| /* Portions of this file are subject to the following copyright(s). See |
| * the Net-SNMP's COPYING file for more details and other copyrights |
| * that may apply: |
| */ |
| /****************************************************************** |
| Copyright 1989, 1991, 1992 by Carnegie Mellon University |
| |
| All Rights Reserved |
| |
| Permission to use, copy, modify, and distribute this software and its |
| documentation for any purpose and without fee is hereby granted, |
| provided that the above copyright notice appear in all copies and that |
| both that copyright notice and this permission notice appear in |
| supporting documentation, and that the name of CMU not be |
| used in advertising or publicity pertaining to distribution of the |
| software without specific, written prior permission. |
| |
| CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING |
| ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL |
| CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR |
| ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, |
| WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, |
| ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS |
| SOFTWARE. |
| ******************************************************************/ |
| /* |
| * Portions of this file are copyrighted by: |
| * Copyright Copyright 2003 Sun Microsystems, Inc. All rights reserved. |
| * Use is subject to license terms specified in the COPYING file |
| * distributed with the Net-SNMP package. |
| */ |
| |
| /** @defgroup library The Net-SNMP library |
| * @{ |
| */ |
| /* |
| * snmp_api.c - API for access to snmp. |
| */ |
| #include <net-snmp/net-snmp-config.h> |
| |
| #include <stdio.h> |
| #include <ctype.h> |
| #if HAVE_STDLIB_H |
| #include <stdlib.h> |
| #endif |
| #if HAVE_STRING_H |
| #include <string.h> |
| #else |
| #include <strings.h> |
| #endif |
| #if HAVE_UNISTD_H |
| #include <unistd.h> |
| #endif |
| #include <sys/types.h> |
| #if HAVE_SYS_PARAM_H |
| #include <sys/param.h> |
| #endif |
| #if TIME_WITH_SYS_TIME |
| # ifdef WIN32 |
| # include <sys/timeb.h> |
| # else |
| # include <sys/time.h> |
| # endif |
| # include <time.h> |
| #else |
| # if HAVE_SYS_TIME_H |
| # include <sys/time.h> |
| # else |
| # include <time.h> |
| # endif |
| #endif |
| #if HAVE_NETINET_IN_H |
| #include <netinet/in.h> |
| #endif |
| #if HAVE_ARPA_INET_H |
| #include <arpa/inet.h> |
| #endif |
| #if HAVE_SYS_SELECT_H |
| #include <sys/select.h> |
| #endif |
| #if HAVE_IO_H |
| #include <io.h> |
| #endif |
| #if HAVE_WINSOCK_H |
| #include <winsock.h> |
| #endif |
| #if HAVE_SYS_SOCKET_H |
| #include <sys/socket.h> |
| #endif |
| #if HAVE_SYS_UN_H |
| #include <sys/un.h> |
| #endif |
| #if HAVE_NETDB_H |
| #include <netdb.h> |
| #endif |
| #if HAVE_NET_IF_DL_H |
| #ifndef dynix |
| #include <net/if_dl.h> |
| #else |
| #include <sys/net/if_dl.h> |
| #endif |
| #endif |
| #include <errno.h> |
| |
| #if HAVE_LOCALE_H |
| #include <locale.h> |
| #endif |
| |
| #if HAVE_DMALLOC_H |
| #include <dmalloc.h> |
| #endif |
| |
| #define SNMP_NEED_REQUEST_LIST |
| #include <net-snmp/types.h> |
| #include <net-snmp/output_api.h> |
| #include <net-snmp/config_api.h> |
| #include <net-snmp/utilities.h> |
| |
| #include <net-snmp/library/asn1.h> |
| #include <net-snmp/library/snmp.h> /* for xdump & {build,parse}_var_op */ |
| #include <net-snmp/library/snmp_api.h> |
| #include <net-snmp/library/snmp_client.h> |
| #include <net-snmp/library/parse.h> |
| #include <net-snmp/library/mib.h> |
| #include <net-snmp/library/int64.h> |
| #include <net-snmp/library/snmpv3.h> |
| #include <net-snmp/library/callback.h> |
| #include <net-snmp/library/container.h> |
| #include <net-snmp/library/snmp_secmod.h> |
| #include <net-snmp/library/large_fd_set.h> |
| #ifdef NETSNMP_SECMOD_USM |
| #include <net-snmp/library/snmpusm.h> |
| #endif |
| #ifdef NETSNMP_SECMOD_KSM |
| #include <net-snmp/library/snmpksm.h> |
| #endif |
| #include <net-snmp/library/keytools.h> |
| #include <net-snmp/library/lcd_time.h> |
| #include <net-snmp/library/snmp_alarm.h> |
| #include <net-snmp/library/snmp_transport.h> |
| #include <net-snmp/library/snmp_service.h> |
| #include <net-snmp/library/vacm.h> |
| |
| static void _init_snmp(void); |
| |
| #include "../agent/mibgroup/agentx/protocol.h" |
| #include <net-snmp/library/transform_oids.h> |
| #ifndef timercmp |
| #define timercmp(tvp, uvp, cmp) \ |
| /* CSTYLED */ \ |
| ((tvp)->tv_sec cmp (uvp)->tv_sec || \ |
| ((tvp)->tv_sec == (uvp)->tv_sec && \ |
| /* CSTYLED */ \ |
| (tvp)->tv_usec cmp (uvp)->tv_usec)) |
| #endif |
| #ifndef timerclear |
| #define timerclear(tvp) (tvp)->tv_sec = (tvp)->tv_usec = 0 |
| #endif |
| |
| /* |
| * Globals. |
| */ |
| #define MAX_PACKET_LENGTH (0x7fffffff) |
| #ifndef NETSNMP_STREAM_QUEUE_LEN |
| #define NETSNMP_STREAM_QUEUE_LEN 5 |
| #endif |
| |
| #ifndef BSD4_3 |
| #define BSD4_2 |
| #endif |
| |
| #ifndef FD_SET |
| |
| typedef long fd_mask; |
| #define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask */ |
| |
| #define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) |
| #define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) |
| #define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) |
| #define FD_ZERO(p) memset((p), 0, sizeof(*(p))) |
| #endif |
| |
| static oid default_enterprise[] = { 1, 3, 6, 1, 4, 1, 3, 1, 1 }; |
| /* |
| * enterprises.cmu.systems.cmuSNMP |
| */ |
| |
| #define DEFAULT_COMMUNITY "public" |
| #define DEFAULT_RETRIES 5 |
| #define DEFAULT_TIMEOUT 1000000L |
| #define DEFAULT_REMPORT SNMP_PORT |
| #define DEFAULT_ENTERPRISE default_enterprise |
| #define DEFAULT_TIME 0 |
| |
| /* |
| * don't set higher than 0x7fffffff, and I doubt it should be that high |
| * * = 4 gig snmp messages max |
| */ |
| #define MAXIMUM_PACKET_SIZE 0x7fffffff |
| |
| /* |
| * Internal information about the state of the snmp session. |
| */ |
| struct snmp_internal_session { |
| netsnmp_request_list *requests; /* Info about outstanding requests */ |
| netsnmp_request_list *requestsEnd; /* ptr to end of list */ |
| int (*hook_pre) (netsnmp_session *, netsnmp_transport *, |
| void *, int); |
| int (*hook_parse) (netsnmp_session *, netsnmp_pdu *, |
| u_char *, size_t); |
| int (*hook_post) (netsnmp_session *, netsnmp_pdu *, int); |
| int (*hook_build) (netsnmp_session *, netsnmp_pdu *, |
| u_char *, size_t *); |
| int (*hook_realloc_build) (netsnmp_session *, |
| netsnmp_pdu *, u_char **, |
| size_t *, size_t *); |
| int (*check_packet) (u_char *, size_t); |
| netsnmp_pdu *(*hook_create_pdu) (netsnmp_transport *, |
| void *, size_t); |
| |
| u_char *packet; |
| size_t packet_len, packet_size; |
| }; |
| |
| /* |
| * The list of active/open sessions. |
| */ |
| struct session_list { |
| struct session_list *next; |
| netsnmp_session *session; |
| netsnmp_transport *transport; |
| struct snmp_internal_session *internal; |
| }; |
| |
| |
| |
| static const char *api_errors[-SNMPERR_MAX + 1] = { |
| "No error", /* SNMPERR_SUCCESS */ |
| "Generic error", /* SNMPERR_GENERR */ |
| "Invalid local port", /* SNMPERR_BAD_LOCPORT */ |
| "Unknown host", /* SNMPERR_BAD_ADDRESS */ |
| "Unknown session", /* SNMPERR_BAD_SESSION */ |
| "Too long", /* SNMPERR_TOO_LONG */ |
| "No socket", /* SNMPERR_NO_SOCKET */ |
| "Cannot send V2 PDU on V1 session", /* SNMPERR_V2_IN_V1 */ |
| "Cannot send V1 PDU on V2 session", /* SNMPERR_V1_IN_V2 */ |
| "Bad value for non-repeaters", /* SNMPERR_BAD_REPEATERS */ |
| "Bad value for max-repetitions", /* SNMPERR_BAD_REPETITIONS */ |
| "Error building ASN.1 representation", /* SNMPERR_BAD_ASN1_BUILD */ |
| "Failure in sendto", /* SNMPERR_BAD_SENDTO */ |
| "Bad parse of ASN.1 type", /* SNMPERR_BAD_PARSE */ |
| "Bad version specified", /* SNMPERR_BAD_VERSION */ |
| "Bad source party specified", /* SNMPERR_BAD_SRC_PARTY */ |
| "Bad destination party specified", /* SNMPERR_BAD_DST_PARTY */ |
| "Bad context specified", /* SNMPERR_BAD_CONTEXT */ |
| "Bad community specified", /* SNMPERR_BAD_COMMUNITY */ |
| "Cannot send noAuth/Priv", /* SNMPERR_NOAUTH_DESPRIV */ |
| "Bad ACL definition", /* SNMPERR_BAD_ACL */ |
| "Bad Party definition", /* SNMPERR_BAD_PARTY */ |
| "Session abort failure", /* SNMPERR_ABORT */ |
| "Unknown PDU type", /* SNMPERR_UNKNOWN_PDU */ |
| "Timeout", /* SNMPERR_TIMEOUT */ |
| "Failure in recvfrom", /* SNMPERR_BAD_RECVFROM */ |
| "Unable to determine contextEngineID", /* SNMPERR_BAD_ENG_ID */ |
| "No securityName specified", /* SNMPERR_BAD_SEC_NAME */ |
| "Unable to determine securityLevel", /* SNMPERR_BAD_SEC_LEVEL */ |
| "ASN.1 parse error in message", /* SNMPERR_ASN_PARSE_ERR */ |
| "Unknown security model in message", /* SNMPERR_UNKNOWN_SEC_MODEL */ |
| "Invalid message (e.g. msgFlags)", /* SNMPERR_INVALID_MSG */ |
| "Unknown engine ID", /* SNMPERR_UNKNOWN_ENG_ID */ |
| "Unknown user name", /* SNMPERR_UNKNOWN_USER_NAME */ |
| "Unsupported security level", /* SNMPERR_UNSUPPORTED_SEC_LEVEL */ |
| "Authentication failure (incorrect password, community or key)", /* SNMPERR_AUTHENTICATION_FAILURE */ |
| "Not in time window", /* SNMPERR_NOT_IN_TIME_WINDOW */ |
| "Decryption error", /* SNMPERR_DECRYPTION_ERR */ |
| "SCAPI general failure", /* SNMPERR_SC_GENERAL_FAILURE */ |
| "SCAPI sub-system not configured", /* SNMPERR_SC_NOT_CONFIGURED */ |
| "Key tools not available", /* SNMPERR_KT_NOT_AVAILABLE */ |
| "Unknown Report message", /* SNMPERR_UNKNOWN_REPORT */ |
| "USM generic error", /* SNMPERR_USM_GENERICERROR */ |
| "USM unknown security name (no such user exists)", /* SNMPERR_USM_UNKNOWNSECURITYNAME */ |
| "USM unsupported security level (this user has not been configured for that level of security)", /* SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL */ |
| "USM encryption error", /* SNMPERR_USM_ENCRYPTIONERROR */ |
| "USM authentication failure (incorrect password or key)", /* SNMPERR_USM_AUTHENTICATIONFAILURE */ |
| "USM parse error", /* SNMPERR_USM_PARSEERROR */ |
| "USM unknown engineID", /* SNMPERR_USM_UNKNOWNENGINEID */ |
| "USM not in time window", /* SNMPERR_USM_NOTINTIMEWINDOW */ |
| "USM decryption error", /* SNMPERR_USM_DECRYPTIONERROR */ |
| "MIB not initialized", /* SNMPERR_NOMIB */ |
| "Value out of range", /* SNMPERR_RANGE */ |
| "Sub-id out of range", /* SNMPERR_MAX_SUBID */ |
| "Bad sub-id in object identifier", /* SNMPERR_BAD_SUBID */ |
| "Object identifier too long", /* SNMPERR_LONG_OID */ |
| "Bad value name", /* SNMPERR_BAD_NAME */ |
| "Bad value notation", /* SNMPERR_VALUE */ |
| "Unknown Object Identifier", /* SNMPERR_UNKNOWN_OBJID */ |
| "No PDU in snmp_send", /* SNMPERR_NULL_PDU */ |
| "Missing variables in PDU", /* SNMPERR_NO_VARS */ |
| "Bad variable type", /* SNMPERR_VAR_TYPE */ |
| "Out of memory (malloc failure)", /* SNMPERR_MALLOC */ |
| "Kerberos related error", /* SNMPERR_KRB5 */ |
| "Protocol error", /* SNMPERR_PROTOCOL */ |
| "OID not increasing", /* SNMPERR_OID_NONINCREASING */ |
| }; |
| |
| static const char *secLevelName[] = { |
| "BAD_SEC_LEVEL", |
| "noAuthNoPriv", |
| "authNoPriv", |
| "authPriv" |
| }; |
| |
| /* |
| * Multiple threads may changes these variables. |
| * Suggest using the Single API, which does not use Sessions. |
| * |
| * Reqid may need to be protected. Time will tell... |
| * |
| */ |
| /* |
| * MTCRITICAL_RESOURCE |
| */ |
| /* |
| * use token in comments to individually protect these resources |
| */ |
| struct session_list *Sessions = NULL; /* MT_LIB_SESSION */ |
| static long Reqid = 0; /* MT_LIB_REQUESTID */ |
| static long Msgid = 0; /* MT_LIB_MESSAGEID */ |
| static long Sessid = 0; /* MT_LIB_SESSIONID */ |
| static long Transid = 0; /* MT_LIB_TRANSID */ |
| int snmp_errno = 0; |
| /* |
| * END MTCRITICAL_RESOURCE |
| */ |
| |
| /* |
| * global error detail storage |
| */ |
| static char snmp_detail[192]; |
| static int snmp_detail_f = 0; |
| |
| /* |
| * Prototypes. |
| */ |
| int snmp_build(u_char ** pkt, size_t * pkt_len, |
| size_t * offset, netsnmp_session * pss, |
| netsnmp_pdu *pdu); |
| static int snmp_parse(void *, netsnmp_session *, netsnmp_pdu *, |
| u_char *, size_t); |
| |
| static void snmpv3_calc_msg_flags(int, int, u_char *); |
| static int snmpv3_verify_msg(netsnmp_request_list *, netsnmp_pdu *); |
| static int snmpv3_build_probe_pdu(netsnmp_pdu **); |
| static int snmpv3_build(u_char ** pkt, size_t * pkt_len, |
| size_t * offset, netsnmp_session * session, |
| netsnmp_pdu *pdu); |
| static int snmp_parse_version(u_char *, size_t); |
| static int snmp_resend_request(struct session_list *slp, |
| netsnmp_request_list *rp, |
| int incr_retries); |
| static void register_default_handlers(void); |
| static struct session_list *snmp_sess_copy(netsnmp_session * pss); |
| int snmp_get_errno(void); |
| void snmp_synch_reset(netsnmp_session * notused); |
| void snmp_synch_setup(netsnmp_session * notused); |
| |
| #ifndef HAVE_STRERROR |
| const char * |
| strerror(int err) |
| { |
| extern const char *sys_errlist[]; |
| extern int sys_nerr; |
| |
| if (err < 0 || err >= sys_nerr) |
| return "Unknown error"; |
| return sys_errlist[err]; |
| } |
| #endif |
| |
| const char * |
| snmp_pdu_type(int type) |
| { |
| static char unknown[20]; |
| switch(type) { |
| case SNMP_MSG_GET: |
| return "GET"; |
| case SNMP_MSG_GETNEXT: |
| return "GETNEXT"; |
| case SNMP_MSG_RESPONSE: |
| return "RESPONSE"; |
| case SNMP_MSG_SET: |
| return "SET"; |
| case SNMP_MSG_GETBULK: |
| return "GETBULK"; |
| case SNMP_MSG_INFORM: |
| return "INFORM"; |
| case SNMP_MSG_TRAP2: |
| return "TRAP2"; |
| case SNMP_MSG_REPORT: |
| return "REPORT"; |
| default: |
| snprintf(unknown, sizeof(unknown), "?0x%2X?", type); |
| return unknown; |
| } |
| } |
| |
| #define DEBUGPRINTPDUTYPE(token, type) \ |
| DEBUGDUMPSECTION(token, snmp_pdu_type(type)) |
| |
| long |
| snmp_get_next_reqid(void) |
| { |
| long retVal; |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_REQUESTID); |
| retVal = 1 + Reqid; /*MTCRITICAL_RESOURCE */ |
| if (!retVal) |
| retVal = 2; |
| Reqid = retVal; |
| if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_16BIT_IDS)) |
| retVal &= 0x7fff; /* mask to 15 bits */ |
| else |
| retVal &= 0x7fffffff; /* mask to 31 bits */ |
| |
| if (!retVal) { |
| Reqid = retVal = 2; |
| } |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_REQUESTID); |
| return retVal; |
| } |
| |
| long |
| snmp_get_next_msgid(void) |
| { |
| long retVal; |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_MESSAGEID); |
| retVal = 1 + Msgid; /*MTCRITICAL_RESOURCE */ |
| if (!retVal) |
| retVal = 2; |
| Msgid = retVal; |
| if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_16BIT_IDS)) |
| retVal &= 0x7fff; /* mask to 15 bits */ |
| else |
| retVal &= 0x7fffffff; /* mask to 31 bits */ |
| |
| if (!retVal) { |
| Msgid = retVal = 2; |
| } |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_MESSAGEID); |
| return retVal; |
| } |
| |
| long |
| snmp_get_next_sessid(void) |
| { |
| long retVal; |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_SESSIONID); |
| retVal = 1 + Sessid; /*MTCRITICAL_RESOURCE */ |
| if (!retVal) |
| retVal = 2; |
| Sessid = retVal; |
| if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_16BIT_IDS)) |
| retVal &= 0x7fff; /* mask to 15 bits */ |
| else |
| retVal &= 0x7fffffff; /* mask to 31 bits */ |
| |
| if (!retVal) { |
| Sessid = retVal = 2; |
| } |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSIONID); |
| return retVal; |
| } |
| |
| long |
| snmp_get_next_transid(void) |
| { |
| long retVal; |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_TRANSID); |
| retVal = 1 + Transid; /*MTCRITICAL_RESOURCE */ |
| if (!retVal) |
| retVal = 2; |
| Transid = retVal; |
| if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_16BIT_IDS)) |
| retVal &= 0x7fff; /* mask to 15 bits */ |
| else |
| retVal &= 0x7fffffff; /* mask to 31 bits */ |
| |
| if (!retVal) { |
| Transid = retVal = 2; |
| } |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_TRANSID); |
| return retVal; |
| } |
| |
| void |
| snmp_perror(const char *prog_string) |
| { |
| const char *str; |
| int xerr; |
| xerr = snmp_errno; /*MTCRITICAL_RESOURCE */ |
| str = snmp_api_errstring(xerr); |
| snmp_log(LOG_ERR, "%s: %s\n", prog_string, str); |
| } |
| |
| void |
| snmp_set_detail(const char *detail_string) |
| { |
| if (detail_string != NULL) { |
| strlcpy((char *) snmp_detail, detail_string, sizeof(snmp_detail)); |
| snmp_detail_f = 1; |
| } |
| } |
| |
| /* |
| * returns pointer to static data |
| */ |
| /* |
| * results not guaranteed in multi-threaded use |
| */ |
| const char * |
| snmp_api_errstring(int snmp_errnumber) |
| { |
| const char *msg = ""; |
| static char msg_buf[SPRINT_MAX_LEN]; |
| |
| if (snmp_errnumber >= SNMPERR_MAX && snmp_errnumber <= SNMPERR_GENERR) { |
| msg = api_errors[-snmp_errnumber]; |
| } else if (snmp_errnumber != SNMPERR_SUCCESS) { |
| msg = NULL; |
| } |
| if (!msg) { |
| snprintf(msg_buf, sizeof(msg_buf), "Unknown error: %d", snmp_errnumber); |
| msg_buf[sizeof(msg_buf)-1] = '\0'; |
| } else if (snmp_detail_f) { |
| snprintf(msg_buf, sizeof(msg_buf), "%s (%s)", msg, snmp_detail); |
| msg_buf[sizeof(msg_buf)-1] = '\0'; |
| snmp_detail_f = 0; |
| } else { |
| strlcpy(msg_buf, msg, sizeof(msg_buf)); |
| } |
| |
| return (msg_buf); |
| } |
| |
| /* |
| * snmp_error - return error data |
| * Inputs : address of errno, address of snmp_errno, address of string |
| * Caller must free the string returned after use. |
| */ |
| void |
| snmp_error(netsnmp_session * psess, |
| int *p_errno, int *p_snmp_errno, char **p_str) |
| { |
| char buf[SPRINT_MAX_LEN]; |
| int snmp_errnumber; |
| |
| if (p_errno) |
| *p_errno = psess->s_errno; |
| if (p_snmp_errno) |
| *p_snmp_errno = psess->s_snmp_errno; |
| if (p_str == NULL) |
| return; |
| |
| strcpy(buf, ""); |
| snmp_errnumber = psess->s_snmp_errno; |
| if (snmp_errnumber >= SNMPERR_MAX && snmp_errnumber <= SNMPERR_GENERR) { |
| if (snmp_detail_f) { |
| snprintf(buf, sizeof(buf), "%s (%s)", api_errors[-snmp_errnumber], |
| snmp_detail); |
| buf[sizeof(buf)-1] = '\0'; |
| snmp_detail_f = 0; |
| } |
| else |
| strlcpy(buf, api_errors[-snmp_errnumber], sizeof(buf)); |
| } else { |
| if (snmp_errnumber) { |
| snprintf(buf, sizeof(buf), "Unknown Error %d", snmp_errnumber); |
| buf[sizeof(buf)-1] = '\0'; |
| } |
| } |
| |
| /* |
| * append a useful system errno interpretation. |
| */ |
| if (psess->s_errno) { |
| const char* error = strerror(psess->s_errno); |
| if(error == NULL) |
| error = "Unknown Error"; |
| snprintf (&buf[strlen(buf)], sizeof(buf)-strlen(buf), |
| " (%s)", error); |
| } |
| buf[sizeof(buf)-1] = '\0'; |
| *p_str = strdup(buf); |
| } |
| |
| /* |
| * snmp_sess_error - same as snmp_error for single session API use. |
| */ |
| void |
| snmp_sess_error(void *sessp, int *p_errno, int *p_snmp_errno, char **p_str) |
| { |
| struct session_list *slp = (struct session_list *) sessp; |
| |
| if ((slp) && (slp->session)) |
| snmp_error(slp->session, p_errno, p_snmp_errno, p_str); |
| } |
| |
| /* |
| * netsnmp_sess_log_error(): print a error stored in a session pointer |
| */ |
| void |
| netsnmp_sess_log_error(int priority, |
| const char *prog_string, netsnmp_session * ss) |
| { |
| char *err; |
| snmp_error(ss, NULL, NULL, &err); |
| snmp_log(priority, "%s: %s\n", prog_string, err); |
| SNMP_FREE(err); |
| } |
| |
| /* |
| * snmp_sess_perror(): print a error stored in a session pointer |
| */ |
| void |
| snmp_sess_perror(const char *prog_string, netsnmp_session * ss) |
| { |
| netsnmp_sess_log_error(LOG_ERR, prog_string, ss); |
| } |
| |
| |
| |
| /* |
| * Primordial SNMP library initialization. |
| * Initializes mutex locks. |
| * Invokes minimum required initialization for displaying MIB objects. |
| * Gets initial request ID for all transactions, |
| * and finds which port SNMP over UDP uses. |
| * SNMP over AppleTalk is not currently supported. |
| * |
| * Warning: no debug messages here. |
| */ |
| static char _init_snmp_init_done = 0; |
| static void |
| _init_snmp(void) |
| { |
| |
| struct timeval tv; |
| long tmpReqid, tmpMsgid; |
| |
| if (_init_snmp_init_done) |
| return; |
| _init_snmp_init_done = 1; |
| Reqid = 1; |
| |
| snmp_res_init(); /* initialize the mt locking structures */ |
| #ifndef NETSNMP_DISABLE_MIB_LOADING |
| netsnmp_init_mib_internals(); |
| #endif /* NETSNMP_DISABLE_MIB_LOADING */ |
| netsnmp_tdomain_init(); |
| |
| gettimeofday(&tv, (struct timezone *) 0); |
| /* |
| * Now = tv; |
| */ |
| |
| /* |
| * get pseudo-random values for request ID and message ID |
| */ |
| /* |
| * don't allow zero value to repeat init |
| */ |
| #ifdef SVR4 |
| srand48(tv.tv_sec ^ tv.tv_usec); |
| tmpReqid = lrand48(); |
| tmpMsgid = lrand48(); |
| #else |
| srandom(tv.tv_sec ^ tv.tv_usec); |
| tmpReqid = random(); |
| tmpMsgid = random(); |
| #endif |
| |
| if (tmpReqid == 0) |
| tmpReqid = 1; |
| if (tmpMsgid == 0) |
| tmpMsgid = 1; |
| Reqid = tmpReqid; |
| Msgid = tmpMsgid; |
| |
| netsnmp_register_default_domain("snmp", "udp udp6"); |
| netsnmp_register_default_domain("snmptrap", "udp udp6"); |
| |
| netsnmp_register_default_target("snmp", "udp", ":161"); |
| netsnmp_register_default_target("snmp", "tcp", ":161"); |
| netsnmp_register_default_target("snmp", "udp6", ":161"); |
| netsnmp_register_default_target("snmp", "tcp6", ":161"); |
| netsnmp_register_default_target("snmp", "ipx", "/36879"); |
| netsnmp_register_default_target("snmptrap", "udp", ":162"); |
| netsnmp_register_default_target("snmptrap", "tcp", ":162"); |
| netsnmp_register_default_target("snmptrap", "udp6", ":162"); |
| netsnmp_register_default_target("snmptrap", "tcp6", ":162"); |
| netsnmp_register_default_target("snmptrap", "ipx", "/36880"); |
| |
| netsnmp_ds_set_int(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_HEX_OUTPUT_LENGTH, 16); |
| |
| #ifdef NETSNMP_USE_REVERSE_ASNENCODING |
| netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_REVERSE_ENCODE, |
| NETSNMP_DEFAULT_ASNENCODING_DIRECTION); |
| #endif |
| } |
| |
| /* |
| * Initializes the session structure. |
| * May perform one time minimal library initialization. |
| * No MIB file processing is done via this call. |
| */ |
| void |
| snmp_sess_init(netsnmp_session * session) |
| { |
| _init_snmp(); |
| |
| /* |
| * initialize session to default values |
| */ |
| |
| memset(session, 0, sizeof(netsnmp_session)); |
| session->remote_port = SNMP_DEFAULT_REMPORT; |
| session->timeout = SNMP_DEFAULT_TIMEOUT; |
| session->retries = SNMP_DEFAULT_RETRIES; |
| session->version = SNMP_DEFAULT_VERSION; |
| session->securityModel = SNMP_DEFAULT_SECMODEL; |
| session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE; |
| session->flags |= SNMP_FLAGS_DONT_PROBE; |
| } |
| |
| |
| static void |
| register_default_handlers(void) |
| { |
| netsnmp_ds_register_config(ASN_BOOLEAN, "snmp", "dumpPacket", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DUMP_PACKET); |
| netsnmp_ds_register_config(ASN_BOOLEAN, "snmp", "reverseEncodeBER", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_REVERSE_ENCODE); |
| netsnmp_ds_register_config(ASN_INTEGER, "snmp", "defaultPort", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DEFAULT_PORT); |
| #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
| netsnmp_ds_register_config(ASN_OCTET_STR, "snmp", "defCommunity", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_COMMUNITY); |
| #endif |
| netsnmp_ds_register_premib(ASN_BOOLEAN, "snmp", "noTokenWarnings", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_NO_TOKEN_WARNINGS); |
| netsnmp_ds_register_config(ASN_BOOLEAN, "snmp", "noRangeCheck", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DONT_CHECK_RANGE); |
| netsnmp_ds_register_premib(ASN_OCTET_STR, "snmp", "persistentDir", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_PERSISTENT_DIR); |
| netsnmp_ds_register_config(ASN_OCTET_STR, "snmp", "tempFilePattern", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_TEMP_FILE_PATTERN); |
| netsnmp_ds_register_config(ASN_BOOLEAN, "snmp", "noDisplayHint", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_NO_DISPLAY_HINT); |
| netsnmp_ds_register_config(ASN_BOOLEAN, "snmp", "16bitIDs", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_16BIT_IDS); |
| netsnmp_ds_register_premib(ASN_OCTET_STR, "snmp", "clientaddr", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_CLIENT_ADDR); |
| netsnmp_ds_register_config(ASN_INTEGER, "snmp", "serverSendBuf", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_SERVERSENDBUF); |
| netsnmp_ds_register_config(ASN_INTEGER, "snmp", "serverRecvBuf", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_SERVERRECVBUF); |
| netsnmp_ds_register_config(ASN_INTEGER, "snmp", "clientSendBuf", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_CLIENTSENDBUF); |
| netsnmp_ds_register_config(ASN_INTEGER, "snmp", "clientRecvBuf", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_CLIENTRECVBUF); |
| netsnmp_ds_register_config(ASN_BOOLEAN, "snmp", "noPersistentLoad", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DISABLE_PERSISTENT_LOAD); |
| netsnmp_ds_register_config(ASN_BOOLEAN, "snmp", "noPersistentSave", |
| NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DISABLE_PERSISTENT_SAVE); |
| netsnmp_ds_register_config(ASN_BOOLEAN, "snmp", |
| "noContextEngineIDDiscovery", |
| NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_NO_DISCOVERY); |
| |
| netsnmp_register_service_handlers(); |
| } |
| |
| static int init_snmp_init_done = 0; /* To prevent double init's. */ |
| /** |
| * Calls the functions to do config file loading and mib module parsing |
| * in the correct order. |
| * |
| * @param type label for the config file "type" |
| * |
| * @return void |
| * |
| * @see init_agent |
| */ |
| void |
| init_snmp(const char *type) |
| { |
| if (init_snmp_init_done) { |
| return; |
| } |
| |
| init_snmp_init_done = 1; |
| |
| /* |
| * make the type available everywhere else |
| */ |
| if (type && !netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_APPTYPE)) { |
| netsnmp_ds_set_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_APPTYPE, type); |
| } |
| |
| _init_snmp(); |
| |
| /* |
| * set our current locale properly to initialize isprint() type functions |
| */ |
| #ifdef HAVE_SETLOCALE |
| setlocale(LC_CTYPE, ""); |
| #endif |
| |
| snmp_debug_init(); /* should be done first, to turn on debugging ASAP */ |
| netsnmp_container_init_list(); |
| init_callbacks(); |
| init_snmp_logging(); |
| snmp_init_statistics(); |
| register_mib_handlers(); |
| register_default_handlers(); |
| init_snmpv3(type); |
| init_snmp_alarm(); |
| init_snmp_enum(type); |
| init_vacm(); |
| |
| read_premib_configs(); |
| #ifndef NETSNMP_DISABLE_MIB_LOADING |
| netsnmp_init_mib(); |
| #endif /* NETSNMP_DISABLE_MIB_LOADING */ |
| |
| read_configs(); |
| |
| } /* end init_snmp() */ |
| |
| void |
| snmp_store(const char *type) |
| { |
| DEBUGMSGTL(("snmp_store", "storing stuff...\n")); |
| snmp_save_persistent(type); |
| snmp_call_callbacks(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_STORE_DATA, NULL); |
| snmp_clean_persistent(type); |
| } |
| |
| |
| /** |
| * Shuts down the application, saving any needed persistent storage, |
| * and appropriate clean up. |
| * |
| * @param type Label for the config file "type" used |
| * |
| * @return void |
| */ |
| void |
| snmp_shutdown(const char *type) |
| { |
| snmp_store(type); |
| snmp_call_callbacks(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_SHUTDOWN, NULL); |
| shutdown_snmp_logging(); |
| snmp_alarm_unregister_all(); |
| snmp_close_sessions(); |
| #ifndef NETSNMP_DISABLE_MIB_LOADING |
| shutdown_mib(); |
| #endif /* NETSNMP_DISABLE_MIB_LOADING */ |
| unregister_all_config_handlers(); |
| netsnmp_container_free_list(); |
| clear_sec_mod(); |
| clear_snmp_enum(); |
| netsnmp_clear_tdomain_list(); |
| clear_callback(); |
| netsnmp_ds_shutdown(); |
| clear_user_list(); |
| netsnmp_clear_default_target(); |
| netsnmp_clear_default_domain(); |
| free_etimelist(); |
| |
| init_snmp_init_done = 0; |
| _init_snmp_init_done = 0; |
| } |
| |
| |
| /* |
| * Sets up the session with the snmp_session information provided by the user. |
| * Then opens and binds the necessary low-level transport. A handle to the |
| * created session is returned (this is NOT the same as the pointer passed to |
| * snmp_open()). On any error, NULL is returned and snmp_errno is set to the |
| * appropriate error code. |
| */ |
| netsnmp_session * |
| snmp_open(netsnmp_session *session) |
| { |
| struct session_list *slp; |
| slp = (struct session_list *) snmp_sess_open(session); |
| if (!slp) { |
| return NULL; |
| } |
| |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| slp->next = Sessions; |
| Sessions = slp; |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| |
| return (slp->session); |
| } |
| |
| /* |
| * extended open |
| */ |
| netsnmp_session * |
| snmp_open_ex(netsnmp_session *session, |
| int (*fpre_parse) (netsnmp_session *, netsnmp_transport *, |
| void *, int), |
| int (*fparse) (netsnmp_session *, netsnmp_pdu *, u_char *, |
| size_t), |
| int (*fpost_parse) (netsnmp_session *, netsnmp_pdu *, int), |
| |
| int (*fbuild) (netsnmp_session *, netsnmp_pdu *, u_char *, |
| size_t *), |
| int (*frbuild) (netsnmp_session *, netsnmp_pdu *, |
| u_char **, size_t *, size_t *), |
| int (*fcheck) (u_char *, size_t) |
| ) |
| { |
| struct session_list *slp; |
| slp = (struct session_list *) snmp_sess_open(session); |
| if (!slp) { |
| return NULL; |
| } |
| slp->internal->hook_pre = fpre_parse; |
| slp->internal->hook_parse = fparse; |
| slp->internal->hook_post = fpost_parse; |
| slp->internal->hook_build = fbuild; |
| slp->internal->hook_realloc_build = frbuild; |
| slp->internal->check_packet = fcheck; |
| |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| slp->next = Sessions; |
| Sessions = slp; |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| |
| return (slp->session); |
| } |
| |
| static struct session_list * |
| _sess_copy(netsnmp_session * in_session) |
| { |
| struct session_list *slp; |
| struct snmp_internal_session *isp; |
| netsnmp_session *session; |
| struct snmp_secmod_def *sptr; |
| char *cp; |
| u_char *ucp; |
| size_t i; |
| |
| in_session->s_snmp_errno = 0; |
| in_session->s_errno = 0; |
| |
| /* |
| * Copy session structure and link into list |
| */ |
| slp = (struct session_list *) calloc(1, sizeof(struct session_list)); |
| if (slp == NULL) { |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| |
| slp->transport = NULL; |
| |
| isp = (struct snmp_internal_session *)calloc(1, sizeof(struct snmp_internal_session)); |
| |
| if (isp == NULL) { |
| snmp_sess_close(slp); |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| |
| slp->internal = isp; |
| slp->session = (netsnmp_session *)malloc(sizeof(netsnmp_session)); |
| if (slp->session == NULL) { |
| snmp_sess_close(slp); |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| memmove(slp->session, in_session, sizeof(netsnmp_session)); |
| session = slp->session; |
| |
| /* |
| * zero out pointers so if we have to free the session we wont free mem |
| * owned by in_session |
| */ |
| session->localname = NULL; |
| session->peername = NULL; |
| session->community = NULL; |
| session->contextEngineID = NULL; |
| session->contextName = NULL; |
| session->securityEngineID = NULL; |
| session->securityName = NULL; |
| session->securityAuthProto = NULL; |
| session->securityPrivProto = NULL; |
| /* |
| * session now points to the new structure that still contains pointers to |
| * data allocated elsewhere. Some of this data is copied to space malloc'd |
| * here, and the pointer replaced with the new one. |
| */ |
| |
| if (in_session->peername != NULL) { |
| session->peername = (char *)malloc(strlen(in_session->peername) + 1); |
| if (session->peername == NULL) { |
| snmp_sess_close(slp); |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| strcpy(session->peername, in_session->peername); |
| } |
| |
| /* |
| * Fill in defaults if necessary |
| */ |
| #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
| if (in_session->community_len != SNMP_DEFAULT_COMMUNITY_LEN) { |
| ucp = (u_char *) malloc(in_session->community_len); |
| if (ucp != NULL) |
| memmove(ucp, in_session->community, in_session->community_len); |
| } else { |
| if ((cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_COMMUNITY)) != NULL) { |
| session->community_len = strlen(cp); |
| ucp = (u_char *) malloc(session->community_len); |
| if (ucp) |
| memmove(ucp, cp, session->community_len); |
| } else { |
| #ifdef NETSNMP_NO_ZEROLENGTH_COMMUNITY |
| session->community_len = strlen(DEFAULT_COMMUNITY); |
| ucp = (u_char *) malloc(session->community_len); |
| if (ucp) |
| memmove(ucp, DEFAULT_COMMUNITY, session->community_len); |
| #else |
| ucp = (u_char *) strdup(""); |
| #endif |
| } |
| } |
| |
| if (ucp == NULL) { |
| snmp_sess_close(slp); |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| session->community = ucp; /* replace pointer with pointer to new data */ |
| #endif |
| |
| if (session->securityLevel <= 0) { |
| session->securityLevel = |
| netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_SECLEVEL); |
| } |
| |
| if (session->securityLevel == 0) |
| session->securityLevel = SNMP_SEC_LEVEL_NOAUTH; |
| |
| if (in_session->securityAuthProtoLen > 0) { |
| session->securityAuthProto = |
| snmp_duplicate_objid(in_session->securityAuthProto, |
| in_session->securityAuthProtoLen); |
| if (session->securityAuthProto == NULL) { |
| snmp_sess_close(slp); |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| } else if (get_default_authtype(&i) != NULL) { |
| session->securityAuthProto = |
| snmp_duplicate_objid(get_default_authtype(NULL), i); |
| session->securityAuthProtoLen = i; |
| } |
| |
| if (in_session->securityPrivProtoLen > 0) { |
| session->securityPrivProto = |
| snmp_duplicate_objid(in_session->securityPrivProto, |
| in_session->securityPrivProtoLen); |
| if (session->securityPrivProto == NULL) { |
