/contrib/bsnmp/snmpd/main.c
C | 3277 lines | 2434 code | 513 blank | 330 comment | 652 complexity | 0688c8abe78f8fe7c0eac9a3c53b4665 MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception, BSD-3-Clause, LGPL-2.0, LGPL-2.1, BSD-2-Clause, 0BSD, JSON, AGPL-1.0, GPL-2.0
- /*
- * Copyright (c) 2001-2003
- * Fraunhofer Institute for Open Communication Systems (FhG Fokus).
- * All rights reserved.
- *
- * Author: Harti Brandt <harti@freebsd.org>
- *
- * Copyright (c) 2010 The FreeBSD Foundation
- * All rights reserved.
- *
- * Portions of this software were developed by Shteryana Sotirova Shopova
- * under sponsorship from the FreeBSD Foundation.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Begemot: bsnmp/snmpd/main.c,v 1.100 2006/02/14 09:04:20 brandt_h Exp $
- *
- * SNMPd main stuff.
- */
- #include <sys/queue.h>
- #include <sys/param.h>
- #include <sys/un.h>
- #include <sys/ucred.h>
- #include <sys/uio.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <stddef.h>
- #include <string.h>
- #include <stdarg.h>
- #include <ctype.h>
- #include <errno.h>
- #include <syslog.h>
- #include <unistd.h>
- #include <signal.h>
- #include <dlfcn.h>
- #include <inttypes.h>
- #ifdef USE_TCPWRAPPERS
- #include <arpa/inet.h>
- #include <tcpd.h>
- #endif
- #include "support.h"
- #include "snmpmod.h"
- #include "snmpd.h"
- #include "tree.h"
- #include "oid.h"
- #define PATH_PID "/var/run/%s.pid"
- #define PATH_CONFIG "/etc/%s.config"
- #define PATH_ENGINE "/var/%s.engine"
- uint64_t this_tick; /* start of processing of current packet (absolute) */
- uint64_t start_tick; /* start of processing */
- struct systemg systemg = {
- NULL,
- { 8, { 1, 3, 6, 1, 4, 1, 1115, 7352 }},
- NULL, NULL, NULL,
- 64 + 8 + 4,
- 0
- };
- struct debug debug = {
- 0, /* dump_pdus */
- LOG_DEBUG, /* log_pri */
- 0, /* evdebug */
- };
- struct snmpd snmpd = {
- 2048, /* txbuf */
- 2048, /* rxbuf */
- 0, /* comm_dis */
- 0, /* auth_traps */
- {0, 0, 0, 0}, /* trap1addr */
- VERS_ENABLE_ALL,/* version_enable */
- };
- struct snmpd_stats snmpd_stats;
- struct snmpd_usmstat snmpd_usmstats;
- /* snmpEngine */
- struct snmp_engine snmpd_engine;
- /* snmpSerialNo */
- int32_t snmp_serial_no;
- struct snmpd_target_stats snmpd_target_stats;
- /* search path for config files */
- const char *syspath = PATH_SYSCONFIG;
- /* list of all loaded modules */
- struct lmodules lmodules = TAILQ_HEAD_INITIALIZER(lmodules);
- /* list of loaded modules during start-up in the order they were loaded */
- static struct lmodules modules_start = TAILQ_HEAD_INITIALIZER(modules_start);
- /* list of all known communities */
- struct community_list community_list = TAILQ_HEAD_INITIALIZER(community_list);
- /* list of all known USM users */
- struct usm_userlist usm_userlist = SLIST_HEAD_INITIALIZER(usm_userlist);
- /* A list of all VACM users configured, including v1, v2c and v3 */
- struct vacm_userlist vacm_userlist = SLIST_HEAD_INITIALIZER(vacm_userlist);
- /* A list of all VACM groups */
- struct vacm_grouplist vacm_grouplist = SLIST_HEAD_INITIALIZER(vacm_grouplist);
- static struct vacm_group vacm_default_group = {
- .groupname = "",
- };
- /* The list of configured access entries */
- struct vacm_accesslist vacm_accesslist = TAILQ_HEAD_INITIALIZER(vacm_accesslist);
- /* The list of configured views */
- struct vacm_viewlist vacm_viewlist = SLIST_HEAD_INITIALIZER(vacm_viewlist);
- /* The list of configured contexts */
- struct vacm_contextlist vacm_contextlist =
- SLIST_HEAD_INITIALIZER(vacm_contextlist);
- /* list of all installed object resources */
- struct objres_list objres_list = TAILQ_HEAD_INITIALIZER(objres_list);
- /* community value generator */
- static u_int next_community_index = 1;
- /* list of all known ranges */
- struct idrange_list idrange_list = TAILQ_HEAD_INITIALIZER(idrange_list);
- /* identifier generator */
- u_int next_idrange = 1;
- /* list of all current timers */
- struct timer_list timer_list = LIST_HEAD_INITIALIZER(timer_list);
- /* list of file descriptors */
- struct fdesc_list fdesc_list = LIST_HEAD_INITIALIZER(fdesc_list);
- /* program arguments */
- static char **progargs;
- static int nprogargs;
- /* current community */
- u_int community;
- static struct community *comm;
- /* current USM user */
- struct usm_user *usm_user;
- /* file names */
- static char config_file[MAXPATHLEN + 1];
- static char pid_file[MAXPATHLEN + 1];
- char engine_file[MAXPATHLEN + 1];
- #ifndef USE_LIBBEGEMOT
- /* event context */
- static evContext evctx;
- #endif
- /* signal mask */
- static sigset_t blocked_sigs;
- /* signal handling */
- static int work;
- #define WORK_DOINFO 0x0001
- #define WORK_RECONFIG 0x0002
- /* oids */
- static const struct asn_oid
- oid_snmpMIB = OIDX_snmpMIB,
- oid_begemotSnmpd = OIDX_begemotSnmpd,
- oid_coldStart = OIDX_coldStart,
- oid_authenticationFailure = OIDX_authenticationFailure;
- const struct asn_oid oid_zeroDotZero = { 2, { 0, 0 }};
- const struct asn_oid oid_usmUnknownEngineIDs =
- { 11, { 1, 3, 6, 1, 6, 3, 15, 1, 1, 4, 0}};
- const struct asn_oid oid_usmNotInTimeWindows =
- { 11, { 1, 3, 6, 1, 6, 3, 15, 1, 1, 2, 0}};
- /* request id generator for traps */
- u_int trap_reqid;
- /* help text */
- static const char usgtxt[] = "\
- Begemot simple SNMP daemon. Copyright (c) 2001-2002 Fraunhofer Institute for\n\
- Open Communication Systems (FhG Fokus). All rights reserved.\n\
- Copyright (c) 2010 The FreeBSD Foundation. All rights reserved.\n\
- usage: snmpd [-dh] [-c file] [-D options] [-e file] [-I path]\n\
- [-l prefix] [-m variable=value] [-p file]\n\
- options:\n\
- -d don't daemonize\n\
- -h print this info\n\
- -c file specify configuration file\n\
- -D options debugging options\n\
- -e file specify engine id file\n\
- -I path system include path\n\
- -l prefix default basename for pid and config file\n\
- -m var=val define variable\n\
- -p file specify pid file\n\
- ";
- /* hosts_access(3) request */
- #ifdef USE_TCPWRAPPERS
- static struct request_info req;
- #endif
- /* transports */
- extern const struct transport_def udp_trans;
- extern const struct transport_def lsock_trans;
- struct transport_list transport_list = TAILQ_HEAD_INITIALIZER(transport_list);
- /* forward declarations */
- static void snmp_printf_func(const char *fmt, ...);
- static void snmp_error_func(const char *err, ...);
- static void snmp_debug_func(const char *err, ...);
- static void asn_error_func(const struct asn_buf *b, const char *err, ...);
- /*
- * Allocate rx/tx buffer. We allocate one byte more for rx.
- */
- void *
- buf_alloc(int tx)
- {
- void *buf;
- if ((buf = malloc(tx ? snmpd.txbuf : snmpd.rxbuf)) == NULL) {
- syslog(LOG_CRIT, "cannot allocate buffer");
- if (tx)
- snmpd_stats.noTxbuf++;
- else
- snmpd_stats.noRxbuf++;
- return (NULL);
- }
- return (buf);
- }
- /*
- * Return the buffer size.
- */
- size_t
- buf_size(int tx)
- {
- return (tx ? snmpd.txbuf : snmpd.rxbuf);
- }
- /*
- * Prepare a PDU for output
- */
- void
- snmp_output(struct snmp_pdu *pdu, u_char *sndbuf, size_t *sndlen,
- const char *dest)
- {
- struct asn_buf resp_b;
- resp_b.asn_ptr = sndbuf;
- resp_b.asn_len = snmpd.txbuf;
- if (snmp_pdu_encode(pdu, &resp_b) != 0) {
- syslog(LOG_ERR, "cannot encode message");
- abort();
- }
- if (debug.dump_pdus) {
- snmp_printf("%s <- ", dest);
- snmp_pdu_dump(pdu);
- }
- *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
- }
- /*
- * Check USM PDU header credentials against local SNMP Engine & users.
- */
- static enum snmp_code
- snmp_pdu_auth_user(struct snmp_pdu *pdu)
- {
- uint64_t etime;
- usm_user = NULL;
- /* un-authenticated snmpEngineId discovery */
- if (pdu->engine.engine_len == 0 && strlen(pdu->user.sec_name) == 0) {
- pdu->engine.engine_len = snmpd_engine.engine_len;
- memcpy(pdu->engine.engine_id, snmpd_engine.engine_id,
- snmpd_engine.engine_len);
- pdu->engine.engine_boots = snmpd_engine.engine_boots;
- pdu->engine.engine_time = snmpd_engine.engine_time;
- pdu->flags |= SNMP_MSG_AUTODISCOVER;
- return (SNMP_CODE_OK);
- }
- if ((usm_user = usm_find_user(pdu->engine.engine_id,
- pdu->engine.engine_len, pdu->user.sec_name)) == NULL ||
- usm_user->status != 1 /* active */)
- return (SNMP_CODE_BADUSER);
- if (usm_user->user_engine_len != snmpd_engine.engine_len ||
- memcmp(usm_user->user_engine_id, snmpd_engine.engine_id,
- snmpd_engine.engine_len) != 0)
- return (SNMP_CODE_BADENGINE);
- pdu->user.priv_proto = usm_user->suser.priv_proto;
- memcpy(pdu->user.priv_key, usm_user->suser.priv_key,
- sizeof(pdu->user.priv_key));
- /* authenticated snmpEngineId discovery */
- if ((pdu->flags & SNMP_MSG_AUTH_FLAG) != 0) {
- etime = (get_ticks() - start_tick) / 100ULL;
- if (etime < INT32_MAX)
- snmpd_engine.engine_time = etime;
- else {
- start_tick = get_ticks();
- set_snmpd_engine();
- snmpd_engine.engine_time = start_tick;
- }
- pdu->user.auth_proto = usm_user->suser.auth_proto;
- memcpy(pdu->user.auth_key, usm_user->suser.auth_key,
- sizeof(pdu->user.auth_key));
- if (pdu->engine.engine_boots == 0 &&
- pdu->engine.engine_time == 0) {
- pdu->flags |= SNMP_MSG_AUTODISCOVER;
- return (SNMP_CODE_OK);
- }
- if (pdu->engine.engine_boots != snmpd_engine.engine_boots ||
- abs(pdu->engine.engine_time - snmpd_engine.engine_time) >
- SNMP_TIME_WINDOW)
- return (SNMP_CODE_NOTINTIME);
- }
- if (((pdu->flags & SNMP_MSG_PRIV_FLAG) != 0 &&
- (pdu->flags & SNMP_MSG_AUTH_FLAG) == 0) ||
- ((pdu->flags & SNMP_MSG_AUTH_FLAG) == 0 &&
- usm_user->suser.auth_proto != SNMP_AUTH_NOAUTH) ||
- ((pdu->flags & SNMP_MSG_PRIV_FLAG) == 0 &&
- usm_user->suser.priv_proto != SNMP_PRIV_NOPRIV))
- return (SNMP_CODE_BADSECLEVEL);
- return (SNMP_CODE_OK);
- }
- /*
- * Check whether access to each of var bindings in the PDU is allowed based
- * on the user credentials against the configured User groups & VACM views.
