ssh_pubkey_file(pubkey_path, &pubkey);
257 if (ret) {
258 goto cleanup;
259 }
260
261 ret = nc_server_config_append(ctx, tree_path, "public-key-format", pubkey_format, config);
262 if (ret) {
263 goto cleanup;
264 }
265
266 ret = nc_server_config_append(ctx, tree_path, "public-key", pubkey, config);
267 if (ret) {
268 goto cleanup;
269 }
270
271cleanup:
272 free(pubkey);
273 return ret;
274}
275
276API int
277nc_server_config_add_ssh_user_pubkey(const struct ly_ctx *ctx, const char *endpt_name,
278 const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
279{
280 int ret = 0;
281 char *path = NULL;
282
283 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, pubkey_name, pubkey_path, config, 1);
284
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]285 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]286 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]287 "public-key[name='%s']", endpt_name, user_name, pubkey_name);
288 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]289
290 ret = _nc_server_config_add_ssh_user_pubkey(ctx, path, pubkey_path, config);
291 if (ret) {
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]292 goto cleanup;
293 }
294
295 /* delete truststore reference if present */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]296 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
297 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/central-truststore-reference",
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]298 endpt_name, user_name);
299 if (ret) {
300 goto cleanup;
301 }
302
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]303 /* delete use system auth if present */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]304 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]305 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
306 "libnetconf2-netconf-server:use-system-keys", endpt_name, user_name);
307 if (ret) {
308 goto cleanup;
309 }
310
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]311cleanup:
312 free(path);
313 return ret;
314}
315
316API int
317nc_server_config_add_ch_ssh_user_pubkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
318 const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
319{
320 int ret = 0;
321 char *path = NULL;
322
323 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, pubkey_name, pubkey_path, config, 1);
324
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]325 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]326 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
327 "users/user[name='%s']/public-keys/inline-definition/public-key[name='%s']", client_name,
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]328 endpt_name, user_name, pubkey_name);
329 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]330
331 ret = _nc_server_config_add_ssh_user_pubkey(ctx, path, pubkey_path, config);
332 if (ret) {
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]333 goto cleanup;
334 }
335
336 /* delete truststore reference if present */
337 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
338 "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]339 "public-keys/central-truststore-reference", client_name, endpt_name, user_name);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]340 if (ret) {
341 goto cleanup;
342 }
343
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]344 /* delete use system auth if present */
345 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
346 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/"
347 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
348 "libnetconf2-netconf-server:use-system-keys", client_name, endpt_name, user_name);
349 if (ret) {
350 goto cleanup;
351 }
352
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]353cleanup:
354 free(path);
355 return ret;
356}
357
358API int
359nc_server_config_del_ssh_user_pubkey(const char *endpt_name, const char *user_name,
360 const char *pubkey_name, struct lyd_node **config)
361{
362 NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
363
364 if (pubkey_name) {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]365 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]366 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
367 "public-key[name='%s']", endpt_name, user_name, pubkey_name);
368 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]369 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]370 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
371 "public-key", endpt_name, user_name);
372 }
373}
374
375API int
376nc_server_config_del_ch_ssh_user_pubkey(const char *client_name, const char *endpt_name,
377 const char *user_name, const char *pubkey_name, struct lyd_node **config)
378{
379 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
380
381 if (pubkey_name) {
382 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
383 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
384 "users/user[name='%s']/public-keys/inline-definition/public-key[name='%s']", client_name,
385 endpt_name, user_name, pubkey_name);
386 } else {
387 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
388 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
389 "users/user[name='%s']/public-keys/inline-definition/public-key", client_name,
390 endpt_name, user_name);
391 }
392}
393
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]394API int
395nc_server_config_add_ssh_user_authkey(const struct ly_ctx *ctx, const char *endpt_name,
396 const char *user_name, struct lyd_node **config)
397{
398 int ret = 0;
399 char *path = NULL;
400
401 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, config, 1);
402
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]403 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/"
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]404 "client-authentication/users/user[name='%s']/public-keys", endpt_name, user_name);
405 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
406
407 ret = nc_server_config_append(ctx, path, "libnetconf2-netconf-server:use-system-keys", NULL, config);
408 if (ret) {
409 goto cleanup;
410 }
411
412 /* delete inline definition nodes if present */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]413 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]414 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition",
415 endpt_name, user_name);
416 if (ret) {
417 goto cleanup;
418 }
419
420 /* delete truststore reference if present */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]421 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
422 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/central-truststore-reference",
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]423 endpt_name, user_name);
424 if (ret) {
425 goto cleanup;
426 }
427
428cleanup:
429 free(path);
430 return ret;
431}
432
433API int
434nc_server_config_add_ch_ssh_user_authkey(const struct ly_ctx *ctx, const char *client_name,
435 const char *endpt_name, const char *user_name, struct lyd_node **config)
436{
437 int ret = 0;
438 char *path = NULL;
439
440 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, config, 1);
441
442 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
443 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users"
444 "/user[name='%s']/public-keys", client_name, endpt_name, user_name);
445 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
446
447 ret = nc_server_config_append(ctx, path, "libnetconf2-netconf-server:use-system-keys", NULL, config);
448 if (ret) {
449 goto cleanup;
450 }
451
452 /* delete inline definition nodes if present */
453 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
454 "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
455 "public-keys/inline-definition", client_name, endpt_name, user_name);
456 if (ret) {
457 goto cleanup;
458 }
459
460 /* delete truststore reference if present */
461 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
462 "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]463 "public-keys/central-truststore-reference", client_name, endpt_name, user_name);
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]464 if (ret) {
465 goto cleanup;
466 }
467
468cleanup:
469 free(path);
470 return ret;
471}
472
473API int
474nc_server_config_del_ssh_user_authkey(const char *endpt_name, const char *user_name, struct lyd_node **config)
475{
476 NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
477
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]478 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]479 "ssh-server-parameters/client-authentication/users/user[name='%s']/"
480 "public-keys/libnetconf2-netconf-server:use-system-keys", endpt_name, user_name);
481}
482
483API int
484nc_server_config_ch_del_ssh_user_authkey(const char *client_name, const char *endpt_name,
485 const char *user_name, struct lyd_node **config)
486{
487 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
488
489 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
490 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
Michal Vasko19f84812024-05-03 12:22:25 +0200[diff] [blame]491 "public-keys/libnetconf2-netconf-server:use-system-keys", client_name, endpt_name, user_name);
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]492}
493
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]494static int
495_nc_server_config_add_ssh_user_password(const struct ly_ctx *ctx, const char *tree_path,
496 const char *password, struct lyd_node **config)
497{
498 int ret = 0;
499 char *hashed_pw = NULL;
500 const char *salt = "$6$idsizuippipk$";
roman8b1a6c32023-10-26 13:35:22 +0200[diff] [blame]501 struct crypt_data cdata = {0};
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]502
503 NC_CHECK_ARG_RET(NULL, ctx, tree_path, password, config, 1);
504
roman8b1a6c32023-10-26 13:35:22 +0200[diff] [blame]505 hashed_pw = crypt_r(password, salt, &cdata);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]506 if (!hashed_pw) {
507 ERR(NULL, "Hashing password failed (%s).", strerror(errno));
508 ret = 1;
509 goto cleanup;
510 }
511
512 ret = nc_server_config_append(ctx, tree_path, "password", hashed_pw, config);
513 if (ret) {
514 goto cleanup;
515 }
516
517cleanup:
518 return ret;
519}
520
521API int
522nc_server_config_add_ssh_user_password(const struct ly_ctx *ctx, const char *endpt_name,
523 const char *user_name, const char *password, struct lyd_node **config)
524{
525 int ret = 0;
526 char *path = NULL;
527
528 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, password, config, 1);
529
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]530 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]531 "client-authentication/users/user[name='%s']", endpt_name, user_name);
532 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]533
534 ret = _nc_server_config_add_ssh_user_password(ctx, path, password, config);
535 if (ret) {
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]536 goto cleanup;
537 }
538
539cleanup:
540 free(path);
541 return ret;
542}
543
544API int
545nc_server_config_add_ch_ssh_user_password(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
546 const char *user_name, const char *password, struct lyd_node **config)
