[SNMP4J] SET access to created managed objects
Frank Fock
fock at agentpp.com
Tue Apr 2 23:42:09 CEST 2013
Marek,
You have mapped your views only to the default context, but you
have mapped the "private" community to the "private" context.
That will not work. Either map your "private" community to the
default context ("") or map all the views to the "private" context too.
Best regards,
Frank
Am 02.04.2013 23:39, schrieb Marek Hajduczenia:
> Frank,
>
> I tried to bind the "private" community to all views as follows
>
> protected void addViews(VacmMIB vacm)
> {
> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
> OctetString("cpublic"), new OctetString("v1v2group"),
> StorageType.nonVolatile);
> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
> OctetString("cprivate"), new OctetString("v1v2group"),
> StorageType.nonVolatile);
>
> vacm.addAccess(new OctetString("v1v2group"), new
> OctetString("public"), SecurityModel.SECURITY_MODEL_SNMPv2c,
> SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
> OctetString("fullReadViewPublic"), new OctetString("fullWriteViewPublic"),
> new OctetString("fullNotifyViewPublic"), StorageType.nonVolatile);
> vacm.addAccess(new OctetString("v1v2group"), new
> OctetString("private"), SecurityModel.SECURITY_MODEL_SNMPv2c,
> SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
> OctetString("fullReadViewPrivate"), new OctetString("fullWriteViewPrivate"),
> new OctetString("fullNotifyViewPrivate"), StorageType.nonVolatile);
>
> vacm.addViewTreeFamily(new OctetString("fullReadViewPublic"), new
> OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
> StorageType.nonVolatile);
> vacm.addViewTreeFamily(new OctetString("fullWriteViewPublic"), new
> OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
> StorageType.nonVolatile);
> vacm.addViewTreeFamily(new OctetString("fullNotifyViewPublic"), new
> OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
> StorageType.nonVolatile);
> vacm.addViewTreeFamily(new OctetString("fullReadViewPrivate"), new
> OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
> StorageType.nonVolatile);
> vacm.addViewTreeFamily(new OctetString("fullWriteViewPrivate"), new
> OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
> StorageType.nonVolatile);
> vacm.addViewTreeFamily(new OctetString("fullNotifyViewPrivate"), new
> OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
> StorageType.nonVolatile);
> }
>
> separating definitions of views for public and private communities, but it
> did not remove the problem.
>
> I also looked into the SnapshopAgent.java class, but definitions for V2c
> included there are very similar to what I am doing so I must be missing
> something obvious here ...
>
> Thanks for the patience
>
> Marek
>
> -----Original Message-----
> From: Frank Fock [mailto:fock at agentpp.com]
> Sent: Tuesday, 02 April, 2013 10:21 PM
> To: Marek Hajduczenia
> Cc: snmp4j at agentpp.org
> Subject: Re: [SNMP4J] SET access to created managed objects
>
> Hi Marek,
>
> Then it the "private" context which you did not bound to the VACM view
> "fullReadView".
>
> Best regards,
> Frank
>
> Am 02.04.2013 23:11, schrieb Marek Hajduczenia:
>> Hi Frank,
>>
>> The default configuration covers the whole 1.3 tree with
>> "fullReadView", which is fine enough. If I understand correctly, that
>> makes the whole tree in 1.3 branch accessible for reading ...
>>
>> === vacm.addViewTreeFamily(new OctetString("fullReadView"), new
>> OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
>> StorageType.nonVolatile);
>>
>> Now, I added the following statement as well:
>>
>> === vacm.addViewTreeFamily(new OctetString("fullWriteView"), new
>> OID("1.3.6.1.3.22"), new OctetString(), VacmMIB.vacmViewIncluded,
>> StorageType.nonVolatile);
>>
>> which if I understand the syntax correctly, should add the "
> fullWriteView"
>> access to the whole experimental root that I am using. I am not sure
>> how the debug information helps me in this case, since it points out that
> "private"
>> context is found (23705 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
>> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence
>> info for
>> 'private') and then the request was created successfully. The only
>> line that causes some concerns is the following:
>>
>> 77558 [DefaultUDPTransportMapping_0.0.0.0/161] DEBUG
>> org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
>>
> [org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
>> DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.2.10.1,l
>> owerIn
>>
> cluded=true,upperBound=1.3.6.1.3.22.2.10.1,upperIncluded=true],vb=1.3.6.1.3.
