Toshaan Bharvani
9 months ago
commit
2aece5a4f6
41 changed files with 4967 additions and 0 deletions
@ -0,0 +1,41 @@
@@ -0,0 +1,41 @@
|
||||
MIBs included in this software taken from IETF Documents are considered |
||||
Code Components in accordance with the IETF Trust License Policy, as found |
||||
here: |
||||
|
||||
http://trustee.ietf.org/license-info/ |
||||
|
||||
They are available under the terms of the Simplified BSD license, a copy of |
||||
which is included below. |
||||
|
||||
***** |
||||
|
||||
Copyright (c) 2013 IETF Trust and the persons identified as authors of |
||||
the code. All rights reserved. |
||||
|
||||
Redistribution and use in source and binary forms, with or without |
||||
modification, are permitted provided that the following conditions are |
||||
met: |
||||
|
||||
· Redistributions of source code must retain the above copyright notice, |
||||
this list of conditions and the following disclaimer. |
||||
|
||||
· Redistributions in binary form must reproduce the above copyright |
||||
notice, this list of conditions and the following disclaimer in the |
||||
documentation and/or other materials provided with the distribution. |
||||
|
||||
· Neither the name of Internet Society, IETF or IETF Trust, nor the |
||||
names of specific contributors, may be used to endorse or promote |
||||
products derived from this software without specific prior written |
||||
permission. |
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS |
||||
IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
||||
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A |
||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER |
||||
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF |
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
@ -0,0 +1,30 @@
@@ -0,0 +1,30 @@
|
||||
1134475 - dependency in perl package |
||||
|
||||
Use hardcoded path to configuration directories instead of net-snmp-config. |
||||
net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl |
||||
depending on -devel. |
||||
|
||||
diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert |
||||
--- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200 |
||||
+++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200 |
||||
@@ -819,8 +819,7 @@ sub set_default { |
||||
sub cfg_path { |
||||
my $path; |
||||
|
||||
- $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`; |
||||
- chomp $path; |
||||
+ $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp"; |
||||
return (wantarray ? split(':', $path) : $path); |
||||
} |
||||
|
||||
@@ -1414,8 +1413,8 @@ sub checkReqs { |
||||
die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later") |
||||
if ($ossl_ver cmp $ossl_min_ver) < 0; |
||||
|
||||
- die("$NetSNMP::Cert::CFGTOOL not found: please install") |
||||
- if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1"); |
||||
+# die("$NetSNMP::Cert::CFGTOOL not found: please install") |
||||
+# if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1"); |
||||
} |
||||
|
||||
sub initOpts { |
@ -0,0 +1,14 @@
@@ -0,0 +1,14 @@
|
||||
diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c |
||||
--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200 |
||||
+++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200 |
||||
@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam |
||||
return 0; /* or -1 */ |
||||
|
||||
it = CONTAINER_ITERATOR( swrun_container ); |
||||
+ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) { |
||||
+ if (0 == strcmp( entry->hrSWRunName, name )) |
||||
+ i++; |
||||
+ } |
||||
while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) { |
||||
if (0 == strcmp( entry->hrSWRunName, name )) |
||||
i++; |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h |
||||
--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200 |
||||
+++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200 |
||||
@@ -10,7 +10,7 @@ extern "C" { |
||||
* Note: using the U64 typedef is deprecated because this typedef conflicts |
||||
* with a typedef with the same name defined in the Perl header files. |
||||
*/ |
||||
- typedef struct counter64 U64; |
||||
+// typedef struct counter64 U64; |
||||
#endif |
||||
|
||||
#define I64CHARSZ 21 |
@ -0,0 +1,35 @@
@@ -0,0 +1,35 @@
|
||||
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c |
||||
--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100 |
||||
+++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100 |
||||
@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M |
||||
"No error", /* SNMPERR_SUCCESS */ |
||||
"Generic error", /* SNMPERR_GENERR */ |
||||
"Invalid local port", /* SNMPERR_BAD_LOCPORT */ |
||||
- "Unknown host", /* SNMPERR_BAD_ADDRESS */ |
||||
+ "Invalid address", /* SNMPERR_BAD_ADDRESS */ |
||||
"Unknown session", /* SNMPERR_BAD_SESSION */ |
||||
"Too long", /* SNMPERR_TOO_LONG */ |
||||
"No socket", /* SNMPERR_NO_SOCKET */ |
||||
@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session) |
||||
DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n")); |
||||
in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS; |
||||
in_session->s_errno = errno; |
||||
- snmp_set_detail(in_session->peername); |
||||
+ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, |
||||
+ NETSNMP_DS_LIB_CLIENT_ADDR)) |
||||
+ snmp_set_detail(in_session->peername); |
||||
return NULL; |
||||
} |
||||
|
||||
diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c |
||||
--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100 |
||||
+++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100 |
||||
@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn |
||||
DEBUGMSGTL(("netsnmp_udpbase", |
||||
"failed to bind for clientaddr: %d %s\n", |
||||
errno, strerror(errno))); |
||||
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n", |
||||
+ strerror(errno))); |
||||
goto err; |
||||
} |
||||
|
@ -0,0 +1,11 @@
@@ -0,0 +1,11 @@
|
||||
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c |
||||
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200 |
||||
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200 |
||||
@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co |
||||
for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) { |
||||
if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) { |
||||
/* 'entry' is duplicate of the previous one -> delete it */ |
||||
+ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n")); |
||||
netsnmp_access_ipaddress_entry_free(entry); |
||||
} else { |
||||
CONTAINER_INSERT(ret, entry); |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c |
||||
--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200 |
||||
+++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200 |
||||
@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type) |
||||
* save a warning header to the top of the new file |
||||
*/ |
||||
snprintf(fileold, sizeof(fileold), |
||||
- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s", |
||||
+ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s", |
||||
"#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n", |
||||
"#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n", |
||||
type, type, type, |
@ -0,0 +1,82 @@
@@ -0,0 +1,82 @@
|
||||
diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c |
||||
--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200 |
||||
+++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200 |
||||
@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr) |
||||
} |
||||
|
||||
#elif defined(linux) |
||||
+#include <errno.h> |
||||
static struct ifreq *ifr; |
||||
static int ifr_counter; |
||||
|
||||
static void |
||||
Address_Scan_Init(void) |
||||
{ |
||||
- int num_interfaces = 0; |
||||
+ int i; |
||||
int fd; |
||||
+ int lastlen = 0; |
||||
|
||||
/* get info about all interfaces */ |
||||
|
||||
@@ -510,28 +512,45 @@ Address_Scan_Init(void) |
||||
SNMP_FREE(ifc.ifc_buf); |
||||
ifr_counter = 0; |
||||
|
||||
- do |
||||
- { |
||||
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) |
||||
{ |
||||
DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n")); |
||||
return; |
||||
} |
||||
- num_interfaces += 16; |
||||
|
||||
- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces; |
||||
- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len); |
||||
- |
||||
- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) |
||||
- { |
||||
- ifr=NULL; |
||||
- close(fd); |
||||
- return; |
||||
- } |
||||
- close(fd); |
||||
+ /* |
||||
+ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF |
||||
+ * on some platforms; see W. R. Stevens, ``Unix Network Programming |
||||
+ * Volume I'', p.435... |
||||
+ */ |
||||
+ |
||||
+ for (i = 8;; i *= 2) { |
||||
+ ifc.ifc_len = sizeof(struct ifreq) * i; |
||||
+ ifc.ifc_req = calloc(i, sizeof(struct ifreq)); |
||||
+ |
||||
+ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) { |
||||
+ if (errno != EINVAL || lastlen != 0) { |
||||
+ /* |
||||
+ * Something has gone genuinely wrong... |
||||
+ */ |
||||
+ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno); |
||||
+ SNMP_FREE(ifc.ifc_buf); |
||||
+ close(fd); |
||||
+ return; |
||||
+ } |
||||
+ } else { |
||||
+ if (ifc.ifc_len == lastlen) { |
||||
+ /* |
||||
+ * The length is the same as the last time; we're done... |
||||
+ */ |
||||
+ break; |
||||
+ } |
||||
+ lastlen = ifc.ifc_len; |
||||
+ } |
||||
+ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */ |
||||
} |
||||
- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces)); |
||||
- |
||||
+ |
||||
+ close(fd); |
||||
ifr = ifc.ifc_req; |
||||
} |
||||
|
@ -0,0 +1,36 @@
@@ -0,0 +1,36 @@
|
||||
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def |
||||
--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200 |
||||
+++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200 |
||||
@@ -3,7 +3,7 @@ |
||||
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file |
||||
.SH SYNOPSIS |
||||
.PP |
||||
-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES] |
||||
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES] |
||||
.B [username] |
||||
.SH DESCRIPTION |
||||
.PP |
||||
@@ -16,13 +16,16 @@ new user in net-snmp configuration file |
||||
displays the net-snmp version number |
||||
.TP |
||||
\fB\-ro\fR |
||||
-create an user with read-only permissions |
||||
+creates a user with read-only permissions |
||||
.TP |
||||
-\fB\-a authpass\fR |
||||
-specify authentication password |
||||
+\fB\-A authpass\fR |
||||
+specifies the authentication password |
||||
.TP |
||||
-\fB\-x privpass\fR |
||||
-specify encryption password |
||||
+\fB\-a MD5|SHA\fR |
||||
+specifies the authentication password hashing algorithm |
||||
.TP |
||||
-\fB\-X DES|AES\fR |
||||
-specify encryption algorithm |
||||
+\fB\-X privpass\fR |
||||
+specifies the encryption password |
||||
+.TP |
||||
+\fB\-x DES|AES\fR |
||||
+specifies the encryption algorithm |
@ -0,0 +1,83 @@
@@ -0,0 +1,83 @@
|
||||
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c |
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:12:19.583503903 +0200 |
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:50:38.599703588 +0200 |
||||
@@ -102,7 +102,6 @@ netsnmp_swinst_arch_load( netsnmp_contai |
||||
rpmtd td_name, td_version, td_release, td_group, td_time; |
||||
#else |
||||
char *n, *v, *r, *g; |
||||
- int32_t *t; |
||||
#endif |
||||
time_t install_time; |
||||
size_t date_len; |
||||
@@ -146,14 +145,13 @@ netsnmp_swinst_arch_load( netsnmp_contai |
||||
install_time = rpmtdGetNumber(td_time); |
||||
g = rpmtdGetString(td_group); |
||||
#else |
||||
- headerGetEntry( h, RPMTAG_NAME, NULL, (void**)&n, NULL); |
||||
- headerGetEntry( h, RPMTAG_VERSION, NULL, (void**)&v, NULL); |
||||
- headerGetEntry( h, RPMTAG_RELEASE, NULL, (void**)&r, NULL); |
||||
- headerGetEntry( h, RPMTAG_GROUP, NULL, (void**)&g, NULL); |
||||
- headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL); |
||||
+ n = headerGetString( h, RPMTAG_NAME); |
||||
+ v = headerGetString( h, RPMTAG_VERSION); |
||||
+ r = headerGetString( h, RPMTAG_RELEASE); |
||||
+ g = headerGetString( h, RPMTAG_GROUP); |
||||
+ install_time = headerGetNumber( h, RPMTAG_INSTALLTIME); |
||||
entry->swName_len = snprintf( entry->swName, sizeof(entry->swName), |
||||
"%s-%s-%s", n, v, r); |
||||
- install_time = *t; |
||||
#endif |
||||
entry->swType = (g && NULL != strstr( g, "System Environment")) |
||||
? 2 /* operatingSystem */ |
||||
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c |
||||
--- a/agent/mibgroup/host/hr_swinst.c 2018-07-18 16:12:19.582503907 +0200 |
||||
+++ b/agent/mibgroup/host/hr_swinst.c 2018-07-18 17:09:29.716564197 +0200 |
||||
@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp, |
||||
} |
||||
#else |
||||
# ifdef HAVE_LIBRPM |
||||
- char *rpm_groups; |
||||
- if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) { |
||||
- if ( strstr(rpm_groups, "System Environment") != NULL ) |
||||
+ const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP); |
||||
+ if ( NULL != rpm_group ) { |
||||
+ if ( strstr(rpm_group, "System Environment") != NULL ) |
||||
long_return = 2; /* operatingSystem */ |
||||
else |
||||
long_return = 4; /* applcation */ |
||||
@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp, |
||||
case HRSWINST_DATE: |
||||
{ |
||||
#ifdef HAVE_LIBRPM |
||||
- int32_t *rpm_data; |
||||
- if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) { |
||||
- time_t installTime = *rpm_data; |
||||
+ time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME); |
||||
+ if ( 0 != installTime ) { |
||||
ret = date_n_time(&installTime, var_len); |
||||
} else { |
||||
ret = date_n_time(NULL, var_len); |
||||
@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix) |
||||
if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) { |
||||
int offset; |
||||
Header h; |
||||
- char *n, *v, *r; |
||||
+ const char *n, *v, *r; |
||||
|
||||
offset = swi->swi_recs[ix - 1]; |
||||
|
||||
@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix) |
||||
swi->swi_h = h; |
||||
swi->swi_prevx = ix; |
||||
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL); |
||||
- headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v, |
||||
- NULL); |
||||
- headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r, |
||||
- NULL); |
||||
+ n = headerGetString(swi->swi_h, RPMTAG_NAME); |
||||
+ v = headerGetString(swi->swi_h, RPMTAG_VERSION); |
||||
+ r = headerGetString(swi->swi_h, RPMTAG_RELEASE); |
||||
snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r); |
||||
swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0; |
||||
} |
@ -0,0 +1,26 @@
@@ -0,0 +1,26 @@
|
||||
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c |
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200 |
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200 |
||||
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void) |
||||
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath ); |
||||
SNMP_FREE(rpmdbpath); |
||||
dbpath = NULL; |
||||
+#ifdef HAVE_RPMGETPATH |
||||
+ rpmFreeRpmrc(); |
||||
+#endif |
||||
if (-1 == stat( pkg_directory, &stat_buf )) { |
||||
snmp_log(LOG_ERR, "Can't find directory of RPM packages"); |
||||
pkg_directory[0] = '\0'; |
||||
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c |
||||
--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200 |
||||
+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200 |
||||
@@ -231,6 +231,9 @@ init_hr_swinst(void) |
||||
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath); |
||||
path[ sizeof(path)-1 ] = 0; |
||||
swi->swi_directory = strdup(path); |
||||
+#ifdef HAVE_RPMGETPATH |
||||
+ rpmFreeRpmrc(); |
||||
+#endif |
||||
} |
||||
#else |
||||
# ifdef _PATH_HRSW_directory |
@ -0,0 +1,129 @@
@@ -0,0 +1,129 @@
|
||||
From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001 |
||||
From: Bill Fenner <fenner@gmail.com> |
||||
Date: Fri, 25 Nov 2022 08:41:24 -0800 |
||||
Subject: [PATCH 1/3] snmp_agent: disallow SET with NULL varbind |
||||
|
||||
--- |
||||
agent/snmp_agent.c | 32 ++++++++++++++++++++++++++++++++ |
||||
1 file changed, 32 insertions(+) |
||||
|
||||
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c |
||||
index 867d0c166f..3f678fe2df 100644 |
||||
--- a/agent/snmp_agent.c |
||||
+++ b/agent/snmp_agent.c |
||||
@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status) |
||||
return 1; |
||||
} |
||||
|
||||
+static int |
||||
+check_set_pdu_for_null_varbind(netsnmp_agent_session *asp) |
||||
+{ |
||||
+ int i; |
||||
+ netsnmp_variable_list *v = NULL; |
||||
+ |
||||
+ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) { |
||||
+ if (v->type == ASN_NULL) { |
||||
+ /* |
||||
+ * Protect SET implementations that do not protect themselves |
||||
+ * against wrong type. |
||||
+ */ |
||||
+ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i)); |
||||
+ asp->index = i; |
||||
+ return SNMP_ERR_WRONGTYPE; |
||||
+ } |
||||
+ } |
||||
+ return SNMP_ERR_NOERROR; |
||||
+} |
||||
+ |
||||
int |
||||
handle_pdu(netsnmp_agent_session *asp) |
||||
{ |
||||
int status, inclusives = 0; |
||||
netsnmp_variable_list *v = NULL; |
||||
|
||||
+#ifndef NETSNMP_NO_WRITE_SUPPORT |
||||
+ /* |
||||
+ * Check for ASN_NULL in SET request |
||||
+ */ |
||||
+ if (asp->pdu->command == SNMP_MSG_SET) { |
||||
+ status = check_set_pdu_for_null_varbind(asp); |
||||
+ if (status != SNMP_ERR_NOERROR) { |
||||
+ return status; |
||||
+ } |
||||
+ } |
||||
+#endif /* NETSNMP_NO_WRITE_SUPPORT */ |
||||
+ |
||||
/* |
||||
* for illegal requests, mark all nodes as ASN_NULL |
||||
*/ |
||||
|
||||
From 7f4ac4051cc7fec6a5944661923acb95cec359c7 Mon Sep 17 00:00:00 2001 |
||||
From: Bill Fenner <fenner@gmail.com> |
||||
Date: Fri, 25 Nov 2022 08:41:46 -0800 |
||||
Subject: [PATCH 2/3] apps: snmpset: allow SET with NULL varbind for testing |
||||
|
||||
--- |
||||
apps/snmpset.c | 1 + |
||||
1 file changed, 1 insertion(+) |
||||
|
||||
diff --git a/apps/snmpset.c b/apps/snmpset.c |
||||
index 48e14bd513..d542713e1b 100644 |
||||
--- a/apps/snmpset.c |
||||
+++ b/apps/snmpset.c |
||||
@@ -182,6 +182,7 @@ main(int argc, char *argv[]) |
||||
case 'x': |
||||
case 'd': |
||||
case 'b': |
||||
+ case 'n': /* undocumented */ |
||||
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES |
||||
case 'I': |
||||
case 'U': |
||||
|
||||
From 15f9d7f7e5b90c9b419832ed8e6413feb6570d83 Mon Sep 17 00:00:00 2001 |
||||
From: Bill Fenner <fenner@gmail.com> |
||||
Date: Fri, 25 Nov 2022 10:23:32 -0800 |
||||
Subject: [PATCH 3/3] Add test for NULL varbind set |
||||
|
||||
--- |
||||
.../default/T0142snmpv2csetnull_simple | 31 +++++++++++++++++++ |
||||
1 file changed, 31 insertions(+) |
||||
create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple |
||||
|
||||
diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple |
||||
new file mode 100644 |
||||
index 0000000000..0f1b8f386b |
||||
--- /dev/null |
||||
+++ b/testing/fulltests/default/T0142snmpv2csetnull_simple |
||||
@@ -0,0 +1,31 @@ |
||||
+#!/bin/sh |
||||
+ |
||||
+. ../support/simple_eval_tools.sh |
||||
+ |
||||
+HEADER SNMPv2c set of system.sysContact.0 with NULL varbind |
||||
+ |
||||
+SKIPIF NETSNMP_DISABLE_SET_SUPPORT |
||||
+SKIPIF NETSNMP_NO_WRITE_SUPPORT |
||||
+SKIPIF NETSNMP_DISABLE_SNMPV2C |
||||
+SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE |
||||
+ |
||||
+# |
||||
+# Begin test |
||||
+# |
||||
+ |
||||
+# standard V2C configuration: testcomunnity |
||||
+snmp_write_access='all' |
||||
+. ./Sv2cconfig |
||||
+STARTAGENT |
||||
+ |
||||
+CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0" |
||||
+ |
||||
+CHECK ".1.3.6.1.2.1.1.4.0 = STRING:" |
||||
+ |
||||
+CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x" |
||||
+ |
||||
+CHECK "Reason: wrongType" |
||||
+ |
||||
+STOPAGENT |
||||
+ |
||||
+FINISHED |
||||
|
@ -0,0 +1,98 @@
@@ -0,0 +1,98 @@
|
||||
From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001 |
||||
From: minfrin <minfrin@users.noreply.github.com> |
||||
Date: Tue, 5 Jan 2021 23:17:14 +0000 |
||||
Subject: [PATCH] Add support for digests detected from ECC certificates |
||||
|
||||
Previously, the digest could be detected on RSA certificates only. This |
||||
patch adds detection for ECC certificates. |
||||
|
||||
[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2 |
||||
back to _htmap ] |
||||
--- |
||||
snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++------- |
||||
1 file changed, 50 insertions(+), 10 deletions(-) |
||||
|
||||
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c |
||||
index c092a007a..432cb5c27 100644 |
||||
--- a/snmplib/snmp_openssl.c |
||||
+++ b/snmplib/snmp_openssl.c |
||||
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert) |
||||
} |
||||
} |
||||
|
||||
-static int _htmap[NS_HASH_MAX + 1] = { |
||||
- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption, |
||||
- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption, |
||||
- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption }; |
||||
+static const struct { |
||||
+ uint16_t nid; |
||||
+ uint16_t ht; |
||||
+} _htmap[] = { |
||||
+ { 0, NS_HASH_NONE }, |
||||
+#ifdef NID_md5WithRSAEncryption |
||||
+ { NID_md5WithRSAEncryption, NS_HASH_MD5 }, |
||||
+#endif |
||||
+#ifdef NID_sha1WithRSAEncryption |
||||
+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 }, |
||||
+#endif |
||||
+#ifdef NID_ecdsa_with_SHA1 |
||||
+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 }, |
||||
+#endif |
||||
+#ifdef NID_sha224WithRSAEncryption |
||||
+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 }, |
||||
+#endif |
||||
+#ifdef NID_ecdsa_with_SHA224 |
||||
+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 }, |
||||
+#endif |
||||
+#ifdef NID_sha256WithRSAEncryption |
||||
+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 }, |
||||
+#endif |
||||
+#ifdef NID_ecdsa_with_SHA256 |
||||
+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 }, |
||||
+#endif |
||||
+#ifdef NID_sha384WithRSAEncryption |
||||
+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 }, |
||||
+#endif |
||||
+#ifdef NID_ecdsa_with_SHA384 |
||||
+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 }, |
||||
+#endif |
||||
+#ifdef NID_sha512WithRSAEncryption |
||||
+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 }, |
||||
+#endif |
||||
+#ifdef NID_ecdsa_with_SHA512 |
||||
+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 }, |
||||
+#endif |
||||
+}; |
||||
|
||||
int |
||||
_nid2ht(int nid) |
||||
{ |
||||
int i; |
||||
- for (i=1; i<= NS_HASH_MAX; ++i) { |
||||
- if (nid == _htmap[i]) |
||||
- return i; |
||||
+ |
||||
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) { |
||||
+ if (_htmap[i].nid == nid) |
||||
+ return _htmap[i].ht; |
||||
} |
||||
return 0; |
||||
} |
||||
@@ -541,9 +577,13 @@ _nid2ht(int nid) |
||||
int |
||||
_ht2nid(int ht) |
||||
{ |
||||
- if ((ht < 0) || (ht > NS_HASH_MAX)) |
||||
- return 0; |
||||
- return _htmap[ht]; |
||||
+ int i; |
||||
+ |
||||
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) { |
||||
+ if (_htmap[i].ht == ht) |
||||
+ return _htmap[i].nid; |
||||
+ } |
||||
+ return 0; |
||||
} |
||||
#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */ |
||||
|
||||
|
@ -0,0 +1,18 @@
@@ -0,0 +1,18 @@
|
||||
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in |
||||
index ac3c60f..177c00f 100644 |
||||
--- a/net-snmp-create-v3-user.in |
||||
+++ b/net-snmp-create-v3-user.in |
||||
@@ -57,11 +57,11 @@ case $1 in |
||||
exit 1 |
||||
fi |
||||
case $1 in |
||||
- DES|AES|AES128) |
||||
+ AES|AES128|AES192|AES256) |
||||
Xalgorithm=$1 |
||||
shift |
||||
;; |
||||
- des|aes|aes128) |
||||
+ aes|aes128|aes192|aes256) |
||||
Xalgorithm=$(echo "$1" | tr a-z A-Z) |
||||
shift |
||||
;; |
@ -0,0 +1,46 @@
@@ -0,0 +1,46 @@
|
||||
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c |
||||
index 4f78df3..fd25b3f 100644 |
||||
--- a/agent/mibgroup/host/hr_filesys.c |
||||
+++ b/agent/mibgroup/host/hr_filesys.c |
||||
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = { |
||||
"shm", |
||||
"sockfs", |
||||
"sysfs", |
||||
+ "tmpfs", |
||||
"usbdevfs", |
||||
"usbfs", |
||||
#endif |
||||
diff --git a/agent/mibgroup/host/hr_storage.c b/agent/mibgroup/host/hr_storage.c |
||||
index 6b459ec..f7a376b 100644 |
||||
--- a/agent/mibgroup/host/hr_storage.c |
||||
+++ b/agent/mibgroup/host/hr_storage.c |
||||
@@ -540,9 +540,10 @@ really_try_next: |
||||
|
||||
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ]; |
||||
if (store_idx > NETSNMP_MEM_TYPE_MAX ) { |
||||
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, |
||||
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, |
||||
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && |
||||
- Check_HR_FileSys_NFS()) |
||||
+ Check_HR_FileSys_NFS()) || |
||||
+ Check_HR_FileSys_AutoFs()) |
||||
return NULL; /* or goto try_next; */ |
||||
if (Check_HR_FileSys_AutoFs()) |
||||
return NULL; |
||||
diff --git a/agent/mibgroup/host/hrh_storage.c b/agent/mibgroup/host/hrh_storage.c |
||||
index 8967d35..9bf2659 100644 |
||||
--- a/agent/mibgroup/host/hrh_storage.c |
||||
+++ b/agent/mibgroup/host/hrh_storage.c |
||||
@@ -366,9 +366,10 @@ really_try_next: |
||||
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ]; |
||||
if (HRFS_entry && |
||||
store_idx > NETSNMP_MEM_TYPE_MAX && |
||||
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, |
||||
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID, |
||||
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) && |
||||
- Check_HR_FileSys_NFS()) |
||||
+ Check_HR_FileSys_NFS()) || |
||||
+ Check_HR_FileSys_AutoFs())) |
||||
return NULL; |
||||
if (HRFS_entry && Check_HR_FileSys_AutoFs()) |
||||
return NULL; |
@ -0,0 +1,36 @@
@@ -0,0 +1,36 @@
|
||||
diff -urNp a/net-snmp-config.in b/net-snmp-config.in |
||||
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200 |
||||
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200 |
||||
@@ -140,10 +140,10 @@ else |
||||
;; |
||||
#################################################### compile |
||||
--base-cflags) |
||||
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR} |
||||
+ echo -I${NSC_INCLUDEDIR} |
||||
;; |
||||
--cflags|--cf*) |
||||
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR} |
||||
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR} |
||||
;; |
||||
--srcdir) |
||||
echo $NSC_SRCDIR |
||||
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL |
||||
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200 |
||||
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200 |
||||
@@ -1,3 +1,4 @@ |
||||
+use lib '.'; |
||||
use strict; |
||||
use warnings; |
||||
use ExtUtils::MakeMaker; |
||||
diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm |
||||
--- a/perl/MakefileSubs.pm 2020-08-26 08:32:52.498909823 +0200 |
||||
+++ b/perl/MakefileSubs.pm 2020-08-26 08:36:44.097218448 +0200 |
||||
@@ -116,7 +116,7 @@ sub AddCommonParams { |
||||
append($Params->{'CCFLAGS'}, $cflags); |
||||
append($Params->{'CCFLAGS'}, $Config{'ccflags'}); |
||||
# Suppress known Perl header shortcomings. |
||||
- $Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g; |
||||
+ $Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; |
||||
append($Params->{'CCFLAGS'}, '-Wformat'); |
||||
} |
||||
} |
@ -0,0 +1,22 @@
@@ -0,0 +1,22 @@
|
||||
diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c |
||||
index e9a8831..5a1d8e7 100644 |
||||
--- a/agent/mibgroup/disman/event/mteTrigger.c |
||||
+++ b/agent/mibgroup/disman/event/mteTrigger.c |
||||
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg) |
||||
* Similarly, if no fallEvent is configured, |
||||
* there's no point in trying to fire it either. |
||||
*/ |
||||
- if (entry->mteTThRiseEvent[0] != '\0' ) { |
||||
+ if (entry->mteTThFallEvent[0] != '\0' ) { |
||||
entry->mteTriggerXOwner = entry->mteTThObjOwner; |
||||
entry->mteTriggerXObjects = entry->mteTThObjects; |
||||
entry->mteTriggerFired = vp1; |
||||
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg) |
||||
* Similarly, if no fallEvent is configured, |
||||
* there's no point in trying to fire it either. |
||||
*/ |
||||
- if (entry->mteTThDRiseEvent[0] != '\0' ) { |
||||
+ if (entry->mteTThDFallEvent[0] != '\0' ) { |
||||
entry->mteTriggerXOwner = entry->mteTThObjOwner; |
||||
entry->mteTriggerXObjects = entry->mteTThObjects; |
||||
entry->mteTriggerFired = vp1; |
@ -0,0 +1,24 @@
@@ -0,0 +1,24 @@
|
||||
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in |
||||
index b0c71d9..ac3c60f 100644 |
||||
--- a/net-snmp-create-v3-user.in |
||||
+++ b/net-snmp-create-v3-user.in |
||||
@@ -14,6 +14,10 @@ Xalgorithm="DES" |
||||
token=rwuser |
||||
|
||||
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do |
||||
+case "$1" in |
||||
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; |
||||
+ *) optarg= ;; |
||||
+esac |
||||
|
||||
unset shifted |
||||
case $1 in |
||||
@@ -136,7 +140,7 @@ fi |
||||
echo "$line" >> "$outfile" |
||||
# Avoid that configure complains that this script ignores @datarootdir@ |
||||
echo "@datarootdir@" >/dev/null |
||||
-outfile="@datadir@/snmp/snmpd.conf" |
||||
+outfile="/etc/snmp/snmpd.conf" |
||||
line="$token $user" |
||||
echo "adding the following line to $outfile:" |
||||
echo " $line" |
@ -0,0 +1,180 @@
@@ -0,0 +1,180 @@
|
||||
diff --git a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c |
||||
index 7c756ff..ff22019 100644 |
||||
--- a/agent/mibgroup/ucd-snmp/disk.c |
||||
+++ b/agent/mibgroup/ucd-snmp/disk.c |
||||
@@ -153,9 +153,10 @@ static void disk_free_config(void); |
||||
static void disk_parse_config(const char *, char *); |
||||
static void disk_parse_config_all(const char *, char *); |
||||
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS |
||||
-static void find_and_add_allDisks(int minpercent); |
||||
+static void refresh_disk_table(int addNewDisks, int minpercent); |
||||
static void add_device(char *path, char *device, |
||||
- int minspace, int minpercent, int override); |
||||
+ int minspace, int minpercent, int addNewDisks, |
||||
+ int override); |
||||
static void modify_disk_parameters(int index, int minspace, |
||||
int minpercent); |
||||
static int disk_exists(char *path); |
||||
@@ -167,6 +168,7 @@ struct diskpart { |
||||
char path[STRMAX]; |
||||
int minimumspace; |
||||
int minpercent; |
||||
+ int alive; |
||||
}; |
||||
|
||||
#define MAX_INT_32 0x7fffffff |
||||
@@ -174,6 +176,7 @@ struct diskpart { |
||||
|
||||
unsigned int numdisks; |
||||
int allDisksIncluded = 0; |
||||
+int allDisksMinPercent = 0; |
||||
unsigned int maxdisks = 0; |
||||
struct diskpart *disks; |
||||
|
||||
@@ -238,6 +241,7 @@ init_disk(void) |
||||
disk_free_config, |
||||
"minpercent%"); |
||||
allDisksIncluded = 0; |
||||
+ allDisksMinPercent = 0; |
||||
} |
||||
|
||||
static void |
||||
@@ -253,6 +257,7 @@ disk_free_config(void) |
||||
disks[i].minpercent = -1; |
||||
} |
||||
allDisksIncluded = 0; |
||||
+ allDisksMinPercent = 0; |
||||
} |
||||
|
||||
static void |
||||
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, char *cptr) |
||||
* check if the disk already exists, if so then modify its |
||||
* parameters. if it does not exist then add it |
||||
*/ |
||||
- add_device(path, find_device(path), minspace, minpercent, 1); |
||||
+ add_device(path, find_device(path), minspace, minpercent, 1, 1); |
||||
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */ |
||||
} |
||||
|
||||
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token, char *cptr) |
||||
|
||||
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS |
||||
static void |
||||
-add_device(char *path, char *device, int minspace, int minpercent, int override) |
||||
+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override) |
||||
{ |
||||
int index; |
||||
|
||||
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int minspace, int minpercent, int override) |
||||
} |
||||
|
||||
index = disk_exists(path); |
||||
- if((index != -1) && (index < maxdisks) && (override==1)) { |
||||
- modify_disk_parameters(index, minspace, minpercent); |
||||
+ if((index != -1) && (index < maxdisks)) { |
||||
+ /* the path is already in the table */ |
||||
+ disks[index].alive = 1; |
||||
+ /* -> update its device */ |
||||
+ strlcpy(disks[index].device, device, sizeof(disks[index].device)); |
||||
+ if (override == 1) { |
||||
+ modify_disk_parameters(index, minspace, minpercent); |
||||
+ } |
||||
} |
||||
- else if(index == -1){ |
||||
+ else if(index == -1 && addNewDisks){ |
||||
/* add if and only if the device was found */ |
||||
if(device[0] != 0) { |
||||
/* The following buffers are cleared above, no need to add '\0' */ |
||||
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override) |
||||
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device)); |
||||
disks[numdisks].minimumspace = minspace; |
||||
disks[numdisks].minpercent = minpercent; |
||||
+ disks[numdisks].alive = 1; |
||||
numdisks++; |
||||
} |
||||
else { |
||||
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int minspace, int minpercent, int override) |
||||
disks[numdisks].minpercent = -1; |
||||
disks[numdisks].path[0] = 0; |
||||
disks[numdisks].device[0] = 0; |
||||
+ disks[numdisks].alive = 0; |
||||
} |
||||
} |
||||
} |
||||
@@ -444,7 +457,7 @@ int disk_exists(char *path) |
||||
} |
||||
|
||||
static void |
||||
-find_and_add_allDisks(int minpercent) |
||||
+refresh_disk_table(int addNewDisks, int minpercent) |
||||
{ |
||||
#if HAVE_GETMNTENT |
||||
#if HAVE_SYS_MNTTAB_H |
||||
@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent) |
||||
return; |
||||
} |
||||
while (mntfp && NULL != (mntent = getmntent(mntfp))) { |
||||
- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0); |