- */
- enum snmp_code
- snmp_pdu_auth_access(struct snmp_pdu *pdu, int32_t *ip)
- {
- const char *uname;
- int32_t suboid, smodel;
- uint32_t i;
- struct vacm_user *vuser;
- struct vacm_access *acl;
- struct vacm_context *vacmctx;
- struct vacm_view *view;
- /*
- * At least a default context exists if the snmpd_vacm(3) module is
- * running.
- */
- if (SLIST_EMPTY(&vacm_contextlist) ||
- (pdu->flags & SNMP_MSG_AUTODISCOVER) != 0)
- return (SNMP_CODE_OK);
- switch (pdu->version) {
- case SNMP_V1:
- if ((uname = comm_string(community)) == NULL)
- return (SNMP_CODE_FAILED);
- smodel = SNMP_SECMODEL_SNMPv1;
- break;
- case SNMP_V2c:
- if ((uname = comm_string(community)) == NULL)
- return (SNMP_CODE_FAILED);
- smodel = SNMP_SECMODEL_SNMPv2c;
- break;
- case SNMP_V3:
- uname = pdu->user.sec_name;
- if ((smodel = pdu->security_model) != SNMP_SECMODEL_USM)
- return (SNMP_CODE_FAILED);
- /* Compare the PDU context engine id against the agent's */
- if (pdu->context_engine_len != snmpd_engine.engine_len ||
- memcmp(pdu->context_engine, snmpd_engine.engine_id,
- snmpd_engine.engine_len) != 0)
- return (SNMP_CODE_FAILED);
- break;
- default:
- abort();
- }
- SLIST_FOREACH(vuser, &vacm_userlist, vvu)
- if (strcmp(uname, vuser->secname) == 0 &&
- vuser->sec_model == smodel)
- break;
- if (vuser == NULL || vuser->group == NULL)
- return (SNMP_CODE_FAILED);
- /* XXX: shteryana - recheck */
- TAILQ_FOREACH_REVERSE(acl, &vacm_accesslist, vacm_accesslist, vva) {
- if (acl->group != vuser->group)
- continue;
- SLIST_FOREACH(vacmctx, &vacm_contextlist, vcl)
- if (memcmp(vacmctx->ctxname, acl->ctx_prefix,
- acl->ctx_match) == 0)
- goto match;
- }
- return (SNMP_CODE_FAILED);
- match:
- switch (pdu->type) {
- case SNMP_PDU_GET:
- case SNMP_PDU_GETNEXT:
- case SNMP_PDU_GETBULK:
- if ((view = acl->read_view) == NULL)
- return (SNMP_CODE_FAILED);
- break;
- case SNMP_PDU_SET:
- if ((view = acl->write_view) == NULL)
- return (SNMP_CODE_FAILED);
- break;
- case SNMP_PDU_TRAP:
- case SNMP_PDU_INFORM:
- case SNMP_PDU_TRAP2:
- case SNMP_PDU_REPORT:
- if ((view = acl->notify_view) == NULL)
- return (SNMP_CODE_FAILED);
- break;
- case SNMP_PDU_RESPONSE:
- /* NOTREACHED */
- return (SNMP_CODE_FAILED);
- default:
- abort();
- }
- for (i = 0; i < pdu->nbindings; i++) {
- /* XXX - view->mask*/
- suboid = asn_is_suboid(&view->subtree, &pdu->bindings[i].var);
- if ((!suboid && !view->exclude) || (suboid && view->exclude)) {
- *ip = i + 1;
- return (SNMP_CODE_FAILED);
- }
- }
- return (SNMP_CODE_OK);
- }
- /*
- * SNMP input. Start: decode the PDU, find the user or community.
- */
- enum snmpd_input_err
- snmp_input_start(const u_char *buf, size_t len, const char *source,
- struct snmp_pdu *pdu, int32_t *ip, size_t *pdulen)
- {
- struct asn_buf b;
- enum snmp_code code;
- enum snmpd_input_err ret;
- int sret;
- /* update uptime */
- this_tick = get_ticks();
- b.asn_cptr = buf;
- b.asn_len = len;
- /* look whether we have enough bytes for the entire PDU. */
- switch (sret = snmp_pdu_snoop(&b)) {
- case 0:
- return (SNMPD_INPUT_TRUNC);
- case -1:
- snmpd_stats.inASNParseErrs++;
- return (SNMPD_INPUT_FAILED);
- }
- b.asn_len = *pdulen = (size_t)sret;
- memset(pdu, 0, sizeof(*pdu));
- if ((code = snmp_pdu_decode_header(&b, pdu)) != SNMP_CODE_OK)
- goto decoded;
- if (pdu->version == SNMP_V3) {
- if (pdu->security_model != SNMP_SECMODEL_USM) {
- code = SNMP_CODE_FAILED;
- goto decoded;
- }
- if ((code = snmp_pdu_auth_user(pdu)) != SNMP_CODE_OK)
- goto decoded;
- if ((code = snmp_pdu_decode_secmode(&b, pdu)) != SNMP_CODE_OK)
- goto decoded;
- }
- code = snmp_pdu_decode_scoped(&b, pdu, ip);
- ret = SNMPD_INPUT_OK;
- decoded:
- snmpd_stats.inPkts++;
- switch (code) {
- case SNMP_CODE_FAILED:
- snmpd_stats.inASNParseErrs++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADVERS:
- bad_vers:
- snmpd_stats.inBadVersions++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADLEN:
- if (pdu->type == SNMP_OP_SET)
- ret = SNMPD_INPUT_VALBADLEN;
- break;
- case SNMP_CODE_OORANGE:
- if (pdu->type == SNMP_OP_SET)
- ret = SNMPD_INPUT_VALRANGE;
- break;
- case SNMP_CODE_BADENC:
- if (pdu->type == SNMP_OP_SET)
- ret = SNMPD_INPUT_VALBADENC;
- break;
- case SNMP_CODE_BADSECLEVEL:
- snmpd_usmstats.unsupported_seclevels++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_NOTINTIME:
- snmpd_usmstats.not_in_time_windows++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADUSER:
- snmpd_usmstats.unknown_users++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADENGINE:
- snmpd_usmstats.unknown_engine_ids++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_BADDIGEST:
- snmpd_usmstats.wrong_digests++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_EDECRYPT:
- snmpd_usmstats.decrypt_errors++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_CODE_OK:
- switch (pdu->version) {
- case SNMP_V1:
- if (!(snmpd.version_enable & VERS_ENABLE_V1))
- goto bad_vers;
- break;
- case SNMP_V2c:
- if (!(snmpd.version_enable & VERS_ENABLE_V2C))
- goto bad_vers;
- break;
- case SNMP_V3:
- if (!(snmpd.version_enable & VERS_ENABLE_V3))
- goto bad_vers;
- break;
- case SNMP_Verr:
- goto bad_vers;
- }
- break;
- }
- if (debug.dump_pdus) {
- snmp_printf("%s -> ", source);
- snmp_pdu_dump(pdu);
- }
- /*
- * Look, whether we know the community or user
- */
- if (pdu->version != SNMP_V3) {
- TAILQ_FOREACH(comm, &community_list, link)
- if (comm->string != NULL &&
- strcmp(comm->string, pdu->community) == 0)
- break;
- if (comm == NULL) {
- snmpd_stats.inBadCommunityNames++;
- snmp_pdu_free(pdu);
- if (snmpd.auth_traps)
- snmp_send_trap(&oid_authenticationFailure,
- (struct snmp_value *)NULL);
- ret = SNMPD_INPUT_BAD_COMM;
- } else
- community = comm->value;
- } else if (pdu->nbindings == 0) {
- /* RFC 3414 - snmpEngineID Discovery */
- if (strlen(pdu->user.sec_name) == 0) {
- asn_append_oid(&(pdu->bindings[pdu->nbindings++].var),
- &oid_usmUnknownEngineIDs);
- pdu->context_engine_len = snmpd_engine.engine_len;
- memcpy(pdu->context_engine, snmpd_engine.engine_id,
- snmpd_engine.engine_len);
- } else if (pdu->engine.engine_boots == 0 &&
- pdu->engine.engine_time == 0) {
- asn_append_oid(&(pdu->bindings[pdu->nbindings++].var),
- &oid_usmNotInTimeWindows);
- pdu->engine.engine_boots = snmpd_engine.engine_boots;
- pdu->engine.engine_time = snmpd_engine.engine_time;
- }
- } else if (usm_user->suser.auth_proto != SNMP_AUTH_NOAUTH &&
- (pdu->engine.engine_boots == 0 || pdu->engine.engine_time == 0)) {
- snmpd_usmstats.not_in_time_windows++;
- ret = SNMP_CODE_FAILED;
- }
- if ((code = snmp_pdu_auth_access(pdu, ip)) != SNMP_CODE_OK)
- ret = SNMP_CODE_FAILED;
- return (ret);
- }
- /*
- * Will return only _OK or _FAILED
- */
- enum snmpd_input_err
- snmp_input_finish(struct snmp_pdu *pdu, const u_char *rcvbuf, size_t rcvlen,
- u_char *sndbuf, size_t *sndlen, const char *source,
- enum snmpd_input_err ierr, int32_t ivar, void *data)
- {
- struct snmp_pdu resp;
- struct asn_buf resp_b, pdu_b;
- enum snmp_ret ret;
- resp_b.asn_ptr = sndbuf;
- resp_b.asn_len = snmpd.txbuf;
- pdu_b.asn_cptr = rcvbuf;
- pdu_b.asn_len = rcvlen;
- if (ierr != SNMPD_INPUT_OK) {
- /* error decoding the input of a SET */
- if (pdu->version == SNMP_V1)
- pdu->error_status = SNMP_ERR_BADVALUE;
- else if (ierr == SNMPD_INPUT_VALBADLEN)
- pdu->error_status = SNMP_ERR_WRONG_LENGTH;
- else if (ierr == SNMPD_INPUT_VALRANGE)
- pdu->error_status = SNMP_ERR_WRONG_VALUE;
- else
- pdu->error_status = SNMP_ERR_WRONG_ENCODING;
- pdu->error_index = ivar;
- if (snmp_make_errresp(pdu, &pdu_b, &resp_b) == SNMP_RET_IGN) {
- syslog(LOG_WARNING, "could not encode error response");
- snmpd_stats.silentDrops++;
- return (SNMPD_INPUT_FAILED);
- }
- if (debug.dump_pdus) {
- snmp_printf("%s <- ", source);
- snmp_pdu_dump(pdu);
- }
- *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
- return (SNMPD_INPUT_OK);
- }
- switch (pdu->type) {
- case SNMP_PDU_GET:
- ret = snmp_get(pdu, &resp_b, &resp, data);
- break;
- case SNMP_PDU_GETNEXT:
- ret = snmp_getnext(pdu, &resp_b, &resp, data);
- break;
- case SNMP_PDU_SET:
- ret = snmp_set(pdu, &resp_b, &resp, data);
- break;
- case SNMP_PDU_GETBULK:
- ret = snmp_getbulk(pdu, &resp_b, &resp, data);
- break;
- default:
- ret = SNMP_RET_IGN;
- break;
- }
- switch (ret) {
- case SNMP_RET_OK:
- /* normal return - send a response */
- if (debug.dump_pdus) {
- snmp_printf("%s <- ", source);
- snmp_pdu_dump(&resp);
- }
- *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
- snmp_pdu_free(&resp);
- return (SNMPD_INPUT_OK);
- case SNMP_RET_IGN:
- /* error - send nothing */
- snmpd_stats.silentDrops++;
- return (SNMPD_INPUT_FAILED);
- case SNMP_RET_ERR:
- /* error - send error response. The snmp routine has
- * changed the error fields in the original message. */
- resp_b.asn_ptr = sndbuf;
- resp_b.asn_len = snmpd.txbuf;
- if (snmp_make_errresp(pdu, &pdu_b, &resp_b) == SNMP_RET_IGN) {
- syslog(LOG_WARNING, "could not encode error response");
- snmpd_stats.silentDrops++;
- return (SNMPD_INPUT_FAILED);
- } else {
- if (debug.dump_pdus) {
- snmp_printf("%s <- ", source);
- snmp_pdu_dump(pdu);
- }
- *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
- return (SNMPD_INPUT_OK);
- }
- }
- abort();
- }
- /*
- * Insert a port into the right place in the transport's table of ports
- */
- void
- trans_insert_port(struct transport *t, struct tport *port)
- {
- struct tport *p;
- TAILQ_FOREACH(p, &t->table, link) {
- if (asn_compare_oid(&p->index, &port->index) > 0) {
- TAILQ_INSERT_BEFORE(p, port, link);
- return;
- }
- }
- port->transport = t;
- TAILQ_INSERT_TAIL(&t->table, port, link);
- }
- /*
- * Remove a port from a transport's list
- */
- void
- trans_remove_port(struct tport *port)
- {
- TAILQ_REMOVE(&port->transport->table, port, link);
- }
- /*
- * Find a port on a transport's list
- */
- struct tport *
- trans_find_port(struct transport *t, const struct asn_oid *idx, u_int sub)
- {
- return (FIND_OBJECT_OID(&t->table, idx, sub));
- }
- /*
- * Find next port on a transport's list
- */
- struct tport *
- trans_next_port(struct transport *t, const struct asn_oid *idx, u_int sub)
- {
- return (NEXT_OBJECT_OID(&t->table, idx, sub));
- }
- /*
- * Return first port
- */
- struct tport *
- trans_first_port(struct transport *t)
- {
- return (TAILQ_FIRST(&t->table));
- }
- /*
- * Iterate through all ports until a function returns a 0.
