📄 v3mt_usr.c
字号:
/* if we don't know the auth protocol we generate an error */ if (oidcmp2(v3_auth_noauth_size, v3_auth_noauth, tvbp->value_u.v_object.num_components, tvbp->value_u.v_object.component_list) == 0) auth = 0; else { auth = SNMP_Auth_Find(tvbp->value_u.v_object.num_components, tvbp->value_u.v_object.component_list); if (auth == 0){ testproc_error(pktp, tvbp, WRONG_VALUE); return; } } if (user && (user->status != ETC_RS_NREADY) && (user->auth != auth) && (auth != 0)) { testproc_error(pktp, tvbp, INCONSISTENT_VALUE); return; } auth_vb = tvbp; break; case LM_userPrivProtocol: /* if we don't know the priv protocol we generate an error */ if (oidcmp2(v3_priv_nopriv_size, v3_priv_nopriv, tvbp->value_u.v_object.num_components, tvbp->value_u.v_object.component_list) == 0) priv = 0; else { priv = SNMP_Priv_Find(tvbp->value_u.v_object.num_components, tvbp->value_u.v_object.component_list); if (priv == 0){ testproc_error(pktp, tvbp, WRONG_VALUE); return; } } if (user && (user->status != ETC_RS_NREADY) && (user->priv != priv) && (priv != 0)) { testproc_error(pktp, tvbp, INCONSISTENT_VALUE); return; } priv_vb = tvbp; break; case LM_userAuthKeyChange: authkey = tvbp; break; case LM_userOwnAuthKeyChange:#if INSTALL_ENVOY_SNMP_VERSION_3 DYNCFG_IFCFGVBL_BEGIN(snmpv3_component) /* only the owner of this user entry can alter this row so we need to check that the requestor's user name is the same as the name of the entry Finally, note that we only allow this if v3 is installed */ if ((name_len != EBufferUsed(&pktp->msg_sec_name)) || MEMCMP(name, EBufferStart(&pktp->msg_sec_name), name_len)) { testproc_error(pktp, tvbp, INCONSISTENT_NAME); return; } ownauthkey = tvbp; break; DYNCFG_IFCFGVBL_END(snmpv3_component)#if INSTALL_COMMON_DYNAMIC_COMP_CONFIG /* this is somewhat ugly. If we are in dynamic component mode, * but we havent installed v3, we need to invoke the * testproc_error call (as if we had been compiled without v3). * But this section of code must not be visible if we are not * in dynamic component mode, so it is conditional on * INSTALL_COMMON_DYNAMIC_COMP_CONFIG... */ DYNCFG_IFNOTCFGVBL_BEGIN(snmpv3_component) testproc_error(pktp, tvbp, INCONSISTENT_NAME); return; DYNCFG_IFNOTCFGVBL_END(snmpv3_component)#endif /* INSTALL_COMMON_DYNAMIC_COMP_CONFIG */#else testproc_error(pktp, tvbp, INCONSISTENT_NAME); return;#endif case LM_userPrivKeyChange: privkey = tvbp; break; case LM_userOwnPrivKeyChange:#if INSTALL_ENVOY_SNMP_VERSION_3 DYNCFG_IFCFGVBL_BEGIN(snmpv3_component) /* only the owner of this user entry can alter this row so we need to check that the requestor's user name is the same as the name of the entry Finally, note that we only allow this if v3 is installed */ if ((name_len != EBufferUsed(&pktp->msg_sec_name)) || MEMCMP(name, EBufferStart(&pktp->msg_sec_name), name_len)) { testproc_error(pktp, tvbp, INCONSISTENT_NAME); return; } ownprivkey = tvbp; break; DYNCFG_IFCFGVBL_END(snmpv3_component)#if INSTALL_COMMON_DYNAMIC_COMP_CONFIG /* this is somewhat ugly. If we are in dynamic component mode, * but we havent installed v3, we need to invoke the * testproc_error call (as if we had been compiled without v3). * But this section of code must not be visible if we are not * in dynamic component mode, so it is conditional on * INSTALL_COMMON_DYNAMIC_COMP_CONFIG... */ DYNCFG_IFNOTCFGVBL_BEGIN(snmpv3_component) testproc_error(pktp, tvbp, INCONSISTENT_NAME); return; DYNCFG_IFNOTCFGVBL_END(snmpv3_component)#endif /* INSTALL_COMMON_DYNAMIC_COMP_CONFIG */#else testproc_error(pktp, tvbp, INCONSISTENT_NAME); return;#endif case LM_userPublic: nlen = EBufferUsed(&tvbp->value_u.v_string); if (nlen > ETC_USER_USER_MAX) { testproc_error(pktp, tvbp, WRONG_LENGTH); return; } EBufferPreLoad(BFL_IS_STATIC, &tempuser.public_data, EBufferStart(&tvbp->value_u.v_string), nlen); break; case LM_userStorage: value = tvbp->value_u.v_number; if ((value < ETC_STO_OTHER) || (value > ETC_STO_RONLY) || ((user != 0) && (value > ETC_STO_NONVOL)) || (SNMP_User_Get_Storage(&tempuser) > ETC_STO_NONVOL)) { if ((value == ETC_STO_RONLY) && (user != 0) && (SNMP_User_Get_Status(user) == ETC_RS_NREADY) && (SNMP_User_Get_Auth(user) != 0)) testproc_error(pktp, tvbp, INCONSISTENT_VALUE); else testproc_error(pktp, tvbp, WRONG_VALUE); return; } SNMP_User_Set_Storage(&tempuser, (int)value); break; case LM_userStatus: value = tvbp->value_u.v_number; switch (value) { case ETC_RS_ACTIVE: case ETC_RS_NIS: if (create_row) { testproc_error(pktp, tvbp, INCONSISTENT_VALUE); return; } break; case ETC_RS_CAGO: if (create_row == 0) { testproc_error(pktp, tvbp, INCONSISTENT_VALUE); return; } value = ETC_RS_ACTIVE; cago = 1; break; case ETC_RS_CAWAIT: if (create_row == 0) { testproc_error(pktp, tvbp, INCONSISTENT_VALUE); return; } value = ETC_RS_NREADY; break; case ETC_RS_DESTROY: if (SNMP_User_Get_Storage(&tempuser) >= ETC_STO_PERM) { testproc_error(pktp, tvbp, WRONG_VALUE); return; } break; default: testproc_error(pktp, tvbp, WRONG_VALUE); return; } if (SNMP_User_Get_Status(&tempuser) != ETC_RS_DESTROY) { SNMP_User_Set_Status(&tempuser, (int)value); rs_vbp = tvbp; } break; } }#if INSTALL_SNMP_V3_DIFFIE_HELLMAN /* Diffie-Hellman object? */ if (STRCMP (VB_TO_COOKIE (vbp), "_usmDHKeyTable") == 0) { switch (tvbp->vb_ml.ml_last_match) { case LM_userDHAuthKeyChange: DHauthkey = tvbp; break; case LM_userDHOwnAuthKeyChange:#if INSTALL_ENVOY_SNMP_VERSION_3 DYNCFG_IFCFGVBL_BEGIN(snmpv3_component) /* only the owner of this user entry can alter this row so we need to check that the requestor's user name is the same as the name of the entry Finally, note that we only allow this if v3 is installed */ if ((name_len != EBufferUsed(&pktp->msg_sec_name)) || MEMCMP(name, EBufferStart(&pktp->msg_sec_name), name_len)) { testproc_error(pktp, tvbp, INCONSISTENT_NAME); return; } DHownauthkey = tvbp; break; DYNCFG_IFCFGVBL_END(snmpv3_component)#if INSTALL_COMMON_DYNAMIC_COMP_CONFIG /* this is somewhat ugly. If we are in dynamic component mode, * but we havent installed v3, we need to invoke the * testproc_error call (as if we had been compiled without v3). * But this section of code must not be visible if we are not * in dynamic component mode, so it is conditional on * INSTALL_COMMON_DYNAMIC_COMP_CONFIG... */ DYNCFG_IFNOTCFGVBL_BEGIN(snmpv3_component) testproc_error(pktp, tvbp, INCONSISTENT_NAME); return; DYNCFG_IFNOTCFGVBL_END(snmpv3_component)#endif /* INSTALL_COMMON_DYNAMIC_COMP_CONFIG */#else testproc_error(pktp, tvbp, INCONSISTENT_NAME); return;#endif case LM_userDHPrivKeyChange: DHprivkey = tvbp; break; case LM_userDHOwnPrivKeyChange:#if INSTALL_ENVOY_SNMP_VERSION_3 