commit
db964d98e1
@ -0,0 +1 @@
|
||||
SOURCES/net-snmp-5.9.4.tar.gz
|
@ -0,0 +1 @@
|
||||
2f5e96165890158c45e73f9e24c5682885355a57 SOURCES/net-snmp-5.9.4.tar.gz
|
@ -0,0 +1,41 @@
|
||||
MIBs included in this software taken from IETF Documents are considered
|
||||
Code Components in accordance with the IETF Trust License Policy, as found
|
||||
here:
|
||||
|
||||
http://trustee.ietf.org/license-info/
|
||||
|
||||
They are available under the terms of the Simplified BSD license, a copy of
|
||||
which is included below.
|
||||
|
||||
*****
|
||||
|
||||
Copyright (c) 2013 IETF Trust and the persons identified as authors of
|
||||
the code. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
· Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
|
||||
· Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
|
||||
· Neither the name of Internet Society, IETF or IETF Trust, nor the
|
||||
names of specific contributors, may be used to endorse or promote
|
||||
products derived from this software without specific prior written
|
||||
permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS
|
||||
IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
|
||||
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
@ -0,0 +1,30 @@
|
||||
1134475 - dependency in perl package
|
||||
|
||||
Use hardcoded path to configuration directories instead of net-snmp-config.
|
||||
net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
|
||||
depending on -devel.
|
||||
|
||||
diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
|
||||
--- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200
|
||||
+++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200
|
||||
@@ -819,8 +819,7 @@ sub set_default {
|
||||
sub cfg_path {
|
||||
my $path;
|
||||
|
||||
- $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`;
|
||||
- chomp $path;
|
||||
+ $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp";
|
||||
return (wantarray ? split(':', $path) : $path);
|
||||
}
|
||||
|
||||
@@ -1414,8 +1413,8 @@ sub checkReqs {
|
||||
die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later")
|
||||
if ($ossl_ver cmp $ossl_min_ver) < 0;
|
||||
|
||||
- die("$NetSNMP::Cert::CFGTOOL not found: please install")
|
||||
- if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
|
||||
+# die("$NetSNMP::Cert::CFGTOOL not found: please install")
|
||||
+# if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
|
||||
}
|
||||
|
||||
sub initOpts {
|
@ -0,0 +1,14 @@
|
||||
diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
|
||||
--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200
|
||||
+++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200
|
||||
@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
|
||||
return 0; /* or -1 */
|
||||
|
||||
it = CONTAINER_ITERATOR( swrun_container );
|
||||
+ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
|
||||
+ if (0 == strcmp( entry->hrSWRunName, name ))
|
||||
+ i++;
|
||||
+ }
|
||||
while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
|
||||
if (0 == strcmp( entry->hrSWRunName, name ))
|
||||
i++;
|
@ -0,0 +1,12 @@
|
||||
diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h
|
||||
--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200
|
||||
+++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200
|
||||
@@ -10,7 +10,7 @@ extern "C" {
|
||||
* Note: using the U64 typedef is deprecated because this typedef conflicts
|
||||
* with a typedef with the same name defined in the Perl header files.
|
||||
*/
|
||||
- typedef struct counter64 U64;
|
||||
+// typedef struct counter64 U64;
|
||||
#endif
|
||||
|
||||
#define I64CHARSZ 21
|
@ -0,0 +1,35 @@
|
||||
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
|
||||
--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100
|
||||
+++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100
|
||||
@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
|
||||
"No error", /* SNMPERR_SUCCESS */
|
||||
"Generic error", /* SNMPERR_GENERR */
|
||||
"Invalid local port", /* SNMPERR_BAD_LOCPORT */
|
||||
- "Unknown host", /* SNMPERR_BAD_ADDRESS */
|
||||
+ "Invalid address", /* SNMPERR_BAD_ADDRESS */
|
||||
"Unknown session", /* SNMPERR_BAD_SESSION */
|
||||
"Too long", /* SNMPERR_TOO_LONG */
|
||||
"No socket", /* SNMPERR_NO_SOCKET */
|
||||
@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
|
||||
DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
|
||||
in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
|
||||
in_session->s_errno = errno;
|
||||
- snmp_set_detail(in_session->peername);
|
||||
+ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
|
||||
+ NETSNMP_DS_LIB_CLIENT_ADDR))
|
||||
+ snmp_set_detail(in_session->peername);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
|
||||
--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100
|
||||
+++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100
|
||||
@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
|
||||
DEBUGMSGTL(("netsnmp_udpbase",
|
||||
"failed to bind for clientaddr: %d %s\n",
|
||||
errno, strerror(errno)));
|
||||
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
|
||||
+ strerror(errno)));
|
||||
goto err;
|
||||
}
|
||||
|
@ -0,0 +1,11 @@
|
||||
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
|
||||
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200
|
||||
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200
|
||||
@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
|
||||
for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
|
||||
if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
|
||||
/* 'entry' is duplicate of the previous one -> delete it */
|
||||
+ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
|
||||
netsnmp_access_ipaddress_entry_free(entry);
|
||||
} else {
|
||||
CONTAINER_INSERT(ret, entry);
|
@ -0,0 +1,12 @@
|
||||
diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
|
||||
--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200
|
||||
+++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200
|
||||
@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
|
||||
* save a warning header to the top of the new file
|
||||
*/
|
||||
snprintf(fileold, sizeof(fileold),
|
||||
- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
|
||||
+ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
|
||||
"#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
|
||||
"#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
|
||||
type, type, type,
|
@ -0,0 +1,82 @@
|
||||
diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
|
||||
--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200
|
||||
+++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200
|
||||
@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
|
||||
}
|
||||
|
||||
#elif defined(linux)
|
||||
+#include <errno.h>
|
||||
static struct ifreq *ifr;
|
||||
static int ifr_counter;
|
||||
|
||||
static void
|
||||
Address_Scan_Init(void)
|
||||
{
|
||||
- int num_interfaces = 0;
|
||||
+ int i;
|
||||
int fd;
|
||||
+ int lastlen = 0;
|
||||
|
||||
/* get info about all interfaces */
|
||||
|
||||
@@ -510,28 +512,45 @@ Address_Scan_Init(void)
|
||||
SNMP_FREE(ifc.ifc_buf);
|
||||
ifr_counter = 0;
|
||||
|
||||
- do
|
||||
- {
|
||||
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
|
||||
{
|
||||
DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
|
||||
return;
|
||||
}
|
||||
- num_interfaces += 16;
|
||||
|
||||
- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
|
||||
- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
|
||||
-
|
||||
- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
|
||||
- {
|
||||
- ifr=NULL;
|
||||
- close(fd);
|
||||
- return;
|
||||
- }
|
||||
- close(fd);
|
||||
+ /*
|
||||
+ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
|
||||
+ * on some platforms; see W. R. Stevens, ``Unix Network Programming
|
||||
+ * Volume I'', p.435...
|
||||
+ */
|
||||
+
|
||||
+ for (i = 8;; i *= 2) {
|
||||
+ ifc.ifc_len = sizeof(struct ifreq) * i;
|
||||
+ ifc.ifc_req = calloc(i, sizeof(struct ifreq));
|
||||
+
|
||||
+ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
|
||||
+ if (errno != EINVAL || lastlen != 0) {
|
||||
+ /*
|
||||
+ * Something has gone genuinely wrong...
|
||||
+ */
|
||||
+ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
|
||||
+ SNMP_FREE(ifc.ifc_buf);
|
||||
+ close(fd);
|
||||
+ return;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (ifc.ifc_len == lastlen) {
|
||||
+ /*
|
||||
+ * The length is the same as the last time; we're done...
|
||||
+ */
|
||||
+ break;
|
||||
+ }
|
||||
+ lastlen = ifc.ifc_len;
|
||||
+ }
|
||||
+ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
|
||||
}
|
||||
- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
|
||||
-
|
||||
+
|
||||
+ close(fd);
|
||||
ifr = ifc.ifc_req;
|
||||
}
|
||||
|
@ -0,0 +1,36 @@
|
||||
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
|
||||
--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200
|
||||
+++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
|
||||
.SH SYNOPSIS
|
||||
.PP
|
||||
-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
|
||||
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
|
||||
.B [username]
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
@@ -16,13 +16,16 @@ new user in net-snmp configuration file
|
||||
displays the net-snmp version number
|
||||
.TP
|
||||
\fB\-ro\fR
|
||||
-create an user with read-only permissions
|
||||
+creates a user with read-only permissions
|
||||
.TP
|
||||
-\fB\-a authpass\fR
|
||||
-specify authentication password
|
||||
+\fB\-A authpass\fR
|
||||
+specifies the authentication password
|
||||
.TP
|
||||
-\fB\-x privpass\fR
|
||||
-specify encryption password
|
||||
+\fB\-a MD5|SHA\fR
|
||||
+specifies the authentication password hashing algorithm
|
||||
.TP
|
||||
-\fB\-X DES|AES\fR
|
||||
-specify encryption algorithm
|
||||
+\fB\-X privpass\fR
|
||||
+specifies the encryption password
|
||||
+.TP
|
||||
+\fB\-x DES|AES\fR
|
||||
+specifies the encryption algorithm
|
@ -0,0 +1,83 @@
|
||||
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:12:19.583503903 +0200
|
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:50:38.599703588 +0200
|
||||
@@ -102,7 +102,6 @@ netsnmp_swinst_arch_load( netsnmp_contai
|
||||
rpmtd td_name, td_version, td_release, td_group, td_time;
|
||||
#else
|
||||
char *n, *v, *r, *g;
|
||||
- int32_t *t;
|
||||
#endif
|
||||
time_t install_time;
|
||||
size_t date_len;
|
||||
@@ -146,14 +145,13 @@ netsnmp_swinst_arch_load( netsnmp_contai
|
||||
install_time = rpmtdGetNumber(td_time);
|
||||
g = rpmtdGetString(td_group);
|
||||
#else
|
||||
- headerGetEntry( h, RPMTAG_NAME, NULL, (void**)&n, NULL);
|
||||
- headerGetEntry( h, RPMTAG_VERSION, NULL, (void**)&v, NULL);
|
||||
- headerGetEntry( h, RPMTAG_RELEASE, NULL, (void**)&r, NULL);
|
||||
- headerGetEntry( h, RPMTAG_GROUP, NULL, (void**)&g, NULL);
|
||||
- headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL);
|
||||
+ n = headerGetString( h, RPMTAG_NAME);
|
||||
+ v = headerGetString( h, RPMTAG_VERSION);
|
||||
+ r = headerGetString( h, RPMTAG_RELEASE);
|
||||
+ g = headerGetString( h, RPMTAG_GROUP);
|
||||
+ install_time = headerGetNumber( h, RPMTAG_INSTALLTIME);
|
||||
entry->swName_len = snprintf( entry->swName, sizeof(entry->swName),
|
||||
"%s-%s-%s", n, v, r);
|
||||
- install_time = *t;
|
||||
#endif
|
||||
entry->swType = (g && NULL != strstr( g, "System Environment"))
|
||||
? 2 /* operatingSystem */
|
||||
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||
--- a/agent/mibgroup/host/hr_swinst.c 2018-07-18 16:12:19.582503907 +0200
|
||||
+++ b/agent/mibgroup/host/hr_swinst.c 2018-07-18 17:09:29.716564197 +0200
|
||||
@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp,
|
||||
}
|
||||
#else
|
||||
# ifdef HAVE_LIBRPM
|
||||
- char *rpm_groups;
|
||||
- if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) {
|
||||
- if ( strstr(rpm_groups, "System Environment") != NULL )
|
||||
+ const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP);
|
||||
+ if ( NULL != rpm_group ) {
|
||||
+ if ( strstr(rpm_group, "System Environment") != NULL )
|
||||
long_return = 2; /* operatingSystem */
|
||||
else
|
||||
long_return = 4; /* applcation */
|
||||
@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp,
|
||||
case HRSWINST_DATE:
|
||||
{
|
||||
#ifdef HAVE_LIBRPM
|
||||
- int32_t *rpm_data;
|
||||
- if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) {
|
||||
- time_t installTime = *rpm_data;
|
||||
+ time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME);
|
||||
+ if ( 0 != installTime ) {
|
||||
ret = date_n_time(&installTime, var_len);
|
||||
} else {
|
||||
ret = date_n_time(NULL, var_len);
|
||||
@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix)
|
||||
if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) {
|
||||
int offset;
|
||||
Header h;
|
||||
- char *n, *v, *r;
|
||||
+ const char *n, *v, *r;
|
||||
|
||||
offset = swi->swi_recs[ix - 1];
|
||||
|
||||
@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix)
|
||||
swi->swi_h = h;
|
||||
swi->swi_prevx = ix;
|
||||
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL);
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v,
|
||||
- NULL);
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r,
|
||||
- NULL);
|
||||
+ n = headerGetString(swi->swi_h, RPMTAG_NAME);
|
||||
+ v = headerGetString(swi->swi_h, RPMTAG_VERSION);
|
||||
+ r = headerGetString(swi->swi_h, RPMTAG_RELEASE);
|
||||
snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r);
|
||||
swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
|
||||
}
|
@ -0,0 +1,28 @@
|
||||
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
index 695c469..dd0e487 100644
|
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
|
||||
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
|
||||
SNMP_FREE(rpmdbpath);
|
||||
dbpath = NULL;
|
||||
+#ifdef HAVE_RPMGETPATH
|
||||
+ rpmFreeRpmrc();
|
||||
+#endif
|
||||
if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||
snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
|
||||
pkg_directory[0] = '\0';
|
||||
diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||
index 1f52733..ccf1cab 100644
|
||||
--- a/agent/mibgroup/host/hr_swinst.c
|
||||
+++ b/agent/mibgroup/host/hr_swinst.c
|
||||
@@ -231,6 +231,9 @@ init_hr_swinst(void)
|
||||
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
|
||||
path[ sizeof(path)-1 ] = 0;
|
||||
swi->swi_directory = strdup(path);
|
||||
+#ifdef HAVE_RPMGETPATH
|
||||
+ rpmFreeRpmrc();
|
||||
+#endif
|
||||
}
|
||||
#else
|
||||
# ifdef _PATH_HRSW_directory
|
@ -0,0 +1,18 @@
|
||||
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||
index afd6fa4..07c26fe 100644
|
||||
--- a/net-snmp-create-v3-user.in
|
||||
+++ b/net-snmp-create-v3-user.in
|
||||
@@ -58,11 +58,11 @@ case $1 in
|
||||
exit 1
|
||||
fi
|
||||
case $1 in
|
||||
- DES|AES|AES128)
|
||||
+ DES|AES|AES128|AES192|AES256)
|
||||
Xalgorithm=$1
|
||||
shift
|
||||
;;
|
||||
- des|aes|aes128)
|
||||
+ des|aes|aes128|aes192|aes256)
|
||||
Xalgorithm=$(echo "$1" | tr a-z A-Z)
|
||||
shift
|
||||
;;
|
@ -0,0 +1,12 @@
|
||||
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
|
||||
index e7ca92f..80b3e0d 100644
|
||||
--- a/agent/mibgroup/host/hr_filesys.c
|
||||
+++ b/agent/mibgroup/host/hr_filesys.c
|
||||
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
|
||||
"shm",
|
||||
"sockfs",
|
||||
"sysfs",
|
||||
+ "tmpfs",
|
||||
"usbdevfs",
|
||||
"usbfs",
|
||||
#endif
|
@ -0,0 +1,20 @@
|
||||
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
|
||||
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
|
||||
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200
|
||||
@@ -1,3 +1,4 @@
|
||||
+use lib '.';
|
||||
use strict;
|
||||
use warnings;
|
||||
use ExtUtils::MakeMaker;
|
||||
diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
|
||||
--- a/perl/MakefileSubs.pm 2020-08-26 08:32:52.498909823 +0200
|
||||
+++ b/perl/MakefileSubs.pm 2020-08-26 08:36:44.097218448 +0200
|
||||
@@ -116,7 +116,7 @@ sub AddCommonParams {
|
||||
append($Params->{'CCFLAGS'}, $cflags);
|
||||
append($Params->{'CCFLAGS'}, $Config{'ccflags'});
|
||||
# Suppress known Perl header shortcomings.
|
||||
- $Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
|
||||
+ $Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
|
||||
append($Params->{'CCFLAGS'}, '-Wformat');
|
||||
}
|
||||
}
|
@ -0,0 +1,22 @@
|
||||
diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
|
||||
index e9a8831..5a1d8e7 100644
|
||||
--- a/agent/mibgroup/disman/event/mteTrigger.c
|
||||
+++ b/agent/mibgroup/disman/event/mteTrigger.c
|
||||
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
|
||||
* Similarly, if no fallEvent is configured,
|
||||
* there's no point in trying to fire it either.
|
||||
*/
|
||||
- if (entry->mteTThRiseEvent[0] != '\0' ) {
|
||||
+ if (entry->mteTThFallEvent[0] != '\0' ) {
|
||||
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||
entry->mteTriggerFired = vp1;
|
||||
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
|
||||
* Similarly, if no fallEvent is configured,
|
||||
* there's no point in trying to fire it either.
|
||||
*/
|
||||
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
|
||||
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
|
||||
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||
entry->mteTriggerFired = vp1;
|
@ -0,0 +1,30 @@
|
||||
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||
index 19895a1..ac3c60f 100644
|
||||
--- a/net-snmp-create-v3-user.in
|
||||
+++ b/net-snmp-create-v3-user.in
|
||||
@@ -14,6 +14,10 @@ Xalgorithm="DES"
|
||||
token=rwuser
|
||||
|
||||
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
|
||||
+case "$1" in
|
||||
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
||||
+ *) optarg= ;;
|
||||
+esac
|
||||
|
||||
unset shifted
|
||||
case $1 in
|
||||
@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
|
||||
touch "$outfile"
|
||||
fi
|
||||
echo "$line" >> "$outfile"
|
||||
-prefix=@prefix@
|
||||
-datarootdir=@datarootdir@
|
||||
-# To suppress shellcheck complaints about $prefix and $datarootdir.
|
||||
-: "$prefix" "$datarootdir"
|
||||
-outfile="@datadir@/snmp/snmpd.conf"
|
||||
+# Avoid that configure complains that this script ignores @datarootdir@
|
||||
+echo "@datarootdir@" >/dev/null
|
||||
+outfile="/etc/snmp/snmpd.conf"
|
||||
line="$token $user"
|
||||
echo "adding the following line to $outfile:"
|
||||
echo " $line"
|
@ -0,0 +1,855 @@
|
||||
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
|
||||
index 80e2a19..143adbb 100644
|
||||
--- a/include/net-snmp/library/cert_util.h
|
||||
+++ b/include/net-snmp/library/cert_util.h
|
||||
@@ -55,7 +55,8 @@ extern "C" {
|
||||
char *common_name;
|
||||
|
||||
u_char hash_type;
|
||||
- u_char _pad[3]; /* for future use */
|
||||
+ u_char _pad[1]; /* for future use */
|
||||
+ u_short offset;
|
||||
} netsnmp_cert;
|
||||
|
||||
/** types */
|
||||
@@ -100,6 +101,7 @@ extern "C" {
|
||||
|
||||
NETSNMP_IMPORT
|
||||
netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint);
|
||||
+ netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint);
|
||||
|
||||
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
|
||||
|
||||
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
|
||||
index 471bb0b..ac7f69a 100644
|
||||
--- a/include/net-snmp/library/dir_utils.h
|
||||
+++ b/include/net-snmp/library/dir_utils.h
|
||||
@@ -53,7 +53,8 @@ extern "C" {
|
||||
#define NETSNMP_DIR_NSFILE 0x0010
|
||||
/** load stats in netsnmp_file */
|
||||
#define NETSNMP_DIR_NSFILE_STATS 0x0020
|
||||
-
|
||||
+/** allow files to be indexed more than once */
|
||||
+#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
|
||||
index 210ad8b..b1f8144 100644
|
||||
--- a/snmplib/cert_util.c
|
||||
+++ b/snmplib/cert_util.c
|
||||
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
|
||||
* bump this value whenever cert index format changes, so indexes
|
||||
* will be regenerated with new format.
|
||||
*/
|
||||
-#define CERT_INDEX_FORMAT 1
|
||||
+#define CERT_INDEX_FORMAT 2
|
||||
|
||||
static netsnmp_container *_certs = NULL;
|
||||
static netsnmp_container *_keys = NULL;
|
||||
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
|
||||
netsnmp_cert_common *rhs);
|
||||
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
|
||||
static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
|
||||
+static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *matching);
|
||||
+static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *matching, int what);
|
||||
static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
|
||||
const char *directory);
|
||||
static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
|
||||
@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
|
||||
{
|
||||
netsnmp_container *c;
|
||||
|
||||
+ int rc;
|
||||
+
|
||||
c = netsnmp_container_find("certs:binary_array");
|
||||
if (NULL == c) {
|
||||
snmp_log(LOG_ERR, "could not create container for %s\n", use);
|
||||
@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
|
||||
c->free_item = (netsnmp_container_obj_func*)_cert_free;
|
||||
c->compare = (netsnmp_container_compare*)_cert_compare;
|
||||
|
||||
+ CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
+
|
||||
return c;
|
||||
}
|
||||
|
||||
@@ -362,6 +368,8 @@ _setup_containers(void)
|
||||
{
|
||||
netsnmp_container *additional_keys;
|
||||
|
||||
+ int rc;
|
||||
+
|
||||
_certs = _get_cert_container("netsnmp certificates");
|
||||
if (NULL == _certs)
|
||||
return;
|
||||
@@ -376,6 +384,7 @@ _setup_containers(void)
|
||||
additional_keys->container_name = strdup("certs_cn");
|
||||
additional_keys->free_item = NULL;
|
||||
additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
|
||||
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
netsnmp_container_add_index(_certs, additional_keys);
|
||||
|
||||
/** additional keys: subject name */
|
||||
@@ -389,6 +398,7 @@ _setup_containers(void)
|
||||
additional_keys->free_item = NULL;
|
||||
additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
|
||||
additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
|
||||
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
netsnmp_container_add_index(_certs, additional_keys);
|
||||
|
||||
/** additional keys: file name */
|
||||
@@ -402,6 +412,7 @@ _setup_containers(void)
|
||||
additional_keys->free_item = NULL;
|
||||
additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
|
||||
additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
|
||||
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
netsnmp_container_add_index(_certs, additional_keys);
|
||||
|
||||
_keys = netsnmp_container_find("cert_keys:binary_array");
|
||||
@@ -424,7 +435,7 @@ netsnmp_cert_map_container(void)
|
||||
}
|
||||
|
||||
static netsnmp_cert *
|
||||
-_new_cert(const char *dirname, const char *filename, int certType,
|
||||
+_new_cert(const char *dirname, const char *filename, int certType, int offset,
|
||||
int hashType, const char *fingerprint, const char *common_name,
|
||||
const char *subject)
|
||||
{
|
||||
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
|
||||
|
||||
cert->info.dir = strdup(dirname);
|
||||
cert->info.filename = strdup(filename);
|
||||
- cert->info.allowed_uses = NS_CERT_REMOTE_PEER;
|
||||
+ /* only the first certificate is allowed to be a remote peer */
|
||||
+ cert->info.allowed_uses = offset ? 0 : NS_CERT_REMOTE_PEER;
|
||||
cert->info.type = certType;
|
||||
+ cert->offset = offset;
|
||||
if (fingerprint) {
|
||||
cert->hash_type = hashType;
|
||||
cert->fingerprint = strdup(fingerprint);
|
||||
@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
|
||||
* certificate utility functions
|
||||
*
|
||||
*/
|
||||
+static BIO *
|
||||
+netsnmp_open_bio(const char *dir, const char *filename)
|
||||
+{
|
||||
+ BIO *certbio;
|
||||
+ char file[SNMP_MAXPATH];
|
||||
+
|
||||
+ DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename));
|
||||
+
|
||||
+ certbio = BIO_new(BIO_s_file());
|
||||
+ if (NULL == certbio) {
|
||||
+ snmp_log(LOG_ERR, "error creating BIO\n");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ snprintf(file, sizeof(file),"%s/%s", dir, filename);
|
||||
+ if (BIO_read_filename(certbio, file) <=0) {
|
||||
+ snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", file);
|
||||
+ BIO_vfree(certbio);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ return certbio;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert)
|
||||
+{
|
||||
+ int is_ca;
|
||||
+
|
||||
+ cert->ocert = ocert;
|
||||
+
|
||||
+ /*
|
||||
+ * X509_check_ca return codes:
|
||||
+ * 0 not a CA
|
||||
+ * 1 is a CA
|
||||
+ * 2 basicConstraints absent so "maybe" a CA
|
||||
+ * 3 basicConstraints absent but self signed V1.
|
||||
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
|
||||
+ * 5 outdated Netscape Certificate Type CA extension.
|
||||
+ */
|
||||
+ is_ca = X509_check_ca(ocert);
|
||||
+ if (1 == is_ca)
|
||||
+ cert->info.allowed_uses |= NS_CERT_CA;
|
||||
+
|
||||
+ if (NULL == cert->subject) {
|
||||
+ cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
|
||||
+ 0);
|
||||
+ DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
|
||||
+ }
|
||||
+
|
||||
+ if (NULL == cert->issuer) {
|
||||
+ cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
|
||||
+ if (strcmp(cert->subject, cert->issuer) == 0) {
|
||||
+ free(cert->issuer);
|
||||
+ cert->issuer = strdup("self-signed");
|
||||
+ }
|
||||
+ DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
|
||||
+ }
|
||||
+
|
||||
+ if (NULL == cert->fingerprint) {
|
||||
+ cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
|
||||
+ cert->fingerprint =
|
||||
+ netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
|
||||
+ }
|
||||
+
|
||||
+ if (NULL == cert->common_name) {
|
||||
+ cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
|
||||
+ NULL);
|
||||
+ DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
|
||||
+ }
|
||||
+
|
||||
+}
|
||||
+
|
||||
static X509 *
|
||||
netsnmp_ocert_get(netsnmp_cert *cert)
|
||||
{
|
||||
BIO *certbio;
|
||||
X509 *ocert = NULL;
|
||||
+ X509 *ncert = NULL;
|
||||
EVP_PKEY *okey = NULL;
|
||||
- char file[SNMP_MAXPATH];
|
||||
- int is_ca;
|
||||
|
||||
if (NULL == cert)
|
||||
return NULL;
|
||||
@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
|
||||
}
|
||||
}
|
||||
|
||||
- DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename));
|
||||
-
|
||||
- certbio = BIO_new(BIO_s_file());
|
||||
- if (NULL == certbio) {
|
||||
- snmp_log(LOG_ERR, "error creating BIO\n");
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
|
||||
- if (BIO_read_filename(certbio, file) <=0) {
|
||||
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
|
||||
- BIO_vfree(certbio);
|
||||
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
|
||||
+ if (!certbio) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
|
||||
- char *pos = strrchr(cert->info.filename, '.');
|
||||
- if (NULL == pos)
|
||||
- return NULL;
|
||||
- cert->info.type = _cert_ext_type(++pos);
|
||||
- netsnmp_assert(cert->info.type != NS_CERT_TYPE_UNKNOWN);
|
||||
- }
|
||||
-
|
||||
switch (cert->info.type) {
|
||||
|
||||
case NS_CERT_TYPE_DER:
|
||||
+ (void)BIO_seek(certbio, cert->offset);
|
||||
ocert = d2i_X509_bio(certbio,NULL); /* DER/ASN1 */
|
||||
if (NULL != ocert)
|
||||
break;
|
||||
- (void)BIO_reset(certbio);
|
||||
/* Check for PEM if DER didn't work */
|
||||
/* FALLTHROUGH */
|
||||
|
||||
case NS_CERT_TYPE_PEM:
|
||||
- ocert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||
+ (void)BIO_seek(certbio, cert->offset);
|
||||
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||
if (NULL == ocert)
|
||||
break;
|
||||
if (NS_CERT_TYPE_DER == cert->info.type) {
|
||||
DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
|
||||
cert->info.type = NS_CERT_TYPE_PEM;
|
||||
}
|
||||
- /** check for private key too */
|
||||
- if (NULL == cert->key) {
|
||||
- (void)BIO_reset(certbio);
|
||||
- okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||
+ /** check for private key too, but only if we're the first certificate */
|
||||
+ if (0 == cert->offset && NULL == cert->key) {
|
||||
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||
if (NULL != okey) {
|
||||
netsnmp_key *key;
|
||||
DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
|
||||
@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
|
||||
break;
|
||||
#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
|
||||
case NS_CERT_TYPE_PKCS12:
|
||||
- (void)BIO_reset(certbio);
|
||||
+ (void)BIO_seek(certbio, cert->offset);
|
||||
PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
|
||||
if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
|
||||
PKCS12_verify_mac(p12, NULL, 0)))
|
||||
@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- cert->ocert = ocert;
|
||||
- /*
|
||||
- * X509_check_ca return codes:
|
||||
- * 0 not a CA
|
||||
- * 1 is a CA
|
||||
- * 2 basicConstraints absent so "maybe" a CA
|
||||
- * 3 basicConstraints absent but self signed V1.
|
||||
- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
|
||||
- * 5 outdated Netscape Certificate Type CA extension.
|
||||
- */
|
||||
- is_ca = X509_check_ca(ocert);
|
||||
- if (1 == is_ca)
|
||||
- cert->info.allowed_uses |= NS_CERT_CA;
|
||||
-
|
||||
- if (NULL == cert->subject) {
|
||||
- cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
|
||||
- 0);
|
||||
- DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
|
||||
- }
|
||||
-
|
||||
- if (NULL == cert->issuer) {
|
||||
- cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
|
||||
- if (strcmp(cert->subject, cert->issuer) == 0) {
|
||||
- free(cert->issuer);
|
||||
- cert->issuer = strdup("self-signed");
|
||||
- }
|
||||
- DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
|
||||
- }
|
||||
-
|
||||
- if (NULL == cert->fingerprint) {
|
||||
- cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
|
||||
- cert->fingerprint =
|
||||
- netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
|
||||
- }
|
||||
-
|
||||
- if (NULL == cert->common_name) {
|
||||
- cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
|
||||
- NULL);
|
||||
- DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
|
||||
- }
|
||||
+ netsnmp_ocert_parse(cert, ocert);
|
||||
|
||||
return ocert;
|
||||
}
|
||||
@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key)
|
||||
{
|
||||
BIO *keybio;
|
||||
EVP_PKEY *okey;
|
||||
- char file[SNMP_MAXPATH];
|
||||
|
||||
if (NULL == key)
|
||||
return NULL;
|
||||
@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key)
|
||||
if (key->okey)
|
||||
return key->okey;
|
||||
|
||||
- snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename);
|
||||
- DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename));
|
||||
-
|
||||
- keybio = BIO_new(BIO_s_file());
|
||||
- if (NULL == keybio) {
|
||||
- snmp_log(LOG_ERR, "error creating BIO\n");
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- if (BIO_read_filename(keybio, file) <=0) {
|
||||
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n",
|
||||
- key->info.filename);
|
||||
- BIO_vfree(keybio);
|
||||
+ keybio = netsnmp_open_bio(key->info.dir, key->info.filename);
|
||||
+ if (!keybio) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
|
||||
cert->issuer_cert = _find_issuer(cert);
|
||||
if (NULL == cert->issuer_cert) {
|
||||
DEBUGMSGT(("cert:load:warn",
|
||||
- "couldn't load CA chain for cert %s\n",
|
||||
+ "couldn't load full CA chain for cert %s\n",
|
||||
cert->info.filename));
|
||||
rc = CERT_LOAD_PARTIAL;
|
||||
break;
|
||||
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
|
||||
/** get issuer ocert */
|
||||
if ((NULL == cert->issuer_cert->ocert) &&
|
||||
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
|
||||
- DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n",
|
||||
+ DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for %s\n",
|
||||
cert->info.filename));
|
||||
rc = CERT_LOAD_PARTIAL;
|
||||
break;
|
||||
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||
return;
|
||||
}
|
||||
|
||||
- if(key) {
|
||||
+ if (key) {
|
||||
if (key->cert) {
|
||||
DEBUGMSGT(("cert:partner", "key already has partner\n"));
|
||||
return;
|
||||
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||
return;
|
||||
*pos = 0;
|
||||
|
||||
- matching = _cert_find_subset_fn( filename, key->info.dir );
|
||||
+ matching = _cert_reduce_subset_first(_cert_find_subset_fn( filename,
|
||||
+ key->info.dir ));
|
||||
if (!matching)
|
||||
return;
|
||||
if (1 == matching->size) {
|
||||
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
|
||||
key->info.filename));
|
||||
}
|
||||
- else if(cert) {
|
||||
+ else if (cert) {
|
||||
if (cert->key) {
|
||||
DEBUGMSGT(("cert:partner", "cert already has partner\n"));
|
||||
return;
|
||||
@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||
}
|
||||
}
|
||||
|
||||
+static netsnmp_key *
|
||||
+_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *index)
|
||||
+{
|
||||
+ netsnmp_key *key;
|
||||
+
|
||||
+ key = _new_key(dirname, filename);
|
||||
+ if (NULL == key) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ key->okey = okey;
|
||||
+
|
||||
+ if (-1 == CONTAINER_INSERT(_keys, key)) {
|
||||
+ DEBUGMSGT(("cert:key:file:add:err",
|
||||
+ "error inserting key into container\n"));
|
||||
+ netsnmp_key_free(key);
|
||||
+ key = NULL;
|
||||
+ }
|
||||
+ if (index) {
|
||||
+ fprintf(index, "k:%s\n", filename);
|
||||
+ }
|
||||
+
|
||||
+ return key;
|
||||
+}
|
||||
+
|
||||
+static netsnmp_cert *
|
||||
+_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, FILE *index)
|
||||
+{
|
||||
+ netsnmp_cert *cert;
|
||||
+
|
||||
+ cert = _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NULL);
|
||||
+ if (NULL == cert)
|
||||
+ return NULL;
|
||||
+
|
||||
+ netsnmp_ocert_parse(cert, ocert);
|
||||
+
|
||||
+ if (-1 == CONTAINER_INSERT(_certs, cert)) {
|
||||
+ DEBUGMSGT(("cert:file:add:err",
|
||||
+ "error inserting cert into container\n"));
|
||||
+ netsnmp_cert_free(cert);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (index) {
|
||||
+ /** filename = NAME_MAX = 255 */
|
||||
+ /** fingerprint max = 64*3=192 for sha512 */
|
||||
+ /** common name / CN = 64 */
|
||||
+ if (cert)
|
||||
+ fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename,
|
||||
+ cert->info.type, cert->offset, cert->hash_type, cert->fingerprint,
|
||||
+ cert->common_name, cert->subject);
|
||||
+ }
|
||||
+
|
||||
+ return cert;
|
||||
+}
|
||||
+
|
||||
static int
|
||||
_add_certfile(const char* dirname, const char* filename, FILE *index)
|
||||
{
|
||||
- X509 *ocert;
|
||||
- EVP_PKEY *okey;
|
||||
+ BIO *certbio;
|
||||
+ X509 *ocert = NULL;
|
||||
+ X509 *ncert;
|
||||
+ EVP_PKEY *okey = NULL;
|
||||
netsnmp_cert *cert = NULL;
|
||||
netsnmp_key *key = NULL;
|
||||
char certfile[SNMP_MAXPATH];
|
||||
int type;
|
||||
+ int offset = 0;
|
||||
|
||||
if (((const void*)NULL == dirname) || (NULL == filename))
|
||||
return -1;
|
||||
|
||||
type = _type_from_filename(filename);
|
||||
- netsnmp_assert(type != NS_CERT_TYPE_UNKNOWN);
|
||||
+ if (type == NS_CERT_TYPE_UNKNOWN) {
|
||||
+ snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignoring\n", filename);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
- snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename);
|
||||
+ certbio = netsnmp_open_bio(dirname, filename);
|
||||
+ if (!certbio) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
- DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename,
|
||||
- type));
|
||||
+ switch (type) {
|
||||
|
||||
- if (NS_CERT_TYPE_KEY == type) {
|
||||
- key = _new_key(dirname, filename);
|
||||
- if (NULL == key)
|
||||
- return -1;
|
||||
- okey = netsnmp_okey_get(key);
|
||||
- if (NULL == okey) {
|
||||
- netsnmp_key_free(key);
|
||||
- return -1;
|
||||
- }
|
||||
- key->okey = okey;
|
||||
- if (-1 == CONTAINER_INSERT(_keys, key)) {
|
||||
- DEBUGMSGT(("cert:key:file:add:err",
|
||||
- "error inserting key into container\n"));
|
||||
- netsnmp_key_free(key);
|
||||
- key = NULL;
|
||||
- }
|
||||
- }
|
||||
- else {
|
||||
- cert = _new_cert(dirname, filename, type, -1, NULL, NULL, NULL);
|
||||
- if (NULL == cert)
|
||||
- return -1;
|
||||
- ocert = netsnmp_ocert_get(cert);
|
||||
- if (NULL == ocert) {
|
||||
- netsnmp_cert_free(cert);
|
||||
- return -1;
|
||||
- }
|
||||
- cert->ocert = ocert;
|
||||
- if (-1 == CONTAINER_INSERT(_certs, cert)) {
|
||||
- DEBUGMSGT(("cert:file:add:err",
|
||||
- "error inserting cert into container\n"));
|
||||
- netsnmp_cert_free(cert);
|
||||
- cert = NULL;
|
||||
- }
|
||||
- }
|
||||
- if ((NULL == cert) && (NULL == key)) {
|
||||
- DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile));
|
||||
- return -1;
|
||||
+ case NS_CERT_TYPE_KEY:
|
||||
+
|
||||
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||
+ if (NULL == okey)
|
||||
+ snmp_log(LOG_ERR, "error parsing key file %s\n",
