Merge branch 'devel-server'

CESNET · Jun 6, 2018 · 488edbc · 488edbc
2 parents f397aba + 948cb7e
commit 488edbc
Show file tree

Hide file tree

Showing 42 changed files with 1,514 additions and 922 deletions.
diff --git a/.travis-install-libs.sh b/.travis-install-libs.sh
@@ -10,16 +10,16 @@ sudo apt-get update -qq
 sudo apt-get install -y zlib1g-dev libssl-dev
 sudo apt-get install -y --force-yes libavl-dev libev-dev coreutils acl valgrind
 
-if [ ! -d "cmocka-1.0.1/build" ]; then
+if [ ! -d "cmocka-1.1.1/build" ]; then
     echo "Building cmocka from source."
-    wget https://cmocka.org/files/1.0/cmocka-1.0.1.tar.xz
-    tar -xJvf cmocka-1.0.1.tar.xz
-    cd cmocka-1.0.1 && mkdir build && cd build
+    wget https://cmocka.org/files/1.1/cmocka-1.1.1.tar.xz
+    tar -xJvf cmocka-1.1.1.tar.xz
+    cd cmocka-1.1.1 && mkdir build && cd build
     cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr .. && make -j2 && sudo make install
     cd ../..
 else
     echo "Using cmocka from cache."
-    cd cmocka-1.0.1/build
+    cd cmocka-1.1.1/build
     sudo make install
     cd ../..
 fi

diff --git a/.travis.yml b/.travis.yml
@@ -1,13 +1,23 @@
-os: linux
-sudo: required
-dist: trusty
+language: c
 
-language:
-  - c
-
-compiler:
-  - gcc
-  - clang
+matrix:
+  include:
+    - os: linux
+      dist: trusty
+      sudo: required
+      compiler: clang
+    - os: linux
+      dist: trusty
+      sudo: required
+      compiler: gcc
+      addons:
+        apt:
+          sources:
+            - ubuntu-toolchain-r-test
+          packages:
+            - g++-7
+      env:
+        - MATRIX_EVAL="CC=gcc-7 && CXX=g++-7"
 
 branches:
   only:
@@ -19,9 +29,10 @@ cache:
     - libssh-0.7.5
     - protobuf
     - protobuf-c
-    - cmocka-1.0.1
+    - cmocka-1.1.1
 
 before_install:
+  - eval "${MATRIX_EVAL}"
   - if [ "$TRAVIS_OS_NAME" == "linux" ]; then bash .travis-install-libs.sh; fi
   - if [ "$TRAVIS_OS_NAME" = "linux" -a "$CC" = "gcc" ]; then pip install --user codecov; export CFLAGS="-coverage"; fi
 

diff --git a/cli/CMakeLists.txt b/cli/CMakeLists.txt
@@ -21,8 +21,9 @@ set(CMAKE_C_FLAGS_RELEASE "-O2")
 set(CMAKE_C_FLAGS_DEBUG   "-g -O0")
 
 # set version
-set(NP2CLI_VERSION 2.0.45)
-configure_file("${PROJECT_SOURCE_DIR}/version.h.in" "${PROJECT_SOURCE_DIR}/version.h" ESCAPE_QUOTES @ONLY)
+set(NP2CLI_VERSION 2.0.47)
+configure_file("${PROJECT_SOURCE_DIR}/version.h.in" "${PROJECT_BINARY_DIR}/version.h" ESCAPE_QUOTES @ONLY)
+include_directories(${PROJECT_BINARY_DIR})
 
 # source files
 set(srcs

diff --git a/cli/commands.c b/cli/commands.c
@@ -201,7 +201,7 @@ static void
 cli_ntf_clb(struct nc_session *session, const struct nc_notif *notif)
 {
     FILE *output = nc_session_get_data(session);
-    int was_rawmode;
+    int was_rawmode = 0;
 
     if (output == stdout) {
         if (ls.rawmode) {
@@ -504,7 +504,7 @@ static char *
 trim_top_elem(char *data, const char *top_elem, const char *top_elem_ns)
 {
     char *ptr, *prefix = NULL, *buf;
-    int pref_len, state = 0, quote;
+    int pref_len = 0, state = 0, quote;
 
