Thanks Dave for your quick response.
We will try to elaborate the problem a bit. We have a SNMP client which
monitors the agent hosts periodically. Client will be continuously running and
it's a multithreaded application.
Let's say, if I configured my client to collect SNMP data from host X, using
SNMP v3 and provided my client with V3 settings of host X. i.e. I will provide
security name, auth protocol and auth password for 'authNOPriv' option of
SNMPv3.
Client will start collecting from X and also will get the engine ID from X and
the Net-SNMP library will add a user to the global user list with <user name,
engine ID> as key.
After some time, I changed the auth password for host X and would like to
change the same in my client dynamically without rebooting my client. So I
changed it in the session object and expecting to happen the same in the users
list. This is not happening.
It's in snmplib/snmpusm.c , usm_create_user_from_session(), tries to get the
user from the existing users list and won't changing the auth keys for that
user. The changed authkey will never get reflected in the global list of users.
Auth key will not copied from the session with the following check
>From snmplib/snmpusm.c , usm_create_user_from_session()
if (user->authKey == NULL)
Regards,
Hemanth Abbina,
eIQnetworks | www.eiqnetworks.com
e. [email protected]| b. http://blog.eiqnetworks.com/
SecureVue(r) - The Unified Situational Awareness Platform
"We can honestly say that eIQnetworks has the broadest range of capabilities
we've seen in one integrated product." - Technology Executive Alert By Linda
Musthaler, Network World
"This email is intended only for the use of the individual or entity named
above and may contain information that is confidential and privileged. If you
are not the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the email is strictly prohibited. If you have
received this email in error, please notify us immediately by return email or
phone at +1 978.266.9933 and destroy the original message."
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf
Of Dave Shield
Sent: Friday, February 03, 2012 4:38 PM
To: Hemanth Abbina
Cc: [email protected]; Venkateswarlu Yalamandala
Subject: Re: Issues with Net-SNMP 5.7.1 USM user list
On 2 February 2012 10:54, Hemanth Abbina <[email protected]> wrote:
> 1. The library maintains a global USM users list. USM users are
> differentiated based on the security name and engine ID. But, say if I
> change the auth/priv password of the existing user, in the middle, it
> doesn't reflect in the list of users as it always retrieves the old user
> from the list only.
The user will be the same, yes - but the data structure for that user
should now have the new password. Looking at the code for processing
usmUserAuthKeyChange SET requests (in mibgroup/snmpv3/usmUser.c)
the routine write_usmUserAuthKeyChange() end up invoking the
following code fragment (as part of the ACTION block):
uptr = usm_parse_user(name, name_len);
:
memdup(&uptr->authKey, buf, buflen); // buf contains the new
localised key
uptr->authKeyLen = buflen;
How exactly are you changing the password(s) ?
> I think it should compare the auth/priv passwords also
The agent cannot actually compare the passwords, since the
new password isn't ever sent over the network. The algorithm for
updating the password handling is covered in the DESCRIPTION clause
of the relevant MIB objects (usmUser{,Own}{Auth,Priv}KeyChange
within SNMP-USER-BASED-SM-MIB)
> while selecting the users or it should edit the passwords appropriately.
"editing the passwords" is a bit of an over-simplification,
but that's essentially what it does.
> Could anyone please suggest us on what to do in this case ?
I'm not entirely clear as to exactly what the problem is here.
Can you give a bit more detail about exactly what you are trying,
what behaviour you see, and what you expected to happen?
> 2. One more observations is the list of users are maintained globally
> without any locks. This may pose issues while using this global list in
> multi-threaded applications.
Yes - this is semi-documented in the README.thread file:
Unfortunately, the SNMPv3 support was added about the same
time as the thread support and since they occurred in parallel the
SNMPv3 support was never checked for multi-threading correctness.
It is most likely that it is not thread-safe at this time.
We have long needed someone willing and able to take another look
at the thread-unsafe aspects of the library (and agent), and address
these deficiencies. Volunteers always welcome!
Dave
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
