Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / CESNET / libnetconf2 / 8341e8ba18ea0fdae7ae62544c743429a24b085a / . / src / server_config.c
blob: 04281ae8eb820659fb8266dc9f6d9d1e971773c8 [file] [log] [blame]
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1/**
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2 * @file server_config.c
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]3 * @author Roman Janota <janota@cesnet.cz>
4 * @brief libnetconf2 server configuration functions
5 *
6 * @copyright
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]7 * Copyright (c) 2022-2023 CESNET, z.s.p.o.
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]8 *
9 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * https://opensource.org/licenses/BSD-3-Clause
14 */
roman27215242023-03-10 14:55:00 +0100[diff] [blame]15
16#define _GNU_SOURCE
17
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]18#include <assert.h>
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]19#include <ctype.h>
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]20#include <pthread.h>
21#include <stdint.h>
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]22#include <stdlib.h>
23#include <string.h>
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]24#include <unistd.h>
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]25
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]26#include <libyang/libyang.h>
romana3c95c72023-10-26 11:15:53 +0200[diff] [blame]27#include <libyang/tree_data.h>
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]28
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]29#ifdef NC_ENABLED_SSH_TLS
roman13145912023-08-17 15:36:54 +0200[diff] [blame]30#include <openssl/err.h>
31#include <openssl/evp.h> // EVP_PKEY_free
32#include <openssl/x509.h> // d2i_PUBKEY
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]33#include <openssl/x509_vfy.h> // X509_STORE_free
34#endif
35
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]36#include "compat.h"
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]37#include "config.h"
38#include "log_p.h"
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]39#include "server_config.h"
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]40#include "server_config_p.h"
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]41#include "session_p.h"
42
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]43#ifdef NC_ENABLED_SSH_TLS
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]44
45/* All libssh supported host-key, key-exchange, encryption and mac algorithms as of version 0.10.90 */
46
47static const char *supported_hostkey_algs[] = {
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]48 "openssh-ssh-ed25519-cert-v01", "openssh-ecdsa-sha2-nistp521-cert-v01",
49 "openssh-ecdsa-sha2-nistp384-cert-v01", "openssh-ecdsa-sha2-nistp256-cert-v01",
50 "openssh-rsa-sha2-512-cert-v01", "openssh-rsa-sha2-256-cert-v01",
51 "openssh-ssh-rsa-cert-v01", "openssh-ssh-dss-cert-v01",
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]52 "ssh-ed25519", "ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256",
53 "rsa-sha2-512", "rsa-sha2-256", "ssh-rsa", "ssh-dss", NULL
54};
55
56static const char *supported_kex_algs[] = {
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]57 "diffie-hellman-group-exchange-sha1", "curve25519-sha256", "libssh-curve25519-sha256",
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]58 "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group18-sha512",
59 "diffie-hellman-group16-sha512", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group14-sha256", NULL
60};
61
62static const char *supported_encryption_algs[] = {
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]63 "openssh-chacha20-poly1305", "openssh-aes256-gcm", "openssh-aes128-gcm",
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]64 "aes256-ctr", "aes192-ctr", "aes128-ctr", "aes256-cbc", "aes192-cbc", "aes128-cbc",
roman27215242023-03-10 14:55:00 +0100[diff] [blame]65 "blowfish-cbc", "triple-des-cbc", "none", NULL
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]66};
67
68static const char *supported_mac_algs[] = {
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]69 "openssh-hmac-sha2-256-etm", "openssh-hmac-sha2-512-etm", "openssh-hmac-sha1-etm",
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]70 "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", NULL
71};
72
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]73#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]74
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]75extern struct nc_server_opts server_opts;
76
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]77/* returns a parent node of 'node' that matches the name 'name' */
78static const struct lyd_node *
79nc_server_config_get_parent(const struct lyd_node *node, const char *name)
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]80{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]81 NC_CHECK_ARG_RET(NULL, node, name, NULL);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]82
83 while (node) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]84 if (!strcmp(LYD_NAME(node), name)) {
85 return node;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]86 }
87 node = lyd_parent(node);
88 }
89
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]90 return NULL;
91}
92
93/* returns a parent list node of 'node' that matches the name 'name' */
94static const struct lyd_node *
95nc_server_config_get_parent_list(const struct lyd_node *node, const char *name)
96{
97 NC_CHECK_ARG_RET(NULL, node, name, NULL);
98
99 while (node) {
100 /* check if the node is a list and its name matches the param */
101 if ((node->schema->nodetype == LYS_LIST) && (!strcmp(LYD_NAME(node), name))) {
102 return node;
103 }
104 node = lyd_parent(node);
105 }
106
107 return NULL;
108}
109
110/* returns the key of a list node with the name 'name' */
111static const char *
112nc_server_config_get_parent_list_key_value(const struct lyd_node *node, const char *name, const char *key_name)
113{
114 const char *original_name;
115
116 NC_CHECK_ARG_RET(NULL, node, name, key_name, NULL);
117 original_name = LYD_NAME(node);
118
119 /* get the supposed parent list */
120 node = nc_server_config_get_parent_list(node, name);
121 if (!node) {
122 ERR(NULL, "Node \"%s\" not contained in \"%s\" subtree.", original_name, name);
123 return NULL;
124 }
125
126 /* child should be the key */
127 node = lyd_child(node);
128 if (!node) {
129 ERR(NULL, "Node \"%s\" has no child nodes.", name);
130 return NULL;
131 }
132 if (strcmp(LYD_NAME(node), key_name)) {
133 ERR(NULL, "Node \"%s\" child names mismatch (found:\"%s\", expected:\"%s\").", original_name, LYD_NAME(node), key_name);
134 return NULL;
135 }
136
137 return lyd_get_value(node);
138}
139
140/* returns true if a node is a part of the listen subtree */
141static int
142is_listen(const struct lyd_node *node)
143{
144 node = nc_server_config_get_parent(node, "listen");
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]145 return node != NULL;
146}
147
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]148/* returns true if a node is a part of the Call Home subtree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]149static int
150is_ch(const struct lyd_node *node)
151{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]152 node = nc_server_config_get_parent(node, "call-home");
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]153 return node != NULL;
154}
155
156#ifdef NC_ENABLED_SSH_TLS
157
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]158/* returns true if a node is a part of the ssh subtree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]159static int
160is_ssh(const struct lyd_node *node)
161{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]162 node = nc_server_config_get_parent(node, "ssh");
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]163 return node != NULL;
164}
165
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]166/* returns true if a node is a part of the tls subtree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]167static int
168is_tls(const struct lyd_node *node)
169{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]170 node = nc_server_config_get_parent(node, "tls");
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]171 return node != NULL;
172}
173
174#endif /* NC_ENABLED_SSH_TLS */
175
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]176/* gets the endpoint struct (and optionally bind) based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]177static int
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]178nc_server_config_get_endpt(const struct lyd_node *node, struct nc_endpt **endpt, struct nc_bind **bind)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]179{
180 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]181 const char *name;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]182
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]183 NC_CHECK_ARG_RET(NULL, node, endpt, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]184
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]185 name = nc_server_config_get_parent_list_key_value(node, "endpoint", "name");
186 if (!name) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]187 return 1;
188 }
189
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]190 for (i = 0; i < server_opts.endpt_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]191 if (!strcmp(server_opts.endpts[i].name, name)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]192 *endpt = &server_opts.endpts[i];
193 if (bind) {
194 *bind = &server_opts.binds[i];
195 }
196 return 0;
197 }
198 }
199
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]200 ERR(NULL, "Endpoint \"%s\" was not found.", name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]201 return 1;
202}
203
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]204/* gets the ch_client struct based on node's location in the YANG data tree
205 * THE ch_client_lock HAS TO BE LOCKED PRIOR TO CALLING THIS
206 */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]207static int
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]208nc_server_config_get_ch_client(const struct lyd_node *node, struct nc_ch_client **ch_client)
209{
210 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]211 const char *name;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]212
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]213 NC_CHECK_ARG_RET(NULL, node, ch_client, 1);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]214
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]215 name = nc_server_config_get_parent_list_key_value(node, "netconf-client", "name");
216 if (!name) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]217 return 1;
218 }
219
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]220 for (i = 0; i < server_opts.ch_client_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]221 if (!strcmp(server_opts.ch_clients[i].name, name)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]222 *ch_client = &server_opts.ch_clients[i];
223 return 0;
224 }
225 }
226
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]227 ERR(NULL, "Call-home client \"%s\" was not found.", name);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]228 return 1;
229}
230
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]231/* gets the ch_endpt struct based on node's location in the YANG data tree,
232 * ch_client has to be locked
233 */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]234static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]235nc_server_config_get_ch_endpt(const struct lyd_node *node, const struct nc_ch_client *ch_client,
236 struct nc_ch_endpt **ch_endpt)
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]237{
238 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]239 const char *name;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]240
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]241 NC_CHECK_ARG_RET(NULL, node, ch_client, ch_endpt, 1);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]242
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]243 name = nc_server_config_get_parent_list_key_value(node, "endpoint", "name");
244 if (!name) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]245 return 1;
246 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]247
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]248 for (i = 0; i < ch_client->ch_endpt_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]249 if (!strcmp(ch_client->ch_endpts[i].name, name)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]250 *ch_endpt = &ch_client->ch_endpts[i];
251 return 0;
252 }
253 }
254
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]255 ERR(NULL, "Call-home client's \"%s\" endpoint \"%s\" was not found.", ch_client->name, name);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]256 return 1;
257}
258
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]259#ifdef NC_ENABLED_SSH_TLS
260
261/* gets the ssh_opts struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]262static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]263nc_server_config_get_ssh_opts(const struct lyd_node *node, const struct nc_ch_client *ch_client,
264 struct nc_server_ssh_opts **opts)
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]265{
266 struct nc_endpt *endpt;
267 struct nc_ch_endpt *ch_endpt;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]268
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]269 NC_CHECK_ARG_RET(NULL, node, opts, 1);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]270
271 if (is_listen(node)) {
272 if (nc_server_config_get_endpt(node, &endpt, NULL)) {
273 return 1;
274 }
275 *opts = endpt->opts.ssh;
276 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]277 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]278 return 1;
279 }
280 *opts = ch_endpt->opts.ssh;
281 }
282
283 return 0;
284}
285
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]286/* gets the hostkey struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]287static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]288nc_server_config_get_hostkey(const struct lyd_node *node, const struct nc_ch_client *ch_client,
289 struct nc_hostkey **hostkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]290{
291 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]292 const char *name;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]293 struct nc_server_ssh_opts *opts;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]294
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]295 NC_CHECK_ARG_RET(NULL, node, hostkey, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]296
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]297 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]298 return 1;
299 }
300
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]301 name = nc_server_config_get_parent_list_key_value(node, "host-key", "name");
302 if (!name) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]303 return 1;
304 }
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]305
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]306 for (i = 0; i < opts->hostkey_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]307 if (!strcmp(opts->hostkeys[i].name, name)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]308 *hostkey = &opts->hostkeys[i];
309 return 0;
310 }
311 }
312
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]313 ERR(NULL, "Host-key \"%s\" was not found.", name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]314 return 1;
315}
316
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]317/* gets the client_auth struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]318static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]319nc_server_config_get_auth_client(const struct lyd_node *node, const struct nc_ch_client *ch_client,
320 struct nc_auth_client **auth_client)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]321{
322 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]323 const char *name;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]324 struct nc_server_ssh_opts *opts;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]325
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]326 NC_CHECK_ARG_RET(NULL, node, auth_client, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]327
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]328 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]329 return 1;
330 }
331
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]332 name = nc_server_config_get_parent_list_key_value(node, "user", "name");
333 if (!name) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]334 return 1;
335 }
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]336
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]337 for (i = 0; i < opts->client_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]338 if (!strcmp(opts->auth_clients[i].username, name)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]339 *auth_client = &opts->auth_clients[i];
340 return 0;
341 }
342 }
343
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]344 ERR(NULL, "Authorized key \"%s\" was not found.", name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]345 return 1;
346}
347
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]348/* gets the pubkey struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]349static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]350nc_server_config_get_pubkey(const struct lyd_node *node, const struct nc_ch_client *ch_client,
351 struct nc_public_key **pubkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]352{
353 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]354 const char *name;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]355 struct nc_auth_client *auth_client;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]356
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]357 NC_CHECK_ARG_RET(NULL, node, pubkey, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]358
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]359 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]360 return 1;
361 }
362
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]363 name = nc_server_config_get_parent_list_key_value(node, "public-key", "name");
364 if (!name) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]365 return 1;
366 }
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]367
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]368 for (i = 0; i < auth_client->pubkey_count; i++) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]369 if (!strcmp(auth_client->pubkeys[i].name, name)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]370 *pubkey = &auth_client->pubkeys[i];
371 return 0;
372 }
373 }
374
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]375 ERR(NULL, "Public key \"%s\" was not found.", name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]376 return 1;
377}
378
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]379/* gets the tls_opts struct based on node's location in the YANG data tree */
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]380static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]381nc_server_config_get_tls_opts(const struct lyd_node *node, const struct nc_ch_client *ch_client,
382 struct nc_server_tls_opts **opts)
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]383{
384 struct nc_endpt *endpt;
385 struct nc_ch_endpt *ch_endpt;
386
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]387 NC_CHECK_ARG_RET(NULL, node, opts, 1);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]388
389 if (is_listen(node)) {
390 if (nc_server_config_get_endpt(node, &endpt, NULL)) {
391 return 1;
392 }
393 *opts = endpt->opts.tls;
394 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]395 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]396 return 1;
397 }
398 *opts = ch_endpt->opts.tls;
399 }
400
401 return 0;
402}
403
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]404/* gets the cert struct based on node's location in the YANG data tree */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]405static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]406nc_server_config_get_cert(const struct lyd_node *node, const struct nc_ch_client *ch_client,
407 struct nc_certificate **cert)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]408{
409 uint16_t i;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]410 const char *name;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]411 struct nc_cert_grouping *certs;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]412 struct nc_server_tls_opts *opts;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]413 int is_cert_end_entity;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]414 const struct lyd_node *tmp;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]415
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]416 NC_CHECK_ARG_RET(NULL, node, cert, 1);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]417
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]418 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]419 return 1;
420 }
421
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]422 name = nc_server_config_get_parent_list_key_value(node, "certificate", "name");
423 if (!name) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]424 return 1;
425 }
426
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]427 /* it's in certificate subtree, now check if it's end entity or certificate authority */
428 tmp = nc_server_config_get_parent(node, "ee-certs");
429 if (tmp) {
430 is_cert_end_entity = 1;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]431 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]432 tmp = nc_server_config_get_parent(node, "ca-certs");
433 if (!tmp) {
434 ERR(NULL, "Node \"%s\" is not contained in ee-certs nor ca-certs subtree.", name);
435 return 1;
436 }
437 is_cert_end_entity = 0;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]438 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]439
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]440 /* get the right cert stack, either ee or ca */
441 if (is_cert_end_entity) {
442 certs = &opts->ee_certs;
443 } else {
444 certs = &opts->ca_certs;
445 }
446
447 for (i = 0; i < certs->cert_count; i++) {
448 if (!strcmp(certs->certs[i].name, name)) {
449 *cert = &certs->certs[i];
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]450 return 0;
451 }
452 }
453
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]454 ERR(NULL, "%s certificate \"%s\" was not found.", is_cert_end_entity ? "End-entity" : "Certificate authority", name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]455 return 1;
456}
457
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]458/* gets the ctn struct based on node's location in the YANG data tree */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]459static int
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]460nc_server_config_get_ctn(const struct lyd_node *node, const struct nc_ch_client *ch_client,
461 struct nc_ctn **ctn)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]462{
463 uint32_t id;
464 struct nc_ctn *iter;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]465 struct nc_server_tls_opts *opts;
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]466 const char *name;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]467
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]468 NC_CHECK_ARG_RET(NULL, node, ctn, 1);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]469
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]470 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
471 return 1;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]472 }
473
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]474 name = LYD_NAME(node);
475 node = nc_server_config_get_parent_list(node, "cert-to-name");
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]476 if (!node) {
romanb9beb112023-07-18 09:06:58 +0200[diff] [blame]477 ERR(NULL, "Node \"%s\" is not contained in a cert-to-name subtree.", name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]478 return 1;
479 }
480
481 node = lyd_child(node);
482 assert(!strcmp(LYD_NAME(node), "id"));
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]483 id = ((struct lyd_node_term *)node)->value.uint32;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]484
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]485 iter = opts->ctn;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]486 while (iter) {
487 if (iter->id == id) {
488 *ctn = iter;
489 return 0;
490 }
491
492 iter = iter->next;
493 }
494
495 ERR(NULL, "Cert-to-name entry with id \"%d\" was not found.", id);
496 return 1;
497}
498
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]499NC_PRIVKEY_FORMAT
500nc_server_config_get_private_key_type(const char *format)
501{
502 if (!strcmp(format, "rsa-private-key-format")) {
503 return NC_PRIVKEY_FORMAT_RSA;
504 } else if (!strcmp(format, "ec-private-key-format")) {
505 return NC_PRIVKEY_FORMAT_EC;
roman13145912023-08-17 15:36:54 +0200[diff] [blame]506 } else if (!strcmp(format, "private-key-info-format")) {
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]507 return NC_PRIVKEY_FORMAT_X509;
508 } else if (!strcmp(format, "openssh-private-key-format")) {
509 return NC_PRIVKEY_FORMAT_OPENSSH;
510 } else {
511 ERR(NULL, "Private key format (%s) not supported.", format);
512 return NC_PRIVKEY_FORMAT_UNKNOWN;
513 }
514}
515
516#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]517
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]518/* gets the ch_client struct based on node's location in the YANG data tree and locks it for reading */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]519static int
520nc_server_config_get_ch_client_with_lock(const struct lyd_node *node, struct nc_ch_client **ch_client)
521{
522 uint16_t i;
523 const char *name;
524
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]525 NC_CHECK_ARG_RET(NULL, node, ch_client, 1);
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]526
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]527 name = nc_server_config_get_parent_list_key_value(node, "netconf-client", "name");
528 if (!name) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]529 return 1;
530 }
531
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]532 /* LOCK */
533 pthread_rwlock_rdlock(&server_opts.ch_client_lock);
534 for (i = 0; i < server_opts.ch_client_count; i++) {
535 if (!strcmp(server_opts.ch_clients[i].name, name)) {
536 /* LOCK */
537 pthread_mutex_lock(&server_opts.ch_clients[i].lock);
538 *ch_client = &server_opts.ch_clients[i];
539 return 0;
540 }
541 }
542
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]543 /* UNLOCK */
544 pthread_rwlock_unlock(&server_opts.ch_client_lock);
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]545 ERR(NULL, "Call-home client \"%s\" was not found.", name);
546 return 1;
547}
548
549static void
550nc_ch_client_unlock(struct nc_ch_client *client)
551{
552 assert(client);
553
554 pthread_mutex_unlock(&client->lock);
555 pthread_rwlock_unlock(&server_opts.ch_client_lock);
556}
557
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]558int
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]559equal_parent_name(const struct lyd_node *node, uint16_t parent_count, const char *parent_name)
560{
561 uint16_t i;
562
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]563 assert(node && parent_count && parent_name);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]564
565 node = lyd_parent(node);
566 for (i = 1; i < parent_count; i++) {
567 node = lyd_parent(node);
568 }
569
570 if (!strcmp(LYD_NAME(node), parent_name)) {
571 return 1;
572 }
573
574 return 0;
575}
576
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]577int
578nc_server_config_realloc(const char *key_value, void **ptr, size_t size, uint16_t *count)
579{
580 int ret = 0;
581 void *tmp;
582 char **name;
583
584 tmp = realloc(*ptr, (*count + 1) * size);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]585 NC_CHECK_ERRMEM_GOTO(!tmp, ret = 1, cleanup);
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]586 *ptr = tmp;
587
588 /* set the newly allocated memory to 0 */
589 memset((char *)(*ptr) + (*count * size), 0, size);
590 (*count)++;
591
592 /* access the first member of the supposed structure */
593 name = (char **)((*ptr) + ((*count - 1) * size));
594
595 /* and set it's value */
596 *name = strdup(key_value);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]597 NC_CHECK_ERRMEM_GOTO(!*name, ret = 1, cleanup);
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]598
599cleanup:
600 return ret;
601}
602
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]603#ifdef NC_ENABLED_SSH_TLS
604
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]605static void
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]606nc_server_config_del_hostkey(struct nc_server_ssh_opts *opts, struct nc_hostkey *hostkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]607{
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]608 assert(hostkey->store == NC_STORE_LOCAL || hostkey->store == NC_STORE_KEYSTORE);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]609
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]610 free(hostkey->name);
611
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]612 if (hostkey->store == NC_STORE_LOCAL) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]613 free(hostkey->key.pubkey_data);
614 free(hostkey->key.privkey_data);
romandd019a92023-09-14 10:17:07 +0200[diff] [blame]615 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]616 free(hostkey->ks_ref);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]617 }
618
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]619 opts->hostkey_count--;
620 if (!opts->hostkey_count) {
621 free(opts->hostkeys);
622 opts->hostkeys = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]623 } else if (hostkey != &opts->hostkeys[opts->hostkey_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]624 memcpy(hostkey, &opts->hostkeys[opts->hostkey_count], sizeof *opts->hostkeys);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]625 }
626}
627
628static void
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]629nc_server_config_del_auth_client_pubkey(struct nc_auth_client *auth_client, struct nc_public_key *pubkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]630{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]631 free(pubkey->name);
632 free(pubkey->data);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]633
634 auth_client->pubkey_count--;
635 if (!auth_client->pubkey_count) {
636 free(auth_client->pubkeys);
637 auth_client->pubkeys = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]638 } else if (pubkey != &auth_client->pubkeys[auth_client->pubkey_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]639 memcpy(pubkey, &auth_client->pubkeys[auth_client->pubkey_count], sizeof *auth_client->pubkeys);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]640 }
641}
642
643static void
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]644nc_server_config_del_auth_client(struct nc_server_ssh_opts *opts, struct nc_auth_client *auth_client)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]645{
646 uint16_t i, pubkey_count;
647
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]648 free(auth_client->username);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]649
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]650 if (auth_client->store == NC_STORE_LOCAL) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]651 pubkey_count = auth_client->pubkey_count;
652 for (i = 0; i < pubkey_count; i++) {
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]653 nc_server_config_del_auth_client_pubkey(auth_client, &auth_client->pubkeys[i]);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]654 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]655 } else {
656 free(auth_client->ts_ref);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]657 }
658
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]659 free(auth_client->password);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]660
661 opts->client_count--;
662 if (!opts->client_count) {
663 free(opts->auth_clients);
664 opts->auth_clients = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]665 } else if (auth_client != &opts->auth_clients[opts->client_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]666 memcpy(auth_client, &opts->auth_clients[opts->client_count], sizeof *opts->auth_clients);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]667 }
668}
669
670static void
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]671nc_server_config_del_ssh_opts(struct nc_bind *bind, struct nc_server_ssh_opts *opts)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]672{
673 uint16_t i, hostkey_count, client_count;
674
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]675 if (bind) {
676 free(bind->address);
677 if (bind->sock > -1) {
678 close(bind->sock);
679 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]680 }
681
682 /* store in variable because it gets decremented in the function call */
683 hostkey_count = opts->hostkey_count;
684 for (i = 0; i < hostkey_count; i++) {
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]685 nc_server_config_del_hostkey(opts, &opts->hostkeys[i]);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]686 }
687
688 client_count = opts->client_count;
689 for (i = 0; i < client_count; i++) {
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]690 nc_server_config_del_auth_client(opts, &opts->auth_clients[i]);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]691 }
692
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]693 free(opts->hostkey_algs);
694 free(opts->kex_algs);
695 free(opts->encryption_algs);
696 free(opts->mac_algs);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]697
698 free(opts);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]699}
700
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]701/* delete references to endpoint with the name 'referenced_endpt_name' from other endpts */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]702static void
703nc_server_config_del_endpt_references(const char *referenced_endpt_name)
704{
705 uint16_t i, j;
706
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]707 /* first go through listen endpoints */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]708 for (i = 0; i < server_opts.endpt_count; i++) {
709 if (server_opts.endpts[i].referenced_endpt_name) {
710 if (!strcmp(server_opts.endpts[i].referenced_endpt_name, referenced_endpt_name)) {
711 free(server_opts.endpts[i].referenced_endpt_name);
712 server_opts.endpts[i].referenced_endpt_name = NULL;
713
714 if (server_opts.endpts[i].ti == NC_TI_LIBSSH) {
715 server_opts.endpts[i].opts.ssh->referenced_endpt_name = NULL;
716 } else {
717 server_opts.endpts[i].opts.tls->referenced_endpt_name = NULL;
718 }
719 }
720 }
721 }
722
723 /* LOCK */
724 pthread_rwlock_rdlock(&server_opts.ch_client_lock);
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]725 /* next go through ch endpoints */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]726 for (i = 0; i < server_opts.ch_client_count; i++) {
727 /* LOCK */
728 pthread_mutex_lock(&server_opts.ch_clients[i].lock);
729 for (j = 0; j < server_opts.ch_clients[i].ch_endpt_count; j++) {
730 if (server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name) {
731 if (!strcmp(server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, referenced_endpt_name)) {
732 free(server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name);
733 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name = NULL;
734
735 if (server_opts.ch_clients[i].ch_endpts[j].ti == NC_TI_LIBSSH) {
736 server_opts.ch_clients[i].ch_endpts[j].opts.ssh->referenced_endpt_name = NULL;
737 } else {
738 server_opts.ch_clients[i].ch_endpts[j].opts.tls->referenced_endpt_name = NULL;
739 }
740 }
741 }
742 }
743 /* UNLOCK */
744 pthread_mutex_unlock(&server_opts.ch_clients[i].lock);
745 }
746
747 /* UNLOCK */
748 pthread_rwlock_unlock(&server_opts.ch_client_lock);
749}
750
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]751void
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]752nc_server_config_del_endpt_ssh(struct nc_endpt *endpt, struct nc_bind *bind)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]753{
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]754 /* delete any references to this endpoint */
755 nc_server_config_del_endpt_references(endpt->name);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]756 free(endpt->name);
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]757
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]758 free(endpt->referenced_endpt_name);
759 nc_server_config_del_ssh_opts(bind, endpt->opts.ssh);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]760
761 server_opts.endpt_count--;
762 if (!server_opts.endpt_count) {
763 free(server_opts.endpts);
764 free(server_opts.binds);
765 server_opts.endpts = NULL;
766 server_opts.binds = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]767 } else if (endpt != &server_opts.endpts[server_opts.endpt_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]768 memcpy(endpt, &server_opts.endpts[server_opts.endpt_count], sizeof *server_opts.endpts);
769 memcpy(bind, &server_opts.binds[server_opts.endpt_count], sizeof *server_opts.binds);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]770 }
771}
772
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]773#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]774
roman45cec4e2023-02-17 10:21:39 +0100[diff] [blame]775void
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]776nc_server_config_del_unix_socket_opts(struct nc_bind *bind, struct nc_server_unix_opts *opts)
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]777{
778 if (bind->sock > -1) {
779 close(bind->sock);
780 }
781
romand0b78372023-09-14 10:06:03 +0200[diff] [blame]782 unlink(bind->address);
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]783 free(bind->address);
784 free(opts->address);
785
786 free(opts);
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]787}
788
789void
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]790nc_server_config_del_endpt_unix_socket(struct nc_endpt *endpt, struct nc_bind *bind)
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]791{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]792 free(endpt->name);
793 nc_server_config_del_unix_socket_opts(bind, endpt->opts.unixsock);
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]794
795 server_opts.endpt_count--;
796 if (!server_opts.endpt_count) {
797 free(server_opts.endpts);
798 free(server_opts.binds);
799 server_opts.endpts = NULL;
800 server_opts.binds = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]801 } else if (endpt != &server_opts.endpts[server_opts.endpt_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]802 memcpy(endpt, &server_opts.endpts[server_opts.endpt_count], sizeof *server_opts.endpts);
803 memcpy(bind, &server_opts.binds[server_opts.endpt_count], sizeof *server_opts.binds);
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]804 }
805}
806
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]807#ifdef NC_ENABLED_SSH_TLS
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]808
809static void
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]810nc_server_config_del_cert(struct nc_cert_grouping *certs, struct nc_certificate *cert)
811{
812 free(cert->name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]813 free(cert->data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]814
815 certs->cert_count--;
816 if (!certs->cert_count) {
817 free(certs->certs);
818 certs->certs = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]819 } else if (cert != &certs->certs[certs->cert_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]820 memcpy(cert, &certs->certs[certs->cert_count], sizeof *certs->certs);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]821 }
822}
823
824static void
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]825nc_server_config_del_certs(struct nc_cert_grouping *certs_grp)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]826{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]827 uint16_t i;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]828
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]829 if (certs_grp->store == NC_STORE_LOCAL) {
830 for (i = 0; i < certs_grp->cert_count; i++) {
831 free(certs_grp->certs[i].name);
832 free(certs_grp->certs[i].data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]833 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]834 free(certs_grp->certs);
835 certs_grp->certs = NULL;
836 } else {
837 free(certs_grp->ts_ref);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]838 }
839}
840
841static void
842nc_server_config_del_ctn(struct nc_server_tls_opts *opts, struct nc_ctn *ctn)
843{
844 struct nc_ctn *iter;
845
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]846 free(ctn->name);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]847 free(ctn->fingerprint);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]848
849 if (opts->ctn == ctn) {
850 /* it's the first in the list */
851 opts->ctn = ctn->next;
852 free(ctn);
853 return;
854 }
855
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]856 for (iter = opts->ctn; iter; iter = iter->next) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]857 if (iter->next == ctn) {
858 /* found the ctn */
859 break;
860 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]861 }
862
romanb7bfa652023-11-09 12:36:35 +0100[diff] [blame]863 if (!iter) {
864 ERRINT;
865 return;
866 }
867
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]868 iter->next = ctn->next;
869 free(ctn);
870}
871
872static void
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]873nc_server_config_del_ctns(struct nc_server_tls_opts *opts)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]874{
875 struct nc_ctn *cur, *next;
876
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]877 for (cur = opts->ctn; cur; cur = next) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]878 next = cur->next;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]879 free(cur->name);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]880 free(cur->fingerprint);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]881 free(cur);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]882 }
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]883
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]884 opts->ctn = NULL;
885}
886
887static void
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]888nc_server_config_del_tls_opts(struct nc_bind *bind, struct nc_server_tls_opts *opts)
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]889{
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]890 if (bind) {
891 free(bind->address);
892 if (bind->sock > -1) {
893 close(bind->sock);
894 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]895 }
896
897 if (opts->store == NC_STORE_LOCAL) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]898 free(opts->pubkey_data);
899 free(opts->privkey_data);
900 free(opts->cert_data);
901 } else {
902 free(opts->key_ref);
903 free(opts->cert_ref);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]904 }
905
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]906 nc_server_config_del_certs(&opts->ca_certs);
907 nc_server_config_del_certs(&opts->ee_certs);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]908
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]909 free(opts->crl_path);
910 free(opts->crl_url);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]911 X509_STORE_free(opts->crl_store);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]912
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]913 nc_server_config_del_ctns(opts);
914 free(opts->ciphers);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]915 free(opts);
916}
917
918static void
919nc_server_config_del_endpt_tls(struct nc_endpt *endpt, struct nc_bind *bind)
920{
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]921 /* delete any references to this endpoint */
922 nc_server_config_del_endpt_references(endpt->name);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]923 free(endpt->name);
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]924
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]925 free(endpt->referenced_endpt_name);
926
927 nc_server_config_del_tls_opts(bind, endpt->opts.tls);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]928
929 server_opts.endpt_count--;
930 if (!server_opts.endpt_count) {
931 free(server_opts.endpts);
932 free(server_opts.binds);
933 server_opts.endpts = NULL;
934 server_opts.binds = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]935 } else if (endpt != &server_opts.endpts[server_opts.endpt_count]) {
roman33981232023-07-08 11:55:13 +0200[diff] [blame]936 memcpy(endpt, &server_opts.endpts[server_opts.endpt_count], sizeof *server_opts.endpts);
937 memcpy(bind, &server_opts.binds[server_opts.endpt_count], sizeof *server_opts.binds);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]938 }
939}
940
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]941#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]942
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]943static void
944nc_server_config_ch_del_endpt(struct nc_ch_client *ch_client, struct nc_ch_endpt *ch_endpt)
945{
946 free(ch_endpt->name);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]947
948#ifdef NC_ENABLED_SSH_TLS
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]949 free(ch_endpt->address);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]950 if (ch_endpt->sock_pending > -1) {
951 close(ch_endpt->sock_pending);
952 ch_endpt->sock_pending = -1;
953 }
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]954 free(ch_endpt->referenced_endpt_name);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]955#endif /* NC_ENABLED_SSH_TLS */
956
957 switch (ch_endpt->ti) {
958#ifdef NC_ENABLED_SSH_TLS
959 case NC_TI_LIBSSH:
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]960 nc_server_config_del_ssh_opts(NULL, ch_endpt->opts.ssh);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]961 break;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]962 case NC_TI_OPENSSL:
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]963 nc_server_config_del_tls_opts(NULL, ch_endpt->opts.tls);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]964 break;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]965#endif /* NC_ENABLED_SSH_TLS */
966 default:
967 ERRINT;
968 break;
969 }
970
971 ch_client->ch_endpt_count--;
972 if (!ch_client->ch_endpt_count) {
973 free(ch_client->ch_endpts);
974 ch_client->ch_endpts = NULL;
975 }
976}
977
978static void
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]979nc_server_config_destroy_ch_client(struct nc_ch_client *ch_client)
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]980{
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]981 pthread_t tid;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]982 uint16_t i, ch_endpt_count;
983
984 if (ch_client->thread_data->thread_running) {
985 /* get tid */
986 tid = ch_client->tid;
987 /* CH COND LOCK */
988 pthread_mutex_lock(&ch_client->thread_data->cond_lock);
989 ch_client->thread_data->thread_running = 0;
990 pthread_cond_signal(&ch_client->thread_data->cond);
991 /* CH COND UNLOCK */
992 pthread_mutex_unlock(&ch_client->thread_data->cond_lock);
993
994 /* wait for the thread to terminate */
995 pthread_join(tid, NULL);
996 }
997
998 /* free its members */
999 free(ch_client->name);
1000
1001 ch_endpt_count = ch_client->ch_endpt_count;
1002 for (i = 0; i < ch_endpt_count; i++) {
1003 nc_server_config_ch_del_endpt(ch_client, &ch_client->ch_endpts[i]);
1004 }
1005}
1006
1007static void
1008nc_server_config_ch_del_client(const struct lyd_node *node)
1009{
1010 struct nc_ch_client client, *ch_client;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1011
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1012 /* WR LOCK */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1013 pthread_rwlock_wrlock(&server_opts.ch_client_lock);
1014
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1015 if (nc_server_config_get_ch_client(node, &ch_client)) {
1016 /* WR UNLOCK */
1017 pthread_rwlock_unlock(&server_opts.ch_client_lock);
1018 ERR(NULL, "Call-home client \"%s\" not found.", lyd_get_value(lyd_child(node)));
1019 return;
1020 }
1021
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1022 /* copy the client we want to delete into a local variable */
1023 memcpy(&client, ch_client, sizeof *ch_client);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1024
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1025 /* delete the client */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1026 server_opts.ch_client_count--;
1027 if (!server_opts.ch_client_count) {
1028 free(server_opts.ch_clients);
1029 server_opts.ch_clients = NULL;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1030 } else {
1031 memcpy(ch_client, &server_opts.ch_clients[server_opts.ch_client_count], sizeof *server_opts.ch_clients);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1032 }
1033
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1034 /* WR UNLOCK */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1035 pthread_rwlock_unlock(&server_opts.ch_client_lock);
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1036
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1037 nc_server_config_destroy_ch_client(&client);
1038}
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1039
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1040/* presence container */
1041int
1042nc_server_config_listen(const struct lyd_node *node, NC_OPERATION op)
1043{
1044 uint16_t i, endpt_count;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1045
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1046 (void) node;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1047
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1048 assert(op == NC_OP_CREATE || op == NC_OP_DELETE);
1049
1050 if (op == NC_OP_DELETE) {
1051 endpt_count = server_opts.endpt_count;
1052 for (i = 0; i < endpt_count; i++) {
1053 switch (server_opts.endpts[i].ti) {
1054#ifdef NC_ENABLED_SSH_TLS
1055 case NC_TI_LIBSSH:
1056 nc_server_config_del_endpt_ssh(&server_opts.endpts[i], &server_opts.binds[i]);
1057 break;
1058 case NC_TI_OPENSSL:
1059 nc_server_config_del_endpt_tls(&server_opts.endpts[i], &server_opts.binds[i]);
1060 break;
1061#endif /* NC_ENABLED_SSH_TLS */
1062 case NC_TI_UNIX:
1063 nc_server_config_del_endpt_unix_socket(&server_opts.endpts[i], &server_opts.binds[i]);
1064 break;
1065 case NC_TI_NONE:
1066 case NC_TI_FD:
1067 ERRINT;
1068 return 1;
1069 }
1070 }
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1071 }
1072
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1073 return 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1074}
1075
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1076int
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1077nc_server_config_ch(const struct lyd_node *node, NC_OPERATION op)
1078{
1079 uint16_t i, ch_client_count;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1080 struct nc_ch_client *ch_clients;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1081
1082 (void) node;
1083
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1084 /* don't do anything if we're not deleting */
1085 if (op != NC_OP_DELETE) {
1086 return 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1087 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1088
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1089 /* WR LOCK */