     /* state: -2 - syntax error,
      *        -1 - top_elem not found,
@@ -1207,7 +1207,9 @@ cmd_auth(const char *arg, char **UNUSED(tmp_config_file))
                 ERROR("auth keys add", "Missing the public key path");
                 return EXIT_FAILURE;
             }
-            if (nc_client_ssh_add_keypair(str, cmd) != EXIT_SUCCESS) {
+
+            if (nc_client_ssh_ch_add_keypair(str, cmd) != EXIT_SUCCESS ||
+                nc_client_ssh_add_keypair(str, cmd) != EXIT_SUCCESS) {
                 ERROR("auth keys add", "Failed to add keys");
                 return EXIT_FAILURE;
             }
@@ -1227,7 +1229,7 @@ cmd_auth(const char *arg, char **UNUSED(tmp_config_file))
             }
 
             i = strtol(cmd, &ptr, 10);
-            if (ptr[0] || nc_client_ssh_del_keypair(i)) {
+            if (ptr[0] || nc_client_ssh_ch_del_keypair(i) || nc_client_ssh_del_keypair(i)) {
                 ERROR("auth keys remove", "Wrong index");
                 return EXIT_FAILURE;
             }

diff --git a/cli/completion.c b/cli/completion.c
@@ -8,7 +8,7 @@
  * This source code is licensed under BSD 3-Clause License (the "License").
  * You may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *     https://opensource.org/licenses/BSD-3-Clause
  */
 
@@ -115,9 +115,11 @@ complete_cmd(const char *buf, const char *hint, linenoiseCompletions *lc)
 char *
 readinput(const char *instruction, const char *old_tmp, char **new_tmp)
 {
-    int tmpfd = -1, ret, size, oldfd;
+    volatile int tmpfd = -1;
+    int ret, size, oldfd;
     pid_t pid, wait_pid;
-    char* tmpname = NULL, *input = NULL, *old_content = NULL, *ptr, *ptr2;
+    char* volatile input = NULL, * volatile old_content = NULL;
+    char *tmpname = NULL, *ptr, *ptr2;
 
     /* Create a unique temporary file */
 #ifdef HAVE_MKSTEMPS
@@ -226,7 +228,7 @@ readinput(const char *instruction, const char *old_tmp, char **new_tmp)
     lseek(tmpfd, 0, SEEK_SET);
 
     /* Read the input */
-    input = malloc(size+1);
+    input = malloc(size + 1);
     ret = read(tmpfd, input, size);
     if (ret < size) {
         ERROR(__func__, "Failed to read from the temporary file (%s).", strerror(errno));
@@ -244,7 +246,7 @@ readinput(const char *instruction, const char *old_tmp, char **new_tmp)
         /* The user could have deleted or modified the comment, ignore it then */
         if (ptr2) {
             ptr2 += 5;
-            memmove(ptr, ptr2, strlen(ptr2)+1);
+            memmove(ptr, ptr2, strlen(ptr2) + 1);
 
             /* Save the modified content */
             if (ftruncate(tmpfd, 0) == -1) {

diff --git a/cli/configuration.c b/cli/configuration.c
@@ -67,21 +67,13 @@ get_netconf_dir(void)
         return NULL;
     }
 
-    ret = eaccess(netconf_dir, R_OK | X_OK);
-    if (ret == -1) {
-        if (errno == ENOENT) {
-            /* directory does not exist */
-            ERROR("get_netconf_dir", "Configuration directory \"%s\" does not exist, creating it.", netconf_dir);
-            if (mkdir(netconf_dir, 00700)) {
-                ERROR("get_netconf_dir", "Configuration directory \"%s\" cannot be created: %s", netconf_dir, strerror(errno));
-                free(netconf_dir);
-                return NULL;
-            }
-        } else {
-            ERROR("get_netconf_dir", "Configuration directory \"%s\" exists but something else failed: %s", netconf_dir, strerror(errno));
-            free(netconf_dir);
-            return NULL;
-        }
+    ret = mkdir(netconf_dir, 00700);
+    if (!ret) {
+        ERROR("get_netconf_dir", "Configuration directory \"%s\" did not exist, created.", netconf_dir);
+    } else if (errno != EEXIST) {
+        ERROR("get_netconf_dir", "Configuration directory \"%s\" cannot be created: %s", netconf_dir, strerror(errno));
+        free(netconf_dir);
+        return NULL;
     }
 
