/contrib/bsnmp/snmpd/main.c
https://bitbucket.org/freebsd/freebsd-head/ · C · 3277 lines · 2434 code · 513 blank · 330 comment · 654 complexity · 0688c8abe78f8fe7c0eac9a3c53b4665 MD5 · raw file
Large files are truncated click here to view the full file
- /*
- * Copyright (c) 2001-2003
- * Fraunhofer Institute for Open Communication Systems (FhG Fokus).
- * All rights reserved.
- *
- * Author: Harti Brandt <harti@freebsd.org>
- *
- * Copyright (c) 2010 The FreeBSD Foundation
- * All rights reserved.
- *
- * Portions of this software were developed by Shteryana Sotirova Shopova
- * under sponsorship from the FreeBSD Foundation.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Begemot: bsnmp/snmpd/main.c,v 1.100 2006/02/14 09:04:20 brandt_h Exp $
- *
- * SNMPd main stuff.
- */
- #include <sys/queue.h>
- #include <sys/param.h>
- #include <sys/un.h>
- #include <sys/ucred.h>
- #include <sys/uio.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <stddef.h>
- #include <string.h>
- #include <stdarg.h>
- #include <ctype.h>
- #include <errno.h>
- #include <syslog.h>
- #include <unistd.h>
- #include <signal.h>
- #include <dlfcn.h>
- #include <inttypes.h>
- #ifdef USE_TCPWRAPPERS
- #include <arpa/inet.h>
- #include <tcpd.h>
- #endif
- #include "support.h"
- #include "snmpmod.h"
- #include "snmpd.h"
- #include "tree.h"
- #include "oid.h"
- #define PATH_PID "/var/run/%s.pid"
- #define PATH_CONFIG "/etc/%s.config"
- #define PATH_ENGINE "/var/%s.engine"
- uint64_t this_tick; /* start of processing of current packet (absolute) */
- uint64_t start_tick; /* start of processing */
- struct systemg systemg = {
- NULL,
- { 8, { 1, 3, 6, 1, 4, 1, 1115, 7352 }},
- NULL, NULL, NULL,
- 64 + 8 + 4,
- 0
- };
- struct debug debug = {
- 0, /* dump_pdus */
- LOG_DEBUG, /* log_pri */
- 0, /* evdebug */
- };
- struct snmpd snmpd = {
- 2048, /* txbuf */
- 2048, /* rxbuf */
- 0, /* comm_dis */
- 0, /* auth_traps */
- {0, 0, 0, 0}, /* trap1addr */
- VERS_ENABLE_ALL,/* version_enable */
- };
- struct snmpd_stats snmpd_stats;
- struct snmpd_usmstat snmpd_usmstats;
- /* snmpEngine */
- struct snmp_engine snmpd_engine;
- /* snmpSerialNo */
- int32_t snmp_serial_no;
- struct snmpd_target_stats snmpd_target_stats;
- /* search path for config files */
- const char *syspath = PATH_SYSCONFIG;
- /* list of all loaded modules */
- struct lmodules lmodules = TAILQ_HEAD_INITIALIZER(lmodules);
- /* list of loaded modules during start-up in the order they were loaded */
- static struct lmodules modules_start = TAILQ_HEAD_INITIALIZER(modules_start);
- /* list of all known communities */
- struct community_list community_list = TAILQ_HEAD_INITIALIZER(community_list);
- /* list of all known USM users */
- struct usm_userlist usm_userlist = SLIST_HEAD_INITIALIZER(usm_userlist);
- /* A list of all VACM users configured, including v1, v2c and v3 */
- struct vacm_userlist vacm_userlist = SLIST_HEAD_INITIALIZER(vacm_userlist);
- /* A list of all VACM groups */
- struct vacm_grouplist vacm_grouplist = SLIST_HEAD_INITIALIZER(vacm_grouplist);
- static struct vacm_group vacm_default_group = {
- .groupname = "",
- };
- /* The list of configured access entries */
- struct vacm_accesslist vacm_accesslist = TAILQ_HEAD_INITIALIZER(vacm_accesslist);
- /* The list of configured views */
- struct vacm_viewlist vacm_viewlist = SLIST_HEAD_INITIALIZER(vacm_viewlist);
- /* The list of configured contexts */
- struct vacm_contextlist vacm_contextlist =
- SLIST_HEAD_INITIALIZER(vacm_contextlist);
- /* list of all installed object resources */
- struct objres_list objres_list = TAILQ_HEAD_INITIALIZER(objres_list);
- /* community value generator */
- static u_int next_community_index = 1;
- /* list of all known ranges */
- struct idrange_list idrange_list = TAILQ_HEAD_INITIALIZER(idrange_list);
- /* identifier generator */
- u_int next_idrange = 1;
- /* list of all current timers */
- struct timer_list timer_list = LIST_HEAD_INITIALIZER(timer_list);
- /* list of file descriptors */
- struct fdesc_list fdesc_list = LIST_HEAD_INITIALIZER(fdesc_list);
- /* program arguments */
- static char **progargs;
- static int nprogargs;
- /* current community */
- u_int community;
- static struct community *comm;
- /* current USM user */
- struct usm_user *usm_user;
- /* file names */
- static char config_file[MAXPATHLEN + 1];
- static char pid_file[MAXPATHLEN + 1];
- char engine_file[MAXPATHLEN + 1];
- #ifndef USE_LIBBEGEMOT
- /* event context */
- static evContext evctx;
- #endif
- /* signal mask */
- static sigset_t blocked_sigs;
- /* signal handling */
- static int work;
- #define WORK_DOINFO 0x0001
- #define WORK_RECONFIG 0x0002
- /* oids */
- static const struct asn_oid
- oid_snmpMIB = OIDX_snmpMIB,
- oid_begemotSnmpd = OIDX_begemotSnmpd,
- oid_coldStart = OIDX_coldStart,
- oid_authenticationFailure = OIDX_authenticationFailure;
- const struct asn_oid oid_zeroDotZero = { 2, { 0, 0 }};
- const struct asn_oid oid_usmUnknownEngineIDs =
- { 11, { 1, 3, 6, 1, 6, 3, 15, 1, 1, 4, 0}};
- const struct asn_oid oid_usmNotInTimeWindows =
- { 11, { 1, 3, 6, 1, 6, 3, 15, 1, 1, 2, 0}};
- /* request id generator for traps */
- u_int trap_reqid;
- /* help text */
- static const char usgtxt[] = "\
- Begemot simple SNMP daemon. Copyright (c) 2001-2002 Fraunhofer Institute for\n\
- Open Communication Systems (FhG Fokus). All rights reserved.\n\
- Copyright (c) 2010 The FreeBSD Foundation. All rights reserved.\n\
- usage: snmpd [-dh] [-c file] [-D options] [-e file] [-I path]\n\
- [-l prefix] [-m variable=value] [-p file]\n\
- options:\n\
- -d don't daemonize\n\
- -h print this info\n\
- -c file specify configuration file\n\
- -D options debugging options\n\
- -e file specify engine id file\n\
- -I path system include path\n\
- -l prefix default basename for pid and config file\n\
- -m var=val define variable\n\
- -p file specify pid file\n\
- ";
- /* hosts_access(3) request */
- #ifdef USE_TCPWRAPPERS
- static struct request_info req;
- #endif
- /* transports */
- extern const struct transport_def udp_trans;
- extern const struct transport_def lsock_trans;
- struct transport_list transport_list = TAILQ_HEAD_INITIALIZER(transport_list);
- /* forward declarations */
- static void snmp_printf_func(const char *fmt, ...);
- static void snmp_error_func(const char *err, ...);
- static void snmp_debug_func(const char *err, ...);
- static void asn_error_func(const struct asn_buf *b, const char *err, ...);
- /*
- * Allocate rx/tx buffer. We allocate one byte more for rx.
- */
- void *
- buf_alloc(int tx)
- {
- void *buf;
- if ((buf = malloc(tx ? snmpd.txbuf : snmpd.rxbuf)) == NULL) {
- syslog(LOG_CRIT, "cannot allocate buffer");
- if (tx)
- snmpd_stats.noTxbuf++;
- else
- snmpd_stats.noRxbuf++;
- return (NULL);
- }
- return (buf);
- }
- /*
- * Return the buffer size.
- */
- size_t
- buf_size(int tx)
- {
- return (tx ? snmpd.txbuf : snmpd.rxbuf);
- }
- /*
- * Prepare a PDU for output
- */
- void
- snmp_output(struct snmp_pdu *pdu, u_char *sndbuf, size_t *sndlen,
- const char *dest)
- {
- struct asn_buf resp_b;
- resp_b.asn_ptr = sndbuf;
- resp_b.asn_len = snmpd.txbuf;
- if (snmp_pdu_encode(pdu, &resp_b) != 0) {
- syslog(LOG_ERR, "cannot encode message");
- abort();
- }
- if (debug.dump_pdus) {
- snmp_printf("%s <- ", dest);
- snmp_pdu_dump(pdu);
- }
- *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
- }
- /*
- * Check USM PDU header credentials against local SNMP Engine & users.
- */
- static enum snmp_code
- snmp_pdu_auth_user(struct snmp_pdu *pdu)
- {
- uint64_t etime;
- usm_user = NULL;
- /* un-authenticated snmpEngineId discovery */
- if (pdu->engine.engine_len == 0 && strlen(pdu->user.sec_name) == 0) {
- pdu->engine.engine_len = snmpd_engine.engine_len;
- memcpy(pdu->engine.engine_id, snmpd_engine.engine_id,
- snmpd_engine.engine_len);
- pdu->engine.engine_boots = snmpd_engine.engine_boots;
- pdu->engine.engine_time = snmpd_engine.engine_time;
- pdu->flags |= SNMP_MSG_AUTODISCOVER;
- return (SNMP_CODE_OK);
- }
- if ((usm_user = usm_find_user(pdu->engine.engine_id,
- pdu->engine.engine_len, pdu->user.sec_name)) == NULL ||
- usm_user->status != 1 /* active */)
- return (SNMP_CODE_BADUSER);
- if (usm_user->user_engine_len != snmpd_engine.engine_len ||
- memcmp(usm_user->user_engine_id, snmpd_engine.engine_id,
- snmpd_engine.engine_len) != 0)
- return (SNMP_CODE_BADENGINE);
- pdu->user.priv_proto = usm_user->suser.priv_proto;
- memcpy(pdu->user.priv_key, usm_user->suser.priv_key,
- sizeof(pdu->user.priv_key));
- /* authenticated snmpEngineId discovery */
- if ((pdu->flags & SNMP_MSG_AUTH_FLAG) != 0) {
- etime = (get_ticks() - start_tick) / 100ULL;
- if (etime < INT32_MAX)
- snmpd_engine.engine_time = etime;
- else {
- start_tick = get_ticks();
- set_snmpd_engine();
- snmpd_engine.engine_time = start_tick;
- }
- pdu->user.auth_proto = usm_user->suser.auth_proto;
- memcpy(pdu->user.auth_key, usm_user->suser.auth_key,
- sizeof(pdu->user.auth_key));
- if (pdu->engine.engine_boots == 0 &&
- pdu->engine.engine_time == 0) {
- pdu->flags |= SNMP_MSG_AUTODISCOVER;
- return (SNMP_CODE_OK);
- }
- if (pdu->engine.engine_boots != snmpd_engine.engine_boots ||
- abs(pdu->engine.engine_time - snmpd_engine.engine_time) >
- SNMP_TIME_WINDOW)
- return (SNMP_CODE_NOTINTIME);
- }
- if (((pdu->flags & SNMP_MSG_PRIV_FLAG) != 0 &&
- (pdu->flags & SNMP_MSG_AUTH_FLAG) == 0) ||
- ((pdu->flags & SNMP_MSG_AUTH_FLAG) == 0 &&
- usm_user->suser.auth_proto != SNMP_AUTH_NOAUTH) ||
- ((pdu->flags & SNMP_MSG_PRIV_FLAG) == 0 &&
- usm_user->suser.priv_proto != SNMP_PRIV_NOPRIV))
- return (SNMP_CODE_BADSECLEVEL);
- return (SNMP_CODE_OK);
- }
- /*
- * Check whether access to each of var bindings in the PDU is allowed based
- * on the user credentials against the configured User groups & VACM views.
- */
- enum snmp_code
- snmp_pdu_auth_access(struct snmp_pdu *pdu, int32_t *ip)
- {
- const char *uname;
- int32_t suboid, smodel;
- uint32_t i;
- struct vacm_user *vuser;
- struct vacm_access *acl;
- struct vacm_context *vacmctx;
- struct vacm_view *view;
- /*
- * At least a default context exists if the snmpd_vacm(3) module is
- * running.
- */
- if (SLIST_EMPTY(&vacm_contextlist) ||
- (pdu->flags & SNMP_MSG_AUTODISCOVER) != 0)
- return (SNMP_CODE_OK);
- switch (pdu->version) {
- case SNMP_V1:
- if ((uname = comm_string(community)) == NULL)
- return (SNMP_CODE_FAILED);
- smodel = SNMP_SECMODEL_SNMPv1;
- break;
- case SNMP_V2c:
- if ((uname = comm_string(community)) == NULL)
- return (SNMP_CODE_FAILED);
- smodel = SNMP_SECMODEL_SNMPv2c;
- break;
- case SNMP_V3:
- uname = pdu->user.sec_name;
- if ((smodel = pdu->security_model) != SNMP_SECMODEL_USM)
- return (SNMP_CODE_FAILED);
- /* Compare the PDU context engine id against the agent's */
- if (pdu->context_engine_len != snmpd_engine.engine_len ||
- memcmp(pdu->context_engine, snmpd_engine.engine_id,
- snmpd_engine.engine_len) != 0)
- return (SNMP_CODE_FAILED);
- break;
- default:
- abort();
- }
- SLIST_FOREACH(vuser, &vacm_userlist, vvu)
- if (strcmp(uname, vuser->secname) == 0 &&
- vuser->sec_model == smodel)
- break;
- if (vuser == NULL || vuser->group == NULL)
- return (SNMP_CODE_FAILED);
- /* XXX: shteryana - recheck */
- TAILQ_FOREACH_REVERSE(acl, &vacm_accesslist, vacm_accesslist, vva) {
- if (acl->group != vuser->group)
- continue;
- SLIST_FOREACH(vacmctx, &vacm_contextlist, vcl)
- if (memcmp(vacmctx->ctxname, acl->ctx_prefix,
- acl->ctx_match) == 0)
- goto match;
- }
- return (SNMP_CODE_FAILED);
- match:
- switch (pdu->type) {
- case SNMP_PDU_GET:
- case SNMP_PDU_GETNEXT:
- case SNMP_PDU_GETBULK:
- if ((view = acl->read_view) == NULL)
- return (SNMP_CODE_FAILED);
- break;
- case SNMP_PDU_SET:
- if ((view = acl->write_view) == NULL)
- return (SNMP_CODE_FAILED);
- break;
- case SNMP_PDU_TRAP:
- case SNMP_PDU_INFORM:
- case SNMP_PDU_TRAP2:
- case SNMP_PDU_REPORT:
- if ((view = acl->notify_view) == NULL)
- return (SNMP_CODE_FAILED);
- break;
- case SNMP_PDU_RESPONSE:
- /* NOTREACHED */
- return (SNMP_CODE_FAILED);
- default:
- abort();
- }
- for (i = 0; i < pdu->nbindings; i++) {
- /* XXX - view->mask*/
- suboid = asn_is_suboid(&view->subtree, &pdu->bindings[i].var);
- if ((!suboid && !view->exclude) || (suboid && view->exclude)) {
- *ip = i + 1;
- return (SNMP_CODE_FAILED);
- }
- }
- return (SNMP_CODE_OK);
- }
- /*
- * SNMP input. Start: decode the PDU, find the user or community.
- */
- enum snmpd_input_err
- snmp_input_start(const u_char *buf, size_t len, const char *source,
- struct snmp_pdu *pdu, int32_t *ip, size_t *pdulen)
- {
- struct asn_buf b;
- enum snmp_code code;
- enum snmpd_input_err ret;
- int sret;
- /* update uptime */
- this_tick = get_ticks();
- b.asn_cptr = buf;
- b.asn_len = len;
- /* look whether we have enough bytes for the entire PDU. */
- switch (sret = snmp_pdu_snoop(&b)) {
- case 0:
- return (SNMPD_INPUT_TRUNC);
- case -1:
- snmpd_stats.inASNParseErrs++;
- return (SNMPD_INPUT_FAILED);
- }
- b.asn_len = *pdulen = (size_t)sret;
- memset(pdu, 0, sizeof(*pdu));
- if ((code = snmp_pdu_decode_header(&b, pdu)) != SNMP_CODE_OK)
- goto decoded;
- if (pdu->version == SNMP_V3) {
- if (pdu->security_model != SNMP_SECMODEL_USM) {
- code = SNMP_CODE_FAILED;
- goto decoded;
- }
- if ((code = snmp_pdu_auth_user(pdu)) != SNMP_CODE_OK)
- goto decoded;
- if ((code = snmp_pdu_decode_secmode(&b, pdu)) != SNMP_CODE_OK)
- goto decoded;
- }
- code = snmp_pdu_decode_scoped(&b, pdu, ip);
- ret = SNMPD_INPUT_OK;
- decoded:
- snmpd_stats.inPkts++;
- switch (code) {
- case SNMP_CODE_FAILED:
- snmpd_stats.inASNParseErrs++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADVERS:
- bad_vers:
- snmpd_stats.inBadVersions++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADLEN:
- if (pdu->type == SNMP_OP_SET)
- ret = SNMPD_INPUT_VALBADLEN;
- break;
- case SNMP_CODE_OORANGE:
- if (pdu->type == SNMP_OP_SET)
- ret = SNMPD_INPUT_VALRANGE;
- break;
- case SNMP_CODE_BADENC:
- if (pdu->type == SNMP_OP_SET)
- ret = SNMPD_INPUT_VALBADENC;
- break;
- case SNMP_CODE_BADSECLEVEL:
- snmpd_usmstats.unsupported_seclevels++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_NOTINTIME:
- snmpd_usmstats.not_in_time_windows++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADUSER:
- snmpd_usmstats.unknown_users++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADENGINE:
- snmpd_usmstats.unknown_engine_ids++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADDIGEST:
- snmpd_usmstats.wrong_digests++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_EDECRYPT:
- snmpd_usmstats.decrypt_errors++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_OK:
- switch (pdu->version) {
- case SNMP_V1:
- if (!(snmpd.version_enable & VERS_ENABLE_V1))
- goto bad_vers;
- break;
- case SNMP_V2c:
- if (!(snmpd.version_enable & VERS_ENABLE_V2C))
- goto bad_vers;
- break;
- case SNMP_V3:
- if (!(snmpd.version_enable & VERS_ENABLE_V3))
- goto bad_vers;
- break;
- case SNMP_Verr:
- goto bad_vers;
- }
- break;
- }
- if (debug.dump_pdus) {
- snmp_printf("%s -> ", source);
- snmp_pdu_dump(pdu);
- }
- /*
- * Look, whether we know the community or user
- */
- if (pdu->version != SNMP_V3) {
- TAILQ_FOREACH(comm, &community_list, link)
- if (comm->string != NULL &&
- strcmp(comm->string, pdu->community) == 0)
- break;
- if (comm == NULL) {
- snmpd_stats.inBadCommunityNames++;
- snmp_pdu_free(pdu);
- if (snmpd.auth_traps)
- snmp_send_trap(&oid_authenticationFailure,
- (struct snmp_value *)NULL);
- ret = SNMPD_INPUT_BAD_COMM;
- } else
- community = comm->value;
- } else if (pdu->nbindings == 0) {
- /* RFC 3414 - snmpEngineID Discovery */
- if (strlen(pdu->user.sec_name) == 0) {
- asn_append_oid(&(pdu->bindings[pdu->nbindings++].var),
- &oid_usmUnknownEngineIDs);
- pdu->context_engine_len = snmpd_engine.engine_len;
- memcpy(pdu->context_engine, snmpd_engine.engine_id,
- snmpd_engine.engine_len);
- } else if (pdu->engine.engine_boots == 0 &&
- pdu->engine.engine_time == 0) {
- asn_append_oid(&(pdu->bindings[pdu->nbindings++].var),
- &oid_usmNotInTimeWindows);
- pdu->engine.engine_boots = snmpd_engine.engine_boots;
- pdu->engine.engine_time = snmpd_engine.engine_time;
- }
- } else if (usm_user->suser.auth_proto != SNMP_AUTH_NOAUTH &&
- (pdu->engine.engine_boots == 0 || pdu->engine.engine_time == 0)) {
- snmpd_usmstats.not_in_time_windows++;
- ret = SNMP_CODE_FAILED;
- }
- if ((code = snmp_pdu_auth_access(pdu, ip)) != SNMP_CODE_OK)
- ret = SNMP_CODE_FAILED;
- return (ret);
- }
- /*
- * Will return only _OK or _FAILED
- */
- enum snmpd_input_err
- snmp_input_finish(struct snmp_pdu *pdu, const u_char *rcvbuf, size_t rcvlen,
- u_char *sndbuf, size_t *sndlen, const char *source,
- enum snmpd_input_err ierr, int32_t ivar, void *data)
- {
- struct snmp_pdu resp;
- struct asn_buf resp_b, pdu_b;
- enum snmp_ret ret;
- resp_b.asn_ptr = sndbuf;
- resp_b.asn_len = snmpd.txbuf;
- pdu_b.asn_cptr = rcvbuf;
- pdu_b.asn_len = rcvlen;
- if (ierr != SNMPD_INPUT_OK) {
- /* error decoding the input of a SET */
- if (pdu->version == SNMP_V1)
- pdu->error_status = SNMP_ERR_BADVALUE;
- else if (ierr == SNMPD_INPUT_VALBADLEN)
- pdu->error_status = SNMP_ERR_WRONG_LENGTH;
- else if (ierr == SNMPD_INPUT_VALRANGE)
- pdu->error_status = SNMP_ERR_WRONG_VALUE;
- else
- pdu->error_status = SNMP_ERR_WRONG_ENCODING;
- pdu->error_index = ivar;
- if (snmp_make_errresp(pdu, &pdu_b, &resp_b) == SNMP_RET_IGN) {
- syslog(LOG_WARNING, "could not encode error response");
- snmpd_stats.silentDrops++;
- return (SNMPD_INPUT_FAILED);
- }
- if (debug.dump_pdus) {
- snmp_printf("%s <- ", source);
- snmp_pdu_dump(pdu);
- }
- *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
- return (SNMPD_INPUT_OK);
- }
- switch (pdu->type) {
- case SNMP_PDU_GET:
- ret = snmp_get(pdu, &resp_b, &resp, data);
- break;
- case SNMP_PDU_GETNEXT:
- ret = snmp_getnext(pdu, &resp_b, &resp, data);
- break;
- case SNMP_PDU_SET:
- ret = snmp_set(pdu, &resp_b, &resp, data);
- break;
- case SNMP_PDU_GETBULK:
- ret = snmp_getbulk(pdu, &resp_b, &resp, data);
- break;
- default:
- ret = SNMP_RET_IGN;
- break;
- }
- switch (ret) {
- case SNMP_RET_OK:
- /* normal return - send a response */
- if (debug.dump_pdus) {
- snmp_printf("%s <- ", source);
- snmp_pdu_dump(&resp);
- }
- *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
- snmp_pdu_free(&resp);
- return (SNMPD_INPUT_OK);
- case SNMP_RET_IGN:
- /* error - send nothing */
- snmpd_stats.silentDrops++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_RET_ERR:
- /* error - send error response. The snmp routine has
- * changed the error fields in the original message. */
- resp_b.asn_ptr = sndbuf;
- resp_b.asn_len = snmpd.txbuf;
- if (snmp_make_errresp(pdu, &pdu_b, &resp_b) == SNMP_RET_IGN) {
- syslog(LOG_WARNING, "could not encode error response");
- snmpd_stats.silentDrops++;
- return (SNMPD_INPUT_FAILED);
- } else {
- if (debug.dump_pdus) {
- snmp_printf("%s <- ", source);
- snmp_pdu_dump(pdu);
- }
- *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
- return (SNMPD_INPUT_OK);
- }
- }
- abort();
- }
- /*
- * Insert a port into the right place in the transport's table of ports
- */
- void
- trans_insert_port(struct transport *t, struct tport *port)
- {
- struct tport *p;
- TAILQ_FOREACH(p, &t->table, link) {
- if (asn_compare_oid(&p->index, &port->index) > 0) {
- TAILQ_INSERT_BEFORE(p, port, link);
- return;
- }
- }
- port->transport = t;
- TAILQ_INSERT_TAIL(&t->table, port, link);
- }
- /*
- * Remove a port from a transport's list
- */
- void
- trans_remove_port(struct tport *port)
- {
- TAILQ_REMOVE(&port->transport->table, port, link);
- }
- /*
- * Find a port on a transport's list
- */
- struct tport *
- trans_find_port(struct transport *t, const struct asn_oid *idx, u_int sub)
- {
- return (FIND_OBJECT_OID(&t->table, idx, sub));
- }
- /*
- * Find next port on a transport's list
- */
- struct tport *
- trans_next_port(struct transport *t, const struct asn_oid *idx, u_int sub)
- {
- return (NEXT_OBJECT_OID(&t->table, idx, sub));
- }
- /*
- * Return first port
- */
- struct tport *
- trans_first_port(struct transport *t)
- {
- return (TAILQ_FIRST(&t->table));
- }
- /*
- * Iterate through all ports until a function returns a 0.
- */
- struct tport *
- trans_iter_port(struct transport *t, int (*func)(struct tport *, intptr_t),
- intptr_t arg)
- {
- struct tport *p;
- TAILQ_FOREACH(p, &t->table, link)
- if (func(p, arg) == 0)
- return (p);
- return (NULL);
- }
- /*
- * Register a transport
- */
- int
- trans_register(const struct transport_def *def, struct transport **pp)
- {
- u_int i;
- char or_descr[256];
- if ((*pp = malloc(sizeof(**pp))) == NULL)
- return (SNMP_ERR_GENERR);
- /* construct index */
- (*pp)->index.len = strlen(def->name) + 1;
- (*pp)->index.subs[0] = strlen(def->name);
- for (i = 0; i < (*pp)->index.subs[0]; i++)
- (*pp)->index.subs[i + 1] = def->name[i];
- (*pp)->vtab = def;
- if (FIND_OBJECT_OID(&transport_list, &(*pp)->index, 0) != NULL) {
- free(*pp);
- return (SNMP_ERR_INCONS_VALUE);
- }
- /* register module */
- snprintf(or_descr, sizeof(or_descr), "%s transport mapping", def->name);
- if (((*pp)->or_index = or_register(&def->id, or_descr, NULL)) == 0) {
- free(*pp);
- return (SNMP_ERR_GENERR);
- }
- INSERT_OBJECT_OID((*pp), &transport_list);
- TAILQ_INIT(&(*pp)->table);
- return (SNMP_ERR_NOERROR);
- }
- /*
- * Unregister transport
- */
- int
- trans_unregister(struct transport *t)
- {
- if (!TAILQ_EMPTY(&t->table))
- return (SNMP_ERR_INCONS_VALUE);
- or_unregister(t->or_index);
- TAILQ_REMOVE(&transport_list, t, link);
- return (SNMP_ERR_NOERROR);
- }
- /*
- * File descriptor support
- */
- #ifdef USE_LIBBEGEMOT
- static void
- input(int fd, int mask __unused, void *uap)
- #else
- static void
- input(evContext ctx __unused, void *uap, int fd, int mask __unused)
- #endif
- {
- struct fdesc *f = uap;
- (*f->func)(fd, f->udata);
- }
- void
- fd_suspend(void *p)
- {
- struct fdesc *f = p;
- #ifdef USE_LIBBEGEMOT
- if (f->id >= 0) {
- poll_unregister(f->id);
- f->id = -1;
- }
- #else
- if (evTestID(f->id)) {
- (void)evDeselectFD(evctx, f->id);
- evInitID(&f->id);
- }
- #endif
- }
- int
- fd_resume(void *p)
- {
- struct fdesc *f = p;
- int err;
- #ifdef USE_LIBBEGEMOT
- if (f->id >= 0)
- return (0);
- if ((f->id = poll_register(f->fd, input, f, POLL_IN)) < 0) {
- err = errno;
- syslog(LOG_ERR, "select fd %d: %m", f->fd);
- errno = err;
- return (-1);
- }
- #else
- if (evTestID(f->id))
- return (0);
- if (evSelectFD(evctx, f->fd, EV_READ, input, f, &f->id)) {
- err = errno;
- syslog(LOG_ERR, "select fd %d: %m", f->fd);
- errno = err;
- return (-1);
- }
- #endif
- return (0);
- }
- void *
- fd_select(int fd, void (*func)(int, void *), void *udata, struct lmodule *mod)
- {
- struct fdesc *f;
- int err;
- if ((f = malloc(sizeof(struct fdesc))) == NULL) {
- err = errno;
- syslog(LOG_ERR, "fd_select: %m");
- errno = err;
- return (NULL);
- }
- f->fd = fd;
- f->func = func;
- f->udata = udata;
- f->owner = mod;
- #ifdef USE_LIBBEGEMOT
- f->id = -1;
- #else
- evInitID(&f->id);
- #endif
- if (fd_resume(f)) {
- err = errno;
- free(f);
- errno = err;
- return (NULL);
- }
- LIST_INSERT_HEAD(&fdesc_list, f, link);
- return (f);
- }
- void
- fd_deselect(void *p)
- {
- struct fdesc *f = p;
- LIST_REMOVE(f, link);
- fd_suspend(f);
- free(f);
- }
- static void
- fd_flush(struct lmodule *mod)
- {
- struct fdesc *t, *t1;
- t = LIST_FIRST(&fdesc_list);
- while (t != NULL) {
- t1 = LIST_NEXT(t, link);
- if (t->owner == mod)
- fd_deselect(t);
- t = t1;
- }
- }
- /*
- * Consume a message from the input buffer
- */
- static void
- snmp_input_consume(struct port_input *pi)
- {
- if (!pi->stream) {
- /* always consume everything */
- pi->length = 0;
- return;
- }
- if (pi->consumed >= pi->length) {
- /* all bytes consumed */
- pi->length = 0;
- return;
- }
- memmove(pi->buf, pi->buf + pi->consumed, pi->length - pi->consumed);
- pi->length -= pi->consumed;
- }
- static void
- check_priv_dgram(struct port_input *pi, struct sockcred *cred)
- {
- /* process explicitly sends credentials */
- if (cred)
- pi->priv = (cred->sc_euid == 0);
- else
- pi->priv = 0;
- }
- static void
- check_priv_stream(struct port_input *pi)
- {
- struct xucred ucred;
- socklen_t ucredlen;
- /* obtain the accept time credentials */
- ucredlen = sizeof(ucred);
- if (getsockopt(pi->fd, 0, LOCAL_PEERCRED, &ucred, &ucredlen) == 0 &&
- ucredlen >= sizeof(ucred) && ucred.cr_version == XUCRED_VERSION)
- pi->priv = (ucred.cr_uid == 0);
- else
- pi->priv = 0;
- }
- /*
- * Input from a stream socket.
- */
- static int
- recv_stream(struct port_input *pi)
- {
- struct msghdr msg;
- struct iovec iov[1];
- ssize_t len;
- if (pi->buf == NULL) {
- /* no buffer yet - allocate one */
- if ((pi->buf = buf_alloc(0)) == NULL) {
- /* ups - could not get buffer. Return an error
- * the caller must close the transport. */
- return (-1);
- }
- pi->buflen = buf_size(0);
- pi->consumed = 0;
- pi->length = 0;
- }
- /* try to get a message */
- msg.msg_name = pi->peer;
- msg.msg_namelen = pi->peerlen;
- msg.msg_iov = iov;
- msg.msg_iovlen = 1;
- msg.msg_control = NULL;
- msg.msg_controllen = 0;
- msg.msg_flags = 0;
- iov[0].iov_base = pi->buf + pi->length;
- iov[0].iov_len = pi->buflen - pi->length;
- len = recvmsg(pi->fd, &msg, 0);
- if (len == -1 || len == 0)
- /* receive error */
- return (-1);
- pi->length += len;
- if (pi->cred)
- check_priv_stream(pi);
- return (0);
- }
- /*
- * Input from a datagram socket.
- * Each receive should return one datagram.
- */
- static int
- recv_dgram(struct port_input *pi, struct in_addr *laddr)
- {
- u_char embuf[1000];
- char cbuf[CMSG_SPACE(SOCKCREDSIZE(CMGROUP_MAX)) +
- CMSG_SPACE(sizeof(struct in_addr))];
- struct msghdr msg;
- struct iovec iov[1];
- ssize_t len;
- struct cmsghdr *cmsg;
- struct sockcred *cred = NULL;
- if (pi->buf == NULL) {
- /* no buffer yet - allocate one */
- if ((pi->buf = buf_alloc(0)) == NULL) {
- /* ups - could not get buffer. Read away input
- * and drop it */
- (void)recvfrom(pi->fd, embuf, sizeof(embuf),
- 0, NULL, NULL);
- /* return error */
- return (-1);
- }
- pi->buflen = buf_size(0);
- }
- /* try to get a message */
- msg.msg_name = pi->peer;
- msg.msg_namelen = pi->peerlen;
- msg.msg_iov = iov;
- msg.msg_iovlen = 1;
- memset(cbuf, 0, sizeof(cbuf));
- msg.msg_control = cbuf;
- msg.msg_controllen = sizeof(cbuf);
- msg.msg_flags = 0;
- iov[0].iov_base = pi->buf;
- iov[0].iov_len = pi->buflen;
- len = recvmsg(pi->fd, &msg, 0);
- if (len == -1 || len == 0)
- /* receive error */
- return (-1);
- if (msg.msg_flags & MSG_TRUNC) {
- /* truncated - drop */
- snmpd_stats.silentDrops++;
- snmpd_stats.inTooLong++;
- return (-1);
- }
- pi->length = (size_t)len;
- for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
- cmsg = CMSG_NXTHDR(&msg, cmsg)) {
- if (cmsg->cmsg_level == IPPROTO_IP &&
- cmsg->cmsg_type == IP_RECVDSTADDR)
- memcpy(laddr, CMSG_DATA(cmsg), sizeof(struct in_addr));
- if (cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_CREDS)
- cred = (struct sockcred *)CMSG_DATA(cmsg);
- }
- if (pi->cred)
- check_priv_dgram(pi, cred);
- return (0);
- }
- /*
- * Input from a socket
- */
- int
- snmpd_input(struct port_input *pi, struct tport *tport)
- {
- u_char *sndbuf;
- size_t sndlen;
- struct snmp_pdu pdu;
- enum snmpd_input_err ierr, ferr;
- enum snmpd_proxy_err perr;
- int32_t vi;
- int ret;
- ssize_t slen;
- #ifdef USE_TCPWRAPPERS
- char client[16];
- #endif
- struct msghdr msg;
- struct iovec iov[1];
- char cbuf[CMSG_SPACE(sizeof(struct in_addr))];
- struct cmsghdr *cmsgp;
- /* get input depending on the transport */
- if (pi->stream) {
- msg.msg_control = NULL;
- msg.msg_controllen = 0;
- ret = recv_stream(pi);
- } else {
- struct in_addr *laddr;
- memset(cbuf, 0, CMSG_SPACE(sizeof(struct in_addr)));
- msg.msg_control = cbuf;
- msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
- cmsgp = CMSG_FIRSTHDR(&msg);
- cmsgp->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
- cmsgp->cmsg_level = IPPROTO_IP;
- cmsgp->cmsg_type = IP_SENDSRCADDR;
- laddr = (struct in_addr *)CMSG_DATA(cmsgp);
-
- ret = recv_dgram(pi, laddr);
- if (laddr->s_addr == 0) {
- msg.msg_control = NULL;
- msg.msg_controllen = 0;
- }
- }
- if (ret == -1)
- return (-1);
- #ifdef USE_TCPWRAPPERS
- /*
- * In case of AF_INET{6} peer, do hosts_access(5) check.
- */
- if (pi->peer->sa_family != AF_LOCAL &&
- inet_ntop(pi->peer->sa_family,
- &((const struct sockaddr_in *)(const void *)pi->peer)->sin_addr,
- client, sizeof(client)) != NULL) {
- request_set(&req, RQ_CLIENT_ADDR, client, 0);
- if (hosts_access(&req) == 0) {
- syslog(LOG_ERR, "refused connection from %.500s",
- eval_client(&req));
- return (-1);
- }
- } else if (pi->peer->sa_family != AF_LOCAL)
- syslog(LOG_ERR, "inet_ntop(): %m");
- #endif
- /*
- * Handle input
- */
- ierr = snmp_input_start(pi->buf, pi->length, "SNMP", &pdu, &vi,
- &pi->consumed);
- if (ierr == SNMPD_INPUT_TRUNC) {
- /* need more bytes. This is ok only for streaming transports.
- * but only if we have not reached bufsiz yet. */
- if (pi->stream) {
- if (pi->length == buf_size(0)) {
- snmpd_stats.silentDrops++;
- return (-1);
- }
- return (0);
- }
- snmpd_stats.silentDrops++;
- return (-1);
- }
- /* can't check for bad SET pdus here, because a proxy may have to
- * check the access first. We don't want to return an error response
- * to a proxy PDU with a wrong community */
- if (ierr == SNMPD_INPUT_FAILED) {
- /* for streaming transports this is fatal */
- if (pi->stream)
- return (-1);
- snmp_input_consume(pi);
- return (0);
- }
- if (ierr == SNMPD_INPUT_BAD_COMM) {
- snmp_input_consume(pi);
- return (0);
- }
- /*
- * If that is a module community and the module has a proxy function,
- * the hand it over to the module.
- */
- if (comm != NULL && comm->owner != NULL &&
- comm->owner->config->proxy != NULL) {
- perr = (*comm->owner->config->proxy)(&pdu, tport->transport,
- &tport->index, pi->peer, pi->peerlen, ierr, vi,
- !pi->cred || pi->priv);
- switch (perr) {
- case SNMPD_PROXY_OK:
- snmp_input_consume(pi);
- return (0);
- case SNMPD_PROXY_REJ:
- break;
- case SNMPD_PROXY_DROP:
- snmp_input_consume(pi);
- snmp_pdu_free(&pdu);
- snmpd_stats.proxyDrops++;
- return (0);
- case SNMPD_PROXY_BADCOMM:
- snmp_input_consume(pi);
- snmp_pdu_free(&pdu);
- snmpd_stats.inBadCommunityNames++;
- if (snmpd.auth_traps)
- snmp_send_trap(&oid_authenticationFailure,
- (struct snmp_value *)NULL);
- return (0);
- case SNMPD_PROXY_BADCOMMUSE:
- snmp_input_consume(pi);
- snmp_pdu_free(&pdu);
- snmpd_stats.inBadCommunityUses++;
- if (snmpd.auth_traps)
- snmp_send_trap(&oid_authenticationFailure,
- (struct snmp_value *)NULL);
- return (0);
- }
- }
- /*
- * Check type
- */
- if (pdu.type == SNMP_PDU_RESPONSE ||
- pdu.type == SNMP_PDU_TRAP ||
- pdu.type == SNMP_PDU_TRAP2) {
- snmpd_stats.silentDrops++;
- snmpd_stats.inBadPduTypes++;
- snmp_pdu_free(&pdu);
- snmp_input_consume(pi);
- return (0);
- }
- /*
- * Check community
- */
- if (pdu.version < SNMP_V3 &&
- ((pi->cred && !pi->priv && pdu.type == SNMP_PDU_SET) ||
- (community != COMM_WRITE &&
- (pdu.type == SNMP_PDU_SET || community != COMM_READ)))) {
- snmpd_stats.inBadCommunityUses++;
- snmp_pdu_free(&pdu);
- snmp_input_consume(pi);
- if (snmpd.auth_traps)
- snmp_send_trap(&oid_authenticationFailure,
- (struct snmp_value *)NULL);
- return (0);
- }
- /*
- * Execute it.
- */
- if ((sndbuf = buf_alloc(1)) == NULL) {
- snmpd_stats.silentDrops++;
- snmp_pdu_free(&pdu);
- snmp_input_consume(pi);
- return (0);
- }
- ferr = snmp_input_finish(&pdu, pi->buf, pi->length,
- sndbuf, &sndlen, "SNMP", ierr, vi, NULL);
- if (ferr == SNMPD_INPUT_OK) {
- msg.msg_name = pi->peer;
- msg.msg_namelen = pi->peerlen;
- msg.msg_iov = iov;
- msg.msg_iovlen = 1;
- msg.msg_flags = 0;
- iov[0].iov_base = sndbuf;
- iov[0].iov_len = sndlen;
- slen = sendmsg(pi->fd, &msg, 0);
- if (slen == -1)
- syslog(LOG_ERR, "sendmsg: %m");
- else if ((size_t)slen != sndlen)
- syslog(LOG_ERR, "sendmsg: short write %zu/%zu",
- sndlen, (size_t)slen);
- }
- snmp_pdu_free(&pdu);
- free(sndbuf);
- snmp_input_consume(pi);
- return (0);
- }
- /*
- * Send a PDU to a given port
- */
- void
- snmp_send_port(void *targ, const struct asn_oid *port, struct snmp_pdu *pdu,
- const struct sockaddr *addr, socklen_t addrlen)
- {
- struct transport *trans = targ;
- struct tport *tp;
- u_char *sndbuf;
- size_t sndlen;
- ssize_t len;
- TAILQ_FOREACH(tp, &trans->table, link)
- if (asn_compare_oid(port, &tp->index) == 0)
- break;
- if (tp == 0)
- return;
- if ((sndbuf = buf_alloc(1)) == NULL)
- return;
- snmp_output(pdu, sndbuf, &sndlen, "SNMP PROXY");
- len = trans->vtab->send(tp, sndbuf, sndlen, addr, addrlen);
- if (len == -1)
- syslog(LOG_ERR, "sendto: %m");
- else if ((size_t)len != sndlen)
- syslog(LOG_ERR, "sendto: short write %zu/%zu",
- sndlen, (size_t)len);
- free(sndbuf);
- }
- /*
- * Close an input source
- */
- void
- snmpd_input_close(struct port_input *pi)
- {
- if (pi->id != NULL)
- fd_deselect(pi->id);
- if (pi->fd >= 0)
- (void)close(pi->fd);
- if (pi->buf != NULL)
- free(pi->buf);
- }
- /*
- * Dump internal state.
- */
- #ifdef USE_LIBBEGEMOT
- static void
- info_func(void)
- #else
- static void
- info_func(evContext ctx __unused, void *uap __unused, const void *tag __unused)
- #endif
- {
- struct lmodule *m;
- u_int i;
- char buf[10000];
- syslog(LOG_DEBUG, "Dump of SNMPd %lu\n", (u_long)getpid());
- for (i = 0; i < tree_size; i++) {
- switch (tree[i].type) {
- case SNMP_NODE_LEAF:
- sprintf(buf, "LEAF: %s %s", tree[i].name,
- asn_oid2str(&tree[i].oid));
- break;
- case SNMP_NODE_COLUMN:
- sprintf(buf, "COL: %s %s", tree[i].name,
- asn_oid2str(&tree[i].oid));
- break;
- }
- syslog(LOG_DEBUG, "%s", buf);
- }
- TAILQ_FOREACH(m, &lmodules, link)
- if (m->config->dump)
- (*m->config->dump)();
- }
- /*
- * Re-read configuration
- */
- #ifdef USE_LIBBEGEMOT
- static void
- config_func(void)
- #else
- static void
- config_func(evContext ctx __unused, void *uap __unused,
- const void *tag __unused)
- #endif
- {
- struct lmodule *m;
- if (read_config(config_file, NULL)) {
- syslog(LOG_ERR, "error reading config file '%s'", config_file);
- return;
- }
- TAILQ_FOREACH(m, &lmodules, link)
- if (m->config->config)
- (*m->config->config)();
- }
- /*
- * On USR1 dump actual configuration.
- */
- static void
- onusr1(int s __unused)
- {
- work |= WORK_DOINFO;
- }
- static void
- onhup(int s __unused)
- {
- work |= WORK_RECONFIG;
- }
- static void
- onterm(int s __unused)
- {
- /* allow clean-up */
- exit(0);
- }
- static void
- init_sigs(void)
- {
- struct sigaction sa;
- sa.sa_handler = onusr1;
- sa.sa_flags = SA_RESTART;
- sigemptyset(&sa.sa_mask);
- if (sigaction(SIGUSR1, &sa, NULL)) {
- syslog(LOG_ERR, "sigaction: %m");
- exit(1);
- }
- sa.sa_handler = onhup;
- if (sigaction(SIGHUP, &sa, NULL)) {
- syslog(LOG_ERR, "sigaction: %m");
- exit(1);
- }
- sa.sa_handler = onterm;
- sa.sa_flags = 0;
- sigemptyset(&sa.sa_mask);
- if (sigaction(SIGTERM, &sa, NULL)) {
- syslog(LOG_ERR, "sigaction: %m");
- exit(1);
- }
- if (sigaction(SIGINT, &sa, NULL)) {
- syslog(LOG_ERR, "sigaction: %m");
- exit(1);
- }
- }
- static void
- block_sigs(void)
- {
- sigset_t set;
- sigfillset(&set);
- if (sigprocmask(SIG_BLOCK, &set, &blocked_sigs) == -1) {
- syslog(LOG_ERR, "SIG_BLOCK: %m");
- exit(1);
- }
- }
- static void
- unblock_sigs(void)
- {
- if (sigprocmask(SIG_SETMASK, &blocked_sigs, NULL) == -1) {
- syslog(LOG_ERR, "SIG_SETMASK: %m");
- exit(1);
- }
- }
- /*
- * Shut down
- */
- static void
- term(void)
- {
- (void)unlink(pid_file);
- }
- static void
- trans_stop(void)
- {
- struct transport *t;
- TAILQ_FOREACH(t, &transport_list, link)
- (void)t->vtab->stop(1);
- }
- /*
- * Define a macro from the command line
- */
- static void
- do_macro(char *arg)
- {
- char *eq;
- int err;
- if ((eq = strchr(arg, '=')) == NULL)
- err = define_macro(arg, "");
- else {
- *eq++ = '\0';
- err = define_macro(arg, eq);
- }
- if (err == -1) {
- syslog(LOG_ERR, "cannot save macro: %m");
- exit(1);
- }
- }
- /*
- * Re-implement getsubopt from scratch, because the second argument is broken
- * and will not compile with WARNS=5.
- */
- static int
- getsubopt1(char **arg, const char *const *options, char **valp, char **optp)
- {
- static const char *const delim = ",\t ";
- u_int i;
- char *ptr;
- *optp = NULL;
- /* skip leading junk */
- for (ptr = *arg; *ptr != '\0'; ptr++)
- if (strchr(delim, *ptr) == NULL)
- break;
- if (*ptr == '\0') {
- *arg = ptr;
- return (-1);
- }
- *optp = ptr;
- /* find the end of the option */
- while (*++ptr != '\0')
- if (strchr(delim, *ptr) != NULL || *ptr == '=')
- break;
- if (*ptr != '\0') {
- if (*ptr == '=') {
- *ptr++ = '\0';
- *valp = ptr;
- while (*ptr != '\0' && strchr(delim, *ptr) == NULL)
- ptr++;
- if (*ptr != '\0')
- *ptr++ = '\0';
- } else
- *ptr++ = '\0';
- }
- *arg = ptr;
- for (i = 0; *options != NULL; options++, i++)
- if (strcmp(*optp, *options) == 0)
- return (i);
- return (-1);
- }
- int
- main(int argc, char *argv[])
- {
- int opt;
- FILE *fp;
- int background = 1;
- struct tport *p;
- const char *prefix = "snmpd";
- struct lmodule *m;
- char *value = NULL, *option; /* XXX */
- struct transport *t;
- #define DBG_DUMP 0
- #define DBG_EVENTS 1
- #define DBG_TRACE 2
- static const char *const debug_opts[] = {
- "dump",
- "events",
- "trace",
- NULL
- };
- snmp_printf = snmp_printf_func;
- snmp_error = snmp_error_func;
- snmp_debug = snmp_debug_func;
- asn_error = asn_error_func;
- while ((opt = getopt(argc, argv, "c:dD:e:hI:l:m:p:")) != EOF)
- switch (opt) {
- case 'c':
- strlcpy(config_file, optarg, sizeof(config_file));
- break;
- case 'd':
- background = 0;
- break;
- case 'D':
- while (*optarg) {
- switch (getsubopt1(&optarg, debug_opts,
- &value, &option)) {
- case DBG_DUMP:
- debug.dump_pdus = 1;
- break;
- case DBG_EVENTS:
- debug.evdebug++;
- break;
- case DBG_TRACE:
- if (value == NULL)
- syslog(LOG_ERR,
- "no value for 'trace'");
- else
- snmp_trace = strtoul(value,
- NULL, 0);
- break;
- case -1:
- if (suboptarg)
- syslog(LOG_ERR,
- "unknown debug flag '%s'",
- option);
- else
- syslog(LOG_ERR,
- "missing debug flag");
- break;
- }
- }
- break;
- case 'e':
- strlcpy(engine_file, optarg, sizeof(engine_file));
- break;
- case 'h':
- fprintf(stderr, "%s", usgtxt);
- exit(0);
- case 'I':
- syspath = optarg;
- break;
- case 'l':
- prefix = optarg;
- break;
- case 'm':
- do_macro(optarg);
- break;
- case 'p':
- strlcpy(pid_file, optarg, sizeof(pid_file));
- break;
- }
- openlog(prefix, LOG_PID | (background ? 0 : LOG_PERROR), LOG_USER);
- setlogmask(LOG_UPTO(debug.logpri - 1));
- if (background && daemon(0, 0) < 0) {
- syslog(LOG_ERR, "daemon: %m");
- exit(1);
- }
- argc -= optind;
- argv += optind;
- progargs = argv;
- nprogargs = argc;
- srandomdev();
- snmp_serial_no = random();
- #ifdef USE_TCPWRAPPERS
- /*
- * Initialize hosts_access(3) handler.
- */
- request_init(&req, RQ_DAEMON, "snmpd", 0);
- sock_methods(&req);
- #endif
- /*
- * Initialize the tree.
- */
- if ((tree = malloc(sizeof(struct snmp_node) * CTREE_SIZE)) == NULL) {
- syslog(LOG_ERR, "%m");
- exit(1);
- }
- memcpy(tree, ctree, sizeof(struct snmp_node) * CTREE_SIZE);
- tree_size = CTREE_SIZE;
- /*
- * Get standard communities
- */
- (void)comm_define(1, "SNMP read", NULL, NULL);
- (void)comm_define(2, "SNMP write", NULL, NULL);
- community = COMM_INITIALIZE;
- trap_reqid = reqid_allocate(512, NULL);
- if (config_file[0] == '\0')
- snprintf(config_file, sizeof(config_file), PATH_CONFIG, prefix);
- init_actvals();
- init_snmpd_engine();
- this_tick = get_ticks();
- start_tick = this_tick;
- /* start transports */
- if (atexit(trans_stop) == -1) {
- syslog(LOG_ERR, "atexit failed: %m");
- exit(1);
- }
- if (udp_trans.start() != SNMP_ERR_NOERROR)
- syslog(LOG_WARNING, "cannot start UDP transport");
- if (lsock_trans.start() != SNMP_ERR_NOERROR)
- syslog(LOG_WARNING, "cannot start LSOCK transport");
- #ifdef USE_LIBBEGEMOT
- if (debug.evdebug > 0)
- rpoll_trace = 1;
- #else
- if (evCreate(&evctx)) {
- syslog(LOG_ERR, "evCreate: %m");
- exit(1);
- }
- if (debug.evdebug > 0)
- evSetDebug(evctx, 10, stderr);
- #endif
- if (engine_file[0] == '\0')
- snprintf(engine_file, sizeof(engine_file), PATH_ENGINE, prefix);
- if (read_config(config_file, NULL)) {
- syslog(LOG_ERR, "error in config file");
- exit(1);
- }
- TAILQ_FOREACH(t, &transport_list, link)
- TAILQ_FOREACH(p, &t->table, link)
- t->vtab->init_port(p);
- init_sigs();
- if (pid_file[0] == '\0')
- snprintf(pid_file, sizeof(pid_file), PATH_PID, prefix);
- if ((fp = fopen(pid_file, "w")) != NULL) {
- fprintf(fp, "%u", getpid());
- fclose(fp);
- if (atexit(term) == -1) {
- syslog(LOG_ERR, "atexit failed: %m");
- (void)remove(pid_file);
- exit(0);
- }
- }
- if (or_register(&oid_snmpMIB, "The MIB module for SNMPv2 entities.",
- NULL) == 0) {
- syslog(LOG_ERR, "cannot register SNMPv2 MIB");
- exit(1);
- }
- if (or_register(&oid_begemotSnmpd, "The MIB module for the Begemot SNMPd.",
- NULL) == 0) {
- syslog(LOG_ERR, "cannot register begemotSnmpd MIB");
- exit(1);
- }
- while ((m = TAILQ_FIRST(&modules_start)) != NULL) {
- m->flags &= ~LM_ONSTARTLIST;
- TAILQ_REMOVE(&modules_start, m, start);
- lm_start(m);
- }
- snmp_send_trap(&oid_coldStart, (struct snmp_value *)NULL);
- for (;;) {
- #ifndef USE_LIBBEGEMOT
- evEvent event;
- #endif
- struct lmodule *mod;
- TAILQ_FOREACH(mod, &lmodules, link)
- if (mod->config->idle != NULL)
- (*mod->config->idle)();
- #ifndef USE_LIBBEGEMOT
- if (evGetNext(evctx, &event, EV_WAIT) == 0) {
- if (evDispatch(evctx, event))
- syslog(LOG_ERR, "evDispatch: %m");
- } else if (errno != EINTR) {
- syslog(LOG_ERR, "evGetNext: %m");
- exit(1);
- }
- #else
- poll_dispatch(1);
- #endif
- if (work != 0) {
- block_sigs();
- if (work & WORK_DOINFO) {
- #ifdef USE_LIBBEGEMOT
- info_func();
- #else
- if (evWaitFor(evctx, &work, info_func,
- NULL, NULL) == -1) {
- syslog(LOG_ERR, "evWaitFor: %m");
- exit(1);
- }
- #endif
- }
- if (work & WORK_RECONFIG) {
- #ifdef USE_LIBBEGEMOT
- config_func();
- #else
- if (evWaitFor(evctx, &work, config_func,
- NULL, NULL) == -1) {
- syslog(LOG_ERR, "evWaitFor: %m");
- exit(1);
- }
- #endif
- }
- work = 0;
- unblock_sigs();
- #ifndef USE_LIBBEGEMOT
- if (evDo(evctx, &work) == -1) {
- syslog(LOG_ERR, "evDo: %m");
- exit(1);
- }
- #endif
- }
- }
- return (0);
- }
- uint64_t
- get_ticks(void)
- {
- struct timeval tv;
- uint64_t ret;
- if (gettimeofday(&tv, NULL))
- abort();
- ret = tv.tv_sec * 100ULL + tv.tv_usec / 10000ULL;
- return (ret);
- }
- /*
- * Timer support
- */
- /*
- * Trampoline for the non-repeatable timers.
- */
- #ifdef USE_LIBBEGEMOT
- static void
- tfunc(int tid __unused, void *uap)
- #else
- static void
- tfunc(evContext ctx __unused, void *uap, struct timespec due __unused,
- struct timespec inter __unused)
- #endif
- {
- struct timer *tp = uap;
- LIST_REMOVE(tp, link);
- tp->func(tp->udata);
- free(tp);
- }
- /*
- * Trampoline for the repeatable timers.
- */
- #ifdef USE_LIBBEGEMOT
- static void
- trfunc(int tid __unused, void *uap)
- #else
- static void
- trfunc(evContext ctx __unused, void *uap, struct timespec due __unused,
- struct timespec inter __unused)
- #endif
- {
- struct timer *tp = uap;
- tp->func(tp->udata);
- }
- /*
- * Start a one-shot timer
- */
- void *
- timer_start(u_int ticks, void (*func)(void *), void *udata, struct lmodule *mod)
- {
- struct timer *tp;
- #ifndef USE_LIBBEGEMOT
- struct timespec due;
- #endif
- if ((tp = malloc(sizeof(struct timer))) == NULL) {
- syslog(LOG_CRIT, "out of memory for timer");
- exit(1);
- }
- #ifndef USE_LIBBEGEMOT
- due = evAddTime(evNowTime(),
- evConsTime(ticks / 100, (ticks % 100) * 10000));
- #endif
- tp->udata = udata;
- tp->owner = mod;
- tp->func = func;
- LIST_INSERT_HEAD(&timer_list, tp, link);
- #ifdef USE_LIBBEGEMOT
- if ((tp->id = poll_start_timer(ticks * 10, 0, tfunc, tp)) < 0) {
- syslog(LOG_ERR, "cannot set timer: %m");
- exit(1);
- }
- #else
- if (evSetTimer(evctx, tfunc, tp, due, evConsTime(0, 0), &tp->id)
- == -1) {
- syslog(LOG_ERR, "cannot set timer: %m");
- exit(1);
- }
- #endif
- return (tp);
- }
- /*
- * Start a repeatable timer. When used with USE_LIBBEGEMOT the first argument
- * is currently ignored and the initial number of ticks is set to the
- * repeat number of ticks.
- */
- void *
- timer_start_repeat(u_int ticks __unused, u_int repeat_ticks,
- void (*func)(void *), void *udata, struct lmodule *mod)
- {
- struct timer *tp;
- #ifndef USE_LIBBEGEMOT
- struct timespec due;
- struct timespec inter;
- #endif
- if ((tp = malloc(sizeof(struct timer))) == NULL) {
- syslog(LOG_CRIT, "out of memory for timer");
- exit(1);
- }
- #ifndef USE_LIBBEGEMOT
- due = evAddTime(evNowTime(),
- evConsTime(ticks / 100, (ticks % 100) * 10000));
- inter = evConsTime(repeat_ticks / 100, (repeat_ticks % 100) * 10000);
- #endif
- tp->udata = udata;
- tp->owner = mod;
- tp->func = func;
- LIST_INSERT_HEAD(&timer_list, tp, link);
- #ifdef USE_LIBBEGEMOT
- if ((tp->id = poll_start_timer(repeat_ticks * 10, 1, trfunc, tp)) < 0) {
- syslog(LOG_ERR, "cannot set timer: %m");
- exit(1);
- }
- #else
- if (evSetTimer(evctx, trfunc, tp, due, inter, &tp->id) == -1) {
- syslog(LOG_ERR, "cannot set timer: %m");
- exit(1);
- }
- #endif
- return (tp);
- }
- /*
- * Stop a timer.
- */
- void
- timer_stop(void *p)
- {
- struct timer *tp = p;
- LIST_REMOVE(tp, link);
- #ifdef USE_LIBBEGEMOT
- poll_stop_timer(tp->id);
- #else
- if (evClearTimer(evctx, tp->id) == -1) {
- syslog(LOG_ERR, "cannot stop timer: %m");
- exit(1);
- }
- #endif
- free(p);
- }
- static void
- timer_flush(struct lmodule *mod)
- {
- struct timer *t, *t1;
- t = LIST_FIRST(&timer_list);
- while (t != NULL) {
- t1 = LIST_NEXT(t, link);
- if (t->owner == mod)
- timer_stop(t);
- t = t1;
- }
- }
- static void
- snmp_printf_func(const char *fmt, ...)
- {
- va_list ap;
- static char *pend = NULL;
- char *ret, *new;
- va_start(ap, fmt);
- vasprintf(&ret, fmt, ap);
- va_end(ap);
- if (ret == NULL)
- return;
- if (pend != NULL) {
- if ((new = realloc(pend, strlen(pend) + strlen(ret) + 1))
- == NULL) {
- free(ret);
- return;
- }
- pend = new;
- strcat(pend, ret);
- free(ret);
- } else
- pend = ret;
- while ((ret = strchr(pend, '\n')) != NULL) {
- *ret = '\0';
- syslog(LOG_DEBUG, "%s", pend);
- if (strlen(ret + 1) == 0) {
- free(pend);
- pend = NULL;
- break;
- }
- strcpy(pend, ret + 1);
- }
- }
- static void
- snmp_error_func(const char *err, ...)
- {
- char errbuf[1000];
- va_list ap;
- if (!(snmp_trace & LOG_SNMP_ERRORS))
- return;
- va_start(ap, err);
- snprintf(errbuf, sizeof(errbuf), "SNMP: ");
- vsnprintf(errbuf + strlen(errbuf),
- sizeof(errbuf) - strlen(errbuf), err, ap);
- va_end(ap);
- syslog(LOG_ERR, "%s", errbuf);
- }
- static void
- snmp_debug_func(const char *err, ...)
- {
- char errbuf[1000];
- va_list ap;
- va_start(ap, err);
- snprintf(errbuf, sizeof(errbuf), "SNMP: ");
- vsnprintf(errbuf+strlen(errbuf), sizeof(errbuf)-strlen(errbuf),
- err, ap);
- va_end(ap);
- syslog(LOG_DEBUG, "%s", errbuf);
- }
- static void
- asn_error_func(const struct asn_buf *b, const char *err, ...)
- {
- char errbuf[1000];
- va_list ap;
- u_int i;
- if (!(snmp_trace & LOG_ASN1_ERRORS))
- return;
- va_start(ap, err);
- snprintf(errbuf, sizeof(errbuf), "ASN.1: ");
- vsnprintf(errbuf + strlen(errbuf),
- sizeof(errbuf) - strlen(errbuf), err, ap);
- va_end(ap);
- if (b != NULL) {
- snprintf(errbuf + strlen(errbuf),
- sizeof(errbuf) - strlen(errbuf), " at");
- for (i = 0; b->asn_len > i; i++)
- snprintf(errbuf + strlen(errbuf),
- sizeof(errbuf) - strlen(errbuf),
- " %02x", b->asn_cptr[i]);
- }
- syslog(LOG_ERR, "%s", errbuf);
- }
- /*
- * Create a new community
- */
- u_int
- comm_define(u_int priv, const char *descr, struct lmodule *owner,
- const char *str)
- {
- struct community *c, *p;
- u_int ncomm;
- /* generate an identifier */
- do {
- if ((ncomm = next_community_index++) == UINT_MAX)
- next_community_index = 1;
- TAILQ_FOREACH(c, &community_list, link)
- if (c->value == ncomm)
- break;
- } while (c != NULL);
- if ((c = malloc(sizeof(struct community))) == NULL) {
- syslog(LOG_ERR, "comm_define: %m");
- return (0);
- }
- c->owner = owner;
- c->value = ncomm;
- c->descr = descr;
- c->string = NULL;
- c->private = priv;
- if (str != NULL) {
- if((c->string = malloc(strlen(str)+1)) == NULL) {
- free(c);
- return (0);
- }
- strcpy(c->string, str);
- }
- /* make index */
- if (c->owner == NULL) {
- c->index.len = 1;
- c->index.subs[0] = 0;
- } else {
- c->index = c->owner->index;
- }
- c->index.subs[c->index.len++] = c->private;
- /*
- * Insert ordered
- */
- TAILQ_FOREACH(p, &community_list, link) {
- if (asn_compare_oid(&p->index, &c->index) > 0) {
- TAILQ_INSERT_BEFORE(p, c, link);
- break;
- }
- }
- if (p == NULL)
- TAILQ_INSERT_TAIL(&community_list, c, link);
- return (c->value);
- }
- const char *
- comm_string(u_int ncomm)
- {
- struct community *p;
- TAILQ_FOREACH(p, &community_list, link)
- if (p->value == ncomm)
- return (p->string);
- return (NULL);
- }
- /*
- * Delete all communities allocated by a module
- */
- static void
- comm_flush(struct lmodule *mod)
- {
- struct community *p, *p1;
- p = TAILQ_FIRST(&community_list);
- while (p != NULL) {
- p1 = TAILQ_NEXT(p, link);
- if (p->owner == mod) {
- free(p->string);
- TAILQ_REMOVE(&community_list, p, link);
- free(p);
- }
- p = p1;
- }
- }
- /*
- * Request ID handling.
- *
- * Allocate a new range of request ids. Use a first fit algorithm.
- */
- u_int
- reqid_allocate(int size, struct lmodule *mod)
- {
- u_int type;
- struct idrange *r, *r1;
- if (size <= 0 || size > INT32_MAX) {
- syslog(LOG_CRIT, "%s: size out of range: %d", __func__, size);
- return (0);
- }
- /* allocate a type id */
- do {
- if ((type = next_idrange++) == UINT_MAX)
- next_idrange = 1;
- TAILQ_FOREACH(r, &idrange_list, link)
- if (r->type == type)
- break;
- } while(r != NULL);
- /* find a range */
- if (TAILQ_EMPTY(&idr…