SNMP v3 support
Andrew Lunn
andrew.lunn@ascom.ch
Fri Jan 31 10:38:00 GMT 2003
Hi Folks
Attached is Manu Sharma's and my second efforts at snmp v3.
The first patch is simple. It adds an CDL interfaces for
filesystems. Each filesystem then implements the interface. This
allows the SNMP CDL to disable/enable features that require a
filesystem. This is unchanged, except for ChangeLog entry dates, from
the last time we submitted the patch.
The second patch is the v3 code. We have addresses the issues raised
last time. We have also reorganized and improved the documentation.
The first patch is all my own work. The second patch will require
copywrite paperwork which we are ready to send.
Comments please.
Andrew
-------------- next part --------------
Index: fs/jffs2/current/ChangeLog
===================================================================
RCS file: /cvs/ecos/ecos/packages/fs/jffs2/current/ChangeLog,v
retrieving revision 1.3
diff -u -r1.3 ChangeLog
--- fs/jffs2/current/ChangeLog 14 Oct 2002 15:47:12 -0000 1.3
+++ fs/jffs2/current/ChangeLog 30 Jan 2003 16:08:41 -0000
@@ -1,3 +1,7 @@
+2002-12-06 Andrew Lunn <andrew.lunn@ascom.ch>
+
+ * cdl/jffs2.cdl: Implements the CYGINT_IO_FILEIO_FS interface.
+
2002-10-11 Andrew Lunn <andrew.lunn@ascom.ch>
* src/crc32.h (crc32): Use the CRC package for crc calculation
Index: fs/jffs2/current/cdl/jffs2.cdl
===================================================================
RCS file: /cvs/ecos/ecos/packages/fs/jffs2/current/cdl/jffs2.cdl,v
retrieving revision 1.3
diff -u -r1.3 jffs2.cdl
--- fs/jffs2/current/cdl/jffs2.cdl 14 Oct 2002 15:47:12 -0000 1.3
+++ fs/jffs2/current/cdl/jffs2.cdl 30 Jan 2003 16:08:41 -0000
@@ -67,6 +67,8 @@
requires CYGPKG_IO_FLASH_BLOCK_DEVICE
requires CYGPKG_IO_FILEIO_INODE
+ implements CYGINT_IO_FILEIO_FS
+
compile -library=libextras.a jffs2.c
compile build.c scan.c malloc-ecos.c nodelist.c nodemgmt.c readinode.c erase.c dir-ecos.c write.c gc.c read.c compr.c compr_zlib.c compr_rtime.c compr_rubin.c file-ecos.c
Index: fs/ram/current/ChangeLog
===================================================================
RCS file: /cvs/ecos/ecos/packages/fs/ram/current/ChangeLog,v
retrieving revision 1.5
diff -u -r1.5 ChangeLog
--- fs/ram/current/ChangeLog 23 May 2002 23:01:39 -0000 1.5
+++ fs/ram/current/ChangeLog 30 Jan 2003 16:08:41 -0000
@@ -1,3 +1,7 @@
+2002-12-06 Andrew Lunn <andrew.lunn@ascom.ch>
+
+ * cdl/ramfs.cdl: Implements the CYGINT_IO_FILEIO_FS interface
+
2002-01-25 Jonathan Larmour <jlarmour@redhat.com>
* tests/fileio1.c (main): Check in listdir that the number of
Index: fs/ram/current/cdl/ramfs.cdl
===================================================================
RCS file: /cvs/ecos/ecos/packages/fs/ram/current/cdl/ramfs.cdl,v
retrieving revision 1.3
diff -u -r1.3 ramfs.cdl
--- fs/ram/current/cdl/ramfs.cdl 23 May 2002 23:01:39 -0000 1.3
+++ fs/ram/current/cdl/ramfs.cdl 30 Jan 2003 16:08:41 -0000
@@ -61,6 +61,8 @@
requires CYGINT_ISO_ERRNO
requires CYGINT_ISO_ERRNO_CODES
+ implements CYGINT_IO_FILEIO_FS
+
compile -library=libextras.a ramfs.c
# ----------------------------------------------------------------------
Index: fs/rom/current/ChangeLog
===================================================================
RCS file: /cvs/ecos/ecos/packages/fs/rom/current/ChangeLog,v
retrieving revision 1.8
diff -u -r1.8 ChangeLog
--- fs/rom/current/ChangeLog 29 Jan 2003 12:45:01 -0000 1.8
+++ fs/rom/current/ChangeLog 30 Jan 2003 16:08:41 -0000
@@ -1,3 +1,7 @@
+2003-01-30 Andrew Lunn <andrew.lunn@ascom.ch>
+
+ * cdl/romfs.cdl: Implements the CYGINT_IO_FILEIO_FS interface.
+
2003-01-29 John Dallaway <jld@ecoscentric.com>
* support/file2c.tcl: Accommodate latest Cygwin Tcl shell
Index: fs/rom/current/cdl/romfs.cdl
===================================================================
RCS file: /cvs/ecos/ecos/packages/fs/rom/current/cdl/romfs.cdl,v
retrieving revision 1.6
diff -u -r1.6 romfs.cdl
--- fs/rom/current/cdl/romfs.cdl 23 May 2002 23:01:39 -0000 1.6
+++ fs/rom/current/cdl/romfs.cdl 30 Jan 2003 16:08:41 -0000
@@ -60,6 +60,8 @@
requires CYGINT_ISO_ERRNO
requires CYGINT_ISO_ERRNO_CODES
+ implements CYGINT_IO_FILEIO_FS
+
compile -library=libextras.a romfs.c
# ----------------------------------------------------------------
Index: io/fileio/current/ChangeLog
===================================================================
RCS file: /cvs/ecos/ecos/packages/io/fileio/current/ChangeLog,v
retrieving revision 1.25
diff -u -r1.25 ChangeLog
--- io/fileio/current/ChangeLog 23 Jan 2003 17:07:26 -0000 1.25
+++ io/fileio/current/ChangeLog 30 Jan 2003 16:08:41 -0000
@@ -1,3 +1,8 @@
+2003-01-30 Andrew Lunn <andrew.lunn@ascom.ch>
+
+ * cdl/fileio.cdl: Added interface CYGINT_IO_FILEIO_FS which any
+ FS which FILEIO can use should implement.
+
2003-01-23 Gary Thomas <gary@mlbassoc.com>
* src/misc.cxx (cyg_mtab_lookup): Return an error if the current
Index: io/fileio/current/cdl/fileio.cdl
===================================================================
RCS file: /cvs/ecos/ecos/packages/io/fileio/current/cdl/fileio.cdl,v
retrieving revision 1.9
diff -u -r1.9 fileio.cdl
--- io/fileio/current/cdl/fileio.cdl 11 Nov 2002 23:58:53 -0000 1.9
+++ io/fileio/current/cdl/fileio.cdl 30 Jan 2003 16:08:41 -0000
@@ -72,6 +72,15 @@
compile fd.cxx file.cxx io.cxx dir.cxx
compile -library=libextras.a misc.cxx
+ cdl_interface CYGINT_IO_FILEIO_FS {
+ display "Filesystems interfacing to FILEIO"
+ no_define
+ description "
+ Each filesystem driver which FILEIO can use implements
+ this interface. You can use this to determine if there are
+ any filesystems configured in the system."
+ }
+
cdl_option CYGFUN_IO_FILEIO_SELECT {
display "Enable support for select()"
active_if CYGPKG_KERNEL
-------------- next part --------------
? doc/sgml/tutorials/ecos-tutorial.aux
? doc/sgml/tutorials/ecos-tutorial.log
? doc/sgml/tutorials/ecos-tutorial.out
? doc/sgml/tutorials/ecos-tutorial.pdf
? doc/sgml/tutorials/ecos-tutorial.tex
? doc/sgml/user-guide/ecos-user-guide.aux
? doc/sgml/user-guide/ecos-user-guide.log
? doc/sgml/user-guide/ecos-user-guide.out
? doc/sgml/user-guide/ecos-user-guide.pdf
? doc/sgml/user-guide/ecos-user-guide.tex
? packages/net/snmp/agent/current/doc/manpages
Index: doc/ChangeLog
===================================================================
RCS file: /cvs/ecos/ecos/doc/ChangeLog,v
retrieving revision 1.12
diff -u -r1.12 ChangeLog
--- doc/ChangeLog 22 Jan 2003 10:08:58 -0000 1.12
+++ doc/ChangeLog 30 Jan 2003 16:35:54 -0000
@@ -1,3 +1,8 @@
+2003-01-30 Andrew Lunn <andrew.lunn@ascom.ch>
+
+ * sgml/doclist: Added snmp-manpages.sgml
+ * sgml/makemakefile: Extend the kludge to include snmp-manpages.sgml
+
2003-01-22 John Dallaway <jld@ecoscentric.com>
* sgml/makemakefile: Allow eCos package version to be specified
Index: doc/sgml/doclist
===================================================================
RCS file: /cvs/ecos/ecos/doc/sgml/doclist,v
retrieving revision 1.6
diff -u -r1.6 doclist
--- doc/sgml/doclist 4 Jan 2003 03:19:33 -0000 1.6
+++ doc/sgml/doclist 30 Jan 2003 16:35:54 -0000
@@ -17,6 +17,7 @@
net/bsd_tcpip/current/doc/freebsd.sgml
io/eth/current/doc/ethdrv.sgml
net/snmp/agent/current/doc/snmp.sgml
+net/snmp/agent/current/doc/snmp-manpages.sgml
net/ns/dns/current/doc/dns.sgml
net/httpd/current/doc/httpd.sgml
net/ftpclient/current/doc/ftpclient.sgml
Index: doc/sgml/makemakefile
===================================================================
RCS file: /cvs/ecos/ecos/doc/sgml/makemakefile,v
retrieving revision 1.8
diff -u -r1.8 makemakefile
--- doc/sgml/makemakefile 22 Jan 2003 10:08:59 -0000 1.8
+++ doc/sgml/makemakefile 30 Jan 2003 16:35:54 -0000
@@ -186,7 +186,7 @@
if (test ! -z $line); then
entityi="`echo $i | sed 's@/@-@g; s@\.@-@g; s@_@-@g; s@-current-doc@@g; s@-current@@g'`"
# special kludge
- if [ "`basename $i`" != "tcpip-manpages.sgml" ]; then
+ if [ "`basename $i`" != "tcpip-manpages.sgml" -a "`basename $i`" != "snmp-manpages.sgml" ]; then
echo "&$entityi;" >> ecos.sgml
fi
fi
Index: packages/net/snmp/agent/current/ChangeLog
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/ChangeLog,v
retrieving revision 1.20
diff -u -r1.20 ChangeLog
--- packages/net/snmp/agent/current/ChangeLog 14 Aug 2002 15:18:33 -0000 1.20
+++ packages/net/snmp/agent/current/ChangeLog 30 Jan 2003 16:35:54 -0000
@@ -1,3 +1,21 @@
+2002-11-11 Manu Sharma <manu.sharma@ascom.com>
+
+ * src/mibgroup/mibII/vacm_vars.c:
+ * include/vacm_vars.h: Imported from the UCD-SNMP-4.1.2. These
+ are required to support VACM features, based on a snmpd.conf file.
+
+ * cdl/snmpagent.cdl : Compile vacm_vars.c
+
+ * include/mib_module_inits.h : Initialization of vacm and usm related
+ functions. The usm related functionality are no longer required to
+ be initialized by application code.
+
+ * tests/snmpping.c : Code to create a basic snmpd.conf file and
+ enable its usage. This conditional on
+ CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT and require the ramfs package
+
+ * doc/snmp.sgml: Documentation for above changes.
+
2002-08-14 David Smith <dsmith@redhat.com>
* src/agent_trap.c (send_enterprise_trap_vars):
Index: packages/net/snmp/agent/current/cdl/snmpagent.cdl
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/cdl/snmpagent.cdl,v
retrieving revision 1.6
diff -u -r1.6 snmpagent.cdl
--- packages/net/snmp/agent/current/cdl/snmpagent.cdl 23 May 2002 23:08:07 -0000 1.6
+++ packages/net/snmp/agent/current/cdl/snmpagent.cdl 30 Jan 2003 16:35:55 -0000
@@ -89,6 +89,7 @@
mibgroup/snmpv3/usmStats.c \
mibgroup/snmpv3/usmUser.c \
mibgroup/snmpv3/snmpEngine.c \
+ mibgroup/mibII/vacm_vars.c \
@@ -285,6 +286,15 @@
the set of global flags if present."
}
+ cdl_option CYGPKG_SNMPAGENT_V3_SUPPORT {
+ display "SNMPv3 support package"
+ flavor bool
+ default_value 1
+ description "
+ Enabling this option includes SNMPv3 functionality as per
+ the implementation in UCD-SNMP-4.1.2"
+ }
+
cdl_component CYGPKG_SNMPAGENT_TESTS {
display "SNMP agent tests"
flavor data
@@ -308,6 +318,7 @@
cdl_option CYGSEM_SNMPAGENT_TESTS_SNMPv3 {
display "SNMP agent test for SNMP version 3"
flavor bool
+ active_if CYGPKG_SNMPAGENT_V3_SUPPORT
default_value 1
description "
This option controls the tests for the eCos SMNP agent.
Index: packages/net/snmp/agent/current/doc/prepare-manpages.sh
===================================================================
RCS file: packages/net/snmp/agent/current/doc/prepare-manpages.sh
diff -N packages/net/snmp/agent/current/doc/prepare-manpages.sh
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ packages/net/snmp/agent/current/doc/prepare-manpages.sh 30 Jan 2003 16:35:55 -0000
@@ -0,0 +1,68 @@
+#! /bin/sh
+
+echo 'dude, assuming you are running this script from the packages/net/snmp/agent/current/doc/ directory'
+
+MANPAGE_LIST=`find manpages -type f -name '*.?'`
+
+echo "MANPAGE_LIST is $MANPAGE_LIST"
+
+echo 'removing the previous file snmp-manpages.sgml'
+/bin/rm -f snmp-manpages.sgml
+touch snmp-manpages.sgml
+echo '<!-- HEY YOU!!!!!!!!! -->' >> snmp-manpages.sgml
+echo '<!-- this file is automatically generated by the script -->' >> snmp-manpages.sgml
+echo '<!-- ' " $0 " ' -->' >> snmp-manpages.sgml
+echo '<!-- so PLEASE do not modify it: your changes will be lost -->' >> snmp-manpages.sgml
+echo >> snmp-manpages.sgml
+echo >> snmp-manpages.sgml
+
+for manpage in $MANPAGE_LIST
+do
+ echo "processing $manpage"
+ # get the title for this section
+ manpage_title=`egrep '^\.TH' $manpage | awk '{print $2}'`
+ # note that _ is illegal in an id, so we canonicalize it to -
+ docbook_section_id=`echo $manpage_title | sed 's/_/-/g'`
+ # now prepare out a section and title
+ echo " <sect1 id=\"$docbook_section_id\">" >> snmp-manpages.sgml
+ echo " <title>$manpage_title</title>" >> snmp-manpages.sgml
+ # we make it <screen> so that it is a monospaced font
+ echo " <screen>" >> snmp-manpages.sgml
+
+ # now put the contents into this section
+ cat $manpage | groff -Tascii -mandoc | sed 's/\_�\(.\)/\1/g' \
+ | sed 's/\(.\)�\(.\)/\1/g' \
+ | sed 's/\&/\&/g' \
+ | sed 's/</\</g' \
+ | sed 's/+�o/o/g' >> snmp-manpages.sgml
+
+ # now close out the section
+ echo " </screen>" >> snmp-manpages.sgml
+ echo " </sect1>" >> snmp-manpages.sgml
+ echo >> snmp-manpages.sgml
+done
+
+cat <<EOF >> snmp-manpages.sgml
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:nil
+sgml-shorttag:t
+sgml-namecase-general:t
+sgml-general-insert-case:lower
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:2
+sgml-indent-data:t
+sgml-parent-document:("tcpip.sgml" "book" "chapter")
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+sgml-doctype:"book"
+End:
+-->
+
+EOF
+
+
Index: packages/net/snmp/agent/current/doc/snmp-manpages.sgml
===================================================================
RCS file: packages/net/snmp/agent/current/doc/snmp-manpages.sgml
diff -N packages/net/snmp/agent/current/doc/snmp-manpages.sgml
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ packages/net/snmp/agent/current/doc/snmp-manpages.sgml 30 Jan 2003 16:35:55 -0000
@@ -0,0 +1,488 @@
+<!-- HEY YOU!!!!!!!!! -->
+<!-- this file is automatically generated by the script -->
+<!-- ./prepare-manpages.sh -->
+<!-- so PLEASE do not modify it: your changes will be lost -->
+
+
+ <sect1 id="SNMPD.CONF">
+ <title>SNMPD.CONF</title>
+ <screen>
+SNMPD.CONF(5) SNMPD.CONF(5)
+
+
+
+NAME
+ share/snmp/snmpd.conf - configuration file for the ucd-
+ snmp SNMP agent.
+
+DESCRIPTION
+ snmpd.conf is the configuration file which defines how the
+ ucd-smnp SNMP agent operates. These files may contain any
+ of the directives found in the DIRECTIVES section below.
+ This file is not required for the agent to operate and
+ report mib entries.
+
+PLEASE READ FIRST
+ First, make sure you have read the snmp_config(5) manual
+ page that describes how the ucd-snmp configuration files
+ operate, where they are located and how they all work
+ together.
+
+EXTENSIBLE-MIB
+ The ucd-snmp SNMP agent reports much of its information
+ through queries to the 1.3.6.1.4.1.2021 section of the mib
+ tree. Every mib in this section has the following table
+ entries in it.
+
+ .1 -- index
+ This is the table's index numbers for each of the
+ DIRECTIVES listed below.
+
+ .2 -- name
+ The name of the given table entry. This should be
+ unique, but is not required to be.
+
+ .100 -- errorFlag
+ This is a flag returning either the integer value 1
+ or 0 if an error is detected for this table entry.
+
+ .101 -- errorMsg
+ This is a DISPLAY-STRING describing any error trig-
+ gering the errorFlag above.
+
+ .102 -- errorFix
+ If this entry is SNMPset to the integer value of 1
+ AND the errorFlag defined above is indeed a 1, a
+ program or script will get executed with the table
+ entry name from above as the argument. The program
+ to be executed is configured in the config.h file
+ at compile time.
