commit
ac72cc950b
@ -0,0 +1 @@
|
||||
SOURCES/net-snmp-5.8.tar.gz
|
@ -0,0 +1 @@
|
||||
81654b086af051edbe7e03ba49672aa0c2ab1d38 SOURCES/net-snmp-5.8.tar.gz
|
@ -0,0 +1,41 @@
|
||||
MIBs included in this software taken from IETF Documents are considered
|
||||
Code Components in accordance with the IETF Trust License Policy, as found
|
||||
here:
|
||||
|
||||
http://trustee.ietf.org/license-info/
|
||||
|
||||
They are available under the terms of the Simplified BSD license, a copy of
|
||||
which is included below.
|
||||
|
||||
*****
|
||||
|
||||
Copyright (c) 2013 IETF Trust and the persons identified as authors of
|
||||
the code. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
· Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
|
||||
· Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
|
||||
· Neither the name of Internet Society, IETF or IETF Trust, nor the
|
||||
names of specific contributors, may be used to endorse or promote
|
||||
products derived from this software without specific prior written
|
||||
permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS
|
||||
IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
|
||||
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
@ -0,0 +1,70 @@
|
||||
diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c
|
||||
--- old/agent/mibgroup/agent/extend.c 2020-11-11 12:41:46.377115142 +0100
|
||||
+++ new/agent/mibgroup/agent/extend.c 2020-11-11 12:50:28.047142105 +0100
|
||||
@@ -16,6 +16,12 @@
|
||||
#define SHELLCOMMAND 3
|
||||
#endif
|
||||
|
||||
+/* This mib is potentially dangerous to turn on by default, since it
|
||||
+ * allows arbitrary commands to be set by anyone with SNMP WRITE
|
||||
+ * access to the MIB table. If all of your users are "root" level
|
||||
+ * users, then it may be safe to turn on. */
|
||||
+#define ENABLE_EXTEND_WRITE_ACCESS 0
|
||||
+
|
||||
netsnmp_feature_require(extract_table_row_data)
|
||||
netsnmp_feature_require(table_data_delete_table)
|
||||
#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
|
||||
*
|
||||
**********/
|
||||
|
||||
-#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
|
||||
case MODE_SET_RESERVE1:
|
||||
/*
|
||||
* Validate the new assignments
|
||||
@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
|
||||
}
|
||||
}
|
||||
break;
|
||||
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
|
||||
+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
|
||||
|
||||
default:
|
||||
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
|
||||
@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
|
||||
}
|
||||
}
|
||||
|
||||
-#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
|
||||
/*
|
||||
* If we're marking a given row as active,
|
||||
* then we need to check that it's ready.
|
||||
@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
|
||||
}
|
||||
}
|
||||
}
|
||||
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
|
||||
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
|
||||
|
||||
return SNMP_ERR_NOERROR;
|
||||
}
|
||||
@@ -1571,7 +1577,7 @@ fixExec2Error(int action,
|
||||
idx = name[name_len-1] -1;
|
||||
exten = &compatability_entries[ idx ];
|
||||
|
||||
-#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
|
||||
switch (action) {
|
||||
case MODE_SET_RESERVE1:
|
||||
if (var_val_type != ASN_INTEGER) {
|
||||
@@ -1592,7 +1598,7 @@ fixExec2Error(int action,
|
||||
case MODE_SET_COMMIT:
|
||||
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
|
||||
}
|
||||
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
|
||||
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
|
||||
return SNMP_ERR_NOERROR;
|
||||
}
|
||||
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */
|
@ -0,0 +1,10 @@
|
||||
926223 - net-snmp: Does not support aarch64 in f19 and rawhide
|
||||
|
||||
Update autoconf version to make the test suite happy.
|
||||
|
||||
diff -up net-snmp-5.7.2/dist/autoconf-version.autoreconf net-snmp-5.7.2/dist/autoconf-version
|
||||
--- net-snmp-5.7.2/dist/autoconf-version.autoreconf 2013-03-25 13:00:15.002745347 +0100
|
||||
+++ net-snmp-5.7.2/dist/autoconf-version 2013-03-25 13:00:17.207736442 +0100
|
||||
@@ -1 +1 @@
|
||||
-2.68
|
||||
+2.69
|
@ -0,0 +1,30 @@
|
||||
1134475 - dependency in perl package
|
||||
|
||||
Use hardcoded path to configuration directories instead of net-snmp-config.
|
||||
net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
|
||||
depending on -devel.
|
||||
|
||||
diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
|
||||
--- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200
|
||||
+++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200
|
||||
@@ -819,8 +819,7 @@ sub set_default {
|
||||
sub cfg_path {
|
||||
my $path;
|
||||
|
||||
- $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`;
|
||||
- chomp $path;
|
||||
+ $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp";
|
||||
return (wantarray ? split(':', $path) : $path);
|
||||
}
|
||||
|
||||
@@ -1414,8 +1413,8 @@ sub checkReqs {
|
||||
die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later")
|
||||
if ($ossl_ver cmp $ossl_min_ver) < 0;
|
||||
|
||||
- die("$NetSNMP::Cert::CFGTOOL not found: please install")
|
||||
- if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
|
||||
+# die("$NetSNMP::Cert::CFGTOOL not found: please install")
|
||||
+# if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
|
||||
}
|
||||
|
||||
sub initOpts {
|
@ -0,0 +1,128 @@
|
||||
diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in
|
||||
--- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
|
||||
+++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200
|
||||
@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
|
||||
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
|
||||
|
||||
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
|
||||
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||
|
||||
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
|
||||
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@
|
||||
diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in
|
||||
--- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
|
||||
+++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200
|
||||
@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX
|
||||
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||
|
||||
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
|
||||
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
|
||||
--- a/apps/Makefile.in 2018-09-25 09:18:46.036239465 +0200
|
||||
+++ b/apps/Makefile.in 2018-09-25 09:38:18.361298461 +0200
|
||||
@@ -156,37 +156,37 @@ OTHERUNINSTALL=snmpinformuninstall snmpt
|
||||
# build rules
|
||||
#
|
||||
snmpwalk$(EXEEXT): snmpwalk.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpbulkwalk$(EXEEXT): snmpbulkwalk.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpbulkget$(EXEEXT): snmpbulkget.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmptranslate$(EXEEXT): snmptranslate.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpstatus$(EXEEXT): snmpstatus.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpget$(EXEEXT): snmpget.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpdelta$(EXEEXT): snmpdelta.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmptable$(EXEEXT): snmptable.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
|
||||
$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||
|
||||
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpinform$(EXEEXT): snmptrap$(EXEEXT)
|
||||
rm -f snmpinform
|
||||
@@ -197,34 +197,34 @@ snmptop$(EXEEXT): snmpps$(EXEEXT)
|
||||
$(LN_S) snmpps$(EXEEXT) snmptop$(EXEEXT)
|
||||
|
||||
snmpset$(EXEEXT): snmpset.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpusm$(EXEEXT): snmpusm.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpvacm$(EXEEXT): snmpvacm.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmptls$(EXEEXT): snmptls.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
agentxtrap$(EXEEXT): agentxtrap.$(OSUFFIX) $(USEAGENTLIBS)
|
||||
$(LINK) ${CFLAGS} -o $@ agentxtrap.$(OSUFFIX) ${LDFLAGS} $(USEAGENTLIBS) $(PERLLDOPTS_FOR_APPS) ${LIBS}
|
||||
|
||||
snmpgetnext$(EXEEXT): snmpgetnext.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
encode_keychange$(EXEEXT): encode_keychange.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpdf$(EXEEXT): snmpdf.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmpps$(EXEEXT): snmpps.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
|
||||
|
||||
snmpping$(EXEEXT): snmpping.$(OSUFFIX) $(USELIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
|
||||
|
||||
snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
|
||||
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
|
||||
diff -urNp a/apps/snmpnetstat/Makefile.in b/apps/snmpnetstat/Makefile.in
|
||||
--- a/apps/snmpnetstat/Makefile.in 2018-09-25 09:18:46.036239465 +0200
|
||||
+++ b/apps/snmpnetstat/Makefile.in 2018-09-25 09:39:30.406458117 +0200
|
||||
@@ -34,4 +34,4 @@ LIBS= ../../snmplib/libnetsnmp.$(LIB_EX
|
||||
all: standardall
|
||||
|
||||
snmpnetstat$(EXEEXT): ${LOBJS} ${USELIBS}
|
||||
- ${LINK} ${CFLAGS} -o $@ ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}
|
||||
+ ${LINK} ${CFLAGS} -o $@ -pie ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}
|
@ -0,0 +1,14 @@
|
||||
diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
|
||||
--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200
|
||||
+++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200
|
||||
@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
|
||||
return 0; /* or -1 */
|
||||
|
||||
it = CONTAINER_ITERATOR( swrun_container );
|
||||
+ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
|
||||
+ if (0 == strcmp( entry->hrSWRunName, name ))
|
||||
+ i++;
|
||||
+ }
|
||||
while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
|
||||
if (0 == strcmp( entry->hrSWRunName, name ))
|
||||
i++;
|
@ -0,0 +1,129 @@
|
||||
From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001
|
||||
From: Bill Fenner <fenner@gmail.com>
|
||||
Date: Fri, 25 Nov 2022 08:41:24 -0800
|
||||
Subject: [PATCH 1/3] snmp_agent: disallow SET with NULL varbind
|
||||
|
||||
---
|
||||
agent/snmp_agent.c | 32 ++++++++++++++++++++++++++++++++
|
||||
1 file changed, 32 insertions(+)
|
||||
|
||||
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
|
||||
index 867d0c166f..3f678fe2df 100644
|
||||
--- a/agent/snmp_agent.c
|
||||
+++ b/agent/snmp_agent.c
|
||||
@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static int
|
||||
+check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
|
||||
+{
|
||||
+ int i;
|
||||
+ netsnmp_variable_list *v = NULL;
|
||||
+
|
||||
+ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
|
||||
+ if (v->type == ASN_NULL) {
|
||||
+ /*
|
||||
+ * Protect SET implementations that do not protect themselves
|
||||
+ * against wrong type.
|
||||
+ */
|
||||
+ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
|
||||
+ asp->index = i;
|
||||
+ return SNMP_ERR_WRONGTYPE;
|
||||
+ }
|
||||
+ }
|
||||
+ return SNMP_ERR_NOERROR;
|
||||
+}
|
||||
+
|
||||
int
|
||||
handle_pdu(netsnmp_agent_session *asp)
|
||||
{
|
||||
int status, inclusives = 0;
|
||||
netsnmp_variable_list *v = NULL;
|
||||
|
||||
+#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
+ /*
|
||||
+ * Check for ASN_NULL in SET request
|
||||
+ */
|
||||
+ if (asp->pdu->command == SNMP_MSG_SET) {
|
||||
+ status = check_set_pdu_for_null_varbind(asp);
|
||||
+ if (status != SNMP_ERR_NOERROR) {
|
||||
+ return status;
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* NETSNMP_NO_WRITE_SUPPORT */
|
||||
+
|
||||
/*
|
||||
* for illegal requests, mark all nodes as ASN_NULL
|
||||
*/
|
||||
|
||||
From 7f4ac4051cc7fec6a5944661923acb95cec359c7 Mon Sep 17 00:00:00 2001
|
||||
From: Bill Fenner <fenner@gmail.com>
|
||||
Date: Fri, 25 Nov 2022 08:41:46 -0800
|
||||
Subject: [PATCH 2/3] apps: snmpset: allow SET with NULL varbind for testing
|
||||
|
||||
---
|
||||
apps/snmpset.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/apps/snmpset.c b/apps/snmpset.c
|
||||
index 48e14bd513..d542713e1b 100644
|
||||
--- a/apps/snmpset.c
|
||||
+++ b/apps/snmpset.c
|
||||
@@ -182,6 +182,7 @@ main(int argc, char *argv[])
|
||||
case 'x':
|
||||
case 'd':
|
||||
case 'b':
|
||||
+ case 'n': /* undocumented */
|
||||
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
|
||||
case 'I':
|
||||
case 'U':
|
||||
|
||||
From 15f9d7f7e5b90c9b419832ed8e6413feb6570d83 Mon Sep 17 00:00:00 2001
|
||||
From: Bill Fenner <fenner@gmail.com>
|
||||
Date: Fri, 25 Nov 2022 10:23:32 -0800
|
||||
Subject: [PATCH 3/3] Add test for NULL varbind set
|
||||
|
||||
---
|
||||
.../default/T0142snmpv2csetnull_simple | 31 +++++++++++++++++++
|
||||
1 file changed, 31 insertions(+)
|
||||
create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple
|
||||
|
||||
diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple
|
||||
new file mode 100644
|
||||
index 0000000000..0f1b8f386b
|
||||
--- /dev/null
|
||||
+++ b/testing/fulltests/default/T0142snmpv2csetnull_simple
|
||||
@@ -0,0 +1,31 @@
|
||||
+#!/bin/sh
|
||||
+
|
||||
+. ../support/simple_eval_tools.sh
|
||||
+
|
||||
+HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
|
||||
+
|
||||
+SKIPIF NETSNMP_DISABLE_SET_SUPPORT
|
||||
+SKIPIF NETSNMP_NO_WRITE_SUPPORT
|
||||
+SKIPIF NETSNMP_DISABLE_SNMPV2C
|
||||
+SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
|
||||
+
|
||||
+#
|
||||
+# Begin test
|
||||
+#
|
||||
+
|
||||
+# standard V2C configuration: testcomunnity
|
||||
+snmp_write_access='all'
|
||||
+. ./Sv2cconfig
|
||||
+STARTAGENT
|
||||
+
|
||||
+CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
|
||||
+
|
||||
+CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
|
||||
+
|
||||
+CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
|
||||
+
|
||||
+CHECK "Reason: wrongType"
|
||||
+
|
||||
+STOPAGENT
|
||||
+
|
||||
+FINISHED
|
||||
|
@ -0,0 +1,12 @@
|
||||
diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h
|
||||
--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200
|
||||
+++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200
|
||||
@@ -10,7 +10,7 @@ extern "C" {
|
||||
* Note: using the U64 typedef is deprecated because this typedef conflicts
|
||||
* with a typedef with the same name defined in the Perl header files.
|
||||
*/
|
||||
- typedef struct counter64 U64;
|
||||
+// typedef struct counter64 U64;
|
||||
#endif
|
||||
|
||||
#define I64CHARSZ 21
|
@ -0,0 +1,100 @@
|
||||
From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
|
||||
From: Bart Van Assche <bvanassche@acm.org>
|
||||
Date: Mon, 27 Apr 2020 08:23:16 -0700
|
||||
Subject: [PATCH] configure: Report supported authentication and encryption
|
||||
modes correctly
|
||||
|
||||
Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
|
||||
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
|
||||
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
|
||||
protocol constants handling") added support for several AES encryption modes.
|
||||
Make the configure script report which modes are supported.
|
||||
---
|
||||
configure | 15 ++++++++++++++-
|
||||
configure.d/config_os_misc2 | 15 ++++++++++++++-
|
||||
2 files changed, 28 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/configure b/configure
|
||||
index 46402589f..7481ebd07 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
|
||||
$as_echo "Internal Crypto Support" >&6; }
|
||||
elif test "x$useopenssl" != "xno" ; then
|
||||
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
|
||||
+ authmodes="MD5 SHA1"
|
||||
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
|
||||
+ authmodes="$authmodes SHA224 SHA256"
|
||||
+ fi
|
||||
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
|
||||
+ authmodes="$authmodes SHA384 SHA512"
|
||||
+ fi
|
||||
if test "x$enable_privacy" != "xno" ; then
|
||||
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
|
||||
encrmodes="DES AES"
|
||||
@@ -26492,6 +26498,13 @@ fi
|
||||
if test "x$enable_md5" = "xno"; then
|
||||
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
|
||||
fi
|
||||
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
|
||||
+ test "x$CRYPTO" = xinternal; then
|
||||
+ encrmodes="$encrmodes AES128"
|
||||
+ if test "x$aes_capable" = "xyes"; then
|
||||
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
|
||||
+ fi
|
||||
+fi
|
||||
|
||||
|
||||
|
||||
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
|
||||
index 1df9bf0a2..be0bccec0 100644
|
||||
--- a/configure.d/config_os_misc2
|
||||
+++ b/configure.d/config_os_misc2
|
||||
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
|
||||
AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
|
||||
AC_MSG_RESULT(Internal Crypto Support)
|
||||
elif test "x$useopenssl" != "xno" ; then
|
||||
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
|
||||
+ authmodes="MD5 SHA1"
|
||||
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
|
||||
+ authmodes="$authmodes SHA224 SHA256"
|
||||
+ fi
|
||||
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
|
||||
+ authmodes="$authmodes SHA384 SHA512"
|
||||
+ fi
|
||||
if test "x$enable_privacy" != "xno" ; then
|
||||
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
|
||||
encrmodes="DES AES"
|
||||
@@ -86,6 +92,13 @@ fi
|
||||
if test "x$enable_md5" = "xno"; then
|
||||
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
|
||||
fi
|
||||
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
|
||||
+ test "x$CRYPTO" = xinternal; then
|
||||
+ encrmodes="$encrmodes AES128"
|
||||
+ if test "x$aes_capable" = "xyes"; then
|
||||
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
|
||||
+ fi
|
||||
+fi
|
||||
AC_SUBST(LNETSNMPLIBS)
|
||||
AC_SUBST(LAGENTLIBS)
|
||||
|
||||
|
||||
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||
--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200
|
||||
+++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200
|
||||
@@ -58,11 +58,11 @@ case $1 in
|
||||
exit 1
|
||||
fi
|
||||
case $1 in
|
||||
- DES|AES|AES128)
|
||||
+ DES|AES|AES128|AES192|AES256)
|
||||
Xalgorithm=$1
|
||||
shift
|
||||
;;
|
||||
- des|aes|aes128)
|
||||
+ des|aes|aes128|aes192|aes256)
|
||||
Xalgorithm=`echo $1 | tr a-z A-Z`
|
||||
shift
|
||||
;;
|
@ -0,0 +1,122 @@
|
||||
diff -urNp a/agent/agent_trap.c b/agent/agent_trap.c
|
||||
--- a/agent/agent_trap.c 2019-02-13 13:10:36.862269252 +0100
|
||||
+++ b/agent/agent_trap.c 2019-02-13 15:02:11.396042356 +0100
|
||||
@@ -174,6 +174,11 @@ _trap_version_incr(int version)
|
||||
case SNMP_VERSION_3:
|
||||
++_v2_sessions;
|
||||
break;
|
||||
+#ifdef USING_AGENTX_PROTOCOL_MODULE
|
||||
+ case AGENTX_VERSION_1:
|
||||
+ /* agentx registers in sinks, no need to count */
|
||||
+ break;
|
||||
+#endif
|
||||
default:
|
||||
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
|
||||
}
|
||||
@@ -201,6 +206,11 @@ _trap_version_decr(int version)
|
||||
_v2_sessions = 0;
|
||||
}
|
||||
break;
|
||||
+#ifdef USING_AGENTX_PROTOCOL_MODULE
|
||||
+ case AGENTX_VERSION_1:
|
||||
+ /* agentx registers in sinks, no need to count */
|
||||
+ break;
|
||||
+#endif
|
||||
default:
|
||||
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
|
||||
}
|
||||
diff -urNp old/agent/mibgroup/agentx/master.c new/agent/mibgroup/agentx/master.c
|
||||
--- old/agent/mibgroup/agentx/master.c 2019-04-03 12:13:55.115769783 +0200
|
||||
+++ new/agent/mibgroup/agentx/master.c 2019-04-10 09:49:53.277168497 +0200
|
||||
@@ -280,6 +280,11 @@ agentx_got_response(int operation,
|
||||
netsnmp_free_delegated_cache(cache);
|
||||
return 0;
|
||||
|
||||
+ case NETSNMP_CALLBACK_OP_RESEND:
|
||||
+ DEBUGMSGTL(("agentx/master", "resend on session %8p req=0x%x\n",
|
||||
+ session, (unsigned)reqid));
|
||||
+ return 0;
|
||||
+
|
||||
case NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE:
|
||||
/*
|
||||
* This session is alive
|
||||
diff -urNp old/snmplib/snmp_api.c new/snmplib/snmp_api.c
|
||||
--- old/snmplib/snmp_api.c 2019-04-24 00:28:34.904357292 +0200
|
||||
+++ new/snmplib/snmp_api.c 2019-04-24 00:24:40.101830685 +0200
|
||||
@@ -352,6 +352,7 @@ static int snmpv3_build(u_char ** p
|
||||
netsnmp_pdu *pdu);
|
||||
static int snmp_parse_version(u_char *, size_t);
|
||||
static int snmp_resend_request(struct session_list *slp,
|
||||
+ netsnmp_request_list *orp,
|
||||
netsnmp_request_list *rp,
|
||||
int incr_retries);
|
||||
static void register_default_handlers(void);
|
||||
@@ -5717,7 +5718,7 @@ _sess_process_packet_handle_pdu(void *se
|
||||
* * inifinite resend
|
||||
*/
|
||||
if (rp->retries <= sp->retries) {
|
||||
- snmp_resend_request(slp, rp, TRUE);
|
||||
+ snmp_resend_request(slp, orp, rp, TRUE);
|
||||
break;
|
||||
} else {
|
||||
/* We're done with retries, so no longer waiting for a response */
|
||||
@@ -6662,9 +6663,22 @@ snmp_timeout(void)
|
||||
snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION);
|
||||
}
|
||||
|
||||
+static void
|
||||
+remove_request(struct snmp_internal_session *isp,
|
||||
+ netsnmp_request_list *orp, netsnmp_request_list *rp)
|
||||
+{
|
||||
+ if (orp)
|
||||
+ orp->next_request = rp->next_request;
|
||||
+ else
|
||||
+ isp->requests = rp->next_request;
|
||||
+ if (isp->requestsEnd == rp)
|
||||
+ isp->requestsEnd = orp;
|
||||
+ snmp_free_pdu(rp->pdu);
|
||||
+}
|
||||
+
|
||||
static int
|
||||
-snmp_resend_request(struct session_list *slp, netsnmp_request_list *rp,
|
||||
- int incr_retries)
|
||||
+snmp_resend_request(struct session_list *slp, netsnmp_request_list *orp,
|
||||
+ netsnmp_request_list *rp, int incr_retries)
|
||||
{
|
||||
struct snmp_internal_session *isp;
|
||||
netsnmp_session *sp;
|
||||
@@ -6731,9 +6745,11 @@ snmp_resend_request(struct session_list
|
||||
sp->s_snmp_errno = SNMPERR_BAD_SENDTO;
|
||||
sp->s_errno = errno;
|
||||
snmp_set_detail(strerror(errno));
|
||||
- if (rp->callback)
|
||||
+ if (rp->callback) {
|
||||
rp->callback(NETSNMP_CALLBACK_OP_SEND_FAILED, sp,
|
||||
rp->pdu->reqid, rp->pdu, rp->cb_data);
|
||||
+ remove_request(isp, orp, rp);
|
||||
+ }
|
||||
return -1;
|
||||
} else {
|
||||
netsnmp_get_monotonic_clock(&now);
|
||||
@@ -6813,19 +6829,12 @@ snmp_sess_timeout(void *sessp)
|
||||
callback(NETSNMP_CALLBACK_OP_TIMED_OUT, sp,
|
||||
rp->pdu->reqid, rp->pdu, magic);
|
||||
}
|
||||
- if (orp)
|
||||
- orp->next_request = rp->next_request;
|
||||
- else
|
||||
- isp->requests = rp->next_request;
|
||||
- if (isp->requestsEnd == rp)
|
||||
- isp->requestsEnd = orp;
|
||||
- snmp_free_pdu(rp->pdu);
|
||||
+ remove_request(isp, orp, rp);
|
||||
freeme = rp;
|
||||
continue; /* don't update orp below */
|
||||
} else {
|
||||
- if (snmp_resend_request(slp, rp, TRUE)) {
|
||||
+ if (snmp_resend_request(slp, orp, rp, TRUE))
|
||||
break;
|
||||
- }
|
||||
}
|
||||
}
|
||||
orp = rp;
|
@ -0,0 +1,12 @@
|
||||
diff -urNp a/agent/mibgroup/agentx/master.c b/agent/mibgroup/agentx/master.c
|
||||
--- a/agent/mibgroup/agentx/master.c 2018-07-18 12:13:49.953014652 +0200
|
||||
+++ b/agent/mibgroup/agentx/master.c 2018-07-18 12:20:23.537626773 +0200
|
||||
@@ -221,7 +221,7 @@ agentx_got_response(int operation,
|
||||
/* response is too late, free the cache */
|
||||
if (magic)
|
||||
netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic);
|
||||
- return 0;
|
||||
+ return 1;
|
||||
}
|
||||
requests = cache->requests;
|
||||
|
@ -0,0 +1,86 @@
|
||||
From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
|
||||
From: Bart Van Assche <bvanassche@acm.org>
|
||||
Date: Mon, 4 Jan 2021 12:21:59 -0800
|
||||
Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
|
||||
|
||||
Handle length zero correctly.
|
||||
|
||||
Fixes: https://github.com/net-snmp/net-snmp/issues/253
|
||||
Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
|
||||
---
|
||||
snmplib/asn1.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
|
||||
index e983500e7..33c272768 100644
|
||||
--- a/snmplib/asn1.c
|
||||
+++ b/snmplib/asn1.c
|
||||
@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
|
||||
* long length; first byte is length of length (after masking high bit)
|
||||
*/
|
||||
len_len = (int) ((*pkt & ~0x80) + 1);
|
||||
- if ((int) pkt_len <= len_len )
|
||||
+ if (pkt_len < len_len)
|
||||
return NULL; /* still too short for length and data */
|
||||
|
||||
/* now we know we have enough data to parse length */
|
||||
From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
|
||||
From: Bart Van Assche <bvanassche@acm.org>
|
||||
Date: Mon, 4 Jan 2021 10:00:33 -0800
|
||||
Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
|
||||
test
|
||||
|
||||
Add a reproducer for the bug fixed by the previous patch.
|
||||
---
|
||||
.../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++
|
||||
1 file changed, 41 insertions(+)
|
||||
create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
|
||||
|
||||
diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
|
||||
new file mode 100644
|
||||
index 000000000..5c21ccdc7
|
||||
--- /dev/null
|
||||
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
|
||||
@@ -0,0 +1,41 @@
|
||||
+/* HEADER Parsing of an SNMP trap with no varbinds */
|
||||
+netsnmp_pdu pdu;
|
||||
+int rc;
|
||||
+static u_char trap_pdu[] = {
|
||||
+ /* Sequence with length of 0x2d = 45 bytes. */
|
||||
+ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
|
||||
+ /* version = INTEGER 0 */
|
||||
+ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
|
||||
+ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
|
||||
+ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
|
||||
+ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
|
||||
+ /* SNMP_MSG_TRAP; 32 bytes. */
|
||||
+ [15] = 0xa4, [16] = 0x20,
|
||||
+ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
|
||||
+ [17] = 0x06, [18] = 0x08,
|
||||
+ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
|
||||
+ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
|
||||
+ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
|
||||
+ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
|
||||
+ [31] = 0x01, [32] = 0x22,
|
||||
+ /* generic-trap = INTEGER 0 */
|
||||
+ [33] = 0x02, [34] = 0x01, [35] = 0x00,
|
||||
+ /* specific-trap = INTEGER 0 */
|
||||
+ [36] = 0x02, [37] = 0x01, [38] = 0x00,
|
||||
+ /* ASN_TIMETICKS 0x117f243a */
|
||||
+ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
|
||||
+ [43] = 0x24, [44] = 0x3a,
|
||||
+ /* varbind list */
|
||||
+ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
|
||||
+};
|
||||
+static size_t trap_pdu_length = sizeof(trap_pdu);
|
||||
+netsnmp_session session;
|
||||
+
|
||||
+snmp_set_do_debugging(TRUE);
|
||||
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
|
||||
+memset(&session, 0, sizeof(session));
|
||||
+snmp_sess_init(&session);
|
||||
+memset(&pdu, 0, sizeof(pdu));
|
||||
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
|
||||
+
|
||||
+OKF((rc == 0), ("Parsing of a trap PDU"));
|
||||
|
@ -0,0 +1,199 @@
|
||||
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntctl.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c
|
||||
--- b/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:12:20.674499629 +0200
|
||||
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:15:46.782859398 +0200
|
||||
@@ -43,8 +43,9 @@ _fsys_type( int type)
|
||||
|
||||
case MNT_NFS:
|
||||
case MNT_NFS3:
|
||||
- case MNT_AUTOFS:
|
||||
return NETSNMP_FS_TYPE_NFS;
|
||||
+ case MNT_AUTOFS:
|
||||
+ return NETSNMP_FS_TYPE_AUTOFS;
|
||||
|
||||
/*
|
||||
* The following code covers selected filesystems
|
||||
@@ -156,10 +157,12 @@ netsnmp_fsys_arch_load( void )
|
||||
|
||||
/*
|
||||
* Optionally skip retrieving statistics for remote mounts
|
||||
+ * AUTOFS is skipped by default
|
||||
*/
|
||||
- if ( (entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
|
||||
+ if ( ((entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
|
||||
netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
- NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
|
||||
+ NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES)) ||
|
||||
+ entry->type == (NETSNMP_FS_TYPE_AUTOFS))
|
||||
continue;
|
||||
|
||||
if ( statfs( entry->path, &stat_buf ) < 0 ) {
|
||||
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c
|
||||
--- b/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:12:20.674499629 +0200
|
||||
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:15:46.782859398 +0200
|
||||
@@ -150,6 +150,13 @@ _fsys_type( char *typename )
|
||||
!strcmp(typename, MNTTYPE_LOFS))
|
||||
return NETSNMP_FS_TYPE_OTHER;
|
||||
|
||||
+ /* Detection of AUTOFS.
|
||||
+ * This file system will be ignored by default
|
||||
+ */
|
||||
+ else if ( !strcmp(typename, MNTTYPE_AUTOFS))
|
||||
+ return NETSNMP_FS_TYPE_AUTOFS;
|
||||
+
|
||||
+
|
||||
/*
|
||||
* All other types are silently skipped
|
||||
*/
|
||||
@@ -239,6 +246,10 @@ netsnmp_fsys_arch_load( void )
|
||||
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
|
||||
continue;
|
||||
|
||||
+ /* Skip AUTOFS enteries */
|
||||
+ if ( entry->type == (NETSNMP_FS_TYPE_AUTOFS))
|
||||
+ continue;
|
||||
+
|
||||
#ifdef irix6
|
||||
if ( NSFS_STATFS( entry->path, &stat_buf, sizeof(struct statfs), 0) < 0 )
|
||||
#else
|
||||
diff -urNp b/agent/mibgroup/hardware/fsys/mnttypes.h net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h
|
||||
--- b/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:12:20.674499629 +0200
|
||||
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:15:46.782859398 +0200
|
||||
@@ -165,6 +165,9 @@
|
||||
#ifndef MNTTYPE_APP
|
||||
#define MNTTYPE_APP "app"
|
||||
#endif
|
||||
+#ifndef MNTTYPE_AUTOFS
|
||||
+#define MNTTYPE_AUTOFS "autofs"
|
||||
+#endif
|
||||
#ifndef MNTTYPE_DEVPTS
|
||||
#define MNTTYPE_DEVPTS "devpts"
|
||||
#endif
|
||||
diff -urNp b/agent/mibgroup/host/hr_filesys.c net-snmp-5.8/agent/mibgroup/host/hr_filesys.c
|
||||
--- b/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:12:20.668499652 +0200
|
||||
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:15:46.783859399 +0200
|
||||
@@ -834,6 +834,27 @@ Check_HR_FileSys_NFS (void)
|
||||
return 0; /* no NFS file system */
|
||||
}
|
||||
|
||||
+/* This function checks whether current file system is an AutoFs
|
||||
+ * HRFS_entry must be valid prior to calling this function
|
||||
+ * return 1 if AutoFs, 0 otherwise
|
||||
+ */
|
||||
+int
|
||||
+Check_HR_FileSys_AutoFs (void)
|
||||
+{
|
||||
+#if HAVE_GETFSSTAT
|
||||
+ if ( HRFS_entry->HRFS_type != NULL &&
|
||||
+#if defined(MNTTYPE_AUTOFS)
|
||||
+ !strcmp( HRFS_entry->HRFS_type, MNTTYPE_AUTOFS)
|
||||
+#else
|
||||
+ !strcmp( HRFS_entry->HRFS_type, "autofs")
|
||||
+#endif
|
||||
+ )
|
||||
+#endif /* HAVE_GETFSSTAT */
|
||||
+ return 1; /* AUTOFS */
|
||||
+
|
||||
+ return 0; /* no AUTOFS */
|
||||
+}
|
||||
+
|
||||
void
|
||||
End_HR_FileSys(void)
|
||||
{
|
||||
diff -urNp b/agent/mibgroup/host/hr_filesys.h net-snmp-5.8/agent/mibgroup/host/hr_filesys.h
|
||||
--- b/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:12:20.669499648 +0200
|
||||
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:15:46.784859400 +0200
|
||||
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
|
||||
extern FindVarMethod var_hrfilesys;
|
||||
extern int Get_Next_HR_FileSys(void);
|
||||
extern int Check_HR_FileSys_NFS(void);
|
||||
+extern int Check_HR_FileSys_AutoFs(void);
|
||||
|
||||
extern int Get_FSIndex(char *);
|
||||
extern long Get_FSSize(char *); /* Temporary */
|
||||
diff -urNp b/agent/mibgroup/host/hrh_filesys.c net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c
|
||||
--- b/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:12:20.668499652 +0200
|
||||
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:15:46.785859402 +0200
|
||||
@@ -429,3 +429,9 @@ Check_HR_FileSys_NFS (void)
|
||||
{
|
||||
return (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) ? 1 : 0;
|
||||
}
|
||||
+
|
||||
+int
|
||||
+Check_HR_FileSys_AutoFs (void)
|
||||
+{
|
||||
+ return (HRFS_entry->type == (NETSNMP_FS_TYPE_AUTOFS)) ? 1 : 0;
|
||||
+}
|
||||
diff -urNp b/agent/mibgroup/host/hrh_filesys.h net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h
|
||||
--- b/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:12:20.669499648 +0200
|
||||
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:15:46.785859402 +0200
|
||||
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
|
||||
extern FindVarMethod var_hrhfilesys;
|
||||
extern int Get_Next_HR_FileSys(void);
|
||||
extern int Check_HR_FileSys_NFS(void);
|
||||
+extern int Check_HR_FileSys_AutoFs(void);
|
||||
|
||||
extern int Get_FSIndex(char *);
|
||||
extern long Get_FSSize(char *); /* Temporary */
|
||||
diff -urNp b/agent/mibgroup/host/hrh_storage.c net-snmp-5.8/agent/mibgroup/host/hrh_storage.c
|
||||
--- b/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:12:20.668499652 +0200
|
||||
+++ net-snmp-5.8/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:15:46.786859402 +0200
|
||||
@@ -367,9 +367,10 @@ really_try_next:
|
||||
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
|
||||
if (HRFS_entry &&
|
||||
store_idx > NETSNMP_MEM_TYPE_MAX &&
|
||||
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
|
||||
- Check_HR_FileSys_NFS())
|
||||
+ Check_HR_FileSys_NFS()) ||
|
||||
+ Check_HR_FileSys_AutoFs()))
|
||||
return NULL;
|
||||
if (store_idx <= NETSNMP_MEM_TYPE_MAX ) {
|
||||
mem = (netsnmp_memory_info*)ptr;
|
||||
@@ -508,7 +509,8 @@ Get_Next_HR_Store(void)
|
||||
if (HRS_index >= 0) {
|
||||
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
|
||||
- Check_HR_FileSys_NFS())) {
|
||||
+ Check_HR_FileSys_NFS()) &&
|
||||
+ !Check_HR_FileSys_AutoFs()) {
|
||||
return HRS_index + NETSNMP_MEM_TYPE_MAX;
|
||||
}
|
||||
} else {
|
||||
diff -urNp b/agent/mibgroup/host/hr_storage.c net-snmp-5.8/agent/mibgroup/host/hr_storage.c
|
||||
--- b/agent/mibgroup/host/hr_storage.c 2018-07-18 16:12:20.670499644 +0200
|
||||
+++ net-snmp-5.8/agent/mibgroup/host/hr_storage.c 2018-07-18 16:15:46.786859402 +0200
|
||||
@@ -540,9 +540,10 @@ really_try_next:
|
||||
|
||||
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
|
||||
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
|
||||
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
|
||||
- Check_HR_FileSys_NFS())
|
||||
+ Check_HR_FileSys_NFS()) ||
|
||||
+ Check_HR_FileSys_AutoFs())
|
||||
return NULL; /* or goto try_next; */
|
||||
if (HRFS_statfs(HRFS_entry->HRFS_mount, &stat_buf) < 0) {
|
||||
snmp_log_perror(HRFS_entry->HRFS_mount);
|
||||
@@ -683,7 +684,8 @@ Get_Next_HR_Store(void)
|
||||
if (HRS_index >= 0) {
|
||||
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
|
||||
- Check_HR_FileSys_NFS())) {
|
||||
+ Check_HR_FileSys_NFS()) &&
|
||||
+ !Check_HR_FileSys_AutoFs()) {
|
||||
return HRS_index + NETSNMP_MEM_TYPE_MAX;
|
||||
}
|
||||
} else {
|
||||
diff -urNp b/include/net-snmp/agent/hardware/fsys.h net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h
|
||||
--- b/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:12:20.649499726 +0200
|
||||
+++ net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:19:33.994918912 +0200
|
||||
@@ -41,6 +41,7 @@ typedef struct netsnmp_fsys_info_s netsn
|
||||
#define NETSNMP_FS_TYPE_SYSFS (4 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
|
||||
#define NETSNMP_FS_TYPE_TMPFS (5 | _NETSNMP_FS_TYPE_LOCAL)
|
||||
#define NETSNMP_FS_TYPE_USBFS (6 | _NETSNMP_FS_TYPE_LOCAL)
|
||||
+#define NETSNMP_FS_TYPE_AUTOFS (7 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
|
||||
|
||||
#define NETSNMP_FS_FLAG_ACTIVE 0x01
|
||||
#define NETSNMP_FS_FLAG_REMOTE 0x02
|
@ -0,0 +1,90 @@
|
||||
diff -urNp a/agent/mibgroup/host/hrh_filesys.c b/agent/mibgroup/host/hrh_filesys.c
|
||||
--- a/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:30:07.744455758 +0200
|
||||
+++ b/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:32:50.657160232 +0200
|
||||
@@ -219,6 +219,7 @@ var_hrhfilesys(struct variable *vp,
|
||||
{
|
||||
int fsys_idx;
|
||||
static char *string;
|
||||
+ static char empty_str[1];
|
||||
|
||||
fsys_idx =
|
||||
header_hrhfilesys(vp, name, length, exact, var_len, write_method);
|
||||
@@ -235,7 +236,7 @@ var_hrhfilesys(struct variable *vp,
|
||||
*var_len = 0;
|
||||
if (asprintf(&string, "%s", HRFS_entry->path) >= 0)
|
||||
*var_len = strlen(string);
|
||||
- return (u_char *) string;
|
||||
+ return (u_char *)(string ? string : empty_str);
|
||||
case HRFSYS_RMOUNT:
|
||||
free(string);
|
||||
if (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) {
|
||||
@@ -245,7 +246,7 @@ var_hrhfilesys(struct variable *vp,
|
||||
string = strdup("");
|
||||
}
|
||||
*var_len = string ? strlen(string) : 0;
|
||||
- return (u_char *) string;
|
||||
+ return (u_char *)(string ? string : empty_str);
|
||||
|
||||
case HRFSYS_TYPE:
|
||||
fsys_type_id[fsys_type_len - 1] =
|
||||
diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
|
||||
--- a/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:30:07.728455689 +0200
|
||||
+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:34:32.722597366 +0200
|
||||
@@ -842,6 +842,7 @@ var_extensible_disk(struct variable *vp,
|
||||
struct dsk_entry entry;
|
||||
static long long_ret;
|
||||
static char *errmsg;
|
||||
+ static char empty_str[1];
|
||||
|
||||
int i;
|
||||
for (i = 0; i < numdisks; i++){
|
||||
@@ -950,7 +951,7 @@ tryAgain:
|
||||
*var_len = strlen(errmsg);
|
||||
}
|
||||
}
|
||||
- return (u_char *) (errmsg);
|
||||
+ return (u_char *)(errmsg ? errmsg : empty_str);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
diff -urNp a/agent/mibgroup/ucd-snmp/disk_hw.c b/agent/mibgroup/ucd-snmp/disk_hw.c
|
||||
--- a/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:30:07.727455684 +0200
|
||||
+++ b/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:35:53.420943010 +0200
|
||||
@@ -314,6 +314,7 @@ var_extensible_disk(struct variable *vp,
|
||||
unsigned long long val;
|
||||
static long long_ret;
|
||||
static char *errmsg;
|
||||
+ static char empty_str[1];
|
||||
netsnmp_cache *cache;
|
||||
|
||||
/* Update the fsys H/W module */
|
||||
@@ -432,7 +433,7 @@ tryAgain:
|
||||
>= 0)) {
|
||||
*var_len = strlen(errmsg);
|
||||
}
|
||||
- return (u_char *) errmsg;
|
||||
+ return (u_char *)(errmsg ? errmsg : empty_str);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
diff -urNp a/agent/mibgroup/ucd-snmp/proc.c b/agent/mibgroup/ucd-snmp/proc.c
|
||||
--- a/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:30:07.725455676 +0200
|
||||
+++ b/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:37:31.143361548 +0200
|
||||
@@ -267,7 +267,7 @@ var_extensible_proc(struct variable *vp,
|
||||
struct myproc *proc;
|
||||
static long long_ret;
|
||||
static char *errmsg;
|
||||
-
|
||||
+ static char empty_str[1];
|
||||
|
||||
if (header_simple_table
|
||||
(vp, name, length, exact, var_len, write_method, numprocs))
|
||||
@@ -330,7 +330,7 @@ var_extensible_proc(struct variable *vp,
|
||||
}
|
||||
}
|
||||
*var_len = errmsg ? strlen(errmsg) : 0;
|
||||
- return ((u_char *) errmsg);
|
||||
+ return (u_char *)(errmsg ? errmsg : empty_str);
|
||||
case ERRORFIX:
|
||||
*write_method = fixProcError;
|
||||
long_return = fixproc.result;
|
@ -0,0 +1,51 @@
|
||||
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
|
||||
--- a/snmplib/snmp_api.c 2020-09-29 14:08:09.821479662 +0200
|
||||
+++ b/snmplib/snmp_api.c 2020-10-01 10:15:46.607374362 +0200
|
||||
@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session
|
||||
session->retries = SNMP_DEFAULT_RETRIES;
|
||||
session->version = SNMP_DEFAULT_VERSION;
|
||||
session->securityModel = SNMP_DEFAULT_SECMODEL;
|
||||
- session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
|
||||
+ session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
|
||||
session->sndMsgMaxSize = netsnmp_max_send_msg_size();
|
||||
session->flags |= SNMP_FLAGS_DONT_PROBE;
|
||||
}
|
||||
@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
|
||||
/*
|
||||
* build a scopedPDU structure into spdu_buf
|
||||
*/
|
||||
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
|
||||
+ spdu_buf_len = sizeof(spdu_buf);
|
||||
DEBUGDUMPSECTION("send", "ScopedPdu");
|
||||
cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
|
||||
&spdu_hdr_e);
|
||||
@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
|
||||
*/
|
||||
DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
|
||||
if (pdu_data) {
|
||||
+ if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
|
||||
+ snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
|
||||
+ __func__, pdu_data_len, sizeof(spdu_buf));
|
||||
+ return -1;
|
||||
+ }
|
||||
memcpy(cp, pdu_data, pdu_data_len);
|
||||
cp += pdu_data_len;
|
||||
} else {
|
||||
@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
|
||||
* re-encode the actual ASN.1 length of the scopedPdu
|
||||
*/
|
||||
spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
|
||||
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
|
||||
+ spdu_buf_len = sizeof(spdu_buf);
|
||||
if (asn_build_sequence(spdu_buf, &spdu_buf_len,
|
||||
(u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
|
||||
spdu_len) == NULL)
|
||||
@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
|
||||
* message - the entire message to transmitted on the wire is returned
|
||||
*/
|
||||
cp = NULL;
|
||||
- *out_length = SNMP_MAX_MSG_SIZE;
|
||||
+ *out_length = sizeof(spdu_buf);
|
||||
DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
|
||||
sptr = find_sec_mod(pdu->securityModel);
|
||||
if (sptr && sptr->encode_forward) {
|
@ -0,0 +1,12 @@
|
||||
diff -urNp a/local/net-snmp-cert b/local/net-snmp-cert
|
||||
--- a/local/net-snmp-cert 2021-10-11 09:08:53.451970484 +0200
|
||||
+++ b/local/net-snmp-cert 2021-10-11 09:11:36.765386413 +0200
|
||||
@@ -1002,7 +1002,7 @@ sub make_openssl_conf {
|
||||
rdir = .
|
||||
dir = $ENV::DIR
|
||||
RANDFILE = $rdir/.rand
|
||||
-MD = sha1
|
||||
+MD = sha512
|
||||
KSIZE = 2048
|
||||
CN = net-snmp.org
|
||||
EMAIL = admin@net-snmp.org
|
@ -0,0 +1,112 @@
|
||||
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
|
||||
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
|
||||
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
|
||||
@@ -140,10 +140,10 @@ else
|
||||
;;
|
||||
#################################################### compile
|
||||
--base-cflags)
|
||||
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
|
||||
+ echo -I${NSC_INCLUDEDIR}
|
||||
;;
|
||||
--cflags|--cf*)
|
||||
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
|
||||
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
|
||||
;;
|
||||
--srcdir)
|
||||
echo $NSC_SRCDIR
|
||||
diff -urNp a/perl/agent/default_store/Makefile.PL b/perl/agent/default_store/Makefile.PL
|
||||
--- a/perl/agent/default_store/Makefile.PL 2018-07-18 13:43:12.170426290 +0200
|
||||
+++ b/perl/agent/default_store/Makefile.PL 2018-07-18 13:51:31.812176486 +0200
|
||||
@@ -83,7 +83,7 @@ sub AgentDefaultStoreInitMakeParams {
|
||||
" " . $Params{'LIBS'};
|
||||
$Params{'CCFLAGS'} = "-I../../../include " . $Params{'CCFLAGS'};
|
||||
}
|
||||
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
$Params{'CCFLAGS'} .= ' -Wformat';
|
||||
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
|
||||
die "You need to install net-snmp first (I can't find net-snmp-config)";
|
||||
diff -urNp a/perl/agent/Makefile.PL b/perl/agent/Makefile.PL
|
||||
--- a/perl/agent/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
|
||||
+++ b/perl/agent/Makefile.PL 2018-07-18 13:52:53.884973275 +0200
|
||||
@@ -98,7 +98,7 @@ sub AgentInitMakeParams {
|
||||
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . $Params{'LIBS'};
|
||||
# $Params{'PREREQ_PM'} = {'NetSNMP::OID' => '0.1'};
|
||||
}
|
||||
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
$Params{'CCFLAGS'} .= ' -Wformat';
|
||||
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
|
||||
die "You need to install net-snmp first (I can't find net-snmp-config)";
|
||||
diff -urNp a/perl/agent/Support/Makefile.PL b/perl/agent/Support/Makefile.PL
|
||||
--- a/perl/agent/Support/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
|
||||
+++ b/perl/agent/Support/Makefile.PL 2018-07-18 13:53:11.414929921 +0200
|
||||
@@ -90,7 +90,7 @@ sub SupportInitMakeParams {
|
||||
" " . $Params{'LIBS'};
|
||||
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
|
||||
}
|
||||
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
$Params{'CCFLAGS'} .= ' -Wformat';
|
||||
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
|
||||
die "You need to install net-snmp first (I can't find net-snmp-config)";
|
||||
diff -urNp a/perl/ASN/Makefile.PL b/perl/ASN/Makefile.PL
|
||||
--- a/perl/ASN/Makefile.PL 2018-07-18 13:43:12.171426287 +0200
|
||||
+++ b/perl/ASN/Makefile.PL 2018-07-18 13:53:46.652842822 +0200
|
||||
@@ -93,7 +93,7 @@ sub AsnInitMakeParams {
|
||||
" " . $Params{'LIBS'};
|
||||
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
|
||||
}
|
||||
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
$Params{'CCFLAGS'} .= ' -Wformat';
|
||||
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
|
||||
die "You need to install net-snmp first (I can't find net-snmp-config)";
|
||||
diff -urNp a/perl/default_store/Makefile.PL b/perl/default_store/Makefile.PL
|
||||
--- a/perl/default_store/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
|
||||
+++ b/perl/default_store/Makefile.PL 2018-07-18 13:54:20.814758441 +0200
|
||||
@@ -83,7 +83,7 @@ sub DefaultStoreInitMakeParams {
|
||||
" " . $Params{'LIBS'};
|
||||
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
|
||||
}
|
||||
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
$Params{'CCFLAGS'} .= ' -Wformat';
|
||||
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
|
||||
die "You need to install net-snmp first (I can't find net-snmp-config)";
|
||||
diff -urNp a/perl/OID/Makefile.PL b/perl/OID/Makefile.PL
|
||||
--- a/perl/OID/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
|
||||
+++ b/perl/OID/Makefile.PL 2018-07-18 13:54:43.348702811 +0200
|
||||
@@ -90,7 +90,7 @@ sub OidInitMakeParams {
|
||||
# } else {
|
||||
# $Params{'PREREQ_PM'} = {'SNMP' => '5.0'};
|
||||
}
|
||||
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
$Params{'CCFLAGS'} .= ' -Wformat';
|
||||
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
|
||||
die "You need to install net-snmp first (I can't find net-snmp-config)";
|
||||
diff -urNp a/perl/SNMP/Makefile.PL b/perl/SNMP/Makefile.PL
|
||||
--- a/perl/SNMP/Makefile.PL 2018-07-18 13:43:12.173426282 +0200
|
||||
+++ b/perl/SNMP/Makefile.PL 2018-07-18 13:55:07.220643903 +0200
|
||||
@@ -103,7 +103,7 @@ sub SnmpInitMakeParams {
|
||||
# } else {
|
||||
# $Params{'PREREQ_PM'} = { 'NetSNMP::default_store' => 0.01 };
|
||||
}
|
||||
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
$Params{'CCFLAGS'} .= ' -Wformat';
|
||||
if (!$ENV{'NETSNMP_PREFIX'}) {
|
||||
$prefix = `$opts->{'nsconfig'} --prefix`;
|
||||
diff -urNp a/perl/TrapReceiver/Makefile.PL b/perl/TrapReceiver/Makefile.PL
|
||||
--- a/perl/TrapReceiver/Makefile.PL 2018-07-18 13:43:12.172426285 +0200
|
||||
+++ b/perl/TrapReceiver/Makefile.PL 2018-07-18 13:55:43.100647233 +0200
|
||||
@@ -132,7 +132,7 @@ sub TrapReceiverInitMakeParams {
|
||||
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . " $Params{'LIBS'}";
|
||||
}
|
||||
|
||||
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
|
||||
$Params{'CCFLAGS'} .= ' -Wformat';
|
||||
if ($Params{'CCFLAGS'} eq "") {
|
||||
die "You need to install net-snmp first (I can't find net-snmp-config)";
|
@ -0,0 +1,35 @@
|
||||
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
|
||||
--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100
|
||||
+++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100
|
||||
@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
|
||||
"No error", /* SNMPERR_SUCCESS */
|
||||
"Generic error", /* SNMPERR_GENERR */
|
||||
"Invalid local port", /* SNMPERR_BAD_LOCPORT */
|
||||
- "Unknown host", /* SNMPERR_BAD_ADDRESS */
|
||||
+ "Invalid address", /* SNMPERR_BAD_ADDRESS */
|
||||
"Unknown session", /* SNMPERR_BAD_SESSION */
|
||||
"Too long", /* SNMPERR_TOO_LONG */
|
||||
"No socket", /* SNMPERR_NO_SOCKET */
|
||||
@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
|
||||
DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
|
||||
in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
|
||||
in_session->s_errno = errno;
|
||||
- snmp_set_detail(in_session->peername);
|
||||
+ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
|
||||
+ NETSNMP_DS_LIB_CLIENT_ADDR))
|
||||
+ snmp_set_detail(in_session->peername);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
|
||||
--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100
|
||||
+++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100
|
||||
@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
|
||||
DEBUGMSGTL(("netsnmp_udpbase",
|
||||
"failed to bind for clientaddr: %d %s\n",
|
||||
errno, strerror(errno)));
|
||||
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
|
||||
+ strerror(errno)));
|
||||
netsnmp_socketbase_close(t);
|
||||
return 1;
|
||||
}
|
@ -0,0 +1,68 @@
|
||||
diff -urNp a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
|
||||
--- a/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 10:43:38.722444233 +0200
|
||||
+++ b/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 11:01:46.503253963 +0200
|
||||
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *
|
||||
* Similarly, if no fallEvent is configured,
|
||||
* there's no point in trying to fire it either.
|
||||
*/
|
||||
- if (entry->mteTThRiseEvent[0] != '\0' ) {
|
||||
+ if (entry->mteTThFallEvent[0] != '\0' ) {
|
||||
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||
entry->mteTriggerFired = vp1;
|
||||
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *
|
||||
* Similarly, if no fallEvent is configured,
|
||||
* there's no point in trying to fire it either.
|
||||
*/
|
||||
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
|
||||
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
|
||||
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||
entry->mteTriggerFired = vp1;
|
||||
diff -urNp a/agent/mibgroup/hardware/cpu/cpu_linux.c b/agent/mibgroup/hardware/cpu/cpu_linux.c
|
||||
--- a/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 10:43:38.697444449 +0200
|
||||
+++ b/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 11:12:07.109024625 +0200
|
||||
@@ -122,6 +122,7 @@ int netsnmp_cpu_arch_load( netsnmp_cache
|
||||
bsize = getpagesize()-1;
|
||||
buff = (char*)malloc(bsize+1);
|
||||
if (buff == NULL) {
|
||||
+ close(statfd);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 10:43:38.711444328 +0200
|
||||
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 11:16:45.532231535 +0200
|
||||
@@ -543,15 +543,18 @@ netsnmp_access_ipaddress_extra_prefix_in
|
||||
status = send (sd, &req, req.nlhdr.nlmsg_len, 0);
|
||||
if (status < 0) {
|
||||
snmp_log(LOG_ERR, "could not send netlink request\n");
|
||||
+ close(sd);
|
||||
return -1;
|
||||
}
|
||||
status = recv (sd, buf, sizeof(buf), 0);
|
||||
if (status < 0) {
|
||||
snmp_log (LOG_ERR, "could not recieve netlink request\n");
|
||||
+ close(sd);
|
||||
return -1;
|
||||
}
|
||||
if (status == 0) {
|
||||
snmp_log (LOG_ERR, "nothing to read\n");
|
||||
+ close(sd);
|
||||
return -1;
|
||||
}
|
||||
for (nlmp = (struct nlmsghdr *)buf; status > sizeof(*nlmp); ){
|
||||
@@ -561,11 +564,13 @@ netsnmp_access_ipaddress_extra_prefix_in
|
||||
|
||||
if (req_len < 0 || len > status) {
|
||||
snmp_log (LOG_ERR, "invalid netlink message\n");
|
||||
+ close(sd);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!NLMSG_OK (nlmp, status)) {
|
||||
snmp_log (LOG_ERR, "invalid NLMSG message\n");
|
||||
+ close(sd);
|
||||
return -1;
|
||||
}
|
||||
rtmp = (struct ifaddrmsg *)NLMSG_DATA(nlmp);
|
@ -0,0 +1,41 @@
|
||||
diff -up net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c
|
||||
--- net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original 2022-02-02 15:06:29.382119898 +0900
|
||||
+++ net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c 2022-02-02 15:15:39.298280447 +0900
|
||||
@@ -600,7 +600,6 @@ netsnmp_arch_interface_container_load(ne
|
||||
{
|
||||
FILE *devin;
|
||||
char line[256];
|
||||
- netsnmp_interface_entry *entry = NULL;
|
||||
static char scan_expected = 0;
|
||||
int fd;
|
||||
#ifdef NETSNMP_ENABLE_IPV6
|
||||
@@ -669,6 +668,7 @@ netsnmp_arch_interface_container_load(ne
|
||||
* and retrieve (or create) the corresponding data structure.
|
||||
*/
|
||||
while (fgets(line, sizeof(line), devin)) {
|
||||
+ netsnmp_interface_entry *entry = NULL;
|
||||
char *stats, *ifstart = line;
|
||||
u_int flags;
|
||||
oid if_index;
|
||||
@@ -701,6 +701,11 @@ netsnmp_arch_interface_container_load(ne
|
||||
*stats++ = 0; /* null terminate name */
|
||||
|
||||
if_index = netsnmp_arch_interface_index_find(ifstart);
|
||||
+ if (if_index == 0) {
|
||||
+ DEBUGMSGTL(("access:interface", "network interface %s is gone",
|
||||
+ ifstart));
|
||||
+ continue;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* set address type flags.
|
||||
@@ -726,7 +731,7 @@ netsnmp_arch_interface_container_load(ne
|
||||
continue;
|
||||
}
|
||||
|
||||
- entry = netsnmp_access_interface_entry_create(ifstart, 0);
|
||||
+ entry = netsnmp_access_interface_entry_create(ifstart, if_index);
|
||||
if(NULL == entry) {
|
||||
#ifdef NETSNMP_ENABLE_IPV6
|
||||
netsnmp_access_ipaddress_container_free(addr_container, 0);
|
||||
|
@ -0,0 +1,35 @@
|
||||
From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
|
||||
From: Bart Van Assche <bvanassche@acm.org>
|
||||
Date: Sat, 31 Jul 2021 16:21:16 -0700
|
||||
Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
|
||||
|
||||
The Linux kernel regenerates proc files in their entirety every time a 4 KiB
|
||||
boundary is crossed. This can result in reading the same network interface
|
||||
twice if network information changes while it is being read. Fix a memory
|
||||
leak that can be triggered if /proc/net/dev changes while being read.
|
||||
---
|
||||
agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
|
||||
index e99360a216..215b30e806 100644
|
||||
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
|
||||
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
|
||||
@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
|
||||
/*
|
||||
* add to container
|
||||
*/
|
||||
- CONTAINER_INSERT(container, entry);
|
||||
+ if (CONTAINER_INSERT(container, entry) != 0) {
|
||||
+ netsnmp_interface_entry *existing =
|
||||
+ CONTAINER_FIND(container, entry);
|
||||
+ NETSNMP_LOGONCE((LOG_WARNING,
|
||||
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
|
||||
+ entry->index, existing ? existing->name : "(?)",
|
||||
+ entry->name));
|
||||
+ netsnmp_access_interface_entry_free(entry);
|
||||
+ }
|
||||
}
|
||||
#ifdef NETSNMP_ENABLE_IPV6
|
||||
netsnmp_access_ipaddress_container_free(addr_container, 0);
|
||||
|
@ -0,0 +1,98 @@
|
||||
From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001
|
||||
From: minfrin <minfrin@users.noreply.github.com>
|
||||
Date: Tue, 5 Jan 2021 23:17:14 +0000
|
||||
Subject: [PATCH] Add support for digests detected from ECC certificates
|
||||
|
||||
Previously, the digest could be detected on RSA certificates only. This
|
||||
patch adds detection for ECC certificates.
|
||||
|
||||
[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2
|
||||
back to _htmap ]
|
||||
---
|
||||
snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++-------
|
||||
1 file changed, 50 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
|
||||
index c092a007af..432cb5c27c 100644
|
||||
--- a/snmplib/snmp_openssl.c
|
||||
+++ b/snmplib/snmp_openssl.c
|
||||
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
|
||||
}
|
||||
}
|
||||
|
||||
-static int _htmap[NS_HASH_MAX + 1] = {
|
||||
- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption,
|
||||
- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption,
|
||||
- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption };
|
||||
+static const struct {
|
||||
+ uint16_t nid;
|
||||
+ uint16_t ht;
|
||||
+} _htmap[] = {
|
||||
+ { 0, NS_HASH_NONE },
|
||||
+#ifdef NID_md5WithRSAEncryption
|
||||
+ { NID_md5WithRSAEncryption, NS_HASH_MD5 },
|
||||
+#endif
|
||||
+#ifdef NID_sha1WithRSAEncryption
|
||||
+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 },
|
||||
+#endif
|
||||
+#ifdef NID_ecdsa_with_SHA1
|
||||
+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 },
|
||||
+#endif
|
||||
+#ifdef NID_sha224WithRSAEncryption
|
||||
+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 },
|
||||
+#endif
|
||||
+#ifdef NID_ecdsa_with_SHA224
|
||||
+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 },
|
||||
+#endif
|
||||
+#ifdef NID_sha256WithRSAEncryption
|
||||
+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 },
|
||||
+#endif
|
||||
+#ifdef NID_ecdsa_with_SHA256
|
||||
+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 },
|
||||
+#endif
|
||||
+#ifdef NID_sha384WithRSAEncryption
|
||||
+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 },
|
||||
+#endif
|
||||
+#ifdef NID_ecdsa_with_SHA384
|
||||
+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 },
|
||||
+#endif
|
||||
+#ifdef NID_sha512WithRSAEncryption
|
||||
+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 },
|
||||
+#endif
|
||||
+#ifdef NID_ecdsa_with_SHA512
|
||||
+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 },
|
||||
+#endif
|
||||
+};
|
||||
|
||||
int
|
||||
_nid2ht(int nid)
|
||||
{
|
||||
int i;
|
||||
- for (i=1; i<= NS_HASH_MAX; ++i) {
|
||||
- if (nid == _htmap[i])
|
||||
- return i;
|
||||
+
|
||||
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
|
||||
+ if (_htmap[i].nid == nid)
|
||||
+ return _htmap[i].ht;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -541,9 +577,13 @@ _nid2ht(int nid)
|
||||
int
|
||||
_ht2nid(int ht)
|
||||
{
|
||||
- if ((ht < 0) || (ht > NS_HASH_MAX))
|
||||
- return 0;
|
||||
- return _htmap[ht];
|
||||
+ int i;
|
||||
+
|
||||
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
|
||||
+ if (_htmap[i].ht == ht)
|
||||
+ return _htmap[i].nid;
|
||||
+ }
|
||||
+ return 0;
|
||||
}
|
||||
#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */
|
||||
|
||||
|
@ -0,0 +1,12 @@
|
||||
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||
--- a/net-snmp-create-v3-user.in 2018-07-18 11:11:53.227015237 +0200
|
||||
+++ b/net-snmp-create-v3-user.in 2018-07-18 11:12:13.375010176 +0200
|
||||
@@ -137,7 +137,7 @@ fi
|
||||
echo $line >> $outfile
|
||||
prefix="@prefix@"
|
||||
datarootdir="@datarootdir@"
|
||||
-outfile="@datadir@/snmp/snmpd.conf"
|
||||
+outfile="/etc/snmp/snmpd.conf"
|
||||
line="$token $user"
|
||||
echo "adding the following line to $outfile:"
|
||||
echo " " $line
|
@ -0,0 +1,48 @@
|
||||
From 1bb941d6fcd7ac2db5a54b95ee0ed07ec9861e70 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
|
||||
Date: Fri, 12 Mar 2021 10:15:30 +0100
|
||||
Subject: [PATCH] Prevent parsing IP address twice (#199)
|
||||
|
||||
This fixes issue, that is caused by parsing IP address twice.
|
||||
First as IPv4 and as IPv6 at second, even thow the address was
|
||||
properly parsed as a valid IPv4 address.
|
||||
---
|
||||
snmplib/transports/snmpUDPDomain.c | 2 +-
|
||||
snmplib/transports/snmpUDPIPv6Domain.c | 10 +++++++++-
|
||||
2 files changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
|
||||
index b96497f3a3..b594a389b9 100644
|
||||
--- a/snmplib/transports/snmpUDPDomain.c
|
||||
+++ b/snmplib/transports/snmpUDPDomain.c
|
||||
@@ -387,7 +387,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
|
||||
/* Nope, wasn't a dotted quad. Must be a hostname. */
|
||||
int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
|
||||
if (ret < 0) {
|
||||
- config_perror("cannot resolve source hostname");
|
||||
+ config_perror("cannot resolve IPv4 source hostname");
|
||||
return;
|
||||
}
|
||||
}
|
||||
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
|
||||
index 238c8a9d63..7db19c5c02 100644
|
||||
--- a/snmplib/transports/snmpUDPIPv6Domain.c
|
||||
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
|
||||
@@ -736,7 +736,15 @@ netsnmp_udp6_parse_security(const char *token, char *param)
|
||||
memset(&pton_addr.sin6_addr.s6_addr, '\0',
|
||||
sizeof(struct in6_addr));
|
||||
} else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) {
|
||||
- /* Nope, wasn't a numeric address. Must be a hostname. */
|
||||
+ /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */
|
||||
+
|
||||
+ /* Try interpreting as dotted quad - IPv4 */
|
||||
+ struct in_addr network;
|
||||
+ if (inet_pton(AF_INET, sourcep, &network) > 0){
|
||||
+ /* Yes, it's IPv4 - so it's already parsed and we can return. */
|
||||
+ DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n"));
|
||||
+ return;
|
||||
+ }
|
||||
#if HAVE_GETADDRINFO
|
||||
int gai_error;
|
||||
|
||||
|
@ -0,0 +1,181 @@
|
||||
diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
|
||||
--- a/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:29:35.867328760 +0200
|
||||
+++ b/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:44:13.053535421 +0200
|
||||
@@ -153,9 +153,10 @@ static void disk_free_config(void)
|
||||
static void disk_parse_config(const char *, char *);
|
||||
static void disk_parse_config_all(const char *, char *);
|
||||
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
|
||||
-static void find_and_add_allDisks(int minpercent);
|
||||
+static void refresh_disk_table(int addNewDisks, int minpercent);
|
||||
static void add_device(char *path, char *device,
|
||||
- int minspace, int minpercent, int override);
|
||||
+ int minspace, int minpercent, int addNewDisks,
|
||||
+ int override);
|
||||
static void modify_disk_parameters(int index, int minspace,
|
||||
int minpercent);
|
||||
static int disk_exists(char *path);
|
||||
@@ -167,6 +168,7 @@ struct diskpart {
|
||||
char path[STRMAX];
|
||||
int minimumspace;
|
||||
int minpercent;
|
||||
+ int alive;
|
||||
};
|
||||
|
||||
#define MAX_INT_32 0x7fffffff
|
||||
@@ -174,6 +176,7 @@ struct diskpart {
|
||||
|
||||
unsigned int numdisks;
|
||||
int allDisksIncluded = 0;
|
||||
+int allDisksMinPercent = 0;
|
||||
unsigned int maxdisks = 0;
|
||||
struct diskpart *disks;
|
||||
|
||||
@@ -238,6 +241,7 @@ init_disk(void)
|
||||
disk_free_config,
|
||||
"minpercent%");
|
||||
allDisksIncluded = 0;
|
||||
+ allDisksMinPercent = 0;
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -253,6 +257,7 @@ disk_free_config(void)
|
||||
disks[i].minpercent = -1;
|
||||
}
|
||||
allDisksIncluded = 0;
|
||||
+ allDisksMinPercent = 0;
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
|
||||
* check if the disk already exists, if so then modify its
|
||||
* parameters. if it does not exist then add it
|
||||
*/
|
||||
- add_device(path, find_device(path), minspace, minpercent, 1);
|
||||
+ add_device(path, find_device(path), minspace, minpercent, 1, 1);
|
||||
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
|
||||
}
|
||||
|
||||
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
|
||||
|
||||
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
|
||||
static void
|
||||
-add_device(char *path, char *device, int minspace, int minpercent, int override)
|
||||
+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override)
|
||||
{
|
||||
int index;
|
||||
|
||||
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
|
||||
}
|
||||
|
||||
index = disk_exists(path);
|
||||
- if((index != -1) && (index < maxdisks) && (override==1)) {
|
||||
- modify_disk_parameters(index, minspace, minpercent);
|
||||
+ if((index != -1) && (index < maxdisks)) {
|
||||
+ /* the path is already in the table */
|
||||
+ disks[index].alive = 1;
|
||||
+ /* -> update its device */
|
||||
+ strlcpy(disks[index].device, device, sizeof(disks[index].device));
|
||||
+ if (override == 1) {
|
||||
+ modify_disk_parameters(index, minspace, minpercent);
|
||||
+ }
|
||||
}
|
||||
- else if(index == -1){
|
||||
+ else if(index == -1 && addNewDisks){
|
||||
/* add if and only if the device was found */
|
||||
if(device[0] != 0) {
|
||||
/* The following buffers are cleared above, no need to add '\0' */
|
||||
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
|
||||
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
|
||||
disks[numdisks].minimumspace = minspace;
|
||||
disks[numdisks].minpercent = minpercent;
|
||||
+ disks[numdisks].alive = 1;
|
||||
numdisks++;
|
||||
}
|
||||
else {
|
||||
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
|
||||
disks[numdisks].minpercent = -1;
|
||||
disks[numdisks].path[0] = 0;
|
||||
disks[numdisks].device[0] = 0;
|
||||
+ disks[numdisks].alive = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -444,7 +457,7 @@ int disk_exists(char *path)
|
||||
}
|
||||
|
||||
static void
|
||||
-find_and_add_allDisks(int minpercent)
|
||||
+refresh_disk_table(int addNewDisks, int minpercent)
|
||||
{
|
||||
#if HAVE_GETMNTENT
|
||||
#if HAVE_SYS_MNTTAB_H
|
||||
@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
|
||||
return;
|
||||
}
|
||||
while (mntfp && NULL != (mntent = getmntent(mntfp))) {
|
||||
- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
|
||||
+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
|
||||
dummy = 1;
|
||||
}
|
||||
if (mntfp)
|
||||
@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
|
||||
return;
|
||||
}
|
||||
while ((i = getmntent(mntfp, &mnttab)) == 0) {
|
||||
- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
|
||||
+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
|
||||
dummy = 1;
|
||||
}
|
||||
fclose(mntfp);
|
||||
@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent)
|
||||
#elif HAVE_FSTAB_H
|
||||
setfsent(); /* open /etc/fstab */
|
||||
while((fstab1 = getfsent()) != NULL) {
|
||||
- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
|
||||
+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
|
||||
dummy = 1;
|
||||
}
|
||||
endfsent(); /* close /etc/fstab */
|
||||
@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent)
|
||||
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
|
||||
for (i = 0; i < mntsize; i++) {
|
||||
if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) {
|
||||
- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0);
|
||||
+ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent)
|
||||
* statfs we default to the root partition "/"
|
||||
*/
|
||||
if (statfs("/", &statf) == 0) {
|
||||
- add_device("/", statf.f_mntfromname, -1, minpercent, 0);
|
||||
+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_e
|
||||
#endif
|
||||
#endif
|
||||
|
||||
+ if (disks[disknum].alive == 0){
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
entry->dskPercentInode = -1;
|
||||
|
||||
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
|
||||
@@ -826,6 +843,13 @@ var_extensible_disk(struct variable *vp,
|
||||
static long long_ret;
|
||||
static char *errmsg;
|
||||
|
||||
+ int i;
|
||||
+ for (i = 0; i < numdisks; i++){
|
||||
+ disks[i].alive = 0;
|
||||
+ }
|
||||
+ /* dynamically add new disks + update alive flag */
|
||||
+ refresh_disk_table(allDisksIncluded, allDisksMinPercent);
|
||||
+
|
||||
tryAgain:
|
||||
if (header_simple_table
|
||||
(vp, name, length, exact, var_len, write_method, numdisks))
|
@ -0,0 +1,11 @@
|
||||
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
|
||||
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200
|
||||
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200
|
||||
@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
|
||||
for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
|
||||
if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
|
||||
/* 'entry' is duplicate of the previous one -> delete it */
|
||||
+ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
|
||||
netsnmp_access_ipaddress_entry_free(entry);
|
||||
} else {
|
||||
CONTAINER_INSERT(ret, entry);
|
@ -0,0 +1,30 @@
|
||||
From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
|
||||
From: Josef Ridky <jridky@redhat.com>
|
||||
Date: Wed, 18 Nov 2020 20:54:34 -0800
|
||||
Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
|
||||
|
||||
See also https://github.com/net-snmp/net-snmp/issues/86.
|
||||
|
||||
Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
|
||||
Reported-by: Chris Cheney
|
||||
---
|
||||
net-snmp-create-v3-user.in | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||
index 452c2699d..31b4c58c1 100644
|
||||
--- a/net-snmp-create-v3-user.in
|
||||
+++ b/net-snmp-create-v3-user.in
|
||||
@@ -120,7 +120,11 @@ fi
|
||||
fi
|
||||
outdir="@PERSISTENT_DIRECTORY@"
|
||||
outfile="$outdir/snmpd.conf"
|
||||
-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
|
||||
+if test "x$xpassphrase" = "x" ; then
|
||||
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
|
||||
+else
|
||||
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
|
||||
+fi
|
||||
echo "adding the following line to $outfile:"
|
||||
echo " " $line
|
||||
# in case it hasn't ever been started yet, start it.
|
@ -0,0 +1,25 @@
|
||||
From 79f014464ba761e2430cc767b021993ab9379822 Mon Sep 17 00:00:00 2001
|
||||
From: Wes Hardaker <opensource@hardakers.net>
|
||||
Date: Tue, 8 Jan 2019 08:52:29 -0800
|
||||
Subject: [PATCH] NEWS: snmptrap: BUG: 2899: Patch from Drew Roedersheimer to
|
||||
set library engineboots/time values before sending
|
||||
|
||||
---
|
||||
apps/snmptrap.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/apps/snmptrap.c b/apps/snmptrap.c
|
||||
index d16d2fa671..12808d07e4 100644
|
||||
--- a/apps/snmptrap.c
|
||||
+++ b/apps/snmptrap.c
|
||||
@@ -237,6 +237,9 @@ main(int argc, char *argv[])
|
||||
session.engineBoots = 1;
|
||||
if (session.engineTime == 0) /* not really correct, */
|
||||
session.engineTime = get_uptime(); /* but it'll work. Sort of. */
|
||||
+
|
||||
+ set_enginetime(session.securityEngineID, session.securityEngineIDLen,
|
||||
+ session.engineBoots, session.engineTime, TRUE);
|
||||
}
|
||||
|
||||
ss = snmp_add(&session,
|
||||
|
@ -0,0 +1,12 @@
|
||||
diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
|
||||
--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200
|
||||
+++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200
|
||||
@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
|
||||
* save a warning header to the top of the new file
|
||||
*/
|
||||
snprintf(fileold, sizeof(fileold),
|
||||
- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
|
||||
+ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
|
||||
"#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
|
||||
"#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
|
||||
type, type, type,
|
@ -0,0 +1,67 @@
|
||||
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
|
||||
--- a/snmplib/snmp_openssl.c 2021-06-09 12:38:23.196037329 +0200
|
||||
+++ b/snmplib/snmp_openssl.c 2021-06-09 12:44:11.782503048 +0200
|
||||
@@ -284,31 +284,30 @@ _cert_get_extension(X509_EXTENSION *oex
|
||||
}
|
||||
if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
|
||||
snmp_log(LOG_ERR, "could not print extension!\n");
|
||||
- BIO_vfree(bio);
|
||||
- return NULL;
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
space = BIO_get_mem_data(bio, &data);
|
||||
if (buf && *buf) {
|
||||
- if (*len < space)
|
||||
- buf_ptr = NULL;
|
||||
- else
|
||||
- buf_ptr = *buf;
|
||||
+ if (*len < space +1) {
|
||||
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
|
||||
+ goto out;
|
||||
+ }
|
||||
+ buf_ptr = *buf;
|
||||
+ } else {
|
||||
+ buf_ptr = calloc(1, space + 1);
|
||||
}
|
||||
- else
|
||||
- buf_ptr = calloc(1,space + 1);
|
||||
|
||||
if (!buf_ptr) {
|
||||
- snmp_log(LOG_ERR,
|
||||
- "not enough space or error in allocation for extenstion\n");
|
||||
- BIO_vfree(bio);
|
||||
- return NULL;
|
||||
+ snmp_log(LOG_ERR, "error in allocation for extenstion\n");
|
||||
+ goto out;
|
||||
}
|
||||
memcpy(buf_ptr, data, space);
|
||||
buf_ptr[space] = 0;
|
||||
if (len)
|
||||
*len = space;
|
||||
|
||||
+out:
|
||||
BIO_vfree(bio);
|
||||
|
||||
return buf_ptr;
|
||||
@@ -479,7 +478,7 @@ netsnmp_openssl_cert_dump_extensions(X50
|
||||
{
|
||||
X509_EXTENSION *extension;
|
||||
const char *extension_name;
|
||||
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
|
||||
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
|
||||
int i, num_extensions, buf_len, nid;
|
||||
|
||||
if (NULL == ocert)
|
||||
@@ -499,6 +498,11 @@ netsnmp_openssl_cert_dump_extensions(X50
|
||||
extension_name = OBJ_nid2sn(nid);
|
||||
buf_len = sizeof(buf);
|
||||
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
|
||||
+ if (!str) {
|
||||
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
|
||||
+ extension_name));
|
||||
+ continue;
|
||||
+ }
|
||||
lf = strchr(str, '\n'); /* look for multiline strings */
|
||||
if (NULL != lf)
|
||||
*lf = '\0'; /* only log first line of multiline here */
|
@ -0,0 +1,26 @@
|
||||
From cd09fd82522861830aaf9d237b26eef5f9ba50d2 Mon Sep 17 00:00:00 2001
|
||||
From: Bart Van Assche <bvanassche@acm.org>
|
||||
Date: Wed, 21 Nov 2018 20:47:42 -0800
|
||||
Subject: [PATCH] MIB-II: Only log once that opening /proc/net/if_inet6 failed
|
||||
|
||||
If IPv6 has been disabled (ipv6.disable=1) then opening /proc/net/if_inet6
|
||||
fails. Only log this once instead of thousand of times a day.
|
||||
|
||||
Reported-by: Fif <lefif@users.sourceforge.net>
|
||||
---
|
||||
agent/mibgroup/ip-mib/data_access/ipaddress_linux.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||
index 5ddead3e0..280575ce3 100644
|
||||
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||
@@ -234,7 +234,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
|
||||
|
||||
#define PROCFILE "/proc/net/if_inet6"
|
||||
if (!(in = fopen(PROCFILE, "r"))) {
|
||||
- snmp_log_perror("ipaddress_linux: could not open " PROCFILE);
|
||||
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
|
||||
return -2;
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,82 @@
|
||||
diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
|
||||
--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200
|
||||
+++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200
|
||||
@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
|
||||
}
|
||||
|
||||
#elif defined(linux)
|
||||
+#include <errno.h>
|
||||
static struct ifreq *ifr;
|
||||
static int ifr_counter;
|
||||
|
||||
static void
|
||||
Address_Scan_Init(void)
|
||||
{
|
||||
- int num_interfaces = 0;
|
||||
+ int i;
|
||||
int fd;
|
||||
+ int lastlen = 0;
|
||||
|
||||
/* get info about all interfaces */
|
||||
|
||||
@@ -510,28 +512,45 @@ Address_Scan_Init(void)
|
||||
SNMP_FREE(ifc.ifc_buf);
|
||||
ifr_counter = 0;
|
||||
|
||||
- do
|
||||
- {
|
||||
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
|
||||
{
|
||||
DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
|
||||
return;
|
||||
}
|
||||
- num_interfaces += 16;
|
||||
|
||||
- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
|
||||
- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
|
||||
-
|
||||
- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
|
||||
- {
|
||||
- ifr=NULL;
|
||||
- close(fd);
|
||||
- return;
|
||||
- }
|
||||
- close(fd);
|
||||
+ /*
|
||||
+ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
|
||||
+ * on some platforms; see W. R. Stevens, ``Unix Network Programming
|
||||
+ * Volume I'', p.435...
|
||||
+ */
|
||||
+
|
||||
+ for (i = 8;; i *= 2) {
|
||||
+ ifc.ifc_len = sizeof(struct ifreq) * i;
|
||||
+ ifc.ifc_req = calloc(i, sizeof(struct ifreq));
|
||||
+
|
||||
+ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
|
||||
+ if (errno != EINVAL || lastlen != 0) {
|
||||
+ /*
|
||||
+ * Something has gone genuinely wrong...
|
||||
+ */
|
||||
+ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
|
||||
+ SNMP_FREE(ifc.ifc_buf);
|
||||
+ close(fd);
|
||||
+ return;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (ifc.ifc_len == lastlen) {
|
||||
+ /*
|
||||
+ * The length is the same as the last time; we're done...
|
||||
+ */
|
||||
+ break;
|
||||
+ }
|
||||
+ lastlen = ifc.ifc_len;
|
||||
+ }
|
||||
+ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
|
||||
}
|
||||
- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
|
||||
-
|
||||
+
|
||||
+ close(fd);
|
||||
ifr = ifc.ifc_req;
|
||||
}
|
||||
|
@ -0,0 +1,12 @@
|
||||
diff -urNp a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
|
||||
--- a/snmplib/transports/snmpUDPIPv6Domain.c 2019-01-24 09:03:05.606441678 +0100
|
||||
+++ b/snmplib/transports/snmpUDPIPv6Domain.c 2019-02-07 08:59:26.434587244 +0100
|
||||
@@ -464,7 +464,7 @@ netsnmp_udp6_transport(const struct sock
|
||||
NETSNMP_DS_LIB_CLIENT_ADDR);
|
||||
if (client_socket) {
|
||||
struct sockaddr_in6 client_addr;
|
||||
- if(!netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
|
||||
+ if(netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
|
||||
return netsnmp_udp6_transport_with_source(addr, local,
|
||||
&client_addr);
|
||||
}
|
@ -0,0 +1,38 @@
|
||||
diff -up net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||
--- net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 2022-10-13 11:10:12.206072210 +0200
|
||||
+++ net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c 2022-10-13 11:10:40.893111569 +0200
|
||||
@@ -566,6 +566,7 @@ _systemstats_v6_load_systemstats(netsnmp
|
||||
DEBUGMSGTL(("access:systemstats",
|
||||
"Failed to load Systemstats Table (linux1), cannot open %s\n",
|
||||
filename));
|
||||
+ netsnmp_access_systemstats_entry_free(entry);
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff --git a/agent/mibgroup/ucd-snmp/lmsensorsMib.c b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
|
||||
index f709812fdc..ef93eeedc9 100644
|
||||
--- a/agent/mibgroup/ucd-snmp/lmsensorsMib.c
|
||||
+++ b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
|
||||
@@ -94,7 +94,9 @@ initialize_lmSensorsTable(const char *tableName, const oid *tableOID,
|
||||
netsnmp_table_helper_add_indexes(table_info, ASN_INTEGER, 0);
|
||||
table_info->min_column = COLUMN_LMSENSORS_INDEX;
|
||||
table_info->max_column = COLUMN_LMSENSORS_VALUE;
|
||||
- netsnmp_container_table_register( reg, table_info, container, 0 );
|
||||
+ if (netsnmp_container_table_register(reg, table_info, container, 0) !=
|
||||
+ SNMPERR_SUCCESS)
|
||||
+ return;
|
||||
|
||||
/*
|
||||
* If the HAL sensors module was configured as an on-demand caching
|
||||
diff -up net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 net-snmp-5.7.2/snmplib/snmp_logging.c
|
||||
--- net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 2022-10-13 11:11:25.599172905 +0200
|
||||
+++ net-snmp-5.7.2/snmplib/snmp_logging.c 2022-10-13 11:12:26.986257126 +0200
|
||||
@@ -534,7 +534,7 @@ snmp_log_options(char *optarg, int argc,
|
||||
char *
|
||||
snmp_log_syslogname(const char *pstr)
|
||||
{
|
||||
- if (pstr)
|
||||
+ if (pstr && (pstr != syslogname))
|
||||
strlcpy (syslogname, pstr, sizeof(syslogname));
|
||||
|
||||
return syslogname;
|
@ -0,0 +1,31 @@
|
||||
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-09-29 14:08:09.742478965 +0200
|
||||
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-10-01 14:20:25.575174851 +0200
|
||||
@@ -19,6 +19,7 @@
|
||||
|
||||
#include <errno.h>
|
||||
#include <sys/ioctl.h>
|
||||
+#include <sys/stat.h>
|
||||
|
||||
netsnmp_feature_require(prefix_info)
|
||||
netsnmp_feature_require(find_prefix_info)
|
||||
@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i
|
||||
|
||||
#define PROCFILE "/proc/net/if_inet6"
|
||||
if (!(in = fopen(PROCFILE, "r"))) {
|
||||
- NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
|
||||
+
|
||||
+ /*
|
||||
+ * If PROCFILE exists, but isn't readable, file ERROR message.
|
||||
+ * Otherwise log nothing, due of IPv6 support on this machine is
|
||||
+ * intentionaly disabled/unavailable.
|
||||
+ */
|
||||
+
|
||||
+ struct stat filestat;
|
||||
+
|
||||
+ if(stat(PROCFILE, &filestat) == 0){
|
||||
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
|
||||
+ }
|
||||
return -2;
|
||||
}
|
||||
|
@ -0,0 +1,12 @@
|
||||
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
|
||||
--- a/apps/Makefile.in 2018-07-18 15:39:28.069251000 +0200
|
||||
+++ b/apps/Makefile.in 2018-07-18 15:54:52.261943123 +0200
|
||||
@@ -230,7 +230,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX
|
||||
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
|
||||
|
||||
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
|
||||
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS)
|
||||
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
|
||||
$(RANLIB) $@
|
||||
|
||||
snmpinforminstall:
|
@ -0,0 +1,36 @@
|
||||
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
|
||||
--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200
|
||||
+++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
|
||||
.SH SYNOPSIS
|
||||
.PP
|
||||
-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
|
||||
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
|
||||
.B [username]
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
@@ -16,13 +16,16 @@ new user in net-snmp configuration file
|
||||
displays the net-snmp version number
|
||||
.TP
|
||||
\fB\-ro\fR
|
||||
-create an user with read-only permissions
|
||||
+creates a user with read-only permissions
|
||||
.TP
|
||||
-\fB\-a authpass\fR
|
||||
-specify authentication password
|
||||
+\fB\-A authpass\fR
|
||||
+specifies the authentication password
|
||||
.TP
|
||||
-\fB\-x privpass\fR
|
||||
-specify encryption password
|
||||
+\fB\-a MD5|SHA\fR
|
||||
+specifies the authentication password hashing algorithm
|
||||
.TP
|
||||
-\fB\-X DES|AES\fR
|
||||
-specify encryption algorithm
|
||||
+\fB\-X privpass\fR
|
||||
+specifies the encryption password
|
||||
+.TP
|
||||
+\fB\-x DES|AES\fR
|
||||
+specifies the encryption algorithm
|
@ -0,0 +1,143 @@
|
||||
From 5b8bf5d4130761c3374f9ad618e8a76bb75eb634 Mon Sep 17 00:00:00 2001
|
||||
From: Yuwei Ba <i@xiaoba.me>
|
||||
Date: Fri, 21 Aug 2020 15:06:10 +0800
|
||||
Subject: [PATCH] snmpd: support MemAvailable on Linux
|
||||
|
||||
See also https://github.com/net-snmp/net-snmp/pull/167 .
|
||||
|
||||
[bvanassche: modified the behavior of this patch]
|
||||
---
|
||||
agent/mibgroup/hardware/memory/memory_linux.c | 20 ++++++++++++++++++-
|
||||
agent/mibgroup/ucd-snmp/memory.c | 12 ++++++++++-
|
||||
agent/mibgroup/ucd-snmp/memory.h | 1 +
|
||||
include/net-snmp/agent/hardware/memory.h | 1 +
|
||||
mibs/UCD-SNMP-MIB.txt | 16 +++++++++++++++
|
||||
5 files changed, 48 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
index 6d5e86cde4..4ae235c2d0 100644
|
||||
--- a/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
@@ -24,7 +24,8 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
|
||||
static int first = 1;
|
||||
ssize_t bytes_read;
|
||||
char *b;
|
||||
- unsigned long memtotal = 0, memfree = 0, memshared = 0,
|
||||
+ int have_memavail = 0;
|
||||
+ unsigned long memtotal = 0, memavail = 0, memfree = 0, memshared = 0,
|
||||
buffers = 0, cached = 0, sreclaimable = 0,
|
||||
swaptotal = 0, swapfree = 0;
|
||||
|
||||
@@ -81,6 +82,11 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
|
||||
if (first)
|
||||
snmp_log(LOG_ERR, "No MemTotal line in /proc/meminfo\n");
|
||||
}
|
||||
+ b = strstr(buff, "MemAvailable: ");
|
||||
+ if (b) {
|
||||
+ have_memavail = 1;
|
||||
+ sscanf(b, "MemAvailable: %lu", &memavail);
|
||||
+ }
|
||||
b = strstr(buff, "MemFree: ");
|
||||
if (b)
|
||||
sscanf(b, "MemFree: %lu", &memfree);
|
||||
@@ -151,6 +157,18 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
|
||||
mem->other = -1;
|
||||
}
|
||||
|
||||
+ if (have_memavail) {
|
||||
+ mem = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 1);
|
||||
+ if (mem) {
|
||||
+ if (!mem->descr)
|
||||
+ mem->descr = strdup("Available memory");
|
||||
+ mem->units = 1024;
|
||||
+ mem->size = memavail;
|
||||
+ mem->free = memavail;
|
||||
+ mem->other = -1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
mem = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_VIRTMEM, 1 );
|
||||
if (!mem) {
|
||||
snmp_log_perror("No Virtual Memory info entry");
|
||||
diff --git a/agent/mibgroup/ucd-snmp/memory.c b/agent/mibgroup/ucd-snmp/memory.c
|
||||
index 371a77e9a5..158b28e67b 100644
|
||||
--- a/agent/mibgroup/ucd-snmp/memory.c
|
||||
+++ b/agent/mibgroup/ucd-snmp/memory.c
|
||||
@@ -26,7 +26,7 @@ init_memory(void)
|
||||
netsnmp_create_handler_registration("memory", handle_memory,
|
||||
memory_oid, OID_LENGTH(memory_oid),
|
||||
HANDLER_CAN_RONLY),
|
||||
- 1, 26);
|
||||
+ 1, 27);
|
||||
netsnmp_register_scalar(
|
||||
netsnmp_create_handler_registration("memSwapError", handle_memory,
|
||||
memSwapError_oid, OID_LENGTH(memSwapError_oid),
|
||||
@@ -272,6 +272,16 @@ handle_memory(netsnmp_mib_handler *handler,
|
||||
c64.low = val & 0xFFFFFFFF;
|
||||
c64.high = val >>32;
|
||||
break;
|
||||
+ case MEMORY_SYS_AVAIL:
|
||||
+ type = ASN_COUNTER64;
|
||||
+ mem_info = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 0);
|
||||
+ if (!mem_info)
|
||||
+ goto NOSUCH;
|
||||
+ val = mem_info->size; /* memavail */
|
||||
+ val *= (mem_info->units/1024);
|
||||
+ c64.low = val & 0xFFFFFFFF;
|
||||
+ c64.high = val >> 32;
|
||||
+ break;
|
||||
case MEMORY_SWAP_ERROR:
|
||||
mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 );
|
||||
if (!mem_info)
|
||||
diff --git a/agent/mibgroup/ucd-snmp/memory.h b/agent/mibgroup/ucd-snmp/memory.h
|
||||
index ded2140227..54a56a2fdb 100644
|
||||
--- a/agent/mibgroup/ucd-snmp/memory.h
|
||||
+++ b/agent/mibgroup/ucd-snmp/memory.h
|
||||
@@ -41,6 +41,7 @@ Netsnmp_Node_Handler handle_memory;
|
||||
#define MEMORY_SHARED_X 24
|
||||
#define MEMORY_BUFFER_X 25
|
||||
#define MEMORY_CACHED_X 26
|
||||
+#define MEMORY_SYS_AVAIL 27
|
||||
#define MEMORY_SWAP_ERROR 100
|
||||
#define MEMORY_SWAP_ERRMSG 101
|
||||
#endif /* MEMORY_H */
|
||||
diff --git a/include/net-snmp/agent/hardware/memory.h b/include/net-snmp/agent/hardware/memory.h
|
||||
index 54265cf22a..aca3a4d00d 100644
|
||||
--- a/include/net-snmp/agent/hardware/memory.h
|
||||
+++ b/include/net-snmp/agent/hardware/memory.h
|
||||
@@ -10,6 +10,7 @@ typedef struct netsnmp_memory_info_s netsnmp_memory_info;
|
||||
#define NETSNMP_MEM_TYPE_SHARED 8
|
||||
#define NETSNMP_MEM_TYPE_SHARED2 9
|
||||
#define NETSNMP_MEM_TYPE_SWAP 10
|
||||
+#define NETSNMP_MEM_TYPE_AVAILMEM 11
|
||||
/* Leave space for individual swap devices */
|
||||
#define NETSNMP_MEM_TYPE_MAX 30
|
||||
|
||||
diff --git a/mibs/UCD-SNMP-MIB.txt b/mibs/UCD-SNMP-MIB.txt
|
||||
index cde67feb50..d360bad025 100644
|
||||
--- a/mibs/UCD-SNMP-MIB.txt
|
||||
+++ b/mibs/UCD-SNMP-MIB.txt
|
||||
@@ -746,6 +746,22 @@ memCachedX OBJECT-TYPE
|
||||
memory as specifically reserved for this purpose."
|
||||
::= { memory 26 }
|
||||
|
||||
+memSysAvail OBJECT-TYPE
|
||||
+ SYNTAX CounterBasedGauge64
|
||||
+ UNITS "kB"
|
||||
+ MAX-ACCESS read-only
|
||||
+ STATUS current
|
||||
+ DESCRIPTION
|
||||
+ "The total amount of available memory, which is an estimate
|
||||
+ of how much memory is available for starting new applications,
|
||||
+ without swapping.
|
||||
+
|
||||
+ This object will not be implemented on hosts where the
|
||||
+ underlying operating system does not explicitly identify
|
||||
+ memory as specifically reserved for this purpose."
|
||||
+ ::= { memory 27 }
|
||||
+
|
||||
+
|
||||
memSwapError OBJECT-TYPE
|
||||
SYNTAX UCDErrorFlag
|
||||
MAX-ACCESS read-only
|
||||
|
@ -0,0 +1,92 @@
|
||||
From c6facf2f080c9e1ea803e4884dc92889ec83d990 Mon Sep 17 00:00:00 2001
|
||||
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
|
||||
Date: Wed, 10 Oct 2018 21:42:35 -0700
|
||||
Subject: [PATCH] snmplib/keytools: Fix a memory leak
|
||||
|
||||
Avoid that Valgrind reports the following memory leak:
|
||||
|
||||
17,328 bytes in 361 blocks are definitely lost in loss record 696 of 704
|
||||
at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
|
||||
by 0x52223B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
|
||||
by 0x52DDB06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
|
||||
by 0x4E9885D: generate_Ku (keytools.c:186)
|
||||
by 0x40171F: asynchronous (leaktest.c:276)
|
||||
by 0x400FE7: main (leaktest.c:356)
|
||||
---
|
||||
snmplib/keytools.c | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/snmplib/keytools.c b/snmplib/keytools.c
|
||||
index 2cf0240abf..dcdae044ac 100644
|
||||
--- a/snmplib/keytools.c
|
||||
+++ b/snmplib/keytools.c
|
||||
@@ -186,11 +186,15 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
|
||||
ctx = EVP_MD_CTX_create();
|
||||
#else
|
||||
ctx = malloc(sizeof(*ctx));
|
||||
- if (!EVP_MD_CTX_init(ctx))
|
||||
- return SNMPERR_GENERR;
|
||||
+ if (!EVP_MD_CTX_init(ctx)) {
|
||||
+ rval = SNMPERR_GENERR;
|
||||
+ goto generate_Ku_quit;
|
||||
+ }
|
||||
#endif
|
||||
- if (!EVP_DigestInit(ctx, hashfn))
|
||||
- return SNMPERR_GENERR;
|
||||
+ if (!EVP_DigestInit(ctx, hashfn)) {
|
||||
+ rval = SNMPERR_GENERR;
|
||||
+ goto generate_Ku_quit;
|
||||
+ }
|
||||
|
||||
#elif NETSNMP_USE_INTERNAL_CRYPTO
|
||||
#ifndef NETSNMP_DISABLE_MD5
|
||||
From 67726f2a74007b5b4117fe49ca1e02c86110b624 Mon Sep 17 00:00:00 2001
|
||||
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
|
||||
Date: Tue, 9 Oct 2018 23:28:25 +0000
|
||||
Subject: [PATCH] snmplib: Fix a memory leak in scapi.c
|
||||
|
||||
This patch avoids that Valgrind reports the following leak:
|
||||
|
||||
==1069== 3,456 bytes in 72 blocks are definitely lost in loss record 1,568 of 1,616
|
||||
==1069== at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
|
||||
==1069== by 0x70A63B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
|
||||
==1069== by 0x7161B06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
|
||||
==1069== by 0x4EA3017: sc_hash (in /usr/lib64/libnetsnmp.so.31.0.2)
|
||||
==1069== by 0x4EA1CD8: hash_engineID (in /usr/lib64/libnetsnmp.so.31.0.2)
|
||||
==1069== by 0x4EA1DEC: search_enginetime_list (in /usr/lib64/libnetsnmp.so.31.0.2)
|
||||
==1069== by 0x4EA2256: set_enginetime (in /usr/lib64/libnetsnmp.so.31.0.2)
|
||||
==1069== by 0x4EC495E: usm_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
|
||||
==1069== by 0x4EC58CA: usm_secmod_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
|
||||
==1069== by 0x4E7B91D: snmpv3_parse (in /usr/lib64/libnetsnmp.so.31.0.2)
|
||||
==1069== by 0x4E7C1F6: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
|
||||
==1069== by 0x4E7CE94: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
|
||||
|
||||
[ bvanassche: minimized diffs / edited commit message ]
|
||||
---
|
||||
snmplib/scapi.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/snmplib/scapi.c b/snmplib/scapi.c
|
||||
index 8ad1d70d90..54310099d8 100644
|
||||
--- a/snmplib/scapi.c
|
||||
+++ b/snmplib/scapi.c
|
||||
@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
|
||||
#endif
|
||||
if (!EVP_DigestInit(cptr, hashfn)) {
|
||||
/* requested hash function is not available */
|
||||
- return SNMPERR_SC_NOT_CONFIGURED;
|
||||
+ rval = SNMPERR_SC_NOT_CONFIGURED;
|
||||
+ goto sc_hash_type_quit;
|
||||
}
|
||||
|
||||
/** pass the data */
|
||||
@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
|
||||
/** do the final pass */
|
||||
EVP_DigestFinal(cptr, MAC, &tmp_len);
|
||||
*MAC_len = tmp_len;
|
||||
+
|
||||
+sc_hash_type_quit:
|
||||
#if defined(HAVE_EVP_MD_CTX_FREE)
|
||||
EVP_MD_CTX_free(cptr);
|
||||
#elif defined(HAVE_EVP_MD_CTX_DESTROY)
|
||||
|
@ -0,0 +1,35 @@
|
||||
diff -urNp a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
--- a/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:36:40.164588176 +0200
|
||||
+++ b/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:38:59.398944829 +0200
|
||||
@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
|
||||
ssize_t bytes_read;
|
||||
char *b;
|
||||
unsigned long memtotal = 0, memfree = 0, memshared = 0,
|
||||
- buffers = 0, cached = 0,
|
||||
+ buffers = 0, cached = 0, sreclaimable = 0,
|
||||
swaptotal = 0, swapfree = 0;
|
||||
|
||||
netsnmp_memory_info *mem;
|
||||
@@ -127,6 +127,13 @@ int netsnmp_mem_arch_load( netsnmp_cache
|
||||
if (first)
|
||||
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
|
||||
}
|
||||
+ b = strstr(buff, "SReclaimable: ");
|
||||
+ if (b)
|
||||
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
|
||||
+ else {
|
||||
+ if (first)
|
||||
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
|
||||
+ }
|
||||
b = strstr(buff, "SwapFree: ");
|
||||
if (b)
|
||||
sscanf(b, "SwapFree: %lu", &swapfree);
|
||||
@@ -183,7 +190,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
|
||||
if (!mem->descr)
|
||||
mem->descr = strdup("Cached memory");
|
||||
mem->units = 1024;
|
||||
- mem->size = cached;
|
||||
+ mem->size = cached+sreclaimable;
|
||||
mem->free = 0; /* Report cached size/used as equal */
|
||||
mem->other = -1;
|
||||
}
|
@ -0,0 +1,83 @@
|
||||
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:12:19.583503903 +0200
|
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:50:38.599703588 +0200
|
||||
@@ -102,7 +102,6 @@ netsnmp_swinst_arch_load( netsnmp_contai
|
||||
rpmtd td_name, td_version, td_release, td_group, td_time;
|
||||
#else
|
||||
char *n, *v, *r, *g;
|
||||
- int32_t *t;
|
||||
#endif
|
||||
time_t install_time;
|
||||
size_t date_len;
|
||||
@@ -146,14 +145,13 @@ netsnmp_swinst_arch_load( netsnmp_contai
|
||||
install_time = rpmtdGetNumber(td_time);
|
||||
g = rpmtdGetString(td_group);
|
||||
#else
|
||||
- headerGetEntry( h, RPMTAG_NAME, NULL, (void**)&n, NULL);
|
||||
- headerGetEntry( h, RPMTAG_VERSION, NULL, (void**)&v, NULL);
|
||||
- headerGetEntry( h, RPMTAG_RELEASE, NULL, (void**)&r, NULL);
|
||||
- headerGetEntry( h, RPMTAG_GROUP, NULL, (void**)&g, NULL);
|
||||
- headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL);
|
||||
+ n = headerGetString( h, RPMTAG_NAME);
|
||||
+ v = headerGetString( h, RPMTAG_VERSION);
|
||||
+ r = headerGetString( h, RPMTAG_RELEASE);
|
||||
+ g = headerGetString( h, RPMTAG_GROUP);
|
||||
+ install_time = headerGetNumber( h, RPMTAG_INSTALLTIME);
|
||||
entry->swName_len = snprintf( entry->swName, sizeof(entry->swName),
|
||||
"%s-%s-%s", n, v, r);
|
||||
- install_time = *t;
|
||||
#endif
|
||||
entry->swType = (g && NULL != strstr( g, "System Environment"))
|
||||
? 2 /* operatingSystem */
|
||||
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||
--- a/agent/mibgroup/host/hr_swinst.c 2018-07-18 16:12:19.582503907 +0200
|
||||
+++ b/agent/mibgroup/host/hr_swinst.c 2018-07-18 17:09:29.716564197 +0200
|
||||
@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp,
|
||||
}
|
||||
#else
|
||||
# ifdef HAVE_LIBRPM
|
||||
- char *rpm_groups;
|
||||
- if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) {
|
||||
- if ( strstr(rpm_groups, "System Environment") != NULL )
|
||||
+ const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP);
|
||||
+ if ( NULL != rpm_group ) {
|
||||
+ if ( strstr(rpm_group, "System Environment") != NULL )
|
||||
long_return = 2; /* operatingSystem */
|
||||
else
|
||||
long_return = 4; /* applcation */
|
||||
@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp,
|
||||
case HRSWINST_DATE:
|
||||
{
|
||||
#ifdef HAVE_LIBRPM
|
||||
- int32_t *rpm_data;
|
||||
- if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) {
|
||||
- time_t installTime = *rpm_data;
|
||||
+ time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME);
|
||||
+ if ( 0 != installTime ) {
|
||||
ret = date_n_time(&installTime, var_len);
|
||||
} else {
|
||||
ret = date_n_time(NULL, var_len);
|
||||
@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix)
|
||||
if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) {
|
||||
int offset;
|
||||
Header h;
|
||||
- char *n, *v, *r;
|
||||
+ const char *n, *v, *r;
|
||||
|
||||
offset = swi->swi_recs[ix - 1];
|
||||
|
||||
@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix)
|
||||
swi->swi_h = h;
|
||||
swi->swi_prevx = ix;
|
||||
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL);
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v,
|
||||
- NULL);
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r,
|
||||
- NULL);
|
||||
+ n = headerGetString(swi->swi_h, RPMTAG_NAME);
|
||||
+ v = headerGetString(swi->swi_h, RPMTAG_VERSION);
|
||||
+ r = headerGetString(swi->swi_h, RPMTAG_RELEASE);
|
||||
snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r);
|
||||
swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
|
||||
}
|
@ -0,0 +1,45 @@
|
||||
diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
|
||||
--- a/man/netsnmp_config_api.3.def 2018-07-18 11:18:06.196792766 +0200
|
||||
+++ b/man/netsnmp_config_api.3.def 2018-07-18 11:20:04.631679886 +0200
|
||||
@@ -295,7 +295,7 @@ for one particular machine.
|
||||
.PP
|
||||
The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
|
||||
followed by \fC DATADIR/snmp\fP,
|
||||
-followed by \fC LIBDIR/snmp\fP,
|
||||
+followed by \fC /usr/lib(64)/snmp\fP,
|
||||
followed by \fC $HOME/.snmp\fP.
|
||||
This list can be changed by setting the environmental variable
|
||||
.I SNMPCONFPATH
|
||||
@@ -367,7 +367,7 @@ A colon separated list of directories to
|
||||
files in.
|
||||
Default:
|
||||
.br
|
||||
-SYSCONFDIR/snmp:\:DATADIR/snmp:\:LIBDIR/snmp:\:$HOME/.snmp
|
||||
+SYSCONFDIR/snmp:\:DATADIR/snmp:\:/usr/lib(64)/snmp:\:$HOME/.snmp
|
||||
.SH "SEE ALSO"
|
||||
netsnmp_mib_api(3), snmp_api(3)
|
||||
.\" Local Variables:
|
||||
diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def
|
||||
--- a/man/snmp_config.5.def 2018-07-18 11:18:06.194792767 +0200
|
||||
+++ b/man/snmp_config.5.def 2018-07-18 11:20:56.423626117 +0200
|
||||
@@ -10,7 +10,7 @@ First off, there are numerous places tha
|
||||
found and read from. By default, the applications look for
|
||||
configuration files in the following 4 directories, in order:
|
||||
SYSCONFDIR/snmp,
|
||||
-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these
|
||||
+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these
|
||||
directories, it looks for files snmp.conf, snmpd.conf and/or
|
||||
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
|
||||
and/or snmptrapd.local.conf. *.local.conf are always
|
||||
diff -urNp a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
|
||||
--- a/man/snmpd.conf.5.def 2018-07-18 11:18:06.196792766 +0200
|
||||
+++ b/man/snmpd.conf.5.def 2018-07-18 11:21:44.263574388 +0200
|
||||
@@ -1559,7 +1559,7 @@ filename), and call the initialisation r
|
||||
.RS
|
||||
.IP "Note:"
|
||||
If the specified PATH is not a fully qualified filename, it will
|
||||
-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
|
||||
+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
|
||||
will be appended to the filename.
|
||||
.RE
|
||||
.PP
|
@ -0,0 +1,12 @@
|
||||
diff -ruNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
|
||||
--- a/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:24:24.933347483 +0200
|
||||
+++ b/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:25:49.007148474 +0200
|
||||
@@ -460,7 +460,7 @@ proxy_handler(netsnmp_mib_handler *handl
|
||||
if (sp->base_len &&
|
||||
reqinfo->mode == MODE_GETNEXT &&
|
||||
(snmp_oid_compare(ourname, ourlength,
|
||||
- sp->base, sp->base_len) < 0)) {
|
||||
+ sp->name, sp->name_len) < 0)) {
|
||||
DEBUGMSGTL(( "proxy", "request is out of registered range\n"));
|
||||
/*
|
||||
* Create GETNEXT request with an OID so the
|
@ -0,0 +1,33 @@
|
||||
From 6fd7499ccaafdf244a74306972562b2091cb91b1 Mon Sep 17 00:00:00 2001
|
||||
From: fisabelle <fisabelle@broadsoft.com>
|
||||
Date: Thu, 9 Jul 2020 15:49:35 -0400
|
||||
Subject: [PATCH] Issue#147: Net-SNMP not responding when proxy requests times
|
||||
out
|
||||
|
||||
---
|
||||
agent/mibgroup/ucd-snmp/proxy.c | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
|
||||
index 24ae9322bd..e0ee96b29a 100644
|
||||
--- a/agent/mibgroup/ucd-snmp/proxy.c
|
||||
+++ b/agent/mibgroup/ucd-snmp/proxy.c
|
||||
@@ -572,6 +572,17 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
|
||||
}
|
||||
|
||||
switch (operation) {
|
||||
+ case NETSNMP_CALLBACK_OP_RESEND:
|
||||
+ /*
|
||||
+ * Issue#147: Net-SNMP not responding when proxy requests times out
|
||||
+ *
|
||||
+ * When snmp_api issue a resend, the default case was hit and the
|
||||
+ * delagated cache was freed.
|
||||
+ * As a result, the NETSNMP_CALLBACK_OP_TIMED_OUT never came in.
|
||||
+ */
|
||||
+ DEBUGMSGTL(("proxy", "pdu has been resent for request = %8p\n", requests));
|
||||
+ return SNMP_ERR_NOERROR;
|
||||
+
|
||||
case NETSNMP_CALLBACK_OP_TIMED_OUT:
|
||||
/*
|
||||
* WWWXXX: don't leave requests delayed if operation is
|
||||
|
@ -0,0 +1,26 @@
|
||||
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200
|
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200
|
||||
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
|
||||
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
|
||||
SNMP_FREE(rpmdbpath);
|
||||
dbpath = NULL;
|
||||
+#ifdef HAVE_RPMGETPATH
|
||||
+ rpmFreeRpmrc();
|
||||
+#endif
|
||||
if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||
snmp_log(LOG_ERR, "Can't find directory of RPM packages");
|
||||
pkg_directory[0] = '\0';
|
||||
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||
--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200
|
||||
+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200
|
||||
@@ -231,6 +231,9 @@ init_hr_swinst(void)
|
||||
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
|
||||
path[ sizeof(path)-1 ] = 0;
|
||||
swi->swi_directory = strdup(path);
|
||||
+#ifdef HAVE_RPMGETPATH
|
||||
+ rpmFreeRpmrc();
|
||||
+#endif
|
||||
}
|
||||
#else
|
||||
# ifdef _PATH_HRSW_directory
|
@ -0,0 +1,146 @@
|
||||
diff -urNp a/include/net-snmp/library/snmpusm.h b/include/net-snmp/library/snmpusm.h
|
||||
--- a/include/net-snmp/library/snmpusm.h 2020-03-16 09:54:29.883655600 +0100
|
||||
+++ b/include/net-snmp/library/snmpusm.h 2020-03-16 09:55:24.142944520 +0100
|
||||
@@ -43,6 +43,7 @@ extern "C" {
|
||||
* Structures.
|
||||
*/
|
||||
struct usmStateReference {
|
||||
+ int refcnt;
|
||||
char *usr_name;
|
||||
size_t usr_name_length;
|
||||
u_char *usr_engine_id;
|
||||
diff -urNp a/snmplib/snmp_client.c b/snmplib/snmp_client.c
|
||||
--- a/snmplib/snmp_client.c 2020-03-16 09:54:29.892655813 +0100
|
||||
+++ b/snmplib/snmp_client.c 2020-03-16 09:58:13.214021890 +0100
|
||||
@@ -402,27 +402,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- if (pdu->securityStateRef &&
|
||||
- pdu->command == SNMP_MSG_TRAP2) {
|
||||
-
|
||||
- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
|
||||
- (struct usmStateReference **) &newpdu->securityStateRef );
|
||||
-
|
||||
- if (ret)
|
||||
- {
|
||||
+ sptr = find_sec_mod(newpdu->securityModel);
|
||||
+ if (sptr && sptr->pdu_clone) {
|
||||
+ /* call security model if it needs to know about this */
|
||||
+ ret = sptr->pdu_clone(pdu, newpdu);
|
||||
+ if (ret) {
|
||||
snmp_free_pdu(newpdu);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
|
||||
- sptr->pdu_clone != NULL) {
|
||||
- /*
|
||||
- * call security model if it needs to know about this
|
||||
- */
|
||||
- (*sptr->pdu_clone) (pdu, newpdu);
|
||||
- }
|
||||
-
|
||||
return newpdu;
|
||||
}
|
||||
|
||||
diff -urNp a/snmplib/snmpusm.c b/snmplib/snmpusm.c
|
||||
--- a/snmplib/snmpusm.c 2020-03-16 09:54:29.894655860 +0100
|
||||
+++ b/snmplib/snmpusm.c 2020-03-16 10:03:38.870027530 +0100
|
||||
@@ -285,43 +285,64 @@ free_enginetime_on_shutdown(int majorid,
|
||||
struct usmStateReference *
|
||||
usm_malloc_usmStateReference(void)
|
||||
{
|
||||
- struct usmStateReference *retval = (struct usmStateReference *)
|
||||
- calloc(1, sizeof(struct usmStateReference));
|
||||
+ struct usmStateReference *retval;
|
||||
+
|
||||
+ retval = calloc(1, sizeof(struct usmStateReference));
|
||||
+ if (retval)
|
||||
+ retval->refcnt = 1;
|
||||
|
||||
return retval;
|
||||
} /* end usm_malloc_usmStateReference() */
|
||||
|
||||
+static int
|
||||
+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
|
||||
+{
|
||||
+ struct usmStateReference *ref = pdu->securityStateRef;
|
||||
+ struct usmStateReference **new_ref =
|
||||
+ (struct usmStateReference **)&new_pdu->securityStateRef;
|
||||
+ int ret = 0;
|
||||
+
|
||||
+ if (!ref)
|
||||
+ return ret;
|
||||
+
|
||||
+ if (pdu->command == SNMP_MSG_TRAP2) {
|
||||
+ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
|
||||
+ ret = usm_clone_usmStateReference(ref, new_ref);
|
||||
+ } else {
|
||||
+ netsnmp_assert(ref == *new_ref);
|
||||
+ ref->refcnt++;
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
|
||||
void
|
||||
usm_free_usmStateReference(void *old)
|
||||
{
|
||||
- struct usmStateReference *old_ref = (struct usmStateReference *) old;
|
||||
+ struct usmStateReference *ref = old;
|
||||
|
||||
- if (old_ref) {
|
||||
+ if (!ref)
|
||||
+ return;
|
||||
|
||||
- if (old_ref->usr_name_length)
|
||||
- SNMP_FREE(old_ref->usr_name);
|
||||
- if (old_ref->usr_engine_id_length)
|
||||
- SNMP_FREE(old_ref->usr_engine_id);
|
||||
- if (old_ref->usr_auth_protocol_length)
|
||||
- SNMP_FREE(old_ref->usr_auth_protocol);
|
||||
- if (old_ref->usr_priv_protocol_length)
|
||||
- SNMP_FREE(old_ref->usr_priv_protocol);
|
||||
-
|
||||
- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
|
||||
- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
|
||||
- SNMP_FREE(old_ref->usr_auth_key);
|
||||
- }
|
||||
- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
|
||||
- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
|
||||
- SNMP_FREE(old_ref->usr_priv_key);
|
||||
- }
|
||||
+ if (--ref->refcnt > 0)
|
||||
+ return;
|
||||
|
||||
- SNMP_ZERO(old_ref, sizeof(*old_ref));
|
||||
- SNMP_FREE(old_ref);
|
||||
+ SNMP_FREE(ref->usr_name);
|
||||
+ SNMP_FREE(ref->usr_engine_id);
|
||||
+ SNMP_FREE(ref->usr_auth_protocol);
|
||||
+ SNMP_FREE(ref->usr_priv_protocol);
|
||||
|
||||
+ if (ref->usr_auth_key_length && ref->usr_auth_key) {
|
||||
+ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
|
||||
+ SNMP_FREE(ref->usr_auth_key);
|
||||
+ }
|
||||
+ if (ref->usr_priv_key_length && ref->usr_priv_key) {
|
||||
+ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
|
||||
+ SNMP_FREE(ref->usr_priv_key);
|
||||
}
|
||||
|
||||
+ SNMP_FREE(ref);
|
||||
} /* end usm_free_usmStateReference() */
|
||||
|
||||
struct usmUser *
|
||||
@@ -3316,6 +3337,7 @@ init_usm(void)
|
||||
def->encode_reverse = usm_secmod_rgenerate_out_msg;
|
||||
def->encode_forward = usm_secmod_generate_out_msg;
|
||||
def->decode = usm_secmod_process_in_msg;
|
||||
+ def->pdu_clone = usm_clone;
|
||||
def->pdu_free_state_ref = usm_free_usmStateReference;
|
||||
def->session_setup = usm_session_init;
|
||||
def->handle_report = usm_handle_report;
|
@ -0,0 +1,84 @@
|
||||
diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
|
||||
--- a/agent/snmp_agent.c 2020-06-11 10:20:31.646339191 +0200
|
||||
+++ b/agent/snmp_agent.c 2020-06-11 10:23:41.178056889 +0200
|
||||
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
|
||||
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
|
||||
asp, asp->reqinfo));
|
||||
|
||||
- /* Clean up securityStateRef here to prevent a double free */
|
||||
- if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
|
||||
- snmp_free_securityStateRef(asp->orig_pdu);
|
||||
- if (asp->pdu && asp->pdu->securityStateRef)
|
||||
- snmp_free_securityStateRef(asp->pdu);
|
||||
-
|
||||
if (asp->orig_pdu)
|
||||
snmp_free_pdu(asp->orig_pdu);
|
||||
if (asp->pdu)
|
||||
diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
|
||||
--- a/include/net-snmp/pdu_api.h 2020-06-11 10:20:31.631339058 +0200
|
||||
+++ b/include/net-snmp/pdu_api.h 2020-06-11 10:24:17.261390028 +0200
|
||||
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
|
||||
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
|
||||
NETSNMP_IMPORT
|
||||
void snmp_free_pdu( netsnmp_pdu *pdu);
|
||||
-NETSNMP_IMPORT
|
||||
-void snmp_free_securityStateRef( netsnmp_pdu *pdu);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
|
||||
--- a/snmplib/snmp_api.c 2020-06-11 10:20:31.695339627 +0200
|
||||
+++ b/snmplib/snmp_api.c 2020-06-11 10:33:55.510891945 +0200
|
||||
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
|
||||
pdu->securityStateRef = NULL;
|
||||
}
|
||||
|
||||
-/*
|
||||
- * This function is here to provide a separate call to
|
||||
- * free the securityStateRef memory. This is needed to prevent
|
||||
- * a double free if this memory is freed in snmp_free_pdu.
|
||||
- */
|
||||
-void
|
||||
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
|
||||
-{
|
||||
- free_securityStateRef(pdu);
|
||||
-}
|
||||
-
|
||||
#define ERROR_STAT_LENGTH 11
|
||||
|
||||
int
|
||||
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
|
||||
if (!pdu)
|
||||
return;
|
||||
|
||||
+ free_securityStateRef(pdu);
|
||||
+
|
||||
/*
|
||||
* If the command field is empty, that probably indicates
|
||||
* that this PDU structure has already been freed.
|
||||
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
|
||||
}
|
||||
|
||||
if (ret != SNMP_ERR_NOERROR) {
|
||||
- /*
|
||||
- * Call the security model to free any securityStateRef supplied w/ msg.
|
||||
- */
|
||||
- if (pdu->securityStateRef != NULL) {
|
||||
- free_securityStateRef(pdu);
|
||||
- }
|
||||
snmp_free_pdu(pdu);
|
||||
return NULL;
|
||||
}
|
||||
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
|
||||
}
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Call USM to free any securityStateRef supplied with the message.
|
||||
- */
|
||||
- if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
|
||||
- free_securityStateRef(pdu);
|
||||
-
|
||||
if (!handled) {
|
||||
if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
|
||||
return -2;
|
@ -0,0 +1,12 @@
|
||||
diff -urNp a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
|
||||
--- a/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:20:56.776099134 +0200
|
||||
+++ b/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:23:18.921323874 +0200
|
||||
@@ -293,7 +293,7 @@ int netsnmp_udpbase_sendto(int fd, const
|
||||
}
|
||||
|
||||
rc = sendmsg(fd, &m, MSG_NOSIGNAL|MSG_DONTWAIT);
|
||||
- if (rc >= 0 || errno != EINVAL)
|
||||
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
|
||||
return rc;
|
||||
|
||||
/*
|
@ -0,0 +1,30 @@
|
||||
Don't check tests which depend on DNS - it's disabled in Koji
|
||||
|
||||
diff -urNp a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
|
||||
--- a/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:52:56.081185545 +0200
|
||||
+++ b/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:54:18.843968880 +0200
|
||||
@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25
|
||||
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
|
||||
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
|
||||
|
||||
+FINISHED
|
||||
+
|
||||
+# don't test the rest, it depends on DNS, which is not available in Koji
|
||||
+
|
||||
CHECKAGENT '<"c408a"'
|
||||
if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
CHECKAGENT 'line 32: Error:'
|
||||
diff -urNp a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
|
||||
--- a/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:52:56.080185548 +0200
|
||||
+++ b/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:55:17.779818732 +0200
|
||||
@@ -132,6 +132,10 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff
|
||||
SAVECHECKAGENT 'line 27: Error:'
|
||||
SAVECHECKAGENT 'line 28: Error:'
|
||||
|
||||
+FINISHED
|
||||
+
|
||||
+# don't test the rest, it depends on DNS, which is not available in Koji
|
||||
+
|
||||
# 608
|
||||
CHECKAGENT '<"c608a"'
|
||||
if [ "$snmp_last_test_result" -eq 0 ] ; then
|
@ -0,0 +1,21 @@
|
||||
diff -urNp old/snmplib/transports/snmpUDPIPv4BaseDomain.c new/snmplib/transports/snmpUDPIPv4BaseDomain.c
|
||||
--- old/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:40:48.663969034 +0200
|
||||
+++ new/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:42:05.293723487 +0200
|
||||
@@ -317,7 +317,7 @@ netsnmp_udpipv4base_tspec_transport(nets
|
||||
if (NULL != tspec->source) {
|
||||
struct sockaddr_in src_addr, *srcp = &src_addr;
|
||||
/** get sockaddr from source */
|
||||
- if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, NULL))
|
||||
+ if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, ":0"))
|
||||
return NULL;
|
||||
return netsnmp_udpipv4base_transport_with_source(&addr, local, srcp);
|
||||
} else {
|
||||
@@ -364,7 +364,7 @@ netsnmp_udpipv4base_transport(const stru
|
||||
strcat(client_address, ":0");
|
||||
have_port = 1;
|
||||
}
|
||||
- rc = netsnmp_sockaddr_in2(&client_addr, client_socket, NULL);
|
||||
+ rc = netsnmp_sockaddr_in2(&client_addr, client_socket, ":0");
|
||||
if (client_address != client_socket)
|
||||
free(client_address);
|
||||
if(rc) {
|
@ -0,0 +1,11 @@
|
||||
diff -urNp a/agent/snmpd.c b/agent/snmpd.c
|
||||
--- a/agent/snmpd.c 2018-10-04 10:34:10.939728847 +0200
|
||||
+++ b/agent/snmpd.c 2018-10-04 10:34:43.910625603 +0200
|
||||
@@ -325,6 +325,7 @@ usage(char *prog)
|
||||
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
|
||||
"\n"
|
||||
);
|
||||
+ exit(1);
|
||||
}
|
||||
|
||||
static void
|
@ -0,0 +1,13 @@
|
||||
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
|
||||
--- a/snmplib/cert_util.c 2021-12-09 08:45:23.217942229 +0100
|
||||
+++ b/snmplib/cert_util.c 2021-12-09 08:46:56.567562352 +0100
|
||||
@@ -1368,8 +1368,7 @@ _add_certfile(const char* dirname, const
|
||||
|
||||
okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||
if (NULL == okey)
|
||||
- snmp_log(LOG_ERR, "error parsing key file %s\n",
|
||||
- key->info.filename);
|
||||
+ snmp_log(LOG_ERR, "error parsing key file %s\n", filename);
|
||||
else {
|
||||
key = _add_key(okey, dirname, filename, index);
|
||||
if (NULL == key) {
|
@ -0,0 +1,357 @@
|
||||
diff -urNp c/agent/snmp_agent.c d/agent/snmp_agent.c
|
||||
--- c/agent/snmp_agent.c 2019-09-18 08:44:53.833601845 +0200
|
||||
+++ d/agent/snmp_agent.c 2019-09-18 08:46:38.176595597 +0200
|
||||
@@ -1604,6 +1604,13 @@ free_agent_snmp_session(netsnmp_agent_se
|
||||
|
||||
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
|
||||
asp, asp->reqinfo));
|
||||
+
|
||||
+ /* Clean up securityStateRef here to prevent a double free */
|
||||
+ if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
|
||||
+ snmp_free_securityStateRef(asp->orig_pdu);
|
||||
+ if (asp->pdu && asp->pdu->securityStateRef)
|
||||
+ snmp_free_securityStateRef(asp->pdu);
|
||||
+
|
||||
if (asp->orig_pdu)
|
||||
snmp_free_pdu(asp->orig_pdu);
|
||||
if (asp->pdu)
|
||||
diff -urNp c/include/net-snmp/pdu_api.h d/include/net-snmp/pdu_api.h
|
||||
--- c/include/net-snmp/pdu_api.h 2019-09-18 08:44:53.822601740 +0200
|
||||
+++ d/include/net-snmp/pdu_api.h 2019-09-18 08:47:03.620838212 +0200
|
||||
@@ -19,6 +19,8 @@ NETSNMP_IMPORT
|
||||
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
|
||||
NETSNMP_IMPORT
|
||||
void snmp_free_pdu( netsnmp_pdu *pdu);
|
||||
+NETSNMP_IMPORT
|
||||
+void snmp_free_securityStateRef( netsnmp_pdu *pdu);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
diff -urNp c/snmplib/snmp_api.c d/snmplib/snmp_api.c
|
||||
--- c/snmplib/snmp_api.c 2019-09-18 08:44:53.807601597 +0200
|
||||
+++ d/snmplib/snmp_api.c 2019-09-18 08:53:19.937435576 +0200
|
||||
@@ -4012,7 +4012,12 @@ snmpv3_parse(netsnmp_pdu *pdu,
|
||||
static void
|
||||
free_securityStateRef(netsnmp_pdu* pdu)
|
||||
{
|
||||
- struct snmp_secmod_def *sptr = find_sec_mod(pdu->securityModel);
|
||||
+ struct snmp_secmod_def *sptr;
|
||||
+
|
||||
+ if(!pdu->securityStateRef)
|
||||
+ return;
|
||||
+
|
||||
+ sptr = find_sec_mod(pdu->securityModel);
|
||||
if (sptr) {
|
||||
if (sptr->pdu_free_state_ref) {
|
||||
(*sptr->pdu_free_state_ref) (pdu->securityStateRef);
|
||||
@@ -4029,6 +4034,17 @@ free_securityStateRef(netsnmp_pdu* pdu)
|
||||
pdu->securityStateRef = NULL;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * This function is here to provide a separate call to
|
||||
+ * free the securityStateRef memory. This is needed to prevent
|
||||
+ * a double free if this memory is freed in snmp_free_pdu.
|
||||
+ */
|
||||
+void
|
||||
+snmp_free_securityStateRef(netsnmp_pdu* pdu)
|
||||
+{
|
||||
+ free_securityStateRef(pdu);
|
||||
+}
|
||||
+
|
||||
#define ERROR_STAT_LENGTH 11
|
||||
|
||||
int
|
||||
diff -urNp c/snmplib/snmpusm.c d/snmplib/snmpusm.c
|
||||
--- c/snmplib/snmpusm.c 2019-09-18 08:44:53.802601550 +0200
|
||||
+++ d/snmplib/snmpusm.c 2019-09-18 08:57:35.696872662 +0200
|
||||
@@ -299,16 +299,20 @@ usm_free_usmStateReference(void *old)
|
||||
|
||||
if (old_ref) {
|
||||
|
||||
- SNMP_FREE(old_ref->usr_name);
|
||||
- SNMP_FREE(old_ref->usr_engine_id);
|
||||
- SNMP_FREE(old_ref->usr_auth_protocol);
|
||||
- SNMP_FREE(old_ref->usr_priv_protocol);
|
||||
+ if (old_ref->usr_name_length)
|
||||
+ SNMP_FREE(old_ref->usr_name);
|
||||
+ if (old_ref->usr_engine_id_length)
|
||||
+ SNMP_FREE(old_ref->usr_engine_id);
|
||||
+ if (old_ref->usr_auth_protocol_length)
|
||||
+ SNMP_FREE(old_ref->usr_auth_protocol);
|
||||
+ if (old_ref->usr_priv_protocol_length)
|
||||
+ SNMP_FREE(old_ref->usr_priv_protocol);
|
||||
|
||||
- if (old_ref->usr_auth_key) {
|
||||
+ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
|
||||
SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
|
||||
SNMP_FREE(old_ref->usr_auth_key);
|
||||
}
|
||||
- if (old_ref->usr_priv_key) {
|
||||
+ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
|
||||
SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
|
||||
SNMP_FREE(old_ref->usr_priv_key);
|
||||
}
|
||||
@@ -1039,7 +1043,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
|
||||
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
|
||||
DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_UNKNOWNSECURITYNAME;
|
||||
}
|
||||
|
||||
@@ -1091,7 +1094,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
thePrivProtocolLength) == 1) {
|
||||
DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n",
|
||||
theSecLevel));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
|
||||
}
|
||||
|
||||
@@ -1121,7 +1123,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
&msgAuthParmLen, &msgPrivParmLen, &otstlen,
|
||||
&seq_len, &msgSecParmLen) == -1) {
|
||||
DEBUGMSGTL(("usm", "Failed calculating offsets.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_GENERICERROR;
|
||||
}
|
||||
|
||||
@@ -1143,7 +1144,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
ptr = *wholeMsg = globalData;
|
||||
if (theTotalLength > *wholeMsgLen) {
|
||||
DEBUGMSGTL(("usm", "Message won't fit in buffer.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_GENERICERROR;
|
||||
}
|
||||
|
||||
@@ -1169,7 +1169,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
htonl(boots_uint), htonl(time_uint),
|
||||
&ptr[privParamsOffset]) == -1) {
|
||||
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_GENERICERROR;
|
||||
}
|
||||
}
|
||||
@@ -1185,7 +1184,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
&ptr[privParamsOffset])
|
||||
== -1)) {
|
||||
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_GENERICERROR;
|
||||
}
|
||||
}
|
||||
@@ -1198,7 +1196,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
&ptr[dataOffset], &encrypted_length)
|
||||
!= SNMP_ERR_NOERROR) {
|
||||
DEBUGMSGTL(("usm", "encryption error.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_ENCRYPTIONERROR;
|
||||
}
|
||||
#ifdef NETSNMP_ENABLE_TESTING_CODE
|
||||
@@ -1226,7 +1223,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
if ((encrypted_length != (theTotalLength - dataOffset))
|
||||
|| (salt_length != msgPrivParmLen)) {
|
||||
DEBUGMSGTL(("usm", "encryption length error.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_ENCRYPTIONERROR;
|
||||
}
|
||||
|
||||
@@ -1362,7 +1358,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
|
||||
if (temp_sig == NULL) {
|
||||
DEBUGMSGTL(("usm", "Out of memory.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_GENERICERROR;
|
||||
}
|
||||
|
||||
@@ -1376,7 +1371,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
SNMP_ZERO(temp_sig, temp_sig_len);
|
||||
SNMP_FREE(temp_sig);
|
||||
DEBUGMSGTL(("usm", "Signing failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_AUTHENTICATIONFAILURE;
|
||||
}
|
||||
|
||||
@@ -1384,7 +1378,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
SNMP_ZERO(temp_sig, temp_sig_len);
|
||||
SNMP_FREE(temp_sig);
|
||||
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_AUTHENTICATIONFAILURE;
|
||||
}
|
||||
|
||||
@@ -1398,7 +1391,6 @@ usm_generate_out_msg(int msgProcModel,
|
||||
/*
|
||||
* endif -- create keyed hash
|
||||
*/
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
|
||||
DEBUGMSGTL(("usm", "USM processing completed.\n"));
|
||||
|
||||
@@ -1548,7 +1540,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
|
||||
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
|
||||
DEBUGMSGTL(("usm", "Unknown User\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_UNKNOWNSECURITYNAME;
|
||||
}
|
||||
|
||||
@@ -1601,7 +1592,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n",
|
||||
theSecLevel));
|
||||
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
|
||||
}
|
||||
|
||||
@@ -1636,7 +1626,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
DEBUGMSGTL(("usm",
|
||||
"couldn't malloc %d bytes for encrypted PDU\n",
|
||||
(int)ciphertextlen));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_MALLOC;
|
||||
}
|
||||
|
||||
@@ -1652,7 +1641,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
htonl(boots_uint), htonl(time_uint),
|
||||
iv) == -1) {
|
||||
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
SNMP_FREE(ciphertext);
|
||||
return SNMPERR_USM_GENERICERROR;
|
||||
}
|
||||
@@ -1667,7 +1655,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
thePrivKeyLength - 8,
|
||||
iv) == -1)) {
|
||||
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
SNMP_FREE(ciphertext);
|
||||
return SNMPERR_USM_GENERICERROR;
|
||||
}
|
||||
@@ -1686,7 +1673,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
scopedPdu, scopedPduLen,
|
||||
ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) {
|
||||
DEBUGMSGTL(("usm", "encryption error.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
SNMP_FREE(ciphertext);
|
||||
return SNMPERR_USM_ENCRYPTIONERROR;
|
||||
}
|
||||
@@ -1703,7 +1689,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
ciphertext, ciphertextlen);
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm", "Encryption failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
SNMP_FREE(ciphertext);
|
||||
return SNMPERR_USM_ENCRYPTIONERROR;
|
||||
}
|
||||
@@ -1743,7 +1728,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
DEBUGINDENTLESS();
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm", "building privParams failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
|
||||
@@ -1766,7 +1750,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
DEBUGINDENTLESS();
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm", "building authParams failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
|
||||
@@ -1789,7 +1772,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
DEBUGINDENTLESS();
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm", "building authParams failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
|
||||
@@ -1805,7 +1787,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm",
|
||||
"building msgAuthoritativeEngineTime failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
|
||||
@@ -1821,7 +1802,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm",
|
||||
"building msgAuthoritativeEngineBoots failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
|
||||
@@ -1833,7 +1813,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
DEBUGINDENTLESS();
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
|
||||
@@ -1846,7 +1825,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
*offset - sp_offset);
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm", "building usm security parameters failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
|
||||
@@ -1860,7 +1838,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
|
||||
@@ -1870,7 +1847,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
while ((*wholeMsgLen - *offset) < globalDataLen) {
|
||||
if (!asn_realloc(wholeMsg, wholeMsgLen)) {
|
||||
DEBUGMSGTL(("usm", "building global data failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
}
|
||||
@@ -1886,7 +1862,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
ASN_CONSTRUCTOR), *offset);
|
||||
if (rc == 0) {
|
||||
DEBUGMSGTL(("usm", "building master packet sequence failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_TOO_LONG;
|
||||
}
|
||||
|
||||
@@ -1904,7 +1879,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
|
||||
if (temp_sig == NULL) {
|
||||
DEBUGMSGTL(("usm", "Out of memory.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_GENERICERROR;
|
||||
}
|
||||
|
||||
@@ -1915,14 +1889,12 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
!= SNMP_ERR_NOERROR) {
|
||||
SNMP_FREE(temp_sig);
|
||||
DEBUGMSGTL(("usm", "Signing failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_AUTHENTICATIONFAILURE;
|
||||
}
|
||||
|
||||
if (temp_sig_len != msgAuthParmLen) {
|
||||
SNMP_FREE(temp_sig);
|
||||
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
return SNMPERR_USM_AUTHENTICATIONFAILURE;
|
||||
}
|
||||
|
||||
@@ -1933,7 +1905,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
||||
/*
|
||||
* endif -- create keyed hash
|
||||
*/
|
||||
- usm_free_usmStateReference(secStateRef);
|
||||
DEBUGMSGTL(("usm", "USM processing completed.\n"));
|
||||
return SNMPERR_SUCCESS;
|
||||
} /* end usm_rgenerate_out_msg() */
|
@ -0,0 +1,62 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# net-snmp-config
|
||||
#
|
||||
# this shell script is designed to merely dump the configuration
|
||||
# information about how the net-snmp package was compiled. The
|
||||
# information is particularily useful for applications that need to
|
||||
# link against the net-snmp libraries and hence must know about any
|
||||
# other libraries that must be linked in as well.
|
||||
|
||||
# this particular shell script calls arch specific script to avoid
|
||||
# multilib conflicts
|
||||
|
||||
# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha sparc sparc64
|
||||
|
||||
arch=`arch`
|
||||
echo $arch | grep -q i.86
|
||||
if [ $? -eq 0 ] ; then
|
||||
net-snmp-config-i386 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "ia64" ] ; then
|
||||
net-snmp-config-ia64 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "ppc" ] ; then
|
||||
net-snmp-config-ppc $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "ppc64" ] ; then
|
||||
net-snmp-config-ppc64 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "s390" ] ; then
|
||||
net-snmp-config-s390 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "s390x" ] ; then
|
||||
net-snmp-config-s390x $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "x86_64" ] ; then
|
||||
net-snmp-config-x86_64 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "alpha" ] ; then
|
||||
net-snmp-config-alpha $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "sparc" ] ; then
|
||||
net-snmp-config-sparc $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "sparc64" ] ; then
|
||||
net-snmp-config-sparc64 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "aarch64" ] ; then
|
||||
net-snmp-config-aarch64 $*
|
||||
exit 0
|
||||
fi
|
||||
echo "Cannot determine architecture"
|
@ -0,0 +1,38 @@
|
||||
/* This file is here to prevent a file conflict on multiarch systems. A
|
||||
* conflict will frequently occur because arch-specific build-time
|
||||
* configuration options are stored (and used, so they can't just be stripped
|
||||
* out) in net-snmp-config.h. The original net-snmp-config.h has been renamed.
|
||||
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
|
||||
|
||||
#ifdef net_snmp_config_multilib_redirection_h
|
||||
#error "Do not define net_snmp_config_multilib_redirection_h!"
|
||||
#endif
|
||||
#define net_snmp_config_multilib_redirection_h
|
||||
|
||||
#if defined(__i386__)
|
||||
#include "net-snmp-config-i386.h"
|
||||
#elif defined(__ia64__)
|
||||
#include "net-snmp-config-ia64.h"
|
||||
#elif defined(__powerpc64__)
|
||||
#include "net-snmp-config-ppc64.h"
|
||||
#elif defined(__powerpc__)
|
||||
#include "net-snmp-config-ppc.h"
|
||||
#elif defined(__s390x__)
|
||||
#include "net-snmp-config-s390x.h"
|
||||
#elif defined(__s390__)
|
||||
#include "net-snmp-config-s390.h"
|
||||
#elif defined(__x86_64__)
|
||||
#include "net-snmp-config-x86_64.h"
|
||||
#elif defined(__alpha__)
|
||||
#include "net-snmp-config-alpha.h"
|
||||
#elif defined(__sparc__) && defined (__arch64__)
|
||||
#include "net-snmp-config-sparc64.h"
|
||||
#elif defined(__sparc__)
|
||||
#include "net-snmp-config-sparc.h"
|
||||
#elif defined(__aarch64__)
|
||||
#include "net-snmp-config-aarch64.h"
|
||||
#else
|
||||
#error "net-snmp-devel package does not work on your architecture"
|
||||
#endif
|
||||
|
||||
#undef net_snmp_config_multilib_redirection_h
|
@ -0,0 +1 @@
|
||||
d /run/net-snmp 0755 root root
|
@ -0,0 +1,6 @@
|
||||
# Example configuration file for snmptrapd
|
||||
#
|
||||
# No traps are handled by default, you must edit this file!
|
||||
#
|
||||
# authCommunity log,execute,net public
|
||||
# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold
|
@ -0,0 +1,462 @@
|
||||
###############################################################################
|
||||
#
|
||||
# snmpd.conf:
|
||||
# An example configuration file for configuring the ucd-snmp snmpd agent.
|
||||
#
|
||||
###############################################################################
|
||||
#
|
||||
# This file is intended to only be as a starting point. Many more
|
||||
# configuration directives exist than are mentioned in this file. For
|
||||
# full details, see the snmpd.conf(5) manual page.
|
||||
#
|
||||
# All lines beginning with a '#' are comments and are intended for you
|
||||
# to read. All other lines are configuration commands for the agent.
|
||||
|
||||
###############################################################################
|
||||
# Access Control
|
||||
###############################################################################
|
||||
|
||||
# As shipped, the snmpd demon will only respond to queries on the
|
||||
# system mib group until this file is replaced or modified for
|
||||
# security purposes. Examples are shown below about how to increase the
|
||||
# level of access.
|
||||
|
||||
# By far, the most common question I get about the agent is "why won't
|
||||
# it work?", when really it should be "how do I configure the agent to
|
||||
# allow me to access it?"
|
||||
#
|
||||
# By default, the agent responds to the "public" community for read
|
||||
# only access, if run out of the box without any configuration file in
|
||||
# place. The following examples show you other ways of configuring
|
||||
# the agent so that you can change the community names, and give
|
||||
# yourself write access to the mib tree as well.
|
||||
#
|
||||
# For more information, read the FAQ as well as the snmpd.conf(5)
|
||||
# manual page.
|
||||
|
||||
####
|
||||
# First, map the community name "public" into a "security name"
|
||||
|
||||
# sec.name source community
|
||||
com2sec notConfigUser default public
|
||||
|
||||
####
|
||||
# Second, map the security name into a group name:
|
||||
|
||||
# groupName securityModel securityName
|
||||
group notConfigGroup v1 notConfigUser
|
||||
group notConfigGroup v2c notConfigUser
|
||||
|
||||
####
|
||||
# Third, create a view for us to let the group have rights to:
|
||||
|
||||
# Make at least snmpwalk -v 1 localhost -c public system fast again.
|
||||
# name incl/excl subtree mask(optional)
|
||||
view systemview included .1.3.6.1.2.1.1
|
||||
view systemview included .1.3.6.1.2.1.25.1.1
|
||||
|
||||
####
|
||||
# Finally, grant the group read-only access to the systemview view.
|
||||
|
||||
# group context sec.model sec.level prefix read write notif
|
||||
access notConfigGroup "" any noauth exact systemview none none
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
# Here is a commented out example configuration that allows less
|
||||
# restrictive access.
|
||||
|
||||
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
|
||||
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
|
||||
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
|
||||
|
||||
## sec.name source community
|
||||
#com2sec local localhost COMMUNITY
|
||||
#com2sec mynetwork NETWORK/24 COMMUNITY
|
||||
|
||||
## group.name sec.model sec.name
|
||||
#group MyRWGroup any local
|
||||
#group MyROGroup any mynetwork
|
||||
#
|
||||
#group MyRWGroup any otherv3user
|
||||
#...
|
||||
|
||||
## incl/excl subtree mask
|
||||
#view all included .1 80
|
||||
|
||||
## -or just the mib2 tree-
|
||||
|
||||
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
|
||||
|
||||
|
||||
## context sec.model sec.level prefix read write notif
|
||||
#access MyROGroup "" any noauth 0 all none none
|
||||
#access MyRWGroup "" any noauth 0 all all all
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Sample configuration to make net-snmpd RFC 1213.
|
||||
# Unfortunately v1 and v2c don't allow any user based authentification, so
|
||||
# opening up the default config is not an option from a security point.
|
||||
#
|
||||
# WARNING: If you uncomment the following lines you allow write access to your
|
||||
# snmpd daemon from any source! To avoid this use different names for your
|
||||
# community or split out the write access to a different community and
|
||||
# restrict it to your local network.
|
||||
# Also remember to comment the syslocation and syscontact parameters later as
|
||||
# otherwise they are still read only (see FAQ for net-snmp).
|
||||
#
|
||||
|
||||
# First, map the community name "public" into a "security name"
|
||||
# sec.name source community
|
||||
#com2sec notConfigUser default public
|
||||
|
||||
# Second, map the security name into a group name:
|
||||
# groupName securityModel securityName
|
||||
#group notConfigGroup v1 notConfigUser
|
||||
#group notConfigGroup v2c notConfigUser
|
||||
|
||||
# Third, create a view for us to let the group have rights to:
|
||||
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
|
||||
# name incl/excl subtree mask(optional)
|
||||
#view roview included .1
|
||||
#view rwview included system.sysContact
|
||||
#view rwview included system.sysName
|
||||
#view rwview included system.sysLocation
|
||||
#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus
|
||||
#view rwview included at.atTable.atEntry.atPhysAddress
|
||||
#view rwview included at.atTable.atEntry.atNetAddress
|
||||
#view rwview included ip.ipForwarding
|
||||
#view rwview included ip.ipDefaultTTL
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
|
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
|
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
|
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
|
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
|
||||
#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState
|
||||
#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
|
||||
#view rwview included snmp.snmpEnableAuthenTraps
|
||||
|
||||
# Finally, grant the group read-only access to the systemview view.
|
||||
# group context sec.model sec.level prefix read write notif
|
||||
#access notConfigGroup "" any noauth exact roview rwview none
|
||||
|
||||
|
||||
|
||||
###############################################################################
|
||||
# System contact information
|
||||
#
|
||||
|
||||
# It is also possible to set the sysContact and sysLocation system
|
||||
# variables through the snmpd.conf file:
|
||||
|
||||
syslocation Unknown (edit /etc/snmp/snmpd.conf)
|
||||
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
|
||||
|
||||
# Example output of snmpwalk:
|
||||
# % snmpwalk -v 1 localhost -c public system
|
||||
# system.sysDescr.0 = "SunOS name sun4c"
|
||||
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
|
||||
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
|
||||
# system.sysContact.0 = "Me <me@somewhere.org>"
|
||||
# system.sysName.0 = "name"
|
||||
# system.sysLocation.0 = "Right here, right now."
|
||||
# system.sysServices.0 = 72
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Logging
|
||||
#
|
||||
|
||||
# We do not want annoying "Connection from UDP: " messages in syslog.
|
||||
# If the following option is commented out, snmpd will print each incoming
|
||||
# connection, which can be useful for debugging.
|
||||
|
||||
dontLogTCPWrappersConnects yes
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Process checks.
|
||||
#
|
||||
# The following are examples of how to use the agent to check for
|
||||
# processes running on the host. The syntax looks something like:
|
||||
#
|
||||
# proc NAME [MAX=0] [MIN=0]
|
||||
#
|
||||
# NAME: the name of the process to check for. It must match
|
||||
# exactly (ie, http will not find httpd processes).
|
||||
# MAX: the maximum number allowed to be running. Defaults to 0.
|
||||
# MIN: the minimum number to be running. Defaults to 0.
|
||||
|
||||
#
|
||||
# Examples (commented out by default):
|
||||
#
|
||||
|
||||
# Make sure mountd is running
|
||||
#proc mountd
|
||||
|
||||
# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
|
||||
#proc ntalkd 4
|
||||
|
||||
# Make sure at least one sendmail, but less than or equal to 10 are running.
|
||||
#proc sendmail 10 1
|
||||
|
||||
# A snmpwalk of the process mib tree would look something like this:
|
||||
#
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
|
||||
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
|
||||
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
|
||||
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
|
||||
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
|
||||
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
|
||||
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
|
||||
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
|
||||
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
|
||||
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
|
||||
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
|
||||
#
|
||||
# Note that the errorFlag for mountd is set to 1 because one is not
|
||||
# running (in this case an rpc.mountd is, but thats not good enough),
|
||||
# and the ErrMessage tells you what's wrong. The configuration
|
||||
# imposed in the snmpd.conf file is also shown.
|
||||
#
|
||||
# Special Case: When the min and max numbers are both 0, it assumes
|
||||
# you want a max of infinity and a min of 1.
|
||||
#
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Executables/scripts
|
||||
#
|
||||
|
||||
#
|
||||
# You can also have programs run by the agent that return a single
|
||||
# line of output and an exit code. Here are two examples.
|
||||
#
|
||||
# exec NAME PROGRAM [ARGS ...]
|
||||
#
|
||||
# NAME: A generic name. The name must be unique for each exec statement.
|
||||
# PROGRAM: The program to run. Include the path!
|
||||
# ARGS: optional arguments to be passed to the program
|
||||
|
||||
# a simple hello world
|
||||
|
||||
#exec echotest /bin/echo hello world
|
||||
|
||||
# Run a shell script containing:
|
||||
#
|
||||
# #!/bin/sh
|
||||
# echo hello world
|
||||
# echo hi there
|
||||
# exit 35
|
||||
#
|
||||
# Note: this has been specifically commented out to prevent
|
||||
# accidental security holes due to someone else on your system writing
|
||||
# a /tmp/shtest before you do. Uncomment to use it.
|
||||
#
|
||||
#exec shelltest /bin/sh /tmp/shtest
|
||||
|
||||
# Then,
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
|
||||
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
|
||||
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
|
||||
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
|
||||
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
|
||||
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
|
||||
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
|
||||
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
|
||||
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
|
||||
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
|
||||
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
|
||||
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
|
||||
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
|
||||
|
||||
# Note that the second line of the /tmp/shtest shell script is cut
|
||||
# off. Also note that the exit status of 35 was returned.
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# disk checks
|
||||
#
|
||||
|
||||
# The agent can check the amount of available disk space, and make
|
||||
# sure it is above a set limit.
|
||||
|
||||
# disk PATH [MIN=100000]
|
||||
#
|
||||
# PATH: mount path to the disk in question.
|
||||
# MIN: Disks with space below this value will have the Mib's errorFlag set.
|
||||
# Default value = 100000.
|
||||
|
||||
# Check the / partition and make sure it contains at least 10 megs.
|
||||
|
||||
#disk / 10000
|
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# load average checks
|
||||
#
|
||||
|
||||
# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
|
||||
#
|
||||
# 1MAX: If the 1 minute load average is above this limit at query
|
||||
# time, the errorFlag will be set.
|
||||
# 5MAX: Similar, but for 5 min average.
|
||||
# 15MAX: Similar, but for 15 min average.
|
||||
|
||||
# Check for loads:
|
||||
#load 12 14 14
|
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Extensible sections.
|
||||
#
|
||||
|
||||
# This alleviates the multiple line output problem found in the
|
||||
# previous executable mib by placing each mib in its own mib table:
|
||||
|
||||
# Run a shell script containing:
|
||||
#
|
||||
# #!/bin/sh
|
||||
# echo hello world
|
||||
# echo hi there
|
||||
# exit 35
|
||||
#
|
||||
# Note: this has been specifically commented out to prevent
|
||||
# accidental security holes due to someone else on your system writing
|
||||
# a /tmp/shtest before you do. Uncomment to use it.
|
||||
#
|
||||
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
|
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
|
||||
# enterprises.ucdavis.50.1.1 = 1
|
||||
# enterprises.ucdavis.50.2.1 = "shelltest"
|
||||
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
|
||||
# enterprises.ucdavis.50.100.1 = 35
|
||||
# enterprises.ucdavis.50.101.1 = "hello world."
|
||||
# enterprises.ucdavis.50.101.2 = "hi there."
|
||||
# enterprises.ucdavis.50.102.1 = 0
|
||||
|
||||
# Now the Output has grown to two lines, and we can see the 'hi
|
||||
# there.' output as the second line from our shell script.
|
||||
#
|
||||
# Note that you must alter the mib.txt file to be correct if you want
|
||||
# the .50.* outputs above to change to reasonable text descriptions.
|
||||
|
||||
# Other ideas:
|
||||
#
|
||||
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
|
||||
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
|
||||
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Pass through control.
|
||||
#
|
||||
|
||||
# Usage:
|
||||
# pass MIBOID EXEC-COMMAND
|
||||
#
|
||||
# This will pass total control of the mib underneath the MIBOID
|
||||
# portion of the mib to the EXEC-COMMAND.
|
||||
#
|
||||
# Note: You'll have to change the path of the passtest script to your
|
||||
# source directory or install it in the given location.
|
||||
#
|
||||
# Example: (see the script for details)
|
||||
# (commented out here since it requires that you place the
|
||||
# script in the right location. (its not installed by default))
|
||||
|
||||
# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
|
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
|
||||
# enterprises.ucdavis.255.1 = "life the universe and everything"
|
||||
# enterprises.ucdavis.255.2.1 = 42
|
||||
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
|
||||
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
|
||||
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
|
||||
# enterprises.ucdavis.255.5 = 42
|
||||
# enterprises.ucdavis.255.6 = Gauge: 42
|
||||
#
|
||||
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
|
||||
# enterprises.ucdavis.255.5 = 42
|
||||
#
|
||||
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
|
||||
# enterprises.ucdavis.255.1 = "New string"
|
||||
#
|
||||
|
||||
# For specific usage information, see the man/snmpd.conf.5 manual page
|
||||
# as well as the local/passtest script used in the above example.
|
||||
|
||||
###############################################################################
|
||||
# Further Information
|
||||
#
|
||||
# See the snmpd.conf manual page, and the output of "snmpd -H".
|
@ -0,0 +1,3 @@
|
||||
# snmpd command line options
|
||||
# '-f' is implicitly added by snmpd systemd unit file
|
||||
# OPTIONS="-LS0-6d"
|
@ -0,0 +1,3 @@
|
||||
# snmptrapd command line options
|
||||
# '-f' is implicitly added by snmptrapd systemd unit file
|
||||
# OPTIONS="-Lsd"
|
@ -0,0 +1,13 @@
|
||||
[Unit]
|
||||
Description=Simple Network Management Protocol (SNMP) Daemon.
|
||||
After=syslog.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
Environment=OPTIONS="-LS0-6d"
|
||||
EnvironmentFile=-/etc/sysconfig/snmpd
|
||||
ExecStart=/usr/sbin/snmpd $OPTIONS -f
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,13 @@
|
||||
[Unit]
|
||||
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
|
||||
After=syslog.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
Environment=OPTIONS="-Lsd"
|
||||
EnvironmentFile=-/etc/sysconfig/snmptrapd
|
||||
ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue