isisd: retrofit the 'area-password' and 'domain-password' cmds

Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>

7 files changed, 225 insertions, 103 deletions

diff --git a/isisd/isis_cli.c b/isisd/isis_cli.c
index 7f8b3d54f2..f1f5bbfec8 100644
--- a/isisd/isis_cli.c
+++ b/isisd/isis_cli.c
@@ -490,6 +490,95 @@ void cli_show_isis_metric_style(struct vty *vty, struct lyd_node *dnode,
 	}
 }
 
+/*
+ * XPath: /frr-isisd:isis/instance/area-password
+ */
+DEFPY(area_passwd, area_passwd_cmd,
+      "area-password <clear|md5>$pwd_type WORD$pwd [authenticate snp <send-only|validate>$snp]",
+      "Configure the authentication password for an area\n"
+      "Clear-text authentication type\n"
+      "MD5 authentication type\n"
+      "Level-wide password\n"
+      "Authentication\n"
+      "SNP PDUs\n"
+      "Send but do not check PDUs on receiving\n"
+      "Send and check PDUs on receiving\n")
+{
+	nb_cli_enqueue_change(vty, "./area-password", NB_OP_CREATE, NULL);
+	nb_cli_enqueue_change(vty, "./area-password/password", NB_OP_MODIFY,
+			      pwd);
+	nb_cli_enqueue_change(vty, "./area-password/password-type",
+			      NB_OP_MODIFY, pwd_type);
+	nb_cli_enqueue_change(vty, "./area-password/authenticate-snp",
+			      NB_OP_MODIFY, snp ? snp : "none");
+
+	return nb_cli_apply_changes(vty, NULL);
+}
+
+void cli_show_isis_area_pwd(struct vty *vty, struct lyd_node *dnode,
+			    bool show_defaults)
+{
+	const char *snp;
+
+	vty_out(vty, " area-password %s %s",
+		yang_dnode_get_string(dnode, "./password-type"),
+		yang_dnode_get_string(dnode, "./password"));
+	snp = yang_dnode_get_string(dnode, "./authenticate-snp");
+	if (!strmatch("none", snp))
+		vty_out(vty, " authenticate snp %s", snp);
+	vty_out(vty, "\n");
+}
+
+/*
+ * XPath: /frr-isisd:isis/instance/domain-password
+ */
+DEFPY(domain_passwd, domain_passwd_cmd,
+      "domain-password <clear|md5>$pwd_type WORD$pwd [authenticate snp <send-only|validate>$snp]",
+      "Set the authentication password for a routing domain\n"
+      "Clear-text authentication type\n"
+      "MD5 authentication type\n"
+      "Level-wide password\n"
+      "Authentication\n"
+      "SNP PDUs\n"
+      "Send but do not check PDUs on receiving\n"
+      "Send and check PDUs on receiving\n")
+{
+	nb_cli_enqueue_change(vty, "./domain-password", NB_OP_CREATE, NULL);
+	nb_cli_enqueue_change(vty, "./domain-password/password", NB_OP_MODIFY,
+			      pwd);
+	nb_cli_enqueue_change(vty, "./domain-password/password-type",
+			      NB_OP_MODIFY, pwd_type);
+	nb_cli_enqueue_change(vty, "./domain-password/authenticate-snp",
+			      NB_OP_MODIFY, snp ? snp : "none");
+
+	return nb_cli_apply_changes(vty, NULL);
+}
+
+DEFPY(no_area_passwd, no_area_passwd_cmd,
+      "no <area-password|domain-password>$cmd",
+      NO_STR
+      "Configure the authentication password for an area\n"
+      "Set the authentication password for a routing domain\n")
+{
+	nb_cli_enqueue_change(vty, ".", NB_OP_DELETE, NULL);
+
+	return nb_cli_apply_changes(vty, "./%s", cmd);
+}
+
+void cli_show_isis_domain_pwd(struct vty *vty, struct lyd_node *dnode,
+			      bool show_defaults)
+{
+	const char *snp;
+
+	vty_out(vty, " domain-password %s %s",
+		yang_dnode_get_string(dnode, "./password-type"),
+		yang_dnode_get_string(dnode, "./password"));
+	snp = yang_dnode_get_string(dnode, "./authenticate-snp");
+	if (!strmatch("none", snp))
+		vty_out(vty, " authenticate snp %s", snp);
+	vty_out(vty, "\n");
+}
+
 void isis_cli_init(void)
 {
 	install_element(CONFIG_NODE, &router_isis_cmd);
@@ -511,6 +600,10 @@ void isis_cli_init(void)
 