+
+ Directives
+ proc NAME
+
+ proc NAME MAX
+
+ proc NAME MAX MIN
+
+ Checks to see if the NAME'd processes are running
+ on the agent's machine. An error flag (1) and a
+ description message are then passed to the
+ 1.3.6.1.4.1.2021.2.100 and 1.3.6.1.4.1.2021.2.101
+ mib tables (respectively) if the NAME'd program is
+ not found in the process table as reported by
+ "/bin/ps -e".
+
+ If MAX and MIN are not specified, MAX is assumed to
+ be infinity and MIN is assumed to be 1.
+
+ If MAX is specified but MIN is not specified, MIN
+ is assumed to be 0.
+
+ procfix NAME PROG ARGS
+ This registers a command that knows how to fix
+ errors with the given process NAME. When
+ 1.3.6.1.4.1.2021.2.102 for a given NAMEd program is
+ set to the integer value of 1, this command will be
+ called. It defaults to a compiled value set using
+ the PROCFIXCMD definition in the config.h file.
+
+ exec NAME PROG ARGS
+
+ exec MIBNUM NAME PROG ARGS
+
+ If MIBNUM is not specified, the agent executes the
+ named PROG with arguments of ARGS and returns the
+ exit status and the first line of the STDOUT output
+ of the PROG program to queries of the
+ 1.3.6.1.4.1.2021.8.100 and 1.3.6.1.4.1.2021.8.101
+ mib tables (respectively). All STDOUT output
+ beyond the first line is silently truncated.
+
+ If MIBNUM is specified, it acts as above but
+ returns the exit status to MIBNUM.100.0 and the
+ entire STDOUT output to the table MIBNUM.101 in a
+ mib table. In this case, the MIBNUM.101 mib con-
+ tains the entire STDOUT output, one mib table entry
+ per line of output (ie, the first line is output as
+ MIBNUM.101.1, the second at MIBNUM.101.2, etc...).
+
+ Note: The MIBNUM must be specified in dotted-inte-
+ ger notation and can not be specified as
+ ".iso.org.dod.internet..." (should instead
+ be
+
+ Note: The agent caches the exit status and STDOUT
+ of the executed program for 30 seconds after
+ the initial query. This is to increase
+ speed and maintain consistency of informa-
+ tion for consecutive table queries. The
+ cache can be flushed by a snmp-set request
+ of integer(1) to 1.3.6.1.4.1.2021.100.VER-
+ CLEARCACHE.
+
+ execfix NAME PROG ARGS
+ This registers a command that knows how to fix
+ errors with the given exec or sh NAME. When
+ 1.3.6.1.4.1.2021.8.102 for a given NAMEd entry is
+ set to the integer value of 1, this command will be
+ called. It defaults to a compiled value set using
+ the EXECFIXCMD definition in the config.h file.
+
+ disk PATH
+
+ disk PATH [ MINSPACE | MINPERCENT% ]
+
+ Checks the named disks mounted at PATH for avail-
+ able disk space. If the disk space is less than
+ MINSPACE (kB) if specified or less than MINPERCENT
+ (%) if a % sign is specified, or DEFDISKMINI-
+ MUMSPACE (kB) if not specified, the associated
+ entry in the 1.3.6.1.4.1.2021.9.100 mib table will
+ be set to (1) and a descriptive error message will
+ be returned to queries of 1.3.6.1.4.1.2021.9.101.
+
+ load MAX1
+
+ load MAX1 MAX5
+
+ load MAX1 MAX5 MAX15
+
+ Checks the load average of the machine and returns
+ an error flag (1), and an text-string error message
+ to queries of 1.3.6.1.4.1.2021.10.100 and
+ 1.3.6.1.4.1.2021.10.101 (respectively) when the
+ 1-minute, 5-minute, or 15-minute averages exceed
+ the associated maximum values. If any of the MAX1,
+ MAX5, or MAX15 values are unspecified, they default
+ to a value of DEFMAXLOADAVE.
+
+ file FILE [MAXSIZE]
+ Monitors file sizes and makes sure they don't grow
+ beyond a certain size. MAXSIZE defaults to infi-
+ nite if not specified, and only monitors the size
+ without reporting errors about it.
+
+ Errors
+ Any errors in obtaining the above information are reported
+ via the 1.3.6.1.4.1.2021.101.100 flag and the
+ 1.3.6.1.4.1.2021.101.101 text-string description.
+
+SMUX SUB-AGENTS
+ To enable and SMUX based sub-agent, such as gated, use the
+ smuxpeer configuration entry
+
+ smuxpeer OID PASS
+ For gated a sensible entry might be
+
+ .1.3.6.1.4.1.4.1.3 secret
+
+ACCESS CONTROL
+ snmpd supports the View-Based Access Control Model (vacm)
+ as defined in RFC 2275. To this end, it recognizes the
+ following keywords in the configuration file: com2sec,
+ group, access, and view as well as some easier-to-use
+ wrapper directives: rocommunity, rwcommunity, rouser,
+ rwuser.
+
+ rocommunity COMMUNITY [SOURCE] [OID]
+
+ rwcommunity COMMUNITY [SOURCE] [OID]
+ These create read-only and read-write communities
+ that can be used to access the agent. They are a
+ quick method of using the following com2sec, group,
+ access, and view directive lines. They are not as
+ efficient either, as groups aren't created so the
+ tables are possibly larger. In other words: don't
+ use these if you have complex situations to set up.
+
+ The format of the SOURCE is token is described in
+ the com2sec directive section below. The OID token
+ restricts access for that community to everything
+ below that given OID.
+
+ rouser USER [noauth|auth|priv] [OID]
+
+ rwuser USER [noauth|auth|priv] [OID]
+ Creates a SNMPv3 USM user in the VACM access
+ configuration tables. Again, its more efficient
+ (and powerful) to use the combined com2sec, group,
+ access, and view directives instead.
+
+ The minimum level of authentication and privacy the
+ user must use is specified by the first token
+ (which defaults to "auth"). The OID parameter
+ restricts access for that user to everything below
+ the given OID.
+
+ com2sec NAME SOURCE COMMUNITY
+ This directive specifies the mapping from a
+ source/community pair to a security name. SOURCE
+ can be a hostname, a subnet, or the word "default".
+ A subnet can be specified as IP/MASK or IP/BITS.
+ The first source/community combination that matches
+ the incoming packet is selected.
+
+ group NAME MODEL SECURITY
+ This directive defines the mapping from security-
+ model/securityname to group. MODEL is one of v1,
+ v2c, or usm.
+
+ access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY
+ The access directive maps from group/security
+ model/security level to a view. MODEL is one of
+ any, v1, v2c, or usm. LEVEL is one of noauth,
+ auth, or priv. PREFX specifies how CONTEXT should
+ be matched against the context of the incoming pdu,
+ either exact or prefix. READ, WRITE and NOTIFY
+ specifies the view to be used for the corresponding
+ access. For v1 or v2c access, LEVEL will be
+ noauth, and CONTEXT will be empty.
+
+ view NAME TYPE SUBTREE [MASK]
+ The defines the named view. TYPE is either included
+ or excluded. MASK is a list of hex octets, sepa-
+ rated by '.' or ':'. The MASK defaults to "ff" if
+ not specified.
+
+ The reason for the mask is, that it allows you to
+ control access to one row in a table, in a rela-
+ tively simple way. As an example, as an ISP you
+ might consider giving each customer access to his
+ or her own interface:
+
+ view cust1 included interfaces.ifTable.ifEntry.ifIndex.1 ff.a0
+ view cust2 included interfaces.ifTable.ifEntry.ifIndex.2 ff.a0
+
+ (interfaces.ifTable.ifEntry.ifIndex.1 == .1.3.6.1.2.1.2.2.1.1.1,
+ ff.a0 == 11111111.10100000. which nicely covers up and including
+ the row index, but lets the user vary the field of the row)
+
+ VACM Examples:
+ # sec.name source community
+ com2sec local localhost private
+ com2sec mynet 10.10.10.0/24 public
+ com2sec public default public
+
+ # sec.model sec.name
+ group mygroup v1 mynet
+ group mygroup v2c mynet
+ group mygroup usm mynet
+ group local v1 local
+ group local v2c local
+ group local usm local
+ group public v1 public
+ group public v2c public
+ group public usm public
+
+ # incl/excl subtree mask
+ view all included .1 80
+ view system included system fe
+ view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
+
+ # context sec.model sec.level prefix read write notify
+ access mygroup "" any noauth exact mib2 none none
+ access public "" any noauth exact system none none
+ access local "" any noauth exact all all all
+
+ Default VACM model
+ The default configuration of the agent, as shipped, is functionally
+ equivalent to the following entries:
+ com2sec public default public
+ group public v1 public
+ group public v2c public
+ group public usm public
+ view all included .1
+ access public "" any noauth exact all none none
+
+SNMPv3 CONFIGURATION
+ engineID STRING
+ The snmpd agent needs to be configured with an
+ engineID to be able to respond to SNMPv3 messages.
+ With this configuration file line, the engineID
+ will be configured from STRING. The default value
+ of the engineID is configured with the first IP
+ address found for the hostname of the machine.
+
+ createUser username (MD5|SHA) authpassphrase [DES] [priv-
+ passphrase]
+ This directive should be placed into the "/var/ucd-
+ snmp"/snmpd.conf file instead of the other normal
+ locations. The reason is that the information is
+ read from the file and then the line is removed
+ (eliminating the storage of the master password for
+ that user) and replaced with the key that is
+ derived from it. This key is a localized key, so
+ that if it is stolen it can not be used to access
+ other agents. If the password is stolen, however,
+ it can be.
+
+ MD5 and SHA are the authentication types to use,
+ but you must have built the package with openssl
+ installed in order to use SHA. The only privacy
+ protocol currently supported is DES. If the pri-
+ vacy passphrase is not specified, it is assumed to
+ be the same as the authentication passphrase. Note
+ that the users created will be useless unless they
+ are also added to the VACM access control tables
+ described above.
+
+ Warning: the minimum pass phrase length is 8 char-
+ acters.
+
+ SNMPv3 users can be created at runtime using the
+ snmpusm command.
+
+
+SETTING SYSTEM INFORMATION
+ syslocation STRING
+
+ syscontact STRING
+
+ Sets the system location and the system contact for
+ the agent. This information is reported by the
+ 'system' table in the mibII tree.
+
+ authtrapenable NUMBER
+ Setting authtrapenable to 1 enables generation of
+ authentication failure traps. The default value is
+ 2 (disable).
+
+ trapcommunity STRING
+ This defines the default community string to be
+ used when sending traps. Note that this command
+ must be used prior to any of the following three
+ commands that are intended use this community
+ string.
+
+ trapsink HOST [COMMUNITY [PORT]]
+
+ trap2sink HOST [COMMUNITY [PORT]]
+
+ informsink HOST [COMMUNITY [PORT]]
+ These commands define the hosts to receive traps
+ (and/or inform notifications). The daemon sends a
+ Cold Start trap when it starts up. If enabled, it
+ also sends traps on authentication failures. Mul-
+ tiple trapsink, trap2sink and informsink lines may
+ be specified to specify multiple destinations. Use
+ trap2sink to send SNMPv2 traps and informsink to
+ send inform notifications. If COMMUNITY is not
+ specified, the string from a preceding trapcommu-
+ nity directive will be used. If PORT is not speci-
+ fied, the well known SNMP trap port (162) will be
+ used.
+
+PASS-THROUGH CONTROL
+ pass MIBOID EXEC
+ Passes entire control of MIBOID to the EXEC pro-
+ gram. The EXEC program is called in one of the
+ following three ways:
+
+ EXEC -g MIBOID
+
+ EXEC -n MIBOID
+
+ These call lines match to SNMP get and get-
+ next requests. It is expected that the EXEC
+ program will take the arguments passed to it
+ and return the appropriate response through
+ it's stdout.
+
+ The first line of stdout should be the mib
+ OID of the returning value. The second line
+ should be the TYPE of value returned, where
+ TYPE is one of the text strings: string,
+ integer, unsigned, objectid, timeticks,
+ ipaddress, counter, or gauge. The third
+ line of stdout should be the VALUE corre-
+ sponding with the returned TYPE.
+
+ For instance, if a script was to return the
+ value integer value "42" when a request for
+ .1.3.6.1.4.100 was requested, the script
+ should return the following 3 lines:
+ .1.3.6.1.4.100
+ integer
+ 42
+
+ To indicate that the script is unable to
+ comply with the request due to an end-of-mib
+ condition or an invalid request, simple exit
+ and return no output to stdout at all. A
+ snmp error will be generated corresponding
+ to the SNMP NO-SUCH-NAME response.
+
+ EXEC -s MIBOID TYPE VALUE
+
+ For SNMP set requests, the above call method
+ is used. The TYPE passed to the EXEC pro-
+ gram is one of the text strings: integer,
+ counter, gauge, timeticks, ipaddress, objid,
+ or string, indicating the type of value
+ passed in the next argument.
+
+ Return nothing to stdout, and the set will
+ assumed to have been successful. Otherwise,
+ return one of the following error strings to
+ signal an error: not-writable, or wrong-type
+ and the appropriate error response will be
+ generated instead.
+
+ Note: By default, the only community
+ allowed to write (ie snmpset) to
+ your script will be the "private"
+ community,or community #2 if defined
+ differently by the "community" token
+ discussed above. Which communities
+ are allowed write access are con-
+ trolled by the RWRITE definition in
+ the snmplib/snmp_impl.h source file.
+
+EXAMPLE
+ See the EXAMPLE.CONF file in the top level source direc-
+ tory for a more detailed example of how the above informa-
+ tion is used in real examples.
+
+RE-READING snmpd.conf and snmpd.local.conf
+ The ucd-snmp agent can be forced to re-read its configura-
+ tion files. It can be told to do so by one of two ways:
+
+ 1. An snmpset of integer(1) to
+ 1.3.6.1.4.1.2021.100.VERUPDATECONFIG.
+
+ 2. A "kill -HUP" signal sent to the snmpd agent pro-
+ cess.
+
+FILES
+ share/snmp/snmpd.conf
+
+SEE ALSO
+ snmp_config(5), snmpd(1), EXAMPLE.conf, read_config(3).
+
+
+
+ 27 Jan 2000 SNMPD.CONF(5)
+ </screen>
+ </sect1>
+
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:nil
+sgml-shorttag:t
+sgml-namecase-general:t
+sgml-general-insert-case:lower
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:2
+sgml-indent-data:t
+sgml-parent-document:("tcpip.sgml" "book" "chapter")
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+sgml-doctype:"book"
+End:
+-->
+
Index: packages/net/snmp/agent/current/doc/snmp.sgml
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/doc/snmp.sgml,v
retrieving revision 1.2
diff -u -r1.2 snmp.sgml
--- packages/net/snmp/agent/current/doc/snmp.sgml 15 Sep 2002 21:44:11 -0000 1.2
+++ packages/net/snmp/agent/current/doc/snmp.sgml 30 Jan 2003 16:35:55 -0000
@@ -114,6 +114,20 @@
dot3 { mib2 10 7 } == { transmission 7 } “EtherLike MIB”
snmp { mib2 11 }
</PROGRAMLISTING>
+<PARA>
+On inclusion of SNMPv3 support packages, the following MIBs are added to the
+default set of MIBs enumerated above :
+</PARA>
+<PROGRAMLISTING>
+snmpEngine { snmpFrameworkMIBObjects 1 } SNMP-FRAMEWORK-MIB, as described in
+ RFC-2571 for support of SNMPv3
+ framework.
+
+usmStats { usmMIBObjects 1 } SNMP-USER-BASED-SM-MIB, as
+usmUser { usmMIBObjects 2 } specified in RFC-2574 for support
+ of user based security model in
+ SNMPv3 management domains.
+</PROGRAMLISTING>
</SECT1>
<SECT1 id="net-snmp-ecos-changes">
<TITLE>Changes to eCos sources</TITLE>
@@ -145,7 +159,7 @@
values for such data (in the dot3 MIB).
</PARA>
<PARA>
-The interface chipset has an ID which is an OID; not all latest greatest
+The interface chipset has an ID which is an OID; not all the latest greatest
devices are listed in the abailable database, so new chipsets may need to
be added to the client MIB, if not defined in those from UCD.
</PARA>
@@ -241,6 +255,95 @@
it is up to the application to start the agent when it is ready,
at least after the network interfaces are both ‘up’.
</PARA>
+<SECT2 id="net-snmp-version-usage">
+<TITLE>Version usage (v1, v2 or v3)</TITLE>
+<PARA>
+The default build supports all three versions of the SNMP protocol, but without
+any dispatcher functionality (rfc 2571, section 3.1.1.2). This has the
+following implications :
+</PARA>
+<PARA> 1. There is no community authentication for v1 and v2c.</PARA>
+<PARA>2. Security provided by v3 can be bypassed by using v1/v2c protocol.</PARA>
+<PARA>
+To provide the dispatcher with rfc 2571 type functionality, it is required to
+setup security models and access profiles. This can be provided in the normal
+Unix style by writing the required configurations in <LITERAL>snmpd.conf</LITERAL>
+file. Application code may setup profiles in <LITERAL>snmpd.conf</LITERAL> and
+optionally set the environment variable <LITERAL>SNMPCONFPATH</LITERAL> to
+point to the file if it is not in the usual location. The whole concept works
+in the usual way as with the standard UCD-SNMP distribution.
+</PARA>
+<SECT2 id="Traps">
+<TITLE>Traps</TITLE>
+<PARA>
+The support of <LITERAL>trapsink</LITERAL> command in
+<ulink url="net-snmp-snmpd.conf.html"> snmpd.conf</ulink> file is not tested
+and may have problems in working as expected. Moreover, in systems that do not
+filesystem support, there is no way to configure a trap-session in conventional
+way.
+</PARA>
+<PARA>
+For reasons mentioned above, applications need to initialize their own trap
+sessions and pass it the details of trap-sink. The following is a small sample
+for initializing a v1 trap session :
+</PARA>
+<PROGRAMLISTING>
+typedef struct trap {
+ unsigned char ip [4];
+ unsigned int port;
+ unsigned char community [256];
+}
+
+trap trapsink;
+unsinged char sink [16];
+
+...
+...