1090 pthread_rwlock_wrlock(&server_opts.ch_client_lock);
1091
1092 ch_client_count = server_opts.ch_client_count;
1093 ch_clients = server_opts.ch_clients;
1094
1095 /* remove them from the server opts */
1096 server_opts.ch_client_count = 0;
1097 server_opts.ch_clients = NULL;
1098
1099 /* UNLOCK */
1100 pthread_rwlock_unlock(&server_opts.ch_client_lock);
1101
1102 for (i = 0; i < ch_client_count; i++) {
1103 /* now destroy each client */
1104 nc_server_config_destroy_ch_client(&ch_clients[i]);
1105 }
1106
1107 free(ch_clients);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1108 return 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1109}
1110
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1111/* default leaf */
1112static int
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1113nc_server_config_hello_timeout(const struct lyd_node *node, NC_OPERATION op)
1114{
1115 assert(!strcmp(LYD_NAME(node), "hello-timeout"));
1116
1117 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1118 server_opts.hello_timeout = ((struct lyd_node_term *)node)->value.uint16;
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1119 } else {
1120 /* default value */
1121 server_opts.hello_timeout = 60;
1122 }
1123
1124 return 0;
1125}
1126
1127/* default leaf */
1128static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1129nc_server_config_idle_timeout(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1130{
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1131 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1132
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1133 assert(!strcmp(LYD_NAME(node), "idle-timeout"));
1134
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1135 if (is_ch(node)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1136 /* call-home idle timeout */
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1137 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
1138 /* to avoid unlock on fail */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1139 return 1;
1140 }
1141
1142 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1143 ch_client->idle_timeout = ((struct lyd_node_term *)node)->value.uint16;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1144 } else if (op == NC_OP_DELETE) {
1145 ch_client->idle_timeout = 180;
1146 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1147
1148 nc_ch_client_unlock(ch_client);
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1149 } else {
1150 /* whole server idle timeout */
1151 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1152 server_opts.idle_timeout = ((struct lyd_node_term *)node)->value.uint16;
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]1153 } else {
1154 /* default value */
1155 server_opts.idle_timeout = 0;
1156 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1157 }
1158
1159 return 0;
1160}
1161
1162static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1163nc_server_config_create_bind(void)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1164{
1165 int ret = 0;
1166 void *tmp;
1167
1168 tmp = realloc(server_opts.binds, (server_opts.endpt_count + 1) * sizeof *server_opts.binds);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1169 NC_CHECK_ERRMEM_GOTO(!tmp, ret = 1, cleanup);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1170 server_opts.binds = tmp;
1171 memset(&server_opts.binds[server_opts.endpt_count], 0, sizeof *server_opts.binds);
1172
1173 server_opts.binds[server_opts.endpt_count].sock = -1;
1174
1175cleanup:
1176 return ret;
1177}
1178
1179static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1180nc_server_config_create_endpoint(const struct lyd_node *node)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1181{
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1182 if (nc_server_config_create_bind()) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1183 return 1;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1184 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1185
1186 node = lyd_child(node);
1187 assert(!strcmp(LYD_NAME(node), "name"));
1188
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1189 return nc_server_config_realloc(lyd_get_value(node), (void **)&server_opts.endpts, sizeof *server_opts.endpts, &server_opts.endpt_count);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1190}
1191
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1192static int
1193nc_server_config_ch_create_endpoint(const struct lyd_node *node, struct nc_ch_client *ch_client)
1194{
1195 node = lyd_child(node);
1196 assert(!strcmp(LYD_NAME(node), "name"));
1197
1198 return nc_server_config_realloc(lyd_get_value(node), (void **)&ch_client->ch_endpts, sizeof *ch_client->ch_endpts, &ch_client->ch_endpt_count);
1199}
1200
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1201/* list */
1202static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1203nc_server_config_endpoint(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1204{
1205 int ret = 0;
1206 struct nc_endpt *endpt;
1207 struct nc_bind *bind;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1208 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1209 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1210
1211 assert(!strcmp(LYD_NAME(node), "endpoint"));
1212
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1213 if (is_listen(node)) {
1214 /* listen */
1215 if (op == NC_OP_CREATE) {
1216 ret = nc_server_config_create_endpoint(node);
1217 if (ret) {
1218 goto cleanup;
1219 }
1220 } else if (op == NC_OP_DELETE) {
1221 /* free all children */
1222 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
1223 ret = 1;
1224 goto cleanup;
1225 }
1226
1227 switch (endpt->ti) {
1228#ifdef NC_ENABLED_SSH_TLS
1229 case NC_TI_LIBSSH:
1230 nc_server_config_del_endpt_ssh(endpt, bind);
1231 break;
1232 case NC_TI_OPENSSL:
1233 nc_server_config_del_endpt_tls(endpt, bind);
1234 break;
1235#endif /* NC_ENABLED_SSH_TLS */
1236 case NC_TI_UNIX:
1237 nc_server_config_del_endpt_unix_socket(endpt, bind);
1238 break;
1239 case NC_TI_NONE:
1240 case NC_TI_FD:
1241 ERRINT;
1242 ret = 1;
1243 goto cleanup;
1244 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1245 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1246 } else if (is_ch(node)) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1247 /* LOCK */
1248 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1249 /* to avoid unlock on fail */
1250 return 1;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1251 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1252
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1253 if (op == NC_OP_CREATE) {
1254 ret = nc_server_config_ch_create_endpoint(node, ch_client);
1255 if (ret) {
1256 goto cleanup;
1257 }
1258
1259 /* init ch sock */
1260 ch_client->ch_endpts[ch_client->ch_endpt_count - 1].sock_pending = -1;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1261 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1262 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1263 ret = 1;
1264 goto cleanup;
1265 }
1266
1267 nc_server_config_ch_del_endpt(ch_client, ch_endpt);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1268 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1269 }
1270
1271cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1272 if (is_ch(node)) {
1273 /* UNLOCK */
1274 nc_ch_client_unlock(ch_client);
1275 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1276 return ret;
1277}
1278
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]1279#ifdef NC_ENABLED_SSH_TLS
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1280
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1281static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1282nc_server_config_create_ssh(struct nc_endpt *endpt)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1283{
1284 endpt->ti = NC_TI_LIBSSH;
1285 endpt->opts.ssh = calloc(1, sizeof(struct nc_server_ssh_opts));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1286 NC_CHECK_ERRMEM_RET(!endpt->opts.ssh, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1287
1288 return 0;
1289}
1290
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1291static int
1292nc_server_config_ch_create_ssh(struct nc_ch_endpt *ch_endpt)
1293{
1294 ch_endpt->ti = NC_TI_LIBSSH;
1295 ch_endpt->opts.ssh = calloc(1, sizeof(struct nc_server_ssh_opts));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1296 NC_CHECK_ERRMEM_RET(!ch_endpt->opts.ssh, 1);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1297
1298 return 0;
1299}
1300
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1301/* NP container */
1302static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1303nc_server_config_ssh(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1304{
1305 struct nc_endpt *endpt;
1306 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1307 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1308 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1309 int ret = 0;
1310
1311 assert(!strcmp(LYD_NAME(node), "ssh"));
1312
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1313 if (is_listen(node)) {
1314 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
1315 ret = 1;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1316 goto cleanup;
1317 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1318
1319 if (op == NC_OP_CREATE) {
1320 ret = nc_server_config_create_ssh(endpt);
1321 if (ret) {
1322 goto cleanup;
1323 }
1324 } else if (op == NC_OP_DELETE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1325 nc_server_config_del_ssh_opts(bind, endpt->opts.ssh);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1326 }
1327 } else {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1328 /* LOCK */
1329 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1330 /* to avoid unlock on fail */
1331 return 1;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1332 }
1333
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1334 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1335 ret = 1;
1336 goto cleanup;
1337 }
1338
1339 if (op == NC_OP_CREATE) {
1340 ret = nc_server_config_ch_create_ssh(ch_endpt);
1341 if (ret) {
1342 goto cleanup;
1343 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1344 } else if (op == NC_OP_DELETE) {
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]1345 nc_server_config_del_ssh_opts(NULL, ch_endpt->opts.ssh);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1346 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1347 }
1348
1349cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1350 if (is_ch(node)) {
1351 /* UNLOCK */
1352 nc_ch_client_unlock(ch_client);
1353 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1354 return ret;
1355}
1356
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1357static int
1358nc_server_config_create_tls(struct nc_endpt *endpt)
1359{
1360 endpt->ti = NC_TI_OPENSSL;
1361 endpt->opts.tls = calloc(1, sizeof *endpt->opts.tls);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1362 NC_CHECK_ERRMEM_RET(!endpt->opts.tls, 1);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1363
1364 return 0;
1365}
1366
1367static int
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1368nc_server_config_ch_create_tls(struct nc_ch_endpt *ch_endpt)
1369{
1370 ch_endpt->ti = NC_TI_OPENSSL;
1371 ch_endpt->opts.tls = calloc(1, sizeof(struct nc_server_tls_opts));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1372 NC_CHECK_ERRMEM_RET(!ch_endpt->opts.tls, 1);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1373
1374 return 0;
1375}
1376
1377static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1378nc_server_config_tls(const struct lyd_node *node, NC_OPERATION op)
1379{
1380 struct nc_endpt *endpt;
1381 struct nc_bind *bind;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1382 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1383 struct nc_ch_client *ch_client = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1384 int ret = 0;
1385
1386 assert(!strcmp(LYD_NAME(node), "tls"));
1387
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1388 if (is_listen(node)) {
1389 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
1390 ret = 1;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1391 goto cleanup;
1392 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1393
1394 if (op == NC_OP_CREATE) {
1395 ret = nc_server_config_create_tls(endpt);
1396 if (ret) {
1397 goto cleanup;
1398 }
1399 } else if (op == NC_OP_DELETE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1400 nc_server_config_del_tls_opts(bind, endpt->opts.tls);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1401 }
1402 } else {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1403 /* LOCK */
1404 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1405 /* to avoid unlock on fail */
1406 return 1;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1407 }
1408
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1409 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1410 ret = 1;
1411 goto cleanup;
1412 }
1413
1414 if (op == NC_OP_CREATE) {
1415 ret = nc_server_config_ch_create_tls(ch_endpt);
1416 if (ret) {
1417 goto cleanup;
1418 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1419 } else if (op == NC_OP_DELETE) {
roman5ae78282023-11-02 13:34:34 +0100[diff] [blame]1420 nc_server_config_del_tls_opts(NULL, ch_endpt->opts.tls);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1421 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1422 }
1423
1424cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1425 if (is_ch(node)) {
1426 /* UNLOCK */
1427 nc_ch_client_unlock(ch_client);
1428 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1429 return ret;
1430}
1431
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]1432#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1433
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1434static int
1435nc_server_config_set_address_port(struct nc_endpt *endpt, struct nc_bind *bind, const char *address, uint16_t port)
1436{
1437 int sock = -1, set_addr, ret = 0;
1438
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]1439 assert((address && !port) || (!address && port) || (endpt->ti == NC_TI_UNIX));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1440
1441 if (address) {
1442 set_addr = 1;
1443 } else {
1444 set_addr = 0;
1445 }
1446
1447 if (set_addr) {
1448 port = bind->port;
1449 } else {
1450 address = bind->address;
1451 }
1452
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1453 /* we have all the information we need to create a listening socket */
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]1454 if ((address && port) || (endpt->ti == NC_TI_UNIX)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1455 /* create new socket, close the old one */
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]1456 if (endpt->ti == NC_TI_UNIX) {
1457 sock = nc_sock_listen_unix(endpt->opts.unixsock);
1458 } else {
1459 sock = nc_sock_listen_inet(address, port, &endpt->ka);
1460 }
1461
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1462 if (sock == -1) {
1463 ret = 1;
1464 goto cleanup;
1465 }
1466
1467 if (bind->sock > -1) {
1468 close(bind->sock);
1469 }
1470 bind->sock = sock;
1471 }
1472
1473 if (sock > -1) {
1474 switch (endpt->ti) {
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]1475 case NC_TI_UNIX:
1476 VRB(NULL, "Listening on %s for UNIX connections.", endpt->opts.unixsock->address);
1477 break;
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]1478#ifdef NC_ENABLED_SSH_TLS
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1479 case NC_TI_LIBSSH:
1480 VRB(NULL, "Listening on %s:%u for SSH connections.", address, port);
1481 break;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1482 case NC_TI_OPENSSL:
1483 VRB(NULL, "Listening on %s:%u for TLS connections.", address, port);
1484 break;
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]1485#endif /* NC_ENABLED_SSH_TLS */
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1486 default:
1487 ERRINT;
1488 ret = 1;
1489 break;
1490 }
1491 }
1492
1493cleanup:
1494 return ret;
1495}
1496
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]1497#ifdef NC_ENABLED_SSH_TLS
1498
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1499/* mandatory leaf */
1500static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1501nc_server_config_local_address(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1502{
1503 struct nc_endpt *endpt;
1504 struct nc_bind *bind;
1505 int ret = 0;
1506
1507 (void) op;
1508
1509 assert(!strcmp(LYD_NAME(node), "local-address"));
1510
1511 if (equal_parent_name(node, 4, "listen")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1512 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1513 ret = 1;
1514 goto cleanup;
1515 }
1516
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1517 free(bind->address);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1518 bind->address = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1519 NC_CHECK_ERRMEM_GOTO(!bind->address, ret = 1, cleanup);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1520
1521 ret = nc_server_config_set_address_port(endpt, bind, lyd_get_value(node), 0);
1522 if (ret) {
1523 goto cleanup;
1524 }
1525 }
1526
1527cleanup:
1528 return ret;
1529}
1530
1531/* leaf with default value */
1532static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1533nc_server_config_local_port(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1534{
1535 struct nc_endpt *endpt;
1536 struct nc_bind *bind;
1537 int ret = 0;
1538
1539 assert(!strcmp(LYD_NAME(node), "local-port"));
1540
1541 if (equal_parent_name(node, 4, "listen")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1542 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1543 ret = 1;
1544 goto cleanup;
1545 }
1546
1547 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1548 bind->port = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1549 } else {
1550 /* delete -> set to default */
1551 bind->port = 0;
1552 }
1553
1554 ret = nc_server_config_set_address_port(endpt, bind, NULL, bind->port);
1555 if (ret) {
1556 goto cleanup;
1557 }
1558 }
1559
1560cleanup:
1561 return ret;
1562}
1563
1564/* P container */
1565static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1566nc_server_config_keepalives(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1567{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1568 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1569 struct nc_endpt *endpt;
1570 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1571 struct nc_ch_endpt *ch_endpt;
roman6cb86ea2023-11-08 15:12:05 +0100[diff] [blame]1572 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1573
1574 assert(!strcmp(LYD_NAME(node), "keepalives"));
1575
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1576 if (is_listen(node) && equal_parent_name(node, 1, "tcp-server-parameters")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1577 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1578 ret = 1;
1579 goto cleanup;
1580 }
1581
1582 if (op == NC_OP_CREATE) {
1583 endpt->ka.enabled = 1;
1584 } else {
1585 endpt->ka.enabled = 0;
1586 }
1587 ret = nc_sock_configure_keepalive(bind->sock, &endpt->ka);
1588 if (ret) {
1589 goto cleanup;
1590 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1591 } else if (is_ch(node) && equal_parent_name(node, 1, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1592 /* LOCK */
1593 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1594 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1595 return 1;
1596 }
1597
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1598 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1599 ret = 1;
1600 goto cleanup;
1601 }
1602
1603 if (op == NC_OP_CREATE) {
1604 ch_endpt->ka.enabled = 1;
1605 } else {
1606 ch_endpt->ka.enabled = 0;
1607 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1608 }
1609
1610cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1611 if (is_ch(node) && equal_parent_name(node, 1, "tcp-client-parameters")) {
1612 /* UNLOCK */
1613 nc_ch_client_unlock(ch_client);
1614 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1615 return ret;
1616}
1617
1618/* mandatory leaf */
1619static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1620nc_server_config_idle_time(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1621{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1622 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1623 struct nc_endpt *endpt;
1624 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1625 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1626 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1627
1628 assert(!strcmp(LYD_NAME(node), "idle-time"));
1629
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1630 if (is_listen(node) && equal_parent_name(node, 2, "tcp-server-parameters")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1631 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1632 ret = 1;
1633 goto cleanup;
1634 }
1635
1636 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1637 endpt->ka.idle_time = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1638 } else {
1639 endpt->ka.idle_time = 0;
1640 }
1641 ret = nc_sock_configure_keepalive(bind->sock, &endpt->ka);
1642 if (ret) {
1643 goto cleanup;
1644 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1645 } else if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1646 /* LOCK */
1647 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1648 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1649 return 1;
1650 }
1651
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1652 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1653 ret = 1;
1654 goto cleanup;
1655 }
1656
1657 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1658 ch_endpt->ka.idle_time = ((struct lyd_node_term *)node)->value.uint16;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1659 } else {
1660 ch_endpt->ka.idle_time = 0;
1661 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1662 }
1663
1664cleanup:
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1665 if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1666 /* UNLOCK */
1667 nc_ch_client_unlock(ch_client);
1668 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1669 return ret;
1670}
1671
1672/* mandatory leaf */
1673static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1674nc_server_config_max_probes(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1675{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1676 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1677 struct nc_endpt *endpt;
1678 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1679 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1680 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1681
1682 assert(!strcmp(LYD_NAME(node), "max-probes"));
1683
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1684 if (is_listen(node) && equal_parent_name(node, 2, "tcp-server-parameters")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1685 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1686 ret = 1;
1687 goto cleanup;
1688 }
1689
1690 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1691 endpt->ka.max_probes = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1692 } else {
1693 endpt->ka.max_probes = 0;
1694 }
1695 ret = nc_sock_configure_keepalive(bind->sock, &endpt->ka);
1696 if (ret) {
1697 goto cleanup;
1698 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1699 } else if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1700 /* LOCK */
1701 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1702 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1703 return 1;
1704 }
1705
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1706 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1707 ret = 1;
1708 goto cleanup;
1709 }
1710
1711 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1712 ch_endpt->ka.max_probes = ((struct lyd_node_term *)node)->value.uint16;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1713 } else {
1714 ch_endpt->ka.max_probes = 0;
1715 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1716 }
1717
1718cleanup:
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1719 if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1720 /* UNLOCK */
1721 nc_ch_client_unlock(ch_client);
1722 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1723 return ret;
1724}
1725
1726/* mandatory leaf */
1727static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1728nc_server_config_probe_interval(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1729{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1730 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1731 struct nc_endpt *endpt;
1732 struct nc_bind *bind;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1733 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1734 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1735
1736 assert(!strcmp(LYD_NAME(node), "probe-interval"));
1737
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1738 if (is_listen(node) && equal_parent_name(node, 2, "tcp-server-parameters")) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1739 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1740 ret = 1;
1741 goto cleanup;
1742 }
1743
1744 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1745 endpt->ka.probe_interval = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1746 } else {
1747 endpt->ka.probe_interval = 0;
1748 }
1749 ret = nc_sock_configure_keepalive(bind->sock, &endpt->ka);
1750 if (ret) {
1751 goto cleanup;
1752 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1753 } else if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1754 /* LOCK */
1755 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1756 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1757 return 1;
1758 }
1759
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1760 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1761 ret = 1;
1762 goto cleanup;
1763 }
1764
1765 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]1766 ch_endpt->ka.probe_interval = ((struct lyd_node_term *)node)->value.uint16;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1767 } else {
1768 ch_endpt->ka.max_probes = 0;
1769 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1770 }
1771
1772cleanup:
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1773 if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1774 /* UNLOCK */
1775 nc_ch_client_unlock(ch_client);
1776 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1777 return ret;
1778}
1779
1780static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1781nc_server_config_create_host_key(const struct lyd_node *node, struct nc_server_ssh_opts *opts)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1782{
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1783 node = lyd_child(node);
1784 assert(!strcmp(LYD_NAME(node), "name"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1785
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1786 return nc_server_config_realloc(lyd_get_value(node), (void **)&opts->hostkeys, sizeof *opts->hostkeys, &opts->hostkey_count);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1787}
1788
1789/* list */
1790static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1791nc_server_config_host_key(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1792{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1793 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1794 struct nc_hostkey *hostkey;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1795 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1796 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1797
1798 assert(!strcmp(LYD_NAME(node), "host-key"));
1799
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1800 if (equal_parent_name(node, 1, "server-identity")) {
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1801 /* LOCK */
1802 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1803 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1804 return 1;
1805 }
1806
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1807 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman6cb86ea2023-11-08 15:12:05 +0100[diff] [blame]1808 ret = 1;
1809 goto cleanup;
1810 }
1811
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1812 if (op == NC_OP_CREATE) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1813 ret = nc_server_config_create_host_key(node, opts);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1814 if (ret) {
1815 goto cleanup;
1816 }
1817 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1818 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1819 ret = 1;
1820 goto cleanup;
1821 }
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1822 nc_server_config_del_hostkey(opts, hostkey);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1823 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1824 }
1825
1826cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1827 if (is_ch(node) && equal_parent_name(node, 1, "server-identity")) {
1828 /* UNLOCK */
1829 nc_ch_client_unlock(ch_client);
1830 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1831 return ret;
1832}
1833
1834/* mandatory leaf */
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1835static int
1836nc_server_config_public_key_format(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1837{
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1838 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1839 const char *format;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1840 NC_PUBKEY_FORMAT pubkey_type;
roman8edee342023-03-31 13:25:48 +0200[diff] [blame]1841 struct nc_public_key *pubkey;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1842 struct nc_hostkey *hostkey;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1843 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1844 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1845
1846 assert(!strcmp(LYD_NAME(node), "public-key-format"));
1847
roman6cb86ea2023-11-08 15:12:05 +0100[diff] [blame]1848 /* LOCK */
1849 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
1850 /* to avoid unlock on fail */
1851 return 1;
1852 }
1853
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1854 format = ((struct lyd_node_term *)node)->value.ident->name;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1855 if (!strcmp(format, "ssh-public-key-format")) {
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1856 pubkey_type = NC_PUBKEY_FORMAT_SSH;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1857 } else if (!strcmp(format, "subject-public-key-info-format")) {
1858 pubkey_type = NC_PUBKEY_FORMAT_X509;
1859 } else {
1860 ERR(NULL, "Public key format (%s) not supported.", format);
1861 ret = 1;
1862 goto cleanup;
1863 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1864
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1865 if (is_ssh(node) && equal_parent_name(node, 4, "server-identity")) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1866 /* SSH hostkey public key fmt */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1867 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1868 ret = 1;
1869 goto cleanup;
1870 }
1871
1872 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
1873 hostkey->key.pubkey_type = pubkey_type;
1874 }
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1875 } else if (is_ssh(node) && equal_parent_name(node, 6, "client-authentication")) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1876 /* SSH client auth public key fmt */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1877 if (nc_server_config_get_pubkey(node, ch_client, &pubkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1878 ret = 1;
1879 goto cleanup;
1880 }
1881
1882 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1883 pubkey->type = pubkey_type;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1884 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1885 } else if (is_tls(node) && equal_parent_name(node, 3, "server-identity")) {
1886 /* TLS server-identity */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1887 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1888 ret = 1;
1889 goto cleanup;
1890 }
1891
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]1892 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1893 opts->pubkey_type = pubkey_type;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1894 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1895 }
1896
1897cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1898 if (is_ch(node)) {
1899 /* UNLOCK */
1900 nc_ch_client_unlock(ch_client);
1901 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1902 return ret;
1903}
1904
1905static int
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]1906nc_server_config_create_auth_key_public_key_list(const struct lyd_node *node, struct nc_auth_client *auth_client)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1907{
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1908 assert(!strcmp(LYD_NAME(node), "public-key"));
1909
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1910 node = lyd_child(node);
1911 assert(!strcmp(LYD_NAME(node), "name"));
1912
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1913 return nc_server_config_realloc(lyd_get_value(node), (void **)&auth_client->pubkeys, sizeof *auth_client->pubkeys, &auth_client->pubkey_count);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1914}
1915
1916static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1917nc_server_config_replace_auth_key_public_key_leaf(const struct lyd_node *node, struct nc_public_key *pubkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1918{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1919 free(pubkey->data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1920 pubkey->data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1921 NC_CHECK_ERRMEM_RET(!pubkey->data, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1922
1923 return 0;
1924}
1925
1926static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1927nc_server_config_replace_host_key_public_key(const struct lyd_node *node, struct nc_hostkey *hostkey)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1928{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1929 free(hostkey->key.pubkey_data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1930 hostkey->key.pubkey_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1931 NC_CHECK_ERRMEM_RET(!hostkey->key.pubkey_data, 1);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1932
1933 return 0;
1934}
1935
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1936static int
1937nc_server_config_tls_replace_server_public_key(const struct lyd_node *node, struct nc_server_tls_opts *opts)
1938{
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]1939 free(opts->pubkey_data);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1940 opts->pubkey_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]1941 NC_CHECK_ERRMEM_RET(!opts->pubkey_data, 1);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1942
1943 return 0;
1944}
1945
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1946static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]1947nc_server_config_public_key(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1948{
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1949 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1950 struct nc_hostkey *hostkey;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]1951 struct nc_auth_client *auth_client;
roman8edee342023-03-31 13:25:48 +0200[diff] [blame]1952 struct nc_public_key *pubkey;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]1953 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1954 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1955
1956 assert(!strcmp(LYD_NAME(node), "public-key"));
1957
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1958 /* LOCK */
1959 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]1960 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]1961 return 1;
1962 }
1963
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1964 if (is_ssh(node) && equal_parent_name(node, 3, "host-key")) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]1965 /* server's public-key, mandatory leaf */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1966 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1967 ret = 1;
1968 goto cleanup;
1969 }
1970
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1971 /* the public key must not be SubjectPublicKeyInfoFormat, as per the ietf-netconf-server model */
roman51a1e192023-09-14 10:13:45 +0200[diff] [blame]1972 if (nc_is_pk_subject_public_key_info(lyd_get_value(node))) {
roman13145912023-08-17 15:36:54 +0200[diff] [blame]1973 ERR(NULL, "Using Public Key in the SubjectPublicKeyInfo format as an SSH hostkey is forbidden!");
1974 ret = 1;
1975 goto cleanup;
1976 }
1977
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1978 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1979 /* set to local */
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1980 hostkey->store = NC_STORE_LOCAL;
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1981
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1982 ret = nc_server_config_replace_host_key_public_key(node, hostkey);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1983 if (ret) {
1984 goto cleanup;
1985 }
1986 }
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]1987 } else if (is_ssh(node) && equal_parent_name(node, 5, "client-authentication")) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1988 /* client auth pubkeys, list */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]1989 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1990 ret = 1;
1991 goto cleanup;
1992 }
1993
1994 if (op == NC_OP_CREATE) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1995 /* set to local */
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1996 auth_client->store = NC_STORE_LOCAL;
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]1997
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]1998 ret = nc_server_config_create_auth_key_public_key_list(node, auth_client);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1999 if (ret) {
2000 goto cleanup;
2001 }
2002 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2003 if (nc_server_config_get_pubkey(node, ch_client, &pubkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2004 ret = 1;
2005 goto cleanup;
2006 }
2007
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]2008 nc_server_config_del_auth_client_pubkey(auth_client, pubkey);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2009 }
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2010 } else if (is_ssh(node) && equal_parent_name(node, 6, "client-authentication")) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2011 /* client auth pubkey, leaf */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2012 if (nc_server_config_get_pubkey(node, ch_client, &pubkey)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2013 ret = 1;
2014 goto cleanup;
2015 }
2016
roman13145912023-08-17 15:36:54 +0200[diff] [blame]2017 /* the public key must not be SubjectPublicKeyInfoFormat, as per the ietf-netconf-server model */
roman51a1e192023-09-14 10:13:45 +0200[diff] [blame]2018 if (nc_is_pk_subject_public_key_info(lyd_get_value(node))) {
roman13145912023-08-17 15:36:54 +0200[diff] [blame]2019 ERR(NULL, "Using Public Key in the SubjectPublicKeyInfo format as an SSH user's key is forbidden!");
2020 ret = 1;
2021 goto cleanup;
2022 }
2023
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2024 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]2025 ret = nc_server_config_replace_auth_key_public_key_leaf(node, pubkey);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2026 if (ret) {
2027 goto cleanup;
2028 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2029 } else if (op == NC_OP_DELETE) {
2030 free(pubkey->data);
2031 pubkey->data = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2032 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2033 } else if (is_tls(node) && equal_parent_name(node, 3, "server-identity")) {
2034 /* TLS server-identity */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2035 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2036 ret = 1;
2037 goto cleanup;
2038 }
2039
roman13145912023-08-17 15:36:54 +0200[diff] [blame]2040 /* the public key must be SubjectPublicKeyInfoFormat, as per the ietf-netconf-server model */
roman51a1e192023-09-14 10:13:45 +0200[diff] [blame]2041 if (!nc_is_pk_subject_public_key_info(lyd_get_value(node))) {
roman13145912023-08-17 15:36:54 +0200[diff] [blame]2042 ERR(NULL, "TLS server certificate's Public Key must be in the SubjectPublicKeyInfo format!");
2043 ret = 1;
2044 goto cleanup;
2045 }
2046
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2047 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
2048 /* set to local */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2049 opts->store = NC_STORE_LOCAL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2050
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2051 ret = nc_server_config_tls_replace_server_public_key(node, opts);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2052 if (ret) {
2053 goto cleanup;
2054 }
2055 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2056 }
2057
2058cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2059 if (is_ch(node)) {
2060 /* UNLOCK */
2061 nc_ch_client_unlock(ch_client);
2062 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2063 return ret;
2064}
2065
2066/* leaf */
2067static int
2068nc_server_config_private_key_format(const struct lyd_node *node, NC_OPERATION op)
2069{
2070 int ret = 0;
2071 const char *format;
2072 NC_PRIVKEY_FORMAT privkey_type;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2073 struct nc_hostkey *hostkey;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2074 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2075 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2076
2077 (void) op;
2078
2079 assert(!strcmp(LYD_NAME(node), "private-key-format"));
2080
roman6cb86ea2023-11-08 15:12:05 +0100[diff] [blame]2081 /* LOCK */
2082 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
2083 /* to avoid unlock on fail */
2084 return 1;
2085 }
2086
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2087 format = ((struct lyd_node_term *)node)->value.ident->name;
2088 if (!format) {
2089 ret = 1;
2090 goto cleanup;
2091 }
2092
2093 privkey_type = nc_server_config_get_private_key_type(format);
2094 if (privkey_type == NC_PRIVKEY_FORMAT_UNKNOWN) {
2095 ERR(NULL, "Unknown private key format.");
2096 ret = 1;
2097 goto cleanup;
2098 }
2099
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2100 if (is_ssh(node)) {
2101 /* ssh */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2102 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2103 ret = 1;
2104 goto cleanup;
2105 }
2106
2107 hostkey->key.privkey_type = privkey_type;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2108 } else if (is_tls(node)) {
2109 /* tls */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2110 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2111 ret = 1;
2112 goto cleanup;
2113 }
2114
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2115 opts->privkey_type = privkey_type;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2116 }
2117
2118cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2119 if (is_ch(node)) {
2120 /* UNLOCK */
2121 nc_ch_client_unlock(ch_client);
2122 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2123 return ret;
2124}
2125
2126static int
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2127nc_server_config_cleartext_private_key(const struct lyd_node *node, NC_OPERATION op)
2128{
2129 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2130 struct nc_hostkey *hostkey;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2131 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2132 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2133
2134 assert(!strcmp(LYD_NAME(node), "cleartext-private-key"));
2135
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2136 /* LOCK */
2137 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2138 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2139 return 1;
2140 }
2141
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2142 if (is_ssh(node)) {
2143 /* ssh */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2144 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2145 ret = 1;
2146 goto cleanup;
2147 }
2148
2149 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2150 free(hostkey->key.privkey_data);
2151 hostkey->key.privkey_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2152 NC_CHECK_ERRMEM_GOTO(!hostkey->key.privkey_data, ret = 1, cleanup);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2153 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2154 free(hostkey->key.privkey_data);
2155 hostkey->key.privkey_data = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2156 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]2157 } else if (is_tls(node)) {
2158 /* tls */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2159 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2160 ret = 1;
2161 goto cleanup;
2162 }
2163
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2164 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2165 free(opts->privkey_data);
2166 opts->privkey_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2167 NC_CHECK_ERRMEM_GOTO(!opts->privkey_data, ret = 1, cleanup);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2168 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2169 free(opts->privkey_data);
2170 opts->privkey_data = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2171 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2172 }
2173
2174cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2175 if (is_ch(node)) {
2176 /* UNLOCK */
2177 nc_ch_client_unlock(ch_client);
2178 }
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2179 return ret;
2180}
2181
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2182/* leaf */
2183static int
2184nc_server_config_keystore_reference(const struct lyd_node *node, NC_OPERATION op)
2185{
2186 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2187 struct nc_hostkey *hostkey;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2188 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2189
2190 assert(!strcmp(LYD_NAME(node), "keystore-reference"));
2191
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2192 /* LOCK */
2193 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2194 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2195 return 1;
2196 }
2197
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2198 if (is_ssh(node) && equal_parent_name(node, 3, "server-identity")) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2199 if (nc_server_config_get_hostkey(node, ch_client, &hostkey)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2200 ret = 1;
2201 goto cleanup;
2202 }
2203
2204 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
2205 /* set to keystore */
2206 hostkey->store = NC_STORE_KEYSTORE;
2207
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2208 free(hostkey->ks_ref);
romandd019a92023-09-14 10:17:07 +0200[diff] [blame]2209 hostkey->ks_ref = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2210 NC_CHECK_ERRMEM_GOTO(!hostkey->ks_ref, ret = 1, cleanup);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2211 } else if (op == NC_OP_DELETE) {
2212 free(hostkey->ks_ref);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2213 hostkey->ks_ref = NULL;
2214 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2215 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2216
2217cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2218 if (is_ch(node)) {
2219 /* UNLOCK */
2220 nc_ch_client_unlock(ch_client);
2221 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2222 return ret;
2223}
2224
2225static int
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2226nc_server_config_create_auth_client(const struct lyd_node *node, struct nc_server_ssh_opts *opts)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2227{
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]2228 node = lyd_child(node);
2229 assert(!strcmp(LYD_NAME(node), "name"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2230
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]2231 return nc_server_config_realloc(lyd_get_value(node), (void **)&opts->auth_clients, sizeof *opts->auth_clients, &opts->client_count);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2232}
2233
2234/* list */
2235static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2236nc_server_config_user(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2237{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2238 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2239 struct nc_auth_client *auth_client;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2240 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2241 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2242
2243 assert(!strcmp(LYD_NAME(node), "user"));
2244
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2245 /* LOCK */
2246 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2247 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2248 return 1;
2249 }
2250
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2251 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2252 ret = 1;
2253 goto cleanup;
2254 }
2255
2256 if (op == NC_OP_CREATE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2257 ret = nc_server_config_create_auth_client(node, opts);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2258 if (ret) {
2259 goto cleanup;
2260 }
2261 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2262 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2263 ret = 1;
2264 goto cleanup;
2265 }
2266
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2267 nc_server_config_del_auth_client(opts, auth_client);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2268 }
2269
2270cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2271 if (is_ch(node)) {
2272 /* UNLOCK */
2273 nc_ch_client_unlock(ch_client);
2274 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2275 return ret;
2276}
2277
2278static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2279nc_server_config_auth_attempts(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2280{
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2281 int ret = 0;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2282 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2283 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2284
2285 assert(!strcmp(LYD_NAME(node), "auth-attempts"));
2286
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2287 /* LOCK */
2288 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2289 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2290 return 1;
2291 }
2292
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2293 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2294 ret = 1;
2295 goto cleanup;
2296 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2297
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2298 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]2299 opts->auth_attempts = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2300 }
2301
2302cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2303 if (is_ch(node)) {
2304 /* UNLOCK */
2305 nc_ch_client_unlock(ch_client);
2306 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2307 return ret;
2308}
2309
2310static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2311nc_server_config_auth_timeout(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2312{
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2313 int ret = 0;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2314 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2315 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2316
2317 assert(!strcmp(LYD_NAME(node), "auth-timeout"));
2318
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2319 /* LOCK */
2320 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2321 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2322 return 1;
2323 }
2324
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2325 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2326 ret = 1;
2327 goto cleanup;
2328 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2329
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2330 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]2331 opts->auth_timeout = ((struct lyd_node_term *)node)->value.uint16;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2332 }
2333
2334cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2335 if (is_ch(node)) {
2336 /* UNLOCK */
2337 nc_ch_client_unlock(ch_client);
2338 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2339 return ret;
2340}
2341
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2342/* leaf */
2343static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2344nc_server_config_truststore_reference(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2345{
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2346 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2347 struct nc_auth_client *auth_client;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2348 struct nc_ch_client *ch_client = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2349 struct nc_server_tls_opts *opts;
2350 struct nc_cert_grouping *certs_grp;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2351
2352 assert(!strcmp(LYD_NAME(node), "truststore-reference"));
2353
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2354 /* LOCK */
2355 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2356 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2357 return 1;
2358 }
2359
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2360 if (is_ssh(node) && equal_parent_name(node, 1, "public-keys")) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2361 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2362 ret = 1;
2363 goto cleanup;
2364 }
2365
2366 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]2367 /* set to truststore */
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]2368 auth_client->store = NC_STORE_TRUSTSTORE;
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]2369
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2370 free(auth_client->ts_ref);
2371 auth_client->ts_ref = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2372 NC_CHECK_ERRMEM_GOTO(!auth_client->ts_ref, ret = 1, cleanup);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2373 } else if (op == NC_OP_DELETE) {
2374 free(auth_client->ts_ref);
romand57b3722023-04-05 11:26:25 +0200[diff] [blame]2375 auth_client->ts_ref = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2376 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2377 } else if (is_tls(node) && (equal_parent_name(node, 1, "ca-certs") || equal_parent_name(node, 1, "ee-certs"))) {
2378 /* ee-certs or ca-certs */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2379 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2380 ret = 1;
2381 goto cleanup;
2382 }
2383
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2384 if (equal_parent_name(node, 1, "ca-certs")) {
2385 certs_grp = &opts->ca_certs;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2386 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2387 certs_grp = &opts->ee_certs;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2388 }
2389
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2390 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
2391 /* set to truststore */
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2392 certs_grp->store = NC_STORE_TRUSTSTORE;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2393
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2394 free(certs_grp->ts_ref);
2395 certs_grp->ts_ref = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2396 NC_CHECK_ERRMEM_GOTO(!certs_grp->ts_ref, ret = 1, cleanup);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2397 } else if (op == NC_OP_DELETE) {
2398 free(certs_grp->ts_ref);
2399 certs_grp->ts_ref = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2400 }
2401 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2402
2403cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2404 if (is_ch(node)) {
2405 /* UNLOCK */
2406 nc_ch_client_unlock(ch_client);
2407 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2408 return ret;
2409}
2410
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2411/* leaf */
2412static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2413nc_server_config_password(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2414{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2415 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2416 struct nc_auth_client *auth_client;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2417 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2418
2419 assert(!strcmp(LYD_NAME(node), "password"));
2420
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2421 /* LOCK */
2422 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2423 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2424 return 1;
2425 }
2426
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2427 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2428 ret = 1;
2429 goto cleanup;
2430 }
2431
2432 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2433 free(auth_client->password);
2434 auth_client->password = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2435 NC_CHECK_ERRMEM_GOTO(!auth_client->password, ret = 1, cleanup);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2436 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2437 free(auth_client->password);
2438 auth_client->password = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2439 }
2440
2441cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2442 if (is_ch(node)) {
2443 /* UNLOCK */
2444 nc_ch_client_unlock(ch_client);
2445 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2446 return ret;
2447}
2448
2449static int
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2450nc_server_config_kb_int(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2451{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2452 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2453 struct nc_auth_client *auth_client;
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2454 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2455
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2456 assert(!strcmp(LYD_NAME(node), "keyboard-interactive"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2457
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2458 /* LOCK */
2459 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2460 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2461 return 1;
2462 }
2463
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2464 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2465 ret = 1;
2466 goto cleanup;
2467 }
2468
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2469 if (op == NC_OP_CREATE) {
2470 auth_client->kb_int_enabled = 1;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2471 } else {
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2472 auth_client->kb_int_enabled = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2473 }
2474
2475cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2476 if (is_ch(node)) {
2477 /* UNLOCK */
2478 nc_ch_client_unlock(ch_client);
2479 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2480 return ret;
2481}
2482
2483/* leaf */
2484static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2485nc_server_config_none(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2486{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2487 int ret = 0;
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2488 struct nc_auth_client *auth_client;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2489 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2490
2491 assert(!strcmp(LYD_NAME(node), "none"));
2492
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2493 /* LOCK */
2494 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman58f79d02023-10-06 10:20:31 +0200[diff] [blame]2495 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2496 return 1;
2497 }
2498
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2499 if (nc_server_config_get_auth_client(node, ch_client, &auth_client)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2500 ret = 1;
2501 goto cleanup;
2502 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2503
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2504 if (op == NC_OP_CREATE) {
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2505 auth_client->none_enabled = 1;
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2506 } else {
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]2507 auth_client->none_enabled = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2508 }
2509
2510cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2511 if (is_ch(node)) {
2512 /* UNLOCK */
2513 nc_ch_client_unlock(ch_client);
2514 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2515 return ret;
2516}
2517
2518static int
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]2519nc_server_config_delete_substring(const char *haystack, const char *needle, const char delim)
2520{
2521 size_t needle_len = strlen(needle);
2522 char *substr;
2523 int substr_found = 0, ret = 0;
2524
2525 while ((substr = strstr(haystack, needle))) {
2526 /* iterate over all the substrings */
2527 if (((substr == haystack) && (*(substr + needle_len) == delim)) ||
2528 ((substr != haystack) && (*(substr - 1) == delim) && (*(substr + needle_len) == delim))) {
2529 /* either the first element of the string or somewhere in the middle */
2530 memmove(substr, substr + needle_len + 1, strlen(substr + needle_len + 1));
2531 substr_found = 1;
2532 break;
2533 } else if ((*(substr - 1) == delim) && (*(substr + needle_len) == '\0')) {
2534 /* the last element of the string */
2535 *(substr - 1) = '\0';
2536 substr_found = 1;
2537 break;
2538 }
2539 haystack = substr + 1;
2540 }
2541 if (!substr_found) {
2542 ret = 1;
2543 }
2544
2545 return ret;
2546}
2547
2548static int
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2549nc_server_config_transport_params(const char *algorithm, char **alg_store, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2550{
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]2551 int ret = 0;
2552 char *alg = NULL;
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2553
2554 if (!strncmp(algorithm, "openssh-", 8)) {
2555 /* if the name starts with openssh, convert it to it's original libssh accepted form */
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2556 ret = asprintf(&alg, "%s@openssh.com", algorithm + 8);
2557 NC_CHECK_ERRMEM_GOTO(ret == -1, ret = 1; alg = NULL, cleanup);
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2558 } else if (!strncmp(algorithm, "libssh-", 7)) {
2559 /* if the name starts with libssh, convert it to it's original libssh accepted form */
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2560 ret = asprintf(&alg, "%s@libssh.org", algorithm + 7);
2561 NC_CHECK_ERRMEM_GOTO(ret == -1, ret = 1; alg = NULL, cleanup);
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2562 } else {
2563 alg = strdup(algorithm);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2564 NC_CHECK_ERRMEM_GOTO(!alg, ret = 1, cleanup);
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2565 }
2566
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2567 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
2568 if (!*alg_store) {
2569 /* first call */
2570 *alg_store = strdup(alg);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2571 NC_CHECK_ERRMEM_GOTO(!*alg_store, ret = 1, cleanup);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2572 } else {
2573 /* +1 because of ',' between algorithms */
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2574 *alg_store = nc_realloc(*alg_store, strlen(*alg_store) + strlen(alg) + 1 + 1);
2575 NC_CHECK_ERRMEM_GOTO(!*alg_store, ret = 1, cleanup);
roman08f67f42023-06-08 13:51:54 +0200[diff] [blame]2576 strcat(*alg_store, ",");
2577 strcat(*alg_store, alg);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2578 }
2579 } else {
2580 /* delete */
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]2581 ret = nc_server_config_delete_substring(*alg_store, alg, ',');
2582 if (ret) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2583 ERR(NULL, "Unable to delete an algorithm (%s), which was not previously added.", alg);
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]2584 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2585 }
2586 }
2587
2588cleanup:
romana6bf6ab2023-05-26 13:26:02 +0200[diff] [blame]2589 free(alg);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2590 return ret;
2591}
2592
2593/* leaf-list */
2594static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2595nc_server_config_host_key_alg(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2596{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2597 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2598 const char *alg;
2599 uint8_t i;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2600 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2601 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2602
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2603 assert(!strcmp(LYD_NAME(node), "host-key-alg"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2604
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2605 /* LOCK */
2606 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2607 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2608 return 1;
2609 }
2610
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2611 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2612 ret = 1;
2613 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2614 }
2615
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2616 /* get the algorithm name and compare it with algs supported by libssh */
2617 alg = ((struct lyd_node_term *)node)->value.ident->name;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2618 i = 0;
2619 while (supported_hostkey_algs[i]) {
2620 if (!strcmp(supported_hostkey_algs[i], alg)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2621 if (nc_server_config_transport_params(alg, &opts->hostkey_algs, op)) {
2622 ret = 1;
2623 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2624 }
2625 break;
2626 }
2627 i++;
2628 }
2629 if (!supported_hostkey_algs[i]) {
2630 /* algorithm not supported */
2631 ERR(NULL, "Public key algorithm (%s) not supported by libssh.", alg);
2632 ret = 1;
2633 }
2634
2635cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2636 if (is_ch(node)) {
2637 /* UNLOCK */
2638 nc_ch_client_unlock(ch_client);
2639 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2640 return ret;
2641}
2642
2643/* leaf-list */
2644static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2645nc_server_config_kex_alg(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2646{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2647 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2648 const char *alg;
2649 uint8_t i;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2650 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2651 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2652
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2653 assert(!strcmp(LYD_NAME(node), "key-exchange-alg"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2654
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2655 /* LOCK */
2656 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2657 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2658 return 1;
2659 }
2660
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2661 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2662 ret = 1;
2663 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2664 }
2665
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2666 /* get the algorithm name and compare it with algs supported by libssh */
2667 alg = ((struct lyd_node_term *)node)->value.ident->name;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2668 i = 0;
2669 while (supported_kex_algs[i]) {
2670 if (!strcmp(supported_kex_algs[i], alg)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2671 if (nc_server_config_transport_params(alg, &opts->kex_algs, op)) {
2672 ret = 1;
2673 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2674 }
2675 break;
2676 }
2677 i++;
2678 }
2679 if (!supported_kex_algs[i]) {
2680 /* algorithm not supported */
2681 ERR(NULL, "Key exchange algorithm (%s) not supported by libssh.", alg);
2682 ret = 1;
2683 }
2684
2685cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2686 if (is_ch(node)) {
2687 /* UNLOCK */
2688 nc_ch_client_unlock(ch_client);
2689 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2690 return ret;
2691}
2692
2693/* leaf-list */
2694static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2695nc_server_config_encryption_alg(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2696{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2697 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2698 const char *alg;
2699 uint8_t i;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2700 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2701 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2702
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2703 assert(!strcmp(LYD_NAME(node), "encryption-alg"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2704
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2705 /* LOCK */
2706 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2707 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2708 return 1;
2709 }
2710
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2711 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2712 ret = 1;
2713 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2714 }
2715
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2716 /* get the algorithm name and compare it with algs supported by libssh */
2717 alg = ((struct lyd_node_term *)node)->value.ident->name;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2718 i = 0;
2719 while (supported_encryption_algs[i]) {
2720 if (!strcmp(supported_encryption_algs[i], alg)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2721 if (nc_server_config_transport_params(alg, &opts->encryption_algs, op)) {
2722 ret = 1;
2723 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2724 }
2725 break;
2726 }
2727 i++;
2728 }
2729 if (!supported_encryption_algs[i]) {
2730 /* algorithm not supported */
2731 ERR(NULL, "Encryption algorithm (%s) not supported by libssh.", alg);
2732 ret = 1;
2733 }
2734
2735cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2736 if (is_ch(node)) {
2737 /* UNLOCK */
2738 nc_ch_client_unlock(ch_client);
2739 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2740 return ret;
2741}
2742
2743/* leaf-list */
2744static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2745nc_server_config_mac_alg(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2746{
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2747 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2748 const char *alg;
2749 uint8_t i;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2750 struct nc_server_ssh_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2751 struct nc_ch_client *ch_client = NULL;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2752
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2753 assert(!strcmp(LYD_NAME(node), "mac-alg"));
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2754
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2755 /* LOCK */
2756 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2757 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2758 return 1;
2759 }
2760
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]2761 if (nc_server_config_get_ssh_opts(node, ch_client, &opts)) {
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]2762 ret = 1;
2763 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2764 }
2765
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2766 /* get the algorithm name and compare it with algs supported by libssh */
2767 alg = ((struct lyd_node_term *)node)->value.ident->name;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2768 i = 0;
2769 while (supported_mac_algs[i]) {
2770 if (!strcmp(supported_mac_algs[i], alg)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]2771 if (nc_server_config_transport_params(alg, &opts->mac_algs, op)) {
2772 ret = 1;
2773 goto cleanup;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2774 }
2775 break;
2776 }
2777 i++;
2778 }
2779 if (!supported_mac_algs[i]) {
2780 /* algorithm not supported */
2781 ERR(NULL, "MAC algorithm (%s) not supported by libssh.", alg);
2782 ret = 1;
2783 }
2784
2785cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]2786 if (is_ch(node)) {
2787 /* UNLOCK */
2788 nc_ch_client_unlock(ch_client);
2789 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2790 return ret;
2791}
2792
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]2793#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2794
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]2795static int
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]2796nc_server_config_create_unix_socket(struct nc_endpt *endpt)
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2797{
2798 endpt->ti = NC_TI_UNIX;
2799 endpt->opts.unixsock = calloc(1, sizeof *endpt->opts.unixsock);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2800 NC_CHECK_ERRMEM_RET(!endpt->opts.unixsock, 1);
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2801
2802 /* set default values */
2803 endpt->opts.unixsock->mode = -1;
2804 endpt->opts.unixsock->uid = -1;
2805 endpt->opts.unixsock->gid = -1;
2806
2807 return 0;
2808}
2809
2810static int
romane028ef92023-02-24 16:33:08 +0100[diff] [blame]2811nc_server_config_unix_socket(const struct lyd_node *node, NC_OPERATION op)
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2812{
2813 int ret = 0;
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]2814 uint32_t log_options = 0;
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2815 struct nc_endpt *endpt;
2816 struct nc_bind *bind;
2817 struct nc_server_unix_opts *opts;
2818 struct lyd_node *data = NULL;
2819
2820 assert(!strcmp(LYD_NAME(node), "unix-socket"));
2821
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]2822 if (nc_server_config_get_endpt(node, &endpt, &bind)) {
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2823 ret = 1;
2824 goto cleanup;
2825 }
2826
2827 if (op == NC_OP_CREATE) {
roman874fed12023-05-25 10:20:01 +0200[diff] [blame]2828 if (nc_server_config_create_unix_socket(endpt)) {
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2829 ret = 1;
2830 goto cleanup;
2831 }
2832
2833 opts = endpt->opts.unixsock;
2834
2835 lyd_find_path(node, "path", 0, &data);
2836 assert(data);
2837
2838 opts->address = strdup(lyd_get_value(data));
2839 bind->address = strdup(lyd_get_value(data));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]2840 NC_CHECK_ERRMEM_GOTO(!opts->address || !bind->address, ret = 1, cleanup);
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2841
2842 /* silently search for non-mandatory parameters */
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]2843 ly_temp_log_options(&log_options);
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2844 ret = lyd_find_path(node, "mode", 0, &data);
2845 if (!ret) {
2846 opts->mode = strtol(lyd_get_value(data), NULL, 8);
2847 }
2848
2849 ret = lyd_find_path(node, "uid", 0, &data);
2850 if (!ret) {
2851 opts->uid = strtol(lyd_get_value(data), NULL, 10);
2852 }
2853
2854 ret = lyd_find_path(node, "gid", 0, &data);
2855 if (!ret) {
2856 opts->gid = strtol(lyd_get_value(data), NULL, 10);
2857 }
2858
2859 /* reset the logging options */
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]2860 ly_temp_log_options(NULL);
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2861
2862 ret = nc_server_config_set_address_port(endpt, bind, NULL, 0);
2863 if (ret) {
2864 goto cleanup;
2865 }
2866 } else if (op == NC_OP_DELETE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2867 nc_server_config_del_unix_socket_opts(bind, endpt->opts.unixsock);
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]2868 }
2869
2870cleanup:
2871 return ret;
2872}
2873
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]2874#ifdef NC_ENABLED_SSH_TLS
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]2875
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2876static int
2877nc_server_config_check_endpt_reference_cycle(struct nc_endpt *original, struct nc_endpt *next)
2878{
2879 if (!next->referenced_endpt_name) {
2880 /* no further reference -> no cycle */
2881 return 0;
2882 }
2883
2884 if (!strcmp(original->name, next->referenced_endpt_name)) {
2885 /* found cycle */
2886 return 1;
2887 } else {
2888 if (nc_server_get_referenced_endpt(next->referenced_endpt_name, &next)) {
2889 /* referenced endpoint does not exist */
2890 return 1;
2891 }
2892
2893 /* continue further */
2894 return nc_server_config_check_endpt_reference_cycle(original, next);
2895 }
2896}
2897
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2898/**
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2899 * @brief Set all endpoint references.
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2900 *
2901 * @return 0 on success, 1 on error.
2902 */
2903static int
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2904nc_server_config_check_endpt_references(void)
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2905{
2906 uint16_t i, j;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2907 struct nc_endpt *referenced_endpt = NULL;
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2908
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2909 /* first do listen endpoints */
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2910 for (i = 0; i < server_opts.endpt_count; i++) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]2911 /* go through all the endpoints */
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2912 if (server_opts.endpts[i].referenced_endpt_name) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2913 /* get referenced endpt */
2914 if (nc_server_get_referenced_endpt(server_opts.endpts[i].referenced_endpt_name, &referenced_endpt)) {
2915 ERR(NULL, "Endpoint \"%s\" referenced by endpoint \"%s\" does not exist.",
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2916 server_opts.endpts[i].referenced_endpt_name, server_opts.endpts[i].name);
2917 return 1;
2918 }
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2919
2920 /* check if the endpoint references itself */
2921 if (&server_opts.endpts[i] == referenced_endpt) {
2922 ERR(NULL, "Endpoint \"%s\" references itself.", server_opts.endpts[i].name);
2923 return 1;
2924 }
2925
2926 /* check transport */
2927 if ((server_opts.endpts[i].ti != referenced_endpt->ti)) {
2928 ERR(NULL, "Endpoint \"%s\" referenced by endpoint \"%s\" has different transport type.",
2929 server_opts.endpts[i].referenced_endpt_name, server_opts.endpts[i].name);
2930 return 1;
2931 } else if ((referenced_endpt->ti != NC_TI_LIBSSH) && (referenced_endpt->ti != NC_TI_OPENSSL)) {
2932 ERR(NULL, "Endpoint \"%s\" referenced by endpoint \"%s\" has unsupported transport type.",
2933 server_opts.endpts[i].referenced_endpt_name, server_opts.endpts[i].name);
2934 return 1;
2935 }
2936
2937 /* check cyclic reference */
2938 if (nc_server_config_check_endpt_reference_cycle(&server_opts.endpts[i], referenced_endpt)) {
2939 ERR(NULL, "Endpoint \"%s\" referenced by endpoint \"%s\" creates a cycle.",
2940 server_opts.endpts[i].referenced_endpt_name, server_opts.endpts[i].name);
2941 return 1;
2942 }
2943
2944 /* all went well, assign the name to the opts, so we can access it for auth */
2945 if (server_opts.endpts[i].ti == NC_TI_LIBSSH) {
2946 server_opts.endpts[i].opts.ssh->referenced_endpt_name = referenced_endpt->name;
2947 } else {
2948 server_opts.endpts[i].opts.tls->referenced_endpt_name = referenced_endpt->name;
2949 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]2950 }
2951 }
2952
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]2953 /* now check all the call home endpoints */
2954 /* LOCK */
2955 pthread_rwlock_rdlock(&server_opts.ch_client_lock);
2956 for (i = 0; i < server_opts.ch_client_count; i++) {
2957 /* LOCK */
2958 pthread_mutex_lock(&server_opts.ch_clients[i].lock);
2959 for (j = 0; j < server_opts.ch_clients[i].ch_endpt_count; j++) {
2960 if (server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name) {
2961 /* get referenced endpt */
2962 if (nc_server_get_referenced_endpt(server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, &referenced_endpt)) {
2963 ERR(NULL, "Endpoint \"%s\" referenced by call home endpoint \"%s\" does not exist.",
2964 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, server_opts.ch_clients[i].ch_endpts[j].name);
2965 goto ch_fail;
2966 }
2967
2968 /* check transport */
2969 if (server_opts.ch_clients[i].ch_endpts[j].ti != referenced_endpt->ti) {
2970 ERR(NULL, "Endpoint \"%s\" referenced by call home endpoint \"%s\" has different transport type.",
2971 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, server_opts.ch_clients[i].ch_endpts[j].name);
2972 goto ch_fail;
2973 } else if ((referenced_endpt->ti != NC_TI_LIBSSH) && (referenced_endpt->ti != NC_TI_OPENSSL)) {
2974 ERR(NULL, "Endpoint \"%s\" referenced by call home endpoint \"%s\" has unsupported transport type.",
2975 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, server_opts.ch_clients[i].ch_endpts[j].name);
2976 goto ch_fail;
2977 }
2978
2979 /* check cyclic reference */
2980 if (nc_server_config_check_endpt_reference_cycle(referenced_endpt, referenced_endpt)) {
2981 ERR(NULL, "Endpoint \"%s\" referenced by call home endpoint \"%s\" creates a cycle.",
2982 server_opts.ch_clients[i].ch_endpts[j].referenced_endpt_name, server_opts.ch_clients[i].ch_endpts[j].name);
2983 goto ch_fail;
2984 }
2985
2986 /* all went well, assign the name to the opts, so we can access it for auth */
2987 if (server_opts.ch_clients[i].ch_endpts[j].ti == NC_TI_LIBSSH) {
2988 server_opts.ch_clients[i].ch_endpts[j].opts.ssh->referenced_endpt_name = referenced_endpt->name;
2989 } else {
2990 server_opts.ch_clients[i].ch_endpts[j].opts.tls->referenced_endpt_name = referenced_endpt->name;
2991 }
2992 }
2993 }
2994 /* UNLOCK */
2995 pthread_mutex_unlock(&server_opts.ch_clients[i].lock);
2996 }
2997
2998 /* UNLOCK */
2999 pthread_rwlock_unlock(&server_opts.ch_client_lock);
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3000 return 0;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3001
3002ch_fail:
3003 /* UNLOCK */
3004 pthread_mutex_unlock(&server_opts.ch_clients[i].lock);
3005 /* UNLOCK */
3006 pthread_rwlock_unlock(&server_opts.ch_client_lock);
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3007 return 1;
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3008}
3009
3010static int
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3011nc_server_config_endpoint_reference(const struct lyd_node *node, NC_OPERATION op)
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3012{
3013 int ret = 0;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3014 struct nc_endpt *endpt = NULL;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3015 struct nc_ch_client *ch_client = NULL;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3016 struct nc_ch_endpt *ch_endpt = NULL;
3017 struct nc_server_ssh_opts *ssh = NULL;
3018 struct nc_server_tls_opts *tls = NULL;
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3019
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3020 assert(!strcmp(LYD_NAME(node), "endpoint-reference"));
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3021
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3022 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
3023 /* to avoid unlock on fail */
3024 return 1;
3025 }
3026
3027 /* get endpt */
3028 if (is_listen(node)) {
3029 ret = nc_server_config_get_endpt(node, &endpt, NULL);
3030 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3031 ret = nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt);
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3032 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3033 if (ret) {
3034 goto cleanup;
3035 }
3036
3037 if (op == NC_OP_DELETE) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3038 if (endpt) {
romanb7bfa652023-11-09 12:36:35 +0100[diff] [blame]3039 /* listen */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3040 free(endpt->referenced_endpt_name);
3041 endpt->referenced_endpt_name = NULL;
roman2e797ef2023-06-19 10:47:49 +0200[diff] [blame]3042 } else {
romanb7bfa652023-11-09 12:36:35 +0100[diff] [blame]3043 /* call home */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3044 free(ch_endpt->referenced_endpt_name);
3045 ch_endpt->referenced_endpt_name = NULL;
roman2e797ef2023-06-19 10:47:49 +0200[diff] [blame]3046 }
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3047 if (is_ssh(node)) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3048 if (nc_server_config_get_ssh_opts(node, ch_client, &ssh)) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3049 ret = 1;
3050 goto cleanup;
3051 }
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3052
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3053 ssh->referenced_endpt_name = NULL;
3054 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3055 if (nc_server_config_get_tls_opts(node, ch_client, &tls)) {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3056 ret = 1;
3057 goto cleanup;
3058 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3059
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3060 tls->referenced_endpt_name = NULL;
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3061 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3062
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3063 goto cleanup;
roman2e797ef2023-06-19 10:47:49 +0200[diff] [blame]3064 } else {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3065 /* just set the name, check it once configuring of all nodes is done */
3066 if (endpt) {
3067 free(endpt->referenced_endpt_name);
3068 endpt->referenced_endpt_name = strdup(lyd_get_value(node));
3069 NC_CHECK_ERRMEM_GOTO(!endpt->referenced_endpt_name, ret = 1, cleanup);
3070 } else {
3071 free(ch_endpt->referenced_endpt_name);
3072 ch_endpt->referenced_endpt_name = strdup(lyd_get_value(node));
3073 NC_CHECK_ERRMEM_GOTO(!ch_endpt->referenced_endpt_name, ret = 1, cleanup);
3074 }
3075
3076 goto cleanup;
roman2e797ef2023-06-19 10:47:49 +0200[diff] [blame]3077 }
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3078
3079cleanup:
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3080 if (is_ch(node)) {
3081 /* UNLOCK */
3082 nc_ch_client_unlock(ch_client);
3083 }
3084
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]3085 return ret;
3086}
3087
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3088static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3089nc_server_config_cert_data(const struct lyd_node *node, NC_OPERATION op)
3090{
3091 int ret = 0;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3092 struct nc_certificate *cert;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3093 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3094 struct nc_ch_client *ch_client = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3095
3096 assert(!strcmp(LYD_NAME(node), "cert-data"));
3097
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3098 /* LOCK */
3099 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3100 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3101 return 1;
3102 }
3103
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3104 if (equal_parent_name(node, 3, "server-identity")) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3105 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3106 ret = 1;
3107 goto cleanup;
3108 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3109
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3110 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3111 free(opts->cert_data);
3112 opts->cert_data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3113 NC_CHECK_ERRMEM_GOTO(!opts->cert_data, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3114 }
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3115 } else if (equal_parent_name(node, 3, "ca-certs") || equal_parent_name(node, 3, "ee-certs")) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3116 if (nc_server_config_get_cert(node, ch_client, &cert)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3117 ret = 1;
3118 goto cleanup;
3119 }
3120
3121 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3122 free(cert->data);
3123 cert->data = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3124 NC_CHECK_ERRMEM_GOTO(!cert->data, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3125 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3126 free(cert->data);
3127 cert->data = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3128 }
3129 }
3130
3131cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3132 if (is_ch(node)) {
3133 /* UNLOCK */
3134 nc_ch_client_unlock(ch_client);
3135 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3136 return ret;
3137}
3138
3139static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3140nc_server_config_asymmetric_key(const struct lyd_node *node, NC_OPERATION op)
3141{
3142 int ret = 0;
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3143 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3144 struct nc_ch_client *ch_client = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3145
3146 assert(!strcmp(LYD_NAME(node), "asymmetric-key"));
3147
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3148 /* LOCK */
3149 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3150 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3151 return 1;
3152 }
3153
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3154 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3155 ret = 1;
3156 goto cleanup;
3157 }
3158
3159 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
3160 /* set to keystore */
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3161 opts->store = NC_STORE_KEYSTORE;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3162
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3163 free(opts->key_ref);
3164 opts->key_ref = strdup(lyd_get_value(node));
3165 NC_CHECK_ERRMEM_GOTO(!opts->key_ref, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3166 } else {
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]3167 free(opts->key_ref);
3168 opts->key_ref = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3169 }
3170
3171cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3172 if (is_ch(node)) {
3173 /* UNLOCK */
3174 nc_ch_client_unlock(ch_client);
3175 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3176 return ret;
3177}
3178
3179static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3180nc_server_config_create_ca_certs_certificate(const struct lyd_node *node, struct nc_server_tls_opts *opts)
3181{
3182 assert(!strcmp(LYD_NAME(node), "certificate"));
3183
3184 node = lyd_child(node);
3185 assert(!strcmp(LYD_NAME(node), "name"));
3186
3187 return nc_server_config_realloc(lyd_get_value(node), (void **)&opts->ca_certs.certs, sizeof *opts->ca_certs.certs, &opts->ca_certs.cert_count);
3188}
3189
3190static int
3191nc_server_config_create_ee_certs_certificate(const struct lyd_node *node, struct nc_server_tls_opts *opts)
3192{
3193 assert(!strcmp(LYD_NAME(node), "certificate"));
3194
3195 node = lyd_child(node);
3196 assert(!strcmp(LYD_NAME(node), "name"));
3197
3198 return nc_server_config_realloc(lyd_get_value(node), (void **)&opts->ee_certs.certs, sizeof *opts->ee_certs.certs, &opts->ee_certs.cert_count);
3199}
3200
3201static int
3202nc_server_config_certificate(const struct lyd_node *node, NC_OPERATION op)
3203{
3204 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3205 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3206 struct nc_ch_client *ch_client = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3207 struct nc_certificate *cert;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3208
3209 assert(!strcmp(LYD_NAME(node), "certificate"));
3210
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3211 /* LOCK */
3212 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3213 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3214 return 1;
3215 }
3216
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3217 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3218 ret = 1;
3219 goto cleanup;
3220 }
3221
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3222 if (equal_parent_name(node, 1, "keystore-reference")) {
3223 /* TLS server-identity */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3224 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
3225 /* set to keystore */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3226 opts->store = NC_STORE_KEYSTORE;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3227
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3228 free(opts->cert_ref);
3229 opts->cert_ref = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3230 NC_CHECK_ERRMEM_GOTO(!opts->cert_ref, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3231 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3232 free(opts->cert_ref);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3233 opts->cert_ref = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3234 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3235 } else if (equal_parent_name(node, 2, "ca-certs")) {
3236 /* TLS client auth certificate authority */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3237 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3238 ret = nc_server_config_create_ca_certs_certificate(node, opts);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3239 if (ret) {
3240 goto cleanup;
3241 }
3242 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3243 if (nc_server_config_get_cert(node, ch_client, &cert)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3244 ret = 1;
3245 goto cleanup;
3246 }
3247 nc_server_config_del_cert(&opts->ca_certs, cert);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3248 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3249 } else if (equal_parent_name(node, 2, "ee-certs")) {
3250 /* TLS client auth end entity */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3251 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3252 ret = nc_server_config_create_ee_certs_certificate(node, opts);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3253 if (ret) {
3254 goto cleanup;
3255 }
3256 } else {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3257 if (nc_server_config_get_cert(node, ch_client, &cert)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3258 ret = 1;
3259 goto cleanup;
3260 }
3261 nc_server_config_del_cert(&opts->ee_certs, cert);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3262 }
3263 }
3264
3265cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3266 if (is_ch(node)) {
3267 /* UNLOCK */
3268 nc_ch_client_unlock(ch_client);
3269 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3270 return ret;
3271}
3272
3273static int
3274nc_server_config_create_cert_to_name(const struct lyd_node *node, struct nc_server_tls_opts *opts)
3275{
3276 int ret = 0;
3277 struct lyd_node *n;
3278 struct nc_ctn *new, *iter;
3279 const char *map_type, *name;
3280 uint32_t id;
3281 NC_TLS_CTN_MAPTYPE m_type;
3282
3283 assert(!strcmp(LYD_NAME(node), "cert-to-name"));
3284
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3285 /* get all the data */
3286 /* find the list's key */
3287 lyd_find_path(node, "id", 0, &n);
3288 assert(n);
roman9cdb7b52023-10-25 13:59:55 +0200[diff] [blame]3289 id = ((struct lyd_node_term *)n)->value.uint32;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3290
3291 /* find the ctn's name */
3292 lyd_find_path(node, "name", 0, &n);
3293 assert(n);
3294 name = lyd_get_value(n);
3295
3296 /* find the ctn's map-type */
3297 lyd_find_path(node, "map-type", 0, &n);
3298 assert(n);
3299 map_type = ((struct lyd_node_term *)n)->value.ident->name;
3300 if (!strcmp(map_type, "specified")) {
3301 m_type = NC_TLS_CTN_SPECIFIED;
3302 } else if (!strcmp(map_type, "san-rfc822-name")) {
3303 m_type = NC_TLS_CTN_SAN_RFC822_NAME;
3304 } else if (!strcmp(map_type, "san-dns-name")) {
3305 m_type = NC_TLS_CTN_SAN_DNS_NAME;
3306 } else if (!strcmp(map_type, "san-ip-address")) {
3307 m_type = NC_TLS_CTN_SAN_IP_ADDRESS;
3308 } else if (!strcmp(map_type, "san-any")) {
3309 m_type = NC_TLS_CTN_SAN_ANY;
3310 } else if (!strcmp(map_type, "common-name")) {
3311 m_type = NC_TLS_CTN_COMMON_NAME;
3312 } else {
3313 ERR(NULL, "Map-type identity \"%s\" not supported.", map_type);
3314 ret = 1;
3315 goto cleanup;
3316 }
3317
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3318 /* create new ctn */
3319 new = calloc(1, sizeof *new);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3320 NC_CHECK_ERRMEM_GOTO(!new, ret = 1, cleanup);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3321
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3322 /* find the right place for insertion */
3323 if (!opts->ctn) {
3324 /* inserting the first one */
3325 opts->ctn = new;
Roytak421eb0c2023-08-01 22:18:27 +0200[diff] [blame]3326 } else if (opts->ctn->id > id) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3327 /* insert at the beginning */
3328 new->next = opts->ctn;
3329 opts->ctn = new;
3330 } else {
3331 /* have to find the right place */
Roytak421eb0c2023-08-01 22:18:27 +0200[diff] [blame]3332 for (iter = opts->ctn; iter->next && iter->next->id <= id; iter = iter->next) {}
3333 if (iter->id == id) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3334 /* collision */
romanb7bfa652023-11-09 12:36:35 +0100[diff] [blame]3335 free(new);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3336 new = iter;
3337 } else {
3338 new->next = iter->next;
3339 iter->next = new;
3340 }
3341 }
3342
3343 /* insert the right data */
3344 new->id = id;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3345 free(new->name);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3346 new->name = strdup(name);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3347 NC_CHECK_ERRMEM_GOTO(!new->name, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3348 new->map_type = m_type;
3349
3350cleanup:
3351 return ret;
3352}
3353
3354static int
3355nc_server_config_cert_to_name(const struct lyd_node *node, NC_OPERATION op)
3356{
3357 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3358 struct nc_server_tls_opts *opts;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3359 struct nc_ctn *ctn;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3360 struct nc_ch_client *ch_client = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3361
3362 assert(!strcmp(LYD_NAME(node), "cert-to-name"));
3363
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3364 /* LOCK */
3365 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3366 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3367 return 1;
3368 }
3369
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3370 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3371 ret = 1;
3372 goto cleanup;
3373 }
3374
3375 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3376 ret = nc_server_config_create_cert_to_name(node, opts);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3377 if (ret) {
3378 goto cleanup;
3379 }
3380 } else {
3381 /* find the given ctn entry */
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3382 if (nc_server_config_get_ctn(node, ch_client, &ctn)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3383 ret = 1;
3384 goto cleanup;
3385 }
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3386 nc_server_config_del_ctn(opts, ctn);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3387 }
3388
3389cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3390 if (is_ch(node)) {
3391 /* UNLOCK */
3392 nc_ch_client_unlock(ch_client);
3393 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3394 return ret;
3395}
3396
3397static int
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3398nc_server_config_fingerprint(const struct lyd_node *node, NC_OPERATION op)
3399{
3400 int ret = 0;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3401 struct nc_ctn *ctn;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3402 struct nc_ch_client *ch_client = NULL;
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3403
3404 assert(!strcmp(LYD_NAME(node), "fingerprint"));
3405
3406 /* LOCK */
3407 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3408 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3409 return 1;
3410 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3411
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3412 if (nc_server_config_get_ctn(node, ch_client, &ctn)) {
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3413 ret = 1;
3414 goto cleanup;
3415 }
3416
3417 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3418 free(ctn->fingerprint);
3419 ctn->fingerprint = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3420 NC_CHECK_ERRMEM_GOTO(!ctn->fingerprint, ret = 1, cleanup);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3421 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3422 free(ctn->fingerprint);
3423 ctn->fingerprint = NULL;
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3424 }
3425
3426cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3427 if (is_ch(node)) {
3428 /* UNLOCK */
3429 nc_ch_client_unlock(ch_client);
3430 }
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3431 return ret;
3432}
3433
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3434static int
3435nc_server_config_tls_version(const struct lyd_node *node, NC_OPERATION op)
3436{
3437 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3438 struct nc_server_tls_opts *opts;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3439 const char *version = NULL;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3440 struct nc_ch_client *ch_client = NULL;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3441 NC_TLS_VERSION tls_version;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3442
3443 assert(!strcmp(LYD_NAME(node), "tls-version"));
3444
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3445 /* LOCK */
3446 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3447 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3448 return 1;
3449 }
3450
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3451 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3452 ret = 1;
3453 goto cleanup;
3454 }
3455
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3456 /* str to tls_version */
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3457 version = ((struct lyd_node_term *)node)->value.ident->name;
3458 if (!strcmp(version, "tls10")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3459 tls_version = NC_TLS_VERSION_10;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3460 } else if (!strcmp(version, "tls11")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3461 tls_version = NC_TLS_VERSION_11;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3462 } else if (!strcmp(version, "tls12")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3463 tls_version = NC_TLS_VERSION_12;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3464 } else if (!strcmp(version, "tls13")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3465 tls_version = NC_TLS_VERSION_13;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3466 } else {
3467 ERR(NULL, "TLS version \"%s\" not supported.", version);
3468 ret = 1;
3469 goto cleanup;
3470 }
3471
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3472 if (op == NC_OP_CREATE) {
3473 /* add the version if it isn't there already */
3474 opts->tls_versions |= tls_version;
3475 } else if ((op == NC_OP_DELETE) && (opts->tls_versions & tls_version)) {
3476 /* delete the version if it is there */
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]3477 opts->tls_versions &= ~tls_version;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3478 }
3479
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3480cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3481 if (is_ch(node)) {
3482 /* UNLOCK */
3483 nc_ch_client_unlock(ch_client);
3484 }
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3485 return ret;
3486}
3487
3488static int
3489nc_server_config_create_cipher_suite(struct nc_server_tls_opts *opts, const char *cipher)
3490{
3491 int ret = 0;
3492 char *ssl_cipher = NULL;
3493 uint16_t i;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3494 void *tmp;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3495
3496 ssl_cipher = malloc(strlen(cipher) + 1);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3497 NC_CHECK_ERRMEM_GOTO(!ssl_cipher, ret = 1, cleanup);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3498
3499 for (i = 0; cipher[i]; i++) {
3500 if (cipher[i] == '-') {
3501 /* OpenSSL requires _ instead of - in cipher names */
3502 ssl_cipher[i] = '_';
3503 } else {
3504 /* and requires uppercase unlike the identities */
3505 ssl_cipher[i] = toupper(cipher[i]);
3506 }
3507 }
3508 ssl_cipher[i] = '\0';
3509
3510 if (!opts->ciphers) {
3511 /* first entry */
3512 opts->ciphers = strdup(ssl_cipher);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3513 NC_CHECK_ERRMEM_GOTO(!opts->ciphers, ret = 1, cleanup);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3514 } else {
3515 /* + 1 because of : between entries */
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3516 tmp = nc_realloc(opts->ciphers, strlen(opts->ciphers) + strlen(ssl_cipher) + 1 + 1);
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3517 NC_CHECK_ERRMEM_GOTO(!tmp, ret = 1, cleanup);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3518 opts->ciphers = tmp;
roman08f67f42023-06-08 13:51:54 +0200[diff] [blame]3519 strcat(opts->ciphers, ":");
3520 strcat(opts->ciphers, ssl_cipher);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3521 }
3522
3523cleanup:
3524 free(ssl_cipher);
3525 return ret;
3526}
3527
3528static int
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3529nc_server_config_del_cipher_suite(struct nc_server_tls_opts *opts, const char *cipher)
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3530{
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]3531 int ret = 0;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3532
romanc135c6d2023-10-25 13:32:30 +0200[diff] [blame]3533 ret = nc_server_config_delete_substring(opts->ciphers, cipher, ':');
3534 if (ret) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3535 ERR(NULL, "Unable to delete a cipher (%s), which was not previously added.", cipher);
3536 return 1;
3537 }
3538
3539 return 0;
3540}
3541
3542static int
3543nc_server_config_cipher_suite(const struct lyd_node *node, NC_OPERATION op)
3544{
3545 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3546 struct nc_server_tls_opts *opts;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3547 const char *cipher = NULL;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3548 struct nc_ch_client *ch_client = NULL;
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3549
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3550 assert(!strcmp(LYD_NAME(node), "cipher-suite"));
3551
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3552 /* LOCK */
3553 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3554 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3555 return 1;
3556 }
3557
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3558 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3559 ret = 1;
3560 goto cleanup;
3561 }
3562
3563 cipher = ((struct lyd_node_term *)node)->value.ident->name;
3564 if (op == NC_OP_CREATE) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3565 ret = nc_server_config_create_cipher_suite(opts, cipher);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3566 if (ret) {
3567 goto cleanup;
3568 }
3569 } else if (op == NC_OP_DELETE) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3570 ret = nc_server_config_del_cipher_suite(opts, cipher);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3571 if (ret) {
3572 goto cleanup;
3573 }
3574 }
3575
3576cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3577 if (is_ch(node)) {
3578 /* UNLOCK */
3579 nc_ch_client_unlock(ch_client);
3580 }
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]3581 return ret;
3582}
3583
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3584static int
3585nc_server_config_crl_url(const struct lyd_node *node, NC_OPERATION op)
3586{
3587 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3588 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3589 struct nc_ch_client *ch_client = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3590
3591 assert(!strcmp(LYD_NAME(node), "crl-url"));
3592
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3593 /* LOCK */
3594 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3595 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3596 return 1;
3597 }
3598
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3599 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3600 ret = 1;
3601 goto cleanup;
3602 }
3603
3604 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3605 free(opts->crl_url);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3606 opts->crl_url = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3607 NC_CHECK_ERRMEM_GOTO(!opts->crl_url, ret = 1, cleanup);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3608 } else if (op == NC_OP_DELETE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3609 free(opts->crl_url);
3610 opts->crl_url = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3611 }
3612
3613cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3614 if (is_ch(node)) {
3615 /* UNLOCK */
3616 nc_ch_client_unlock(ch_client);
3617 }
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3618 return ret;
3619}
3620
3621static int
3622nc_server_config_crl_path(const struct lyd_node *node, NC_OPERATION op)
3623{
3624 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3625 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3626 struct nc_ch_client *ch_client = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3627
3628 assert(!strcmp(LYD_NAME(node), "crl-path"));
3629
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3630 /* LOCK */
3631 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3632 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3633 return 1;
3634 }
3635
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3636 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3637 ret = 1;
3638 goto cleanup;
3639 }
3640
3641 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3642 free(opts->crl_path);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3643 opts->crl_path = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3644 NC_CHECK_ERRMEM_GOTO(!opts->crl_path, ret = 1, cleanup);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3645 } else if (op == NC_OP_DELETE) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3646 free(opts->crl_path);
3647 opts->crl_path = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3648 }
3649
3650cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3651 if (is_ch(node)) {
3652 /* UNLOCK */
3653 nc_ch_client_unlock(ch_client);
3654 }
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3655 return ret;
3656}
3657
3658static int
3659nc_server_config_crl_cert_ext(const struct lyd_node *node, NC_OPERATION op)
3660{
3661 int ret = 0;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3662 struct nc_server_tls_opts *opts;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3663 struct nc_ch_client *ch_client = NULL;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3664
3665 assert(!strcmp(LYD_NAME(node), "crl-cert-ext"));
3666
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3667 /* LOCK */
3668 if (is_ch(node) && nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3669 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3670 return 1;
3671 }
3672
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3673 if (nc_server_config_get_tls_opts(node, ch_client, &opts)) {
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3674 ret = 1;
3675 goto cleanup;
3676 }
3677
3678 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3679 opts->crl_cert_ext = 1;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3680 } else if (op == NC_OP_DELETE) {
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3681 opts->crl_cert_ext = 0;
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3682 }
3683
3684cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3685 if (is_ch(node)) {
3686 /* UNLOCK */
3687 nc_ch_client_unlock(ch_client);
3688 }
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]3689 return ret;
3690}
3691
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]3692#endif /* NC_ENABLED_SSH_TLS */
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]3693
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]3694static int
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3695nc_server_config_create_netconf_client(const struct lyd_node *node)
3696{
3697 int ret = 0;
3698
3699 node = lyd_child(node);
3700 assert(!strcmp(LYD_NAME(node), "name"));
3701
3702 /* LOCK */
3703 pthread_rwlock_wrlock(&server_opts.ch_client_lock);
3704
3705 ret = nc_server_config_realloc(lyd_get_value(node), (void **)&server_opts.ch_clients, sizeof *server_opts.ch_clients, &server_opts.ch_client_count);
3706 if (ret) {
3707 goto cleanup;
3708 }
3709
3710 server_opts.ch_clients[server_opts.ch_client_count - 1].id = ATOMIC_INC_RELAXED(server_opts.new_client_id);
3711 server_opts.ch_clients[server_opts.ch_client_count - 1].start_with = NC_CH_FIRST_LISTED;
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3712 server_opts.ch_clients[server_opts.ch_client_count - 1].max_attempts = 3;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3713
3714 pthread_mutex_init(&server_opts.ch_clients[server_opts.ch_client_count - 1].lock, NULL);
3715
3716cleanup:
3717 /* UNLOCK */
3718 pthread_rwlock_unlock(&server_opts.ch_client_lock);
3719 return ret;
3720}
3721
3722static int
3723nc_server_config_netconf_client(const struct lyd_node *node, NC_OPERATION op)
3724{
3725 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3726
3727 assert(!strcmp(LYD_NAME(node), "netconf-client"));
3728
3729 if (op == NC_OP_CREATE) {
3730 ret = nc_server_config_create_netconf_client(node);
3731 if (ret) {
3732 goto cleanup;
3733 }
roman450c00b2023-11-02 10:31:45 +0100[diff] [blame]3734
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3735#ifdef NC_ENABLED_SSH_TLS
roman450c00b2023-11-02 10:31:45 +0100[diff] [blame]3736 if (server_opts.ch_dispatch_data.acquire_ctx_cb && server_opts.ch_dispatch_data.release_ctx_cb &&
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3737 server_opts.ch_dispatch_data.new_session_cb) {
roman450c00b2023-11-02 10:31:45 +0100[diff] [blame]3738 /* we have all we need for dispatching a new call home thread */
3739 ret = nc_connect_ch_client_dispatch(lyd_get_value(lyd_child(node)), server_opts.ch_dispatch_data.acquire_ctx_cb,
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3740 server_opts.ch_dispatch_data.release_ctx_cb, server_opts.ch_dispatch_data.ctx_cb_data,
3741 server_opts.ch_dispatch_data.new_session_cb, server_opts.ch_dispatch_data.new_session_cb_data);
roman450c00b2023-11-02 10:31:45 +0100[diff] [blame]3742 if (ret) {
3743 ERR(NULL, "Dispatching a new Call Home thread failed for Call Home client \"%s\".", lyd_get_value(lyd_child(node)));
3744 goto cleanup;
3745 }
3746 }
roman96c27f92023-11-02 11:09:46 +0100[diff] [blame]3747#endif /* NC_ENABLED_SSH_TLS */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3748 } else if (op == NC_OP_DELETE) {
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3749 nc_server_config_ch_del_client(node);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3750 }
3751
3752cleanup:
3753 return ret;
3754}
3755
3756#ifdef NC_ENABLED_SSH_TLS
3757
3758static int
3759nc_server_config_remote_address(const struct lyd_node *node, NC_OPERATION op)
3760{
3761 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3762 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3763 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3764
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3765 assert(!strcmp(LYD_NAME(node), "remote-address"));
3766
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3767 /* LOCK */
3768 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3769 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3770 return 1;
3771 }
3772
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3773 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3774 ret = 1;
3775 goto cleanup;
3776 }
3777
3778 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3779 free(ch_endpt->address);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3780 ch_endpt->address = strdup(lyd_get_value(node));
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]3781 NC_CHECK_ERRMEM_GOTO(!ch_endpt->address, ret = 1, cleanup);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3782 } else {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3783 free(ch_endpt->address);
3784 ch_endpt->address = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3785 }
3786
3787cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3788 /* UNLOCK */
3789 nc_ch_client_unlock(ch_client);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3790 return ret;
3791}
3792
3793static int
3794nc_server_config_remote_port(const struct lyd_node *node, NC_OPERATION op)
3795{
3796 int ret = 0;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3797 struct nc_ch_endpt *ch_endpt;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3798 struct nc_ch_client *ch_client = NULL;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3799
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3800 assert(!strcmp(LYD_NAME(node), "remote-port"));
3801
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3802 /* LOCK */
3803 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3804 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3805 return 1;
3806 }
3807
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3808 if (nc_server_config_get_ch_endpt(node, ch_client, &ch_endpt)) {
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3809 ret = 1;
3810 goto cleanup;
3811 }
3812
3813 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]3814 ch_endpt->port = ((struct lyd_node_term *)node)->value.uint16;
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3815 } else {
3816 ch_endpt->port = 0;
3817 }
3818
3819cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3820 /* UNLOCK */
3821 nc_ch_client_unlock(ch_client);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]3822 return ret;
3823}
3824
3825#endif /* NC_ENABLED_SSH_TLS */
3826
3827static int
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3828nc_server_config_persistent(const struct lyd_node *node, NC_OPERATION op)
3829{
3830 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3831 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3832
3833 assert(!strcmp(LYD_NAME(node), "persistent"));
3834
3835 (void) op;
3836
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3837 /* LOCK */
3838 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3839 /* to avoid unlock on fail */
3840 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3841 }
3842
3843 ch_client->conn_type = NC_CH_PERSIST;
3844
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3845 /* UNLOCK */
3846 nc_ch_client_unlock(ch_client);
3847
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3848 return ret;
3849}
3850
3851static int
3852nc_server_config_periodic(const struct lyd_node *node, NC_OPERATION op)
3853{
3854 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3855 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3856
3857 assert(!strcmp(LYD_NAME(node), "periodic"));
3858
3859 (void) op;
3860
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3861 /* LOCK */
3862 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3863 /* to avoid unlock on fail */
3864 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3865 }
3866
3867 ch_client->conn_type = NC_CH_PERIOD;
3868 /* set default values */
3869 ch_client->period = 60;
3870 ch_client->anchor_time = 0;
3871 ch_client->idle_timeout = 180;
3872
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3873 /* UNLOCK */
3874 nc_ch_client_unlock(ch_client);
3875
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3876 return ret;
3877}
3878
3879static int
3880nc_server_config_period(const struct lyd_node *node, NC_OPERATION op)
3881{
3882 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3883 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3884
3885 assert(!strcmp(LYD_NAME(node), "period"));
3886
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3887 /* LOCK */
3888 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3889 /* to avoid unlock on fail */
3890 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3891 }
3892
3893 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]3894 ch_client->period = ((struct lyd_node_term *)node)->value.uint16;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3895 } else if (op == NC_OP_DELETE) {
3896 ch_client->period = 60;
3897 }
3898
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3899 /* UNLOCK */
3900 nc_ch_client_unlock(ch_client);
3901
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3902 return ret;
3903}
3904
3905static int
3906nc_server_config_anchor_time(const struct lyd_node *node, NC_OPERATION op)
3907{
3908 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3909 struct nc_ch_client *ch_client = NULL;
romana3c95c72023-10-26 11:15:53 +0200[diff] [blame]3910 struct lyd_value_date_and_time *anchor_time;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3911
3912 assert(!strcmp(LYD_NAME(node), "anchor-time"));
3913
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3914 /* LOCK */
3915 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3916 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3917 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3918 }
3919
romana3c95c72023-10-26 11:15:53 +0200[diff] [blame]3920 /* get the value of time from the node directly */
3921 LYD_VALUE_GET(&((struct lyd_node_term *)node)->value, anchor_time);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3922
3923 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
romana3c95c72023-10-26 11:15:53 +0200[diff] [blame]3924 ch_client->anchor_time = anchor_time->time;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3925 } else if (op == NC_OP_DELETE) {
3926 ch_client->anchor_time = 0;
3927 }
3928
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3929 /* UNLOCK */
3930 nc_ch_client_unlock(ch_client);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3931 return ret;
3932}
3933
3934static int
3935nc_server_config_reconnect_strategy(const struct lyd_node *node, NC_OPERATION op)
3936{
3937 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3938 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3939
3940 assert(!strcmp(LYD_NAME(node), "reconnect-strategy"));
3941
3942 (void) op;
3943
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3944 /* LOCK */
3945 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3946 /* to avoid unlock on fail */
3947 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3948 }
3949
3950 /* set to default values */
3951 ch_client->start_with = NC_CH_FIRST_LISTED;
3952 ch_client->max_wait = 5;
3953 ch_client->max_attempts = 3;
3954
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3955 /* UNLOCK */
3956 nc_ch_client_unlock(ch_client);
3957
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3958 return ret;
3959}
3960
3961static int
3962nc_server_config_start_with(const struct lyd_node *node, NC_OPERATION op)
3963{
3964 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]3965 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3966 const char *value;
3967
3968 assert(!strcmp(LYD_NAME(node), "start-with"));
3969
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3970 /* LOCK */
3971 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]3972 /* to avoid unlock on fail */
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3973 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3974 }
3975
3976 if (op == NC_OP_DELETE) {
3977 ch_client->start_with = NC_CH_FIRST_LISTED;
3978 goto cleanup;
3979 }
3980
3981 value = lyd_get_value(node);
3982 if (!strcmp(value, "first-listed")) {
3983 ch_client->start_with = NC_CH_FIRST_LISTED;
3984 } else if (!strcmp(value, "last-connected")) {
3985 ch_client->start_with = NC_CH_LAST_CONNECTED;
3986 } else if (!strcmp(value, "random-selection")) {
3987 ch_client->start_with = NC_CH_RANDOM;
3988 } else {
3989 ERR(NULL, "Unexpected start-with value \"%s\".", value);
3990 ret = 1;
3991 goto cleanup;
3992 }
3993
3994cleanup:
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]3995 /* UNLOCK */
3996 nc_ch_client_unlock(ch_client);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]3997 return ret;
3998}
3999
4000static int
4001nc_server_config_max_wait(const struct lyd_node *node, NC_OPERATION op)
4002{
4003 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]4004 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4005
4006 assert(!strcmp(LYD_NAME(node), "max-wait"));
4007
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]4008 /* LOCK */
4009 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4010 /* to avoid unlock on fail */
4011 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4012 }
4013
4014 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]4015 ch_client->max_wait = ((struct lyd_node_term *)node)->value.uint16;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4016 } else {
4017 ch_client->max_wait = 5;
4018 }
4019
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]4020 /* UNLOCK */
4021 nc_ch_client_unlock(ch_client);
4022
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4023 return ret;
4024}
4025
4026static int
4027nc_server_config_max_attempts(const struct lyd_node *node, NC_OPERATION op)
4028{
4029 int ret = 0;
roman8341e8b2023-11-23 16:12:42 +0100[diff] [blame^]4030 struct nc_ch_client *ch_client = NULL;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4031
4032 assert(!strcmp(LYD_NAME(node), "max-attempts"));
4033
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]4034 /* LOCK */
4035 if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4036 /* to avoid unlock on fail */
4037 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4038 }
4039
4040 if ((op == NC_OP_CREATE) || (op == NC_OP_REPLACE)) {
roman91ffeb42023-10-25 13:32:03 +0200[diff] [blame]4041 ch_client->max_attempts = ((struct lyd_node_term *)node)->value.uint8;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4042 } else {
4043 ch_client->max_attempts = 3;
4044 }
4045
romanba93eac2023-07-18 14:36:48 +0200[diff] [blame]4046 /* UNLOCK */
4047 nc_ch_client_unlock(ch_client);
4048
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4049 return ret;
4050}
4051
4052static int
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4053nc_server_config_parse_netconf_server(const struct lyd_node *node, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4054{
4055 const char *name = LYD_NAME(node);
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4056 int ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4057
4058 if (!strcmp(name, "listen")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4059 ret = nc_server_config_listen(node, op);
4060 } else if (!strcmp(name, "call-home")) {
4061 ret = nc_server_config_ch(node, op);
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]4062 } else if (!strcmp(name, "hello-timeout")) {
