233 lines
6.2 KiB
C
233 lines
6.2 KiB
C
/* Copyright 2009 SPARTA, Inc. All rights reserved
|
|
* Use is subject to license terms specified in the COPYING file
|
|
* distributed with the Net-SNMP package.
|
|
*/
|
|
|
|
/*
|
|
* This is merely a wrapper around stdin/out for sshd to call. It
|
|
* simply passes traffic to the running snmpd through a unix domain
|
|
* socket after first passing any needed SSH Domain information.
|
|
*/
|
|
|
|
#include <net-snmp/net-snmp-config.h>
|
|
|
|
#ifdef HAVE_SYS_PARAM_H
|
|
#include <sys/param.h>
|
|
#endif
|
|
#ifdef HAVE_SYS_SOCKET_H
|
|
#include <sys/socket.h>
|
|
#endif
|
|
#if HAVE_SYS_UN_H
|
|
#include <sys/un.h>
|
|
#endif
|
|
|
|
#include <sys/select.h>
|
|
#include <unistd.h>
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
|
|
#ifndef MAXPATHLEN
|
|
#warning no system max path length detected
|
|
#define MAXPATHLEN 2048
|
|
#endif
|
|
|
|
#define DEFAULT_SOCK_PATH "/var/net-snmp/sshdomainsocket"
|
|
|
|
#define NETSNMP_SSHTOSNMP_VERSION_NUMBER 1
|
|
|
|
|
|
|
|
/*
|
|
* Extra debugging output for, um, debugging.
|
|
*/
|
|
|
|
#undef DEBUGGING
|
|
|
|
#define DEBUG(x) deb(x)
|
|
#ifdef DEBUGGING
|
|
FILE *debf = NULL;
|
|
static void
|
|
deb(const char *string) {
|
|
if (NULL == debf) {
|
|
debf = fopen("/tmp/sshtosnmp.log", "a");
|
|
}
|
|
if (NULL != debf) {
|
|
fprintf(debf, "%s\n", string);
|
|
fflush(debf);
|
|
}
|
|
}
|
|
#else /* !DEBUGGING */
|
|
NETSNMP_STATIC_INLINE void
|
|
deb(const char *string) { }
|
|
#endif /* DEBUGGING code */
|
|
|
|
int
|
|
main(int argc, char **argv) {
|
|
|
|
int sock;
|
|
struct sockaddr_un addr;
|
|
u_char buf[4096];
|
|
size_t buf_len = sizeof(buf);
|
|
int rc = 0, pktsize = 0;
|
|
|
|
fd_set read_set;
|
|
|
|
DEBUG("----------\nstarting up");
|
|
|
|
/* Open a connection to the UNIX domain socket or fail */
|
|
|
|
addr.sun_family = AF_UNIX;
|
|
snprintf(addr.sun_path, sizeof(addr.sun_path), "%s",
|
|
argc > 1 ? argv[1] : DEFAULT_SOCK_PATH);
|
|
|
|
sock = socket(PF_UNIX, SOCK_STREAM, 0);
|
|
DEBUG("created socket");
|
|
if (sock <= 0) {
|
|
exit(1);
|
|
}
|
|
|
|
/* set the SO_PASSCRED option so we can pass uid */
|
|
/* XXX: according to the unix(1) manual this shouldn't be needed
|
|
on the sending side? */
|
|
{
|
|
int one = 1;
|
|
setsockopt(sock, SOL_SOCKET, SO_PASSCRED, (void *) &one,
|
|
sizeof(one));
|
|
}
|
|
|
|
if (connect(sock, (struct sockaddr *) &addr,
|
|
sizeof(struct sockaddr_un)) != 0) {
|
|
DEBUG("FAIL CONNECT");
|
|
exit(1);
|
|
}
|
|
|
|
DEBUG("opened socket");
|
|
|
|
/*
|
|
* we are running as the user that ssh authenticated us as, and this
|
|
* is the name/uid that the agent needs for processing as a SNMPv3
|
|
* security name. So this is the only thing needed to pass to the
|
|
* agent.
|
|
*/
|
|
|
|
/* version 1 of our internal ssh to snmp wrapper is just a single
|
|
byte version number and indicates we're also passing unix
|
|
socket credentials containing our user id */
|
|
|
|
/* In case of future changes, we'll pass a version number first */
|
|
|
|
buf[0] = NETSNMP_SSHTOSNMP_VERSION_NUMBER;
|
|
buf_len = 1;
|
|
|
|
/* send the prelim message and the credentials together using sendmsg() */
|
|
{
|
|
struct msghdr m;
|
|
struct {
|
|
struct cmsghdr cm;
|
|
struct ucred ouruser;
|
|
} cmsg;
|
|
struct iovec iov = { buf, buf_len };
|
|
|
|
/* Make sure that even padding fields get initialized.*/
|
|
memset(&cmsg, 0, sizeof(cmsg));
|
|
memset(&m, 0, sizeof(m));
|
|
|
|
/* set up the basic message */
|
|
cmsg.cm.cmsg_len = sizeof(struct cmsghdr) + sizeof(struct ucred);
|
|
cmsg.cm.cmsg_level = SOL_SOCKET;
|
|
cmsg.cm.cmsg_type = SCM_CREDENTIALS;
|
|
|
|
cmsg.ouruser.uid = getuid();
|
|
cmsg.ouruser.gid = getgid();
|
|
cmsg.ouruser.pid = getpid();
|
|
|
|
m.msg_iov = &iov;
|
|
m.msg_iovlen = 1;
|
|
m.msg_control = &cmsg;
|
|
m.msg_controllen = sizeof(cmsg);
|
|
m.msg_flags = 0;
|
|
|
|
DEBUG("sending to sock");
|
|
rc = sendmsg(sock, &m, MSG_NOSIGNAL|MSG_DONTWAIT);
|
|
if (rc < 0) {
|
|
fprintf(stderr, "failed to send startup message\n");
|
|
DEBUG("failed to send startup message\n");
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
DEBUG("sent name");
|
|
|
|
/* now we just send and receive from both the socket and stdin/stdout */
|
|
|
|
while(1) {
|
|
/* read from stdin and the socket */
|
|
FD_ZERO(&read_set);
|
|
FD_SET(sock, &read_set);
|
|
FD_SET(STDIN_FILENO, &read_set);
|
|
|
|
/* blocking without a timeout be fine fine */
|
|
select(sock+1, &read_set, NULL, NULL, NULL);
|
|
|
|
if (FD_ISSET(STDIN_FILENO, &read_set)) {
|
|
/* read from stdin to get stuff from sshd to send to the agent */
|
|
DEBUG("data from stdin");
|
|
rc = read(STDIN_FILENO, buf, sizeof(buf));
|
|
|
|
if (rc <= 0) {
|
|
/* end-of-file */
|
|
#ifndef HAVE_CLOSESOCKET
|
|
rc = close(sock);
|
|
#else
|
|
rc = closesocket(sock);
|
|
#endif
|
|
exit(0);
|
|
}
|
|
DEBUG("read from stdin");
|
|
|
|
/* send it up the pipe */
|
|
pktsize = rc;
|
|
rc = -1;
|
|
while (rc < 0) {
|
|
DEBUG("sending to socket");
|
|
rc = sendto(sock, buf, pktsize, 0, NULL, 0);
|
|
DEBUG("back from sendto");
|
|
if (rc < 0)
|
|
DEBUG("sentto failed");
|
|
if (rc < 0 && errno != EINTR) {
|
|
break;
|
|
}
|
|
}
|
|
if (rc > 0)
|
|
DEBUG("sent to socket");
|
|
else
|
|
DEBUG("failed to send to socket!!");
|
|
}
|
|
|
|
if (FD_ISSET(sock, &read_set)) {
|
|
/* read from the socket and send to to stdout which goes to sshd */
|
|
DEBUG("data on unix socket");
|
|
|
|
rc = -1;
|
|
while (rc < 0) {
|
|
rc = recvfrom(sock, buf, sizeof(buf), 0, NULL, NULL);
|
|
if (rc < 0 && errno != EINTR) {
|
|
close(sock);
|
|
exit(0);
|
|
}
|
|
}
|
|
DEBUG("read from socket");
|
|
|
|
pktsize = rc;
|
|
rc = write(STDOUT_FILENO, buf, pktsize);
|
|
/* XXX: check that counts match */
|
|
if (rc > 0) {
|
|
DEBUG("wrote to stdout");
|
|
} else {
|
|
DEBUG("failed to write to stdout");
|
|
}
|
|
}
|
|
}
|
|
}
|