server config UPDATE add pw last modified oper getter

Roytak · Roytak · commit 1cb9a3e001ab · 2025-11-21T00:37:57.000+09:00
diff --git a/src/server_config.c b/src/server_config.c
@@ -6307,4 +6307,64 @@ nc_server_config_oper_get_supported_tls_algs(const struct ly_ctx *ctx, struct ly
     return nc_server_config_oper_get_algs(ctx, mod, NULL, nc_tls_supported_cipher_suites, supported_algs);
 }
 
+API int
+nc_server_config_oper_get_user_password_last_modified(const char *endpoint, const char *username, time_t *last_modified)
+{
+    int rc = 0;
+    LY_ARRAY_COUNT_TYPE i;
+    struct nc_server_ssh_opts *ssh_opts = NULL;
+    struct nc_endpt *endpt;
+    struct nc_ch_client *ch_client;
+    struct nc_ch_endpt *ch_endpt;
+
+    NC_CHECK_ARG_RET(NULL, endpoint, username, last_modified, 1);
+
+    /* LOCK */
+    pthread_rwlock_rdlock(&server_opts.config_lock);
+
+    /* find the endpoint */
+    LY_ARRAY_FOR(server_opts.config.endpts, struct nc_endpt, endpt) {
+        if (!strcmp(endpt->name, endpoint) && (endpt->ti == NC_TI_SSH)) {
+            ssh_opts = endpt->opts.ssh;
+            goto found;
+        }
+    }
+
+    /* not found in the listening endpoints, check call-home clients */
+    LY_ARRAY_FOR(server_opts.config.ch_clients, struct nc_ch_client, ch_client) {
+        LY_ARRAY_FOR(ch_client->ch_endpts, struct nc_ch_endpt, ch_endpt) {
+            if (!strcmp(ch_endpt->name, endpoint) && (ch_endpt->ti == NC_TI_SSH)) {
+                ssh_opts = ch_endpt->opts.ssh;
+                goto found;
+            }
+        }
+    }
+
+    if (!ssh_opts) {
+        /* should always be true if we reach here */
+        ERR(NULL, "Endpoint '%s' with SSH transport not found.", endpoint);
+        rc = 1;
+        goto cleanup;
+    }
+
+found:
+    /* find the SSH user */
+    LY_ARRAY_FOR(ssh_opts->auth_clients, i) {
+        if (!strcmp(ssh_opts->auth_clients[i].username, username)) {
+            *last_modified = ssh_opts->auth_clients[i].password_last_modified;
+            break;
+        }
+    }
+    if (i == LY_ARRAY_COUNT(ssh_opts->auth_clients)) {
+        ERR(NULL, "SSH user '%s' not found on endpoint '%s'.", username, endpoint);
+        rc = 1;
+        goto cleanup;
+    }
+
+cleanup:
+    /* UNLOCK */
+    pthread_rwlock_unlock(&server_opts.config_lock);
+    return rc;
+}
+
 #endif /* NC_ENABLED_SSH_TLS */
diff --git a/src/server_config.h b/src/server_config.h
@@ -348,6 +348,17 @@ int nc_server_config_oper_get_supported_ssh_algs(const struct ly_ctx *ctx, struc
  */
 int nc_server_config_oper_get_supported_tls_algs(const struct ly_ctx *ctx, struct lyd_node **supported_algs);
 
+/**
+ * @brief Gets the last modified time of an SSH user's password.
+ *
+ * @param[in] endpoint Name of the endpoint the user is configured on.
+ * @param[in] username Name of the SSH user.
+ * @param[out] last_modified Time of the last password modification.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_oper_get_user_password_last_modified(const char *endpoint,
+        const char *username, time_t *last_modified);
+
 /**
  * @} Server Configuration Functions
  */
