vacm.h

00001 /*
00002  * vacm.h
00003  *
00004  * SNMPv3 View-based Access Control Model
00005  */
00006 
00007 #ifndef VACM_H
00008 #define VACM_H
00009 
00010 #ifdef __cplusplus
00011 extern          "C" {
00012 #endif
00013 
00014 #define VACM_SUCCESS       0
00015 #define VACM_NOSECNAME     1
00016 #define VACM_NOGROUP       2
00017 #define VACM_NOACCESS      3
00018 #define VACM_NOVIEW        4
00019 #define VACM_NOTINVIEW     5
00020 #define VACM_NOSUCHCONTEXT 6
00021 #define VACM_SUBTREE_UNKNOWN 7
00022 
00023 #define SECURITYMODEL   1
00024 #define SECURITYNAME    2
00025 #define SECURITYGROUP   3
00026 #define SECURITYSTORAGE 4
00027 #define SECURITYSTATUS  5
00028 
00029 #define ACCESSPREFIX    1
00030 #define ACCESSMODEL     2
00031 #define ACCESSLEVEL     3
00032 #define ACCESSMATCH     4
00033 #define ACCESSREAD      5
00034 #define ACCESSWRITE     6
00035 #define ACCESSNOTIFY    7
00036 #define ACCESSSTORAGE   8
00037 #define ACCESSSTATUS    9
00038 
00039 #define VACMVIEWSPINLOCK 1
00040 #define VIEWNAME        2
00041 #define VIEWSUBTREE     3
00042 #define VIEWMASK        4
00043 #define VIEWTYPE        5
00044 #define VIEWSTORAGE     6
00045 #define VIEWSTATUS      7
00046 
00047 #define VACM_MAX_STRING 32
00048 #define VACMSTRINGLEN   34      /* VACM_MAX_STRING + 2 */
00049 
00050     struct vacm_groupEntry {
00051         int             securityModel;
00052         char            securityName[VACMSTRINGLEN];
00053         char            groupName[VACMSTRINGLEN];
00054         int             storageType;
00055         int             status;
00056 
00057         u_long          bitMask;
00058         struct vacm_groupEntry *reserved;
00059         struct vacm_groupEntry *next;
00060     };
00061 
00062 #define CONTEXT_MATCH_EXACT  1
00063 #define CONTEXT_MATCH_PREFIX 2
00064 
00065 /* VIEW ENUMS ---------------------------------------- */
00066 
00067 /* SNMPD usage: get/set/send-notification views */
00068 #define VACM_VIEW_READ     0
00069 #define VACM_VIEW_WRITE    1
00070 #define VACM_VIEW_NOTIFY   2
00071 
00072 /* SNMPTRAPD usage: log execute and net-access (forward) usage */
00073 #define VACM_VIEW_LOG      3
00074 #define VACM_VIEW_EXECUTE  4
00075 #define VACM_VIEW_NET      5
00076 
00077 /* VIEW BIT MASK VALUES-------------------------------- */
00078 
00079 /* SNMPD usage: get/set/send-notification views */
00080 #define VACM_VIEW_READ_BIT      (1 << VACM_VIEW_READ)
00081 #define VACM_VIEW_WRITE_BIT     (1 << VACM_VIEW_WRITE)
00082 #define VACM_VIEW_NOTIFY_BIT    (1 << VACM_VIEW_NOTIFY)
00083 
00084 /* SNMPTRAPD usage: log execute and net-access (forward) usage */
00085 #define VACM_VIEW_LOG_BIT      (1 << VACM_VIEW_LOG)
00086 #define VACM_VIEW_EXECUTE_BIT  (1 << VACM_VIEW_EXECUTE)
00087 #define VACM_VIEW_NET_BIT      (1 << VACM_VIEW_NET)
00088     
00089 #define VACM_VIEW_NO_BITS      0
00090 
00091 /* Maximum number of views in the view array */
00092 #define VACM_MAX_VIEWS     8
00093 
00094 #define VACM_VIEW_ENUM_NAME "vacmviews"
00095     
00096     void init_vacm(void);
00097     
00098     struct vacm_accessEntry {
00099         char            groupName[VACMSTRINGLEN];
00100         char            contextPrefix[VACMSTRINGLEN];
00101         int             securityModel;
00102         int             securityLevel;
00103         int             contextMatch;
00104         char            views[VACM_MAX_VIEWS][VACMSTRINGLEN];
00105         int             storageType;
00106         int             status;
00107 
00108         u_long          bitMask;
00109         struct vacm_accessEntry *reserved;
00110         struct vacm_accessEntry *next;
00111     };
00112 
00113     struct vacm_viewEntry {
00114         char            viewName[VACMSTRINGLEN];
00115         oid             viewSubtree[MAX_OID_LEN];
00116         size_t          viewSubtreeLen;
00117         u_char          viewMask[VACMSTRINGLEN];
00118         size_t          viewMaskLen;
00119         int             viewType;
00120         int             viewStorageType;
00121         int             viewStatus;
00122 
00123         u_long          bitMask;
00124 
00125         struct vacm_viewEntry *reserved;
00126         struct vacm_viewEntry *next;
00127     };
00128 
00129     void            vacm_destroyViewEntry(const char *, oid *, size_t);
00130     void            vacm_destroyAllViewEntries(void);
00131 
00132 #define VACM_MODE_FIND                0
00133 #define VACM_MODE_IGNORE_MASK         1
00134 #define VACM_MODE_CHECK_SUBTREE       2
00135     struct vacm_viewEntry *vacm_getViewEntry(const char *, oid *, size_t,
00136                                              int);
00137     /*
00138      * Returns a pointer to the viewEntry with the
00139      * same viewName and viewSubtree
00140      * Returns NULL if that entry does not exist.
00141      */
00142 
00143     int vacm_checkSubtree(const char *, oid *, size_t);
00144 
00145     /*
00146      * Check to see if everything within a subtree is in view, not in view,
00147      * or possibly both.
00148      *
00149      * Returns:
00150      *   VACM_SUCCESS          The OID is included in the view.
00151      *   VACM_NOTINVIEW        If no entry in the view list includes the
00152      *                         provided OID, or the OID is explicitly excluded
00153      *                         from the view. 
00154      *   VACM_SUBTREE_UNKNOWN  The entire subtree has both allowed and
00155      *                         disallowed portions.
00156      */
00157 
00158     void
00159                     vacm_scanViewInit(void);
00160     /*
00161      * Initialized the scan routines so that they will begin at the
00162      * beginning of the list of viewEntries.
00163      *
00164      */
00165 
00166 
00167     struct vacm_viewEntry *vacm_scanViewNext(void);
00168     /*
00169      * Returns a pointer to the next viewEntry.
00170      * These entries are returned in no particular order,
00171      * but if N entries exist, N calls to view_scanNext() will
00172      * return all N entries once.
00173      * Returns NULL if all entries have been returned.
00174      * view_scanInit() starts the scan over.
00175      */
00176 
00177     struct vacm_viewEntry *vacm_createViewEntry(const char *, oid *,
00178                                                 size_t);
00179     /*
00180      * Creates a viewEntry with the given index
00181      * and returns a pointer to it.
00182      * The status of this entry is created as invalid.
00183      */
00184 
00185     void            vacm_destroyGroupEntry(int, const char *);
00186     void            vacm_destroyAllGroupEntries(void);
00187     struct vacm_groupEntry *vacm_createGroupEntry(int, const char *);
00188     struct vacm_groupEntry *vacm_getGroupEntry(int, const char *);
00189     void            vacm_scanGroupInit(void);
00190     struct vacm_groupEntry *vacm_scanGroupNext(void);
00191 
00192     void            vacm_destroyAccessEntry(const char *, const char *,
00193                                             int, int);
00194     void            vacm_destroyAllAccessEntries(void);
00195     struct vacm_accessEntry *vacm_createAccessEntry(const char *,
00196                                                     const char *, int,
00197                                                     int);
00198     struct vacm_accessEntry *vacm_getAccessEntry(const char *,
00199                                                  const char *, int, int);
00200     void            vacm_scanAccessInit(void);
00201     struct vacm_accessEntry *vacm_scanAccessNext(void);
00202 
00203     void            vacm_destroySecurityEntry(const char *);
00204     struct vacm_securityEntry *vacm_createSecurityEntry(const char *);
00205     struct vacm_securityEntry *vacm_getSecurityEntry(const char *);
00206     void            vacm_scanSecurityInit(void);
00207     struct vacm_securityEntry *vacm_scanSecurityEntry(void);
00208     int             vacm_is_configured(void);
00209 
00210     void            vacm_save(const char *token, const char *type);
00211     void            vacm_save_view(struct vacm_viewEntry *view,
00212                                    const char *token, const char *type);
00213     void            vacm_save_access(struct vacm_accessEntry *access_entry,
00214                                      const char *token, const char *type);
00215     void            vacm_save_group(struct vacm_groupEntry *group_entry,
00216                                     const char *token, const char *type);
00217 
00218     void            vacm_parse_config_view(const char *token, char *line);
00219     void            vacm_parse_config_group(const char *token, char *line);
00220     void            vacm_parse_config_access(const char *token,
00221                                              char *line);
00222 
00223     int             store_vacm(int majorID, int minorID, void *serverarg,
00224                                void *clientarg);
00225 
00226     struct vacm_viewEntry *netsnmp_view_get(struct vacm_viewEntry *head,
00227                                             const char *viewName,
00228                                             oid * viewSubtree,
00229                                             size_t viewSubtreeLen, int mode);
00230 
00231 
00232 #ifdef __cplusplus
00233 }
00234 #endif
00235 #endif                          /* VACM_H */
net-snmpに対してSat Sep 5 13:14:28 2009に生成されました。  doxygen 1.4.7