 	install_element(ISIS_NODE, &metric_style_cmd);
 	install_element(ISIS_NODE, &no_metric_style_cmd);
+
+	install_element(ISIS_NODE, &area_passwd_cmd);
+	install_element(ISIS_NODE, &domain_passwd_cmd);
+	install_element(ISIS_NODE, &no_area_passwd_cmd);
 }
 
 #endif /* ifndef FABRICD */
diff --git a/isisd/isis_cli.h b/isisd/isis_cli.h
index dbb0a1a256..b55e5336d5 100644
--- a/isisd/isis_cli.h
+++ b/isisd/isis_cli.h
@@ -39,5 +39,9 @@ void cli_show_isis_overload(struct vty *vty, struct lyd_node *dnode,
 			    bool show_defaults);
 void cli_show_isis_metric_style(struct vty *vty, struct lyd_node *dnode,
 				bool show_defaults);
+void cli_show_isis_area_pwd(struct vty *vty, struct lyd_node *dnode,
+			    bool show_defaults);
+void cli_show_isis_domain_pwd(struct vty *vty, struct lyd_node *dnode,
+			      bool show_defaults);
 
 #endif /* ISISD_ISIS_CLI_H_ */
diff --git a/isisd/isis_northbound.c b/isisd/isis_northbound.c
index a9774d1a31..d8474e8819 100644
--- a/isisd/isis_northbound.c
+++ b/isisd/isis_northbound.c
@@ -537,18 +537,44 @@ isis_instance_spf_minimum_interval_level_2_modify(enum nb_event event,
 /*
  * XPath: /frr-isisd:isis/instance/area-password
  */
+static void area_password_apply_finish(const struct lyd_node *dnode)
+{
+	const char *password = yang_dnode_get_string(dnode, "./password");
+	struct isis_area *area = yang_dnode_get_entry(dnode, true);
+	int pass_type = yang_dnode_get_enum(dnode, "./password-type");
+	uint8_t snp_auth = yang_dnode_get_enum(dnode, "./authenticate-snp");
+
+	switch (pass_type) {
+	case ISIS_PASSWD_TYPE_CLEARTXT:
+		isis_area_passwd_cleartext_set(area, IS_LEVEL_1, password,
+					       snp_auth);
+		break;
+	case ISIS_PASSWD_TYPE_HMAC_MD5:
+		isis_area_passwd_hmac_md5_set(area, IS_LEVEL_1, password,
+					      snp_auth);
+		break;
+	}
+}
+
 static int isis_instance_area_password_create(enum nb_event event,
 					      const struct lyd_node *dnode,
 					      union nb_resource *resource)
 {
-	/* TODO: implement me. */
+	/* actual setting is done in apply_finish */
 	return NB_OK;
 }
 
 static int isis_instance_area_password_delete(enum nb_event event,
 					      const struct lyd_node *dnode)
 {
-	/* TODO: implement me. */
+	struct isis_area *area;
+
+	if (event != NB_EV_APPLY)
+		return NB_OK;
+
+	area = yang_dnode_get_entry(dnode, true);
+	isis_area_passwd_unset(area, IS_LEVEL_1);
+
 	return NB_OK;
 }
 
@@ -560,7 +586,7 @@ isis_instance_area_password_password_modify(enum nb_event event,
 					    const struct lyd_node *dnode,
 					    union nb_resource *resource)
 {
-	/* TODO: implement me. */
+	/* actual setting is done in apply_finish */
 	return NB_OK;
 }
 
@@ -572,7 +598,7 @@ isis_instance_area_password_password_type_modify(enum nb_event event,
 						 const struct lyd_node *dnode,
 						 union nb_resource *resource)
 {
-	/* TODO: implement me. */
+	/* actual setting is done in apply_finish */
 	return NB_OK;
 }
 
@@ -583,25 +609,51 @@ static int isis_instance_area_password_authenticate_snp_modify(
 	enum nb_event event, const struct lyd_node *dnode,
 	union nb_resource *resource)
 {
-	/* TODO: implement me. */
+	/* actual setting is done in apply_finish */
 	return NB_OK;
 }
 
 /*
  * XPath: /frr-isisd:isis/instance/domain-password
  */
+static void domain_password_apply_finish(const struct lyd_node *dnode)
+{
+	const char *password = yang_dnode_get_string(dnode, "./password");
+	struct isis_area *area = yang_dnode_get_entry(dnode, true);
+	int pass_type = yang_dnode_get_enum(dnode, "./password-type");
+	uint8_t snp_auth = yang_dnode_get_enum(dnode, "./authenticate-snp");
+
+	switch (pass_type) {
+	case ISIS_PASSWD_TYPE_CLEARTXT:
+		isis_area_passwd_cleartext_set(area, IS_LEVEL_2, password,
+					       snp_auth);
+		break;
+	case ISIS_PASSWD_TYPE_HMAC_MD5:
+		isis_area_passwd_hmac_md5_set(area, IS_LEVEL_2, password,
+					      snp_auth);
+		break;
+	}
+}
+
 static int isis_instance_domain_password_create(enum nb_event event,
 						const struct lyd_node *dnode,
 						union nb_resource *resource)
 {
-	/* TODO: implement me. */
+	/* actual setting is done in apply_finish */
 	return NB_OK;
 }
 
 static int isis_instance_domain_password_delete(enum nb_event event,
 						const struct lyd_node *dnode)
 {
-	/* TODO: implement me. */
+	struct isis_area *area;
+
+	if (event != NB_EV_APPLY)
+		return NB_OK;
+
+	area = yang_dnode_get_entry(dnode, true);
+	isis_area_passwd_unset(area, IS_LEVEL_2);
+
 	return NB_OK;
 }
 
@@ -613,7 +665,7 @@ isis_instance_domain_password_password_modify(enum nb_event event,
 					      const struct lyd_node *dnode,
 					      union nb_resource *resource)
 {
-	/* TODO: implement me. */
+	/* actual setting is done in apply_finish */
 	return NB_OK;
 }
 
@@ -625,7 +677,7 @@ isis_instance_domain_password_password_type_modify(enum nb_event event,
 						   const struct lyd_node *dnode,
 						   union nb_resource *resource)
 {
-	/* TODO: implement me. */
+	/* actual setting is done in apply_finish */
 	return NB_OK;
 }
 
@@ -636,7 +688,7 @@ static int isis_instance_domain_password_authenticate_snp_modify(
 	enum nb_event event, const struct lyd_node *dnode,
 	union nb_resource *resource)
 {
-	/* TODO: implement me. */
+	/* actual setting is done in apply_finish */
 	return NB_OK;
 }
 
@@ -1854,6 +1906,8 @@ const struct frr_yang_module_info frr_isisd_info = {
 			.xpath = "/frr-isisd:isis/instance/area-password",
 			.cbs.create = isis_instance_area_password_create,
 			.cbs.delete = isis_instance_area_password_delete,
+			.cbs.apply_finish = area_password_apply_finish,
+			.cbs.cli_show = cli_show_isis_area_pwd,
 		},
 		{
 			.xpath = "/frr-isisd:isis/instance/area-password/password",
@@ -1871,6 +1925,8 @@ const struct frr_yang_module_info frr_isisd_info = {
 			.xpath = "/frr-isisd:isis/instance/domain-password",
 			.cbs.create = isis_instance_domain_password_create,
 			.cbs.delete = isis_instance_domain_password_delete,
+			.cbs.apply_finish = domain_password_apply_finish,
+			.cbs.cli_show = cli_show_isis_domain_pwd,
 		},
 		{
 			.xpath = "/frr-isisd:isis/instance/domain-password/password",
diff --git a/isisd/isis_vty_common.c b/isisd/isis_vty_common.c
index 62a01c1001..386d936e5f 100644
--- a/isisd/isis_vty_common.c
+++ b/isisd/isis_vty_common.c
@@ -760,65 +760,6 @@ DEFUN (no_lsp_refresh_interval,
 					DEFAULT_MAX_LSP_GEN_INTERVAL);
 }
 
-int isis_vty_password_set(struct vty *vty, int argc,
-			  struct cmd_token *argv[], int level)
-{
-	VTY_DECLVAR_CONTEXT(isis_area, area);
-
-	int idx_algo = 1;
-	int idx_password = 2;
-	int idx_snp_auth = 5;
-	uint8_t snp_auth = 0;
-
-	const char *passwd = argv[idx_password]->arg;
-	if (strlen(passwd) > 254) {
-		vty_out(vty, "Too long area password (>254)\n");
-		return CMD_WARNING_CONFIG_FAILED;
-	}
-
-	if (argc > idx_snp_auth) {
-		snp_auth = SNP_AUTH_SEND;
-		if (strmatch(argv[idx_snp_auth]->text, "validate"))
-			snp_auth |= SNP_AUTH_RECV;
-	}
-
-	if (strmatch(argv[idx_algo]->text, "clear")) {
-		return isis_area_passwd_cleartext_set(area, level,
-						      passwd, snp_auth);
-	} else if (strmatch(argv[idx_algo]->text, "md5")) {
-		return isis_area_passwd_hmac_md5_set(area, level,
-						     passwd, snp_auth);
-	}
-	
-	return CMD_WARNING_CONFIG_FAILED;
-}
-
-DEFUN (domain_passwd,
-       domain_passwd_cmd,
-       "domain-password <clear|md5> WORD [authenticate snp <send-only|validate>]",
-       "Set the authentication password for a routing domain\n"
-       "Authentication type\n"
-       "Authentication type\n"
-       "Level-wide password\n"
-       "Authentication\n"
-       "SNP PDUs\n"
-       "Send but do not check PDUs on receiving\n"
-       "Send and check PDUs on receiving\n")
-{
-	return isis_vty_password_set(vty, argc, argv, IS_LEVEL_2);
-}
-
-DEFUN (no_domain_passwd,
-       no_domain_passwd_cmd,
-       "no domain-password",
-       NO_STR
-       "Set the authentication password for a routing domain\n")
-{
-	VTY_DECLVAR_CONTEXT(isis_area, area);
-
-	return isis_area_passwd_unset(area, IS_LEVEL_2);
-}
-
 void isis_vty_init(void)
 {
 	install_element(INTERFACE_NODE, &isis_passive_cmd);
@@ -865,9 +806,6 @@ void isis_vty_init(void)
 	install_element(ROUTER_NODE, &lsp_refresh_interval_cmd);
 	install_element(ROUTER_NODE, &no_lsp_refresh_interval_cmd);
 
-	install_element(ROUTER_NODE, &domain_passwd_cmd);
-	install_element(ROUTER_NODE, &no_domain_passwd_cmd);
-
 	install_element(ROUTER_NODE, &spf_delay_ietf_cmd);
 	install_element(ROUTER_NODE, &no_spf_delay_ietf_cmd);
 
diff --git a/isisd/isis_vty_common.h b/isisd/isis_vty_common.h
index b726b4ee83..9d1aeb4d94 100644
--- a/isisd/isis_vty_common.h
+++ b/isisd/isis_vty_common.h
@@ -29,8 +29,6 @@ struct isis_circuit *isis_circuit_lookup(struct vty *vty);
 int isis_vty_max_lsp_lifetime_set(struct vty *vty, int level, uint16_t interval);
 int isis_vty_lsp_refresh_set(struct vty *vty, int level, uint16_t interval);
 int isis_vty_lsp_gen_interval_set(struct vty *vty, int level, uint16_t interval);
-int isis_vty_password_set(struct vty *vty, int argc,
-			  struct cmd_token *argv[], int level);
 
 void isis_vty_daemon_init(void);
 void isis_vty_init(void);
diff --git a/isisd/isis_vty_fabricd.c b/isisd/isis_vty_fabricd.c
index 2d16573924..79ad50a3eb 100644
--- a/isisd/isis_vty_fabricd.c
+++ b/isisd/isis_vty_fabricd.c
@@ -309,6 +309,65 @@ DEFUN (no_set_overload_bit,
 	return CMD_SUCCESS;
 }
 
