SNMP Subagent Programmer's Guide
Security Checker
2-92 119728—SNMP Subagent Programmer’s Guide
Programming Tutorials
Example 2-19. Security Checker Authentication Function
/* authent.c - authentication function for hello-security
subagent example */
static short
#ifdef USE_PROTOTYPES
authenticate(void)
#else
authenticate()
#endif
{
/*
authenticate() returns 1 if (global) password exactly matches
<subagent-community-string>, 0 otherwise.
the agent sends us exactly the community string it received.
however, it only validates the portion before the double-colons;
the rest is up to us. The syntax for the community string is:
{ <agent-community-string> } [ :: <subagent-community-string> ]
Note that we are only comparing two strings (password from
run-line argument 3, and <subagent-community-string>) in this
function. We don't know if these are plain-text or one-way hash
encoded or something else. For true access security one might use
something like a one-way hash of a {timestamp,username} tuple.
We don't validate hostaddr, the address the request came from, but
that could also be done in this function.
*/
static char terminator[] = {"::"}; <--
14
char * passwdptr; <--
15
/* ignore the agent community */
if ((passwdptr = strstr(community.val, terminator)) == NULL) <--
16
{ return(0); } /* no :: separator */
passwdptr = passwdptr + strlen(terminator); /* skip the :: separator */ <--
17
if (strcmp(passwdptr, password) != 0) <--
18
{ return(0); } /* subagent passwords do not match */
return(1); /* OK! */
}