yumapro  23.10T-12
YumaPro SDK
Loading...
Searching...
No Matches
ACM Wrapper Access Functions

The ACM manager allows NACM or a vendor-specific ACM to be installed. More...

Collaboration diagram for ACM Wrapper Access Functions:

Functions

status_t agt_acm_init (void)
 Initialize the NETCONF Server access control module. More...
 
status_t agt_acm_init2 (void)
 Phase 2 : Initialize the nacm.yang configuration data structures. More...
 
void agt_acm_cleanup (void)
 Cleanup the NETCONF Server access control module. More...
 
boolean agt_acm_rpc_allowed (xml_msg_hdr_t *msg, const xmlChar *user, const obj_template_t *rpcobj)
 Check if the specified user is allowed to invoke an RPC. More...
 
boolean agt_acm_notif_allowed (const xmlChar *user, const obj_template_t *notifobj)
 Check if the specified user is allowed to receive a notification event. More...
 
boolean agt_acm_val_write_allowed (xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *newval, val_value_t *curval, op_editop_t editop)
 Check if the specified user is allowed to access a value node. More...
 
boolean agt_acm_val_read_allowed (xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *val)
 Check if the specified user is allowed to read a value node. More...
 
status_t agt_acm_init_msg_cache (ses_cb_t *scb, xml_msg_hdr_t *msg)
 Malloc and initialize an agt_acm_cache_t struct and attach it to the incoming message. More...
 
void agt_acm_clear_msg_cache (xml_msg_hdr_t *msg)
 Clear an agt_acm_cache_t struct attached to the specified message. More...
 
void agt_acm_clear_session_cache (ses_cb_t *scb)
 Clear an agt_acm_cache_t struct in a session control block. More...
 
void agt_acm_invalidate_session_cache (ses_cb_t *scb)
 Mark an agt_acm_cache_t struct in a session control block as invalid so it will be refreshed next use. More...
 
boolean agt_acm_session_cache_valid (const ses_cb_t *scb)
 Check if the specified session NACM cache is valid. More...
 
boolean agt_acm_session_is_superuser (const ses_cb_t *scb)
 Check if the specified session is the superuser. More...
 
agt_acmode_t agt_acm_get_acmode (void)
 Get the –access-control mode. More...
 
void agt_acm_set_acmode (agt_acmode_t newmode)
 Set the –access-control mode. More...
 
boolean agt_acm_get_log_writes (void)
 Get the log_writes flag. More...
 
boolean agt_acm_get_log_reads (void)
 Get the log_reads flag. More...
 
boolean agt_acm_is_superuser (const xmlChar *username)
 Check if the specified user name is the superuser Low-level access; no scb available. More...
 
uint32 agt_acm_get_deniedRpcs (void)
 Get the deniedRpcs counter. More...
 
uint32 agt_acm_get_deniedDataWrites (void)
 Get the deniedDataWrites counter. More...
 
uint32 agt_acm_get_deniedNotifications (void)
 Get the deniedNotification counter. More...
 
void agt_acm_clean_xpath_cache (void)
 Clean any cached XPath results because the data rule results may not be valid anymore. More...
 
void agt_acm_set_datarules (val_value_t *val, uint32 msgid)
 Check the dataruleQ in the object and all child nodes. More...
 
void agt_acm_clean_obj_datarule_cache (ncx_module_t *mod)
 Check all the rule list entry and its OBJ datarule cache and clean if the modules is getting unloaded for this objects. More...
 

Detailed Description

The ACM manager allows NACM or a vendor-specific ACM to be installed.

The server will access the specific model used through this module.

Function Documentation

◆ agt_acm_clean_obj_datarule_cache()

void agt_acm_clean_obj_datarule_cache ( ncx_module_t mod)

Check all the rule list entry and its OBJ datarule cache and clean if the modules is getting unloaded for this objects.

Parameters
modmod to check for unload
Here is the call graph for this function:

◆ agt_acm_clean_xpath_cache()

void agt_acm_clean_xpath_cache ( void  )

Clean any cached XPath results because the data rule results may not be valid anymore.

Used internally by server

Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_cleanup()

void agt_acm_cleanup ( void  )

Cleanup the NETCONF Server access control module.

Must be called for NACM to properly clean up rulelist data

Here is the call graph for this function:

◆ agt_acm_clear_msg_cache()

void agt_acm_clear_msg_cache ( xml_msg_hdr_t msg)

Clear an agt_acm_cache_t struct attached to the specified message.

Parameters
[in,out]msgmessage to use; msg->acm_cache pointer is freed and set to NULL
Here is the caller graph for this function:

◆ agt_acm_clear_session_cache()

void agt_acm_clear_session_cache ( ses_cb_t scb)

Clear an agt_acm_cache_t struct in a session control block.

Parameters
[in,out]scbsession control block to use; scb->acm_cache pointer is freed and set to NULL
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_get_acmode()

agt_acmode_t agt_acm_get_acmode ( void  )

Get the –access-control mode.

Returns
access control mode in use

◆ agt_acm_get_deniedDataWrites()

uint32 agt_acm_get_deniedDataWrites ( void  )

Get the deniedDataWrites counter.

Returns
counter value

◆ agt_acm_get_deniedNotifications()

uint32 agt_acm_get_deniedNotifications ( void  )

Get the deniedNotification counter.

Returns
counter value

◆ agt_acm_get_deniedRpcs()

uint32 agt_acm_get_deniedRpcs ( void  )

Get the deniedRpcs counter.

Returns
counter value

◆ agt_acm_get_log_reads()

boolean agt_acm_get_log_reads ( void  )

Get the log_reads flag.

Returns
TRUE if ACM read logging is enabled

◆ agt_acm_get_log_writes()

boolean agt_acm_get_log_writes ( void  )

Get the log_writes flag.

Returns
TRUE if ACM write logging is enabled

◆ agt_acm_init()

status_t agt_acm_init ( void  )

Initialize the NETCONF Server access control module.

Returns
status of the initialization procedure
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_init2()

status_t agt_acm_init2 ( void  )

Phase 2 : Initialize the nacm.yang configuration data structures.

Returns
status of the initialization procedure
Here is the call graph for this function:

◆ agt_acm_init_msg_cache()

status_t agt_acm_init_msg_cache ( ses_cb_t scb,
xml_msg_hdr_t msg 
)

Malloc and initialize an agt_acm_cache_t struct and attach it to the incoming message.

Parameters
[in,out]scbsession control block to use; scb->acm_cache pointer may be set, if it was NULL
[in,out]msgmessage to use; msg->acm_cache pointer set
Returns
status
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_invalidate_session_cache()

void agt_acm_invalidate_session_cache ( ses_cb_t scb)

Mark an agt_acm_cache_t struct in a session control block as invalid so it will be refreshed next use.

Parameters
scbsession control block to use
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_is_superuser()

boolean agt_acm_is_superuser ( const xmlChar *  username)

Check if the specified user name is the superuser Low-level access; no scb available.

Parameters
usernameusername to check
Returns
TRUE if username is the superuser
FALSE if username is not the superuser
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_notif_allowed()

boolean agt_acm_notif_allowed ( const xmlChar *  user,
const obj_template_t notifobj 
)

Check if the specified user is allowed to receive a notification event.

Parameters
useruser name string
notifobjobj_template_t for the notification event to check
Returns
TRUE if user allowed receive this notification event
FALSE otherwise
Here is the call graph for this function:

◆ agt_acm_rpc_allowed()

boolean agt_acm_rpc_allowed ( xml_msg_hdr_t msg,
const xmlChar *  user,
const obj_template_t rpcobj 
)

Check if the specified user is allowed to invoke an RPC.

Parameters
msgXML header in incoming message in progress
useruser name string
rpcobjobj_template_t for the RPC method to check
Returns
TRUE if user allowed invoke this RPC; FALSE otherwise
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_session_cache_valid()

boolean agt_acm_session_cache_valid ( const ses_cb_t scb)

Check if the specified session NACM cache is valid.

Parameters
scbsession to check
Returns
TRUE if session acm_cache is valid
FALSE if session acm_cache is NULL or not valid
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_session_is_superuser()

boolean agt_acm_session_is_superuser ( const ses_cb_t scb)

Check if the specified session is the superuser.

Parameters
scbsession to check
Returns
TRUE if session is for the superuser
FALSE if session is not for the superuser
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_set_acmode()

void agt_acm_set_acmode ( agt_acmode_t  newmode)

Set the –access-control mode.

Parameters
newmodenew enum to use for acmode

◆ agt_acm_set_datarules()

void agt_acm_set_datarules ( val_value_t val,
uint32  msgid 
)

Check the dataruleQ in the object and all child nodes.

For each rule found. Cache any rule in the object in this value

Parameters
valvalue with the object struct to use
msgidupdate data rules after this msgid is finished
Here is the call graph for this function:

◆ agt_acm_val_read_allowed()

boolean agt_acm_val_read_allowed ( xml_msg_hdr_t msg,
const xmlChar *  user,
val_value_t val 
)

Check if the specified user is allowed to read a value node.

Parameters
msgXML header from incoming message in progress
useruser name string
valval_value_t in progress to check
Returns
TRUE if user allowed read access to the value node
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_val_write_allowed()

boolean agt_acm_val_write_allowed ( xml_msg_hdr_t msg,
const xmlChar *  user,
val_value_t newval,
val_value_t curval,
op_editop_t  editop 
)

Check if the specified user is allowed to access a value node.

The val->obj template will be checked against the val->editop requested access and the user's configured max-access

Parameters
msgXML header from incoming message in progress
useruser name string
newvalval_value_t in progress to check
(may be NULL, if curval set)
curvalval_value_t in progress to check
(may be NULL, if newval set)
editoprequested CRUD operation
Returns
TRUE if user allowed this level of access to the value node
Here is the call graph for this function:
Here is the caller graph for this function: