org.snmp4j.agent.mo.snmp.VacmMIB Maven / Gradle / Ivy
/*_############################################################################
_##
_## SNMP4J-Agent 3 - VacmMIB.java
_##
_## Copyright (C) 2005-2021 Frank Fock (SNMP4J.org)
_##
_## Licensed under the Apache License, Version 2.0 (the "License");
_## you may not use this file except in compliance with the License.
_## You may obtain a copy of the License at
_##
_## http://www.apache.org/licenses/LICENSE-2.0
_##
_## Unless required by applicable law or agreed to in writing, software
_## distributed under the License is distributed on an "AS IS" BASIS,
_## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
_## See the License for the specific language governing permissions and
_## limitations under the License.
_##
_##########################################################################*/
package org.snmp4j.agent.mo.snmp;
import java.util.*;
import org.snmp4j.log.*;
import org.snmp4j.agent.*;
import org.snmp4j.agent.mo.*;
import org.snmp4j.agent.mo.util.*;
import org.snmp4j.agent.security.*;
import org.snmp4j.mp.MessageProcessingModel;
import org.snmp4j.security.*;
import org.snmp4j.smi.*;
/**
* This concrete implementation of the SNMP-VIEW-BASED-ACM-MIB (RFC 3415). The configuration of the view access model
* can be changed programmatically (see {@link MutableVACM}) or via SNMP but an initial configuration must be created
* programmatically in order to allow any access to the agent via SNMP.
*
* @author Frank Fock
* @version 3.5
*/
public class VacmMIB implements MOGroup, MutableVACM {
private static final LogAdapter logger = LogFactory.getLogger(VacmMIB.class);
public static final OID vacmContextEntryOID =
new OID(new int[]{1, 3, 6, 1, 6, 3, 16, 1, 1, 1});
public static final int colVacmGroupName = 3;
public static final int colVacmSecurityToGroupStorageType = 4;
public static final int colVacmSecurityToGroupRowStatus = 5;
public static final int idxVacmGroupName = 0;
public static final int idxVacmSecurityToGroupStorageType = 1;
public static final int idxVacmSecurityToGroupRowStatus = 2;
public static final OID vacmSecurityToGroupEntryOID =
new OID(new int[]{1, 3, 6, 1, 6, 3, 16, 1, 2, 1});
public static final int colVacmAccessContextMatch = 4;
public static final int colVacmAccessReadViewName = 5;
public static final int colVacmAccessWriteViewName = 6;
public static final int colVacmAccessNotifyViewName = 7;
public static final int colVacmAccessStorageType = 8;
public static final int colVacmAccessRowStatus = 9;
// private static final int idxVacmAccessGroupName = 0;
public static final int idxVacmAccessContextPrefix = 1;
public static final int idxVacmAccessSecurityModel = 2;
public static final int idxVacmAccessSecurityLevel = 3;
public static final int idxVacmAccessContextMatch = 0;
public static final int idxVacmAccessReadViewName = 1;
public static final int idxVacmAccessWriteViewName = 2;
public static final int idxVacmAccessNotifyViewName = 3;
public static final int idxVacmAccessStorageType = 4;
public static final int idxVacmAccessRowStatus = 5;
public static final OID vacmAccessEntryOID =
new OID(new int[]{1, 3, 6, 1, 6, 3, 16, 1, 4, 1});
public static final int vacmExactMatch = MutableVACM.VACM_MATCH_EXACT;
public static final int vacmPrefixMatch = MutableVACM.VACM_MATCH_PREFIX;
public static final OID vacmViewSpinLockOID =
