yumapro  20.10-14
YumaPro SDK
IETF ACM Model (NACM)

The NACM handler provides the required access control APIs within the server. More...

Collaboration diagram for IETF ACM Model (NACM):

Typedefs

typedef status_t(* agt_acm_group_cbfn_t) (const xmlChar *username, xmlChar **retgroups)
 typedef for NACM External Groups callback function More...
 

Functions

status_t agt_acm_ietf_init2 (void)
 Phase 2 : Initialize the external data model configuration data structures. More...
 
status_t agt_acm_ietf_init1 (void)
 Phase 1: Load the external data module. More...
 
void agt_acm_ietf_cleanup (void)
 Cleanup the external access control module. More...
 
boolean agt_acm_ietf_rpc_allowed (xml_msg_hdr_t *msg, const xmlChar *user, const obj_template_t *rpcobj)
 Check if the specified user is allowed to invoke an RPC. More...
 
boolean agt_acm_ietf_notif_allowed (const xmlChar *user, const obj_template_t *notifobj)
 Check if the specified user is allowed to receive a notification event. More...
 
boolean agt_acm_ietf_val_write_allowed (xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *newval, val_value_t *curval, op_editop_t editop)
 Check if the specified user is allowed to access a value node. More...
 
boolean agt_acm_ietf_val_read_allowed (xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *val)
 Check if the specified user is allowed to read a value node. More...
 
status_t agt_acm_ietf_init_msg_cache (ses_cb_t *scb, xml_msg_hdr_t *msg)
 Malloc and initialize an agt_acm_cache_t struct and attach it to the incoming message. More...
 
void agt_acm_ietf_clear_session_cache (ses_cb_t *scb)
 Clear an agt_acm_cache_t struct in a session control block. More...
 
void agt_acm_ietf_invalidate_session_cache (ses_cb_t *scb)
 Invalidate an agt_acm_cache_t struct in a session control block. More...
 
boolean agt_acm_ietf_session_cache_valid (const ses_cb_t *scb)
 Check if a session ACM cache is valid. More...
 
void agt_acm_ietf_clean_xpath_cache (void)
 Clean any cached XPath results because the data rule results. More...
 
void agt_acm_ietf_register_group_cbfn (agt_acm_group_cbfn_t cbfn)
 Register a get-external-groups callback function. More...
 
void agt_acm_ietf_set_datarules (val_value_t *val, uint32 msgid)
 Check the dataruleQ in the object and all child nodes For each rule found. More...
 
void agt_acm_ietf_clean_obj_datarule (ncx_module_t *mod)
 Check all the rule list entry and its OBJ datarule cache and clean if the modules is getting unloaded for this objects. More...
 

Detailed Description

The NACM handler provides the required access control APIs within the server.

Full implementation of RFC 8341.

https://tools.ietf.org/rfc/rfc8341

Typedef Documentation

◆ agt_acm_group_cbfn_t

typedef status_t(* agt_acm_group_cbfn_t) (const xmlChar *username, xmlChar **retgroups)

typedef for NACM External Groups callback function

Get the list of group names for this username These groups are added to the usergroup cache for the session

Parameters
usernamereturn the list of group names that this username is a member
retgroupsaddress of return malloced string
Return values
*retgroupsis set to a malloced string that will be parsed.
It contains a whitespace delimited list of group named ' group1 group2 group3'
The caller will free this string with m__free
Returns
status: if an error occurs the session will only use NACM groups

Function Documentation

◆ agt_acm_ietf_clean_obj_datarule()

void agt_acm_ietf_clean_obj_datarule ( ncx_module_t mod)

Check all the rule list entry and its OBJ datarule cache and clean if the modules is getting unloaded for this objects.

Parameters
modmod to check for unload
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_ietf_clean_xpath_cache()

void agt_acm_ietf_clean_xpath_cache ( void  )

Clean any cached XPath results because the data rule results.

may not be valid anymore.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_ietf_cleanup()

void agt_acm_ietf_cleanup ( void  )

Cleanup the external access control module.

Called by the server during system shutdown.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_ietf_clear_session_cache()

void agt_acm_ietf_clear_session_cache ( ses_cb_t scb)

Clear an agt_acm_cache_t struct in a session control block.

Parameters
scbsession control block to use
Return values
scb->acm_cachepointer is freed and set to NULL
Here is the caller graph for this function:

◆ agt_acm_ietf_init1()

status_t agt_acm_ietf_init1 ( void  )

Phase 1: Load the external data module.

Returns
status of the initialization procedure
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_ietf_init2()

status_t agt_acm_ietf_init2 ( void  )

Phase 2 : Initialize the external data model configuration data structures.

Returns
status of the initialization procedure
Here is the caller graph for this function:

◆ agt_acm_ietf_init_msg_cache()

status_t agt_acm_ietf_init_msg_cache ( ses_cb_t scb,
xml_msg_hdr_t msg 
)

Malloc and initialize an agt_acm_cache_t struct and attach it to the incoming message.

Parameters
scbsession control block to use
msgmessage to use
Return values
scb->acm_cachepointer may be set, if it was NULL
msg->acm_cachepointer set
Returns
status
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_ietf_invalidate_session_cache()

void agt_acm_ietf_invalidate_session_cache ( ses_cb_t scb)

Invalidate an agt_acm_cache_t struct in a session control block.

Parameters
scbsession control block to use
Return values
scb->acm_cachepointer is freed and set to NULL
Here is the caller graph for this function:

◆ agt_acm_ietf_notif_allowed()

boolean agt_acm_ietf_notif_allowed ( const xmlChar *  user,
const obj_template_t notifobj 
)

Check if the specified user is allowed to receive a notification event.

Parameters
useruser name string
notifobjobj_template_t for the notification event to check
Returns
TRUE if user allowed receive this notification event
FALSE otherwise

◆ agt_acm_ietf_register_group_cbfn()

void agt_acm_ietf_register_group_cbfn ( agt_acm_group_cbfn_t  cbfn)

Register a get-external-groups callback function.

This will be invoked at the start of each session as the acm_cache is created for a session

Parameters
cbfncallnack function to register

◆ agt_acm_ietf_rpc_allowed()

boolean agt_acm_ietf_rpc_allowed ( xml_msg_hdr_t msg,
const xmlChar *  user,
const obj_template_t rpcobj 
)

Check if the specified user is allowed to invoke an RPC.

Parameters
msgXML header in incoming message in progress
useruser name string
rpcobjobj_template_t for the RPC method to check
Returns
TRUE if user allowed invoke this RPC; FALSE otherwise

◆ agt_acm_ietf_session_cache_valid()

boolean agt_acm_ietf_session_cache_valid ( const ses_cb_t scb)

Check if a session ACM cache is valid.

Parameters
scbsession control block to check
Returns
TRUE if cache is valid
FALSE if cache invalid or NULL
Here is the caller graph for this function:

◆ agt_acm_ietf_set_datarules()

void agt_acm_ietf_set_datarules ( val_value_t val,
uint32  msgid 
)

Check the dataruleQ in the object and all child nodes For each rule found.

Cache any rule in the object in this value

Parameters
valvalue with the object struct to use
msgidupdate data rules after this msgid is finished
Here is the call graph for this function:
Here is the caller graph for this function:

◆ agt_acm_ietf_val_read_allowed()

boolean agt_acm_ietf_val_read_allowed ( xml_msg_hdr_t msg,
const xmlChar *  user,
val_value_t val 
)

Check if the specified user is allowed to read a value node.

Parameters
msgXML header from incoming message in progress
useruser name string
valval_value_t in progress to check
Returns
TRUE if user allowed read access to the value node
Here is the caller graph for this function:

◆ agt_acm_ietf_val_write_allowed()

boolean agt_acm_ietf_val_write_allowed ( xml_msg_hdr_t msg,
const xmlChar *  user,
val_value_t newval,
val_value_t curval,
op_editop_t  editop 
)

Check if the specified user is allowed to access a value node.

The val->obj template will be checked against the val->editop requested access and the user's configured max-access

Parameters
msgXML header from incoming message in progress
useruser name to check
newvalval_value_t in progress to check
(may be NULL, if curval set)
curvalval_value_t in progress to check
(may be NULL, if newval set)
editoprequested CRUD operation
Returns
TRUE if user allowed this level of access to the value node