server config UPDATE add pw last modified oper getter

Roytak · Roytak · commit c5f8b945146e · 2025-11-21T18:39:16.000+09:00
diff --git a/src/server_config.c b/src/server_config.c
@@ -6307,4 +6307,121 @@ nc_server_config_oper_get_supported_tls_algs(const struct ly_ctx *ctx, struct ly
     return nc_server_config_oper_get_algs(ctx, mod, NULL, nc_tls_supported_cipher_suites, supported_algs);
 }
 
+API int
+nc_server_config_oper_get_user_password_last_modified(const struct ly_ctx *ctx, const char *ch_client,
+        const char *endpoint, const char *username, struct lyd_node **last_modified)
+{
+    int rc = 0, r, locked = 0;
+    LY_ARRAY_COUNT_TYPE i;
+    struct nc_server_ssh_opts *ssh_opts = NULL;
+    struct nc_endpt *endpt = NULL;
+    struct nc_ch_client *client = NULL;
+    struct nc_ch_endpt *ch_endpt = NULL;
+    time_t found_time = 0;
+    char *time_str = NULL, *path = NULL;
+
+    NC_CHECK_ARG_RET(NULL, endpoint, username, last_modified, 1);
+
+    *last_modified = NULL;
+
+    /* LOCK */
+    pthread_rwlock_rdlock(&server_opts.config_lock);
+    locked = 1;
+
+    if (ch_client) {
+        /* find the call-home client */
+        LY_ARRAY_FOR(server_opts.config.ch_clients, i) {
+            if (!strcmp(server_opts.config.ch_clients[i].name, ch_client)) {
+                client = &server_opts.config.ch_clients[i];
+                break;
+            }
+        }
+        if (!client) {
+            ERR(NULL, "Call-home client '%s' not found.", ch_client);
+            rc = 1;
+            goto cleanup;
+        }
+
+        /* find the endpoint */
+        LY_ARRAY_FOR(client->ch_endpts, struct nc_ch_endpt, ch_endpt) {
+            if (!strcmp(ch_endpt->name, endpoint) && (ch_endpt->ti == NC_TI_SSH)) {
+                ssh_opts = ch_endpt->opts.ssh;
+                break;
+            }
+        }
+
+        if (!ssh_opts) {
+            ERR(NULL, "Endpoint '%s' with SSH transport not found in call-home client '%s'.", endpoint, ch_client);
+            rc = 1;
+            goto cleanup;
+        }
+    } else {
+        /* no call-home client specified, search in listening endpoints */
+        LY_ARRAY_FOR(server_opts.config.endpts, struct nc_endpt, endpt) {
+            if (!strcmp(endpt->name, endpoint) && (endpt->ti == NC_TI_SSH)) {
+                ssh_opts = endpt->opts.ssh;
+                break;
+            }
+        }
+
+        if (!ssh_opts) {
+            ERR(NULL, "Endpoint '%s' with SSH transport not found in listening endpoints.", endpoint);
+            rc = 1;
+            goto cleanup;
+        }
+    }
+
+    /* find the SSH user */
+    LY_ARRAY_FOR(ssh_opts->auth_clients, i) {
+        if (!strcmp(ssh_opts->auth_clients[i].username, username)) {
+            found_time = ssh_opts->auth_clients[i].password_last_modified;
+            break;
+        }
+    }
+    if (i == LY_ARRAY_COUNT(ssh_opts->auth_clients)) {
+        ERR(NULL, "SSH user '%s' not found on endpoint '%s'.", username, endpoint);
+        rc = 1;
+        goto cleanup;
+    }
+
+    /* UNLOCK */
+    pthread_rwlock_unlock(&server_opts.config_lock);
+    locked = 0;
+
+    if (!found_time) {
+        /* password has never been modified */
+        goto cleanup;
+    }
+
+    /* convert time to string */
+    NC_CHECK_ERR_GOTO(ly_time_time2str(found_time, NULL, &time_str), rc = 1, cleanup);
+
+    /* create the path to the oper data node */
+    if (ch_client) {
+        r = asprintf(&path, "/ietf-netconf-server:netconf-server/call-home/netconf-client[name='%s']/endpoints/"
+                "endpoint[name='%s']/ssh/ssh-server-parameters/client-authentication/users/user[name='%s']/password/"
+                "last-modified", ch_client, endpoint, username);
+    } else {
+        r = asprintf(&path, "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='%s']/ssh/"
+                "ssh-server-parameters/client-authentication/users/user[name='%s']/password/last-modified",
+                endpoint, username);
+    }
+    if (r == -1) {
+        rc = 1;
+        ERRMEM;
+        goto cleanup;
+    }
+
+    /* create the operational data */
+    NC_CHECK_ERR_GOTO(lyd_new_path(NULL, ctx, path, time_str, 0, last_modified), rc = 1, cleanup);
+cleanup:
+    if (locked) {
+        /* UNLOCK */
+        pthread_rwlock_unlock(&server_opts.config_lock);
+    }
+    free(time_str);
+    free(path);
+    return rc;
+}
+
 #endif /* NC_ENABLED_SSH_TLS */
diff --git a/src/server_config.h b/src/server_config.h
@@ -348,6 +348,19 @@ int nc_server_config_oper_get_supported_ssh_algs(const struct ly_ctx *ctx, struc
  */
 int nc_server_config_oper_get_supported_tls_algs(const struct ly_ctx *ctx, struct lyd_node **supported_algs);
 
+/**
+ * @brief Gets the last modified time of an SSH user's password.
+ *
+ * @param[in] ctx libyang context.
+ * @param[in] ch_client Name of the call-home client the user is configured on. NULL if the user is on a listening endpoint.
+ * @param[in] endpoint Name of the endpoint the user is configured on. Can be either a listening or call-home endpoint.
+ * @param[in] username Name of the SSH user.
+ * @param[out] last_modified Operational data tree containing the last modified time.
+ * @return 0 on success, non-zero otherwise.
+ */
+int nc_server_config_oper_get_user_password_last_modified(const struct ly_ctx *ctx, const char *ch_client,
+        const char *endpoint, const char *username, struct lyd_node **last_modified);
+
 /**
  * @} Server Configuration Functions
  */
