Commit Graph

44 Commits

Author SHA1 Message Date
Gleb Smirnoff
23cea7199b Re-do r240271:
- Set IP_RECVDSTADDR sockopt on the socket only in case if
  it is INADDR_ANY bound.
- Supply IP_SENDSRCADDR control message only if we did receive
  IP_RECVDSTADDR control message.

This fixes operation of snmpd bound to a specific local IP address.

PR:		bin/171279
2012-09-20 05:41:20 +00:00
Gleb Smirnoff
f2ddd22eac For UDP transport set IP_RECVDSTADDR sockopt on the socket, and provide
IP_SENDSRCADDR control with datagram message we reply with. This makes
bsnmpd reply from exactly same address that request was sent to, thus
successfully bypassing stateful firewalls or other kinds of strict checking.

PR:		bin/171279
2012-09-09 09:46:48 +00:00
Gleb Smirnoff
0cf0d912b7 The first part of check_priv() function, that attempts to obtain creds
from the control message, actually never worked. This means check_priv()
didn't work for local dgram sockets.

The SCM_CREDS control messages is received only in two cases:

1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case
   the message is struct sockcred.
2) If sender did supplied SCM_CREDS control message in his sendmsg()
   syscall. In this case the message is struct cmsgcred.

We can't rely on 2), so we will use 1) for dgram sockets. For stream
sockets it is more reliable to obtain accept-time credentials, since
SCM_CREDS control message is attached only on first read. Thus:

o Do setsockopt(LOCAL_CREDS) on local dgram sockets.
o Split check_priv() into check_priv_stream() and check_priv_dgram(),
  and call them from recv_stream() and recv_dgram() respectively.
o Don't provide space for SCM_CREDS control message in recv_stream().
o Provide space for SCM_CREDS control message in recv_dgram(), but there
  is no need to initialize anything in it.
o In recv_dgram() do not blindly expect that first message is SCM_CREDS,
  instead use correct search cycle through control messages.
2012-09-08 07:12:00 +00:00
Kevin Lo
31f7ba0295 Fully initialize the stack-allocated "struct sockaddr_in sa" structure. 2012-09-07 08:58:30 +00:00
Hartmut Brandt
9972acaa15 memset() wants the size of the structure to clear, not the size
of the pointer to it.

Submitted by:	Pawel Worach
2012-03-18 19:28:52 +00:00
Mikolaj Golub
b2b91ddf9d Include sys/queue.h: snmpmod.h uses TAILQ.
PR:		bin/153153
MFC after:	2 weeks
2011-12-11 17:10:33 +00:00
Ruslan Ermilov
81b587f396 Don't spam syslog with "inet_ntop(): Address family not supported
by protocol family" when processing requests received from the
UNIX domain socket.

MFC after:	3 days
2011-04-20 08:38:25 +00:00
Shteryana Shopova
cf90ea94a0 Unbreak the build by temprorarily not using include directives in
bsnmpd(1)' def files, until bsd.snmpmod.mk & Makefiles are fixed to
pass proper include path flags to gensnmptree.
2010-12-20 22:56:50 +00:00
Shteryana Shopova
72cd7a520d Bring in a SNMP module that allows configuration of SNMPv3 Notification targets.
Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip
Approved by:	philip
2010-12-20 17:13:14 +00:00
Shteryana Shopova
135f7de5dd In bsnmpd(1) add support for SNMPv3 message processing model, including message authentication, packet encryption & view-based access control (RFC 3412, 3414, 3415).
Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip@ (mostly)
Approved by:	philip@
2010-12-08 13:51:38 +00:00
Ulrich Spörlein
d9962dc588 Remove mention of non-existant -o flag for debugging options.
MFC after:	3 days
2010-10-23 12:27:39 +00:00
Joel Dahl
54be88c948 Fix two minor typos. 2010-08-16 21:12:26 +00:00
Ulrich Spörlein
f239d44ec1 Bump document date after content changes.
Pointy hat to:	uqs
2010-08-16 19:05:10 +00:00
Ulrich Spörlein
e5cce4162a Wordsmithing of bsnmpd.1
PR:		docs/149157
Submitted by:	Warren Block <wblock@wonkity.com>
MFC after:	1 week
2010-08-16 18:47:35 +00:00
Ulrich Spörlein
4f13bbb691 mdoc: consistently spell our email addresses <foo@FreeBSD.org>
Reviewed by:	ru
Approved by:	harti
2010-05-24 06:26:38 +00:00
Antoine Brodin
5a64472b2a (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.

Approved by:	harti@
2010-03-27 13:43:18 +00:00
Ulrich Spörlein
ddedd8277a Fix typo in macro name and macro usage.
Found by:	make manlint
Reviewed by:	ru
Approved by:	harti, philip (mentor)
2010-03-12 11:05:37 +00:00
Shteryana Shopova
02f27f1cfa This commit was generated by cvs2svn to compensate for changes in r176892,
which included commits to RCS files with non-trunk default branches.
2008-03-07 09:33:29 +00:00
Shteryana Shopova
691f8568ea Vendor patch: Prevent bsnmpd from dumping core when a module's init hook
returns an error.

