OTP-8478: Added support for multiple SNMPv3 EngineIDs in a single agent

1 files changed, 52 insertions, 22 deletions

diff --git a/lib/snmp/src/agent/snmpa_usm.erl b/lib/snmp/src/agent/snmpa_usm.erl
index b94294844b..ae584bb3c1 100644
--- a/lib/snmp/src/agent/snmpa_usm.erl
+++ b/lib/snmp/src/agent/snmpa_usm.erl
@@ -19,8 +19,8 @@
 -module(snmpa_usm).
 
 -export([
-	 process_incoming_msg/4, 
-	 generate_outgoing_msg/5,
+	 process_incoming_msg/4, process_incoming_msg/5, 
+	 generate_outgoing_msg/5, generate_outgoing_msg/6,
 	 generate_discovery_msg/4, generate_discovery_msg/5,
 	 current_statsNotInTimeWindows_vb/0
 	]).
@@ -33,6 +33,7 @@
 
 -define(VMODULE,"A-USM").
 -include("snmp_verbosity.hrl").
+-include("snmpa_internal.hrl").
 
 
 %%-----------------------------------------------------------------
@@ -58,7 +59,11 @@
 %%-----------------------------------------------------------------
 
 process_incoming_msg(Packet, Data, SecParams, SecLevel) ->
-    TermDiscoEnabled = is_terminating_discovery_enabled(), 
+    LocalEngineID = ?DEFAULT_LOCAL_ENGINE_ID, 
+    process_incoming_msg(Packet, Data, SecParams, SecLevel, LocalEngineID).
+
+process_incoming_msg(Packet, Data, SecParams, SecLevel, LocalEngineID) ->
+    TermDiscoEnabled    = is_terminating_discovery_enabled(), 
     TermTriggerUsername = terminating_trigger_username(), 
     %% 3.2.1
     ?vtrace("process_incoming_msg -> check security parms: 3.2.1",[]),
@@ -124,7 +129,7 @@ process_incoming_msg(Packet, Data, SecParams, SecLevel) ->
 		    "~n   ~p",[UsmUser]),
 	    DiscoOrPlain = authenticate_incoming(Packet, 
 						 UsmSecParams, UsmUser, 
-						 SecLevel), 
+						 SecLevel, LocalEngineID), 
 	    %% 3.2.8
 	    ?vtrace("process_incoming_msg -> "
 		    "decrypt scoped data: 3.2.8",[]),
@@ -166,7 +171,8 @@ process_discovery_msg(MsgAuthEngineID, Data, SecLevel) ->
     end.
 	    
 
-authenticate_incoming(Packet, UsmSecParams, UsmUser, SecLevel) ->
+authenticate_incoming(Packet, UsmSecParams, UsmUser, SecLevel, 
+		      LocalEngineID) ->
     %% 3.2.6
     ?vtrace("authenticate_incoming -> 3.2.6", []),
     AuthProtocol = element(?usmUserAuthProtocol, UsmUser),
@@ -190,7 +196,8 @@ authenticate_incoming(Packet, UsmSecParams, UsmUser, SecLevel) ->
 			 SecName,
 			 MsgAuthEngineID,
 			 MsgAuthEngineBoots, 
-			 MsgAuthEngineTime) of
+			 MsgAuthEngineTime,
+			 LocalEngineID) of
 		discovery ->
 		    discovery;
 		true -> 
@@ -205,15 +212,15 @@ authenticate_incoming(Packet, UsmSecParams, UsmUser, SecLevel) ->
 	    plain
     end.
 	    
-authoritative(SecName, MsgAuthEngineBoots, MsgAuthEngineTime) ->
+authoritative(SecName, MsgAuthEngineBoots, MsgAuthEngineTime, LocalEngineID) ->
     ?vtrace("authoritative -> entry with"
 	    "~n   SecName:            ~p"
 	    "~n   MsgAuthEngineBoots: ~p"
 	    "~n   MsgAuthEngineTime:  ~p", 
 	    [SecName, MsgAuthEngineBoots, MsgAuthEngineTime]),
-    SnmpEngineBoots = snmp_framework_mib:get_engine_boots(),
+    SnmpEngineBoots = get_local_engine_boots(LocalEngineID),
     ?vtrace("authoritative -> SnmpEngineBoots: ~p", [SnmpEngineBoots]),
-    SnmpEngineTime = snmp_framework_mib:get_engine_time(),
+    SnmpEngineTime = get_local_engine_time(LocalEngineID),
     ?vtrace("authoritative -> SnmpEngineTime: ~p", [SnmpEngineTime]),
     InTimeWindow =
 	if
@@ -320,11 +327,12 @@ non_authoritative(SecName,
     end.
 
       
-is_auth(?usmNoAuthProtocol, _, _, _, SecName, _, _, _) -> % 3.2.5
+is_auth(?usmNoAuthProtocol, _, _, _, SecName, _, _, _, _) -> % 3.2.5
     error(usmStatsUnsupportedSecLevels,
 	  ?usmStatsUnsupportedSecLevels_instance, SecName); % OTP-5464
 is_auth(AuthProtocol, AuthKey, AuthParams, Packet, SecName,
-	MsgAuthEngineID, MsgAuthEngineBoots, MsgAuthEngineTime) ->
+	MsgAuthEngineID, MsgAuthEngineBoots, MsgAuthEngineTime, 
+	LocalEngineID) ->
     TermDiscoEnabled = is_terminating_discovery_enabled(), 
     TermDiscoStage2  = terminating_discovery_stage2(), 
     IsAuth = auth_in(AuthProtocol, AuthKey, AuthParams, Packet),
@@ -334,7 +342,7 @@ is_auth(AuthProtocol, AuthKey, AuthParams, Packet, SecName,
 	    %% 3.2.7
 	    ?vtrace("is_auth -> "
 		    "retrieve EngineBoots and EngineTime: 3.2.7",[]),
-	    SnmpEngineID = snmp_framework_mib:get_engine_id(),
+	    SnmpEngineID = LocalEngineID,
 	    ?vtrace("is_auth -> SnmpEngineID: ~p", [SnmpEngineID]),
 	    case MsgAuthEngineID of
 		SnmpEngineID when ((MsgAuthEngineBoots =:= 0) andalso 
@@ -351,12 +359,14 @@ is_auth(AuthProtocol, AuthKey, AuthParams, Packet, SecName,
 		    %% This will *always* result in the manager *not* 
 		    %% beeing in timewindow
 		    authoritative(SecName, 
-				  MsgAuthEngineBoots, MsgAuthEngineTime);
+				  MsgAuthEngineBoots, MsgAuthEngineTime, 
+				  LocalEngineID);
 
 		SnmpEngineID -> %% 3.2.7a
 		    ?vtrace("is_auth -> we are authoritative: 3.2.7a", []),
 		    authoritative(SecName, 
-				  MsgAuthEngineBoots, MsgAuthEngineTime);
+				  MsgAuthEngineBoots, MsgAuthEngineTime, 
+				  LocalEngineID);
 
 		_ -> %% 3.2.7b - we're non-authoritative
 		    ?vtrace("is_auth -> we are non-authoritative: 3.2.7b",[]),
@@ -418,12 +428,19 @@ try_decrypt(?usmAesCfb128Protocol,
 
 
 generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel) ->
+    LocalEngineID = ?DEFAULT_LOCAL_ENGINE_ID, 
+    generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel, 
+			  LocalEngineID).
+
+generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel, 
+		      LocalEngineID) ->
     %% 3.1.1
     ?vtrace("generate_outgoing_msg -> [3.1.1] entry with"
-	    "~n   SecEngineID: ~p"
-	    "~n   SecName:     ~p"
-	    "~n   SecLevel:    ~w", 
-	    [SecEngineID, SecName, SecLevel]),
+	    "~n   SecEngineID:   ~p"
+	    "~n   SecName:       ~p"
+	    "~n   SecLevel:      ~w" 
+	    "~n   LocalEngineID: ~p", 
+	    [SecEngineID, SecName, SecLevel, LocalEngineID]),
     {UserName, AuthProtocol, PrivProtocol, AuthKey, PrivKey} =
 	case SecData of
 	    [] -> % 3.1.1b
@@ -439,7 +456,7 @@ generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel) ->
 			 element(?usmUserPrivKey, User)};
 		    {_, Name,_,_,_,_,_,_,_,_,_,_,_, RowStatus,_,_} ->
 			?vdebug("generate_outgoing_msg -> "
-				"found user ~p with wrong row status: ~p", 
+				"found not active user ~p: ~p", 
 				[Name, RowStatus]),
 			error(unknownSecurityName);
 		    _ ->
@@ -460,7 +477,7 @@ generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel) ->
     ScopedPduBytes = Message#message.data,
     {ScopedPduData, MsgPrivParams} =
 	encrypt(ScopedPduBytes, PrivProtocol, PrivKey, SecLevel),
-    SnmpEngineID = snmp_framework_mib:get_engine_id(),
+    SnmpEngineID = LocalEngineID, 
     ?vtrace("generate_outgoing_msg -> SnmpEngineID: ~p [3.1.6]",
 	    [SnmpEngineID]),
     %% 3.1.6
@@ -474,8 +491,8 @@ generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel) ->
 		{get_engine_boots(SecEngineID),
 		 get_engine_time(SecEngineID)};
 	    _ ->
-		{snmp_framework_mib:get_engine_boots(),
-		 snmp_framework_mib:get_engine_time()}
+		{get_local_engine_boots(SnmpEngineID),
+		 get_local_engine_time(SnmpEngineID)}
 	end,
     %% 3.1.5 - 3.1.7
     ?vtrace("generate_outgoing_msg -> [3.1.5 - 3.1.7]",[]),
@@ -681,6 +698,19 @@ current_statsNotInTimeWindows_vb() ->
 	     value        = get_counter(usmStatsNotInTimeWindows)}.
 
 
+
+%%-----------------------------------------------------------------
+%% Future profing...
+%%-----------------------------------------------------------------
+
+get_local_engine_boots(_LocalEngineID) ->
+    snmp_framework_mib:get_engine_boots().
+
+get_local_engine_time(_LocalEngineID) ->
+    snmp_framework_mib:get_engine_time().
+
+
+
 %%-----------------------------------------------------------------
 %% We cache the local values of all non-auth engines we know.
 %% Keep the values in the snmp_agent_table.