diff options
Diffstat (limited to 'include/net-snmp/library/vacm.h')
| -rw-r--r-- | include/net-snmp/library/vacm.h | 266 |
1 files changed, 266 insertions, 0 deletions
diff --git a/include/net-snmp/library/vacm.h b/include/net-snmp/library/vacm.h new file mode 100644 index 0000000..a5be6ac --- /dev/null +++ b/include/net-snmp/library/vacm.h @@ -0,0 +1,266 @@ +/* + * vacm.h + * + * SNMPv3 View-based Access Control Model + */ + +#ifndef VACM_H +#define VACM_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define VACM_SUCCESS 0 +#define VACM_NOSECNAME 1 +#define VACM_NOGROUP 2 +#define VACM_NOACCESS 3 +#define VACM_NOVIEW 4 +#define VACM_NOTINVIEW 5 +#define VACM_NOSUCHCONTEXT 6 +#define VACM_SUBTREE_UNKNOWN 7 + +#define SECURITYMODEL 1 +#define SECURITYNAME 2 +#define SECURITYGROUP 3 +#define SECURITYSTORAGE 4 +#define SECURITYSTATUS 5 + +#define ACCESSPREFIX 1 +#define ACCESSMODEL 2 +#define ACCESSLEVEL 3 +#define ACCESSMATCH 4 +#define ACCESSREAD 5 +#define ACCESSWRITE 6 +#define ACCESSNOTIFY 7 +#define ACCESSSTORAGE 8 +#define ACCESSSTATUS 9 + +#define VACMVIEWSPINLOCK 1 +#define VIEWNAME 2 +#define VIEWSUBTREE 3 +#define VIEWMASK 4 +#define VIEWTYPE 5 +#define VIEWSTORAGE 6 +#define VIEWSTATUS 7 + +#define VACM_MAX_STRING 32 +#define VACMSTRINGLEN 34 /* VACM_MAX_STRING + 2 */ + + struct vacm_groupEntry { + int securityModel; + char securityName[VACMSTRINGLEN]; + char groupName[VACMSTRINGLEN]; + int storageType; + int status; + + u_long bitMask; + struct vacm_groupEntry *reserved; + struct vacm_groupEntry *next; + }; + +#define CONTEXT_MATCH_EXACT 1 +#define CONTEXT_MATCH_PREFIX 2 + +/* VIEW ENUMS ---------------------------------------- */ + +/* SNMPD usage: get/set/send-notification views */ +#define VACM_VIEW_READ 0 +#define VACM_VIEW_WRITE 1 +#define VACM_VIEW_NOTIFY 2 + +/* SNMPTRAPD usage: log execute and net-access (forward) usage */ +#define VACM_VIEW_LOG 3 +#define VACM_VIEW_EXECUTE 4 +#define VACM_VIEW_NET 5 + +/* VIEW BIT MASK VALUES-------------------------------- */ + +/* SNMPD usage: get/set/send-notification views */ +#define VACM_VIEW_READ_BIT (1 << VACM_VIEW_READ) +#define VACM_VIEW_WRITE_BIT (1 << VACM_VIEW_WRITE) +#define VACM_VIEW_NOTIFY_BIT (1 << VACM_VIEW_NOTIFY) + +/* SNMPTRAPD usage: log execute and net-access (forward) usage */ +#define VACM_VIEW_LOG_BIT (1 << VACM_VIEW_LOG) +#define VACM_VIEW_EXECUTE_BIT (1 << VACM_VIEW_EXECUTE) +#define VACM_VIEW_NET_BIT (1 << VACM_VIEW_NET) + +#define VACM_VIEW_NO_BITS 0 + +/* Maximum number of views in the view array */ +#define VACM_MAX_VIEWS 8 + +#define VACM_VIEW_ENUM_NAME "vacmviews" + + void init_vacm(void); + + struct vacm_accessEntry { + char groupName[VACMSTRINGLEN]; + char contextPrefix[VACMSTRINGLEN]; + int securityModel; + int securityLevel; + int contextMatch; + char views[VACM_MAX_VIEWS][VACMSTRINGLEN]; + int storageType; + int status; + + u_long bitMask; + struct vacm_accessEntry *reserved; + struct vacm_accessEntry *next; + }; + + struct vacm_viewEntry { + char viewName[VACMSTRINGLEN]; + oid viewSubtree[MAX_OID_LEN]; + size_t viewSubtreeLen; + u_char viewMask[VACMSTRINGLEN]; + size_t viewMaskLen; + int viewType; + int viewStorageType; + int viewStatus; + + u_long bitMask; + + struct vacm_viewEntry *reserved; + struct vacm_viewEntry *next; + }; + + NETSNMP_IMPORT + void vacm_destroyViewEntry(const char *, oid *, size_t); + NETSNMP_IMPORT + void vacm_destroyAllViewEntries(void); + +#define VACM_MODE_FIND 0 +#define VACM_MODE_IGNORE_MASK 1 +#define VACM_MODE_CHECK_SUBTREE 2 + NETSNMP_IMPORT + struct vacm_viewEntry *vacm_getViewEntry(const char *, oid *, size_t, + int); + /* + * Returns a pointer to the viewEntry with the + * same viewName and viewSubtree + * Returns NULL if that entry does not exist. + */ + + NETSNMP_IMPORT + int vacm_checkSubtree(const char *, oid *, size_t); + + /* + * Check to see if everything within a subtree is in view, not in view, + * or possibly both. + * + * Returns: + * VACM_SUCCESS The OID is included in the view. + * VACM_NOTINVIEW If no entry in the view list includes the + * provided OID, or the OID is explicitly excluded + * from the view. + * VACM_SUBTREE_UNKNOWN The entire subtree has both allowed and + * disallowed portions. + */ + + NETSNMP_IMPORT + void + vacm_scanViewInit(void); + /* + * Initialized the scan routines so that they will begin at the + * beginning of the list of viewEntries. + * + */ + + + NETSNMP_IMPORT + struct vacm_viewEntry *vacm_scanViewNext(void); + /* + * Returns a pointer to the next viewEntry. + * These entries are returned in no particular order, + * but if N entries exist, N calls to view_scanNext() will + * return all N entries once. + * Returns NULL if all entries have been returned. + * view_scanInit() starts the scan over. + */ + + NETSNMP_IMPORT + struct vacm_viewEntry *vacm_createViewEntry(const char *, oid *, + size_t); + /* + * Creates a viewEntry with the given index + * and returns a pointer to it. + * The status of this entry is created as invalid. + */ + + NETSNMP_IMPORT + void vacm_destroyGroupEntry(int, const char *); + NETSNMP_IMPORT + void vacm_destroyAllGroupEntries(void); + NETSNMP_IMPORT + struct vacm_groupEntry *vacm_createGroupEntry(int, const char *); + NETSNMP_IMPORT + struct vacm_groupEntry *vacm_getGroupEntry(int, const char *); + NETSNMP_IMPORT + void vacm_scanGroupInit(void); + NETSNMP_IMPORT + struct vacm_groupEntry *vacm_scanGroupNext(void); + + NETSNMP_IMPORT + void vacm_destroyAccessEntry(const char *, const char *, + int, int); + NETSNMP_IMPORT + void vacm_destroyAllAccessEntries(void); + NETSNMP_IMPORT + struct vacm_accessEntry *vacm_createAccessEntry(const char *, + const char *, int, + int); + NETSNMP_IMPORT + struct vacm_accessEntry *vacm_getAccessEntry(const char *, + const char *, int, int); + NETSNMP_IMPORT + void vacm_scanAccessInit(void); + NETSNMP_IMPORT + struct vacm_accessEntry *vacm_scanAccessNext(void); + + void vacm_destroySecurityEntry(const char *); + struct vacm_securityEntry *vacm_createSecurityEntry(const char *); + struct vacm_securityEntry *vacm_getSecurityEntry(const char *); + void vacm_scanSecurityInit(void); + struct vacm_securityEntry *vacm_scanSecurityEntry(void); + NETSNMP_IMPORT + int vacm_is_configured(void); + + void vacm_save(const char *token, const char *type); + void vacm_save_view(struct vacm_viewEntry *view, + const char *token, const char *type); + void vacm_save_access(struct vacm_accessEntry *access_entry, + const char *token, const char *type); + void vacm_save_auth_access(struct vacm_accessEntry *access_entry, + const char *token, const char *type, int authtype); + void vacm_save_group(struct vacm_groupEntry *group_entry, + const char *token, const char *type); + + NETSNMP_IMPORT + void vacm_parse_config_view(const char *token, const char *line); + NETSNMP_IMPORT + void vacm_parse_config_group(const char *token, + const char *line); + NETSNMP_IMPORT + void vacm_parse_config_access(const char *token, + const char *line); + NETSNMP_IMPORT + void vacm_parse_config_auth_access(const char *token, + const char *line); + + NETSNMP_IMPORT + int store_vacm(int majorID, int minorID, void *serverarg, + void *clientarg); + + NETSNMP_IMPORT + struct vacm_viewEntry *netsnmp_view_get(struct vacm_viewEntry *head, + const char *viewName, + oid * viewSubtree, + size_t viewSubtreeLen, int mode); + + +#ifdef __cplusplus +} +#endif +#endif /* VACM_H */ |