00001 /*_############################################################################ 00002 _## 00003 _## usm_v3.h 00004 _## 00005 _## SNMP++v3.2.15 00006 _## ----------------------------------------------- 00007 _## Copyright (c) 2001-2004 Jochen Katz, Frank Fock 00008 _## 00009 _## This software is based on SNMP++2.6 from Hewlett Packard: 00010 _## 00011 _## Copyright (c) 1996 00012 _## Hewlett-Packard Company 00013 _## 00014 _## ATTENTION: USE OF THIS SOFTWARE IS SUBJECT TO THE FOLLOWING TERMS. 00015 _## Permission to use, copy, modify, distribute and/or sell this software 00016 _## and/or its documentation is hereby granted without fee. User agrees 00017 _## to display the above copyright notice and this license notice in all 00018 _## copies of the software and any documentation of the software. User 00019 _## agrees to assume all liability for the use of the software; 00020 _## Hewlett-Packard and Jochen Katz make no representations about the 00021 _## suitability of this software for any purpose. It is provided 00022 _## "AS-IS" without warranty of any kind, either express or implied. User 00023 _## hereby grants a royalty-free license to any and all derivatives based 00024 _## upon this software code base. 00025 _## 00026 _## Stuttgart, Germany, Tue Jan 4 21:42:42 CET 2005 00027 _## 00028 _##########################################################################*/ 00029 // $Id: usm_v3.h,v 1.5 2004/03/03 23:11:21 katz Exp $ 00030 00031 #ifndef _USM_V3 00032 #define _USM_V3 00033 00034 #include "snmp_pp/config_snmp_pp.h" 00035 00036 #ifdef _SNMPv3 00037 00038 #include "snmp_pp/smi.h" 00039 #include "snmp_pp/octet.h" 00040 00041 #ifdef SNMP_PP_NAMESPACE 00042 namespace Snmp_pp { 00043 #endif 00044 00045 #define MAXUINT32 4294967295u 00046 00047 // the maximum allowed length of the username 00048 #define MAXLEN_USMUSERNAME 32 00049 #define MAXLEN_USMSECURITYNAME MAXLEN_USMUSERNAME 00050 00051 #define SNMPv3_AUTHFLAG 0x01 00052 #define SNMPv3_PRIVFLAG 0x02 00053 #define SNMPv3_REPORTABLEFLAG 0x04 00054 00055 #define NOKEY 0 00056 #define AUTHKEY 1 00057 #define PRIVKEY 2 00058 #define OWNAUTHKEY 3 00059 #define OWNPRIVKEY 4 00060 00061 /** @name SecurityLevels 00062 * 00063 * When sending a SNMPv3 message, one of these security levels can be 00064 * set on the Pdu object. 00065 */ 00066 //@{ 00067 #define SNMP_SECURITY_LEVEL_NOAUTH_NOPRIV 1 ///< noAuthNoPriv 00068 #define SNMP_SECURITY_LEVEL_AUTH_NOPRIV 2 ///< authNoPriv 00069 #define SNMP_SECURITY_LEVEL_AUTH_PRIV 3 ///< authPriv 00070 //@} 00071 00072 /** @name AuthProtocols 00073 * 00074 * Each user of the USM must use one authentication protocol (which 00075 * may be none. 00076 */ 00077 //@{ 00078 #define SNMP_AUTHPROTOCOL_NONE 1 ///< None 00079 #define SNMP_AUTHPROTOCOL_HMACMD5 2 ///< HMAC-MD5 00080 #define SNMP_AUTHPROTOCOL_HMACSHA 3 ///< HMAC-SHA 00081 //@} 00082 00083 /** @name PrivProtocols 00084 * 00085 * Each user of the USM must use one privacy protocol (which may be 00086 * none. 00087 */ 00088 //@{ 00089 #define SNMP_PRIVPROTOCOL_NONE 1 ///< None 00090 #define SNMP_PRIVPROTOCOL_DES 2 ///< DES 00091 #define SNMP_PRIVPROTOCOL_IDEA 9 ///< IDEA (non standard) 00092 #define SNMP_PRIVPROTOCOL_AES128 19 ///< AES128 (draft standard) 00093 #define SNMP_PRIVPROTOCOL_AES192 20 ///< AES192 (draft standard) 00094 #define SNMP_PRIVPROTOCOL_AES256 21 ///< AES256 (draft standard) 00095 //@} 00096 00097 /** @name USM-ErrorCodes 00098 * 00099 * Each method of the class USM may return one of the following 00100 * error codes. 00101 */ 00102 //@{ 00103 #define SNMPv3_USM_OK 1400 00104 #define SNMPv3_USM_ERROR 1401 00105 #define SNMPv3_USM_ERROR_CONFIGFILE 1402 00106 #define SNMPv3_USM_UNSUPPORTED_SECURITY_LEVEL 1403 00107 #define SNMPv3_USM_UNKNOWN_SECURITY_NAME 1404 00108 #define SNMPv3_USM_ENCRYPTION_ERROR 1405 00109 #define SNMPv3_USM_DECRYPTION_ERROR 1406 00110 #define SNMPv3_USM_AUTHENTICATION_ERROR 1407 00111 #define SNMPv3_USM_AUTHENTICATION_FAILURE 1408 00112 #define SNMPv3_USM_PARSE_ERROR 1409 00113 #define SNMPv3_USM_UNKNOWN_ENGINEID 1410 00114 #define SNMPv3_USM_NOT_IN_TIME_WINDOW 1411 00115 #define SNMPv3_USM_UNSUPPORTED_AUTHPROTOCOL 1412 00116 #define SNMPv3_USM_UNSUPPORTED_PRIVPROTOCOL 1413 00117 #define SNMPv3_USM_ADDRESS_ERROR 1414 00118 #define SNMPv3_USM_FILECREATE_ERROR 1415 00119 #define SNMPv3_USM_FILEOPEN_ERROR 1416 00120 #define SNMPv3_USM_FILERENAME_ERROR 1417 00121 #define SNMPv3_USM_FILEDELETE_ERROR 1418 00122 #define SNMPv3_USM_FILEWRITE_ERROR 1419 00123 #define SNMPv3_USM_FILEREAD_ERROR 1420 00124 //@} 00125 00126 /** @name Statistics on error codes. */ 00127 //@{ 00128 #define SNMPv3_USM_MAX_ERROR SNMPv3_USM_FILEREAD_ERROR 00129 #define SNMPv3_USM_MIN_ERROR SNMPv3_USM_OK 00130 #define SNMPv3_USM_ERRORCOUNT SNMPv3_USM_MAX_ERROR - SNMPv3_USM_MIN_ERROR 00131 //@} 00132 00133 #define oidUsmStats "1.3.6.1.6.3.15.1.1" 00134 #define oidUsmStatsUnsupportedSecLevels "1.3.6.1.6.3.15.1.1.1.0" 00135 #define oidUsmStatsNotInTimeWindows "1.3.6.1.6.3.15.1.1.2.0" 00136 #define oidUsmStatsUnknownUserNames "1.3.6.1.6.3.15.1.1.3.0" 00137 #define oidUsmStatsUnknownEngineIDs "1.3.6.1.6.3.15.1.1.4.0" 00138 #define oidUsmStatsWrongDigests "1.3.6.1.6.3.15.1.1.5.0" 00139 #define oidUsmStatsDecryptionErrors "1.3.6.1.6.3.15.1.1.6.0" 00140 00141 #define oidUsmUserTable "1.3.6.1.6.3.15.1.2.2" 00142 #define oidUsmUserEntry "1.3.6.1.6.3.15.1.2.2.1" 00143 00144 #define oidUsmAuthProtocolBase "1.3.6.1.6.3.10.1.1" 00145 #define oidUsmNoAuthProtocol "1.3.6.1.6.3.10.1.1.1" 00146 #define oidUsmHMACMD5AuthProtocol "1.3.6.1.6.3.10.1.1.2" 00147 #define oidUsmHMACSHAAuthProtocol "1.3.6.1.6.3.10.1.1.3" 00148 00149 #define oidUsmPrivProtocolBase "1.3.6.1.6.3.10.1.2" 00150 #define oidUsmNoPrivProtocol "1.3.6.1.6.3.10.1.2.1" 00151 #define oidUsmDESPrivProtocol "1.3.6.1.6.3.10.1.2.2" 00152 #define oidUsmIDEAPrivProtocol "1.3.6.1.6.3.10.1.2.9" 00153 #define oidUsmAES128PrivProtocol "1.3.6.1.6.3.10.1.2.19" 00154 #define oidUsmAES192PrivProtocol "1.3.6.1.6.3.10.1.2.20" 00155 #define oidUsmAES256PrivProtocol "1.3.6.1.6.3.10.1.2.21" 00156 00157 00158 #define USM_KeyUpdate 1 00159 #define USM_PasswordUpdate 2 00160 #define USM_PasswordKeyUpdate 3 00161 #define USM_PasswordAllKeyUpdate 4 00162 00163 class SnmpTarget; 00164 class Pdu; 00165 00166 struct UsmKeyUpdate; 00167 00168 struct UsmUserTableEntry { 00169 unsigned char *usmUserEngineID; long int usmUserEngineIDLength; 00170 unsigned char *usmUserName; long int usmUserNameLength; 00171 unsigned char *usmUserSecurityName; long int usmUserSecurityNameLength; 00172 long int usmUserAuthProtocol; 00173 unsigned char *usmUserAuthKey; long int usmUserAuthKeyLength; 00174 long int usmUserPrivProtocol; 00175 unsigned char *usmUserPrivKey; long int usmUserPrivKeyLength; 00176 }; 00177 00178 struct UsmUser { 00179 unsigned char *engineID; long int engineIDLength; 00180 unsigned char *usmUserName; long int usmUserNameLength; 00181 unsigned char *securityName; long int securityNameLength; 00182 long int authProtocol; 00183 unsigned char *authKey; long int authKeyLength; 00184 long int privProtocol; 00185 unsigned char *privKey; long int privKeyLength; 00186 }; 00187 00188 struct UsmUserNameTableEntry { 00189 OctetStr usmUserName; 00190 OctetStr usmUserSecurityName; 00191 long int usmUserAuthProtocol; 00192 long int usmUserPrivProtocol; 00193 unsigned char *authPassword; long int authPasswordLength; 00194 unsigned char *privPassword; long int privPasswordLength; 00195 }; 00196 00197 //-----------[ async methods callback ]----------------------------------- 00198 typedef void (*usm_add_user_callback)(const OctetStr &engine_id, 00199 const OctetStr &usm_user_name, 00200 const OctetStr &usm_user_security_name, 00201 const int auth_protocol, 00202 const OctetStr &auth_key, 00203 const int priv_protocol, 00204 const OctetStr &priv_key); 00205 00206 struct SecurityStateReference; 00207 00208 class AuthPriv; 00209 class USMTimeTable; 00210 class USMUserNameTable; 00211 class USMUserTable; 00212 class v3MP; 00213 00214 /** 00215 * This is the class for the User Based Security Model. 00216 * 00217 * To add or delete users, the methods add_usm_user() and delete_usm_user() 00218 * should be used. 00219 */ 00220 class DLLOPT USM 00221 { 00222 friend class v3MP; 00223 00224 public: 00225 00226 /** 00227 * Create an instance of the USM. 00228 * 00229 * @param engine_boots - The new value for the snmpEngineBoots counter 00230 * @param engine_id - The local snmp engine id 00231 * @param v3_mp - Pointer to the parent v3MP object. 00232 * @param msg_id - OUT: The initial value for the msgID 00233 * @param result - OUT: construct status, should be SNMPv3_USM_OK 00234 */ 00235 USM(unsigned int engine_boots, const OctetStr &engine_id, const v3MP *v3_mp, 00236 unsigned int *msg_id, int &result); 00237 00238 /** 00239 * Destructor. 00240 */ 00241 ~USM(); 00242 00243 /** 00244 * Enables the discovery mode of the USM, i.e. the USM accepts all messages 00245 * with unknown engine ids and adds these engine ids to its tables. 00246 */ 00247 void set_discovery_mode() { discovery_mode = 1; }; 00248 00249 /** 00250 * Disables the discovery mode of the USM, i.e. the USM will not accept any 00251 * message with an unknown engine id. 00252 */ 00253 void unset_discovery_mode() { discovery_mode = 0; }; 00254 00255 /** 00256 * Return TRUE if the USM discovery mode is enabled, FALSE else. 00257 */ 00258 int is_discovery_enabled() const { return discovery_mode; }; 00259 00260 /** 00261 * Add a new user to the usmUserNameTable. If the User is already known 00262 * to the USM, the old entry is replaced. 00263 * The USM will compute a userName for the given securityName, which 00264 * will be the same as securityName (recommended). 00265 * 00266 * @param security_name - Unique securityName 00267 * @param auth_protocol - Possible values are: 00268 * SNMP_AUTHPROTOCOL_NONE, 00269 * SNMP_AUTHPROTOCOL_HMACMD5, 00270 * SNMP_AUTHPROTOCOL_HMACSHA 00271 * @param priv_protocol - Possible values are: 00272 * SNMP_PRIVPROTOCOL_NONE, 00273 * SNMP_PRIVPROTOCOL_DES, 00274 * SNMP_PRIVPROTOCOL_IDEA 00275 * @param auth_password - Secret password for authentication 00276 * @param priv_password - Secret password for privacy 00277 * 00278 * @return - SNMPv3_USM_OK or 00279 * SNMP_v3_USM_ERROR (memory error, not initialized) 00280 */ 00281 int add_usm_user(const OctetStr& security_name, 00282 const long int auth_protocol, 00283 const long int priv_protocol, 00284 const OctetStr& auth_password, 00285 const OctetStr& priv_password); 00286 00287 /** 00288 * Add a new user to the usmUserNameTable. If the userName is already known 00289 * to the USM, the old entry is replaced. 00290 * 00291 * It is not recommended to add users with userName != securityName. 00292 * 00293 * @param user_name - Unique userName 00294 * @param security_name - Unique securityName 00295 * @param auth_protocol - Possible values are: 00296 * SNMP_AUTHPROTOCOL_NONE, 00297 * SNMP_AUTHPROTOCOL_HMACMD5, 00298 * SNMP_AUTHPROTOCOL_HMACSHA 00299 * @param priv_protocol - Possible values are: 00300 * SNMP_PRIVPROTOCOL_NONE, 00301 * SNMP_PRIVPROTOCOL_DES, 00302 * SNMP_PRIVPROTOCOL_IDEA 00303 * @param auth_password - Secret password for authentication 00304 * @param priv_password - Secret password for privacy 00305 * 00306 * @return - SNMPv3_USM_OK or 00307 * SNMP_v3_USM_ERROR (memory error, not initialized) 00308 */ 00309 int add_usm_user(const OctetStr& user_name, 00310 const OctetStr& security_name, 00311 const long int auth_protocol, 00312 const long int priv_protocol, 00313 const OctetStr& auth_password, 00314 const OctetStr& priv_password); 00315 00316 /** 00317 * Delete all occurences of the user with the given security name 00318 * from the USM. 00319 * 00320 * @param security_name - the securityName of the user 00321 * 00322 * @return - SNMPv3_USM_OK, SNMPv3_USM_ERROR (not initialized) 00323 */ 00324 int delete_usm_user(const OctetStr& security_name); 00325 00326 00327 /** 00328 * Save all localized users into a file. 00329 * 00330 * @param file - filename including path 00331 * 00332 * @return SNMPv3_USM_ERROR, SNMPv3_USM_FILECREATE_ERROR, 00333 * SNMPv3_USM_FILERENAME_ERROR or SNMPv3_USM_OK 00334 */ 00335 int save_localized_users(const char *file); 00336 00337 /** 00338 * Load localized users from a file. 00339 * 00340 * @param file - filename including path 00341 * 00342 * @return SNMPv3_USM_ERROR, SNMPv3_USM_FILEOPEN_ERROR, 00343 * SNMPv3_USM_FILEREAD_ERROR or SNMPv3_USM_OK 00344 */ 00345 int load_localized_users(const char *file); 00346 00347 /** 00348 * Save all users with their passwords into a file. 00349 * 00350 * @param file - filename including path 00351 * 00352 * @return SNMPv3_USM_ERROR, SNMPv3_USM_FILECREATE_ERROR, 00353 * SNMPv3_USM_FILERENAME_ERROR or SNMPv3_USM_OK 00354 */ 00355 int save_users(const char *file); 00356 00357 /** 00358 * Load users with their passwords from a file. 00359 * 00360 * @param file - filename including path 00361 * 00362 * @return SNMPv3_USM_ERROR, SNMPv3_USM_FILEOPEN_ERROR, 00363 * SNMPv3_USM_FILEREAD_ERROR or SNMPv3_USM_OK 00364 */ 00365 int load_users(const char *file); 00366 00367 /** 00368 * Add or replace a localized user in the USM table. Use this method 00369 * only, if you know what you are doing. 00370 * 00371 * @param engine_id - The engineID, the key was localized with 00372 * @param user_name - The name of the user (in the USM) 00373 * @param security_name - The securityName of the user, this name 00374 * is the same for all securityModels 00375 * @param auth_protocol - Possible values are: 00376 * SNMP_AUTHPROTOCOL_NONE, 00377 * SNMP_AUTHPROTOCOL_HMACMD5, 00378 * SNMP_AUTHPROTOCOL_HMACSHA 00379 * @param auth_key - The key used for authentications 00380 * @param priv_protocol - Possible values are: 00381 * SNMP_PRIVPROTOCOL_NONE, 00382 * SNMP_PRIVPROTOCOL_DES, 00383 * SNMP_PRIVPROTOCOL_IDEA 00384 * @param priv_key - The key used for privacy 00385 * 00386 * @return - SNMPv3_USM_OK 00387 * SNMP_v3_USM_ERROR (not initialized, no memory) */ 00388 int add_localized_user(const OctetStr &engine_id, 00389 const OctetStr &user_name, 00390 const OctetStr &security_name, 00391 const long auth_protocol, 00392 const OctetStr &auth_key, 00393 const long priv_protocol, 00394 const OctetStr &priv_key); 00395 00396 /** 00397 * Delete all localized entries of this user from the usmUserTable. 00398 * 00399 * @param user_name - The userName that should be deleted 00400 * 00401 * @return - SNMPv3_USM_ERROR (not initialized), 00402 * SNMPv3_USM_OK (user deleted or not in table) 00403 */ 00404 int delete_localized_user(const OctetStr& user_name); 00405 00406 00407 /** 00408 * Delete the entry with the given userName and engineID 00409 * from the usmUserTable 00410 * 00411 * @param engine_id - The engineID 00412 * @param user_name - The userName that should be deleted 00413 * 00414 * @return - SNMPv3_USM_ERROR (not initialkized), 00415 * SNMPv3_USM_OK (user deleted or not in table) 00416 */ 00417 int delete_localized_user(const OctetStr& engine_id, 00418 const OctetStr& user_name); 00419 00420 00421 /** 00422 * Replace a localized key of the user and engineID in the 00423 * usmUserTable. 00424 * 00425 * @param user_name - The name of the user in the USM 00426 * @param user_name_len - The length of the user name 00427 * @param engine_id - Change the localized key for the SNMP 00428 * entity with this engine id 00429 * @param engine_id_len - The length of the engine id 00430 * @param new_key - The new key 00431 * @param new_key_len - The length of the new key 00432 * @param type_of_key - AUTHKEY, OWNAUTHKEY, PRIVKEY or OWNPRIVKEY 00433 * 00434 * @return - SNMPv3_USM_ERROR (no such entry or not initialized), 00435 * SNMPv3_USM_OK 00436 */ 00437 int update_key(const unsigned char* user_name, const long user_name_len, 00438 const unsigned char* engine_id, const long engine_id_len, 00439 const unsigned char* new_key, const long new_key_len, 00440 const int type_of_key); 00441 00442 /** 00443 * Search for a user with the given securityName and engineID 00444 * in the usmUserTable and return the entry. If no entry 00445 * could be found, the usmUserNameTable is searched for the given 00446 * securityName. If this table has an entry of this user, a 00447 * localized entry is generated, added to the usmUserTable and 00448 * returned to the caller. 00449 * 00450 * The caller has to do a delete on the returned struct. 00451 * 00452 * @param engine_id - 00453 * @param security_name - 00454 * 00455 * @return - a pointer to the structure if an entry could be found 00456 * or was generated, NULL for all errors 00457 */ 00458 struct UsmUser *get_user(const OctetStr &engine_id, 00459 const OctetStr &security_name); 00460 00461 00462 /** 00463 * Get the security name from a user name. 00464 * 00465 * @param user_name - 00466 * @param user_name_len - 00467 * @param security_name - Buffer for the securityName 00468 * 00469 * @return - SNMPv3_USM_ERROR (not initialized, not found, buffer too small), 00470 * SNMPv3_USM_OK 00471 */ 00472 int get_security_name(const unsigned char *user_name, 00473 const long int user_name_len, 00474 OctetStr &security_name); 00475 00476 /** 00477 * Get the user name from a security name. 00478 * 00479 * @param user_name - Buffer for the userName 00480 * @param user_name_len - Has to be set to the max length of the 00481 * buffer. Is set to the length of the found 00482 * securityName or to 0 if not found. 00483 * @param security_name - 00484 * @param security_name_len - 00485 * 00486 * @return - SNMPv3_USM_ERROR (not initialized, not found, buffer too small), 00487 * SNMPv3_USM_OK 00488 */ 00489 int get_user_name(unsigned char *user_name, 00490 long int *user_name_len, 00491 const unsigned char *security_name, 00492 const long int security_name_len); 00493 00494 00495 /** 00496 * Prepare a key update in the USM. The following procedure is used: To 00497 * prepare the key update, this function adds the neccessary variable 00498 * bindings to the Pdu to do the key update on the target SNMP entity. 00499 * The Pdu has to be sent to the target. If the key update on the target 00500 * is successful, usmCommitKeyUpdate() has to be called to do the local key 00501 * update. On failure usmAbortKeyUpdate() has to be called to free 00502 * temporary ressources. 00503 * 00504 * @param securityName - The name of the user 00505 * @param target - A target to identify the SNMP entity on which the 00506 * key will be updated 00507 * @param newPassword - The new password for the user 00508 * @param pdu - A PDU into which this funktion adds the VBs needed 00509 * to change the keys on the target 00510 * @param type - Indicates how and which key should be chaned: 00511 * possilbe values are: AUTHKEY, PRIVKEY and 00512 * OWNAUTHKEY, OWNPRIVKEY. 00513 * @param status - The return status: SNMPv3_USM_OK or one of the 00514 * error codes 00515 * 00516 * @return - A structure, that is needed to commit/abort the key update. 00517 * If an error occurs, the return value is NULL 00518 */ 00519 struct UsmKeyUpdate* key_update_prepare(const OctetStr& securityName, 00520 SnmpTarget& target, 00521 const OctetStr& newPassword, 00522 Pdu& pdu, int type, 00523 int &status, 00524 const OctetStr& oldpass = "", 00525 const OctetStr& oldengid= "", 00526 const OctetStr& newengid= ""); 00527 00528 /** 00529 * Abort the local key update. 00530 * 00531 * @param uku - The pointer returned by usmPrepareKeyUpdate() 00532 */ 00533 void key_update_abort(struct UsmKeyUpdate *uku); 00534 00535 00536 /** 00537 * Commit the local key update. 00538 * 00539 * @param uku - The pointer returned by usmPrepareKeyUpdate() 00540 * @param update_type - One of USM_KeyUpdate, USM_PasswordKeyUpdate, 00541 * USM_PasswordAllKeyUpdate 00542 * 00543 * @return - SNMPv3_USM_ERROR, SNMPv3_USM_OK 00544 */ 00545 int key_update_commit(struct UsmKeyUpdate *uku, int update_type); 00546 00547 00548 /** 00549 * Get a pointer to the AuthPriv object used by the USM. 00550 * 00551 */ 00552 AuthPriv *get_auth_priv(); 00553 00554 00555 /** 00556 * Return engineBoots and engineTime for a given engineID 00557 * 00558 * @param engine_id - The engineID of the SNMP entity 00559 * @param engine_boots - OUT: boot counter (0 if not found) 00560 * @param engine_time - OUT: engine time (0 if not found) 00561 * 00562 * @return - SNMPv3_USM_ERROR (not initialized), 00563 * SNMPv3_USM_OK (entry found, values are filled) 00564 * SNMPv3_USM_UNKNOWN_ENGINEID ( not found) 00565 */ 00566 int get_time(const OctetStr &engine_id, 00567 long int *engine_boots, long int *engine_time); 00568 00569 00570 00571 /** 00572 * Return engineBoots and engineTime of the local snmp entity 00573 * 00574 * @param engine_boots - OUT: boot counter (0 if not found) 00575 * @param engine_time - OUT: engine time (0 if not found) 00576 * 00577 * @return - SNMPv3_USM_ERROR (not initialized), 00578 * SNMPv3_USM_OK (entry found, values are filled) 00579 */ 00580 int get_local_time(long int *engine_boots, long int *engine_time) const; 00581 00582 00583 /** 00584 * Return the local snmp engine id. 00585 */ 00586 const OctetStr& get_local_engine_id() const { return local_snmp_engine_id; }; 00587 00588 /** 00589 * Get the number of received messages with an unsupported securityLevel 00590 * 00591 * @return - usmStatsUnsupportedSecLevels 00592 */ 00593 unsigned long get_stats_unsupported_sec_levels() const 00594 { return usmStatsUnsupportedSecLevels; }; 00595 00596 /** 00597 * Get the number of received messages outside time window 00598 * 00599 * @return - usmStatsNotInTimeWindows 00600 */ 00601 unsigned long get_stats_not_in_time_windows() const 00602 { return usmStatsNotInTimeWindows; }; 00603 00604 /** 00605 * Get the number of received messages with a unknown userName 00606 * 00607 * @return - usmStatsUnknownUserNames 00608 */ 00609 unsigned long get_stats_unknown_user_names() const 00610 { return usmStatsUnknownUserNames; }; 00611 00612 /** 00613 * Get the number of received messages with a unknown engineID 00614 * 00615 * @return - usmStatsUnknownEngineIDs 00616 */ 00617 unsigned long get_stats_unknown_engine_ids() const 00618 { return usmStatsUnknownEngineIDs; }; 00619 00620 /** 00621 * Get the number of received messages with a wrong digest 00622 * 00623 * @return - usmStatsWrongDigests 00624 */ 00625 unsigned long get_stats_wrong_digests() const 00626 { return usmStatsWrongDigests; }; 00627 00628 /** 00629 * Get the number of received messages with decryption errors 00630 * 00631 * @return - usmStatsDecryptionErrors 00632 */ 00633 unsigned long get_stats_decryption_errors() const 00634 { return usmStatsDecryptionErrors; }; 00635 00636 //@{ 00637 /** 00638 * Increase the stats counter. Should only be used by agent++. 00639 */ 00640 void inc_stats_unsupported_sec_levels(); 00641 void inc_stats_not_in_time_windows(); 00642 void inc_stats_unknown_user_names(); 00643 void inc_stats_unknown_engine_ids(); 00644 void inc_stats_wrong_digests(); 00645 void inc_stats_decryption_errors(); 00646 //@} 00647 00648 00649 /** 00650 * Get a const pointer to the first entry of the UsmUserNameTable. 00651 */ 00652 const UsmUserNameTableEntry *peek_first_user(); 00653 00654 /** 00655 * Get a const pointer to the next entry of the UsmUserNameTable. 00656 */ 00657 const UsmUserNameTableEntry *peek_next_user(const UsmUserNameTableEntry *e); 00658 00659 00660 /** 00661 * Get a const pointer to the first entry of the UsmUserTable. 00662 */ 00663 const UsmUserTableEntry *peek_first_luser(); 00664 00665 /** 00666 * Get a const pointer to the next entry of the UsmUserTable. 00667 */ 00668 const UsmUserTableEntry *peek_next_luser(const UsmUserTableEntry *e); 00669 00670 /** 00671 * for v3MP: 00672 * 00673 * Delete the pointers within the structure and the structure 00674 * itself. 00675 * 00676 * @param ssr - The structure that should be deleted. 00677 */ 00678 void delete_sec_state_reference(struct SecurityStateReference *ssr); 00679 00680 /** 00681 * Protected (for agent++): 00682 * 00683 * Get the user at the specified position of the usmUserTable. 00684 * 00685 * The caller is responsible to delete the entries usmUserEngineID, 00686 * usmUserNamem, usmUserSecurityName of the returned struct and the 00687 * struct. 00688 * 00689 * @param number - get the entry at position number (1...) 00690 * 00691 * @return - a pointer to the structure or NULL if number is out 00692 * of range 00693 */ 00694 struct UsmUserTableEntry *get_user(int number); 00695 00696 /** 00697 * Protected (for agent++): 00698 * 00699 * Get the properties of the specified user. 00700 * 00701 * The caller is responsible to delete the returned struct. 00702 * 00703 * @param security_name - The security name of the user 00704 * 00705 * @return - a pointer to the structure or NULL if number is out 00706 * of range 00707 */ 00708 struct UsmUserNameTableEntry *get_user(const OctetStr &security_name); 00709 00710 /** 00711 * Protected (for agent++): 00712 * 00713 * Get the number of elements in the usmUserTable 00714 * 00715 * @return - number of elements 00716 */ 00717 int get_user_count() const; 00718 00719 00720 /** 00721 * Protected (for agent++) 00722 * 00723 * Register a callback function that is called if a new localized user 00724 * has been added to the usm user table 00725 */ 00726 void add_user_added_callback(const usm_add_user_callback cb); 00727 00728 00729 protected: 00730 00731 /** 00732 * Get a new security state reference (for v3MP). 00733 * 00734 * @return - A newly created security state reference. 00735 */ 00736 struct SecurityStateReference *get_new_sec_state_reference(); 00737 00738 /** 00739 * Generate a complete message that is ready to send to the target. 00740 * 00741 * @param globalData - Buffer containing the serialized globalData, 00742 * ready to be copied into the wholeMsg 00743 * @param globalDataLength - The length of this buffer 00744 * @param maxMessageSize - The maximum message size 00745 * @param securityEngineID - The engineID of the authoritative SNMP entity 00746 * @param securityName - The name of the user 00747 * @param securityLevel - The security Level for this Message 00748 * @param scopedPDU - Buffer containing the serialized scopedPDU, 00749 * ready to be copied into the wholeMsg 00750 * @param scopedPDULength - The length of this Buffer 00751 * @param securityStateReference - The reference that was generated when 00752 * the request was parsed. For request, this 00753 * param has to be NULL. The reference 00754 * is deleted by this function. 00755 * @param wholeMsg - OUT: the buffer for the whole message 00756 * @param wholeMsgLength - IN: lenght of the buffer. 00757 * OUT: length of the generated message 00758 * 00759 * @return - SNMPv3_USM_OK on success. See snmperrs.h for the error codes 00760 * of the USM. 00761 */ 00762 int generate_msg( 00763 unsigned char *globalData, // message header, admin data 00764 int globalDataLength, 00765 int maxMessageSize, // of the sending SNMP entity 00766 const OctetStr &securityEngineID,// authoritative SNMP entity 00767 const OctetStr &securityName, // on behalf of this principal 00768 int securityLevel, // Level of Security requested 00769 unsigned char *scopedPDU, // message (plaintext) payload 00770 int scopedPDULength, 00771 struct SecurityStateReference *securityStateReference, 00772 unsigned char *wholeMsg, // OUT complete generated message 00773 int *wholeMsgLength); // OUT length of generated message 00774 00775 00776 00777 /** 00778 * Parse a received message. 00779 * 00780 * @param maxMessageSize - The maximum message size of the snding 00781 * SNMP entity. 00782 * @param securityParameters - The security parameters as received 00783 * @param securityParametersLength - The length of the security parameters 00784 * @param securityParametersPosition - The position of the security 00785 * parameters in the message 00786 * @param securityLevel - The securityLevel of the message 00787 * @param wholeMsg - The buffer with the whole message 00788 * @param wholeMsgLength - The length of the whole message 00789 * @param msgData - The buffer with the messageData 00790 * @param msgDataLength - The length of the messageData buffer 00791 * @param security_engine_id - OUT: the authoritative engineID 00792 * @param security_name - OUT: the name of the user 00793 * @param scopedPDU - OUT: buffer containing the scopedPDU 00794 * @param scopedPDULength - IN: length of the buffer 00795 * OUT: length of the scopedPDU 00796 * @param maxSizeResponseScopedPDU - OUT: maximum size for a scopedPDU in a 00797 * response message 00798 * @param securityStateReference - OUT: the securityStateReference 00799 * 00800 * @return - SNMPv3_USM_OK on success. See snmperrs.h for the error codes 00801 * of the USM. 00802 */ 00803 int process_msg( 00804 int maxMessageSize, // of the sending SNMP entity 00805 unsigned char *securityParameters, // for the received message 00806 int securityParametersLength, 00807 int securityParametersPosition, 00808 long int securityLevel, // Level of Security 00809 unsigned char *wholeMsg, // as received on the wire 00810 int wholeMsgLength, // length as received on the wire 00811 unsigned char *msgData, 00812 int msgDataLength, 00813 OctetStr &security_engine_id, // authoritative SNMP entity 00814 OctetStr &security_name, //identification of the principal 00815 unsigned char *scopedPDU, // message (plaintext) payload 00816 int *scopedPDULength, 00817 long *maxSizeResponseScopedPDU,// maximum size of the Response PDU 00818 struct SecurityStateReference *securityStateReference 00819 // reference to security state 00820 ); // information, needed for response 00821 00822 private: 00823 00824 /** 00825 * Delete the pointers in the structure and set all values to 0/NULL. 00826 * 00827 * @param usp - The structure that should be deleted 00828 */ 00829 void delete_sec_parameters( struct UsmSecurityParameters *usp); 00830 00831 00832 /** 00833 * Serialize the given values into the buffer according to the BER. 00834 * 00835 * UsmSecurityParameters ::= 00836 * SEQUENCE { 00837 * -- global User-based security parameters 00838 * msgAuthoritativeEngineID OCTET STRING (5..32) 00839 * msgAuthoritativeEngineBoots INTEGER (0..2147483647), 00840 * msgAuthoritativeEngineTime INTEGER (0..2147483647), 00841 * msgUserName OCTET STRING (SIZE(0..32)), 00842 * -- authentication protocol specific parameters 00843 * msgAuthenticationParameters OCTET STRING, 00844 * -- privacy protocol specific parameters 00845 * msgPrivacyParameters OCTET STRING 00846 * } 00847 * 00848 * @param outBuf - buffer for the serialized values 00849 * @param maxLength - before call: length of the buffer 00850 * after call: bytes left in the buffer 00851 * @param sp - the values to serialize 00852 * @param position - after call: points to the first byte of the 00853 * field for the authentication parameter 00854 * 00855 * @return - a pointer to the first free byte in the buffer, 00856 * NULL on error 00857 */ 00858 unsigned char *build_sec_params(unsigned char *outBuf, int *maxLength, 00859 struct UsmSecurityParameters sp, 00860 int *position); 00861 00862 /** 00863 * Serialize the given values acording to the BER into the 00864 * buffer. On success, the buffer contains a valid SNMPv3 message. 00865 * 00866 * @param outBuf - buffer for the serialized values 00867 * @param maxLength - before call: length of the buffer 00868 * after call: bytes left in the buffer 00869 * @param globalData - Buffer that contains the serialized globalData 00870 * @param globalDataLength - The length of this buffer 00871 * @param positionAuthPar - after call: points to the first byte of the 00872 * field for the authentication parameter 00873 * @param securityParameters - The security parameters 00874 * @param msgData - Buffer that contains the serialized msgData 00875 * @param msgDataLength - The length of this buffer 00876 * 00877 * @return - a pointer to the first free byte in the buffer, 00878 * NULL on error 00879 */ 00880 unsigned char *build_whole_msg( 00881 unsigned char *outBuf, int *maxLength, 00882 unsigned char *globalData, long int globalDataLength, 00883 int *positionAuthPar, 00884 struct UsmSecurityParameters securityParameters, 00885 unsigned char *msgData, long int msgDataLength); 00886 00887 00888 /** 00889 * Delete the pointers in the structure 00890 * 00891 * @param user - The structure that should be deleted 00892 */ 00893 inline void delete_user_ptr(struct UsmUser *user); 00894 00895 00896 private: 00897 00898 OctetStr local_snmp_engine_id; ///< local snmp engine id 00899 const v3MP *v3mp; ///< Pointer to the v3MP that created this object 00900 00901 // 0: don't accept messages from hosts with a unknown engine id 00902 int discovery_mode; 00903 00904 // MIB Counters 00905 unsigned int usmStatsUnsupportedSecLevels; 00906 unsigned int usmStatsNotInTimeWindows; 00907 unsigned int usmStatsUnknownUserNames; 00908 unsigned int usmStatsUnknownEngineIDs; 00909 unsigned int usmStatsWrongDigests; 00910 unsigned int usmStatsDecryptionErrors; 00911 00912 // the instance of AuthPriv 00913 AuthPriv *auth_priv; 00914 00915 // this table contains time values of contacted snmp entities 00916 USMTimeTable *usm_time_table; 00917 00918 // Users that are known but not localized to a engine ID 00919 USMUserNameTable *usm_user_name_table; 00920 00921 // Table containing localized Users ready to use 00922 USMUserTable *usm_user_table; 00923 00924 // Callback for agent++ to indicate new users in usm tables 00925 usm_add_user_callback usm_add_user_cb; 00926 00927 }; 00928 00929 00930 // only for compatibility do not use these values and functions: 00931 // ============================================================= 00932 00933 #define SecurityLevel_noAuthNoPriv SNMP_SECURITY_LEVEL_NOAUTH_NOPRIV 00934 #define SecurityLevel_authNoPriv SNMP_SECURITY_LEVEL_AUTH_NOPRIV 00935 #define SecurityLevel_authPriv SNMP_SECURITY_LEVEL_AUTH_PRIV 00936 00937 #define SNMPv3_usmNoAuthProtocol SNMP_AUTHPROTOCOL_NONE 00938 #define SNMPv3_usmHMACMD5AuthProtocol SNMP_AUTHPROTOCOL_HMACMD5 00939 #define SNMPv3_usmHMACSHAAuthProtocol SNMP_AUTHPROTOCOL_HMACSHA 00940 00941 #define SNMPv3_usmNoPrivProtocol SNMP_PRIVPROTOCOL_NONE 00942 #define SNMPv3_usmDESPrivProtocol SNMP_PRIVPROTOCOL_DES 00943 #define SNMPv3_usmIDEAPrivProtocol SNMP_PRIVPROTOCOL_IDEA 00944 #define SNMPv3_usmAES128PrivProtocol SNMP_PRIVPROTOCOL_AES128 00945 #define SNMPv3_usmAES192PrivProtocol SNMP_PRIVPROTOCOL_AES192 00946 #define SNMPv3_usmAES256PrivProtocol SNMP_PRIVPROTOCOL_AES256 00947 00948 #ifdef SNMP_PP_NAMESPACE 00949 }; // end of namespace Snmp_pp 00950 #endif 00951 00952 #endif // _SNMPv3 00953 00954 #endif
1.3.2