xref: /freebsd/contrib/bsnmp/snmp_usm/usm_snmp.c (revision 7ef62cebc2f965b0f640263e179276928885e33d)
1 /*-
2  * Copyright (c) 2010,2018 The FreeBSD Foundation
3  *
4  * This software was developed by Shteryana Sotirova Shopova under
5  * sponsorship from the FreeBSD Foundation.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  *
28  * $FreeBSD$
29  */
30 #include <sys/queue.h>
31 #include <sys/types.h>
32 
33 #include <errno.h>
34 #include <stdarg.h>
35 #include <stdlib.h>
36 #include <stdio.h>
37 #include <stdint.h>
38 #include <string.h>
39 #include <syslog.h>
40 
41 #include "asn1.h"
42 #include "snmp.h"
43 #include "snmpmod.h"
44 
45 #define	SNMPTREE_TYPES
46 #include "usm_tree.h"
47 #include "usm_oid.h"
48 
49 static struct lmodule *usm_module;
50 /* For the registration. */
51 static const struct asn_oid oid_usm = OIDX_snmpUsmMIB;
52 
53 static const struct asn_oid oid_usmNoAuthProtocol = OIDX_usmNoAuthProtocol;
54 static const struct asn_oid oid_usmHMACMD5AuthProtocol =		\
55     OIDX_usmHMACMD5AuthProtocol;
56 static const struct asn_oid oid_usmHMACSHAAuthProtocol =		\
57     OIDX_usmHMACSHAAuthProtocol;
58 
59 static const struct asn_oid oid_usmNoPrivProtocol = OIDX_usmNoPrivProtocol;
60 static const struct asn_oid oid_usmDESPrivProtocol = OIDX_usmDESPrivProtocol;
61 static const struct asn_oid oid_usmAesCfb128Protocol = OIDX_usmAesCfb128Protocol;
62 
63 static const struct asn_oid oid_usmUserSecurityName = OIDX_usmUserSecurityName;
64 
65 /* The registration. */
66 static uint reg_usm;
67 
68 static int32_t usm_lock;
69 
70 static struct usm_user *	usm_get_user(const struct asn_oid *, uint);
71 static struct usm_user *	usm_get_next_user(const struct asn_oid *, uint);
72 static void	usm_append_userindex(struct asn_oid *, uint,
73     const struct usm_user *);
74 static int	usm_user_index_decode(const struct asn_oid *, uint, uint8_t *,
75     uint32_t *, char *);
76 
77 int
78 op_usm_stats(struct snmp_context *ctx __unused, struct snmp_value *val,
79     uint32_t sub __unused, uint32_t iidx __unused, enum snmp_op op)
80 {
81 	struct snmpd_usmstat *usmstats;
82 
83 	if (op == SNMP_OP_SET)
84 		return (SNMP_ERR_NOT_WRITEABLE);
85 
86 	if ((usmstats = bsnmpd_get_usm_stats()) == NULL)
87 		return (SNMP_ERR_GENERR);
88 
89 	if (op == SNMP_OP_GET) {
90 		switch (val->var.subs[sub - 1]) {
91 		case LEAF_usmStatsUnsupportedSecLevels:
92 			val->v.uint32 = usmstats->unsupported_seclevels;
93 			break;
94 		case LEAF_usmStatsNotInTimeWindows:
95 			val->v.uint32 = usmstats->not_in_time_windows;
96 			break;
97 		case LEAF_usmStatsUnknownUserNames:
98 			val->v.uint32 = usmstats->unknown_users;
99 			break;
100 		case LEAF_usmStatsUnknownEngineIDs:
101 			val->v.uint32 = usmstats->unknown_engine_ids;
102 			break;
103 		case LEAF_usmStatsWrongDigests:
104 			val->v.uint32 = usmstats->wrong_digests;
105 			break;
106 		case LEAF_usmStatsDecryptionErrors:
107 			val->v.uint32 = usmstats->decrypt_errors;
108 			break;
109 		default:
110 			return (SNMP_ERR_NOSUCHNAME);
111 		}
112 		return (SNMP_ERR_NOERROR);
113 	}
114 	abort();
115 }
116 
117 int
118 op_usm_lock(struct snmp_context *ctx __unused, struct snmp_value *val,
119     uint32_t sub, uint32_t iidx __unused, enum snmp_op op)
120 {
121 	if (val->var.subs[sub - 1] != LEAF_usmUserSpinLock)
122 		return (SNMP_ERR_NOSUCHNAME);
123 
124 	switch (op) {
125 	case SNMP_OP_GET:
126 		if (++usm_lock == INT32_MAX)
127 			usm_lock = 0;
128 		val->v.integer = usm_lock;
129 		break;
130 	case SNMP_OP_GETNEXT:
131 		abort();
132 	case SNMP_OP_SET:
133 		if (val->v.integer != usm_lock)
134 			return (SNMP_ERR_INCONS_VALUE);
135 		break;
136 	case SNMP_OP_ROLLBACK:
137 		/* FALLTHROUGH */
138 	case SNMP_OP_COMMIT:
139 		break;
140 	}
141 
142 	return (SNMP_ERR_NOERROR);
143 }
144 
145 int
146 op_usm_users(struct snmp_context *ctx, struct snmp_value *val,
147     uint32_t sub, uint32_t iidx __unused, enum snmp_op op)
148 {
149 	uint32_t elen;
150 	struct usm_user *uuser, *clone;
151 	char uname[SNMP_ADM_STR32_SIZ];
152 	uint8_t eid[SNMP_ENGINE_ID_SIZ];
153 
154 	switch (op) {
155 	case SNMP_OP_GET:
156 		if ((uuser = usm_get_user(&val->var, sub)) == NULL)
157 			return (SNMP_ERR_NOSUCHNAME);
158 		break;
159 
160 	case SNMP_OP_GETNEXT:
161 		if ((uuser = usm_get_next_user(&val->var, sub)) == NULL)
162 			return (SNMP_ERR_NOSUCHNAME);
163 		usm_append_userindex(&val->var, sub, uuser);
164 		break;
165 
166 	case SNMP_OP_SET:
167 		if ((uuser = usm_get_user(&val->var, sub)) == NULL &&
168 		    val->var.subs[sub - 1] != LEAF_usmUserStatus &&
169 		    val->var.subs[sub - 1] != LEAF_usmUserCloneFrom)
170 			return (SNMP_ERR_NOSUCHNAME);
171 
172 		/*
173 		 * XXX (ngie): need to investigate the MIB to determine how
174 		 * this is possible given some of the transitions below.
175 		 */
176 		if (community != COMM_INITIALIZE &&
177 		    uuser != NULL && uuser->type == StorageType_readOnly)
178 			return (SNMP_ERR_NOT_WRITEABLE);
179 
180 		switch (val->var.subs[sub - 1]) {
181 		case LEAF_usmUserSecurityName:
182 			return (SNMP_ERR_NOT_WRITEABLE);
183 
184 		case LEAF_usmUserCloneFrom:
185 			if (uuser != NULL || usm_user_index_decode(&val->var,
186 			    sub, eid, &elen, uname) < 0 ||
187 			    !(asn_is_suboid(&oid_usmUserSecurityName, &val->v.oid)))
188 				return (SNMP_ERR_WRONG_VALUE);
189 			if ((clone = usm_get_user(&val->v.oid, sub)) == NULL)
190 				return (SNMP_ERR_INCONS_VALUE);
191 			if ((uuser = usm_new_user(eid, elen, uname)) == NULL)
192 				return (SNMP_ERR_GENERR);
193 			uuser->status = RowStatus_notReady;
194 			if (community != COMM_INITIALIZE)
195 				uuser->type = StorageType_volatile;
196 			else
197 				uuser->type = StorageType_readOnly;
198 
199 			uuser->suser.auth_proto = clone->suser.auth_proto;
200 			uuser->suser.priv_proto = clone->suser.priv_proto;
201 			memcpy(uuser->suser.auth_key, clone->suser.auth_key,
202 			    sizeof(uuser->suser.auth_key));
203 			memcpy(uuser->suser.priv_key, clone->suser.priv_key,
204 			    sizeof(uuser->suser.priv_key));
205 			ctx->scratch->int1 = RowStatus_createAndWait;
206 			break;
207 
208 		case LEAF_usmUserAuthProtocol:
209 			ctx->scratch->int1 = uuser->suser.auth_proto;
210 			if (asn_compare_oid(&oid_usmNoAuthProtocol,
211 			    &val->v.oid) == 0)
212 				uuser->suser.auth_proto = SNMP_AUTH_NOAUTH;
213 			else if (asn_compare_oid(&oid_usmHMACMD5AuthProtocol,
214 			    &val->v.oid) == 0)
215 				uuser->suser.auth_proto = SNMP_AUTH_HMAC_MD5;
216 			else if (asn_compare_oid(&oid_usmHMACSHAAuthProtocol,
217 			    &val->v.oid) == 0)
218 				uuser->suser.auth_proto = SNMP_AUTH_HMAC_SHA;
219 			else
220 				return (SNMP_ERR_WRONG_VALUE);
221 			break;
222 
223 		case LEAF_usmUserAuthKeyChange:
224 		case LEAF_usmUserOwnAuthKeyChange:
225 			if (val->var.subs[sub - 1] ==
226 			    LEAF_usmUserOwnAuthKeyChange &&
227 			    (usm_user == NULL || strcmp(uuser->suser.sec_name,
228 			    usm_user->suser.sec_name) != 0))
229 				return (SNMP_ERR_NO_ACCESS);
230 			if (val->v.octetstring.len > SNMP_AUTH_KEY_SIZ)
231 				return (SNMP_ERR_INCONS_VALUE);
232 			ctx->scratch->ptr1 = malloc(SNMP_AUTH_KEY_SIZ);
233 			if (ctx->scratch->ptr1 == NULL)
234 				return (SNMP_ERR_GENERR);
235 			memcpy(ctx->scratch->ptr1, uuser->suser.auth_key,
236 			    SNMP_AUTH_KEY_SIZ);
237 			memcpy(uuser->suser.auth_key, val->v.octetstring.octets,
238 			    val->v.octetstring.len);
239 			break;
240 
241 		case LEAF_usmUserPrivProtocol:
242 			ctx->scratch->int1 = uuser->suser.priv_proto;
243 			if (asn_compare_oid(&oid_usmNoPrivProtocol,
244 			    &val->v.oid) == 0)
245 				uuser->suser.priv_proto = SNMP_PRIV_NOPRIV;
246 			else if (asn_compare_oid(&oid_usmDESPrivProtocol,
247 			    &val->v.oid) == 0)
248 				uuser->suser.priv_proto = SNMP_PRIV_DES;
249 			else if (asn_compare_oid(&oid_usmAesCfb128Protocol,
250 			    &val->v.oid) == 0)
251 				uuser->suser.priv_proto = SNMP_PRIV_AES;
252 			else
253 				return (SNMP_ERR_WRONG_VALUE);
254 			break;
255 
256 		case LEAF_usmUserPrivKeyChange:
257 		case LEAF_usmUserOwnPrivKeyChange:
258 			if (val->var.subs[sub - 1] ==
259 			    LEAF_usmUserOwnPrivKeyChange &&
260 			    (usm_user == NULL || strcmp(uuser->suser.sec_name,
261 			    usm_user->suser.sec_name) != 0))
262 				return (SNMP_ERR_NO_ACCESS);
263 			if (val->v.octetstring.len > SNMP_PRIV_KEY_SIZ)
264 				return (SNMP_ERR_INCONS_VALUE);
265 			ctx->scratch->ptr1 = malloc(SNMP_PRIV_KEY_SIZ);
266 			if (ctx->scratch->ptr1 == NULL)
267 				return (SNMP_ERR_GENERR);
268 			memcpy(ctx->scratch->ptr1, uuser->suser.priv_key,
269 			    sizeof(uuser->suser.priv_key));
270 			memcpy(uuser->suser.priv_key, val->v.octetstring.octets,
271 			    val->v.octetstring.len);
272 			break;
273 
274 		case LEAF_usmUserPublic:
275 			if (val->v.octetstring.len > SNMP_ADM_STR32_SIZ)
276 				return (SNMP_ERR_INCONS_VALUE);
277 			if (uuser->user_public_len > 0) {
278 				ctx->scratch->ptr2 =
279 				    malloc(uuser->user_public_len);
280 				if (ctx->scratch->ptr2 == NULL)
281 					return (SNMP_ERR_GENERR);
282 				memcpy(ctx->scratch->ptr2, uuser->user_public,
283 			 	   uuser->user_public_len);
284 				ctx->scratch->int2 = uuser->user_public_len;
285 			}
286 			if (val->v.octetstring.len > 0) {
287 				memcpy(uuser->user_public,
288 				    val->v.octetstring.octets,
289 				    val->v.octetstring.len);
290 				uuser->user_public_len = val->v.octetstring.len;
291 			} else {
292 				memset(uuser->user_public, 0,
293 				    sizeof(uuser->user_public));
294 				uuser->user_public_len = 0;
295 			}
296 			break;
297 
298 		case LEAF_usmUserStorageType:
299 			return (SNMP_ERR_INCONS_VALUE);
300 
301 		case LEAF_usmUserStatus:
302 			if (uuser == NULL) {
303 				if (val->v.integer != RowStatus_createAndWait ||
304 				    usm_user_index_decode(&val->var, sub, eid,
305 				    &elen, uname) < 0)
306 					return (SNMP_ERR_INCONS_VALUE);
307 				uuser = usm_new_user(eid, elen, uname);
308 				if (uuser == NULL)
309 					return (SNMP_ERR_GENERR);
310 				uuser->status = RowStatus_notReady;
311 				if (community != COMM_INITIALIZE)
312 					uuser->type = StorageType_volatile;
313 				else
314 					uuser->type = StorageType_readOnly;
315 			} else if (val->v.integer != RowStatus_active &&
316 			    val->v.integer != RowStatus_destroy)
317 				return (SNMP_ERR_INCONS_VALUE);
318 
319 			uuser->status = val->v.integer;
320 			break;
321 		}
322 		return (SNMP_ERR_NOERROR);
323 
324 	case SNMP_OP_COMMIT:
325 		switch (val->var.subs[sub - 1]) {
326 		case LEAF_usmUserAuthKeyChange:
327 		case LEAF_usmUserOwnAuthKeyChange:
328 		case LEAF_usmUserPrivKeyChange:
329 		case LEAF_usmUserOwnPrivKeyChange:
330 			free(ctx->scratch->ptr1);
331 			break;
332 		case LEAF_usmUserPublic:
333 			if (ctx->scratch->ptr2 != NULL)
334 				free(ctx->scratch->ptr2);
335 			break;
336 		case LEAF_usmUserStatus:
337 			if (val->v.integer != RowStatus_destroy)
338 				break;
339 			if ((uuser = usm_get_user(&val->var, sub)) == NULL)
340 				return (SNMP_ERR_GENERR);
341 			usm_delete_user(uuser);
342 			break;
343 		default:
344 			break;
345 		}
346 		return (SNMP_ERR_NOERROR);
347 
348 	case SNMP_OP_ROLLBACK:
349 		if ((uuser = usm_get_user(&val->var, sub)) == NULL)
350 			return (SNMP_ERR_GENERR);
351 		switch (val->var.subs[sub - 1]) {
352 		case LEAF_usmUserAuthProtocol:
353 			uuser->suser.auth_proto = ctx->scratch->int1;
354 			break;
355 		case LEAF_usmUserAuthKeyChange:
356 		case LEAF_usmUserOwnAuthKeyChange:
357 			memcpy(uuser->suser.auth_key, ctx->scratch->ptr1,
358 			    sizeof(uuser->suser.auth_key));
359 			free(ctx->scratch->ptr1);
360 			break;
361 		case LEAF_usmUserPrivProtocol:
362 			uuser->suser.priv_proto = ctx->scratch->int1;
363 			break;
364 		case LEAF_usmUserPrivKeyChange:
365 		case LEAF_usmUserOwnPrivKeyChange:
366 			memcpy(uuser->suser.priv_key, ctx->scratch->ptr1,
367 			    sizeof(uuser->suser.priv_key));
368 			free(ctx->scratch->ptr1);
369 			break;
370 		case LEAF_usmUserPublic:
371 			if (ctx->scratch->ptr2 != NULL) {
372 				memcpy(uuser->user_public, ctx->scratch->ptr2,
373 			 	   ctx->scratch->int2);
374 				uuser->user_public_len = ctx->scratch->int2;
375 				free(ctx->scratch->ptr2);
376 			} else {
377 				memset(uuser->user_public, 0,
378 				    sizeof(uuser->user_public));
379 				uuser->user_public_len = 0;
380 			}
381 			break;
382 		case LEAF_usmUserCloneFrom:
383 		case LEAF_usmUserStatus:
384 			if (ctx->scratch->int1 == RowStatus_createAndWait)
385 				usm_delete_user(uuser);
386 			break;
387 		default:
388 			break;
389 		}
390 		return (SNMP_ERR_NOERROR);
391 
392 	default:
393 		abort();
394 	}
395 
396 	switch (val->var.subs[sub - 1]) {