DYNCFG_IFCFGVBL_BEGIN(snmpv3_component) /* only the owner of this user entry can alter this row so we need to check that the requestor's user name is the same as the name of the entry Finally, note that we only allow this if v3 is installed */ if ((name_len != EBufferUsed(&pktp->msg_sec_name)) || MEMCMP(name, EBufferStart(&pktp->msg_sec_name), name_len)) { testproc_error(pktp, tvbp, INCONSISTENT_NAME); return; } DHownprivkey = tvbp; break; DYNCFG_IFCFGVBL_END(snmpv3_component)#if INSTALL_COMMON_DYNAMIC_COMP_CONFIG /* this is somewhat ugly. If we are in dynamic component mode, * but we havent installed v3, we need to invoke the * testproc_error call (as if we had been compiled without v3). * But this section of code must not be visible if we are not * in dynamic component mode, so it is conditional on * INSTALL_COMMON_DYNAMIC_COMP_CONFIG... */ DYNCFG_IFNOTCFGVBL_BEGIN(snmpv3_component) testproc_error(pktp, tvbp, INCONSISTENT_NAME); return; DYNCFG_IFNOTCFGVBL_END(snmpv3_component)#endif /* INSTALL_COMMON_DYNAMIC_COMP_CONFIG */#else testproc_error(pktp, tvbp, INCONSISTENT_NAME); return;#endif default: break; } }#endif /* INSTALL_SNMP_V3_DIFFIE_HELLMAN */ }/* The values are ok */if (SNMP_User_Get_Status(&tempuser) == ETC_RS_DESTROY) { if (user != 0) { ptret = SNMP_V3_USER_DESTROY_TEST(pktp, vbp, user, 0); if (ptret != NO_ERROR) { testproc_error(pktp, vbp, ptret); } else { vbp->vb_priv = (PTR_T)user; vbp->vb_free_priv = usertable_destroy_cleanup; } } else { /* We have a destroy request, but no user so we don't have to do anything during the set and, if necessary, the undo phases so we mark vbp as set and undone */ setproc_all_bits(pktp, vbp); } return; }/* add the info to the tempuser and do consistency checks */if (user == 0) { /* we only set the auth and priv fields if the user is being created, start by setting the fields to the defaults, md5 is the defval but if it doesn't exist we use noauth (0). if we are cloning we do that then check to see if we are downgrading of if we aren't cloning just update them if necessary */ tempuser.auth = SNMP_Auth_Find(sizeof(md5_obj)/sizeof(OIDC_T), md5_obj); tempuser.priv = 0; if (cl_user) { tempuser.auth = cl_user->auth; tempuser.authkey = cl_user->authkey; tempuser.priv = cl_user->priv; tempuser.privkey = cl_user->privkey; tempuser.flags |= ETC_USER_CLONED; if (auth_vb) { if ((auth != tempuser.auth) && (auth != 0)) { testproc_error(pktp, auth_vb, INCONSISTENT_NAME); return; } tempuser.auth = auth; } if (priv_vb) { if ((priv != tempuser.priv) && (priv != 0)) { testproc_error(pktp, priv_vb, INCONSISTENT_NAME); return; } tempuser.priv = priv; } } else { if (auth_vb) tempuser.auth = auth; if (priv_vb) tempuser.priv = priv; } }else { /* We're allowed to set the auth and priv protocol to 0 only, * once the user has been created...unless we're cloning. */ if (cl_user) { tempuser.auth = cl_user->auth; tempuser.authkey = cl_user->authkey; tempuser.priv = cl_user->priv; tempuser.privkey = cl_user->privkey; tempuser.flags |= ETC_USER_CLONED; if (auth_vb) { if ((auth != tempuser.auth) && (auth != 0)) { testproc_error(pktp, auth_vb, INCONSISTENT_NAME); return; } tempuser.auth = auth; } if (priv_vb) { if ((priv != tempuser.priv) && (priv != 0)) { testproc_error(pktp, priv_vb, INCONSISTENT_NAME); return;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -