blob: 25327873d41310a23d3fb32bd30846453caafd16 [file] [log] [blame]
Michal Vasko45f298f2016-01-29 10:26:26 +01001/**
Michal Vaskoc446a382021-06-18 08:54:05 +02002 * @file session_client_ch.h
3 * @author Michal Vasko <mvasko@cesnet.cz>
4 * @brief libnetconf2 Call Home session client manipulation
Michal Vasko45f298f2016-01-29 10:26:26 +01005 *
Michal Vasko95ea9ff2021-11-09 12:29:14 +01006 * @copyright
Michal Vaskoc446a382021-06-18 08:54:05 +02007 * Copyright (c) 2015 - 2021 CESNET, z.s.p.o.
Michal Vasko45f298f2016-01-29 10:26:26 +01008 *
Radek Krejci9b81f5b2016-02-24 13:14:49 +01009 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
Michal Vaskoafd416b2016-02-25 14:51:46 +010012 *
Radek Krejci9b81f5b2016-02-24 13:14:49 +010013 * https://opensource.org/licenses/BSD-3-Clause
Michal Vasko45f298f2016-01-29 10:26:26 +010014 */
15
16#ifndef NC_SESSION_CLIENT_CH_H_
17#define NC_SESSION_CLIENT_CH_H_
18
Michal Vaskoc09730e2019-01-17 10:07:26 +010019#ifdef __cplusplus
20extern "C" {
21#endif
22
Michal Vasko45f298f2016-01-29 10:26:26 +010023#include <libyang/libyang.h>
24
Michal Vaskoc446a382021-06-18 08:54:05 +020025#ifdef NC_ENABLED_SSH
26# include <libssh/libssh.h>
27#endif
28
Michal Vasko45f298f2016-01-29 10:26:26 +010029#include "messages_client.h"
Michal Vaskob83a3fa2021-05-26 09:53:42 +020030#include "netconf.h"
31#include "session.h"
Michal Vasko45f298f2016-01-29 10:26:26 +010032
Michal Vaskob83a3fa2021-05-26 09:53:42 +020033#if defined (NC_ENABLED_SSH) || defined (NC_ENABLED_TLS)
Michal Vasko45f298f2016-01-29 10:26:26 +010034
35/**
Radek Krejci6799a052017-05-19 14:23:23 +020036 * @defgroup client_ch Client-side Call Home
37 * @ingroup client
38 *
39 * @brief Call Home functionality for client-side applications.
40 * @{
41 */
42
43/**
Michal Vasko45f298f2016-01-29 10:26:26 +010044 * @brief Accept a Call Home connection on any of the listening binds.
45 *
46 * @param[in] timeout Timeout for receiving a new connection in milliseconds, 0 for
47 * non-blocking call, -1 for infinite waiting.
48 * @param[in] ctx Session context to use. Can be NULL.
49 * @param[out] session New session.
Michal Vaskof0537d82016-01-29 14:42:38 +010050 * @return 1 on success, 0 on timeout, -1 on error.
Michal Vasko45f298f2016-01-29 10:26:26 +010051 */
52int nc_accept_callhome(int timeout, struct ly_ctx *ctx, struct nc_session **session);
53
Michal Vaskoc446a382021-06-18 08:54:05 +020054/** @} Client-side Call Home */
Radek Krejci6799a052017-05-19 14:23:23 +020055
Radek Krejci53691be2016-02-22 13:58:37 +010056#endif /* NC_ENABLED_SSH || NC_ENABLED_TLS */
Michal Vasko45f298f2016-01-29 10:26:26 +010057
Radek Krejci53691be2016-02-22 13:58:37 +010058#ifdef NC_ENABLED_SSH
Michal Vasko45f298f2016-01-29 10:26:26 +010059
60/**
Radek Krejci6799a052017-05-19 14:23:23 +020061 * @defgroup client_ch_ssh Client-side Call Home on SSH
62 * @ingroup client_ch
63 *
64 * @brief SSH settings for the Call Home functionality
65 * @{
66 */
67
68/**
Radek Krejci90a84a22017-05-25 13:53:00 +020069 * @brief Set SSH Call Home authentication hostkey check (knownhosts) callback.
70 *
71 * Repetitive calling causes replacing of the previous callback and its private data. Caller is responsible for
72 * freeing the private data when necessary (the private data can be obtained by
73 * nc_client_ssh_ch_get_auth_hostkey_check_clb()).
