yumapro  23.10T-7
YumaPro SDK
Loading...
Searching...
No Matches
agt_acm.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2008 - 2012, Andy Bierman, All Rights Reserved.
3 * Copyright (c) 2012 - 2021, YumaWorks, Inc., All Rights Reserved.
4 *
5 * Unless required by applicable law or agreed to in writing,
6 * software distributed under the License is distributed on an
7 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
8 * KIND, either express or implied. See the License for the
9 * specific language governing permissions and limitations
10 * under the License.
11 */
12#ifndef _H_agt_acm
13#define _H_agt_acm
14
15/* FILE: agt_acm.h
16*********************************************************************
17* *
18* P U R P O S E *
19* *
20*********************************************************************/
21
27/*********************************************************************
28* *
29* C H A N G E H I S T O R Y *
30* *
31*********************************************************************
32
33date init comment
34----------------------------------------------------------------------
3503-feb-06 abb Begun
3614-may-09 abb add per-msg cache to speed up performance
37*/
38
39#include <xmlstring.h>
40
41#ifndef _H_agt
42#include "agt.h"
43#endif
44
45#ifndef _H_dlq
46#include "dlq.h"
47#endif
48
49#ifndef _H_obj
50#include "obj.h"
51#endif
52
53#ifndef _H_ses
54#include "ses.h"
55#endif
56
57#ifndef _H_status
58#include "status.h"
59#endif
60
61#ifndef _H_val
62#include "val.h"
63#endif
64
65#ifndef _H_xml_msg
66#include "xml_msg.h"
67#endif
68
69#ifndef _H_xmlns
70#include "xmlns.h"
71#endif
72
73#ifndef _H_xpath
74#include "xpath.h"
75#endif
76
77#ifdef __cplusplus
78extern "C" {
79#endif
80
81/********************************************************************
82* *
83* C O N S T A N T S *
84* *
85*********************************************************************/
86
87/* this is defined by the vendor and not allowed to change by
88 * the user since there are no translation functions between models
89 * Pick RFC 6536 as the default.
90 */
91// To change ACM models, also change the nacm:default-deny-* extensions
92// in all YANG modules using these YANG extensions
93#define AGT_DEF_ACM_MODEL AGT_ACM_MODEL_IETF_NACM
94
96//#define AGT_DEF_ACM_MODEL AGT_ACM_MODEL_YUMA_NACM
97
98
99/********************************************************************
100* *
101* T Y P E S *
102* *
103*********************************************************************/
104
105
106/********************************************************************
107* *
108* F U N C T I O N S *
109* *
110*********************************************************************/
111
112/* Header only */
113
114
139extern status_t
140 agt_acm_init (void);
141
142
148extern status_t
149 agt_acm_init2 (void);
150
151
157extern void
158 agt_acm_cleanup (void);
159
160
169extern boolean
170 agt_acm_rpc_allowed (xml_msg_hdr_t *msg,
171 const xmlChar *user,
172 const obj_template_t *rpcobj);
173
174
185extern boolean
186 agt_acm_notif_allowed (const xmlChar *user,
187 const obj_template_t *notifobj);
188
189
205extern boolean
206 agt_acm_val_write_allowed (xml_msg_hdr_t *msg,
207 const xmlChar *user,
208 val_value_t *newval,
209 val_value_t *curval,
210 op_editop_t editop);
211
212
221extern boolean
222 agt_acm_val_read_allowed (xml_msg_hdr_t *msg,
223 const xmlChar *user,
224 val_value_t *val);
225
226
237extern status_t
238 agt_acm_init_msg_cache (ses_cb_t *scb,
239 xml_msg_hdr_t *msg);
240
241
248extern void
249 agt_acm_clear_msg_cache (xml_msg_hdr_t *msg);
250
251
258extern void agt_acm_clear_session_cache (ses_cb_t *scb);
259
260
267extern void agt_acm_invalidate_session_cache (ses_cb_t *scb);
268
269
277extern boolean
278 agt_acm_session_cache_valid (const ses_cb_t *scb);
279
280
288extern boolean
289 agt_acm_session_is_superuser (const ses_cb_t *scb);
290
291
297extern agt_acmode_t
298 agt_acm_get_acmode (void);
299
300
306extern void
307 agt_acm_set_acmode (agt_acmode_t newmode);
308
309
315extern boolean
316 agt_acm_get_log_writes (void);
317
318
324extern boolean
325 agt_acm_get_log_reads (void);
326
327
336extern boolean
337 agt_acm_is_superuser (const xmlChar *username);
338
339
345extern uint32
346 agt_acm_get_deniedRpcs (void);
347
348
354extern uint32
355 agt_acm_get_deniedDataWrites (void);
356
357
363extern uint32
364 agt_acm_get_deniedNotifications (void);
365
366
373extern void
374 agt_acm_clean_xpath_cache (void);
375
376
385extern void
386 agt_acm_set_datarules (val_value_t *val,
387 uint32 msgid);
388
389
396extern void
397 agt_acm_clean_obj_datarule_cache (ncx_module_t *mod);
398
399
403#ifdef __cplusplus
404} /* end extern 'C' */
405#endif
406
407#endif /* _H_agt_acm */
agt.h
Multi-Protocol Network Management Server.
dlq.h
dlq provides general double-linked list and queue support:
agt_acmode_t
agt_acmode_t
matches access-control enumeration in netconfd.yang
Definition: agt.h:695
agt_acm_val_read_allowed
boolean agt_acm_val_read_allowed(xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *val)
Check if the specified user is allowed to read a value node.
