commit
e92d9735e8
@ -0,0 +1 @@
|
|||||||
|
SOURCES/net-snmp-5.9.1.tar.gz
|
@ -0,0 +1 @@
|
|||||||
|
0326d0e07c86f52100ceadd42c875a446309a846 SOURCES/net-snmp-5.9.1.tar.gz
|
@ -0,0 +1,41 @@
|
|||||||
|
MIBs included in this software taken from IETF Documents are considered
|
||||||
|
Code Components in accordance with the IETF Trust License Policy, as found
|
||||||
|
here:
|
||||||
|
|
||||||
|
http://trustee.ietf.org/license-info/
|
||||||
|
|
||||||
|
They are available under the terms of the Simplified BSD license, a copy of
|
||||||
|
which is included below.
|
||||||
|
|
||||||
|
*****
|
||||||
|
|
||||||
|
Copyright (c) 2013 IETF Trust and the persons identified as authors of
|
||||||
|
the code. All rights reserved.
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions are
|
||||||
|
met:
|
||||||
|
|
||||||
|
· Redistributions of source code must retain the above copyright notice,
|
||||||
|
this list of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
· Redistributions in binary form must reproduce the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer in the
|
||||||
|
documentation and/or other materials provided with the distribution.
|
||||||
|
|
||||||
|
· Neither the name of Internet Society, IETF or IETF Trust, nor the
|
||||||
|
names of specific contributors, may be used to endorse or promote
|
||||||
|
products derived from this software without specific prior written
|
||||||
|
permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS
|
||||||
|
IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||||
|
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
|
||||||
|
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||||
|
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
@ -0,0 +1,30 @@
|
|||||||
|
1134475 - dependency in perl package
|
||||||
|
|
||||||
|
Use hardcoded path to configuration directories instead of net-snmp-config.
|
||||||
|
net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
|
||||||
|
depending on -devel.
|
||||||
|
|
||||||
|
diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
|
||||||
|
--- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200
|
||||||
|
+++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200
|
||||||
|
@@ -819,8 +819,7 @@ sub set_default {
|
||||||
|
sub cfg_path {
|
||||||
|
my $path;
|
||||||
|
|
||||||
|
- $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`;
|
||||||
|
- chomp $path;
|
||||||
|
+ $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp";
|
||||||
|
return (wantarray ? split(':', $path) : $path);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1414,8 +1413,8 @@ sub checkReqs {
|
||||||
|
die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later")
|
||||||
|
if ($ossl_ver cmp $ossl_min_ver) < 0;
|
||||||
|
|
||||||
|
- die("$NetSNMP::Cert::CFGTOOL not found: please install")
|
||||||
|
- if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
|
||||||
|
+# die("$NetSNMP::Cert::CFGTOOL not found: please install")
|
||||||
|
+# if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
|
||||||
|
}
|
||||||
|
|
||||||
|
sub initOpts {
|
@ -0,0 +1,14 @@
|
|||||||
|
diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
|
||||||
|
--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200
|
||||||
|
+++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200
|
||||||
|
@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
|
||||||
|
return 0; /* or -1 */
|
||||||
|
|
||||||
|
it = CONTAINER_ITERATOR( swrun_container );
|
||||||
|
+ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
|
||||||
|
+ if (0 == strcmp( entry->hrSWRunName, name ))
|
||||||
|
+ i++;
|
||||||
|
+ }
|
||||||
|
while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
|
||||||
|
if (0 == strcmp( entry->hrSWRunName, name ))
|
||||||
|
i++;
|
@ -0,0 +1,12 @@
|
|||||||
|
diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h
|
||||||
|
--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200
|
||||||
|
+++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200
|
||||||
|
@@ -10,7 +10,7 @@ extern "C" {
|
||||||
|
* Note: using the U64 typedef is deprecated because this typedef conflicts
|
||||||
|
* with a typedef with the same name defined in the Perl header files.
|
||||||
|
*/
|
||||||
|
- typedef struct counter64 U64;
|
||||||
|
+// typedef struct counter64 U64;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define I64CHARSZ 21
|
@ -0,0 +1,35 @@
|
|||||||
|
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
|
||||||
|
--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100
|
||||||
|
+++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100
|
||||||
|
@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
|
||||||
|
"No error", /* SNMPERR_SUCCESS */
|
||||||
|
"Generic error", /* SNMPERR_GENERR */
|
||||||
|
"Invalid local port", /* SNMPERR_BAD_LOCPORT */
|
||||||
|
- "Unknown host", /* SNMPERR_BAD_ADDRESS */
|
||||||
|
+ "Invalid address", /* SNMPERR_BAD_ADDRESS */
|
||||||
|
"Unknown session", /* SNMPERR_BAD_SESSION */
|
||||||
|
"Too long", /* SNMPERR_TOO_LONG */
|
||||||
|
"No socket", /* SNMPERR_NO_SOCKET */
|
||||||
|
@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
|
||||||
|
DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
|
||||||
|
in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
|
||||||
|
in_session->s_errno = errno;
|
||||||
|
- snmp_set_detail(in_session->peername);
|
||||||
|
+ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
|
||||||
|
+ NETSNMP_DS_LIB_CLIENT_ADDR))
|
||||||
|
+ snmp_set_detail(in_session->peername);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
|
||||||
|
--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100
|
||||||
|
+++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100
|
||||||
|
@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
|
||||||
|
DEBUGMSGTL(("netsnmp_udpbase",
|
||||||
|
"failed to bind for clientaddr: %d %s\n",
|
||||||
|
errno, strerror(errno)));
|
||||||
|
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
|
||||||
|
+ strerror(errno)));
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,11 @@
|
|||||||
|
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
|
||||||
|
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200
|
||||||
|
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200
|
||||||
|
@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
|
||||||
|
for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
|
||||||
|
if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
|
||||||
|
/* 'entry' is duplicate of the previous one -> delete it */
|
||||||
|
+ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
|
||||||
|
netsnmp_access_ipaddress_entry_free(entry);
|
||||||
|
} else {
|
||||||
|
CONTAINER_INSERT(ret, entry);
|
@ -0,0 +1,12 @@
|
|||||||
|
diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
|
||||||
|
--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200
|
||||||
|
+++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200
|
||||||
|
@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
|
||||||
|
* save a warning header to the top of the new file
|
||||||
|
*/
|
||||||
|
snprintf(fileold, sizeof(fileold),
|
||||||
|
- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
|
||||||
|
+ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
|
||||||
|
"#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
|
||||||
|
"#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
|
||||||
|
type, type, type,
|
@ -0,0 +1,82 @@
|
|||||||
|
diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
|
||||||
|
--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200
|
||||||
|
+++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200
|
||||||
|
@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
|
||||||
|
}
|
||||||
|
|
||||||
|
#elif defined(linux)
|
||||||
|
+#include <errno.h>
|
||||||
|
static struct ifreq *ifr;
|
||||||
|
static int ifr_counter;
|
||||||
|
|
||||||
|
static void
|
||||||
|
Address_Scan_Init(void)
|
||||||
|
{
|
||||||
|
- int num_interfaces = 0;
|
||||||
|
+ int i;
|
||||||
|
int fd;
|
||||||
|
+ int lastlen = 0;
|
||||||
|
|
||||||
|
/* get info about all interfaces */
|
||||||
|
|
||||||
|
@@ -510,28 +512,45 @@ Address_Scan_Init(void)
|
||||||
|
SNMP_FREE(ifc.ifc_buf);
|
||||||
|
ifr_counter = 0;
|
||||||
|
|
||||||
|
- do
|
||||||
|
- {
|
||||||
|
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
|
||||||
|
{
|
||||||
|
DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
- num_interfaces += 16;
|
||||||
|
|
||||||
|
- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
|
||||||
|
- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
|
||||||
|
-
|
||||||
|
- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
|
||||||
|
- {
|
||||||
|
- ifr=NULL;
|
||||||
|
- close(fd);
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
- close(fd);
|
||||||
|
+ /*
|
||||||
|
+ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
|
||||||
|
+ * on some platforms; see W. R. Stevens, ``Unix Network Programming
|
||||||
|
+ * Volume I'', p.435...
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ for (i = 8;; i *= 2) {
|
||||||
|
+ ifc.ifc_len = sizeof(struct ifreq) * i;
|
||||||
|
+ ifc.ifc_req = calloc(i, sizeof(struct ifreq));
|
||||||
|
+
|
||||||
|
+ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
|
||||||
|
+ if (errno != EINVAL || lastlen != 0) {
|
||||||
|
+ /*
|
||||||
|
+ * Something has gone genuinely wrong...
|
||||||
|
+ */
|
||||||
|
+ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
|
||||||
|
+ SNMP_FREE(ifc.ifc_buf);
|
||||||
|
+ close(fd);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ if (ifc.ifc_len == lastlen) {
|
||||||
|
+ /*
|
||||||
|
+ * The length is the same as the last time; we're done...
|
||||||
|
+ */
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ lastlen = ifc.ifc_len;
|
||||||
|
+ }
|
||||||
|
+ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
|
||||||
|
}
|
||||||
|
- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
|
||||||
|
-
|
||||||
|
+
|
||||||
|
+ close(fd);
|
||||||
|
ifr = ifc.ifc_req;
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,36 @@
|
|||||||
|
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
|
||||||
|
--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200
|
||||||
|
+++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200
|
||||||
|
@@ -3,7 +3,7 @@
|
||||||
|
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
|
||||||
|
.SH SYNOPSIS
|
||||||
|
.PP
|
||||||
|
-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
|
||||||
|
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
|
||||||
|
.B [username]
|
||||||
|
.SH DESCRIPTION
|
||||||
|
.PP
|
||||||
|
@@ -16,13 +16,16 @@ new user in net-snmp configuration file
|
||||||
|
displays the net-snmp version number
|
||||||
|
.TP
|
||||||
|
\fB\-ro\fR
|
||||||
|
-create an user with read-only permissions
|
||||||
|
+creates a user with read-only permissions
|
||||||
|
.TP
|
||||||
|
-\fB\-a authpass\fR
|
||||||
|
-specify authentication password
|
||||||
|
+\fB\-A authpass\fR
|
||||||
|
+specifies the authentication password
|
||||||
|
.TP
|
||||||
|
-\fB\-x privpass\fR
|
||||||
|
-specify encryption password
|
||||||
|
+\fB\-a MD5|SHA\fR
|
||||||
|
+specifies the authentication password hashing algorithm
|
||||||
|
.TP
|
||||||
|
-\fB\-X DES|AES\fR
|
||||||
|
-specify encryption algorithm
|
||||||
|
+\fB\-X privpass\fR
|
||||||
|
+specifies the encryption password
|
||||||
|
+.TP
|
||||||
|
+\fB\-x DES|AES\fR
|
||||||
|
+specifies the encryption algorithm
|
@ -0,0 +1,83 @@
|
|||||||
|
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||||
|
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:12:19.583503903 +0200
|
||||||
|
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:50:38.599703588 +0200
|
||||||
|
@@ -102,7 +102,6 @@ netsnmp_swinst_arch_load( netsnmp_contai
|
||||||
|
rpmtd td_name, td_version, td_release, td_group, td_time;
|
||||||
|
#else
|
||||||
|
char *n, *v, *r, *g;
|
||||||
|
- int32_t *t;
|
||||||
|
#endif
|
||||||
|
time_t install_time;
|
||||||
|
size_t date_len;
|
||||||
|
@@ -146,14 +145,13 @@ netsnmp_swinst_arch_load( netsnmp_contai
|
||||||
|
install_time = rpmtdGetNumber(td_time);
|
||||||
|
g = rpmtdGetString(td_group);
|
||||||
|
#else
|
||||||
|
- headerGetEntry( h, RPMTAG_NAME, NULL, (void**)&n, NULL);
|
||||||
|
- headerGetEntry( h, RPMTAG_VERSION, NULL, (void**)&v, NULL);
|
||||||
|
- headerGetEntry( h, RPMTAG_RELEASE, NULL, (void**)&r, NULL);
|
||||||
|
- headerGetEntry( h, RPMTAG_GROUP, NULL, (void**)&g, NULL);
|
||||||
|
- headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL);
|
||||||
|
+ n = headerGetString( h, RPMTAG_NAME);
|
||||||
|
+ v = headerGetString( h, RPMTAG_VERSION);
|
||||||
|
+ r = headerGetString( h, RPMTAG_RELEASE);
|
||||||
|
+ g = headerGetString( h, RPMTAG_GROUP);
|
||||||
|
+ install_time = headerGetNumber( h, RPMTAG_INSTALLTIME);
|
||||||
|
entry->swName_len = snprintf( entry->swName, sizeof(entry->swName),
|
||||||
|
"%s-%s-%s", n, v, r);
|
||||||
|
- install_time = *t;
|
||||||
|
#endif
|
||||||
|
entry->swType = (g && NULL != strstr( g, "System Environment"))
|
||||||
|
? 2 /* operatingSystem */
|
||||||
|
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||||
|
--- a/agent/mibgroup/host/hr_swinst.c 2018-07-18 16:12:19.582503907 +0200
|
||||||
|
+++ b/agent/mibgroup/host/hr_swinst.c 2018-07-18 17:09:29.716564197 +0200
|
||||||
|
@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp,
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
# ifdef HAVE_LIBRPM
|
||||||
|
- char *rpm_groups;
|
||||||
|
- if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) {
|
||||||
|
- if ( strstr(rpm_groups, "System Environment") != NULL )
|
||||||
|
+ const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP);
|
||||||
|
+ if ( NULL != rpm_group ) {
|
||||||
|
+ if ( strstr(rpm_group, "System Environment") != NULL )
|
||||||
|
long_return = 2; /* operatingSystem */
|
||||||
|
else
|
||||||
|
long_return = 4; /* applcation */
|
||||||
|
@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp,
|
||||||
|
case HRSWINST_DATE:
|
||||||
|
{
|
||||||
|
#ifdef HAVE_LIBRPM
|
||||||
|
- int32_t *rpm_data;
|
||||||
|
- if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) {
|
||||||
|
- time_t installTime = *rpm_data;
|
||||||
|
+ time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME);
|
||||||
|
+ if ( 0 != installTime ) {
|
||||||
|
ret = date_n_time(&installTime, var_len);
|
||||||
|
} else {
|
||||||
|
ret = date_n_time(NULL, var_len);
|
||||||
|
@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix)
|
||||||
|
if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) {
|
||||||
|
int offset;
|
||||||
|
Header h;
|
||||||
|
- char *n, *v, *r;
|
||||||
|
+ const char *n, *v, *r;
|
||||||
|
|
||||||
|
offset = swi->swi_recs[ix - 1];
|
||||||
|
|
||||||
|
@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix)
|
||||||
|
swi->swi_h = h;
|
||||||
|
swi->swi_prevx = ix;
|
||||||
|
|
||||||
|
- headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL);
|
||||||
|
- headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v,
|
||||||
|
- NULL);
|
||||||
|
- headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r,
|
||||||
|
- NULL);
|
||||||
|
+ n = headerGetString(swi->swi_h, RPMTAG_NAME);
|
||||||
|
+ v = headerGetString(swi->swi_h, RPMTAG_VERSION);
|
||||||
|
+ r = headerGetString(swi->swi_h, RPMTAG_RELEASE);
|
||||||
|
snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r);
|
||||||
|
swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
|
||||||
|
}
|
@ -0,0 +1,26 @@
|
|||||||
|
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||||
|
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200
|
||||||
|
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200
|
||||||
|
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
|
||||||
|
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
|
||||||
|
SNMP_FREE(rpmdbpath);
|
||||||
|
dbpath = NULL;
|
||||||
|
+#ifdef HAVE_RPMGETPATH
|
||||||
|
+ rpmFreeRpmrc();
|
||||||
|
+#endif
|
||||||
|
if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||||
|
snmp_log(LOG_ERR, "Can't find directory of RPM packages");
|
||||||
|
pkg_directory[0] = '\0';
|
||||||
|
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||||
|
--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200
|
||||||
|
+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200
|
||||||
|
@@ -231,6 +231,9 @@ init_hr_swinst(void)
|
||||||
|
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
|
||||||
|
path[ sizeof(path)-1 ] = 0;
|
||||||
|
swi->swi_directory = strdup(path);
|
||||||
|
+#ifdef HAVE_RPMGETPATH
|
||||||
|
+ rpmFreeRpmrc();
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
# ifdef _PATH_HRSW_directory
|
@ -0,0 +1,98 @@
|
|||||||
|
From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001
|
||||||
|
From: minfrin <minfrin@users.noreply.github.com>
|
||||||
|
Date: Tue, 5 Jan 2021 23:17:14 +0000
|
||||||
|
Subject: [PATCH] Add support for digests detected from ECC certificates
|
||||||
|
|
||||||
|
Previously, the digest could be detected on RSA certificates only. This
|
||||||
|
patch adds detection for ECC certificates.
|
||||||
|
|
||||||
|
[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2
|
||||||
|
back to _htmap ]
|
||||||
|
---
|
||||||
|
snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++-------
|
||||||
|
1 file changed, 50 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
|
||||||
|
index c092a007a..432cb5c27 100644
|
||||||
|
--- a/snmplib/snmp_openssl.c
|
||||||
|
+++ b/snmplib/snmp_openssl.c
|
||||||
|
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int _htmap[NS_HASH_MAX + 1] = {
|
||||||
|
- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption,
|
||||||
|
- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption,
|
||||||
|
- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption };
|
||||||
|
+static const struct {
|
||||||
|
+ uint16_t nid;
|
||||||
|
+ uint16_t ht;
|
||||||
|
+} _htmap[] = {
|
||||||
|
+ { 0, NS_HASH_NONE },
|
||||||
|
+#ifdef NID_md5WithRSAEncryption
|
||||||
|
+ { NID_md5WithRSAEncryption, NS_HASH_MD5 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_sha1WithRSAEncryption
|
||||||
|
+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_ecdsa_with_SHA1
|
||||||
|
+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_sha224WithRSAEncryption
|
||||||
|
+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_ecdsa_with_SHA224
|
||||||
|
+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_sha256WithRSAEncryption
|
||||||
|
+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_ecdsa_with_SHA256
|
||||||
|
+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_sha384WithRSAEncryption
|
||||||
|
+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_ecdsa_with_SHA384
|
||||||
|
+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_sha512WithRSAEncryption
|
||||||
|
+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 },
|
||||||
|
+#endif
|
||||||
|
+#ifdef NID_ecdsa_with_SHA512
|
||||||
|
+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 },
|
||||||
|
+#endif
|
||||||
|
+};
|
||||||
|
|
||||||
|
int
|
||||||
|
_nid2ht(int nid)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
- for (i=1; i<= NS_HASH_MAX; ++i) {
|
||||||
|
- if (nid == _htmap[i])
|
||||||
|
- return i;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
|
||||||
|
+ if (_htmap[i].nid == nid)
|
||||||
|
+ return _htmap[i].ht;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -541,9 +577,13 @@ _nid2ht(int nid)
|
||||||
|
int
|
||||||
|
_ht2nid(int ht)
|
||||||
|
{
|
||||||
|
- if ((ht < 0) || (ht > NS_HASH_MAX))
|
||||||
|
- return 0;
|
||||||
|
- return _htmap[ht];
|
||||||
|
+ int i;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
|
||||||
|
+ if (_htmap[i].ht == ht)
|
||||||
|
+ return _htmap[i].nid;
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */
|
||||||
|
|
||||||
|
|
@ -0,0 +1,18 @@
|
|||||||
|
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||||
|
index ac3c60f..177c00f 100644
|
||||||
|
--- a/net-snmp-create-v3-user.in
|
||||||
|
+++ b/net-snmp-create-v3-user.in
|
||||||
|
@@ -57,11 +57,11 @@ case $1 in
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
case $1 in
|
||||||
|
- DES|AES|AES128)
|
||||||
|
+ AES|AES128|AES192|AES256)
|
||||||
|
Xalgorithm=$1
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
- des|aes|aes128)
|
||||||
|
+ aes|aes128|aes192|aes256)
|
||||||
|
Xalgorithm=$(echo "$1" | tr a-z A-Z)
|
||||||
|
shift
|
||||||
|
;;
|
@ -0,0 +1,46 @@
|
|||||||
|
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
|
||||||
|
index 4f78df3..fd25b3f 100644
|
||||||
|
--- a/agent/mibgroup/host/hr_filesys.c
|
||||||
|
+++ b/agent/mibgroup/host/hr_filesys.c
|
||||||
|
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
|
||||||
|
"shm",
|
||||||
|
"sockfs",
|
||||||
|
"sysfs",
|
||||||
|
+ "tmpfs",
|
||||||
|
"usbdevfs",
|
||||||
|
"usbfs",
|
||||||
|
#endif
|
||||||
|
diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c
|
||||||
|
index 6b459ec..f7a376b 100644
|
||||||
|
--- a/agent/mibgroup/host/hr_storage.c
|
||||||
|
+++ b/agent/mibgroup/host/hr_storage.c
|
||||||
|
@@ -540,9 +540,10 @@ really_try_next:
|
||||||
|
|
||||||
|
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
|
||||||
|
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
|
||||||
|
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||||
|
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||||
|
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
|
||||||
|
- Check_HR_FileSys_NFS())
|
||||||
|
+ Check_HR_FileSys_NFS()) ||
|
||||||
|
+ Check_HR_FileSys_AutoFs())
|
||||||
|
return NULL; /* or goto try_next; */
|
||||||
|
if (Check_HR_FileSys_AutoFs())
|
||||||
|
return NULL;
|
||||||
|
diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c
|
||||||
|
index 8967d35..9bf2659 100644
|
||||||
|
--- a/agent/mibgroup/host/hrh_storage.c
|
||||||
|
+++ b/agent/mibgroup/host/hrh_storage.c
|
||||||
|
@@ -366,9 +366,10 @@ really_try_next:
|
||||||
|
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
|
||||||
|
if (HRFS_entry &&
|
||||||
|
store_idx > NETSNMP_MEM_TYPE_MAX &&
|
||||||
|
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||||
|
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||||
|
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
|
||||||
|
- Check_HR_FileSys_NFS())
|
||||||
|
+ Check_HR_FileSys_NFS()) ||
|
||||||
|
+ Check_HR_FileSys_AutoFs()))
|
||||||
|
return NULL;
|
||||||
|
if (HRFS_entry && Check_HR_FileSys_AutoFs())
|
||||||
|
return NULL;
|
@ -0,0 +1,36 @@
|
|||||||
|
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
|
||||||
|
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
|
||||||
|
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
|
||||||
|
@@ -140,10 +140,10 @@ else
|
||||||
|
;;
|
||||||
|
#################################################### compile
|
||||||
|
--base-cflags)
|
||||||
|
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
|
||||||
|
+ echo -I${NSC_INCLUDEDIR}
|
||||||
|
;;
|
||||||
|
--cflags|--cf*)
|
||||||
|
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
|
||||||
|
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
|
||||||
|
;;
|
||||||
|
--srcdir)
|
||||||
|
echo $NSC_SRCDIR
|
||||||
|
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
|
||||||
|
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
|
||||||
|
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200
|
||||||
|
@@ -1,3 +1,4 @@
|
||||||
|
+use lib '.';
|
||||||
|
use strict;
|
||||||
|
use warnings;
|
||||||
|
use ExtUtils::MakeMaker;
|
||||||
|
diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
|
||||||
|
--- a/perl/MakefileSubs.pm 2020-08-26 08:32:52.498909823 +0200
|
||||||
|
+++ b/perl/MakefileSubs.pm 2020-08-26 08:36:44.097218448 +0200
|
||||||
|
@@ -116,7 +116,7 @@ sub AddCommonParams {
|
||||||
|
append($Params->{'CCFLAGS'}, $cflags);
|
||||||
|
append($Params->{'CCFLAGS'}, $Config{'ccflags'});
|
||||||
|
# Suppress known Perl header shortcomings.
|
||||||
|
- $Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
|
||||||
|
+ $Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
|
||||||
|
append($Params->{'CCFLAGS'}, '-Wformat');
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,22 @@
|
|||||||
|
diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
|
||||||
|
index e9a8831..5a1d8e7 100644
|
||||||
|
--- a/agent/mibgroup/disman/event/mteTrigger.c
|
||||||
|
+++ b/agent/mibgroup/disman/event/mteTrigger.c
|
||||||
|
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
|
||||||
|
* Similarly, if no fallEvent is configured,
|
||||||
|
* there's no point in trying to fire it either.
|
||||||
|
*/
|
||||||
|
- if (entry->mteTThRiseEvent[0] != '\0' ) {
|
||||||
|
+ if (entry->mteTThFallEvent[0] != '\0' ) {
|
||||||
|
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||||
|
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||||
|
entry->mteTriggerFired = vp1;
|
||||||
|
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
|
||||||
|
* Similarly, if no fallEvent is configured,
|
||||||
|
* there's no point in trying to fire it either.
