| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add to bsnmpd(1) ability to specify multiple community strings with
different access rights.
By default there are two community strings with index 1 and 2, one for
read-only access and second for read-write access:
begemotSnmpdCommunityString.0.1 = $(read)
begemotSnmpdCommunityString.0.2 = $(write)
Now it is possible to define additional community strings using different
indexes:
begemotSnmpdCommunityString.0.3 = "SomeString1"
begemotSnmpdCommunityPermission.0.3 = 1
begemotSnmpdCommunityString.0.4 = "SomeString2"
begemotSnmpdCommunityPermission.0.4 = 2
begemotSnmpdCommunityString.0.5 = "SomeString3"
begemotSnmpdCommunityString.0.6 = "SomeString4"
New attribute begemotSnmpdCommunityPermission can be used to specify access
rights: 1 means "read-only" access, 2 means "read-write" access. If
attribute is not specified for some index this means "read-only" rights.
Community strings must be unique, i.e. must not be the same for different
indexes.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D13785
MFC r328171:
Rename "index" variable to "idx" since gcc complains that it shadows
index(3) function declaration.
|
|
|
|
| |
Fix format string warning with enabled DEBUGGING.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r315641:
bsnmp: don't leak snmp_client.fd in open_client_udp(..) on connect(2) failure
r315642:
bsnmp: explicitly test the return value for open_client_{local,udp} in snmp_open(..)
open_client_* returns -1 on failure; 0 on success. Ensure that the return value is
0 -- otherwise exit snmp_open(..).
|
|
|
|
|
|
|
|
|
|
|
| |
bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
out of order addresses
Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
to ensure that the value is properly initialized before it's inserted
into the TAILQ.
PR: 217760
|
|
|
|
|
|
|
|
|
| |
op_usm_users: don't deref uusers if it's NULL when SETting the value
Add an XXX comment to note that the conditional seems suspect given
how it's handled elsewhere in the SNMP_OP_SET case.
CID: 1008573
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use calloc instead of malloc with buffers in snmp_{recv,send}_packet
This doesn't fix the issue noted in the PR, but at the very least it
cleans up the error so it looks a bit more sane, and in the event
that bsnmp did wander off into the weeds, the likelihood of it
crashing with more sensible output is greater, in my opinion
MFC counter set high so I have enough time to resolve the real
underlying bug in bsnmpwalk
PR: 215721
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r312331 (by glebius):
Fix regression from r310655, which broke operation of bsnmpd if it is bound
to a non-wildcard address. As documented in ip(4), doing sendmsg(2) with
IP_SENDSRCADDR on a socket that is bound to non-wildcard address is
completely different to using this control message on a wildcard one.
A fix is to add a bool to mark whether we did setsockopt(IP_RECVDSTADDR)
on the socket, and use IP_SENDSRCADDR control message only if we did.
While here, garbage collect absolutely useless udp_recv() function that
establishes some structures on stack to never use them later.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r310656:
style(9): sort alignment in udp_recv(..)
r311221:
Initialize msg.msg_flags to 0
This mutes a valid coverity warning about it being uninitialized
when passed in to sendmsg(2).
CID: 1368202
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix bsnmpd sending/receiving with multi-homed configurations or INADDR_ANY used
as the listening address in snmpd_input(..)
Stash the IPv4 address of the receiver via the recv(..) callback and use it in
the send(..) callback for the transport by specifying IP_SENDSRCADDR for the
control message type.
Add sendmsg logic to the UDP transport's send(..) callback and use the
respective send(..) callback for the transport instead of calling sendto in
snmpd_input(..).
Obtained from: Isilon OneFS (^/onefs/branches/BR_8_0_0_DEV@r507595)
|
|
|
|
|
|
|
| |
Add a REVISION section to track changes for the BEGEMOT-IP-MIB MIB file
There haven't been any changes to the MIB definition, so the REVISION
remains static at the version it was imported at
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r311759:
Add a REVISION section to track changes for the FOKUS-MIB MIB file
There haven't been any changes to the MIB definition, so the REVISION
remains static at the version it was imported at
r311760:
Add a REVISION section to track changes for the BEGEMOT-MIB MIB file
There haven't been any changes to the MIB definition, so the REVISION
remains static at the version it was imported at
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r311750:
Check result from smiGetFirstNode and smiGetNodeByOID
This avoids a segfault with malformed or unanticipated files,
like IPV6-TC.txt (a file containing just TEXTUAL-CONVENTIONS).
Found with: gensnmpdef /usr/local/share/snmp/mibs/IPV6-TC.txt
r311754:
Use calloc instead of malloc + memset(.., 0, ..)
r311757:
Similar to r311750, check for the result from smiGetModule to avoid a segfault
when dereferencing a NULL pointer later on.
Choose to just check for the NULL pointer in the next for-loop for now to fix
the issue with a minimal amount of code churn
sys/queue.h use here would make more sense than using a static table
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MIB-II: use strlcpy when copying interface names to .ifr_name
.ifra_name is assumed to be NUL terminated; using strlcpy(3)
ensures that it's indeed NUL terminated whereas strncpy does
not.
Tested and verified as follows with a combination of ifconfig,
snmpget, and snmpset:
% ifconfig create lo1 127.0.0.2/8
% SNMPARGS="-v 3 -n '' -u bsnmp -A bsnmptest -l authPriv -a sha -x des -X bsnmptest localhost"
% snmpget $SNMPARGS IF-MIB::ifAdminStatus.4
IF-MIB::ifAdminStatus.4 = INTEGER: up(1)
% snmpset $SNMPARGS IF-MIB::ifAdminStatus.4 i 2
IF-MIB::ifAdminStatus.4 = INTEGER: down(2)
% snmpget $SNMPARGS IF-MIB::ifAdminStatus.4
IF-MIB::ifAdminStatus.4 = INTEGER: down(2)
% snmpset $SNMPARGS IF-MIB::ifAdminStatus.4 i 1
IF-MIB::ifAdminStatus.4 = INTEGER: up(1)
% snmpget $SNMPARGS IF-MIB::ifAdminStatus.4
IF-MIB::ifAdminStatus.4 = INTEGER: up(1)
CID: 1009652-1009656, 1349850
|
|
|
|
|
|
|
|
|
|
|
|
| |
lsock_init_port: address issues with initializing sockaddr_un object
- Use strlcpy to ensure p->name doesn't overflow sa.sun_path [*].
- Use SUN_LEN(..) instead of spelling out calculation longhand (inspired
by comment by jmallett).
Tested with: dgram and stream support with both bsnmpwalk and snmpwalk
CID: 1006825
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r310586:
Refactor transport sources a bit to facilitate changes coming down pipeline
Add recv callback to transport layer to better facilitate code reuse and
readability and for symmetry with send callback. Move recv_dgram and
recv_stream to udp_recv and lsock_recv, respectively, and make the
beforementioned functions recv callbacks for the udp and lsock transports,
respectively.
Consolidate the check_priv* functions in their relevant trans*.c source to
limit scope/use.
Note: this code is roughly based content from the submitter, although this
was modified to be more of a direct move from snmpd/main.c to the trans_*.c
sources, and to reduce unnecessary static function declarations.
r310587:
Fix definition for recv_dgram(..); it should be "ssize_t", not "int"
I'm not sure why this wasn't flagged as an issue by the compiler, yet
r310588:
Fix return type for `ret` (recv callback) and sort variables by alignment
Again, for reasons I don't yet understand, this is not being flagged by the
compiler. Unlike the issue addressed in r310587, this problem existed prior
to r310586
|
|
|
|
|
|
|
|
|
|
|
| |
lm_load: fix string copying issues
- Ensure `section` doesn't overrun section by using strlcpy instead of
strcpy [*].
- Use strdup instead of malloc + strcpy (this wasn't flagged by Coverity,
but is an opportunistic change).
CID: 1006826 [*]
|
|
|
|
|
|
| |
snmp_table_fetch_async: don't leak `work` if snmp_pdu_send(..) fails
CID: 1017276
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent improper memory accesses after calling snmp_pdu_free and snmp_value_free
snmp_pdu_free: set pdu->nbindings to 0 to limit the damage that
could happen if a pdu was reused after calling the function, and
as both stack and heap allocation types are used in contrib/bsnmp
and usr.sbin/bsnmpd.
snmp_value_free: NULL out value->v.octetstring.octets after calling
free on it to prevent a double-free from occurring.
|
|
|
|
| |
Use nitems(mib) instead of hardcoding mib's length when calling sysctl(3)
|
|
|
|
|
|
| |
snmp_mibII(3) requires net/if.h and net/if_mib.h
Document that requirement
|
|
|
|
| |
Remove unnecessary __unused attribute attached to `ctx` in op_begemot_mibII(..)
|
|
|
|
| |
op_usm_users: fix indentation in SNMP_OP_SET block
|
|
|
|
| |
Use calloc instead of malloc + memset(.., 0, ..)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Be more strict about IpAddress type in snmp_value_parse(..)
- Use inet_pton with AF_INET instead of doing longhand with sscanf.
- Use gethostbyname2 with AF_INET to ensure that the hostname isn't
accidentally parsed with another address family, e.g. AF_INET6.
NB: IpAddress per RFC-2578 is IPv4 only. Work is in progress to add
the InetAddress type and friends documented in RFC-4001 and
elsewhere (which supports IPv4, IPv6, and more).
|
|
|
|
|
|
|
|
|
|
|
| |
MIB-II: use strlcpy instead of strcpy when copying {descr,name}
This is of course to avoid buffer overruns
The remaining strcpy instance in the module needs to be audited for
correctness
CID: 1006827, 1006828
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r310957:
Use strlcpy when copying `com` to pdu->community to avoid potential
buffer overruns
CID: 1006823, 1006824
r310958:
Initialize ret to SNMPD_INPUT_OK at the top of snmp_input_start(..) to
avoid returning an uninitialized value
There are some really complicated, snakey if-statements combined with
switch statements that could result in an invalid value being returned
as `ret`
CID: 1006551
r310960:
Similar to r310954, set .len to 0 on malloc failure and to `len` only
on success
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r310931:
Use strdup in snmp_parse_server(..) when possible instead of malloc+strcpy
This simplifies the code and mutes a Coverity warning about sc->cport being
improperly allocated
CID: 1018247
r310942:
Unbreak the build by passing the string to strdup, not its length
Pointyhat to: ngie
r310988:
snmp_discover_engine: fix up req/resp (PDU object) handling a bit
- Call snmp_pdu_free on req and resp when done with the objects
- Call snmp_pdu_free on req before calling snmp_pdu_create on it
again
|
|
|
|
|
|
|
|
| |
Guard against use-after-free after calling mibif_free(..)
Set variables to NULL after calling free.
Also, remove unnecessary if (x != NULL) checks before calling free(x)
|
|
|
|
| |
Fix spelling errors; bump .Dd for the change
|
|
|
|
| |
Bump .Dd for the spelling and .Nm updates
|
|
|
|
|
|
|
|
|
|
| |
r311000:
Fix spelling errors
r311002:
Install bsnmpclient(3) as snmp_client_{init,set_host,set_port}(3)
|
|
|
|
| |
Fix whitespace in a comment and fixing a spelling error in a comment
|
|
|
|
|
|
|
|
| |
Use uint32_t instead of u_int32_t for or_last_change and services in "struct systemg"
This is being done to match "struct systemg" in snmpmod(3)
No functional change
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r310498:
Allow SNMPv3 authNoPriv and noAuthNoPriv protocols to discover snmpEngineTime
as discussed in RFC-5343
This fixes interoperability with net-snmp.
Tested with the following invocations of snmpwalk (from net-snmp):
- noAuthNoPriv:
% snmpwalk -v 3 -n '' -u public localhost snmpEngineTime
- authNoPriv:
% snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authNoPriv -a sha localhost \
localhost snmpEngineTime
- authPriv:
% snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authPriv -a sha -x des \
-X bsnmptest localhost snmpEngineTime
Obtained from: Isilon OneFS (5ec6d772cacbc, with minor tweaks)
r310591:
Update engine time using update_snmpd_engine_time(..)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r310500:
Minor style(9) fixes
- Trailing whitespace cleanup
- Sort variables in snmp_dialog(..) by alignment
No functional change
r310660:
style(9): fix whitespace in pdu_encode_secparams(..)
|
|
|
|
|
|
|
|
|
|
| |
r310662:
style(9): snmp_send_packet(..): fix whitespace
r310663:
style(9): ip_get(..): clean up whitespace
|
|
|
|
| |
style(9): clean up trailing whitespace
|
|
|
|
| |
style(9): snmp_send_packet(..): fix whitespace
|
|
|
|
|
|
|
|
|
|
| |
Clarify failure in snmp_output(..) with call to snmp_pdu_decode
- Explicitly test snmp_pdu_encode against SNMP_CODE_OK instead of assuming
any non-zero value is bad.
- Print out the code before calling abort() to give the end-user something
actionable to debug without having to recompile the binary, since the
core might not have these details.
|
|
|
|
|
|
|
|
|
| |
Fix style(9)
- Sort #includes
- Delete trailing whitespace
No functional change
|
|
|
|
| |
style(9): fix trailing whitespace
|
|
|
|
|
|
| |
Sort #includes
No functional change
|
|
|
|
| |
style(9): delete stray trailing whitespace after break statement
|
|
|
|
|
|
| |
Sort #includes per style(9)
No functional change
|
|
|
|
|
|
| |
Clean up trailing and leading whitespace
Fix variable type alignment in snmp_dialog(..)
|
|
|
|
|
|
|
| |
The CMSG_ family of macros take care of alignment, so we don't need r299830
at all, even if it was correct. Put NO_WCAST_ALIGN into Makefile.
Together with: peter
|
|
|
|
|
|
|
| |
Today is the 14th, not the 10th of May
Reported by: igor (derp)
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
| |
`6` doesn't occur in the OID; it was spurious
Bump .Dd for the change
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
| |
MFC after: 1 week
Reported by: igor
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
| |
Use memcpy instead of using direct assignment of void* pointers with
CMSG_DATA(..), which changes alignment
MFC after: 3 weeks
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
|