src/libnetconf.h

/**
 * \file libnetconf.h
 * \author Radek Krejci <rkrejci@cesnet.cz>
 * \author Michal Vasko <mvasko@cesnet.cz>
 * \brief libnetconf2 main internal header.
 *
 * Copyright (c) 2015 CESNET, z.s.p.o.
 *
 * This source code is licensed under BSD 3-Clause License (the "License").
 * You may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://opensource.org/licenses/BSD-3-Clause
 */

#ifndef NC_LIBNETCONF_H_
#define NC_LIBNETCONF_H_

#include "config.h"
#include "netconf.h"
#include "log_p.h"
#include "session_p.h"
#include "messages_p.h"

/* Tests whether string is empty or non-empty. */
#define strisempty(str) ((str)[0] == '\0')
#define strnonempty(str) ((str)[0] != '\0')

/**
 * @mainpage About
 *
 * libnetconf2 is a NETCONF library in C handling NETCONF authentication and all NETCONF
 * RPC communication both server and client-side. NETCONF datastore and session management is not a part of this library,
 * but it helps a lot with the sessions.
 *
 * @section about-features Main Features
 *
 * - Creating SSH (using libssh) or TLS (using OpenSSL) authenticated NETCONF sessions.
 * - Creating NETCONF sessions with a pre-established transport protocol
 *   (using this mechanism the communication can be tunneled through sshd(8), for instance).
 * - Creating NETCONF Call Home sessions.
 * - Creating, sending, receiving, and replying to RPCs.
 * - Receiving notifications.
 *
 * - \todo Creating and sending notifications.
 *
 * @section about-license License
 *
 * Copyright (c) 2015-2016 CESNET, z.s.p.o.
 *
 * (The BSD 3-Clause License)
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 * 3. Neither the name of the Company nor the names of its contributors
 *    may be used to endorse or promote products derived from this
 *    software without specific prior written permission.
 */

/**
 * @page howto How To ...
 *
 * - @subpage howtoinit
 * - @subpage howtoclient
 * - @subpage howtoserver
 * - @subpage howtoclientcomm
 * - @subpage howtoservercomm
 */

/**
 * @page howtoinit Init and Thread-safety Information
 *
 * Before working with the library, it must be initialized using nc_client_init()
 * or nc_server_init(). Based on how the library was compiled, also libssh and/or
 * libssh/libcrypto are initialized (for multi-threaded use) too. It is advised
 * to compile libnetconf2, for instance, with TLS support even if you do not want
 * to use lnc2 TLS functions, but only use libssl/libcrypto functions in your
 * application. You can then use libnetconf2 cleanup function and do not
 * trouble yourself with the cleanup.
 *
 * To prevent any reachable memory at the end of your application, there
 * are complementary destroy functions available. If your application is
 * multi-threaded, call the destroy functions in the last thread, after all
 * the other threads have ended. In every other thread you should call
 * nc_thread_destroy() just before it exits.
 *
 * If libnetconf2 is used in accordance with this information, there should
 * not be memory leaks of any kind at program exit. For thread-safety details
 * of libssh, libssl, and libcrypto please refer to the corresponding project
 * documentation. libnetconf2 thread-safety information is below.
 *
 * Client is NOT thread-safe and there is no access control in the client
 * functions at all. Server is MOSTLY thread-safe meaning you can set all the
 * options simultaneously while listening for or accepting new sessions or
 * polling the existing ones. It should even be safe to poll one session in
 * several threads, but it is definitely discouraged. Generally, servers can
 * use more threads without any problems as long as they keep their workflow sane
 * (behavior such as freeing sessions only after no thread uses them or similar).
 *
 * Functions List
 * --------------
 *
 * Available in __nc_client.h__.
 *
 * - nc_client_init()
 * - nc_client_destroy()
 *
 * Available in __nc_server.h__.
 *
 * - nc_server_init()
 * - nc_server_destroy()
 *
 * Available in both __nc_client.h__ and __nc_server.h__.
 *
 * - nc_thread_destroy()
 */