- */
- struct tport *
- trans_iter_port(struct transport *t, int (*func)(struct tport *, intptr_t),
- intptr_t arg)
- {
- struct tport *p;
- TAILQ_FOREACH(p, &t->table, link)
- if (func(p, arg) == 0)
- return (p);
- return (NULL);
- }
- /*
- * Register a transport
- */
- int
- trans_register(const struct transport_def *def, struct transport **pp)
- {
- u_int i;
- char or_descr[256];
- if ((*pp = malloc(sizeof(**pp))) == NULL)
- return (SNMP_ERR_GENERR);
- /* construct index */
- (*pp)->index.len = strlen(def->name) + 1;
- (*pp)->index.subs[0] = strlen(def->name);
- for (i = 0; i < (*pp)->index.subs[0]; i++)
- (*pp)->index.subs[i + 1] = def->name[i];
- (*pp)->vtab = def;
- if (FIND_OBJECT_OID(&transport_list, &(*pp)->index, 0) != NULL) {
- free(*pp);
- return (SNMP_ERR_INCONS_VALUE);
- }
- /* register module */
- snprintf(or_descr, sizeof(or_descr), "%s transport mapping", def->name);
- if (((*pp)->or_index = or_register(&def->id, or_descr, NULL)) == 0) {
- free(*pp);
- return (SNMP_ERR_GENERR);
- }
- INSERT_OBJECT_OID((*pp), &transport_list);
- TAILQ_INIT(&(*pp)->table);
- return (SNMP_ERR_NOERROR);
- }
- /*
- * Unregister transport
- */
- int
- trans_unregister(struct transport *t)
- {
- if (!TAILQ_EMPTY(&t->table))
- return (SNMP_ERR_INCONS_VALUE);
- or_unregister(t->or_index);
- TAILQ_REMOVE(&transport_list, t, link);
- return (SNMP_ERR_NOERROR);
- }
- /*
- * File descriptor support
- */
- #ifdef USE_LIBBEGEMOT
- static void
- input(int fd, int mask __unused, void *uap)
- #else
- static void
- input(evContext ctx __unused, void *uap, int fd, int mask __unused)
- #endif
- {
- struct fdesc *f = uap;
- (*f->func)(fd, f->udata);
- }
- void
- fd_suspend(void *p)
- {
- struct fdesc *f = p;
- #ifdef USE_LIBBEGEMOT
- if (f->id >= 0) {
- poll_unregister(f->id);
- f->id = -1;
- }
- #else
- if (evTestID(f->id)) {
- (void)evDeselectFD(evctx, f->id);
- evInitID(&f->id);
- }
- #endif
- }
- int
- fd_resume(void *p)
- {
- struct fdesc *f = p;
- int err;
- #ifdef USE_LIBBEGEMOT
- if (f->id >= 0)
- return (0);
- if ((f->id = poll_register(f->fd, input, f, POLL_IN)) < 0) {
- err = errno;
- syslog(LOG_ERR, "select fd %d: %m", f->fd);
- errno = err;
- return (-1);
- }
- #else
- if (evTestID(f->id))
- return (0);
- if (evSelectFD(evctx, f->fd, EV_READ, input, f, &f->id)) {
- err = errno;
- syslog(LOG_ERR, "select fd %d: %m", f->fd);
- errno = err;
- return (-1);
- }
- #endif
- return (0);
- }
- void *
- fd_select(int fd, void (*func)(int, void *), void *udata, struct lmodule *mod)
- {
- struct fdesc *f;
- int err;
- if ((f = malloc(sizeof(struct fdesc))) == NULL) {
- err = errno;
- syslog(LOG_ERR, "fd_select: %m");
- errno = err;
- return (NULL);
- }
- f->fd = fd;
- f->func = func;
- f->udata = udata;
- f->owner = mod;
- #ifdef USE_LIBBEGEMOT
- f->id = -1;
- #else
- evInitID(&f->id);
- #endif
- if (fd_resume(f)) {
- err = errno;
- free(f);
- errno = err;
- return (NULL);
- }
- LIST_INSERT_HEAD(&fdesc_list, f, link);
- return (f);
- }
- void
- fd_deselect(void *p)
- {
- struct fdesc *f = p;
- LIST_REMOVE(f, link);
- fd_suspend(f);
- free(f);
- }
- static void
- fd_flush(struct lmodule *mod)
- {
- struct fdesc *t, *t1;
- t = LIST_FIRST(&fdesc_list);
- while (t != NULL) {
- t1 = LIST_NEXT(t, link);
- if (t->owner == mod)
- fd_deselect(t);
- t = t1;
- }
- }
- /*
- * Consume a message from the input buffer
- */
- static void
- snmp_input_consume(struct port_input *pi)
- {
- if (!pi->stream) {
- /* always consume everything */
- pi->length = 0;
- return;
- }
- if (pi->consumed >= pi->length) {
- /* all bytes consumed */
- pi->length = 0;
- return;
- }
- memmove(pi->buf, pi->buf + pi->consumed, pi->length - pi->consumed);
- pi->length -= pi->consumed;
- }
- static void
- check_priv_dgram(struct port_input *pi, struct sockcred *cred)
- {
- /* process explicitly sends credentials */
- if (cred)
- pi->priv = (cred->sc_euid == 0);
- else
- pi->priv = 0;
- }
- static void
- check_priv_stream(struct port_input *pi)
- {
- struct xucred ucred;
- socklen_t ucredlen;
- /* obtain the accept time credentials */
- ucredlen = sizeof(ucred);
- if (getsockopt(pi->fd, 0, LOCAL_PEERCRED, &ucred, &ucredlen) == 0 &&
- ucredlen >= sizeof(ucred) && ucred.cr_version == XUCRED_VERSION)
- pi->priv = (ucred.cr_uid == 0);
- else
- pi->priv = 0;
- }
- /*
- * Input from a stream socket.
- */
- static int
- recv_stream(struct port_input *pi)
- {
- struct msghdr msg;
- struct iovec iov[1];
- ssize_t len;
- if (pi->buf == NULL) {
- /* no buffer yet - allocate one */
- if ((pi->buf = buf_alloc(0)) == NULL) {
- /* ups - could not get buffer. Return an error
- * the caller must close the transport. */
- return (-1);
- }
- pi->buflen = buf_size(0);
- pi->consumed = 0;
- pi->length = 0;
- }
- /* try to get a message */
- msg.msg_name = pi->peer;
- msg.msg_namelen = pi->peerlen;
- msg.msg_iov = iov;
- msg.msg_iovlen = 1;
- msg.msg_control = NULL;
- msg.msg_controllen = 0;
- msg.msg_flags = 0;
- iov[0].iov_base = pi->buf + pi->length;
- iov[0].iov_len = pi->buflen - pi->length;
- len = recvmsg(pi->fd, &msg, 0);
- if (len == -1 || len == 0)
- /* receive error */
- return (-1);
- pi->length += len;
- if (pi->cred)
- check_priv_stream(pi);
- return (0);
- }
- /*
- * Input from a datagram socket.
- * Each receive should return one datagram.
- */
- static int
- recv_dgram(struct port_input *pi, struct in_addr *laddr)
- {
- u_char embuf[1000];
- char cbuf[CMSG_SPACE(SOCKCREDSIZE(CMGROUP_MAX)) +
- CMSG_SPACE(sizeof(struct in_addr))];
- struct msghdr msg;
- struct iovec iov[1];
- ssize_t len;
- struct cmsghdr *cmsg;
- struct sockcred *cred = NULL;
- if (pi->buf == NULL) {
- /* no buffer yet - allocate one */
- if ((pi->buf = buf_alloc(0)) == NULL) {
- /* ups - could not get buffer. Read away input
- * and drop it */
- (void)recvfrom(pi->fd, embuf, sizeof(embuf),
- 0, NULL, NULL);
- /* return error */
- return (-1);
- }
- pi->buflen = buf_size(0);
- }
- /* try to get a message */
- msg.msg_name = pi->peer;
- msg.msg_namelen = pi->peerlen;
- msg.msg_iov = iov;
- msg.msg_iovlen = 1;
- memset(cbuf, 0, sizeof(cbuf));
- msg.msg_control = cbuf;
- msg.msg_controllen = sizeof(cbuf);
- msg.msg_flags = 0;
- iov[0].iov_base = pi->buf;
- iov[0].iov_len = pi->buflen;
- len = recvmsg(pi->fd, &msg, 0);
- if (len == -1 || len == 0)
- /* receive error */
- return (-1);
- if (msg.msg_flags & MSG_TRUNC) {
- /* truncated - drop */
- snmpd_stats.silentDrops++;
- snmpd_stats.inTooLong++;
- return (-1);
- }
- pi->length = (size_t)len;
- for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
- cmsg = CMSG_NXTHDR(&msg, cmsg)) {
- if (cmsg->cmsg_level == IPPROTO_IP &&
- cmsg->cmsg_type == IP_RECVDSTADDR)
- memcpy(laddr, CMSG_DATA(cmsg), sizeof(struct in_addr));
- if (cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_CREDS)
- cred = (struct sockcred *)CMSG_DATA(cmsg);
- }
- if (pi->cred)
- check_priv_dgram(pi, cred);
- return (0);
- }
- /*
- * Input from a socket
- */
- int
- snmpd_input(struct port_input *pi, struct tport *tport)
- {
- u_char *sndbuf;
- size_t sndlen;
- struct snmp_pdu pdu;
- enum snmpd_input_err ierr, ferr;
- enum snmpd_proxy_err perr;
- int32_t vi;
- int ret;
- ssize_t slen;
- #ifdef USE_TCPWRAPPERS
- char client[16];
- #endif
- struct msghdr msg;
- struct iovec iov[1];
- char cbuf[CMSG_SPACE(sizeof(struct in_addr))];
- struct cmsghdr *cmsgp;
- /* get input depending on the transport */
- if (pi->stream) {
- msg.msg_control = NULL;
- msg.msg_controllen = 0;
- ret = recv_stream(pi);
- } else {
- struct in_addr *laddr;
- memset(cbuf, 0, CMSG_SPACE(sizeof(struct in_addr)));
- msg.msg_control = cbuf;
- msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
- cmsgp = CMSG_FIRSTHDR(&msg);
- cmsgp->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
- cmsgp->cmsg_level = IPPROTO_IP;
- cmsgp->cmsg_type = IP_SENDSRCADDR;
- laddr = (struct in_addr *)CMSG_DATA(cmsgp);
-
- ret = recv_dgram(pi, laddr);
- if (laddr->s_addr == 0) {
- msg.msg_control = NULL;
- msg.msg_controllen = 0;
- }
- }
- if (ret == -1)
- return (-1);
- #ifdef USE_TCPWRAPPERS
- /*
- * In case of AF_INET{6} peer, do hosts_access(5) check.
- */
- if (pi->peer->sa_family != AF_LOCAL &&
- inet_ntop(pi->peer->sa_family,
- &((const struct sockaddr_in *)(const void *)pi->peer)->sin_addr,
- client, sizeof(client)) != NULL) {
- request_set(&req, RQ_CLIENT_ADDR, client, 0);
- if (hosts_access(&req) == 0) {
- syslog(LOG_ERR, "refused connection from %.500s",
- eval_client(&req));
- return (-1);
- }
- } else if (pi->peer->sa_family != AF_LOCAL)
- syslog(LOG_ERR, "inet_ntop(): %m");
- #endif
- /*
- * Handle input
- */
- ierr = snmp_input_start(pi->buf, pi->length, "SNMP", &pdu, &vi,
- &pi->consumed);
- if (ierr == SNMPD_INPUT_TRUNC) {
- /* need more bytes. This is ok only for streaming transports.
- * but only if we have not reached bufsiz yet. */
- if (pi->stream) {
- if (pi->length == buf_size(0)) {
- snmpd_stats.silentDrops++;
- return (-1);
- }
- return (0);
- }
- snmpd_stats.silentDrops++;
- return (-1);
- }
- /* can't check for bad SET pdus here, because a proxy may have to
- * check the access first. We don't want to return an error response
- * to a proxy PDU with a wrong community */
- if (ierr == SNMPD_INPUT_FAILED) {
- /* for streaming transports this is fatal */
- if (pi->stream)
- return (-1);
- snmp_input_consume(pi);
- return (0);
- }
- if (ierr == SNMPD_INPUT_BAD_COMM) {
- snmp_input_consume(pi);
- return (0);
- }
- /*
- * If that is a module community and the module has a proxy function,
- * the hand it over to the module.
- */
- if (comm != NULL && comm->owner != NULL &&
- comm->owner->config->proxy != NULL) {
- perr = (*comm->owner->config->proxy)(&pdu, tport->transport,
- &tport->index, pi->peer, pi->peerlen, ierr, vi,
- !pi->cred || pi->priv);
- switch (perr) {
- case SNMPD_PROXY_OK:
- snmp_input_consume(pi);
- return (0);
- case SNMPD_PROXY_REJ:
- break;
- case SNMPD_PROXY_DROP:
- snmp_input_consume(pi);
- snmp_pdu_free(&pdu);
- snmpd_stats.proxyDrops++;
- return (0);
- case SNMPD_PROXY_BADCOMM:
- snmp_input_consume(pi);
- snmp_pdu_free(&pdu);
- snmpd_stats.inBadCommunityNames++;
- if (snmpd.auth_traps)
- snmp_send_trap(&oid_authenticationFailure,
- (struct snmp_value *)NULL);
- return (0);
- case SNMPD_PROXY_BADCOMMUSE:
- snmp_input_consume(pi);
- snmp_pdu_free(&pdu);
- snmpd_stats.inBadCommunityUses++;
- if (snmpd.auth_traps)
- snmp_send_trap(&oid_authenticationFailure,
- (struct snmp_value *)NULL);
- return (0);
- }
- }
- /*
- * Check type
- */
- if (pdu.type == SNMP_PDU_RESPONSE ||
- pdu.type == SNMP_PDU_TRAP ||
- pdu.type == SNMP_PDU_TRAP2) {
- snmpd_stats.silentDrops++;
- snmpd_stats.inBadPduTypes++;
- snmp_pdu_free(&pdu);
- snmp_input_consume(pi);
- return (0);
- }
- /*
- * Check community
- */
- if (pdu.version < SNMP_V3 &&
- ((pi->cred && !pi->priv && pdu.type == SNMP_PDU_SET) ||
- (community != COMM_WRITE &&
- (pdu.type == SNMP_PDU_SET || community != COMM_READ)))) {
- snmpd_stats.inBadCommunityUses++;
- snmp_pdu_free(&pdu);
- snmp_input_consume(pi);
- if (snmpd.auth_traps)
- snmp_send_trap(&oid_authenticationFailure,
- (struct snmp_value *)NULL);
- return (0);
- }
- /*
- * Execute it.
- */
- if ((sndbuf = buf_alloc(1)) == NULL) {
- snmpd_stats.silentDrops++;
- snmp_pdu_free(&pdu);
- snmp_input_consume(pi);
- return (0);
- }
- ferr = snmp_input_finish(&pdu, pi->buf, pi->length,
- sndbuf, &sndlen, "SNMP", ierr, vi, NULL);
- if (ferr == SNMPD_INPUT_OK) {
- msg.msg_name = pi->peer;
- msg.msg_namelen = pi->peerlen;
- msg.msg_iov = iov;
- msg.msg_iovlen = 1;
- msg.msg_flags = 0;
- iov[0].iov_base = sndbuf;
- iov[0].iov_len = sndlen;
- slen = sendmsg(pi->fd, &msg, 0);
- if (slen == -1)
- syslog(LOG_ERR, "sendmsg: %m");
- else if ((size_t)slen != sndlen)
- syslog(LOG_ERR, "sendmsg: short write %zu/%zu",
- sndlen, (size_t)slen);
- }
- snmp_pdu_free(&pdu);
- free(sndbuf);
- snmp_input_consume(pi);
- return (0);
- }
- /*
- * Send a PDU to a given port
- */
- void
- snmp_send_port(void *targ, const struct asn_oid *port, struct snmp_pdu *pdu,
- const struct sockaddr *addr, socklen_t addrlen)
- {
- struct transport *trans = targ;
- struct tport *tp;
- u_char *sndbuf;
- size_t sndlen;
- ssize_t len;
- TAILQ_FOREACH(tp, &trans->table, link)
- if (asn_compare_oid(port, &tp->index) == 0)
- break;
- if (tp == 0)
- return;
- if ((sndbuf = buf_alloc(1)) == NULL)
- return;
- snmp_output(pdu, sndbuf, &sndlen, "SNMP PROXY");
- len = trans->vtab->send(tp, sndbuf, sndlen, addr, addrlen);
- if (len == -1)
- syslog(LOG_ERR, "sendto: %m");
- else if ((size_t)len != sndlen)
- syslog(LOG_ERR, "sendto: short write %zu/%zu",
- sndlen, (size_t)len);
- free(sndbuf);
- }
- /*
- * Close an input source
- */
- void
- snmpd_input_close(struct port_input *pi)
- {
- if (pi->id != NULL)
- fd_deselect(pi->id);
- if (pi->fd >= 0)
- (void)close(pi->fd);
- if (pi->buf != NULL)
- free(pi->buf);
- }
- /*
- * Dump internal state.
- */
- #ifdef USE_LIBBEGEMOT
- static void
- info_func(void)
- #else
- static void
- info_func(evContext ctx __unused, void *uap __unused, const void *tag __unused)
- #endif
- {
- struct lmodule *m;
- u_int i;
- char buf[10000];
- syslog(LOG_DEBUG, "Dump of SNMPd %lu\n", (u_long)getpid());
- for (i = 0; i < tree_size; i++) {
- switch (tree[i].type) {
- case SNMP_NODE_LEAF:
- sprintf(buf, "LEAF: %s %s", tree[i].name,
- asn_oid2str(&tree[i].oid));
- break;
- case SNMP_NODE_COLUMN:
- sprintf(buf, "COL: %s %s", tree[i].name,
- asn_oid2str(&tree[i].oid));
- break;
- }
- syslog(LOG_DEBUG, "%s", buf);
- }
- TAILQ_FOREACH(m, &lmodules, link)
- if (m->config->dump)
- (*m->config->dump)();
- }
- /*
- * Re-read configuration
- */
- #ifdef USE_LIBBEGEMOT
- static void
- config_func(void)
- #else
- static void
- config_func(evContext ctx __unused, void *uap __unused,
- const void *tag __unused)
- #endif
- {
- struct lmodule *m;
- if (read_config(config_file, NULL)) {
- syslog(LOG_ERR, "error reading config file '%s'", config_file);
- return;
- }
- TAILQ_FOREACH(m, &lmodules, link)
- if (m->config->config)
- (*m->config->config)();
- }
- /*
- * On USR1 dump actual configuration.
- */
- static void
- onusr1(int s __unused)
- {
- work |= WORK_DOINFO;
- }
- static void
- onhup(int s __unused)
- {
- work |= WORK_RECONFIG;
- }
- static void
- onterm(int s __unused)
- {
- /* allow clean-up */
- exit(0);
- }
- static void
- init_sigs(void)
- {
- struct sigaction sa;
- sa.sa_handler = onusr1;
- sa.sa_flags = SA_RESTART;
- sigemptyset(&sa.sa_mask);
- if (sigaction(SIGUSR1, &sa, NULL)) {
- syslog(LOG_ERR, "sigaction: %m");
- exit(1);
- }
- sa.sa_handler = onhup;
- if (sigaction(SIGHUP, &sa, NULL)) {
- syslog(LOG_ERR, "sigaction: %m");
- exit(1);
- }
- sa.sa_handler = onterm;
- sa.sa_flags = 0;
- sigemptyset(&sa.sa_mask);
- if (sigaction(SIGTERM, &sa, NULL)) {
- syslog(LOG_ERR, "sigaction: %m");
- exit(1);
- }
- if (sigaction(SIGINT, &sa, NULL)) {
- syslog(LOG_ERR, "sigaction: %m");
- exit(1);
- }
- }
- static void
- block_sigs(void)
- {
- sigset_t set;
- sigfillset(&set);
- if (sigprocmask(SIG_BLOCK, &set, &blocked_sigs) == -1) {
- syslog(LOG_ERR, "SIG_BLOCK: %m");
- exit(1);
- }
- }
- static void
- unblock_sigs(void)
- {
- if (sigprocmask(SIG_SETMASK, &blocked_sigs, NULL) == -1) {
- syslog(LOG_ERR, "SIG_SETMASK: %m");
- exit(1);
- }
- }
- /*
- * Shut down
- */
- static void
- term(void)
- {
- (void)unlink(pid_file);
- }
- static void
- trans_stop(void)
- {
- struct transport *t;
- TAILQ_FOREACH(t, &transport_list, link)
- (void)t->vtab->stop(1);
- }
- /*
- * Define a macro from the command line
- */
- static void
- do_macro(char *arg)
- {
- char *eq;
- int err;
- if ((eq = strchr(arg, '=')) == NULL)
- err = define_macro(arg, "");
- else {
- *eq++ = '\0';
- err = define_macro(arg, eq);
- }
- if (err == -1) {
- syslog(LOG_ERR, "cannot save macro: %m");
- exit(1);
- }
- }
- /*
- * Re-implement getsubopt from scratch, because the second argument is broken
- * and will not compile with WARNS=5.
