1 /* 2 * Copyright (c) 2001-2003 3 * Fraunhofer Institute for Open Communication Systems (FhG Fokus). 4 * All rights reserved. 5 * 6 * Author: Harti Brandt <harti@freebsd.org> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $Begemot: bsnmp/snmpd/snmpmod.h,v 1.32 2006/02/14 09:04:20 brandt_h Exp $ 30 * 31 * SNMP daemon data and functions exported to modules. 32 */ 33 #ifndef snmpmod_h_ 34 #define snmpmod_h_ 35 36 #include <sys/types.h> 37 #include <sys/socket.h> 38 #include <net/if.h> 39 #include <netinet/in.h> 40 #include "asn1.h" 41 #include "snmp.h" 42 #include "snmpagent.h" 43 44 #define MAX_MOD_ARGS 16 45 46 /* 47 * These macros help to handle object lists for SNMP tables. They use 48 * tail queues to hold the objects in ascending order in the list. 49 * ordering can be done either on an integer/unsigned field, an asn_oid 50 * or an ordering function. 51 */ 52 #define INSERT_OBJECT_OID_LINK_INDEX(PTR, LIST, LINK, INDEX) do { \ 53 __typeof (PTR) _lelem; \ 54 \ 55 TAILQ_FOREACH(_lelem, (LIST), LINK) \ 56 if (asn_compare_oid(&_lelem->INDEX, &(PTR)->INDEX) > 0) \ 57 break; \ 58 if (_lelem == NULL) \ 59 TAILQ_INSERT_TAIL((LIST), (PTR), LINK); \ 60 else \ 61 TAILQ_INSERT_BEFORE(_lelem, (PTR), LINK); \ 62 } while (0) 63 64 #define INSERT_OBJECT_INT_LINK_INDEX(PTR, LIST, LINK, INDEX) do { \ 65 __typeof (PTR) _lelem; \ 66 \ 67 TAILQ_FOREACH(_lelem, (LIST), LINK) \ 68 if ((asn_subid_t)_lelem->INDEX > (asn_subid_t)(PTR)->INDEX)\ 69 break; \ 70 if (_lelem == NULL) \ 71 TAILQ_INSERT_TAIL((LIST), (PTR), LINK); \ 72 else \ 73 TAILQ_INSERT_BEFORE(_lelem, (PTR), LINK); \ 74 } while (0) 75 76 #define INSERT_OBJECT_FUNC_LINK(PTR, LIST, LINK, FUNC) do { \ 77 __typeof (PTR) _lelem; \ 78 \ 79 TAILQ_FOREACH(_lelem, (LIST), LINK) \ 80 if ((FUNC)(_lelem, (PTR)) > 0) \ 81 break; \ 82 if (_lelem == NULL) \ 83 TAILQ_INSERT_TAIL((LIST), (PTR), LINK); \ 84 else \ 85 TAILQ_INSERT_BEFORE(_lelem, (PTR), LINK); \ 86 } while (0) 87 88 #define INSERT_OBJECT_FUNC_LINK_REV(PTR, LIST, HEAD, LINK, FUNC) do { \ 89 __typeof (PTR) _lelem; \ 90 \ 91 TAILQ_FOREACH_REVERSE(_lelem, (LIST), HEAD, LINK) \ 92 if ((FUNC)(_lelem, (PTR)) < 0) \ 93 break; \ 94 if (_lelem == NULL) \ 95 TAILQ_INSERT_HEAD((LIST), (PTR), LINK); \ 96 else \ 97 TAILQ_INSERT_AFTER((LIST), _lelem, (PTR), LINK); \ 98 } while (0) 99 100 #define FIND_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, LINK, INDEX) ({ \ 101 __typeof (TAILQ_FIRST(LIST)) _lelem; \ 102 \ 103 TAILQ_FOREACH(_lelem, (LIST), LINK) \ 104 if (index_compare(OID, SUB, &_lelem->INDEX) == 0) \ 105 break; \ 106 (_lelem); \ 107 }) 108 109 #define NEXT_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, LINK, INDEX) ({ \ 110 __typeof (TAILQ_FIRST(LIST)) _lelem; \ 111 \ 112 TAILQ_FOREACH(_lelem, (LIST), LINK) \ 113 if (index_compare(OID, SUB, &_lelem->INDEX) < 0) \ 114 break; \ 115 (_lelem); \ 116 }) 117 118 #define FIND_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, LINK, INDEX) ({ \ 119 __typeof (TAILQ_FIRST(LIST)) _lelem; \ 120 \ 121 if ((OID)->len - SUB != 1) \ 122 _lelem = NULL; \ 123 else \ 124 TAILQ_FOREACH(_lelem, (LIST), LINK) \ 125 if ((OID)->subs[SUB] == (asn_subid_t)_lelem->INDEX)\ 126 break; \ 127 (_lelem); \ 128 }) 129 130 #define NEXT_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, LINK, INDEX) ({ \ 131 __typeof (TAILQ_FIRST(LIST)) _lelem; \ 132 \ 133 if ((OID)->len - SUB == 0) \ 134 _lelem = TAILQ_FIRST(LIST); \ 135 else \ 136 TAILQ_FOREACH(_lelem, (LIST), LINK) \ 137 if ((OID)->subs[SUB] < (asn_subid_t)_lelem->INDEX)\ 138 break; \ 139 (_lelem); \ 140 }) 141 142 #define FIND_OBJECT_FUNC_LINK(LIST, OID, SUB, LINK, FUNC) ({ \ 143 __typeof (TAILQ_FIRST(LIST)) _lelem; \ 144 \ 145 TAILQ_FOREACH(_lelem, (LIST), LINK) \ 146 if ((FUNC)(OID, SUB, _lelem) == 0) \ 147 break; \ 148 (_lelem); \ 149 }) 150 151 #define NEXT_OBJECT_FUNC_LINK(LIST, OID, SUB, LINK, FUNC) ({ \ 152 __typeof (TAILQ_FIRST(LIST)) _lelem; \ 153 \ 154 TAILQ_FOREACH(_lelem, (LIST), LINK) \ 155 if ((FUNC)(OID, SUB, _lelem) < 0) \ 156 break; \ 157 (_lelem); \ 158 }) 159 160 /* 161 * Macros for the case where the index field is called 'index' 162 */ 163 #define INSERT_OBJECT_OID_LINK(PTR, LIST, LINK) \ 164 INSERT_OBJECT_OID_LINK_INDEX(PTR, LIST, LINK, index) 165 166 #define INSERT_OBJECT_INT_LINK(PTR, LIST, LINK) do { \ 167 INSERT_OBJECT_INT_LINK_INDEX(PTR, LIST, LINK, index) 168 169 #define FIND_OBJECT_OID_LINK(LIST, OID, SUB, LINK) \ 170 FIND_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, LINK, index) 171 172 #define NEXT_OBJECT_OID_LINK(LIST, OID, SUB, LINK) \ 173 NEXT_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, LINK, index) 174 175 #define FIND_OBJECT_INT_LINK(LIST, OID, SUB, LINK) \ 176 FIND_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, LINK, index) 177 178 #define NEXT_OBJECT_INT_LINK(LIST, OID, SUB, LINK) \ 179 NEXT_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, LINK, index) 180 181 /* 182 * Macros for the case where the index field is called 'index' and the 183 * link field 'link'. 184 */ 185 #define INSERT_OBJECT_OID(PTR, LIST) \ 186 INSERT_OBJECT_OID_LINK_INDEX(PTR, LIST, link, index) 187 188 #define INSERT_OBJECT_INT(PTR, LIST) \ 189 INSERT_OBJECT_INT_LINK_INDEX(PTR, LIST, link, index) 190 191 #define INSERT_OBJECT_FUNC_REV(PTR, LIST, HEAD, FUNC) \ 192 INSERT_OBJECT_FUNC_LINK_REV(PTR, LIST, HEAD, link, FUNC) 193 194 #define FIND_OBJECT_OID(LIST, OID, SUB) \ 195 FIND_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, link, index) 196 197 #define FIND_OBJECT_INT(LIST, OID, SUB) \ 198 FIND_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, link, index) 199 200 #define FIND_OBJECT_FUNC(LIST, OID, SUB, FUNC) \ 201 FIND_OBJECT_FUNC_LINK(LIST, OID, SUB, link, FUNC) 202 203 #define NEXT_OBJECT_OID(LIST, OID, SUB) \ 204 NEXT_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, link, index) 205 206 #define NEXT_OBJECT_INT(LIST, OID, SUB) \ 207 NEXT_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, link, index) 208 209 #define NEXT_OBJECT_FUNC(LIST, OID, SUB, FUNC) \ 210 NEXT_OBJECT_FUNC_LINK(LIST, OID, SUB, link, FUNC) 211 212 struct lmodule; 213 214 /* The tick when the program was started. This is the absolute time of 215 * the start in 100th of a second. */ 216 extern uint64_t start_tick; 217 218 /* The tick when the current packet was received. This is the absolute 219 * time in 100th of second. */ 220 extern uint64_t this_tick; 221 222 /* Get the current absolute time in 100th of a second. */ 223 uint64_t get_ticks(void); 224 225 /* 226 * Return code for proxy function 227 */ 228 enum snmpd_proxy_err { 229 /* proxy code will process the PDU */ 230 SNMPD_PROXY_OK, 231 /* proxy code does not process PDU */ 232 SNMPD_PROXY_REJ, 233 /* drop this PDU */ 234 SNMPD_PROXY_DROP, 235 /* drop because of bad community */ 236 SNMPD_PROXY_BADCOMM, 237 /* drop because of bad community use */ 238 SNMPD_PROXY_BADCOMMUSE 239 }; 240 241 /* 242 * Input handling 243 */ 244 enum snmpd_input_err { 245 /* proceed with packet */ 246 SNMPD_INPUT_OK, 247 /* fatal error in packet, ignore it */ 248 SNMPD_INPUT_FAILED, 249 /* value encoding has wrong length in a SET operation */ 250 SNMPD_INPUT_VALBADLEN, 251 /* value encoding is out of range */ 252 SNMPD_INPUT_VALRANGE, 253 /* value has bad encoding */ 254 SNMPD_INPUT_VALBADENC, 255 /* need more data (truncated packet) */ 256 SNMPD_INPUT_TRUNC, 257 /* unknown community */ 258 SNMPD_INPUT_BAD_COMM, 259 }; 260 261 /* 262 * Every loadable module must have one of this structures with 263 * the external name 'config'. 264 */ 265 struct snmp_module { 266 /* a comment describing what this module implements */ 267 const char *comment; 268 269 /* the initialization function */ 270 int (*init)(struct lmodule *, int argc, char *argv[]); 271 272 /* the finalisation function */ 273 int (*fini)(void); 274 275 /* the idle function */ 276 void (*idle)(void); 277 278 /* the dump function */ 279 void (*dump)(void); 280 281 /* re-configuration function */ 282 void (*config)(void); 283 284 /* start operation */ 285 void (*start)(void); 286 287 /* proxy a PDU */ 288 enum snmpd_proxy_err (*proxy)(struct snmp_pdu *, void *, 289 const struct asn_oid *, const struct sockaddr *, socklen_t, 290 enum snmpd_input_err, int32_t, int); 291 292 /* the tree this module is going to server */ 293 const struct snmp_node *tree; 294 u_int tree_size; 295 296 /* function called, when another module was unloaded/loaded */ 297 void (*loading)(const struct lmodule *, int); 298 }; 299 300 /* 301 * Stuff exported to modules 302 */ 303 304 /* 305 * The system group. 306 */ 307 struct systemg { 308 u_char *descr; 309 struct asn_oid object_id; 310 u_char *contact; 311 u_char *name; 312 u_char *location; 313 u_int32_t services; 314 u_int32_t or_last_change; 315 }; 316 extern struct systemg systemg; 317 318 /* 319 * Community support. 320 * 321 * We have 2 fixed communities for SNMP read and write access. Modules 322 * can create their communities dynamically. They are deleted automatically 323 * if the module is unloaded. 324 */ 325 #define COMM_INITIALIZE 0 326 #define COMM_READ 1 327 #define COMM_WRITE 2 328 329 u_int comm_define(u_int, const char *descr, struct lmodule *, const char *str); 330 const char * comm_string(u_int); 331 332 /* community for current packet */ 333 extern u_int community; 334 335 /* 336 * SNMP User-based Security Model data. Modified via the snmp_usm(3) module. 337 */ 338 struct snmpd_usmstat { 339 uint32_t unsupported_seclevels; 340 uint32_t not_in_time_windows; 341 uint32_t unknown_users; 342 uint32_t unknown_engine_ids; 343 uint32_t wrong_digests; 344 uint32_t decrypt_errors; 345 }; 346 347 extern struct snmpd_usmstat snmpd_usmstats; 348 struct snmpd_usmstat *bsnmpd_get_usm_stats(void); 349 void bsnmpd_reset_usm_stats(void); 350 351 struct usm_user { 352 struct snmp_user suser; 353 uint8_t user_engine_id[SNMP_ENGINE_ID_SIZ]; 354 uint32_t user_engine_len; 355 char user_public[SNMP_ADM_STR32_SIZ]; 356 uint32_t user_public_len; 357 int32_t status; 358 int32_t type; 359 SLIST_ENTRY(usm_user) up; 360 }; 361 362 SLIST_HEAD(usm_userlist, usm_user); 363 struct usm_user *usm_first_user(void); 364 struct usm_user *usm_next_user(struct usm_user *); 365 struct usm_user *usm_find_user(uint8_t *, uint32_t, char *); 366 struct usm_user *usm_new_user(uint8_t *, uint32_t, char *); 367 void usm_delete_user(struct usm_user *); 368 void usm_flush_users(void); 369 370 /* USM user for current packet */ 371 extern struct usm_user *usm_user; 372 373 /* 374 * SNMP View-based Access Control Model data. Modified via the snmp_vacm(3) module. 375 */ 376 struct vacm_group; 377 378 struct vacm_user { 379 /* Security user name from USM */ 380 char secname[SNMP_ADM_STR32_SIZ]; 381 int32_t sec_model; 382 /* Back pointer to user assigned group name */ 383 struct vacm_group *group; 384 int32_t type; 385 int32_t status; 386 SLIST_ENTRY(vacm_user) vvu; 387 SLIST_ENTRY(vacm_user) vvg; 388 }; 389 390 SLIST_HEAD(vacm_userlist, vacm_user); 391 392 struct vacm_group { 393 char groupname[SNMP_ADM_STR32_SIZ]; 394 struct vacm_userlist group_users; 395 SLIST_ENTRY(vacm_group) vge; 396 }; 397 398 SLIST_HEAD(vacm_grouplist, vacm_group); 399 400 struct vacm_access { 401 /* The group name is index, not a column in the table */ 402 struct vacm_group *group; 403 char ctx_prefix[SNMP_ADM_STR32_SIZ]; 404 int32_t sec_model; 405 int32_t sec_level; 406 int32_t ctx_match; 407 struct vacm_view *read_view; 408 struct vacm_view *write_view; 409 struct vacm_view *notify_view; 410 int32_t type; 411 int32_t status; 412 TAILQ_ENTRY(vacm_access) vva; 413 }; 414 415 TAILQ_HEAD(vacm_accesslist, vacm_access); 416 417 struct vacm_view { 418 char viewname[SNMP_ADM_STR32_SIZ]; /* key */ 419 struct asn_oid subtree; /* key */ 420 uint8_t mask[16]; 421 uint8_t exclude; 422 int32_t type; 423 int32_t status; 424 SLIST_ENTRY(vacm_view) vvl; 425 }; 426 427 SLIST_HEAD(vacm_viewlist, vacm_view); 428 429 struct vacm_context { 430 /* The ID of the module that registered this context */ 431 int32_t regid; 432 char ctxname[SNMP_ADM_STR32_SIZ]; 433 SLIST_ENTRY(vacm_context) vcl; 434 }; 435 436 SLIST_HEAD(vacm_contextlist, vacm_context); 437 438 void vacm_groups_init(void); 439 struct vacm_user *vacm_first_user(void); 440 struct vacm_user *vacm_next_user(struct vacm_user *); 441 struct vacm_user *vacm_new_user(int32_t, char *); 442 int vacm_delete_user(struct vacm_user *); 443 int vacm_user_set_group(struct vacm_user *, u_char *, u_int); 444 struct vacm_access *vacm_first_access_rule(void); 445 struct vacm_access *vacm_next_access_rule(struct vacm_access *); 446 struct vacm_access *vacm_new_access_rule(char *, char *, int32_t, int32_t); 447 int vacm_delete_access_rule(struct vacm_access *); 448 struct vacm_view *vacm_first_view(void); 449 struct vacm_view *vacm_next_view(struct vacm_view *); 450 struct vacm_view *vacm_new_view(char *, struct asn_oid *); 451 int vacm_delete_view(struct vacm_view *); 452 struct vacm_context *vacm_first_context(void); 453 struct vacm_context *vacm_next_context(struct vacm_context *); 454 struct vacm_context *vacm_add_context(char *, int32_t); 455 void vacm_flush_contexts(int32_t); 456 457 /* 458 * Well known OIDs 459 */ 460 extern const struct asn_oid oid_zeroDotZero; 461 462 /* SNMPv3 Engine Discovery */ 463 extern const struct asn_oid oid_usmUnknownEngineIDs; 464 extern const struct asn_oid oid_usmNotInTimeWindows; 465 466 /* 467 * Request ID ranges. 468 * 469 * A module can request a range of request ids and associate them with a 470 * type field. All ranges are deleted if a module is unloaded. 471 */ 472 u_int reqid_allocate(int size, struct lmodule *); 473 int32_t reqid_next(u_int type); 474 int32_t reqid_base(u_int type); 475 int reqid_istype(int32_t reqid, u_int type); 476 u_int reqid_type(int32_t reqid); 477 478 /* 479 * Timers. 480 */ 481 void *timer_start(u_int, void (*)(void *), void *, struct lmodule *); 482 void *timer_start_repeat(u_int, u_int, void (*)(void *), void *, 483 struct lmodule *); 484 void timer_stop(void *); 485 486 /* 487 * File descriptors 488 */ 489 void *fd_select(int, void (*)(int, void *), void *, struct lmodule *); 490 void fd_deselect(void *); 491 void fd_suspend(void *); 492 int fd_resume(void *); 493 494 /* 495 * Object resources 496 */ 497 u_int or_register(const struct asn_oid *, const char *, struct lmodule *); 498 void or_unregister(u_int); 499 500 /* 501 * Buffers 502 */ 503 void *buf_alloc(int tx); 504 size_t buf_size(int tx); 505 506 /* decode PDU and find community */ 507 enum snmpd_input_err snmp_input_start(const u_char *, size_t, const char *, 508 struct snmp_pdu *, int32_t *, size_t *); 509 510 /* process the pdu. returns either _OK or _FAILED */ 511 enum snmpd_input_err snmp_input_finish(struct snmp_pdu *, const u_char *, 512 size_t, u_char *, size_t *, const char *, enum snmpd_input_err, int32_t, 513 void *); 514 515 void snmp_output(struct snmp_pdu *, u_char *, size_t *, const char *); 516 void snmp_send_port(void *, const struct asn_oid *, struct snmp_pdu *, 517 const struct sockaddr *, socklen_t); 518 519 /* sending traps */ 520 void snmp_send_trap(const struct asn_oid *, ...); 521 522 /* 523 * Action support 524 */ 525 int string_save(struct snmp_value *, struct snmp_context *, ssize_t, u_char **); 526 void string_commit(struct snmp_context *); 527 void string_rollback(struct snmp_context *, u_char **); 528 int string_get(struct snmp_value *, const u_char *, ssize_t); 529 int string_get_max(struct snmp_value *, const u_char *, ssize_t, size_t); 530 void string_free(struct snmp_context *); 531 532 int ip_save(struct snmp_value *, struct snmp_context *, u_char *); 533 void ip_rollback(struct snmp_context *, u_char *); 534 void ip_commit(struct snmp_context *); 535 int ip_get(struct snmp_value *, u_char *); 536 537 int oid_save(struct snmp_value *, struct snmp_context *, struct asn_oid *); 538 void oid_rollback(struct snmp_context *, struct asn_oid *); 539 void oid_commit(struct snmp_context *); 540 int oid_get(struct snmp_value *, const struct asn_oid *); 541 542 int index_decode(const struct asn_oid *oid, u_int sub, u_int code, ...); 543 int index_compare(const struct asn_oid *, u_int, const struct asn_oid *); 544 int index_compare_off(const struct asn_oid *, u_int, const struct asn_oid *, 545 u_int); 546 void index_append(struct asn_oid *, u_int, const struct asn_oid *); 547 void index_append_off(struct asn_oid *, u_int, const struct asn_oid *, u_int); 548 549 #endif 550