Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / CESNET / libnetconf2 / 1d8a20b80ad42c1635a6e9d30cc0813e0ebd5a11 / . / src / server_config.c
blob: c66360ff60b594f19ce693c3407efcc1cb59906c [file] [log] [blame]
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1/**
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2 * @file server_config.c
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3 * @author Roman Janota <janota@cesnet.cz>
4 * @brief libnetconf2 server configuration functions
5 *
6 * @copyright
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]7 * Copyright (c) 2022-2023 CESNET, z.s.p.o.
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]8 *
9 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * https://opensource.org/licenses/BSD-3-Clause
14 */
roman27215242023-03-10 14:55:00 +0100[diff] [blame]15
16#define _GNU_SOURCE
17
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]18#include <assert.h>
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]19#include <ctype.h>
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]20#include <pthread.h>
21#include <stdint.h>
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]22#include <stdlib.h>
23#include <string.h>
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]24#include <unistd.h>
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]25
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]26#include <libyang/libyang.h>
romana3c95c72023-10-26 11:15:53 +0200[diff] [blame]27#include <libyang/tree_data.h>
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]28
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]29#include "compat.h"
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]30#include "config.h"
31#include "log_p.h"
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]32#include "server_config.h"
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]33#include "server_config_p.h"
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]34#include "session_p.h"
35
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]36extern struct nc_server_opts server_opts;
37
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]38/* returns a parent node of 'node' that matches the name 'name' */
39static const struct lyd_node *
40nc_server_config_get_parent(const struct lyd_node *node, const char *name)
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]41{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]42 NC_CHECK_ARG_RET(NULL, node, name, NULL);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]43
44 while (node) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]45 if (!strcmp(LYD_NAME(node), name)) {
46 return node;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]47 }
48 node = lyd_parent(node);
49 }
50
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]51 return NULL;
52}
53
54/* returns a parent list node of 'node' that matches the name 'name' */
55static const struct lyd_node *
56nc_server_config_get_parent_list(const struct lyd_node *node, const char *name)
57{
58 NC_CHECK_ARG_RET(NULL, node, name, NULL);
59
60 while (node) {
61 /* check if the node is a list and its name matches the param */
62 if ((node->schema->nodetype == LYS_LIST) && (!strcmp(LYD_NAME(node), name))) {
63 return node;
64 }
65 node = lyd_parent(node);
66 }
67
68 return NULL;
69}
70
71/* returns the key of a list node with the name 'name' */
72static const char *
73nc_server_config_get_parent_list_key_value(const struct lyd_node *node, const char *name, const char *key_name)
74{
75 const char *original_name;
76
77 NC_CHECK_ARG_RET(NULL, node, name, key_name, NULL);
78 original_name = LYD_NAME(node);
79
80 /* get the supposed parent list */
81 node = nc_server_config_get_parent_list(node, name);
82 if (!node) {
83 ERR(NULL, "Node \"%s\" not contained in \"%s\" subtree.", original_name, name);
84 return NULL;
85 }
86
87 /* child should be the key */
88 node = lyd_child(node);
89 if (!node) {
90 ERR(NULL, "Node \"%s\" has no child nodes.", name);
91 return NULL;
92 }
93 if (strcmp(LYD_NAME(node), key_name)) {
94 ERR(NULL, "Node \"%s\" child names mismatch (found:\"%s\", expected:\"%s\").", original_name, LYD_NAME(node), key_name);
95 return NULL;
96 }
97
98 return lyd_get_value(node);
99}
100
101/* returns true if a node is a part of the listen subtree */
102static int
103is_listen(const struct lyd_node *node)
104{
105 node = nc_server_config_get_parent(node, "listen");
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]106 return node != NULL;
107}
108
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]109/* returns true if a node is a part of the Call Home subtree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]110static int
111is_ch(const struct lyd_node *node)
112{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]113 node = nc_server_config_get_parent(node, "call-home");
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]114 return node != NULL;
115}
116
117#ifdef NC_ENABLED_SSH_TLS
118
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]119/* returns true if a node is a part of the ssh subtree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]120static int
121is_ssh(const struct lyd_node *node)
122{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]123 node = nc_server_config_get_parent(node, "ssh");
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]124 return node != NULL;
125}
126
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]127/* returns true if a node is a part of the tls subtree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]128static int
129is_tls(const struct lyd_node *node)
130{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]131 node = nc_server_config_get_parent(node, "tls");
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]132 return node != NULL;
133}
134
135#endif /* NC_ENABLED_SSH_TLS */
136
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]137/* gets the endpoint struct (and optionally bind) based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]138static int
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]139nc_server_config_get_endpt(const struct lyd_node *node, struct nc_endpt **endpt, struct nc_bind **bind)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]140{
141 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]142 const char *name;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]143
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]144 NC_CHECK_ARG_RET(NULL, node, endpt, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]145
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]146 name = nc_server_config_get_parent_list_key_value(node, "endpoint", "name");
147 if (!name) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]148 return 1;
149 }
150
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]151 for (i = 0; i < server_opts.endpt_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]152 if (!strcmp(server_opts.endpts[i].name, name)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]153 *endpt = &server_opts.endpts[i];
154 if (bind) {
155 *bind = &server_opts.binds[i];
156 }
157 return 0;
158 }
159 }
160
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]161 ERR(NULL, "Endpoint \"%s\" was not found.", name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]162 return 1;
163}
164
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]165/* gets the ch_client struct based on node's location in the YANG data tree
166 * THE ch_client_lock HAS TO BE LOCKED PRIOR TO CALLING THIS
167 */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]168static int
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]169nc_server_config_get_ch_client(const struct lyd_node *node, struct nc_ch_client **ch_client)
170{
171 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]172 const char *name;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]173
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]174 NC_CHECK_ARG_RET(NULL, node, ch_client, 1);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]175
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]176 name = nc_server_config_get_parent_list_key_value(node, "netconf-client", "name");
177 if (!name) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]178 return 1;
179 }
180
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]181 for (i = 0; i < server_opts.ch_client_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]182 if (!strcmp(server_opts.ch_clients[i].name, name)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]183 *ch_client = &server_opts.ch_clients[i];
184 return 0;
185 }
186 }
187
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]188 ERR(NULL, "Call-home client \"%s\" was not found.", name);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]189 return 1;
190}
191
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]192/* gets the ch_endpt struct based on node's location in the YANG data tree,
193 * ch_client has to be locked
194 */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]195static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]196nc_server_config_get_ch_endpt(const struct lyd_node *node, const struct nc_ch_client *ch_client,
197 struct nc_ch_endpt **ch_endpt)
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]198{
199 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]200 const char *name;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]201
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]202 NC_CHECK_ARG_RET(NULL, node, ch_client, ch_endpt, 1);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]203
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]204 name = nc_server_config_get_parent_list_key_value(node, "endpoint", "name");
205 if (!name) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]206 return 1;
207 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]208
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]209 for (i = 0; i < ch_client->ch_endpt_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]210 if (!strcmp(ch_client->ch_endpts[i].name, name)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]211 *ch_endpt = &ch_client->ch_endpts[i];
212 return 0;
213 }
214 }
215
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]216 ERR(NULL, "Call-home client's \"%s\" endpoint \"%s\" was not found.", ch_client->name, name);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]217 return 1;
218}
219
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]220#ifdef NC_ENABLED_SSH_TLS
221
222/* gets the ssh_opts struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]223static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]224nc_server_config_get_ssh_opts(const struct lyd_node *node, const struct nc_ch_client *ch_client,
225 struct nc_server_ssh_opts **opts)
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]226{
227 struct nc_endpt *endpt;
228 struct nc_ch_endpt *ch_endpt;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]229
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]230 NC_CHECK_ARG_RET(NULL, node, opts, 1);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]231
232 if (is_listen(node)) {
233 if (nc_server_config_get_endpt(node, &endpt, NULL)) {
234 return 1;
235 }
236 *opts = endpt->opts.ssh;
237 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]238 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]239 return 1;
240 }
241 *opts = ch_endpt->opts.ssh;
242 }
243
244 return 0;
245}
246
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]247/* gets the hostkey struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]248static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]249nc_server_config_get_hostkey(const struct lyd_node *node, const struct nc_ch_client *ch_client,
250 struct nc_hostkey **hostkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]251{
252 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]253 const char *name;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]254 struct nc_server_ssh_opts *opts;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]255
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]256 NC_CHECK_ARG_RET(NULL, node, hostkey, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]257
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]258 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]259 return 1;
260 }
261
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]262 name = nc_server_config_get_parent_list_key_value(node, "host-key", "name");
263 if (!name) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]264 return 1;
265 }
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]266
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]267 for (i = 0; i < opts->hostkey_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]268 if (!strcmp(opts->hostkeys[i].name, name)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]269 *hostkey = &opts->hostkeys[i];
270 return 0;
271 }
272 }
273
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]274 ERR(NULL, "Host-key \"%s\" was not found.", name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]275 return 1;
276}
277
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]278/* gets the client_auth struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]279static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]280nc_server_config_get_auth_client(const struct lyd_node *node, const struct nc_ch_client *ch_client,
281 struct nc_auth_client **auth_client)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]282{
283 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]284 const char *name;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]285 struct nc_server_ssh_opts *opts;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]286
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]287 NC_CHECK_ARG_RET(NULL, node, auth_client, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]288
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]289 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]290 return 1;
291 }
292
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]293 name = nc_server_config_get_parent_list_key_value(node, "user", "name");
294 if (!name) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]295 return 1;
296 }
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]297
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]298 for (i = 0; i < opts->client_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]299 if (!strcmp(opts->auth_clients[i].username, name)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]300 *auth_client = &opts->auth_clients[i];
301 return 0;
302 }
303 }
304
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]305 ERR(NULL, "Authorized key \"%s\" was not found.", name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]306 return 1;
307}
308
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]309/* gets the pubkey struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]310static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]311nc_server_config_get_pubkey(const struct lyd_node *node, const struct nc_ch_client *ch_client,
312 struct nc_public_key **pubkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]313{
314 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]315 const char *name;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]316 struct nc_auth_client *auth_client;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]317
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]318 NC_CHECK_ARG_RET(NULL, node, pubkey, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]319
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]320 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]321 return 1;
322 }
323
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]324 name = nc_server_config_get_parent_list_key_value(node, "public-key", "name");
325 if (!name) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]326 return 1;
327 }
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]328
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]329 for (i = 0; i < auth_client->pubkey_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]330 if (!strcmp(auth_client->pubkeys[i].name, name)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]331 *pubkey = &auth_client->pubkeys[i];
332 return 0;
333 }
334 }
335
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]336 ERR(NULL, "Public key \"%s\" was not found.", name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]337 return 1;
338}
339
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]340/* gets the tls_opts struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]341static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]342nc_server_config_get_tls_opts(const struct lyd_node *node, const struct nc_ch_client *ch_client,
343 struct nc_server_tls_opts **opts)
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]344{
345 struct nc_endpt *endpt;
346 struct nc_ch_endpt *ch_endpt;
347
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]348 NC_CHECK_ARG_RET(NULL, node, opts, 1);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]349
350 if (is_listen(node)) {
351 if (nc_server_config_get_endpt(node, &endpt, NULL)) {
352 return 1;
353 }
354 *opts = endpt->opts.tls;
355 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]356 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]357 return 1;
358 }
359 *opts = ch_endpt->opts.tls;
360 }
361
362 return 0;
363}
364
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]365/* gets the cert struct based on node's location in the YANG data tree */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]366static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]367nc_server_config_get_cert(const struct lyd_node *node, const struct nc_ch_client *ch_client,
368 struct nc_certificate **cert)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]369{
370 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]371 const char *name;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]372 struct nc_cert_grouping *certs;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]373 struct nc_server_tls_opts *opts;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]374 int is_cert_end_entity;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]375 const struct lyd_node *tmp;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]376
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]377 NC_CHECK_ARG_RET(NULL, node, cert, 1);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]378
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]379 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]380 return 1;
381 }
382
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]383 name = nc_server_config_get_parent_list_key_value(node, "certificate", "name");
384 if (!name) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]385 return 1;
386 }
387
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]388 /* it's in certificate subtree, now check if it's end entity or certificate authority */
389 tmp = nc_server_config_get_parent(node, "ee-certs");
390 if (tmp) {
391 is_cert_end_entity = 1;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]392 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]393 tmp = nc_server_config_get_parent(node, "ca-certs");
394 if (!tmp) {
395 ERR(NULL, "Node \"%s\" is not contained in ee-certs nor ca-certs subtree.", name);
396 return 1;
397 }
398 is_cert_end_entity = 0;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]399 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]400
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]401 /* get the right cert stack, either ee or ca */
402 if (is_cert_end_entity) {
403 certs = &opts->ee_certs;
404 } else {
405 certs = &opts->ca_certs;
406 }
407
408 for (i = 0; i < certs->cert_count; i++) {
409 if (!strcmp(certs->certs[i].name, name)) {
410 *cert = &certs->certs[i];
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]411 return 0;
412 }
413 }
414
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]415 ERR(NULL, "%s certificate \"%s\" was not found.", is_cert_end_entity ? "End-entity" : "Certificate authority", name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]416 return 1;
417}
418
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]419/* gets the ctn struct based on node's location in the YANG data tree */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]420static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]421nc_server_config_get_ctn(const struct lyd_node *node, const struct nc_ch_client *ch_client,
422 struct nc_ctn **ctn)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]423{
424 uint32_t id;
425 struct nc_ctn *iter;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]426 struct nc_server_tls_opts *opts;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]427 const char *name;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]428
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]429 NC_CHECK_ARG_RET(NULL, node, ctn, 1);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]430
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]431 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
432 return 1;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]433 }
434
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]435 name = LYD_NAME(node);
436 node = nc_server_config_get_parent_list(node, "cert-to-name");
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]437 if (!node) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]438 ERR(NULL, "Node \"%s\" is not contained in a cert-to-name subtree.", name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]439 return 1;
440 }
441
442 node = lyd_child(node);
443 assert(!strcmp(LYD_NAME(node), "id"));
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]444 id = ((struct lyd_node_term *)node)->value.uint32;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]445
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]446 iter = opts->ctn;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]447 while (iter) {
448 if (iter->id == id) {
449 *ctn = iter;
450 return 0;
451 }
452
453 iter = iter->next;
454 }
455
456 ERR(NULL, "Cert-to-name entry with id \"%d\" was not found.", id);
457 return 1;
458}
459
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]460NC_PRIVKEY_FORMAT
461nc_server_config_get_private_key_type(const char *format)
462{
463 if (!strcmp(format, "rsa-private-key-format")) {
464 return NC_PRIVKEY_FORMAT_RSA;
465 } else if (!strcmp(format, "ec-private-key-format")) {
466 return NC_PRIVKEY_FORMAT_EC;
roman13145912023-08-17 15:36:54 +0200[diff] [blame]467 } else if (!strcmp(format, "private-key-info-format")) {
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]468 return NC_PRIVKEY_FORMAT_X509;
469 } else if (!strcmp(format, "openssh-private-key-format")) {
470 return NC_PRIVKEY_FORMAT_OPENSSH;
471 } else {
472 ERR(NULL, "Private key format (%s) not supported.", format);
473 return NC_PRIVKEY_FORMAT_UNKNOWN;
474 }
475}
476
477#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]478
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]479/* gets the ch_client struct based on node's location in the YANG data tree and locks it for reading */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]480static int
481nc_server_config_get_ch_client_with_lock(const struct lyd_node *node, struct nc_ch_client **ch_client)
482{
483 uint16_t i;
484 const char *name;
485
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]486 NC_CHECK_ARG_RET(NULL, node, ch_client, 1);
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]487
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]488 name = nc_server_config_get_parent_list_key_value(node, "netconf-client", "name");
489 if (!name) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]490 return 1;
491 }
492
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]493 /* LOCK */
494 pthread_rwlock_rdlock(&server_opts.ch_client_lock);
495 for (i = 0; i < server_opts.ch_client_count; i++) {
496 if (!strcmp(server_opts.ch_clients[i].name, name)) {
497 /* LOCK */
498 pthread_mutex_lock(&server_opts.ch_clients[i].lock);
499 *ch_client = &server_opts.ch_clients[i];
500 return 0;
501 }
502 }
503
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]504 /* UNLOCK */
505 pthread_rwlock_unlock(&server_opts.ch_client_lock);
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]506 ERR(NULL, "Call-home client \"%s\" was not found.", name);
507 return 1;
508}
509
510static void
511nc_ch_client_unlock(struct nc_ch_client *client)
512{
513 assert(client);
514
515 pthread_mutex_unlock(&client->lock);
516 pthread_rwlock_unlock(&server_opts.ch_client_lock);
517}
518
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]519int
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]520equal_parent_name(const struct lyd_node *node, uint16_t parent_count, const char *parent_name)
521{
522 uint16_t i;
523
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]524 assert(node && parent_count && parent_name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]525
526 node = lyd_parent(node);
527 for (i = 1; i < parent_count; i++) {
528 node = lyd_parent(node);
529 }
530
531 if (!strcmp(LYD_NAME(node), parent_name)) {
532 return 1;
533 }
534
535 return 0;
536}
537
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]538int
539nc_server_config_realloc(const char *key_value, void **ptr, size_t size, uint16_t *count)
540{
541 int ret = 0;
542 void *tmp;
543 char **name;
544
545 tmp = realloc(*ptr, (*count + 1) * size);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]546 NC_CHECK_ERRMEM_GOTO(!tmp, ret = 1, cleanup);
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]547 *ptr = tmp;
548
549 /* set the newly allocated memory to 0 */
550 memset((char *)(*ptr) + (*count * size), 0, size);
551 (*count)++;
552
553 /* access the first member of the supposed structure */
554 name = (char **)((*ptr) + ((*count - 1) * size));
555
556 /* and set it's value */
557 *name = strdup(key_value);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]558 NC_CHECK_ERRMEM_GOTO(!*name, ret = 1, cleanup);
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]559
560cleanup:
561 return ret;
562}
563
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]564#ifdef NC_ENABLED_SSH_TLS
565
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]566static void
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]567nc_server_config_del_hostkey(struct nc_server_ssh_opts *opts, struct nc_hostkey *hostkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]568{
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]569 assert(hostkey->store == NC_STORE_LOCAL || hostkey->store == NC_STORE_KEYSTORE);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]570
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]571 free(hostkey->name);
572
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]573 if (hostkey->store == NC_STORE_LOCAL) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]574 free(hostkey->key.pubkey_data);
575 free(hostkey->key.privkey_data);
romandd019a92023-09-14 10:17:07 +0200[diff] [blame]576 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]577 free(hostkey->ks_ref);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]578 }
579
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]580 opts->hostkey_count--;
581 if (!opts->hostkey_count) {
582 free(opts->hostkeys);
583 opts->hostkeys = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]584 } else if (hostkey != &opts->hostkeys[opts->hostkey_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]585 memcpy(hostkey, &opts->hostkeys[opts->hostkey_count], sizeof *opts->hostkeys);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]586 }
587}
588
589static void
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]590nc_server_config_del_auth_client_pubkey(struct nc_auth_client *auth_client, struct nc_public_key *pubkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]591{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]592 free(pubkey->name);
593 free(pubkey->data);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]594
595 auth_client->pubkey_count--;
596 if (!auth_client->pubkey_count) {
597 free(auth_client->pubkeys);
598 auth_client->pubkeys = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]599 } else if (pubkey != &auth_client->pubkeys[auth_client->pubkey_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]600 memcpy(pubkey, &auth_client->pubkeys[auth_client->pubkey_count], sizeof *auth_client->pubkeys);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]601 }
602}
603
604static void
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]605nc_server_config_del_auth_client(struct nc_server_ssh_opts *opts, struct nc_auth_client *auth_client)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]606{
607 uint16_t i, pubkey_count;
608
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]609 free(auth_client->username);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]610
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]611 if (auth_client->store == NC_STORE_LOCAL) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]612 pubkey_count = auth_client->pubkey_count;
613 for (i = 0; i < pubkey_count; i++) {
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]614 nc_server_config_del_auth_client_pubkey(auth_client, &auth_client->pubkeys[i]);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]615 }
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]616 } else if (auth_client->store == NC_STORE_TRUSTSTORE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]617 free(auth_client->ts_ref);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]618 }
619
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]620 free(auth_client->password);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]621
622 opts->client_count--;
623 if (!opts->client_count) {
624 free(opts->auth_clients);
625 opts->auth_clients = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]626 } else if (auth_client != &opts->auth_clients[opts->client_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]627 memcpy(auth_client, &opts->auth_clients[opts->client_count], sizeof *opts->auth_clients);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]628 }
629}
630
631static void
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]632nc_server_config_del_ssh_opts(struct nc_bind *bind, struct nc_server_ssh_opts *opts)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]633{
634 uint16_t i, hostkey_count, client_count;
635
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]636 if (bind) {
637 free(bind->address);
638 if (bind->sock > -1) {
639 close(bind->sock);
640 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]641 }
642
643 /* store in variable because it gets decremented in the function call */
644 hostkey_count = opts->hostkey_count;
645 for (i = 0; i < hostkey_count; i++) {
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]646 nc_server_config_del_hostkey(opts, &opts->hostkeys[i]);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]647 }
648
649 client_count = opts->client_count;
650 for (i = 0; i < client_count; i++) {
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]651 nc_server_config_del_auth_client(opts, &opts->auth_clients[i]);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]652 }
653
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]654 free(opts->hostkey_algs);
655 free(opts->kex_algs);
656 free(opts->encryption_algs);
657 free(opts->mac_algs);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]658
659 free(opts);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]660}
661
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]662/* delete references to endpoint with the name 'referenced_endpt_name' from other endpts */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]663static void
664nc_server_config_del_endpt_references(const char *referenced_endpt_name)
665{
666 uint16_t i, j;
667
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]668 /* first go through listen endpoints */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]669 for (i = 0; i < server_opts.endpt_count; i++) {
670 if (server_opts.endpts[i].referenced_endpt_name) {
671 if (!strcmp(server_opts.endpts[i].referenced_endpt_name, referenced_endpt_name)) {
672 free(server_opts.endpts[i].referenced_endpt_name);
673 server_opts.endpts[i].referenced_endpt_name = NULL;
674
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]675 if (server_opts.endpts[i].ti == NC_TI_SSH) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]676 server_opts.endpts[i].opts.ssh->referenced_endpt_name = NULL;
677 } else {
678 server_opts.endpts[i].opts.tls->referenced_endpt_name = NULL;
679 }
680 }
681 }
682 }
683
684 /* LOCK */
685 pthread_rwlock_rdlock(&server_opts.ch_client_lock);
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]686 /* next go through ch endpoints */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]687 for (i = 0; i < server_opts.ch_client_count; i++) {
688 /* LOCK */
689 pthread_mutex_lock(&server_opts.ch_clients[i].lock);
690 for (j = 0; j < server_opts.ch_clients[i].ch_endpt_count; j++) {
691 if (server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name) {
692 if (!strcmp(server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, referenced_endpt_name)) {
693 free(server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name);
694 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name = NULL;
695
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]696 if (server_opts.ch_clients[i].ch_endpts[j].ti == NC_TI_SSH) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]697 server_opts.ch_clients[i].ch_endpts[j].opts.ssh->referenced_endpt_name = NULL;
698 } else {
699 server_opts.ch_clients[i].ch_endpts[j].opts.tls->referenced_endpt_name = NULL;
700 }
701 }
702 }
703 }
704 /* UNLOCK */
705 pthread_mutex_unlock(&server_opts.ch_clients[i].lock);
706 }
707
708 /* UNLOCK */
709 pthread_rwlock_unlock(&server_opts.ch_client_lock);
710}
711
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]712void
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]713nc_server_config_del_endpt_ssh(struct nc_endpt *endpt, struct nc_bind *bind)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]714{
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]715 /* delete any references to this endpoint */
716 nc_server_config_del_endpt_references(endpt->name);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]717 free(endpt->name);
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]718
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]719 free(endpt->referenced_endpt_name);
720 nc_server_config_del_ssh_opts(bind, endpt->opts.ssh);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]721
722 server_opts.endpt_count--;
723 if (!server_opts.endpt_count) {
724 free(server_opts.endpts);
725 free(server_opts.binds);
726 server_opts.endpts = NULL;
727 server_opts.binds = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]728 } else if (endpt != &server_opts.endpts[server_opts.endpt_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]729 memcpy(endpt, &server_opts.endpts[server_opts.endpt_count], sizeof *server_opts.endpts);
730 memcpy(bind, &server_opts.binds[server_opts.endpt_count], sizeof *server_opts.binds);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]731 }
732}
733
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]734static void
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]735nc_server_config_del_cert(struct nc_cert_grouping *certs, struct nc_certificate *cert)
736{
737 free(cert->name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]738 free(cert->data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]739
740 certs->cert_count--;
741 if (!certs->cert_count) {
742 free(certs->certs);
743 certs->certs = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]744 } else if (cert != &certs->certs[certs->cert_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]745 memcpy(cert, &certs->certs[certs->cert_count], sizeof *certs->certs);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]746 }
747}
748
749static void
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]750nc_server_config_del_certs(struct nc_cert_grouping *certs_grp)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]751{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]752 uint16_t i;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]753
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]754 if (certs_grp->store == NC_STORE_LOCAL) {
755 for (i = 0; i < certs_grp->cert_count; i++) {
756 free(certs_grp->certs[i].name);
757 free(certs_grp->certs[i].data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]758 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]759 free(certs_grp->certs);
760 certs_grp->certs = NULL;
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]761 } else if (certs_grp->store == NC_STORE_TRUSTSTORE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]762 free(certs_grp->ts_ref);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]763 }
764}
765
766static void
767nc_server_config_del_ctn(struct nc_server_tls_opts *opts, struct nc_ctn *ctn)
768{
769 struct nc_ctn *iter;
770
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]771 free(ctn->name);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]772 free(ctn->fingerprint);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]773
774 if (opts->ctn == ctn) {
775 /* it's the first in the list */
776 opts->ctn = ctn->next;
777 free(ctn);
778 return;
779 }
780
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]781 for (iter = opts->ctn; iter; iter = iter->next) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]782 if (iter->next == ctn) {
783 /* found the ctn */
784 break;
785 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]786 }
787
romanb7bfa652023-11-09 12:36:35 +0100[diff] [blame]788 if (!iter) {
789 ERRINT;
790 return;
791 }
792
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]793 iter->next = ctn->next;
794 free(ctn);
795}
796
797static void
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]798nc_server_config_del_ctns(struct nc_server_tls_opts *opts)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]799{
800 struct nc_ctn *cur, *next;
801
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]802 for (cur = opts->ctn; cur; cur = next) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]803 next = cur->next;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]804 free(cur->name);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]805 free(cur->fingerprint);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]806 free(cur);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]807 }
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]808
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]809 opts->ctn = NULL;
810}
811
812static void
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]813nc_server_config_del_tls_opts(struct nc_bind *bind, struct nc_server_tls_opts *opts)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]814{
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]815 if (bind) {
816 free(bind->address);
817 if (bind->sock > -1) {
818 close(bind->sock);
819 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]820 }
821
822 if (opts->store == NC_STORE_LOCAL) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]823 free(opts->pubkey_data);
824 free(opts->privkey_data);
825 free(opts->cert_data);
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]826 } else if (opts->store == NC_STORE_KEYSTORE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]827 free(opts->key_ref);
828 free(opts->cert_ref);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]829 }
830
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]831 nc_server_config_del_certs(&opts->ca_certs);
832 nc_server_config_del_certs(&opts->ee_certs);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]833
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]834 nc_server_config_del_ctns(opts);
835 free(opts->ciphers);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]836 free(opts);
837}
838
839static void
840nc_server_config_del_endpt_tls(struct nc_endpt *endpt, struct nc_bind *bind)
841{
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]842 /* delete any references to this endpoint */
843 nc_server_config_del_endpt_references(endpt->name);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]844 free(endpt->name);
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]845
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]846 free(endpt->referenced_endpt_name);
847
848 nc_server_config_del_tls_opts(bind, endpt->opts.tls);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]849
850 server_opts.endpt_count--;
851 if (!server_opts.endpt_count) {
852 free(server_opts.endpts);
853 free(server_opts.binds);
854 server_opts.endpts = NULL;
855 server_opts.binds = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]856 } else if (endpt != &server_opts.endpts[server_opts.endpt_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]857 memcpy(endpt, &server_opts.endpts[server_opts.endpt_count], sizeof *server_opts.endpts);
858 memcpy(bind, &server_opts.binds[server_opts.endpt_count], sizeof *server_opts.binds);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]859 }
860}
861
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]862#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]863
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]864static void
865nc_server_config_ch_del_endpt(struct nc_ch_client *ch_client, struct nc_ch_endpt *ch_endpt)
866{
867 free(ch_endpt->name);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]868
869#ifdef NC_ENABLED_SSH_TLS
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]870 free(ch_endpt->address);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]871 if (ch_endpt->sock_pending > -1) {
872 close(ch_endpt->sock_pending);
873 ch_endpt->sock_pending = -1;
874 }
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]875 free(ch_endpt->referenced_endpt_name);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]876#endif /* NC_ENABLED_SSH_TLS */
877
878 switch (ch_endpt->ti) {
879#ifdef NC_ENABLED_SSH_TLS
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]880 case NC_TI_SSH:
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]881 nc_server_config_del_ssh_opts(NULL, ch_endpt->opts.ssh);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]882 break;
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]883 case NC_TI_TLS:
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]884 nc_server_config_del_tls_opts(NULL, ch_endpt->opts.tls);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]885 break;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]886#endif /* NC_ENABLED_SSH_TLS */
887 default:
888 ERRINT;
889 break;
890 }
891
892 ch_client->ch_endpt_count--;
893 if (!ch_client->ch_endpt_count) {
894 free(ch_client->ch_endpts);
895 ch_client->ch_endpts = NULL;
896 }
897}
898
899static void
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]900nc_server_config_destroy_ch_client(struct nc_ch_client *ch_client)
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]901{
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]902 pthread_t tid;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]903 uint16_t i, ch_endpt_count;
904
romaneaeb87e2023-12-07 13:08:01 +0100[diff] [blame]905 /* CH COND LOCK */
906 pthread_mutex_lock(&ch_client->thread_data->cond_lock);
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]907 if (ch_client->thread_data->thread_running) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]908 ch_client->thread_data->thread_running = 0;
909 pthread_cond_signal(&ch_client->thread_data->cond);
910 /* CH COND UNLOCK */
911 pthread_mutex_unlock(&ch_client->thread_data->cond_lock);
912
romaneaeb87e2023-12-07 13:08:01 +0100[diff] [blame]913 /* get tid */
914 tid = ch_client->tid;
915
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]916 /* wait for the thread to terminate */
917 pthread_join(tid, NULL);
romaneaeb87e2023-12-07 13:08:01 +0100[diff] [blame]918 } else {
919 /* CH COND UNLOCK */
920 pthread_mutex_unlock(&ch_client->thread_data->cond_lock);
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]921 }
922
923 /* free its members */
924 free(ch_client->name);
925
926 ch_endpt_count = ch_client->ch_endpt_count;
927 for (i = 0; i < ch_endpt_count; i++) {
928 nc_server_config_ch_del_endpt(ch_client, &ch_client->ch_endpts[i]);
929 }
930}
931
932static void
933nc_server_config_ch_del_client(const struct lyd_node *node)
934{
935 struct nc_ch_client client, *ch_client;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]936
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]937 /* WR LOCK */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]938 pthread_rwlock_wrlock(&server_opts.ch_client_lock);
939
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]940 if (nc_server_config_get_ch_client(node, &ch_client)) {
941 /* WR UNLOCK */
942 pthread_rwlock_unlock(&server_opts.ch_client_lock);
943 ERR(NULL, "Call-home client \"%s\" not found.", lyd_get_value(lyd_child(node)));
944 return;
945 }
946
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]947 /* copy the client we want to delete into a local variable */
948 memcpy(&client, ch_client, sizeof *ch_client);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]949
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]950 /* delete the client */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]951 server_opts.ch_client_count--;
952 if (!server_opts.ch_client_count) {
953 free(server_opts.ch_clients);
954 server_opts.ch_clients = NULL;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]955 } else {
956 memcpy(ch_client, &server_opts.ch_clients[server_opts.ch_client_count], sizeof *server_opts.ch_clients);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]957 }
958
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]959 /* WR UNLOCK */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]960 pthread_rwlock_unlock(&server_opts.ch_client_lock);
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]961
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]962 nc_server_config_destroy_ch_client(&client);
963}
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]964
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]965/* presence container */
966int
967nc_server_config_listen(const struct lyd_node *node, NC_OPERATION op)
968{
969 uint16_t i, endpt_count;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]970
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]971 (void) node;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]972
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]973 assert(op == NC_OP_CREATE || op == NC_OP_DELETE);
974
975 if (op == NC_OP_DELETE) {
976 endpt_count = server_opts.endpt_count;
977 for (i = 0; i < endpt_count; i++) {
978 switch (server_opts.endpts[i].ti) {
979#ifdef NC_ENABLED_SSH_TLS
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]980 case NC_TI_SSH:
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]981 nc_server_config_del_endpt_ssh(&server_opts.endpts[i], &server_opts.binds[i]);
982 break;
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]983 case NC_TI_TLS:
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]984 nc_server_config_del_endpt_tls(&server_opts.endpts[i], &server_opts.binds[i]);
985 break;
986#endif /* NC_ENABLED_SSH_TLS */
romana2ff4ef2024-01-19 14:41:46 +0100[diff] [blame]987 case NC_TI_UNIX:
988 break;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]989 case NC_TI_NONE:
990 case NC_TI_FD:
991 ERRINT;
992 return 1;
993 }
994 }
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]995 }
996
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]997 return 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]998}
999
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1000int
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1001nc_server_config_ch(const struct lyd_node *node, NC_OPERATION op)
1002{
1003 uint16_t i, ch_client_count;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1004 struct nc_ch_client *ch_clients;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1005
1006 (void) node;
1007
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1008 /* don't do anything if we're not deleting */
1009 if (op != NC_OP_DELETE) {
1010 return 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1011 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1012
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1013 /* WR LOCK */
1014 pthread_rwlock_wrlock(&server_opts.ch_client_lock);
1015
1016 ch_client_count = server_opts.ch_client_count;
1017 ch_clients = server_opts.ch_clients;
1018
1019 /* remove them from the server opts */
1020 server_opts.ch_client_count = 0;
1021 server_opts.ch_clients = NULL;
1022
1023 /* UNLOCK */
1024 pthread_rwlock_unlock(&server_opts.ch_client_lock);
1025
1026 for (i = 0; i < ch_client_count; i++) {
1027 /* now destroy each client */
1028 nc_server_config_destroy_ch_client(&ch_clients[i]);
1029 }
1030
1031 free(ch_clients);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1032 return 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1033}
1034
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1035/* default leaf */
1036static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1037nc_server_config_idle_timeout(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1038{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1039 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1040
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1041 assert(!strcmp(LYD_NAME(node), "idle-timeout"));
1042
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1043 if (is_ch(node)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1044 /* call-home idle timeout */
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1045 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
1046 /* to avoid unlock on fail */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1047 return 1;
1048 }
1049
1050 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1051 ch_client->idle_timeout = ((struct lyd_node_term *)node)->value.uint16;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1052 } else if (op == NC_OP_DELETE) {
1053 ch_client->idle_timeout = 180;
1054 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1055
1056 nc_ch_client_unlock(ch_client);
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1057 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1058 /* listen idle timeout */
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1059 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1060 server_opts.idle_timeout = ((struct lyd_node_term *)node)->value.uint16;
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1061 } else {
1062 /* default value */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1063 server_opts.idle_timeout = 180;
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1064 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1065 }
1066
1067 return 0;
1068}
1069
1070static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1071nc_server_config_create_bind(void)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1072{
1073 int ret = 0;
1074 void *tmp;
1075
1076 tmp = realloc(server_opts.binds, (server_opts.endpt_count + 1) * sizeof *server_opts.binds);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1077 NC_CHECK_ERRMEM_GOTO(!tmp, ret = 1, cleanup);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1078 server_opts.binds = tmp;
1079 memset(&server_opts.binds[server_opts.endpt_count], 0, sizeof *server_opts.binds);
1080
1081 server_opts.binds[server_opts.endpt_count].sock = -1;
1082
1083cleanup:
1084 return ret;
1085}
1086
1087static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1088nc_server_config_create_endpoint(const struct lyd_node *node)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1089{
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1090 if (nc_server_config_create_bind()) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1091 return 1;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1092 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1093
1094 node = lyd_child(node);
1095 assert(!strcmp(LYD_NAME(node), "name"));
1096
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1097 return nc_server_config_realloc(lyd_get_value(node), (void **)&server_opts.endpts, sizeof *server_opts.endpts,
1098 &server_opts.endpt_count);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1099}
1100
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1101static int
1102nc_server_config_ch_create_endpoint(const struct lyd_node *node, struct nc_ch_client *ch_client)
1103{
1104 node = lyd_child(node);
1105 assert(!strcmp(LYD_NAME(node), "name"));
1106
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1107 return nc_server_config_realloc(lyd_get_value(node), (void **)&ch_client->ch_endpts, sizeof *ch_client->ch_endpts,
1108 &ch_client->ch_endpt_count);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1109}
1110
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1111/* list */
1112static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1113nc_server_config_endpoint(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1114{
1115 int ret = 0;
1116 struct nc_endpt *endpt;
1117 struct nc_bind *bind;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1118 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1119 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1120
1121 assert(!strcmp(LYD_NAME(node), "endpoint"));
1122
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1123 if (is_listen(node)) {
1124 /* listen */
1125 if (op == NC_OP_CREATE) {
1126 ret = nc_server_config_create_endpoint(node);
1127 if (ret) {
1128 goto cleanup;
1129 }
1130 } else if (op == NC_OP_DELETE) {
1131 /* free all children */
1132 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
1133 ret = 1;
1134 goto cleanup;
1135 }
1136
1137 switch (endpt->ti) {
1138#ifdef NC_ENABLED_SSH_TLS
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]1139 case NC_TI_SSH:
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1140 nc_server_config_del_endpt_ssh(endpt, bind);
1141 break;
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]1142 case NC_TI_TLS:
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1143 nc_server_config_del_endpt_tls(endpt, bind);
1144 break;
1145#endif /* NC_ENABLED_SSH_TLS */
romana2ff4ef2024-01-19 14:41:46 +0100[diff] [blame]1146 case NC_TI_UNIX:
1147 break;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1148 case NC_TI_NONE:
1149 case NC_TI_FD:
1150 ERRINT;
1151 ret = 1;
1152 goto cleanup;
1153 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1154 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1155 } else if (is_ch(node)) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1156 /* LOCK */
1157 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1158 /* to avoid unlock on fail */
1159 return 1;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1160 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1161
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1162 if (op == NC_OP_CREATE) {
1163 ret = nc_server_config_ch_create_endpoint(node, ch_client);
1164 if (ret) {
1165 goto cleanup;
1166 }
1167
1168 /* init ch sock */
1169 ch_client->ch_endpts[ch_client->ch_endpt_count - 1].sock_pending = -1;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1170 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1171 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1172 ret = 1;
1173 goto cleanup;
1174 }
1175
1176 nc_server_config_ch_del_endpt(ch_client, ch_endpt);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1177 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1178 }
1179
1180cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1181 if (is_ch(node)) {
1182 /* UNLOCK */
1183 nc_ch_client_unlock(ch_client);
1184 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1185 return ret;
1186}
1187
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]1188#ifdef NC_ENABLED_SSH_TLS
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1189
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1190static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1191nc_server_config_create_ssh(struct nc_endpt *endpt)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1192{
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]1193 endpt->ti = NC_TI_SSH;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1194 endpt->opts.ssh = calloc(1, sizeof(struct nc_server_ssh_opts));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1195 NC_CHECK_ERRMEM_RET(!endpt->opts.ssh, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1196
1197 return 0;
1198}
1199
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1200static int
1201nc_server_config_ch_create_ssh(struct nc_ch_endpt *ch_endpt)
1202{
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]1203 ch_endpt->ti = NC_TI_SSH;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1204 ch_endpt->opts.ssh = calloc(1, sizeof(struct nc_server_ssh_opts));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1205 NC_CHECK_ERRMEM_RET(!ch_endpt->opts.ssh, 1);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1206
1207 return 0;
1208}
1209
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1210/* NP container */
1211static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1212nc_server_config_ssh(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1213{
1214 struct nc_endpt *endpt;
1215 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1216 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1217 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1218 int ret = 0;
1219
1220 assert(!strcmp(LYD_NAME(node), "ssh"));
1221
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1222 if (is_listen(node)) {
1223 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
1224 ret = 1;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1225 goto cleanup;
1226 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1227
1228 if (op == NC_OP_CREATE) {
1229 ret = nc_server_config_create_ssh(endpt);
1230 if (ret) {
1231 goto cleanup;
1232 }
1233 } else if (op == NC_OP_DELETE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1234 nc_server_config_del_ssh_opts(bind, endpt->opts.ssh);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1235 }
1236 } else {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1237 /* LOCK */
1238 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1239 /* to avoid unlock on fail */
1240 return 1;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1241 }
1242
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1243 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1244 ret = 1;
1245 goto cleanup;
1246 }
1247
1248 if (op == NC_OP_CREATE) {
1249 ret = nc_server_config_ch_create_ssh(ch_endpt);
1250 if (ret) {
1251 goto cleanup;
1252 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1253 } else if (op == NC_OP_DELETE) {
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]1254 nc_server_config_del_ssh_opts(NULL, ch_endpt->opts.ssh);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1255 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1256 }
1257
1258cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1259 if (is_ch(node)) {
1260 /* UNLOCK */
1261 nc_ch_client_unlock(ch_client);
1262 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1263 return ret;
1264}
1265
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1266static int
1267nc_server_config_create_tls(struct nc_endpt *endpt)
1268{
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]1269 endpt->ti = NC_TI_TLS;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1270 endpt->opts.tls = calloc(1, sizeof *endpt->opts.tls);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1271 NC_CHECK_ERRMEM_RET(!endpt->opts.tls, 1);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1272
1273 return 0;
1274}
1275
1276static int
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1277nc_server_config_ch_create_tls(struct nc_ch_endpt *ch_endpt)
1278{
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]1279 ch_endpt->ti = NC_TI_TLS;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1280 ch_endpt->opts.tls = calloc(1, sizeof(struct nc_server_tls_opts));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1281 NC_CHECK_ERRMEM_RET(!ch_endpt->opts.tls, 1);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1282
1283 return 0;
1284}
1285
1286static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1287nc_server_config_tls(const struct lyd_node *node, NC_OPERATION op)
1288{
1289 struct nc_endpt *endpt;
1290 struct nc_bind *bind;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1291 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1292 struct nc_ch_client *ch_client = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1293 int ret = 0;
1294
1295 assert(!strcmp(LYD_NAME(node), "tls"));
1296
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1297 if (is_listen(node)) {
1298 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
1299 ret = 1;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1300 goto cleanup;
1301 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1302
1303 if (op == NC_OP_CREATE) {
1304 ret = nc_server_config_create_tls(endpt);
1305 if (ret) {
1306 goto cleanup;
1307 }
1308 } else if (op == NC_OP_DELETE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1309 nc_server_config_del_tls_opts(bind, endpt->opts.tls);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1310 }
1311 } else {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1312 /* LOCK */
1313 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1314 /* to avoid unlock on fail */
1315 return 1;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1316 }
1317
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1318 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1319 ret = 1;
1320 goto cleanup;
1321 }
1322
1323 if (op == NC_OP_CREATE) {
1324 ret = nc_server_config_ch_create_tls(ch_endpt);
1325 if (ret) {
1326 goto cleanup;
1327 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1328 } else if (op == NC_OP_DELETE) {
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]1329 nc_server_config_del_tls_opts(NULL, ch_endpt->opts.tls);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1330 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1331 }
1332
1333cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1334 if (is_ch(node)) {
1335 /* UNLOCK */
1336 nc_ch_client_unlock(ch_client);
1337 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1338 return ret;
1339}
1340
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1341/* mandatory leaf */
1342static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1343nc_server_config_local_address(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1344{
1345 struct nc_endpt *endpt;
1346 struct nc_bind *bind;
1347 int ret = 0;
1348
1349 (void) op;
1350
1351 assert(!strcmp(LYD_NAME(node), "local-address"));
1352
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1353 if (equal_parent_name(node, 5, "listen")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1354 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1355 ret = 1;
1356 goto cleanup;
1357 }
1358
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1359 free(bind->address);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1360 bind->address = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1361 NC_CHECK_ERRMEM_GOTO(!bind->address, ret = 1, cleanup);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1362
romanfb3f7cf2023-11-30 16:10:09 +0100[diff] [blame]1363 ret = nc_server_set_address_port(endpt, bind, lyd_get_value(node), 0);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1364 if (ret) {
1365 goto cleanup;
1366 }
1367 }
1368
1369cleanup:
1370 return ret;
1371}
1372
1373/* leaf with default value */
1374static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1375nc_server_config_local_port(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1376{
1377 struct nc_endpt *endpt;
1378 struct nc_bind *bind;
1379 int ret = 0;
1380
1381 assert(!strcmp(LYD_NAME(node), "local-port"));
1382
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1383 if (equal_parent_name(node, 5, "listen")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1384 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1385 ret = 1;
1386 goto cleanup;
1387 }
1388
1389 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1390 bind->port = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1391 } else {
1392 /* delete -> set to default */
1393 bind->port = 0;
1394 }
1395
romanfb3f7cf2023-11-30 16:10:09 +0100[diff] [blame]1396 ret = nc_server_set_address_port(endpt, bind, NULL, bind->port);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1397 if (ret) {
1398 goto cleanup;
1399 }
1400 }
1401
1402cleanup:
1403 return ret;
1404}
1405
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1406/* NP container */
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1407static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1408nc_server_config_keepalives(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1409{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1410 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1411 struct nc_endpt *endpt;
1412 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1413 struct nc_ch_endpt *ch_endpt;
roman6cb86ea2023-11-08 15:12:05 +0100[diff] [blame]1414 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1415
1416 assert(!strcmp(LYD_NAME(node), "keepalives"));
1417
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1418 if (is_listen(node) && equal_parent_name(node, 1, "tcp-server-parameters")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1419 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1420 ret = 1;
1421 goto cleanup;
1422 }
1423
1424 if (op == NC_OP_CREATE) {
1425 endpt->ka.enabled = 1;
1426 } else {
1427 endpt->ka.enabled = 0;
1428 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1429 } else if (is_ch(node) && equal_parent_name(node, 1, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1430 /* LOCK */
1431 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1432 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1433 return 1;
1434 }
1435
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1436 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1437 ret = 1;
1438 goto cleanup;
1439 }
1440
1441 if (op == NC_OP_CREATE) {
1442 ch_endpt->ka.enabled = 1;
1443 } else {
1444 ch_endpt->ka.enabled = 0;
1445 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1446 }
1447
1448cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1449 if (is_ch(node) && equal_parent_name(node, 1, "tcp-client-parameters")) {
1450 /* UNLOCK */
1451 nc_ch_client_unlock(ch_client);
1452 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1453 return ret;
1454}
1455
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1456/* leaf with default value */
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1457static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1458nc_server_config_idle_time(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1459{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1460 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1461 struct nc_endpt *endpt;
1462 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1463 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1464 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1465
1466 assert(!strcmp(LYD_NAME(node), "idle-time"));
1467
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1468 if (is_listen(node) && equal_parent_name(node, 2, "tcp-server-parameters")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1469 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1470 ret = 1;
1471 goto cleanup;
1472 }
1473
1474 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1475 endpt->ka.idle_time = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1476 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1477 /* delete -> set to default */
1478 endpt->ka.idle_time = 7200;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1479 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1480 } else if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1481 /* LOCK */
1482 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1483 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1484 return 1;
1485 }
1486
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1487 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1488 ret = 1;
1489 goto cleanup;
1490 }
1491
1492 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1493 ch_endpt->ka.idle_time = ((struct lyd_node_term *)node)->value.uint16;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1494 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1495 /* delete -> set to default */
1496 ch_endpt->ka.idle_time = 7200;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1497 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1498 }
1499
1500cleanup:
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1501 if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1502 /* UNLOCK */
1503 nc_ch_client_unlock(ch_client);
1504 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1505 return ret;
1506}
1507
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1508/* leaf with default value */
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1509static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1510nc_server_config_max_probes(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1511{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1512 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1513 struct nc_endpt *endpt;
1514 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1515 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1516 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1517
1518 assert(!strcmp(LYD_NAME(node), "max-probes"));
1519
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1520 if (is_listen(node) && equal_parent_name(node, 2, "tcp-server-parameters")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1521 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1522 ret = 1;
1523 goto cleanup;
1524 }
1525
1526 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1527 endpt->ka.max_probes = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1528 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1529 /* delete -> set to default */
1530 endpt->ka.max_probes = 9;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1531 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1532 } else if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1533 /* LOCK */
1534 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1535 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1536 return 1;
1537 }
1538
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1539 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1540 ret = 1;
1541 goto cleanup;
1542 }
1543
1544 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1545 ch_endpt->ka.max_probes = ((struct lyd_node_term *)node)->value.uint16;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1546 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1547 /* delete -> set to default */
1548 ch_endpt->ka.max_probes = 9;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1549 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1550 }
1551
1552cleanup:
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1553 if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1554 /* UNLOCK */
1555 nc_ch_client_unlock(ch_client);
1556 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1557 return ret;
1558}
1559
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1560/* leaf with default value */
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1561static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1562nc_server_config_probe_interval(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1563{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1564 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1565 struct nc_endpt *endpt;
1566 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1567 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1568 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1569
1570 assert(!strcmp(LYD_NAME(node), "probe-interval"));
1571
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1572 if (is_listen(node) && equal_parent_name(node, 2, "tcp-server-parameters")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1573 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1574 ret = 1;
1575 goto cleanup;
1576 }
1577
1578 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1579 endpt->ka.probe_interval = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1580 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1581 /* delete -> set to default */
1582 endpt->ka.probe_interval = 75;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1583 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1584 } else if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1585 /* LOCK */
1586 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1587 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1588 return 1;
1589 }
1590
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1591 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1592 ret = 1;
1593 goto cleanup;
1594 }
1595
1596 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1597 ch_endpt->ka.probe_interval = ((struct lyd_node_term *)node)->value.uint16;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1598 } else {
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1599 /* delete -> set to default */
1600 ch_endpt->ka.probe_interval = 75;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1601 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1602 }
1603
1604cleanup:
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1605 if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1606 /* UNLOCK */
1607 nc_ch_client_unlock(ch_client);
1608 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1609 return ret;
1610}
1611
1612static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1613nc_server_config_create_host_key(const struct lyd_node *node, struct nc_server_ssh_opts *opts)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1614{
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1615 node = lyd_child(node);
1616 assert(!strcmp(LYD_NAME(node), "name"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1617
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1618 return nc_server_config_realloc(lyd_get_value(node), (void **)&opts->hostkeys, sizeof *opts->hostkeys, &opts->hostkey_count);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1619}
1620
1621/* list */
1622static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1623nc_server_config_host_key(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1624{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1625 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1626 struct nc_hostkey *hostkey;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1627 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1628 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1629
1630 assert(!strcmp(LYD_NAME(node), "host-key"));
1631
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1632 if (equal_parent_name(node, 1, "server-identity")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1633 /* LOCK */
1634 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1635 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1636 return 1;
1637 }
1638
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1639 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman6cb86ea2023-11-08 15:12:05 +0100[diff] [blame]1640 ret = 1;
1641 goto cleanup;
1642 }
1643
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1644 if (op == NC_OP_CREATE) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1645 ret = nc_server_config_create_host_key(node, opts);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1646 if (ret) {
1647 goto cleanup;
1648 }
1649 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1650 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1651 ret = 1;
1652 goto cleanup;
1653 }
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1654 nc_server_config_del_hostkey(opts, hostkey);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1655 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1656 }
1657
1658cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1659 if (is_ch(node) && equal_parent_name(node, 1, "server-identity")) {
1660 /* UNLOCK */
1661 nc_ch_client_unlock(ch_client);
1662 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1663 return ret;
1664}
1665
1666/* mandatory leaf */
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1667static int
1668nc_server_config_public_key_format(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1669{
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1670 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1671 const char *format;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1672 NC_PUBKEY_FORMAT pubkey_type;
roman8edee342023-03-31 13:25:48 +0200[diff] [blame]1673 struct nc_public_key *pubkey;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1674 struct nc_hostkey *hostkey;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1675 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1676 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1677
1678 assert(!strcmp(LYD_NAME(node), "public-key-format"));
1679
roman6cb86ea2023-11-08 15:12:05 +0100[diff] [blame]1680 /* LOCK */
1681 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
1682 /* to avoid unlock on fail */
1683 return 1;
1684 }
1685
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1686 format = ((struct lyd_node_term *)node)->value.ident->name;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1687 if (!strcmp(format, "ssh-public-key-format")) {
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1688 pubkey_type = NC_PUBKEY_FORMAT_SSH;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1689 } else if (!strcmp(format, "subject-public-key-info-format")) {
1690 pubkey_type = NC_PUBKEY_FORMAT_X509;
1691 } else {
1692 ERR(NULL, "Public key format (%s) not supported.", format);
1693 ret = 1;
1694 goto cleanup;
1695 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1696
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1697 if (is_ssh(node) && equal_parent_name(node, 4, "server-identity")) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1698 /* SSH hostkey public key fmt */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1699 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1700 ret = 1;
1701 goto cleanup;
1702 }
1703
1704 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
1705 hostkey->key.pubkey_type = pubkey_type;
1706 }
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1707 } else if (is_ssh(node) && equal_parent_name(node, 6, "client-authentication")) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1708 /* SSH client auth public key fmt */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1709 if (nc_server_config_get_pubkey(node, ch_client, &pubkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1710 ret = 1;
1711 goto cleanup;
1712 }
1713
1714 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1715 pubkey->type = pubkey_type;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1716 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1717 } else if (is_tls(node) && equal_parent_name(node, 3, "server-identity")) {
1718 /* TLS server-identity */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1719 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1720 ret = 1;
1721 goto cleanup;
1722 }
1723
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1724 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1725 opts->pubkey_type = pubkey_type;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1726 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1727 }
1728
1729cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1730 if (is_ch(node)) {
1731 /* UNLOCK */
1732 nc_ch_client_unlock(ch_client);
1733 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1734 return ret;
1735}
1736
1737static int
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]1738nc_server_config_create_auth_key_public_key_list(const struct lyd_node *node, struct nc_auth_client *auth_client)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1739{
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1740 assert(!strcmp(LYD_NAME(node), "public-key"));
1741
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1742 node = lyd_child(node);
1743 assert(!strcmp(LYD_NAME(node), "name"));
1744
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]1745 return nc_server_config_realloc(lyd_get_value(node), (void **)&auth_client->pubkeys, sizeof *auth_client->pubkeys,
1746 &auth_client->pubkey_count);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1747}
1748
1749static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1750nc_server_config_replace_auth_key_public_key_leaf(const struct lyd_node *node, struct nc_public_key *pubkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1751{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1752 free(pubkey->data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1753 pubkey->data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1754 NC_CHECK_ERRMEM_RET(!pubkey->data, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1755
1756 return 0;
1757}
1758
1759static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1760nc_server_config_replace_host_key_public_key(const struct lyd_node *node, struct nc_hostkey *hostkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1761{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1762 free(hostkey->key.pubkey_data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1763 hostkey->key.pubkey_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1764 NC_CHECK_ERRMEM_RET(!hostkey->key.pubkey_data, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1765
1766 return 0;
1767}
1768
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1769static int
1770nc_server_config_tls_replace_server_public_key(const struct lyd_node *node, struct nc_server_tls_opts *opts)
1771{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1772 free(opts->pubkey_data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1773 opts->pubkey_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1774 NC_CHECK_ERRMEM_RET(!opts->pubkey_data, 1);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1775
1776 return 0;
1777}
1778
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1779static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1780nc_server_config_public_key(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1781{
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1782 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1783 struct nc_hostkey *hostkey;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]1784 struct nc_auth_client *auth_client;
roman8edee342023-03-31 13:25:48 +0200[diff] [blame]1785 struct nc_public_key *pubkey;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1786 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1787 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1788
1789 assert(!strcmp(LYD_NAME(node), "public-key"));
1790
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1791 /* LOCK */
1792 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]1793 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1794 return 1;
1795 }
1796
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1797 if (is_ssh(node) && equal_parent_name(node, 3, "host-key")) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1798 /* server's public-key, mandatory leaf */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1799 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1800 ret = 1;
1801 goto cleanup;
1802 }
1803
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1804 /* the public key must not be SubjectPublicKeyInfoFormat, as per the ietf-netconf-server model */
roman51a1e192023-09-14 10:13:45 +0200[diff] [blame]1805 if (nc_is_pk_subject_public_key_info(lyd_get_value(node))) {
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1806 ERR(NULL, "Using Public Key in the SubjectPublicKeyInfo format as an SSH hostkey is forbidden!");
1807 ret = 1;
1808 goto cleanup;
1809 }
1810
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1811 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1812 /* set to local */
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1813 hostkey->store = NC_STORE_LOCAL;
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1814
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1815 ret = nc_server_config_replace_host_key_public_key(node, hostkey);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1816 if (ret) {
1817 goto cleanup;
1818 }
1819 }
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1820 } else if (is_ssh(node) && equal_parent_name(node, 5, "client-authentication")) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1821 /* client auth pubkeys, list */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1822 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1823 ret = 1;
1824 goto cleanup;
1825 }
1826
1827 if (op == NC_OP_CREATE) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1828 /* set to local */
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1829 auth_client->store = NC_STORE_LOCAL;
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1830
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1831 ret = nc_server_config_create_auth_key_public_key_list(node, auth_client);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1832 if (ret) {
1833 goto cleanup;
1834 }
1835 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1836 if (nc_server_config_get_pubkey(node, ch_client, &pubkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1837 ret = 1;
1838 goto cleanup;
1839 }
1840
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1841 nc_server_config_del_auth_client_pubkey(auth_client, pubkey);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1842 }
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1843 } else if (is_ssh(node) && equal_parent_name(node, 6, "client-authentication")) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1844 /* client auth pubkey, leaf */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1845 if (nc_server_config_get_pubkey(node, ch_client, &pubkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1846 ret = 1;
1847 goto cleanup;
1848 }
1849
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1850 /* the public key must not be SubjectPublicKeyInfoFormat, as per the ietf-netconf-server model */
roman51a1e192023-09-14 10:13:45 +0200[diff] [blame]1851 if (nc_is_pk_subject_public_key_info(lyd_get_value(node))) {
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1852 ERR(NULL, "Using Public Key in the SubjectPublicKeyInfo format as an SSH user's key is forbidden!");
1853 ret = 1;
1854 goto cleanup;
1855 }
1856
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1857 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1858 ret = nc_server_config_replace_auth_key_public_key_leaf(node, pubkey);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1859 if (ret) {
1860 goto cleanup;
1861 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1862 } else if (op == NC_OP_DELETE) {
1863 free(pubkey->data);
1864 pubkey->data = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1865 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1866 } else if (is_tls(node) && equal_parent_name(node, 3, "server-identity")) {
1867 /* TLS server-identity */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1868 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1869 ret = 1;
1870 goto cleanup;
1871 }
1872
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1873 /* the public key must be SubjectPublicKeyInfoFormat, as per the ietf-netconf-server model */
roman51a1e192023-09-14 10:13:45 +0200[diff] [blame]1874 if (!nc_is_pk_subject_public_key_info(lyd_get_value(node))) {
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1875 ERR(NULL, "TLS server certificate's Public Key must be in the SubjectPublicKeyInfo format!");
1876 ret = 1;
1877 goto cleanup;
1878 }
1879
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1880 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
1881 /* set to local */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1882 opts->store = NC_STORE_LOCAL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1883
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1884 ret = nc_server_config_tls_replace_server_public_key(node, opts);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1885 if (ret) {
1886 goto cleanup;
1887 }
1888 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1889 }
1890
1891cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1892 if (is_ch(node)) {
1893 /* UNLOCK */
1894 nc_ch_client_unlock(ch_client);
1895 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1896 return ret;
1897}
1898
1899/* leaf */
1900static int
1901nc_server_config_private_key_format(const struct lyd_node *node, NC_OPERATION op)
1902{
1903 int ret = 0;
1904 const char *format;
1905 NC_PRIVKEY_FORMAT privkey_type;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1906 struct nc_hostkey *hostkey;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1907 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1908 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1909
1910 (void) op;
1911
1912 assert(!strcmp(LYD_NAME(node), "private-key-format"));
1913
roman6cb86ea2023-11-08 15:12:05 +0100[diff] [blame]1914 /* LOCK */
1915 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
1916 /* to avoid unlock on fail */
1917 return 1;
1918 }
1919
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1920 format = ((struct lyd_node_term *)node)->value.ident->name;
1921 if (!format) {
1922 ret = 1;
1923 goto cleanup;
1924 }
1925
1926 privkey_type = nc_server_config_get_private_key_type(format);
1927 if (privkey_type == NC_PRIVKEY_FORMAT_UNKNOWN) {
1928 ERR(NULL, "Unknown private key format.");
1929 ret = 1;
1930 goto cleanup;
1931 }
1932
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1933 if (is_ssh(node)) {
1934 /* ssh */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1935 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1936 ret = 1;
1937 goto cleanup;
1938 }
1939
1940 hostkey->key.privkey_type = privkey_type;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1941 } else if (is_tls(node)) {
1942 /* tls */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1943 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1944 ret = 1;
1945 goto cleanup;
1946 }
1947
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1948 opts->privkey_type = privkey_type;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1949 }
1950
1951cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1952 if (is_ch(node)) {
1953 /* UNLOCK */
1954 nc_ch_client_unlock(ch_client);
1955 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1956 return ret;
1957}
1958
1959static int
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1960nc_server_config_cleartext_private_key(const struct lyd_node *node, NC_OPERATION op)
1961{
1962 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1963 struct nc_hostkey *hostkey;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1964 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1965 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1966
1967 assert(!strcmp(LYD_NAME(node), "cleartext-private-key"));
1968
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1969 /* LOCK */
1970 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1971 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1972 return 1;
1973 }
1974
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1975 if (is_ssh(node)) {
1976 /* ssh */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1977 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1978 ret = 1;
1979 goto cleanup;
1980 }
1981
1982 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1983 free(hostkey->key.privkey_data);
1984 hostkey->key.privkey_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1985 NC_CHECK_ERRMEM_GOTO(!hostkey->key.privkey_data, ret = 1, cleanup);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1986 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1987 free(hostkey->key.privkey_data);
1988 hostkey->key.privkey_data = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1989 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1990 } else if (is_tls(node)) {
1991 /* tls */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]1992 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1993 ret = 1;
1994 goto cleanup;
1995 }
1996
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1997 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1998 free(opts->privkey_data);
1999 opts->privkey_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2000 NC_CHECK_ERRMEM_GOTO(!opts->privkey_data, ret = 1, cleanup);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2001 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2002 free(opts->privkey_data);
2003 opts->privkey_data = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2004 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2005 }
2006
2007cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2008 if (is_ch(node)) {
2009 /* UNLOCK */
2010 nc_ch_client_unlock(ch_client);
2011 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2012 return ret;
2013}
2014
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2015/* leaf */
2016static int
2017nc_server_config_keystore_reference(const struct lyd_node *node, NC_OPERATION op)
2018{
2019 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2020 struct nc_hostkey *hostkey;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2021 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2022
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]2023 assert(!strcmp(LYD_NAME(node), "central-keystore-reference"));
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2024
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2025 /* LOCK */
2026 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2027 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2028 return 1;
2029 }
2030
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2031 if (is_ssh(node) && equal_parent_name(node, 3, "server-identity")) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2032 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2033 ret = 1;
2034 goto cleanup;
2035 }
2036
2037 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
2038 /* set to keystore */
2039 hostkey->store = NC_STORE_KEYSTORE;
2040
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2041 free(hostkey->ks_ref);
romandd019a92023-09-14 10:17:07 +0200[diff] [blame]2042 hostkey->ks_ref = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2043 NC_CHECK_ERRMEM_GOTO(!hostkey->ks_ref, ret = 1, cleanup);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2044 } else if (op == NC_OP_DELETE) {
2045 free(hostkey->ks_ref);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2046 hostkey->ks_ref = NULL;
2047 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2048 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2049
2050cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2051 if (is_ch(node)) {
2052 /* UNLOCK */
2053 nc_ch_client_unlock(ch_client);
2054 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2055 return ret;
2056}
2057
2058static int
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2059nc_server_config_create_auth_client(const struct lyd_node *node, struct nc_server_ssh_opts *opts)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2060{
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]2061 node = lyd_child(node);
2062 assert(!strcmp(LYD_NAME(node), "name"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2063
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]2064 return nc_server_config_realloc(lyd_get_value(node), (void **)&opts->auth_clients, sizeof *opts->auth_clients, &opts->client_count);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2065}
2066
2067/* list */
2068static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2069nc_server_config_user(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2070{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2071 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2072 struct nc_auth_client *auth_client;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2073 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2074 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2075
2076 assert(!strcmp(LYD_NAME(node), "user"));
2077
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2078 /* LOCK */
2079 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2080 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2081 return 1;
2082 }
2083
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2084 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2085 ret = 1;
2086 goto cleanup;
2087 }
2088
2089 if (op == NC_OP_CREATE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2090 ret = nc_server_config_create_auth_client(node, opts);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2091 if (ret) {
2092 goto cleanup;
2093 }
2094 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2095 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2096 ret = 1;
2097 goto cleanup;
2098 }
2099
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2100 nc_server_config_del_auth_client(opts, auth_client);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2101 }
2102
2103cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2104 if (is_ch(node)) {
2105 /* UNLOCK */
2106 nc_ch_client_unlock(ch_client);
2107 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2108 return ret;
2109}
2110
2111static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2112nc_server_config_auth_timeout(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2113{
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2114 int ret = 0;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2115 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2116 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2117
2118 assert(!strcmp(LYD_NAME(node), "auth-timeout"));
2119
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2120 /* LOCK */
2121 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2122 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2123 return 1;
2124 }
2125
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2126 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2127 ret = 1;
2128 goto cleanup;
2129 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2130
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2131 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]2132 opts->auth_timeout = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2133 }
2134
2135cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2136 if (is_ch(node)) {
2137 /* UNLOCK */
2138 nc_ch_client_unlock(ch_client);
2139 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2140 return ret;
2141}
2142
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2143/* leaf */
2144static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2145nc_server_config_truststore_reference(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2146{
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2147 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2148 struct nc_auth_client *auth_client;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2149 struct nc_ch_client *ch_client = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2150 struct nc_server_tls_opts *opts;
2151 struct nc_cert_grouping *certs_grp;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2152
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]2153 assert(!strcmp(LYD_NAME(node), "central-truststore-reference"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2154
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2155 /* LOCK */
2156 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2157 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2158 return 1;
2159 }
2160
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2161 if (is_ssh(node) && equal_parent_name(node, 1, "public-keys")) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2162 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2163 ret = 1;
2164 goto cleanup;
2165 }
2166
2167 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]2168 /* set to truststore */
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]2169 auth_client->store = NC_STORE_TRUSTSTORE;
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]2170
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2171 free(auth_client->ts_ref);
2172 auth_client->ts_ref = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2173 NC_CHECK_ERRMEM_GOTO(!auth_client->ts_ref, ret = 1, cleanup);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2174 } else if (op == NC_OP_DELETE) {
2175 free(auth_client->ts_ref);
romand57b3722023-04-05 11:26:25 +0200[diff] [blame]2176 auth_client->ts_ref = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2177 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2178 } else if (is_tls(node) && (equal_parent_name(node, 1, "ca-certs") || equal_parent_name(node, 1, "ee-certs"))) {
2179 /* ee-certs or ca-certs */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2180 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2181 ret = 1;
2182 goto cleanup;
2183 }
2184
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2185 if (equal_parent_name(node, 1, "ca-certs")) {
2186 certs_grp = &opts->ca_certs;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2187 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2188 certs_grp = &opts->ee_certs;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2189 }
2190
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2191 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
2192 /* set to truststore */
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2193 certs_grp->store = NC_STORE_TRUSTSTORE;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2194
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2195 free(certs_grp->ts_ref);
2196 certs_grp->ts_ref = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2197 NC_CHECK_ERRMEM_GOTO(!certs_grp->ts_ref, ret = 1, cleanup);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2198 } else if (op == NC_OP_DELETE) {
2199 free(certs_grp->ts_ref);
2200 certs_grp->ts_ref = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2201 }
2202 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2203
2204cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2205 if (is_ch(node)) {
2206 /* UNLOCK */
2207 nc_ch_client_unlock(ch_client);
2208 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2209 return ret;
2210}
2211
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]2212static int
2213nc_server_config_use_system_keys(const struct lyd_node *node, NC_OPERATION op)
2214{
2215 int ret = 0;
2216 struct nc_auth_client *auth_client;
2217 struct nc_ch_client *ch_client = NULL;
2218
2219 assert(!strcmp(LYD_NAME(node), "use-system-keys"));
2220
2221 /* LOCK */
2222 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
2223 /* to avoid unlock on fail */
2224 return 1;
2225 }
2226
2227 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
2228 ret = 1;
2229 goto cleanup;
2230 }
2231
2232 if (op == NC_OP_CREATE) {
2233 auth_client->store = NC_STORE_SYSTEM;
2234 }
2235
2236cleanup:
2237 if (is_ch(node)) {
2238 /* UNLOCK */
2239 nc_ch_client_unlock(ch_client);
2240 }
2241 return ret;
2242}
2243
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2244/* leaf */
2245static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2246nc_server_config_password(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2247{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2248 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2249 struct nc_auth_client *auth_client;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2250 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2251
2252 assert(!strcmp(LYD_NAME(node), "password"));
2253
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2254 /* LOCK */
2255 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2256 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2257 return 1;
2258 }
2259
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2260 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2261 ret = 1;
2262 goto cleanup;
2263 }
2264
2265 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2266 free(auth_client->password);
2267 auth_client->password = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2268 NC_CHECK_ERRMEM_GOTO(!auth_client->password, ret = 1, cleanup);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2269 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2270 free(auth_client->password);
2271 auth_client->password = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2272 }
2273
2274cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2275 if (is_ch(node)) {
2276 /* UNLOCK */
2277 nc_ch_client_unlock(ch_client);
2278 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2279 return ret;
2280}
2281
2282static int
romanc6518422023-11-30 16:39:00 +0100[diff] [blame]2283nc_server_config_use_system_auth(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2284{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2285 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2286 struct nc_auth_client *auth_client;
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2287 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2288
romanc6518422023-11-30 16:39:00 +0100[diff] [blame]2289 assert(!strcmp(LYD_NAME(node), "use-system-auth"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2290
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2291 /* LOCK */
2292 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2293 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2294 return 1;
2295 }
2296
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2297 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2298 ret = 1;
2299 goto cleanup;
2300 }
2301
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2302 if (op == NC_OP_CREATE) {
2303 auth_client->kb_int_enabled = 1;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2304 } else {
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2305 auth_client->kb_int_enabled = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2306 }
2307
2308cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2309 if (is_ch(node)) {
2310 /* UNLOCK */
2311 nc_ch_client_unlock(ch_client);
2312 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2313 return ret;
2314}
2315
2316/* leaf */
2317static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2318nc_server_config_none(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2319{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2320 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2321 struct nc_auth_client *auth_client;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2322 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2323
2324 assert(!strcmp(LYD_NAME(node), "none"));
2325
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2326 /* LOCK */
2327 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2328 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2329 return 1;
2330 }
2331
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2332 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2333 ret = 1;
2334 goto cleanup;
2335 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2336
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2337 if (op == NC_OP_CREATE) {
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2338 auth_client->none_enabled = 1;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2339 } else {
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2340 auth_client->none_enabled = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2341 }
2342
2343cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2344 if (is_ch(node)) {
2345 /* UNLOCK */
2346 nc_ch_client_unlock(ch_client);
2347 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2348 return ret;
2349}
2350
2351static int
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]2352nc_server_config_delete_substring(const char *haystack, const char *needle, const char delim)
2353{
2354 size_t needle_len = strlen(needle);
2355 char *substr;
2356 int substr_found = 0, ret = 0;
2357
2358 while ((substr = strstr(haystack, needle))) {
2359 /* iterate over all the substrings */
2360 if (((substr == haystack) && (*(substr + needle_len) == delim)) ||
2361 ((substr != haystack) && (*(substr - 1) == delim) && (*(substr + needle_len) == delim))) {
2362 /* either the first element of the string or somewhere in the middle */
2363 memmove(substr, substr + needle_len + 1, strlen(substr + needle_len + 1));
2364 substr_found = 1;
2365 break;
2366 } else if ((*(substr - 1) == delim) && (*(substr + needle_len) == '\0')) {
2367 /* the last element of the string */
2368 *(substr - 1) = '\0';
2369 substr_found = 1;
2370 break;
2371 }
2372 haystack = substr + 1;
2373 }
2374 if (!substr_found) {
2375 ret = 1;
2376 }
2377
2378 return ret;
2379}
2380
2381static int
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2382nc_server_config_transport_params(const char *algorithm, char **alg_store, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2383{
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]2384 int ret = 0;
2385 char *alg = NULL;
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2386
2387 if (!strncmp(algorithm, "openssh-", 8)) {
2388 /* if the name starts with openssh, convert it to it's original libssh accepted form */
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2389 ret = asprintf(&alg, "%s@openssh.com", algorithm + 8);
2390 NC_CHECK_ERRMEM_GOTO(ret == -1, ret = 1; alg = NULL, cleanup);
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2391 } else if (!strncmp(algorithm, "libssh-", 7)) {
2392 /* if the name starts with libssh, convert it to it's original libssh accepted form */
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2393 ret = asprintf(&alg, "%s@libssh.org", algorithm + 7);
2394 NC_CHECK_ERRMEM_GOTO(ret == -1, ret = 1; alg = NULL, cleanup);
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2395 } else {
2396 alg = strdup(algorithm);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2397 NC_CHECK_ERRMEM_GOTO(!alg, ret = 1, cleanup);
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2398 }
2399
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2400 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
2401 if (!*alg_store) {
2402 /* first call */
2403 *alg_store = strdup(alg);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2404 NC_CHECK_ERRMEM_GOTO(!*alg_store, ret = 1, cleanup);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2405 } else {
2406 /* +1 because of ',' between algorithms */
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2407 *alg_store = nc_realloc(*alg_store, strlen(*alg_store) + strlen(alg) + 1 + 1);
2408 NC_CHECK_ERRMEM_GOTO(!*alg_store, ret = 1, cleanup);
roman08f67f42023-06-08 13:51:54 +0200[diff] [blame]2409 strcat(*alg_store, ",");
2410 strcat(*alg_store, alg);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2411 }
2412 } else {
2413 /* delete */
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]2414 ret = nc_server_config_delete_substring(*alg_store, alg, ',');
2415 if (ret) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2416 ERR(NULL, "Unable to delete an algorithm (%s), which was not previously added.", alg);
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]2417 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2418 }
2419 }
2420
2421cleanup:
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2422 free(alg);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2423 return ret;
2424}
2425
2426/* leaf-list */
2427static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2428nc_server_config_host_key_alg(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2429{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2430 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2431 const char *alg;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2432 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2433 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2434
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2435 assert(!strcmp(LYD_NAME(node), "host-key-alg"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2436
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2437 /* LOCK */
2438 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2439 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2440 return 1;
2441 }
2442
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2443 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2444 ret = 1;
2445 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2446 }
2447
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2448 /* get the algorithm name and append it to supported algs */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2449 alg = ((struct lyd_node_term *)node)->value.ident->name;
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2450 if (nc_server_config_transport_params(alg, &opts->hostkey_algs, op)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2451 ret = 1;
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2452 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2453 }
2454
2455cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2456 if (is_ch(node)) {
2457 /* UNLOCK */
2458 nc_ch_client_unlock(ch_client);
2459 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2460 return ret;
2461}
2462
2463/* leaf-list */
2464static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2465nc_server_config_kex_alg(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2466{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2467 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2468 const char *alg;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2469 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2470 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2471
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2472 assert(!strcmp(LYD_NAME(node), "key-exchange-alg"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2473
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2474 /* LOCK */
2475 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2476 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2477 return 1;
2478 }
2479
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2480 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2481 ret = 1;
2482 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2483 }
2484
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2485 /* get the algorithm name and append it to supported algs */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2486 alg = ((struct lyd_node_term *)node)->value.ident->name;
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2487 if (nc_server_config_transport_params(alg, &opts->kex_algs, op)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2488 ret = 1;
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2489 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2490 }
2491
2492cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2493 if (is_ch(node)) {
2494 /* UNLOCK */
2495 nc_ch_client_unlock(ch_client);
2496 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2497 return ret;
2498}
2499
2500/* leaf-list */
2501static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2502nc_server_config_encryption_alg(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2503{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2504 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2505 const char *alg;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2506 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2507 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2508
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2509 assert(!strcmp(LYD_NAME(node), "encryption-alg"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2510
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2511 /* LOCK */
2512 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2513 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2514 return 1;
2515 }
2516
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2517 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2518 ret = 1;
2519 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2520 }
2521
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2522 /* get the algorithm name and append it to supported algs */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2523 alg = ((struct lyd_node_term *)node)->value.ident->name;
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2524 if (nc_server_config_transport_params(alg, &opts->encryption_algs, op)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2525 ret = 1;
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2526 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2527 }
2528
2529cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2530 if (is_ch(node)) {
2531 /* UNLOCK */
2532 nc_ch_client_unlock(ch_client);
2533 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2534 return ret;
2535}
2536
2537/* leaf-list */
2538static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2539nc_server_config_mac_alg(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2540{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2541 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2542 const char *alg;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2543 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2544 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2545
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2546 assert(!strcmp(LYD_NAME(node), "mac-alg"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2547
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2548 /* LOCK */
2549 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2550 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2551 return 1;
2552 }
2553
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2554 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2555 ret = 1;
2556 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2557 }
2558
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2559 /* get the algorithm name and append it to supported algs */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2560 alg = ((struct lyd_node_term *)node)->value.ident->name;
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2561 if (nc_server_config_transport_params(alg, &opts->mac_algs, op)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2562 ret = 1;
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]2563 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2564 }
2565
2566cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2567 if (is_ch(node)) {
2568 /* UNLOCK */
2569 nc_ch_client_unlock(ch_client);
2570 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2571 return ret;
2572}
2573
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2574static int
2575nc_server_config_check_endpt_reference_cycle(struct nc_endpt *original, struct nc_endpt *next)
2576{
2577 if (!next->referenced_endpt_name) {
2578 /* no further reference -> no cycle */
2579 return 0;
2580 }
2581
2582 if (!strcmp(original->name, next->referenced_endpt_name)) {
2583 /* found cycle */
2584 return 1;
2585 } else {
2586 if (nc_server_get_referenced_endpt(next->referenced_endpt_name, &next)) {
2587 /* referenced endpoint does not exist */
2588 return 1;
2589 }
2590
2591 /* continue further */
2592 return nc_server_config_check_endpt_reference_cycle(original, next);
2593 }
2594}
2595
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2596/**
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2597 * @brief Set all endpoint references.
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2598 *
2599 * @return 0 on success, 1 on error.
2600 */
2601static int
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2602nc_server_config_check_endpt_references(void)
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2603{
2604 uint16_t i, j;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2605 struct nc_endpt *referenced_endpt = NULL;
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2606
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2607 /* first do listen endpoints */
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2608 for (i = 0; i < server_opts.endpt_count; i++) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2609 /* go through all the endpoints */
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2610 if (server_opts.endpts[i].referenced_endpt_name) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2611 /* get referenced endpt */
2612 if (nc_server_get_referenced_endpt(server_opts.endpts[i].referenced_endpt_name, &referenced_endpt)) {
2613 ERR(NULL, "Endpoint \"%s\" referenced by endpoint \"%s\" does not exist.",
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2614 server_opts.endpts[i].referenced_endpt_name, server_opts.endpts[i].name);
2615 return 1;
2616 }
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2617
2618 /* check if the endpoint references itself */
2619 if (&server_opts.endpts[i] == referenced_endpt) {
2620 ERR(NULL, "Endpoint \"%s\" references itself.", server_opts.endpts[i].name);
2621 return 1;
2622 }
2623
2624 /* check transport */
2625 if ((server_opts.endpts[i].ti != referenced_endpt->ti)) {
2626 ERR(NULL, "Endpoint \"%s\" referenced by endpoint \"%s\" has different transport type.",
2627 server_opts.endpts[i].referenced_endpt_name, server_opts.endpts[i].name);
2628 return 1;
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]2629 } else if ((referenced_endpt->ti != NC_TI_SSH) && (referenced_endpt->ti != NC_TI_TLS)) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2630 ERR(NULL, "Endpoint \"%s\" referenced by endpoint \"%s\" has unsupported transport type.",
2631 server_opts.endpts[i].referenced_endpt_name, server_opts.endpts[i].name);
2632 return 1;
2633 }
2634
2635 /* check cyclic reference */
2636 if (nc_server_config_check_endpt_reference_cycle(&server_opts.endpts[i], referenced_endpt)) {
2637 ERR(NULL, "Endpoint \"%s\" referenced by endpoint \"%s\" creates a cycle.",
2638 server_opts.endpts[i].referenced_endpt_name, server_opts.endpts[i].name);
2639 return 1;
2640 }
2641
2642 /* all went well, assign the name to the opts, so we can access it for auth */
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]2643 if (server_opts.endpts[i].ti == NC_TI_SSH) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2644 server_opts.endpts[i].opts.ssh->referenced_endpt_name = referenced_endpt->name;
2645 } else {
2646 server_opts.endpts[i].opts.tls->referenced_endpt_name = referenced_endpt->name;
2647 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2648 }
2649 }
2650
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2651 /* now check all the call home endpoints */
2652 /* LOCK */
2653 pthread_rwlock_rdlock(&server_opts.ch_client_lock);
2654 for (i = 0; i < server_opts.ch_client_count; i++) {
2655 /* LOCK */
2656 pthread_mutex_lock(&server_opts.ch_clients[i].lock);
2657 for (j = 0; j < server_opts.ch_clients[i].ch_endpt_count; j++) {
2658 if (server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name) {
2659 /* get referenced endpt */
2660 if (nc_server_get_referenced_endpt(server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, &referenced_endpt)) {
2661 ERR(NULL, "Endpoint \"%s\" referenced by call home endpoint \"%s\" does not exist.",
2662 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, server_opts.ch_clients[i].ch_endpts[j].name);
2663 goto ch_fail;
2664 }
2665
2666 /* check transport */
2667 if (server_opts.ch_clients[i].ch_endpts[j].ti != referenced_endpt->ti) {
2668 ERR(NULL, "Endpoint \"%s\" referenced by call home endpoint \"%s\" has different transport type.",
2669 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, server_opts.ch_clients[i].ch_endpts[j].name);
2670 goto ch_fail;
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]2671 } else if ((referenced_endpt->ti != NC_TI_SSH) && (referenced_endpt->ti != NC_TI_TLS)) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2672 ERR(NULL, "Endpoint \"%s\" referenced by call home endpoint \"%s\" has unsupported transport type.",
2673 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, server_opts.ch_clients[i].ch_endpts[j].name);
2674 goto ch_fail;
2675 }
2676
2677 /* check cyclic reference */
2678 if (nc_server_config_check_endpt_reference_cycle(referenced_endpt, referenced_endpt)) {
2679 ERR(NULL, "Endpoint \"%s\" referenced by call home endpoint \"%s\" creates a cycle.",
2680 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, server_opts.ch_clients[i].ch_endpts[j].name);
2681 goto ch_fail;
2682 }
2683
2684 /* all went well, assign the name to the opts, so we can access it for auth */
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]2685 if (server_opts.ch_clients[i].ch_endpts[j].ti == NC_TI_SSH) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2686 server_opts.ch_clients[i].ch_endpts[j].opts.ssh->referenced_endpt_name = referenced_endpt->name;
2687 } else {
2688 server_opts.ch_clients[i].ch_endpts[j].opts.tls->referenced_endpt_name = referenced_endpt->name;
2689 }
2690 }
2691 }
2692 /* UNLOCK */
2693 pthread_mutex_unlock(&server_opts.ch_clients[i].lock);
2694 }
2695
2696 /* UNLOCK */
2697 pthread_rwlock_unlock(&server_opts.ch_client_lock);
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2698 return 0;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2699
2700ch_fail:
2701 /* UNLOCK */
2702 pthread_mutex_unlock(&server_opts.ch_clients[i].lock);
2703 /* UNLOCK */
2704 pthread_rwlock_unlock(&server_opts.ch_client_lock);
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]2705 return 1;
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2706}
2707
2708static int
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2709nc_server_config_endpoint_reference(const struct lyd_node *node, NC_OPERATION op)
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2710{
2711 int ret = 0;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2712 struct nc_endpt *endpt = NULL;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2713 struct nc_ch_client *ch_client = NULL;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2714 struct nc_ch_endpt *ch_endpt = NULL;
2715 struct nc_server_ssh_opts *ssh = NULL;
2716 struct nc_server_tls_opts *tls = NULL;
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2717
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2718 assert(!strcmp(LYD_NAME(node), "endpoint-reference"));
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2719
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2720 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
2721 /* to avoid unlock on fail */
2722 return 1;
2723 }
2724
2725 /* get endpt */
2726 if (is_listen(node)) {
2727 ret = nc_server_config_get_endpt(node, &endpt, NULL);
2728 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2729 ret = nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt);
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2730 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2731 if (ret) {
2732 goto cleanup;
2733 }
2734
2735 if (op == NC_OP_DELETE) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2736 if (endpt) {
romanb7bfa652023-11-09 12:36:35 +0100[diff] [blame]2737 /* listen */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2738 free(endpt->referenced_endpt_name);
2739 endpt->referenced_endpt_name = NULL;
roman2e797ef2023-06-19 10:47:49 +0200[diff] [blame]2740 } else {
romanb7bfa652023-11-09 12:36:35 +0100[diff] [blame]2741 /* call home */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2742 free(ch_endpt->referenced_endpt_name);
2743 ch_endpt->referenced_endpt_name = NULL;
roman2e797ef2023-06-19 10:47:49 +0200[diff] [blame]2744 }
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2745 if (is_ssh(node)) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2746 if (nc_server_config_get_ssh_opts(node, ch_client, &ssh)) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2747 ret = 1;
2748 goto cleanup;
2749 }
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]2750
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2751 ssh->referenced_endpt_name = NULL;
2752 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2753 if (nc_server_config_get_tls_opts(node, ch_client, &tls)) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2754 ret = 1;
2755 goto cleanup;
2756 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2757
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2758 tls->referenced_endpt_name = NULL;
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2759 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2760
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2761 goto cleanup;
roman2e797ef2023-06-19 10:47:49 +0200[diff] [blame]2762 } else {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2763 /* just set the name, check it once configuring of all nodes is done */
2764 if (endpt) {
2765 free(endpt->referenced_endpt_name);
2766 endpt->referenced_endpt_name = strdup(lyd_get_value(node));
2767 NC_CHECK_ERRMEM_GOTO(!endpt->referenced_endpt_name, ret = 1, cleanup);
2768 } else {
2769 free(ch_endpt->referenced_endpt_name);
2770 ch_endpt->referenced_endpt_name = strdup(lyd_get_value(node));
2771 NC_CHECK_ERRMEM_GOTO(!ch_endpt->referenced_endpt_name, ret = 1, cleanup);
2772 }
2773
2774 goto cleanup;
roman2e797ef2023-06-19 10:47:49 +0200[diff] [blame]2775 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2776
2777cleanup:
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2778 if (is_ch(node)) {
2779 /* UNLOCK */
2780 nc_ch_client_unlock(ch_client);
2781 }
2782
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2783 return ret;
2784}
2785
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2786static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2787nc_server_config_cert_data(const struct lyd_node *node, NC_OPERATION op)
2788{
2789 int ret = 0;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2790 struct nc_certificate *cert;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2791 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2792 struct nc_ch_client *ch_client = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2793
2794 assert(!strcmp(LYD_NAME(node), "cert-data"));
2795
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2796 /* LOCK */
2797 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2798 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2799 return 1;
2800 }
2801
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2802 if (equal_parent_name(node, 3, "server-identity")) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2803 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2804 ret = 1;
2805 goto cleanup;
2806 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2807
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2808 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2809 free(opts->cert_data);
2810 opts->cert_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2811 NC_CHECK_ERRMEM_GOTO(!opts->cert_data, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2812 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2813 } else if (equal_parent_name(node, 3, "ca-certs") || equal_parent_name(node, 3, "ee-certs")) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2814 if (nc_server_config_get_cert(node, ch_client, &cert)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2815 ret = 1;
2816 goto cleanup;
2817 }
2818
2819 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2820 free(cert->data);
2821 cert->data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2822 NC_CHECK_ERRMEM_GOTO(!cert->data, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2823 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2824 free(cert->data);
2825 cert->data = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2826 }
2827 }
2828
2829cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2830 if (is_ch(node)) {
2831 /* UNLOCK */
2832 nc_ch_client_unlock(ch_client);
2833 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2834 return ret;
2835}
2836
2837static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2838nc_server_config_asymmetric_key(const struct lyd_node *node, NC_OPERATION op)
2839{
2840 int ret = 0;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2841 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2842 struct nc_ch_client *ch_client = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2843
2844 assert(!strcmp(LYD_NAME(node), "asymmetric-key"));
2845
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2846 /* LOCK */
2847 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2848 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2849 return 1;
2850 }
2851
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2852 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2853 ret = 1;
2854 goto cleanup;
2855 }
2856
2857 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
2858 /* set to keystore */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2859 opts->store = NC_STORE_KEYSTORE;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2860
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2861 free(opts->key_ref);
2862 opts->key_ref = strdup(lyd_get_value(node));
2863 NC_CHECK_ERRMEM_GOTO(!opts->key_ref, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2864 } else {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2865 free(opts->key_ref);
2866 opts->key_ref = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2867 }
2868
2869cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2870 if (is_ch(node)) {
2871 /* UNLOCK */
2872 nc_ch_client_unlock(ch_client);
2873 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2874 return ret;
2875}
2876
2877static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2878nc_server_config_create_ca_certs_certificate(const struct lyd_node *node, struct nc_server_tls_opts *opts)
2879{
2880 assert(!strcmp(LYD_NAME(node), "certificate"));
2881
2882 node = lyd_child(node);
2883 assert(!strcmp(LYD_NAME(node), "name"));
2884
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]2885 return nc_server_config_realloc(lyd_get_value(node), (void **)&opts->ca_certs.certs, sizeof *opts->ca_certs.certs,
2886 &opts->ca_certs.cert_count);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2887}
2888
2889static int
2890nc_server_config_create_ee_certs_certificate(const struct lyd_node *node, struct nc_server_tls_opts *opts)
2891{
2892 assert(!strcmp(LYD_NAME(node), "certificate"));
2893
2894 node = lyd_child(node);
2895 assert(!strcmp(LYD_NAME(node), "name"));
2896
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]2897 return nc_server_config_realloc(lyd_get_value(node), (void **)&opts->ee_certs.certs, sizeof *opts->ee_certs.certs,
2898 &opts->ee_certs.cert_count);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2899}
2900
2901static int
2902nc_server_config_certificate(const struct lyd_node *node, NC_OPERATION op)
2903{
2904 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2905 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2906 struct nc_ch_client *ch_client = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2907 struct nc_certificate *cert;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2908
2909 assert(!strcmp(LYD_NAME(node), "certificate"));
2910
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2911 /* LOCK */
2912 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2913 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2914 return 1;
2915 }
2916
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2917 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2918 ret = 1;
2919 goto cleanup;
2920 }
2921
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]2922 if (equal_parent_name(node, 1, "central-keystore-reference")) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2923 /* TLS server-identity */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2924 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
2925 /* set to keystore */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2926 opts->store = NC_STORE_KEYSTORE;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2927
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2928 free(opts->cert_ref);
2929 opts->cert_ref = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2930 NC_CHECK_ERRMEM_GOTO(!opts->cert_ref, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2931 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2932 free(opts->cert_ref);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2933 opts->cert_ref = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2934 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2935 } else if (equal_parent_name(node, 2, "ca-certs")) {
2936 /* TLS client auth certificate authority */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2937 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2938 ret = nc_server_config_create_ca_certs_certificate(node, opts);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2939 if (ret) {
2940 goto cleanup;
2941 }
2942 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2943 if (nc_server_config_get_cert(node, ch_client, &cert)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2944 ret = 1;
2945 goto cleanup;
2946 }
2947 nc_server_config_del_cert(&opts->ca_certs, cert);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2948 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2949 } else if (equal_parent_name(node, 2, "ee-certs")) {
2950 /* TLS client auth end entity */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2951 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2952 ret = nc_server_config_create_ee_certs_certificate(node, opts);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2953 if (ret) {
2954 goto cleanup;
2955 }
2956 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]2957 if (nc_server_config_get_cert(node, ch_client, &cert)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2958 ret = 1;
2959 goto cleanup;
2960 }
2961 nc_server_config_del_cert(&opts->ee_certs, cert);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2962 }
2963 }
2964
2965cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2966 if (is_ch(node)) {
2967 /* UNLOCK */
2968 nc_ch_client_unlock(ch_client);
2969 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2970 return ret;
2971}
2972
2973static int
2974nc_server_config_create_cert_to_name(const struct lyd_node *node, struct nc_server_tls_opts *opts)
2975{
2976 int ret = 0;
2977 struct lyd_node *n;
2978 struct nc_ctn *new, *iter;
Michal Vasko3392b4a2024-02-02 08:57:53 +0100[diff] [blame]2979 const char *map_type, *name = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2980 uint32_t id;
2981 NC_TLS_CTN_MAPTYPE m_type;
2982
2983 assert(!strcmp(LYD_NAME(node), "cert-to-name"));
2984
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2985 /* find the list's key */
2986 lyd_find_path(node, "id", 0, &n);
2987 assert(n);
roman9cdb7b52023-10-25 13:59:55 +0200[diff] [blame]2988 id = ((struct lyd_node_term *)n)->value.uint32;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2989
Michal Vasko3392b4a2024-02-02 08:57:53 +0100[diff] [blame]2990 /* get CTN map-type */
2991 if (lyd_find_path(node, "map-type", 0, &n)) {
2992 ERR(NULL, "Missing CTN map-type.");
2993 ret = 1;
2994 goto cleanup;
2995 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2996 map_type = ((struct lyd_node_term *)n)->value.ident->name;
2997 if (!strcmp(map_type, "specified")) {
2998 m_type = NC_TLS_CTN_SPECIFIED;
Michal Vasko3392b4a2024-02-02 08:57:53 +0100[diff] [blame]2999
3000 /* get CTN name */
3001 if (lyd_find_path(node, "name", 0, &n)) {
3002 ERR(NULL, "Missing CTN \"specified\" user name.");
3003 ret = 1;
3004 goto cleanup;
3005 }
3006 name = lyd_get_value(n);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3007 } else if (!strcmp(map_type, "san-rfc822-name")) {
3008 m_type = NC_TLS_CTN_SAN_RFC822_NAME;
3009 } else if (!strcmp(map_type, "san-dns-name")) {
3010 m_type = NC_TLS_CTN_SAN_DNS_NAME;
3011 } else if (!strcmp(map_type, "san-ip-address")) {
3012 m_type = NC_TLS_CTN_SAN_IP_ADDRESS;
3013 } else if (!strcmp(map_type, "san-any")) {
3014 m_type = NC_TLS_CTN_SAN_ANY;
3015 } else if (!strcmp(map_type, "common-name")) {
3016 m_type = NC_TLS_CTN_COMMON_NAME;
3017 } else {
Michal Vasko3392b4a2024-02-02 08:57:53 +0100[diff] [blame]3018 ERR(NULL, "CTN map-type \"%s\" not supported.", map_type);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3019 ret = 1;
3020 goto cleanup;
3021 }
3022
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3023 /* create new ctn */
3024 new = calloc(1, sizeof *new);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3025 NC_CHECK_ERRMEM_GOTO(!new, ret = 1, cleanup);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3026
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3027 /* find the right place for insertion */
3028 if (!opts->ctn) {
3029 /* inserting the first one */
3030 opts->ctn = new;
Roytak421eb0c2023-08-01 22:18:27 +0200[diff] [blame]3031 } else if (opts->ctn->id > id) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3032 /* insert at the beginning */
3033 new->next = opts->ctn;
3034 opts->ctn = new;
3035 } else {
3036 /* have to find the right place */
Roytak421eb0c2023-08-01 22:18:27 +0200[diff] [blame]3037 for (iter = opts->ctn; iter->next && iter->next->id <= id; iter = iter->next) {}
3038 if (iter->id == id) {
Michal Vasko3392b4a2024-02-02 08:57:53 +0100[diff] [blame]3039 /* collision, replace */
romanb7bfa652023-11-09 12:36:35 +0100[diff] [blame]3040 free(new);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3041 new = iter;
Michal Vasko3392b4a2024-02-02 08:57:53 +0100[diff] [blame]3042 free(new->name);
3043 new->name = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3044 } else {
3045 new->next = iter->next;
3046 iter->next = new;
3047 }
3048 }
3049
3050 /* insert the right data */
3051 new->id = id;
Michal Vasko3392b4a2024-02-02 08:57:53 +0100[diff] [blame]3052 if (name) {
3053 new->name = strdup(name);
3054 NC_CHECK_ERRMEM_GOTO(!new->name, ret = 1, cleanup);
3055 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3056 new->map_type = m_type;
3057
3058cleanup:
3059 return ret;
3060}
3061
3062static int
3063nc_server_config_cert_to_name(const struct lyd_node *node, NC_OPERATION op)
3064{
3065 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3066 struct nc_server_tls_opts *opts;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3067 struct nc_ctn *ctn;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3068 struct nc_ch_client *ch_client = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3069
3070 assert(!strcmp(LYD_NAME(node), "cert-to-name"));
3071
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3072 /* LOCK */
3073 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3074 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3075 return 1;
3076 }
3077
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3078 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3079 ret = 1;
3080 goto cleanup;
3081 }
3082
3083 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3084 ret = nc_server_config_create_cert_to_name(node, opts);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3085 if (ret) {
3086 goto cleanup;
3087 }
3088 } else {
3089 /* find the given ctn entry */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3090 if (nc_server_config_get_ctn(node, ch_client, &ctn)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3091 ret = 1;
3092 goto cleanup;
3093 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3094 nc_server_config_del_ctn(opts, ctn);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3095 }
3096
3097cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3098 if (is_ch(node)) {
3099 /* UNLOCK */
3100 nc_ch_client_unlock(ch_client);
3101 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3102 return ret;
3103}
3104
3105static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3106nc_server_config_fingerprint(const struct lyd_node *node, NC_OPERATION op)
3107{
3108 int ret = 0;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3109 struct nc_ctn *ctn;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3110 struct nc_ch_client *ch_client = NULL;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3111
3112 assert(!strcmp(LYD_NAME(node), "fingerprint"));
3113
3114 /* LOCK */
3115 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3116 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3117 return 1;
3118 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3119
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3120 if (nc_server_config_get_ctn(node, ch_client, &ctn)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3121 ret = 1;
3122 goto cleanup;
3123 }
3124
3125 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3126 free(ctn->fingerprint);
3127 ctn->fingerprint = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3128 NC_CHECK_ERRMEM_GOTO(!ctn->fingerprint, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3129 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3130 free(ctn->fingerprint);
3131 ctn->fingerprint = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3132 }
3133
3134cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3135 if (is_ch(node)) {
3136 /* UNLOCK */
3137 nc_ch_client_unlock(ch_client);
3138 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3139 return ret;
3140}
3141
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3142static int
3143nc_server_config_tls_version(const struct lyd_node *node, NC_OPERATION op)
3144{
3145 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3146 struct nc_server_tls_opts *opts;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3147 const char *version = NULL;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3148 struct nc_ch_client *ch_client = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3149 NC_TLS_VERSION tls_version;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3150
3151 assert(!strcmp(LYD_NAME(node), "tls-version"));
3152
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3153 /* LOCK */
3154 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3155 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3156 return 1;
3157 }
3158
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3159 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3160 ret = 1;
3161 goto cleanup;
3162 }
3163
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3164 /* str to tls_version */
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3165 version = ((struct lyd_node_term *)node)->value.ident->name;
3166 if (!strcmp(version, "tls10")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3167 tls_version = NC_TLS_VERSION_10;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3168 } else if (!strcmp(version, "tls11")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3169 tls_version = NC_TLS_VERSION_11;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3170 } else if (!strcmp(version, "tls12")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3171 tls_version = NC_TLS_VERSION_12;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3172 } else if (!strcmp(version, "tls13")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3173 tls_version = NC_TLS_VERSION_13;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3174 } else {
3175 ERR(NULL, "TLS version \"%s\" not supported.", version);
3176 ret = 1;
3177 goto cleanup;
3178 }
3179
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3180 if (op == NC_OP_CREATE) {
3181 /* add the version if it isn't there already */
3182 opts->tls_versions |= tls_version;
3183 } else if ((op == NC_OP_DELETE) && (opts->tls_versions & tls_version)) {
3184 /* delete the version if it is there */
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]3185 opts->tls_versions &= ~tls_version;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3186 }
3187
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3188cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3189 if (is_ch(node)) {
3190 /* UNLOCK */
3191 nc_ch_client_unlock(ch_client);
3192 }
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3193 return ret;
3194}
3195
3196static int
3197nc_server_config_create_cipher_suite(struct nc_server_tls_opts *opts, const char *cipher)
3198{
3199 int ret = 0;
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]3200 char *processed_cipher = NULL;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3201
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]3202 ret = nc_tls_process_cipher_suite_wrap(cipher, &processed_cipher);
3203 if (ret) {
3204 ERR(NULL, "Failed to process the cipher suite \"%s\".", cipher);
3205 goto cleanup;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3206 }
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3207
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]3208 ret = nc_tls_append_cipher_suite_wrap(opts, processed_cipher);
3209 if (ret) {
3210 ERR(NULL, "Failed to append the cipher suite \"%s\".", cipher);
3211 goto cleanup;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3212 }
3213
3214cleanup:
roman506354a2024-04-11 09:37:22 +0200[diff] [blame]3215 free(processed_cipher);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3216 return ret;
3217}
3218
3219static int
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3220nc_server_config_del_cipher_suite(struct nc_server_tls_opts *opts, const char *cipher)
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3221{
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]3222 int ret = 0;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3223
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]3224 ret = nc_server_config_delete_substring(opts->ciphers, cipher, ':');
3225 if (ret) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3226 ERR(NULL, "Unable to delete a cipher (%s), which was not previously added.", cipher);
3227 return 1;
3228 }
3229
3230 return 0;
3231}
3232
3233static int
3234nc_server_config_cipher_suite(const struct lyd_node *node, NC_OPERATION op)
3235{
3236 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3237 struct nc_server_tls_opts *opts;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3238 const char *cipher = NULL;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3239 struct nc_ch_client *ch_client = NULL;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3240
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3241 assert(!strcmp(LYD_NAME(node), "cipher-suite"));
3242
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3243 /* LOCK */
3244 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3245 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3246 return 1;
3247 }
3248
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3249 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3250 ret = 1;
3251 goto cleanup;
3252 }
3253
3254 cipher = ((struct lyd_node_term *)node)->value.ident->name;
3255 if (op == NC_OP_CREATE) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3256 ret = nc_server_config_create_cipher_suite(opts, cipher);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3257 if (ret) {
3258 goto cleanup;
3259 }
3260 } else if (op == NC_OP_DELETE) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3261 ret = nc_server_config_del_cipher_suite(opts, cipher);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3262 if (ret) {
3263 goto cleanup;
3264 }
3265 }
3266
3267cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3268 if (is_ch(node)) {
3269 /* UNLOCK */
3270 nc_ch_client_unlock(ch_client);
3271 }
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3272 return ret;
3273}
3274
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3275#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3276
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]3277static int
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3278nc_server_config_create_netconf_client(const struct lyd_node *node)
3279{
3280 int ret = 0;
3281
3282 node = lyd_child(node);
3283 assert(!strcmp(LYD_NAME(node), "name"));
3284
3285 /* LOCK */
3286 pthread_rwlock_wrlock(&server_opts.ch_client_lock);
3287
3288 ret = nc_server_config_realloc(lyd_get_value(node), (void **)&server_opts.ch_clients, sizeof *server_opts.ch_clients, &server_opts.ch_client_count);
3289 if (ret) {
3290 goto cleanup;
3291 }
3292
3293 server_opts.ch_clients[server_opts.ch_client_count - 1].id = ATOMIC_INC_RELAXED(server_opts.new_client_id);
3294 server_opts.ch_clients[server_opts.ch_client_count - 1].start_with = NC_CH_FIRST_LISTED;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3295 server_opts.ch_clients[server_opts.ch_client_count - 1].max_attempts = 3;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3296
3297 pthread_mutex_init(&server_opts.ch_clients[server_opts.ch_client_count - 1].lock, NULL);
3298
3299cleanup:
3300 /* UNLOCK */
3301 pthread_rwlock_unlock(&server_opts.ch_client_lock);
3302 return ret;
3303}
3304
3305static int
3306nc_server_config_netconf_client(const struct lyd_node *node, NC_OPERATION op)
3307{
3308 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3309
3310 assert(!strcmp(LYD_NAME(node), "netconf-client"));
3311
3312 if (op == NC_OP_CREATE) {
3313 ret = nc_server_config_create_netconf_client(node);
3314 if (ret) {
3315 goto cleanup;
3316 }
roman450c00b2023-11-02 10:31:45 +0100[diff] [blame]3317
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3318#ifdef NC_ENABLED_SSH_TLS
roman450c00b2023-11-02 10:31:45 +0100[diff] [blame]3319 if (server_opts.ch_dispatch_data.acquire_ctx_cb && server_opts.ch_dispatch_data.release_ctx_cb &&
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3320 server_opts.ch_dispatch_data.new_session_cb) {
roman450c00b2023-11-02 10:31:45 +0100[diff] [blame]3321 /* we have all we need for dispatching a new call home thread */
3322 ret = nc_connect_ch_client_dispatch(lyd_get_value(lyd_child(node)), server_opts.ch_dispatch_data.acquire_ctx_cb,
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3323 server_opts.ch_dispatch_data.release_ctx_cb, server_opts.ch_dispatch_data.ctx_cb_data,
3324 server_opts.ch_dispatch_data.new_session_cb, server_opts.ch_dispatch_data.new_session_cb_data);
roman450c00b2023-11-02 10:31:45 +0100[diff] [blame]3325 if (ret) {
3326 ERR(NULL, "Dispatching a new Call Home thread failed for Call Home client \"%s\".", lyd_get_value(lyd_child(node)));
3327 goto cleanup;
3328 }
3329 }
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3330#endif /* NC_ENABLED_SSH_TLS */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3331 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3332 nc_server_config_ch_del_client(node);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3333 }
3334
3335cleanup:
3336 return ret;
3337}
3338
3339#ifdef NC_ENABLED_SSH_TLS
3340
3341static int
3342nc_server_config_remote_address(const struct lyd_node *node, NC_OPERATION op)
3343{
3344 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3345 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3346 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3347
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3348 assert(!strcmp(LYD_NAME(node), "remote-address"));
3349
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3350 /* LOCK */
3351 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3352 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3353 return 1;
3354 }
3355
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3356 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3357 ret = 1;
3358 goto cleanup;
3359 }
3360
3361 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3362 free(ch_endpt->address);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3363 ch_endpt->address = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3364 NC_CHECK_ERRMEM_GOTO(!ch_endpt->address, ret = 1, cleanup);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3365 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3366 free(ch_endpt->address);
3367 ch_endpt->address = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3368 }
3369
3370cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3371 /* UNLOCK */
3372 nc_ch_client_unlock(ch_client);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3373 return ret;
3374}
3375
3376static int
3377nc_server_config_remote_port(const struct lyd_node *node, NC_OPERATION op)
3378{
3379 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3380 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3381 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3382
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3383 assert(!strcmp(LYD_NAME(node), "remote-port"));
3384
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3385 /* LOCK */
3386 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3387 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3388 return 1;
3389 }
3390
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3391 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3392 ret = 1;
3393 goto cleanup;
3394 }
3395
3396 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]3397 ch_endpt->port = ((struct lyd_node_term *)node)->value.uint16;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3398 } else {
3399 ch_endpt->port = 0;
3400 }
3401
3402cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3403 /* UNLOCK */
3404 nc_ch_client_unlock(ch_client);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3405 return ret;
3406}
3407
3408#endif /* NC_ENABLED_SSH_TLS */
3409
3410static int
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3411nc_server_config_persistent(const struct lyd_node *node, NC_OPERATION op)
3412{
3413 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3414 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3415
3416 assert(!strcmp(LYD_NAME(node), "persistent"));
3417
3418 (void) op;
3419
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3420 /* LOCK */
3421 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3422 /* to avoid unlock on fail */
3423 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3424 }
3425
3426 ch_client->conn_type = NC_CH_PERSIST;
3427
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3428 /* UNLOCK */
3429 nc_ch_client_unlock(ch_client);
3430
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3431 return ret;
3432}
3433
3434static int
3435nc_server_config_periodic(const struct lyd_node *node, NC_OPERATION op)
3436{
3437 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3438 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3439
3440 assert(!strcmp(LYD_NAME(node), "periodic"));
3441
3442 (void) op;
3443
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3444 /* LOCK */
3445 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3446 /* to avoid unlock on fail */
3447 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3448 }
3449
3450 ch_client->conn_type = NC_CH_PERIOD;
3451 /* set default values */
3452 ch_client->period = 60;
3453 ch_client->anchor_time = 0;
3454 ch_client->idle_timeout = 180;
3455
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3456 /* UNLOCK */
3457 nc_ch_client_unlock(ch_client);
3458
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3459 return ret;
3460}
3461
3462static int
3463nc_server_config_period(const struct lyd_node *node, NC_OPERATION op)
3464{
3465 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3466 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3467
3468 assert(!strcmp(LYD_NAME(node), "period"));
3469
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3470 /* LOCK */
3471 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3472 /* to avoid unlock on fail */
3473 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3474 }
3475
3476 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]3477 ch_client->period = ((struct lyd_node_term *)node)->value.uint16;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3478 } else if (op == NC_OP_DELETE) {
3479 ch_client->period = 60;
3480 }
3481
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3482 /* UNLOCK */
3483 nc_ch_client_unlock(ch_client);
3484
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3485 return ret;
3486}
3487
3488static int
3489nc_server_config_anchor_time(const struct lyd_node *node, NC_OPERATION op)
3490{
3491 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3492 struct nc_ch_client *ch_client = NULL;
romana3c95c72023-10-26 11:15:53 +0200[diff] [blame]3493 struct lyd_value_date_and_time *anchor_time;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3494
3495 assert(!strcmp(LYD_NAME(node), "anchor-time"));
3496
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3497 /* LOCK */
3498 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3499 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3500 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3501 }
3502
romana3c95c72023-10-26 11:15:53 +0200[diff] [blame]3503 /* get the value of time from the node directly */
3504 LYD_VALUE_GET(&((struct lyd_node_term *)node)->value, anchor_time);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3505
3506 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romana3c95c72023-10-26 11:15:53 +0200[diff] [blame]3507 ch_client->anchor_time = anchor_time->time;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3508 } else if (op == NC_OP_DELETE) {
3509 ch_client->anchor_time = 0;
3510 }
3511
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3512 /* UNLOCK */
3513 nc_ch_client_unlock(ch_client);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3514 return ret;
3515}
3516
3517static int
3518nc_server_config_reconnect_strategy(const struct lyd_node *node, NC_OPERATION op)
3519{
3520 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3521 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3522
3523 assert(!strcmp(LYD_NAME(node), "reconnect-strategy"));
3524
3525 (void) op;
3526
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3527 /* LOCK */
3528 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3529 /* to avoid unlock on fail */
3530 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3531 }
3532
3533 /* set to default values */
3534 ch_client->start_with = NC_CH_FIRST_LISTED;
3535 ch_client->max_wait = 5;
3536 ch_client->max_attempts = 3;
3537
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3538 /* UNLOCK */
3539 nc_ch_client_unlock(ch_client);
3540
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3541 return ret;
3542}
3543
3544static int
3545nc_server_config_start_with(const struct lyd_node *node, NC_OPERATION op)
3546{
3547 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3548 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3549 const char *value;
3550
3551 assert(!strcmp(LYD_NAME(node), "start-with"));
3552
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3553 /* LOCK */
3554 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3555 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3556 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3557 }
3558
3559 if (op == NC_OP_DELETE) {
3560 ch_client->start_with = NC_CH_FIRST_LISTED;
3561 goto cleanup;
3562 }
3563
3564 value = lyd_get_value(node);
3565 if (!strcmp(value, "first-listed")) {
3566 ch_client->start_with = NC_CH_FIRST_LISTED;
3567 } else if (!strcmp(value, "last-connected")) {
3568 ch_client->start_with = NC_CH_LAST_CONNECTED;
3569 } else if (!strcmp(value, "random-selection")) {
3570 ch_client->start_with = NC_CH_RANDOM;
3571 } else {
3572 ERR(NULL, "Unexpected start-with value \"%s\".", value);
3573 ret = 1;
3574 goto cleanup;
3575 }
3576
3577cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3578 /* UNLOCK */
3579 nc_ch_client_unlock(ch_client);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3580 return ret;
3581}
3582
3583static int
3584nc_server_config_max_wait(const struct lyd_node *node, NC_OPERATION op)
3585{
3586 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3587 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3588
3589 assert(!strcmp(LYD_NAME(node), "max-wait"));
3590
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3591 /* LOCK */
3592 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3593 /* to avoid unlock on fail */
3594 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3595 }
3596
3597 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]3598 ch_client->max_wait = ((struct lyd_node_term *)node)->value.uint16;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3599 } else {
3600 ch_client->max_wait = 5;
3601 }
3602
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3603 /* UNLOCK */
3604 nc_ch_client_unlock(ch_client);
3605
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3606 return ret;
3607}
3608
3609static int
3610nc_server_config_max_attempts(const struct lyd_node *node, NC_OPERATION op)
3611{
3612 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame]3613 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3614
3615 assert(!strcmp(LYD_NAME(node), "max-attempts"));
3616
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3617 /* LOCK */
3618 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3619 /* to avoid unlock on fail */
3620 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3621 }
3622
3623 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]3624 ch_client->max_attempts = ((struct lyd_node_term *)node)->value.uint8;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3625 } else {
3626 ch_client->max_attempts = 3;
3627 }
3628
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3629 /* UNLOCK */
3630 nc_ch_client_unlock(ch_client);
3631
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3632 return ret;
3633}
3634
3635static int
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]3636nc_server_config_parse_netconf_server(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3637{
3638 const char *name = LYD_NAME(node);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3639 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3640
3641 if (!strcmp(name, "listen")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3642 ret = nc_server_config_listen(node, op);
3643 } else if (!strcmp(name, "call-home")) {
3644 ret = nc_server_config_ch(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3645 } else if (!strcmp(name, "endpoint")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3646 ret = nc_server_config_endpoint(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3647 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3648#ifdef NC_ENABLED_SSH_TLS
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3649 else if (!strcmp(name, "ssh")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3650 ret = nc_server_config_ssh(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3651 } else if (!strcmp(name, "local-address")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3652 ret = nc_server_config_local_address(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3653 } else if (!strcmp(name, "local-port")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3654 ret = nc_server_config_local_port(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3655 } else if (!strcmp(name, "keepalives")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3656 ret = nc_server_config_keepalives(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3657 } else if (!strcmp(name, "idle-time")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3658 ret = nc_server_config_idle_time(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3659 } else if (!strcmp(name, "max-probes")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3660 ret = nc_server_config_max_probes(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3661 } else if (!strcmp(name, "probe-interval")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3662 ret = nc_server_config_probe_interval(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3663 } else if (!strcmp(name, "host-key")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3664 ret = nc_server_config_host_key(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3665 } else if (!strcmp(name, "public-key-format")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3666 ret = nc_server_config_public_key_format(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3667 } else if (!strcmp(name, "public-key")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3668 ret = nc_server_config_public_key(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3669 } else if (!strcmp(name, "private-key-format")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3670 ret = nc_server_config_private_key_format(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3671 } else if (!strcmp(name, "cleartext-private-key")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3672 ret = nc_server_config_cleartext_private_key(node, op);
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]3673 } else if (!strcmp(name, "central-keystore-reference")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3674 ret = nc_server_config_keystore_reference(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3675 } else if (!strcmp(name, "user")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3676 ret = nc_server_config_user(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3677 } else if (!strcmp(name, "auth-timeout")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3678 ret = nc_server_config_auth_timeout(node, op);
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]3679 } else if (!strcmp(name, "central-truststore-reference")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3680 ret = nc_server_config_truststore_reference(node, op);
romana9ec3362023-12-21 10:59:57 +0100[diff] [blame]3681 } else if (!strcmp(name, "use-system-keys")) {
3682 ret = nc_server_config_use_system_keys(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3683 } else if (!strcmp(name, "password")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3684 ret = nc_server_config_password(node, op);
romanc6518422023-11-30 16:39:00 +0100[diff] [blame]3685 } else if (!strcmp(name, "use-system-auth")) {
3686 ret = nc_server_config_use_system_auth(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3687 } else if (!strcmp(name, "none")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3688 ret = nc_server_config_none(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3689 } else if (!strcmp(name, "host-key-alg")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3690 ret = nc_server_config_host_key_alg(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3691 } else if (!strcmp(name, "key-exchange-alg")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3692 ret = nc_server_config_kex_alg(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3693 } else if (!strcmp(name, "encryption-alg")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3694 ret = nc_server_config_encryption_alg(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3695 } else if (!strcmp(name, "mac-alg")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3696 ret = nc_server_config_mac_alg(node, op);
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3697 } else if (!strcmp(name, "endpoint-reference")) {
3698 ret = nc_server_config_endpoint_reference(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3699 } else if (!strcmp(name, "tls")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3700 ret = nc_server_config_tls(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3701 } else if (!strcmp(name, "cert-data")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3702 ret = nc_server_config_cert_data(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3703 } else if (!strcmp(name, "asymmetric-key")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3704 ret = nc_server_config_asymmetric_key(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3705 } else if (!strcmp(name, "certificate")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3706 ret = nc_server_config_certificate(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3707 } else if (!strcmp(name, "cert-to-name")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3708 ret = nc_server_config_cert_to_name(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3709 } else if (!strcmp(name, "fingerprint")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3710 ret = nc_server_config_fingerprint(node, op);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3711 } else if (!strcmp(name, "tls-version")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3712 ret = nc_server_config_tls_version(node, op);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3713 } else if (!strcmp(name, "cipher-suite")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3714 ret = nc_server_config_cipher_suite(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3715 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3716#endif /* NC_ENABLED_SSH_TLS */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3717 else if (!strcmp(name, "netconf-client")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3718 ret = nc_server_config_netconf_client(node, op);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3719 }
3720#ifdef NC_ENABLED_SSH_TLS
3721 else if (!strcmp(name, "remote-address")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3722 ret = nc_server_config_remote_address(node, op);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3723 } else if (!strcmp(name, "remote-port")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3724 ret = nc_server_config_remote_port(node, op);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3725 }
3726#endif /* NC_ENABLED_SSH_TLS */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3727 else if (!strcmp(name, "persistent")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3728 ret = nc_server_config_persistent(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3729 } else if (!strcmp(name, "periodic")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3730 ret = nc_server_config_periodic(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3731 } else if (!strcmp(name, "period")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3732 ret = nc_server_config_period(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3733 } else if (!strcmp(name, "anchor-time")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3734 ret = nc_server_config_anchor_time(node, op);
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]3735 } else if (!strcmp(name, "idle-timeout")) {
3736 ret = nc_server_config_idle_timeout(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3737 } else if (!strcmp(name, "reconnect-strategy")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3738 ret = nc_server_config_reconnect_strategy(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3739 } else if (!strcmp(name, "start-with")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3740 ret = nc_server_config_start_with(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3741 } else if (!strcmp(name, "max-wait")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3742 ret = nc_server_config_max_wait(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3743 } else if (!strcmp(name, "max-attempts")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3744 ret = nc_server_config_max_attempts(node, op);
3745 }
3746
3747 if (ret) {
3748 ERR(NULL, "Configuring node \"%s\" failed.", LYD_NAME(node));
3749 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3750 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3751
3752 return 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3753}
3754
3755int
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3756nc_server_config_parse_tree(const struct lyd_node *node, NC_OPERATION parent_op, NC_MODULE module)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3757{
3758 struct lyd_node *child;
3759 struct lyd_meta *m;
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3760 NC_OPERATION current_op = NC_OP_UNKNOWN;
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]3761 int ret;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3762
3763 assert(node);
3764
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3765 /* get current op if there is any */
3766 if ((m = lyd_find_meta(node->meta, NULL, "yang:operation"))) {
3767 if (!strcmp(lyd_get_meta_value(m), "create")) {
3768 current_op = NC_OP_CREATE;
3769 } else if (!strcmp(lyd_get_meta_value(m), "delete")) {
3770 current_op = NC_OP_DELETE;
3771 } else if (!strcmp(lyd_get_meta_value(m), "replace")) {
3772 current_op = NC_OP_REPLACE;
3773 } else if (!strcmp(lyd_get_meta_value(m), "none")) {
3774 current_op = NC_OP_NONE;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3775 }
3776 }
3777
3778 /* node has no op, inherit from the parent */
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3779 if (!current_op) {
3780 if (!parent_op) {
3781 ERR(NULL, "Unknown operation for node \"%s\".", LYD_NAME(node));
3782 return 1;
3783 }
3784
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3785 current_op = parent_op;
3786 }
3787
3788 switch (current_op) {
3789 case NC_OP_NONE:
3790 break;
3791 case NC_OP_CREATE:
3792 case NC_OP_DELETE:
3793 case NC_OP_REPLACE:
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3794#ifdef NC_ENABLED_SSH_TLS
3795 if (module == NC_MODULE_KEYSTORE) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]3796 ret = nc_server_config_parse_keystore(node, current_op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3797 } else if (module == NC_MODULE_TRUSTSTORE) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]3798 ret = nc_server_config_parse_truststore(node, current_op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3799 } else
3800#endif /* NC_ENABLED_SSH_TLS */
3801 {
3802 ret = nc_server_config_parse_netconf_server(node, current_op);
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]3803 }
3804 if (ret) {
3805 return ret;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3806 }
3807 break;
3808 default:
3809 break;
3810 }
3811
3812 if (current_op != NC_OP_DELETE) {
3813 LY_LIST_FOR(lyd_child(node), child) {
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3814 if (nc_server_config_parse_tree(child, current_op, module)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3815 return 1;
3816 }
3817 }
3818 }
3819 return 0;
3820}
3821
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3822API int
3823nc_server_config_load_modules(struct ly_ctx **ctx)
3824{
3825 int i, new_ctx = 0;
3826
3827 if (!*ctx) {
3828 if (ly_ctx_new(NC_SERVER_SEARCH_DIR, 0, ctx)) {
3829 ERR(NULL, "Couldn't create new libyang context.\n");
3830 goto error;
3831 }
3832 new_ctx = 1;
3833 }
3834
3835 /* all features */
3836 const char *ietf_nectonf_server[] = {"ssh-listen", "tls-listen", "ssh-call-home", "tls-call-home", "central-netconf-server-supported", NULL};
3837 /* all features */
3838 const char *ietf_x509_cert_to_name[] = {NULL};
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]3839 /* no private-key-encryption, csr-generation, p10-csr-format, certificate-expiration-notification,
roman3c6c7e62023-09-14 10:19:19 +0200[diff] [blame]3840 * encrypted-passwords, hidden-symmetric-keys, encrypted-symmetric-keys, hidden-private-keys, encrypted-private-keys,
3841 * one-symmetric-key-format, one-asymmetric-key-format, symmetrically-encrypted-value-format,
3842 * asymmetrically-encrypted-value-format, cms-enveloped-data-format, cms-encrypted-data-format,
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]3843 * cleartext-symmetric-keys */
roman3c6c7e62023-09-14 10:19:19 +0200[diff] [blame]3844 const char *ietf_crypto_types[] = {"cleartext-passwords", "cleartext-private-keys", NULL};
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3845 /* all features */
3846 const char *ietf_tcp_common[] = {"keepalives-supported", NULL};
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]3847 /* all features */
3848 const char *ietf_tcp_server[] = {"tcp-server-keepalives", NULL};
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]3849 /* no proxy-connect, socks5-gss-api, socks5-username-password, local-binding-supported ? */
3850 const char *ietf_tcp_client[] = {"tcp-client-keepalives", NULL};
roman3c6c7e62023-09-14 10:19:19 +0200[diff] [blame]3851 /* no ssh-x509-certs, public-key-generation */
3852 const char *ietf_ssh_common[] = {"transport-params", NULL};
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]3853 /* no ssh-server-keepalives and local-user-auth-hostbased */
3854 const char *ietf_ssh_server[] = {"local-users-supported", "local-user-auth-publickey", "local-user-auth-password", "local-user-auth-none", NULL};
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3855 /* all features */
3856 const char *iana_ssh_encryption_algs[] = {NULL};
3857 /* all features */
3858 const char *iana_ssh_key_exchange_algs[] = {NULL};
3859 /* all features */
3860 const char *iana_ssh_mac_algs[] = {NULL};
3861 /* all features */
3862 const char *iana_ssh_public_key_algs[] = {NULL};
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3863 /* all features */
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]3864 const char *iana_crypt_hash[] = {"crypt-hash-md5", "crypt-hash-sha-256", "crypt-hash-sha-512", NULL};
3865 /* no symmetric-keys */
3866 const char *ietf_keystore[] = {"central-keystore-supported", "inline-definitions-supported", "asymmetric-keys", NULL};
3867 /* all features */
3868 const char *ietf_truststore[] = {"central-truststore-supported", "inline-definitions-supported", "certificates", "public-keys", NULL};
roman3c6c7e62023-09-14 10:19:19 +0200[diff] [blame]3869 /* no public-key-generation */
3870 const char *ietf_tls_common[] = {"tls10", "tls11", "tls12", "tls13", "hello-params", NULL};
3871 /* no tls-server-keepalives, server-ident-raw-public-key, server-ident-tls12-psk, server-ident-tls13-epsk,
3872 * client-auth-raw-public-key, client-auth-tls12-psk, client-auth-tls13-epsk */
3873 const char *ietf_tls_server[] = {"server-ident-x509-cert", "client-auth-supported", "client-auth-x509-cert", NULL};
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]3874 /* all features */
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3875 const char *iana_tls_cipher_suite_algs[] = {NULL};
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3876 /* all features */
3877 const char *libnetconf2_netconf_server[] = {NULL};
3878
3879 const char *module_names[] = {
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]3880 "ietf-netconf-server", "ietf-x509-cert-to-name", "ietf-crypto-types", "ietf-tcp-common", "ietf-tcp-server",
3881 "ietf-tcp-client", "ietf-ssh-common", "ietf-ssh-server", "iana-ssh-encryption-algs",
3882 "iana-ssh-key-exchange-algs", "iana-ssh-mac-algs", "iana-ssh-public-key-algs", "iana-crypt-hash",
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3883 "ietf-keystore", "ietf-truststore", "ietf-tls-common", "ietf-tls-server", "iana-tls-cipher-suite-algs",
3884 "libnetconf2-netconf-server", NULL
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3885 };
3886
3887 const char **module_features[] = {
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]3888 ietf_nectonf_server, ietf_x509_cert_to_name, ietf_crypto_types, ietf_tcp_common,
3889 ietf_tcp_server, ietf_tcp_client, ietf_ssh_common, ietf_ssh_server, iana_ssh_encryption_algs,
3890 iana_ssh_key_exchange_algs, iana_ssh_mac_algs, iana_ssh_public_key_algs, iana_crypt_hash,
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3891 ietf_keystore, ietf_truststore, ietf_tls_common, ietf_tls_server, iana_tls_cipher_suite_algs,
3892 libnetconf2_netconf_server, NULL
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3893 };
3894
3895 for (i = 0; module_names[i] != NULL; i++) {
3896 if (!ly_ctx_load_module(*ctx, module_names[i], NULL, module_features[i])) {
3897 ERR(NULL, "Loading module \"%s\" failed.\n", module_names[i]);
3898 goto error;
3899 }
3900 }
3901
3902 return 0;
3903
3904error:
3905 if (new_ctx) {
3906 ly_ctx_destroy(*ctx);
3907 *ctx = NULL;
3908 }
3909 return 1;
3910}
3911
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3912static int
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]3913nc_server_config_fill_netconf_server(const struct lyd_node *data, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3914{
3915 int ret = 0;
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]3916 uint32_t log_options = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3917 struct lyd_node *tree;
romand57b3722023-04-05 11:26:25 +0200[diff] [blame]3918
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]3919 /* silently search for ietf-netconf-server, it may not be present */
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]3920 ly_temp_log_options(&log_options);
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]3921
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3922 ret = lyd_find_path(data, "/ietf-netconf-server:netconf-server", 0, &tree);
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]3923 if (ret || (tree->flags & LYD_DEFAULT)) {
3924 /* not found */
3925 ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3926 goto cleanup;
3927 }
3928
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3929 if (nc_server_config_parse_tree(tree, op, NC_MODULE_NETCONF_SERVER)) {
3930 ret = 1;
3931 goto cleanup;
3932 }
3933
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3934#ifdef NC_ENABLED_SSH_TLS
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3935 /* check and set all endpoint references */
3936 if (nc_server_config_check_endpt_references()) {
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3937 ret = 1;
3938 goto cleanup;
3939 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3940#endif /* NC_ENABLED_SSH_TLS */
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3941
3942cleanup:
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]3943 /* reset the logging options back to what they were */
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]3944 ly_temp_log_options(NULL);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3945 return ret;
3946}
3947
3948API int
romanf6f37a52023-05-25 14:27:51 +0200[diff] [blame]3949nc_server_config_setup_diff(const struct lyd_node *data)
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3950{
3951 int ret = 0;
3952
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]3953 NC_CHECK_ARG_RET(NULL, data, 1);
3954
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3955 /* LOCK */
3956 pthread_rwlock_wrlock(&server_opts.config_lock);
3957
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3958#ifdef NC_ENABLED_SSH_TLS
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3959 /* configure keystore */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]3960 ret = nc_server_config_fill_keystore(data, NC_OP_UNKNOWN);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3961 if (ret) {
3962 ERR(NULL, "Filling keystore failed.");
3963 goto cleanup;
3964 }
3965
3966 /* configure truststore */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]3967 ret = nc_server_config_fill_truststore(data, NC_OP_UNKNOWN);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3968 if (ret) {
3969 ERR(NULL, "Filling truststore failed.");
3970 goto cleanup;
3971 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3972#endif /* NC_ENABLED_SSH_TLS */
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3973
3974 /* configure netconf-server */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]3975 ret = nc_server_config_fill_netconf_server(data, NC_OP_UNKNOWN);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3976 if (ret) {
3977 ERR(NULL, "Filling netconf-server failed.");
3978 goto cleanup;
3979 }
3980
3981cleanup:
3982 /* UNLOCK */
3983 pthread_rwlock_unlock(&server_opts.config_lock);
3984 return ret;
3985}
3986
3987API int
romanf6f37a52023-05-25 14:27:51 +0200[diff] [blame]3988nc_server_config_setup_data(const struct lyd_node *data)
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3989{
3990 int ret = 0;
3991 struct lyd_node *tree, *iter, *root;
3992
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]3993 NC_CHECK_ARG_RET(NULL, data, 1);
3994
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]3995 /* LOCK */
3996 pthread_rwlock_wrlock(&server_opts.config_lock);
3997
3998 /* find the netconf-server node */
3999 ret = lyd_find_path(data, "/ietf-netconf-server:netconf-server", 0, &root);
4000 if (ret) {
4001 ERR(NULL, "Unable to find the netconf-server container in the YANG data.");
4002 goto cleanup;
4003 }
4004
4005 /* iterate through all the nodes and make sure there is no operation attribute */
4006 LY_LIST_FOR(root, tree) {
4007 LYD_TREE_DFS_BEGIN(tree, iter) {
4008 if (lyd_find_meta(iter->meta, NULL, "yang:operation")) {
4009 ERR(NULL, "Unexpected operation attribute in the YANG data.");
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4010 ret = 1;
4011 goto cleanup;
4012 }
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4013 LYD_TREE_DFS_END(tree, iter);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4014 }
4015 }
4016
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4017 /* delete the current configuration */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4018 nc_server_config_listen(NULL, NC_OP_DELETE);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]4019 nc_server_config_ch(NULL, NC_OP_DELETE);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4020#ifdef NC_ENABLED_SSH_TLS
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4021 nc_server_config_ks_keystore(NULL, NC_OP_DELETE);
4022 nc_server_config_ts_truststore(NULL, NC_OP_DELETE);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4023
4024 /* configure keystore */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4025 ret = nc_server_config_fill_keystore(data, NC_OP_CREATE);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4026 if (ret) {
4027 ERR(NULL, "Filling keystore failed.");
4028 goto cleanup;
4029 }
4030
4031 /* configure truststore */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4032 ret = nc_server_config_fill_truststore(data, NC_OP_CREATE);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4033 if (ret) {
4034 ERR(NULL, "Filling truststore failed.");
4035 goto cleanup;
4036 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4037#endif /* NC_ENABLED_SSH_TLS */
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4038
4039 /* configure netconf-server */
Michal Vaskocf898172024-01-15 15:04:28 +0100[diff] [blame]4040 ret = nc_server_config_fill_netconf_server(data, NC_OP_CREATE);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4041 if (ret) {
4042 ERR(NULL, "Filling netconf-server failed.");
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4043 goto cleanup;
4044 }
4045
4046cleanup:
4047 /* UNLOCK */
4048 pthread_rwlock_unlock(&server_opts.config_lock);
4049 return ret;
4050}
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4051
4052API int
4053nc_server_config_setup_path(const struct ly_ctx *ctx, const char *path)
4054{
4055 struct lyd_node *tree = NULL;
4056 int ret = 0;
4057
4058 NC_CHECK_ARG_RET(NULL, path, 1);
4059
4060 ret = lyd_parse_data_path(ctx, path, LYD_UNKNOWN, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
4061 if (ret) {
4062 goto cleanup;
4063 }
4064
4065 ret = nc_server_config_setup_data(tree);
4066 if (ret) {
4067 goto cleanup;
4068 }
4069
4070cleanup:
4071 lyd_free_all(tree);
4072 return ret;
4073}
romand05b2ad2024-01-23 12:02:40 +0100[diff] [blame]4074
4075#ifdef NC_ENABLED_SSH_TLS
4076
4077static int
4078nc_server_config_oper_get_algs(const struct ly_ctx *ctx, const char *mod_name, const char *ln2_algs[],
4079 const char *mod_algs[], struct lyd_node **algs)
4080{
4081 int ret, r, i;
4082 struct lyd_node *parent = NULL;
4083 char *path = NULL;
4084
4085 NC_CHECK_ARG_RET(NULL, ctx, mod_name, ln2_algs, mod_algs, algs, 1);
4086
4087 *algs = NULL;
4088
4089 r = asprintf(&path, "/%s:supported-algorithms", mod_name);
4090 NC_CHECK_ERRMEM_RET(r == -1, 1);
4091
4092 /* create supported algorithms container */
4093 ret = lyd_new_path(NULL, ctx, path, NULL, 0, &parent);
4094 free(path);
4095 if (ret) {
4096 ERR(NULL, "Creating supported algorithms container failed.");
4097 goto cleanup;
4098 }
4099
4100 /* append algs from libnetconf2-netconf-server */
4101 for (i = 0; ln2_algs[i]; i++) {
4102 r = asprintf(&path, "libnetconf2-netconf-server:%s", ln2_algs[i]);
4103 NC_CHECK_ERRMEM_GOTO(r == -1, ret = 1, cleanup);
4104 ret = lyd_new_term(parent, NULL, "supported-algorithm", path, 0, NULL);
4105 free(path);
4106 if (ret) {
4107 ERR(NULL, "Creating new supported algorithm failed.");
4108 goto cleanup;
4109 }
4110 }
4111
4112 /* append algs from mod_name module */
4113 for (i = 0; mod_algs[i]; i++) {
4114 r = asprintf(&path, "%s:%s", mod_name, mod_algs[i]);
4115 NC_CHECK_ERRMEM_GOTO(r == -1, ret = 1, cleanup);
4116 ret = lyd_new_term(parent, NULL, "supported-algorithm", path, 0, NULL);
4117 free(path);
4118 if (ret) {
4119 ERR(NULL, "Creating new supported algorithm failed.");
4120 goto cleanup;
4121 }
4122 }
4123
4124cleanup:
4125 if (ret) {
4126 lyd_free_tree(parent);
4127 } else {
4128 *algs = parent;
4129 }
4130 return ret;
4131}
4132
4133API int
4134nc_server_config_oper_get_hostkey_algs(const struct ly_ctx *ctx, struct lyd_node **hostkey_algs)
4135{
4136 /* identities of hostkey algs supported by libssh (v0.10.5) defined in libnetconf2-netconf-server yang module */
4137 const char *libnetconf2_hostkey_algs[] = {
4138 "openssh-ssh-ed25519-cert-v01", "openssh-ecdsa-sha2-nistp521-cert-v01",
4139 "openssh-ecdsa-sha2-nistp384-cert-v01", "openssh-ecdsa-sha2-nistp256-cert-v01",
4140 "openssh-rsa-sha2-512-cert-v01", "openssh-rsa-sha2-256-cert-v01",
4141 "openssh-ssh-rsa-cert-v01", "openssh-ssh-dss-cert-v01", NULL
4142 };
4143
4144 /* identities of hostkey algs supported by libssh (v0.10.5) defined in iana-ssh-public-key-algs yang module */
4145 const char *iana_hostkey_algs[] = {
4146 "ssh-ed25519", "ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256",
4147 "rsa-sha2-512", "rsa-sha2-256", "ssh-rsa", "ssh-dss", NULL
4148 };
4149
4150 NC_CHECK_ARG_RET(NULL, ctx, hostkey_algs, 1);
4151
4152 return nc_server_config_oper_get_algs(ctx, "iana-ssh-public-key-algs", libnetconf2_hostkey_algs,
4153 iana_hostkey_algs, hostkey_algs);
4154}
4155
4156API int
4157nc_server_config_oper_get_kex_algs(const struct ly_ctx *ctx, struct lyd_node **kex_algs)
4158{
4159 /* identities of kex algs supported by libssh (v0.10.5) defined in libnetconf2-netconf-server yang module */
4160 const char *libnetconf2_kex_algs[] = {
4161 "libssh-curve25519-sha256", NULL
4162 };
4163
4164 /* identities of kex algs supported by libssh (v0.10.5) defined in iana-ssh-key-exchange-algs yang module */
4165 const char *iana_kex_algs[] = {
4166 "diffie-hellman-group-exchange-sha1", "curve25519-sha256", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384",
4167 "ecdh-sha2-nistp521", "diffie-hellman-group18-sha512", "diffie-hellman-group16-sha512",
4168 "diffie-hellman-group-exchange-sha256", "diffie-hellman-group14-sha256", NULL
4169 };
4170
4171 NC_CHECK_ARG_RET(NULL, ctx, kex_algs, 1);
4172
4173 return nc_server_config_oper_get_algs(ctx, "iana-ssh-key-exchange-algs", libnetconf2_kex_algs,
4174 iana_kex_algs, kex_algs);
4175}
4176
4177API int
4178nc_server_config_oper_get_encryption_algs(const struct ly_ctx *ctx, struct lyd_node **encryption_algs)
4179{
4180 /* identities of encryption algs supported by libssh (v0.10.5) defined in libnetconf2-netconf-server yang module */
4181 const char *libnetconf2_encryption_algs[] = {
4182 "openssh-chacha20-poly1305", "openssh-aes256-gcm", "openssh-aes128-gcm", NULL
4183 };
4184
4185 /* identities of encryption algs supported by libssh (v0.10.5) defined in iana-ssh-encryption-algs yang module */
4186 const char *iana_encryption_algs[] = {
4187 "aes256-ctr", "aes192-ctr", "aes128-ctr", "aes256-cbc", "aes192-cbc", "aes128-cbc",
4188 "blowfish-cbc", "triple-des-cbc", "none", NULL
4189 };
4190
4191 NC_CHECK_ARG_RET(NULL, ctx, encryption_algs, 1);
4192
4193 return nc_server_config_oper_get_algs(ctx, "iana-ssh-encryption-algs", libnetconf2_encryption_algs,
4194 iana_encryption_algs, encryption_algs);
4195}
4196
4197API int
4198nc_server_config_oper_get_mac_algs(const struct ly_ctx *ctx, struct lyd_node **mac_algs)
4199{
4200 /* identities of mac algs supported by libssh (v0.10.5) defined in libnetconf2-netconf-server yang module */
4201 const char *libnetconf2_mac_algs[] = {
4202 "openssh-hmac-sha2-256-etm", "openssh-hmac-sha2-512-etm", "openssh-hmac-sha1-etm", NULL
4203 };
4204
4205 /* identities of mac algs supported by libssh (v0.10.5) defined in iana-ssh-mac-algs yang module */
4206 const char *iana_mac_algs[] = {
4207 "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", NULL
4208 };
4209
4210 NC_CHECK_ARG_RET(NULL, ctx, mac_algs, 1);
4211
4212 return nc_server_config_oper_get_algs(ctx, "iana-ssh-mac-algs", libnetconf2_mac_algs,
4213 iana_mac_algs, mac_algs);
4214}
4215
4216#endif /* NC_ENABLED_SSH_TLS */