/src/net-snmp/snmplib/transports/snmpUDPDomain.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* Portions of this file are subject to the following copyright(s). See |
2 | | * the Net-SNMP's COPYING file for more details and other copyrights |
3 | | * that may apply: |
4 | | */ |
5 | | /* |
6 | | * Portions of this file are copyrighted by: |
7 | | * Copyright Copyright 2003 Sun Microsystems, Inc. All rights reserved. |
8 | | * Use is subject to license terms specified in the COPYING file |
9 | | * distributed with the Net-SNMP package. |
10 | | * |
11 | | * Portions of this file are copyrighted by: |
12 | | * Copyright (c) 2016 VMware, Inc. All rights reserved. |
13 | | * Use is subject to license terms specified in the COPYING file |
14 | | * distributed with the Net-SNMP package. |
15 | | */ |
16 | | |
17 | | #include <net-snmp/net-snmp-config.h> |
18 | | |
19 | | #include <net-snmp/types.h> |
20 | | #include "snmpIPBaseDomain.h" |
21 | | #include <net-snmp/library/snmpUDPDomain.h> |
22 | | #include <net-snmp/library/snmpUDPIPv4BaseDomain.h> |
23 | | |
24 | | #include <stddef.h> |
25 | | #include <stdio.h> |
26 | | #include <sys/types.h> |
27 | | #include <ctype.h> |
28 | | #include <errno.h> |
29 | | |
30 | | #ifdef HAVE_STRING_H |
31 | | #include <string.h> |
32 | | #else |
33 | | #include <strings.h> |
34 | | #endif |
35 | | #ifdef HAVE_STDLIB_H |
36 | | #include <stdlib.h> |
37 | | #endif |
38 | | #ifdef HAVE_UNISTD_H |
39 | | #include <unistd.h> |
40 | | #endif |
41 | | #ifdef HAVE_SYS_SOCKET_H |
42 | | #include <sys/socket.h> |
43 | | #endif |
44 | | #ifdef HAVE_NETINET_IN_H |
45 | | #include <netinet/in.h> |
46 | | #endif |
47 | | #ifdef HAVE_ARPA_INET_H |
48 | | #include <arpa/inet.h> |
49 | | #endif |
50 | | #ifdef HAVE_NETDB_H |
51 | | #include <netdb.h> |
52 | | #endif |
53 | | #ifdef HAVE_NETGROUP_H |
54 | | #include <netgroup.h> |
55 | | #endif |
56 | | #ifdef HAVE_SYS_UIO_H |
57 | | #include <sys/uio.h> |
58 | | #endif |
59 | | |
60 | | #include <net-snmp/types.h> |
61 | | #include <net-snmp/output_api.h> |
62 | | #include <net-snmp/config_api.h> |
63 | | |
64 | | #include <net-snmp/library/snmp_impl.h> |
65 | | #include <net-snmp/library/snmp_transport.h> |
66 | | #include <net-snmp/library/snmpSocketBaseDomain.h> |
67 | | #include <net-snmp/library/system.h> |
68 | | #include <net-snmp/library/tools.h> |
69 | | |
70 | | #include "inet_ntop.h" |
71 | | #include "inet_pton.h" |
72 | | |
73 | | #ifndef INADDR_NONE |
74 | | #define INADDR_NONE -1 |
75 | | #endif |
76 | | |
77 | | #ifndef INET_ADDRSTRLEN |
78 | | #define INET_ADDRSTRLEN 16 |
79 | | #endif |
80 | | |
81 | | static netsnmp_tdomain udpDomain; |
82 | | |
83 | | /* |
84 | | * needs to be in sync with the definitions in snmplib/snmpTCPDomain.c |
85 | | * and perl/agent/agent.xs |
86 | | */ |
87 | | typedef netsnmp_indexed_addr_pair netsnmp_udp_addr_pair; |
88 | | |
89 | | /* |
90 | | * Return a string representing the address in data, or else the "far end" |
91 | | * address if data is NULL. |
92 | | */ |
93 | | |
94 | | char * |
95 | | netsnmp_udp_fmtaddr(netsnmp_transport *t, const void *data, int len) |
96 | 0 | { |
97 | 0 | return netsnmp_ipv4_fmtaddr("UDP", t, data, len); |
98 | 0 | } |
99 | | |
100 | | static int |
101 | | netsnmp_udp_resolve_source(char *source, struct in_addr *network, |
102 | | struct in_addr *mask) |
103 | 450 | { |
104 | | /* Split the source/netmask parts */ |
105 | 450 | char *strmask = strchr(source, '/'); |
106 | 450 | if (strmask != NULL) |
107 | | /* Mask given. */ |
108 | 256 | *strmask++ = '\0'; |
109 | | |
110 | | /* Try interpreting as a dotted quad. */ |
111 | 450 | if (inet_pton(AF_INET, source, network) == 0) { |
112 | | /* Nope, wasn't a dotted quad. Must be a hostname. */ |
113 | 446 | int ret = netsnmp_gethostbyname_v4(source, &(network->s_addr)); |
114 | 446 | if (ret < 0) { |
115 | 219 | config_perror("cannot resolve source hostname"); |
116 | 219 | return ret; |
117 | 219 | } |
118 | 446 | } |
119 | | |
120 | | /* Now work out the mask. */ |
121 | 231 | if (strmask == NULL || *strmask == '\0') { |
122 | | /* No mask was given. Assume /32 */ |
123 | 14 | mask->s_addr = (in_addr_t)(~0UL); |
124 | 217 | } else { |
125 | | /* Try to interpret mask as a "number of 1 bits". */ |
126 | 217 | char* cp; |
127 | 217 | long maskLen = strtol(strmask, &cp, 10); |
128 | 217 | if (*cp == '\0') { |
129 | 203 | if (0 < maskLen && maskLen <= 32) |
130 | 34 | mask->s_addr = htonl((in_addr_t)(~0UL << (32 - maskLen))); |
131 | 169 | else if (maskLen == 0) |
132 | 17 | mask->s_addr = 0; |
133 | 152 | else { |
134 | 152 | config_perror("bad mask length"); |
135 | 152 | return -1; |
136 | 152 | } |
137 | 203 | } |
138 | | /* Try to interpret mask as a dotted quad. */ |
139 | 14 | else if (inet_pton(AF_INET, strmask, mask) == 0) { |
140 | 12 | config_perror("bad mask"); |
141 | 12 | return -1; |
142 | 12 | } |
143 | | |
144 | | /* Check that the network and mask are consistent. */ |
145 | 53 | if (network->s_addr & ~mask->s_addr) { |
146 | 47 | config_perror("source/mask mismatch"); |
147 | 47 | return -1; |
148 | 47 | } |
149 | 53 | } |
150 | 20 | return 0; |
151 | 231 | } |
152 | | |
153 | | #if defined(HAVE_IP_PKTINFO) || (defined(HAVE_IP_RECVDSTADDR) && defined(HAVE_IP_SENDSRCADDR)) |
154 | | |
155 | | int netsnmp_udp_recvfrom(int s, void *buf, int len, struct sockaddr *from, socklen_t *fromlen, struct sockaddr *dstip, socklen_t *dstlen, int *if_index) |
156 | 0 | { |
157 | | /** udpipv4 just calls udpbase. should we skip directly to there? */ |
158 | 0 | return netsnmp_udpipv4_recvfrom(s, buf, len, from, fromlen, dstip, dstlen, |
159 | 0 | if_index); |
160 | 0 | } |
161 | | |
162 | | int netsnmp_udp_sendto(int fd, const struct in_addr *srcip, int if_index, |
163 | | const struct sockaddr *remote, const void *data, int len) |
164 | 0 | { |
165 | | /** udpipv4 just calls udpbase. should we skip directly to there? */ |
166 | 0 | return netsnmp_udpipv4_sendto(fd, srcip, if_index, remote, data, len); |
167 | 0 | } |
168 | | #endif /* HAVE_IP_PKTINFO || HAVE_IP_RECVDSTADDR */ |
169 | | |
170 | | /* |
171 | | * Common initialization of udp transport. |
172 | | */ |
173 | | |
174 | | static netsnmp_transport * |
175 | | netsnmp_udp_transport_base(netsnmp_transport *t) |
176 | 3.39k | { |
177 | 3.39k | if (NULL == t) { |
178 | 0 | return NULL; |
179 | 0 | } |
180 | | |
181 | | /* |
182 | | * Set Domain |
183 | | */ |
184 | | |
185 | 3.39k | t->domain = netsnmpUDPDomain; |
186 | 3.39k | t->domain_length = netsnmpUDPDomain_len; |
187 | | |
188 | | /* |
189 | | * 16-bit length field, 8 byte UDP header, 20 byte IPv4 header |
190 | | */ |
191 | | |
192 | 3.39k | t->msgMaxSize = 0xffff - 8 - 20; |
193 | 3.39k | t->f_recv = netsnmp_udpbase_recv; |
194 | 3.39k | t->f_send = netsnmp_udpbase_send; |
195 | 3.39k | t->f_close = netsnmp_socketbase_close; |
196 | 3.39k | t->f_accept = NULL; |
197 | 3.39k | t->f_setup_session = netsnmp_ipbase_session_init; |
198 | 3.39k | t->f_fmtaddr = netsnmp_udp_fmtaddr; |
199 | 3.39k | t->f_get_taddr = netsnmp_ipv4_get_taddr; |
200 | | |
201 | 3.39k | return t; |
202 | 3.39k | } |
203 | | |
204 | | /* |
205 | | * Open a UDP-based transport for SNMP. Local is TRUE if addr is the local |
206 | | * address to bind to (i.e. this is a server-type session); otherwise addr is |
207 | | * the remote address to send things to. |
208 | | */ |
209 | | netsnmp_transport * |
210 | | netsnmp_udp_transport(const struct netsnmp_ep *ep, int local) |
211 | 0 | { |
212 | 0 | netsnmp_transport *t = NULL; |
213 | |
|
214 | 0 | t = netsnmp_udpipv4base_transport(ep, local); |
215 | 0 | if (NULL != t) { |
216 | 0 | netsnmp_udp_transport_base(t); |
217 | 0 | } |
218 | 0 | return t; |
219 | 0 | } |
220 | | |
221 | | /* |
222 | | * Open a UDP-based transport for SNMP. Local is TRUE if addr is the local |
223 | | * address to bind to (i.e. this is a server-type session); otherwise addr is |
224 | | * the remote address to send things to and src_addr is the optional addr |
225 | | * to send from. |
226 | | */ |
227 | | netsnmp_transport * |
228 | | netsnmp_udp_transport_with_source(const struct netsnmp_ep *ep, int local, |
229 | | const struct netsnmp_ep *src_addr) |
230 | | |
231 | 0 | { |
232 | 0 | netsnmp_transport *t = NULL; |
233 | |
|
234 | 0 | t = netsnmp_udpipv4base_transport_with_source(ep, local, src_addr); |
235 | 0 | if (NULL != t) { |
236 | 0 | netsnmp_udp_transport_base(t); |
237 | 0 | } |
238 | 0 | return t; |
239 | 0 | } |
240 | | #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
241 | | /* |
242 | | * The following functions provide the "com2sec" configuration token |
243 | | * functionality for compatibility. |
244 | | */ |
245 | | |
246 | 1.09k | #define EXAMPLE_NETWORK "NETWORK" |
247 | 633 | #define EXAMPLE_COMMUNITY "COMMUNITY" |
248 | | |
249 | | struct com2SecEntry_s { |
250 | | const char *secName; |
251 | | const char *contextName; |
252 | | struct com2SecEntry_s *next; |
253 | | in_addr_t network; |
254 | | in_addr_t mask; |
255 | | int negate; |
256 | | const char community[1]; |
257 | | }; |
258 | | |
259 | | static com2SecEntry *com2SecList = NULL, *com2SecListLast = NULL; |
260 | | |
261 | | int |
262 | | netsnmp_udp_com2SecEntry_create(com2SecEntry **entryp, const char *community, |
263 | | const char *secName, const char *contextName, |
264 | | struct in_addr *network, struct in_addr *mask, |
265 | | int negate) |
266 | 28 | { |
267 | 28 | int communityLen, secNameLen, contextNameLen, len; |
268 | 28 | com2SecEntry* e; |
269 | 28 | char* last; |
270 | 28 | struct in_addr dflt_network, dflt_mask; |
271 | | |
272 | 28 | if (NULL != entryp) |
273 | 0 | *entryp = NULL; |
274 | | |
