CESNET
diff --git a/‎cli/CMakeLists.txt
Lines changed: 1 addition & 1 deletion b/‎cli/CMakeLists.txt
Lines changed: 1 addition & 1 deletion
diff --git a/‎cli/commands.c
Lines changed: 1 addition & 1 deletion b/‎cli/commands.c
Lines changed: 1 addition & 1 deletion
diff --git a/‎keystored/CMakeLists.txt
Lines changed: 8 additions & 1 deletion b/‎keystored/CMakeLists.txt
Lines changed: 8 additions & 1 deletion
diff --git a/‎keystored/keystored.c
Lines changed: 4 additions & 4 deletions b/‎keystored/keystored.c
Lines changed: 4 additions & 4 deletions
diff --git a/‎keystored/scripts/ssh-key-import.sh
Lines changed: 8 additions & 6 deletions b/‎keystored/scripts/ssh-key-import.sh
Lines changed: 8 additions & 6 deletions
diff --git a/‎server/CMakeLists.txt
100644100755
Lines changed: 7 additions & 2 deletions b/‎server/CMakeLists.txt
100644100755
Lines changed: 7 additions & 2 deletions
diff --git a/‎server/KNOWNISSUES.md
Lines changed: 8 additions & 0 deletions b/‎server/KNOWNISSUES.md
Lines changed: 8 additions & 0 deletions
diff --git a/‎server/common.h
Lines changed: 4 additions & 0 deletions b/‎server/common.h
Lines changed: 4 additions & 0 deletions
diff --git a/‎server/config.h.in
100644100755
Lines changed: 4 additions & 0 deletions b/‎server/config.h.in
100644100755
Lines changed: 4 additions & 0 deletions
diff --git a/‎server/ietf_keystore.c
Lines changed: 51 additions & 0 deletions b/‎server/ietf_keystore.c
Lines changed: 51 additions & 0 deletions
@@ -21,7 +21,7 @@ set(CMAKE_C_FLAGS_RELEASE "-O2")
 set(CMAKE_C_FLAGS_DEBUG   "-g -O0")
 
 # set version
-set(NP2CLI_VERSION 2.0.48)
+set(NP2CLI_VERSION 2.0.49)
 configure_file("${PROJECT_SOURCE_DIR}/version.h.in" "${PROJECT_BINARY_DIR}/version.h" ESCAPE_QUOTES @ONLY)
 include_directories(${PROJECT_BINARY_DIR})
 
 
@@ -2402,7 +2402,7 @@ cmd_searchpath(const char *arg, char **UNUSED(tmp_config_file))
 
     if (!arg[0]) {
         path = nc_client_get_schema_searchpath();
-        fprintf(stdout, "%s\n", path[0] ? path : "<none>");
+        fprintf(stdout, "%s\n", path && path[0] ? path : "<none>");
         return 0;
     }
 
 
@@ -21,7 +21,7 @@ set(CMAKE_C_FLAGS_RELEASE "-O2 -DNDEBUG")
 set(CMAKE_C_FLAGS_DEBUG   "-g -O0 -DDEBUG")
 
 # set version
-set(KEYSTORED_VERSION 0.1.1)
+set(KEYSTORED_VERSION 0.1.2)
 
 # config variables
 if (NOT KEYSTORED_KEYS_DIR)
@@ -131,10 +131,17 @@ endif()
 
 option(SSH_KEY_INSTALL "Enable ssh key import" ON)
 if (SSH_KEY_INSTALL)
+    if (NOT SSH_KEYGEN_EXECUTABLE)
+        find_program(SSH_KEYGEN_EXECUTABLE ssh-keygen)
+    endif()
+    if (NOT SSH_KEYGEN_EXECUTABLE)
+        message(FATAL_ERROR "Unable to find ssh-keygen, set SSH_KEYGEN_EXECUTABLE manually.")
+    endif()
     install(CODE "
         set(ENV{SYSREPOCFG} ${SYSREPOCFG_EXECUTABLE})
         set(ENV{CHMOD} ${CHMOD_EXECUTABLE})
         set(ENV{OPENSSL} ${OPENSSL_EXECUTABLE})
+        set(ENV{SSH_KEYGEN} ${SSH_KEYGEN_EXECUTABLE})
         set(ENV{KEYSTORED_KEYS_DIR} ${KEYSTORED_KEYS_DIR})
         set(ENV{KEYSTORED_CHECK_SSH_KEY} ${KEYSTORED_CHECK_SSH_KEY})
         execute_process(COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/scripts/ssh-key-import.sh)")
 
@@ -121,7 +121,7 @@ ks_cert_change_cb(sr_session_ctx_t *UNUSED(session), const char *UNUSED(module_n
 }
 
 static int
-ks_privkey_get_cb(const char *xpath, sr_val_t **values, size_t *values_cnt, void *UNUSED(private_ctx))
+ks_privkey_get_cb(const char *xpath, sr_val_t **values, size_t *values_cnt, uint64_t UNUSED(request_id), void *UNUSED(private_ctx))
 {
     int ret;
     const char *name;
@@ -137,7 +137,7 @@ ks_privkey_get_cb(const char *xpath, sr_val_t **values, size_t *values_cnt, void
     }
     name += 18;
 
-    if (asprintf(&path, "%s/%.*s.pub.pem", KEYSTORED_KEYS_DIR, (int)(strchr(name, '\'') - name), name) == -1) {
+    if (asprintf(&path, "%s/%.*s.pem.pub", KEYSTORED_KEYS_DIR, (int)(strchr(name, '\'') - name), name) == -1) {
         SRP_LOG_ERR("Memory allocation failed (%s:%d).", __FILE__, __LINE__);
         return SR_ERR_NOMEM;
     }
@@ -337,7 +337,7 @@ ks_privkey_gen_cb(const char *UNUSED(xpath), const sr_node_t *input, const size_
         goto cleanup;
     }
     sprintf(priv_path, "%s/%s.pem", KEYSTORED_KEYS_DIR, input[0].data.string_val);
-    sprintf(pub_path, "%s/%s.pub.pem", KEYSTORED_KEYS_DIR, input[0].data.string_val);
+    sprintf(pub_path, "%s/%s.pem.pub", KEYSTORED_KEYS_DIR, input[0].data.string_val);
 
     if (!(pid = fork())) {
         /* child */
@@ -451,7 +451,7 @@ ks_privkey_load_cb(const char *UNUSED(xpath), const sr_node_t *input, const size
         goto cleanup;
     }
     sprintf(priv_path, "%s/%s.pem", KEYSTORED_KEYS_DIR, input[0].data.string_val);
-    sprintf(pub_path, "%s/%s.pub.pem", KEYSTORED_KEYS_DIR, input[0].data.string_val);
+    sprintf(pub_path, "%s/%s.pem.pub", KEYSTORED_KEYS_DIR, input[0].data.string_val);
 
     fd = open(priv_path, O_CREAT | O_TRUNC | O_WRONLY, 00600);
     if (fd == -1) {
 
@@ -9,6 +9,7 @@ local_path=$(dirname $0)
 : ${SYSREPOCFG:=sysrepocfg}
 : ${CHMOD:=chmod}
 : ${OPENSSL:=openssl}
+: ${SSH_KEYGEN:=ssh-keygen}
 : ${STOCK_KEY_CONFIG:=$local_path/../stock_key_config.xml}
 : ${KEYSTORED_KEYS_DIR:=/etc/keystored/keys}
 
@@ -21,13 +22,14 @@ if [ $KEYSTORED_CHECK_SSH_KEY -eq 0 ]; then
     echo "- Warning: Assuming that an external script will provide the SSH key in a PEM format at \"${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem\"."
     echo "- Importing ietf-keystore stock key configuration..."
     $SYSREPOCFG -d startup -i ${STOCK_KEY_CONFIG} ietf-keystore
-elif [ -r /etc/ssh/ssh_host_rsa_key ]; then
-    cp /etc/ssh/ssh_host_rsa_key ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem
+else
+    if [ -r ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem -a -r ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem.pub ]; then
+        echo "- SSH hostkey found, no need to generate a new one."
+    else
+        echo "- SSH hostkey not found, generating a new one..."
+        $SSH_KEYGEN -m pem -t rsa -q -N "" -f ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem
+    fi
     $CHMOD go-rw ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem
-    $OPENSSL rsa -pubout -in ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pem \
-        -out ${KEYSTORED_KEYS_DIR}/ssh_host_rsa_key.pub.pem
     echo "- Importing ietf-keystore stock key configuration..."
     $SYSREPOCFG -d startup -i ${STOCK_KEY_CONFIG} ietf-keystore
-else
-    echo "- Warning: Cannot read the SSH hostkey at /etc/ssh/ssh_host_rsa_key, skipping."
 fi
@@ -13,14 +13,14 @@ if(NOT UNIX)
 endif()
 
