diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2008-02-07 11:33:27 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2008-02-07 11:33:27 +0000 |
| commit | ff1b6ffe50c6a640a8849a77241689009e748181 (patch) | |
| tree | 8c89a8e4cf6409d32a1b7ecca34868c03ba5f555 /usr.sbin/snmpd | |
| parent | e944d838798eb3045c8b5c87fb1da6adf5973779 (diff) | |
add a imsg which allows to "lock" the control connection, the
restricted connection will reject any commands except snmp traps.
Diffstat (limited to 'usr.sbin/snmpd')
| -rw-r--r-- | usr.sbin/snmpd/control.c | 21 | ||||
| -rw-r--r-- | usr.sbin/snmpd/snmp.h | 5 | ||||
| -rw-r--r-- | usr.sbin/snmpd/snmpd.h | 3 |
3 files changed, 25 insertions, 4 deletions
diff --git a/usr.sbin/snmpd/control.c b/usr.sbin/snmpd/control.c index 4006d89d74f..646d181d126 100644 --- a/usr.sbin/snmpd/control.c +++ b/usr.sbin/snmpd/control.c @@ -1,4 +1,4 @@ -/* $OpenBSD: control.c,v 1.6 2008/02/07 11:11:59 reyk Exp $ */ +/* $OpenBSD: control.c,v 1.7 2008/02/07 11:33:26 reyk Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -220,6 +220,21 @@ control_dispatch_imsg(int fd, short event, void *arg) if (n == 0) break; + if (c->flags & CTL_CONN_LOCKED) { + switch (imsg.hdr.type) { + case IMSG_SNMP_TRAP: + case IMSG_SNMP_ELEMENT: + case IMSG_SNMP_END: + break; + default: + log_debug("control_dispatch_imsg: " + "client requested restricted command"); + imsg_free(&imsg); + control_close(fd); + return; + } + } + switch (imsg.hdr.type) { case IMSG_CTL_NOTIFY: if (c->flags & CTL_CONN_NOTIFY) { @@ -231,6 +246,10 @@ control_dispatch_imsg(int fd, short event, void *arg) } c->flags |= CTL_CONN_NOTIFY; break; + case IMSG_SNMP_LOCK: + /* enable restricted control mode */ + c->flags |= CTL_CONN_LOCKED; + break; case IMSG_SNMP_TRAP: if (trap_imsg(&c->ibuf, imsg.hdr.pid) == -1) { log_debug("control_dispatch_imsg: " diff --git a/usr.sbin/snmpd/snmp.h b/usr.sbin/snmpd/snmp.h index 822c930c270..90ce181a13f 100644 --- a/usr.sbin/snmpd/snmp.h +++ b/usr.sbin/snmpd/snmp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: snmp.h,v 1.6 2008/01/16 10:23:31 reyk Exp $ */ +/* $OpenBSD: snmp.h,v 1.7 2008/02/07 11:33:26 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@vantronix.net> @@ -47,7 +47,8 @@ enum snmp_type { enum snmp_imsg_ctl { IMSG_SNMP_TRAP = 1000, /* something that works everywhere */ IMSG_SNMP_ELEMENT, - IMSG_SNMP_END + IMSG_SNMP_END, + IMSG_SNMP_LOCK /* enable restricted mode */ }; struct snmp_imsg_hdr { diff --git a/usr.sbin/snmpd/snmpd.h b/usr.sbin/snmpd/snmpd.h index 89128558637..1567b57205b 100644 --- a/usr.sbin/snmpd/snmpd.h +++ b/usr.sbin/snmpd/snmpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: snmpd.h,v 1.17 2008/01/18 02:09:30 reyk Exp $ */ +/* $OpenBSD: snmpd.h,v 1.18 2008/02/07 11:33:26 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@vantronix.net> @@ -132,6 +132,7 @@ struct ctl_conn { TAILQ_ENTRY(ctl_conn) entry; u_int8_t flags; #define CTL_CONN_NOTIFY 0x01 +#define CTL_CONN_LOCKED 0x02 /* restricted mode */ struct imsgbuf ibuf; }; |