snmpd(8): Remove restricted socket

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

snmpd(8): Remove restricted socket

Martijn van Duren-5
snmpd's normal socket is pretty much deprecated and the restricted
variant is even more useless. In other words lets pick it apart one
step at a time. This diff removes the restricted keyword and related
code.

While here I also removed the unimplemented IMSG_CTL_RELOAD logic.

For those wondering why I removed the CTL_CONN_LOCKED flag: It's only
checked in control_dispatch_imsg, so there's no point in setting it on
agentx sockets.

OK?

martijn@

Index: control.c
===================================================================
--- control.c (revision 1)
+++ control.c (working copy)
@@ -80,7 +80,7 @@
  return (-1);
  }
 
- if (cs->cs_restricted || cs->cs_agentx) {
+ if (cs->cs_agentx) {
  old_umask = umask(S_IXUSR|S_IXGRP|S_IXOTH);
  mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
  } else {
@@ -174,7 +174,6 @@
  log_warn("%s: agentx", __func__);
  return;
  }
- c->flags |= CTL_CONN_LOCKED;
  c->iev.handler = control_dispatch_agentx;
  TAILQ_INIT(&c->oids);
  } else
@@ -249,21 +248,6 @@
  if (n == 0)
  break;
 
- if (cs->cs_restricted || (c->flags & CTL_CONN_LOCKED)) {
- switch (imsg.hdr.type) {
- case IMSG_SNMP_AGENTX:
- case IMSG_SNMP_ELEMENT:
- case IMSG_SNMP_END:
- case IMSG_SNMP_LOCK:
- break;
- default:
- control_close(c,
-    "client requested restricted command",
-    &imsg);
- return;
- }
- }
-
  control_imsg_forward(&imsg);
 
  switch (imsg.hdr.type) {
@@ -282,14 +266,6 @@
  c->flags |= CTL_CONN_NOTIFY;
  break;
 
- case IMSG_SNMP_LOCK:
- if (IMSG_DATA_SIZE(&imsg))
- return control_close(c, "invalid size", &imsg);
-
- /* enable restricted control mode */
- c->flags |= CTL_CONN_LOCKED;
- break;
-
  case IMSG_SNMP_AGENTX:
  if (IMSG_DATA_SIZE(&imsg))
  return control_close(c, "invalid size", &imsg);
@@ -313,7 +289,6 @@
  }
  /* disable IMSG notifications */
  c->flags &= ~CTL_CONN_NOTIFY;
- c->flags |= CTL_CONN_LOCKED;
  c->iev.handler = control_dispatch_agentx;
  break;
 
@@ -330,11 +305,7 @@
  proc_forward_imsg(&env->sc_ps, &imsg, i, -1);
  }
  break;
- case IMSG_CTL_RELOAD:
- if (IMSG_DATA_SIZE(&imsg))
- return control_close(c, "invalid size", &imsg);
- proc_forward_imsg(&env->sc_ps, &imsg, PROC_PARENT, -1);
- break;
+
  default:
  control_close(c, "invalid type", &imsg);
  return;
Index: parse.y
===================================================================
--- parse.y (revision 1)
+++ parse.y (working copy)
@@ -51,11 +51,6 @@
 #include "snmpd.h"
 #include "mib.h"
 
-enum socktype {
- SOCK_TYPE_RESTRICTED = 1,
- SOCK_TYPE_AGENTX = 2
-};
-
 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
 static struct file {
  TAILQ_ENTRY(file) entry;
@@ -133,7 +128,7 @@
 %token SYSTEM CONTACT DESCR LOCATION NAME OBJECTID SERVICES RTFILTER
 %token READONLY READWRITE OCTETSTRING INTEGER COMMUNITY TRAP RECEIVER
 %token SECLEVEL NONE AUTH ENC USER AUTHKEY ENCKEY ERROR DISABLED
-%token SOCKET RESTRICTED AGENTX HANDLE DEFAULT SRCADDR TCP UDP PFADDRFILTER
+%token SOCKET AGENTX HANDLE DEFAULT SRCADDR TCP UDP PFADDRFILTER
 %token <v.string> STRING
 %token  <v.number> NUMBER
 %type <v.string> hostcmn
@@ -305,10 +300,7 @@
  YYERROR;
  }
  rcsock->cs_name = $2;
- if ($3 == SOCK_TYPE_RESTRICTED)
- rcsock->cs_restricted = 1;
- else if ($3 == SOCK_TYPE_AGENTX)
- rcsock->cs_agentx = 1;
+ rcsock->cs_agentx = 1;
  TAILQ_INSERT_TAIL(&conf->sc_ps.ps_rcsocks,
     rcsock, cs_entry);
  } else {
@@ -541,8 +533,7 @@
  }
  ;
 
-socktype : RESTRICTED { $$ = SOCK_TYPE_RESTRICTED; }
- | AGENTX { $$ = SOCK_TYPE_AGENTX; }
+socktype : AGENTX { $$ = 1; }
  | /* nothing */ { $$ = 0; }
  ;
 
@@ -655,7 +646,6 @@
  { "read-only", READONLY },
  { "read-write", READWRITE },
  { "receiver", RECEIVER },
- { "restricted", RESTRICTED },
  { "seclevel", SECLEVEL },
  { "services", SERVICES },
  { "socket", SOCKET },
Index: snmp.h
===================================================================
--- snmp.h (revision 1)
+++ snmp.h (working copy)
@@ -29,7 +29,6 @@
 #define SNMP_MAX_OID_STRLEN 128 /* max size of the OID _string_ */
 #define SNMP_SOCKET "/var/run/snmpd.sock"
 #define AGENTX_SOCKET "/var/run/agentx.sock"
-#define SNMP_RESTRICTED_SOCKET "/var/run/snmpd.rsock"
 
 enum snmp_type {
  SNMP_IPADDR = 0,
@@ -51,9 +50,6 @@
 
 enum snmp_imsg_ctl {
  IMSG_SNMP_DUMMY = 1000, /* something that works everywhere */
- IMSG_SNMP_ELEMENT,
- IMSG_SNMP_END,
- IMSG_SNMP_LOCK, /* enable restricted mode */
  IMSG_SNMP_AGENTX
 };
 
Index: snmpd.c
===================================================================
--- snmpd.c (revision 1)
+++ snmpd.c (working copy)
@@ -300,8 +300,6 @@
 snmpd_dispatch_snmpe(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
  switch (imsg->hdr.type) {
- case IMSG_CTL_RELOAD:
- /* XXX notyet */
  default:
  break;
  }
Index: snmpd.conf.5
===================================================================
--- snmpd.conf.5 (revision 1)
+++ snmpd.conf.5 (working copy)
@@ -133,23 +133,18 @@
 .Xr snmpd 8
 will accept only SNMPv3 requests since older versions neither support
 authentication nor encryption.
-.It Ic socket Qo Ar path Qc Op Ic restricted | agentx
+.It Ic socket Qo Ar path Qc Op Ic agentx
 Create a control socket at
 .Ar path .
 If
-.Ic restricted
-is specified, a restricted control socket will be created.
-If
 .Ic agentx
 is specified, a socket which speaks the AgentX protocol will be created.
 Multiple
-.Ic restricted
-and
 .Ic agentx
 sockets may be created.
-By default
+By default only control socket
 .Pa /var/run/snmpd.sock
-is created and no other sockets are created.
+is created.
 .It Ic system contact Ar string
 Specify the name or description of the system contact, typically a
 name or an email address.
Index: snmpd.h
===================================================================
--- snmpd.h (revision 1)
+++ snmpd.h (working copy)
@@ -83,10 +83,8 @@
  IMSG_NONE,
  IMSG_CTL_OK, /* answer to snmpctl requests */
  IMSG_CTL_FAIL,
- IMSG_CTL_END,
  IMSG_CTL_NOTIFY,
  IMSG_CTL_VERBOSE,
- IMSG_CTL_RELOAD,
  IMSG_CTL_PROCFD,
  IMSG_ALERT
 };
@@ -113,7 +111,6 @@
  struct event cs_ev;
  struct event cs_evt;
  int cs_fd;
- int cs_restricted;
  int cs_agentx;
  void *cs_env;
 
@@ -357,7 +354,6 @@
  TAILQ_ENTRY(ctl_conn) entry;
  u_int8_t flags;
 #define CTL_CONN_NOTIFY 0x01
-#define CTL_CONN_LOCKED 0x02 /* restricted mode */
  struct imsgev iev;
  struct control_sock *cs;
  struct agentx_handle *handle;