snmp_agent_vacm.h
Go to the documentation of this file.
1 /**
2  * @file snmp_agent_vacm.h
3  * @brief View-based Access Control Model (VACM) for SNMP
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneTCP Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 #ifndef _SNMP_AGENT_VACM_H
32 #define _SNMP_AGENT_VACM_H
33 
34 //Dependencies
35 #include "core/net.h"
36 #include "snmp/snmp_agent.h"
37 #include "mibs/mib_common.h"
38 #include "core/crypto.h"
39 
40 //VACM support
41 #ifndef SNMP_AGENT_VACM_SUPPORT
42  #define SNMP_AGENT_VACM_SUPPORT DISABLED
43 #elif (SNMP_AGENT_VACM_SUPPORT != ENABLED && SNMP_AGENT_VACM_SUPPORT != DISABLED)
44  #error SNMP_AGENT_VACM_SUPPORT parameter is not valid
45 #endif
46 
47 //C++ guard
48 #ifdef __cplusplus
49 extern "C" {
50 #endif
51 
52 
53 /**
54  * @brief Context match
55  **/
56 
57 typedef enum
58 {
63 
64 
65 /**
66  * @brief View type
67  **/
68 
69 typedef enum
70 {
74 } SnmpViewType;
75 
76 
77 /**
78  * @brief Group table entry
79  **/
80 
81 typedef struct
82 {
85  char_t securityName[SNMP_MAX_GROUP_NAME_LEN + 1];
88 
89 
90 /**
91  * @brief Access table entry
92  **/
93 
94 typedef struct
95 {
102  char_t readViewName[SNMP_MAX_VIEW_NAME_LEN + 1];
103  char_t writeViewName[SNMP_MAX_VIEW_NAME_LEN + 1];
104  char_t notifyViewName[SNMP_MAX_VIEW_NAME_LEN + 1];
106 
107 
108 /**
109  * @brief View table entry
110  **/
111 
112 typedef struct
113 {
116  uint8_t subtree[SNMP_MAX_OID_SIZE];
117  size_t subtreeLen;
119  size_t maskLen;
121 } SnmpViewEntry;
122 
123 
124 //VACM related functions
126  const SnmpMessage *message, const uint8_t *oid, size_t oidLen);
127 
129 
131  uint_t securityModel, const char_t *securityName, size_t securityNameLen);
132 
134 
136  const char_t *groupName, const char_t *contextPrefix,
137  uint_t securityModel, uint_t securityLevel);
138 
140  const char_t *groupName, const char_t *contextName, size_t contextNameLen,
141  SnmpSecurityModel securityModel, SnmpSecurityLevel securityLevel);
142 
144 
146  const char_t *viewName, const uint8_t *subtree, size_t subtreeLen);
147 
149  const char_t *viewName, const uint8_t *oid, size_t oidLen);
150 
151 //C++ guard
152 #ifdef __cplusplus
153 }
154 #endif
155 
156 #endif
SnmpSecurityModel securityModel
#define SNMP_MAX_VIEW_NAME_LEN
Definition: snmp_common.h:102
SnmpSecurityModel
Security models.
SnmpAccessEntry * snmpCreateAccessEntry(SnmpAgentContext *context)
Create a new access entry.
@ SNMP_CONTEXT_MATCH_PREFIX
SnmpContextMatch
Context match.
size_t subtreeLen
SnmpGroupEntry * snmpFindGroupEntry(SnmpAgentContext *context, uint_t securityModel, const char_t *securityName, size_t securityNameLen)
Search the group table.
@ SNMP_CONTEXT_MATCH_EXACT
SnmpAccessEntry * snmpFindAccessEntry(SnmpAgentContext *context, const char_t *groupName, const char_t *contextPrefix, uint_t securityModel, uint_t securityLevel)
Search the access table for a given entry.
SnmpAccessEntry * snmpSelectAccessEntry(SnmpAgentContext *context, const char_t *groupName, const char_t *contextName, size_t contextNameLen, SnmpSecurityModel securityModel, SnmpSecurityLevel securityLevel)
Find an access entry that matches the selection criteria.
#define SNMP_MAX_GROUP_NAME_LEN
Definition: snmp_common.h:95
SnmpViewType
View type.
SnmpViewEntry * snmpSelectViewEntry(SnmpAgentContext *context, const char_t *viewName, const uint8_t *oid, size_t oidLen)
Find a view entry that matches the selection criteria.
size_t maskLen
@ SNMP_CONTEXT_MATCH_INVALID
SNMP agent (Simple Network Management Protocol)
#define SNMP_MAX_CONTEXT_NAME_LEN
Definition: snmp_common.h:74
SnmpGroupEntry * snmpCreateGroupEntry(SnmpAgentContext *context)
Create a new group entry.
error_t
Error codes.
Definition: error.h:42
SnmpContextMatch contextMatch
SnmpViewType type
@ SNMP_VIEW_TYPE_INCLUDED
#define SNMP_MAX_BIT_MASK_SIZE
Definition: snmp_common.h:109
MibRowStatus status
#define SNMP_MAX_OID_SIZE
Definition: snmp_common.h:116
General definitions for cryptographic algorithms.
uint8_t oid[1]
Definition: mib_common.h:186
uint8_t mask
Definition: web_socket.h:317
SnmpViewEntry * snmpFindViewEntry(SnmpAgentContext *context, const char_t *viewName, const uint8_t *subtree, size_t subtreeLen)
Search the view table for a given entry.
char char_t
Definition: compiler_port.h:43
Ipv6Addr contextPrefix
Definition: ndp.h:518
SnmpSecurityLevel securityLevel
MibRowStatus status
MibRowStatus
Row status.
Definition: mib_common.h:100
Common definitions for MIB modules.
@ SNMP_VIEW_TYPE_INVALID
View table entry.
Access table entry.
uint8_t message[]
Definition: chap.h:152
SNMP message.
SnmpSecurityModel securityModel
#define SnmpAgentContext
Definition: snmp_agent.h:36
SnmpSecurityLevel
Security levels.
Group table entry.
unsigned int uint_t
Definition: compiler_port.h:45
error_t snmpIsAccessAllowed(SnmpAgentContext *context, const SnmpMessage *message, const uint8_t *oid, size_t oidLen)
Access control verification.
TCP/IP stack core.
@ SNMP_VIEW_TYPE_EXCLUDED
SnmpViewEntry * snmpCreateViewEntry(SnmpAgentContext *context)
Create a new view entry.
MibRowStatus status