+
+if (trapsink.ip != 0) {
+ sprintf (sink, "%d.%d.%d.%d",
+ trapsink[0], trapsink[1], trapsink[2], trapsink[3]);
+ if (create_trap_session (sink,
+ trapsink.port,
+ (char *)trapsink.community,
+ SNMP_VERSION_1,
+ SNMP_MSG_TRAP) == 0) {
+ log_error ("Creation of trap session failed \n");
+ }
+}
+</PROGRAMLISTING>
+</SECT2>
+<SECT2 id="net-snmp-snmpd-conf">
+<TITLE><LITERAL>snmpd.conf</LITERAL> file</TITLE>
+<PARA>
+Using snmpd.conf requires the inclusion of one of the file-system packages
+(eg. CYGPKG_RAMFS) and CYGPKG_FILEIO. With these two packages included, the
+SNMP sub-system will read the snmpd.conf file from the location specified in
+<LITERAL>SNMPCONFPATH</LITERAL>, or the standard builtin locations, and use
+these profiles. Only the profiles specified in the <LITERAL>ACCESS-CONTROL</LITERAL>
+section of <ulink url="net-snmp-snmpd.conf.html">snmpd.conf</ulink> file have
+been tested and shown to work. Other profiles which have been implemented in
+<LITERAL>UCD-SNMP-4.1.2</LITERAL>'s <LITERAL>snmpd.conf</LITERAL> may not work
+because the sole purpose of adding support for the snmpd.conf file has been to
+setup <LITERAL>ACCESS-CONTROL</LITERAL> models.
+</PARA>
+<PARA>
+At startup, the SNMP module tries to look for file <FILENAME>snmp.conf</FILENAME>.
+If this file is not available, the module successively looks for files
+<FILENAME>snmpd.conf</FILENAME>, <FILENAME>snmp.local.conf</FILENAME> and
+<FILENAME>snmpd.local.conf</FILENAME> at location pointed to by <LITERAL>
+SNMPCONFPATH</LITERAL> environment variable. In case <LITERAL>SNMPCONFPATH
+</LITERAL> is not defined, the search sequence is carried out in default directories.
+The default directories are :<FILENAME>/usr/share/snmp</filename>, <filename>
+/usr/local/share/snmp</filename> and <filename>$(HOME)/.snmp</filename>.
+The configurations read from these files are used to control both, SNMP
+applications and the SNMP agent; in the usual UNIX fashion.
+</PARA>
+<PARA>
+The inclusion of snmpd.conf support is enabled by default when suitable
+filesystems and FILEIO packages are active.
+</PARA>
+</SECT2>
</SECT1>
<SECT1 id="net-snmp-test-cases">
<TITLE>Test cases</TITLE>
@@ -285,6 +388,28 @@
<PARA>
Leave to run for a couple of days or so to test stability.
</PARA>
+<PARA>
+The test program can also test snmpd.conf support. It tries to build a minimal
+snmpd.conf file on a RAM filesystem and passes it to the snmp sub-system. With
+this profile on target, the following snmp[cmd] (cmd=walk, get, set) should
+work :
+</PARA>
+<PROGRAMLISTING>
+snmp[cmd] -v1 $IP crux $OID
+snmp[cmd] -v2 $IP crux $OID
+snmp[cmd] -v3 $IP -u root -L noAuthNoPriv $OID
+snmp[cmd] -v3 $IP -u root -L authNoPriv -A MD5 -a md5passwd $OID
+</PROGRAMLISTING>
+<PARA>
+The following commands would however fail since they violate the access model :
+</PARA>
+<PROGRAMLISTING>
+snmp[cmd] $IP public $OID
+snmp[cmd] -v1 $IP public $OID
+snmp[cmd] -v2c $IP public $OID
+snmp[cmd] -v3 $IP -u no_user -L noAuthNoPriv $OID
+snmp[cmd] -v3 $IP -u root -L authNoPriv -A MD5 -a badpasswd $OID
+</PROGRAMLISTING>
</SECT1>
<SECT1 id="net-snmp-clients-and-package-use">
<TITLE>SNMP clients and package use</TITLE>
@@ -328,26 +453,36 @@
data here.”
</PARA>
<PARA>
-Specifically,
+Specifically the following files have omitted/unimplemented code :
+</PARA>
+<PARA>
<filename>PACKAGES/net/snmp/lib/VERSION/src/parse.c</filename>
+</PARA>
+<PARA>
contains code to enumerate MIB files discovered in the system
MIB directories (“<filename>/usr/share/snmp/mibs</filename>”),
and read them all in, building data structures that are used by
client programs to interrogate an agent. This is not required in
an agent, so the routine which enumerates the directories returns
-an empty list.</para>
-<PARA><filename>PACKAGES/net/snmp/lib/VERSION/src/read_config.c</filename>
-contains two systems, the first reads various configuration
-files (“<filename>/usr/share/snmp/snmp.conf</filename>”,
-“<filename>/usr/share/snmp/snmpd.conf</filename>”,
-“<filename>/usr/local/share/snmp/snmpd.local.conf</filename>” and
-the like) to control both the SNMP applications and the agent in
-the usual UNIX fashion. The second system contains code to record persistent
-data as files in a directory (typically “<filename>/var/ucd-snmp/</filename>”)
-thus preserving state permanently. Neither of these is supported
-because there is no filesystem present; as required, a cleaner interface
-to permit application code to manage persistent data will be developed
-in consultation with customers.
+an empty list.
+</PARA>
+<PARA>
+<filename>PACKAGES/net/snmp/lib/VERSION/src/read_config.c</filename>
+contains two systems:
+</PARA>
+<PARA>
+The first tries to read the configuration file as described in
+<ulink url="net-snmp-configuring-ecos.html">snmpd.conf file</ulink> section and
+the second system contains code to record persistent data as files in a
+directory (typically <filename>/var/ucd-snmp</filename>) thus preserving the
+state permanently.
+</PARA>
+<PARA>
+The first part is partially implemented to support multiple profiles and enables
+dispatcher functionality as discussed in <xref linkend="net-snmp-version-usage">.
+The second part is not supported at all in the default implementation. As required,
+a cleaner interface to permit application code to manage persistent data will be
+developed in consultation with customers.
</PARA>
</SECT1>
<SECT1 id="net-snmp-mib-compiler">
@@ -447,5 +582,7 @@
and this should work correctly.
</PARA>
</SECT1>
+
+&net-snmp-agent-snmp-manpages-sgml
</CHAPTER>
</PART>
Index: packages/net/snmp/agent/current/include/mib_module_config.h
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/include/mib_module_config.h,v
retrieving revision 1.3
diff -u -r1.3 mib_module_config.h
--- packages/net/snmp/agent/current/include/mib_module_config.h 23 May 2002 23:08:08 -0000 1.3
+++ packages/net/snmp/agent/current/include/mib_module_config.h 30 Jan 2003 16:35:55 -0000
@@ -127,7 +127,11 @@
#define USING_MIBII_UDP_MODULE 1
/* Define if compiling with the mibII/vacm_vars module files. */
-//#define USING_MIBII_VACM_VARS_MODULE 1
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
+#ifdef CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT
+#define USING_MIBII_VACM_VARS_MODULE 1
+#endif
+#endif
/* Define if compiling with the ucd-snmp/memory module files. */
//#define USING_UCD_SNMP_MEMORY_MODULE 1
@@ -165,17 +169,19 @@
/* Define if compiling with the ucd-snmp/file module files. */
//#define USING_UCD_SNMP_FILE_MODULE 1
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
/* Define if compiling with the snmpv3/snmpEngine module files. */
-//#define USING_SNMPV3_SNMPENGINE_MODULE 1
+#define USING_SNMPV3_SNMPENGINE_MODULE 1
/* Define if compiling with the snmpv3/snmpMPDStats module files. */
//#define USING_SNMPV3_SNMPMPDSTATS_MODULE 1
/* Define if compiling with the snmpv3/usmStats module files. */
-//#define USING_SNMPV3_USMSTATS_MODULE 1
+#define USING_SNMPV3_USMSTATS_MODULE 1
/* Define if compiling with the snmpv3/usmUser module files. */
-//#define USING_SNMPV3_USMUSER_MODULE 1
+#define USING_SNMPV3_USMUSER_MODULE 1
+#endif
/* Define if compiling with the util_funcs module files. */
#define USING_UTIL_FUNCS_MODULE 1
Index: packages/net/snmp/agent/current/include/mib_module_dot_conf.h
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/include/mib_module_dot_conf.h,v
retrieving revision 1.3
diff -u -r1.3 mib_module_dot_conf.h
--- packages/net/snmp/agent/current/include/mib_module_dot_conf.h 23 May 2002 23:08:08 -0000 1.3
+++ packages/net/snmp/agent/current/include/mib_module_dot_conf.h 30 Jan 2003 16:35:55 -0000
@@ -89,4 +89,3 @@
CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*********************************************************************/
-/* This file is automatically generated by configure. Do not modify by hand. */
Index: packages/net/snmp/agent/current/include/mib_module_inits.h
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/include/mib_module_inits.h,v
retrieving revision 1.3
diff -u -r1.3 mib_module_inits.h
--- packages/net/snmp/agent/current/include/mib_module_inits.h 23 May 2002 23:08:08 -0000 1.3
+++ packages/net/snmp/agent/current/include/mib_module_inits.h 30 Jan 2003 16:35:55 -0000
@@ -119,7 +119,15 @@
// init_at(); // #3 is deprecated
-// init_vacm_vars();
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
+init_snmpEngine();
+init_usmStats();
+init_usmUser();
+#ifdef CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT
+init_vacm_vars();
+#endif
+#endif
+
// init_memory();
// init_vmstat();
// init_proc();
@@ -132,8 +140,6 @@
// init_errormib();
// init_registry();
// init_file();
-// init_snmpEngine();
// init_snmpMPDStats();
-// init_usmStats();
-// init_usmUser();
// init_var_route();
+
Index: packages/net/snmp/agent/current/include/mib_module_shutdown.h
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/include/mib_module_shutdown.h,v
retrieving revision 1.3
diff -u -r1.3 mib_module_shutdown.h
--- packages/net/snmp/agent/current/include/mib_module_shutdown.h 23 May 2002 23:08:08 -0000 1.3
+++ packages/net/snmp/agent/current/include/mib_module_shutdown.h 30 Jan 2003 16:35:55 -0000
@@ -89,4 +89,3 @@
CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*********************************************************************/
-/* This file is automatically generated by configure. Do not modify by hand. */
Index: packages/net/snmp/agent/current/include/snmpEngine.h
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/include/snmpEngine.h,v
retrieving revision 1.3
diff -u -r1.3 snmpEngine.h
--- packages/net/snmp/agent/current/include/snmpEngine.h 23 May 2002 23:08:08 -0000 1.3
+++ packages/net/snmp/agent/current/include/snmpEngine.h 30 Jan 2003 16:35:55 -0000
@@ -53,7 +53,7 @@
//==========================================================================
//#####DESCRIPTIONBEGIN####
//
-// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.ch
+// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.com
// Contributors: hmt
// Date: 2001-05-29
// Purpose: Port of UCD-SNMP distribution to eCos.
@@ -100,6 +100,8 @@
#ifndef _MIBGROUP_SNMPENGINE_H
#define _MIBGROUP_SNMPENGINE_H
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
+
/* we use header_generic and checkmib from the util_funcs module */
config_require(util_funcs)
@@ -116,6 +118,8 @@
extern void init_snmpEngine (void);
extern FindVarMethod var_snmpEngine;
+
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
#endif /* _MIBGROUP_SNMPENGINE_H */
Index: packages/net/snmp/agent/current/include/usmStats.h
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/include/usmStats.h,v
retrieving revision 1.3
diff -u -r1.3 usmStats.h
--- packages/net/snmp/agent/current/include/usmStats.h 23 May 2002 23:08:09 -0000 1.3
+++ packages/net/snmp/agent/current/include/usmStats.h 30 Jan 2003 16:35:55 -0000
@@ -53,7 +53,7 @@
//==========================================================================
//#####DESCRIPTIONBEGIN####
//
-// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.ch
+// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.com
// Contributors: hmt
// Date: 2001-05-29
// Purpose: Port of UCD-SNMP distribution to eCos.
@@ -99,6 +99,8 @@
#ifndef _MIBGROUP_USMSTATS_H
#define _MIBGROUP_USMSTATS_H
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
+
/* we use header_generic and checkmib from the util_funcs module */
config_require(util_funcs)
@@ -118,5 +120,6 @@
extern void init_usmStats(void);
extern FindVarMethod var_usmStats;
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
#endif /* _MIBGROUP_USMSTATS_H */
Index: packages/net/snmp/agent/current/include/usmUser.h
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/include/usmUser.h,v
retrieving revision 1.3
diff -u -r1.3 usmUser.h
--- packages/net/snmp/agent/current/include/usmUser.h 23 May 2002 23:08:09 -0000 1.3
+++ packages/net/snmp/agent/current/include/usmUser.h 30 Jan 2003 16:35:55 -0000
@@ -53,7 +53,7 @@
//==========================================================================
//#####DESCRIPTIONBEGIN####
//
-// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.ch
+// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.com
// Contributors: hmt
// Date: 2001-05-29
// Purpose: Port of UCD-SNMP distribution to eCos.
@@ -97,6 +97,8 @@
#ifndef _MIBGROUP_USMUSER_H
#define _MIBGROUP_USMUSER_H
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
+
#include "callback.h"
#include "snmpusm.h"
@@ -146,5 +148,7 @@
WriteMethod write_usmUserPublic;
WriteMethod write_usmUserStorageType;
WriteMethod write_usmUserStatus;
+
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
#endif /* _MIBGROUP_USMUSER_H */
Index: packages/net/snmp/agent/current/include/vacm_vars.h
===================================================================
RCS file: packages/net/snmp/agent/current/include/vacm_vars.h
diff -N packages/net/snmp/agent/current/include/vacm_vars.h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ packages/net/snmp/agent/current/include/vacm_vars.h 30 Jan 2003 16:35:55 -0000
@@ -0,0 +1,144 @@
+//==========================================================================
+//
+// ./agent/current/include/vacm_vars.h
+//
+//
+//==========================================================================
+//####ECOSGPLCOPYRIGHTBEGIN####
+// -------------------------------------------
+// This file is part of eCos, the Embedded Configurable Operating System.
+// Copyright (C) 1998, 1999, 2000, 2001, 2002 Red Hat, Inc.
+//
+// eCos is free software; you can redistribute it and/or modify it under
+// the terms of the GNU General Public License as published by the Free
+// Software Foundation; either version 2 or (at your option) any later version.
+//
+// eCos is distributed in the hope that it will be useful, but WITHOUT ANY
+// WARRANTY; without even the implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+// for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with eCos; if not, write to the Free Software Foundation, Inc.,
+// 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+//
+// As a special exception, if other files instantiate templates or use macros
+// or inline functions from this file, or you compile this file and link it
+// with other works to produce a work based on this file, this file does not
+// by itself cause the resulting work to be covered by the GNU General Public
+// License. However the source code for this file must still be made available
+// in accordance with section (3) of the GNU General Public License.
+//
+// This exception does not invalidate any other reasons why a work based on
+// this file might be covered by the GNU General Public License.
+//
+// Alternative licenses for eCos may be arranged by contacting Red Hat, Inc.
+// at http://sources.redhat.com/ecos/ecos-license/
+// -------------------------------------------
+//####ECOSGPLCOPYRIGHTEND####
+//####UCDSNMPCOPYRIGHTBEGIN####
+//
+// -------------------------------------------
+//
+// Portions of this software may have been derived from the UCD-SNMP
+// project, <http://ucd-snmp.ucdavis.edu/> from the University of
+// California at Davis, which was originally based on the Carnegie Mellon
+// University SNMP implementation. Portions of this software are therefore
+// covered by the appropriate copyright disclaimers included herein.
+//
+// The release used was version 4.1.2 of May 2000. "ucd-snmp-4.1.2"
+// -------------------------------------------
+//
+//####UCDSNMPCOPYRIGHTEND####
+//==========================================================================
+//#####DESCRIPTIONBEGIN####
+//
+// Author(s): Manu Sharma
+// Contributors:
+// Date: 2002-11-01
+// Purpose: Port of UCD-SNMP distribution to eCos.
+// Description:
+//
+//
+//####DESCRIPTIONEND####
+//
+//==========================================================================
+/********************************************************************
+ Copyright 1989, 1991, 1992 by Carnegie Mellon University
+
+ Derivative Work -
+Copyright 1996, 1998, 1999, 2000 The Regents of the University of California
+
+ All Rights Reserved
+
+Permission to use, copy, modify and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appears in all copies and
+that both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of CMU and The Regents of
+the University of California not be used in advertising or publicity
+pertaining to distribution of the software without specific written
+permission.
+
+CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA DISCLAIM ALL
+WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL CMU OR
+THE REGENTS OF THE UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL,
+INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+FROM THE LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
+CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*********************************************************************/
+/*
+ * SNMPv3 View-based Access Control Model
+ */
+
+#ifndef _MIBGROUP_VACM_H
+#define _MIBGROUP_VACM_H
+
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
+#ifdef CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT
+
+config_require(util_funcs)
+config_add_mib(SNMP-VIEW-BASED-ACM-MIB)
+config_add_mib(SNMP-COMMUNITY-MIB)
+
+void init_vacm_vars (void);
+void vacm_free_security (void);
+void vacm_free_group (void);
+void vacm_free_access (void);
+void vacm_free_view (void);
+void vacm_parse_security (const char *, char *);
+void vacm_parse_group (const char *, char *);
+void vacm_parse_access (const char *, char *);
+void vacm_parse_view (const char *, char *);
+void vacm_parse_simple (const char *, char *);
+
+SNMPCallback vacm_in_view_callback;
+
+int vacm_in_view (struct snmp_pdu *, oid *, size_t);
+
+extern FindVarMethod var_vacm_sec2group;
+extern FindVarMethod var_vacm_access;
+extern FindVarMethod var_vacm_view;
+
+#define OID_SNMPVACMMIB SNMP_OID_SNMPMODULES, 16
+#define OID_VACMMIBOBJECTS OID_SNMPVACMMIB, 1
+
+#define OID_VACMCONTEXTTABLE OID_VACMMIBOBJECTS, 1
+#define OID_VACMCONTEXTENTRY OID_VACMCONTEXTTABLE, 1
+
+#define OID_VACMGROUPTABLE OID_VACMMIBOBJECTS, 2
+#define OID_VACMGROUPENTRY OID_VACMGROUPTABLE, 1
+
+#define OID_VACMACCESSTABLE OID_VACMMIBOBJECTS, 4
+#define OID_VACMACCESSENTRY OID_VACMACCESSTABLE, 1
+
+#define OID_VACMMIBVIEWS OID_VACMMIBOBJECTS, 5
+#define OID_VACMVIEWTABLE OID_VACMMIBVIEWS, 2
+#define OID_VACMVIEWENTRY OID_VACMVIEWTABLE, 1
+
+#endif /* CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT */
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
+
+#endif /* _MIBGROUP_VACM_H */
Index: packages/net/snmp/agent/current/src/agent_registry.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/src/agent_registry.c,v
retrieving revision 1.3
diff -u -r1.3 agent_registry.c
--- packages/net/snmp/agent/current/src/agent_registry.c 23 May 2002 23:08:10 -0000 1.3
+++ packages/net/snmp/agent/current/src/agent_registry.c 30 Jan 2003 16:35:55 -0000
@@ -668,7 +668,9 @@
switch (pdu->version) {
case SNMP_VERSION_1:
case SNMP_VERSION_2c:
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
case SNMP_VERSION_3:
+#endif
snmp_call_callbacks(SNMP_CALLBACK_APPLICATION, SNMPD_CALLBACK_ACM_CHECK,
&view_parms);
return view_parms.errorcode;
@@ -693,7 +695,9 @@
switch (pdu->version) {
case SNMP_VERSION_1:
case SNMP_VERSION_2c:
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
case SNMP_VERSION_3:
+#endif
snmp_call_callbacks(SNMP_CALLBACK_APPLICATION,
SNMPD_CALLBACK_ACM_CHECK_INITIAL,
&view_parms);
Index: packages/net/snmp/agent/current/src/mib_modules.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/src/mib_modules.c,v
retrieving revision 1.3
diff -u -r1.3 mib_modules.c
--- packages/net/snmp/agent/current/src/mib_modules.c 23 May 2002 23:08:10 -0000 1.3
+++ packages/net/snmp/agent/current/src/mib_modules.c 30 Jan 2003 16:35:55 -0000
@@ -121,7 +121,9 @@
#include "m2m.h"
#include "snmp_vars.h"
#include "agent_read_config.h"
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include "snmpv3.h"
+#endif
#include "callback.h"
#include "snmp_alarm.h"
#include "default_store.h"
Index: packages/net/snmp/agent/current/src/snmp_vars.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/src/snmp_vars.c,v
retrieving revision 1.3
diff -u -r1.3 snmp_vars.c
--- packages/net/snmp/agent/current/src/snmp_vars.c 23 May 2002 23:08:10 -0000 1.3
+++ packages/net/snmp/agent/current/src/snmp_vars.c 30 Jan 2003 16:35:55 -0000
@@ -199,8 +199,10 @@
#endif
#include "mibincl.h"
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include "snmpv3.h"
#include "snmpusm.h"
+#endif
#include "system.h"
#include "kernel.h"
#include "snmp_vars.h"
@@ -308,7 +310,9 @@
/* we handle alarm signals ourselves in the select loop */
ds_set_boolean(DS_LIBRARY_ID, DS_LIB_ALARM_DONT_USE_SIG, 1);
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
usm_set_reportErrorOnUnknownID(1);
+#endif
#ifdef CAN_USE_NLIST
init_kmem("/dev/kmem");
Index: packages/net/snmp/agent/current/src/snmpd.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/src/snmpd.c,v
retrieving revision 1.5
diff -u -r1.5 snmpd.c
--- packages/net/snmp/agent/current/src/snmpd.c 23 May 2002 23:08:10 -0000 1.5
+++ packages/net/snmp/agent/current/src/snmpd.c 30 Jan 2003 16:35:55 -0000
@@ -204,7 +204,9 @@
#include "m2m.h"
#include "snmp_vars.h"
#include "agent_read_config.h"
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include "snmpv3.h"
+#endif
#include "callback.h"
#include "snmp_alarm.h"
#include "default_store.h"
@@ -218,7 +220,9 @@
#include "snmp_debug.h"
#include "mib_modules.h"
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include "snmpusm.h"
+#endif
#include "tools.h"
#include "lcd_time.h"
Index: packages/net/snmp/agent/current/src/mibgroup/mibII/vacm_vars.c
===================================================================
RCS file: packages/net/snmp/agent/current/src/mibgroup/mibII/vacm_vars.c
diff -N packages/net/snmp/agent/current/src/mibgroup/mibII/vacm_vars.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ packages/net/snmp/agent/current/src/mibgroup/mibII/vacm_vars.c 30 Jan 2003 16:35:56 -0000
@@ -0,0 +1,1194 @@
+// This file is part of eCos, the Embedded Configurable Operating System.
+// Copyright (C) 1998, 1999, 2000, 2001, 2002 Red Hat, Inc.
+//
+// eCos is free software; you can redistribute it and/or modify it under
+// the terms of the GNU General Public License as published by the Free
+// Software Foundation; either version 2 or (at your option) any later version.
+//
+// eCos is distributed in the hope that it will be useful, but WITHOUT ANY
+// WARRANTY; without even the implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+// for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with eCos; if not, write to the Free Software Foundation, Inc.,
+// 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+//
+// As a special exception, if other files instantiate templates or use macros
+// or inline functions from this file, or you compile this file and link it
+// with other works to produce a work based on this file, this file does not
+// by itself cause the resulting work to be covered by the GNU General Public
+// License. However the source code for this file must still be made available
+// in accordance with section (3) of the GNU General Public License.
+//
+// This exception does not invalidate any other reasons why a work based on
+// this file might be covered by the GNU General Public License.
+//
+// Alternative licenses for eCos may be arranged by contacting Red Hat, Inc.
+// at http://sources.redhat.com/ecos/ecos-license/
+// -------------------------------------------
+//####ECOSGPLCOPYRIGHTEND####
+//####UCDSNMPCOPYRIGHTBEGIN####
+//
+// -------------------------------------------
+//
+// Portions of this software may have been derived from the UCD-SNMP
+// project, <http://ucd-snmp.ucdavis.edu/> from the University of
+// California at Davis, which was originally based on the Carnegie Mellon
+// University SNMP implementation. Portions of this software are therefore
+// covered by the appropriate copyright disclaimers included herein.
+//
+// The release used was version 4.1.2 of May 2000. "ucd-snmp-4.1.2"
+// -------------------------------------------
+//
+//####UCDSNMPCOPYRIGHTEND####
+//==========================================================================
+//#####DESCRIPTIONBEGIN####
+//
+// Author(s): Manu Sharma
+// Contributors:
+// Date: 2002-11-01
+// Purpose: Port of UCD-SNMP distribution to eCos.
+// Description:
+//
+//
+//####DESCRIPTIONEND####
+//
+//==========================================================================
+/********************************************************************
+ Copyright 1989, 1991, 1992 by Carnegie Mellon University
+
+ Derivative Work -
+Copyright 1996, 1998, 1999, 2000 The Regents of the University of California
+
+ All Rights Reserved
+
+Permission to use, copy, modify and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appears in all copies and
+that both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of CMU and The Regents of
+the University of California not be used in advertising or publicity
+pertaining to distribution of the software without specific written
+permission.
+
+CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA DISCLAIM ALL
+WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL CMU OR
+THE REGENTS OF THE UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL,
+INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+FROM THE LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
+CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*********************************************************************/
+/*
+ * vacm_vars.c
+ *
+ * SNMPv3 View-based Access Control Model
+ */
+/***********************************************************
+ Copyright 1988, 1989 by Carnegie Mellon University
+
+ All Rights Reserved
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appear in all copies and that
+both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of CMU not be
+used in advertising or publicity pertaining to distribution of the
+software without specific, written prior permission.
+
+CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+******************************************************************/
+
+#include <config.h>
+
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
+#ifdef CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT
+
+#if HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#if HAVE_STRING_H
+#include <string.h>
+#else
+#include <strings.h>
+#endif
+#if HAVE_MALLOC_H
+#include <malloc.h>
+#endif
+#include <ctype.h>
+#include <sys/types.h>
+#if HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#if HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#if HAVE_DMALLOC_H
+#include <dmalloc.h>
+#endif
+
+#if HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#if HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+
+#include "mibincl.h"
+#include "read_config.h"
+#include "agent_read_config.h"
+#include "system.h"
+#include "vacm.h"
+#include "callback.h"
+#include "agent_registry.h"
+#include "agent_callbacks.h"
+#include "vacm_vars.h"
+
+#ifdef USING_MIBII_SYSORTABLE_MODULE
+#if TIME_WITH_SYS_TIME
+# ifdef WIN32
+# include <sys/timeb.h>
+# else
+# include <sys/time.h>
+# endif
+# include <time.h>
+#else
+# if HAVE_SYS_TIME_H
+# include <sys/time.h>
+# else
+# include <time.h>
+# endif
+#endif
+#include <mibgroup/mibII/sysORTable.h>
+#endif
+
+void
+init_vacm_vars (void)
+{
+
+#ifdef USING_MIBII_SYSORTABLE_MODULE
+ static oid reg[] = {SNMP_OID_SNMPMODULES,16,2,2,1};
+#endif
+
+#define PRIVRW (SNMPV2ANY | 0x5000)
+
+ struct variable2 vacm_sec2group[] = {
+ {SECURITYGROUP, ASN_OCTET_STR, PRIVRW, var_vacm_sec2group, 1, {3}},
+ {SECURITYSTORAGE, ASN_INTEGER, PRIVRW, var_vacm_sec2group, 1, {4}},
+ {SECURITYSTATUS, ASN_INTEGER, PRIVRW, var_vacm_sec2group, 1, {5}},
+ };
+
+ struct variable2 vacm_access[] = {
+ {ACCESSMATCH, ASN_INTEGER, PRIVRW, var_vacm_access, 1, {4}},
+ {ACCESSREAD, ASN_OCTET_STR, PRIVRW, var_vacm_access, 1, {5}},
+ {ACCESSWRITE, ASN_OCTET_STR, PRIVRW, var_vacm_access, 1, {6}},
+ {ACCESSNOTIFY, ASN_OCTET_STR, PRIVRW, var_vacm_access, 1, {7}},
+ {ACCESSSTORAGE, ASN_INTEGER, PRIVRW, var_vacm_access, 1, {8}},
+ {ACCESSSTATUS, ASN_INTEGER, PRIVRW, var_vacm_access, 1, {9}},
+ };
+
+ struct variable2 vacm_view[] = {
+ {VIEWMASK, ASN_OCTET_STR, PRIVRW, var_vacm_view, 1, {3}},
+ {VIEWTYPE, ASN_INTEGER, PRIVRW, var_vacm_view, 1, {4}},
+ {VIEWSTORAGE, ASN_INTEGER, PRIVRW, var_vacm_view, 1, {5}},
+ {VIEWSTATUS, ASN_INTEGER, PRIVRW, var_vacm_view, 1, {6}},
+ };
+
+/* Define the OID pointer to the top of the mib tree that we're
+ registering underneath */
+ oid vacm_sec2group_oid[] = { OID_VACMGROUPENTRY };
+ oid vacm_access_oid[] = { OID_VACMACCESSENTRY};
+ oid vacm_view_oid[] = { OID_VACMVIEWENTRY };
+
+ /* register ourselves with the agent to handle our mib tree */
+ REGISTER_MIB("mibII/vacm:sec2group", vacm_sec2group, variable2, \
+ vacm_sec2group_oid);
+ REGISTER_MIB("mibII/vacm:access", vacm_access, variable2, vacm_access_oid);
+ REGISTER_MIB("mibII/vacm:view", vacm_view, variable2, vacm_view_oid);
+
+ snmpd_register_config_handler("com2sec", vacm_parse_security,
+ vacm_free_security,"name source community");
+ snmpd_register_config_handler("group", vacm_parse_group, vacm_free_group,
+ "name v1|v2c|usm security");
+ snmpd_register_config_handler("access", vacm_parse_access, vacm_free_access,
+ "name context model level prefx read write notify");
+ snmpd_register_config_handler("view", vacm_parse_view, vacm_free_view,
+ "name type subtree [mask]");
+ snmpd_register_config_handler("rwcommunity", vacm_parse_simple,
+ NULL,"community [default|hostname|network/bits] [oid]");
+ snmpd_register_config_handler("rocommunity", vacm_parse_simple,
+ NULL,"community [default|hostname|network/bits] [oid]");
+ snmpd_register_config_handler("rwuser", vacm_parse_simple,
+ NULL,"user [noauth|auth|priv] [oid]");
+ snmpd_register_config_handler("rouser", vacm_parse_simple,
+ NULL,"user [noauth|auth|priv] [oid]");
+
+#ifdef USING_MIBII_SYSORTABLE_MODULE
+ register_sysORTable(reg,10,"View-based Access Control Model for SNMP.");
+#endif
+
+ /* register ourselves to handle access control */
+ snmp_register_callback(SNMP_CALLBACK_APPLICATION, SNMPD_CALLBACK_ACM_CHECK,
+ vacm_in_view_callback, NULL);
+ snmp_register_callback(SNMP_CALLBACK_APPLICATION,
+ SNMPD_CALLBACK_ACM_CHECK_INITIAL,
+ vacm_in_view_callback, NULL);
+}
+
+static struct vacm_securityEntry *securityFirst =0, *securityLast =0;
+
+#define EXAMPLE_NETWORK "NETWORK"
+#define EXAMPLE_COMMUNITY "COMMUNITY"
+
+void vacm_parse_security (const char *token,
+ char *param)
+{
+ char *name, *source, *community;
+ const char *mask;
+ char *cp;
+ struct vacm_securityEntry *sp, se;
+ int maskLength, maskBit;
+ struct sockaddr_in *srcIp, *srcMask;
+ char null[] = "";
+
+ memset (&se, 0 , sizeof se);
+ name = strtok(param, "\t\n ");
+ if (!name) {
+ config_perror("missing NAME parameter");
+ return;
+ }
+ source = strtok(NULL, "\t\n ");
+ if (!source) {
+ config_perror("missing SOURCE parameter");
+ return;
+ }
+ if ( !strncmp( source, EXAMPLE_NETWORK, strlen(EXAMPLE_NETWORK)) ) {
+ config_perror("Example config NETWORK not properly configured");
+ return; /* or exit(1); */
+ }
+ community = strtok(NULL, "\t\n ");
+ if (!community) {
+ config_perror("missing COMMUNITY parameter");
+ return;
+ }
+ if ( !strncmp( community, EXAMPLE_COMMUNITY, strlen(EXAMPLE_COMMUNITY)) ) {
+ config_perror("Example config COMMUNITY not properly configured");
+ return; /* or exit(1); */
+ }
+ srcIp = (struct sockaddr_in*)&(se.sourceIp);
+ srcMask = (struct sockaddr_in*)&(se.sourceMask);
+ cp = strchr(source, '/');
+ if (cp == NULL) cp = null;
+ else *cp++ = 0;
+ mask = cp;
+ if (strcmp("default", source) == 0 || strcmp("0.0.0.0", source) == 0) {
+ memset(&(srcIp->sin_addr), 0, sizeof(struct in_addr));
+ mask = "0.0.0.0";
+ }
+ else if ((srcIp->sin_addr.s_addr = inet_addr (source)) == (unsigned) -1) {
+ struct hostent *hp = gethostbyname(source);
+ if (hp != NULL) {
+ memcpy(&(srcIp->sin_addr), hp->h_addr, 4);
+ }
+ else {
+ config_perror ("bad source address");
+ return;
+ }
+ }
+ if (*mask == 0) memset (&(srcMask->sin_addr), 0xff, sizeof(struct in_addr));
+ else {
+ if (strchr(mask, '.')) {
+ if ((srcMask->sin_addr.s_addr = inet_addr(mask)) == (unsigned)-1) {
+ config_perror("bad mask");
+ return;
+ }
+ }
+ else {
+ maskLength = atoi(mask);
+ if (maskLength <= 0 || maskLength > 32) {
+ config_perror("bad mask length");
+ return;
+ }
+ maskBit = 0x80000000L;
+ srcMask->sin_addr.s_addr = 0;
+ while (maskLength--) {
+ srcMask->sin_addr.s_addr |= maskBit;
+ maskBit >>= 1;
+ }
+ srcMask->sin_addr.s_addr = htonl(srcMask->sin_addr.s_addr);
+ }
+ }
+ if ((srcIp->sin_addr.s_addr & ~srcMask->sin_addr.s_addr) != 0) {
+ config_perror("source/mask mismatch");
+ return;
+ }
+ if (strlen(name)+1 > sizeof(se.securityName)) {
+ config_perror("security name too long");
+ return;
+ }
+ if (strlen(community)+1 > sizeof(se.community)) {
+ config_perror("community name too long");
+ return;
+ }
+ strcpy(se.securityName, name);
+ strcpy(se.community, community);
+ sp = (struct vacm_securityEntry *)malloc (sizeof *sp);
+ if (sp == NULL) {
+ config_perror("memory error");
+ return;
+ }
+ *sp = se;
+ if (securityFirst != NULL) {
+ securityLast->next = sp;
+ securityLast = sp;
+ }
+ else {
+ securityFirst = securityLast = sp;
+ }
+}
+
+void vacm_free_security (void)
+{
+ struct vacm_securityEntry *sp;
+ while ((sp = securityFirst)) {
+ securityFirst = sp->next;
+ free(sp);
+ }
+}
+
+void vacm_parse_group (const char *token,
+ char *param)
+{
+ char *group, *model, *security;
+ int imodel;
+ struct vacm_groupEntry *gp = NULL;
+
+ group = strtok (param, " \t\n");
+ model = strtok (NULL, " \t\n");
+ security = strtok (NULL, " \t\n");
+
+ if (group == NULL || *group == 0) {
+ config_perror("missing GROUP parameter");
+ return;
+ }
+ if (model == NULL || *model == 0) {
+ config_perror("missing MODEL parameter");
+ return;
+ }
+ if (security == NULL || *security == 0) {
+ config_perror("missing SECURITY parameter");
+ return;
+ }
+ if (strcasecmp(model, "v1") == 0) imodel = SNMP_SEC_MODEL_SNMPv1;
+ else if (strcasecmp(model, "v2c") == 0) imodel = SNMP_SEC_MODEL_SNMPv2c;
+ else if (strcasecmp(model, "usm") == 0) imodel = SNMP_SEC_MODEL_USM;
+ else if (strcasecmp(model, "any") == 0) {
+ config_perror("bad security model \"any\" should be: v1, v2c or usm - installing anyway");
+ imodel = SNMP_SEC_MODEL_ANY;
+ }
+ else {
+ config_perror("bad security model, should be: v1, v2c or usm");
+ return;
+ }
+ if (strlen(security)+1 > sizeof(gp->groupName)) {
+ config_perror("security name too long");
+ return;
+ }
+ gp = vacm_createGroupEntry(imodel, security);
+ if (!gp) {
+ config_perror("failed to create group entry");
+ return;
+ }
+ strcpy (gp->groupName, group);
+ gp->storageType = SNMP_STORAGE_PERMANENT;
+ gp->status = SNMP_ROW_ACTIVE;
+ free (gp->reserved);
+ gp->reserved = NULL;
+}
+
+void vacm_free_group (void)
+{
+ vacm_destroyAllGroupEntries();
+}
+
+void vacm_parse_access (const char *token, char *param)
+{
+ char *name, *context, *model, *level, *prefix, *readView, *writeView, *notify;
+ int imodel, ilevel, iprefix;
+ struct vacm_accessEntry *ap;
+
+ name = strtok(param, " \t\n");
+ if (!name) {
+ config_perror("missing NAME parameter");
+ return;
+ }
+ context = strtok(NULL, " \t\n");
+ if (!context) {
+ config_perror("missing CONTEXT parameter");
+ return;
+ }
+ model = strtok(NULL, " \t\n");
+ if (!model) {
+ config_perror("missing MODEL parameter");
+ return;
+ }
+ level = strtok(NULL, " \t\n");
+ if (!level) {
+ config_perror("missing LEVEL parameter");
+ return;
+ }
+ prefix = strtok(NULL, " \t\n");
+ if (!prefix) {
+ config_perror("missing PREFIX parameter");
+ return;
+ }
+ readView = strtok(NULL, " \t\n");
+ if (!readView) {
+ config_perror("missing readView parameter");
+ return;
+ }
+ writeView = strtok(NULL, " \t\n");
+ if (!writeView) {
+ config_perror("missing writeView parameter");
+ return;
+ }
+ notify = strtok(NULL, " \t\n");
+ if (!notify) {
+ config_perror("missing notifyView parameter");
+ return;
+ }
+ if (strcmp(context, "\"\"") == 0) *context = 0;
+ if (strcasecmp(model, "any") == 0) imodel = SNMP_SEC_MODEL_ANY;
+ else if (strcasecmp(model, "v1") == 0) imodel = SNMP_SEC_MODEL_SNMPv1;
+ else if (strcasecmp(model, "v2c") == 0) imodel = SNMP_SEC_MODEL_SNMPv2c;
+ else if (strcasecmp(model, "usm") == 0) imodel = SNMP_SEC_MODEL_USM;
+ else {
+ config_perror("bad security model (any, v1, v2c, usm)");
+ return;
+ }
+ if (strcasecmp(level, "noauth") == 0) ilevel = SNMP_SEC_LEVEL_NOAUTH;
+ else if (strcasecmp(level, "noauthnopriv") == 0) ilevel = SNMP_SEC_LEVEL_NOAUTH;
+ else if (strcasecmp(level, "auth") == 0) ilevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
+ else if (strcasecmp(level, "authnopriv") == 0) ilevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
+ else if (strcasecmp(level, "priv") == 0) ilevel = SNMP_SEC_LEVEL_AUTHPRIV;
+ else if (strcasecmp(level, "authpriv") == 0) ilevel = SNMP_SEC_LEVEL_AUTHPRIV;
+ else {
+ config_perror("bad security level (noauthnopriv, authnopriv, authpriv)");
+ return;
+ }
+ if (strcmp(prefix,"exact") == 0) iprefix = 1;
+ else if (strcmp(prefix,"prefix") == 0) iprefix = 2;
+ else if (strcmp(prefix,"0") == 0) {
+ config_perror("bad prefix match parameter \"0\", should be: exact or prefix - installing anyway");
+ iprefix = 1;
+ }
+ else {
+ config_perror("bad prefix match parameter, should be: exact or prefix");
+ return;
+ }
+ if (strlen(readView)+1 > sizeof(ap->readView)) {
+ config_perror("readView too long");
+ return;
+ }
+ if (strlen(writeView)+1 > sizeof(ap->writeView)) {
+ config_perror("writeView too long");
+ return;
+ }
+ if (strlen(notify)+1 > sizeof(ap->notifyView)) {
+ config_perror("notifyView too long");
+ return;
+ }
+ ap = vacm_createAccessEntry (name, context, imodel, ilevel);
+ if (!ap) {
+ config_perror("failed to create access entry");
+ return;
+ }
+ strcpy(ap->readView, readView);
+ strcpy(ap->writeView, writeView);
+ strcpy(ap->notifyView, notify);
+ ap->contextMatch = iprefix;
+ ap->storageType = SNMP_STORAGE_PERMANENT;
+ ap->status = SNMP_ROW_ACTIVE;
+ free (ap->reserved);
+ ap->reserved = NULL;
+}
+
+void vacm_free_access (void)
+{
+ vacm_destroyAllAccessEntries();
+}
+
+void vacm_parse_view (const char *token,
+ char *param)
+{
+ char *name, *type, *subtree, *mask;
+ int inclexcl;
+ struct vacm_viewEntry *vp;
+ oid suboid[MAX_OID_LEN];
+ size_t suboid_len = 0;
+ u_char viewMask[sizeof (vp->viewMask)];
+ int i;
+
+ name = strtok (param, " \t\n");
+ if (!name) {
+ config_perror("missing NAME parameter");
+ return;
+ }
+ type = strtok (NULL, " \n\t");
+ if (!type) {
+ config_perror("missing TYPE parameter");
+ return;
+ }
+ subtree = strtok(NULL, " \t\n");
+ if (!subtree) {
+ config_perror("missing SUBTREE parameter");
+ return;
+ }
+ mask = strtok(NULL, " \t\n");
+
+ if (strcmp(type, "included") == 0) inclexcl = SNMP_VIEW_INCLUDED;
+ else if (strcmp(type, "excluded") == 0) inclexcl = SNMP_VIEW_EXCLUDED;
+ else {
+ config_perror("TYPE must be included/excluded?");
+ return;
+ }
+ suboid_len = MAX_OID_LEN;
+ if (!read_objid(subtree, suboid, &suboid_len)) {
+ config_perror("bad SUBTREE object id");
+ return;
+ }
+ if (mask) {
+ int val;
+ i = 0;
+ for (mask = strtok(mask, ".:"); mask; mask = strtok(NULL, ".:")) {
+ if (i >= sizeof(viewMask)) {
+ config_perror("MASK too long");
+ return;
+ }
+ if (sscanf(mask, "%x", &val) == 0) {
+ config_perror("invalid MASK");
+ return;
+ }
+ viewMask[i] = val;
+ i++;
+ }
+ }
+ else {
+ for (i = 0; i < sizeof(viewMask); i++)
+ viewMask[i] = 0xff;
+ }
+ vp = vacm_createViewEntry(name, suboid, suboid_len);
+ if (!vp) {
+ config_perror("failed to create view entry");
+ return;
+ }
+ memcpy(vp->viewMask, viewMask, sizeof(viewMask));
+ vp->viewType = inclexcl;
+ vp->viewStorageType = SNMP_STORAGE_PERMANENT;
+ vp->viewStatus = SNMP_ROW_ACTIVE;
+ free (vp->reserved);
+ vp->reserved = NULL;
+}
+
+void vacm_free_view (void)
+{
+ vacm_destroyAllViewEntries();
+}
+
+void vacm_parse_simple(const char *token, char *confline) {
+ char line[SPRINT_MAX_LEN];
+ char community[COMMUNITY_MAX_LEN];
+ char theoid[SPRINT_MAX_LEN];
+ char viewname[SPRINT_MAX_LEN];
+ char addressname[SPRINT_MAX_LEN];
+ const char *rw = "none";
+ const char *model = "any";
+ char *cp;
+ static int num = 0;
+ char secname[SPRINT_MAX_LEN];
+ char authtype[SPRINT_MAX_LEN];
+
+ /* community name or user name */
+ cp = copy_word(confline, community);
+
+ if (strcmp(token,"rouser") == 0 || strcmp(token,"rwuser") == 0) {
+ /* authentication type */
+ if (cp && *cp)
+ cp = copy_word(cp, authtype);
+ else
+ strcpy(authtype, "auth");
+ DEBUGMSGTL((token, "setting auth type: \"%s\"\n",authtype));
+ model = "usm";
+ } else {
+ /* source address */
+ if (cp && *cp) {
+ cp = copy_word(cp, addressname);
+ } else {
+ strcpy(addressname, "default");
+ }
+ /* authtype has to be noauth */
+ strcpy(authtype, "noauth");
+ }
+
+ /* oid they can touch */
+ if (cp && *cp) {
+ cp = copy_word(cp, theoid);
+ } else {
+ strcpy(theoid, ".1");
+ }
+
+ if (strcmp(token,"rwcommunity") == 0 || strcmp(token,"rwuser") == 0)
+ rw = viewname;
+
+ if (strcmp(token,"rwcommunity") == 0 || strcmp(token,"rocommunity") == 0) {
+ /* com2sec mapping */
+ /* com2sec anonymousSecNameNUM ADDRESS COMMUNITY */
+ sprintf(secname, "anonymousSecName%03d", num);
+ sprintf(line,"%s %s %s", secname, addressname, community);
+ DEBUGMSGTL((token,"passing: %s %s\n", "com2sec", line));
+ vacm_parse_security("com2sec",line);
+
+ /* sec->group mapping */
+ /* group anonymousGroupNameNUM any anonymousSecNameNUM */
+ sprintf(line,"anonymousGroupName%03d v1 %s", num, secname);
+ DEBUGMSGTL((token,"passing: %s %s\n", "group", line));
+ vacm_parse_group("group",line);
+ sprintf(line,"anonymousGroupName%03d v2c %s", num, secname);
+ DEBUGMSGTL((token,"passing: %s %s\n", "group", line));
+ vacm_parse_group("group",line);
+ } else {
+ strcpy(secname, community);
+
+ /* sec->group mapping */
+ /* group anonymousGroupNameNUM any anonymousSecNameNUM */
+ sprintf(line,"anonymousGroupName%03d usm %s", num, secname);
+ DEBUGMSGTL((token,"passing: %s %s\n", "group", line));
+ vacm_parse_group("group",line);
+ }
+
+
+ /* view definition */
+ /* view anonymousViewNUM included OID */
+ sprintf(viewname,"anonymousView%03d",num);
+ sprintf(line,"%s included %s", viewname, theoid);
+ DEBUGMSGTL((token,"passing: %s %s\n", "view", line));
+ vacm_parse_view("view",line);
+
+ /* map everything together */
+ /* access anonymousGroupNameNUM "" MODEL AUTHTYPE exact anonymousViewNUM [none/anonymousViewNUM] [none/anonymousViewNUM] */
+ sprintf(line, "anonymousGroupName%03d \"\" %s %s exact %s %s %s", num,
+ model, authtype, viewname, rw, rw);
+ DEBUGMSGTL((token,"passing: %s %s\n", "access", line));
+ vacm_parse_access("access",line);
+ num++;
+}
+
+int
+vacm_in_view_callback(int majorID, int minorID, void *serverarg,
+ void *clientarg) {
+ struct view_parameters *view_parms = (struct view_parameters *) serverarg;
+ int retval;
+
+ if (view_parms == NULL)
+ return 1;
+ retval = vacm_in_view(view_parms->pdu, view_parms->name,
+ view_parms->namelen);
+ if (retval != 0)
+ view_parms->errorcode = retval;
+ return retval;
+}
+
+
+/*******************************************************************-o-******
+ * vacm_in_view
+ *
+ * Parameters:
+ * *pdu
+ * *name
+ * namelen
+ *
+ * Returns:
+ * 0 On success.
+ * 1 Missing security name.
+ * 2 Missing group
+ * 3 Missing access
+ * 4 Missing view
+ * 5 Not in view
+ *
+ * Debug output listed as follows:
+ * <securityName> <groupName> <viewName> <viewType>
+ */
+int vacm_in_view (struct snmp_pdu *pdu,
+ oid *name,
+ size_t namelen)
+{
+ struct vacm_securityEntry *sp = securityFirst;
+ struct vacm_accessEntry *ap;
+ struct vacm_groupEntry *gp;
+ struct vacm_viewEntry *vp;
+ struct sockaddr_in *pduIp = (struct sockaddr_in*)&(pdu->address);
+ struct sockaddr_in *srcIp, *srcMask;
+ char *vn;
+ char *sn;
+
+ if (pdu->version == SNMP_VERSION_1 || pdu->version == SNMP_VERSION_2c) {
+ if (snmp_get_do_debugging()) {
+ char *buf;
+ if (pdu->community) {
+ buf = malloc(1+ pdu->community_len);
+ memcpy(buf, pdu->community, pdu->community_len);
+ buf[pdu->community_len] = '\0';
+ } else {
+ DEBUGMSGTL(("mibII/vacm_vars", "NULL community"));
+ buf = strdup("NULL");
+ }
+
+ DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: ver=%d, source=%.8x, community=%s\n", pdu->version, pduIp->sin_addr.s_addr, buf));
+ free (buf);
+ }
+
+ /* allow running without snmpd.conf */
+ if (sp == NULL && !vacm_is_configured()) {
+ DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: accepted with no com2sec entries\n"));
+ switch (pdu->command) {
+ case SNMP_MSG_GET:
+ case SNMP_MSG_GETNEXT:
+ case SNMP_MSG_GETBULK:
+ return 0;
+ default:
+ return 1;
+ }
+ }
+ while (sp) {
+ srcIp = (struct sockaddr_in *)&(sp->sourceIp);
+ srcMask = (struct sockaddr_in *)&(sp->sourceMask);
+ if ((pduIp->sin_addr.s_addr & srcMask->sin_addr.s_addr)
+ == srcIp->sin_addr.s_addr
+ && strlen(sp->community) == pdu->community_len
+ && !strncmp(sp->community, (char *)pdu->community, pdu->community_len))
+ break;
+ sp = sp->next;
+ }
+ if (sp == NULL) return 1;
+ sn = sp->securityName;
+ } else if (pdu->securityModel == SNMP_SEC_MODEL_USM) {
+ DEBUGMSG (("mibII/vacm_vars",
+ "vacm_in_view: ver=%d, model=%d, secName=%s\n",
+ pdu->version, pdu->securityModel, pdu->securityName));
+ sn = pdu->securityName;
+ } else {
+ sn = NULL;
+ }
+
+ if (sn == NULL) return 1;
+ DEBUGMSGTL(("mibII/vacm_vars", "vacm_in_view: sn=%s", sn));
+
+ gp = vacm_getGroupEntry(pdu->securityModel, sn);
+ if (gp == NULL) { DEBUGMSG(("mibII/vacm_vars", "\n")); return 2; }
+ DEBUGMSG (("mibII/vacm_vars", ", gn=%s", gp->groupName));
+
+ ap = vacm_getAccessEntry(gp->groupName, "", pdu->securityModel,
+ pdu->securityLevel);
+ if (ap == NULL) { DEBUGMSG(("mibII/vacm_vars", "\n")); return 3; }
+
+ if (name == 0) { /* only check the setup of the vacm for the request */
+ DEBUGMSG(("mibII/vacm_vars", ", Done checking setup\n"));
+ return 0;
+ }
+
+ switch (pdu->command) {
+ case SNMP_MSG_GET:
+ case SNMP_MSG_GETNEXT:
+ case SNMP_MSG_GETBULK:
+ vn = ap->readView;
+ break;
+ case SNMP_MSG_SET:
+ vn = ap->writeView;
+ break;
+ case SNMP_MSG_TRAP:
+ case SNMP_MSG_TRAP2:
+ case SNMP_MSG_INFORM:
+ vn = ap->notifyView;
+ break;
+ default:
+ snmp_log(LOG_ERR, "bad msg type in vacm_in_view: %d\n", pdu->command);
+ vn = ap->readView;
+ }
+ DEBUGMSG (("mibII/vacm_vars", ", vn=%s", vn));
+
+ vp = vacm_getViewEntry (vn, name, namelen);
+ if (vp == NULL) { DEBUGMSG(("mibII/vacm_vars", "\n")); return 4; }
+ DEBUGMSG(("mibII/vacm_vars", ", vt=%d\n", vp->viewType));
+ if (vp->viewType == SNMP_VIEW_EXCLUDED) return 5;
+
+ return 0;
+
+} /* end vacm_in_view() */
+
+
+u_char *var_vacm_sec2group(struct variable *vp,
+ oid *name,
+ size_t *length,
+ int exact,
+ size_t *var_len,
+ WriteMethod **write_method)
+{
+ struct vacm_groupEntry *gp;
+ oid *groupSubtree;
+ int groupSubtreeLen;
+ int secmodel;
+ char secname[32], *cp;
+
+ write_method = NULL;
+ if (memcmp(name, vp->name, sizeof(oid)*vp->namelen) != 0) {
+ memcpy(name, vp->name, sizeof(oid)*vp->namelen);
+ *length = vp->namelen;
+ }
+ if (exact) {
+ if (*length < 13) return NULL;
+
+ secmodel = name[11];
+ groupSubtree = name+13;
+ groupSubtreeLen = *length - 13;
+ cp = secname;
+ while (groupSubtreeLen-- > 0) {
+ if (*groupSubtree > 255)
+ return 0; /* illegal value */
+ *cp++ = (char) *groupSubtree++;
+ }
+ *cp = 0;
+
+ gp = vacm_getGroupEntry(secmodel, secname);
+ }
+ else {
+ secmodel = *length > 11 ? name[11] : 0;
+ groupSubtree = name+12;
+ groupSubtreeLen = *length - 12;
+ cp = secname;
+ while (groupSubtreeLen-- > 0) {
+ if (*groupSubtree > 255)
+ return 0; /* illegal value */
+ *cp++ = (char) *groupSubtree++;
+ }
+ *cp = 0;
+ vacm_scanGroupInit();
+ while ((gp = vacm_scanGroupNext()) != NULL) {
+ if (gp->securityModel > secmodel ||
+ (gp->securityModel == secmodel && strcmp(gp->securityName, secname) > 0))
+ break;
+ }
+ if (gp) {
+ name[11] = gp->securityModel;
+ *length = 12;
+ cp = gp->securityName;
+ while (*cp) {
+ name[(*length)++] = *cp++;
+ }
+ }
+ }
+
+ if (!gp) return NULL;
+
+ *var_len =sizeof(long_return);
+ switch (vp->magic) {
+ case SECURITYMODEL:
+ long_return = gp->securityModel;
+ return (u_char *)&long_return;
+ case SECURITYNAME:
+ *var_len = gp->securityName[0];
+ return (u_char *)&gp->securityName[1];
+ case SECURITYGROUP:
+ *var_len = strlen(gp->groupName);
+ return (u_char *)gp->groupName;
+ case SECURITYSTORAGE:
+ long_return = gp->storageType;
+ return (u_char *)&long_return;
+ case SECURITYSTATUS:
+ long_return = gp->status;
+ return (u_char *)&long_return;
+ }
+ return NULL;
+}
+
+u_char *var_vacm_access(struct variable *vp,
+ oid *name,
+ size_t *length,
+ int exact,
+ size_t *var_len,
+ WriteMethod **write_method)
+{
+ struct vacm_accessEntry *gp;
+ int secmodel;
+ int seclevel;
+ char groupName[32];
+ char contextPrefix[32];
+ oid *op;
+ int len;
+ char *cp;
+ int cmp;
+
+ write_method = NULL;
+ if (memcmp(name, vp->name, sizeof(oid)*vp->namelen) != 0) {
+ memcpy(name, vp->name, sizeof(oid)*vp->namelen);
+ *length = vp->namelen;
+ }
+ if (exact) {
+ if (*length < 15) return NULL;
+
+ op = name+11;
+ len = *op++;
+ cp = groupName;
+ while (len-- > 0) {
+ if (*op > 255)
+ return 0; /* illegal value */
+ *cp++ = (char) *op++;
+ }
+ *cp = 0;
+ len = *op++;
+ cp = contextPrefix;
+ while (len-- > 0) {
+ if (*op > 255)
+ return 0; /* illegal value */
+ *cp++ = (char) *op++;
+ }
+ *cp = 0;
+ secmodel = *op++;
+ seclevel = *op++;
+ if (op != name + *length) {
+ return NULL;
+ }
+
+ gp = vacm_getAccessEntry(groupName, contextPrefix, secmodel, seclevel);
+ }
+ else {
+ secmodel = seclevel = 0;
+ groupName[0] = 0;
+ contextPrefix[0] = 0;
+ op = name+11;
+ if (op >= name + *length) {
+ }
+ else {
+ len = *op;
+ cp = groupName;
+ while (len-- >= 0) {
+ if (*op > 255)
+ return 0; /* illegal value */
+ *cp++ = (char) *op++;
+ }
+ *cp = 0;
+ }
+ if (op >= name + *length) {
+ }
+ else {
+ len = *op;
+ cp = contextPrefix;
+ while (len-- >= 0) {
+ if (*op > 255)
+ return 0; /* illegal value */
+ *cp++ = (char) *op++;
+ }
+ *cp = 0;
+ }
+ if (op >= name + *length) {
+ }
+ else {
+ secmodel = *op++;
+ }
+ if (op >= name + *length) {
+ }
+ else {
+ seclevel = *op++;
+ }
+ vacm_scanAccessInit();
+ while ((gp = vacm_scanAccessNext()) != NULL) {
+ cmp = strcmp(gp->groupName, groupName);
+ if (cmp > 0) break;
+ if (cmp < 0) continue;
+ cmp = strcmp(gp->contextPrefix, contextPrefix);
+ if (cmp > 0) break;
+ if (cmp < 0) continue;
+ if (gp->securityModel > secmodel) break;
+ if (gp->securityModel < secmodel) continue;
+ if (gp->securityLevel > seclevel) break;
+ }
+ if (gp) {
+ *length = 11;
+ cp = gp->groupName;
+ do {
+ name[(*length)++] = *cp++;
+ } while (*cp);
+ cp = gp->contextPrefix;
+ do {
+ name[(*length)++] = *cp++;
+ } while (*cp);
+ name[(*length)++] = gp->securityModel;
+ name[(*length)++] = gp->securityLevel;
+ }
+ }
+
+ if (!gp) return NULL;
+
+ *var_len =sizeof(long_return);
+ switch (vp->magic) {
+ case ACCESSMATCH:
+ long_return = gp->contextMatch;
+ return (u_char *)&long_return;
+ case ACCESSLEVEL:
+ long_return = gp->securityLevel;
+ return (u_char *)&long_return;
+ case ACCESSMODEL:
+ long_return = gp->securityModel;
+ return (u_char *)&long_return;
+ case ACCESSPREFIX:
+ *var_len = *gp->contextPrefix;
+ return (u_char *)&gp->contextPrefix[1];
+ case ACCESSREAD:
+ *var_len = strlen(gp->readView);
+ return (u_char *)gp->readView;
+ case ACCESSWRITE:
+ *var_len = strlen(gp->writeView);
+ return (u_char *)gp->writeView;
+ case ACCESSNOTIFY:
+ *var_len = strlen(gp->notifyView);
+ return (u_char *)gp->notifyView;
+ case ACCESSSTORAGE:
+ long_return = gp->storageType;
+ return (u_char *)&long_return;
+ case ACCESSSTATUS:
+ long_return = gp->status;
+ return (u_char *)&long_return;
+ }
+ return NULL;
+}
+
+u_char *var_vacm_view(struct variable *vp,
+ oid *name,
+ size_t *length,
+ int exact,
+ size_t *var_len,
+ WriteMethod **write_method)
+{
+ struct vacm_viewEntry *gp;
+ char viewName[32];
+ oid subtree[MAX_OID_LEN];
+ size_t subtreeLen = 0;
+ oid *op, *op1;
+ int len;
+ char *cp;
+ int cmp;
+
+ write_method = NULL;
+ if (memcmp(name, vp->name, sizeof(oid)*vp->namelen) != 0) {
+ memcpy(name, vp->name, sizeof(oid)*vp->namelen);
+ *length = vp->namelen;
+ }
+ if (exact) {
+ if (*length < 15) return NULL;
+
+ op = name+12;
+ len = *op++;
+ cp = viewName;
+ while (len-- > 0) {
+ if (*op > 255)
+ return 0; /* illegal value */
+ *cp++ = (char) *op++;
+ }
+ *cp = 0;
+ len = *length - (op - name);
+ op1 = subtree;
+ while (len-- > 0) {
+ *op1++ = *op++;
+ subtreeLen++;
+ }
+ if (op != name + *length) {
+ return NULL;
+ }
+
+ gp = vacm_getViewEntry(viewName, subtree, subtreeLen);
+ }
+ else {
+ viewName[0] = 0;
+ op = name+12;
+ if (op >= name + *length) {
+ }
+ else {
+ len = *op;
+ cp = viewName;
+ while (len-- >= 0) {
+ if (*op > 255)
+ return 0; /* illegal value */
+ *cp++ = (char) *op++;
+ }
+ *cp = 0;
+ }
+ if (op >= name + *length) {
+ }
+ else {
+ len = *length - (op - name);
+ op1 = subtree;
+ while (len-- >= 0) {
+ *op1++ = *op++;
+ subtreeLen++;
+ }
+ }
+ vacm_scanViewInit();
+ while ((gp = vacm_scanViewNext()) != NULL) {
+ cmp = strcmp(gp->viewName, viewName);
+ if (cmp > 0) break;
+ if (cmp < 0) continue;
+ }
+ if (gp) {
+ *length = 12;
+ cp = gp->viewName;
+ do {
+ name[(*length)++] = *cp++;
+ } while (*cp);
+ op1 = gp->viewSubtree;
+ len = gp->viewSubtreeLen;
+ do {
+ name[(*length)++] = *op1++;
+ } while (len-- > 0);
+ }
+ }
+
+ if (!gp) return NULL;
+
+ *var_len =sizeof(long_return);
+ switch (vp->magic) {
+ case VIEWNAME:
+ *var_len = gp->viewName[0];
+ return (u_char *)&gp->viewName[1];
+ case VIEWSUBTREE:
+ *var_len = gp->viewSubtreeLen*sizeof(oid);
+ return (u_char *)gp->viewSubtree;
+ case VIEWMASK:
+ *var_len = (gp->viewSubtreeLen + 7) / 8;
+ return (u_char *)gp->viewMask;
+ case VIEWTYPE:
+ long_return = gp->viewType;
+ return (u_char *)&long_return;
+ case VIEWSTORAGE:
+ long_return = gp->viewStorageType;
+ return (u_char *)&long_return;
+ case VIEWSTATUS:
+ long_return = gp->viewStatus;
+ return (u_char *)&long_return;
+ }
+ return NULL;
+}
+
+#endif /* CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT */
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
Index: packages/net/snmp/agent/current/src/mibgroup/snmpv3/snmpEngine.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/src/mibgroup/snmpv3/snmpEngine.c,v
retrieving revision 1.3
diff -u -r1.3 snmpEngine.c
--- packages/net/snmp/agent/current/src/mibgroup/snmpv3/snmpEngine.c 23 May 2002 23:08:13 -0000 1.3
+++ packages/net/snmp/agent/current/src/mibgroup/snmpv3/snmpEngine.c 30 Jan 2003 16:35:56 -0000
@@ -93,6 +93,7 @@
#include <config.h>
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#if HAVE_WINSOCK_H
#include <winsock.h>
#endif
@@ -277,4 +278,5 @@
return SNMP_ERR_NOERROR;
}
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
#endif /* SNMP_TESTING_CODE */
Index: packages/net/snmp/agent/current/src/mibgroup/snmpv3/usmStats.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/src/mibgroup/snmpv3/usmStats.c,v
retrieving revision 1.3
diff -u -r1.3 usmStats.c
--- packages/net/snmp/agent/current/src/mibgroup/snmpv3/usmStats.c 23 May 2002 23:08:13 -0000 1.3
+++ packages/net/snmp/agent/current/src/mibgroup/snmpv3/usmStats.c 30 Jan 2003 16:35:56 -0000
@@ -53,7 +53,7 @@
//==========================================================================
//#####DESCRIPTIONBEGIN####
//
-// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.ch
+// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.com
// Contributors: hmt
// Date: 2001-05-29
// Purpose: Port of UCD-SNMP distribution to eCos.
@@ -94,6 +94,7 @@
#include <config.h>
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#if HAVE_WINSOCK_H
#include <winsock.h>
#endif
@@ -157,3 +158,4 @@
return 0;
}
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
Index: packages/net/snmp/agent/current/src/mibgroup/snmpv3/usmUser.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/src/mibgroup/snmpv3/usmUser.c,v
retrieving revision 1.3
diff -u -r1.3 usmUser.c
--- packages/net/snmp/agent/current/src/mibgroup/snmpv3/usmUser.c 23 May 2002 23:08:13 -0000 1.3
+++ packages/net/snmp/agent/current/src/mibgroup/snmpv3/usmUser.c 30 Jan 2003 16:35:56 -0000
@@ -53,7 +53,7 @@
//==========================================================================
//#####DESCRIPTIONBEGIN####
//
-// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.ch
+// Author(s): Andrew.Lunn@ascom.ch, Manu.Sharma@ascom.com
// Contributors: hmt
// Date: 2001-05-29
// Purpose: Port of UCD-SNMP distribution to eCos.
@@ -94,6 +94,8 @@
*/
#include <config.h>
+
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include <stdlib.h>
#if HAVE_STRING_H
@@ -1172,3 +1174,4 @@
} /* end write_usmUserStatus() */
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
Index: packages/net/snmp/agent/current/tests/snmpping.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/agent/current/tests/snmpping.c,v
retrieving revision 1.8
diff -u -r1.8 snmpping.c
--- packages/net/snmp/agent/current/tests/snmpping.c 23 May 2002 23:08:13 -0000 1.8
+++ packages/net/snmp/agent/current/tests/snmpping.c 30 Jan 2003 16:35:56 -0000
@@ -171,11 +171,13 @@
// PING test code
#include <network.h>
+#include <stdio.h>
#include <pkgconf/system.h>
#include <pkgconf/net.h>
#include <pkgconf/snmpagent.h>
+#include <unistd.h>
#ifdef CYGSEM_SNMPAGENT_TESTS_SNMPv3
#include <ucd-snmp/config.h>
@@ -455,13 +457,98 @@
{
diag_printf( "SNMP re-init function\n" );
#ifdef CYGSEM_SNMPAGENT_TESTS_SNMPv3
- init_usmUser(); /* MIBs to support SNMPv3 */
- init_usmStats();
- init_snmpEngine();
+ // Initialisation for USM is now invoked from mib_module_inits.h
+ //init_usmUser(); /* MIBs to support SNMPv3 */
+ //init_usmStats();
+ //init_snmpEngine();
usm_parse_create_usmUser(NULL, "root MD5 md5passwd DES DESpasswd");
#endif // CYGSEM_SNMPAGENT_TESTS_SNMPv3
}
+int create_snmpd_conf (void) {
+#ifdef CYGSEM_SNMPAGENT_TESTS_SNMPv3
+#ifdef CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT
+#ifdef CYGPKG_FS_RAM
+ int c;
+ FILE *fd;
+
+ diag_printf ("\nStarting creation of snmpd.conf\n");
+
+ /* Mount RAM-FS */
+ if (mount ("", "/", "ramfs") != 0) {
+ diag_printf ("File system mount failed; errno=%d \n", errno);
+ return -1;
+ }
+
+ if (mkdir ("/etc", 0) != 0) {
+ diag_printf ("mkdir (etc) failed; errno=%d\n", errno);
+ return -1;
+ }
+
+ if (chdir ("/etc") != 0) {
+ diag_printf ("... Change-dir (etc) failed; errno=%d\n", errno);
+ return -1;
+ } else {
+ diag_printf ("chdir-etc done\n");
+ }
+
+ if (mkdir ("snmp", 0) != 0) {
+ diag_printf ("mkdir failed (snmp); errno=%d\n", errno);
+ return -1;
+ } else {
+ diag_printf ("mkdir-snmp done\n");
+ }
+
+ if (chdir ("snmp") != 0) {
+ diag_printf ("... Change-dir (snmp) failed; errno=%d\n", errno);
+ return -1;
+ } else {
+ diag_printf ("... Change-dir (snmp) done \n");
+ }
+
+ /* Open File & Write to it */
+ if ((fd = fopen( "snmpd.conf", "w" )) == NULL) {
+ diag_printf ("fopen failed\n");
+ return -1;
+ }
+
+ fprintf (fd, "# sec.name source community\n");
+ fprintf (fd, "com2sec public default crux\n");
+ fprintf (fd, "com2sec root default crux\n");
+ fprintf (fd, "# sec.model sec.name\n");
+ fprintf (fd, "group public v1 public\n");
+ fprintf (fd, "group public v2c public\n");
+ fprintf (fd, "group public usm root\n");
+ fprintf (fd, "view all included .1\n");
+ fprintf (fd, "access public \"\" any noauth exact all none none\n");
+ fprintf (fd, "\n\n");
+
+ if (fclose (fd)) {
+ diag_printf ("fclose failed\n");
+ return -1;
+ }
+
+ /* Read Back */
+ fd = fopen( "/etc/snmp/snmpd.conf", "r" );
+ if (fd == NULL) {
+ diag_printf ("fopen failed\n");
+ return -1;
+ }
+
+ while ((c=fgetc (fd)) != EOF) {
+ diag_printf ("%c", c);
+ }
+
+ if (fclose (fd)) {
+ diag_printf ("fclose failed\n");
+ return -1;
+ }
+#endif
+#endif
+#endif
+ return 0;
+}
+
void
net_test(cyg_addrword_t p)
{
@@ -494,6 +581,9 @@
snmpd_reinit_function = snmp_do_reinit;
+ if (create_snmpd_conf ()) {
+ CYG_TEST_FAIL_EXIT("create_snmpd_conf() error\n");
+ }
cyg_net_snmp_init();
}
do {
Index: packages/net/snmp/lib/current/ChangeLog
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/ChangeLog,v
retrieving revision 1.8
diff -u -r1.8 ChangeLog
--- packages/net/snmp/lib/current/ChangeLog 23 May 2002 23:08:14 -0000 1.8
+++ packages/net/snmp/lib/current/ChangeLog 30 Jan 2003 16:35:56 -0000
@@ -1,3 +1,18 @@
+2002-12-06 Andrew Lunn <andrew.lunn@ascom.ch>
+
+ * cdl/snmplib.cdl: Make use of the CYGINT_IO_FILEIO_FS interface
+ to determine if there are any filesystems in the system.
+
+2002-11-11 Manu Sharma <manu.sharma@ascom.com>
+
+ * cdl/snmplib.cdl: Added new component
+ CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT to support usage of the
+ snmpd.conf file based agent configuration.
+
+ * src/read_config.c: Include functions that read the snmpd.conf
+ file and setup the infrastructure based on configurations in
+ this file.
+
2002-02-01 Gary Thomas <gthomas@redhat.com>
* src/system.c:
Index: packages/net/snmp/lib/current/cdl/snmplib.cdl
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/cdl/snmplib.cdl,v
retrieving revision 1.4
diff -u -r1.4 snmplib.cdl
--- packages/net/snmp/lib/current/cdl/snmplib.cdl 23 May 2002 23:08:14 -0000 1.4
+++ packages/net/snmp/lib/current/cdl/snmplib.cdl 30 Jan 2003 16:35:56 -0000
@@ -104,6 +104,30 @@
activity, often enough to make your SNMP client time out."
}
+ cdl_component CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT {
+ display "SNMP file-system options"
+ description "
+ This option enables file-system dependent functionality,
+ eg snmp.conf"
+
+ active_if CYGPKG_IO_FILEIO
+ active_if { CYGINT_IO_FILEIO_FS > 0 }
+
+ flavor bool
+ default_value 1
+
+ cdl_option CYGPKG_SNMPLIB_PERSISTENT_FILESYSTEM {
+ display "Persistent filesystem support"
+ flavor bool
+ default_value 0
+ description "
+ This option enables functions that would require a
+ persistent file-system to be available. This
+ would be required if a system needs to save backups
+ of the snmpd.conf files."
+ }
+ }
+
cdl_component CYGPKG_SNMPLIB_OPTIONS {
display "SNMP library build options"
flavor none
Index: packages/net/snmp/lib/current/include/config.h
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/include/config.h,v
retrieving revision 1.7
diff -u -r1.7 config.h
--- packages/net/snmp/lib/current/include/config.h 23 May 2002 23:08:15 -0000 1.7
+++ packages/net/snmp/lib/current/include/config.h 30 Jan 2003 16:35:56 -0000
@@ -174,7 +174,11 @@
/* PERSISTENT_DIRECTORY: If defined, the library is capabile of saving
persisant information to this directory in the form of configuration
lines: PERSISTENT_DIRECTORY/NAME.persistent.conf */
-//#define PERSISTENT_DIRECTORY "/var/ucd-snmp"
+#ifdef CYGPKG_SNMPLIB_PERSISTENT_FILESYSTEM
+#define PERSISTENT_DIRECTORY "/var/ucd-snmp"
+#else
+#define PERSISTENT_DIRECTORY "/dev/null"
+#endif
/* PERSISTENT_MASK: the umask permissions to set up the persistent files with */
//#define PERSISTENT_MASK 077
Index: packages/net/snmp/lib/current/include/transform_oids.h
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/include/transform_oids.h,v
retrieving revision 1.3
diff -u -r1.3 transform_oids.h
--- packages/net/snmp/lib/current/include/transform_oids.h 23 May 2002 23:08:18 -0000 1.3
+++ packages/net/snmp/lib/current/include/transform_oids.h 30 Jan 2003 16:35:56 -0000
@@ -95,6 +95,7 @@
* Numeric MIB names for auth and priv transforms.
*/
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
static oid usmNoAuthProtocol[] = { 1,3,6,1,6,3,10,1,1,1 };
static oid usmHMACMD5AuthProtocol[] = { 1,3,6,1,6,3,10,1,1,2 };
@@ -103,4 +104,5 @@
static oid usmNoPrivProtocol[] = { 1,3,6,1,6,3,10,1,2,1 };
static oid usmDESPrivProtocol[] = { 1,3,6,1,6,3,10,1,2,2 };
+#endif
Index: packages/net/snmp/lib/current/src/keytools.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/keytools.c,v
retrieving revision 1.3
diff -u -r1.3 keytools.c
--- packages/net/snmp/lib/current/src/keytools.c 23 May 2002 23:08:19 -0000 1.3
+++ packages/net/snmp/lib/current/src/keytools.c 30 Jan 2003 16:35:56 -0000
@@ -95,6 +95,7 @@
#include <config.h>
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include <stdio.h>
#include <sys/types.h>
#if HAVE_WINSOCK_H
@@ -643,3 +644,4 @@
_KEYTOOLS_NOT_AVAILABLE
#endif /* internal or openssl */
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
Index: packages/net/snmp/lib/current/src/lcd_time.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/lcd_time.c,v
retrieving revision 1.3
diff -u -r1.3 lcd_time.c
--- packages/net/snmp/lib/current/src/lcd_time.c 23 May 2002 23:08:19 -0000 1.3
+++ packages/net/snmp/lib/current/src/lcd_time.c 30 Jan 2003 16:35:56 -0000
@@ -98,6 +98,7 @@
#include <config.h>
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include <sys/types.h>
#if HAVE_WINSOCK_H
#include <winsock.h>
@@ -645,3 +646,5 @@
} /* end dump_etimelist() */
#endif /* SNMP_TESTING_CODE */
+
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
Index: packages/net/snmp/lib/current/src/parse.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/parse.c,v
retrieving revision 1.3
diff -u -r1.3 parse.c
--- packages/net/snmp/lib/current/src/parse.c 23 May 2002 23:08:20 -0000 1.3
+++ packages/net/snmp/lib/current/src/parse.c 30 Jan 2003 16:35:57 -0000
@@ -479,7 +479,6 @@
static void free_enums(struct enum_list **);
static struct range_list * copy_ranges(struct range_list *);
static struct enum_list * copy_enums(struct enum_list *);
-static struct index_list * copy_indexes(struct index_list *);
/* backwards compatibility wrappers */
void snmp_set_mib_errors(int err)
@@ -3591,21 +3590,6 @@
if (!*spp) break;
(*spp)->low = sp->low;
(*spp)->high = sp->high;
- spp = &(*spp)->next;
- sp = sp->next;
- }
- return (xp);
-}
-
-static struct index_list *
-copy_indexes (struct index_list *sp)
-{
- struct index_list *xp = NULL, **spp = &xp;
-
- while (sp) {
- *spp = (struct index_list *) calloc(1, sizeof(struct index_list));
- if (!*spp) break;
- (*spp)->ilabel = strdup(sp->ilabel);
spp = &(*spp)->next;
sp = sp->next;
}
Index: packages/net/snmp/lib/current/src/read_config.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/read_config.c,v
retrieving revision 1.3
diff -u -r1.3 read_config.c
--- packages/net/snmp/lib/current/src/read_config.c 23 May 2002 23:08:20 -0000 1.3
+++ packages/net/snmp/lib/current/src/read_config.c 30 Jan 2003 16:35:57 -0000
@@ -93,6 +93,7 @@
* read_config.c
*/
+#include <pkgconf/snmplib.h>
#include <config.h>
#include <stdio.h>
@@ -390,6 +391,7 @@
struct config_line *line_handler,
int when)
{
+#ifdef CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT
FILE *ifile;
char line[STRINGMAX], token[STRINGMAX], tmpbuf[STRINGMAX];
@@ -460,6 +462,7 @@
}
}
fclose(ifile);
+#endif
return;
} /* end read_config() */
@@ -546,7 +549,7 @@
void
read_config_files (int when)
{
-#ifndef ECOSFIXME_NEEDFILESYSTEM
+#ifdef CYGPKG_SNMPLIB_FILESYSTEM_SUPPORT
int i, j;
char configfile[300];
@@ -596,6 +599,7 @@
* then we read all the configuration files we can, starting with
* the oldest first.
*/
+#ifdef CYGPKG_SNMPLIB_PERSISTENT_FILESYSTEM
if (strncmp(cptr2, PERSISTENT_DIRECTORY,
strlen(PERSISTENT_DIRECTORY)) == 0 ||
(getenv("SNMP_PERSISTENT_FILE") != NULL &&
@@ -614,6 +618,7 @@
}
}
}
+#endif
sprintf(configfile,"%s/%s.conf",cptr2, ctmp->fileHeader);
read_config (configfile, ltmp, when);
sprintf(configfile,"%s/%s.local.conf",cptr2, ctmp->fileHeader);
@@ -623,11 +628,13 @@
free(envconfpath);
}
+#ifdef CYGPKG_SNMPLIB_PERSISTENT_FILESYSTEM
if (config_errors) {
snmp_log(LOG_ERR, "ucd-snmp: %d errors in config file\n", config_errors);
/* exit(1); */
}
#endif
+#endif
}
void read_config_print_usage(const char *lead)
@@ -668,7 +675,7 @@
void
read_config_store(const char *type, const char *line)
{
-#ifdef PERSISTENT_DIRECTORY
+#ifdef CYGPKG_SNMPLIB_PERSISTENT_FILESYSTEM
char file[512], *filep;
FILE *fout;
#ifdef PERSISTENT_MASK
Index: packages/net/snmp/lib/current/src/scapi.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/scapi.c,v
retrieving revision 1.3
diff -u -r1.3 scapi.c
--- packages/net/snmp/lib/current/src/scapi.c 23 May 2002 23:08:21 -0000 1.3
+++ packages/net/snmp/lib/current/src/scapi.c 30 Jan 2003 16:35:58 -0000
@@ -96,6 +96,7 @@
#include <config.h>
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include <sys/types.h>
#if HAVE_WINSOCK_H
#include <winsock.h>
@@ -452,7 +453,7 @@
}
if (*MAC_len > 16)
*MAC_len = 16;
- return SNMPERR_SUCCESS;
+ return (rval);
#endif /* USE_OPENSSL */
}
@@ -816,3 +817,4 @@
}
#endif /* USE_OPENSSL */
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
Index: packages/net/snmp/lib/current/src/snmp_api.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/snmp_api.c,v
retrieving revision 1.3
diff -u -r1.3 snmp_api.c
--- packages/net/snmp/lib/current/src/snmp_api.c 23 May 2002 23:08:21 -0000 1.3
+++ packages/net/snmp/lib/current/src/snmp_api.c 30 Jan 2003 16:35:58 -0000
@@ -197,14 +197,18 @@
#include "mib.h"
#include "system.h"
#include "int64.h"
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include "snmpv3.h"
+#endif
#include "read_config.h"
#include "snmp_debug.h"
#include "callback.h"
-#include "snmpusm.h"
#include "tools.h"
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
+#include "snmpusm.h"
#include "keytools.h"
#include "lcd_time.h"
+#endif
#include "snmp_alarm.h"
#include "snmp_logging.h"
#include "default_store.h"
@@ -356,6 +360,7 @@
"Out of memory (malloc failure)", /* SNMPERR_MALLOC */
};
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
static const char * usmSecLevelName[] =
{
"BAD_SEC_LEVEL",
@@ -363,6 +368,7 @@
"authNoPriv",
"authPriv"
};
+#endif
/*
* Multiple threads may changes these variables.
@@ -396,11 +402,14 @@
static int snmp_parse (void *, struct snmp_session *, struct snmp_pdu *, u_char *, size_t);
static void * snmp_sess_pointer (struct snmp_session *);
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
static void snmpv3_calc_msg_flags (int, int, u_char *);
static int snmpv3_verify_msg (struct request_list *, struct snmp_pdu *);
static int snmpv3_build_probe_pdu (struct snmp_pdu **);
static int snmpv3_build (struct snmp_session *, struct snmp_pdu *,
u_char *, size_t *);
+#endif
+
static int snmp_parse_version (u_char *, size_t);
static int snmp_resend_request (struct session_list *slp,
struct request_list *rp,
@@ -693,7 +702,9 @@
snmp_init_statistics();
register_mib_handlers();
register_default_handlers();
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
init_snmpv3(type);
+#endif
init_snmp_alarm();
read_premib_configs();
@@ -785,7 +796,9 @@
struct snmp_session *session;
char *cp;
u_char *ucp;
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
size_t i;
+#endif
in_session->s_snmp_errno = 0;
in_session->s_errno = 0;
@@ -872,6 +885,7 @@
}
session->community = ucp; /* replace pointer with pointer to new data */
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
if (session->securityLevel <= 0)
session->securityLevel = ds_get_int(DS_LIBRARY_ID, DS_LIB_SECLEVEL);
@@ -1013,6 +1027,7 @@
return NULL;
}
}
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
if (session->retries == SNMP_DEFAULT_RETRIES)
session->retries = DEFAULT_RETRIES;
@@ -1060,8 +1075,10 @@
#ifdef HAVE_GETHOSTBYNAME
struct hostent *hp;
#endif
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
struct snmp_pdu *pdu, *response;
int status;
+#endif
size_t i, addr_size;
char *cp = NULL;
@@ -1279,6 +1296,9 @@
we must probe it - this must be done after the session is
created and inserted in the list so that the response can
handled correctly */
+
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
+
if (session->version == SNMP_VERSION_3) {
if (session->securityEngineIDLen == 0 &&
(session->securityEngineIDLen & SNMP_FLAGS_DONT_PROBE) !=
@@ -1334,6 +1354,7 @@
return NULL;
}
}
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
return (void *)slp;
@@ -1352,6 +1373,7 @@
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
/* create_user_from_session(struct snmp_session *session):
creates a user in the usm table from the information in a session
@@ -1458,6 +1480,7 @@
} /* end create_user_from_session() */
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
/*
* Close the input session. Frees all data allocated for the session,
@@ -1566,6 +1589,7 @@
return 1;
}
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
static int
snmpv3_build_probe_pdu (struct snmp_pdu **pdu)
{
@@ -1967,6 +1991,7 @@
return result;
} /* end snmpv3_packet_build() */
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
/*
@@ -1989,8 +2014,10 @@
session->s_snmp_errno = 0;
session->s_errno = 0;
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
if (pdu->version == SNMP_VERSION_3)
return snmpv3_build(session, pdu, packet, out_length);
+#endif
switch (pdu->command) {
case SNMP_MSG_RESPONSE:
@@ -2319,6 +2346,7 @@
}
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
int
snmpv3_parse(
struct snmp_pdu *pdu,
@@ -2659,6 +2687,8 @@
return rpt_type;
}
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
+
/*
* Parses the packet received on the input session, and places the data into
* the input pdu. length is the length of the input packet.
@@ -2738,6 +2768,7 @@
result = snmp_pdu_parse(pdu, data, &length);
break;
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
case SNMP_VERSION_3:
result = snmpv3_parse(pdu, data, &length, NULL);
DEBUGMSGTL(("snmp_parse",
@@ -2776,6 +2807,7 @@
}
}
break;
+#endif
case SNMPERR_BAD_VERSION:
ERROR_MSG("error parsing snmp message version");
snmp_increment_statistic(STAT_SNMPINASNPARSEERRS);
@@ -3049,6 +3081,8 @@
returns pointer to begining of PDU or NULL on error.
*/
+
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
u_char *
snmpv3_scopedPDU_parse(struct snmp_pdu *pdu,
u_char *cp,
@@ -3121,6 +3155,7 @@
return data;
}
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
/*
* Sends the input pdu on the session after calling snmp_build to create
@@ -3649,14 +3684,17 @@
}
if (pdu->flags & UCD_MSG_FLAG_RESPONSE_PDU) {
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
/* call USM to free any securityStateRef supplied with the message */
if (pdu->securityStateRef) {
usm_free_usmStateReference(pdu->securityStateRef);
pdu->securityStateRef = NULL;
}
+#endif
for(rp = isp->requests; rp; orp = rp, rp = rp->next_request) {
snmp_callback callback;
void *magic;
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
if (pdu->version == SNMP_VERSION_3) {
/* msgId must match for V3 messages */
if (rp->message_id != pdu->msgid) continue;
@@ -3664,8 +3702,11 @@
* if not, no further processing */
if (!snmpv3_verify_msg(rp,pdu)) break;
} else {
+#endif
if (rp->request_id != pdu->reqid) continue;
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
}
+#endif
if (rp->callback) {
callback = rp->callback;
magic = rp->cb_data;
@@ -3687,8 +3728,11 @@
break;
}
} else {
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
if (SNMPV3_IGNORE_UNAUTH_REPORTS) break;
+#endif
}
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
/* handle engineID discovery - */
if (!sp->securityEngineIDLen && pdu->securityEngineIDLen) {
sp->securityEngineID = (u_char *)malloc(pdu->securityEngineIDLen);
@@ -3702,6 +3746,7 @@
sp->contextEngineIDLen = pdu->securityEngineIDLen;
}
}
+#endif
}
/* successful, so delete request */
if (isp->requests == rp){
@@ -3731,11 +3776,13 @@
/* MTR snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION); */
}
}
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
/* call USM to free any securityStateRef supplied with the message */
if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2) {
usm_free_usmStateReference(pdu->securityStateRef);
pdu->securityStateRef = NULL;
}
+#endif
snmp_free_pdu(pdu);
return 0;
}
Index: packages/net/snmp/lib/current/src/snmp_client.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/snmp_client.c,v
retrieving revision 1.3
diff -u -r1.3 snmp_client.c
--- packages/net/snmp/lib/current/src/snmp_client.c 23 May 2002 23:08:21 -0000 1.3
+++ packages/net/snmp/lib/current/src/snmp_client.c 30 Jan 2003 16:35:59 -0000
@@ -246,13 +246,17 @@
state->waiting = 0;
if (op == RECEIVED_MESSAGE) {
if (pdu->command == SNMP_MSG_REPORT) {
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
rpt_type = snmpv3_get_report_type(pdu);
if (SNMPV3_IGNORE_UNAUTH_REPORTS ||
rpt_type == SNMPERR_NOT_IN_TIME_WINDOW)
state->waiting = 1;
+ session->s_snmp_errno = rpt_type;
+#else
+ session->s_snmp_errno = SNMPERR_UNSUPPORTED_SEC_LEVEL;
+#endif
state->pdu = NULL;
state->status = STAT_ERROR;
- session->s_snmp_errno = rpt_type;
SET_SNMP_ERROR(rpt_type);
} else if (pdu->command == SNMP_MSG_RESPONSE) {
/* clone the pdu to return to snmp_synch_response */
@@ -371,6 +375,7 @@
sizeof(oid)*pdu->enterprise_length)
|| snmp_clone_mem((void **)&newpdu->community, pdu->community,
pdu->community_len)
+#ifdef SNMPERR_UNSUPPORTED_SEC_LEVEL
|| snmp_clone_mem((void **)&newpdu->contextEngineID, pdu->contextEngineID,
pdu->contextEngineIDLen)
|| snmp_clone_mem((void **)&newpdu->securityEngineID, pdu->securityEngineID,
@@ -379,6 +384,7 @@
pdu->contextNameLen)
|| snmp_clone_mem((void **)&newpdu->securityName, pdu->securityName,
pdu->securityNameLen)
+#endif
)
{
snmp_free_pdu(newpdu); return 0;
Index: packages/net/snmp/lib/current/src/snmpusm.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/snmpusm.c,v
retrieving revision 1.4
diff -u -r1.4 snmpusm.c
--- packages/net/snmp/lib/current/src/snmpusm.c 23 May 2002 23:08:22 -0000 1.4
+++ packages/net/snmp/lib/current/src/snmpusm.c 30 Jan 2003 16:35:59 -0000
@@ -104,6 +104,7 @@
#include <config.h>
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include <sys/types.h>
#if HAVE_WINSOCK_H
#include <winsock.h>
@@ -2840,3 +2841,5 @@
}
}
} /* end usm_set_password() */
+
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
Index: packages/net/snmp/lib/current/src/snmpv3.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/snmpv3.c,v
retrieving revision 1.3
diff -u -r1.3 snmpv3.c
--- packages/net/snmp/lib/current/src/snmpv3.c 23 May 2002 23:08:22 -0000 1.3
+++ packages/net/snmp/lib/current/src/snmpv3.c 30 Jan 2003 16:35:59 -0000
@@ -95,6 +95,7 @@
#include <config.h>
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#include <stdio.h>
#include <sys/types.h>
#if TIME_WITH_SYS_TIME
@@ -845,3 +846,5 @@
snmpv3starttime.tv_sec -= ttime;
}
#endif
+
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
Index: packages/net/snmp/lib/current/src/tools.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/tools.c,v
retrieving revision 1.3
diff -u -r1.3 tools.c
--- packages/net/snmp/lib/current/src/tools.c 23 May 2002 23:08:23 -0000 1.3
+++ packages/net/snmp/lib/current/src/tools.c 30 Jan 2003 16:35:59 -0000
@@ -427,6 +427,7 @@
* FIX Use something other than sprint_hexstring which doesn't add
* trailing spaces and (sometimes embedded) newlines...
*/
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#ifdef SNMP_TESTING_CODE
char *
dump_snmpEngineID(const u_char *estring, size_t *estring_len)
@@ -597,6 +598,7 @@
#undef eb
} /* end dump_snmpEngineID() */
#endif /* SNMP_TESTING_CODE */
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
/*
Index: packages/net/snmp/lib/current/src/vacm.c
===================================================================
RCS file: /cvs/ecos/ecos-opt/snmp/lib/current/src/vacm.c,v
retrieving revision 1.3
diff -u -r1.3 vacm.c
--- packages/net/snmp/lib/current/src/vacm.c 23 May 2002 23:08:23 -0000 1.3
+++ packages/net/snmp/lib/current/src/vacm.c 30 Jan 2003 16:35:59 -0000
@@ -97,6 +97,7 @@
#include <config.h>
+#ifdef CYGPKG_SNMPAGENT_V3_SUPPORT
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif
@@ -553,3 +554,4 @@
return 1;
}
+#endif /* CYGPKG_SNMPAGENT_V3_SUPPORT */
--- /dev/null Fri Oct 11 13:37:09 2002
+++ packages/net/snmp/agent/current/doc/manpages/snmpd.conf.5 Tue Jan 28 16:18:19 2003
@@ -0,0 +1,373 @@
+.TH SNMPD.CONF 5 "27 Jan 2000"
+.ds )H U.C. Davis, ECE Dept.
+.ds ]W V4.1.2
+.UC 4
+.SH NAME
+share/snmp/snmpd.conf - configuration file for the ucd-snmp SNMP agent.
+.SH DESCRIPTION
+.B snmpd.conf
+is the configuration file which defines how the ucd-smnp SNMP agent
+operates. These files may contain any of the directives found in the
+DIRECTIVES section below. This file is not required for the agent to
+operate and report mib entries.
+.SH PLEASE READ FIRST
+First, make sure you have read the snmp_config(5) manual page that
+describes how the ucd-snmp configuration files operate, where they
+are located and how they all work together.
+.SH EXTENSIBLE-MIB
+.PP
+The ucd-snmp SNMP agent reports much of its information through
+queries to the 1.3.6.1.4.1.2021 section of the mib tree. Every mib in
+this section has the following table entries in it.
+.IP ".1 -- index"
+This is the table's index numbers for each of the DIRECTIVES listed below.
+.IP ".2 -- name"
+The name of the given table entry. This should be unique, but is not
+required to be.
+.IP ".100 -- errorFlag"
+This is a flag returning either the integer value 1 or 0 if an error
+is detected for this table entry.
+.IP ".101 -- errorMsg"
+This is a DISPLAY-STRING describing any error triggering the errorFlag above.
+.IP ".102 -- errorFix"
+If this entry is SNMPset to the integer value of 1 AND the errorFlag
+defined above is indeed a 1, a program or script will get executed
+with the table entry name from above as the argument. The program to
+be executed is configured in the config.h file at compile time.
+.SS Directives
+.IP "proc NAME"
+.IP "proc NAME MAX"
+.IP "proc NAME MAX MIN"
+.IP
+Checks to see if the NAME'd processes are running on the agent's
+machine. An error flag (1) and a description message are then passed
+to the 1.3.6.1.4.1.2021.2.100 and
+1.3.6.1.4.1.2021.2.101 mib tables (respectively) if the
+NAME'd program is not found in the process table as reported by "/bin/ps -e".
+.IP
+If MAX and MIN are not specified, MAX is assumed to be
+.B infinity
+and MIN is assumed to be 1.
+.IP
+If MAX is specified but MIN is not specified, MIN is assumed to be 0.
+.IP "procfix NAME PROG ARGS"
+This registers a command that knows how to fix errors with the given
+process NAME. When 1.3.6.1.4.1.2021.2.102 for a given
+NAMEd program is set to the integer value of 1, this command will be
+called. It defaults to a compiled value set using the PROCFIXCMD
+definition in the config.h file.
+.IP "exec NAME PROG ARGS"
+.IP "exec MIBNUM NAME PROG ARGS"
+.IP
+If MIBNUM is not specified, the agent executes the named PROG with
+arguments of ARGS and returns the exit status and the first line of
+the STDOUT output of the PROG program to queries of the
+1.3.6.1.4.1.2021.8.100 and
+1.3.6.1.4.1.2021.8.101 mib tables (respectively). All
+STDOUT output beyond the first line is silently truncated.
+.IP
+If MIBNUM is specified, it acts as above but returns the exit status
+to MIBNUM.100.0 and the entire STDOUT output to the table
+MIBNUM.101 in a mib table. In this case, the MIBNUM.101 mib
+contains the entire STDOUT output, one mib table entry per line of
+output (ie, the first line is output as MIBNUM.101.1, the second
+at MIBNUM.101.2, etc...).
+.RS
+.IP Note:
+The MIBNUM must be specified in dotted-integer notation and can
+not be specified as ".iso.org.dod.internet..." (should instead be
+.1.3.6.1...).
+.IP Note:
+The agent caches the exit status and STDOUT of the executed program
+for 30 seconds after the initial query. This is to increase speed and
+maintain consistency of information for consecutive table queries.
+The cache can be flushed by a snmp-set request of integer(1) to
+1.3.6.1.4.1.2021.100.VERCLEARCACHE.
+.RE
+.IP "execfix NAME PROG ARGS"
+This registers a command that knows how to fix errors with the given
+exec or sh NAME. When 1.3.6.1.4.1.2021.8.102 for a
+given NAMEd entry is set to the integer value of 1, this command will
+be called. It defaults to a compiled value set using the EXECFIXCMD
+definition in the config.h file.
+.IP "disk PATH"
+.IP "disk PATH [ MINSPACE | MINPERCENT% ]"
+.IP
+Checks the named disks mounted at PATH for available disk space. If
+the disk space is less than MINSPACE (kB) if specified or less than
+MINPERCENT (%) if a % sign is specified, or DEFDISKMINIMUMSPACE (kB)
+if not specified, the associated entry in the
+1.3.6.1.4.1.2021.9.100 mib table will be set to (1) and
+a descriptive error message will be returned to queries of
+1.3.6.1.4.1.2021.9.101.
+.IP "load MAX1"
+.IP "load MAX1 MAX5"
+.IP "load MAX1 MAX5 MAX15"
+.IP
+Checks the load average of the machine and returns an error flag (1),
+and an text-string error message
+to queries of 1.3.6.1.4.1.2021.10.100 and
+1.3.6.1.4.1.2021.10.101 (respectively) when the
+1-minute, 5-minute, or 15-minute averages exceed the associated
+maximum values. If any of the MAX1, MAX5, or MAX15 values are
+unspecified, they default to a value of DEFMAXLOADAVE.
+.IP "file FILE [MAXSIZE]"
+Monitors file sizes and makes sure they don't grow beyond a certain
+size. MAXSIZE defaults to infinite if not specified, and only
+monitors the size without reporting errors about it.
+.SS "Errors"
+.PP
+Any errors in obtaining the above information are reported via the
+1.3.6.1.4.1.2021.101.100 flag and the
+1.3.6.1.4.1.2021.101.101 text-string description.
+.SH SMUX SUB-AGENTS
+To enable and SMUX based sub-agent, such as
+.IR gated ,
+use the
+.I smuxpeer
+configuration entry
+.IP "smuxpeer OID PASS"
+For
+.I gated
+a sensible entry might be
+.IP ".1.3.6.1.4.1.4.1.3 secret"
+.SH ACCESS CONTROL
+snmpd supports the View-Based Access Control Model (vacm)
+as defined in RFC 2275.
+To this end, it recognizes the following keywords in the configuration
+file: \fIcom2sec\fR, \fIgroup\fR, \fIaccess\fR, and \fIview\fR as well
+as some easier-to-use wrapper directives: \fIrocommunity\fR,
+\fIrwcommunity\fR, \fIrouser\fR, \fIrwuser\fR.
+.IP "rocommunity COMMUNITY [SOURCE] [OID]"
+.IP "rwcommunity COMMUNITY [SOURCE] [OID]"
+These create read-only and read-write communities that can be used to
+access the agent. They are a quick method of using the following
+\fIcom2sec\fR, \fIgroup\fR, \fIaccess\fR, and \fIview\fR directive lines. They are
+not as efficient either, as groups aren't created so the tables are
+possibly larger. In other words: don't use these if you have complex
+situations to set up.
+.IP
+The format of the SOURCE is token is described in the \fIcom2sec\fR
+directive section below. The OID token restricts access for that
+community to everything below that given OID.
+.IP "rouser USER [noauth|auth|priv] [OID]"
+.IP "rwuser USER [noauth|auth|priv] [OID]"
+Creates a SNMPv3 USM user in the VACM access configuration tables.
+Again, its more efficient (and powerful) to use the combined
+\fIcom2sec\fR, \fIgroup\fR, \fIaccess\fR, and \fIview\fR directives instead.
+.IP
+The minimum level of authentication and privacy the user must use is
+specified by the first token (which defaults to "auth"). The OID
+parameter restricts access for that user to everything below the given
+OID.
+.IP "com2sec NAME SOURCE COMMUNITY"
+This directive specifies the mapping from a source/community pair to
+a security name. SOURCE can be a hostname, a subnet, or the word
+\fI"default"\fR.
+A subnet can be specified as IP/MASK or IP/BITS.
+The first source/community combination that matches the incoming packet
+is selected.
+.IP "group NAME MODEL SECURITY"
+This directive defines the mapping from securitymodel/securityname to group.
+MODEL is one of \fIv1\fR, \fIv2c\fR, or \fIusm\fR.
+.IP "access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY"
+The access directive maps from group/security model/security level to
+a view.
+MODEL is one of \fIany\fR, \fIv1\fR, \fIv2c\fR, or \fIusm\fR.
+LEVEL is one of \fInoauth\fR, \fIauth\fR, or \fIpriv\fR.
+PREFX specifies how CONTEXT should be matched against the context of
+the incoming pdu, either \fIexact\fR or \fIprefix\fR.
+READ, WRITE and NOTIFY specifies the view to be used for the corresponding
+access.
+For v1 or v2c access, LEVEL will be noauth, and CONTEXT will be empty.
+.IP "view NAME TYPE SUBTREE [MASK]"
+The defines the named view. TYPE is either \fIincluded\fR or \fIexcluded\fR.
+MASK is a list of hex octets, separated by '.' or ':'. The MASK
+defaults to "ff" if not specified.
+.IP
+The reason for the mask is, that it allows you to control access to
+one row in a table, in a relatively simple way. As an example, as an ISP
+you might consider giving each customer access to his or her own interface:
+.IP
+.nf
+view cust1 included interfaces.ifTable.ifEntry.ifIndex.1 ff.a0
+view cust2 included interfaces.ifTable.ifEntry.ifIndex.2 ff.a0
+.IP
+(interfaces.ifTable.ifEntry.ifIndex.1 == .1.3.6.1.2.1.2.2.1.1.1,
+ff.a0 == 11111111.10100000. which nicely covers up and including
+the row index, but lets the user vary the field of the row)
+.IP "VACM Examples:"
+.nf
+# sec.name source community
+com2sec local localhost private
+com2sec mynet 10.10.10.0/24 public
+com2sec public default public
+
+# sec.model sec.name
+group mygroup v1 mynet
+group mygroup v2c mynet
+group mygroup usm mynet
+group local v1 local
+group local v2c local
+group local usm local
+group public v1 public
+group public v2c public
+group public usm public
+
+# incl/excl subtree mask
+view all included .1 80
+view system included system fe
+view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
+
+# context sec.model sec.level prefix read write notify
+access mygroup "" any noauth exact mib2 none none
+access public "" any noauth exact system none none
+access local "" any noauth exact all all all
+.IP "Default VACM model"
+The default configuration of the agent, as shipped, is functionally
+equivalent to the following entries:
+.nf
+com2sec public default public
+group public v1 public
+group public v2c public
+group public usm public
+view all included .1
+access public "" any noauth exact all none none
+.SH SNMPv3 CONFIGURATION
+.PP
+.IP "engineID STRING"
+The snmpd agent needs to be configured with an engineID to be able to
+respond to SNMPv3 messages. With this configuration file line, the
+engineID will be configured from STRING. The default value of the
+engineID is configured with the first IP address found for the
+hostname of the machine.
+.IP "createUser username (MD5|SHA) authpassphrase [DES] [privpassphrase]"
+This directive should be placed into the
+"/var/ucd-snmp"/snmpd.conf file instead of the other normal
+locations. The reason is that the information is read from the file
+and then the line is removed (eliminating the storage of the master
+password for that user) and replaced with the key that is derived from
+it. This key is a localized key, so that if it is stolen it can not
+be used to access other agents. If the password is stolen, however,
+it can be.
+.IP
+MD5 and SHA are the authentication types to use, but you must have
+built the package with openssl installed in order to use SHA. The
+only privacy protocol currently supported is DES. If the privacy
+passphrase is not specified, it is assumed to be the same as the
+authentication passphrase. Note that the users created will be
+useless unless they are also added to the VACM access control tables
+described above.
+.IP
+Warning: the minimum pass phrase length is 8 characters.
+.IP
+SNMPv3 users can be created at runtime using the
+.I snmpusm
+command.
+.IP
+.SH SETTING SYSTEM INFORMATION
+.IP "syslocation STRING"
+.IP "syscontact STRING"
+.IP
+Sets the system location and the system contact for the agent. This
+information is reported by the 'system' table in the mibII tree.
+.IP "authtrapenable NUMBER"
+Setting authtrapenable to 1 enables generation of authentication failure
+traps. The default value is 2 (disable).
+.IP "trapcommunity STRING"
+This defines the default community string to be used when sending traps.
+Note that this command must be used prior to any of the following three
+commands that are intended use this community string.
+.IP "trapsink HOST [COMMUNITY [PORT]]"
+.IP "trap2sink HOST [COMMUNITY [PORT]]"
+.IP "informsink HOST [COMMUNITY [PORT]]"
+These commands define
+the hosts to receive traps (and/or inform notifications). The
+daemon sends a Cold Start trap when it starts up. If enabled, it also sends
+traps on authentication failures. Multiple \fItrapsink\fR, \fItrap2sink\fR
+and \fIinformsink\fR lines may be specified to specify multiple destinations.
+Use \fItrap2sink\fR to send SNMPv2 traps and \fIinformsink\fR to send
+inform notifications.
+If COMMUNITY is not specified, the string from a preceding \fItrapcommunity\fR
+directive will be used. If PORT is not specified, the well known SNMP trap
+port (162) will be used.
+.SH "PASS-THROUGH CONTROL"
+.IP "pass MIBOID EXEC"
+Passes entire control of MIBOID to the EXEC program. The EXEC program
+is called in one of the following three ways:
+.RS
+.IP "EXEC -g MIBOID"
+.IP "EXEC -n MIBOID"
+.IP
+These call lines match to SNMP get and getnext requests. It is
+expected that the EXEC program will take the arguments passed to it
+and return the appropriate response through it's stdout.
+.IP
+The first line of stdout should be the mib OID of the returning value.
+The second line should be the TYPE of value returned, where TYPE is
+one of the text strings:
+.B string, integer, unsigned, objectid, timeticks, ipaddress, counter,
+or
+.B gauge.
+The third line of stdout should be the VALUE corresponding with the
+returned TYPE.
+.IP
+For instance, if a script was to return the value integer value "42"
+when a request for .1.3.6.1.4.100 was requested, the script should
+return the following 3 lines:
+.br
+.RS
+ .1.3.6.1.4.100
+.br
+ integer
+.br
+ 42
+.RE
+.IP
+To indicate that the script is unable to comply with the request due
+to an end-of-mib condition or an invalid request, simple exit and
+return no output to stdout at all. A snmp error will be generated
+corresponding to the SNMP NO-SUCH-NAME response.
+.IP "EXEC -s MIBOID TYPE VALUE"
+.IP
+For SNMP set requests, the above call method is used. The TYPE passed
+to the EXEC program is one of the text strings:
+.B integer, counter, gauge, timeticks, ipaddress, objid,
+or
+.B string,
+indicating the type of value passed in the next argument.
+.IP
+Return nothing to stdout, and the set will assumed to have been
+successful. Otherwise, return one of the following error strings to
+signal an error:
+.B not-writable,
+or
+.B wrong-type
+and the appropriate error response will be generated instead.
+.RS
+.IP Note:
+By default, the only community allowed to write (ie snmpset) to your
+script will be the "private" community,or community #2 if defined
+differently by the "community" token discussed above. Which
+communities are allowed write access are controlled by the RWRITE
+definition in the snmplib/snmp_impl.h source file.
+.RE
+.RE
+.SH "EXAMPLE"
+See the EXAMPLE.CONF file in the top level source directory for a more
+detailed example of how the above information is used in real
+examples.
+.SH "RE-READING snmpd.conf and snmpd.local.conf"
+The ucd-snmp agent can be forced to re-read its configuration files.
+It can be told to do so by one of two ways:
+.IP 1.
+An snmpset of integer(1) to 1.3.6.1.4.1.2021.100.VERUPDATECONFIG.
+.IP 2.
+A "kill -HUP" signal sent to the snmpd agent process.
+.SH "FILES"
+share/snmp/snmpd.conf
+.SH "SEE ALSO"
+snmp_config(5), snmpd(1), EXAMPLE.conf, read_config(3).
+.\" Local Variables:
+.\" mode: nroff
+.\" End:
More information about the Ecos-patches
mailing list