[AGENT++] Wronge response to SET-request on an object outside view
Fehde, Marcus
Marcus.Fehde at draeger.com
Thu Jan 6 09:59:26 CET 2005
Hi,
I possibly discovered a wrong error status returned to a request on a object outside the view of a group (SNMPv3).
Accordingly to RFC3416, 4.2.5 The SetRequest-PDU, performed validations, (1) the error status shall be "noAccess" in that case.
If the variable binding's name specifies an existing or non-
existent variable to which this request is/would be denied
access because it is/would not be in the appropriate MIB view,
then the value of the Response-PDU's error-status field is set
to "noAccess", and the value of its error-index field is set to
the index of the failed variable binding.
The response I received has the error status "authorizationError".
I looked through the code and found the following:
In method process_prepare_set_request the VACM access is checked and results the primitive VACM_notInView. This one is mapped to error status SNMP_ERROR_AUTH_ERR in req->vacmError and set in the PDU. After that the method returns SNMP_ERROR_NO_ACCESS to process_set_request. Within process_set_request the result is only checked against SNMP_ERROR_SUCCESS.
I think at least the mapping within vacmError() is wrong. There are three cases in the switch case statement mapping to SNMP_ERROR_AUTH_ERR. Whereby the other two are valid the case VACM_notInView isn't it. Furthermore I would recommend returning in process_prepare_set_request either the actual error status or just a Boolean value when no further detailed distinction is required. But this is only a suggestion for a slightly better design.
Best regards/Mit freundlichen Gruessen
Marcus Fehde
Dipl. Ing. Technische Informatik (FH)
Research & Development
Business Unit Anaesthesia
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
DRÄGER MEDICAL
Dräger Medical AG & Co. KGaA
Moislinger Allee 53-55
D-23542 Lübeck
Tel: + 49-451-882-3646
Fax: + 49-451-882-4410
E-mail: marcus.fehde at draeger.com
www.draeger-medical.com
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
Url: http://lists.agentpp.org/pipermail/agentpp/attachments/20050106/fd14014d/attachment.txt
More information about the AGENTPP
mailing list