nvhardv3.c

wm PNE 3.3 source code, running at more than vxworks6.x version.

/*
 *  Copyright 2000-2005 Wind River Systems, Inc.
 *  All rights reserved.  Provided under license only.
 *  Distribution or other use of this software is only
 *  permitted pursuant to the terms of a license agreement
 *  from Wind River Systems (and is otherwise prohibited).
 *  Refer to that license agreement for terms of use.
 */

/*
 *  Copyright 1993-1997 Epilogue Technology Corporation.
 *  Copyright 1998 Integrated Systems, Inc.
 *  All rights reserved.
 */

/*
 * $Log: nvhardv3.c,v $
 * Revision 1.11  2003/01/15 14:05:18  josh
 * directory structure shifting
 *
 * Revision 1.10  2002/08/26 20:31:08  josh
 * modifications to the code to eliminate warnings from Diab compiler
 *
 * Revision 1.9  2002/07/09 19:28:21  josh
 * make sure that we only use active entries from the community table
 *
 * Revision 1.8  2002/01/14 18:34:57  josh
 * in _nvhard_read_community(), make sure lengths and strings agree
 *
 * Revision 1.7  2002/01/11 22:42:23  josh
 * make a community string of 'public' map to a broad view, just
 * for the sake of simplicity
 *
 * Revision 1.6  2001/12/20 21:35:19  meister
 * include vxprotos.h
 *
 * Revision 1.5  2001/11/15 21:53:50  josh
 * populate the proxy table a little
 *
 * Revision 1.4  2001/11/07 22:15:40  meister
 * rework pathnames again
 *
 * Revision 1.3  2001/11/06 21:50:53  josh
 * second (and hopefully final) pass of new path hacking
 *
 * Revision 1.2  2001/11/06 21:20:40  josh
 * revised new path hacking
 *
 * Revision 1.1.1.1  2001/11/05 17:47:49  tneale
 * Tornado shuffle
 *
 * Revision 1.1.2.1  2001/09/27 01:05:22  meister
 * Split out coexistence support into v3 component files
 *
 */

/* [clearcase]
modification history
-------------------
01e,20may05,job  fix DH parameters
01d,28apr05,AJS  Remove debugLock
01c,15apr05,AJS  Diffie-Hellman work
01b,13apr05,AJS  Diffie-Hellman work
01a,24nov03,job  update copyright information
*/

/* This is a hardwired version of nvutils.c.  It is supplied for demo and
 * test purposes as well as providing the stubs required for the snmpv3
 * nv macros. 
 */

#include <wrn/wm/common/install.h>
#include <wrn/wm/common/config.h>
#include <snmptalk.h>

#include <stdio.h>
#include <ctype.h>

#include <wrn/wm/snmp/engine/asn1conf.h>
#include <wrn/wm/snmp/engine/asn1.h>
#include <wrn/wm/snmp/engine/buffer.h>
#include <wrn/wm/snmp/engine/objectid.h>
#include <wrn/wm/snmp/engine/snmpdefs.h>
#include <wrn/wm/snmp/engine/snmp.h>
#include <wrn/wm/snmp/engine/view.h>
#include <wrn/wm/snmp/engine/auxfuncs.h>
#include <wrn/wm/snmp/engine/smi.h>

#include <wrn/wm/demo/nvutils.h>
#include <wrn/wm/snmp/vxagent/vxprotos.h>

#if (INSTALL_ENVOY_ENTITY_MIB)
#include <wrn/wm/snmp/engine/entlogic.h>
#endif
#if (INSTALL_ENVOY_SNMP_VERSION_3) 
#include <wrn/wm/snmp/engine/v3_eng.h>
#include <wrn/wm/snmp/engine/v3_user.h>
#include <wrn/wm/snmp/engine/v3_auth.h>
#include <wrn/wm/snmp/engine/v3_priv.h>
#include <wrn/wm/snmp/engine/v3_acc.h>
#include <wrn/wm/snmp/engine/v3_con.h>
#if (INSTALL_ENVOY_SNMP_V3_TARGET)
#include <wrn/wm/snmp/engine/v3_trgt.h>
#if (INSTALL_ENVOY_SNMP_V3_NOTIFY)
#include <wrn/wm/snmp/engine/v3_ntfy.h>
#endif /* #if (INSTALL_ENVOY_SNMP_V3_NOTIFY) */
#if (INSTALL_ENVOY_SNMP_V3_PROXY)
#include <wrn/wm/snmp/engine/v3_proxy.h>
#endif /* #if (INSTALL_ENVOY_SNMP_V3_PROXY) */
#if (INSTALL_ENVOY_SNMP_COEXISTENCE)
#include <wrn/wm/snmp/engine/v3_comm.h>
#endif /* #if (INSTALL_ENVOY_SNMP_COEXISTENCE */
#endif /* #if (INSTALL_ENVOY_SNMP_V3_TARGET */
#endif /* #if (INSTALL_ENVOY_SNMP_VERSION_3) */
#if INSTALL_SNMP_V3_DIFFIE_HELLMAN
#include <openssl/bn.h>
#include <wrn/wm/snmp/engine/v3_dh.h>
#endif /* INSTALL_SNMP_V3_DIFFIE_HELLMAN */

#include <wrn/wm/common/glue.h>

#if (INSTALL_SNMP_VXWORKS_VIRTUAL_STACK && INSTALL_ENVOY_SNMP_VERSION_3) 

/*
 * The purpose of the routine is to define an access control for SNMPv3
 * packets for a new VS instance (context). This involves adding new context,
 * access and, in case of coexistence, community information.  It uses groups
 * of users, "initial" and "full", that are defined below in this file. 
 * It basically extends the access of these groups for a new context
 * (community), that represents a new stack instance.
 *
 * The context identifies the VS instance and consists of NAMING_SCOPE_PREFIX
 * and the stack number. 
 * 
 * The access is defined for the group, "initial", which is defined in the 
 * routine _nvhard_read_v3groups(). The security level is set to 1 by default
 * so that the view, viewName "two", is accessible without authetication.
 *
 * The community is defined for sec name, "private_user", which is defined in
 * the routine _nvhard_read_v3tparam(). The sec name belongs to the group
 * "full", which is defined in _nvhard_read_v3access(). All communities in
 * this group can access view, vieName "two".
 *
 * This routine should be called once for each VS instance.  It may be called
 * either for all possible instances at initialization time or as each instance
 * is created.
 */
int _nvhard_vs_add(int vsnum)
{
char buf[ETC_ACCESS_ACCESS_MAX];
int buf_len;
SNMP_ACCESS_T *acc;
#if INSTALL_ENVOY_SNMP_COEXISTENCE
SNMP_COMMUNITY_T *community;
#endif /* INSTALL_ENVOY_SNMP_COEXISTENCE */
   
/* add context for new stack instance */ 
  
sprintf (buf, "%d", vsnum);  
if ((strlen (NAMING_SCOPE_PREFIX) + strlen (buf) + 1) > ETC_ACCESS_ACCESS_MAX)
    return 1; 
    
sprintf (buf, "%s%d", NAMING_SCOPE_PREFIX, vsnum);
buf_len = strlen (buf);

SNMP_V3_Context_Add((bits8_t*) buf, buf_len);

/* add access for new stack instance */ 

acc = SNMP_V3_Access_Create();
if (acc == 0)
    return(1);

SNMP_V3_Access_Set_Prefix_Match(acc, 1);
SNMP_V3_Access_Set_Status(acc, 1);

if (SNMP_V3_Access_Set_Read(acc, (bits8_t *) "two", 3, BFL_IS_ALLOC) ||
    SNMP_V3_Access_Set_Write(acc, (bits8_t *) "two", 3, BFL_IS_ALLOC) ||
    SNMP_V3_Access_Set_Notify(acc, (bits8_t *) "two", 3, BFL_IS_ALLOC) ||
    SNMP_V3_Access_Install(acc, (bits8_t *) "initial", 7,
                           (bits8_t *) buf, buf_len, 3, 1))
    return(1);

#if INSTALL_ENVOY_SNMP_COEXISTENCE
   
/* add community for new stack instance */ 

if ((community = SNMP_Community_Create()) == 0)
    return 1;

