[457] | 1 | /**
|
---|
| 2 | * @file
|
---|
| 3 | * SNMP message processing (RFC1157).
|
---|
| 4 | */
|
---|
| 5 |
|
---|
| 6 | /*
|
---|
| 7 | * Copyright (c) 2006 Axon Digital Design B.V., The Netherlands.
|
---|
| 8 | * Copyright (c) 2016 Elias Oenal.
|
---|
| 9 | * All rights reserved.
|
---|
| 10 | *
|
---|
| 11 | * Redistribution and use in source and binary forms, with or without modification,
|
---|
| 12 | * are permitted provided that the following conditions are met:
|
---|
| 13 | *
|
---|
| 14 | * 1. Redistributions of source code must retain the above copyright notice,
|
---|
| 15 | * this list of conditions and the following disclaimer.
|
---|
| 16 | * 2. Redistributions in binary form must reproduce the above copyright notice,
|
---|
| 17 | * this list of conditions and the following disclaimer in the documentation
|
---|
| 18 | * and/or other materials provided with the distribution.
|
---|
| 19 | * 3. The name of the author may not be used to endorse or promote products
|
---|
| 20 | * derived from this software without specific prior written permission.
|
---|
| 21 | *
|
---|
| 22 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
---|
| 23 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
---|
| 24 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
|
---|
| 25 | * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
---|
| 26 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
|
---|
| 27 | * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
---|
| 28 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
---|
| 29 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
---|
| 30 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
|
---|
| 31 | * OF SUCH DAMAGE.
|
---|
| 32 | *
|
---|
| 33 | * Author: Christiaan Simons <christiaan.simons@axon.tv>
|
---|
| 34 | * Martin Hentschel <info@cl-soft.de>
|
---|
| 35 | * Elias Oenal <lwip@eliasoenal.com>
|
---|
| 36 | */
|
---|
| 37 |
|
---|
| 38 | #include "lwip/apps/snmp_opts.h"
|
---|
| 39 |
|
---|
| 40 | #if LWIP_SNMP /* don't build if not configured for use in lwipopts.h */
|
---|
| 41 |
|
---|
| 42 | #include "snmp_msg.h"
|
---|
| 43 | #include "snmp_asn1.h"
|
---|
| 44 | #include "snmp_core_priv.h"
|
---|
| 45 | #include "lwip/ip_addr.h"
|
---|
| 46 | #include "lwip/stats.h"
|
---|
| 47 |
|
---|
| 48 | #if LWIP_SNMP_V3
|
---|
| 49 | #include "lwip/apps/snmpv3.h"
|
---|
| 50 | #include "snmpv3_priv.h"
|
---|
| 51 | #ifdef LWIP_HOOK_FILENAME
|
---|
| 52 | #include LWIP_HOOK_FILENAME
|
---|
| 53 | #endif
|
---|
| 54 | #endif
|
---|
| 55 |
|
---|
| 56 | #include <string.h>
|
---|
| 57 |
|
---|
| 58 | #define SNMP_V3_AUTH_FLAG 0x01
|
---|
| 59 | #define SNMP_V3_PRIV_FLAG 0x02
|
---|
| 60 |
|
---|
| 61 | /* Security levels */
|
---|
| 62 | #define SNMP_V3_NOAUTHNOPRIV 0x00
|
---|
| 63 | #define SNMP_V3_AUTHNOPRIV SNMP_V3_AUTH_FLAG
|
---|
| 64 | #define SNMP_V3_AUTHPRIV (SNMP_V3_AUTH_FLAG | SNMP_V3_PRIV_FLAG)
|
---|
| 65 |
|
---|
| 66 | /* public (non-static) constants */
|
---|
| 67 | /** SNMP community string */
|
---|
| 68 | const char *snmp_community = SNMP_COMMUNITY;
|
---|
| 69 | /** SNMP community string for write access */
|
---|
| 70 | const char *snmp_community_write = SNMP_COMMUNITY_WRITE;
|
---|
| 71 | /** SNMP community string for sending traps */
|
---|
| 72 | const char *snmp_community_trap = SNMP_COMMUNITY_TRAP;
|
---|
| 73 |
|
---|
| 74 | snmp_write_callback_fct snmp_write_callback = NULL;
|
---|
| 75 | void *snmp_write_callback_arg = NULL;
|
---|
| 76 |
|
---|
| 77 | #if LWIP_SNMP_CONFIGURE_VERSIONS
|
---|
| 78 |
|
---|
| 79 | static u8_t v1_enabled = 1;
|
---|
| 80 | static u8_t v2c_enabled = 1;
|
---|
| 81 | static u8_t v3_enabled = 1;
|
---|
| 82 |
|
---|
| 83 | static u8_t
|
---|
| 84 | snmp_version_enabled(u8_t version)
|
---|
| 85 | {
|
---|
| 86 | if (version == SNMP_VERSION_1) {
|
---|
| 87 | return v1_enabled;
|
---|
| 88 | } else if (version == SNMP_VERSION_2c) {
|
---|
| 89 | return v2c_enabled;
|
---|
| 90 | }
|
---|
| 91 | #if LWIP_SNMP_V3
|
---|
| 92 | else if (version == SNMP_VERSION_3) {
|
---|
| 93 | return v3_enabled;
|
---|
| 94 | }
|
---|
| 95 | #endif
|
---|
| 96 | else {
|
---|
| 97 | LWIP_ASSERT("Invalid SNMP version", 0);
|
---|
| 98 | return 0;
|
---|
| 99 | }
|
---|
| 100 | }
|
---|
| 101 |
|
---|
| 102 | u8_t
|
---|
| 103 | snmp_v1_enabled(void)
|
---|
| 104 | {
|
---|
| 105 | return snmp_version_enabled(SNMP_VERSION_1);
|
---|
| 106 | }
|
---|
| 107 |
|
---|
| 108 | u8_t
|
---|
| 109 | snmp_v2c_enabled(void)
|
---|
| 110 | {
|
---|
| 111 | return snmp_version_enabled(SNMP_VERSION_2c);
|
---|
| 112 | }
|
---|
| 113 |
|
---|
| 114 | u8_t
|
---|
| 115 | snmp_v3_enabled(void)
|
---|
| 116 | {
|
---|
| 117 | return snmp_version_enabled(SNMP_VERSION_3);
|
---|
| 118 | }
|
---|
| 119 |
|
---|
| 120 | static void
|
---|
| 121 | snmp_version_enable(u8_t version, u8_t enable)
|
---|
| 122 | {
|
---|
| 123 | if (version == SNMP_VERSION_1) {
|
---|
| 124 | v1_enabled = enable;
|
---|
| 125 | } else if (version == SNMP_VERSION_2c) {
|
---|
| 126 | v2c_enabled = enable;
|
---|
| 127 | }
|
---|
| 128 | #if LWIP_SNMP_V3
|
---|
| 129 | else if (version == SNMP_VERSION_3) {
|
---|
| 130 | v3_enabled = enable;
|
---|
| 131 | }
|
---|
| 132 | #endif
|
---|
| 133 | else {
|
---|
| 134 | LWIP_ASSERT("Invalid SNMP version", 0);
|
---|
| 135 | }
|
---|
| 136 | }
|
---|
| 137 |
|
---|
| 138 | void
|
---|
| 139 | snmp_v1_enable(u8_t enable)
|
---|
| 140 | {
|
---|
| 141 | snmp_version_enable(SNMP_VERSION_1, enable);
|
---|
| 142 | }
|
---|
| 143 |
|
---|
| 144 | void
|
---|
| 145 | snmp_v2c_enable(u8_t enable)
|
---|
| 146 | {
|
---|
| 147 | snmp_version_enable(SNMP_VERSION_2c, enable);
|
---|
| 148 | }
|
---|
| 149 |
|
---|
| 150 | void
|
---|
| 151 | snmp_v3_enable(u8_t enable)
|
---|
| 152 | {
|
---|
| 153 | snmp_version_enable(SNMP_VERSION_3, enable);
|
---|
| 154 | }
|
---|
| 155 |
|
---|
| 156 | #endif
|
---|
| 157 |
|
---|
| 158 | /**
|
---|
| 159 | * @ingroup snmp_core
|
---|
| 160 | * Returns current SNMP community string.
|
---|
| 161 | * @return current SNMP community string
|
---|
| 162 | */
|
---|
| 163 | const char *
|
---|
| 164 | snmp_get_community(void)
|
---|
| 165 | {
|
---|
| 166 | return snmp_community;
|
---|
| 167 | }
|
---|
| 168 |
|
---|
| 169 | /**
|
---|
| 170 | * @ingroup snmp_core
|
---|
| 171 | * Sets SNMP community string.
|
---|
| 172 | * The string itself (its storage) must be valid throughout the whole life of
|
---|
| 173 | * program (or until it is changed to sth else).
|
---|
| 174 | *
|
---|
| 175 | * @param community is a pointer to new community string
|
---|
| 176 | */
|
---|
| 177 | void
|
---|
| 178 | snmp_set_community(const char *const community)
|
---|
| 179 | {
|
---|
| 180 | LWIP_ASSERT_CORE_LOCKED();
|
---|
| 181 | LWIP_ASSERT("community string is too long!", strlen(community) <= SNMP_MAX_COMMUNITY_STR_LEN);
|
---|
| 182 | snmp_community = community;
|
---|
| 183 | }
|
---|
| 184 |
|
---|
| 185 | /**
|
---|
| 186 | * @ingroup snmp_core
|
---|
| 187 | * Returns current SNMP write-access community string.
|
---|
| 188 | * @return current SNMP write-access community string
|
---|
| 189 | */
|
---|
| 190 | const char *
|
---|
| 191 | snmp_get_community_write(void)
|
---|
| 192 | {
|
---|
| 193 | return snmp_community_write;
|
---|
| 194 | }
|
---|
| 195 |
|
---|
| 196 | /**
|
---|
| 197 | * @ingroup snmp_traps
|
---|
| 198 | * Returns current SNMP community string used for sending traps.
|
---|
| 199 | * @return current SNMP community string used for sending traps
|
---|
| 200 | */
|
---|
| 201 | const char *
|
---|
| 202 | snmp_get_community_trap(void)
|
---|
| 203 | {
|
---|
| 204 | return snmp_community_trap;
|
---|
| 205 | }
|
---|
| 206 |
|
---|
| 207 | /**
|
---|
| 208 | * @ingroup snmp_core
|
---|
| 209 | * Sets SNMP community string for write-access.
|
---|
| 210 | * The string itself (its storage) must be valid throughout the whole life of
|
---|
| 211 | * program (or until it is changed to sth else).
|
---|
| 212 | *
|
---|
| 213 | * @param community is a pointer to new write-access community string
|
---|
| 214 | */
|
---|
| 215 | void
|
---|
| 216 | snmp_set_community_write(const char *const community)
|
---|
| 217 | {
|
---|
| 218 | LWIP_ASSERT_CORE_LOCKED();
|
---|
| 219 | LWIP_ASSERT("community string must not be NULL", community != NULL);
|
---|
| 220 | LWIP_ASSERT("community string is too long!", strlen(community) <= SNMP_MAX_COMMUNITY_STR_LEN);
|
---|
| 221 | snmp_community_write = community;
|
---|
| 222 | }
|
---|
| 223 |
|
---|
| 224 | /**
|
---|
| 225 | * @ingroup snmp_traps
|
---|
| 226 | * Sets SNMP community string used for sending traps.
|
---|
| 227 | * The string itself (its storage) must be valid throughout the whole life of
|
---|
| 228 | * program (or until it is changed to sth else).
