diff options
author | elie <elie> | 2013-01-05 20:25:51 +0000 |
---|---|---|
committer | elie <elie> | 2013-01-05 20:25:51 +0000 |
commit | d91859555152f060f2305265ff235cc2c2513afa (patch) | |
tree | fd5f06fa028469a75b454c119eb5c8a61f097620 /pysnmp/proto/acmod | |
parent | 24d1327c26299d29b45390c437e57d26fd5c1234 (diff) | |
download | pysnmp-git-d91859555152f060f2305265ff235cc2c2513afa.tar.gz |
VACM modules converted from a function into an object to let it keep
state (caches) in the future
Diffstat (limited to 'pysnmp/proto/acmod')
-rw-r--r-- | pysnmp/proto/acmod/rfc3415.py | 178 | ||||
-rw-r--r-- | pysnmp/proto/acmod/void.py | 26 |
2 files changed, 101 insertions, 103 deletions
diff --git a/pysnmp/proto/acmod/rfc3415.py b/pysnmp/proto/acmod/rfc3415.py index 02cd269d..05386b0f 100644 --- a/pysnmp/proto/acmod/rfc3415.py +++ b/pysnmp/proto/acmod/rfc3415.py @@ -3,111 +3,109 @@ from pysnmp.smi.error import NoSuchInstanceError from pysnmp.proto import errind, error from pysnmp import debug -accessModelID = 3 - __powOfTwoSeq = [128, 64, 32, 16, 8, 4, 2, 1] # 3.2 -def isAccessAllowed( - snmpEngine, - securityModel, - securityName, - securityLevel, - viewType, - contextName, - variableName): - mibInstrumController = snmpEngine.msgAndPduDsp.mibInstrumController +class Vacm: + accessModelID = 3 + def isAccessAllowed(self, + snmpEngine, + securityModel, + securityName, + securityLevel, + viewType, + contextName, + variableName): + mibInstrumController = snmpEngine.msgAndPduDsp.mibInstrumController - debug.logger & debug.flagACL and debug.logger('isAccessAllowed: securityModel %s, securityName %s, securityLevel %s, viewType %s, contextName %s for variableName %s' % (securityModel, securityName, securityLevel, viewType, contextName, variableName)) + debug.logger & debug.flagACL and debug.logger('isAccessAllowed: securityModel %s, securityName %s, securityLevel %s, viewType %s, contextName %s for variableName %s' % (securityModel, securityName, securityLevel, viewType, contextName, variableName)) - # 3.2.1 - vacmContextEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmContextEntry') - tblIdx = vacmContextEntry.getInstIdFromIndices(contextName) - try: - vacmContextName = vacmContextEntry.getNode( - vacmContextEntry.name + (1,) + tblIdx + # 3.2.1 + vacmContextEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmContextEntry') + tblIdx = vacmContextEntry.getInstIdFromIndices(contextName) + try: + vacmContextName = vacmContextEntry.getNode( + vacmContextEntry.name + (1,) + tblIdx ).syntax - except NoSuchInstanceError: - raise error.StatusInformation(errorIndication=errind.noSuchContext) + except NoSuchInstanceError: + raise error.StatusInformation(errorIndication=errind.noSuchContext) - # 3.2.2 - vacmSecurityToGroupEntry, = mibInstrumController.mibBuilder.importSymbols( - 'SNMP-VIEW-BASED-ACM-MIB', 'vacmSecurityToGroupEntry' - ) - tblIdx = vacmSecurityToGroupEntry.getInstIdFromIndices( - securityModel, securityName + # 3.2.2 + vacmSecurityToGroupEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmSecurityToGroupEntry') + tblIdx = vacmSecurityToGroupEntry.getInstIdFromIndices( + securityModel, securityName ) - try: - vacmGroupName = vacmSecurityToGroupEntry.getNode( - vacmSecurityToGroupEntry.name + (3,) + tblIdx + try: + vacmGroupName = vacmSecurityToGroupEntry.getNode( + vacmSecurityToGroupEntry.name + (3,) + tblIdx ).syntax - except NoSuchInstanceError: - raise error.StatusInformation(errorIndication=errind.noGroupName) + except NoSuchInstanceError: + raise error.StatusInformation(errorIndication=errind.noGroupName) - # 3.2.3 - vacmAccessEntry, = mibInstrumController.mibBuilder.importSymbols( - 'SNMP-VIEW-BASED-ACM-MIB', 'vacmAccessEntry' + # 3.2.3 + vacmAccessEntry, = mibInstrumController.mibBuilder.importSymbols( + 'SNMP-VIEW-BASED-ACM-MIB', 'vacmAccessEntry' ) - # XXX partial context name match - tblIdx = vacmAccessEntry.getInstIdFromIndices( - vacmGroupName, contextName, securityModel, securityLevel + # XXX partial context name match + tblIdx = vacmAccessEntry.getInstIdFromIndices( + vacmGroupName, contextName, securityModel, securityLevel ) - # 3.2.4 - if viewType == 'read': - entryIdx = vacmAccessEntry.name + (5,) + tblIdx - elif viewType == 'write': - entryIdx = vacmAccessEntry.name + (6,) + tblIdx - elif viewType == 'notify': - entryIdx = vacmAccessEntry.name + (7,) + tblIdx - else: - raise error.ProtocolError('Unknown view type %s' % viewType) + # 3.2.4 + if viewType == 'read': + entryIdx = vacmAccessEntry.name + (5,) + tblIdx + elif viewType == 'write': + entryIdx = vacmAccessEntry.name + (6,) + tblIdx + elif viewType == 'notify': + entryIdx = vacmAccessEntry.name + (7,) + tblIdx + else: + raise error.ProtocolError('Unknown view type %s' % viewType) - try: - viewName = vacmAccessEntry.getNode(entryIdx).syntax - except NoSuchInstanceError: - raise error.StatusInformation(errorIndication=errind.noAccessEntry) - if not len(viewName): - raise error.StatusInformation(errorIndication=errind.noSuchView) + try: + viewName = vacmAccessEntry.getNode(entryIdx).syntax + except NoSuchInstanceError: + raise error.StatusInformation(errorIndication=errind.noAccessEntry) + if not len(viewName): + raise error.StatusInformation(errorIndication=errind.noSuchView) - # XXX split onto object & instance ? - - # 3.2.5a - vacmViewTreeFamilyEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmViewTreeFamilyEntry') - tblIdx = vacmViewTreeFamilyEntry.getInstIdFromIndices(viewName) + # XXX split onto object & instance ? + + # 3.2.5a + vacmViewTreeFamilyEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmViewTreeFamilyEntry') + tblIdx = vacmViewTreeFamilyEntry.getInstIdFromIndices(viewName) - # Walk over entries - initialTreeName = treeName = vacmViewTreeFamilyEntry.name + (2,) + tblIdx - maskName = vacmViewTreeFamilyEntry.name + (3,) + tblIdx - while 1: - vacmViewTreeFamilySubtree = vacmViewTreeFamilyEntry.getNextNode( - treeName + # Walk over entries + initialTreeName = treeName = vacmViewTreeFamilyEntry.name + (2,) + tblIdx + maskName = vacmViewTreeFamilyEntry.name + (3,) + tblIdx + while 1: + vacmViewTreeFamilySubtree = vacmViewTreeFamilyEntry.getNextNode( + treeName ) - vacmViewTreeFamilyMask = vacmViewTreeFamilyEntry.getNextNode( - maskName + vacmViewTreeFamilyMask = vacmViewTreeFamilyEntry.getNextNode( + maskName ) - treeName = vacmViewTreeFamilySubtree.name - maskName = vacmViewTreeFamilyMask.name - if initialTreeName != treeName[:len(initialTreeName)]: - # 3.2.5b - raise error.StatusInformation(errorIndication=errind.notInView) - l = len(vacmViewTreeFamilySubtree.syntax) - if l > len(variableName): - continue - if vacmViewTreeFamilyMask.syntax: - mask = [] - for c in vacmViewTreeFamilyMask.syntax.asNumbers(): - mask = mask + [ b&c for b in __powOfTwoSeq ] - m = len(mask)-1 - idx = l-1 - while idx: - if idx > m or mask[idx] and \ - vacmViewTreeFamilySubtree.syntax[idx] != variableName[idx]: - break - idx = idx - 1 - if idx: continue # no match - else: # no mask - if vacmViewTreeFamilySubtree.syntax != variableName[:l]: - continue # no match - # 3.2.5c - return error.StatusInformation(errorIndication=errind.accessAllowed) + treeName = vacmViewTreeFamilySubtree.name + maskName = vacmViewTreeFamilyMask.name + if initialTreeName != treeName[:len(initialTreeName)]: + # 3.2.5b + raise error.StatusInformation(errorIndication=errind.notInView) + l = len(vacmViewTreeFamilySubtree.syntax) + if l > len(variableName): + continue + if vacmViewTreeFamilyMask.syntax: + mask = [] + for c in vacmViewTreeFamilyMask.syntax.asNumbers(): + mask = mask + [ b&c for b in __powOfTwoSeq ] + m = len(mask)-1 + idx = l-1 + while idx: + if idx > m or mask[idx] and \ + vacmViewTreeFamilySubtree.syntax[idx] != variableName[idx]: + break + idx = idx - 1 + if idx: continue # no match + else: # no mask + if vacmViewTreeFamilySubtree.syntax != variableName[:l]: + continue # no match + # 3.2.5c + return error.StatusInformation(errorIndication=errind.accessAllowed) diff --git a/pysnmp/proto/acmod/void.py b/pysnmp/proto/acmod/void.py index 19055f24..dfd7da61 100644 --- a/pysnmp/proto/acmod/void.py +++ b/pysnmp/proto/acmod/void.py @@ -1,19 +1,19 @@ # Void Access Control Model from pysnmp.proto import errind, error -accessModelID = 0 - # rfc3415 3.2 -def isAccessAllowed( - snmpEngine, - securityModel, - securityName, - securityLevel, - viewType, - contextName, - variableName): +class Vacm: + accessModelID = 0 + def isAccessAllowed(self, + snmpEngine, + securityModel, + securityName, + securityLevel, + viewType, + contextName, + variableName): - debug.logger & debug.flagACL and debug.logger('isAccessAllowed: viewType %s for variableName %s - OK' % (viewType, variableName)) + debug.logger & debug.flagACL and debug.logger('isAccessAllowed: viewType %s for variableName %s - OK' % (viewType, variableName)) - # rfc3415 3.2.5c - return error.StatusInformation(errorIndication=errind.accessAllowed) + # rfc3415 3.2.5c + return error.StatusInformation(errorIndication=errind.accessAllowed) |