VACM modules converted from a function into an object to let it keep

state (caches) in the future
2013-01-05 20:25:51 +00:00 · 2013-01-05 20:25:51 +00:00 · d918595551
parent 24d1327c26
commit d918595551
4 changed files with 114 additions and 114 deletions
--- a/CHANGES.txt
+++ b/CHANGES.txt
@ -25,6 +25,8 @@ Revision 4.2.4
 - I/O sockets buffer sizes made configurable, minimum default is now 
  forced to be no less than 2**17 (to fit two huge datagrams).
 - Catch possible exceptions on pyasn1 encoder invocation.
+- VACM modules converted from a function into an object to let it keep
+  state (caches) in the future.
 - Unnecessary *MibSource explicit initialization calls removed at MibBuilder.
 - Example configuration for Net-SNMP's snmptrapd added.
 - Cast additionalVarBinds into ObjectIdentifier type at
--- a/pysnmp/entity/engine.py
+++ b/pysnmp/entity/engine.py
@ -25,23 +25,23 @@ class SnmpEngine:
            SnmpV2cMessageProcessingModel(),
            SnmpV3MessageProcessingModel.messageProcessingModelID:
            SnmpV3MessageProcessingModel()
-            }
+        }
        self.securityModels = {
            SnmpV1SecurityModel.securityModelID: SnmpV1SecurityModel(),
            SnmpV2cSecurityModel.securityModelID: SnmpV2cSecurityModel(),
            SnmpUSMSecurityModel.securityModelID: SnmpUSMSecurityModel()
-            }
+        }
        self.accessControlModel = {
-            void.accessModelID: void,
-            rfc3415.accessModelID: rfc3415
-            }
+            void.Vacm.accessModelID: void.Vacm(),
+            rfc3415.Vacm.accessModelID: rfc3415.Vacm()
+        }
        
        self.transportDispatcher = None
        
        if self.msgAndPduDsp.mibInstrumController is None:
            raise error.PySnmpError(
                'MIB instrumentation does not yet exist'
-                )
+            )
        snmpEngineMaxMessageSize, = self.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineMaxMessageSize')
        snmpEngineMaxMessageSize.syntax = snmpEngineMaxMessageSize.syntax.clone(maxMessageSize)
        snmpEngineBoots, = self.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineBoots')
@ -61,7 +61,7 @@ class SnmpEngine:
        ):
        self.msgAndPduDsp.receiveMessage(
            self, transportDomain, transportAddress, wholeMsg
-            )
+        )
                                         
    def __receiveTimerTickCbFun(self, timeNow):
        self.msgAndPduDsp.receiveTimerTick(self, timeNow)
@ -74,20 +74,20 @@ class SnmpEngine:
        if self.transportDispatcher is not None:
            raise error.PySnmpError(
                'Transport dispatcher already registered'
-                )
+            )
        transportDispatcher.registerRecvCbFun(
            self.__receiveMessageCbFun
-            )
+        )
        transportDispatcher.registerTimerCbFun(
            self.__receiveTimerTickCbFun
-            )        
+        )        
        self.transportDispatcher = transportDispatcher

    def unregisterTransportDispatcher(self):
        if self.transportDispatcher is None:
            raise error.PySnmpError(
                'Transport dispatcher not registered'
-                )
+            )
        self.transportDispatcher.unregisterRecvCbFun()
        self.transportDispatcher.unregisterTimerCbFun()
        self.transportDispatcher = None
--- a/pysnmp/proto/acmod/rfc3415.py
+++ b/pysnmp/proto/acmod/rfc3415.py
@ -3,111 +3,109 @@ from pysnmp.smi.error import NoSuchInstanceError
 from pysnmp.proto import errind, error
 from pysnmp import debug

-accessModelID = 3
-
 __powOfTwoSeq = [128, 64, 32, 16, 8, 4, 2, 1]

 # 3.2
-def isAccessAllowed(
-    snmpEngine,
-    securityModel,
-    securityName,
-    securityLevel,
-    viewType,
-    contextName,
-    variableName):
-    mibInstrumController = snmpEngine.msgAndPduDsp.mibInstrumController
+class Vacm:
+    accessModelID = 3
+    def isAccessAllowed(self,
+                        snmpEngine,
+                        securityModel,
+                        securityName,
+                        securityLevel,
+                        viewType,
+                        contextName,
+                        variableName):
+        mibInstrumController = snmpEngine.msgAndPduDsp.mibInstrumController

-    debug.logger & debug.flagACL and debug.logger('isAccessAllowed: securityModel %s, securityName %s, securityLevel %s, viewType %s, contextName %s for variableName %s' % (securityModel, securityName, securityLevel, viewType, contextName, variableName))
+        debug.logger & debug.flagACL and debug.logger('isAccessAllowed: securityModel %s, securityName %s, securityLevel %s, viewType %s, contextName %s for variableName %s' % (securityModel, securityName, securityLevel, viewType, contextName, variableName))

-    # 3.2.1
-    vacmContextEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmContextEntry')
-    tblIdx = vacmContextEntry.getInstIdFromIndices(contextName)
-    try:
-        vacmContextName = vacmContextEntry.getNode(
-            vacmContextEntry.name + (1,) + tblIdx
+        # 3.2.1
+        vacmContextEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmContextEntry')
+        tblIdx = vacmContextEntry.getInstIdFromIndices(contextName)
+        try:
+            vacmContextName = vacmContextEntry.getNode(
+                vacmContextEntry.name + (1,) + tblIdx
            ).syntax
-    except NoSuchInstanceError:
-        raise error.StatusInformation(errorIndication=errind.noSuchContext)    
+        except NoSuchInstanceError:
+            raise error.StatusInformation(errorIndication=errind.noSuchContext)

-    # 3.2.2
-    vacmSecurityToGroupEntry, = mibInstrumController.mibBuilder.importSymbols(
-        'SNMP-VIEW-BASED-ACM-MIB', 'vacmSecurityToGroupEntry'
+        # 3.2.2
+        vacmSecurityToGroupEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmSecurityToGroupEntry')
+        tblIdx = vacmSecurityToGroupEntry.getInstIdFromIndices(
+            securityModel, securityName
        )
-    tblIdx = vacmSecurityToGroupEntry.getInstIdFromIndices(
-        securityModel, securityName
-        )
-    try:
-        vacmGroupName = vacmSecurityToGroupEntry.getNode(
-            vacmSecurityToGroupEntry.name + (3,) + tblIdx
+        try:
+            vacmGroupName = vacmSecurityToGroupEntry.getNode(
+                vacmSecurityToGroupEntry.name + (3,) + tblIdx
            ).syntax
-    except NoSuchInstanceError:
-        raise error.StatusInformation(errorIndication=errind.noGroupName)
+        except NoSuchInstanceError:
+            raise error.StatusInformation(errorIndication=errind.noGroupName)

-    # 3.2.3
-    vacmAccessEntry, = mibInstrumController.mibBuilder.importSymbols(
-        'SNMP-VIEW-BASED-ACM-MIB', 'vacmAccessEntry'
+        # 3.2.3
+        vacmAccessEntry, = mibInstrumController.mibBuilder.importSymbols(
+            'SNMP-VIEW-BASED-ACM-MIB', 'vacmAccessEntry'
        )
-    # XXX partial context name match
-    tblIdx = vacmAccessEntry.getInstIdFromIndices(
-        vacmGroupName, contextName, securityModel, securityLevel
+        # XXX partial context name match
+        tblIdx = vacmAccessEntry.getInstIdFromIndices(
+            vacmGroupName, contextName, securityModel, securityLevel
        )

-    # 3.2.4
-    if viewType == 'read':
-        entryIdx = vacmAccessEntry.name + (5,) + tblIdx
-    elif viewType == 'write':
-        entryIdx = vacmAccessEntry.name + (6,) + tblIdx
-    elif viewType == 'notify':
-        entryIdx = vacmAccessEntry.name + (7,) + tblIdx
-    else:
-        raise error.ProtocolError('Unknown view type %s' % viewType)
+        # 3.2.4
+        if viewType == 'read':
+            entryIdx = vacmAccessEntry.name + (5,) + tblIdx
+        elif viewType == 'write':
+            entryIdx = vacmAccessEntry.name + (6,) + tblIdx
+        elif viewType == 'notify':
+            entryIdx = vacmAccessEntry.name + (7,) + tblIdx
+        else:
+            raise error.ProtocolError('Unknown view type %s' % viewType)

-    try:
-        viewName = vacmAccessEntry.getNode(entryIdx).syntax
-    except NoSuchInstanceError:
-        raise error.StatusInformation(errorIndication=errind.noAccessEntry)
-    if not len(viewName):
-        raise error.StatusInformation(errorIndication=errind.noSuchView)
+        try:
+            viewName = vacmAccessEntry.getNode(entryIdx).syntax
+        except NoSuchInstanceError:
+            raise error.StatusInformation(errorIndication=errind.noAccessEntry)
+        if not len(viewName):
+            raise error.StatusInformation(errorIndication=errind.noSuchView)

-    # XXX split onto object & instance ?
-    
-    # 3.2.5a
-    vacmViewTreeFamilyEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmViewTreeFamilyEntry')
-    tblIdx = vacmViewTreeFamilyEntry.getInstIdFromIndices(viewName)
+        # XXX split onto object & instance ?
+        
+        # 3.2.5a
+        vacmViewTreeFamilyEntry, = mibInstrumController.mibBuilder.importSymbols('SNMP-VIEW-BASED-ACM-MIB', 'vacmViewTreeFamilyEntry')
+        tblIdx = vacmViewTreeFamilyEntry.getInstIdFromIndices(viewName)

-    # Walk over entries
-    initialTreeName = treeName = vacmViewTreeFamilyEntry.name + (2,) + tblIdx
-    maskName = vacmViewTreeFamilyEntry.name + (3,) + tblIdx
-    while 1:
-        vacmViewTreeFamilySubtree = vacmViewTreeFamilyEntry.getNextNode(
-            treeName
+        # Walk over entries
+        initialTreeName = treeName = vacmViewTreeFamilyEntry.name + (2,) + tblIdx
+        maskName = vacmViewTreeFamilyEntry.name + (3,) + tblIdx
+        while 1:
+            vacmViewTreeFamilySubtree = vacmViewTreeFamilyEntry.getNextNode(
+                treeName
            )
-        vacmViewTreeFamilyMask = vacmViewTreeFamilyEntry.getNextNode(
-            maskName
+            vacmViewTreeFamilyMask = vacmViewTreeFamilyEntry.getNextNode(
+                maskName
            )
-        treeName = vacmViewTreeFamilySubtree.name
-        maskName = vacmViewTreeFamilyMask.name
-        if initialTreeName != treeName[:len(initialTreeName)]:
-            # 3.2.5b
-            raise error.StatusInformation(errorIndication=errind.notInView)
-        l = len(vacmViewTreeFamilySubtree.syntax)
-        if l > len(variableName):
-            continue
-        if vacmViewTreeFamilyMask.syntax:
-            mask = []
-            for c in vacmViewTreeFamilyMask.syntax.asNumbers():
-                mask = mask + [ b&c for b in __powOfTwoSeq ]
-            m = len(mask)-1
-            idx = l-1
-            while idx:
-                if idx > m or mask[idx] and \
-                   vacmViewTreeFamilySubtree.syntax[idx] != variableName[idx]:
-                    break
-                idx = idx - 1
-            if idx: continue # no match
-        else: # no mask
-            if vacmViewTreeFamilySubtree.syntax != variableName[:l]:
-                continue # no match
-        # 3.2.5c
-        return error.StatusInformation(errorIndication=errind.accessAllowed)
+            treeName = vacmViewTreeFamilySubtree.name
+            maskName = vacmViewTreeFamilyMask.name
+            if initialTreeName != treeName[:len(initialTreeName)]:
+                # 3.2.5b
+                raise error.StatusInformation(errorIndication=errind.notInView)
+            l = len(vacmViewTreeFamilySubtree.syntax)
+            if l > len(variableName):
+                continue
+            if vacmViewTreeFamilyMask.syntax:
+                mask = []
+                for c in vacmViewTreeFamilyMask.syntax.asNumbers():
+                    mask = mask + [ b&c for b in __powOfTwoSeq ]
+                m = len(mask)-1
+                idx = l-1
+                while idx:
+                    if idx > m or mask[idx] and \
+                       vacmViewTreeFamilySubtree.syntax[idx] != variableName[idx]:
+                        break
+                    idx = idx - 1
+                if idx: continue # no match
+            else: # no mask
+                if vacmViewTreeFamilySubtree.syntax != variableName[:l]:
+                    continue # no match
+            # 3.2.5c
+            return error.StatusInformation(errorIndication=errind.accessAllowed)
--- a/pysnmp/proto/acmod/void.py
+++ b/pysnmp/proto/acmod/void.py
@ -1,19 +1,19 @@
 # Void Access Control Model
 from pysnmp.proto import errind, error

-accessModelID = 0
-
 # rfc3415 3.2
-def isAccessAllowed(
-    snmpEngine,
-    securityModel,
-    securityName,
-    securityLevel,
-    viewType,
-    contextName,
-    variableName):
+class Vacm:
+    accessModelID = 0
+    def isAccessAllowed(self,
+                        snmpEngine,
+                        securityModel,
+                        securityName,
+                        securityLevel,
+                        viewType,
+                        contextName,
+                        variableName):

-    debug.logger & debug.flagACL and debug.logger('isAccessAllowed: viewType %s for variableName %s - OK' % (viewType, variableName))
+        debug.logger & debug.flagACL and debug.logger('isAccessAllowed: viewType %s for variableName %s - OK' % (viewType, variableName))

-    # rfc3415 3.2.5c
-    return error.StatusInformation(errorIndication=errind.accessAllowed)
+        # rfc3415 3.2.5c
+        return error.StatusInformation(errorIndication=errind.accessAllowed)