new OID(new int[]{1, 3, 6, 1, 6, 3, 16, 1, 5, 1, 0});
public static final int colVacmViewTreeFamilyMask = 3;
public static final int colVacmViewTreeFamilyType = 4;
public static final int colVacmViewTreeFamilyStorageType = 5;
public static final int colVacmViewTreeFamilyRowStatus = 6;
// private static final int idxVacmViewTreeViewName = 0;
public static final int idxVacmViewTreeSubtree = 1;
public static final int idxVacmViewTreeFamilyMask = 0;
public static final int idxVacmViewTreeFamilyType = 1;
public static final int idxVacmViewTreeFamilyStorageType = 2;
public static final int idxVacmViewTreeFamilyRowStatus = 3;
public static final OID vacmViewTreeFamilyEntryOID =
new OID(new int[]{1, 3, 6, 1, 6, 3, 16, 1, 5, 2, 1});
public static final int vacmViewIncluded = MutableVACM.VACM_VIEW_INCLUDED;
public static final int vacmViewExcluded = MutableVACM.VACM_VIEW_EXCLUDED;
private static final int[] vacmViewTreeFamilyTypeValues = {
vacmViewIncluded, vacmViewExcluded
};
private static MOTableSubIndex[] vacmViewTreeFamilyIndexes =
new MOTableSubIndex[]{
new MOTableSubIndex(SMIConstants.SYNTAX_OCTET_STRING, 1, 32),
new MOTableSubIndex(SMIConstants.SYNTAX_OBJECT_IDENTIFIER, 0, 96)
};
private static MOTableIndex vacmViewTreeFamilyIndex =
new MOTableIndex(vacmViewTreeFamilyIndexes);
private static MOTableSubIndex[] vacmAccessIndexes = new MOTableSubIndex[]{
new MOTableSubIndex(SMIConstants.SYNTAX_OCTET_STRING, 1, 32),
new MOTableSubIndex(SMIConstants.SYNTAX_OCTET_STRING, 0, 32),
new MOTableSubIndex(SMIConstants.SYNTAX_INTEGER, 1, 1),
new MOTableSubIndex(SMIConstants.SYNTAX_INTEGER, 1, 1)
};
private MOTableIndex vacmAccessIndex =
new MOTableIndex(vacmAccessIndexes) {
public boolean isValidIndex(OID index) {
boolean ok = super.isValidIndex(index);
if (ok) {
Integer32 secModel = new Integer32(index.get(index.size() - 2));
int secModelID = secModel.getValue();
if ((secModelID > SecurityModel.SECURITY_MODEL_SNMPv2c) &&
(securityModels.getSecurityModel(secModel) == null)) {
return false;
}
int secLevel = index.get(index.size() - 1);
if ((secLevel < 1) || (secLevel > 3)) {
return false;
}
}
return ok;
}
};
private MOServer[] server;
@SuppressWarnings("rawtypes")
private DefaultMOTable vacmContextTable;
@SuppressWarnings("rawtypes")
private DefaultMOTable>
vacmSecurityToGroupTable;
private DefaultMOMutableTableModel vacmSecurityToGroupTableModel;
@SuppressWarnings("rawtypes")
private DefaultMOTable>
vacmAccessTable;
private DefaultMOMutableTableModel vacmAccessTableModel;
private TestAndIncr vacmViewSpinLock;
@SuppressWarnings("rawtypes")
private DefaultMOTable>
vacmViewTreeFamilyTable;
private DefaultMOMutableTableModel vacmViewTreeFamilyTableModel;
private SecurityModels securityModels;
public VacmMIB(MOServer[] server) {
this.server = server;
createVacmContextTable();
createVacmSecuritToGroupTable();
createVacmAccessTable();
createVacmViewTreeFamilyTable();
vacmViewSpinLock = new TestAndIncr(vacmViewSpinLockOID);
securityModels = SecurityModels.getInstance();
}
public VacmMIB(MOServer[] server, SecurityModels securityModels) {
this(server);
this.securityModels = securityModels;
}
public void registerMOs(MOServer server, OctetString context) throws
DuplicateRegistrationException {
server.register(vacmContextTable, context);
server.register(vacmSecurityToGroupTable, context);
