Hi Frank,
The default configuration covers the whole 1.3 tree with "fullReadView",
which is fine enough. If I understand correctly, that makes the whole tree
in 1.3 branch accessible for reading ...
=== vacm.addViewTreeFamily(new OctetString("fullReadView"), new OID("1.3"),
new OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
Now, I added the following statement as well:
=== vacm.addViewTreeFamily(new OctetString("fullWriteView"), new
OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
which if I understand the syntax correctly, should add the " fullWriteView"
access to the whole experimental root that I am using. I am not sure how the
debug information helps me in this case, since it points out that "private"
context is found (23705 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence info for
'private') and then the request was created successfully. The only line that
causes some concerns is the following:
77558 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.2.10.1,lowerIn
cluded=true,upperBound=1.3.6.1.3.22.2.10.1,upperIncluded=true],vb=1.3.6.1.3.
22.2.10.1 =
12,status=org.snmp4j.agent.request.RequestStatus@6d7300f9,query=null,index=0
,targetMO=null]]
where the targetMO is marked as null.
I also examined how 5 test scalar objects are created
179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=Marek-HP,volatile=false] in default context
with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=Marek-HP,volatile=false]
179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=C:\Musicas,volatile=false] in default context
with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=C:\Musicas,volatile=false]
180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=MediaMonkey,volatile=false] in default
context with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=MediaMonkey,volatile=false]
180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=0,volatile=false] in default context with
scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=0,volatile=false]
180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
mo.MOAccessImpl@674e5e21,value=15,volatile=false] in default context with
scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
mo.MOAccessImpl@674e5e21,value=15,volatile=false]
Objects with OID = 1.3.6.1.3.22.1.1.0, 1.3.6.1.3.22.1.2.0,
1.3.6.1.3.22.1.3.0, and 1.3.6.1.3.22.1.4.0 are created as read-only, and
1.3.6.1.3.22.1.5.0 is created as read-write, and that is visible in the
difference in the access=org.snmp4j.agent.mo.MOAccessImpl@ statements.
However, how to combine that together, is not clear to me ... sorry
Marek
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Frank Fock
Sent: Tuesday, 02 April, 2013 8:50 PM
To: [email protected]
Subject: Re: [SNMP4J] SET access to created managed objects
Hi Marek,
You have to setup the VACM properly in order to allow access to the
OID/subtree you are requesting. The default VACM configuration does not
include the "experimental" sub-tree IMHO.
The log output gives you more detailed hints.
Best regards,
Frank
Am 02.04.2013 11:13, schrieb Marek Hajduczenia:
Dear colleagues,
I create a very simple scalar in my agent:
OID oidTest = new OID("1.3.6.1.3.22.1.5.0");
MOScalar sysScalarTest = new MOScalar(oidTest,
MOAccessImpl.ACCESS_READ_WRITE, new Integer32(15));
server.registerManagedObject(sysScalarTest);
and then would like to change its value remotely using the MIB
browser. What I get back on the debug in Eclipse is the "Error
'Authorization error'
generated at: 1.3.6.1.3.22.1.5.0 = 123" preceded by debug information
about the message exchange and status exchange between agent and MIB
browser.
Everything seems fine, i.e., "private" community is found, request
with the private scope was created and proper object was found.
However, when time to change came around, no change was done.
===========================================================
20353 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.transport.DefaultUdpTransportMapping - Received message
from
localhost/127.0.0.1/56019 with length 45:
30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a3:1d:02:04:5a:ad:24:55:02:0
1:00:0 2:01:00:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.Snmp - Fire process PDU event:
CommandResponderEvent[securityModel=2,
securityLevel=1, maxSizeResponsePDU=65535,
pduHandle=PduHandle[1521296469],
stateReference=StateReference[msgID=0,pduHandle=PduHandle[1521296469],
securi
tyEngineID=null,securityModel=null,securityName=private,securityLevel=
1,cont extEngineID=null,contextName=null,retryMsgIDs=null],
pdu=SET[requestID=1521296469, errorStatus=Success(0), errorIndex=0,
VBS[1.3.6.1.3.22.1.5.0 = 123]], messageProcessingModel=1,
securityName=private, processed=false, peerAddress=127.0.0.1/56019,
transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping@36c8e
545,
tmStateReference=null]
20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence
info for 'private'
20355 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Found coexistence info
for
'private'=CoexistenceInfo[securityName=cprivate,contextEngineID=80:00:13:70:
01:c0:a8:01:04,contextName=private,transportTag=]
20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Address 127.0.0.1/56019
passes filter, because source address filtering is disabled
20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.request.SnmpRequest - Created subrequest 0 with
scope
org.snmp4j.agent.DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.
22.1.5.0,lowerIncluded=true,upperBound=1.3.6.1.3.22.1.5.0,upperInclude
d=true
] from 1.3.6.1.3.22.1.5.0 = 123
20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.1.5.0,lo
werInc
luded=true,upperBound=1.3.6.1.3.22.1.5.0,upperIncluded=true],vb=1.3.6.
1.3.22
.1.5.0 =
123,status=org.snmp4j.agent.request.RequestStatus@6ceac619,query=null,
index=
0,targetMO=null]]
20358 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.transport.DefaultUdpTransportMapping - Sending message to
127.0.0.1/56019 with length 45:
30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a2:1d:02:04:5a:ad:24:55:02:0
1:10:0 2:01:01:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
java.lang.Exception: Error 'Authorization error' generated at:
1.3.6.1.3.22.1.5.0 = 123
at
org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChang
ed(Snm
pRequest.java:617)
at
org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(Reques
tStatu
s.java:89)
at
org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.ja
va:52)
at
org.snmp4j.agent.CommandProcessor.setAuthorizationError(CommandProcess
or.jav
a:499)
at
org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.java
:378)
at
org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.jav
a:339)
at
org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:55
9)
at
org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:162
)
at
org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl.
java:6
64)
at
org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:
297)
at
org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
java:3
68)
at
org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
java:3
28)
at
org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(Abstr
actTra
nsportMapping.java:76)
at
org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(Defau
ltUdpT
ransportMapping.java:378)
at java.lang.Thread.run(Unknown Source)
===========================================================
Definition of the "public" and "private" communities are as follows:
protected void addCommunities(SnmpCommunityMIB
communityMIB)
{
Variable[] com2sec1 = new Variable[]
{
new
OctetString("public"),
new
OctetString("cpublic"), // security name
getAgent().getContextEngineID(), // local engine ID
new
OctetString("public"), // default context name
new OctetString(), //
transport tag
new
Integer32(StorageType.nonVolatile), // storage type
new
Integer32(RowStatus.active) // row status
};
Variable[] com2sec2 = new Variable[]
{
new
OctetString("private"),
new
OctetString("cprivate"), // security name
getAgent().getContextEngineID(), // local engine ID
new
OctetString("private"), // default context name
new OctetString(), //
transport tag
new
Integer32(StorageType.nonVolatile), // storage type
new
Integer32(RowStatus.active) // row status
};
MOTableRow row2 =
communityMIB.getSnmpCommunityEntry().createRow(new
OctetString("private").toSubIndex(true), com2sec2);
MOTableRow row1 =
communityMIB.getSnmpCommunityEntry().createRow(new
OctetString("public").toSubIndex(true), com2sec1);
communityMIB.getSnmpCommunityEntry().addRow(row2);
communityMIB.getSnmpCommunityEntry().addRow(row1);
}
and
/**
* Adds initial VACM configuration.
*/
@Override
protected void addViews(VacmMIB vacm)
{
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cpublic"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cprivate"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addAccess(new
OctetString("v1v2group"), new OctetString("public"),
SecurityModel.SECURITY_MODEL_ANY, SecurityLevel.NOAUTH_NOPRIV,
MutableVACM.VACM_MATCH_EXACT, new OctetString("fullReadView"), new
OctetString("fullWriteView"), new OctetString("fullNotifyView"),
StorageType.nonVolatile);
vacm.addAccess(new
OctetString("v1v2group"), new OctetString("private"),
SecurityModel.SECURITY_MODEL_SNMPv2c,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadView"), new OctetString("fullWriteView"), new
OctetString("fullNotifyView"), StorageType.nonVolatile);
// vacm.addViewTreeFamily(new
OctetString("fullReadView"), new OID("1.3"), new OctetString(),
VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
vacm.addViewTreeFamily(new
OctetString("fullWriteView"), new OID("1.3.6.1.3.22.2.10"), new
OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
}
I think all the areas where changes were needed, were added. The only
suspicion that I have is that the default context for all newly
created objects may be set to "public" rather than "private" and I
have no clue right now where to change it and how to do it.
Any suggestions / hints?
Thank you in advance
Marek
_______________________________________________
SNMP4J mailing list
[email protected]
http://lists.agentpp.org/mailman/listinfo/snmp4j
--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax: +49 7024 8688231
_______________________________________________
SNMP4J mailing list
[email protected]
http://lists.agentpp.org/mailman/listinfo/snmp4j
