#ifndef SNMPSECMOD_H
#define SNMPSECMOD_H

#ifdef __cplusplus
extern          "C" {
#endif

#include <net-snmp/library/snmp_transport.h>

/* Locally defined security models.
 * (Net-SNMP enterprise number = 8072)*256 + local_num
 */
#define NETSNMP_SEC_MODEL_KSM     2066432
#define NETSNMP_KSM_SECURITY_MODEL     NETSNMP_SEC_MODEL_KSM
#define NETSNMP_TSM_SECURITY_MODEL     SNMP_SEC_MODEL_TSM

struct snmp_secmod_def;

/*
 * parameter information passed to security model routines
 */
struct snmp_secmod_outgoing_params {
    int             msgProcModel;
    u_char         *globalData;
    size_t          globalDataLen;
    int             maxMsgSize;
    int             secModel;
    u_char         *secEngineID;
    size_t          secEngineIDLen;
    char           *secName;
    size_t          secNameLen;
    int             secLevel;
    u_char         *scopedPdu;
    size_t          scopedPduLen;
    void           *secStateRef;
    u_char         *secParams;
    size_t         *secParamsLen;
    u_char        **wholeMsg;
    size_t         *wholeMsgLen;
    size_t         *wholeMsgOffset;
    netsnmp_pdu    *pdu;        /* IN - the pdu getting encoded            */
    netsnmp_session *session;   /* IN - session sending the message        */
};

struct snmp_secmod_incoming_params {
    int             msgProcModel;       /* IN */
    size_t          maxMsgSize; /* IN     - Used to calc maxSizeResponse.  */

    u_char         *secParams;  /* IN     - BER encoded securityParameters. */
    int             secModel;   /* IN */
    int             secLevel;   /* IN     - AuthNoPriv; authPriv etc.      */

    u_char         *wholeMsg;   /* IN     - Original v3 message.           */
    size_t          wholeMsgLen;        /* IN     - Msg length.                    */

    u_char         *secEngineID;        /* OUT    - Pointer snmpEngineID.          */
    size_t         *secEngineIDLen;     /* IN/OUT - Len available; len returned.   */
    /*
     * NOTE: Memory provided by caller.      
     */

    char           *secName;    /* OUT    - Pointer to securityName.       */
    size_t         *secNameLen; /* IN/OUT - Len available; len returned.   */

    u_char        **scopedPdu;  /* OUT    - Pointer to plaintext scopedPdu. */
    size_t         *scopedPduLen;       /* IN/OUT - Len available; len returned.   */

    size_t         *maxSizeResponse;    /* OUT    - Max size of Response PDU.      */
    void          **secStateRef;        /* OUT    - Ref to security state.         */
    netsnmp_session *sess;      /* IN     - session which got the message  */
    netsnmp_pdu    *pdu;        /* IN     - the pdu getting parsed         */
    u_char          msg_flags;  /* IN     - v3 Message flags.              */
};


/*
 * function pointers:
 */

/*
 * free's a given security module's data; called at unregistration time 
 */
typedef int     (SecmodSessionCallback) (netsnmp_session *);
typedef int     (SecmodPduCallback) (netsnmp_pdu *);
typedef int     (Secmod2PduCallback) (netsnmp_pdu *, netsnmp_pdu *);
typedef int     (SecmodOutMsg) (struct snmp_secmod_outgoing_params *);
typedef int     (SecmodInMsg) (struct snmp_secmod_incoming_params *);
typedef void    (SecmodFreeState) (void *);
typedef void    (SecmodHandleReport) (void *sessp,
                                      netsnmp_transport *transport,
                                      netsnmp_session *,
                                      int result,
                                      netsnmp_pdu *origpdu);
typedef int     (SecmodDiscoveryMethod) (void *slp, netsnmp_session *session);
typedef int     (SecmodPostDiscovery) (void *slp, netsnmp_session *session);

typedef int     (SecmodSessionSetup) (netsnmp_session *in_session,
                                      netsnmp_session *out_session);
/*
 * definition of a security module
 */

/*
 * all of these callback functions except the encoding and decoding
 * routines are optional.  The rest of them are available if need.  
 */
struct snmp_secmod_def {
    /*
     * session maniplation functions 
     */
    SecmodSessionCallback *session_open;        /* called in snmp_sess_open()  */
    SecmodSessionCallback *session_close;       /* called in snmp_sess_close() */
    SecmodSessionSetup    *session_setup;

    /*
     * pdu manipulation routines 
     */
    SecmodPduCallback *pdu_free;        /* called in free_pdu() */
    Secmod2PduCallback *pdu_clone;      /* called in snmp_clone_pdu() */
    SecmodPduCallback *pdu_timeout;     /* called when request timesout */
    SecmodFreeState *pdu_free_state_ref;        /* frees pdu->securityStateRef */

    /*
     * de/encoding routines: mandatory 
     */
    SecmodOutMsg   *encode_reverse;     /* encode packet back to front */
    SecmodOutMsg   *encode_forward;     /* encode packet forward */
    SecmodInMsg    *decode;     /* decode & validate incoming */

   /*
    * error and report handling
    */
   SecmodHandleReport *handle_report;

   /*
    * default engineID discovery mechanism
    */
   SecmodDiscoveryMethod *probe_engineid;
   SecmodPostDiscovery   *post_probe_engineid;
};


/*
 * internal list
 */
struct snmp_secmod_list {
    int             securityModel;
    struct snmp_secmod_def *secDef;
    struct snmp_secmod_list *next;
};


/*
 * register a security service 
 */
int             register_sec_mod(int, const char *,
                                 struct snmp_secmod_def *);
/*
 * find a security service definition 
 */
NETSNMP_IMPORT
struct snmp_secmod_def *find_sec_mod(int);
/*
 * register a security service 
 */
int             unregister_sec_mod(int);        /* register a security service */
void            init_secmod(void);
NETSNMP_IMPORT
void            shutdown_secmod(void);

/*
 * clears the sec_mod list
 */
NETSNMP_IMPORT
void            clear_sec_mod(void);

#ifdef __cplusplus
}
#endif
#endif                          /* SNMPSECMOD_H */