vacm.h Source File

00001 /*
00002  * vacm.h
00003  *
00004  * SNMPv3 View-based Access Control Model
00005  */
00006 
00007 #ifndef VACM_H
00008 #define VACM_H
00009 
00010 #ifdef __cplusplus
00011 extern          "C" {
00012 #endif
00013 
00014 #define VACM_SUCCESS       0
00015 #define VACM_NOSECNAME     1
00016 #define VACM_NOGROUP       2
00017 #define VACM_NOACCESS      3
00018 #define VACM_NOVIEW        4
00019 #define VACM_NOTINVIEW     5
00020 #define VACM_NOSUCHCONTEXT 6
00021 #define VACM_SUBTREE_UNKNOWN 7
00022 
00023 #define SECURITYMODEL   1
00024 #define SECURITYNAME    2
00025 #define SECURITYGROUP   3
00026 #define SECURITYSTORAGE 4
00027 #define SECURITYSTATUS  5
00028 
00029 #define ACCESSPREFIX    1
00030 #define ACCESSMODEL     2
00031 #define ACCESSLEVEL     3
00032 #define ACCESSMATCH     4
00033 #define ACCESSREAD      5
00034 #define ACCESSWRITE     6
00035 #define ACCESSNOTIFY    7
00036 #define ACCESSSTORAGE   8
00037 #define ACCESSSTATUS    9
00038 
00039 #define VACMVIEWSPINLOCK 1
00040 #define VIEWNAME        2
00041 #define VIEWSUBTREE     3
00042 #define VIEWMASK        4
00043 #define VIEWTYPE        5
00044 #define VIEWSTORAGE     6
00045 #define VIEWSTATUS      7
00046 
00047 #define VACM_MAX_STRING 32
00048 #define VACMSTRINGLEN   34      /* VACM_MAX_STRING + 2 */
00049 
00050     struct vacm_groupEntry {
00051         int             securityModel;
00052         char            securityName[VACMSTRINGLEN];
00053         char            groupName[VACMSTRINGLEN];
00054         int             storageType;
00055         int             status;
00056 
00057         u_long          bitMask;
00058         struct vacm_groupEntry *reserved;
00059         struct vacm_groupEntry *next;
00060     };
00061 
00062 #define CONTEXT_MATCH_EXACT  1
00063 #define CONTEXT_MATCH_PREFIX 2
00064     struct vacm_accessEntry {
00065         char            groupName[VACMSTRINGLEN];
00066         char            contextPrefix[VACMSTRINGLEN];
00067         int             securityModel;
00068         int             securityLevel;
00069         int             contextMatch;
00070         char            readView[VACMSTRINGLEN];
00071         char            writeView[VACMSTRINGLEN];
00072         char            notifyView[VACMSTRINGLEN];
00073         int             storageType;
00074         int             status;
00075 
00076         u_long          bitMask;
00077         struct vacm_accessEntry *reserved;
00078         struct vacm_accessEntry *next;
00079     };
00080 
00081     struct vacm_viewEntry {
00082         char            viewName[VACMSTRINGLEN];
00083         oid             viewSubtree[MAX_OID_LEN];
00084         size_t          viewSubtreeLen;
00085         u_char          viewMask[VACMSTRINGLEN];
00086         size_t          viewMaskLen;
00087         int             viewType;
00088         int             viewStorageType;
00089         int             viewStatus;
00090 
00091         u_long          bitMask;
00092 
00093         struct vacm_viewEntry *reserved;
00094         struct vacm_viewEntry *next;
00095     };
00096 
00097     void            vacm_destroyViewEntry(const char *, oid *, size_t);
00098     void            vacm_destroyAllViewEntries(void);
00099 
00100 #define VACM_MODE_FIND                0
00101 #define VACM_MODE_IGNORE_MASK         1
00102 #define VACM_MODE_CHECK_SUBTREE       2
00103     struct vacm_viewEntry *vacm_getViewEntry(const char *, oid *, size_t,
00104                                              int);
00105     /*
00106      * Returns a pointer to the viewEntry with the
00107      * same viewName and viewSubtree
00108      * Returns NULL if that entry does not exist.
