[AGENT++] Wronge response to SET-request on an object outside view

Fehde, Marcus Marcus.Fehde at draeger.com
Thu Jan 6 09:59:26 CET 2005 

Hi,
 
I possibly discovered a wrong error status returned to a request on a object outside the view of a group (SNMPv3).
Accordingly to RFC3416, 4.2.5 The SetRequest-PDU, performed validations, (1) the error status shall be "noAccess" in that case.
  If the variable binding's name specifies an existing or non-
  existent variable to which this request is/would be denied
  access because it is/would not be in the appropriate MIB view,
  then the value of the Response-PDU's error-status field is set
  to "noAccess", and the value of its error-index field is set to
  the index of the failed variable binding.
The response I received has the error status "authorizationError".
 
I looked through the code and found the following:
In method process_prepare_set_request the VACM access is checked and results the primitive VACM_notInView. This one is mapped to error status SNMP_ERROR_AUTH_ERR in req->vacmError and set in the PDU. After that the method returns SNMP_ERROR_NO_ACCESS to process_set_request. Within process_set_request the result is only checked against SNMP_ERROR_SUCCESS.
I think at least the mapping within vacmError() is wrong. There are three cases in the switch case statement mapping to SNMP_ERROR_AUTH_ERR. Whereby the other two are valid the case VACM_notInView isn't it. Furthermore I would recommend returning in process_prepare_set_request either the actual error status or just a Boolean value when no further detailed distinction is required. But this is only a suggestion for a slightly better design.

Best regards/Mit freundlichen Gruessen 

Marcus Fehde
Dipl. Ing. Technische Informatik (FH)

Research & Development 
Business Unit Anaesthesia 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

DRÄGER MEDICAL 

Dräger Medical AG & Co. KGaA 
Moislinger Allee 53-55 
D-23542 Lübeck 

Tel:  + 49-451-882-3646 
Fax: + 49-451-882-4410 
E-mail: marcus.fehde at draeger.com 
www.draeger-medical.com 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

 
 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
Url: http://lists.agentpp.org/pipermail/agentpp/attachments/20050106/fd14014d/attachment.txt

More information about the AGENTPP mailing list