yumapro  20.10-12
YumaPro SDK
agt_acm_yuma.h
1 #ifdef WITH_YUMA_NACM
2 /*
3  * Copyright (c) 2008 - 2012, Andy Bierman, All Rights Reserved.
4  * Copyright (c) 2012 - 2021, YumaWorks, Inc., All Rights Reserved.
5  *
6  * Unless required by applicable law or agreed to in writing,
7  * software distributed under the License is distributed on an
8  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
9  * KIND, either express or implied. See the License for the
10  * specific language governing permissions and limitations
11  * under the License.
12  */
13 #ifndef _H_agt_acm_yuma
14 #define _H_agt_acm_yuma
15 
16 /* FILE: agt_acm_yuma.h
17 *********************************************************************
18 * *
19 * P U R P O S E *
20 * *
21 *********************************************************************/
22 
32 /*********************************************************************
33 * *
34 * C H A N G E H I S T O R Y *
35 * *
36 *********************************************************************
37 
38 date init comment
39 ----------------------------------------------------------------------
40 18-jun-12 abb Begun; split from agt_acm.h
41 
42 */
43 
44 #include <xmlstring.h>
45 
46 #ifndef _H_agt
47 #include "agt.h"
48 #endif
49 
50 #ifndef _H_dlq
51 #include "dlq.h"
52 #endif
53 
54 #ifndef _H_obj
55 #include "obj.h"
56 #endif
57 
58 #ifndef _H_ses
59 #include "ses.h"
60 #endif
61 
62 #ifndef _H_status
63 #include "status.h"
64 #endif
65 
66 #ifndef _H_val
67 #include "val.h"
68 #endif
69 
70 #ifndef _H_xml_msg
71 #include "xmlmsg.h"
72 #endif
73 
74 #ifndef _H_xmlns
75 #include "xmlns.h"
76 #endif
77 
78 #ifndef _H_xpath
79 #include "xpath.h"
80 #endif
81 
82 #ifdef __cplusplus
83 extern "C" {
84 #endif
85 
86 /********************************************************************
87 * *
88 * C O N S T A N T S *
89 * *
90 *********************************************************************/
91 
92 
93 /********************************************************************
94 * *
95 * T Y P E S *
96 * *
97 *********************************************************************/
98 
99 
100 /********************************************************************
101 * *
102 * F U N C T I O N S *
103 * *
104 *********************************************************************/
105 
106 
107 /********************************************************************
108 * FUNCTION agt_acm_yuma_init1
109 *
110 * Phase 1:
111 * Load the yuma-nacm.yang module
112 *
113 * INPUTS:
114 * none
115 * RETURNS:
116 * status of the initialization procedure
117 *********************************************************************/
118 extern status_t
119  agt_acm_yuma_init1 (void);
120 
121 
122 /********************************************************************
123 * FUNCTION agt_acm_yuma_init2
124 *
125 * Phase 2:
126 * Initialize the yuma-nacm.yang configuration data structures
127 *
128 * INPUTS:
129 * none
130 * RETURNS:
131 * status of the initialization procedure
132 *********************************************************************/
133 extern status_t
134  agt_acm_yuma_init2 (void);
135 
136 
137 /********************************************************************
138 * FUNCTION agt_acm_yuma_cleanup
139 *
140 * Cleanup the yuma-nacm.yang access control module
141 *
142 * INPUTS:
143 * none
144 * RETURNS:
145 * none
146 *********************************************************************/
147 extern void
148  agt_acm_yuma_cleanup (void);
149 
150 
151 /********************************************************************
152 * FUNCTION agt_acm_yuma_rpc_allowed
153 *
154 * Check if the specified user is allowed to invoke an RPC
155 *
156 * INPUTS:
157 * msg == XML header in incoming message in progress
158 * user == user name string
159 * rpcobj == obj_template_t for the RPC method to check
160 *
161 * RETURNS:
162 * TRUE if user allowed invoke this RPC; FALSE otherwise
163 *********************************************************************/
164 extern boolean
165  agt_acm_yuma_rpc_allowed (xml_msg_hdr_t *msg,
166  const xmlChar *user,
167  const obj_template_t *rpcobj);
168 
169 
170 /********************************************************************
171 * FUNCTION agt_acm_yuma_notif_allowed
172 *
173 * Check if the specified user is allowed to receive
174 * a notification event