00109      */
00110 
00111     int vacm_checkSubtree(const char *, oid *, size_t);
00112 
00113     /*
00114      * Check to see if everything within a subtree is in view, not in view,
00115      * or possibly both.
00116      *
00117      * Returns:
00118      *   VACM_SUCCESS          The OID is included in the view.
00119      *   VACM_NOTINVIEW        If no entry in the view list includes the
00120      *                         provided OID, or the OID is explicitly excluded
00121      *                         from the view. 
00122      *   VACM_SUBTREE_UNKNOWN  The entire subtree has both allowed and
00123      *                         disallowed portions.
00124      */
00125 
00126     void
00127                     vacm_scanViewInit(void);
00128     /*
00129      * Initialized the scan routines so that they will begin at the
00130      * beginning of the list of viewEntries.
00131      *
00132      */
00133 
00134 
00135     struct vacm_viewEntry *vacm_scanViewNext(void);
00136     /*
00137      * Returns a pointer to the next viewEntry.
00138      * These entries are returned in no particular order,
00139      * but if N entries exist, N calls to view_scanNext() will
00140      * return all N entries once.
00141      * Returns NULL if all entries have been returned.
00142      * view_scanInit() starts the scan over.
00143      */
00144 
00145     struct vacm_viewEntry *vacm_createViewEntry(const char *, oid *,
00146                                                 size_t);
00147     /*
00148      * Creates a viewEntry with the given index
00149      * and returns a pointer to it.
00150      * The status of this entry is created as invalid.
00151      */
00152 
00153     void            vacm_destroyGroupEntry(int, const char *);
00154     void            vacm_destroyAllGroupEntries(void);
00155     struct vacm_groupEntry *vacm_createGroupEntry(int, const char *);
00156     struct vacm_groupEntry *vacm_getGroupEntry(int, const char *);
00157     void            vacm_scanGroupInit(void);
00158     struct vacm_groupEntry *vacm_scanGroupNext(void);
00159 
00160     void            vacm_destroyAccessEntry(const char *, const char *,
00161                                             int, int);
00162     void            vacm_destroyAllAccessEntries(void);
00163     struct vacm_accessEntry *vacm_createAccessEntry(const char *,
00164                                                     const char *, int,
00165                                                     int);
00166     struct vacm_accessEntry *vacm_getAccessEntry(const char *,
00167                                                  const char *, int, int);
00168     void            vacm_scanAccessInit(void);
00169     struct vacm_accessEntry *vacm_scanAccessNext(void);
00170 
00171     void            vacm_destroySecurityEntry(const char *);
00172     struct vacm_securityEntry *vacm_createSecurityEntry(const char *);
00173     struct vacm_securityEntry *vacm_getSecurityEntry(const char *);
00174     void            vacm_scanSecurityInit(void);
00175     struct vacm_securityEntry *vacm_scanSecurityEntry(void);
00176     int             vacm_is_configured(void);
00177 
00178     void            vacm_save(const char *token, const char *type);
00179     void            vacm_save_view(struct vacm_viewEntry *view,
00180                                    const char *token, const char *type);
00181     void            vacm_save_access(struct vacm_accessEntry *access_entry,
00182                                      const char *token, const char *type);
00183     void            vacm_save_group(struct vacm_groupEntry *group_entry,
00184                                     const char *token, const char *type);
00185 
00186     void            vacm_parse_config_view(const char *token, char *line);
00187     void            vacm_parse_config_group(const char *token, char *line);
00188     void            vacm_parse_config_access(const char *token,
00189                                              char *line);
00190 
00191     int             store_vacm(int majorID, int minorID, void *serverarg,
00192                                void *clientarg);
00193 
00194 
00195 #ifdef __cplusplus
00196 }
00197 #endif
00198 #endif                          /* VACM_H */