[AGENT++] Question on VacmSecurityToGroupTable::getGroupName()
Frank Fock
fock at agentpp.com
Sat Nov 17 10:00:06 CET 2007
Hi,
I do not understand why a single community with
read and write view is any different from what
you want?
Best regards,
Frank
Pham, My V. (Mission Systems) wrote:
> We have the need here to make v1/v2 read/write community strings
> configurable. They may assume different values from each other, not
> necessarily "public" and "public". Parts of the code that handled this
> are:
> ...
> vacm->addNewGroup(SecurityModel_v1, v1_readCommunity,
> "v1readgroup", storageType_volatile);
> vacm->addNewGroup(SecurityModel_v1, v1_writeCommunity,
> "v1writegroup", storageType_volatile);
> ...
> vacm->addNewAccessEntry("v1readgroup", "",
> SecurityModel_v1,
> SecurityLevel_noAuthNoPriv,
> match_exact,
> "v1ReadView", "", "",
> storageType_nonVolatile);
> vacm->addNewAccessEntry("v1writegroup", "",
> SecurityModel_v1,
> SecurityLevel_noAuthNoPriv,
> match_exact,
> "", "v1WriteView", "",
> storageType_nonVolatile);
>
> This works well for both Get and Set, but only if read and write
> community strings are different from each other. If they are the same,
> let's say "public", then the vacm->addNewGroup() commands above will add
> a first mapping of "public" to v1readgroup, and then a second mapping of
> "public" to v1writegroup in the vacmSecurityToGroupTable. When an SNMP
> command Get or Set is processed, the method
> VacmSecurityToGroupTable::getGroupName() is called and it seems to
> always return the first mapping to v1readgroup only, so Get command will
> be executed succesfully because v1readgroup allows read access, but Set
> will fail because it also gets the first mapping and write access is not
> granted in the v1readgroup. I can add "v1WriteView" to the v1readgroup
> and it works but that defeats the purpose of separating read and write
> community.
>
> Any suggestion?
>
> Thanks!!
> _______________________________________________
> AGENTPP mailing list
> AGENTPP at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/agentpp
--
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com
More information about the AGENTPP
mailing list