| snmp_sess_close(slp); |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| } else if (get_default_privtype(&i) != NULL) { |
| session->securityPrivProto = |
| snmp_duplicate_objid(get_default_privtype(NULL), i); |
| session->securityPrivProtoLen = i; |
| } |
| |
| if (in_session->securityEngineIDLen > 0) { |
| ucp = (u_char *) malloc(in_session->securityEngineIDLen); |
| if (ucp == NULL) { |
| snmp_sess_close(slp); |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| memmove(ucp, in_session->securityEngineID, |
| in_session->securityEngineIDLen); |
| session->securityEngineID = ucp; |
| |
| } |
| |
| if (in_session->contextEngineIDLen > 0) { |
| ucp = (u_char *) malloc(in_session->contextEngineIDLen); |
| if (ucp == NULL) { |
| snmp_sess_close(slp); |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| memmove(ucp, in_session->contextEngineID, |
| in_session->contextEngineIDLen); |
| session->contextEngineID = ucp; |
| } else if (in_session->securityEngineIDLen > 0) { |
| /* |
| * default contextEngineID to securityEngineIDLen if defined |
| */ |
| ucp = (u_char *) malloc(in_session->securityEngineIDLen); |
| if (ucp == NULL) { |
| snmp_sess_close(slp); |
| in_session->s_snmp_errno = SNMPERR_MALLOC; |
| return (NULL); |
| } |
| memmove(ucp, in_session->securityEngineID, |
| in_session->securityEngineIDLen); |
| session->contextEngineID = ucp; |
| session->contextEngineIDLen = in_session->securityEngineIDLen; |
| } |
| |
| if (in_session->contextName) { |
| session->contextName = strdup(in_session->contextName); |
| if (session->contextName == NULL) { |
| snmp_sess_close(slp); |
| return (NULL); |
| } |
| session->contextNameLen = in_session->contextNameLen; |
| } else { |
| if ((cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_CONTEXT)) != NULL) |
| cp = strdup(cp); |
| else |
| cp = strdup(SNMP_DEFAULT_CONTEXT); |
| if (cp == NULL) { |
| snmp_sess_close(slp); |
| return (NULL); |
| } |
| session->contextName = cp; |
| session->contextNameLen = strlen(cp); |
| } |
| |
| if (in_session->securityName) { |
| session->securityName = strdup(in_session->securityName); |
| if (session->securityName == NULL) { |
| snmp_sess_close(slp); |
| return (NULL); |
| } |
| } else if ((cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_SECNAME)) != NULL) { |
| cp = strdup(cp); |
| if (cp == NULL) { |
| snmp_sess_close(slp); |
| return (NULL); |
| } |
| session->securityName = cp; |
| session->securityNameLen = strlen(cp); |
| } |
| |
| if ((in_session->securityAuthKeyLen <= 0) && |
| ((cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_AUTHMASTERKEY)))) { |
| size_t buflen = sizeof(session->securityAuthKey); |
| u_char *tmpp = session->securityAuthKey; |
| session->securityAuthKeyLen = 0; |
| /* it will be a hex string */ |
| if (!snmp_hex_to_binary(&tmpp, &buflen, |
| &session->securityAuthKeyLen, 0, cp)) { |
| snmp_set_detail("error parsing authentication master key"); |
| snmp_sess_close(slp); |
| return NULL; |
| } |
| } else if ((in_session->securityAuthKeyLen <= 0) && |
| ((cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_AUTHPASSPHRASE)) || |
| (cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_PASSPHRASE)))) { |
| session->securityAuthKeyLen = USM_AUTH_KU_LEN; |
| if (generate_Ku(session->securityAuthProto, |
| session->securityAuthProtoLen, |
| (u_char *) cp, strlen(cp), |
| session->securityAuthKey, |
| &session->securityAuthKeyLen) != SNMPERR_SUCCESS) { |
| snmp_set_detail |
| ("Error generating a key (Ku) from the supplied authentication pass phrase."); |
| snmp_sess_close(slp); |
| return NULL; |
| } |
| } |
| |
| |
| if ((in_session->securityPrivKeyLen <= 0) && |
| ((cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_PRIVMASTERKEY)))) { |
| size_t buflen = sizeof(session->securityPrivKey); |
| u_char *tmpp = session->securityPrivKey; |
| session->securityPrivKeyLen = 0; |
| /* it will be a hex string */ |
| if (!snmp_hex_to_binary(&tmpp, &buflen, |
| &session->securityPrivKeyLen, 0, cp)) { |
| snmp_set_detail("error parsing encryption master key"); |
| snmp_sess_close(slp); |
| return NULL; |
| } |
| } else if ((in_session->securityPrivKeyLen <= 0) && |
| ((cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_PRIVPASSPHRASE)) || |
| (cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_PASSPHRASE)))) { |
| session->securityPrivKeyLen = USM_PRIV_KU_LEN; |
| if (generate_Ku(session->securityAuthProto, |
| session->securityAuthProtoLen, |
| (u_char *) cp, strlen(cp), |
| session->securityPrivKey, |
| &session->securityPrivKeyLen) != SNMPERR_SUCCESS) { |
| snmp_set_detail |
| ("Error generating a key (Ku) from the supplied privacy pass phrase."); |
| snmp_sess_close(slp); |
| return NULL; |
| } |
| } |
| |
| if (session->retries == SNMP_DEFAULT_RETRIES) |
| session->retries = DEFAULT_RETRIES; |
| if (session->timeout == SNMP_DEFAULT_TIMEOUT) |
| session->timeout = DEFAULT_TIMEOUT; |
| session->sessid = snmp_get_next_sessid(); |
| |
| snmp_call_callbacks(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_SESSION_INIT, |
| session); |
| |
| if ((sptr = find_sec_mod(session->securityModel)) != NULL && |
| sptr->session_open != NULL) { |
| /* |
| * security module specific inialization |
| */ |
| (*sptr->session_open) (session); |
| } |
| |
| return (slp); |
| } |
| |
| static struct session_list * |
| snmp_sess_copy(netsnmp_session * pss) |
| { |
| struct session_list *psl; |
| psl = _sess_copy(pss); |
| if (!psl) { |
| if (!pss->s_snmp_errno) { |
| pss->s_snmp_errno = SNMPERR_GENERR; |
| } |
| SET_SNMP_ERROR(pss->s_snmp_errno); |
| } |
| return psl; |
| } |
| |
| /** |
| * probe for engineID using RFC 5343 probing mechanisms |
| * |
| * Designed to be a callback for within a security model's probe_engineid hook. |
| * Since it's likely multiple security models won't have engineIDs to |
| * probe for then this function is a callback likely to be used by |
| * multiple future security models. E.G. both SSH and DTLS. |
| */ |
| int |
| snmpv3_probe_contextEngineID_rfc5343(void *slp, netsnmp_session *session) { |
| netsnmp_pdu *pdu = NULL, *response = NULL; |
| static oid snmpEngineIDoid[] = { 1,3,6,1,6,3,10,2,1,1,0}; |
| static size_t snmpEngineIDoid_len = 11; |
| |
| static char probeEngineID[] = { (char)0x80, 0, 0, 0, 6 }; |
| static size_t probeEngineID_len = sizeof(probeEngineID); |
| |
| int status; |
| |
| pdu = snmp_pdu_create(SNMP_MSG_GET); |
| if (!pdu) |
| return SNMP_ERR_GENERR; |
| pdu->version = SNMP_VERSION_3; |
| /* don't require a securityName */ |
| if (session->securityName) { |
| pdu->securityName = strdup(session->securityName); |
| pdu->securityNameLen = strlen(pdu->securityName); |
| } |
| pdu->securityLevel = SNMP_SEC_LEVEL_NOAUTH; |
| pdu->securityModel = session->securityModel; |
| pdu->contextEngineID = netsnmp_memdup(probeEngineID, probeEngineID_len); |
| if (!pdu->contextEngineID) { |
| snmp_log(LOG_ERR, "failed to clone memory for rfc5343 probe\n"); |
| snmp_free_pdu(pdu); |
| return SNMP_ERR_GENERR; |
| } |
| pdu->contextEngineIDLen = probeEngineID_len; |
| |
| snmp_add_null_var(pdu, snmpEngineIDoid, snmpEngineIDoid_len); |
| |
| DEBUGMSGTL(("snmp_api", "probing for engineID using rfc5343 methods...\n")); |
| session->flags |= SNMP_FLAGS_DONT_PROBE; /* prevent recursion */ |
| status = snmp_sess_synch_response(slp, pdu, &response); |
| |
| if ((response == NULL) || (status != STAT_SUCCESS)) { |
| snmp_log(LOG_ERR, "failed rfc5343 contextEngineID probing\n"); |
| return SNMP_ERR_GENERR; |
| } |
| |
| /* check that the response makes sense */ |
| if (NULL != response->variables && |
| NULL != response->variables->name && |
| snmp_oid_compare(response->variables->name, |
| response->variables->name_length, |
| snmpEngineIDoid, snmpEngineIDoid_len) == 0 && |
| ASN_OCTET_STR == response->variables->type && |
| NULL != response->variables->val.string && |
| response->variables->val_len > 0) { |
| session->contextEngineID = |
| netsnmp_memdup(response->variables->val.string, |
| response->variables->val_len); |
| if (!session->contextEngineID) { |
| snmp_log(LOG_ERR, "failed rfc5343 contextEngineID probing: memory allocation failed\n"); |
| return SNMP_ERR_GENERR; |
| } |
| |
| /* technically there likely isn't a securityEngineID but just |
| in case anyone goes looking we might as well have one */ |
| session->securityEngineID = |
| netsnmp_memdup(response->variables->val.string, |
| response->variables->val_len); |
| if (!session->securityEngineID) { |
| snmp_log(LOG_ERR, "failed rfc5343 securityEngineID probing: memory allocation failed\n"); |
| return SNMP_ERR_GENERR; |
| } |
| |
| session->securityEngineIDLen = session->contextEngineIDLen = |
| response->variables->val_len; |
| |
| if (snmp_get_do_debugging()) { |
| int i; |
| DEBUGMSGTL(("snmp_sess_open", |
| " probe found engineID: ")); |
| for (i = 0; i < session->securityEngineIDLen; i++) |
| DEBUGMSG(("snmp_sess_open", "%02x", |
| session->securityEngineID[i])); |
| DEBUGMSG(("snmp_sess_open", "\n")); |
| } |
| } |
| return SNMPERR_SUCCESS; |
| } |
| |
| |
| /** |
| * probe for peer engineID |
| * |
| * @param slp session list pointer. |
| * @param in_session session for errors |
| * |
| * @note |
| * - called by _sess_open(), snmp_sess_add_ex() |
| * - in_session is the user supplied session provided to those functions. |
| * - the first session in slp should the internal allocated copy of in_session |
| * |
| * @return 0 : error |
| * @return 1 : ok |
| * |
| */ |
| int |
| snmpv3_engineID_probe(struct session_list *slp, |
| netsnmp_session * in_session) |
| { |
| netsnmp_pdu *pdu = NULL, *response = NULL; |
| netsnmp_session *session; |
| unsigned int i; |
| int status; |
| |
| if (slp == NULL || slp->session == NULL) { |
| return 0; |
| } |
| |
| session = slp->session; |
| |
| /* |
| * If we are opening a V3 session and we don't know engineID we must probe |
| * it -- this must be done after the session is created and inserted in the |
| * list so that the response can handled correctly. |
| */ |
| |
| if ((session->flags & SNMP_FLAGS_DONT_PROBE) == SNMP_FLAGS_DONT_PROBE) |
| return 1; |
| |
| if (session->version == SNMP_VERSION_3) { |
| struct snmp_secmod_def *sptr = find_sec_mod(session->securityModel); |
| |
| if (NULL != sptr && NULL != sptr->probe_engineid) { |
| DEBUGMSGTL(("snmp_api", "probing for engineID using security model callback...\n")); |
| /* security model specific mechanism of determining engineID */ |
| status = (*sptr->probe_engineid) (slp, session); |
| if (status) |
| return 0; |
| return 1; /* success! */ |
| } else if (session->securityEngineIDLen == 0) { |
| if (snmpv3_build_probe_pdu(&pdu) != 0) { |
| DEBUGMSGTL(("snmp_api", "unable to create probe PDU\n")); |
| return 0; |
| } |
| DEBUGMSGTL(("snmp_api", "probing for engineID...\n")); |
| session->flags |= SNMP_FLAGS_DONT_PROBE; /* prevent recursion */ |
| status = snmp_sess_synch_response(slp, pdu, &response); |
| |
| if ((response == NULL) && (status == STAT_SUCCESS)) { |
| status = STAT_ERROR; |
| } |
| |
| switch (status) { |
| case STAT_SUCCESS: |
| in_session->s_snmp_errno = SNMPERR_INVALID_MSG; /* XX?? */ |
| DEBUGMSGTL(("snmp_sess_open", |
| "error: expected Report as response to probe: %s (%ld)\n", |
| snmp_errstring(response->errstat), |
| response->errstat)); |
| break; |
| case STAT_ERROR: /* this is what we expected -> Report == STAT_ERROR */ |
| in_session->s_snmp_errno = SNMPERR_UNKNOWN_ENG_ID; |
| break; |
| case STAT_TIMEOUT: |
| in_session->s_snmp_errno = SNMPERR_TIMEOUT; |
| default: |
| DEBUGMSGTL(("snmp_sess_open", |
| "unable to connect with remote engine: %s (%d)\n", |
| snmp_api_errstring(session->s_snmp_errno), |
| session->s_snmp_errno)); |
| break; |
| } |
| |
| if (slp->session->securityEngineIDLen == 0) { |
| DEBUGMSGTL(("snmp_api", |
| "unable to determine remote engine ID\n")); |
| /* clear the flag so that probe occurs on next inform */ |
| session->flags &= ~SNMP_FLAGS_DONT_PROBE; |
| return 0; |
| } |
| |
| in_session->s_snmp_errno = SNMPERR_SUCCESS; |
| if (snmp_get_do_debugging()) { |
| DEBUGMSGTL(("snmp_sess_open", |
| " probe found engineID: ")); |
| for (i = 0; i < slp->session->securityEngineIDLen; i++) |
| DEBUGMSG(("snmp_sess_open", "%02x", |
| slp->session->securityEngineID[i])); |
| DEBUGMSG(("snmp_sess_open", "\n")); |
| } |
| } |
| |
| /* |
| * if boot/time supplied set it for this engineID |
| */ |
| if (session->engineBoots || session->engineTime) { |
| set_enginetime(session->securityEngineID, |
| session->securityEngineIDLen, |
| session->engineBoots, session->engineTime, |
| TRUE); |
| } |
| |
| if (create_user_from_session(slp->session) != SNMPERR_SUCCESS) { |
| in_session->s_snmp_errno = SNMPERR_UNKNOWN_USER_NAME; /* XX?? */ |
| DEBUGMSGTL(("snmp_api", |
| "snmpv3_engine_probe(): failed(2) to create a new user from session\n")); |
| return 0; |
| } |
| } |
| |
| return 1; |
| } |
| |
| |
| |
| /*******************************************************************-o-****** |
| * snmp_sess_open |
| * |
| * Parameters: |
| * *in_session |
| * |
| * Returns: |
| * Pointer to a session in the session list -OR- FIX -- right? |
| * NULL on failure. |
| * |
| * The "spin-free" version of snmp_open. |
| */ |
| static void * |
| _sess_open(netsnmp_session * in_session) |
| { |
| netsnmp_transport *transport = NULL; |
| |
| in_session->s_snmp_errno = 0; |
| in_session->s_errno = 0; |
| |
| _init_snmp(); |
| |
| { |
| char *clientaddr_save = NULL; |
| |
| if (NULL != in_session->localname) { |
| clientaddr_save = |
| netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_CLIENT_ADDR); |
| netsnmp_ds_set_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_CLIENT_ADDR, |
| in_session->localname); |
| } |
| |
| if (in_session->flags & SNMP_FLAGS_STREAM_SOCKET) { |
| transport = |
| netsnmp_tdomain_transport_full("snmp", in_session->peername, |
| in_session->local_port, "tcp", |
| NULL); |
| } else { |
| transport = |
| netsnmp_tdomain_transport_full("snmp", in_session->peername, |
| in_session->local_port, "udp", |
| NULL); |
| } |
| |
| if (NULL != clientaddr_save) |
| netsnmp_ds_set_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_CLIENT_ADDR, clientaddr_save); |
| } |
| |
| #if defined(SO_BROADCAST) && defined(SOL_SOCKET) |
| if ( transport != 0 && (in_session->flags & SNMP_FLAGS_UDP_BROADCAST) ) { |
| int b = 1; |
| int rc; |
| |
| rc = setsockopt(transport->sock, SOL_SOCKET, SO_BROADCAST, |
| (char *)&b, sizeof(b)); |
| |
| if ( rc != 0 ) { |
| in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS; /* good as any? */ |
| in_session->s_errno = errno; |
| |
| DEBUGMSGTL(("_sess_open", "couldn't enable UDP_BROADCAST\n")); |
| return NULL; |
| } |
| } |
| #endif |
| |
| if (transport == NULL) { |
| DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n")); |
| in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS; |
| in_session->s_errno = errno; |
| snmp_set_detail(in_session->peername); |
| return NULL; |
| } |
| |
| return snmp_sess_add(in_session, transport, NULL, NULL); |
| } |
| |
| /* |
| * EXTENDED SESSION API ------------------------------------------ |
| * |
| * snmp_sess_add_ex, snmp_sess_add, snmp_add |
| * |
| * Analogous to snmp_open family of functions, but taking a netsnmp_transport |
| * pointer as an extra argument. Unlike snmp_open et al. it doesn't attempt |
| * to interpret the in_session->peername as a transport endpoint specifier, |
| * but instead uses the supplied transport. JBPN |
| * |
| */ |
| |
| netsnmp_session * |
| snmp_add(netsnmp_session * in_session, |
| netsnmp_transport *transport, |
| int (*fpre_parse) (netsnmp_session *, netsnmp_transport *, void *, |
| int), int (*fpost_parse) (netsnmp_session *, |
| netsnmp_pdu *, int)) |
| { |
| struct session_list *slp; |
| slp = (struct session_list *) snmp_sess_add_ex(in_session, transport, |
| fpre_parse, NULL, |
| fpost_parse, NULL, NULL, |
| NULL, NULL); |
| if (slp == NULL) { |
| return NULL; |
| } |
| |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| slp->next = Sessions; |
| Sessions = slp; |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| |
| return (slp->session); |
| } |
| |
| netsnmp_session * |
| snmp_add_full(netsnmp_session * in_session, |
| netsnmp_transport *transport, |
| int (*fpre_parse) (netsnmp_session *, netsnmp_transport *, |
| void *, int), |
| int (*fparse) (netsnmp_session *, netsnmp_pdu *, u_char *, |
| size_t), |
| int (*fpost_parse) (netsnmp_session *, netsnmp_pdu *, int), |
| int (*fbuild) (netsnmp_session *, netsnmp_pdu *, u_char *, |
| size_t *), int (*frbuild) (netsnmp_session *, |
| netsnmp_pdu *, |
| u_char **, |
| size_t *, |
| size_t *), |
| int (*fcheck) (u_char *, size_t), |
| netsnmp_pdu *(*fcreate_pdu) (netsnmp_transport *, void *, |
| size_t)) |
| { |
| struct session_list *slp; |
| slp = (struct session_list *) snmp_sess_add_ex(in_session, transport, |
| fpre_parse, fparse, |
| fpost_parse, fbuild, |
| frbuild, fcheck, |
| fcreate_pdu); |
| if (slp == NULL) { |
| return NULL; |
| } |
| |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| slp->next = Sessions; |
| Sessions = slp; |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| |
| return (slp->session); |
| } |
| |
| |
| |
| void * |
| snmp_sess_add_ex(netsnmp_session * in_session, |
| netsnmp_transport *transport, |
| int (*fpre_parse) (netsnmp_session *, netsnmp_transport *, |
| void *, int), |
| int (*fparse) (netsnmp_session *, netsnmp_pdu *, u_char *, |
| size_t), |
| int (*fpost_parse) (netsnmp_session *, netsnmp_pdu *, |
| int), |
| int (*fbuild) (netsnmp_session *, netsnmp_pdu *, u_char *, |
| size_t *), |
| int (*frbuild) (netsnmp_session *, netsnmp_pdu *, |
| u_char **, size_t *, size_t *), |
| int (*fcheck) (u_char *, size_t), |
| netsnmp_pdu *(*fcreate_pdu) (netsnmp_transport *, void *, |
| size_t)) |
| { |
| struct session_list *slp; |
| |
| _init_snmp(); |
| |
| if (transport == NULL) |
| return NULL; |
| |
| if (in_session == NULL) { |
| transport->f_close(transport); |
| netsnmp_transport_free(transport); |
| return NULL; |
| } |
| |
| DEBUGMSGTL(("snmp_sess_add", "fd %d\n", transport->sock)); |
| |
| if ((slp = snmp_sess_copy(in_session)) == NULL) { |
| transport->f_close(transport); |
| netsnmp_transport_free(transport); |
| return (NULL); |
| } |
| |
| slp->transport = transport; |
| slp->internal->hook_pre = fpre_parse; |
| slp->internal->hook_parse = fparse; |
| slp->internal->hook_post = fpost_parse; |
| slp->internal->hook_build = fbuild; |
| slp->internal->hook_realloc_build = frbuild; |
| slp->internal->check_packet = fcheck; |
| slp->internal->hook_create_pdu = fcreate_pdu; |
| |
| slp->session->rcvMsgMaxSize = transport->msgMaxSize; |
| |
| if (slp->session->version == SNMP_VERSION_3) { |
| DEBUGMSGTL(("snmp_sess_add", |
| "adding v3 session -- maybe engineID probe now\n")); |
| if (!snmpv3_engineID_probe(slp, in_session)) { |
| DEBUGMSGTL(("snmp_sess_add", "engine ID probe failed\n")); |
| snmp_sess_close(slp); |
| return NULL; |
| } |
| if (create_user_from_session(slp->session) != SNMPERR_SUCCESS) { |
| in_session->s_snmp_errno = SNMPERR_UNKNOWN_USER_NAME; |
| DEBUGMSGTL(("snmp_api", |
| "snmp_sess_add(): failed(2) to create a new user from session\n")); |
| snmp_sess_close(slp); |
| return NULL; |
| } |
| } |
| |
| slp->session->flags &= ~SNMP_FLAGS_DONT_PROBE; |
| |
| return (void *) slp; |
| } /* end snmp_sess_add_ex() */ |
| |
| |
| |
| void * |
| snmp_sess_add(netsnmp_session * in_session, |
| netsnmp_transport *transport, |
| int (*fpre_parse) (netsnmp_session *, netsnmp_transport *, |
| void *, int), |
| int (*fpost_parse) (netsnmp_session *, netsnmp_pdu *, int)) |
| { |
| return snmp_sess_add_ex(in_session, transport, fpre_parse, NULL, |
| fpost_parse, NULL, NULL, NULL, NULL); |
| } |
| |
| |
| |
| void * |
| snmp_sess_open(netsnmp_session * pss) |
| { |
| void *pvoid; |
| pvoid = _sess_open(pss); |
| if (!pvoid) { |
| SET_SNMP_ERROR(pss->s_snmp_errno); |
| } |
| return pvoid; |
| } |
| |
| |
| |
| /* |
| * create_user_from_session(netsnmp_session *session): |
| * |
| * creates a user in the usm table from the information in a session. |
| * If the user already exists, it is updated with the current |
| * information from the session |
| * |
| * Parameters: |
| * session -- IN: pointer to the session to use when creating the user. |
| * |
| * Returns: |
| * SNMPERR_SUCCESS |
| * SNMPERR_GENERR |
| */ |
| int |
| create_user_from_session(netsnmp_session * session) |
| { |
| struct usmUser *user; |
| int user_just_created = 0; |
| char *cp; |
| |
| /* |
| * - don't create-another/copy-into user for this session by default |
| * - bail now (no error) if we don't have an engineID |
| */ |
| if (SNMP_FLAGS_USER_CREATED == (session->flags & SNMP_FLAGS_USER_CREATED) || |
| session->securityModel != SNMP_SEC_MODEL_USM || |
| session->version != SNMP_VERSION_3 || |
| session->securityNameLen == 0 || |
| session->securityEngineIDLen == 0) |
| return SNMPERR_SUCCESS; |
| |
| session->flags |= SNMP_FLAGS_USER_CREATED; |
| |
| /* |
| * now that we have the engineID, create an entry in the USM list |
| * for this user using the information in the session |
| */ |
| user = usm_get_user_from_list(session->securityEngineID, |
| session->securityEngineIDLen, |
| session->securityName, |
| usm_get_userList(), 0); |
| if (user == NULL) { |
| DEBUGMSGTL(("snmp_api", "Building user %s...\n", |
| session->securityName)); |
| /* |
| * user doesn't exist so we create and add it |
| */ |
| user = (struct usmUser *) calloc(1, sizeof(struct usmUser)); |
| if (user == NULL) |
| return SNMPERR_GENERR; |
| |
| /* |
| * copy in the securityName |
| */ |
| if (session->securityName) { |
| user->name = strdup(session->securityName); |
| user->secName = strdup(session->securityName); |
| if (user->name == NULL || user->secName == NULL) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| } |
| |
| /* |
| * copy in the engineID |
| */ |
| user->engineID = netsnmp_memdup(session->securityEngineID, |
| session->securityEngineIDLen); |
| if (!user->engineID) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| user->engineIDLen = session->securityEngineIDLen; |
| |
| user_just_created = 1; |
| } |
| |
| /* |
| * copy the auth protocol |
| */ |
| if (user->authProtocol == NULL && session->securityAuthProto != NULL) { |
| SNMP_FREE(user->authProtocol); |
| user->authProtocol = |
| snmp_duplicate_objid(session->securityAuthProto, |
| session->securityAuthProtoLen); |
| if (user->authProtocol == NULL) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| user->authProtocolLen = session->securityAuthProtoLen; |
| } |
| |
| /* |
| * copy the priv protocol |
| */ |
| if (user->privProtocol == NULL && session->securityPrivProto != NULL) { |
| SNMP_FREE(user->privProtocol); |
| user->privProtocol = |
| snmp_duplicate_objid(session->securityPrivProto, |
| session->securityPrivProtoLen); |
| if (user->privProtocol == NULL) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| user->privProtocolLen = session->securityPrivProtoLen; |
| } |
| |
| /* |
| * copy in the authentication Key. If not localized, localize it |
| */ |
| if (user->authKey == NULL) { |
| if (session->securityAuthLocalKey != NULL |
| && session->securityAuthLocalKeyLen != 0) { |
| /* already localized key passed in. use it */ |
| SNMP_FREE(user->authKey); |
| user->authKey = netsnmp_memdup(session->securityAuthLocalKey, |
| session->securityAuthLocalKeyLen); |
| if (!user->authKey) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| user->authKeyLen = session->securityAuthLocalKeyLen; |
| } else if (session->securityAuthKey != NULL |
| && session->securityAuthKeyLen != 0) { |
| SNMP_FREE(user->authKey); |
| user->authKey = (u_char *) calloc(1, USM_LENGTH_KU_HASHBLOCK); |
| if (user->authKey == NULL) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| user->authKeyLen = USM_LENGTH_KU_HASHBLOCK; |
| if (generate_kul(user->authProtocol, user->authProtocolLen, |
| session->securityEngineID, |
| session->securityEngineIDLen, |
| session->securityAuthKey, |
| session->securityAuthKeyLen, user->authKey, |
| &user->authKeyLen) != SNMPERR_SUCCESS) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| } else if ((cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_AUTHLOCALIZEDKEY))) { |
| size_t buflen = USM_AUTH_KU_LEN; |
| SNMP_FREE(user->authKey); |
| user->authKey = (u_char *)malloc(buflen); /* max length needed */ |
| user->authKeyLen = 0; |
| /* it will be a hex string */ |
| if (!snmp_hex_to_binary(&user->authKey, &buflen, &user->authKeyLen, |
| 0, cp)) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| } |
| } |
| |
| /* |
| * copy in the privacy Key. If not localized, localize it |
| */ |
| if (user->privKey == NULL) { |
| if (session->securityPrivLocalKey != NULL |
| && session->securityPrivLocalKeyLen != 0) { |
| /* already localized key passed in. use it */ |
| SNMP_FREE(user->privKey); |
| user->privKey = netsnmp_memdup(session->securityPrivLocalKey, |
| session->securityPrivLocalKeyLen); |
| if (!user->privKey) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| user->privKeyLen = session->securityPrivLocalKeyLen; |
| } else if (session->securityPrivKey != NULL |
| && session->securityPrivKeyLen != 0) { |
| SNMP_FREE(user->privKey); |
| user->privKey = (u_char *) calloc(1, USM_LENGTH_KU_HASHBLOCK); |
| if (user->privKey == NULL) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| user->privKeyLen = USM_LENGTH_KU_HASHBLOCK; |
| if (generate_kul(user->authProtocol, user->authProtocolLen, |
| session->securityEngineID, |
| session->securityEngineIDLen, |
| session->securityPrivKey, |
| session->securityPrivKeyLen, user->privKey, |
| &user->privKeyLen) != SNMPERR_SUCCESS) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| } else if ((cp = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
| NETSNMP_DS_LIB_PRIVLOCALIZEDKEY))) { |
| size_t buflen = USM_PRIV_KU_LEN; |
| SNMP_FREE(user->privKey); |
| user->privKey = (u_char *)malloc(buflen); /* max length needed */ |
| user->privKeyLen = 0; |
| /* it will be a hex string */ |
| if (!snmp_hex_to_binary(&user->privKey, &buflen, &user->privKeyLen, |
| 0, cp)) { |
| usm_free_user(user); |
| return SNMPERR_GENERR; |
| } |
| } |
| } |
| |
| if (user_just_created) { |
| /* |
| * add the user into the database |
| */ |
| user->userStatus = RS_ACTIVE; |
| user->userStorageType = ST_READONLY; |
| usm_add_user(user); |
| } |
| |
| return SNMPERR_SUCCESS; |
| |
| |
| } /* end create_user_from_session() */ |
| |
| /* |
| * Do a "deep free()" of a netsnmp_session. |
| * |
| * CAUTION: SHOULD ONLY BE USED FROM snmp_sess_close() OR SIMILAR. |
| * (hence it is static) |
| */ |
| |
| static void |
| snmp_free_session(netsnmp_session * s) |
| { |
| if (s) { |
| SNMP_FREE(s->localname); |
| SNMP_FREE(s->peername); |
| SNMP_FREE(s->community); |
| SNMP_FREE(s->contextEngineID); |
| SNMP_FREE(s->contextName); |
| SNMP_FREE(s->securityEngineID); |
| SNMP_FREE(s->securityName); |
| SNMP_FREE(s->securityAuthProto); |
| SNMP_FREE(s->securityPrivProto); |
| SNMP_FREE(s->paramName); |
| |
| /* |
| * clear session from any callbacks |
| */ |
| netsnmp_callback_clear_client_arg(s, 0, 0); |
| |
| free((char *) s); |
| } |
| } |
| |
| /* |
| * Close the input session. Frees all data allocated for the session, |
| * dequeues any pending requests, and closes any sockets allocated for |
| * the session. Returns 0 on error, 1 otherwise. |
| */ |
| int |
| snmp_sess_close(void *sessp) |
| { |
| struct session_list *slp = (struct session_list *) sessp; |
| netsnmp_transport *transport; |
| struct snmp_internal_session *isp; |
| netsnmp_session *sesp = NULL; |
| struct snmp_secmod_def *sptr; |
| |
| if (slp == NULL) { |
| return 0; |
| } |
| |
| if (slp->session != NULL && |
| (sptr = find_sec_mod(slp->session->securityModel)) != NULL && |
| sptr->session_close != NULL) { |
| (*sptr->session_close) (slp->session); |
| } |
| |
| isp = slp->internal; |
| slp->internal = NULL; |
| |
| if (isp) { |
| netsnmp_request_list *rp, *orp; |
| |
| SNMP_FREE(isp->packet); |
| |
| /* |
| * Free each element in the input request list. |
| */ |
| rp = isp->requests; |
| while (rp) { |
| orp = rp; |
| rp = rp->next_request; |
| if (orp->callback) { |
| orp->callback(NETSNMP_CALLBACK_OP_TIMED_OUT, |
| slp->session, orp->pdu->reqid, |
| orp->pdu, orp->cb_data); |
| } |
| snmp_free_pdu(orp->pdu); |
| free((char *) orp); |
| } |
| |
| free((char *) isp); |
| } |
| |
| transport = slp->transport; |
| slp->transport = NULL; |
| |
| if (transport) { |
| transport->f_close(transport); |
| netsnmp_transport_free(transport); |
| } |
| |
| sesp = slp->session; |
| slp->session = NULL; |
| |
| /* |
| * The following is necessary to avoid memory leakage when closing AgentX |
| * sessions that may have multiple subsessions. These hang off the main |
| * session at ->subsession, and chain through ->next. |
| */ |
| |
| if (sesp != NULL && sesp->subsession != NULL) { |
| netsnmp_session *subsession = sesp->subsession, *tmpsub; |
| |
| while (subsession != NULL) { |
| DEBUGMSGTL(("snmp_sess_close", |
| "closing session %p, subsession %p\n", sesp, |
| subsession)); |
| tmpsub = subsession->next; |
| snmp_free_session(subsession); |
| subsession = tmpsub; |
| } |
| } |
| |
| snmp_free_session(sesp); |
| free((char *) slp); |
| return 1; |
| } |
| |
| int |
| snmp_close(netsnmp_session * session) |
| { |
| struct session_list *slp = NULL, *oslp = NULL; |
| |
| { /*MTCRITICAL_RESOURCE */ |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| if (Sessions && Sessions->session == session) { /* If first entry */ |
| slp = Sessions; |
| Sessions = slp->next; |
| } else { |
| for (slp = Sessions; slp; slp = slp->next) { |
| if (slp->session == session) { |
| if (oslp) /* if we found entry that points here */ |
| oslp->next = slp->next; /* link around this entry */ |
| break; |
| } |
| oslp = slp; |
| } |
| } |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| } /*END MTCRITICAL_RESOURCE */ |
| if (slp == NULL) { |
| return 0; |
| } |
| return snmp_sess_close((void *) slp); |
| } |
| |
| int |
| snmp_close_sessions(void) |
| { |
| struct session_list *slp; |
| |
| snmp_res_lock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| while (Sessions) { |
| slp = Sessions; |
| Sessions = Sessions->next; |
| snmp_sess_close((void *) slp); |
| } |
| snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION); |
| return 1; |
| } |
| |
| static int |
| snmpv3_build_probe_pdu(netsnmp_pdu **pdu) |
| { |
| struct usmUser *user; |
| |
| /* |
| * create the pdu |
| */ |
| if (!pdu) |
| return -1; |
| *pdu = snmp_pdu_create(SNMP_MSG_GET); |
| if (!(*pdu)) |
| return -1; |
| (*pdu)->version = SNMP_VERSION_3; |
| (*pdu)->securityName = strdup(""); |
| (*pdu)->securityNameLen = strlen((*pdu)->securityName); |
| (*pdu)->securityLevel = SNMP_SEC_LEVEL_NOAUTH; |
| (*pdu)->securityModel = SNMP_SEC_MODEL_USM; |
| |
| /* |
| * create the empty user |
| */ |
| user = usm_get_user(NULL, 0, (*pdu)->securityName); |
| if (user == NULL) { |
| user = (struct usmUser *) calloc(1, sizeof(struct usmUser)); |
| if (user == NULL) { |
| snmp_free_pdu(*pdu); |
| *pdu = (netsnmp_pdu *) NULL; |
| return -1; |
| } |
| user->name = strdup((*pdu)->securityName); |
| user->secName = strdup((*pdu)->securityName); |
| user->authProtocolLen = sizeof(usmNoAuthProtocol) / sizeof(oid); |
| user->authProtocol = |
| snmp_duplicate_objid(usmNoAuthProtocol, user->authProtocolLen); |
| user->privProtocolLen = sizeof(usmNoPrivProtocol) / sizeof(oid); |
| user->privProtocol = |
| snmp_duplicate_objid(usmNoPrivProtocol, user->privProtocolLen); |
| usm_add_user(user); |
| } |
| return 0; |
| } |
| |
| static void |
| snmpv3_calc_msg_flags(int sec_level, int msg_command, u_char * flags) |
| { |
| *flags = 0; |
| if (sec_level == SNMP_SEC_LEVEL_AUTHNOPRIV) |
| *flags = SNMP_MSG_FLAG_AUTH_BIT; |
| else if (sec_level == SNMP_SEC_LEVEL_AUTHPRIV) |
| *flags = SNMP_MSG_FLAG_AUTH_BIT | SNMP_MSG_FLAG_PRIV_BIT; |
| |
| if (SNMP_CMD_CONFIRMED(msg_command)) |
| *flags |= SNMP_MSG_FLAG_RPRT_BIT; |
| |
| return; |
| } |
| |
| static int |
| snmpv3_verify_msg(netsnmp_request_list *rp, netsnmp_pdu *pdu) |
| { |
| netsnmp_pdu *rpdu; |
| |
| if (!rp || !rp->pdu || !pdu) |
| return 0; |
| /* |
| * Reports don't have to match anything according to the spec |
| */ |
| if (pdu->command == SNMP_MSG_REPORT) |
| return 1; |
| rpdu = rp->pdu; |
| if (rp->request_id != pdu->reqid || rpdu->reqid != pdu->reqid) |
| return 0; |
| if (rpdu->version != pdu->version) |
| return 0; |
| if (rpdu->securityModel != pdu->securityModel) |
| return 0; |
| if (rpdu->securityLevel != pdu->securityLevel) |
| return 0; |
| |
| if (rpdu->contextEngineIDLen != pdu->contextEngineIDLen || |
| memcmp(rpdu->contextEngineID, pdu->contextEngineID, |
| pdu->contextEngineIDLen)) |
| return 0; |
| if (rpdu->contextNameLen != pdu->contextNameLen || |
| memcmp(rpdu->contextName, pdu->contextName, pdu->contextNameLen)) |
| return 0; |
| |
| /* tunneled transports don't have a securityEngineID... that's |
| USM specific (and maybe other future ones) */ |
| if (pdu->securityModel == SNMP_SEC_MODEL_USM && |
| (rpdu->securityEngineIDLen != pdu->securityEngineIDLen || |
| memcmp(rpdu->securityEngineID, pdu->securityEngineID, |
| pdu->securityEngineIDLen))) |
| return 0; |
| |
| /* the securityName must match though regardless of secmodel */ |
| if (rpdu->securityNameLen != pdu->securityNameLen || |
| memcmp(rpdu->securityName, pdu->securityName, |
| pdu->securityNameLen)) |
| return 0; |
| return 1; |
| } |
| |
| |
| /* |
| * SNMPv3 |
| * * Takes a session and a pdu and serializes the ASN PDU into the area |
| * * pointed to by packet. out_length is the size of the data area available. |
| * * Returns the length of the completed packet in out_length. If any errors |
| * * occur, -1 is returned. If all goes well, 0 is returned. |
| */ |
| static int |
| snmpv3_build(u_char ** pkt, size_t * pkt_len, size_t * offset, |
| netsnmp_session * session, netsnmp_pdu *pdu) |
| { |
| int ret; |
| |
| session->s_snmp_errno = 0; |
| session->s_errno = 0; |
