net-snmp
5.4.1
|
00001 /* 00002 * vacm.h 00003 * 00004 * SNMPv3 View-based Access Control Model 00005 */ 00006 00007 #ifndef VACM_H 00008 #define VACM_H 00009 00010 #ifdef __cplusplus 00011 extern "C" { 00012 #endif 00013 00014 #define VACM_SUCCESS 0 00015 #define VACM_NOSECNAME 1 00016 #define VACM_NOGROUP 2 00017 #define VACM_NOACCESS 3 00018 #define VACM_NOVIEW 4 00019 #define VACM_NOTINVIEW 5 00020 #define VACM_NOSUCHCONTEXT 6 00021 #define VACM_SUBTREE_UNKNOWN 7 00022 00023 #define SECURITYMODEL 1 00024 #define SECURITYNAME 2 00025 #define SECURITYGROUP 3 00026 #define SECURITYSTORAGE 4 00027 #define SECURITYSTATUS 5 00028 00029 #define ACCESSPREFIX 1 00030 #define ACCESSMODEL 2 00031 #define ACCESSLEVEL 3 00032 #define ACCESSMATCH 4 00033 #define ACCESSREAD 5 00034 #define ACCESSWRITE 6 00035 #define ACCESSNOTIFY 7 00036 #define ACCESSSTORAGE 8 00037 #define ACCESSSTATUS 9 00038 00039 #define VACMVIEWSPINLOCK 1 00040 #define VIEWNAME 2 00041 #define VIEWSUBTREE 3 00042 #define VIEWMASK 4 00043 #define VIEWTYPE 5 00044 #define VIEWSTORAGE 6 00045 #define VIEWSTATUS 7 00046 00047 #define VACM_MAX_STRING 32 00048 #define VACMSTRINGLEN 34 /* VACM_MAX_STRING + 2 */ 00049 00050 struct vacm_groupEntry { 00051 int securityModel; 00052 char securityName[VACMSTRINGLEN]; 00053 char groupName[VACMSTRINGLEN]; 00054 int storageType; 00055 int status; 00056 00057 u_long bitMask; 00058 struct vacm_groupEntry *reserved; 00059 struct vacm_groupEntry *next; 00060 }; 00061 00062 #define CONTEXT_MATCH_EXACT 1 00063 #define CONTEXT_MATCH_PREFIX 2 00064 00065 /* VIEW ENUMS ---------------------------------------- */ 00066 00067 /* SNMPD usage: get/set/send-notification views */ 00068 #define VACM_VIEW_READ 0 00069 #define VACM_VIEW_WRITE 1 00070 #define VACM_VIEW_NOTIFY 2 00071 00072 /* SNMPTRAPD usage: log execute and net-access (forward) usage */ 00073 #define VACM_VIEW_LOG 3 00074 #define VACM_VIEW_EXECUTE 4 00075 #define VACM_VIEW_NET 5 00076 00077 /* VIEW BIT MASK VALUES-------------------------------- */ 00078 00079 /* SNMPD usage: get/set/send-notification views */ 00080 #define VACM_VIEW_READ_BIT (1 << VACM_VIEW_READ) 00081 #define VACM_VIEW_WRITE_BIT (1 << VACM_VIEW_WRITE) 00082 #define VACM_VIEW_NOTIFY_BIT (1 << VACM_VIEW_NOTIFY) 00083 00084 /* SNMPTRAPD usage: log execute and net-access (forward) usage */ 00085 #define VACM_VIEW_LOG_BIT (1 << VACM_VIEW_LOG) 00086 #define VACM_VIEW_EXECUTE_BIT (1 << VACM_VIEW_EXECUTE) 00087 #define VACM_VIEW_NET_BIT (1 << VACM_VIEW_NET) 00088 00089 #define VACM_VIEW_NO_BITS 0 00090 00091 /* Maximum number of views in the view array */ 00092 #define VACM_MAX_VIEWS 8 00093 00094 #define VACM_VIEW_ENUM_NAME "vacmviews" 00095 00096 void init_vacm(void); 00097 00098 struct vacm_accessEntry { 00099 char groupName[VACMSTRINGLEN]; 00100 char contextPrefix[VACMSTRINGLEN]; 00101 int securityModel; 00102 int securityLevel; 00103 int contextMatch; 00104 char views[VACM_MAX_VIEWS][VACMSTRINGLEN]; 00105 int storageType; 00106 int status; 00107 00108 u_long bitMask; 00109 struct vacm_accessEntry *reserved; 00110 struct vacm_accessEntry *next; 00111 }; 00112 00113 struct vacm_viewEntry { 00114 char viewName[VACMSTRINGLEN]; 00115 oid viewSubtree[MAX_OID_LEN]; 00116 size_t viewSubtreeLen; 00117 u_char viewMask[VACMSTRINGLEN]; 00118 size_t viewMaskLen; 00119 int viewType; 00120 int viewStorageType; 00121 int viewStatus; 00122 00123 u_long bitMask; 00124 00125 struct vacm_viewEntry *reserved; 00126 struct vacm_viewEntry *next; 00127 }; 00128 00129 void vacm_destroyViewEntry(const char *, oid *, size_t); 00130 void vacm_destroyAllViewEntries(void); 00131 00132 #define VACM_MODE_FIND 0 00133 #define VACM_MODE_IGNORE_MASK 1 00134 #define VACM_MODE_CHECK_SUBTREE 2 00135 struct vacm_viewEntry *vacm_getViewEntry(const char *, oid *, size_t, 00136 int); 00137 /* 00138 * Returns a pointer to the viewEntry with the 00139 * same viewName and viewSubtree 00140 * Returns NULL if that entry does not exist. 00141 */ 00142 00143 int vacm_checkSubtree(const char *, oid *, size_t); 00144 00145 /* 00146 * Check to see if everything within a subtree is in view, not in view, 00147 * or possibly both. 00148 * 00149 * Returns: 00150 * VACM_SUCCESS The OID is included in the view. 00151 * VACM_NOTINVIEW If no entry in the view list includes the 00152 * provided OID, or the OID is explicitly excluded 00153 * from the view. 00154 * VACM_SUBTREE_UNKNOWN The entire subtree has both allowed and 00155 * disallowed portions. 00156 */ 00157 00158 void 00159 vacm_scanViewInit(void); 00160 /* 00161 * Initialized the scan routines so that they will begin at the 00162 * beginning of the list of viewEntries. 00163 * 00164 */ 00165 00166 00167 struct vacm_viewEntry *vacm_scanViewNext(void); 00168 /* 00169 * Returns a pointer to the next viewEntry. 00170 * These entries are returned in no particular order, 00171 * but if N entries exist, N calls to view_scanNext() will 00172 * return all N entries once. 00173 * Returns NULL if all entries have been returned. 00174 * view_scanInit() starts the scan over. 00175 */ 00176 00177 struct vacm_viewEntry *vacm_createViewEntry(const char *, oid *, 00178 size_t); 00179 /* 00180 * Creates a viewEntry with the given index 00181 * and returns a pointer to it. 00182 * The status of this entry is created as invalid. 00183 */ 00184 00185 void vacm_destroyGroupEntry(int, const char *); 00186 void vacm_destroyAllGroupEntries(void); 00187 struct vacm_groupEntry *vacm_createGroupEntry(int, const char *); 00188 struct vacm_groupEntry *vacm_getGroupEntry(int, const char *); 00189 void vacm_scanGroupInit(void); 00190 struct vacm_groupEntry *vacm_scanGroupNext(void); 00191 00192 void vacm_destroyAccessEntry(const char *, const char *, 00193 int, int); 00194 void vacm_destroyAllAccessEntries(void); 00195 struct vacm_accessEntry *vacm_createAccessEntry(const char *, 00196 const char *, int, 00197 int); 00198 struct vacm_accessEntry *vacm_getAccessEntry(const char *, 00199 const char *, int, int); 00200 void vacm_scanAccessInit(void); 00201 struct vacm_accessEntry *vacm_scanAccessNext(void); 00202 00203 void vacm_destroySecurityEntry(const char *); 00204 struct vacm_securityEntry *vacm_createSecurityEntry(const char *); 00205 struct vacm_securityEntry *vacm_getSecurityEntry(const char *); 00206 void vacm_scanSecurityInit(void); 00207 struct vacm_securityEntry *vacm_scanSecurityEntry(void); 00208 int vacm_is_configured(void); 00209 00210 void vacm_save(const char *token, const char *type); 00211 void vacm_save_view(struct vacm_viewEntry *view, 00212 const char *token, const char *type); 00213 void vacm_save_access(struct vacm_accessEntry *access_entry, 00214 const char *token, const char *type); 00215 void vacm_save_auth_access(struct vacm_accessEntry *access_entry, 00216 const char *token, const char *type, int authtype); 00217 void vacm_save_group(struct vacm_groupEntry *group_entry, 00218 const char *token, const char *type); 00219 00220 void vacm_parse_config_view(const char *token, char *line); 00221 void vacm_parse_config_group(const char *token, char *line); 00222 void vacm_parse_config_access(const char *token, 00223 char *line); 00224 void vacm_parse_config_auth_access(const char *token, 00225 char *line); 00226 00227 int store_vacm(int majorID, int minorID, void *serverarg, 00228 void *clientarg); 00229 00230 struct vacm_viewEntry *netsnmp_view_get(struct vacm_viewEntry *head, 00231 const char *viewName, 00232 oid * viewSubtree, 00233 size_t viewSubtreeLen, int mode); 00234 00235 00236 #ifdef __cplusplus 00237 } 00238 #endif 00239 #endif /* VACM_H */