/* * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package com.sun.jmx.snmp.IPAcl; // java import // import java.io.Serializable; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.net.InetAddress; import java.net.UnknownHostException; import java.util.Hashtable; import java.util.logging.Level; import java.util.Vector; import java.util.Enumeration; import java.util.HashSet; import java.security.acl.AclEntry; import java.security.acl.NotOwnerException; // SNMP Runtime import // import static com.sun.jmx.defaults.JmxProperties.SNMP_LOGGER; import com.sun.jmx.snmp.InetAddressAcl; /** * Defines an implementation of the {@link com.sun.jmx.snmp.InetAddressAcl InetAddressAcl} interface. *

* In this implementation the ACL information is stored on a flat file and * its default location is "$JRE/lib/snmp.acl" - See * {@link #getDefaultAclFileName()} *

*

    * *

    This API is a Sun Microsystems internal API and is subject * to change without notice.

    */ public class SnmpAcl implements InetAddressAcl, Serializable { private static final long serialVersionUID = -6702287103824397063L; static final PermissionImpl READ = new PermissionImpl("READ"); static final PermissionImpl WRITE = new PermissionImpl("WRITE"); /** * Constructs the Java Dynamic Management(TM) Access Control List * based on IP addresses. The ACL will take the given owner name. * The current IP address will be the owner of the ACL. * * @param Owner The name of the ACL Owner. * * @exception UnknownHostException If the local host is unknown. * @exception IllegalArgumentException If the ACL file doesn't exist. */ public SnmpAcl(String Owner) throws UnknownHostException, IllegalArgumentException { this(Owner,null); } /** * Constructs the Java Dynamic Management(TM) Access Control List * based on IP addresses. The ACL will take the given owner name. * The current IP address will be the owner of the ACL. * * @param Owner The name of the ACL Owner. * @param aclFileName The name of the ACL File. * * @exception UnknownHostException If the local host is unknown. * @exception IllegalArgumentException If the ACL file doesn't exist. */ public SnmpAcl(String Owner, String aclFileName) throws UnknownHostException, IllegalArgumentException { trapDestList= new Hashtable>(); informDestList= new Hashtable>(); // PrincipalImpl() take the current host as entry owner = new PrincipalImpl(); try { acl = new AclImpl(owner,Owner); AclEntry ownEntry = new AclEntryImpl(owner); ownEntry.addPermission(READ); ownEntry.addPermission(WRITE); acl.addEntry(owner,ownEntry); } catch (NotOwnerException ex) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "SnmpAcl(String,String)", "Should never get NotOwnerException as the owner " + "is built in this constructor"); } } if (aclFileName == null) setDefaultFileName(); else setAuthorizedListFile(aclFileName); readAuthorizedListFile(); } /** * Returns an enumeration of the entries in this ACL. Each element in the * enumeration is of type java.security.acl.AclEntry. * * @return An enumeration of the entries in this ACL. */ public Enumeration entries() { return acl.entries(); } /** * Returns ann enumeration of community strings. Community strings are returned as String. * @return The enumeration of community strings. */ public Enumeration communities() { HashSet set = new HashSet(); Vector res = new Vector(); for (Enumeration e = acl.entries() ; e.hasMoreElements() ;) { AclEntryImpl entry = (AclEntryImpl) e.nextElement(); for (Enumeration cs = entry.communities(); cs.hasMoreElements() ;) { set.add((String) cs.nextElement()); } } String[] objs = set.toArray(new String[0]); for(int i = 0; i < objs.length; i++) res.addElement(objs[i]); return res.elements(); } /** * Returns the name of the ACL. * * @return The name of the ACL. */ public String getName() { return acl.getName(); } /** * Returns the read permission instance used. * * @return The read permission instance. */ static public PermissionImpl getREAD() { return READ; } /** * Returns the write permission instance used. * * @return The write permission instance. */ static public PermissionImpl getWRITE() { return WRITE; } /** * Get the default name for the ACL file. * In this implementation this is "$JRE/lib/snmp.acl" * @return The default name for the ACL file. **/ public static String getDefaultAclFileName() { final String fileSeparator = System.getProperty("file.separator"); final StringBuffer defaultAclName = new StringBuffer(System.getProperty("java.home")). append(fileSeparator).append("lib").append(fileSeparator). append("snmp.acl"); return defaultAclName.toString(); } /** * Sets the full path of the file containing the ACL information. * * @param filename The full path of the file containing the ACL information. * @throws IllegalArgumentException If the passed ACL file doesn't exist. */ public void setAuthorizedListFile(String filename) throws IllegalArgumentException { File file = new File(filename); if (!file.isFile() ) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "setAuthorizedListFile", "ACL file not found: " + filename); } throw new IllegalArgumentException("The specified file ["+file+"] "+ "doesn't exist or is not a file, "+ "no configuration loaded"); } if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "setAuthorizedListFile", "Default file set to " + filename); } authorizedListFile = filename; } /** * Resets this ACL to the values contained in the configuration file. * * @exception NotOwnerException If the principal attempting the reset is not an owner of this ACL. * @exception UnknownHostException If IP addresses for hosts contained in the ACL file couldn't be found. */ public void rereadTheFile() throws NotOwnerException, UnknownHostException { alwaysAuthorized = false; acl.removeAll(owner); trapDestList.clear(); informDestList.clear(); AclEntry ownEntry = new AclEntryImpl(owner); ownEntry.addPermission(READ); ownEntry.addPermission(WRITE); acl.addEntry(owner,ownEntry); readAuthorizedListFile(); } /** * Returns the full path of the file used to get ACL information. * * @return The full path of the file used to get ACL information. */ public String getAuthorizedListFile() { return authorizedListFile; } /** * Checks whether or not the specified host has READ access. * * @param address The host address to check. * * @return true if the host has read permission, false otherwise. */ public boolean checkReadPermission(InetAddress address) { if (alwaysAuthorized) return ( true ); PrincipalImpl p = new PrincipalImpl(address); return acl.checkPermission(p, READ); } /** * Checks whether or not the specified host and community have READ access. * * @param address The host address to check. * @param community The community associated with the host. * * @return true if the pair (host, community) has read permission, false otherwise. */ public boolean checkReadPermission(InetAddress address, String community) { if (alwaysAuthorized) return ( true ); PrincipalImpl p = new PrincipalImpl(address); return acl.checkPermission(p, community, READ); } /** * Checks whether or not a community string is defined. * * @param community The community to check. * * @return true if the community is known, false otherwise. */ public boolean checkCommunity(String community) { return acl.checkCommunity(community); } /** * Checks whether or not the specified host has WRITE access. * * @param address The host address to check. * * @return true if the host has write permission, false otherwise. */ public boolean checkWritePermission(InetAddress address) { if (alwaysAuthorized) return ( true ); PrincipalImpl p = new PrincipalImpl(address); return acl.checkPermission(p, WRITE); } /** * Checks whether or not the specified host and community have WRITE access. * * @param address The host address to check. * @param community The community associated with the host. * * @return true if the pair (host, community) has write permission, false otherwise. */ public boolean checkWritePermission(InetAddress address, String community) { if (alwaysAuthorized) return ( true ); PrincipalImpl p = new PrincipalImpl(address); return acl.checkPermission(p, community, WRITE); } /** * Returns an enumeration of trap destinations. * * @return An enumeration of the trap destinations (enumeration of InetAddress). */ public Enumeration getTrapDestinations() { return trapDestList.keys(); } /** * Returns an enumeration of trap communities for a given host. * * @param i The address of the host. * * @return An enumeration of trap communities for a given host (enumeration of String). */ public Enumeration getTrapCommunities(InetAddress i) { Vector list = null; if ((list = (Vector)trapDestList.get(i)) != null ) { if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "getTrapCommunities", "["+i.toString()+"] is in list"); } return list.elements(); } else { list = new Vector(); if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "getTrapCommunities", "["+i.toString()+"] is not in list"); } return list.elements(); } } /** * Returns an enumeration of inform destinations. * * @return An enumeration of the inform destinations (enumeration of InetAddress). */ public Enumeration getInformDestinations() { return informDestList.keys(); } /** * Returns an enumeration of inform communities for a given host. * * @param i The address of the host. * * @return An enumeration of inform communities for a given host (enumeration of String). */ public Enumeration getInformCommunities(InetAddress i) { Vector list = null; if ((list = (Vector)informDestList.get(i)) != null ) { if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "getInformCommunities", "["+i.toString()+"] is in list"); } return list.elements(); } else { list = new Vector(); if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "getInformCommunities", "["+i.toString()+"] is not in list"); } return list.elements(); } } /** * Converts the input configuration file into ACL. */ private void readAuthorizedListFile() { alwaysAuthorized = false; if (authorizedListFile == null) { if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "readAuthorizedListFile", "alwaysAuthorized set to true"); } alwaysAuthorized = true ; } else { // Read the file content Parser parser = null; try { parser= new Parser(new FileInputStream(getAuthorizedListFile())); } catch (FileNotFoundException e) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "readAuthorizedListFile", "The specified file was not found, authorize everybody"); } alwaysAuthorized = true ; return; } try { JDMSecurityDefs n = parser.SecurityDefs(); n.buildAclEntries(owner, acl); n.buildTrapEntries(trapDestList); n.buildInformEntries(informDestList); } catch (ParseException e) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "readAuthorizedListFile", "Got parsing exception", e); } throw new IllegalArgumentException(e.getMessage()); } catch (Error err) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "readAuthorizedListFile", "Got unexpected error", err); } throw new IllegalArgumentException(err.getMessage()); } for(Enumeration e = acl.entries(); e.hasMoreElements();) { AclEntryImpl aa = (AclEntryImpl) e.nextElement(); if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "readAuthorizedListFile", "===> " + aa.getPrincipal().toString()); } for (Enumeration eee = aa.permissions();eee.hasMoreElements();) { java.security.acl.Permission perm = (java.security.acl.Permission)eee.nextElement(); if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "readAuthorizedListFile", "perm = " + perm); } } } } } /** * Set the default full path for "snmp.acl" input file. * Do not complain if the file does not exists. */ private void setDefaultFileName() { try { setAuthorizedListFile(getDefaultAclFileName()); } catch (IllegalArgumentException x) { // OK... } } // PRIVATE VARIABLES //------------------ /** * Represents the Access Control List. */ private AclImpl acl = null; /** * Flag indicating whether the access is always authorized. *
    This is the case if there is no flat file defined. */ private boolean alwaysAuthorized = false; /** * Represents the Access Control List flat file. */ private String authorizedListFile = null; /** * Contains the hosts list for trap destination. */ private Hashtable> trapDestList = null; /** * Contains the hosts list for inform destination. */ private Hashtable> informDestList = null; private PrincipalImpl owner = null; }