| |
| /* |
| * do validation for PDU types |
| */ |
| switch (pdu->command) { |
| case SNMP_MSG_RESPONSE: |
| case SNMP_MSG_TRAP2: |
| case SNMP_MSG_REPORT: |
| netsnmp_assert(0 == (pdu->flags & UCD_MSG_FLAG_EXPECT_RESPONSE)); |
| /* |
| * Fallthrough |
| */ |
| case SNMP_MSG_GET: |
| case SNMP_MSG_GETNEXT: |
| case SNMP_MSG_SET: |
| case SNMP_MSG_INFORM: |
| if (pdu->errstat == SNMP_DEFAULT_ERRSTAT) |
| pdu->errstat = 0; |
| if (pdu->errindex == SNMP_DEFAULT_ERRINDEX) |
| pdu->errindex = 0; |
| break; |
| |
| case SNMP_MSG_GETBULK: |
| if (pdu->max_repetitions < 0) { |
| session->s_snmp_errno = SNMPERR_BAD_REPETITIONS; |
| return -1; |
| } |
| if (pdu->non_repeaters < 0) { |
| session->s_snmp_errno = SNMPERR_BAD_REPEATERS; |
| return -1; |
| } |
| break; |
| |
| case SNMP_MSG_TRAP: |
| session->s_snmp_errno = SNMPERR_V1_IN_V2; |
| return -1; |
| |
| default: |
| session->s_snmp_errno = SNMPERR_UNKNOWN_PDU; |
| return -1; |
| } |
| |
| /* Do we need to set the session security engineid? */ |
| if (pdu->securityEngineIDLen == 0) { |
| if (session->securityEngineIDLen) { |
| snmpv3_clone_engineID(&pdu->securityEngineID, |
| &pdu->securityEngineIDLen, |
| session->securityEngineID, |
| session->securityEngineIDLen); |
| } |
| } |
| |
| /* Do we need to set the session context engineid? */ |
| if (pdu->contextEngineIDLen == 0) { |
| if (session->contextEngineIDLen) { |
| snmpv3_clone_engineID(&pdu->contextEngineID, |
| &pdu->contextEngineIDLen, |
| session->contextEngineID, |
| session->contextEngineIDLen); |
| } else if (pdu->securityEngineIDLen) { |
| snmpv3_clone_engineID(&pdu->contextEngineID, |
| &pdu->contextEngineIDLen, |
| pdu->securityEngineID, |
| pdu->securityEngineIDLen); |
| } |
| } |
| |
| if (pdu->contextName == NULL) { |
| if (!session->contextName) { |
| session->s_snmp_errno = SNMPERR_BAD_CONTEXT; |
| return -1; |
| } |
| pdu->contextName = strdup(session->contextName); |
| if (pdu->contextName == NULL) { |
| session->s_snmp_errno = SNMPERR_GENERR; |
| return -1; |
| } |
| pdu->contextNameLen = session->contextNameLen; |
| } |
| if (pdu->securityModel == SNMP_DEFAULT_SECMODEL) { |
| pdu->securityModel = session->securityModel; |
| if (pdu->securityModel == SNMP_DEFAULT_SECMODEL) { |
| pdu->securityModel = se_find_value_in_slist("snmp_secmods", netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_SECMODEL)); |
| |
| if (pdu->securityModel <= 0) { |
| pdu->securityModel = SNMP_SEC_MODEL_USM; |
| } |
| } |
| } |
| if (pdu->securityNameLen == 0 && pdu->securityName == NULL) { |
| if (session->securityModel != NETSNMP_TSM_SECURITY_MODEL && |
| session->securityNameLen == 0) { |
| session->s_snmp_errno = SNMPERR_BAD_SEC_NAME; |
| return -1; |
| } |
| if (session->securityName) { |
| pdu->securityName = strdup(session->securityName); |
| if (pdu->securityName == NULL) { |
| session->s_snmp_errno = SNMPERR_GENERR; |
| return -1; |
| } |
| pdu->securityNameLen = session->securityNameLen; |
| } |
| } |
| if (pdu->securityLevel == 0) { |
| if (session->securityLevel == 0) { |
| session->s_snmp_errno = SNMPERR_BAD_SEC_LEVEL; |
| return -1; |
| } |
| pdu->securityLevel = session->securityLevel; |
| } |
| DEBUGMSGTL(("snmp_build", |
| "Building SNMPv3 message (secName:\"%s\", secLevel:%s)...\n", |
| ((session->securityName) ? (char *) session->securityName : |
| ((pdu->securityName) ? (char *) pdu->securityName : |
| "ERROR: undefined")), secLevelName[pdu->securityLevel])); |
| |
| DEBUGDUMPSECTION("send", "SNMPv3 Message"); |
| #ifdef NETSNMP_USE_REVERSE_ASNENCODING |
| if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_REVERSE_ENCODE)) { |
| ret = snmpv3_packet_realloc_rbuild(pkt, pkt_len, offset, |
| session, pdu, NULL, 0); |
| } else { |
| #endif |
| ret = snmpv3_packet_build(session, pdu, *pkt, pkt_len, NULL, 0); |
| #ifdef NETSNMP_USE_REVERSE_ASNENCODING |
| } |
| #endif |
| DEBUGINDENTLESS(); |
| if (-1 != ret) { |
| session->s_snmp_errno = ret; |
| } |
| |
| return ret; |
| |
| } /* end snmpv3_build() */ |
| |
| |
| |
| |
| static u_char * |
| snmpv3_header_build(netsnmp_session * session, netsnmp_pdu *pdu, |
| u_char * packet, size_t * out_length, |
| size_t length, u_char ** msg_hdr_e) |
| { |
| u_char *global_hdr, *global_hdr_e; |
| u_char *cp; |
| u_char msg_flags; |
| long max_size; |
| long sec_model; |
| u_char *pb, *pb0e; |
| |
| /* |
| * Save current location and build SEQUENCE tag and length placeholder |
| * * for SNMP message sequence (actual length inserted later) |
| */ |
| cp = asn_build_sequence(packet, out_length, |
| (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR), |
| length); |
| if (cp == NULL) |
| return NULL; |
| if (msg_hdr_e != NULL) |
| *msg_hdr_e = cp; |
| pb0e = cp; |
| |
| |
| /* |
| * store the version field - msgVersion |
| */ |
| DEBUGDUMPHEADER("send", "SNMP Version Number"); |
| cp = asn_build_int(cp, out_length, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), (long *) &pdu->version, |
| sizeof(pdu->version)); |
| DEBUGINDENTLESS(); |
| if (cp == NULL) |
| return NULL; |
| |
| global_hdr = cp; |
| /* |
| * msgGlobalData HeaderData |
| */ |
| DEBUGDUMPSECTION("send", "msgGlobalData"); |
| cp = asn_build_sequence(cp, out_length, |
| (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR), 0); |
| if (cp == NULL) |
| return NULL; |
| global_hdr_e = cp; |
| |
| |
| /* |
| * msgID |
| */ |
| DEBUGDUMPHEADER("send", "msgID"); |
| cp = asn_build_int(cp, out_length, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), &pdu->msgid, |
| sizeof(pdu->msgid)); |
| DEBUGINDENTLESS(); |
| if (cp == NULL) |
| return NULL; |
| |
| /* |
| * msgMaxSize |
| */ |
| max_size = session->rcvMsgMaxSize; |
| DEBUGDUMPHEADER("send", "msgMaxSize"); |
| cp = asn_build_int(cp, out_length, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), &max_size, |
| sizeof(max_size)); |
| DEBUGINDENTLESS(); |
| if (cp == NULL) |
| return NULL; |
| |
| /* |
| * msgFlags |
| */ |
| snmpv3_calc_msg_flags(pdu->securityLevel, pdu->command, &msg_flags); |
| DEBUGDUMPHEADER("send", "msgFlags"); |
| cp = asn_build_string(cp, out_length, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_OCTET_STR), &msg_flags, |
| sizeof(msg_flags)); |
| DEBUGINDENTLESS(); |
| if (cp == NULL) |
| return NULL; |
| |
| /* |
| * msgSecurityModel |
| */ |
| sec_model = pdu->securityModel; |
| DEBUGDUMPHEADER("send", "msgSecurityModel"); |
| cp = asn_build_int(cp, out_length, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), &sec_model, |
| sizeof(sec_model)); |
| DEBUGINDENTADD(-4); /* return from global data indent */ |
| if (cp == NULL) |
| return NULL; |
| |
| |
| /* |
| * insert actual length of globalData |
| */ |
| pb = asn_build_sequence(global_hdr, out_length, |
| (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR), |
| cp - global_hdr_e); |
| if (pb == NULL) |
| return NULL; |
| |
| |
| /* |
| * insert the actual length of the entire packet |
| */ |
| pb = asn_build_sequence(packet, out_length, |
| (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR), |
| length + (cp - pb0e)); |
| if (pb == NULL) |
| return NULL; |
| |
| return cp; |
| |
| } /* end snmpv3_header_build() */ |
| |
| #ifdef NETSNMP_USE_REVERSE_ASNENCODING |
| |
| int |
| snmpv3_header_realloc_rbuild(u_char ** pkt, size_t * pkt_len, |
| size_t * offset, netsnmp_session * session, |
| netsnmp_pdu *pdu) |
| { |
| size_t start_offset = *offset; |
| u_char msg_flags; |
| long max_size, sec_model; |
| int rc = 0; |
| |
| /* |
| * msgSecurityModel. |
| */ |
| sec_model = pdu->securityModel; |
| DEBUGDUMPHEADER("send", "msgSecurityModel"); |
| rc = asn_realloc_rbuild_int(pkt, pkt_len, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), &sec_model, |
| sizeof(sec_model)); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| return 0; |
| } |
| |
| /* |
| * msgFlags. |
| */ |
| snmpv3_calc_msg_flags(pdu->securityLevel, pdu->command, &msg_flags); |
| DEBUGDUMPHEADER("send", "msgFlags"); |
| rc = asn_realloc_rbuild_string(pkt, pkt_len, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE |
| | ASN_OCTET_STR), &msg_flags, |
| sizeof(msg_flags)); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| return 0; |
| } |
| |
| /* |
| * msgMaxSize. |
| */ |
| max_size = session->rcvMsgMaxSize; |
| DEBUGDUMPHEADER("send", "msgMaxSize"); |
| rc = asn_realloc_rbuild_int(pkt, pkt_len, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), &max_size, |
| sizeof(max_size)); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| return 0; |
| } |
| |
| /* |
| * msgID. |
| */ |
| DEBUGDUMPHEADER("send", "msgID"); |
| rc = asn_realloc_rbuild_int(pkt, pkt_len, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), &pdu->msgid, |
| sizeof(pdu->msgid)); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| return 0; |
| } |
| |
| /* |
| * Global data sequence. |
| */ |
| rc = asn_realloc_rbuild_sequence(pkt, pkt_len, offset, 1, |
| (u_char) (ASN_SEQUENCE | |
| ASN_CONSTRUCTOR), |
| *offset - start_offset); |
| if (rc == 0) { |
| return 0; |
| } |
| |
| /* |
| * Store the version field - msgVersion. |
| */ |
| DEBUGDUMPHEADER("send", "SNMP Version Number"); |
| rc = asn_realloc_rbuild_int(pkt, pkt_len, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), |
| (long *) &pdu->version, |
| sizeof(pdu->version)); |
| DEBUGINDENTLESS(); |
| return rc; |
| } /* end snmpv3_header_realloc_rbuild() */ |
| #endif /* NETSNMP_USE_REVERSE_ASNENCODING */ |
| |
| static u_char * |
| snmpv3_scopedPDU_header_build(netsnmp_pdu *pdu, |
| u_char * packet, size_t * out_length, |
| u_char ** spdu_e) |
| { |
| u_char *scopedPdu, *pb; |
| |
| pb = scopedPdu = packet; |
| pb = asn_build_sequence(pb, out_length, |
| (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR), 0); |
| if (pb == NULL) |
| return NULL; |
| if (spdu_e) |
| *spdu_e = pb; |
| |
| DEBUGDUMPHEADER("send", "contextEngineID"); |
| pb = asn_build_string(pb, out_length, |
| (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_OCTET_STR), |
| pdu->contextEngineID, pdu->contextEngineIDLen); |
| DEBUGINDENTLESS(); |
| if (pb == NULL) |
| return NULL; |
| |
| DEBUGDUMPHEADER("send", "contextName"); |
| pb = asn_build_string(pb, out_length, |
| (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_OCTET_STR), |
| (u_char *) pdu->contextName, |
| pdu->contextNameLen); |
| DEBUGINDENTLESS(); |
| if (pb == NULL) |
| return NULL; |
| |
| return pb; |
| |
| } /* end snmpv3_scopedPDU_header_build() */ |
| |
| |
| #ifdef NETSNMP_USE_REVERSE_ASNENCODING |
| int |
| snmpv3_scopedPDU_header_realloc_rbuild(u_char ** pkt, size_t * pkt_len, |
| size_t * offset, netsnmp_pdu *pdu, |
| size_t body_len) |
| { |
| size_t start_offset = *offset; |
| int rc = 0; |
| |
| /* |
| * contextName. |
| */ |
| DEBUGDUMPHEADER("send", "contextName"); |
| rc = asn_realloc_rbuild_string(pkt, pkt_len, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE |
| | ASN_OCTET_STR), |
| (u_char *) pdu->contextName, |
| pdu->contextNameLen); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| return 0; |
| } |
| |
| /* |
| * contextEngineID. |
| */ |
| DEBUGDUMPHEADER("send", "contextEngineID"); |
| rc = asn_realloc_rbuild_string(pkt, pkt_len, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE |
| | ASN_OCTET_STR), |
| pdu->contextEngineID, |
| pdu->contextEngineIDLen); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| return 0; |
| } |
| |
