📄 vacmmib.java
字号:
vacmViewTreeFamilyColumns);
vacmViewTreeFamilyTableModel = new DefaultMOMutableTableModel();
vacmViewTreeFamilyTableModel.setRowFactory(new DefaultMOMutableRow2PCFactory());
vacmViewTreeFamilyTable.setModel(vacmViewTreeFamilyTableModel);
}
public void unregisterMOs(MOServer server, OctetString context) {
server.unregister(this.vacmContextTable, context);
server.unregister(this.vacmSecurityToGroupTable, context);
server.unregister(this.vacmAccessTable, context);
server.unregister(vacmViewSpinLock, context);
server.unregister(vacmViewTreeFamilyTable, context);
}
public int isAccessAllowed(OctetString context, OctetString securityName,
int securityModel, int securityLevel, int viewType,
OID oid) {
if (logger.isDebugEnabled()) {
logger.debug("VACM access requested for context="+context+
", securityName="+securityName+
", securityModel="+securityModel+
", securityLevel="+securityLevel+
", viewType="+viewType+
", OID="+oid);
}
if (!server.isContextSupported(context)) {
if (logger.isDebugEnabled()) {
logger.debug("Context '"+context+"' ist not supported");
}
return VACM.VACM_NO_SUCH_CONTEXT;
}
OctetString groupName = getGroupName(securityName, securityModel);
if (groupName == null) {
if (logger.isDebugEnabled()) {
logger.debug("No group name for securityName="+securityName+
" and securityModel="+securityModel);
}
return VACM.VACM_NO_GROUP_NAME;
}
OctetString viewName = getViewNameByGroup(context, securityModel,
securityLevel, viewType,
groupName);
if (viewName == null) {
return VACM.VACM_NO_ACCESS_ENTRY;
}
if (viewName.length() == 0) {
return VACM.VACM_NO_SUCH_VIEW;
}
return isAccessAllowed(viewName, oid);
}
public OctetString getViewName(OctetString context,
OctetString securityName,
int securityModel,
int securityLevel,
int viewType) {
OctetString groupName = getGroupName(securityName, securityModel);
if (groupName == null) {
return null;
}
return getViewNameByGroup(context, securityModel, securityLevel,
viewType, groupName);
}
private OctetString getViewNameByGroup(OctetString context, int securityModel,
int securityLevel, int viewType,
OctetString groupName) {
List accessEntries = getAccessEntries(groupName);
if (logger.isDebugEnabled()) {
logger.debug("Got views "+accessEntries+
" for group name '"+groupName+"'");
}
MOTableRow possibleMatch = null;
boolean foundExactContextMatch = false;
boolean foundMatchedSecModel = false;
int foundContextPrefixLength = 0;
int foundSecLevel = 0;
for (Iterator it = accessEntries.iterator(); it.hasNext(); ) {
MOTableRow row = (MOTableRow) it.next();
if (((Integer32)row.getValue(idxVacmAccessRowStatus)).getValue() !=
RowStatus.active) {
continue;
}
Variable[] indexValues = vacmAccessIndex.getIndexValues(row.getIndex());
OctetString rowContext =
(OctetString) indexValues[idxVacmAccessContextPrefix];
int rowSecurityModel =
((Integer32)indexValues[idxVacmAccessSecurityModel]).getValue();
int rowSecurityLevel =
((Integer32)indexValues[idxVacmAccessSecurityLevel]).getValue();
int rowContextMatch =
((Integer32)row.getValue(idxVacmAccessContextMatch)).getValue();
boolean exactContextMatch = rowContext.equals(context);
boolean prefixMatch = (!exactContextMatch) &&
((rowContextMatch == vacmPrefixMatch) &&
(context.startsWith(rowContext)));
boolean matchSecModel = (rowSecurityModel == securityModel);
boolean matchSecLevel = (rowSecurityLevel <= securityLevel);
if ((exactContextMatch || prefixMatch) &&
((matchSecModel) ||
(rowSecurityModel == SecurityModel.SECURITY_MODEL_ANY)) &&
matchSecLevel) {
// check better match
if ((possibleMatch == null) ||
(((!foundMatchedSecModel) && (matchSecModel)) ||
(((!foundMatchedSecModel) || (matchSecModel)) &&
((!foundExactContextMatch) && (exactContextMatch)) ||
((((!foundExactContextMatch) || (exactContextMatch)) &&
(foundContextPrefixLength < rowContext.length())) ||
((foundContextPrefixLength == rowContext.length()) &&
(foundSecLevel < rowSecurityLevel)))))) {
possibleMatch = row;
foundExactContextMatch = exactContextMatch;
if (prefixMatch) {
foundContextPrefixLength = rowContext.length();
}
foundMatchedSecModel = matchSecModel;
foundSecLevel = securityLevel;
}
}
}
if (possibleMatch != null) {
OctetString viewName = null;
switch (viewType) {
case VACM.VIEW_READ: {
viewName =
(OctetString)possibleMatch.getValue(idxVacmAccessReadViewName);
break;
}
case VACM.VIEW_WRITE: {
viewName = (OctetString)
possibleMatch.getValue(idxVacmAccessWriteViewName);
break;
}
case VACM.VIEW_NOTIFY: {
viewName = (OctetString)
possibleMatch.getValue(idxVacmAccessNotifyViewName);
break;
}
}
if (logger.isDebugEnabled()) {
logger.debug("Matching view found for group name '"+groupName+"' is '"+
viewName+"'");
}
return viewName;
}
return null;
}
private OctetString getGroupName(OctetString securityName,
int securityModel) {
OID index = new OID();
index.append(securityModel);
index.append(securityName.toSubIndex(false));
MOTableRow row = vacmSecurityToGroupTableModel.getRow(index);
if (row != null) {
OctetString groupName = (OctetString) row.getValue(idxVacmGroupName);
if (logger.isDebugEnabled()) {
logger.debug("Found group name '"+groupName+"' for secName '"+
securityName+" and secModel "+securityModel);
}
return groupName;
}
return null;
}
public int isAccessAllowed(OctetString viewName, OID oid) {
List views = getViews(viewName);
if (views.size() == 0) {
return VACM.VACM_NO_SUCH_VIEW;
}
// iterate from back to forth because the views list must be ordered by
// subtree length (view name is the same for all entries) which is the
// criteria to find the appropritate view access entry.
for (int v=views.size()-1; v >= 0; v--) {
MOTableRow row = (MOTableRow) views.get(v);
if (((Integer32)row.getValue(idxVacmViewTreeFamilyRowStatus)).getValue()!=
RowStatus.active) {
// only active rows are relevant
continue;
}
OID index = row.getIndex();
Variable[] indexValues = vacmViewTreeFamilyIndex.getIndexValues(index);
OID subtree = (OID) indexValues[idxVacmViewTreeSubtree];
if (oid.size() < subtree.size()) {
// no match
continue;
}
OctetString mask = (OctetString) row.getValue(idxVacmViewTreeFamilyMask);
boolean match = true;
for (int i=0; i<subtree.size(); i++) {
if ((subtree.get(i) != oid.get(i)) && isBitSet(i, mask)) {
match = false;
break;
}
}
if (match) {
// we found the matching entry
if (((Integer32)row.getValue(idxVacmViewTreeFamilyType)).getValue() ==
vacmViewIncluded) {
if (logger.isDebugEnabled()) {
logger.debug("Access allowed for view '"+viewName+"' by subtree "+
subtree+" for OID "+oid);
}
return VACM.VACM_OK;
}
else {
// excluded
if (logger.isDebugEnabled()) {
logger.debug("Access denied for view '"+viewName+"' by subtree "+
subtree+" for OID "+oid);
}
return VACM.VACM_NOT_IN_VIEW;
}
}
}
return VACM.VACM_NOT_IN_VIEW;
}
/**
* Adds a security model and name to group name mapping to this VACM. Any
* already existing mapping for the security name and model will be silently
* replaced.
* @param securityModel
* the security model.
* @param securityName
* the security name.
* @param groupName
* the group name.
* @param storageType
* the storage type for the new entry.
*/
public void addGroup(int securityModel, OctetString securityName,
OctetString groupName, int storageType) {
OID index = createGroupIndex(securityModel, securityName);
Variable[] values = new Variable[vacmSecurityToGroupTable.getColumnCount()];
values[idxVacmGroupName] = groupName;
values[idxVacmSecurityToGroupStorageType] = new Integer32(storageType);
values[idxVacmSecurityToGroupRowStatus] = new Integer32(RowStatus.active);
MOTableRow row = vacmSecurityToGroupTable.createRow(index, values);
vacmSecurityToGroupTableModel.addRow(row);
}
private static OID createGroupIndex(int securityModel,
OctetString securityName) {
OID index = new OID();
index.append(securityModel);
index.append(securityName.toSubIndex(false));
return index;
}
/**
* Removes a security model and name to group name mapping from this VACM.
* @param securityModel
* the security model.
* @param securityName
* the security name.
* @return
* <code>true</code> when the entry has been removed or <code>false</code>
* if such a mapping could not be found.
*/
public boolean removeGroup(int securityModel, OctetString securityName) {
OID index = createGroupIndex(securityModel, securityName);
return (vacmSecurityToGroupTableModel.removeRow(index) != null);
}
/**
* Adds an access entry to this VACM and thus adds access rights for a group.
* @param groupName
* the group for which access rights are to be added.
* @param contextPrefix
* the context or context prefix.
* @param securityModel
* the security model
* @param securityLevel
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -