Blame - src/server_config_util.c - github/CESNET/libnetconf2

blob: f94cd7403b7a1ffd293125757aa29c9d4213c0d4 [file] [log] [blame]

roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	1	/**
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	2	* @file server_config_util.c
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	3	* @author Roman Janota <janota@cesnet.cz>
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	4	* @brief libnetconf2 server configuration utilities
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	5	*
				6	* @copyright
				7	* Copyright (c) 2023 CESNET, z.s.p.o.
				8	*
				9	* This source code is licensed under BSD 3-Clause License (the "License").
				10	* You may not use this file except in compliance with the License.
				11	* You may obtain a copy of the License at
				12	*
				13	* https://opensource.org/licenses/BSD-3-Clause
				14	*/
				15
				16	#define _GNU_SOURCE
				17
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	18	#include "server_config_util.h"
				19
roman	2eab474	2023-06-06 10:00:26 +0200	[diff] [blame]	20	#include <libyang/libyang.h>
roman	5d9fc73	2023-10-26 11:26:57 +0200	[diff] [blame]	21
				22	#include <inttypes.h>
roman	d30af55	2023-06-16 15:18:27 +0200	[diff] [blame]	23	#include <stdarg.h>
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	24	#include <stdio.h>
				25	#include <stdlib.h>
				26	#include <string.h>
				27
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	28	#include "compat.h"
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	29	#include "log_p.h"
				30	#include "session.h"
				31	#include "session_p.h"
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	32	#include "session_wrapper.h"
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	33
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	34	int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	35	nc_server_config_create(const struct ly_ctx ctx, struct lyd_node tree, const char value, const char *path_fmt, ...)
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	36	{
				37	int ret = 0;
				38	va_list ap;
				39	char *path = NULL;
				40
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	41	NC_CHECK_ARG_RET(NULL, ctx, tree, path_fmt, 1);
				42
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	43	va_start(ap, path_fmt);
				44
				45	/* create the path from the format */
				46	ret = vasprintf(&path, path_fmt, ap);
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	47	NC_CHECK_ERRMEM_GOTO(ret == -1, ret = 1; path = NULL, cleanup);
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	48
				49	/* create the nodes in the path */
roman	5ef2a57	2023-08-18 15:45:44 +0200	[diff] [blame]	50	if (!*tree) {
				51	ret = lyd_new_path(*tree, ctx, path, value, LYD_NEW_PATH_UPDATE, tree);
				52	} else {
				53	/* this could output NULL if no new nodes, lyd_find_path would fail then */
				54	ret = lyd_new_path(*tree, ctx, path, value, LYD_NEW_PATH_UPDATE, NULL);
				55	}
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	56	if (ret) {
				57	goto cleanup;
				58	}
				59
				60	/* set the node to the top level node */
				61	ret = lyd_find_path(*tree, "/ietf-netconf-server:netconf-server", 0, tree);
				62	if (ret) {
				63	goto cleanup;
				64	}
				65
				66	/* add all default nodes */
				67	ret = lyd_new_implicit_tree(*tree, LYD_IMPLICIT_NO_STATE, NULL);
				68	if (ret) {
				69	goto cleanup;
				70	}
				71
				72	cleanup:
				73	free(path);
				74	va_end(ap);
				75	return ret;
				76	}
				77
				78	int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	79	nc_server_config_append(const struct ly_ctx ctx, const char parent_path, const char *child_name,
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	80	const char value, struct lyd_node *tree)
				81	{
				82	int ret = 0;
				83	char *path = NULL;
				84
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	85	NC_CHECK_ARG_RET(NULL, ctx, parent_path, child_name, tree, 1);
				86
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	87	/* create the path by appending child to the parent path */
				88	ret = asprintf(&path, "%s/%s", parent_path, child_name);
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	89	NC_CHECK_ERRMEM_GOTO(ret == -1, ret = 1; path = NULL, cleanup);
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	90
				91	/* create the nodes in the path */
roman	5ef2a57	2023-08-18 15:45:44 +0200	[diff] [blame]	92	if (!*tree) {
				93	ret = lyd_new_path(*tree, ctx, path, value, LYD_NEW_PATH_UPDATE, tree);
				94	} else {
				95	/* this could output NULL if no new nodes, lyd_find_path would fail then */
				96	ret = lyd_new_path(*tree, ctx, path, value, LYD_NEW_PATH_UPDATE, NULL);
				97	}
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	98	if (ret) {
				99	goto cleanup;
				100	}
				101
				102	/* set the node to the top level node */
				103	ret = lyd_find_path(*tree, "/ietf-netconf-server:netconf-server", 0, tree);
				104	if (ret) {
				105	goto cleanup;
				106	}
				107
				108	/* add all default nodes */
				109	ret = lyd_new_implicit_tree(*tree, LYD_IMPLICIT_NO_STATE, NULL);
				110	if (ret) {
				111	goto cleanup;
				112	}
				113
				114	cleanup:
				115	free(path);
				116	return ret;
				117	}
				118
				119	int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	120	nc_server_config_delete(struct lyd_node *tree, const char path_fmt, ...)
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	121	{
				122	int ret = 0;
				123	va_list ap;
				124	char *path = NULL;
				125	struct lyd_node *sub = NULL;
				126
				127	NC_CHECK_ARG_RET(NULL, tree, path_fmt, 1);
				128
				129	va_start(ap, path_fmt);
				130
				131	/* create the path from the format */
				132	ret = vasprintf(&path, path_fmt, ap);
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	133	NC_CHECK_ERRMEM_GOTO(ret == -1, ret = 1; path = NULL, cleanup);
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	134
				135	/* find the node we want to delete */
				136	ret = lyd_find_path(*tree, path, 0, &sub);
				137	if (ret) {
				138	goto cleanup;
				139	}
				140
				141	lyd_free_tree(sub);
				142
				143	/* set the node to top level container */
				144	ret = lyd_find_path(*tree, "/ietf-netconf-server:netconf-server", 0, tree);
				145	if (ret) {
				146	goto cleanup;
				147	}
				148
				149	/* add all default nodes */
				150	ret = lyd_new_implicit_tree(*tree, LYD_IMPLICIT_NO_STATE, NULL);
				151	if (ret) {
				152	goto cleanup;
				153	}
				154
				155	cleanup:
				156	free(path);
				157	va_end(ap);
				158	return ret;
				159	}
				160
				161	int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	162	nc_server_config_check_delete(struct lyd_node *tree, const char path_fmt, ...)
