/** This is called when a PDU is cloned (to increase reference counts) */
static int
tsm_clone_pdu(netsnmp_pdu *pdu, netsnmp_pdu *pdu2)
{
netsnmp_tsmSecurityReference *oldref, *newref;
oldref = pdu->securityStateRef;
if (!oldref)
return SNMPERR_SUCCESS;
newref = SNMP_MALLOC_TYPEDEF(netsnmp_tsmSecurityReference);
DEBUGMSGTL(("tsm", "cloned as pdu=%p, ref=%p (oldref=%p)\n",
pdu2, newref, pdu2->securityStateRef));
if (!newref)
return SNMPERR_GENERR;
memcpy(newref, oldref, sizeof(*oldref));
pdu2->securityStateRef = newref;
/* the tm state reference is just a link to the one in the pdu,
which was already copied by snmp_clone_pdu before handing it to
us. */
newref->tmStateRef = netsnmp_memdup(oldref->tmStateRef,
sizeof(*oldref->tmStateRef));
return SNMPERR_SUCCESS;
}
/** clones a data row. DOES NOT CLONE THE CONTAINED DATA. */
netsnmp_table_row *
netsnmp_table_data_clone_row(netsnmp_table_row *row)
{
netsnmp_table_row *newrow = NULL;
if (!row)
return NULL;
newrow = (netsnmp_table_row *) netsnmp_memdup(row, sizeof(netsnmp_table_row));
if (!newrow)
return NULL;
if (row->indexes) {
newrow->indexes = snmp_clone_varbind(newrow->indexes);
if (!newrow->indexes) {
free(newrow);
return NULL;
}
}
if (row->index_oid) {
newrow->index_oid =
snmp_duplicate_objid(row->index_oid, row->index_oid_len);
if (!newrow->index_oid) {
free(newrow->indexes);
free(newrow);
return NULL;
}
}
return newrow;
}
netsnmp_tdata_row *
netsnmp_tdata_clone_row(netsnmp_tdata_row *row)
{
netsnmp_tdata_row *newrow = NULL;
if (!row)
return NULL;
newrow = netsnmp_memdup(row, sizeof(netsnmp_tdata_row));
if (!newrow)
return NULL;
if (row->indexes) {
newrow->indexes = snmp_clone_varbind(newrow->indexes);
if (!newrow->indexes) {
SNMP_FREE(newrow);
return NULL;
}
}
if (row->oid_index.oids) {
newrow->oid_index.oids =
snmp_duplicate_objid(row->oid_index.oids, row->oid_index.len);
if (!newrow->oid_index.oids) {
if (newrow->indexes)
snmp_free_varbind(newrow->indexes);
SNMP_FREE(newrow);
return NULL;
}
}
return newrow;
}
void
agentx_register_callbacks(netsnmp_session * s)
{
netsnmp_session *sess_p;
DEBUGMSGTL(("agentx/subagent",
"registering callbacks for session %p\n", s));
sess_p = netsnmp_memdup(&s, sizeof(s));
netsnmp_assert(sess_p);
s->myvoid = sess_p;
if (!sess_p)
return;
snmp_register_callback(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_SHUTDOWN,
subagent_shutdown, sess_p);
snmp_register_callback(SNMP_CALLBACK_APPLICATION,
SNMPD_CALLBACK_REGISTER_OID,
agentx_registration_callback, sess_p);
snmp_register_callback(SNMP_CALLBACK_APPLICATION,
SNMPD_CALLBACK_UNREGISTER_OID,
agentx_registration_callback, sess_p);
snmp_register_callback(SNMP_CALLBACK_APPLICATION,
SNMPD_CALLBACK_REG_SYSOR,
agentx_sysOR_callback, sess_p);
snmp_register_callback(SNMP_CALLBACK_APPLICATION,
SNMPD_CALLBACK_UNREG_SYSOR,
agentx_sysOR_callback, sess_p);
}
static int
expValueTable_set(struct expExpressionTable_data *expression_data,
const char *owner, size_t owner_len, const char *name,
size_t name_len, oid *index, size_t index_len)
{
netsnmp_variable_list *vars = NULL;
struct expValueTable_data *thedata;
struct header_complex_index *hcindex;
int found = 0;
for (hcindex = expValueTableStorage; hcindex; hcindex = hcindex->next) {
thedata = hcindex->data;
if (strcmp(thedata->expExpressionOwner, owner) == 0 &&
thedata->expExpressionOwnerLen == owner_len &&
strcmp(thedata->expExpressionName, name) == 0 &&
thedata->expExpressionNameLen == name_len) {
found = 1;
break;
}
}
if (found) {
if (snmp_oid_compare(thedata->expValueInstance,
thedata->expValueInstanceLen, index,
index_len) != 0) {
SNMP_FREE(thedata->expValueInstance);
thedata->expValueInstance = netsnmp_memdup(index, index_len);
thedata->expValueInstanceLen = index_len;
} else {
SNMP_FREE(index);
}
} else if ((thedata = calloc(1, sizeof(*thedata)))) {
thedata->expExpressionOwner = owner;
thedata->expExpressionOwnerLen = owner_len;
thedata->expExpressionName = name;
thedata->expExpressionNameLen = name_len;
thedata->expValueInstance = index;
thedata->expValueInstanceLen = index_len;
thedata->expression_data = expression_data;
snmp_varlist_add_variable(&vars, NULL, 0, ASN_OCTET_STR,
(const char *) thedata->expExpressionOwner,
thedata->expExpressionOwnerLen);
snmp_varlist_add_variable(&vars, NULL, 0, ASN_OCTET_STR,
(const char *) thedata->expExpressionName,
thedata->expExpressionNameLen);
snmp_varlist_add_variable(&vars, NULL, 0, ASN_PRIV_IMPLIED_OBJECT_ID,
(u_char *) thedata->expValueInstance,
thedata->expValueInstanceLen * sizeof(oid));
header_complex_add_data(&expValueTableStorage, vars, thedata);
} else {
return SNMPERR_GENERR;
}
thedata->set = 1;
return SNMPERR_SUCCESS;
}
struct expObjectTable_data *
create_expObjectTable_data(void)
{
struct expObjectTable_data *StorageNew;
StorageNew = SNMP_MALLOC_STRUCT(expObjectTable_data);
/*
* fill in default row values here into StorageNew
*/
/*
* fill in values for all tables (even if not
* appropriate), since its easier to do here than anywhere
* else
*/
StorageNew->expObjectIDWildcard = EXPOBJCETIDWILDCARD_FALSE;
StorageNew->expObjectSampleType = EXPOBJCETSAMPLETYPE_ABSOLUTEVALUE;
StorageNew->expObjectDeltaDiscontinuityID =
netsnmp_memdup(TimeInstance, sizeof(TimeInstance));
StorageNew->expObjectDeltaDiscontinuityIDLen =
sizeof(TimeInstance) / sizeof(oid);
StorageNew->expObjectDiscontinuityIDWildcard =
EXPOBJCETDISCONTINUITYIDWILDCARD_FALSE;
StorageNew->expObjectDiscontinuityIDType =
EXPOBJECTDISCONTINUITYIDTYPE_TIMETICKS;
StorageNew->expObjectConditional = calloc(1, sizeof(oid) * 2); /* 0.0 */
StorageNew->expObjectConditionalLen = 2;
StorageNew->expObjectID = calloc(1, sizeof(oid) * 2); /* 0.0 */
StorageNew->expObjectIDLen = 2;
StorageNew->expObjectConditionalWildcard =
EXPOBJECTCONDITIONALWILDCARD_FALSE;
StorageNew->storageType = ST_NONVOLATILE;
return StorageNew;
}
void
return_delayed_response(unsigned int clientreg, void *clientarg)
{
/*
* extract the cache from the passed argument
*/
netsnmp_delegated_cache *cache = (netsnmp_delegated_cache *) clientarg;
netsnmp_request_info *requests;
netsnmp_agent_request_info *reqinfo;
u_long *delay_time_cache = NULL;
/*
* here we double check that the cache we created earlier is still
* * valid. If not, the request timed out for some reason and we
* * don't need to keep processing things. Should never happen, but
* * this double checks.
*/
cache = netsnmp_handler_check_cache(cache);
if (!cache) {
snmp_log(LOG_ERR, "illegal call to return delayed response\n");
return;
}
/*
* re-establish the previous pointers we are used to having
*/
reqinfo = cache->reqinfo;
requests = cache->requests;
DEBUGMSGTL(("delayed_instance",
"continuing delayed request, mode = %d\n",
cache->reqinfo->mode));
/*
* mention that it's no longer delegated, and we've now answered
* the query (which we'll do down below).
*/
requests->delegated = 0;
switch (cache->reqinfo->mode) {
/*
* registering as an instance means we don't need to deal with
* getnext processing, so we don't handle it here at all.
*
* However, since the instance handler already reset the mode
* back to GETNEXT from the faked GET mode, we need to do the
* same thing in both cases. This should be fixed in future
* versions of net-snmp hopefully.
*/
case MODE_GET:
case MODE_GETNEXT:
/*
* return the currend delay time
*/
snmp_set_var_typed_value(cache->requests->requestvb,
ASN_INTEGER,
(u_char *) & delay_time,
sizeof(delay_time));
break;
#ifndef NETSNMP_NO_WRITE_SUPPORT
case MODE_SET_RESERVE1:
/*
* check type
*/
if (requests->requestvb->type != ASN_INTEGER) {
/*
* not an integer. Bad dog, no bone.
*/
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_WRONGTYPE);
/*
* we don't need the cache any longer
*/
netsnmp_free_delegated_cache(cache);
return;
}
break;
case MODE_SET_RESERVE2:
/*
* store old value for UNDO support in the future.
*/
delay_time_cache = netsnmp_memdup(&delay_time, sizeof(delay_time));
/*
* malloc failed
*/
if (delay_time_cache == NULL) {
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_RESOURCEUNAVAILABLE);
netsnmp_free_delegated_cache(cache);
return;
}
/*
* Add our temporary information to the request itself.
* This is then retrivable later. The free function
* passed auto-frees it when the request is later
* deleted.
*/
netsnmp_request_add_list_data(requests,
netsnmp_create_data_list
(DELAYED_INSTANCE_SET_NAME,
delay_time_cache, free));
break;
case MODE_SET_ACTION:
/*
* update current value
*/
delay_time = *(requests->requestvb->val.integer);
DEBUGMSGTL(("testhandler", "updated delay_time -> %ld\n",
delay_time));
break;
case MODE_SET_UNDO:
/*
* ack, something somewhere failed. We reset back to the
* previously old value by extracting the previosuly
* stored information back out of the request
*/
delay_time =
*((u_long *) netsnmp_request_get_list_data(requests,
DELAYED_INSTANCE_SET_NAME));
break;
case MODE_SET_COMMIT:
case MODE_SET_FREE:
/*
* the only thing to do here is free the old memdup'ed
* value, but it's auto-freed by the datalist recovery, so
* we don't have anything to actually do here
*/
break;
#endif /* NETSNMP_NO_WRITE_SUPPORT */
}
/*
* free the information cache
*/
netsnmp_free_delegated_cache(cache);
}
int
write_expObjectDeltaDiscontinuityID(int action,
u_char * var_val,
u_char var_val_type,
size_t var_val_len,
u_char * statP, oid * name,
size_t name_len)
{
static oid *tmpvar;
struct expObjectTable_data *StorageTmp = NULL;
static size_t tmplen;
size_t newlen =
name_len - (sizeof(expObjectTable_variables_oid) / sizeof(oid) +
3 - 1);
DEBUGMSGTL(("expObjectTable",
"write_expObjectDeltaDiscontinuityID entering action=%d... \n",
action));
if ((StorageTmp =
header_complex(expObjectTableStorage, NULL,
&name[sizeof(expObjectTable_variables_oid) /
sizeof(oid) + 3 - 1], &newlen, 1, NULL,
NULL)) == NULL)
return SNMP_ERR_NOSUCHNAME; /* remove if you support creation here */
switch (action) {
case RESERVE1:
if (var_val_type != ASN_OBJECT_ID) {
snmp_log(LOG_ERR,
"write to expObjectDeltaDiscontinuityID not ASN_OBJECT_ID\n");
return SNMP_ERR_WRONGTYPE;
}
if (StorageTmp->storageType != ST_NONVOLATILE)
return SNMP_ERR_NOTWRITABLE;
break;
case RESERVE2:
/*
* memory reseveration, final preparation...