+static int isis_vty_password_set(struct vty *vty, int argc,
+			  struct cmd_token *argv[], int level)
+{
+	VTY_DECLVAR_CONTEXT(isis_area, area);
+
+	int idx_algo = 1;
+	int idx_password = 2;
+	int idx_snp_auth = 5;
+	uint8_t snp_auth = 0;
+
+	const char *passwd = argv[idx_password]->arg;
+	if (strlen(passwd) > 254) {
+		vty_out(vty, "Too long area password (>254)\n");
+		return CMD_WARNING_CONFIG_FAILED;
+	}
+
+	if (argc > idx_snp_auth) {
+		snp_auth = SNP_AUTH_SEND;
+		if (strmatch(argv[idx_snp_auth]->text, "validate"))
+			snp_auth |= SNP_AUTH_RECV;
+	}
+
+	if (strmatch(argv[idx_algo]->text, "clear")) {
+		return isis_area_passwd_cleartext_set(area, level,
+						      passwd, snp_auth);
+	} else if (strmatch(argv[idx_algo]->text, "md5")) {
+		return isis_area_passwd_hmac_md5_set(area, level,
+						     passwd, snp_auth);
+	}
+
+	return CMD_WARNING_CONFIG_FAILED;
+}
+
+DEFUN (domain_passwd,
+       domain_passwd_cmd,
+       "domain-password <clear|md5> WORD [authenticate snp <send-only|validate>]",
+       "Set the authentication password for a routing domain\n"
+       "Authentication type\n"
+       "Authentication type\n"
+       "Level-wide password\n"
+       "Authentication\n"
+       "SNP PDUs\n"
+       "Send but do not check PDUs on receiving\n"
+       "Send and check PDUs on receiving\n")
+{
+	return isis_vty_password_set(vty, argc, argv, IS_LEVEL_2);
+}
+
+DEFUN (no_domain_passwd,
+       no_domain_passwd_cmd,
+       "no domain-password",
+       NO_STR
+       "Set the authentication password for a routing domain\n")
+{
+	VTY_DECLVAR_CONTEXT(isis_area, area);
+
+	return isis_area_passwd_unset(area, IS_LEVEL_2);
+}
+
 void isis_vty_daemon_init(void)
 {
 	install_element(ROUTER_NODE, &fabric_tier_cmd);
@@ -324,4 +383,7 @@ void isis_vty_daemon_init(void)
 
 	install_element(ROUTER_NODE, &set_overload_bit_cmd);
 	install_element(ROUTER_NODE, &no_set_overload_bit_cmd);
+
+	install_element(ROUTER_NODE, &domain_passwd_cmd);
+	install_element(ROUTER_NODE, &no_domain_passwd_cmd);
 }
diff --git a/isisd/isis_vty_isisd.c b/isisd/isis_vty_isisd.c
index ce5c1dfadf..a62618ec88 100644
--- a/isisd/isis_vty_isisd.c
+++ b/isisd/isis_vty_isisd.c
@@ -580,32 +580,6 @@ DEFUN (no_lsp_refresh_interval_level,
 					DEFAULT_MAX_LSP_GEN_INTERVAL);
 }
 
-DEFUN (area_passwd,
-       area_passwd_cmd,
-       "area-password <clear|md5> WORD [authenticate snp <send-only|validate>]",
-       "Configure the authentication password for an area\n"
-       "Authentication type\n"
-       "Authentication type\n"
-       "Area password\n"
-       "Authentication\n"
-       "SNP PDUs\n"
-       "Send but do not check PDUs on receiving\n"
-       "Send and check PDUs on receiving\n")
-{
-	return isis_vty_password_set(vty, argc, argv, IS_LEVEL_1);
-}
-
-DEFUN (no_area_passwd,
-       no_area_passwd_cmd,
-       "no area-password",
-       NO_STR
-       "Configure the authentication password for an area\n")
-{
-	VTY_DECLVAR_CONTEXT(isis_area, area);
-
-	return isis_area_passwd_unset(area, IS_LEVEL_1);
-}
-
 void isis_vty_daemon_init(void)
 {
 	install_element(INTERFACE_NODE, &isis_circuit_type_cmd);
@@ -650,7 +624,4 @@ void isis_vty_daemon_init(void)
 
 	install_element(ROUTER_NODE, &lsp_refresh_interval_level_cmd);
 	install_element(ROUTER_NODE, &no_lsp_refresh_interval_level_cmd);
-
-	install_element(ROUTER_NODE, &area_passwd_cmd);
-	install_element(ROUTER_NODE, &no_area_passwd_cmd);
 }