00001 #ifndef SNMPSECMOD_H 00002 #define SNMPSECMOD_H 00003 00004 #ifdef __cplusplus 00005 extern "C" { 00006 #endif 00007 00008 #include <net-snmp/library/snmp_transport.h> 00009 00010 /* Locally defined security models. 00011 * (Net-SNMP enterprise number = 8072)*256 + local_num 00012 */ 00013 #define NETSNMP_KSM_SECURITY_MODEL 2066432 00014 #define NETSNMP_LOCALSM_SECURITY_MODEL 2066433 00015 00016 struct snmp_secmod_def; 00017 00018 /* 00019 * parameter information passed to security model routines 00020 */ 00021 struct snmp_secmod_outgoing_params { 00022 int msgProcModel; 00023 u_char *globalData; 00024 size_t globalDataLen; 00025 int maxMsgSize; 00026 int secModel; 00027 u_char *secEngineID; 00028 size_t secEngineIDLen; 00029 char *secName; 00030 size_t secNameLen; 00031 int secLevel; 00032 u_char *scopedPdu; 00033 size_t scopedPduLen; 00034 void *secStateRef; 00035 u_char *secParams; 00036 size_t *secParamsLen; 00037 u_char **wholeMsg; 00038 size_t *wholeMsgLen; 00039 size_t *wholeMsgOffset; 00040 netsnmp_pdu *pdu; /* IN - the pdu getting encoded */ 00041 netsnmp_session *session; /* IN - session sending the message */ 00042 }; 00043 00044 struct snmp_secmod_incoming_params { 00045 int msgProcModel; /* IN */ 00046 size_t maxMsgSize; /* IN - Used to calc maxSizeResponse. */ 00047 00048 u_char *secParams; /* IN - BER encoded securityParameters. */ 00049 int secModel; /* IN */ 00050 int secLevel; /* IN - AuthNoPriv; authPriv etc. */ 00051 00052 u_char *wholeMsg; /* IN - Original v3 message. */ 00053 size_t wholeMsgLen; /* IN - Msg length. */ 00054 00055 u_char *secEngineID; /* OUT - Pointer snmpEngineID. */ 00056 size_t *secEngineIDLen; /* IN/OUT - Len available; len returned. */ 00057 /* 00058 * NOTE: Memory provided by caller. 00059 */ 00060 00061 char *secName; /* OUT - Pointer to securityName. */ 00062 size_t *secNameLen; /* IN/OUT - Len available; len returned. */ 00063 00064 u_char **scopedPdu; /* OUT - Pointer to plaintext scopedPdu. */ 00065 size_t *scopedPduLen; /* IN/OUT - Len available; len returned. */ 00066 00067 size_t *maxSizeResponse; /* OUT - Max size of Response PDU. */ 00068 void **secStateRef; /* OUT - Ref to security state. */ 00069 netsnmp_session *sess; /* IN - session which got the message */ 00070 netsnmp_pdu *pdu; /* IN - the pdu getting parsed */ 00071 u_char msg_flags; /* IN - v3 Message flags. */ 00072 }; 00073 00074 00075 /* 00076 * function pointers: 00077 */ 00078 00079 /* 00080 * free's a given security module's data; called at unregistration time 00081 */ 00082 typedef int (SecmodSessionCallback) (netsnmp_session *); 00083 typedef int (SecmodPduCallback) (netsnmp_pdu *); 00084 typedef int (Secmod2PduCallback) (netsnmp_pdu *, netsnmp_pdu *); 00085 typedef int (SecmodOutMsg) (struct snmp_secmod_outgoing_params *); 00086 typedef int (SecmodInMsg) (struct snmp_secmod_incoming_params *); 00087 typedef void (SecmodFreeState) (void *); 00088 typedef void (SecmodHandleReport) (void *sessp, 00089 netsnmp_transport *transport, 00090 netsnmp_session *, 00091 int result, 00092 netsnmp_pdu *origpdu); 00093 00094 /* 00095 * definition of a security module 00096 */ 00097 00098 /* 00099 * all of these callback functions except the encoding and decoding 00100 * routines are optional. The rest of them are available if need. 00101 */ 00102 struct snmp_secmod_def { 00103 /* 00104 * session maniplation functions 00105 */ 00106 SecmodSessionCallback *session_open; /* called in snmp_sess_open() */ 00107 SecmodSessionCallback *session_close; /* called in snmp_sess_close() */ 00108 00109 /* 00110 * pdu manipulation routines 00111 */ 00112 SecmodPduCallback *pdu_free; /* called in free_pdu() */ 00113 Secmod2PduCallback *pdu_clone; /* called in snmp_clone_pdu() */ 00114 SecmodPduCallback *pdu_timeout; /* called when request timesout */ 00115 SecmodFreeState *pdu_free_state_ref; /* frees pdu->securityStateRef */ 00116 00117 /* 00118 * de/encoding routines: mandatory 00119 */ 00120 SecmodOutMsg *encode_reverse; /* encode packet back to front */ 00121 SecmodOutMsg *encode_forward; /* encode packet forward */ 00122 SecmodInMsg *decode; /* decode & validate incoming */ 00123 00124 /* 00125 * error and report handling 00126 */ 00127 SecmodHandleReport *handle_report; 00128 }; 00129 00130 00131 /* 00132 * internal list 00133 */ 00134 struct snmp_secmod_list { 00135 int securityModel; 00136 struct snmp_secmod_def *secDef; 00137 struct snmp_secmod_list *next; 00138 }; 00139 00140 00141 /* 00142 * register a security service 00143 */ 00144 int register_sec_mod(int, const char *, 00145 struct snmp_secmod_def *); 00146 /* 00147 * find a security service definition 00148 */ 00149 struct snmp_secmod_def *find_sec_mod(int); 00150 /* 00151 * register a security service 00152 */ 00153 int unregister_sec_mod(int); /* register a security service */ 00154 void init_secmod(void); 00155 00156 /* 00157 * clears the sec_mod list 00158 */ 00159 void clear_sec_mod(void); 00160 00161 #ifdef __cplusplus 00162 } 00163 #endif 00164 #endif /* SNMPSECMOD_H */