2 * Copyright (c) 2001-2003
3 * Fraunhofer Institute for Open Communication Systems (FhG Fokus).
6 * Author: Harti Brandt <harti@freebsd.org>
8 * Copyright (c) 2010 The FreeBSD Foundation
11 * Portions of this software were developed by Shteryana Sotirova Shopova
12 * under sponsorship from the FreeBSD Foundation.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
23 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * $Begemot: bsnmp/snmpd/main.c,v 1.100 2006/02/14 09:04:20 brandt_h Exp $
40 #include <sys/queue.h>
41 #include <sys/param.h>
43 #include <sys/ucred.h>
58 #ifdef USE_TCPWRAPPERS
59 #include <arpa/inet.h>
69 #define PATH_PID "/var/run/%s.pid"
70 #define PATH_CONFIG "/etc/%s.config"
71 #define PATH_ENGINE "/var/%s.engine"
73 uint64_t this_tick; /* start of processing of current packet (absolute) */
74 uint64_t start_tick; /* start of processing */
76 struct systemg systemg = {
78 { 8, { 1, 3, 6, 1, 4, 1, 1115, 7352 }},
83 struct debug debug = {
85 LOG_DEBUG, /* log_pri */
89 struct snmpd snmpd = {
94 {0, 0, 0, 0}, /* trap1addr */
95 VERS_ENABLE_ALL,/* version_enable */
97 struct snmpd_stats snmpd_stats;
99 struct snmpd_usmstat snmpd_usmstats;
102 struct snmp_engine snmpd_engine;
105 int32_t snmp_serial_no;
107 struct snmpd_target_stats snmpd_target_stats;
109 /* search path for config files */
110 const char *syspath = PATH_SYSCONFIG;
112 /* list of all loaded modules */
113 struct lmodules lmodules = TAILQ_HEAD_INITIALIZER(lmodules);
115 /* list of loaded modules during start-up in the order they were loaded */
116 static struct lmodules modules_start = TAILQ_HEAD_INITIALIZER(modules_start);
118 /* list of all known communities */
119 struct community_list community_list = TAILQ_HEAD_INITIALIZER(community_list);
121 /* list of all known USM users */
122 static struct usm_userlist usm_userlist = SLIST_HEAD_INITIALIZER(usm_userlist);
124 /* A list of all VACM users configured, including v1, v2c and v3 */
125 static struct vacm_userlist vacm_userlist =
126 SLIST_HEAD_INITIALIZER(vacm_userlist);
128 /* A list of all VACM groups */
129 static struct vacm_grouplist vacm_grouplist =
130 SLIST_HEAD_INITIALIZER(vacm_grouplist);
132 static struct vacm_group vacm_default_group = {
136 /* The list of configured access entries */
137 static struct vacm_accesslist vacm_accesslist =
138 TAILQ_HEAD_INITIALIZER(vacm_accesslist);
140 /* The list of configured views */
141 static struct vacm_viewlist vacm_viewlist =
142 SLIST_HEAD_INITIALIZER(vacm_viewlist);
144 /* The list of configured contexts */
145 static struct vacm_contextlist vacm_contextlist =
146 SLIST_HEAD_INITIALIZER(vacm_contextlist);
148 /* list of all installed object resources */
149 struct objres_list objres_list = TAILQ_HEAD_INITIALIZER(objres_list);
151 /* community value generator */
152 static u_int next_community_index = 1;
154 /* list of all known ranges */
155 struct idrange_list idrange_list = TAILQ_HEAD_INITIALIZER(idrange_list);
157 /* identifier generator */
158 u_int next_idrange = 1;
160 /* list of all current timers */
161 struct timer_list timer_list = LIST_HEAD_INITIALIZER(timer_list);
163 /* list of file descriptors */
164 struct fdesc_list fdesc_list = LIST_HEAD_INITIALIZER(fdesc_list);
166 /* program arguments */
167 static char **progargs;
168 static int nprogargs;
170 /* current community */
172 static struct community *comm;
174 /* current USM user */
175 struct usm_user *usm_user;
178 static char config_file[MAXPATHLEN + 1];
179 static char pid_file[MAXPATHLEN + 1];
180 char engine_file[MAXPATHLEN + 1];
182 #ifndef USE_LIBBEGEMOT
184 static evContext evctx;
188 static sigset_t blocked_sigs;
190 /* signal handling */
192 #define WORK_DOINFO 0x0001
193 #define WORK_RECONFIG 0x0002
196 static const struct asn_oid
197 oid_snmpMIB = OIDX_snmpMIB,
198 oid_begemotSnmpd = OIDX_begemotSnmpd,
199 oid_coldStart = OIDX_coldStart,
200 oid_authenticationFailure = OIDX_authenticationFailure;
202 const struct asn_oid oid_zeroDotZero = { 2, { 0, 0 }};
204 const struct asn_oid oid_usmUnknownEngineIDs =
205 { 11, { 1, 3, 6, 1, 6, 3, 15, 1, 1, 4, 0}};
207 const struct asn_oid oid_usmNotInTimeWindows =
208 { 11, { 1, 3, 6, 1, 6, 3, 15, 1, 1, 2, 0}};
210 /* request id generator for traps */
214 static const char usgtxt[] = "\
215 Begemot simple SNMP daemon. Copyright (c) 2001-2002 Fraunhofer Institute for\n\
216 Open Communication Systems (FhG Fokus). All rights reserved.\n\
217 Copyright (c) 2010 The FreeBSD Foundation. All rights reserved.\n\
218 usage: snmpd [-dh] [-c file] [-D options] [-e file] [-I path]\n\
219 [-l prefix] [-m variable=value] [-p file]\n\
221 -d don't daemonize\n\
222 -h print this info\n\
223 -c file specify configuration file\n\
224 -D options debugging options\n\
225 -e file specify engine id file\n\
226 -I path system include path\n\
227 -l prefix default basename for pid and config file\n\
228 -m var=val define variable\n\
229 -p file specify pid file\n\
232 /* hosts_access(3) request */
233 #ifdef USE_TCPWRAPPERS
234 static struct request_info req;
238 extern const struct transport_def udp_trans;
239 extern const struct transport_def lsock_trans;
241 struct transport_list transport_list = TAILQ_HEAD_INITIALIZER(transport_list);
243 /* forward declarations */
244 static void snmp_printf_func(const char *fmt, ...);
245 static void snmp_error_func(const char *err, ...);
246 static void snmp_debug_func(const char *err, ...);
247 static void asn_error_func(const struct asn_buf *b, const char *err, ...);
250 * Allocate rx/tx buffer. We allocate one byte more for rx.
257 if ((buf = malloc(tx ? snmpd.txbuf : snmpd.rxbuf)) == NULL) {
258 syslog(LOG_CRIT, "cannot allocate buffer");
260 snmpd_stats.noTxbuf++;
262 snmpd_stats.noRxbuf++;
269 * Return the buffer size.
274 return (tx ? snmpd.txbuf : snmpd.rxbuf);
278 * Prepare a PDU for output
281 snmp_output(struct snmp_pdu *pdu, u_char *sndbuf, size_t *sndlen,
284 struct asn_buf resp_b;
287 resp_b.asn_ptr = sndbuf;
288 resp_b.asn_len = snmpd.txbuf;
290 if ((code = snmp_pdu_encode(pdu, &resp_b)) != SNMP_CODE_OK) {
291 syslog(LOG_ERR, "cannot encode message (code=%d)", code);
294 if (debug.dump_pdus) {
295 snmp_printf("%s <- ", dest);
298 *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
302 * Check USM PDU header credentials against local SNMP Engine & users.
304 static enum snmp_code
305 snmp_pdu_auth_user(struct snmp_pdu *pdu)
310 /* un-authenticated snmpEngineId discovery */
311 if (pdu->engine.engine_len == 0 && strlen(pdu->user.sec_name) == 0) {
312 pdu->engine.engine_len = snmpd_engine.engine_len;
313 memcpy(pdu->engine.engine_id, snmpd_engine.engine_id,
314 snmpd_engine.engine_len);
315 pdu->engine.engine_boots = snmpd_engine.engine_boots;
316 pdu->engine.engine_time = snmpd_engine.engine_time;
317 pdu->flags |= SNMP_MSG_AUTODISCOVER;
318 return (SNMP_CODE_OK);
321 if ((usm_user = usm_find_user(pdu->engine.engine_id,
322 pdu->engine.engine_len, pdu->user.sec_name)) == NULL ||
323 usm_user->status != 1 /* active */)
324 return (SNMP_CODE_BADUSER);
326 if (usm_user->user_engine_len != snmpd_engine.engine_len ||
327 memcmp(usm_user->user_engine_id, snmpd_engine.engine_id,
328 snmpd_engine.engine_len) != 0)
329 return (SNMP_CODE_BADENGINE);
331 pdu->user.priv_proto = usm_user->suser.priv_proto;
332 memcpy(pdu->user.priv_key, usm_user->suser.priv_key,
333 sizeof(pdu->user.priv_key));
335 /* authenticated snmpEngineId discovery */
336 if ((pdu->flags & SNMP_MSG_AUTH_FLAG) != 0) {
337 etime = (get_ticks() - start_tick) / 100ULL;
338 if (etime < INT32_MAX)
339 snmpd_engine.engine_time = etime;
341 start_tick = get_ticks();
343 snmpd_engine.engine_time = start_tick;
346 pdu->user.auth_proto = usm_user->suser.auth_proto;
347 memcpy(pdu->user.auth_key, usm_user->suser.auth_key,
348 sizeof(pdu->user.auth_key));
350 if (pdu->engine.engine_boots == 0 &&
351 pdu->engine.engine_time == 0) {
352 pdu->flags |= SNMP_MSG_AUTODISCOVER;
353 return (SNMP_CODE_OK);
356 if (pdu->engine.engine_boots != snmpd_engine.engine_boots ||
357 abs(pdu->engine.engine_time - snmpd_engine.engine_time) >
359 return (SNMP_CODE_NOTINTIME);
362 if (((pdu->flags & SNMP_MSG_PRIV_FLAG) != 0 &&
363 (pdu->flags & SNMP_MSG_AUTH_FLAG) == 0) ||
364 ((pdu->flags & SNMP_MSG_AUTH_FLAG) == 0 &&
365 usm_user->suser.auth_proto != SNMP_AUTH_NOAUTH) ||
366 ((pdu->flags & SNMP_MSG_PRIV_FLAG) == 0 &&
367 usm_user->suser.priv_proto != SNMP_PRIV_NOPRIV))
368 return (SNMP_CODE_BADSECLEVEL);
370 return (SNMP_CODE_OK);
374 * Check whether access to each of var bindings in the PDU is allowed based
375 * on the user credentials against the configured User groups & VACM views.
378 snmp_pdu_auth_access(struct snmp_pdu *pdu, int32_t *ip)
381 int32_t suboid, smodel;
383 struct vacm_user *vuser;
384 struct vacm_access *acl;
385 struct vacm_context *vacmctx;
386 struct vacm_view *view;
389 * At least a default context exists if the snmpd_vacm(3) module is
392 if (SLIST_EMPTY(&vacm_contextlist) ||
393 (pdu->flags & SNMP_MSG_AUTODISCOVER) != 0)
394 return (SNMP_CODE_OK);
396 switch (pdu->version) {
398 if ((uname = comm_string(community)) == NULL)
399 return (SNMP_CODE_FAILED);
400 smodel = SNMP_SECMODEL_SNMPv1;
404 if ((uname = comm_string(community)) == NULL)
405 return (SNMP_CODE_FAILED);
406 smodel = SNMP_SECMODEL_SNMPv2c;
410 uname = pdu->user.sec_name;
411 if ((smodel = pdu->security_model) != SNMP_SECMODEL_USM)
412 return (SNMP_CODE_FAILED);
413 /* Compare the PDU context engine id against the agent's */
414 if (pdu->context_engine_len != snmpd_engine.engine_len ||
415 memcmp(pdu->context_engine, snmpd_engine.engine_id,
416 snmpd_engine.engine_len) != 0)
417 return (SNMP_CODE_FAILED);
424 SLIST_FOREACH(vuser, &vacm_userlist, vvu)
425 if (strcmp(uname, vuser->secname) == 0 &&
426 vuser->sec_model == smodel)
429 if (vuser == NULL || vuser->group == NULL)
430 return (SNMP_CODE_FAILED);
432 /* XXX: shteryana - recheck */
433 TAILQ_FOREACH_REVERSE(acl, &vacm_accesslist, vacm_accesslist, vva) {
434 if (acl->group != vuser->group)
436 SLIST_FOREACH(vacmctx, &vacm_contextlist, vcl)
437 if (memcmp(vacmctx->ctxname, acl->ctx_prefix,
438 acl->ctx_match) == 0)
442 return (SNMP_CODE_FAILED);
448 case SNMP_PDU_GETNEXT:
449 case SNMP_PDU_GETBULK:
450 if ((view = acl->read_view) == NULL)
451 return (SNMP_CODE_FAILED);
455 if ((view = acl->write_view) == NULL)
456 return (SNMP_CODE_FAILED);
460 case SNMP_PDU_INFORM:
462 case SNMP_PDU_REPORT:
463 if ((view = acl->notify_view) == NULL)
464 return (SNMP_CODE_FAILED);
466 case SNMP_PDU_RESPONSE:
468 return (SNMP_CODE_FAILED);
473 for (i = 0; i < pdu->nbindings; i++) {
474 /* XXX - view->mask*/
475 suboid = asn_is_suboid(&view->subtree, &pdu->bindings[i].var);
476 if ((!suboid && !view->exclude) || (suboid && view->exclude)) {
478 return (SNMP_CODE_FAILED);
482 return (SNMP_CODE_OK);
486 * SNMP input. Start: decode the PDU, find the user or community.
489 snmp_input_start(const u_char *buf, size_t len, const char *source,
490 struct snmp_pdu *pdu, int32_t *ip, size_t *pdulen)
494 enum snmpd_input_err ret;
498 this_tick = get_ticks();
503 /* look whether we have enough bytes for the entire PDU. */
504 switch (sret = snmp_pdu_snoop(&b)) {
507 return (SNMPD_INPUT_TRUNC);
510 snmpd_stats.inASNParseErrs++;
511 return (SNMPD_INPUT_FAILED);
513 b.asn_len = *pdulen = (size_t)sret;
515 memset(pdu, 0, sizeof(*pdu));
516 if ((code = snmp_pdu_decode_header(&b, pdu)) != SNMP_CODE_OK)
519 if (pdu->version == SNMP_V3) {
520 if (pdu->security_model != SNMP_SECMODEL_USM) {
521 code = SNMP_CODE_FAILED;
524 if ((code = snmp_pdu_auth_user(pdu)) != SNMP_CODE_OK)
526 if ((code = snmp_pdu_decode_secmode(&b, pdu)) != SNMP_CODE_OK)
529 code = snmp_pdu_decode_scoped(&b, pdu, ip);
531 ret = SNMPD_INPUT_OK;
534 snmpd_stats.inPkts++;
538 case SNMP_CODE_FAILED:
539 snmpd_stats.inASNParseErrs++;
540 return (SNMPD_INPUT_FAILED);
542 case SNMP_CODE_BADVERS:
544 snmpd_stats.inBadVersions++;
545 return (SNMPD_INPUT_FAILED);
547 case SNMP_CODE_BADLEN:
548 if (pdu->type == SNMP_OP_SET)
549 ret = SNMPD_INPUT_VALBADLEN;
552 case SNMP_CODE_OORANGE:
553 if (pdu->type == SNMP_OP_SET)
554 ret = SNMPD_INPUT_VALRANGE;
557 case SNMP_CODE_BADENC:
558 if (pdu->type == SNMP_OP_SET)
559 ret = SNMPD_INPUT_VALBADENC;
562 case SNMP_CODE_BADSECLEVEL:
563 snmpd_usmstats.unsupported_seclevels++;
564 return (SNMPD_INPUT_FAILED);
566 case SNMP_CODE_NOTINTIME:
567 snmpd_usmstats.not_in_time_windows++;
568 return (SNMPD_INPUT_FAILED);
570 case SNMP_CODE_BADUSER:
571 snmpd_usmstats.unknown_users++;
572 return (SNMPD_INPUT_FAILED);
574 case SNMP_CODE_BADENGINE:
575 snmpd_usmstats.unknown_engine_ids++;
576 return (SNMPD_INPUT_FAILED);
578 case SNMP_CODE_BADDIGEST:
579 snmpd_usmstats.wrong_digests++;
580 return (SNMPD_INPUT_FAILED);
582 case SNMP_CODE_EDECRYPT:
583 snmpd_usmstats.decrypt_errors++;
584 return (SNMPD_INPUT_FAILED);
587 switch (pdu->version) {
590 if (!(snmpd.version_enable & VERS_ENABLE_V1))
595 if (!(snmpd.version_enable & VERS_ENABLE_V2C))
600 if (!(snmpd.version_enable & VERS_ENABLE_V3))
610 if (debug.dump_pdus) {
611 snmp_printf("%s -> ", source);
616 * Look, whether we know the community or user
619 if (pdu->version != SNMP_V3) {
620 TAILQ_FOREACH(comm, &community_list, link)
621 if (comm->string != NULL &&
622 strcmp(comm->string, pdu->community) == 0)
626 snmpd_stats.inBadCommunityNames++;
628 if (snmpd.auth_traps)
629 snmp_send_trap(&oid_authenticationFailure,
630 (struct snmp_value *)NULL);
631 ret = SNMPD_INPUT_BAD_COMM;
633 community = comm->value;
634 } else if (pdu->nbindings == 0) {
635 /* RFC 3414 - snmpEngineID Discovery */
636 if (strlen(pdu->user.sec_name) == 0) {
637 asn_append_oid(&(pdu->bindings[pdu->nbindings++].var),
638 &oid_usmUnknownEngineIDs);
639 pdu->context_engine_len = snmpd_engine.engine_len;
640 memcpy(pdu->context_engine, snmpd_engine.engine_id,
641 snmpd_engine.engine_len);
642 } else if (pdu->engine.engine_boots == 0 &&
643 pdu->engine.engine_time == 0) {
644 asn_append_oid(&(pdu->bindings[pdu->nbindings++].var),
645 &oid_usmNotInTimeWindows);
646 pdu->engine.engine_boots = snmpd_engine.engine_boots;
647 pdu->engine.engine_time = snmpd_engine.engine_time;
649 } else if (usm_user->suser.auth_proto != SNMP_AUTH_NOAUTH &&
650 (pdu->engine.engine_boots == 0 || pdu->engine.engine_time == 0)) {
651 snmpd_usmstats.not_in_time_windows++;
652 ret = SNMPD_INPUT_FAILED;
655 if ((code = snmp_pdu_auth_access(pdu, ip)) != SNMP_CODE_OK)
656 ret = SNMPD_INPUT_FAILED;
662 * Will return only _OK or _FAILED
665 snmp_input_finish(struct snmp_pdu *pdu, const u_char *rcvbuf, size_t rcvlen,
666 u_char *sndbuf, size_t *sndlen, const char *source,
667 enum snmpd_input_err ierr, int32_t ivar, void *data)
669 struct snmp_pdu resp;
670 struct asn_buf resp_b, pdu_b;
673 resp_b.asn_ptr = sndbuf;
674 resp_b.asn_len = snmpd.txbuf;
676 pdu_b.asn_cptr = rcvbuf;
677 pdu_b.asn_len = rcvlen;
679 if (ierr != SNMPD_INPUT_OK) {
680 /* error decoding the input of a SET */
681 if (pdu->version == SNMP_V1)
682 pdu->error_status = SNMP_ERR_BADVALUE;
683 else if (ierr == SNMPD_INPUT_VALBADLEN)
684 pdu->error_status = SNMP_ERR_WRONG_LENGTH;
685 else if (ierr == SNMPD_INPUT_VALRANGE)
686 pdu->error_status = SNMP_ERR_WRONG_VALUE;
688 pdu->error_status = SNMP_ERR_WRONG_ENCODING;
690 pdu->error_index = ivar;
692 if (snmp_make_errresp(pdu, &pdu_b, &resp_b) == SNMP_RET_IGN) {
693 syslog(LOG_WARNING, "could not encode error response");
694 snmpd_stats.silentDrops++;
695 return (SNMPD_INPUT_FAILED);
698 if (debug.dump_pdus) {
699 snmp_printf("%s <- ", source);
702 *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
703 return (SNMPD_INPUT_OK);
709 ret = snmp_get(pdu, &resp_b, &resp, data);
712 case SNMP_PDU_GETNEXT:
713 ret = snmp_getnext(pdu, &resp_b, &resp, data);
717 ret = snmp_set(pdu, &resp_b, &resp, data);
720 case SNMP_PDU_GETBULK:
721 ret = snmp_getbulk(pdu, &resp_b, &resp, data);
732 /* normal return - send a response */
733 if (debug.dump_pdus) {
734 snmp_printf("%s <- ", source);
735 snmp_pdu_dump(&resp);
737 *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
738 snmp_pdu_free(&resp);
739 return (SNMPD_INPUT_OK);
742 /* error - send nothing */
743 snmpd_stats.silentDrops++;
744 return (SNMPD_INPUT_FAILED);
747 /* error - send error response. The snmp routine has
748 * changed the error fields in the original message. */
749 resp_b.asn_ptr = sndbuf;
750 resp_b.asn_len = snmpd.txbuf;
751 if (snmp_make_errresp(pdu, &pdu_b, &resp_b) == SNMP_RET_IGN) {
752 syslog(LOG_WARNING, "could not encode error response");
753 snmpd_stats.silentDrops++;
754 return (SNMPD_INPUT_FAILED);
756 if (debug.dump_pdus) {
757 snmp_printf("%s <- ", source);
760 *sndlen = (size_t)(resp_b.asn_ptr - sndbuf);
761 return (SNMPD_INPUT_OK);
768 * Insert a port into the right place in the transport's table of ports
771 trans_insert_port(struct transport *t, struct tport *port)
775 TAILQ_FOREACH(p, &t->table, link) {
776 if (asn_compare_oid(&p->index, &port->index) > 0) {
777 TAILQ_INSERT_BEFORE(p, port, link);
782 TAILQ_INSERT_TAIL(&t->table, port, link);
786 * Remove a port from a transport's list
789 trans_remove_port(struct tport *port)
792 TAILQ_REMOVE(&port->transport->table, port, link);
796 * Find a port on a transport's list
799 trans_find_port(struct transport *t, const struct asn_oid *idx, u_int sub)
802 return (FIND_OBJECT_OID(&t->table, idx, sub));
806 * Find next port on a transport's list
809 trans_next_port(struct transport *t, const struct asn_oid *idx, u_int sub)
812 return (NEXT_OBJECT_OID(&t->table, idx, sub));
819 trans_first_port(struct transport *t)
822 return (TAILQ_FIRST(&t->table));
826 * Iterate through all ports until a function returns a 0.
829 trans_iter_port(struct transport *t, int (*func)(struct tport *, intptr_t),
834 TAILQ_FOREACH(p, &t->table, link)
835 if (func(p, arg) == 0)
841 * Register a transport
844 trans_register(const struct transport_def *def, struct transport **pp)
849 if ((*pp = malloc(sizeof(**pp))) == NULL)
850 return (SNMP_ERR_GENERR);
852 /* construct index */
853 (*pp)->index.len = strlen(def->name) + 1;
854 (*pp)->index.subs[0] = strlen(def->name);
855 for (i = 0; i < (*pp)->index.subs[0]; i++)
856 (*pp)->index.subs[i + 1] = def->name[i];
860 if (FIND_OBJECT_OID(&transport_list, &(*pp)->index, 0) != NULL) {
862 return (SNMP_ERR_INCONS_VALUE);
865 /* register module */
866 snprintf(or_descr, sizeof(or_descr), "%s transport mapping", def->name);
867 if (((*pp)->or_index = or_register(&def->id, or_descr, NULL)) == 0) {
869 return (SNMP_ERR_GENERR);
872 INSERT_OBJECT_OID((*pp), &transport_list);
874 TAILQ_INIT(&(*pp)->table);
876 return (SNMP_ERR_NOERROR);
880 * Unregister transport
883 trans_unregister(struct transport *t)
885 if (!TAILQ_EMPTY(&t->table))
886 return (SNMP_ERR_INCONS_VALUE);
888 or_unregister(t->or_index);
889 TAILQ_REMOVE(&transport_list, t, link);
891 return (SNMP_ERR_NOERROR);
895 * File descriptor support
897 #ifdef USE_LIBBEGEMOT
899 input(int fd, int mask __unused, void *uap)
902 input(evContext ctx __unused, void *uap, int fd, int mask __unused)
905 struct fdesc *f = uap;
907 (*f->func)(fd, f->udata);
915 #ifdef USE_LIBBEGEMOT
917 poll_unregister(f->id);
921 if (evTestID(f->id)) {
922 (void)evDeselectFD(evctx, f->id);
934 #ifdef USE_LIBBEGEMOT
937 if ((f->id = poll_register(f->fd, input, f, POLL_IN)) < 0) {
939 syslog(LOG_ERR, "select fd %d: %m", f->fd);
946 if (evSelectFD(evctx, f->fd, EV_READ, input, f, &f->id)) {
948 syslog(LOG_ERR, "select fd %d: %m", f->fd);
957 fd_select(int fd, void (*func)(int, void *), void *udata, struct lmodule *mod)
962 if ((f = malloc(sizeof(struct fdesc))) == NULL) {
964 syslog(LOG_ERR, "fd_select: %m");
972 #ifdef USE_LIBBEGEMOT
985 LIST_INSERT_HEAD(&fdesc_list, f, link);
995 LIST_REMOVE(f, link);
1001 fd_flush(struct lmodule *mod)
1003 struct fdesc *t, *t1;
1005 t = LIST_FIRST(&fdesc_list);
1007 t1 = LIST_NEXT(t, link);
1008 if (t->owner == mod)
1015 * Consume a message from the input buffer
1018 snmp_input_consume(struct port_input *pi)
1021 /* always consume everything */
1025 if (pi->consumed >= pi->length) {
1026 /* all bytes consumed */
1030 memmove(pi->buf, pi->buf + pi->consumed, pi->length - pi->consumed);
1031 pi->length -= pi->consumed;
1035 check_priv_dgram(struct port_input *pi, struct sockcred *cred)
1038 /* process explicitly sends credentials */
1040 pi->priv = (cred->sc_euid == 0);
1046 check_priv_stream(struct port_input *pi)
1048 struct xucred ucred;
1051 /* obtain the accept time credentials */
1052 ucredlen = sizeof(ucred);
1054 if (getsockopt(pi->fd, 0, LOCAL_PEERCRED, &ucred, &ucredlen) == 0 &&
1055 ucredlen >= sizeof(ucred) && ucred.cr_version == XUCRED_VERSION)
1056 pi->priv = (ucred.cr_uid == 0);
1062 * Input from a stream socket.
1065 recv_stream(struct port_input *pi)
1068 struct iovec iov[1];
1071 if (pi->buf == NULL) {
1072 /* no buffer yet - allocate one */
1073 if ((pi->buf = buf_alloc(0)) == NULL) {
1074 /* ups - could not get buffer. Return an error
1075 * the caller must close the transport. */
1078 pi->buflen = buf_size(0);
1083 /* try to get a message */
1084 msg.msg_name = pi->peer;
1085 msg.msg_namelen = pi->peerlen;
1088 msg.msg_control = NULL;
1089 msg.msg_controllen = 0;
1092 iov[0].iov_base = pi->buf + pi->length;
1093 iov[0].iov_len = pi->buflen - pi->length;
1095 len = recvmsg(pi->fd, &msg, 0);
1097 if (len == -1 || len == 0)
1104 check_priv_stream(pi);
1110 * Input from a datagram socket.
1111 * Each receive should return one datagram.
1114 recv_dgram(struct port_input *pi, struct in_addr *laddr)
1117 char cbuf[CMSG_SPACE(SOCKCREDSIZE(CMGROUP_MAX)) +
1118 CMSG_SPACE(sizeof(struct in_addr))];
1120 struct iovec iov[1];
1122 struct cmsghdr *cmsg;
1123 struct sockcred *cred = NULL;
1125 if (pi->buf == NULL) {
1126 /* no buffer yet - allocate one */
1127 if ((pi->buf = buf_alloc(0)) == NULL) {
1128 /* ups - could not get buffer. Read away input
1130 (void)recvfrom(pi->fd, embuf, sizeof(embuf),
1135 pi->buflen = buf_size(0);
1138 /* try to get a message */
1139 msg.msg_name = pi->peer;
1140 msg.msg_namelen = pi->peerlen;
1143 memset(cbuf, 0, sizeof(cbuf));
1144 msg.msg_control = cbuf;
1145 msg.msg_controllen = sizeof(cbuf);
1148 iov[0].iov_base = pi->buf;
1149 iov[0].iov_len = pi->buflen;
1151 len = recvmsg(pi->fd, &msg, 0);
1153 if (len == -1 || len == 0)
1157 if (msg.msg_flags & MSG_TRUNC) {
1158 /* truncated - drop */
1159 snmpd_stats.silentDrops++;
1160 snmpd_stats.inTooLong++;
1164 pi->length = (size_t)len;
1166 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
1167 cmsg = CMSG_NXTHDR(&msg, cmsg)) {
1168 if (cmsg->cmsg_level == IPPROTO_IP &&
1169 cmsg->cmsg_type == IP_RECVDSTADDR)
1170 memcpy(laddr, CMSG_DATA(cmsg), sizeof(struct in_addr));
1171 if (cmsg->cmsg_level == SOL_SOCKET &&
1172 cmsg->cmsg_type == SCM_CREDS)
1173 cred = (struct sockcred *)CMSG_DATA(cmsg);
1177 check_priv_dgram(pi, cred);
1183 * Input from a socket
1186 snmpd_input(struct port_input *pi, struct tport *tport)
1190 struct snmp_pdu pdu;
1191 enum snmpd_input_err ierr, ferr;
1192 enum snmpd_proxy_err perr;
1196 #ifdef USE_TCPWRAPPERS
1200 struct iovec iov[1];
1201 char cbuf[CMSG_SPACE(sizeof(struct in_addr))];
1202 struct cmsghdr *cmsgp;
1204 /* get input depending on the transport */
1206 msg.msg_control = NULL;
1207 msg.msg_controllen = 0;
1209 ret = recv_stream(pi);
1211 struct in_addr *laddr;
1213 memset(cbuf, 0, CMSG_SPACE(sizeof(struct in_addr)));
1214 msg.msg_control = cbuf;
1215 msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
1216 cmsgp = CMSG_FIRSTHDR(&msg);
1217 cmsgp->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
1218 cmsgp->cmsg_level = IPPROTO_IP;
1219 cmsgp->cmsg_type = IP_SENDSRCADDR;
1220 laddr = (struct in_addr *)CMSG_DATA(cmsgp);
1222 ret = recv_dgram(pi, laddr);
1224 if (laddr->s_addr == 0) {
1225 msg.msg_control = NULL;
1226 msg.msg_controllen = 0;
1233 #ifdef USE_TCPWRAPPERS
1235 * In case of AF_INET{6} peer, do hosts_access(5) check.
1237 if (pi->peer->sa_family != AF_LOCAL &&
1238 inet_ntop(pi->peer->sa_family,
1239 &((const struct sockaddr_in *)(const void *)pi->peer)->sin_addr,
1240 client, sizeof(client)) != NULL) {
1241 request_set(&req, RQ_CLIENT_ADDR, client, 0);
1242 if (hosts_access(&req) == 0) {
1243 syslog(LOG_ERR, "refused connection from %.500s",
1247 } else if (pi->peer->sa_family != AF_LOCAL)
1248 syslog(LOG_ERR, "inet_ntop(): %m");
1254 ierr = snmp_input_start(pi->buf, pi->length, "SNMP", &pdu, &vi,
1256 if (ierr == SNMPD_INPUT_TRUNC) {
1257 /* need more bytes. This is ok only for streaming transports.
1258 * but only if we have not reached bufsiz yet. */
1260 if (pi->length == buf_size(0)) {
1261 snmpd_stats.silentDrops++;
1266 snmpd_stats.silentDrops++;
1270 /* can't check for bad SET pdus here, because a proxy may have to
1271 * check the access first. We don't want to return an error response
1272 * to a proxy PDU with a wrong community */
1273 if (ierr == SNMPD_INPUT_FAILED) {
1274 /* for streaming transports this is fatal */
1277 snmp_input_consume(pi);
1280 if (ierr == SNMPD_INPUT_BAD_COMM) {
1281 snmp_input_consume(pi);
1286 * If that is a module community and the module has a proxy function,
1287 * the hand it over to the module.
1289 if (comm != NULL && comm->owner != NULL &&
1290 comm->owner->config->proxy != NULL) {
1291 perr = (*comm->owner->config->proxy)(&pdu, tport->transport,
1292 &tport->index, pi->peer, pi->peerlen, ierr, vi,
1293 !pi->cred || pi->priv);
1297 case SNMPD_PROXY_OK:
1298 snmp_input_consume(pi);
1301 case SNMPD_PROXY_REJ:
1304 case SNMPD_PROXY_DROP:
1305 snmp_input_consume(pi);
1306 snmp_pdu_free(&pdu);
1307 snmpd_stats.proxyDrops++;
1310 case SNMPD_PROXY_BADCOMM:
1311 snmp_input_consume(pi);
1312 snmp_pdu_free(&pdu);
1313 snmpd_stats.inBadCommunityNames++;
1314 if (snmpd.auth_traps)
1315 snmp_send_trap(&oid_authenticationFailure,
1316 (struct snmp_value *)NULL);
1319 case SNMPD_PROXY_BADCOMMUSE:
1320 snmp_input_consume(pi);
1321 snmp_pdu_free(&pdu);
1322 snmpd_stats.inBadCommunityUses++;
1323 if (snmpd.auth_traps)
1324 snmp_send_trap(&oid_authenticationFailure,
1325 (struct snmp_value *)NULL);
1333 if (pdu.type == SNMP_PDU_RESPONSE ||
1334 pdu.type == SNMP_PDU_TRAP ||
1335 pdu.type == SNMP_PDU_TRAP2) {
1336 snmpd_stats.silentDrops++;
1337 snmpd_stats.inBadPduTypes++;
1338 snmp_pdu_free(&pdu);
1339 snmp_input_consume(pi);
1346 if (pdu.version < SNMP_V3 &&
1347 ((pi->cred && !pi->priv && pdu.type == SNMP_PDU_SET) ||
1348 (community != COMM_WRITE &&
1349 (pdu.type == SNMP_PDU_SET || community != COMM_READ)))) {
1350 snmpd_stats.inBadCommunityUses++;
1351 snmp_pdu_free(&pdu);
1352 snmp_input_consume(pi);
1353 if (snmpd.auth_traps)
1354 snmp_send_trap(&oid_authenticationFailure,
1355 (struct snmp_value *)NULL);
1362 if ((sndbuf = buf_alloc(1)) == NULL) {
1363 snmpd_stats.silentDrops++;
1364 snmp_pdu_free(&pdu);
1365 snmp_input_consume(pi);
1368 ferr = snmp_input_finish(&pdu, pi->buf, pi->length,
1369 sndbuf, &sndlen, "SNMP", ierr, vi, NULL);
1371 if (ferr == SNMPD_INPUT_OK) {
1372 msg.msg_name = pi->peer;
1373 msg.msg_namelen = pi->peerlen;
1377 iov[0].iov_base = sndbuf;
1378 iov[0].iov_len = sndlen;
1380 slen = sendmsg(pi->fd, &msg, 0);
1382 syslog(LOG_ERR, "sendmsg: %m");
1383 else if ((size_t)slen != sndlen)
1384 syslog(LOG_ERR, "sendmsg: short write %zu/%zu",
1385 sndlen, (size_t)slen);
1387 snmp_pdu_free(&pdu);
1389 snmp_input_consume(pi);
1395 * Send a PDU to a given port
1398 snmp_send_port(void *targ, const struct asn_oid *port, struct snmp_pdu *pdu,
1399 const struct sockaddr *addr, socklen_t addrlen)
1401 struct transport *trans = targ;
1407 TAILQ_FOREACH(tp, &trans->table, link)
1408 if (asn_compare_oid(port, &tp->index) == 0)
1413 if ((sndbuf = buf_alloc(1)) == NULL)
1416 snmp_output(pdu, sndbuf, &sndlen, "SNMP PROXY");
1418 len = trans->vtab->send(tp, sndbuf, sndlen, addr, addrlen);
1421 syslog(LOG_ERR, "sendto: %m");
1422 else if ((size_t)len != sndlen)
1423 syslog(LOG_ERR, "sendto: short write %zu/%zu",
1424 sndlen, (size_t)len);
1431 * Close an input source
1434 snmpd_input_close(struct port_input *pi)
1437 fd_deselect(pi->id);
1439 (void)close(pi->fd);
1440 if (pi->buf != NULL)
1445 * Dump internal state.
1447 #ifdef USE_LIBBEGEMOT
1452 info_func(evContext ctx __unused, void *uap __unused, const void *tag __unused)
1459 syslog(LOG_DEBUG, "Dump of SNMPd %lu\n", (u_long)getpid());
1460 for (i = 0; i < tree_size; i++) {
1461 switch (tree[i].type) {
1463 case SNMP_NODE_LEAF:
1464 sprintf(buf, "LEAF: %s %s", tree[i].name,
1465 asn_oid2str(&tree[i].oid));
1468 case SNMP_NODE_COLUMN:
1469 sprintf(buf, "COL: %s %s", tree[i].name,
1470 asn_oid2str(&tree[i].oid));
1473 syslog(LOG_DEBUG, "%s", buf);
1476 TAILQ_FOREACH(m, &lmodules, link)
1477 if (m->config->dump)
1478 (*m->config->dump)();
1482 * Re-read configuration
1484 #ifdef USE_LIBBEGEMOT
1489 config_func(evContext ctx __unused, void *uap __unused,
1490 const void *tag __unused)
1495 if (read_config(config_file, NULL)) {
1496 syslog(LOG_ERR, "error reading config file '%s'", config_file);
1499 TAILQ_FOREACH(m, &lmodules, link)
1500 if (m->config->config)
1501 (*m->config->config)();
1505 * On USR1 dump actual configuration.
1508 onusr1(int s __unused)
1511 work |= WORK_DOINFO;
1514 onhup(int s __unused)
1517 work |= WORK_RECONFIG;
1521 onterm(int s __unused)
1524 /* allow clean-up */
1531 struct sigaction sa;
1533 sa.sa_handler = onusr1;
1534 sa.sa_flags = SA_RESTART;
1535 sigemptyset(&sa.sa_mask);
1536 if (sigaction(SIGUSR1, &sa, NULL)) {
1537 syslog(LOG_ERR, "sigaction: %m");
1541 sa.sa_handler = onhup;
1542 if (sigaction(SIGHUP, &sa, NULL)) {
1543 syslog(LOG_ERR, "sigaction: %m");
1547 sa.sa_handler = onterm;
1549 sigemptyset(&sa.sa_mask);
1550 if (sigaction(SIGTERM, &sa, NULL)) {
1551 syslog(LOG_ERR, "sigaction: %m");
1554 if (sigaction(SIGINT, &sa, NULL)) {
1555 syslog(LOG_ERR, "sigaction: %m");
1566 if (sigprocmask(SIG_BLOCK, &set, &blocked_sigs) == -1) {
1567 syslog(LOG_ERR, "SIG_BLOCK: %m");
1574 if (sigprocmask(SIG_SETMASK, &blocked_sigs, NULL) == -1) {
1575 syslog(LOG_ERR, "SIG_SETMASK: %m");
1586 (void)unlink(pid_file);
1592 struct transport *t;
1594 TAILQ_FOREACH(t, &transport_list, link)
1595 (void)t->vtab->stop(1);
1599 * Define a macro from the command line
1607 if ((eq = strchr(arg, '=')) == NULL)
1608 err = define_macro(arg, "");
1611 err = define_macro(arg, eq);
1614 syslog(LOG_ERR, "cannot save macro: %m");
1620 * Re-implement getsubopt from scratch, because the second argument is broken
1621 * and will not compile with WARNS=5.
1624 getsubopt1(char **arg, const char *const *options, char **valp, char **optp)
1626 static const char *const delim = ",\t ";
1632 /* skip leading junk */
1633 for (ptr = *arg; *ptr != '\0'; ptr++)
1634 if (strchr(delim, *ptr) == NULL)
1642 /* find the end of the option */
1643 while (*++ptr != '\0')
1644 if (strchr(delim, *ptr) != NULL || *ptr == '=')
1651 while (*ptr != '\0' && strchr(delim, *ptr) == NULL)
1661 for (i = 0; *options != NULL; options++, i++)
1662 if (strcmp(*optp, *options) == 0)
1668 main(int argc, char *argv[])
1674 const char *prefix = "snmpd";
1676 char *value = NULL, *option; /* XXX */
1677 struct transport *t;
1680 #define DBG_EVENTS 1
1682 static const char *const debug_opts[] = {
1689 snmp_printf = snmp_printf_func;
1690 snmp_error = snmp_error_func;
1691 snmp_debug = snmp_debug_func;
1692 asn_error = asn_error_func;
1694 while ((opt = getopt(argc, argv, "c:dD:e:hI:l:m:p:")) != EOF)
1698 strlcpy(config_file, optarg, sizeof(config_file));
1707 switch (getsubopt1(&optarg, debug_opts,
1711 debug.dump_pdus = 1;
1721 "no value for 'trace'");
1723 snmp_trace = strtoul(value,
1730 "unknown debug flag '%s'",
1734 "missing debug flag");
1741 strlcpy(engine_file, optarg, sizeof(engine_file));
1744 fprintf(stderr, "%s", usgtxt);
1760 strlcpy(pid_file, optarg, sizeof(pid_file));
1764 openlog(prefix, LOG_PID | (background ? 0 : LOG_PERROR), LOG_USER);
1765 setlogmask(LOG_UPTO(debug.logpri - 1));
1767 if (background && daemon(0, 0) < 0) {
1768 syslog(LOG_ERR, "daemon: %m");
1780 snmp_serial_no = random();
1782 #ifdef USE_TCPWRAPPERS
1784 * Initialize hosts_access(3) handler.
1786 request_init(&req, RQ_DAEMON, "snmpd", 0);
1791 * Initialize the tree.
1793 if ((tree = malloc(sizeof(struct snmp_node) * CTREE_SIZE)) == NULL) {
1794 syslog(LOG_ERR, "%m");
1797 memcpy(tree, ctree, sizeof(struct snmp_node) * CTREE_SIZE);
1798 tree_size = CTREE_SIZE;
1801 * Get standard communities
1803 (void)comm_define(1, "SNMP read", NULL, NULL);
1804 (void)comm_define(2, "SNMP write", NULL, NULL);
1805 community = COMM_INITIALIZE;
1807 trap_reqid = reqid_allocate(512, NULL);
1809 if (config_file[0] == '\0')
1810 snprintf(config_file, sizeof(config_file), PATH_CONFIG, prefix);
1813 init_snmpd_engine();
1815 this_tick = get_ticks();
1816 start_tick = this_tick;
1818 /* start transports */
1819 if (atexit(trans_stop) == -1) {
1820 syslog(LOG_ERR, "atexit failed: %m");
1823 if (udp_trans.start() != SNMP_ERR_NOERROR)
1824 syslog(LOG_WARNING, "cannot start UDP transport");
1825 if (lsock_trans.start() != SNMP_ERR_NOERROR)
1826 syslog(LOG_WARNING, "cannot start LSOCK transport");
1828 #ifdef USE_LIBBEGEMOT
1829 if (debug.evdebug > 0)
1832 if (evCreate(&evctx)) {
1833 syslog(LOG_ERR, "evCreate: %m");
1836 if (debug.evdebug > 0)
1837 evSetDebug(evctx, 10, stderr);
1840 if (engine_file[0] == '\0')
1841 snprintf(engine_file, sizeof(engine_file), PATH_ENGINE, prefix);
1843 if (read_config(config_file, NULL)) {
1844 syslog(LOG_ERR, "error in config file");
1848 TAILQ_FOREACH(t, &transport_list, link)
1849 TAILQ_FOREACH(p, &t->table, link)
1850 t->vtab->init_port(p);
1854 if (pid_file[0] == '\0')
1855 snprintf(pid_file, sizeof(pid_file), PATH_PID, prefix);
1857 if ((fp = fopen(pid_file, "w")) != NULL) {
1858 fprintf(fp, "%u", getpid());
1860 if (atexit(term) == -1) {
1861 syslog(LOG_ERR, "atexit failed: %m");
1862 (void)remove(pid_file);
1867 if (or_register(&oid_snmpMIB, "The MIB module for SNMPv2 entities.",
1869 syslog(LOG_ERR, "cannot register SNMPv2 MIB");
1872 if (or_register(&oid_begemotSnmpd, "The MIB module for the Begemot SNMPd.",
1874 syslog(LOG_ERR, "cannot register begemotSnmpd MIB");
1878 while ((m = TAILQ_FIRST(&modules_start)) != NULL) {
1879 m->flags &= ~LM_ONSTARTLIST;
1880 TAILQ_REMOVE(&modules_start, m, start);
1884 snmp_send_trap(&oid_coldStart, (struct snmp_value *)NULL);
1887 #ifndef USE_LIBBEGEMOT
1890 struct lmodule *mod;
1892 TAILQ_FOREACH(mod, &lmodules, link)
1893 if (mod->config->idle != NULL)
1894 (*mod->config->idle)();
1896 #ifndef USE_LIBBEGEMOT
1897 if (evGetNext(evctx, &event, EV_WAIT) == 0) {
1898 if (evDispatch(evctx, event))
1899 syslog(LOG_ERR, "evDispatch: %m");
1900 } else if (errno != EINTR) {
1901 syslog(LOG_ERR, "evGetNext: %m");
1910 if (work & WORK_DOINFO) {
1911 #ifdef USE_LIBBEGEMOT
1914 if (evWaitFor(evctx, &work, info_func,
1915 NULL, NULL) == -1) {
1916 syslog(LOG_ERR, "evWaitFor: %m");
1921 if (work & WORK_RECONFIG) {
1922 #ifdef USE_LIBBEGEMOT
1925 if (evWaitFor(evctx, &work, config_func,
1926 NULL, NULL) == -1) {
1927 syslog(LOG_ERR, "evWaitFor: %m");
1934 #ifndef USE_LIBBEGEMOT
1935 if (evDo(evctx, &work) == -1) {
1936 syslog(LOG_ERR, "evDo: %m");
1952 if (gettimeofday(&tv, NULL))
1954 ret = tv.tv_sec * 100ULL + tv.tv_usec / 10000ULL;
1963 * Trampoline for the non-repeatable timers.
1965 #ifdef USE_LIBBEGEMOT
1967 tfunc(int tid __unused, void *uap)
1970 tfunc(evContext ctx __unused, void *uap, struct timespec due __unused,
1971 struct timespec inter __unused)
1974 struct timer *tp = uap;
1976 LIST_REMOVE(tp, link);
1977 tp->func(tp->udata);
1982 * Trampoline for the repeatable timers.
1984 #ifdef USE_LIBBEGEMOT
1986 trfunc(int tid __unused, void *uap)
1989 trfunc(evContext ctx __unused, void *uap, struct timespec due __unused,
1990 struct timespec inter __unused)
1993 struct timer *tp = uap;
1995 tp->func(tp->udata);
1999 * Start a one-shot timer
2002 timer_start(u_int ticks, void (*func)(void *), void *udata, struct lmodule *mod)
2005 #ifndef USE_LIBBEGEMOT
2006 struct timespec due;
2009 if ((tp = malloc(sizeof(struct timer))) == NULL) {
2010 syslog(LOG_CRIT, "out of memory for timer");
2014 #ifndef USE_LIBBEGEMOT
2015 due = evAddTime(evNowTime(),
2016 evConsTime(ticks / 100, (ticks % 100) * 10000));
2023 LIST_INSERT_HEAD(&timer_list, tp, link);
2025 #ifdef USE_LIBBEGEMOT
2026 if ((tp->id = poll_start_timer(ticks * 10, 0, tfunc, tp)) < 0) {
2027 syslog(LOG_ERR, "cannot set timer: %m");
2031 if (evSetTimer(evctx, tfunc, tp, due, evConsTime(0, 0), &tp->id)
2033 syslog(LOG_ERR, "cannot set timer: %m");
2041 * Start a repeatable timer. When used with USE_LIBBEGEMOT the first argument
2042 * is currently ignored and the initial number of ticks is set to the
2043 * repeat number of ticks.
2046 timer_start_repeat(u_int ticks __unused, u_int repeat_ticks,
2047 void (*func)(void *), void *udata, struct lmodule *mod)
2050 #ifndef USE_LIBBEGEMOT
2051 struct timespec due;
2052 struct timespec inter;
2055 if ((tp = malloc(sizeof(struct timer))) == NULL) {
2056 syslog(LOG_CRIT, "out of memory for timer");
2060 #ifndef USE_LIBBEGEMOT
2061 due = evAddTime(evNowTime(),
2062 evConsTime(ticks / 100, (ticks % 100) * 10000));
2063 inter = evConsTime(repeat_ticks / 100, (repeat_ticks % 100) * 10000);
2070 LIST_INSERT_HEAD(&timer_list, tp, link);
2072 #ifdef USE_LIBBEGEMOT
2073 if ((tp->id = poll_start_timer(repeat_ticks * 10, 1, trfunc, tp)) < 0) {
2074 syslog(LOG_ERR, "cannot set timer: %m");
2078 if (evSetTimer(evctx, trfunc, tp, due, inter, &tp->id) == -1) {
2079 syslog(LOG_ERR, "cannot set timer: %m");
2092 struct timer *tp = p;
2094 LIST_REMOVE(tp, link);
2095 #ifdef USE_LIBBEGEMOT
2096 poll_stop_timer(tp->id);
2098 if (evClearTimer(evctx, tp->id) == -1) {
2099 syslog(LOG_ERR, "cannot stop timer: %m");
2107 timer_flush(struct lmodule *mod)
2109 struct timer *t, *t1;
2111 t = LIST_FIRST(&timer_list);
2113 t1 = LIST_NEXT(t, link);
2114 if (t->owner == mod)
2121 snmp_printf_func(const char *fmt, ...)
2124 static char *pend = NULL;
2128 vasprintf(&ret, fmt, ap);
2134 if ((new = realloc(pend, strlen(pend) + strlen(ret) + 1))
2145 while ((ret = strchr(pend, '\n')) != NULL) {
2147 syslog(LOG_DEBUG, "%s", pend);
2148 if (strlen(ret + 1) == 0) {
2153 strcpy(pend, ret + 1);
2158 snmp_error_func(const char *err, ...)
2163 if (!(snmp_trace & LOG_SNMP_ERRORS))
2167 snprintf(errbuf, sizeof(errbuf), "SNMP: ");
2168 vsnprintf(errbuf + strlen(errbuf),
2169 sizeof(errbuf) - strlen(errbuf), err, ap);
2172 syslog(LOG_ERR, "%s", errbuf);
2176 snmp_debug_func(const char *err, ...)
2182 snprintf(errbuf, sizeof(errbuf), "SNMP: ");
2183 vsnprintf(errbuf+strlen(errbuf), sizeof(errbuf)-strlen(errbuf),
2187 syslog(LOG_DEBUG, "%s", errbuf);
2191 asn_error_func(const struct asn_buf *b, const char *err, ...)
2197 if (!(snmp_trace & LOG_ASN1_ERRORS))
2201 snprintf(errbuf, sizeof(errbuf), "ASN.1: ");
2202 vsnprintf(errbuf + strlen(errbuf),
2203 sizeof(errbuf) - strlen(errbuf), err, ap);
2207 snprintf(errbuf + strlen(errbuf),
2208 sizeof(errbuf) - strlen(errbuf), " at");
2209 for (i = 0; b->asn_len > i; i++)
2210 snprintf(errbuf + strlen(errbuf),
2211 sizeof(errbuf) - strlen(errbuf),
2212 " %02x", b->asn_cptr[i]);
2215 syslog(LOG_ERR, "%s", errbuf);
2219 * Create a new community
2222 comm_define(u_int priv, const char *descr, struct lmodule *owner,
2225 struct community *c, *p;
2228 /* generate an identifier */
2230 if ((ncomm = next_community_index++) == UINT_MAX)
2231 next_community_index = 1;
2232 TAILQ_FOREACH(c, &community_list, link)
2233 if (c->value == ncomm)
2235 } while (c != NULL);
2237 if ((c = malloc(sizeof(struct community))) == NULL) {
2238 syslog(LOG_ERR, "comm_define: %m");
2248 if((c->string = malloc(strlen(str)+1)) == NULL) {
2252 strcpy(c->string, str);
2256 if (c->owner == NULL) {
2258 c->index.subs[0] = 0;
2260 c->index = c->owner->index;
2262 c->index.subs[c->index.len++] = c->private;
2267 TAILQ_FOREACH(p, &community_list, link) {
2268 if (asn_compare_oid(&p->index, &c->index) > 0) {
2269 TAILQ_INSERT_BEFORE(p, c, link);
2274 TAILQ_INSERT_TAIL(&community_list, c, link);
2279 comm_string(u_int ncomm)
2281 struct community *p;
2283 TAILQ_FOREACH(p, &community_list, link)
2284 if (p->value == ncomm)
2290 * Delete all communities allocated by a module
2293 comm_flush(struct lmodule *mod)
2295 struct community *p, *p1;
2297 p = TAILQ_FIRST(&community_list);
2299 p1 = TAILQ_NEXT(p, link);
2300 if (p->owner == mod) {
2302 TAILQ_REMOVE(&community_list, p, link);
2310 * Request ID handling.
2312 * Allocate a new range of request ids. Use a first fit algorithm.
2315 reqid_allocate(int size, struct lmodule *mod)
2318 struct idrange *r, *r1;
2320 if (size <= 0 || size > INT32_MAX) {
2321 syslog(LOG_CRIT, "%s: size out of range: %d", __func__, size);
2324 /* allocate a type id */
2326 if ((type = next_idrange++) == UINT_MAX)
2328 TAILQ_FOREACH(r, &idrange_list, link)
2329 if (r->type == type)
2334 if (TAILQ_EMPTY(&idrange_list))
2337 r = TAILQ_FIRST(&idrange_list);
2338 if (r->base < size) {
2339 while((r1 = TAILQ_NEXT(r, link)) != NULL) {
2340 if (r1->base - (r->base + r->size) >= size)
2347 r1 = TAILQ_LAST(&idrange_list, idrange_list);
2348 if (INT32_MAX - size + 1 < r1->base + r1->size) {
2349 syslog(LOG_ERR, "out of id ranges (%u)", size);
2355 /* allocate structure */
2356 if ((r1 = malloc(sizeof(struct idrange))) == NULL) {
2357 syslog(LOG_ERR, "%s: %m", __FUNCTION__);
2364 if (TAILQ_EMPTY(&idrange_list) || r == TAILQ_FIRST(&idrange_list)) {
2366 TAILQ_INSERT_HEAD(&idrange_list, r1, link);
2367 } else if (r == NULL) {
2368 r = TAILQ_LAST(&idrange_list, idrange_list);
2369 r1->base = r->base + r->size;
2370 TAILQ_INSERT_TAIL(&idrange_list, r1, link);
2372 r = TAILQ_PREV(r, idrange_list, link);
2373 r1->base = r->base + r->size;
2374 TAILQ_INSERT_AFTER(&idrange_list, r, r1, link);
2376 r1->next = r1->base;
2382 reqid_next(u_int type)
2387 TAILQ_FOREACH(r, &idrange_list, link)
2388 if (r->type == type)
2391 syslog(LOG_CRIT, "wrong idrange type");
2394 if ((id = r->next++) == r->base + (r->size - 1))
2400 reqid_base(u_int type)
2404 TAILQ_FOREACH(r, &idrange_list, link)
2405 if (r->type == type)
2407 syslog(LOG_CRIT, "wrong idrange type");
2412 reqid_type(int32_t reqid)
2416 TAILQ_FOREACH(r, &idrange_list, link)
2417 if (reqid >= r->base && reqid <= r->base + (r->size - 1))
2423 reqid_istype(int32_t reqid, u_int type)
2425 return (reqid_type(reqid) == type);
2429 * Delete all communities allocated by a module
2432 reqid_flush(struct lmodule *mod)
2434 struct idrange *p, *p1;
2436 p = TAILQ_FIRST(&idrange_list);
2438 p1 = TAILQ_NEXT(p, link);
2439 if (p->owner == mod) {
2440 TAILQ_REMOVE(&idrange_list, p, link);
2448 * Merge the given tree for the given module into the main tree.
2451 compare_node(const void *v1, const void *v2)
2453 const struct snmp_node *n1 = v1;
2454 const struct snmp_node *n2 = v2;
2456 return (asn_compare_oid(&n1->oid, &n2->oid));
2459 tree_merge(const struct snmp_node *ntree, u_int nsize, struct lmodule *mod)
2461 struct snmp_node *xtree;
2464 xtree = realloc(tree, sizeof(*tree) * (tree_size + nsize));
2465 if (xtree == NULL) {
2466 syslog(LOG_ERR, "tree_merge: %m");
2470 memcpy(&tree[tree_size], ntree, sizeof(*tree) * nsize);
2472 for (i = 0; i < nsize; i++)
2473 tree[tree_size + i].tree_data = mod;
2477 qsort(tree, tree_size, sizeof(tree[0]), compare_node);
2483 * Remove all nodes belonging to the loadable module
2486 tree_unmerge(struct lmodule *mod)
2490 for(s = d = 0; s < tree_size; s++)
2491 if (tree[s].tree_data != mod) {
2503 lm_load(const char *path, const char *section)
2508 char *av[MAX_MOD_ARGS + 1];
2512 if ((m = malloc(sizeof(*m))) == NULL) {
2513 syslog(LOG_ERR, "lm_load: %m");
2518 strcpy(m->section, section);
2520 if ((m->path = malloc(strlen(path) + 1)) == NULL) {
2521 syslog(LOG_ERR, "lm_load: %m");
2524 strcpy(m->path, path);
2529 m->index.subs[0] = strlen(section);
2530 m->index.len = m->index.subs[0] + 1;
2531 for (u = 0; u < m->index.subs[0]; u++)
2532 m->index.subs[u + 1] = section[u];
2535 * Load the object file and locate the config structure
2537 if ((m->handle = dlopen(m->path, RTLD_NOW|RTLD_GLOBAL)) == NULL) {
2538 syslog(LOG_ERR, "lm_load: open %s", dlerror());
2542 if ((m->config = dlsym(m->handle, "config")) == NULL) {
2543 syslog(LOG_ERR, "lm_load: no 'config' symbol %s", dlerror());
2548 * Insert it into the right place
2550 INSERT_OBJECT_OID(m, &lmodules);
2552 /* preserve order */
2553 if (community == COMM_INITIALIZE) {
2554 m->flags |= LM_ONSTARTLIST;
2555 TAILQ_INSERT_TAIL(&modules_start, m, start);
2559 * make the argument vector.
2562 for (i = 0; i < nprogargs; i++) {
2563 if (strlen(progargs[i]) >= strlen(section) + 1 &&
2564 strncmp(progargs[i], section, strlen(section)) == 0 &&
2565 progargs[i][strlen(section)] == ':') {
2566 if (ac == MAX_MOD_ARGS) {
2567 syslog(LOG_WARNING, "too many arguments for "
2568 "module '%s", section);
2571 av[ac++] = &progargs[i][strlen(section)+1];
2577 * Run the initialization function
2579 if ((err = (*m->config->init)(m, ac, av)) != 0) {
2580 syslog(LOG_ERR, "lm_load: init failed: %d", err);
2581 TAILQ_REMOVE(&lmodules, m, link);
2588 if ((m->flags & LM_ONSTARTLIST) != 0)
2589 TAILQ_REMOVE(&modules_start, m, start);
2601 lm_start(struct lmodule *mod)
2603 const struct lmodule *m;
2606 * Merge tree. If this fails, unload the module.
2608 if (tree_merge(mod->config->tree, mod->config->tree_size, mod)) {
2614 * Read configuration
2616 if (read_config(config_file, mod)) {
2617 syslog(LOG_ERR, "error in config file");
2621 if (mod->config->start)
2622 (*mod->config->start)();
2624 mod->flags |= LM_STARTED;
2627 * Inform other modules
2629 TAILQ_FOREACH(m, &lmodules, link)
2630 if (m->config->loading)
2631 (*m->config->loading)(mod, 1);
2639 lm_unload(struct lmodule *m)
2642 const struct lmodule *mod;
2644 TAILQ_REMOVE(&lmodules, m, link);
2645 if (m->flags & LM_ONSTARTLIST)
2646 TAILQ_REMOVE(&modules_start, m, start);
2649 if ((m->flags & LM_STARTED) && m->config->fini &&
2650 (err = (*m->config->fini)()) != 0)
2651 syslog(LOG_WARNING, "lm_unload(%s): fini %d", m->section, err);
2662 * Inform other modules
2664 TAILQ_FOREACH(mod, &lmodules, link)
2665 if (mod->config->loading)
2666 (*mod->config->loading)(m, 0);
2672 * Register an object resource and return the index (or 0 on failures)
2675 or_register(const struct asn_oid *or, const char *descr, struct lmodule *mod)
2677 struct objres *objres, *or1;
2680 /* find a free index */
2682 for (objres = TAILQ_FIRST(&objres_list);
2684 objres = TAILQ_NEXT(objres, link)) {
2685 if ((or1 = TAILQ_NEXT(objres, link)) == NULL ||
2686 or1->index > objres->index + 1) {
2687 idx = objres->index + 1;
2692 if ((objres = malloc(sizeof(*objres))) == NULL)
2695 objres->index = idx;
2697 strlcpy(objres->descr, descr, sizeof(objres->descr));
2698 objres->uptime = (uint32_t)(get_ticks() - start_tick);
2699 objres->module = mod;
2701 INSERT_OBJECT_INT(objres, &objres_list);
2703 systemg.or_last_change = objres->uptime;
2709 or_unregister(u_int idx)
2711 struct objres *objres;
2713 TAILQ_FOREACH(objres, &objres_list, link)
2714 if (objres->index == idx) {
2715 TAILQ_REMOVE(&objres_list, objres, link);
2722 * RFC 3414 User-based Security Model support
2725 struct snmpd_usmstat *
2726 bsnmpd_get_usm_stats(void)
2728 return (&snmpd_usmstats);
2732 bsnmpd_reset_usm_stats(void)
2734 memset(&snmpd_usmstats, 0, sizeof(snmpd_usmstats));
2738 usm_first_user(void)
2740 return (SLIST_FIRST(&usm_userlist));
2744 usm_next_user(struct usm_user *uuser)
2749 return (SLIST_NEXT(uuser, up));
2753 usm_find_user(uint8_t *engine, uint32_t elen, char *uname)
2755 struct usm_user *uuser;
2757 SLIST_FOREACH(uuser, &usm_userlist, up)
2758 if (uuser->user_engine_len == elen &&
2759 memcmp(uuser->user_engine_id, engine, elen) == 0 &&
2760 strlen(uuser->suser.sec_name) == strlen(uname) &&
2761 strcmp(uuser->suser.sec_name, uname) == 0)
2768 usm_compare_user(struct usm_user *u1, struct usm_user *u2)
2772 if (u1->user_engine_len < u2->user_engine_len)
2774 if (u1->user_engine_len > u2->user_engine_len)
2777 for (i = 0; i < u1->user_engine_len; i++) {
2778 if (u1->user_engine_id[i] < u2->user_engine_id[i])
2780 if (u1->user_engine_id[i] > u2->user_engine_id[i])
2784 if (strlen(u1->suser.sec_name) < strlen(u2->suser.sec_name))
2786 if (strlen(u1->suser.sec_name) > strlen(u2->suser.sec_name))
2789 for (i = 0; i < strlen(u1->suser.sec_name); i++) {
2790 if (u1->suser.sec_name[i] < u2->suser.sec_name[i])
2792 if (u1->suser.sec_name[i] > u2->suser.sec_name[i])
2800 usm_new_user(uint8_t *eid, uint32_t elen, char *uname)
2803 struct usm_user *uuser, *temp, *prev;
2805 for (uuser = usm_first_user(); uuser != NULL;
2806 (uuser = usm_next_user(uuser))) {
2807 if (uuser->user_engine_len == elen &&
2808 strlen(uname) == strlen(uuser->suser.sec_name) &&
2809 strcmp(uname, uuser->suser.sec_name) == 0 &&
2810 memcmp(eid, uuser->user_engine_id, elen) == 0)
2814 if ((uuser = (struct usm_user *)malloc(sizeof(*uuser))) == NULL)
2817 memset(uuser, 0, sizeof(*uuser));
2818 strlcpy(uuser->suser.sec_name, uname, SNMP_ADM_STR32_SIZ);
2819 memcpy(uuser->user_engine_id, eid, elen);
2820 uuser->user_engine_len = elen;
2822 if ((prev = SLIST_FIRST(&usm_userlist)) == NULL ||
2823 usm_compare_user(uuser, prev) < 0) {
2824 SLIST_INSERT_HEAD(&usm_userlist, uuser, up);
2828 SLIST_FOREACH(temp, &usm_userlist, up) {
2829 if ((cmp = usm_compare_user(uuser, temp)) <= 0)
2834 if (temp == NULL || cmp < 0)
2835 SLIST_INSERT_AFTER(prev, uuser, up);
2837 SLIST_INSERT_AFTER(temp, uuser, up);
2839 syslog(LOG_ERR, "User %s exists", uuser->suser.sec_name);
2848 usm_delete_user(struct usm_user *uuser)
2850 SLIST_REMOVE(&usm_userlist, uuser, usm_user, up);
2855 usm_flush_users(void)
2857 struct usm_user *uuser;
2859 while ((uuser = SLIST_FIRST(&usm_userlist)) != NULL) {
2860 SLIST_REMOVE_HEAD(&usm_userlist, up);
2864 SLIST_INIT(&usm_userlist);
2868 * RFC 3415 View-based Access Control Model support
2871 vacm_first_user(void)
2873 return (SLIST_FIRST(&vacm_userlist));
2877 vacm_next_user(struct vacm_user *vuser)
2882 return (SLIST_NEXT(vuser, vvu));
2886 vacm_compare_user(struct vacm_user *v1, struct vacm_user *v2)
2890 if (v1->sec_model < v2->sec_model)
2892 if (v1->sec_model > v2->sec_model)
2895 if (strlen(v1->secname) < strlen(v2->secname))
2897 if (strlen(v1->secname) > strlen(v2->secname))
2900 for (i = 0; i < strlen(v1->secname); i++) {
2901 if (v1->secname[i] < v2->secname[i])
2903 if (v1->secname[i] > v2->secname[i])
2911 vacm_new_user(int32_t smodel, char *uname)
2914 struct vacm_user *user, *temp, *prev;
2916 SLIST_FOREACH(user, &vacm_userlist, vvu)
2917 if (strcmp(uname, user->secname) == 0 &&
2918 smodel == user->sec_model)
2921 if ((user = (struct vacm_user *)malloc(sizeof(*user))) == NULL)
2924 memset(user, 0, sizeof(*user));
2925 user->group = &vacm_default_group;
2926 SLIST_INSERT_HEAD(&vacm_default_group.group_users, user, vvg);
2927 user->sec_model = smodel;
2928 strlcpy(user->secname, uname, sizeof(user->secname));
2930 if ((prev = SLIST_FIRST(&vacm_userlist)) == NULL ||
2931 vacm_compare_user(user, prev) < 0) {
2932 SLIST_INSERT_HEAD(&vacm_userlist, user, vvu);
2936 SLIST_FOREACH(temp, &vacm_userlist, vvu) {
2937 if ((cmp = vacm_compare_user(user, temp)) <= 0)
2942 if (temp == NULL || cmp < 0)
2943 SLIST_INSERT_AFTER(prev, user, vvu);
2945 SLIST_INSERT_AFTER(temp, user, vvu);
2947 syslog(LOG_ERR, "User %s exists", user->secname);
2956 vacm_delete_user(struct vacm_user *user)
2958 if (user->group != NULL && user->group != &vacm_default_group) {
2959 SLIST_REMOVE(&user->group->group_users, user, vacm_user, vvg);
2960 if (SLIST_EMPTY(&user->group->group_users)) {
2961 SLIST_REMOVE(&vacm_grouplist, user->group,
2967 SLIST_REMOVE(&vacm_userlist, user, vacm_user, vvu);
2974 vacm_user_set_group(struct vacm_user *user, u_char *octets, u_int len)
2976 struct vacm_group *group;
2978 if (len >= SNMP_ADM_STR32_SIZ)
2981 SLIST_FOREACH(group, &vacm_grouplist, vge)
2982 if (strlen(group->groupname) == len &&
2983 memcmp(octets, group->groupname, len) == 0)
2986 if (group == NULL) {
2987 if ((group = (struct vacm_group *)malloc(sizeof(*group))) == NULL)
2989 memset(group, 0, sizeof(*group));
2990 memcpy(group->groupname, octets, len);
2991 group->groupname[len] = '\0';
2992 SLIST_INSERT_HEAD(&vacm_grouplist, group, vge);
2995 SLIST_REMOVE(&user->group->group_users, user, vacm_user, vvg);
2996 SLIST_INSERT_HEAD(&group->group_users, user, vvg);
2997 user->group = group;
3003 vacm_groups_init(void)
3005 SLIST_INSERT_HEAD(&vacm_grouplist, &vacm_default_group, vge);
3008 struct vacm_access *
3009 vacm_first_access_rule(void)
3011 return (TAILQ_FIRST(&vacm_accesslist));
3014 struct vacm_access *
3015 vacm_next_access_rule(struct vacm_access *acl)
3020 return (TAILQ_NEXT(acl, vva));
3024 vacm_compare_access_rule(struct vacm_access *v1, struct vacm_access *v2)
3028 if (strlen(v1->group->groupname) < strlen(v2->group->groupname))
3030 if (strlen(v1->group->groupname) > strlen(v2->group->groupname))
3033 for (i = 0; i < strlen(v1->group->groupname); i++) {
3034 if (v1->group->groupname[i] < v2->group->groupname[i])
3036 if (v1->group->groupname[i] > v2->group->groupname[i])
3040 if (strlen(v1->ctx_prefix) < strlen(v2->ctx_prefix))
3042 if (strlen(v1->ctx_prefix) > strlen(v2->ctx_prefix))
3045 for (i = 0; i < strlen(v1->ctx_prefix); i++) {
3046 if (v1->ctx_prefix[i] < v2->ctx_prefix[i])
3048 if (v1->ctx_prefix[i] > v2->ctx_prefix[i])
3052 if (v1->sec_model < v2->sec_model)
3054 if (v1->sec_model > v2->sec_model)
3057 if (v1->sec_level < v2->sec_level)
3059 if (v1->sec_level > v2->sec_level)
3065 struct vacm_access *
3066 vacm_new_access_rule(char *gname, char *cprefix, int32_t smodel, int32_t slevel)
3068 struct vacm_group *group;
3069 struct vacm_access *acl, *temp;
3071 TAILQ_FOREACH(acl, &vacm_accesslist, vva) {
3072 if (acl->group == NULL)
3074 if (strcmp(gname, acl->group->groupname) == 0 &&
3075 strcmp(cprefix, acl->ctx_prefix) == 0 &&
3076 acl->sec_model == smodel && acl->sec_level == slevel)
3080 /* Make sure the group exists */
3081 SLIST_FOREACH(group, &vacm_grouplist, vge)
3082 if (strcmp(gname, group->groupname) == 0)
3088 if ((acl = (struct vacm_access *)malloc(sizeof(*acl))) == NULL)
3091 memset(acl, 0, sizeof(*acl));
3093 strlcpy(acl->ctx_prefix, cprefix, sizeof(acl->ctx_prefix));
3094 acl->sec_model = smodel;
3095 acl->sec_level = slevel;
3097 if ((temp = TAILQ_FIRST(&vacm_accesslist)) == NULL ||
3098 vacm_compare_access_rule(acl, temp) < 0) {
3099 TAILQ_INSERT_HEAD(&vacm_accesslist, acl, vva);
3103 TAILQ_FOREACH(temp, &vacm_accesslist, vva)
3104 if (vacm_compare_access_rule(acl, temp) < 0) {
3105 TAILQ_INSERT_BEFORE(temp, acl, vva);
3109 TAILQ_INSERT_TAIL(&vacm_accesslist, acl, vva);
3115 vacm_delete_access_rule(struct vacm_access *acl)
3117 TAILQ_REMOVE(&vacm_accesslist, acl, vva);
3124 vacm_first_view(void)
3126 return (SLIST_FIRST(&vacm_viewlist));
3130 vacm_next_view(struct vacm_view *view)
3135 return (SLIST_NEXT(view, vvl));
3139 vacm_compare_view(struct vacm_view *v1, struct vacm_view *v2)
3143 if (strlen(v1->viewname) < strlen(v2->viewname))
3145 if (strlen(v1->viewname) > strlen(v2->viewname))
3148 for (i = 0; i < strlen(v1->viewname); i++) {
3149 if (v1->viewname[i] < v2->viewname[i])
3151 if (v1->viewname[i] > v2->viewname[i])
3155 return (asn_compare_oid(&v1->subtree, &v2->subtree));
3159 vacm_new_view(char *vname, struct asn_oid *oid)
3162 struct vacm_view *view, *temp, *prev;
3164 SLIST_FOREACH(view, &vacm_viewlist, vvl)
3165 if (strcmp(vname, view->viewname) == 0)
3168 if ((view = (struct vacm_view *)malloc(sizeof(*view))) == NULL)
3171 memset(view, 0, sizeof(*view));
3172 strlcpy(view->viewname, vname, sizeof(view->viewname));
3173 asn_append_oid(&view->subtree, oid);
3175 if ((prev = SLIST_FIRST(&vacm_viewlist)) == NULL ||
3176 vacm_compare_view(view, prev) < 0) {
3177 SLIST_INSERT_HEAD(&vacm_viewlist, view, vvl);
3181 SLIST_FOREACH(temp, &vacm_viewlist, vvl) {
3182 if ((cmp = vacm_compare_view(view, temp)) <= 0)
3187 if (temp == NULL || cmp < 0)
3188 SLIST_INSERT_AFTER(prev, view, vvl);
3190 SLIST_INSERT_AFTER(temp, view, vvl);
3192 syslog(LOG_ERR, "View %s exists", view->viewname);
3201 vacm_delete_view(struct vacm_view *view)
3203 SLIST_REMOVE(&vacm_viewlist, view, vacm_view, vvl);
3209 struct vacm_context *
3210 vacm_first_context(void)
3212 return (SLIST_FIRST(&vacm_contextlist));
3215 struct vacm_context *
3216 vacm_next_context(struct vacm_context *vacmctx)
3218 if (vacmctx == NULL)
3221 return (SLIST_NEXT(vacmctx, vcl));
3224 struct vacm_context *
3225 vacm_add_context(char *ctxname, int regid)
3228 struct vacm_context *ctx, *temp, *prev;
3230 SLIST_FOREACH(ctx, &vacm_contextlist, vcl)
3231 if (strcmp(ctxname, ctx->ctxname) == 0) {
3232 syslog(LOG_ERR, "Context %s exists", ctx->ctxname);
3236 if ((ctx = (struct vacm_context *)malloc(sizeof(*ctx))) == NULL)
3239 memset(ctx, 0, sizeof(*ctx));
3240 strlcpy(ctx->ctxname, ctxname, sizeof(ctx->ctxname));
3243 if ((prev = SLIST_FIRST(&vacm_contextlist)) == NULL ||
3244 strlen(ctx->ctxname) < strlen(prev->ctxname) ||
3245 strcmp(ctx->ctxname, prev->ctxname) < 0) {
3246 SLIST_INSERT_HEAD(&vacm_contextlist, ctx, vcl);
3250 SLIST_FOREACH(temp, &vacm_contextlist, vcl) {
3251 if (strlen(ctx->ctxname) < strlen(temp->ctxname) ||
3252 strcmp(ctx->ctxname, temp->ctxname) < 0) {
3259 if (temp == NULL || cmp < 0)
3260 SLIST_INSERT_AFTER(prev, ctx, vcl);
3262 SLIST_INSERT_AFTER(temp, ctx, vcl);
3264 syslog(LOG_ERR, "Context %s exists", ctx->ctxname);
3273 vacm_flush_contexts(int regid)
3275 struct vacm_context *ctx, *temp;
3277 SLIST_FOREACH_SAFE(ctx, &vacm_contextlist, vcl, temp)
3278 if (ctx->regid == regid) {
3279 SLIST_REMOVE(&vacm_contextlist, ctx, vacm_context, vcl);