|
---|
| 229 | *
|
---|
| 230 | * @param community is a pointer to new trap community string
|
---|
| 231 | */
|
---|
| 232 | void
|
---|
| 233 | snmp_set_community_trap(const char *const community)
|
---|
| 234 | {
|
---|
| 235 | LWIP_ASSERT_CORE_LOCKED();
|
---|
| 236 | LWIP_ASSERT("community string is too long!", strlen(community) <= SNMP_MAX_COMMUNITY_STR_LEN);
|
---|
| 237 | snmp_community_trap = community;
|
---|
| 238 | }
|
---|
| 239 |
|
---|
| 240 | /**
|
---|
| 241 | * @ingroup snmp_core
|
---|
| 242 | * Callback fired on every successful write access
|
---|
| 243 | */
|
---|
| 244 | void
|
---|
| 245 | snmp_set_write_callback(snmp_write_callback_fct write_callback, void *callback_arg)
|
---|
| 246 | {
|
---|
| 247 | LWIP_ASSERT_CORE_LOCKED();
|
---|
| 248 | snmp_write_callback = write_callback;
|
---|
| 249 | snmp_write_callback_arg = callback_arg;
|
---|
| 250 | }
|
---|
| 251 |
|
---|
| 252 | /* ----------------------------------------------------------------------- */
|
---|
| 253 | /* forward declarations */
|
---|
| 254 | /* ----------------------------------------------------------------------- */
|
---|
| 255 |
|
---|
| 256 | static err_t snmp_process_get_request(struct snmp_request *request);
|
---|
| 257 | static err_t snmp_process_getnext_request(struct snmp_request *request);
|
---|
| 258 | static err_t snmp_process_getbulk_request(struct snmp_request *request);
|
---|
| 259 | static err_t snmp_process_set_request(struct snmp_request *request);
|
---|
| 260 |
|
---|
| 261 | static err_t snmp_parse_inbound_frame(struct snmp_request *request);
|
---|
| 262 | static err_t snmp_prepare_outbound_frame(struct snmp_request *request);
|
---|
| 263 | static err_t snmp_complete_outbound_frame(struct snmp_request *request);
|
---|
| 264 | static void snmp_execute_write_callbacks(struct snmp_request *request);
|
---|
| 265 |
|
---|
| 266 |
|
---|
| 267 | /* ----------------------------------------------------------------------- */
|
---|
| 268 | /* implementation */
|
---|
| 269 | /* ----------------------------------------------------------------------- */
|
---|
| 270 |
|
---|
| 271 | void
|
---|
| 272 | snmp_receive(void *handle, struct pbuf *p, const ip_addr_t *source_ip, u16_t port)
|
---|
| 273 | {
|
---|
| 274 | err_t err;
|
---|
| 275 | struct snmp_request request;
|
---|
| 276 |
|
---|
| 277 | memset(&request, 0, sizeof(request));
|
---|
| 278 | request.handle = handle;
|
---|
| 279 | request.source_ip = source_ip;
|
---|
| 280 | request.source_port = port;
|
---|
| 281 | request.inbound_pbuf = p;
|
---|
| 282 |
|
---|
| 283 | snmp_stats.inpkts++;
|
---|
| 284 |
|
---|
| 285 | err = snmp_parse_inbound_frame(&request);
|
---|
| 286 | if (err == ERR_OK) {
|
---|
| 287 | err = snmp_prepare_outbound_frame(&request);
|
---|
| 288 | if (err == ERR_OK) {
|
---|
| 289 |
|
---|
| 290 | if (request.error_status == SNMP_ERR_NOERROR) {
|
---|
| 291 | /* only process frame if we do not already have an error to return (e.g. all readonly) */
|
---|
| 292 | if (request.request_type == SNMP_ASN1_CONTEXT_PDU_GET_REQ) {
|
---|
| 293 | err = snmp_process_get_request(&request);
|
---|
| 294 | } else if (request.request_type == SNMP_ASN1_CONTEXT_PDU_GET_NEXT_REQ) {
|
---|
| 295 | err = snmp_process_getnext_request(&request);
|
---|
| 296 | } else if (request.request_type == SNMP_ASN1_CONTEXT_PDU_GET_BULK_REQ) {
|
---|
| 297 | err = snmp_process_getbulk_request(&request);
|
---|
| 298 | } else if (request.request_type == SNMP_ASN1_CONTEXT_PDU_SET_REQ) {
|
---|
| 299 | err = snmp_process_set_request(&request);
|
---|
| 300 | }
|
---|
| 301 | }
|
---|
| 302 | #if LWIP_SNMP_V3
|
---|
| 303 | else {
|
---|
| 304 | struct snmp_varbind vb;
|
---|
| 305 |
|
---|
| 306 | vb.next = NULL;
|
---|
| 307 | vb.prev = NULL;
|
---|
| 308 | vb.type = SNMP_ASN1_TYPE_COUNTER32;
|
---|
| 309 | vb.value_len = sizeof(u32_t);
|
---|
| 310 |
|
---|
| 311 | switch (request.error_status) {
|
---|
| 312 | case SNMP_ERR_AUTHORIZATIONERROR: {
|
---|
| 313 | static const u32_t oid[] = { 1, 3, 6, 1, 6, 3, 15, 1, 1, 5, 0 };
|
---|
| 314 | snmp_oid_assign(&vb.oid, oid, LWIP_ARRAYSIZE(oid));
|
---|
| 315 | vb.value = &snmp_stats.wrongdigests;
|
---|
| 316 | }
|
---|
| 317 | break;
|
---|
| 318 | case SNMP_ERR_UNKNOWN_ENGINEID: {
|
---|
| 319 | static const u32_t oid[] = { 1, 3, 6, 1, 6, 3, 15, 1, 1, 4, 0 };
|
---|
| 320 | snmp_oid_assign(&vb.oid, oid, LWIP_ARRAYSIZE(oid));
|
---|
| 321 | vb.value = &snmp_stats.unknownengineids;
|
---|
| 322 | }
|
---|
| 323 | break;
|
---|
| 324 | case SNMP_ERR_UNKNOWN_SECURITYNAME: {
|
---|
| 325 | static const u32_t oid[] = { 1, 3, 6, 1, 6, 3, 15, 1, 1, 3, 0 };
|
---|
| 326 | snmp_oid_assign(&vb.oid, oid, LWIP_ARRAYSIZE(oid));
|
---|
| 327 | vb.value = &snmp_stats.unknownusernames;
|
---|
| 328 | }
|
---|
| 329 | break;
|
---|
| 330 | case SNMP_ERR_UNSUPPORTED_SECLEVEL: {
|
---|
| 331 | static const u32_t oid[] = { 1, 3, 6, 1, 6, 3, 15, 1, 1, 1, 0 };
|
---|
| 332 | snmp_oid_assign(&vb.oid, oid, LWIP_ARRAYSIZE(oid));
|
---|
| 333 | vb.value = &snmp_stats.unsupportedseclevels;
|
---|
| 334 | }
|
---|
| 335 | break;
|
---|
| 336 | case SNMP_ERR_NOTINTIMEWINDOW: {
|
---|
| 337 | static const u32_t oid[] = { 1, 3, 6, 1, 6, 3, 15, 1, 1, 2, 0 };
|
---|
| 338 | snmp_oid_assign(&vb.oid, oid, LWIP_ARRAYSIZE(oid));
|
---|
| 339 | vb.value = &snmp_stats.notintimewindows;
|
---|
| 340 | }
|
---|
| 341 | break;
|
---|
| 342 | case SNMP_ERR_DECRYIPTION_ERROR: {
|
---|
| 343 | static const u32_t oid[] = { 1, 3, 6, 1, 6, 3, 15, 1, 1, 6, 0 };
|
---|
| 344 | snmp_oid_assign(&vb.oid, oid, LWIP_ARRAYSIZE(oid));
|
---|
| 345 | vb.value = &snmp_stats.decryptionerrors;
|
---|
| 346 | }
|
---|
| 347 | break;
|
---|
| 348 | default:
|
---|
| 349 | /* Unknown or unhandled error_status */
|
---|
| 350 | err = ERR_ARG;
|
---|
| 351 | }
|
---|
| 352 |
|
---|
| 353 | if (err == ERR_OK) {
|
---|
| 354 | snmp_append_outbound_varbind(&(request.outbound_pbuf_stream), &vb);
|
---|
| 355 | request.error_status = SNMP_ERR_NOERROR;
|
---|
| 356 | }
|
---|
| 357 |
|
---|
| 358 | request.request_out_type = (SNMP_ASN1_CLASS_CONTEXT | SNMP_ASN1_CONTENTTYPE_CONSTRUCTED | SNMP_ASN1_CONTEXT_PDU_REPORT);
|
---|
| 359 | request.request_id = request.msg_id;
|
---|
| 360 | }
|
---|
| 361 | #endif
|
---|
| 362 |
|
---|
| 363 | if (err == ERR_OK) {
|
---|
| 364 | err = snmp_complete_outbound_frame(&request);
|
---|
| 365 |
|
---|
| 366 | if (err == ERR_OK) {
|
---|
| 367 | err = snmp_sendto(request.handle, request.outbound_pbuf, request.source_ip, request.source_port);
|
---|
| 368 |
|
---|
| 369 | if ((request.request_type == SNMP_ASN1_CONTEXT_PDU_SET_REQ)
|
---|
| 370 | && (request.error_status == SNMP_ERR_NOERROR)
|
---|
| 371 | && (snmp_write_callback != NULL)) {
|
---|
| 372 | /* raise write notification for all written objects */
|
---|
| 373 | snmp_execute_write_callbacks(&request);
|
---|
| 374 | }
|
---|
| 375 | }
|
---|
| 376 | }
|
---|
| 377 | }
|
---|
| 378 |
|
---|
| 379 | if (request.outbound_pbuf != NULL) {
|
---|
| 380 | pbuf_free(request.outbound_pbuf);
|
---|
| 381 | }
|
---|
| 382 | }
|
---|
| 383 | }
|
---|
| 384 |
|
---|
| 385 | static u8_t
|
---|
| 386 | snmp_msg_getnext_validate_node_inst(struct snmp_node_instance *node_instance, void *validate_arg)
|
---|
| 387 | {
|
---|
| 388 | if (((node_instance->access & SNMP_NODE_INSTANCE_ACCESS_READ) != SNMP_NODE_INSTANCE_ACCESS_READ) || (node_instance->get_value == NULL)) {
|
---|
| 389 | return SNMP_ERR_NOSUCHINSTANCE;
|
---|
| 390 | }
|
---|
| 391 |
|
---|
| 392 | #if LWIP_HAVE_INT64
|
---|
| 393 | if ((node_instance->asn1_type == SNMP_ASN1_TYPE_COUNTER64) && (((struct snmp_request *)validate_arg)->version == SNMP_VERSION_1)) {
|
---|
| 394 | /* according to RFC 2089 skip Counter64 objects in GetNext requests from v1 clients */
|
---|
| 395 | return SNMP_ERR_NOSUCHINSTANCE;
|
---|
| 396 | }
|
---|
| 397 | #endif
|
---|
| 398 |
|
---|
| 399 | return SNMP_ERR_NOERROR;
|
---|
| 400 | }
|
---|
| 401 |
|
---|
| 402 | static void
|
---|
| 403 | snmp_process_varbind(struct snmp_request *request, struct snmp_varbind *vb, u8_t get_next)
|
---|
| 404 | {
|
---|
| 405 | err_t err;
|
---|
| 406 | struct snmp_node_instance node_instance;
|
---|
| 407 | memset(&node_instance, 0, sizeof(node_instance));
|
---|
| 408 |
|
---|
| 409 | if (get_next) {
|
---|
| 410 | struct snmp_obj_id result_oid;
|
---|
| 411 | request->error_status = snmp_get_next_node_instance_from_oid(vb->oid.id, vb->oid.len, snmp_msg_getnext_validate_node_inst, request, &result_oid, &node_instance);
|
---|
| 412 |
|
---|
| 413 | if (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 414 | snmp_oid_assign(&vb->oid, result_oid.id, result_oid.len);
|
---|
| 415 | }
|
---|
| 416 | } else {
|
---|
| 417 | request->error_status = snmp_get_node_instance_from_oid(vb->oid.id, vb->oid.len, &node_instance);
|
---|
| 418 |
|
---|
| 419 | if (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 420 | /* use 'getnext_validate' method for validation to avoid code duplication (some checks have to be executed here) */
|
---|
| 421 | request->error_status = snmp_msg_getnext_validate_node_inst(&node_instance, request);
|
---|
| 422 |
|
---|
| 423 | if (request->error_status != SNMP_ERR_NOERROR) {
|
---|
| 424 | if (node_instance.release_instance != NULL) {
|
---|
| 425 | node_instance.release_instance(&node_instance);
|
---|
| 426 | }
|
---|
| 427 | }
|
---|
| 428 | }
|
---|
| 429 | }
|
---|
| 430 |
|
---|
| 431 | if (request->error_status != SNMP_ERR_NOERROR) {
|
---|
| 432 | if (request->error_status >= SNMP_VARBIND_EXCEPTION_OFFSET) {
|
---|
| 433 | if ((request->version == SNMP_VERSION_2c) || request->version == SNMP_VERSION_3) {
|
---|
| 434 | /* in SNMP v2c a varbind related exception is stored in varbind and not in frame header */
|
---|
| 435 | vb->type = (SNMP_ASN1_CONTENTTYPE_PRIMITIVE | SNMP_ASN1_CLASS_CONTEXT | (request->error_status & SNMP_VARBIND_EXCEPTION_MASK));
|
---|
| 436 | vb->value_len = 0;
|
---|
| 437 |
|
---|
| 438 | err = snmp_append_outbound_varbind(&(request->outbound_pbuf_stream), vb);
|
---|
| 439 | if (err == ERR_OK) {
|
---|
| 440 | /* we stored the exception in varbind -> go on */
|
---|
| 441 | request->error_status = SNMP_ERR_NOERROR;
|
---|
| 442 | } else if (err == ERR_BUF) {
|
---|
| 443 | request->error_status = SNMP_ERR_TOOBIG;
|
---|
| 444 | } else {
|
---|
| 445 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 446 | }
|
---|
| 447 | }
|
---|
| 448 | } else {
|
---|
| 449 | /* according to RFC 1157/1905, all other errors only return genError */
|
---|
| 450 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 451 | }
|
---|
| 452 | } else {
|
---|
| 453 | s16_t len = node_instance.get_value(&node_instance, vb->value);
|
---|
| 454 |
|
---|
| 455 | if (len >= 0) {
|
---|
| 456 | vb->value_len = (u16_t)len; /* cast is OK because we checked >= 0 above */
|
---|
| 457 | vb->type = node_instance.asn1_type;
|
---|
| 458 |
|
---|
| 459 | LWIP_ASSERT("SNMP_MAX_VALUE_SIZE is configured too low", (vb->value_len & ~SNMP_GET_VALUE_RAW_DATA) <= SNMP_MAX_VALUE_SIZE);
|
---|
| 460 | err = snmp_append_outbound_varbind(&request->outbound_pbuf_stream, vb);
|
---|
| 461 |
|
---|
| 462 | if (err == ERR_BUF) {
|
---|
| 463 | request->error_status = SNMP_ERR_TOOBIG;
|
---|
| 464 | } else if (err != ERR_OK) {
|
---|
| 465 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 466 | }
|
---|
| 467 | } else {
|
---|
| 468 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 469 | }
|
---|
| 470 |
|
---|
| 471 | if (node_instance.release_instance != NULL) {
|
---|
| 472 | node_instance.release_instance(&node_instance);
|
---|
| 473 | }
|
---|
| 474 | }
|
---|
| 475 | }
|
---|
| 476 |
|
---|
| 477 |
|
---|
| 478 | /**
|
---|
| 479 | * Service an internal or external event for SNMP GET.
|
---|
| 480 | *
|
---|
| 481 | * @param request points to the associated message process state
|
---|
| 482 | */
|
---|
| 483 | static err_t
|
---|
| 484 | snmp_process_get_request(struct snmp_request *request)
|
---|
| 485 | {
|
---|
| 486 | snmp_vb_enumerator_err_t err;
|
---|
| 487 | struct snmp_varbind vb;
|
---|
| 488 | vb.value = request->value_buffer;
|
---|
| 489 |
|
---|
| 490 | LWIP_DEBUGF(SNMP_DEBUG, ("SNMP get request\n"));
|
---|
| 491 |
|
---|
| 492 | while (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 493 | err = snmp_vb_enumerator_get_next(&request->inbound_varbind_enumerator, &vb);
|
---|
| 494 | if (err == SNMP_VB_ENUMERATOR_ERR_OK) {
|
---|
| 495 | if ((vb.type == SNMP_ASN1_TYPE_NULL) && (vb.value_len == 0)) {
|
---|
| 496 | snmp_process_varbind(request, &vb, 0);
|
---|
| 497 | } else {
|
---|
| 498 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 499 | }
|
---|
| 500 | } else if (err == SNMP_VB_ENUMERATOR_ERR_EOVB) {
|
---|
| 501 | /* no more varbinds in request */
|
---|
| 502 | break;
|
---|
| 503 | } else if (err == SNMP_VB_ENUMERATOR_ERR_ASN1ERROR) {
|
---|
| 504 | /* malformed ASN.1, don't answer */
|
---|
| 505 | return ERR_ARG;
|
---|
| 506 | } else {
|
---|
| 507 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 508 | }
|
---|
| 509 | }
|
---|
| 510 |
|
---|
| 511 | return ERR_OK;
|
---|
| 512 | }
|
---|
| 513 |
|
---|
| 514 | /**
|
---|
| 515 | * Service an internal or external event for SNMP GET.
|
---|
| 516 | *
|
---|
| 517 | * @param request points to the associated message process state
|
---|
| 518 | */
|
---|
| 519 | static err_t
|
---|
| 520 | snmp_process_getnext_request(struct snmp_request *request)
|
---|
| 521 | {
|
---|
| 522 | snmp_vb_enumerator_err_t err;
|
---|
| 523 | struct snmp_varbind vb;
|
---|
| 524 | vb.value = request->value_buffer;
|
---|
| 525 |
|
---|
| 526 | LWIP_DEBUGF(SNMP_DEBUG, ("SNMP get-next request\n"));
|
---|
| 527 |
|
---|
| 528 | while (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 529 | err = snmp_vb_enumerator_get_next(&request->inbound_varbind_enumerator, &vb);
|
---|
| 530 | if (err == SNMP_VB_ENUMERATOR_ERR_OK) {
|
---|
| 531 | if ((vb.type == SNMP_ASN1_TYPE_NULL) && (vb.value_len == 0)) {
|
---|
| 532 | snmp_process_varbind(request, &vb, 1);
|
---|
| 533 | } else {
|
---|
| 534 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 535 | }
|
---|
| 536 | } else if (err == SNMP_VB_ENUMERATOR_ERR_EOVB) {
|
---|
| 537 | /* no more varbinds in request */
|
---|
| 538 | break;
|
---|
| 539 | } else if (err == SNMP_VB_ENUMERATOR_ERR_ASN1ERROR) {
|
---|
| 540 | /* malformed ASN.1, don't answer */
|
---|
| 541 | return ERR_ARG;
|
---|
| 542 | } else {
|
---|
| 543 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 544 | }
|
---|
| 545 | }
|
---|
| 546 |
|
---|
| 547 | return ERR_OK;
|
---|
| 548 | }
|
---|
| 549 |
|
---|
| 550 | /**
|
---|
| 551 | * Service an internal or external event for SNMP GETBULKT.
|
---|
| 552 | *
|
---|
| 553 | * @param request points to the associated message process state
|
---|
| 554 | */
|
---|
| 555 | static err_t
|
---|
| 556 | snmp_process_getbulk_request(struct snmp_request *request)
|
---|
| 557 | {
|
---|
| 558 | snmp_vb_enumerator_err_t err;
|
---|
| 559 | s32_t non_repeaters = request->non_repeaters;
|
---|
| 560 | s32_t repetitions;
|
---|
| 561 | u16_t repetition_offset = 0;
|
---|
| 562 | struct snmp_varbind_enumerator repetition_varbind_enumerator;
|
---|
| 563 | struct snmp_varbind vb;
|
---|
| 564 | vb.value = request->value_buffer;
|
---|
| 565 |
|
---|
| 566 | if (SNMP_LWIP_GETBULK_MAX_REPETITIONS > 0) {
|
---|
| 567 | repetitions = LWIP_MIN(request->max_repetitions, SNMP_LWIP_GETBULK_MAX_REPETITIONS);
|
---|
| 568 | } else {
|
---|
| 569 | repetitions = request->max_repetitions;
|
---|
| 570 | }
|
---|
| 571 |
|
---|
| 572 | LWIP_DEBUGF(SNMP_DEBUG, ("SNMP get-bulk request\n"));
|
---|
| 573 |
|
---|
| 574 | /* process non repeaters and first repetition */
|
---|
| 575 | while (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 576 | if (non_repeaters == 0) {
|
---|
| 577 | repetition_offset = request->outbound_pbuf_stream.offset;
|
---|
| 578 |
|
---|
| 579 | if (repetitions == 0) {
|
---|
| 580 | /* do not resolve repeaters when repetitions is set to 0 */
|
---|
| 581 | break;
|
---|
| 582 | }
|
---|
| 583 | repetitions--;
|
---|
| 584 | }
|
---|
| 585 |
|
---|
| 586 | err = snmp_vb_enumerator_get_next(&request->inbound_varbind_enumerator, &vb);
|
---|
| 587 | if (err == SNMP_VB_ENUMERATOR_ERR_EOVB) {
|
---|
| 588 | /* no more varbinds in request */
|
---|
| 589 | break;
|
---|
| 590 | } else if (err == SNMP_VB_ENUMERATOR_ERR_ASN1ERROR) {
|
---|
| 591 | /* malformed ASN.1, don't answer */
|
---|
| 592 | return ERR_ARG;
|
---|
| 593 | } else if ((err != SNMP_VB_ENUMERATOR_ERR_OK) || (vb.type != SNMP_ASN1_TYPE_NULL) || (vb.value_len != 0)) {
|
---|
| 594 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 595 | } else {
|
---|
| 596 | snmp_process_varbind(request, &vb, 1);
|
---|
| 597 | non_repeaters--;
|
---|
| 598 | }
|
---|
| 599 | }
|
---|
| 600 |
|
---|
| 601 | /* process repetitions > 1 */
|
---|
| 602 | while ((request->error_status == SNMP_ERR_NOERROR) && (repetitions > 0) && (request->outbound_pbuf_stream.offset != repetition_offset)) {
|
---|
| 603 |
|
---|
| 604 | u8_t all_endofmibview = 1;
|
---|
| 605 |
|
---|
| 606 | snmp_vb_enumerator_init(&repetition_varbind_enumerator, request->outbound_pbuf, repetition_offset, request->outbound_pbuf_stream.offset - repetition_offset);
|
---|
| 607 | repetition_offset = request->outbound_pbuf_stream.offset; /* for next loop */
|
---|
| 608 |
|
---|
| 609 | while (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 610 | vb.value = NULL; /* do NOT decode value (we enumerate outbound buffer here, so all varbinds have values assigned) */
|
---|
| 611 | err = snmp_vb_enumerator_get_next(&repetition_varbind_enumerator, &vb);
|
---|
| 612 | if (err == SNMP_VB_ENUMERATOR_ERR_OK) {
|
---|
| 613 | vb.value = request->value_buffer;
|
---|
| 614 | snmp_process_varbind(request, &vb, 1);
|
---|
| 615 |
|
---|
| 616 | if (request->error_status != SNMP_ERR_NOERROR) {
|
---|
| 617 | /* already set correct error-index (here it cannot be taken from inbound varbind enumerator) */
|
---|
| 618 | request->error_index = request->non_repeaters + repetition_varbind_enumerator.varbind_count;
|
---|
| 619 | } else if (vb.type != (SNMP_ASN1_CONTENTTYPE_PRIMITIVE | SNMP_ASN1_CLASS_CONTEXT | SNMP_ASN1_CONTEXT_VARBIND_END_OF_MIB_VIEW)) {
|
---|
| 620 | all_endofmibview = 0;
|
---|
| 621 | }
|
---|
| 622 | } else if (err == SNMP_VB_ENUMERATOR_ERR_EOVB) {
|
---|
| 623 | /* no more varbinds in request */
|
---|
| 624 | break;
|
---|
| 625 | } else {
|
---|
| 626 | LWIP_DEBUGF(SNMP_DEBUG, ("Very strange, we cannot parse the varbind output that we created just before!"));
|
---|
| 627 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 628 | request->error_index = request->non_repeaters + repetition_varbind_enumerator.varbind_count;
|
---|
| 629 | }
|
---|
| 630 | }
|
---|
| 631 |
|
---|
| 632 | if ((request->error_status == SNMP_ERR_NOERROR) && all_endofmibview) {
|
---|
| 633 | /* stop when all varbinds in a loop return EndOfMibView */
|
---|
| 634 | break;
|
---|
| 635 | }
|
---|
| 636 |
|
---|
| 637 | repetitions--;
|
---|
| 638 | }
|
---|
| 639 |
|
---|
| 640 | if (request->error_status == SNMP_ERR_TOOBIG) {
|
---|
| 641 | /* for GetBulk it is ok, if not all requested variables fit into the response -> just return the varbinds added so far */
|
---|
| 642 | request->error_status = SNMP_ERR_NOERROR;
|
---|
| 643 | }
|
---|
| 644 |
|
---|
| 645 | return ERR_OK;
|
---|
| 646 | }
|
---|
| 647 |
|
---|
| 648 | /**
|
---|
| 649 | * Service an internal or external event for SNMP SET.
|
---|
| 650 | *
|
---|
| 651 | * @param request points to the associated message process state
|
---|
| 652 | */
|
---|
| 653 | static err_t
|
---|
| 654 | snmp_process_set_request(struct snmp_request *request)
|
---|
| 655 | {
|
---|
| 656 | snmp_vb_enumerator_err_t err;
|
---|
| 657 | struct snmp_varbind vb;
|
---|
| 658 | vb.value = request->value_buffer;
|
---|
| 659 |
|
---|
| 660 | LWIP_DEBUGF(SNMP_DEBUG, ("SNMP set request\n"));
|
---|
| 661 |
|
---|
| 662 | /* perform set test on all objects */
|
---|
| 663 | while (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 664 | err = snmp_vb_enumerator_get_next(&request->inbound_varbind_enumerator, &vb);
|
---|
| 665 | if (err == SNMP_VB_ENUMERATOR_ERR_OK) {
|
---|
| 666 | struct snmp_node_instance node_instance;
|
---|
| 667 | memset(&node_instance, 0, sizeof(node_instance));
|
---|
| 668 |
|
---|
| 669 | request->error_status = snmp_get_node_instance_from_oid(vb.oid.id, vb.oid.len, &node_instance);
|
---|
| 670 | if (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 671 | if (node_instance.asn1_type != vb.type) {
|
---|
| 672 | request->error_status = SNMP_ERR_WRONGTYPE;
|
---|
| 673 | } else if (((node_instance.access & SNMP_NODE_INSTANCE_ACCESS_WRITE) != SNMP_NODE_INSTANCE_ACCESS_WRITE) || (node_instance.set_value == NULL)) {
|
---|
| 674 | request->error_status = SNMP_ERR_NOTWRITABLE;
|
---|
| 675 | } else {
|
---|
| 676 | if (node_instance.set_test != NULL) {
|
---|
| 677 | request->error_status = node_instance.set_test(&node_instance, vb.value_len, vb.value);
|
---|
| 678 | }
|
---|
| 679 | }
|
---|
| 680 |
|
---|
| 681 | if (node_instance.release_instance != NULL) {
|
---|
| 682 | node_instance.release_instance(&node_instance);
|
---|
| 683 | }
|
---|
| 684 | }
|
---|
| 685 | } else if (err == SNMP_VB_ENUMERATOR_ERR_EOVB) {
|
---|
| 686 | /* no more varbinds in request */
|
---|
| 687 | break;
|
---|
| 688 | } else if (err == SNMP_VB_ENUMERATOR_ERR_INVALIDLENGTH) {
|
---|
| 689 | request->error_status = SNMP_ERR_WRONGLENGTH;
|
---|
| 690 | } else if (err == SNMP_VB_ENUMERATOR_ERR_ASN1ERROR) {
|
---|
| 691 | /* malformed ASN.1, don't answer */
|
---|
| 692 | return ERR_ARG;
|
---|
| 693 | } else {
|
---|
| 694 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 695 | }
|
---|
| 696 | }
|
---|
| 697 |
|
---|
| 698 | /* perform real set operation on all objects */
|
---|
| 699 | if (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 700 | snmp_vb_enumerator_init(&request->inbound_varbind_enumerator, request->inbound_pbuf, request->inbound_varbind_offset, request->inbound_varbind_len);
|
---|
| 701 | while (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 702 | err = snmp_vb_enumerator_get_next(&request->inbound_varbind_enumerator, &vb);
|
---|
| 703 | if (err == SNMP_VB_ENUMERATOR_ERR_OK) {
|
---|
| 704 | struct snmp_node_instance node_instance;
|
---|
| 705 | memset(&node_instance, 0, sizeof(node_instance));
|
---|
| 706 | request->error_status = snmp_get_node_instance_from_oid(vb.oid.id, vb.oid.len, &node_instance);
|
---|
| 707 | if (request->error_status == SNMP_ERR_NOERROR) {
|
---|
| 708 | if (node_instance.set_value(&node_instance, vb.value_len, vb.value) != SNMP_ERR_NOERROR) {
|
---|
| 709 | if (request->inbound_varbind_enumerator.varbind_count == 1) {
|
---|
| 710 | request->error_status = SNMP_ERR_COMMITFAILED;
|
---|
| 711 | } else {
|
---|
| 712 | /* we cannot undo the set operations done so far */
|
---|
| 713 | request->error_status = SNMP_ERR_UNDOFAILED;
|
---|
| 714 | }
|
---|
| 715 | }
|
---|
| 716 |
|
---|
| 717 | if (node_instance.release_instance != NULL) {
|
---|
| 718 | node_instance.release_instance(&node_instance);
|
---|
| 719 | }
|
---|
| 720 | }
|
---|
| 721 | } else if (err == SNMP_VB_ENUMERATOR_ERR_EOVB) {
|
---|
| 722 | /* no more varbinds in request */
|
---|
| 723 | break;
|
---|
| 724 | } else {
|
---|
| 725 | /* first time enumerating varbinds work but second time not, although nothing should have changed in between ??? */
|
---|
| 726 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 727 | }
|
---|
| 728 | }
|
---|
| 729 | }
|
---|
| 730 |
|
---|
| 731 | return ERR_OK;
|
---|
| 732 | }
|
---|
| 733 |
|
---|
| 734 | #define PARSE_EXEC(code, retValue) \
|
---|
| 735 | if ((code) != ERR_OK) { \
|
---|
| 736 | LWIP_DEBUGF(SNMP_DEBUG, ("Malformed ASN.1 detected.\n")); \
|
---|
| 737 | snmp_stats.inasnparseerrs++; \
|
---|
| 738 | return retValue; \
|
---|
| 739 | }
|
---|
| 740 |
|
---|
| 741 | #define PARSE_ASSERT(cond, retValue) \
|
---|
| 742 | if (!(cond)) { \
|
---|
| 743 | LWIP_DEBUGF(SNMP_DEBUG, ("SNMP parse assertion failed!: " # cond)); \
|
---|
| 744 | snmp_stats.inasnparseerrs++; \
|
---|
| 745 | return retValue; \
|
---|
| 746 | }
|
---|
| 747 |
|
---|
| 748 | #define BUILD_EXEC(code, retValue) \
|
---|
| 749 | if ((code) != ERR_OK) { \
|
---|
| 750 | LWIP_DEBUGF(SNMP_DEBUG, ("SNMP error during creation of outbound frame!: " # code)); \
|
---|
| 751 | return retValue; \
|
---|
| 752 | }
|
---|
| 753 |
|
---|
| 754 | #define IF_PARSE_EXEC(code) PARSE_EXEC(code, ERR_ARG)
|
---|
| 755 | #define IF_PARSE_ASSERT(code) PARSE_ASSERT(code, ERR_ARG)
|
---|
| 756 |
|
---|
| 757 | /**
|
---|
| 758 | * Checks and decodes incoming SNMP message header, logs header errors.
|
---|
| 759 | *
|
---|
| 760 | * @param request points to the current message request state return
|
---|
| 761 | * @return
|
---|
| 762 | * - ERR_OK SNMP header is sane and accepted
|
---|
| 763 | * - ERR_VAL SNMP header is either malformed or rejected
|
---|
| 764 | */
|
---|
| 765 | static err_t
|
---|
| 766 | snmp_parse_inbound_frame(struct snmp_request *request)
|
---|
| 767 | {
|
---|
| 768 | struct snmp_pbuf_stream pbuf_stream;
|
---|
| 769 | struct snmp_asn1_tlv tlv;
|
---|
| 770 | s32_t parent_tlv_value_len;
|
---|
| 771 | s32_t s32_value;
|
---|
| 772 | err_t err;
|
---|
| 773 | #if LWIP_SNMP_V3
|
---|
| 774 | snmpv3_auth_algo_t auth;
|
---|
| 775 | snmpv3_priv_algo_t priv;
|
---|
| 776 | #endif
|
---|
| 777 |
|
---|
| 778 | IF_PARSE_EXEC(snmp_pbuf_stream_init(&pbuf_stream, request->inbound_pbuf, 0, request->inbound_pbuf->tot_len));
|
---|
| 779 |
|
---|
| 780 | /* decode main container consisting of version, community and PDU */
|
---|
| 781 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 782 | IF_PARSE_ASSERT((tlv.type == SNMP_ASN1_TYPE_SEQUENCE) && (tlv.value_len == pbuf_stream.length));
|
---|
| 783 | parent_tlv_value_len = tlv.value_len;
|
---|
| 784 |
|
---|
| 785 | /* decode version */
|
---|
| 786 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 787 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_INTEGER);
|
---|
| 788 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 789 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 790 |
|
---|
| 791 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &s32_value));
|
---|
| 792 |
|
---|
| 793 | if (((s32_value != SNMP_VERSION_1) &&
|
---|
| 794 | (s32_value != SNMP_VERSION_2c)
|
---|
| 795 | #if LWIP_SNMP_V3
|
---|
| 796 | && (s32_value != SNMP_VERSION_3)
|
---|
| 797 | #endif
|
---|
| 798 | )
|
---|
| 799 | #if LWIP_SNMP_CONFIGURE_VERSIONS
|
---|
| 800 | || (!snmp_version_enabled(s32_value))
|
---|
| 801 | #endif
|
---|
| 802 | ) {
|
---|
| 803 | /* unsupported SNMP version */
|
---|
| 804 | snmp_stats.inbadversions++;
|
---|
| 805 | return ERR_ARG;
|
---|
| 806 | }
|
---|
| 807 | request->version = (u8_t)s32_value;
|
---|
| 808 |
|
---|
| 809 | #if LWIP_SNMP_V3
|
---|
| 810 | if (request->version == SNMP_VERSION_3) {
|
---|
| 811 | u16_t u16_value;
|
---|
| 812 | u16_t inbound_msgAuthenticationParameters_offset;
|
---|
| 813 |
|
---|
| 814 | /* SNMPv3 doesn't use communities */
|
---|
| 815 | /* @todo: Differentiate read/write access */
|
---|
| 816 | strncpy((char *)request->community, snmp_community, SNMP_MAX_COMMUNITY_STR_LEN);
|
---|
| 817 | request->community[SNMP_MAX_COMMUNITY_STR_LEN] = 0; /* ensure NULL termination (strncpy does NOT guarantee it!) */
|
---|
| 818 | request->community_strlen = (u16_t)strnlen((char *)request->community, SNMP_MAX_COMMUNITY_STR_LEN);
|
---|
| 819 |
|
---|
| 820 | /* RFC3414 globalData */
|
---|
| 821 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 822 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_SEQUENCE);
|
---|
| 823 | parent_tlv_value_len -= SNMP_ASN1_TLV_HDR_LENGTH(tlv);
|
---|
| 824 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 825 |
|
---|
| 826 | /* decode msgID */
|
---|
| 827 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 828 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_INTEGER);
|
---|
| 829 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 830 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 831 |
|
---|
| 832 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &s32_value));
|
---|
| 833 | request->msg_id = s32_value;
|
---|
| 834 |
|
---|
| 835 | /* decode msgMaxSize */
|
---|
| 836 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 837 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_INTEGER);
|
---|
| 838 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 839 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 840 |
|
---|
| 841 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &s32_value));
|
---|
| 842 | request->msg_max_size = s32_value;
|
---|
| 843 |
|
---|
| 844 | /* decode msgFlags */
|
---|
| 845 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 846 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 847 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 848 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 849 |
|
---|
| 850 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &s32_value));
|
---|
| 851 | request->msg_flags = (u8_t)s32_value;
|
---|
| 852 |
|
---|
| 853 | /* decode msgSecurityModel */
|
---|
| 854 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 855 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_INTEGER);
|
---|
| 856 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 857 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 858 |
|
---|
| 859 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &s32_value));
|
---|
| 860 | request->msg_security_model = s32_value;
|
---|
| 861 |
|
---|
| 862 | /* RFC3414 msgSecurityParameters
|
---|
| 863 | * The User-based Security Model defines the contents of the OCTET
|
---|
| 864 | * STRING as a SEQUENCE.
|
---|
| 865 | *
|
---|
| 866 | * We skip the protective dummy OCTET STRING header
|
---|
| 867 | * to access the SEQUENCE header.
|
---|
| 868 | */
|
---|
| 869 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 870 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 871 | parent_tlv_value_len -= SNMP_ASN1_TLV_HDR_LENGTH(tlv);
|
---|
| 872 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 873 |
|
---|
| 874 | /* msgSecurityParameters SEQUENCE header */
|
---|
| 875 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 876 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_SEQUENCE);
|
---|
| 877 | parent_tlv_value_len -= SNMP_ASN1_TLV_HDR_LENGTH(tlv);
|
---|
| 878 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 879 |
|
---|
| 880 | /* decode msgAuthoritativeEngineID */
|
---|
| 881 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 882 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 883 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 884 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 885 |
|
---|
| 886 | IF_PARSE_EXEC(snmp_asn1_dec_raw(&pbuf_stream, tlv.value_len, request->msg_authoritative_engine_id,
|
---|
| 887 | &u16_value, SNMP_V3_MAX_ENGINE_ID_LENGTH));
|
---|
| 888 | request->msg_authoritative_engine_id_len = (u8_t)u16_value;
|
---|
| 889 |
|
---|
| 890 | /* msgAuthoritativeEngineBoots */
|
---|
| 891 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 892 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_INTEGER);
|
---|
| 893 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 894 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 895 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &request->msg_authoritative_engine_boots));
|
---|
| 896 |
|
---|
| 897 | /* msgAuthoritativeEngineTime */
|
---|
| 898 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 899 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_INTEGER);
|
---|
| 900 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 901 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 902 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &request->msg_authoritative_engine_time));
|
---|
| 903 |
|
---|
| 904 | /* msgUserName */
|
---|
| 905 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 906 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 907 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 908 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 909 |
|
---|
| 910 | IF_PARSE_EXEC(snmp_asn1_dec_raw(&pbuf_stream, tlv.value_len, request->msg_user_name,
|
---|
| 911 | &u16_value, SNMP_V3_MAX_USER_LENGTH));
|
---|
| 912 | request->msg_user_name_len = (u8_t)u16_value;
|
---|
| 913 |
|
---|
| 914 | /* msgAuthenticationParameters */
|
---|
| 915 | memset(request->msg_authentication_parameters, 0, SNMP_V3_MAX_AUTH_PARAM_LENGTH);
|
---|
| 916 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 917 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 918 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 919 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 920 | /* Remember position */
|
---|
| 921 | inbound_msgAuthenticationParameters_offset = pbuf_stream.offset;
|
---|
| 922 | LWIP_UNUSED_ARG(inbound_msgAuthenticationParameters_offset);
|
---|
| 923 | /* Read auth parameters */
|
---|
| 924 | /* IF_PARSE_ASSERT(tlv.value_len <= SNMP_V3_MAX_AUTH_PARAM_LENGTH); */
|
---|
| 925 | IF_PARSE_EXEC(snmp_asn1_dec_raw(&pbuf_stream, tlv.value_len, request->msg_authentication_parameters,
|
---|
| 926 | &u16_value, tlv.value_len));
|
---|
| 927 | request->msg_authentication_parameters_len = (u8_t)u16_value;
|
---|
| 928 |
|
---|
| 929 | /* msgPrivacyParameters */
|
---|
| 930 | memset(request->msg_privacy_parameters, 0, SNMP_V3_MAX_PRIV_PARAM_LENGTH);
|
---|
| 931 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 932 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 933 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 934 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 935 |
|
---|
| 936 | IF_PARSE_EXEC(snmp_asn1_dec_raw(&pbuf_stream, tlv.value_len, request->msg_privacy_parameters,
|
---|
| 937 | &u16_value, SNMP_V3_MAX_PRIV_PARAM_LENGTH));
|
---|
| 938 | request->msg_privacy_parameters_len = (u8_t)u16_value;
|
---|
| 939 |
|
---|
| 940 | /* validate securityParameters here (do this after decoding because we don't want to increase other counters for wrong frames)
|
---|
| 941 | * 1) securityParameters was correctly serialized if we reach here.
|
---|
| 942 | * 2) securityParameters are already cached.
|
---|
| 943 | * 3) if msgAuthoritativeEngineID is unknown, zero-length or too long:
|
---|
| 944 | b) https://tools.ietf.org/html/rfc3414#section-7
|
---|
| 945 | */
|
---|
| 946 | {
|
---|
| 947 | const char *eid;
|
---|
| 948 | u8_t eid_len;
|
---|
| 949 |
|
---|
| 950 | snmpv3_get_engine_id(&eid, &eid_len);
|
---|
| 951 |
|
---|
| 952 | if ((request->msg_authoritative_engine_id_len == 0) ||
|
---|
| 953 | (request->msg_authoritative_engine_id_len != eid_len) ||
|
---|
| 954 | (memcmp(eid, request->msg_authoritative_engine_id, eid_len) != 0)) {
|
---|
| 955 | snmp_stats.unknownengineids++;
|
---|
| 956 | request->msg_flags = 0; /* noauthnopriv */
|
---|
| 957 | request->error_status = SNMP_ERR_UNKNOWN_ENGINEID;
|
---|
| 958 | return ERR_OK;
|
---|
| 959 | }
|
---|
| 960 | }
|
---|
| 961 |
|
---|
| 962 | /* 4) verify username */
|
---|
| 963 | if (snmpv3_get_user((char *)request->msg_user_name, &auth, NULL, &priv, NULL)) {
|
---|
| 964 | snmp_stats.unknownusernames++;
|
---|
| 965 | request->msg_flags = 0; /* noauthnopriv */
|
---|
| 966 | request->error_status = SNMP_ERR_UNKNOWN_SECURITYNAME;
|
---|
| 967 | return ERR_OK;
|
---|
| 968 | }
|
---|
| 969 |
|
---|
| 970 | /* 5) verify security level */
|
---|
| 971 | switch (request->msg_flags & (SNMP_V3_AUTH_FLAG | SNMP_V3_PRIV_FLAG)) {
|
---|
| 972 | case SNMP_V3_NOAUTHNOPRIV:
|
---|
| 973 | if ((auth != SNMP_V3_AUTH_ALGO_INVAL) || (priv != SNMP_V3_PRIV_ALGO_INVAL)) {
|
---|
| 974 | /* Invalid security level for user */
|
---|
| 975 | snmp_stats.unsupportedseclevels++;
|
---|
| 976 | request->msg_flags = SNMP_V3_NOAUTHNOPRIV;
|
---|
| 977 | request->error_status = SNMP_ERR_UNSUPPORTED_SECLEVEL;
|
---|
| 978 | return ERR_OK;
|
---|
| 979 | }
|
---|
| 980 | break;
|
---|
| 981 | #if LWIP_SNMP_V3_CRYPTO
|
---|
| 982 | case SNMP_V3_AUTHNOPRIV:
|
---|
| 983 | if ((auth == SNMP_V3_AUTH_ALGO_INVAL) || (priv != SNMP_V3_PRIV_ALGO_INVAL)) {
|
---|
| 984 | /* Invalid security level for user */
|
---|
| 985 | snmp_stats.unsupportedseclevels++;
|
---|
| 986 | request->msg_flags = SNMP_V3_NOAUTHNOPRIV;
|
---|
| 987 | request->error_status = SNMP_ERR_UNSUPPORTED_SECLEVEL;
|
---|
| 988 | return ERR_OK;
|
---|
| 989 | }
|
---|
| 990 | break;
|
---|
| 991 | case SNMP_V3_AUTHPRIV:
|
---|
| 992 | if ((auth == SNMP_V3_AUTH_ALGO_INVAL) || (priv == SNMP_V3_PRIV_ALGO_INVAL)) {
|
---|
| 993 | /* Invalid security level for user */
|
---|
| 994 | snmp_stats.unsupportedseclevels++;
|
---|
| 995 | request->msg_flags = SNMP_V3_NOAUTHNOPRIV;
|
---|
| 996 | request->error_status = SNMP_ERR_UNSUPPORTED_SECLEVEL;
|
---|
| 997 | return ERR_OK;
|
---|
| 998 | }
|
---|
| 999 | break;
|
---|
| 1000 | #endif
|
---|
| 1001 | default:
|
---|
| 1002 | snmp_stats.unsupportedseclevels++;
|
---|
| 1003 | request->msg_flags = SNMP_V3_NOAUTHNOPRIV;
|
---|
| 1004 | request->error_status = SNMP_ERR_UNSUPPORTED_SECLEVEL;
|
---|
| 1005 | return ERR_OK;
|
---|
| 1006 | }
|
---|
| 1007 |
|
---|
| 1008 | /* 6) if securitylevel specifies authentication, authenticate message. */
|
---|
| 1009 | #if LWIP_SNMP_V3_CRYPTO
|
---|
| 1010 | if (request->msg_flags & SNMP_V3_AUTH_FLAG) {
|
---|
| 1011 | const u8_t zero_arr[SNMP_V3_MAX_AUTH_PARAM_LENGTH] = { 0 };
|
---|
| 1012 | u8_t key[20];
|
---|
| 1013 | u8_t hmac[LWIP_MAX(SNMP_V3_SHA_LEN, SNMP_V3_MD5_LEN)];
|
---|
| 1014 | struct snmp_pbuf_stream auth_stream;
|
---|
| 1015 |
|
---|
| 1016 | if (request->msg_authentication_parameters_len > SNMP_V3_MAX_AUTH_PARAM_LENGTH) {
|
---|
| 1017 | snmp_stats.wrongdigests++;
|
---|
| 1018 | request->msg_flags = SNMP_V3_NOAUTHNOPRIV;
|
---|
| 1019 | request->error_status = SNMP_ERR_AUTHORIZATIONERROR;
|
---|
| 1020 | return ERR_OK;
|
---|
| 1021 | }
|
---|
| 1022 |
|
---|
| 1023 | /* Rewind stream */
|
---|
| 1024 | IF_PARSE_EXEC(snmp_pbuf_stream_init(&auth_stream, request->inbound_pbuf, 0, request->inbound_pbuf->tot_len));
|
---|
| 1025 | IF_PARSE_EXEC(snmp_pbuf_stream_seek_abs(&auth_stream, inbound_msgAuthenticationParameters_offset));
|
---|
| 1026 | /* Set auth parameters to zero for verification */
|
---|
| 1027 | IF_PARSE_EXEC(snmp_asn1_enc_raw(&auth_stream, zero_arr, request->msg_authentication_parameters_len));
|
---|
| 1028 |
|
---|
| 1029 | /* Verify authentication */
|
---|
| 1030 | IF_PARSE_EXEC(snmp_pbuf_stream_init(&auth_stream, request->inbound_pbuf, 0, request->inbound_pbuf->tot_len));
|
---|
| 1031 |
|
---|
| 1032 | IF_PARSE_EXEC(snmpv3_get_user((char *)request->msg_user_name, &auth, key, NULL, NULL));
|
---|
| 1033 | IF_PARSE_EXEC(snmpv3_auth(&auth_stream, request->inbound_pbuf->tot_len, key, auth, hmac));
|
---|
| 1034 |
|
---|
| 1035 | if (memcmp(request->msg_authentication_parameters, hmac, SNMP_V3_MAX_AUTH_PARAM_LENGTH)) {
|
---|
| 1036 | snmp_stats.wrongdigests++;
|
---|
| 1037 | request->msg_flags = SNMP_V3_NOAUTHNOPRIV;
|
---|
| 1038 | request->error_status = SNMP_ERR_AUTHORIZATIONERROR;
|
---|
| 1039 | return ERR_OK;
|
---|
| 1040 | }
|
---|
| 1041 |
|
---|
| 1042 | /* 7) if securitylevel specifies authentication, verify engineboots, enginetime and lastenginetime */
|
---|
| 1043 | {
|
---|
| 1044 | s32_t boots = snmpv3_get_engine_boots_internal();
|
---|
| 1045 | if ((request->msg_authoritative_engine_boots != boots) || (boots == 2147483647UL)) {
|
---|
| 1046 | snmp_stats.notintimewindows++;
|
---|
| 1047 | request->msg_flags = SNMP_V3_AUTHNOPRIV;
|
---|
| 1048 | request->error_status = SNMP_ERR_NOTINTIMEWINDOW;
|
---|
| 1049 | return ERR_OK;
|
---|
| 1050 | }
|
---|
| 1051 | }
|
---|
| 1052 | {
|
---|
| 1053 | s32_t time = snmpv3_get_engine_time_internal();
|
---|
| 1054 | if (request->msg_authoritative_engine_time > (time + 150)) {
|
---|
| 1055 | snmp_stats.notintimewindows++;
|
---|
| 1056 | request->msg_flags = SNMP_V3_AUTHNOPRIV;
|
---|
| 1057 | request->error_status = SNMP_ERR_NOTINTIMEWINDOW;
|
---|
| 1058 | return ERR_OK;
|
---|
| 1059 | } else if (time > 150) {
|
---|
| 1060 | if (request->msg_authoritative_engine_time < (time - 150)) {
|
---|
| 1061 | snmp_stats.notintimewindows++;
|
---|
| 1062 | request->msg_flags = SNMP_V3_AUTHNOPRIV;
|
---|
| 1063 | request->error_status = SNMP_ERR_NOTINTIMEWINDOW;
|
---|
| 1064 | return ERR_OK;
|
---|
| 1065 | }
|
---|
| 1066 | }
|
---|
| 1067 | }
|
---|
| 1068 | }
|
---|
| 1069 | #endif
|
---|
| 1070 |
|
---|
| 1071 | /* 8) if securitylevel specifies privacy, decrypt message. */
|
---|
| 1072 | #if LWIP_SNMP_V3_CRYPTO
|
---|
| 1073 | if (request->msg_flags & SNMP_V3_PRIV_FLAG) {
|
---|
| 1074 | /* Decrypt message */
|
---|
| 1075 |
|
---|
| 1076 | u8_t key[20];
|
---|
| 1077 |
|
---|
| 1078 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1079 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 1080 | parent_tlv_value_len -= SNMP_ASN1_TLV_HDR_LENGTH(tlv);
|
---|
| 1081 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 1082 |
|
---|
| 1083 | IF_PARSE_EXEC(snmpv3_get_user((char *)request->msg_user_name, NULL, NULL, &priv, key));
|
---|
| 1084 | if (snmpv3_crypt(&pbuf_stream, tlv.value_len, key,
|
---|
| 1085 | request->msg_privacy_parameters, request->msg_authoritative_engine_boots,
|
---|
| 1086 | request->msg_authoritative_engine_time, priv, SNMP_V3_PRIV_MODE_DECRYPT) != ERR_OK) {
|
---|
| 1087 | snmp_stats.decryptionerrors++;
|
---|
| 1088 | request->msg_flags = SNMP_V3_AUTHNOPRIV;
|
---|
| 1089 | request->error_status = SNMP_ERR_DECRYIPTION_ERROR;
|
---|
| 1090 | return ERR_OK;
|
---|
| 1091 | }
|
---|
| 1092 | }
|
---|
| 1093 | #endif
|
---|
| 1094 | /* 9) calculate max size of scoped pdu?
|
---|
| 1095 | * 10) securityname for user is retrieved from usertable?
|
---|
| 1096 | * 11) security data is cached?
|
---|
| 1097 | * 12)
|
---|
| 1098 | */
|
---|
| 1099 |
|
---|
| 1100 | /* Scoped PDU
|
---|
| 1101 | * Encryption context
|
---|
| 1102 | */
|
---|
| 1103 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1104 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_SEQUENCE);
|
---|
| 1105 | parent_tlv_value_len -= SNMP_ASN1_TLV_HDR_LENGTH(tlv);
|
---|
| 1106 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 1107 |
|
---|
| 1108 | /* contextEngineID */
|
---|
| 1109 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1110 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 1111 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 1112 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 1113 |
|
---|
| 1114 | IF_PARSE_EXEC(snmp_asn1_dec_raw(&pbuf_stream, tlv.value_len, request->context_engine_id,
|
---|
| 1115 | &u16_value, SNMP_V3_MAX_ENGINE_ID_LENGTH));
|
---|
| 1116 | request->context_engine_id_len = (u8_t)u16_value;
|
---|
| 1117 | /* TODO: do we need to verify this contextengineid too? */
|
---|
| 1118 |
|
---|
| 1119 | /* contextName */
|
---|
| 1120 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1121 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 1122 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 1123 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 1124 |
|
---|
| 1125 | IF_PARSE_EXEC(snmp_asn1_dec_raw(&pbuf_stream, tlv.value_len, request->context_name,
|
---|
| 1126 | &u16_value, SNMP_V3_MAX_ENGINE_ID_LENGTH));
|
---|
| 1127 | request->context_name_len = (u8_t)u16_value;
|
---|
| 1128 | /* TODO: do we need to verify this contextname too? */
|
---|
| 1129 | } else
|
---|
| 1130 | #endif
|
---|
| 1131 | {
|
---|
| 1132 | /* decode community */
|
---|
| 1133 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1134 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_OCTET_STRING);
|
---|
| 1135 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 1136 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 1137 |
|
---|
| 1138 | err = snmp_asn1_dec_raw(&pbuf_stream, tlv.value_len, request->community, &request->community_strlen, SNMP_MAX_COMMUNITY_STR_LEN);
|
---|
| 1139 | if (err == ERR_MEM) {
|
---|
| 1140 | /* community string does not fit in our buffer -> its too long -> its invalid */
|
---|
| 1141 | request->community_strlen = 0;
|
---|
| 1142 | snmp_pbuf_stream_seek(&pbuf_stream, tlv.value_len);
|
---|
| 1143 | } else {
|
---|
| 1144 | IF_PARSE_ASSERT(err == ERR_OK);
|
---|
| 1145 | }
|
---|
| 1146 | /* add zero terminator */
|
---|
| 1147 | request->community[request->community_strlen] = 0;
|
---|
| 1148 | }
|
---|
| 1149 |
|
---|
| 1150 | /* decode PDU type (next container level) */
|
---|
| 1151 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1152 | IF_PARSE_ASSERT(tlv.value_len <= pbuf_stream.length);
|
---|
| 1153 | request->inbound_padding_len = pbuf_stream.length - tlv.value_len;
|
---|
| 1154 | parent_tlv_value_len = tlv.value_len;
|
---|
| 1155 |
|
---|
| 1156 | /* validate PDU type */
|
---|
| 1157 | switch (tlv.type) {
|
---|
| 1158 | case (SNMP_ASN1_CLASS_CONTEXT | SNMP_ASN1_CONTENTTYPE_CONSTRUCTED | SNMP_ASN1_CONTEXT_PDU_GET_REQ):
|
---|
| 1159 | /* GetRequest PDU */
|
---|
| 1160 | snmp_stats.ingetrequests++;
|
---|
| 1161 | break;
|
---|
| 1162 | case (SNMP_ASN1_CLASS_CONTEXT | SNMP_ASN1_CONTENTTYPE_CONSTRUCTED | SNMP_ASN1_CONTEXT_PDU_GET_NEXT_REQ):
|
---|
| 1163 | /* GetNextRequest PDU */
|
---|
| 1164 | snmp_stats.ingetnexts++;
|
---|
| 1165 | break;
|
---|
| 1166 | case (SNMP_ASN1_CLASS_CONTEXT | SNMP_ASN1_CONTENTTYPE_CONSTRUCTED | SNMP_ASN1_CONTEXT_PDU_GET_BULK_REQ):
|
---|
| 1167 | /* GetBulkRequest PDU */
|
---|
| 1168 | if (request->version < SNMP_VERSION_2c) {
|
---|
| 1169 | /* RFC2089: invalid, drop packet */
|
---|
| 1170 | return ERR_ARG;
|
---|
| 1171 | }
|
---|
| 1172 | break;
|
---|
| 1173 | case (SNMP_ASN1_CLASS_CONTEXT | SNMP_ASN1_CONTENTTYPE_CONSTRUCTED | SNMP_ASN1_CONTEXT_PDU_SET_REQ):
|
---|
| 1174 | /* SetRequest PDU */
|
---|
| 1175 | snmp_stats.insetrequests++;
|
---|
| 1176 | break;
|
---|
| 1177 | default:
|
---|
| 1178 | /* unsupported input PDU for this agent (no parse error) */
|
---|
| 1179 | LWIP_DEBUGF(SNMP_DEBUG, ("Unknown/Invalid SNMP PDU type received: %d", tlv.type)); \
|
---|
| 1180 | return ERR_ARG;
|
---|
| 1181 | }
|
---|
| 1182 | request->request_type = tlv.type & SNMP_ASN1_DATATYPE_MASK;
|
---|
| 1183 | request->request_out_type = (SNMP_ASN1_CLASS_CONTEXT | SNMP_ASN1_CONTENTTYPE_CONSTRUCTED | SNMP_ASN1_CONTEXT_PDU_GET_RESP);
|
---|
| 1184 |
|
---|
| 1185 | /* validate community (do this after decoding PDU type because we don't want to increase 'inbadcommunitynames' for wrong frame types */
|
---|
| 1186 | if (request->community_strlen == 0) {
|
---|
| 1187 | /* community string was too long or really empty*/
|
---|
| 1188 | snmp_stats.inbadcommunitynames++;
|
---|
| 1189 | snmp_authfail_trap();
|
---|
| 1190 | return ERR_ARG;
|
---|
| 1191 | } else if (request->request_type == SNMP_ASN1_CONTEXT_PDU_SET_REQ) {
|
---|
| 1192 | if (snmp_community_write[0] == 0) {
|
---|
| 1193 | /* our write community is empty, that means all our objects are readonly */
|
---|
| 1194 | request->error_status = SNMP_ERR_NOTWRITABLE;
|
---|
| 1195 | request->error_index = 1;
|
---|
| 1196 | } else if (strncmp(snmp_community_write, (const char *)request->community, SNMP_MAX_COMMUNITY_STR_LEN) != 0) {
|
---|
| 1197 | /* community name does not match */
|
---|
| 1198 | snmp_stats.inbadcommunitynames++;
|
---|
| 1199 | snmp_authfail_trap();
|
---|
| 1200 | return ERR_ARG;
|
---|
| 1201 | }
|
---|
| 1202 | } else {
|
---|
| 1203 | if (strncmp(snmp_community, (const char *)request->community, SNMP_MAX_COMMUNITY_STR_LEN) != 0) {
|
---|
| 1204 | /* community name does not match */
|
---|
| 1205 | snmp_stats.inbadcommunitynames++;
|
---|
| 1206 | snmp_authfail_trap();
|
---|
| 1207 | return ERR_ARG;
|
---|
| 1208 | }
|
---|
| 1209 | }
|
---|
| 1210 |
|
---|
| 1211 | /* decode request ID */
|
---|
| 1212 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1213 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_INTEGER);
|
---|
| 1214 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 1215 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 1216 |
|
---|
| 1217 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &request->request_id));
|
---|
| 1218 |
|
---|
| 1219 | /* decode error status / non-repeaters */
|
---|
| 1220 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1221 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_INTEGER);
|
---|
| 1222 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 1223 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 1224 |
|
---|
| 1225 | if (request->request_type == SNMP_ASN1_CONTEXT_PDU_GET_BULK_REQ) {
|
---|
| 1226 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &request->non_repeaters));
|
---|
| 1227 | if (request->non_repeaters < 0) {
|
---|
| 1228 | /* RFC 1905, 4.2.3 */
|
---|
| 1229 | request->non_repeaters = 0;
|
---|
| 1230 | }
|
---|
| 1231 | } else {
|
---|
| 1232 | /* only check valid value, don't touch 'request->error_status', maybe a response error status was already set to above; */
|
---|
| 1233 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &s32_value));
|
---|
| 1234 | IF_PARSE_ASSERT(s32_value == SNMP_ERR_NOERROR);
|
---|
| 1235 | }
|
---|
| 1236 |
|
---|
| 1237 | /* decode error index / max-repetitions */
|
---|
| 1238 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1239 | IF_PARSE_ASSERT(tlv.type == SNMP_ASN1_TYPE_INTEGER);
|
---|
| 1240 | parent_tlv_value_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 1241 | IF_PARSE_ASSERT(parent_tlv_value_len > 0);
|
---|
| 1242 |
|
---|
| 1243 | if (request->request_type == SNMP_ASN1_CONTEXT_PDU_GET_BULK_REQ) {
|
---|
| 1244 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &request->max_repetitions));
|
---|
| 1245 | if (request->max_repetitions < 0) {
|
---|
| 1246 | /* RFC 1905, 4.2.3 */
|
---|
| 1247 | request->max_repetitions = 0;
|
---|
| 1248 | }
|
---|
| 1249 | } else {
|
---|
| 1250 | IF_PARSE_EXEC(snmp_asn1_dec_s32t(&pbuf_stream, tlv.value_len, &request->error_index));
|
---|
| 1251 | IF_PARSE_ASSERT(s32_value == 0);
|
---|
| 1252 | }
|
---|
| 1253 |
|
---|
| 1254 | /* decode varbind-list type (next container level) */
|
---|
| 1255 | IF_PARSE_EXEC(snmp_asn1_dec_tlv(&pbuf_stream, &tlv));
|
---|
| 1256 | IF_PARSE_ASSERT((tlv.type == SNMP_ASN1_TYPE_SEQUENCE) && (tlv.value_len <= pbuf_stream.length));
|
---|
| 1257 |
|
---|
| 1258 | request->inbound_varbind_offset = pbuf_stream.offset;
|
---|
| 1259 | request->inbound_varbind_len = pbuf_stream.length - request->inbound_padding_len;
|
---|
| 1260 | snmp_vb_enumerator_init(&(request->inbound_varbind_enumerator), request->inbound_pbuf, request->inbound_varbind_offset, request->inbound_varbind_len);
|
---|
| 1261 |
|
---|
| 1262 | return ERR_OK;
|
---|
| 1263 | }
|
---|
| 1264 |
|
---|
| 1265 | #define OF_BUILD_EXEC(code) BUILD_EXEC(code, ERR_ARG)
|
---|
| 1266 |
|
---|
| 1267 | static err_t
|
---|
| 1268 | snmp_prepare_outbound_frame(struct snmp_request *request)
|
---|
| 1269 | {
|
---|
| 1270 | struct snmp_asn1_tlv tlv;
|
---|
| 1271 | struct snmp_pbuf_stream *pbuf_stream = &(request->outbound_pbuf_stream);
|
---|
| 1272 |
|
---|
| 1273 | /* try allocating pbuf(s) for maximum response size */
|
---|
| 1274 | request->outbound_pbuf = pbuf_alloc(PBUF_TRANSPORT, 1472, PBUF_RAM);
|
---|
| 1275 | if (request->outbound_pbuf == NULL) {
|
---|
| 1276 | return ERR_MEM;
|
---|
| 1277 | }
|
---|
| 1278 |
|
---|
| 1279 | snmp_pbuf_stream_init(pbuf_stream, request->outbound_pbuf, 0, request->outbound_pbuf->tot_len);
|
---|
| 1280 |
|
---|
| 1281 | /* 'Message' sequence */
|
---|
| 1282 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 3, 0);
|
---|
| 1283 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(pbuf_stream, &tlv) );
|
---|
| 1284 |
|
---|
| 1285 | /* version */
|
---|
| 1286 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_INTEGER, 0, 0);
|
---|
| 1287 | snmp_asn1_enc_s32t_cnt(request->version, &tlv.value_len);
|
---|
| 1288 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(pbuf_stream, &tlv) );
|
---|
| 1289 | OF_BUILD_EXEC( snmp_asn1_enc_s32t(pbuf_stream, tlv.value_len, request->version) );
|
---|
| 1290 |
|
---|
| 1291 | #if LWIP_SNMP_V3
|
---|
| 1292 | if (request->version < SNMP_VERSION_3) {
|
---|
| 1293 | #endif
|
---|
| 1294 | /* community */
|
---|
| 1295 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 0, request->community_strlen);
|
---|
| 1296 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(pbuf_stream, &tlv) );
|
---|
| 1297 | OF_BUILD_EXEC( snmp_asn1_enc_raw(pbuf_stream, request->community, request->community_strlen) );
|
---|
| 1298 | #if LWIP_SNMP_V3
|
---|
| 1299 | } else {
|
---|
| 1300 | const char *id;
|
---|
| 1301 |
|
---|
| 1302 | /* globalData */
|
---|
| 1303 | request->outbound_msg_global_data_offset = pbuf_stream->offset;
|
---|
| 1304 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 1, 0);
|
---|
| 1305 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1306 |
|
---|
| 1307 | /* msgID */
|
---|
| 1308 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_INTEGER, 0, 1);
|
---|
| 1309 | snmp_asn1_enc_s32t_cnt(request->msg_id, &tlv.value_len);
|
---|
| 1310 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1311 | OF_BUILD_EXEC(snmp_asn1_enc_s32t(pbuf_stream, tlv.value_len, request->msg_id));
|
---|
| 1312 |
|
---|
| 1313 | /* msgMaxSize */
|
---|
| 1314 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_INTEGER, 0, 1);
|
---|
| 1315 | snmp_asn1_enc_s32t_cnt(request->msg_max_size, &tlv.value_len);
|
---|
| 1316 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1317 | OF_BUILD_EXEC(snmp_asn1_enc_s32t(pbuf_stream, tlv.value_len, request->msg_max_size));
|
---|
| 1318 |
|
---|
| 1319 | /* msgFlags */
|
---|
| 1320 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 0, 1);
|
---|
| 1321 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1322 | OF_BUILD_EXEC(snmp_asn1_enc_raw(pbuf_stream, &request->msg_flags, 1));
|
---|
| 1323 |
|
---|
| 1324 | /* msgSecurityModel */
|
---|
| 1325 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_INTEGER, 0, 1);
|
---|
| 1326 | snmp_asn1_enc_s32t_cnt(request->msg_security_model, &tlv.value_len);
|
---|
| 1327 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1328 | OF_BUILD_EXEC(snmp_asn1_enc_s32t(pbuf_stream, tlv.value_len, request->msg_security_model));
|
---|
| 1329 |
|
---|
| 1330 | /* end of msgGlobalData */
|
---|
| 1331 | request->outbound_msg_global_data_end = pbuf_stream->offset;
|
---|
| 1332 |
|
---|
| 1333 | /* msgSecurityParameters */
|
---|
| 1334 | request->outbound_msg_security_parameters_str_offset = pbuf_stream->offset;
|
---|
| 1335 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 1, 0);
|
---|
| 1336 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1337 |
|
---|
| 1338 | request->outbound_msg_security_parameters_seq_offset = pbuf_stream->offset;
|
---|
| 1339 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 1, 0);
|
---|
| 1340 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1341 |
|
---|
| 1342 | /* msgAuthoritativeEngineID */
|
---|
| 1343 | snmpv3_get_engine_id(&id, &request->msg_authoritative_engine_id_len);
|
---|
| 1344 | MEMCPY(request->msg_authoritative_engine_id, id, request->msg_authoritative_engine_id_len);
|
---|
| 1345 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 0, request->msg_authoritative_engine_id_len);
|
---|
| 1346 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1347 | OF_BUILD_EXEC(snmp_asn1_enc_raw(pbuf_stream, request->msg_authoritative_engine_id, request->msg_authoritative_engine_id_len));
|
---|
| 1348 |
|
---|
| 1349 | request->msg_authoritative_engine_time = snmpv3_get_engine_time();
|
---|
| 1350 | request->msg_authoritative_engine_boots = snmpv3_get_engine_boots();
|
---|
| 1351 |
|
---|
| 1352 | /* msgAuthoritativeEngineBoots */
|
---|
| 1353 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_INTEGER, 0, 0);
|
---|
| 1354 | snmp_asn1_enc_s32t_cnt(request->msg_authoritative_engine_boots, &tlv.value_len);
|
---|
| 1355 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1356 | OF_BUILD_EXEC(snmp_asn1_enc_s32t(pbuf_stream, tlv.value_len, request->msg_authoritative_engine_boots));
|
---|
| 1357 |
|
---|
| 1358 | /* msgAuthoritativeEngineTime */
|
---|
| 1359 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_INTEGER, 0, 0);
|
---|
| 1360 | snmp_asn1_enc_s32t_cnt(request->msg_authoritative_engine_time, &tlv.value_len);
|
---|
| 1361 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1362 | OF_BUILD_EXEC(snmp_asn1_enc_s32t(pbuf_stream, tlv.value_len, request->msg_authoritative_engine_time));
|
---|
| 1363 |
|
---|
| 1364 | /* msgUserName */
|
---|
| 1365 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 0, request->msg_user_name_len);
|
---|
| 1366 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1367 | OF_BUILD_EXEC(snmp_asn1_enc_raw(pbuf_stream, request->msg_user_name, request->msg_user_name_len));
|
---|
| 1368 |
|
---|
| 1369 | #if LWIP_SNMP_V3_CRYPTO
|
---|
| 1370 | /* msgAuthenticationParameters */
|
---|
| 1371 | if (request->msg_flags & SNMP_V3_AUTH_FLAG) {
|
---|
| 1372 | memset(request->msg_authentication_parameters, 0, SNMP_V3_MAX_AUTH_PARAM_LENGTH);
|
---|
| 1373 | request->outbound_msg_authentication_parameters_offset = pbuf_stream->offset;
|
---|
| 1374 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 1, SNMP_V3_MAX_AUTH_PARAM_LENGTH);
|
---|
| 1375 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1376 | OF_BUILD_EXEC(snmp_asn1_enc_raw(pbuf_stream, request->msg_authentication_parameters, SNMP_V3_MAX_AUTH_PARAM_LENGTH));
|
---|
| 1377 | } else
|
---|
| 1378 | #endif
|
---|
| 1379 | {
|
---|
| 1380 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 0, 0);
|
---|
| 1381 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1382 | }
|
---|
| 1383 |
|
---|
| 1384 | #if LWIP_SNMP_V3_CRYPTO
|
---|
| 1385 | /* msgPrivacyParameters */
|
---|
| 1386 | if (request->msg_flags & SNMP_V3_PRIV_FLAG) {
|
---|
| 1387 | snmpv3_build_priv_param(request->msg_privacy_parameters);
|
---|
| 1388 |
|
---|
| 1389 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 0, SNMP_V3_MAX_PRIV_PARAM_LENGTH);
|
---|
| 1390 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1391 | OF_BUILD_EXEC(snmp_asn1_enc_raw(pbuf_stream, request->msg_privacy_parameters, SNMP_V3_MAX_PRIV_PARAM_LENGTH));
|
---|
| 1392 | } else
|
---|
| 1393 | #endif
|
---|
| 1394 | {
|
---|
| 1395 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 0, 0);
|
---|
| 1396 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv) );
|
---|
| 1397 | }
|
---|
| 1398 |
|
---|
| 1399 | /* End of msgSecurityParameters, so we can calculate the length of this sequence later */
|
---|
| 1400 | request->outbound_msg_security_parameters_end = pbuf_stream->offset;
|
---|
| 1401 |
|
---|
| 1402 | #if LWIP_SNMP_V3_CRYPTO
|
---|
| 1403 | /* For encryption we have to encapsulate the payload in an octet string */
|
---|
| 1404 | if (request->msg_flags & SNMP_V3_PRIV_FLAG) {
|
---|
| 1405 | request->outbound_scoped_pdu_string_offset = pbuf_stream->offset;
|
---|
| 1406 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 3, 0);
|
---|
| 1407 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1408 | }
|
---|
| 1409 | #endif
|
---|
| 1410 | /* Scoped PDU
|
---|
| 1411 | * Encryption context
|
---|
| 1412 | */
|
---|
| 1413 | request->outbound_scoped_pdu_seq_offset = pbuf_stream->offset;
|
---|
| 1414 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 3, 0);
|
---|
| 1415 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1416 |
|
---|
| 1417 | /* contextEngineID */
|
---|
| 1418 | snmpv3_get_engine_id(&id, &request->context_engine_id_len);
|
---|
| 1419 | MEMCPY(request->context_engine_id, id, request->context_engine_id_len);
|
---|
| 1420 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 0, request->context_engine_id_len);
|
---|
| 1421 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1422 | OF_BUILD_EXEC(snmp_asn1_enc_raw(pbuf_stream, request->context_engine_id, request->context_engine_id_len));
|
---|
| 1423 |
|
---|
| 1424 | /* contextName */
|
---|
| 1425 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 0, request->context_name_len);
|
---|
| 1426 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1427 | OF_BUILD_EXEC(snmp_asn1_enc_raw(pbuf_stream, request->context_name, request->context_name_len));
|
---|
| 1428 | }
|
---|
| 1429 | #endif
|
---|
| 1430 |
|
---|
| 1431 | /* 'PDU' sequence */
|
---|
| 1432 | request->outbound_pdu_offset = pbuf_stream->offset;
|
---|
| 1433 | SNMP_ASN1_SET_TLV_PARAMS(tlv, request->request_out_type, 3, 0);
|
---|
| 1434 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(pbuf_stream, &tlv) );
|
---|
| 1435 |
|
---|
| 1436 | /* request ID */
|
---|
| 1437 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_INTEGER, 0, 0);
|
---|
| 1438 | snmp_asn1_enc_s32t_cnt(request->request_id, &tlv.value_len);
|
---|
| 1439 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(pbuf_stream, &tlv) );
|
---|
| 1440 | OF_BUILD_EXEC( snmp_asn1_enc_s32t(pbuf_stream, tlv.value_len, request->request_id) );
|
---|
| 1441 |
|
---|
| 1442 | /* error status */
|
---|
| 1443 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_INTEGER, 0, 1);
|
---|
| 1444 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(pbuf_stream, &tlv) );
|
---|
| 1445 | request->outbound_error_status_offset = pbuf_stream->offset;
|
---|
| 1446 | OF_BUILD_EXEC( snmp_pbuf_stream_write(pbuf_stream, 0) );
|
---|
| 1447 |
|
---|
| 1448 | /* error index */
|
---|
| 1449 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_INTEGER, 0, 1);
|
---|
| 1450 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(pbuf_stream, &tlv) );
|
---|
| 1451 | request->outbound_error_index_offset = pbuf_stream->offset;
|
---|
| 1452 | OF_BUILD_EXEC( snmp_pbuf_stream_write(pbuf_stream, 0) );
|
---|
| 1453 |
|
---|
| 1454 | /* 'VarBindList' sequence */
|
---|
| 1455 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 3, 0);
|
---|
| 1456 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(pbuf_stream, &tlv) );
|
---|
| 1457 |
|
---|
| 1458 | request->outbound_varbind_offset = pbuf_stream->offset;
|
---|
| 1459 |
|
---|
| 1460 | return ERR_OK;
|
---|
| 1461 | }
|
---|
| 1462 |
|
---|
| 1463 | /** Calculate the length of a varbind list */
|
---|
| 1464 | err_t
|
---|
| 1465 | snmp_varbind_length(struct snmp_varbind *varbind, struct snmp_varbind_len *len)
|
---|
| 1466 | {
|
---|
| 1467 | /* calculate required lengths */
|
---|
| 1468 | snmp_asn1_enc_oid_cnt(varbind->oid.id, varbind->oid.len, &len->oid_value_len);
|
---|
| 1469 | snmp_asn1_enc_length_cnt(len->oid_value_len, &len->oid_len_len);
|
---|
| 1470 |
|
---|
| 1471 | if (varbind->value_len == 0) {
|
---|
| 1472 | len->value_value_len = 0;
|
---|
| 1473 | } else if (varbind->value_len & SNMP_GET_VALUE_RAW_DATA) {
|
---|
| 1474 | len->value_value_len = varbind->value_len & (~SNMP_GET_VALUE_RAW_DATA);
|
---|
| 1475 | } else {
|
---|
| 1476 | switch (varbind->type) {
|
---|
| 1477 | case SNMP_ASN1_TYPE_INTEGER:
|
---|
| 1478 | if (varbind->value_len != sizeof (s32_t)) {
|
---|
| 1479 | return ERR_VAL;
|
---|
| 1480 | }
|
---|
| 1481 | snmp_asn1_enc_s32t_cnt(*((s32_t *) varbind->value), &len->value_value_len);
|
---|
| 1482 | break;
|
---|
| 1483 | case SNMP_ASN1_TYPE_COUNTER:
|
---|
| 1484 | case SNMP_ASN1_TYPE_GAUGE:
|
---|
| 1485 | case SNMP_ASN1_TYPE_TIMETICKS:
|
---|
| 1486 | if (varbind->value_len != sizeof (u32_t)) {
|
---|
| 1487 | return ERR_VAL;
|
---|
| 1488 | }
|
---|
| 1489 | snmp_asn1_enc_u32t_cnt(*((u32_t *) varbind->value), &len->value_value_len);
|
---|
| 1490 | break;
|
---|
| 1491 | case SNMP_ASN1_TYPE_OCTET_STRING:
|
---|
| 1492 | case SNMP_ASN1_TYPE_IPADDR:
|
---|
| 1493 | case SNMP_ASN1_TYPE_OPAQUE:
|
---|
| 1494 | len->value_value_len = varbind->value_len;
|
---|
| 1495 | break;
|
---|
| 1496 | case SNMP_ASN1_TYPE_NULL:
|
---|
| 1497 | if (varbind->value_len != 0) {
|
---|
| 1498 | return ERR_VAL;
|
---|
| 1499 | }
|
---|
| 1500 | len->value_value_len = 0;
|
---|
| 1501 | break;
|
---|
| 1502 | case SNMP_ASN1_TYPE_OBJECT_ID:
|
---|
| 1503 | if ((varbind->value_len & 0x03) != 0) {
|
---|
| 1504 | return ERR_VAL;
|
---|
| 1505 | }
|
---|
| 1506 | snmp_asn1_enc_oid_cnt((u32_t *) varbind->value, varbind->value_len >> 2, &len->value_value_len);
|
---|
| 1507 | break;
|
---|
| 1508 | #if LWIP_HAVE_INT64
|
---|
| 1509 | case SNMP_ASN1_TYPE_COUNTER64:
|
---|
| 1510 | if (varbind->value_len != sizeof(u64_t)) {
|
---|
| 1511 | return ERR_VAL;
|
---|
| 1512 | }
|
---|
| 1513 | snmp_asn1_enc_u64t_cnt(*(u64_t *)varbind->value, &len->value_value_len);
|
---|
| 1514 | break;
|
---|
| 1515 | #endif
|
---|
| 1516 | default:
|
---|
| 1517 | /* unsupported type */
|
---|
| 1518 | return ERR_VAL;
|
---|
| 1519 | }
|
---|
| 1520 | }
|
---|
| 1521 | snmp_asn1_enc_length_cnt(len->value_value_len, &len->value_len_len);
|
---|
| 1522 |
|
---|
| 1523 | len->vb_value_len = 1 + len->oid_len_len + len->oid_value_len + 1 + len->value_len_len + len->value_value_len;
|
---|
| 1524 | snmp_asn1_enc_length_cnt(len->vb_value_len, &len->vb_len_len);
|
---|
| 1525 |
|
---|
| 1526 | return ERR_OK;
|
---|
| 1527 | }
|
---|
| 1528 |
|
---|
| 1529 | #define OVB_BUILD_EXEC(code) BUILD_EXEC(code, ERR_ARG)
|
---|
| 1530 |
|
---|
| 1531 | err_t
|
---|
| 1532 | snmp_append_outbound_varbind(struct snmp_pbuf_stream *pbuf_stream, struct snmp_varbind *varbind)
|
---|
| 1533 | {
|
---|
| 1534 | struct snmp_asn1_tlv tlv;
|
---|
| 1535 | struct snmp_varbind_len len;
|
---|
| 1536 | err_t err;
|
---|
| 1537 |
|
---|
| 1538 | err = snmp_varbind_length(varbind, &len);
|
---|
| 1539 |
|
---|
| 1540 | if (err != ERR_OK) {
|
---|
| 1541 | return err;
|
---|
| 1542 | }
|
---|
| 1543 |
|
---|
| 1544 | /* check length already before adding first data because in case of GetBulk,
|
---|
| 1545 | * data added so far is returned and therefore no partial data shall be added
|
---|
| 1546 | */
|
---|
| 1547 | if ((1 + len.vb_len_len + len.vb_value_len) > pbuf_stream->length) {
|
---|
| 1548 | return ERR_BUF;
|
---|
| 1549 | }
|
---|
| 1550 |
|
---|
| 1551 | /* 'VarBind' sequence */
|
---|
| 1552 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, len.vb_len_len, len.vb_value_len);
|
---|
| 1553 | OVB_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1554 |
|
---|
| 1555 | /* VarBind OID */
|
---|
| 1556 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OBJECT_ID, len.oid_len_len, len.oid_value_len);
|
---|
| 1557 | OVB_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1558 | OVB_BUILD_EXEC(snmp_asn1_enc_oid(pbuf_stream, varbind->oid.id, varbind->oid.len));
|
---|
| 1559 |
|
---|
| 1560 | /* VarBind value */
|
---|
| 1561 | SNMP_ASN1_SET_TLV_PARAMS(tlv, varbind->type, len.value_len_len, len.value_value_len);
|
---|
| 1562 | OVB_BUILD_EXEC(snmp_ans1_enc_tlv(pbuf_stream, &tlv));
|
---|
| 1563 |
|
---|
| 1564 | if (len.value_value_len > 0) {
|
---|
| 1565 | if (varbind->value_len & SNMP_GET_VALUE_RAW_DATA) {
|
---|
| 1566 | OVB_BUILD_EXEC(snmp_asn1_enc_raw(pbuf_stream, (u8_t *) varbind->value, len.value_value_len));
|
---|
| 1567 | } else {
|
---|
| 1568 | switch (varbind->type) {
|
---|
| 1569 | case SNMP_ASN1_TYPE_INTEGER:
|
---|
| 1570 | OVB_BUILD_EXEC(snmp_asn1_enc_s32t(pbuf_stream, len.value_value_len, *((s32_t *) varbind->value)));
|
---|
| 1571 | break;
|
---|
| 1572 | case SNMP_ASN1_TYPE_COUNTER:
|
---|
| 1573 | case SNMP_ASN1_TYPE_GAUGE:
|
---|
| 1574 | case SNMP_ASN1_TYPE_TIMETICKS:
|
---|
| 1575 | OVB_BUILD_EXEC(snmp_asn1_enc_u32t(pbuf_stream, len.value_value_len, *((u32_t *) varbind->value)));
|
---|
| 1576 | break;
|
---|
| 1577 | case SNMP_ASN1_TYPE_OCTET_STRING:
|
---|
| 1578 | case SNMP_ASN1_TYPE_IPADDR:
|
---|
| 1579 | case SNMP_ASN1_TYPE_OPAQUE:
|
---|
| 1580 | OVB_BUILD_EXEC(snmp_asn1_enc_raw(pbuf_stream, (u8_t *) varbind->value, len.value_value_len));
|
---|
| 1581 | len.value_value_len = varbind->value_len;
|
---|
| 1582 | break;
|
---|
| 1583 | case SNMP_ASN1_TYPE_OBJECT_ID:
|
---|
| 1584 | OVB_BUILD_EXEC(snmp_asn1_enc_oid(pbuf_stream, (u32_t *) varbind->value, varbind->value_len / sizeof (u32_t)));
|
---|
| 1585 | break;
|
---|
| 1586 | #if LWIP_HAVE_INT64
|
---|
| 1587 | case SNMP_ASN1_TYPE_COUNTER64:
|
---|
| 1588 | OVB_BUILD_EXEC(snmp_asn1_enc_u64t(pbuf_stream, len.value_value_len, *(u64_t *) varbind->value));
|
---|
| 1589 | break;
|
---|
| 1590 | #endif
|
---|
| 1591 | default:
|
---|
| 1592 | LWIP_ASSERT("Unknown variable type", 0);
|
---|
| 1593 | break;
|
---|
| 1594 | }
|
---|
| 1595 | }
|
---|
| 1596 | }
|
---|
| 1597 |
|
---|
| 1598 | return ERR_OK;
|
---|
| 1599 | }
|
---|
| 1600 |
|
---|
| 1601 | static err_t
|
---|
| 1602 | snmp_complete_outbound_frame(struct snmp_request *request)
|
---|
| 1603 | {
|
---|
| 1604 | struct snmp_asn1_tlv tlv;
|
---|
| 1605 | u16_t frame_size;
|
---|
| 1606 | u8_t outbound_padding = 0;
|
---|
| 1607 |
|
---|
| 1608 | if (request->version == SNMP_VERSION_1) {
|
---|
| 1609 | if (request->error_status != SNMP_ERR_NOERROR) {
|
---|
| 1610 | /* map v2c error codes to v1 compliant error code (according to RFC 2089) */
|
---|
| 1611 | switch (request->error_status) {
|
---|
| 1612 | /* mapping of implementation specific "virtual" error codes
|
---|
| 1613 | * (during processing of frame we already stored them in error_status field,
|
---|
| 1614 | * so no need to check all varbinds here for those exceptions as suggested by RFC) */
|
---|
| 1615 | case SNMP_ERR_NOSUCHINSTANCE:
|
---|
| 1616 | case SNMP_ERR_NOSUCHOBJECT:
|
---|
| 1617 | case SNMP_ERR_ENDOFMIBVIEW:
|
---|
| 1618 | request->error_status = SNMP_ERR_NOSUCHNAME;
|
---|
| 1619 | break;
|
---|
| 1620 | /* mapping according to RFC */
|
---|
| 1621 | case SNMP_ERR_WRONGVALUE:
|
---|
| 1622 | case SNMP_ERR_WRONGENCODING:
|
---|
| 1623 | case SNMP_ERR_WRONGTYPE:
|
---|
| 1624 | case SNMP_ERR_WRONGLENGTH:
|
---|
| 1625 | case SNMP_ERR_INCONSISTENTVALUE:
|
---|
| 1626 | request->error_status = SNMP_ERR_BADVALUE;
|
---|
| 1627 | break;
|
---|
| 1628 | case SNMP_ERR_NOACCESS:
|
---|
| 1629 | case SNMP_ERR_NOTWRITABLE:
|
---|
| 1630 | case SNMP_ERR_NOCREATION:
|
---|
| 1631 | case SNMP_ERR_INCONSISTENTNAME:
|
---|
| 1632 | case SNMP_ERR_AUTHORIZATIONERROR:
|
---|
| 1633 | request->error_status = SNMP_ERR_NOSUCHNAME;
|
---|
| 1634 | break;
|
---|
| 1635 | case SNMP_ERR_RESOURCEUNAVAILABLE:
|
---|
| 1636 | case SNMP_ERR_COMMITFAILED:
|
---|
| 1637 | case SNMP_ERR_UNDOFAILED:
|
---|
| 1638 | default:
|
---|
| 1639 | request->error_status = SNMP_ERR_GENERROR;
|
---|
| 1640 | break;
|
---|
| 1641 | }
|
---|
| 1642 | }
|
---|
| 1643 | } else {
|
---|
| 1644 | if (request->request_type == SNMP_ASN1_CONTEXT_PDU_SET_REQ) {
|
---|
| 1645 | /* map error codes to according to RFC 1905 (4.2.5. The SetRequest-PDU) return 'NotWritable' for unknown OIDs) */
|
---|
| 1646 | switch (request->error_status) {
|
---|
| 1647 | case SNMP_ERR_NOSUCHINSTANCE:
|
---|
| 1648 | case SNMP_ERR_NOSUCHOBJECT:
|
---|
| 1649 | case SNMP_ERR_ENDOFMIBVIEW:
|
---|
| 1650 | request->error_status = SNMP_ERR_NOTWRITABLE;
|
---|
| 1651 | break;
|
---|
| 1652 | default:
|
---|
| 1653 | break;
|
---|
| 1654 | }
|
---|
| 1655 | }
|
---|
| 1656 |
|
---|
| 1657 | if (request->error_status >= SNMP_VARBIND_EXCEPTION_OFFSET) {
|
---|
| 1658 | /* should never occur because v2 frames store exceptions directly inside varbinds and not as frame error_status */
|
---|
| 1659 | LWIP_DEBUGF(SNMP_DEBUG, ("snmp_complete_outbound_frame() > Found v2 request with varbind exception code stored as error status!\n"));
|
---|
| 1660 | return ERR_ARG;
|
---|
| 1661 | }
|
---|
| 1662 | }
|
---|
| 1663 |
|
---|
| 1664 | if ((request->error_status != SNMP_ERR_NOERROR) || (request->request_type == SNMP_ASN1_CONTEXT_PDU_SET_REQ)) {
|
---|
| 1665 | /* all inbound vars are returned in response without any modification for error responses and successful set requests*/
|
---|
| 1666 | struct snmp_pbuf_stream inbound_stream;
|
---|
| 1667 | OF_BUILD_EXEC( snmp_pbuf_stream_init(&inbound_stream, request->inbound_pbuf, request->inbound_varbind_offset, request->inbound_varbind_len) );
|
---|
| 1668 | OF_BUILD_EXEC( snmp_pbuf_stream_init(&(request->outbound_pbuf_stream), request->outbound_pbuf, request->outbound_varbind_offset, request->outbound_pbuf->tot_len - request->outbound_varbind_offset) );
|
---|
| 1669 | OF_BUILD_EXEC( snmp_pbuf_stream_writeto(&inbound_stream, &(request->outbound_pbuf_stream), 0) );
|
---|
| 1670 | }
|
---|
| 1671 |
|
---|
| 1672 | frame_size = request->outbound_pbuf_stream.offset;
|
---|
| 1673 |
|
---|
| 1674 | #if LWIP_SNMP_V3 && LWIP_SNMP_V3_CRYPTO
|
---|
| 1675 | /* Calculate padding for encryption */
|
---|
| 1676 | if (request->version == SNMP_VERSION_3 && (request->msg_flags & SNMP_V3_PRIV_FLAG)) {
|
---|
| 1677 | u8_t i;
|
---|
| 1678 | outbound_padding = (8 - (u8_t)((frame_size - request->outbound_scoped_pdu_seq_offset) & 0x07)) & 0x07;
|
---|
| 1679 | for (i = 0; i < outbound_padding; i++) {
|
---|
| 1680 | OF_BUILD_EXEC( snmp_pbuf_stream_write(&request->outbound_pbuf_stream, 0) );
|
---|
| 1681 | }
|
---|
| 1682 | }
|
---|
| 1683 | #endif
|
---|
| 1684 |
|
---|
| 1685 | /* complete missing length in 'Message' sequence ; 'Message' tlv is located at the beginning (offset 0) */
|
---|
| 1686 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 3, frame_size + outbound_padding - 1 - 3); /* - type - length_len(fixed, see snmp_prepare_outbound_frame()) */
|
---|
| 1687 | OF_BUILD_EXEC( snmp_pbuf_stream_init(&(request->outbound_pbuf_stream), request->outbound_pbuf, 0, request->outbound_pbuf->tot_len) );
|
---|
| 1688 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(&(request->outbound_pbuf_stream), &tlv) );
|
---|
| 1689 |
|
---|
| 1690 | #if LWIP_SNMP_V3
|
---|
| 1691 | if (request->version == SNMP_VERSION_3) {
|
---|
| 1692 | /* complete missing length in 'globalData' sequence */
|
---|
| 1693 | /* - type - length_len(fixed, see snmp_prepare_outbound_frame()) */
|
---|
| 1694 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 1, request->outbound_msg_global_data_end
|
---|
| 1695 | - request->outbound_msg_global_data_offset - 1 - 1);
|
---|
| 1696 | OF_BUILD_EXEC(snmp_pbuf_stream_seek_abs(&(request->outbound_pbuf_stream), request->outbound_msg_global_data_offset));
|
---|
| 1697 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(&(request->outbound_pbuf_stream), &tlv));
|
---|
| 1698 |
|
---|
| 1699 | /* complete missing length in 'msgSecurityParameters' sequence */
|
---|
| 1700 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 1, request->outbound_msg_security_parameters_end
|
---|
| 1701 | - request->outbound_msg_security_parameters_str_offset - 1 - 1);
|
---|
| 1702 | OF_BUILD_EXEC(snmp_pbuf_stream_seek_abs(&(request->outbound_pbuf_stream), request->outbound_msg_security_parameters_str_offset));
|
---|
| 1703 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(&(request->outbound_pbuf_stream), &tlv));
|
---|
| 1704 |
|
---|
| 1705 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 1, request->outbound_msg_security_parameters_end
|
---|
| 1706 | - request->outbound_msg_security_parameters_seq_offset - 1 - 1);
|
---|
| 1707 | OF_BUILD_EXEC(snmp_pbuf_stream_seek_abs(&(request->outbound_pbuf_stream), request->outbound_msg_security_parameters_seq_offset));
|
---|
| 1708 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(&(request->outbound_pbuf_stream), &tlv));
|
---|
| 1709 |
|
---|
| 1710 | /* complete missing length in scoped PDU sequence */
|
---|
| 1711 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 3, frame_size - request->outbound_scoped_pdu_seq_offset - 1 - 3);
|
---|
| 1712 | OF_BUILD_EXEC(snmp_pbuf_stream_seek_abs(&(request->outbound_pbuf_stream), request->outbound_scoped_pdu_seq_offset));
|
---|
| 1713 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(&(request->outbound_pbuf_stream), &tlv));
|
---|
| 1714 | }
|
---|
| 1715 | #endif
|
---|
| 1716 |
|
---|
| 1717 | /* complete missing length in 'PDU' sequence */
|
---|
| 1718 | SNMP_ASN1_SET_TLV_PARAMS(tlv, request->request_out_type, 3,
|
---|
| 1719 | frame_size - request->outbound_pdu_offset - 1 - 3); /* - type - length_len(fixed, see snmp_prepare_outbound_frame()) */
|
---|
| 1720 | OF_BUILD_EXEC( snmp_pbuf_stream_seek_abs(&(request->outbound_pbuf_stream), request->outbound_pdu_offset) );
|
---|
| 1721 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(&(request->outbound_pbuf_stream), &tlv) );
|
---|
| 1722 |
|
---|
| 1723 | /* process and encode final error status */
|
---|
| 1724 | if (request->error_status != 0) {
|
---|
| 1725 | u16_t len;
|
---|
| 1726 | snmp_asn1_enc_s32t_cnt(request->error_status, &len);
|
---|
| 1727 | if (len != 1) {
|
---|
| 1728 | /* error, we only reserved one byte for it */
|
---|
| 1729 | return ERR_ARG;
|
---|
| 1730 | }
|
---|
| 1731 | OF_BUILD_EXEC( snmp_pbuf_stream_seek_abs(&(request->outbound_pbuf_stream), request->outbound_error_status_offset) );
|
---|
| 1732 | OF_BUILD_EXEC( snmp_asn1_enc_s32t(&(request->outbound_pbuf_stream), len, request->error_status) );
|
---|
| 1733 |
|
---|
| 1734 | /* for compatibility to v1, log statistics; in v2 (RFC 1907) these statistics are obsoleted */
|
---|
| 1735 | switch (request->error_status) {
|
---|
| 1736 | case SNMP_ERR_TOOBIG:
|
---|
| 1737 | snmp_stats.outtoobigs++;
|
---|
| 1738 | break;
|
---|
| 1739 | case SNMP_ERR_NOSUCHNAME:
|
---|
| 1740 | snmp_stats.outnosuchnames++;
|
---|
| 1741 | break;
|
---|
| 1742 | case SNMP_ERR_BADVALUE:
|
---|
| 1743 | snmp_stats.outbadvalues++;
|
---|
| 1744 | break;
|
---|
| 1745 | case SNMP_ERR_GENERROR:
|
---|
| 1746 | default:
|
---|
| 1747 | snmp_stats.outgenerrs++;
|
---|
| 1748 | break;
|
---|
| 1749 | }
|
---|
| 1750 |
|
---|
| 1751 | if (request->error_status == SNMP_ERR_TOOBIG) {
|
---|
| 1752 | request->error_index = 0; /* defined by RFC 1157 */
|
---|
| 1753 | } else if (request->error_index == 0) {
|
---|
| 1754 | /* set index to varbind where error occured (if not already set before, e.g. during GetBulk processing) */
|
---|
| 1755 | request->error_index = request->inbound_varbind_enumerator.varbind_count;
|
---|
| 1756 | }
|
---|
| 1757 | } else {
|
---|
| 1758 | if (request->request_type == SNMP_ASN1_CONTEXT_PDU_SET_REQ) {
|
---|
| 1759 | snmp_stats.intotalsetvars += request->inbound_varbind_enumerator.varbind_count;
|
---|
| 1760 | } else {
|
---|
| 1761 | snmp_stats.intotalreqvars += request->inbound_varbind_enumerator.varbind_count;
|
---|
| 1762 | }
|
---|
| 1763 | }
|
---|
| 1764 |
|
---|
| 1765 | /* encode final error index*/
|
---|
| 1766 | if (request->error_index != 0) {
|
---|
| 1767 | u16_t len;
|
---|
| 1768 | snmp_asn1_enc_s32t_cnt(request->error_index, &len);
|
---|
| 1769 | if (len != 1) {
|
---|
| 1770 | /* error, we only reserved one byte for it */
|
---|
| 1771 | return ERR_VAL;
|
---|
| 1772 | }
|
---|
| 1773 | OF_BUILD_EXEC( snmp_pbuf_stream_seek_abs(&(request->outbound_pbuf_stream), request->outbound_error_index_offset) );
|
---|
| 1774 | OF_BUILD_EXEC( snmp_asn1_enc_s32t(&(request->outbound_pbuf_stream), len, request->error_index) );
|
---|
| 1775 | }
|
---|
| 1776 |
|
---|
| 1777 | /* complete missing length in 'VarBindList' sequence ; 'VarBindList' tlv is located directly before varbind offset */
|
---|
| 1778 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_SEQUENCE, 3, frame_size - request->outbound_varbind_offset);
|
---|
| 1779 | OF_BUILD_EXEC( snmp_pbuf_stream_seek_abs(&(request->outbound_pbuf_stream), request->outbound_varbind_offset - 1 - 3) ); /* - type - length_len(fixed, see snmp_prepare_outbound_frame()) */
|
---|
| 1780 | OF_BUILD_EXEC( snmp_ans1_enc_tlv(&(request->outbound_pbuf_stream), &tlv) );
|
---|
| 1781 |
|
---|
| 1782 | /* Authenticate response */
|
---|
| 1783 | #if LWIP_SNMP_V3 && LWIP_SNMP_V3_CRYPTO
|
---|
| 1784 | /* Encrypt response */
|
---|
| 1785 | if (request->version == SNMP_VERSION_3 && (request->msg_flags & SNMP_V3_PRIV_FLAG)) {
|
---|
| 1786 | u8_t key[20];
|
---|
| 1787 | snmpv3_priv_algo_t algo;
|
---|
| 1788 |
|
---|
| 1789 | /* complete missing length in PDU sequence */
|
---|
| 1790 | OF_BUILD_EXEC(snmp_pbuf_stream_init(&request->outbound_pbuf_stream, request->outbound_pbuf, 0, request->outbound_pbuf->tot_len));
|
---|
| 1791 | OF_BUILD_EXEC(snmp_pbuf_stream_seek_abs(&(request->outbound_pbuf_stream), request->outbound_scoped_pdu_string_offset));
|
---|
| 1792 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 3, frame_size + outbound_padding
|
---|
| 1793 | - request->outbound_scoped_pdu_string_offset - 1 - 3);
|
---|
| 1794 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(&(request->outbound_pbuf_stream), &tlv));
|
---|
| 1795 |
|
---|
| 1796 | OF_BUILD_EXEC(snmpv3_get_user((char *)request->msg_user_name, NULL, NULL, &algo, key));
|
---|
| 1797 |
|
---|
| 1798 | OF_BUILD_EXEC(snmpv3_crypt(&request->outbound_pbuf_stream, tlv.value_len, key,
|
---|
| 1799 | request->msg_privacy_parameters, request->msg_authoritative_engine_boots,
|
---|
| 1800 | request->msg_authoritative_engine_time, algo, SNMP_V3_PRIV_MODE_ENCRYPT));
|
---|
| 1801 | }
|
---|
| 1802 |
|
---|
| 1803 | if (request->version == SNMP_VERSION_3 && (request->msg_flags & SNMP_V3_AUTH_FLAG)) {
|
---|
| 1804 | u8_t key[20];
|
---|
| 1805 | snmpv3_auth_algo_t algo;
|
---|
| 1806 | u8_t hmac[20];
|
---|
| 1807 |
|
---|
| 1808 | OF_BUILD_EXEC(snmpv3_get_user((char *)request->msg_user_name, &algo, key, NULL, NULL));
|
---|
| 1809 | OF_BUILD_EXEC(snmp_pbuf_stream_init(&(request->outbound_pbuf_stream),
|
---|
| 1810 | request->outbound_pbuf, 0, request->outbound_pbuf->tot_len));
|
---|
| 1811 | OF_BUILD_EXEC(snmpv3_auth(&request->outbound_pbuf_stream, frame_size + outbound_padding, key, algo, hmac));
|
---|
| 1812 |
|
---|
| 1813 | MEMCPY(request->msg_authentication_parameters, hmac, SNMP_V3_MAX_AUTH_PARAM_LENGTH);
|
---|
| 1814 | OF_BUILD_EXEC(snmp_pbuf_stream_init(&request->outbound_pbuf_stream,
|
---|
| 1815 | request->outbound_pbuf, 0, request->outbound_pbuf->tot_len));
|
---|
| 1816 | OF_BUILD_EXEC(snmp_pbuf_stream_seek_abs(&request->outbound_pbuf_stream,
|
---|
| 1817 | request->outbound_msg_authentication_parameters_offset));
|
---|
| 1818 |
|
---|
| 1819 | SNMP_ASN1_SET_TLV_PARAMS(tlv, SNMP_ASN1_TYPE_OCTET_STRING, 1, SNMP_V3_MAX_AUTH_PARAM_LENGTH);
|
---|
| 1820 | OF_BUILD_EXEC(snmp_ans1_enc_tlv(&request->outbound_pbuf_stream, &tlv));
|
---|
| 1821 | OF_BUILD_EXEC(snmp_asn1_enc_raw(&request->outbound_pbuf_stream,
|
---|
| 1822 | request->msg_authentication_parameters, SNMP_V3_MAX_AUTH_PARAM_LENGTH));
|
---|
| 1823 | }
|
---|
| 1824 | #endif
|
---|
| 1825 |
|
---|
| 1826 | pbuf_realloc(request->outbound_pbuf, frame_size + outbound_padding);
|
---|
| 1827 |
|
---|
| 1828 | snmp_stats.outgetresponses++;
|
---|
| 1829 | snmp_stats.outpkts++;
|
---|
| 1830 |
|
---|
| 1831 | return ERR_OK;
|
---|
| 1832 | }
|
---|
| 1833 |
|
---|
| 1834 | static void
|
---|
| 1835 | snmp_execute_write_callbacks(struct snmp_request *request)
|
---|
| 1836 | {
|
---|
| 1837 | struct snmp_varbind_enumerator inbound_varbind_enumerator;
|
---|
| 1838 | struct snmp_varbind vb;
|
---|
| 1839 |
|
---|
| 1840 | snmp_vb_enumerator_init(&inbound_varbind_enumerator, request->inbound_pbuf, request->inbound_varbind_offset, request->inbound_varbind_len);
|
---|
| 1841 | vb.value = NULL; /* do NOT decode value (we enumerate outbound buffer here, so all varbinds have values assigned, which we don't need here) */
|
---|
| 1842 |
|
---|
| 1843 | while (snmp_vb_enumerator_get_next(&inbound_varbind_enumerator, &vb) == SNMP_VB_ENUMERATOR_ERR_OK) {
|
---|
| 1844 | snmp_write_callback(vb.oid.id, vb.oid.len, snmp_write_callback_arg);
|
---|
| 1845 | }
|
---|
| 1846 | }
|
---|
| 1847 |
|
---|
| 1848 |
|
---|
| 1849 | /* ----------------------------------------------------------------------- */
|
---|
| 1850 | /* VarBind enumerator methods */
|
---|
| 1851 | /* ----------------------------------------------------------------------- */
|
---|
| 1852 |
|
---|
| 1853 | void
|
---|
| 1854 | snmp_vb_enumerator_init(struct snmp_varbind_enumerator *enumerator, struct pbuf *p, u16_t offset, u16_t length)
|
---|
| 1855 | {
|
---|
| 1856 | snmp_pbuf_stream_init(&(enumerator->pbuf_stream), p, offset, length);
|
---|
| 1857 | enumerator->varbind_count = 0;
|
---|
| 1858 | }
|
---|
| 1859 |
|
---|
| 1860 | #define VB_PARSE_EXEC(code) PARSE_EXEC(code, SNMP_VB_ENUMERATOR_ERR_ASN1ERROR)
|
---|
| 1861 | #define VB_PARSE_ASSERT(code) PARSE_ASSERT(code, SNMP_VB_ENUMERATOR_ERR_ASN1ERROR)
|
---|
| 1862 |
|
---|
| 1863 | snmp_vb_enumerator_err_t
|
---|
| 1864 | snmp_vb_enumerator_get_next(struct snmp_varbind_enumerator *enumerator, struct snmp_varbind *varbind)
|
---|
| 1865 | {
|
---|
| 1866 | struct snmp_asn1_tlv tlv;
|
---|
| 1867 | u16_t varbind_len;
|
---|
| 1868 | err_t err;
|
---|
| 1869 |
|
---|
| 1870 | if (enumerator->pbuf_stream.length == 0) {
|
---|
| 1871 | return SNMP_VB_ENUMERATOR_ERR_EOVB;
|
---|
| 1872 | }
|
---|
| 1873 | enumerator->varbind_count++;
|
---|
| 1874 |
|
---|
| 1875 | /* decode varbind itself (parent container of a varbind) */
|
---|
| 1876 | VB_PARSE_EXEC(snmp_asn1_dec_tlv(&(enumerator->pbuf_stream), &tlv));
|
---|
| 1877 | VB_PARSE_ASSERT((tlv.type == SNMP_ASN1_TYPE_SEQUENCE) && (tlv.value_len <= enumerator->pbuf_stream.length));
|
---|
| 1878 | varbind_len = tlv.value_len;
|
---|
| 1879 |
|
---|
| 1880 | /* decode varbind name (object id) */
|
---|
| 1881 | VB_PARSE_EXEC(snmp_asn1_dec_tlv(&(enumerator->pbuf_stream), &tlv));
|
---|
| 1882 | VB_PARSE_ASSERT((tlv.type == SNMP_ASN1_TYPE_OBJECT_ID) && (SNMP_ASN1_TLV_LENGTH(tlv) < varbind_len) && (tlv.value_len < enumerator->pbuf_stream.length));
|
---|
| 1883 |
|
---|
| 1884 | VB_PARSE_EXEC(snmp_asn1_dec_oid(&(enumerator->pbuf_stream), tlv.value_len, varbind->oid.id, &(varbind->oid.len), SNMP_MAX_OBJ_ID_LEN));
|
---|
| 1885 | varbind_len -= SNMP_ASN1_TLV_LENGTH(tlv);
|
---|
| 1886 |
|
---|
| 1887 | /* decode varbind value (object id) */
|
---|
| 1888 | VB_PARSE_EXEC(snmp_asn1_dec_tlv(&(enumerator->pbuf_stream), &tlv));
|
---|
| 1889 | VB_PARSE_ASSERT((SNMP_ASN1_TLV_LENGTH(tlv) == varbind_len) && (tlv.value_len <= enumerator->pbuf_stream.length));
|
---|
| 1890 | varbind->type = tlv.type;
|
---|
| 1891 |
|
---|
| 1892 | /* shall the value be decoded ? */
|
---|
| 1893 | if (varbind->value != NULL) {
|
---|
| 1894 | switch (varbind->type) {
|
---|
| 1895 | case SNMP_ASN1_TYPE_INTEGER:
|
---|
| 1896 | VB_PARSE_EXEC(snmp_asn1_dec_s32t(&(enumerator->pbuf_stream), tlv.value_len, (s32_t *)varbind->value));
|
---|
| 1897 | varbind->value_len = sizeof(s32_t);
|
---|
| 1898 | break;
|
---|
| 1899 | case SNMP_ASN1_TYPE_COUNTER:
|
---|
| 1900 | case SNMP_ASN1_TYPE_GAUGE:
|
---|
| 1901 | case SNMP_ASN1_TYPE_TIMETICKS:
|
---|
| 1902 | VB_PARSE_EXEC(snmp_asn1_dec_u32t(&(enumerator->pbuf_stream), tlv.value_len, (u32_t *)varbind->value));
|
---|
| 1903 | varbind->value_len = sizeof(u32_t);
|
---|
| 1904 | break;
|
---|
| 1905 | case SNMP_ASN1_TYPE_OCTET_STRING:
|
---|
| 1906 | case SNMP_ASN1_TYPE_OPAQUE:
|
---|
| 1907 | err = snmp_asn1_dec_raw(&(enumerator->pbuf_stream), tlv.value_len, (u8_t *)varbind->value, &varbind->value_len, SNMP_MAX_VALUE_SIZE);
|
---|
| 1908 | if (err == ERR_MEM) {
|
---|
| 1909 | return SNMP_VB_ENUMERATOR_ERR_INVALIDLENGTH;
|
---|
| 1910 | }
|
---|
| 1911 | VB_PARSE_ASSERT(err == ERR_OK);
|
---|
| 1912 | break;
|
---|
| 1913 | case SNMP_ASN1_TYPE_NULL:
|
---|
| 1914 | varbind->value_len = 0;
|
---|
| 1915 | break;
|
---|
| 1916 | case SNMP_ASN1_TYPE_OBJECT_ID:
|
---|
| 1917 | /* misuse tlv.length_len as OID_length transporter */
|
---|
| 1918 | err = snmp_asn1_dec_oid(&(enumerator->pbuf_stream), tlv.value_len, (u32_t *)varbind->value, &tlv.length_len, SNMP_MAX_OBJ_ID_LEN);
|
---|
| 1919 | if (err == ERR_MEM) {
|
---|
| 1920 | return SNMP_VB_ENUMERATOR_ERR_INVALIDLENGTH;
|
---|
| 1921 | }
|
---|
| 1922 | VB_PARSE_ASSERT(err == ERR_OK);
|
---|
| 1923 | varbind->value_len = tlv.length_len * sizeof(u32_t);
|
---|
| 1924 | break;
|
---|
| 1925 | case SNMP_ASN1_TYPE_IPADDR:
|
---|
| 1926 | if (tlv.value_len == 4) {
|
---|
| 1927 | /* must be exactly 4 octets! */
|
---|
| 1928 | VB_PARSE_EXEC(snmp_asn1_dec_raw(&(enumerator->pbuf_stream), tlv.value_len, (u8_t *)varbind->value, &varbind->value_len, SNMP_MAX_VALUE_SIZE));
|
---|
| 1929 | } else {
|
---|
| 1930 | VB_PARSE_ASSERT(0);
|
---|
| 1931 | }
|
---|
| 1932 | break;
|
---|
| 1933 | #if LWIP_HAVE_INT64
|
---|
| 1934 | case SNMP_ASN1_TYPE_COUNTER64:
|
---|
| 1935 | VB_PARSE_EXEC(snmp_asn1_dec_u64t(&(enumerator->pbuf_stream), tlv.value_len, (u64_t *)varbind->value));
|
---|
| 1936 | varbind->value_len = sizeof(u64_t);
|
---|
| 1937 | break;
|
---|
| 1938 | #endif
|
---|
| 1939 | default:
|
---|
| 1940 | VB_PARSE_ASSERT(0);
|
---|
| 1941 | break;
|
---|
| 1942 | }
|
---|
| 1943 | } else {
|
---|
| 1944 | snmp_pbuf_stream_seek(&(enumerator->pbuf_stream), tlv.value_len);
|
---|
| 1945 | varbind->value_len = tlv.value_len;
|
---|
| 1946 | }
|
---|
| 1947 |
|
---|
| 1948 | return SNMP_VB_ENUMERATOR_ERR_OK;
|
---|
| 1949 | }
|
---|
| 1950 |
|
---|
| 1951 | #endif /* LWIP_SNMP */
|
---|