2 * Copyright (c) 2001-2003
3 * Fraunhofer Institute for Open Communication Systems (FhG Fokus).
6 * Author: Harti Brandt <harti@freebsd.org>
8 * Copyright (c) 2010 The FreeBSD Foundation
11 * Portions of this software were developed by Shteryana Sotirova Shopova
12 * under sponsorship from the FreeBSD Foundation.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
23 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * $Begemot: bsnmp/lib/snmp.c,v 1.40 2005/10/04 14:32:42 brandt_h Exp $
39 #include <sys/types.h>
40 #include <sys/socket.h>
47 #elif defined(HAVE_INTTYPES_H)
59 static void snmp_error_func(const char *, ...);
60 static void snmp_printf_func(const char *, ...);
62 void (*snmp_error)(const char *, ...) = snmp_error_func;
63 void (*snmp_printf)(const char *, ...) = snmp_printf_func;
66 * Get the next variable binding from the list.
67 * ASN errors on the sequence or the OID are always fatal.
70 get_var_binding(struct asn_buf *b, struct snmp_value *binding)
73 asn_len_t len, trailer;
76 if (asn_get_sequence(b, &len) != ASN_ERR_OK) {
77 snmp_error("cannot parse varbind header");
78 return (ASN_ERR_FAILED);
81 /* temporary truncate the length so that the parser does not
82 * eat up bytes behind the sequence in the case the encoding is
83 * wrong of inner elements. */
84 trailer = b->asn_len - len;
87 if (asn_get_objid(b, &binding->var) != ASN_ERR_OK) {
88 snmp_error("cannot parse binding objid");
89 return (ASN_ERR_FAILED);
91 if (asn_get_header(b, &type, &len) != ASN_ERR_OK) {
92 snmp_error("cannot parse binding value header");
93 return (ASN_ERR_FAILED);
99 binding->syntax = SNMP_SYNTAX_NULL;
100 err = asn_get_null_raw(b, len);
103 case ASN_TYPE_INTEGER:
104 binding->syntax = SNMP_SYNTAX_INTEGER;
105 err = asn_get_integer_raw(b, len, &binding->v.integer);
108 case ASN_TYPE_OCTETSTRING:
109 binding->syntax = SNMP_SYNTAX_OCTETSTRING;
110 binding->v.octetstring.octets = malloc(len);
111 if (binding->v.octetstring.octets == NULL) {
112 snmp_error("%s", strerror(errno));
113 return (ASN_ERR_FAILED);
115 binding->v.octetstring.len = len;
116 err = asn_get_octetstring_raw(b, len,
117 binding->v.octetstring.octets,
118 &binding->v.octetstring.len);
119 if (ASN_ERR_STOPPED(err)) {
120 free(binding->v.octetstring.octets);
121 binding->v.octetstring.octets = NULL;
126 binding->syntax = SNMP_SYNTAX_OID;
127 err = asn_get_objid_raw(b, len, &binding->v.oid);
130 case ASN_CLASS_APPLICATION|ASN_APP_IPADDRESS:
131 binding->syntax = SNMP_SYNTAX_IPADDRESS;
132 err = asn_get_ipaddress_raw(b, len, binding->v.ipaddress);
135 case ASN_CLASS_APPLICATION|ASN_APP_TIMETICKS:
136 binding->syntax = SNMP_SYNTAX_TIMETICKS;
137 err = asn_get_uint32_raw(b, len, &binding->v.uint32);
140 case ASN_CLASS_APPLICATION|ASN_APP_COUNTER:
141 binding->syntax = SNMP_SYNTAX_COUNTER;
142 err = asn_get_uint32_raw(b, len, &binding->v.uint32);
145 case ASN_CLASS_APPLICATION|ASN_APP_GAUGE:
146 binding->syntax = SNMP_SYNTAX_GAUGE;
147 err = asn_get_uint32_raw(b, len, &binding->v.uint32);
150 case ASN_CLASS_APPLICATION|ASN_APP_COUNTER64:
151 binding->syntax = SNMP_SYNTAX_COUNTER64;
152 err = asn_get_counter64_raw(b, len, &binding->v.counter64);
155 case ASN_CLASS_CONTEXT | ASN_EXCEPT_NOSUCHOBJECT:
156 binding->syntax = SNMP_SYNTAX_NOSUCHOBJECT;
157 err = asn_get_null_raw(b, len);
160 case ASN_CLASS_CONTEXT | ASN_EXCEPT_NOSUCHINSTANCE:
161 binding->syntax = SNMP_SYNTAX_NOSUCHINSTANCE;
162 err = asn_get_null_raw(b, len);
165 case ASN_CLASS_CONTEXT | ASN_EXCEPT_ENDOFMIBVIEW:
166 binding->syntax = SNMP_SYNTAX_ENDOFMIBVIEW;
167 err = asn_get_null_raw(b, len);
171 if ((err = asn_skip(b, len)) == ASN_ERR_OK)
173 snmp_error("bad binding value type 0x%x", type);
177 if (ASN_ERR_STOPPED(err)) {
178 snmp_error("cannot parse binding value");
183 snmp_error("ignoring junk at end of binding");
185 b->asn_len = trailer;
191 * Parse the different PDUs contents. Any ASN error in the outer components
192 * are fatal. Only errors in variable values may be tolerated. If all
193 * components can be parsed it returns either ASN_ERR_OK or the first
194 * error that was found.
197 snmp_parse_pdus_hdr(struct asn_buf *b, struct snmp_pdu *pdu, asn_len_t *lenp)
199 if (pdu->type == SNMP_PDU_TRAP) {
200 if (asn_get_objid(b, &pdu->enterprise) != ASN_ERR_OK) {
201 snmp_error("cannot parse trap enterprise");
202 return (ASN_ERR_FAILED);
204 if (asn_get_ipaddress(b, pdu->agent_addr) != ASN_ERR_OK) {
205 snmp_error("cannot parse trap agent address");
206 return (ASN_ERR_FAILED);
208 if (asn_get_integer(b, &pdu->generic_trap) != ASN_ERR_OK) {
209 snmp_error("cannot parse 'generic-trap'");
210 return (ASN_ERR_FAILED);
212 if (asn_get_integer(b, &pdu->specific_trap) != ASN_ERR_OK) {
213 snmp_error("cannot parse 'specific-trap'");
214 return (ASN_ERR_FAILED);
216 if (asn_get_timeticks(b, &pdu->time_stamp) != ASN_ERR_OK) {
217 snmp_error("cannot parse trap 'time-stamp'");
218 return (ASN_ERR_FAILED);
221 if (asn_get_integer(b, &pdu->request_id) != ASN_ERR_OK) {
222 snmp_error("cannot parse 'request-id'");
223 return (ASN_ERR_FAILED);
225 if (asn_get_integer(b, &pdu->error_status) != ASN_ERR_OK) {
226 snmp_error("cannot parse 'error_status'");
227 return (ASN_ERR_FAILED);
229 if (asn_get_integer(b, &pdu->error_index) != ASN_ERR_OK) {
230 snmp_error("cannot parse 'error_index'");
231 return (ASN_ERR_FAILED);
235 if (asn_get_sequence(b, lenp) != ASN_ERR_OK) {
236 snmp_error("cannot get varlist header");
237 return (ASN_ERR_FAILED);
244 parse_pdus(struct asn_buf *b, struct snmp_pdu *pdu, int32_t *ip)
246 asn_len_t len, trailer;
247 struct snmp_value *v;
248 enum asn_err err, err1;
250 err = snmp_parse_pdus_hdr(b, pdu, &len);
251 if (ASN_ERR_STOPPED(err))
254 trailer = b->asn_len - len;
258 while (b->asn_len != 0) {
259 if (pdu->nbindings == SNMP_MAX_BINDINGS) {
260 snmp_error("too many bindings (> %u) in PDU",
262 return (ASN_ERR_FAILED);
264 err1 = get_var_binding(b, v);
265 if (ASN_ERR_STOPPED(err1))
266 return (ASN_ERR_FAILED);
267 if (err1 != ASN_ERR_OK && err == ASN_ERR_OK) {
269 *ip = pdu->nbindings + 1;
275 b->asn_len = trailer;
282 parse_secparams(struct asn_buf *b, struct snmp_pdu *pdu)
285 u_char buf[256]; /* XXX: calc max possible size here */
292 if (asn_get_octetstring(b, buf, &tb.asn_len) != ASN_ERR_OK) {
293 snmp_error("cannot parse usm header");
294 return (ASN_ERR_FAILED);
297 if (asn_get_sequence(&tb, &octs_len) != ASN_ERR_OK) {
298 snmp_error("cannot decode usm header");
299 return (ASN_ERR_FAILED);
302 octs_len = SNMP_ENGINE_ID_SIZ;
303 if (asn_get_octetstring(&tb, (u_char *)&pdu->engine.engine_id,
304 &octs_len) != ASN_ERR_OK) {
305 snmp_error("cannot decode msg engine id");
306 return (ASN_ERR_FAILED);
308 pdu->engine.engine_len = octs_len;
310 if (asn_get_integer(&tb, &pdu->engine.engine_boots) != ASN_ERR_OK) {
311 snmp_error("cannot decode msg engine boots");
312 return (ASN_ERR_FAILED);
315 if (asn_get_integer(&tb, &pdu->engine.engine_time) != ASN_ERR_OK) {
316 snmp_error("cannot decode msg engine time");
317 return (ASN_ERR_FAILED);
320 octs_len = SNMP_ADM_STR32_SIZ - 1;
321 if (asn_get_octetstring(&tb, (u_char *)&pdu->user.sec_name, &octs_len)
323 snmp_error("cannot decode msg user name");
324 return (ASN_ERR_FAILED);
326 pdu->user.sec_name[octs_len] = '\0';
328 octs_len = sizeof(pdu->msg_digest);
329 if (asn_get_octetstring(&tb, (u_char *)&pdu->msg_digest, &octs_len) !=
330 ASN_ERR_OK || ((pdu->flags & SNMP_MSG_AUTH_FLAG) != 0 &&
331 octs_len != sizeof(pdu->msg_digest))) {
332 snmp_error("cannot decode msg authentication param");
333 return (ASN_ERR_FAILED);
336 octs_len = sizeof(pdu->msg_salt);
337 if (asn_get_octetstring(&tb, (u_char *)&pdu->msg_salt, &octs_len) !=
338 ASN_ERR_OK ||((pdu->flags & SNMP_MSG_PRIV_FLAG) != 0 &&
339 octs_len != sizeof(pdu->msg_salt))) {
340 snmp_error("cannot decode msg authentication param");
341 return (ASN_ERR_FAILED);
344 if ((pdu->flags & SNMP_MSG_AUTH_FLAG) != 0) {
345 pdu->digest_ptr = b->asn_ptr - SNMP_USM_AUTH_SIZE;
346 pdu->digest_ptr -= octs_len + ASN_MAXLENLEN;
352 static enum snmp_code
353 pdu_encode_secparams(struct asn_buf *b, struct snmp_pdu *pdu)
355 u_char buf[256], *sptr;
357 size_t auth_off, moved = 0;
364 if (asn_put_temp_header(&tb, (ASN_TYPE_SEQUENCE|ASN_TYPE_CONSTRUCTED),
365 &sptr) != ASN_ERR_OK)
366 return (SNMP_CODE_FAILED);
368 if (asn_put_octetstring(&tb, (u_char *)pdu->engine.engine_id,
369 pdu->engine.engine_len) != ASN_ERR_OK)
370 return (SNMP_CODE_FAILED);
372 if (asn_put_integer(&tb, pdu->engine.engine_boots) != ASN_ERR_OK)
373 return (SNMP_CODE_FAILED);
375 if (asn_put_integer(&tb, pdu->engine.engine_time) != ASN_ERR_OK)
376 return (SNMP_CODE_FAILED);
378 if (asn_put_octetstring(&tb, (u_char *)pdu->user.sec_name,
379 strlen(pdu->user.sec_name)) != ASN_ERR_OK)
380 return (SNMP_CODE_FAILED);
382 if ((pdu->flags & SNMP_MSG_AUTH_FLAG) != 0) {
383 auth_off = sizeof(buf) - tb.asn_len + ASN_MAXLENLEN;
384 if (asn_put_octetstring(&tb, (u_char *)pdu->msg_digest,
385 sizeof(pdu->msg_digest)) != ASN_ERR_OK)
386 return (SNMP_CODE_FAILED);
388 if (asn_put_octetstring(&tb, (u_char *)pdu->msg_digest, 0)
390 return (SNMP_CODE_FAILED);
393 if ((pdu->flags & SNMP_MSG_PRIV_FLAG) != 0) {
394 if (asn_put_octetstring(&tb, (u_char *)pdu->msg_salt,
395 sizeof(pdu->msg_salt)) != ASN_ERR_OK)
396 return (SNMP_CODE_FAILED);
398 if (asn_put_octetstring(&tb, (u_char *)pdu->msg_salt, 0)
400 return (SNMP_CODE_FAILED);
403 if (asn_commit_header(&tb, sptr, &moved) != ASN_ERR_OK)
404 return (SNMP_CODE_FAILED);
406 if ((pdu->flags & SNMP_MSG_AUTH_FLAG) != 0)
407 pdu->digest_ptr = b->asn_ptr + auth_off - moved;
409 if (asn_put_octetstring(b, buf, sizeof(buf) - tb.asn_len) != ASN_ERR_OK)
410 return (SNMP_CODE_FAILED);
411 pdu->digest_ptr += ASN_MAXLENLEN;
413 if ((pdu->flags & SNMP_MSG_PRIV_FLAG) != 0 && asn_put_temp_header(b,
414 ASN_TYPE_OCTETSTRING, &pdu->encrypted_ptr) != ASN_ERR_OK)
415 return (SNMP_CODE_FAILED);
417 return (SNMP_CODE_OK);
421 * Decode the PDU except for the variable bindings itself.
422 * If decoding fails because of a bad binding, but the rest can be
423 * decoded, ip points to the index of the failed variable (errors
424 * OORANGE, BADLEN or BADVERS).
427 snmp_pdu_decode(struct asn_buf *b, struct snmp_pdu *pdu, int32_t *ip)
431 if ((code = snmp_pdu_decode_header(b, pdu)) != SNMP_CODE_OK)
434 if (pdu->version == SNMP_V3) {
435 if (pdu->security_model != SNMP_SECMODEL_USM)
436 return (SNMP_CODE_FAILED);
437 if ((code = snmp_pdu_decode_secmode(b, pdu)) != SNMP_CODE_OK)
441 code = snmp_pdu_decode_scoped(b, pdu, ip);
444 case SNMP_CODE_FAILED:
448 case SNMP_CODE_BADENC:
449 if (pdu->version == SNMP_Verr)
450 return (SNMP_CODE_BADVERS);
460 snmp_pdu_decode_header(struct asn_buf *b, struct snmp_pdu *pdu)
466 pdu->outer_ptr = b->asn_ptr;
467 pdu->outer_len = b->asn_len;
469 if (asn_get_sequence(b, &len) != ASN_ERR_OK) {
470 snmp_error("cannot decode pdu header");
471 return (SNMP_CODE_FAILED);
473 if (b->asn_len < len) {
474 snmp_error("outer sequence value too short");
475 return (SNMP_CODE_FAILED);
477 if (b->asn_len != len) {
478 snmp_error("ignoring trailing junk in message");
482 if (asn_get_integer(b, &version) != ASN_ERR_OK) {
483 snmp_error("cannot decode version");
484 return (SNMP_CODE_FAILED);
488 pdu->version = SNMP_V1;
489 else if (version == 1)
490 pdu->version = SNMP_V2c;
491 else if (version == 3)
492 pdu->version = SNMP_V3;
494 pdu->version = SNMP_Verr;
495 snmp_error("unsupported SNMP version");
496 return (SNMP_CODE_BADENC);
499 if (pdu->version == SNMP_V3) {
500 if (asn_get_sequence(b, &len) != ASN_ERR_OK) {
501 snmp_error("cannot decode pdu global data header");
502 return (SNMP_CODE_FAILED);
505 if (asn_get_integer(b, &pdu->identifier) != ASN_ERR_OK) {
506 snmp_error("cannot decode msg indetifier");
507 return (SNMP_CODE_FAILED);
510 if (asn_get_integer(b, &pdu->engine.max_msg_size)
512 snmp_error("cannot decode msg size");
513 return (SNMP_CODE_FAILED);
517 if (asn_get_octetstring(b, (u_char *)&pdu->flags,
518 &octs_len) != ASN_ERR_OK) {
519 snmp_error("cannot decode msg flags");
520 return (SNMP_CODE_FAILED);
523 if (asn_get_integer(b, &pdu->security_model) != ASN_ERR_OK) {
