2 * Copyright (c) 2010 The FreeBSD Foundation
5 * This software was developed by Shteryana Sotirova Shopova under
6 * sponsorship from the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/queue.h>
32 #include <sys/types.h>
46 #include "vacm_tree.h"
49 static struct lmodule *vacm_module;
50 /* For the registration. */
51 static const struct asn_oid oid_vacm = OIDX_snmpVacmMIB;
55 static int32_t vacm_lock;
58 * Internal datastructures and forward declarations.
60 static void vacm_append_userindex(struct asn_oid *,
61 uint, const struct vacm_user *);
62 static int vacm_user_index_decode(const struct asn_oid *,
63 uint, int32_t *, char *);
64 static struct vacm_user *vacm_get_user(const struct asn_oid *,
66 static struct vacm_user *vacm_get_next_user(const struct asn_oid *,
68 static void vacm_append_access_rule_index(struct asn_oid *,
69 uint, const struct vacm_access *);
70 static int vacm_access_rule_index_decode(const struct asn_oid *,
71 uint, char *, char *, int32_t *, int32_t *);
72 static struct vacm_access * vacm_get_access_rule(const struct asn_oid *,
74 static struct vacm_access * vacm_get_next_access_rule(const struct asn_oid *,
76 static int vacm_view_index_decode(const struct asn_oid *, uint,
77 char *, struct asn_oid *);
78 static void vacm_append_viewindex(struct asn_oid *, uint,
79 const struct vacm_view *);
80 static struct vacm_view *vacm_get_view(const struct asn_oid *, uint);
81 static struct vacm_view *vacm_get_next_view(const struct asn_oid *, uint);
82 static struct vacm_view *vacm_get_view_by_name(u_char *, u_int);
83 static struct vacm_context *vacm_get_context(const struct asn_oid *, uint);
84 static struct vacm_context *vacm_get_next_context(const struct asn_oid *,
86 static void vacm_append_ctxindex(struct asn_oid *, uint,
87 const struct vacm_context *);
90 op_vacm_context(struct snmp_context *ctx __unused, struct snmp_value *val,
91 uint32_t sub, uint32_t iidx __unused, enum snmp_op op)
93 char cname[SNMP_ADM_STR32_SIZ];
95 struct vacm_context *vacm_ctx;
97 if (val->var.subs[sub - 1] != LEAF_vacmContextName)
102 if ((vacm_ctx = vacm_get_context(&val->var, sub)) == NULL)
103 return (SNMP_ERR_NOSUCHNAME);
106 case SNMP_OP_GETNEXT:
107 if ((vacm_ctx = vacm_get_next_context(&val->var, sub)) == NULL)
108 return (SNMP_ERR_NOSUCHNAME);
109 vacm_append_ctxindex(&val->var, sub, vacm_ctx);
113 if ((vacm_ctx = vacm_get_context(&val->var, sub)) != NULL)
114 return (SNMP_ERR_WRONG_VALUE);
115 if (community != COMM_INITIALIZE)
116 return (SNMP_ERR_NOT_WRITEABLE);
117 if (val->var.subs[sub] >= SNMP_ADM_STR32_SIZ)
118 return (SNMP_ERR_WRONG_VALUE);
119 if (index_decode(&val->var, sub, iidx, &cname, &cnamelen))
120 return (SNMP_ERR_GENERR);
121 cname[cnamelen] = '\0';
122 if ((vacm_ctx = vacm_add_context(cname, reg_vacm)) == NULL)
123 return (SNMP_ERR_GENERR);
124 return (SNMP_ERR_NOERROR);
128 case SNMP_OP_ROLLBACK:
129 return (SNMP_ERR_NOERROR);
134 return (string_get(val, vacm_ctx->ctxname, -1));
138 op_vacm_security_to_group(struct snmp_context *ctx, struct snmp_value *val,
139 uint32_t sub, uint32_t iidx __unused, enum snmp_op op)
142 char uname[SNMP_ADM_STR32_SIZ];
143 struct vacm_user *user;
147 if ((user = vacm_get_user(&val->var, sub)) == NULL)
148 return (SNMP_ERR_NOSUCHNAME);
151 case SNMP_OP_GETNEXT:
152 if ((user = vacm_get_next_user(&val->var, sub)) == NULL)
153 return (SNMP_ERR_NOSUCHNAME);
154 vacm_append_userindex(&val->var, sub, user);
158 if ((user = vacm_get_user(&val->var, sub)) == NULL &&
159 val->var.subs[sub - 1] != LEAF_vacmSecurityToGroupStatus)
160 return (SNMP_ERR_NOSUCHNAME);
163 if (community != COMM_INITIALIZE &&
164 user->type == StorageType_readOnly)
165 return (SNMP_ERR_NOT_WRITEABLE);
166 if (user->status == RowStatus_active &&
167 val->v.integer != RowStatus_destroy)
168 return (SNMP_ERR_INCONS_VALUE);
171 switch (val->var.subs[sub - 1]) {
172 case LEAF_vacmGroupName:
173 ctx->scratch->ptr1 = user->group->groupname;
174 ctx->scratch->int1 = strlen(user->group->groupname);
175 return (vacm_user_set_group(user,
176 val->v.octetstring.octets,val->v.octetstring.len));
178 case LEAF_vacmSecurityToGroupStorageType:
179 return (SNMP_ERR_INCONS_VALUE);
181 case LEAF_vacmSecurityToGroupStatus:
183 if (val->v.integer != RowStatus_createAndGo ||
184 vacm_user_index_decode(&val->var, sub,
186 return (SNMP_ERR_INCONS_VALUE);
187 user = vacm_new_user(smodel, uname);
189 return (SNMP_ERR_GENERR);
190 user->status = RowStatus_destroy;
191 if (community != COMM_INITIALIZE)
192 user->type = StorageType_volatile;
194 user->type = StorageType_readOnly;
195 } else if (val->v.integer != RowStatus_active &&
196 val->v.integer != RowStatus_destroy)
197 return (SNMP_ERR_INCONS_VALUE);
198 ctx->scratch->int1 = user->status;
199 user->status = val->v.integer;
202 return (SNMP_ERR_NOERROR);
205 if (val->var.subs[sub - 1] != LEAF_vacmSecurityToGroupStatus)
206 return (SNMP_ERR_NOERROR);
207 if ((user = vacm_get_user(&val->var, sub)) == NULL)
208 return (SNMP_ERR_GENERR);
209 switch (val->v.integer) {
210 case RowStatus_destroy:
211 return (vacm_delete_user(user));
213 case RowStatus_createAndGo:
214 user->status = RowStatus_active;
220 return (SNMP_ERR_NOERROR);
222 case SNMP_OP_ROLLBACK:
223 if ((user = vacm_get_user(&val->var, sub)) == NULL)
224 return (SNMP_ERR_GENERR);
225 switch (val->var.subs[sub - 1]) {
226 case LEAF_vacmGroupName:
227 return (vacm_user_set_group(user, ctx->scratch->ptr1,
228 ctx->scratch->int1));
230 case LEAF_vacmSecurityToGroupStatus:
231 if (ctx->scratch->int1 == RowStatus_destroy)
232 return (vacm_delete_user(user));
233 user->status = ctx->scratch->int1;
239 return (SNMP_ERR_NOERROR);
245 switch (val->var.subs[sub - 1]) {
246 case LEAF_vacmGroupName:
247 return (string_get(val, user->group->groupname, -1));
248 case LEAF_vacmSecurityToGroupStorageType:
249 val->v.integer = user->type;
251 case LEAF_vacmSecurityToGroupStatus:
252 val->v.integer = user->status;
258 return (SNMP_ERR_NOERROR);
262 op_vacm_access(struct snmp_context *ctx, struct snmp_value *val, uint32_t sub,
263 uint32_t iidx __unused, enum snmp_op op)
265 int32_t smodel, slevel;
266 char gname[SNMP_ADM_STR32_SIZ], cprefix[SNMP_ADM_STR32_SIZ];
267 struct vacm_access *acl;
271 if ((acl = vacm_get_access_rule(&val->var, sub)) == NULL)
272 return (SNMP_ERR_NOSUCHNAME);
275 case SNMP_OP_GETNEXT:
276 if ((acl = vacm_get_next_access_rule(&val->var, sub)) == NULL)
277 return (SNMP_ERR_NOSUCHNAME);
278 vacm_append_access_rule_index(&val->var, sub, acl);
282 if ((acl = vacm_get_access_rule(&val->var, sub)) == NULL &&
283 val->var.subs[sub - 1] != LEAF_vacmAccessStatus)
284 return (SNMP_ERR_NOSUCHNAME);
285 if (acl != NULL && community != COMM_INITIALIZE &&
286 acl->type == StorageType_readOnly)
287 return (SNMP_ERR_NOT_WRITEABLE);
289 switch (val->var.subs[sub - 1]) {
290 case LEAF_vacmAccessContextMatch:
291 ctx->scratch->int1 = acl->ctx_match;
292 if (val->v.integer == vacmAccessContextMatch_exact)
294 else if (val->v.integer == vacmAccessContextMatch_prefix)
297 return (SNMP_ERR_WRONG_VALUE);
300 case LEAF_vacmAccessReadViewName:
301 ctx->scratch->ptr1 = acl->read_view;
302 acl->read_view = vacm_get_view_by_name(val->v.octetstring.octets, val->v.octetstring.len);
303 if (acl->read_view == NULL) {
304 acl->read_view = ctx->scratch->ptr1;
305 return (SNMP_ERR_INCONS_VALUE);
307 return (SNMP_ERR_NOERROR);
309 case LEAF_vacmAccessWriteViewName:
310 ctx->scratch->ptr1 = acl->write_view;
311 if ((acl->write_view =
312 vacm_get_view_by_name(val->v.octetstring.octets,
313 val->v.octetstring.len)) == NULL) {
314 acl->write_view = ctx->scratch->ptr1;
315 return (SNMP_ERR_INCONS_VALUE);
319 case LEAF_vacmAccessNotifyViewName:
320 ctx->scratch->ptr1 = acl->notify_view;
321 if ((acl->notify_view =
322 vacm_get_view_by_name(val->v.octetstring.octets,
323 val->v.octetstring.len)) == NULL) {
324 acl->notify_view = ctx->scratch->ptr1;
325 return (SNMP_ERR_INCONS_VALUE);
329 case LEAF_vacmAccessStorageType:
330 return (SNMP_ERR_INCONS_VALUE);
332 case LEAF_vacmAccessStatus:
334 if (val->v.integer != RowStatus_createAndGo ||
335 vacm_access_rule_index_decode(&val->var,
336 sub, gname, cprefix, &smodel, &slevel) < 0)
337 return (SNMP_ERR_INCONS_VALUE);
338 if ((acl = vacm_new_access_rule(gname, cprefix,
339 smodel, slevel)) == NULL)
340 return (SNMP_ERR_GENERR);
341 acl->status = RowStatus_destroy;
342 if (community != COMM_INITIALIZE)
343 acl->type = StorageType_volatile;
345 acl->type = StorageType_readOnly;
346 } else if (val->v.integer != RowStatus_active &&
347 val->v.integer != RowStatus_destroy)
348 return (SNMP_ERR_INCONS_VALUE);
349 ctx->scratch->int1 = acl->status;
350 acl->status = val->v.integer;
353 return (SNMP_ERR_NOERROR);
356 if (val->var.subs[sub - 1] != LEAF_vacmAccessStatus)
357 return (SNMP_ERR_NOERROR);
358 if ((acl = vacm_get_access_rule(&val->var, sub)) == NULL)
359 return (SNMP_ERR_GENERR);
360 if (val->v.integer == RowStatus_destroy)
361 return (vacm_delete_access_rule(acl));
363 acl->status = RowStatus_active;
364 return (SNMP_ERR_NOERROR);
366 case SNMP_OP_ROLLBACK:
367 if ((acl = vacm_get_access_rule(&val->var, sub)) == NULL)
368 return (SNMP_ERR_GENERR);
369 switch (val->var.subs[sub - 1]) {
370 case LEAF_vacmAccessContextMatch:
371 acl->ctx_match = ctx->scratch->int1;
373 case LEAF_vacmAccessReadViewName:
374 acl->read_view = ctx->scratch->ptr1;
376 case LEAF_vacmAccessWriteViewName:
377 acl->write_view = ctx->scratch->ptr1;
379 case LEAF_vacmAccessNotifyViewName:
380 acl->notify_view = ctx->scratch->ptr1;
382 case LEAF_vacmAccessStatus:
383 if (ctx->scratch->int1 == RowStatus_destroy)
384 return (vacm_delete_access_rule(acl));
388 return (SNMP_ERR_NOERROR);
394 switch (val->var.subs[sub - 1]) {
395 case LEAF_vacmAccessContextMatch:
396 return (string_get(val, acl->ctx_prefix, -1));
397 case LEAF_vacmAccessReadViewName:
398 if (acl->read_view != NULL)
399 return (string_get(val, acl->read_view->viewname, -1));
401 return (string_get(val, NULL, 0));
402 case LEAF_vacmAccessWriteViewName:
403 if (acl->write_view != NULL)
404 return (string_get(val, acl->write_view->viewname, -1));
406 return (string_get(val, NULL, 0));
407 case LEAF_vacmAccessNotifyViewName:
408 if (acl->notify_view != NULL)
409 return (string_get(val, acl->notify_view->viewname, -1));
411 return (string_get(val, NULL, 0));
412 case LEAF_vacmAccessStorageType:
413 val->v.integer = acl->type;
415 case LEAF_vacmAccessStatus:
416 val->v.integer = acl->status;
422 return (SNMP_ERR_NOERROR);
426 op_vacm_view_lock(struct snmp_context *ctx __unused, struct snmp_value *val,
427 uint32_t sub, uint32_t iidx __unused, enum snmp_op op)
429 if (val->var.subs[sub - 1] != LEAF_vacmViewSpinLock)
430 return (SNMP_ERR_NOSUCHNAME);
434 if (++vacm_lock == INT32_MAX)
436 val->v.integer = vacm_lock;
439 case SNMP_OP_GETNEXT:
443 if (val->v.integer != vacm_lock)
444 return (SNMP_ERR_INCONS_VALUE);
447 case SNMP_OP_ROLLBACK:
453 return (SNMP_ERR_NOERROR);
457 op_vacm_view(struct snmp_context *ctx, struct snmp_value *val, uint32_t sub,
458 uint32_t iidx __unused, enum snmp_op op)
460 char vname[SNMP_ADM_STR32_SIZ];
462 struct vacm_view *view;
466 if ((view = vacm_get_view(&val->var, sub)) == NULL)
467 return (SNMP_ERR_NOSUCHNAME);
470 case SNMP_OP_GETNEXT:
471 if ((view = vacm_get_next_view(&val->var, sub)) == NULL)
472 return (SNMP_ERR_NOSUCHNAME);
473 vacm_append_viewindex(&val->var, sub, view);
477 if ((view = vacm_get_view(&val->var, sub)) == NULL &&
478 val->var.subs[sub - 1] != LEAF_vacmViewTreeFamilyStatus)
479 return (SNMP_ERR_NOSUCHNAME);
482 if (community != COMM_INITIALIZE &&
483 view->type == StorageType_readOnly)
484 return (SNMP_ERR_NOT_WRITEABLE);
485 if (view->status == RowStatus_active &&
486 val->v.integer != RowStatus_destroy)
487 return (SNMP_ERR_INCONS_VALUE);
490 switch (val->var.subs[sub - 1]) {
491 case LEAF_vacmViewTreeFamilyMask:
492 if (val->v.octetstring.len > sizeof(view->mask))
493 ctx->scratch->ptr1 = malloc(sizeof(view->mask));
494 if (ctx->scratch->ptr1 == NULL)
495 return (SNMP_ERR_GENERR);
496 memset(ctx->scratch->ptr1, 0, sizeof(view->mask));
497 memcpy(ctx->scratch->ptr1, view->mask,
499 memset(view->mask, 0, sizeof(view->mask));
500 memcpy(view->mask, val->v.octetstring.octets,
501 val->v.octetstring.len);
504 case LEAF_vacmViewTreeFamilyType:
505 ctx->scratch->int1 = view->exclude;
506 if (val->v.integer == vacmViewTreeFamilyType_included)
508 else if (val->v.integer == vacmViewTreeFamilyType_excluded)
511 return (SNMP_ERR_WRONG_VALUE);
514 case LEAF_vacmViewTreeFamilyStorageType:
515 return (SNMP_ERR_INCONS_VALUE);
517 case LEAF_vacmViewTreeFamilyStatus:
519 if (val->v.integer != RowStatus_createAndGo ||
520 vacm_view_index_decode(&val->var, sub, vname,
522 return (SNMP_ERR_INCONS_VALUE);
523 if ((view = vacm_new_view(vname, &oid)) == NULL)
524 return (SNMP_ERR_GENERR);
525 view->status = RowStatus_destroy;
526 if (community != COMM_INITIALIZE)
527 view->type = StorageType_volatile;
529 view->type = StorageType_readOnly;
530 } else if (val->v.integer != RowStatus_active &&
531 val->v.integer != RowStatus_destroy)
532 return (SNMP_ERR_INCONS_VALUE);
533 ctx->scratch->int1 = view->status;
534 view->status = val->v.integer;
537 return (SNMP_ERR_NOERROR);
540 switch (val->var.subs[sub - 1]) {
541 case LEAF_vacmViewTreeFamilyMask:
542 free(ctx->scratch->ptr1);
544 case LEAF_vacmViewTreeFamilyStatus:
545 if ((view = vacm_get_view(&val->var, sub)) == NULL)
546 return (SNMP_ERR_GENERR);
547 switch (val->v.integer) {
548 case RowStatus_destroy:
549 return (vacm_delete_view(view));
551 case RowStatus_createAndGo:
552 view->status = RowStatus_active;
557 return (SNMP_ERR_GENERR);
562 return (SNMP_ERR_NOERROR);
564 case SNMP_OP_ROLLBACK:
565 if ((view = vacm_get_view(&val->var, sub)) == NULL)
566 return (SNMP_ERR_GENERR);
567 switch (val->var.subs[sub - 1]) {
568 case LEAF_vacmViewTreeFamilyMask:
569 memcpy(view->mask, ctx->scratch->ptr1,
571 free(ctx->scratch->ptr1);
573 case LEAF_vacmViewTreeFamilyType:
574 view->exclude = ctx->scratch->int1;
576 case LEAF_vacmViewTreeFamilyStatus:
577 if (ctx->scratch->int1 == RowStatus_destroy)
578 return (vacm_delete_view(view));
583 return (SNMP_ERR_NOERROR);
589 switch (val->var.subs[sub - 1]) {
590 case LEAF_vacmViewTreeFamilyMask:
591 return (string_get(val, view->mask, sizeof(view->mask)));
592 case LEAF_vacmViewTreeFamilyType:
594 val->v.integer = vacmViewTreeFamilyType_excluded;
596 val->v.integer = vacmViewTreeFamilyType_included;
598 case LEAF_vacmViewTreeFamilyStorageType:
599 val->v.integer = view->type;
601 case LEAF_vacmViewTreeFamilyStatus:
602 val->v.integer = view->status;
608 return (SNMP_ERR_NOERROR);
612 vacm_append_userindex(struct asn_oid *oid, uint sub,
613 const struct vacm_user *user)
617 oid->len = sub + strlen(user->secname) + 2;
618 oid->subs[sub++] = user->sec_model;
619 oid->subs[sub] = strlen(user->secname);
620 for (i = 1; i <= strlen(user->secname); i++)
621 oid->subs[sub + i] = user->secname[i - 1];
625 vacm_user_index_decode(const struct asn_oid *oid, uint sub,
626 int32_t *smodel, char *uname)
630 *smodel = oid->subs[sub++];
632 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ)
635 for (i = 0; i < oid->subs[sub]; i++)
636 uname[i] = oid->subs[sub + i + 1];
642 static struct vacm_user *
643 vacm_get_user(const struct asn_oid *oid, uint sub)
646 char uname[SNMP_ADM_STR32_SIZ];
647 struct vacm_user *user;
649 if (vacm_user_index_decode(oid, sub, &smodel, uname) < 0)
652 for (user = vacm_first_user(); user != NULL; user = vacm_next_user(user))
653 if (strcmp(uname, user->secname) == 0 &&
654 user->sec_model == smodel)
660 static struct vacm_user *
661 vacm_get_next_user(const struct asn_oid *oid, uint sub)
664 char uname[SNMP_ADM_STR32_SIZ];
665 struct vacm_user *user;
667 if (oid->len - sub == 0)
668 return (vacm_first_user());
670 if (vacm_user_index_decode(oid, sub, &smodel, uname) < 0)
673 for (user = vacm_first_user(); user != NULL; user = vacm_next_user(user))
674 if (strcmp(uname, user->secname) == 0 &&
675 user->sec_model == smodel)
676 return (vacm_next_user(user));
682 vacm_append_access_rule_index(struct asn_oid *oid, uint sub,
683 const struct vacm_access *acl)
687 oid->len = sub + strlen(acl->group->groupname) +
688 strlen(acl->ctx_prefix) + 4;
690 oid->subs[sub] = strlen(acl->group->groupname);
691 for (i = 1; i <= strlen(acl->group->groupname); i++)
692 oid->subs[sub + i] = acl->group->groupname[i - 1];
693 sub += strlen(acl->group->groupname) + 1;
695 oid->subs[sub] = strlen(acl->ctx_prefix);
696 for (i = 1; i <= strlen(acl->ctx_prefix); i++)
697 oid->subs[sub + i] = acl->ctx_prefix[i - 1];
698 sub += strlen(acl->ctx_prefix) + 1;
699 oid->subs[sub++] = acl->sec_model;
700 oid->subs[sub] = acl->sec_level;
704 vacm_access_rule_index_decode(const struct asn_oid *oid, uint sub, char *gname,
705 char *cprefix, int32_t *smodel, int32_t *slevel)
709 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ)
712 for (i = 0; i < oid->subs[sub]; i++)
713 gname[i] = oid->subs[sub + i + 1];
715 sub += strlen(gname) + 1;
717 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ)
720 for (i = 0; i < oid->subs[sub]; i++)
721 cprefix[i] = oid->subs[sub + i + 1];
723 sub += strlen(cprefix) + 1;
725 *smodel = oid->subs[sub++];
726 *slevel = oid->subs[sub];
732 vacm_get_access_rule(const struct asn_oid *oid, uint sub)
734 int32_t smodel, slevel;
735 char gname[SNMP_ADM_STR32_SIZ], prefix[SNMP_ADM_STR32_SIZ];
736 struct vacm_access *acl;
738 if (vacm_access_rule_index_decode(oid, sub, gname, prefix, &smodel,
742 for (acl = vacm_first_access_rule(); acl != NULL;
743 acl = vacm_next_access_rule(acl))
744 if (strcmp(gname, acl->group->groupname) == 0 &&
745 strcmp(prefix, acl->ctx_prefix) == 0 &&
746 smodel == acl->sec_model && slevel == acl->sec_level)
753 vacm_get_next_access_rule(const struct asn_oid *oid __unused, uint sub __unused)
755 int32_t smodel, slevel;
756 char gname[SNMP_ADM_STR32_SIZ], prefix[SNMP_ADM_STR32_SIZ];
757 struct vacm_access *acl;
759 if (oid->len - sub == 0)
760 return (vacm_first_access_rule());
762 if (vacm_access_rule_index_decode(oid, sub, gname, prefix, &smodel,
766 for (acl = vacm_first_access_rule(); acl != NULL;
767 acl = vacm_next_access_rule(acl))
768 if (strcmp(gname, acl->group->groupname) == 0 &&
769 strcmp(prefix, acl->ctx_prefix) == 0 &&
770 smodel == acl->sec_model && slevel == acl->sec_model)
771 return (vacm_next_access_rule(acl));
777 vacm_view_index_decode(const struct asn_oid *oid, uint sub, char *vname,
778 struct asn_oid *view_oid)
783 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ)
786 for (i = 0; i < oid->subs[sub]; i++)
787 vname[i] = oid->subs[sub + i + 1];
790 viod_off = sub + oid->subs[sub] + 1;
791 if ((view_oid->len = oid->subs[viod_off]) > ASN_MAXOIDLEN)
794 memcpy(&view_oid->subs[0], &oid->subs[viod_off + 1],
795 view_oid->len * sizeof(view_oid->subs[0]));
801 vacm_append_viewindex(struct asn_oid *oid, uint sub, const struct vacm_view *view)
805 oid->len = sub + strlen(view->viewname) + 1;
806 oid->subs[sub] = strlen(view->viewname);
807 for (i = 1; i <= strlen(view->viewname); i++)
808 oid->subs[sub + i] = view->viewname[i - 1];
810 sub += strlen(view->viewname) + 1;
811 oid->subs[sub] = view->subtree.len;
813 asn_append_oid(oid, &view->subtree);
817 vacm_get_view(const struct asn_oid *oid, uint sub)
819 char vname[SNMP_ADM_STR32_SIZ];
820 struct asn_oid subtree;
821 struct vacm_view *view;
823 if (vacm_view_index_decode(oid, sub, vname, &subtree) < 0)
826 for (view = vacm_first_view(); view != NULL; view = vacm_next_view(view))
827 if (strcmp(vname, view->viewname) == 0 &&
828 asn_compare_oid(&subtree, &view->subtree)== 0)
835 vacm_get_next_view(const struct asn_oid *oid, uint sub)
837 char vname[SNMP_ADM_STR32_SIZ];
838 struct asn_oid subtree;
839 struct vacm_view *view;
841 if (oid->len - sub == 0)
842 return (vacm_first_view());
844 if (vacm_view_index_decode(oid, sub, vname, &subtree) < 0)
847 for (view = vacm_first_view(); view != NULL; view = vacm_next_view(view))
848 if (strcmp(vname, view->viewname) == 0 &&
849 asn_compare_oid(&subtree, &view->subtree)== 0)
850 return (vacm_next_view(view));
855 static struct vacm_view *
856 vacm_get_view_by_name(u_char *octets, u_int len)
858 struct vacm_view *view;
860 for (view = vacm_first_view(); view != NULL; view = vacm_next_view(view))
861 if (strlen(view->viewname) == len &&
862 memcmp(octets, view->viewname, len) == 0)
868 static struct vacm_context *
869 vacm_get_context(const struct asn_oid *oid, uint sub)
871 char cname[SNMP_ADM_STR32_SIZ];
874 struct vacm_context *vacm_ctx;
876 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ)
880 index_count = SNMP_INDEX(index_count, 1);
881 if (index_decode(oid, sub, index_count, &cname, &cnamelen))
884 for (vacm_ctx = vacm_first_context(); vacm_ctx != NULL;
885 vacm_ctx = vacm_next_context(vacm_ctx))
886 if (strcmp(cname, vacm_ctx->ctxname) == 0)
892 static struct vacm_context *
893 vacm_get_next_context(const struct asn_oid *oid, uint sub)
895 char cname[SNMP_ADM_STR32_SIZ];
898 struct vacm_context *vacm_ctx;
900 if (oid->len - sub == 0)
901 return (vacm_first_context());
903 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ)
907 index_count = SNMP_INDEX(index_count, 1);
908 if (index_decode(oid, sub, index_count, &cname, &cnamelen))
911 for (vacm_ctx = vacm_first_context(); vacm_ctx != NULL;
912 vacm_ctx = vacm_next_context(vacm_ctx))
913 if (strcmp(cname, vacm_ctx->ctxname) == 0)
914 return (vacm_next_context(vacm_ctx));
920 vacm_append_ctxindex(struct asn_oid *oid, uint sub,
921 const struct vacm_context *ctx)
925 oid->len = sub + strlen(ctx->ctxname) + 1;
926 oid->subs[sub] = strlen(ctx->ctxname);
927 for (i = 1; i <= strlen(ctx->ctxname); i++)
928 oid->subs[sub + i] = ctx->ctxname[i - 1];
932 * VACM snmp module initialization hook.
933 * Returns 0 on success, < 0 on error.
936 vacm_init(struct lmodule *mod, int argc __unused, char *argv[] __unused)
939 vacm_lock = random();
942 /* XXX: TODO - initialize structures */
947 * VACM snmp module finalization hook.
952 /* XXX: TODO - cleanup */
953 vacm_flush_contexts(reg_vacm);
954 or_unregister(reg_vacm);
960 * VACM snmp module start operation.
965 static char dflt_ctx[] = "";
967 reg_vacm = or_register(&oid_vacm,
968 "The MIB module for managing SNMP View-based Access Control Model.",
971 (void)vacm_add_context(dflt_ctx, reg_vacm);
977 struct vacm_context *vacmctx;
978 struct vacm_user *vuser;
979 struct vacm_access *vacl;
980 struct vacm_view *view;
981 static char oidbuf[ASN_OIDSTRLEN];
983 syslog(LOG_ERR, "\n");
984 syslog(LOG_ERR, "Context list:");
985 for (vacmctx = vacm_first_context(); vacmctx != NULL;
986 vacmctx = vacm_next_context(vacmctx))
987 syslog(LOG_ERR, "Context \"%s\", module id %d",
988 vacmctx->ctxname, vacmctx->regid);
990 syslog(LOG_ERR, "VACM users:");
991 for (vuser = vacm_first_user(); vuser != NULL;
992 vuser = vacm_next_user(vuser))
993 syslog(LOG_ERR, "Uname %s, Group %s, model %d", vuser->secname,
994 vuser->group!= NULL?vuser->group->groupname:"Unknown",
997 syslog(LOG_ERR, "VACM Access rules:");
998 for (vacl = vacm_first_access_rule(); vacl != NULL;
999 vacl = vacm_next_access_rule(vacl))
1000 syslog(LOG_ERR, "Group %s, CtxPrefix %s, Model %d, Level %d, "
1001 "RV %s, WR %s, NV %s", vacl->group!=NULL?
1002 vacl->group->groupname:"Unknown", vacl->ctx_prefix,
1003 vacl->sec_model, vacl->sec_level, vacl->read_view!=NULL?
1004 vacl->read_view->viewname:"None", vacl->write_view!=NULL?
1005 vacl->write_view->viewname:"None", vacl->notify_view!=NULL?
1006 vacl->notify_view->viewname:"None");
1008 syslog(LOG_ERR, "VACM Views:");
1009 for (view = vacm_first_view(); view != NULL; view = vacm_next_view(view))
1010 syslog(LOG_ERR, "View %s, Tree %s - %s", view->viewname,
1011 asn_oid2str_r(&view->subtree, oidbuf), view->exclude?
1012 "excluded":"included");
1015 const char vacm_comment[] = \
1016 "This module implements SNMP View-based Access Control Model defined in RFC 3415.";
1018 const struct snmp_module config = {
1019 .comment = vacm_comment,
1022 .start = vacm_start,
1025 .tree_size = vacm_CTREE_SIZE,
projects / FreeBSD / releng / 10.0.git / blob