From 92a3898c4610a0d878b8d5d77c717bc94f33767b Mon Sep 17 00:00:00 2001
From: Olof hagsand <olof@hagsand.se>
Date: Tue, 9 Feb 2021 21:36:01 +0100
Subject: [PATCH] TSL->TLS, updated slack link, callhome docs

---
 README.md                                 |  2 +-
 fuzz/README.md                            |  2 +-
 util/clixon_netconf_ssh_callhome.c        | 40 ++++++++++++-----------
 util/clixon_netconf_ssh_callhome_client.c | 34 ++++++++++++-------
 yang/clixon/clixon-config@2020-11-03.yang |  4 +--
 yang/clixon/clixon-config@2020-12-30.yang |  4 +--
 6 files changed, 49 insertions(+), 37 deletions(-)

diff --git a/README.md b/README.md
index 3a51f0fe..33da87b3 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,6 @@ See [CHANGELOG.md](CHANGELOG.md) release history.
 
 Clixon interaction is best done posting issues, pull requests, or joining the
 [slack channel](https://clixondev.slack.com).
-[Slack invite](https://join.slack.com/t/clixondev/shared_invite/zt-jysz1bbp-Pua0_67fMWdPgG3GPbTIZA)
+[Slack invite](https://join.slack.com/t/clixondev/shared_invite/zt-l36yx3fp-Lmi3qJGQyu5PEC~Zxi2Z5Q) (updated 5/2 2021)
 
 Clixon is sponsored by [Rubicon Communications LLC(Netgate)](https://www.netgate.com/)
diff --git a/fuzz/README.md b/fuzz/README.md
index 0d71bacc..a4b4f90a 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -10,4 +10,4 @@ Some issues are as follows:
 - Internal protocol 1: The internal protocol uses XML but deviates from netconf by using a (binary) header where the length is encoded, instead of ']]>]]>' as a terminating string. AFL does not like that. By setting CLIXON_PROTO_PLAIN the internal protocol uses pure netconf (with some limitations).
 - Internal protocol 2: The internal protocol uses TCP unix sockets while AFL requires stdio. One can use a package called "preeny" to translate stdio into sockets. But it is slow.
 
-Restconf also has the extra problem of running TSL sockets.
\ No newline at end of file
+Restconf also has the extra problem of running TLS sockets.
\ No newline at end of file
diff --git a/util/clixon_netconf_ssh_callhome.c b/util/clixon_netconf_ssh_callhome.c
index 18d42cc1..bc552064 100644
--- a/util/clixon_netconf_ssh_callhome.c
+++ b/util/clixon_netconf_ssh_callhome.c
@@ -35,35 +35,37 @@
 
   * Create stream socket, connect to remote address, then exec sshd -e that takes over the 
   * tcp connection.
-        device                                 client
-  +-----------------+        tcp    4321 +-----------------+
-  | util_netconf_ssh| <----------------> |       xxx       |
-  |          |      |                    +-----------------+
-  |     exec v      |                        4322 | tcp
-  |                 |        ssh         +-----------------+
-  |     sshd -e     | <----------------> |       ssh       |
+
+   device/server                               client
+  +-----------------+   2) tcp connect   +-----------------+
+  |    callhome     | ---------------->  | callhome-client |
   +-----------------+                    +-----------------+
-           | stdio                                | stdio
+          | 3) c                                  ^
+          v                                    1) | 4)
+  +-----------------+        ssh         +-----------------+   5) stdio
+  |     sshd -i     | <----------------> |       ssh       |  <------  <rpc>...</rpc>]]>]]>"
+  +-----------------+                    |-----------------+   
+          | stdio                      
   +-----------------+
   | clixon_netconf  |
   +-----------------+
-           | 
+          | 
   +-----------------+
   | clixon_backend  |
   +-----------------+
 
-Example sshd-config (-c option):n
-  Port 2592
-  TCPKeepAlive yes
-  AuthorizedKeysFile ~.ssh/authorized_keys
-  Subsystem netconf /usr/local/bin/clixon_netconf
-
+1) Start ssh client using -o ProxyUseFdpass=yes -o ProxyCommand="callhome-client". 
+   Callhome-client listens on port 4334 for incoming TCP connections.
+2) Start callhome on server making tcp connect to client on port 4334 establishing a tcp stream
+3) Callhome starts sshd -i using the established stream socket (stdio)
+4) Callhome-client returns with an open stream socket to the ssh client establishing an SSH stream 
+   to server
+5) Client request sent on stdin to ssh client on established SSH stream using netconf subsystem
+   to clixon_netconf client
 
 ssh -s -v -o ProxyUseFdpass=yes -o ProxyCommand="clixon_netconf_ssh_callhome_client -a 127.0.0.1" . netconf
 sudo clixon_netconf_ssh_callhome -a 127.0.0.1 -c /var/tmp/./test_netconf_ssh_callhome.sh/conf_yang.xml
 
-ssh -s -v -o ProxyUseFdpass=yes -o ProxyCommand='/home/olof/src/clixon/util/clixon_netconf_ssh_callhome_client -a 0.0.0.0' -l olof . netconf
-sudo ./clixon_netconf_ssh_callhome -a 127.0.0.1 -c ./sshdcfg
  */
 
 #include <stdio.h>
@@ -103,7 +105,7 @@ callhome_connect(struct sockaddr *sa,
 }
 
 static int
-exec_sshd(int   s,
+ssh_server_exec(int   s,
 	  char *sshdbin,
 	  char *sshdconfigfile,
     	  char *clixonconfigfile,
@@ -291,7 +293,7 @@ main(int    argc,
     if (callhome_connect(sa, sin_len, &s) < 0)
 	goto done;
     /* For some reason this sshd returns -1 which is unclear why */
-    if (exec_sshd(s, sshdbin, sshdconfigfile, clixonconfigfile, dbg) < 0)
+    if (ssh_server_exec(s, sshdbin, sshdconfigfile, clixonconfigfile, dbg) < 0)
 	goto done;
     /* Should not reach here */
     if (s >= 0)
diff --git a/util/clixon_netconf_ssh_callhome_client.c b/util/clixon_netconf_ssh_callhome_client.c
index da5a7a68..ee6c5869 100644
--- a/util/clixon_netconf_ssh_callhome_client.c
+++ b/util/clixon_netconf_ssh_callhome_client.c
@@ -33,27 +33,37 @@
 
   ***** END LICENSE BLOCK *****
 
-  * Create stream listen socket, bind to address, then exec ssh client
-        device                                 client
-  +-----------------+        tcp    4321 +-----------------+
-  | util_netconf_ssh| <----------------> |       xxx       |
-  |          |      |                    +-----------------+
-  |     exec v      |                        4322 | tcp
-  |                 |        ssh         +-----------------+
-  |     sshd -e     | <----------------> |       ssh       |
+   device/server                               client
+  +-----------------+   2) tcp connect   +-----------------+
+  |    callhome     | ---------------->  | callhome-client |
   +-----------------+                    +-----------------+
-           | stdio                                | stdio
+          | 3) c                                  ^
+          v                                    1) | 4)
+  +-----------------+        ssh         +-----------------+   5) stdio
+  |     sshd -i     | <----------------> |       ssh       |  <------  <rpc>...</rpc>]]>]]>"
+  +-----------------+                    |-----------------+   
+          | stdio                      
   +-----------------+
   | clixon_netconf  |
   +-----------------+
-           | 
+          | 
   +-----------------+
   | clixon_backend  |
   +-----------------+
 
+1) Start ssh client using -o ProxyUseFdpass=yes -o ProxyCommand="callhome-client". 
+   Callhome-client listens on port 4334 for incoming TCP connections.
+2) Start callhome on server making tcp connect to client on port 4334 establishing a tcp stream
+3) Callhome starts sshd -i using the established stream socket (stdio)
+4) Callhome-client returns with an open stream socket to the ssh client establishing an SSH stream 
+   to server
+5) Client request sent on stdin to ssh client on established SSH stream using netconf subsystem
+   to clixon_netconf client
+
 Example sshd-config (-c option):n
-  ssh -s -v -o ProxyUseFdpass=yes -o ProxyCommand='/home/olof/src/clixon/util/clixon_netconf_ssh_callhome_client -a 0.0.0.0' -l olof . netconf
-  sudo ./clixon_netconf_ssh_callhome -a 127.0.0.1 -c ./sshdcfg
+  ssh -s -v -o ProxyUseFdpass=yes -o ProxyCommand="clixon_netconf_ssh_callhome_client -a 127.0.0.1" . netconf
+  sudo clixon_netconf_ssh_callhome -a 127.0.0.1
+
  */
 
 #include <stdio.h>
diff --git a/yang/clixon/clixon-config@2020-11-03.yang b/yang/clixon/clixon-config@2020-11-03.yang
index 75dd0f11..a90d2c4c 100644
--- a/yang/clixon/clixon-config@2020-11-03.yang
+++ b/yang/clixon/clixon-config@2020-11-03.yang
@@ -93,7 +93,7 @@ module clixon-config {
 	description
 	    "Added: CLICON_BACKEND_USER: drop of privileges to user,
                     CLICON_BACKEND_PRIVILEGES: how to drop privileges
-                    CLICON_NACM_CREDENTIALS: If and how to check backend sock priveleges with NACM
+                    CLICON_NACM_CREDENTIALS: If and how to check backend sock privileges with NACM
                     CLICON_NACM_RECOVERY_USER: Name of NACM recovery user.";
     }
     revision 2019-06-05 {
@@ -241,7 +241,7 @@ module clixon-config {
     }
     typedef priv_mode{
 	description
-	    "Privilege mode, used for dropping (or not) priveleges to a non-provileged
+	    "Privilege mode, used for dropping (or not) privileges to a non-provileged
              user after initialization";
 	type enumeration{
 	    enum none {
diff --git a/yang/clixon/clixon-config@2020-12-30.yang b/yang/clixon/clixon-config@2020-12-30.yang
index 1c59730e..ea3f46e8 100644
--- a/yang/clixon/clixon-config@2020-12-30.yang
+++ b/yang/clixon/clixon-config@2020-12-30.yang
@@ -104,7 +104,7 @@ module clixon-config {
 	description
 	    "Added: CLICON_BACKEND_USER: drop of privileges to user,
                     CLICON_BACKEND_PRIVILEGES: how to drop privileges
-                    CLICON_NACM_CREDENTIALS: If and how to check backend sock priveleges with NACM
+                    CLICON_NACM_CREDENTIALS: If and how to check backend sock privileges with NACM
                     CLICON_NACM_RECOVERY_USER: Name of NACM recovery user.";
     }
     revision 2019-06-05 {
@@ -252,7 +252,7 @@ module clixon-config {
     }
     typedef priv_mode{
 	description
-	    "Privilege mode, used for dropping (or not) priveleges to a non-provileged
+	    "Privilege mode, used for dropping (or not) privileges to a non-provileged
              user after initialization";
 	type enumeration{
 	    enum none {