34c34
< .Dd February 27, 2006
---
> .Dd September 9, 2010
62a63,64
> .Nm oid_usmUnknownEngineIDs ,
> .Nm oid_usmNotInTimeWindows ,
102c104,113
< .Nm index_append_off
---
> .Nm index_append_off,
> .Nm bsnmpd_get_usm_stats,
> .Nm bsnmpd_reset_usm_stats,
> .Nm usm_first_user,
> .Nm usm_next_user,
> .Nm usm_find_user,
> .Nm usm_new_user,
> .Nm usm_delete_user,
> .Nm usm_flush_users,
> .Nm usm_user
230a242,260
> .Ft struct snmpd_usmstat *
> .Fn bsnmpd_get_usm_stats "void"
> .Ft void
> .Fn bsnmpd_reset_usm_stats "void"
> .Ft struct usm_user *
> .Fn usm_first_user "void"
> .Ft struct usm_user *
> .Fn usm_next_user "struct usm_user *uuser"
> .Ft struct usm_user *
> .Fn usm_find_user "uint8_t *engine" "uint32_t elen" "char *uname"
> .Ft struct usm_user *
> .Fn usm_new_user "uint8_t *engine" "uint32_t elen" "char *uname"
> .Ft void
> .Fn usm_delete_user "struct usm_user *"
> .Ft void
> .Fn usm_flush_users "void"
> .Vt extern struct usm_user *usm_user;
> .Vt extern const struct asn_oid oid_usmUnknownEngineIDs;
> .Vt extern const struct asn_oid oid_usmNotInTimeWindows;
542c572
< If a PDU is
---
> If a SNMPv1 or SNMPv2 PDU is
551a582,642
> .Ss THE USER-BASED SECURITY GROUP
> The scalar statistics of the USM group are held in the global variable
> .Va snmpd_usmstats :
> .Bd -literal -offset indent
> struct snmpd_usmstat {
> uint32_t unsupported_seclevels;
> uint32_t not_in_time_windows;
> uint32_t unknown_users;
> uint32_t unknown_engine_ids;
> uint32_t wrong_digests;
> uint32_t decrypt_errors;
> };
> .Ed
> .Fn bsnmpd_get_usm_stats
> returns a pointer to the global structure containing the statistics.
> .Fn bsnmpd_reset_usm_stats
> clears the statistics of the USM group.
> .Pp
> A global list of configured USM users is maintained by the daemon.
> .Bd -literal -offset indent
> struct usm_user {
> struct snmp_user suser;
> uint8_t user_engine_id[SNMP_ENGINE_ID_SIZ];
> uint32_t user_engine_len;
> char user_public[SNMP_USM_NAME_SIZ];
> uint32_t user_public_len;
> int32_t status;
> int32_t type;
> SLIST_ENTRY(usm_user) up;
> };
> .Ed
> This structure represents an USM user. The daemon only responds to SNMPv3 PDUs
> with user credentials matching an USM user entry in its global list.
> If a SNMPv3 PDU is received, whose security model is USM, the global
> .Va usm_user
> is set to point at the user entry that matches the credentials contained in
> the PDU.
> However, the daemon does not create or remove USM users, it gives an interface
> to external loadable module(s) to manage the list.
> .Fn usm_new_user
> adds an user entry in the list, and
> .Fn usm_delete_user
> deletes an existing entry from the list.
> .Fn usm_flush_users
> is used to remove all configured USM users.
> .Fn usm_first_user
> will return the first user in the list, or
> .Li NULL
> if the list is empty.
> .Fn usm_next_user
> will return the next user of a given entry if one exists, or
> .Li NULL .
> The list is sorted according to the USM user name and Engine ID.
> .Fn usm_find_user
> returns the USM user entry matching the given
> .Fa engine
> and
> .Fa uname
> or
> .Li NULL
> if an user with the specified name and engine id is not present in the list.
555a647,651
> The global variables
> .Va oid_usmUnknownEngineIDs
> .Va oid_usmNotInTimeWindows
> contains the OIDs 1.3.6.1.6.3.15.1.1.4.0 and 1.3.6.1.6.3.15.1.1.2.0 used
> in the SNMPv3 USM Engine Discovery.
< .Dd February 27, 2006
---
> .Dd September 9, 2010
62a63,64
> .Nm oid_usmUnknownEngineIDs ,
> .Nm oid_usmNotInTimeWindows ,
102c104,113
< .Nm index_append_off
---
> .Nm index_append_off,
> .Nm bsnmpd_get_usm_stats,
> .Nm bsnmpd_reset_usm_stats,
> .Nm usm_first_user,
> .Nm usm_next_user,
> .Nm usm_find_user,
> .Nm usm_new_user,
> .Nm usm_delete_user,
> .Nm usm_flush_users,
> .Nm usm_user
230a242,260
> .Ft struct snmpd_usmstat *
> .Fn bsnmpd_get_usm_stats "void"
> .Ft void
> .Fn bsnmpd_reset_usm_stats "void"
> .Ft struct usm_user *
> .Fn usm_first_user "void"
> .Ft struct usm_user *
> .Fn usm_next_user "struct usm_user *uuser"
> .Ft struct usm_user *
> .Fn usm_find_user "uint8_t *engine" "uint32_t elen" "char *uname"
> .Ft struct usm_user *
> .Fn usm_new_user "uint8_t *engine" "uint32_t elen" "char *uname"
> .Ft void
> .Fn usm_delete_user "struct usm_user *"
> .Ft void
> .Fn usm_flush_users "void"
> .Vt extern struct usm_user *usm_user;
> .Vt extern const struct asn_oid oid_usmUnknownEngineIDs;
> .Vt extern const struct asn_oid oid_usmNotInTimeWindows;
542c572
< If a PDU is
---
> If a SNMPv1 or SNMPv2 PDU is
551a582,642
> .Ss THE USER-BASED SECURITY GROUP
> The scalar statistics of the USM group are held in the global variable
> .Va snmpd_usmstats :
> .Bd -literal -offset indent
> struct snmpd_usmstat {
> uint32_t unsupported_seclevels;
> uint32_t not_in_time_windows;
> uint32_t unknown_users;
> uint32_t unknown_engine_ids;
> uint32_t wrong_digests;
> uint32_t decrypt_errors;
> };
> .Ed
> .Fn bsnmpd_get_usm_stats
> returns a pointer to the global structure containing the statistics.
> .Fn bsnmpd_reset_usm_stats
> clears the statistics of the USM group.
> .Pp
> A global list of configured USM users is maintained by the daemon.
> .Bd -literal -offset indent
> struct usm_user {
> struct snmp_user suser;
> uint8_t user_engine_id[SNMP_ENGINE_ID_SIZ];
> uint32_t user_engine_len;
> char user_public[SNMP_USM_NAME_SIZ];
> uint32_t user_public_len;
> int32_t status;
> int32_t type;
> SLIST_ENTRY(usm_user) up;
> };
> .Ed
> This structure represents an USM user. The daemon only responds to SNMPv3 PDUs
> with user credentials matching an USM user entry in its global list.
> If a SNMPv3 PDU is received, whose security model is USM, the global
> .Va usm_user
> is set to point at the user entry that matches the credentials contained in
> the PDU.
> However, the daemon does not create or remove USM users, it gives an interface
> to external loadable module(s) to manage the list.
> .Fn usm_new_user
> adds an user entry in the list, and
> .Fn usm_delete_user
> deletes an existing entry from the list.
> .Fn usm_flush_users
> is used to remove all configured USM users.
> .Fn usm_first_user
> will return the first user in the list, or
> .Li NULL
> if the list is empty.
> .Fn usm_next_user
> will return the next user of a given entry if one exists, or
> .Li NULL .
> The list is sorted according to the USM user name and Engine ID.
> .Fn usm_find_user
> returns the USM user entry matching the given
> .Fa engine
> and
> .Fa uname
> or
> .Li NULL
> if an user with the specified name and engine id is not present in the list.
555a647,651
> The global variables
> .Va oid_usmUnknownEngineIDs
> .Va oid_usmNotInTimeWindows
> contains the OIDs 1.3.6.1.6.3.15.1.1.4.0 and 1.3.6.1.6.3.15.1.1.2.0 used
> in the SNMPv3 USM Engine Discovery.