|
libnetconf2
4.0.1
NETCONF server and client library in C.
|
|
libnetconf2
4.0.1
NETCONF server and client library in C.
|
Server-side configuration functions. More...
Functions | |
| int | nc_server_config_add_address_port (const struct ly_ctx *ctx, const char *endpt_name, NC_TRANSPORT_IMPL transport, const char *address, uint16_t port, struct lyd_node **config) |
| Creates new YANG configuration data nodes for address and port. More... | |
| int | nc_server_config_add_keystore_asym_key (const struct ly_ctx *ctx, NC_TRANSPORT_IMPL ti, const char *asym_key_name, const char *privkey_path, const char *pubkey_path, struct lyd_node **config) |
| Creates new YANG data nodes for an asymmetric key in the keystore. More... | |
| int | nc_server_config_add_keystore_cert (const struct ly_ctx *ctx, const char *asym_key_name, const char *cert_name, const char *cert_path, struct lyd_node **config) |
| Creates new YANG data nodes for a certificate in the keystore. More... | |
| int | nc_server_config_add_truststore_cert (const struct ly_ctx *ctx, const char *cert_bag_name, const char *cert_name, const char *cert_path, struct lyd_node **config) |
| Creates new YANG data nodes for a certificate in the truststore. More... | |
| int | nc_server_config_add_truststore_pubkey (const struct ly_ctx *ctx, const char *pub_bag_name, const char *pubkey_name, const char *pubkey_path, struct lyd_node **config) |
| Creates new YANG data nodes for a public key in the truststore. More... | |
| int | nc_server_config_add_unix_socket (const struct ly_ctx *ctx, const char *endpt_name, const char *path, const char *mode, const char *owner, const char *group, struct lyd_node **config) |
| Creates new YANG data nodes for a UNIX socket endpoint. More... | |
| int | nc_server_config_add_unix_user_mapping (const struct ly_ctx *ctx, const char *endpt_name, const char *system_user, const char *netconf_user, struct lyd_node **config) |
| Creates new YANG data nodes for a UNIX username mapping. More... | |
| int | nc_server_config_del_endpt (const char *endpt_name, struct lyd_node **config) |
| Deletes an endpoint from the YANG data. More... | |
| int | nc_server_config_del_keystore_asym_key (const char *asym_key_name, struct lyd_node **config) |
| Deletes a keystore's asymmetric key from the YANG data. More... | |
| int | nc_server_config_del_keystore_cert (const char *asym_key_name, const char *cert_name, struct lyd_node **config) |
| Deletes a keystore's certificate from the YANG data. More... | |
| int | nc_server_config_del_truststore_cert (const char *cert_bag_name, const char *cert_name, struct lyd_node **config) |
| Deletes a truststore's certificate from the YANG data. More... | |
| int | nc_server_config_del_truststore_pubkey (const char *pub_bag_name, const char *pubkey_name, struct lyd_node **config) |
| Deletes a truststore's public key from the YANG data. More... | |
| int | nc_server_config_del_unix_user_mapping (const char *endpt_name, const char *system_user, struct lyd_node **config) |
| Deletes a UNIX username mapping from the YANG data. More... | |
| int | nc_server_config_load_modules (struct ly_ctx **ctx) |
| Implements all the required modules and their features in the context. Needs to be called before any other configuration functions. More... | |
| int | nc_server_config_oper_get_encryption_algs (const struct ly_ctx *ctx, struct lyd_node **encryption_algs) |
| Gets the encryption algorithms supported by the server from the 'iana-ssh-encryption-algs' YANG module. More... | |
| int | nc_server_config_oper_get_hostkey_algs (const struct ly_ctx *ctx, struct lyd_node **hostkey_algs) |
| Gets the hostkey algorithms supported by the server from the 'iana-ssh-public-key-algs' YANG module. More... | |
| int | nc_server_config_oper_get_kex_algs (const struct ly_ctx *ctx, struct lyd_node **kex_algs) |
| Gets the key exchange algorithms supported by the server from the 'iana-ssh-key-exchange-algs' YANG module. More... | |
| int | nc_server_config_oper_get_mac_algs (const struct ly_ctx *ctx, struct lyd_node **mac_algs) |
| Gets the MAC algorithms supported by the server from the 'iana-ssh-mac-algs' YANG module. More... | |
| int | nc_server_config_setup_data (const struct lyd_node *data) |
| Configure server based on the given data. More... | |
| int | nc_server_config_setup_diff (const struct lyd_node *diff) |
| Configure server based on the given diff. More... | |
| int | nc_server_config_setup_path (const struct ly_ctx *ctx, const char *path) |
| Configure server based on the given data stored in a file. More... | |
Server-side configuration functions.
Server Configuration
| int nc_server_config_load_modules | ( | struct ly_ctx ** | ctx | ) |
Implements all the required modules and their features in the context. Needs to be called before any other configuration functions.
If ctx is :
Implemented modules: ietf-netconf-server, ietf-x509-cert-to-name, ietf-crypto-types, ietf-tcp-common, ietf-ssh-common, iana-ssh-encryption-algs, iana-ssh-key-exchange-algs, iana-ssh-mac-algs, iana-ssh-public-key-algs, ietf-keystore, ietf-ssh-server, ietf-truststore, ietf-tls-server and libnetconf2-netconf-server.
Note that the SSH authentication depends on the value of the 'local-users-supported' feature in the ietf-ssh-server module. If the feature, and its dependent if-features, are disabled, the SSH authentication will use the system users. Otherwise, the SSH authentication will use the local users from the configuration (the default).
| [in,out] | ctx | Optional context in which the modules will be implemented. Created if *ctx is null. |
| int nc_server_config_setup_diff | ( | const struct lyd_node * | diff | ) |
Configure server based on the given diff.
Context must already have implemented the required modules, see nc_server_config_load_modules().
| [in] | diff | YANG diff belonging to either ietf-netconf-server, ietf-keystore or ietf-truststore modules. The top level node HAS to have an operation (create, replace, delete or none). |
| int nc_server_config_setup_data | ( | const struct lyd_node * | data | ) |
Configure server based on the given data.
Behaves as if all the nodes in data had the replace operation. That means that the current configuration will be deleted and just the given data will be applied. Context must already have implemented the required modules, see nc_server_config_load_modules().
| [in] | data | YANG data belonging to either ietf-netconf-server, ietf-keystore or ietf-truststore modules. This data must be valid. No node can have an operation attribute. |
| int nc_server_config_setup_path | ( | const struct ly_ctx * | ctx, |
| const char * | path | ||
| ) |
Configure server based on the given data stored in a file.
Wrapper around nc_server_config_setup_data() hiding work with parsing the data. Context must already have implemented the required modules, see nc_server_config_load_modules().
| [in] | ctx | libyang context. |
| [in] | path | Path to a file with ietf-netconf-server, ietf-keystore or ietf-truststore YANG data. This data must be valid. No node can have an operation attribute. |
| int nc_server_config_add_address_port | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| NC_TRANSPORT_IMPL | transport, | ||
| const char * | address, | ||
| uint16_t | port, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG configuration data nodes for address and port.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents might be changed. |
| [in] | transport | Either SSH or TLS transport for the given endpoint. |
| [in] | address | New listening address. |
| [in] | port | New listening port. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_endpt | ( | const char * | endpt_name, |
| struct lyd_node ** | config | ||
| ) |
Deletes an endpoint from the YANG data.
| [in] | endpt_name | Optional identifier of an endpoint to be deleted. If NULL, all of the endpoints will be deleted. |
| [in,out] | config | Modified configuration YANG data tree. |
| int nc_server_config_add_unix_socket | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| const char * | path, | ||
| const char * | mode, | ||
| const char * | owner, | ||
| const char * | group, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG data nodes for a UNIX socket endpoint.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents might be changed. |
| [in] | path | Path to the UNIX socket. The parent directory must be writable by the server process. |
| [in] | mode | Optional UNIX socket file mode in octal format (e.g., "0777"). If NULL, the default value ("0660") will be used. |
| [in] | owner | Optional owner of the UNIX socket file. If NULL, the owner will be set to the user running the server process. |
| [in] | group | Optional group of the UNIX socket file. If NULL, the group will be set to the group of the user running the server process. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_add_unix_user_mapping | ( | const struct ly_ctx * | ctx, |
| const char * | endpt_name, | ||
| const char * | system_user, | ||
| const char * | netconf_user, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG data nodes for a UNIX username mapping.
Specifies who can connect to a UNIX socket endpoint. There are 3 following scenarios:
1) If no mappings are configured for the client system_user, then the client can only connect if its username matches netconf_user.
2) If a mapping for the client system_user is configured, but no netconf_user s are specified, then the client cannot connect as any username.
3) If a mapping for the client system_user is configured, and at least one netconf_user is specified, then the client can connect only with one of the specified usernames. If a wildcard value "*" is configured for netconf_user, then the client can connect with any NETCONF username.
| [in] | ctx | libyang context. |
| [in] | endpt_name | Arbitrary identifier of the endpoint. If an endpoint with this identifier already exists, its contents might be changed. |
| [in] | system_user | System user name, who the mapping will be created for. |
| [in] | netconf_user | Username that the system_user can use to connect to the endpoint. Special value "*" can be used to allow any username. If NULL, empty mapping will be created, which means that the system_user can not connect to the endpoint with any username. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_unix_user_mapping | ( | const char * | endpt_name, |
| const char * | system_user, | ||
| struct lyd_node ** | config | ||
| ) |
Deletes a UNIX username mapping from the YANG data.
| [in] | endpt_name | Identifier of an existing endpoint. |
| [in] | system_user | Optional identifier of a system user whose mapping will be deleted. If NULL, all of the mappings for the endpoint will be deleted. |
| [in,out] | config | Configuration YANG data tree. |
| int nc_server_config_add_keystore_asym_key | ( | const struct ly_ctx * | ctx, |
| NC_TRANSPORT_IMPL | ti, | ||
| const char * | asym_key_name, | ||
| const char * | privkey_path, | ||
| const char * | pubkey_path, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG data nodes for an asymmetric key in the keystore.
| [in] | ctx | libyang context. |
| [in] | ti | Transport in which the key pair will be used. Either SSH or TLS. |
| [in] | asym_key_name | Identifier of the asymmetric key pair. This identifier is used to reference the key pair. |
| [in] | privkey_path | Path to a private key file. |
| [in] | pubkey_path | Optional path a public key file. If not supplied, it will be generated from the private key. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_keystore_asym_key | ( | const char * | asym_key_name, |
| struct lyd_node ** | config | ||
| ) |
Deletes a keystore's asymmetric key from the YANG data.
| [in] | asym_key_name | Optional identifier of the asymmetric key to be deleted. If NULL, all of the asymmetric keys in the keystore will be deleted. |
| [in,out] | config | Configuration YANG data tree. |
| int nc_server_config_add_keystore_cert | ( | const struct ly_ctx * | ctx, |
| const char * | asym_key_name, | ||
| const char * | cert_name, | ||
| const char * | cert_path, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG data nodes for a certificate in the keystore.
A certificate can not exist without its asymmetric key, so you must create an asymmetric key with the same identifier you pass to this function.
| [in] | ctx | libyang context. |
| [in] | asym_key_name | Arbitrary identifier of the asymmetric key. If an asymmetric key pair with this name already exists, its contents will be changed. |
| [in] | cert_name | Arbitrary identifier of the key pair's certificate. If a certificate with this name already exists, its contents will be changed. |
| [in] | cert_path | Path to the PEM encoded certificate file. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_keystore_cert | ( | const char * | asym_key_name, |
| const char * | cert_name, | ||
| struct lyd_node ** | config | ||
| ) |
Deletes a keystore's certificate from the YANG data.
| [in] | asym_key_name | Identifier of an existing asymmetric key pair. |
| [in] | cert_name | Optional identifier of a certificate to be deleted. If NULL, all of the certificates belonging to the asymmetric key pair will be deleted. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_add_truststore_pubkey | ( | const struct ly_ctx * | ctx, |
| const char * | pub_bag_name, | ||
| const char * | pubkey_name, | ||
| const char * | pubkey_path, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG data nodes for a public key in the truststore.
| [in] | ctx | libyang context. |
| [in] | pub_bag_name | Arbitrary identifier of the public key bag. This name is used to reference the public keys in the bag. If a public key bag with this name already exists, its contents will be changed. |
| [in] | pubkey_name | Arbitrary identifier of the public key. If a public key with this name already exists in the given bag, its contents will be changed. |
| [in] | pubkey_path | Path to a file containing a public key. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_truststore_pubkey | ( | const char * | pub_bag_name, |
| const char * | pubkey_name, | ||
| struct lyd_node ** | config | ||
| ) |
Deletes a truststore's public key from the YANG data.
| [in] | pub_bag_name | Identifier of an existing public key bag. |
| [in] | pubkey_name | Optional identifier of a public key to be deleted. If NULL, all of the public keys in the given bag will be deleted. |
| [in,out] | config | Configuration YANG data tree. |
| int nc_server_config_add_truststore_cert | ( | const struct ly_ctx * | ctx, |
| const char * | cert_bag_name, | ||
| const char * | cert_name, | ||
| const char * | cert_path, | ||
| struct lyd_node ** | config | ||
| ) |
Creates new YANG data nodes for a certificate in the truststore.
| [in] | ctx | libyang context. |
| [in] | cert_bag_name | Arbitrary identifier of the certificate bag. This name is used to reference the certificates in the bag. If a certificate bag with this name already exists, its contents will be changed. |
| [in] | cert_name | Arbitrary identifier of the certificate. If a certificate with this name already exists in the given bag, its contents will be changed. |
| [in] | cert_path | Path to a file containing a PEM encoded certificate. |
| [in,out] | config | Configuration YANG data tree. If *config is NULL, it will be created. Otherwise the new YANG data will be added to the previous data and may override it. |
| int nc_server_config_del_truststore_cert | ( | const char * | cert_bag_name, |
| const char * | cert_name, | ||
| struct lyd_node ** | config | ||
| ) |
Deletes a truststore's certificate from the YANG data.
| [in] | cert_bag_name | Identifier of an existing certificate bag. |
| [in] | cert_name | Optional identifier of a certificate to be deleted. If NULL, all of the certificates in the given bag will be deleted. |
| [in,out] | config | Configuration YANG data tree. |
| int nc_server_config_oper_get_hostkey_algs | ( | const struct ly_ctx * | ctx, |
| struct lyd_node ** | hostkey_algs | ||
| ) |
Gets the hostkey algorithms supported by the server from the 'iana-ssh-public-key-algs' YANG module.
| [in] | ctx | libyang context. |
| [out] | hostkey_algs | Container with leaf-lists containing the supported algorithms. |
| int nc_server_config_oper_get_kex_algs | ( | const struct ly_ctx * | ctx, |
| struct lyd_node ** | kex_algs | ||
| ) |
Gets the key exchange algorithms supported by the server from the 'iana-ssh-key-exchange-algs' YANG module.
| [in] | ctx | libyang context. |
| [out] | kex_algs | Container with leaf-lists containing the supported algorithms. |
| int nc_server_config_oper_get_encryption_algs | ( | const struct ly_ctx * | ctx, |
| struct lyd_node ** | encryption_algs | ||
| ) |
Gets the encryption algorithms supported by the server from the 'iana-ssh-encryption-algs' YANG module.
| [in] | ctx | libyang context. |
| [out] | encryption_algs | Container with leaf-lists containing the supported algorithms. |
| int nc_server_config_oper_get_mac_algs | ( | const struct ly_ctx * | ctx, |
| struct lyd_node ** | mac_algs | ||
| ) |
Gets the MAC algorithms supported by the server from the 'iana-ssh-mac-algs' YANG module.
| [in] | ctx | libyang context. |
| [out] | mac_algs | Container with leaf-lists containing the supported algorithms. |
