vacm_vars.c

Snmp（简单网管协议）软件包。

  }

  if (strcmp(token,"rwcommunity") == 0 || strcmp(token,"rwuser") == 0)
    rw = viewname;

  if (strcmp(token,"rwcommunity") == 0 || strcmp(token,"rocommunity") == 0) {
    /* com2sec mapping */
    /* com2sec anonymousSecNameNUM    ADDRESS  COMMUNITY */
    sprintf(secname, "anonymousSecName%03d", num);
    sprintf(line,"%s %s %s", secname, addressname, community);
    DEBUGMSGTL((token,"passing: %s %s\n", "com2sec", line));
    vacm_parse_security("com2sec",line);

    /* sec->group mapping */
    /* group   anonymousGroupNameNUM  any      anonymousSecNameNUM */
    sprintf(line,"anonymousGroupName%03d v1 %s", num, secname);
    DEBUGMSGTL((token,"passing: %s %s\n", "group", line));
    vacm_parse_group("group",line);
    sprintf(line,"anonymousGroupName%03d v2c %s", num, secname);
    DEBUGMSGTL((token,"passing: %s %s\n", "group", line));
    vacm_parse_group("group",line);
  } else {
    strcpy(secname, community);

    /* sec->group mapping */
    /* group   anonymousGroupNameNUM  any      anonymousSecNameNUM */
    sprintf(line,"anonymousGroupName%03d usm %s", num, secname);
    DEBUGMSGTL((token,"passing: %s %s\n", "group", line));
    vacm_parse_group("group",line);
  }


  /* view definition */
  /* view    anonymousViewNUM       included OID */
  sprintf(viewname,"anonymousView%03d",num);
  sprintf(line,"%s included %s", viewname, theoid);
  DEBUGMSGTL((token,"passing: %s %s\n", "view", line));
  vacm_parse_view("view",line);

  /* map everything together */
  /* access  anonymousGroupNameNUM  "" MODEL AUTHTYPE exact anonymousViewNUM [none/anonymousViewNUM] [none/anonymousViewNUM] */
  sprintf(line, "anonymousGroupName%03d  \"\" %s %s exact %s %s %s", num,
          model, authtype, viewname, rw, rw);
  DEBUGMSGTL((token,"passing: %s %s\n", "access", line));
  vacm_parse_access("access",line);
  num++;
}

int
vacm_in_view_callback(int majorID, int minorID, void *serverarg,
                      void *clientarg) {
  struct view_parameters *view_parms = (struct view_parameters *) serverarg;
  int retval;
  
  if (view_parms == NULL)
    return 1;
  retval = vacm_in_view(view_parms->pdu, view_parms->name,
                        view_parms->namelen);
  if (retval != 0)
    view_parms->errorcode = retval;
  return retval;
}


/*******************************************************************-o-******
 * vacm_in_view
 *
 * Parameters:
 *	*pdu
 *	*name
 *	 namelen
 *      
 * Returns:
 *	0	On success.
 *	1	Missing security name.
 *	2	Missing group
 *	3	Missing access
 *	4	Missing view
 *	5	Not in view
 *
 * Debug output listed as follows:
 *	<securityName> <groupName> <viewName> <viewType>
 */
int vacm_in_view (struct snmp_pdu *pdu,
		  oid *name,
		  size_t namelen)
{
    struct vacm_securityEntry *sp = securityFirst;
    struct vacm_accessEntry *ap;
    struct vacm_groupEntry *gp;
    struct vacm_viewEntry *vp;
    struct sockaddr_in *pduIp = (struct sockaddr_in*)&(pdu->address);
    struct sockaddr_in *srcIp, *srcMask;
    char *vn;
    char *sn;

    if (pdu->version == SNMP_VERSION_1 || pdu->version == SNMP_VERSION_2c) {
	if (snmp_get_do_debugging()) {
            char *buf;
            if (pdu->community) {
                buf = (char *)malloc(1+ pdu->community_len);
                memcpy(buf, pdu->community, pdu->community_len);
                buf[pdu->community_len] = '\0';
            } else {
                DEBUGMSGTL(("mibII/vacm_vars", "NULL community"));
                buf = strdup("NULL");
            }
            
	    DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: ver=%d, source=%.8x, community=%s\n", pdu->version, pduIp->sin_addr.s_addr, buf));
	    free (buf);
	}

	/* allow running without snmpd.conf */
	if (sp == NULL && !vacm_is_configured()) {
	    DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: accepted with no com2sec entries\n"));
	    switch (pdu->command) {
	    case SNMP_MSG_GET:
	    case SNMP_MSG_GETNEXT:
	    case SNMP_MSG_GETBULK:
		return 0;
	    default:
		return 1;
	    }
	}
	while (sp) {
	    srcIp   = (struct sockaddr_in *)&(sp->sourceIp);
	    srcMask = (struct sockaddr_in *)&(sp->sourceMask);
	    if ((pduIp->sin_addr.s_addr & srcMask->sin_addr.s_addr)
		    == srcIp->sin_addr.s_addr
                && strlen(sp->community) == pdu->community_len
		&& !strncmp(sp->community, (char *)pdu->community, pdu->community_len))
		break;
	    sp = sp->next;
	}
	if (sp == NULL) return 1;
	sn = sp->securityName;
    } else if (pdu->securityModel == SNMP_SEC_MODEL_USM) {
      DEBUGMSG (("mibII/vacm_vars",
                 "vacm_in_view: ver=%d, model=%d, secName=%s\n",
                 pdu->version, pdu->securityModel, pdu->securityName));
      sn = pdu->securityName;
    } else {
	sn = NULL;
    }

    if (sn == NULL) return 1;
    DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: sn=%s", sn));

    gp = vacm_getGroupEntry(pdu->securityModel, sn);
    if (gp == NULL) { DEBUGMSG(("mibII/vacm_vars", "\n")); return 2; }
    DEBUGMSG (("mibII/vacm_vars", ", gn=%s", gp->groupName));

    ap = vacm_getAccessEntry(gp->groupName, "", pdu->securityModel,
                             pdu->securityLevel);
    if (ap == NULL) { DEBUGMSG(("mibII/vacm_vars", "\n")); return 3; }

    if (name == 0) { /* only check the setup of the vacm for the request */
        DEBUGMSG(("mibII/vacm_vars", ", Done checking setup\n"));
        return 0;
    }

    switch (pdu->command) {
      case SNMP_MSG_GET:
      case SNMP_MSG_GETNEXT:
      case SNMP_MSG_GETBULK:
	vn = ap->readView;
	break;
      case SNMP_MSG_SET:
	vn = ap->writeView;
	break;
      case SNMP_MSG_TRAP:
      case SNMP_MSG_TRAP2:
      case SNMP_MSG_INFORM:
	vn = ap->notifyView;
	break;
      default:
        snmp_log(LOG_ERR, "bad msg type in vacm_in_view: %d\n", pdu->command);
	vn = ap->readView;
    }
    DEBUGMSG (("mibII/vacm_vars", ", vn=%s", vn));

    vp = vacm_getViewEntry (vn, name, namelen);
    if (vp == NULL) { DEBUGMSG(("mibII/vacm_vars", "\n")); return 4; }
    DEBUGMSG(("mibII/vacm_vars", ", vt=%d\n", vp->viewType));

    if (vp->viewType == SNMP_VIEW_EXCLUDED) return 5;

    return 0;

}  /* end vacm_in_view() */


u_char *var_vacm_sec2group(struct variable *vp,
			   oid *name,
			   size_t *length,
			   int exact,
			   size_t *var_len,
			   WriteMethod **write_method)
{
    struct vacm_groupEntry *gp;
    oid *groupSubtree;
    int groupSubtreeLen;
    int secmodel;
    char secname[VACMSTRINGLEN], *cp;

    *write_method = NULL;
    if (memcmp(name, vp->name, sizeof(oid)*vp->namelen) != 0) {
	memcpy(name, vp->name, sizeof(oid)*vp->namelen);
	*length = vp->namelen;
    }
    if (exact) {
	if (*length < 13) return NULL;

	secmodel = name[11];
	groupSubtree = name+13;
	groupSubtreeLen = *length - 13;
	cp = secname;
	while (groupSubtreeLen-- > 0) {
            if (*groupSubtree > 255)
		return 0; /* illegal value */
	    if (cp - secname > VACM_MAX_STRING)
		return 0;
	    *cp++ = (char) *groupSubtree++;
	}
	*cp = 0;

	gp = vacm_getGroupEntry(secmodel, secname);
    }
    else {
	secmodel = *length > 11 ? name[11] : 0;
	groupSubtree = name+12;
	groupSubtreeLen = *length - 12;
	cp = secname;
	while (groupSubtreeLen-- > 0) {
            if (*groupSubtree > 255)
		return 0; /* illegal value */
	    if (cp - secname > VACM_MAX_STRING)
	        return 0;
	    *cp++ = (char) *groupSubtree++;
	}
	*cp = 0;
	vacm_scanGroupInit();
	while ((gp = vacm_scanGroupNext()) != NULL) {
	    if (gp->securityModel > secmodel ||
		(gp->securityModel == secmodel && strcmp(gp->securityName, secname) > 0))
		break;
	}
	if (gp) {
	    name[11] = gp->securityModel;
	    *length = 12;
	    cp = gp->securityName;
	    while (*cp) {
		name[(*length)++] = *cp++;
	    }
	}
    }

    if (!gp && !exact) return NULL;

    *var_len =sizeof(long_return);
    switch (vp->magic) {
    case SECURITYMODEL:
	  if(gp)
	  {
	long_return = gp->securityModel;
	return (u_char *)&long_return;
	  }
	  return NULL;
    case SECURITYNAME:
	  if(gp)
	  {
	*var_len = gp->securityName[0];
	return (u_char *)&gp->securityName[1];
	  }
	  return NULL;
    case SECURITYGROUP:
	  *write_method = write_vacmGroupName;
	  if(gp)
	  {
	*var_len = strlen(gp->groupName);
	return (u_char *)gp->groupName;
	  }
	  return NULL;
    case SECURITYSTORAGE:
	  *write_method = write_vacmSecurityToGroupStorageType;
	  if(gp)
	  {
	long_return = gp->storageType;
	return (u_char *)&long_return;
	  }
	  return NULL;
    case SECURITYSTATUS:
	  *write_method = write_vacmSecurityToGroupStatus;
	  if(gp)
	  {
	long_return = gp->status;
	return (u_char *)&long_return;
    }
    return NULL;
    }
    return NULL;
}

u_char *var_vacm_access(struct variable *vp,
			oid *name,
			size_t *length,
			int exact,
			size_t *var_len,
			WriteMethod **write_method)
{
    struct vacm_accessEntry *gp;
    int secmodel;
    int seclevel;
    char groupName[VACMSTRINGLEN];
    char contextPrefix[VACMSTRINGLEN];
    oid *op;
    int len;
    char *cp;
    int cmp;

    *write_method = NULL;
    
    if (memcmp(name, vp->name, sizeof(oid)*vp->namelen) != 0) {
	memcpy(name, vp->name, sizeof(oid)*vp->namelen);
	*length = vp->namelen;
    }
	if (exact) 
	{
	if (*length < 15) return NULL;

	op = name+11;
	len = *op++;
	if (len > VACM_MAX_STRING)
	    return 0;
	cp = groupName;
	while (len-- > 0) {
            if (*op > 255)
		return 0; /* illegal value */
	    *cp++ = (char) *op++;
	}
	*cp = 0;
	len = *op++;
	if (len > VACM_MAX_STRING)
	    return 0;
	cp = contextPrefix;
	while (len-- > 0) {
            if (*op > 255)
		return 0; /* illegal value */
	    *cp++ = (char) *op++;
	}
	*cp = 0;
	secmodel = *op++;
	seclevel = *op++;
	if (op != name + *length) {
	    return NULL;
	}

	gp = vacm_getAccessEntry(groupName, contextPrefix, secmodel, seclevel);
    }
    else {
	secmodel = seclevel = 0;
	groupName[0] = 0;
	contextPrefix[0] = 0;
	op = name+11;
	if (op >= name + *length) {
	}
	else {
	    len = *op;
	    if (len > VACM_MAX_STRING)
	        return 0;
	    cp = groupName;
	    while (len-- >= 0) {
                if (*op > 255)
		    return 0; /* illegal value */
		*cp++ = (char) *op++;
	    }
	    *cp = 0;
	}
	if (op >= name + *length) {
	}
	else {
	    len = *op;
	    if (len > VACM_MAX_STRING)
	        return 0;
	    cp = contextPrefix;
	    while (len-- >= 0) {
                if (*op > 255)
		    return 0; /* illegal value */
		*cp++ = (char) *op++;
	    }
	    *cp = 0;
	}
	if (op >= name + *length) {
	}
	else {
	    secmodel = *op++;
	}
	if (op >= name + *length) {
	}
	else {
	    seclevel = *op++;
	}
	vacm_scanAccessInit();
	while ((gp = vacm_scanAccessNext()) != NULL) {
	    cmp = strcmp(gp->groupName, groupName);
	    if (cmp > 0) break;
	    if (cmp < 0) continue;
	    cmp = strcmp(gp->contextPrefix, contextPrefix);
	    if (cmp > 0) break;
	    if (cmp < 0) continue;
	    if (gp->securityModel > secmodel) break;
	    if (gp->securityModel < secmodel) continue;
	    if (gp->securityLevel > seclevel) break;
	}
	if (gp) {
	    *length = 11;
	    cp = gp->groupName;
	    do {
		name[(*length)++] = *cp++;
	    } while (*cp);
	    cp = gp->contextPrefix;
	    do {
		name[(*length)++] = *cp++;
	    } while (*cp);
	    name[(*length)++] = gp->securityModel;
	    name[(*length)++] = gp->securityLevel;
	}
    }

    if (!gp  && !exact) return NULL;
	
	

    *var_len =sizeof(long_return);
    switch (vp->magic) {
    case ACCESSMATCH:
	  *write_method = write_vacmAccessContextMatch;
	  if(gp)
	  {
	long_return = gp->contextMatch;
	return (u_char *)&long_return;
	  }
	  return NULL;
    case ACCESSLEVEL:
	  if(gp)
	  {
	long_return = gp->securityLevel;
	return (u_char *)&long_return;
	  }
	  return NULL;
    case ACCESSMODEL:
	  if(gp)
	  {
	long_return = gp->securityModel;
	return (u_char *)&long_return;
	  }
	  return NULL;
    case ACCESSPREFIX:
	  if(gp)
	  {
	*var_len = *gp->contextPrefix;
	return (u_char *)&gp->contextPrefix[1];
	  }
	  return NULL;
    case ACCESSREAD:
	  *write_method = write_vacmAccessReadViewName;
	  if(gp)
	  {
	*var_len = strlen(gp->readView);
	return (u_char *)gp->readView;
	  }
	  return NULL;
    case ACCESSWRITE:
	  *write_method = write_vacmAccessWriteViewName;
	  if(gp)
	  {
	*var_len = strlen(gp->writeView);
	return (u_char *)gp->writeView;
	  }
	  return NULL;
    case ACCESSNOTIFY:
	  *write_method = write_vacmAccessNotifyViewName;
	  if(gp)
	  {
	*var_len = strlen(gp->notifyView);
	return (u_char *)gp->notifyView;
	  }
	  return NULL;
    case ACCESSSTORAGE:
	  *write_method = write_vacmAccessStorageType;
	  if(gp)
	  {
	long_return = gp->storageType;
	return (u_char *)&long_return;
	  }
	  return NULL;
    case ACCESSSTATUS:
	  *write_method = write_vacmAccessStatus;
	  if(gp)
	  {
	long_return = gp->status;
	return (u_char *)&long_return;
    }
    return NULL;
    }
    return NULL;
}

u_char *var_vacm_view(struct variable *vp,
		      oid *name,
		      size_t *length,
		      int exact,
		      size_t *var_len,
		      WriteMethod **write_method)
{
    struct vacm_viewEntry *gp=NULL;
    char viewName[VACMSTRINGLEN];
    oid subtree[MAX_OID_LEN];
    size_t subtreeLen = 0;
    oid *op, *op1;
    int len;
    char *cp;
    int cmp,cmp2;

    *write_method = NULL;
    *var_len =sizeof(long_return);
    if(vp->magic != VACMVIEWSPINLOCK)
    {

    if (memcmp(name, vp->name, sizeof(oid)*vp->namelen) != 0) {
	memcpy(name, vp->name, sizeof(oid)*vp->namelen);
	*length = vp->namelen;
    }
    if (exact) {
	if (*length < 15) return NULL;

	op = name+12;
	len = *op++;
	if (len > VACM_MAX_STRING)
	    return 0;
	cp = viewName;
	while (len-- > 0) {
            if (*op > 255)
		return 0; 
	    *cp++ = (char) *op++;
	}
	*cp = 0;
	len = *op++;
	if (len > MAX_OID_LEN)
	    return 0;
	op1 = subtree;
	while (len-- > 0) {
	    *op1++ = (op != name + *length) ? *op++ : 0;
	    subtreeLen++;