4 * SNMPv3 View-based Access Control Model
14 #define VACM_SUCCESS 0
15 #define VACM_NOSECNAME 1
16 #define VACM_NOGROUP 2
17 #define VACM_NOACCESS 3
19 #define VACM_NOTINVIEW 5
20 #define VACM_NOSUCHCONTEXT 6
21 #define VACM_SUBTREE_UNKNOWN 7
23 #define SECURITYMODEL 1
24 #define SECURITYNAME 2
25 #define SECURITYGROUP 3
26 #define SECURITYSTORAGE 4
27 #define SECURITYSTATUS 5
29 #define ACCESSPREFIX 1
35 #define ACCESSNOTIFY 7
36 #define ACCESSSTORAGE 8
37 #define ACCESSSTATUS 9
39 #define VACMVIEWSPINLOCK 1
47 #define VACM_MAX_STRING 32
48 #define VACMSTRINGLEN 34 /* VACM_MAX_STRING + 2 */
50 struct vacm_groupEntry {
52 char securityName[VACMSTRINGLEN];
53 char groupName[VACMSTRINGLEN];
58 struct vacm_groupEntry *reserved;
59 struct vacm_groupEntry *next;
62 #define CONTEXT_MATCH_EXACT 1
63 #define CONTEXT_MATCH_PREFIX 2
64 struct vacm_accessEntry {
65 char groupName[VACMSTRINGLEN];
66 char contextPrefix[VACMSTRINGLEN];
70 char readView[VACMSTRINGLEN];
71 char writeView[VACMSTRINGLEN];
72 char notifyView[VACMSTRINGLEN];
77 struct vacm_accessEntry *reserved;
78 struct vacm_accessEntry *next;
81 struct vacm_viewEntry {
82 char viewName[VACMSTRINGLEN];
83 oid viewSubtree[MAX_OID_LEN];
84 size_t viewSubtreeLen;
85 u_char viewMask[VACMSTRINGLEN];
93 struct vacm_viewEntry *reserved;
94 struct vacm_viewEntry *next;
97 void vacm_destroyViewEntry(const char *, oid *, size_t);
98 void vacm_destroyAllViewEntries(void);
100 #define VACM_MODE_FIND 0
101 #define VACM_MODE_IGNORE_MASK 1
102 #define VACM_MODE_CHECK_SUBTREE 2
103 struct vacm_viewEntry *vacm_getViewEntry(const char *, oid *, size_t,
106 * Returns a pointer to the viewEntry with the
107 * same viewName and viewSubtree
108 * Returns NULL if that entry does not exist.
112 vacm_scanViewInit(void);
114 * Initialized the scan routines so that they will begin at the
115 * beginning of the list of viewEntries.
120 struct vacm_viewEntry *vacm_scanViewNext(void);
122 * Returns a pointer to the next viewEntry.
123 * These entries are returned in no particular order,
124 * but if N entries exist, N calls to view_scanNext() will
125 * return all N entries once.
126 * Returns NULL if all entries have been returned.
127 * view_scanInit() starts the scan over.
130 struct vacm_viewEntry *vacm_createViewEntry(const char *, oid *,
133 * Creates a viewEntry with the given index
134 * and returns a pointer to it.
135 * The status of this entry is created as invalid.
138 void vacm_destroyGroupEntry(int, const char *);
139 void vacm_destroyAllGroupEntries(void);
140 struct vacm_groupEntry *vacm_createGroupEntry(int, const char *);
141 struct vacm_groupEntry *vacm_getGroupEntry(int, const char *);
142 void vacm_scanGroupInit(void);
143 struct vacm_groupEntry *vacm_scanGroupNext(void);
145 void vacm_destroyAccessEntry(const char *, const char *,
147 void vacm_destroyAllAccessEntries(void);
148 struct vacm_accessEntry *vacm_createAccessEntry(const char *,
151 struct vacm_accessEntry *vacm_getAccessEntry(const char *,
152 const char *, int, int);
153 void vacm_scanAccessInit(void);
154 struct vacm_accessEntry *vacm_scanAccessNext(void);
156 void vacm_destroySecurityEntry(const char *);
157 struct vacm_securityEntry *vacm_createSecurityEntry(const char *);
158 struct vacm_securityEntry *vacm_getSecurityEntry(const char *);
159 void vacm_scanSecurityInit(void);
160 struct vacm_securityEntry *vacm_scanSecurityEntry(void);
161 int vacm_is_configured(void);
163 void vacm_save(const char *token, const char *type);
164 void vacm_save_view(struct vacm_viewEntry *view,
165 const char *token, const char *type);
166 void vacm_save_access(struct vacm_accessEntry *access_entry,
167 const char *token, const char *type);
168 void vacm_save_group(struct vacm_groupEntry *group_entry,
169 const char *token, const char *type);
171 void vacm_parse_config_view(const char *token, char *line);
172 void vacm_parse_config_group(const char *token, char *line);
173 void vacm_parse_config_access(const char *token,
176 int store_vacm(int majorID, int minorID, void *serverarg,