Lines Matching +full:sub +full:-
1 /*-
91 uint32_t sub, uint32_t iidx __unused, enum snmp_op op) in op_vacm_context() argument
97 if (val->var.subs[sub - 1] != LEAF_vacmContextName) in op_vacm_context()
102 if ((vacm_ctx = vacm_get_context(&val->var, sub)) == NULL) in op_vacm_context()
107 if ((vacm_ctx = vacm_get_next_context(&val->var, sub)) == NULL) in op_vacm_context()
109 vacm_append_ctxindex(&val->var, sub, vacm_ctx); in op_vacm_context()
113 if ((vacm_ctx = vacm_get_context(&val->var, sub)) != NULL) in op_vacm_context()
117 if (val->var.subs[sub] >= SNMP_ADM_STR32_SIZ) in op_vacm_context()
119 if (index_decode(&val->var, sub, iidx, &cname, &cnamelen)) in op_vacm_context()
134 return (string_get(val, vacm_ctx->ctxname, -1)); in op_vacm_context()
139 uint32_t sub, uint32_t iidx __unused, enum snmp_op op) in op_vacm_security_to_group() argument
147 if ((user = vacm_get_user(&val->var, sub)) == NULL) in op_vacm_security_to_group()
152 if ((user = vacm_get_next_user(&val->var, sub)) == NULL) in op_vacm_security_to_group()
154 vacm_append_userindex(&val->var, sub, user); in op_vacm_security_to_group()
158 if ((user = vacm_get_user(&val->var, sub)) == NULL && in op_vacm_security_to_group()
159 val->var.subs[sub - 1] != LEAF_vacmSecurityToGroupStatus) in op_vacm_security_to_group()
164 user->type == StorageType_readOnly) in op_vacm_security_to_group()
166 if (user->status == RowStatus_active && in op_vacm_security_to_group()
167 val->v.integer != RowStatus_destroy) in op_vacm_security_to_group()
171 switch (val->var.subs[sub - 1]) { in op_vacm_security_to_group()
173 ctx->scratch->ptr1 = user->group->groupname; in op_vacm_security_to_group()
174 ctx->scratch->int1 = strlen(user->group->groupname); in op_vacm_security_to_group()
176 val->v.octetstring.octets,val->v.octetstring.len)); in op_vacm_security_to_group()
183 if (val->v.integer != RowStatus_createAndGo || in op_vacm_security_to_group()
184 vacm_user_index_decode(&val->var, sub, in op_vacm_security_to_group()
190 user->status = RowStatus_destroy; in op_vacm_security_to_group()
192 user->type = StorageType_volatile; in op_vacm_security_to_group()
194 user->type = StorageType_readOnly; in op_vacm_security_to_group()
195 } else if (val->v.integer != RowStatus_active && in op_vacm_security_to_group()
196 val->v.integer != RowStatus_destroy) in op_vacm_security_to_group()
198 ctx->scratch->int1 = user->status; in op_vacm_security_to_group()
199 user->status = val->v.integer; in op_vacm_security_to_group()
205 if (val->var.subs[sub - 1] != LEAF_vacmSecurityToGroupStatus) in op_vacm_security_to_group()
207 if ((user = vacm_get_user(&val->var, sub)) == NULL) in op_vacm_security_to_group()
209 switch (val->v.integer) { in op_vacm_security_to_group()
214 user->status = RowStatus_active; in op_vacm_security_to_group()
223 if ((user = vacm_get_user(&val->var, sub)) == NULL) in op_vacm_security_to_group()
225 switch (val->var.subs[sub - 1]) { in op_vacm_security_to_group()
227 return (vacm_user_set_group(user, ctx->scratch->ptr1, in op_vacm_security_to_group()
228 ctx->scratch->int1)); in op_vacm_security_to_group()
231 if (ctx->scratch->int1 == RowStatus_destroy) in op_vacm_security_to_group()
233 user->status = ctx->scratch->int1; in op_vacm_security_to_group()
245 switch (val->var.subs[sub - 1]) { in op_vacm_security_to_group()
247 return (string_get(val, user->group->groupname, -1)); in op_vacm_security_to_group()
249 val->v.integer = user->type; in op_vacm_security_to_group()
252 val->v.integer = user->status; in op_vacm_security_to_group()
262 op_vacm_access(struct snmp_context *ctx, struct snmp_value *val, uint32_t sub, in op_vacm_access() argument
271 if ((acl = vacm_get_access_rule(&val->var, sub)) == NULL) in op_vacm_access()
276 if ((acl = vacm_get_next_access_rule(&val->var, sub)) == NULL) in op_vacm_access()
278 vacm_append_access_rule_index(&val->var, sub, acl); in op_vacm_access()
282 if ((acl = vacm_get_access_rule(&val->var, sub)) == NULL && in op_vacm_access()
283 val->var.subs[sub - 1] != LEAF_vacmAccessStatus) in op_vacm_access()
286 acl->type == StorageType_readOnly) in op_vacm_access()
289 switch (val->var.subs[sub - 1]) { in op_vacm_access()
291 ctx->scratch->int1 = acl->ctx_match; in op_vacm_access()
292 if (val->v.integer == vacmAccessContextMatch_exact) in op_vacm_access()
293 acl->ctx_match = 1; in op_vacm_access()
294 else if (val->v.integer == vacmAccessContextMatch_prefix) in op_vacm_access()
295 acl->ctx_match = 0; in op_vacm_access()
301 ctx->scratch->ptr1 = acl->read_view; in op_vacm_access()
302 acl->read_view = vacm_get_view_by_name(val->v.octetstring.octets, val->v.octetstring.len); in op_vacm_access()
303 if (acl->read_view == NULL) { in op_vacm_access()
304 acl->read_view = ctx->scratch->ptr1; in op_vacm_access()
310 ctx->scratch->ptr1 = acl->write_view; in op_vacm_access()
311 if ((acl->write_view = in op_vacm_access()
312 vacm_get_view_by_name(val->v.octetstring.octets, in op_vacm_access()
313 val->v.octetstring.len)) == NULL) { in op_vacm_access()
314 acl->write_view = ctx->scratch->ptr1; in op_vacm_access()
320 ctx->scratch->ptr1 = acl->notify_view; in op_vacm_access()
321 if ((acl->notify_view = in op_vacm_access()
322 vacm_get_view_by_name(val->v.octetstring.octets, in op_vacm_access()
323 val->v.octetstring.len)) == NULL) { in op_vacm_access()
324 acl->notify_view = ctx->scratch->ptr1; in op_vacm_access()
334 if (val->v.integer != RowStatus_createAndGo || in op_vacm_access()
335 vacm_access_rule_index_decode(&val->var, in op_vacm_access()
336 sub, gname, cprefix, &smodel, &slevel) < 0) in op_vacm_access()
341 acl->status = RowStatus_destroy; in op_vacm_access()
343 acl->type = StorageType_volatile; in op_vacm_access()
345 acl->type = StorageType_readOnly; in op_vacm_access()
346 } else if (val->v.integer != RowStatus_active && in op_vacm_access()
347 val->v.integer != RowStatus_destroy) in op_vacm_access()
349 ctx->scratch->int1 = acl->status; in op_vacm_access()
350 acl->status = val->v.integer; in op_vacm_access()
356 if (val->var.subs[sub - 1] != LEAF_vacmAccessStatus) in op_vacm_access()
358 if ((acl = vacm_get_access_rule(&val->var, sub)) == NULL) in op_vacm_access()
360 if (val->v.integer == RowStatus_destroy) in op_vacm_access()
363 acl->status = RowStatus_active; in op_vacm_access()
367 if ((acl = vacm_get_access_rule(&val->var, sub)) == NULL) in op_vacm_access()
369 switch (val->var.subs[sub - 1]) { in op_vacm_access()
371 acl->ctx_match = ctx->scratch->int1; in op_vacm_access()
374 acl->read_view = ctx->scratch->ptr1; in op_vacm_access()
377 acl->write_view = ctx->scratch->ptr1; in op_vacm_access()