175 *
176 * INPUTS:
177 * user == user name string
178 * notifobj == obj_template_t for the notification event to check
179 *
180 * RETURNS:
181 * TRUE if user allowed receive this notification event;
182 * FALSE otherwise
183 *********************************************************************/
184 extern boolean
185  agt_acm_yuma_notif_allowed (const xmlChar *user,
186  const obj_template_t *notifobj);
187 
188 
189 /********************************************************************
190 * FUNCTION agt_acm_yuma_val_write_allowed
191 *
192 * Check if the specified user is allowed to access a value node
193 * The val->obj template will be checked against the val->editop
194 * requested access and the user's configured max-access
195 *
196 * INPUTS:
197 * msg == XML header from incoming message in progress
198 * newval == val_value_t in progress to check
199 * (may be NULL, if curval set)
200 * curval == val_value_t in progress to check
201 * (may be NULL, if newval set)
202 * val == val_value_t in progress to check
203 * editop == requested CRUD operation
204 *
205 * RETURNS:
206 * TRUE if user allowed this level of access to the value node
207 *********************************************************************/
208 extern boolean
209  agt_acm_yuma_val_write_allowed (xml_msg_hdr_t *msg,
210  const xmlChar *user,
211  const val_value_t *newval,
212  const val_value_t *curval,
213  op_editop_t editop);
214 
215 
216 /********************************************************************
217 * FUNCTION agt_acm_yuma_val_read_allowed
218 *
219 * Check if the specified user is allowed to read a value node
220 *
221 * INPUTS:
222 * msg == XML header from incoming message in progress
223 * user == user name string
224 * val == val_value_t in progress to check
225 *
226 * RETURNS:
227 * TRUE if user allowed read access to the value node
228 *********************************************************************/
229 extern boolean
230  agt_acm_yuma_val_read_allowed (xml_msg_hdr_t *msg,
231  const xmlChar *user,
232  const val_value_t *val);
233 
234 
235 /********************************************************************
236 * FUNCTION agt_acm_yuma_init_msg_cache
237 *
238 * Malloc and initialize an agt_acm_cache_t struct
239 * and attach it to the incoming message
240 *
241 * INPUTS:
242 * scb == session control block to use
243 * msg == message to use
244 *
245 * OUTPUTS:
246 * scb->acm_cache pointer may be set, if it was NULL
247 * msg->acm_cache pointer set
248 *
249 * RETURNS:
250 * status
251 *********************************************************************/
252 extern status_t
253  agt_acm_yuma_init_msg_cache (ses_cb_t *scb,
254  xml_msg_hdr_t *msg);
255 
256 
257 /********************************************************************
258 * FUNCTION agt_acm_yuma_clear_session_cache
259 *
260 * Clear an agt_acm_cache_t struct in a session control block
261 *
262 * INPUTS:
263 * scb == session control block to use
264 *
265 * OUTPUTS:
266 * scb->acm_cache pointer is freed and set to NULL
267 *
268 *********************************************************************/
269 extern void agt_acm_yuma_clear_session_cache (ses_cb_t *scb);
270 
271 
272 /********************************************************************
273 * FUNCTION agt_acm_yuma_invalidate_session_cache
274 *
275 * Invalidate an agt_acm_cache_t struct in a session control block
276 *
277 * INPUTS:
278 * scb == session control block to use
279 *
280 * OUTPUTS:
281 * scb->acm_cache pointer is freed and set to NULL
282 *
283 *********************************************************************/
284 extern void agt_acm_yuma_invalidate_session_cache (ses_cb_t *scb);
285 
286 
287 /********************************************************************
288 * FUNCTION agt_acm_yuma_session_cache_valid
289 *
290 * Check if a session ACM cache is valid
291 *
292 * INPUTS:
293 * scb == session control block to check
294 *
295 * RETURNS:
296 * TRUE if cache calid
297 * FALSE if cache invalid or NULL
298 *********************************************************************/
299 extern boolean agt_acm_yuma_session_cache_valid (const ses_cb_t *scb);
300 
301 
302 #ifdef __cplusplus
303 } /* end extern 'C' */
304 #endif
305 
306 #endif /* _H_agt_acm_yuma */
307 #endif // WITH_YUMA_NACM
ses.h
NETCONF Session Common definitions module.