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	163	{
				164	int ret = 0;
				165	va_list ap;
				166	char *path = NULL;
				167	struct lyd_node *sub = NULL;
				168
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	169	NC_CHECK_ARG_RET(NULL, tree, path_fmt, 1);
				170
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	171	va_start(ap, path_fmt);
				172
				173	/* create the path from the format */
				174	ret = vasprintf(&path, path_fmt, ap);
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	175	NC_CHECK_ERRMEM_GOTO(ret == -1, ret = 1; path = NULL, cleanup);
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	176
				177	/* find the node we want to delete */
				178	ret = lyd_find_path(*tree, path, 0, &sub);
				179	if ((ret == LY_EINCOMPLETE) \|\| (ret == LY_ENOTFOUND)) {
				180	ret = 0;
				181	goto cleanup;
				182	} else if (ret) {
				183	ERR(NULL, "Unable to delete node in the path \"%s\".", path);
				184	goto cleanup;
				185	}
				186
				187	lyd_free_tree(sub);
				188
				189	/* set the node to top level container */
				190	ret = lyd_find_path(*tree, "/ietf-netconf-server:netconf-server", 0, tree);
				191	if (ret) {
				192	goto cleanup;
				193	}
				194
				195	cleanup:
				196	free(path);
				197	va_end(ap);
				198	return ret;
				199	}
				200
roman	2eab474	2023-06-06 10:00:26 +0200	[diff] [blame]	201	#ifdef NC_ENABLED_SSH_TLS
				202
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	203	const char *
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	204	nc_server_config_util_privkey_format_to_identityref(NC_PRIVKEY_FORMAT format)
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	205	{
				206	switch (format) {
				207	case NC_PRIVKEY_FORMAT_RSA:
				208	return "ietf-crypto-types:rsa-private-key-format";
				209	case NC_PRIVKEY_FORMAT_EC:
				210	return "ietf-crypto-types:ec-private-key-format";
				211	case NC_PRIVKEY_FORMAT_X509:
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	212	return "libnetconf2-netconf-server:private-key-info-format";
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	213	case NC_PRIVKEY_FORMAT_OPENSSH:
				214	return "libnetconf2-netconf-server:openssh-private-key-format";
				215	default:
				216	ERR(NULL, "Private key type not supported.");
				217	return NULL;
				218	}
				219	}
				220
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	221	static int
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	222	nc_server_config_util_rsa_pubkey_param_to_bin(void bn, unsigned char bin, int bin_len)
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	223	{
				224	int ret = 0;
				225	unsigned char *bin_tmp = NULL;
				226
				227	NC_CHECK_ARG_RET(NULL, bn, bin, bin_len, 1);
				228
				229	*bin = NULL;
				230
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	231	/* convert to binary */
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	232	if (nc_tls_mpi2bin_wrap(bn, &bin_tmp, bin_len)) {
				233	ret = 1;
				234	goto cleanup;
				235	}
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	236
				237	/* if the highest bit in the MSB is set a byte with the value 0 has to be prepended */
				238	if (bin_tmp[0] & 0x80) {
				239	bin = malloc(bin_len + 1);
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	240	NC_CHECK_ERRMEM_GOTO(!*bin, ret = 1, cleanup);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	241	(*bin)[0] = 0;
				242	memcpy(bin + 1, bin_tmp, bin_len);
				243	(*bin_len)++;
				244	} else {
				245	bin = malloc(bin_len);
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	246	NC_CHECK_ERRMEM_GOTO(!*bin, ret = 1, cleanup);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	247	memcpy(bin, bin_tmp, bin_len);
				248	}
				249
				250	cleanup:
				251	free(bin_tmp);
				252	return ret;
				253	}
				254
				255	/* ssh pubkey defined in RFC 4253 section 6.6 */
				256	static int
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	257	nc_server_config_util_pkey_to_ssh_pubkey(void pkey, char *pubkey)
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	258	{
				259	int ret = 0, e_len, n_len, p_len, bin_len;
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	260	void e = NULL, n = NULL, p = NULL, p_grp = NULL;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	261	unsigned char e_bin = NULL, n_bin = NULL, p_bin = NULL, bin = NULL, *bin_tmp;
				262	const char algorithm_name, curve_name;
				263	char *ec_group = NULL;
				264	uint32_t alg_name_len, curve_name_len, alg_name_len_be, curve_name_len_be, p_len_be, e_len_be, n_len_be;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	265
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	266	NC_CHECK_ARG_RET(NULL, pkey, pubkey, 1);
				267
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	268	if (nc_tls_privkey_is_rsa_wrap(pkey)) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	269	/* RSA key */
				270	algorithm_name = "ssh-rsa";
				271
				272	/* get the public key params */
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	273	if (nc_tls_get_rsa_pubkey_params_wrap(pkey, &e, &n)) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	274	ret = 1;
				275	goto cleanup;
				276	}
				277
				278	/* BIGNUM to bin */
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	279	if (nc_server_config_util_rsa_pubkey_param_to_bin(e, &e_bin, &e_len) \|\|
				280	nc_server_config_util_rsa_pubkey_param_to_bin(n, &n_bin, &n_len)) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	281	ret = 1;
				282	goto cleanup;
				283	}
				284
				285	alg_name_len = strlen(algorithm_name);
				286	/* buffer for public key in binary, which looks like this:
				287	* alg_name len (4 bytes), alg_name, PK exponent len (4 bytes), PK exponent, modulus len (4 bytes), modulus
				288	*/
				289	bin_len = 4 + alg_name_len + 4 + e_len + 4 + n_len;
				290	bin = malloc(bin_len);
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	291	NC_CHECK_ERRMEM_GOTO(!bin, ret = 1, cleanup);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	292
				293	/* to network byte order (big endian) */
				294	alg_name_len_be = htonl(alg_name_len);
				295	e_len_be = htonl(e_len);
				296	n_len_be = htonl(n_len);
				297
				298	/* create the public key in binary */
				299	bin_tmp = bin;
				300	memcpy(bin_tmp, &alg_name_len_be, 4);
				301	bin_tmp += 4;
				302	memcpy(bin_tmp, algorithm_name, alg_name_len);
				303	bin_tmp += alg_name_len;
				304	memcpy(bin_tmp, &e_len_be, 4);
				305	bin_tmp += 4;
				306	memcpy(bin_tmp, e_bin, e_len);
				307	bin_tmp += e_len;
				308	memcpy(bin_tmp, &n_len_be, 4);
				309	bin_tmp += 4;
				310	memcpy(bin_tmp, n_bin, n_len);
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	311	} else if (nc_tls_privkey_is_ec_wrap(pkey)) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	312	/* EC Private key, get it's group first */
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	313	ec_group = nc_tls_get_ec_group_wrap(pkey);
				314	if (!ec_group) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	315	ret = 1;
				316	goto cleanup;
				317	}
				318
				319	/* get alg and curve names */
				320	if (!strcmp(ec_group, "P-256") \|\| !strcmp(ec_group, "secp256r1") \|\| !strcmp(ec_group, "prime256v1")) {
				321	algorithm_name = "ecdsa-sha2-nistp256";
				322	curve_name = "nistp256";
				323	} else if (!strcmp(ec_group, "P-384") \|\| !strcmp(ec_group, "secp384r1")) {
				324	algorithm_name = "ecdsa-sha2-nistp384";
				325	curve_name = "nistp384";
				326	} else if (!strcmp(ec_group, "P-521") \|\| !strcmp(ec_group, "secp521r1")) {
				327	algorithm_name = "ecdsa-sha2-nistp521";
				328	curve_name = "nistp521";
				329	} else {
				330	ERR(NULL, "EC group \"%s\" not supported.", ec_group);
				331	ret = 1;
				332	goto cleanup;
				333	}
				334
				335	/* get the public key - p, which is a point on the elliptic curve */
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	336	ret = nc_tls_get_ec_pubkey_params_wrap(pkey, &p, &p_grp);
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	337	if (ret) {
				338	ERR(NULL, "Getting public key point from the EC private key failed.");
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	339	ret = 1;
				340	goto cleanup;
				341	}
				342
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	343	/* EC point to bin */
				344	ret = nc_tls_ec_point_to_bin_wrap(p, p_grp, &p_bin, &p_len);
				345	if (ret) {
				346	ERR(NULL, "Converting EC public key point to binary failed.");
				347	ret = 1;
				348	goto cleanup;
				349	}
				350
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	351	alg_name_len = strlen(algorithm_name);
				352	curve_name_len = strlen(curve_name);
				353	/* buffer for public key in binary, which looks like so:
				354	* alg_name len (4 bytes), alg_name, curve_name len (4 bytes), curve_name, PK point p len (4 bytes), PK point p
				355	*/
				356	bin_len = 4 + alg_name_len + 4 + curve_name_len + 4 + p_len;
				357	bin = malloc(bin_len);
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	358	NC_CHECK_ERRMEM_GOTO(!bin, ret = 1, cleanup);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	359
				360	/* to network byte order (big endian) */