380 acl->notify_view = ctx->scratch->ptr1; in op_vacm_access()
383 if (ctx->scratch->int1 == RowStatus_destroy) in op_vacm_access()
394 switch (val->var.subs[sub - 1]) { in op_vacm_access()
396 return (string_get(val, acl->ctx_prefix, -1)); in op_vacm_access()
398 if (acl->read_view != NULL) in op_vacm_access()
399 return (string_get(val, acl->read_view->viewname, -1)); in op_vacm_access()
403 if (acl->write_view != NULL) in op_vacm_access()
404 return (string_get(val, acl->write_view->viewname, -1)); in op_vacm_access()
408 if (acl->notify_view != NULL) in op_vacm_access()
409 return (string_get(val, acl->notify_view->viewname, -1)); in op_vacm_access()
413 val->v.integer = acl->type; in op_vacm_access()
416 val->v.integer = acl->status; in op_vacm_access()
427 uint32_t sub, uint32_t iidx __unused, enum snmp_op op) in op_vacm_view_lock() argument
429 if (val->var.subs[sub - 1] != LEAF_vacmViewSpinLock) in op_vacm_view_lock()
436 val->v.integer = vacm_lock; in op_vacm_view_lock()
443 if (val->v.integer != vacm_lock) in op_vacm_view_lock()
457 op_vacm_view(struct snmp_context *ctx, struct snmp_value *val, uint32_t sub, in op_vacm_view() argument
466 if ((view = vacm_get_view(&val->var, sub)) == NULL) in op_vacm_view()
471 if ((view = vacm_get_next_view(&val->var, sub)) == NULL) in op_vacm_view()
473 vacm_append_viewindex(&val->var, sub, view); in op_vacm_view()
477 if ((view = vacm_get_view(&val->var, sub)) == NULL && in op_vacm_view()
478 val->var.subs[sub - 1] != LEAF_vacmViewTreeFamilyStatus) in op_vacm_view()
483 view->type == StorageType_readOnly) in op_vacm_view()
485 if (view->status == RowStatus_active && in op_vacm_view()
486 val->v.integer != RowStatus_destroy) in op_vacm_view()
490 switch (val->var.subs[sub - 1]) { in op_vacm_view()
492 if (val->v.octetstring.len > sizeof(view->mask)) in op_vacm_view()
493 ctx->scratch->ptr1 = malloc(sizeof(view->mask)); in op_vacm_view()
494 if (ctx->scratch->ptr1 == NULL) in op_vacm_view()
496 memset(ctx->scratch->ptr1, 0, sizeof(view->mask)); in op_vacm_view()
497 memcpy(ctx->scratch->ptr1, view->mask, in op_vacm_view()
498 sizeof(view->mask)); in op_vacm_view()
499 memset(view->mask, 0, sizeof(view->mask)); in op_vacm_view()
500 memcpy(view->mask, val->v.octetstring.octets, in op_vacm_view()
501 val->v.octetstring.len); in op_vacm_view()
505 ctx->scratch->int1 = view->exclude; in op_vacm_view()
506 if (val->v.integer == vacmViewTreeFamilyType_included) in op_vacm_view()
507 view->exclude = 0; in op_vacm_view()
508 else if (val->v.integer == vacmViewTreeFamilyType_excluded) in op_vacm_view()
509 view->exclude = 1; in op_vacm_view()
519 if (val->v.integer != RowStatus_createAndGo || in op_vacm_view()
520 vacm_view_index_decode(&val->var, sub, vname, in op_vacm_view()
525 view->status = RowStatus_destroy; in op_vacm_view()
527 view->type = StorageType_volatile; in op_vacm_view()
529 view->type = StorageType_readOnly; in op_vacm_view()
530 } else if (val->v.integer != RowStatus_active && in op_vacm_view()
531 val->v.integer != RowStatus_destroy) in op_vacm_view()
533 ctx->scratch->int1 = view->status; in op_vacm_view()
534 view->status = val->v.integer; in op_vacm_view()
540 switch (val->var.subs[sub - 1]) { in op_vacm_view()
542 free(ctx->scratch->ptr1); in op_vacm_view()
545 if ((view = vacm_get_view(&val->var, sub)) == NULL) in op_vacm_view()
547 switch (val->v.integer) { in op_vacm_view()
552 view->status = RowStatus_active; in op_vacm_view()
565 if ((view = vacm_get_view(&val->var, sub)) == NULL) in op_vacm_view()
567 switch (val->var.subs[sub - 1]) { in op_vacm_view()
569 memcpy(view->mask, ctx->scratch->ptr1, in op_vacm_view()
570 sizeof(view->mask)); in op_vacm_view()
571 free(ctx->scratch->ptr1); in op_vacm_view()
574 view->exclude = ctx->scratch->int1; in op_vacm_view()
577 if (ctx->scratch->int1 == RowStatus_destroy) in op_vacm_view()
589 switch (val->var.subs[sub - 1]) { in op_vacm_view()
591 return (string_get(val, view->mask, sizeof(view->mask))); in op_vacm_view()
593 if (view->exclude) in op_vacm_view()
594 val->v.integer = vacmViewTreeFamilyType_excluded; in op_vacm_view()
596 val->v.integer = vacmViewTreeFamilyType_included; in op_vacm_view()
599 val->v.integer = view->type; in op_vacm_view()
602 val->v.integer = view->status; in op_vacm_view()
612 vacm_append_userindex(struct asn_oid *oid, uint sub, in vacm_append_userindex() argument
617 oid->len = sub + strlen(user->secname) + 2; in vacm_append_userindex()
618 oid->subs[sub++] = user->sec_model; in vacm_append_userindex()
619 oid->subs[sub] = strlen(user->secname); in vacm_append_userindex()
620 for (i = 1; i <= strlen(user->secname); i++) in vacm_append_userindex()
621 oid->subs[sub + i] = user->secname[i - 1]; in vacm_append_userindex()
625 vacm_user_index_decode(const struct asn_oid *oid, uint sub, in vacm_user_index_decode() argument
630 *smodel = oid->subs[sub++]; in vacm_user_index_decode()
632 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ) in vacm_user_index_decode()
633 return (-1); in vacm_user_index_decode()
635 for (i = 0; i < oid->subs[sub]; i++) in vacm_user_index_decode()
636 uname[i] = oid->subs[sub + i + 1]; in vacm_user_index_decode()
643 vacm_get_user(const struct asn_oid *oid, uint sub) in vacm_get_user() argument
649 if (vacm_user_index_decode(oid, sub, &smodel, uname) < 0) in vacm_get_user()
653 if (strcmp(uname, user->secname) == 0 && in vacm_get_user()
654 user->sec_model == smodel) in vacm_get_user()
661 vacm_get_next_user(const struct asn_oid *oid, uint sub) in vacm_get_next_user() argument
667 if (oid->len - sub == 0) in vacm_get_next_user()
670 if (vacm_user_index_decode(oid, sub, &smodel, uname) < 0) in vacm_get_next_user()
674 if (strcmp(uname, user->secname) == 0 && in vacm_get_next_user()
675 user->sec_model == smodel) in vacm_get_next_user()
682 vacm_append_access_rule_index(struct asn_oid *oid, uint sub, in vacm_append_access_rule_index() argument
687 oid->len = sub + strlen(acl->group->groupname) + in vacm_append_access_rule_index()
688 strlen(acl->ctx_prefix) + 4; in vacm_append_access_rule_index()
690 oid->subs[sub] = strlen(acl->group->groupname); in vacm_append_access_rule_index()
691 for (i = 1; i <= strlen(acl->group->groupname); i++) in vacm_append_access_rule_index()
692 oid->subs[sub + i] = acl->group->groupname[i - 1]; in vacm_append_access_rule_index()
693 sub += strlen(acl->group->groupname) + 1; in vacm_append_access_rule_index()
695 oid->subs[sub] = strlen(acl->ctx_prefix); in vacm_append_access_rule_index()
696 for (i = 1; i <= strlen(acl->ctx_prefix); i++) in vacm_append_access_rule_index()
697 oid->subs[sub + i] = acl->ctx_prefix[i - 1]; in vacm_append_access_rule_index()
698 sub += strlen(acl->ctx_prefix) + 1; in vacm_append_access_rule_index()
699 oid->subs[sub++] = acl->sec_model; in vacm_append_access_rule_index()
700 oid->subs[sub] = acl->sec_level; in vacm_append_access_rule_index()
704 vacm_access_rule_index_decode(const struct asn_oid *oid, uint sub, char *gname, in vacm_access_rule_index_decode() argument
709 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ) in vacm_access_rule_index_decode()
710 return (-1); in vacm_access_rule_index_decode()
712 for (i = 0; i < oid->subs[sub]; i++) in vacm_access_rule_index_decode()
713 gname[i] = oid->subs[sub + i + 1]; in vacm_access_rule_index_decode()
715 sub += strlen(gname) + 1; in vacm_access_rule_index_decode()
717 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ) in vacm_access_rule_index_decode()
718 return (-1); in vacm_access_rule_index_decode()
720 for (i = 0; i < oid->subs[sub]; i++) in vacm_access_rule_index_decode()
721 cprefix[i] = oid->subs[sub + i + 1]; in vacm_access_rule_index_decode()
723 sub += strlen(cprefix) + 1; in vacm_access_rule_index_decode()
725 *smodel = oid->subs[sub++]; in vacm_access_rule_index_decode()
726 *slevel = oid->subs[sub]; in vacm_access_rule_index_decode()
732 vacm_get_access_rule(const struct asn_oid *oid, uint sub) in vacm_get_access_rule() argument
738 if (vacm_access_rule_index_decode(oid, sub, gname, prefix, &smodel, in vacm_get_access_rule()
744 if (strcmp(gname, acl->group->groupname) == 0 && in vacm_get_access_rule()
745 strcmp(prefix, acl->ctx_prefix) == 0 && in vacm_get_access_rule()
746 smodel == acl->sec_model && slevel == acl->sec_level) in vacm_get_access_rule()
753 vacm_get_next_access_rule(const struct asn_oid *oid __unused, uint sub __unused) in vacm_get_next_access_rule()
759 if (oid->len - sub == 0) in vacm_get_next_access_rule()
762 if (vacm_access_rule_index_decode(oid, sub, gname, prefix, &smodel, in vacm_get_next_access_rule()
768 if (strcmp(gname, acl->group->groupname) == 0 && in vacm_get_next_access_rule()
769 strcmp(prefix, acl->ctx_prefix) == 0 && in vacm_get_next_access_rule()
770 smodel == acl->sec_model && slevel == acl->sec_model) in vacm_get_next_access_rule()
777 vacm_view_index_decode(const struct asn_oid *oid, uint sub, char *vname, in vacm_view_index_decode() argument
783 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ) in vacm_view_index_decode()
784 return (-1); in vacm_view_index_decode()
786 for (i = 0; i < oid->subs[sub]; i++) in vacm_view_index_decode()
787 vname[i] = oid->subs[sub + i + 1]; in vacm_view_index_decode()
790 viod_off = sub + oid->subs[sub] + 1; in vacm_view_index_decode()
791 if ((view_oid->len = oid->subs[viod_off]) > ASN_MAXOIDLEN) in vacm_view_index_decode()
792 return (-1); in vacm_view_index_decode()
794 memcpy(&view_oid->subs[0], &oid->subs[viod_off + 1], in vacm_view_index_decode()
795 view_oid->len * sizeof(view_oid->subs[0])); in vacm_view_index_decode()
801 vacm_append_viewindex(struct asn_oid *oid, uint sub, const struct vacm_view *view) in vacm_append_viewindex() argument
805 oid->len = sub + strlen(view->viewname) + 1; in vacm_append_viewindex()
806 oid->subs[sub] = strlen(view->viewname); in vacm_append_viewindex()
807 for (i = 1; i <= strlen(view->viewname); i++) in vacm_append_viewindex()
808 oid->subs[sub + i] = view->viewname[i - 1]; in vacm_append_viewindex()
810 sub += strlen(view->viewname) + 1; in vacm_append_viewindex()
811 oid->subs[sub] = view->subtree.len; in vacm_append_viewindex()
812 oid->len++; in vacm_append_viewindex()
813 asn_append_oid(oid, &view->subtree); in vacm_append_viewindex()
817 vacm_get_view(const struct asn_oid *oid, uint sub) in vacm_get_view() argument
823 if (vacm_view_index_decode(oid, sub, vname, &subtree) < 0) in vacm_get_view()
827 if (strcmp(vname, view->viewname) == 0 && in vacm_get_view()
828 asn_compare_oid(&subtree, &view->subtree)== 0) in vacm_get_view()
835 vacm_get_next_view(const struct asn_oid *oid, uint sub) in vacm_get_next_view() argument
841 if (oid->len - sub == 0) in vacm_get_next_view()
844 if (vacm_view_index_decode(oid, sub, vname, &subtree) < 0) in vacm_get_next_view()
848 if (strcmp(vname, view->viewname) == 0 && in vacm_get_next_view()
849 asn_compare_oid(&subtree, &view->subtree)== 0) in vacm_get_next_view()
861 if (strlen(view->viewname) == len && in vacm_get_view_by_name()
862 memcmp(octets, view->viewname, len) == 0) in vacm_get_view_by_name()
869 vacm_get_context(const struct asn_oid *oid, uint sub) in vacm_get_context() argument
876 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ) in vacm_get_context()
881 if (index_decode(oid, sub, index_count, &cname, &cnamelen)) in vacm_get_context()
886 if (strcmp(cname, vacm_ctx->ctxname) == 0) in vacm_get_context()
893 vacm_get_next_context(const struct asn_oid *oid, uint sub) in vacm_get_next_context() argument
900 if (oid->len - sub == 0) in vacm_get_next_context()
903 if (oid->subs[sub] >= SNMP_ADM_STR32_SIZ) in vacm_get_next_context()
908 if (index_decode(oid, sub, index_count, &cname, &cnamelen)) in vacm_get_next_context()
913 if (strcmp(cname, vacm_ctx->ctxname) == 0) in vacm_get_next_context()
920 vacm_append_ctxindex(struct asn_oid *oid, uint sub, in vacm_append_ctxindex() argument
925 oid->len = sub + strlen(ctx->ctxname) + 1; in vacm_append_ctxindex()
926 oid->subs[sub] = strlen(ctx->ctxname); in vacm_append_ctxindex()
927 for (i = 1; i <= strlen(ctx->ctxname); i++) in vacm_append_ctxindex()
928 oid->subs[sub + i] = ctx->ctxname[i - 1]; in vacm_append_ctxindex()
942 /* XXX: TODO - initialize structures */ in vacm_init()
952 /* XXX: TODO - cleanup */ in vacm_fini()
968 "The MIB module for managing SNMP View-based Access Control Model.", in vacm_start()
988 vacmctx->ctxname, vacmctx->regid); in vacm_dump()
993 syslog(LOG_ERR, "Uname %s, Group %s, model %d", vuser->secname, in vacm_dump()
994 vuser->group!= NULL?vuser->group->groupname:"Unknown", in vacm_dump()
995 vuser->sec_model); in vacm_dump()
1001 "RV %s, WR %s, NV %s", vacl->group!=NULL? in vacm_dump()
1002 vacl->group->groupname:"Unknown", vacl->ctx_prefix, in vacm_dump()
1003 vacl->sec_model, vacl->sec_level, vacl->read_view!=NULL? in vacm_dump()
1004 vacl->read_view->viewname:"None", vacl->write_view!=NULL? in vacm_dump()
1005 vacl->write_view->viewname:"None", vacl->notify_view!=NULL? in vacm_dump()
1006 vacl->notify_view->viewname:"None"); in vacm_dump()
1010 syslog(LOG_ERR, "View %s, Tree %s - %s", view->viewname, in vacm_dump()
1011 asn_oid2str_r(&view->subtree, oidbuf), view->exclude? in vacm_dump()
1016 "This module implements SNMP View-based Access Control Model defined in RFC 3415.";