     return netconf_dir;
@@ -310,15 +302,13 @@ load_config(void)
                         } else if (!strcmp(child->name, "searchpath")) {
                             /* doc -> <netconf-client> -> <searchpath> */
                             errno = 0;
-                            if (eaccess(child->content, R_OK | W_OK | X_OK) && (errno == ENOENT)) {
-                                ERROR(__func__, "Search path \"%s\" does not exist, creating it.", child->content);
-                                if (mkdir(child->content, 00700)) {
-                                    ERROR(__func__, "Search path \"%s\" cannot be created: %s", child->content, strerror(errno));
-                                } else {
-                                    nc_client_set_schema_searchpath(child->content);
+                            if (!mkdir(child->content, 00700) || (errno == EEXIST)) {
+                                if (errno == 0) {
+                                    ERROR(__func__, "Search path \"%s\" did not exist, created.", child->content);
                                 }
-                            } else {
                                 nc_client_set_schema_searchpath(child->content);
+                            } else {
+                                ERROR(__func__, "Search path \"%s\" cannot be created: %s", child->content, strerror(errno));
                             }
                         } else if (!strcmp(child->name, "output-format")) {
                             /* doc -> <netconf-client> -> <output-format> */
@@ -360,6 +350,7 @@ load_config(void)
                                                 }
                                             }
                                             if (key_pub && key_priv) {
+                                                nc_client_ssh_ch_add_keypair(key_pub, key_priv);
                                                 nc_client_ssh_add_keypair(key_pub, key_priv);
                                             }
                                         }

diff --git a/keystored/CMakeLists.txt b/keystored/CMakeLists.txt
@@ -34,7 +34,8 @@ if (NOT OPENSSL_EXECUTABLE)
     endif()
 endif()
 
-configure_file("${PROJECT_SOURCE_DIR}/config.h.in" "${PROJECT_SOURCE_DIR}/config.h" ESCAPE_QUOTES @ONLY)
+configure_file("${PROJECT_SOURCE_DIR}/config.h.in" "${PROJECT_BINARY_DIR}/config.h" ESCAPE_QUOTES @ONLY)
+include_directories(${PROJECT_BINARY_DIR})
 
 # keystored plugin
 add_library(keystored SHARED keystored.c)
@@ -101,74 +102,48 @@ if (NOT CHMOD_EXECUTABLE)
     message(FATAL_ERROR "Unable to find chmod, set CHMOD_EXECUTABLE manually.")
 endif()
 
+# Command line options to be passed to `sysrepoctl` when working with modules
+# which should only be accessible by an administrator
+if (NOT SYSREPOCTL_ROOT_PERMS)
+    set(SYSREPOCTL_ROOT_PERMS "-o root:root -p 600")
+endif()
+
 # create the keys directory with correct permissions
 install(DIRECTORY DESTINATION ${KEYSTORED_KEYS_DIR}
         DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE)
 
-# install all the required modules and enable features
-install(CODE "
-    execute_process(COMMAND ${SYSREPOCTL_EXECUTABLE} -l RESULT_VARIABLE RET OUTPUT_VARIABLE INSTALLED_MODULES ERROR_VARIABLE OUT)
-    if (RET)
-        string(REPLACE \"\\n\" \"\\n  \" OUT \"\${OUT}\")
-        message(FATAL_ERROR \"  Command sysrepoctl list failed:\n  \${OUT}\")
-    endif()
-
-    string(REGEX MATCH \"ietf-x509-cert-to-name[^|]*[|][^|]*[|] Installed[^\n]*\" INSTALLED_MODULE_LINE \"\${INSTALLED_MODULES}\")
-    if (NOT INSTALLED_MODULE_LINE)
-        message(STATUS \"Importing module ietf-x509-cert-to-name into sysrepo...\")
-
-        execute_process(COMMAND ${SYSREPOCTL_EXECUTABLE} -i -g ${CMAKE_SOURCE_DIR}/../modules/ietf-x509-cert-to-name.yang -o root:root -p 600 RESULT_VARIABLE RET OUTPUT_VARIABLE OUT ERROR_VARIABLE OUT)
-        if (RET)
-            string(REPLACE \"\\n\" \"\\n  \" OUT \"\${OUT}\")
-            message(FATAL_ERROR \"  Command sysrepoctl install failed:\\n  \${OUT}\")
-        endif()
-
-    else()
-        message(STATUS \"Module ietf-x509-cert-to-name already in sysrepo.\")
-    endif()
-
-    string(REGEX MATCH \"ietf-keystore [^\n]*\" INSTALLED_MODULE_LINE \"\${INSTALLED_MODULES}\")
-    if (NOT INSTALLED_MODULE_LINE)
-        message(STATUS \"Importing module ietf-keystore into sysrepo...\")
-
-        execute_process(COMMAND ${SYSREPOCTL_EXECUTABLE} -i -g ${CMAKE_SOURCE_DIR}/../modules/ietf-keystore.yang -o root:root -p 600 RESULT_VARIABLE RET OUTPUT_VARIABLE OUT ERROR_VARIABLE OUT)
-        if (RET)
-            string(REPLACE \"\\n\" \"\\n  \" OUT \"\${OUT}\")
-            message(FATAL_ERROR \"  Command sysrepoctl install failed:\\n  \${OUT}\")
-        endif()
+option(MODEL_INSTALL "Enable yang model installation" ON)
+if (MODEL_INSTALL)
+    install(CODE "
+        set(ENV{SYSREPOCTL} ${SYSREPOCTL_EXECUTABLE})
+        set(ENV{SYSREPOCTL_ROOT_PERMS} SYSREPOCTL_ROOT_PERMS)
+        execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/scripts/model-install.sh)")
+endif()
 
-    else()
-        message(STATUS \"Module ietf-keystore already in sysrepo.\")
-    endif()")
+# Use KEYSTORED_DEFER_SSH_KEY=ON to skip automatic key conversion.
+# Some external build/deploy script is then responsible for providing an SSH
+# host key in a PEM format at runtime.
+if (NOT KEYSTORED_DEFER_SSH_KEY)
+    set(KEYSTORED_CHECK_SSH_KEY 1)
+else()
+    set(KEYSTORED_CHECK_SSH_KEY 0)
+endif()
 
-# import stock OpenSSH RSA key
-install(CODE "
-    execute_process(COMMAND ${SYSREPOCFG_EXECUTABLE} -d startup --export ietf-keystore RESULT_VARIABLE RET OUTPUT_VARIABLE OUT ERROR_VARIABLE OUT)
-    if (RET)
-        string(REPLACE \"\\n\" \"\\n  \" OUT \"\${OUT}\")
-        message(FATAL_ERROR \"  Command sysrepocfg export failed:\\n  \${OUT}\")
-    endif()
+option(SSH_KEY_INSTALL "Enable ssh key import" ON)
+if (SSH_KEY_INSTALL)
+    install(CODE "
+        set(ENV{SYSREPOCFG} ${SYSREPOCFG_EXECUTABLE})
+        set(ENV{CHMOD} ${CHMOD_EXECUTABLE})
+        set(ENV{OPENSSL} ${OPENSSL_EXECUTABLE})
+        set(ENV{KEYSTORED_KEYS_DIR} ${KEYSTORED_KEYS_DIR})
+        set(ENV{KEYSTORED_CHECK_SSH_KEY} ${KEYSTORED_CHECK_SSH_KEY})
+        execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/scripts/ssh-key-import.sh)")
+endif()
 