Approved by:	bz (mentor), harti
2008-03-07 09:33:29 +00:00
Hartmut Brandt
cab70e0247 Vendor patch: synthesize the initial value for sysObjectId from the value
of uname -r in FreeBSD. This value can be overwritten in the configuration
file.

Suggested by:	phk
2006-10-31 09:00:35 +00:00
Hartmut Brandt
f56ce4bd26 This commit was generated by cvs2svn to compensate for changes in r163820,
which included commits to RCS files with non-trunk default branches.
2006-10-31 09:00:35 +00:00
Hartmut Brandt
748b5b1ebd Virgin import of bsnmpd 1.12 2006-02-27 16:16:18 +00:00
Hartmut Brandt
568d256aa1 This commit was generated by cvs2svn to compensate for changes in r156066,
which included commits to RCS files with non-trunk default branches.
2006-02-27 16:16:18 +00:00
Hartmut Brandt
fa122c2038 Vendor patch: string_get_max() function to return strings with a maximum
SNMP string length.
2006-02-07 15:48:37 +00:00
Hartmut Brandt
74b07c5412 This commit was generated by cvs2svn to compensate for changes in r155429,
which included commits to RCS files with non-trunk default branches.
2006-02-07 15:48:37 +00:00
Hartmut Brandt
5105400329 Vendor patch: prevent a core dump when the trace option is not followed
by an option value.

Submitted by:	Shteryana Shopova <shteryana@yahoo.com>
2006-01-31 14:59:07 +00:00
Hartmut Brandt
3dc7424242 This commit was generated by cvs2svn to compensate for changes in r155094,
which included commits to RCS files with non-trunk default branches.
2006-01-31 14:59:07 +00:00
Hartmut Brandt
d4199d75a1 Vendor fix: make the default read and write communities NULL. This
basically disables any access unless other strings are set in the config
file. Note, that there is no way to set the communities back to NULL once
they're set to something not NULL.
2006-01-10 11:49:26 +00:00
Hartmut Brandt
5b1d3a5c13 This commit was generated by cvs2svn to compensate for changes in r154180,
which included commits to RCS files with non-trunk default branches.
2006-01-10 11:49:26 +00:00
Hartmut Brandt
e9d4cb69e2 Vendor patch: fix a bug when parsing the include path. 2006-01-10 11:47:56 +00:00
Hartmut Brandt
2bc6540439 This commit was generated by cvs2svn to compensate for changes in r154178,
which included commits to RCS files with non-trunk default branches.
2006-01-10 11:47:56 +00:00
Hartmut Brandt
4c0a7af955 Vendor fix for the build problem of snmp_pf. Move the fallback definitions
for U?INT32_{MAX,MIN} from asn1.h into the .c files that actually require
them (the .h file doesn't refer to these macros).
2005-10-05 15:19:56 +00:00
Hartmut Brandt
bb5e059e0d This commit was generated by cvs2svn to compensate for changes in r150974,
which included commits to RCS files with non-trunk default branches.
2005-10-05 15:19:56 +00:00
Hartmut Brandt
e50dd7e071 These files are not needed and were imported by accident in the
previous import.
2005-10-04 14:51:55 +00:00
Hartmut Brandt
165c5d31cb Virgin import of bsnmpd 1.11 2005-10-04 14:41:06 +00:00
Hartmut Brandt
69292ced51 Virgin import of bsnmpd 1.10 2005-05-23 11:19:11 +00:00
Hartmut Brandt
a9bfedb789 Vendor patch: fix a bug that was introduced when moving from libisc to
libbegemot: the rpoll_start_timer function needs the timeout value in
milli-seconds, not the absolute time when the timer should tick.
2005-04-29 11:02:18 +00:00
Hartmut Brandt
d7eb6b4714 Virgin import of bsnmp 1.9 2005-04-26 16:43:22 +00:00
Hartmut Brandt
94caccb357 Virgin import of bsnmpd 1.8 2005-02-28 17:27:11 +00:00
Hartmut Brandt
e0fd476003 Vendor patch: don't dump core when the config file cannot be opened.
Submitted by:	Maxim Konovalov <maxim@macomnet.ru>
2004-08-12 19:17:29 +00:00
Hartmut Brandt
896052c10f Virgin import of bsnmpd 1.7 2004-08-06 13:38:30 +00:00
Hartmut Brandt
8eecd77ad5 Import of bsnmpd 1.6 2004-04-14 16:20:14 +00:00
Hartmut Brandt
70af00a124 Virgin import of bsnmpd 1.5a 2004-01-23 10:44:47 +00:00
Hartmut Brandt
f06ca4af18 Virgin import of bsnmp 1.4 2003-11-10 08:53:38 +00:00