275 | 28 | if (NULL == community || NULL == secName) |
276 | 0 | return C2SE_ERR_MISSING_ARG; |
277 | | |
278 | 28 | if (NULL == network) { |
279 | 0 | network = &dflt_network; |
280 | 0 | dflt_network.s_addr = 0; |
281 | 0 | } |
282 | 28 | if (NULL == mask) { |
283 | 0 | mask = &dflt_mask; |
284 | 0 | dflt_mask.s_addr = 0; |
285 | 0 | } |
286 | | |
287 | | /** Check that the network and mask are consistent. */ |
288 | 28 | if (network->s_addr & ~mask->s_addr) |
289 | 0 | return C2SE_ERR_MASK_MISMATCH; |
290 | | |
291 | 28 | communityLen = strlen(community); |
292 | 28 | if (communityLen > COMMUNITY_MAX_LEN) |
293 | 0 | return C2SE_ERR_COMMUNITY_TOO_LONG; |
294 | | |
295 | 28 | secNameLen = strlen(secName); |
296 | 28 | if (secNameLen > VACM_MAX_STRING) |
297 | 4 | return C2SE_ERR_SECNAME_TOO_LONG; |
298 | | |
299 | 24 | contextNameLen = contextName ? strlen(contextName) : 0; |
300 | 24 | if (contextNameLen > VACM_MAX_STRING) |
301 | 1 | return C2SE_ERR_CONTEXT_TOO_LONG; |
302 | | |
303 | | /** alloc space for struct + 3 strings with NULLs */ |
304 | 23 | len = offsetof(com2SecEntry, community) + communityLen + secNameLen + |
305 | 23 | contextNameLen + 3; |
306 | 23 | e = calloc(len, 1); |
307 | 23 | if (e == NULL) |
308 | 0 | return C2SE_ERR_MEMORY; |
309 | 23 | last = ((char*)e) + offsetof(com2SecEntry, community); |
310 | | |
311 | 23 | DEBUGIF("netsnmp_udp_parse_security") { |
312 | 0 | char buf1[INET_ADDRSTRLEN]; |
313 | 0 | char buf2[INET_ADDRSTRLEN]; |
314 | 0 | DEBUGMSGTL(("netsnmp_udp_parse_security", |
315 | 0 | "<\"%s\", %s/%s> => \"%s\"\n", community, |
316 | 0 | inet_ntop(AF_INET, network, buf1, sizeof(buf1)), |
317 | 0 | inet_ntop(AF_INET, mask, buf2, sizeof(buf2)), |
318 | 0 | secName)); |
319 | 0 | } |
320 | | |
321 | 23 | memcpy(last, community, communityLen); |
322 | 23 | last += communityLen + 1; |
323 | 23 | memcpy(last, secName, secNameLen); |
324 | 23 | e->secName = last; |
325 | 23 | last += secNameLen + 1; |
326 | 23 | if (contextNameLen) { |
327 | 7 | memcpy(last, contextName, contextNameLen); |
328 | 7 | e->contextName = last; |
329 | 7 | } else |
330 | 16 | e->contextName = last - 1; |
331 | 23 | e->network = network->s_addr; |
332 | 23 | e->mask = mask->s_addr; |
333 | 23 | e->negate = negate; |
334 | 23 | e->next = NULL; |
335 | | |
336 | 23 | if (com2SecListLast != NULL) { |
337 | 22 | com2SecListLast->next = e; |
338 | 22 | com2SecListLast = e; |
339 | 22 | } else { |
340 | 1 | com2SecListLast = com2SecList = e; |
341 | 1 | } |
342 | | |
343 | 23 | if (NULL != entryp) |
344 | 0 | *entryp = e; |
345 | | |
346 | 23 | return C2SE_ERR_SUCCESS; |
347 | 23 | } |
348 | | |
349 | | void |
350 | | netsnmp_udp_com2SecEntry_check_return_code(int rc) |
351 | 28 | { |
352 | | /* |
353 | | * Check return code of the newly created com2Sec entry. |
354 | | */ |
355 | 28 | switch(rc) { |
356 | 23 | case C2SE_ERR_SUCCESS: |
357 | 23 | break; |
358 | 1 | case C2SE_ERR_CONTEXT_TOO_LONG: |
359 | 1 | config_perror("context name too long"); |
360 | 1 | break; |
361 | 0 | case C2SE_ERR_COMMUNITY_TOO_LONG: |
362 | 0 | config_perror("community name too long"); |
363 | 0 | break; |
364 | 4 | case C2SE_ERR_SECNAME_TOO_LONG: |
365 | 4 | config_perror("security name too long"); |
366 | 4 | break; |
367 | 0 | case C2SE_ERR_MASK_MISMATCH: |
368 | 0 | config_perror("source/mask mismatch"); |
369 | 0 | break; |
370 | 0 | case C2SE_ERR_MISSING_ARG: |
371 | 0 | default: |
372 | 0 | config_perror("unexpected error; could not create com2SecEntry"); |
373 | 28 | } |
374 | 28 | } |
375 | | |
376 | | #if defined(HAVE_ENDNETGRENT) && defined(HAVE_GETNETGRENT) |
377 | | int netsnmp_parse_source_as_netgroup(const char *sourcep, const char *community, |
378 | | const char *secName, const char *contextName, int negate) |
379 | 454 | { |
380 | 454 | const char *netgroup = sourcep+1; |
381 | 454 | char *host, *user, *domain; |
382 | 454 | struct in_addr network, mask; |
383 | 454 | int rc; |
384 | | |
385 | | /* Without '@' it has to be an address or hostname */ |
386 | 454 | if (*sourcep != '@') |
387 | 450 | return 0; |
388 | | |
389 | | /* Interpret as netgroup */ |
390 | 4 | #ifdef SETNETGRENT_RETURNS_INT |
391 | 4 | if (!setnetgrent(netgroup)) { |
392 | 4 | config_perror("netgroup could not be found"); |
393 | 4 | return 1; |
394 | 4 | } |
395 | | #else |
396 | | setnetgrent(netgroup); |
397 | | #endif |
398 | 0 | while (getnetgrent(&host, &user, &domain)) { |
399 | | /* Parse source address and network mask for each netgroup host. */ |
400 | 0 | if (netsnmp_udp_resolve_source(host, &network, &mask) == 0) { |
401 | | /* Create a new com2Sec entry. */ |
402 | 0 | rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, |
403 | 0 | &network, &mask, negate); |
404 | 0 | netsnmp_udp_com2SecEntry_check_return_code(rc); |
405 | 0 | } else { |
406 | 0 | config_perror("netgroup host address parsing issue"); |
407 | 0 | break; |
408 | 0 | } |
409 | 0 | } |
410 | 0 | endnetgrent(); |
411 | 0 | return 1; |
412 | 4 | } |
413 | | #else |
414 | | int netsnmp_parse_source_as_netgroup(const char *sourcep, const char *community, |
415 | | const char *secName, const char *contextName, int negate) |
416 | | { |
417 | | return 0; |
418 | | } |
419 | | #endif |
420 | | |
421 | | void |
422 | | netsnmp_udp_parse_security(const char *token, char *param) |
423 | 742 | { |
424 | | /** copy_nword does null term, so we need vars of max size + 2. */ |
425 | | /** (one for null, one to detect param too long */ |
426 | 742 | char secName[VACMSTRINGLEN]; /* == VACM_MAX_STRING + 2 */ |
427 | 742 | char contextName[VACMSTRINGLEN]; |
428 | 742 | char community[COMMUNITY_MAX_LEN + 2]; |
429 | 742 | char source[271]; /* !(1)+dns-name(253)+/(1)+mask(15)+\0(1) */ |
430 | 742 | char *sourcep; |
431 | 742 | struct in_addr network, mask; |
432 | 742 | int negate; |
433 | 742 | int rc; |
434 | | |
435 | | /* |
436 | | * Get security, source address/netmask and community strings. |
437 | | */ |
438 | | |
439 | 742 | param = copy_nword( param, secName, sizeof(secName)); |
440 | 742 | if (strcmp(secName, "-Cn") == 0) { |
441 | 20 | if (!param) { |
442 | 2 | config_perror("missing CONTEXT_NAME parameter"); |
443 | 2 | return; |
444 | 2 | } |
445 | 18 | param = copy_nword( param, contextName, sizeof(contextName)); |
446 | 18 | if (!param) { |
447 | 3 | config_perror("missing NAME parameter"); |
448 | 3 | return; |
449 | 3 | } |
450 | 15 | param = copy_nword( param, secName, sizeof(secName)); |
451 | 15 | } else |
452 | 722 | contextName[0] = '\0'; |
453 | | |
454 | 737 | if (secName[0] == '\0') { |
455 | 59 | config_perror("empty NAME parameter"); |
456 | 59 | return; |
457 | 59 | } |
458 | | |
459 | 678 | if (!param) { |
460 | 125 | config_perror("missing SOURCE parameter"); |
461 | 125 | return; |
462 | 125 | } |
463 | 553 | param = copy_nword( param, source, sizeof(source)); |
464 | 553 | if (source[0] == '\0') { |
465 | 7 | config_perror("empty SOURCE parameter"); |
466 | 7 | return; |
467 | 7 | } |
468 | 546 | if (strncmp(source, EXAMPLE_NETWORK, strlen(EXAMPLE_NETWORK)) == 0) { |
469 | 6 | config_perror("example config NETWORK not properly configured"); |
470 | 6 | return; |
471 | 6 | } |
472 | | |
473 | 540 | if (!param) { |
474 | 69 | config_perror("missing COMMUNITY parameter"); |
475 | 69 | return; |
476 | 69 | } |
477 | 471 | param = copy_nword( param, community, sizeof(community)); |
478 | 471 | if (community[0] == '\0') { |
479 | 6 | config_perror("empty COMMUNITY parameter"); |
480 | 6 | return; |
481 | 6 | } |
482 | 465 | if ((strlen(community) + 1) == sizeof(EXAMPLE_COMMUNITY) && |
483 | 465 | memcmp(community, EXAMPLE_COMMUNITY, sizeof(EXAMPLE_COMMUNITY)) == 0) { |
484 | 3 | config_perror("example config COMMUNITY not properly configured"); |
485 | 3 | return; |
486 | 3 | } |
487 | | |
488 | | /* Deal with the "default" case first. */ |
489 | 462 | if (strcmp(source, "default") == 0) { |
490 | 8 | network.s_addr = 0; |
491 | 8 | mask.s_addr = 0; |
492 | 8 | negate = 0; |
493 | | /* Create a new com2Sec entry. */ |
494 | 8 | rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, |
495 | 8 | &network, &mask, negate); |
496 | 8 | netsnmp_udp_com2SecEntry_check_return_code(rc); |
497 | 454 | } else { |
498 | 454 | if (*source == '!') { |
499 | 20 | negate = 1; |
500 | 20 | sourcep = source + 1; |
501 | 434 | } else { |
502 | 434 | negate = 0; |
503 | 434 | sourcep = source; |
504 | 434 | } |
505 | 454 | if (!netsnmp_parse_source_as_netgroup(sourcep, community, secName, |
506 | 454 | contextName, negate)) { |
507 | | /* Parse source address and network mask. */ |
508 | 450 | if (netsnmp_udp_resolve_source(sourcep, &network, &mask) == 0) { |
509 | | /* Create a new com2Sec entry. */ |
510 | 20 | rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName, |
511 | 20 | &network, &mask, negate); |
512 | 20 | netsnmp_udp_com2SecEntry_check_return_code(rc); |
513 | 20 | } |
514 | 450 | } |
515 | 454 | } |
516 | 462 | } |
517 | | |
518 | | void |
519 | | netsnmp_udp_com2Sec_free(com2SecEntry *e) |
520 | 0 | { |
521 | 0 | free(e); |
522 | 0 | } |
523 | | |
524 | | int |
525 | | netsnmp_udp_com2SecList_remove(com2SecEntry *e) |
526 | 0 | { |
527 | 0 | com2SecEntry *c = com2SecList, *p = NULL; |
528 | 0 | for (; c != NULL; p = c, c = c->next) { |
529 | 0 | if (e == c) |
530 | 0 | break; |
531 | 0 | } |
532 | 0 | if (NULL == c) |
533 | 0 | return 1; |
534 | | |
535 | 0 | if (NULL == p) |
536 | 0 | com2SecList = e->next; |
537 | 0 | else |
538 | 0 | p->next = e->next; |
539 | 0 | e->next = NULL; |
540 | |
|
541 | 0 | if (e == com2SecListLast) |
542 | 0 | com2SecListLast = p; |
543 | |
|
544 | 0 | return 0; |
545 | 0 | } |
546 | | |
547 | | void |
548 | | netsnmp_udp_com2SecList_free(void) |
549 | 6.79k | { |
550 | 6.79k | com2SecEntry *e = com2SecList; |
551 | 6.79k | while (e != NULL) { |
552 | 0 | com2SecEntry *tmp = e; |
553 | 0 | e = e->next; |
554 | 0 | netsnmp_udp_com2Sec_free(tmp); |
555 | 0 | } |
556 | 6.79k | com2SecList = com2SecListLast = NULL; |
557 | 6.79k | } |
558 | | #endif /* support for community based SNMP */ |
559 | | |
560 | | void |
561 | | netsnmp_udp_agent_config_tokens_register(void) |
562 | 3.39k | { |
563 | 3.39k | #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
564 | 3.39k | register_app_config_handler("com2sec", netsnmp_udp_parse_security, |
565 | 3.39k | netsnmp_udp_com2SecList_free, |
566 | 3.39k | "[-Cn CONTEXT] secName IPv4-network-address[/netmask] community"); |
567 | 3.39k | #endif /* support for community based SNMP */ |
568 | 3.39k | } |
569 | | |
570 | | |
571 | | |
572 | | /* |
573 | | * Return 0 if there are no com2sec entries, or return 1 if there ARE com2sec |
574 | | * entries. On return, if a com2sec entry matched the passed parameters, |
575 | | * then *secName points at the appropriate security name, or is NULL if the |
576 | | * parameters did not match any com2sec entry. |
577 | | */ |
578 | | |
579 | | #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
580 | | int |
581 | | netsnmp_udp_getSecName(void *opaque, int olength, |
582 | | const char *community, |
583 | | size_t community_len, const char **secName, |
584 | | const char **contextName) |
585 | 0 | { |
586 | 0 | const com2SecEntry *c; |
587 | 0 | netsnmp_udp_addr_pair *addr_pair = (netsnmp_udp_addr_pair *) opaque; |
588 | 0 | struct sockaddr_in *from = (struct sockaddr_in *) &(addr_pair->remote_addr); |
589 | 0 | char *ztcommunity = NULL; |
590 | |
|
591 | 0 | if (secName != NULL) { |
592 | 0 | *secName = NULL; /* Haven't found anything yet */ |
593 | 0 | } |
594 | | |
595 | | /* |
596 | | * Special case if there are NO entries (as opposed to no MATCHING |
597 | | * entries). |
598 | | */ |
599 | |
|
600 | 0 | if (com2SecList == NULL) { |
601 | 0 | DEBUGMSGTL(("netsnmp_udp_getSecName", "no com2sec entries\n")); |
602 | 0 | return 0; |
603 | 0 | } |
604 | | |
605 | | /* |
606 | | * If there is no IPv4 source address, then there can be no valid security |
607 | | * name. |
608 | | */ |
609 | | |
610 | 0 | DEBUGMSGTL(("netsnmp_udp_getSecName", "opaque = %p (len = %d), sizeof = %d, family = %d (%d)\n", |
611 | 0 | opaque, olength, (int)sizeof(netsnmp_udp_addr_pair), from->sin_family, AF_INET)); |
612 | 0 | if (opaque == NULL || olength != sizeof(netsnmp_udp_addr_pair) || |
613 | 0 | from->sin_family != AF_INET) { |
614 | 0 | DEBUGMSGTL(("netsnmp_udp_getSecName", |
615 | 0 | "no IPv4 source address in PDU?\n")); |
616 | 0 | return 1; |
617 | 0 | } |
618 | | |
619 | 0 | DEBUGIF("netsnmp_udp_getSecName") { |
620 | 0 | ztcommunity = (char *)malloc(community_len + 1); |
621 | 0 | if (ztcommunity != NULL) { |
622 | 0 | memcpy(ztcommunity, community, community_len); |
623 | 0 | ztcommunity[community_len] = '\0'; |
624 | 0 | } |
625 | |
|
626 | 0 | DEBUGMSGTL(("netsnmp_udp_getSecName", "resolve <\"%s\", 0x%08lx>\n", |
627 | 0 | ztcommunity ? ztcommunity : "<malloc error>", |
628 | 0 | (unsigned long)(from->sin_addr.s_addr))); |
629 | 0 | } |
630 | |
|
631 | 0 | for (c = com2SecList; c != NULL; c = c->next) { |
632 | 0 | { |
633 | 0 | char buf1[INET_ADDRSTRLEN]; |
634 | 0 | char buf2[INET_ADDRSTRLEN]; |
635 | 0 | DEBUGMSGTL(("netsnmp_udp_getSecName","compare <\"%s\", %s/%s>", |
636 | 0 | c->community, |
637 | 0 | inet_ntop(AF_INET, &c->network, buf1, sizeof(buf1)), |
638 | 0 | inet_ntop(AF_INET, &c->mask, buf2, sizeof(buf2)))); |
639 | 0 | } |
640 | 0 | if ((community_len == strlen(c->community)) && |
641 | 0 | (memcmp(community, c->community, community_len) == 0) && |
642 | 0 | ((from->sin_addr.s_addr & c->mask) == c->network)) { |
643 | 0 | DEBUGMSG(("netsnmp_udp_getSecName", "... SUCCESS\n")); |
644 | 0 | if (c->negate) { |
645 | | /* |
646 | | * If we matched a negative entry, then we are done - claim that we |
647 | | * matched nothing. |
648 | | */ |
649 | 0 | DEBUGMSG(("netsnmp_udp_getSecName", "... <negative entry>\n")); |
650 | 0 | break; |
651 | 0 | } |
652 | 0 | if (secName != NULL) { |
653 | 0 | *secName = c->secName; |
654 | 0 | *contextName = c->contextName; |
655 | 0 | } |
656 | 0 | break; |
657 | 0 | } |
658 | 0 | DEBUGMSG(("netsnmp_udp_getSecName", "... nope\n")); |
659 | 0 | } |
660 | 0 | if (ztcommunity != NULL) { |
661 | 0 | free(ztcommunity); |
662 | 0 | } |
663 | 0 | return 1; |
664 | 0 | } |
665 | | #endif /* support for community based SNMP */ |
666 | | |
667 | | |
668 | | netsnmp_transport * |
669 | | netsnmp_udp_create_tstring(const char *str, int local, |
670 | | const char *default_target) |
671 | 0 | { |
672 | 0 | struct netsnmp_ep addr; |
673 | |
|
674 | 0 | if (netsnmp_sockaddr_in3(&addr, str, default_target)) { |
675 | 0 | return netsnmp_udp_transport(&addr, local); |
676 | 0 | } else { |
677 | 0 | return NULL; |
678 | 0 | } |
679 | 0 | } |
680 | | |
681 | | netsnmp_transport * |
682 | | netsnmp_udp_create_tspec(netsnmp_tdomain_spec *tspec) |
683 | 3.39k | { |
684 | 3.39k | netsnmp_transport *t = netsnmp_udpipv4base_tspec_transport(tspec); |
685 | 3.39k | if (NULL != t) { |
686 | 3.39k | netsnmp_udp_transport_base(t); |
687 | 3.39k | } |
688 | 3.39k | return t; |
689 | | |
690 | 3.39k | } |
691 | | |
692 | | netsnmp_transport * |
693 | | netsnmp_udp_create_ostring(const void *o, size_t o_len, int local) |
694 | 0 | { |
695 | 0 | struct netsnmp_ep ep; |
696 | |
|
697 | 0 | memset(&ep, 0, sizeof(ep)); |
698 | 0 | if (netsnmp_ipv4_ostring_to_sockaddr(&ep.a.sin, o, o_len)) |
699 | 0 | return netsnmp_udp_transport(&ep, local); |
700 | 0 | return NULL; |
701 | 0 | } |
702 | | |
703 | | |
704 | | void |
705 | | netsnmp_udp_ctor(void) |
706 | 4.15k | { |
707 | 4.15k | udpDomain.name = netsnmpUDPDomain; |
708 | 4.15k | udpDomain.name_length = netsnmpUDPDomain_len; |
709 | 4.15k | udpDomain.prefix = calloc(2, sizeof(char *)); |
710 | 4.15k | if (!udpDomain.prefix) { |
711 | 0 | snmp_log(LOG_ERR, "calloc() failed - out of memory\n"); |
712 | 0 | return; |
713 | 0 | } |
714 | 4.15k | udpDomain.prefix[0] = "udp"; |
715 | | |
716 | 4.15k | udpDomain.f_create_from_tstring_new = netsnmp_udp_create_tstring; |
717 | 4.15k | udpDomain.f_create_from_tspec = netsnmp_udp_create_tspec; |
718 | 4.15k | udpDomain.f_create_from_ostring = netsnmp_udp_create_ostring; |
719 | | |
720 | 4.15k | netsnmp_tdomain_register(&udpDomain); |
721 | 4.15k | } |