1 #ifndef SNMPSECMOD_H 2 #define SNMPSECMOD_H 3 4 #ifdef __cplusplus 5 extern "C" { 6 #endif 7 8 #include <net-snmp/library/snmp_transport.h> 9 10 /* Locally defined security models. 11 * (Net-SNMP enterprise number = 8072)*256 + local_num 12 */ 13 #define NETSNMP_SEC_MODEL_KSM 2066432 14 #define NETSNMP_KSM_SECURITY_MODEL NETSNMP_SEC_MODEL_KSM 15 #define NETSNMP_TSM_SECURITY_MODEL SNMP_SEC_MODEL_TSM 16 17 struct snmp_secmod_def; 18 19 /* 20 * parameter information passed to security model routines 21 */ 22 struct snmp_secmod_outgoing_params { 23 int msgProcModel; 24 u_char *globalData; 25 size_t globalDataLen; 26 int maxMsgSize; 27 int secModel; 28 u_char *secEngineID; 29 size_t secEngineIDLen; 30 char *secName; 31 size_t secNameLen; 32 int secLevel; 33 u_char *scopedPdu; 34 size_t scopedPduLen; 35 void *secStateRef; 36 u_char *secParams; 37 size_t *secParamsLen; 38 u_char **wholeMsg; 39 size_t *wholeMsgLen; 40 size_t *wholeMsgOffset; 41 netsnmp_pdu *pdu; /* IN - the pdu getting encoded */ 42 netsnmp_session *session; /* IN - session sending the message */ 43 }; 44 45 struct snmp_secmod_incoming_params { 46 int msgProcModel; /* IN */ 47 size_t maxMsgSize; /* IN - Used to calc maxSizeResponse. */ 48 49 u_char *secParams; /* IN - BER encoded securityParameters. */ 50 int secModel; /* IN */ 51 int secLevel; /* IN - AuthNoPriv; authPriv etc. */ 52 53 u_char *wholeMsg; /* IN - Original v3 message. */ 54 size_t wholeMsgLen; /* IN - Msg length. */ 55 56 u_char *secEngineID; /* OUT - Pointer snmpEngineID. */ 57 size_t *secEngineIDLen; /* IN/OUT - Len available; len returned. */ 58 /* 59 * NOTE: Memory provided by caller. 60 */ 61 62 char *secName; /* OUT - Pointer to securityName. */ 63 size_t *secNameLen; /* IN/OUT - Len available; len returned. */ 64 65 u_char **scopedPdu; /* OUT - Pointer to plaintext scopedPdu. */ 66 size_t *scopedPduLen; /* IN/OUT - Len available; len returned. */ 67 68 size_t *maxSizeResponse; /* OUT - Max size of Response PDU. */ 69 void **secStateRef; /* OUT - Ref to security state. */ 70 netsnmp_session *sess; /* IN - session which got the message */ 71 netsnmp_pdu *pdu; /* IN - the pdu getting parsed */ 72 u_char msg_flags; /* IN - v3 Message flags. */ 73 }; 74 75 76 /* 77 * function pointers: 78 */ 79 80 /* 81 * free's a given security module's data; called at unregistration time 82 */ 83 typedef int (SecmodSessionCallback) (netsnmp_session *); 84 typedef int (SecmodPduCallback) (netsnmp_pdu *); 85 typedef int (Secmod2PduCallback) (netsnmp_pdu *, netsnmp_pdu *); 86 typedef int (SecmodOutMsg) (struct snmp_secmod_outgoing_params *); 87 typedef int (SecmodInMsg) (struct snmp_secmod_incoming_params *); 88 typedef void (SecmodFreeState) (void *); 89 typedef void (SecmodHandleReport) (struct session_list *slp, 90 netsnmp_transport *transport, 91 netsnmp_session *, 92 int result, 93 netsnmp_pdu *origpdu); 94 typedef int (SecmodDiscoveryMethod) (struct session_list *slp, 95 netsnmp_session *session); 96 typedef int (SecmodPostDiscovery) (struct session_list *slp, 97 netsnmp_session *session); 98 99 typedef int (SecmodSessionSetup) (netsnmp_session *in_session, 100 netsnmp_session *out_session); 101 /* 102 * definition of a security module 103 */ 104 105 /* 106 * all of these callback functions except the encoding and decoding 107 * routines are optional. The rest of them are available if need. 108 */ 109 struct snmp_secmod_def { 110 /* 111 * session maniplation functions 112 */ 113 SecmodSessionCallback *session_open; /* called in snmp_sess_open() */ 114 SecmodSessionCallback *session_close; /* called in snmp_sess_close() */ 115 SecmodSessionSetup *session_setup; 116 117 /* 118 * pdu manipulation routines 119 */ 120 SecmodPduCallback *pdu_free; /* called in free_pdu() */ 121 Secmod2PduCallback *pdu_clone; /* called in snmp_clone_pdu() */ 122 SecmodPduCallback *pdu_timeout; /* called when request timesout */ 123 SecmodFreeState *pdu_free_state_ref; /* frees pdu->securityStateRef */ 124 125 /* 126 * de/encoding routines: mandatory 127 */ 128 SecmodOutMsg *encode_reverse; /* encode packet back to front */ 129 SecmodOutMsg *encode_forward; /* encode packet forward */ 130 SecmodInMsg *decode; /* decode & validate incoming */ 131 132 /* 133 * error and report handling 134 */ 135 SecmodHandleReport *handle_report; 136 137 /* 138 * default engineID discovery mechanism 139 */ 140 SecmodDiscoveryMethod *probe_engineid; 141 SecmodPostDiscovery *post_probe_engineid; 142 }; 143 144 145 /* 146 * internal list 147 */ 148 struct snmp_secmod_list { 149 int securityModel; 150 struct snmp_secmod_def *secDef; 151 struct snmp_secmod_list *next; 152 }; 153 154 155 /* 156 * register a security service 157 */ 158 int register_sec_mod(int, const char *, 159 struct snmp_secmod_def *); 160 /* 161 * find a security service definition 162 */ 163 NETSNMP_IMPORT 164 struct snmp_secmod_def *find_sec_mod(int); 165 /* 166 * register a security service 167 */ 168 int unregister_sec_mod(int); /* register a security service */ 169 void init_secmod(void); 170 NETSNMP_IMPORT 171 void shutdown_secmod(void); 172 173 /* 174 * clears the sec_mod list 175 */ 176 NETSNMP_IMPORT 177 void clear_sec_mod(void); 178 179 #ifdef __cplusplus 180 } 181 #endif 182 #endif /* SNMPSECMOD_H */ 183