vacm_vars.c
资源名称:snmp.src.rar [点击查看]
上传用户:cxs890
上传日期:2021-05-22
资源大小:347k
文件大小:69k
源码类别:
SNMP编程
开发平台:
C/C++
- /*
- * SNMPv3 View-based Access Control Model
- */
- #include <config.h>
- #if HAVE_STDLIB_H
- #include <stdlib.h>
- #endif
- #if HAVE_UNISTD_H
- #include <unistd.h>
- #endif
- #if HAVE_STRING_H
- #include <string.h>
- #else
- #include <strings.h>
- #endif
- #if HAVE_MALLOC_H
- #include <malloc.h>
- #endif
- #include <ctype.h>
- #include <sys/types.h>
- #if HAVE_NETINET_IN_H
- #include <netinet/in.h>
- #endif
- #if HAVE_ARPA_INET_H
- #include <arpa/inet.h>
- #endif
- #if HAVE_DMALLOC_H
- #include <dmalloc.h>
- #endif
- #if HAVE_NETDB_H
- #include <netdb.h>
- #endif
- #if HAVE_WINSOCK_H
- #include <ip/socket.h>
- #endif
- #include <ip/netdb.h>
- #include <ip/inet.h>
- #include <ipacl/ipacl.h>
- #include "mibincl.h"
- #include "read_config.h"
- #include "agent_read_config.h"
- #include "system.h"
- #include "vacm.h"
- #include "callback.h"
- #include "agent_registry.h"
- #include "agent_callbacks.h"
- #include "vacm_vars.h"
- #include "util_funcs.h"
- #include "system.h"
- #ifdef USING_MIBII_SYSORTABLE_MODULE
- #if TIME_WITH_SYS_TIME
- # ifdef WIN32
- # include <sys/timeb.h>
- # else
- # include <time.h>
- # endif
- # include <time.h>
- #else
- # if HAVE_SYS_TIME_H
- # include <sys/time.h>
- # else
- # include <time.h>
- # endif
- #endif
- #include "sysORTable.h"
- #endif
- static unsigned int vacmViewSpinLockValue = 420420;
- extern int strcasecmp(const char*, const char*);
- void
- init_vacm_vars (void)
- {
- #ifdef USING_MIBII_SYSORTABLE_MODULE
- static oid reg[] = {SNMP_OID_SNMPMODULES,16,2,2,1};
- #endif
- #define PRIVRW (SNMPV2ANY | 0x5000)
- struct variable2 vacmViewSpinLock_variables[] = {
- {VACMVIEWSPINLOCK, ASN_INTEGER, RWRITE, var_vacmViewSpinLock, 1, {1}},
- };
- struct variable2 vacm_sec2group[] = {
- {SECURITYGROUP, ASN_OCTET_STR, RWRITE, var_vacm_sec2group, 1, {3}},
- {SECURITYSTORAGE, ASN_INTEGER, RWRITE, var_vacm_sec2group, 1, {4}},
- {SECURITYSTATUS, ASN_INTEGER, RWRITE, var_vacm_sec2group, 1, {5}},
- };
- struct variable2 vacm_access[] = {
- {ACCESSMATCH, ASN_INTEGER, RWRITE, var_vacm_access, 1, {4}},
- {ACCESSREAD, ASN_OCTET_STR, RWRITE, var_vacm_access, 1, {5}},
- {ACCESSWRITE, ASN_OCTET_STR, RWRITE, var_vacm_access, 1, {6}},
- {ACCESSNOTIFY, ASN_OCTET_STR, RWRITE, var_vacm_access, 1, {7}},
- {ACCESSSTORAGE, ASN_INTEGER, RWRITE, var_vacm_access, 1, {8}},
- {ACCESSSTATUS, ASN_INTEGER, RWRITE, var_vacm_access, 1, {9}},
- };
- struct variable2 vacm_view[] = {
- {VIEWMASK, ASN_OCTET_STR, RWRITE, var_vacm_view, 1, {3}},
- {VIEWTYPE, ASN_INTEGER, RWRITE, var_vacm_view, 1, {4}},
- {VIEWSTORAGE, ASN_INTEGER, RWRITE, var_vacm_view, 1, {5}},
- {VIEWSTATUS, ASN_INTEGER, RWRITE, var_vacm_view, 1, {6}},
- };
- /* Define the OID pointer to the top of the mib tree that we're
- registering underneath */
- oid vacm_sec2group_oid[] = { OID_VACMGROUPENTRY };
- oid vacm_access_oid[] = { OID_VACMACCESSENTRY};
- oid vacm_view_oid[] = { OID_VACMVIEWENTRY };
- oid vacm_spinLock_oid[] = {OID_VACMSPINLOCK};
- /* register ourselves with the agent to handle our mib tree */
- REGISTER_MIB("mibII/vacm:spinLock", vacmViewSpinLock_variables, variable2, vacm_spinLock_oid);
- REGISTER_MIB("mibII/vacm:sec2group", vacm_sec2group, variable2,
- vacm_sec2group_oid);
- REGISTER_MIB("mibII/vacm:access", vacm_access, variable2, vacm_access_oid);
- REGISTER_MIB("mibII/vacm:view", vacm_view, variable2, vacm_view_oid);
- snmpd_register_config_handler("com2sec", vacm_parse_security,
- vacm_free_security,"name source community");
- snmpd_register_config_handler("group", vacm_parse_group, vacm_free_group,
- "name v1|v2c|usm security");
- snmpd_register_config_handler("access", vacm_parse_access, vacm_free_access,
- "name context model level prefx read write notify");
- snmpd_register_config_handler("view", vacm_parse_view, vacm_free_view,
- "name type subtree [mask]");
- snmpd_register_config_handler("rwcommunity", vacm_parse_simple,
- NULL,"community [default|hostname|network/bits] [oid]");
- snmpd_register_config_handler("rocommunity", vacm_parse_simple,
- NULL,"community [default|hostname|network/bits] [oid]");
- snmpd_register_config_handler("rwuser", vacm_parse_simple,
- NULL,"user [noauth|auth|priv] [oid]");
- snmpd_register_config_handler("rouser", vacm_parse_simple,
- NULL,"user [noauth|auth|priv] [oid]");
- #ifdef USING_MIBII_SYSORTABLE_MODULE
- register_sysORTable(reg,10,"View-based Access Control Model for SNMP.");
- #endif
- /* register ourselves to handle access control */
- snmp_register_callback(SNMP_CALLBACK_APPLICATION, SNMPD_CALLBACK_ACM_CHECK,
- vacm_in_view_callback, NULL);
- snmp_register_callback(SNMP_CALLBACK_APPLICATION,
- SNMPD_CALLBACK_ACM_CHECK_INITIAL,
- vacm_in_view_callback, NULL);
- }
- static struct vacm_securityEntry *securityFirst =0, *securityLast =0;
- #define EXAMPLE_NETWORK "NETWORK"
- #define EXAMPLE_COMMUNITY "COMMUNITY"
- /*added by sxf for print the configuration community*/
- BOOL vacm_walkThrSecEntry (void (*thrMethod)(struct vacm_securityEntry*))
- {
- struct vacm_securityEntry *sp;
- if (securityFirst == NULL)
- return FALSE;
- for (sp = securityFirst; sp != NULL; sp = sp->next)
- {
- thrMethod (sp);
- }
- return TRUE;
- }
- void
- vacm_destroySecurityEntry(const char *commName)
- {
- struct vacm_securityEntry *sp, *lastsp = NULL;
- if (securityFirst && !strcmp(securityFirst->community, commName))
- {
- sp = securityFirst;
- if (sp == securityLast)
- securityLast = NULL;
- securityFirst = securityFirst->next;
- } else {
- for (sp = securityFirst; sp != NULL; sp = sp->next){
- if (!strcmp(sp->community, commName))
- break;
- lastsp = sp;
- }
- if (!sp)
- return;
- if (sp == securityLast)
- securityLast = lastsp;
- lastsp->next = sp->next;
- }
- if (sp != NULL)
- free(sp);
- return;
- }
- struct vacm_securityEntry *vacm_FindSecEntryByCommName (char *name)
- {
- struct vacm_securityEntry *vp;
- for (vp = securityFirst; vp != NULL; vp = vp->next)
- {
- if (strcmp (vp->community, name) == 0)
- {
- return vp;
- }
- }
- return NULL;
- }
- void vacm_DestroyCommunity (char *commName)
- {
- char line[134];
- struct vacm_viewEntry *vp;
- struct vacm_securityEntry *sp;
- sp = vacm_FindSecEntryByCommName (commName);
- if (sp == NULL)
- {
- return;
- }
- sprintf (line, "__sn%s", commName);
- vacm_destroyGroupEntry (SNMP_SEC_MODEL_SNMPv1, line);
- vacm_destroyGroupEntry (SNMP_SEC_MODEL_SNMPv2c, line);
- sprintf (line, "__gn%s", commName);
- vacm_destroyAccessEntry(line, "", SNMP_SEC_MODEL_ANY, SNMP_SEC_LEVEL_NOAUTH);
- if ((sp->viewname)[0] == ' ')
- {
- sprintf (line, "__vn%s", commName);
- vp = vacm_findViewEntryByName (line);
- vacm_destroyViewEntry (vp->viewName+1, vp->viewSubtree, vp->viewSubtreeLen);
- }
- vacm_destroySecurityEntry (commName);
- }
- void vacm_DestroyCommunityAll (void)
- {
- struct vacm_securityEntry *vp, *vp_next;
- for (vp = securityFirst; vp != NULL;)
- {
- vp_next = vp->next;
- vacm_DestroyCommunity (vp->community);
- vp = vp_next;
- }
- }
- void vacm_parse_security (const char *token,
- char *param)
- {
- char *name, *source, *community;
- const char *mask;
- char *cp;
- struct vacm_securityEntry *sp, se;
- unsigned int maskLength, maskBit;
- struct soaddr_in *srcIp, *srcMask;
- char null[] = "";
- memset (&se, 0 , sizeof se);
- name = strtok(param, "tn ");
- if (!name) {
- config_perror("missing NAME parameter");
- return;
- }
- source = strtok(NULL, "tn ");
- if (!source) {
- config_perror("missing SOURCE parameter");
- return;
- }
- if ( !strncmp( source, EXAMPLE_NETWORK, strlen(EXAMPLE_NETWORK)) ) {
- config_perror("Example config NETWORK not properly configured");
- return; /* or exit(1); */
- }
- community = strtok(NULL, "tn ");
- if (!community) {
- config_perror("missing COMMUNITY parameter");
- return;
- }
- if ( !strncmp( community, EXAMPLE_COMMUNITY, strlen(EXAMPLE_COMMUNITY)) ) {
- config_perror("Example config COMMUNITY not properly configured");
- return; /* or exit(1); */
- }
- srcIp = (struct soaddr_in*)&(se.sourceIp);
- srcMask = (struct soaddr_in*)&(se.sourceMask);
- cp = strchr(source, '/');
- if (cp == NULL) cp = null;
- else *cp++ = 0;
- mask = cp;
- if (strcmp("default", source) == 0 || strcmp("0.0.0.0", source) == 0) {
- memset(&(srcIp->sin_addr), 0, sizeof(struct in_addr));
- mask = "0.0.0.0";
- }
- else if ((srcIp->sin_addr.s_addr = inet_addr (source)) == (unsigned) -1) {
- struct hostent *hp = gethostbyname(source);
- if (hp != NULL) {
- memcpy(&(srcIp->sin_addr), hp->h_addr, 4);
- }
- else {
- config_perror ("bad source address");
- return;
- }
- }
- if (*mask == 0) memset (&(srcMask->sin_addr), 0xff, sizeof(struct in_addr));
- else {
- if (strchr(mask, '.')) {
- if ((srcMask->sin_addr.s_addr = inet_addr(mask)) == (unsigned)-1) {
- config_perror("bad mask");
- return;
- }
- }
- else {
- maskLength = atoi(mask);
- if (maskLength <= 0 || maskLength > 32) {
- config_perror("bad mask length");
- return;
- }
- maskBit = 0x80000000L;
- srcMask->sin_addr.s_addr = 0;
- while (maskLength--) {
- srcMask->sin_addr.s_addr |= maskBit;
- maskBit >>= 1;
- }
- srcMask->sin_addr.s_addr = htonl(srcMask->sin_addr.s_addr);
- }
- }
- if ((srcIp->sin_addr.s_addr & ~srcMask->sin_addr.s_addr) != 0) {
- config_perror("source/mask mismatch");
- return;
- }
- if (strlen(name)+1 > sizeof(se.securityName)) {
- config_perror("security name too long");
- return;
- }
- if (strlen(community)+1 > sizeof(se.community)) {
- config_perror("community name too long");
- return;
- }
- strcpy(se.securityName, name);
- strcpy(se.community, community);
- sp = (struct vacm_securityEntry *)malloc (sizeof *sp);
- if (sp == NULL) {
- config_perror("memory error");
- return;
- }
- *sp = se;
- if (securityFirst != NULL) {
- securityLast->next = sp;
- securityLast = sp;
- }
- else {
- securityFirst = securityLast = sp;
- }
- }
- void vacm_free_security (void)
- {
- struct vacm_securityEntry *sp;
- while ((sp = securityFirst) != NULL) {
- securityFirst = sp->next;
- free(sp);
- }
- }
- void vacm_parse_group (const char *token,
- char *param)
- {
- char *group, *model, *security;
- int imodel;
- struct vacm_groupEntry *gp;
- group = strtok (param, " tn");
- model = strtok (NULL, " tn");
- security = strtok (NULL, " tn");
- if (group == NULL || *group == 0) {
- config_perror("missing GROUP parameter");
- return;
- }
- if (model == NULL || *model == 0) {
- config_perror("missing MODEL parameter");
- return;
- }
- if (security == NULL || *security == 0) {
- config_perror("missing SECURITY parameter");
- return;
- }
- if (strcasecmp(model, "v1") == 0) imodel = SNMP_SEC_MODEL_SNMPv1;
- else if (strcasecmp(model, "v2c") == 0) imodel = SNMP_SEC_MODEL_SNMPv2c;
- else if (strcasecmp(model, "usm") == 0) imodel = SNMP_SEC_MODEL_USM;
- else if (strcasecmp(model, "any") == 0) {
- config_perror("bad security model "any" should be: v1, v2c or usm - installing anyway");
- imodel = SNMP_SEC_MODEL_ANY;
- }
- else {
- config_perror("bad security model, should be: v1, v2c or usm");
- return;
- }
- if (strlen(security)+1 > sizeof(gp->groupName)) {
- config_perror("security name too long");
- return;
- }
- gp = vacm_createGroupEntry(imodel, security);
- if (!gp) {
- config_perror("failed to create group entry");
- return;
- }
- strcpy (gp->groupName, group);
- gp->storageType = SNMP_STORAGE_PERMANENT;
- gp->status = SNMP_ROW_ACTIVE;
- free (gp->reserved);
- gp->reserved = NULL;
- }
- void vacm_free_group (void)
- {
- vacm_destroyAllGroupEntries();
- }
- void vacm_parse_access (const char *token, char *param)
- {
- char *name, *context, *model, *level, *prefix, *readView, *writeView, *notify;
- int imodel, ilevel, iprefix;
- struct vacm_accessEntry *ap;
- name = strtok(param, " tn");
- if (!name) {
- config_perror("missing NAME parameter");
- return;
- }
- context = strtok(NULL, " tn");
- if (!context) {
- config_perror("missing CONTEXT parameter");
- return;
- }
- model = strtok(NULL, " tn");
- if (!model) {
- config_perror("missing MODEL parameter");
- return;
- }
- level = strtok(NULL, " tn");
- if (!level) {
- config_perror("missing LEVEL parameter");
- return;
- }
- prefix = strtok(NULL, " tn");
- if (!prefix) {
- config_perror("missing PREFIX parameter");
- return;
- }
- readView = strtok(NULL, " tn");
- if (!readView) {
- config_perror("missing readView parameter");
- return;
- }
- writeView = strtok(NULL, " tn");
- if (!writeView) {
- config_perror("missing writeView parameter");
- return;
- }
- notify = strtok(NULL, " tn");
- if (!notify) {
- config_perror("missing notifyView parameter");
- return;
- }
- if (strcmp(context, """") == 0) *context = 0;
- if (strcasecmp(model, "any") == 0) imodel = SNMP_SEC_MODEL_ANY;
- else if (strcasecmp(model, "v1") == 0) imodel = SNMP_SEC_MODEL_SNMPv1;
- else if (strcasecmp(model, "v2c") == 0) imodel = SNMP_SEC_MODEL_SNMPv2c;
- else if (strcasecmp(model, "usm") == 0) imodel = SNMP_SEC_MODEL_USM;
- else {
- config_perror("bad security model (any, v1, v2c, usm)");
- return;
- }
- if (strcasecmp(level, "noauth") == 0) ilevel = SNMP_SEC_LEVEL_NOAUTH;
- else if (strcasecmp(level, "noauthnopriv") == 0) ilevel = SNMP_SEC_LEVEL_NOAUTH;
- else if (strcasecmp(level, "auth") == 0) ilevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
- else if (strcasecmp(level, "authnopriv") == 0) ilevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
- else if (strcasecmp(level, "priv") == 0) ilevel = SNMP_SEC_LEVEL_AUTHPRIV;
- else if (strcasecmp(level, "authpriv") == 0) ilevel = SNMP_SEC_LEVEL_AUTHPRIV;
- else {
- config_perror("bad security level (noauthnopriv, authnopriv, authpriv)");
- return;
- }
- if (strcmp(prefix,"exact") == 0) iprefix = 1;
- else if (strcmp(prefix,"prefix") == 0) iprefix = 2;
- else if (strcmp(prefix,"0") == 0) {
- config_perror("bad prefix match parameter "0", should be: exact or prefix - installing anyway");
- iprefix = 1;
- }
- else {
- config_perror("bad prefix match parameter, should be: exact or prefix");
- return;
- }
- if (strlen(readView)+1 > sizeof(ap->readView)) {
- config_perror("readView too long");
- return;
- }
- if (strlen(writeView)+1 > sizeof(ap->writeView)) {
- config_perror("writeView too long");
- return;
- }
- if (strlen(notify)+1 > sizeof(ap->notifyView)) {
- config_perror("notifyView too long");
- return;
- }
- ap = vacm_createAccessEntry (name, context, imodel, ilevel);
- if (!ap) {
- config_perror("failed to create access entry");
- return;
- }
- strcpy(ap->readView, readView);
- strcpy(ap->writeView, writeView);
- strcpy(ap->notifyView, notify);
- ap->contextMatch = iprefix;
- ap->storageType = SNMP_STORAGE_PERMANENT;
- ap->status = SNMP_ROW_ACTIVE;
- free (ap->reserved);
- ap->reserved = NULL;
- }
- void vacm_free_access (void)
- {
- vacm_destroyAllAccessEntries();
- }
- void vacm_parse_view (const char *token,
- char *param)
- {
- char *name, *type, *subtree, *mask;
- int inclexcl;
- struct vacm_viewEntry *vp;
- oid suboid[MAX_OID_LEN];
- int suboid_len = 0;
- u_char viewMask[sizeof (vp->viewMask)];
- int i;
- name = strtok (param, " tn");
- if (!name) {
- config_perror("missing NAME parameter");
- return;
- }
- type = strtok (NULL, " nt");
- if (!type) {
- config_perror("missing TYPE parameter");
- return;
- }
- subtree = strtok(NULL, " tn");
- if (!subtree) {
- config_perror("missing SUBTREE parameter");
- return;
- }
- mask = strtok(NULL, " tn");
- if (strcmp(type, "included") == 0) inclexcl = SNMP_VIEW_INCLUDED;
- else if (strcmp(type, "excluded") == 0) inclexcl = SNMP_VIEW_EXCLUDED;
- else {
- config_perror("TYPE must be included/excluded?");
- return;
- }
- suboid_len = MAX_OID_LEN;
- if (!read_objid(subtree, suboid, (size_t*)&suboid_len)) {
- config_perror("bad SUBTREE object id");
- return;
- }
- if (mask) {
- int val;
- i = 0;
- for (mask = strtok(mask, ".:"); mask; mask = strtok(NULL, ".:")) {
- if (i >= sizeof(viewMask)) {
- config_perror("MASK too long");
- return;
- }
- if (sscanf(mask, "%x", &val) == 0) {
- config_perror("invalid MASK");
- return;
- }
- viewMask[i] = (u_char)val;
- i++;
- }
- }
- else {
- for (i = 0; i < sizeof(viewMask); i++)
- viewMask[i] = 0xff;
- }
- vp = vacm_createViewEntry(name, suboid, suboid_len);
- if (!vp) {
- config_perror("failed to create view entry");
- return;
- }
- memcpy(vp->viewMask, viewMask, sizeof(viewMask));
- vp->viewType = inclexcl;
- vp->viewStorageType = SNMP_STORAGE_PERMANENT;
- vp->viewStatus = SNMP_ROW_ACTIVE;
- free (vp->reserved);
- vp->reserved = NULL;
- }
- void vacm_free_view (void)
- {
- vacm_destroyAllViewEntries();
- }
- void vacm_parse_simple(const char *token, char *confline) {
- char line[SPRINT_MAX_LEN];
- char community[COMMUNITY_MAX_LEN];
- char theoid[SPRINT_MAX_LEN];
- char viewname[SPRINT_MAX_LEN];
- char addressname[SPRINT_MAX_LEN];
- const char *rw = "none";
- const char *model = "any";
- char *cp;
- static int num = 0;
- char secname[SPRINT_MAX_LEN];
- char authtype[SPRINT_MAX_LEN];
- /* community name or user name */
- cp = copy_word(confline, community);
- if (strcmp(token,"rouser") == 0 || strcmp(token,"rwuser") == 0) {
- /* authentication type */
- if (cp && *cp)
- cp = copy_word(cp, authtype);
- else
- strcpy(authtype, "auth");
- DEBUGMSGTL((token, "setting auth type: "%s"n",authtype));
- model = "usm";
- } else {
- /* source address */
- if (cp && *cp) {
- cp = copy_word(cp, addressname);
- } else {
- strcpy(addressname, "default");
- }
- /* authtype has to be noauth */
- strcpy(authtype, "noauth");
- }
- /* oid they can touch */
- if (cp && *cp) {
- cp = copy_word(cp, theoid);
- } else {
- strcpy(theoid, ".1");
- }
- if (strcmp(token,"rwcommunity") == 0 || strcmp(token,"rwuser") == 0)
- rw = viewname;
- if (strcmp(token,"rwcommunity") == 0 || strcmp(token,"rocommunity") == 0) {
- /* com2sec mapping */
- /* com2sec anonymousSecNameNUM ADDRESS COMMUNITY */
- sprintf(secname, "anonymousSecName%03d", num);
- sprintf(line,"%s %s %s", secname, addressname, community);
- DEBUGMSGTL((token,"passing: %s %sn", "com2sec", line));
- vacm_parse_security("com2sec",line);
- /* sec->group mapping */
- /* group anonymousGroupNameNUM any anonymousSecNameNUM */
- sprintf(line,"anonymousGroupName%03d v1 %s", num, secname);
- DEBUGMSGTL((token,"passing: %s %sn", "group", line));
- vacm_parse_group("group",line);
- sprintf(line,"anonymousGroupName%03d v2c %s", num, secname);
- DEBUGMSGTL((token,"passing: %s %sn", "group", line));
- vacm_parse_group("group",line);
- } else {
- strcpy(secname, community);
- /* sec->group mapping */
- /* group anonymousGroupNameNUM any anonymousSecNameNUM */
- sprintf(line,"anonymousGroupName%03d usm %s", num, secname);
- DEBUGMSGTL((token,"passing: %s %sn", "group", line));
- vacm_parse_group("group",line);
- }
- /* view definition */
- /* view anonymousViewNUM included OID */
- sprintf(viewname,"anonymousView%03d",num);
- sprintf(line,"%s included %s", viewname, theoid);
- DEBUGMSGTL((token,"passing: %s %sn", "view", line));
- vacm_parse_view("view",line);
- /* map everything together */
- /* access anonymousGroupNameNUM "" MODEL AUTHTYPE exact anonymousViewNUM [none/anonymousViewNUM] [none/anonymousViewNUM] */
- sprintf(line, "anonymousGroupName%03d "" %s %s exact %s %s %s", num,
- model, authtype, viewname, rw, rw);
- DEBUGMSGTL((token,"passing: %s %sn", "access", line));
- vacm_parse_access("access",line);
- num++;
- }
- int
- vacm_in_view_callback(int majorID, int minorID, void *serverarg,
- void *clientarg) {
- struct view_parameters *view_parms = (struct view_parameters *) serverarg;
- int retval;
- if (view_parms == NULL)
- return 1;
- retval = vacm_in_view(view_parms->pdu, view_parms->name,
- view_parms->namelen);
- if (retval != 0)
- view_parms->errorcode = retval;
- return retval;
- }
- extern int snmp_check_ipacl(char *ipacl, int ipaddr);
- /*******************************************************************-o-******
- * vacm_in_view
- *
- * Parameters:
- * *pdu
- * *name
- * namelen
- *
- * Returns:
- * 0 On success.
- * 1 Missing security name.
- * 2 Missing group
- * 3 Missing access
- * 4 Missing view
- * 5 Not in view
- *
- * Debug output listed as follows:
- * <securityName> <groupName> <viewName> <viewType>
- */
- int vacm_in_view (struct snmp_pdu *pdu,
- oid *name,
- size_t namelen)
- {
- struct vacm_securityEntry *sp = securityFirst;
- struct vacm_accessEntry *ap;
- struct vacm_groupEntry *gp;
- struct vacm_viewEntry *vp;
- struct soaddr_in *pduIp = (struct soaddr_in*)&(pdu->address);
- struct soaddr_in *srcIp, *srcMask;
- char *vn;
- char *sn;
- char *ipacl = NULL;
- int b_flag=0;/*判断是不是PDU的ip不匹配,用于判断统计STAT_SNMPINBADCOMMUNITYNAMES*/
- if (pdu->version == SNMP_VERSION_1 || pdu->version == SNMP_VERSION_2c) {
- if (snmp_get_do_debugging()) {
- char buf[256];
- if (pdu->community) {
- memcpy(buf, pdu->community, pdu->community_len>200?200:pdu->community_len);
- buf[pdu->community_len] = ' ';
- } else {
- DEBUGMSGTL(("mibII/vacm_vars", "NULL community"));
- strcpy (buf, "NULL");
- }
- DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: ver=%d, source=%.8x, community=%sn", pdu->version, pduIp->sin_addr.s_addr, buf));
- }
- while (sp) {
- srcIp = (struct soaddr_in *)&(sp->sourceIp);
- srcMask = (struct soaddr_in *)&(sp->sourceMask);
- if ((pduIp->sin_addr.s_addr & srcMask->sin_addr.s_addr)== srcIp->sin_addr.s_addr)
- {
- b_flag = 1;
- if (strlen(sp->community) == pdu->community_len
- && !strncmp(sp->community, (char *)pdu->community, pdu->community_len))
- break;
- }
- sp = sp->next;
- }
- if (sp == NULL)
- {
- if (b_flag)
- snmp_increment_statistic (STAT_SNMPINBADCOMMUNITYNAMES);
- return 1;
- }
- /*
- if (sp->access_list[0] != ' ')
- {
- if (ipacl_find (sp->access_list) != NULL)
- {
- acl_info.src_ip = pduIp->sin_addr.s_addr;
- if (ipacl_check(&acl_info,sp->access_list)!=IP_PERMIT)
- return -1;
- }
- int rc;
- acl_info.src_ip = pduIp->sin_addr.s_addr;
- rc = ipacl_check(&acl_info, sp->access_list);
- if ((rc & IP_PERMIT) == 0)
- return -1;
- }
- */
- ipacl = sp->access_list;
- sn = sp->securityName;
- } else if (pdu->securityModel == SNMP_SEC_MODEL_USM) {
- DEBUGMSG (("mibII/vacm_vars",
- "vacm_in_view: ver=%d, model=%d, secName=%sn",
- pdu->version, pdu->securityModel, pdu->securityName));
- sn = pdu->securityName;
- } else {
- sn = NULL;
- }
- if (sn == NULL) return 1;
- DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: sn=%s", sn));
- gp = vacm_getGroupEntry(pdu->securityModel, sn);
- if (gp == NULL) { DEBUGMSG(("mibII/vacm_vars", "n")); return 2; }
- DEBUGMSG (("mibII/vacm_vars", ", gn=%s", gp->groupName));
- ap = vacm_getAccessEntry(gp->groupName, "", pdu->securityModel,
- pdu->securityLevel);
- if (ap == NULL) { DEBUGMSG(("mibII/vacm_vars", "n")); return 3; }
- if (name == 0) { /* only check the setup of the vacm for the request */
- DEBUGMSG(("mibII/vacm_vars", ", Done checking setupn"));
- return 0;
- }
- if (pdu->securityModel == SNMP_SEC_MODEL_USM) {
- ipacl = ap->access_list;
- }
- if (snmp_check_ipacl(ipacl, pduIp->sin_addr.s_addr))
- {
- snmp_increment_statistic (STAT_SNMPINBADCOMMUNITYUSES);
- return -1;
- }
- switch (pdu->command) {
- case SNMP_MSG_GET:
- case SNMP_MSG_GETNEXT:
- case SNMP_MSG_GETBULK:
- vn = ap->readView;
- break;
- case SNMP_MSG_SET:
- vn = ap->writeView;
- break;
- case SNMP_MSG_TRAP:
- case SNMP_MSG_TRAP2:
- case SNMP_MSG_INFORM:
- vn = ap->notifyView;
- break;
- default:
- snmp_log(LOG_ERR, "bad msg type in vacm_in_view: %dn", pdu->command);
- vn = ap->readView;
- }
- DEBUGMSG (("mibII/vacm_vars", ", vn=%s", vn));
- vp = vacm_getViewEntry (vn, name, namelen);
- if (vp == NULL)
- {
- DEBUGMSG(("mibII/vacm_vars", "n"));
- return 4;
- }
- DEBUGMSG(("mibII/vacm_vars", ", vt=%dn", vp->viewType));
- if (vp->viewType == SNMP_VIEW_EXCLUDED)
- {
- if (pdu->version == SNMP_VERSION_1
- || pdu->version == SNMP_VERSION_2c) {
- snmp_increment_statistic(STAT_SNMPINBADCOMMUNITYUSES);
- }
- return 5;
- }
- return 0;
- } /* end vacm_in_view() */
- u_char *var_vacm_sec2group(struct variable *vp,
- oid *name,
- int *length,
- int exact,
- int *var_len,
- WriteMethod **write_method)
- {
- struct vacm_groupEntry *gp;
- oid *groupSubtree;
- oid name_cpy[MAX_OID_LEN];
- int name_len;
- int groupSubtreeLen;
- int secmodel;
- char secname[128], *cp;
- *write_method = NULL;
- name_len = (*length > MAX_OID_LEN)?MAX_OID_LEN:*length;
- memcpy (name_cpy, name, name_len*sizeof(oid));
- if (memcmp(name_cpy, vp->name, sizeof(oid)*vp->namelen) != 0) {
- memcpy(name_cpy, vp->name, sizeof(oid)*vp->namelen);
- name_len = vp->namelen;
- }
- if (exact) {
- if (name_len < 13) return NULL;
- secmodel = name_cpy[11];
- groupSubtree = name_cpy+13;
- groupSubtreeLen = name_len - 13;
- cp = secname;
- while (groupSubtreeLen-- > 0) {
- if (*groupSubtree > 255)
- return 0; /* illegal value */
- *cp++ = (char) *groupSubtree++;
- }
- *cp = 0;
- gp = vacm_getGroupEntry(secmodel, secname);
- }
- else {
- secmodel = name_len > 11 ? name[11] : 0;
- groupSubtree = name_cpy+12;
- groupSubtreeLen = name_len - 12;
- cp = secname;
- while (groupSubtreeLen-- > 0) {
- if (*groupSubtree > 255)
- return 0; /* illegal value */
- *cp++ = (char) *groupSubtree++;
- }
- *cp = 0;
- vacm_scanGroupInit();
- while ((gp = vacm_scanGroupNext()) != NULL) {
- if (gp->securityModel > secmodel ||
- (gp->securityModel == secmodel && strcmp(gp->securityName, secname) > 0))
- break;
- }
- if (gp) {
- name_cpy[11] = gp->securityModel;
- name_len = 12;
- cp = gp->securityName;
- while (*cp) {
- name_cpy[(name_len)++] = *cp++;
- }
- memcpy (name, name_cpy, name_len*sizeof(oid));
- *length = name_len;
- }
- }
- if (!gp) {
- if (vp->magic == SECURITYSTATUS) {
- *write_method = write_vacmSecurity2GroupStatus;
- }
- return NULL;
- }
- *var_len =sizeof(long_return);
- switch (vp->magic) {
- case SECURITYMODEL:
- long_return = gp->securityModel;
- return (u_char *)&long_return;
- case SECURITYNAME:
- *var_len = gp->securityName[0];
- return (u_char *)&gp->securityName[1];
- case SECURITYGROUP:
- *var_len = strlen(gp->groupName);
- *write_method = write_vacmGroupName;
- return (u_char *)gp->groupName;
- case SECURITYSTORAGE:
- long_return = gp->storageType;
- *write_method = write_vacmSecurityToGroupStorageType;
- return (u_char *)&long_return;
- case SECURITYSTATUS:
- long_return = gp->status;
- *write_method = write_vacmSecurity2GroupStatus;
- return (u_char *)&long_return;
- }
- return NULL;
- }
- u_char *var_vacm_access(struct variable *vp,
- oid *name,
- int *length,
- int exact,
- int *var_len,
- WriteMethod **write_method)
- {
- struct vacm_accessEntry *gp;
- int secmodel;
- int seclevel;
- char groupName[32];
- char contextPrefix[32];
- oid *op, new_name[MAX_OID_LEN];
- int len, new_len;
- char *cp;
- int cmp;
- *write_method = NULL;
- new_len = (*length > MAX_OID_LEN)?MAX_OID_LEN:*length;
- memcpy (new_name, name, new_len*sizeof(oid));
- if (memcmp(new_name, vp->name, sizeof(oid)*vp->namelen) != 0) {
- memcpy(new_name, vp->name, sizeof(oid)*vp->namelen);
- new_len = vp->namelen;
- }
- if (exact) {
- if (new_len < 15) return NULL;
- op = new_name+11;
- len = *op++;
- cp = groupName;
- while (len-- > 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- len = *op++;
- cp = contextPrefix;
- while (len-- > 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- secmodel = *op++;
- seclevel = *op++;
- if (op != new_name + new_len) {
- return NULL;
- }
- gp = vacm_getAccessEntry(groupName, contextPrefix, secmodel, seclevel);
- }
- else {
- secmodel = seclevel = 0;
- groupName[0] = 0;
- contextPrefix[0] = 0;
- op = new_name+11;
- if (op >= new_name + new_len) {
- }
- else {
- len = *op;
- cp = groupName;
- while (len-- >= 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- }
- if (op >= new_name + new_len) {
- }
- else {
- len = *op;
- cp = contextPrefix;
- while (len-- >= 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- }
- if (op >= new_name + new_len) {
- }
- else {
- secmodel = *op++;
- }
- if (op >= new_name + new_len) {
- }
- else {
- seclevel = *(op);
- }
- vacm_scanAccessInit();
- while ((gp = vacm_scanAccessNext()) != NULL) {
- cmp = strcmp(gp->groupName, groupName);
- if (cmp > 0) break;
- if (cmp < 0) continue;
- cmp = strcmp(gp->contextPrefix, contextPrefix);
- if (cmp > 0) break;
- if (cmp < 0) continue;
- if (gp->securityModel > secmodel) break;
- if (gp->securityModel < secmodel) continue;
- if (gp->securityLevel > seclevel) break;
- }
- if (gp) {
- new_len = 11;
- cp = gp->groupName;
- do {
- new_name[(new_len)++] = *cp++;
- } while (*cp);
- cp = gp->contextPrefix;
- do {
- new_name[new_len++] = *cp++;
- } while (*cp);
- new_name[new_len++] = gp->securityModel;
- new_name[new_len++] = gp->securityLevel;
- *length = new_len;
- memcpy (name, new_name, new_len*sizeof(oid));
- }
- }
- if (!gp) {
- if (vp->magic == ACCESSSTATUS) {
- *write_method = write_vacmAccessStatus;
- }
- return NULL;
- }
- *var_len =sizeof(long_return);
- switch (vp->magic) {
- case ACCESSMATCH:
- long_return = gp->contextMatch;
- *write_method = write_vacmAccessContextMatch;
- return (u_char *)&long_return;
- case ACCESSLEVEL:
- long_return = gp->securityLevel;
- return (u_char *)&long_return;
- case ACCESSMODEL:
- long_return = gp->securityModel;
- return (u_char *)&long_return;
- case ACCESSPREFIX:
- *var_len = *gp->contextPrefix;
- return (u_char *)&gp->contextPrefix[1];
- case ACCESSREAD:
- *var_len = strlen(gp->readView);
- *write_method = write_vacmAccessReadViewName;
- return (u_char *)gp->readView;
- case ACCESSWRITE:
- *var_len = strlen(gp->writeView);
- *write_method = write_vacmAccessWriteViewName;
- return (u_char *)gp->writeView;
- case ACCESSNOTIFY:
- *var_len = strlen(gp->notifyView);
- *write_method = write_vacmAccessNotifyViewName;
- return (u_char *)gp->notifyView;
- case ACCESSSTORAGE:
- long_return = gp->storageType;
- *write_method = write_vacmAccessStorageType;
- return (u_char *)&long_return;
- case ACCESSSTATUS:
- long_return = gp->status;
- *write_method = write_vacmAccessStatus;
- return (u_char *)&long_return;
- }
- return NULL;
- }
- u_char *var_vacm_view(struct variable *vp,
- oid *name,
- int *length,
- int exact,
- int *var_len,
- WriteMethod **write_method)
- {
- struct vacm_viewEntry *gp;
- char viewName[32];
- oid subtree[MAX_OID_LEN], new_name[MAX_OID_LEN];
- int subtreeLen = 0, new_len;
- oid *op, *op1;
- int len;
- char *cp;
- int cmp;
- *write_method = NULL;
- new_len = (*length > MAX_OID_LEN)?MAX_OID_LEN:*length;
- memcpy (new_name, name, new_len*sizeof(oid));
- if (memcmp(new_name, vp->name, sizeof(oid)*vp->namelen) != 0) {
- memcpy(new_name, vp->name, sizeof(oid)*vp->namelen);
- new_len = vp->namelen;
- }
- if (exact) {
- if (new_len < 15) return NULL;
- op = new_name+12;
- len = *op++;
- if (len > new_len)
- return NULL;
- cp = viewName;
- while (len-- > 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- len = *op++;
- if (len > new_len)
- return NULL;
- op1 = subtree;
- while (len-- > 0) {
- *op1++ = *op++;
- subtreeLen++;
- }
- if (op != new_name + new_len) {
- return NULL;
- }
- gp = vacm_getViewEntry(viewName, subtree, subtreeLen);
- }
- else {
- viewName[0] = 0;
- op = new_name+12;
- if (op >= new_name + new_len) {
- }
- else {
- len = *op;
- if (len > new_len)
- return NULL;
- cp = viewName;
- while (len-- >= 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- }
- if (op >= new_name + new_len) {
- }
- else {
- len = *op++;
- op1 = subtree;
- while (len-- > 0) {
- *op1++ = *op++;
- subtreeLen++;
- }
- }
- vacm_scanViewInit();
- while ((gp = vacm_scanViewNext()) != NULL) {
- cmp = strcmp(gp->viewName, viewName);
- if (cmp > 0) break;
- if (cmp < 0) continue;
- }
- if (gp) {
- new_len = 12;
- cp = gp->viewName;
- do {
- new_name[(new_len)++] = *cp++;
- } while (*cp);
- op1 = gp->viewSubtree;
- len = gp->viewSubtreeLen;
- new_name[(new_len)++] = len;
- while (len-- > 0){
- new_name[(new_len)++] = *op1++;
- }
- memcpy (name, new_name, new_len*sizeof(oid));
- *length = new_len;
- }
- }
- if (!gp) {
- if (vp->magic == VIEWSTATUS) {
- *write_method = vacmViewTreeFamilyStatus;
- }
- return NULL;
- }
- *var_len =sizeof(long_return);
- switch (vp->magic) {
- case VIEWNAME:
- *var_len = gp->viewName[0];
- return (u_char *)&gp->viewName[1];
- case VIEWSUBTREE:
- *var_len = gp->viewSubtreeLen*sizeof(oid);
- return (u_char *)gp->viewSubtree;
- case VIEWMASK:
- *var_len = (gp->viewSubtreeLen + 7) / 8;
- *write_method = write_vacmViewTreeFamilyMask;
- return (u_char *)gp->viewMask;
- case VIEWTYPE:
- long_return = gp->viewType;
- *write_method = write_vacmViewTreeFamilyType;
- return (u_char *)&long_return;
- case VIEWSTORAGE:
- long_return = gp->viewStorageType;
- *write_method = write_vacmViewTreeFamilyStorageType;
- return (u_char *)&long_return;
- case VIEWSTATUS:
- long_return = gp->viewStatus;
- *write_method = vacmViewTreeFamilyStatus;
- return (u_char *)&long_return;
- }
- return NULL;
- }
- /*****************************************************
- *The following functions are added by sxf 2k-12-29
- * for snmp set operation.
- *****************************************************/
- /****************************************************
- *WriteMethods for vacmSecurityToGroup
- ****************************************************/
- int
- write_vacmGroupName(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- static unsigned char string[VACMSTRINGLEN];
- int size;
- struct vacm_groupEntry *gp;
- oid *groupSubtree;
- int groupSubtreeLen;
- int secmodel;
- char secname[32], *cp;
- if (var_val_type != ASN_OCTET_STR) {
- DEBUGMSGTL(("vacmSecurityToGroup","write to vacmGroupName not ASN_OCTET_STRn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(string) - 1|| var_val_len <= 0) {
- DEBUGMSGTL(("vacmSecurityToGroup","write to vacmGroupName: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- /* spec check, ??? */
- size = var_val_len;
- memcpy(string, var_val, var_val_len);
- /* Find the struct in the linked list and check status */
- if (name_len < 13) return SNMP_ERR_INCONSISTENTVALUE;
- secmodel = name[11];
- groupSubtree = name+13;
- groupSubtreeLen = name_len - 13;
- cp = secname;
- while (groupSubtreeLen-- > 0) {
- if (*groupSubtree > 255)
- return 0; /* illegal value */
- *cp++ = (char) *groupSubtree++;
- }
- *cp = 0;
- gp = vacm_getGroupEntry(secmodel, secname);
- if ( gp == NULL) {
- DEBUGMSGTL(("vacmSecurityToGroup","write to vacmGroupName : BAD OID!n"));
- return SNMP_ERR_NOSUCHNAME;
- }
- /* row exists, check if it is changeable */
- if (gp->storageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmSecurityToGroup","write to vacmGroupName : row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- if (gp->status == SNMP_ROW_ACTIVE && strcmp (gp->groupName, string) != 0)
- return SNMP_ERR_INCONSISTENTVALUE;
- /* Finally, we're golden, check if we should save value */
- if (action == COMMIT) {
- memcpy(gp->groupName, string, size);
- gp->groupName[size] = ' ';
- /* If row is new, check if its status can be updated */
- if ( gp->status == SNMP_ROW_NOTREADY)
- gp->status = SNMP_ROW_NOTINSERVICE;
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmGroupName */
- int
- write_vacmSecurityToGroupStorageType(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- static long long_ret;
- struct vacm_groupEntry *gp;
- oid *groupSubtree;
- int groupSubtreeLen;
- int secmodel;
- char secname[32], *cp;
- if (var_val_type != ASN_INTEGER) {
- DEBUGMSGTL(("vacmSecurityToGroup","write to vacmSecurityToGroupStorageType not ASN_INTEGERn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(long_ret)) {
- DEBUGMSGTL(("vacmSecurityToGroupEntry","write to vacmSecurityToGroupStorageType: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- long_ret = *((long *) var_val);
- if ( (long_ret != SNMP_STORAGE_OTHER) && (long_ret != SNMP_STORAGE_VOLATILE) &&
- (long_ret != SNMP_STORAGE_NONVOLATILE) ) {
- DEBUGMSGTL(("vacmSecurityToGroupEntry", "write to vacmSecurityToGroupStorageType : attempted storage type not a valid"));
- DEBUGMSG(("vacmSecurityToGroupEntry", " value of other(%d), volatile(%d), or nonvolatile(%d)n",
- SNMP_STORAGE_OTHER, SNMP_STORAGE_VOLATILE, SNMP_STORAGE_NONVOLATILE));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* Find the struct in the linked list and check status */
- if (name_len < 13) return SNMP_ERR_INCONSISTENTVALUE;
- secmodel = name[11];
- groupSubtree = name+13;
- groupSubtreeLen = name_len - 13;
- cp = secname;
- while (groupSubtreeLen-- > 0) {
- if (*groupSubtree > 255)
- return 0; /* illegal value */
- *cp++ = (char) *groupSubtree++;
- }
- *cp = 0;
- gp = vacm_getGroupEntry(secmodel, secname);
- if (gp == NULL ) {
- DEBUGMSGTL(("vacmSecurityToGroupEntry","write to vacmSecurityToGroupStorageType : BAD OIDn"));
- return SNMP_ERR_NOSUCHNAME;
- }
- if ( (gp->storageType == SNMP_STORAGE_PERMANENT) ||
- (gp->storageType == SNMP_STORAGE_READONLY) ) {
- DEBUGMSGTL(("vacmSecurityToGroupEntry", "write to vacmSecurityToGroupStorageType : row has unchangeable storage status: %dn",
- gp->storageType));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* Finally, we're golden, check if we should save new value */
- if (action == COMMIT) {
- gp->storageType = long_ret;
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmSecurityToGroupStorageType */
- /* Assign a value to the Row Status variable */
- int
- write_vacmSecurity2GroupStatus(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- enum commit_action_enum {NOTHING, DESTROY, CREATE, CHANGE};
- enum commit_action_enum onCommitDo;
- static long long_ret;
- struct vacm_groupEntry *gp;
- oid *groupSubtree;
- int groupSubtreeLen;
- int secmodel;
- char secname[32], *cp;
- if (var_val_type != ASN_INTEGER) {
- DEBUGMSGTL(("vacmSecurityToGroup","write to vacmSecurity2GroupStatus not ASN_INTEGERn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(long_ret)) {
- DEBUGMSGTL(("vacmSecurityToGroup","write to vacmSecurityToGroupStatus: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- long_ret = *((long *) var_val);
- /* search for struct in linked list */
- if (name_len < 13) return SNMP_ERR_INCONSISTENTVALUE;
- secmodel = name[11];
- groupSubtree = name+13;
- groupSubtreeLen = name_len - 13;
- cp = secname;
- while (groupSubtreeLen-- > 0) {
- if (*groupSubtree > 255)
- return 0; /* illegal value */
- *cp++ = (char) *groupSubtree++;
- }
- *cp = 0;
- gp = vacm_getGroupEntry(secmodel, secname);
- if (gp == NULL) {
- /* row doesn't exist, check valid possibilities */
- if (long_ret == SNMP_ROW_DESTROY)
- /* re: RFC 1903, destroying a non-existent row is noError, whatever */
- onCommitDo = NOTHING;
- /* check if this is for a new row creation */
- else if (long_ret == SNMP_ROW_CREATEANDGO || long_ret == SNMP_ROW_CREATEANDWAIT)
- onCommitDo = CREATE;
- else /* no valid sets for no row being found so... */
- return SNMP_ERR_NOSUCHNAME;
- }
- else { /* row exists */
- /* check if it is changeable */
- if (gp->storageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmSecurity2Group","write to vacmSecurity2GroupStatus : row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- /* check if row is to be destroyed (note: it is ok to destroy notReady row!) */
- else if (long_ret == SNMP_ROW_DESTROY) {
- if (gp->storageType == SNMP_STORAGE_PERMANENT) {
- DEBUGMSGTL(("vacmSecurity2Group","write to vacmSecurity2GroupStatus : unable to destroy permanent rown"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- else {
- onCommitDo = DESTROY;
- }
- }
- /* check if row is new and can be changed from notready yet */
- else if (gp->status == SNMP_ROW_NOTREADY) {
- DEBUGMSGTL(("vacmSecurity2Group","write to vacmSecurity2GroupStatus : unable to change from NOTREADYn"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* we now know the row status can be set, check for the two valid settings left*/
- else if ( (long_ret == SNMP_ROW_ACTIVE) ||
- (long_ret == SNMP_ROW_NOTINSERVICE) ) {
- onCommitDo = CHANGE;
- }
- /* not a valid setting */
- else {
- DEBUGMSGTL(("vacmSecurity2Group","write to vacmSecurity2GroupStatus : Bad value for setn"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- } /* if row exist */
- /* if this is a commit, do expected action */
- if (action == COMMIT) {
- switch(onCommitDo) {
- case CREATE :
- if (vacm_createGroupEntry(secmodel, secname) == 0) {
- DEBUGMSGTL(("vacmSecurity2Group", "write to vacmSecurity2GroupStatus : "));
- DEBUGMSG(("vacmSecurity2Group","failed new row creation, bad OID/index value n"));
- return SNMP_ERR_GENERR;
- }
- break;
- case DESTROY:
- vacm_destroyGroupEntry(secmodel, secname);
- break;
- case CHANGE:
- gp->status = long_ret;
- break;
- case NOTHING:
- default:
- break;
- }
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmSecurity2GroupStatus */
- /******************************************************************
- *WriteMethods for vacmAccess
- *****************************************************************/
- int check_accessEntryStatus (struct vacm_accessEntry *ap)
- {
- if (ap->contextMatch == 1 || ap->contextMatch == 2)
- {
- if (ap->readView[0] != ' ' || ap->writeView[0] != ' ' || ap->notifyView[0] != ' ')
- {
- return SNMP_ROW_NOTINSERVICE;
- }
- }
- return SNMP_ROW_NOTREADY;
- }
- int get_accessEntryFromName (oid *name, int name_len, struct vacm_accessEntry **gpp)
- {
- int secmodel;
- int seclevel;
- char groupName[32];
- char contextPrefix[32];
- oid *op;
- int len;
- char *cp;
- *gpp = NULL;
- /* search for struct in linked list */
- if (name_len < 15) return SNMP_ERR_INCONSISTENTVALUE;
- op = name+11;
- len = *op++;
- cp = groupName;
- if (len > 128)
- return SNMP_ERR_INCONSISTENTVALUE;
- while (len-- > 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- len = *op++;
- cp = contextPrefix;
- if (len > 128)
- return SNMP_ERR_INCONSISTENTVALUE;
- while (len-- > 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- secmodel = *op++;
- seclevel = *op++;
- if (op != name + name_len) {
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- *gpp = vacm_getAccessEntry(groupName, contextPrefix, secmodel, seclevel);
- return SNMP_ERR_NOERROR;
- }
- int
- write_vacmAccessContextMatch(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- /* variables we may use later */
- static long long_ret;
- int return_val;
- struct vacm_accessEntry *gp;
- if (var_val_type != ASN_INTEGER) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessContextMatch not ASN_INTEGERn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(long_ret)) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessContextMatch: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- long_ret = *((long *) var_val);
- if (long_ret != 1 && long_ret != 2)
- {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessContextMatch : Bad value for setn"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* spec check range, no spec check */
- /* Find row in linked list and check pertinent status... */
- if ((return_val = get_accessEntryFromName (name, name_len, &gp)) != SNMP_ERR_NOERROR)
- return return_val;
- if (gp == NULL) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessContextMatch: BAD OIDn"));
- return SNMP_ERR_NOSUCHNAME;
- }
- if (gp->storageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessContextMatch: row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- if (gp->status == SNMP_ROW_ACTIVE && gp->contextMatch != long_ret)
- return SNMP_ERR_INCONSISTENTVALUE;
- /* Finally, we're golden, should we save value? */
- if (action == COMMIT) {
- gp->contextMatch = long_ret;
- if ( gp->status == SNMP_ROW_NOTREADY)
- gp->status = check_accessEntryStatus (gp);
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmAccessContextMatch */
- int
- write_vacmAccessReadViewName(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- static unsigned char string[VACMSTRINGLEN];
- int size, return_val;
- struct vacm_accessEntry *gp;
- if (var_val_type != ASN_OCTET_STR) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessReadViewName not ASN_OCTET_STRn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(string) - 1|| var_val_len <= 0) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessReadViewName: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- /* spec check, ??? */
- size = var_val_len;
- memcpy(string, var_val, var_val_len);
- if ((return_val = get_accessEntryFromName (name, name_len, &gp)) != SNMP_ERR_NOERROR)
- return return_val;
- if ( gp == NULL) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessReadViewName: BAD OID!n"));
- return SNMP_ERR_NOSUCHNAME;
- }
- /* row exists, check if it is changeable */
- if (gp->storageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessReadViewName: row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- if (gp->status == SNMP_ROW_ACTIVE && strcmp (gp->readView, string) != 0)
- return SNMP_ERR_INCONSISTENTVALUE;
- /* Finally, we're golden, check if we should save value */
- if (action == COMMIT) {
- memcpy(gp->readView, string, size);
- gp->readView[size] = ' ';
- /* If row is new, check if its status can be updated */
- if ( gp->status == SNMP_ROW_NOTREADY)
- gp->status = check_accessEntryStatus (gp);
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmAccessReadViewName */
- int
- write_vacmAccessWriteViewName(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- static unsigned char string[VACMSTRINGLEN];
- int size, return_val;
- struct vacm_accessEntry *gp;
- if (var_val_type != ASN_OCTET_STR) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessWriteViewName not ASN_OCTET_STRn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(string) - 1|| var_val_len <= 0) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessWriteViewName: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- /* spec check, ??? */
- size = var_val_len;
- memcpy(string, var_val, var_val_len);
- if ((return_val = get_accessEntryFromName (name, name_len, &gp)) != SNMP_ERR_NOERROR)
- return return_val;
- if ( gp == NULL) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessWriteViewName: BAD OID!n"));
- return SNMP_ERR_NOSUCHNAME;
- }
- /* row exists, check if it is changeable */
- if (gp->storageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessWriteViewName: row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- if (gp->status == SNMP_ROW_ACTIVE && strcmp (gp->writeView, string) != 0)
- return SNMP_ERR_INCONSISTENTVALUE;
- /* Finally, we're golden, check if we should save value */
- if (action == COMMIT) {
- memcpy(gp->writeView, string, size);
- gp->writeView[size] = ' ';
- /* If row is new, check if its status can be updated */
- if ( gp->status == SNMP_ROW_NOTREADY)
- gp->status = check_accessEntryStatus (gp);
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmAccessWriteViewName */
- int
- write_vacmAccessNotifyViewName(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- static unsigned char string[VACMSTRINGLEN];
- int size, return_val;
- struct vacm_accessEntry *gp;
- if (var_val_type != ASN_OCTET_STR) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessNotifyViewName not ASN_OCTET_STRn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(string) - 1|| var_val_len <= 0) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessNotifyViewName: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- /* spec check, ??? */
- size = var_val_len;
- memcpy(string, var_val, var_val_len);
- if ((return_val = get_accessEntryFromName (name, name_len, &gp)) != SNMP_ERR_NOERROR)
- return return_val;
- if ( gp == NULL) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessNotifyViewName: BAD OID!n"));
- return SNMP_ERR_NOSUCHNAME;
- }
- /* row exists, check if it is changeable */
- if (gp->storageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessNotifyViewName: row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- if (gp->status == SNMP_ROW_ACTIVE && strcmp (gp->notifyView, string) != 0)
- return SNMP_ERR_INCONSISTENTVALUE;
- /* Finally, we're golden, check if we should save value */
- if (action == COMMIT) {
- memcpy(gp->notifyView, string, size);
- gp->notifyView[size] = ' ';
- /* If row is new, check if its status can be updated */
- if ( gp->status == SNMP_ROW_NOTREADY)
- gp->status = check_accessEntryStatus (gp);
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmAccessNotifyViewName */
- int
- write_vacmAccessStorageType(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- static long long_ret;
- struct vacm_accessEntry *gp;
- int return_val;
- if (var_val_type != ASN_INTEGER) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessStorageType not ASN_INTEGERn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(long_ret)) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessStorageType: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- long_ret = *((long *) var_val);
- if ( (long_ret != SNMP_STORAGE_OTHER) && (long_ret != SNMP_STORAGE_VOLATILE) &&
- (long_ret != SNMP_STORAGE_NONVOLATILE) ) {
- DEBUGMSGTL(("vacmAccess", "write to vacmAccessStorageType : attempted storage type not a valid"));
- DEBUGMSG(("vacmAccess", " value of other(%d), volatile(%d), or nonvolatile(%d)n",
- SNMP_STORAGE_OTHER, SNMP_STORAGE_VOLATILE, SNMP_STORAGE_NONVOLATILE));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* Find the struct in the linked list and check status */
- if ((return_val = get_accessEntryFromName (name, name_len, &gp)) != SNMP_ERR_NOERROR)
- return return_val;
- if (gp == NULL ) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessStorageType : BAD OIDn"));
- return SNMP_ERR_NOSUCHNAME;
- }
- if ( (gp->storageType == SNMP_STORAGE_PERMANENT) ||
- (gp->storageType == SNMP_STORAGE_READONLY) ) {
- DEBUGMSGTL(("vacmAccess", "write to vacmAccessStorageType : row has unchangeable storage status: %dn",
- gp->storageType));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* Finally, we're golden, check if we should save new value */
- if (action == COMMIT) {
- gp->storageType = long_ret;
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmAccessStorageType */
- /* Assign a value to the Row Status variable */
- int
- write_vacmAccessStatus(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- enum commit_action_enum {NOTHING, DESTROY, CREATE, CHANGE};
- enum commit_action_enum onCommitDo;
- static long long_ret;
- struct vacm_accessEntry *gp;
- int secmodel;
- int seclevel;
- char groupName[32];
- char contextPrefix[32];
- oid *op;
- int len;
- char *cp;
- if (var_val_type != ASN_INTEGER) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessStatus not ASN_INTEGERn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(long_ret)) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessStatus: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- long_ret = *((long *) var_val);
- /* search for struct in linked list */
- op = name+11;
- len = *op++;
- cp = groupName;
- if (len > 128)
- return SNMP_ERR_INCONSISTENTVALUE;
- while (len-- > 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- len = *op++;
- cp = contextPrefix;
- if (len > 128)
- return SNMP_ERR_INCONSISTENTVALUE;
- while (len-- > 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- secmodel = *op++;
- seclevel = *op++;
- if (op != name + name_len) {
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- gp = vacm_getAccessEntry(groupName, contextPrefix, secmodel, seclevel);
- if (gp == NULL) {
- /* row doesn't exist, check valid possibilities */
- if (long_ret == SNMP_ROW_DESTROY)
- /* re: RFC 1903, destroying a non-existent row is noError, whatever */
- onCommitDo = NOTHING;
- /* check if this is for a new row creation */
- else if (long_ret == SNMP_ROW_CREATEANDGO || long_ret == SNMP_ROW_CREATEANDWAIT)
- onCommitDo = CREATE;
- else /* no valid sets for no row being found so... */
- return SNMP_ERR_NOSUCHNAME;
- }
- else { /* row exists */
- /* check if it is changeable */
- if (gp->storageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessStatus : row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- /* check if row is to be destroyed (note: it is ok to destroy notReady row!) */
- else if (long_ret == SNMP_ROW_DESTROY) {
- if (gp->storageType == SNMP_STORAGE_PERMANENT) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessStatus : unable to destroy permanent rown"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- else {
- onCommitDo = DESTROY;
- }
- }
- /* check if row is new and can be changed from notready yet */
- else if (gp->status == SNMP_ROW_NOTREADY) {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessStatus : unable to change from NOTREADYn"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* we now know the row status can be set, check for the two valid settings left*/
- else if ( (long_ret == SNMP_ROW_ACTIVE) ||
- (long_ret == SNMP_ROW_NOTINSERVICE) ) {
- onCommitDo = CHANGE;
- }
- /* not a valid setting */
- else {
- DEBUGMSGTL(("vacmAccess","write to vacmAccessStatus : Bad value for setn"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- } /* if row exist */
- /* if this is a commit, do expected action */
- if (action == COMMIT) {
- switch(onCommitDo) {
- case CREATE :
- if (vacm_createAccessEntry(groupName, contextPrefix,secmodel, seclevel) == 0) {
- DEBUGMSGTL(("vacmAccess", "write to vacmAccessStatus : "));
- DEBUGMSG(("vacmAccess","failed new row creation, bad OID/index value n"));
- return SNMP_ERR_GENERR;
- }
- break;
- case DESTROY:
- vacm_destroyAccessEntry(groupName, contextPrefix,secmodel, seclevel);
- break;
- case CHANGE:
- gp->status = long_ret;
- break;
- case NOTHING:
- default:
- break;
- }
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmAccessStatus */
- /******************************************************************
- *WriteMethods for vacmViewTreeFamily
- *****************************************************************/
- int get_viewEntryFromName (oid *name, int name_len, struct vacm_viewEntry **gpp)
- {
- char viewName[32];
- oid subtree[MAX_OID_LEN];
- int subtreeLen = 0;
- oid *op, *op1;
- int len;
- char *cp;
- *gpp = NULL;
- if (name_len < 15) return SNMP_ERR_INCONSISTENTVALUE;
- op = name+12;
- len = *op++;
- if (len > name_len)
- return SNMP_ERR_INCONSISTENTVALUE;
- cp = viewName;
- while (len-- > 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- len = *op++;
- if (len > name_len)
- return SNMP_ERR_INCONSISTENTVALUE;
- op1 = subtree;
- while (len-- > 0) {
- *op1++ = *op++;
- subtreeLen++;
- }
- if (op != name + name_len) {
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- *gpp = vacm_getViewEntry(viewName, subtree, subtreeLen);
- return SNMP_ERR_NOERROR;
- }
- int
- write_vacmViewTreeFamilyMask(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- static unsigned char string[VACMSTRINGLEN];
- int size, return_val;
- struct vacm_viewEntry *gp;
- if (var_val_type != ASN_OCTET_STR) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyMask not ASN_OCTET_STRn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > 16 /*the mask is less than 16 bytes*/|| var_val_len <= 0) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyMask: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- /* spec check, ??? */
- size = var_val_len;
- memcpy(string, var_val, var_val_len);
- if ((return_val = get_viewEntryFromName (name, name_len, &gp)) != SNMP_ERR_NOERROR)
- return return_val;
- if ( gp == NULL) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyMask: BAD OID!n"));
- return SNMP_ERR_NOSUCHNAME;
- }
- /* row exists, check if it is changeable */
- if (gp->viewStorageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyMask: row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- /* Finally, we're golden, check if we should save value */
- if (action == COMMIT) {
- memcpy(gp->viewMask, string, size);
- gp->viewMask[size] = ' ';
- gp->viewMaskLen = size;
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmViewTreeFamilyMask */
- int
- write_vacmViewTreeFamilyType(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- /* variables we may use later */
- static long long_ret;
- int return_val;
- struct vacm_viewEntry *gp;
- if (var_val_type != ASN_INTEGER) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyType not ASN_INTEGERn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(long_ret)) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyType: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- long_ret = *((long *) var_val);
- if (long_ret != 1/*include*/ && long_ret != 2/*exclude*/)
- {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyType : Bad value for setn"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* spec check range, no spec check */
- /* Find row in linked list and check pertinent status... */
- if ((return_val = get_viewEntryFromName (name, name_len, &gp)) != SNMP_ERR_NOERROR)
- return return_val;
- if (gp == NULL) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyType: BAD OIDn"));
- return SNMP_ERR_NOSUCHNAME;
- }
- if (gp->viewStorageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyType: row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- /* Finally, we're golden, should we save value? */
- if (action == COMMIT) {
- gp->viewType = long_ret;
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmViewTreeFamilyType */
- int
- write_vacmViewTreeFamilyStorageType(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- static long long_ret;
- struct vacm_viewEntry *gp;
- int return_val;
- if (var_val_type != ASN_INTEGER) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyStorageType not ASN_INTEGERn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(long_ret)) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyStorageType: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- long_ret = *((long *) var_val);
- if ( (long_ret != SNMP_STORAGE_OTHER) && (long_ret != SNMP_STORAGE_VOLATILE) &&
- (long_ret != SNMP_STORAGE_NONVOLATILE) ) {
- DEBUGMSGTL(("vacmViewTreeFamily", "write to vacmViewTreeFamilyStorageType : attempted storage type not a valid"));
- DEBUGMSG(("vacmViewTreeFamily", " value of other(%d), volatile(%d), or nonvolatile(%d)n",
- SNMP_STORAGE_OTHER, SNMP_STORAGE_VOLATILE, SNMP_STORAGE_NONVOLATILE));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* Find the struct in the linked list and check status */
- if ((return_val = get_viewEntryFromName(name, name_len, &gp)) != SNMP_ERR_NOERROR)
- return return_val;
- if (gp == NULL ) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyStorageType : BAD OIDn"));
- return SNMP_ERR_NOSUCHNAME;
- }
- if ( (gp->viewStorageType == SNMP_STORAGE_PERMANENT) ||
- (gp->viewStorageType == SNMP_STORAGE_READONLY) ) {
- DEBUGMSGTL(("vacmViewTreeFamily", "write to vacmViewTreeFamilyStorageType : row has unchangeable storage status: %dn",
- gp->viewStorageType));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* Finally, we're golden, check if we should save new value */
- if (action == COMMIT) {
- gp->viewStorageType = long_ret;
- }
- return SNMP_ERR_NOERROR;
- } /* write_vacmViewTreeFamilyStorageType */
- /* Assign a value to the Row Status variable */
- int
- vacmViewTreeFamilyStatus(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- enum commit_action_enum {NOTHING, DESTROY, CREATE, CHANGE};
- enum commit_action_enum onCommitDo;
- static long long_ret;
- struct vacm_viewEntry *gp;
- char viewName[32];
- oid subtree[MAX_OID_LEN];
- int subtreeLen = 0;
- oid *op, *op1;
- int len;
- char *cp;
- if (var_val_type != ASN_INTEGER) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyStatus not ASN_INTEGERn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(long_ret)) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyStatus: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- long_ret = *((long *) var_val);
- /* search for struct in linked list */
- if (name_len < 15) return SNMP_ERR_INCONSISTENTVALUE;
- op = name+12;
- len = *op++;
- if (len > name_len)
- return SNMP_ERR_INCONSISTENTVALUE;
- cp = viewName;
- while (len-- > 0) {
- if (*op > 255)
- return 0; /* illegal value */
- *cp++ = (char) *op++;
- }
- *cp = 0;
- len = *op++;
- if (len > name_len)
- return SNMP_ERR_INCONSISTENTVALUE;
- op1 = subtree;
- while (len-- > 0) {
- *op1++ = *op++;
- subtreeLen++;
- }
- if (op != name + name_len) {
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- gp = vacm_getViewEntry(viewName, subtree, subtreeLen);
- if (gp == NULL) {
- /* row doesn't exist, check valid possibilities */
- if (long_ret == SNMP_ROW_DESTROY)
- /* re: RFC 1903, destroying a non-existent row is noError, whatever */
- onCommitDo = NOTHING;
- /* check if this is for a new row creation */
- else if (long_ret == SNMP_ROW_CREATEANDGO || long_ret == SNMP_ROW_CREATEANDWAIT)
- onCommitDo = CREATE;
- else /* no valid sets for no row being found so... */
- return SNMP_ERR_NOSUCHNAME;
- }
- else { /* row exists */
- /* check if it is changeable */
- if (gp->viewStorageType == SNMP_STORAGE_READONLY) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyStatus: row is read onlyn"));
- return SNMP_ERR_READONLY;
- }
- /* check if row is to be destroyed (note: it is ok to destroy notReady row!) */
- else if (long_ret == SNMP_ROW_DESTROY) {
- if (gp->viewStorageType == SNMP_STORAGE_PERMANENT) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyStatus: unable to destroy permanent rown"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- else {
- onCommitDo = DESTROY;
- }
- }
- /* check if row is new and can be changed from notready yet */
- else if (gp->viewStatus == SNMP_ROW_NOTREADY) {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyStatus: unable to change from NOTREADYn"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- /* we now know the row status can be set, check for the two valid settings left*/
- else if ( (long_ret == SNMP_ROW_ACTIVE) ||
- (long_ret == SNMP_ROW_NOTINSERVICE) ) {
- onCommitDo = CHANGE;
- }
- /* not a valid setting */
- else {
- DEBUGMSGTL(("vacmViewTreeFamily","write to vacmViewTreeFamilyStatus: Bad value for setn"));
- return SNMP_ERR_INCONSISTENTVALUE;
- }
- } /* if row exist */
- /* if this is a commit, do expected action */
- if (action == COMMIT) {
- switch(onCommitDo) {
- case CREATE :
- if (vacm_createViewEntry(viewName, subtree, (size_t)subtreeLen) == 0) {
- DEBUGMSGTL(("vacmViewTreeFamily", "write to vacmViewTreeFamilyStatus: "));
- DEBUGMSG(("vacmViewTreeFamily","failed new row creation, bad OID/index value n"));
- return SNMP_ERR_GENERR;
- }
- break;
- case DESTROY:
- vacm_destroyViewEntry(viewName, subtree, subtreeLen);
- break;
- case CHANGE:
- gp->viewStatus = long_ret;
- break;
- case NOTHING:
- default:
- break;
- }
- }
- return SNMP_ERR_NOERROR;
- } /* vacmViewTreeFamilyStatus */
- /**************************************************
- *Spin Lock
- **************************************************/
- u_char *
- var_vacmViewSpinLock(
- struct variable *vp,
- oid *name,
- int *length,
- int exact,
- int *var_len,
- WriteMethod **write_method)
- {
- static long long_ret;
- *write_method = NULL;
- if (header_generic(vp,name,length,exact,var_len,write_method) == MATCH_FAILED)
- return NULL;
- switch(vp->magic) {
- case VACMVIEWSPINLOCK:
- *write_method = write_vacmViewSpinLock;
- long_ret = vacmViewSpinLockValue;
- *var_len = sizeof (long);
- return (unsigned char *) &long_ret;
- default:
- snmp_trace ("SNMP in var_vacmViewSpinLock: unknown suboidn");
- }
- return NULL;
- }
- int write_vacmViewSpinLock(
- int action,
- u_char *var_val,
- u_char var_val_type,
- int var_val_len,
- u_char *statP,
- oid *name,
- int name_len)
- {
- /* variables we may use later */
- static long long_ret;
- if (var_val_type != ASN_INTEGER){
- DEBUGMSGTL(("usmUser","write to usmUserSpinLock not ASN_INTEGERn"));
- return SNMP_ERR_WRONGTYPE;
- }
- if (var_val_len > sizeof(long_ret)){
- DEBUGMSGTL(("usmUser","write to usmUserSpinLock: bad lengthn"));
- return SNMP_ERR_WRONGLENGTH;
- }
- long_ret = *((long *) var_val);
- if (long_ret != (long)vacmViewSpinLockValue)
- return SNMP_ERR_INCONSISTENTVALUE;
- if (action == COMMIT) {
- if (vacmViewSpinLockValue == 2147483647)
- vacmViewSpinLockValue = 0;
- else
- vacmViewSpinLockValue++;
- }
- return SNMP_ERR_NOERROR;
- } /* end write_usmUserSpinLock() */