agt_set_val_defaults
status_t agt_set_val_defaults(val_value_t *val)
Check for any node-level config leafs that have a default value, and add them to the running configur...
Definition: agt_util.c:4498
xpath_free_pcb
void xpath_free_pcb(xpath_pcb_t *pcb)
Free a malloced XPath parser control block.
Definition: xpath.c:2963
dlq_block_enque
void dlq_block_enque(dlq_hdrT *srcP, dlq_hdrT *dstP)
add all the queue entries in the srcP queue list to the end of the dstP queue list
Definition: dlq.c:731
agt_acm_get_log_reads
boolean agt_acm_get_log_reads(void)
Get the log_reads flag.
Definition: agt_acm.c:933
OP_EDITOP_CREATE
@ OP_EDITOP_CREATE
edit op is create
Definition: op.h:126
agt_ses.h
Server Session Management.
agt_util.h
Utility Functions for NCX Server method routines.
OP_EDITOP_REPLACE
@ OP_EDITOP_REPLACE
edit op is replace
Definition: op.h:125
OP_EDITOP_NONE
@ OP_EDITOP_NONE
not set
Definition: op.h:123
xml_strdup
xmlChar * xml_strdup(const xmlChar *copyFrom)
String duplicate for xmlChar.
Definition: xml_util.c:1553
val_find_child
val_value_t * val_find_child(const val_value_t *parent, const xmlChar *modname, const xmlChar *childname)
Find the first instance of the specified child node.
Definition: val.c:8560
agt_add_top_node_if_missing
val_value_t * agt_add_top_node_if_missing(ncx_module_t *mod, const xmlChar *objname, boolean *added, status_t *res)
Add a top config node if it is missing.
Definition: agt_util.c:4821
log_error
void log_error(const char *fstr,...) __attribute__((format(printf
Generate a new LOG_DEBUG_ERROR log entry.
val.h
Value Node Basic Support.
agt_acm_get_deniedDataWrites
uint32 agt_acm_get_deniedDataWrites(void)
Get the deniedDataWrites counter.
Definition: agt_acm.c:992
ncx_num.h
NCX Module Library Number Utility Functions.
agt_acm_get_log_writes
boolean agt_acm_get_log_writes(void)
Get the log_writes flag.
Definition: agt_acm.c:917
val_get_mod_name
const xmlChar * val_get_mod_name(const val_value_t *val)
Get the module name associated with this value node.
Definition: val.c:12223
agt_make_virtual_leaf
val_value_t * agt_make_virtual_leaf(obj_template_t *parentobj, const xmlChar *leafname, getcb_fn_t callbackfn, status_t *res)
make a val_value_t struct for a specified virtual leaf or leaf-list
Definition: agt_util.c:3872
VAL_IDREF_NAME
#define VAL_IDREF_NAME(V)
Access the name string value as an identityref ONLY if NCX_BT_IDREF.
Definition: val.h:476
agt_cb_unregister_callbacks
void agt_cb_unregister_callbacks(const xmlChar *modname, const xmlChar *defpath)
Unregister all EDIT callback functions for a specific object.
Definition: agt_cb.c:1965
obj_is_very_secure
boolean obj_is_very_secure(const obj_template_t *obj)
Check if object is tagged ncx:very-secure.
Definition: obj.c:14451
agt_acm_get_acmode
agt_acmode_t agt_acm_get_acmode(void)
Get the –access-control mode.
Definition: agt_acm.c:885
ncxconst.h
Contains NCX constants.
ncxmod.h
NCX Module Load Manager.
agt_not.h
NETCONF Notifications DM module support.
XP_SRC_YANG
@ XP_SRC_YANG
YANG must or when.
Definition: xpath.h:376
agt_acm_set_acmode
void agt_acm_set_acmode(agt_acmode_t newmode)
Set the –access-control mode.
Definition: agt_acm.c:901
agt_cb.h
NETCONF Server Data Model callback handler.
OP_EDITOP_MERGE
@ OP_EDITOP_MERGE
edit op is merge
Definition: op.h:124
val_find_next_child
val_value_t * val_find_next_child(const val_value_t *parent, const xmlChar *modname, const xmlChar *childname, const val_value_t *curchild)
Find the next instance of the specified child node.
Definition: val.c:8748
VAL_ENUM_NAME
#define VAL_ENUM_NAME(V)
Access the enum name in the value ONLY if BCX_NT_ENUM This is the macro used to check values in SIL c...
Definition: val.h:434
log_info
void void void void void log_info(const char *fstr,...) __attribute__((format(printf
Generate a new LOG_DEBUG_INFO log entry.
xmlns_id_t
uint16 xmlns_id_t
integer handle for registered namespaces
Definition: xmlns.h:89
agt_cbtype_name
const xmlChar * agt_cbtype_name(agt_cbtyp_t cbtyp)
Get the string for the server callback phase.
Definition: agt.c:4247
log_debug2
void void void void void void void void void log_debug2(const char *fstr,...) __attribute__((format(printf
Generate a new LOG_DEBUG_DEBUG2 log entry.
agt_val.h
NETCONF Server database callback handler.
xpath1.h
XPath 1.0 expression support.
def_reg.h
Definition Registry module.
NO_ERR
@ NO_ERR
000
Definition: status_enum.h:188
xpath.h
Schema and data model Xpath search support.
obj_is_block_user_update
boolean obj_is_block_user_update(const obj_template_t *obj)
Check if object is marked as ncx:user-write with update access disabled.
Definition: obj.c:16099
log_debug4
void void void void void void void void void void void void void log_debug4(const char *fstr,...) __attribute__((format(printf
Generate a new LOG_DEBUG_DEBUG4 log entry.
obj_get_name
const xmlChar * obj_get_name(const obj_template_t *obj)
Get the name field for this obj.
Definition: obj.c:10511
agt_apply_this_node
boolean agt_apply_this_node(op_editop_t editop, const val_value_t *newnode, const val_value_t *curnode)
Check if the write operation applies to the current node.
Definition: agt_util.c:4954
LOGDEBUG2
#define LOGDEBUG2
Check if at least log-level=debug2.
Definition: log.h:292
cfg_get_config
cfg_template_t * cfg_get_config(const xmlChar *cfgname)
Get the config struct from its name.
Definition: cfg.c:1468
xpath_free_result
void xpath_free_result(xpath_result_t *result)
Free a malloced XPath result struct.
Definition: xpath.c:3107
OP_EDITOP_DELETE
@ OP_EDITOP_DELETE
edit op is delete
Definition: op.h:127
dlq_createSQue
void dlq_createSQue(dlq_hdrT *queAddr)
create a static queue header
Definition: dlq.c:177
log_warn
void void void log_warn(const char *fstr,...) __attribute__((format(printf
Generate a new LOG_DEBUG_WARN log entry.
ERR_INTERNAL_VAL
@ ERR_INTERNAL_VAL
004
Definition: status_enum.h:194
xmlns_find_ns_by_module
xmlns_id_t xmlns_find_ns_by_module(const xmlChar *modname)
Find the NS ID from its module name that registered it.
Definition: xmlns.c:712
val_add_child_sorted
void val_add_child_sorted(val_value_t *child, val_value_t *parent)
Add a child value node to a parent value node in the proper place (deprecated: use val_child_add inst...
Definition: val.c:8258
val_util.h
Value Node Utilities.
agt_get_savedevQ
dlq_hdr_t * agt_get_savedevQ(void)
Get the agt_savedevQ pointer.
