 |
yumapro
24.10-1
YumaPro SDK
|
|
yumapro
24.10-1
YumaPro SDK
|
The NACM handler provides the required access control APIs within the server. More...
Typedefs | |
| typedef status_t(* | agt_acm_group_cbfn_t) (const xmlChar *username, xmlChar **retgroups) |
| typedef for NACM External Groups callback function More... | |
Functions | |
| status_t | agt_acm_ietf_init2 (void) |
| Phase 2 : Initialize the external data model configuration data structures. More... | |
| status_t | agt_acm_ietf_init1 (void) |
| Phase 1: Load the external data module. More... | |
| void | agt_acm_ietf_cleanup (void) |
| Cleanup the external access control module. More... | |
| boolean | agt_acm_ietf_rpc_allowed (xml_msg_hdr_t *msg, const xmlChar *user, const obj_template_t *rpcobj) |
| Check if the specified user is allowed to invoke an RPC. More... | |
| boolean | agt_acm_ietf_notif_allowed (const xmlChar *user, const obj_template_t *notifobj) |
| Check if the specified user is allowed to receive a notification event. More... | |
| boolean | agt_acm_ietf_val_write_allowed (xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *newval, val_value_t *curval, op_editop_t editop) |
| Check if the specified user is allowed to access a value node. More... | |
| boolean | agt_acm_ietf_val_read_allowed (xml_msg_hdr_t *msg, const xmlChar *user, val_value_t *val) |
| Check if the specified user is allowed to read a value node. More... | |
| status_t | agt_acm_ietf_init_msg_cache (ses_cb_t *scb, xml_msg_hdr_t *msg) |
| Malloc and initialize an agt_acm_cache_t struct and attach it to the incoming message. More... | |
| void | agt_acm_ietf_clear_session_cache (ses_cb_t *scb) |
| Clear an agt_acm_cache_t struct in a session control block. More... | |
| void | agt_acm_ietf_invalidate_session_cache (ses_cb_t *scb) |
| Invalidate an agt_acm_cache_t struct in a session control block. More... | |
| boolean | agt_acm_ietf_session_cache_valid (const ses_cb_t *scb) |
| Check if a session ACM cache is valid. More... | |
| void | agt_acm_ietf_clean_xpath_cache (void) |
| Clean any cached XPath results because the data rule results. More... | |
| void | agt_acm_ietf_register_group_cbfn (agt_acm_group_cbfn_t cbfn) |
| Register a get-external-groups callback function. More... | |
| void | agt_acm_ietf_set_datarules (val_value_t *val, uint32 msgid) |
| Check the dataruleQ in the object and all child nodes For each rule found. More... | |
| void | agt_acm_ietf_clean_obj_datarule (ncx_module_t *mod) |
| Check all the rule list entry and its OBJ datarule cache and clean if the modules is getting unloaded for this objects. More... | |
The NACM handler provides the required access control APIs within the server.
Full implementation of RFC 8341.
https://tools.ietf.org/rfc/rfc8341
| typedef status_t(* agt_acm_group_cbfn_t) (const xmlChar *username, xmlChar **retgroups) |
typedef for NACM External Groups callback function
Get the list of group names for this username These groups are added to the usergroup cache for the session
| username | return the list of group names that this username is a member | |
| [out] | retgroups | address of return malloced string *retgroups is set to a malloced string that will be parsed.
|
| void agt_acm_ietf_clean_obj_datarule | ( | ncx_module_t * | mod | ) |
Check all the rule list entry and its OBJ datarule cache and clean if the modules is getting unloaded for this objects.
| mod | mod to check for unload |
| void agt_acm_ietf_clean_xpath_cache | ( | void | ) |
Clean any cached XPath results because the data rule results.
may not be valid anymore.
| void agt_acm_ietf_cleanup | ( | void | ) |
Cleanup the external access control module.
Called by the server during system shutdown.
| void agt_acm_ietf_clear_session_cache | ( | ses_cb_t * | scb | ) |
Clear an agt_acm_cache_t struct in a session control block.
| [in,out] | scb | session control block to use scb->acm_cache pointer is freed and set to NULL |
| status_t agt_acm_ietf_init1 | ( | void | ) |
Phase 1: Load the external data module.
| status_t agt_acm_ietf_init2 | ( | void | ) |
Phase 2 : Initialize the external data model configuration data structures.
| status_t agt_acm_ietf_init_msg_cache | ( | ses_cb_t * | scb, |
| xml_msg_hdr_t * | msg | ||
| ) |
Malloc and initialize an agt_acm_cache_t struct and attach it to the incoming message.
| [in,out] | scb | session control block to use scb->acm_cache pointer may be set, if it was NULL |
| [in,out] | msg | message to use msg->acm_cache pointer set |
| void agt_acm_ietf_invalidate_session_cache | ( | ses_cb_t * | scb | ) |
Invalidate an agt_acm_cache_t struct in a session control block.
| [in,out] | scb | session control block to use scb->acm_cache pointer is freed and set to NULL |
| boolean agt_acm_ietf_notif_allowed | ( | const xmlChar * | user, |
| const obj_template_t * | notifobj | ||
| ) |
Check if the specified user is allowed to receive a notification event.
| user | user name string |
| notifobj | obj_template_t for the notification event to check |
| void agt_acm_ietf_register_group_cbfn | ( | agt_acm_group_cbfn_t | cbfn | ) |
Register a get-external-groups callback function.
This will be invoked at the start of each session as the acm_cache is created for a session
| cbfn | callnack function to register |
| boolean agt_acm_ietf_rpc_allowed | ( | xml_msg_hdr_t * | msg, |
| const xmlChar * | user, | ||
| const obj_template_t * | rpcobj | ||
| ) |
Check if the specified user is allowed to invoke an RPC.
| msg | XML header in incoming message in progress |
| user | user name string |
| rpcobj | obj_template_t for the RPC method to check |
| boolean agt_acm_ietf_session_cache_valid | ( | const ses_cb_t * | scb | ) |
Check if a session ACM cache is valid.
| scb | session control block to check |
| void agt_acm_ietf_set_datarules | ( | val_value_t * | val, |
| uint32 | msgid | ||
| ) |
Check the dataruleQ in the object and all child nodes For each rule found.
Cache any rule in the object in this value
| val | value with the object struct to use |
| msgid | update data rules after this msgid is finished |
| boolean agt_acm_ietf_val_read_allowed | ( | xml_msg_hdr_t * | msg, |
| const xmlChar * | user, | ||
| val_value_t * | val | ||
| ) |
Check if the specified user is allowed to read a value node.
| msg | XML header from incoming message in progress |
| user | user name string |
| val | val_value_t in progress to check |
| boolean agt_acm_ietf_val_write_allowed | ( | xml_msg_hdr_t * | msg, |
| const xmlChar * | user, | ||
| val_value_t * | newval, | ||
| val_value_t * | curval, | ||
| op_editop_t | editop | ||
| ) |
Check if the specified user is allowed to access a value node.
The val->obj template will be checked against the val->editop requested access and the user's configured max-access
| msg | XML header from incoming message in progress |
| user | user name to check |
| newval | val_value_t in progress to check (may be NULL, if curval set) |
| curval | val_value_t in progress to check (may be NULL, if newval set) |
| editop | requested CRUD operation |
1.9.5