547{
548 int ret = 0;
549 char *path = NULL;
550
551 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, password, config, 1);
552
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]553 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]554 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]555 "users/user[name='%s']", client_name, endpt_name, user_name);
556 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]557
558 ret = _nc_server_config_add_ssh_user_password(ctx, path, password, config);
559 if (ret) {
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]560 goto cleanup;
561 }
562
563cleanup:
564 free(path);
565 return ret;
566}
567
568API int
569nc_server_config_del_ssh_user_password(const char *endpt_name, const char *user_name, struct lyd_node **config)
570{
571 NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
572
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]573 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]574 "ssh-server-parameters/client-authentication/users/user[name='%s']/password", endpt_name, user_name);
575}
576
577API int
578nc_server_config_del_ch_ssh_user_password(const char *client_name, const char *endpt_name,
579 const char *user_name, struct lyd_node **config)
580{
581 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
582
583 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
584 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
585 "users/user[name='%s']/password", client_name, endpt_name, user_name);
586}
587
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]588API int
589nc_server_config_add_ssh_user_interactive(const struct ly_ctx *ctx, const char *endpt_name,
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]590 const char *user_name, struct lyd_node **config)
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]591{
592 int ret = 0;
593 char *path = NULL;
594
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]595 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, config, 1);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]596
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]597 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/"
romanc6518422023-11-30 16:39:00 +0100[diff] [blame]598 "client-authentication/users/user[name='%s']/libnetconf2-netconf-server:keyboard-interactive", endpt_name, user_name);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]599 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]600
romanc6518422023-11-30 16:39:00 +0100[diff] [blame]601 ret = nc_server_config_append(ctx, path, "use-system-auth", NULL, config);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]602 if (ret) {
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]603 goto cleanup;
604 }
605
606cleanup:
607 free(path);
608 return ret;
609}
610
611API int
612nc_server_config_add_ch_ssh_user_interactive(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]613 const char *user_name, struct lyd_node **config)
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]614{
615 int ret = 0;
616 char *path = NULL;
617
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]618 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, config, 1);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]619
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]620 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
romanc6518422023-11-30 16:39:00 +0100[diff] [blame]621 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
622 "libnetconf2-netconf-server:keyboard-interactive", client_name, endpt_name, user_name);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]623 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]624
romanc6518422023-11-30 16:39:00 +0100[diff] [blame]625 ret = nc_server_config_append(ctx, path, "use-system-auth", NULL, config);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]626 if (ret) {
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]627 goto cleanup;
628 }
629
630cleanup:
631 free(path);
632 return ret;
633}
634
635API int
636nc_server_config_del_ssh_user_interactive(const char *endpt_name, const char *user_name, struct lyd_node **config)
637{
638 NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
639
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]640 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]641 "ssh-server-parameters/client-authentication/users/user[name='%s']/"
642 "libnetconf2-netconf-server:keyboard-interactive", endpt_name, user_name);
643}
644
645API int
646nc_server_config_del_ch_ssh_user_interactive(const char *client_name, const char *endpt_name,
647 const char *user_name, struct lyd_node **config)
648{
649 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
650
651 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
652 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
653 "libnetconf2-netconf-server:keyboard-interactive", client_name, endpt_name, user_name);
654}
655
656API int
657nc_server_config_del_ssh_user(const char *endpt_name,
658 const char *user_name, struct lyd_node **config)
659{
660 NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
661
662 if (user_name) {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]663 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]664 "ssh-server-parameters/client-authentication/users/user[name='%s']", endpt_name, user_name);
665 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]666 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]667 "ssh-server-parameters/client-authentication/users/user", endpt_name);
668 }
669}
670
671API int
672nc_server_config_del_ch_ssh_user(const char *client_name, const char *endpt_name,
673 const char *user_name, struct lyd_node **config)
674{
675 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
676
677 if (user_name) {
678 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
679 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']", client_name,
680 endpt_name, user_name);
681 } else {
682 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
683 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user", client_name, endpt_name);
684 }
685}
686
687API int
688nc_server_config_add_ssh_endpoint_client_ref(const struct ly_ctx *ctx, const char *endpt_name,
689 const char *referenced_endpt, struct lyd_node **config)
690{
691 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, referenced_endpt, config, 1);
692
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]693 return nc_server_config_create(ctx, config, referenced_endpt, "/ietf-netconf-server:netconf-server/listen/endpoints/"
694 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/libnetconf2-netconf-server:endpoint-reference",
695 endpt_name);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]696}
697
698API int
699nc_server_config_del_ssh_endpoint_client_ref(const char *endpt_name, struct lyd_node **config)
700{
701 NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
702
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]703 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/"
704 "ssh/ssh-server-parameters/client-authentication/libnetconf2-netconf-server:endpoint-reference", endpt_name);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]705}
romand348b942023-10-13 14:32:19 +0200[diff] [blame]706
707API int
708nc_server_config_add_ssh_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *user_name,
709 const char *truststore_reference, struct lyd_node **config)
710{
711 int ret = 0;
712
713 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, truststore_reference, config, 1);
714
715 ret = nc_server_config_create(ctx, config, truststore_reference, "/ietf-netconf-server:netconf-server/listen/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]716 "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
717 "central-truststore-reference", endpt_name, user_name);
romand348b942023-10-13 14:32:19 +0200[diff] [blame]718 if (ret) {
719 goto cleanup;
720 }
721
722 /* delete inline definition nodes if present */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]723 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
romand348b942023-10-13 14:32:19 +0200[diff] [blame]724 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition",
725 endpt_name, user_name);
726 if (ret) {
727 goto cleanup;
728 }
729
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]730 /* delete use system auth if present */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]731 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]732 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
733 "libnetconf2-netconf-server:use-system-keys", endpt_name, user_name);
734 if (ret) {
735 goto cleanup;
736 }
737
romand348b942023-10-13 14:32:19 +0200[diff] [blame]738cleanup:
739 return ret;
740}
741
742API int
743nc_server_config_add_ch_ssh_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
744 const char *endpt_name, const char *user_name, const char *truststore_reference, struct lyd_node **config)
745{
746 int ret = 0;
747
748 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, truststore_reference, config, 1);
749
750 ret = nc_server_config_create(ctx, config, truststore_reference, "/ietf-netconf-server:netconf-server/call-home/"
751 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]752 "users/user[name='%s']/public-keys/central-truststore-reference", client_name, endpt_name, user_name);
romand348b942023-10-13 14:32:19 +0200[diff] [blame]753 if (ret) {
754 goto cleanup;
755 }
756
757 /* delete inline definition nodes if present */
758 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
759 "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
760 "public-keys/inline-definition", client_name, endpt_name, user_name);
761 if (ret) {
762 goto cleanup;
763 }
764
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]765 /* delete use system auth if present */
766 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
767 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/"
768 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
769 "libnetconf2-netconf-server:use-system-keys", client_name, endpt_name, user_name);
770 if (ret) {
771 goto cleanup;
772 }
773
romand348b942023-10-13 14:32:19 +0200[diff] [blame]774cleanup:
775 return ret;
776}
777
778API int
779nc_server_config_del_ssh_truststore_ref(const char *endpt_name, const char *user_name,
780 struct lyd_node **config)
781{
782 NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
783
784 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/"
785 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]786 "central-truststore-reference", endpt_name, user_name);
romand348b942023-10-13 14:32:19 +0200[diff] [blame]787}
788
789API int
790nc_server_config_del_ch_ssh_truststore_ref(const char *client_name, const char *endpt_name,
791 const char *user_name, struct lyd_node **config)
792{
793 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
794
795 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
796 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]797 "users/user[name='%s']/public-keys/central-truststore-reference", client_name, endpt_name, user_name);
romand348b942023-10-13 14:32:19 +0200[diff] [blame]798}