blob: 7188732dc1f24c19ddf3d3c64169015e955ff8f9 [file] [log] [blame]
Michal Vasko086311b2016-01-08 09:53:11 +01001/**
Michal Vaskoc446a382021-06-18 08:54:05 +02002 * @file session_client.h
3 * @author Michal Vasko <mvasko@cesnet.cz>
4 * @brief libnetconf2 session client manipulation
Michal Vasko086311b2016-01-08 09:53:11 +01005 *
Michal Vasko95ea9ff2021-11-09 12:29:14 +01006 * @copyright
Michal Vaskoc446a382021-06-18 08:54:05 +02007 * Copyright (c) 2015 - 2021 CESNET, z.s.p.o.
Michal Vasko086311b2016-01-08 09:53:11 +01008 *
Radek Krejci9b81f5b2016-02-24 13:14:49 +01009 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
Michal Vaskoafd416b2016-02-25 14:51:46 +010012 *
Radek Krejci9b81f5b2016-02-24 13:14:49 +010013 * https://opensource.org/licenses/BSD-3-Clause
Michal Vasko086311b2016-01-08 09:53:11 +010014 */
15
16#ifndef NC_SESSION_CLIENT_H_
17#define NC_SESSION_CLIENT_H_
18
Michal Vaskoc09730e2019-01-17 10:07:26 +010019#ifdef __cplusplus
20extern "C" {
21#endif
22
Michal Vasko086311b2016-01-08 09:53:11 +010023#include <libyang/libyang.h>
24
roman04548122024-04-05 12:32:31 +020025#include "config.h"
Michal Vasko7bcb48e2016-01-15 10:28:54 +010026#include "messages_client.h"
Michal Vaskob83a3fa2021-05-26 09:53:42 +020027#include "netconf.h"
28#include "session.h"
Michal Vasko086311b2016-01-08 09:53:11 +010029
roman04548122024-04-05 12:32:31 +020030#ifdef NC_ENABLED_SSH_TLS
31# include <libssh/libssh.h>
32#endif /* NC_ENABLED_SSH_TLS */
33
Michal Vasko086311b2016-01-08 09:53:11 +010034/**
Radek Krejci6799a052017-05-19 14:23:23 +020035 * @addtogroup client
36 * @{
37 */
38
39/**
Michal Vasko086311b2016-01-08 09:53:11 +010040 * @brief Set location where libnetconf tries to search for YANG/YIN schemas.
41 *
Michal Vasko7f1c0ef2016-03-11 11:13:06 +010042 * The location is searched when connecting to a NETCONF server and building
Michal Vasko086311b2016-01-08 09:53:11 +010043 * YANG context for further processing of the NETCONF messages and data.
44 *
Radek Krejcifd5b6682017-06-13 15:52:53 +020045 * The searchpath is also used to store schemas retreived via \<get-schema\>
46 * operation - if the schema is not found in searchpath neither via schema
47 * callback provided via nc_client_set_schema_callback() and server supports
48 * the NETCONF \<get-schema\> operation, the schema is retrieved this way and
49 * stored into the searchpath (if specified).
50 *
Michal Vasko086311b2016-01-08 09:53:11 +010051 * @param[in] path Directory where to search for YANG/YIN schemas.
52 * @return 0 on success, 1 on (memory allocation) failure.
53 */
Michal Vasko7f1c0ef2016-03-11 11:13:06 +010054int nc_client_set_schema_searchpath(const char *path);
55
56/**
57 * @brief Get schema searchpath that was set by nc_client_set_schema_searchpath().
58 *
59 * @return Schema searchpath directory, NULL if not set.
60 */
61const char *nc_client_get_schema_searchpath(void);
Michal Vasko086311b2016-01-08 09:53:11 +010062
63/**
Radek Krejcifd5b6682017-06-13 15:52:53 +020064 * @brief Set callback function to get missing schemas.
65 *
66 * @param[in] clb Callback responsible for returning the missing model.
Michal Vaskoc446a382021-06-18 08:54:05 +020067 * @param[in] user_data Arbitrary data that will always be passed to the callback @p clb.
Radek Krejcifd5b6682017-06-13 15:52:53 +020068 * @return 0 on success, 1 on (memory allocation) failure.
69 */
70int nc_client_set_schema_callback(ly_module_imp_clb clb, void *user_data);
71
72/**
73 * @brief Get callback function used to get missing schemas.
74 *
75 * @param[out] user_data Optionally return the private data set with the callback.
76 * Note that the caller is responsible for freeing the private data, so before
77 * changing the callback, private data used for the previous callback should be
78 * freed.
79 * @return Pointer to the set callback, NULL if no such callback was set.
80 */
81ly_module_imp_clb nc_client_get_schema_callback(void **user_data);
82
83/**
Michal Vaskoa272e092023-07-10 14:34:03 +020084 * @brief Enable/disable loading of all the YANG modules supported by
85 * the server when a new session is created. If disabled, it is expected
86 * that users update the context themselves and load the YANG modules
87 * that are planned to be used. Otherwise even basic RPCs may fail to be sent!
88 *
89 * @param[in] enabled Whether context autofill is enabled or disabled.
90 */
91void nc_client_set_new_session_context_autofill(int enabled);
92
93/**
Radek Krejci5cebc6b2017-05-26 13:24:38 +020094 * @brief Use the provided thread-specific client's context in the current thread.
95 *
96 * Note that from this point the context is shared with the thread from which the context was taken and any
97 * nc_client_*set* functions and functions creating connection in these threads should be protected from the
98 * concurrent execution.
99 *
Radek Krejcifd5b6682017-06-13 15:52:53 +0200100 * Context contains schema searchpath/callback, call home binds, TLS and SSH authentication data (username, keys,
Radek Krejci5cebc6b2017-05-26 13:24:38 +0200101 * various certificates and callbacks).
102 *
103 * @param[in] context Client's thread-specific context provided by nc_client_get_thread_context().
104 */
105void nc_client_set_thread_context(void *context);
106
107/**
108 * @brief Get thread-specific client context for sharing with some other thread using
109 * nc_client_set_thread_context().
110 *
111 * @return Pointer to the client's context of the current thread.
112 */
113void *nc_client_get_thread_context(void);
114
115/**
roman9075eab2023-09-14 10:07:26 +0200116 * @brief Initialize client for establishing connections.
117 *
118 * @return 0 on success, -1 on error.
119 */
120int nc_client_init(void);
121
122/**
Michal Vaskoa7b8ca52016-03-01 12:09:29 +0100123 * @brief Destroy all libssh and/or libssl/libcrypto dynamic memory and
Michal Vaskodf0fa452022-03-02 11:06:01 +0100124 * the client options, for both SSH and TLS, and for Call Home too.
Michal Vaskob7558c52016-02-26 15:04:19 +0100125 */
126void nc_client_destroy(void);
127
Michal Vasko4e6d3242021-05-26 09:13:24 +0200128/** @} Client */
Radek Krejci6799a052017-05-19 14:23:23 +0200129
130/**
131 * @defgroup client_session Client Session
132 * @ingroup client
133 *
134 * @brief Client-side NETCONF session manipulation.
135 * @{
136 */
137
Michal Vaskob7558c52016-02-26 15:04:19 +0100138/**
Michal Vasko086311b2016-01-08 09:53:11 +0100139 * @brief Connect to the NETCONF server via proviaded input/output file descriptors.
140 *
141 * Transport layer is supposed to be already set. Function do not cover authentication
142 * or any other manipulation with the transport layer, it only establish NETCONF session
143 * by sending and processing NETCONF \<hello\> messages.
144 *
Michal Vasko086311b2016-01-08 09:53:11 +0100145 * @param[in] fdin Input file descriptor for reading (clear) data from NETCONF server.
146 * @param[in] fdout Output file descriptor for writing (clear) data for NETCONF server.
Michal Vasko94d61402023-03-16 08:21:52 +0100147 * @param[in,out] ctx Optional custom context to use for the session. If not set, a default context is created.
148 * Any YANG modules not present in the context and supported by the server are loaded using \<get-schema\>
149 * (if supported) and/or by searching the searchpath (see ::nc_client_set_schema_searchpath()).
Michal Vasko086311b2016-01-08 09:53:11 +0100150 * @return Created NETCONF session object or NULL in case of error.
151 */
152struct nc_session *nc_connect_inout(int fdin, int fdout, struct ly_ctx *ctx);
153
Olivier Matzac7fa2f2018-10-11 10:02:04 +0200154/**
155 * @brief Connect to the NETCONF server via unix socket.
156 *
157 * Connect to netconf server via an unix socket. Function do not cover authentication
158 * or any other manipulation with the transport layer, it only establish NETCONF session
159 * by sending and processing NETCONF \<hello\> messages.
160 *
161 * @param[in] address Path to the unix socket.
Michal Vasko94d61402023-03-16 08:21:52 +0100162 * @param[in,out] ctx Optional custom context to use for the session. If not set, a default context is created.
163 * Any YANG modules not present in the context and supported by the server are loaded using \<get-schema\>
164 * (if supported) and/or by searching the searchpath (see ::nc_client_set_schema_searchpath()).
Olivier Matzac7fa2f2018-10-11 10:02:04 +0200165 * @return Created NETCONF session object or NULL in case of error.
166 */
167struct nc_session *nc_connect_unix(const char *address, struct ly_ctx *ctx);
168
Michal Vasko4e6d3242021-05-26 09:13:24 +0200169/** @} Client Session */
Radek Krejci6799a052017-05-19 14:23:23 +0200170
roman2eab4742023-06-06 10:00:26 +0200171#ifdef NC_ENABLED_SSH_TLS
Michal Vasko086311b2016-01-08 09:53:11 +0100172
173/**
Radek Krejci6799a052017-05-19 14:23:23 +0200174 * @defgroup client_ssh Client SSH
175 * @ingroup client
176 *
177 * @brief Client-side settings for SSH connections.
178 * @{
179 */
180
181/**
romanf6e32012023-04-24 15:51:26 +0200182 * @brief Set the behaviour of checking the host key and adding/reading entries to/from the known_hosts file.
Michal Vaskoef112d72016-02-18 13:28:25 +0100183 *
romanf6e32012023-04-24 15:51:26 +0200184 * @param[in] mode Server host key checking mode.
Michal Vaskoef112d72016-02-18 13:28:25 +0100185 */
romanf6e32012023-04-24 15:51:26 +0200186void nc_client_ssh_set_knownhosts_mode(NC_SSH_KNOWNHOSTS_MODE mode);
Radek Krejci90a84a22017-05-25 13:53:00 +0200187
188/**
romanf6e32012023-04-24 15:51:26 +0200189 * @brief Set the path to the known_hosts file.
Radek Krejci90a84a22017-05-25 13:53:00 +0200190 *
romanf6e32012023-04-24 15:51:26 +0200191 * Repetetive calling replaces the value. If the given file doesn't exist and the process has sufficient
192 * rights, it gets created whenever the file is needed, otherwise an error occurs. If NULL is passed or the
193 * path isn't set, the default known_hosts file will be used.
194 *
195 * @param[in] path Path to the known_hosts file.
196 * @return 0 on success, 1 on error.
Radek Krejci90a84a22017-05-25 13:53:00 +0200197 */
romanf6e32012023-04-24 15:51:26 +0200198int nc_client_ssh_set_knownhosts_path(const char *path);
Michal Vaskoef112d72016-02-18 13:28:25 +0100199
200/**
Michal Vasko30e2c872016-02-18 10:03:21 +0100201 * @brief Set SSH password authentication callback.
202 *
Radek Krejci90a84a22017-05-25 13:53:00 +0200203 * Repetitive calling causes replacing of the previous callback and its private data. Caller is responsible for
204 * freeing the private data when necessary (the private data can be obtained by
205 * nc_client_ssh_get_auth_password_clb()).
206 *
Michal Vaskofdfd9dd2016-02-29 10:18:46 +0100207 * @param[in] auth_password Function to call, returns the password for username\@hostname.
Michal Vasko30e2c872016-02-18 10:03:21 +0100208 * If NULL, the default callback is set.
Radek Krejci90a84a22017-05-25 13:53:00 +0200209 * @param[in] priv Optional private data to be passed to the callback function.
Michal Vasko30e2c872016-02-18 10:03:21 +0100210 */
Radek Krejci90a84a22017-05-25 13:53:00 +0200211void nc_client_ssh_set_auth_password_clb(char *(*auth_password)(const char *username, const char *hostname, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200212 void *priv);
Radek Krejci90a84a22017-05-25 13:53:00 +0200213
214/**
215 * @brief Get currently set SSH password authentication callback and its private data previously set
216 * by nc_client_ssh_set_auth_password_clb().
217 *
218 * @param[out] auth_password Currently set callback, NULL in case of the default callback.
219 * @param[out] priv Currently set (optional) private data to be passed to the callback function.
220 */
221void nc_client_ssh_get_auth_password_clb(char *(**auth_password)(const char *username, const char *hostname, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200222 void **priv);
Michal Vasko30e2c872016-02-18 10:03:21 +0100223
224/**
225 * @brief Set SSH interactive authentication callback.
226 *
Radek Krejci90a84a22017-05-25 13:53:00 +0200227 * Repetitive calling causes replacing of the previous callback and its private data. Caller is responsible for
228 * freeing the private data when necessary (the private data can be obtained by
229 * nc_client_ssh_get_auth_interactive_clb()).
230 *
Michal Vasko30e2c872016-02-18 10:03:21 +0100231 * @param[in] auth_interactive Function to call for every question, returns the answer for
232 * authentication name with instruction and echoing prompt.
233 * If NULL, the default callback is set.
Radek Krejci90a84a22017-05-25 13:53:00 +0200234 * @param[in] priv Optional private data to be passed to the callback function.
Michal Vasko30e2c872016-02-18 10:03:21 +0100235 */
236void nc_client_ssh_set_auth_interactive_clb(char *(*auth_interactive)(const char *auth_name, const char *instruction,
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200237 const char *prompt, int echo, void *priv),
238 void *priv);
Radek Krejci90a84a22017-05-25 13:53:00 +0200239
240/**
241 * @brief Get currently set SSH interactive authentication callback and its private data previously set
242 * by nc_client_ssh_set_auth_interactive_clb().
243 *
244 * @param[out] auth_interactive Currently set callback, NULL in case of the default callback.
245 * @param[out] priv Currently set (optional) private data to be passed to the callback function.
246 */
247void nc_client_ssh_get_auth_interactive_clb(char *(**auth_interactive)(const char *auth_name, const char *instruction,
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200248 const char *prompt, int echo, void *priv),
249 void **priv);
Michal Vasko30e2c872016-02-18 10:03:21 +0100250
251/**
252 * @brief Set SSH publickey authentication encrypted private key passphrase callback.
253 *
Radek Krejci90a84a22017-05-25 13:53:00 +0200254 * Repetitive calling causes replacing of the previous callback and its private data. Caller is responsible for
255 * freeing the private data when necessary (the private data can be obtained by
256 * nc_client_ssh_get_auth_privkey_passphrase_clb()).
257 *
Michal Vasko30e2c872016-02-18 10:03:21 +0100258 * @param[in] auth_privkey_passphrase Function to call for every question, returns
259 * the passphrase for the specific private key.
Radek Krejci90a84a22017-05-25 13:53:00 +0200260 * @param[in] priv Optional private data to be passed to the callback function.
Michal Vasko30e2c872016-02-18 10:03:21 +0100261 */
Radek Krejci90a84a22017-05-25 13:53:00 +0200262void nc_client_ssh_set_auth_privkey_passphrase_clb(char *(*auth_privkey_passphrase)(const char *privkey_path, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200263 void *priv);
Radek Krejci90a84a22017-05-25 13:53:00 +0200264
265/**
266 * @brief Get currently set SSH publickey authentication encrypted private key passphrase callback and its private data
267 * previously set by nc_client_ssh_set_auth_privkey_passphrase_clb().
268 *
269 * @param[out] auth_privkey_passphrase Currently set callback, NULL in case of the default callback.
270 * @param[out] priv Currently set (optional) private data to be passed to the callback function.
271 */
272void nc_client_ssh_get_auth_privkey_passphrase_clb(char *(**auth_privkey_passphrase)(const char *privkey_path, void *priv),
Michal Vaskob83a3fa2021-05-26 09:53:42 +0200273 void **priv);
Michal Vasko30e2c872016-02-18 10:03:21 +0100274
275/**
Michal Vasko3031aae2016-01-27 16:07:18 +0100276 * @brief Add an SSH public and private key pair to be used for client authentication.
277 *
278 * Private key can be encrypted, the passphrase will be asked for before using it.
279 *
Michal Vasko3031aae2016-01-27 16:07:18 +0100280 * @param[in] pub_key Path to the public key.
281 * @param[in] priv_key Path to the private key.
Michal Vaskof0537d82016-01-29 14:42:38 +0100282 * @return 0 on success, -1 on error.
Michal Vasko3031aae2016-01-27 16:07:18 +0100283 */
284int nc_client_ssh_add_keypair(const char *pub_key, const char *priv_key);
285
286/**
287 * @brief Remove an SSH public and private key pair that was used for client authentication.
288 *
Michal Vasko3031aae2016-01-27 16:07:18 +0100289 * @param[in] idx Index of the keypair starting with 0.
Michal Vasko3031aae2016-01-27 16:07:18 +0100290 * @return 0 on success, -1 on error.
291 */
292int nc_client_ssh_del_keypair(int idx);
293
294/**
295 * @brief Get the number of public an private key pairs set to be used for client authentication.
296 *
297 * @return Keypair count.
298 */
299int nc_client_ssh_get_keypair_count(void);
300
301/**
302 * @brief Get a specific keypair set to be used for client authentication.
303 *
304 * @param[in] idx Index of the specific keypair.
305 * @param[out] pub_key Path to the public key.
306 * @param[out] priv_key Path to the private key.
Michal Vasko3031aae2016-01-27 16:07:18 +0100307 * @return 0 on success, -1 on error.
308 */
309int nc_client_ssh_get_keypair(int idx, const char **pub_key, const char **priv_key);
310
311/**
312 * @brief Set SSH authentication method preference.
313 *
Radek Krejci62aa0642017-05-25 16:33:49 +0200314 * The default preference is as follows:
315 * - interactive authentication (3)
316 * - password authentication (2)
317 * - public key authentication (1)
318 *
319 * @param[in] auth_type Authentication method to modify the preference of.
Michal Vaskoc446a382021-06-18 08:54:05 +0200320 * @param[in] pref Preference of @p auth_type. Higher number increases priority, negative values disable the method.
Michal Vasko3031aae2016-01-27 16:07:18 +0100321 */
322void nc_client_ssh_set_auth_pref(NC_SSH_AUTH_TYPE auth_type, int16_t pref);
323
324/**
325 * @brief Get SSH authentication method preference.
326 *
Michal Vasko3031aae2016-01-27 16:07:18 +0100327 * @param[in] auth_type Authentication method to retrieve the prefrence of.
Michal Vaskoc446a382021-06-18 08:54:05 +0200328 * @return Preference of the @p auth_type.
Michal Vasko3031aae2016-01-27 16:07:18 +0100329 */
330int16_t nc_client_ssh_get_auth_pref(NC_SSH_AUTH_TYPE auth_type);
331
332/**
333 * @brief Set client SSH username used for authentication.
334 *
335 * @param[in] username Username to use.
336 * @return 0 on success, -1 on error.
337 */
338int nc_client_ssh_set_username(const char *username);
339
Michal Vasko3031aae2016-01-27 16:07:18 +0100340/**
Michal Vaskoe22c6732016-01-29 11:03:02 +0100341 * @brief Get client SSH username used for authentication.
342 *
343 * @return Username used.
344 */
345const char *nc_client_ssh_get_username(void);
346
347/**
Michal Vasko086311b2016-01-08 09:53:11 +0100348 * @brief Connect to the NETCONF server using SSH transport (via libssh).
349 *
350 * SSH session is created with default options. If the caller needs to use specific SSH session properties,
351 * they are supposed to use nc_connect_libssh().
352 *
Michal Vasko086311b2016-01-08 09:53:11 +0100353 * @param[in] host Hostname or address (both Ipv4 and IPv6 are accepted) of the target server.
Michal Vaskodf0fa452022-03-02 11:06:01 +0100354 * 'localhost' is used by default if NULL is specified.
Michal Vasko086311b2016-01-08 09:53:11 +0100355 * @param[in] port Port number of the target server. Default value 830 is used if 0 is specified.
Michal Vasko94d61402023-03-16 08:21:52 +0100356 * @param[in,out] ctx Optional custom context to use for the session. If not set, a default context is created.
357 * Any YANG modules not present in the context and supported by the server are loaded using \<get-schema\>
358 * (if supported) and/or by searching the searchpath (see ::nc_client_set_schema_searchpath()).
Michal Vasko086311b2016-01-08 09:53:11 +0100359 * @return Created NETCONF session object or NULL on error.
360 */
Michal Vasko3031aae2016-01-27 16:07:18 +0100361struct nc_session *nc_connect_ssh(const char *host, uint16_t port, struct ly_ctx *ctx);
Michal Vasko086311b2016-01-08 09:53:11 +0100362
363/**
364 * @brief Connect to the NETCONF server using the provided SSH (libssh) session.
365 *
366 * SSH session can have any options set, they will not be modified. If no options were set,
367 * host 'localhost', port 22, and the username detected from the EUID is used. If socket is
Michal Vaskoc446a382021-06-18 08:54:05 +0200368 * set and connected only the host and the username must be set/is detected. Or the @p ssh_session
Michal Vasko086311b2016-01-08 09:53:11 +0100369 * can already be authenticated in which case it is used directly.
370 *
Michal Vaskodf0fa452022-03-02 11:06:01 +0100371 * @param[in] ssh_session libssh structure representing SSH session object. It is fully managed by the created session
372 * including freeing it.
Michal Vasko94d61402023-03-16 08:21:52 +0100373 * @param[in,out] ctx Optional custom context to use for the session. If not set, a default context is created.
374 * Any YANG modules not present in the context and supported by the server are loaded using \<get-schema\>
375 * (if supported) and/or by searching the searchpath (see ::nc_client_set_schema_searchpath()).
Michal Vasko086311b2016-01-08 09:53:11 +0100376 * @return Created NETCONF session object or NULL on error.
377 */
378struct nc_session *nc_connect_libssh(ssh_session ssh_session, struct ly_ctx *ctx);
379
380/**
381 * @brief Create another NETCONF session on existing SSH session using separated SSH channel.
382 *
Michal Vasko086311b2016-01-08 09:53:11 +0100383 * @param[in] session Existing NETCONF session. The session has to be created on SSH transport layer using libssh -
Michal Vaskodf0fa452022-03-02 11:06:01 +0100384 * it has to be created by nc_connect_ssh(), nc_connect_libssh() or nc_connect_ssh_channel().
Michal Vasko94d61402023-03-16 08:21:52 +0100385 * @param[in,out] ctx Optional custom context to use for the session. If not set, a default context is created.
386 * Any YANG modules not present in the context and supported by the server are loaded using \<get-schema\>
387 * (if supported) and/or by searching the searchpath (see ::nc_client_set_schema_searchpath()).
Michal Vasko086311b2016-01-08 09:53:11 +0100388 * @return Created NETCONF session object or NULL on error.
389 */
390struct nc_session *nc_connect_ssh_channel(struct nc_session *session, struct ly_ctx *ctx);
391
Michal Vasko4e6d3242021-05-26 09:13:24 +0200392/** @} Client SSH */
Radek Krejci6799a052017-05-19 14:23:23 +0200393
Michal Vasko086311b2016-01-08 09:53:11 +0100394/**
Radek Krejci6799a052017-05-19 14:23:23 +0200395 * @defgroup client_tls Client TLS
396 * @ingroup client
397 *
398 * @brief Client-side settings for TLS connections.
399 * @{
400 */
401
402/**
Michal Vasko3031aae2016-01-27 16:07:18 +0100403 * @brief Set client authentication identity - a certificate and a private key.
Michal Vasko086311b2016-01-08 09:53:11 +0100404 *
Michal Vaskoe22c6732016-01-29 11:03:02 +0100405 * @param[in] client_cert Path to the file containing the client certificate.
Michal Vaskoc446a382021-06-18 08:54:05 +0200406 * @param[in] client_key Path to the file containing the private key for the @p client_cert.
407 * If NULL, key is expected to be stored with @p client_cert.
Michal Vasko3031aae2016-01-27 16:07:18 +0100408 * @return 0 on success, -1 on error.
409 */
Michal Vaskoe22c6732016-01-29 11:03:02 +0100410int nc_client_tls_set_cert_key_paths(const char *client_cert, const char *client_key);
Michal Vasko3031aae2016-01-27 16:07:18 +0100411
412/**
Michal Vaskoe22c6732016-01-29 11:03:02 +0100413 * @brief Get client authentication identity - a certificate and a private key.
414 *
Michal Vaskoe22c6732016-01-29 11:03:02 +0100415 * @param[out] client_cert Path to the file containing the client certificate. Can be NULL.
Michal Vaskoc446a382021-06-18 08:54:05 +0200416 * @param[out] client_key Path to the file containing the private key for the @p client_cert. Can be NULL.
Michal Vaskoe22c6732016-01-29 11:03:02 +0100417 */
418void nc_client_tls_get_cert_key_paths(const char **client_cert, const char **client_key);
419
420/**
421 * @brief Set client trusted CA certificates paths.
Michal Vasko3031aae2016-01-27 16:07:18 +0100422 *
Michal Vasko086311b2016-01-08 09:53:11 +0100423 * @param[in] ca_file Location of the CA certificate file used to verify server certificates.
424 * For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
425 * @param[in] ca_dir Location of the CA certificates directory used to verify the server certificates.
426 * For more info, see the documentation for SSL_CTX_load_verify_locations() from OpenSSL.
Michal Vasko3031aae2016-01-27 16:07:18 +0100427 * @return 0 on success, -1 on error.
428 */
Michal Vaskoe22c6732016-01-29 11:03:02 +0100429int nc_client_tls_set_trusted_ca_paths(const char *ca_file, const char *ca_dir);
Michal Vasko3031aae2016-01-27 16:07:18 +0100430
431/**
Michal Vaskoe22c6732016-01-29 11:03:02 +0100432 * @brief Get client trusted CA certificates paths.
433 *
434 * @param[out] ca_file Location of the CA certificate file used to verify server certificates.
435 * Can be NULL.
436 * @param[out] ca_dir Location of the CA certificates directory used to verify the server certificates.
437 * Can be NULL.
438 */
439void nc_client_tls_get_trusted_ca_paths(const char **ca_file, const char **ca_dir);
440
441/**
442 * @brief Set client Certificate Revocation List paths.
Michal Vasko3031aae2016-01-27 16:07:18 +0100443 *
Michal Vasko086311b2016-01-08 09:53:11 +0100444 * @param[in] crl_file Location of the CRL certificate file used to check for revocated certificates.
445 * @param[in] crl_dir Location of the CRL certificate directory used to check for revocated certificates.
Michal Vasko3031aae2016-01-27 16:07:18 +0100446 * @return 0 on success, -1 on error.
447 */
Michal Vaskoe22c6732016-01-29 11:03:02 +0100448int nc_client_tls_set_crl_paths(const char *crl_file, const char *crl_dir);
449
450/**
451 * @brief Get client Certificate Revocation List paths.
452 *
453 * @param[out] crl_file Location of the CRL certificate file used to check for revocated certificates.
454 * @param[out] crl_dir Location of the CRL certificate directory used to check for revocated certificates.
455 */
456void nc_client_tls_get_crl_paths(const char **crl_file, const char **crl_dir);
Michal Vasko3031aae2016-01-27 16:07:18 +0100457
Michal Vasko3031aae2016-01-27 16:07:18 +0100458/**
Michal Vasko086311b2016-01-08 09:53:11 +0100459 * @brief Connect to the NETCONF server using TLS transport (via libssl)
460 *
Michal Vaskofdfd9dd2016-02-29 10:18:46 +0100461 * TLS session is created with the certificates set using nc_client_tls_* functions, which must be called beforehand!
Michal Vaskodf0fa452022-03-02 11:06:01 +0100462 * If the caller needs to use specific TLS session properties, they are supposed to use ::nc_connect_libssl().
Michal Vasko086311b2016-01-08 09:53:11 +0100463 *
Michal Vasko086311b2016-01-08 09:53:11 +0100464 * @param[in] host Hostname or address (both Ipv4 and IPv6 are accepted) of the target server.
Michal Vasko9d4cca52022-09-07 11:19:57 +0200465 * 'localhost' is used by default if NULL is specified. It is verified by TLS when connecting to it.
Michal Vasko086311b2016-01-08 09:53:11 +0100466 * @param[in] port Port number of the target server. Default value 6513 is used if 0 is specified.
Michal Vasko94d61402023-03-16 08:21:52 +0100467 * @param[in,out] ctx Optional custom context to use for the session. If not set, a default context is created.
468 * Any YANG modules not present in the context and supported by the server are loaded using \<get-schema\>
469 * (if supported) and/or by searching the searchpath (see ::nc_client_set_schema_searchpath()).
Michal Vasko086311b2016-01-08 09:53:11 +0100470 * @return Created NETCONF session object or NULL on error.
471 */
472struct nc_session *nc_connect_tls(const char *host, uint16_t port, struct ly_ctx *ctx);
473
474/**
roman04548122024-04-05 12:32:31 +0200475 * @brief Deprecated. Should not be needed.
Michal Vasko086311b2016-01-08 09:53:11 +0100476 */
roman04548122024-04-05 12:32:31 +0200477struct nc_session *nc_connect_libssl(void *tls, struct ly_ctx *ctx);
Michal Vasko086311b2016-01-08 09:53:11 +0100478
Michal Vasko4e6d3242021-05-26 09:13:24 +0200479/** @} Client TLS */
Radek Krejci6799a052017-05-19 14:23:23 +0200480
roman2eab4742023-06-06 10:00:26 +0200481#endif /* NC_ENABLED_SSH_TLS */
Michal Vasko086311b2016-01-08 09:53:11 +0100482
483/**
Radek Krejci6799a052017-05-19 14:23:23 +0200484 * @addtogroup client_session
485 * @{
486 */
487
488/**
Michal Vaskobdfb5242016-05-24 09:11:01 +0200489 * @brief Get session capabilities.
490 *
491 * @param[in] session Session to get the information from.
Michal Vaskoc446a382021-06-18 08:54:05 +0200492 * @return NULL-terminated array of the @p session capabilities.
Michal Vaskobdfb5242016-05-24 09:11:01 +0200493 */
Michal Vasko1b2ddc92017-05-24 08:59:49 +0200494const char * const *nc_session_get_cpblts(const struct nc_session *session);
Michal Vaskobdfb5242016-05-24 09:11:01 +0200495
496/**
497 * @brief Check capability presence in a session.
498 *
499 * @param[in] session Session to check.
500 * @param[in] capab Capability to look for, capability with any additional suffix will match.
501 * @return Matching capability, NULL if none found.
502 */
503const char *nc_session_cpblt(const struct nc_session *session, const char *capab);
504
505/**
Michal Vasko9cd26a82016-05-31 08:58:48 +0200506 * @brief Check whether the session has a notification thread running.
507 *
508 * @param[in] session Session to check.
509 * @return 1 if notfication thread is running, 0 otherwise.
510 */
511int nc_session_ntf_thread_running(const struct nc_session *session);
512
513/**
Michal Vasko086311b2016-01-08 09:53:11 +0100514 * @brief Receive NETCONF RPC reply.
515 *
tadeas-vintrlik399af302021-08-25 10:32:21 +0200516 * @note This function can be called in a single thread only.
517 *
Michal Vasko086311b2016-01-08 09:53:11 +0100518 * @param[in] session NETCONF session from which the function gets data. It must be the
Michal Vasko77367452021-02-16 16:32:18 +0100519 * client side session object.
Michal Vasko086311b2016-01-08 09:53:11 +0100520 * @param[in] rpc Original RPC this should be the reply to.
521 * @param[in] msgid Expected message ID of the reply.
522 * @param[in] timeout Timeout for reading in milliseconds. Use negative value for infinite
Michal Vasko77367452021-02-16 16:32:18 +0100523 * waiting and 0 for immediate return if data are not available on the wire.
524 * @param[out] envp NETCONF rpc-reply XML envelopes.
525 * @param[out] op Parsed NETCONF reply data, if any (none for \<ok\> or error replies). Set only on #NC_MSG_REPLY
526 * and #NC_MSG_REPLY_ERR_MSGID return.
Michal Vasko71ba2da2016-05-04 10:53:16 +0200527 * @return #NC_MSG_REPLY for success,
Michal Vaskoc446a382021-06-18 08:54:05 +0200528 * #NC_MSG_WOULDBLOCK if @p timeout has elapsed,
Michal Vasko71ba2da2016-05-04 10:53:16 +0200529 * #NC_MSG_ERROR if reading has failed,
530 * #NC_MSG_NOTIF if a notification was read instead (call this function again to get the reply), and
531 * #NC_MSG_REPLY_ERR_MSGID if a reply with missing or wrong message-id was received.
Michal Vasko086311b2016-01-08 09:53:11 +0100532 */
Michal Vaskod083db62016-01-19 10:31:29 +0100533NC_MSG_TYPE nc_recv_reply(struct nc_session *session, struct nc_rpc *rpc, uint64_t msgid, int timeout,
Michal Vasko77367452021-02-16 16:32:18 +0100534 struct lyd_node **envp, struct lyd_node **op);
Michal Vasko086311b2016-01-08 09:53:11 +0100535
536/**
537 * @brief Receive NETCONF Notification.
538 *
539 * @param[in] session NETCONF session from which the function gets data. It must be the
Michal Vaskoffb35e92022-10-20 09:07:25 +0200540 * client side session object.
Michal Vasko086311b2016-01-08 09:53:11 +0100541 * @param[in] timeout Timeout for reading in milliseconds. Use negative value for infinite
Michal Vaskoffb35e92022-10-20 09:07:25 +0200542 * waiting and 0 for immediate return if data are not available on the wire.
Michal Vasko77367452021-02-16 16:32:18 +0100543 * @param[out] envp NETCONF notification XML envelopes.
544 * @param[out] op Parsed NETCONF notification data.
Michal Vasko71ba2da2016-05-04 10:53:16 +0200545 * @return #NC_MSG_NOTIF for success,
Michal Vaskoc446a382021-06-18 08:54:05 +0200546 * #NC_MSG_WOULDBLOCK if @p timeout has elapsed,
Michal Vasko71ba2da2016-05-04 10:53:16 +0200547 * #NC_MSG_ERROR if reading has failed, and
548 * #NC_MSG_REPLY if a reply was read instead (call this function again to get a notification).
Michal Vasko086311b2016-01-08 09:53:11 +0100549 */
Michal Vasko77367452021-02-16 16:32:18 +0100550NC_MSG_TYPE nc_recv_notif(struct nc_session *session, int timeout, struct lyd_node **envp, struct lyd_node **op);
Michal Vasko086311b2016-01-08 09:53:11 +0100551
552/**
Michal Vaskoffb35e92022-10-20 09:07:25 +0200553 * @brief Callback for receiving notifications in a separate thread.
554 *
555 * @param[in] session NC session that received the notification.
556 * @param[in] envp Notification envelope data tree.
557 * @param[in] op Notification body data tree.
558 * @param[in] user_data Arbitrary user data passed to the callback.
559 */
560typedef void (*nc_notif_dispatch_clb)(struct nc_session *session, const struct lyd_node *envp, const struct lyd_node *op,
561 void *user_data);
562
563/**
Michal Vaskoa8ad4482016-01-28 14:25:54 +0100564 * @brief Receive NETCONF Notifications in a separate thread until the session is terminated
Michal Vaskoffb35e92022-10-20 09:07:25 +0200565 * or \<notificationComplete\> is received.
Michal Vaskoa8ad4482016-01-28 14:25:54 +0100566 *
567 * @param[in] session Netconf session to read notifications from.
568 * @param[in] notif_clb Function that is called for every received notification (including
Michal Vaskoffb35e92022-10-20 09:07:25 +0200569 * \<notificationComplete\>). Parameters are the session the notification was received on
570 * and the notification data.
Michal Vaskoa8ad4482016-01-28 14:25:54 +0100571 * @return 0 if the thread was successfully created, -1 on error.
572 */
Michal Vaskoffb35e92022-10-20 09:07:25 +0200573int nc_recv_notif_dispatch(struct nc_session *session, nc_notif_dispatch_clb notif_clb);
574
575/**
576 * @brief Receive NETCONF Notifications in a separate thread until the session is terminated
577 * or \<notificationComplete\> is received. Similar to ::nc_recv_notif_dispatch() but allows
578 * to set arbitrary user data that can be freed as well.
579 *
580 * @param[in] session Netconf session to read notifications from.
581 * @param[in] notif_clb Callback that is called for every received notification (including
582 * \<notificationComplete\>). Parameters are the session the notification was received on
583 * and the notification data.
584 * @param[in] user_data Arbitrary user data.
585 * @param[in] free_data Callback for freeing the user data after notif thread exit.
586 * @return 0 if the thread was successfully created, -1 on error.
587 */
588int nc_recv_notif_dispatch_data(struct nc_session *session, nc_notif_dispatch_clb notif_clb, void *user_data,
589 void (*free_data)(void *));
Michal Vaskoa8ad4482016-01-28 14:25:54 +0100590
591/**
Michal Vasko086311b2016-01-08 09:53:11 +0100592 * @brief Send NETCONF RPC message via the session.
593 *
594 * @param[in] session NETCONF session where the RPC will be written.
Michal Vasko66fa9b92021-10-26 10:48:13 +0200595 * @param[in] rpc NETCONF RPC object to send via the specified session.
Michal Vasko086311b2016-01-08 09:53:11 +0100596 * @param[in] timeout Timeout for writing in milliseconds. Use negative value for infinite
Michal Vaskoffb35e92022-10-20 09:07:25 +0200597 * waiting and 0 for return if data cannot be sent immediately.
Michal Vasko086311b2016-01-08 09:53:11 +0100598 * @param[out] msgid If RPC was successfully sent, this is it's message ID.
Michal Vasko71ba2da2016-05-04 10:53:16 +0200599 * @return #NC_MSG_RPC on success,
600 * #NC_MSG_WOULDBLOCK in case of a busy session, and
601 * #NC_MSG_ERROR on error.
Michal Vasko086311b2016-01-08 09:53:11 +0100602 */
Michal Vaskod083db62016-01-19 10:31:29 +0100603NC_MSG_TYPE nc_send_rpc(struct nc_session *session, struct nc_rpc *rpc, int timeout, uint64_t *msgid);
Michal Vasko086311b2016-01-08 09:53:11 +0100604
Michal Vaskode2946c2017-01-12 12:19:26 +0100605/**
606 * @brief Make a session not strict when sending RPCs and receiving RPC replies. In other words,
Michal Vaskoffb35e92022-10-20 09:07:25 +0200607 * it will silently skip unknown nodes without an error.
Michal Vaskode2946c2017-01-12 12:19:26 +0100608 *
609 * Generally, no such data should be worked with, so use this function only when you know what you
610 * are doing and you understand the consequences.
611 *
612 * @param[in] session NETCONF client session.
613 */
614void nc_client_session_set_not_strict(struct nc_session *session);
615
Michal Vasko77367452021-02-16 16:32:18 +0100616/** @} Client Session */
Radek Krejci6799a052017-05-19 14:23:23 +0200617
Michal Vaskoc09730e2019-01-17 10:07:26 +0100618#ifdef __cplusplus
619}
620#endif
621
Michal Vasko086311b2016-01-08 09:53:11 +0100622#endif /* NC_SESSION_CLIENT_H_ */