server.register(vacmAccessTable, context);
server.register(vacmViewSpinLock, context);
server.register(vacmViewTreeFamilyTable, context);
}
private void createVacmContextTable() {
MOTableSubIndex[] vacmContextTableIndexes = new MOTableSubIndex[]{
new MOTableSubIndex(SMIConstants.SYNTAX_OCTET_STRING, 0, 32)};
MOTableIndex vacmContextTableIndex =
new MOTableIndex(vacmContextTableIndexes);
MOColumn>[] vacmContextColumns = new MOColumn>[]{
new MOColumn(1, SMIConstants.SYNTAX_OCTET_STRING, MOAccessImpl.ACCESS_READ_ONLY)};
this.vacmContextTable = new DefaultMOTable<>(vacmContextEntryOID, vacmContextTableIndex, vacmContextColumns);
this.vacmContextTable.setVolatile(true);
this.vacmContextTable.setModel(new VacmContextTableModel());
}
private void createVacmSecuritToGroupTable() {
MOTableSubIndex[] vacmSecurityToGroupIndexes = new MOTableSubIndex[]{
new MOTableSubIndex(SMIConstants.SYNTAX_INTEGER, 1, 1),
new MOTableSubIndex(SMIConstants.SYNTAX_OCTET_STRING, 1, 32)};
MOTableIndex vacmSecurityToGroupIndex =
new MOTableIndex(vacmSecurityToGroupIndexes) {
public boolean isValidIndex(OID index) {
boolean ok = super.isValidIndex(index);
int securityModel = index.get(0);
if (ok && (securityModel > SecurityModel.SECURITY_MODEL_SNMPv2c)) {
if (securityModels.getSecurityModel(new Integer32(securityModel)) == null) {
return false;
}
}
return ok;
}
};
MOColumn>[] vacmSecurityToGroupColumns = new MOColumn>[]{
new SnmpAdminString(colVacmGroupName,
MOAccessImpl.ACCESS_READ_CREATE, null, true, 1, 32),
new StorageType(colVacmSecurityToGroupStorageType,
MOAccessImpl.ACCESS_READ_CREATE,
new Integer32(StorageType.nonVolatile), true),
new RowStatus<>(colVacmSecurityToGroupRowStatus)
};
this.vacmSecurityToGroupTable =
new DefaultMOTable<>(vacmSecurityToGroupEntryOID, vacmSecurityToGroupIndex, vacmSecurityToGroupColumns);
vacmSecurityToGroupTableModel = new DefaultMOMutableTableModel<>();
vacmSecurityToGroupTableModel.setRowFactory(new DefaultMOMutableRow2PCFactory());
this.vacmSecurityToGroupTable.setModel(vacmSecurityToGroupTableModel);
}
private void createVacmAccessTable() {
MOColumn>[] vacmAccessColumns = new MOColumn>[]{
new Enumerated(colVacmAccessContextMatch,
SMIConstants.SYNTAX_INTEGER32,
MOAccessImpl.ACCESS_READ_CREATE,
new Integer32(vacmExactMatch), true,
new int[]{vacmExactMatch, vacmPrefixMatch}),
new SnmpAdminString(colVacmAccessReadViewName,
MOAccessImpl.ACCESS_READ_CREATE,
new OctetString(), true, 0, 32),
new SnmpAdminString(colVacmAccessWriteViewName,
MOAccessImpl.ACCESS_READ_CREATE,
new OctetString(), true, 0, 32),
new SnmpAdminString(colVacmAccessNotifyViewName,
MOAccessImpl.ACCESS_READ_CREATE,
new OctetString(), true, 0, 32),
new StorageType(colVacmAccessStorageType,
MOAccessImpl.ACCESS_READ_CREATE,
new Integer32(StorageType.nonVolatile), true),
new RowStatus(colVacmAccessRowStatus)
};
vacmAccessTable = new DefaultMOTable<>(vacmAccessEntryOID, vacmAccessIndex, vacmAccessColumns);
vacmAccessTableModel = new DefaultMOMutableTableModel();
vacmAccessTableModel.setRowFactory(new DefaultMOMutableRow2PCFactory());
vacmAccessTable.setModel(vacmAccessTableModel);
}
private void createVacmViewTreeFamilyTable() {
MOColumn>[] vacmViewTreeFamilyColumns = new MOColumn>[]{
new SnmpAdminString(colVacmViewTreeFamilyMask,
MOAccessImpl.ACCESS_READ_CREATE,
new OctetString(), true, 0, 16),
new Enumerated(colVacmViewTreeFamilyType,
SMIConstants.SYNTAX_INTEGER32,
MOAccessImpl.ACCESS_READ_CREATE,
new Integer32(vacmViewIncluded), true,
vacmViewTreeFamilyTypeValues),
new StorageType(colVacmViewTreeFamilyStorageType,
MOAccessImpl.ACCESS_READ_CREATE,
new Integer32(StorageType.nonVolatile), true),
new RowStatus(colVacmViewTreeFamilyRowStatus)
};
vacmViewTreeFamilyTable =
new DefaultMOTable<>(vacmViewTreeFamilyEntryOID, vacmViewTreeFamilyIndex, vacmViewTreeFamilyColumns);
vacmViewTreeFamilyTableModel = new DefaultMOMutableTableModel<>();
vacmViewTreeFamilyTableModel.setRowFactory(new DefaultMOMutableRow2PCFactory());
vacmViewTreeFamilyTable.setModel(vacmViewTreeFamilyTableModel);
}
public void unregisterMOs(MOServer server, OctetString context) {
server.unregister(this.vacmContextTable, context);
server.unregister(this.vacmSecurityToGroupTable, context);
server.unregister(this.vacmAccessTable, context);
server.unregister(vacmViewSpinLock, context);
server.unregister(vacmViewTreeFamilyTable, context);
}
public int isAccessAllowed(OctetString context, OctetString securityName,
int securityModel, int securityLevel, int viewType,
OID oid) {
if (logger.isDebugEnabled()) {
logger.debug("VACM access requested for context=" + context +
", securityName=" + securityName +
", securityModel=" + securityModel +
", securityLevel=" + securityLevel +
", viewType=" + viewType +
", OID=" + oid);
}
boolean supported = isContextSupported(context);
if (!supported) {
if (logger.isDebugEnabled()) {
logger.debug("Context '" + context + "' ist not supported");
}
return VACM.VACM_NO_SUCH_CONTEXT;
}
OctetString groupName = getGroupName(securityName, securityModel);
if (groupName == null) {
if (logger.isDebugEnabled()) {
logger.debug("No group name for securityName=" + securityName +
" and securityModel=" + securityModel);
}
return VACM.VACM_NO_GROUP_NAME;
}
OctetString viewName = getViewNameByGroup(context, securityModel,
securityLevel, viewType,
groupName);
if (viewName == null) {
return VACM.VACM_NO_ACCESS_ENTRY;
}
if (viewName.length() == 0) {
return VACM.VACM_NO_SUCH_VIEW;
}
return isAccessAllowed(viewName, oid);
}
private boolean isContextSupported(OctetString context) {
boolean supported = false;
for (MOServer aServer : server) {
if (aServer.isContextSupported(context)) {
supported = true;
break;
}
}
return supported;
}
public OctetString getViewName(OctetString context,
OctetString securityName,
int securityModel,
int securityLevel,
int viewType) {
OctetString groupName = getGroupName(securityName, securityModel);
if (groupName == null) {
return null;
}
return getViewNameByGroup(context, securityModel, securityLevel,
viewType, groupName);
}
private OctetString getViewNameByGroup(OctetString context, int securityModel,
int securityLevel, int viewType,
OctetString groupName) {
List accessEntries = getAccessEntries(groupName);
if (logger.isDebugEnabled()) {
logger.debug("Got views " + accessEntries +
" for group name '" + groupName + "'");
}
MOTableRow possibleMatch = null;
boolean foundExactContextMatch = false;
boolean foundMatchedSecModel = false;
int foundContextPrefixLength = 0;
int foundSecLevel = 0;
for (MOTableRow accessEntry : accessEntries) {
if (((Integer32) accessEntry.getValue(idxVacmAccessRowStatus)).getValue() !=
RowStatus.active) {
continue;
}
Variable[] indexValues = vacmAccessIndex.getIndexValues(accessEntry.getIndex());
