diff --git a/README.md b/README.md
index 3a51f0fe..33da87b3 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,6 @@ See [CHANGELOG.md](CHANGELOG.md) release history.
Clixon interaction is best done posting issues, pull requests, or joining the
[slack channel](https://clixondev.slack.com).
-[Slack invite](https://join.slack.com/t/clixondev/shared_invite/zt-jysz1bbp-Pua0_67fMWdPgG3GPbTIZA)
+[Slack invite](https://join.slack.com/t/clixondev/shared_invite/zt-l36yx3fp-Lmi3qJGQyu5PEC~Zxi2Z5Q) (updated 5/2 2021)
Clixon is sponsored by [Rubicon Communications LLC(Netgate)](https://www.netgate.com/)
diff --git a/fuzz/README.md b/fuzz/README.md
index 0d71bacc..a4b4f90a 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -10,4 +10,4 @@ Some issues are as follows:
- Internal protocol 1: The internal protocol uses XML but deviates from netconf by using a (binary) header where the length is encoded, instead of ']]>]]>' as a terminating string. AFL does not like that. By setting CLIXON_PROTO_PLAIN the internal protocol uses pure netconf (with some limitations).
- Internal protocol 2: The internal protocol uses TCP unix sockets while AFL requires stdio. One can use a package called "preeny" to translate stdio into sockets. But it is slow.
-Restconf also has the extra problem of running TSL sockets.
\ No newline at end of file
+Restconf also has the extra problem of running TLS sockets.
\ No newline at end of file
diff --git a/util/clixon_netconf_ssh_callhome.c b/util/clixon_netconf_ssh_callhome.c
index 18d42cc1..bc552064 100644
--- a/util/clixon_netconf_ssh_callhome.c
+++ b/util/clixon_netconf_ssh_callhome.c
@@ -35,35 +35,37 @@
* Create stream socket, connect to remote address, then exec sshd -e that takes over the
* tcp connection.
- device client
- +-----------------+ tcp 4321 +-----------------+
- | util_netconf_ssh| <----------------> | xxx |
- | | | +-----------------+
- | exec v | 4322 | tcp
- | | ssh +-----------------+
- | sshd -e | <----------------> | ssh |
+
+ device/server client
+ +-----------------+ 2) tcp connect +-----------------+
+ | callhome | ----------------> | callhome-client |
+-----------------+ +-----------------+
- | stdio | stdio
+ | 3) c ^
+ v 1) | 4)
+ +-----------------+ ssh +-----------------+ 5) stdio
+ | sshd -i | <----------------> | ssh | <------ ...]]>]]>"
+ +-----------------+ |-----------------+
+ | stdio
+-----------------+
| clixon_netconf |
+-----------------+
- |
+ |
+-----------------+
| clixon_backend |
+-----------------+
-Example sshd-config (-c option):n
- Port 2592
- TCPKeepAlive yes
- AuthorizedKeysFile ~.ssh/authorized_keys
- Subsystem netconf /usr/local/bin/clixon_netconf
-
+1) Start ssh client using -o ProxyUseFdpass=yes -o ProxyCommand="callhome-client".
+ Callhome-client listens on port 4334 for incoming TCP connections.
+2) Start callhome on server making tcp connect to client on port 4334 establishing a tcp stream
+3) Callhome starts sshd -i using the established stream socket (stdio)
+4) Callhome-client returns with an open stream socket to the ssh client establishing an SSH stream
+ to server
+5) Client request sent on stdin to ssh client on established SSH stream using netconf subsystem
+ to clixon_netconf client
ssh -s -v -o ProxyUseFdpass=yes -o ProxyCommand="clixon_netconf_ssh_callhome_client -a 127.0.0.1" . netconf
sudo clixon_netconf_ssh_callhome -a 127.0.0.1 -c /var/tmp/./test_netconf_ssh_callhome.sh/conf_yang.xml
-ssh -s -v -o ProxyUseFdpass=yes -o ProxyCommand='/home/olof/src/clixon/util/clixon_netconf_ssh_callhome_client -a 0.0.0.0' -l olof . netconf
-sudo ./clixon_netconf_ssh_callhome -a 127.0.0.1 -c ./sshdcfg
*/
#include
@@ -103,7 +105,7 @@ callhome_connect(struct sockaddr *sa,
}
static int
-exec_sshd(int s,
+ssh_server_exec(int s,
char *sshdbin,
char *sshdconfigfile,
char *clixonconfigfile,
@@ -291,7 +293,7 @@ main(int argc,
if (callhome_connect(sa, sin_len, &s) < 0)
goto done;
/* For some reason this sshd returns -1 which is unclear why */
- if (exec_sshd(s, sshdbin, sshdconfigfile, clixonconfigfile, dbg) < 0)
+ if (ssh_server_exec(s, sshdbin, sshdconfigfile, clixonconfigfile, dbg) < 0)
goto done;
/* Should not reach here */
if (s >= 0)
diff --git a/util/clixon_netconf_ssh_callhome_client.c b/util/clixon_netconf_ssh_callhome_client.c
index da5a7a68..ee6c5869 100644
--- a/util/clixon_netconf_ssh_callhome_client.c
+++ b/util/clixon_netconf_ssh_callhome_client.c
@@ -33,27 +33,37 @@
***** END LICENSE BLOCK *****
- * Create stream listen socket, bind to address, then exec ssh client
- device client
- +-----------------+ tcp 4321 +-----------------+
- | util_netconf_ssh| <----------------> | xxx |
- | | | +-----------------+
- | exec v | 4322 | tcp
- | | ssh +-----------------+
- | sshd -e | <----------------> | ssh |
+ device/server client
+ +-----------------+ 2) tcp connect +-----------------+
+ | callhome | ----------------> | callhome-client |
+-----------------+ +-----------------+
- | stdio | stdio
+ | 3) c ^
+ v 1) | 4)
+ +-----------------+ ssh +-----------------+ 5) stdio
+ | sshd -i | <----------------> | ssh | <------ ...]]>]]>"
+ +-----------------+ |-----------------+
+ | stdio
+-----------------+
| clixon_netconf |
+-----------------+
- |
+ |
+-----------------+
| clixon_backend |
+-----------------+
+1) Start ssh client using -o ProxyUseFdpass=yes -o ProxyCommand="callhome-client".
+ Callhome-client listens on port 4334 for incoming TCP connections.
+2) Start callhome on server making tcp connect to client on port 4334 establishing a tcp stream
+3) Callhome starts sshd -i using the established stream socket (stdio)
+4) Callhome-client returns with an open stream socket to the ssh client establishing an SSH stream
+ to server
+5) Client request sent on stdin to ssh client on established SSH stream using netconf subsystem
+ to clixon_netconf client
+
Example sshd-config (-c option):n
- ssh -s -v -o ProxyUseFdpass=yes -o ProxyCommand='/home/olof/src/clixon/util/clixon_netconf_ssh_callhome_client -a 0.0.0.0' -l olof . netconf
- sudo ./clixon_netconf_ssh_callhome -a 127.0.0.1 -c ./sshdcfg
+ ssh -s -v -o ProxyUseFdpass=yes -o ProxyCommand="clixon_netconf_ssh_callhome_client -a 127.0.0.1" . netconf
+ sudo clixon_netconf_ssh_callhome -a 127.0.0.1
+
*/
#include
diff --git a/yang/clixon/clixon-config@2020-11-03.yang b/yang/clixon/clixon-config@2020-11-03.yang
index 75dd0f11..a90d2c4c 100644
--- a/yang/clixon/clixon-config@2020-11-03.yang
+++ b/yang/clixon/clixon-config@2020-11-03.yang
@@ -93,7 +93,7 @@ module clixon-config {
description
"Added: CLICON_BACKEND_USER: drop of privileges to user,
CLICON_BACKEND_PRIVILEGES: how to drop privileges
- CLICON_NACM_CREDENTIALS: If and how to check backend sock priveleges with NACM
+ CLICON_NACM_CREDENTIALS: If and how to check backend sock privileges with NACM
CLICON_NACM_RECOVERY_USER: Name of NACM recovery user.";
}
revision 2019-06-05 {
@@ -241,7 +241,7 @@ module clixon-config {
}
typedef priv_mode{
description
- "Privilege mode, used for dropping (or not) priveleges to a non-provileged
+ "Privilege mode, used for dropping (or not) privileges to a non-provileged
user after initialization";
type enumeration{
enum none {
diff --git a/yang/clixon/clixon-config@2020-12-30.yang b/yang/clixon/clixon-config@2020-12-30.yang
index 1c59730e..ea3f46e8 100644
--- a/yang/clixon/clixon-config@2020-12-30.yang
+++ b/yang/clixon/clixon-config@2020-12-30.yang
@@ -104,7 +104,7 @@ module clixon-config {
description
"Added: CLICON_BACKEND_USER: drop of privileges to user,
CLICON_BACKEND_PRIVILEGES: how to drop privileges
- CLICON_NACM_CREDENTIALS: If and how to check backend sock priveleges with NACM
+ CLICON_NACM_CREDENTIALS: If and how to check backend sock privileges with NACM
CLICON_NACM_RECOVERY_USER: Name of NACM recovery user.";
}
revision 2019-06-05 {
@@ -252,7 +252,7 @@ module clixon-config {
}
typedef priv_mode{
description
- "Privilege mode, used for dropping (or not) priveleges to a non-provileged
+ "Privilege mode, used for dropping (or not) privileges to a non-provileged
user after initialization";
type enumeration{
enum none {