v3_acc.c

wm PNE 3.3 source code, running at more than vxworks6.x version.

* are contained in the file 'snmpdefs.h'.
* \ie
*
* RETURNS: If successful, this routine returns a pointer to the entry. 
* Otherwise, it returns 0.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_V3_Access_Create(), SNMP_V3_Access_Deinstall(), 
* SNMP_V3_Access_Destroy(), SNMP_V3_Access_Install(), SNMP_V3_Access_Name(), 
* SNMP_V3_Access_Next_Access(), SNMPv3 Access Table Field Routines, SNMPv3 
* Access Table View Routines
*/
SNMP_ACCESS_T *
  SNMP_V3_Access_Lookup(bits8_t   *grp_name,
			ALENGTH_T  grp_len,
			bits8_t   *prefix,
			ALENGTH_T  prefix_len,
			sbits32_t  sec_model,
			sbits32_t  sec_level)
{
SNMP_ACC_GRP_T *group;
SNMP_ACCESS_T *access; 

/* walk through the group list trying to find our group name */
for(group = root_access; group; group = group->next) {
    if (group->grp_len >= grp_len)
        break;
    }
for(; group; group = group->next) {
    if (group->grp_len != grp_len)
        return(0);
    if (MEMCMP(group->grp_name, grp_name, grp_len) >= 0) 
        break;
    }

/* if we don't find the group struct return an empty indicator */
if ((group == 0) || MEMCMP(group->grp_name, grp_name, grp_len))
    return(0);

/* we have a group struct, search the access struct list */
for(access = group->access; access; access = access->next) {
    if (access->prefix_len >= prefix_len)
        break;
    }
for(; access; access = access->next) {
    if ((access->prefix_len != prefix_len) ||
	(MEMCMP_NULLOK(access->prefix, prefix, prefix_len) >= 0))
        break;
    }
for(; access; access = access->next) {
    if ((access->prefix_len != prefix_len) ||
	(MEMCMP_NULLOK(access->prefix, prefix, prefix_len) != 0) ||
	(access->model > sec_model))
        break;

    if (access->model == sec_model) {
        if (access->level > sec_level)
	    break;
	if (access->level == sec_level) {
	    /* success, return the struct */ 
	    return(access);
	    }
        }
    }

/* nothing found */
return(0);
}

/*******************************************************************************
*
* SNMP_V3_Access_Name - extract the indexing information for the specified <access>
* SYNOPSIS
*
* \cs
* void SNMP_V3_Access_Name 
*     ( 
*     SNMP_ACCESS_T *  access, 
*     bits8_t       *  group_name, 
*     ALENGTH_T     *  group_name_length, 
*     bits8_t       *  prefix_name, 
*     ALENGTH_T     *  prefix_name_length, 
*     sbits32_t     *  sec_model, 
*     sbits32_t     *  sec_level 
*     )
* \ce
*
* DESCRIPTION
*
* This routine extracts the indexing information for the specified <access>. On 
* input, the length arguments specify the amount of space available in the name 
* arguments. On output, they are the amount of space required to hold the 
* names. If the name arguments are long enough to hold the group and prefix 
* names, the names are copied.
*
* PARAMETERS
* \is
* \i <*access>
* Specify the <access> to locate in the access table.
* \i <*group_name>
* Specify the group name.
* \i <*group_name_length>
* Specify the length in bytes of the group name.
* \i <* prefix_name>
* Specify the name to match against the context.
* \i <*prefix_name_length>
* Specify the length in bytes of the prefix name.
* \i <*sec_model>
* Specify the security model under which the security name is defined.
* \i <*sec_level>
* Specify the security level as one of the following values: 
* 'ETC_SEC_LEVEL_NONE' (none), 'ETC_SEC_LEVEL_AUTH' (authentication) or 
* 'ETC_SEC_LEVEL_PRIV' (authentication and privacy). Definitions for these tags 
* are contained in the file 'snmpdefs.h'.
* \ie
*
* RETURNS: None.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_V3_Access_Create(), SNMP_V3_Access_Deinstall(), 
* SNMP_V3_Access_Destroy(), SNMP_V3_Access_Install(), SNMP_V3_Access_Lookup(), 
* SNMP_V3_Access_Next_Access(), SNMPv3 Access Table Field Routines, SNMPv3 
* Access Table View Routines
*/
void
  SNMP_V3_Access_Name(SNMP_ACCESS_T *access,
		      bits8_t       *grp_name,
		      ALENGTH_T     *grp_len,
		      bits8_t       *prefix,
		      ALENGTH_T     *prefix_len,
		      sbits32_t     *sec_model,
		      sbits32_t     *sec_level)
{
*sec_model = access->model;
*sec_level = access->level;

if (access->group){
    if (*grp_len >= access->group->grp_len) {
        MEMCPY(grp_name, access->group->grp_name, access->group->grp_len);
        }
    *grp_len = access->group->grp_len;
    }
else 
    *grp_len = 0;

if (access->prefix_len && (*prefix_len >= access->prefix_len)) {
    MEMCPY(prefix, access->prefix, access->prefix_len);
    }
*prefix_len = access->prefix_len;

return;
}

/****************************************************************************
\NOMANUAL
NAME: SNMP_V3_Access_Set_View

PURPOSE: Replace the current view string with the new one allocating
	 more space if necessary.

PARAMETERS: SNMP_ACCESS_T * entry to modify
	    EBUFFER_T     * view buffer to modify
	    bits8_t       * string to put into the view buffer
	    ALENGTH_T       length of string
	    int             EBuffer flag: static, dynamic, allocate

RETURNS: int, 0 on success
****************************************************************************/

int
  SNMP_V3_Access_Set_View (SNMP_ACCESS_T * access,
			   EBUFFER_T     * ebuffp,
			   bits8_t       * str,
			   ALENGTH_T       len,
			   unsigned int    flags)
{
if (len > ETC_ACCESS_VIEW_MAX)
    return(-1);
return(EBufferAllocateLoad(flags, ebuffp, str, len));
}


/****************************************************************************
\NOMANUAL
NAME: SNMP_V3_Access_Find

PURPOSE: find the correct access struct for use in doing access checks.

	 first we look through the group list to find the group name
	 which must match exactly

	 then we step through the access list running
	 a series of checks on each struct.  we end when
	 we run out of structs or when the prefix string
	 is longer than our context.  if the struct
	 fails one of the checks we continue on to the
	 next struct.  the first several checks make sure
	 that the struct is within the possible subset,
	 then we start comparing against the current best
	 to see if the new one is better.

	 The first checks are for:
	 security model must be either any or the model from the arguments
	 security level must be <= to the level from the arguments
	 if we need an exact match the context length must equal the prefix
	 length
	 finally the prefix must match the first prefix length octets of
	 the context
   
	 If we make it through all of those the struct is acceptable
	 and we compare it against the current one to see which is better.
	 We want the security model to match the one for the  arguments
	 the context to be an identical match
	 the longest context
	 the highest security level

PARAMETERS: bits8_t   * group name
	    ALENGTH_T   length of group name
	    bits8_t   * context name
	    ALENGTH_T   length of context name
	    sbits32_t   security model
	    sbits32_t   security level

RETURNS: SNMP_ACCESS_T * pointer to entry on success
****************************************************************************/

SNMP_ACCESS_T *
  SNMP_V3_Access_Find(bits8_t   *grp_name,
		      ALENGTH_T  grp_len,
		      bits8_t   *context,
		      ALENGTH_T  con_len,
		      sbits32_t  sec_model,
		      sbits32_t  sec_level)
{
SNMP_ACC_GRP_T **group;
SNMP_ACCESS_T **access, *best_access = 0, *t_acc;

/* walk through the group list trying to find our group name */
for(group = &root_access; *group; group= &(*group)->next) {
    if ((*group)->grp_len >= grp_len)
        break;
    }
for(; *group; group= &(*group)->next) {
    if (((*group)->grp_len != grp_len) ||
	(MEMCMP((*group)->grp_name, grp_name, grp_len) >= 0)) 
        break;
    }

/* if we don't find the group struct return an empty indicator */
if ((*group == 0) || ((*group)->grp_len != grp_len) ||
    MEMCMP((*group)->grp_name, grp_name, grp_len))
    return(0);

/* we've found the group name now step through the access list */
for(access = &(*group)->access;
    *access && ((*access)->prefix_len <= con_len); 
    access = &(*access)->next) {

    t_acc = *access;
    /* we only care about ones that are active */
    if (t_acc->status != ETC_RS_ACTIVE)
        continue;

    if (((t_acc->model != sec_model) && (t_acc->model != ETC_SEC_MODEL_ANY)) ||
	(t_acc->level > sec_level))
        continue;
    if ((t_acc->prefix_match == ETC_ACCESS_EXACT) &&
	(t_acc->prefix_len != con_len))
        continue;
    if (MEMCMP_NULLOK(t_acc->prefix, context, t_acc->prefix_len))
        continue;

    if (best_access == 0) {
        best_access = t_acc;
	continue;
        }

    if (best_access->model != t_acc->model) {
        if (t_acc->model != ETC_SEC_MODEL_ANY)
	    best_access = t_acc;
	continue;
        }

    if (best_access->prefix_match != t_acc->prefix_match) {
        if (t_acc->prefix_match == ETC_ACCESS_EXACT)
	    best_access = t_acc;
	continue;
        }

    if (best_access->prefix_len != t_acc->prefix_len) {
        if (best_access->prefix_len < t_acc->prefix_len)
	    best_access = t_acc;
	continue;
        }

    if (best_access->level < t_acc->level)
        best_access = t_acc;
    }

return(best_access);
}


/****************************************************************************
\NOMANUAL
NAME: SNMP_V3_Access_Next

PURPOSE: Find the entry after the named one.

	the indexing information is of the form:
	<len> <group name> <len> <prefix> <model> <level>
	but as this is a next we might not have all of it or it
	might not be consistent or some of the subids that represent
	bytes may be too large (greater than 0xff).

PARAMETERS: int     tcount number of subids
	    OIDC_T *tlist list of subids 

RETURNS: SNMP_ACCESS_T * pointer to the entry we found or 0 if none found
****************************************************************************/

SNMP_ACCESS_T *
  SNMP_V3_Access_Next(int     tcount,
		      OIDC_T *tlist)
{
SNMP_ACC_GRP_T *group;
SNMP_ACCESS_T *access;
OIDC_T req_len, check_len, *temp_oid, len, sec_model = 0, sec_level = 0;
bits8_t *name;

if (tcount == 0) {
    if (root_access)
        return(root_access->access);
    else
        return(0);
    }

if (*tlist > ETC_ACCESS_GROUP_MAX)
    return(0);
req_len = *tlist++;
tcount--;
check_len = min(req_len, (OIDC_T)tcount);

for(group = root_access;
    group && (group->grp_len < req_len);
    group = group->next)
    ; /* no body for for loop */

for (; ; group = group->next) {
    if (group == 0)
        return(0);
    if (group->grp_len != req_len)
        return(group->access);

    name = group->grp_name;
    temp_oid = tlist;
    for(len = check_len;
	len && (*name == *temp_oid);
	len--, name++, temp_oid++)
        ; /* no body for for loop */

    if (len) {
        if (*name > *temp_oid)
	    return(group->access);
	else
	    continue;
        }

    if (req_len != check_len)
        return(group->access);
    else 
        break;
    }

/* if we get to here we have found a struct with the correct group
   name, now we need to examine the other pieces of the index
   we start be extracting the next block of naming info */
tlist  += (int)req_len;
tcount -= (int)req_len;

if (tcount <= 0)
    return(group->access);
if (*tlist > ETC_ACCESS_ACCESS_MAX) {
    if (group->next)
        return(group->next->access);
    else
        return(0);
    }
req_len = *tlist++;
tcount--;
check_len = min(req_len, (OIDC_T)tcount);

tcount -= (int)req_len;
switch(tcount) {
    default:
    case 2:
        sec_level = *(tlist + (int)(req_len + 1));
    case 1:
	sec_model = *(tlist + (int)req_len);
	break;
    case 0:
	break;
    }

for(access = group->access;
    access && (access->prefix_len < req_len);
    access = access->next)
    ; /* no body for for loop */

for(; access; access = access->next) {
    if (access->prefix_len != req_len)
        return(access);
    name = access->prefix;
    temp_oid = tlist;
    for(len = check_len;
	len && (*name == *temp_oid);
	len--, name++, temp_oid++)
        ; /* no body for for loop */

    if (len) {
        if (*name > *temp_oid)
	    return(access);
	else
	    continue;
        }

    if ((req_len != check_len) ||
	((OIDC_T)access->model > sec_model) ||
	(((OIDC_T)access->model == sec_model) &&
	 ((OIDC_T)access->level > sec_level)))
        return(access);
    }

/* didn't find anything in the access list, see if we have another
   group structure and get the first access struct */
if (group->next)
    return(group->next->access);
return(0);
}

/*******************************************************************************
*
* SNMP_V3_Access_Next_Access - find the next access entry in the access table
* SYNOPSIS
*
* \cs
* SNMP_ACCESS_T * SNMP_V3_Access_Next_Access
*     (
*     SNMP_ACCESS_T *  access 
*     )
* \ce
*
* DESCRIPTION
*
* This routine finds the access entry in the access table after the specified 
* access. Use this routine to step through the access table to find all 
* installed accesses.
*
* PARAMETERS
* \is
* \i <*access>
* Specify the access entry from which to start the search.
* \ie
*
* RETURNS: If successful, this routine returns a pointer to the next access 
* entry. If there is no successor or the specified <access> is not installed, 
* it returns 0. If <access> is specified as 0, then it returns a pointer to the 
* first <access> in the table.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_V3_Access_Create(), SNMP_V3_Access_Deinstall(), 
* SNMP_V3_Access_Destroy(), SNMP_V3_Access_Install(), SNMP_V3_Access_Lookup(), 
* SNMP_V3_Access_Name(), SNMPv3 Access Table Field Routines, SNMPv3 Access 
* Table View Routines
*/
SNMP_ACCESS_T *
  SNMP_V3_Access_Next_Access (SNMP_ACCESS_T *access)
{
if (access) {
    if (access->next)
        return(access->next);
    if (access->group->next)
        return(access->group->next->access);
    return(0);
    }
if (root_access)
    return(root_access->access);
return(0);
}