/src/net-snmp/snmplib/transports/snmpUDPIPv6Domain.c
Line | Count | Source |
1 | | /* |
2 | | * Portions of this file are copyrighted by: |
3 | | * Copyright (c) 2016 VMware, Inc. All rights reserved. |
4 | | * Use is subject to license terms specified in the COPYING file |
5 | | * distributed with the Net-SNMP package. |
6 | | */ |
7 | | #include <net-snmp/net-snmp-config.h> |
8 | | |
9 | | #include "snmpIPBaseDomain.h" |
10 | | #include <net-snmp/library/snmpUDPIPv6Domain.h> |
11 | | #include <net-snmp/library/system.h> |
12 | | |
13 | | #include <net-snmp/types.h> |
14 | | |
15 | | #ifdef NETSNMP_TRANSPORT_UDPIPV6_DOMAIN |
16 | | |
17 | | #ifdef _AIX |
18 | | #define MSG_DONTWAIT MSG_NONBLOCK |
19 | | #endif |
20 | | |
21 | | #include <stdio.h> |
22 | | #include <sys/types.h> |
23 | | #include <ctype.h> |
24 | | #include <errno.h> |
25 | | |
26 | | #ifdef HAVE_STRING_H |
27 | | #include <string.h> |
28 | | #else |
29 | | #include <strings.h> |
30 | | #endif |
31 | | #include <stddef.h> |
32 | | #ifdef HAVE_STDLIB_H |
33 | | #include <stdlib.h> |
34 | | #endif |
35 | | #ifdef HAVE_UNISTD_H |
36 | | #include <unistd.h> |
37 | | #endif |
38 | | #ifdef HAVE_SYS_SOCKET_H |
39 | | #include <sys/socket.h> |
40 | | #endif |
41 | | #ifdef HAVE_NETINET_IN_H |
42 | | #include <netinet/in.h> |
43 | | #endif |
44 | | #ifdef HAVE_ARPA_INET_H |
45 | | #include <arpa/inet.h> |
46 | | #endif |
47 | | #ifdef HAVE_NETDB_H |
48 | | #include <netdb.h> |
49 | | #endif |
50 | | #ifdef HAVE_NET_IF_H |
51 | | #include <net/if.h> |
52 | | #endif |
53 | | |
54 | | #ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY |
55 | | #define SS_FAMILY ss_family |
56 | | #elif defined(HAVE_STRUCT_SOCKADDR_STORAGE___SS_FAMILY) |
57 | | #define SS_FAMILY __ss_family |
58 | | #endif |
59 | | |
60 | | #include <net-snmp/types.h> |
61 | | #include <net-snmp/output_api.h> |
62 | | #include <net-snmp/config_api.h> |
63 | | |
64 | | #include <net-snmp/library/snmp_impl.h> |
65 | | #include <net-snmp/library/snmp_transport.h> |
66 | | #include <net-snmp/library/snmpSocketBaseDomain.h> |
67 | | #include <net-snmp/library/tools.h> |
68 | | #include <net-snmp/library/snmp_assert.h> |
69 | | |
70 | | #ifndef NETSNMP_NO_SYSTEMD |
71 | | #include <net-snmp/library/sd-daemon.h> |
72 | | #endif |
73 | | |
74 | | #include "inet_ntop.h" |
75 | | #include "inet_pton.h" |
76 | | |
77 | | const oid netsnmp_UDPIPv6Domain[] = { TRANSPORT_DOMAIN_UDP_IPV6 }; |
78 | | static netsnmp_tdomain udp6Domain; |
79 | | |
80 | | /* |
81 | | * Return a string representing the address in data, or else the "far end" |
82 | | * address if data is NULL. |
83 | | */ |
84 | | |
85 | | static char * |
86 | | netsnmp_udp6_fmtaddr(netsnmp_transport *t, const void *data, int len) |
87 | 0 | { |
88 | 0 | return netsnmp_ipv6_fmtaddr("UDP/IPv6", t, data, len); |
89 | 0 | } |
90 | | |
91 | | /* |
92 | | * You can write something into opaque that will subsequently get passed back |
93 | | * to your send function if you like. For instance, you might want to |
94 | | * remember where a PDU came from, so that you can send a reply there... |
95 | | */ |
96 | | |
97 | | static int |
98 | | netsnmp_udp6_recv(netsnmp_transport *t, void *buf, int size, |
99 | | void **opaque, int *olength) |
100 | 0 | { |
101 | 0 | int rc = -1; |
102 | 0 | socklen_t fromlen = sizeof(struct sockaddr_in6); |
103 | 0 | struct sockaddr *from; |
104 | |
|
105 | 0 | if (t != NULL && t->sock >= 0) { |
106 | 0 | from = (struct sockaddr *) malloc(sizeof(struct sockaddr_in6)); |
107 | 0 | if (from == NULL) { |
108 | 0 | *opaque = NULL; |
109 | 0 | *olength = 0; |
110 | 0 | return -1; |
111 | 0 | } else { |
112 | 0 | memset(from, 0, fromlen); |
113 | 0 | } |
114 | | |
115 | 0 | while (rc < 0) { |
116 | 0 | rc = recvfrom(t->sock, buf, size, 0, from, &fromlen); |
117 | 0 | if (rc < 0 && errno != EINTR) { |
118 | 0 | break; |
119 | 0 | } |
120 | 0 | } |
121 | |
|
122 | 0 | if (rc >= 0) { |
123 | 0 | DEBUGIF("netsnmp_udp6") { |
124 | 0 | char *str = netsnmp_udp6_fmtaddr(NULL, from, fromlen); |
125 | 0 | DEBUGMSGTL(("netsnmp_udp6", |
126 | 0 | "recvfrom fd %d got %d bytes (from %s)\n", t->sock, |
127 | 0 | rc, str)); |
128 | 0 | free(str); |
129 | 0 | } |
130 | 0 | } else { |
131 | 0 | DEBUGMSGTL(("netsnmp_udp6", "recvfrom fd %d err %d (\"%s\")\n", |
132 | 0 | t->sock, errno, strerror(errno))); |
133 | 0 | } |
134 | 0 | *opaque = (void *) from; |
135 | 0 | *olength = sizeof(struct sockaddr_in6); |
136 | 0 | } |
137 | 0 | return rc; |
138 | 0 | } |
139 | | |
140 | | |
141 | | |
142 | | static int |
143 | | netsnmp_udp6_send(netsnmp_transport *t, const void *buf, int size, |
144 | | void **opaque, int *olength) |
145 | 0 | { |
146 | 0 | int rc = -1; |
147 | 0 | const struct sockaddr *to = NULL; |
148 | |
|
149 | 0 | if (opaque != NULL && *opaque != NULL && |
150 | 0 | *olength == sizeof(struct sockaddr_in6)) { |
151 | 0 | to = (const struct sockaddr *) (*opaque); |
152 | 0 | } else if (t != NULL && t->data != NULL && |
153 | 0 | ((t->data_length == sizeof(struct sockaddr_in6)) || |
154 | 0 | (t->data_length == sizeof(netsnmp_indexed_addr_pair)))) { |
155 | 0 | to = (const struct sockaddr *) (t->data); |
156 | 0 | } |
157 | |
|
158 | 0 | if (to != NULL && t != NULL && t->sock >= 0) { |
159 | 0 | DEBUGIF("netsnmp_udp6") { |
160 | 0 | char *str = netsnmp_udp6_fmtaddr(NULL, to, |
161 | 0 | sizeof(struct sockaddr_in6)); |
162 | 0 | DEBUGMSGTL(("netsnmp_udp6", |
163 | 0 | "send %d bytes from %p to %s on fd %d\n", |
164 | 0 | size, buf, str, t->sock)); |
165 | 0 | free(str); |
166 | 0 | } |
167 | 0 | while (rc < 0) { |
168 | 0 | rc = sendto(t->sock, buf, size, 0, to,sizeof(struct sockaddr_in6)); |
169 | 0 | if (rc < 0 && errno != EINTR) { |
170 | 0 | break; |
171 | 0 | } |
172 | 0 | } |
173 | 0 | } |
174 | 0 | return rc; |
175 | 0 | } |
176 | | |
177 | | |
178 | | /* |
179 | | * Initialize a UDP/IPv6-based transport for SNMP. Local is TRUE if addr is the |
180 | | * local address to bind to (i.e. this is a server-type session); otherwise |
181 | | * addr is the remote address to send things to. |
182 | | */ |
183 | | |
184 | | netsnmp_transport * |
185 | | netsnmp_udp6_transport_init(const struct netsnmp_ep *ep, int flags) |
186 | 0 | { |
187 | 0 | const struct sockaddr_in6 *addr = &ep->a.sin6; |
188 | 0 | netsnmp_transport *t = NULL; |
189 | 0 | int local = flags & NETSNMP_TSPEC_LOCAL; |
190 | 0 | u_char *addr_ptr; |
191 | |
|
192 | | #ifdef NETSNMP_NO_LISTEN_SUPPORT |
193 | | if (local) |
194 | | return NULL; |
195 | | #endif /* NETSNMP_NO_LISTEN_SUPPORT */ |
196 | |
|
197 | 0 | if (addr == NULL || addr->sin6_family != AF_INET6) { |
198 | 0 | return NULL; |
199 | 0 | } |
200 | | |
201 | 0 | t = SNMP_MALLOC_TYPEDEF(netsnmp_transport); |
202 | 0 | if (t == NULL) { |
203 | 0 | return NULL; |
204 | 0 | } |
205 | | |
206 | 0 | t->sock = -1; |
207 | |
|
208 | 0 | addr_ptr = netsnmp_memdup(addr, sizeof(*addr)); |
209 | 0 | if (addr_ptr == NULL) { |
210 | 0 | free(t); |
211 | 0 | return NULL; |
212 | 0 | } |
213 | 0 | if (local) { |
214 | | /** This is a server session. */ |
215 | 0 | t->local_length = sizeof(*addr); |
216 | 0 | t->local = addr_ptr; |
217 | 0 | } else { |
218 | | /** This is a client session. */ |
219 | 0 | t->remote = addr_ptr; |
220 | 0 | t->remote_length = sizeof(*addr); |
221 | 0 | } |
222 | |
|
223 | 0 | DEBUGIF("netsnmp_udp6") { |
224 | 0 | char *str = netsnmp_udp6_fmtaddr(NULL, addr, sizeof(*addr)); |
225 | 0 | DEBUGMSGTL(("netsnmp_udp6", "open %s %s\n", local ? "local" : "remote", |
226 | 0 | str)); |
227 | 0 | free(str); |
228 | 0 | } |
229 | |
|
230 | 0 | if (!local) { |
231 | 0 | netsnmp_indexed_addr_pair *addr_pair; |
232 | | |
233 | | /* |
234 | | * allocate space to save the (remote) address in the |
235 | | * transport-specific data pointer for later use by netsnmp_udp_send. |
236 | | */ |
237 | 0 | t->data = calloc(1, sizeof(netsnmp_indexed_addr_pair)); |
238 | 0 | if (NULL == t->data) { |
239 | 0 | netsnmp_transport_free(t); |
240 | 0 | return NULL; |
241 | 0 | } |
242 | 0 | t->data_length = sizeof(netsnmp_indexed_addr_pair); |
243 | |
|
244 | 0 | addr_pair = (netsnmp_indexed_addr_pair *)t->data; |
245 | 0 | memcpy(&addr_pair->remote_addr, addr, sizeof(*addr)); |
246 | 0 | } |
247 | | |
248 | | /* |
249 | | * 16-bit length field, 8 byte UDP header, 40 byte IPv6 header. |
250 | | */ |
251 | | |
252 | 0 | t->msgMaxSize = 0xffff - 8 - 40; |
253 | 0 | t->f_recv = netsnmp_udp6_recv; |
254 | 0 | t->f_send = netsnmp_udp6_send; |
255 | 0 | t->f_close = netsnmp_socketbase_close; |
256 | 0 | t->f_accept = NULL; |
257 | 0 | t->f_setup_session = netsnmp_ipbase_session_init; |
258 | 0 | t->f_fmtaddr = netsnmp_udp6_fmtaddr; |
259 | 0 | t->f_get_taddr = netsnmp_ipv6_get_taddr; |
260 | |
|
261 | 0 | t->domain = netsnmp_UDPIPv6Domain; |
262 | 0 | t->domain_length = |
263 | 0 | sizeof(netsnmp_UDPIPv6Domain) / sizeof(netsnmp_UDPIPv6Domain[0]); |
264 | |
|
265 | 0 | return t; |
266 | 0 | } |
267 | | |
268 | | static void set_ipv6_v6only_sockopt(int sd) |
269 | 0 | { |
270 | 0 | #ifdef IPV6_V6ONLY |
271 | | /* Try to restrict PF_INET6 socket to IPv6 communications only. */ |
272 | 0 | int optval = 1; |
273 | |
|
274 | 0 | if (setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&optval, |
275 | 0 | sizeof(optval)) != 0) { |
276 | 0 | DEBUGMSGTL(("netsnmp_udp6", "couldn't set IPV6_V6ONLY: %s\n", |
277 | 0 | strerror(errno))); |
278 | 0 | } |
279 | 0 | #endif |
280 | 0 | } |
281 | | |
282 | | int |
283 | | netsnmp_udp6_transport_bind(netsnmp_transport *t, |
284 | | const struct netsnmp_ep *ep, |
285 | | int flags) |
286 | 0 | { |
287 | 0 | const struct sockaddr_in6 *addr = &ep->a.sin6; |
288 | 0 | int local = flags & NETSNMP_TSPEC_LOCAL; |
289 | 0 | int rc = 0; |
290 | |
|
291 | 0 | if (local) { |
292 | 0 | #ifndef NETSNMP_NO_LISTEN_SUPPORT |
293 | | /* |
294 | | * This session is intended as a server, so we must bind on to the |
295 | | * given IP address, which may include an interface address, or could |
296 | | * be INADDR_ANY, but certainly includes a port number. |
297 | | */ |
298 | |
|
299 | 0 | set_ipv6_v6only_sockopt(t->sock); |
300 | | #else /* NETSNMP_NO_LISTEN_SUPPORT */ |
301 | | return -1; |
302 | | #endif /* NETSNMP_NO_LISTEN_SUPPORT */ |
303 | 0 | } |
304 | |
|
305 | 0 | DEBUGIF("netsnmp_udp6") { |
306 | 0 | char *str; |
307 | 0 | str = netsnmp_udp6_fmtaddr(NULL, addr, sizeof(*addr)); |
308 | 0 | DEBUGMSGTL(("netsnmp_udp6", "binding socket: %d to %s\n", |
309 | 0 | t->sock, str)); |
310 | 0 | free(str); |
311 | 0 | } |
312 | 0 | if (flags & NETSNMP_TSPEC_PREBOUND) { |
313 | 0 | DEBUGMSGTL(("netsnmp_udp6", "socket %d is prebound, nothing to do\n", |
314 | 0 | t->sock)); |
315 | 0 | return 0; |
316 | 0 | } |
317 | 0 | rc = netsnmp_bindtodevice(t->sock, ep->iface); |
318 | 0 | if (rc != 0) { |
319 | 0 | DEBUGMSGTL(("netsnmp_udp6", "failed to bind to iface %s: %s\n", |
320 | 0 | ep->iface, strerror(errno))); |
321 | 0 | goto err; |
322 | 0 | } |
323 | 0 | rc = bind(t->sock, (const struct sockaddr *)addr, sizeof(*addr)); |
324 | 0 | if (rc != 0) { |
325 | 0 | DEBUGMSGTL(("netsnmp_udp6", "failed to bind for clientaddr: %d %s\n", |
326 | 0 | errno, strerror(errno))); |
327 | 0 | goto err; |
328 | 0 | } |
329 | | |
330 | 0 | return 0; |
331 | | |
332 | 0 | err: |
333 | 0 | netsnmp_socketbase_close(t); |
334 | 0 | return -1; |
335 | 0 | } |
336 | | |
337 | | int |
338 | | netsnmp_udp6_transport_socket(int flags) |
339 | 0 | { |
340 | 0 | int local = flags & NETSNMP_TSPEC_LOCAL; |
341 | 0 | int sock = socket(PF_INET6, SOCK_DGRAM, 0); |
342 | |
|
343 | 0 | DEBUGMSGTL(("UDPBase", "opened socket %d as local=%d\n", sock, local)); |
344 | 0 | if (sock < 0) |
345 | 0 | return -1; |
346 | | |
347 | 0 | _netsnmp_udp_sockopt_set(sock, local); |
348 | |
|
349 | 0 | return sock; |
350 | 0 | } |
351 | | |
352 | | void |
353 | | netsnmp_udp6_transport_get_bound_addr(netsnmp_transport *t) |
354 | 0 | { |
355 | 0 | netsnmp_indexed_addr_pair *addr_pair; |
356 | 0 | socklen_t local_addr_len = sizeof(addr_pair->local_addr); |
357 | 0 | int rc; |
358 | | |
359 | | /** only for client transports: must have data and not local */ |
360 | 0 | if (NULL == t || NULL != t->local || NULL == t->data || |
361 | 0 | t->data_length < local_addr_len) { |
362 | 0 | snmp_log(LOG_ERR, "bad parameters for get bound addr\n"); |
363 | 0 | return; |
364 | 0 | } |
365 | | |
366 | 0 | addr_pair = (netsnmp_indexed_addr_pair *)t->data; |
367 | | |
368 | | /** get local socket address for client session */ |
369 | 0 | local_addr_len = sizeof(addr_pair->local_addr); |
370 | 0 | rc = getsockname(t->sock, (struct sockaddr*)&addr_pair->local_addr, |
371 | 0 | &local_addr_len); |
372 | 0 | netsnmp_assert(rc == 0); |
373 | 0 | DEBUGIF("netsnmp_udpbase") { |
374 | 0 | char *str = netsnmp_udp6_fmtaddr(NULL, (void *)&addr_pair->local_addr, |
375 | 0 | sizeof(addr_pair->local_addr)); |
376 | 0 | DEBUGMSGTL(("netsnmp_udpbase", "socket %d bound to %s\n", |
377 | 0 | t->sock, str)); |
378 | 0 | free(str); |
379 | 0 | } |
380 | 0 | } |
381 | | |
382 | | netsnmp_transport * |
383 | | netsnmp_udpipv6base_tspec_transport(netsnmp_tdomain_spec *tspec) |
384 | 0 | { |
385 | 0 | struct netsnmp_ep ep; |
386 | 0 | int local; |
387 | |
|
388 | 0 | if (NULL == tspec) |
389 | 0 | return NULL; |
390 | | |
391 | 0 | local = tspec->flags & NETSNMP_TSPEC_LOCAL; |
392 | | |
393 | | /** get address from target */ |
394 | 0 | if (!netsnmp_sockaddr_in6_3(&ep, tspec->target, tspec->default_target)) |
395 | 0 | return NULL; |
396 | | |
397 | 0 | if (NULL != tspec->source) { |
398 | 0 | struct netsnmp_ep src_addr; |
399 | | |
400 | | /** get sockaddr from source */ |
401 | 0 | if (!netsnmp_sockaddr_in6_3(&src_addr, tspec->source, ":0")) |
402 | 0 | return NULL; |
403 | 0 | return netsnmp_udp6_transport_with_source(&ep, local, &src_addr); |
404 | 0 | } |
405 | | |
406 | | /** no source and default client address ok */ |
407 | 0 | return netsnmp_udp6_transport(&ep, local); |
408 | 0 | } |
409 | | |
410 | | netsnmp_transport * |
411 | | netsnmp_udp6_transport_with_source(const struct netsnmp_ep *ep, |
412 | | int local, const struct netsnmp_ep *src_addr) |
413 | 0 | { |
414 | 0 | netsnmp_transport *t = NULL; |
415 | 0 | const struct netsnmp_ep *bind_addr; |
416 | 0 | int rc, flags = 0; |
417 | |
|
418 | 0 | t = netsnmp_udp6_transport_init(ep, local); |
419 | 0 | if (NULL == t) |
420 | 0 | return NULL; |
421 | | |
422 | 0 | if (local) { |
423 | 0 | bind_addr = ep; |
424 | 0 | flags |= NETSNMP_TSPEC_LOCAL; |
425 | |
|
426 | 0 | #ifndef NETSNMP_NO_SYSTEMD |
427 | | /* |
428 | | * Maybe the socket was already provided by systemd... |
429 | | */ |
430 | 0 | t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_DGRAM, -1, |
431 | 0 | ntohs(ep->a.sin6.sin6_port)); |
432 | 0 | if (t->sock >= 0) |
433 | 0 | flags |= NETSNMP_TSPEC_PREBOUND; |
434 | 0 | #endif |
435 | 0 | } |
436 | 0 | else |
437 | 0 | bind_addr = src_addr; |
438 | |
|
439 | 0 | if (-1 == t->sock) |
440 | 0 | t->sock = netsnmp_udp6_transport_socket(flags); |
441 | 0 | if (t->sock < 0) { |
442 | 0 | netsnmp_transport_free(t); |
443 | 0 | return NULL; |
444 | 0 | } |
445 | | |
446 | | /* |
447 | | * If we've been given an address to bind to, then bind to it. |
448 | | * Otherwise the OS will use "something sensible". |
449 | | */ |
450 | 0 | if (NULL == bind_addr) |
451 | 0 | return t; |
452 | | |
453 | 0 | rc = netsnmp_udp6_transport_bind(t, bind_addr, flags); |
454 | 0 | if (rc) { |
455 | 0 | netsnmp_transport_free(t); |
456 | 0 | t = NULL; |
457 | 0 | } |
458 | 0 | else if (!local) |
459 | 0 | netsnmp_udp6_transport_get_bound_addr(t); |
460 | |
|
461 | 0 | return t; |
462 | 0 | } |
463 | | |
464 | | /* |
465 | | * Open a UDP/IPv6-based transport for SNMP. Local is TRUE if addr is the |
466 | | * local address to bind to (i.e. this is a server-type session); otherwise |
467 | | * addr is the remote address to send things to. |
468 | | */ |
469 | | |
470 | | netsnmp_transport * |
471 | | netsnmp_udp6_transport(const struct netsnmp_ep *ep, int local) |
472 | 0 | { |
473 | 0 | struct netsnmp_ep client_ep; |
474 | 0 | const char *client_addr; |
475 | |
|
476 | 0 | memset(&client_ep, 0, sizeof(client_ep)); |
477 | 0 | client_ep.a.sin6.sin6_family = AF_INET6; |
478 | |
|
479 | 0 | if (local) |
480 | 0 | goto out; |
481 | | |
482 | 0 | client_addr = netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
483 | 0 | NETSNMP_DS_LIB_CLIENT_ADDR); |
484 | 0 | if (!client_addr) |
485 | 0 | goto out; |
486 | | |
487 | 0 | if (netsnmp_sockaddr_in6_3(&client_ep, client_addr, ":0") < 0) |
488 | 0 | snmp_log(LOG_ERR, "Parsing clientaddr %s failed\n", client_addr); |
489 | |
|
490 | 0 | out: |
491 | 0 | return netsnmp_udp6_transport_with_source(ep, local, &client_ep); |
492 | 0 | } |
493 | | |
494 | | |
495 | | #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
496 | | /* |
497 | | * The following functions provide the "com2sec6" configuration token |
498 | | * functionality for compatibility. |
499 | | */ |
500 | | |
501 | 1.11k | #define EXAMPLE_NETWORK "NETWORK" |
502 | 677 | #define EXAMPLE_COMMUNITY "COMMUNITY" |
503 | | |
504 | | typedef struct com2Sec6Entry_s { |
505 | | const char *secName; |
506 | | const char *contextName; |
507 | | struct com2Sec6Entry_s *next; |
508 | | struct in6_addr network; |
509 | | struct in6_addr mask; |
510 | | int negate; |
511 | | const char community[1]; |
512 | | } com2Sec6Entry; |
513 | | |
514 | | static com2Sec6Entry *com2Sec6List = NULL, *com2Sec6ListLast = NULL; |
515 | | |
516 | | |
517 | | NETSNMP_STATIC_INLINE int |
518 | | create_com2Sec6Entry(const struct addrinfo* const run, |
519 | | const struct in6_addr* const mask, |
520 | | const char* const secName, |
521 | | const size_t secNameLen, |
522 | | const char* const contextName, |
523 | | const size_t contextNameLen, |
524 | | const char* const community, |
525 | | const size_t communityLen, |
526 | | int negate, |
527 | | com2Sec6Entry** const begin, |
528 | | com2Sec6Entry** const end) |
529 | 27 | { |
530 | 27 | const struct sockaddr_in6 * const run_addr = |
531 | 27 | (const struct sockaddr_in6*)run->ai_addr; |
532 | 27 | int i; |
533 | | |
534 | | /* Check that the network and mask are consistent. */ |
535 | 330 | for (i = 0; i < 16; ++i) { |
536 | 318 | if (run_addr->sin6_addr.s6_addr[i] & ~mask->s6_addr[i]) { |
537 | 15 | config_perror("source/mask mismatch"); |
538 | 15 | return 1; |
539 | 15 | } |
540 | 318 | } |
541 | | |
542 | 12 | { |
543 | 12 | char buf1[INET6_ADDRSTRLEN]; |
544 | 12 | char buf2[INET6_ADDRSTRLEN]; |
545 | 12 | DEBUGMSGTL(("netsnmp_udp6_parse_security", |
546 | 12 | "<\"%s\", %s/%s> => \"%s\"\n", |
547 | 12 | community, |
548 | 12 | inet_ntop(AF_INET6, &run_addr->sin6_addr, |
549 | 12 | buf1, sizeof(buf1)), |
550 | 12 | inet_ntop(AF_INET6, mask, buf2, sizeof(buf2)), |
551 | 12 | secName)); |
552 | 12 | } |
553 | | |
554 | 12 | { |
555 | | /* Allocate all the needed chunks */ |
556 | 12 | void * const v = |
557 | 12 | malloc(offsetof(com2Sec6Entry, community) + communityLen + |
558 | 12 | secNameLen + contextNameLen); |
559 | | |
560 | 12 | com2Sec6Entry* const e = (com2Sec6Entry*)v; |
561 | 12 | char *last = ((char*)v) + offsetof(com2Sec6Entry, community); |
562 | | |
563 | 12 | if (v == NULL) { |
564 | 0 | config_perror("memory error"); |
565 | 0 | return 1; |
566 | 0 | } |
567 | | |
568 | 12 | memcpy(last, community, communityLen); |
569 | 12 | last += communityLen; |
570 | | |
571 | 12 | memcpy(last, secName, secNameLen); |
572 | 12 | e->secName = last; |
573 | 12 | last += secNameLen; |
574 | | |
575 | 12 | if (contextNameLen) { |
576 | 7 | memcpy(last, contextName, contextNameLen); |
577 | 7 | e->contextName = last; |
578 | 7 | } else |
579 | 5 | e->contextName = last - 1; |
580 | | |
581 | 12 | memcpy(&e->network, &run_addr->sin6_addr, sizeof(struct in6_addr)); |
582 | 12 | memcpy(&e->mask, mask, sizeof(struct in6_addr)); |
583 | | |
584 | 12 | e->negate = negate; |
585 | 12 | e->next = NULL; |
586 | 12 | if (*end != NULL) { |
587 | 0 | (*end)->next = e; |
588 | 0 | *end = e; |
589 | 12 | } else { |
590 | 12 | *end = *begin = e; |
591 | 12 | } |
592 | 12 | } |
593 | 0 | return 0; |
594 | 12 | } |
595 | | |
596 | | void |
597 | | netsnmp_udp6_parse_security(const char *token, char *param) |
598 | 796 | { |
599 | | /** copy_nword does null term, so we need vars of max size + 2. */ |
600 | | /** (one for null, one to detect param too long */ |
601 | 796 | char secName[VACMSTRINGLEN]; /* == VACM_MAX_STRING + 2 */ |
602 | 796 | size_t secNameLen; |
603 | 796 | char contextName[VACMSTRINGLEN]; |
604 | 796 | size_t contextNameLen; |
605 | 796 | char community[COMMUNITY_MAX_LEN + 2];/* overflow + null char */ |
606 | 796 | size_t communityLen; |
607 | 796 | char source[301]; /* !(1)+dns-name(253)+/(1)+mask(45)+\0(1) */ |
608 | 796 | char *sourcep; |
609 | 796 | struct in6_addr mask; |
610 | 796 | int negate; |
611 | | |
612 | | /* |
613 | | * Get security, source address/netmask and community strings. |
614 | | */ |
615 | | |
616 | 796 | param = copy_nword( param, secName, sizeof(secName)); |
617 | 796 | if (strcmp(secName, "-Cn") == 0) { |
618 | 32 | if (!param) { |
619 | 1 | config_perror("missing CONTEXT_NAME parameter"); |
620 | 1 | return; |
621 | 1 | } |
622 | 31 | param = copy_nword( param, contextName, sizeof(contextName)); |
623 | 31 | contextNameLen = strlen(contextName); |
624 | 31 | if (contextNameLen > VACM_MAX_STRING) { |
625 | 3 | config_perror("context name too long"); |
626 | 3 | return; |
627 | 3 | } |
628 | 28 | if (!param) { |
629 | 5 | config_perror("missing NAME parameter"); |
630 | 5 | return; |
631 | 5 | } |
632 | 23 | ++contextNameLen; /* null termination */ |
633 | 23 | param = copy_nword( param, secName, sizeof(secName)); |
634 | 764 | } else { |
635 | 764 | contextNameLen = 0; |
636 | 764 | } |
637 | | |
638 | 787 | secNameLen = strlen(secName); |
639 | 787 | if (secNameLen == 0) { |
640 | 60 | config_perror("empty NAME parameter"); |
641 | 60 | return; |
642 | 727 | } else if (secNameLen > VACM_MAX_STRING) { |
643 | 75 | config_perror("security name too long"); |
644 | 75 | return; |
645 | 75 | } |
646 | 652 | ++secNameLen; /* null termination */ |
647 | | |
648 | 652 | if (!param) { |
649 | 91 | config_perror("missing SOURCE parameter"); |
650 | 91 | return; |
651 | 91 | } |
652 | 561 | param = copy_nword( param, source, sizeof(source)); |
653 | 561 | if (source[0] == '\0') { |
654 | 4 | config_perror("empty SOURCE parameter"); |
655 | 4 | return; |
656 | 4 | } |
657 | 557 | if (strncmp(source, EXAMPLE_NETWORK, strlen(EXAMPLE_NETWORK)) == 0) { |
658 | 3 | config_perror("example config NETWORK not properly configured"); |
659 | 3 | return; |
660 | 3 | } |
661 | | |
662 | 554 | if (!param) { |
663 | 56 | config_perror("missing COMMUNITY parameter"); |
664 | 56 | return; |
665 | 56 | } |
666 | 498 | param = copy_nword( param, community, sizeof(community)); |
667 | 498 | if (community[0] == '\0') { |
668 | 5 | config_perror("empty COMMUNITY parameter"); |
669 | 5 | return; |
670 | 5 | } |
671 | 493 | communityLen = strlen(community); |
672 | 493 | if (communityLen > COMMUNITY_MAX_LEN) { |
673 | 0 | config_perror("community name too long"); |
674 | 0 | return; |
675 | 0 | } |
676 | 493 | ++communityLen; /* null termination */ |
677 | 493 | if (communityLen == sizeof(EXAMPLE_COMMUNITY) && |
678 | 92 | memcmp(community, EXAMPLE_COMMUNITY, sizeof(EXAMPLE_COMMUNITY)) == 0) { |
679 | 7 | config_perror("example config COMMUNITY not properly configured"); |
680 | 7 | return; |
681 | 7 | } |
682 | | |
683 | | /* Possible mask cases |
684 | | * "default" <=> 0::0/0 |
685 | | * <hostname>[/] <=> <hostname>/128 |
686 | | * <hostname>/number <=> <hostname>/number |
687 | | * <hostname>/<mask> <=> <hostname>/<mask> |
688 | | */ |
689 | 486 | { |
690 | | /* Deal with the "default" case first. */ |
691 | 486 | const int isdefault = strcmp(source, "default") == 0; |
692 | | |
693 | 486 | if (isdefault) { |
694 | 11 | memset(mask.s6_addr, '\0', sizeof(mask.s6_addr)); |
695 | 11 | negate = 0; |
696 | 11 | sourcep = NULL; /* gcc gets confused about sourcep being used */ |
697 | 475 | } else { |
698 | 475 | char *strmask; |
699 | 475 | if (*source == '!') { |
700 | 19 | negate = 1; |
701 | 19 | sourcep = source + 1; |
702 | 456 | } else { |
703 | 456 | negate = 0; |
704 | 456 | sourcep = source; |
705 | 456 | } |
706 | | |
707 | | /* Split the source/netmask parts */ |
708 | 475 | strmask = strchr(sourcep, '/'); |
709 | 475 | if (strmask != NULL) |
710 | | /* Mask given. */ |
711 | 269 | *strmask++ = '\0'; |
712 | | |
713 | | /* Try to interpret the mask */ |
714 | 475 | if (strmask == NULL || *strmask == '\0') { |
715 | | /* No mask was given. Assume /128 */ |
716 | 214 | memset(mask.s6_addr, 0xff, sizeof(mask.s6_addr)); |
717 | 261 | } else { |
718 | | /* Try to interpret mask as a "number of 1 bits". */ |
719 | 261 | char* cp; |
720 | 261 | long masklength = strtol(strmask, &cp, 10); |
721 | 261 | if (*cp == '\0') { |
722 | 214 | if (0 <= masklength && masklength <= 128) { |
723 | 27 | const int j = masklength / 8; |
724 | 27 | const int jj = masklength % 8; |
725 | | |
726 | 27 | memset(mask.s6_addr, 0xff, j); |
727 | 27 | if (j < 16) { |
728 | 25 | mask.s6_addr[j] = (0xffu << (8 - jj)); |
729 | 25 | memset(mask.s6_addr + j + 1, '\0', 15 - j); |
730 | 25 | } |
731 | 187 | } else { |
732 | 187 | config_perror("bad mask length"); |
733 | 187 | return; |
734 | 187 | } |
735 | 214 | } |
736 | | /* Try to interpret mask numerically. */ |
737 | 47 | else if (inet_pton(AF_INET6, strmask, &mask) != 1) { |
738 | 44 | config_perror("bad mask"); |
739 | 44 | return; |
740 | 44 | } |
741 | 261 | } |
742 | 475 | } |
743 | | |
744 | 255 | { |
745 | 255 | struct sockaddr_in6 pton_addr; |
746 | 255 | struct addrinfo hints, *res = NULL; |
747 | 255 | memset(&hints, '\0', sizeof(hints)); |
748 | | |
749 | | /* First check if default, otherwise try to parse as a numeric |
750 | | * address, if that also fails try to lookup the address */ |
751 | 255 | if (isdefault) { |
752 | 11 | memset(&pton_addr.sin6_addr.s6_addr, '\0', |
753 | 11 | sizeof(struct in6_addr)); |
754 | 244 | } else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) { |
755 | | /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */ |
756 | | |
757 | | /* Try interpreting as dotted quad - IPv4 */ |
758 | 235 | struct in_addr network; |
759 | 235 | if (inet_pton(AF_INET, sourcep, &network) > 0){ |
760 | | /* Yes, it's IPv4 - so it's already parsed and we can return. */ |
761 | 2 | DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n")); |
762 | 2 | return; |
763 | 2 | } |
764 | 233 | #ifdef HAVE_GETADDRINFO |
765 | 233 | { |
766 | 233 | int gai_error; |
767 | | |
768 | 233 | hints.ai_family = AF_INET6; |
769 | 233 | hints.ai_socktype = SOCK_DGRAM; |
770 | 233 | gai_error = netsnmp_getaddrinfo(sourcep, NULL, &hints, |
771 | 233 | &res); |
772 | 233 | if (gai_error != 0) { |
773 | 226 | config_perror(gai_strerror(gai_error)); |
774 | 226 | return; |
775 | 226 | } |
776 | 233 | } |
777 | | #else |
778 | | config_perror("getaddrinfo() not available"); |
779 | | return; |
780 | | #endif |
781 | 233 | } |
782 | 27 | if (res == NULL) { |
783 | 20 | hints.ai_addrlen = sizeof(pton_addr); |
784 | 20 | hints.ai_addr = (struct sockaddr*)&pton_addr; |
785 | 20 | hints.ai_next = NULL; |
786 | 20 | res = &hints; |
787 | 20 | } |
788 | | |
789 | 27 | { |
790 | 27 | struct addrinfo *run; |
791 | 27 | int failed = 0; |
792 | 27 | com2Sec6Entry *begin = NULL, *end = NULL; |
793 | | |
794 | 54 | for (run = res; run && !failed; run = run->ai_next) |
795 | 27 | failed = |
796 | 27 | create_com2Sec6Entry(run, &mask, |
797 | 27 | secName, secNameLen, |
798 | 27 | contextName, contextNameLen, |
799 | 27 | community, communityLen, negate, |
800 | 27 | &begin, &end); |
801 | | |
802 | 27 | if (failed) { |
803 | | /* Free eventually allocated chunks */ |
804 | 15 | while (begin) { |
805 | 0 | end = begin; |
806 | 0 | begin = begin->next; |
807 | 0 | free(end); |
808 | 0 | } |
809 | 15 | } else if (com2Sec6ListLast != NULL) { |
810 | 11 | com2Sec6ListLast->next = begin; |
811 | 11 | com2Sec6ListLast = end; |
812 | 11 | } else { |
813 | 1 | com2Sec6List = begin; |
814 | 1 | com2Sec6ListLast = end; |
815 | 1 | } |
816 | 27 | } |
817 | 27 | #ifdef HAVE_GETADDRINFO |
818 | 27 | if (res != &hints) |
819 | 7 | freeaddrinfo(res); |
820 | 27 | #endif |
821 | 27 | } |
822 | 27 | } |
823 | 27 | } |
824 | | |
825 | | void |
826 | | netsnmp_udp6_com2Sec6List_free(void) |
827 | 6.88k | { |
828 | 6.88k | com2Sec6Entry *e = com2Sec6List; |
829 | 6.88k | while (e != NULL) { |
830 | 0 | com2Sec6Entry *tmp = e; |
831 | 0 | e = e->next; |
832 | 0 | free(tmp); |
833 | 0 | } |
834 | 6.88k | com2Sec6List = com2Sec6ListLast = NULL; |
835 | 6.88k | } |
836 | | |
837 | | #endif /* support for community based SNMP */ |
838 | | |
839 | | void |
840 | | netsnmp_udp6_agent_config_tokens_register(void) |
841 | 3.44k | { |
842 | 3.44k | #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
843 | 3.44k | register_app_config_handler("com2sec6", netsnmp_udp6_parse_security, |
844 | 3.44k | netsnmp_udp6_com2Sec6List_free, |
845 | 3.44k | "[-Cn CONTEXT] secName IPv6-network-address[/netmask] community"); |
846 | 3.44k | #endif /* support for community based SNMP */ |
847 | 3.44k | } |
848 | | |
849 | | |
850 | | |
851 | | #if !defined(NETSNMP_DISABLE_SNMPV1) || !defined(NETSNMP_DISABLE_SNMPV2C) |
852 | | |
853 | | /* |
854 | | * Return 0 if there are no com2sec entries, or return 1 if there ARE com2sec |
855 | | * entries. On return, if a com2sec entry matched the passed parameters, |
856 | | * then *secName points at the appropriate security name, or is NULL if the |
857 | | * parameters did not match any com2sec entry. |
858 | | */ |
859 | | |
860 | | int |
861 | | netsnmp_udp6_getSecName(void *opaque, int olength, |
862 | | const char *community, |
863 | | int community_len, |
864 | | const char **secName, const char **contextName) |
865 | 0 | { |
866 | 0 | const com2Sec6Entry *c; |
867 | 0 | struct sockaddr_in6 *from = (struct sockaddr_in6 *) opaque; |
868 | 0 | char *ztcommunity = NULL; |
869 | 0 | char str6[INET6_ADDRSTRLEN]; |
870 | |
|
871 | 0 | if (secName != NULL) { |
872 | 0 | *secName = NULL; /* Haven't found anything yet */ |
873 | 0 | } |
874 | | |
875 | | /* |
876 | | * Special case if there are NO entries (as opposed to no MATCHING |
877 | | * entries). |
878 | | */ |
879 | |
|
880 | 0 | if (com2Sec6List == NULL) { |
881 | 0 | DEBUGMSGTL(("netsnmp_udp6_getSecName", "no com2sec entries\n")); |
882 | 0 | return 0; |
883 | 0 | } |
884 | | |
885 | | /* |
886 | | * If there is no IPv6 source address, then there can be no valid security |
887 | | * name. |
888 | | */ |
889 | | |
890 | 0 | if (opaque == NULL || olength != sizeof(struct sockaddr_in6) |
891 | 0 | || from->sin6_family != PF_INET6) { |
892 | 0 | DEBUGMSGTL(("netsnmp_udp6_getSecName", |
893 | 0 | "no IPv6 source address in PDU?\n")); |
894 | 0 | return 1; |
895 | 0 | } |
896 | | |
897 | 0 | ztcommunity = (char *) malloc(community_len + 1); |
898 | 0 | if (ztcommunity != NULL) { |
899 | 0 | memcpy(ztcommunity, community, community_len); |
900 | 0 | ztcommunity[community_len] = '\0'; |
901 | 0 | } |
902 | |
|
903 | 0 | inet_ntop(AF_INET6, &from->sin6_addr, str6, sizeof(str6)); |
904 | 0 | DEBUGMSGTL(("netsnmp_udp6_getSecName", "resolve <\"%s\", %s>\n", |
905 | 0 | ztcommunity ? ztcommunity : "<malloc error>", str6)); |
906 | |
|
907 | 0 | for (c = com2Sec6List; c != NULL; c = c->next) { |
908 | 0 | { |
909 | 0 | char buf1[INET6_ADDRSTRLEN]; |
910 | 0 | char buf2[INET6_ADDRSTRLEN]; |
911 | 0 | DEBUGMSGTL(("netsnmp_udp6_getSecName", |
912 | 0 | "compare <\"%s\", %s/%s>", c->community, |
913 | 0 | inet_ntop(AF_INET6, &c->network, buf1, sizeof(buf1)), |
914 | 0 | inet_ntop(AF_INET6, &c->mask, buf2, sizeof(buf2)))); |
915 | 0 | } |
916 | 0 | if ((community_len == (int)strlen(c->community)) && |
917 | 0 | (memcmp(community, c->community, community_len) == 0)) { |
918 | 0 | int i, ok = 1; |
919 | 0 | for (i = 0; ok && i < 16; ++i) |
920 | 0 | if ((from->sin6_addr.s6_addr[i] & c->mask.s6_addr[i]) != |
921 | 0 | c->network.s6_addr[i]) |
922 | 0 | ok = 0; |
923 | 0 | if (ok) { |
924 | 0 | DEBUGMSG(("netsnmp_udp6_getSecName", "... SUCCESS\n")); |
925 | 0 | if (c->negate) { |
926 | | /* |
927 | | * If we matched a negative entry, then we are done - claim that we |
928 | | * matched nothing. |
929 | | */ |
930 | 0 | DEBUGMSG(("netsnmp_udp6_getSecName", "... <negative entry>\n")); |
931 | 0 | break; |
932 | 0 | } |
933 | 0 | if (secName != NULL) { |
934 | 0 | *secName = c->secName; |
935 | 0 | *contextName = c->contextName; |
936 | 0 | } |
937 | 0 | break; |
938 | 0 | } |
939 | 0 | } |
940 | 0 | else { |
941 | 0 | DEBUGMSG(("netsnmp_udp6_getSecName", "... nope\n")); |
942 | 0 | } |
943 | 0 | } |
944 | |
|
945 | 0 | if (ztcommunity != NULL) { |
946 | 0 | free(ztcommunity); |
947 | 0 | } |
948 | 0 | return 1; |
949 | 0 | } |
950 | | #endif /* support for community based SNMP */ |
951 | | |
952 | | netsnmp_transport * |
953 | | netsnmp_udp6_create_tstring(const char *str, int local, |
954 | | const char *default_target) |
955 | 0 | { |
956 | 0 | struct netsnmp_ep ep; |
957 | |
|
958 | 0 | if (netsnmp_sockaddr_in6_3(&ep, str, default_target)) { |
959 | 0 | return netsnmp_udp6_transport(&ep, local); |
960 | 0 | } else { |
961 | 0 | return NULL; |
962 | 0 | } |
963 | 0 | } |
964 | | |
965 | | netsnmp_transport * |
966 | | netsnmp_udp6_create_tspec(netsnmp_tdomain_spec *tspec) |
967 | 0 | { |
968 | 0 | netsnmp_transport *t = netsnmp_udpipv6base_tspec_transport(tspec); |
969 | 0 | return t; |
970 | |
|
971 | 0 | } |
972 | | |
973 | | |
974 | | /* |
975 | | * See: |
976 | | * |
977 | | * http://www.ietf.org/internet-drafts/draft-ietf-ops-taddress-mib-01.txt |
978 | | * |
979 | | * (or newer equivalent) for details of the TC which we are using for |
980 | | * the mapping here. |
981 | | */ |
982 | | |
983 | | netsnmp_transport * |
984 | | netsnmp_udp6_create_ostring(const void *o, size_t o_len, int local) |
985 | 0 | { |
986 | 0 | struct netsnmp_ep ep; |
987 | |
|
988 | 0 | memset(&ep, 0, sizeof(ep)); |
989 | 0 | if (netsnmp_ipv6_ostring_to_sockaddr(&ep.a.sin6, o, o_len)) |
990 | 0 | return netsnmp_udp6_transport(&ep, local); |
991 | 0 | return NULL; |
992 | 0 | } |
993 | | |
994 | | |
995 | | void |
996 | | netsnmp_udpipv6_ctor(void) |
997 | 4.31k | { |
998 | 4.31k | udp6Domain.name = netsnmp_UDPIPv6Domain; |
999 | 4.31k | udp6Domain.name_length = OID_LENGTH(netsnmp_UDPIPv6Domain); |
1000 | 4.31k | udp6Domain.f_create_from_tstring_new = netsnmp_udp6_create_tstring; |
1001 | 4.31k | udp6Domain.f_create_from_tspec = netsnmp_udp6_create_tspec; |
1002 | 4.31k | udp6Domain.f_create_from_ostring = netsnmp_udp6_create_ostring; |
1003 | 4.31k | udp6Domain.prefix = calloc(5, sizeof(char *)); |
1004 | 4.31k | if (!udp6Domain.prefix) { |
1005 | 0 | snmp_log(LOG_ERR, "calloc() failed - out of memory\n"); |
1006 | 0 | return; |
1007 | 0 | } |
1008 | 4.31k | udp6Domain.prefix[0] = "udp6"; |
1009 | 4.31k | udp6Domain.prefix[1] = "ipv6"; |
1010 | 4.31k | udp6Domain.prefix[2] = "udpv6"; |
1011 | 4.31k | udp6Domain.prefix[3] = "udpipv6"; |
1012 | | |
1013 | 4.31k | netsnmp_tdomain_register(&udp6Domain); |
1014 | 4.31k | } |
1015 | | |
1016 | | #else |
1017 | | |
1018 | | #ifdef NETSNMP_DLL |
1019 | | /* need this hook for win32 MSVC++ DLL build */ |
1020 | | void |
1021 | | netsnmp_udp6_agent_config_tokens_register(void) |
1022 | | { } |
1023 | | #endif |
1024 | | |
1025 | | #endif /* NETSNMP_TRANSPORT_UDPIPV6_DOMAIN */ |
1026 | | |