On Wed, 2021-08-11 at 18:59 +0100, Stuart Henderson wrote:
> On 2021/08/11 19:34, Martijn van Duren wrote:
> > On Wed, 2021-08-11 at 18:03 +0100, Stuart Henderson wrote:
> > > On 2021/08/11 16:35, Martijn van Duren wrote:
> > > > Following snmpd, remove the public default community and move to snmpv3
> > > > by default. This is also what net-snmp does. I originally chose this
> > > > default because that's what snmpctl did and it allowed for easier
> > > > interoperability with snmpd(8).
> > >
> > > v3 by default makes sense to me.
> > >
> > > I'm not sure how much it buys to remove the default community in snmp(1),
> > > though, there doesn't seem a lot of benefit to removing it?
> >
> > My reasoning being that setting having public the default in snmp(1)
> > might encourage users to set public in snmpd(8) as well, which is what
> > we tried to discourage.
>
> Hmm maybe. I won't object to that.
>
>
Forgot the manpage bits.
OK?
martijn@
Index: snmp.1
===================================================================
RCS file: /cvs/src/usr.bin/snmp/snmp.1,v
retrieving revision 1.19
diff -u -p -r1.19 snmp.1
--- snmp.1 8 Aug 2021 13:41:26 -0000 1.19
+++ snmp.1 11 Aug 2021 18:22:18 -0000
@@ -303,12 +303,11 @@ Show how long it took to walk the entire
Set the
.Ar community
string.
-Defaults to
-.Cm public .
This option is only used by
.Fl v Cm 1
and
-.Fl v Cm 2c .
+.Fl v Cm 2c
+and has no default.
.It Fl e Ar secengineid
The USM security engine id.
Under normal circumstances this value is discovered via snmpv3 discovery and
@@ -425,7 +424,7 @@ to either
or
.Cm 3 .
Currently defaults to
-.Cm 2c .
+.Cm 3 .
.It Fl X Ar privpass
The privacy password for the user.
This will be tansformed to
Index: snmpc.c
===================================================================
RCS file: /cvs/src/usr.bin/snmp/snmpc.c,v
retrieving revision 1.35
diff -u -p -r1.35 snmpc.c
--- snmpc.c 8 Aug 2021 13:41:26 -0000 1.35
+++ snmpc.c 11 Aug 2021 18:22:18 -0000
@@ -84,12 +84,12 @@ struct snmp_app snmp_apps[] = {
};
struct snmp_app *snmp_app = NULL;
-char *community = "public";
+char *community = NULL;
struct snmp_v3 *v3;
char *mib = "mib_2";
int retries = 5;
int timeout = 1;
-enum snmp_version version = SNMP_V2C;
+enum snmp_version version = SNMP_V3;
int print_equals = 1;
int print_varbind_only = 0;
int print_summary = 0;
@@ -468,7 +468,10 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
- if (version == SNMP_V3) {
+ if (version == SNMP_V1 || version == SNMP_V2C) {
+ if (community == NULL || community[0] == '\0')
+ errx(1, "No community name specified.");
+ } else if (version == SNMP_V3) {
/* Setup USM */
if (user == NULL || user[0] == '\0')
errx(1, "No securityName specified");
