diff options
Diffstat (limited to '')
-rw-r--r-- | lib/keychain.c | 1011 |
1 files changed, 28 insertions, 983 deletions
diff --git a/lib/keychain.c b/lib/keychain.c index 5ff0d1e..1982220 100644 --- a/lib/keychain.c +++ b/lib/keychain.c @@ -6,19 +6,19 @@ #include "config.h" #include <zebra.h> -#include "command.h" -#include "memory.h" -#include "linklist.h" #include "keychain.h" +#include "linklist.h" +#include "memory.h" -DEFINE_MTYPE_STATIC(LIB, KEY, "Key"); -DEFINE_MTYPE_STATIC(LIB, KEYCHAIN, "Key chain"); +DEFINE_MTYPE(LIB, KEY, "Key"); +DEFINE_MTYPE(LIB, KEYCHAIN, "Key chain"); +DEFINE_MTYPE(LIB, KEYCHAIN_DESC, "Key chain description"); DEFINE_QOBJ_TYPE(keychain); DEFINE_QOBJ_TYPE(key); /* Master list of key chain. */ -static struct list *keychain_list; +struct list *keychain_list; static struct keychain *keychain_new(void) { @@ -82,7 +82,7 @@ static void key_delete_func(struct key *key) key_free(key); } -static struct keychain *keychain_get(const char *name) +struct keychain *keychain_get(const char *name) { struct keychain *keychain; @@ -101,7 +101,7 @@ static struct keychain *keychain_get(const char *name) return keychain; } -static void keychain_delete(struct keychain *keychain) +void keychain_delete(struct keychain *keychain) { XFREE(MTYPE_KEYCHAIN, keychain->name); @@ -110,7 +110,7 @@ static void keychain_delete(struct keychain *keychain) keychain_free(keychain); } -static struct key *key_lookup(const struct keychain *keychain, uint32_t index) +struct key *key_lookup(const struct keychain *keychain, uint32_t index) { struct listnode *node; struct key *key; @@ -183,7 +183,7 @@ struct key *key_lookup_for_send(const struct keychain *keychain) return NULL; } -static struct key *key_get(const struct keychain *keychain, uint32_t index) +struct key *key_get(const struct keychain *keychain, uint32_t index) { struct key *key; @@ -200,7 +200,7 @@ static struct key *key_get(const struct keychain *keychain, uint32_t index) return key; } -static void key_delete(struct keychain *keychain, struct key *key) +void key_delete(struct keychain *keychain, struct key *key) { listnode_delete(keychain->key, key); @@ -208,122 +208,6 @@ static void key_delete(struct keychain *keychain, struct key *key) key_free(key); } -DEFUN_NOSH (key_chain, - key_chain_cmd, - "key chain WORD", - "Authentication key management\n" - "Key-chain management\n" - "Key-chain name\n") -{ - int idx_word = 2; - struct keychain *keychain; - - keychain = keychain_get(argv[idx_word]->arg); - VTY_PUSH_CONTEXT(KEYCHAIN_NODE, keychain); - - return CMD_SUCCESS; -} - -DEFUN (no_key_chain, - no_key_chain_cmd, - "no key chain WORD", - NO_STR - "Authentication key management\n" - "Key-chain management\n" - "Key-chain name\n") -{ - int idx_word = 3; - struct keychain *keychain; - - keychain = keychain_lookup(argv[idx_word]->arg); - - if (!keychain) { - vty_out(vty, "Can't find keychain %s\n", argv[idx_word]->arg); - return CMD_WARNING_CONFIG_FAILED; - } - - keychain_delete(keychain); - - return CMD_SUCCESS; -} - -DEFUN_NOSH (key, - key_cmd, - "key (0-2147483647)", - "Configure a key\n" - "Key identifier number\n") -{ - int idx_number = 1; - VTY_DECLVAR_CONTEXT(keychain, keychain); - struct key *key; - uint32_t index; - - index = strtoul(argv[idx_number]->arg, NULL, 10); - key = key_get(keychain, index); - VTY_PUSH_CONTEXT_SUB(KEYCHAIN_KEY_NODE, key); - - return CMD_SUCCESS; -} - -DEFUN (no_key, - no_key_cmd, - "no key (0-2147483647)", - NO_STR - "Delete