libnetconf2
3.5.4
NETCONF server and client library in C.
|
Server-side configuration functions. More...
Functions | |
int | nc_server_config_add_address_port (const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport, const char *address, uint16_t port, struct lyd_node **config) |
Creates new YANG configuration data nodes for address and port. More... | |
int | nc_server_config_add_keystore_asym_key (const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti, const char *asym_key_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config) |
Creates new YANG data nodes for an asymmetric key in the keystore. More... | |
int | nc_server_config_add_keystore_cert (const struct ly_ctx *ctx, const char *asym_key_name, const char *cert_name, const char *cert_path, struct lyd_node **config) |
Creates new YANG data nodes for a certificate in the keystore. More... | |
int | nc_server_config_add_truststore_cert (const struct ly_ctx *ctx, const char *cert_bag_name, const char *cert_name, const char *cert_path, struct lyd_node **config) |
Creates new YANG data nodes for a certificate in the truststore. More... | |
int | nc_server_config_add_truststore_pubkey (const struct ly_ctx *ctx, const char *pub_bag_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config) |
Creates new YANG data nodes for a public key in the truststore. More... | |
int | nc_server_config_del_endpt (const char *endpt_name, struct lyd_node **config) |
Deletes an endpoint from the YANG data. More... | |
int | nc_server_config_del_keystore_asym_key (const char *asym_key_name, struct lyd_node **config) |
Deletes a keystore's asymmetric key from the YANG data. More... | |
int | nc_server_config_del_keystore_cert (const char *asym_key_name, const char *cert_name, struct lyd_node **config) |
Deletes a keystore's certificate from the YANG data. More... | |
int | nc_server_config_del_truststore_cert (const char *cert_bag_name, const char *cert_name, struct lyd_node **config) |
Deletes a truststore's certificate from the YANG data. More... | |
int | nc_server_config_del_truststore_pubkey (const char *pub_bag_name, const char *pubkey_name, struct lyd_node **config) |
Deletes a truststore's public key from the YANG data. More... | |
int | nc_server_config_load_modules (struct ly_ctx **ctx) |
Implements all the required modules and their features in the context. Needs to be called before any other configuration functions. More... | |
int | nc_server_config_oper_get_encryption_algs (const struct ly_ctx *ctx, struct lyd_node **encryption_algs) |
Gets the encryption algorithms supported by the server from the 'iana-ssh-encryption-algs' YANG module. More... | |
int | nc_server_config_oper_get_hostkey_algs (const struct ly_ctx *ctx, struct lyd_node **hostkey_algs) |
Gets the hostkey algorithms supported by the server from the 'iana-ssh-public-key-algs' YANG module. More... | |
int | nc_server_config_oper_get_kex_algs (const struct ly_ctx *ctx, struct lyd_node **kex_algs) |
Gets the key exchange algorithms supported by the server from the 'iana-ssh-key-exchange-algs' YANG module. More... | |
int | nc_server_config_oper_get_mac_algs (const struct ly_ctx *ctx, struct lyd_node **mac_algs) |
Gets the MAC algorithms supported by the server from the 'iana-ssh-mac-algs' YANG module. More... | |
int | nc_server_config_setup_data (const struct lyd_node *data) |
Configure server based on the given data. More... | |
int | nc_server_config_setup_diff (const struct lyd_node *diff) |
Configure server based on the given diff. More... | |
int | nc_server_config_setup_path (const struct ly_ctx *ctx, const char *path) |
Configure server based on the given data stored in a file. More... | |
Server-side configuration functions.
Server Configuration
int nc_server_config_load_modules | ( | struct ly_ctx ** | ctx | ) |
Implements all the required modules and their features in the context. Needs to be called before any other configuration functions.
If ctx is :
Implemented modules: ietf-netconf-server, ietf-x509-cert-to-name, ietf-crypto-types, ietf-tcp-common, ietf-ssh-common, iana-ssh-encryption-algs, iana-ssh-key-exchange-algs, iana-ssh-mac-algs, iana-ssh-public-key-algs, ietf-keystore, ietf-ssh-server, ietf-truststore, ietf-tls-server and libnetconf2-netconf-server.
Note that the SSH authentication depends on the value of the 'local-users-supported' feature in the ietf-ssh-server module. If the feature, and its dependent if-features, are disabled, the SSH authentication will use the system users. Otherwise, the SSH authentication will use the local users from the configuration (the default).
[in,out] | ctx | Optional context in which the modules will be implemented. Created if *ctx is null. |
int nc_server_config_setup_diff | ( | const struct lyd_node * | diff | ) |
Configure server based on the given diff.
Context must already have implemented the required modules, see nc_server_config_load_modules().
[in] | diff | YANG diff belonging to either ietf-netconf-server, ietf-keystore or ietf-truststore modules. The top level node HAS to have an operation (create, replace, delete or none). |
int nc_server_config_setup_data | ( | const struct lyd_node * | data | ) |
Configure server based on the given data.
Behaves as if all the nodes in data had the replace operation. That means that the current configuration will be deleted and just the given data will be applied. Context must already have implemented the required modules, see nc_server_config_load_modules().
[in] | data | YANG data belonging to either ietf-netconf-server, ietf-keystore or ietf-truststore modules. This data must be valid. No node can have an operation attribute. |
int nc_server_config_setup_path | ( | const struct ly_ctx * | ctx, |
const char * | path | ||
) |
Configure server based on the given data stored in a file.
Wrapper around nc_server_config_setup_data() hiding work with parsing the data. Context must already have implemented the required modules, see nc_server_config_load_modules().
[in] | ctx | libyang context. |
[in] | path | Path to a file with ietf-netconf-server, ietf-keystore or ietf-truststore YANG data. This data must be valid. No node can have an operation attribute. |
int nc_server_config_add_address_port | ( | const struct ly_ctx * | ctx, |
const char * | endpt_name, | ||
NC_TRANSPORT_IMPL | transport, | ||
const char * | address, | ||
uint16_t | port, | ||
struct lyd_node ** | config | ||
) |
Creates new YANG configuration data nodes for address and port.
[in] | ctx | libyang context. |
[in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents might be changed. |
[in] | transport | Either SSH or TLS transport for the given endpoint. |
[in] | address | New listening address. |
[in] | port | New listening port. |
[in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
int nc_server_config_del_endpt | ( | const char * | endpt_name, |
struct lyd_node ** | config | ||
) |
Deletes an endpoint from the YANG data.
[in] | endpt_name | Optional identifier of an endpoint to be deleted. If NULL, all of the endpoints will be deleted. |
[in,out] | config | Modified configuration YANG data tree. |
int nc_server_config_add_keystore_asym_key | ( | const struct ly_ctx * | ctx, |
NC_TRANSPORT_IMPL | ti, | ||
const char * | asym_key_name, | ||
const char * | privkey_path, | ||
const char * | pubkey_path, | ||
struct lyd_node ** | config | ||
) |
Creates new YANG data nodes for an asymmetric key in the keystore.
[in] | ctx | libyang context. |
[in] | ti | Transport in which the key pair will be used. Either SSH or TLS. |
[in] | asym_key_name | Identifier of the asymmetric key pair. This identifier is used to reference the key pair. |
[in] | privkey_path | Path to a private key file. |
[in] | pubkey_path | Optional path a public key file. If not supplied, it will be generated from the private key. |
[in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
int nc_server_config_del_keystore_asym_key | ( | const char * | asym_key_name, |
struct lyd_node ** | config | ||
) |
Deletes a keystore's asymmetric key from the YANG data.
[in] | asym_key_name | Optional identifier of the asymmetric key to be deleted. If NULL, all of the asymmetric keys in the keystore will be deleted. |
[in,out] | config | Configuration YANG data tree. |
int nc_server_config_add_keystore_cert | ( | const struct ly_ctx * | ctx, |
const char * | asym_key_name, | ||
const char * | cert_name, | ||
const char * | cert_path, | ||
struct lyd_node ** | config | ||
) |
Creates new YANG data nodes for a certificate in the keystore.
A certificate can not exist without its asymmetric key, so you must create an asymmetric key with the same identifier you pass to this function.
[in] | ctx | libyang context. |
[in] | asym_key_name | Arbitrary identifier of the asymmetric key. If an asymmetric key pair with this name already exists, its contents will be changed. |
[in] | cert_name | Arbitrary identifier of the key pair's certificate. If a certificate with this name already exists, its contents will be changed. |
[in] | cert_path | Path to the PEM encoded certificate file. |
[in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
int nc_server_config_del_keystore_cert | ( | const char * | asym_key_name, |
const char * | cert_name, | ||
struct lyd_node ** | config | ||
) |
Deletes a keystore's certificate from the YANG data.
[in] | asym_key_name | Identifier of an existing asymmetric key pair. |
[in] | cert_name | Optional identifier of a certificate to be deleted. If NULL, all of the certificates belonging to the asymmetric key pair will be deleted. |
[in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
int nc_server_config_add_truststore_pubkey | ( | const struct ly_ctx * | ctx, |
const char * | pub_bag_name, | ||
const char * | pubkey_name, | ||
const char * | pubkey_path, | ||
struct lyd_node ** | config | ||
) |
Creates new YANG data nodes for a public key in the truststore.
[in] | ctx | libyang context. |
[in] | pub_bag_name | Arbitrary identifier of the public key bag. This name is used to reference the public keys in the bag. If a public key bag with this name already exists, its contents will be changed. |
[in] | pubkey_name | Arbitrary identifier of the public key. If a public key with this name already exists in the given bag, its contents will be changed. |
[in] | pubkey_path | Path to a file containing a public key. |
[in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
int nc_server_config_del_truststore_pubkey | ( | const char * | pub_bag_name, |
const char * | pubkey_name, | ||
struct lyd_node ** | config | ||
) |
Deletes a truststore's public key from the YANG data.
[in] | pub_bag_name | Identifier of an existing public key bag. |
[in] | pubkey_name | Optional identifier of a public key to be deleted. If NULL, all of the public keys in the given bag will be deleted. |
[in,out] | config | Configuration YANG data tree. |
int nc_server_config_add_truststore_cert | ( | const struct ly_ctx * | ctx, |
const char * | cert_bag_name, | ||
const char * | cert_name, | ||
const char * | cert_path, | ||
struct lyd_node ** | config | ||
) |
Creates new YANG data nodes for a certificate in the truststore.
[in] | ctx | libyang context. |
[in] | cert_bag_name | Arbitrary identifier of the certificate bag. This name is used to reference the certificates in the bag. If a certificate bag with this name already exists, its contents will be changed. |
[in] | cert_name | Arbitrary identifier of the certificate. If a certificate with this name already exists in the given bag, its contents will be changed. |
[in] | cert_path | Path to a file containing a PEM encoded certificate. |
[in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
int nc_server_config_del_truststore_cert | ( | const char * | cert_bag_name, |
const char * | cert_name, | ||
struct lyd_node ** | config | ||
) |
Deletes a truststore's certificate from the YANG data.
[in] | cert_bag_name | Identifier of an existing certificate bag. |
[in] | cert_name | Optional identifier of a certificate to be deleted. If NULL, all of the certificates in the given bag will be deleted. |
[in,out] | config | Configuration YANG data tree. |
int nc_server_config_oper_get_hostkey_algs | ( | const struct ly_ctx * | ctx, |
struct lyd_node ** | hostkey_algs | ||
) |
Gets the hostkey algorithms supported by the server from the 'iana-ssh-public-key-algs' YANG module.
[in] | ctx | libyang context. |
[out] | hostkey_algs | Container with leaf-lists containing the supported algorithms. |
int nc_server_config_oper_get_kex_algs | ( | const struct ly_ctx * | ctx, |
struct lyd_node ** | kex_algs | ||
) |
Gets the key exchange algorithms supported by the server from the 'iana-ssh-key-exchange-algs' YANG module.
[in] | ctx | libyang context. |
[out] | kex_algs | Container with leaf-lists containing the supported algorithms. |
int nc_server_config_oper_get_encryption_algs | ( | const struct ly_ctx * | ctx, |
struct lyd_node ** | encryption_algs | ||
) |
Gets the encryption algorithms supported by the server from the 'iana-ssh-encryption-algs' YANG module.
[in] | ctx | libyang context. |
[out] | encryption_algs | Container with leaf-lists containing the supported algorithms. |
int nc_server_config_oper_get_mac_algs | ( | const struct ly_ctx * | ctx, |
struct lyd_node ** | mac_algs | ||
) |
Gets the MAC algorithms supported by the server from the 'iana-ssh-mac-algs' YANG module.
[in] | ctx | libyang context. |
[out] | mac_algs | Container with leaf-lists containing the supported algorithms. |