void
usm_parse_create_usmUser(const char *token, char *line)
{
char *cp;
char buf[SNMP_MAXBUF_MEDIUM];
struct usmUser *newuser;
u_char userKey[SNMP_MAXBUF_SMALL], *tmpp;
size_t userKeyLen = SNMP_MAXBUF_SMALL;
size_t privKeyLen = 0;
size_t ret;
int ret2;
int testcase;
newuser = usm_create_user();
/*
* READ: Security Name
*/
cp = copy_nword(line, buf, sizeof(buf));
/*
* might be a -e ENGINEID argument
*/
if (strcmp(buf, "-e") == 0) {
size_t ebuf_len = 32, eout_len = 0;
u_char *ebuf = (u_char *) malloc(ebuf_len);
if (ebuf == NULL) {
config_perror("malloc failure processing -e flag");
usm_free_user(newuser);
return;
}
/*
* Get the specified engineid from the line.
*/
cp = copy_nword(cp, buf, sizeof(buf));
if (!snmp_hex_to_binary(&ebuf, &ebuf_len, &eout_len, 1, buf)) {
config_perror("invalid EngineID argument to -e");
usm_free_user(newuser);
SNMP_FREE(ebuf);
return;
}
newuser->engineID = ebuf;
newuser->engineIDLen = eout_len;
cp = copy_nword(cp, buf, sizeof(buf));
} else {
newuser->engineID = snmpv3_generate_engineID(&ret);
if (ret == 0) {
usm_free_user(newuser);
return;
}
newuser->engineIDLen = ret;
}
newuser->secName = strdup(buf);
newuser->name = strdup(buf);
if (!cp)
goto add; /* no authentication or privacy type */
/*
* READ: Authentication Type
*/
#ifndef NETSNMP_DISABLE_MD5
if (strncmp(cp, "MD5", 3) == 0) {
memcpy(newuser->authProtocol, usmHMACMD5AuthProtocol,
sizeof(usmHMACMD5AuthProtocol));
} else
#endif
if (strncmp(cp, "SHA", 3) == 0) {
memcpy(newuser->authProtocol, usmHMACSHA1AuthProtocol,
sizeof(usmHMACSHA1AuthProtocol));
} else {
config_perror("Unknown authentication protocol");
usm_free_user(newuser);
return;
}
cp = skip_token(cp);
/*
* READ: Authentication Pass Phrase or key
*/
if (!cp) {
config_perror("no authentication pass phrase");
usm_free_user(newuser);
return;
}
cp = copy_nword(cp, buf, sizeof(buf));
if (strcmp(buf,"-m") == 0) {
/* a master key is specified */
cp = copy_nword(cp, buf, sizeof(buf));
ret = sizeof(userKey);
tmpp = userKey;
userKeyLen = 0;
if (!snmp_hex_to_binary(&tmpp, &ret, &userKeyLen, 0, buf)) {
config_perror("invalid key value argument to -m");
usm_free_user(newuser);
return;
}
} else if (strcmp(buf,"-l") != 0) {
/* a password is specified */
userKeyLen = sizeof(userKey);
ret2 = generate_Ku(newuser->authProtocol, newuser->authProtocolLen,
(u_char *) buf, strlen(buf), userKey, &userKeyLen);
if (ret2 != SNMPERR_SUCCESS) {
config_perror("could not generate the authentication key from the "
"supplied pass phrase.");
usm_free_user(newuser);
return;
}
}
/*
* And turn it into a localized key
*/
ret2 = sc_get_properlength(newuser->authProtocol,
newuser->authProtocolLen);
if (ret2 <= 0) {
config_perror("Could not get proper authentication protocol key length");
return;
}
newuser->authKey = (u_char *) malloc(ret2);
if (strcmp(buf,"-l") == 0) {
/* a local key is directly specified */
cp = copy_nword(cp, buf, sizeof(buf));
newuser->authKeyLen = 0;
ret = ret2;
if (!snmp_hex_to_binary(&newuser->authKey, &ret,
&newuser->authKeyLen, 0, buf)) {
config_perror("invalid key value argument to -l");
usm_free_user(newuser);
return;
}
if (ret != newuser->authKeyLen) {
config_perror("improper key length to -l");
usm_free_user(newuser);
return;
}
} else {
newuser->authKeyLen = ret2;
ret2 = generate_kul(newuser->authProtocol, newuser->authProtocolLen,
newuser->engineID, newuser->engineIDLen,
userKey, userKeyLen,
newuser->authKey, &newuser->authKeyLen);
if (ret2 != SNMPERR_SUCCESS) {
config_perror("could not generate localized authentication key "
"(Kul) from the master key (Ku).");
usm_free_user(newuser);
return;
}
}
if (!cp)
goto add; /* no privacy type (which is legal) */
/*
* READ: Privacy Type
*/
testcase = 0;
#ifndef NETSNMP_DISABLE_DES
if (strncmp(cp, "DES", 3) == 0) {
memcpy(newuser->privProtocol, usmDESPrivProtocol,
sizeof(usmDESPrivProtocol));
testcase = 1;
/* DES uses a 128 bit key, 64 bits of which is a salt */
privKeyLen = 16;
}
#endif
#ifdef HAVE_AES
if (strncmp(cp, "AES128", 6) == 0 ||
strncmp(cp, "AES", 3) == 0) {
memcpy(newuser->privProtocol, usmAESPrivProtocol,
sizeof(usmAESPrivProtocol));
testcase = 1;
privKeyLen = 16;
}
#endif
if (testcase == 0) {
config_perror("Unknown privacy protocol");
usm_free_user(newuser);
return;
}
cp = skip_token(cp);
/*
* READ: Encryption Pass Phrase or key
*/
if (!cp) {
/*
* assume the same as the authentication key
*/
memdup(&newuser->privKey, newuser->authKey, newuser->authKeyLen);
newuser->privKeyLen = newuser->authKeyLen;
} else {
cp = copy_nword(cp, buf, sizeof(buf));
if (strcmp(buf,"-m") == 0) {
/* a master key is specified */
cp = copy_nword(cp, buf, sizeof(buf));
ret = sizeof(userKey);
tmpp = userKey;
userKeyLen = 0;
if (!snmp_hex_to_binary(&tmpp, &ret, &userKeyLen, 0, buf)) {
config_perror("invalid key value argument to -m");
usm_free_user(newuser);
return;
}
} else if (strcmp(buf,"-l") != 0) {
/* a password is specified */
userKeyLen = sizeof(userKey);
ret2 = generate_Ku(newuser->authProtocol, newuser->authProtocolLen,
(u_char *) buf, strlen(buf), userKey, &userKeyLen);
if (ret2 != SNMPERR_SUCCESS) {
config_perror("could not generate the privacy key from the "
"supplied pass phrase.");
usm_free_user(newuser);
return;
}
}
/*
* And turn it into a localized key
*/
ret2 = sc_get_properlength(newuser->authProtocol,
newuser->authProtocolLen);
if (ret2 < 0) {
config_perror("could not get proper key length to use for the "
"privacy algorithm.");
usm_free_user(newuser);
return;
}
newuser->privKey = (u_char *) malloc(ret2);
if (strcmp(buf,"-l") == 0) {
/* a local key is directly specified */
cp = copy_nword(cp, buf, sizeof(buf));
ret = ret2;
newuser->privKeyLen = 0;
if (!snmp_hex_to_binary(&newuser->privKey, &ret,
&newuser->privKeyLen, 0, buf)) {
config_perror("invalid key value argument to -l");
usm_free_user(newuser);
return;
}
} else {
newuser->privKeyLen = ret2;
ret2 = generate_kul(newuser->authProtocol, newuser->authProtocolLen,
newuser->engineID, newuser->engineIDLen,
userKey, userKeyLen,
newuser->privKey, &newuser->privKeyLen);
if (ret2 != SNMPERR_SUCCESS) {
config_perror("could not generate localized privacy key "
"(Kul) from the master key (Ku).");
usm_free_user(newuser);
return;
}
}
}
if ((newuser->privKeyLen >= privKeyLen) || (privKeyLen == 0)){
newuser->privKeyLen = privKeyLen;
}
else {
/* The privKey length is smaller than required by privProtocol */
usm_free_user(newuser);
return;
}
add:
usm_add_user(newuser);
DEBUGMSGTL(("usmUser", "created a new user %s at ", newuser->secName));
DEBUGMSGHEX(("usmUser", newuser->engineID, newuser->engineIDLen));
DEBUGMSG(("usmUser", "\n"));
}
void
