nut-debian/tools/nut-scanner/scan_snmp.c

/*
 *  Copyright (C) 2011 - EATON
 *  Copyright (C) 2016-2021 - EATON - Various threads-related improvements
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

/*! \file scan_snmp.c
    \brief detect NUT supported SNMP devices
    \author Frederic Bohe <FredericBohe@Eaton.com>
    \author Arnaud Quette <ArnaudQuette@Eaton.com>
    \author Jim Klimov <EvgenyKlimov@eaton.com>
*/

#include "common.h"
#include "nut-scan.h"

#ifdef WITH_SNMP

#include <sys/socket.h>
#include <stdio.h>
#include <string.h>
#include <ltdl.h>

/* workaround for buggy Net-SNMP config
 * from drivers/snmp-ups.h */
#ifdef PACKAGE_BUGREPORT
#undef PACKAGE_BUGREPORT
#endif

#ifdef PACKAGE_NAME
#undef PACKAGE_NAME
#endif

#ifdef PACKAGE_VERSION
#undef PACKAGE_VERSION
#endif

#ifdef PACKAGE_STRING
#undef PACKAGE_STRING
#endif

#ifdef PACKAGE_TARNAME
#undef PACKAGE_TARNAME
#endif

#include <net-snmp/net-snmp-config.h>
#include <net-snmp/net-snmp-includes.h>
#include "nutscan-snmp.h"

/* Address API change */
#if ( ! NUT_HAVE_LIBNETSNMP_usmAESPrivProtocol ) && ( ! defined usmAESPrivProtocol )
#define USMAESPRIVPROTOCOL "usmAES128PrivProtocol"
#else
#define USMAESPRIVPROTOCOL "usmAESPrivProtocol"
#endif

#define SysOID ".1.3.6.1.2.1.1.2.0"

/* use explicit booleans */
#ifndef FALSE
typedef enum ebool { FALSE = 0, TRUE } bool_t;
#else
typedef int bool_t;
#endif

static nutscan_device_t * dev_ret = NULL;
#ifdef HAVE_PTHREAD
static pthread_mutex_t dev_mutex;
#endif
static useconds_t g_usec_timeout ;

/* dynamic link library stuff */
static lt_dlhandle dl_handle = NULL;
static const char *dl_error = NULL;

static void (*nut_init_snmp)(const char *type);
static void (*nut_snmp_sess_init)(netsnmp_session * session);
static void * (*nut_snmp_sess_open)(struct snmp_session *session);
static int (*nut_snmp_sess_close)(void *handle);
static struct snmp_session * (*nut_snmp_sess_session)(void *handle);
static void * (*nut_snmp_parse_oid)(const char *input, oid *objid,
		size_t *objidlen);
static struct snmp_pdu * (*nut_snmp_pdu_create) (int command);
static netsnmp_variable_list * (*nut_snmp_add_null_var)(netsnmp_pdu *pdu,
			const oid *objid, size_t objidlen);
static int (*nut_snmp_sess_synch_response) (void *sessp, netsnmp_pdu *pdu,
			netsnmp_pdu **response);
static int (*nut_snmp_oid_compare) (const oid *in_name1, size_t len1,
			const oid *in_name2, size_t len2);
static void (*nut_snmp_free_pdu) (netsnmp_pdu *pdu);

/* NOTE: Net-SNMP headers just are weird like that, in the same release:
net-snmp/types.h:              size_t securityAuthProtoLen;
net-snmp/library/keytools.h:   int    generate_Ku(const oid * hashtype, u_int hashtype_len, ...
 * Should we match in configure like for "getnameinfo()" arg types?
 * Currently we cast one to another below (detecting target type could help).
 */
static int (*nut_generate_Ku)(const oid * hashtype, u_int hashtype_len,
			unsigned char * P, size_t pplen, unsigned char * Ku, size_t * kulen);
static char* (*nut_snmp_out_toggle_options)(char *options);
static const char * (*nut_snmp_api_errstring) (int snmp_errnumber);

/* Variables (not methods) exported by libnet-snmp: */
static int *nut_snmp_errno;
#if NUT_HAVE_LIBNETSNMP_usmAESPrivProtocol || NUT_HAVE_LIBNETSNMP_usmAES128PrivProtocol
static oid *nut_usmAESPrivProtocol; /* might be usmAES128PrivProtocol on some systems */
#endif
#if NUT_HAVE_LIBNETSNMP_usmHMACMD5AuthProtocol
static oid *nut_usmHMACMD5AuthProtocol;
#endif
#if NUT_HAVE_LIBNETSNMP_usmHMACSHA1AuthProtocol
static oid *nut_usmHMACSHA1AuthProtocol;
#endif
#if NUT_HAVE_LIBNETSNMP_usmDESPrivProtocol
static oid *nut_usmDESPrivProtocol;
#endif
#if NUT_HAVE_LIBNETSNMP_DRAFT_BLUMENTHAL_AES_04
# if NUT_HAVE_LIBNETSNMP_usmAES192PrivProtocol
static oid *nut_usmAES192PrivProtocol;
# endif
# if NUT_HAVE_LIBNETSNMP_usmAES256PrivProtocol
static oid *nut_usmAES256PrivProtocol;
# endif
#endif
#if NUT_HAVE_LIBNETSNMP_usmHMAC192SHA256AuthProtocol
static oid *nut_usmHMAC192SHA256AuthProtocol;
#endif
#if NUT_HAVE_LIBNETSNMP_usmHMAC256SHA384AuthProtocol
static oid *nut_usmHMAC256SHA384AuthProtocol;
#endif
#if NUT_HAVE_LIBNETSNMP_usmHMAC384SHA512AuthProtocol
static oid *nut_usmHMAC384SHA512AuthProtocol;
#endif

/* return 0 on error; visible externally */
int nutscan_load_snmp_library(const char *libname_path);

int nutscan_load_snmp_library(const char *libname_path)
{
	if (dl_handle != NULL) {
		/* if previous init failed */
		if (dl_handle == (void *)1) {
			return 0;
		}
		/* init has already been done */
		return 1;
	}

	if (libname_path == NULL) {
		upsdebugx(1, "SNMP library not found. SNMP search disabled");
		return 0;
	}

	if (lt_dlinit() != 0) {
		upsdebugx(1, "Error initializing lt_init");
		return 0;
	}

	dl_handle = lt_dlopen(libname_path);
	if (!dl_handle) {
		dl_error = lt_dlerror();
		goto err;
	}

	lt_dlerror();	/* Clear any existing error */
	*(void **) (&nut_init_snmp) = lt_dlsym(dl_handle, "init_snmp");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_sess_init) = lt_dlsym(dl_handle,
							"snmp_sess_init");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_sess_open) = lt_dlsym(dl_handle,
							"snmp_sess_open");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_sess_close) = lt_dlsym(dl_handle,
							"snmp_sess_close");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_sess_session) = lt_dlsym(dl_handle,
							"snmp_sess_session");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_parse_oid) = lt_dlsym(dl_handle,
							"snmp_parse_oid");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_pdu_create) = lt_dlsym(dl_handle,
							"snmp_pdu_create");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_add_null_var) = lt_dlsym(dl_handle,
							"snmp_add_null_var");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_sess_synch_response) = lt_dlsym(dl_handle,
						"snmp_sess_synch_response");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_oid_compare) = lt_dlsym(dl_handle,
							"snmp_oid_compare");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_free_pdu) = lt_dlsym(dl_handle, "snmp_free_pdu");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_generate_Ku) = lt_dlsym(dl_handle, "generate_Ku");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_out_toggle_options) = lt_dlsym(dl_handle,
							"snmp_out_toggle_options");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_api_errstring) = lt_dlsym(dl_handle,
							"snmp_api_errstring");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

	*(void **) (&nut_snmp_errno) = lt_dlsym(dl_handle, "snmp_errno");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}

#if NUT_HAVE_LIBNETSNMP_usmAESPrivProtocol || NUT_HAVE_LIBNETSNMP_usmAES128PrivProtocol
	*(void **) (&nut_usmAESPrivProtocol) = lt_dlsym(dl_handle,
							USMAESPRIVPROTOCOL);
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}
#endif /* NUT_HAVE_LIBNETSNMP_usmAESPrivProtocol || NUT_HAVE_LIBNETSNMP_usmAES128PrivProtocol */

#if NUT_HAVE_LIBNETSNMP_usmHMACMD5AuthProtocol
	*(void **) (&nut_usmHMACMD5AuthProtocol) = lt_dlsym(dl_handle,
						"usmHMACMD5AuthProtocol");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}
#endif /* NUT_HAVE_LIBNETSNMP_usmHMACMD5AuthProtocol */

#if NUT_HAVE_LIBNETSNMP_usmHMACSHA1AuthProtocol
	*(void **) (&nut_usmHMACSHA1AuthProtocol) = lt_dlsym(dl_handle,
						"usmHMACSHA1AuthProtocol");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}
#endif /* NUT_HAVE_LIBNETSNMP_usmHMACSHA1AuthProtocol */

#if NUT_HAVE_LIBNETSNMP_usmDESPrivProtocol
	*(void **) (&nut_usmDESPrivProtocol) = lt_dlsym(dl_handle,
						"usmDESPrivProtocol");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}
#endif /* NUT_HAVE_LIBNETSNMP_usmDESPrivProtocol */

#if NUT_HAVE_LIBNETSNMP_DRAFT_BLUMENTHAL_AES_04
# if NUT_HAVE_LIBNETSNMP_usmAES192PrivProtocol
	*(void **) (&nut_usmAES192PrivProtocol) = lt_dlsym(dl_handle,
						"usmAES192PrivProtocol");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}
# endif /* NUT_HAVE_LIBNETSNMP_usmAES192PrivProtocol */

# if NUT_HAVE_LIBNETSNMP_usmAES256PrivProtocol
	*(void **) (&nut_usmAES256PrivProtocol) = lt_dlsym(dl_handle,
						"usmAES256PrivProtocol");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}
# endif /* NUT_HAVE_LIBNETSNMP_usmAES256PrivProtocol */
#endif /* NUT_HAVE_LIBNETSNMP_DRAFT_BLUMENTHAL_AES_04 */

#if NUT_HAVE_LIBNETSNMP_usmHMAC192SHA256AuthProtocol
	*(void **) (&nut_usmHMAC192SHA256AuthProtocol) = lt_dlsym(dl_handle,
						"usmHMAC192SHA256AuthProtocol");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}
#endif /* NUT_HAVE_LIBNETSNMP_usmHMAC192SHA256AuthProtocol */

#if NUT_HAVE_LIBNETSNMP_usmHMAC256SHA384AuthProtocol
	*(void **) (&nut_usmHMAC256SHA384AuthProtocol) = lt_dlsym(dl_handle,
						"usmHMAC256SHA384AuthProtocol");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}
#endif /* NUT_HAVE_LIBNETSNMP_usmHMAC256SHA384AuthProtocol */

#if NUT_HAVE_LIBNETSNMP_usmHMAC384SHA512AuthProtocol
	*(void **) (&nut_usmHMAC384SHA512AuthProtocol) = lt_dlsym(dl_handle,
						"usmHMAC384SHA512AuthProtocol");
	if ((dl_error = lt_dlerror()) != NULL) {
		goto err;
	}
#endif /* NUT_HAVE_LIBNETSNMP_usmHMAC384SHA512AuthProtocol */

	return 1;

err:
	fprintf(stderr, "Cannot load SNMP library (%s) : %s. SNMP search disabled.\n",
		libname_path, dl_error);
	dl_handle = (void *)1;
	lt_dlexit();
	return 0;
}
/* end of dynamic link library stuff */

static void scan_snmp_add_device(nutscan_snmp_t * sec, struct snmp_pdu *response, char * mib)
{
	nutscan_device_t * dev = NULL;
	struct snmp_session * session;
	char * buf;

	session = (*nut_snmp_sess_session)(sec->handle);
	if (session == NULL) {
		return;
	}
	/* SNMP device found */
	dev = nutscan_new_device();
	dev->type = TYPE_SNMP;
	dev->driver = strdup("snmp-ups");
	dev->port = strdup(session->peername);
	if (response != NULL) {
		buf = malloc (response->variables->val_len + 1);
		if (buf) {
			memcpy(buf, response->variables->val.string,
				response->variables->val_len);
			buf[response->variables->val_len] = 0;
			nutscan_add_option_to_device(dev, "desc", buf);
			free(buf);
		}
	}
	nutscan_add_option_to_device(dev, "mibs", mib);
	/* SNMP v3 */
	if (session->community == NULL || session->community[0] == 0) {
		nutscan_add_option_to_device(dev, "snmp_version", "v3");

		if (sec->secLevel) {
			nutscan_add_option_to_device(dev, "secLevel",
				sec->secLevel);
		}
		if (sec->secName) {
			nutscan_add_option_to_device(dev, "secName",
				sec->secName);
		}
		if (sec->authPassword) {
			nutscan_add_option_to_device(dev, "authPassword",
				sec->authPassword);
		}
		if (sec->privPassword) {
			nutscan_add_option_to_device(dev, "privPassword",
				sec->privPassword);
		}
		if (sec->authProtocol) {
			nutscan_add_option_to_device(dev, "authProtocol",
				sec->authProtocol);
		}
		if (sec->privProtocol) {
			nutscan_add_option_to_device(dev, "privProtocol",
				sec->privProtocol);
		}
	}
	else {
		buf = malloc (session->community_len + 1);
		if (buf) {
			memcpy(buf, session->community,
				session->community_len);
			buf[session->community_len] = 0;
			nutscan_add_option_to_device(dev, "community", buf);
			free(buf);
		}
	}

#ifdef HAVE_PTHREAD
	pthread_mutex_lock(&dev_mutex);
#endif
	dev_ret = nutscan_add_device_to_device(dev_ret, dev);
#ifdef HAVE_PTHREAD
	pthread_mutex_unlock(&dev_mutex);
#endif

}

static struct snmp_pdu * scan_snmp_get_oid(char* oid_str, void* handle)
{
	size_t name_len;
	oid name[MAX_OID_LEN];
	struct snmp_pdu *pdu, *response = NULL;
	int status;
	int index = 0;

	/* create and send request. */
	name_len = MAX_OID_LEN;
	if (!(*nut_snmp_parse_oid)(oid_str, name, &name_len)) {
		index++;
		return NULL;
	}

	pdu = (*nut_snmp_pdu_create)(SNMP_MSG_GET);

	if (pdu == NULL) {
		index++;
		return NULL;
	}

	(*nut_snmp_add_null_var)(pdu, name, name_len);

	status = (*nut_snmp_sess_synch_response)(handle, pdu, &response);
	if (response == NULL) {
		index++;
		return NULL;
	}

	if (status != STAT_SUCCESS
	 || response->errstat != SNMP_ERR_NOERROR
	 || response->variables == NULL
	 || response->variables->name == NULL
	 || ((*nut_snmp_oid_compare)(response->variables->name,
	        response->variables->name_length,
	        name, name_len) != 0)
	 || response->variables->val.string == NULL
	) {
		(*nut_snmp_free_pdu)(response);
		index++;
		return NULL;
	}

	return response;
}

static void try_all_oid(void * arg, const char * mib_found)
{
	struct snmp_pdu *response = NULL;
	int index = 0;
	nutscan_snmp_t * sec = (nutscan_snmp_t *)arg;

	upsdebugx(2, "Entering %s for %s", __func__, sec->peername);

	while (snmp_device_table[index].mib != NULL) {

		if (snmp_device_table[index].oid == NULL
		||  snmp_device_table[index].oid[0] == '\0'
		) {
			index++;
			continue;
		}

		response = scan_snmp_get_oid(snmp_device_table[index].oid, sec->handle);
		if (response == NULL) {
			index++;
			continue;
		}

		/* add device only if not yet detected with the same mib */
		if (mib_found == NULL || (strcmp(mib_found, snmp_device_table[index].mib) != 0)) {
			scan_snmp_add_device(sec, response, snmp_device_table[index].mib);
			upsdebugx(3, "Found another match for device with MIB '%s'",
				snmp_device_table[index].mib);
		}
		else {
			upsdebugx(3, "Skip duplicated device %s", snmp_device_table[index].mib);
		}

		(*nut_snmp_free_pdu)(response);
		response = NULL;

		index++;
	}
}

static int init_session(struct snmp_session * snmp_sess, nutscan_snmp_t * sec)
{
	(*nut_snmp_sess_init)(snmp_sess);

	snmp_sess->peername = sec->peername;

	if (sec->community != NULL || sec->secLevel == NULL) {
		snmp_sess->version = SNMP_VERSION_1;
		if (sec->community != NULL) {
			snmp_sess->community = (unsigned char *)sec->community;
			snmp_sess->community_len = strlen(sec->community);
		}
		else {
			snmp_sess->community = (unsigned char *)"public";
			snmp_sess->community_len = strlen("public");
		}
	}
	else { /* SNMP v3 */
		snmp_sess->version = SNMP_VERSION_3;

		/* Security level */
		if (strcmp(sec->secLevel, "noAuthNoPriv") == 0)
			snmp_sess->securityLevel = SNMP_SEC_LEVEL_NOAUTH;
		else if (strcmp(sec->secLevel, "authNoPriv") == 0)
			snmp_sess->securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
		else if (strcmp(sec->secLevel, "authPriv") == 0)
			snmp_sess->securityLevel = SNMP_SEC_LEVEL_AUTHPRIV;
		else {
			fprintf(stderr,
				"Bad SNMPv3 securityLevel: %s\n",
				sec->secLevel);
			return 0;
		}

		/* Security name */
		if (sec->secName == NULL) {
			fprintf(stderr, "securityName is required for SNMPv3\n");
			return 0;
		}
		snmp_sess->securityName = strdup(sec->secName);
		snmp_sess->securityNameLen = strlen(snmp_sess->securityName);

		/* Everything is ready for NOAUTH */
		if (snmp_sess->securityLevel == SNMP_SEC_LEVEL_NOAUTH) {
			return 1;
		}

		/* Process mandatory fields, based on the security level */
		switch (snmp_sess->securityLevel) {
			case SNMP_SEC_LEVEL_AUTHNOPRIV:
				if (sec->authPassword == NULL) {
					fprintf(stderr,
						"authPassword is required "
						"for SNMPv3 in %s mode\n",
						sec->secLevel);
					return 0;
				}
				break;
			case SNMP_SEC_LEVEL_AUTHPRIV:
				if ((sec->authPassword == NULL) ||
					(sec->privPassword == NULL)) {
					fprintf(stderr,
						"authPassword and privPassword are "
						"required for SNMPv3 in %s mode\n",
						sec->secLevel);
					return 0;
				}
				break;
			default:
				/* nothing else needed */
				break;
		}

		/* Process authentication protocol and key */
		snmp_sess->securityAuthKeyLen = USM_AUTH_KU_LEN;

#if NUT_HAVE_LIBNETSNMP_usmHMACMD5AuthProtocol
		/* default to MD5 */
		snmp_sess->securityAuthProto = nut_usmHMACMD5AuthProtocol;
		snmp_sess->securityAuthProtoLen =
			sizeof(usmHMACMD5AuthProtocol)/
			sizeof(oid);
#endif

		if (sec->authProtocol) {
#if NUT_HAVE_LIBNETSNMP_usmHMACSHA1AuthProtocol
			if (strcmp(sec->authProtocol, "SHA") == 0) {
				snmp_sess->securityAuthProto = nut_usmHMACSHA1AuthProtocol;
				snmp_sess->securityAuthProtoLen =
					sizeof(usmHMACSHA1AuthProtocol)/
					sizeof(oid);
			}
			else
#endif
#if NUT_HAVE_LIBNETSNMP_usmHMAC192SHA256AuthProtocol
			if (strcmp(sec->authProtocol, "SHA256") == 0) {
				snmp_sess->securityAuthProto = nut_usmHMAC192SHA256AuthProtocol;
				snmp_sess->securityAuthProtoLen =
					sizeof(usmHMAC192SHA256AuthProtocol)/
					sizeof(oid);
			}
			else
#endif
#if NUT_HAVE_LIBNETSNMP_usmHMAC256SHA384AuthProtocol
			if (strcmp(sec->authProtocol, "SHA384") == 0) {
				snmp_sess->securityAuthProto = nut_usmHMAC256SHA384AuthProtocol;
				snmp_sess->securityAuthProtoLen =
					sizeof(usmHMAC256SHA384AuthProtocol)/
					sizeof(oid);
			}
			else
#endif
#if NUT_HAVE_LIBNETSNMP_usmHMAC384SHA512AuthProtocol
			if (strcmp(sec->authProtocol, "SHA512") == 0) {
				snmp_sess->securityAuthProto = nut_usmHMAC384SHA512AuthProtocol;
				snmp_sess->securityAuthProtoLen =
					sizeof(usmHMAC384SHA512AuthProtocol)/
					sizeof(oid);
			}
			else
#endif
#if NUT_HAVE_LIBNETSNMP_usmHMACMD5AuthProtocol
			if (strcmp(sec->authProtocol, "MD5") != 0) {
#else
			{
#endif
				fprintf(stderr,
					"Bad SNMPv3 authProtocol: %s\n",
					sec->authProtocol);
				return 0;
			}
		}

