[SNMP4J] Agent VACM question
Frank Fock
fock at agentpp.com
Mon Dec 11 18:30:27 CET 2006
I think I have understood the point already.
To make it clear:
* Have you modified the SNMP4J-Agent code?
* Have you tested the behavior with an unmodified
version?
These are the facts:
* setAuthorizationError is:
protected void setAuthorizationError(Request req, int vacmStatus) {
req.setErrorStatus(PDU.authorizationError);
}
* setErrorStatus of AbstractRequest is:
public void setErrorStatus(int errorStatus) {
this.errorStatus = errorStatus;
}
* The SnmpRequest.isPhaseComplete() method is:
public boolean isPhaseComplete() {
if (errorStatus == SnmpConstants.SNMP_ERROR_SUCCESS) {
initSubRequests();
for (Iterator it = subrequests.iterator(); it.hasNext(); ) {
SubRequest subreq = (SubRequest) it.next();
RequestStatus status = subreq.getStatus();
if (status.getErrorStatus() != SnmpConstants.SNMP_ERROR_SUCCESS) {
return true;
}
else if (!status.isPhaseComplete()) {
return false;
}
}
}
if (requestEvent.getPDU().getType() == PDU.GETBULK) {
SnmpSubRequestIterator it =
new SnmpSubRequestIterator(subrequests.size(), 1);
return !it.hasNext();
}
return true;
}
As you can see, if PDu is of type SET and errorStatus != 0
then "true" is returned. So, from my point of view,
explicitly setting the completion state will have no effect.
Best regards,
Frank
Jothi P Neelamegam wrote:
> I think I have not made myself clear :)
>
> What I am saying is that we hit (and this is the correct behaviour)
> if (viewName == null)
> {
> //This is reached
> setAuthorizationError(req, VACM.VACM_NO_SUCH_VIEW);
> }
>
> and then go on to FinalizeRequest.
>
> In FinalizeRequest, we send reponse only when a request is complete.
> If we get this authorization error, the request is not complete and
> FinalizeRequest does not send the response. So, we time out.
>
> Instead, to send responses when there is this authorization error, we
> have to either
> 1. send the response inside the (viewName == null) block or
> 2. we need to artifically set the request to complete and make the
> finalize request send it.
>
> I hope it is clear.
>
> I am using agent snmp4j-agent-1.0.1a.
> And yes, I have set up te COMMUNITY-MIB.
>
> Jothi
>
> On Sat, 9 Dec 2006, Frank Fock wrote:
>
>> Hi Jothi,
>>
>> Setting the error status on a request completes it
>> as a side effect. So I do not understand why
>> completing it explicitly should change anything.
>> Have you tried it? What version of SNMP4J-Agent
>> are you using?
>>
>> Have you set up the SNMP-COMMUNITY-MIB?
>>
>> Best regards,
>> Frank
>>
>> Jothi P Neelamegam wrote:
>>> Hi,
>>>
>>> If I create a group with null writeview (I do not want members of
>>> this group to have any write access at all ) and then try to do a set
>>> operation with a member of this group, I get a time out instead of an
>>> "Access denied" error.
>>>
>>> Here is a sample code snippet:
>>>
>>> In test agent,
>>> vacm.addGroup (v2c,"myuser", "mygroup", ...);
>>> vacm.addAccess(new OctetString("mygroup"),..,..,..,
>>> new OctetString("fullReadView"),
>>> null, // null write view
>>> ...)
>>>
>>> Now, when I do
>>> snmpset -c myuser parameters
>>>
>>> I get a timeout.
>>>
>>> On exploring, a simple modification to CommandProcessor.java can fix
>>> this:
>>>
>>> Currently, in processReqeuest
>>>
>>> processRequest {
>>> if (viewName == null)
>>> {
>>> //This is reached
>>> setAuthorizationError(req, VACM.VACM_NO_SUCH_VIEW);
>>> }
>>> else
>>> {
>>> // Do processing
>>> }
>>> finalizeRequest()
>>> }
>>>
>>> And
>>> finalizeRequest
>>> {
>>> if (req.isComplete()) { // Request is not complete as we have
>>> auth error, so no response is
>>> sent.
>>> //send response
>>> }
>>> }
>>>
>>> If the code is modified either (in processRequest, after
>>> setAuthorizationError)
>>> 1. to mark the request as complete or
>>> 2. sendResponse and return
>>>
>>> we can handle this problem.
>>>
>>> Thanks
>>> Jothi
>>>
>>>
>>>
>>> Jothi P Neelamegam
>>> Verari Systems Pvt. Ltd. Bangalore, India
>>> Work: +91 (80) 26346485, 26557998
>>> http://verarisoft.com http://verari.com
>>> --------------------------------------------------------------------------
>>>
>>> The information contained in this communication may be confidential
>>> and is
>>> intended only for the use of the recipient(s) named above. If the
>>> reader
>>> of this communication is not the intended recipient(s), you are hereby
>>> notified that any dissemination, distribution, or copying of this
>>> communication, or any of its contents, is strictly prohibited. If
>>> you are
>>> not a named recipient or received this communication by mistake, please
>>> notify the sender and delete the communication and all copies of it.
>>>
>>> _______________________________________________
>>> SNMP4J mailing list
>>> SNMP4J at agentpp.org
>>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>>
>> --
>> AGENT++
>> http://www.agentpp.com
>> http://www.mibexplorer.com
>> http://www.mibdesigner.com
>>
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J at agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>>
>
> Jothi P Neelamegam
> Verari Systems Pvt. Ltd. Bangalore, India
> Work: +91 (80) 26346485, 26557998
> http://verarisoft.com http://verari.com
> --------------------------------------------------------------------------
> The information contained in this communication may be confidential and is
> intended only for the use of the recipient(s) named above. If the reader
> of this communication is not the intended recipient(s), you are hereby
> notified that any dissemination, distribution, or copying of this
> communication, or any of its contents, is strictly prohibited. If you are
> not a named recipient or received this communication by mistake, please
> notify the sender and delete the communication and all copies of it.
>
--
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com
More information about the SNMP4J
mailing list