X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=ntsimulator%2Fntsim-ng%2Fcore%2Fnc_config.c;fp=ntsimulator%2Fntsim-ng%2Fcore%2Fnc_config.c;h=43402ebd6d1ef9150e3710593c905a8f2f5e5e7e;hb=f1d5c9198acde7a7ce296490087cad37e008f688;hp=0000000000000000000000000000000000000000;hpb=f2d8f1002fa93848c80a88e5658db4816cba3020;p=sim%2Fo1-interface.git diff --git a/ntsimulator/ntsim-ng/core/nc_config.c b/ntsimulator/ntsim-ng/core/nc_config.c new file mode 100644 index 0000000..43402eb --- /dev/null +++ b/ntsimulator/ntsim-ng/core/nc_config.c @@ -0,0 +1,620 @@ +/************************************************************************* +* +* Copyright 2020 highstreet technologies GmbH and others +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +***************************************************************************/ + +#define _GNU_SOURCE + +#include "nc_config.h" +#include "utils/log_utils.h" +#include "utils/sys_utils.h" +#include "utils/http_client.h" +#include +#include + +#include +#include "core/session.h" +#include "core/framework.h" + +#define GEN_KEY_SCRIPT "/home/netconf/.ssh/generate-ssh-keys.sh" +#define KS_CERT_NAME "melacon_server_cert" +#define SERVER_PRIVATE_KEY_PATH "/home/netconf/.ssh/melacon.server.key" +#define SERVER_PUBLIC_KEY_PATH "/home/netconf/.ssh/melacon.server.key.pub.pem" +#define SERVER_CERT_PATH "/home/netconf/.ssh/melacon.server.crt" +#define CLIENT_CERT_PATH "/home/netconf/.ssh/client.crt" +#define CA_CERT_PATH "/home/netconf/.ssh/ca.pem" + +static int nc_config_netconf_port = STANDARD_NETCONF_PORT; + +static int load_ssh_keys(sr_session_ctx_t *session); +static int load_trusted_certificates(sr_session_ctx_t *session); +static int remove_nacm(sr_session_ctx_t *session); +static int create_ssh_listen_endpoints(struct lyd_node *netconf_node, int ssh_connections); +static int create_tls_listen_endpoints(struct lyd_node *netconf_node, int tls_connections); +static int configure_endpoints_connections(sr_session_ctx_t *session); + +int netconf_configure(void) { + int rc = NTS_ERR_OK; + + nc_config_netconf_port = STANDARD_NETCONF_PORT; + + sr_session_ctx_t *current_session; + rc = sr_session_start(session_connection, SR_DS_RUNNING, ¤t_session); + if(rc != 0) { + log_error("could not start session on running datastore"); + return NTS_ERR_FAILED; + } + + // generate and load private keys + log_message(1, "ietf-keystore startup datastore configuration..."); //checkAS e ok aici ? + rc = load_ssh_keys(current_session); + if(rc != 0) { + log_error("could not load SSH keys"); + return NTS_ERR_FAILED; + } + log_message(1, LOG_COLOR_BOLD_GREEN"done\n"LOG_COLOR_RESET); + + // load trusted certificates + log_message(1, "ietf-truststore startup datastore configuration..."); + rc = load_trusted_certificates(current_session); + if(rc != 0) { + log_error("could not load trusted certificates"); + return NTS_ERR_FAILED; + } + log_message(1, LOG_COLOR_BOLD_GREEN"done\n"LOG_COLOR_RESET); + + // remove NACM + log_message(1, "Removing NACM..."); + rc = remove_nacm(current_session); + if(rc != 0) { + log_error("could not remove NACM"); + return NTS_ERR_FAILED; + } + log_message(1, LOG_COLOR_BOLD_GREEN"done\n"LOG_COLOR_RESET); + + // configure SSH connections + log_message(1, "Configuring connection endpoints..."); + rc = configure_endpoints_connections(current_session); + if(rc != 0) { + log_error("could not configure endpoint connections forNETCONF Server"); + return NTS_ERR_FAILED; + } + log_message(1, LOG_COLOR_BOLD_GREEN"done\n"LOG_COLOR_RESET); + + rc = sr_session_stop(current_session); + if(rc != 0) { + log_error("could not configure stop current sysrepo session"); + return NTS_ERR_FAILED; + } + + return NTS_ERR_OK; +} + +static int load_ssh_keys(sr_session_ctx_t *session) { + assert(session); + + int rc = NTS_ERR_OK; + char xpath[500]; + struct lyd_node *rcl = 0; + + rc = system(GEN_KEY_SCRIPT); + if(rc != 0) { + log_error("could not generate the SSH keys"); + return NTS_ERR_FAILED; + } + + struct lys_module *module; + module = (struct lys_module *)ly_ctx_get_module(session_context, "ietf-keystore", 0, 0); + if(module == 0) { + log_error("could not get module %s from context", "ietf-keystore"); + return NTS_ERR_FAILED; + } + + struct lyd_node *keystore_node = 0; + keystore_node = lyd_new(NULL, module, "keystore"); + if(keystore_node == 0) { + log_error("could not create a new lyd_node"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/algorithm", KS_KEY_NAME); + rcl = lyd_new_path(keystore_node, 0, xpath, "rsa2048", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + char *private_key = read_key(SERVER_PRIVATE_KEY_PATH); + if(private_key == 0) { + log_error("could not read the private key from path=%s", SERVER_PRIVATE_KEY_PATH); + return NTS_ERR_FAILED; + } + log_message(2, "Private Key that was built: \n%s\n", private_key); + + sprintf(xpath, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/private-key", KS_KEY_NAME); + rcl = lyd_new_path(keystore_node, 0, xpath, private_key, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + free(private_key); + + char *public_key = read_key(SERVER_PUBLIC_KEY_PATH); + if(public_key == 0) { + log_error("could not read the public key from path=%s", SERVER_PUBLIC_KEY_PATH); + return NTS_ERR_FAILED; + } + log_message(2, "Public Key that was built: \n%s\n", public_key); + + sprintf(xpath, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/public-key", KS_KEY_NAME); + rcl = lyd_new_path(keystore_node, 0, xpath, public_key, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + free(public_key); + + char *certificate = read_key(SERVER_CERT_PATH); + if(certificate == 0) { + log_error("could not read the certificate from path=%s", SERVER_CERT_PATH); + return NTS_ERR_FAILED; + } + log_message(2, "Certificate that was built: \n%s\n", certificate); + + sprintf(xpath, "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='%s']/certificates/certificate[name='%s']/cert", KS_KEY_NAME, KS_CERT_NAME); + rcl = lyd_new_path(keystore_node, 0, xpath, certificate, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + free(certificate); + + rc = sr_edit_batch(session, keystore_node, "replace"); + if(rc != SR_ERR_OK) { + log_error("could not edit batch on datastore"); + return NTS_ERR_FAILED; + } + + rc = sr_validate(session, "ietf-keystore", 0); + if(rc != SR_ERR_OK) { + struct ly_err_item *err = ly_err_first(session_context); + log_error("sr_validate issues on STARTUP: %s", err->msg); + return false; + } + + rc = sr_apply_changes(session, 0, 0); + if(rc != SR_ERR_OK) { + log_error("could not apply changes on datastore"); + return NTS_ERR_FAILED; + } + + return NTS_ERR_OK; +} + +static int load_trusted_certificates(sr_session_ctx_t *session) { + assert(session); + + int rc = NTS_ERR_OK; + struct lyd_node *rcl = 0; + + struct lyd_node *trusted_certificate_node = 0; + struct lys_module *module; + module = (struct lys_module *)ly_ctx_get_module(session_context, "ietf-truststore", 0, 0); + if(module == 0) { + log_error("could not get module %s from context", "ietf-truststore"); + return NTS_ERR_FAILED; + } + + trusted_certificate_node = lyd_new(NULL, module, "truststore"); + if(trusted_certificate_node == 0) { + log_error("could not create a new lyd_node"); + return NTS_ERR_FAILED; + } + + char xpath[500]; + + sprintf(xpath, "/ietf-truststore:truststore/certificates[name='clientcerts']/certificate[name='clientcert']/cert"); + char *client_cert = read_key(CLIENT_CERT_PATH); + rcl = lyd_new_path(trusted_certificate_node, 0, xpath, client_cert, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + free(client_cert); + + sprintf(xpath, "/ietf-truststore:truststore/certificates[name='cacerts']/certificate[name='cacert']/cert"); + char *ca_cert = read_key(CA_CERT_PATH); + rcl = lyd_new_path(trusted_certificate_node, 0, xpath, ca_cert, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + free(ca_cert); + + rc = sr_edit_batch(session, trusted_certificate_node, "replace"); + if(rc != SR_ERR_OK) { + log_error("could not edit batch on datastore"); + return NTS_ERR_FAILED; + } + + rc = sr_validate(session, "ietf-truststore", 0); + if(rc != SR_ERR_OK) { + struct ly_err_item *err = ly_err_first(session_context); + log_error("sr_validate issues on STARTUP: %s", err->msg); + return NTS_ERR_FAILED; + } + + rc = sr_apply_changes(session, 0, 0); + if(rc != SR_ERR_OK) { + log_error("could not apply changes on datastore"); + return NTS_ERR_FAILED; + } + + return NTS_ERR_OK; +} + +static int remove_nacm(sr_session_ctx_t *session) { + assert(session); + + int rc = NTS_ERR_OK; + struct lyd_node *rcl = 0; + char xpath[100]; + + struct lys_module *module = 0; + module = (struct lys_module *) ly_ctx_get_module(session_context, "ietf-netconf-acm", 0, 0); + if(module == 0) { + log_error("could not get module %s from context", "ietf-netconf-acm"); + return NTS_ERR_FAILED; + } + + struct lyd_node *nacm_node = 0; + nacm_node = lyd_new(NULL, module, "nacm"); + if(nacm_node == 0) { + log_error("could not create a new lyd_node"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-acm:nacm/enable-nacm"); + rcl = lyd_new_path(nacm_node, 0, xpath, "false", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + rc = sr_edit_batch(session, nacm_node, "replace"); + if(rc != SR_ERR_OK) { + log_error("could not edit batch on datastore"); + return NTS_ERR_FAILED; + } + + rc = sr_validate(session, "ietf-netconf-acm", 0); + if(rc != SR_ERR_OK) { + struct ly_err_item *err = ly_err_first(session_context); + log_error("sr_validate issues on STARTUP: %s", err->msg); + return NTS_ERR_FAILED; + } + + rc = sr_apply_changes(session, 0, 0); + if(rc != SR_ERR_OK) { + log_error("could not apply changes on datastore"); + return NTS_ERR_FAILED; + } + + return NTS_ERR_OK; +} + +static int create_ssh_listen_endpoints(struct lyd_node *netconf_node, int ssh_connections) { + assert(netconf_node); + + char xpath[500]; + char local_ip[30]; + struct lyd_node *rcl = 0; + + + if(framework_environment.ip_v6_enabled) { + sprintf(local_ip, "::"); + } + else { + sprintf(local_ip, "0.0.0.0"); + } + + char *public_ssh_key = read_key(SERVER_PUBLIC_SSH_KEY_PATH); + if(public_ssh_key == 0) { + log_error("could not read the public ssh key from file %s", SERVER_PUBLIC_SSH_KEY_PATH); + return NTS_ERR_FAILED; + } + + char *ssh_key_string; + + ssh_key_string = strtok(public_ssh_key, " "); + ssh_key_string = strtok(NULL, " "); + + for(int i=0; i < ssh_connections; ++i) { + char endpoint_name[100]; + sprintf(endpoint_name, "mng-ssh-%d", i); + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/tcp-server-parameters/local-address", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, local_ip, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + char local_port[10]; + sprintf(local_port, "%d", nc_config_netconf_port++); + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/tcp-server-parameters/local-port", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, local_port, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/tcp-server-parameters/keepalives/idle-time", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "1", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/tcp-server-parameters/keepalives/max-probes", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "10", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/tcp-server-parameters/keepalives/probe-interval", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "5", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/server-identity/host-key[name='default-key']/public-key/keystore-reference", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, KS_KEY_NAME, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/supported-authentication-methods/publickey", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/supported-authentication-methods/passsword", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/supported-authentication-methods/other", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "interactive", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='netconf']/authorized-key[name='%s']/algorithm", endpoint_name, KS_KEY_NAME); + rcl = lyd_new_path(netconf_node, 0, xpath, "ssh-rsa", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='netconf']/authorized-key[name='%s']/key-data", endpoint_name, KS_KEY_NAME); + rcl = lyd_new_path(netconf_node, 0, xpath, ssh_key_string, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + } + + free(public_ssh_key); + + return NTS_ERR_OK; +} + +static int create_tls_listen_endpoints(struct lyd_node *netconf_node, int tls_connections) { + assert(netconf_node); + + struct lyd_node *rcl = 0; + char xpath[500]; + char local_ip[30]; + + if(framework_environment.ip_v6_enabled) { + sprintf(local_ip, "::"); + } + else { + sprintf(local_ip, "0.0.0.0"); + } + + for(int i=0; i < tls_connections; ++i) { + char endpoint_name[100]; + sprintf(endpoint_name, "mng-tls-%d", i); + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tcp-server-parameters/local-address", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, local_ip, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + char local_port[10]; + sprintf(local_port, "%d", nc_config_netconf_port++); + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tcp-server-parameters/local-port", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, local_port, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tcp-server-parameters/keepalives/idle-time", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "1", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tcp-server-parameters/keepalives/max-probes", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "10", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tcp-server-parameters/keepalives/probe-interval", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "5", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/server-identity/keystore-reference/asymmetric-key", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, KS_KEY_NAME, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/server-identity/keystore-reference/certificate", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, KS_CERT_NAME, 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/required", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/ca-certs", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "cacerts", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/client-certs", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "clientcerts", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/cert-maps/cert-to-name[id='1']/fingerprint", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "02:E9:38:1F:F6:8B:62:DE:0A:0B:C5:03:81:A8:03:49:A0:00:7F:8B:F3", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/cert-maps/cert-to-name[id='1']/map-type", endpoint_name); + rcl = lyd_new_path(netconf_node, session_context, xpath, "ietf-x509-cert-to-name:specified", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + + sprintf(xpath, "/ietf-netconf-server:netconf-server/listen/endpoint[name='%s']/tls/tls-server-parameters/client-authentication/cert-maps/cert-to-name[id='1']/name", endpoint_name); + rcl = lyd_new_path(netconf_node, 0, xpath, "netconf-tls", 0, LYD_PATH_OPT_NOPARENTRET); + if(rcl == 0) { + log_error("could not created yang path"); + return NTS_ERR_FAILED; + } + } + + return NTS_ERR_OK; +} + +static int configure_endpoints_connections(sr_session_ctx_t *session) { + assert(session); + + int rc = NTS_ERR_OK; + + struct lys_module *module = 0; + module = (struct lys_module *)ly_ctx_get_module(session_context, "ietf-netconf-server", 0, 0); + if(module == 0) { + log_error("could not get module %s from context", "ietf-netconf-server"); + return NTS_ERR_FAILED; + } + + + struct lyd_node *netconf_node = 0; + netconf_node = lyd_new_path(NULL, session_context, "/ietf-netconf-server:netconf-server", 0, 0, 0); + if(netconf_node == 0) { + log_error("could not create a new lyd_node"); + return NTS_ERR_FAILED; + } + + // create the SSH endpoints in ietf-netconf-server + int ssh_connections = 0; + if(framework_arguments.manager) { + ssh_connections = 1; + } + else { + ssh_connections = framework_environment.ssh_connections; + } + + if(ssh_connections == 0) { + log_error("ssh_connections must be at least 1"); + return NTS_ERR_FAILED; + } + + rc = create_ssh_listen_endpoints(netconf_node, ssh_connections); + if(rc != NTS_ERR_OK) { + log_error("could not create %d SSH Listen endpoints on the NETCONF Server", ssh_connections); + return NTS_ERR_FAILED; + } + + // create the TLS endpoints in ietf-netconf-server + if(framework_arguments.manager == false) { + rc = create_tls_listen_endpoints(netconf_node, framework_environment.tls_connections); + if(rc != NTS_ERR_OK) { + log_error("could not create %d TLS Listen endpoints on the NETCONF Server", framework_environment.tls_connections); + return NTS_ERR_FAILED; + } + } + + rc = sr_edit_batch(session, netconf_node, "replace"); + if(rc != SR_ERR_OK) { + log_error("could not edit batch on datastore"); + return NTS_ERR_FAILED; + } + + rc = sr_validate(session, "ietf-netconf-server", 0); + if(rc != SR_ERR_OK) { + struct ly_err_item *err = ly_err_first(session_context); + log_error("sr_validate issues on STARTUP: %s", err->msg); + return NTS_ERR_FAILED; + } + + rc = sr_apply_changes(session, 0, 0); + if(rc != SR_ERR_OK) { + log_error("could not apply changes on datastore"); + return NTS_ERR_FAILED; + } + + return NTS_ERR_OK; +}