/usr/include/yuma/agt/agt_acm.h is in libyuma-dev 2.10-1build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 | /*
* Copyright (c) 2008 - 2012, Andy Bierman, All Rights Reserved.
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#ifndef _H_agt_acm
#define _H_agt_acm
/* FILE: agt_acm.h
*********************************************************************
* *
* P U R P O S E *
* *
*********************************************************************
NETCONF Server Access Control handler
*********************************************************************
* *
* C H A N G E H I S T O R Y *
* *
*********************************************************************
date init comment
----------------------------------------------------------------------
03-feb-06 abb Begun
14-may-09 abb add per-msg cache to speed up performance
*/
#include <xmlstring.h>
#ifndef _H_agt
#include "agt.h"
#endif
#ifndef _H_dlq
#include "dlq.h"
#endif
#ifndef _H_obj
#include "obj.h"
#endif
#ifndef _H_ses
#include "ses.h"
#endif
#ifndef _H_status
#include "status.h"
#endif
#ifndef _H_val
#include "val.h"
#endif
#ifndef _H_xml_msg
#include "xml_msg.h"
#endif
#ifndef _H_xmlns
#include "xmlns.h"
#endif
#ifndef _H_xpath
#include "xpath.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
/********************************************************************
* *
* C O N S T A N T S *
* *
*********************************************************************/
/* flags fields for the agt_acm_cache_t */
#define FL_ACM_DEFREAD_SET bit0
#define FL_ACM_DEFREAD_OK bit1
#define FL_ACM_DEFWRITE_SET bit2
#define FL_ACM_DEFWRITE_OK bit3
#define FL_ACM_DEFEXEC_SET bit4
#define FL_ACM_DEFEXEC_OK bit5
#define FL_ACM_MODRULES_SET bit6
#define FL_ACM_DATARULES_SET bit7
#define FL_ACM_CACHE_VALID bit8
/********************************************************************
* *
* T Y P E S *
* *
*********************************************************************/
/* 1 group that the user is a member */
typedef struct agt_acm_group_t_ {
dlq_hdr_t qhdr;
const xmlChar *groupname;
} agt_acm_group_t;
/* list of group identities that the user is a member */
typedef struct agt_acm_usergroups_t_ {
dlq_hdr_t qhdr;
xmlChar *username;
dlq_hdr_t groupQ; /* Q of agt_acm_group_t */
} agt_acm_usergroups_t;
/* cache for 1 NACM moduleRule entry */
typedef struct agt_acm_modrule_t_ {
dlq_hdr_t qhdr;
xmlns_id_t nsid;
val_value_t *modrule; /* back-ptr */
} agt_acm_modrule_t;
/* cache for 1 NACM dataRule entry */
typedef struct agt_acm_datarule_t_ {
dlq_hdr_t qhdr;
xpath_pcb_t *pcb;
xpath_result_t *result;
val_value_t *datarule; /* back-ptr */
} agt_acm_datarule_t;
/* NACM cache control block */
#define DATA_RULE_QUEUE_READ 0
#define DATA_RULE_QUEUE_UPDATE 1
#define DATA_RULE_QUEUE_CREATE 2
#define DATA_RULE_QUEUE_DELETE 3
#define DATA_RULE_QUEUE_NUM 4
typedef struct agt_acm_cache_t_ {
agt_acm_usergroups_t *usergroups;
val_value_t *nacmroot; /* back-ptr */
val_value_t *rulesval; /* back-ptr */
uint32 groupcnt;
uint32 flags;
agt_acmode_t mode;
dlq_hdr_t modruleQ; /* Q of agt_acm_modrule_t */
dlq_hdr_t dataruleQ[4]; /* Q of agt_acm_datarule_t */
} agt_acm_cache_t;
/********************************************************************
* *
* F U N C T I O N S *
* *
*********************************************************************/
/********************************************************************
* FUNCTION agt_acm_init
*
* Initialize the NETCONF Server access control module
*
* INPUTS:
* none
* RETURNS:
* status of the initialization procedure
*********************************************************************/
extern status_t
agt_acm_init (void);
/********************************************************************
* FUNCTION agt_acm_init2
*
* Phase 2:
* Initialize the nacm.yang configuration data structures
*
* INPUTS:
* none
* RETURNS:
* status of the initialization procedure
*********************************************************************/
extern status_t
agt_acm_init2 (void);
/********************************************************************
* FUNCTION agt_acm_cleanup
*
* Cleanup the NETCONF Server access control module
*
*********************************************************************/
extern void
agt_acm_cleanup (void);
/********************************************************************
* FUNCTION agt_acm_rpc_allowed
*
* Check if the specified user is allowed to invoke an RPC
*
* INPUTS:
* msg == XML header in incoming message in progress
* user == user name string
* rpcobj == obj_template_t for the RPC method to check
*
* RETURNS:
* TRUE if user allowed invoke this RPC; FALSE otherwise
*********************************************************************/
extern boolean
agt_acm_rpc_allowed (xml_msg_hdr_t *msg,
const xmlChar *user,
const obj_template_t *rpcobj);
/********************************************************************
* FUNCTION agt_acm_notif_allowed
*
* Check if the specified user is allowed to receive
* a notification event
* d
* INPUTS:
* user == user name string
* notifobj == obj_template_t for the notification event to check
*
* RETURNS:
* TRUE if user allowed receive this notification event;
* FALSE otherwise
*********************************************************************/
extern boolean
agt_acm_notif_allowed (const xmlChar *user,
const obj_template_t *notifobj);
/********************************************************************
* FUNCTION agt_acm_val_write_allowed
*
* Check if the specified user is allowed to access a value node
* The val->obj template will be checked against the val->editop
* requested access and the user's configured max-access
*
* INPUTS:
* msg == XML header from incoming message in progress
* user == user name string
* newval == val_value_t in progress to check
* (may be NULL, if curval set)
* curval == val_value_t in progress to check
* (may be NULL, if newval set)
* editop == requested CRUD operation
*
* RETURNS:
* TRUE if user allowed this level of access to the value node
*********************************************************************/
extern boolean
agt_acm_val_write_allowed (xml_msg_hdr_t *msg,
const xmlChar *user,
const val_value_t *newval,
const val_value_t *curval,
op_editop_t editop);
/********************************************************************
* FUNCTION agt_acm_val_read_allowed
*
* Check if the specified user is allowed to read a value node
*
* INPUTS:
* msg == XML header from incoming message in progress
* user == user name string
* val == val_value_t in progress to check
*
* RETURNS:
* TRUE if user allowed read access to the value node
*********************************************************************/
extern boolean
agt_acm_val_read_allowed (xml_msg_hdr_t *msg,
const xmlChar *user,
const val_value_t *val);
/********************************************************************
* FUNCTION agt_acm_init_msg_cache
*
* Malloc and initialize an agt_acm_cache_t struct
* and attach it to the incoming message
*
* INPUTS:
* scb == session control block to use
* msg == message to use
*
* OUTPUTS:
* scb->acm_cache pointer may be set, if it was NULL
* msg->acm_cache pointer set
*
* RETURNS:
* status
*********************************************************************/
extern status_t
agt_acm_init_msg_cache (ses_cb_t *scb,
xml_msg_hdr_t *msg);
/********************************************************************
* FUNCTION agt_acm_clear_msg_cache
*
* Clear an agt_acm_cache_t struct
* attached to the specified message
*
* INPUTS:
* msg == message to use
*
* OUTPUTS:
* msg->acm_cache pointer is freed and set to NULL
*
*********************************************************************/
extern void
agt_acm_clear_msg_cache (xml_msg_hdr_t *msg);
/********************************************************************
* FUNCTION agt_acm_clear_session_cache
*
* Clear an agt_acm_cache_t struct in a session control block
*
* INPUTS:
* scb == sesion control block to use
*
* OUTPUTS:
* scb->acm_cache pointer is freed and set to NULL
*
*********************************************************************/
extern void agt_acm_clear_session_cache (ses_cb_t *scb);
/********************************************************************
* FUNCTION agt_acm_invalidate_session_cache
*
* Mark an agt_acm_cache_t struct in a session control block
* as invalid so it will be refreshed next use
*
* INPUTS:
* scb == sesion control block to use
*
*********************************************************************/
extern void agt_acm_invalidate_session_cache (ses_cb_t *scb);
/********************************************************************
* FUNCTION agt_acm_session_cache_valid
*
* Check if the specified session NACM cache is valid
*
* INPUTS:
* scb == session to check
*
* RETURNS:
* TRUE if session acm_cache is valid
* FALSE if session acm_cache is NULL or not valid
*********************************************************************/
extern boolean
agt_acm_session_cache_valid (const ses_cb_t *scb);
/********************************************************************
* FUNCTION agt_acm_session_is_superuser
*
* Check if the specified session is the superuser
*
* INPUTS:
* scb == session to check
*
* RETURNS:
* TRUE if session is for the superuser
* FALSE if session is not for the superuser
*********************************************************************/
extern boolean
agt_acm_session_is_superuser (const ses_cb_t *scb);
#ifdef __cplusplus
} /* end extern 'C' */
#endif
#endif /* _H_agt_acm */
|