1%%
2%% %CopyrightBegin%
3%%
4%% Copyright Ericsson AB 2004-2019. All Rights Reserved.
5%%
6%% Licensed under the Apache License, Version 2.0 (the "License");
7%% you may not use this file except in compliance with the License.
8%% You may obtain a copy of the License at
9%%
10%%     http://www.apache.org/licenses/LICENSE-2.0
11%%
12%% Unless required by applicable law or agreed to in writing, software
13%% distributed under the License is distributed on an "AS IS" BASIS,
14%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15%% See the License for the specific language governing permissions and
16%% limitations under the License.
17%%
18%% %CopyrightEnd%
19%%
20-module(snmpa_authentication_service).
21
22-export_type([
23              acm_data/0
24             ]).
25
26-type acm_data() :: {community,
27                     SecModel  :: 0 | 1 | 2 | 3, % any | v1 | v2c | v3
28                     Community :: string(),
29                     %% Oids for either:
30                     %%      transportDomainUdpIpv4 | transportDomainUdpIpv6
31                     TDomain   :: snmp:oid(),
32                     TAddress  :: [non_neg_integer()]} |
33                    {v3,
34                     MsgID           :: integer(),
35                     SecModel        :: 0 | 1 | 2 | 3, % any | v1 | v2c | v3
36                     SecName         :: string(),
37                     %% noAuthNoPriv | authNoPriv | authPriv
38                     SecLevel        :: 1 | 2 | 3,
39                     ContextEngineID :: string(),
40                     ContextName     :: string(),
41                     SecData         :: term()}.
42
43
44%%-----------------------------------------------------------------
45%% init_check_access(Pdu, ACMData)
46%% Pdu = #pdu
47%% ACMData = acm_data() = {community, SecModel, Community, TDomain, TAddress} |
48%%                        {v3, MsgID, SecModel, SecName, SecLevel,
49%%                             ContextEngineID, ContextName, SecData}
50%%        Community       = string()
51%%        TDomain         = ?transportDomainUdpIpv4 | ?transportDomainUdpIpv6
52%%        TAddress        = ip() ++ udp() (list)
53%%        MsgID           = integer() <not used>
54%%        SecModel        = ?SEC_*  (see snmp_types.hrl)
55%%        SecName         = string()
56%%        SecLevel        = ?'SnmpSecurityLevel_*' (see SNMP-FRAMEWORK-MIB.hrl)
57%%        ContextEngineID = string() <not used>
58%%        ContextName     = string()
59%%        SecData         = <not used>
60%%        Variable        = snmpInBadCommunityNames |
61%%                          snmpInBadCommunityUses |
62%%                          snmpInASNParseErrs
63%%        Reason          = {bad_community_name, Address, Community}}
64%%
65%% Purpose: Called once for each Pdu.  Returns a MibView
66%%          which is later used for each variable in the pdu.
67%%          The authenticationFailure trap is sent (maybe) when the auth.
68%%          procedure evaluates to unauthentic,
69%%
70%% NOTE: This function is executed in the Master agents's context
71%%-----------------------------------------------------------------
72
73-callback init_check_access(Pdu, ACMData) ->
74    {ok, MibView, ContextName} |
75    {error, Reason} |
76    {discarded, Variable, Reason} when
77      Pdu         :: snmp:pdu(),
78      ACMData     :: acm_data(),
79      MibView     :: snmp_view_based_acm_mib:mibview(),
80      ContextName :: string(),
81      Reason      :: term(),
82      Variable    :: snmpInBadCommunityNames.
83