diff options
Diffstat (limited to 'include/net-snmp/library/snmp_secmod.h')
-rw-r--r-- | include/net-snmp/library/snmp_secmod.h | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/include/net-snmp/library/snmp_secmod.h b/include/net-snmp/library/snmp_secmod.h new file mode 100644 index 0000000..aabb7ed --- /dev/null +++ b/include/net-snmp/library/snmp_secmod.h @@ -0,0 +1,180 @@ +#ifndef SNMPSECMOD_H +#define SNMPSECMOD_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include <net-snmp/library/snmp_transport.h> + +/* Locally defined security models. + * (Net-SNMP enterprise number = 8072)*256 + local_num + */ +#define NETSNMP_SEC_MODEL_KSM 2066432 +#define NETSNMP_KSM_SECURITY_MODEL NETSNMP_SEC_MODEL_KSM +#define NETSNMP_TSM_SECURITY_MODEL SNMP_SEC_MODEL_TSM + +struct snmp_secmod_def; + +/* + * parameter information passed to security model routines + */ +struct snmp_secmod_outgoing_params { + int msgProcModel; + u_char *globalData; + size_t globalDataLen; + int maxMsgSize; + int secModel; + u_char *secEngineID; + size_t secEngineIDLen; + char *secName; + size_t secNameLen; + int secLevel; + u_char *scopedPdu; + size_t scopedPduLen; + void *secStateRef; + u_char *secParams; + size_t *secParamsLen; + u_char **wholeMsg; + size_t *wholeMsgLen; + size_t *wholeMsgOffset; + netsnmp_pdu *pdu; /* IN - the pdu getting encoded */ + netsnmp_session *session; /* IN - session sending the message */ +}; + +struct snmp_secmod_incoming_params { + int msgProcModel; /* IN */ + size_t maxMsgSize; /* IN - Used to calc maxSizeResponse. */ + + u_char *secParams; /* IN - BER encoded securityParameters. */ + int secModel; /* IN */ + int secLevel; /* IN - AuthNoPriv; authPriv etc. */ + + u_char *wholeMsg; /* IN - Original v3 message. */ + size_t wholeMsgLen; /* IN - Msg length. */ + + u_char *secEngineID; /* OUT - Pointer snmpEngineID. */ + size_t *secEngineIDLen; /* IN/OUT - Len available; len returned. */ + /* + * NOTE: Memory provided by caller. + */ + + char *secName; /* OUT - Pointer to securityName. */ + size_t *secNameLen; /* IN/OUT - Len available; len returned. */ + + u_char **scopedPdu; /* OUT - Pointer to plaintext scopedPdu. */ + size_t *scopedPduLen; /* IN/OUT - Len available; len returned. */ + + size_t *maxSizeResponse; /* OUT - Max size of Response PDU. */ + void **secStateRef; /* OUT - Ref to security state. */ + netsnmp_session *sess; /* IN - session which got the message */ + netsnmp_pdu *pdu; /* IN - the pdu getting parsed */ + u_char msg_flags; /* IN - v3 Message flags. */ +}; + + +/* + * function pointers: + */ + +/* + * free's a given security module's data; called at unregistration time + */ +typedef int (SecmodSessionCallback) (netsnmp_session *); +typedef int (SecmodPduCallback) (netsnmp_pdu *); +typedef int (Secmod2PduCallback) (netsnmp_pdu *, netsnmp_pdu *); +typedef int (SecmodOutMsg) (struct snmp_secmod_outgoing_params *); +typedef int (SecmodInMsg) (struct snmp_secmod_incoming_params *); +typedef void (SecmodFreeState) (void *); +typedef void (SecmodHandleReport) (void *sessp, + netsnmp_transport *transport, + netsnmp_session *, + int result, + netsnmp_pdu *origpdu); +typedef int (SecmodDiscoveryMethod) (void *slp, netsnmp_session *session); +typedef int (SecmodPostDiscovery) (void *slp, netsnmp_session *session); + +typedef int (SecmodSessionSetup) (netsnmp_session *in_session, + netsnmp_session *out_session); +/* + * definition of a security module + */ + +/* + * all of these callback functions except the encoding and decoding + * routines are optional. The rest of them are available if need. + */ +struct snmp_secmod_def { + /* + * session maniplation functions + */ + SecmodSessionCallback *session_open; /* called in snmp_sess_open() */ + SecmodSessionCallback *session_close; /* called in snmp_sess_close() */ + SecmodSessionSetup *session_setup; + + /* + * pdu manipulation routines + */ + SecmodPduCallback *pdu_free; /* called in free_pdu() */ + Secmod2PduCallback *pdu_clone; /* called in snmp_clone_pdu() */ + SecmodPduCallback *pdu_timeout; /* called when request timesout */ + SecmodFreeState *pdu_free_state_ref; /* frees pdu->securityStateRef */ + + /* + * de/encoding routines: mandatory + */ + SecmodOutMsg *encode_reverse; /* encode packet back to front */ + SecmodOutMsg *encode_forward; /* encode packet forward */ + SecmodInMsg *decode; /* decode & validate incoming */ + + /* + * error and report handling + */ + SecmodHandleReport *handle_report; + + /* + * default engineID discovery mechanism + */ + SecmodDiscoveryMethod *probe_engineid; + SecmodPostDiscovery *post_probe_engineid; +}; + + +/* + * internal list + */ +struct snmp_secmod_list { + int securityModel; + struct snmp_secmod_def *secDef; + struct snmp_secmod_list *next; +}; + + +/* + * register a security service + */ +int register_sec_mod(int, const char *, + struct snmp_secmod_def *); +/* + * find a security service definition + */ +NETSNMP_IMPORT +struct snmp_secmod_def *find_sec_mod(int); +/* + * register a security service + */ +int unregister_sec_mod(int); /* register a security service */ +void init_secmod(void); +NETSNMP_IMPORT +void shutdown_secmod(void); + +/* + * clears the sec_mod list + */ +NETSNMP_IMPORT +void clear_sec_mod(void); + +#ifdef __cplusplus +} +#endif +#endif /* SNMPSECMOD_H */ |