include/net-snmp/library/snmp_secmod.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

#ifndef SNMPSECMOD_H
#define SNMPSECMOD_H

#ifdef __cplusplus
extern          "C" {
#endif

#include <net-snmp/library/snmp_transport.h>

/* Locally defined security models.
 * (Net-SNMP enterprise number = 8072)*256 + local_num
 */
#define NETSNMP_KSM_SECURITY_MODEL     2066432
#define NETSNMP_LOCALSM_SECURITY_MODEL 2066433

struct snmp_secmod_def;

/*
 * parameter information passed to security model routines
 */
struct snmp_secmod_outgoing_params {
    int             msgProcModel;
    u_char         *globalData;
    size_t          globalDataLen;
    int             maxMsgSize;
    int             secModel;
    u_char         *secEngineID;
    size_t          secEngineIDLen;
    char           *secName;
    size_t          secNameLen;
    int             secLevel;
    u_char         *scopedPdu;
    size_t          scopedPduLen;
    void           *secStateRef;
    u_char         *secParams;
    size_t         *secParamsLen;
    u_char        **wholeMsg;
    size_t         *wholeMsgLen;
    size_t         *wholeMsgOffset;
    netsnmp_pdu    *pdu;        /* IN - the pdu getting encoded            */
    netsnmp_session *session;   /* IN - session sending the message        */
};

struct snmp_secmod_incoming_params {
    int             msgProcModel;       /* IN */
    size_t          maxMsgSize; /* IN     - Used to calc maxSizeResponse.  */

    u_char         *secParams;  /* IN     - BER encoded securityParameters. */
    int             secModel;   /* IN */
    int             secLevel;   /* IN     - AuthNoPriv; authPriv etc.      */

    u_char         *wholeMsg;   /* IN     - Original v3 message.           */
    size_t          wholeMsgLen;        /* IN     - Msg length.                    */

    u_char         *secEngineID;        /* OUT    - Pointer snmpEngineID.          */
    size_t         *secEngineIDLen;     /* IN/OUT - Len available; len returned.   */
    /*
     * NOTE: Memory provided by caller.      
     */

    char           *secName;    /* OUT    - Pointer to securityName.       */
    size_t         *secNameLen; /* IN/OUT - Len available; len returned.   */

    u_char        **scopedPdu;  /* OUT    - Pointer to plaintext scopedPdu. */
    size_t         *scopedPduLen;       /* IN/OUT - Len available; len returned.   */

    size_t         *maxSizeResponse;    /* OUT    - Max size of Response PDU.      */
    void          **secStateRef;        /* OUT    - Ref to security state.         */
    netsnmp_session *sess;      /* IN     - session which got the message  */
    netsnmp_pdu    *pdu;        /* IN     - the pdu getting parsed         */
    u_char          msg_flags;  /* IN     - v3 Message flags.              */
};


/*
 * function pointers:
 */

/*
 * free's a given security module's data; called at unregistration time 
 */
typedef int     (SecmodSessionCallback) (netsnmp_session *);
typedef int     (SecmodPduCallback) (netsnmp_pdu *);
typedef int     (Secmod2PduCallback) (netsnmp_pdu *, netsnmp_pdu *);
typedef int     (SecmodOutMsg) (struct snmp_secmod_outgoing_params *);
typedef int     (SecmodInMsg) (struct snmp_secmod_incoming_params *);
typedef void    (SecmodFreeState) (void *);
typedef void    (SecmodHandleReport) (void *sessp,
                                      netsnmp_transport *transport,
                                      netsnmp_session *,
                                      int result,
                                      netsnmp_pdu *origpdu);

/*
 * definition of a security module
 */

/*
 * all of these callback functions except the encoding and decoding
 * routines are optional.  The rest of them are available if need.  
 */
struct snmp_secmod_def {
    /*
     * session maniplation functions 
     */
    SecmodSessionCallback *session_open;        /* called in snmp_sess_open()  */
    SecmodSessionCallback *session_close;       /* called in snmp_sess_close() */

    /*
     * pdu manipulation routines 
     */
    SecmodPduCallback *pdu_free;        /* called in free_pdu() */
    Secmod2PduCallback *pdu_clone;      /* called in snmp_clone_pdu() */
    SecmodPduCallback *pdu_timeout;     /* called when request timesout */
    SecmodFreeState *pdu_free_state_ref;        /* frees pdu->securityStateRef */

    /*
     * de/encoding routines: mandatory 
     */
    SecmodOutMsg   *encode_reverse;     /* encode packet back to front */
    SecmodOutMsg   *encode_forward;     /* encode packet forward */
    SecmodInMsg    *decode;     /* decode & validate incoming */

   /*
    * error and report handling
    */
   SecmodHandleReport *handle_report;
};


/*
 * internal list
 */
struct snmp_secmod_list {
    int             securityModel;
    struct snmp_secmod_def *secDef;
    struct snmp_secmod_list *next;
};


/*
 * register a security service 
 */
int             register_sec_mod(int, const char *,
                                 struct snmp_secmod_def *);
/*
 * find a security service definition 
 */
struct snmp_secmod_def *find_sec_mod(int);
/*
 * register a security service 
 */
int             unregister_sec_mod(int);        /* register a security service */
void            init_secmod(void);

/*
 * clears the sec_mod list
 */
void            clear_sec_mod(void);

#ifdef __cplusplus
}
#endif
#endif                          /* SNMPSECMOD_H */