usm_v3.cpp

来自「JdonFramework need above jdk 1.4.0 This」· C++ 代码 · 共 2,118 行 · 第 1/5 页

    case USM_PasswordKeyUpdate: {
      result = update_key(uku->securityName.data(), uku->securityName.len(),
			  uku->engineID.data(), uku->engineID.len(),
			  uku->newKey.data(), uku->newKey.len(),
			  uku->type);
      struct UsmUserNameTableEntry *entry;
      entry = usm_user_name_table->get_cloned_entry(uku->securityName);
      if (!entry || (result != SNMPv3_USM_OK)) {
        delete uku;
        if (entry)
          usm_user_name_table->delete_cloned_entry(entry);
        return SNMPv3_USM_ERROR;
      }

      result = SNMPv3_USM_ERROR;

      switch (uku->type) {
        case OWNAUTHKEY:
        case AUTHKEY: {
          OctetStr privPass(entry->privPassword, entry->privPasswordLength);
          result = add_usm_user(uku->securityName, entry->usmUserName,
				entry->usmUserAuthProtocol,
				entry->usmUserPrivProtocol,
				uku->newPassword, privPass);
	  break;
        }
        case OWNPRIVKEY:
        case PRIVKEY: {
          OctetStr authPass(entry->privPassword, entry->privPasswordLength);
          result = add_usm_user(uku->securityName, entry->usmUserName,
				entry->usmUserAuthProtocol,
				entry->usmUserPrivProtocol,
				authPass, uku->newPassword);
	  break;
        }
      }
      delete uku;
      usm_user_name_table->delete_cloned_entry(entry);
      return result;
    }
    case USM_PasswordAllKeyUpdate: {
      struct UsmUserNameTableEntry *entry;
      entry = usm_user_name_table->get_cloned_entry(uku->securityName);
      if (!entry) {
        delete uku;
        return SNMPv3_USM_ERROR;
      }

      result = SNMPv3_USM_ERROR;

      switch (uku->type) {
        case OWNAUTHKEY:
        case AUTHKEY: {
          OctetStr privPass = OctetStr(entry->privPassword,
                                       entry->privPasswordLength);
          delete_usm_user(uku->securityName);
          result = add_usm_user(uku->securityName, entry->usmUserName,
				entry->usmUserAuthProtocol,
				entry->usmUserPrivProtocol,
				uku->newPassword, privPass);
	  break;
        }
        case OWNPRIVKEY:
        case PRIVKEY: {
          OctetStr authPass = OctetStr(entry->authPassword,
                                       entry->authPasswordLength);
          delete_usm_user(uku->securityName);
          result = add_usm_user(uku->securityName, entry->usmUserName,
				entry->usmUserAuthProtocol,
				entry->usmUserPrivProtocol,
				authPass, uku->newPassword);
	  break;
        }
      }
      delete uku;
      usm_user_name_table->delete_cloned_entry(entry);
      return result;
    }
  }
  delete uku;
  return SNMPv3_USM_ERROR;
}

int USM::generate_msg(
             unsigned char *globalData,       // message header, admin data
             int globalDataLength,
             int maxMessageSize,              // of the sending SNMP entity
             const OctetStr &securityEngineID,// authoritative SNMP entity
             const OctetStr &securityName,    // on behalf of this principal
             int  securityLevel,              // Level of Security requested
             unsigned char  *scopedPDU,       // message (plaintext) payload
             int scopedPDULength,
             struct SecurityStateReference *securityStateReference,
             unsigned char *wholeMsg,         // OUT complete generated message
             int *wholeMsgLength)             // OUT length of generated message
{
  Buffer<unsigned char> buffer(MAX_SNMP_PACKET);
  Buffer<unsigned char> buffer2(MAX_SNMP_PACKET);
  unsigned char *bufPtr = buffer.get_ptr();
  unsigned char *buf2Ptr = buffer2.get_ptr();

  if (!bufPtr || !buf2Ptr)
    return SNMPv3_USM_ERROR;

  unsigned char *wholeMsgPtr;
  int startAuthPar = 0;
  struct UsmUser *user = NULL;
  struct UsmSecurityParameters usmSecurityParams;

  int bufLength = 0;
  unsigned int buf2Length = 0;
  int totalLength = 0;             // Bytes encoded
  int restLength = maxMessageSize; // max Bytes left in packet-buffer
  int rc;
  int responseMsg = 0;

  if (securityStateReference) {
    // this is a response message
    responseMsg = 1;
    user = new UsmUser;
    if (!user)
      return SNMPv3_USM_ERROR;
    if (securityStateReference->securityEngineID) {
      user->engineIDLength = securityStateReference->securityEngineIDLength;
      user->engineID       = securityStateReference->securityEngineID;
    } else {
      user->engineIDLength = securityEngineID.len();
      user->engineID       = v3strcpy(securityEngineID.data(),
				      securityEngineID.len());
    }

    user->usmUserName = new unsigned char[MAXLEN_USMUSERNAME + 1];
    if (securityStateReference->securityName)
    {
      user->securityName       = securityStateReference->securityName;
      user->securityNameLength = securityStateReference->securityNameLength;
      memcpy(user->usmUserName, securityStateReference->msgUserName,
	     securityStateReference->msgUserNameLength);
      user->usmUserNameLength  = securityStateReference->msgUserNameLength;
    }
    else
    {
      user->securityNameLength = securityName.len();
      user->securityName = v3strcpy(securityName.data(), securityName.len());
      if (securityStateReference->msgUserNameLength)
      {
        securityStateReference->msgUserName[0] = 0;
        securityStateReference->msgUserNameLength = 0;
      }
      user->usmUserNameLength = MAXLEN_USMUSERNAME;
      get_user_name(user->usmUserName, &user->usmUserNameLength,
		    securityName.data(), securityName.len());
      if ((user->usmUserNameLength == 0) &&
          (securityName.len() <= MAXLEN_USMUSERNAME)) {
        memcpy(user->usmUserName, securityName.data(), securityName.len());
	user->usmUserName[securityName.len()] = 0;
        user->usmUserNameLength = securityName.len();
      }
    }
    user->authProtocol       = securityStateReference->authProtocol;
    user->authKey            = securityStateReference->authKey;
    user->authKeyLength      = securityStateReference->authKeyLength;
    user->privProtocol       = securityStateReference->privProtocol;
    user->privKeyLength      = securityStateReference->privKeyLength;
    user->privKey            = securityStateReference->privKey;

    delete securityStateReference;
    securityStateReference = NULL;
  }
  else
  {
    if (securityEngineID.len() == 0)
    {
      // discovery
      user = new UsmUser;
      if (!user)
	return SNMPv3_USM_ERROR;
      memset(user, 0, sizeof(UsmUser));
    }
    else
    {
      // search for user in usmUserTable
      user = get_user(securityEngineID, securityName);

      if (!user) {
	debugprintf(0, "USM: User unknown!");
	return SNMPv3_USM_UNKNOWN_SECURITY_NAME;
      }
    }
  }

  if (securityEngineID.len() > MAXLENGTH_ENGINEID)
  {
    debugprintf(0, "engine_id too long %i > %i",
		securityEngineID.len(), MAXLENGTH_ENGINEID);
    free_user(user);
    return SNMPv3_USM_ERROR;
  }

  if (user->usmUserNameLength > MAXLEN_USMUSERNAME)
  {
    debugprintf(0, "user name too long %i > %i",
		user->usmUserNameLength, MAXLEN_USMUSERNAME);
    free_user(user);
    return SNMPv3_USM_ERROR;
  }

  usmSecurityParams.msgAuthoritativeEngineIDLength = securityEngineID.len();
  usmSecurityParams.msgUserNameLength = user->usmUserNameLength;
  memcpy(usmSecurityParams.msgUserName,
         user->usmUserName, user->usmUserNameLength);
  memcpy(usmSecurityParams.msgAuthoritativeEngineID,
         securityEngineID.data(), securityEngineID.len());

  usmSecurityParams.msgPrivacyParametersLength = 0;
  usmSecurityParams.msgPrivacyParameters = NULL;

  usmSecurityParams.msgAuthenticationParametersLength = 0;
  usmSecurityParams.msgAuthenticationParameters = NULL;

  if (securityLevel >= SNMP_SECURITY_LEVEL_AUTH_NOPRIV)
  {
    // get engineBoots, engineTime
    rc = usm_time_table->get_time(
                           securityEngineID,
                           usmSecurityParams.msgAuthoritativeEngineBoots,
                           usmSecurityParams.msgAuthoritativeEngineTime);
    if (rc == SNMPv3_USM_UNKNOWN_ENGINEID) {
      usm_time_table->add_entry(securityEngineID,
                                usmSecurityParams.msgAuthoritativeEngineBoots,
                                usmSecurityParams.msgAuthoritativeEngineTime);
    }
    if (rc == SNMPv3_USM_ERROR) {
      debugprintf(0, "usm: usmGetTime error.");
      free_user(user);
      return SNMPv3_USM_ERROR;
    }
  }

  if (securityLevel == SNMP_SECURITY_LEVEL_AUTH_PRIV)
  {
    usmSecurityParams.msgPrivacyParametersLength
             = auth_priv->get_priv_params_len(user->privProtocol);
    usmSecurityParams.msgPrivacyParameters
             = new unsigned char[usmSecurityParams.msgPrivacyParametersLength];

    // encrypt Message
    int enc_result = auth_priv->encrypt_msg(
                               user->privProtocol,
			       user->privKey, user->privKeyLength,
                               scopedPDU, scopedPDULength,
                               buf2Ptr, &buf2Length,
                               usmSecurityParams.msgPrivacyParameters,
                               &usmSecurityParams.msgPrivacyParametersLength,
                               usmSecurityParams.msgAuthoritativeEngineBoots,
			       usmSecurityParams.msgAuthoritativeEngineTime);
    if (enc_result != SNMPv3_USM_OK)
    {
      int return_value;

      if (user->privProtocol == SNMP_PRIVPROTOCOL_NONE)
      {
        debugprintf(0, "usm: Privacy requested, but no UserPrivProtocol");
        return_value = SNMPv3_USM_UNSUPPORTED_SECURITY_LEVEL;
      }
      else
      {
        return_value = SNMPv3_USM_ENCRYPTION_ERROR;
      }

      debugprintf(0, "usm: Encryption error (result %i).", enc_result);

      delete_sec_parameters(&usmSecurityParams);
      free_user(user);
      return return_value;
    }

    bufPtr = asn_build_string(bufPtr, &restLength,
                              (unsigned char)(ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_OCTET_STR),
                              buf2Ptr, buf2Length);
    if (!bufPtr) {
      debugprintf(0, "usm: Encoding Error");
      free_user(user);
      return SNMPv3_USM_ERROR;
    }
    bufLength = SAFE_INT_CAST(bufPtr - buffer.get_ptr());
    totalLength =  bufLength;
    bufPtr = buffer.get_ptr();
    memcpy(buf2Ptr, bufPtr, bufLength);
    buf2Length = bufLength;

  } else { // (securityLevel != SNMP_SECURITY_LEVEL_AUTH_PRIV)
    buf2Ptr = scopedPDU;
    buf2Length = scopedPDULength;
    totalLength = scopedPDULength;
  }
  if (!bufPtr) {
    debugprintf(0, "usm: Encoding Error");
    free_user(user);
    return SNMPv3_USM_ERROR;
  }

  totalLength += SAFE_INT_CAST(bufPtr - buffer.get_ptr());
  memcpy(bufPtr, buf2Ptr, buf2Length);
  bufLength = totalLength;

  debugprintf(21, "buf after privacy:");
  debughexprintf(21, buffer.get_ptr(), bufLength);

  wholeMsgPtr = wholeMsg;

  if (securityLevel >= SNMP_SECURITY_LEVEL_AUTH_NOPRIV)
  {
    /* Build message with authentication */
    usmSecurityParams.msgAuthenticationParametersLength
                         = auth_priv->get_auth_params_len(user->authProtocol);
    usmSecurityParams.msgAuthenticationParameters
      = new unsigned char[usmSecurityParams.msgAuthenticationParametersLength];
    memset((char*)(usmSecurityParams.msgAuthenticationParameters), 0,
           usmSecurityParams.msgAuthenticationParametersLength);

    wholeMsgPtr = build_whole_msg(wholeMsgPtr, &maxMessageSize,
				  globalData, globalDataLength,
				  &startAuthPar, // for MD5, SHA,...
				  usmSecurityParams,
				  buffer.get_ptr(),
				  bufLength);   // the msgData
    if (wholeMsgPtr == NULL)
    {
      debugprintf(0, "usm: could not generate wholeMsg");
      delete_sec_parameters(&usmSecurityParams);
      free_user(user);
      return SNMPv3_USM_ERROR;
    }
    *wholeMsgLength = SAFE_INT_CAST(wholeMsgPtr - wholeMsg);

    rc = auth_priv->auth_out_msg(user->authProtocol,
                                 user->authKey,
                                 wholeMsg, *wholeMsgLength,
                                 wholeMsg + startAuthPar);

    if (rc!=SNMPv3_USM_OK)
    {
      debugprintf(0, "usm: Authentication error for outgoing message."
                  " error code (%i).", rc);
      delete_sec_parameters(&usmSecurityParams);
      free_user(user);
      return rc;
    }
  }
  else
  {
    //build Message without authentication

    // Set engineBoots and enigneTime to zero!
    usmSecurityParams.msgAuthoritativeEngineBoots = 0;
    usmSecurityParams.msgAuthoritativeEngineTime  = 0;

    usmSecurityParams.msgAuthenticationParametersLength = 0;
    usmSecurityParams.msgAuthenticationParameters = 0;

    wholeMsgPtr = build_whole_msg(wholeMsgPtr, &maxMessageSize,
				  globalData, globalDataLength,
				  &startAuthPar, // dummy ( no auth)
				  usmSecurityParams,
				  buffer.get_ptr(),
				  bufLength);   // the msgData
    if (wholeMsgPtr == NULL) {
      debugprintf(0, "usm: could not generate wholeMsg");
      delete_sec_parameters(&usmSecurityParams);
      free_user(user);
      return SNMPv3_USM_ERROR;
    }
    *wholeMsgLength = SAFE_INT_CAST(wholeMsgPtr - wholeMsg);
  }

  debugprintf(21, "Complete Whole Msg:");
  debughexprintf(21, wholeMsg, *wholeMsgLength);

  delete_sec_parameters(&usmSecurityParams);
  free_user(user);
  return SNMPv3_USM_OK;
}

int USM::process_msg(
            int maxMessageSize,               // of the sending SNMP entity
            unsigned char *securityParameters,// for the received message
            int securityParametersLength,
            int securityParametersPosition,
            long int securityLevel,           // Level of Security
            unsigned char *wholeMsg,          // as received on the wire
            int wholeMsgLength,               // length as received on the wire
            unsigned char *msgData,
            int msgDataLength,
	    OctetStr &security_engine_id,     // authoritative SNMP entity
	    OctetStr &security_name,          //identification of the principal
            unsigned char *scopedPDU,         // message (plaintext) payload
            int *scopedPDULength,
            long *maxSizeResponseScopedPDU, // maximum size of the Response PDU
            struct SecurityStateReference *securityStateReference,
                                            // reference to security state
                                            // information, needed for response
            const UdpAddress &fromAddress)
{
  unsigned char* sp = securityParameters;
  int spLength = securityParametersLength;
  unsigned char type;
  long int engineBoots, engineTime;
  unsigned char authParam[SNMPv3_AP_MAXLENGTH_AUTHPARAM];
  unsigned char privParam[SNMPv3_AP_MAXLENGTH_PRIVPARAM];
  int authParamLength = SNMPv3_AP_MAXLENGTH_AUTHPARAM;
  int privParamLength = SNMPv3_AP_MAXLENGTH_PRIVPARAM;
  Buffer<unsigned char> encryptedScopedPDU(MAX_SNMP_PACKET);
  int encryptedScopedPDULength = msgDataLength;
  struct UsmUser *user = NULL;
  int rc;
  int notInTime = 0;

  // check securityParameters
  sp = asn_parse_header( sp, &spLength, &type);
  if (sp == NULL){
    debugprintf(0, "bad header of security