a key\n" - "Key identifier number\n") -{ - int idx_number = 2; - VTY_DECLVAR_CONTEXT(keychain, keychain); - struct key *key; - uint32_t index; - - index = strtoul(argv[idx_number]->arg, NULL, 10); - key = key_lookup(keychain, index); - if (!key) { - vty_out(vty, "Can't find key %d\n", index); - return CMD_WARNING_CONFIG_FAILED; - } - - key_delete(keychain, key); - - vty->node = KEYCHAIN_NODE; - - return CMD_SUCCESS; -} - -DEFUN (key_string, - key_string_cmd, - "key-string LINE", - "Set key string\n" - "The key\n") -{ - int idx_line = 1; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - if (key->string) - XFREE(MTYPE_KEY, key->string); - key->string = XSTRDUP(MTYPE_KEY, argv[idx_line]->arg); - - return CMD_SUCCESS; -} - -DEFUN (no_key_string, - no_key_string_cmd, - "no key-string [LINE]", - NO_STR - "Unset key string\n" - "The key\n") -{ - VTY_DECLVAR_CONTEXT_SUB(key, key); - - if (key->string) { - XFREE(MTYPE_KEY, key->string); - key->string = NULL; - } - - return CMD_SUCCESS; -} - const struct keychain_algo_info algo_info[] = { {KEYCHAIN_ALGO_NULL, "null", 0, 0, "NULL"}, {KEYCHAIN_ALGO_MD5, "md5", KEYCHAIN_MD5_HASH_SIZE, @@ -394,800 +278,6 @@ const char *keychain_get_algo_name_by_id(enum keychain_hash_algo key) return algo_info[key].name; } -DEFUN(cryptographic_algorithm, cryptographic_algorithm_cmd, - "cryptographic-algorithm " - "<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>", - "Cryptographic-algorithm\n" - "Use MD5 algorithm\n" - "Use HMAC-SHA-1 algorithm\n" - "Use HMAC-SHA-256 algorithm\n" - "Use HMAC-SHA-384 algorithm\n" - "Use HMAC-SHA-512 algorithm\n") -{ - int algo_idx = 1; - uint8_t hash_algo = KEYCHAIN_ALGO_NULL; - - VTY_DECLVAR_CONTEXT_SUB(key, key); - hash_algo = keychain_get_algo_id_by_name(argv[algo_idx]->arg); -#ifndef CRYPTO_OPENSSL - if (hash_algo == KEYCHAIN_ALGO_NULL) { - vty_out(vty, - "Hash algorithm not supported, compile with --with-crypto=openssl\n"); - return CMD_WARNING_CONFIG_FAILED; - } -#endif /* CRYPTO_OPENSSL */ - key->hash_algo = hash_algo; - return CMD_SUCCESS; -} - -DEFUN(no_cryptographic_algorithm, no_cryptographic_algorithm_cmd, - "no cryptographic-algorithm " - "[<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>]", - NO_STR - "Cryptographic-algorithm\n" - "Use MD5 algorithm\n" - "Use HMAC-SHA-1 algorithm\n" - "Use HMAC-SHA-256 algorithm\n" - "Use HMAC-SHA-384 algorithm\n" - "Use HMAC-SHA-512 algorithm\n") -{ - int algo_idx = 2; - uint8_t hash_algo = KEYCHAIN_ALGO_NULL; - - VTY_DECLVAR_CONTEXT_SUB(key, key); - if (argc > algo_idx) { - hash_algo = keychain_get_algo_id_by_name(argv[algo_idx]->arg); - if (hash_algo == KEYCHAIN_ALGO_NULL) { - vty_out(vty, - "Hash algorithm not supported, try compiling with --with-crypto=openssl\n"); - return CMD_WARNING_CONFIG_FAILED; - } - } - - if ((hash_algo != KEYCHAIN_ALGO_NULL) && (hash_algo != key->hash_algo)) - return CMD_SUCCESS; - - key->hash_algo = KEYCHAIN_ALGO_NULL; - return CMD_SUCCESS; -} - -/* Convert HH:MM:SS MON DAY YEAR to time_t value. -1 is returned when - given string is malformed. */ -static time_t key_str2time(const char *time_str, const char *day_str, - const char *month_str, const char *year_str) -{ - int i = 0; - char *colon; - struct tm tm; - time_t time; - unsigned int sec, min, hour; - unsigned int day, month, year; - - const char *month_name[] = { - "January", "February", "March", "April", "May", - "June", "July", "August", "September", "October", - "November", "December", NULL}; - -#define _GET_LONG_RANGE(V, STR, MMCOND) \ - { \ - unsigned long tmpl; \ - char *endptr = NULL; \ - tmpl = strtoul((STR), &endptr, 10); \ - if (*endptr != '\0' || tmpl == ULONG_MAX) \ - return -1; \ - if (MMCOND) \ - return -1; \ - (V) = tmpl; \ - } -#define GET_LONG_RANGE(V, STR, MIN, MAX) \ - _GET_LONG_RANGE(V, STR, tmpl<(MIN) || tmpl>(MAX)) -#define GET_LONG_RANGE0(V, STR, MAX) _GET_LONG_RANGE(V, STR, tmpl > (MAX)) - - /* Check hour field of time_str. */ - colon = strchr(time_str, ':'); - if (colon == NULL) - return -1; - *colon = '\0'; - - /* Hour must be between 0 and 23. */ - GET_LONG_RANGE0(hour, time_str, 23); - - /* Check min field of time_str. */ - time_str = colon + 1; - colon = strchr(time_str, ':'); - if (*time_str == '\0' || colon == NULL) - return -1; - *colon = '\0'; - - /* Min must be between 0 and 59. */ - GET_LONG_RANGE0(min, time_str, 59); - - /* Check sec field of time_str. */ - time_str = colon + 1; - if (*time_str == '\0') - return -1; - - /* Sec must be between 0 and 59. */ - GET_LONG_RANGE0(sec, time_str, 59); - - /* Check day_str. Day must be <1-31>. */ - GET_LONG_RANGE(day, day_str, 1, 31); - - /* Check month_str. Month must match month_name. */ - month = 0; - if (strlen(month_str) >= 3) - for (i = 0; month_name[i]; i++) - if (strncmp(month_str, month_name[i], strlen(month_str)) - == 0) { - month = i; - break; - } - if (!month_name[i]) - return -1; - - /* Check year_str. Year must be <1993-2035>. */ - GET_LONG_RANGE(year, year_str, 1993, 2035); - - memset(&tm, 0, sizeof(tm)); - tm.tm_sec = sec; - tm.tm_min = min; - tm.tm_hour = hour; - tm.tm_mon = month; - tm.tm_mday = day; - tm.tm_year = year - 1900; - - time = mktime(&tm); - - return time; -#undef GET_LONG_RANGE -} - -static int key_lifetime_set(struct vty *vty, struct key_range *krange, - const char *stime_str, const char *sday_str, - const char *smonth_str, const char *syear_str, - const char *etime_str, const char *eday_str, - const char *emonth_str, const char *eyear_str) -{ - time_t time_start; - time_t time_end; - - time_start = key_str2time(stime_str, sday_str, smonth_str, syear_str); - if (time_start < 0) { - vty_out(vty, "Malformed time value\n"); - return CMD_WARNING_CONFIG_FAILED; - } - time_end = key_str2time(etime_str, eday_str, emonth_str, eyear_str); - - if (time_end < 0) { - vty_out(vty, "Malformed time value\n"); - return CMD_WARNING_CONFIG_FAILED; - } - - if (time_end <= time_start) { - vty_out(vty, "Expire time is not later than start time\n"); - return CMD_WARNING_CONFIG_FAILED; - } - - krange->start = time_start; - krange->end = time_end; - - return CMD_SUCCESS; -} - -static int key_lifetime_duration_set(struct vty *vty, struct key_range *krange, - const char *stime_str, - const char *sday_str, - const char *smonth_str, - const char *syear_str, - const char *duration_str) -{ - time_t time_start; - uint32_t duration; - - time_start = key_str2time(stime_str, sday_str, smonth_str, syear_str); - if (time_start < 0) { - vty_out(vty, "Malformed time value\n"); - return CMD_WARNING_CONFIG_FAILED; - } - krange->start = time_start; - - duration = strtoul(duration_str, NULL, 10); - krange->duration = 1; - krange->end = time_start + duration; - - return CMD_SUCCESS; -} - -static int key_lifetime_infinite_set(struct vty *vty, struct key_range *krange, - const char *stime_str, - const char *sday_str, - const char *smonth_str, - const char *syear_str) -{ - time_t time_start; - - time_start = key_str2time(stime_str, sday_str, smonth_str, syear_str); - if (time_start < 0) { - vty_out(vty, "Malformed time value\n"); - return CMD_WARNING_CONFIG_FAILED; - } - krange->start = time_start; - - krange->end = -1; - - return CMD_SUCCESS; -} - -DEFUN (accept_lifetime_day_month_day_month, - accept_lifetime_day_month_day_month_cmd, - "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)", - "Set accept lifetime of the key\n" - "Time to start\n" - "Day of th month to start\n" - "Month of the year to start\n" - "Year to start\n" - "Time to expire\n" - "Day of th month to expire\n" - "Month of the year to expire\n" - "Year to expire\n") -{ - int idx_hhmmss = 1; - int idx_number = 2; - int idx_month = 3; - int idx_number_2 = 4; - int idx_hhmmss_2 = 5; - int idx_number_3 = 6; - int idx_month_2 = 7; - int idx_number_4 = 8; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_set( - vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, - argv[idx_month_2]->arg, argv[idx_number_4]->arg); -} - -DEFUN (accept_lifetime_day_month_month_day, - accept_lifetime_day_month_month_day_cmd, - "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)", - "Set accept lifetime of the key\n" - "Time to start\n" - "Day of th month to start\n" - "Month of the year to start\n" - "Year to start\n" - "Time to expire\n" - "Month of the year to expire\n" - "Day of th month to expire\n" - "Year to expire\n") -{ - int idx_hhmmss = 1; - int idx_number = 2; - int idx_month = 3; - int idx_number_2 = 4; - int idx_hhmmss_2 = 5; - int idx_month_2 = 6; - int idx_number_3 = 7; - int idx_number_4 = 8; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_set( - vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, - argv[idx_month_2]->arg, argv[idx_number_4]->arg); -} - -DEFUN (accept_lifetime_month_day_day_month, - accept_lifetime_month_day_day_month_cmd, - "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)", - "Set accept lifetime of the key\n" - "Time to start\n" - "Month of the year to start\n" - "Day of th month to start\n" - "Year to start\n" - "Time to expire\n" - "Day of th month to expire\n" - "Month of the year to expire\n" - "Year to expire\n") -{ - int idx_hhmmss = 1; - int idx_month = 2; - int idx_number = 3; - int idx_number_2 = 4; - int idx_hhmmss_2 = 5; - int idx_number_3 = 6; - int idx_month_2 = 7; - int idx_number_4 = 8; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_set( - vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, - argv[idx_month_2]->arg, argv[idx_number_4]->arg); -} - -DEFUN (accept_lifetime_month_day_month_day, - accept_lifetime_month_day_month_day_cmd, - "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)", - "Set accept lifetime of the key\n" - "Time to start\n" - "Month of the year to start\n" - "Day of th month to start\n" - "Year to start\n" - "Time to expire\n" - "Month of the year to expire\n" - "Day of th month to expire\n" - "Year to expire\n") -{ - int idx_hhmmss = 1; - int idx_month = 2; - int idx_number = 3; - int idx_number_2 = 4; - int idx_hhmmss_2 = 5; - int idx_month_2 = 6; - int idx_number_3 = 7; - int idx_number_4 = 8; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_set( - vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, - argv[idx_month_2]->arg, argv[idx_number_4]->arg); -} - -DEFUN (accept_lifetime_infinite_day_month, - accept_lifetime_infinite_day_month_cmd, - "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) infinite", - "Set accept lifetime of the key\n" - "Time to start\n" - "Day of