yumapro  24.10-3
YumaPro SDK
Loading...
Searching...
No Matches
agt_acm.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2008 - 2012, Andy Bierman, All Rights Reserved.
3 * Copyright (c) 2012 - 2021, YumaWorks, Inc., All Rights Reserved.
4 *
5 * Unless required by applicable law or agreed to in writing,
6 * software distributed under the License is distributed on an
7 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
8 * KIND, either express or implied. See the License for the
9 * specific language governing permissions and limitations
10 * under the License.
11 */
12#ifndef _H_agt_acm
13#define _H_agt_acm
14
15/* FILE: agt_acm.h
16*********************************************************************
17* *
18* P U R P O S E *
19* *
20*********************************************************************/
21
27/*********************************************************************
28* *
29* C H A N G E H I S T O R Y *
30* *
31*********************************************************************
32
33date init comment
34----------------------------------------------------------------------
3503-feb-06 abb Begun
3614-may-09 abb add per-msg cache to speed up performance
37*/
38
39#include <xmlstring.h>
40
41#ifndef _H_agt
42#include "agt.h"
43#endif
44
45#ifndef _H_dlq
46#include "dlq.h"
47#endif
48
49#ifndef _H_obj
50#include "obj.h"
51#endif
52
53#ifndef _H_ses
54#include "ses.h"
55#endif
56
57#ifndef _H_status
58#include "status.h"
59#endif
60
61#ifndef _H_val
62#include "val.h"
63#endif
64
65#ifndef _H_xml_msg
66#include "xml_msg.h"
67#endif
68
69#ifndef _H_xmlns
70#include "xmlns.h"
71#endif
72
73#ifndef _H_xpath
74#include "xpath.h"
75#endif
76
77#ifdef __cplusplus
78extern "C" {
79#endif
80
81/********************************************************************
82* *
83* C O N S T A N T S *
84* *
85*********************************************************************/
86
87/* this is defined by the vendor and not allowed to change by
88 * the user since there are no translation functions between models
89 * Pick RFC 6536 as the default.
90 */
91// To change ACM models, also change the nacm:default-deny-* extensions
92// in all YANG modules using these YANG extensions
93#define AGT_DEF_ACM_MODEL AGT_ACM_MODEL_IETF_NACM
94
96//#define AGT_DEF_ACM_MODEL AGT_ACM_MODEL_YUMA_NACM
97
98
99/********************************************************************
100* *
101* T Y P E S *
102* *
103*********************************************************************/
104
105
106/********************************************************************
107* *
108* F U N C T I O N S *
109* *
110*********************************************************************/
111
112/* Header only */
113
114
139extern status_t
140 agt_acm_init (void);
141
142
148extern status_t
149 agt_acm_init2 (void);
150
151
157extern void
158 agt_acm_cleanup (void);
159
160
169extern boolean
171 const xmlChar *user,
172 const obj_template_t *rpcobj);
173
174
185extern boolean
186 agt_acm_notif_allowed (const xmlChar *user,
187 const obj_template_t *notifobj);
188
189
205extern boolean
207 const xmlChar *user,
208 val_value_t *newval,
209 val_value_t *curval,
210 op_editop_t editop);
211
212
221extern boolean
223 const xmlChar *user,
224 val_value_t *val);
225
226
237extern status_t
239 xml_msg_hdr_t *msg);
240
241
248extern void
250
251
258extern void agt_acm_clear_session_cache (ses_cb_t *scb);
259
260
268
269
277extern boolean
279
280
288extern boolean
290
291
297extern agt_acmode_t
298 agt_acm_get_acmode (void);
299
300
306extern void
308
309
315extern boolean
317
318
324extern boolean
326
327
336extern boolean
337 agt_acm_is_superuser (const xmlChar *username);
338
339
345extern uint32
347
348
354extern uint32
356
357
363extern uint32
365
366
373extern void
375
376
385extern void
387 uint32 msgid);
388
389
396extern void
398
399
403#ifdef __cplusplus
404} /* end extern 'C' */
405#endif
406
407#endif /* _H_agt_acm */
Multi-Protocol Network Management Server.
dlq provides general double-linked list and queue support:
agt_acmode_t
matches access-control enumeration in netconfd.yang
Definition: agt.h:710
boolean agt_acm_val_read_allowed(xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *val)
Check if the specified user is allowed to read a value node.
Definition: agt_acm.c:618
void agt_acm_set_acmode(agt_acmode_t newmode)
Set the –access-control mode.
Definition: agt_acm.c:916
void agt_acm_clean_obj_datarule_cache(ncx_module_t *mod)
Check all the rule list entry and its OBJ datarule cache and clean if the modules is getting unloaded...
Definition: agt_acm.c:1107
boolean agt_acm_get_log_writes(void)
Get the log_writes flag.
Definition: agt_acm.c:932
agt_acmode_t agt_acm_get_acmode(void)
Get the –access-control mode.
Definition: agt_acm.c:900
void agt_acm_clean_xpath_cache(void)
Clean any cached XPath results because the data rule results may not be valid anymore.
Definition: agt_acm.c:1035
boolean agt_acm_rpc_allowed(xml_msg_hdr_t *msg, const xmlChar *user, const obj_template_t *rpcobj)
Check if the specified user is allowed to invoke an RPC.
Definition: agt_acm.c:295
uint32 agt_acm_get_deniedNotifications(void)
Get the deniedNotification counter.
Definition: agt_acm.c:1020
void agt_acm_cleanup(void)
Cleanup the NETCONF Server access control module.
Definition: agt_acm.c:251
void agt_acm_invalidate_session_cache(ses_cb_t *scb)
Mark an agt_acm_cache_t struct in a session control block as invalid so it will be refreshed next use...
Definition: agt_acm.c:796
status_t agt_acm_init(void)
Initialize the NETCONF Server access control module.
Definition: agt_acm.c:135
boolean agt_acm_session_cache_valid(const ses_cb_t *scb)
Check if the specified session NACM cache is valid.
Definition: agt_acm.c:836
void agt_acm_clear_session_cache(ses_cb_t *scb)
Clear an agt_acm_cache_t struct in a session control block.
Definition: agt_acm.c:758
boolean agt_acm_is_superuser(const xmlChar *username)
Check if the specified user name is the superuser Low-level access; no scb available.
Definition: agt_acm.c:969
void agt_acm_set_datarules(val_value_t *val, uint32 msgid)
Check the dataruleQ in the object and all child nodes.
Definition: agt_acm.c:1069
boolean agt_acm_val_write_allowed(xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *newval, val_value_t *curval, op_editop_t editop)
Check if the specified user is allowed to access a value node.
Definition: agt_acm.c:510
uint32 agt_acm_get_deniedRpcs(void)
Get the deniedRpcs counter.
Definition: agt_acm.c:988
status_t agt_acm_init2(void)
Phase 2 : Initialize the nacm.yang configuration data structures.
Definition: agt_acm.c:205
boolean agt_acm_get_log_reads(void)
Get the log_reads flag.
Definition: agt_acm.c:948
uint32 agt_acm_get_deniedDataWrites(void)
Get the deniedDataWrites counter.
Definition: agt_acm.c:1004
boolean agt_acm_notif_allowed(const xmlChar *user, const obj_template_t *notifobj)
Check if the specified user is allowed to receive a notification event.
Definition: agt_acm.c:407
void agt_acm_clear_msg_cache(xml_msg_hdr_t *msg)
Clear an agt_acm_cache_t struct attached to the specified message.
Definition: agt_acm.c:734
boolean agt_acm_session_is_superuser(const ses_cb_t *scb)
Check if the specified session is the superuser.
Definition: agt_acm.c:880
status_t agt_acm_init_msg_cache(ses_cb_t *scb, xml_msg_hdr_t *msg)
Malloc and initialize an agt_acm_cache_t struct and attach it to the incoming message.
Definition: agt_acm.c:685
op_editop_t
NETCONF edit-config operation types.
Definition: op.h:122
status_t
global error return code
Definition: status_enum.h:210
Data Object Support.
NETCONF Session Common definitions module.
Global error messages for status code enumerations.
representation of one module or submodule during and after parsing
Definition: ncxtypes.h:1138
One YANG data-def-stmt.
Definition: obj.h:1229
Session Control Block.
Definition: ses.h:573
one value to match one type
Definition: val.h:912
Common Encoding Message Header No longer XML specific!! Used by JSON and CBOR parsing as well!...
Definition: xml_msg.h:404
Value Node Basic Support.
XML and JSON Message send and receive support.
XML namespace support.
Schema and data model Xpath search support.