Definition: agt_acm.c:618
agt_acm_set_acmode
void agt_acm_set_acmode(agt_acmode_t newmode)
Set the –access-control mode.
Definition: agt_acm.c:916
agt_acm_clean_obj_datarule_cache
void agt_acm_clean_obj_datarule_cache(ncx_module_t *mod)
Check all the rule list entry and its OBJ datarule cache and clean if the modules is getting unloaded...
Definition: agt_acm.c:1107
agt_acm_get_log_writes
boolean agt_acm_get_log_writes(void)
Get the log_writes flag.
Definition: agt_acm.c:932
agt_acm_get_acmode
agt_acmode_t agt_acm_get_acmode(void)
Get the –access-control mode.
Definition: agt_acm.c:900
agt_acm_clean_xpath_cache
void agt_acm_clean_xpath_cache(void)
Clean any cached XPath results because the data rule results may not be valid anymore.
Definition: agt_acm.c:1035
agt_acm_rpc_allowed
boolean agt_acm_rpc_allowed(xml_msg_hdr_t *msg, const xmlChar *user, const obj_template_t *rpcobj)
Check if the specified user is allowed to invoke an RPC.
Definition: agt_acm.c:295
agt_acm_get_deniedNotifications
uint32 agt_acm_get_deniedNotifications(void)
Get the deniedNotification counter.
Definition: agt_acm.c:1020
agt_acm_cleanup
void agt_acm_cleanup(void)
Cleanup the NETCONF Server access control module.
Definition: agt_acm.c:251
agt_acm_invalidate_session_cache
void agt_acm_invalidate_session_cache(ses_cb_t *scb)
Mark an agt_acm_cache_t struct in a session control block as invalid so it will be refreshed next use...
Definition: agt_acm.c:796
agt_acm_init
status_t agt_acm_init(void)
Initialize the NETCONF Server access control module.
Definition: agt_acm.c:135
agt_acm_session_cache_valid
boolean agt_acm_session_cache_valid(const ses_cb_t *scb)
Check if the specified session NACM cache is valid.
Definition: agt_acm.c:836
agt_acm_clear_session_cache
void agt_acm_clear_session_cache(ses_cb_t *scb)
Clear an agt_acm_cache_t struct in a session control block.
Definition: agt_acm.c:758
agt_acm_is_superuser
boolean agt_acm_is_superuser(const xmlChar *username)
Check if the specified user name is the superuser Low-level access; no scb available.
Definition: agt_acm.c:969
agt_acm_set_datarules
void agt_acm_set_datarules(val_value_t *val, uint32 msgid)
Check the dataruleQ in the object and all child nodes.
Definition: agt_acm.c:1069
agt_acm_val_write_allowed
boolean agt_acm_val_write_allowed(xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *newval, val_value_t *curval, op_editop_t editop)
Check if the specified user is allowed to access a value node.
Definition: agt_acm.c:510
agt_acm_get_deniedRpcs
uint32 agt_acm_get_deniedRpcs(void)
Get the deniedRpcs counter.
Definition: agt_acm.c:988
agt_acm_init2
status_t agt_acm_init2(void)
Phase 2 : Initialize the nacm.yang configuration data structures.
Definition: agt_acm.c:205
agt_acm_get_log_reads
boolean agt_acm_get_log_reads(void)
Get the log_reads flag.
Definition: agt_acm.c:948
agt_acm_get_deniedDataWrites
uint32 agt_acm_get_deniedDataWrites(void)
Get the deniedDataWrites counter.
Definition: agt_acm.c:1004
agt_acm_notif_allowed
boolean agt_acm_notif_allowed(const xmlChar *user, const obj_template_t *notifobj)
Check if the specified user is allowed to receive a notification event.
Definition: agt_acm.c:407
agt_acm_clear_msg_cache
void agt_acm_clear_msg_cache(xml_msg_hdr_t *msg)
Clear an agt_acm_cache_t struct attached to the specified message.
Definition: agt_acm.c:734
agt_acm_session_is_superuser
boolean agt_acm_session_is_superuser(const ses_cb_t *scb)
Check if the specified session is the superuser.
Definition: agt_acm.c:880
agt_acm_init_msg_cache
status_t agt_acm_init_msg_cache(ses_cb_t *scb, xml_msg_hdr_t *msg)
Malloc and initialize an agt_acm_cache_t struct and attach it to the incoming message.
Definition: agt_acm.c:685
op_editop_t
op_editop_t
NETCONF edit-config operation types.
Definition: op.h:122
status_t
status_t
global error return code
Definition: status_enum.h:210
obj.h
Data Object Support.
ses.h
NETCONF Session Common definitions module.
status.h
Global error messages for status code enumerations.
ncx_module_t
representation of one module or submodule during and after parsing
Definition: ncxtypes.h:1134
obj_template_t
One YANG data-def-stmt.
Definition: obj.h:1209
ses_cb_t
Session Control Block.
Definition: ses.h:573
val_value_t
one value to match one type
Definition: val.h:911
xml_msg_hdr_t
Common Encoding Message Header No longer XML specific!! Used by JSON and CBOR parsing as well!...
Definition: xml_msg.h:397
val.h
Value Node Basic Support.
xml_msg.h
XML and JSON Message send and receive support.
xmlns.h
XML namespace support.
xpath.h
Schema and data model Xpath search support.