4063 ret = nc_server_config_hello_timeout(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4064 } else if (!strcmp(name, "endpoint")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4065 ret = nc_server_config_endpoint(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4066 } else if (!strcmp(name, "unix-socket")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4067 ret = nc_server_config_unix_socket(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4068 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4069#ifdef NC_ENABLED_SSH_TLS
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4070 else if (!strcmp(name, "ssh")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4071 ret = nc_server_config_ssh(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4072 } else if (!strcmp(name, "local-address")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4073 ret = nc_server_config_local_address(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4074 } else if (!strcmp(name, "local-port")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4075 ret = nc_server_config_local_port(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4076 } else if (!strcmp(name, "keepalives")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4077 ret = nc_server_config_keepalives(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4078 } else if (!strcmp(name, "idle-time")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4079 ret = nc_server_config_idle_time(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4080 } else if (!strcmp(name, "max-probes")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4081 ret = nc_server_config_max_probes(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4082 } else if (!strcmp(name, "probe-interval")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4083 ret = nc_server_config_probe_interval(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4084 } else if (!strcmp(name, "host-key")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4085 ret = nc_server_config_host_key(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4086 } else if (!strcmp(name, "public-key-format")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4087 ret = nc_server_config_public_key_format(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4088 } else if (!strcmp(name, "public-key")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4089 ret = nc_server_config_public_key(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4090 } else if (!strcmp(name, "private-key-format")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4091 ret = nc_server_config_private_key_format(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4092 } else if (!strcmp(name, "cleartext-private-key")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4093 ret = nc_server_config_cleartext_private_key(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4094 } else if (!strcmp(name, "keystore-reference")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4095 ret = nc_server_config_keystore_reference(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4096 } else if (!strcmp(name, "user")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4097 ret = nc_server_config_user(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4098 } else if (!strcmp(name, "auth-attempts")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4099 ret = nc_server_config_auth_attempts(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4100 } else if (!strcmp(name, "auth-timeout")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4101 ret = nc_server_config_auth_timeout(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4102 } else if (!strcmp(name, "truststore-reference")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4103 ret = nc_server_config_truststore_reference(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4104 } else if (!strcmp(name, "password")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4105 ret = nc_server_config_password(node, op);
roman808f3f62023-11-23 16:01:04 +0100[diff] [blame]4106 } else if (!strcmp(name, "keyboard-interactive")) {
4107 ret = nc_server_config_kb_int(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4108 } else if (!strcmp(name, "none")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4109 ret = nc_server_config_none(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4110 } else if (!strcmp(name, "host-key-alg")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4111 ret = nc_server_config_host_key_alg(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4112 } else if (!strcmp(name, "key-exchange-alg")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4113 ret = nc_server_config_kex_alg(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4114 } else if (!strcmp(name, "encryption-alg")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4115 ret = nc_server_config_encryption_alg(node, op);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4116 } else if (!strcmp(name, "mac-alg")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4117 ret = nc_server_config_mac_alg(node, op);
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]4118 } else if (!strcmp(name, "endpoint-reference")) {
4119 ret = nc_server_config_endpoint_reference(node, op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4120 } else if (!strcmp(name, "tls")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4121 ret = nc_server_config_tls(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4122 } else if (!strcmp(name, "cert-data")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4123 ret = nc_server_config_cert_data(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4124 } else if (!strcmp(name, "asymmetric-key")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4125 ret = nc_server_config_asymmetric_key(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4126 } else if (!strcmp(name, "certificate")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4127 ret = nc_server_config_certificate(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4128 } else if (!strcmp(name, "cert-to-name")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4129 ret = nc_server_config_cert_to_name(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4130 } else if (!strcmp(name, "fingerprint")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4131 ret = nc_server_config_fingerprint(node, op);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]4132 } else if (!strcmp(name, "tls-version")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4133 ret = nc_server_config_tls_version(node, op);
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]4134 } else if (!strcmp(name, "cipher-suite")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4135 ret = nc_server_config_cipher_suite(node, op);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]4136 } else if (!strcmp(name, "crl-url")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4137 ret = nc_server_config_crl_url(node, op);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]4138 } else if (!strcmp(name, "crl-path")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4139 ret = nc_server_config_crl_path(node, op);
romanfaecc582023-06-15 16:13:31 +0200[diff] [blame]4140 } else if (!strcmp(name, "crl-cert-ext")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4141 ret = nc_server_config_crl_cert_ext(node, op);
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4142 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4143#endif /* NC_ENABLED_SSH_TLS */
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]4144 else if (!strcmp(name, "netconf-client")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4145 ret = nc_server_config_netconf_client(node, op);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]4146 }
4147#ifdef NC_ENABLED_SSH_TLS
4148 else if (!strcmp(name, "remote-address")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4149 ret = nc_server_config_remote_address(node, op);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]4150 } else if (!strcmp(name, "remote-port")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4151 ret = nc_server_config_remote_port(node, op);
roman5cbb6532023-06-22 12:53:17 +0200[diff] [blame]4152 }
4153#endif /* NC_ENABLED_SSH_TLS */
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4154 else if (!strcmp(name, "persistent")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4155 ret = nc_server_config_persistent(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4156 } else if (!strcmp(name, "periodic")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4157 ret = nc_server_config_periodic(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4158 } else if (!strcmp(name, "period")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4159 ret = nc_server_config_period(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4160 } else if (!strcmp(name, "anchor-time")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4161 ret = nc_server_config_anchor_time(node, op);
romaneaf84c72023-10-19 14:38:05 +0200[diff] [blame]4162 } else if (!strcmp(name, "idle-timeout")) {
4163 ret = nc_server_config_idle_timeout(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4164 } else if (!strcmp(name, "reconnect-strategy")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4165 ret = nc_server_config_reconnect_strategy(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4166 } else if (!strcmp(name, "start-with")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4167 ret = nc_server_config_start_with(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4168 } else if (!strcmp(name, "max-wait")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4169 ret = nc_server_config_max_wait(node, op);
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4170 } else if (!strcmp(name, "max-attempts")) {
roman6430c152023-10-12 11:28:47 +0200[diff] [blame]4171 ret = nc_server_config_max_attempts(node, op);
4172 }
4173
4174 if (ret) {
4175 ERR(NULL, "Configuring node \"%s\" failed.", LYD_NAME(node));
4176 return 1;
romanb6f44032023-06-30 15:07:56 +0200[diff] [blame]4177 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4178
4179 return 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4180}
4181
4182int
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]4183nc_server_config_parse_tree(const struct lyd_node *node, NC_OPERATION parent_op, NC_MODULE module)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4184{
4185 struct lyd_node *child;
4186 struct lyd_meta *m;
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4187 NC_OPERATION current_op = NC_OP_UNKNOWN;
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4188 int ret;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4189
4190 assert(node);
4191
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4192 /* get current op if there is any */
4193 if ((m = lyd_find_meta(node->meta, NULL, "yang:operation"))) {
4194 if (!strcmp(lyd_get_meta_value(m), "create")) {
4195 current_op = NC_OP_CREATE;
4196 } else if (!strcmp(lyd_get_meta_value(m), "delete")) {
4197 current_op = NC_OP_DELETE;
4198 } else if (!strcmp(lyd_get_meta_value(m), "replace")) {
4199 current_op = NC_OP_REPLACE;
4200 } else if (!strcmp(lyd_get_meta_value(m), "none")) {
4201 current_op = NC_OP_NONE;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4202 }
4203 }
4204
4205 /* node has no op, inherit from the parent */
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4206 if (!current_op) {
4207 if (!parent_op) {
4208 ERR(NULL, "Unknown operation for node \"%s\".", LYD_NAME(node));
4209 return 1;
4210 }
4211
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4212 current_op = parent_op;
4213 }
4214
4215 switch (current_op) {
4216 case NC_OP_NONE:
4217 break;
4218 case NC_OP_CREATE:
4219 case NC_OP_DELETE:
4220 case NC_OP_REPLACE:
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4221#ifdef NC_ENABLED_SSH_TLS
4222 if (module == NC_MODULE_KEYSTORE) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4223 ret = nc_server_config_parse_keystore(node, current_op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4224 } else if (module == NC_MODULE_TRUSTSTORE) {
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4225 ret = nc_server_config_parse_truststore(node, current_op);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4226 } else
4227#endif /* NC_ENABLED_SSH_TLS */
4228 {
4229 ret = nc_server_config_parse_netconf_server(node, current_op);
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4230 }
4231 if (ret) {
4232 return ret;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4233 }
4234 break;
4235 default:
4236 break;
4237 }
4238
4239 if (current_op != NC_OP_DELETE) {
4240 LY_LIST_FOR(lyd_child(node), child) {
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]4241 if (nc_server_config_parse_tree(child, current_op, module)) {
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4242 return 1;
4243 }
4244 }
4245 }
4246 return 0;
4247}
4248
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4249API int
4250nc_server_config_load_modules(struct ly_ctx **ctx)
4251{
4252 int i, new_ctx = 0;
4253
4254 if (!*ctx) {
4255 if (ly_ctx_new(NC_SERVER_SEARCH_DIR, 0, ctx)) {
4256 ERR(NULL, "Couldn't create new libyang context.\n");
4257 goto error;
4258 }
4259 new_ctx = 1;
4260 }
4261
4262 /* all features */
4263 const char *ietf_nectonf_server[] = {"ssh-listen", "tls-listen", "ssh-call-home", "tls-call-home", "central-netconf-server-supported", NULL};
4264 /* all features */
4265 const char *ietf_x509_cert_to_name[] = {NULL};
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]4266 /* no private-key-encryption, csr-generation, p10-csr-format, certificate-expiration-notification,
roman3c6c7e62023-09-14 10:19:19 +0200[diff] [blame]4267 * encrypted-passwords, hidden-symmetric-keys, encrypted-symmetric-keys, hidden-private-keys, encrypted-private-keys,
4268 * one-symmetric-key-format, one-asymmetric-key-format, symmetrically-encrypted-value-format,
4269 * asymmetrically-encrypted-value-format, cms-enveloped-data-format, cms-encrypted-data-format,
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]4270 * cleartext-symmetric-keys */
roman3c6c7e62023-09-14 10:19:19 +0200[diff] [blame]4271 const char *ietf_crypto_types[] = {"cleartext-passwords", "cleartext-private-keys", NULL};
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4272 /* all features */
4273 const char *ietf_tcp_common[] = {"keepalives-supported", NULL};
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]4274 /* all features */
4275 const char *ietf_tcp_server[] = {"tcp-server-keepalives", NULL};
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]4276 /* no proxy-connect, socks5-gss-api, socks5-username-password, local-binding-supported ? */
4277 const char *ietf_tcp_client[] = {"tcp-client-keepalives", NULL};
roman3c6c7e62023-09-14 10:19:19 +0200[diff] [blame]4278 /* no ssh-x509-certs, public-key-generation */
4279 const char *ietf_ssh_common[] = {"transport-params", NULL};
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]4280 /* no ssh-server-keepalives and local-user-auth-hostbased */
4281 const char *ietf_ssh_server[] = {"local-users-supported", "local-user-auth-publickey", "local-user-auth-password", "local-user-auth-none", NULL};
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4282 /* all features */
4283 const char *iana_ssh_encryption_algs[] = {NULL};
4284 /* all features */
4285 const char *iana_ssh_key_exchange_algs[] = {NULL};
4286 /* all features */
4287 const char *iana_ssh_mac_algs[] = {NULL};
4288 /* all features */
4289 const char *iana_ssh_public_key_algs[] = {NULL};
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4290 /* all features */
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]4291 const char *iana_crypt_hash[] = {"crypt-hash-md5", "crypt-hash-sha-256", "crypt-hash-sha-512", NULL};
4292 /* no symmetric-keys */
4293 const char *ietf_keystore[] = {"central-keystore-supported", "inline-definitions-supported", "asymmetric-keys", NULL};
4294 /* all features */
4295 const char *ietf_truststore[] = {"central-truststore-supported", "inline-definitions-supported", "certificates", "public-keys", NULL};
roman3c6c7e62023-09-14 10:19:19 +0200[diff] [blame]4296 /* no public-key-generation */
4297 const char *ietf_tls_common[] = {"tls10", "tls11", "tls12", "tls13", "hello-params", NULL};
4298 /* no tls-server-keepalives, server-ident-raw-public-key, server-ident-tls12-psk, server-ident-tls13-epsk,
4299 * client-auth-raw-public-key, client-auth-tls12-psk, client-auth-tls13-epsk */
4300 const char *ietf_tls_server[] = {"server-ident-x509-cert", "client-auth-supported", "client-auth-x509-cert", NULL};
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]4301 /* all features */
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]4302 const char *iana_tls_cipher_suite_algs[] = {NULL};
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4303 /* all features */
4304 const char *libnetconf2_netconf_server[] = {NULL};
4305
4306 const char *module_names[] = {
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]4307 "ietf-netconf-server", "ietf-x509-cert-to-name", "ietf-crypto-types", "ietf-tcp-common", "ietf-tcp-server",
4308 "ietf-tcp-client", "ietf-ssh-common", "ietf-ssh-server", "iana-ssh-encryption-algs",
4309 "iana-ssh-key-exchange-algs", "iana-ssh-mac-algs", "iana-ssh-public-key-algs", "iana-crypt-hash",
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]4310 "ietf-keystore", "ietf-truststore", "ietf-tls-common", "ietf-tls-server", "iana-tls-cipher-suite-algs",
4311 "libnetconf2-netconf-server", NULL
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4312 };
4313
4314 const char **module_features[] = {
roman7fdc84d2023-06-06 13:14:53 +0200[diff] [blame]4315 ietf_nectonf_server, ietf_x509_cert_to_name, ietf_crypto_types, ietf_tcp_common,
4316 ietf_tcp_server, ietf_tcp_client, ietf_ssh_common, ietf_ssh_server, iana_ssh_encryption_algs,
4317 iana_ssh_key_exchange_algs, iana_ssh_mac_algs, iana_ssh_public_key_algs, iana_crypt_hash,
roman12644fe2023-06-08 11:06:42 +0200[diff] [blame]4318 ietf_keystore, ietf_truststore, ietf_tls_common, ietf_tls_server, iana_tls_cipher_suite_algs,
4319 libnetconf2_netconf_server, NULL
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4320 };
4321
4322 for (i = 0; module_names[i] != NULL; i++) {
4323 if (!ly_ctx_load_module(*ctx, module_names[i], NULL, module_features[i])) {
4324 ERR(NULL, "Loading module \"%s\" failed.\n", module_names[i]);
4325 goto error;
4326 }
4327 }
4328
4329 return 0;
4330
4331error:
4332 if (new_ctx) {
4333 ly_ctx_destroy(*ctx);
4334 *ctx = NULL;
4335 }
4336 return 1;
4337}
4338
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4339static int
4340nc_server_config_fill_nectonf_server(const struct lyd_node *data, NC_OPERATION op)
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4341{
4342 int ret = 0;
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]4343 uint32_t log_options = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4344 struct lyd_node *tree;
romand57b3722023-04-05 11:26:25 +0200[diff] [blame]4345
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]4346 /* silently search for ietf-netconf-server, it may not be present */
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]4347 ly_temp_log_options(&log_options);
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]4348
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4349 ret = lyd_find_path(data, "/ietf-netconf-server:netconf-server", 0, &tree);
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]4350 if (ret || (tree->flags & LYD_DEFAULT)) {
4351 /* not found */
4352 ret = 0;
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4353 goto cleanup;
4354 }
4355
roman0bbc19c2023-05-26 09:59:09 +0200[diff] [blame]4356 if (nc_server_config_parse_tree(tree, op, NC_MODULE_NETCONF_SERVER)) {
4357 ret = 1;
4358 goto cleanup;
4359 }
4360
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4361#ifdef NC_ENABLED_SSH_TLS
roman78df0fa2023-11-02 10:33:57 +0100[diff] [blame]4362 /* check and set all endpoint references */
4363 if (nc_server_config_check_endpt_references()) {
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4364 ret = 1;
4365 goto cleanup;
4366 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4367#endif /* NC_ENABLED_SSH_TLS */
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4368
4369cleanup:
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]4370 /* reset the logging options back to what they were */
roman84fe3252023-10-25 11:28:32 +0200[diff] [blame]4371 ly_temp_log_options(NULL);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4372 return ret;
4373}
4374
4375API int
romanf6f37a52023-05-25 14:27:51 +0200[diff] [blame]4376nc_server_config_setup_diff(const struct lyd_node *data)
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4377{
4378 int ret = 0;
4379
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]4380 NC_CHECK_ARG_RET(NULL, data, 1);
4381
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4382 /* LOCK */
4383 pthread_rwlock_wrlock(&server_opts.config_lock);
4384
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4385#ifdef NC_ENABLED_SSH_TLS
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4386 /* configure keystore */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4387 ret = nc_server_config_fill_keystore(data, NC_OP_UNKNOWN);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4388 if (ret) {
4389 ERR(NULL, "Filling keystore failed.");
4390 goto cleanup;
4391 }
4392
4393 /* configure truststore */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4394 ret = nc_server_config_fill_truststore(data, NC_OP_UNKNOWN);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4395 if (ret) {
4396 ERR(NULL, "Filling truststore failed.");
4397 goto cleanup;
4398 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4399#endif /* NC_ENABLED_SSH_TLS */
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4400
4401 /* configure netconf-server */
4402 ret = nc_server_config_fill_nectonf_server(data, NC_OP_UNKNOWN);
4403 if (ret) {
4404 ERR(NULL, "Filling netconf-server failed.");
4405 goto cleanup;
4406 }
4407
4408cleanup:
4409 /* UNLOCK */
4410 pthread_rwlock_unlock(&server_opts.config_lock);
4411 return ret;
4412}
4413
4414API int
romanf6f37a52023-05-25 14:27:51 +0200[diff] [blame]4415nc_server_config_setup_data(const struct lyd_node *data)
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4416{
4417 int ret = 0;
4418 struct lyd_node *tree, *iter, *root;
4419
romanc9b62d62023-09-14 10:19:50 +0200[diff] [blame]4420 NC_CHECK_ARG_RET(NULL, data, 1);
4421
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4422 /* LOCK */
4423 pthread_rwlock_wrlock(&server_opts.config_lock);
4424
4425 /* find the netconf-server node */
4426 ret = lyd_find_path(data, "/ietf-netconf-server:netconf-server", 0, &root);
4427 if (ret) {
4428 ERR(NULL, "Unable to find the netconf-server container in the YANG data.");
4429 goto cleanup;
4430 }
4431
4432 /* iterate through all the nodes and make sure there is no operation attribute */
4433 LY_LIST_FOR(root, tree) {
4434 LYD_TREE_DFS_BEGIN(tree, iter) {
4435 if (lyd_find_meta(iter->meta, NULL, "yang:operation")) {
4436 ERR(NULL, "Unexpected operation attribute in the YANG data.");
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4437 ret = 1;
4438 goto cleanup;
4439 }
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4440 LYD_TREE_DFS_END(tree, iter);
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4441 }
4442 }
4443
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4444 /* delete the current configuration */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4445 nc_server_config_listen(NULL, NC_OP_DELETE);
roman4cb8bb12023-06-29 09:16:46 +0200[diff] [blame]4446 nc_server_config_ch(NULL, NC_OP_DELETE);
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4447#ifdef NC_ENABLED_SSH_TLS
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4448 nc_server_config_ks_keystore(NULL, NC_OP_DELETE);
4449 nc_server_config_ts_truststore(NULL, NC_OP_DELETE);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4450
4451 /* configure keystore */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4452 ret = nc_server_config_fill_keystore(data, NC_OP_CREATE);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4453 if (ret) {
4454 ERR(NULL, "Filling keystore failed.");
4455 goto cleanup;
4456 }
4457
4458 /* configure truststore */
romanf02273a2023-05-25 09:44:11 +0200[diff] [blame]4459 ret = nc_server_config_fill_truststore(data, NC_OP_CREATE);
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4460 if (ret) {
4461 ERR(NULL, "Filling truststore failed.");
4462 goto cleanup;
4463 }
roman2eab4742023-06-06 10:00:26 +0200[diff] [blame]4464#endif /* NC_ENABLED_SSH_TLS */
romanf9906b42023-05-22 14:04:29 +0200[diff] [blame]4465
4466 /* configure netconf-server */
4467 ret = nc_server_config_fill_nectonf_server(data, NC_OP_CREATE);
4468 if (ret) {
4469 ERR(NULL, "Filling netconf-server failed.");
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]4470 goto cleanup;
4471 }
4472
4473cleanup:
4474 /* UNLOCK */
4475 pthread_rwlock_unlock(&server_opts.config_lock);
4476 return ret;
4477}
roman3f9b65c2023-06-05 14:26:58 +0200[diff] [blame]4478
4479API int
4480nc_server_config_setup_path(const struct ly_ctx *ctx, const char *path)
4481{
4482 struct lyd_node *tree = NULL;
4483 int ret = 0;
4484
4485 NC_CHECK_ARG_RET(NULL, path, 1);
4486
4487 ret = lyd_parse_data_path(ctx, path, LYD_UNKNOWN, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
4488 if (ret) {
4489 goto cleanup;
4490 }
4491
4492 ret = nc_server_config_setup_data(tree);
4493 if (ret) {
4494 goto cleanup;
4495 }
4496
4497cleanup:
4498 lyd_free_all(tree);
4499 return ret;
4500}