void startonehost(struct req_t *req, int ipchange) { struct snmp_session s; struct snmp_pdu *snmpreq = NULL; if ((dataoperation < GET_DATA) && !req->currentkey) return; /* Are we retrying a cluster with a new IP? Then drop the current session */ if (req->sess && ipchange) { /* * Apparently, we cannot close a session while in a callback. * So leave this for now - it will leak some memory, but * this is not a problem as long as we only run once. */ /* snmp_close(req->sess); */ req->sess = NULL; } /* Setup the SNMP session */ if (!req->sess) { snmp_sess_init(&s); /* * snmp_session has a "remote_port" field, but it does not work. * Instead, the peername should include a port number (IP:PORT) * if (req->portnumber) s.remote_port = req->portnumber; */ s.peername = req->hostip[req->hostipidx]; /* Set the SNMP version and authentication token(s) */ s.version = req->version; switch (s.version) { case SNMP_VERSION_1: case SNMP_VERSION_2c: s.community = req->community; s.community_len = strlen((char *)req->community); break; case SNMP_VERSION_3: /* set the SNMPv3 user name */ s.securityName = strdup(req->username); s.securityNameLen = strlen(s.securityName); /* set the security level to authenticated, but not encrypted */ s.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV; /* set the authentication method */ switch (req->authmethod) { case SNMP_V3AUTH_MD5: s.securityAuthProto = usmHMACMD5AuthProtocol; s.securityAuthProtoLen = sizeof(usmHMACMD5AuthProtocol)/sizeof(oid); s.securityAuthKeyLen = USM_AUTH_KU_LEN; break; case SNMP_V3AUTH_SHA1: s.securityAuthProto = usmHMACSHA1AuthProtocol; s.securityAuthProtoLen = sizeof(usmHMACSHA1AuthProtocol)/sizeof(oid); s.securityAuthKeyLen = USM_AUTH_KU_LEN; break; } /* * set the authentication key to a hashed version of our * passphrase (which must be at least 8 characters long). */ if (generate_Ku(s.securityAuthProto, s.securityAuthProtoLen, (u_char *)req->passphrase, strlen(req->passphrase), s.securityAuthKey, &s.securityAuthKeyLen) != SNMPERR_SUCCESS) { errprintf("Failed to generate Ku from authentication pass phrase for host %s\n", req->hostname); snmp_perror("generate_Ku"); return; } break; } /* Set timeouts and retries */ if (timeout > 0) s.timeout = timeout; if (retries > 0) s.retries = retries; /* Setup the callback */ s.callback = asynch_response; s.callback_magic = req; if (!(req->sess = snmp_open(&s))) { snmp_sess_perror("snmp_open", &s); return; } } switch (dataoperation) { case GET_KEYS: snmpreq = snmp_pdu_create(SNMP_MSG_GETNEXT); pducount++; snmp_add_null_var(snmpreq, req->currentkey->indexmethod->rootoid, req->currentkey->indexmethod->rootoidlen); break; case GET_DATA: /* Build the request PDU and send it */ snmpreq = generate_datarequest(req); break; } if (!snmpreq) return; if (snmp_send(req->sess, snmpreq)) active_requests++; else { errorcount++; snmp_sess_perror("snmp_send", req->sess); snmp_free_pdu(snmpreq); } }
/*! \fn void *snmp_host_init(int host_id, char *hostname, int snmp_version, * char *snmp_community, char *snmp_username, char *snmp_password, int snmp_port, * int snmp_timeout) * \brief initializes an snmp_session object for a Cactid host * * This function will initialize NET-SNMP or UCD-SNMP for the Cactid host * in question. * */ void *snmp_host_init(int host_id, char *hostname, int snmp_version, char *snmp_community, char *snmp_username, char *snmp_password, int snmp_port, int snmp_timeout) { void *sessp = NULL; struct snmp_session session; char hostnameport[BUFSIZE]; /* initialize SNMP */ snmp_sess_init(&session); #ifdef USE_NET_SNMP /* Prevent update of the snmpapp.conf file */ #ifdef NETSNMP_DS_LIB_DONT_PERSIST_STATE netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DONT_PERSIST_STATE, 1); #endif /* Prevent update of the snmpapp.conf file */ #ifdef NETSNMP_DS_LIB_DISABLE_PERSISTENT_LOAD netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DISABLE_PERSISTENT_LOAD, 1); #endif #ifdef NETSNMP_DS_LIB_DONT_PRINT_UNITS netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DONT_PRINT_UNITS, 1); #endif netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT, 1); netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_PRINT_BARE_VALUE, 1); netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_NUMERIC_TIMETICKS, 1); #else ds_set_boolean(DS_LIBRARY_ID, DS_LIB_QUICK_PRINT, 1); ds_set_boolean(DS_LIBRARY_ID, DS_LIB_PRINT_BARE_VALUE, 1); ds_set_boolean(DS_LIBRARY_ID, DS_LIB_NUMERIC_TIMETICKS, 1); #endif /* verify snmp version is accurate */ if (snmp_version == 2) { session.version = SNMP_VERSION_2c; }else if (snmp_version == 1) { session.version = SNMP_VERSION_1; }else if (snmp_version == 3) { session.version = SNMP_VERSION_3; }else { CACTID_LOG(("Host[%i] ERROR: SNMP Version Error for Host '%s'\n", host_id, hostname)); return 0; } snprintf(hostnameport, sizeof(hostnameport), "%s:%i", hostname, snmp_port); session.peername = hostnameport; session.retries = 3; session.remote_port = snmp_port; session.timeout = (snmp_timeout * 1000); /* net-snmp likes microseconds */ if ((snmp_version == 2) || (snmp_version == 1)) { session.community = snmp_community; session.community_len = strlen(snmp_community); }else { /* set the SNMPv3 user name */ session.securityName = snmp_username; session.securityNameLen = strlen(session.securityName); session.securityAuthKeyLen = USM_AUTH_KU_LEN; /* set the authentication method to MD5 */ session.securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, OIDSIZE(usmHMACMD5AuthProtocol)); session.securityAuthProtoLen = OIDSIZE(usmHMACMD5AuthProtocol); /* set the privacy protocol to none */ session.securityPrivProto = usmNoPrivProtocol; session.securityPrivProtoLen = OIDSIZE(usmNoPrivProtocol); session.securityPrivKeyLen = USM_PRIV_KU_LEN; /* set the security level to authenticate, but not encrypted */ session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV; /* set the authentication key to the hashed version. The password must me at least 8 char */ if (generate_Ku(session.securityAuthProto, session.securityAuthProtoLen, (u_char *) snmp_password, strlen(snmp_password), session.securityAuthKey, &(session.securityAuthKeyLen)) != SNMPERR_SUCCESS) { CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from authentication pass phrase.")); } } /* open SNMP Session */ thread_mutex_lock(LOCK_SNMP); sessp = snmp_sess_open(&session); thread_mutex_unlock(LOCK_SNMP); if (!sessp) { CACTID_LOG(("ERROR: Problem initializing SNMP session '%s'\n", hostname)); } return sessp; }
/* * This method does the real work for snmp_parse_args. It takes an * extra argument, proxy, and uses this to decide how to handle the lack of * of a community string. */ int snmp_parse_args(int argc, char **argv, netsnmp_session * session, const char *localOpts, void (*proc) (int, char *const *, int)) { static char *sensitive[4] = { NULL, NULL, NULL, NULL }; int arg, sp = 0, zero_sensitive = 1, testcase = 0; char *cp; char *Apsz = NULL; char *Xpsz = NULL; char *Cpsz = NULL; char Opts[BUF_SIZE]; int logopt = 0; /* * initialize session to default values */ snmp_sess_init(session); strcpy(Opts, "Y:VhHm:M:O:I:P:D:dv:r:t:c:Z:e:E:n:u:l:x:X:a:A:p:T:-:3:s:S:L:"); if (localOpts) strcat(Opts, localOpts); if (strcmp(argv[0], "snmpd-trapsess") == 0 || strcmp(argv[0], "snmpd-proxy") == 0) { /* Don't worry about zeroing sensitive parameters as they are not on the command line anyway (called from internal config-line handler). */ zero_sensitive = 0; } /* * get the options */ DEBUGMSGTL(("snmp_parse_args", "starting: %d/%d\n", optind, argc)); for (arg = 0; arg < argc; arg++) { DEBUGMSGTL(("snmp_parse_args", " arg %d = %s\n", arg, argv[arg])); } optind = 1; while ((arg = getopt(argc, argv, Opts)) != EOF) { DEBUGMSGTL(("snmp_parse_args", "handling (#%d): %c\n", optind, arg)); switch (arg) { case '-': if (strcasecmp(optarg, "help") == 0) { return (-1); } if (strcasecmp(optarg, "version") == 0) { fprintf(stderr,"NET-SNMP version: %s\n",netsnmp_get_version()); return (-2); } handle_long_opt(optarg); break; case 'V': fprintf(stderr, "NET-SNMP version: %s\n", netsnmp_get_version()); return (-2); case 'h': return (-1); break; case 'H': init_snmp("snmpapp"); fprintf(stderr, "Configuration directives understood:\n"); read_config_print_usage(" "); return (-2); case 'Y': netsnmp_config_remember(optarg); break; #ifndef NETSNMP_DISABLE_MIB_LOADING case 'm': setenv("MIBS", optarg, 1); break; case 'M': netsnmp_get_mib_directory(); /* prepare the default directories */ netsnmp_set_mib_directory(optarg); break; #endif /* NETSNMP_DISABLE_MIB_LOADING */ case 'O': cp = snmp_out_toggle_options(optarg); if (cp != NULL) { fprintf(stderr, "Unknown output option passed to -O: %c.\n", *cp); return (-1); } break; case 'I': cp = snmp_in_options(optarg, argc, argv); if (cp != NULL) { fprintf(stderr, "Unknown input option passed to -I: %c.\n", *cp); return (-1); } break; #ifndef NETSNMP_DISABLE_MIB_LOADING case 'P': cp = snmp_mib_toggle_options(optarg); if (cp != NULL) { fprintf(stderr, "Unknown parsing option passed to -P: %c.\n", *cp); return (-1); } break; #endif /* NETSNMP_DISABLE_MIB_LOADING */ case 'D': debug_register_tokens(optarg); snmp_set_do_debugging(1); break; case 'd': netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DUMP_PACKET, 1); break; case 'v': session->version = -1; #ifndef NETSNMP_DISABLE_SNMPV1 if (!strcmp(optarg, "1")) { session->version = SNMP_VERSION_1; } #endif #ifndef NETSNMP_DISABLE_SNMPV2C if (!strcasecmp(optarg, "2c")) { session->version = SNMP_VERSION_2c; } #endif if (!strcasecmp(optarg, "3")) { session->version = SNMP_VERSION_3; } if (session->version == -1) { fprintf(stderr, "Invalid version specified after -v flag: %s\n", optarg); return (-1); } break; case 'p': fprintf(stderr, "Warning: -p option is no longer used - "); fprintf(stderr, "specify the remote host as HOST:PORT\n"); return (-1); break; case 'T': fprintf(stderr, "Warning: -T option is no longer used - "); fprintf(stderr, "specify the remote host as TRANSPORT:HOST\n"); return (-1); break; case 't': session->timeout = (long)(atof(optarg) * 1000000L); if (session->timeout <= 0) { fprintf(stderr, "Invalid timeout in seconds after -t flag.\n"); return (-1); } break; case 'r': session->retries = atoi(optarg); if (session->retries < 0 || !isdigit(optarg[0])) { fprintf(stderr, "Invalid number of retries after -r flag.\n"); return (-1); } break; case 'c': if (zero_sensitive) { if ((sensitive[sp] = strdup(optarg)) != NULL) { Cpsz = sensitive[sp]; memset(optarg, '\0', strlen(optarg)); sp++; } else { fprintf(stderr, "malloc failure processing -c flag.\n"); return -1; } } else { Cpsz = optarg; } break; #ifndef NO_SNMPV3 case '3': /* TODO: This needs to zero things too. */ if (snmpv3_options(optarg, session, &Apsz, &Xpsz, argc, argv) < 0) { return (-1); } break; case 'L': if (snmp_log_options(optarg, argc, argv) < 0) { return (-1); } logopt = 1; break; #endif #ifndef NO_SNMPV3 #define SNMPV3_CMD_OPTIONS #endif #ifdef SNMPV3_CMD_OPTIONS case 'Z': errno = 0; session->engineBoots = strtoul(optarg, &cp, 10); if (errno || cp == optarg) { fprintf(stderr, "Need engine boots value after -Z flag.\n"); return (-1); } if (*cp == ',') { char *endptr; cp++; session->engineTime = strtoul(cp, &endptr, 10); if (errno || cp == endptr) { fprintf(stderr, "Need engine time after \"-Z engineBoot,\".\n"); return (-1); } } /* * Handle previous '-Z boot time' syntax */ else if (optind < argc) { session->engineTime = strtoul(argv[optind], &cp, 10); if (errno || cp == argv[optind]) { fprintf(stderr, "Need engine time after \"-Z engineBoot\".\n"); return (-1); } } else { fprintf(stderr, "Need engine time after \"-Z engineBoot\".\n"); return (-1); } break; case 'e': { size_t ebuf_len = 32, eout_len = 0; u_char *ebuf = (u_char *)malloc(ebuf_len); if (ebuf == NULL) { fprintf(stderr, "malloc failure processing -e flag.\n"); return (-1); } if (!snmp_hex_to_binary (&ebuf, &ebuf_len, &eout_len, 1, optarg)) { fprintf(stderr, "Bad engine ID value after -e flag.\n"); free(ebuf); return (-1); } if ((eout_len < 5) || (eout_len > 32)) { fprintf(stderr, "Invalid engine ID value after -e flag.\n"); free(ebuf); return (-1); } session->securityEngineID = ebuf; session->securityEngineIDLen = eout_len; break; } case 'E': { size_t ebuf_len = 32, eout_len = 0; u_char *ebuf = (u_char *)malloc(ebuf_len); if (ebuf == NULL) { fprintf(stderr, "malloc failure processing -E flag.\n"); return (-1); } if (!snmp_hex_to_binary(&ebuf, &ebuf_len, &eout_len, 1, optarg)) { fprintf(stderr, "Bad engine ID value after -E flag.\n"); free(ebuf); return (-1); } if ((eout_len < 5) || (eout_len > 32)) { fprintf(stderr, "Invalid engine ID value after -E flag.\n"); free(ebuf); return (-1); } session->contextEngineID = ebuf; session->contextEngineIDLen = eout_len; break; } case 'n': session->contextName = optarg; session->contextNameLen = strlen(optarg); break; case 'u': if (zero_sensitive) { if ((sensitive[sp] = strdup(optarg)) != NULL) { session->securityName = sensitive[sp]; session->securityNameLen = strlen(sensitive[sp]); memset(optarg, '\0', strlen(optarg)); sp++; } else { fprintf(stderr, "malloc failure processing -u flag.\n"); return -1; } } else { session->securityName = optarg; session->securityNameLen = strlen(optarg); } break; case 'l': if (!strcasecmp(optarg, "noAuthNoPriv") || !strcmp(optarg, "1") || !strcasecmp(optarg, "noauth") || !strcasecmp(optarg, "nanp")) { session->securityLevel = SNMP_SEC_LEVEL_NOAUTH; } else if (!strcasecmp(optarg, "authNoPriv") || !strcmp(optarg, "2") || !strcasecmp(optarg, "auth") || !strcasecmp(optarg, "anp")) { session->securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV; } else if (!strcasecmp(optarg, "authPriv") || !strcmp(optarg, "3") || !strcasecmp(optarg, "priv") || !strcasecmp(optarg, "ap")) { session->securityLevel = SNMP_SEC_LEVEL_AUTHPRIV; } else { fprintf(stderr, "Invalid security level specified after -l flag: %s\n", optarg); return (-1); } break; case 'a': #ifndef NETSNMP_DISABLE_MD5 if (!strcasecmp(optarg, "MD5")) { session->securityAuthProto = usmHMACMD5AuthProtocol; session->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN; } else #endif if (!strcasecmp(optarg, "SHA")) { session->securityAuthProto = usmHMACSHA1AuthProtocol; session->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN; } else { fprintf(stderr, "Invalid authentication protocol specified after -a flag: %s\n", optarg); return (-1); } break; case 'x': testcase = 0; #ifndef NETSNMP_DISABLE_DES if (!strcasecmp(optarg, "DES")) { testcase = 1; session->securityPrivProto = usmDESPrivProtocol; session->securityPrivProtoLen = USM_PRIV_PROTO_DES_LEN; } #endif #ifdef HAVE_AES if (!strcasecmp(optarg, "AES128") || !strcasecmp(optarg, "AES")) { testcase = 1; session->securityPrivProto = usmAESPrivProtocol; session->securityPrivProtoLen = USM_PRIV_PROTO_AES_LEN; } #endif if (testcase == 0) { fprintf(stderr, "Invalid privacy protocol specified after -x flag: %s\n", optarg); return (-1); } break; case 'A': if (zero_sensitive) { if ((sensitive[sp] = strdup(optarg)) != NULL) { Apsz = sensitive[sp]; memset(optarg, '\0', strlen(optarg)); sp++; } else { fprintf(stderr, "malloc failure processing -A flag.\n"); return -1; } } else { Apsz = optarg; } break; case 'X': if (zero_sensitive) { if ((sensitive[sp] = strdup(optarg)) != NULL) { Xpsz = sensitive[sp]; memset(optarg, '\0', strlen(optarg)); sp++; } else { fprintf(stderr, "malloc failure processing -X flag.\n"); return -1; } } else { Xpsz = optarg; } break; #endif /* SNMPV3_CMD_OPTIONS */ case '?': return (-1); break; default: proc(argc, argv, arg); break; } } DEBUGMSGTL(("snmp_parse_args", "finished: %d/%d\n", optind, argc)); if (!logopt) snmp_enable_stderrlog(); /* * read in MIB database and initialize the snmp library */ init_snmp("snmpapp"); /* * session default version */ if (session->version == SNMP_DEFAULT_VERSION) { /* * run time default version */ session->version = netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_SNMPVERSION); /* * compile time default version */ if (!session->version) { switch (NETSNMP_DEFAULT_SNMP_VERSION) { #ifndef NETSNMP_DISABLE_SNMPV1 case 1: session->version = SNMP_VERSION_1; break; #endif #ifndef NETSNMP_DISABLE_SNMPV2C case 2: session->version = SNMP_VERSION_2c; break; #endif #ifndef NO_SNMPV3 case 3: session->version = SNMP_VERSION_3; break; #endif default: snmp_log(LOG_ERR, "Can't determine a valid SNMP version for the session\n"); return(-2); } } else { #ifndef NETSNMP_DISABLE_SNMPV1 if (session->version == NETSNMP_DS_SNMP_VERSION_1) /* bogus value. version 1 actually = 0 */ session->version = SNMP_VERSION_1; #endif } } #ifndef NO_SNMPV3 /* * make master key from pass phrases */ if (Apsz) { session->securityAuthKeyLen = USM_AUTH_KU_LEN; if (session->securityAuthProto == NULL) { /* * get .conf set default */ const oid *def = get_default_authtype(&session->securityAuthProtoLen); session->securityAuthProto = snmp_duplicate_objid(def, session->securityAuthProtoLen); } if (session->securityAuthProto == NULL) { #ifndef NETSNMP_DISABLE_MD5 /* * assume MD5 */ session->securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, USM_AUTH_PROTO_MD5_LEN); session->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN; #else session->securityAuthProto = snmp_duplicate_objid(usmHMACSHA1AuthProtocol, USM_AUTH_PROTO_SHA_LEN); session->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN; #endif } if (generate_Ku(session->securityAuthProto, session->securityAuthProtoLen, (u_char *) Apsz, strlen(Apsz), session->securityAuthKey, &session->securityAuthKeyLen) != SNMPERR_SUCCESS) { snmp_perror(argv[0]); fprintf(stderr, "Error generating a key (Ku) from the supplied authentication pass phrase. \n"); return (-2); } } if (Xpsz) { session->securityPrivKeyLen = USM_PRIV_KU_LEN; if (session->securityPrivProto == NULL) { /* * get .conf set default */ const oid *def = get_default_privtype(&session->securityPrivProtoLen); session->securityPrivProto = snmp_duplicate_objid(def, session->securityPrivProtoLen); } if (session->securityPrivProto == NULL) { /* * assume DES */ #ifndef NETSNMP_DISABLE_DES session->securityPrivProto = snmp_duplicate_objid(usmDESPrivProtocol, USM_PRIV_PROTO_DES_LEN); session->securityPrivProtoLen = USM_PRIV_PROTO_DES_LEN; #else session->securityPrivProto = snmp_duplicate_objid(usmAESPrivProtocol, USM_PRIV_PROTO_AES_LEN); session->securityPrivProtoLen = USM_PRIV_PROTO_AES_LEN; #endif } if (generate_Ku(session->securityAuthProto, session->securityAuthProtoLen, (u_char *) Xpsz, strlen(Xpsz), session->securityPrivKey, &session->securityPrivKeyLen) != SNMPERR_SUCCESS) { snmp_perror(argv[0]); fprintf(stderr, "Error generating a key (Ku) from the supplied privacy pass phrase. \n"); return (-2); } } #endif /* * get the hostname */ if (optind == argc) { fprintf(stderr, "No hostname specified.\n"); return (-1); } session->peername = argv[optind++]; /* hostname */ #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) /* * If v1 or v2c, check community has been set, either by a -c option above, * or via a default token somewhere. * If neither, it will be taken from the incoming request PDU. */ #if defined(NETSNMP_DISABLE_SNMPV1) if (session->version == SNMP_VERSION_2c) #else #if defined(NETSNMP_DISABLE_SNMPV2C) if (session->version == SNMP_VERSION_1) #else if (session->version == SNMP_VERSION_1 || session->version == SNMP_VERSION_2c) #endif #endif { if (Cpsz == NULL) { Cpsz = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_COMMUNITY); if (Cpsz == NULL) { if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_IGNORE_NO_COMMUNITY)) { DEBUGMSGTL(("snmp_parse_args", "ignoring that the community string is not present\n")); session->community = NULL; session->community_len = 0; } else { fprintf(stderr, "No community name specified.\n"); return (-1); } } } else { session->community = (unsigned char *)Cpsz; session->community_len = strlen(Cpsz); } } #endif /* support for community based SNMP */ return optind; }
static void csnmp_host_open_session (host_definition_t *host) { struct snmp_session sess; int error; if (host->sess_handle != NULL) csnmp_host_close_session (host); snmp_sess_init (&sess); sess.peername = host->address; switch (host->version) { case 1: sess.version = SNMP_VERSION_1; break; case 3: sess.version = SNMP_VERSION_3; break; default: sess.version = SNMP_VERSION_2c; break; } if (host->version == 3) { sess.securityName = host->username; sess.securityNameLen = strlen (host->username); sess.securityLevel = host->security_level; if (sess.securityLevel == SNMP_SEC_LEVEL_AUTHNOPRIV || sess.securityLevel == SNMP_SEC_LEVEL_AUTHPRIV) { sess.securityAuthProto = host->auth_protocol; sess.securityAuthProtoLen = host->auth_protocol_len; sess.securityAuthKeyLen = USM_AUTH_KU_LEN; error = generate_Ku (sess.securityAuthProto, sess.securityAuthProtoLen, (u_char *) host->auth_passphrase, strlen(host->auth_passphrase), sess.securityAuthKey, &sess.securityAuthKeyLen); if (error != SNMPERR_SUCCESS) { ERROR ("snmp plugin: host %s: Error generating Ku from auth_passphrase. (Error %d)", host->name, error); } } if (sess.securityLevel == SNMP_SEC_LEVEL_AUTHPRIV) { sess.securityPrivProto = host->priv_protocol; sess.securityPrivProtoLen = host->priv_protocol_len; sess.securityPrivKeyLen = USM_PRIV_KU_LEN; error = generate_Ku (sess.securityAuthProto, sess.securityAuthProtoLen, (u_char *) host->priv_passphrase, strlen(host->priv_passphrase), sess.securityPrivKey, &sess.securityPrivKeyLen); if (error != SNMPERR_SUCCESS) { ERROR ("snmp plugin: host %s: Error generating Ku from priv_passphrase. (Error %d)", host->name, error); } } if (host->context != NULL) { sess.contextName = host->context; sess.contextNameLen = strlen (host->context); } } else /* SNMPv1/2 "authenticates" with community string */ { sess.community = (u_char *) host->community; sess.community_len = strlen (host->community); } /* snmp_sess_open will copy the `struct snmp_session *'. */ host->sess_handle = snmp_sess_open (&sess); if (host->sess_handle == NULL) { char *errstr = NULL; snmp_error (&sess, NULL, NULL, &errstr); ERROR ("snmp plugin: host %s: snmp_sess_open failed: %s", host->name, (errstr == NULL) ? "Unknown problem" : errstr); sfree (errstr); } } /* void csnmp_host_open_session */