|
||||||
|
*/
|
||||||
|
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
|
||||||
|
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
|
||||||
|
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||||
|
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||||
|
entry->mteTriggerFired = vp1;
|
@ -0,0 +1,24 @@
|
|||||||
|
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||||
|
index b0c71d9..ac3c60f 100644
|
||||||
|
--- a/net-snmp-create-v3-user.in
|
||||||
|
+++ b/net-snmp-create-v3-user.in
|
||||||
|
@@ -14,6 +14,10 @@ Xalgorithm="DES"
|
||||||
|
token=rwuser
|
||||||
|
|
||||||
|
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
|
||||||
|
+case "$1" in
|
||||||
|
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
||||||
|
+ *) optarg= ;;
|
||||||
|
+esac
|
||||||
|
|
||||||
|
unset shifted
|
||||||
|
case $1 in
|
||||||
|
@@ -136,7 +140,7 @@ fi
|
||||||
|
echo "$line" >> "$outfile"
|
||||||
|
# Avoid that configure complains that this script ignores @datarootdir@
|
||||||
|
echo "@datarootdir@" >/dev/null
|
||||||
|
-outfile="@datadir@/snmp/snmpd.conf"
|
||||||
|
+outfile="/etc/snmp/snmpd.conf"
|
||||||
|
line="$token $user"
|
||||||
|
echo "adding the following line to $outfile:"
|
||||||
|
echo " $line"
|
@ -0,0 +1,180 @@
|
|||||||
|
diff --git a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
|
||||||
|
index 7c756ff..ff22019 100644
|
||||||
|
--- a/agent/mibgroup/ucd-snmp/disk.c
|
||||||
|
+++ b/agent/mibgroup/ucd-snmp/disk.c
|
||||||
|
@@ -153,9 +153,10 @@ static void disk_free_config(void);
|
||||||
|
static void disk_parse_config(const char *, char *);
|
||||||
|
static void disk_parse_config_all(const char *, char *);
|
||||||
|
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
|
||||||
|
-static void find_and_add_allDisks(int minpercent);
|
||||||
|
+static void refresh_disk_table(int addNewDisks, int minpercent);
|
||||||
|
static void add_device(char *path, char *device,
|
||||||
|
- int minspace, int minpercent, int override);
|
||||||
|
+ int minspace, int minpercent, int addNewDisks,
|
||||||
|
+ int override);
|
||||||
|
static void modify_disk_parameters(int index, int minspace,
|
||||||
|
int minpercent);
|
||||||
|
static int disk_exists(char *path);
|
||||||
|
@@ -167,6 +168,7 @@ struct diskpart {
|
||||||
|
char path[STRMAX];
|
||||||
|
int minimumspace;
|
||||||
|
int minpercent;
|
||||||
|
+ int alive;
|
||||||
|
};
|
||||||
|
|
||||||
|
#define MAX_INT_32 0x7fffffff
|
||||||
|
@@ -174,6 +176,7 @@ struct diskpart {
|
||||||
|
|
||||||
|
unsigned int numdisks;
|
||||||
|
int allDisksIncluded = 0;
|
||||||
|
+int allDisksMinPercent = 0;
|
||||||
|
unsigned int maxdisks = 0;
|
||||||
|
struct diskpart *disks;
|
||||||
|
|
||||||
|
@@ -238,6 +241,7 @@ init_disk(void)
|
||||||
|
disk_free_config,
|
||||||
|
"minpercent%");
|
||||||
|
allDisksIncluded = 0;
|
||||||
|
+ allDisksMinPercent = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -253,6 +257,7 @@ disk_free_config(void)
|
||||||
|
disks[i].minpercent = -1;
|
||||||
|
}
|
||||||
|
allDisksIncluded = 0;
|
||||||
|
+ allDisksMinPercent = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, char *cptr)
|
||||||
|
* check if the disk already exists, if so then modify its
|
||||||
|
* parameters. if it does not exist then add it
|
||||||
|
*/
|
||||||
|
- add_device(path, find_device(path), minspace, minpercent, 1);
|
||||||
|
+ add_device(path, find_device(path), minspace, minpercent, 1, 1);
|
||||||
|
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token, char *cptr)
|
||||||
|
|
||||||
|
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
|
||||||
|
static void
|
||||||
|
-add_device(char *path, char *device, int minspace, int minpercent, int override)
|
||||||
|
+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override)
|
||||||
|
{
|
||||||
|
int index;
|
||||||
|
|
||||||
|
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
|
||||||
|
}
|
||||||
|
|
||||||
|
index = disk_exists(path);
|
||||||
|
- if((index != -1) && (index < maxdisks) && (override==1)) {
|
||||||
|
- modify_disk_parameters(index, minspace, minpercent);
|
||||||
|
+ if((index != -1) && (index < maxdisks)) {
|
||||||
|
+ /* the path is already in the table */
|
||||||
|
+ disks[index].alive = 1;
|
||||||
|
+ /* -> update its device */
|
||||||
|
+ strlcpy(disks[index].device, device, sizeof(disks[index].device));
|
||||||
|
+ if (override == 1) {
|
||||||
|
+ modify_disk_parameters(index, minspace, minpercent);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
- else if(index == -1){
|
||||||
|
+ else if(index == -1 && addNewDisks){
|
||||||
|
/* add if and only if the device was found */
|
||||||
|
if(device[0] != 0) {
|
||||||
|
/* The following buffers are cleared above, no need to add '\0' */
|
||||||
|
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
|
||||||
|
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
|
||||||
|
disks[numdisks].minimumspace = minspace;
|
||||||
|
disks[numdisks].minpercent = minpercent;
|
||||||
|
+ disks[numdisks].alive = 1;
|
||||||
|
numdisks++;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override)
|
||||||
|
disks[numdisks].minpercent = -1;
|
||||||
|
disks[numdisks].path[0] = 0;
|
||||||
|
disks[numdisks].device[0] = 0;
|
||||||
|
+ disks[numdisks].alive = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -444,7 +457,7 @@ int disk_exists(char *path)
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
-find_and_add_allDisks(int minpercent)
|
||||||
|
+refresh_disk_table(int addNewDisks, int minpercent)
|
||||||
|
{
|
||||||
|
#if HAVE_GETMNTENT
|
||||||
|
#if HAVE_SYS_MNTTAB_H
|
||||||
|
@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
while (mntfp && NULL != (mntent = getmntent(mntfp))) {
|
||||||
|
- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
|
||||||
|
+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
|
||||||
|
dummy = 1;
|
||||||
|
}
|
||||||
|
if (mntfp)
|
||||||
|
@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
while ((i = getmntent(mntfp, &mnttab)) == 0) {
|
||||||
|
- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
|
||||||
|
+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
|
||||||
|
dummy = 1;
|
||||||
|
}
|
||||||
|
fclose(mntfp);
|
||||||
|
@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent)
|
||||||
|
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
|
||||||
|
for (i = 0; i < mntsize; i++) {
|
||||||
|
add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1,
|
||||||
|
- minpercent, 0);
|
||||||
|
+ minpercent, addNewDisks 0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#elif HAVE_FSTAB_H
|
||||||
|
setfsent(); /* open /etc/fstab */
|
||||||
|
while((fstab1 = getfsent()) != NULL) {
|
||||||
|
- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
|
||||||
|
+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
|
||||||
|
dummy = 1;
|
||||||
|
}
|
||||||
|
endfsent(); /* close /etc/fstab */
|
||||||
|
@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent)
|
||||||
|
* statfs we default to the root partition "/"
|
||||||
|
*/
|
||||||
|
if (statfs("/", &statf) == 0) {
|
||||||
|
- add_device("/", statf.f_mntfromname, -1, minpercent, 0);
|
||||||
|
+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
else {
|
||||||
|
@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry)
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ if (disks[disknum].alive == 0){
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
entry->dskPercentInode = -1;
|
||||||
|
|
||||||
|
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
|
||||||
|
@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp,
|
||||||
|
static char *errmsg;
|
||||||
|
static char empty_str[1];
|
||||||
|
|
||||||
|
+ int i;
|
||||||
|
+ for (i = 0; i < numdisks; i++){
|
||||||
|
+ disks[i].alive = 0;
|
||||||
|
+ }
|
||||||
|
+ /* dynamically add new disks + update alive flag */
|
||||||
|
+ refresh_disk_table(allDisksIncluded, allDisksMinPercent);
|
||||||
|
+
|
||||||
|
tryAgain:
|
||||||
|
if (header_simple_table
|
||||||
|
(vp, name, length, exact, var_len, write_method, numdisks))
|
@ -0,0 +1,994 @@
|
|||||||
|
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
|
||||||
|
index 80e2a19..143adbb 100644
|
||||||
|
--- a/include/net-snmp/library/cert_util.h
|
||||||
|
+++ b/include/net-snmp/library/cert_util.h
|
||||||
|
@@ -55,7 +55,8 @@ extern "C" {
|
||||||
|
char *common_name;
|
||||||
|
|
||||||
|
u_char hash_type;
|
||||||
|
- u_char _pad[3]; /* for future use */
|
||||||
|
+ u_char _pad[1]; /* for future use */
|
||||||
|
+ u_short offset;
|
||||||
|
} netsnmp_cert;
|
||||||
|
|
||||||
|
/** types */
|
||||||
|
@@ -100,6 +101,7 @@ extern "C" {
|
||||||
|
|
||||||
|
NETSNMP_IMPORT
|
||||||
|
netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint);
|
||||||
|
+ netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint);
|
||||||
|
|
||||||
|
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
|
||||||
|
|
||||||
|
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
|
||||||
|
index 471bb0b..6c5a23f 100644
|
||||||
|
--- a/include/net-snmp/library/dir_utils.h
|
||||||
|
+++ b/include/net-snmp/library/dir_utils.h
|
||||||
|
@@ -53,6 +53,8 @@ extern "C" {
|
||||||
|
#define NETSNMP_DIR_NSFILE 0x0010
|
||||||
|
/** load stats in netsnmp_file */
|
||||||
|
#define NETSNMP_DIR_NSFILE_STATS 0x0020
|
||||||
|
+/** allow files to be indexed more than once */
|
||||||
|
+#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
|
||||||
|
index e7b7114..bee0b5f 100644
|
||||||
|
--- a/snmplib/cert_util.c
|
||||||
|
+++ b/snmplib/cert_util.c
|
||||||
|
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
|
||||||
|
* bump this value whenever cert index format changes, so indexes
|
||||||
|
* will be regenerated with new format.
|
||||||
|
*/
|
||||||
|
-#define CERT_INDEX_FORMAT 1
|
||||||
|
+#define CERT_INDEX_FORMAT 2
|
||||||
|
|
||||||
|
static netsnmp_container *_certs = NULL;
|
||||||
|
static netsnmp_container *_keys = NULL;
|
||||||
|
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
|
||||||
|
netsnmp_cert_common *rhs);
|
||||||
|
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
|
||||||
|
static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
|
||||||
|
+static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *matching);
|
||||||
|
+static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *matching, int what);
|
||||||
|
static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
|
||||||
|
const char *directory);
|
||||||
|
static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
|
||||||
|
@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
|
||||||
|
{
|
||||||
|
netsnmp_container *c;
|
||||||
|
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
c = netsnmp_container_find("certs:binary_array");
|
||||||
|
if (NULL == c) {
|
||||||
|
snmp_log(LOG_ERR, "could not create container for %s\n", use);
|
||||||
|
@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
|
||||||
|
c->free_item = (netsnmp_container_obj_func*)_cert_free;
|
||||||
|
c->compare = (netsnmp_container_compare*)_cert_compare;
|
||||||
|
|
||||||
|
+ CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||||
|
+
|
||||||
|
return c;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -362,6 +368,8 @@ _setup_containers(void)
|
||||||
|
{
|
||||||
|
netsnmp_container *additional_keys;
|
||||||
|
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
_certs = _get_cert_container("netsnmp certificates");
|
||||||
|
if (NULL == _certs)
|
||||||
|
return;
|
||||||
|
@@ -376,6 +384,7 @@ _setup_containers(void)
|
||||||
|
additional_keys->container_name = strdup("certs_cn");
|
||||||
|
additional_keys->free_item = NULL;
|
||||||
|
additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
|
||||||
|
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||||
|
netsnmp_container_add_index(_certs, additional_keys);
|
||||||
|
|
||||||
|
/** additional keys: subject name */
|
||||||
|
@@ -389,6 +398,7 @@ _setup_containers(void)
|
||||||
|
additional_keys->free_item = NULL;
|
||||||
|
additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
|
||||||
|
additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
|
||||||
|
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||||
|
netsnmp_container_add_index(_certs, additional_keys);
|
||||||
|
|
||||||
|
/** additional keys: file name */
|
||||||
|
@@ -402,6 +412,7 @@ _setup_containers(void)
|
||||||
|
additional_keys->free_item = NULL;
|
||||||
|
additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
|
||||||
|
additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
|
||||||
|
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||||
|
netsnmp_container_add_index(_certs, additional_keys);
|
||||||
|
|
||||||
|
_keys = netsnmp_container_find("cert_keys:binary_array");
|
||||||
|
@@ -424,9 +435,9 @@ netsnmp_cert_map_container(void)
|
||||||
|
}
|
||||||
|
|
||||||
|
static netsnmp_cert *
|
||||||
|
-_new_cert(const char *dirname, const char *filename, int certType,
|
||||||
|
- int hashType, const char *fingerprint, const char *common_name,
|
||||||
|
- const char *subject)
|
||||||
|
+_new_cert(const char *dirname, const char *filename, int certType, int offset,
|
||||||
|
+ int allowed_uses, int hashType, const char *fingerprint,
|
||||||
|
+ const char *common_name, const char *subject)
|
||||||
|
{
|
||||||
|
netsnmp_cert *cert;
|
||||||
|
|
||||||
|
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
|
||||||
|
|
||||||
|
cert->info.dir = strdup(dirname);
|
||||||
|
cert->info.filename = strdup(filename);
|
||||||
|
- cert->info.allowed_uses = NS_CERT_REMOTE_PEER;
|
||||||
|
+ /* only the first certificate is allowed to be a remote peer */
|
||||||
|
+ cert->info.allowed_uses = allowed_uses;
|
||||||
|
cert->info.type = certType;
|
||||||
|
+ cert->offset = offset;
|
||||||
|
if (fingerprint) {
|
||||||
|
cert->hash_type = hashType;
|
||||||
|
cert->fingerprint = strdup(fingerprint);
|
||||||
|
@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
|
||||||
|
* certificate utility functions
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
+static BIO *
|
||||||
|
+netsnmp_open_bio(const char *dir, const char *filename)
|
||||||
|
+{
|
||||||
|
+ BIO *certbio;
|
||||||
|
+ char file[SNMP_MAXPATH];
|
||||||
|
+
|
||||||
|
+ DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename));
|
||||||
|
+
|
||||||
|
+ certbio = BIO_new(BIO_s_file());
|
||||||
|
+ if (NULL == certbio) {
|
||||||
|
+ snmp_log(LOG_ERR, "error creating BIO\n");
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ snprintf(file, sizeof(file),"%s/%s", dir, filename);
|
||||||
|
+ if (BIO_read_filename(certbio, file) <=0) {
|
||||||
|
+ snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", file);
|
||||||
|
+ BIO_vfree(certbio);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return certbio;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert)
|
||||||
|
+{
|
||||||
|
+ int is_ca;
|
||||||
|
+
|
||||||
|
+ cert->ocert = ocert;
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * X509_check_ca return codes:
|
||||||
|
+ * 0 not a CA
|
||||||
|
+ * 1 is a CA
|
||||||
|
+ * 2 basicConstraints absent so "maybe" a CA
|
||||||
|
+ * 3 basicConstraints absent but self signed V1.
|
||||||
|
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
|
||||||
|
+ * 5 outdated Netscape Certificate Type CA extension.
|
||||||
|
+ */
|
||||||
|
+ is_ca = X509_check_ca(ocert);
|
||||||
|
+ if (1 == is_ca)
|
||||||
|
+ cert->info.allowed_uses |= NS_CERT_CA;
|
||||||
|
+
|
||||||
|
+ if (NULL == cert->subject) {
|
||||||
|
+ cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
|
||||||
|
+ 0);
|
||||||
|
+ DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (NULL == cert->issuer) {
|
||||||
|
+ cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
|
||||||
|
+ if (strcmp(cert->subject, cert->issuer) == 0) {
|
||||||
|
+ free(cert->issuer);
|
||||||
|
+ cert->issuer = strdup("self-signed");
|
||||||
|
+ }
|
||||||
|
+ DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (NULL == cert->fingerprint) {
|
||||||
|
+ cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
|
||||||
|
+ cert->fingerprint =
|
||||||
|
+ netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (NULL == cert->common_name) {
|
||||||
|
+ cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
|
||||||
|
+ NULL);
|
||||||
|
+ DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static X509 *
|
||||||
|
netsnmp_ocert_get(netsnmp_cert *cert)
|
||||||
|
{
|
||||||
|
BIO *certbio;
|
||||||
|
X509 *ocert = NULL;
|
||||||
|
+ X509 *ncert = NULL;
|
||||||
|
EVP_PKEY *okey = NULL;
|
||||||
|
- char file[SNMP_MAXPATH];
|
||||||
|
- int is_ca;
|
||||||
|
|
||||||
|
if (NULL == cert)
|
||||||
|
return NULL;
|
||||||
|
@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename));
|
||||||
|
-
|
||||||
|
- certbio = BIO_new(BIO_s_file());
|
||||||
|
- if (NULL == certbio) {
|
||||||
|
- snmp_log(LOG_ERR, "error creating BIO\n");
|
||||||
|
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
|
||||||
|
+ if (!certbio) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
|
||||||
|
- if (BIO_read_filename(certbio, file) <=0) {
|
||||||
|
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
|
||||||
|
- BIO_vfree(certbio);
|
||||||
|
- return NULL;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
|
||||||
|
- char *pos = strrchr(cert->info.filename, '.');
|
||||||
|
- if (NULL == pos)
|
||||||
|
- return NULL;
|
||||||
|
- cert->info.type = _cert_ext_type(++pos);
|
||||||
|
- netsnmp_assert(cert->info.type != NS_CERT_TYPE_UNKNOWN);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
switch (cert->info.type) {
|
||||||
|
|
||||||
|
case NS_CERT_TYPE_DER:
|
||||||
|
+ (void)BIO_seek(certbio, cert->offset);
|
||||||
|
ocert = d2i_X509_bio(certbio,NULL); /* DER/ASN1 */
|
||||||
|
if (NULL != ocert)
|
||||||
|
break;
|
||||||
|
- (void)BIO_reset(certbio);
|
||||||
|
/* Check for PEM if DER didn't work */
|
||||||
|
/* FALLTHROUGH */
|
||||||
|
|
||||||
|
case NS_CERT_TYPE_PEM:
|
||||||
|
- ocert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||||
|
+ (void)BIO_seek(certbio, cert->offset);
|
||||||
|
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||||
|
if (NULL == ocert)
|
||||||
|
break;
|
||||||
|
if (NS_CERT_TYPE_DER == cert->info.type) {
|
||||||
|
DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
|
||||||
|
cert->info.type = NS_CERT_TYPE_PEM;
|
||||||
|
}
|
||||||
|
- /** check for private key too */
|
||||||
|
- if (NULL == cert->key) {
|
||||||
|
- (void)BIO_reset(certbio);
|
||||||
|
- okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||||
|
+ /** check for private key too, but only if we're the first certificate */
|
||||||
|
+ if (0 == cert->offset && NULL == cert->key) {
|
||||||
|
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||||
|
if (NULL != okey) {
|
||||||
|
netsnmp_key *key;
|
||||||
|
DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
|
||||||
|
@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
|
||||||
|
break;
|
||||||
|
#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
|
||||||
|
case NS_CERT_TYPE_PKCS12:
|
||||||
|
- (void)BIO_reset(certbio);
|
||||||
|
+ (void)BIO_seek(certbio, cert->offset);
|
||||||
|
PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
|
||||||
|
if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
|
||||||
|
PKCS12_verify_mac(p12, NULL, 0)))
|
||||||
|
@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- cert->ocert = ocert;
|
||||||
|
- /*
|
||||||
|
- * X509_check_ca return codes:
|
||||||
|
- * 0 not a CA
|
||||||
|
- * 1 is a CA
|
||||||
|
- * 2 basicConstraints absent so "maybe" a CA
|
||||||
|
- * 3 basicConstraints absent but self signed V1.
|
||||||
|
- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
|
||||||
|
- * 5 outdated Netscape Certificate Type CA extension.
|
||||||
|
- */
|
||||||
|
- is_ca = X509_check_ca(ocert);
|
||||||
|
- if (1 == is_ca)
|
||||||
|
- cert->info.allowed_uses |= NS_CERT_CA;
|
||||||
|
-
|
||||||
|
- if (NULL == cert->subject) {
|
||||||
|
- cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
|
||||||
|
- 0);
|
||||||
|
- DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (NULL == cert->issuer) {
|
||||||
|
- cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
|
||||||
|
- if (strcmp(cert->subject, cert->issuer) == 0) {
|
||||||
|
- free(cert->issuer);
|
||||||
|
- cert->issuer = strdup("self-signed");
|
||||||
|
- }
|
||||||
|
- DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (NULL == cert->fingerprint) {
|
||||||
|
- cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
|
||||||
|
- cert->fingerprint =
|
||||||
|
- netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (NULL == cert->common_name) {
|
||||||
|
- cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
|
||||||
|
- NULL);
|
||||||
|
- DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
|
||||||
|
- }
|
||||||
|
+ netsnmp_ocert_parse(cert, ocert);
|
||||||
|
|
||||||
|
return ocert;
|
||||||
|
}
|
||||||
|
@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key)
|
||||||
|
{
|
||||||
|
BIO *keybio;
|
||||||
|
EVP_PKEY *okey;
|
||||||
|
- char file[SNMP_MAXPATH];
|
||||||
|
|
||||||
|
if (NULL == key)
|
||||||
|
return NULL;
|
||||||
|
@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key)
|
||||||
|
if (key->okey)
|
||||||
|
return key->okey;
|
||||||
|
|
||||||
|
- snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename);
|
||||||
|
- DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename));
|
||||||
|
-
|
||||||
|
- keybio = BIO_new(BIO_s_file());
|
||||||
|
- if (NULL == keybio) {
|
||||||
|
- snmp_log(LOG_ERR, "error creating BIO\n");
|
||||||
|
- return NULL;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (BIO_read_filename(keybio, file) <=0) {
|
||||||
|
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n",
|
||||||
|
- key->info.filename);
|
||||||
|
- BIO_vfree(keybio);
|
||||||
|
+ keybio = netsnmp_open_bio(key->info.dir, key->info.filename);
|
||||||
|
+ if (!keybio) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
|
||||||
|
cert->issuer_cert = _find_issuer(cert);
|
||||||
|
if (NULL == cert->issuer_cert) {
|
||||||
|
DEBUGMSGT(("cert:load:warn",
|
||||||
|
- "couldn't load CA chain for cert %s\n",
|
||||||
|
+ "couldn't load full CA chain for cert %s\n",
|
||||||
|
cert->info.filename));
|
||||||
|
rc = CERT_LOAD_PARTIAL;
|
||||||
|
break;
|
||||||
|
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
|
||||||
|
/** get issuer ocert */
|
||||||
|
if ((NULL == cert->issuer_cert->ocert) &&
|
||||||
|
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
|
||||||
|
- DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n",
|
||||||
|
+ DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for %s\n",
|
||||||
|
cert->info.filename));
|
||||||
|
rc = CERT_LOAD_PARTIAL;
|
||||||
|
break;
|
||||||
|
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if(key) {
|
||||||
|
+ if (key) {
|
||||||
|
if (key->cert) {
|
||||||
|
DEBUGMSGT(("cert:partner", "key already has partner\n"));
|
||||||
|
return;
|
||||||
|
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||||
|
return;
|
||||||
|
*pos = 0;
|
||||||
|
|
||||||
|
- matching = _cert_find_subset_fn( filename, key->info.dir );
|
||||||
|
+ matching = _cert_reduce_subset_first(_cert_find_subset_fn( filename,
|
||||||
|
+ key->info.dir ));
|
||||||
|
if (!matching)
|
||||||
|
return;
|
||||||
|
if (1 == matching->size) {
|
||||||
|
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||||
|
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
|
||||||
|
key->info.filename));
|
||||||
|
}
|
||||||
|
- else if(cert) {
|
||||||
|
+ else if (cert) {
|
||||||
|
if (cert->key) {
|
||||||
|
DEBUGMSGT(("cert:partner", "cert already has partner\n"));
|
||||||
|
return;
|
||||||
|
@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+static netsnmp_key *
|
||||||
|
+_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *index)
|
||||||
|
+{
|
||||||
|
+ netsnmp_key *key;
|
||||||
|
+
|
||||||
|
+ key = _new_key(dirname, filename);
|
||||||
|
+ if (NULL == key) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ key->okey = okey;
|
||||||
|
+
|
||||||
|
+ if (-1 == CONTAINER_INSERT(_keys, key)) {
|
||||||
|
+ DEBUGMSGT(("cert:key:file:add:err",
|
||||||
|
+ "error inserting key into container\n"));
|
||||||
|
+ netsnmp_key_free(key);
|
||||||
|
+ key = NULL;
|
||||||
|
+ }
|
||||||
|
+ if (index) {
|
||||||
|
+ fprintf(index, "k:%s\n", filename);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return key;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static netsnmp_cert *
|
||||||
|
+_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset,
|
||||||
|
+ int allowed_uses, FILE *index)
|
||||||
|
+{
|
||||||
|
+ netsnmp_cert *cert;
|
||||||
|
+
|
||||||
|
+ cert = _new_cert(dirname, filename, type, offset,
|
||||||
|
+ allowed_uses, -1, NULL, NULL, NULL);
|
||||||
|
+ if (NULL == cert)
|
||||||
|
+ return NULL;
|
||||||
|
+
|
||||||
|
+ netsnmp_ocert_parse(cert, ocert);
|
||||||
|
+
|
||||||
|
+ if (-1 == CONTAINER_INSERT(_certs, cert)) {
|
||||||
|
+ DEBUGMSGT(("cert:file:add:err",
|
||||||
|
+ "error inserting cert into container\n"));
|
||||||
|
+ netsnmp_cert_free(cert);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (index) {
|
||||||
|
+ /** filename = NAME_MAX = 255 */
|
||||||
|
+ /** fingerprint max = 64*3=192 for sha512 */
|
||||||
|
+ /** common name / CN = 64 */
|
||||||
|
+ if (cert)
|
||||||
|
+ fprintf(index, "c:%s %d %d %d %d %s '%s' '%s'\n", filename,
|
||||||
|
+ cert->info.type, cert->offset, cert->info.allowed_uses,
|
||||||
|
+ cert->hash_type, cert->fingerprint,
|
||||||
|
+ cert->common_name, cert->subject);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return cert;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int
|
||||||
|
_add_certfile(const char* dirname, const char* filename, FILE *index)
|
||||||
|
{
|
||||||
|
- X509 *ocert;
|
||||||
|
- EVP_PKEY *okey;
|
||||||
|
+ BIO *certbio;
|
||||||
|
+ X509 *ocert = NULL;
|
||||||
|
+ X509 *ncert;
|
||||||
|
+ EVP_PKEY *okey = NULL;
|
||||||
|
netsnmp_cert *cert = NULL;
|
||||||
|
netsnmp_key *key = NULL;
|
||||||
|
char certfile[SNMP_MAXPATH];
|
||||||
|
int type;
|
||||||
|
+ int offset = 0;
|
||||||
|
|
||||||
|
if (((const void*)NULL == dirname) || (NULL == filename))
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
type = _type_from_filename(filename);
|
||||||
|
- netsnmp_assert(type != NS_CERT_TYPE_UNKNOWN);
|
||||||
|
+ if (type == NS_CERT_TYPE_UNKNOWN) {
|
||||||
|
+ snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignoring\n", filename);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename);
|
||||||
|
+ certbio = netsnmp_open_bio(dirname, filename);
|
||||||
|
+ if (!certbio) {
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename,
|
||||||
|
- type));
|
||||||
|
+ switch (type) {
|
||||||
|
|
||||||
|
- if (NS_CERT_TYPE_KEY == type) {
|
||||||
|
- key = _new_key(dirname, filename);
|
||||||
|
- if (NULL == key)
|
||||||
|
- return -1;
|
||||||
|
- okey = netsnmp_okey_get(key);
|
||||||
|
- if (NULL == okey) {
|
||||||
|
- netsnmp_key_free(key);
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
- key->okey = okey;
|
||||||
|
- if (-1 == CONTAINER_INSERT(_keys, key)) {
|
||||||
|
- DEBUGMSGT(("cert:key:file:add:err",
|
||||||
|
- "error inserting key into container\n"));
|
||||||
|
- netsnmp_key_free(key);
|
||||||
|
- key = NULL;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- else {
|
||||||
|
- cert = _new_cert(dirname, filename, type, -1, NULL, NULL, NULL);
|
||||||
|
- if (NULL == cert)
|
||||||
|
- return -1;
|
||||||
|
- ocert = netsnmp_ocert_get(cert);
|
||||||
|
- if (NULL == ocert) {
|
||||||
|
- netsnmp_cert_free(cert);
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
- cert->ocert = ocert;
|
||||||
|
- if (-1 == CONTAINER_INSERT(_certs, cert)) {
|
||||||
|
- DEBUGMSGT(("cert:file:add:err",
|
||||||
|
- "error inserting cert into container\n"));
|
||||||
|
- netsnmp_cert_free(cert);
|
||||||
|
- cert = NULL;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- if ((NULL == cert) && (NULL == key)) {
|
||||||
|
- DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile));
|
||||||
|
- return -1;
|
||||||
|
+ case NS_CERT_TYPE_KEY:
|
||||||
|
+
|
||||||
|
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||||
|
+ if (NULL == okey)
|
||||||
|
+ snmp_log(LOG_ERR, "error parsing key file %s\n",
|
||||||
|
+ key->info.filename);
|
||||||
|
+ else {
|
||||||
|
+ key = _add_key(okey, dirname, filename, index);
|
||||||
|
+ if (NULL == key) {
|
||||||
|
+ EVP_PKEY_free(okey);
|
||||||
|
+ okey = NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
+ case NS_CERT_TYPE_DER:
|
||||||
|
+
|
||||||
|
+ ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */
|
||||||
|
+ if (NULL != ocert) {
|
||||||
|
+ if (!_add_cert(ocert, dirname, filename, type, 0,
|
||||||
|
+ NS_CERT_REMOTE_PEER, index)) {
|
||||||
|
+ X509_free(ocert);
|
||||||
|
+ ocert = NULL;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ (void)BIO_reset(certbio);
|
||||||
|
+ /* Check for PEM if DER didn't work */
|
||||||
|
+ /* FALLTHROUGH */
|
||||||
|
+
|
||||||
|
+ case NS_CERT_TYPE_PEM:
|
||||||
|
+
|
||||||
|
+ if (NS_CERT_TYPE_DER == type) {
|
||||||
|
+ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
|
||||||
|
+ type = NS_CERT_TYPE_PEM;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* read the private key first so we can record this in the index */
|
||||||
|
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||||
|
+
|
||||||
|
+ (void)BIO_reset(certbio);
|
||||||
|
+
|
||||||
|
+ /* certs are read after the key */
|
||||||
|
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||||
|
+ if (NULL != ocert) {
|
||||||
|
+ cert = _add_cert(ncert, dirname, filename, type, 0,
|
||||||
|
+ okey ? NS_CERT_IDENTITY | NS_CERT_REMOTE_PEER :
|
||||||
|
+ NS_CERT_REMOTE_PEER, index);
|
||||||
|
+ if (NULL == cert) {
|
||||||
|
+ X509_free(ocert);
|
||||||
|
+ ocert = ncert = NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ while (NULL != ncert) {
|
||||||
|
+ offset = BIO_tell(certbio);
|
||||||
|
+ ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||||
|
+ if (ncert) {
|
||||||
|
+ if (NULL == _add_cert(ncert, dirname, filename, type, offset, 0, index)) {
|
||||||
|
+ X509_free(ncert);
|
||||||
|
+ ncert = NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (NULL != okey) {
|
||||||
|
+ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
|
||||||
|
+ cert->info.filename));
|
||||||
|
+ key = _add_key(okey, dirname, filename, NULL);
|
||||||
|
+ if (NULL != key) {
|
||||||
|
+ DEBUGMSGT(("cert:read:partner", "%s match found!\n",
|
||||||
|
+ cert->info.filename));
|
||||||
|
+ key->cert = cert;
|
||||||
|
+ cert->key = key;
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ EVP_PKEY_free(okey);
|
||||||
|
+ okey = NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
+#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
|
||||||
|
+ case NS_CERT_TYPE_PKCS12:
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ default:
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (index) {
|
||||||
|
- /** filename = NAME_MAX = 255 */
|
||||||
|
- /** fingerprint max = 64*3=192 for sha512 */
|
||||||
|
- /** common name / CN = 64 */
|
||||||
|
- if (cert)
|
||||||
|
- fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename,
|
||||||
|
- cert->info.type, cert->hash_type, cert->fingerprint,
|
||||||
|
- cert->common_name, cert->subject);
|
||||||
|
- else if (key)
|
||||||
|
- fprintf(index, "k:%s\n", filename);
|
||||||
|
+ BIO_vfree(certbio);
|
||||||
|
+
|
||||||
|
+ if ((NULL == ocert) && (NULL == okey)) {
|
||||||
|
+ snmp_log(LOG_ERR, "certificate file '%s' contained neither certificate nor key, ignoring\n", certfile);
|
||||||
|
+ return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||||
|
struct stat idx_stat;
|
||||||
|
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
|
||||||
|
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
|
||||||
|
- char subject[SNMP_MAXBUF_SMALL], hash_str[15];
|
||||||
|
- int count = 0, type, hash, version;
|
||||||
|
+ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15];
|
||||||
|
+ char allowed_uses_str[15];
|
||||||
|
+ ssize_t offset;
|
||||||
|
+ int count = 0, type, allowed_uses, hash, version;
|
||||||
|
netsnmp_cert *cert;
|
||||||
|
netsnmp_key *key;
|
||||||
|
netsnmp_container *newer, *found;
|
||||||
|
@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||||
|
netsnmp_directory_container_read_some(NULL, dirname,
|
||||||
|
_time_filter, &idx_stat,
|
||||||
|
NETSNMP_DIR_NSFILE |
|
||||||
|
- NETSNMP_DIR_NSFILE_STATS);
|
||||||
|
+ NETSNMP_DIR_NSFILE_STATS |
|
||||||
|
+ NETSNMP_DIR_ALLOW_DUPLICATES);
|
||||||
|
if (newer) {
|
||||||
|
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
|
||||||
|
CONTAINER_FREE_ALL(newer, NULL);
|
||||||
|
@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||||
|
pos = &tmpstr[2];
|
||||||
|
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
|
||||||
|
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
|
||||||
|
+ (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) ||
|
||||||
|
+ (NULL == (pos=copy_nword(pos, allowed_uses_str, sizeof(allowed_uses_str)))) ||
|
||||||
|
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
|
||||||
|
(NULL == (pos=copy_nword(pos, fingerprint,
|
||||||
|
sizeof(fingerprint)))) ||
|
||||||
|
@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
type = atoi(type_str);
|
||||||
|
+ offset = atoi(offset_str);
|
||||||
|
+ allowed_uses = atoi(allowed_uses_str);
|
||||||
|
hash = atoi(hash_str);
|
||||||
|
- cert = _new_cert(dirname, filename, type, hash, fingerprint,
|
||||||
|
- common_name, subject);
|
||||||
|
+ cert = _new_cert(dirname, filename, type, offset, allowed_uses, hash,
|
||||||
|
+ fingerprint, common_name, subject);
|
||||||
|
if (cert && 0 == CONTAINER_INSERT(found, cert))
|
||||||
|
++count;
|
||||||
|
else {
|
||||||
|
@@ -1543,7 +1680,8 @@ _add_certdir(const char *dirname)
|
||||||
|
netsnmp_directory_container_read_some(NULL, dirname,
|
||||||
|
_cert_cert_filter, NULL,
|
||||||
|
NETSNMP_DIR_RELATIVE_PATH |
|
||||||
|
- NETSNMP_DIR_EMPTY_OK );
|
||||||
|
+ NETSNMP_DIR_EMPTY_OK |
|
||||||
|
+ NETSNMP_DIR_ALLOW_DUPLICATES);
|
||||||
|
if (NULL == cert_container) {
|
||||||
|
DEBUGMSGT(("cert:index:dir",
|
||||||
|
"error creating container for cert files\n"));
|
||||||
|
@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *context)
|
||||||
|
if (NULL == c)
|
||||||
|
return;
|
||||||
|
|
||||||
|
- DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.dir));
|
||||||
|
+ DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filename, c->info.dir, c->offset));
|
||||||
|
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
|
||||||
|
c->info.type, c->info.allowed_uses,
|
||||||
|
_mode_str(c->info.allowed_uses)));
|
||||||
|
@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, void *hint)
|
||||||
|
netsnmp_void_array *matching;
|
||||||
|
|
||||||
|
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
|
||||||
|
- matching = _cert_find_subset_fn( filename, NULL );
|
||||||
|
+ matching = _cert_reduce_subset_what(_cert_find_subset_fn(
|
||||||
|
+ filename, NULL ), what);
|
||||||
|
if (!matching)
|
||||||
|
return NULL;
|
||||||
|
if (1 == matching->size)
|
||||||
|
@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, void *hint)
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
+netsnmp_void_array *
|
||||||
|
+netsnmp_certs_find(int what, int where, void *hint)
|
||||||
|
+{
|
||||||
|
+
|
||||||
|
+ DEBUGMSGT(("certs:find:params", "looking for %s(%d) in %s(0x%x), hint %p\n",
|
||||||
|
+ _mode_str(what), what, _where_str(where), where, hint));
|
||||||
|
+
|
||||||
|
+ if (NS_CERTKEY_FILE == where) {
|
||||||
|
+ /** hint == filename */
|
||||||
|
+ char *filename = (char*)hint;
|
||||||
|
+ netsnmp_void_array *matching;
|
||||||
|
+
|
||||||
|
+ DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
|
||||||
|
+ matching = _cert_reduce_subset_what(_cert_find_subset_fn(
|
||||||
|
+ filename, NULL ), what);
|
||||||
|
+
|
||||||
|
+ return matching;
|
||||||
|
+ } /* where = NS_CERTKEY_FILE */
|
||||||
|
+ else { /* unknown location */
|
||||||
|
+
|
||||||
|
+ DEBUGMSGT(("certs:find:err", "unhandled location %d for %d\n", where,
|
||||||
|
+ what));
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
#ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS
|
||||||
|
int
|
||||||
|
netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var)
|
||||||
|
@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * reduce subset by eliminating any certificates that are not the
|
||||||
|
+ * first certficate in a file. This allows us to ignore certificate
|
||||||
|
+ * chains when testing for specific certificates, and to match keys
|
||||||
|
+ * to the first certificate only.
|
||||||
|
+ */
|
||||||
|
+static netsnmp_void_array *
|
||||||
|
+_cert_reduce_subset_first(netsnmp_void_array *matching)
|
||||||
|
+{
|
||||||
|
+ netsnmp_cert *cc;
|
||||||
|
+ int i = 0, j, newsize;
|
||||||
|
+
|
||||||
|
+ if ((NULL == matching))
|
||||||
|
+ return matching;
|
||||||
|
+
|
||||||
|
+ newsize = matching->size;
|
||||||
|
+
|
||||||
|
+ for( ; i < matching->size; ) {
|
||||||
|
+ /*
|
||||||
|
+ * if we've shifted matches down we'll hit a NULL entry before
|
||||||
|
+ * we hit the end of the array.
|
||||||
|
+ */
|
||||||
|
+ if (NULL == matching->array[i])
|
||||||
|
+ break;
|
||||||
|
+ /*
|
||||||
|
+ * skip over valid matches. The first entry has an offset of zero.
|
||||||
|
+ */
|
||||||
|
+ cc = (netsnmp_cert*)matching->array[i];
|
||||||
|
+ if (0 == cc->offset) {
|
||||||
|
+ ++i;
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ /*
|
||||||
|
+ * shrink array by shifting everything down a spot. Might not be
|
||||||
|
+ * the most efficient soloution, but this is just happening at
|
||||||
|
+ * startup and hopefully most certs won't have common prefixes.
|
||||||
|
+ */
|
||||||
|
+ --newsize;
|
||||||
|
+ for ( j=i; j < newsize; ++j )
|
||||||
|
+ matching->array[j] = matching->array[j+1];
|
||||||
|
+ matching->array[j] = NULL;
|
||||||
|
+ /** no ++i; just shifted down, need to look at same position again */
|
||||||
|
+ }
|
||||||
|
+ /*
|
||||||
|
+ * if we shifted, set the new size
|
||||||
|
+ */
|
||||||
|
+ if (newsize != matching->size) {
|
||||||
|
+ DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d to %d\n",
|
||||||
|
+ matching->size, newsize));
|
||||||
|
+ matching->size = newsize;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (0 == matching->size) {
|
||||||
|
+ free(matching->array);
|
||||||
|
+ SNMP_FREE(matching);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return matching;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * reduce subset by eliminating any certificates that do not match
|
||||||
|
+ * purpose specified.
|
||||||
|
+ */
|
||||||
|
+static netsnmp_void_array *
|
||||||
|
+_cert_reduce_subset_what(netsnmp_void_array *matching, int what)
|
||||||
|
+{
|
||||||
|
+ netsnmp_cert_common *cc;
|
||||||
|
+ int i = 0, j, newsize;
|
||||||
|
+
|
||||||
|
+ if ((NULL == matching))
|
||||||
|
+ return matching;
|
||||||
|
+
|
||||||
|
+ newsize = matching->size;
|
||||||
|
+
|
||||||
|
+ for( ; i < matching->size; ) {
|
||||||
|
+ /*
|
||||||
|
+ * if we've shifted matches down we'll hit a NULL entry before
|
||||||
|
+ * we hit the end of the array.
|
||||||
|
+ */
|
||||||
|
+ if (NULL == matching->array[i])
|
||||||
|
+ break;
|
||||||
|
+ /*
|
||||||
|
+ * skip over valid matches. The first entry has an offset of zero.
|
||||||
|
+ */
|
||||||
|
+ cc = (netsnmp_cert_common *)matching->array[i];
|
||||||
|
+ if ((cc->allowed_uses & what)) {
|
||||||
|
+ ++i;
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ /*
|
||||||
|
+ * shrink array by shifting everything down a spot. Might not be
|
||||||
|
+ * the most efficient soloution, but this is just happening at
|
||||||
|
+ * startup and hopefully most certs won't have common prefixes.
|
||||||
|
+ */
|
||||||
|
+ --newsize;
|
||||||
|
+ for ( j=i; j < newsize; ++j )
|
||||||
|
+ matching->array[j] = matching->array[j+1];
|
||||||
|
+ matching->array[j] = NULL;
|
||||||
|
+ /** no ++i; just shifted down, need to look at same position again */
|
||||||
|
+ }
|
||||||
|
+ /*
|
||||||
|
+ * if we shifted, set the new size
|
||||||
|
+ */
|
||||||
|
+ if (newsize != matching->size) {
|
||||||
|
+ DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to %d\n",
|
||||||
|
+ matching->size, newsize));
|
||||||
|
+ matching->size = newsize;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (0 == matching->size) {
|
||||||
|
+ free(matching->array);
|
||||||
|
+ SNMP_FREE(matching);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return matching;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static netsnmp_void_array *
|
||||||
|
_cert_find_subset_common(const char *filename, netsnmp_container *container)
|
||||||
|
{
|
||||||
|
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
|
||||||
|
index c2dd989..e7145e4 100644
|
||||||
|
--- a/snmplib/dir_utils.c
|
||||||
|
+++ b/snmplib/dir_utils.c
|
||||||
|
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
|
||||||
|
/** default to unsorted */
|
||||||
|
if (! (flags & NETSNMP_DIR_SORTED))
|
||||||
|
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
|
||||||
|
+ /** default to duplicates not allowed */
|
||||||
|
+ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
|
||||||
|
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||||
|
}
|
||||||
|
|
||||||
|
dir = opendir(dirname);
|
||||||
|
diff --git a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
|
||||||
|
index a3a85bc..b9baeae 100644
|
||||||
|
--- a/snmplib/transports/snmpTLSBaseDomain.c
|
||||||
|
+++ b/snmplib/transports/snmpTLSBaseDomain.c
|
||||||
|
@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(const char **file, int *line,
|
||||||
|
/* this is called during negotiation */
|
||||||
|
int verify_callback(int ok, X509_STORE_CTX *ctx) {
|
||||||
|
int err, depth;
|
||||||
|
- char buf[1024], *fingerprint;
|
||||||
|
+ char subject[SNMP_MAXBUF_MEDIUM], issuer[SNMP_MAXBUF_MEDIUM], *fingerprint;
|
||||||
|
X509 *thecert;
|
||||||
|
netsnmp_cert *cert;
|
||||||
|
_netsnmp_verify_info *verify_info;
|
||||||
|
@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
|
||||||
|
|
||||||
|
/* things to do: */
|
||||||
|
|
||||||
|
- X509_NAME_oneline(X509_get_subject_name(thecert), buf, sizeof(buf));
|
||||||
|
+ X509_NAME_oneline(X509_get_subject_name(thecert), subject, sizeof(subject));
|
||||||
|
+ X509_NAME_oneline(X509_get_issuer_name(thecert), issuer, sizeof(issuer));
|
||||||
|
fingerprint = netsnmp_openssl_cert_get_fingerprint(thecert, -1);
|
||||||
|
- DEBUGMSGTL(("tls_x509:verify", "Cert: %s\n", buf));
|
||||||
|
- DEBUGMSGTL(("tls_x509:verify", " fp: %s\n", fingerprint ?
|
||||||
|
+ DEBUGMSGTL(("tls_x509:verify", " subject: %s\n", subject));
|
||||||
|
+ DEBUGMSGTL(("tls_x509:verify", " issuer: %s\n", issuer));
|
||||||
|
+ DEBUGMSGTL(("tls_x509:verify", " fp: %s\n", fingerprint ?
|
||||||
|
fingerprint : "unknown"));
|
||||||
|
|
||||||
|
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
|
||||||
|
@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) {
|
||||||
|
} else {
|
||||||
|
DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n"));
|
||||||
|
/* log where we are and why called */
|
||||||
|
- snmp_log(LOG_ERR, "tls verification failure: ok=%d ctx=%p depth=%d err=%i:%s\n", ok, ctx, depth, err, X509_verify_cert_error_string(err));
|
||||||
|
+ snmp_log(LOG_ERR, "tls verification failure: ok=%d ctx=%p depth=%d fp=%s subject='%s' issuer='%s' err=%i:%s\n", ok, ctx, depth, fingerprint, subject, issuer, err, X509_verify_cert_error_string(err));
|
||||||
|
SNMP_FREE(fingerprint);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -434,21 +436,48 @@ netsnmp_tlsbase_extract_security_name(SSL *ssl, _netsnmpTLSBaseData *tlsdata) {
|
||||||
|
int
|
||||||
|
_trust_this_cert(SSL_CTX *the_ctx, char *certspec) {
|
||||||
|
netsnmp_cert *trustcert;
|
||||||
|
+ netsnmp_cert *candidate;
|
||||||
|
+ netsnmp_void_array *matching = NULL;
|
||||||
|
+
|
||||||
|
+ int i;
|
||||||
|
|
||||||
|
DEBUGMSGTL(("sslctx_client", "Trying to load a trusted certificate: %s\n",
|
||||||
|
certspec));
|
||||||
|
|
||||||
|
/* load this identifier into the trust chain */
|
||||||
|
trustcert = netsnmp_cert_find(NS_CERT_CA,
|
||||||
|
- NS_CERTKEY_MULTIPLE,
|
||||||
|
+ NS_CERTKEY_FINGERPRINT,
|
||||||
|
certspec);
|
||||||
|
+
|
||||||
|
+ /* loop through all CA certs in the given files */
|
||||||
|
+ if (!trustcert) {
|
||||||
|
+ matching = netsnmp_certs_find(NS_CERT_CA,
|
||||||
|
+ NS_CERTKEY_FILE,
|
||||||
|
+ certspec);
|
||||||
|
+ for (i = 0; (matching) && (i < matching->size); ++i) {
|
||||||
|
+ candidate = (netsnmp_cert*)matching->array[i];
|
||||||
|
+ if (netsnmp_cert_trust(the_ctx, candidate) != SNMPERR_SUCCESS) {
|
||||||
|
+ free(matching->array);
|
||||||
|
+ free(matching);
|
||||||
|
+ LOGANDDIE("failed to load trust certificate");
|
||||||
|
+ }
|
||||||
|
+ } /** matching loop */
|
||||||
|
+
|
||||||
|
+ if (matching) {
|
||||||
|
+ free(matching->array);
|
||||||
|
+ free(matching);
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* fall back to trusting the remote peer certificate */
|
||||||
|
if (!trustcert)
|
||||||
|
trustcert = netsnmp_cert_find(NS_CERT_REMOTE_PEER,
|
||||||
|
NS_CERTKEY_MULTIPLE,
|
||||||
|
certspec);
|
||||||
|
if (!trustcert)
|
||||||
|
LOGANDDIE("failed to find requested certificate to trust");
|
||||||
|
-
|
||||||
|
+
|
||||||
|
/* Add the certificate to the context */
|
||||||
|
if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS)
|
||||||
|
LOGANDDIE("failed to load trust certificate");
|
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/apps/Makefile.in b/apps/Makefile.in
|
||||||
|
index d4529d3..175242b 100644
|
||||||
|
--- a/apps/Makefile.in
|
||||||
|
+++ b/apps/Makefile.in
|
||||||
|
@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
|
||||||
|
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
|
||||||
|
|
||||||
|
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
|
||||||
|
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS)
|
||||||
|
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
|
||||||
|
$(RANLIB) $@
|
||||||
|
|
||||||
|
snmpinforminstall:
|
@ -0,0 +1,28 @@
|
|||||||
|
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
|
||||||
|
index 6d5e86c..68b55d2 100644
|
||||||
|
--- a/agent/mibgroup/hardware/memory/memory_linux.c
|
||||||
|
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
|
||||||
|
@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
|
||||||
|
if (first)
|
||||||
|
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
|
||||||
|
}
|
||||||
|
+ b = strstr(buff, "SReclaimable: ");
|
||||||
|
+ if (b)
|
||||||
|
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
|
||||||
|
+ else {
|
||||||
|
+ if (first)
|
||||||
|
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
|
||||||
|
+ }
|
||||||
|
b = strstr(buff, "SwapFree: ");
|
||||||
|
if (b)
|
||||||
|
sscanf(b, "SwapFree: %lu", &swapfree);
|
||||||
|
@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
|
||||||
|
if (first)
|
||||||
|
snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
|
||||||
|
}
|
||||||
|
- b = strstr(buff, "SReclaimable: ");
|
||||||
|
- if (b)
|
||||||
|
- sscanf(b, "SReclaimable: %lu", &sreclaimable);
|
||||||
|
first = 0;
|
||||||
|
|
||||||
|
|
@ -0,0 +1,48 @@
|
|||||||
|
diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
|
||||||
|
index 90b20d9..bd5abe1 100644
|
||||||
|
--- a/man/netsnmp_config_api.3.def
|
||||||
|
+++ b/man/netsnmp_config_api.3.def
|
||||||
|
@@ -295,7 +295,7 @@ for one particular machine.
|
||||||
|
.PP
|
||||||
|
The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
|
||||||
|
followed by \fC DATADIR/snmp\fP,
|
||||||
|
-followed by \fC LIBDIR/snmp\fP,
|
||||||
|
+followed by \fC /usr/lib(64)/snmp\fP,
|
||||||
|
followed by \fC $HOME/.snmp\fP.
|
||||||
|
This list can be changed by setting the environmental variable
|
||||||
|
.I SNMPCONFPATH
|
||||||
|
@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration
|
||||||
|
files in.
|
||||||
|
Default:
|
||||||
|
.br
|
||||||
|
-SYSCONFDIR/snmp:\:DATADIR/snmp:\:LIBDIR/snmp:\:$HOME/.snmp
|
||||||
|
+SYSCONFDIR/snmp:\:DATADIR/snmp:\:/usr/lib(64)/snmp:\:$HOME/.snmp
|
||||||
|
.SH "SEE ALSO"
|
||||||
|
netsnmp_mib_api(3), snmp_api(3)
|
||||||
|
.\" Local Variables:
|
||||||
|
diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def
|
||||||
|
index fd30873..c3437d6 100644
|
||||||
|
--- a/man/snmp_config.5.def
|
||||||
|
+++ b/man/snmp_config.5.def
|
||||||
|
@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
|
||||||
|
found and read from. By default, the applications look for
|
||||||
|
configuration files in the following 4 directories, in order:
|
||||||
|
SYSCONFDIR/snmp,
|
||||||
|
-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these
|
||||||
|
+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these
|
||||||
|
directories, it looks for files snmp.conf, snmpd.conf and/or
|
||||||
|
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
|
||||||
|
and/or snmptrapd.local.conf. *.local.conf are always
|
||||||
|
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
|
||||||
|
index 7ce8a46..a4000f9 100644
|
||||||
|
--- a/man/snmpd.conf.5.def
|
||||||
|
+++ b/man/snmpd.conf.5.def
|
||||||
|
@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
|
||||||
|
.RS
|
||||||
|
.IP "Note:"
|
||||||
|
If the specified PATH is not a fully qualified filename, it will
|
||||||
|
-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
|
||||||
|
+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
|
||||||
|
will be appended to the filename.
|
||||||
|
.RE
|
||||||
|
.PP
|
@ -0,0 +1,84 @@
|
|||||||
|
diff -urNp a/include/net-snmp/library/snmp_openssl.h b/include/net-snmp/library/snmp_openssl.h
|
||||||
|
--- a/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:55:39.829901038 +0200
|
||||||
|
+++ b/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:56:18.656412998 +0200
|
||||||
|
@@ -44,7 +44,6 @@ extern "C" {
|
||||||
|
/*
|
||||||
|
* misc
|
||||||
|
*/
|
||||||
|
- void netsnmp_openssl_err_log(const char *prefix);
|
||||||
|
void netsnmp_openssl_null_checks(SSL *ssl, int *nullAuth, int *nullCipher);
|
||||||
|
|
||||||
|
/*
|
||||||
|
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
|
||||||
|
--- a/snmplib/snmp_openssl.c 2021-09-15 07:55:39.785900458 +0200
|
||||||
|
+++ b/snmplib/snmp_openssl.c 2021-09-15 07:57:30.914417600 +0200
|
||||||
|
@@ -937,20 +937,6 @@ netsnmp_openssl_cert_issued_by(X509 *iss
|
||||||
|
return (X509_check_issued(issuer, cert) == X509_V_OK);
|
||||||
|
}
|
||||||
|
|
||||||
|
-
|
||||||
|
-#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
|
||||||
|
-void
|
||||||
|
-netsnmp_openssl_err_log(const char *prefix)
|
||||||
|
-{
|
||||||
|
- unsigned long err;
|
||||||
|
- for (err = ERR_get_error(); err; err = ERR_get_error()) {
|
||||||
|
- snmp_log(LOG_ERR,"%s: %ld\n", prefix ? prefix: "openssl error", err);
|
||||||
|
- snmp_log(LOG_ERR, "library=%d, function=%d, reason=%d\n",
|
||||||
|
- ERR_GET_LIB(err), ERR_GET_FUNC(err), ERR_GET_REASON(err));
|
||||||
|
- }
|
||||||
|
-}
|
||||||
|
-#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG */
|
||||||
|
-
|
||||||
|
void
|
||||||
|
netsnmp_openssl_null_checks(SSL *ssl, int *null_auth, int *null_cipher)
|
||||||
|
{
|
||||||
|
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
|
||||||
|
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-05-18 11:15:09.247472175 +0200
|
||||||
|
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-05-24 09:39:29.297494727 +0200
|
||||||
|
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
|
||||||
|
|
||||||
|
int openssl_local_index;
|
||||||
|
|
||||||
|
-#ifndef HAVE_ERR_GET_ERROR_ALL
|
||||||
|
-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
|
||||||
|
-static unsigned long ERR_get_error_all(const char **file, int *line,
|
||||||
|
- const char **func,
|
||||||
|
- const char **data, int *flags)
|
||||||
|
-{
|
||||||
|
- *func = NULL;
|
||||||
|
- return ERR_get_error_line_data(file, line, data, flags);
|
||||||
|
-}
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
/* this is called during negotiation */
|
||||||
|
int verify_callback(int ok, X509_STORE_CTX *ctx) {
|
||||||
|
int err, depth;
|
||||||
|
@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con
|
||||||
|
ERR_reason_error_string(ERR_get_error()));
|
||||||
|
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- /* other errors */
|
||||||
|
- while ((numerical_reason =
|
||||||
|
- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
|
||||||
|
- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
|
||||||
|
- ERR_error_string(numerical_reason, NULL), file, func, line);
|
||||||
|
-
|
||||||
|
- /* if we have a text translation: */
|
||||||
|
- if (data && (flags & ERR_TXT_STRING)) {
|
||||||
|
- snmp_log(LOG_ERR, " Textual Error: %s\n", data);
|
||||||
|
- /*
|
||||||
|
- * per openssl man page: If it has been allocated by
|
||||||
|
- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
|
||||||
|
- *
|
||||||
|
- * arggh... stupid openssl prototype for ERR_get_error_line_data
|
||||||
|
- * wants a const char **, but returns something that we might
|
||||||
|
- * need to free??
|
||||||
|
- */
|
||||||
|
- if (flags & ERR_TXT_MALLOCED)
|
||||||
|
- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); }
|
||||||
|
- }
|
||||||
|
|
||||||
|
snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
|
||||||
|
}
|
@ -0,0 +1,26 @@
|
|||||||
|
diff --git a/agent/Makefile.in b/agent/Makefile.in
|
||||||
|
index b5d692d..1a30209 100644
|
||||||
|
--- a/agent/Makefile.in
|
||||||
|
+++ b/agent/Makefile.in
|
||||||
|
@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
|
||||||
|
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
|
||||||
|
|
||||||
|
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
|
||||||
|
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||||
|
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||||
|
|
||||||
|
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
|
||||||
|
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
|
||||||
|
diff --git a/apps/Makefile.in b/apps/Makefile.in
|
||||||
|
index 43f3b9c..d4529d3 100644
|
||||||
|
--- a/apps/Makefile.in
|
||||||
|
+++ b/apps/Makefile.in
|
||||||
|
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
|
||||||
|
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||||
|
|
||||||
|
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
|
||||||
|
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||||
|
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||||
|
|
||||||
|
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
|
||||||
|
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
@ -0,0 +1,38 @@
|
|||||||
|
diff --git a/Makefile.in b/Makefile.in
|
||||||
|
index 912f6b2..862fb5f 100644
|
||||||
|
--- a/Makefile.in
|
||||||
|
+++ b/Makefile.in
|
||||||
|
@@ -227,7 +227,7 @@ perlcleanfeatures:
|
||||||
|
|
||||||
|
# python specific build rules
|
||||||
|
#
|
||||||
|
-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
|
||||||
|
+PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
|
||||||
|
pythonmodules: subdirs
|
||||||
|
@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
|
||||||
|
if test $$? != 0 ; then \
|
||||||
|
diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
|
||||||
|
index daf11a4..3a30a64 100644
|
||||||
|
--- a/python/netsnmp/client.py
|
||||||
|
+++ b/python/netsnmp/client.py
|
||||||
|
@@ -56,7 +56,7 @@ class Varbind(object):
|
||||||
|
def __init__(self, tag=None, iid=None, val=None, type_arg=None):
|
||||||
|
self.tag = STR(tag)
|
||||||
|
self.iid = STR(iid)
|
||||||
|
- self.val = STR(val)
|
||||||
|
+ self.val = val
|
||||||
|
self.type = STR(type_arg)
|
||||||
|
# parse iid out of tag if needed
|
||||||
|
if iid is None and tag is not None:
|
||||||
|
@@ -66,7 +66,10 @@ class Varbind(object):
|
||||||
|
(self.tag, self.iid) = match.group(1, 2)
|
||||||
|
|
||||||
|
def __setattr__(self, name, val):
|
||||||
|
- self.__dict__[name] = STR(val)
|
||||||
|
+ if name == 'val':
|
||||||
|
+ self.__dict__[name] = val
|
||||||
|
+ else:
|
||||||
|
+ self.__dict__[name] = STR(val)
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return obj_to_str(self)
|
@ -0,0 +1,110 @@
|
|||||||
|
diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
|
||||||
|
index 6c07f74..7df0b51 100644
|
||||||
|
--- a/testing/fulltests/default/T070com2sec_simple
|
||||||
|
+++ b/testing/fulltests/default/T070com2sec_simple
|
||||||
|
@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
|
||||||
|
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
|
||||||
|
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
|
||||||
|
|
||||||
|
-if false; then
|
||||||
|
- # The two tests below have been disabled because these rely on resolving a
|
||||||
|
- # domain name into a local IP address. Such DNS replies are filtered out by
|
||||||
|
- # many security devices because to avoid DNS rebinding attacks. See also
|
||||||
|
- # https://en.wikipedia.org/wiki/DNS_rebinding.
|
||||||
|
-
|
||||||
|
- CHECKAGENT '<"c408a"'
|
||||||
|
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||||
|
- CHECKAGENT 'line 32: Error:'
|
||||||
|
- if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
- return_value=1
|
||||||
|
- FINISHED
|
||||||
|
- fi
|
||||||
|
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
+FINISHED
|
||||||
|
+
|
||||||
|
+# don't test the rest, it depends on DNS, which is not available in Koji
|
||||||
|
+
|
||||||
|
+CHECKAGENT '<"c408a"'
|
||||||
|
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||||
|
+ CHECKAGENT 'line 32: Error:'
|
||||||
|
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
return_value=1
|
||||||
|
FINISHED
|
||||||
|
fi
|
||||||
|
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
+ return_value=1
|
||||||
|
+ FINISHED
|
||||||
|
+fi
|
||||||
|
|
||||||
|
- CHECKAGENT '<"c408b"'
|
||||||
|
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||||
|
- CHECKAGENT 'line 33: Error:'
|
||||||
|
- if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
- return_value=1
|
||||||
|
- fi
|
||||||
|
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
+CHECKAGENT '<"c408b"'
|
||||||
|
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||||
|
+ CHECKAGENT 'line 33: Error:'
|
||||||
|
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
return_value=1
|
||||||
|
fi
|
||||||
|
-
|
||||||
|
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
+ return_value=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
FINISHED
|
||||||
|
diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
|
||||||
|
index 76da70b..bc2d432 100644
|
||||||
|
--- a/testing/fulltests/default/T071com2sec6_simple
|
||||||
|
+++ b/testing/fulltests/default/T071com2sec6_simple
|
||||||
|
@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
|
||||||
|
SAVECHECKAGENT 'line 27: Error:'
|
||||||
|
SAVECHECKAGENT 'line 28: Error:'
|
||||||
|
|
||||||
|
-if false; then
|
||||||
|
- # The two tests below have been disabled because these rely on resolving a
|
||||||
|
- # domain name into a local IP address. Such DNS replies are filtered out by
|
||||||
|
- # many security devices because to avoid DNS rebinding attacks. See also
|
||||||
|
- # https://en.wikipedia.org/wiki/DNS_rebinding.
|
||||||
|
-
|
||||||
|
- # 608
|
||||||
|
- CHECKAGENT '<"c608a"'
|
||||||
|
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||||
|
- CHECKAGENT 'line 29: Error:'
|
||||||
|
- errnum=`expr $errnum - 1`
|
||||||
|
- if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
- FINISHED
|
||||||
|
- fi
|
||||||
|
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
+FINISHED
|
||||||
|
+
|
||||||
|
+# don't test the rest, it depends on DNS, which is not available in Koji
|
||||||
|
+
|
||||||
|
+# 608
|
||||||
|
+CHECKAGENT '<"c608a"'
|
||||||
|
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||||
|
+ CHECKAGENT 'line 29: Error:'
|
||||||
|
+ errnum=`expr $errnum - 1`
|
||||||
|
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
FINISHED
|
||||||
|
fi
|
||||||
|
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||||
|
+ FINISHED
|
||||||
|
+fi
|
||||||
|
|
||||||
|
- CHECKAGENTCOUNT atleastone '<"c608b"'
|
||||||
|
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||||
|
- CHECKAGENT 'line 30: Error:'
|
||||||
|
- if [ "$snmp_last_test_result" -eq 1 ] ; then
|
||||||
|
- errnum=`expr $errnum - 1`
|
||||||
|
- fi
|
||||||
|
+CHECKAGENTCOUNT atleastone '<"c608b"'
|
||||||
|
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||||
|
+ CHECKAGENT 'line 30: Error:'
|
||||||
|
+ if [ "$snmp_last_test_result" -eq 1 ] ; then
|
||||||
|
+ errnum=`expr $errnum - 1`
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
@ -0,0 +1,16 @@
|
|||||||
|
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
|
||||||
|
index e6f5b20..41a5e01 100644
|
||||||
|
--- a/snmplib/transports/snmpUDPIPv6Domain.c
|
||||||
|
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
|
||||||
|
@@ -34,6 +34,11 @@
|
||||||
|
#if HAVE_SYS_SOCKET_H
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#endif
|
||||||
|
+
|
||||||
|
+#if defined(HAVE_WINSOCK_H) && !defined(mingw32)
|
||||||
|
+static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#if HAVE_NETINET_IN_H
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#endif
|
@ -0,0 +1,12 @@
|
|||||||
|
diff --git a/agent/snmpd.c b/agent/snmpd.c
|
||||||
|
index ae73eda..f01b890 100644
|
||||||
|
--- a/agent/snmpd.c
|
||||||
|
+++ b/agent/snmpd.c
|
||||||
|
@@ -289,6 +289,7 @@ usage(char *prog)
|
||||||
|
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
|
||||||
|
"\n"
|
||||||
|
);
|
||||||
|
+ exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
@ -0,0 +1,60 @@
|
|||||||
|
From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bart Van Assche <bvanassche@acm.org>
|
||||||
|
Date: Wed, 9 Jun 2021 14:19:46 -0700
|
||||||
|
Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1
|
||||||
|
|
||||||
|
Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()")
|
||||||
|
Fixes: https://github.com/net-snmp/net-snmp/issues/303
|
||||||
|
---
|
||||||
|
python/netsnmp/client_intf.c | 9 ++++-----
|
||||||
|
1 file changed, 4 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c
|
||||||
|
index e5e7372303..94da39fe34 100644
|
||||||
|
--- a/python/netsnmp/client_intf.c
|
||||||
|
+++ b/python/netsnmp/client_intf.c
|
||||||
|
@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args)
|
||||||
|
|
||||||
|
static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
|
||||||
|
int varlist_ind, int sprintval_flag, int *len,
|
||||||
|
- char **str_buf)
|
||||||
|
+ char **str_buf, int getlabel_flag)
|
||||||
|
{
|
||||||
|
struct tree *tp;
|
||||||
|
int type;
|
||||||
|
@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars,
|
||||||
|
int buf_over = 0;
|
||||||
|
const char *tag;
|
||||||
|
const char *iid;
|
||||||
|
- int getlabel_flag = NO_FLAGS;
|
||||||
|
|
||||||
|
if (!PyObject_HasAttrString(varbind, "tag"))
|
||||||
|
return TYPE_OTHER;
|
||||||
|
@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type,
|
||||||
|
|
||||||
|
varbind = PySequence_GetItem(varlist, varlist_ind);
|
||||||
|
type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag,
|
||||||
|
- &len, &str_buf);
|
||||||
|
+ &len, &str_buf, getlabel_flag);
|
||||||
|
if (type != TYPE_OTHER) {
|
||||||
|
/* save in return tuple as well */
|
||||||
|
if ((type == SNMP_ENDOFMIBVIEW) ||
|
||||||
|
@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args)
|
||||||
|
|
||||||
|
varbind = py_netsnmp_construct_varbind();
|
||||||
|
if (varbind && build_python_varbind(varbind, vars, varlist_ind,
|
||||||
|
- sprintval_flag, &len, &str_buf) !=
|
||||||
|
+ sprintval_flag, &len, &str_buf, getlabel_flag) !=
|
||||||
|
TYPE_OTHER) {
|
||||||
|
const int hex = is_hex(str_buf, len);
|
||||||
|
|
||||||
|
@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args)
|
||||||
|
|
||||||
|
varbind = py_netsnmp_construct_varbind();
|
||||||
|
if (varbind && build_python_varbind(varbind, vars, varbind_ind,
|
||||||
|
- sprintval_flag, &len, &str_buf) != TYPE_OTHER) {
|
||||||
|
+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) {
|
||||||
|
const int hex = is_hex(str_buf, len);
|
||||||
|
|
||||||
|
/* push varbind onto varbinds */
|
||||||
|
|
@ -0,0 +1,62 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# net-snmp-config
|
||||||
|
#
|
||||||
|
# this shell script is designed to merely dump the configuration
|
||||||
|
# information about how the net-snmp package was compiled. The
|
||||||
|
# information is particularily useful for applications that need to
|
||||||
|
# link against the net-snmp libraries and hence must know about any
|
||||||
|
# other libraries that must be linked in as well.
|
||||||
|
|
||||||
|
# this particular shell script calls arch specific script to avoid
|
||||||
|
# multilib conflicts
|
||||||
|
|
||||||
|
# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha sparc sparc64
|
||||||
|
|
||||||
|
arch=`arch`
|
||||||
|
echo $arch | grep -q i.86
|
||||||
|
if [ $? -eq 0 ] ; then
|
||||||
|
net-snmp-config-i386 "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "ia64" ] ; then
|
||||||
|
net-snmp-config-ia64 "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "ppc" ] ; then
|
||||||
|
net-snmp-config-ppc "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "ppc64" ] ; then
|
||||||
|
net-snmp-config-ppc64 "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "s390" ] ; then
|
||||||
|
net-snmp-config-s390 "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "s390x" ] ; then
|
||||||
|
net-snmp-config-s390x "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "x86_64" ] ; then
|
||||||
|
net-snmp-config-x86_64 "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "alpha" ] ; then
|
||||||
|
net-snmp-config-alpha "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "sparc" ] ; then
|
||||||
|
net-snmp-config-sparc "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "sparc64" ] ; then
|
||||||
|
net-snmp-config-sparc64 "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
if [ "$arch" = "aarch64" ] ; then
|
||||||
|
net-snmp-config-aarch64 "$@"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
echo "Cannot determine architecture"
|
@ -0,0 +1,38 @@
|
|||||||
|
/* This file is here to prevent a file conflict on multiarch systems. A
|
||||||
|
* conflict will frequently occur because arch-specific build-time
|
||||||
|
* configuration options are stored (and used, so they can't just be stripped
|
||||||
|
* out) in net-snmp-config.h. The original net-snmp-config.h has been renamed.
|
||||||
|
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
|
||||||
|
|
||||||
|
#ifdef net_snmp_config_multilib_redirection_h
|
||||||
|
#error "Do not define net_snmp_config_multilib_redirection_h!"
|
||||||
|
#endif
|
||||||
|
#define net_snmp_config_multilib_redirection_h
|
||||||
|
|
||||||
|
#if defined(__i386__)
|
||||||
|
#include "net-snmp-config-i386.h"
|
||||||
|
#elif defined(__ia64__)
|
||||||
|
#include "net-snmp-config-ia64.h"
|
||||||
|
#elif defined(__powerpc64__)
|
||||||
|
#include "net-snmp-config-ppc64.h"
|
||||||
|
#elif defined(__powerpc__)
|
||||||
|
#include "net-snmp-config-ppc.h"
|
||||||
|
#elif defined(__s390x__)
|
||||||
|
#include "net-snmp-config-s390x.h"
|
||||||
|
#elif defined(__s390__)
|
||||||
|
#include "net-snmp-config-s390.h"
|
||||||
|
#elif defined(__x86_64__)
|
||||||
|
#include "net-snmp-config-x86_64.h"
|
||||||
|
#elif defined(__alpha__)
|
||||||
|
#include "net-snmp-config-alpha.h"
|
||||||
|
#elif defined(__sparc__) && defined (__arch64__)
|
||||||
|
#include "net-snmp-config-sparc64.h"
|
||||||
|
#elif defined(__sparc__)
|
||||||
|
#include "net-snmp-config-sparc.h"
|
||||||
|
#elif defined(__aarch64__)
|
||||||
|
#include "net-snmp-config-aarch64.h"
|
||||||
|
#else
|
||||||
|
#error "net-snmp-devel package does not work on your architecture"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#undef net_snmp_config_multilib_redirection_h
|
@ -0,0 +1 @@
|
|||||||
|
d /run/net-snmp 0755 root root
|
@ -0,0 +1,6 @@
|
|||||||
|
# Example configuration file for snmptrapd
|
||||||
|
#
|
||||||
|
# No traps are handled by default, you must edit this file!
|
||||||
|
#
|
||||||
|
# authCommunity log,execute,net public
|
||||||
|
# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold
|
@ -0,0 +1,462 @@
|
|||||||
|
###############################################################################
|
||||||
|
#
|
||||||
|
# snmpd.conf:
|
||||||
|
# An example configuration file for configuring the ucd-snmp snmpd agent.
|
||||||
|
#
|
||||||
|
###############################################################################
|
||||||
|
#
|
||||||
|
# This file is intended to only be as a starting point. Many more
|
||||||
|
# configuration directives exist than are mentioned in this file. For
|
||||||
|
# full details, see the snmpd.conf(5) manual page.
|
||||||
|
#
|
||||||
|
# All lines beginning with a '#' are comments and are intended for you
|
||||||
|
# to read. All other lines are configuration commands for the agent.
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Access Control
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
# As shipped, the snmpd demon will only respond to queries on the
|
||||||
|
# system mib group until this file is replaced or modified for
|
||||||
|
# security purposes. Examples are shown below about how to increase the
|
||||||
|
# level of access.
|
||||||
|
|
||||||
|
# By far, the most common question I get about the agent is "why won't
|
||||||
|
# it work?", when really it should be "how do I configure the agent to
|
||||||
|
# allow me to access it?"
|
||||||
|
#
|
||||||
|
# By default, the agent responds to the "public" community for read
|
||||||
|
# only access, if run out of the box without any configuration file in
|
||||||
|
# place. The following examples show you other ways of configuring
|
||||||
|
# the agent so that you can change the community names, and give
|
||||||
|
# yourself write access to the mib tree as well.
|
||||||
|
#
|
||||||
|
# For more information, read the FAQ as well as the snmpd.conf(5)
|
||||||
|
# manual page.
|
||||||
|
|
||||||
|
####
|
||||||
|
# First, map the community name "public" into a "security name"
|
||||||
|
|
||||||
|
# sec.name source community
|
||||||
|
com2sec notConfigUser default public
|
||||||
|
|
||||||
|
####
|
||||||
|
# Second, map the security name into a group name:
|
||||||
|
|
||||||
|
# groupName securityModel securityName
|
||||||
|
group notConfigGroup v1 notConfigUser
|
||||||
|
group notConfigGroup v2c notConfigUser
|
||||||
|
|
||||||
|
####
|
||||||
|
# Third, create a view for us to let the group have rights to:
|
||||||
|
|
||||||
|
# Make at least snmpwalk -v 1 localhost -c public system fast again.
|
||||||
|
# name incl/excl subtree mask(optional)
|
||||||
|
view systemview included .1.3.6.1.2.1.1
|
||||||
|
view systemview included .1.3.6.1.2.1.25.1.1
|
||||||
|
|
||||||
|
####
|
||||||
|
# Finally, grant the group read-only access to the systemview view.
|
||||||
|
|
||||||
|
# group context sec.model sec.level prefix read write notif
|
||||||
|
access notConfigGroup "" any noauth exact systemview none none
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# Here is a commented out example configuration that allows less
|
||||||
|
# restrictive access.
|
||||||
|
|
||||||
|
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
|
||||||
|
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
|
||||||
|
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
|
||||||
|
|
||||||
|
## sec.name source community
|
||||||
|
#com2sec local localhost COMMUNITY
|
||||||
|
#com2sec mynetwork NETWORK/24 COMMUNITY
|
||||||
|
|
||||||
|
## group.name sec.model sec.name
|
||||||
|
#group MyRWGroup any local
|
||||||
|
#group MyROGroup any mynetwork
|
||||||
|
#
|
||||||
|
#group MyRWGroup any otherv3user
|
||||||
|
#...
|
||||||
|
|
||||||
|
## incl/excl subtree mask
|
||||||
|
#view all included .1 80
|
||||||
|
|
||||||
|
## -or just the mib2 tree-
|
||||||
|
|
||||||
|
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
|
||||||
|
|
||||||
|
|
||||||
|
## context sec.model sec.level prefix read write notif
|
||||||
|
#access MyROGroup "" any noauth 0 all none none
|
||||||
|
#access MyRWGroup "" any noauth 0 all all all
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Sample configuration to make net-snmpd RFC 1213.
|
||||||
|
# Unfortunately v1 and v2c don't allow any user based authentification, so
|
||||||
|
# opening up the default config is not an option from a security point.
|
||||||
|
#
|
||||||
|
# WARNING: If you uncomment the following lines you allow write access to your
|
||||||
|
# snmpd daemon from any source! To avoid this use different names for your
|
||||||
|
# community or split out the write access to a different community and
|
||||||
|
# restrict it to your local network.
|
||||||
|
# Also remember to comment the syslocation and syscontact parameters later as
|
||||||
|
# otherwise they are still read only (see FAQ for net-snmp).
|
||||||
|
#
|
||||||
|
|
||||||
|
# First, map the community name "public" into a "security name"
|
||||||
|
# sec.name source community
|
||||||
|
#com2sec notConfigUser default public
|
||||||
|
|
||||||
|
# Second, map the security name into a group name:
|
||||||
|
# groupName securityModel securityName
|
||||||
|
#group notConfigGroup v1 notConfigUser
|
||||||
|
#group notConfigGroup v2c notConfigUser
|
||||||
|
|
||||||
|
# Third, create a view for us to let the group have rights to:
|
||||||
|
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
|
||||||
|
# name incl/excl subtree mask(optional)
|
||||||
|
#view roview included .1
|
||||||
|
#view rwview included system.sysContact
|
||||||
|
#view rwview included system.sysName
|
||||||
|
#view rwview included system.sysLocation
|
||||||
|
#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus
|
||||||
|
#view rwview included at.atTable.atEntry.atPhysAddress
|
||||||
|
#view rwview included at.atTable.atEntry.atNetAddress
|
||||||
|
#view rwview included ip.ipForwarding
|
||||||
|
#view rwview included ip.ipDefaultTTL
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask
|
||||||
|
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
|
||||||
|
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
|
||||||
|
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
|
||||||
|
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
|
||||||
|
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
|
||||||
|
#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState
|
||||||
|
#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
|
||||||
|
#view rwview included snmp.snmpEnableAuthenTraps
|
||||||
|
|
||||||
|
# Finally, grant the group read-only access to the systemview view.
|
||||||
|
# group context sec.model sec.level prefix read write notif
|
||||||
|
#access notConfigGroup "" any noauth exact roview rwview none
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# System contact information
|
||||||
|
#
|
||||||
|
|
||||||
|
# It is also possible to set the sysContact and sysLocation system
|
||||||
|
# variables through the snmpd.conf file:
|
||||||
|
|
||||||
|
syslocation Unknown (edit /etc/snmp/snmpd.conf)
|
||||||
|
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
|
||||||
|
|
||||||
|
# Example output of snmpwalk:
|
||||||
|
# % snmpwalk -v 1 localhost -c public system
|
||||||
|
# system.sysDescr.0 = "SunOS name sun4c"
|
||||||
|
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
|
||||||
|
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
|
||||||
|
# system.sysContact.0 = "Me <me@somewhere.org>"
|
||||||
|
# system.sysName.0 = "name"
|
||||||
|
# system.sysLocation.0 = "Right here, right now."
|
||||||
|
# system.sysServices.0 = 72
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Logging
|
||||||
|
#
|
||||||
|
|
||||||
|
# We do not want annoying "Connection from UDP: " messages in syslog.
|
||||||
|
# If the following option is commented out, snmpd will print each incoming
|
||||||
|
# connection, which can be useful for debugging.
|
||||||
|
|
||||||
|
dontLogTCPWrappersConnects yes
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Process checks.
|
||||||
|
#
|
||||||
|
# The following are examples of how to use the agent to check for
|
||||||
|
# processes running on the host. The syntax looks something like:
|
||||||
|
#
|
||||||
|
# proc NAME [MAX=0] [MIN=0]
|
||||||
|
#
|
||||||
|
# NAME: the name of the process to check for. It must match
|
||||||
|
# exactly (ie, http will not find httpd processes).
|
||||||
|
# MAX: the maximum number allowed to be running. Defaults to 0.
|
||||||
|
# MIN: the minimum number to be running. Defaults to 0.
|
||||||
|
|
||||||
|
#
|
||||||
|
# Examples (commented out by default):
|
||||||
|
#
|
||||||
|
|
||||||
|
# Make sure mountd is running
|
||||||
|
#proc mountd
|
||||||
|
|
||||||
|
# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
|
||||||
|
#proc ntalkd 4
|
||||||
|
|
||||||
|
# Make sure at least one sendmail, but less than or equal to 10 are running.
|
||||||
|
#proc sendmail 10 1
|
||||||
|
|
||||||
|
# A snmpwalk of the process mib tree would look something like this:
|
||||||
|
#
|
||||||
|
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
|
||||||
|
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
|
||||||
|
#
|
||||||
|
# Note that the errorFlag for mountd is set to 1 because one is not
|
||||||
|
# running (in this case an rpc.mountd is, but thats not good enough),
|
||||||
|
# and the ErrMessage tells you what's wrong. The configuration
|
||||||
|
# imposed in the snmpd.conf file is also shown.
|
||||||
|
#
|
||||||
|
# Special Case: When the min and max numbers are both 0, it assumes
|
||||||
|
# you want a max of infinity and a min of 1.
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Executables/scripts
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# You can also have programs run by the agent that return a single
|
||||||
|
# line of output and an exit code. Here are two examples.
|
||||||
|
#
|
||||||
|
# exec NAME PROGRAM [ARGS ...]
|
||||||
|
#
|
||||||
|
# NAME: A generic name. The name must be unique for each exec statement.
|
||||||
|
# PROGRAM: The program to run. Include the path!
|
||||||
|
# ARGS: optional arguments to be passed to the program
|
||||||
|
|
||||||
|
# a simple hello world
|
||||||
|
|
||||||
|
#exec echotest /bin/echo hello world
|
||||||
|
|
||||||
|
# Run a shell script containing:
|
||||||
|
#
|
||||||
|
# #!/bin/sh
|
||||||
|
# echo hello world
|
||||||
|
# echo hi there
|
||||||
|
# exit 35
|
||||||
|
#
|
||||||
|
# Note: this has been specifically commented out to prevent
|
||||||
|
# accidental security holes due to someone else on your system writing
|
||||||
|
# a /tmp/shtest before you do. Uncomment to use it.
|
||||||
|
#
|
||||||
|
#exec shelltest /bin/sh /tmp/shtest
|
||||||
|
|
||||||
|
# Then,
|
||||||
|
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
|
||||||
|
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
|
||||||
|
|
||||||
|
# Note that the second line of the /tmp/shtest shell script is cut
|
||||||
|
# off. Also note that the exit status of 35 was returned.
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# disk checks
|
||||||
|
#
|
||||||
|
|
||||||
|
# The agent can check the amount of available disk space, and make
|
||||||
|
# sure it is above a set limit.
|
||||||
|
|
||||||
|
# disk PATH [MIN=100000]
|
||||||
|
#
|
||||||
|
# PATH: mount path to the disk in question.
|
||||||
|
# MIN: Disks with space below this value will have the Mib's errorFlag set.
|
||||||
|
# Default value = 100000.
|
||||||
|
|
||||||
|
# Check the / partition and make sure it contains at least 10 megs.
|
||||||
|
|
||||||
|
#disk / 10000
|
||||||
|
|
||||||
|
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
|
||||||
|
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# load average checks
|
||||||
|
#
|
||||||
|
|
||||||
|
# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
|
||||||
|
#
|
||||||
|
# 1MAX: If the 1 minute load average is above this limit at query
|
||||||
|
# time, the errorFlag will be set.
|
||||||
|
# 5MAX: Similar, but for 5 min average.
|
||||||
|
# 15MAX: Similar, but for 15 min average.
|
||||||
|
|
||||||
|
# Check for loads:
|
||||||
|
#load 12 14 14
|
||||||
|
|
||||||
|
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
|
||||||
|
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Extensible sections.
|
||||||
|
#
|
||||||
|
|
||||||
|
# This alleviates the multiple line output problem found in the
|
||||||
|
# previous executable mib by placing each mib in its own mib table:
|
||||||
|
|
||||||
|
# Run a shell script containing:
|
||||||
|
#
|
||||||
|
# #!/bin/sh
|
||||||
|
# echo hello world
|
||||||
|
# echo hi there
|
||||||
|
# exit 35
|
||||||
|
#
|
||||||
|
# Note: this has been specifically commented out to prevent
|
||||||
|
# accidental security holes due to someone else on your system writing
|
||||||
|
# a /tmp/shtest before you do. Uncomment to use it.
|
||||||
|
#
|
||||||
|
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
|
||||||
|
|
||||||
|
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
|
||||||
|
# enterprises.ucdavis.50.1.1 = 1
|
||||||
|
# enterprises.ucdavis.50.2.1 = "shelltest"
|
||||||
|
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
|
||||||
|
# enterprises.ucdavis.50.100.1 = 35
|
||||||
|
# enterprises.ucdavis.50.101.1 = "hello world."
|
||||||
|
# enterprises.ucdavis.50.101.2 = "hi there."
|
||||||
|
# enterprises.ucdavis.50.102.1 = 0
|
||||||
|
|
||||||
|
# Now the Output has grown to two lines, and we can see the 'hi
|
||||||
|
# there.' output as the second line from our shell script.
|
||||||
|
#
|
||||||
|
# Note that you must alter the mib.txt file to be correct if you want
|
||||||
|
# the .50.* outputs above to change to reasonable text descriptions.
|
||||||
|
|
||||||
|
# Other ideas:
|
||||||
|
#
|
||||||
|
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
|
||||||
|
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
|
||||||
|
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Pass through control.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Usage:
|
||||||
|
# pass MIBOID EXEC-COMMAND
|
||||||
|
#
|
||||||
|
# This will pass total control of the mib underneath the MIBOID
|
||||||
|
# portion of the mib to the EXEC-COMMAND.
|
||||||
|
#
|
||||||
|
# Note: You'll have to change the path of the passtest script to your
|
||||||
|
# source directory or install it in the given location.
|
||||||
|
#
|
||||||
|
# Example: (see the script for details)
|
||||||
|
# (commented out here since it requires that you place the
|
||||||
|
# script in the right location. (its not installed by default))
|
||||||
|
|
||||||
|
# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
|
||||||
|
|
||||||
|
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
|
||||||
|
# enterprises.ucdavis.255.1 = "life the universe and everything"
|
||||||
|
# enterprises.ucdavis.255.2.1 = 42
|
||||||
|
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
|
||||||
|
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
|
||||||
|
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
|
||||||
|
# enterprises.ucdavis.255.5 = 42
|
||||||
|
# enterprises.ucdavis.255.6 = Gauge: 42
|
||||||
|
#
|
||||||
|
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
|
||||||
|
# enterprises.ucdavis.255.5 = 42
|
||||||
|
#
|
||||||
|
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
|
||||||
|
# enterprises.ucdavis.255.1 = "New string"
|
||||||
|
#
|
||||||
|
|
||||||
|
# For specific usage information, see the man/snmpd.conf.5 manual page
|
||||||
|
# as well as the local/passtest script used in the above example.
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Further Information
|
||||||
|
#
|
||||||
|
# See the snmpd.conf manual page, and the output of "snmpd -H".
|
@ -0,0 +1,3 @@
|
|||||||
|
# snmpd command line options
|
||||||
|
# '-f' is implicitly added by snmpd systemd unit file
|
||||||
|
# OPTIONS="-LS0-6d"
|
@ -0,0 +1,3 @@
|
|||||||
|
# snmptrapd command line options
|
||||||
|
# '-f' is implicitly added by snmptrapd systemd unit file
|
||||||
|
# OPTIONS="-Lsd"
|
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Simple Network Management Protocol (SNMP) Daemon.
|
||||||
|
After=syslog.target network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
Environment=OPTIONS="-LS0-6d"
|
||||||
|
EnvironmentFile=-/etc/sysconfig/snmpd
|
||||||
|
ExecStart=/usr/sbin/snmpd $OPTIONS -f
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
|
||||||
|
After=syslog.target network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
Environment=OPTIONS="-Lsd"
|
||||||
|
EnvironmentFile=-/etc/sysconfig/snmptrapd
|
||||||
|
ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue