snmp_agent_vacm.h
Go to the documentation of this file.
1 /**
2  * @file snmp_agent_vacm.h
3  * @brief View-based Access Control Model (VACM) for SNMP
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneTCP Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.0
29  **/
30 
31 #ifndef _SNMP_AGENT_VACM_H
32 #define _SNMP_AGENT_VACM_H
33 
34 //Dependencies
35 #include "core/net.h"
36 #include "snmp/snmp_agent.h"
37 #include "mibs/mib_common.h"
38 #include "core/crypto.h"
39 
40 //VACM support
41 #ifndef SNMP_AGENT_VACM_SUPPORT
42  #define SNMP_AGENT_VACM_SUPPORT DISABLED
43 #elif (SNMP_AGENT_VACM_SUPPORT != ENABLED && SNMP_AGENT_VACM_SUPPORT != DISABLED)
44  #error SNMP_AGENT_VACM_SUPPORT parameter is not valid
45 #endif
46 
47 //C++ guard
48 #ifdef __cplusplus
49 extern "C" {
50 #endif
51 
52 
53 /**
54  * @brief Context match
55  **/
56 
57 typedef enum
58 {
59  SNMP_CONTEXT_MATCH_INVALID = 0,
60  SNMP_CONTEXT_MATCH_EXACT = 1,
61  SNMP_CONTEXT_MATCH_PREFIX = 2
62 } SnmpContextMatch;
63 
64 
65 /**
66  * @brief View type
67  **/
68 
69 typedef enum
70 {
71  SNMP_VIEW_TYPE_INVALID = 0,
72  SNMP_VIEW_TYPE_INCLUDED = 1,
73  SNMP_VIEW_TYPE_EXCLUDED = 2
74 } SnmpViewType;
75 
76 
77 /**
78  * @brief Group table entry
79  **/
80 
81 typedef struct
82 {
83  MibRowStatus status;
84  SnmpSecurityModel securityModel;
85  char_t securityName[SNMP_MAX_GROUP_NAME_LEN + 1];
86  char_t groupName[SNMP_MAX_GROUP_NAME_LEN + 1];
87 } SnmpGroupEntry;
88 
89 
90 /**
91  * @brief Access table entry
92  **/
93 
94 typedef struct
95 {
96  MibRowStatus status;
97  char_t groupName[SNMP_MAX_GROUP_NAME_LEN + 1];
98  char_t contextPrefix[SNMP_MAX_CONTEXT_NAME_LEN + 1];
99  SnmpSecurityModel securityModel;
100  SnmpSecurityLevel securityLevel;
101  SnmpContextMatch contextMatch;
102  char_t readViewName[SNMP_MAX_VIEW_NAME_LEN + 1];
103  char_t writeViewName[SNMP_MAX_VIEW_NAME_LEN + 1];
104  char_t notifyViewName[SNMP_MAX_VIEW_NAME_LEN + 1];
105 } SnmpAccessEntry;
106 
107 
108 /**
109  * @brief View table entry
110  **/
111 
112 typedef struct
113 {
114  MibRowStatus status;
115  char_t viewName[SNMP_MAX_VIEW_NAME_LEN + 1];
116  uint8_t subtree[SNMP_MAX_OID_SIZE];
117  size_t subtreeLen;
118  uint8_t mask[SNMP_MAX_BIT_MASK_SIZE];
119  size_t maskLen;
120  SnmpViewType type;
121 } SnmpViewEntry;
122 
123 
124 //VACM related functions
125 error_t snmpIsAccessAllowed(SnmpAgentContext *context,
126  const SnmpMessage *message, const uint8_t *oid, size_t oidLen);
127 
128 SnmpGroupEntry *snmpCreateGroupEntry(SnmpAgentContext *context);
129 
130 SnmpGroupEntry *snmpFindGroupEntry(SnmpAgentContext *context,
131  uint_t securityModel, const char_t *securityName, size_t securityNameLen);
132 
133 SnmpAccessEntry *snmpCreateAccessEntry(SnmpAgentContext *context);
134 
135 SnmpAccessEntry *snmpFindAccessEntry(SnmpAgentContext *context,
136  const char_t *groupName, const char_t *contextPrefix,
137  uint_t securityModel, uint_t securityLevel);
138 
139 SnmpAccessEntry *snmpSelectAccessEntry(SnmpAgentContext *context,
140  const char_t *groupName, const char_t *contextName, size_t contextNameLen,
141  SnmpSecurityModel securityModel, SnmpSecurityLevel securityLevel);
142 
143 SnmpViewEntry *snmpCreateViewEntry(SnmpAgentContext *context);
144 
145 SnmpViewEntry *snmpFindViewEntry(SnmpAgentContext *context,
146  const char_t *viewName, const uint8_t *subtree, size_t subtreeLen);
147 
148 SnmpViewEntry *snmpSelectViewEntry(SnmpAgentContext *context,
149  const char_t *viewName, const uint8_t *oid, size_t oidLen);
150 
151 //C++ guard
152 #ifdef __cplusplus
153 }
154 #endif
155 
156 #endif
message
uint8_t message[]
Definition: chap.h:154
uint_t
unsigned int uint_t
Definition: compiler_port.h:50
char_t
char char_t
Definition: compiler_port.h:48
crypto.h
General definitions for cryptographic algorithms.
error_t
error_t
Error codes.
Definition: error.h:43
oid
uint8_t oid[]
Definition: lldp_tlv.h:300
oidLen
uint8_t oidLen
Definition: lldp_tlv.h:299
mib_common.h
Common definitions for MIB modules.
MibRowStatus
MibRowStatus
Row status.
Definition: mib_common.h:101
contextPrefix
Ipv6Addr contextPrefix
Definition: ndp.h:519
net.h
TCP/IP stack core.
snmp_agent.h
SNMP agent (Simple Network Management Protocol)
SnmpAgentContext
#define SnmpAgentContext
Definition: snmp_agent.h:36
SnmpSecurityLevel
SnmpSecurityLevel
Security levels.
Definition: snmp_agent_usm.h:219
SnmpSecurityModel
SnmpSecurityModel
Security models.
Definition: snmp_agent_usm.h:205
snmpCreateViewEntry
SnmpViewEntry * snmpCreateViewEntry(SnmpAgentContext *context)
Create a new view entry.
Definition: snmp_agent_vacm.c:548
snmpFindAccessEntry
SnmpAccessEntry * snmpFindAccessEntry(SnmpAgentContext *context, const char_t *groupName, const char_t *contextPrefix, uint_t securityModel, uint_t securityLevel)
Search the access table for a given entry.
Definition: snmp_agent_vacm.c:378
snmpCreateGroupEntry
SnmpGroupEntry * snmpCreateGroupEntry(SnmpAgentContext *context)
Create a new group entry.
Definition: snmp_agent_vacm.c:223
snmpCreateAccessEntry
SnmpAccessEntry * snmpCreateAccessEntry(SnmpAgentContext *context)
Create a new access entry.
Definition: snmp_agent_vacm.c:325
snmpIsAccessAllowed
error_t snmpIsAccessAllowed(SnmpAgentContext *context, const SnmpMessage *message, const uint8_t *oid, size_t oidLen)
Access control verification.
Definition: snmp_agent_vacm.c:61
SnmpContextMatch
SnmpContextMatch
Context match.
Definition: snmp_agent_vacm.h:58
SNMP_CONTEXT_MATCH_EXACT
@ SNMP_CONTEXT_MATCH_EXACT
Definition: snmp_agent_vacm.h:60
SNMP_CONTEXT_MATCH_INVALID
@ SNMP_CONTEXT_MATCH_INVALID
Definition: snmp_agent_vacm.h:59
SNMP_CONTEXT_MATCH_PREFIX
@ SNMP_CONTEXT_MATCH_PREFIX
Definition: snmp_agent_vacm.h:61
snmpSelectViewEntry
SnmpViewEntry * snmpSelectViewEntry(SnmpAgentContext *context, const char_t *viewName, const uint8_t *oid, size_t oidLen)
Find a view entry that matches the selection criteria.
Definition: snmp_agent_vacm.c:653
snmpSelectAccessEntry
SnmpAccessEntry * snmpSelectAccessEntry(SnmpAgentContext *context, const char_t *groupName, const char_t *contextName, size_t contextNameLen, SnmpSecurityModel securityModel, SnmpSecurityLevel securityLevel)
Find an access entry that matches the selection criteria.
Definition: snmp_agent_vacm.c:435
snmpFindGroupEntry
SnmpGroupEntry * snmpFindGroupEntry(SnmpAgentContext *context, uint_t securityModel, const char_t *securityName, size_t securityNameLen)
Search the group table.
Definition: snmp_agent_vacm.c:275
SnmpViewType
SnmpViewType
View type.
Definition: snmp_agent_vacm.h:70
SNMP_VIEW_TYPE_EXCLUDED
@ SNMP_VIEW_TYPE_EXCLUDED
Definition: snmp_agent_vacm.h:73
SNMP_VIEW_TYPE_INCLUDED
@ SNMP_VIEW_TYPE_INCLUDED
Definition: snmp_agent_vacm.h:72
SNMP_VIEW_TYPE_INVALID
@ SNMP_VIEW_TYPE_INVALID
Definition: snmp_agent_vacm.h:71
snmpFindViewEntry
SnmpViewEntry * snmpFindViewEntry(SnmpAgentContext *context, const char_t *viewName, const uint8_t *subtree, size_t subtreeLen)
Search the view table for a given entry.
Definition: snmp_agent_vacm.c:600
SNMP_MAX_GROUP_NAME_LEN
#define SNMP_MAX_GROUP_NAME_LEN
Definition: snmp_common.h:95
SNMP_MAX_BIT_MASK_SIZE
#define SNMP_MAX_BIT_MASK_SIZE
Definition: snmp_common.h:109
SNMP_MAX_CONTEXT_NAME_LEN
#define SNMP_MAX_CONTEXT_NAME_LEN
Definition: snmp_common.h:74
SNMP_MAX_OID_SIZE
#define SNMP_MAX_OID_SIZE
Definition: snmp_common.h:116
SNMP_MAX_VIEW_NAME_LEN
#define SNMP_MAX_VIEW_NAME_LEN
Definition: snmp_common.h:102
SnmpAccessEntry
Access table entry.
Definition: snmp_agent_vacm.h:95
SnmpAccessEntry::status
MibRowStatus status
Definition: snmp_agent_vacm.h:96
SnmpAccessEntry::securityModel
SnmpSecurityModel securityModel
Definition: snmp_agent_vacm.h:99
SnmpAccessEntry::securityLevel
SnmpSecurityLevel securityLevel
Definition: snmp_agent_vacm.h:100
SnmpAccessEntry::contextMatch
SnmpContextMatch contextMatch
Definition: snmp_agent_vacm.h:101
SnmpGroupEntry
Group table entry.
Definition: snmp_agent_vacm.h:82
SnmpGroupEntry::status
MibRowStatus status
Definition: snmp_agent_vacm.h:83
SnmpGroupEntry::securityModel
SnmpSecurityModel securityModel
Definition: snmp_agent_vacm.h:84
SnmpMessage
SNMP message.
Definition: snmp_agent_message.h:56
SnmpViewEntry
View table entry.
Definition: snmp_agent_vacm.h:113
SnmpViewEntry::subtreeLen
size_t subtreeLen
Definition: snmp_agent_vacm.h:117
SnmpViewEntry::status
MibRowStatus status
Definition: snmp_agent_vacm.h:114
SnmpViewEntry::type
SnmpViewType type
Definition: snmp_agent_vacm.h:120
SnmpViewEntry::maskLen
size_t maskLen
Definition: snmp_agent_vacm.h:119
mask
uint8_t mask
Definition: web_socket.h:319