yumapro  21.10T-8
YumaPro SDK
agt_acm.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2008 - 2012, Andy Bierman, All Rights Reserved.
3  * Copyright (c) 2012 - 2021, YumaWorks, Inc., All Rights Reserved.
4  *
5  * Unless required by applicable law or agreed to in writing,
6  * software distributed under the License is distributed on an
7  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
8  * KIND, either express or implied. See the License for the
9  * specific language governing permissions and limitations
10  * under the License.
11  */
12 #ifndef _H_agt_acm
13 #define _H_agt_acm
14 
15 /* FILE: agt_acm.h
16 *********************************************************************
17 * *
18 * P U R P O S E *
19 * *
20 *********************************************************************/
21 
27 /*********************************************************************
28 * *
29 * C H A N G E H I S T O R Y *
30 * *
31 *********************************************************************
32 
33 date init comment
34 ----------------------------------------------------------------------
35 03-feb-06 abb Begun
36 14-may-09 abb add per-msg cache to speed up performance
37 */
38 
39 #include <xmlstring.h>
40 
41 #ifndef _H_agt
42 #include "agt.h"
43 #endif
44 
45 #ifndef _H_dlq
46 #include "dlq.h"
47 #endif
48 
49 #ifndef _H_obj
50 #include "obj.h"
51 #endif
52 
53 #ifndef _H_ses
54 #include "ses.h"
55 #endif
56 
57 #ifndef _H_status
58 #include "status.h"
59 #endif
60 
61 #ifndef _H_val
62 #include "val.h"
63 #endif
64 
65 #ifndef _H_xml_msg
66 #include "xml_msg.h"
67 #endif
68 
69 #ifndef _H_xmlns
70 #include "xmlns.h"
71 #endif
72 
73 #ifndef _H_xpath
74 #include "xpath.h"
75 #endif
76 
77 #ifdef __cplusplus
78 extern "C" {
79 #endif
80 
81 /********************************************************************
82 * *
83 * C O N S T A N T S *
84 * *
85 *********************************************************************/
86 
87 /* this is defined by the vendor and not allowed to change by
88  * the user since there are no translation functions between models
89  * Pick RFC 6536 as the default.
90  */
91 // To change ACM models, also change the nacm:default-deny-* extensions
92 // in all YANG modules using these YANG extensions
93 #define AGT_DEF_ACM_MODEL AGT_ACM_MODEL_IETF_NACM
94 
96 //#define AGT_DEF_ACM_MODEL AGT_ACM_MODEL_YUMA_NACM
97 
98 
99 /********************************************************************
100 * *
101 * T Y P E S *
102 * *
103 *********************************************************************/
104 
105 
106 /********************************************************************
107 * *
108 * F U N C T I O N S *
109 * *
110 *********************************************************************/
111 
112 /* Header only */
113 
114 
139 extern status_t
140  agt_acm_init (void);
141 
142 
148 extern status_t
149  agt_acm_init2 (void);
150 
151 
157 extern void
158  agt_acm_cleanup (void);
159 
160 
169 extern boolean
171  const xmlChar *user,
172  const obj_template_t *rpcobj);
173 
174 
185 extern boolean
186  agt_acm_notif_allowed (const xmlChar *user,
187  const obj_template_t *notifobj);
188 
189 
205 extern boolean
207  const xmlChar *user,
208  val_value_t *newval,
209  val_value_t *curval,
210  op_editop_t editop);
211 
212 
221 extern boolean
223  const xmlChar *user,
224  val_value_t *val);
225 
226 
237 extern status_t
239  xml_msg_hdr_t *msg);
240 
241 
249 extern void
251 
252 
259 extern void agt_acm_clear_session_cache (ses_cb_t *scb);
260 
261 
268 extern void agt_acm_invalidate_session_cache (ses_cb_t *scb);
269 
270 
278 extern boolean
280 
281 
289 extern boolean
291 
292 
298 extern agt_acmode_t
299  agt_acm_get_acmode (void);
300 
301 
307 extern void
309 
310 
316 extern boolean
317  agt_acm_get_log_writes (void);
318 
319 
325 extern boolean
326  agt_acm_get_log_reads (void);
327 
328 
337 extern boolean
338  agt_acm_is_superuser (const xmlChar *username);
339 
340 
346 extern uint32
347  agt_acm_get_deniedRpcs (void);
348 
349 
355 extern uint32
357 
358 
364 extern uint32
366 
367 
374 extern void
376 
377 
386 extern void
388  uint32 msgid);
389 
390 
397 extern void
399 
400 
404 #ifdef __cplusplus
405 } /* end extern 'C' */
406 #endif
407 
408 #endif /* _H_agt_acm */
void agt_acm_set_datarules(val_value_t *val, uint32 msgid)
Check the dataruleQ in the object and all child nodes.
Definition: agt_acm.c:1050
Data Object Support.
dlq provides general double-linked list and queue support:
Common Encoding Message Header No longer XML specific!! Used by JSON parsing as well!! Allows common ...
Definition: xml_msg.h:351
boolean agt_acm_rpc_allowed(xml_msg_hdr_t *msg, const xmlChar *user, const obj_template_t *rpcobj)
Check if the specified user is allowed to invoke an RPC.
Definition: agt_acm.c:292
One YANG data-def-stmt.
Definition: obj.h:1140
boolean agt_acm_session_is_superuser(const ses_cb_t *scb)
Check if the specified session is the superuser.
Definition: agt_acm.c:864
NETCONF Session Common definitions module.
void agt_acm_clear_msg_cache(xml_msg_hdr_t *msg)
Clear an agt_acm_cache_t struct attached to the specified message.
Definition: agt_acm.c:730
status_t agt_acm_init(void)
Initialize the NETCONF Server access control module.
Definition: agt_acm.c:136
void agt_acm_cleanup(void)
Cleanup the NETCONF Server access control module.
Definition: agt_acm.c:248
representation of one module or submodule during and after parsing
Definition: ncxtypes.h:1052
Schema and data model Xpath search support.
boolean agt_acm_session_cache_valid(const ses_cb_t *scb)
Check if the specified session NACM cache is valid.
Definition: agt_acm.c:823
uint32 agt_acm_get_deniedRpcs(void)
Get the deniedRpcs counter.
Definition: agt_acm.c:969
Value Node Basic Support.
uint32 agt_acm_get_deniedNotifications(void)
Get the deniedNotification counter.
Definition: agt_acm.c:1001
boolean agt_acm_is_superuser(const xmlChar *username)
Check if the specified user name is the superuser Low-level access; no scb available.
Definition: agt_acm.c:950
void agt_acm_clean_obj_datarule_cache(ncx_module_t *mod)
Check all the rule list entry and its OBJ datarule cache and clean if the modules is getting unloaded...
Definition: agt_acm.c:1088
boolean agt_acm_notif_allowed(const xmlChar *user, const obj_template_t *notifobj)
Check if the specified user is allowed to receive a notification event.
Definition: agt_acm.c:404
op_editop_t
NETCONF edit-config operation types.
Definition: op.h:122
XML and JSON Message send and receive support.
boolean agt_acm_get_log_writes(void)
Get the log_writes flag.
Definition: agt_acm.c:913
one value to match one type
Definition: val.h:870
Session Control Block.
Definition: ses.h:542
status_t
global error return code
Definition: status_enum.h:186
Multi-Protocol Network Management Server.
status_t agt_acm_init_msg_cache(ses_cb_t *scb, xml_msg_hdr_t *msg)
Malloc and initialize an agt_acm_cache_t struct and attach it to the incoming message.
Definition: agt_acm.c:682
agt_acmode_t agt_acm_get_acmode(void)
Get the –access-control mode.
Definition: agt_acm.c:881
Global error messages for status code enumerations.
boolean agt_acm_get_log_reads(void)
Get the log_reads flag.
Definition: agt_acm.c:929
uint32 agt_acm_get_deniedDataWrites(void)
Get the deniedDataWrites counter.
Definition: agt_acm.c:985
void agt_acm_invalidate_session_cache(ses_cb_t *scb)
Mark an agt_acm_cache_t struct in a session control block as invalid so it will be refreshed next use...
Definition: agt_acm.c:786
status_t agt_acm_init2(void)
Phase 2 : Initialize the nacm.yang configuration data structures.
Definition: agt_acm.c:204
XML namespace support.
void agt_acm_clear_session_cache(ses_cb_t *scb)
Clear an agt_acm_cache_t struct in a session control block.
Definition: agt_acm.c:751
void agt_acm_set_acmode(agt_acmode_t newmode)
Set the –access-control mode.
Definition: agt_acm.c:897
agt_acmode_t
matches access-control enumeration in netconfd.yang
Definition: agt.h:609
void agt_acm_clean_xpath_cache(void)
Clean any cached XPath results because the data rule results may not be valid anymore.
Definition: agt_acm.c:1016
boolean agt_acm_val_read_allowed(xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *val)
Check if the specified user is allowed to read a value node.
Definition: agt_acm.c:614
boolean agt_acm_val_write_allowed(xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *newval, val_value_t *curval, op_editop_t editop)
Check if the specified user is allowed to access a value node.
Definition: agt_acm.c:506