OctetString rowContext =
(OctetString) indexValues[idxVacmAccessContextPrefix];
int rowSecurityModel =
((Integer32) indexValues[idxVacmAccessSecurityModel]).getValue();
int rowSecurityLevel =
((Integer32) indexValues[idxVacmAccessSecurityLevel]).getValue();
int rowContextMatch =
((Integer32) accessEntry.getValue(idxVacmAccessContextMatch)).getValue();
boolean exactContextMatch = rowContext.equals(context);
boolean prefixMatch = (!exactContextMatch) &&
((rowContextMatch == vacmPrefixMatch) &&
(context.startsWith(rowContext)));
boolean matchSecModel = (rowSecurityModel == securityModel)
|| (rowSecurityModel == SecurityModel.SECURITY_MODEL_ANY);
boolean matchSecLevel = (rowSecurityLevel <= securityLevel);
if (logger.isDebugEnabled()) {
logger.debug("Matching against access entry " + accessEntry +
" with exactContextMatch=" + exactContextMatch +
", prefixMatch=" + prefixMatch +
", matchSecModel=" + matchSecModel +
" and matchSecLevel=" + matchSecLevel);
}
if ((exactContextMatch || prefixMatch) &&
(matchSecModel) &&
matchSecLevel) {
// check better match
if ((possibleMatch == null) ||
(((!foundMatchedSecModel) && (matchSecModel)) ||
(((!foundMatchedSecModel) || (matchSecModel)) &&
((!foundExactContextMatch) && (exactContextMatch)) ||
((((!foundExactContextMatch) || (exactContextMatch)) &&
(foundContextPrefixLength < rowContext.length())) ||
((foundContextPrefixLength == rowContext.length()) &&
(foundSecLevel < rowSecurityLevel)))))) {
possibleMatch = accessEntry;
foundExactContextMatch = exactContextMatch;
if (prefixMatch) {
foundContextPrefixLength = rowContext.length();
}
foundMatchedSecModel = matchSecModel;
foundSecLevel = rowSecurityLevel;
}
}
}
if (possibleMatch != null) {
OctetString viewName = null;
switch (viewType) {
case VACM.VIEW_READ: {
viewName =
(OctetString) possibleMatch.getValue(idxVacmAccessReadViewName);
break;
}
case VACM.VIEW_WRITE: {
viewName = (OctetString)
possibleMatch.getValue(idxVacmAccessWriteViewName);
break;
}
case VACM.VIEW_NOTIFY: {
viewName = (OctetString)
possibleMatch.getValue(idxVacmAccessNotifyViewName);
break;
}
}
if (logger.isDebugEnabled()) {
logger.debug("Matching view found for group name '" + groupName + "' is '" +
viewName + "'");
}
return viewName;
}
return null;
}
private OctetString getGroupName(OctetString securityName, int securityModel) {
OID index = new OID();
index.append(securityModel);
index.append(securityName.toSubIndex(false));
MOTableRow row = vacmSecurityToGroupTableModel.getRow(index);
if (row != null) {
OctetString groupName = (OctetString) row.getValue(idxVacmGroupName);
if (logger.isDebugEnabled()) {
logger.debug("Found group name '" + groupName + "' for secName '" +
securityName + "' and secModel " + securityModel);
}
return groupName;
}
if (logger.isDebugEnabled()) {
logger.debug("No group found for secName '" + securityName + "' and secModel " + securityModel);
}
return null;
}
public int isAccessAllowed(OctetString viewName, OID oid) {
List views = getViews(viewName);
if (views.size() == 0) {
if (logger.isDebugEnabled()) {
logger.debug("No view tree family entry for view '" + viewName + "'");
}
return VACM.VACM_NO_SUCH_VIEW;
}
// iterate from back to forth because the views list must be ordered by
// subtree length (view name is the same for all entries) which is the
// criteria to find the appropriate view access entry.
for (int v = views.size() - 1; v >= 0; v--) {
MOTableRow row = views.get(v);
if (((Integer32) row.getValue(idxVacmViewTreeFamilyRowStatus)).getValue() !=
RowStatus.active) {
// only active rows are relevant
continue;
}
OID index = row.getIndex();
Variable[] indexValues = vacmViewTreeFamilyIndex.getIndexValues(index);
OID subtree = (OID) indexValues[idxVacmViewTreeSubtree];
if (oid.size() < subtree.size()) {
// no match
continue;
}
OctetString mask = (OctetString) row.getValue(idxVacmViewTreeFamilyMask);
boolean match = true;
for (int i = 0; i < subtree.size(); i++) {
if ((subtree.get(i) != oid.get(i)) && isBitSet(i, mask)) {
match = false;
break;
}
}
if (match) {
// we found the matching entry
if (((Integer32) row.getValue(idxVacmViewTreeFamilyType)).getValue() ==
vacmViewIncluded) {
if (logger.isDebugEnabled()) {
logger.debug("Access allowed for view '" + viewName + "' by subtree " +
subtree + " for OID " + oid + " and mask " + mask.toHexString());
}
return VACM.VACM_OK;
} else {
// excluded
if (logger.isDebugEnabled()) {
logger.debug("Access denied for view '" + viewName + "' by subtree " +
subtree + " for OID " + oid + " and mask " + mask.toHexString());
}
return VACM.VACM_NOT_IN_VIEW;
}
}
}
return VACM.VACM_NOT_IN_VIEW;
}
/**
* Adds a security model and name to group name mapping to this VACM. Any already existing mapping for the security
* name and model will be silently replaced.
*
* @param securityModel
* the security model.
* @param securityName
* the security name.
* @param groupName
* the group name.
* @param storageType
* the storage type for the new entry.
*/
public void addGroup(int securityModel, OctetString securityName,
OctetString groupName, int storageType) {
OID index = createGroupIndex(securityModel, securityName);
Variable[] values = new Variable[vacmSecurityToGroupTable.getColumnCount()];
values[idxVacmGroupName] = groupName;
values[idxVacmSecurityToGroupStorageType] = new Integer32(storageType);
values[idxVacmSecurityToGroupRowStatus] = new Integer32(RowStatus.active);
DefaultMOMutableRow2PC row = vacmSecurityToGroupTable.createRow(index, values);
vacmSecurityToGroupTable.addRow(row);
}
private static OID createGroupIndex(int securityModel,
OctetString securityName) {
OID index = new OID();
index.append(securityModel);
index.append(securityName.toSubIndex(false));
return index;
}
/**
* Removes a security model and name to group name mapping from this VACM.
*
* @param securityModel
* the security model.
* @param securityName
* the security name.
*
* @return {@code true} when the entry has been removed or false
* if such a mapping could not be found.
*/
public boolean removeGroup(int securityModel, OctetString securityName) {
OID index = createGroupIndex(securityModel, securityName);
return (vacmSecurityToGroupTable.removeRow(index) != null);
}
@Override
public boolean hasSecurityToGroupMapping(int securityModel, OctetString securityName) {
OID index = createGroupIndex(securityModel, securityName);
return vacmSecurityToGroupTableModel.containsRow(index);
}
/**
* Adds an access entry to this VACM and thus adds access rights for a group.
*
* @param groupName
* the group for which access rights are to be added.
* @param contextPrefix
* the context or context prefix.
* @param securityModel
* the security model
* @param securityLevel
* the security level
* @param match
* indicates whether exact context match ({@link #vacmExactMatch}) or prefix context match ({@link
* #vacmPrefixMatch}) should be used by the new entry.
* @param readView
* the view name for read access (use a zero length OctetString to disable access).
* @param writeView
* the view name for write access (use a zero length OctetString to disable access).
* @param notifyView
* the view name for notify access (use a zero length OctetString to disable access).
* @param storageType
* the {@link StorageType} for this access entry.
*/
public void addAccess(OctetString groupName, OctetString contextPrefix,
int securityModel, int securityLevel,
int match,
OctetString readView, OctetString writeView,
OctetString notifyView, int storageType) {
OID index = createAccessIndex(groupName, contextPrefix, securityModel,
securityLevel);
Variable[] values = new Variable[vacmAccessTable.getColumnCount()];
values[idxVacmAccessContextMatch] = new Integer32(match);
values[idxVacmAccessReadViewName] = readView;
values[idxVacmAccessWriteViewName] = writeView;
values[idxVacmAccessNotifyViewName] = notifyView;
values[idxVacmAccessStorageType] = new Integer32(storageType);
values[idxVacmAccessRowStatus] = new Integer32(RowStatus.active);
vacmAccessTable.addRow(vacmAccessTableModel.createRow(index, values));
}
/**
* Removes an access entry from this VACM.
*
* @param groupName
* the group for which access rights are to be added.
* @param contextPrefix
* the context or context prefix.
* @param securityModel
* the security model
* @param securityLevel
* the security level
*
* @return {@code true} when the entry has been removed or false
* if no such entry could be found.
*/
public boolean removeAccess(OctetString groupName, OctetString contextPrefix,
int securityModel, int securityLevel) {
OID index = createAccessIndex(groupName, contextPrefix, securityModel,
securityLevel);
return (vacmAccessTable.removeRow(index) != null);
}
@Override
public int accessEntryCount(OctetString groupName) {
OID lowerBound = groupName.toSubIndex(false);
OID upperBound = new OID(lowerBound).nextPeer();
return vacmAccessTableModel.getRows(lowerBound, upperBound).size();
}
private static OID createAccessIndex(OctetString groupName,
OctetString contextPrefix,
int securityModel, int securityLevel) {
OID index = groupName.toSubIndex(false);
if (contextPrefix == null) {
index.append(0);
} else {
index.append(contextPrefix.toSubIndex(false));
}
index.append(securityModel);
index.append(securityLevel);
return index;
}
/**
* Adds a new view to this VACM. An already existing entry with the same view name and subtree OID will be replaced
* silently.
*
* @param viewName
* the view name.
* @param subtree
* the subtree OID.
* @param mask
* the bit mask which, in combination with {@code subtree}, defines a family of view subtrees.
* @param type
* indicates whether the view defined by {@code subtree} and
* {@code mask} is included ({@link #vacmViewIncluded}) or excluded
* (@link #vacmViewExcluded}) from the MIB view.
* @param storageType
* the {@link StorageType} for this access entry.
*/
public void addViewTreeFamily(OctetString viewName, OID subtree,
OctetString mask, int type, int storageType) {
OID index = createViewIndex(viewName, subtree);
Variable[] values = new Variable[vacmViewTreeFamilyTable.getColumnCount()];
values[idxVacmViewTreeFamilyMask] = mask;
values[idxVacmViewTreeFamilyType] = new Integer32(type);
values[idxVacmViewTreeFamilyStorageType] = new Integer32(storageType);
values[idxVacmViewTreeFamilyRowStatus] = new Integer32(RowStatus.active);
DefaultMOMutableRow2PC row = vacmViewTreeFamilyTableModel.createRow(index, values);
vacmViewTreeFamilyTable.addRow(row);
}
/**
* Removes a view tree family from this VACM.
*
* @param viewName
* the view name.
* @param subtree
* the subtree OID.
*
* @return {@code true} when the entry has been removed or false
* if no such entry could be found.
*/
public boolean removeViewTreeFamily(OctetString viewName, OID subtree) {
OID index = createViewIndex(viewName, subtree);
return (vacmViewTreeFamilyTable.removeRow(index) != null);
}
@Override
public int viewTreeFamilyEntryCount(OctetString viewName) {
OID lowerBound = viewName.toSubIndex(false);
OID upperBound = new OID(lowerBound).nextPeer();
return vacmViewTreeFamilyTableModel.getRows(lowerBound, upperBound).size();
}
private static OID createViewIndex(OctetString viewName, OID subtree) {
OID index = viewName.toSubIndex(false);
index.append(subtree.toSubIndex(false));
return index;
}
/**
* Checks whether bit n of the supplied OctetString is set or not.
*
* @param n
* denotes the bit to check starting from zero.
* @param os
* OctetString
*
* @return boolean
*/
public static boolean isBitSet(final int n, final OctetString os) {
return (os.length() <= n / 8) || ((os.get(n / 8) & (0x01 << (7 - (n % 8)))) > 0);
}
private List getAccessEntries(OctetString groupName) {
OctetString upperBound = new OctetString(groupName);
byte last = -1;
if (upperBound.length() > 0) {
last = upperBound.get(upperBound.length() - 1);
}
if (last == -1) {
upperBound.append((byte) 0);
} else {
upperBound.set(upperBound.length() - 1, (byte) (last + 1));
}
OID lowerOID = groupName.toSubIndex(false);
OID upperOID = upperBound.toSubIndex(false);
return vacmAccessTableModel.getRows(lowerOID, upperOID);
}
protected List getViews(OctetString viewName) {
if (viewName.length() == 0) {
return Collections.emptyList();
}
OctetString upperBound = new OctetString(viewName);
byte last = upperBound.get(upperBound.length() - 1);
if (last == -1) {
upperBound.append((byte) 0);
} else {
upperBound.set(upperBound.length() - 1, (byte) (last + 1));
}
OID lowerOID = viewName.toSubIndex(false);
OID upperOID = upperBound.toSubIndex(false);
return vacmViewTreeFamilyTableModel.getRows(lowerOID, upperOID);
}
public static class VacmContextIterator implements Iterator {
private int index = 0;
private OctetString[] contexts;
VacmContextIterator(OctetString[] contexts, int offset) {
this.contexts = contexts;
this.index = offset;
}
public void remove() {
throw new UnsupportedOperationException();
}
public boolean hasNext() {
return (index < contexts.length);
}
public MOTableRow next() {
if (index < contexts.length) {
OctetString context = contexts[index++];
return new DefaultMOTableRow(context.toSubIndex(false),
new Variable[]{context});
}
throw new NoSuchElementException();
}
}
@SuppressWarnings("rawtypes")
public DefaultMOTable>
getVacmSecurityToGroupTable() {
return vacmSecurityToGroupTable;
}
@SuppressWarnings("rawtypes")
DefaultMOTable>
getVacmViewTreeFamilyTable() {
return vacmViewTreeFamilyTable;
}
private static OctetString getContextFromIndex(OID index) {
if (index.size() > 0) {
return new OctetString(index.toByteArray(), 1, index.size() - 1);
}
return new OctetString();
}
class VacmContextTableModel implements MOTableModel {
public int getColumnCount() {
return 1;
}
public int getRowCount() {
int n = 0;
for (MOServer aServer : server) {
n += aServer.getContexts().length;
}
return n;
}
@Override
public boolean isEmpty() {
for (MOServer aServer : server) {
if (aServer.getContexts().length > 0) {
return false;
}
}
return true;
}
public boolean containsRow(OID index) {
return isContextSupported(getContextFromIndex(index));
}
public MOTableRow getRow(OID index) {
if (index == null) {
return null;
}
OctetString context = getContextFromIndex(index);
if (isContextSupported(context)) {
return new DefaultMOTableRow(index, new Variable[]{context});
}
return null;
}
public Iterator iterator() {
return tailIterator(new OID());
}
public Iterator tailIterator(OID lowerBound) {
OctetString[] contexts = getContexts();
if (contexts == null) {
return new VacmContextIterator(new OctetString[0], 0);
}
Arrays.sort(contexts, new LexicographicOctetStringComparator());
int offset = 0;
if (lowerBound != null) {
offset = Arrays.binarySearch(contexts, getContextFromIndex(lowerBound));
}
if (offset < 0) {
offset = -(offset + 1);
}
return new VacmContextIterator(contexts, offset);
}
private OctetString[] getContexts() {
ArrayList ctx = new ArrayList();
for (MOServer aServer : server) {
ctx.addAll(Arrays.asList(aServer.getContexts()));
}
return ctx.toArray(new OctetString[ctx.size()]);
}
public OID lastIndex() {
OctetString[] contexts = getContexts();
if ((contexts == null) || (contexts.length == 0)) {
return null;
}
Arrays.sort(contexts, new LexicographicOctetStringComparator());
return contexts[contexts.length - 1].toSubIndex(false);
}
public OID firstIndex() {
OctetString[] contexts = getContexts();
if ((contexts == null) || (contexts.length == 0)) {
return null;
}
Arrays.sort(contexts, new LexicographicOctetStringComparator());
return contexts[0].toSubIndex(false);
}
public MOTableRow firstRow() {
return getRow(firstIndex());
}
public MOTableRow lastRow() {
return getRow(lastIndex());
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy