Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / CESNET / libnetconf2 / e3c3f00deafec2bfedd8ef91ea5d71ca00c005dc / . / src / server_config_util_ssh.c
blob: f3ca8c0330c3ec4fa9851e8dd1861153c828e46a [file] [log] [blame]
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]1/**
2 * @file server_config_util_ssh.c
3 * @author Roman Janota <janota@cesnet.cz>
4 * @brief libnetconf2 server SSH configuration utilities
5 *
6 * @copyright
7 * Copyright (c) 2023 CESNET, z.s.p.o.
8 *
9 * This source code is licensed under BSD 3-Clause License (the "License").
10 * You may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * https://opensource.org/licenses/BSD-3-Clause
14 */
15
16#define _GNU_SOURCE
17
18#include "server_config_util.h"
19
20#include <crypt.h>
21#include <errno.h>
22#include <stdarg.h>
23#include <stdio.h>
24#include <stdlib.h>
25#include <string.h>
26
27#include <libyang/libyang.h>
28
29#include "compat.h"
30#include "config.h"
31#include "log_p.h"
32#include "server_config.h"
33#include "session_p.h"
34
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]35static int
36_nc_server_config_add_ssh_hostkey(const struct ly_ctx *ctx, const char *tree_path,
37 const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
38{
39 int ret = 0;
40 char *pubkey = NULL, *privkey = NULL;
41 NC_PRIVKEY_FORMAT privkey_type;
42 const char *privkey_format, *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
43
44 NC_CHECK_ARG_RET(NULL, ctx, tree_path, privkey_path, config, 1);
45
46 /* get the keys as a string from the given files */
47 ret = nc_server_config_util_get_asym_key_pair(privkey_path, pubkey_path, NC_PUBKEY_FORMAT_SSH, &privkey, &privkey_type, &pubkey);
48 if (ret) {
49 ERR(NULL, "Getting keys from file(s) failed.");
50 goto cleanup;
51 }
52
53 /* get privkey identityref value */
54 privkey_format = nc_server_config_util_privkey_format_to_identityref(privkey_type);
55 if (!privkey_format) {
56 ret = 1;
57 goto cleanup;
58 }
59
60 ret = nc_server_config_append(ctx, tree_path, "inline-definition/public-key-format", pubkey_format, config);
61 if (ret) {
62 goto cleanup;
63 }
64
65 ret = nc_server_config_append(ctx, tree_path, "inline-definition/public-key", pubkey, config);
66 if (ret) {
67 goto cleanup;
68 }
69
70 ret = nc_server_config_append(ctx, tree_path, "inline-definition/private-key-format", privkey_format, config);
71 if (ret) {
72 goto cleanup;
73 }
74
75 ret = nc_server_config_append(ctx, tree_path, "inline-definition/cleartext-private-key", privkey, config);
76 if (ret) {
77 goto cleanup;
78 }
79
80 /* delete keystore choice nodes if present */
81 ret = nc_server_config_check_delete(config, "%s/keystore-reference", tree_path);
82 if (ret) {
83 goto cleanup;
84 }
85
86cleanup:
87 free(privkey);
88 free(pubkey);
89 return ret;
90}
91
92API int
93nc_server_config_add_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
94 const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
95{
96 int ret = 0;
97 char *path = NULL;
98
99 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, hostkey_name, privkey_path, config, 1);
100
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]101 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
102 "server-identity/host-key[name='%s']/public-key", endpt_name, hostkey_name);
103 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]104
105 ret = _nc_server_config_add_ssh_hostkey(ctx, path, privkey_path, pubkey_path, config);
106 if (ret) {
107 ERR(NULL, "Creating new hostkey YANG data nodes failed.");
108 goto cleanup;
109 }
110
111cleanup:
112 free(path);
113 return ret;
114}
115
116API int
117nc_server_config_add_ch_ssh_hostkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
118 const char *hostkey_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config)
119{
120 int ret = 0;
121 char *path = NULL;
122
123 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, hostkey_name, privkey_path, config, 1);
124
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]125 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]126 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]127 "host-key[name='%s']/public-key", client_name, endpt_name, hostkey_name);
128 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]129
130 ret = _nc_server_config_add_ssh_hostkey(ctx, path, privkey_path, pubkey_path, config);
131 if (ret) {
132 ERR(NULL, "Creating new Call-Home hostkey YANG data nodes failed.");
133 goto cleanup;
134 }
135
136cleanup:
137 free(path);
138 return ret;
139}
140
141API int
142nc_server_config_del_ssh_hostkey(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
143 struct lyd_node **config)
144{
145 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, config, 1);
146
147 if (hostkey_name) {
148 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
149 "server-identity/host-key[name='%s']", endpt_name, hostkey_name);
150 } else {
151 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
152 "server-identity/host-key", endpt_name);
153 }
154}
155
156API int
157nc_server_config_del_ch_ssh_hostkey(const char *client_name, const char *endpt_name,
158 const char *hostkey_name, struct lyd_node **config)
159{
160 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
161
162 if (hostkey_name) {
163 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
164 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
165 "host-key[name='%s']", client_name, endpt_name, hostkey_name);
166 } else {
167 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
168 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
169 "host-key", client_name, endpt_name);
170 }
171}
172
173API int
romand348b942023-10-13 14:32:19 +0200[diff] [blame]174nc_server_config_add_ssh_keystore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *hostkey_name,
175 const char *keystore_reference, struct lyd_node **config)
176{
177 int ret = 0;
178
179 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, hostkey_name, keystore_reference, config, 1);
180
181 ret = nc_server_config_create(ctx, config, keystore_reference, "/ietf-netconf-server:netconf-server/listen/"
182 "endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
183 "keystore-reference", endpt_name, hostkey_name);
184 if (ret) {
185 goto cleanup;
186 }
187
188 /* delete inline definition nodes if present */
189 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/"
190 "endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
191 "inline-definition", endpt_name, hostkey_name);
192 if (ret) {
193 goto cleanup;
194 }
195
196cleanup:
197 return ret;
198}
199
200API int
201nc_server_config_add_ch_ssh_keystore_ref(const struct ly_ctx *ctx, const char *client_name,
202 const char *endpt_name, const char *hostkey_name, const char *keystore_reference, struct lyd_node **config)
203{
204 int ret = 0;
205
206 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, hostkey_name, keystore_reference, config, 1);
207
208 ret = nc_server_config_create(ctx, config, keystore_reference, "/ietf-netconf-server:netconf-server/call-home/"
209 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
210 "host-key[name='%s']/public-key/keystore-reference", client_name, endpt_name, hostkey_name);
211 if (ret) {
212 goto cleanup;
213 }
214
215 /* delete inline definition nodes if present */
216 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
217 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
218 "host-key[name='%s']/public-key/inline-definition", client_name, endpt_name, hostkey_name);
219 if (ret) {
220 goto cleanup;
221 }
222
223cleanup:
224 return ret;
225}
226
227API int
228nc_server_config_del_ssh_keystore_ref(const char *endpt_name, const char *hostkey_name,
229 struct lyd_node **config)
230{
231 NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
232
233 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/"
234 "endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='%s']/public-key/"
235 "keystore-reference", endpt_name, hostkey_name);
236}
237
238API int
239nc_server_config_del_ch_ssh_keystore_ref(const char *client_name, const char *endpt_name,
240 const char *hostkey_name, struct lyd_node **config)
241{
242 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, hostkey_name, config, 1);
243
244 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
245 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/"
246 "host-key[name='%s']/public-key/keystore-reference", client_name, endpt_name, hostkey_name);
247}
248
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]249static int
250_nc_server_config_add_ssh_user_pubkey(const struct ly_ctx *ctx, const char *tree_path, const char *pubkey_path,
251 struct lyd_node **config)
252{
253 int ret = 0;
254 char *pubkey = NULL;
255 const char *pubkey_format = "ietf-crypto-types:ssh-public-key-format";
256
257 /* get pubkey data */
258 ret = nc_server_config_util_get_ssh_pubkey_file(pubkey_path, &pubkey);
259 if (ret) {
260 goto cleanup;
261 }
262
263 ret = nc_server_config_append(ctx, tree_path, "public-key-format", pubkey_format, config);
264 if (ret) {
265 goto cleanup;
266 }
267
268 ret = nc_server_config_append(ctx, tree_path, "public-key", pubkey, config);
269 if (ret) {
270 goto cleanup;
271 }
272
273cleanup:
274 free(pubkey);
275 return ret;
276}
277
278API int
279nc_server_config_add_ssh_user_pubkey(const struct ly_ctx *ctx, const char *endpt_name,
280 const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
281{
282 int ret = 0;
283 char *path = NULL;
284
285 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, pubkey_name, pubkey_path, config, 1);
286
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]287 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]288 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]289 "public-key[name='%s']", endpt_name, user_name, pubkey_name);
290 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]291