		/* set the authentication key to a MD5/SHA1 hashed version of
		 * our passphrase (must be at least 8 characters long) */
#if (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_PUSH_POP) && ( (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TYPE_LIMITS) || (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TAUTOLOGICAL_CONSTANT_OUT_OF_RANGE_COMPARE) )
# pragma GCC diagnostic push
#endif
#ifdef HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TYPE_LIMITS
# pragma GCC diagnostic ignored "-Wtype-limits"
#endif
#ifdef HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TAUTOLOGICAL_CONSTANT_OUT_OF_RANGE_COMPARE
# pragma GCC diagnostic ignored "-Wtautological-constant-out-of-range-compare"
#endif
		if ((uintmax_t)snmp_sess->securityAuthProtoLen > UINT_MAX) {
#if (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_PUSH_POP) && ( (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TYPE_LIMITS) || (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TAUTOLOGICAL_CONSTANT_OUT_OF_RANGE_COMPARE) )
# pragma GCC diagnostic pop
#endif
			fprintf(stderr, "Bad SNMPv3 securityAuthProtoLen: %zu",
				snmp_sess->securityAuthProtoLen);
			return 0;
		}
		if ((*nut_generate_Ku)(snmp_sess->securityAuthProto,
					(u_int)snmp_sess->securityAuthProtoLen,
					(unsigned char *) sec->authPassword,
					strlen(sec->authPassword),
					snmp_sess->securityAuthKey,
					&snmp_sess->securityAuthKeyLen)
					!= SNMPERR_SUCCESS
		) {
			fprintf(stderr,
				"Error generating Ku from "
				"authentication pass phrase\n");
			return 0;
		}

		/* Everything is ready for AUTHNOPRIV */
		if (snmp_sess->securityLevel == SNMP_SEC_LEVEL_AUTHNOPRIV) {
			return 1;
		}

#if NUT_HAVE_LIBNETSNMP_usmDESPrivProtocol
		/* default to DES */
		snmp_sess->securityPrivProto = nut_usmDESPrivProtocol;
		snmp_sess->securityPrivProtoLen =
			sizeof(usmDESPrivProtocol)/sizeof(oid);
#endif

		if (sec->privProtocol) {
#if NUT_HAVE_LIBNETSNMP_usmAESPrivProtocol || NUT_HAVE_LIBNETSNMP_usmAES128PrivProtocol
			if (strcmp(sec->privProtocol, "AES") == 0) {
				snmp_sess->securityPrivProto = nut_usmAESPrivProtocol;
				snmp_sess->securityPrivProtoLen =
					sizeof(usmAESPrivProtocol)/
					sizeof(oid);
			}
			else
#endif
#if NUT_HAVE_LIBNETSNMP_DRAFT_BLUMENTHAL_AES_04
# if NUT_HAVE_LIBNETSNMP_usmAES192PrivProtocol
			if (strcmp(sec->privProtocol, "AES192") == 0) {
				snmp_sess->securityPrivProto = nut_usmAES192PrivProtocol;
				snmp_sess->securityPrivProtoLen =
					sizeof(usmAES192PrivProtocol)/
					sizeof(oid);
			}
			else
# endif
# if NUT_HAVE_LIBNETSNMP_usmAES256PrivProtocol
			if (strcmp(sec->privProtocol, "AES256") == 0) {
				snmp_sess->securityPrivProto = nut_usmAES256PrivProtocol;
				snmp_sess->securityPrivProtoLen =
					sizeof(usmAES256PrivProtocol)/
					sizeof(oid);
			}
			else
# endif
#endif /* NUT_HAVE_LIBNETSNMP_DRAFT_BLUMENTHAL_AES_04 */
#if NUT_HAVE_LIBNETSNMP_usmDESPrivProtocol
			if (strcmp(sec->privProtocol, "DES") != 0) {
#else
			{
#endif
				fprintf(stderr,
					"Bad SNMPv3 privProtocol: %s\n",
					sec->privProtocol);
				return 0;
			}
		}

		/* set the private key to a MD5/SHA hashed version of
		 * our passphrase (must be at least 8 characters long) */
		snmp_sess->securityPrivKeyLen = USM_PRIV_KU_LEN;
#if (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_PUSH_POP) && ( (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TYPE_LIMITS) || (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TAUTOLOGICAL_CONSTANT_OUT_OF_RANGE_COMPARE) )
# pragma GCC diagnostic push
#endif
#ifdef HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TYPE_LIMITS
# pragma GCC diagnostic ignored "-Wtype-limits"
#endif
#ifdef HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TAUTOLOGICAL_CONSTANT_OUT_OF_RANGE_COMPARE
# pragma GCC diagnostic ignored "-Wtautological-constant-out-of-range-compare"
#endif
		if ((uintmax_t)snmp_sess->securityAuthProtoLen > UINT_MAX) {
#if (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_PUSH_POP) && ( (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TYPE_LIMITS) || (defined HAVE_PRAGMA_GCC_DIAGNOSTIC_IGNORED_TAUTOLOGICAL_CONSTANT_OUT_OF_RANGE_COMPARE) )
# pragma GCC diagnostic pop
#endif
			fprintf(stderr, "Bad SNMPv3 securityAuthProtoLen: %zu",
				snmp_sess->securityAuthProtoLen);
			return 0;
		}
		if ((*nut_generate_Ku)(snmp_sess->securityAuthProto,
					(u_int)snmp_sess->securityAuthProtoLen,
					(unsigned char *) sec->privPassword,
					strlen(sec->privPassword),
					snmp_sess->securityPrivKey,
					&snmp_sess->securityPrivKeyLen)
					!= SNMPERR_SUCCESS
		) {
			fprintf(stderr,
				"Error generating Ku from "
				"private pass phrase\n");
			return 0;
		}

	}

	return 1;
}

static void * try_SysOID(void * arg)
{
	struct snmp_session snmp_sess;
	void * handle;
	struct snmp_pdu *pdu, *response = NULL, *resp = NULL;
	oid name[MAX_OID_LEN];
	size_t name_len = MAX_OID_LEN;
	nutscan_snmp_t * sec = (nutscan_snmp_t *)arg;
	int index = 0;
	char *mib_found = NULL;

	upsdebugx(2, "Entering %s for %s", __func__, sec->peername);

	/* Initialize session */
	if (!init_session(&snmp_sess, sec)) {
		goto try_SysOID_free;
	}

	snmp_sess.retries = 0;
	/* netsnmp timeout is accounted in uS, but typed as long
	 * and not useconds_t (which is at most long per POSIX)
	 */
	snmp_sess.timeout = (long)g_usec_timeout;

	/* Open the session */
	handle = (*nut_snmp_sess_open)(&snmp_sess); /* establish the session */
	if (handle == NULL) {
		upsdebugx(2,
			"Failed to open SNMP session for %s",
			sec->peername);
		goto try_SysOID_free;
	}

	/* create and send request. */
	if (!(*nut_snmp_parse_oid)(SysOID, name, &name_len)) {
		upsdebugx(2,
			"SNMP errors for %s: %s",
			sec->peername,
			(*nut_snmp_api_errstring)((*nut_snmp_errno)));
		(*nut_snmp_sess_close)(handle);
		goto try_SysOID_free;
	}

	pdu = (*nut_snmp_pdu_create)(SNMP_MSG_GET);

	if (pdu == NULL) {
		fprintf(stderr, "Not enough memory\n");
		(*nut_snmp_sess_close)(handle);
		goto try_SysOID_free;
	}

	(*nut_snmp_add_null_var)(pdu, name, name_len);

	(*nut_snmp_sess_synch_response)(handle,
			pdu, &response);

	if (response) {
		sec->handle = handle;

		/* SNMP device found */
		/* SysOID is supposed to give the required MIB. */

		/* Check if the received OID match with a known sysOID */
		if (response->variables != NULL &&
				response->variables->val.objid != NULL
		) {
			while (snmp_device_table[index].mib != NULL) {
				if (snmp_device_table[index].sysoid == NULL) {
					index++;
					continue;
				}
				name_len = MAX_OID_LEN;

				if (!(*nut_snmp_parse_oid)(
					snmp_device_table[index].sysoid,
					name, &name_len)
				) {
					index++;
					continue;
				}

				if ((*nut_snmp_oid_compare)(
					response->variables->val.objid,
					response->variables->val_len/sizeof(oid),
					name, name_len) == 0
				) {
					/* we have found a relevant sysoid */

					/* add mib if no complementary oid is present */
					/* FIXME: No desc defined when add device */
					if (snmp_device_table[index].oid == NULL
					||  snmp_device_table[index].oid[0] == '\0'
					) {
						scan_snmp_add_device(sec, NULL, snmp_device_table[index].mib);
						mib_found = snmp_device_table[index].sysoid;
					}
					/* else test complementary oid before adding mib */
					else {
						resp = scan_snmp_get_oid(
							snmp_device_table[index].oid,
							handle);
						if (resp != NULL) {
							scan_snmp_add_device(sec, resp, snmp_device_table[index].mib);
							mib_found = snmp_device_table[index].mib;
							(*nut_snmp_free_pdu)(resp);
						}
					}
				}
				index++;
			}
		}

		/* try a list of known OID, if no device was found otherwise */
		if (mib_found == NULL)
			try_all_oid(sec, mib_found);

		(*nut_snmp_free_pdu)(response);
		response = NULL;
	}

	(*nut_snmp_sess_close)(handle);

try_SysOID_free:
	if (sec->peername) {
		free(sec->peername);
	}
	free(sec);

	return NULL;
}

nutscan_device_t * nutscan_scan_snmp(const char * start_ip, const char * stop_ip,
                                     useconds_t usec_timeout, nutscan_snmp_t * sec)
{
	bool_t pass = TRUE; /* Track that we may spawn a scanning thread */
	nutscan_snmp_t * tmp_sec;
	nutscan_ip_iter_t ip;
	char * ip_str = NULL;
#ifdef HAVE_PTHREAD
# ifdef HAVE_SEMAPHORE
	sem_t * semaphore = nutscan_semaphore();
	sem_t   semaphore_scantype_inst;
	sem_t * semaphore_scantype = &semaphore_scantype_inst;
# endif /* HAVE_SEMAPHORE */
	pthread_t thread;
	nutscan_thread_t * thread_array = NULL;
	size_t thread_count = 0, i;
# if (defined HAVE_PTHREAD_TRYJOIN) || (defined HAVE_SEMAPHORE)
	size_t  max_threads_scantype = max_threads_netsnmp;
# endif

	pthread_mutex_init(&dev_mutex, NULL);

# ifdef HAVE_SEMAPHORE
	if (max_threads_scantype > 0) {
		if (SIZE_MAX > UINT_MAX && max_threads_scantype > UINT_MAX) {
			upsdebugx(1,
				"WARNING: %s: Limiting max_threads_scantype to range acceptable for sem_init()",
				__func__);
			max_threads_scantype = UINT_MAX - 1;
		}
		sem_init(semaphore_scantype, 0, (unsigned int)max_threads_scantype);
	}
# endif /* HAVE_SEMAPHORE */

#endif /* HAVE_PTHREAD */

	if (!nutscan_avail_snmp) {
		return NULL;
	}

	g_usec_timeout = usec_timeout;

	/* Force numeric OIDs resolution (ie, do not resolve to textual names)
	 * This is mostly for the convenience of debug output */
	if (nut_snmp_out_toggle_options("n") != NULL) {
		upsdebugx(1, "Failed to enable numeric OIDs resolution");
	}

	/* Initialize the SNMP library */
	(*nut_init_snmp)("nut-scanner");

	ip_str = nutscan_ip_iter_init(&ip, start_ip, stop_ip);

	while (ip_str != NULL) {
#ifdef HAVE_PTHREAD
		/* NOTE: With many enough targets to scan, this can crash
		 * by spawning too many children; add a limit and loop to
		 * "reap" some already done with their work. And probably
		 * account them in thread_array[] as something to not wait
		 * for below in pthread_join()...
		 */

# ifdef HAVE_SEMAPHORE
		/* Just wait for someone to free a semaphored slot,
		 * if none are available, and then/otherwise grab one
		 */
		if (thread_array == NULL) {
			/* Starting point, or after a wait to complete
			 * all earlier runners */
			if (max_threads_scantype > 0)
				sem_wait(semaphore_scantype);
			sem_wait(semaphore);
			pass = TRUE;
		} else {
			pass = ((max_threads_scantype == 0 || sem_trywait(semaphore_scantype) == 0) &&
			        sem_trywait(semaphore) == 0);
		}
# else
#  ifdef HAVE_PTHREAD_TRYJOIN
		/* A somewhat naive and brute-force solution for
		 * systems without a semaphore.h. This may suffer
		 * some off-by-one errors, using a few more threads
		 * than intended (if we race a bit at the wrong time,
		 * probably up to one per enabled scanner routine).
		 */

		/* TOTHINK: Should there be a threadcount_mutex when
		 * we just read the value in if() and while() below?
		 * At worst we would overflow the limit a bit due to
		 * other protocol scanners...
		 */
		if (curr_threads >= max_threads
		|| (curr_threads >= max_threads_scantype && max_threads_scantype > 0)
		) {
			upsdebugx(2, "%s: already running %zu scanning threads "
				"(launched overall: %zu), "
				"waiting until some would finish",
				__func__, curr_threads, thread_count);
			while (curr_threads >= max_threads
			   || (curr_threads >= max_threads_scantype && max_threads_scantype > 0)
			) {
				for (i = 0; i < thread_count ; i++) {
					int ret;

					if (!thread_array[i].active) continue;

					pthread_mutex_lock(&threadcount_mutex);
					upsdebugx(3, "%s: Trying to join thread #%i...", __func__, i);
					ret = pthread_tryjoin_np(thread_array[i].thread, NULL);
					switch (ret) {
						case ESRCH:     /* No thread with the ID thread could be found - already "joined"? */
							upsdebugx(5, "%s: Was thread #%zu joined earlier?", __func__, i);
							break;
						case 0:         /* thread exited */
							if (curr_threads > 0) {
								curr_threads --;
								upsdebugx(4, "%s: Joined a finished thread #%zu", __func__, i);
							} else {
								/* threadcount_mutex fault? */
								upsdebugx(0, "WARNING: %s: Accounting of thread count "
									"says we are already at 0", __func__);
							}
							thread_array[i].active = FALSE;
							break;
						case EBUSY:     /* actively running */
							upsdebugx(6, "%s: thread #%zu still busy (%i)",
								__func__, i, ret);
							break;
						case EDEADLK:   /* Errors with thread interactions... bail out? */
						case EINVAL:    /* Errors with thread interactions... bail out? */
						default:        /* new pthreads abilities? */
							upsdebugx(5, "%s: thread #%zu reported code %i",
								__func__, i, ret);
							break;
					}
					pthread_mutex_unlock(&threadcount_mutex);
				}

				if (curr_threads >= max_threads
				|| (curr_threads >= max_threads_scantype && max_threads_scantype > 0)
				) {
					usleep (10000); /* microSec's, so 0.01s here */
				}
			}
			upsdebugx(2, "%s: proceeding with scan", __func__);
		}
		/* NOTE: No change to default "pass" in this ifdef:
		 * if we got to this line, we have a slot to use */
#  endif /* HAVE_PTHREAD_TRYJOIN */
# endif  /* HAVE_SEMAPHORE */
#endif   /* HAVE_PTHREAD */

		if (pass) {
			tmp_sec = malloc(sizeof(nutscan_snmp_t));
			memcpy(tmp_sec, sec, sizeof(nutscan_snmp_t));
			tmp_sec->peername = ip_str;

#ifdef HAVE_PTHREAD
			if (pthread_create(&thread, NULL, try_SysOID, (void*)tmp_sec) == 0) {
# ifdef HAVE_PTHREAD_TRYJOIN
				pthread_mutex_lock(&threadcount_mutex);
				curr_threads++;
# endif /* HAVE_PTHREAD_TRYJOIN */

				thread_count++;
				nutscan_thread_t *new_thread_array = realloc(thread_array,
					thread_count * sizeof(nutscan_thread_t));
				if (new_thread_array == NULL) {
					upsdebugx(1, "%s: Failed to realloc thread array", __func__);
					break;
				}
				else {
					thread_array = new_thread_array;
				}
				thread_array[thread_count - 1].thread = thread;
				thread_array[thread_count - 1].active = TRUE;

# ifdef HAVE_PTHREAD_TRYJOIN
				pthread_mutex_unlock(&threadcount_mutex);
# endif /* HAVE_PTHREAD_TRYJOIN */
			}
#else   /* not HAVE_PTHREAD */
			try_SysOID((void *)tmp_sec);
#endif  /* if HAVE_PTHREAD */
/*			free(ip_str); */ /* Do not free() here - seems to cause a double-free instead */
			ip_str = nutscan_ip_iter_inc(&ip);
/*			free(tmp_sec); */
		} else { /* if not pass -- all slots busy */
#ifdef HAVE_PTHREAD
# ifdef HAVE_SEMAPHORE
			/* Wait for all current scans to complete */
			if (thread_array != NULL) {
				upsdebugx (2, "%s: Running too many scanning threads, "
					"waiting until older ones would finish",
					__func__);
				for (i = 0; i < thread_count ; i++) {
					int ret;
					if (!thread_array[i].active) {
						/* Probably should not get here,
						 * but handle it just in case */
						upsdebugx(0, "WARNING: %s: Midway clean-up: did not expect thread %zu to be not active",
							__func__, i);
						sem_post(semaphore);
						if (max_threads_scantype > 0)
							sem_post(semaphore_scantype);
						continue;
					}
					thread_array[i].active = FALSE;
					ret = pthread_join(thread_array[i].thread, NULL);
					if (ret != 0) {
						upsdebugx(0, "WARNING: %s: Midway clean-up: pthread_join() returned code %i",
							__func__, ret);
					}
					sem_post(semaphore);
					if (max_threads_scantype > 0)
						sem_post(semaphore_scantype);
				}
				thread_count = 0;
				free(thread_array);
				thread_array = NULL;
			}
# else
#  ifdef HAVE_PTHREAD_TRYJOIN
		/* TODO: Move the wait-loop for TRYJOIN here? */
#  endif /* HAVE_PTHREAD_TRYJOIN */
# endif  /* HAVE_SEMAPHORE */
#endif   /* HAVE_PTHREAD */
		} /* if: could we "pass" or not? */
	} /* while */

#ifdef HAVE_PTHREAD
	if (thread_array != NULL) {
		upsdebugx(2, "%s: all planned scans launched, waiting for threads to complete", __func__);
		for (i = 0; i < thread_count; i++) {
			int ret;

			if (!thread_array[i].active) continue;

			ret = pthread_join(thread_array[i].thread, NULL);
			if (ret != 0) {
				upsdebugx(0, "WARNING: %s: Clean-up: pthread_join() returned code %i",
					__func__, ret);
			}
			thread_array[i].active = FALSE;
# ifdef HAVE_SEMAPHORE
			sem_post(semaphore);
			if (max_threads_scantype > 0)
				sem_post(semaphore_scantype);
# else
#  ifdef HAVE_PTHREAD_TRYJOIN
			pthread_mutex_lock(&threadcount_mutex);
			if (curr_threads > 0) {
				curr_threads --;
				upsdebugx(5, "%s: Clean-up: Joined a finished thread #%zu",
					__func__, i);
			} else {
				upsdebugx(0, "WARNING: %s: Clean-up: Accounting of thread count "
					"says we are already at 0", __func__);
			}
			pthread_mutex_unlock(&threadcount_mutex);
#  endif /* HAVE_PTHREAD_TRYJOIN */
# endif /* HAVE_SEMAPHORE */
		}
		free(thread_array);
		upsdebugx(2, "%s: all threads freed", __func__);
	}
	pthread_mutex_destroy(&dev_mutex);

# ifdef HAVE_SEMAPHORE
	if (max_threads_scantype > 0)
		sem_destroy(semaphore_scantype);
# endif /* HAVE_SEMAPHORE */
#endif /* HAVE_PTHREAD */

	nutscan_device_t * result = nutscan_rewind_device(dev_ret);
	dev_ret = NULL;
	return result;
}

#else /* WITH_SNMP */

nutscan_device_t * nutscan_scan_snmp(const char * start_ip, const char * stop_ip,
                                     useconds_t usec_timeout, nutscan_snmp_t * sec)
{
	NUT_UNUSED_VARIABLE(start_ip);
	NUT_UNUSED_VARIABLE(stop_ip);
	NUT_UNUSED_VARIABLE(usec_timeout);
	NUT_UNUSED_VARIABLE(sec);
	return NULL;
}

#endif /* WITH_SNMP */