On Tue, 2006-02-14 at 13:47 +0100, H. McManus wrote:
> On Tuesday 14 February 2006 13:19, Dave Shield wrote:
>
> > The difference between the two lies in how they treat any objects
> > *outside* .1.3.6.1. The first configuration would allow access,
> > the second would deny access.
> > Of course, if there are no such objects, then it's all a bit
> > irrelevant!
>
> aaaaah. Ok. So to put that in other words, it is safe to say something like
> the following: If no "include" is explicitly mentioned then you have access
> to everything, but once you mention an include, that then becomes the ONLY
> tree you can access.
>
> Is that a fair summary?
Hmmm.....
Sorry for the delay in responding, but you got me wondering,
and I've finally gone back and had a look at the relevant
specifications (RFC 3415). And I've got a horrible feeling
that we're not implementing this properly.
The RFC says (in the DESCRIPTION of vacmViewTreeFamilyTable)
the following:
" To determine if a particular object instance is in
a particular MIB view, compare the object instance's
OBJECT IDENTIFIER with each of the MIB view's active
entries in this table. If none match, then the
object instance is not in the MIB view.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If one or
more match, then the object instance is included in,
or excluded from, the MIB view ...."
So according to that description, a view such as
view notSystem excluded .1.3.6.1.2.1.1
would actually not cover *any* MIB objects whatsoever.
With our current implementation, it would allow access
to everything bar the system group.
I'm redirecting this response to the coders list, in case
any of the other developers want to comment. (I've a
feeling that not everyone is following the users list,
and this is becoming more of an internals question).
Does anyone want to take issue with this interpretation?
Or do you agree that we're currently doing it wrong?
Dave
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