292 ret = _nc_server_config_add_ssh_user_pubkey(ctx, path, pubkey_path, config);
293 if (ret) {
294 ERR(NULL, "Creating new SSH user's public key failed.");
295 goto cleanup;
296 }
297
298 /* delete truststore reference if present */
299 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
300 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/truststore-reference",
301 endpt_name, user_name);
302 if (ret) {
303 goto cleanup;
304 }
305
306cleanup:
307 free(path);
308 return ret;
309}
310
311API int
312nc_server_config_add_ch_ssh_user_pubkey(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
313 const char *user_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config)
314{
315 int ret = 0;
316 char *path = NULL;
317
318 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, pubkey_name, pubkey_path, config, 1);
319
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]320 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]321 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
322 "users/user[name='%s']/public-keys/inline-definition/public-key[name='%s']", client_name,
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]323 endpt_name, user_name, pubkey_name);
324 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]325
326 ret = _nc_server_config_add_ssh_user_pubkey(ctx, path, pubkey_path, config);
327 if (ret) {
328 ERR(NULL, "Creating new CH SSH user's public key failed.");
329 goto cleanup;
330 }
331
332 /* delete truststore reference if present */
333 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
334 "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
335 "public-keys/truststore-reference", client_name, endpt_name, user_name);
336 if (ret) {
337 goto cleanup;
338 }
339
340cleanup:
341 free(path);
342 return ret;
343}
344
345API int
346nc_server_config_del_ssh_user_pubkey(const char *endpt_name, const char *user_name,
347 const char *pubkey_name, struct lyd_node **config)
348{
349 NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
350
351 if (pubkey_name) {
352 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
353 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
354 "public-key[name='%s']", endpt_name, user_name, pubkey_name);
355 } else {
356 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
357 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition/"
358 "public-key", endpt_name, user_name);
359 }
360}
361
362API int
363nc_server_config_del_ch_ssh_user_pubkey(const char *client_name, const char *endpt_name,
364 const char *user_name, const char *pubkey_name, struct lyd_node **config)
365{
366 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
367
368 if (pubkey_name) {
369 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
370 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
371 "users/user[name='%s']/public-keys/inline-definition/public-key[name='%s']", client_name,
372 endpt_name, user_name, pubkey_name);
373 } else {
374 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
375 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
376 "users/user[name='%s']/public-keys/inline-definition/public-key", client_name,
377 endpt_name, user_name);
378 }
379}
380
381static int
382_nc_server_config_add_ssh_user_password(const struct ly_ctx *ctx, const char *tree_path,
383 const char *password, struct lyd_node **config)
384{
385 int ret = 0;
386 char *hashed_pw = NULL;
387 const char *salt = "$6$idsizuippipk$";
roman8b1a6c32023-10-26 13:35:22 +0200[diff] [blame]388 struct crypt_data cdata = {0};
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]389
390 NC_CHECK_ARG_RET(NULL, ctx, tree_path, password, config, 1);
391
roman8b1a6c32023-10-26 13:35:22 +0200[diff] [blame]392 hashed_pw = crypt_r(password, salt, &cdata);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]393 if (!hashed_pw) {
394 ERR(NULL, "Hashing password failed (%s).", strerror(errno));
395 ret = 1;
396 goto cleanup;
397 }
398
399 ret = nc_server_config_append(ctx, tree_path, "password", hashed_pw, config);
400 if (ret) {
401 goto cleanup;
402 }
403
404cleanup:
405 return ret;
406}
407
408API int
409nc_server_config_add_ssh_user_password(const struct ly_ctx *ctx, const char *endpt_name,
410 const char *user_name, const char *password, struct lyd_node **config)
411{
412 int ret = 0;
413 char *path = NULL;
414
415 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, password, config, 1);
416
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]417 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
418 "client-authentication/users/user[name='%s']", endpt_name, user_name);
419 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]420
421 ret = _nc_server_config_add_ssh_user_password(ctx, path, password, config);
422 if (ret) {
423 ERR(NULL, "Creating new SSH user's password failed.");
424 goto cleanup;
425 }
426
427cleanup:
428 free(path);
429 return ret;
430}
431
432API int
