Frank,
I tried to bind the "private" community to all views as follows
protected void addViews(VacmMIB vacm)
{
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cpublic"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cprivate"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addAccess(new OctetString("v1v2group"), new
OctetString("public"), SecurityModel.SECURITY_MODEL_SNMPv2c,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadViewPublic"), new OctetString("fullWriteViewPublic"),
new OctetString("fullNotifyViewPublic"), StorageType.nonVolatile);
vacm.addAccess(new OctetString("v1v2group"), new
OctetString("private"), SecurityModel.SECURITY_MODEL_SNMPv2c,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadViewPrivate"), new OctetString("fullWriteViewPrivate"),
new OctetString("fullNotifyViewPrivate"), StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullReadViewPublic"), new
OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullWriteViewPublic"), new
OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullNotifyViewPublic"), new
OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullReadViewPrivate"), new
OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullWriteViewPrivate"), new
OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullNotifyViewPrivate"), new
OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
}
separating definitions of views for public and private communities, but it
did not remove the problem.
I also looked into the SnapshopAgent.java class, but definitions for V2c
included there are very similar to what I am doing so I must be missing
something obvious here ...
Thanks for the patience
Marek
-----Original Message-----
From: Frank Fock [mailto:[email protected]]
Sent: Tuesday, 02 April, 2013 10:21 PM
To: Marek Hajduczenia
Cc: [email protected]
Subject: Re: [SNMP4J] SET access to created managed objects
Hi Marek,
Then it the "private" context which you did not bound to the VACM view
"fullReadView".
Best regards,
Frank
Am 02.04.2013 23:11, schrieb Marek Hajduczenia:
Hi Frank,
The default configuration covers the whole 1.3 tree with
"fullReadView", which is fine enough. If I understand correctly, that
makes the whole tree in 1.3 branch accessible for reading ...
=== vacm.addViewTreeFamily(new OctetString("fullReadView"), new
OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
Now, I added the following statement as well:
=== vacm.addViewTreeFamily(new OctetString("fullWriteView"), new
OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
which if I understand the syntax correctly, should add the "
fullWriteView"
access to the whole experimental root that I am using. I am not sure
how the debug information helps me in this case, since it points out that
"private"
context is found (23705 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence
info for
'private') and then the request was created successfully. The only
line that causes some concerns is the following:
77558 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.2.10.1,l
owerIn
cluded=true,upperBound=1.3.6.1.3.22.2.10.1,upperIncluded=true],vb=1.3.6.1.3.
22.2.10.1 =
12,status=org.snmp4j.agent.request.RequestStatus@6d7300f9,query=null,i
ndex=0
,targetMO=null]]
where the targetMO is marked as null.
I also examined how 5 test scalar objects are created
179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=Marek-HP,volatile=false] in default
context with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=Marek-HP,volatile=false]
179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=C:\Musicas,volatile=false] in default
context with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=C:\Musicas,volatile=false]
180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=MediaMonkey,volatile=false] in default
context with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=MediaMonkey,volatile=false]
180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=0,volatile=false] in default context
with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
mo.MOAccessImpl@4a05fd83,value=0,volatile=false]
180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
mo.MOAccessImpl@674e5e21,value=15,volatile=false] in default context
with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
mo.MOAccessImpl@674e5e21,value=15,volatile=false]
Objects with OID = 1.3.6.1.3.22.1.1.0, 1.3.6.1.3.22.1.2.0,
1.3.6.1.3.22.1.3.0, and 1.3.6.1.3.22.1.4.0 are created as read-only,
and
1.3.6.1.3.22.1.5.0 is created as read-write, and that is visible in
the difference in the access=org.snmp4j.agent.mo.MOAccessImpl@ statements.
However, how to combine that together, is not clear to me ... sorry
Marek
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Frank Fock
Sent: Tuesday, 02 April, 2013 8:50 PM
To: [email protected]
Subject: Re: [SNMP4J] SET access to created managed objects
Hi Marek,
You have to setup the VACM properly in order to allow access to the
OID/subtree you are requesting. The default VACM configuration does
not include the "experimental" sub-tree IMHO.
The log output gives you more detailed hints.
Best regards,
Frank
Am 02.04.2013 11:13, schrieb Marek Hajduczenia:
Dear colleagues,
I create a very simple scalar in my agent:
OID oidTest = new OID("1.3.6.1.3.22.1.5.0");
MOScalar sysScalarTest = new MOScalar(oidTest,
MOAccessImpl.ACCESS_READ_WRITE, new Integer32(15));
server.registerManagedObject(sysScalarTest);
and then would like to change its value remotely using the MIB
browser. What I get back on the debug in Eclipse is the "Error
'Authorization error'
generated at: 1.3.6.1.3.22.1.5.0 = 123" preceded by debug information
about the message exchange and status exchange between agent and MIB
browser.
Everything seems fine, i.e., "private" community is found, request
with the private scope was created and proper object was found.
However, when time to change came around, no change was done.
===========================================================
20353 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.transport.DefaultUdpTransportMapping - Received message
from
localhost/127.0.0.1/56019 with length 45:
30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a3:1d:02:04:5a:ad:24:55:02:
0
1:00:0 2:01:00:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.Snmp - Fire process PDU event:
CommandResponderEvent[securityModel=2,
securityLevel=1, maxSizeResponsePDU=65535,
pduHandle=PduHandle[1521296469],
stateReference=StateReference[msgID=0,pduHandle=PduHandle[1521296469]
,
securi
tyEngineID=null,securityModel=null,securityName=private,securityLevel
= 1,cont extEngineID=null,contextName=null,retryMsgIDs=null],
pdu=SET[requestID=1521296469, errorStatus=Success(0), errorIndex=0,
VBS[1.3.6.1.3.22.1.5.0 = 123]], messageProcessingModel=1,
securityName=private, processed=false, peerAddress=127.0.0.1/56019,
transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping@36c8
e
545,
tmStateReference=null]
20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence
info for 'private'
20355 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Found coexistence info
for
'private'=CoexistenceInfo[securityName=cprivate,contextEngineID=80:00:13:70:
01:c0:a8:01:04,contextName=private,transportTag=]
20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Address 127.0.0.1/56019
passes filter, because source address filtering is disabled
20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.request.SnmpRequest - Created subrequest 0 with
scope
org.snmp4j.agent.DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.
22.1.5.0,lowerIncluded=true,upperBound=1.3.6.1.3.22.1.5.0,upperInclud
e
d=true
] from 1.3.6.1.3.22.1.5.0 = 123
20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.1.5.0,l
o
werInc
luded=true,upperBound=1.3.6.1.3.22.1.5.0,upperIncluded=true],vb=1.3.6.
1.3.22
.1.5.0 =
123,status=org.snmp4j.agent.request.RequestStatus@6ceac619,query=null
,
index=
0,targetMO=null]]
20358 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.transport.DefaultUdpTransportMapping - Sending message to
127.0.0.1/56019 with length 45:
30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a2:1d:02:04:5a:ad:24:55:02:
0
1:10:0 2:01:01:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
java.lang.Exception: Error 'Authorization error' generated at:
1.3.6.1.3.22.1.5.0 = 123
at
org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChan
g
ed(Snm
pRequest.java:617)
at
org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(Reque
s
tStatu
s.java:89)
at
org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.j
a
va:52)
at
org.snmp4j.agent.CommandProcessor.setAuthorizationError(CommandProces
s
or.jav
a:499)
at
org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.jav
a
:378)
at
org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.ja
v
a:339)
at
org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:5
5
9)
at
org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:16
2
)
at
org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl.
java:6
64)
at
org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:
297)
at
org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
java:3
68)
at
org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
java:3
28)
at
org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(Abst
r
actTra
nsportMapping.java:76)
at
org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(Defa
u
ltUdpT
ransportMapping.java:378)
at java.lang.Thread.run(Unknown Source)
===========================================================
Definition of the "public" and "private" communities are as follows:
protected void addCommunities(SnmpCommunityMIB
communityMIB)
{
Variable[] com2sec1 = new
Variable[]
{
new
OctetString("public"),
new
OctetString("cpublic"), // security name
getAgent().getContextEngineID(), // local engine ID
new
OctetString("public"), // default context name
new OctetString(),
// transport tag
new
Integer32(StorageType.nonVolatile), // storage type
new
Integer32(RowStatus.active) // row status
};
Variable[] com2sec2 = new
Variable[]
{
new
OctetString("private"),
new
OctetString("cprivate"), // security name
getAgent().getContextEngineID(), // local engine ID
new
OctetString("private"), // default context name
new OctetString(),
// transport tag
new
Integer32(StorageType.nonVolatile), // storage type
new
Integer32(RowStatus.active) // row status
};
MOTableRow row2 =
communityMIB.getSnmpCommunityEntry().createRow(new
OctetString("private").toSubIndex(true), com2sec2);
MOTableRow row1 =
communityMIB.getSnmpCommunityEntry().createRow(new
OctetString("public").toSubIndex(true), com2sec1);
communityMIB.getSnmpCommunityEntry().addRow(row2);
communityMIB.getSnmpCommunityEntry().addRow(row1);
}
and
/**
* Adds initial VACM configuration.
*/
@Override
protected void addViews(VacmMIB vacm)
{
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cpublic"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cprivate"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addAccess(new
OctetString("v1v2group"), new OctetString("public"),
SecurityModel.SECURITY_MODEL_ANY, SecurityLevel.NOAUTH_NOPRIV,
MutableVACM.VACM_MATCH_EXACT, new OctetString("fullReadView"), new
OctetString("fullWriteView"), new OctetString("fullNotifyView"),
StorageType.nonVolatile);
vacm.addAccess(new
OctetString("v1v2group"), new OctetString("private"),
SecurityModel.SECURITY_MODEL_SNMPv2c,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadView"), new OctetString("fullWriteView"), new
OctetString("fullNotifyView"), StorageType.nonVolatile);
// vacm.addViewTreeFamily(new
OctetString("fullReadView"), new OID("1.3"), new OctetString(),
VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
vacm.addViewTreeFamily(new
OctetString("fullWriteView"), new OID("1.3.6.1.3.22.2.10"), new
OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
}
I think all the areas where changes were needed, were added. The only
suspicion that I have is that the default context for all newly
created objects may be set to "public" rather than "private" and I
have no clue right now where to change it and how to do it.
Any suggestions / hints?
Thank you in advance
Marek
_______________________________________________
SNMP4J mailing list
[email protected]
http://lists.agentpp.org/mailman/listinfo/snmp4j
--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax: +49 7024 8688231
_______________________________________________
SNMP4J mailing list
[email protected]
http://lists.agentpp.org/mailman/listinfo/snmp4j
--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax: +49 7024 8688231