Michal Vaskoef112d72016-02-18 13:28:25 +010074 *
75 * @param[in] auth_hostkey_check Function to call, returns 0 on success, non-zero in error.
76 * If NULL, the default callback is set.
Radek Krejci90a84a22017-05-25 13:53:00 +020077 * @param[in] priv Optional private data to be passed to the callback function.
Michal Vaskoef112d72016-02-18 13:28:25 +010078 */
Radek Krejci90a84a22017-05-25 13:53:00 +020079void nc_client_ssh_ch_set_auth_hostkey_check_clb(int (*auth_hostkey_check)(const char *hostname, ssh_session session, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +020080 void *priv);
Michal Vaskoef112d72016-02-18 13:28:25 +010081
82/**
Radek Krejci90a84a22017-05-25 13:53:00 +020083 * @brief Get currently set SSH Call Home authentication hostkey check (knownhosts) callback and its private data
84 * previously set by nc_client_ssh_ch_set_auth_hostkey_check_clb().
85 *
86 * @param[out] auth_hostkey_check Currently set callback, NULL in case of the default callback.
87 * @param[out] priv Currently set (optional) private data to be passed to the callback function.
88 */
89void nc_client_ssh_ch_get_auth_hostkey_check_clb(int (**auth_hostkey_check)(const char *hostname, ssh_session session, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +020090 void **priv);
Radek Krejci90a84a22017-05-25 13:53:00 +020091/**
Michal Vasko30e2c872016-02-18 10:03:21 +010092 * @brief Set SSH Call Home password authentication callback.
93 *
Radek Krejci90a84a22017-05-25 13:53:00 +020094 * Repetitive calling causes replacing of the previous callback and its private data. Caller is responsible for
95 * freeing the private data when necessary (the private data can be obtained by
96 * nc_client_ssh_ch_get_auth_password_clb()).
97 *
Michal Vaskofdfd9dd2016-02-29 10:18:46 +010098 * @param[in] auth_password Function to call, returns the password for username\@hostname.
Michal Vasko30e2c872016-02-18 10:03:21 +010099 * If NULL, the default callback is set.
Radek Krejci90a84a22017-05-25 13:53:00 +0200100 * @param[in] priv Optional private data to be passed to the callback function.
Michal Vasko30e2c872016-02-18 10:03:21 +0100101 */
Radek Krejci90a84a22017-05-25 13:53:00 +0200102void nc_client_ssh_ch_set_auth_password_clb(char *(*auth_password)(const char *username, const char *hostname, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200103 void *priv);
Radek Krejci90a84a22017-05-25 13:53:00 +0200104
105/**
106 * @brief Get currently set SSH Call Home password authentication callback and its private data
107 * previously set by nc_client_ssh_ch_set_auth_password_clb().
108 *
109 * @param[out] auth_password Currently set callback, NULL in case of the default callback.
110 * @param[out] priv Currently set (optional) private data to be passed to the callback function.
111 */
112void nc_client_ssh_ch_get_auth_password_clb(char *(**auth_password)(const char *username, const char *hostname, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200113 void **priv);
Michal Vasko30e2c872016-02-18 10:03:21 +0100114
115/**
116 * @brief Set SSH Call Home interactive authentication callback.
117 *
Radek Krejci90a84a22017-05-25 13:53:00 +0200118 * Repetitive calling causes replacing of the previous callback and its private data. Caller is responsible for
119 * freeing the private data when necessary (the private data can be obtained by
120 * nc_client_ssh_ch_get_auth_interactive_clb()).
121 *
Michal Vasko30e2c872016-02-18 10:03:21 +0100122 * @param[in] auth_interactive Function to call for every question, returns the answer for
123 * authentication name with instruction and echoing prompt.
124 * If NULL, the default callback is set.
Radek Krejci90a84a22017-05-25 13:53:00 +0200125 * @param[in] priv Optional private data to be passed to the callback function.
Michal Vasko30e2c872016-02-18 10:03:21 +0100126 */
127void nc_client_ssh_ch_set_auth_interactive_clb(char *(*auth_interactive)(const char *auth_name, const char *instruction,
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200128 const char *prompt, int echo, void *priv),
129 void *priv);
Radek Krejci90a84a22017-05-25 13:53:00 +0200130
131/**
132 * @brief Get currently set SSH Call Home interactive authentication callback and its private data
133 * previously set by nc_client_ssh_ch_set_auth_interactive_clb().
134 *
135 * @param[out] auth_interactive Currently set callback, NULL in case of the default callback.
136 * @param[out] priv Currently set (optional) private data to be passed to the callback function.
137 */
138void nc_client_ssh_ch_get_auth_interactive_clb(char *(**auth_interactive)(const char *auth_name, const char *instruction,
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200139 const char *prompt, int echo, void *priv),
140 void **priv);
Michal Vasko30e2c872016-02-18 10:03:21 +0100141
142/**
143 * @brief Set SSH Call Home publickey authentication encrypted private key passphrase callback.
144 *
Radek Krejci90a84a22017-05-25 13:53:00 +0200145 * Repetitive calling causes replacing of the previous callback and its private data. Caller is responsible for
146 * freeing the private data when necessary (the private data can be obtained by
147 * nc_client_ssh_ch_get_auth_privkey_passphrase_clb()).
148 *
Michal Vasko30e2c872016-02-18 10:03:21 +0100149 * @param[in] auth_privkey_passphrase Function to call for every question, returns
150 * the passphrase for the specific private key.
Radek Krejci90a84a22017-05-25 13:53:00 +0200151 * @param[in] priv Optional private data to be passed to the callback function.
Michal Vasko30e2c872016-02-18 10:03:21 +0100152 */
Radek Krejci90a84a22017-05-25 13:53:00 +0200153void nc_client_ssh_ch_set_auth_privkey_passphrase_clb(char *(*auth_privkey_passphrase)(const char *privkey_path, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200154 void *priv);
Radek Krejci90a84a22017-05-25 13:53:00 +0200155
156/**
157 * @brief Get currently set SSH Call Home publickey authentication encrypted private key passphrase callback and its
158 * private data previously set by nc_client_ssh_ch_set_auth_privkey_passphrase_clb().
159 *
160 * @param[out] auth_privkey_passphrase Currently set callback, NULL in case of the default callback.
161 * @param[out] priv Currently set (optional) private data to be passed to the callback function.
162 */
163void nc_client_ssh_ch_get_auth_privkey_passphrase_clb(char *(**auth_privkey_passphrase)(const char *privkey_path, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200164 void **priv);
Michal Vasko30e2c872016-02-18 10:03:21 +0100165
166/**
Michal Vasko45f298f2016-01-29 10:26:26 +0100167 * @brief Add a new client bind and start listening on it for SSH Call Home connections.
168 *
169 * @param[in] address IP address to bind to.
170 * @param[in] port Port to bind to.
171 * @return 0 on success, -1 on error.
172 */
173int nc_client_ssh_ch_add_bind_listen(const char *address, uint16_t port);
174
175/**
176 * @brief Remove an SSH listening client bind.
177 *
178 * @param[in] address IP address the socket was bound to. NULL matches all.
179 * @param[in] port Port the socket was bound to. 0 matches all.
180 * @return 0 on success, -1 on not found.
181 */
182int nc_client_ssh_ch_del_bind(const char *address, uint16_t port);
183
184/**
185 * @brief Add an SSH public and private key pair to be used for Call Home client authentication.
186 *
187 * Private key can be encrypted, the passphrase will be asked for before using it.
188 *
Michal Vasko45f298f2016-01-29 10:26:26 +0100189 * @param[in] pub_key Path to the public key.
190 * @param[in] priv_key Path to the private key.
Michal Vaskof0537d82016-01-29 14:42:38 +0100191 * @return 0 on success, -1 on error.
Michal Vasko45f298f2016-01-29 10:26:26 +0100192 */
193int nc_client_ssh_ch_add_keypair(const char *pub_key, const char *priv_key);
194
195/**
196 * @brief Remove an SSH public and private key pair that was used for Call Home client authentication.
197 *
Michal Vasko45f298f2016-01-29 10:26:26 +0100198 * @param[in] idx Index of the keypair starting with 0.
Michal Vasko45f298f2016-01-29 10:26:26 +0100199 * @return 0 on success, -1 on error.
200 */
201int nc_client_ssh_ch_del_keypair(int idx);
202
203/**
204 * @brief Get the number of public an private key pairs set to be used for Call Home client authentication.
205 *
206 * @return Keypair count.
207 */
208int nc_client_ssh_ch_get_keypair_count(void);
209
210/**
211 * @brief Get a specific keypair set to be used for Call Home client authentication.
212 *
213 * @param[in] idx Index of the specific keypair.
214 * @param[out] pub_key Path to the public key.
215 * @param[out] priv_key Path to the private key.
Michal Vasko45f298f2016-01-29 10:26:26 +0100216 * @return 0 on success, -1 on error.
217 */
218int nc_client_ssh_ch_get_keypair(int idx, const char **pub_key, const char **priv_key);
219
220/**
221 * @brief Set SSH Call Home authentication method preference.
222 *
Radek Krejci62aa0642017-05-25 16:33:49 +0200223 * The default preference is as follows:
224 * - public key authentication (3)
225 * - password authentication (2)
226 * - interactive authentication (1)
227 *
228 * @param[in] auth_type Authentication method to modify the preference of.
Michal Vaskoc446a382021-06-18 08:54:05 +0200229 * @param[in] pref Preference of @p auth_type. Higher number increases priority, negative values disable the method.
Michal Vasko45f298f2016-01-29 10:26:26 +0100230 */
231void nc_client_ssh_ch_set_auth_pref(NC_SSH_AUTH_TYPE auth_type, int16_t pref);
232
233/**
234 * @brief Get SSH Call Home authentication method preference.
235 *
Michal Vasko45f298f2016-01-29 10:26:26 +0100236 * @param[in] auth_type Authentication method to retrieve the prefrence of.
Michal Vaskoc446a382021-06-18 08:54:05 +0200237 * @return Preference of the @p auth_type.
Michal Vasko45f298f2016-01-29 10:26:26 +0100238 */
239int16_t nc_client_ssh_ch_get_auth_pref(NC_SSH_AUTH_TYPE auth_type);
240
241/**
242 * @brief Set client Call Home SSH username used for authentication.
243 *
244 * @param[in] username Username to use.
245 * @return 0 on success, -1 on error.
246 */
247int nc_client_ssh_ch_set_username(const char *username);
248
Michal Vaskoe22c6732016-01-29 11:03:02 +0100249/**
250 * @brief Get client Call Home SSH username used for authentication.
251 *
252 * @return Username used.
253 */
254const char *nc_client_ssh_ch_get_username(void);
255
Michal Vaskoc446a382021-06-18 08:54:05 +0200256/** @} Client-side Call Home on SSH */
Radek Krejci6799a052017-05-19 14:23:23 +0200257
Radek Krejci53691be2016-02-22 13:58:37 +0100258#endif /* NC_ENABLED_SSH */
Michal Vasko45f298f2016-01-29 10:26:26 +0100259
Radek Krejci53691be2016-02-22 13:58:37 +0100260#ifdef NC_ENABLED_TLS
Michal Vasko45f298f2016-01-29 10:26:26 +0100261
262/**
Radek Krejci6799a052017-05-19 14:23:23 +0200263 * @defgroup client_ch_tls Client-side Call Home on TLS
264 * @ingroup client_ch
265 *
266 * @brief TLS settings for the Call Home functionality
267 * @{
268 */
269
270/**
Michal Vasko45f298f2016-01-29 10:26:26 +0100271 * @brief Add a new client bind and start listening on it for TLS Call Home connections.
272 *
273 * @param[in] address IP address to bind to.
274 * @param[in] port Port to bind to.
275 * @return 0 on success, -1 on error.
276 */
277int nc_client_tls_ch_add_bind_listen(const char *address, uint16_t port);
278
279/**
Michal Vasko9d4cca52022-09-07 11:19:57 +0200280 * @brief Add a new client bind and start listening on it for TLS Call Home connections coming from the specified hostname.
281 *
282 * @param[in] address IP address to bind to.
283 * @param[in] port Port to bind to.
Michal Vaskob8f1fa12022-09-07 11:47:42 +0200284 * @param[in] hostname Expected server hostname, verified by TLS when connecting to it. If NULL, the check is skipped.
Michal Vasko9d4cca52022-09-07 11:19:57 +0200285 * @return 0 on success, -1 on error.
286 */
287int nc_client_tls_ch_add_bind_hostname_listen(const char *address, uint16_t port, const char *hostname);
288
289/**
Michal Vasko45f298f2016-01-29 10:26:26 +0100290 * @brief Remove a TLS listening client bind.
