From 933536e3ab6b0f78c80f5a2420f149c7f600b356 Mon Sep 17 00:00:00 2001 From: Emanuele Di Pascale Date: Tue, 13 Nov 2018 18:22:20 +0100 Subject: [PATCH] isisd: retrofit the 'area-password' and 'domain-password' cmds Signed-off-by: Emanuele Di Pascale --- isisd/isis_cli.c | 93 ++++++++++++++++++++++++++++++++++++++++ isisd/isis_cli.h | 4 ++ isisd/isis_northbound.c | 76 +++++++++++++++++++++++++++----- isisd/isis_vty_common.c | 62 --------------------------- isisd/isis_vty_common.h | 2 - isisd/isis_vty_fabricd.c | 62 +++++++++++++++++++++++++++ isisd/isis_vty_isisd.c | 29 ------------- 7 files changed, 225 insertions(+), 103 deletions(-) diff --git a/isisd/isis_cli.c b/isisd/isis_cli.c index 7f8b3d54f2..f1f5bbfec8 100644 --- a/isisd/isis_cli.c +++ b/isisd/isis_cli.c @@ -490,6 +490,95 @@ void cli_show_isis_metric_style(struct vty *vty, struct lyd_node *dnode, } } +/* + * XPath: /frr-isisd:isis/instance/area-password + */ +DEFPY(area_passwd, area_passwd_cmd, + "area-password $pwd_type WORD$pwd [authenticate snp $snp]", + "Configure the authentication password for an area\n" + "Clear-text authentication type\n" + "MD5 authentication type\n" + "Level-wide password\n" + "Authentication\n" + "SNP PDUs\n" + "Send but do not check PDUs on receiving\n" + "Send and check PDUs on receiving\n") +{ + nb_cli_enqueue_change(vty, "./area-password", NB_OP_CREATE, NULL); + nb_cli_enqueue_change(vty, "./area-password/password", NB_OP_MODIFY, + pwd); + nb_cli_enqueue_change(vty, "./area-password/password-type", + NB_OP_MODIFY, pwd_type); + nb_cli_enqueue_change(vty, "./area-password/authenticate-snp", + NB_OP_MODIFY, snp ? snp : "none"); + + return nb_cli_apply_changes(vty, NULL); +} + +void cli_show_isis_area_pwd(struct vty *vty, struct lyd_node *dnode, + bool show_defaults) +{ + const char *snp; + + vty_out(vty, " area-password %s %s", + yang_dnode_get_string(dnode, "./password-type"), + yang_dnode_get_string(dnode, "./password")); + snp = yang_dnode_get_string(dnode, "./authenticate-snp"); + if (!strmatch("none", snp)) + vty_out(vty, " authenticate snp %s", snp); + vty_out(vty, "\n"); +} + +/* + * XPath: /frr-isisd:isis/instance/domain-password + */ +DEFPY(domain_passwd, domain_passwd_cmd, + "domain-password $pwd_type WORD$pwd [authenticate snp $snp]", + "Set the authentication password for a routing domain\n" + "Clear-text authentication type\n" + "MD5 authentication type\n" + "Level-wide password\n" + "Authentication\n" + "SNP PDUs\n" + "Send but do not check PDUs on receiving\n" + "Send and check PDUs on receiving\n") +{ + nb_cli_enqueue_change(vty, "./domain-password", NB_OP_CREATE, NULL); + nb_cli_enqueue_change(vty, "./domain-password/password", NB_OP_MODIFY, + pwd); + nb_cli_enqueue_change(vty, "./domain-password/password-type", + NB_OP_MODIFY, pwd_type); + nb_cli_enqueue_change(vty, "./domain-password/authenticate-snp", + NB_OP_MODIFY, snp ? snp : "none"); + + return nb_cli_apply_changes(vty, NULL); +} + +DEFPY(no_area_passwd, no_area_passwd_cmd, + "no $cmd", + NO_STR + "Configure the authentication password for an area\n" + "Set the authentication password for a routing domain\n") +{ + nb_cli_enqueue_change(vty, ".", NB_OP_DELETE, NULL); + + return nb_cli_apply_changes(vty, "./%s", cmd); +} + +void cli_show_isis_domain_pwd(struct vty *vty, struct lyd_node *dnode, + bool show_defaults) +{ + const char *snp; + + vty_out(vty, " domain-password %s %s", + yang_dnode_get_string(dnode, "./password-type"), + yang_dnode_get_string(dnode, "./password")); + snp = yang_dnode_get_string(dnode, "./authenticate-snp"); + if (!strmatch("none", snp)) + vty_out(vty, " authenticate snp %s", snp); + vty_out(vty, "\n"); +} + void isis_cli_init(void) { install_element(CONFIG_NODE, &router_isis_cmd); @@ -511,6 +600,10 @@ void isis_cli_init(void) install_element(ISIS_NODE, &metric_style_cmd); install_element(ISIS_NODE, &no_metric_style_cmd); + + install_element(ISIS_NODE, &area_passwd_cmd); + install_element(ISIS_NODE, &domain_passwd_cmd); + install_element(ISIS_NODE, &no_area_passwd_cmd); } #endif /* ifndef FABRICD */ diff --git a/isisd/isis_cli.h b/isisd/isis_cli.h index dbb0a1a256..b55e5336d5 100644 --- a/isisd/isis_cli.h +++ b/isisd/isis_cli.h @@ -39,5 +39,9 @@ void cli_show_isis_overload(struct vty *vty, struct lyd_node *dnode, bool show_defaults); void cli_show_isis_metric_style(struct vty *vty, struct lyd_node *dnode, bool show_defaults); +void cli_show_isis_area_pwd(struct vty *vty, struct lyd_node *dnode, + bool show_defaults); +void cli_show_isis_domain_pwd(struct vty *vty, struct lyd_node *dnode, + bool show_defaults); #endif /* ISISD_ISIS_CLI_H_ */ diff --git a/isisd/isis_northbound.c b/isisd/isis_northbound.c index a9774d1a31..d8474e8819 100644 --- a/isisd/isis_northbound.c +++ b/isisd/isis_northbound.c @@ -537,18 +537,44 @@ isis_instance_spf_minimum_interval_level_2_modify(enum nb_event event, /* * XPath: /frr-isisd:isis/instance/area-password */ +static void area_password_apply_finish(const struct lyd_node *dnode) +{ + const char *password = yang_dnode_get_string(dnode, "./password"); + struct isis_area *area = yang_dnode_get_entry(dnode, true); + int pass_type = yang_dnode_get_enum(dnode, "./password-type"); + uint8_t snp_auth = yang_dnode_get_enum(dnode, "./authenticate-snp"); + + switch (pass_type) { + case ISIS_PASSWD_TYPE_CLEARTXT: + isis_area_passwd_cleartext_set(area, IS_LEVEL_1, password, + snp_auth); + break; + case ISIS_PASSWD_TYPE_HMAC_MD5: + isis_area_passwd_hmac_md5_set(area, IS_LEVEL_1, password, + snp_auth); + break; + } +} + static int isis_instance_area_password_create(enum nb_event event, const struct lyd_node *dnode, union nb_resource *resource) { - /* TODO: implement me. */ + /* actual setting is done in apply_finish */ return NB_OK; } static int isis_instance_area_password_delete(enum nb_event event, const struct lyd_node *dnode) { - /* TODO: implement me. */ + struct isis_area *area; + + if (event != NB_EV_APPLY) + return NB_OK; + + area = yang_dnode_get_entry(dnode, true); + isis_area_passwd_unset(area, IS_LEVEL_1); + return NB_OK; } @@ -560,7 +586,7 @@ isis_instance_area_password_password_modify(enum nb_event event, const struct lyd_node *dnode, union nb_resource *resource) { - /* TODO: implement me. */ + /* actual setting is done in apply_finish */ return NB_OK; } @@ -572,7 +598,7 @@ isis_instance_area_password_password_type_modify(enum nb_event event, const struct lyd_node *dnode, union nb_resource *resource) { - /* TODO: implement me. */ + /* actual setting is done in apply_finish */ return NB_OK; } @@ -583,25 +609,51 @@ static int isis_instance_area_password_authenticate_snp_modify( enum nb_event event, const struct lyd_node *dnode, union nb_resource *resource) { - /* TODO: implement me. */ + /* actual setting is done in apply_finish */ return NB_OK; } /* * XPath: /frr-isisd:isis/instance/domain-password */ +static void domain_password_apply_finish(const struct lyd_node *dnode) +{ + const char *password = yang_dnode_get_string(dnode, "./password"); + struct isis_area *area = yang_dnode_get_entry(dnode, true); + int pass_type = yang_dnode_get_enum(dnode, "./password-type"); + uint8_t snp_auth = yang_dnode_get_enum(dnode, "./authenticate-snp"); + + switch (pass_type) { + case ISIS_PASSWD_TYPE_CLEARTXT: + isis_area_passwd_cleartext_set(area, IS_LEVEL_2, password, + snp_auth); + break; + case ISIS_PASSWD_TYPE_HMAC_MD5: + isis_area_passwd_hmac_md5_set(area, IS_LEVEL_2, password, + snp_auth); + break; + } +} + static int isis_instance_domain_password_create(enum nb_event event, const struct lyd_node *dnode, union nb_resource *resource) { - /* TODO: implement me. */ + /* actual setting is done in apply_finish */ return NB_OK; } static int isis_instance_domain_password_delete(enum nb_event event, const struct lyd_node *dnode) { - /* TODO: implement me. */ + struct isis_area *area; + + if (event != NB_EV_APPLY) + return NB_OK; + + area = yang_dnode_get_entry(dnode, true); + isis_area_passwd_unset(area, IS_LEVEL_2); + return NB_OK; } @@ -613,7 +665,7 @@ isis_instance_domain_password_password_modify(enum nb_event event, const struct lyd_node *dnode, union nb_resource *resource) { - /* TODO: implement me. */ + /* actual setting is done in apply_finish */ return NB_OK; } @@ -625,7 +677,7 @@ isis_instance_domain_password_password_type_modify(enum nb_event event, const struct lyd_node *dnode, union nb_resource *resource) { - /* TODO: implement me. */ + /* actual setting is done in apply_finish */ return NB_OK; } @@ -636,7 +688,7 @@ static int isis_instance_domain_password_authenticate_snp_modify( enum nb_event event, const struct lyd_node *dnode, union nb_resource *resource) { - /* TODO: implement me. */ + /* actual setting is done in apply_finish */ return NB_OK; } @@ -1854,6 +1906,8 @@ const struct frr_yang_module_info frr_isisd_info = { .xpath = "/frr-isisd:isis/instance/area-password", .cbs.create = isis_instance_area_password_create, .cbs.delete = isis_instance_area_password_delete, + .cbs.apply_finish = area_password_apply_finish, + .cbs.cli_show = cli_show_isis_area_pwd, }, { .xpath = "/frr-isisd:isis/instance/area-password/password", @@ -1871,6 +1925,8 @@ const struct frr_yang_module_info frr_isisd_info = { .xpath = "/frr-isisd:isis/instance/domain-password", .cbs.create = isis_instance_domain_password_create, .cbs.delete = isis_instance_domain_password_delete, + .cbs.apply_finish = domain_password_apply_finish, + .cbs.cli_show = cli_show_isis_domain_pwd, }, { .xpath = "/frr-isisd:isis/instance/domain-password/password", diff --git a/isisd/isis_vty_common.c b/isisd/isis_vty_common.c index 62a01c1001..386d936e5f 100644 --- a/isisd/isis_vty_common.c +++ b/isisd/isis_vty_common.c @@ -760,65 +760,6 @@ DEFUN (no_lsp_refresh_interval, DEFAULT_MAX_LSP_GEN_INTERVAL); } -int isis_vty_password_set(struct vty *vty, int argc, - struct cmd_token *argv[], int level) -{ - VTY_DECLVAR_CONTEXT(isis_area, area); - - int idx_algo = 1; - int idx_password = 2; - int idx_snp_auth = 5; - uint8_t snp_auth = 0; - - const char *passwd = argv[idx_password]->arg; - if (strlen(passwd) > 254) { - vty_out(vty, "Too long area password (>254)\n"); - return CMD_WARNING_CONFIG_FAILED; - } - - if (argc > idx_snp_auth) { - snp_auth = SNP_AUTH_SEND; - if (strmatch(argv[idx_snp_auth]->text, "validate")) - snp_auth |= SNP_AUTH_RECV; - } - - if (strmatch(argv[idx_algo]->text, "clear")) { - return isis_area_passwd_cleartext_set(area, level, - passwd, snp_auth); - } else if (strmatch(argv[idx_algo]->text, "md5")) { - return isis_area_passwd_hmac_md5_set(area, level, - passwd, snp_auth); - } - - return CMD_WARNING_CONFIG_FAILED; -} - -DEFUN (domain_passwd, - domain_passwd_cmd, - "domain-password WORD [authenticate snp ]", - "Set the authentication password for a routing domain\n" - "Authentication type\n" - "Authentication type\n" - "Level-wide password\n" - "Authentication\n" - "SNP PDUs\n" - "Send but do not check PDUs on receiving\n" - "Send and check PDUs on receiving\n") -{ - return isis_vty_password_set(vty, argc, argv, IS_LEVEL_2); -} - -DEFUN (no_domain_passwd, - no_domain_passwd_cmd, - "no domain-password", - NO_STR - "Set the authentication password for a routing domain\n") -{ - VTY_DECLVAR_CONTEXT(isis_area, area); - - return isis_area_passwd_unset(area, IS_LEVEL_2); -} - void isis_vty_init(void) { install_element(INTERFACE_NODE, &isis_passive_cmd); @@ -865,9 +806,6 @@ void isis_vty_init(void) install_element(ROUTER_NODE, &lsp_refresh_interval_cmd); install_element(ROUTER_NODE, &no_lsp_refresh_interval_cmd); - install_element(ROUTER_NODE, &domain_passwd_cmd); - install_element(ROUTER_NODE, &no_domain_passwd_cmd); - install_element(ROUTER_NODE, &spf_delay_ietf_cmd); install_element(ROUTER_NODE, &no_spf_delay_ietf_cmd); diff --git a/isisd/isis_vty_common.h b/isisd/isis_vty_common.h index b726b4ee83..9d1aeb4d94 100644 --- a/isisd/isis_vty_common.h +++ b/isisd/isis_vty_common.h @@ -29,8 +29,6 @@ struct isis_circuit *isis_circuit_lookup(struct vty *vty); int isis_vty_max_lsp_lifetime_set(struct vty *vty, int level, uint16_t interval); int isis_vty_lsp_refresh_set(struct vty *vty, int level, uint16_t interval); int isis_vty_lsp_gen_interval_set(struct vty *vty, int level, uint16_t interval); -int isis_vty_password_set(struct vty *vty, int argc, - struct cmd_token *argv[], int level); void isis_vty_daemon_init(void); void isis_vty_init(void); diff --git a/isisd/isis_vty_fabricd.c b/isisd/isis_vty_fabricd.c index 2d16573924..79ad50a3eb 100644 --- a/isisd/isis_vty_fabricd.c +++ b/isisd/isis_vty_fabricd.c @@ -309,6 +309,65 @@ DEFUN (no_set_overload_bit, return CMD_SUCCESS; } +static int isis_vty_password_set(struct vty *vty, int argc, + struct cmd_token *argv[], int level) +{ + VTY_DECLVAR_CONTEXT(isis_area, area); + + int idx_algo = 1; + int idx_password = 2; + int idx_snp_auth = 5; + uint8_t snp_auth = 0; + + const char *passwd = argv[idx_password]->arg; + if (strlen(passwd) > 254) { + vty_out(vty, "Too long area password (>254)\n"); + return CMD_WARNING_CONFIG_FAILED; + } + + if (argc > idx_snp_auth) { + snp_auth = SNP_AUTH_SEND; + if (strmatch(argv[idx_snp_auth]->text, "validate")) + snp_auth |= SNP_AUTH_RECV; + } + + if (strmatch(argv[idx_algo]->text, "clear")) { + return isis_area_passwd_cleartext_set(area, level, + passwd, snp_auth); + } else if (strmatch(argv[idx_algo]->text, "md5")) { + return isis_area_passwd_hmac_md5_set(area, level, + passwd, snp_auth); + } + + return CMD_WARNING_CONFIG_FAILED; +} + +DEFUN (domain_passwd, + domain_passwd_cmd, + "domain-password WORD [authenticate snp ]", + "Set the authentication password for a routing domain\n" + "Authentication type\n" + "Authentication type\n" + "Level-wide password\n" + "Authentication\n" + "SNP PDUs\n" + "Send but do not check PDUs on receiving\n" + "Send and check PDUs on receiving\n") +{ + return isis_vty_password_set(vty, argc, argv, IS_LEVEL_2); +} + +DEFUN (no_domain_passwd, + no_domain_passwd_cmd, + "no domain-password", + NO_STR + "Set the authentication password for a routing domain\n") +{ + VTY_DECLVAR_CONTEXT(isis_area, area); + + return isis_area_passwd_unset(area, IS_LEVEL_2); +} + void isis_vty_daemon_init(void) { install_element(ROUTER_NODE, &fabric_tier_cmd); @@ -324,4 +383,7 @@ void isis_vty_daemon_init(void) install_element(ROUTER_NODE, &set_overload_bit_cmd); install_element(ROUTER_NODE, &no_set_overload_bit_cmd); + + install_element(ROUTER_NODE, &domain_passwd_cmd); + install_element(ROUTER_NODE, &no_domain_passwd_cmd); } diff --git a/isisd/isis_vty_isisd.c b/isisd/isis_vty_isisd.c index ce5c1dfadf..a62618ec88 100644 --- a/isisd/isis_vty_isisd.c +++ b/isisd/isis_vty_isisd.c @@ -580,32 +580,6 @@ DEFUN (no_lsp_refresh_interval_level, DEFAULT_MAX_LSP_GEN_INTERVAL); } -DEFUN (area_passwd, - area_passwd_cmd, - "area-password WORD [authenticate snp ]", - "Configure the authentication password for an area\n" - "Authentication type\n" - "Authentication type\n" - "Area password\n" - "Authentication\n" - "SNP PDUs\n" - "Send but do not check PDUs on receiving\n" - "Send and check PDUs on receiving\n") -{ - return isis_vty_password_set(vty, argc, argv, IS_LEVEL_1); -} - -DEFUN (no_area_passwd, - no_area_passwd_cmd, - "no area-password", - NO_STR - "Configure the authentication password for an area\n") -{ - VTY_DECLVAR_CONTEXT(isis_area, area); - - return isis_area_passwd_unset(area, IS_LEVEL_1); -} - void isis_vty_daemon_init(void) { install_element(INTERFACE_NODE, &isis_circuit_type_cmd); @@ -650,7 +624,4 @@ void isis_vty_daemon_init(void) install_element(ROUTER_NODE, &lsp_refresh_interval_level_cmd); install_element(ROUTER_NODE, &no_lsp_refresh_interval_level_cmd); - - install_element(ROUTER_NODE, &area_passwd_cmd); - install_element(ROUTER_NODE, &no_area_passwd_cmd); } -- 2.39.5