>> 22.2.10.1 =
>> 12,status=org.snmp4j.agent.request.RequestStatus at 6d7300f9,query=null,i
>> ndex=0
>> ,targetMO=null]]
>>
>> where the targetMO is marked as null.
>>
>> I also examined how 5 test scalar objects are created
>>
>> 179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 4a05fd83,value=Marek-HP,volatile=false] in default
>> context with scope
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.1.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 4a05fd83,value=Marek-HP,volatile=false]
>> 179 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 4a05fd83,value=C:\Musicas,volatile=false] in default
>> context with scope
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.2.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 4a05fd83,value=C:\Musicas,volatile=false]
>> 180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 4a05fd83,value=MediaMonkey,volatile=false] in default
>> context with scope
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.3.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 4a05fd83,value=MediaMonkey,volatile=false]
>> 180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 4a05fd83,value=0,volatile=false] in default context
>> with scope
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.4.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 4a05fd83,value=0,volatile=false]
>> 180 [main] INFO org.snmp4j.agent.DefaultMOServer - Registered MO
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 674e5e21,value=15,volatile=false] in default context
>> with scope
>>
> org.snmp4j.agent.mo.MOScalar[oid=1.3.6.1.3.22.1.5.0,access=org.snmp4j.agent.
>> mo.MOAccessImpl at 674e5e21,value=15,volatile=false]
>>
>> Objects with OID = 1.3.6.1.3.22.1.1.0, 1.3.6.1.3.22.1.2.0,
>> 1.3.6.1.3.22.1.3.0, and 1.3.6.1.3.22.1.4.0 are created as read-only,
>> and
>> 1.3.6.1.3.22.1.5.0 is created as read-write, and that is visible in
>> the difference in the access=org.snmp4j.agent.mo.MOAccessImpl@ statements.
>> However, how to combine that together, is not clear to me ... sorry
>>
>> Marek
>>
>> -----Original Message-----
>> From: snmp4j-bounces at agentpp.org [mailto:snmp4j-bounces at agentpp.org]
>> On Behalf Of Frank Fock
>> Sent: Tuesday, 02 April, 2013 8:50 PM
>> To: snmp4j at agentpp.org
>> Subject: Re: [SNMP4J] SET access to created managed objects
>>
>> Hi Marek,
>>
>> You have to setup the VACM properly in order to allow access to the
>> OID/subtree you are requesting. The default VACM configuration does
>> not include the "experimental" sub-tree IMHO.
>>
>> The log output gives you more detailed hints.
>>
>> Best regards,
>> Frank
>>
>> Am 02.04.2013 11:13, schrieb Marek Hajduczenia:
>>> Dear colleagues,
>>>
>>>
>>>
>>> I create a very simple scalar in my agent:
>>>
>>>
>>>
>>> OID oidTest = new OID("1.3.6.1.3.22.1.5.0");
>>>
>>> MOScalar sysScalarTest = new MOScalar(oidTest,
>>> MOAccessImpl.ACCESS_READ_WRITE, new Integer32(15));
>>>
>>> server.registerManagedObject(sysScalarTest);
>>>
>>>
>>>
>>> and then would like to change its value remotely using the MIB
>>> browser. What I get back on the debug in Eclipse is the "Error
>> 'Authorization error'
>>> generated at: 1.3.6.1.3.22.1.5.0 = 123" preceded by debug information
>>> about the message exchange and status exchange between agent and MIB
>> browser.
>>> Everything seems fine, i.e., "private" community is found, request
>>> with the private scope was created and proper object was found.
>>> However, when time to change came around, no change was done.
>>>
>>>
>>>
>>> ===========================================================
>>>
>>>
>>>
>>> 20353 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>>> org.snmp4j.transport.DefaultUdpTransportMapping - Received message
>>> from
>>> localhost/127.0.0.1/56019 with length 45:
>>> 30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a3:1d:02:04:5a:ad:24:55:02:
>>> 0
>>> 1:00:0 2:01:00:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
>>>
>>> 20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>>> org.snmp4j.Snmp - Fire process PDU event:
>>> CommandResponderEvent[securityModel=2,
>>> securityLevel=1, maxSizeResponsePDU=65535,
>>> pduHandle=PduHandle[1521296469],
>>> stateReference=StateReference[msgID=0,pduHandle=PduHandle[1521296469]
>>> ,
>>> securi
>>> tyEngineID=null,securityModel=null,securityName=private,securityLevel
>>> = 1,cont extEngineID=null,contextName=null,retryMsgIDs=null],
>>> pdu=SET[requestID=1521296469, errorStatus=Success(0), errorIndex=0,
>>> VBS[1.3.6.1.3.22.1.5.0 = 123]], messageProcessingModel=1,
>>> securityName=private, processed=false, peerAddress=127.0.0.1/56019,
>>> transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping at 36c8
>>> e
>>> 545,
>>> tmStateReference=null]
>>>
>>> 20354 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>>> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Looking up coexistence
>>> info for 'private'
>>>
>>> 20355 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>>> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Found coexistence info
>>> for
>>>
> 'private'=CoexistenceInfo[securityName=cprivate,contextEngineID=80:00:13:70:
>>> 01:c0:a8:01:04,contextName=private,transportTag=]
>>>
>>> 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>>> org.snmp4j.agent.mo.snmp.SnmpCommunityMIB - Address 127.0.0.1/56019
>>> passes filter, because source address filtering is disabled
>>>
>>> 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>>> org.snmp4j.agent.request.SnmpRequest - Created subrequest 0 with
>>> scope
> org.snmp4j.agent.DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.
>>> 22.1.5.0,lowerIncluded=true,upperBound=1.3.6.1.3.22.1.5.0,upperInclud
>>> e
>>> d=true
>>> ] from 1.3.6.1.3.22.1.5.0 = 123
>>>
>>> 20356 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>>> org.snmp4j.agent.request.SnmpRequest - SnmpSubRequests initialized:
>>>
> [org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
>>> DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.1.5.0,l
>>> o
>>> werInc
>>> luded=true,upperBound=1.3.6.1.3.22.1.5.0,upperIncluded=true],vb=1.3.6.
>>> 1.3.22
>>> .1.5.0 =
>>> 123,status=org.snmp4j.agent.request.RequestStatus at 6ceac619,query=null
>>> ,
>>> index=
>>> 0,targetMO=null]]
>>>
>>> 20358 [DefaultUDPTransportMapping_127.0.0.1/2001] DEBUG
>>> org.snmp4j.transport.DefaultUdpTransportMapping - Sending message to
>>> 127.0.0.1/56019 with length 45:
>>> 30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a2:1d:02:04:5a:ad:24:55:02:
>>> 0
>>> 1:10:0 2:01:01:30:0f:30:0d:06:08:2b:06:01:03:16:01:05:00:02:01:7b
>>>
>>> java.lang.Exception: Error 'Authorization error' generated at:
>>> 1.3.6.1.3.22.1.5.0 = 123
>>>
>>> at
>>> org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChan
>>> g
>>> ed(Snm
>>> pRequest.java:617)
>>>
>>> at
>>> org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(Reque
>>> s
>>> tStatu
>>> s.java:89)
>>>
>>> at
>>> org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.j
>>> a
>>> va:52)
>>>
>>> at
>>> org.snmp4j.agent.CommandProcessor.setAuthorizationError(CommandProces
>>> s
>>> or.jav
>>> a:499)
>>>
>>> at
>>> org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.jav
>>> a
>>> :378)
>>>
>>> at
>>> org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.ja
>>> v
>>> a:339)
>>>
>>> at
>>> org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:5
>>> 5
>>> 9)
>>>
>>> at
>>> org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:16
>>> 2
>>> )
>>>
>>> at
>>> org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl.
>>> java:6
>>> 64)
>>>
>>> at
>>>
> org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:
>>> 297)
>>>
>>> at
>>> org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
>>> java:3
>>> 68)
>>>
>>> at
>>> org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.
>>> java:3
>>> 28)
>>>
>>> at
>>> org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(Abst
>>> r
>>> actTra
>>> nsportMapping.java:76)
>>>
>>> at
>>> org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(Defa
>>> u
>>> ltUdpT
>>> ransportMapping.java:378)
>>>
>>> at java.lang.Thread.run(Unknown Source)
>>>
>>>
>>>
>>> ===========================================================
>>>
>>>
>>>
>>> Definition of the "public" and "private" communities are as follows:
>>>
>>>
>>>
>>> protected void addCommunities(SnmpCommunityMIB
>>> communityMIB)
>>>
>>>
>>> {
>>>
>>> Variable[] com2sec1 = new
>>> Variable[]
>>>
>>> {
>>>
>>> new
>>> OctetString("public"),
>>>
>>> new
>>> OctetString("cpublic"), // security name
>>>
>>>
>>> getAgent().getContextEngineID(), // local engine ID
>>>
>>> new
>>> OctetString("public"), // default context name
>>>
>>> new OctetString(),
>>> // transport tag
>>>
>>> new
>>> Integer32(StorageType.nonVolatile), // storage type
>>>
>>> new
>>> Integer32(RowStatus.active) // row status
>>>
>>> };
>>>
>>>
>>>
>>> Variable[] com2sec2 = new
>>> Variable[]
>>>
>>> {
>>>
>>> new
>>> OctetString("private"),
>>>
>>> new
>>> OctetString("cprivate"), // security name
>>>
>>>
>>> getAgent().getContextEngineID(), // local engine ID
>>>
>>> new
>>> OctetString("private"), // default context name
>>>
>>> new OctetString(),
>>> // transport tag
>>>
>>> new
>>> Integer32(StorageType.nonVolatile), // storage type
>>>
>>> new
>>> Integer32(RowStatus.active) // row status
>>>
>>> };
>>>
>>>
>>>
>>> MOTableRow row2 =
>>> communityMIB.getSnmpCommunityEntry().createRow(new
>>> OctetString("private").toSubIndex(true), com2sec2);
>>>
>>> MOTableRow row1 =
>>> communityMIB.getSnmpCommunityEntry().createRow(new
>>> OctetString("public").toSubIndex(true), com2sec1);
>>>
>>>
>>> communityMIB.getSnmpCommunityEntry().addRow(row2);
>>>
>>>
>>> communityMIB.getSnmpCommunityEntry().addRow(row1);
>>>
>>>
>>>
>>> }
>>>
>>>
>>>
>>> and
>>>
>>>
>>>
>>> /**
>>>
>>> * Adds initial VACM configuration.
>>>
>>> */
>>>
>>> @Override
>>>
>>> protected void addViews(VacmMIB vacm)
>>>
>>> {
>>>
>>>
>>> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
>>> OctetString("cpublic"), new OctetString("v1v2group"),
>>> StorageType.nonVolatile);
>>>
>>>
>>> vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
>>> OctetString("cprivate"), new OctetString("v1v2group"),
>>> StorageType.nonVolatile);
>>>
>>>
>>>
>>> vacm.addAccess(new
>>> OctetString("v1v2group"), new OctetString("public"),
>>> SecurityModel.SECURITY_MODEL_ANY, SecurityLevel.NOAUTH_NOPRIV,
>>> MutableVACM.VACM_MATCH_EXACT, new OctetString("fullReadView"), new
>>> OctetString("fullWriteView"), new OctetString("fullNotifyView"),
>>> StorageType.nonVolatile);
>>>
>>> vacm.addAccess(new
>>> OctetString("v1v2group"), new OctetString("private"),
>>> SecurityModel.SECURITY_MODEL_SNMPv2c,
>>> SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
>>> OctetString("fullReadView"), new OctetString("fullWriteView"), new
>>> OctetString("fullNotifyView"), StorageType.nonVolatile);
>>>
>>>
>>>
>>> // vacm.addViewTreeFamily(new
>>> OctetString("fullReadView"), new OID("1.3"), new OctetString(),
>>> VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
>>>
>>> vacm.addViewTreeFamily(new
>>> OctetString("fullWriteView"), new OID("1.3.6.1.3.22.2.10"), new
>>> OctetString(), VacmMIB.vacmViewIncluded, StorageType.nonVolatile);
>>>
>>> }
>>>
>>>
>>>
>>> I think all the areas where changes were needed, were added. The only
>>> suspicion that I have is that the default context for all newly
>>> created objects may be set to "public" rather than "private" and I
>>> have no clue right now where to change it and how to do it.
>>>
>>>
>>>
>>> Any suggestions / hints?
>>>
>>>
>>>
>>> Thank you in advance
>>>
>>>
>>>
>>> Marek
>>>
>>> _______________________________________________
>>> SNMP4J mailing list
>>> SNMP4J at agentpp.org
>>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>> --
>> ---
>> AGENT++
>> Maximilian-Kolbe-Str. 10
>> 73257 Koengen, Germany
>> https://agentpp.com
>> Phone: +49 7024 8688230
>> Fax: +49 7024 8688231
>>
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J at agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>>
> --
> ---
> AGENT++
> Maximilian-Kolbe-Str. 10
> 73257 Koengen, Germany
> https://agentpp.com
> Phone: +49 7024 8688230
> Fax: +49 7024 8688231
>
--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax: +49 7024 8688231
More information about the SNMP4J
mailing list