				361	alg_name_len_be = htonl(alg_name_len);
				362	curve_name_len_be = htonl(curve_name_len);
				363	p_len_be = htonl(p_len);
				364
				365	/* create the public key in binary */
				366	bin_tmp = bin;
				367	memcpy(bin_tmp, &alg_name_len_be, 4);
				368	bin_tmp += 4;
				369	memcpy(bin_tmp, algorithm_name, alg_name_len);
				370	bin_tmp += alg_name_len;
				371	memcpy(bin_tmp, &curve_name_len_be, 4);
				372	bin_tmp += 4;
				373	memcpy(bin_tmp, curve_name, curve_name_len);
				374	bin_tmp += curve_name_len;
				375	memcpy(bin_tmp, &p_len_be, 4);
				376	bin_tmp += 4;
				377	memcpy(bin_tmp, p_bin, p_len);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	378	} else {
				379	ERR(NULL, "Unable to generate public key from private key (Private key type not supported).");
				380	ret = 1;
				381	goto cleanup;
				382	}
				383
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	384	/* convert created bin to b64 */
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	385	ret = nc_base64_encode_wrap(bin, bin_len, pubkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	386	if (ret) {
				387	ERR(NULL, "Converting public key from binary to base64 failed.");
				388	goto cleanup;
				389	}
				390
				391	cleanup:
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	392	nc_tls_destroy_mpi_wrap(e);
				393	nc_tls_destroy_mpi_wrap(n);
				394	nc_tls_ec_point_destroy_wrap(p);
				395	nc_tls_ec_group_destroy_wrap(p_grp);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	396	free(bin);
				397	free(e_bin);
				398	free(n_bin);
				399	free(ec_group);
				400	free(p_bin);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	401	return ret;
				402	}
				403
				404	/* spki = subject public key info */
				405	static int
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	406	nc_server_config_util_pkey_to_spki_pubkey(void pkey, char *pubkey)
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	407	{
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	408	int ret = 0;
				409	char *pub_pem = NULL;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	410
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	411	NC_CHECK_ARG_RET(NULL, pkey, pubkey, 1);
				412
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	413	pub_pem = nc_tls_export_pubkey_pem_wrap(pkey);
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	414	if (!pub_pem) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	415	ret = 1;
				416	goto cleanup;
				417	}
				418
				419	/* copy the public key without the header and footer */
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	420	*pubkey = strndup(pub_pem + strlen(NC_SUBJECT_PUBKEY_INFO_HEADER),
				421	strlen(pub_pem) - strlen(NC_SUBJECT_PUBKEY_INFO_HEADER) - strlen(NC_SUBJECT_PUBKEY_INFO_FOOTER));
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	422	NC_CHECK_ERRMEM_GOTO(!*pubkey, ret = 1, cleanup);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	423
				424	cleanup:
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	425	free(pub_pem);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	426	return ret;
				427	}
				428
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	429	int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	430	nc_server_config_util_read_certificate(const char cert_path, char *cert)
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	431	{
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	432	int ret = 0;
				433	void *crt = NULL;
				434	char *pem = NULL;
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	435
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	436	NC_CHECK_ARG_RET(NULL, cert_path, cert, 1);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	437
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	438	crt = nc_tls_import_cert_file_wrap(cert_path);
				439	if (!crt) {
				440	return 1;
				441	}
				442
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	443	pem = nc_tls_export_cert_pem_wrap(crt);
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	444	if (!pem) {
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	445	ret = 1;
				446	goto cleanup;
				447	}
				448
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	449	/* copy the cert without its header and footer */
				450	*cert = strndup(pem + strlen(NC_PEM_CERTIFICATE_HEADER),
				451	strlen(pem) - strlen(NC_PEM_CERTIFICATE_HEADER) - strlen(NC_PEM_CERTIFICATE_FOOTER));
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	452	NC_CHECK_ERRMEM_GOTO(!*cert, ret = 1, cleanup);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	453
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	454	cleanup:
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	455	free(pem);
				456	nc_tls_cert_destroy_wrap(crt);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	457	return ret;
				458	}
				459
				460	static int
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	461	nc_server_config_util_read_ssh2_pubkey(const char pubkey_path, char *pubkey)
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	462	{
				463	char *buffer = NULL;
				464	size_t size = 0, pubkey_len = 0;
				465	void *tmp;
				466	ssize_t read;
				467	int ret = 0;
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	468	FILE *f = NULL;
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	469
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	470	NC_CHECK_ARG_RET(NULL, pubkey_path, pubkey, 1);
				471
				472	f = fopen(pubkey_path, "r");
				473	if (!f) {
				474	ERR(NULL, "Failed to open file \"%s\".", pubkey_path);
				475	ret = 1;
				476	goto cleanup;
				477	}
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	478
				479	/* read lines from the file and create the public key without NL from it */
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	480	while ((read = getline(&buffer, &size, f)) > 0) {
				481	if (!strncmp(buffer, "----", 4)) {
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	482	/* skip header and footer */
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	483	continue;
				484	}
				485
				486	if (!strncmp(buffer, "Comment:", 8)) {
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	487	/* skip a comment */
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	488	continue;
				489	}
				490
				491	if (buffer[read - 1] == '\n') {
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	492	/* avoid NL */
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	493	read--;
				494	}
				495
				496	tmp = realloc(*pubkey, pubkey_len + read + 1);
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	497	NC_CHECK_ERRMEM_GOTO(!tmp, ret = 1, cleanup);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	498
				499	*pubkey = tmp;
				500	memcpy(*pubkey + pubkey_len, buffer, read);
				501	pubkey_len += read;
				502	}
				503
				504	if (!pubkey_len) {
				505	ERR(NULL, "Unexpected public key format.");
				506	ret = 1;
				507	goto cleanup;
				508	}
				509
				510	(*pubkey)[pubkey_len] = '\0';
				511
				512	cleanup:
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	513	if (f) {
				514	fclose(f);
				515	}
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	516	free(buffer);
				517	return ret;
				518	}
				519
				520	static int
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	521	nc_server_config_util_read_spki_pubkey(const char pubkey_path, char *pubkey)
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	522	{
				523	int ret = 0;
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	524	void *pub_pkey = NULL;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	525
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	526	NC_CHECK_ARG_RET(NULL, pubkey_path, pubkey, 1);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	527
				528	/* read the pubkey from file */
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	529	pub_pkey = nc_tls_import_pubkey_file_wrap(pubkey_path);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	530	if (!pub_pkey) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	531	return 1;
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	532	}
				533
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	534	ret = nc_server_config_util_pkey_to_ssh_pubkey(pub_pkey, pubkey);
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	535	nc_tls_privkey_destroy_wrap(pub_pkey);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	536	return ret;
				537	}
				538
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	539	static int
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	540	nc_server_config_util_read_openssh_pubkey(const char pubkey_path, char *pubkey)
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	541	{
				542	int ret = 0;
				543	ssh_key pub_sshkey = NULL;
				544
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	545	NC_CHECK_ARG_RET(NULL, pubkey_path, pubkey, 1);
				546
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	547	ret = ssh_pki_import_pubkey_file(pubkey_path, &pub_sshkey);
				548	if (ret) {
				549	ERR(NULL, "Importing public key from file \"%s\" failed.", pubkey_path);
				550	return ret;
				551	}
				552
