Fix bsnmpd(1) crash with ill-formed Discovery message

RFC 3414 Section 4. Discovery specifies that a discovery request message has a
varBindList left empty. Nonetheless, bsnmpd(1) should not crash when receiving
a non-zero var-bindings list in a Discovery Request message.

PR: 255214
MFC after: 2 weeks

bsnmpd(1): Replace dubious srandomdev+random(3) with arc4random(3)

Add IPv6 transport for bsnmp.

This patch adds a new table begemotSnmpdTransInetTable that uses the
InetAddressType textual convention and can be used to create listening
ports for IPv4, IPv6, zoned IPv6 and based on DNS names. It also supports
future extension beyond UDP by adding a protocol identifier to the table
index. In order to support this gensnmptree had to be modified.

Submitted by: harti
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16654

Update bsnmp to version 1.13. This does not bring user-visible changes.
For developers gensnmptree can now generate functions for enums to convert
between enums and strings and to check the validity of a value.
The sources in FreeBSD are now in sync with the upstream which allows to
bring in IPv6 modifications.

Rename "index" variable to "idx" since gcc complains that it shadows
index(3) function declaration.

Reported by: lwhsu
MFC after: 2 weeks

Add to bsnmpd(1) ability to specify multiple community strings with
different access rights.

By default there are two community strings with index 1 and 2, one for
read-only access and second for read-write access:

begemotSnmpdCommunityString.0.1 = $(read)
begemotSnmpdCommunityString.0.2 = $(write)

Now it is possible to define additional community strings using different
indexes:

begemotSnmpdCommunityString.0.3 = "SomeString1"
begemotSnmpdCommunityPermission.0.3 = 1
begemotSnmpdCommunityString.0.4 = "SomeString2"
begemotSnmpdCommunityPermission.0.4 = 2
begemotSnmpdCommunityString.0.5 = "SomeString3"
begemotSnmpdCommunityString.0.6 = "SomeString4"

New attribute begemotSnmpdCommunityPermission can be used to specify access
rights: 1 means "read-only" access, 2 means "read-write" access. If
attribute is not specified for some index this means "read-only" rights.

Community strings must be unique, i.e. must not be the same for different
indexes.

Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D13785

bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
out of order addresses

Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
to ensure that the value is properly initialized before it's inserted
into the TAILQ.

MFC after: 1 week
PR: 217760
Submitted by: eugen
Sponsored by: Dell EMC Isilon

lm_load: fix string copying issues

- Ensure `section` doesn't overrun section by using strlcpy instead of
strcpy [*].
- Use strdup instead of malloc + strcpy (this wasn't flagged by Coverity,
but is an opportunistic change).

MFC after: 1 week
Reported by: Coverity
CID: 1006826 [*]

Initialize ret to SNMPD_INPUT_OK at the top of snmp_input_start(..) to
avoid returning an uninitialized value

There are some really complicated, snakey if-statements combined with
switch statements that could result in an invalid value being returned
as `ret`

MFC after: 1 week
Reported by: Coverity
CID: 1006551

Fix bsnmpd sending/receiving with multi-homed configurations or INADDR_ANY used
as the listening address in snmpd_input(..)

Stash the IPv4 address of the receiver via the recv(..) callback and use it in
the send(..) callback for the transport by specifying IP_SENDSRCADDR for the
control message type.

Add sendmsg logic to the UDP transport's send(..) callback and use the
respective send(..) callback for the transport instead of calling sendto in
snmpd_input(..).

MFC after: 3 weeks
Obtained from: Isilon OneFS (^/onefs/branches/BR_8_0_0_DEV@r507595)
Submitted by: Thor Steingrimsson <thor.steingrimsson@isilon.com>
Sponsored by: Dell EMC Isilon

style(9): clean up trailing whitespace

MFC after: 3 weeks

Fix return type for `ret` (recv callback) and sort variables by alignment

Again, for reasons I don't yet understand, this is not being flagged by the
compiler. Unlike the issue addressed in r310587, this problem existed prior
to r310586

MFC after: 2 weeks
X-MFC with: r310586, r310587

Refactor transport sources a bit to facilitate changes coming down pipeline

Add recv callback to transport layer to better facilitate code reuse and
readability and for symmetry with send callback. Move recv_dgram and
recv_stream to udp_recv and lsock_recv, respectively, and make the
beforementioned functions recv callbacks for the udp and lsock transports,
respectively.

Consolidate the check_priv* functions in their relevant trans*.c source to
limit scope/use.

Note: this code is roughly based content from the submitter, although this
was modified to be more of a direct move from snmpd/main.c to the trans_*.c
sources, and to reduce unnecessary static function declarations.

MFC after: 2 weeks
Submitted by: Thor Steingrimsson <thor.steingrimsson@isilon.com>
Sponsored by: Dell EMC Isilon

Allow SNMPv3 authNoPriv and noAuthNoPriv protocols to discover snmpEngineTime
as discussed in RFC-5343

This fixes interoperability with net-snmp.

Tested with the following invocations of snmpwalk (from net-snmp):

- noAuthNoPriv:

% snmpwalk -v 3 -n '' -u public localhost snmpEngineTime

- authNoPriv:

% snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authNoPriv -a sha localhost \
localhost snmpEngineTime

- authPriv:

% snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authPriv -a sha -x des \
-X bsnmptest localhost snmpEngineTime

MFC after: 1 week
Obtained from: Isilon OneFS (5ec6d772cacbc, with minor tweaks)
Submitted by: Austin Voecks <austin.voecks@isilon.com>
Sponsored by: Dell EMC Isilon

Clarify failure in snmp_output(..) with call to snmp_pdu_decode

- Explicitly test snmp_pdu_encode against SNMP_CODE_OK instead of assuming
any non-zero value is bad.
- Print out the code before calling abort() to give the end-user something
actionable to debug without having to recompile the binary, since the
core might not have these details.

MFC after: 1 week

Revert r299830, it has couple of fatal errors.

The CMSG_ family of macros take care of alignment, so we don't need r299830
at all, even if it was correct. Put NO_WCAST_ALIGN into Makefile.

Together with: peter

Fix -Wcast-align warnings

Use memcpy instead of using direct assignment of void* pointers with
CMSG_DATA(..), which changes alignment

MFC after: 3 weeks
Reported by: clang
Sponsored by: EMC / Isilon Storage Division

Use SNMPD_INPUT_FAILED instead of SNMP_CODE_FAILED

SNMPD_INPUT_FAILED is `enum snmpd_input_err` type (which matches the return
code from the function). SNMP_CODE_FAILED is `enum snmp_code` type.

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division

Use `sizeof(*uuser)` instead of `sizeof(struct usm_user)` for consistency with
the rest of the users in the file

No functional change

MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division

Staticize several variables that are used exclusively in bsnmpd/main.c and
bsnmpd/trap.c

This fixes several -Wmissing-variable-declaration warnings noted by clang

Differential Revision: https://reviews.freebsd.org/D4718
MFC after: 1 week
Reported by: Jenkins
Reviewed by: araujo
Sponsored by: EMC / Isilon Storage Division

Re-do r240271:
- Set IP_RECVDSTADDR sockopt on the socket only in case if
it is INADDR_ANY bound.
- Supply IP_SENDSRCADDR control message only if we did receive
IP_RECVDSTADDR control message.

This fixes operation of snmpd bound to a specific local IP address.

PR: bin/171279

For UDP transport set IP_RECVDSTADDR sockopt on the socket, and provide
IP_SENDSRCADDR control with datagram message we reply with. This makes
bsnmpd reply from exactly same address that request was sent to, thus
successfully bypassing stateful firewalls or other kinds of strict checking.

PR: bin/171279

The first part of check_priv() function, that attempts to obtain creds
from the control message, actually never worked. This means check_priv()
didn't work for local dgram sockets.

The SCM_CREDS control messages is received only in two cases:

1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case
the message is struct sockcred.
2) If sender did supplied SCM_CREDS control message in his sendmsg()
syscall. In this case the message is struct cmsgcred.

We can't rely on 2), so we will use 1) for dgram sockets. For stream
sockets it is more reliable to obtain accept-time credentials, since
SCM_CREDS control message is attached only on first read. Thus:

o Do setsockopt(LOCAL_CREDS) on local dgram sockets.
o Split check_priv() into check_priv_stream() and check_priv_dgram(),
and call them from recv_stream() and recv_dgram() respectively.
o Don't provide space for SCM_CREDS control message in recv_stream().
o Provide space for SCM_CREDS control message in recv_dgram(), but there
is no need to initialize anything in it.
o In recv_dgram() do not blindly expect that first message is SCM_CREDS,
instead use correct search cycle through control messages.

memset() wants the size of the structure to clear, not the size
of the pointer to it.

Submitted by: Pawel Worach

Don't spam syslog with "inet_ntop(): Address family not supported
by protocol family" when processing requests received from the
UNIX domain socket.

MFC after: 3 days

Bring in a SNMP module that allows configuration of SNMPv3 Notification targets.

Sponsored by: The FreeBSD Foundation
Reviewed by: philip
Approved by: philip

In bsnmpd(1) add support for SNMPv3 message processing model, including message authentication, packet encryption & view-based access control (RFC 3412, 3414, 3415).

Sponsored by: The FreeBSD Foundation
Reviewed by: philip@ (mostly)
Approved by: philip@

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

Vendor patch: Prevent bsnmpd from dumping core when a module's init hook
returns an error.

Approved by: bz (mentor), harti

Virgin import of bsnmpd 1.12

Vendor patch: prevent a core dump when the trace option is not followed
by an option value.

Submitted by: Shteryana Shopova <shteryana@yahoo.com>

Vendor fix: make the default read and write communities NULL. This
basically disables any access unless other strings are set in the config
file. Note, that there is no way to set the communities back to NULL once
they're set to something not NULL.

Vendor fix for the build problem of snmp_pf. Move the fallback definitions
for U?INT32_{MAX,MIN} from asn1.h into the .c files that actually require
them (the .h file doesn't refer to these macros).

Virgin import of bsnmpd 1.11

Virgin import of bsnmpd 1.10

Vendor patch: fix a bug that was introduced when moving from libisc to
libbegemot: the rpoll_start_timer function needs the timeout value in
milli-seconds, not the absolute time when the timer should tick.

Virgin import of bsnmp 1.9

Virgin import of bsnmpd 1.8

Virgin import of bsnmpd 1.7

Import of bsnmpd 1.6

Virgin import of bsnmpd 1.5a

Virgin import of bsnmp 1.4