On Wed, 2021-08-11 at 18:03 +0100, Stuart Henderson wrote:
> On 2021/08/11 16:35, Martijn van Duren wrote:
> > Following snmpd, remove the public default community and move to snmpv3
> > by default. This is also what net-snmp does. I originally chose this
> > default because that's what snmpctl did and it allowed for easier
> > interoperability with snmpd(8).
>
> v3 by default makes sense to me.
>
> I'm not sure how much it buys to remove the default community in snmp(1),
> though, there doesn't seem a lot of benefit to removing it?
My reasoning being that setting having public the default in snmp(1)
might encourage users to set public in snmpd(8) as well, which is what
we tried to discourage.
And it's easy enough to do something like
alias snmp_get="snmp get -v2c -ccommunity"
in .profile for interactive use and in scripts you always want to be
explicit with such parameters.
>
> (net-snmp tools do have that, but they also have /etc/snmp/snmp.conf or
> .snmp/snmp.conf so there's less to type on the command line).
>
> > Now that snmpd(8) moved on, so should snmp(1).
> >
> > OK?
> >
> > martijn@
> >
> > Index: snmpc.c
> > ===================================================================
> > RCS file: /cvs/src/usr.bin/snmp/snmpc.c,v
> > retrieving revision 1.35
> > diff -u -p -r1.35 snmpc.c
> > --- snmpc.c 8 Aug 2021 13:41:26 -0000 1.35
> > +++ snmpc.c 11 Aug 2021 14:34:08 -0000
> > @@ -84,12 +84,12 @@ struct snmp_app snmp_apps[] = {
> > };
> > struct snmp_app *snmp_app = NULL;
> >
> > -char *community = "public";
> > +char *community = NULL;
> > struct snmp_v3 *v3;
> > char *mib = "mib_2";
> > int retries = 5;
> > int timeout = 1;
> > -enum snmp_version version = SNMP_V2C;
> > +enum snmp_version version = SNMP_V3;
> > int print_equals = 1;
> > int print_varbind_only = 0;
> > int print_summary = 0;
> > @@ -468,7 +468,10 @@ main(int argc, char *argv[])
> > argc -= optind;
> > argv += optind;
> >
> > - if (version == SNMP_V3) {
> > + if (version == SNMP_V1 || version == SNMP_V2C) {
> > + if (community == NULL || community[0] == '\0')
> > + errx(1, "No community name specified.");
> > + } else if (version == SNMP_V3) {
> > /* Setup USM */
> > if (user == NULL || user[0] == '\0')
> > errx(1, "No securityName specified");
> >
> >
