diff -u --recursive --new-file net-snmp/PakConfigure net-snmp.DCX/PakConfigure --- net-snmp/PakConfigure Wed Dec 31 18:00:00 1969 +++ net-snmp.DCX/PakConfigure Fri Jun 28 09:49:11 2002 @@ -0,0 +1,8 @@ +# .pakuni.net: + +./configure --enable-ipv6 --with-openssl=/usr/local/ssl/ --with-ldflags="-L/usr/local/lib -lmhash" --with-mib-modules="tunnel PakDefConX" --enable-shared --with-libwrap --with-persistent-directory="/var/net-snmp" --with-sys-contact="defconx@paktronix.com" --with-sys-location="PakSecured-2.4.18" --with-logfile="/var/log/" --with-perl-modules --with-default-snmp-version="3" --with-copy-persistant-files=no + +# --with-transports="UDP UDPIPv6 TCP TCPIPv6 Unix Callback IPX" +# --enable-embedded-perl +# + diff -u --recursive --new-file net-snmp/agent/mibgroup/PakDefConX.c net-snmp.DCX/agent/mibgroup/PakDefConX.c --- net-snmp/agent/mibgroup/PakDefConX.c Wed Dec 31 18:00:00 1969 +++ net-snmp.DCX/agent/mibgroup/PakDefConX.c Fri Jun 28 09:23:51 2002 @@ -0,0 +1,217 @@ +/* This file is the implmentation of the PakHASH MIB functions for + * the talk given by Matthew G. Marsh at DefCon X 2002. + * All rights reserved + */ + +/* Paktronix Systems LLC + * PakHash Implementation Core Program + * + * This file is the core implementation code for the remote file + * hash PakMIB structure. It is hereby released under GPL v2. + * Please note that the only valid version of the GPL as far as this code + * is concerned is the following particular version of the license: + * GNU GENERAL PUBLIC LICENSE + * Version 2, June 1991 + * unless explicitly otherwise stated. + */ + +/* Headers needed by NetSNMP v5.0 */ + +#include +#include +#include +#include "util_funcs.h" + +/* System required headers */ + +#include +#include +#include +#include + +/* Pak required Headers */ + +#include "PakDefConX.h" +#include + +/* Standard definitions for our allowable sizes etc */ + +#define MAXFILELEN 1024 +#define CLEAR_HASH "00000000000000000000000000000000000" +#define DEFAULTFILE "/etc/hosts" + +/* + * PakDefConX_variables_oid: + * this is the top level oid that we want to register under. This + * is essentially a prefix, with the suffix appearing in the + * variable below. + */ + +oid PakDefConX_variables_oid[] = { 1,3,6,1,4,1,9248,1 }; + +/* static variables for later on */ + +static char outputhash[35]; +static char pakfilename[MAXFILELEN +1]; + +/* + * variable2 PakDefConX_variables: + * this variable defines function callbacks and type return information + * for the PakDefConX mib section + */ + +struct variable2 PakDefConX_variables[] = { +/* magic number , variable type , ro/rw , callback fn , L, oidsuffix */ + { PAKFILENAME, ASN_OCTET_STR, RWRITE, var_PakDefConX, 2, { 1,1 } }, + { PAKFILEHASH, ASN_OCTET_STR, RONLY, var_PakDefConX, 2, { 1,2 } }, +}; + +/* + * init_PakDefConX(): + * Initialization routine. This is called when the agent starts up. + */ + +void init_PakDefConX(void) { + + /* register ourselves with the agent to handle our mib tree */ + + REGISTER_MIB("PakDefConX", PakDefConX_variables, variable2, PakDefConX_variables_oid); + + /* set up a non-null hash file name */ + + strcpy(pakfilename, DEFAULTFILE); + +} + +/* Mhash routine function to generate MD5 sum + * In the future this will take an additional input value to select different hash + * types. Currently this is forced to MD5 (easy implementation... ) + */ + +void pakhash(char *thisfile) + { + int st, i; + MHASH td; + unsigned char buffer, *hash; + unsigned char ohash[5]; + void *result = malloc(35); + FILE *in; + + strcpy(result, CLEAR_HASH); + strcpy(outputhash, " "); + + DEBUGMSGTL(("PakDefConX","Clear outputhash %s result %s\n", outputhash, result)); + + td = mhash_init(MHASH_MD5); + if (td == MHASH_FAILED) exit(1); + in = fopen(thisfile,"r"); + + if (!in) return 1; + + while (fread(&buffer, 1, 1, in) == 1) { + mhash(td, &buffer, 1); + } + + hash = mhash_end(td); + + DEBUGMSGTL(("PakDefConX","End of mhash process hash is %x\n",hash)); + + for (i = 0; i < mhash_get_block_size(MHASH_MD5); i++) { + + DEBUGMSGTL(("PakDefConX", "in loop i is %d\n", i)); + + st = sprintf(ohash, "%.2x", hash[i]); + + DEBUGMSGTL(("PakDefConX", "in loop ohash is %s, result is %s\n", ohash, result)); + + if ( i == 0 ) memcpy(result, ohash, 2); + if ( i != 0 ) memcpy(&result[(i*2)], ohash, 2); + } + + memcpy(outputhash, result, 32); + free(result); + result = NULL; + + DEBUGMSGTL(("PakDefConX", "the outputhash is %s\n", outputhash)); + +} + +/* + * var_PakDefConX(): + * This function is called every time the agent gets a request for + * a scalar variable within the .1.3.6.1.4.1.9248 MIB spectrum. + */ + +unsigned char * var_PakDefConX(struct variable *vp, + oid * name, + size_t * length, + int exact, + size_t * var_len, + WriteMethod ** write_method) +{ + + static long temp_long; + + /* assume no write and integer set for now just to register */ + + *write_method = 0; + *var_len = sizeof(temp_long); + + if (header_generic(vp, name, length, exact, var_len, write_method) ) + return 0; + + /* + * this is where we do the value assignments for the mib results. + */ + + switch(vp->magic) { + + case PAKFILENAME: + + *write_method = write_PakFileName; + *var_len = strlen(pakfilename); + return (unsigned char *) pakfilename; + + case PAKFILEHASH: + + pakhash(pakfilename); + *var_len = strlen(outputhash); + return (unsigned char *) &outputhash; + + default: + ERROR_MSG("whoopsie we did not specify"); + } + return NULL; +} + +int write_PakFileName(int action, + u_char * var_val, + u_char var_val_type, + size_t var_val_len, + u_char * statP, + oid * name, + size_t name_len) +{ + if (var_val_type != ASN_OCTET_STR) { + DEBUGMSGTL(("PakDefConX", "write to PakSETFile not ASN_OCTET_STR\n")); + return SNMP_ERR_WRONGTYPE; + } + if (var_val_len > MAXFILELEN) { + DEBUGMSGTL(("PakDefConX", "write to PakSETFile: bad length\n")); + return SNMP_ERR_WRONGLENGTH; + } + if (action == COMMIT) { + if (var_val_len != 0) { + strcpy(pakfilename, var_val); + pakfilename[var_val_len] = '\0'; + } else + pakfilename[0] = '\0'; + } + return SNMP_ERR_NOERROR; +} + + + + + + diff -u --recursive --new-file net-snmp/agent/mibgroup/PakDefConX.h net-snmp.DCX/agent/mibgroup/PakDefConX.h --- net-snmp/agent/mibgroup/PakDefConX.h Wed Dec 31 18:00:00 1969 +++ net-snmp.DCX/agent/mibgroup/PakDefConX.h Fri Jun 28 08:47:32 2002 @@ -0,0 +1,23 @@ +/* This file was generated by mib2c and is intended for use as a mib module + for the ucd-snmp snmpd agent. */ + +#ifndef _MIBGROUP_PAKDEFCONX_H +#define _MIBGROUP_PAKDEFCONX_H + +/* we may use header_generic and header_simple_table from the util_funcs module */ + +config_require(util_funcs) + + +/* Magic Numbers for MIB defs */ + +#define PAKFILENAME 3 +#define PAKFILEHASH 4 + +/* function prototypes */ + +extern void init_PakDefConX(void); +extern FindVarMethod var_PakDefConX; +WriteMethod write_PakFileName; + +#endif /* _MIBGROUP_PAKDEFCONX_H */ diff -u --recursive --new-file net-snmp/mibs/Makefile.in net-snmp.DCX/mibs/Makefile.in --- net-snmp/mibs/Makefile.in Sat Apr 20 02:30:15 2002 +++ net-snmp.DCX/mibs/Makefile.in Fri Jun 28 08:39:28 2002 @@ -38,13 +38,15 @@ NETSNMPMIBS = NET-SNMP-MIB.txt NET-SNMP-AGENT-MIB.txt NET-SNMP-EXAMPLES-MIB.txt +PAKMIBS = PakDefConX.mib + UCDMIBS = UCD-SNMP-MIB.txt UCD-DEMO-MIB.txt UCD-IPFWACC-MIB.txt \ UCD-DLMOD-MIB.txt UCD-DISKIO-MIB.txt DEFAULTMIBS = @default_mibs_install@ MIBS = $(V1MIBS) $(V2MIBS) $(V3MIBS) $(RFCMIBS) \ - $(AGENTMIBS) $(IANAMIBS) \ + $(AGENTMIBS) $(IANAMIBS) $(PAKMIBS) \ $(NETSNMPMIBS) $(UCDMIBS) $(DEFAULTMIBS) all: standardall diff -u --recursive --new-file net-snmp/mibs/PakDefConX.mib net-snmp.DCX/mibs/PakDefConX.mib --- net-snmp/mibs/PakDefConX.mib Wed Dec 31 18:00:00 1969 +++ net-snmp.DCX/mibs/PakDefConX.mib Fri Jun 28 08:45:35 2002 @@ -0,0 +1,55 @@ +PAKDEFCONX-MIB DEFINITIONS ::= BEGIN + +IMPORTS + OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY, + enterprises + FROM SNMPv2-SMI; + + +PakDefConX MODULE-IDENTITY + LAST-UPDATED "200206280000Z" -- Jun 28 2002 + ORGANIZATION "Paktronix Systems LLC" + CONTACT-INFO + " Matthew G. Marsh + Paktronix Systems LLC + 1506 North 59th Street + Omaha NE 68104-4830 USA + + Tel: (402) 932-7250 + E-mail: defconx@paktronix.com + + Technical Support E-mail: defconx@paktronix.com" + + DESCRIPTION + " The private extensions to the MIB sub-tree of + Paktronix Systems LLC for the SNMPv3 talk at + DefCon X 2002" + + ::= { enterprises 9248 } + +PakDC OBJECT IDENTIFIER ::= { PakDefConX 1 } +-- The OBJECT IDENTIFIER for all PakDefConX tricks + +PakSETFiles OBJECT IDENTIFIER ::= { PakDC 1 } + +PakTestFileString OBJECT-TYPE + SYNTAX OCTET STRING (SIZE(0..1024)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A publicly settable string that can be set for testing + snmpsets. This value will eventually be used as the file + name for the PakHash function." + ::= { PakSETFiles 1 } + +PakTestFileHash OBJECT-TYPE + SYNTAX String + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object returns the md5sum of the file name + set into PakFileTestString. + Only the md5sum is returned." + ::= { PakSETFiles 2 } + +END