SNMP_Community_Set_Defaults(community);
SNMP_Community_Set_Storage(community, ETC_STO_VOL);
SNMP_Community_Set_Status(community, ETC_RS_ACTIVE);
 
if (SNMP_Community_Set_Name(community, (bits8_t *) buf,
                            buf_len, BFL_IS_ALLOC) ||
    SNMP_Community_Set_Sec_Name(community, (bits8_t *) "private_user",
                                12, BFL_IS_ALLOC) ||
    SNMP_Community_Install(community, (bits8_t *) buf, buf_len)) {
    SNMP_Community_Destroy(community);
    return 1;
    }   
#endif  /* INSTALL_ENVOY_SNMP_COEXISTENCE */

return(0);
}

/*
 * The purpose of the routine is to remove the  access control for SNMPv3
 * packets for the VS instance (context) which is being deleted. This involves
 * removing context, access and, in case of coexistence, community information.
 *
 * It should be called once for each VS instance being removed either at the
 * time of deletion of the VS instance or as part of a later clean up effort.
 * For more information see _nvhard_vs_add().
 */

int _nvhard_vs_remove(int vsnum)
{
char buf[ETC_ACCESS_ACCESS_MAX];
int buf_len;
SNMP_ACCESS_T *acc;
#if INSTALL_ENVOY_SNMP_COEXISTENCE
SNMP_COMMUNITY_T *community;
#endif /* INSTALL_ENVOY_SNMP_COEXISTENCE */
   
/* remove context for closing stack instance */ 
  
sprintf (buf, "%d", vsnum);   
if ((strlen (NAMING_SCOPE_PREFIX) + strlen (buf) + 1) > ETC_ACCESS_ACCESS_MAX)
    return 1;  
    
sprintf (buf, "%s%d", NAMING_SCOPE_PREFIX, vsnum);
buf_len = strlen (buf);

SNMP_V3_Context_Remove((bits8_t *) buf, buf_len);

/* remove access for closing stack instance */ 

acc = SNMP_V3_Access_Lookup((bits8_t *) "initial", 7,
                            (bits8_t *) buf, buf_len, 3, 1);
if (acc != 0)
    {
    SNMP_V3_Access_Deinstall(acc);
    SNMP_V3_Access_Destroy(acc);
    }

#if INSTALL_ENVOY_SNMP_COEXISTENCE
   
/* remove community for closing stack instance */ 

community = SNMP_Community_Lookup((bits8_t *) buf, buf_len);

if (community != 0)
    {
    SNMP_Community_Deinstall(community);
    SNMP_Community_Destroy(community);
    }   
#endif  /* INSTALL_ENVOY_SNMP_COEXISTENCE */

return(0);
}

void _vs_v3engine_set(ENT_LOGICAL_T *pEntLogical)
    {
    Ent_Logical_Set_Context_Engine_ID
        (pEntLogical, 
         (bits8_t *)SNMP_Engine_Get_My_ID(), 
         SNMP_Engine_Get_My_ID_Length(), BFL_IS_ALLOC);
    }
#endif /* INSTALL_SNMP_VXWORKS_VIRTUAL_STACK && INSTALL_ENVOY_SNMP_VERSION_3 */

int _nvhard_read_v3myid(char *eng_id)
{
bits8_t id[] = {0x00, 0x00, 0x00, 0x0c, 0x00, 0x00,
                0x00, 0x00, 0x7f, 0x00, 0x00, 0x01};
SNMP_Engine_Set_My_Info((bits8_t *)&id, (ALENGTH_T) 12, 
                        (bits32_t) 1, (sbits32_t)0);
return(0);
}

int _nvhard_read_v3users() 
{
SNMP_USER_T *user;
SNMP_AUTH_T *authmd5, *authsha;
SNMP_PRIV_T *priv;
OIDC_T md5_obj[] = {1, 3, 6, 1, 6, 3, 10, 1, 1, 2};
OIDC_T sha_obj[] = {1, 3, 6, 1, 6, 3, 10, 1, 1, 3};
OIDC_T des_obj[] = {1, 3, 6, 1, 6, 3, 10, 1, 2, 2};
bits8_t id1[] = {0x00, 0x00, 0x00, 0x0c, 0x00, 0x00,
                 0x00, 0x00, 0x7f, 0x00, 0x00, 0x01};
bits8_t id2[] = {0x00, 0x00, 0x00, 0x0c, 0x00, 0x00,
                 0x00, 0x00, 0x7f, 0x00, 0x00, 0x02};
bits8_t id3[] = {0x00, 0x00, 0x00, 0x0c, 0x00, 0x00,
                 0x00, 0x00, 0x7f, 0x00, 0x00, 0x03};
bits8_t key1[] = {0x04, 0x7b, 0x47, 0x3f, 0x93, 0x21, 0x1a, 0x17,
                  0x81, 0x3c, 0xe5, 0xff, 0xf2, 0x90, 0x06, 0x6b};
bits8_t key2[] = {0x1c, 0x8c, 0xbd, 0x68, 0x7f, 0xb0, 0xf0, 0xa2, 0x2d, 0xdd,
                  0x24, 0x31, 0x5d, 0xb0, 0xd8, 0x4c, 0x09, 0xeb, 0x5f, 0xf3};
bits8_t key3[] = {0x31, 0xe1, 0x3f, 0xfa, 0x8f, 0x12, 0x40, 0xf4, 
                  0x00, 0xe1, 0x1f, 0x85, 0x6f, 0x28, 0x2d, 0xb9};
bits8_t key4[] = {0x17, 0xde, 0xb4, 0xd4, 0x78, 0x51, 0x4f, 0x65, 0xdf, 0xa5, 
                  0x2b, 0xb5, 0x2e, 0x38, 0x47, 0x13, 0x29, 0x04, 0x1b, 0x8a};
bits8_t key5[] = {0xdd, 0x8d, 0xbf, 0x27, 0xa9, 0x62, 0x66, 0x33,
                  0x86, 0xe3, 0xcb, 0xbc, 0xa3, 0xa7, 0x97, 0xac};
bits8_t key6[] = {0x22, 0xf3, 0x3b, 0xa4, 0xaa, 0x06, 0xe3, 0xe0, 0xca, 0xd2,
                  0x86, 0xa3, 0xd1, 0x2a, 0x81, 0x13, 0x8d, 0xee, 0xe9, 0xd7};
authmd5 = SNMP_Auth_Find(sizeof(md5_obj)/sizeof(OIDC_T), md5_obj);
authsha = SNMP_Auth_Find(sizeof(sha_obj)/sizeof(OIDC_T), sha_obj);
priv    = SNMP_Priv_Find(sizeof(des_obj)/sizeof(OIDC_T), des_obj);

user = SNMP_User_Create(authmd5, priv);
if (user == 0)
    return(1);
if (authmd5)
    (void) SNMP_User_Set_AuthKey(user, key1, 16);
if (priv)
    (void) SNMP_User_Set_PrivKey(user, key1, 16);
SNMP_User_Set_Status(user, 1);
if (SNMP_User_Install(user, id1, 12, (bits8_t *) "initialmd5", 10))
    return(1);

user = SNMP_User_Create(authsha, priv);
if (user == 0)
    return(1);
if (authsha)
    (void) SNMP_User_Set_AuthKey(user, key2, 20);
if (priv)
    (void) SNMP_User_Set_PrivKey(user, key2, 16);
SNMP_User_Set_Status(user, 1);
if (SNMP_User_Install(user, id1, 12, (bits8_t *) "initialsha", 10))
    return(1);

user = SNMP_User_Create(authmd5, priv);
if (user == 0)
    return(1);
if (authmd5)
    (void) SNMP_User_Set_AuthKey(user, key3, 16);
if (priv)
    (void) SNMP_User_Set_PrivKey(user, key3, 16);
SNMP_User_Set_Status(user, 1);
if (SNMP_User_Install(user, id2, 12, (bits8_t *) "initialmd5", 10))
    return(1);

user = SNMP_User_Create(authsha, priv);
if (user == 0)
    return(1);
if (authsha)
    (void) SNMP_User_Set_AuthKey(user, key4, 20);
if (priv)
    (void) SNMP_User_Set_PrivKey(user, key4, 16);
SNMP_User_Set_Status(user, 1);
if (SNMP_User_Install(user, id2, 12, (bits8_t *) "initialsha", 10))
    return(1);

user = SNMP_User_Create(authmd5, priv);
if (user == 0)
    return(1);
if (authmd5)
    (void) SNMP_User_Set_AuthKey(user, key5, 16);
if (priv)
    (void) SNMP_User_Set_PrivKey(user, key5, 16);
SNMP_User_Set_Status(user, 1);
if (SNMP_User_Install(user, id3, 12, (bits8_t *) "initialmd5", 10))
    return(1);

user = SNMP_User_Create(authsha, priv);
if (user == 0)
    return(1);
if (authsha)
    (void) SNMP_User_Set_AuthKey(user, key6, 20);
if (priv)
    (void) SNMP_User_Set_PrivKey(user, key6, 16);
SNMP_User_Set_Status(user, 1);
if (SNMP_User_Install(user, id3, 12, (bits8_t *) "initialsha", 10))
    return(1);

return(0);
}

int _nvhard_read_v3groups()
{
SNMP_GROUP_T *grp;

grp = SNMP_Group_Create();
if (grp == 0)
    return(1);

SNMP_Group_Set_Status(grp, 1);
if (SNMP_Group_Set_Group(grp, (bits8_t *) "initial", 7, BFL_IS_ALLOC) ||
    SNMP_Group_Install(grp, 3, (bits8_t *) "initialmd5", 10))
    return(1);

grp = SNMP_Group_Create();
if (grp == 0)
    return(1);

SNMP_Group_Set_Status(grp, 1);
if (SNMP_Group_Set_Group(grp, (bits8_t *) "initial", 7, BFL_IS_ALLOC) ||
    SNMP_Group_Install(grp, 3, (bits8_t *) "initialsha", 10))
    return(1);

#if INSTALL_ENVOY_SNMP_COEXISTENCE
grp = SNMP_Group_Create();
if (grp == 0)
    return(1);

SNMP_Group_Set_Status(grp, 1);
if (SNMP_Group_Set_Group(grp, (bits8_t *) "full", 4, BFL_IS_ALLOC) ||
    SNMP_Group_Install(grp, 1, (bits8_t *) "public_user", 11))
    return(1);

grp = SNMP_Group_Create();
if (grp == 0)
    return(1);

SNMP_Group_Set_Status(grp, 1);
if (SNMP_Group_Set_Group(grp, (bits8_t *) "full", 4, BFL_IS_ALLOC) ||
    SNMP_Group_Install(grp, 2, (bits8_t *) "public_user", 11))
    return(1);

grp = SNMP_Group_Create();
if (grp == 0)
    return(1);

SNMP_Group_Set_Status(grp, 1);
if (SNMP_Group_Set_Group(grp, (bits8_t *) "full", 4, BFL_IS_ALLOC) ||
    SNMP_Group_Install(grp, 1, (bits8_t *) "private_user", 12))
    return(1);

grp = SNMP_Group_Create();
if (grp == 0)
    return(1);

SNMP_Group_Set_Status(grp, 1);
if (SNMP_Group_Set_Group(grp, (bits8_t *) "full", 4, BFL_IS_ALLOC) ||
    SNMP_Group_Install(grp, 2, (bits8_t *) "private_user", 12))
    return(1);
#endif

return(0);
}

int _nvhard_read_v3access()
{
SNMP_ACCESS_T *acc;

acc = SNMP_V3_Access_Create();
if (acc == 0)
    return(1);

SNMP_V3_Access_Set_Prefix_Match(acc, 1);
SNMP_V3_Access_Set_Status(acc, 1);

if (SNMP_V3_Access_Set_Read(acc, (bits8_t *) "one", 3, BFL_IS_ALLOC) ||
    SNMP_V3_Access_Set_Notify(acc, (bits8_t *) "one", 3, BFL_IS_ALLOC) ||
    SNMP_V3_Access_Install(acc, (bits8_t *) "initial", 7,
                           (bits8_t *) "", 0, 3, 1))
    return(1);