add knowhost to config

Author: Petr Hanzlik

cli/commands.c

@@ -1479,8 +1479,11 @@ cmd_knownhosts(const char *arg, char **UNUSED(tmp_config_file))
             goto cleanup;
         }
 
+        opts.knownhosts_mode = knownhosts_mode;
         nc_client_ssh_set_knownhosts_mode(knownhosts_mode);
         nc_client_ssh_ch_set_knownhosts_mode(knownhosts_mode);
+
+        store_config();
         goto cleanup;
     }
 

cli/configuration.c

@@ -14,15 +14,13 @@
  *     https://opensource.org/licenses/BSD-3-Clause
  */
 
-
 #define _GNU_SOURCE
 #include <assert.h>
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <pwd.h>
 #include <stdio.h>
-#include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/stat.h>
@@ -254,7 +252,7 @@ store_history(void)
     free(history_file);
 }
 
-void 
+static void 
 load_auth_pref(struct lyd_node *match, int auth_pref_type) 
 {
     uint16_t pref_value;
@@ -274,7 +272,9 @@ load_config(void)
     struct ly_ctx *ctx = NULL;
 
 #ifdef NC_ENABLED_SSH_TLS
-    const char *key_pub, *key_priv;
+    const char *key_pub, *key_priv, *mode;
+    struct lyd_node *parent = NULL, *key = NULL, *auth_pref = NULL;
+    NC_SSH_KNOWNHOSTS_MODE knownhosts_mode;
 #endif
 
     if ((netconf_dir = get_netconf_dir()) == NULL) {
@@ -314,7 +314,6 @@ load_config(void)
 
     lyd_find_path(config, "/netopeer2-cli:netconf-client", 0, &client);
 
-    
     if (client) {
         /* <netconf-client> -> <editor> */
         lyd_find_path(client, "editor", 0, &match);
@@ -341,7 +340,7 @@ load_config(void)
 
         /* <netconf-client> -> <output-format> */
         lyd_find_path(client, "output-format", 0, &match);
-        if(match) {
+        if (match) {
             /* <netconf-client> -> <output-format> */
             if (!strcmp(lyd_get_value(match), "json")) {
                 opts.output_format = LYD_JSON;
@@ -350,61 +349,81 @@ load_config(void)
         match = NULL;
 
         lyd_find_path( client, "shrink", 0, &match);
-        if(match) {
+        if (match) {
             /* <netconf-client> -> <shrink> */
             if (!strcmp(lyd_get_value(match), "true")) {
                 opts.output_flag = 1;
             } /* else default (formatted XML) */
         }
         match = NULL;
 #ifdef NC_ENABLED_SSH_TLS
-        struct lyd_node *parent = NULL, *key = NULL;
-        LY_ERR err;
-
-        /* <netconf-client> -> <authentication> -> <method-preference>*/
-        lyd_find_path(client, "authentication/method-preference", 0, &parent);
-        if (parent) {
-            lyd_find_path(parent, "publickey", 0, &match);
-            if(match) {
-                load_auth_pref(match, NC_SSH_AUTH_PUBLICKEY);
-                match = NULL;
-            }
-            lyd_find_path(parent, "interactive", 0, &match);
-            if(match) {
-                load_auth_pref(match, NC_SSH_AUTH_INTERACTIVE);
-                match = NULL;
-            }
-            lyd_find_path(parent, "password", 0, &match);
-            if(match) {
-                load_auth_pref(match, NC_SSH_AUTH_PASSWORD);
-                match = NULL;
-            }
-        }
-        /* <netconf-client> -> <authentication> -> <keys>*/
-        parent = NULL;
-        err = lyd_find_path(client, "authentication/keys", 0, &parent);
-        if (err == LY_SUCCESS && parent) {
-            LY_LIST_FOR(lyd_child(parent), key) {
-                key_pub = NULL;
-                key_priv = NULL;
-
-                lyd_find_path(key, "public", 0, &match);
-                if(match) {
-                    key_pub = lyd_get_value(match);
+        lyd_find_path(client, "authentication", 0, &auth_pref);
+        if (auth_pref) {
+            /* <netconf-client> -> <authentication> -> <method-preference>*/
+            lyd_find_path(auth_pref, "method-preference", 0, &parent);
+            if (parent) {
+                lyd_find_path(parent, "publickey", 0, &match);
+                if (match) {
+                    load_auth_pref(match, NC_SSH_AUTH_PUBLICKEY);
                     match = NULL;
                 }
-
-                lyd_find_path(key, "private", 0, &match);
-                if(match) {
-                    key_priv = lyd_get_value(match);
+                lyd_find_path(parent, "interactive", 0, &match);
+                if (match) {
+                    load_auth_pref(match, NC_SSH_AUTH_INTERACTIVE);
                     match = NULL;
                 }
-
-                if (key_pub && key_priv) {
-                    nc_client_ssh_ch_add_keypair(key_pub, key_priv);
-                    nc_client_ssh_add_keypair(key_pub, key_priv);
+                lyd_find_path(parent, "password", 0, &match);
+                if (match) {
+                    load_auth_pref(match, NC_SSH_AUTH_PASSWORD);
+                    match = NULL;
                 }
             }
+            /* <netconf-client> -> <authentication> -> <keys>*/
+            parent = NULL;
+            lyd_find_path(auth_pref, "keys", 0, &parent);
+            if (parent) {
+                LY_LIST_FOR(lyd_child(parent), key) {
+                    key_pub = NULL;
+                    key_priv = NULL;
+
+                    lyd_find_path(key, "public", 0, &match);
+                    if(match) {
+                        key_pub = lyd_get_value(match);
+                        match = NULL;
+                    }
+
+                    lyd_find_path(key, "private", 0, &match);
+                    if(match) {
+                        key_priv = lyd_get_value(match);
+                        match = NULL;
+                    }
+
+                    if (key_pub && key_priv) {
+                        nc_client_ssh_ch_add_keypair(key_pub, key_priv);
+                        nc_client_ssh_add_keypair(key_pub, key_priv);
+                    }
+                }
+            }
+            /* <netconf-client> -> <authentication> -> <knownhost-mode>*/
+            lyd_find_path(auth_pref, "knownhost-mode", 0, &match);
+            if (match) {
+                mode = lyd_get_value(match);
+                if (!strcmp(mode, "accept")) {
+                    knownhosts_mode = NC_SSH_KNOWNHOSTS_ACCEPT;
+                } else if (!strcmp(mode, "accept-new")) {
+                    knownhosts_mode = NC_SSH_KNOWNHOSTS_ACCEPT_NEW;
+                } else if (!strcmp(mode, "ask")) {
+                    knownhosts_mode = NC_SSH_KNOWNHOSTS_ASK;
+                } else if (!strcmp(mode, "skip")) {
+                    knownhosts_mode = NC_SSH_KNOWNHOSTS_SKIP;
+                } else if (!strcmp(mode, "strict")) {
+                    knownhosts_mode = NC_SSH_KNOWNHOSTS_STRICT;
+                } 
+
+                opts.knownhosts_mode = knownhosts_mode;
+                nc_client_ssh_set_knownhosts_mode(knownhosts_mode);
+                nc_client_ssh_ch_set_knownhosts_mode(knownhosts_mode);
+            }
         }
 