|
||||
+ key->info.filename);
|
||||
+ else {
|
||||
+ key = _add_key(okey, dirname, filename, index);
|
||||
+ if (NULL == key) {
|
||||
+ EVP_PKEY_free(okey);
|
||||
+ okey = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
+ case NS_CERT_TYPE_DER:
|
||||
+
|
||||
+ ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */
|
||||
+ if (NULL != ocert) {
|
||||
+ if (!_add_cert(ocert, dirname, filename, type, 0, index)) {
|
||||
+ X509_free(ocert);
|
||||
+ ocert = NULL;
|
||||
+ }
|
||||
+ break;
|
||||
+ }
|
||||
+ (void)BIO_reset(certbio);
|
||||
+ /* Check for PEM if DER didn't work */
|
||||
+ /* FALLTHROUGH */
|
||||
+
|
||||
+ case NS_CERT_TYPE_PEM:
|
||||
+
|
||||
+ if (NS_CERT_TYPE_DER == type) {
|
||||
+ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
|
||||
+ type = NS_CERT_TYPE_PEM;
|
||||
+ }
|
||||
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||
+ if (NULL != ocert) {
|
||||
+ cert = _add_cert(ncert, dirname, filename, type, offset, index);
|
||||
+ if (NULL == cert) {
|
||||
+ X509_free(ocert);
|
||||
+ ocert = ncert = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ while (NULL != ncert) {
|
||||
+ offset = BIO_tell(certbio);
|
||||
+ ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||
+ if (ncert) {
|
||||
+ if (NULL == _add_cert(ncert, dirname, filename, type, offset, index)) {
|
||||
+ X509_free(ncert);
|
||||
+ ncert = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ BIO_seek(certbio, offset);
|
||||
+
|
||||
+ /** check for private key too */
|
||||
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||
+
|
||||
+ if (NULL != okey) {
|
||||
+ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
|
||||
+ cert->info.filename));
|
||||
+ key = _add_key(okey, dirname, filename, NULL);
|
||||
+ if (NULL != key) {
|
||||
+ DEBUGMSGT(("cert:read:partner", "%s match found!\n",
|
||||
+ cert->info.filename));
|
||||
+ key->cert = cert;
|
||||
+ cert->key = key;
|
||||
+ cert->info.allowed_uses |= NS_CERT_IDENTITY;
|
||||
+ }
|
||||
+ else {
|
||||
+ EVP_PKEY_free(okey);
|
||||
+ okey = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ break;
|
||||
+
|
||||
+#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
|
||||
+ case NS_CERT_TYPE_PKCS12:
|
||||
+#endif
|
||||
+
|
||||
+ default:
|
||||
+ break;
|
||||
}
|
||||
|
||||
- if (index) {
|
||||
- /** filename = NAME_MAX = 255 */
|
||||
- /** fingerprint max = 64*3=192 for sha512 */
|
||||
- /** common name / CN = 64 */
|
||||
- if (cert)
|
||||
- fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename,
|
||||
- cert->info.type, cert->hash_type, cert->fingerprint,
|
||||
- cert->common_name, cert->subject);
|
||||
- else if (key)
|
||||
- fprintf(index, "k:%s\n", filename);
|
||||
+ BIO_vfree(certbio);
|
||||
+
|
||||
+ if ((NULL == ocert) && (NULL == okey)) {
|
||||
+ snmp_log(LOG_ERR, "certificate file '%s' contained neither certificate nor key, ignoring\n", certfile);
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||
struct stat idx_stat;
|
||||
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
|
||||
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
|
||||
- char subject[SNMP_MAXBUF_SMALL], hash_str[15];
|
||||
+ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15];
|
||||
+ ssize_t offset;
|
||||
int count = 0, type, hash, version;
|
||||
netsnmp_cert *cert;
|
||||
netsnmp_key *key;
|
||||
@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||
netsnmp_directory_container_read_some(NULL, dirname,
|
||||
_time_filter, &idx_stat,
|
||||
NETSNMP_DIR_NSFILE |
|
||||
- NETSNMP_DIR_NSFILE_STATS);
|
||||
+ NETSNMP_DIR_NSFILE_STATS |
|
||||
+ NETSNMP_DIR_ALLOW_DUPLICATES);
|
||||
if (newer) {
|
||||
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
|
||||
CONTAINER_FREE_ALL(newer, NULL);
|
||||
@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||
pos = &tmpstr[2];
|
||||
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
|
||||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
|
||||
+ (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) ||
|
||||
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
|
||||
(NULL == (pos=copy_nword(pos, fingerprint,
|
||||
sizeof(fingerprint)))) ||
|
||||
@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||
break;
|
||||
}
|
||||
type = atoi(type_str);
|
||||
+ offset = atoi(offset_str);
|
||||
hash = atoi(hash_str);
|
||||
- cert = _new_cert(dirname, filename, type, hash, fingerprint,
|
||||
+ cert = _new_cert(dirname, filename, type, offset, hash, fingerprint,
|
||||
common_name, subject);
|
||||
if (cert && 0 == CONTAINER_INSERT(found, cert))
|
||||
++count;
|
||||
@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname)
|
||||
netsnmp_directory_container_read_some(NULL, dirname,
|
||||
_cert_cert_filter, NULL,
|
||||
NETSNMP_DIR_RELATIVE_PATH |
|
||||
- NETSNMP_DIR_EMPTY_OK );
|
||||
+ NETSNMP_DIR_EMPTY_OK |
|
||||
+ NETSNMP_DIR_ALLOW_DUPLICATES);
|
||||
if (NULL == cert_container) {
|
||||
DEBUGMSGT(("cert:index:dir",
|
||||
"error creating container for cert files\n"));
|
||||
@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context)
|
||||
if (NULL == c)
|
||||
return;
|
||||
|
||||
- DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.dir));
|
||||
+ DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filename, c->info.dir, c->offset));
|
||||
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
|
||||
c->info.type, c->info.allowed_uses,
|
||||
_mode_str(c->info.allowed_uses)));
|
||||
@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint)
|
||||
netsnmp_void_array *matching;
|
||||
|
||||
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
|
||||
- matching = _cert_find_subset_fn( filename, NULL );
|
||||
+ matching = _cert_reduce_subset_what(_cert_find_subset_fn(
|
||||
+ filename, NULL ), what);
|
||||
if (!matching)
|
||||
return NULL;
|
||||
if (1 == matching->size)
|
||||
@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
|
||||
}
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * reduce subset by eliminating any certificates that are not the
|
||||
+ * first certficate in a file. This allows us to ignore certificate
|
||||
+ * chains when testing for specific certificates, and to match keys
|
||||
+ * to the first certificate only.
|
||||
+ */
|
||||
+static netsnmp_void_array *
|
||||
+_cert_reduce_subset_first(netsnmp_void_array *matching)
|
||||
+{
|
||||
+ netsnmp_cert *cc;
|
||||
+ int i = 0, j, newsize;
|
||||
+
|
||||
+ if ((NULL == matching))
|
||||
+ return matching;
|
||||
+
|
||||
+ newsize = matching->size;
|
||||
+
|
||||
+ for( ; i < matching->size; ) {
|
||||
+ /*
|
||||
+ * if we've shifted matches down we'll hit a NULL entry before
|
||||
+ * we hit the end of the array.
|
||||
+ */
|
||||
+ if (NULL == matching->array[i])
|
||||
+ break;
|
||||
+ /*
|
||||
+ * skip over valid matches. The first entry has an offset of zero.
|
||||
+ */
|
||||
+ cc = (netsnmp_cert*)matching->array[i];
|
||||
+ if (0 == cc->offset) {
|
||||
+ ++i;
|
||||
+ continue;
|
||||
+ }
|
||||
+ /*
|
||||
+ * shrink array by shifting everything down a spot. Might not be
|
||||
+ * the most efficient soloution, but this is just happening at
|
||||
+ * startup and hopefully most certs won't have common prefixes.
|
||||
+ */
|
||||
+ --newsize;
|
||||
+ for ( j=i; j < newsize; ++j )
|
||||
+ matching->array[j] = matching->array[j+1];
|
||||
+ matching->array[j] = NULL;
|
||||
+ /** no ++i; just shifted down, need to look at same position again */
|
||||
+ }
|
||||
+ /*
|
||||
+ * if we shifted, set the new size
|
||||
+ */
|
||||
+ if (newsize != matching->size) {
|
||||
+ DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d to %d\n",
|
||||
+ matching->size, newsize));
|
||||
+ matching->size = newsize;
|
||||
+ }
|
||||
+
|
||||
+ if (0 == matching->size) {
|
||||
+ free(matching->array);
|
||||
+ SNMP_FREE(matching);
|
||||
+ }
|
||||
+
|
||||
+ return matching;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * reduce subset by eliminating any certificates that do not match
|
||||
+ * purpose specified.
|
||||
+ */
|
||||
+static netsnmp_void_array *
|
||||
+_cert_reduce_subset_what(netsnmp_void_array *matching, int what)
|
||||
+{
|
||||
+ netsnmp_cert_common *cc;
|
||||
+ int i = 0, j, newsize;
|
||||
+
|
||||
+ if ((NULL == matching))
|
||||
+ return matching;
|
||||
+
|
||||
+ newsize = matching->size;
|
||||
+
|
||||
+ for( ; i < matching->size; ) {
|
||||
+ /*
|
||||
+ * if we've shifted matches down we'll hit a NULL entry before
|
||||
+ * we hit the end of the array.
|
||||
+ */
|
||||
+ if (NULL == matching->array[i])
|
||||
+ break;
|
||||
+ /*
|
||||
+ * skip over valid matches. The first entry has an offset of zero.
|
||||
+ */
|
||||
+ cc = (netsnmp_cert_common *)matching->array[i];
|
||||
+ if ((cc->allowed_uses & what)) {
|
||||
+ ++i;
|
||||
+ continue;
|
||||
+ }
|
||||
+ /*
|
||||
+ * shrink array by shifting everything down a spot. Might not be
|
||||
+ * the most efficient soloution, but this is just happening at
|
||||
+ * startup and hopefully most certs won't have common prefixes.
|
||||
+ */
|
||||
+ --newsize;
|
||||
+ for ( j=i; j < newsize; ++j )
|
||||
+ matching->array[j] = matching->array[j+1];
|
||||
+ matching->array[j] = NULL;
|
||||
+ /** no ++i; just shifted down, need to look at same position again */
|
||||
+ }
|
||||
+ /*
|
||||
+ * if we shifted, set the new size
|
||||
+ */
|
||||
+ if (newsize != matching->size) {
|
||||
+ DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to %d\n",
|
||||
+ matching->size, newsize));
|
||||
+ matching->size = newsize;
|
||||
+ }
|
||||
+
|
||||
+ if (0 == matching->size) {
|
||||
+ free(matching->array);
|
||||
+ SNMP_FREE(matching);
|
||||
+ }
|
||||
+
|
||||
+ return matching;
|
||||
+}
|
||||
+
|
||||
static netsnmp_void_array *
|
||||
_cert_find_subset_common(const char *filename, netsnmp_container *container)
|
||||
{
|
||||
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
|
||||
index c2dd989..e7145e4 100644
|
||||
--- a/snmplib/dir_utils.c
|
||||
+++ b/snmplib/dir_utils.c
|
||||
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
|
||||
/** default to unsorted */
|
||||
if (! (flags & NETSNMP_DIR_SORTED))
|
||||
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
|
||||
+ /** default to duplicates not allowed */
|
||||
+ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
|
||||
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
}
|
||||
|
||||
dir = opendir(dirname);
|
@ -0,0 +1,12 @@
|
||||
diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
|
||||
--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100
|
||||
+++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100
|
||||
@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
|
||||
char *
|
||||
snmp_log_syslogname(const char *pstr)
|
||||
{
|
||||
- if (pstr)
|
||||
+ if (pstr && (pstr != syslogname))
|
||||
strlcpy (syslogname, pstr, sizeof(syslogname));
|
||||
|
||||
return syslogname;
|
@ -0,0 +1,28 @@
|
||||
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
index 6d5e86c..68b55d2 100644
|
||||
--- a/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
|
||||
if (first)
|
||||
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
|
||||
}
|
||||
+ b = strstr(buff, "SReclaimable: ");
|
||||
+ if (b)
|
||||
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
|
||||
+ else {
|
||||
+ if (first)
|
||||
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
|
||||
+ }
|
||||
b = strstr(buff, "SwapFree: ");
|
||||
if (b)
|
||||
sscanf(b, "SwapFree: %lu", &swapfree);
|
||||
@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
|
||||
if (first)
|
||||
snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
|
||||
}
|
||||
- b = strstr(buff, "SReclaimable: ");
|
||||
- if (b)
|
||||
- sscanf(b, "SReclaimable: %lu", &sreclaimable);
|
||||
first = 0;
|
||||
|
||||
|
@ -0,0 +1,48 @@
|
||||
diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
|
||||
index 90b20d9..bd5abe1 100644
|
||||
--- a/man/netsnmp_config_api.3.def
|
||||
+++ b/man/netsnmp_config_api.3.def
|
||||
@@ -295,7 +295,7 @@ for one particular machine.
|
||||
.PP
|
||||
The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
|
||||
followed by \fC DATADIR/snmp\fP,
|
||||
-followed by \fC LIBDIR/snmp\fP,
|
||||
+followed by \fC /usr/lib(64)/snmp\fP,
|
||||
followed by \fC $HOME/.snmp\fP.
|
||||
This list can be changed by setting the environmental variable
|
||||
.I SNMPCONFPATH
|
||||
@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration
|
||||
files in.
|
||||
Default:
|
||||
.br
|
||||
-SYSCONFDIR/snmp:\:DATADIR/snmp:\:LIBDIR/snmp:\:$HOME/.snmp
|
||||
+SYSCONFDIR/snmp:\:DATADIR/snmp:\:/usr/lib(64)/snmp:\:$HOME/.snmp
|
||||
.SH "SEE ALSO"
|
||||
netsnmp_mib_api(3), snmp_api(3)
|
||||
.\" Local Variables:
|
||||
diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def
|
||||
index fd30873..c3437d6 100644
|
||||
--- a/man/snmp_config.5.def
|
||||
+++ b/man/snmp_config.5.def
|
||||
@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
|
||||
found and read from. By default, the applications look for
|
||||
configuration files in the following 4 directories, in order:
|
||||
SYSCONFDIR/snmp,
|
||||
-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these
|
||||
+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these
|
||||
directories, it looks for files snmp.conf, snmpd.conf and/or
|
||||
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
|
||||
and/or snmptrapd.local.conf. *.local.conf are always
|
||||
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
|
||||
index 7ce8a46..a4000f9 100644
|
||||
--- a/man/snmpd.conf.5.def
|
||||
+++ b/man/snmpd.conf.5.def
|
||||
@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
|
||||
.RS
|
||||
.IP "Note:"
|
||||
If the specified PATH is not a fully qualified filename, it will
|
||||
-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
|
||||
+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
|
||||
will be appended to the filename.
|
||||
.RE
|
||||
.PP
|
@ -0,0 +1,26 @@
|
||||
diff --git a/agent/Makefile.in b/agent/Makefile.in
|
||||
index 047d880..38d40aa 100644
|
||||
--- a/agent/Makefile.in
|
||||
+++ b/agent/Makefile.in
|
||||
@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
|
||||
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
|
||||
|
||||
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
|
||||
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||
|
||||
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
|
||||
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
|
||||
diff --git a/apps/Makefile.in b/apps/Makefile.in
|
||||
index 3dbb1d1..48ed23a 100644
|
||||
--- a/apps/Makefile.in
|
||||
+++ b/apps/Makefile.in
|
||||
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
|
||||
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||
|
||||
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
|
||||
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
@ -0,0 +1,38 @@
|
||||
diff --git a/Makefile.in b/Makefile.in
|
||||
index 912f6b2..862fb5f 100644
|
||||
--- a/Makefile.in
|
||||
+++ b/Makefile.in
|
||||
@@ -227,7 +227,7 @@ perlcleanfeatures:
|
||||
|
||||
# python specific build rules
|
||||
#
|
||||
-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
|
||||
+PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
|
||||
pythonmodules: subdirs
|
||||
@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
|
||||
if test $$? != 0 ; then \
|
||||
diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
|
||||
index daf11a4..3a30a64 100644
|
||||
--- a/python/netsnmp/client.py
|
||||
+++ b/python/netsnmp/client.py
|
||||
@@ -56,7 +56,7 @@ class Varbind(object):
|
||||
def __init__(self, tag=None, iid=None, val=None, type_arg=None):
|
||||
self.tag = STR(tag)
|
||||
self.iid = STR(iid)
|
||||
- self.val = STR(val)
|
||||
+ self.val = val
|
||||
self.type = STR(type_arg)
|
||||
# parse iid out of tag if needed
|
||||
if iid is None and tag is not None:
|
||||
@@ -66,7 +66,10 @@ class Varbind(object):
|
||||
(self.tag, self.iid) = match.group(1, 2)
|
||||
|
||||
def __setattr__(self, name, val):
|
||||
- self.__dict__[name] = STR(val)
|
||||
+ if name == 'val':
|
||||
+ self.__dict__[name] = val
|
||||
+ else:
|
||||
+ self.__dict__[name] = STR(val)
|
||||
|
||||
def __str__(self):
|
||||
return obj_to_str(self)
|
@ -0,0 +1,65 @@
|
||||
From ed4ee14af5b83fa4a86dfaa783f841d3e8545ce4 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
|
||||
Date: Wed, 9 Aug 2023 16:51:28 +0200
|
||||
Subject: [PATCH] Add support for RPM SQLite DB background.
|
||||
|
||||
From RPM 4.16 the SQLite support is available for RPM DB.
|
||||
After https://fedoraproject.org/wiki/Changes/Sqlite_Rpmdb, rpm changed
|
||||
it's background DB from Berkeley to SQLite in Fedora.
|
||||
Net-SNMP is using hard coded paths to determine where RPM DB files are.
|
||||
|
||||
This update is adding check for rpmdb.sqlite file in order to be able
|
||||
invalidate internal cache after system package change.
|
||||
|
||||
Closes #596
|
||||
---
|
||||
agent/mibgroup/host/data_access/swinst_rpm.c | 18 +++++++++++++-----
|
||||
agent/mibgroup/host/hr_swinst.c | 3 +++
|
||||
2 files changed, 16 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
index 050edff307..7ad91a3194 100644
|
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
@@ -73,15 +73,23 @@ netsnmp_swinst_arch_init(void)
|
||||
#endif
|
||||
|
||||
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
|
||||
+
|
||||
+ if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||
+
|
||||
+ /* check for SQLite DB backend */
|
||||
+ snprintf( pkg_directory, SNMP_MAXPATH, "%s/rpmdb.sqlite", dbpath );
|
||||
+
|
||||
+ if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||
+ snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
|
||||
+ pkg_directory[0] = '\0';
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
SNMP_FREE(rpmdbpath);
|
||||
dbpath = NULL;
|
||||
#ifdef HAVE_RPMGETPATH
|
||||
rpmFreeRpmrc();
|
||||
-#endif
|
||||
- if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||
- snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
|
||||
- pkg_directory[0] = '\0';
|
||||
- }
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||
--- a/agent/mibgroup/host/hr_swinst.c 2023-07-31 11:37:44.855071535 +0200
|
||||
+++ b/agent/mibgroup/host/hr_swinst.c 2023-08-14 12:45:14.846357019 +0200
|
||||
@@ -229,6 +229,9 @@ init_hr_swinst(void)
|
||||
snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath);
|
||||
if (stat(path, &stat_buf) == -1)
|
||||
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
|
||||
+ /* check for SQLite DB backend */
|
||||
+ if (stat(path, &stat_buf) == -1)
|
||||
+ snprintf(path, sizeof(path), "%s/rpmdb.sqlite", swi->swi_dbpath);
|
||||
path[ sizeof(path)-1 ] = 0;
|
||||
swi->swi_directory = strdup(path);
|
||||
#ifdef HAVE_RPMGETPATH
|
@ -0,0 +1,110 @@
|
||||
diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
|
||||
index 6c07f74..7df0b51 100644
|
||||
--- a/testing/fulltests/default/T070com2sec_simple
|
||||
+++ b/testing/fulltests/default/T070com2sec_simple
|
||||
@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
|
||||
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
|
||||
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
|
||||
|
||||
-if false; then
|
||||
- # The two tests below have been disabled because these rely on resolving a
|
||||
- # domain name into a local IP address. Such DNS replies are filtered out by
|
||||
- # many security devices because to avoid DNS rebinding attacks. See also
|
||||
- # https://en.wikipedia.org/wiki/DNS_rebinding.
|
||||
-
|
||||
- CHECKAGENT '<"c408a"'
|
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
- CHECKAGENT 'line 32: Error:'
|
||||
- if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
- return_value=1
|
||||
- FINISHED
|
||||
- fi
|
||||
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+FINISHED
|
||||
+
|
||||
+# don't test the rest, it depends on DNS, which is not available in Koji
|
||||
+
|
||||
+CHECKAGENT '<"c408a"'
|
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
+ CHECKAGENT 'line 32: Error:'
|
||||
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
return_value=1
|
||||
FINISHED
|
||||
fi
|
||||
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+ return_value=1
|
||||
+ FINISHED
|
||||
+fi
|
||||
|
||||
- CHECKAGENT '<"c408b"'
|
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
- CHECKAGENT 'line 33: Error:'
|
||||
- if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
- return_value=1
|
||||
- fi
|
||||
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+CHECKAGENT '<"c408b"'
|
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
+ CHECKAGENT 'line 33: Error:'
|
||||
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
return_value=1
|
||||
fi
|
||||
-
|
||||
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+ return_value=1
|
||||
fi
|
||||
|
||||
FINISHED
|
||||
diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
|
||||
index 76da70b..bc2d432 100644
|
||||
--- a/testing/fulltests/default/T071com2sec6_simple
|
||||
+++ b/testing/fulltests/default/T071com2sec6_simple
|
||||
@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
|
||||
SAVECHECKAGENT 'line 27: Error:'
|
||||
SAVECHECKAGENT 'line 28: Error:'
|
||||
|
||||
-if false; then
|
||||
- # The two tests below have been disabled because these rely on resolving a
|
||||
- # domain name into a local IP address. Such DNS replies are filtered out by
|
||||
- # many security devices because to avoid DNS rebinding attacks. See also
|
||||
- # https://en.wikipedia.org/wiki/DNS_rebinding.
|
||||
-
|
||||
- # 608
|
||||
- CHECKAGENT '<"c608a"'
|
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
- CHECKAGENT 'line 29: Error:'
|
||||
- errnum=`expr $errnum - 1`
|
||||
- if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
- FINISHED
|
||||
- fi
|
||||
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+FINISHED
|
||||
+
|
||||
+# don't test the rest, it depends on DNS, which is not available in Koji
|
||||
+
|
||||
+# 608
|
||||
+CHECKAGENT '<"c608a"'
|
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
+ CHECKAGENT 'line 29: Error:'
|
||||
+ errnum=`expr $errnum - 1`
|
||||
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
FINISHED
|
||||
fi
|
||||
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+ FINISHED
|
||||
+fi
|
||||
|
||||
- CHECKAGENTCOUNT atleastone '<"c608b"'
|
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
- CHECKAGENT 'line 30: Error:'
|
||||
- if [ "$snmp_last_test_result" -eq 1 ] ; then
|
||||
- errnum=`expr $errnum - 1`
|
||||
- fi
|
||||
+CHECKAGENTCOUNT atleastone '<"c608b"'
|
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
+ CHECKAGENT 'line 30: Error:'
|
||||
+ if [ "$snmp_last_test_result" -eq 1 ] ; then
|
||||
+ errnum=`expr $errnum - 1`
|
||||
fi
|
||||
fi
|
||||
|
@ -0,0 +1,175 @@
|
||||
diff -urNp a/man/net-snmp-config.1.def b/man/net-snmp-config.1.def
|
||||
--- a/man/net-snmp-config.1.def 2021-05-26 09:30:07.430790003 +0200
|
||||
+++ b/man/net-snmp-config.1.def 2021-05-26 09:35:36.703673542 +0200
|
||||
@@ -30,7 +30,7 @@ code for a list of available debug token
|
||||
SNMP Setup commands:
|
||||
.TP
|
||||
\fB\-\-create\-snmpv3\-user\fR [\-ro] [\-a authpass] [\-x privpass]
|
||||
-[\-X DES|AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
|
||||
+[\-X AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
|
||||
.PP
|
||||
These options produce the various compilation flags needed when
|
||||
building external SNMP applications:
|
||||
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
|
||||
--- a/man/net-snmp-create-v3-user.1.def 2021-05-26 09:30:07.430790003 +0200
|
||||
+++ b/man/net-snmp-create-v3-user.1.def 2021-05-26 09:34:23.702034230 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
|
||||
.SH SYNOPSIS
|
||||
.PP
|
||||
-.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
|
||||
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x AES]
|
||||
.B [username]
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
@@ -27,5 +27,5 @@ specifies the authentication password ha
|
||||
\fB\-X privpass\fR
|
||||
specifies the encryption password
|
||||
.TP
|
||||
-\fB\-x DES|AES\fR
|
||||
+\fB\-x AES\fR
|
||||
specifies the encryption algorithm
|
||||
diff -urNp a/man/snmpcmd.1.def b/man/snmpcmd.1.def
|
||||
--- a/man/snmpcmd.1.def 2021-05-26 09:30:07.429789994 +0200
|
||||
+++ b/man/snmpcmd.1.def 2021-05-26 09:37:51.104850500 +0200
|
||||
@@ -311,7 +311,7 @@ Overrides the \fIdefSecurityName\fR toke
|
||||
file.
|
||||
.TP
|
||||
.BI \-x " privProtocol"
|
||||
-Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages.
|
||||
+Set the privacy protocol (AES) used for encrypted SNMPv3 messages.
|
||||
Overrides the \fIdefPrivType\fR token in the
|
||||
.I snmp.conf
|
||||
file. This option is only valid if the Net-SNMP software was build
|
||||
diff -urNp a/man/snmp.conf.5.def b/man/snmp.conf.5.def
|
||||
--- a/man/snmp.conf.5.def 2021-05-26 09:30:07.429789994 +0200
|
||||
+++ b/man/snmp.conf.5.def 2021-05-26 09:40:03.730011937 +0200
|
||||
@@ -221,13 +221,13 @@ The
|
||||
value will be used for the authentication and/or privacy pass phrases
|
||||
if either of the other directives are not specified.
|
||||
.IP "defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224"
|
||||
-.IP "defPrivType DES|AES"
|
||||
+.IP "defPrivType AES"
|
||||
define the default authentication and privacy protocols to use for
|
||||
SNMPv3 requests.
|
||||
These can be overridden using the \fB\-a\fR and \fB\-x\fR options respectively.
|
||||
.IP
|
||||
If not specified, SNMPv3 requests will default to MD5 authentication
|
||||
-and DES encryption.
|
||||
+and AES encryption.
|
||||
.RS
|
||||
.IP "Note:
|
||||
If the software has not been compiled to use the OpenSSL libraries,
|
||||
@@ -262,8 +262,7 @@ master keys which have been converted to
|
||||
suitable for on particular SNMP engine (agent). The length of the key
|
||||
needs to be appropriate for the authentication or encryption type
|
||||
being used (auth keys: MD5=16 bytes, SHA1=20 bytes;
|
||||
-priv keys: DES=16 bytes (8
|
||||
-bytes of which is used as an IV and not a key), and AES=16 bytes).
|
||||
+priv keys: AES=16 bytes).
|
||||
.IP "sshtosnmpsocket PATH"
|
||||
Sets the path of the \fBsshtosnmp\fR socket created by an application
|
||||
(e.g. snmpd) listening for incoming ssh connections through the
|
||||
diff -urNp a/man/snmpd.examples.5.def b/man/snmpd.examples.5.def
|
||||
--- a/man/snmpd.examples.5.def 2021-05-26 09:30:07.429789994 +0200
|
||||
+++ b/man/snmpd.examples.5.def 2021-05-26 09:41:29.170761436 +0200
|
||||
@@ -87,8 +87,8 @@ the same authentication and encryption s
|
||||
.RS
|
||||
.nf
|
||||
createUser me MD5 "single pass phrase"
|
||||
-createUser myself MD5 "single pass phrase" DES
|
||||
-createUser andI MD5 "single pass phrase" DES "single pass phrase"
|
||||
+createUser myself MD5 "single pass phrase" AES
|
||||
+createUser andI MD5 "single pass phrase" AES "single pass phrase"
|
||||
.fi
|
||||
.RE
|
||||
Note that this defines three \fIdistinct\fR users, who could be granted
|
||||
diff -urNp a/man/snmptrapd.conf.5.def b/man/snmptrapd.conf.5.def
|
||||
--- a/man/snmptrapd.conf.5.def 2021-05-26 09:30:07.428789985 +0200
|
||||
+++ b/man/snmptrapd.conf.5.def 2021-05-26 09:42:02.963064029 +0200
|
||||
@@ -117,7 +117,7 @@ to trigger the types of processing liste
|
||||
See
|
||||
.IR snmpd.conf (5)
|
||||
for more details.
|
||||
-.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES]"
|
||||
+.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [AES]"
|
||||
See the
|
||||
.IR snmpd.conf (5)
|
||||
manual page for a description of how to create SNMPv3 users. This
|
||||
diff -urNp a/man/snmpusm.1.def b/man/snmpusm.1.def
|
||||
--- a/man/snmpusm.1.def 2021-05-26 09:30:07.430790003 +0200
|
||||
+++ b/man/snmpusm.1.def 2021-05-26 09:42:24.178253990 +0200
|
||||
@@ -216,7 +216,7 @@ rwuser initial
|
||||
# lets add the new user we'll create too:
|
||||
rwuser wes
|
||||
# USM configuration entries
|
||||
-createUser initial MD5 setup_passphrase DES
|
||||
+createUser initial MD5 setup_passphrase AES
|
||||
.fi
|
||||
.RE
|
||||
.PP
|
||||
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||
--- a/net-snmp-create-v3-user.in 2021-05-26 09:30:07.369789468 +0200
|
||||
+++ b/net-snmp-create-v3-user.in 2021-05-26 09:33:23.966511123 +0200
|
||||
@@ -10,7 +10,7 @@ if @PSCMD@ | egrep ' snmpd *$' > /dev/nu
|
||||
fi
|
||||
|
||||
Aalgorithm="MD5"
|
||||
-Xalgorithm="DES"
|
||||
+Xalgorithm="AES"
|
||||
token=rwuser
|
||||
|
||||
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
|
||||
@@ -57,11 +57,11 @@ case $1 in
|
||||
exit 1
|
||||
fi
|
||||
case $1 in
|
||||
- DES|AES|AES128|AES192|AES256)
|
||||
+ AES|AES128|AES192|AES256)
|
||||
Xalgorithm=$1
|
||||
shift
|
||||
;;
|
||||
- des|aes|aes128|aes192|aes256)
|
||||
+ aes|aes128|aes192|aes256)
|
||||
Xalgorithm=$(echo "$1" | tr a-z A-Z)
|
||||
shift
|
||||
;;
|
||||
@@ -90,7 +90,7 @@ if test "x$usage" = "xyes"; then
|
||||
echo ""
|
||||
echo "Usage:"
|
||||
echo " net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]"
|
||||
- echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x DES|AES] [username]"
|
||||
+ echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x AES] [username]"
|
||||
echo ""
|
||||
exit
|
||||
fi
|
||||
diff -urNp a/README.snmpv3 b/README.snmpv3
|
||||
--- a/README.snmpv3 2021-05-26 09:30:07.352789320 +0200
|
||||
+++ b/README.snmpv3 2021-05-26 09:44:49.109551728 +0200
|
||||
@@ -4,7 +4,7 @@ How to setup SNMPv3, a very brief docume
|
||||
do a better job on since I suck at writing documentation and he
|
||||
doesn't ;-) --Wes:
|
||||
|
||||
-Note: SHA authentication and DES/AES encryption support is only available
|
||||
+Note: SHA authentication and AES encryption support is only available
|
||||
if you have OpenSSL installed or if you've compiled using
|
||||
--with-openssl=internal. If you use --with-openssl=internal please
|
||||
read the documentation in snmplib/openssl/README for important details.
|
||||
@@ -27,7 +27,7 @@ CREATING THE FIRST USER:
|
||||
WARNING: SNMPv3 pass phrases must be at least 8 characters long!
|
||||
|
||||
The above line creates the user "myuser" with a password of
|
||||
- "my_password" (and uses MD5 and DES for protection). (Note that
|
||||
+ "my_password" (and uses MD5 and AES for protection). (Note that
|
||||
encryption support isn't enabled in the binary releases downloadable
|
||||
from the net-snmp web site.) net-snmp-config will also add a line
|
||||
to your snmpd.conf file to let that user have read/write access to
|
||||
@@ -44,7 +44,7 @@ CREATING THE FIRST USER:
|
||||
[ this should return information about how long your agent has been up]
|
||||
|
||||
snmpget -v 3 -u myuser -l authPriv -a MD5 -A my_password
|
||||
- -x DES -X my_password localhost sysUpTime.0
|
||||
+ -x AES -X my_password localhost sysUpTime.0
|
||||
[ this should return similar information, but encrypts the transmission ]
|
||||
|
||||
CREATING A SECOND USER:
|
@ -0,0 +1,120 @@
|
||||
From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
|
||||
From: Philippe Troin <phil+github-commits@fifi.org>
|
||||
Date: Sat, 3 Feb 2024 10:30:30 -0800
|
||||
Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
|
||||
|
||||
Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
|
||||
This breaks the hard-coded assumptions about the Ip line length.
|
||||
Add compatibility to parse Linux 6.7 Ip header while keep support
|
||||
for previous versions.
|
||||
---
|
||||
.../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++----
|
||||
1 file changed, 37 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||
index 49e0a34d5c..f04e828a94 100644
|
||||
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||
@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
|
||||
}
|
||||
|
||||
/*
|
||||
- /proc/net/snmp
|
||||
+ /proc/net/snmp - Linux 6.6 and lower
|
||||
|
||||
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
|
||||
Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
|
||||
@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
|
||||
|
||||
Udp: InDatagrams NoPorts InErrors OutDatagrams
|
||||
Udp: 1491094 122 0 1466178
|
||||
+*
|
||||
+ /proc/net/snmp - Linux 6.7 and higher
|
||||
+
|
||||
+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
|
||||
+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
|
||||
+
|
||||
+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
|
||||
+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
|
||||
+
|
||||
+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
|
||||
+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484
|
||||
+
|
||||
+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
|
||||
+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
|
||||
+
|
||||
+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
|
||||
+ Udp: 2257832 1422 0 2252835 0 0 0 84 0
|
||||
+
|
||||
+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
|
||||
+ UdpLite: 0 0 0 0 0 0 0 0 0
|
||||
*/
|
||||
|
||||
|
||||
@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||
FILE *devin;
|
||||
char line[1024];
|
||||
netsnmp_systemstats_entry *entry = NULL;
|
||||
- int scan_count;
|
||||
+ int scan_count, expected_scan_count;
|
||||
char *stats, *start = line;
|
||||
int len;
|
||||
- unsigned long long scan_vals[19];
|
||||
+ unsigned long long scan_vals[20];
|
||||
|
||||
DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
|
||||
load_flags));
|
||||
@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||
*/
|
||||
NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
|
||||
len = strlen(line);
|
||||
- if (224 != len) {
|
||||
+ switch (len) {
|
||||
+ case 224:
|
||||
+ expected_scan_count = 19;
|
||||
+ break;
|
||||
+ case 237:
|
||||
+ expected_scan_count = 20;
|
||||
+ break;
|
||||
+ default:
|
||||
fclose(devin);
|
||||
snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
|
||||
- " %d != 224\n", len);
|
||||
+ " %d not in { 224, 237 } \n", len);
|
||||
return -4;
|
||||
}
|
||||
|
||||
@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||
memset(scan_vals, 0x0, sizeof(scan_vals));
|
||||
scan_count = sscanf(stats,
|
||||
"%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
|
||||
- "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
|
||||
+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
|
||||
&scan_vals[0],&scan_vals[1],&scan_vals[2],
|
||||
&scan_vals[3],&scan_vals[4],&scan_vals[5],
|
||||
&scan_vals[6],&scan_vals[7],&scan_vals[8],
|
||||
&scan_vals[9],&scan_vals[10],&scan_vals[11],
|
||||
&scan_vals[12],&scan_vals[13],&scan_vals[14],
|
||||
&scan_vals[15],&scan_vals[16],&scan_vals[17],
|
||||
- &scan_vals[18]);
|
||||
+ &scan_vals[18],&scan_vals[19]);
|
||||
DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count));
|
||||
|
||||
- if(scan_count != 19) {
|
||||
+ if(scan_count != expected_scan_count) {
|
||||
snmp_log(LOG_ERR,
|
||||
"error scanning systemstats data (expected %d, got %d)\n",
|
||||
- 19, scan_count);
|
||||
+ expected_scan_count, scan_count);
|
||||
netsnmp_access_systemstats_entry_free(entry);
|
||||
return -4;
|
||||
}
|
||||
@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||
entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
|
||||
entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
|
||||
entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
|
||||
+ /* entry->stats. = scan_vals[19]; / * OutTransmits */
|
||||
|
||||
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
|
||||
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;
|
||||
|
@ -0,0 +1,43 @@
|
||||
diff -urNp a/local/checkbandwidth b/local/checkbandwidth
|
||||
--- a/local/checkbandwidth 2024-06-21 21:17:01.675417287 +0200
|
||||
+++ b/local/checkbandwidth 2024-06-21 21:19:40.107746544 +0200
|
||||
@@ -326,7 +326,6 @@ See the Net-SNMP COPYING file for licens
|
||||
|
||||
use JSON;
|
||||
use Data::Dumper;
|
||||
-use Mail::Sender;
|
||||
use SNMP;
|
||||
use Fcntl ':flock';
|
||||
|
||||
@@ -744,19 +743,19 @@ sub send_rate_message($$$$$$) {
|
||||
sub send_message($$$) {
|
||||
my ($to, $subject, $text) = @_;
|
||||
|
||||
- my $sender = new Mail::Sender { smtp => $opts{'S'} ,
|
||||
- port => $opts{'P'},
|
||||
- from => $opts{'F'},
|
||||
- };
|
||||
-
|
||||
- my $status =
|
||||
- $sender->MailMsg({
|
||||
- to => $to,
|
||||
- subject => $subject,
|
||||
- msg => $text
|
||||
- });
|
||||
+# my $sender = new Mail::Sender { smtp => $opts{'S'} ,
|
||||
+# port => $opts{'P'},
|
||||
+# from => $opts{'F'},
|
||||
+# };
|
||||
+
|
||||
+ my $status = -1;
|
||||
+# $sender->MailMsg({
|
||||
+# to => $to,
|
||||
+# subject => $subject,
|
||||
+# msg => $text
|
||||
+# });
|
||||
if ($status < 0) {
|
||||
- Log("Failed to send mail with error code $status: $Mail::Sender::Error");
|
||||
+ Log("Failed to send mail with error code $status: Mail::Sender is not available");
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,29 @@
|
||||
diff -ruNp a/testing/fulltests/support/simple_eval_tools.sh b/testing/fulltests/support/simple_eval_tools.sh
|
||||
--- a/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:36:03.641432345 +0100
|
||||
+++ b/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:38:15.946855878 +0100
|
||||
@@ -525,7 +525,6 @@ STARTPROG() {
|
||||
if test -f $CFG_FILE; then
|
||||
COMMAND="$COMMAND -C -c $CFG_FILE"
|
||||
fi
|
||||
- COMMAND="$COMMAND -f"
|
||||
if [ "x$PORT_SPEC" != "x" ]; then
|
||||
COMMAND="$COMMAND $PORT_SPEC"
|
||||
fi
|
||||
@@ -537,10 +536,13 @@ STARTPROG() {
|
||||
OUTPUTENVVARS $LOG_FILE.command
|
||||
echo $COMMAND >> $LOG_FILE.command
|
||||
fi
|
||||
- {
|
||||
- { $COMMAND; } >$LOG_FILE.stdout 2>&1
|
||||
- echo $? >$LOG_FILE.exitcode
|
||||
- } &
|
||||
+ if [ "x$OSTYPE" = "xmsys" ]; then
|
||||
+ $COMMAND > $LOG_FILE.stdout 2>&1 &
|
||||
+ ## COMMAND="cmd.exe //c start //min $COMMAND"
|
||||
+ ## start $COMMAND > $LOG_FILE.stdout 2>&1
|
||||
+ else
|
||||
+ $COMMAND > $LOG_FILE.stdout 2>&1
|
||||
+ fi
|
||||
}
|
||||
|
||||
#------------------------------------ -o-
|
@ -0,0 +1,62 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# net-snmp-config
|
||||
#
|
||||
# this shell script is designed to merely dump the configuration
|
||||
# information about how the net-snmp package was compiled. The
|
||||
# information is particularily useful for applications that need to
|
||||
# link against the net-snmp libraries and hence must know about any
|
||||
# other libraries that must be linked in as well.
|
||||
|
||||
# this particular shell script calls arch specific script to avoid
|
||||
# multilib conflicts
|
||||
|
||||
# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha sparc sparc64
|
||||
|
||||
arch=`arch`
|
||||
echo $arch | grep -q i.86
|
||||
if [ $? -eq 0 ] ; then
|
||||
net-snmp-config-i386 "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "ia64" ] ; then
|
||||
net-snmp-config-ia64 "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "ppc" ] ; then
|
||||
net-snmp-config-ppc "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "ppc64" ] ; then
|
||||
net-snmp-config-ppc64 "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "s390" ] ; then
|
||||
net-snmp-config-s390 "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "s390x" ] ; then
|
||||
net-snmp-config-s390x "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "x86_64" ] ; then
|
||||
net-snmp-config-x86_64 "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "alpha" ] ; then
|
||||
net-snmp-config-alpha "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "sparc" ] ; then
|
||||
net-snmp-config-sparc "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "sparc64" ] ; then
|
||||
net-snmp-config-sparc64 "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "aarch64" ] ; then
|
||||
net-snmp-config-aarch64 "$@"
|
||||
exit 0
|
||||
fi
|
||||
echo "Cannot determine architecture"
|
@ -0,0 +1,38 @@
|
||||
/* This file is here to prevent a file conflict on multiarch systems. A
|
||||
* conflict will frequently occur because arch-specific build-time
|
||||
* configuration options are stored (and used, so they can't just be stripped
|
||||
* out) in net-snmp-config.h. The original net-snmp-config.h has been renamed.
|
||||
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
|
||||
|
||||
#ifdef net_snmp_config_multilib_redirection_h
|
||||
#error "Do not define net_snmp_config_multilib_redirection_h!"
|
||||
#endif
|
||||
#define net_snmp_config_multilib_redirection_h
|
||||
|
||||
#if defined(__i386__)
|
||||
#include "net-snmp-config-i386.h"
|
||||
#elif defined(__ia64__)
|
||||
#include "net-snmp-config-ia64.h"
|
||||
#elif defined(__powerpc64__)
|
||||
#include "net-snmp-config-ppc64.h"
|
||||
#elif defined(__powerpc__)
|
||||
#include "net-snmp-config-ppc.h"
|
||||
#elif defined(__s390x__)
|
||||
#include "net-snmp-config-s390x.h"
|
||||
#elif defined(__s390__)
|
||||
#include "net-snmp-config-s390.h"
|
||||
#elif defined(__x86_64__)
|
||||
#include "net-snmp-config-x86_64.h"
|
||||
#elif defined(__alpha__)
|
||||
#include "net-snmp-config-alpha.h"
|
||||
#elif defined(__sparc__) && defined (__arch64__)
|
||||
#include "net-snmp-config-sparc64.h"
|
||||
#elif defined(__sparc__)
|
||||
#include "net-snmp-config-sparc.h"
|
||||
#elif defined(__aarch64__)
|
||||
#include "net-snmp-config-aarch64.h"
|
||||
#else
|
||||
#error "net-snmp-devel package does not work on your architecture"
|
||||
#endif
|
||||
|
||||
#undef net_snmp_config_multilib_redirection_h
|
@ -0,0 +1,59 @@
|
||||
Libs.private should contain a list of libraries the library that the package
|
||||
exposes is linked too. So let's filter out unrelated link flags.
|
||||
|
||||
diff --git net-snmp-5.9.1/netsnmp.pc.in~ net-snmp-5.9.1/netsnmp.pc.in
|
||||
index 0a1f5785a4..524ca91d82 100644
|
||||
--- net-snmp-5.9.1/netsnmp.pc.in~
|
||||
+++ net-snmp-5.9.1/netsnmp.pc.in
|
||||
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
|
||||
Version: @PACKAGE_VERSION@
|
||||
Cflags: -I${includedir}
|
||||
Libs: -L${libdir} -lnetsnmp
|
||||
-Libs.private: @LDFLAGS@ @LNETSNMPLIBS@ @LIBS@ @PERLLDOPTS_FOR_APPS@
|
||||
+Libs.private: @LNETSNMPLIBS@ @LIBS@
|
||||
diff --git net-snmp-5.9.1/netsnmp-agent.pc.in~ net-snmp-5.9.1/netsnmp-agent.pc.in
|
||||
index 3a1c77bbf8..3d3b308d21 100644
|
||||
--- net-snmp-5.9.1/netsnmp-agent.pc.in~
|
||||
+++ net-snmp-5.9.1/netsnmp-agent.pc.in
|
||||
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
|
||||
Version: @PACKAGE_VERSION@
|
||||
Cflags: -I${includedir}
|
||||
Libs: -L${libdir} -lnetsnmpmibs -lnetsnmpagent -lnetsnmp
|
||||
-Libs.private: @LDFLAGS@ @LMIBLIBS@ @LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@ @LNETSNMPLIBS@ @LIBS@
|
||||
+Libs.private: @LMIBLIBS@ @LAGENTLIBS@ @LNETSNMPLIBS@ @LIBS@
|
||||
diff --git net-snmp-5.9.1/net-snmp-config.in~ net-snmp-5.9.1/net-snmp-config.in
|
||||
index 6b5abf8f83..ee81ce98fa 100644
|
||||
--- net-snmp-5.9.1/net-snmp-config.in~
|
||||
+++ net-snmp-5.9.1/net-snmp-config.in
|
||||
@@ -193,13 +193,13 @@ else
|
||||
#################################################### client lib
|
||||
--libs)
|
||||
# use this one == --netsnmp-libs + --external-libs
|
||||
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
|
||||
+ echo $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
|
||||
;;
|
||||
--netsnmp-libs)
|
||||
echo $NSC_LIBDIR $NSC_BASE_SNMP_LIBS
|
||||
;;
|
||||
--external-libs)
|
||||
- echo $NSC_LDFLAGS $NSC_LNETSNMPLIBS $NSC_LIBS @PERLLDOPTS_FOR_APPS@
|
||||
+ echo $NSC_LNETSNMPLIBS $NSC_LIBS
|
||||
;;
|
||||
#################################################### agent lib
|
||||
--base-agent-libs)
|
||||
@@ -210,13 +210,13 @@ else
|
||||
;;
|
||||
--agent-libs)
|
||||
# use this one == --netsnmp-agent-libs + --external-libs
|
||||
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
|
||||
+ echo $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
|
||||
;;
|
||||
--netsnmp-agent-libs)
|
||||
echo $NSC_LIBDIR $NSC_BASE_AGENT_LIBS
|
||||
;;
|
||||
--external-agent-libs)
|
||||
- echo $NSC_LDFLAGS $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
|
||||
+ echo $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
|
||||
;;
|
||||
####################################################
|
||||
--version|--ver*)
|
@ -0,0 +1 @@
|
||||
d /run/net-snmp 0755 root root
|
@ -0,0 +1,6 @@
|
||||
# Example configuration file for snmptrapd
|
||||
#
|
||||
# No traps are handled by default, you must edit this file!
|
||||
#
|
||||
# authCommunity log,execute,net public
|
||||
# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold
|
@ -0,0 +1,462 @@
|
||||
###############################################################################
|
||||
#
|
||||
# snmpd.conf:
|
||||
# An example configuration file for configuring the ucd-snmp snmpd agent.
|
||||
#
|
||||
###############################################################################
|
||||
#
|
||||
# This file is intended to only be as a starting point. Many more
|
||||
# configuration directives exist than are mentioned in this file. For
|
||||
# full details, see the snmpd.conf(5) manual page.
|
||||
#
|
||||
# All lines beginning with a '#' are comments and are intended for you
|
||||
# to read. All other lines are configuration commands for the agent.
|
||||
|
||||
###############################################################################
|
||||
# Access Control
|
||||
###############################################################################
|
||||
|
||||
# As shipped, the snmpd demon will only respond to queries on the
|
||||
# system mib group until this file is replaced or modified for
|
||||
# security purposes. Examples are shown below about how to increase the
|
||||
# level of access.
|
||||
|
||||
# By far, the most common question I get about the agent is "why won't
|
||||
# it work?", when really it should be "how do I configure the agent to
|
||||
# allow me to access it?"
|
||||
#
|
||||
# By default, the agent responds to the "public" community for read
|
||||
# only access, if run out of the box without any configuration file in
|
||||
# place. The following examples show you other ways of configuring
|
||||
# the agent so that you can change the community names, and give
|
||||
# yourself write access to the mib tree as well.
|
||||
#
|
||||
# For more information, read the FAQ as well as the snmpd.conf(5)
|
||||
# manual page.
|
||||
|
||||
####
|
||||
# First, map the community name "public" into a "security name"
|
||||
|
||||
# sec.name source community
|
||||
#com2sec notConfigUser default public
|
||||
|
||||
####
|
||||
# Second, map the security name into a group name:
|
||||
|
||||
# groupName securityModel securityName
|
||||
#group notConfigGroup v1 notConfigUser
|
||||
#group notConfigGroup v2c notConfigUser
|
||||
|
||||
####
|
||||
# Third, create a view for us to let the group have rights to:
|
||||
|
||||
# Make at least snmpwalk -v 1 localhost -c public system fast again.
|
||||
# name incl/excl subtree mask(optional)
|
||||
view systemview included .1.3.6.1.2.1.1
|
||||
view systemview included .1.3.6.1.2.1.25.1.1
|
||||
|
||||
####
|
||||
# Finally, grant the group read-only access to the systemview view.
|
||||
|
||||
# group context sec.model sec.level prefix read write notif
|
||||
access notConfigGroup "" any noauth exact systemview none none
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
# Here is a commented out example configuration that allows less
|
||||
# restrictive access.
|
||||
|
||||
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
|
||||
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
|
||||
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
|
||||
|
||||
## sec.name source community
|
||||
#com2sec local localhost COMMUNITY
|
||||
#com2sec mynetwork NETWORK/24 COMMUNITY
|
||||
|
||||
## group.name sec.model sec.name
|
||||
#group MyRWGroup any local
|
||||
#group MyROGroup any mynetwork
|
||||
#
|
||||
#group MyRWGroup any otherv3user
|
||||
#...
|
||||
|
||||
## incl/excl subtree mask
|
||||
#view all included .1 80
|
||||
|
||||
## -or just the mib2 tree-
|
||||
|
||||
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
|
||||
|
||||
|
||||
## context sec.model sec.level prefix read write notif
|
||||
#access MyROGroup "" any noauth 0 all none none
|
||||
#access MyRWGroup "" any noauth 0 all all all
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Sample configuration to make net-snmpd RFC 1213.
|
||||
# Unfortunately v1 and v2c don't allow any user based authentification, so
|
||||
# opening up the default config is not an option from a security point.
|
||||
#
|
||||
# WARNING: If you uncomment the following lines you allow write access to your
|
||||
# snmpd daemon from any source! To avoid this use different names for your
|
||||
# community or split out the write access to a different community and
|
||||
# restrict it to your local network.
|
||||
# Also remember to comment the syslocation and syscontact parameters later as
|
||||
# otherwise they are still read only (see FAQ for net-snmp).
|
||||
#
|
||||
|
||||
# First, map the community name "public" into a "security name"
|
||||
# sec.name source community
|
||||
#com2sec notConfigUser default public
|
||||
|
||||
# Second, map the security name into a group name:
|
||||
# groupName securityModel securityName
|
||||
#group notConfigGroup v1 notConfigUser
|
||||
#group notConfigGroup v2c notConfigUser
|
||||
|
||||
# Third, create a view for us to let the group have rights to:
|
||||
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
|
||||
# name incl/excl subtree mask(optional)
|
||||
#view roview included .1
|
||||
#view rwview included system.sysContact
|
||||
#view rwview included system.sysName
|
||||
#view rwview included system.sysLocation
|
||||
#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus
|
||||
#view rwview included at.atTable.atEntry.atPhysAddress
|
||||
#view rwview included at.atTable.atEntry.atNetAddress
|
||||
#view rwview included ip.ipForwarding
|
||||
#view rwview included ip.ipDefaultTTL
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask
|
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
|
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
|
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
|
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
|
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
|
||||
#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState
|
||||
#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
|
||||
#view rwview included snmp.snmpEnableAuthenTraps
|
||||
|
||||
# Finally, grant the group read-only access to the systemview view.
|
||||
# group context sec.model sec.level prefix read write notif
|
||||
#access notConfigGroup "" any noauth exact roview rwview none
|
||||
|
||||
|
||||
|
||||
###############################################################################
|
||||
# System contact information
|
||||
#
|
||||
|
||||
# It is also possible to set the sysContact and sysLocation system
|
||||
# variables through the snmpd.conf file:
|
||||
|
||||
syslocation Unknown (edit /etc/snmp/snmpd.conf)
|
||||
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
|
||||
|
||||
# Example output of snmpwalk:
|
||||
# % snmpwalk -v 1 localhost -c public system
|
||||
# system.sysDescr.0 = "SunOS name sun4c"
|
||||
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
|
||||
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
|
||||
# system.sysContact.0 = "Me <me@somewhere.org>"
|
||||
# system.sysName.0 = "name"
|
||||
# system.sysLocation.0 = "Right here, right now."
|
||||
# system.sysServices.0 = 72
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Logging
|
||||
#
|
||||
|
||||
# We do not want annoying "Connection from UDP: " messages in syslog.
|
||||
# If the following option is commented out, snmpd will print each incoming
|
||||
# connection, which can be useful for debugging.
|
||||
|
||||
dontLogTCPWrappersConnects yes
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Process checks.
|
||||
#
|
||||
# The following are examples of how to use the agent to check for
|
||||
# processes running on the host. The syntax looks something like:
|
||||
#
|
||||
# proc NAME [MAX=0] [MIN=0]
|
||||
#
|
||||
# NAME: the name of the process to check for. It must match
|
||||
# exactly (ie, http will not find httpd processes).
|
||||
# MAX: the maximum number allowed to be running. Defaults to 0.
|
||||
# MIN: the minimum number to be running. Defaults to 0.
|
||||
|
||||
#
|
||||
# Examples (commented out by default):
|
||||
#
|
||||
|
||||
# Make sure mountd is running
|
||||
#proc mountd
|
||||
|
||||
# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
|
||||
#proc ntalkd 4
|
||||
|
||||
# Make sure at least one sendmail, but less than or equal to 10 are running.
|
||||
#proc sendmail 10 1
|
||||
|
||||
# A snmpwalk of the process mib tree would look something like this:
|
||||
#
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
|
||||
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
|
||||
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
|
||||
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
|
||||
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
|
||||
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
|
||||
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
|
||||
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
|
||||
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
|
||||
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
|
||||
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
|
||||
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
|
||||
#
|
||||
# Note that the errorFlag for mountd is set to 1 because one is not
|
||||
# running (in this case an rpc.mountd is, but thats not good enough),
|
||||
# and the ErrMessage tells you what's wrong. The configuration
|
||||
# imposed in the snmpd.conf file is also shown.
|
||||
#
|
||||
# Special Case: When the min and max numbers are both 0, it assumes
|
||||
# you want a max of infinity and a min of 1.
|
||||
#
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Executables/scripts
|
||||
#
|
||||
|
||||
#
|
||||
# You can also have programs run by the agent that return a single
|
||||
# line of output and an exit code. Here are two examples.
|
||||
#
|
||||
# exec NAME PROGRAM [ARGS ...]
|
||||
#
|
||||
# NAME: A generic name. The name must be unique for each exec statement.
|
||||
# PROGRAM: The program to run. Include the path!
|
||||
# ARGS: optional arguments to be passed to the program
|
||||
|
||||
# a simple hello world
|
||||
|
||||
#exec echotest /bin/echo hello world
|
||||
|
||||
# Run a shell script containing:
|
||||
#
|
||||
# #!/bin/sh
|
||||
# echo hello world
|
||||
# echo hi there
|
||||
# exit 35
|
||||
#
|
||||
# Note: this has been specifically commented out to prevent
|
||||
# accidental security holes due to someone else on your system writing
|
||||
# a /tmp/shtest before you do. Uncomment to use it.
|
||||
#
|
||||
#exec shelltest /bin/sh /tmp/shtest
|
||||
|
||||
# Then,
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
|
||||
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
|
||||
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
|
||||
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
|
||||
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
|
||||
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
|
||||
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
|
||||
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
|
||||
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
|
||||
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
|
||||
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
|
||||
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
|
||||
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
|
||||
|
||||
# Note that the second line of the /tmp/shtest shell script is cut
|
||||
# off. Also note that the exit status of 35 was returned.
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# disk checks
|
||||
#
|
||||
|
||||
# The agent can check the amount of available disk space, and make
|
||||
# sure it is above a set limit.
|
||||
|
||||
# disk PATH [MIN=100000]
|
||||
#
|
||||
# PATH: mount path to the disk in question.
|
||||
# MIN: Disks with space below this value will have the Mib's errorFlag set.
|
||||
# Default value = 100000.
|
||||
|
||||
# Check the / partition and make sure it contains at least 10 megs.
|
||||
|
||||
#disk / 10000
|
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
|
||||
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# load average checks
|
||||
#
|
||||
|
||||
# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
|
||||
#
|
||||
# 1MAX: If the 1 minute load average is above this limit at query
|
||||
# time, the errorFlag will be set.
|
||||
# 5MAX: Similar, but for 5 min average.
|
||||
# 15MAX: Similar, but for 15 min average.
|
||||
|
||||
# Check for loads:
|
||||
#load 12 14 14
|
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
|
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Extensible sections.
|
||||
#
|
||||
|
||||
# This alleviates the multiple line output problem found in the
|
||||
# previous executable mib by placing each mib in its own mib table:
|
||||
|
||||
# Run a shell script containing:
|
||||
#
|
||||
# #!/bin/sh
|
||||
# echo hello world
|
||||
# echo hi there
|
||||
# exit 35
|
||||
#
|
||||
# Note: this has been specifically commented out to prevent
|
||||
# accidental security holes due to someone else on your system writing
|
||||
# a /tmp/shtest before you do. Uncomment to use it.
|
||||
#
|
||||
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
|
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
|
||||
# enterprises.ucdavis.50.1.1 = 1
|
||||
# enterprises.ucdavis.50.2.1 = "shelltest"
|
||||
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
|
||||
# enterprises.ucdavis.50.100.1 = 35
|
||||
# enterprises.ucdavis.50.101.1 = "hello world."
|
||||
# enterprises.ucdavis.50.101.2 = "hi there."
|
||||
# enterprises.ucdavis.50.102.1 = 0
|
||||
|
||||
# Now the Output has grown to two lines, and we can see the 'hi
|
||||
# there.' output as the second line from our shell script.
|
||||
#
|
||||
# Note that you must alter the mib.txt file to be correct if you want
|
||||
# the .50.* outputs above to change to reasonable text descriptions.
|
||||
|
||||
# Other ideas:
|
||||
#
|
||||
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
|
||||
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
|
||||
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Pass through control.
|
||||
#
|
||||
|
||||
# Usage:
|
||||
# pass MIBOID EXEC-COMMAND
|
||||
#
|
||||
# This will pass total control of the mib underneath the MIBOID
|
||||
# portion of the mib to the EXEC-COMMAND.
|
||||
#
|
||||
# Note: You'll have to change the path of the passtest script to your
|
||||
# source directory or install it in the given location.
|
||||
#
|
||||
# Example: (see the script for details)
|
||||
# (commented out here since it requires that you place the
|
||||
# script in the right location. (its not installed by default))
|
||||
|
||||
# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
|
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
|
||||
# enterprises.ucdavis.255.1 = "life the universe and everything"
|
||||
# enterprises.ucdavis.255.2.1 = 42
|
||||
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
|
||||
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
|
||||
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
|
||||
# enterprises.ucdavis.255.5 = 42
|
||||
# enterprises.ucdavis.255.6 = Gauge: 42
|
||||
#
|
||||
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
|
||||
# enterprises.ucdavis.255.5 = 42
|
||||
#
|
||||
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
|
||||
# enterprises.ucdavis.255.1 = "New string"
|
||||
#
|
||||
|
||||
# For specific usage information, see the man/snmpd.conf.5 manual page
|
||||
# as well as the local/passtest script used in the above example.
|
||||
|
||||
###############################################################################
|
||||
# Further Information
|
||||
#
|
||||
# See the snmpd.conf manual page, and the output of "snmpd -H".
|
@ -0,0 +1,3 @@
|
||||
# snmpd command line options
|
||||
# '-f' is implicitly added by snmpd systemd unit file
|
||||
# OPTIONS="-LS0-6d"
|
@ -0,0 +1,3 @@
|
||||
# snmptrapd command line options
|
||||
# '-f' is implicitly added by snmptrapd systemd unit file
|
||||
# OPTIONS="-Lsd"
|
@ -0,0 +1,13 @@
|
||||
[Unit]
|
||||
Description=Simple Network Management Protocol (SNMP) Daemon.
|
||||
After=syslog.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
Environment=OPTIONS="-LS0-6d"
|
||||
EnvironmentFile=-/etc/sysconfig/snmpd
|
||||
ExecStart=/usr/sbin/snmpd $OPTIONS -f
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,13 @@
|
||||
[Unit]
|
||||
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
|
||||
After=syslog.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
Environment=OPTIONS="-Lsd"
|
||||
EnvironmentFile=-/etc/sysconfig/snmptrapd
|
||||
ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue