Hi,
We are planning to implement remote configuration of the SNMP targets
and their users using the notification, target and USM MIBs. The plan
is to use net-snmp 5.5 as the master agent (on RHEL) since it
supports all these MIBs. I tried manually setting up an entry in the
notification and target MIBs for sending an SNMPv3 INFORM; then I
created a user manually (by editing /var/net-snmp/snmpd.conf) and
specifying the engineID of the inform receiver. Now, when the INFORM
is actually sent out the USM parameters of the user are being
overwritten. For example if the user is created with AUTH and PRIV
protocols as MD5 and AES respectively; the PRIV protocol is being
changed to DES and I believe the keys are also being overwritten. I
debugged the code a bit and found that while sending the INFORM packet
(after probing for the engineId of the receiver) the function
'create_user_from_session' (in snmp_api.c) is overwriting the values
with the default values set in the net-snmp session even when it
successfully finds the required user. I am referring to the below code
snippet :
//////////////////////////////
user = usm_get_user_from_list(session->securityEngineID,
session->securityEngineIDLen,
session->securityName,
usm_get_userList(), 0);
if (user == NULL) {
;
;;
}
if (session->securityAuthProto != NULL) { //WHY OVERWRITE THE AUTH
PROTO IF THE USER ALREADY HAS IT SET ?
;
;
}
/////////////////////////////
Is there any reason for overwriting the USM parameters of the user if
we have successfully found the user in the USM list ? Can there be a
check on whether the user already has the parameters (privProtocol,
authProtocol etc.) set and if not, use the ones in the session to
overwrite them ? So, for the above code snippet :
///////////////////////////
if (user->authProtocol == NULL){ //IF ALREADY SET, DO NOT OVERWRITE
WITH SESSION AUTH PROTO
if (session->securityAuthProto != NULL) {
;
;
}
}
//////////////////////////
And similarly for the other USM parameters which are being changed in
the function.
I am not sure whether this is done purposely or is a bug in the code ?
Thanks,
Datta.
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
