[SNMP4J] SET access to created managed objects
Marek Hajduczenia
marek.hajduczenia at gmail.com
Tue Apr 2 11:13:04 CEST 2013
Dear colleagues,
I create a very simple scalar in my agent:
OID oidTest = new OID("1.3.6.1.3.22.1.5.0");
MOScalar sysScalarTest = new MOScalar(oidTest,
MOAccessImpl.ACCESS_READ_WRITE, new Integer32(15));
server.registerManagedObject(sysScalarTest);
and then would like to change its value remotely using the MIB browser. What
I get back on the debug in Eclipse is the "Error 'Authorization error'
generated at: 1.3.6.1.3.22.1.5.0 = 123" preceded by debug information about
the message exchange and status exchange between agent and MIB browser.
Everything seems fine, i.e., "private" community is found, request with the
private scope was created and proper object was found. However, when time to
change came around, no change was done.
===========================================================
20353 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.transport.DefaultUdpTransportMapping - Received message from
localhost/127.0.0.1/56019 with length 45:
30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a3:1d:02:04:5a:ad:24:55:02:01:00:0
2:01:00:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG org.snmp4j.Snmp -
Fire process PDU event: CommandResponderEvent[securityModel=2,
securityLevel=1, maxSizeResponsePDU=65535, pduHandle=PduHandle[1521296469],
stateReference=StateReference[msgID=0,pduHandle=PduHandle[1521296469],securi
tyEngineID=null,securityModel=null,securityName=private,securityLevel=1,cont
extEngineID=null,contextName=null,retryMsgIDs=null],
pdu=SET[requestID=1521296469, errorStatus=Success(0), errorIndex=0,
VBS[1.3.6.1.3.22.1.5.0 = 123]], messageProcessingModel=1,
securityName=private, processed=false, peerAddress=127.0.0.1/56019,
transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping at 36c8e545,
tmStateReference=null]
20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence info for
'private'
20355 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Found coexistence info for
'private'=CoexistenceInfo[securityName=cprivate,contextEngineID=80:00:13:70:
01:c0:a8:01:04,contextName=private,transportTag=]
20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Address 127.0.0.1/56019 passes
filter, because source address filtering is disabled
20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.request.SnmpRequest - Created subrequest 0 with scope
org.snmp4j.agent.DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.
22.1.5.0,lowerIncluded=true,upperBound=1.3.6.1.3.22.1.5.0,upperIncluded=true
] from 1.3.6.1.3.22.1.5.0 = 123
20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.1.5.0,lowerInc
luded=true,upperBound=1.3.6.1.3.22.1.5.0,upperIncluded=true],vb=1.3.6.1.3.22
.1.5.0 =
123,status=org.snmp4j.agent.request.RequestStatus at 6ceac619,query=null,index=
0,targetMO=null]]
20358 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
org.snmp4j.transport.DefaultUdpTransportMapping - Sending message to
127.0.0.1/56019 with length 45:
30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a2:1d:02:04:5a:ad:24:55:02:01:10:0
2:01:01:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
java.lang.Exception: Error 'Authorization error' generated at:
1.3.6.1.3.22.1.5.0 = 123
at
org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChanged(Snm
pRequest.java:617)
at
org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(RequestStatu
s.java:89)
at
org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.java:52)
at
org.snmp4j.agent.CommandProcessor.setAuthorizationError(CommandProcessor.jav
a:499)
at
org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.java:378)
at
org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.java:339)
at
org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:559)
at
org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:162)
at
org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl.java:6
64)
at
org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:
297)
at
org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:3
68)
at
org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:3
28)
at
org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(AbstractTra
nsportMapping.java:76)
at
org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(DefaultUdpT
ransportMapping.java:378)
at java.lang.Thread.run(Unknown Source)
===========================================================
Definition of the "public" and "private" communities are as follows:
protected void addCommunities(SnmpCommunityMIB communityMIB)
{
Variable[] com2sec1 = new Variable[]
{
new OctetString("public"),
new OctetString("cpublic"),
// security name
getAgent().getContextEngineID(), // local engine ID
new OctetString("public"),
// default context name
new OctetString(), //
transport tag
new
Integer32(StorageType.nonVolatile), // storage type
new
Integer32(RowStatus.active) // row status
};
Variable[] com2sec2 = new Variable[]
{
new OctetString("private"),
new OctetString("cprivate"),
// security name
getAgent().getContextEngineID(), // local engine ID
new OctetString("private"),
// default context name
new OctetString(), //
transport tag
new
Integer32(StorageType.nonVolatile), // storage type
new
Integer32(RowStatus.active) // row status
};
MOTableRow row2 =
communityMIB.getSnmpCommunityEntry().createRow(new
OctetString("private").toSubIndex(true), com2sec2);
MOTableRow row1 =
communityMIB.getSnmpCommunityEntry().createRow(new
OctetString("public").toSubIndex(true), com2sec1);
communityMIB.getSnmpCommunityEntry().addRow(row2);
communityMIB.getSnmpCommunityEntry().addRow(row1);
}
and
/**
* Adds initial VACM configuration.
*/
@Override
protected void addViews(VacmMIB vacm)
{
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cpublic"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cprivate"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addAccess(new OctetString("v1v2group"),
new OctetString("public"), SecurityModel.SECURITY_MODEL_ANY,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadView"), new OctetString("fullWriteView"), new
OctetString("fullNotifyView"), StorageType.nonVolatile);
vacm.addAccess(new OctetString("v1v2group"),
new OctetString("private"), SecurityModel.SECURITY_MODEL_SNMPv2c,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadView"), new OctetString("fullWriteView"), new
OctetString("fullNotifyView"), StorageType.nonVolatile);
// vacm.addViewTreeFamily(new
OctetString("fullReadView"), new OID("1.3"), new OctetString(),
VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
vacm.addViewTreeFamily(new
OctetString("fullWriteView"), new OID("1.3.6.1.3.22.2.10"), new
OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
}
I think all the areas where changes were needed, were added. The only
suspicion that I have is that the default context for all newly created
objects may be set to "public" rather than "private" and I have no clue
right now where to change it and how to do it.
Any suggestions / hints?
Thank you in advance
Marek
More information about the SNMP4J
mailing list