usm_parse_create_usmUser(const char *token, char *line) {
char *cp;
char buf[SNMP_MAXBUF_MEDIUM];
struct usmUser *newuser;
u_char userKey[SNMP_MAXBUF_SMALL];
size_t userKeyLen = SNMP_MAXBUF_SMALL;
int ret;
newuser = usm_create_user();
/* READ: Security Name */
cp = copy_word(line, buf);
newuser->secName = strdup(buf);
newuser->name = strdup(buf);
newuser->engineID = snmpv3_generate_engineID(&ret);
if ( ret < 0 ) {
usm_free_user(newuser);
return;
}
newuser->engineIDLen = ret;
if (!cp)
goto add; /* no authentication or privacy type */
/* READ: Authentication Type */
if (strncmp(cp, "MD5", 3) == 0) {
memcpy(newuser->authProtocol, usmHMACMD5AuthProtocol,
sizeof(usmHMACMD5AuthProtocol));
} else if (strncmp(cp, "SHA", 3) == 0) {
memcpy(newuser->authProtocol, usmHMACSHA1AuthProtocol,
sizeof(usmHMACSHA1AuthProtocol));
} else {
config_perror("Unknown authentication protocol");
usm_free_user(newuser);
return;
}
cp = skip_token(cp);
/* READ: Authentication Pass Phrase */
if (!cp) {
config_perror("no authentication pass phrase");
usm_free_user(newuser);
return;
}
cp = copy_word(cp, buf);
/* And turn it into a localized key */
ret = generate_Ku(newuser->authProtocol, newuser->authProtocolLen,
(u_char *)buf, strlen(buf),
userKey, &userKeyLen );
if (ret != SNMPERR_SUCCESS) {
config_perror("Error generating auth key from pass phrase.");
usm_free_user(newuser);
return;
}
newuser->authKeyLen =
sc_get_properlength(newuser->authProtocol, newuser->authProtocolLen);
newuser->authKey = (u_char *) malloc(newuser->authKeyLen);
ret = generate_kul(newuser->authProtocol, newuser->authProtocolLen,
newuser->engineID, newuser->engineIDLen,
userKey, userKeyLen,
newuser->authKey, &newuser->authKeyLen );
if (ret != SNMPERR_SUCCESS) {
config_perror("Error generating localized auth key (Kul) from Ku.");
usm_free_user(newuser);
return;
}
if (!cp)
goto add; /* no privacy type (which is legal) */
/* READ: Privacy Type */
if (strncmp(cp, "DES", 3) == 0) {
memcpy(newuser->privProtocol, usmDESPrivProtocol,
sizeof(usmDESPrivProtocol));
} else {
config_perror("Unknown privacy protocol");
usm_free_user(newuser);
return;
}
cp = skip_token(cp);
/* READ: Authentication Pass Phrase */
if (!cp) {
/* assume the same as the authentication key */
memdup(&newuser->privKey, newuser->authKey, newuser->authKeyLen);
} else {
cp = copy_word(cp, buf);
/* And turn it into a localized key */
ret = generate_Ku(newuser->authProtocol, newuser->authProtocolLen,
(u_char *)buf, strlen(buf),
userKey, &userKeyLen );
if (ret != SNMPERR_SUCCESS) {
config_perror("Error generating priv key from pass phrase.");
usm_free_user(newuser);
return;
}
ret = sc_get_properlength(newuser->authProtocol, newuser->authProtocolLen);
if (ret < 0) {
config_perror("Error getting proper key length for priv algorithm.");
usm_free_user(newuser);
return;
}
newuser->privKeyLen = ret;
newuser->privKey = (u_char *) malloc(newuser->privKeyLen);
ret = generate_kul(newuser->authProtocol, newuser->authProtocolLen,
newuser->engineID, newuser->engineIDLen,
userKey, userKeyLen,
newuser->privKey, &newuser->privKeyLen );
if (ret != SNMPERR_SUCCESS) {
config_perror("Error generating localized priv key (Kul) from Ku.");
usm_free_user(newuser);
return;
}
}
add:
usm_add_user(newuser);
DEBUGMSGTL(("usmUser","created a new user %s\n", newuser->secName));
}