				553	ret = ssh_pki_export_pubkey_base64(pub_sshkey, pubkey);
				554	if (ret) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	555	ERR(NULL, "Importing pubkey failed.");
				556	goto cleanup;
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	557	}
				558
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	559	cleanup:
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	560	ssh_key_free(pub_sshkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	561	return 0;
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	562	}
				563
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	564	int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	565	nc_server_config_util_get_ssh_pubkey_file(const char pubkey_path, char *pubkey)
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	566	{
				567	int ret = 0;
				568	FILE *f = NULL;
				569	char *header = NULL;
				570	size_t len = 0;
				571
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	572	NC_CHECK_ARG_RET(NULL, pubkey_path, pubkey, 1);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	573
				574	*pubkey = NULL;
				575
				576	f = fopen(pubkey_path, "r");
				577	if (!f) {
				578	ERR(NULL, "Unable to open file \"%s\".", pubkey_path);
				579	ret = 1;
				580	goto cleanup;
				581	}
				582
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	583	/* read the header */
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	584	ret = getline(&header, &len, f);
				585	fclose(f);
				586	if (ret < 0) {
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	587	ERR(NULL, "Error reading header from file \"%s\".", pubkey_path);
				588	ret = 1;
				589	goto cleanup;
				590	}
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	591
				592	if (!strncmp(header, NC_SUBJECT_PUBKEY_INFO_HEADER, strlen(NC_SUBJECT_PUBKEY_INFO_HEADER))) {
				593	/* it's subject public key info public key */
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	594	ret = nc_server_config_util_read_spki_pubkey(pubkey_path, pubkey);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	595	} else if (!strncmp(header, NC_SSH2_PUBKEY_HEADER, strlen(NC_SSH2_PUBKEY_HEADER))) {
				596	/* it's ssh2 public key */
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	597	ret = nc_server_config_util_read_ssh2_pubkey(pubkey_path, pubkey);
roman	7fdc84d	2023-06-06 13:14:53 +0200	[diff] [blame]	598	} else {
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	599	/* it's probably OpenSSH public key */
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	600	ret = nc_server_config_util_read_openssh_pubkey(pubkey_path, pubkey);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	601	}
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	602	if (ret) {
				603	ERR(NULL, "Error getting public key from file \"%s\".", pubkey_path);
				604	goto cleanup;
				605	}
				606
				607	cleanup:
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	608	free(header);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	609	return ret;
				610	}
				611
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	612	int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	613	nc_server_config_util_get_spki_pubkey_file(const char pubkey_path, char *pubkey)
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	614	{
				615	int ret = 0;
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	616	void *pkey = NULL;
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	617
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	618	NC_CHECK_ARG_RET(NULL, pubkey_path, pubkey, 1);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	619
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	620	*pubkey = NULL;
				621
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	622	pkey = nc_tls_import_pubkey_file_wrap(pubkey_path);
				623	if (!pkey) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	624	return 1;
				625	}
				626
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	627	ret = nc_server_config_util_pkey_to_spki_pubkey(pkey, pubkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	628	if (ret) {
				629	goto cleanup;
				630	}
				631
				632	cleanup:
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	633	nc_tls_privkey_destroy_wrap(pkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	634	return ret;
				635	}
				636
				637	static int
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	638	nc_server_config_util_get_privkey_format(const char privkey, NC_PRIVKEY_FORMAT privkey_format)
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	639	{
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	640	NC_CHECK_ARG_RET(NULL, privkey, privkey_format, 1);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	641
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	642	if (!strncmp(privkey, NC_PKCS8_PRIVKEY_HEADER, strlen(NC_PKCS8_PRIVKEY_HEADER))) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	643	/* it's PKCS8 (X.509) private key */
				644	*privkey_format = NC_PRIVKEY_FORMAT_X509;
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	645	} else if (!strncmp(privkey, NC_OPENSSH_PRIVKEY_HEADER, strlen(NC_OPENSSH_PRIVKEY_HEADER))) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	646	/* it's OpenSSH private key */
				647	*privkey_format = NC_PRIVKEY_FORMAT_OPENSSH;
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	648	} else if (!strncmp(privkey, NC_PKCS1_RSA_PRIVKEY_HEADER, strlen(NC_PKCS1_RSA_PRIVKEY_HEADER))) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	649	/* it's RSA privkey in PKCS1 format */
				650	*privkey_format = NC_PRIVKEY_FORMAT_RSA;
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	651	} else if (!strncmp(privkey, NC_SEC1_EC_PRIVKEY_HEADER, strlen(NC_SEC1_EC_PRIVKEY_HEADER))) {
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	652	/* it's EC privkey in SEC1 format */
				653	*privkey_format = NC_PRIVKEY_FORMAT_EC;
				654	} else {
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	655	/* not supported */
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	656	return 1;
				657	}
				658
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	659	return 0;
				660	}
				661
				662	static int
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	663	nc_server_config_util_get_privkey_libtls(const char privkey_path, char privkey, void *pkey)
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	664	{
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	665	void *pkey_tmp;
				666	char *privkey_tmp;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	667
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	668	NC_CHECK_ARG_RET(NULL, privkey_path, privkey, pkey, 1);
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	669
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	670	privkey = pkey = NULL;
				671
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	672	pkey_tmp = nc_tls_import_privkey_file_wrap(privkey_path);
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	673	if (!pkey_tmp) {
				674	return 1;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	675	}
				676
roman	a158352	2024-04-23 15:13:17 +0200	[diff] [blame]	677	privkey_tmp = nc_tls_export_privkey_pem_wrap(pkey_tmp);
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	678	if (!privkey_tmp) {
				679	nc_tls_privkey_destroy_wrap(pkey_tmp);
				680	return 1;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	681	}
				682
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	683	*privkey = privkey_tmp;
				684	*pkey = pkey_tmp;
				685	return 0;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	686	}
				687
				688	static int
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	689	nc_server_config_util_get_privkey_libssh(const char privkey_path, char privkey, void *pkey)
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	690	{
				691	int ret = 0;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	692	ssh_key key = NULL;
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	693	void *pkey_tmp = NULL;
				694	char *privkey_tmp = NULL;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	695
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	696	NC_CHECK_ARG_RET(NULL, privkey_path, privkey, pkey, 1);
				697
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	698	ret = ssh_pki_import_privkey_file(privkey_path, NULL, NULL, NULL, &key);
				699	if (ret) {
				700	ERR(NULL, "Importing privkey from file \"%s\" failed.", privkey_path);
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	701	ret = 1;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	702	goto cleanup;
				703	}
				704
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	705	/* export the key in PEM */
				706	ret = ssh_pki_export_privkey_base64(key, NULL, NULL, NULL, &privkey_tmp);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	707	if (ret) {
				708	ERR(NULL, "Exporting privkey to base64 failed.");
				709	goto cleanup;
				710	}
				711
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	712	pkey_tmp = nc_tls_pem_to_privkey_wrap(privkey_tmp);
				713	if (!pkey_tmp) {
				714	free(privkey_tmp);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	715	ret = 1;
				716	goto cleanup;
				717	}
				718
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	719	*privkey = privkey_tmp;
				720	*pkey = pkey_tmp;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	721
				722	cleanup:
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	723	ssh_key_free(key);
				724	return ret;
				725	}
				726
				727	static int
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	728	nc_server_config_util_pem_strip_header_footer(const char pem, char *privkey)
				729	{
				730	const char header, footer;
				731
				732	if (!strncmp(pem, NC_PKCS8_PRIVKEY_HEADER, strlen(NC_PKCS8_PRIVKEY_HEADER))) {
				733	/* it's PKCS8 (X.509) private key */
				734	header = NC_PKCS8_PRIVKEY_HEADER;
				735	footer = NC_PKCS8_PRIVKEY_FOOTER;
				736	} else if (!strncmp(pem, NC_OPENSSH_PRIVKEY_HEADER, strlen(NC_OPENSSH_PRIVKEY_HEADER))) {
				737	/* it's OpenSSH private key */
				738	header = NC_OPENSSH_PRIVKEY_HEADER;
				739	footer = NC_OPENSSH_PRIVKEY_FOOTER;
				740	} else if (!strncmp(pem, NC_PKCS1_RSA_PRIVKEY_HEADER, strlen(NC_PKCS1_RSA_PRIVKEY_HEADER))) {
				741	/* it's RSA privkey in PKCS1 format */
				742	header = NC_PKCS1_RSA_PRIVKEY_HEADER;
				743	footer = NC_PKCS1_RSA_PRIVKEY_FOOTER;
				744	} else if (!strncmp(pem, NC_SEC1_EC_PRIVKEY_HEADER, strlen(NC_SEC1_EC_PRIVKEY_HEADER))) {
				745	/* it's EC privkey in SEC1 format */
				746	header = NC_SEC1_EC_PRIVKEY_HEADER;
				747	footer = NC_SEC1_EC_PRIVKEY_FOOTER;
				748	} else {
				749	return 1;
				750	}
				751
				752	/* make a copy without the header and footer */
				753	*privkey = strndup(pem + strlen(header), strlen(pem) - strlen(header) - strlen(footer));
				754	NC_CHECK_ERRMEM_RET(!*privkey, 1);
				755
				756	return 0;
				757	}
				758
				759	static int
				760	nc_server_config_util_get_privkey(const char privkey_path, NC_PRIVKEY_FORMAT privkey_format, char privkey, void pkey)
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	761	{
				762	int ret = 0;
				763	FILE *f_privkey = NULL;
				764	char *priv = NULL;
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	765	char *privkey_header = NULL;
				766	size_t header_len = 0;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	767
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	768	NC_CHECK_ARG_RET(NULL, privkey_path, privkey_format, privkey, pkey, 1);
				769
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	770	f_privkey = fopen(privkey_path, "r");
				771	if (!f_privkey) {
				772	ERR(NULL, "Unable to open file \"%s\".", privkey_path);
				773	ret = 1;
				774	goto cleanup;
				775	}
				776
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	777	/* read privkey header */
				778	if (getline(&privkey_header, &header_len, f_privkey) < 0) {
				779	ERR(NULL, "Error reading header from file \"%s\".", privkey_path);
				780	ret = 1;
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	781	goto cleanup;
				782	}
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	783
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	784	/* get privkey format */
				785	ret = nc_server_config_util_get_privkey_format(privkey_header, privkey_format);
				786	if (ret) {
				787	ERR(NULL, "Private key format \"%s\" not supported.", privkey_header);
				788	goto cleanup;
				789	}
				790
				791	/* decide how to parse it based on the format */
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	792	switch (*privkey_format) {
				793	/* fall-through */
				794	case NC_PRIVKEY_FORMAT_RSA:
				795	case NC_PRIVKEY_FORMAT_EC:
				796	case NC_PRIVKEY_FORMAT_X509:
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	797	/* the TLS lib can do this */
				798	ret = nc_server_config_util_get_privkey_libtls(privkey_path, &priv, pkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	799	break;
				800	case NC_PRIVKEY_FORMAT_OPENSSH:
				801	/* need the help of libssh */
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	802	ret = nc_server_config_util_get_privkey_libssh(privkey_path, &priv, pkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	803	/* if the function returned successfully, the key is no longer OpenSSH, it was converted to x509 */
				804	*privkey_format = NC_PRIVKEY_FORMAT_X509;
				805	break;
				806	default:
				807	ERR(NULL, "Private key format not recognized.");
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	808	ret = 1;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	809	break;
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	810	}
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	811	if (ret) {
				812	goto cleanup;
				813	}
				814
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	815	/* parsing may have changed its type, get it again */
				816	ret = nc_server_config_util_get_privkey_format(priv, privkey_format);
				817	if (ret) {
				818	ERR(NULL, "Getting private key format from file \"%s\" failed.", privkey_path);
				819	goto cleanup;
				820	}
				821
roman	d30af55	2023-06-16 15:18:27 +0200	[diff] [blame]	822	/* strip private key's header and footer */
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	823	ret = nc_server_config_util_pem_strip_header_footer(priv, privkey);
				824	if (ret) {
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	825	ERR(NULL, "Stripping header and footer from private key \"%s\" failed.", privkey_path);
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	826	goto cleanup;
				827	}
roman	d30af55	2023-06-16 15:18:27 +0200	[diff] [blame]	828
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	829	cleanup:
				830	if (f_privkey) {
				831	fclose(f_privkey);
				832	}
				833
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	834	free(privkey_header);
roman	d30af55	2023-06-16 15:18:27 +0200	[diff] [blame]	835	free(priv);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	836	return ret;
				837	}
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	838
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	839	int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	840	nc_server_config_util_get_asym_key_pair(const char privkey_path, const char pubkey_path, NC_PUBKEY_FORMAT wanted_pubkey_format,
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	841	char *privkey, NC_PRIVKEY_FORMAT privkey_type, char **pubkey)
				842	{
				843	int ret = 0;
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	844	void *pkey = NULL;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	845
				846	NC_CHECK_ARG_RET(NULL, privkey_path, privkey, privkey_type, pubkey, 1);
				847
				848	*privkey = NULL;
				849	*pubkey = NULL;
				850
				851	/* get private key base64 and EVP_PKEY */
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	852	ret = nc_server_config_util_get_privkey(privkey_path, privkey_type, privkey, &pkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	853	if (ret) {
				854	ERR(NULL, "Getting private key from file \"%s\" failed.", privkey_path);
				855	goto cleanup;
				856	}
				857
				858	/* get public key, either from file or generate it from the EVP_PKEY */
				859	if (!pubkey_path) {
				860	if (wanted_pubkey_format == NC_PUBKEY_FORMAT_SSH) {
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	861	ret = nc_server_config_util_pkey_to_ssh_pubkey(pkey, pubkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	862	} else {
roman	72908d4	2024-04-26 16:13:17 +0200	[diff] [blame]	863	ret = nc_server_config_util_pkey_to_spki_pubkey(pkey, pubkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	864	}
				865	} else {
				866	if (wanted_pubkey_format == NC_PUBKEY_FORMAT_SSH) {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	867	ret = nc_server_config_util_get_ssh_pubkey_file(pubkey_path, pubkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	868	} else {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	869	ret = nc_server_config_util_get_spki_pubkey_file(pubkey_path, pubkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	870	}
				871	}
				872	if (ret) {
				873	if (pubkey_path) {
				874	ERR(NULL, "Getting public key from file \"%s\" failed.", pubkey_path);
				875	} else {
				876	ERR(NULL, "Generating public key from private key failed.");
				877	}
				878	goto cleanup;
				879	}
				880
				881	cleanup:
roman	44af505	2024-04-05 12:31:24 +0200	[diff] [blame]	882	nc_tls_privkey_destroy_wrap(pkey);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	883	return ret;
				884	}
				885
				886	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	887	nc_server_config_add_address_port(const struct ly_ctx ctx, const char endpt_name, NC_TRANSPORT_IMPL transport,
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	888	const char address, uint16_t port, struct lyd_node *config)
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	889	{
				890	int ret = 0;
roman	d30af55	2023-06-16 15:18:27 +0200	[diff] [blame]	891	const char address_fmt, port_fmt;
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	892	char port_buf[6] = {0};
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	893
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	894	NC_CHECK_ARG_RET(NULL, ctx, endpt_name, address, config, 1);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	895
