%% %% %CopyrightBegin% %% %% Copyright Ericsson AB 1999-2010. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in %% compliance with the License. You should have received a copy of the %% Erlang Public License along with this software. If not, it can be %% retrieved online at http://www.erlang.org/. %% %% Software distributed under the License is distributed on an "AS IS" %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See %% the License for the specific language governing rights and limitations %% under the License. %% %% %CopyrightEnd% %% -module(snmpa_vacm). -export([get_mib_view/5]). -export([init/1, init/2, backup/1]). -export([delete/1, get_row/1, get_next_row/1, insert/1, insert/2, cleanup/0, dump_table/0]). -include("SNMPv2-TC.hrl"). -include("SNMP-VIEW-BASED-ACM-MIB.hrl"). -include("SNMP-FRAMEWORK-MIB.hrl"). -include("snmp_types.hrl"). -include("snmpa_vacm.hrl"). -define(VMODULE,"VACM"). -include("snmp_verbosity.hrl"). %%%----------------------------------------------------------------- %%% Access Control Module for VACM (see also snmpa_acm) %%% This module implements: %%% 1. access control functions for VACM %%% 2. vacmAccessTable as an ordered ets table %%% %%% This version of VACM handles v1, v2c and v3. %%%----------------------------------------------------------------- %%%----------------------------------------------------------------- %%% 1. access control functions for VACM %%%----------------------------------------------------------------- %%----------------------------------------------------------------- %% Func: get_mib_view/5 -> {ok, ViewName} | %% {discarded, Reason} %% Types: ViewType = read | write | notify %% SecModel = ?SEC_* (see snmp_types.hrl) %% SecName = string() %% SecLevel = ?'SnmpSecurityLevel_*' (see SNMP-FRAMEWORK-MIB.hrl) %% ContextName = string() %% Purpose: This function is used to map VACM parameters to a mib %% view. %%----------------------------------------------------------------- get_mib_view(ViewType, SecModel, SecName, SecLevel, ContextName) -> check_auth(catch auth(ViewType, SecModel, SecName, SecLevel, ContextName)). %% Follows the procedure in rfc2275 auth(ViewType, SecModel, SecName, SecLevel, ContextName) -> % 3.2.1 - Check that the context is known to us ?vdebug("check that the context (~p) is known to us",[ContextName]), case snmp_view_based_acm_mib:vacmContextTable(get, ContextName, [?vacmContextName]) of [_Found] -> ok; _ -> snmpa_mpd:inc(snmpUnknownContexts), throw({discarded, noSuchContext}) end, % 3.2.2 - Check that the SecModel and SecName is valid ?vdebug("check that SecModel (~p) and SecName (~p) is valid", [SecModel,SecName]), GroupName = case snmp_view_based_acm_mib:get(vacmSecurityToGroupTable, [SecModel, length(SecName) | SecName], [?vacmGroupName, ?vacmSecurityToGroupStatus]) of [{value, GN}, {value, ?'RowStatus_active'}] -> GN; [{value, _GN}, {value, RowStatus}] -> ?vlog("valid SecModel and SecName but wrong row status:" "~n RowStatus: ~p", [RowStatus]), throw({discarded, noGroupName}); _ -> throw({discarded, noGroupName}) end, % 3.2.3-4 - Find an access entry and its view name ?vdebug("find an access entry and its view name",[]), ViewName = case get_view_name(ViewType, GroupName, ContextName, SecModel, SecLevel) of {ok, VN} -> VN; Error -> throw(Error) end, % 3.2.5a - Find the corresponding mib view ?vdebug("find the corresponding mib view (for ~p)",[ViewName]), get_mib_view(ViewName). check_auth({'EXIT', Error}) -> exit(Error); check_auth({discarded, Reason}) -> {discarded, Reason}; check_auth(Res) -> {ok, Res}. %%----------------------------------------------------------------- %% Returns a list of {ViewSubtree, ViewMask, ViewType} %% The view table is index by ViewIndex, ViewSubtree, %% so a next on ViewIndex returns the first %% key in the table >= ViewIndex. %%----------------------------------------------------------------- get_mib_view(ViewName) -> ViewKey = [length(ViewName) | ViewName], case snmp_view_based_acm_mib:table_next(vacmViewTreeFamilyTable, ViewKey) of endOfTable -> {discarded, noSuchView}; Indexes -> case split_prefix(ViewKey, Indexes) of {ok, Subtree} -> loop_mib_view(ViewKey, Subtree, Indexes, []); false -> {discarded, noSuchView} end end. split_prefix([H|T], [H|T2]) -> split_prefix(T,T2); split_prefix([], Rest) -> {ok, Rest}; split_prefix(_, _) -> false. %% ViewName is including length from now on loop_mib_view(ViewName, Subtree, Indexes, MibView) -> [{value, Mask}, {value, Type}, {value, Status}] = snmp_view_based_acm_mib:vacmViewTreeFamilyTable( get, Indexes, [?vacmViewTreeFamilyMask, ?vacmViewTreeFamilyType, ?vacmViewTreeFamilyStatus]), NextMibView = case Status of ?'RowStatus_active' -> [_Length | Tree] = Subtree, [{Tree, Mask, Type} | MibView]; _ -> MibView end, case snmp_view_based_acm_mib:table_next(vacmViewTreeFamilyTable, Indexes) of endOfTable -> NextMibView; NextIndexes -> case split_prefix(ViewName, NextIndexes) of {ok, NextSubTree} -> loop_mib_view(ViewName, NextSubTree, NextIndexes, NextMibView); false -> NextMibView end end. %%%----------------------------------------------------------------- %%% 1b. The ordered ets table that implements vacmAccessTable %%%----------------------------------------------------------------- init(Dir) -> init(Dir, terminate). init(Dir, InitError) -> FName = filename:join(Dir, "snmpa_vacm.db"), case file:read_file_info(FName) of {ok, _} -> %% File exists - we must check this, since ets doesn't tell %% us the reason in case of error... case ets:file2tab(FName) of {ok, _Tab} -> gc_tab([]); {error, Reason} -> user_err("Corrupt VACM database ~p", [FName]), case InitError of terminate -> throw({error, {file2tab, FName, Reason}}); _ -> %% Rename old file (for later analyzes) Saved = FName ++ ".saved", file:rename(FName, Saved), ets:new(snmpa_vacm, [public, ordered_set, named_table]) end end; {error, _} -> ets:new(snmpa_vacm, [public, ordered_set, named_table]) end, ets:insert(snmp_agent_table, {snmpa_vacm_file, FName}), {ok, FName}. backup(BackupDir) -> BackupFile = filename:join(BackupDir, "snmpa_vacm.db"), ets:tab2file(snmpa_vacm, BackupFile). %% Ret: {ok, ViewName} | {error, Reason} get_view_name(ViewType, GroupName, ContextName, SecModel, SecLevel) -> GroupKey = [length(GroupName) | GroupName], case get_access_row(GroupKey, ContextName, SecModel, SecLevel) of undefined -> {discarded, noAccessEntry}; Row -> ?vtrace("get_view_name -> Row: ~n ~p", [Row]), ViewName = case ViewType of read -> element(?vacmAReadViewName, Row); write -> element(?vacmAWriteViewName, Row); notify -> element(?vacmANotifyViewName, Row) end, case ViewName of "" -> ?vtrace("get_view_name -> not found when" "~n ViewType: ~p" "~n GroupName: ~p" "~n ContextName: ~p" "~n SecModel: ~p" "~n SecLevel: ~p", [ViewType, GroupName, ContextName, SecModel, SecLevel]), {discarded, noSuchView}; _ -> {ok, ViewName} end end. get_row(Key) -> case ets:lookup(snmpa_vacm, Key) of [{_Key, Row}] -> {ok, Row}; _ -> false end. get_next_row(Key) -> case ets:next(snmpa_vacm, Key) of '$end_of_table' -> false; NextKey -> case ets:lookup(snmpa_vacm, NextKey) of [Entry] -> Entry; _ -> false end end. insert(Entries) -> insert(Entries, true). insert(Entries, Dump) -> lists:foreach(fun(Entry) -> ets:insert(snmpa_vacm, Entry) end, Entries), dump_table(Dump). delete(Key) -> ets:delete(snmpa_vacm, Key), dump_table(). cleanup() -> ets:delete_all_objects(snmpa_vacm). dump_table(true) -> dump_table(); dump_table(_) -> ok. dump_table() -> [{_, FName}] = ets:lookup(snmp_agent_table, snmpa_vacm_file), TmpName = FName ++ ".tmp", case ets:tab2file(snmpa_vacm, TmpName) of ok -> case file:rename(TmpName, FName) of ok -> ok; Else -> % What is this? Undocumented return code... user_err("Warning: could not move VACM db ~p" " (~p)", [FName, Else]) end; {error, Reason} -> user_err("Warning: could not save vacm db ~p (~p)", [FName, Reason]) end. %%----------------------------------------------------------------- %% Alg. %% Procedure is defined in the descr. of vacmAccessTable. %% %% for (each entry with matching group name, context, secmodel and seclevel) %% { %% rate the entry; if it's score is > prev max score, keep it %% } %% %% Rating: The procedure says to keep entries in order %% 1. matching secmodel ('any'(0) or same(1) is ok) %% 2. matching contextprefix (exact(1) or prefix(0) is ok) %% 3. longest prefix (0..32) %% 4. highest secLevel (noAuthNoPriv(0) < authNoPriv(1) < authPriv(2)) %% We give each entry a single rating number according to this order. %% The number is chosen so that a higher number gives a better %% entry, according to the order above. %% The number is: %% secLevel + (3 * prefix_len) + (99 * match_prefix) + (198 * match_secmodel) %% %% Optimisation: Maybe the most common case is that there %% is just one matching entry, and it matches exact. We could do %% an exact lookup for this entry; if we find one, use it, otherwise %% perform this alg. %%----------------------------------------------------------------- get_access_row(GroupKey, ContextName, SecModel, SecLevel) -> %% First, try the optimisation... ExactKey = GroupKey ++ [length(ContextName) | ContextName] ++ [SecModel,SecLevel], case ets:lookup(snmpa_vacm, ExactKey) of [{_Key, Row}] -> Row; _ -> % Otherwise, perform the alg get_access_row(GroupKey, GroupKey, ContextName, SecModel, SecLevel, 0, undefined) end. get_access_row(Key, GroupKey, ContextName, SecModel, SecLevel, Score, Found) -> case get_next_row(Key) of {NextKey, Row} when element(?vacmAStatus, Row) == ?'RowStatus_active'-> case catch score(NextKey, GroupKey, ContextName, element(?vacmAContextMatch, Row), SecModel, SecLevel) of {ok, NScore} when NScore > Score -> get_access_row(NextKey, GroupKey, ContextName, SecModel, SecLevel, NScore, Row); {ok, _} -> % e.g. a throwed {ok, 0} get_access_row(NextKey, GroupKey, ContextName, SecModel, SecLevel, Score, Found); false -> Found end; {NextKey, _InvalidRow} -> get_access_row(NextKey, GroupKey, ContextName, SecModel, SecLevel, Score, Found); false -> Found end. score(Key, GroupKey, ContextName, Match, SecModel, SecLevel) -> [CtxLen | Rest1] = chop_off_group(GroupKey, Key), {NPrefix, [VSecModel, VSecLevel]} = chop_off_context(ContextName, Rest1, 0, CtxLen, Match), %% Make sure the vacmSecModel is valid (any or matching) NSecModel = case VSecModel of SecModel -> 198; ?SEC_ANY -> 0; _ -> throw({ok, 0}) end, %% Make sure the vacmSecLevel is less than the requested NSecLevel = if VSecLevel =< SecLevel -> VSecLevel - 1; true -> throw({ok, 0}) end, {ok, NSecLevel + 3*CtxLen + NPrefix + NSecModel}. chop_off_group([H|T], [H|T2]) -> chop_off_group(T, T2); chop_off_group([], Rest) -> Rest; chop_off_group(_, _) -> throw(false). chop_off_context([H|T], [H|T2], Cnt, Len, Match) when Cnt < Len -> chop_off_context(T, T2, Cnt+1, Len, Match); chop_off_context([], Rest, _Len, _Len, _Match) -> %% We have exact match; don't care about Match {99, Rest}; chop_off_context(_, Rest, Len, Len, ?vacmAccessContextMatch_prefix) -> %% We have a prefix match {0, Rest}; chop_off_context(_Ctx, _Rest, _Cnt, _Len, _Match) -> %% Otherwise, it didn't match! throw({ok, 0}). gc_tab(Oid) -> case get_next_row(Oid) of {NextOid, Row} -> case element(?vacmAStorageType, Row) of ?'StorageType_volatile' -> ets:delete(snmpa_vacm, NextOid), gc_tab(NextOid); _ -> gc_tab(NextOid) end; false -> ok end. user_err(F, A) -> snmpa_error:user_err(F, A). % config_err(F, A) -> % snmpa_error:config_err(F, A).