[SNMP4J] SET access to created managed objects
Marek Hajduczenia
marek.hajduczenia at gmail.com
Tue Apr 2 23:11:08 CEST 2013
Hi Frank,
The default configuration covers the whole 1.3 tree with "fullReadView",
which is fine enough. If I understand correctly, that makes the whole tree
in 1.3 branch accessible for reading ...
=== vacm.addViewTreeFamily(new OctetString("fullReadView"), new OID("1.3"),
new OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
Now, I added the following statement as well:
=== vacm.addViewTreeFamily(new OctetString("fullWriteView"), new
OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
which if I understand the syntax correctly, should add the " fullWriteView"
access to the whole experimental root that I am using. I am not sure how the
debug information helps me in this case, since it points out that "private"
context is found (23705 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence info for
'private') and then the request was created successfully. The only line that
causes some concerns is the following:
77558 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.2.10.1,lowerIn
cluded=true,upperBound=1.3.6.1.3.22.2.10.1,upperIncluded=true],vb=1.3.6.1.3.
22.2.10.1 =
12,status=org.snmp4j.agent.request.RequestStatus at 6d7300f9,query=null,index=0
,targetMO=null]]
where the targetMO is marked as null.
I also examined how 5 test scalar objects are created
179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 4a05fd83,value=Marek-HP,volatile=false] in default context
with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 4a05fd83,value=Marek-HP,volatile=false]
179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 4a05fd83,value=C:\Musicas,volatile=false] in default context
with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 4a05fd83,value=C:\Musicas,volatile=false]
180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 4a05fd83,value=MediaMonkey,volatile=false] in default
context with scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 4a05fd83,value=MediaMonkey,volatile=false]
180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 4a05fd83,value=0,volatile=false] in default context with
scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 4a05fd83,value=0,volatile=false]
180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 674e5e21,value=15,volatile=false] in default context with
scope
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
mo.MOAccessImpl at 674e5e21,value=15,volatile=false]
Objects with OID = 1.3.6.1.3.22.1.1.0, 1.3.6.1.3.22.1.2.0,
1.3.6.1.3.22.1.3.0, and 1.3.6.1.3.22.1.4.0 are created as read-only, and
1.3.6.1.3.22.1.5.0 is created as read-write, and that is visible in the
difference in the access=org.snmp4j.agent.mo.MOAccessImpl@ statements.
However, how to combine that together, is not clear to me ... sorry
Marek
-----Original Message-----
From: snmp4j-bounces at agentpp.org [mailto:snmp4j-bounces at agentpp.org] On
Behalf Of Frank Fock
Sent: Tuesday, 02 April, 2013 8:50 PM
To: snmp4j at agentpp.org
Subject: Re: [SNMP4J] SET access to created managed objects
Hi Marek,
You have to setup the VACM properly in order to allow access to the
OID/subtree you are requesting. The default VACM configuration does not
include the "experimental" sub-tree IMHO.
The log output gives you more detailed hints.
Best regards,
Frank
Am 02.04.2013 11:13, schrieb Marek Hajduczenia:
> Dear colleagues,
>
>
>
> I create a very simple scalar in my agent:
>
>
>
> OID oidTest = new OID("1.3.6.1.3.22.1.5.0");
>
> MOScalar sysScalarTest = new MOScalar(oidTest,
> MOAccessImpl.ACCESS_READ_WRITE, new Integer32(15));
>
> server.registerManagedObject(sysScalarTest);
>
>
>
> and then would like to change its value remotely using the MIB
> browser. What I get back on the debug in Eclipse is the "Error
'Authorization error'
> generated at: 1.3.6.1.3.22.1.5.0 = 123" preceded by debug information
> about the message exchange and status exchange between agent and MIB
browser.
> Everything seems fine, i.e., "private" community is found, request
> with the private scope was created and proper object was found.
> However, when time to change came around, no change was done.
>
>
>
> ===========================================================
>
>
>
> 20353 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
> org.snmp4j.transport.DefaultUdpTransportMapping - Received message
> from
> localhost/127.0.0.1/56019 with length 45:
> 30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a3:1d:02:04:5a:ad:24:55:02:0
> 1:00:0 2:01:00:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
>
> 20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
> org.snmp4j.Snmp - Fire process PDU event:
> CommandResponderEvent[securityModel=2,
> securityLevel=1, maxSizeResponsePDU=65535,
> pduHandle=PduHandle[1521296469],
> stateReference=StateReference[msgID=0,pduHandle=PduHandle[1521296469],
> securi
> tyEngineID=null,securityModel=null,securityName=private,securityLevel=
> 1,cont extEngineID=null,contextName=null,retryMsgIDs=null],
> pdu=SET[requestID=1521296469, errorStatus=Success(0), errorIndex=0,
> VBS[1.3.6.1.3.22.1.5.0 = 123]], messageProcessingModel=1,
> securityName=private, processed=false, peerAddress=127.0.0.1/56019,
> transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping at 36c8e
> 545,
> tmStateReference=null]
>
> 20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence
> info for 'private'
>
> 20355 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Found coexistence info
> for
>
'private'=CoexistenceInfo[securityName=cprivate,contextEngineID=80:00:13:70:
> 01:c0:a8:01:04,contextName=private,transportTag=]
>
> 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Address 127.0.0.1/56019
> passes filter, because source address filtering is disabled
>
> 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
> org.snmp4j.agent.request.SnmpRequest - Created subrequest 0 with
> scope
org.snmp4j.agent.DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.
> 22.1.5.0,lowerIncluded=true,upperBound=1.3.6.1.3.22.1.5.0,upperInclude
> d=true
> ] from 1.3.6.1.3.22.1.5.0 = 123
>
> 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
> org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
>
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
> DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.1.5.0,lo
> werInc
> luded=true,upperBound=1.3.6.1.3.22.1.5.0,upperIncluded=true],vb=1.3.6.
> 1.3.22
> .1.5.0 =
> 123,status=org.snmp4j.agent.request.RequestStatus at 6ceac619,query=null,
> index=
> 0,targetMO=null]]
>
> 20358 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
> org.snmp4j.transport.DefaultUdpTransportMapping - Sending message to
> 127.0.0.1/56019 with length 45:
> 30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a2:1d:02:04:5a:ad:24:55:02:0
> 1:10:0 2:01:01:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
>
> java.lang.Exception: Error 'Authorization error' generated at:
> 1.3.6.1.3.22.1.5.0 = 123
>
> at
> org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChang
> ed(Snm
> pRequest.java:617)
>
> at
> org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(Reques
> tStatu
> s.java:89)
>
> at
> org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.ja
> va:52)
>
> at
> org.snmp4j.agent.CommandProcessor.setAuthorizationError(CommandProcess
> or.jav
> a:499)
>
> at
> org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.java
> :378)
>
> at
> org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.jav
> a:339)
>
> at
> org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:55
> 9)
>
> at
> org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:162
> )
>
> at
> org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl.
> java:6
> 64)
>
> at
>
org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:
> 297)
>
> at
> org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
> java:3
> 68)
>
> at
> org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
> java:3
> 28)
>
> at
> org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(Abstr
> actTra
> nsportMapping.java:76)
>
> at
> org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(Defau
> ltUdpT
> ransportMapping.java:378)
>
> at java.lang.Thread.run(Unknown Source)
>
>
>
> ===========================================================
>
>
>
> Definition of the "public" and "private" communities are as follows:
>
>
>
> protected void addCommunities(SnmpCommunityMIB
> communityMIB)
>
>
> {
>
> Variable[] com2sec1 = new Variable[]
>
> {
>
> new
> OctetString("public"),
>
> new
> OctetString("cpublic"), // security name
>
>
> getAgent().getContextEngineID(), // local engine ID
>
> new
> OctetString("public"), // default context name
>
> new OctetString(), //
> transport tag
>
> new
> Integer32(StorageType.nonVolatile), // storage type
>
> new
> Integer32(RowStatus.active) // row status
>
> };
>
>
>
> Variable[] com2sec2 = new Variable[]
>
> {
>
> new
> OctetString("private"),
>
> new
> OctetString("cprivate"), // security name
>
>
> getAgent().getContextEngineID(), // local engine ID
>
> new
> OctetString("private"), // default context name
>
> new OctetString(), //
> transport tag
>
> new
> Integer32(StorageType.nonVolatile), // storage type
>
> new
> Integer32(RowStatus.active) // row status
>
> };
>
>
>
> MOTableRow row2 =
> communityMIB.getSnmpCommunityEntry().createRow(new
> OctetString("private").toSubIndex(true), com2sec2);
>
> MOTableRow row1 =
> communityMIB.getSnmpCommunityEntry().createRow(new
> OctetString("public").toSubIndex(true), com2sec1);
>
>
> communityMIB.getSnmpCommunityEntry().addRow(row2);
>
>
> communityMIB.getSnmpCommunityEntry().addRow(row1);
>
>
>
> }
>
>
>
> and
>
>
>
> /**
>
> * Adds initial VACM configuration.
>
> */
>
> @Override
>
> protected void addViews(VacmMIB vacm)
>
> {
>
>
> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
> OctetString("cpublic"), new OctetString("v1v2group"),
> StorageType.nonVolatile);
>
>
> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
> OctetString("cprivate"), new OctetString("v1v2group"),
> StorageType.nonVolatile);
>
>
>
> vacm.addAccess(new
> OctetString("v1v2group"), new OctetString("public"),
> SecurityModel.SECURITY_MODEL_ANY, SecurityLevel.NOAUTH_NOPRIV,
> MutableVACM.VACM_MATCH_EXACT, new OctetString("fullReadView"), new
> OctetString("fullWriteView"), new OctetString("fullNotifyView"),
> StorageType.nonVolatile);
>
> vacm.addAccess(new
> OctetString("v1v2group"), new OctetString("private"),
> SecurityModel.SECURITY_MODEL_SNMPv2c,
> SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
> OctetString("fullReadView"), new OctetString("fullWriteView"), new
> OctetString("fullNotifyView"), StorageType.nonVolatile);
>
>
>
> // vacm.addViewTreeFamily(new
> OctetString("fullReadView"), new OID("1.3"), new OctetString(),
> VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
>
> vacm.addViewTreeFamily(new
> OctetString("fullWriteView"), new OID("1.3.6.1.3.22.2.10"), new
> OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
>
> }
>
>
>
> I think all the areas where changes were needed, were added. The only
> suspicion that I have is that the default context for all newly
> created objects may be set to "public" rather than "private" and I
> have no clue right now where to change it and how to do it.
>
>
>
> Any suggestions / hints?
>
>
>
> Thank you in advance
>
>
>
> Marek
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax: +49 7024 8688231
_______________________________________________
SNMP4J mailing list
SNMP4J at agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j
More information about the SNMP4J
mailing list