397 	case LEAF_usmUserSecurityName:
398 		return (string_get(val, uuser->suser.sec_name, -1));
399 	case LEAF_usmUserCloneFrom:
400 		memcpy(&val->v.oid, &oid_zeroDotZero, sizeof(oid_zeroDotZero));
401 		break;
402 	case LEAF_usmUserAuthProtocol:
403 		switch (uuser->suser.auth_proto) {
404 		case SNMP_AUTH_HMAC_MD5:
405 			memcpy(&val->v.oid, &oid_usmHMACMD5AuthProtocol,
406 			    sizeof(oid_usmHMACMD5AuthProtocol));
407 			break;
408 		case SNMP_AUTH_HMAC_SHA:
409 			memcpy(&val->v.oid, &oid_usmHMACSHAAuthProtocol,
410 			    sizeof(oid_usmHMACSHAAuthProtocol));
411 			break;
412 		default:
413 			memcpy(&val->v.oid, &oid_usmNoAuthProtocol,
414 			    sizeof(oid_usmNoAuthProtocol));
415 			break;
416 		}
417 		break;
418 	case LEAF_usmUserAuthKeyChange:
419 	case LEAF_usmUserOwnAuthKeyChange:
420 		return (string_get(val, (char *)uuser->suser.auth_key, 0));
421 	case LEAF_usmUserPrivProtocol:
422 		switch (uuser->suser.priv_proto) {
423 		case SNMP_PRIV_DES:
424 			memcpy(&val->v.oid, &oid_usmDESPrivProtocol,
425 			    sizeof(oid_usmDESPrivProtocol));
426 			break;
427 		case SNMP_PRIV_AES:
428 			memcpy(&val->v.oid, &oid_usmAesCfb128Protocol,
429 			    sizeof(oid_usmAesCfb128Protocol));
430 			break;
431 		default:
432 			memcpy(&val->v.oid, &oid_usmNoPrivProtocol,
433 			    sizeof(oid_usmNoPrivProtocol));
434 			break;
435 		}
436 		break;
437 	case LEAF_usmUserPrivKeyChange:
438 	case LEAF_usmUserOwnPrivKeyChange:
439 		return (string_get(val, (char *)uuser->suser.priv_key, 0));
440 	case LEAF_usmUserPublic:
441 		return (string_get(val, uuser->user_public,
442 		    uuser->user_public_len));
443 	case LEAF_usmUserStorageType:
444 		val->v.integer = uuser->type;
445 		break;
446 	case LEAF_usmUserStatus:
447 		val->v.integer = uuser->status;
448 		break;
449 	}
450 
451 	return (SNMP_ERR_NOERROR);
452 }
453 
454 static int
455 usm_user_index_decode(const struct asn_oid *oid, uint sub, uint8_t *engine,
456     uint32_t *elen, char *uname)
457 {
458 	uint32_t i, nlen;
459 	int uname_off;
460 
461 	if (oid->subs[sub] > SNMP_ENGINE_ID_SIZ)
462 		return (-1);
463 
464 	for (i = 0; i < oid->subs[sub]; i++)
465 		engine[i] = oid->subs[sub + i + 1];
466 	*elen = i;
467 
468 	uname_off = sub + oid->subs[sub] + 1;
469 	if ((nlen = oid->subs[uname_off]) >= SNMP_ADM_STR32_SIZ)
470 		return (-1);
471 
472 	for (i = 0; i < nlen; i++)
473 		uname[i] = oid->subs[uname_off + i + 1];
474 	uname[nlen] = '\0';
475 
476 	return (0);
477 }
478 
479 static void
480 usm_append_userindex(struct asn_oid *oid, uint sub,
481     const struct usm_user *uuser)
482 {
483 	uint32_t i;
484 
485 	oid->len = sub + uuser->user_engine_len + strlen(uuser->suser.sec_name);
486 	oid->len += 2;
487 	oid->subs[sub] = uuser->user_engine_len;
488 	for (i = 1; i < uuser->user_engine_len + 1; i++)
489 		oid->subs[sub + i] = uuser->user_engine_id[i - 1];
490 
491 	sub += uuser->user_engine_len + 1;
492 	oid->subs[sub] = strlen(uuser->suser.sec_name);
493 	for (i = 1; i <= oid->subs[sub]; i++)
494 		oid->subs[sub + i] = uuser->suser.sec_name[i - 1];
495 }
496 
497 static struct usm_user *
498 usm_get_user(const struct asn_oid *oid, uint sub)
499 {
500 	uint32_t enginelen;
501 	char username[SNMP_ADM_STR32_SIZ];
502 	uint8_t engineid[SNMP_ENGINE_ID_SIZ];
503 
504 	if (usm_user_index_decode(oid, sub, engineid, &enginelen, username) < 0)
505 		return (NULL);
506 
507 	return (usm_find_user(engineid, enginelen, username));
508 }
509 
510 static struct usm_user *
511 usm_get_next_user(const struct asn_oid *oid, uint sub)
512 {
513 	uint32_t enginelen;
514 	char username[SNMP_ADM_STR32_SIZ];
515 	uint8_t engineid[SNMP_ENGINE_ID_SIZ];
516 	struct usm_user *uuser;
517 
518 	if (oid->len - sub == 0)
519 		return (usm_first_user());
520 
521 	if (usm_user_index_decode(oid, sub, engineid, &enginelen, username) < 0)
522 		return (NULL);
523 
524 	if ((uuser = usm_find_user(engineid, enginelen, username)) != NULL)
525 		return (usm_next_user(uuser));
526 
527 	return (NULL);
528 }
529 
530 /*
531  * USM snmp module initialization hook.
532  * Returns 0 on success, < 0 on error.
533  */
534 static int
535 usm_init(struct lmodule * mod, int argc __unused, char *argv[] __unused)
536 {
537 	usm_module = mod;
538 	usm_lock = random();
539 	bsnmpd_reset_usm_stats();
540 	return (0);
541 }
542 
543 /*
544  * USM snmp module finalization hook.
545  */
546 static int
547 usm_fini(void)
548 {
549 	usm_flush_users();
550 	or_unregister(reg_usm);
551 
552 	return (0);
553 }
554 
555 /*
556  * USM snmp module start operation.
557  */
558 static void
559 usm_start(void)
560 {
561 	reg_usm = or_register(&oid_usm,
562 	    "The MIB module for managing SNMP User-Based Security Model.",
563 	    usm_module);
564 }
565 
566 static void
567 usm_dump(void)
568 {
569 	struct usm_user *uuser;
570 	struct snmpd_usmstat *usmstats;
571 	const char *const authstr[] = {
572 		"noauth",
573 		"md5",
574 		"sha",
575 		NULL
576 	};
577 	const char *const privstr[] = {
578 		"nopriv",
579 		"des",
580 		"aes",
581 		NULL
582 	};
583 
584 	if ((usmstats = bsnmpd_get_usm_stats()) != NULL) {
585 		syslog(LOG_ERR, "UnsupportedSecLevels\t\t%u",
586 		    usmstats->unsupported_seclevels);
587 		syslog(LOG_ERR, "NotInTimeWindows\t\t%u",
588 		    usmstats->not_in_time_windows);
589 		syslog(LOG_ERR, "UnknownUserNames\t\t%u",
590 		    usmstats->unknown_users);
591 		syslog(LOG_ERR, "UnknownEngineIDs\t\t%u",
592 		    usmstats->unknown_engine_ids);
593 		syslog(LOG_ERR, "WrongDigests\t\t%u",
594 		    usmstats->wrong_digests);
595 		syslog(LOG_ERR, "DecryptionErrors\t\t%u",
596 		    usmstats->decrypt_errors);
597 	}
598 
599 	syslog(LOG_ERR, "USM users");
600 	for (uuser = usm_first_user(); uuser != NULL;
601 	    (uuser = usm_next_user(uuser)))
602 		syslog(LOG_ERR, "user %s\t\t%s, %s", uuser->suser.sec_name,
603 		    authstr[uuser->suser.auth_proto],
604 		    privstr[uuser->suser.priv_proto]);
605 }
606 
607 static const char usm_comment[] =
608 "This module implements SNMP User-based Security Model defined in RFC 3414.";
609 
610 extern const struct snmp_module config;
611 const struct snmp_module config = {
612 	.comment =	usm_comment,
613 	.init =		usm_init,
614 	.fini =		usm_fini,
615 	.start =	usm_start,
616 	.tree =		usm_ctree,
617 	.dump =		usm_dump,
618 	.tree_size =	usm_CTREE_SIZE,
619 };
620