v3_acc.c

wm PNE 3.3 source code, running at more than vxworks6.x version.

/* v3_acc.c - v3_acc.c routines */

/*
 *  Copyright 2000-2005 Wind River Systems, Inc.
 *  All rights reserved.  Provided under license only.
 *  Distribution or other use of this software is only
 *  permitted pursuant to the terms of a license agreement
 *  from Wind River Systems (and is otherwise prohibited).
 *  Refer to that license agreement for terms of use.
 */

/*
 *  Copyright 1998 Integrated Systems, Inc.
 *  All rights reserved.
 */

/*
 * $Log: v3_acc.c,v $
 * Revision 1.2  2001/11/06 21:20:29  josh
 * revised new path hacking
 *
 * Revision 1.1.1.1  2001/11/05 17:47:44  tneale
 * Tornado shuffle
 *
 * Revision 9.2  2001/01/19 22:22:28  paul
 * Update copyright.
 *
 * Revision 9.1  2000/03/17 00:19:27  meister
 * Update copyright message
 *
 * Revision 9.0  1998/10/16 22:12:27  sar
 * Update version stamp to match release
 *
 * Revision 1.13  1998/09/04 14:33:14  sar
 * Added some casts to try and keep compilers happy
 *
 * Revision 1.12  1998/08/12 04:44:02  sar
 * Move the initialization routines around some in order to minimize
 * the amount of code that gets pulled in for init purposes.
 *
 * Revision 1.11  1998/08/04 02:00:12  sar
 * Modified some of the routines that allocate longer term
 * storage (table structures and indexing information) to
 * user SNMP_memory_{alloc free}_lt in preparation for
 * possibly allocating them from a different pool then the
 * short term structures.
 *
 * Revision 1.10  1998/07/06 00:58:23  sar
 * Change type for security level field and update types to make compilers
 * happy.
 *
 * Revision 1.9  1998/07/02 00:49:17  sar
 * Moved check to see if access entity is active to the access_find function
 * we now skip inactive entries instead of trying to use them
 *
 * Revision 1.8  1998/06/19 20:13:56  sar
 * make sure all files include asn1conf.h and snmp.h to pick up all of
 * the common code
 *
 * Revision 1.7  1998/06/18 04:32:33  sar
 * Update the type info for bflags in an ebuffer and make
 * everybody match it.
 *
 * Revision 1.6  1998/06/17 02:03:04  sar
 * Corrected handling of level & model in the next code
 *
 * Revision 1.5  1998/06/16 05:27:09  sar
 * clean up some type info
 * rearrange the handling of the instance info for nexts
 *
 * Revision 1.4  1998/06/09 21:46:24  sar
 * Cleaned up some code that might have called alloc or memcmp with
 * 0 lenght strings
 *
 * Revision 1.3  1998/05/30 03:20:03  sar
 * Modified the names for the max string length macros for clarity
 * Update user_lookup
 *
 * Revision 1.2  1998/05/27 20:52:28  sar
 * Added comments and header information, added size checks where appropriate
 *
 * Revision 1.1  1998/05/24 04:14:48  sar
 * Support for processing SNMPv3 packets.
 * acc = access and group structure control functions
 * auth & prive = authentication and privacy code (not including the
 *                actual digest or encryption routines)
 * ber = routines for encoding and decoding v3 packets
 * eng = engine sructure control functions
 * user = user structure control functions
 *
 */

/* [clearcase]
modification history
-------------------
01d,12may05,job  fix apigen comments
01c,18apr05,job  update copyright notices
01b,22feb05,job  apigen for documented APIs
01a,24nov03,job  update copyright information
*/

/*
DESCRIPTION
This library contains v3_acc.c routines.

INCLUDE FILES: snmp.h, v3_acc.h
*/

#include <wrn/wm/snmp/engine/asn1.h>
#include <wrn/wm/snmp/engine/snmp.h>
#include <wrn/wm/snmp/engine/buffer.h>
#include <wrn/wm/snmp/engine/v3_acc.h>
#include <wrn/wm/snmp/engine/snmpdefs.h>

/****************************************************************************
\NOMANUAL
NAME:    group list

PURPOSE: This is the list of groups that we know about.  It is ordered
	 by security model and security name, the same as the indexing
	 for the mib.  We sort on security model (most of which will be
	 the same), size of security name then the security name itself.
****************************************************************************/


/****************************************************************************
NAME: group_find_before

PURPOSE: Search through the list until we find the group structure we
	 are looking for.  We return a pointer to the pointer that would
	 point to the requested group if it were to exist.  The calling
	 routine is responsible for determining if the requested group
	 exists.  This construction allows us to reuse this code for all
	 of the find routines (lookup and install).

	 We have two length fields for use with get-nexts or bulks.
	 Because there is an explicit length field we must handle
	 the cases where the requested objectid has a length field
	 that doesn't match the number of bytes available for the name.

PARAMETERS: sbits32_t   security model
	    bits8_t   * pointer to name buffer
	    ALENGTH_T   number of bytes in name
	    ALENGTH_T   length of requested name from object id

RETURNS: SNMP_GROUP_T ** pointer to pointer that would point to the group
			 if it were to exist.
****************************************************************************/

static SNMP_GROUP_T **
  group_find_before(sbits32_t  sec_model,
		    bits8_t   *uname,
		    ALENGTH_T  uname_len,
		    ALENGTH_T  req_len)
{
SNMP_GROUP_T **group;

for(group = &root_group; *group; group = &(*group)->next)
    if ((*group)->model >= sec_model)
        break;
for(; *group; group = &(*group)->next) {
    if ((*group)->model != sec_model)
        return(group);
    if ((*group)->uname_len >= req_len)
        break;
    }
for(; *group; group = &(*group)->next)
    if (((*group)->model != sec_model) ||
	((*group)->uname_len != req_len) ||
	(MEMCMP((*group)->uname, uname, uname_len) >= 0))
        break;

return(group);
}

/*******************************************************************************
*
* SNMP_Group_Lookup - find a group entry matching the security model and name
* SYNOPSIS
*
* \cs
* SNMP_GROUP_T *  SNMP_Group_Lookup 
*     ( 
*     sbits32_t      sec_model, 	
*     bits8_t   *   name, 
*     ALENGTH_T     length 
*     )
* \ce
*
* DESCRIPTION
*
* This routine finds a group entry matching the specified security model and 
* the security name.
*
* PARAMETERS
* \is
* \i <sec_model>
* Specify the security model under which the security name is defined.
* \i <*name>
* Specify the security name.
* \i <length>
* Specify the length in bytes of the security name.
* \ie
*
* RETURNS: If successful, this routine returns a pointer to the group. 
* Otherwise, it returns 0.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_Group_Create(), SNMP_Group_Deinstall(), SNMP_Group_Destroy(), 
* SNMP_Group_Install(), SNMP_Group_Name(), SNMP_Group_Next_Group(), SNMP Group 
* Table Field Routines
*/
SNMP_GROUP_T *
  SNMP_Group_Lookup(sbits32_t  sec_model,
		    bits8_t   *uname,
		    ALENGTH_T  uname_len)
{
SNMP_GROUP_T **group;

group = group_find_before(sec_model, uname, uname_len, uname_len);
if (*group && ((*group)->model == sec_model) &&
    ((*group)->uname_len == uname_len) &&
    (MEMCMP((*group)->uname, uname, uname_len) == 0))
    return(*group);
return(0);
}

/****************************************************************************
\NOMANUAL
NAME: SNMP_Group_Next

PURPOSE: Find the next group after the named one.

	the indexing information is of the form:
	<model number> <len> <name>
	but as this is a next we might not have all of it or it
	might not be consistent or some of the subids that represent
	bytes may be too large (greater than 0xff).

PARAMETERS: 
	 int	 tcount number of subids
	 OIDC_T *tlist  list of subids
	 
RETURNS: SNMP_GROUP_T * pointer to group or 0 if none found
****************************************************************************/
SNMP_GROUP_T *
  SNMP_Group_Next(int     tcount,
		  OIDC_T *tlist)
{
SNMP_GROUP_T *group;
bits8_t *name;
OIDC_T req_len = 0, name_len = 0, model, *temp_oid, len;

if (tcount == 0)
    return(root_group);

/* dig out the naming info */
model = *tlist++;
tcount--;

if (tcount) {
    if (*tlist > ETC_ACCESS_GROUP_MAX)
        model++;
    else {
        req_len = *tlist++;
	tcount--;
        name_len = min(req_len, (OIDC_T)tcount);
        }
    }

if (model > 0x7FFFFFFFL)
    return(0);

/* Check the model against our list, if we have any structs
   where the model matches we will need to check the group name */
for (group = root_group;
     group && ((OIDC_T)group->model < model);
     group = group->next)
    ; /* no body for for loop */

for (;
     group && ((OIDC_T)group->model == model) && (group->uname_len < req_len);
     group = group->next)
    ; /* no body for for loop */
    
for (; group; group = group->next) {
    if (((OIDC_T)group->model > model) || (group->uname_len > req_len))
        return(group);

    name = group->uname;
    temp_oid = tlist;
    for(len = name_len; len && (*name == *temp_oid); len--, name++, temp_oid++)
        ; /* no body for for loop */

    if (len) {
        if (*name > *temp_oid)
	    return(group);
        }
    else {
        if (req_len != name_len)
	    return(group);
        }
    }
return(0);
}

/*******************************************************************************
*
* SNMP_Group_Next_Group - find the next group entry in the group table
* SYNOPSIS
*
* \cs
* SNMP_GROUP_T * SNMP_Group_Next_Group
*     (
*     SNMP_GROUP_T *  group
*     )
* \ce
*
* DESCRIPTION
*
* This routine finds the group entry in the group table after the specified 
* <group>. Use this routine to step through the group table to find all 
* installed groups.
*
* PARAMETERS
* \is
* \i <*group>
* Specify the <group> entry from which to start the search.
* \ie
*
* RETURNS: If successful, this routine returns a pointer to the <group>. If 
* there is no successor or the specified <group> is not installed, it returns 
* 0. If <group> is specified as 0, then it returns a pointer to the first group 
* in the table.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_Group_Create(), SNMP_Group_Deinstall(), SNMP_Group_Destroy(), 
* SNMP_Group_Install(), SNMP_Group_Lookup(), SNMP_Group_Name(), SNMP Group 
* Table Field Routines
*/
SNMP_GROUP_T *
  SNMP_Group_Next_Group (SNMP_GROUP_T *group)
{
if (group)
    return(group->next);
return(root_group);
}

/*******************************************************************************
*
* SNMP_Group_Destroy - destroy the specified <group> and frees associated resources
* SYNOPSIS
*
* \cs
* void SNMP_Group_Destroy
*     (
*     SNMP_GROUP_T *  group 
*     )
* \ce
*
* DESCRIPTION
*
* This routine destroys the specified <group> and frees the space for the entry 
* in addition to any resources the entry might contain.
*
* \&NOTE: If the specified <group> has been installed, call 
* SNMP_Group_Deinstall() before calling this routine.
*
* PARAMETERS
* \is
* \i <*group>
* Specify the <group> to remove from the group table.
* \ie
*
* RETURNS: None.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_Group_Create(), SNMP_Group_Deinstall(), SNMP_Group_Install(), 
* SNMP_Group_Lookup(), SNMP_Group_Name(), SNMP_Group_Next_Group(), SNMP Group 
* Table Field Routines
*/
void
  SNMP_Group_Destroy(SNMP_GROUP_T *group)
{
EBufferClean(&group->grp_name);
SNMP_memory_free_lt(group);
}

/*******************************************************************************
*
* SNMP_Group_Create - create a group structure
* SYNOPSIS
*
* \cs
* SNMP_GROUP_T *  SNMP_Group_Create
*     (
*     void 
*     )
* \ce
*
* DESCRIPTION
*
* This routine creates a group structure for the 'vacmSecurityToGroupTable' 
* initialized to the default values defined in RFC 2575. It attempts to 
* allocate space for the entry. To make an entry visible to the engine, use 
* SNMP_Group_Install().
*
* PARAMETERS
* None.
*
* RETURNS: If successful, this routine sets the entry to a default state and 
* returns a pointer to the entry. Otherwise, it returns 0.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_Group_Deinstall(), SNMP_Group_Destroy(), SNMP_Group_Install(), 
* SNMP_Group_Lookup(), SNMP_Group_Name(), SNMP_Group_Next_Group(), SNMP Group 
* Table Field Routines
*/

SNMP_GROUP_T *
  SNMP_Group_Create(void)
{
SNMP_GROUP_T *group;

group = (SNMP_GROUP_T *)SNMP_memory_alloc_lt(sizeof(SNMP_GROUP_T));
if (group == 0)
    return(0);

SNMP_Group_Set_Defaults(group);
return(group);
}

/*******************************************************************************
*
* SNMP_Group_Install - install the specified <group> in the group table
* SYNOPSIS
*
* \cs
* int SNMP_Group_Install 
*     ( 
*     SNMP_GROUP_T   *  group, 	
*     sbits32_t         sec_model, 	
*     bits8_t      *   name, 
*     ALENGTH_T        length 
*     )
* \ce
*
* DESCRIPTION
*
* This routine installs the specified <group> in the group table using 
* <sec_model> and <name> as the indices.
*
* \&NOTE: Once a group has been installed, you must call SNMP_Group_Deinstall() 
* before calling SNMP_Group_Destroy() to remove it.
*
* PARAMETERS
* \is
* \i <*group>
* Specify the <group> to install in the group table
* \i <sec_model>
* Specify the security model under which the security name is defined.
* \i <*name>
* Specify the security name.
* \i <length>
* Specify the length in bytes of the security name.
* \ie
*
* RETURNS: If successful, this routine returns a value of 0. If an entry 
* already exist with the same indices or another error occurs, it returns -1.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_Group_Create(), SNMP_Group_Deinstall(), SNMP_Group_Destroy(), 
* SNMP_Group_Lookup(), SNMP_Group_Name(), SNMP_Group_Next_Group(), SNMP Group 
* Table Field Routines
*/
int
  SNMP_Group_Install(SNMP_GROUP_T *in_group,
		     sbits32_t     sec_model,
		     bits8_t      *uname,
		     ALENGTH_T     uname_len)
{
SNMP_GROUP_T **group;

/* see if the naming information is reasonable */
if ((sec_model <= 0) || (uname_len == 0) || (uname_len > ETC_ACCESS_GROUP_MAX))
    return(-1);

/* see if the group already exists */
group = group_find_before(sec_model, uname, uname_len, uname_len);