📄 vacm_vars.c
字号:
imodel = SNMP_SEC_MODEL_ANY;
}
else {
config_perror("bad security model, should be: v1, v2c or usm");
return;
}
if (strlen(security)+1 > sizeof(gp->groupName)) {
config_perror("security name too long");
return;
}
gp = vacm_createGroupEntry(imodel, security);
if (!gp) {
config_perror("failed to create group entry");
return;
}
strcpy (gp->groupName, group);
gp->storageType = SNMP_STORAGE_PERMANENT;
gp->status = SNMP_ROW_ACTIVE;
free (gp->reserved);
gp->reserved = NULL;
}
void vacm_free_group (void)
{
vacm_destroyAllGroupEntries();
}
void vacm_parse_access (const char *token, char *param)
{
char *name, *context, *model, *level, *prefix, *readView, *writeView, *notify;
int imodel, ilevel, iprefix;
struct vacm_accessEntry *ap;
name = strtok(param, " \t\n");
if (!name) {
config_perror("missing NAME parameter");
return;
}
context = strtok(NULL, " \t\n");
if (!context) {
config_perror("missing CONTEXT parameter");
return;
}
model = strtok(NULL, " \t\n");
if (!model) {
config_perror("missing MODEL parameter");
return;
}
level = strtok(NULL, " \t\n");
if (!level) {
config_perror("missing LEVEL parameter");
return;
}
prefix = strtok(NULL, " \t\n");
if (!prefix) {
config_perror("missing PREFIX parameter");
return;
}
readView = strtok(NULL, " \t\n");
if (!readView) {
config_perror("missing readView parameter");
return;
}
writeView = strtok(NULL, " \t\n");
if (!writeView) {
config_perror("missing writeView parameter");
return;
}
notify = strtok(NULL, " \t\n");
if (!notify) {
config_perror("missing notifyView parameter");
return;
}
if (strcmp(context, "\"\"") == 0) *context = 0;
if (strcasecmp(model, "any") == 0) imodel = SNMP_SEC_MODEL_ANY;
else if (strcasecmp(model, "v1") == 0) imodel = SNMP_SEC_MODEL_SNMPv1;
else if (strcasecmp(model, "v2c") == 0) imodel = SNMP_SEC_MODEL_SNMPv2c;
else if (strcasecmp(model, "usm") == 0) imodel = SNMP_SEC_MODEL_USM;
else {
config_perror("bad security model (any, v1, v2c, usm)");
return;
}
if (strcasecmp(level, "noauth") == 0) ilevel = SNMP_SEC_LEVEL_NOAUTH;
else if (strcasecmp(level, "noauthnopriv") == 0) ilevel = SNMP_SEC_LEVEL_NOAUTH;
else if (strcasecmp(level, "auth") == 0) ilevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
else if (strcasecmp(level, "authnopriv") == 0) ilevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
else if (strcasecmp(level, "priv") == 0) ilevel = SNMP_SEC_LEVEL_AUTHPRIV;
else if (strcasecmp(level, "authpriv") == 0) ilevel = SNMP_SEC_LEVEL_AUTHPRIV;
else {
config_perror("bad security level (noauthnopriv, authnopriv, authpriv)");
return;
}
if (strcmp(prefix,"exact") == 0) iprefix = 1;
else if (strcmp(prefix,"prefix") == 0) iprefix = 2;
else if (strcmp(prefix,"0") == 0) {
config_perror("bad prefix match parameter \"0\", should be: exact or prefix - installing anyway");
iprefix = 1;
}
else {
config_perror("bad prefix match parameter, should be: exact or prefix");
return;
}
if (strlen(readView)+1 > sizeof(ap->readView)) {
config_perror("readView too long");
return;
}
if (strlen(writeView)+1 > sizeof(ap->writeView)) {
config_perror("writeView too long");
return;
}
if (strlen(notify)+1 > sizeof(ap->notifyView)) {
config_perror("notifyView too long");
return;
}
ap = vacm_createAccessEntry (name, context, imodel, ilevel);
if (!ap) {
config_perror("failed to create access entry");
return;
}
strcpy(ap->readView, readView);
strcpy(ap->writeView, writeView);
strcpy(ap->notifyView, notify);
ap->contextMatch = iprefix;
ap->storageType = SNMP_STORAGE_PERMANENT;
ap->status = SNMP_ROW_ACTIVE;
free (ap->reserved);
ap->reserved = NULL;
}
void vacm_free_access (void)
{
vacm_destroyAllAccessEntries();
}
void vacm_parse_view (const char *token,
char *param)
{
char *name, *type, *subtree, *mask;
int inclexcl;
struct vacm_viewEntry *vp;
oid suboid[MAX_OID_LEN];
size_t suboid_len = 0;
u_char viewMask[sizeof (vp->viewMask)];
int i;
name = strtok (param, " \t\n");
if (!name) {
config_perror("missing NAME parameter");
return;
}
type = strtok (NULL, " \n\t");
if (!type) {
config_perror("missing TYPE parameter");
return;
}
subtree = strtok(NULL, " \t\n");
if (!subtree) {
config_perror("missing SUBTREE parameter");
return;
}
mask = strtok(NULL, " \t\n");
if (strcmp(type, "included") == 0) inclexcl = SNMP_VIEW_INCLUDED;
else if (strcmp(type, "excluded") == 0) inclexcl = SNMP_VIEW_EXCLUDED;
else {
config_perror("TYPE must be included/excluded?");
return;
}
suboid_len = MAX_OID_LEN;
if (!read_objid(subtree, suboid, &suboid_len)) {
config_perror("bad SUBTREE object id");
return;
}
if (mask) {
int val;
i = 0;
for (mask = strtok(mask, ".:"); mask; mask = strtok(NULL, ".:")) {
if (i >= sizeof(viewMask)) {
config_perror("MASK too long");
return;
}
if (sscanf(mask, "%x", &val) == 0) {
config_perror("invalid MASK");
return;
}
viewMask[i] = val;
i++;
}
}
else {
for (i = 0; i < sizeof(viewMask); i++)
viewMask[i] = 0xff;
}
vp = vacm_createViewEntry(name, suboid, suboid_len);
if (!vp) {
config_perror("failed to create view entry");
return;
}
memcpy(vp->viewMask, viewMask, sizeof(viewMask));
vp->viewType = inclexcl;
vp->viewStorageType = SNMP_STORAGE_PERMANENT;
vp->viewStatus = SNMP_ROW_ACTIVE;
free (vp->reserved);
vp->reserved = NULL;
}
void vacm_free_view (void)
{
vacm_destroyAllViewEntries();
}
void vacm_parse_simple(const char *token, char *confline) {
char line[SPRINT_MAX_LEN];
char community[COMMUNITY_MAX_LEN];
char theoid[SPRINT_MAX_LEN];
char viewname[SPRINT_MAX_LEN];
char addressname[SPRINT_MAX_LEN];
const char *rw = "none";
const char *model = "any";
char *cp;
static int num = 0;
char secname[SPRINT_MAX_LEN];
char authtype[SPRINT_MAX_LEN];
/* community name or user name */
cp = copy_word(confline, community);
if (strcmp(token,"rouser") == 0 || strcmp(token,"rwuser") == 0) {
/* authentication type */
if (cp && *cp)
cp = copy_word(cp, authtype);
else
strcpy(authtype, "auth");
DEBUGMSGTL((token, "setting auth type: \"%s\"\n",authtype));
model = "usm";
} else {
/* source address */
if (cp && *cp) {
cp = copy_word(cp, addressname);
} else {
strcpy(addressname, "default");
}
/* authtype has to be noauth */
strcpy(authtype, "noauth");
}
/* oid they can touch */
if (cp && *cp) {
cp = copy_word(cp, theoid);
} else {
strcpy(theoid, ".1");
}
if (strcmp(token,"rwcommunity") == 0 || strcmp(token,"rwuser") == 0)
rw = viewname;
if (strcmp(token,"rwcommunity") == 0 || strcmp(token,"rocommunity") == 0) {
/* com2sec mapping */
/* com2sec anonymousSecNameNUM ADDRESS COMMUNITY */
sprintf(secname, "anonymousSecName%03d", num);
sprintf(line,"%s %s %s", secname, addressname, community);
DEBUGMSGTL((token,"passing: %s %s\n", "com2sec", line));
vacm_parse_security("com2sec",line);
/* sec->group mapping */
/* group anonymousGroupNameNUM any anonymousSecNameNUM */
sprintf(line,"anonymousGroupName%03d v1 %s", num, secname);
DEBUGMSGTL((token,"passing: %s %s\n", "group", line));
vacm_parse_group("group",line);
sprintf(line,"anonymousGroupName%03d v2c %s", num, secname);
DEBUGMSGTL((token,"passing: %s %s\n", "group", line));
