snmp_agent_vacm.h
Go to the documentation of this file.
1 /**
2  * @file snmp_agent_vacm.h
3  * @brief View-based Access Control Model (VACM) for SNMP
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneTCP Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 #ifndef _SNMP_AGENT_VACM_H
30 #define _SNMP_AGENT_VACM_H
31 
32 //Dependencies
33 #include "core/net.h"
34 #include "snmp/snmp_agent.h"
35 #include "mibs/mib_common.h"
36 #include "core/crypto.h"
37 
38 //VACM support
39 #ifndef SNMP_AGENT_VACM_SUPPORT
40  #define SNMP_AGENT_VACM_SUPPORT DISABLED
41 #elif (SNMP_AGENT_VACM_SUPPORT != ENABLED && SNMP_AGENT_VACM_SUPPORT != DISABLED)
42  #error SNMP_AGENT_VACM_SUPPORT parameter is not valid
43 #endif
44 
45 //C++ guard
46 #ifdef __cplusplus
47  extern "C" {
48 #endif
49 
50 
51 /**
52  * @brief Context match
53  **/
54 
55 typedef enum
56 {
61 
62 
63 /**
64  * @brief View type
65  **/
66 
67 typedef enum
68 {
72 } SnmpViewType;
73 
74 
75 /**
76  * @brief Group table entry
77  **/
78 
79 typedef struct
80 {
83  char_t securityName[SNMP_MAX_GROUP_NAME_LEN + 1];
86 
87 
88 /**
89  * @brief Access table entry
90  **/
91 
92 typedef struct
93 {
100  char_t readViewName[SNMP_MAX_VIEW_NAME_LEN + 1];
101  char_t writeViewName[SNMP_MAX_VIEW_NAME_LEN + 1];
102  char_t notifyViewName[SNMP_MAX_VIEW_NAME_LEN + 1];
104 
105 
106 /**
107  * @brief View table entry
108  **/
109 
110 typedef struct
111 {
114  uint8_t subtree[SNMP_MAX_OID_SIZE];
115  size_t subtreeLen;
117  size_t maskLen;
119 } SnmpViewEntry;
120 
121 
122 //VACM related functions
124  const SnmpMessage *message, const uint8_t *oid, size_t oidLen);
125 
127 
129  uint_t securityModel, const char_t *securityName, size_t securityNameLen);
130 
132 
134  const char_t *groupName, const char_t *contextPrefix,
135  uint_t securityModel, uint_t securityLevel);
136 
138  const char_t *groupName, const char_t *contextName, size_t contextNameLen,
139  SnmpSecurityModel securityModel, SnmpSecurityLevel securityLevel);
140 
142 
144  const char_t *viewName, const uint8_t *subtree, size_t subtreeLen);
145 
147  const char_t *viewName, const uint8_t *oid, size_t oidLen);
148 
149 //C++ guard
150 #ifdef __cplusplus
151  }
152 #endif
153 
154 #endif
MibRowStatus status
char char_t
Definition: compiler_port.h:41
TCP/IP stack core.
#define SNMP_MAX_OID_SIZE
Definition: snmp_common.h:114
#define SNMP_MAX_VIEW_NAME_LEN
Definition: snmp_common.h:100
SnmpViewType type
uint8_t message[]
Definition: chap.h:150
MibRowStatus
Row status.
Definition: mib_common.h:98
General definitions for cryptographic algorithms.
#define SNMP_MAX_CONTEXT_NAME_LEN
Definition: snmp_common.h:72
SnmpViewType
View type.
Access table entry.
#define SNMP_MAX_GROUP_NAME_LEN
Definition: snmp_common.h:93
#define SNMP_MAX_BIT_MASK_SIZE
Definition: snmp_common.h:107
SnmpContextMatch contextMatch
SnmpSecurityLevel securityLevel
error_t snmpIsAccessAllowed(SnmpAgentContext *context, const SnmpMessage *message, const uint8_t *oid, size_t oidLen)
Access control verification.
SnmpSecurityModel securityModel
SnmpAccessEntry * snmpSelectAccessEntry(SnmpAgentContext *context, const char_t *groupName, const char_t *contextName, size_t contextNameLen, SnmpSecurityModel securityModel, SnmpSecurityLevel securityLevel)
Find an access entry that matches the selection criteria.
size_t subtreeLen
SnmpGroupEntry * snmpFindGroupEntry(SnmpAgentContext *context, uint_t securityModel, const char_t *securityName, size_t securityNameLen)
Search the group table.
uint8_t mask
Definition: web_socket.h:315
SnmpAccessEntry * snmpFindAccessEntry(SnmpAgentContext *context, const char_t *groupName, const char_t *contextPrefix, uint_t securityModel, uint_t securityLevel)
Search the access table for a given entry.
SNMP agent (Simple Network Management Protocol)
Group table entry.
SnmpContextMatch
Context match.
SnmpViewEntry * snmpCreateViewEntry(SnmpAgentContext *context)
Create a new view entry.
SnmpViewEntry * snmpFindViewEntry(SnmpAgentContext *context, const char_t *viewName, const uint8_t *subtree, size_t subtreeLen)
Search the view table for a given entry.
size_t maskLen
MibRowStatus status
MibRowStatus status
Ipv6Addr contextPrefix
Definition: ndp.h:515
error_t
Error codes.
Definition: error.h:40
SNMP message.
SnmpViewEntry * snmpSelectViewEntry(SnmpAgentContext *context, const char_t *viewName, const uint8_t *oid, size_t oidLen)
Find a view entry that matches the selection criteria.
unsigned int uint_t
Definition: compiler_port.h:43
SnmpSecurityModel securityModel
Common definitions for MIB modules.
SnmpSecurityModel
Security models.
#define SnmpAgentContext
Definition: snmp_agent.h:34
SnmpAccessEntry * snmpCreateAccessEntry(SnmpAgentContext *context)
Create a new access entry.
SnmpGroupEntry * snmpCreateGroupEntry(SnmpAgentContext *context)
Create a new group entry.
uint8_t oid[1]
Definition: mib_common.h:184
View table entry.
SnmpSecurityLevel
Security levels.