v3_ber.c

wm PNE 3.3 source code, running at more than vxworks6.x version.

/*
 *  Copyright 2000-2005 Wind River Systems, Inc.
 *  All rights reserved.  Provided under license only.
 *  Distribution or other use of this software is only
 *  permitted pursuant to the terms of a license agreement
 *  from Wind River Systems (and is otherwise prohibited).
 *  Refer to that license agreement for terms of use.
 */

/*
 *  Copyright 1998 Integrated Systems, Inc.
 *  All rights reserved.
 */

/*
 * $Log: v3_ber.c,v $
 * Revision 1.8  2003/01/15 14:05:09  josh
 * directory structure shifting
 *
 * Revision 1.7  2002/05/13 20:46:18  josh
 * encoding process now checks for 16-bit overflows in
 * calculating packet sizes
 *
 * Revision 1.6  2002/04/01 21:33:27  josh
 * make sure that engine ids conform to restricted lengths
 * (minimum of 5, maximum of 32)
 *
 * Revision 1.5  2002/04/01 19:38:18  josh
 * if proxies are installed, we need a special check for a zero-length
 * context engine id
 *
 * Revision 1.4  2002/03/18 16:02:19  josh
 * merge in code changes from postbeta branch
 *
 * Revision 1.3.2.1  2002/01/04 22:15:35  josh
 * properly handle case where Notifies are turned on, Proxy is turned off,
 * and we receive a request that's not using our engine id and isn't
 * a Get, Next, Set, or Bulk
 *
 * Revision 1.3  2001/11/06 21:50:51  josh
 * second (and hopefully final) pass of new path hacking
 *
 * Revision 1.2  2001/11/06 21:20:30  josh
 * revised new path hacking
 *
 * Revision 1.1.1.1  2001/11/05 17:47:44  tneale
 * Tornado shuffle
 *
 * Revision 9.21.4.4  2001/08/30 21:14:21  josh
 * fix logic for decode_scoped_pdu()
 *
 * Revision 9.21.4.3  2001/08/24 14:40:23  josh
 * rewrite of process_packet_one() and general rearrangement of code
 * to accomodate proxies
 *
 * Revision 9.21.4.2  2001/07/25 15:03:08  josh
 * make sure boots and time information is always present in responses
 * and reports
 *
 * Revision 9.21.4.1  2001/06/28 18:22:59  josh
 * Seeding the Cormorant branch with the code from the old
 * cormorant branch
 *
 * Revision 9.21  2001/04/25 19:28:51  josh
 * an snmpSecurityModel of 0 is not a valid model
 *
 * Revision 9.20  2001/04/19 18:21:41  josh
 * changes to do bounds-checking on maxMsgSize, snmpVersion,
 * msgID, and snmpSecurityModel
 *
 * Revision 9.19  2001/04/11 21:01:50  josh
 * we are overwriting the trunk's copy of this file with
 * the file from the kingfisher branch
 *
 * Revision 9.18  2001/01/19 22:22:28  paul
 * Update copyright.
 *
 * Revision 9.17  2000/07/12 21:17:10  josh
 * don't automatically reject packets using an engine id other than
 * our own if proxy is installed
 *
 * Revision 9.16  2000/06/13 21:02:36  josh
 * fix include files
 *
 * Revision 9.15  2000/06/09 14:55:26  josh
 * changing an include path to correspond to definitions' new location
 *
 * Revision 9.14  2000/06/09 13:55:09  josh
 * changing of installation option-related builds.  Moved certain glue
 * functions to v3_ber.c from sendntfy.c so they get built even when
 * ENVOY_SNMP_V3_NOTIFY isn't installed
 *
 * Revision 9.13.4.1  2001/04/11 20:48:33  josh
 * moving cormorant-specific changes off to the cormorant
 * branch
 *
 * Revision 9.13.2.4  2001/03/12 22:08:29  tneale
 * Updated copyright
 *
 * Revision 9.13.2.3  2001/01/18 21:36:24  josh
 * if we receive an SNMPv3 PDU with a securityName of longer than 32
 * octets, drop the packet and cause snmpInASNParseErrs to be incremented
 *
 * Revision 9.13.2.2  2000/12/13 20:49:03  josh
 * envoy_add_engine_address() should return a 1 on success
 *
 * Revision 9.13.2.1  2000/09/20 21:46:59  josh
 * bringing branch up to currency with the root tree
 *
 * Revision 9.13  2000/03/17 00:19:28  meister
 * Update copyright message
 *
 * Revision 9.12  2000/03/08 18:23:58  sar
 * Initialize the object id for tdomain in when adding an engine id
 * to avoid possible problems with uninited variables.
 *
 * Also commented out the v3_invalidmsgs object id as it currently isn't
 * in use
 *
 * Revision 9.11  2000/02/13 20:45:30  sar
 * As per the new rfc (2572) removed the code to send a report if the message
 * flags field has the priv flag set without the auth flag set.  This is still
 * an error and the packet is dropped but no report should be sent.
 *
 * Revision 9.10  2000/02/04 21:56:15  josh
 * functions which are clearly static have been declared as such.
 * this makes the vxWorks compiler happy.
 *
 * Revision 9.9  2000/01/21 21:19:07  josh
 * make sure declarations are properly controlled by #ifdefs
 *
 * Revision 9.8  2000/01/05 21:15:29  josh
 * moving code around to make sure probe checks occur as long as an
 * engine ID is found
 *
 * Revision 9.7  2000/01/04 21:03:27  josh
 * shuffled some more code (probe checking) to avoid another
 * potential deadlock situation.
 *
 * Revision 9.6  1999/12/06 18:42:17  josh
 * move the code that does the time update on pending retransmit
 * packets into v3_ber.c, where it won't cause a deadlock.
 *
 * Revision 9.5  1999/11/09 20:25:52  josh
 * cleaning up nits
 *
 * Revision 9.4  1999/11/09 17:56:40  josh
 * fixing memory leaks and initialization issues
 *
 * Revision 9.3  1999/10/29 21:49:11  josh
 * remove the default envoy_add_engine_id() from the code
 *
 * Revision 9.2  1999/10/26 19:52:11  sar
 * Corrected some calls to the lock code, we were using rp->coarse_lock
 * when we should have been using *rp->coarse_lock
 *
 * Revision 9.1  1999/10/07 23:47:07  josh
 * default functions for adding engineid and address, new code in
 * v3 decode routine to handle this
 *
 * Revision 9.0  1998/10/16 22:12:31  sar
 * Update version stamp to match release
 *
 * Revision 1.18  1998/08/14 14:04:01  sar
 * Moved the code to turn off the report flags so that authorization error
 * messages don't have the flag on.
 *
 * Revision 1.17  1998/08/12 04:49:24  sar
 * Clean up some leftover comments.
 *
 * Revision 1.16  1998/08/01 17:35:02  sar
 * Removed the check_id flag from the user lookup call
 *
 * Revision 1.15  1998/07/20 01:59:58  sar
 * Add () to SNMP_Engine_Get_My_* and ENVOY_TIME calls
 * Modify the timestamp installs so they are all the same,
 * installing ENVOY_TIME() - timestamp
 *
 * Revision 1.14  1998/07/03 16:51:33  sar
 * Removed the many engine option and moved this engine's boots and time
 * informtaion into an engine entry
 *
 * Revision 1.13  1998/07/02 00:49:16  sar
 * Moved check to see if access entity is active to the access_find function
 * we now skip inactive entries instead of trying to use them
 *
 * Revision 1.12  1998/06/22 19:49:48  sar
 * Add a cast to keep a compiler happy
 *
 * Revision 1.11  1998/06/22 03:11:13  sar
 * Changed the type used for lengths in localio.  We now use ALENGTH_Ts
 * to make it match the rest of the code and keep compilers happy
 *
 * Revision 1.10  1998/06/19 20:13:57  sar
 * make sure all files include asn1conf.h and snmp.h to pick up all of
 * the common code
 *
 * Revision 1.9  1998/06/16 05:25:55  sar
 * clean up some type info, dealing with mms
 *
 * Revision 1.8  1998/06/09 21:46:27  sar
 * Cleaned up some code that might have called alloc or memcmp with
 * 0 lenght strings
 *
 * Revision 1.7  1998/06/09 16:55:50  sar
 * Save a pointer to the start of the buffer we should use so that
 * the customer can add a header before the snmp packet in the
 * buffer they hand us
 *
 * Revision 1.6  1998/06/08 22:05:27  sar
 * Tidied up some v3 error returns, notably authorization error
 *
 * Revision 1.5  1998/06/01 20:41:52  sar
 * Removed the msg_con_name field from SNMP_PKT_T and used the community
 * field instead.
 *
 * Revision 1.4  1998/05/30 03:20:02  sar
 * Modified the names for the max string length macros for clarity
 * Update user_lookup
 *
 * Revision 1.3  1998/05/28 19:03:47  sar
 * Added ENVOY_ADD_ENGINE_ID to allow for discovery of engine ids
 *
 * Revision 1.2  1998/05/28 03:43:52  sar
 * Added a lock to protect the engine boots and time values
 *
 * Revision 1.1  1998/05/24 04:14:48  sar
 * Support for processing SNMPv3 packets.
 * acc = access and group structure control functions
 * auth & prive = authentication and privacy code (not including the
 *                actual digest or encryption routines)
 * ber = routines for encoding and decoding v3 packets
 * eng = engine sructure control functions
 * user = user structure control functions
 *
 */

/* [clearcase]
modification history
-------------------
01b,18apr05,job  update copyright notices
01a,24nov03,job  update copyright information
*/

/* This file contains routines to encode and decode a snmp packet
   formatted according to the snmpv3 specifications (rfc2271-2275).

   The packet format is:
   <seq> <version (int) (3)> <global data> <security parms> <scoped pdu data>

   <global data> =
      <seq> <id (int)> <max msg (int)> <flags (1 octet)> <sec model (int)>

   <security parms> =
      <octet string>
      <seq> <engine id (octet)> <boots (int)> <time (int)> <name (octet)>
      <auth parms> <sec parms>

   <auth parms> <null (octet)> or <from the auth routine (12 for md5 or sha)>
   <priv parms> <null (octet)> or <from the priv routine (8 for des)>

   <scoped pdu data> = <scoped pdu> or <encrypted pdu (octet string)>

   <scoped pdu> = <seq> <context id (octet)> <context name (octet)> <data>

   <data> = <pdus from 1905>
*/


#include <wrn/wm/snmp/engine/asn1conf.h>
#include <wrn/wm/snmp/engine/asn1.h>
#include <wrn/wm/snmp/engine/localio.h>
#include <wrn/wm/snmp/engine/buffer.h>
#include <wrn/wm/snmp/engine/decode.h>
#include <wrn/wm/snmp/engine/encode.h>
#include <wrn/wm/snmp/engine/snmpdefs.h>
#include <wrn/wm/snmp/engine/snmp.h>
#include <wrn/wm/snmp/engine/snmpstat.h>
#include <wrn/wm/snmp/engine/objectid.h>
#include <wrn/wm/snmp/engine/v3_eng.h>
#include <wrn/wm/snmp/engine/v3_user.h>
#include <wrn/wm/snmp/engine/v3_auth.h>
#include <wrn/wm/snmp/engine/v3_priv.h>
#include <wrn/wm/snmp/engine/v3_acc.h>
#include <wrn/wm/snmp/engine/v3_con.h>
#if (INSTALL_ENVOY_SNMP_V3_TARGET)
#include <wrn/wm/snmp/engine/v3_trgt.h>

#if (ENVOY_USE_DEFAULT_TADDRESS) || (ENVOY_USE_DEFAULT_SNMPADDR)
#if (INSTALL_ATTACHE)
#include <attache.h>
#include <wrn/wm/attache/config.h>
#endif
#endif

#if (INSTALL_ENVOY_SNMP_V3_NOTIFY)
#include <wrn/wm/snmp/engine/sendntfy.h>
#endif

#if (INSTALL_ENVOY_SNMP_V3_PROXY)
#include <wrn/wm/snmp/engine/v3_proxy.h>
#endif

#endif

#include <wrn/wm/common/bug.h>

#if (INSTALL_ENVOY_SNMP_V3_TARGET)
#if defined(ENVOY_USE_DEFAULT_TADDRESS) || defined(ENVOY_USE_DEFAULT_SNMPADDR)

#define sizeof_snmpUDPDomain 7

static OIDC_T snmpUDPDomain[] = { 1, 3, 6, 1, 6, 1, 1 };

#endif
#endif

/*static OIDC_T V3_INVALIDMSGS[]           = {1, 3, 6, 1, 6, 3, 11, 2, 1, 2, 0};*/
static OIDC_T V3_UNKNOWNPDUHANDLERS[]    = {1, 3, 6, 1, 6, 3, 11, 2, 1, 3, 0};

static OIDC_T V3_UNKNOWNCONTEXTS[]       = {1, 3, 6, 1, 6, 3, 12, 1, 5, 0};

static OIDC_T V3_UNSUPPORTEDSECLEVELS[]  = {1, 3, 6, 1, 6, 3, 15, 1, 1, 1, 0};
static OIDC_T V3_NOTINTIMEWINDOWS[]      = {1, 3, 6, 1, 6, 3, 15, 1, 1, 2, 0};
static OIDC_T V3_UNKNOWNUSERNAMES[]      = {1, 3, 6, 1, 6, 3, 15, 1, 1, 3, 0};
static OIDC_T V3_UNKNOWNENGINEIDS[]      = {1, 3, 6, 1, 6, 3, 15, 1, 1, 4, 0};
static OIDC_T V3_WRONGDIGESTS[]          = {1, 3, 6, 1, 6, 3, 15, 1, 1, 5, 0};
static OIDC_T V3_DECRYPTIONERRORS[]      = {1, 3, 6, 1, 6, 3, 15, 1, 1, 6, 0};

/* Current decode violations are:
   1: wrong auth digest
   2: wrong time stamp
   3: wrong encryption
*/
#if !defined(SNMPv3_AUTH_DECODE_VIOLATION)
#define SNMPv3_AUTH_DECODE_VIOLATION(A)
#endif

/************************************************************************
NAME: bufsize_for_v3_pkt

PURPOSE: determine the size of a packet when encoded as a byte string
	 according to the v3 rules

	 
PARAMETERS: SNMP_PKT_T * the packet that needs to be encoded

RETURNS: ALENGTH_T the buffer size required
************************************************************************/
ALENGTH_T
  bufsize_for_v3_pkt(SNMP_PKT_T *rp)
{
bits32_t scoped_length, priv_length = 0, auth_length = 0;
bits32_t scoped_pdu_length, encrypted_pdu_length, overall_length;
bits32_t buffer_needed;
 
scoped_pdu_length = 2 /* Tag and length of context engine id */
                    + A_SizeOfOctetString(EBufferUsed(&(rp->msg_con_id)))
                    + 1 /* Tag of context name */
                    + A_SizeOfLength(EBufferUsed(&(rp->community)))
                    + A_SizeOfOctetString(EBufferUsed(&(rp->community)))
                    + set_pdu_size(rp);

if ((scoped_pdu_length & 0xffff) == scoped_pdu_length)
    rp->scoped_pdu_length = scoped_pdu_length;
else
    rp->scoped_pdu_length = 0;

scoped_length = 1
                + A_SizeOfLength(scoped_pdu_length)
                + scoped_pdu_length;

if (rp->msg_flags & ETC_V3_AUTH) {
    auth_length = SNMP_Auth_Get_Need(rp->auth);

    if (rp->msg_flags & ETC_V3_PRIV) {
        priv_length = SNMP_Priv_Get_Need(rp->priv);
	encrypted_pdu_length = SNMP_Priv_Size(rp->priv, rp, scoped_length);
	scoped_length = 1 + A_SizeOfLength(encrypted_pdu_length) +
	                encrypted_pdu_length;
        if ((encrypted_pdu_length & 0xffff) == encrypted_pdu_length)
            rp->encrypted_pdu_length = encrypted_pdu_length;
        else
            rp->encrypted_pdu_length = 0;
        }
    }

rp->security_length = 2 /* Tag and length of engine id */
                      + A_SizeOfOctetString(EBufferUsed(&(rp->msg_sec_id)))
                      + 2 /* Tag and length of boots field */