v3mt_usr.c

wm PNE 3.3 source code, running at more than vxworks6.x version.

SNMP_User_Destroy(user);
}

/****************************************************************************
NAME:  usertable_destroy_undo

PURPOSE:  This routine attempts to undo a previous destory set.  It expects
          the old information to be pointed to by vb_priv and tries to
          reinstall it.  If we can't reinstall the user we leave
          the cleanup routine alone in order to get the FINISHED
          macro to run.

PARAMETERS:
        OIDC_T          Last component of the object id leading to 
                        the leaf node in the MIB.  This is usually
                        the identifier for the particular attribute
                        in the table.
        int             Number of components in the unused part of the
                        object identifier
        OIDC_T     *    Unused part of the object identifier
        SNMP_PKT_T *    SNMP packet currently being processsed.
        VB_T       *    Variable being processed.

RETURNS:  void
****************************************************************************/
/*ARGSUSED*/
static void
  usertable_destroy_undo(OIDC_T          last_match,
                         int             tcount,
                         OIDC_T         *tlist,
                         SNMP_PKT_T     *pktp,
                         VB_T           *vbp)
{
SNMP_USER_T *user;
bits8_t eng_id[ETC_USER_ENGINE_MAX], name[ETC_USER_USER_MAX];
ALENGTH_T id_len = ETC_USER_ENGINE_MAX, name_len = ETC_USER_USER_MAX;

/* assume things will go well and mark the vbp as done */
undoproc_good(pktp, vbp);

/* get the name info, no need to check as it's already been validated */
 (void) oid_to_string(tcount, tlist, &id_len, eng_id, 0);
 (void) oid_to_string(tcount - ((int)(id_len + 1)), tlist + id_len + 1,
                      &name_len, name, 0);

/* find the state block we saved and then reset the vb_priv info
   so we don't have any accidents later */
user       = (SNMP_USER_T *)vbp->vb_priv;
vbp->vb_priv = 0;

if (SNMP_User_Install(user, eng_id, id_len, name, name_len) == 0) {
#if defined(SNMP_V3_USER_DESTROY_UNDO) 
    if (SNMP_V3_USER_DESTROY_UNDO(pktp, vbp, 0, user) == 0) {
        vbp->vb_free_priv = 0;
        return;
        }
    else 
        SNMP_User_Deinstall(user);
#else
    vbp->vb_free_priv = 0;
    return;
#endif
    }

SNMP_User_Destroy(user);
undoproc_error(pktp, vbp, UNDO_FAILED);
return;
}

/****************************************************************************
NAME:  usertable_create_undo

PURPOSE:  This routine attempts to undo a previous create set.  It expects
          the new information to be pointed to by vb_priv and tries
          to deinstall and destroy the entry.

PARAMETERS:
        OIDC_T          Last component of the object id leading to 
                        the leaf node in the MIB.  This is usually
                        the identifier for the particular attribute
                        in the table.
        int             Number of components in the unused part of the
                        object identifier
        OIDC_T     *    Unused part of the object identifier
        SNMP_PKT_T *    SNMP packet currently being processsed.
        VB_T       *    Variable being processed.

RETURNS:  void
****************************************************************************/
/*ARGSUSED*/
static void
  usertable_create_undo(OIDC_T           last_match,
                        int              tcount,
                        OIDC_T          *tlist,
                        SNMP_PKT_T      *pktp,
                        VB_T            *vbp)
{
SNMP_USER_T *user;

/* assume things will go well */
undoproc_good(pktp, vbp);

/* find the state block we saved and then reset the vb_priv info
   so we don't have any accidents later */
user = (SNMP_USER_T *)vbp->vb_priv;
vbp->vb_priv      = 0;
vbp->vb_free_priv = 0;

#if defined(SNMP_V3_USER_CREATE_UNDO)
if (SNMP_V3_USER_CREATE_UNDO(pktp, vbp, user, 0)) {
    undoproc_error(pktp, vbp, UNDO_FAILED);
    return;
    }
#endif

SNMP_User_Deinstall(user);
SNMP_User_Destroy(user);
return;
}

/****************************************************************************
NAME:  usertable_update_undo

PURPOSE:  This routine attempts to undo a previous update set.  It expects
          the struct pointed to by vb_priv to contain the old information
          and a pointer to the new (installed) struct.

PARAMETERS:
        OIDC_T          Last component of the object id leading to 
                        the leaf node in the MIB.  This is usually
                        the identifier for the particular attribute
                        in the table.
        int             Number of components in the unused part of the
                        object identifier
        OIDC_T     *    Unused part of the object identifier
        SNMP_PKT_T *    SNMP packet currently being processsed.
        VB_T       *    Variable being processed.

RETURNS:  void
****************************************************************************/
/*ARGSUSED*/
static void
  usertable_update_undo(OIDC_T           last_match,
                        int              tcount,
                        OIDC_T          *tlist,
                        SNMP_PKT_T      *pktp,
                        VB_T            *vbp)
{
SNMP_USER_T *cur_user, *sav_user;

/* assume things will go well */
undoproc_good(pktp, vbp);

/* find the state block we saved and then reset the vb_priv info
   so we don't have any accidents later */
sav_user = (SNMP_USER_T *)vbp->vb_priv;
vbp->vb_priv      = 0;
vbp->vb_free_priv = 0;

cur_user = sav_user->next;

#if defined(SNMP_V3_USER_UPDATE_UNDO)
if (SNMP_V3_USER_UPDATE_UNDO(pktp, vbp, cur_user, sav_user)) {
    /* we had an undo failure indicate that to our
       caller and get rid of the olduser */
    undoproc_error(pktp, vbp, UNDO_FAILED);
    SNMP_User_Destroy(sav_user);
    return;
    }
#endif

/* ignoring the error return because we know that the cur_user is in
 * fact installed and thus an error is impossible.
 */

(void)SNMP_User_Swap_Users(sav_user, cur_user);

SNMP_User_Destroy(cur_user);
return;
}

/****************************************************************************
NAME: usertable_set_cleanup

PURPOSE: Free the saved user and indicate that we are finished.

PARAMETERS: 
        ptr_t   A pointer to the vb that points to the user
                that contained the update information,
                cast as a ptr_t

RETURNS: Nothing
****************************************************************************/

static void
  usertable_set_cleanup(ptr_t userptr)
{
if (((VB_T *)userptr)->vb_priv) {
    if (((VB_T *)userptr)->undoproc == usertable_create_undo)
        ((VB_T *)userptr)->vb_priv = 0;
    else
        SNMP_User_Destroy(((VB_T *)userptr)->vb_priv);
    }

SNMP_V3_USER_FINISHED();
}

/****************************************************************************
NAME:  usertable_test

PURPOSE:  This routine collects all of the var binds that want to be set
          in a row and does value and consistency checking on those
          varbinds before trying to allocate any space. 

PARAMETERS:
        OIDC_T          Last component of the object id leading to 
                        the leaf node in the MIB.  This is usually
                        the identifier for the particular attribute
                        in the table.
        int             Number of components in the unused part of the
                        object identifier
        OIDC_T     *    Unused part of the object identifier
        SNMP_PKT_T *    SNMP packet currently being processsed.
        VB_T       *    Variable being processed.

RETURNS:  void
****************************************************************************/
/*ARGSUSED*/
void
  usertable_test(OIDC_T          last_match,
                 int             tcount,
                 OIDC_T         *tlist,
                 SNMP_PKT_T     *pktp,
                 VB_T           *vbp)
{
SNMP_USER_T *user, tempuser, *newuser, *cl_user = 0;
sbits32_t value, ptret;
int cago = 0, create_row = 0, public_chg = 0, auth_chg = 0, priv_chg = 0;
int cl_len;
ALENGTH_T nlen = 0;
VB_T *tvbp, *authkey = 0, *ownauthkey = 0, *privkey = 0, *ownprivkey = 0;
VB_T *auth_vb = 0, *priv_vb = 0, *rs_vbp = 0;
bits8_t eng_id[ETC_USER_ENGINE_MAX], name[ETC_USER_USER_MAX];
bits8_t cl_eng_id[ETC_USER_ENGINE_MAX], cl_name[ETC_USER_USER_MAX];
ALENGTH_T id_len = ETC_USER_ENGINE_MAX, name_len = ETC_USER_USER_MAX;
ALENGTH_T cl_id_len = ETC_USER_ENGINE_MAX, cl_name_len = ETC_USER_USER_MAX;
SNMP_AUTH_T *auth = 0;
SNMP_PRIV_T *priv = 0;
OIDC_T *cl_oidc;
sbits16_t check_flags = ETC_USER_CLONED;

#if INSTALL_SNMP_V3_DIFFIE_HELLMAN
int pubKeySize, ssKeyLen;
bits8_t *pubKey = 0, *ssKey = 0;
VB_T *DHauthkey = 0, *DHownauthkey = 0, *DHprivkey = 0, *DHownprivkey = 0;
EBUFFER_T *vStr;
DH *DHvalues;
BIGNUM *otherPubKey = 0;  /* the pubkey from the other side */
#endif /* INSTALL_SNMP_V3_DIFFIE_HELLMAN */

/* get the list of var binds that may go into this structure
   then mark all the vbs except the first one as having been
   tested, set and done.  This means that vbp is taking
   responsibility for all of the other vbs in the row.  Then
   mark vbp as haing it's test started & done so we don't
   have to worry about it later.  We can do this because
   the routine will run to completion */
group_by_getproc_and_instance(pktp, vbp, tcount, tlist);
for(tvbp = vbp->vb_link; tvbp; tvbp = tvbp->vb_link)
    setproc_all_bits(pktp, tvbp);
testproc_good(pktp, vbp);

/* gather the indexing information, the index will be of the form:
   <len> <engine id> <len> <name>
   first we do some minor checks then we attempt to find the user */
if ((tcount < 4 )                                      ||
    oid_to_string(tcount, tlist, &id_len, eng_id, 0)   ||
    ((bits32_t)(id_len + 1) > (bits32_t)tcount)        ||
    oid_to_string(tcount - ((int)(id_len + 1)), tlist + id_len + 1,
                   &name_len, name, 0)                 ||
    (id_len == 0) || (name_len == 0)                   ||
    ((bits32_t)(id_len + name_len + 2) != (bits32_t)tcount)) {
    testproc_error(pktp, vbp, NO_CREATION);
    return;
    }

user = SNMP_User_Lookup(eng_id, id_len, name, name_len);

/* is the leaf writable, (if it's read only it isn't writable) */
if (user != 0) {
    if (SNMP_User_Get_Storage(user) == ETC_STO_RONLY) {
        testproc_error(pktp, vbp, NOT_WRITABLE);      
        return;
        }

    MEMCPY(&tempuser, user, sizeof(SNMP_USER_T));
    }
else {
    SNMP_User_Set_Defaults(&tempuser);
    create_row = 1;
    }

for (tvbp = vbp; tvbp; tvbp = tvbp->vb_link) {

    /* User table object? */

    if (STRCMP (VB_TO_COOKIE (vbp), "_usmUserTable") == 0) {

        switch (tvbp->vb_ml.ml_last_match) {

            case LM_userCloneFrom:
                /* we perform the cloning once on entries that we've created,
                   but not necessarily in the same request.
                   we don't perform it on entries that the system created */
                if ((tempuser.flags & ETC_USER_CLONED) ||
                    (user && (SNMP_User_Get_Status(user) != ETC_RS_NREADY)))
                    break;
                /* otherwise we need to get the name information,
                   find the user, and make sure it is active.
                   Then if we already have a user being built
                   we need to check the auth & priv fields and
                   see that they are the same. */
                /* We start by checking the object portion of the
                   name and then getting stepping over it */
                cl_oidc = tvbp->value_u.v_object.component_list;
                cl_len =  tvbp->value_u.v_object.num_components;
                if ((cl_len < (4 + clone_len)) ||
                    oidcmp2(clone_len, cl_oidc, clone_len, clone_oidc)) {
                    testproc_error(pktp, tvbp, INCONSISTENT_NAME);
                    return;
                    }
                cl_oidc += clone_len;
                cl_len -= clone_len;

                /* then we get the the engine id part of the name */
                if (oid_to_string(cl_len, cl_oidc, &cl_id_len, cl_eng_id, 0)) {
                    testproc_error(pktp, tvbp, INCONSISTENT_NAME);
                    return;
                    }
                cl_oidc += (cl_id_len + 1);
                cl_len  -= (int)(cl_id_len + 1);
                
                /* then we get the user name part of the name */
                if (oid_to_string(cl_len, cl_oidc, &cl_name_len, cl_name, 0) ||
                    ((bits32_t)cl_len != (bits32_t)(cl_name_len + 1))) {
                    testproc_error(pktp, tvbp, INCONSISTENT_NAME);
                    return;
                    }
                cl_user = SNMP_User_Lookup(cl_eng_id, cl_id_len,
                                              cl_name, cl_name_len);
                if ((cl_user == 0) ||
                    (SNMP_User_Get_Status(cl_user) != ETC_RS_ACTIVE)) {
                    testproc_error(pktp, tvbp, INCONSISTENT_NAME);
                    return;
                    }
                break;

            case LM_userAuthProtocol: