snmp_view_based_acm_mib.erl

来自「OTP是开放电信平台的简称」· ERL 代码 · 共 825 行 · 第 1/2 页

%% ``The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
%% compliance with the License. You should have received a copy of the
%% Erlang Public License along with this software. If not, it can be
%% retrieved via the world wide web at http://www.erlang.org/.
%% 
%% Software distributed under the License is distributed on an "AS IS"
%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
%% the License for the specific language governing rights and limitations
%% under the License.
%% 
%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
%% AB. All Rights Reserved.''
%% 
%%     $Id$
%%
-module(snmp_view_based_acm_mib).

-export([configure/1, reconfigure/1, table_next/2, get/3]).

-export([vacmAccessTable/1, vacmAccessTable/3,
	 vacmContextTable/1, vacmContextTable/3,
	 vacmSecurityToGroupTable/1, vacmSecurityToGroupTable/3,
	 vacmViewSpinLock/1, vacmViewSpinLock/2,
	 vacmViewTreeFamilyTable/1, vacmViewTreeFamilyTable/3]).
-export([add_sec2group/3,     delete_sec2group/1,
	 add_access/8,        delete_access/1,
	 add_view_tree_fam/4, delete_view_tree_fam/1]).

%% Internal exports
-export([check_vacm/1]).


-include("snmp_types.hrl").
-include("SNMPv2-TC.hrl").
-include("SNMP-VIEW-BASED-ACM-MIB.hrl").
-include("snmpa_vacm.hrl").


-define(VMODULE,"VACM-MIB").
-include("snmp_verbosity.hrl").

-ifndef(default_verbosity).
-define(default_verbosity,silence).
-endif.


%%-----------------------------------------------------------------
%% Func: configure/1
%% Args: Dir is the directory where the configuration files are found.
%% Purpose: If the tables doesn't exist, this function reads
%%          the config-files for the VACM tables, and
%%          inserts the data.  This means that the data in the tables
%%          survive a reboot.  However, the StorageType column is
%%          checked for each row.  If volatile, the row is deleted.
%% Returns: ok
%% Fails: exit(configuration_error)
%%-----------------------------------------------------------------
configure(Dir) ->
    set_sname(),
    case db(vacmSecurityToGroupTable) of
        {_, mnesia} ->
            ?vdebug("vacm security-to-group table in mnesia: cleanup",[]),
            gc_tabs(),
	    init_vacm_mnesia();
        TabDb ->
	    case snmpa_local_db:table_exists(TabDb) of
		true ->
		    ?vdebug("vacm security-to-group table already exist: "
			    "cleanup",[]),
		    gc_tabs();
		false ->
		    ?vdebug("vacm security-to-group table does not exist: "
			    "reconfigure",[]),
		    reconfigure(Dir)
	    end
    end.

%%-----------------------------------------------------------------
%% Func: reconfigure/1
%% Args: Dir is the directory where the configuration files are found.
%% Purpose: Reads the config-files for the VACM tables, and
%%          inserts the data.  Makes sure that all old data in
%%          the tables are deleted, and the new data inserted.
%%          This function makes sure that all (and only) 
%%          config-file-data are in the tables. 
%% Returns: ok
%% Fails: exit(configuration_error)
%%-----------------------------------------------------------------
reconfigure(Dir) ->
    set_sname(),
    case (catch do_reconfigure(Dir)) of
	ok ->
	    ok;
	{error, Reason} ->
	    ?vinfo("reconfigure error: ~p", [Reason]),
	    config_err("reconfigure failed: ~p", [Reason]),
	    exit(configuration_error);
	Error ->
	    ?vinfo("reconfigure failed: ~p", [Error]),
	    config_err("reconfigure failed: ~p", [Error]),
	    exit(configuration_error)
    end.

do_reconfigure(Dir) ->
    ?vdebug("read vacm configuration files",[]),
    {Sec2Group, Access, View} = read_vacm_config_files(Dir),
    ?vdebug("initiate tables",[]),
    init_tabs(Sec2Group, Access, View),
    ok.

read_vacm_config_files(Dir) ->
    ?vdebug("read vacm config file",[]),
    Gen    = fun(_) -> ok end,
    Filter = fun(Vacms) -> 
                     Sec2Group = [X || {vacmSecurityToGroup, X} <- Vacms],
                     Access = [X || {vacmAccess, X} <- Vacms],
                     View = [X || {vacmViewTreeFamily, X} <- Vacms],
                     {Sec2Group, Access, View}
             end,
    Check  = fun(Entry) -> check_vacm(Entry) end,
    [Vacms] = snmp_conf:read_files(Dir, [{Gen, Filter, Check, "vacm.conf"}]),
    Vacms.

%%-----------------------------------------------------------------
%% VACM tables
%%-----------------------------------------------------------------
check_vacm({vacmSecurityToGroup, SecModel, SecName, GroupName}) ->
    {ok, SecM} = snmp_conf:check_sec_model(SecModel, []),
    snmp_conf:check_string(SecName),
    snmp_conf:check_string(GroupName),

    Vacm = {SecM, SecName, GroupName,
	    ?'StorageType_nonVolatile', ?'RowStatus_active'},
    {ok, {vacmSecurityToGroup, Vacm}};
check_vacm({vacmAccess, GroupName, Prefix, SecModel, SecLevel,
            Match, RV, WV, NV}) ->
    snmp_conf:check_string(GroupName),
    snmp_conf:check_string(Prefix),
    {ok, SecM} = snmp_conf:check_sec_model(SecModel, []),
    {ok, SecL} = snmp_conf:check_sec_level(SecLevel),
    MatchAlt = [{exact, ?vacmAccessContextMatch_exact},
		{prefix, ?vacmAccessContextMatch_prefix}],
    {ok, M} = snmp_conf:check_atom(Match, MatchAlt),
    snmp_conf:check_string(RV),
    snmp_conf:check_string(WV),
    snmp_conf:check_string(NV),

    %% GN, Prefix, Model, Level, Row
    Vacm = {GroupName, Prefix, SecM, SecL, 
	    {M, RV, WV, NV,
	     ?'StorageType_nonVolatile', ?'RowStatus_active'}},
    {ok, {vacmAccess, Vacm}};
check_vacm({vacmViewTreeFamily, ViewName, Tree, Type, Mask}) ->
    snmp_conf:check_string(ViewName),
    snmp_conf:check_oid(Tree),
    {ok, TypeVal} =
        snmp_conf:check_atom(Type, [{included, ?view_included},
				    {excluded, ?view_excluded}]),
    MaskVal = 
        case (catch snmp_conf:check_atom(Mask, [{null, []}])) of
            {error, _}  -> 
                snmp_conf:check_oid(Mask),
                Mask;
	    {ok, X} ->
		X
	end,
    Vacm = {ViewName, Tree, MaskVal, TypeVal, 
	    ?'StorageType_nonVolatile', ?'RowStatus_active'},
    {ok, {vacmViewTreeFamily, Vacm}};
check_vacm(X) ->
    error({invalid_vacm, X}).


init_tabs(Sec2Group, Access, View) ->
    ?vdebug("create vacm security-to-group table",[]),
    snmpa_local_db:table_delete(db(vacmSecurityToGroupTable)),
    snmpa_local_db:table_create(db(vacmSecurityToGroupTable)),
    init_sec2group_table(Sec2Group),
    init_access_table(Access),
    ?vdebug("create vacm view-tree-family table",[]),
    snmpa_local_db:table_delete(db(vacmViewTreeFamilyTable)),
    snmpa_local_db:table_create(db(vacmViewTreeFamilyTable)),
    init_view_table(View).
    
init_sec2group_table([Row | T]) ->
%     ?vtrace("init security-to-group table: "
% 	    "~n   Row: ~p",[Row]),    
    Key1 = element(1, Row),
    Key2 = element(2, Row),
    Key = [Key1, length(Key2) | Key2],
    snmpa_local_db:table_create_row(db(vacmSecurityToGroupTable), Key, Row),
    init_sec2group_table(T);
init_sec2group_table([]) -> true.

init_access_table([{GN, Prefix, Model, Level, Row} | T]) ->
%     ?vtrace("init access table: "
% 	    "~n   GN:     ~p"
% 	    "~n   Prefix: ~p"
% 	    "~n   Model:  ~p"
% 	    "~n   Level:  ~p"
% 	    "~n   Row:    ~p",[GN, Prefix, Model, Level, Row]),    
    Key = [length(GN) | GN] ++ [length(Prefix) | Prefix] ++ [Model, Level],
    snmpa_vacm:insert([{Key, Row}], false),
    init_access_table(T);
init_access_table([]) ->
    snmpa_vacm:dump_table().

init_view_table([Row | T]) ->
%     ?vtrace("init view table: "
% 	    "~n   Row: ~p",[Row]),    
    Key1 = element(1, Row),
    Key2 = element(2, Row),
    Key = [length(Key1) | Key1] ++ [length(Key2) | Key2],
    snmpa_local_db:table_create_row(db(vacmViewTreeFamilyTable), Key, Row),
    init_view_table(T);
init_view_table([]) -> true.


table_cre_row(Tab, Key, Row) ->
    snmpa_mib_lib:table_cre_row(db(Tab), Key, Row).

table_del_row(Tab, Key) ->
    snmpa_mib_lib:table_del_row(db(Tab), Key).


%% add_sec2group(SecModel, SecName, GroupName) -> Result
%% Result -> {ok, Key} | {error, Reason}
%% Key -> term()
%% Reason -> term()
add_sec2group(SecModel, SecName, GroupName) ->
    Sec2Grp = {vacmSecurityToGroup, SecModel, SecName, GroupName},
    case (catch check_vacm(Sec2Grp)) of
	{ok, {vacmSecurityToGroup, Row}} ->
	    Key1 = element(1, Row),
	    Key2 = element(2, Row),
	    Key = [Key1, length(Key2) | Key2],
	    case table_cre_row(vacmSecurityToGroupTable, Key, Row) of
		true ->
		    {ok, Key};
		false ->
		    {error, create_failed}
            end;
	{error, Reason} ->
	    {error, Reason};
        Error ->
            {error, Error}
    end.

delete_sec2group(Key) ->
    case table_del_row(vacmSecurityToGroupTable, Key) of
	true ->
	    ok;
	false ->
	    {error, delete_failed}
    end.
    
%% NOTE: This function must be used in conjuction with
%%       snmpa_vacm:dump_table.
%%       That is, when all access has been added, call
%%       snmpa_vacm:dump_table/0
add_access(GroupName, Prefix, SecModel, SecLevel, Match, RV, WV, NV) ->
    Access = {vacmAccess, GroupName, Prefix, SecModel, SecLevel, 
	      Match, RV, WV, NV},
    case (catch check_vacm(Access)) of
	{ok, {vacmAccess, {GN, Pref, SM, SL, Row}}} ->
	    Key1 = [length(GN) | GN],
	    Key2 = [length(Pref) | Pref],
	    Key3 = [SM, SL],
	    Key  = Key1 ++ Key2 ++ Key3, 
	    snmpa_vacm:insert([{Key, Row}], false),
	    {ok, Key};
	{error, Reason} ->
	    {error, Reason};
        Error ->
            {error, Error}
    end.

delete_access(Key) ->
    snmpa_vacm:delete(Key).


add_view_tree_fam(ViewIndex, SubTree, Status, Mask) ->
    VTF = {vacmViewTreeFamily, ViewIndex, SubTree, Status, Mask},
    case (catch check_vacm(VTF)) of
	{ok, {vacmViewTreeFamily, Row}} ->
	    Key1 = element(1, Row),
	    Key2 = element(2, Row),
	    Key  = [length(Key1) | Key1] ++ [length(Key2) | Key2],
	    case table_cre_row(vacmViewTreeFamilyTable, Key, Row) of
		true ->
		    {ok, Key};
		false ->
		    {error, create_failed}
            end;
	{error, Reason} ->
	    {error, Reason};
        Error ->
            {error, Error}
    end.

delete_view_tree_fam(Key) ->
    case table_del_row(vacmViewTreeFamilyTable, Key) of
	true ->
	    ok;
	false ->
	    {error, delete_failed}
    end.

    
gc_tabs() ->
    SecDB  = db(vacmSecurityToGroupTable),
    SecSTC = stc(vacmSecurityToGroupTable),
    SecFOI = foi(vacmSecurityToGroupTable),
    snmpa_mib_lib:gc_tab(SecDB, SecSTC, SecFOI),
    ViewDB  = db(vacmViewTreeFamilyTable),
    ViewSTC = stc(vacmViewTreeFamilyTable),
    ViewFOI = foi(vacmViewTreeFamilyTable),
    snmpa_mib_lib:gc_tab(ViewDB, ViewSTC, ViewFOI),
    ok.

init_vacm_mnesia() ->
    F = fun(RowIndex, Row) ->
                snmpa_vacm:insert([{RowIndex, Row}], false)
        end,
    
    %% The 5 is intentional: It is a trick to get a tuple with the
    %% columns needed by the vacm ets-table (corresponding to the 
    %% tuple read from the config files). Therefor, 5 since it it
    %% is not a real foi...
    snmp_generic:table_foreach({vacmAccessTable, mnesia}, F, 5).


%%-----------------------------------------------------------------
%% The context table is actually implemented in an internal,
%% non-snmp visible table intContextTable.
%%-----------------------------------------------------------------
vacmContextTable(_Op) ->
    ok.
vacmContextTable(Op, Arg1, Arg2) ->
    snmp_framework_mib:intContextTable(Op, Arg1, Arg2).


vacmSecurityToGroupTable(Op) ->
    snmp_generic:table_func(Op, db(vacmSecurityToGroupTable)).

vacmSecurityToGroupTable(get_next, RowIndex, Cols) ->
    next(vacmSecurityToGroupTable, RowIndex, Cols);
vacmSecurityToGroupTable(get, RowIndex, Cols) ->
    get(vacmSecurityToGroupTable, RowIndex, Cols);
vacmSecurityToGroupTable(set, RowIndex, Cols0) ->
    ?vtrace("vacmSecurityToGroupTable(set) -> entry with"
	    "~n   RowIndex: ~p"
	    "~n   Cols0:    ~p", [RowIndex, Cols0]),
    case (catch verify_vacmSecurityToGroupTable_cols(Cols0, [])) of
	{ok, Cols} ->
	    ?vtrace("vacmSecurityToGroupTable(set) -> verified: "
		    "~n   Cols: ~p", [Cols]),
	    snmp_generic:table_func(set, RowIndex, Cols, 
				    db(vacmSecurityToGroupTable));
	Error ->
	    Error
    end;
vacmSecurityToGroupTable(is_set_ok, RowIndex, Cols0) ->
    ?vtrace("vacmSecurityToGroupTable(is_set_ok) -> entry with"
	    "~n   RowIndex: ~p"
	    "~n   Cols0:    ~p", [RowIndex, Cols0]),
    case (catch verify_vacmSecurityToGroupTable_cols(Cols0, [])) of
	{ok, Cols} ->
	    ?vtrace("vacmSecurityToGroupTable(is_set_ok) -> verified: "
		    "~n   Cols: ~p", [Cols]),
	    snmp_generic:table_func(is_set_ok, RowIndex, Cols, 
				    db(vacmSecurityToGroupTable));
	Error ->
	    Error
    end;
vacmSecurityToGroupTable(Op, Arg1, Arg2) ->
    snmp_generic:table_func(Op, Arg1, Arg2, db(vacmSecurityToGroupTable)).


verify_vacmSecurityToGroupTable_cols([], Cols) ->
    ?vtrace("verify_vacmSecurityToGroupTable_cols -> entry when done with"
	    "~n   Cols: ~p", [Cols]),
    {ok, lists:reverse(Cols)};
verify_vacmSecurityToGroupTable_cols([{Col, Val0}|Cols], Acc) ->
    ?vtrace("verify_vacmSecurityToGroupTable_cols -> entry with"
	    "~n   Col:  ~p"
	    "~n   Val0: ~p", [Col, Val0]),
    Val = verify_vacmSecurityToGroupTable_col(Col, Val0),
    ?vtrace("verify_vacmSecurityToGroupTable_cols -> verified: "
	    "~n   Val: ~p", [Val]),
    verify_vacmSecurityToGroupTable_cols(Cols, [{Col, Val}|Acc]).

verify_vacmSecurityToGroupTable_col(?vacmSecurityModel, Model) ->
    case Model of
	any      -> ?SEC_ANY;
	v1       -> ?SEC_ANY;
	v2c      -> ?SEC_ANY;
	usm      -> ?SEC_ANY;
	?SEC_ANY -> ?SEC_ANY;
	?SEC_V1  -> ?SEC_ANY;
	?SEC_V2C -> ?SEC_ANY;
	?SEC_USM -> ?SEC_ANY;
	_ ->
	    ?vlog("verification of vacmSecurityModel(~w) ~p failed", 
		  [?vacmSecurityModel, Model]),
	    wrongValue(?vacmSecurityModel)
    end;
verify_vacmSecurityToGroupTable_col(?vacmSecurityName, Name) ->
    case (catch snmp_conf:check_string(Name)) of
	ok ->
	    Name;