1. /*

  2.  * @(#)file      SnmpAcl.java

  3.  * @(#)author    Sun Microsystems, Inc.

  4.  * @(#)version   4.32

  5.  * @(#)date      04/09/15

  6.  *

  7.  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.

  8.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  9.  *

  10.  */

  11. 

  12. 

  13. package com.sun.jmx.snmp.IPAcl;

  14. 

  15. 

  16. 

  17. // java import

  18. //

  19. import java.io.Serializable;

  20. import java.io.File;

  21. import java.io.FileInputStream;

  22. import java.io.FileNotFoundException;

  23. import java.net.InetAddress;

  24. import java.net.UnknownHostException;

  25. import java.util.Hashtable;

  26. import java.util.Vector;

  27. import java.util.Enumeration;

  28. import java.util.HashSet;

  29. import java.security.acl.AclEntry; 

  30. import java.security.acl.NotOwnerException; 

  31. 

  32. // SNMP Runtime import

  33. //

  34. import com.sun.jmx.snmp.InetAddressAcl;

  35. import com.sun.jmx.trace.Trace;

  36. 

  37. /**

  38.  * Defines an implementation of the {@link com.sun.jmx.snmp.InetAddressAcl InetAddressAcl} interface.

  39.  * <p>

  40.  * In this implementation the ACL information is stored on a flat file and 

  41.  * its default location is "$JRE/lib/snmp.acl" - See 

  42.  * {@link #getDefaultAclFileName()}

  43.  * <p>

  44.  * <OL>

  45.   *

  46.  * <p><b>This API is a Sun Microsystems internal API  and is subject 

  47.  * to change without notice.</b></p>

  48.  * @version     4.32     12/19/03

  49.  * @author      Sun Microsystems, Inc

  50.  */

  51. 

  52. public class SnmpAcl implements InetAddressAcl, Serializable {

  53.   

  54.     static final PermissionImpl READ  = new PermissionImpl("READ"); 

  55.     static final PermissionImpl WRITE = new PermissionImpl("WRITE");

  56.   

  57.     /**

  58.      * Constructs the Java Dynamic Management(TM) Access Control List

  59.      * based on IP addresses. The ACL will take the given owner name.

  60.      * The current IP address will be the owner of the ACL.

  61.      *

  62.      * @param Owner The name of the ACL Owner.

  63.      *

  64.      * @exception UnknownHostException If the local host is unknown.

  65.      * @exception IllegalArgumentException If the ACL file doesn't exist.

  66.      */

  67.     public SnmpAcl(String Owner) 

  68. 	throws UnknownHostException, IllegalArgumentException {   

  69. 	this(Owner,null);

  70.     }

  71.   

  72.     /**

  73.      * Constructs the Java Dynamic Management(TM) Access Control List

  74.      * based on IP addresses. The ACL will take the given owner name.

  75.      * The current IP address will be the owner of the ACL.

  76.      *

  77.      * @param Owner The name of the ACL Owner.

  78.      * @param aclFileName The name of the ACL File.

  79.      *

  80.      * @exception UnknownHostException If the local host is unknown.

  81.      * @exception IllegalArgumentException If the ACL file doesn't exist.

  82.      */

  83.     public SnmpAcl(String Owner, String aclFileName) 

  84. 	throws UnknownHostException, IllegalArgumentException {   

  85.         trapDestList= new Hashtable();

  86.         informDestList= new Hashtable();

  87.         

  88.         // PrincipalImpl() take the current host as entry

  89.         owner = new PrincipalImpl();

  90.         try {

  91.             acl = new AclImpl(owner,Owner);

  92.             AclEntry ownEntry = new AclEntryImpl(owner);

  93.             ownEntry.addPermission(READ);

  94.             ownEntry.addPermission(WRITE);

  95.             acl.addEntry(owner,ownEntry);

  96.         } catch (NotOwnerException ex) {

  97.             if (isDebugOn()) {

  98.                 debug("constructor", 

  99. 		      "Should never get NotOwnerException as the owner"+

  100. 		      " is built in this constructor");

  101.             }

  102.         }

  103.         if (aclFileName == null) setDefaultFileName();

  104. 	else setAuthorizedListFile(aclFileName);

  105.         readAuthorizedListFile();

  106.     }

  107.   

  108.     /**

  109.      * Returns an enumeration of the entries in this ACL. Each element in the

  110.      * enumeration is of type <CODE>java.security.acl.AclEntry</CODE>.

  111.      *

  112.      * @return An enumeration of the entries in this ACL.

  113.      */

  114.     public Enumeration entries() {

  115.         return acl.entries();

  116.     }

  117.   

  118.     /**

  119.      * Returns ann enumeration of community strings. Community strings are returned as String.

  120.      * @return The enumeration of community strings.

  121.      */

  122.     public Enumeration communities() {

  123. 	HashSet set = new HashSet();

  124. 	Vector res = new Vector();

  125. 	for (Enumeration e = acl.entries() ; e.hasMoreElements() ;) {

  126. 	    AclEntryImpl entry = (AclEntryImpl) e.nextElement();

  127. 	    for (Enumeration cs = entry.communities(); 

  128. 		 cs.hasMoreElements() ;) {

  129. 		set.add((String) cs.nextElement());

  130. 	    }

  131. 	}

  132. 	Object[] objs = set.toArray();

  133. 	for(int i = 0; i < objs.length; i++)

  134. 	    res.addElement(objs[i]);

  135. 

  136. 	return res.elements();

  137.     }

  138. 

  139.     /**

  140.      * Returns the name of the ACL.

  141.      *

  142.      * @return The name of the ACL.

  143.      */

  144.     public String getName() {

  145.         return acl.getName();

  146.     }

  147.   

  148.     /**

  149.      * Returns the read permission instance used.

  150.      *

  151.      * @return The read permission instance.

  152.      */

  153.     static public PermissionImpl getREAD() {

  154.         return READ;

  155.     }

  156.   

  157.     /**

  158.      * Returns the write permission instance used.

  159.      *

  160.      * @return  The write permission instance.

  161.      */

  162.     static public PermissionImpl getWRITE() {

  163.         return WRITE;

  164.     }

  165.   

  166.     /**

  167.      * Get the default name for the ACL file.

  168.      * In this implementation this is "$JRE/lib/snmp.acl"

  169.      * @return The default name for the ACL file.

  170.      **/

  171.     public static String getDefaultAclFileName() {

  172. 	final String fileSeparator = 

  173. 	    System.getProperty("file.separator");

  174. 	final StringBuffer defaultAclName = 

  175. 	    new StringBuffer(System.getProperty("java.home")).

  176. 	    append(fileSeparator).append("lib").append(fileSeparator).

  177. 	    append("snmp.acl");

  178. 	return defaultAclName.toString();

  179.     }

  180. 

  181.     /**

  182.      * Sets the full path of the file containing the ACL information.

  183.      *

  184.      * @param filename The full path of the file containing the ACL information.

  185.      * @throws IllegalArgumentException If the passed ACL file doesn't exist.

  186.      */

  187.     public void setAuthorizedListFile(String filename) 

  188. 	throws IllegalArgumentException {

  189. 	File file = new File(filename);

  190. 	if (!file.isFile() ) {

  191. 	    if (isDebugOn()) {

  192. 		debug("setAuthorizedListFile", 

  193. 		      "ACL file not found: " + filename);

  194. 	    }

  195. 	    throw new 

  196. 		IllegalArgumentException("The specified file ["+file+"] "+

  197. 					 "doesn't exist or is not a file, "+

  198. 					 "no configuration loaded");

  199. 	}

  200.         if (isTraceOn()) {

  201.             trace("setAuthorizedListFile", "Default file set to " + filename);

  202.         }

  203.         authorizedListFile = filename;

  204.     }

  205.   

  206.     /**

  207.      * Resets this ACL to the values contained in the configuration file.

  208.      *

  209.      * @exception NotOwnerException If the principal attempting the reset is not an owner of this ACL.

  210.      * @exception UnknownHostException If IP addresses for hosts contained in the ACL file couldn't be found.

  211.      */

  212.     public void rereadTheFile() throws NotOwnerException, UnknownHostException {

  213.         alwaysAuthorized = false;

  214.         acl.removeAll(owner);

  215.         trapDestList.clear();

  216.         informDestList.clear();

  217.         AclEntry ownEntry = new AclEntryImpl(owner);

  218.         ownEntry.addPermission(READ);

  219.         ownEntry.addPermission(WRITE);  

  220.         acl.addEntry(owner,ownEntry);

  221.         readAuthorizedListFile();

  222.     }

  223.   

  224.     /**

  225.      * Returns the full path of the file used to get ACL information.

  226.      *

  227.      * @return The full path of the file used to get ACL information.

  228.      */

  229.     public String getAuthorizedListFile() {

  230.         return authorizedListFile;

  231.     }

  232.   

  233.     /**

  234.      * Checks whether or not the specified host has <CODE>READ</CODE> access.

  235.      *

  236.      * @param address The host address to check.

  237.      *

  238.      * @return <CODE>true</CODE> if the host has read permission, <CODE>false</CODE> otherwise.

  239.      */

  240.     public boolean checkReadPermission(InetAddress address) {

  241.         if (alwaysAuthorized) return ( true );

  242.         PrincipalImpl p = new PrincipalImpl(address);

  243.         return acl.checkPermission(p, READ);

  244.     }

  245.   

  246.     /**

  247.      * Checks whether or not the specified host and community have <CODE>READ</CODE> access.

  248.      *

  249.      * @param address The host address to check.

  250.      * @param community The community associated with the host.

  251.      *

  252.      * @return <CODE>true</CODE> if the pair (host, community) has read permission, <CODE>false</CODE> otherwise.

  253.      */

  254.     public boolean checkReadPermission(InetAddress address, String community) {

  255.         if (alwaysAuthorized) return ( true );

  256.         PrincipalImpl p = new PrincipalImpl(address);

  257.         return acl.checkPermission(p, community, READ);

  258.     }

  259.   

  260.     /**

  261.      * Checks whether or not a community string is defined.

  262.      *

  263.      * @param community The community to check.

  264.      *

  265.      * @return <CODE>true</CODE> if the community is known, <CODE>false</CODE> otherwise.

  266.      */

  267.     public boolean checkCommunity(String community) {

  268.         return acl.checkCommunity(community);

  269.     }

  270.   

  271.     /**

  272.      * Checks whether or not the specified host has <CODE>WRITE</CODE> access.

  273.      *

  274.      * @param address The host address to check.

  275.      *

  276.      * @return <CODE>true</CODE> if the host has write permission, <CODE>false</CODE> otherwise.

  277.      */

  278.     public boolean checkWritePermission(InetAddress address) {

  279.         if (alwaysAuthorized) return ( true );

  280.         PrincipalImpl p = new PrincipalImpl(address);

  281.         return acl.checkPermission(p, WRITE);

  282.     } 

  283. 

  284.     /**

  285.      * Checks whether or not the specified host and community have <CODE>WRITE</CODE> access.

  286.      *

  287.      * @param address The host address to check.

  288.      * @param community The community associated with the host.

  289.      *

  290.      * @return <CODE>true</CODE> if the pair (host, community) has write permission, <CODE>false</CODE> otherwise.

  291.      */

  292.     public boolean checkWritePermission(InetAddress address, String community) {

  293.         if (alwaysAuthorized) return ( true );

  294.         PrincipalImpl p = new PrincipalImpl(address);

  295.         return acl.checkPermission(p, community, WRITE);

  296.     } 

  297.   

  298.     /**

  299.      * Returns an enumeration of trap destinations.

  300.      *

  301.      * @return An enumeration of the trap destinations (enumeration of <CODE>InetAddress<CODE>).

  302.      */

  303.     public Enumeration getTrapDestinations() {

  304.         return trapDestList.keys();

  305.     }

  306.   

  307.     /**

  308.      * Returns an enumeration of trap communities for a given host.

  309.      *

  310.      * @param i The address of the host.

  311.      *

  312.      * @return An enumeration of trap communities for a given host (enumeration of <CODE>String<CODE>).

  313.      */

  314.     public Enumeration getTrapCommunities(InetAddress i) {

  315.         Vector list = null;

  316.         if ((list = (Vector)trapDestList.get(i)) != null ) {

  317.             if (isTraceOn()) {

  318.                 trace("getTrapCommunities", "["+i.toString()+"] is in list");

  319.             }

  320.             return list.elements();

  321.         } else {

  322.             list = new Vector();

  323.             if (isTraceOn()) {

  324.                 trace("getTrapCommunities", "["+i.toString()+"] is not in list");

  325.             }

  326.             return list.elements();

  327.         } 

  328.     }

  329.   

  330.     /**

  331.      * Returns an enumeration of inform destinations.

  332.      *

  333.      * @return An enumeration of the inform destinations (enumeration of <CODE>InetAddress<CODE>).

  334.      */

  335.     public Enumeration getInformDestinations() {

  336.         return informDestList.keys();

  337.     }

  338.   

  339.     /**

  340.      * Returns an enumeration of inform communities for a given host.

  341.      *

  342.      * @param i The address of the host.

  343.      *

  344.      * @return An enumeration of inform communities for a given host (enumeration of <CODE>String<CODE>).

  345.      */

  346.     public Enumeration getInformCommunities(InetAddress i) {

  347.         Vector list = null;

  348.         if ((list = (Vector)informDestList.get(i)) != null ) {

  349.             if (isTraceOn()) {

  350.                 trace("getInformCommunities", "["+i.toString()+"] is in list");

  351.             }

  352.             return list.elements();

  353.         } else {

  354.             list = new Vector();

  355.             if (isTraceOn()) {

  356.                 trace("getInformCommunities", "["+i.toString()+"] is not in list");

  357.             }

  358.             return list.elements();

  359.         } 

  360.     }

  361.   

  362.     /**

  363.      * Converts the input configuration file into ACL.

  364.      */

  365.     private void readAuthorizedListFile() {

  366. 

  367.         alwaysAuthorized = false;

  368. 

  369.         if (authorizedListFile == null) {

  370.             if (isTraceOn()) {

  371.                 trace("readAuthorizedListFile", "alwaysAuthorized set to true");

  372.             }

  373.             alwaysAuthorized = true ;

  374.         } else {

  375.             // Read the file content

  376.             Parser parser = null;  

  377.             try {

  378.                 parser= new Parser(new FileInputStream(getAuthorizedListFile()));

  379.             } catch (FileNotFoundException e) {

  380.                 if (isDebugOn()) {

  381.                     debug("readAuthorizedListFile", "The specified file was not found, authorize everybody");

  382.                 }

  383.                 alwaysAuthorized = true ;

  384.                 return;

  385.             }

  386.           

  387.             try {

  388.                 JDMSecurityDefs n = parser.SecurityDefs();

  389.                 n.buildAclEntries(owner, acl);

  390.                 n.buildTrapEntries(trapDestList);

  391.                 n.buildInformEntries(informDestList);

  392.             } catch (ParseException e) {

  393.                 if (isDebugOn()) {

  394.                     debug("readAuthorizedListFile", "Parsing exception " + e);

  395.                 }

  396. 		throw new IllegalArgumentException(e.getMessage());

  397.             } catch (Error err) {

  398.                 if (isDebugOn()) {

  399.                     debug("readAuthorizedListFile", "Error exception");

  400.                 }

  401. 		throw new IllegalArgumentException(err.getMessage());

  402.             }

  403.           

  404.             for(Enumeration e = acl.entries(); e.hasMoreElements();) {

  405.                 AclEntryImpl aa = (AclEntryImpl) e.nextElement();

  406.                 if (isTraceOn()) {

  407.                     trace("readAuthorizedListFile", "===> " + aa.getPrincipal().toString());

  408.                 }

  409.                 for (Enumeration eee = aa.permissions();eee.hasMoreElements();) {

  410.                     java.security.acl.Permission perm = (java.security.acl.Permission)eee.nextElement();

  411.                     if (isTraceOn()) {

  412.                         trace("readAuthorizedListFile", "perm = " + perm);

  413.                     }

  414.                 }

  415.             }

  416.         }

  417.     }

  418.   

  419.     /**

  420.      * Set the default full path for "snmp.acl" input file.

  421.      * Do not complain if the file does not exists.

  422.      */

  423.     private void setDefaultFileName() {

  424. 	try {

  425. 	    setAuthorizedListFile(getDefaultAclFileName());

  426. 	} catch (IllegalArgumentException x) {

  427. 	    // OK...

  428. 	}

  429.     }

  430.   

  431.     

  432.     // TRACES & DEBUG

  433.     //---------------

  434.     

  435.     boolean isTraceOn() {

  436.         return Trace.isSelected(Trace.LEVEL_TRACE, Trace.INFO_SNMP);

  437.     }

  438. 

  439.     void trace(String clz, String func, String info) {

  440.         Trace.send(Trace.LEVEL_TRACE, Trace.INFO_SNMP, clz, func, info);

  441.     }

  442. 

  443.     void trace(String func, String info) {

  444.         trace(dbgTag, func, info);

  445.     }

  446.     

  447.     boolean isDebugOn() {

  448.         return Trace.isSelected(Trace.LEVEL_DEBUG, Trace.INFO_SNMP);

  449.     }

  450. 

  451.     void debug(String clz, String func, String info) {

  452.         Trace.send(Trace.LEVEL_DEBUG, Trace.INFO_SNMP, clz, func, info);

  453.     }

  454. 

  455.     void debug(String func, String info) {

  456.         debug(dbgTag, func, info);

  457.     }

  458.     

  459.     String dbgTag = "SnmpAcl";

  460.     

  461.     // PRIVATE VARIABLES

  462.     //------------------

  463.     

  464.     /**

  465.      * Represents the Access Control List.

  466.      */

  467.     private AclImpl acl = null;

  468.     /**

  469.      * Flag indicating whether the access is always authorized.

  470.      * <BR>This is the case if there is no flat file defined.

  471.      */

  472.     private boolean alwaysAuthorized = false;

  473.     /**

  474.      * Represents the Access Control List flat file.

  475.      */

  476.     private String authorizedListFile = null;

  477.     /**

  478.      * Contains the hosts list for trap destination.

  479.      */

  480.     private Hashtable trapDestList = null;

  481.     /**

  482.      * Contains the hosts list for inform destination.

  483.      */

  484.     private Hashtable informDestList = null;

  485.     

  486.     private PrincipalImpl owner = null;

  487. }