Moving to tech@
On 5/1/20 5:17 PM, Steven Surdock wrote:
> I see that snmpd.conf supports "read-write disabled", but this doesn't seem
> to _completely_ disable the private community. If I set "read-write
> disabled" I can still poll values using the 'private' community. Is this a
> bug or a feature?
>
> -Steve S.
>
I'd say this is a bug, disabled should be disabled.
Diff below fixes this. With this we can most likely also remove the test
on snmpe.c:467, but I don't feel confident enough to do that just yet.
Another important question is if we should enable read-write by default,
but let's save that discussion for a different time/thread.
OK?
martijn@
Index: snmpe.c
===================================================================
RCS file: /cvs/src/usr.sbin/snmpd/snmpe.c,v
retrieving revision 1.61
diff -u -p -r1.61 snmpe.c
--- snmpe.c 14 Feb 2020 15:08:46 -0000 1.61
+++ snmpe.c 1 May 2020 15:38:40 -0000
@@ -309,7 +309,8 @@ snmpe_parse(struct snmp_message *msg)
stats->snmp_ingetnexts++;
if (msg->sm_version != SNMP_V3 &&
strcmp(env->sc_rdcommunity, msg->sm_community) != 0 &&
- strcmp(env->sc_rwcommunity, msg->sm_community) != 0) {
+ (env->sc_readonly ||
+ strcmp(env->sc_rwcommunity, msg->sm_community) != 0)) {
stats->snmp_inbadcommunitynames++;
msg->sm_errstr = "wrong read community";
goto fail;
@@ -320,7 +321,8 @@ snmpe_parse(struct snmp_message *msg)
case SNMP_C_SETREQ:
stats->snmp_insetrequests++;
if (msg->sm_version != SNMP_V3 &&
- strcmp(env->sc_rwcommunity, msg->sm_community) != 0) {
+ (env->sc_readonly ||
+ strcmp(env->sc_rwcommunity, msg->sm_community) != 0)) {
if (strcmp(env->sc_rdcommunity, msg->sm_community) != 0)
stats->snmp_inbadcommunitynames++;
else
