net-snmp 5.7
vacm.h
00001 /*
00002  * vacm.h
00003  *
00004  * SNMPv3 View-based Access Control Model
00005  */
00006 
00007 #ifndef VACM_H
00008 #define VACM_H
00009 
00010 #ifdef __cplusplus
00011 extern          "C" {
00012 #endif
00013 
00014 #define VACM_SUCCESS       0
00015 #define VACM_NOSECNAME     1
00016 #define VACM_NOGROUP       2
00017 #define VACM_NOACCESS      3
00018 #define VACM_NOVIEW        4
00019 #define VACM_NOTINVIEW     5
00020 #define VACM_NOSUCHCONTEXT 6
00021 #define VACM_SUBTREE_UNKNOWN 7
00022 
00023 #define SECURITYMODEL   1
00024 #define SECURITYNAME    2
00025 #define SECURITYGROUP   3
00026 #define SECURITYSTORAGE 4
00027 #define SECURITYSTATUS  5
00028 
00029 #define ACCESSPREFIX    1
00030 #define ACCESSMODEL     2
00031 #define ACCESSLEVEL     3
00032 #define ACCESSMATCH     4
00033 #define ACCESSREAD      5
00034 #define ACCESSWRITE     6
00035 #define ACCESSNOTIFY    7
00036 #define ACCESSSTORAGE   8
00037 #define ACCESSSTATUS    9
00038 
00039 #define VACMVIEWSPINLOCK 1
00040 #define VIEWNAME        2
00041 #define VIEWSUBTREE     3
00042 #define VIEWMASK        4
00043 #define VIEWTYPE        5
00044 #define VIEWSTORAGE     6
00045 #define VIEWSTATUS      7
00046 
00047 #define VACM_MAX_STRING 32
00048 #define VACMSTRINGLEN   34      /* VACM_MAX_STRING + 2 */
00049 
00050     struct vacm_groupEntry {
00051         int             securityModel;
00052         char            securityName[VACMSTRINGLEN];
00053         char            groupName[VACMSTRINGLEN];
00054         int             storageType;
00055         int             status;
00056 
00057         u_long          bitMask;
00058         struct vacm_groupEntry *reserved;
00059         struct vacm_groupEntry *next;
00060     };
00061 
00062 #define CONTEXT_MATCH_EXACT  1
00063 #define CONTEXT_MATCH_PREFIX 2
00064 
00065 /* VIEW ENUMS ---------------------------------------- */
00066 
00067 /* SNMPD usage: get/set/send-notification views */
00068 #define VACM_VIEW_READ     0
00069 #define VACM_VIEW_WRITE    1
00070 #define VACM_VIEW_NOTIFY   2
00071 
00072 /* SNMPTRAPD usage: log execute and net-access (forward) usage */
00073 #define VACM_VIEW_LOG      3
00074 #define VACM_VIEW_EXECUTE  4
00075 #define VACM_VIEW_NET      5
00076 
00077 /* VIEW BIT MASK VALUES-------------------------------- */
00078 
00079 /* SNMPD usage: get/set/send-notification views */
00080 #define VACM_VIEW_READ_BIT      (1 << VACM_VIEW_READ)
00081 #define VACM_VIEW_WRITE_BIT     (1 << VACM_VIEW_WRITE)
00082 #define VACM_VIEW_NOTIFY_BIT    (1 << VACM_VIEW_NOTIFY)
00083 
00084 /* SNMPTRAPD usage: log execute and net-access (forward) usage */
00085 #define VACM_VIEW_LOG_BIT      (1 << VACM_VIEW_LOG)
00086 #define VACM_VIEW_EXECUTE_BIT  (1 << VACM_VIEW_EXECUTE)
00087 #define VACM_VIEW_NET_BIT      (1 << VACM_VIEW_NET)
00088     
00089 #define VACM_VIEW_NO_BITS      0
00090 
00091 /* Maximum number of views in the view array */
00092 #define VACM_MAX_VIEWS     8
00093 
00094 #define VACM_VIEW_ENUM_NAME "vacmviews"
00095     
00096     void init_vacm(void);
00097     
00098     struct vacm_accessEntry {
00099         char            groupName[VACMSTRINGLEN];
00100         char            contextPrefix[VACMSTRINGLEN];
00101         int             securityModel;
00102         int             securityLevel;
00103         int             contextMatch;
00104         char            views[VACM_MAX_VIEWS][VACMSTRINGLEN];
00105         int             storageType;
00106         int             status;
00107 
00108         u_long          bitMask;
00109         struct vacm_accessEntry *reserved;
00110         struct vacm_accessEntry *next;
00111     };
00112 
00113     struct vacm_viewEntry {
00114         char            viewName[VACMSTRINGLEN];
00115         oid             viewSubtree[MAX_OID_LEN];
00116         size_t          viewSubtreeLen;
00117         u_char          viewMask[VACMSTRINGLEN];
00118         size_t          viewMaskLen;
00119         int             viewType;
00120         int             viewStorageType;
00121         int             viewStatus;
00122 
00123         u_long          bitMask;
00124 
00125         struct vacm_viewEntry *reserved;
00126         struct vacm_viewEntry *next;
00127     };
00128 
00129     NETSNMP_IMPORT
00130     void            vacm_destroyViewEntry(const char *, oid *, size_t);
00131     NETSNMP_IMPORT
00132     void            vacm_destroyAllViewEntries(void);
00133 
00134 #define VACM_MODE_FIND                0
00135 #define VACM_MODE_IGNORE_MASK         1
00136 #define VACM_MODE_CHECK_SUBTREE       2
00137     NETSNMP_IMPORT
00138     struct vacm_viewEntry *vacm_getViewEntry(const char *, oid *, size_t,
00139                                              int);
00140     /*
00141      * Returns a pointer to the viewEntry with the
00142      * same viewName and viewSubtree
00143      * Returns NULL if that entry does not exist.
00144      */
00145 
00146     NETSNMP_IMPORT
00147     int vacm_checkSubtree(const char *, oid *, size_t);
00148 
00149     /*
00150      * Check to see if everything within a subtree is in view, not in view,
00151      * or possibly both.
00152      *
00153      * Returns:
00154      *   VACM_SUCCESS          The OID is included in the view.
00155      *   VACM_NOTINVIEW        If no entry in the view list includes the
00156      *                         provided OID, or the OID is explicitly excluded
00157      *                         from the view. 
00158      *   VACM_SUBTREE_UNKNOWN  The entire subtree has both allowed and
00159      *                         disallowed portions.
00160      */
00161 
00162     NETSNMP_IMPORT
00163     void
00164                     vacm_scanViewInit(void);
00165     /*
00166      * Initialized the scan routines so that they will begin at the
00167      * beginning of the list of viewEntries.
00168      *
00169      */
00170 
00171 
00172     NETSNMP_IMPORT
00173     struct vacm_viewEntry *vacm_scanViewNext(void);
00174     /*
00175      * Returns a pointer to the next viewEntry.
00176      * These entries are returned in no particular order,
00177      * but if N entries exist, N calls to view_scanNext() will
00178      * return all N entries once.
00179      * Returns NULL if all entries have been returned.
00180      * view_scanInit() starts the scan over.
00181      */
00182 
00183     NETSNMP_IMPORT
00184     struct vacm_viewEntry *vacm_createViewEntry(const char *, oid *,
00185                                                 size_t);
00186     /*
00187      * Creates a viewEntry with the given index
00188      * and returns a pointer to it.
00189      * The status of this entry is created as invalid.
00190      */
00191 
00192     NETSNMP_IMPORT
00193     void            vacm_destroyGroupEntry(int, const char *);
00194     NETSNMP_IMPORT
00195     void            vacm_destroyAllGroupEntries(void);
00196     NETSNMP_IMPORT
00197     struct vacm_groupEntry *vacm_createGroupEntry(int, const char *);
00198     NETSNMP_IMPORT
00199     struct vacm_groupEntry *vacm_getGroupEntry(int, const char *);
00200     NETSNMP_IMPORT
00201     void            vacm_scanGroupInit(void);
00202     NETSNMP_IMPORT
00203     struct vacm_groupEntry *vacm_scanGroupNext(void);
00204 
00205     NETSNMP_IMPORT
00206     void            vacm_destroyAccessEntry(const char *, const char *,
00207                                             int, int);
00208     NETSNMP_IMPORT
00209     void            vacm_destroyAllAccessEntries(void);
00210     NETSNMP_IMPORT
00211     struct vacm_accessEntry *vacm_createAccessEntry(const char *,
00212                                                     const char *, int,
00213                                                     int);
00214     NETSNMP_IMPORT
00215     struct vacm_accessEntry *vacm_getAccessEntry(const char *,
00216                                                  const char *, int, int);
00217     NETSNMP_IMPORT
00218     void            vacm_scanAccessInit(void);
00219     NETSNMP_IMPORT
00220     struct vacm_accessEntry *vacm_scanAccessNext(void);
00221 
00222     void            vacm_destroySecurityEntry(const char *);
00223     struct vacm_securityEntry *vacm_createSecurityEntry(const char *);
00224     struct vacm_securityEntry *vacm_getSecurityEntry(const char *);
00225     void            vacm_scanSecurityInit(void);
00226     struct vacm_securityEntry *vacm_scanSecurityEntry(void);
00227     NETSNMP_IMPORT
00228     int             vacm_is_configured(void);
00229 
00230     void            vacm_save(const char *token, const char *type);
00231     void            vacm_save_view(struct vacm_viewEntry *view,
00232                                    const char *token, const char *type);
00233     void            vacm_save_access(struct vacm_accessEntry *access_entry,
00234                                      const char *token, const char *type);
00235     void            vacm_save_auth_access(struct vacm_accessEntry *access_entry,
00236                                      const char *token, const char *type, int authtype);
00237     void            vacm_save_group(struct vacm_groupEntry *group_entry,
00238                                     const char *token, const char *type);
00239 
00240     NETSNMP_IMPORT
00241     void            vacm_parse_config_view(const char *token, const char *line);
00242     NETSNMP_IMPORT
00243     void            vacm_parse_config_group(const char *token,
00244                                             const char *line);
00245     NETSNMP_IMPORT
00246     void            vacm_parse_config_access(const char *token,
00247                                              const char *line);
00248     NETSNMP_IMPORT
00249     void            vacm_parse_config_auth_access(const char *token,
00250                                                   const char *line);
00251 
00252     NETSNMP_IMPORT
00253     int             store_vacm(int majorID, int minorID, void *serverarg,
00254                                void *clientarg);
00255 
00256     NETSNMP_IMPORT
00257     struct vacm_viewEntry *netsnmp_view_get(struct vacm_viewEntry *head,
00258                                             const char *viewName,
00259                                             oid * viewSubtree,
00260                                             size_t viewSubtreeLen, int mode);
00261 
00262 
00263 #ifdef __cplusplus
00264 }
00265 #endif
00266 #endif                          /* VACM_H */
Generated on Thu Jul 14 2011 for net-snmp by  doxygen 1.7.4