524 snmp_error("cannot decode msg size");
525 return (SNMP_CODE_FAILED);
528 if (pdu->security_model != SNMP_SECMODEL_USM)
529 return (SNMP_CODE_FAILED);
531 if (parse_secparams(b, pdu) != ASN_ERR_OK)
532 return (SNMP_CODE_FAILED);
534 octs_len = SNMP_COMMUNITY_MAXLEN;
535 if (asn_get_octetstring(b, (u_char *)pdu->community,
536 &octs_len) != ASN_ERR_OK) {
537 snmp_error("cannot decode community");
538 return (SNMP_CODE_FAILED);
540 pdu->community[octs_len] = '\0';
543 return (SNMP_CODE_OK);
547 snmp_pdu_decode_scoped(struct asn_buf *b, struct snmp_pdu *pdu, int32_t *ip)
550 asn_len_t len, trailer;
553 if (pdu->version == SNMP_V3) {
554 if (asn_get_sequence(b, &len) != ASN_ERR_OK) {
555 snmp_error("cannot decode scoped pdu header");
556 return (SNMP_CODE_FAILED);
559 len = SNMP_ENGINE_ID_SIZ;
560 if (asn_get_octetstring(b, (u_char *)&pdu->context_engine,
561 &len) != ASN_ERR_OK) {
562 snmp_error("cannot decode msg context engine");
563 return (SNMP_CODE_FAILED);
565 pdu->context_engine_len = len;
567 len = SNMP_CONTEXT_NAME_SIZ;
568 if (asn_get_octetstring(b, (u_char *)&pdu->context_name,
569 &len) != ASN_ERR_OK) {
570 snmp_error("cannot decode msg context name");
571 return (SNMP_CODE_FAILED);
573 pdu->context_name[len] = '\0';
576 if (asn_get_header(b, &type, &len) != ASN_ERR_OK) {
577 snmp_error("cannot get pdu header");
578 return (SNMP_CODE_FAILED);
580 if ((type & ~ASN_TYPE_MASK) !=
581 (ASN_TYPE_CONSTRUCTED | ASN_CLASS_CONTEXT)) {
582 snmp_error("bad pdu header tag");
583 return (SNMP_CODE_FAILED);
585 pdu->type = type & ASN_TYPE_MASK;
590 case SNMP_PDU_GETNEXT:
591 case SNMP_PDU_RESPONSE:
596 if (pdu->version != SNMP_V1) {
597 snmp_error("bad pdu type %u", pdu->type);
598 return (SNMP_CODE_FAILED);
602 case SNMP_PDU_GETBULK:
603 case SNMP_PDU_INFORM:
605 case SNMP_PDU_REPORT:
606 if (pdu->version == SNMP_V1) {
607 snmp_error("bad pdu type %u", pdu->type);
608 return (SNMP_CODE_FAILED);
613 snmp_error("bad pdu type %u", pdu->type);
614 return (SNMP_CODE_FAILED);
617 trailer = b->asn_len - len;
620 err = parse_pdus(b, pdu, ip);
621 if (ASN_ERR_STOPPED(err))
622 return (SNMP_CODE_FAILED);
625 snmp_error("ignoring trailing junk after pdu");
627 b->asn_len = trailer;
629 return (SNMP_CODE_OK);
633 snmp_pdu_decode_secmode(struct asn_buf *b, struct snmp_pdu *pdu)
637 uint8_t digest[SNMP_USM_AUTH_SIZE];
639 if (pdu->user.auth_proto != SNMP_AUTH_NOAUTH &&
640 (pdu->flags & SNMP_MSG_AUTH_FLAG) == 0)
641 return (SNMP_CODE_BADSECLEVEL);
643 if ((code = snmp_pdu_calc_digest(pdu, digest)) !=
645 return (SNMP_CODE_FAILED);
647 if (pdu->user.auth_proto != SNMP_AUTH_NOAUTH &&
648 memcmp(digest, pdu->msg_digest, sizeof(pdu->msg_digest)) != 0)
649 return (SNMP_CODE_BADDIGEST);
651 if (pdu->user.priv_proto != SNMP_PRIV_NOPRIV && (asn_get_header(b, &type,
652 &pdu->scoped_len) != ASN_ERR_OK || type != ASN_TYPE_OCTETSTRING)) {
653 snmp_error("cannot decode encrypted pdu");
654 return (SNMP_CODE_FAILED);
656 pdu->scoped_ptr = b->asn_ptr;
658 if (pdu->user.priv_proto != SNMP_PRIV_NOPRIV &&
659 (pdu->flags & SNMP_MSG_PRIV_FLAG) == 0)
660 return (SNMP_CODE_BADSECLEVEL);
662 if ((code = snmp_pdu_decrypt(pdu)) != SNMP_CODE_OK)
663 return (SNMP_CODE_FAILED);
669 * Check whether what we have is the complete PDU by snooping at the
670 * enclosing structure header. This returns:
671 * -1 if there are ASN.1 errors
672 * 0 if we need more data
673 * > 0 the length of this PDU
676 snmp_pdu_snoop(const struct asn_buf *b0)
680 struct asn_buf b = *b0;
682 /* <0x10|0x20> <len> <data...> */
686 if (b.asn_cptr[0] != (ASN_TYPE_SEQUENCE | ASN_TYPE_CONSTRUCTED)) {
687 asn_error(&b, "bad sequence type %u", b.asn_cptr[0]);
696 if (*b.asn_cptr & 0x80) {
698 length = *b.asn_cptr++ & 0x7f;
701 asn_error(&b, "indefinite length not supported");
704 if (length > ASN_MAXLENLEN) {
705 asn_error(&b, "long length too long (%u)", length);
708 if (length > b.asn_len)
712 len = (len << 8) | *b.asn_cptr++;
723 return (len + b.asn_cptr - b0->asn_cptr);
727 * Encode the SNMP PDU without the variable bindings field.
728 * We do this the rather uneffective way by
729 * moving things around and assuming that the length field will never
730 * use more than 2 bytes.
731 * We need a number of pointers to apply the fixes afterwards.
734 snmp_pdu_encode_header(struct asn_buf *b, struct snmp_pdu *pdu)
739 if (asn_put_temp_header(b, (ASN_TYPE_SEQUENCE|ASN_TYPE_CONSTRUCTED),
740 &pdu->outer_ptr) != ASN_ERR_OK)
741 return (SNMP_CODE_FAILED);
743 if (pdu->version == SNMP_V1)
744 err = asn_put_integer(b, 0);
745 else if (pdu->version == SNMP_V2c)
746 err = asn_put_integer(b, 1);
747 else if (pdu->version == SNMP_V3)
748 err = asn_put_integer(b, 3);
750 return (SNMP_CODE_BADVERS);
751 if (err != ASN_ERR_OK)
752 return (SNMP_CODE_FAILED);
754 if (pdu->version == SNMP_V3) {
755 if (asn_put_temp_header(b, (ASN_TYPE_SEQUENCE |
756 ASN_TYPE_CONSTRUCTED), &v3_hdr_ptr) != ASN_ERR_OK)
757 return (SNMP_CODE_FAILED);
759 if (asn_put_integer(b, pdu->identifier) != ASN_ERR_OK)
760 return (SNMP_CODE_FAILED);
762 if (asn_put_integer(b, pdu->engine.max_msg_size) != ASN_ERR_OK)
763 return (SNMP_CODE_FAILED);
765 if (pdu->type != SNMP_PDU_RESPONSE &&
766 pdu->type != SNMP_PDU_TRAP &&
767 pdu->type != SNMP_PDU_TRAP2 &&
768 pdu->type != SNMP_PDU_REPORT)
769 pdu->flags |= SNMP_MSG_REPORT_FLAG;
771 if (asn_put_octetstring(b, (u_char *)&pdu->flags, 1)
773 return (SNMP_CODE_FAILED);
775 if (asn_put_integer(b, pdu->security_model) != ASN_ERR_OK)
776 return (SNMP_CODE_FAILED);
778 if (asn_commit_header(b, v3_hdr_ptr, NULL) != ASN_ERR_OK)
779 return (SNMP_CODE_FAILED);
781 if (pdu->security_model != SNMP_SECMODEL_USM)
782 return (SNMP_CODE_FAILED);
784 if (pdu_encode_secparams(b, pdu) != SNMP_CODE_OK)
785 return (SNMP_CODE_FAILED);
787 /* View-based Access Conntrol information */
788 if (asn_put_temp_header(b, (ASN_TYPE_SEQUENCE |
789 ASN_TYPE_CONSTRUCTED), &pdu->scoped_ptr) != ASN_ERR_OK)
790 return (SNMP_CODE_FAILED);
792 if (asn_put_octetstring(b, (u_char *)pdu->context_engine,
793 pdu->context_engine_len) != ASN_ERR_OK)
794 return (SNMP_CODE_FAILED);
796 if (asn_put_octetstring(b, (u_char *)pdu->context_name,
797 strlen(pdu->context_name)) != ASN_ERR_OK)
798 return (SNMP_CODE_FAILED);
800 if (asn_put_octetstring(b, (u_char *)pdu->community,
801 strlen(pdu->community)) != ASN_ERR_OK)
802 return (SNMP_CODE_FAILED);
805 if (asn_put_temp_header(b, (ASN_TYPE_CONSTRUCTED | ASN_CLASS_CONTEXT |
806 pdu->type), &pdu->pdu_ptr) != ASN_ERR_OK)
807 return (SNMP_CODE_FAILED);
809 if (pdu->type == SNMP_PDU_TRAP) {
810 if (pdu->version != SNMP_V1 ||
811 asn_put_objid(b, &pdu->enterprise) != ASN_ERR_OK ||
812 asn_put_ipaddress(b, pdu->agent_addr) != ASN_ERR_OK ||
813 asn_put_integer(b, pdu->generic_trap) != ASN_ERR_OK ||
814 asn_put_integer(b, pdu->specific_trap) != ASN_ERR_OK ||
815 asn_put_timeticks(b, pdu->time_stamp) != ASN_ERR_OK)
816 return (SNMP_CODE_FAILED);
818 if (pdu->version == SNMP_V1 && (pdu->type == SNMP_PDU_GETBULK ||
819 pdu->type == SNMP_PDU_INFORM ||
820 pdu->type == SNMP_PDU_TRAP2 ||
821 pdu->type == SNMP_PDU_REPORT))
822 return (SNMP_CODE_FAILED);
824 if (asn_put_integer(b, pdu->request_id) != ASN_ERR_OK ||
825 asn_put_integer(b, pdu->error_status) != ASN_ERR_OK ||
826 asn_put_integer(b, pdu->error_index) != ASN_ERR_OK)
827 return (SNMP_CODE_FAILED);
830 if (asn_put_temp_header(b, (ASN_TYPE_SEQUENCE|ASN_TYPE_CONSTRUCTED),
831 &pdu->vars_ptr) != ASN_ERR_OK)
832 return (SNMP_CODE_FAILED);
834 return (SNMP_CODE_OK);
838 snmp_pdu_fix_padd(struct asn_buf *b, struct snmp_pdu *pdu)
842 if (pdu->user.priv_proto == SNMP_PRIV_DES && pdu->scoped_len % 8 != 0) {
843 padlen = 8 - (pdu->scoped_len % 8);
844 if (asn_pad(b, padlen) != ASN_ERR_OK)
845 return (ASN_ERR_FAILED);
846 pdu->scoped_len += padlen;
853 snmp_fix_encoding(struct asn_buf *b, struct snmp_pdu *pdu)
858 if (asn_commit_header(b, pdu->vars_ptr, NULL) != ASN_ERR_OK ||
859 asn_commit_header(b, pdu->pdu_ptr, NULL) != ASN_ERR_OK)
860 return (SNMP_CODE_FAILED);
862 if (pdu->version == SNMP_V3) {
863 if (asn_commit_header(b, pdu->scoped_ptr, NULL) != ASN_ERR_OK)
864 return (SNMP_CODE_FAILED);
866 pdu->scoped_len = b->asn_ptr - pdu->scoped_ptr;
867 if ((code = snmp_pdu_fix_padd(b, pdu))!= ASN_ERR_OK)
868 return (SNMP_CODE_FAILED);
870 if (pdu->security_model != SNMP_SECMODEL_USM)
871 return (SNMP_CODE_FAILED);
873 if (snmp_pdu_encrypt(pdu) != SNMP_CODE_OK)
874 return (SNMP_CODE_FAILED);
876 if (pdu->user.priv_proto != SNMP_PRIV_NOPRIV &&
877 asn_commit_header(b, pdu->encrypted_ptr, NULL) != ASN_ERR_OK)
878 return (SNMP_CODE_FAILED);
881 if (asn_commit_header(b, pdu->outer_ptr, &moved) != ASN_ERR_OK)
882 return (SNMP_CODE_FAILED);
884 pdu->outer_len = b->asn_ptr - pdu->outer_ptr;
885 pdu->digest_ptr -= moved;
887 if (pdu->version == SNMP_V3) {
888 if ((code = snmp_pdu_calc_digest(pdu, pdu->msg_digest)) !=
890 return (SNMP_CODE_FAILED);
892 if ((pdu->flags & SNMP_MSG_AUTH_FLAG) != 0)
893 memcpy(pdu->digest_ptr, pdu->msg_digest,
894 sizeof(pdu->msg_digest));
897 return (SNMP_CODE_OK);
901 * Encode a binding. Caller must ensure, that the syntax is ok for that version.
902 * Be sure not to cobber b, when something fails.
905 snmp_binding_encode(struct asn_buf *b, const struct snmp_value *binding)
909 struct asn_buf save = *b;
911 if ((err = asn_put_temp_header(b, (ASN_TYPE_SEQUENCE |
912 ASN_TYPE_CONSTRUCTED), &ptr)) != ASN_ERR_OK) {
917 if ((err = asn_put_objid(b, &binding->var)) != ASN_ERR_OK) {
922 switch (binding->syntax) {
924 case SNMP_SYNTAX_NULL:
925 err = asn_put_null(b);
928 case SNMP_SYNTAX_INTEGER:
929 err = asn_put_integer(b, binding->v.integer);
932 case SNMP_SYNTAX_OCTETSTRING:
933 err = asn_put_octetstring(b, binding->v.octetstring.octets,
934 binding->v.octetstring.len);
937 case SNMP_SYNTAX_OID:
938 err = asn_put_objid(b, &binding->v.oid);
941 case SNMP_SYNTAX_IPADDRESS:
942 err = asn_put_ipaddress(b, binding->v.ipaddress);
945 case SNMP_SYNTAX_TIMETICKS:
946 err = asn_put_uint32(b, ASN_APP_TIMETICKS, binding->v.uint32);
949 case SNMP_SYNTAX_COUNTER:
950 err = asn_put_uint32(b, ASN_APP_COUNTER, binding->v.uint32);
953 case SNMP_SYNTAX_GAUGE:
954 err = asn_put_uint32(b, ASN_APP_GAUGE, binding->v.uint32);
957 case SNMP_SYNTAX_COUNTER64:
958 err = asn_put_counter64(b, binding->v.counter64);
961 case SNMP_SYNTAX_NOSUCHOBJECT:
962 err = asn_put_exception(b, ASN_EXCEPT_NOSUCHOBJECT);
965 case SNMP_SYNTAX_NOSUCHINSTANCE:
966 err = asn_put_exception(b, ASN_EXCEPT_NOSUCHINSTANCE);
969 case SNMP_SYNTAX_ENDOFMIBVIEW:
970 err = asn_put_exception(b, ASN_EXCEPT_ENDOFMIBVIEW);
974 if (err != ASN_ERR_OK) {
979 err = asn_commit_header(b, ptr, NULL);
980 if (err != ASN_ERR_OK) {
992 snmp_pdu_encode(struct snmp_pdu *pdu, struct asn_buf *resp_b)
997 if ((err = snmp_pdu_encode_header(resp_b, pdu)) != SNMP_CODE_OK)
999 for (idx = 0; idx < pdu->nbindings; idx++)
1000 if ((err = snmp_binding_encode(resp_b, &pdu->bindings[idx]))
1002 return (SNMP_CODE_FAILED);
1004 return (snmp_fix_encoding(resp_b, pdu));
1008 dump_binding(const struct snmp_value *b)
1011 char buf[ASN_OIDSTRLEN];
1013 snmp_printf("%s=", asn_oid2str_r(&b->var, buf));
1014 switch (b->syntax) {
1016 case SNMP_SYNTAX_NULL:
1017 snmp_printf("NULL");
1020 case SNMP_SYNTAX_INTEGER:
1021 snmp_printf("INTEGER %d", b->v.integer);
1024 case SNMP_SYNTAX_OCTETSTRING:
1025 snmp_printf("OCTET STRING %lu:", b->v.octetstring.len);
1026 for (i = 0; i < b->v.octetstring.len; i++)
1027 snmp_printf(" %02x", b->v.octetstring.octets[i]);
1030 case SNMP_SYNTAX_OID:
1031 snmp_printf("OID %s", asn_oid2str_r(&b->v.oid, buf));
1034 case SNMP_SYNTAX_IPADDRESS:
1035 snmp_printf("IPADDRESS %u.%u.%u.%u", b->v.ipaddress[0],
1036 b->v.ipaddress[1], b->v.ipaddress[2], b->v.ipaddress[3]);
1039 case SNMP_SYNTAX_COUNTER:
1040 snmp_printf("COUNTER %u", b->v.uint32);
1043 case SNMP_SYNTAX_GAUGE:
1044 snmp_printf("GAUGE %u", b->v.uint32);
1047 case SNMP_SYNTAX_TIMETICKS:
1048 snmp_printf("TIMETICKS %u", b->v.uint32);
1051 case SNMP_SYNTAX_COUNTER64:
1052 snmp_printf("COUNTER64 %lld", b->v.counter64);
1055 case SNMP_SYNTAX_NOSUCHOBJECT:
1056 snmp_printf("NoSuchObject");
1059 case SNMP_SYNTAX_NOSUCHINSTANCE:
1060 snmp_printf("NoSuchInstance");
1063 case SNMP_SYNTAX_ENDOFMIBVIEW:
1064 snmp_printf("EndOfMibView");
1068 snmp_printf("UNKNOWN SYNTAX %u", b->syntax);
1073 static __inline void
1074 dump_bindings(const struct snmp_pdu *pdu)
1078 for (i = 0; i < pdu->nbindings; i++) {
1079 snmp_printf(" [%u]: ", i);
1080 dump_binding(&pdu->bindings[i]);
1085 static __inline void
1086 dump_notrap(const struct snmp_pdu *pdu)
1088 snmp_printf(" request_id=%d", pdu->request_id);
1089 snmp_printf(" error_status=%d", pdu->error_status);
1090 snmp_printf(" error_index=%d\n", pdu->error_index);
1095 snmp_pdu_dump(const struct snmp_pdu *pdu)
1097 char buf[ASN_OIDSTRLEN];
1099 static const char *types[] = {
1100 [SNMP_PDU_GET] = "GET",
1101 [SNMP_PDU_GETNEXT] = "GETNEXT",
1102 [SNMP_PDU_RESPONSE] = "RESPONSE",
1103 [SNMP_PDU_SET] = "SET",
1104 [SNMP_PDU_TRAP] = "TRAPv1",
1105 [SNMP_PDU_GETBULK] = "GETBULK",
1106 [SNMP_PDU_INFORM] = "INFORM",
1107 [SNMP_PDU_TRAP2] = "TRAPv2",
1108 [SNMP_PDU_REPORT] = "REPORT",
1111 if (pdu->version == SNMP_V1)
1113 else if (pdu->version == SNMP_V2c)
1115 else if (pdu->version == SNMP_V3)
1120 switch (pdu->type) {
1122 snmp_printf("%s %s '%s'", types[pdu->type], vers, pdu->community);
1123 snmp_printf(" enterprise=%s", asn_oid2str_r(&pdu->enterprise, buf));
1124 snmp_printf(" agent_addr=%u.%u.%u.%u", pdu->agent_addr[0],
1125 pdu->agent_addr[1], pdu->agent_addr[2], pdu->agent_addr[3]);
1126 snmp_printf(" generic_trap=%d", pdu->generic_trap);
1127 snmp_printf(" specific_trap=%d", pdu->specific_trap);
1128 snmp_printf(" time-stamp=%u\n", pdu->time_stamp);
1133 case SNMP_PDU_GETNEXT:
1134 case SNMP_PDU_RESPONSE:
1136 case SNMP_PDU_GETBULK:
1137 case SNMP_PDU_INFORM:
1138 case SNMP_PDU_TRAP2:
1139 case SNMP_PDU_REPORT:
1140 snmp_printf("%s %s '%s'", types[pdu->type], vers, pdu->community);
1145 snmp_printf("bad pdu type %u\n", pdu->type);
1151 snmp_value_free(struct snmp_value *value)
1153 if (value->syntax == SNMP_SYNTAX_OCTETSTRING)
1154 free(value->v.octetstring.octets);
1155 value->syntax = SNMP_SYNTAX_NULL;
1159 snmp_value_copy(struct snmp_value *to, const struct snmp_value *from)
1161 to->var = from->var;
1162 to->syntax = from->syntax;
1164 if (from->syntax == SNMP_SYNTAX_OCTETSTRING) {
1165 if ((to->v.octetstring.len = from->v.octetstring.len) == 0)
1166 to->v.octetstring.octets = NULL;
1168 to->v.octetstring.octets = malloc(to->v.octetstring.len);
1169 if (to->v.octetstring.octets == NULL)
1171 (void)memcpy(to->v.octetstring.octets,
1172 from->v.octetstring.octets, to->v.octetstring.len);
1180 snmp_pdu_init_secparams(struct snmp_pdu *pdu)
1184 if (pdu->user.auth_proto != SNMP_AUTH_NOAUTH)
1185 pdu->flags |= SNMP_MSG_AUTH_FLAG;
1187 switch (pdu->user.priv_proto) {
1189 memcpy(pdu->msg_salt, &pdu->engine.engine_boots,
1190 sizeof(pdu->engine.engine_boots));
1192 memcpy(pdu->msg_salt + sizeof(pdu->engine.engine_boots), &rval,
1194 pdu->flags |= SNMP_MSG_PRIV_FLAG;
1198 memcpy(pdu->msg_salt, &rval, sizeof(int32_t));
1200 memcpy(pdu->msg_salt + sizeof(int32_t), &rval, sizeof(int32_t));
1201 pdu->flags |= SNMP_MSG_PRIV_FLAG;
1209 snmp_pdu_free(struct snmp_pdu *pdu)
1213 for (i = 0; i < pdu->nbindings; i++)
1214 snmp_value_free(&pdu->bindings[i]);
1218 * Parse an ASCII SNMP value into the binary form
1221 snmp_value_parse(const char *str, enum snmp_syntax syntax, union snmp_values *v)
1227 case SNMP_SYNTAX_NULL:
1228 case SNMP_SYNTAX_NOSUCHOBJECT:
1229 case SNMP_SYNTAX_NOSUCHINSTANCE:
1230 case SNMP_SYNTAX_ENDOFMIBVIEW:
1235 case SNMP_SYNTAX_INTEGER:
1236 v->integer = strtoll(str, &end, 0);
1241 case SNMP_SYNTAX_OCTETSTRING:
1243 u_long len; /* actual length of string */
1244 u_long alloc; /* allocate length of string */
1245 u_char *octs; /* actual octets */
1246 u_long oct; /* actual octet */
1247 u_char *nocts; /* to avoid memory leak */
1248 u_char c; /* actual character */
1250 # define STUFFC(C) \
1251 if (alloc == len) { \
1253 if ((nocts = realloc(octs, alloc)) == NULL) { \
1266 while((c = *str++) != '\0') {
1275 switch (c = *str++) {
1302 if (!isxdigit(*str))
1306 else if (isupper(*str))
1307 c = *str++ - 'A' + 10;
1309 c = *str++ - 'a' + 10;
1310 if (!isxdigit(*str))
1314 else if (isupper(*str))
1315 c += *str++ - 'A' + 10;
1317 c += *str++ - 'a' + 10;
1319 case '0': case '1': case '2':
1320 case '3': case '4': case '5':
1323 if (*str < '0' || *str > '7')
1326 if (*str < '0' || *str > '7')
1337 while (*str != '\0') {
1338 oct = strtoul(str, &end, 16);
1347 else if(*str != '\0') {
1353 v->octetstring.octets = octs;
1354 v->octetstring.len = len;
1359 case SNMP_SYNTAX_OID:
1366 if (v->oid.len == ASN_MAXOIDLEN)
1368 subid = strtoul(str, &end, 10);
1370 if (subid > ASN_MAXID)
1372 v->oid.subs[v->oid.len++] = (asn_subid_t)subid;
1382 case SNMP_SYNTAX_IPADDRESS:
1388 if (sscanf(str, "%lu.%lu.%lu.%lu%n", &ip[0], &ip[1], &ip[2],
1389 &ip[3], &n) == 4 && (size_t)n == strlen(str) &&
1390 ip[0] <= 0xff && ip[1] <= 0xff &&
1391 ip[2] <= 0xff && ip[3] <= 0xff) {
1392 v->ipaddress[0] = (u_char)ip[0];
1393 v->ipaddress[1] = (u_char)ip[1];
1394 v->ipaddress[2] = (u_char)ip[2];
1395 v->ipaddress[3] = (u_char)ip[3];
1399 if ((he = gethostbyname(str)) == NULL)
1401 if (he->h_addrtype != AF_INET)
1404 v->ipaddress[0] = he->h_addr[0];
1405 v->ipaddress[1] = he->h_addr[1];
1406 v->ipaddress[2] = he->h_addr[2];
1407 v->ipaddress[3] = he->h_addr[3];
1411 case SNMP_SYNTAX_COUNTER:
1412 case SNMP_SYNTAX_GAUGE:
1413 case SNMP_SYNTAX_TIMETICKS:
1417 sub = strtoull(str, &end, 0);
1418 if (*end != '\0' || sub > 0xffffffff)
1420 v->uint32 = (uint32_t)sub;
1424 case SNMP_SYNTAX_COUNTER64:
1425 v->counter64 = strtoull(str, &end, 0);
1434 snmp_error_func(const char *fmt, ...)
1439 fprintf(stderr, "SNMP: ");
1440 vfprintf(stderr, fmt, ap);
1441 fprintf(stderr, "\n");
1446 snmp_printf_func(const char *fmt, ...)
1451 vfprintf(stderr, fmt, ap);