[SNMP4J] Agent VACM question
Jothi P Neelamegam
jothi at VerariSoft.Com
Tue Dec 12 05:52:54 CET 2006
I modified the agent code to do this (option 2 of my previous mail)
processRequest()
{
if (viewName == null)
{
setAuthorizationError(req, VACM.VACM_NO_SUCH_VIEW);
requestList.remove(req);
sendResponse(command,(PDU)req.getResponse());
return;
}
else {
...
}
finalizeRequest()
}
Without this change, when we get VACM error, we just time out.
Jothi
On Mon, 11 Dec 2006, Frank Fock wrote:
> I think I have understood the point already.
> To make it clear:
>
> * Have you modified the SNMP4J-Agent code?
> * Have you tested the behavior with an unmodified
> version?
>
> These are the facts:
>
> * setAuthorizationError is:
>
> protected void setAuthorizationError(Request req, int vacmStatus) {
> req.setErrorStatus(PDU.authorizationError);
> }
>
> * setErrorStatus of AbstractRequest is:
>
> public void setErrorStatus(int errorStatus) {
> this.errorStatus = errorStatus;
> }
>
> * The SnmpRequest.isPhaseComplete() method is:
>
> public boolean isPhaseComplete() {
> if (errorStatus == SnmpConstants.SNMP_ERROR_SUCCESS) {
> initSubRequests();
> for (Iterator it = subrequests.iterator(); it.hasNext(); ) {
> SubRequest subreq = (SubRequest) it.next();
> RequestStatus status = subreq.getStatus();
> if (status.getErrorStatus() != SnmpConstants.SNMP_ERROR_SUCCESS) {
> return true;
> }
> else if (!status.isPhaseComplete()) {
> return false;
> }
> }
> }
> if (requestEvent.getPDU().getType() == PDU.GETBULK) {
> SnmpSubRequestIterator it =
> new SnmpSubRequestIterator(subrequests.size(), 1);
> return !it.hasNext();
> }
> return true;
> }
>
> As you can see, if PDu is of type SET and errorStatus != 0
> then "true" is returned. So, from my point of view,
> explicitly setting the completion state will have no effect.
>
> Best regards,
> Frank
>
> Jothi P Neelamegam wrote:
>> I think I have not made myself clear :)
>>
>> What I am saying is that we hit (and this is the correct behaviour)
>> if (viewName == null)
>> {
>> //This is reached
>> setAuthorizationError(req, VACM.VACM_NO_SUCH_VIEW);
>> }
>>
>> and then go on to FinalizeRequest.
>>
>> In FinalizeRequest, we send reponse only when a request is complete.
>> If we get this authorization error, the request is not complete and
>> FinalizeRequest does not send the response. So, we time out.
>>
>> Instead, to send responses when there is this authorization error, we have
>> to either
>> 1. send the response inside the (viewName == null) block or
>> 2. we need to artifically set the request to complete and make the
>> finalize request send it.
>>
>> I hope it is clear.
>>
>> I am using agent snmp4j-agent-1.0.1a.
>> And yes, I have set up te COMMUNITY-MIB.
>>
>> Jothi
>>
>> On Sat, 9 Dec 2006, Frank Fock wrote:
>>
>>> Hi Jothi,
>>>
>>> Setting the error status on a request completes it
>>> as a side effect. So I do not understand why
>>> completing it explicitly should change anything.
>>> Have you tried it? What version of SNMP4J-Agent
>>> are you using?
>>>
>>> Have you set up the SNMP-COMMUNITY-MIB?
>>>
>>> Best regards,
>>> Frank
>>>
>>> Jothi P Neelamegam wrote:
>>>> Hi,
>>>>
>>>> If I create a group with null writeview (I do not want members of this
>>>> group to have any write access at all ) and then try to do a set
>>>> operation with a member of this group, I get a time out instead of an
>>>> "Access denied" error.
>>>>
>>>> Here is a sample code snippet:
>>>>
>>>> In test agent,
>>>> vacm.addGroup (v2c,"myuser", "mygroup", ...);
>>>> vacm.addAccess(new OctetString("mygroup"),..,..,..,
>>>> new OctetString("fullReadView"),
>>>> null, // null write view
>>>> ...)
>>>>
>>>> Now, when I do
>>>> snmpset -c myuser parameters
>>>>
>>>> I get a timeout.
>>>>
>>>> On exploring, a simple modification to CommandProcessor.java can fix
>>>> this:
>>>>
>>>> Currently, in processReqeuest
>>>>
>>>> processRequest {
>>>> if (viewName == null)
>>>> {
>>>> //This is reached
>>>> setAuthorizationError(req, VACM.VACM_NO_SUCH_VIEW);
>>>> }
>>>> else
>>>> {
>>>> // Do processing
>>>> }
>>>> finalizeRequest()
>>>> }
>>>>
>>>> And
>>>> finalizeRequest
>>>> {
>>>> if (req.isComplete()) { // Request is not complete as we have
>>>> auth error, so no response is
>>>> sent.
>>>> //send response
>>>> }
>>>> }
>>>>
>>>> If the code is modified either (in processRequest, after
>>>> setAuthorizationError)
>>>> 1. to mark the request as complete or
>>>> 2. sendResponse and return
>>>>
>>>> we can handle this problem.
>>>>
>>>> Thanks
>>>> Jothi
>>>>
>>>>
>>>>
>>>> Jothi P Neelamegam
>>>> Verari Systems Pvt. Ltd. Bangalore, India
>>>> Work: +91 (80) 26346485, 26557998
>>>> http://verarisoft.com http://verari.com
>>>>
>>>> --------------------------------------------------------------------------
>>>> The information contained in this communication may be confidential
>>>> and is
>>>> intended only for the use of the recipient(s) named above. If the
>>>> reader
>>>> of this communication is not the intended recipient(s), you are hereby
>>>> notified that any dissemination, distribution, or copying of this
>>>> communication, or any of its contents, is strictly prohibited. If you
>>>> are
>>>> not a named recipient or received this communication by mistake,
>>>> please
>>>> notify the sender and delete the communication and all copies of it.
>>>>
>>>> _______________________________________________
>>>> SNMP4J mailing list
>>>> SNMP4J at agentpp.org
>>>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>>>
>>> --
>>> AGENT++
>>> http://www.agentpp.com
>>> http://www.mibexplorer.com
>>> http://www.mibdesigner.com
>>>
>>> _______________________________________________
>>> SNMP4J mailing list
>>> SNMP4J at agentpp.org
>>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>>>
>>
>> Jothi P Neelamegam
>> Verari Systems Pvt. Ltd. Bangalore, India
>> Work: +91 (80) 26346485, 26557998
>> http://verarisoft.com http://verari.com
>> --------------------------------------------------------------------------
>> The information contained in this communication may be confidential and is
>> intended only for the use of the recipient(s) named above. If the reader
>> of this communication is not the intended recipient(s), you are hereby
>> notified that any dissemination, distribution, or copying of this
>> communication, or any of its contents, is strictly prohibited. If you are
>> not a named recipient or received this communication by mistake, please
>> notify the sender and delete the communication and all copies of it.
>>
>
> -- AGENT++
> http://www.agentpp.com
> http://www.mibexplorer.com
> http://www.mibdesigner.com
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
>
Jothi P Neelamegam
Verari Systems Pvt. Ltd.
Bangalore, India
Work: +91 (80) 26346485, 26557998
http://verarisoft.com http://verari.com
--------------------------------------------------------------------------
The information contained in this communication may be confidential and is
intended only for the use of the recipient(s) named above. If the reader
of this communication is not the intended recipient(s), you are hereby
notified that any dissemination, distribution, or copying of this
communication, or any of its contents, is strictly prohibited. If you are
not a named recipient or received this communication by mistake, please
notify the sender and delete the communication and all copies of it.
More information about the SNMP4J
mailing list