[SNMP4J] SET access to created managed objects
Marek Hajduczenia
marek.hajduczenia at gmail.com
Tue Apr 2 23:39:55 CEST 2013
Frank,
I tried to bind the "private" community to all views as follows
protected void addViews(VacmMIB vacm)
{
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cpublic"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cprivate"), new OctetString("v1v2group"),
StorageType.nonVolatile);
vacm.addAccess(new OctetString("v1v2group"), new
OctetString("public"), SecurityModel.SECURITY_MODEL_SNMPv2c,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadViewPublic"), new OctetString("fullWriteViewPublic"),
new OctetString("fullNotifyViewPublic"), StorageType.nonVolatile);
vacm.addAccess(new OctetString("v1v2group"), new
OctetString("private"), SecurityModel.SECURITY_MODEL_SNMPv2c,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadViewPrivate"), new OctetString("fullWriteViewPrivate"),
new OctetString("fullNotifyViewPrivate"), StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullReadViewPublic"), new
OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullWriteViewPublic"), new
OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullNotifyViewPublic"), new
OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullReadViewPrivate"), new
OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullWriteViewPrivate"), new
OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullNotifyViewPrivate"), new
OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
}
separating definitions of views for public and private communities, but it
did not remove the problem.
I also looked into the SnapshopAgent.java class, but definitions for V2c
included there are very similar to what I am doing so I must be missing
something obvious here ...
Thanks for the patience
Marek
-----Original Message-----
From: Frank Fock [mailto:fock at agentpp.com]
Sent: Tuesday, 02 April, 2013 10:21 PM
To: Marek Hajduczenia
Cc: snmp4j at agentpp.org
Subject: Re: [SNMP4J] SET access to created managed objects
Hi Marek,
Then it the "private" context which you did not bound to the VACM view
"fullReadView".
Best regards,
Frank
Am 02.04.2013 23:11, schrieb Marek Hajduczenia:
> Hi Frank,
>
> The default configuration covers the whole 1.3 tree with
> "fullReadView", which is fine enough. If I understand correctly, that
> makes the whole tree in 1.3 branch accessible for reading ...
>
> === vacm.addViewTreeFamily(new OctetString("fullReadView"), new
> OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
> StorageType.nonVolatile);
>
> Now, I added the following statement as well:
>
> === vacm.addViewTreeFamily(new OctetString("fullWriteView"), new
> OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
> StorageType.nonVolatile);
>
> which if I understand the syntax correctly, should add the "
fullWriteView"
> access to the whole experimental root that I am using. I am not sure
> how the debug information helps me in this case, since it points out that
"private"
> context is found (23705 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence
> info for
> 'private') and then the request was created successfully. The only
> line that causes some concerns is the following:
>
> 77558 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
> org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
>
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
> DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.2.10.1,l
> owerIn
>
cluded=true,upperBound=1.3.6.1.3.22.2.10.1,upperIncluded=true],vb=1.3.6.1.3.
> 22.2.10.1 =
> 12,status=org.snmp4j.agent.request.RequestStatus at 6d7300f9,query=null,i
> ndex=0
> ,targetMO=null]]
>
> where the targetMO is marked as null.
>
> I also examined how 5 test scalar objects are created
>
> 179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 4a05fd83,value=Marek-HP,volatile=false] in default
> context with scope
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 4a05fd83,value=Marek-HP,volatile=false]
> 179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 4a05fd83,value=C:\Musicas,volatile=false] in default
> context with scope
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 4a05fd83,value=C:\Musicas,volatile=false]
> 180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 4a05fd83,value=MediaMonkey,volatile=false] in default
> context with scope
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 4a05fd83,value=MediaMonkey,volatile=false]
> 180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 4a05fd83,value=0,volatile=false] in default context
> with scope
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 4a05fd83,value=0,volatile=false]
> 180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 674e5e21,value=15,volatile=false] in default context
> with scope
>
org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
> mo.MOAccessImpl at 674e5e21,value=15,volatile=false]
>
> Objects with OID = 1.3.6.1.3.22.1.1.0, 1.3.6.1.3.22.1.2.0,
> 1.3.6.1.3.22.1.3.0, and 1.3.6.1.3.22.1.4.0 are created as read-only,
> and
> 1.3.6.1.3.22.1.5.0 is created as read-write, and that is visible in
> the difference in the access=org.snmp4j.agent.mo.MOAccessImpl@ statements.
> However, how to combine that together, is not clear to me ... sorry
>
> Marek
>
> -----Original Message-----
> From: snmp4j-bounces at agentpp.org [mailto:snmp4j-bounces at agentpp.org]
> On Behalf Of Frank Fock
> Sent: Tuesday, 02 April, 2013 8:50 PM
> To: snmp4j at agentpp.org
> Subject: Re: [SNMP4J] SET access to created managed objects
>
> Hi Marek,
>
> You have to setup the VACM properly in order to allow access to the
> OID/subtree you are requesting. The default VACM configuration does
> not include the "experimental" sub-tree IMHO.
>
> The log output gives you more detailed hints.
>
> Best regards,
> Frank
>
> Am 02.04.2013 11:13, schrieb Marek Hajduczenia:
>> Dear colleagues,
>>
>>
>>
>> I create a very simple scalar in my agent:
>>
>>
>>
>> OID oidTest = new OID("1.3.6.1.3.22.1.5.0");
>>
>> MOScalar sysScalarTest = new MOScalar(oidTest,
>> MOAccessImpl.ACCESS_READ_WRITE, new Integer32(15));
>>
>> server.registerManagedObject(sysScalarTest);
>>
>>
>>
>> and then would like to change its value remotely using the MIB
>> browser. What I get back on the debug in Eclipse is the "Error
> 'Authorization error'
>> generated at: 1.3.6.1.3.22.1.5.0 = 123" preceded by debug information
>> about the message exchange and status exchange between agent and MIB
> browser.
>> Everything seems fine, i.e., "private" community is found, request
>> with the private scope was created and proper object was found.
>> However, when time to change came around, no change was done.
>>
>>
>>
>> ===========================================================
>>
>>
>>
>> 20353 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>> org.snmp4j.transport.DefaultUdpTransportMapping - Received message
>> from
>> localhost/127.0.0.1/56019 with length 45:
>> 30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a3:1d:02:04:5a:ad:24:55:02:
>> 0
>> 1:00:0 2:01:00:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
>>
>> 20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>> org.snmp4j.Snmp - Fire process PDU event:
>> CommandResponderEvent[securityModel=2,
>> securityLevel=1, maxSizeResponsePDU=65535,
>> pduHandle=PduHandle[1521296469],
>> stateReference=StateReference[msgID=0,pduHandle=PduHandle[1521296469]
>> ,
>> securi
>> tyEngineID=null,securityModel=null,securityName=private,securityLevel
>> = 1,cont extEngineID=null,contextName=null,retryMsgIDs=null],
>> pdu=SET[requestID=1521296469, errorStatus=Success(0), errorIndex=0,
>> VBS[1.3.6.1.3.22.1.5.0 = 123]], messageProcessingModel=1,
>> securityName=private, processed=false, peerAddress=127.0.0.1/56019,
>> transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping at 36c8
>> e
>> 545,
>> tmStateReference=null]
>>
>> 20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence
>> info for 'private'
>>
>> 20355 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Found coexistence info
>> for
>>
>
'private'=CoexistenceInfo[securityName=cprivate,contextEngineID=80:00:13:70:
>> 01:c0:a8:01:04,contextName=private,transportTag=]
>>
>> 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Address 127.0.0.1/56019
>> passes filter, because source address filtering is disabled
>>
>> 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>> org.snmp4j.agent.request.SnmpRequest - Created subrequest 0 with
>> scope
>
org.snmp4j.agent.DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.
>> 22.1.5.0,lowerIncluded=true,upperBound=1.3.6.1.3.22.1.5.0,upperInclud
>> e
>> d=true
>> ] from 1.3.6.1.3.22.1.5.0 = 123
>>
>> 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>> org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
>>
>
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
>> DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.1.5.0,l
>> o
>> werInc
>> luded=true,upperBound=1.3.6.1.3.22.1.5.0,upperIncluded=true],vb=1.3.6.
>> 1.3.22
>> .1.5.0 =
>> 123,status=org.snmp4j.agent.request.RequestStatus at 6ceac619,query=null
>> ,
>> index=
>> 0,targetMO=null]]
>>
>> 20358 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>> org.snmp4j.transport.DefaultUdpTransportMapping - Sending message to
>> 127.0.0.1/56019 with length 45:
>> 30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a2:1d:02:04:5a:ad:24:55:02:
>> 0
>> 1:10:0 2:01:01:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
>>
>> java.lang.Exception: Error 'Authorization error' generated at:
>> 1.3.6.1.3.22.1.5.0 = 123
>>
>> at
>> org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChan
>> g
>> ed(Snm
>> pRequest.java:617)
>>
>> at
>> org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(Reque
>> s
>> tStatu
>> s.java:89)
>>
>> at
>> org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.j
>> a
>> va:52)
>>
>> at
>> org.snmp4j.agent.CommandProcessor.setAuthorizationError(CommandProces
>> s
>> or.jav
>> a:499)
>>
>> at
>> org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.jav
>> a
>> :378)
>>
>> at
>> org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.ja
>> v
>> a:339)
>>
>> at
>> org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:5
>> 5
>> 9)
>>
>> at
>> org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:16
>> 2
>> )
>>
>> at
>> org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl.
>> java:6
>> 64)
>>
>> at
>>
>
org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:
>> 297)
>>
>> at
>> org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
>> java:3
>> 68)
>>
>> at
>> org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
>> java:3
>> 28)
>>
>> at
>> org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(Abst
>> r
>> actTra
>> nsportMapping.java:76)
>>
>> at
>> org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(Defa
>> u
>> ltUdpT
>> ransportMapping.java:378)
>>
>> at java.lang.Thread.run(Unknown Source)
>>
>>
>>
>> ===========================================================
>>
>>
>>
>> Definition of the "public" and "private" communities are as follows:
>>
>>
>>
>> protected void addCommunities(SnmpCommunityMIB
>> communityMIB)
>>
>>
>> {
>>
>> Variable[] com2sec1 = new
>> Variable[]
>>
>> {
>>
>> new
>> OctetString("public"),
>>
>> new
>> OctetString("cpublic"), // security name
>>
>>
>> getAgent().getContextEngineID(), // local engine ID
>>
>> new
>> OctetString("public"), // default context name
>>
>> new OctetString(),
>> // transport tag
>>
>> new
>> Integer32(StorageType.nonVolatile), // storage type
>>
>> new
>> Integer32(RowStatus.active) // row status
>>
>> };
>>
>>
>>
>> Variable[] com2sec2 = new
>> Variable[]
>>
>> {
>>
>> new
>> OctetString("private"),
>>
>> new
>> OctetString("cprivate"), // security name
>>
>>
>> getAgent().getContextEngineID(), // local engine ID
>>
>> new
>> OctetString("private"), // default context name
>>
>> new OctetString(),
>> // transport tag
>>
>> new
>> Integer32(StorageType.nonVolatile), // storage type
>>
>> new
>> Integer32(RowStatus.active) // row status
>>
>> };
>>
>>
>>
>> MOTableRow row2 =
>> communityMIB.getSnmpCommunityEntry().createRow(new
>> OctetString("private").toSubIndex(true), com2sec2);
>>
>> MOTableRow row1 =
>> communityMIB.getSnmpCommunityEntry().createRow(new
>> OctetString("public").toSubIndex(true), com2sec1);
>>
>>
>> communityMIB.getSnmpCommunityEntry().addRow(row2);
>>
>>
>> communityMIB.getSnmpCommunityEntry().addRow(row1);
>>
>>
>>
>> }
>>
>>
>>
>> and
>>
>>
>>
>> /**
>>
>> * Adds initial VACM configuration.
>>
>> */
>>
>> @Override
>>
>> protected void addViews(VacmMIB vacm)
>>
>> {
>>
>>
>> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
>> OctetString("cpublic"), new OctetString("v1v2group"),
>> StorageType.nonVolatile);
>>
>>
>> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
>> OctetString("cprivate"), new OctetString("v1v2group"),
>> StorageType.nonVolatile);
>>
>>
>>
>> vacm.addAccess(new
>> OctetString("v1v2group"), new OctetString("public"),
>> SecurityModel.SECURITY_MODEL_ANY, SecurityLevel.NOAUTH_NOPRIV,
>> MutableVACM.VACM_MATCH_EXACT, new OctetString("fullReadView"), new
>> OctetString("fullWriteView"), new OctetString("fullNotifyView"),
>> StorageType.nonVolatile);
>>
>> vacm.addAccess(new
>> OctetString("v1v2group"), new OctetString("private"),
>> SecurityModel.SECURITY_MODEL_SNMPv2c,
>> SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
>> OctetString("fullReadView"), new OctetString("fullWriteView"), new
>> OctetString("fullNotifyView"), StorageType.nonVolatile);
>>
>>
>>
>> // vacm.addViewTreeFamily(new
>> OctetString("fullReadView"), new OID("1.3"), new OctetString(),
>> VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
>>
>> vacm.addViewTreeFamily(new
>> OctetString("fullWriteView"), new OID("1.3.6.1.3.22.2.10"), new
>> OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
>>
>> }
>>
>>
>>
>> I think all the areas where changes were needed, were added. The only
>> suspicion that I have is that the default context for all newly
>> created objects may be set to "public" rather than "private" and I
>> have no clue right now where to change it and how to do it.
>>
>>
>>
>> Any suggestions / hints?
>>
>>
>>
>> Thank you in advance
>>
>>
>>
>> Marek
>>
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J at agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/snmp4j
> --
> ---
> AGENT++
> Maximilian-Kolbe-Str. 10
> 73257 Koengen, Germany
> https://agentpp.com
> Phone: +49 7024 8688230
> Fax: +49 7024 8688231
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
>
--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax: +49 7024 8688231
More information about the SNMP4J
mailing list