| rc = asn_realloc_rbuild_sequence(pkt, pkt_len, offset, 1, |
| (u_char) (ASN_SEQUENCE | |
| ASN_CONSTRUCTOR), |
| *offset - start_offset + body_len); |
| |
| return rc; |
| } /* end snmpv3_scopedPDU_header_realloc_rbuild() */ |
| #endif /* NETSNMP_USE_REVERSE_ASNENCODING */ |
| |
| #ifdef NETSNMP_USE_REVERSE_ASNENCODING |
| /* |
| * returns 0 if success, -1 if fail, not 0 if SM build failure |
| */ |
| int |
| snmpv3_packet_realloc_rbuild(u_char ** pkt, size_t * pkt_len, |
| size_t * offset, netsnmp_session * session, |
| netsnmp_pdu *pdu, u_char * pdu_data, |
| size_t pdu_data_len) |
| { |
| u_char *scoped_pdu, *hdrbuf = NULL, *hdr = NULL; |
| size_t hdrbuf_len = SNMP_MAX_MSG_V3_HDRS, hdr_offset = |
| 0, spdu_offset = 0; |
| size_t body_end_offset = *offset, body_len = 0; |
| struct snmp_secmod_def *sptr = NULL; |
| int rc = 0; |
| |
| /* |
| * Build a scopedPDU structure into the packet buffer. |
| */ |
| DEBUGPRINTPDUTYPE("send", pdu->command); |
| if (pdu_data) { |
| while ((*pkt_len - *offset) < pdu_data_len) { |
| if (!asn_realloc(pkt, pkt_len)) { |
| return -1; |
| } |
| } |
| |
| *offset += pdu_data_len; |
| memcpy(*pkt + *pkt_len - *offset, pdu_data, pdu_data_len); |
| } else { |
| rc = snmp_pdu_realloc_rbuild(pkt, pkt_len, offset, pdu); |
| if (rc == 0) { |
| return -1; |
| } |
| } |
| body_len = *offset - body_end_offset; |
| |
| DEBUGDUMPSECTION("send", "ScopedPdu"); |
| rc = snmpv3_scopedPDU_header_realloc_rbuild(pkt, pkt_len, offset, |
| pdu, body_len); |
| if (rc == 0) { |
| return -1; |
| } |
| spdu_offset = *offset; |
| DEBUGINDENTADD(-4); /* Return from Scoped PDU. */ |
| |
| if ((hdrbuf = (u_char *) malloc(hdrbuf_len)) == NULL) { |
| return -1; |
| } |
| |
| rc = snmpv3_header_realloc_rbuild(&hdrbuf, &hdrbuf_len, &hdr_offset, |
| session, pdu); |
| if (rc == 0) { |
| SNMP_FREE(hdrbuf); |
| return -1; |
| } |
| hdr = hdrbuf + hdrbuf_len - hdr_offset; |
| scoped_pdu = *pkt + *pkt_len - spdu_offset; |
| |
| /* |
| * Call the security module to possibly encrypt and authenticate the |
| * message---the entire message to transmitted on the wire is returned. |
| */ |
| |
| sptr = find_sec_mod(pdu->securityModel); |
| DEBUGDUMPSECTION("send", "SM msgSecurityParameters"); |
| if (sptr && sptr->encode_reverse) { |
| struct snmp_secmod_outgoing_params parms; |
| |
| parms.msgProcModel = pdu->msgParseModel; |
| parms.globalData = hdr; |
| parms.globalDataLen = hdr_offset; |
| parms.maxMsgSize = SNMP_MAX_MSG_SIZE; |
| parms.secModel = pdu->securityModel; |
| parms.secEngineID = pdu->securityEngineID; |
| parms.secEngineIDLen = pdu->securityEngineIDLen; |
| parms.secName = pdu->securityName; |
| parms.secNameLen = pdu->securityNameLen; |
| parms.secLevel = pdu->securityLevel; |
| parms.scopedPdu = scoped_pdu; |
| parms.scopedPduLen = spdu_offset; |
| parms.secStateRef = pdu->securityStateRef; |
| parms.wholeMsg = pkt; |
| parms.wholeMsgLen = pkt_len; |
| parms.wholeMsgOffset = offset; |
| parms.session = session; |
| parms.pdu = pdu; |
| |
| rc = (*sptr->encode_reverse) (&parms); |
| } else { |
| if (!sptr) { |
| snmp_log(LOG_ERR, |
| "no such security service available: %d\n", |
| pdu->securityModel); |
| } else if (!sptr->encode_reverse) { |
| snmp_log(LOG_ERR, |
| "security service %d doesn't support reverse encoding.\n", |
| pdu->securityModel); |
| } |
| rc = -1; |
| } |
| |
| DEBUGINDENTLESS(); |
| SNMP_FREE(hdrbuf); |
| return rc; |
| } /* end snmpv3_packet_realloc_rbuild() */ |
| #endif /* NETSNMP_USE_REVERSE_ASNENCODING */ |
| |
| /* |
| * returns 0 if success, -1 if fail, not 0 if SM build failure |
| */ |
| int |
| snmpv3_packet_build(netsnmp_session * session, netsnmp_pdu *pdu, |
| u_char * packet, size_t * out_length, |
| u_char * pdu_data, size_t pdu_data_len) |
| { |
| u_char *global_data, *sec_params, *spdu_hdr_e; |
| size_t global_data_len, sec_params_len; |
| u_char spdu_buf[SNMP_MAX_MSG_SIZE]; |
| size_t spdu_buf_len, spdu_len; |
| u_char *cp; |
| int result; |
| struct snmp_secmod_def *sptr; |
| |
| global_data = packet; |
| |
| /* |
| * build the headers for the packet, returned addr = start of secParams |
| */ |
| sec_params = snmpv3_header_build(session, pdu, global_data, |
| out_length, 0, NULL); |
| if (sec_params == NULL) |
| return -1; |
| global_data_len = sec_params - global_data; |
| sec_params_len = *out_length; /* length left in packet buf for sec_params */ |
| |
| |
| /* |
| * build a scopedPDU structure into spdu_buf |
| */ |
| spdu_buf_len = SNMP_MAX_MSG_SIZE; |
| DEBUGDUMPSECTION("send", "ScopedPdu"); |
| cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len, |
| &spdu_hdr_e); |
| if (cp == NULL) |
| return -1; |
| |
| /* |
| * build the PDU structure onto the end of spdu_buf |
| */ |
| DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00)); |
| if (pdu_data) { |
| memcpy(cp, pdu_data, pdu_data_len); |
| cp += pdu_data_len; |
| } else { |
| cp = snmp_pdu_build(pdu, cp, &spdu_buf_len); |
| if (cp == NULL) |
| return -1; |
| } |
| DEBUGINDENTADD(-4); /* return from Scoped PDU */ |
| |
| /* |
| * re-encode the actual ASN.1 length of the scopedPdu |
| */ |
| spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */ |
| spdu_buf_len = SNMP_MAX_MSG_SIZE; |
| if (asn_build_sequence(spdu_buf, &spdu_buf_len, |
| (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR), |
| spdu_len) == NULL) |
| return -1; |
| spdu_len = cp - spdu_buf; /* the length of the entire scopedPdu */ |
| |
| |
| /* |
| * call the security module to possibly encrypt and authenticate the |
| * message - the entire message to transmitted on the wire is returned |
| */ |
| cp = NULL; |
| *out_length = SNMP_MAX_MSG_SIZE; |
| DEBUGDUMPSECTION("send", "SM msgSecurityParameters"); |
| sptr = find_sec_mod(pdu->securityModel); |
| if (sptr && sptr->encode_forward) { |
| struct snmp_secmod_outgoing_params parms; |
| parms.msgProcModel = pdu->msgParseModel; |
| parms.globalData = global_data; |
| parms.globalDataLen = global_data_len; |
| parms.maxMsgSize = SNMP_MAX_MSG_SIZE; |
| parms.secModel = pdu->securityModel; |
| parms.secEngineID = pdu->securityEngineID; |
| parms.secEngineIDLen = pdu->securityEngineIDLen; |
| parms.secName = pdu->securityName; |
| parms.secNameLen = pdu->securityNameLen; |
| parms.secLevel = pdu->securityLevel; |
| parms.scopedPdu = spdu_buf; |
| parms.scopedPduLen = spdu_len; |
| parms.secStateRef = pdu->securityStateRef; |
| parms.secParams = sec_params; |
| parms.secParamsLen = &sec_params_len; |
| parms.wholeMsg = &cp; |
| parms.wholeMsgLen = out_length; |
| parms.session = session; |
| parms.pdu = pdu; |
| result = (*sptr->encode_forward) (&parms); |
| } else { |
| if (!sptr) { |
| snmp_log(LOG_ERR, "no such security service available: %d\n", |
| pdu->securityModel); |
| } else if (!sptr->encode_forward) { |
| snmp_log(LOG_ERR, |
| "security service %d doesn't support forward out encoding.\n", |
| pdu->securityModel); |
| } |
| result = -1; |
| } |
| DEBUGINDENTLESS(); |
| return result; |
| |
| } /* end snmpv3_packet_build() */ |
| |
| |
| /* |
| * Takes a session and a pdu and serializes the ASN PDU into the area |
| * pointed to by *pkt. *pkt_len is the size of the data area available. |
| * Returns the length of the completed packet in *offset. If any errors |
| * occur, -1 is returned. If all goes well, 0 is returned. |
| */ |
| |
| static int |
| _snmp_build(u_char ** pkt, size_t * pkt_len, size_t * offset, |
| netsnmp_session * session, netsnmp_pdu *pdu) |
| { |
| #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
| u_char *h0e = NULL; |
| size_t start_offset = *offset; |
| long version; |
| int rc = 0; |
| #endif /* support for community based SNMP */ |
| |
| u_char *cp; |
| size_t length; |
| |
| session->s_snmp_errno = 0; |
| session->s_errno = 0; |
| |
| if (pdu->version == SNMP_VERSION_3) { |
| return snmpv3_build(pkt, pkt_len, offset, session, pdu); |
| } |
| |
| switch (pdu->command) { |
| case SNMP_MSG_RESPONSE: |
| netsnmp_assert(0 == (pdu->flags & UCD_MSG_FLAG_EXPECT_RESPONSE)); |
| /* |
| * Fallthrough |
| */ |
| case SNMP_MSG_GET: |
| case SNMP_MSG_GETNEXT: |
| case SNMP_MSG_SET: |
| /* |
| * all versions support these PDU types |
| */ |
| /* |
| * initialize defaulted PDU fields |
| */ |
| |
| if (pdu->errstat == SNMP_DEFAULT_ERRSTAT) |
| pdu->errstat = 0; |
| if (pdu->errindex == SNMP_DEFAULT_ERRINDEX) |
| pdu->errindex = 0; |
| break; |
| |
| case SNMP_MSG_TRAP2: |
| netsnmp_assert(0 == (pdu->flags & UCD_MSG_FLAG_EXPECT_RESPONSE)); |
| /* |
| * Fallthrough |
| */ |
| case SNMP_MSG_INFORM: |
| #ifndef NETSNMP_DISABLE_SNMPV1 |
| /* |
| * not supported in SNMPv1 and SNMPsec |
| */ |
| if (pdu->version == SNMP_VERSION_1) { |
| session->s_snmp_errno = SNMPERR_V2_IN_V1; |
| return -1; |
| } |
| #endif |
| if (pdu->errstat == SNMP_DEFAULT_ERRSTAT) |
| pdu->errstat = 0; |
| if (pdu->errindex == SNMP_DEFAULT_ERRINDEX) |
| pdu->errindex = 0; |
| break; |
| |
| case SNMP_MSG_GETBULK: |
| /* |
| * not supported in SNMPv1 and SNMPsec |
| */ |
| #ifndef NETSNMP_DISABLE_SNMPV1 |
| if (pdu->version == SNMP_VERSION_1) { |
| session->s_snmp_errno = SNMPERR_V2_IN_V1; |
| return -1; |
| } |
| #endif |
| if (pdu->max_repetitions < 0) { |
| session->s_snmp_errno = SNMPERR_BAD_REPETITIONS; |
| return -1; |
| } |
| if (pdu->non_repeaters < 0) { |
| session->s_snmp_errno = SNMPERR_BAD_REPEATERS; |
| return -1; |
| } |
| break; |
| |
| case SNMP_MSG_TRAP: |
| /* |
| * *only* supported in SNMPv1 and SNMPsec |
| */ |
| #ifndef NETSNMP_DISABLE_SNMPV1 |
| if (pdu->version != SNMP_VERSION_1) { |
| session->s_snmp_errno = SNMPERR_V1_IN_V2; |
| return -1; |
| } |
| #endif |
| /* |
| * initialize defaulted Trap PDU fields |
| */ |
| pdu->reqid = 1; /* give a bogus non-error reqid for traps */ |
| if (pdu->enterprise_length == SNMP_DEFAULT_ENTERPRISE_LENGTH) { |
| pdu->enterprise = (oid *) malloc(sizeof(DEFAULT_ENTERPRISE)); |
| if (pdu->enterprise == NULL) { |
| session->s_snmp_errno = SNMPERR_MALLOC; |
| return -1; |
| } |
| memmove(pdu->enterprise, DEFAULT_ENTERPRISE, |
| sizeof(DEFAULT_ENTERPRISE)); |
| pdu->enterprise_length = |
| sizeof(DEFAULT_ENTERPRISE) / sizeof(oid); |
| } |
| if (pdu->time == SNMP_DEFAULT_TIME) |
| pdu->time = DEFAULT_TIME; |
| /* |
| * don't expect a response |
| */ |
| pdu->flags &= (~UCD_MSG_FLAG_EXPECT_RESPONSE); |
| break; |
| |
| case SNMP_MSG_REPORT: /* SNMPv3 only */ |
| default: |
| session->s_snmp_errno = SNMPERR_UNKNOWN_PDU; |
| return -1; |
| } |
| |
| /* |
| * save length |
| */ |
| length = *pkt_len; |
| |
| /* |
| * setup administrative fields based on version |
| */ |
| /* |
| * build the message wrapper and all the administrative fields |
| * upto the PDU sequence |
| * (note that actual length of message will be inserted later) |
| */ |
| switch (pdu->version) { |
| #ifndef NETSNMP_DISABLE_SNMPV1 |
| case SNMP_VERSION_1: |
| #endif |
| #ifndef NETSNMP_DISABLE_SNMPV2C |
| case SNMP_VERSION_2c: |
| #endif |
| #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
| #ifdef NETSNMP_NO_ZEROLENGTH_COMMUNITY |
| if (pdu->community_len == 0) { |
| if (session->community_len == 0) { |
| session->s_snmp_errno = SNMPERR_BAD_COMMUNITY; |
| return -1; |
| } |
| pdu->community = (u_char *) malloc(session->community_len); |
| if (pdu->community == NULL) { |
| session->s_snmp_errno = SNMPERR_MALLOC; |
| return -1; |
| } |
| memmove(pdu->community, |
| session->
|