 #endif /* NC_ENABLED_SSH_TLS */
@@ -417,7 +436,7 @@ load_config(void)
     free(netconf_dir);
 }
 
-int 
+static int 
 store_auth_pref(int pref_type, struct lyd_node *auth_pref_parent, const char *auth_pref_name) 
 {
     int pref_value;
@@ -539,6 +558,29 @@ store_config(void)
             }
         }
     }
+
+    /* knownhost-mode */
+    if (opts.knownhosts_mode) {
+        if (opts.knownhosts_mode == NC_SSH_KNOWNHOSTS_ACCEPT) {
+            str = "accept";
+        } else if (opts.knownhosts_mode == NC_SSH_KNOWNHOSTS_ACCEPT_NEW) {
+            str = "accept-new";
+        } else if (opts.knownhosts_mode == NC_SSH_KNOWNHOSTS_ASK) {
+            str = "ask";
+        } else if (opts.knownhosts_mode == NC_SSH_KNOWNHOSTS_SKIP) {
+            str = "skip";
+        } else if (opts.knownhosts_mode == NC_SSH_KNOWNHOSTS_STRICT) {
+            str = "strict";
+        } else {
+            ERROR(__func__, "Unknown known host mode.");
+            goto cleanup;
+        }
+
+        if (lyd_new_term(auth, NULL, "knownhost-mode", str, 0, NULL)) {
+            goto cleanup;
+        }
+    }
+
 #endif /* NC_ENABLED_SSH_TLS */
 
     /* get netconf dir */

cli/configuration.h

@@ -26,6 +26,7 @@ struct cli_opts {
     LYD_FORMAT output_format;
     uint32_t output_flag;
     char *config_editor;
+    NC_SSH_KNOWNHOSTS_MODE knownhosts_mode;
 };
 
 extern struct cli_opts opts;

cli/netopeer2-cli.h

@@ -310,7 +310,30 @@ char netopeer2_cli_yang[] = {
   0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
   0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
   0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20,
-  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20,
+  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x0a,
+  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+  0x6c, 0x65, 0x61, 0x66, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x68, 0x6f,
+  0x73, 0x74, 0x2d, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x7b, 0x0a, 0x20, 0x20,
+  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+  0x20, 0x20, 0x74, 0x79, 0x70, 0x65, 0x20, 0x73, 0x74, 0x72, 0x69, 0x6e,
+  0x67, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x64, 0x65, 0x73, 0x63, 0x72,
+  0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+  0x20, 0x20, 0x20, 0x22, 0x53, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65,
+  0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66,
+  0x6f, 0x72, 0x20, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x69, 0x6e, 0x67, 0x20,
+  0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x68, 0x6f, 0x73, 0x74, 0x20, 0x6b,
+  0x65, 0x79, 0x73, 0x2e, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+  0x20, 0x50, 0x6f, 0x73, 0x73, 0x69, 0x62, 0x6c, 0x65, 0x20, 0x76, 0x61,
+  0x6c, 0x75, 0x65, 0x73, 0x20, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65,
+  0x20, 0x27, 0x61, 0x63, 0x63, 0x65, 0x70, 0x74, 0x27, 0x2c, 0x20, 0x27,
+  0x61, 0x63, 0x63, 0x65, 0x70, 0x74, 0x2d, 0x6e, 0x65, 0x77, 0x27, 0x2c,
+  0x20, 0x27, 0x61, 0x73, 0x6b, 0x27, 0x2c, 0x20, 0x27, 0x73, 0x6b, 0x69,
+  0x70, 0x27, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x27, 0x73, 0x74, 0x72, 0x69,
+  0x63, 0x74, 0x27, 0x2e, 0x22, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
   0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20,
-  0x20, 0x7d, 0x0a, 0x7d, 0x0a, 0x00
+  0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d,
+  0x0a, 0x7d, 0x0a, 0x00
 };