1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 /* Copyright (c) 1990 Mentat Inc. */ 25 26 /* 27 * This file contains common code for handling Options Management requests 28 * for SNMP/MIB. 29 */ 30 31 #include <sys/types.h> 32 #include <sys/stream.h> 33 #include <sys/stropts.h> 34 #include <sys/errno.h> 35 #define _SUN_TPI_VERSION 2 36 #include <sys/tihdr.h> 37 #include <sys/ddi.h> 38 #include <sys/cmn_err.h> 39 #include <sys/policy.h> 40 41 #include <sys/socket.h> 42 #include <netinet/in.h> 43 44 #include <inet/common.h> 45 #include <inet/mi.h> 46 #include <inet/mib2.h> 47 #include <inet/optcom.h> 48 #include <inet/snmpcom.h> 49 50 #include <inet/ip.h> 51 #include <sys/brand.h> 52 53 #define DEFAULT_LENGTH sizeof (long) 54 #define DATA_MBLK_SIZE 1024 55 #define TOAHDR_SIZE (sizeof (struct T_optmgmt_ack) +\ 56 sizeof (struct opthdr)) 57 58 /* SNMP Option Request Structure */ 59 typedef struct sor_s { 60 int sor_group; 61 int sor_code; /* MIB2 index value */ 62 int sor_size; 63 } sor_t; 64 65 /* 66 * Validation Table for set requests. 67 */ 68 static sor_t req_arr[] = { 69 { MIB2_IP, 1, sizeof (int) }, 70 { MIB2_IP, 2, sizeof (int) }, 71 { MIB2_IP, 21, sizeof (mib2_ipRouteEntry_t) }, 72 { MIB2_IP, 22, sizeof (mib2_ipNetToMediaEntry_t)}, 73 { MIB2_TCP, 13, sizeof (mib2_tcpConnEntry_t) } 74 }; 75 76 /* 77 * Binary compatibility to what used to be T_CURRENT in older releases. 78 * Unfortunately, the binary chosen for it was different and used by 79 * T_PARTSUCCESS in the new name space. However T_PARTSUCESS is only 80 * anticiapted in new T_OPTMGM_REQ (and not O_T_OPTMGMT_REQ messages). 81 * Only a test for TBADFLAG which uses one of the MIB option levels 82 * may have trouble with this provision for binary compatibility. 83 */ 84 #define OLD_T_CURRENT 0x100 /* same value as T_PARTSUCCESS */ 85 86 /* 87 * MIB info returned in data part of M_PROTO msg. All info for a single 88 * request is appended in a chain of mblk's off of the M_PROTO T_OPTMGMT_ACK 89 * ctl buffer. 90 */ 91 int 92 snmp_append_data(mblk_t *mpdata, char *blob, int len) 93 { 94 95 if (!mpdata) 96 return (0); 97 while (mpdata->b_cont) 98 mpdata = mpdata->b_cont; 99 if (mpdata->b_wptr + len >= mpdata->b_datap->db_lim) { 100 mpdata->b_cont = allocb(DATA_MBLK_SIZE, BPRI_HI); 101 mpdata = mpdata->b_cont; 102 if (!mpdata) 103 return (0); 104 } 105 bcopy(blob, (char *)mpdata->b_wptr, len); 106 mpdata->b_wptr += len; 107 return (1); 108 } 109 110 /* 111 * Need a form which avoids O(n^2) behavior locating the end of the 112 * chain every time. This is it. 113 */ 114 int 115 snmp_append_data2(mblk_t *mpdata, mblk_t **last_mpp, char *blob, int len) 116 { 117 118 if (!mpdata) 119 return (0); 120 if (*last_mpp == NULL) { 121 while (mpdata->b_cont) 122 mpdata = mpdata->b_cont; 123 *last_mpp = mpdata; 124 } 125 if ((*last_mpp)->b_wptr + len >= (*last_mpp)->b_datap->db_lim) { 126 (*last_mpp)->b_cont = allocb(DATA_MBLK_SIZE, BPRI_HI); 127 *last_mpp = (*last_mpp)->b_cont; 128 if (!*last_mpp) 129 return (0); 130 } 131 bcopy(blob, (char *)(*last_mpp)->b_wptr, len); 132 (*last_mpp)->b_wptr += len; 133 return (1); 134 } 135 136 /* 137 * SNMP requests are issued using putmsg() on a stream containing all 138 * relevant modules. The ctl part contains a O_T_OPTMGMT_REQ message, 139 * and the data part is NULL 140 * to process this msg. If snmpcom_req() returns FALSE, then the module 141 * will try optcom_req to see if its some sort of SOCKET or IP option. 142 * snmpcom_req returns TRUE whenever the first option is recognized as 143 * an SNMP request, even if a bad one. 144 * 145 * "get" is done by a single O_T_OPTMGMT_REQ with MGMT_flags set to T_CURRENT. 146 * All modules respond with one or msg's about what they know. Responses 147 * are in T_OPTMGMT_ACK format. The opthdr level/name fields identify what 148 * is begin returned, the len field how big it is (in bytes). The info 149 * itself is in the data portion of the msg. Fixed length info returned 150 * in one msg; each table in a separate msg. 151 * 152 * setfn() returns 1 if things ok, 0 if set request invalid or otherwise 153 * messed up. 154 * 155 * If the passed q is at the bottom of the module chain (q_next == NULL, 156 * a ctl msg with req->name, level, len all zero is sent upstream. This 157 * is and EOD flag to the caller. 158 * 159 * IMPORTANT: 160 * - The msg type is M_PROTO, not M_PCPROTO!!! This is by design, 161 * since multiple messages will be sent to stream head and we want 162 * them queued for reading, not discarded. 163 * - All requests which match a table entry are sent to all get/set functions 164 * of each module. The functions must simply ignore requests not meant 165 * for them: getfn() returns 0, setfn() returns 1. 166 */ 167 boolean_t 168 snmpcom_req(queue_t *q, mblk_t *mp, pfi_t setfn, pfi_t getfn, cred_t *credp) 169 { 170 mblk_t *mpctl; 171 struct opthdr *req; 172 struct opthdr *next_req; 173 struct opthdr *req_end; 174 struct opthdr *req_start; 175 sor_t *sreq; 176 struct T_optmgmt_req *tor = (struct T_optmgmt_req *)mp->b_rptr; 177 struct T_optmgmt_ack *toa; 178 boolean_t legacy_req; 179 180 if (mp->b_cont) { /* don't deal with multiple mblk's */ 181 freemsg(mp->b_cont); 182 mp->b_cont = (mblk_t *)0; 183 optcom_err_ack(q, mp, TSYSERR, EBADMSG); 184 return (B_TRUE); 185 } 186 if ((mp->b_wptr - mp->b_rptr) < sizeof (struct T_optmgmt_req) || 187 !(req_start = (struct opthdr *)mi_offset_param(mp, 188 tor->OPT_offset, tor->OPT_length))) 189 goto bad_req1; 190 if (! __TPI_OPT_ISALIGNED(req_start)) 191 goto bad_req1; 192 193 /* 194 * if first option not in the MIB2 or EXPER range, return false so 195 * optcom_req can scope things out. Otherwise it's passed to each 196 * calling module to process or ignore as it sees fit. 197 */ 198 if ((!(req_start->level >= MIB2_RANGE_START && 199 req_start->level <= MIB2_RANGE_END)) && 200 (!(req_start->level >= EXPER_RANGE_START && 201 req_start->level <= EXPER_RANGE_END))) 202 return (B_FALSE); 203 204 switch (tor->MGMT_flags) { 205 206 case T_NEGOTIATE: 207 if (secpolicy_ip_config(credp, B_FALSE) != 0) { 208 optcom_err_ack(q, mp, TACCES, 0); 209 return (B_TRUE); 210 } 211 req_end = (struct opthdr *)((uchar_t *)req_start + 212 tor->OPT_length); 213 for (req = req_start; req < req_end; req = next_req) { 214 next_req = 215 (struct opthdr *)((uchar_t *)&req[1] + 216 _TPI_ALIGN_OPT(req->len)); 217 if (next_req > req_end) 218 goto bad_req2; 219 for (sreq = req_arr; sreq < A_END(req_arr); sreq++) { 220 if (req->level == sreq->sor_group && 221 req->name == sreq->sor_code) 222 break; 223 } 224 if (sreq >= A_END(req_arr)) 225 goto bad_req3; 226 if (!(*setfn)(q, req->level, req->name, 227 (uchar_t *)&req[1], req->len)) 228 goto bad_req4; 229 } 230 if (q->q_next != NULL) 231 putnext(q, mp); 232 else 233 freemsg(mp); 234 return (B_TRUE); 235 236 case OLD_T_CURRENT: 237 case T_CURRENT: 238 mpctl = allocb(TOAHDR_SIZE, BPRI_MED); 239 if (!mpctl) { 240 optcom_err_ack(q, mp, TSYSERR, ENOMEM); 241 return (B_TRUE); 242 } 243 mpctl->b_cont = allocb(DATA_MBLK_SIZE, BPRI_MED); 244 if (!mpctl->b_cont) { 245 freemsg(mpctl); 246 optcom_err_ack(q, mp, TSYSERR, ENOMEM); 247 return (B_TRUE); 248 } 249 mpctl->b_datap->db_type = M_PROTO; 250 mpctl->b_wptr += TOAHDR_SIZE; 251 toa = (struct T_optmgmt_ack *)mpctl->b_rptr; 252 toa->PRIM_type = T_OPTMGMT_ACK; 253 toa->OPT_offset = sizeof (struct T_optmgmt_ack); 254 toa->OPT_length = sizeof (struct opthdr); 255 toa->MGMT_flags = T_SUCCESS; 256 /* 257 * If the current process is running inside a solaris10- 258 * branded zone and len is 0 then it's a request for 259 * legacy data. 260 */ 261 if (PROC_IS_BRANDED(curproc) && 262 (strcmp(curproc->p_brand->b_name, "solaris10") == 0) && 263 (req_start->len == 0)) 264 legacy_req = B_TRUE; 265 else 266 legacy_req = B_FALSE; 267 if (!(*getfn)(q, mpctl, req_start->level, legacy_req)) 268 freemsg(mpctl); 269 /* 270 * all data for this module has now been sent upstream. If 271 * this is bottom module of stream, send up an EOD ctl msg, 272 * otherwise pass onto the next guy for processing. 273 */ 274 if (q->q_next != NULL) { 275 putnext(q, mp); 276 return (B_TRUE); 277 } 278 if (mp->b_cont) { 279 freemsg(mp->b_cont); 280 mp->b_cont = NULL; 281 } 282 mpctl = reallocb(mp, TOAHDR_SIZE, 1); 283 if (!mpctl) { 284 optcom_err_ack(q, mp, TSYSERR, ENOMEM); 285 return (B_TRUE); 286 } 287 mpctl->b_datap->db_type = M_PROTO; 288 mpctl->b_wptr = mpctl->b_rptr + TOAHDR_SIZE; 289 toa = (struct T_optmgmt_ack *)mpctl->b_rptr; 290 toa->PRIM_type = T_OPTMGMT_ACK; 291 toa->OPT_offset = sizeof (struct T_optmgmt_ack); 292 toa->OPT_length = sizeof (struct opthdr); 293 toa->MGMT_flags = T_SUCCESS; 294 req = (struct opthdr *)&toa[1]; 295 req->level = 0; 296 req->name = 0; 297 req->len = 0; 298 qreply(q, mpctl); 299 return (B_TRUE); 300 301 default: 302 optcom_err_ack(q, mp, TBADFLAG, 0); 303 return (B_TRUE); 304 } 305 306 bad_req1:; 307 printf("snmpcom bad_req1\n"); 308 goto bad_req; 309 bad_req2:; 310 printf("snmpcom bad_req2\n"); 311 goto bad_req; 312 bad_req3:; 313 printf("snmpcom bad_req3\n"); 314 goto bad_req; 315 bad_req4:; 316 printf("snmpcom bad_req4\n"); 317 /* FALLTHRU */ 318 bad_req:; 319 optcom_err_ack(q, mp, TBADOPT, 0); 320 return (B_TRUE); 321 322 }