-    if (OUT)
-        message(STATUS \"Some ietf-keystore configuration set, no keys will be imported.\")
-    elseif(NOT EXISTS \"/etc/ssh/ssh_host_rsa_key\")
-        message(WARNING \"Default OpenSSH RSA host key \\\"/etc/ssh/ssh_host_rsa_key\\\" not found so a key will have to be imported or generated manually for netopeer2-server to use.\")
-    else()
-        message(STATUS \"Importing stock OpenSSH RSA key.\")
-        file(READ /etc/ssh/ssh_host_rsa_key RSA_KEY)
-        file(WRITE ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem \${RSA_KEY})
-        execute_process(COMMAND ${CHMOD_EXECUTABLE} go-rw ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem)
-        execute_process(COMMAND ${OPENSSL_EXECUTABLE} rsa -pubout -in ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem -out ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pub.pem RESULT_VARIABLE RET OUTPUT_VARIABLE OUT ERROR_VARIABLE OUT)
-        if (RET)
-            string(REPLACE \"\\n\" \"\\n  \" OUT \"\${OUT}\")
-            message(FATAL_ERROR \"  Command openssl generate public key failed:\\n  \${OUT}\")
-        endif()
-        execute_process(COMMAND ${SYSREPOCFG_EXECUTABLE} -d startup -i ${CMAKE_SOURCE_DIR}/stock_key_config.xml ietf-keystore RESULT_VARIABLE RET OUTPUT_VARIABLE OUT ERROR_VARIABLE OUT)
-        if (RET)
-            string(REPLACE \"\\n\" \"\\n  \" OUT \"\${OUT}\")
-            message(FATAL_ERROR \"  Command sysrepocfg import failed:\\n  \${OUT}\")
-        endif()
-    endif()")
+add_custom_target(install-scripts-ide
+    scripts/model-install.sh
+    scripts/ssh-key-import.sh
+)
 
 # plugins should be installed into sysrepo plugins dir
 install(TARGETS keystored DESTINATION ${SR_PLUGINS_DIR})
diff --git a/keystored/scripts/model-install.sh b/keystored/scripts/model-install.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -eux -o pipefail
+
+shopt -s failglob
+
+local_path=$(dirname $0)
+
+: ${SYSREPOCTL:=sysrepoctl}
+: ${SYSREPOCTL_ROOT_PERMS:=-o root:root -p 600}
+: ${YANG_DIR:=$local_path/../../modules}
+
+install_yang_module() {
+    module=$1
+
+    if ! $SYSREPOCTL -l | grep "$module[^|]*|[^|]*| Installed[^\\n]*"; then
+        $SYSREPOCTL -i -g ${YANG_DIR}/$module.yang $SYSREPOCTL_ROOT_PERMS
+    fi
+}
+
+install_yang_module ietf-x509-cert-to-name
+install_yang_module ietf-keystore
diff --git a/keystored/scripts/ssh-key-import.sh b/keystored/scripts/ssh-key-import.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -eux -o pipefail
+
+shopt -s failglob
+
+local_path=$(dirname $0)
+
+: ${SYSREPOCFG:=sysrepocfg}
+: ${CHMOD:=chmod}
+: ${OPENSSL:=openssl}
+: ${STOCK_KEY_CONFIG:=$local_path/../stock_key_config.xml}
+: ${KEYSTORED_KEYS_DIR:=/etc/keystored/keys}
+
+if [ -n "$($SYSREPOCFG -d startup --export ietf-keystore)" ]; then
+    exit 0
+fi
+
+if [ $KEYSTORED_CHECK_SSH_KEY -eq 0 ]; then
+    echo "Warning: Assuming that an external script will provide the SSH key in a PEM format at \"${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem\"."
+    $SYSREPOCFG -d startup -i ${STOCK_KEY_CONFIG} ietf-keystore
+elif [ -r /etc/ssh/ssh_host_rsa_key ]; then
+    cp /etc/ssh/ssh_host_rsa_key ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem
+    $CHMOD go-rw ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem
+    $OPENSSL rsa -pubout -in ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem \
+        -out ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pub.pem
+    $SYSREPOCFG -d startup -i ${STOCK_KEY_CONFIG} ietf-keystore
+else
+    echo "Warning: Cannot read the SSH hostkey at /etc/ssh/ssh_host_rsa_key, skipping"
+fi