From 28103c586e4954f656e9d596be2bab99b3b25dc7 Mon Sep 17 00:00:00 2001 From: Michal Vasko Date: Fri, 3 May 2024 12:00:31 +0200 Subject: [PATCH 1/6] tests UPDATE remove redundant tests ... that do not test anything and are difficult to maintain. --- tests/CMakeLists.txt | 7 - tests/test_client_ssh.c | 790 ---------------------------------------- tests/test_client_tls.c | 214 ----------- 3 files changed, 1011 deletions(-) delete mode 100644 tests/test_client_ssh.c delete mode 100644 tests/test_client_tls.c diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index af28093f..769a42bb 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -70,13 +70,6 @@ if(ENABLE_SSH_TLS) libnetconf2_test(NAME test_crl) libnetconf2_test(NAME test_ch PORT_COUNT 2) libnetconf2_test(NAME test_runtime_changes PORT_COUNT 2) - libnetconf2_test(NAME test_client_ssh - WRAP_FUNCS connect ssh_connect ssh_userauth_none ssh_userauth_kbdint ssh_is_connected - ssh_channel_open_session ssh_channel_request_subsystem ssh_channel_is_close ssh_channel_write - ssh_channel_poll_timeout ssh_userauth_password nc_handshake_io nc_ctx_check_and_fill - ssh_userauth_try_publickey ssh_userauth_publickey nc_sock_listen_inet nc_sock_accept_binds nc_accept_callhome_ssh_sock) - libnetconf2_test(NAME test_client_tls - WRAP_FUNCS connect SSL_connect nc_send_hello_io nc_handshake_io nc_ctx_check_and_fill) libnetconf2_test(NAME test_authkeys) if (LIBPAM_HAVE_CONFDIR) libnetconf2_test(NAME test_pam WRAP_FUNCS pam_start) diff --git a/tests/test_client_ssh.c b/tests/test_client_ssh.c deleted file mode 100644 index 571b844d..00000000 --- a/tests/test_client_ssh.c +++ /dev/null @@ -1,790 +0,0 @@ -/** - * @file test_client_ssh.c - * @author David Sedlák - * @brief client SSH test - * - * Copyright (c) 2018 CESNET, z.s.p.o. - * - * This source code is licensed under BSD 3-Clause License (the "License"). - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://opensource.org/licenses/BSD-3-Clause - */ - -#define _GNU_SOURCE - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include "tests/config.h" - -#include -#include -#include - -static int -setup_f(void **state) -{ - (void)state; - int ret; - - nc_verbosity(NC_VERB_VERBOSE); - - /* init client */ - nc_client_init(); - - ret = nc_client_ssh_set_username("username"); - assert_int_equal(ret, 0); - ret = nc_client_ssh_ch_set_username("ch_username"); - assert_int_equal(ret, 0); - /* skip all hostkey and known_hosts checks */ - nc_client_ssh_set_knownhosts_mode(NC_SSH_KNOWNHOSTS_SKIP); - - return 0; -} - -static int -teardown_f(void **state) -{ - (void)state; - /* destroy client */ - nc_client_destroy(); - return 0; -} - -MOCK int -__wrap_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) -{ - (void)sockfd; - (void)addr; - (void)addrlen; - - return (int)mock(); -} - -MOCK int -__wrap_ssh_connect(ssh_session session) -{ - (void)session; - - /* set support of all authentication methods by fake server */ - ssh_set_auth_methods(session, SSH_AUTH_METHOD_PUBLICKEY | SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_INTERACTIVE); - return (int)mock(); -} - -MOCK int -__wrap_ssh_userauth_none(ssh_session session, const char *username) -{ - (void)session; - (void)username; - - return (int)mock(); -} - -MOCK int -__wrap_ssh_userauth_kbdint(ssh_session session, const char *user, const char *submethods) -{ - (void)session; - (void)user; - (void)submethods; - - return (int)mock(); -} - -MOCK int -__wrap_ssh_is_connected(ssh_session session) -{ - (void)session; - - return (int)mock(); -} - -MOCK int -__wrap_ssh_channel_open_session(ssh_channel channel) -{ - (void)channel; - - return (int)mock(); -} - -MOCK int -__wrap_ssh_channel_request_subsystem(ssh_channel channel, const char *subsystem) -{ - (void)channel; - (void)subsystem; - - return (int)mock(); -} - -MOCK int -__wrap_ssh_channel_is_closed(ssh_channel channel) -{ - (void)channel; - - return 0; -} - -MOCK int -__wrap_ssh_channel_write(ssh_channel channel, const void *data, uint32_t len) -{ - (void)channel; - (void)data; - - return len; -} - -MOCK int -__wrap_ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr) -{ - (void)channel; - (void)timeout; - (void)is_stderr; - - return (int)mock(); -} - -MOCK int -__wrap_ssh_userauth_password(ssh_session session, const char *username, const char *password) -{ - (void)session; - check_expected(password); - check_expected(username); - - return (int)mock(); -} - -MOCK int -__wrap_nc_handshake_io(struct nc_session *session) -{ - (void)session; - - return (int)mock(); -} - -MOCK int -__wrap_nc_ctx_check_and_fill(struct nc_session *session) -{ - (void)session; - - return (int)mock(); -} - -MOCK int -__wrap_ssh_userauth_try_publickey(ssh_session session, const char *username, const ssh_key pubkey) -{ - (void)session; - (void)username; - (void)pubkey; - - return (int)mock(); -} - -MOCK int -__wrap_ssh_userauth_publickey(ssh_session session, const char *username, const ssh_key privkey) -{ - (void)session; - (void)username; - (void)privkey; - - return (int)mock(); -} - -MOCK int -__wrap_nc_sock_listen_inet(const char *address, uint16_t port, struct nc_keepalives *ka) -{ - (void)address; - (void)port; - (void)ka; - - return (int)mock(); -} - -MOCK int -__wrap_nc_sock_accept_binds(struct nc_bind *binds, uint16_t bind_count, pthread_mutex_t *bind_lock, int timeout, char **host, uint16_t *port, uint16_t *idx) -{ - (void)binds; - (void)bind_count; - (void)bind_lock; - (void)timeout; - (void)host; - (void)port; - - *idx = 0; - return (int)mock(); -} - -MOCK struct nc_session * -__wrap_nc_accept_callhome_ssh_sock(int sock, const char *host, uint16_t port, struct ly_ctx *ctx, int timeout) -{ - (void)sock; - (void)host; - (void)port; - (void)ctx; - (void)timeout; - - return mock_ptr_type(struct nc_session *); -} - -char * -test_pwd_clb1(const char *username, const char *hostname, void *priv) -{ - char *pass, *pass_to_return; - - check_expected(username); - check_expected(hostname); - check_expected(priv); - - pass = (char *)mock(); - pass_to_return = malloc(sizeof *pass * (strlen(pass) + 1)); - strcpy(pass_to_return, pass); - - return pass_to_return; -} - -char * -test_pwd_clb2(const char *username, const char *hostname, void *priv) -{ - (void)username; - (void)hostname; - (void)priv; - - return 0; -} - -static void -test_nc_client_ssh_setting_auth_password_clb(void **state) -{ - (void)state; - char *(*ret_f)(const char *username, const char *hostname, void *priv); - char *priv_data_ret; - - /* set callback */ - nc_client_ssh_set_auth_password_clb(test_pwd_clb1, "DATA"); - nc_client_ssh_get_auth_password_clb(&ret_f, (void **)&priv_data_ret); - assert_ptr_equal(test_pwd_clb1, ret_f); - assert_string_equal("DATA", priv_data_ret); - - /* set different callback */ - nc_client_ssh_set_auth_password_clb(test_pwd_clb2, "NEW DATA"); - nc_client_ssh_get_auth_password_clb(&ret_f, (void **)&priv_data_ret); - assert_ptr_equal(test_pwd_clb2, ret_f); - assert_string_equal("NEW DATA", priv_data_ret); -} - -char * -test_inter_clb1(const char *auth_name, const char *instruction, const char *prompt, int echo, void *priv) -{ - (void)auth_name; - (void)instruction; - (void)prompt; - (void)echo; - (void)priv; - - return 0; -} - -char * -test_inter_clb2(const char *auth_name, const char *instruction, const char *prompt, int echo, void *priv) -{ - (void)auth_name; - (void)instruction; - (void)prompt; - (void)echo; - (void)priv; - - return 0; -} - -static void -test_nc_client_ssh_setting_auth_interactive_clb(void **state) -{ - (void)state; - char *(*ret_f)(const char *auth_name, const char *instruction, const char *prompt, int echo, void *priv); - char *priv_data_ret; - - /* set callback */ - nc_client_ssh_set_auth_interactive_clb(test_inter_clb1, "DATA"); - nc_client_ssh_get_auth_interactive_clb(&ret_f, (void **)&priv_data_ret); - assert_ptr_equal(test_inter_clb1, ret_f); - assert_string_equal("DATA", priv_data_ret); - - /* set diferent callback */ - nc_client_ssh_set_auth_interactive_clb(test_inter_clb2, "NEW DATA"); - nc_client_ssh_get_auth_interactive_clb(&ret_f, (void **)&priv_data_ret); - assert_ptr_equal(test_inter_clb2, ret_f); - assert_string_equal("NEW DATA", priv_data_ret); -} - -char * -test_passphrase_clb1(const char *privkey_path, void *priv) -{ - (void)privkey_path; - (void)priv; - - return 0; -} - -char * -test_passphrase_clb2(const char *privkey_path, void *priv) -{ - (void)privkey_path; - (void)priv; - - return 0; -} - -static void -test_nc_client_ssh_setting_auth_privkey_passphrase_clb(void **state) -{ - (void)state; - char *(*ret_f)(const char *privkey_path, void *priv); - char *priv_data_ret; - - /* set first callback */ - nc_client_ssh_set_auth_privkey_passphrase_clb(test_passphrase_clb1, "DATA"); - nc_client_ssh_get_auth_privkey_passphrase_clb(&ret_f, (void **)&priv_data_ret); - assert_ptr_equal(ret_f, test_passphrase_clb1); - assert_string_equal("DATA", priv_data_ret); - - /* set different callback */ - nc_client_ssh_set_auth_privkey_passphrase_clb(test_passphrase_clb2, "NEW DATA"); - nc_client_ssh_get_auth_privkey_passphrase_clb(&ret_f, (void **)&priv_data_ret); - assert_ptr_equal(ret_f, test_passphrase_clb2); - assert_string_equal("NEW DATA", priv_data_ret); -} - -static void -test_nc_client_ssh_adding_keypair(void **state) -{ - (void)state; - int ret; - const char *pubkey1 = NULL, *pubkey2 = NULL; - - /* at the beginning keypair count should be 0 */ - ret = nc_client_ssh_get_keypair_count(); - assert_int_equal(ret, 0); - - /* add first key pair */ - ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_ecdsa.pub", TESTS_DIR "/data/key_ecdsa"); - assert_int_equal(ret, 0); - ret = nc_client_ssh_get_keypair_count(); - assert_int_equal(ret, 1); - - /* add second keypair */ - ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_rsa.pub", TESTS_DIR "/data/key_rsa"); - assert_int_equal(ret, 0); - ret = nc_client_ssh_get_keypair_count(); - assert_int_equal(ret, 2); - ret = nc_client_ssh_get_keypair(1, &pubkey1, &pubkey2); - assert_int_equal(ret, 0); - assert_string_equal(pubkey1, TESTS_DIR "/data/key_rsa.pub"); - assert_string_equal(pubkey2, TESTS_DIR "/data/key_rsa"); - - /* delete first keypair */ - ret = nc_client_ssh_del_keypair(0); - assert_int_equal(ret, 0); - ret = nc_client_ssh_get_keypair_count(); - assert_int_equal(ret, 1); - /* try to get deleted keypair */ - ret = nc_client_ssh_get_keypair(5, &pubkey1, &pubkey2); - assert_int_equal(ret, -1); - - /* try to add keypair that is already set */ - ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_rsa.pub", TESTS_DIR "/data/key_rsa"); - assert_int_equal(ret, -1); - ret = nc_client_ssh_get_keypair_count(); - assert_int_equal(ret, 1); - - /* try to delete keypair with id that is not used */ - ret = nc_client_ssh_del_keypair(42); - assert_int_equal(ret, -1); - ret = nc_client_ssh_get_keypair_count(); - assert_int_equal(ret, 1); - - /* remove remaining keypairs */ - ret = nc_client_ssh_del_keypair(0); - assert_int_equal(ret, 0); - ret = nc_client_ssh_get_keypair_count(); - assert_int_equal(ret, 0); -} - -static void -test_nc_client_ssh_setting_auth_pref(void **state) -{ - (void)state; - int ret; - - /* check default prefference settings according to documentation */ - ret = nc_client_ssh_get_auth_pref(NC_SSH_AUTH_INTERACTIVE); - assert_int_equal(ret, 1); - ret = nc_client_ssh_get_auth_pref(NC_SSH_AUTH_PASSWORD); - assert_int_equal(ret, 2); - ret = nc_client_ssh_get_auth_pref(NC_SSH_AUTH_PUBLICKEY); - assert_int_equal(ret, 3); - - /* try to set prefetence of non existing method */ - nc_client_ssh_set_auth_pref(42, 22); - - /* try to get preference of non existing method */ - ret = nc_client_ssh_get_auth_pref(42); - assert_int_equal(ret, 0); - - /* change values of all methods and check if they actually changed */ - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, 9); - ret = nc_client_ssh_get_auth_pref(NC_SSH_AUTH_INTERACTIVE); - assert_int_equal(ret, 9); - - /* negative value should be set as -1 */ - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PASSWORD, -5); - ret = nc_client_ssh_get_auth_pref(NC_SSH_AUTH_PASSWORD); - assert_int_equal(ret, -1); - - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PUBLICKEY, 11); - ret = nc_client_ssh_get_auth_pref(NC_SSH_AUTH_PUBLICKEY); - assert_int_equal(ret, 11); -} - -static void -test_nc_client_ssh_setting_username(void **state) -{ - (void)state; - int ret; - const char *username_ret; - - username_ret = nc_client_ssh_get_username(); - /* username is set to "username" in setup_f */ - assert_string_equal(username_ret, "username"); - - /* set new username and check if it changes */ - ret = nc_client_ssh_set_username("new_username"); - assert_int_equal(ret, 0); - username_ret = nc_client_ssh_get_username(); - assert_string_equal(username_ret, "new_username"); -} - -static void -test_nc_connect_ssh_interactive_succesfull(void **state) -{ - (void)state; - struct nc_session *session; - - /* set authentication method to use interactive authentication */ - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, 1); - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PASSWORD, -1); - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PUBLICKEY, -1); - - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, 20); - - /* prepare return values for functions used by nc_connect_ssh */ - will_return(__wrap_connect, 0); - will_return(__wrap_ssh_connect, 0); - will_return(__wrap_ssh_userauth_none, 1); - - will_return(__wrap_ssh_userauth_kbdint, 0); - will_return(__wrap_ssh_is_connected, 1); - will_return(__wrap_ssh_is_connected, 1); - - will_return(__wrap_ssh_channel_open_session, 0); - will_return(__wrap_ssh_channel_request_subsystem, 0); - - will_return(__wrap_nc_handshake_io, 3); - will_return(__wrap_nc_ctx_check_and_fill, 0); - - session = nc_connect_ssh("127.0.0.1", 8080, NULL); - assert_non_null(session); - - will_return(__wrap_ssh_channel_poll_timeout, 0); - nc_session_free(session, NULL); -} - -static void -test_nc_connect_ssh_password_succesfull(void **state) -{ - (void)state; - struct nc_session *session; - - /* set authentication method to use password authentication */ - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PASSWORD, 1); - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PUBLICKEY, -1); - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, -1); - - /* set authentication callback */ - nc_client_ssh_set_auth_password_clb(test_pwd_clb1, "private_data"); - will_return(test_pwd_clb1, "secret password"); - /* set values that are expected as parameters for authentication callback */ - expect_string(test_pwd_clb1, username, "username"); - expect_string(test_pwd_clb1, hostname, "127.0.0.1"); - expect_string(test_pwd_clb1, priv, "private_data"); - - /* fake succesfull connection */ - will_return(__wrap_connect, 0); - will_return(__wrap_ssh_connect, 0); - /* do not authenticate using no authentication method */ - will_return(__wrap_ssh_userauth_none, 1); - - /* succesfully authenticate via password authentication */ - expect_string(__wrap_ssh_userauth_password, password, "secret password"); - expect_string(__wrap_ssh_userauth_password, username, "username"); - will_return(__wrap_ssh_userauth_password, 0); - - /* fake ssh functions that are used to open netconf channel */ - will_return(__wrap_ssh_channel_open_session, 0); - will_return(__wrap_ssh_channel_request_subsystem, 0); - - /* fake that connection is still alive*/ - will_return(__wrap_ssh_is_connected, 1); - - /* fake ssh function for recieving hello message */ - will_return(__wrap_ssh_is_connected, 1); - - will_return(__wrap_nc_handshake_io, 3); - will_return(__wrap_nc_ctx_check_and_fill, 0); - - session = nc_connect_ssh("127.0.0.1", 8080, NULL); - assert_non_null(session); - - /* disconnect */ - will_return(__wrap_ssh_channel_poll_timeout, 0); - nc_session_free(session, NULL); -} - -static void -test_nc_connect_ssh_pubkey_succesfull(void **state) -{ - (void)state; - struct nc_session *session; - int ret = 0; - - /* set authentication method to use password authentication */ - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PASSWORD, -1); - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PUBLICKEY, 1); - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, -1); - - /* add keypair for authentication */ - ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_ecdsa.pub", TESTS_DIR "/data/key_ecdsa"); - assert_int_equal(ret, 