291 *
292 * @param[in] address IP address the socket was bound to. NULL matches all.
293 * @param[in] port Port the socket was bound to. 0 matches all.
294 * @return 0 on success, -1 on not found.
295 */
296int nc_client_tls_ch_del_bind(const char *address, uint16_t port);
297
298/**
299 * @brief Set client Call Home authentication identity - a certificate and a private key.
300 *
Michal Vaskoe22c6732016-01-29 11:03:02 +0100301 * @param[in] client_cert Path to the file containing the client certificate.
Michal Vaskoc446a382021-06-18 08:54:05 +0200302 * @param[in] client_key Path to the file containing the private key for the @p client_cert.
303 * If NULL, key is expected to be stored with @p client_cert.
Michal Vasko45f298f2016-01-29 10:26:26 +0100304 * @return 0 on success, -1 on error.
305 */
Michal Vaskoe22c6732016-01-29 11:03:02 +0100306int nc_client_tls_ch_set_cert_key_paths(const char *client_cert, const char *client_key);
307
308/**
309 * @brief Get client Call Home authentication identity - a certificate and a private key.
310 *
Michal Vaskoe22c6732016-01-29 11:03:02 +0100311 * @param[out] client_cert Path to the file containing the client certificate. Can be NULL.
Michal Vaskoc446a382021-06-18 08:54:05 +0200312 * @param[out] client_key Path to the file containing the private key for the @p client_cert.
Michal Vaskoe22c6732016-01-29 11:03:02 +0100313 * Can be NULL.
314 */
315void nc_client_tls_ch_get_cert_key_paths(const char **client_cert, const char **client_key);
Michal Vasko45f298f2016-01-29 10:26:26 +0100316
317/**
318 * @brief Set client Call Home trusted CA certificates.
319 *
320 * @param[in] ca_file Location of the CA certificate file used to verify server certificates.
321 * For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
322 * @param[in] ca_dir Location of the CA certificates directory used to verify the server certificates.
323 * For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
324 * @return 0 on success, -1 on error.
325 */
Michal Vaskoe22c6732016-01-29 11:03:02 +0100326int nc_client_tls_ch_set_trusted_ca_paths(const char *ca_file, const char *ca_dir);
327
328/**
329 * @brief Get client Call Home trusted CA certificates.
330 *
331 * @param[out] ca_file Location of the CA certificate file used to verify server certificates.
332 * Can be NULL.
333 * @param[out] ca_dir Location of the CA certificates directory used to verify the server certificates.
334 * Can be NULL.
335 */
336void nc_client_tls_ch_get_trusted_ca_paths(const char **ca_file, const char **ca_dir);
Michal Vasko45f298f2016-01-29 10:26:26 +0100337
338/**
339 * @brief Set client Call Home Certificate Revocation Lists.
340 *
341 * @param[in] crl_file Location of the CRL certificate file used to check for revocated certificates.
342 * @param[in] crl_dir Location of the CRL certificate directory used to check for revocated certificates.
343 * @return 0 on success, -1 on error.
344 */
Michal Vaskoe22c6732016-01-29 11:03:02 +0100345int nc_client_tls_ch_set_crl_paths(const char *crl_file, const char *crl_dir);
346
347/**
348 * @brief Get client Call Home Certificate Revocation Lists.
349 *
350 * @param[out] crl_file Location of the CRL certificate file used to check for revocated certificates.
351 * Can be NULL.
352 * @param[out] crl_dir Location of the CRL certificate directory used to check for revocated certificates.
353 * Can be NULL.
354 */
355void nc_client_tls_ch_get_crl_paths(const char **crl_file, const char **crl_dir);
Michal Vasko45f298f2016-01-29 10:26:26 +0100356
Michal Vaskoc446a382021-06-18 08:54:05 +0200357/** @} Client-side Call Home on TLS */
Radek Krejci6799a052017-05-19 14:23:23 +0200358
Radek Krejci53691be2016-02-22 13:58:37 +0100359#endif /* NC_ENABLED_TLS */
Michal Vasko45f298f2016-01-29 10:26:26 +0100360
Michal Vaskoc09730e2019-01-17 10:07:26 +0100361#ifdef __cplusplus
362}
363#endif
364
Michal Vasko45f298f2016-01-29 10:26:26 +0100365#endif /* NC_SESSION_CLIENT_CH_H_ */