433nc_server_config_add_ch_ssh_user_password(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
434 const char *user_name, const char *password, struct lyd_node **config)
435{
436 int ret = 0;
437 char *path = NULL;
438
439 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, password, config, 1);
440
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]441 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]442 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]443 "users/user[name='%s']", client_name, endpt_name, user_name);
444 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]445
446 ret = _nc_server_config_add_ssh_user_password(ctx, path, password, config);
447 if (ret) {
448 ERR(NULL, "Creating new CH SSH user's password failed.");
449 goto cleanup;
450 }
451
452cleanup:
453 free(path);
454 return ret;
455}
456
457API int
458nc_server_config_del_ssh_user_password(const char *endpt_name, const char *user_name, struct lyd_node **config)
459{
460 NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
461
462 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
463 "ssh-server-parameters/client-authentication/users/user[name='%s']/password", endpt_name, user_name);
464}
465
466API int
467nc_server_config_del_ch_ssh_user_password(const char *client_name, const char *endpt_name,
468 const char *user_name, struct lyd_node **config)
469{
470 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
471
472 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
473 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
474 "users/user[name='%s']/password", client_name, endpt_name, user_name);
475}
476
477static int
478_nc_server_config_add_ssh_user_interactive(const struct ly_ctx *ctx, const char *tree_path,
479 const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
480{
481 int ret = 0;
482
483 ret = nc_server_config_append(ctx, tree_path, "pam-config-file-name", pam_config_name, config);
484 if (ret) {
485 goto cleanup;
486 }
487
488 if (pam_config_dir) {
489 ret = nc_server_config_append(ctx, tree_path, "pam-config-file-dir", pam_config_dir, config);
490 if (ret) {
491 goto cleanup;
492 }
493 }
494
495cleanup:
496 return ret;
497}
498
499API int
500nc_server_config_add_ssh_user_interactive(const struct ly_ctx *ctx, const char *endpt_name,
501 const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
502{
503 int ret = 0;
504 char *path = NULL;
505
506 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, pam_config_name, config, 1);
507
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]508 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]509 "client-authentication/users/user[name='%s']/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]510 "libnetconf2-netconf-server:keyboard-interactive", endpt_name, user_name);
511 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]512
513 ret = _nc_server_config_add_ssh_user_interactive(ctx, path, pam_config_name, pam_config_dir, config);
514 if (ret) {
515 ERR(NULL, "Creating new SSH user's keyboard interactive nodes failed.");
516 goto cleanup;
517 }
518
519cleanup:
520 free(path);
521 return ret;
522}
523
524API int
525nc_server_config_add_ch_ssh_user_interactive(const struct ly_ctx *ctx, const char *client_name, const char *endpt_name,
526 const char *user_name, const char *pam_config_name, const char *pam_config_dir, struct lyd_node **config)
527{
528 int ret = 0;
529 char *path = NULL;
530
531 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, pam_config_name, config, 1);
532
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]533 ret = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]534 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
roman3a95bb22023-10-26 11:07:17 +0200[diff] [blame]535 "libnetconf2-netconf-server:keyboard-interactive", client_name, endpt_name, user_name);
536 NC_CHECK_ERRMEM_GOTO(ret == -1, path = NULL; ret = 1, cleanup);
Roytakb2794852023-10-18 14:30:22 +0200[diff] [blame]537
538 ret = _nc_server_config_add_ssh_user_interactive(ctx, path, pam_config_name, pam_config_dir, config);
539 if (ret) {
540 ERR(NULL, "Creating new CH SSH user's keyboard interactive nodes failed.");
541 goto cleanup;
542 }
543
544cleanup:
545 free(path);
546 return ret;
547}
548
549API int
550nc_server_config_del_ssh_user_interactive(const char *endpt_name, const char *user_name, struct lyd_node **config)
551{
552 NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
553
554 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
555 "ssh-server-parameters/client-authentication/users/user[name='%s']/"
556 "libnetconf2-netconf-server:keyboard-interactive", endpt_name, user_name);
557}
558
559API int
560nc_server_config_del_ch_ssh_user_interactive(const char *client_name, const char *endpt_name,
561 const char *user_name, struct lyd_node **config)
562{
563 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
564
565 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
566 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
567 "libnetconf2-netconf-server:keyboard-interactive", client_name, endpt_name, user_name);
568}
569
570API int
571nc_server_config_del_ssh_user(const char *endpt_name,
572 const char *user_name, struct lyd_node **config)
573{
574 NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
575
576 if (user_name) {
577 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
578 "ssh-server-parameters/client-authentication/users/user[name='%s']", endpt_name, user_name);
579 } else {
580 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
581 "ssh-server-parameters/client-authentication/users/user", endpt_name);
582 }
583}
584
585API int
586nc_server_config_del_ch_ssh_user(const char *client_name, const char *endpt_name,
587 const char *user_name, struct lyd_node **config)
588{
589 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, config, 1);
590
591 if (user_name) {
592 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
593 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']", client_name,
594 endpt_name, user_name);
595 } else {
596 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
597 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user", client_name, endpt_name);
598 }
599}
600
601API int
602nc_server_config_add_ssh_endpoint_client_ref(const struct ly_ctx *ctx, const char *endpt_name,
603 const char *referenced_endpt, struct lyd_node **config)
604{
605 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, referenced_endpt, config, 1);
606
607 return nc_server_config_create(ctx, config, referenced_endpt, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
608 "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
609}
610
611API int
612nc_server_config_del_ssh_endpoint_client_ref(const char *endpt_name, struct lyd_node **config)
613{
614 NC_CHECK_ARG_RET(NULL, endpt_name, config, 1);
615
616 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/"
617 "client-authentication/libnetconf2-netconf-server:endpoint-client-auth", endpt_name);
618}
romand348b942023-10-13 14:32:19 +0200[diff] [blame]619
620API int
621nc_server_config_add_ssh_truststore_ref(const struct ly_ctx *ctx, const char *endpt_name, const char *user_name,
622 const char *truststore_reference, struct lyd_node **config)
623{
624 int ret = 0;
625
626 NC_CHECK_ARG_RET(NULL, ctx, endpt_name, user_name, truststore_reference, config, 1);
627
628 ret = nc_server_config_create(ctx, config, truststore_reference, "/ietf-netconf-server:netconf-server/listen/"
629 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
630 "truststore-reference", endpt_name, user_name);
631 if (ret) {
632 goto cleanup;
633 }
634
635 /* delete inline definition nodes if present */
636 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/"
637 "ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/inline-definition",
638 endpt_name, user_name);
639 if (ret) {
640 goto cleanup;
641 }
642
643cleanup:
644 return ret;
645}
646
647API int
648nc_server_config_add_ch_ssh_truststore_ref(const struct ly_ctx *ctx, const char *client_name,
649 const char *endpt_name, const char *user_name, const char *truststore_reference, struct lyd_node **config)
650{
651 int ret = 0;
652
653 NC_CHECK_ARG_RET(NULL, ctx, client_name, endpt_name, user_name, truststore_reference, config, 1);
654
655 ret = nc_server_config_create(ctx, config, truststore_reference, "/ietf-netconf-server:netconf-server/call-home/"
656 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
657 "users/user[name='%s']/public-keys/truststore-reference", client_name, endpt_name, user_name);
658 if (ret) {
659 goto cleanup;
660 }
661
662 /* delete inline definition nodes if present */
663 ret = nc_server_config_check_delete(config, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/"
664 "endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/"
665 "public-keys/inline-definition", client_name, endpt_name, user_name);
666 if (ret) {
667 goto cleanup;
668 }
669
670cleanup:
671 return ret;
672}
673
674API int
675nc_server_config_del_ssh_truststore_ref(const char *endpt_name, const char *user_name,
676 struct lyd_node **config)
677{
678 NC_CHECK_ARG_RET(NULL, endpt_name, user_name, config, 1);
679
680 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/listen/"
681 "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/public-keys/"
682 "truststore-reference", endpt_name, user_name);
683}
684
685API int
686nc_server_config_del_ch_ssh_truststore_ref(const char *client_name, const char *endpt_name,
687 const char *user_name, struct lyd_node **config)
688{
689 NC_CHECK_ARG_RET(NULL, client_name, endpt_name, user_name, config, 1);
690
691 return nc_server_config_delete(config, "/ietf-netconf-server:netconf-server/call-home/"
692 "netconf-client[name='%s']/endpoints/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/"
693 "users/user[name='%s']/public-keys/truststore-reference", client_name, endpt_name, user_name);
694}