*/
break;
case FREE:
/*
* Release any resources that have been allocated
*/
break;
case ACTION:
/*
* The variable has been stored in objid for
* you to use, and you have just been asked to do something with
* it. Note that anything done here must be reversable in the UNDO case
*/
tmpvar = StorageTmp->expObjectDeltaDiscontinuityID;
tmplen = StorageTmp->expObjectDeltaDiscontinuityIDLen;
StorageTmp->expObjectDeltaDiscontinuityID =
netsnmp_memdup(var_val, var_val_len);
StorageTmp->expObjectDeltaDiscontinuityIDLen =
var_val_len / sizeof(oid);
break;
case UNDO:
/*
* Back out any changes made in the ACTION case
*/
SNMP_FREE(StorageTmp->expObjectDeltaDiscontinuityID);
StorageTmp->expObjectDeltaDiscontinuityID = tmpvar;
StorageTmp->expObjectDeltaDiscontinuityIDLen = tmplen;
break;
case COMMIT:
/*
* Things are working well, so it's now safe to make the change
* permanently. Make sure that anything done here can't fail!
*/
/*
* XXX: if the valueID has actually changed, shouldn't we dump any
* previous values, as these are from a different object?
*/
SNMP_FREE(tmpvar);
snmp_store_needed(NULL);
break;
}
return SNMP_ERR_NOERROR;
}
int
my_test_instance_handler(netsnmp_mib_handler *handler,
netsnmp_handler_registration *reginfo,
netsnmp_agent_request_info *reqinfo,
netsnmp_request_info *requests)
{
static u_long accesses = 0;
u_long *accesses_cache = NULL;
DEBUGMSGTL(("testhandler", "Got instance request:\n"));
switch (reqinfo->mode) {
case MODE_GET:
snmp_set_var_typed_value(requests->requestvb, ASN_UNSIGNED,
(u_char *) & accesses, sizeof(accesses));
break;
#ifndef NETSNMP_NO_WRITE_SUPPORT
case MODE_SET_RESERVE1:
if (requests->requestvb->type != ASN_UNSIGNED)
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_WRONGTYPE);
break;
case MODE_SET_RESERVE2:
/*
* store old info for undo later
*/
accesses_cache = netsnmp_memdup(&accesses, sizeof(accesses));
if (accesses_cache == NULL) {
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_RESOURCEUNAVAILABLE);
return SNMP_ERR_NOERROR;
}
netsnmp_request_add_list_data(requests,
netsnmp_create_data_list
(TESTHANDLER_SET_NAME,
accesses_cache, free));
break;
case MODE_SET_ACTION:
/*
* update current
*/
accesses = *(requests->requestvb->val.integer);
DEBUGMSGTL(("testhandler", "updated accesses -> %d\n", accesses));
break;
case MODE_SET_UNDO:
accesses =
*((u_long *) netsnmp_request_get_list_data(requests,
TESTHANDLER_SET_NAME));
break;
case MODE_SET_COMMIT:
case MODE_SET_FREE:
/*
* nothing to do
*/
break;
#endif /* NETSNMP_NO_WRITE_SUPPORT */
}
return SNMP_ERR_NOERROR;
}
int
notifyTable_register_notifications(int major, int minor,
void *serverarg, void *clientarg)
{
struct targetAddrTable_struct *ptr;
struct targetParamTable_struct *pptr;
struct snmpNotifyTable_data *nptr;
int confirm, i, bufLen;
char buf[SNMP_MAXBUF_SMALL];
netsnmp_transport *t = NULL;
struct agent_add_trap_args *args =
(struct agent_add_trap_args *) serverarg;
netsnmp_session *ss;
if (!args || !(args->ss)) {
return (0);
}
confirm = args->confirm;
ss = args->ss;
/*
* XXX: START move target creation to target code
*/
for (i = 0; i < MAX_ENTRIES; i++) {
bufLen = sprintf(buf, "internal%d", i);
if (get_addrForName2(buf, bufLen) == NULL &&
get_paramEntry(buf) == NULL)
break;
}
if (i == MAX_ENTRIES) {
snmp_log(LOG_ERR,
"Can't register new trap destination: max limit reached: %d",
MAX_ENTRIES);
snmp_sess_close(ss);
return (0);
}
/*
* address
*/
t = snmp_sess_transport(snmp_sess_pointer(ss));
if (!t) {
snmp_log(LOG_ERR,
"Cannot add new trap destination, transport is closed.");
snmp_sess_close(ss);
return 0;
}
ptr = snmpTargetAddrTable_create();
ptr->nameData = netsnmp_memdup(buf, bufLen);
ptr->nameLen = bufLen;
memcpy(ptr->tDomain, t->domain, t->domain_length * sizeof(oid));
ptr->tDomainLen = t->domain_length;
ptr->tAddressLen = t->remote_length;
ptr->tAddress = t->remote;
ptr->timeout = ss->timeout / 10000;
ptr->retryCount = ss->retries;
SNMP_FREE(ptr->tagList);
ptr->tagList = strdup(buf); /* strdup ok since buf contains 'internal%d' */
ptr->params = strdup(buf);
ptr->storageType = ST_READONLY;
ptr->rowStatus = RS_ACTIVE;
ptr->sess = ss;
DEBUGMSGTL(("trapsess", "adding to trap table\n"));
snmpTargetAddrTable_add(ptr);
/*
* param
*/
pptr = snmpTargetParamTable_create();
pptr->paramName = strdup(buf);
pptr->mpModel = ss->version;
if (ss->version == SNMP_VERSION_3) {
pptr->secModel = ss->securityModel;
pptr->secLevel = ss->securityLevel;
pptr->secName = (char *) malloc(ss->securityNameLen + 1);
if (pptr->secName == NULL) {
snmpTargetParamTable_dispose(pptr);
return 0;
}
memcpy((void *) pptr->secName, (void *) ss->securityName,
ss->securityNameLen);
pptr->secName[ss->securityNameLen] = 0;
}
#if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C)
else {
pptr->secModel =
#ifndef NETSNMP_DISABLE_SNMPV1
ss->version == SNMP_VERSION_1 ? SNMP_SEC_MODEL_SNMPv1 :
#endif
SNMP_SEC_MODEL_SNMPv2c;
pptr->secLevel = SNMP_SEC_LEVEL_NOAUTH;
pptr->secName = NULL;
if (ss->community && (ss->community_len > 0)) {
pptr->secName = (char *) malloc(ss->community_len + 1);
if (pptr->secName == NULL) {
snmpTargetParamTable_dispose(pptr);
return 0;
}
memcpy((void *) pptr->secName, (void *) ss->community,
ss->community_len);
pptr->secName[ss->community_len] = 0;
}
}
#endif
pptr->storageType = ST_READONLY;
pptr->rowStatus = RS_ACTIVE;
snmpTargetParamTable_add(pptr);
/*
* XXX: END move target creation to target code
*/
/*
* notify table
*/
nptr = SNMP_MALLOC_STRUCT(snmpNotifyTable_data);
if (nptr == NULL)
return 0;
nptr->snmpNotifyName = strdup(buf);
nptr->snmpNotifyNameLen = strlen(buf);
nptr->snmpNotifyTag = strdup(buf);
nptr->snmpNotifyTagLen = strlen(buf);
nptr->snmpNotifyType = confirm ?
SNMPNOTIFYTYPE_INFORM : SNMPNOTIFYTYPE_TRAP;
nptr->snmpNotifyStorageType = ST_READONLY;
nptr->snmpNotifyRowStatus = RS_ACTIVE;
snmpNotifyTable_add(nptr);
return 0;
}
int
write_mteTriggerExistenceEvent(int action,
u_char * var_val,
u_char var_val_type,
size_t var_val_len,
u_char * statP, oid * name, size_t name_len)
{
static char *tmpvar;
struct mteTriggerTable_data *StorageTmp = NULL;
static size_t tmplen;
size_t newlen =
name_len -
(sizeof(mteTriggerExistenceTable_variables_oid) / sizeof(oid) + 3 -
1);
DEBUGMSGTL(("mteTriggerExistenceTable",
"write_mteTriggerExistenceEvent entering action=%d... \n",
action));
if ((StorageTmp =
header_complex(mteTriggerTableStorage, NULL,
&name[sizeof
(mteTriggerExistenceTable_variables_oid) /
sizeof(oid) + 3 - 1], &newlen, 1, NULL,
NULL)) == NULL)
return SNMP_ERR_NOSUCHNAME; /* remove if you support creation here */
switch (action) {
case RESERVE1:
if (var_val_type != ASN_OCTET_STR) {
fprintf(stderr,
"write to mteTriggerExistenceEvent not ASN_OCTET_STR\n");
return SNMP_ERR_WRONGTYPE;
}
if (StorageTmp->storageType != ST_NONVOLATILE)
return SNMP_ERR_NOTWRITABLE;
break;
case RESERVE2:
/*
* memory reseveration, final preparation...
*/
break;
case FREE:
/*
* Release any resources that have been allocated
*/
break;
case ACTION:
/*
* The variable has been stored in string for
* you to use, and you have just been asked to do something with
* it. Note that anything done here must be reversable in the UNDO case
*/
tmpvar = StorageTmp->mteTriggerExistenceEvent;
tmplen = StorageTmp->mteTriggerExistenceEventLen;
StorageTmp->mteTriggerExistenceEvent =
netsnmp_memdup(var_val, var_val_len);
StorageTmp->mteTriggerExistenceEventLen = var_val_len;
break;
case UNDO:
/*
* Back out any changes made in the ACTION case
*/
SNMP_FREE(StorageTmp->mteTriggerExistenceEvent);
StorageTmp->mteTriggerExistenceEvent = tmpvar;
StorageTmp->mteTriggerExistenceEventLen = tmplen;
break;
case COMMIT:
/*
* Things are working well, so it's now safe to make the change
* permanently. Make sure that anything done here can't fail!
*/
SNMP_FREE(tmpvar);
break;
}
return SNMP_ERR_NOERROR;
}
int
tsm_rgenerate_out_msg(struct snmp_secmod_outgoing_params *parms)
{
u_char **wholeMsg = parms->wholeMsg;
size_t *offset = parms->wholeMsgOffset;
int rc;
size_t *wholeMsgLen = parms->wholeMsgLen;
netsnmp_tsmSecurityReference *tsmSecRef;
netsnmp_tmStateReference *tmStateRef;
int tmStateRefLocal = 0;
DEBUGMSGTL(("tsm", "Starting TSM processing\n"));
/* if we have this, then this message to be sent is in response to
something that came in earlier and the tsmSecRef was created by
the tsm_process_in_msg. */
tsmSecRef = parms->secStateRef;
if (tsmSecRef) {
/* 4.2, step 1: If there is a securityStateReference (Response
or Report message), then this Security Model uses the
cached information rather than the information provided by
the ASI. */
/* 4.2, step 1: Extract the tmStateReference from the
securityStateReference cache. */
netsnmp_assert_or_return(NULL != tsmSecRef->tmStateRef, SNMPERR_GENERR);
tmStateRef = tsmSecRef->tmStateRef;
/* 4.2 step 1: Set the tmRequestedSecurityLevel to the value
of the extracted tmTransportSecurityLevel. */
tmStateRef->requestedSecurityLevel = tmStateRef->transportSecurityLevel;
/* 4.2 step 1: Set the tmSameSecurity parameter in the
tmStateReference cache to true. */
tmStateRef->sameSecurity = NETSNMP_TM_USE_SAME_SECURITY;
/* 4.2 step 1: The cachedSecurityData for this message can
now be discarded. */
SNMP_FREE(parms->secStateRef);
} else {
/* 4.2, step 2: If there is no securityStateReference (e.g., a
Request-type or Notification message), then create a
tmStateReference cache. */
tmStateRef = SNMP_MALLOC_TYPEDEF(netsnmp_tmStateReference);
netsnmp_assert_or_return(NULL != tmStateRef, SNMPERR_GENERR);
tmStateRefLocal = 1;
/* XXX: we don't actually use this really in our implementation */
/* 4.2, step 2: Set tmTransportDomain to the value of
transportDomain, tmTransportAddress to the value of
transportAddress */
/* 4.2, step 2: and tmRequestedSecurityLevel to the value of
securityLevel. */
tmStateRef->requestedSecurityLevel = parms->secLevel;
/* 4.2, step 2: Set the transaction-specific tmSameSecurity
parameter to false. */
tmStateRef->sameSecurity = NETSNMP_TM_SAME_SECURITY_NOT_REQUIRED;
if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_TSM_USE_PREFIX)) {
/* XXX: probably shouldn't be a hard-coded list of
supported transports */
/* 4.2, step 2: If the snmpTsmConfigurationUsePrefix
object is set to true, then use the transportDomain to
look up the corresponding prefix. */
const char *prefix;
if (strncmp("ssh:",parms->session->peername,4) == 0)
prefix = "ssh:";
else if (strncmp("dtls:",parms->session->peername,5) == 0)
prefix = "dtls:";
else if (strncmp("tls:",parms->session->peername,4) == 0)
prefix = "tls:";
else {
/* 4.2, step 2: If the prefix lookup fails for any
reason, then the snmpTsmUnknownPrefixes counter is
incremented, an error indication is returned to the
calling module, and message processing stops. */
snmp_increment_statistic(STAT_TSM_SNMPTSMUNKNOWNPREFIXES);
SNMP_FREE(tmStateRef);
return SNMPERR_GENERR;
}
/* 4.2, step 2: If the lookup succeeds, but there is no
prefix in the securityName, or the prefix returned does
not match the prefix in the securityName, or the length
of the prefix is less than 1 or greater than 4 US-ASCII
alpha-numeric characters, then the
snmpTsmInvalidPrefixes counter is incremented, an error
indication is returned to the calling module, and
message processing stops. */
if (strchr(parms->secName, ':') == 0 ||
strlen(prefix)+1 >= parms->secNameLen ||
strncmp(parms->secName, prefix, strlen(prefix)) != 0 ||
parms->secName[strlen(prefix)] != ':') {
/* Note: since we're assiging the prefixes above the
prefix lengths always meet the 1-4 criteria */
snmp_increment_statistic(STAT_TSM_SNMPTSMINVALIDPREFIXES);
SNMP_FREE(tmStateRef);
return SNMPERR_GENERR;
}
/* 4.2, step 2: Strip the transport-specific prefix and
trailing ':' character (US-ASCII 0x3a) from the
securityName. Set tmSecurityName to the value of
securityName. */
memcpy(tmStateRef->securityName,
parms->secName + strlen(prefix) + 1,
parms->secNameLen - strlen(prefix) - 1);
tmStateRef->securityNameLen = parms->secNameLen - strlen(prefix) -1;
} else {
/* 4.2, step 2: If the snmpTsmConfigurationUsePrefix object is
set to false, then set tmSecurityName to the value
of securityName. */
memcpy(tmStateRef->securityName, parms->secName,
parms->secNameLen);
tmStateRef->securityNameLen = parms->secNameLen;
}
}
/* truncate the security name with a '\0' for safety */
tmStateRef->securityName[tmStateRef->securityNameLen] = '\0';
/* 4.2, step 3: Set securityParameters to a zero-length OCTET
* STRING ('0400').
*/
DEBUGDUMPHEADER("send", "tsm security parameters");
rc = asn_realloc_rbuild_header(wholeMsg, wholeMsgLen, offset, 1,
(u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE
| ASN_OCTET_STR), 0);
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("tsm", "building msgSecurityParameters failed.\n"));
if (tmStateRefLocal)
SNMP_FREE(tmStateRef);
return SNMPERR_TOO_LONG;
}
/* 4.2, step 4: Combine the message parts into a wholeMsg and
calculate wholeMsgLength.
*/
while ((*wholeMsgLen - *offset) < parms->globalDataLen) {
if (!asn_realloc(wholeMsg, wholeMsgLen)) {
DEBUGMSGTL(("tsm", "building global data failed.\n"));
if (tmStateRefLocal)
SNMP_FREE(tmStateRef);
return SNMPERR_TOO_LONG;
}
}
*offset += parms->globalDataLen;
memcpy(*wholeMsg + *wholeMsgLen - *offset,
parms->globalData, parms->globalDataLen);
/* 4.2, step 5: The wholeMsg, wholeMsgLength, securityParameters,
and tmStateReference are returned to the calling Message
Processing Model with the statusInformation set to success. */
/* For the Net-SNMP implemantion that actually means we start
encoding the full packet sequence from here before returning it */
/*
* Total packet sequence.
*/
rc = asn_realloc_rbuild_sequence(wholeMsg, wholeMsgLen, offset, 1,
(u_char) (ASN_SEQUENCE |
ASN_CONSTRUCTOR), *offset);
if (rc == 0) {
DEBUGMSGTL(("tsm", "building master packet sequence failed.\n"));
if (tmStateRefLocal)
SNMP_FREE(tmStateRef);
return SNMPERR_TOO_LONG;
}
if (parms->pdu->transport_data &&
parms->pdu->transport_data != tmStateRef) {
snmp_log(LOG_ERR, "tsm: needed to free transport data\n");
SNMP_FREE(parms->pdu->transport_data);
}
/* put the transport state reference into the PDU for the transport */
parms->pdu->transport_data = netsnmp_memdup(tmStateRef, sizeof(*tmStateRef));
if (!parms->pdu->transport_data)
snmp_log(LOG_ERR, "tsm: malloc failure\n");
parms->pdu->transport_data_length = sizeof(*tmStateRef);
if (tmStateRefLocal)
SNMP_FREE(tmStateRef);
DEBUGMSGTL(("tsm", "TSM processing completed.\n"));
return SNMPERR_SUCCESS;
}
netsnmp_transport *
netsnmp_ssh_transport(const struct sockaddr_in *addr, int local)
{
netsnmp_transport *t = NULL;
netsnmp_ssh_addr_pair *addr_pair = NULL;
int rc = 0;
int i, auth_pw = 0;
const char *fingerprint;
char *userauthlist;
struct sockaddr_un *unaddr;
const char *sockpath =
netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_SSHTOSNMP_SOCKET);
char tmpsockpath[MAXPATHLEN];
#ifdef NETSNMP_NO_LISTEN_SUPPORT
if (local)
return NULL;
#endif /* NETSNMP_NO_LISTEN_SUPPORT */
if (addr == NULL || addr->sin_family != AF_INET) {
return NULL;
}
t = SNMP_MALLOC_TYPEDEF(netsnmp_transport);
if (t == NULL) {
return NULL;
}
t->domain = netsnmp_snmpSSHDomain;
t->domain_length = netsnmp_snmpSSHDomain_len;
t->flags = NETSNMP_TRANSPORT_FLAG_STREAM | NETSNMP_TRANSPORT_FLAG_TUNNELED;
addr_pair = SNMP_MALLOC_TYPEDEF(netsnmp_ssh_addr_pair);
if (addr_pair == NULL) {
netsnmp_transport_free(t);
return NULL;
}
t->data = addr_pair;
t->data_length = sizeof(netsnmp_ssh_addr_pair);
if (local) {
#ifndef NETSNMP_NO_LISTEN_SUPPORT
#ifdef SNMPSSHDOMAIN_USE_EXTERNAL_PIPE
/* XXX: set t->local and t->local_length */
t->flags |= NETSNMP_TRANSPORT_FLAG_LISTEN;
unaddr = &addr_pair->unix_socket_end;
/* open a unix domain socket */
/* XXX: get data from the transport def for it's location */
unaddr->sun_family = AF_UNIX;
if (NULL == sockpath) {
sprintf(tmpsockpath, "%s/%s", get_persistent_directory(),
DEFAULT_SOCK_NAME);
sockpath = tmpsockpath;
}
snprintf(unaddr->sun_path, sizeof(unaddr->sun_path), "%s", sockpath);
snprintf(addr_pair->socket_path, sizeof(addr_pair->socket_path), "%s",
sockpath);
t->sock = socket(PF_UNIX, SOCK_STREAM, 0);
if (t->sock < 0) {
netsnmp_transport_free(t);
return NULL;
}
/* set the SO_PASSCRED option so we can receive the remote uid */
{
int one = 1;
setsockopt(t->sock, SOL_SOCKET, SO_PASSCRED, (void *) &one,
sizeof(one));
}
unlink(unaddr->sun_path);
rc = bind(t->sock, unaddr, SUN_LEN(unaddr));
if (rc != 0) {
DEBUGMSGTL(("netsnmp_ssh_transport",
"couldn't bind \"%s\", errno %d (%s)\n",
unaddr->sun_path, errno, strerror(errno)));
netsnmp_ssh_close(t);
netsnmp_transport_free(t);
return NULL;
}
/* set the socket permissions */
{
/*
* Apply any settings to the ownership/permissions of the
* Sshdomain socket
*/
int sshdomain_sock_perm =
netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_SSHDOMAIN_SOCK_PERM);
int sshdomain_sock_user =
netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_SSHDOMAIN_SOCK_USER);
int sshdomain_sock_group =
netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_SSHDOMAIN_SOCK_GROUP);
DEBUGMSGTL(("ssh", "here: %s, %d, %d, %d\n",
unaddr->sun_path,
sshdomain_sock_perm, sshdomain_sock_user,
sshdomain_sock_group));
if (sshdomain_sock_perm != 0) {
DEBUGMSGTL(("ssh", "Setting socket perms to %d\n",
sshdomain_sock_perm));
chmod(unaddr->sun_path, sshdomain_sock_perm);
}
if (sshdomain_sock_user || sshdomain_sock_group) {
/*
* If either of user or group haven't been set,
* then leave them unchanged.
*/
if (sshdomain_sock_user == 0 )
sshdomain_sock_user = -1;
if (sshdomain_sock_group == 0 )
sshdomain_sock_group = -1;
DEBUGMSGTL(("ssh", "Setting socket user/group to %d/%d\n",
sshdomain_sock_user, sshdomain_sock_group));
chown(unaddr->sun_path,
sshdomain_sock_user, sshdomain_sock_group);
}
}
rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
if (rc != 0) {
DEBUGMSGTL(("netsnmp_ssh_transport",
"couldn't listen to \"%s\", errno %d (%s)\n",
unaddr->sun_path, errno, strerror(errno)));
netsnmp_ssh_close(t);
netsnmp_transport_free(t);
return NULL;
}
#else /* we're called directly by sshd and use stdin/out */
/* for ssh on the server side we've been launched so bind to
stdin/out */
/* nothing to do */
/* XXX: verify we're inside ssh */
t->sock = STDIN_FILENO;
#endif /* ! SNMPSSHDOMAIN_USE_EXTERNAL_PIPE */
#else /* NETSNMP_NO_LISTEN_SUPPORT */
netsnmp_transport_free(t);
return NULL;
#endif /* NETSNMP_NO_LISTEN_SUPPORT */
} else {
char *username;
char *keyfilepub;
char *keyfilepriv;
/* use the requested user name */
/* XXX: default to the current user name on the system like ssh does */
username = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_SSH_USERNAME);
if (!username || 0 == *username) {
snmp_log(LOG_ERR, "You must specify a ssh username to use. See the snmp.conf manual page\n");
netsnmp_transport_free(t);
return NULL;
}
/* use the requested public key file */
keyfilepub = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_SSH_PUBKEY);
if (!keyfilepub || 0 == *keyfilepub) {
/* XXX: default to ~/.ssh/id_rsa.pub */
snmp_log(LOG_ERR, "You must specify a ssh public key file to use. See the snmp.conf manual page\n");
netsnmp_transport_free(t);
return NULL;
}
/* use the requested private key file */
keyfilepriv = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_SSH_PRIVKEY);
if (!keyfilepriv || 0 == *keyfilepriv) {
/* XXX: default to keyfilepub without the .pub suffix */
snmp_log(LOG_ERR, "You must specify a ssh private key file to use. See the snmp.conf manual page\n");
netsnmp_transport_free(t);
return NULL;
}
/* xxx: need an ipv6 friendly one too (sigh) */
/* XXX: not ideal when structs don't actually match size wise */
memcpy(&(addr_pair->remote_addr), addr, sizeof(struct sockaddr_in));
t->sock = socket(PF_INET, SOCK_STREAM, 0);
if (t->sock < 0) {
netsnmp_transport_free(t);
return NULL;
}
t->remote_length = sizeof(*addr);
t->remote = netsnmp_memdup(addr, sizeof(*addr));
if (!t->remote) {
netsnmp_ssh_close(t);
netsnmp_transport_free(t);
return NULL;
}
/*
* This is a client-type session, so attempt to connect to the far
* end. We don't go non-blocking here because it's not obvious what
* you'd then do if you tried to do snmp_sends before the connection
* had completed. So this can block.
*/
rc = connect(t->sock, addr, sizeof(struct sockaddr));
if (rc < 0) {
netsnmp_ssh_close(t);
netsnmp_transport_free(t);
return NULL;
}
/*
* Allow user to override the send and receive buffers. Default is
* to use os default. Don't worry too much about errors --
* just plough on regardless.
*/
netsnmp_sock_buffer_set(t->sock, SO_SNDBUF, local, 0);
netsnmp_sock_buffer_set(t->sock, SO_RCVBUF, local, 0);
/* open the SSH session and channel */
addr_pair->session = libssh2_session_init();
if (libssh2_session_startup(addr_pair->session, t->sock)) {
shutdown:
snmp_log(LOG_ERR, "Failed to establish an SSH session\n");
netsnmp_ssh_close(t);
netsnmp_transport_free(t);
return NULL;
}
/* At this point we havn't authenticated, The first thing to
do is check the hostkey's fingerprint against our known
hosts Your app may have it hard coded, may go to a file,
may present it to the user, that's your call
*/
fingerprint =
libssh2_hostkey_hash(addr_pair->session, LIBSSH2_HOSTKEY_HASH_MD5);
DEBUGMSGTL(("ssh", "Fingerprint: "));
for(i = 0; i < 16; i++) {
DEBUGMSG(("ssh", "%02x",
(unsigned char)fingerprint[i]));
}
DEBUGMSG(("ssh", "\n"));
/* check what authentication methods are available */
userauthlist =
libssh2_userauth_list(addr_pair->session,
username, strlen(username));
DEBUGMSG(("ssh", "Authentication methods: %s\n", userauthlist));
/* XXX: allow other types */
/* XXX: 4 seems magic to me... */
if (strstr(userauthlist, "publickey") != NULL) {
auth_pw |= 4;
}
/* XXX: hard coded paths and users */
if (auth_pw & 4) {
/* public key */
if (libssh2_userauth_publickey_fromfile(addr_pair->session,
username,
keyfilepub, keyfilepriv,
NULL)) {
snmp_log(LOG_ERR,"Authentication by public key failed!\n");
goto shutdown;
} else {
DEBUGMSG(("ssh",
"\tAuthentication by public key succeeded.\n"));
}
} else {
snmp_log(LOG_ERR,"Authentication by public key failed!\n");
goto shutdown;
}
/* we've now authenticated both sides; contining onward ... */
/* Request a channel */
if (!(addr_pair->channel =
libssh2_channel_open_session(addr_pair->session))) {
snmp_log(LOG_ERR, "Unable to open a session\n");
goto shutdown;
}
/* Request a terminal with 'vanilla' terminal emulation
* See /etc/termcap for more options
*/
/* XXX: needed? doubt it */
/* if (libssh2_channel_request_pty(addr_pair->channel, "vanilla")) { */
/* snmp_log(LOG_ERR, "Failed requesting pty\n"); */
/* goto shutdown; */
/* } */
if (libssh2_channel_subsystem(addr_pair->channel, "snmp")) {
snmp_log(LOG_ERR, "Failed to request the ssh 'snmp' subsystem\n");
goto shutdown;
}
}
DEBUGMSG(("ssh","Opened connection.\n"));
/*
* Message size is not limited by this transport (hence msgMaxSize
* is equal to the maximum legal size of an SNMP message).
*/
t->msgMaxSize = SNMP_MAX_PACKET_LEN;
t->f_recv = netsnmp_ssh_recv;
t->f_send = netsnmp_ssh_send;
t->f_close = netsnmp_ssh_close;
t->f_accept = netsnmp_ssh_accept;
t->f_fmtaddr = netsnmp_ssh_fmtaddr;
return t;
}
int
netsnmp_instance_num_file_handler(netsnmp_mib_handler *handler,
netsnmp_handler_registration *reginfo,
netsnmp_agent_request_info *reqinfo,
netsnmp_request_info *requests)
{
netsnmp_num_file_instance *nfi;
u_long it;
#ifndef NETSNMP_NO_WRITE_SUPPORT
u_long *it_save;
#endif /* NETSNMP_NO_WRITE_SUPPORT */
int rc;
netsnmp_assert(NULL != handler);
nfi = (netsnmp_num_file_instance *)handler->myvoid;
netsnmp_assert(NULL != nfi);
netsnmp_assert(NULL != nfi->file_name);
DEBUGMSGTL(("netsnmp_instance_int_handler", "Got request: %d\n",
reqinfo->mode));
switch (reqinfo->mode) {
/*
* data requests
*/
case MODE_GET:
/*
* Use a long here, otherwise on 64 bit use of an int would fail
*/
netsnmp_assert(NULL == nfi->filep);
nfi->filep = fopen(nfi->file_name, "r");
if (NULL == nfi->filep) {
netsnmp_set_request_error(reqinfo, requests,
SNMP_NOSUCHINSTANCE);
return SNMP_ERR_NOERROR;
}
rc = fscanf(nfi->filep, (nfi->type == ASN_INTEGER) ? "%ld" : "%lu",
&it);
fclose(nfi->filep);
nfi->filep = NULL;
if (rc != 1) {
netsnmp_set_request_error(reqinfo, requests,
SNMP_NOSUCHINSTANCE);
return SNMP_ERR_NOERROR;
}
snmp_set_var_typed_value(requests->requestvb, nfi->type,
(u_char *) &it, sizeof(it));
break;
/*
* SET requests. Should only get here if registered RWRITE
*/
#ifndef NETSNMP_NO_WRITE_SUPPORT
case MODE_SET_RESERVE1:
netsnmp_assert(NULL == nfi->filep);
if (requests->requestvb->type != nfi->type)
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_WRONGTYPE);
break;
case MODE_SET_RESERVE2:
netsnmp_assert(NULL == nfi->filep);
nfi->filep = fopen(nfi->file_name, "w+");
if (NULL == nfi->filep) {
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_NOTWRITABLE);
return SNMP_ERR_NOERROR;
}
/*
* store old info for undo later
*/
if (fscanf(nfi->filep, (nfi->type == ASN_INTEGER) ? "%ld" : "%lu",
&it) != 1) {
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_RESOURCEUNAVAILABLE);
return SNMP_ERR_NOERROR;
}
it_save = netsnmp_memdup(&it, sizeof(u_long));
if (it_save == NULL) {
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_RESOURCEUNAVAILABLE);
return SNMP_ERR_NOERROR;
}
netsnmp_request_add_list_data(requests,
netsnmp_create_data_list
(INSTANCE_HANDLER_NAME, it_save,
&free_wrapper));
break;
case MODE_SET_ACTION:
/*
* update current
*/
DEBUGMSGTL(("helper:instance", "updated %s -> %ld\n", nfi->file_name,
*(requests->requestvb->val.integer)));
it = *(requests->requestvb->val.integer);
rewind(nfi->filep); /* rewind to make sure we are at the beginning */
rc = fprintf(nfi->filep, (nfi->type == ASN_INTEGER) ? "%ld" : "%lu",
it);
if (rc < 0) {
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_GENERR);
return SNMP_ERR_NOERROR;
}
break;
case MODE_SET_UNDO:
it =
*((u_int *) netsnmp_request_get_list_data(requests,
INSTANCE_HANDLER_NAME));
rc = fprintf(nfi->filep, (nfi->type == ASN_INTEGER) ? "%ld" : "%lu",
it);
if (rc < 0)
netsnmp_set_request_error(reqinfo, requests,
SNMP_ERR_UNDOFAILED);
/* FALL THROUGH */
case MODE_SET_COMMIT:
case MODE_SET_FREE:
if (NULL != nfi->filep) {
fclose(nfi->filep);
nfi->filep = NULL;
}
break;
#endif /* NETSNMP_NO_WRITE_SUPPORT */
default:
snmp_log(LOG_ERR,
"netsnmp_instance_num_file_handler: illegal mode\n");
netsnmp_set_request_error(reqinfo, requests, SNMP_ERR_GENERR);
return SNMP_ERR_NOERROR;
}
if (handler->next && handler->next->access_method)
return netsnmp_call_next_handler(handler, reginfo, reqinfo,
requests);
return SNMP_ERR_NOERROR;
}
