Allow setting the engineid.

The previous engineid was based aronud the engine boottime and a random
value, which gives problems when sending/receiving unacknowledged PDUs
(trapv2) over SNMPv3 with authentication enabled, which need a consistent
engineid across restarts to determine the correct user from the sender.

The new default engineid takes a sha256 hash (chosen for its longer output)
of gethostname(3) and places the first 27 bytes after the new format number
129. This should give us a very low probability of collisions, assuming
all machines have a unique name.

The other formats as specified in SNMP-FRAMEWORK-MIB (RFC3411) are also
supported as well as arbitrary formats in the range 128-255 for other
private enterprise numbers in hex format.

OK jmatthew@

1 files changed, 4 insertions, 1 deletions

diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c
index 5fcb9171381..093cb26ba55 100644
--- a/usr.sbin/snmpd/snmpe.c
+++ b/usr.sbin/snmpd/snmpe.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: snmpe.c,v 1.73 2021/08/01 11:36:48 martijn Exp $	*/
+/*	$OpenBSD: snmpe.c,v 1.74 2021/08/09 18:14:53 martijn Exp $	*/
 
 /*
  * Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -121,6 +121,9 @@ snmpe_init(struct privsep *ps, struct privsep_proc *p, void *arg)
 		fatal("unveil");
 	if (unveil(NULL, NULL) == -1)
 		fatal("unveil");
+
+	log_info("snmpe %s: ready",
+	    tohexstr(env->sc_engineid, env->sc_engineid_len));
 }
 
 void