th month to start\n" - "Month of the year to start\n" - "Year to start\n" - "Never expires\n") -{ - int idx_hhmmss = 1; - int idx_number = 2; - int idx_month = 3; - int idx_number_2 = 4; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_infinite_set( - vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg); -} - -DEFUN (accept_lifetime_infinite_month_day, - accept_lifetime_infinite_month_day_cmd, - "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) infinite", - "Set accept lifetime of the key\n" - "Time to start\n" - "Month of the year to start\n" - "Day of th month to start\n" - "Year to start\n" - "Never expires\n") -{ - int idx_hhmmss = 1; - int idx_month = 2; - int idx_number = 3; - int idx_number_2 = 4; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_infinite_set( - vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg); -} - -DEFUN (accept_lifetime_duration_day_month, - accept_lifetime_duration_day_month_cmd, - "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) duration (1-2147483646)", - "Set accept lifetime of the key\n" - "Time to start\n" - "Day of th month to start\n" - "Month of the year to start\n" - "Year to start\n" - "Duration of the key\n" - "Duration seconds\n") -{ - int idx_hhmmss = 1; - int idx_number = 2; - int idx_month = 3; - int idx_number_2 = 4; - int idx_number_3 = 6; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_duration_set( - vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_number_3]->arg); -} - -DEFUN (accept_lifetime_duration_month_day, - accept_lifetime_duration_month_day_cmd, - "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) duration (1-2147483646)", - "Set accept lifetime of the key\n" - "Time to start\n" - "Month of the year to start\n" - "Day of th month to start\n" - "Year to start\n" - "Duration of the key\n" - "Duration seconds\n") -{ - int idx_hhmmss = 1; - int idx_month = 2; - int idx_number = 3; - int idx_number_2 = 4; - int idx_number_3 = 6; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_duration_set( - vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_number_3]->arg); -} - -DEFUN (no_accept_lifetime, - no_accept_lifetime_cmd, - "no accept-lifetime", - NO_STR - "Unset accept-lifetime\n") -{ - VTY_DECLVAR_CONTEXT_SUB(key, key); - - if (key->accept.start) - key->accept.start = 0; - if (key->accept.end) - key->accept.end = 0; - if (key->accept.duration) - key->accept.duration = 0; - - return CMD_SUCCESS; -} - -DEFUN (send_lifetime_day_month_day_month, - send_lifetime_day_month_day_month_cmd, - "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)", - "Set send lifetime of the key\n" - "Time to start\n" - "Day of th month to start\n" - "Month of the year to start\n" - "Year to start\n" - "Time to expire\n" - "Day of th month to expire\n" - "Month of the year to expire\n" - "Year to expire\n") -{ - int idx_hhmmss = 1; - int idx_number = 2; - int idx_month = 3; - int idx_number_2 = 4; - int idx_hhmmss_2 = 5; - int idx_number_3 = 6; - int idx_month_2 = 7; - int idx_number_4 = 8; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_set( - vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, - argv[idx_month_2]->arg, argv[idx_number_4]->arg); -} - -DEFUN (send_lifetime_day_month_month_day, - send_lifetime_day_month_month_day_cmd, - "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)", - "Set send lifetime of the key\n" - "Time to start\n" - "Day of th month to start\n" - "Month of the year to start\n" - "Year to start\n" - "Time to expire\n" - "Month of the year to expire\n" - "Day of th month to expire\n" - "Year to expire\n") -{ - int idx_hhmmss = 1; - int idx_number = 2; - int idx_month = 3; - int idx_number_2 = 4; - int idx_hhmmss_2 = 5; - int idx_month_2 = 6; - int idx_number_3 = 7; - int idx_number_4 = 8; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_set( - vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, - argv[idx_month_2]->arg, argv[idx_number_4]->arg); -} - -DEFUN (send_lifetime_month_day_day_month, - send_lifetime_month_day_day_month_cmd, - "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)", - "Set send lifetime of the key\n" - "Time to start\n" - "Month of the year to start\n" - "Day of th month to start\n" - "Year to start\n" - "Time to expire\n" - "Day of th month to expire\n" - "Month of the year to expire\n" - "Year to expire\n") -{ - int idx_hhmmss = 1; - int idx_month = 2; - int idx_number = 3; - int idx_number_2 = 4; - int idx_hhmmss_2 = 5; - int idx_number_3 = 6; - int idx_month_2 = 7; - int idx_number_4 = 8; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_set( - vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, - argv[idx_month_2]->arg, argv[idx_number_4]->arg); -} - -DEFUN (send_lifetime_month_day_month_day, - send_lifetime_month_day_month_day_cmd, - "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)", - "Set send lifetime of the key\n" - "Time to start\n" - "Month of the year to start\n" - "Day of th month to start\n" - "Year to start\n" - "Time to expire\n" - "Month of the year to expire\n" - "Day of th month to expire\n" - "Year to expire\n") -{ - int idx_hhmmss = 1; - int idx_month = 2; - int idx_number = 3; - int idx_number_2 = 4; - int idx_hhmmss_2 = 5; - int idx_month_2 = 6; - int idx_number_3 = 7; - int idx_number_4 = 8; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_set( - vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg, - argv[idx_month_2]->arg, argv[idx_number_4]->arg); -} - -DEFUN (send_lifetime_infinite_day_month, - send_lifetime_infinite_day_month_cmd, - "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) infinite", - "Set send lifetime of the key\n" - "Time to start\n" - "Day of th month to start\n" - "Month of the year to start\n" - "Year to start\n" - "Never expires\n") -{ - int idx_hhmmss = 1; - int idx_number = 2; - int idx_month = 3; - int idx_number_2 = 4; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_infinite_set( - vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg); -} - -DEFUN (send_lifetime_infinite_month_day, - send_lifetime_infinite_month_day_cmd, - "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) infinite", - "Set send lifetime of the key\n" - "Time to start\n" - "Month of the year to start\n" - "Day of th month to start\n" - "Year to start\n" - "Never expires\n") -{ - int idx_hhmmss = 1; - int idx_month = 2; - int idx_number = 3; - int idx_number_2 = 4; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_infinite_set( - vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg); -} - -DEFUN (send_lifetime_duration_day_month, - send_lifetime_duration_day_month_cmd, - "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) duration (1-2147483646)", - "Set send lifetime of the key\n" - "Time to start\n" - "Day of th month to start\n" - "Month of the year to start\n" - "Year to start\n" - "Duration of the key\n" - "Duration seconds\n") -{ - int idx_hhmmss = 1; - int idx_number = 2; - int idx_month = 3; - int idx_number_2 = 4; - int idx_number_3 = 6; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_duration_set( - vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_number_3]->arg); -} - -DEFUN (send_lifetime_duration_month_day, - send_lifetime_duration_month_day_cmd, - "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) duration (1-2147483646)", - "Set send lifetime of the key\n" - "Time to start\n" - "Month of the year to start\n" - "Day of th month to start\n" - "Year to start\n" - "Duration of the key\n" - "Duration seconds\n") -{ - int idx_hhmmss = 1; - int idx_month = 2; - int idx_number = 3; - int idx_number_2 = 4; - int idx_number_3 = 6; - VTY_DECLVAR_CONTEXT_SUB(key, key); - - return key_lifetime_duration_set( - vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg, - argv[idx_month]->arg, argv[idx_number_2]->arg, - argv[idx_number_3]->arg); -} - -DEFUN (no_send_lifetime, - no_send_lifetime_cmd, - "no send-lifetime", - NO_STR - "Unset send-lifetime\n") -{ - VTY_DECLVAR_CONTEXT_SUB(key, key); - - if (key->send.start) - key->send.start = 0; - if (key->send.end) - key->send.end = 0; - if (key->send.duration) - key->send.duration = 0; - - return CMD_SUCCESS; -} - -static int keychain_config_write(struct vty *vty); -static struct cmd_node keychain_node = { - .name = "keychain", - .node = KEYCHAIN_NODE, - .parent_node = CONFIG_NODE, - .prompt = "%s(config-keychain)# ", - .config_write = keychain_config_write, -}; - -static struct cmd_node keychain_key_node = { - .name = "keychain key", - .node = KEYCHAIN_KEY_NODE, - .parent_node = KEYCHAIN_NODE, - .prompt = "%s(config-keychain-key)# ", -}; - -static int keychain_strftime(char *buf, int bufsiz, time_t *time) -{ - struct tm tm; - size_t len; - - localtime_r(time, &tm); - - len = strftime(buf, bufsiz, "%T %b %d %Y", &tm); - - return len; -} - -static int keychain_config_write(struct vty *vty) -{ - struct keychain *keychain; - struct key *key; - struct listnode *node; - struct listnode *knode; - char buf[BUFSIZ]; - - for (ALL_LIST_ELEMENTS_RO(keychain_list, node, keychain)) { - vty_out(vty, "key chain %s\n", keychain->name); - - for (ALL_LIST_ELEMENTS_RO(keychain->key, knode, key)) { - vty_out(vty, " key %d\n", key->index); - - if (key->string) - vty_out(vty, " key-string %s\n", key->string); - - if (key->hash_algo != KEYCHAIN_ALGO_NULL) - vty_out(vty, " cryptographic-algorithm %s\n", - keychain_get_algo_name_by_id( - key->hash_algo)); - - if (key->accept.start) { - keychain_strftime(buf, BUFSIZ, - &key->accept.start); - vty_out(vty, " accept-lifetime %s", buf); - - if (key->accept.end == -1) - vty_out(vty, " infinite"); - else if (key->accept.duration) - vty_out(vty, " duration %ld", - (long)(key->accept.end - - key->accept.start)); - else { - keychain_strftime(buf, BUFSIZ, - &key->accept.end); - vty_out(vty, " %s", buf); - } - vty_out(vty, "\n"); - } - - if (key->send.start) { - keychain_strftime(buf, BUFSIZ, - &key->send.start); - vty_out(vty, " send-lifetime %s", buf); - - if (key->send.end == -1) - vty_out(vty, " infinite"); - else if (key->send.duration) - vty_out(vty, " duration %ld", - (long)(key->send.end - - key->send.start)); - else { - keychain_strftime(buf, BUFSIZ, - &key->send.end); - vty_out(vty, " %s", buf); - } - vty_out(vty, "\n"); - } - - vty_out(vty, " exit\n"); - } - vty_out(vty, "exit\n"); - vty_out(vty, "!\n"); - } - - return 0; -} - - -static void keychain_active_config(vector comps, struct cmd_token *token) -{ - struct keychain *keychain; - struct listnode *node; - - for (ALL_LIST_ELEMENTS_RO(keychain_list, node, keychain)) - vector_set(comps, XSTRDUP(MTYPE_COMPLETION, keychain->name)); -} - -static const struct cmd_variable_handler keychain_var_handlers[] = { - {.varname = "key_chain", .completions = keychain_active_config}, - {.tokenname = "KEYCHAIN_NAME", .completions = keychain_active_config}, - {.tokenname = "KCHAIN_NAME", .completions = keychain_active_config}, - {.completions = NULL} -}; - void keychain_terminate(void) { struct keychain *keychain; @@ -1202,70 +292,25 @@ void keychain_terminate(void) list_delete(&keychain_list); } -void keychain_init(void) +void keychain_init_new(bool in_backend) { keychain_list = list_new(); - /* Register handler for keychain auto config support */ - cmd_variable_handler_register(keychain_var_handlers); - install_node(&keychain_node); - install_node(&keychain_key_node); - - install_default(KEYCHAIN_NODE); - install_default(KEYCHAIN_KEY_NODE); - - install_element(CONFIG_NODE, &key_chain_cmd); - install_element(CONFIG_NODE, &no_key_chain_cmd); - install_element(KEYCHAIN_NODE, &key_cmd); - install_element(KEYCHAIN_NODE, &no_key_cmd); - - install_element(KEYCHAIN_NODE, &key_chain_cmd); - install_element(KEYCHAIN_NODE, &no_key_chain_cmd); - - install_element(KEYCHAIN_KEY_NODE, &key_string_cmd); - install_element(KEYCHAIN_KEY_NODE, &no_key_string_cmd); - - install_element(KEYCHAIN_KEY_NODE, &key_chain_cmd); - install_element(KEYCHAIN_KEY_NODE, &no_key_chain_cmd); - - install_element(KEYCHAIN_KEY_NODE, &key_cmd); - install_element(KEYCHAIN_KEY_NODE, &no_key_cmd); - - install_element(KEYCHAIN_KEY_NODE, - &accept_lifetime_day_month_day_month_cmd); - install_element(KEYCHAIN_KEY_NODE, - &accept_lifetime_day_month_month_day_cmd); - install_element(KEYCHAIN_KEY_NODE, - &accept_lifetime_month_day_day_month_cmd); - install_element(KEYCHAIN_KEY_NODE, - &accept_lifetime_month_day_month_day_cmd); - install_element(KEYCHAIN_KEY_NODE, - &accept_lifetime_infinite_day_month_cmd); - install_element(KEYCHAIN_KEY_NODE, - &accept_lifetime_infinite_month_day_cmd); - install_element(KEYCHAIN_KEY_NODE, - &accept_lifetime_duration_day_month_cmd); - install_element(KEYCHAIN_KEY_NODE, - &accept_lifetime_duration_month_day_cmd); - install_element(KEYCHAIN_KEY_NODE, &no_accept_lifetime_cmd); + if (!in_backend) + keychain_cli_init(); +} - install_element(KEYCHAIN_KEY_NODE, - &send_lifetime_day_month_day_month_cmd); - install_element(KEYCHAIN_KEY_NODE, - &send_lifetime_day_month_month_day_cmd); - install_element(KEYCHAIN_KEY_NODE, - &send_lifetime_month_day_day_month_cmd); - install_element(KEYCHAIN_KEY_NODE, - &send_lifetime_month_day_month_day_cmd); - install_element(KEYCHAIN_KEY_NODE, - &send_lifetime_infinite_day_month_cmd); - install_element(KEYCHAIN_KEY_NODE, - &send_lifetime_infinite_month_day_cmd); - install_element(KEYCHAIN_KEY_NODE, - &send_lifetime_duration_day_month_cmd); - install_element(KEYCHAIN_KEY_NODE, - &send_lifetime_duration_month_day_cmd); - install_element(KEYCHAIN_KEY_NODE, &no_send_lifetime_cmd); - install_element(KEYCHAIN_KEY_NODE, &cryptographic_algorithm_cmd); - install_element(KEYCHAIN_KEY_NODE, &no_cryptographic_algorithm_cmd); +void keychain_init(void) +{ + keychain_init_new(false); } + +const struct frr_yang_module_info ietf_key_chain_deviation_info = { + .name = "frr-deviations-ietf-key-chain", + .ignore_cfg_cbs = true, + .nodes = { + { + .xpath = NULL, + }, + }, +}; |