int
init_snmpv3_post_premib_config(int majorid, int minorid, void *serverarg,
void *clientarg)
{
if (!engineIDIsSet)
setup_engineID(NULL, NULL);
return SNMPERR_SUCCESS;
}
int main(int argc, char **argv) {
netsnmp_session *session = NULL;
netsnmp_transport *transport = NULL;
char *listening_address = "udp:5200";
int local = 1;
char *default_domain = "udp";
program_name = basename(argv[0]);
printf("%s: main\n", program_name);
init_usm();
netsnmp_udp_ctor();
init_snmpv3(NULL);
setup_engineID(NULL, NULL);
usm_parse_create_usmUser("createUser", "-e 0x8000000001020304 traptest SHA mypassword AES");
transport = netsnmp_tdomain_transport(listening_address, local, default_domain);
if (transport == NULL) {
printf("%s: failed to open server: %s\n", argv[0], strerror(errno));
exit(EXIT_FAILURE);
}
session = snmptrapd_add_session(transport);
select_loop();
snmp_close(session);
exit(EXIT_SUCCESS);
}
/*******************************************************************-o-******
*/
int
main(int argc, char **argv)
{
int rval = SNMPERR_SUCCESS;
size_t oldKu_len = SNMP_MAXBUF_SMALL,
newKu_len = SNMP_MAXBUF_SMALL,
oldkul_len = SNMP_MAXBUF_SMALL,
newkul_len = SNMP_MAXBUF_SMALL,
keychange_len = SNMP_MAXBUF_SMALL;
char *s = NULL;
u_char oldKu[SNMP_MAXBUF_SMALL],
newKu[SNMP_MAXBUF_SMALL],
oldkul[SNMP_MAXBUF_SMALL],
newkul[SNMP_MAXBUF_SMALL],
keychange[SNMP_MAXBUF_SMALL];
int i;
int arg = 1;
local_progname = argv[0];
/*
* Parse.
*/
for(; (arg < argc) && (argv[arg][0] == '-') ; arg++){
switch(argv[arg][1]){
case 'D': snmp_set_do_debugging(1); break;
case 'E': engineid = (u_char *)argv[++arg]; break;
case 'f': forcepassphrase = 1; break;
case 'N': newpass = argv[++arg]; break;
case 'O': oldpass = argv[++arg]; break;
case 'P': promptindicator = 0; break;
case 't': transform_type_input = argv[++arg]; break;
case 'v': verbose = 1; break;
case 'V': visible = 1; break;
case 'h':
rval = 0;
default:
usage_to_file(stdout);
exit(rval);
}
}
if ( !transform_type_input ) {
fprintf(stderr, "The -t option is mandatory.\n");
usage_synopsis(stdout);
exit(1000);
}
/*
* Convert and error check transform_type.
*/
if ( !strcmp(transform_type_input, "md5") ) {
transform_type = usmHMACMD5AuthProtocol;
} else if ( !strcmp(transform_type_input, "sha1") ) {
transform_type = usmHMACSHA1AuthProtocol;
} else {
fprintf(stderr,
"Unrecognized hash transform: \"%s\".\n",
transform_type_input);
usage_synopsis(stderr);
QUITFUN(rval = SNMPERR_GENERR, main_quit);
}
if (verbose) {
fprintf(stderr, "Hash:\t\t%s\n",
(transform_type == usmHMACMD5AuthProtocol)
? "usmHMACMD5AuthProtocol"
: "usmHMACSHA1AuthProtocol"
);
}
/*
* Build engineID. Accept hex engineID as the bits
* "in-and-of-themselves", otherwise create an engineID with the
* given string as text.
*
* If no engineID is given, lookup the first IP address for the
* localhost and use that (see setup_engineID()).
*/
if ( engineid && (tolower(*(engineid+1)) == 'x') ) {
engineid_len = hex_to_binary2( engineid+2,
strlen((char *)engineid)-2,
(char **) &engineid);
DEBUGMSGTL(("encode_keychange","engineIDLen: %d\n", engineid_len));
} else {
engineid_len = setup_engineID(&engineid, (char *)engineid);
}
#ifdef SNMP_TESTING_CODE
if (verbose) {
fprintf(stderr, "EngineID:\t%s\n",
/* XXX = */ dump_snmpEngineID(engineid, &engineid_len));
}
#endif
/*
* Get passphrases from user.
*/
rval = get_user_passphrases();
QUITFUN(rval, main_quit);
if ( strlen(oldpass) < USM_LENGTH_P_MIN ) {
fprintf(stderr, "Old passphrase must be greater than %d "
"characters in length.\n",
USM_LENGTH_P_MIN);
QUITFUN(rval = SNMPERR_GENERR, main_quit);
} else if ( strlen(newpass) < USM_LENGTH_P_MIN ) {
fprintf(stderr, "New passphrase must be greater than %d "
"characters in length.\n",
USM_LENGTH_P_MIN);
QUITFUN(rval = SNMPERR_GENERR, main_quit);
}
if (verbose) {
fprintf(stderr,
"Old passphrase:\t%s\nNew passphrase:\t%s\n",
oldpass, newpass);
}
/*
* Compute Ku and Kul's from old and new passphrases, then
* compute the keychange string & print it out.
*/
rval = sc_init();
QUITFUN(rval, main_quit);
rval = generate_Ku( transform_type, USM_LENGTH_OID_TRANSFORM,
(u_char *)oldpass, strlen(oldpass),
oldKu, &oldKu_len);
QUITFUN(rval, main_quit);
rval = generate_Ku( transform_type, USM_LENGTH_OID_TRANSFORM,
(u_char *)newpass, strlen(newpass),
newKu, &newKu_len);
QUITFUN(rval, main_quit);
DEBUGMSGTL(("encode_keychange", "EID (%d): ", engineid_len));
for(i=0; i < (int)engineid_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",(int) (engineid[i])));
DEBUGMSGTL(("encode_keychange","\n"));
DEBUGMSGTL(("encode_keychange", "old Ku (%d) (from %s): ", oldKu_len, oldpass));
for(i=0; i < (int)oldKu_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",(int) (oldKu[i])));
DEBUGMSGTL(("encode_keychange","\n"));
rval = generate_kul( transform_type, USM_LENGTH_OID_TRANSFORM,
engineid, engineid_len,
oldKu, oldKu_len,
oldkul, &oldkul_len);
QUITFUN(rval, main_quit);
DEBUGMSGTL(("encode_keychange", "generating old Kul (%d) (from Ku): ", oldkul_len));
for(i=0; i < (int)oldkul_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",(int) (oldkul[i])));
DEBUGMSGTL(("encode_keychange","\n"));
rval = generate_kul( transform_type, USM_LENGTH_OID_TRANSFORM,
engineid, engineid_len,
newKu, newKu_len,
newkul, &newkul_len);
QUITFUN(rval, main_quit);
DEBUGMSGTL(("encode_keychange", "generating new Kul (%d) (from Ku): ", oldkul_len));
for(i=0; i < (int)newkul_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",newkul[i]));
DEBUGMSGTL(("encode_keychange","\n"));
rval = encode_keychange(transform_type, USM_LENGTH_OID_TRANSFORM,
oldkul, oldkul_len,
newkul, newkul_len,
keychange, &keychange_len);
QUITFUN(rval, main_quit);
binary_to_hex(keychange, keychange_len, &s);
printf("%s%s\n",
(verbose) ? "KeyChange string:\t" : "", /* XXX stdout */
s);
/*
* Cleanup.
*/
main_quit:
snmp_call_callbacks(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_SHUTDOWN,
NULL);
SNMP_ZERO(oldpass, strlen(oldpass));
SNMP_ZERO(newpass, strlen(newpass));
SNMP_ZERO(oldKu, oldKu_len);
SNMP_ZERO(newKu, newKu_len);
SNMP_ZERO(oldkul, oldkul_len);
SNMP_ZERO(newkul, newkul_len);
SNMP_ZERO(s, strlen(s));
return rval;
} /* end main() */
int main (int argc, char *argv[])
{
netsnmp_session session, *ss;
netsnmp_pdu *pdu, *response;
oid name[MAX_OID_LEN];
size_t name_length;
int arg;
int status;
char *trap = NULL;
char *prognam;
int exitval = 0;
#ifndef NETSNMP_DISABLE_SNMPV1
char *specific = NULL, *description = NULL, *agent = NULL;
in_addr_t *pdu_in_addr_t;
#endif
prognam = strrchr (argv[0], '/');
if (prognam)
prognam++;
else
prognam = argv[0];
putenv (strdup ("POSIXLY_CORRECT=1"));
if (strcmp (prognam, "snmpinform") == 0)
inform = 1;
switch (arg = snmp_parse_args (argc, argv, &session, "C:", optProc))
{
case NETSNMP_PARSE_ARGS_ERROR:
exit (1);
case NETSNMP_PARSE_ARGS_SUCCESS_EXIT:
exit (0);
case NETSNMP_PARSE_ARGS_ERROR_USAGE:
usage ();
exit (1);
default:
break;
}
SOCK_STARTUP;
session.callback = snmp_input;
session.callback_magic = NULL;
/*
* setup the local engineID which may be for either or both of the
* contextEngineID and/or the securityEngineID.
*/
setup_engineID (NULL, NULL);
/* if we don't have a contextEngineID set via command line
arguments, use our internal engineID as the context. */
if (session.contextEngineIDLen == 0 || session.contextEngineID == NULL)
{
session.contextEngineID = snmpv3_generate_engineID (&session.contextEngineIDLen);
}
if (session.version == SNMP_VERSION_3 && !inform)
{
/*
* for traps, we use ourselves as the authoritative engine
* which is really stupid since command line apps don't have a
* notion of a persistent engine. Hence, our boots and time
* values are probably always really wacked with respect to what
* a manager would like to see.
*
* The following should be enough to:
*
* 1) prevent the library from doing discovery for engineid & time.
* 2) use our engineid instead of the remote engineid for
* authoritative & privacy related operations.
* 3) The remote engine must be configured with users for our engineID.
*
* -- Wes
*/
/*
* pick our own engineID
*/
if (session.securityEngineIDLen == 0 || session.securityEngineID == NULL)
{
session.securityEngineID = snmpv3_generate_engineID (&session.securityEngineIDLen);
}
/*
* set boots and time, which will cause problems if this
* machine ever reboots and a remote trap receiver has cached our
* boots and time... I'll cause a not-in-time-window report to
* be sent back to this machine.
*/
if (session.engineBoots == 0)
session.engineBoots = 1;
if (session.engineTime == 0) /* not really correct, */
session.engineTime = get_uptime (); /* but it'll work. Sort of. */
}
ss = snmp_add (&session, netsnmp_transport_open_client ("snmptrap", session.peername), NULL, NULL);
if (ss == NULL)
{
/*
* diagnose netsnmp_transport_open_client and snmp_add errors with
* the input netsnmp_session pointer
*/
snmp_sess_perror ("snmptrap", &session);
SOCK_CLEANUP;
exit (1);
}
#ifndef NETSNMP_DISABLE_SNMPV1
if (session.version == SNMP_VERSION_1)
{
if (inform)
{
fprintf (stderr, "Cannot send INFORM as SNMPv1 PDU\n");
SOCK_CLEANUP;
exit (1);
}
pdu = snmp_pdu_create (SNMP_MSG_TRAP);
if (!pdu)
{
fprintf (stderr, "Failed to create trap PDU\n");
SOCK_CLEANUP;
exit (1);
}
pdu_in_addr_t = (in_addr_t *) pdu->agent_addr;
if (arg == argc)
{
fprintf (stderr, "No enterprise oid\n");
usage ();
SOCK_CLEANUP;
exit (1);
}
if (argv[arg][0] == 0)
{
pdu->enterprise = (oid *) malloc (sizeof (objid_enterprise));
memcpy (pdu->enterprise, objid_enterprise, sizeof (objid_enterprise));
pdu->enterprise_length = sizeof (objid_enterprise) / sizeof (oid);
}
else
{
name_length = MAX_OID_LEN;
if (!snmp_parse_oid (argv[arg], name, &name_length))
{
snmp_perror (argv[arg]);
usage ();
SOCK_CLEANUP;
exit (1);
}
pdu->enterprise = (oid *) malloc (name_length * sizeof (oid));
memcpy (pdu->enterprise, name, name_length * sizeof (oid));
pdu->enterprise_length = name_length;
}
if (++arg >= argc)
{
fprintf (stderr, "Missing agent parameter\n");
usage ();
SOCK_CLEANUP;
exit (1);
}
agent = argv[arg];
if (agent != NULL && strlen (agent) != 0)
{
int ret = netsnmp_gethostbyname_v4 (agent, pdu_in_addr_t);
if (ret < 0)
{
fprintf (stderr, "unknown host: %s\n", agent);
exit (1);
}
}
else
{
*pdu_in_addr_t = get_myaddr ();
}
if (++arg == argc)
{
fprintf (stderr, "Missing generic-trap parameter\n");
usage ();
SOCK_CLEANUP;
exit (1);
}
trap = argv[arg];
pdu->trap_type = atoi (trap);
if (++arg == argc)
{
fprintf (stderr, "Missing specific-trap parameter\n");
usage ();
SOCK_CLEANUP;
exit (1);
}
specific = argv[arg];
pdu->specific_type = atoi (specific);
if (++arg == argc)
{
fprintf (stderr, "Missing uptime parameter\n");
usage ();
SOCK_CLEANUP;
exit (1);
}
description = argv[arg];
if (description == NULL || *description == 0)
pdu->time = get_uptime ();
else
pdu->time = atol (description);
}
else
#endif
{
long sysuptime;
char csysuptime[20];
pdu = snmp_pdu_create (inform ? SNMP_MSG_INFORM : SNMP_MSG_TRAP2);
if (!pdu)
{
fprintf (stderr, "Failed to create notification PDU\n");
SOCK_CLEANUP;
exit (1);
}
if (arg == argc)
{
fprintf (stderr, "Missing up-time parameter\n");
usage ();
SOCK_CLEANUP;
exit (1);
}
trap = argv[arg];
if (*trap == 0)
{
sysuptime = get_uptime ();
sprintf (csysuptime, "%ld", sysuptime);
trap = csysuptime;
}
snmp_add_var (pdu, objid_sysuptime, sizeof (objid_sysuptime) / sizeof (oid), 't', trap);
if (++arg == argc)
{
fprintf (stderr, "Missing trap-oid parameter\n");
usage ();
SOCK_CLEANUP;
exit (1);
}
if (snmp_add_var (pdu, objid_snmptrap, sizeof (objid_snmptrap) / sizeof (oid), 'o', argv[arg]) != 0)
{
snmp_perror (argv[arg]);
SOCK_CLEANUP;
exit (1);
}
}
arg++;
while (arg < argc)
{
arg += 3;
if (arg > argc)
{
fprintf (stderr, "%s: Missing type/value for variable\n", argv[arg - 3]);
SOCK_CLEANUP;
exit (1);
}
name_length = MAX_OID_LEN;
if (!snmp_parse_oid (argv[arg - 3], name, &name_length))
{
snmp_perror (argv[arg - 3]);
SOCK_CLEANUP;
exit (1);
}
if (snmp_add_var (pdu, name, name_length, argv[arg - 2][0], argv[arg - 1]) != 0)
{
snmp_perror (argv[arg - 3]);
SOCK_CLEANUP;
exit (1);
}
}
if (inform)
status = snmp_synch_response (ss, pdu, &response);
else
status = snmp_send (ss, pdu) == 0;
if (status)
{
snmp_sess_perror (inform ? "snmpinform" : "snmptrap", ss);
if (!inform)
snmp_free_pdu (pdu);
exitval = 1;
}
else if (inform)
snmp_free_pdu (response);
snmp_close (ss);
snmp_shutdown ("snmpapp");
SOCK_CLEANUP;
return exitval;
}
/*******************************************************************-o-******
* engineID_conf
*
* Parameters:
* *word
* *cptr
*
* This function reads a string from the configuration file and uses that
* string to initialize the engineID. It's assumed to be human readable.
*/
void
engineID_conf(const char *word, char *cptr)
{
setup_engineID(NULL, cptr);
DEBUGMSGTL(("snmpv3", "initialized engineID with: %s\n", cptr));
}
/*******************************************************************-o-******
* init_snmpv3
*
* Parameters:
* *type Label for the config file "type" used by calling entity.
*
* Set time and engineID.
* Set parsing functions for config file tokens.
* Initialize SNMP Crypto API (SCAPI).
*/
void
init_snmpv3(const char *type) {
gettimeofday(&snmpv3starttime, NULL);
if (type == NULL)
type = "snmpapp";
if (type && !strcmp(type,"snmpapp")) {
setup_engineID(NULL,"__snmpapp__");
} else {
setup_engineID(NULL, NULL);
}
/* initialize submodules */
init_usm();
/* we need to be called back later */
snmp_register_callback(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_POST_READ_CONFIG,
init_snmpv3_post_config, NULL);
/* we need to be called back later */
snmp_register_callback(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_STORE_DATA,
snmpv3_store, (void *) type);
#if !defined(USE_INTERNAL_MD5)
/* doesn't belong here at all */
sc_init();
#endif /* !USE_INTERNAL_MD5 */
/* register all our configuration handlers (ack, there's a lot) */
/* handle engineID setup before everything else which may depend on it */
register_premib_handler(type,"engineID", engineID_conf, NULL, "string");
register_premib_handler(type,"oldEngineID", oldengineID_conf, NULL, NULL);
register_config_handler(type,"engineBoots", engineBoots_conf, NULL, NULL);
/* default store config entries */
ds_register_config(ASN_OCTET_STR, "snmp", "defSecurityName", DS_LIBRARY_ID,
DS_LIB_SECNAME);
ds_register_config(ASN_OCTET_STR, "snmp", "defContext", DS_LIBRARY_ID,
DS_LIB_CONTEXT);
ds_register_config(ASN_OCTET_STR, "snmp", "defPassphrase", DS_LIBRARY_ID,
DS_LIB_PASSPHRASE);
ds_register_config(ASN_OCTET_STR, "snmp", "defAuthPassphrase", DS_LIBRARY_ID,
DS_LIB_AUTHPASSPHRASE);
ds_register_config(ASN_OCTET_STR, "snmp", "defPrivPassphrase", DS_LIBRARY_ID,
DS_LIB_PRIVPASSPHRASE);
register_config_handler("snmp","defVersion", version_conf, NULL, "1|2c|3");
register_config_handler("snmp","defAuthType", snmpv3_authtype_conf, NULL,
"MD5|SHA");
register_config_handler("snmp","defPrivType", snmpv3_privtype_conf, NULL,
"DES (currently the only possible value)");
register_config_handler("snmp","defSecurityLevel", snmpv3_secLevel_conf,
NULL, "noAuthNoPriv|authNoPriv|authPriv");
register_config_handler(type,"userSetAuthPass", usm_set_password, NULL,
"secname engineIDLen engineID pass");
register_config_handler(type,"userSetPrivPass", usm_set_password, NULL,
"secname engineIDLen engineID pass");
register_config_handler(type,"userSetAuthKey", usm_set_password, NULL,
"secname engineIDLen engineID KuLen Ku");
register_config_handler(type,"userSetPrivKey", usm_set_password, NULL,
"secname engineIDLen engineID KuLen Ku");
register_config_handler(type,"userSetAuthLocalKey", usm_set_password, NULL,
"secname engineIDLen engineID KulLen Kul");
register_config_handler(type,"userSetPrivLocalKey", usm_set_password, NULL,
"secname engineIDLen engineID KulLen Kul");
}