- */
- static int
- getsubopt1(char **arg, const char *const *options, char **valp, char **optp)
- {
- static const char *const delim = ",\t ";
- u_int i;
- char *ptr;
- *optp = NULL;
- /* skip leading junk */
- for (ptr = *arg; *ptr != '\0'; ptr++)
- if (strchr(delim, *ptr) == NULL)
- break;
- if (*ptr == '\0') {
- *arg = ptr;
- return (-1);
- }
- *optp = ptr;
- /* find the end of the option */
- while (*++ptr != '\0')
- if (strchr(delim, *ptr) != NULL || *ptr == '=')
- break;
- if (*ptr != '\0') {
- if (*ptr == '=') {
- *ptr++ = '\0';
- *valp = ptr;
- while (*ptr != '\0' && strchr(delim, *ptr) == NULL)
- ptr++;
- if (*ptr != '\0')
- *ptr++ = '\0';
- } else
- *ptr++ = '\0';
- }
- *arg = ptr;
- for (i = 0; *options != NULL; options++, i++)
- if (strcmp(*optp, *options) == 0)
- return (i);
- return (-1);
- }
- int
- main(int argc, char *argv[])
- {
- int opt;
- FILE *fp;
- int background = 1;
- struct tport *p;
- const char *prefix = "snmpd";
- struct lmodule *m;
- char *value = NULL, *option; /* XXX */
- struct transport *t;
- #define DBG_DUMP 0
- #define DBG_EVENTS 1
- #define DBG_TRACE 2
- static const char *const debug_opts[] = {
- "dump",
- "events",
- "trace",
- NULL
- };
- snmp_printf = snmp_printf_func;
- snmp_error = snmp_error_func;
- snmp_debug = snmp_debug_func;
- asn_error = asn_error_func;
- while ((opt = getopt(argc, argv, "c:dD:e:hI:l:m:p:")) != EOF)
- switch (opt) {
- case 'c':
- strlcpy(config_file, optarg, sizeof(config_file));
- break;
- case 'd':
- background = 0;
- break;
- case 'D':
- while (*optarg) {
- switch (getsubopt1(&optarg, debug_opts,
- &value, &option)) {
- case DBG_DUMP:
- debug.dump_pdus = 1;
- break;
- case DBG_EVENTS:
- debug.evdebug++;
- break;
- case DBG_TRACE:
- if (value == NULL)
- syslog(LOG_ERR,
- "no value for 'trace'");
- else
- snmp_trace = strtoul(value,
- NULL, 0);
- break;
- case -1:
- if (suboptarg)
- syslog(LOG_ERR,
- "unknown debug flag '%s'",
- option);
- else
- syslog(LOG_ERR,
- "missing debug flag");
- break;
- }
- }
- break;
- case 'e':
- strlcpy(engine_file, optarg, sizeof(engine_file));
- break;
- case 'h':
- fprintf(stderr, "%s", usgtxt);
- exit(0);
- case 'I':
- syspath = optarg;
- break;
- case 'l':
- prefix = optarg;
- break;
- case 'm':
- do_macro(optarg);
- break;
- case 'p':
- strlcpy(pid_file, optarg, sizeof(pid_file));
- break;
- }
- openlog(prefix, LOG_PID | (background ? 0 : LOG_PERROR), LOG_USER);
- setlogmask(LOG_UPTO(debug.logpri - 1));
- if (background && daemon(0, 0) < 0) {
- syslog(LOG_ERR, "daemon: %m");
- exit(1);
- }
- argc -= optind;
- argv += optind;
- progargs = argv;
- nprogargs = argc;
- srandomdev();
- snmp_serial_no = random();
- #ifdef USE_TCPWRAPPERS
- /*
- * Initialize hosts_access(3) handler.
- */
- request_init(&req, RQ_DAEMON, "snmpd", 0);
- sock_methods(&req);
- #endif
- /*
- * Initialize the tree.
- */
- if ((tree = malloc(sizeof(struct snmp_node) * CTREE_SIZE)) == NULL) {
- syslog(LOG_ERR, "%m");
- exit(1);
- }
- memcpy(tree, ctree, sizeof(struct snmp_node) * CTREE_SIZE);
- tree_size = CTREE_SIZE;
- /*
- * Get standard communities
- */
- (void)comm_define(1, "SNMP read", NULL, NULL);
- (void)comm_define(2, "SNMP write", NULL, NULL);
- community = COMM_INITIALIZE;
- trap_reqid = reqid_allocate(512, NULL);
- if (config_file[0] == '\0')
- snprintf(config_file, sizeof(config_file), PATH_CONFIG, prefix);
- init_actvals();
- init_snmpd_engine();
- this_tick = get_ticks();
- start_tick = this_tick;
- /* start transports */
- if (atexit(trans_stop) == -1) {
- syslog(LOG_ERR, "atexit failed: %m");
- exit(1);
- }
- if (udp_trans.start() != SNMP_ERR_NOERROR)
- syslog(LOG_WARNING, "cannot start UDP transport");
- if (lsock_trans.start() != SNMP_ERR_NOERROR)
- syslog(LOG_WARNING, "cannot start LSOCK transport");
- #ifdef USE_LIBBEGEMOT
- if (debug.evdebug > 0)
- rpoll_trace = 1;
- #else
- if (evCreate(&evctx)) {
- syslog(LOG_ERR, "evCreate: %m");
- exit(1);
- }
- if (debug.evdebug > 0)
- evSetDebug(evctx, 10, stderr);
- #endif
- if (engine_file[0] == '\0')
- snprintf(engine_file, sizeof(engine_file), PATH_ENGINE, prefix);
- if (read_config(config_file, NULL)) {
- syslog(LOG_ERR, "error in config file");
- exit(1);
- }
- TAILQ_FOREACH(t, &transport_list, link)
- TAILQ_FOREACH(p, &t->table, link)
- t->vtab->init_port(p);
- init_sigs();
- if (pid_file[0] == '\0')
- snprintf(pid_file, sizeof(pid_file), PATH_PID, prefix);
- if ((fp = fopen(pid_file, "w")) != NULL) {
- fprintf(fp, "%u", getpid());
- fclose(fp);
- if (atexit(term) == -1) {
- syslog(LOG_ERR, "atexit failed: %m");
- (void)remove(pid_file);
- exit(0);
- }
- }
- if (or_register(&oid_snmpMIB, "The MIB module for SNMPv2 entities.",
- NULL) == 0) {
- syslog(LOG_ERR, "cannot register SNMPv2 MIB");
- exit(1);
- }
- if (or_register(&oid_begemotSnmpd, "The MIB module for the Begemot SNMPd.",
- NULL) == 0) {
- syslog(LOG_ERR, "cannot register begemotSnmpd MIB");
- exit(1);
- }
- while ((m = TAILQ_FIRST(&modules_start)) != NULL) {
- m->flags &= ~LM_ONSTARTLIST;
- TAILQ_REMOVE(&modules_start, m, start);
- lm_start(m);
- }
- snmp_send_trap(&oid_coldStart, (struct snmp_value *)NULL);
- for (;;) {
- #ifndef USE_LIBBEGEMOT
- evEvent event;
- #endif
- struct lmodule *mod;
- TAILQ_FOREACH(mod, &lmodules, link)
- if (mod->config->idle != NULL)
- (*mod->config->idle)();
- #ifndef USE_LIBBEGEMOT
- if (evGetNext(evctx, &event, EV_WAIT) == 0) {
- if (evDispatch(evctx, event))
- syslog(LOG_ERR, "evDispatch: %m");
- } else if (errno != EINTR) {
- syslog(LOG_ERR, "evGetNext: %m");
- exit(1);
- }
- #else
- poll_dispatch(1);
- #endif
- if (work != 0) {
- block_sigs();
- if (work & WORK_DOINFO) {
- #ifdef USE_LIBBEGEMOT
- info_func();
- #else
- if (evWaitFor(evctx, &work, info_func,
- NULL, NULL) == -1) {
- syslog(LOG_ERR, "evWaitFor: %m");
- exit(1);
- }
- #endif
- }
- if (work & WORK_RECONFIG) {
- #ifdef USE_LIBBEGEMOT
- config_func();
- #else
- if (evWaitFor(evctx, &work, config_func,
- NULL, NULL) == -1) {
- syslog(LOG_ERR, "evWaitFor: %m");
- exit(1);
- }
- #endif
- }
- work = 0;
- unblock_sigs();
- #ifndef USE_LIBBEGEMOT
- if (evDo(evctx, &work) == -1) {
- syslog(LOG_ERR, "evDo: %m");
- exit(1);
- }
- #endif
- }
- }
- return (0);
- }
- uint64_t
- get_ticks(void)
- {
- struct timeval tv;
- uint64_t ret;
- if (gettimeofday(&tv, NULL))
- abort();
- ret = tv.tv_sec * 100ULL + tv.tv_usec / 10000ULL;
- return (ret);
- }
- /*
- * Timer support
- */
- /*
- * Trampoline for the non-repeatable timers.
- */
- #ifdef USE_LIBBEGEMOT
- static void
- tfunc(int tid __unused, void *uap)
- #else
- static void
- tfunc(evContext ctx __unused, void *uap, struct timespec due __unused,
- struct timespec inter __unused)
- #endif
- {
- struct timer *tp = uap;
- LIST_REMOVE(tp, link);
- tp->func(tp->udata);
- free(tp);
- }
- /*
- * Trampoline for the repeatable timers.
- */
- #ifdef USE_LIBBEGEMOT
- static void
- trfunc(int tid __unused, void *uap)
- #else
- static void
- trfunc(evContext ctx __unused, void *uap, struct timespec due __unused,
- struct timespec inter __unused)
- #endif
- {
- struct timer *tp = uap;
- tp->func(tp->udata);
- }
- /*
- * Start a one-shot timer
- */
- void *
- timer_start(u_int ticks, void (*func)(void *), void *udata, struct lmodule *mod)
- {
- struct timer *tp;
- #ifndef USE_LIBBEGEMOT
- struct timespec due;
- #endif
- if ((tp = malloc(sizeof(struct timer))) == NULL) {
- syslog(LOG_CRIT, "out of memory for timer");
- exit(1);
- }
- #ifndef USE_LIBBEGEMOT
- due = evAddTime(evNowTime(),
- evConsTime(ticks / 100, (ticks % 100) * 10000));
- #endif
- tp->udata = udata;
- tp->owner = mod;
- tp->func = func;
- LIST_INSERT_HEAD(&timer_list, tp, link);
- #ifdef USE_LIBBEGEMOT
- if ((tp->id = poll_start_timer(ticks * 10, 0, tfunc, tp)) < 0) {
- syslog(LOG_ERR, "cannot set timer: %m");
- exit(1);
- }
- #else
- if (evSetTimer(evctx, tfunc, tp, due, evConsTime(0, 0), &tp->id)
- == -1) {
- syslog(LOG_ERR, "cannot set timer: %m");
- exit(1);
- }
- #endif
- return (tp);
- }
- /*
- * Start a repeatable timer. When used with USE_LIBBEGEMOT the first argument
- * is currently ignored and the initial number of ticks is set to the
- * repeat number of ticks.
- */
- void *
- timer_start_repeat(u_int ticks __unused, u_int repeat_ticks,
- void (*func)(void *), void *udata, struct lmodule *mod)
- {
- struct timer *tp;
- #ifndef USE_LIBBEGEMOT
- struct timespec due;
- struct timespec inter;
- #endif
- if ((tp = malloc(sizeof(struct timer))) == NULL) {
- syslog(LOG_CRIT, "out of memory for timer");
- exit(1);
- }
- #ifndef USE_LIBBEGEMOT
- due = evAddTime(evNowTime(),
- evConsTime(ticks / 100, (ticks % 100) * 10000));
- inter = evConsTime(repeat_ticks / 100, (repeat_ticks % 100) * 10000);
- #endif
- tp->udata = udata;
- tp->owner = mod;
- tp->func = func;
- LIST_INSERT_HEAD(&timer_list, tp, link);
- #ifdef USE_LIBBEGEMOT
- if ((tp->id = poll_start_timer(repeat_ticks * 10, 1, trfunc, tp)) < 0) {
- syslog(LOG_ERR, "cannot set timer: %m");
- exit(1);
- }
- #else
- if (evSetTimer(evctx, trfunc, tp, due, inter, &tp->id) == -1) {
- syslog(LOG_ERR, "cannot set timer: %m");
- exit(1);
- }
- #endif
- return (tp);
- }
- /*
- * Stop a timer.
- */
- void
- timer_stop(void *p)
- {
- struct timer *tp = p;
- LIST_REMOVE(tp, link);
- #ifdef USE_LIBBEGEMOT
- poll_stop_timer(tp->id);
- #else
- if (evClearTimer(evctx, tp->id) == -1) {
- syslog(LOG_ERR, "cannot stop timer: %m");
- exit(1);
- }
- #endif
- free(p);
- }
- static void
- timer_flush(struct lmodule *mod)
- {
- struct timer *t, *t1;
- t = LIST_FIRST(&timer_list);
- while (t != NULL) {
- t1 = LIST_NEXT(t, link);
- if (t->owner == mod)
- timer_stop(t);
- t = t1;
- }
- }
- static void
- snmp_printf_func(const char *fmt, ...)
- {
- va_list ap;
- static char *pend = NULL;
- char *ret, *new;
- va_start(ap, fmt);
- vasprintf(&ret, fmt, ap);
- va_end(ap);
- if (ret == NULL)
- return;
- if (pend != NULL) {
- if ((new = realloc(pend, strlen(pend) + strlen(ret) + 1))
- == NULL) {
- free(ret);
- return;
- }
- pend = new;
- strcat(pend, ret);
- free(ret);
- } else
- pend = ret;
- while ((ret = strchr(pend, '\n')) != NULL) {
- *ret = '\0';
- syslog(LOG_DEBUG, "%s", pend);
- if (strlen(ret + 1) == 0) {
- free(pend);
- pend = NULL;
- break;
- }
- strcpy(pend, ret + 1);
- }
- }
- static void
- snmp_error_func(const char *err, ...)
- {
- char errbuf[1000];
- va_list ap;
- if (!(snmp_trace & LOG_SNMP_ERRORS))
- return;
- va_start(ap, err);
- snprintf(errbuf, sizeof(errbuf), "SNMP: ");
- vsnprintf(errbuf + strlen(errbuf),
- sizeof(errbuf) - strlen(errbuf), err, ap);
- va_end(ap);
- syslog(LOG_ERR, "%s", errbuf);
- }
- static void
- snmp_debug_func(const char *err, ...)
- {
- char errbuf[1000];
- va_list ap;
- va_start(ap, err);
- snprintf(errbuf, sizeof(errbuf), "SNMP: ");
- vsnprintf(errbuf+strlen(errbuf), sizeof(errbuf)-strlen(errbuf),
- err, ap);
- va_end(ap);
- syslog(LOG_DEBUG, "%s", errbuf);
- }
- static void
- asn_error_func(const struct asn_buf *b, const char *err, ...)
- {
- char errbuf[1000];
- va_list ap;
- u_int i;
- if (!(snmp_trace & LOG_ASN1_ERRORS))
- return;
- va_start(ap, err);
- snprintf(errbuf, sizeof(errbuf), "ASN.1: ");
- vsnprintf(errbuf + strlen(errbuf),
- sizeof(errbuf) - strlen(errbuf), err, ap);
- va_end(ap);
- if (b != NULL) {
- snprintf(errbuf + strlen(errbuf),
- sizeof(errbuf) - strlen(errbuf), " at");
- for (i = 0; b->asn_len > i; i++)
- snprintf(errbuf + strlen(errbuf),
- sizeof(errbuf) - strlen(errbuf),
- " %02x", b->asn_cptr[i]);
- }
- syslog(LOG_ERR, "%s", errbuf);
- }
- /*
- * Create a new community
- */
- u_int
- comm_define(u_int priv, const char *descr, struct lmodule *owner,
- const char *str)
- {
- struct community *c, *p;
- u_int ncomm;
- /* generate an identifier */
- do {
- if ((ncomm = next_community_index++) == UINT_MAX)
- next_community_index = 1;
- TAILQ_FOREACH(c, &community_list, link)
- if (c->value == ncomm)
- break;
- } while (c != NULL);
- if ((c = malloc(sizeof(struct community))) == NULL) {
- syslog(LOG_ERR, "comm_define: %m");
- return (0);
- }
- c->owner = owner;
- c->value = ncomm;
- c->descr = descr;
- c->string = NULL;
- c->private = priv;
- if (str != NULL) {
- if((c->string = malloc(strlen(str)+1)) == NULL) {
- free(c);
- return (0);
- }
- strcpy(c->string, str);
- }
- /* make index */
- if (c->owner == NULL) {
- c->index.len = 1;
- c->index.subs[0] = 0;
- } else {
- c->index = c->owner->index;
- }
- c->index.subs[c->index.len++] = c->private;
- /*
- * Insert ordered
- */
- TAILQ_FOREACH(p, &community_list, link) {
- if (asn_compare_oid(&p->index, &c->index) > 0) {
- TAILQ_INSERT_BEFORE(p, c, link);
- break;
- }
- }
- if (p == NULL)
- TAILQ_INSERT_TAIL(&community_list, c, link);
- return (c->value);
- }
- const char *
- comm_string(u_int ncomm)
- {
- struct community *p;
- TAILQ_FOREACH(p, &community_list, link)
- if (p->value == ncomm)
- return (p->string);
- return (NULL);
- }
- /*
- * Delete all communities allocated by a module
- */
- static void
- comm_flush(struct lmodule *mod)
- {
- struct community *p, *p1;
- p = TAILQ_FIRST(&community_list);
- while (p != NULL) {
- p1 = TAILQ_NEXT(p, link);
- if (p->owner == mod) {
- free(p->string);
- TAILQ_REMOVE(&community_list, p, link);
- free(p);
- }
- p = p1;
- }
- }
- /*
- * Request ID handling.
- *
- * Allocate a new range of request ids. Use a first fit algorithm.
- */
- u_int
- reqid_allocate(int size, struct lmodule *mod)
- {
- u_int type;
- struct idrange *r, *r1;
- if (size <= 0 || size > INT32_MAX) {
- syslog(LOG_CRIT, "%s: size out of range: %d", __func__, size);
- return (0);
- }
- /* allocate a type id */
- do {
- if ((type = next_idrange++) == UINT_MAX)
- next_idrange = 1;
- TAILQ_FOREACH(r, &idrange_list, link)
- if (r->type == type)
- break;
- } while(r != NULL);
- /* find a range */
- if (TAILQ_EMPTY(&idrange_list))
- r = NULL;
- else {
- r = TAILQ_FIRST(&idrange_list);
- if (r->base < size) {
- while((r1 = TAILQ_NEXT(r, link)) != NULL) {
- if (r1->base - (r->base + r->size) >= size)
- break;
- r = r1;
- }
- r = r1;
- }
- if (r == NULL) {
- r1 = TAILQ_LAST(&idrange_list, idrange_list);
- if (INT32_MAX - size + 1 < r1->base + r1->size) {
- syslog(LOG_ERR, "out of id ranges (%u)", size);
- return (0);
- }
- }
- }
- /* allocate structure */
- if ((r1 = malloc(sizeof(struct idrange))) == NULL) {
- syslog(LOG_ERR, "%s: %m", __FUNCTION__);
- return (0);
- }
- r1->type = type;
- r1->size = size;
- r1->owner = mod;
- if (TAILQ_EMPTY(&idrange_list) || r == TAILQ_FIRST(&idrange_list)) {
- r1->base = 0;
- TAILQ_INSERT_HEAD(&idrange_list, r1, link);
- } else if (r == NULL) {
- r = TAILQ_LAST(&idrange_list, idrange_list);
- r1->base = r->base + r->size;
- TAILQ_INSERT_TAIL(&idrange_list, r1, link);
- } else {
- r = TAILQ_PREV(r, idrange_list, link);
- r1->base = r->base + r->size;
- TAILQ_INSERT_AFTER(&idrange_list, r, r1, link);
- }
- r1->next = r1->base;
- return (type);
- }
- int32_t
- reqid_next(u_int type)
- {
- struct idrange *r;
- int32_t id;
- TAILQ_FOREACH(r, &idrange_list, link)
- if (r->type == type)
- break;
- if (r == NULL) {
- syslog(LOG_CRIT, "wrong idrange type");
- abort();
- }
- if ((id = r->next++) == r->base + (r->size - 1))
- r->next = r->base;
- return (id);
- }
- int32_t
- reqid_base(u_int type)
- {
- struct idrange *r;
- TAILQ_FOREACH(r, &idrange_list, link)
- if (r->type == type)
- return (r->base);
- syslog(LOG_CRIT, "wrong idrange type");
- abort();
- }
- u_int
- reqid_type(int32_t reqid)
- {
- struct idrange *r;
- TAILQ_FOREACH(r, &idrange_list, link)
- if (reqid >= r->base && reqid <= r->base + (r->size - 1))
- return (r->type);
- return (0);
- }
- int
- reqid_istype(int32_t reqid, u_int type)
- {
- return (reqid_type(reqid) == type);
- }
- /*
- * Delete all communities allocated by a module
- */
- static void
- reqid_flush(struct lmodule *mod)
- {
- struct idrange *p, *p1;
- p = TAILQ_FIRST(&idrange_list);
- while (p != NULL) {
- p1 = TAILQ_NEXT(p, link);
- if (p->owner == mod) {
- TAILQ_REMOVE(&idrange_list, p, link);
- free(p);
- }
- p = p1;
- }
- }
- /*
- * Merge the given tree for the given module into the main tree.
- */
- static int
- compare_node(const void *v1, const void *v2)
- {
- const struct snmp_node *n1 = v1;
- const struct snmp_node *n2 = v2;
- return (asn_compare_oid(&n1->oid, &n2->oid));
- }
- static int
- tree_merge(const struct snmp_node *ntree, u_int nsize, struct lmodule *mod)
- {
- struct snmp_node *xtree;
- u_int i;
- xtree = realloc(tree, sizeof(*tree) * (tree_size + nsize));
- if (xtree == NULL) {
- syslog(LOG_ERR, "tree_merge: %m");
- return (-1);
- }
- tree = xtree;
- memcpy(&tree[tree_size], ntree, sizeof(*tree) * nsize);
- for (i = 0; i < nsize; i++)
- tree[tree_size + i].tree_data = mod;
- tree_size += nsize;
- qsort(tree, tree_size, sizeof(tree[0]), compare_node);
- return (0);
- }
- /*
- * Remove all nodes belonging to the loadable module
- */
- static void
- tree_unmerge(struct lmodule *mod)
- {
- u_int s, d;
- for(s = d = 0; s < tree_size; s++)
- if (tree[s].tree_data != mod) {
- if (s != d)
- tree[d] = tree[s];
- d++;
- }
- tree_size = d;
- }
- /*
- * Loadable modules
- */
- struct lmodule *
- lm_load(const char *path, const char *section)
- {
- struct lmodule *m;
- int err;
- int i;
- char *av[MAX_MOD_ARGS + 1];
- int ac;
- u_int u;
- if ((m = malloc(sizeof(*m))) == NULL) {
- syslog(LOG_ERR, "lm_load: %m");
- return (NULL);
- }
- m->handle = NULL;
- m->flags = 0;
- strcpy(m->section, section);
- if ((m->path = malloc(strlen(path) + 1)) == NULL) {
- syslog(LOG_ERR, "lm_load: %m");
- goto err;
- }
- strcpy(m->path, path);
- /*
- * Make index
- */
- m->index.subs[0] = strlen(section);
- m->index.len = m->index.subs[0] + 1;
- for (u = 0; u < m->index.subs[0]; u++)
- m->index.subs[u + 1] = section[u];
- /*
- * Load the object file and locate the config structure
- */
- if ((m->handle = dlopen(m->path, RTLD_NOW|RTLD_GLOBAL)) == NULL) {
- syslog(LOG_ERR, "lm_load: open %s", dlerror());
- goto err;
- }
- if ((m->config = dlsym(m->handle, "config")) == NULL) {
- syslog(LOG_ERR, "lm_load: no 'config' symbol %s", dlerror());
- goto err;
- }
- /*
- * Insert it into the right place
- */
- INSERT_OBJECT_OID(m, &lmodules);
- /* preserve order */
- if (community == COMM_INITIALIZE) {
- m->flags |= LM_ONSTARTLIST;
- TAILQ_INSERT_TAIL(&modules_start, m, start);
- }
- /*
- * make the argument vector.
- */
- ac = 0;
- for (i = 0; i < nprogargs; i++) {
- if (strlen(progargs[i]) >= strlen(section) + 1 &&
- strncmp(progargs[i], section, strlen(section)) == 0 &&
- progargs[i][strlen(section)] == ':') {
- if (ac == MAX_MOD_ARGS) {
- syslog(LOG_WARNING, "too many arguments for "
- "module '%s", section);
- break;
- }
- av[ac++] = &progargs[i][strlen(section)+1];
- }
- }
- av[ac] = NULL;
- /*
- * Run the initialization function
- */
- if ((err = (*m->config->init)(m, ac, av)) != 0) {
- syslog(LOG_ERR, "lm_load: init failed: %d", err);
- TAILQ_REMOVE(&lmodules, m, link);
- goto err;
- }
- return (m);
- err:
- if ((m->flags & LM_ONSTARTLIST) != 0)
- TAILQ_REMOVE(&modules_start, m, start);
- if (m->handle)
- dlclose(m->handle);
- free(m->path);
- free(m);
- return (NULL);
- }
- /*
- * Start a module
- */
- void
- lm_start(struct lmodule *mod)
- {
- const struct lmodule *m;
- /*
- * Merge tree. If this fails, unload the module.
- */
- if (tree_merge(mod->config->tree, mod->config->tree_size, mod)) {
- lm_unload(mod);
- return;
- }
- /*
- * Read configuration
- */
- if (read_config(config_file, mod)) {
- syslog(LOG_ERR, "error in config file");
- lm_unload(mod);
- return;
- }
- if (mod->config->start)
- (*mod->config->start)();
- mod->flags |= LM_STARTED;
- /*
- * Inform other modules
- */
- TAILQ_FOREACH(m, &lmodules, link)
- if (m->config->loading)
- (*m->config->loading)(mod, 1);
- }
- /*
- * Unload a module.
- */
- void
- lm_unload(struct lmodule *m)
- {
- int err;
- const struct lmodule *mod;
- TAILQ_REMOVE(&lmodules, m, link);
- if (m->flags & LM_ONSTARTLIST)
- TAILQ_REMOVE(&modules_start, m, start);
- tree_unmerge(m);
- if ((m->flags & LM_STARTED) && m->config->fini &&
- (err = (*m->config->fini)()) != 0)
- syslog(LOG_WARNING, "lm_unload(%s): fini %d", m->section, err);
- comm_flush(m);
- reqid_flush(m);
- timer_flush(m);
- fd_flush(m);
- dlclose(m->handle);
- free(m->path);
- /*
- * Inform other modules
- */
- TAILQ_FOREACH(mod, &lmodules, link)
- if (mod->config->loading)
- (*mod->config->loading)(m, 0);
- free(m);
- }
- /*
- * Register an object resource and return the index (or 0 on failures)
- */
- u_int
- or_register(const struct asn_oid *or, const char *descr, struct lmodule *mod)
- {
- struct objres *objres, *or1;
- u_int idx;
- /* find a free index */
- idx = 1;
- for (objres = TAILQ_FIRST(&objres_list);
- objres != NULL;
- objres = TAILQ_NEXT(objres, link)) {
- if ((or1 = TAILQ_NEXT(objres, link)) == NULL ||
- or1->index > objres->index + 1) {
- idx = objres->index + 1;
- break;
- }
- }
- if ((objres = malloc(sizeof(*objres))) == NULL)
- return (0);
- objres->index = idx;
- objres->oid = *or;
- strlcpy(objres->descr, descr, sizeof(objres->descr));
- objres->uptime = (uint32_t)(get_ticks() - start_tick);
- objres->module = mod;
- INSERT_OBJECT_INT(objres, &objres_list);
- systemg.or_last_change = objres->uptime;
- return (idx);
- }
- void
- or_unregister(u_int idx)
- {
- struct objres *objres;
- TAILQ_FOREACH(objres, &objres_list, link)
- if (objres->index == idx) {
- TAILQ_REMOVE(&objres_list, objres, link);
- free(objres);
- return;
- }
- }
- /*
- * RFC 3414 User-based Security Model support
- */
- struct snmpd_usmstat *
- bsnmpd_get_usm_stats(void)
- {
- return (&snmpd_usmstats);
- }
- void
- bsnmpd_reset_usm_stats(void)
- {
- memset(&snmpd_usmstats, 0, sizeof(snmpd_usmstats));
- }
- struct usm_user *
- usm_first_user(void)
- {
- return (SLIST_FIRST(&usm_userlist));
- }
- struct usm_user *
- usm_next_user(struct usm_user *uuser)
- {
- if (uuser == NULL)
- return (NULL);
- return (SLIST_NEXT(uuser, up));
- }
- struct usm_user *
- usm_find_user(uint8_t *engine, uint32_t elen, char *uname)
- {
- struct usm_user *uuser;
- SLIST_FOREACH(uuser, &usm_userlist, up)
- if (uuser->user_engine_len == elen &&
- memcmp(uuser->user_engine_id, engine, elen) == 0 &&
- strlen(uuser->suser.sec_name) == strlen(uname) &&
- strcmp(uuser->suser.sec_name, uname) == 0)
- break;
- return (uuser);
- }
- static int
- usm_compare_user(struct usm_user *u1, struct usm_user *u2)
- {
- uint32_t i;
- if (u1->user_engine_len < u2->user_engine_len)
- return (-1);
- if (u1->user_engine_len > u2->user_engine_len)
- return (1);
- for (i = 0; i < u1->user_engine_len; i++) {
- if (u1->user_engine_id[i] < u2->user_engine_id[i])
- return (-1);
- if (u1->user_engine_id[i] > u2->user_engine_id[i])
- return (1);
- }
- if (strlen(u1->suser.sec_name) < strlen(u2->suser.sec_name))
- return (-1);
- if (strlen(u1->suser.sec_name) > strlen(u2->suser.sec_name))
- return (1);
- for (i = 0; i < strlen(u1->suser.sec_name); i++) {
- if (u1->suser.sec_name[i] < u2->suser.sec_name[i])
- return (-1);
- if (u1->suser.sec_name[i] > u2->suser.sec_name[i])
- return (1);
- }
- return (0);
- }
- struct usm_user *
- usm_new_user(uint8_t *eid, uint32_t elen, char *uname)
- {
- int cmp;
- struct usm_user *uuser, *temp, *prev;
- for (uuser = usm_first_user(); uuser != NULL;
- (uuser = usm_next_user(uuser))) {
- if (uuser->user_engine_len == elen &&
- strlen(uname) == strlen(uuser->suser.sec_name) &&
- strcmp(uname, uuser->suser.sec_name) == 0 &&
- memcmp(eid, uuser->user_engine_id, elen) == 0)
- return (NULL);
- }
- if ((uuser = (struct usm_user *)malloc(sizeof(*uuser))) == NULL)
- return (NULL);
- memset(uuser, 0, sizeof(struct usm_user));
- strlcpy(uuser->suser.sec_name, uname, SNMP_ADM_STR32_SIZ);
- memcpy(uuser->user_engine_id, eid, elen);
- uuser->user_engine_len = elen;
- if ((prev = SLIST_FIRST(&usm_userlist)) == NULL ||
- usm_compare_user(uuser, prev) < 0) {
- SLIST_INSERT_HEAD(&usm_userlist, uuser, up);
- return (uuser);
- }
- SLIST_FOREACH(temp, &usm_userlist, up) {
- if ((cmp = usm_compare_user(uuser, temp)) <= 0)
- break;
- prev = temp;
- }
- if (temp == NULL || cmp < 0)
- SLIST_INSERT_AFTER(prev, uuser, up);
- else if (cmp > 0)
- SLIST_INSERT_AFTER(temp, uuser, up);
- else {
- syslog(LOG_ERR, "User %s exists", uuser->suser.sec_name);
- free(uuser);
- return (NULL);
- }
- return (uuser);
- }
- void
- usm_delete_user(struct usm_user *uuser)
- {
- SLIST_REMOVE(&usm_userlist, uuser, usm_user, up);
- free(uuser);
- }
- void
- usm_flush_users(void)
- {
- struct usm_user *uuser;
- while ((uuser = SLIST_FIRST(&usm_userlist)) != NULL) {
- SLIST_REMOVE_HEAD(&usm_userlist, up);
- free(uuser);
- }
- SLIST_INIT(&usm_userlist);
- }
- /*
- * RFC 3415 View-based Access Control Model support
- */
- struct vacm_user *
- vacm_first_user(void)
- {
- return (SLIST_FIRST(&vacm_userlist));
- }
- struct vacm_user *
- vacm_next_user(struct vacm_user *vuser)
- {
- if (vuser == NULL)
- return (NULL);
- return (SLIST_NEXT(vuser, vvu));
- }
- static int
- vacm_compare_user(struct vacm_user *v1, struct vacm_user *v2)
- {
- uint32_t i;
- if (v1->sec_model < v2->sec_model)
- return (-1);
- if (v1->sec_model > v2->sec_model)
- return (1);
- if (strlen(v1->secname) < strlen(v2->secname))
- return (-1);
- if (strlen(v1->secname) > strlen(v2->secname))
- return (1);
- for (i = 0; i < strlen(v1->secname); i++) {
- if (v1->secname[i] < v2->secname[i])
- return (-1);
- if (v1->secname[i] > v2->secname[i])
- return (1);
- }
- return (0);
- }
- struct vacm_user *
- vacm_new_user(int32_t smodel, char *uname)
- {
- int cmp;
- struct vacm_user *user, *temp, *prev;
- SLIST_FOREACH(user, &vacm_userlist, vvu)
- if (strcmp(uname, user->secname) == 0 &&
- smodel == user->sec_model)
- return (NULL);
- if ((user = (struct vacm_user *)malloc(sizeof(*user))) == NULL)
- return (NULL);
- memset(user, 0, sizeof(*user));
- user->group = &vacm_default_group;
- SLIST_INSERT_HEAD(&vacm_default_group.group_users, user, vvg);
- user->sec_model = smodel;
- strlcpy(user->secname, uname, sizeof(user->secname));
- if ((prev = SLIST_FIRST(&vacm_userlist)) == NULL ||
- vacm_compare_user(user, prev) < 0) {
- SLIST_INSERT_HEAD(&vacm_userlist, user, vvu);
- return (user);
- }
- SLIST_FOREACH(temp, &vacm_userlist, vvu) {
- if ((cmp = vacm_compare_user(user, temp)) <= 0)
- break;
- prev = temp;
- }
- if (temp == NULL || cmp < 0)
- SLIST_INSERT_AFTER(prev, user, vvu);
- else if (cmp > 0)
- SLIST_INSERT_AFTER(temp, user, vvu);
- else {
- syslog(LOG_ERR, "User %s exists", user->secname);
- free(user);
- return (NULL);
- }
- return (user);
- }
- int
- vacm_delete_user(struct vacm_user *user)
- {
- if (user->group != NULL && user->group != &vacm_default_group) {
- SLIST_REMOVE(&user->group->group_users, user, vacm_user, vvg);
- if (SLIST_EMPTY(&user->group->group_users)) {
- SLIST_REMOVE(&vacm_grouplist, user->group,
- vacm_group, vge);
- free(user->group);
- }
- }
- SLIST_REMOVE(&vacm_userlist, user, vacm_user, vvu);
- free(user);
- return (0);
- }
- int
- vacm_user_set_group(struct vacm_user *user, u_char *octets, u_int len)
- {
- struct vacm_group *group;
- if (len >= SNMP_ADM_STR32_SIZ)
- return (-1);
- SLIST_FOREACH(group, &vacm_grouplist, vge)
- if (strlen(group->groupname) == len &&
- memcmp(octets, group->groupname, len) == 0)
- break;
- if (group == NULL) {
- if ((group = (struct vacm_group *)malloc(sizeof(*group))) == NULL)
- return (-1);
- memset(group, 0, sizeof(*group));
- memcpy(group->groupname, octets, len);
- group->groupname[len] = '\0';
- SLIST_INSERT_HEAD(&vacm_grouplist, group, vge);
- }
- SLIST_REMOVE(&user->group->group_users, user, vacm_user, vvg);
- SLIST_INSERT_HEAD(&group->group_users, user, vvg);
- user->group = group;
- return (0);
- }
- void
- vacm_groups_init(void)
- {
- SLIST_INSERT_HEAD(&vacm_grouplist, &vacm_default_group, vge);
- }
- struct vacm_access *
- vacm_first_access_rule(void)
- {
- return (TAILQ_FIRST(&vacm_accesslist));
- }
- struct vacm_access *
- vacm_next_access_rule(struct vacm_access *acl)
- {
- if (acl == NULL)
- return (NULL);
- return (TAILQ_NEXT(acl, vva));
- }
- static int
- vacm_compare_access_rule(struct vacm_access *v1, struct vacm_access *v2)
- {
- uint32_t i;
- if (strlen(v1->group->groupname) < strlen(v2->group->groupname))
- return (-1);
- if (strlen(v1->group->groupname) > strlen(v2->group->groupname))
- return (1);
- for (i = 0; i < strlen(v1->group->groupname); i++) {
- if (v1->group->groupname[i] < v2->group->groupname[i])
- return (-1);
- if (v1->group->groupname[i] > v2->group->groupname[i])
- return (1);
- }
- if (strlen(v1->ctx_prefix) < strlen(v2->ctx_prefix))
- return (-1);
- if (strlen(v1->ctx_prefix) > strlen(v2->ctx_prefix))
- return (1);
- for (i = 0; i < strlen(v1->ctx_prefix); i++) {
- if (v1->ctx_prefix[i] < v2->ctx_prefix[i])
- return (-1);
- if (v1->ctx_prefix[i] > v2->ctx_prefix[i])
- return (1);
- }
- if (v1->sec_model < v2->sec_model)
- return (-1);
- if (v1->sec_model > v2->sec_model)
- return (1);
- if (v1->sec_level < v2->sec_level)
- return (-1);
- if (v1->sec_level > v2->sec_level)
- return (1);
- return (0);
- }
- struct vacm_access *
- vacm_new_access_rule(char *gname, char *cprefix, int32_t smodel, int32_t slevel)
- {
- struct vacm_group *group;
- struct vacm_access *acl, *temp;
- TAILQ_FOREACH(acl, &vacm_accesslist, vva) {
- if (acl->group == NULL)
- continue;
- if (strcmp(gname, acl->group->groupname) == 0 &&
- strcmp(cprefix, acl->ctx_prefix) == 0 &&
- acl->sec_model == smodel && acl->sec_level == slevel)
- return (NULL);
- }
- /* Make sure the group exists */
- SLIST_FOREACH(group, &vacm_grouplist, vge)
- if (strcmp(gname, group->groupname) == 0)
- break;
- if (group == NULL)
- return (NULL);
- if ((acl = (struct vacm_access *)malloc(sizeof(*acl))) == NULL)
- return (NULL);
- memset(acl, 0, sizeof(*acl));
- acl->group = group;
- strlcpy(acl->ctx_prefix, cprefix, sizeof(acl->ctx_prefix));
- acl->sec_model = smodel;
- acl->sec_level = slevel;
- if ((temp = TAILQ_FIRST(&vacm_accesslist)) == NULL ||
- vacm_compare_access_rule(acl, temp) < 0) {
- TAILQ_INSERT_HEAD(&vacm_accesslist, acl, vva);
- return (acl);
- }
- TAILQ_FOREACH(temp, &vacm_accesslist, vva)
- if (vacm_compare_access_rule(acl, temp) < 0) {
- TAILQ_INSERT_BEFORE(temp, acl, vva);
- return (acl);
- }
- TAILQ_INSERT_TAIL(&vacm_accesslist, acl, vva);
- return (acl);
- }
- int
- vacm_delete_access_rule(struct vacm_access *acl)
- {
- TAILQ_REMOVE(&vacm_accesslist, acl, vva);
- free(acl);
- return (0);
- }
- struct vacm_view *
- vacm_first_view(void)
- {
- return (SLIST_FIRST(&vacm_viewlist));
- }
- struct vacm_view *
- vacm_next_view(struct vacm_view *view)
- {
- if (view == NULL)
- return (NULL);
- return (SLIST_NEXT(view, vvl));
- }
- static int
- vacm_compare_view(struct vacm_view *v1, struct vacm_view *v2)
- {
- uint32_t i;
- if (strlen(v1->viewname) < strlen(v2->viewname))
- return (-1);
- if (strlen(v1->viewname) > strlen(v2->viewname))
- return (1);
- for (i = 0; i < strlen(v1->viewname); i++) {
- if (v1->viewname[i] < v2->viewname[i])
- return (-1);
- if (v1->viewname[i] > v2->viewname[i])
- return (1);
- }
- return (asn_compare_oid(&v1->subtree, &v2->subtree));
- }
- struct vacm_view *
- vacm_new_view(char *vname, struct asn_oid *oid)
- {
- int cmp;
- struct vacm_view *view, *temp, *prev;
- SLIST_FOREACH(view, &vacm_viewlist, vvl)
- if (strcmp(vname, view->viewname) == 0)
- return (NULL);
- if ((view = (struct vacm_view *)malloc(sizeof(*view))) == NULL)
- return (NULL);
- memset(view, 0, sizeof(*view));
- strlcpy(view->viewname, vname, sizeof(view->viewname));
- asn_append_oid(&view->subtree, oid);
- if ((prev = SLIST_FIRST(&vacm_viewlist)) == NULL ||
- vacm_compare_view(view, prev) < 0) {
- SLIST_INSERT_HEAD(&vacm_viewlist, view, vvl);
- return (view);
- }
- SLIST_FOREACH(temp, &vacm_viewlist, vvl) {
- if ((cmp = vacm_compare_view(view, temp)) <= 0)
- break;
- prev = temp;
- }
- if (temp == NULL || cmp < 0)
- SLIST_INSERT_AFTER(prev, view, vvl);
- else if (cmp > 0)
- SLIST_INSERT_AFTER(temp, view, vvl);
- else {
- syslog(LOG_ERR, "View %s exists", view->viewname);
- free(view);
- return (NULL);
- }
- return (view);
- }
- int
- vacm_delete_view(struct vacm_view *view)
- {
- SLIST_REMOVE(&vacm_viewlist, view, vacm_view, vvl);
- free(view);
- return (0);
- }
- struct vacm_context *
- vacm_first_context(void)
- {
- return (SLIST_FIRST(&vacm_contextlist));
- }
- struct vacm_context *
- vacm_next_context(struct vacm_context *vacmctx)
- {
- if (vacmctx == NULL)
- return (NULL);
- return (SLIST_NEXT(vacmctx, vcl));
- }
- struct vacm_context *
- vacm_add_context(char *ctxname, int regid)
- {
- int cmp;
- struct vacm_context *ctx, *temp, *prev;
- SLIST_FOREACH(ctx, &vacm_contextlist, vcl)
- if (strcmp(ctxname, ctx->ctxname) == 0) {
- syslog(LOG_ERR, "Context %s exists", ctx->ctxname);
- return (NULL);
- }
- if ((ctx = (struct vacm_context *)malloc(sizeof(*ctx))) == NULL)
- return (NULL);
- memset(ctx, 0, sizeof(*ctx));
- strlcpy(ctx->ctxname, ctxname, sizeof(ctx->ctxname));
- ctx->regid = regid;
- if ((prev = SLIST_FIRST(&vacm_contextlist)) == NULL ||
- strlen(ctx->ctxname) < strlen(prev->ctxname) ||
- strcmp(ctx->ctxname, prev->ctxname) < 0) {
- SLIST_INSERT_HEAD(&vacm_contextlist, ctx, vcl);
- return (ctx);
- }
- SLIST_FOREACH(temp, &vacm_contextlist, vcl) {
- if (strlen(ctx->ctxname) < strlen(temp->ctxname) ||
- strcmp(ctx->ctxname, temp->ctxname) < 0) {
- cmp = -1;
- break;
- }
- prev = temp;
- }
- if (temp == NULL || cmp < 0)
- SLIST_INSERT_AFTER(prev, ctx, vcl);
- else if (cmp > 0)
- SLIST_INSERT_AFTER(temp, ctx, vcl);
- else {
- syslog(LOG_ERR, "Context %s exists", ctx->ctxname);
- free(ctx);
- return (NULL);
- }
- return (ctx);
- }
- void
- vacm_flush_contexts(int regid)
- {
- struct vacm_context *ctx, *temp;
- SLIST_FOREACH_SAFE(ctx, &vacm_contextlist, vcl, temp)
- if (ctx->regid == regid) {
- SLIST_REMOVE(&vacm_contextlist, ctx, vacm_context, vcl);
- free(ctx);
- }
- }