0); - - /* fake succesfull connection */ - will_return(__wrap_connect, 0); - will_return(__wrap_ssh_connect, 0); - /* do not authenticate using no authentication method */ - will_return(__wrap_ssh_userauth_none, 1); - will_return(__wrap_ssh_userauth_try_publickey, 0); - will_return(__wrap_ssh_userauth_publickey, 0); - will_return(__wrap_ssh_is_connected, 1); - will_return(__wrap_ssh_channel_open_session, 0); - will_return(__wrap_ssh_channel_request_subsystem, 0); - - /* fake ssh function for recieving hello message */ - will_return(__wrap_ssh_is_connected, 1); - - will_return(__wrap_nc_handshake_io, 3); - will_return(__wrap_nc_ctx_check_and_fill, 0); - session = nc_connect_ssh("127.0.0.1", 8080, NULL); - assert_non_null(session); - - /* disconnect */ - will_return(__wrap_ssh_channel_poll_timeout, 0); - nc_session_free(session, NULL); -} - -static void -test_nc_connect_connection_failed(void **state) -{ - (void)state; - struct nc_session *session; - - errno = ECONNREFUSED; - will_return(__wrap_connect, -1); - will_return(__wrap_ssh_is_connected, 0); - - session = nc_connect_ssh("127.0.0.1", 8080, NULL); - assert_null(session); -} - -static void -test_nc_connect_ssh_bad_hello(void **state) -{ - (void)state; - struct nc_session *session; - - /* set authentication method to use interactive authentication */ - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, 1); - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PASSWORD, -1); - nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PUBLICKEY, 1); - - nc_client_ssh_set_auth_password_clb(test_pwd_clb2, NULL); - - will_return(__wrap_connect, 0); - will_return(__wrap_ssh_connect, 0); - will_return(__wrap_ssh_userauth_none, 1); - - will_return(__wrap_ssh_userauth_kbdint, 0); - will_return(__wrap_ssh_is_connected, 1); - will_return(__wrap_ssh_is_connected, 1); - - will_return(__wrap_ssh_channel_open_session, 0); - will_return(__wrap_ssh_channel_request_subsystem, 0); - will_return(__wrap_nc_handshake_io, 4); - - session = nc_connect_ssh("127.0.0.1", 8080, NULL); - assert_null(session); -} - -static void -test_nc_client_ssh_ch_setting_username(void **state) -{ - (void)state; - const char *username_ret; - int ret; - - /* username is set to "ch_username" in setup_f */ - username_ret = nc_client_ssh_ch_get_username(); - assert_string_equal(username_ret, "ch_username"); - /* set new username and check if it changes */ - ret = nc_client_ssh_ch_set_username("new_ch_username"); - assert_int_equal(ret, 0); - username_ret = nc_client_ssh_ch_get_username(); - assert_string_equal(username_ret, "new_ch_username"); -} - -static void -test_nc_client_ssh_ch_add_bind_listen(void **state) -{ - (void)state; - int ret; - - /* invalid parameters, address NULL or port 0 */ - ret = nc_client_ssh_ch_add_bind_listen(NULL, 4334); - assert_int_equal(ret, -1); - ret = nc_client_ssh_ch_add_bind_listen("127.0.0.1", 0); - assert_int_equal(ret, -1); - - /* failed to create an ssh listening socket */ - will_return(__wrap_nc_sock_listen_inet, -1); - ret = nc_client_ssh_ch_add_bind_listen("127.0.0.1", 4334); - assert_int_equal(ret, -1); - - /* fake a successful CH ssh listening socket */ - will_return(__wrap_nc_sock_listen_inet, 5); - ret = nc_client_ssh_ch_add_bind_listen("127.0.0.1", 4334); - assert_int_equal(ret, 0); - - /* remove ssh listening client binds */ - ret = nc_client_ssh_ch_del_bind("127.0.0.1", 4334); - assert_int_equal(ret, 0); -} - -static void -test_nc_accept_callhome(void **state) -{ - (void)state; - struct nc_session *session = NULL; - int timeout = 10; - int ret; - - /* invalid parameter session */ - ret = nc_accept_callhome(timeout, NULL, NULL); - assert_int_equal(ret, -1); - - /* no client bind */ - ret = nc_accept_callhome(timeout, NULL, &session); - assert_int_equal(ret, -1); - - /* successfully add a client Call Home bind */ - will_return(__wrap_nc_sock_listen_inet, 1); - ret = nc_client_ssh_ch_add_bind_listen("127.0.0.1", 4334); - assert_int_equal(ret, 0); - - /* failed to accept a client bind */ - will_return(__wrap_nc_sock_accept_binds, -1); - ret = nc_accept_callhome(timeout, NULL, &session); - assert_int_equal(ret, -1); - - /* failed to accept a server Call Home connection */ - will_return(__wrap_nc_accept_callhome_ssh_sock, NULL); - will_return(__wrap_nc_sock_accept_binds, 2); - ret = nc_accept_callhome(timeout, NULL, &session); - assert_int_equal(ret, -1); - - /* create session structure to fake a successful server call home connection */ - session = nc_new_session(NC_CLIENT, 0); - assert_non_null(session); - will_return(__wrap_nc_sock_accept_binds, 2); - will_return(__wrap_nc_accept_callhome_ssh_sock, session); - ret = nc_accept_callhome(timeout, NULL, &session); - assert_int_equal(ret, 1); - - /* remove ssh listening client binds */ - ret = nc_client_ssh_ch_del_bind("127.0.0.1", 4334); - assert_int_equal(ret, 0); - - /* free session */ - nc_session_free(session, NULL); -} - -static void -test_nc_client_ssh_callhome_successful(void **state) -{ - (void)state; - struct nc_session *session = NULL; - int timeout = 10; - int ret; - - /* create session structure */ - session = nc_new_session(NC_CLIENT, 0); - assert_non_null(session); - - /* prepare to fake return values for functions used by nc_accept_callhome */ - will_return(__wrap_nc_sock_listen_inet, 1); - will_return(__wrap_nc_sock_accept_binds, 2); - will_return(__wrap_nc_accept_callhome_ssh_sock, session); - - ret = nc_client_ssh_ch_add_bind_listen("127.0.0.1", 4334); - assert_int_equal(ret, 0); - ret = nc_accept_callhome(timeout, NULL, &session); - assert_int_equal(ret, 1); - - /* remove ssh listening client binds */ - ret = nc_client_ssh_ch_del_bind("127.0.0.1", 4334); - assert_int_equal(ret, 0); - - /* free session */ - nc_session_free(session, NULL); -} - -int -main(void) -{ - const struct CMUnitTest tests[] = { - cmocka_unit_test_setup_teardown(test_nc_client_ssh_setting_auth_pref, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_ssh_setting_auth_password_clb, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_ssh_setting_auth_interactive_clb, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_ssh_setting_auth_privkey_passphrase_clb, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_ssh_adding_keypair, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_ssh_setting_username, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_connect_ssh_interactive_succesfull, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_connect_ssh_password_succesfull, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_connect_ssh_pubkey_succesfull, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_connect_connection_failed, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_connect_ssh_bad_hello, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_ssh_ch_setting_username, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_ssh_ch_add_bind_listen, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_accept_callhome, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_ssh_callhome_successful, setup_f, teardown_f), - }; - - return cmocka_run_group_tests(tests, NULL, NULL); -} diff --git a/tests/test_client_tls.c b/tests/test_client_tls.c deleted file mode 100644 index 2ead67b4..00000000 --- a/tests/test_client_tls.c +++ /dev/null @@ -1,214 +0,0 @@ -/** - * @file test_client_tls.c - * @author David Sedlák - * @brief client TLS test - * - * Copyright (c) 2018 CESNET, z.s.p.o. - * - * This source code is licensed under BSD 3-Clause License (the "License"). - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://opensource.org/licenses/BSD-3-Clause - */ - -#define _GNU_SOURCE - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include "tests/config.h" - -static int -setup_f(void **state) -{ - (void)state; - - nc_verbosity(NC_VERB_VERBOSE); - - return 0; -} - -static int -teardown_f(void **state) -{ - (void)state; - - return 0; -} - -MOCK int -__wrap_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) -{ - (void)sockfd; - (void)addr; - (void)addrlen; - - return (int)mock(); -} - -MOCK int -__wrap_SSL_connect(SSL *ssl) -{ - (void)ssl; - - return (int)mock(); -} - -MOCK int -__wrap_nc_handshake_io(struct nc_session *session) -{ - (void)session; - - return (int)mock(); -} - -MOCK int -__wrap_nc_ctx_check_and_fill(struct nc_session *session) -{ - (void)session; - - return (int)mock(); -} - -static void -test_nc_client_tls_setting_cert_key_paths(void **state) -{ - (void)state; - const char *cert, *key; - int ret; - - /* no certificats are set, nc_client_tls_get_cert_key_paths should output NULL */ - nc_client_tls_get_cert_key_paths(&cert, &key); - assert_null(cert); - assert_null(key); - - /* set certificate path */ - ret = nc_client_tls_set_cert_key_paths("cert_path", "key_path"); - assert_int_equal(ret, 0); - nc_client_tls_get_cert_key_paths(&cert, &key); - assert_string_equal(cert, "cert_path"); - assert_string_equal(key, "key_path"); - - /* override certificate path */ - ret = nc_client_tls_set_cert_key_paths("cert_path1", "key_path1"); - assert_int_equal(ret, 0); - nc_client_tls_get_cert_key_paths(&cert, &key); - assert_string_equal(cert, "cert_path1"); - assert_string_equal(key, "key_path1"); -} - -static void -test_nc_client_tls_setting_trusted_ca_paths(void **state) -{ - (void)state; - const char *file, *dir; - int ret; - - ret = nc_client_tls_set_trusted_ca_paths("ca_file", "ca_dir"); - assert_int_equal(ret, 0); - nc_client_tls_get_trusted_ca_paths(&file, &dir); - assert_string_equal("ca_file", file); - assert_string_equal("ca_dir", dir); - - ret = nc_client_tls_set_trusted_ca_paths("ca_file1", "ca_dir1"); - assert_int_equal(ret, 0); - nc_client_tls_get_trusted_ca_paths(&file, &dir); - assert_string_equal("ca_file1", file); - assert_string_equal("ca_dir1", dir); -} - -static void -test_nc_connect_tls_succesfull(void **state) -{ - (void)state; - int ret; - struct nc_session *session; - - ret = nc_client_tls_set_cert_key_paths(TESTS_DIR "/data/client.crt", TESTS_DIR "/data/client.key"); - assert_int_equal(ret, 0); - ret = nc_client_tls_set_trusted_ca_paths(NULL, TESTS_DIR "/data"); - assert_int_equal(ret, 0); - - will_return(__wrap_connect, 0); - will_return(__wrap_SSL_connect, 1); - - /* fake succesfull handshake */ - will_return(__wrap_nc_handshake_io, 3); - will_return(__wrap_nc_ctx_check_and_fill, 0); - session = nc_connect_tls("0.0.0.0", 6001, NULL); - assert_non_null(session); - - nc_session_free(session, NULL); -} - -static void -test_nc_client_tls_setting_crl_paths(void **state) -{ - (void)state; - const char *file, *dir; - int ret; - - nc_client_tls_get_crl_paths(&file, &dir); - assert_null(file); - assert_null(dir); - - ret = nc_client_tls_set_crl_paths("file", "dir"); - assert_int_equal(ret, 0); - nc_client_tls_get_crl_paths(&file, &dir); - assert_string_equal(file, "file"); - assert_string_equal(dir, "dir"); - - ret = nc_client_tls_set_crl_paths("file1", "dir1"); - assert_int_equal(ret, 0); - nc_client_tls_get_crl_paths(&file, &dir); - assert_string_equal(file, "file1"); - assert_string_equal(dir, "dir1"); - - /* destroy client */ - nc_client_destroy(); -} - -static void -test_nc_connect_tls_handshake_failed(void **state) -{ - (void)state; - int ret; - struct nc_session *session; - - ret = nc_client_tls_set_cert_key_paths(TESTS_DIR "/data/client.crt", TESTS_DIR "/data/client.key"); - assert_int_equal(ret, 0); - ret = nc_client_tls_set_trusted_ca_paths(NULL, TESTS_DIR "/data"); - assert_int_equal(ret, 0); - - will_return(__wrap_connect, 0); - will_return(__wrap_SSL_connect, 1); - - /* fake failed handshake */ - will_return(__wrap_nc_handshake_io, 0); - session = nc_connect_tls("0.0.0.0", 6001, NULL); - assert_null(session); -} - -int -main(void) -{ - const struct CMUnitTest tests[] = { - cmocka_unit_test_setup_teardown(test_nc_client_tls_setting_cert_key_paths, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_connect_tls_handshake_failed, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_connect_tls_succesfull, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_tls_setting_trusted_ca_paths, setup_f, teardown_f), - cmocka_unit_test_setup_teardown(test_nc_client_tls_setting_crl_paths, setup_f, teardown_f), - }; - - return cmocka_run_group_tests(tests, NULL, NULL); -} From c4afb10a6e88676e58a1c36ba8ee3d202179c017 Mon Sep 17 00:00:00 2001 From: Michal Vasko Date: Fri, 3 May 2024 12:02:01 +0200 Subject: [PATCH 2/6] session server REFACTOR proper cleanup --- src/session_server.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/session_server.c b/src/session_server.c index 007665ea..59e11628 100644 --- a/src/session_server.c +++ b/src/session_server.c @@ -2252,7 +2252,7 @@ API NC_MSG_TYPE nc_accept(int timeout, const struct ly_ctx *ctx, struct nc_session **session) { NC_MSG_TYPE msgtype; - int sock, ret; + int sock = -1, ret; char *host = NULL; uint16_t port, bind_idx; struct timespec ts_cur; @@ -2271,36 +2271,31 @@ nc_accept(int timeout, const struct ly_ctx *ctx, struct nc_session **session) if (!server_opts.endpt_count) { ERR(NULL, "No endpoints to accept sessions on."); - /* CONFIG UNLOCK */ - pthread_rwlock_unlock(&server_opts.config_lock); - return NC_MSG_ERROR; + msgtype = NC_MSG_ERROR; + goto cleanup; } ret = nc_sock_accept_binds(server_opts.binds, server_opts.endpt_count, &server_opts.bind_lock, timeout, &host, &port, &bind_idx); if (ret < 1) { - free(host); - /* CONFIG UNLOCK */ - pthread_rwlock_unlock(&server_opts.config_lock); - if (!ret) { - return NC_MSG_WOULDBLOCK; - } - return NC_MSG_ERROR; + msgtype = (!ret ? NC_MSG_WOULDBLOCK : NC_MSG_ERROR); + goto cleanup; } - sock = ret; *session = nc_new_session(NC_SERVER, 0); - NC_CHECK_ERRMEM_GOTO(!(*session), close(sock); free(host); msgtype = NC_MSG_ERROR, cleanup); + NC_CHECK_ERRMEM_GOTO(!(*session), msgtype = NC_MSG_ERROR, cleanup); (*session)->status = NC_STATUS_STARTING; (*session)->ctx = (struct ly_ctx *)ctx; (*session)->flags = NC_SESSION_SHAREDCTX; (*session)->host = host; + host = NULL; (*session)->port = port; /* sock gets assigned to session or closed */ #ifdef NC_ENABLED_SSH_TLS if (server_opts.endpts[bind_idx].ti == NC_TI_LIBSSH) { ret = nc_accept_ssh_session(*session, server_opts.endpts[bind_idx].opts.ssh, sock, NC_TRANSPORT_TIMEOUT); + sock = -1; if (ret < 0) { msgtype = NC_MSG_ERROR; goto cleanup; @@ -2311,6 +2306,7 @@ nc_accept(int timeout, const struct ly_ctx *ctx, struct nc_session **session) } else if (server_opts.endpts[bind_idx].ti == NC_TI_OPENSSL) { (*session)->data = server_opts.endpts[bind_idx].opts.tls; ret = nc_accept_tls_session(*session, server_opts.endpts[bind_idx].opts.tls, sock, NC_TRANSPORT_TIMEOUT); + sock = -1; if (ret < 0) { msgtype = NC_MSG_ERROR; goto cleanup; @@ -2323,13 +2319,13 @@ nc_accept(int timeout, const struct ly_ctx *ctx, struct nc_session **session) if (server_opts.endpts[bind_idx].ti == NC_TI_UNIX) { (*session)->data = server_opts.endpts[bind_idx].opts.unixsock; ret = nc_accept_unix(*session, sock); + sock = -1; if (ret < 0) { msgtype = NC_MSG_ERROR; goto cleanup; } } else { ERRINT; - close(sock); msgtype = NC_MSG_ERROR; goto cleanup; } @@ -2362,6 +2358,10 @@ nc_accept(int timeout, const struct ly_ctx *ctx, struct nc_session **session) /* CONFIG UNLOCK */ pthread_rwlock_unlock(&server_opts.config_lock); + free(host); + if (sock > -1) { + close(sock); + } nc_session_free(*session, NULL); *session = NULL; return msgtype; From f7d28378226e7ea3d5f039d60b1876623cbbe46b Mon Sep 17 00:00:00 2001 From: Michal Vasko Date: Fri, 3 May 2024 12:02:38 +0200 Subject: [PATCH 3/6] session client REFACTOR use const where applicable --- src/session_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/session_client.c b/src/session_client.c index 8b851ddf..abb6f375 100644 --- a/src/session_client.c +++ b/src/session_client.c @@ -1548,7 +1548,7 @@ nc_saddr2str(const struct sockaddr *saddr, char **str_ip, uint16_t *port) * @return Connected socket or -1 on error. */ static int -sock_connect(int timeout_ms, int *sock_pending, struct addrinfo *res, struct nc_keepalives *ka) +sock_connect(int timeout_ms, int *sock_pending, struct addrinfo *res, const struct nc_keepalives *ka) { int flags, ret, error; int sock = -1; From 48dbc4d815a46253b5a72e67d26dd9851860700a Mon Sep 17 00:00:00 2001 From: Michal Vasko Date: Fri, 3 May 2024 12:03:07 +0200 Subject: [PATCH 4/6] session UPDATE set keepalives on accepted sockets ... instead of the listening socket. Makes the code cleaner and some TCP/IP implementations do not support changing these options on listening sockets. --- src/server_config.c | 16 --------------- src/session.c | 46 +++++++++++++------------------------------- src/session_client.c | 22 +++++++++------------ src/session_p.h | 34 +++----------------------------- src/session_server.c | 26 ++++++++----------------- 5 files changed, 33 insertions(+), 111 deletions(-) diff --git a/src/server_config.c b/src/server_config.c index a32392b0..0207d75c 100644 --- a/src/server_config.c +++ b/src/server_config.c @@ -1437,10 +1437,6 @@ nc_server_config_keepalives(const struct lyd_node *node, NC_OPERATION op) } else { endpt->ka.enabled = 0; } - ret = nc_sock_configure_ka(bind->sock, endpt->ka.enabled); - if (ret) { - goto cleanup; - } } else if (is_ch(node) && equal_parent_name(node, 1, "tcp-client-parameters")) { /* LOCK */ if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) { @@ -1492,10 +1488,6 @@ nc_server_config_idle_time(const struct lyd_node *node, NC_OPERATION op) /* delete -> set to default */ endpt->ka.idle_time = 7200; } - ret = nc_sock_configure_ka_idle_time(bind->sock, endpt->ka.idle_time); - if (ret) { - goto cleanup; - } } else if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) { /* LOCK */ if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) { @@ -1548,10 +1540,6 @@ nc_server_config_max_probes(const struct lyd_node *node, NC_OPERATION op) /* delete -> set to default */ endpt->ka.max_probes = 9; } - ret = nc_sock_configure_ka_max_probes(bind->sock, endpt->ka.max_probes); - if (ret) { - goto cleanup; - } } else if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) { /* LOCK */ if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) { @@ -1604,10 +1592,6 @@ nc_server_config_probe_interval(const struct lyd_node *node, NC_OPERATION op) /* delete -> set to default */ endpt->ka.probe_interval = 75; } - ret = nc_sock_configure_ka_probe_interval(bind->sock, endpt->ka.probe_interval); - if (ret) { - goto cleanup; - } } else if (is_ch(node) && equal_parent_name(node, 2, "tcp-client-parameters")) { /* LOCK */ if (nc_server_config_get_ch_client_with_lock(node, &ch_client)) { diff --git a/src/session.c b/src/session.c index 90751dc5..7cb1e7fa 100644 --- a/src/session.c +++ b/src/session.c @@ -263,59 +263,39 @@ nc_is_pk_subject_public_key_info(const char *b64) #endif /* NC_ENABLED_SSH_TLS */ int -nc_sock_configure_ka(int sock, int enabled) +nc_sock_configure_ka(int sock, const struct nc_keepalives *ka) { - if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &enabled, sizeof enabled) == -1) { + int opt; + + opt = ka->enabled; + if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &opt, sizeof opt) == -1) { ERR(NULL, "Failed to set SO_KEEPALIVE (%s).", strerror(errno)); return -1; } - return 0; -} - -int -nc_sock_configure_ka_idle_time(int sock, int idle_time) -{ - if (idle_time < 1) { - ERRARG(NULL, "idle_time"); + if (!ka->enabled) { + return 0; } #ifdef TCP_KEEPIDLE - if (setsockopt(sock, IPPROTO_TCP, TCP_KEEPIDLE, &idle_time, sizeof idle_time) == -1) { + opt = ka->idle_time; + if (setsockopt(sock, IPPROTO_TCP, TCP_KEEPIDLE, &opt, sizeof opt) == -1) { ERR(NULL, "Failed to set TCP_KEEPIDLE (%s).", strerror(errno)); return -1; } #endif - return 0; -} - -int -nc_sock_configure_ka_max_probes(int sock, int max_probes) -{ - if (max_probes < 1) { - ERRARG(NULL, "max_probes"); - } - #ifdef TCP_KEEPCNT - if (setsockopt(sock, IPPROTO_TCP, TCP_KEEPCNT, &max_probes, sizeof max_probes) == -1) { + opt = ka->max_probes; + if (setsockopt(sock, IPPROTO_TCP, TCP_KEEPCNT, &opt, sizeof opt) == -1) { ERR(NULL, "Failed to set TCP_KEEPCNT (%s).", strerror(errno)); return -1; } #endif - return 0; -} - -int -nc_sock_configure_ka_probe_interval(int sock, int probe_interval) -{ - if (probe_interval < 1) { - ERRARG(NULL, "probe_interval"); - } - #ifdef TCP_KEEPINTVL - if (setsockopt(sock, IPPROTO_TCP, TCP_KEEPINTVL, &probe_interval, sizeof probe_interval) == -1) { + opt = ka->probe_interval; + if (setsockopt(sock, IPPROTO_TCP, TCP_KEEPINTVL, &opt, sizeof opt) == -1) { ERR(NULL, "Failed to set TCP_KEEPINTVL (%s).", strerror(errno)); return -1; } diff --git a/src/session_client.c b/src/session_client.c index abb6f375..f9351c2d 100644 --- a/src/session_client.c +++ b/src/session_client.c @@ -1624,20 +1624,9 @@ sock_connect(int timeout_ms, int *sock_pending, struct addrinfo *res, const stru } /* configure keepalives */ - if (nc_sock_configure_ka(sock, ka->enabled)) { + if (nc_sock_configure_ka(sock, ka)) { goto cleanup; } - if (ka->enabled) { - if (nc_sock_configure_ka_idle_time(sock, ka->idle_time)) { - goto cleanup; - } - if (nc_sock_configure_ka_max_probes(sock, ka->max_probes)) { - goto cleanup; - } - if (nc_sock_configure_ka_probe_interval(sock, ka->probe_interval)) { - goto cleanup; - } - } /* connected */ if (sock_pending) { @@ -1748,7 +1737,7 @@ nc_client_ch_add_bind_listen(const char *address, uint16_t port, const char *hos NC_CHECK_ARG_RET(NULL, address, port, -1); - sock = nc_sock_listen_inet(address, port, &client_opts.ka); + sock = nc_sock_listen_inet(address, port); if (sock == -1) { return -1; } @@ -1852,6 +1841,13 @@ nc_accept_callhome(int timeout, struct ly_ctx *ctx, struct nc_session **session) return sock; } + /* configure keepalives */ + if (nc_sock_configure_ka(sock, &client_opts.ka)) { + free(host); + close(sock); + return -1; + } + if (client_opts.ch_binds_aux[idx].ti == NC_TI_LIBSSH) { *session = nc_accept_callhome_ssh_sock(sock, host, port, ctx, NC_TRANSPORT_TIMEOUT); } else if (client_opts.ch_binds_aux[idx].ti == NC_TI_OPENSSL) { diff --git a/src/session_p.h b/src/session_p.h index 17dfe035..ae81d866 100644 --- a/src/session_p.h +++ b/src/session_p.h @@ -830,37 +830,10 @@ int nc_poll(struct pollfd *pfd, uint16_t pfd_count, int timeout); * @brief Enables/disables TCP keepalives. * * @param[in] sock Socket to set this option for. - * @param[in] enabled 1 to enable, 0 to disable keepalives. + * @param[in] ka Keepalives to set. * @return 0 on success, -1 on fail. */ -int nc_sock_configure_ka(int sock, int enabled); - -/** - * @brief Set TCP keepalives idle time. - * - * @param[in] sock Socket to set this option for. - * @param[in] idle_time Time in seconds before keepalive packets are sent. - * @return 0 on success, -1 on fail. - */ -int nc_sock_configure_ka_idle_time(int sock, int idle_time); - -/** - * @brief Set TCP keepalives max probes. - * - * @param[in] sock Socket to set this option for. - * @param[in] max_probes Maximum number of probes sent before dropping the connection. - * @return 0 on success, -1 on fail. - */ -int nc_sock_configure_ka_max_probes(int sock, int max_probes); - -/** - * @brief Set TCP keepalives probe interval. - * - * @param[in] sock Socket to set this option for. - * @param[in] probe_interval Time in seconds between keepalive probes. - * @return 0 on success, -1 on fail. - */ -int nc_sock_configure_ka_probe_interval(int sock, int probe_interval); +int nc_sock_configure_ka(int sock, const struct nc_keepalives *ka); struct nc_session *nc_new_session(NC_SIDE side, int shared_ti); @@ -968,10 +941,9 @@ int nc_sock_accept(int sock, int timeout, char **peer_host, uint16_t *peer_port) * * @param[in] address IP address to listen on. * @param[in] port Port to listen on. - * @param[in] ka Keepalives parameters. * @return Listening socket, -1 on error. */ -int nc_sock_listen_inet(const char *address, uint16_t port, struct nc_keepalives *ka); +int nc_sock_listen_inet(const char *address, uint16_t port); /** * @brief Accept a new connection on a listening socket. diff --git a/src/session_server.c b/src/session_server.c index 59e11628..d93ae334 100644 --- a/src/session_server.c +++ b/src/session_server.c @@ -270,7 +270,7 @@ nc_server_ch_set_dispatch_data(nc_server_ch_session_acquire_ctx_cb acquire_ctx_c #endif int -nc_sock_listen_inet(const char *address, uint16_t port, struct nc_keepalives *ka) +nc_sock_listen_inet(const char *address, uint16_t port) { int opt; int is_ipv4, sock; @@ -302,22 +302,6 @@ nc_sock_listen_inet(const char *address, uint16_t port, struct nc_keepalives *ka goto fail; } - /* configure keepalives */ - if (nc_sock_configure_ka(sock, ka->enabled)) { - goto fail; - } - if (ka->enabled) { - if (nc_sock_configure_ka_idle_time(sock, ka->idle_time)) { - goto fail; - } - if (nc_sock_configure_ka_max_probes(sock, ka->max_probes)) { - goto fail; - } - if (nc_sock_configure_ka_probe_interval(sock, ka->probe_interval)) { - goto fail; - } - } - memset(&saddr, 0, sizeof(struct sockaddr_storage)); if (is_ipv4) { saddr4 = (struct sockaddr_in *)&saddr; @@ -1987,7 +1971,7 @@ nc_server_set_address_port(struct nc_endpt *endpt, struct nc_bind *bind, const c if (endpt->ti == NC_TI_UNIX) { sock = nc_sock_listen_unix(endpt->opts.unixsock); } else { - sock = nc_sock_listen_inet(address, port, &endpt->ka); + sock = nc_sock_listen_inet(address, port); } if (sock == -1) { @@ -2282,6 +2266,12 @@ nc_accept(int timeout, const struct ly_ctx *ctx, struct nc_session **session) } sock = ret; + /* configure keepalives */ + if (nc_sock_configure_ka(sock, &server_opts.endpts[bind_idx].ka)) { + msgtype = NC_MSG_ERROR; + goto cleanup; + } + *session = nc_new_session(NC_SERVER, 0); NC_CHECK_ERRMEM_GOTO(!(*session), msgtype = NC_MSG_ERROR, cleanup); (*session)->status = NC_STATUS_STARTING; From d51553e6c1e2057a5d93320986e831503f46fb8c Mon Sep 17 00:00:00 2001 From: Michal Vasko Date: Fri, 3 May 2024 12:04:58 +0200 Subject: [PATCH 5/6] SOVERSION bump to version 4.1.18 --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ae57198d..030083ea 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -66,7 +66,7 @@ set(LIBNETCONF2_VERSION ${LIBNETCONF2_MAJOR_VERSION}.${LIBNETCONF2_MINOR_VERSION # with backward compatible change and micro version is connected with any internal change of the library. set(LIBNETCONF2_MAJOR_SOVERSION 4) set(LIBNETCONF2_MINOR_SOVERSION 1) -set(LIBNETCONF2_MICRO_SOVERSION 17) +set(LIBNETCONF2_MICRO_SOVERSION 18) set(LIBNETCONF2_SOVERSION_FULL ${LIBNETCONF2_MAJOR_SOVERSION}.${LIBNETCONF2_MINOR_SOVERSION}.${LIBNETCONF2_MICRO_SOVERSION}) set(LIBNETCONF2_SOVERSION ${LIBNETCONF2_MAJOR_SOVERSION}) From 91df8c29da951ce0918eb50490de5f59eaef9ef5 Mon Sep 17 00:00:00 2001 From: Michal Vasko Date: Fri, 3 May 2024 12:05:07 +0200 Subject: [PATCH 6/6] VERSION bump to version 3.0.21 --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 030083ea..1348a63f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -58,7 +58,7 @@ set(CMAKE_MACOSX_RPATH TRUE) # micro version is changed with a set of small changes or bugfixes anywhere in the project. set(LIBNETCONF2_MAJOR_VERSION 3) set(LIBNETCONF2_MINOR_VERSION 0) -set(LIBNETCONF2_MICRO_VERSION 20) +set(LIBNETCONF2_MICRO_VERSION 21) set(LIBNETCONF2_VERSION ${LIBNETCONF2_MAJOR_VERSION}.${LIBNETCONF2_MINOR_VERSION}.${LIBNETCONF2_MICRO_VERSION}) # Version of the library