 # set version
-set(NP2SRV_VERSION 0.5.31)
+set(NP2SRV_VERSION 0.6.15)
 
 # set default build type if not specified by user
 if(NOT CMAKE_BUILD_TYPE)
     set(CMAKE_BUILD_TYPE debug)
 endif()
 
-set(CMAKE_C_FLAGS         "${CMAKE_C_FLAGS} -Wall -Wextra")
+set(CMAKE_C_FLAGS         "${CMAKE_C_FLAGS} -Wall -Wextra -std=gnu11")
 set(CMAKE_C_FLAGS_RELEASE "-O2 -DNDEBUG")
 set(CMAKE_C_FLAGS_DEBUG   "-g -O0 -DDEBUG")
 
@@ -36,6 +36,11 @@ option(ENABLE_CONFIGURATION "Enable server configuration" ON)
 set(THREAD_COUNT 5 CACHE STRING "Number of threads accepting new sessions and handling requests")
 set(DEFAULT_HOST_KEY "/etc/ssh/ssh_host_rsa_key" CACHE STRING "Default server host key (used only if configuration is disabled)")
 
+option(ENABLE_LY_CTX_INFO_CACHE "Enable caching the ly_ctx_info() result; reduces processing at the cost of increased memory usage." ON)
+if(ENABLE_LY_CTX_INFO_CACHE)
+    set(NP2SRV_ENABLED_LY_CTX_INFO_CACHE 1)
+endif()
+
 # set prefix for the PID file
 if (NOT PIDFILE_PREFIX)
     set(PIDFILE_PREFIX "/var/run")
 
@@ -6,3 +6,11 @@ pthread_rwlockattr_setkind_np() and the number of worker threads is increased
 (via cmake THREAD_COUNT variable), the thread processing the modules changes in
 sysrepo (module install/uninstall or feature changes) can starve by waiting
 for lock to wite changes into the netopeer's context.
+
+XPath filter limitations
+------------------------
+
+Correct filter result is guaranteed only when all the filtered nodes
+are only from one YANG schema and no unions are used. Otherwise,
+the <get> or <get-config> may finish with an error or possibly
+less data than would be correct.
@@ -49,6 +49,10 @@ struct np2srv {
     pthread_t workers[NP2SRV_THREAD_COUNT]; /**< worker threads handling sessions */
 
     struct ly_ctx *ly_ctx;         /**< libyang's context */
+#ifdef NP2SRV_ENABLED_LY_CTX_INFO_CACHE
+    uint16_t cached_ly_ctx_module_set_id; /**< module-set-id at the time ly_ctx_info was last cached */
+    struct lyd_node *ly_ctx_info_cache; /**< a cache of calling ly_ctx_info on the ly_ctx */
+#endif
     pthread_rwlock_t ly_ctx_lock;  /**< libyang's context rwlock */
 };
 extern struct np2srv np2srv;
 
@@ -52,4 +52,8 @@
  */
 #define NP2SRV_SR_LOCKED_RETRIES 3
 
+/** @brief Enable caching the ly_ctx_info() result
+ */
+#cmakedefine NP2SRV_ENABLED_LY_CTX_INFO_CACHE
+
 #endif /* NP2SRV_CONFIG_H_ */
@@ -101,6 +101,57 @@ np_server_cert_clb(const char *name, void *UNUSED(user_data), char **UNUSED(cert
     return 0;
 }
 
+int
+np_server_cert_chain_clb(const char *name, void *UNUSED(user_data), char ***UNUSED(cert_paths), int *UNUSED(cert_path_count),
+                         char ***cert_data, int *cert_data_count)
+{
+    int ret;
+    char *path;
+    sr_val_t *sr_certs;
+    size_t sr_cert_count, i, used_count;
+
+    ret = asprintf(&path, "/ietf-keystore:keystore/private-keys/private-key/certificate-chains/"
+                   "certificate-chain[name='%s']/certificate", name);
+    if (ret == -1) {
+        EMEM;
+        return 1;
+    }
+
+    if (np2srv.sr_sess.ds != SR_DS_RUNNING) {
+        if (np2srv_sr_session_switch_ds(np2srv.sr_sess.srs, SR_DS_RUNNING, NULL)) {
+            free(path);
+            return 1;
+        }
+        np2srv.sr_sess.ds = SR_DS_RUNNING;
+    }
+
+    /* Refresh the session to prevent sysrepo returning cached data */
+    if (np2srv_sr_session_refresh(np2srv.sr_sess.srs, NULL)) {
+	    ERR("%s:%d Failed session refresh", __func__, __LINE__);
+	    free(path);
+	    return 1;
+    }
+
+    if (np2srv_sr_get_items(np2srv.sr_sess.srs, path, &sr_certs, &sr_cert_count, NULL)) {
+        free(path);
+        return 1;
+    }
+    free(path);
+
+    /* Ignore the first cert since it's already loaded */
+    if (sr_cert_count > 1) {
+        used_count = sr_cert_count - 1;
+        *cert_data = calloc(used_count, sizeof **cert_data);
+        for (i = 0; i < used_count; ++i) {
+            (*cert_data)[i] = strdup(sr_certs[i + 1].data.binary_val);
+        }
+        *cert_data_count = used_count;
+    }
+
+    sr_free_values(sr_certs, sr_cert_count);
+    return 0;
+}
+
 int
 np_trusted_cert_list_clb(const char *name, void *UNUSED(user_data), char ***UNUSED(cert_paths), int *UNUSED(cert_path_count),
                          char ***cert_data, int *cert_data_count)
Original file line number	Diff line number	Diff line change
`@@ -2402,7 +2402,7 @@ cmd_searchpath(const char arg, char *UNUSED(tmp_config_file))`
`2402`	`2402`
`2403`	`2403`	`if (!arg[0]) {`
`2404`	`2404`	`path = nc_client_get_schema_searchpath();`
`2405`		`- fprintf(stdout, "%s\n", path[0] ? path : "<none>");`
	`2405`	`+ fprintf(stdout, "%s\n", path && path[0] ? path : "<none>");`
`2406`	`2406`	`return 0;`
`2407`	`2407`	`}`
`2408`	`2408`
Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ ks_cert_change_cb(sr_session_ctx_t UNUSED(session), const char UNUSED(module_n`
`121`	`121`	`}`
`122`	`122`
`123`	`123`	`static int`
`124`		`-ks_privkey_get_cb(const char xpath, sr_val_t values, size_t values_cnt, void *UNUSED(private_ctx))`
	`124`	`+ks_privkey_get_cb(const char xpath, sr_val_t values, size_t values_cnt, uint64_t UNUSED(request_id), void *UNUSED(private_ctx))`
`125`	`125`	`{`
`126`	`126`	`int ret;`
`127`	`127`	`const char *name;`
`@@ -137,7 +137,7 @@ ks_privkey_get_cb(const char xpath, sr_val_t values, size_t values_cnt, void`
`137`	`137`	`}`
`138`	`138`	`name += 18;`
`139`	`139`
`140`		`- if (asprintf(&path, "%s/%.*s.pub.pem", KEYSTORED_KEYS_DIR, (int)(strchr(name, '\'') - name), name) == -1) {`
	`140`	`+ if (asprintf(&path, "%s/%.*s.pem.pub", KEYSTORED_KEYS_DIR, (int)(strchr(name, '\'') - name), name) == -1) {`
`141`	`141`	`SRP_LOG_ERR("Memory allocation failed (%s:%d).", __FILE__, __LINE__);`
`142`	`142`	`return SR_ERR_NOMEM;`
`143`	`143`	`}`
`@@ -337,7 +337,7 @@ ks_privkey_gen_cb(const char UNUSED(xpath), const sr_node_t input, const size_`
`337`	`337`	`goto cleanup;`
`338`	`338`	`}`
`339`	`339`	`sprintf(priv_path, "%s/%s.pem", KEYSTORED_KEYS_DIR, input[0].data.string_val);`
`340`		`- sprintf(pub_path, "%s/%s.pub.pem", KEYSTORED_KEYS_DIR, input[0].data.string_val);`
	`340`	`+ sprintf(pub_path, "%s/%s.pem.pub", KEYSTORED_KEYS_DIR, input[0].data.string_val);`
`341`	`341`
`342`	`342`	`if (!(pid = fork())) {`
`343`	`343`	`/* child */`
`@@ -451,7 +451,7 @@ ks_privkey_load_cb(const char UNUSED(xpath), const sr_node_t input, const size`
`451`	`451`	`goto cleanup;`
`452`	`452`	`}`
`453`	`453`	`sprintf(priv_path, "%s/%s.pem", KEYSTORED_KEYS_DIR, input[0].data.string_val);`
`454`		`- sprintf(pub_path, "%s/%s.pub.pem", KEYSTORED_KEYS_DIR, input[0].data.string_val);`
	`454`	`+ sprintf(pub_path, "%s/%s.pem.pub", KEYSTORED_KEYS_DIR, input[0].data.string_val);`
`455`	`455`
`456`	`456`	`fd = open(priv_path, O_CREAT \| O_TRUNC \| O_WRONLY, 00600);`
`457`	`457`	`if (fd == -1) {`