vacm_parse_group("group",line);
} else {
strcpy(secname, community);
/* sec->group mapping */
/* group anonymousGroupNameNUM any anonymousSecNameNUM */
sprintf(line,"anonymousGroupName%03d usm %s", num, secname);
DEBUGMSGTL((token,"passing: %s %s\n", "group", line));
vacm_parse_group("group",line);
}
/* view definition */
/* view anonymousViewNUM included OID */
sprintf(viewname,"anonymousView%03d",num);
sprintf(line,"%s included %s", viewname, theoid);
DEBUGMSGTL((token,"passing: %s %s\n", "view", line));
vacm_parse_view("view",line);
/* map everything together */
/* access anonymousGroupNameNUM "" MODEL AUTHTYPE exact anonymousViewNUM [none/anonymousViewNUM] [none/anonymousViewNUM] */
sprintf(line, "anonymousGroupName%03d \"\" %s %s exact %s %s %s", num,
model, authtype, viewname, rw, rw);
DEBUGMSGTL((token,"passing: %s %s\n", "access", line));
vacm_parse_access("access",line);
num++;
}
int
vacm_in_view_callback(int majorID, int minorID, void *serverarg,
void *clientarg) {
struct view_parameters *view_parms = (struct view_parameters *) serverarg;
int retval;
if (view_parms == NULL)
return 1;
retval = vacm_in_view(view_parms->pdu, view_parms->name,
view_parms->namelen);
if (retval != 0)
view_parms->errorcode = retval;
return retval;
}
/*******************************************************************-o-******
* vacm_in_view
*
* Parameters:
* *pdu
* *name
* namelen
*
* Returns:
* 0 On success.
* 1 Missing security name.
* 2 Missing group
* 3 Missing access
* 4 Missing view
* 5 Not in view
*
* Debug output listed as follows:
* <securityName> <groupName> <viewName> <viewType>
*/
int vacm_in_view (struct snmp_pdu *pdu,
oid *name,
size_t namelen)
{
struct vacm_securityEntry *sp = securityFirst;
struct vacm_accessEntry *ap;
struct vacm_groupEntry *gp;
struct vacm_viewEntry *vp;
struct sockaddr_in *pduIp = (struct sockaddr_in*)&(pdu->address);
struct sockaddr_in *srcIp, *srcMask;
char *vn;
char *sn;
if (pdu->version == SNMP_VERSION_1 || pdu->version == SNMP_VERSION_2c) {
if (snmp_get_do_debugging()) {
char *buf;
if (pdu->community) {
buf = malloc(1+ pdu->community_len);
memcpy(buf, pdu->community, pdu->community_len);
buf[pdu->community_len] = '\0';
} else {
DEBUGMSGTL(("mibII/vacm_vars", "NULL community"));
buf = strdup("NULL");
}
DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: ver=%d, source=%.8x, community=%s\n", pdu->version, pduIp->sin_addr.s_addr, buf));
free (buf);
}
/* allow running without snmpd.conf */
if (sp == NULL && !vacm_is_configured()) {
DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: accepted with no com2sec entries\n"));
switch (pdu->command) {
case SNMP_MSG_GET:
case SNMP_MSG_GETNEXT:
case SNMP_MSG_GETBULK:
return 0;
default:
return 1;
}
}
while (sp) {
srcIp = (struct sockaddr_in *)&(sp->sourceIp);
srcMask = (struct sockaddr_in *)&(sp->sourceMask);
if ((pduIp->sin_addr.s_addr & srcMask->sin_addr.s_addr)
== srcIp->sin_addr.s_addr
&& strlen(sp->community) == pdu->community_len
&& !strncmp(sp->community, (char *)pdu->community, pdu->community_len))
break;
sp = sp->next;
}
if (sp == NULL) return 1;
sn = sp->securityName;
} else if (pdu->securityModel == SNMP_SEC_MODEL_USM) {
DEBUGMSG (("mibII/vacm_vars",
"vacm_in_view: ver=%d, model=%d, secName=%s\n",
pdu->version, pdu->securityModel, pdu->securityName));
sn = pdu->securityName;
} else {
sn = NULL;
}
if (sn == NULL) return 1;
DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: sn=%s", sn));
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -