68
68
static struct vacm_accessEntry *accessList = NULL, *accessScanPtr = NULL;
69
69
static struct vacm_groupEntry *groupList = NULL, *groupScanPtr = NULL;
72
* Macro to extend view masks with 1 bits when shorter than subtree lengths
73
* REF: vacmViewTreeFamilyMask [RFC3415], snmpNotifyFilterMask [RFC3413]
76
#define VIEW_MASK(viewPtr, idx, mask) \
77
((idx >= viewPtr->viewMaskLen) ? mask : (viewPtr->viewMask[idx] & mask))
72
80
* Initilizes the VACM code.
108
117
for (aptr = accessList; aptr != NULL; aptr = aptr->next) {
109
if (aptr->storageType == ST_NONVOLATILE)
110
vacm_save_access(aptr, token, type);
118
if (aptr->storageType == ST_NONVOLATILE) {
119
/* Store the standard views (if set) */
120
if ( aptr->views[VACM_VIEW_READ ][0] ||
121
aptr->views[VACM_VIEW_WRITE ][0] ||
122
aptr->views[VACM_VIEW_NOTIFY][0] )
123
vacm_save_access(aptr, token, type);
124
/* Store any other (valid) access views */
125
for ( i=VACM_VIEW_NOTIFY+1; i<VACM_MAX_VIEWS; i++ ) {
126
if ( aptr->views[i][0] )
127
vacm_save_auth_access(aptr, token, type, i);
113
132
for (gptr = groupList; gptr != NULL; gptr = gptr->next) {
232
vacm_parse_config_access(const char *token, char *line)
251
vacm_save_auth_access(struct vacm_accessEntry *access_entry,
252
const char *token, const char *type, int authtype)
257
memset(line, 0, sizeof(line));
258
snprintf(line, sizeof(line), "%s%s %d %d %d %d %d ",
259
token, "AuthAccess", access_entry->status,
260
access_entry->storageType, access_entry->securityModel,
261
access_entry->securityLevel, access_entry->contextMatch);
262
line[ sizeof(line)-1 ] = 0;
263
cptr = &line[strlen(line)]; /* the NULL */
265
read_config_save_octet_string(cptr,
266
(u_char *) access_entry->groupName + 1,
267
access_entry->groupName[0] + 1);
270
read_config_save_octet_string(cptr,
271
(u_char *) access_entry->contextPrefix + 1,
272
access_entry->contextPrefix[0] + 1);
274
snprintf(cptr, sizeof(line)-(cptr-line), " %d ", authtype);
279
cptr = read_config_save_octet_string(cptr,
280
(u_char *)access_entry->views[authtype],
281
strlen(access_entry->views[authtype]) + 1);
283
read_config_store(type, line);
287
_vacm_parse_config_access_common(struct vacm_accessEntry **aptr, char *line)
234
289
struct vacm_accessEntry access;
235
struct vacm_accessEntry *aptr;
236
char *contextPrefix = (char *) &access.contextPrefix;
237
char *groupName = (char *) &access.groupName;
238
char *readView, *writeView, *notifyView;
290
char *cPrefix = (char *) &access.contextPrefix;
291
char *gName = (char *) &access.groupName;
241
294
access.status = atoi(line);
248
301
line = skip_token(line);
249
302
access.contextMatch = atoi(line);
250
303
line = skip_token(line);
251
len = sizeof(access.groupName);
253
read_config_read_octet_string(line, (u_char **) & groupName, &len);
254
len = sizeof(access.contextPrefix);
256
read_config_read_octet_string(line, (u_char **) & contextPrefix,
259
aptr = vacm_createAccessEntry(access.groupName, access.contextPrefix,
260
access.securityModel,
261
access.securityLevel);
304
len = sizeof(access.groupName);
305
line = read_config_read_octet_string(line, (u_char **) &gName, &len);
306
len = sizeof(access.contextPrefix);
307
line = read_config_read_octet_string(line, (u_char **) &cPrefix, &len);
309
*aptr = vacm_getAccessEntry(access.groupName,
310
access.contextPrefix,
311
access.securityModel,
312
access.securityLevel);
314
*aptr = vacm_createAccessEntry(access.groupName,
315
access.contextPrefix,
316
access.securityModel,
317
access.securityLevel);
321
(*aptr)->status = access.status;
322
(*aptr)->storageType = access.storageType;
323
(*aptr)->securityModel = access.securityModel;
324
(*aptr)->securityLevel = access.securityLevel;
325
(*aptr)->contextMatch = access.contextMatch;
330
vacm_parse_config_access(const char *token, char *line)
332
struct vacm_accessEntry *aptr;
333
char *readView, *writeView, *notifyView;
336
line = _vacm_parse_config_access_common(&aptr, line);
265
aptr->status = access.status;
266
aptr->storageType = access.storageType;
267
aptr->securityModel = access.securityModel;
268
aptr->securityLevel = access.securityLevel;
269
aptr->contextMatch = access.contextMatch;
270
340
readView = (char *) aptr->views[VACM_VIEW_READ];
271
341
len = sizeof(aptr->views[VACM_VIEW_READ]);
356
vacm_parse_config_auth_access(const char *token, char *line)
358
struct vacm_accessEntry *aptr;
363
line = _vacm_parse_config_access_common(&aptr, line);
367
authtype = atoi(line);
368
line = skip_token(line);
370
view = (char *) aptr->views[authtype];
371
len = sizeof(aptr->views[authtype]);
372
line = read_config_read_octet_string(line, (u_char **) & view, &len);
286
376
* vacm_save_group(): saves a group entry to the persistent cache
366
if (mode != VACM_MODE_IGNORE_MASK) { /* check the mask */
368
found && oidpos < (int) vp->viewSubtreeLen - 1;
370
if ((vp->viewMask[maskpos] & mask) != 0) {
371
if (viewSubtree[oidpos] !=
372
vp->viewSubtree[oidpos + 1])
457
found && oidpos < (int) vp->viewSubtreeLen - 1;
459
if (mode==VACM_MODE_IGNORE_MASK || (VIEW_MASK(vp, maskpos, mask)) != 0) {
460
if (viewSubtree[oidpos] !=
461
vp->viewSubtree[oidpos + 1])
384
473
* match successful, keep this node if its longer than
440
529
return VACM_NOTINVIEW;
442
531
strcpy(view + 1, viewName);
532
DEBUGMSGTL(("9:vacm:checkSubtree", "view %s\n", viewName));
443
533
for (vp = head; vp; vp = vp->next) {
444
534
if (!memcmp(view, vp->viewName, glen + 1)) {
459
549
found && oidpos < (int) vp->viewSubtreeLen - 1;
461
if ((vp->viewMask[maskpos] & mask) != 0) {
551
if (VIEW_MASK(vp, maskpos, mask) != 0) {
462
552
if (viewSubtree[oidpos] !=
463
553
vp->viewSubtree[oidpos + 1])
506
597
found && oidpos < (int) viewSubtreeLen;
508
if ((vp->viewMask[maskpos] & mask) != 0) {
599
if (VIEW_MASK(vp, maskpos, mask) != 0) {
509
600
if (viewSubtree[oidpos] !=
510
601
vp->viewSubtree[oidpos + 1])
523
614
* with a different view type, then parts of the subtree
524
615
* are included and others are excluded, so return UNKNOWN.
617
DEBUGMSGTL(("9:vacm:checkSubtree", " %s matched?\n", vp->viewName));
526
618
if (vpLonger != NULL
527
619
&& (vpLonger->viewType != vp->viewType)) {
528
620
DEBUGMSGTL(("vacm:checkSubtree", ", %s\n", "unknown"));