/**
 * @page howtoclient Client sessions
 *
 * There are a lot of options for both an SSH and a TLS client. All of them
 * have setters and getters so that there is no need to duplicate them in
 * a client.
 *
 * SSH
 * ===
 *
 * It is mostly required to set any SSH options and then simply connect to
 * a NETCONF server. Optionally, some authetication callbacks can be set,
 * which are particulary useful in automated clients (passwords cannot be
 * asked a user) or simply if any additional information is retrieved some
 * other way than from standard terminal input.
 *
 * Afterwards, there are 2 functions to use for a new server connection
 * and an additional one for creating a new SSH channel on an existing
 * NETCONF session. The libssh variant enables to customize the SSH session
 * in every way the libssh allows, although that should not normally be needed.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_client.h__.
 *
 * - nc_client_ssh_set_auth_hostkey_check_clb()
 * - nc_client_ssh_set_auth_password_clb()
 * - nc_client_ssh_set_auth_interactive_clb()
 * - nc_client_ssh_set_auth_privkey_passphrase_clb()
 * - nc_client_ssh_add_keypair()
 * - nc_client_ssh_del_keypair()
 * - nc_client_ssh_get_keypair_count()
 * - nc_client_ssh_get_keypair()
 * - nc_client_ssh_set_auth_pref()
 * - nc_client_ssh_get_auth_pref()
 * - nc_client_ssh_set_username()
 * - nc_client_ssh_get_username()
 *
 * - nc_connect_ssh()
 * - nc_connect_libssh()
 * - nc_connect_ssh_channel()
 *
 *
 * TLS
 * ===
 *
 * With TLS authentication, is is mandatory to set the client certificate
 * with a private key and additional trusted certificates and revocation lists.
 *
 * Then there are again 2 functions for connecting, the libssl variant enables
 * to customize the TLS session in every way the libssl allows.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_client.h__.
 *
 * - nc_client_tls_set_cert_key_paths()
 * - nc_client_tls_get_cert_key_paths()
 * - nc_client_tls_set_trusted_ca_paths()
 * - nc_client_tls_get_trusted_ca_paths()
 * - nc_client_tls_set_crl_paths()
 * - nc_client_tls_get_crl_paths()
 *
 * - nc_connect_tls()
 * - nc_connect_libssl()
 *
 *
 * FD
 * ==
 *
 * If you authenticated the connection using some tunneling software, you
 * can pass its file descriptors to libnetconf2, which will continue to
 * establish a full NETCONF session.
 *
 * Funtions List
 * -------------
 *
 * Available in __nc_client.h__.
 *
 * - nc_connect_inout()
 *
 *
 * Call Home
 * =========
 *
 * Call Home needs the same options set as standard SSH or TLS and the functions
 * reflect it exactly. However, to accept a connection, the client must first
 * specify addresses and ports, which to listen on. Then connections can be
 * accepted.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_client.h__.
 *
 * - nc_client_ssh_ch_set_auth_hostkey_check_clb()
 * - nc_client_ssh_ch_set_auth_password_clb()
 * - nc_client_ssh_ch_set_auth_interactive_clb()
 * - nc_client_ssh_ch_set_auth_privkey_passphrase_clb()
 * - nc_client_ssh_ch_add_bind_listen()
 * - nc_client_ssh_ch_del_bind()
 * - nc_client_ssh_ch_add_keypair()
 * - nc_client_ssh_ch_del_keypair()
 * - nc_client_ssh_ch_get_keypair_count()
 * - nc_client_ssh_ch_get_keypair()
 * - nc_client_ssh_ch_set_auth_pref()
 * - nc_client_ssh_ch_get_auth_pref()
 * - nc_client_ssh_ch_set_username()
 * - nc_client_ssh_ch_get_username()
 *
 * - nc_client_tls_ch_add_bind_listen()
 * - nc_client_tls_ch_del_bind()
 * - nc_client_tls_ch_set_cert_key_paths()
 * - nc_client_tls_ch_get_cert_key_paths()
 * - nc_client_tls_ch_set_trusted_ca_paths()
 * - nc_client_tls_ch_get_trusted_ca_paths()
 * - nc_client_tls_ch_set_crl_paths()
 * - nc_client_tls_ch_get_crl_paths()
 *
 * - nc_accept_callhome()
 *
 *
 * Cleanup
 * =======
 *
 * These options and the schema searchpath are stored in dynamically
 * allocated memory. To free it, destroy the client, it cleans up all
 * the options
 *
 * Functions List
 * --------------
 *
 * Available in __nc_client.h__.
 *
 * - nc_client_destroy()
 */

/**
 * @page howtoserver Server sessions
 *
 * Init
 * ====
 *
 * Server takes an argument for its [initialization function](@ref howtoinit).
 * In it, you set the server context, which determines what modules it
 * supports and what capabilities to advertise. Few capabilities that
 * cannot be learnt from the context are set with separate functions.
 * So are several general options.
 *
 * Context does not only determine server modules, but its overall
 * functionality as well. For every RPC the server should support,
 * an nc_rpc_clb callback should be set on that node in the context.
 * Server then calls these as appropriate [during poll](@ref howtoservercomm).
 *
 * Server options can be only set, there are no getters.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_server.h__.
 *
 * - nc_server_set_capab_withdefaults()
 * - nc_server_set_capab_interleave()
 * - nc_server_set_hello_timeout()
 * - nc_server_set_idle_timeout()
 *
 *
 * SSH
 * ===
 *
 * To be able to accept SSH connections, an endpoint must be added
 * and its options set.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_server.h__.
 *
 * - nc_server_ssh_add_endpt_listen()
 * - nc_server_ssh_endpt_set_address()
 * - nc_server_ssh_endpt_set_port()
 * - nc_server_ssh_del_endpt()
 *
 * - nc_server_ssh_endpt_set_hostkey()
 * - nc_server_ssh_endpt_set_banner()
 * - nc_server_ssh_endpt_set_auth_methods()
 * - nc_server_ssh_endpt_set_auth_attempts()
 * - nc_server_ssh_endpt_set_auth_timeout()
 * - nc_server_ssh_endpt_add_authkey()
 * - nc_server_ssh_endpt_del_authkey()
 *
 *
 * TLS
 * ===
 *
 * TLS requires at least one endpoint too, but its options differ
 * significantly from the SSH ones, especially in the cert-to-name
 * options that TLS uses to derive usernames from client certificates.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_server.h__.
 *
 * - nc_server_tls_add_endpt_listen()
 * - nc_server_tls_endpt_set_address()
 * - nc_server_tls_endpt_set_port()
 * - nc_server_tls_del_endpt()
 *
 * - nc_server_tls_endpt_set_cert()
 * - nc_server_tls_endpt_set_cert_path()
 * - nc_server_tls_endpt_set_key()
 * - nc_server_tls_endpt_set_key_path()
 * - nc_server_tls_endpt_add_trusted_cert()
 * - nc_server_tls_endpt_add_trusted_cert_path()
 * - nc_server_tls_endpt_set_trusted_ca_paths()
 * - nc_server_tls_endpt_clear_certs()
 * - nc_server_tls_endpt_set_crl_paths()
 * - nc_server_tls_endpt_clear_crls()
 * - nc_server_tls_endpt_add_ctn()
 * - nc_server_tls_endpt_del_ctn()
 *
 * FD
 * ==
 *
 * If you used a tunneling software, which does its own authentication,
 * you can accept a NETCONF session on its file descriptors.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_server.h__.
 *
 * - nc_accept_inout()
 *
 *
 * Call Home
 * =========
 *
 * Call Home does not work with endpoints like standard sessions.
 * The options must be reset manually after another Call Home session
 * (with different options than the previous one) is to be established.
 * Also, monitoring of these sessions is up to the application.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_server.h__.
 *
 * - nc_connect_callhome_ssh()
 * - nc_connect_callhome_tls()
 *
 * - nc_server_ssh_ch_set_hostkey()
 * - nc_server_ssh_ch_set_banner()
 * - nc_server_ssh_ch_set_auth_methods()
 * - nc_server_ssh_ch_set_auth_attempts()
 * - nc_server_ssh_ch_set_auth_timeout()
 * - nc_server_ssh_ch_add_authkey()
 * - nc_server_ssh_ch_del_authkey()
 * - nc_server_ssh_ch_clear_opts()
 *
 * - nc_server_tls_ch_set_cert()
 * - nc_server_tls_ch_set_cert_path()
 * - nc_server_tls_ch_set_key()
 * - nc_server_tls_ch_set_key_path()
 * - nc_server_tls_ch_add_trusted_cert()
 * - nc_server_tls_ch_add_trusted_cert_path()
 * - nc_server_tls_ch_set_trusted_ca_paths()
 * - nc_server_tls_ch_clear_certs()
 * - nc_server_tls_ch_set_crl_paths()
 * - nc_server_tls_ch_clear_crls()
 * - nc_server_tls_ch_add_ctn()
 * - nc_server_tls_ch_del_ctn()
 * - nc_server_tls_ch_clear_opts()
 *
 *
 * Connecting And Cleanup
 * ======================
 *
 * When accepting connections, all the endpoints are examined
 * and the first with a pending connection is used. To remove all
 * the endpoints and free any used dynamic memory, destroy the server.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_server.h__.
 *
 * - nc_accept()
 *
 * - nc_server_destroy()
 */

/**
 * @page howtoclientcomm Client communication
 *
 * To send RPCs on a session, you simply create an RPC, send it,
 * and then wait for a reply. If you are subscribed, there are 2 ways
 * of receiving notifications. Either you wait for them the same way
 * as for standard replies or you create a dispatcher that asynchronously
 * (in a separate thread) reads notifications and passes them to your
 * callback.
 *
 * Functions List
 * --------------
 *
 * Available in __nc_client.h__.
 *
 * - nc_rpc_generic()
 * - nc_rpc_generic_xml()
 * - nc_rpc_getconfig()
 * - nc_rpc_edit()
 * - nc_rpc_copy()
 * - nc_rpc_delete()
 * - nc_rpc_lock()
 * - nc_rpc_unlock()
 * - nc_rpc_get()
 * - nc_rpc_kill()
 * - nc_rpc_commit()
 * - nc_rpc_discard()
 * - nc_rpc_cancel()
 * - nc_rpc_validate()
 * - nc_rpc_getschema()
 * - nc_rpc_subscribe()
 *
 * - nc_send_rpc()
 * - nc_recv_reply()
 * - nc_recv_notif()
 * - nc_recv_notif_dispatch()
 */

/**
 * @page howtoservercomm Server communication
 *
 * Once at least one session is established, an nc_pollsession structure
 * should be created, filled with the session and polled. Based on
 * the return value from the poll further actions can be taken. More
 * sessions can be polled at the same time. Any requests received on
 * the sessions are [handled internally](@ref howtoserver).
 *
 * Functions List
 * --------------
 *
 * Available in __nc_client.h__.
 *
 * - nc_ps_new()
 * - nc_ps_add_session()
 * - nc_ps_del_session()
 * - nc_ps_session_count()
 * - nc_ps_free()
 *
 * - nc_ps_poll()
 * - nc_ps_clear()
 * - nc_ps_accept_ssh_channel()
 */

#endif /* NC_LIBNETCONF_H_ */