Bring in a SNMP module that allows configuration of SNMPv3 Notification targets.

Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip
Approved by:	philip

7 files changed, 98 insertions, 26 deletions

diff --git a/contrib/bsnmp/lib/bsnmplib.3 b/contrib/bsnmp/lib/bsnmplib.3
index af36879..fbb956d 100644
--- a/contrib/bsnmp/lib/bsnmplib.3
+++ b/contrib/bsnmp/lib/bsnmplib.3
@@ -37,7 +37,7 @@
 .\"
 .\" $Begemot: bsnmp/lib/bsnmplib.3,v 1.9 2005/10/04 08:46:51 brandt_h Exp $
 .\"
-.Dd September 9, 2010
+.Dd December 19, 2010
 .Dt BSNMPLIB 3
 .Os
 .Sh NAME
@@ -50,6 +50,7 @@
 .Nm snmp_pdu_decode_header ,
 .Nm snmp_pdu_decode_scoped ,
 .Nm snmp_pdu_decode_secmode ,
+.Nm snmp_pdu_init_secparams ,
 .Nm snmp_pdu_dump ,
 .Nm snmp_passwd_to_keys ,
 .Nm snmp_get_local_keys ,
@@ -83,6 +84,8 @@ Begemot SNMP library
 .Ft enum snmp_code
 .Fn snmp_pdu_decode_secmode "struct asn_buf *buf" "struct snmp_pdu *pdu"
 .Ft void
+.Fn snmp_pdu_init_secparams "struct snmp_pdu *pdu"
+.Ft void
 .Fn snmp_pdu_dump "const struct snmp_pdu *pdu"
 .Ft enum snmp_code
 .Fn snmp_passwd_to_keys "struct snmp_user *user" "char *passwd"
@@ -175,12 +178,18 @@ This structure represents an SNMP engine as specified by the SNMP Management
 Architecture described in RFC 3411.
 .Pp
 .Bd -literal -offset indent
-#define	SNMP_USM_NAME_SIZ		(32 + 1)
+#define	SNMP_ADM_STR32_SIZ		(32 + 1)
 #define	SNMP_AUTH_KEY_SIZ		40
 #define	SNMP_PRIV_KEY_SIZ		32
 
+enum snmp_usm_level {
+	SNMP_noAuthNoPriv = 1,
+	SNMP_authNoPriv = 2,
+	SNMP_authPriv = 3
+};
+
 struct snmp_user {
-	char				sec_name[SNMP_USM_NAME_SIZ];
+	char				sec_name[SNMP_ADM_STR32_SIZ];
 	enum snmp_authentication	auth_proto;
 	enum snmp_privacy		priv_proto;
 	uint8_t				auth_key[SNMP_AUTH_KEY_SIZ];
@@ -230,7 +239,9 @@ contain the authentication and privacy keys for the user.
 #define	SNMP_MSG_PRIV_FLAG		0x2
 #define	SNMP_MSG_REPORT_FLAG		0x4
 
-#define	SNMP_SECMODEL_USM		3
+#define	SNMP_MPM_SNMP_V1		0
+#define	SNMP_MPM_SNMP_V2c		1
+#define	SNMP_MPM_SNMP_V3		3
 
 struct snmp_pdu {
 	char			community[SNMP_COMMUNITY_MAXLEN + 1];
@@ -296,7 +307,17 @@ and
 is the type of the PDU.
 .Fa security_model
 is the security model used for SNMPv3 PDUs. The only supported
-value currently is 3 (User-based Security Model).
+value currently is 3 (User-based Security Model). Additional values for any,
+unknown, SNMPv1 and SNMPv2c security models are also enumerated
+.Bd -literal -offset indent
+enum snmp_secmodel {
+	SNMP_SECMODEL_ANY = 0,
+	SNMP_SECMODEL_SNMPv1 = 1,
+	SNMP_SECMODEL_SNMPv2c = 2,
+	SNMP_SECMODEL_USM = 3,
+	SNMP_SECMODEL_UNKNOWN
+};
+.Ed
 .Pp
 The function
 .Fn snmp_value_free
@@ -366,6 +387,13 @@ if the PDU is encrypted, decrypts the PDU contents pointed to by
 If successfull, a plain text scoped PDU is stored in the buffer.
 .Pp
 The function
+.Fn snmp_pdu_init_secparams
+calculates the initialization vector for the privacy protocol in use before
+the PDU pointed to by 
+.Fa pdu
+may be encrypted or decrypted.
+.Pp
+The function
 .Fn snmp_pdu_dump
 dumps the PDU in a human readable form by calling
 .Fn snmp_printf .
diff --git a/contrib/bsnmp/lib/snmp.c b/contrib/bsnmp/lib/snmp.c
index 633d10e..744510c 100644
--- a/contrib/bsnmp/lib/snmp.c
+++ b/contrib/bsnmp/lib/snmp.c
@@ -764,6 +764,7 @@ snmp_pdu_encode_header(struct asn_buf *b, struct snmp_pdu *pdu)
 
 		if (pdu->type != SNMP_PDU_RESPONSE &&
 		    pdu->type != SNMP_PDU_TRAP &&
+		    pdu->type != SNMP_PDU_TRAP2 &&
 		    pdu->type != SNMP_PDU_REPORT)
 			pdu->flags |= SNMP_MSG_REPORT_FLAG;
 
@@ -1176,23 +1177,19 @@ snmp_value_copy(struct snmp_value *to, const struct snmp_value *from)
 }
 
 void
-snmp_pdu_init_secparams(struct snmp_pdu *pdu, struct snmp_engine *eng,
-    struct snmp_user *user)
+snmp_pdu_init_secparams(struct snmp_pdu *pdu)
 {
 	int32_t rval;
 
-	memcpy(&pdu->engine, eng, sizeof(pdu->engine));
-	memcpy(&pdu->user, user, sizeof(pdu->user));
-
-	if (user->auth_proto != SNMP_AUTH_NOAUTH)
+	if (pdu->user.auth_proto != SNMP_AUTH_NOAUTH)
 		pdu->flags |= SNMP_MSG_AUTH_FLAG;
 
-	switch (user->priv_proto) {
+	switch (pdu->user.priv_proto) {
 	case SNMP_PRIV_DES:
-		memcpy(pdu->msg_salt, &eng->engine_boots,
-		    sizeof(eng->engine_boots));
+		memcpy(pdu->msg_salt, &pdu->engine.engine_boots,
+		    sizeof(pdu->engine.engine_boots));
 		rval = random();
-		memcpy(pdu->msg_salt + sizeof(eng->engine_boots), &rval,
+		memcpy(pdu->msg_salt + sizeof(pdu->engine.engine_boots), &rval,
 		    sizeof(int32_t));
 		pdu->flags |= SNMP_MSG_PRIV_FLAG;
 		break;
diff --git a/contrib/bsnmp/lib/snmp.h b/contrib/bsnmp/lib/snmp.h
index 3a6cec7..631d2f2 100644
--- a/contrib/bsnmp/lib/snmp.h
+++ b/contrib/bsnmp/lib/snmp.h
@@ -89,6 +89,10 @@ enum snmp_version {
 	SNMP_V3,
 };
 
+#define	SNMP_MPM_SNMP_V1		0
+#define	SNMP_MPM_SNMP_V2c		1
+#define	SNMP_MPM_SNMP_V3		3
+
 #define	SNMP_ADM_STR32_SIZ		(32 + 1)
 #define	SNMP_AUTH_KEY_SIZ		40
 #define	SNMP_PRIV_KEY_SIZ		32
@@ -255,6 +259,7 @@ int snmp_value_parse(const char *, enum snmp_syntax, union snmp_values *);
 int snmp_value_copy(struct snmp_value *, const struct snmp_value *);
 
 void snmp_pdu_free(struct snmp_pdu *);
+void snmp_pdu_init_secparams(struct snmp_pdu *);
 enum snmp_code snmp_pdu_decode(struct asn_buf *b, struct snmp_pdu *pdu, int32_t *);
 enum snmp_code snmp_pdu_decode_header(struct asn_buf *, struct snmp_pdu *);
 enum snmp_code snmp_pdu_decode_scoped(struct asn_buf *, struct snmp_pdu *, int32_t *);
diff --git a/contrib/bsnmp/lib/snmpagent.c b/contrib/bsnmp/lib/snmpagent.c
index 9cd9676..888d622 100644
--- a/contrib/bsnmp/lib/snmpagent.c
+++ b/contrib/bsnmp/lib/snmpagent.c
@@ -178,7 +178,9 @@ snmp_pdu_create_response(struct snmp_pdu *pdu, struct snmp_pdu *resp)
 	if (resp->version != SNMP_V3)
 		return;
 
-	snmp_pdu_init_secparams(resp, &pdu->engine, &pdu->user);
+	memcpy(&resp->engine, &pdu->engine, sizeof(pdu->engine));
+	memcpy(&resp->user, &pdu->user, sizeof(pdu->user));
+	snmp_pdu_init_secparams(resp);
 	resp->identifier = pdu->identifier;
 	resp->security_model = pdu->security_model;
 	resp->context_engine_len = pdu->context_engine_len;
diff --git a/contrib/bsnmp/lib/snmpclient.c b/contrib/bsnmp/lib/snmpclient.c
index 103ea69..8610a4d 100644
--- a/contrib/bsnmp/lib/snmpclient.c
+++ b/contrib/bsnmp/lib/snmpclient.c
@@ -1160,10 +1160,11 @@ snmp_pdu_create(struct snmp_pdu *pdu, u_int op)
 	pdu->flags = 0;
 	pdu->security_model = snmp_client.security_model;
 
-	if (snmp_client.security_model == SNMP_SECMODEL_USM)
-		snmp_pdu_init_secparams(pdu, &snmp_client.engine,
-		    &snmp_client.user);
-	else
+	if (snmp_client.security_model == SNMP_SECMODEL_USM) {
+		memcpy(&pdu->engine, &snmp_client.engine, sizeof(pdu->engine));
+		memcpy(&pdu->user, &snmp_client.user, sizeof(pdu->user));
+		snmp_pdu_init_secparams(pdu);
+	} else
 		seterr(&snmp_client, "unknown security model");
 
 	if (snmp_client.clen > 0) {
@@ -1440,9 +1441,11 @@ snmp_receive_packet(struct snmp_pdu *pdu, struct timeval *tv)
 	abuf.asn_len = ret;
 
 	memset(pdu, 0, sizeof(*pdu));
-	if (snmp_client.security_model == SNMP_SECMODEL_USM)
-		snmp_pdu_init_secparams(pdu, &snmp_client.engine,
-		    &snmp_client.user);
+	if (snmp_client.security_model == SNMP_SECMODEL_USM) {
+		memcpy(&pdu->engine, &snmp_client.engine, sizeof(pdu->engine));
+		memcpy(&pdu->user, &snmp_client.user, sizeof(pdu->user));
+		snmp_pdu_init_secparams(pdu);
+	}
 
 	if (SNMP_CODE_OK != (ret = snmp_pdu_decode(&abuf, pdu, &ip))) {
 		seterr(&snmp_client, "snmp_decode_pdu: failed %d", ret);
diff --git a/contrib/bsnmp/lib/snmppriv.h b/contrib/bsnmp/lib/snmppriv.h
index 56441cc..c0e4479 100644
--- a/contrib/bsnmp/lib/snmppriv.h
+++ b/contrib/bsnmp/lib/snmppriv.h
@@ -38,9 +38,6 @@ enum snmp_code snmp_fix_encoding(struct asn_buf *, struct snmp_pdu *);
 enum asn_err snmp_parse_pdus_hdr(struct asn_buf *b, struct snmp_pdu *pdu,
     asn_len_t *lenp);
 
-void snmp_pdu_init_secparams(struct snmp_pdu *, struct snmp_engine *,
-    struct snmp_user *);
-
 enum snmp_code snmp_pdu_calc_digest(const struct snmp_pdu *, uint8_t *);
 enum snmp_code snmp_pdu_encrypt(const struct snmp_pdu *);
 enum snmp_code snmp_pdu_decrypt(const struct snmp_pdu *);
diff --git a/contrib/bsnmp/lib/tc.def b/contrib/bsnmp/lib/tc.def
new file mode 100755
index 0000000..65f6972
--- /dev/null
+++ b/contrib/bsnmp/lib/tc.def
@@ -0,0 +1,40 @@
+#-
+# Copyright (C) 2010 The FreeBSD Foundation
+# All rights reserved.
+#
+# This software was developed by Shteryana Sotirova Shopova under
+# sponsorship from the FreeBSD Foundation.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+typedef RowStatus ENUM (
+	1 active
+	2 notInService
+	3 notReady
+	4 createAndGo
+	5 createAndWait
+	6 destroy
+)
+