Definition: agt.c:4747
xpath1_eval_expr
xpath_result_t * xpath1_eval_expr(xpath_pcb_t *pcb, val_value_t *val, val_value_t *docroot, boolean logerrors, boolean configonly, status_t *res)
Evaluate an XPath expression use if the prefixes are YANG: must/when.
Definition: xpath1.c:5293
agt_sil_lib.h
Server Instrumentation Library Support.
VAL_BITS
#define VAL_BITS
Access the value as a bits value ONLY if NCX_BT_BITS.
Definition: val.h:527
AGT_CB_VALIDATE
@ AGT_CB_VALIDATE
P1: write operation validate.
Definition: agt.h:620
xpath1_check_node_exists_slow
boolean xpath1_check_node_exists_slow(xpath_pcb_t *pcb, dlq_hdr_t *resultQ, const val_value_t *val)
Check if any ancestor-ot-self node is already in the specified Q Slow version.
Definition: xpath1.c:5927
ERR_INTERNAL_MEM
@ ERR_INTERNAL_MEM
003
Definition: status_enum.h:193
get_error_string
const char * get_error_string(status_t res)
Get the error message for a specific internal error.
Definition: status.c:239
AGT_ACMOD_ENFORCING
@ AGT_ACMOD_ENFORCING
full enforcement
Definition: agt.h:609
val_move_config_false
status_t val_move_config_false(val_value_t *newval, val_value_t *curval)
Move the config false data nodes.
Definition: val_util.c:6611
dlq_nextEntry
#define dlq_nextEntry(nodeP)
get the next queue entry after the current entry
Definition: dlq.h:265
agt.h
Multi-Protocol Network Management Server.
GETCB_GET_VALUE
@ GETCB_GET_VALUE
GET request.
Definition: getcb.h:247
agt_ses_invalidate_session_acm_caches
void agt_ses_invalidate_session_acm_caches(void)
Invalidate all session ACM caches so they will be rebuilt.
Definition: agt_ses.c:2224
op_editop_name
const xmlChar * op_editop_name(op_editop_t ed_id)
Get the keyword for the specified op_editop_t enumeration.
Definition: op.c:106
ERR_NCX_OPERATION_NOT_SUPPORTED
@ ERR_NCX_OPERATION_NOT_SUPPORTED
273
Definition: status_enum.h:314
agt_acm_val_read_allowed
boolean agt_acm_val_read_allowed(xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *val)
Check if the specified user is allowed to read a value node.
Definition: agt_acm.c:618
VAL_UINT
#define VAL_UINT(V)
Access the value as an uint32 ONLY if NCX_BT_UINT8, 16, 32.
Definition: val.h:482
obj_get_mod_name
const xmlChar * obj_get_mod_name(const obj_template_t *obj)
Get the module name for this object.
Definition: obj.c:12176
agt_acm_session_cache_valid
boolean agt_acm_session_cache_valid(const ses_cb_t *scb)
Check if the specified session NACM cache is valid.
Definition: agt_acm.c:827
agt_acm_get_deniedRpcs
uint32 agt_acm_get_deniedRpcs(void)
Get the deniedRpcs counter.
Definition: agt_acm.c:976
xml_strcmp
int xml_strcmp(const xmlChar *s1, const xmlChar *s2)
String compare for xmlChar.
Definition: xml_util.c:1746
VAL_BOOL
#define VAL_BOOL(V)
Access the value as a boolean ONLY IF btyp == NCX_BT_BOOLEAN.
Definition: val.h:405
val_get_next_child
val_value_t * val_get_next_child(const val_value_t *curchild)
Get the next child node.
Definition: val.c:8496
OP_EDITOP_LOAD
@ OP_EDITOP_LOAD
load, internal enum
Definition: op.h:128
ncxmod_load_module
status_t ncxmod_load_module(const xmlChar *modname, const xmlChar *revision, dlq_hdr_t *savedevQ, ncx_module_t **retmod)
Determine the location of the specified module and then load it into the system, if not already loade...
Definition: ncxmod.c:4342
obj_is_block_user_delete
boolean obj_is_block_user_delete(const obj_template_t *obj)
Check if object is marked as ncx:user-write with delete access disabled.
Definition: obj.c:16120
agt_acm_is_superuser
boolean agt_acm_is_superuser(const xmlChar *username)
Check if the specified user name is the superuser Low-level access; no scb available.
Definition: agt_acm.c:954
xpath_clone_pcb
xpath_pcb_t * xpath_clone_pcb(const xpath_pcb_t *srcpcb)
Clone an XPath PCB.
Definition: xpath.c:2822
xpath_get_resnodeQ
dlq_hdr_t * xpath_get_resnodeQ(xpath_result_t *result)
Get the renodeQ from a result struct.
Definition: xpath.c:3905
OP_EDITOP_REMOVE
@ OP_EDITOP_REMOVE
remove, base:1.1 only
Definition: op.h:130
ncx_list.h
NCX Module Library List Utility Functions.
dlq_deque
void * dlq_deque(dlq_hdrT *listP)
remove the first queue node from the queue list
Definition: dlq.c:286
val_get_first_child
val_value_t * val_get_first_child(const val_value_t *parent)
Get the first child node.
Definition: val.c:8477
dlq_empty
#define dlq_empty(listP)
check if queue list is empty
Definition: dlq.h:367
agt_acm.h
NETCONF Server Access Control Entry Points.
AGT_CB_ROLLBACK
@ AGT_CB_ROLLBACK
P3-neg: write operation rollback.
Definition: agt.h:623
dlq_firstEntry
#define dlq_firstEntry(listP)
get the first entry in the queue list
Definition: dlq.h:337
obj_is_secure
boolean obj_is_secure(const obj_template_t *obj)
Check if object is tagged ncx:secure.
Definition: obj.c:14438
ncx.h
YANG module utility functions.
VAL_IDREF_NSID
#define VAL_IDREF_NSID(V)
Access the namespace ID value as an identityref ONLY if NCX_BT_IDREF.
Definition: val.h:473
AGT_CB_COMMIT
@ AGT_CB_COMMIT
P3-pos: write operation commit.
Definition: agt.h:622
obj.h
Data Object Support.
obj_is_block_user_create
boolean obj_is_block_user_create(const obj_template_t *obj)
Check if object is marked as ncx:user-write with create access disabled.
Definition: obj.c:16078
AGT_ACMOD_PERMISSIVE
@ AGT_ACMOD_PERMISSIVE
permissive mode, read + exec allowed
Definition: agt.h:610
ncx_string_in_list
boolean ncx_string_in_list(const xmlChar *str, const ncx_list_t *list)
Check if the string value is in the list List type must be string based, or an enum.
Definition: ncx_list.c:343
dlq_enque
void dlq_enque(REG void *newP, REG dlq_hdrT *listP)
add a queue node to the end of a queue list Add newP to listP
Definition: dlq.c:246
VAL_STR
#define VAL_STR(V)
Access the value as a string ONLY if typ_is_string() is true.
Definition: val.h:464
AGT_ACMOD_OFF
@ AGT_ACMOD_OFF
NACM completely off.
Definition: agt.h:612
SET_ERROR
#define SET_ERROR(E)
macro SET_ERROR
Definition: status_enum.h:103
agt_cb_register_callback
status_t agt_cb_register_callback(const xmlChar *modname, const xmlChar *defpath, const xmlChar *version, agt_cb_fn_t cbfn)
Register an object specific edit callback function use the same fn for all callback phases all phases...
Definition: agt_cb.c:1177
xmlns.h
XML namespace support.
AGT_ACMOD_DISABLED
@ AGT_ACMOD_DISABLED
almost all access control turned off
Definition: agt.h:611
obj_is_root
boolean obj_is_root(const obj_template_t *obj)
Check if object is marked as a root object.
Definition: obj.c:14152
status.h
Global error messages for status code enumerations.
obj_get_nsid
xmlns_id_t obj_get_nsid(const obj_template_t *obj)
Get the namespace ID for this object.
Definition: obj.c:12395
dlq.h
dlq provides general double-linked list and queue support:
AGT_CB_APPLY
@ AGT_CB_APPLY
P2: write operation apply.
Definition: agt.h:621