roman	506354a	2024-04-11 09:37:22 +0200	[diff] [blame]	896	if (transport == NC_TI_SSH) {
roman	d30af55	2023-06-16 15:18:27 +0200	[diff] [blame]	897	/* SSH path */
Michal Vasko	cf89817	2024-01-15 15:04:28 +0100	[diff] [blame]	898	address_fmt = "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/tcp-server-parameters/local-address";
				899	port_fmt = "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/tcp-server-parameters/local-port";
roman	506354a	2024-04-11 09:37:22 +0200	[diff] [blame]	900	} else if (transport == NC_TI_TLS) {
roman	d30af55	2023-06-16 15:18:27 +0200	[diff] [blame]	901	/* TLS path */
Michal Vasko	cf89817	2024-01-15 15:04:28 +0100	[diff] [blame]	902	address_fmt = "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/tls/tcp-server-parameters/local-address";
				903	port_fmt = "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/tls/tcp-server-parameters/local-port";
roman	2eab474	2023-06-06 10:00:26 +0200	[diff] [blame]	904	} else {
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	905	ERR(NULL, "Can not set address and port of a non SSH/TLS endpoint.");
roman	2eab474	2023-06-06 10:00:26 +0200	[diff] [blame]	906	ret = 1;
				907	goto cleanup;
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	908	}
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	909
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	910	ret = nc_server_config_create(ctx, config, address, address_fmt, endpt_name);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	911	if (ret) {
				912	goto cleanup;
				913	}
				914
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	915	sprintf(port_buf, "%d", port);
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	916	ret = nc_server_config_create(ctx, config, port_buf, port_fmt, endpt_name);
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	917	if (ret) {
				918	goto cleanup;
				919	}
roman	d30af55	2023-06-16 15:18:27 +0200	[diff] [blame]	920
roman	3f9b65c	2023-06-05 14:26:58 +0200	[diff] [blame]	921	cleanup:
roman	d30af55	2023-06-16 15:18:27 +0200	[diff] [blame]	922	return ret;
				923	}
				924
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	925	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	926	nc_server_config_add_ch_address_port(const struct ly_ctx ctx, const char client_name, const char *endpt_name,
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	927	NC_TRANSPORT_IMPL transport, const char address, const char port, struct lyd_node **config)
				928	{
				929	int ret = 0;
				930	const char address_fmt, port_fmt;
				931
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	932	NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, address, port, config, 1);
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	933
roman	506354a	2024-04-11 09:37:22 +0200	[diff] [blame]	934	if (transport == NC_TI_SSH) {
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	935	/* SSH path */
				936	address_fmt = "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/tcp-client-parameters/remote-address";
				937	port_fmt = "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/tcp-client-parameters/remote-port";
roman	506354a	2024-04-11 09:37:22 +0200	[diff] [blame]	938	} else if (transport == NC_TI_TLS) {
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	939	/* TLS path */
				940	address_fmt = "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tcp-client-parameters/remote-address";
				941	port_fmt = "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/endpoint[name='%s']/tls/tcp-client-parameters/remote-port";
				942	} else {
				943	ERR(NULL, "Transport not supported.");
				944	ret = 1;
				945	goto cleanup;
				946	}
				947
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	948	ret = nc_server_config_create(ctx, config, address, address_fmt, client_name, endpt_name);
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	949	if (ret) {
				950	goto cleanup;
				951	}
				952
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	953	ret = nc_server_config_create(ctx, config, port, port_fmt, client_name, endpt_name);
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	954	if (ret) {
				955	goto cleanup;
				956	}
				957
				958	cleanup:
				959	return ret;
				960	}
				961
				962	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	963	nc_server_config_del_endpt(const char endpt_name, struct lyd_node *config)
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	964	{
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	965	NC_CHECK_ARG_RET(NULL, config, 1);
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	966
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	967	if (endpt_name) {
Michal Vasko	cf89817	2024-01-15 15:04:28 +0100	[diff] [blame]	968	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']", endpt_name);
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	969	} else {
Michal Vasko	cf89817	2024-01-15 15:04:28 +0100	[diff] [blame]	970	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint");
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	971	}
				972	}
				973
				974	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	975	nc_server_config_del_ch_client(const char ch_client_name, struct lyd_node *config)
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	976	{
				977	NC_CHECK_ARG_RET(NULL, config, 1);
				978
				979	if (ch_client_name) {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	980	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']", ch_client_name);
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	981	} else {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	982	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client");
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	983	}
				984	}
				985
				986	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	987	nc_server_config_del_ch_endpt(const char client_name, const char endpt_name, struct lyd_node **config)
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	988	{
				989	NC_CHECK_ARG_RET(NULL, client_name, config, 1);
				990
				991	if (endpt_name) {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	992	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	993	"endpoints/endpoint[name='%s']", client_name, endpt_name);
				994	} else {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	995	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	996	"endpoints/endpoint", client_name);
				997	}
roman	5cbb653	2023-06-22 12:53:17 +0200	[diff] [blame]	998	}
				999
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1000	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1001	nc_server_config_add_keystore_asym_key(const struct ly_ctx ctx, NC_TRANSPORT_IMPL ti, const char asym_key_name,
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	1002	const char privkey_path, const char pubkey_path, struct lyd_node **config)
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1003	{
				1004	int ret = 0;
				1005	char privkey = NULL, pubkey = NULL;
				1006	NC_PRIVKEY_FORMAT privkey_type;
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1007	const char privkey_format, pubkey_format;
				1008
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1009	NC_CHECK_ARG_RET(NULL, ctx, asym_key_name, privkey_path, config, 1);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1010
				1011	/* get the keys as a string from the given files */
roman	506354a	2024-04-11 09:37:22 +0200	[diff] [blame]	1012	if (ti == NC_TI_SSH) {
Michal Vasko	7ac7c56	2024-03-05 09:51:21 +0100	[diff] [blame]	1013	ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_SSH, &privkey,
				1014	&privkey_type, &pubkey);
roman	506354a	2024-04-11 09:37:22 +0200	[diff] [blame]	1015	} else if (ti == NC_TI_TLS) {
Michal Vasko	7ac7c56	2024-03-05 09:51:21 +0100	[diff] [blame]	1016	ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_X509, &privkey,
				1017	&privkey_type, &pubkey);
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	1018	} else {
				1019	ERR(NULL, "Only SSH and TLS transports can be used to create an asymmetric key pair in the keystore.");
				1020	ret = 1;
				1021	goto cleanup;
				1022	}
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1023	if (ret) {
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1024	goto cleanup;
				1025	}
				1026
				1027	/* get pubkey format str */
roman	506354a	2024-04-11 09:37:22 +0200	[diff] [blame]	1028	if (ti == NC_TI_SSH) {
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1029	pubkey_format = "ietf-crypto-types:ssh-public-key-format";
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	1030	} else {
				1031	pubkey_format = "ietf-crypto-types:subject-public-key-info-format";
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1032	}
				1033
				1034	/* get privkey identityref value */
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1035	privkey_format = nc_server_config_util_privkey_format_to_identityref(privkey_type);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1036	if (!privkey_format) {
				1037	ret = 1;
				1038	goto cleanup;
				1039	}
				1040
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1041	ret = nc_server_config_create(ctx, config, pubkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1042	"asymmetric-key[name='%s']/public-key-format", asym_key_name);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1043	if (ret) {
				1044	goto cleanup;
				1045	}
				1046
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1047	ret = nc_server_config_create(ctx, config, pubkey, "/ietf-keystore:keystore/asymmetric-keys/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1048	"asymmetric-key[name='%s']/public-key", asym_key_name);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1049	if (ret) {
				1050	goto cleanup;
				1051	}
				1052
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1053	ret = nc_server_config_create(ctx, config, privkey_format, "/ietf-keystore:keystore/asymmetric-keys/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1054	"asymmetric-key[name='%s']/private-key-format", asym_key_name);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1055	if (ret) {
				1056	goto cleanup;
				1057	}
				1058
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1059	ret = nc_server_config_create(ctx, config, privkey, "/ietf-keystore:keystore/asymmetric-keys/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1060	"asymmetric-key[name='%s']/cleartext-private-key", asym_key_name);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1061	if (ret) {
				1062	goto cleanup;
				1063	}
				1064
				1065	cleanup:
				1066	free(privkey);
				1067	free(pubkey);
				1068	return ret;
				1069	}
				1070
				1071	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1072	nc_server_config_del_keystore_asym_key(const char asym_key_name, struct lyd_node *config)
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1073	{
				1074	NC_CHECK_ARG_RET(NULL, config, 1);
				1075
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1076	if (asym_key_name) {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1077	return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']", asym_key_name);
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1078	} else {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1079	return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key");
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1080	}
				1081	}
				1082
				1083	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1084	nc_server_config_add_keystore_cert(const struct ly_ctx ctx, const char asym_key_name, const char *cert_name,
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1085	const char cert_path, struct lyd_node *config)
				1086	{
				1087	int ret = 0;
				1088	char *cert = NULL;
				1089
				1090	NC_CHECK_ARG_RET(NULL, ctx, asym_key_name, cert_name, cert_path, config, 1);
				1091
				1092	/* get cert data */
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1093	ret = nc_server_config_util_read_certificate(cert_path, &cert);
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1094	if (ret) {
				1095	goto cleanup;
				1096	}
				1097
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1098	ret = nc_server_config_create(ctx, config, cert, "/ietf-keystore:keystore/asymmetric-keys/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1099	"asymmetric-key[name='%s']/certificates/certificate[name='%s']/cert-data", asym_key_name, cert_name);
				1100
				1101	cleanup:
				1102	free(cert);
				1103	return ret;
				1104	}
				1105
				1106	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1107	nc_server_config_del_keystore_cert(const char asym_key_name, const char cert_name, struct lyd_node **config)
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1108	{
				1109	NC_CHECK_ARG_RET(NULL, asym_key_name, config, 1);
				1110
				1111	if (cert_name) {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1112	return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1113	"certificates/certificate[name='%s']", asym_key_name, cert_name);
				1114	} else {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1115	return nc_server_config_delete(config, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1116	"certificates/certificate", asym_key_name);
				1117	}
				1118	}
				1119
				1120	API int
roman	d348b94	2023-10-13 14:32:19 +0200	[diff] [blame]	1121	nc_server_config_add_truststore_pubkey(const struct ly_ctx ctx, const char pub_bag_name, const char *pubkey_name,
				1122	const char pubkey_path, struct lyd_node *config)
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1123	{
				1124	int ret = 0;
				1125	char *pubkey = NULL;
roman	1314591	2023-08-17 15:36:54 +0200	[diff] [blame]	1126	const char *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1127
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1128	NC_CHECK_ARG_RET(NULL, ctx, pub_bag_name, pubkey_name, pubkey_path, config, 1);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1129
roman	d348b94	2023-10-13 14:32:19 +0200	[diff] [blame]	1130	ret = nc_server_config_util_get_ssh_pubkey_file(pubkey_path, &pubkey);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1131	if (ret) {
				1132	goto cleanup;
				1133	}
				1134
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1135	ret = nc_server_config_create(ctx, config, pubkey_format, "/ietf-truststore:truststore/public-key-bags/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1136	"public-key-bag[name='%s']/public-key[name='%s']/public-key-format", pub_bag_name, pubkey_name);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1137	if (ret) {
				1138	goto cleanup;
				1139	}
				1140
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1141	ret = nc_server_config_create(ctx, config, pubkey, "/ietf-truststore:truststore/public-key-bags/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1142	"public-key-bag[name='%s']/public-key[name='%s']/public-key", pub_bag_name, pubkey_name);
roman	142718b	2023-06-29 09:15:29 +0200	[diff] [blame]	1143	if (ret) {
				1144	goto cleanup;
				1145	}
				1146
				1147	cleanup:
				1148	free(pubkey);
				1149	return ret;
				1150	}
				1151
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1152	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1153	nc_server_config_del_truststore_pubkey(const char *pub_bag_name,
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1154	const char pubkey_name, struct lyd_node *config)
				1155	{
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1156	NC_CHECK_ARG_RET(NULL, pub_bag_name, config, 1);
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1157
				1158	if (pubkey_name) {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1159	return nc_server_config_delete(config, "/ietf-truststore:truststore/public-key-bags/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1160	"public-key-bag[name='%s']/public-key[name='%s']", pub_bag_name, pubkey_name);
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1161	} else {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1162	return nc_server_config_delete(config, "/ietf-truststore:truststore/public-key-bags/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1163	"public-key-bag[name='%s']/public-key", pub_bag_name);
				1164	}
				1165	}
				1166
				1167	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1168	nc_server_config_add_truststore_cert(const struct ly_ctx ctx, const char cert_bag_name, const char *cert_name,
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1169	const char cert_path, struct lyd_node *config)
				1170	{
				1171	int ret = 0;
				1172	char *cert = NULL;
				1173
				1174	NC_CHECK_ARG_RET(NULL, ctx, cert_bag_name, cert_name, cert_path, config, 1);
				1175
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1176	ret = nc_server_config_util_read_certificate(cert_path, &cert);
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1177	if (ret) {
				1178	goto cleanup;
				1179	}
				1180
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1181	ret = nc_server_config_create(ctx, config, cert, "/ietf-truststore:truststore/certificate-bags/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1182	"certificate-bag[name='%s']/certificate[name='%s']/cert-data", cert_bag_name, cert_name);
				1183	if (ret) {
				1184	goto cleanup;
				1185	}
				1186
				1187	cleanup:
				1188	free(cert);
				1189	return ret;
				1190	}
				1191
				1192	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1193	nc_server_config_del_truststore_cert(const char *cert_bag_name,
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1194	const char cert_name, struct lyd_node *config)
				1195	{
				1196	NC_CHECK_ARG_RET(NULL, cert_bag_name, config, 1);
				1197
				1198	if (cert_name) {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1199	return nc_server_config_delete(config, "/ietf-truststore:truststore/certificate-bags/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1200	"certificate-bag[name='%s']/certificate[name='%s']", cert_bag_name, cert_name);
				1201	} else {
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1202	return nc_server_config_delete(config, "/ietf-truststore:truststore/certificate-bags/"
roman	12c3d52	2023-07-26 13:39:30 +0200	[diff] [blame]	1203	"certificate-bag[name='%s']/certificate", cert_bag_name);
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1204	}
				1205	}
				1206
roman	2eab474	2023-06-06 10:00:26 +0200	[diff] [blame]	1207	#endif /* NC_ENABLED_SSH_TLS */
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1208
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1209	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1210	nc_server_config_add_ch_persistent(const struct ly_ctx ctx, const char ch_client_name, struct lyd_node **config)
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1211	{
				1212	NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
				1213
				1214	/* delete periodic tree if exists */
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1215	if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1216	"netconf-client[name='%s']/connection-type/periodic", ch_client_name)) {
				1217	return 1;
				1218	}
				1219
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1220	return nc_server_config_create(ctx, config, NULL, "/ietf-netconf-server:netconf-server/call-home/"
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1221	"netconf-client[name='%s']/connection-type/persistent", ch_client_name);
				1222	}
				1223
				1224	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1225	nc_server_config_add_ch_period(const struct ly_ctx ctx, const char ch_client_name, uint16_t period,
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1226	struct lyd_node **config)
				1227	{
				1228	char buf[6] = {0};
				1229
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	1230	NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1231
				1232	/* delete persistent tree if exists */
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1233	if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1234	"netconf-client[name='%s']/connection-type/persistent", ch_client_name)) {
				1235	return 1;
				1236	}
				1237
roman	5d9fc73	2023-10-26 11:26:57 +0200	[diff] [blame]	1238	sprintf(buf, "%" PRIu16, period);
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1239	return nc_server_config_create(ctx, config, buf, "/ietf-netconf-server:netconf-server/call-home/"
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1240	"netconf-client[name='%s']/connection-type/periodic/period", ch_client_name);
				1241	}
				1242
				1243	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1244	nc_server_config_del_ch_period(const char ch_client_name, struct lyd_node *config)
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1245	{
				1246	NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
				1247
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1248	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1249	"netconf-client[name='%s']/connection-type/periodic/period", ch_client_name);
				1250	}
				1251
				1252	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1253	nc_server_config_add_ch_anchor_time(const struct ly_ctx ctx, const char ch_client_name,
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1254	const char anchor_time, struct lyd_node *config)
				1255	{
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	1256	NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, anchor_time, config, 1);
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1257
				1258	/* delete persistent tree if exists */
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1259	if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1260	"netconf-client[name='%s']/connection-type/persistent", ch_client_name)) {
				1261	return 1;
				1262	}
				1263
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1264	return nc_server_config_create(ctx, config, anchor_time, "/ietf-netconf-server:netconf-server/call-home/"
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1265	"netconf-client[name='%s']/connection-type/periodic/anchor-time", ch_client_name);
				1266	}
				1267
				1268	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1269	nc_server_config_del_ch_anchor_time(const char ch_client_name, struct lyd_node *config)
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1270	{
				1271	NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
				1272
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1273	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1274	"netconf-client[name='%s']/connection-type/periodic/anchor-time", ch_client_name);
				1275	}
				1276
				1277	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1278	nc_server_config_add_ch_idle_timeout(const struct ly_ctx ctx, const char ch_client_name,
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1279	uint16_t idle_timeout, struct lyd_node **config)
				1280	{
				1281	char buf[6] = {0};
				1282
Roytak	7b9bf29	2023-10-04 14:06:38 +0200	[diff] [blame]	1283	NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1284
				1285	/* delete persistent tree if exists */
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1286	if (nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1287	"netconf-client[name='%s']/connection-type/persistent", ch_client_name)) {
				1288	return 1;
				1289	}
				1290
roman	5d9fc73	2023-10-26 11:26:57 +0200	[diff] [blame]	1291	sprintf(buf, "%" PRIu16, idle_timeout);
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1292	return nc_server_config_create(ctx, config, buf, "/ietf-netconf-server:netconf-server/call-home/"
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1293	"netconf-client[name='%s']/connection-type/periodic/idle-timeout", ch_client_name);
				1294	}
				1295
				1296	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1297	nc_server_config_del_ch_idle_timeout(const char ch_client_name, struct lyd_node *config)
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1298	{
				1299	NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
				1300
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1301	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1302	"netconf-client[name='%s']/connection-type/periodic/idle-timeout", ch_client_name);
				1303	}
				1304
				1305	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1306	nc_server_config_add_ch_reconnect_strategy(const struct ly_ctx ctx, const char ch_client_name,
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1307	NC_CH_START_WITH start_with, uint16_t max_wait, uint8_t max_attempts, struct lyd_node **config)
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1308	{
				1309	int ret = 0;
				1310	char *path = NULL;
				1311	char buf[6] = {0};
				1312	const char *start_with_val;
				1313
				1314	NC_CHECK_ARG_RET(NULL, ctx, ch_client_name, config, 1);
				1315
				1316	/* prepared the path */
roman	3a95bb2	2023-10-26 11:07:17 +0200	[diff] [blame]	1317	ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/reconnect-strategy", ch_client_name);
				1318	NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1319
roman	ded5258	2023-11-08 15:21:30 +0100	[diff] [blame]	1320	/* get string value from enum */
				1321	if (start_with == NC_CH_FIRST_LISTED) {
				1322	start_with_val = "first-listed";
				1323	} else if (start_with == NC_CH_LAST_CONNECTED) {
				1324	start_with_val = "last-connected";
				1325	} else if (start_with == NC_CH_RANDOM) {
				1326	start_with_val = "random-selection";
				1327	} else {
				1328	ERR(NULL, "Unknown reconnect strategy.");
				1329	goto cleanup;
				1330	}
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1331
roman	ded5258	2023-11-08 15:21:30 +0100	[diff] [blame]	1332	ret = nc_server_config_append(ctx, path, "start-with", start_with_val, config);
				1333	if (ret) {
				1334	goto cleanup;
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1335	}
				1336
				1337	if (max_attempts) {
roman	5d9fc73	2023-10-26 11:26:57 +0200	[diff] [blame]	1338	sprintf(buf, "%" PRIu8, max_attempts);
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1339	ret = nc_server_config_append(ctx, path, "max-attempts", buf, config);
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1340	if (ret) {
				1341	goto cleanup;
				1342	}
				1343	memset(buf, 0, 6);
				1344	}
				1345
				1346	if (max_wait) {
roman	5d9fc73	2023-10-26 11:26:57 +0200	[diff] [blame]	1347	sprintf(buf, "%" PRIu16, max_wait);
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1348	ret = nc_server_config_append(ctx, path, "max-wait", buf, config);
roman	b6f4403	2023-06-30 15:07:56 +0200	[diff] [blame]	1349	if (ret) {
				1350	goto cleanup;
				1351	}
				1352	}
				1353
				1354	cleanup:
				1355	free(path);
				1356	return ret;
				1357	}
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1358
				1359	API int
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1360	nc_server_config_del_ch_reconnect_strategy(const char ch_client_name, struct lyd_node *config)
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1361	{
				1362	NC_CHECK_ARG_RET(NULL, ch_client_name, config, 1);
				1363
Roytak	b279485	2023-10-18 14:30:22 +0200	[diff] [blame]	1364	return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
roman	8ba6efa	2023-07-12 15:27:52 +0200	[diff] [blame]	1365	"netconf-client[name='%s']/reconnect-strategy", ch_client_name);
				1366	}