||||
+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0); |
||||
dummy = 1; |
||||
} |
||||
if (mntfp) |
||||
@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent) |
||||
return; |
||||
} |
||||
while ((i = getmntent(mntfp, &mnttab)) == 0) { |
||||
- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0); |
||||
+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0); |
||||
dummy = 1; |
||||
} |
||||
fclose(mntfp); |
||||
@@ -514,13 +527,13 @@ find_and_add_allDisks(int minpercent) |
||||
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT); |
||||
for (i = 0; i < mntsize; i++) { |
||||
add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, |
||||
- minpercent, 0); |
||||
+ minpercent, addNewDisks 0); |
||||
} |
||||
} |
||||
#elif HAVE_FSTAB_H |
||||
setfsent(); /* open /etc/fstab */ |
||||
while((fstab1 = getfsent()) != NULL) { |
||||
- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0); |
||||
+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0); |
||||
dummy = 1; |
||||
} |
||||
endfsent(); /* close /etc/fstab */ |
||||
@@ -535,7 +548,7 @@ find_and_add_allDisks(int minpercent) |
||||
* statfs we default to the root partition "/" |
||||
*/ |
||||
if (statfs("/", &statf) == 0) { |
||||
- add_device("/", statf.f_mntfromname, -1, minpercent, 0); |
||||
+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0); |
||||
} |
||||
#endif |
||||
else { |
||||
@@ -694,6 +707,10 @@ fill_dsk_entry(int disknum, struct dsk_entry *entry) |
||||
#endif |
||||
#endif |
||||
|
||||
+ if (disks[disknum].alive == 0){ |
||||
+ return -1; |
||||
+ } |
||||
+ |
||||
entry->dskPercentInode = -1; |
||||
|
||||
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS) |
||||
@@ -825,6 +842,13 @@ var_extensible_disk(struct variable *vp, |
||||
static char *errmsg; |
||||
static char empty_str[1]; |
||||
|
||||
+ int i; |
||||
+ for (i = 0; i < numdisks; i++){ |
||||
+ disks[i].alive = 0; |
||||
+ } |
||||
+ /* dynamically add new disks + update alive flag */ |
||||
+ refresh_disk_table(allDisksIncluded, allDisksMinPercent); |
||||
+ |
||||
tryAgain: |
||||
if (header_simple_table |
||||
(vp, name, length, exact, var_len, write_method, numdisks)) |
@ -0,0 +1,994 @@
@@ -0,0 +1,994 @@
|
||||
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h |
||||
index 80e2a19..143adbb 100644 |
||||
--- a/include/net-snmp/library/cert_util.h |
||||
+++ b/include/net-snmp/library/cert_util.h |
||||
@@ -55,7 +55,8 @@ extern "C" { |
||||
char *common_name; |
||||
|
||||
u_char hash_type; |
||||
- u_char _pad[3]; /* for future use */ |
||||
+ u_char _pad[1]; /* for future use */ |
||||
+ u_short offset; |
||||
} netsnmp_cert; |
||||
|
||||
/** types */ |
||||
@@ -100,6 +101,7 @@ extern "C" { |
||||
|
||||
NETSNMP_IMPORT |
||||
netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint); |
||||
+ netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint); |
||||
|
||||
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var); |
||||
|
||||
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h |
||||
index 471bb0b..6c5a23f 100644 |
||||
--- a/include/net-snmp/library/dir_utils.h |
||||
+++ b/include/net-snmp/library/dir_utils.h |
||||
@@ -53,6 +53,8 @@ extern "C" { |
||||
#define NETSNMP_DIR_NSFILE 0x0010 |
||||
/** load stats in netsnmp_file */ |
||||
#define NETSNMP_DIR_NSFILE_STATS 0x0020 |
||||
+/** allow files to be indexed more than once */ |
||||
+#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040 |
||||
|
||||
|
||||
|
||||
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c |
||||
index e7b7114..bee0b5f 100644 |
||||
--- a/snmplib/cert_util.c |
||||
+++ b/snmplib/cert_util.c |
||||
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all); |
||||
* bump this value whenever cert index format changes, so indexes |
||||
* will be regenerated with new format. |
||||
*/ |
||||
-#define CERT_INDEX_FORMAT 1 |
||||
+#define CERT_INDEX_FORMAT 2 |
||||
|
||||
static netsnmp_container *_certs = NULL; |
||||
static netsnmp_container *_keys = NULL; |
||||
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs, |
||||
netsnmp_cert_common *rhs); |
||||
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key); |
||||
static netsnmp_cert *_find_issuer(netsnmp_cert *cert); |
||||
+static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *matching); |
||||
+static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *matching, int what); |
||||
static netsnmp_void_array *_cert_find_subset_fn(const char *filename, |
||||
const char *directory); |
||||
static netsnmp_void_array *_cert_find_subset_sn(const char *subject); |
||||
@@ -345,6 +347,8 @@ _get_cert_container(const char *use) |
||||
{ |
||||
netsnmp_container *c; |
||||
|
||||
+ int rc; |
||||
+ |
||||
c = netsnmp_container_find("certs:binary_array"); |
||||
if (NULL == c) { |
||||
snmp_log(LOG_ERR, "could not create container for %s\n", use); |
||||
@@ -354,6 +358,8 @@ _get_cert_container(const char *use) |
||||
c->free_item = (netsnmp_container_obj_func*)_cert_free; |
||||
c->compare = (netsnmp_container_compare*)_cert_compare; |
||||
|
||||
+ CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc); |
||||
+ |
||||
return c; |
||||
} |
||||
|
||||
@@ -362,6 +368,8 @@ _setup_containers(void) |
||||
{ |
||||
netsnmp_container *additional_keys; |
||||
|
||||
+ int rc; |
||||
+ |
||||
_certs = _get_cert_container("netsnmp certificates"); |
||||
if (NULL == _certs) |
||||
return; |
||||
@@ -376,6 +384,7 @@ _setup_containers(void) |
||||
additional_keys->container_name = strdup("certs_cn"); |
||||
additional_keys->free_item = NULL; |
||||
additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare; |
||||
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc); |
||||
netsnmp_container_add_index(_certs, additional_keys); |
||||
|
||||
/** additional keys: subject name */ |
||||
@@ -389,6 +398,7 @@ _setup_containers(void) |
||||
additional_keys->free_item = NULL; |
||||
additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare; |
||||
additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare; |
||||
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc); |
||||
netsnmp_container_add_index(_certs, additional_keys); |
||||
|
||||
/** additional keys: file name */ |
||||
@@ -402,6 +412,7 @@ _setup_containers(void) |
||||
additional_keys->free_item = NULL; |
||||
additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare; |
||||
additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare; |
||||
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc); |
||||
netsnmp_container_add_index(_certs, additional_keys); |
||||
|
||||
_keys = netsnmp_container_find("cert_keys:binary_array"); |
||||
@@ -424,9 +435,9 @@ netsnmp_cert_map_container(void) |
||||
} |
||||
|
||||
static netsnmp_cert * |
||||
-_new_cert(const char *dirname, const char *filename, int certType, |
||||
- int hashType, const char *fingerprint, const char *common_name, |
||||
- const char *subject) |
||||
+_new_cert(const char *dirname, const char *filename, int certType, int offset, |
||||
+ int allowed_uses, int hashType, const char *fingerprint, |
||||
+ const char *common_name, const char *subject) |
||||
{ |
||||
netsnmp_cert *cert; |
||||
|
||||
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType, |
||||
|
||||
cert->info.dir = strdup(dirname); |
||||
cert->info.filename = strdup(filename); |
||||
- cert->info.allowed_uses = NS_CERT_REMOTE_PEER; |
||||
+ /* only the first certificate is allowed to be a remote peer */ |
||||
+ cert->info.allowed_uses = allowed_uses; |
||||
cert->info.type = certType; |
||||
+ cert->offset = offset; |
||||
if (fingerprint) { |
||||
cert->hash_type = hashType; |
||||
cert->fingerprint = strdup(fingerprint); |
||||
@@ -884,14 +897,86 @@ _certindex_new( const char *dirname ) |
||||
* certificate utility functions |
||||
* |
||||
*/ |
||||
+static BIO * |
||||
+netsnmp_open_bio(const char *dir, const char *filename) |
||||
+{ |
||||
+ BIO *certbio; |
||||
+ char file[SNMP_MAXPATH]; |
||||
+ |
||||
+ DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename)); |
||||
+ |
||||
+ certbio = BIO_new(BIO_s_file()); |
||||
+ if (NULL == certbio) { |
||||
+ snmp_log(LOG_ERR, "error creating BIO\n"); |
||||
+ return NULL; |
||||
+ } |
||||
+ |
||||
+ snprintf(file, sizeof(file),"%s/%s", dir, filename); |
||||
+ if (BIO_read_filename(certbio, file) <=0) { |
||||
+ snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", file); |
||||
+ BIO_vfree(certbio); |
||||
+ return NULL; |
||||
+ } |
||||
+ |
||||
+ return certbio; |
||||
+} |
||||
+ |
||||
+static void |
||||
+netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert) |
||||
+{ |
||||
+ int is_ca; |
||||
+ |
||||
+ cert->ocert = ocert; |
||||
+ |
||||
+ /* |
||||
+ * X509_check_ca return codes: |
||||
+ * 0 not a CA |
||||
+ * 1 is a CA |
||||
+ * 2 basicConstraints absent so "maybe" a CA |
||||
+ * 3 basicConstraints absent but self signed V1. |
||||
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. |
||||
+ * 5 outdated Netscape Certificate Type CA extension. |
||||
+ */ |
||||
+ is_ca = X509_check_ca(ocert); |
||||
+ if (1 == is_ca) |
||||
+ cert->info.allowed_uses |= NS_CERT_CA; |
||||
+ |
||||
+ if (NULL == cert->subject) { |
||||
+ cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL, |
||||
+ 0); |
||||
+ DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject)); |
||||
+ } |
||||
+ |
||||
+ if (NULL == cert->issuer) { |
||||
+ cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0); |
||||
+ if (strcmp(cert->subject, cert->issuer) == 0) { |
||||
+ free(cert->issuer); |
||||
+ cert->issuer = strdup("self-signed"); |
||||
+ } |
||||
+ DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer)); |
||||
+ } |
||||
+ |
||||
+ if (NULL == cert->fingerprint) { |
||||
+ cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert); |
||||
+ cert->fingerprint = |
||||
+ netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type); |
||||
+ } |
||||
+ |
||||
+ if (NULL == cert->common_name) { |
||||
+ cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL, |
||||
+ NULL); |
||||
+ DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name)); |
||||
+ } |
||||
+ |
||||
+} |
||||
+ |
||||
static X509 * |
||||
netsnmp_ocert_get(netsnmp_cert *cert) |
||||
{ |
||||
BIO *certbio; |
||||
X509 *ocert = NULL; |
||||
+ X509 *ncert = NULL; |
||||
EVP_PKEY *okey = NULL; |
||||
- char file[SNMP_MAXPATH]; |
||||
- int is_ca; |
||||
|
||||
if (NULL == cert) |
||||
return NULL; |
||||
@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert) |
||||
} |
||||
} |
||||
|
||||
- DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename)); |
||||
- |
||||
- certbio = BIO_new(BIO_s_file()); |
||||
- if (NULL == certbio) { |
||||
- snmp_log(LOG_ERR, "error creating BIO\n"); |
||||
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename); |
||||
+ if (!certbio) { |
||||
return NULL; |
||||
} |
||||
|
||||
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename); |
||||
- if (BIO_read_filename(certbio, file) <=0) { |
||||
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file); |
||||
- BIO_vfree(certbio); |
||||
- return NULL; |
||||
- } |
||||
- |
||||
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) { |
||||
- char *pos = strrchr(cert->info.filename, '.'); |
||||
- if (NULL == pos) |
||||
- return NULL; |
||||
- cert->info.type = _cert_ext_type(++pos); |
||||
- netsnmp_assert(cert->info.type != NS_CERT_TYPE_UNKNOWN); |
||||
- } |
||||
- |
||||
switch (cert->info.type) { |
||||
|
||||
case NS_CERT_TYPE_DER: |
||||
+ (void)BIO_seek(certbio, cert->offset); |
||||
ocert = d2i_X509_bio(certbio,NULL); /* DER/ASN1 */ |
||||
if (NULL != ocert) |
||||
break; |
||||
- (void)BIO_reset(certbio); |
||||
/* Check for PEM if DER didn't work */ |
||||
/* FALLTHROUGH */ |
||||
|
||||
case NS_CERT_TYPE_PEM: |
||||
- ocert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); |
||||
+ (void)BIO_seek(certbio, cert->offset); |
||||
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); |
||||
if (NULL == ocert) |
||||
break; |
||||
if (NS_CERT_TYPE_DER == cert->info.type) { |
||||
DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n")); |
||||
cert->info.type = NS_CERT_TYPE_PEM; |
||||
} |
||||
- /** check for private key too */ |
||||
- if (NULL == cert->key) { |
||||
- (void)BIO_reset(certbio); |
||||
- okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); |
||||
+ /** check for private key too, but only if we're the first certificate */ |
||||
+ if (0 == cert->offset && NULL == cert->key) { |
||||
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); |
||||
if (NULL != okey) { |
||||
netsnmp_key *key; |
||||
DEBUGMSGT(("cert:read:key", "found key with cert in %s\n", |
||||
@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert) |
||||
break; |
||||
#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER |
||||
case NS_CERT_TYPE_PKCS12: |
||||
- (void)BIO_reset(certbio); |
||||
+ (void)BIO_seek(certbio, cert->offset); |
||||
PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL); |
||||
if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) || |
||||
PKCS12_verify_mac(p12, NULL, 0))) |
||||
@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert) |
||||
return NULL; |
||||
} |
||||
|
||||
- cert->ocert = ocert; |
||||
- /* |
||||
- * X509_check_ca return codes: |
||||
- * 0 not a CA |
||||
- * 1 is a CA |
||||
- * 2 basicConstraints absent so "maybe" a CA |
||||
- * 3 basicConstraints absent but self signed V1. |
||||
- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. |
||||
- * 5 outdated Netscape Certificate Type CA extension. |
||||
- */ |
||||
- is_ca = X509_check_ca(ocert); |
||||
- if (1 == is_ca) |
||||
- cert->info.allowed_uses |= NS_CERT_CA; |
||||
- |
||||
- if (NULL == cert->subject) { |
||||
- cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL, |
||||
- 0); |
||||
- DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject)); |
||||
- } |
||||
- |
||||
- if (NULL == cert->issuer) { |
||||
- cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0); |
||||
- if (strcmp(cert->subject, cert->issuer) == 0) { |
||||
- free(cert->issuer); |
||||
- cert->issuer = strdup("self-signed"); |
||||
- } |
||||
- DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer)); |
||||
- } |
||||
- |
||||
- if (NULL == cert->fingerprint) { |
||||
- cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert); |
||||
- cert->fingerprint = |
||||
- netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type); |
||||
- } |
||||
- |
||||
- if (NULL == cert->common_name) { |
||||
- cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL, |
||||
- NULL); |
||||
- DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name)); |
||||
- } |
||||
+ netsnmp_ocert_parse(cert, ocert); |
||||
|
||||
return ocert; |
||||
} |
||||
@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key) |
||||
{ |
||||
BIO *keybio; |
||||
EVP_PKEY *okey; |
||||
- char file[SNMP_MAXPATH]; |
||||
|
||||
if (NULL == key) |
||||
return NULL; |
||||
@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key) |
||||
if (key->okey) |
||||
return key->okey; |
||||
|
||||
- snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename); |
||||
- DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename)); |
||||
- |
||||
- keybio = BIO_new(BIO_s_file()); |
||||
- if (NULL == keybio) { |
||||
- snmp_log(LOG_ERR, "error creating BIO\n"); |
||||
- return NULL; |
||||
- } |
||||
- |
||||
- if (BIO_read_filename(keybio, file) <=0) { |
||||
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", |
||||
- key->info.filename); |
||||
- BIO_vfree(keybio); |
||||
+ keybio = netsnmp_open_bio(key->info.dir, key->info.filename); |
||||
+ if (!keybio) { |
||||
return NULL; |
||||
} |
||||
|
||||
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) |
||||
cert->issuer_cert = _find_issuer(cert); |
||||
if (NULL == cert->issuer_cert) { |
||||
DEBUGMSGT(("cert:load:warn", |
||||
- "couldn't load CA chain for cert %s\n", |
||||
+ "couldn't load full CA chain for cert %s\n", |
||||
cert->info.filename)); |
||||
rc = CERT_LOAD_PARTIAL; |
||||
break; |
||||
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert) |
||||
/** get issuer ocert */ |
||||
if ((NULL == cert->issuer_cert->ocert) && |
||||
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) { |
||||
- DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n", |
||||
+ DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for %s\n", |
||||
cert->info.filename)); |
||||
rc = CERT_LOAD_PARTIAL; |
||||
break; |
||||
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) |
||||
return; |
||||
} |
||||
|
||||
- if(key) { |
||||
+ if (key) { |
||||
if (key->cert) { |
||||
DEBUGMSGT(("cert:partner", "key already has partner\n")); |
||||
return; |
||||
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) |
||||
return; |
||||
*pos = 0; |
||||
|
||||
- matching = _cert_find_subset_fn( filename, key->info.dir ); |
||||
+ matching = _cert_reduce_subset_first(_cert_find_subset_fn( filename, |
||||
+ key->info.dir )); |
||||
if (!matching) |
||||
return; |
||||
if (1 == matching->size) { |
||||
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) |
||||
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n", |
||||
key->info.filename)); |
||||
} |
||||
- else if(cert) { |
||||
+ else if (cert) { |
||||
if (cert->key) { |
||||
DEBUGMSGT(("cert:partner", "cert already has partner\n")); |
||||
return; |
||||
@@ -1255,76 +1272,189 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key) |
||||
} |
||||
} |
||||
|
||||
+static netsnmp_key * |
||||
+_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *index) |
||||
+{ |
||||
+ netsnmp_key *key; |
||||
+ |
||||
+ key = _new_key(dirname, filename); |
||||
+ if (NULL == key) { |
||||
+ return NULL; |
||||
+ } |
||||
+ |
||||
+ key->okey = okey; |
||||
+ |
||||
+ if (-1 == CONTAINER_INSERT(_keys, key)) { |
||||
+ DEBUGMSGT(("cert:key:file:add:err", |
||||
+ "error inserting key into container\n")); |
||||
+ netsnmp_key_free(key); |
||||
+ key = NULL; |
||||
+ } |
||||
+ if (index) { |
||||
+ fprintf(index, "k:%s\n", filename); |
||||
+ } |
||||
+ |
||||
+ return key; |
||||
+} |
||||
+ |
||||
+static netsnmp_cert * |
||||
+_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, |
||||
+ int allowed_uses, FILE *index) |
||||
+{ |
||||
+ netsnmp_cert *cert; |
||||
+ |
||||
+ cert = _new_cert(dirname, filename, type, offset, |
||||
+ allowed_uses, -1, NULL, NULL, NULL); |
||||
+ if (NULL == cert) |
||||
+ return NULL; |
||||
+ |
||||
+ netsnmp_ocert_parse(cert, ocert); |
||||
+ |
||||
+ if (-1 == CONTAINER_INSERT(_certs, cert)) { |
||||
+ DEBUGMSGT(("cert:file:add:err", |
||||
+ "error inserting cert into container\n")); |
||||
+ netsnmp_cert_free(cert); |
||||
+ return NULL; |
||||
+ } |
||||
+ |
||||
+ if (index) { |
||||
+ /** filename = NAME_MAX = 255 */ |
||||
+ /** fingerprint max = 64*3=192 for sha512 */ |
||||
+ /** common name / CN = 64 */ |
||||
+ if (cert) |
||||
+ fprintf(index, "c:%s %d %d %d %d %s '%s' '%s'\n", filename, |
||||
+ cert->info.type, cert->offset, cert->info.allowed_uses, |
||||
+ cert->hash_type, cert->fingerprint, |
||||
+ cert->common_name, cert->subject); |
||||
+ } |
||||
+ |
||||
+ return cert; |
||||
+} |
||||
+ |
||||
static int |
||||
_add_certfile(const char* dirname, const char* filename, FILE *index) |
||||
{ |
||||
- X509 *ocert; |
||||
- EVP_PKEY *okey; |
||||
+ BIO *certbio; |
||||
+ X509 *ocert = NULL; |
||||
+ X509 *ncert; |
||||
+ EVP_PKEY *okey = NULL; |
||||
netsnmp_cert *cert = NULL; |
||||
netsnmp_key *key = NULL; |
||||
char certfile[SNMP_MAXPATH]; |
||||
int type; |
||||
+ int offset = 0; |
||||
|
||||
if (((const void*)NULL == dirname) || (NULL == filename)) |
||||
return -1; |
||||
|
||||
type = _type_from_filename(filename); |
||||
- netsnmp_assert(type != NS_CERT_TYPE_UNKNOWN); |
||||
+ if (type == NS_CERT_TYPE_UNKNOWN) { |
||||
+ snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignoring\n", filename); |
||||
+ return -1; |
||||
+ } |
||||
|
||||
- snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename); |
||||
+ certbio = netsnmp_open_bio(dirname, filename); |
||||
+ if (!certbio) { |
||||
+ return -1; |
||||
+ } |
||||
|
||||
- DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename, |
||||
- type)); |
||||
+ switch (type) { |
||||
|
||||
- if (NS_CERT_TYPE_KEY == type) { |
||||
- key = _new_key(dirname, filename); |
||||
- if (NULL == key) |
||||
- return -1; |
||||
- okey = netsnmp_okey_get(key); |
||||
- if (NULL == okey) { |
||||
- netsnmp_key_free(key); |
||||
- return -1; |
||||
- } |
||||
- key->okey = okey; |
||||
- if (-1 == CONTAINER_INSERT(_keys, key)) { |
||||
- DEBUGMSGT(("cert:key:file:add:err", |
||||
- "error inserting key into container\n")); |
||||
- netsnmp_key_free(key); |
||||
- key = NULL; |
||||
- } |
||||
- } |
||||
- else { |
||||
- cert = _new_cert(dirname, filename, type, -1, NULL, NULL, NULL); |
||||
- if (NULL == cert) |
||||
- return -1; |
||||
- ocert = netsnmp_ocert_get(cert); |
||||
- if (NULL == ocert) { |
||||
- netsnmp_cert_free(cert); |
||||
- return -1; |
||||
- } |
||||
- cert->ocert = ocert; |
||||
- if (-1 == CONTAINER_INSERT(_certs, cert)) { |
||||
- DEBUGMSGT(("cert:file:add:err", |
||||
- "error inserting cert into container\n")); |
||||
- netsnmp_cert_free(cert); |
||||
- cert = NULL; |
||||
- } |
||||
- } |
||||
- if ((NULL == cert) && (NULL == key)) { |
||||
- DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile)); |
||||
- return -1; |
||||
+ case NS_CERT_TYPE_KEY: |
||||
+ |
||||
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); |
||||
+ if (NULL == okey) |
||||
+ snmp_log(LOG_ERR, "error parsing key file %s\n", |
||||
+ key->info.filename); |
||||
+ else { |
||||
+ key = _add_key(okey, dirname, filename, index); |
||||
+ if (NULL == key) { |
||||
+ EVP_PKEY_free(okey); |
||||
+ okey = NULL; |
||||
+ } |
||||
+ } |
||||
+ break; |
||||
+ |
||||
+ case NS_CERT_TYPE_DER: |
||||
+ |
||||
+ ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */ |
||||
+ if (NULL != ocert) { |
||||
+ if (!_add_cert(ocert, dirname, filename, type, 0, |
||||
+ NS_CERT_REMOTE_PEER, index)) { |
||||
+ X509_free(ocert); |
||||
+ ocert = NULL; |
||||
+ } |
||||
+ break; |
||||
+ } |
||||
+ (void)BIO_reset(certbio); |
||||
+ /* Check for PEM if DER didn't work */ |
||||
+ /* FALLTHROUGH */ |
||||
+ |
||||
+ case NS_CERT_TYPE_PEM: |
||||
+ |
||||
+ if (NS_CERT_TYPE_DER == type) { |
||||
+ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n")); |
||||
+ type = NS_CERT_TYPE_PEM; |
||||
+ } |
||||
+ |
||||
+ /* read the private key first so we can record this in the index */ |
||||
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL); |
||||
+ |
||||
+ (void)BIO_reset(certbio); |
||||
+ |
||||
+ /* certs are read after the key */ |
||||
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); |
||||
+ if (NULL != ocert) { |
||||
+ cert = _add_cert(ncert, dirname, filename, type, 0, |
||||
+ okey ? NS_CERT_IDENTITY | NS_CERT_REMOTE_PEER : |
||||
+ NS_CERT_REMOTE_PEER, index); |
||||
+ if (NULL == cert) { |
||||
+ X509_free(ocert); |
||||
+ ocert = ncert = NULL; |
||||
+ } |
||||
+ } |
||||
+ while (NULL != ncert) { |
||||
+ offset = BIO_tell(certbio); |
||||
+ ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL); |
||||
+ if (ncert) { |
||||
+ if (NULL == _add_cert(ncert, dirname, filename, type, offset, 0, index)) { |
||||
+ X509_free(ncert); |
||||
+ ncert = NULL; |
||||
+ } |
||||
+ } |
||||
+ } |
||||
+ |
||||
+ if (NULL != okey) { |
||||
+ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n", |
||||
+ cert->info.filename)); |
||||
+ key = _add_key(okey, dirname, filename, NULL); |
||||
+ if (NULL != key) { |
||||
+ DEBUGMSGT(("cert:read:partner", "%s match found!\n", |
||||
+ cert->info.filename)); |
||||
+ key->cert = cert; |
||||
+ cert->key = key; |
||||
+ } |
||||
+ else { |
||||
+ EVP_PKEY_free(okey); |
||||
+ okey = NULL; |
||||
+ } |
||||
+ } |
||||
+ |
||||
+ break; |
||||
+ |
||||
+#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER |
||||
+ case NS_CERT_TYPE_PKCS12: |
||||
+#endif |
||||
+ |
||||
+ default: |
||||
+ break; |
||||
} |
||||
|
||||
- if (index) { |
||||
- /** filename = NAME_MAX = 255 */ |
||||
- /** fingerprint max = 64*3=192 for sha512 */ |
||||
- /** common name / CN = 64 */ |
||||
- if (cert) |
||||
- fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename, |
||||
- cert->info.type, cert->hash_type, cert->fingerprint, |
||||
- cert->common_name, cert->subject); |
||||
- else if (key) |
||||
- fprintf(index, "k:%s\n", filename); |
||||
+ BIO_vfree(certbio); |
||||
+ |
||||
+ if ((NULL == ocert) && (NULL == okey)) { |
||||
+ snmp_log(LOG_ERR, "certificate file '%s' contained neither certificate nor key, ignoring\n", certfile); |
||||
+ return -1; |
||||
} |
||||
|
||||
return 0; |
||||
@@ -1338,8 +1468,10 @@ _cert_read_index(const char *dirname, struct stat *dirstat) |
||||
struct stat idx_stat; |
||||
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX]; |
||||
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15]; |
||||
- char subject[SNMP_MAXBUF_SMALL], hash_str[15]; |
||||
- int count = 0, type, hash, version; |
||||
+ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15]; |
||||
+ char allowed_uses_str[15]; |
||||
+ ssize_t offset; |
||||
+ int count = 0, type, allowed_uses, hash, version; |
||||
netsnmp_cert *cert; |
||||
netsnmp_key *key; |
||||
netsnmp_container *newer, *found; |
||||
@@ -1381,7 +1513,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) |
||||
netsnmp_directory_container_read_some(NULL, dirname, |
||||
_time_filter, &idx_stat, |
||||
NETSNMP_DIR_NSFILE | |
||||
- NETSNMP_DIR_NSFILE_STATS); |
||||
+ NETSNMP_DIR_NSFILE_STATS | |
||||
+ NETSNMP_DIR_ALLOW_DUPLICATES); |
||||
if (newer) { |
||||
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n")); |
||||
CONTAINER_FREE_ALL(newer, NULL); |
||||
@@ -1425,6 +1558,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat) |
||||
pos = &tmpstr[2]; |
||||
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) || |
||||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) || |
||||
+ (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) || |
||||
+ (NULL == (pos=copy_nword(pos, allowed_uses_str, sizeof(allowed_uses_str)))) || |
||||
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) || |
||||
(NULL == (pos=copy_nword(pos, fingerprint, |
||||
sizeof(fingerprint)))) || |
||||
@@ -1437,9 +1572,11 @@ _cert_read_index(const char *dirname, struct stat *dirstat) |
||||
break; |
||||
} |
||||
type = atoi(type_str); |
||||
+ offset = atoi(offset_str); |
||||
+ allowed_uses = atoi(allowed_uses_str); |
||||
hash = atoi(hash_str); |
||||
- cert = _new_cert(dirname, filename, type, hash, fingerprint, |
||||
- common_name, subject); |
||||
+ cert = _new_cert(dirname, filename, type, offset, allowed_uses, hash, |
||||
+ fingerprint, common_name, subject); |
||||
if (cert && 0 == CONTAINER_INSERT(found, cert)) |
||||
++count; |
||||
else { |
||||
@@ -1543,7 +1680,8 @@ _add_certdir(const char *dirname) |
||||
netsnmp_directory_container_read_some(NULL, dirname, |
||||
_cert_cert_filter, NULL, |
||||
NETSNMP_DIR_RELATIVE_PATH | |
||||
- NETSNMP_DIR_EMPTY_OK ); |
||||
+ NETSNMP_DIR_EMPTY_OK | |
||||
+ NETSNMP_DIR_ALLOW_DUPLICATES); |
||||
if (NULL == cert_container) { |
||||
DEBUGMSGT(("cert:index:dir", |
||||
"error creating container for cert files\n")); |
||||
@@ -1631,7 +1769,7 @@ _cert_print(netsnmp_cert *c, void *context) |
||||
if (NULL == c) |
||||
return; |
||||
|
||||
- DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.dir)); |
||||
+ DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filename, c->info.dir, c->offset)); |
||||
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n", |
||||
c->info.type, c->info.allowed_uses, |
||||
_mode_str(c->info.allowed_uses))); |
||||
@@ -1835,7 +1973,8 @@ netsnmp_cert_find(int what, int where, void *hint) |
||||
netsnmp_void_array *matching; |
||||
|
||||
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint)); |
||||
- matching = _cert_find_subset_fn( filename, NULL ); |
||||
+ matching = _cert_reduce_subset_what(_cert_find_subset_fn( |
||||
+ filename, NULL ), what); |
||||
if (!matching) |
||||
return NULL; |
||||
if (1 == matching->size) |
||||
@@ -1881,6 +2020,32 @@ netsnmp_cert_find(int what, int where, void *hint) |
||||
return result; |
||||
} |
||||
|
||||
+netsnmp_void_array * |
||||
+netsnmp_certs_find(int what, int where, void *hint) |
||||
+{ |
||||
+ |
||||
+ DEBUGMSGT(("certs:find:params", "looking for %s(%d) in %s(0x%x), hint %p\n", |
||||
+ _mode_str(what), what, _where_str(where), where, hint)); |
||||
+ |
||||
+ if (NS_CERTKEY_FILE == where) { |
||||
+ /** hint == filename */ |
||||
+ char *filename = (char*)hint; |
||||
+ netsnmp_void_array *matching; |
||||
+ |
||||
+ DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint)); |
||||
+ matching = _cert_reduce_subset_what(_cert_find_subset_fn( |
||||
+ filename, NULL ), what); |
||||
+ |
||||
+ return matching; |
||||
+ } /* where = NS_CERTKEY_FILE */ |
||||
+ else { /* unknown location */ |
||||
+ |
||||
+ DEBUGMSGT(("certs:find:err", "unhandled location %d for %d\n", where, |
||||
+ what)); |
||||
+ return NULL; |
||||
+ } |
||||
+} |
||||
+ |
||||
#ifndef NETSNMP_FEATURE_REMOVE_CERT_FINGERPRINTS |
||||
int |
||||
netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var) |
||||
@@ -2278,6 +2443,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory) |
||||
} |
||||
} |
||||
|
||||
+/* |
||||
+ * reduce subset by eliminating any certificates that are not the |
||||
+ * first certficate in a file. This allows us to ignore certificate |
||||
+ * chains when testing for specific certificates, and to match keys |
||||
+ * to the first certificate only. |
||||
+ */ |
||||
+static netsnmp_void_array * |
||||
+_cert_reduce_subset_first(netsnmp_void_array *matching) |
||||
+{ |
||||
+ netsnmp_cert *cc; |
||||
+ int i = 0, j, newsize; |
||||
+ |
||||
+ if ((NULL == matching)) |
||||
+ return matching; |
||||
+ |
||||
+ newsize = matching->size; |
||||
+ |
||||
+ for( ; i < matching->size; ) { |
||||
+ /* |
||||
+ * if we've shifted matches down we'll hit a NULL entry before |
||||
+ * we hit the end of the array. |
||||
+ */ |
||||
+ if (NULL == matching->array[i]) |
||||
+ break; |
||||
+ /* |
||||
+ * skip over valid matches. The first entry has an offset of zero. |
||||
+ */ |
||||
+ cc = (netsnmp_cert*)matching->array[i]; |
||||
+ if (0 == cc->offset) { |
||||
+ ++i; |
||||
+ continue; |
||||
+ } |
||||
+ /* |
||||
+ * shrink array by shifting everything down a spot. Might not be |
||||
+ * the most efficient soloution, but this is just happening at |
||||
+ * startup and hopefully most certs won't have common prefixes. |
||||
+ */ |
||||
+ --newsize; |
||||
+ for ( j=i; j < newsize; ++j ) |
||||
+ matching->array[j] = matching->array[j+1]; |
||||
+ matching->array[j] = NULL; |
||||
+ /** no ++i; just shifted down, need to look at same position again */ |
||||
+ } |
||||
+ /* |
||||
+ * if we shifted, set the new size |
||||
+ */ |
||||
+ if (newsize != matching->size) { |
||||
+ DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d to %d\n", |
||||
+ matching->size, newsize)); |
||||
+ matching->size = newsize; |
||||
+ } |
||||
+ |
||||
+ if (0 == matching->size) { |
||||
+ free(matching->array); |
||||
+ SNMP_FREE(matching); |
||||
+ } |
||||
+ |
||||
+ return matching; |
||||
+} |
||||
+ |
||||
+/* |
||||
+ * reduce subset by eliminating any certificates that do not match |
||||
+ * purpose specified. |
||||
+ */ |
||||
+static netsnmp_void_array * |
||||
+_cert_reduce_subset_what(netsnmp_void_array *matching, int what) |
||||
+{ |
||||
+ netsnmp_cert_common *cc; |
||||
+ int i = 0, j, newsize; |
||||
+ |
||||
+ if ((NULL == matching)) |
||||
+ return matching; |
||||
+ |
||||
+ newsize = matching->size; |
||||
+ |
||||
+ for( ; i < matching->size; ) { |
||||
+ /* |
||||
+ * if we've shifted matches down we'll hit a NULL entry before |
||||
+ * we hit the end of the array. |
||||
+ */ |
||||
+ if (NULL == matching->array[i]) |
||||
+ break; |
||||
+ /* |
||||
+ * skip over valid matches. The first entry has an offset of zero. |
||||
+ */ |
||||
+ cc = (netsnmp_cert_common *)matching->array[i]; |
||||
+ if ((cc->allowed_uses & what)) { |
||||
+ ++i; |
||||
+ continue; |
||||
+ } |
||||
+ /* |
||||
+ * shrink array by shifting everything down a spot. Might not be |
||||
+ * the most efficient soloution, but this is just happening at |
||||
+ * startup and hopefully most certs won't have common prefixes. |
||||
+ */ |
||||
+ --newsize; |
||||
+ for ( j=i; j < newsize; ++j ) |
||||
+ matching->array[j] = matching->array[j+1]; |
||||
+ matching->array[j] = NULL; |
||||
+ /** no ++i; just shifted down, need to look at same position again */ |
||||
+ } |
||||
+ /* |
||||
+ * if we shifted, set the new size |
||||
+ */ |
||||
+ if (newsize != matching->size) { |
||||
+ DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to %d\n", |
||||
+ matching->size, newsize)); |
||||
+ matching->size = newsize; |
||||
+ } |
||||
+ |
||||
+ if (0 == matching->size) { |
||||
+ free(matching->array); |
||||
+ SNMP_FREE(matching); |
||||
+ } |
||||
+ |
||||
+ return matching; |
||||
+} |
||||
+ |
||||
static netsnmp_void_array * |
||||
_cert_find_subset_common(const char *filename, netsnmp_container *container) |
||||
{ |
||||
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c |
||||
index c2dd989..e7145e4 100644 |
||||
--- a/snmplib/dir_utils.c |
||||
+++ b/snmplib/dir_utils.c |
||||
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container, |
||||
/** default to unsorted */ |
||||
if (! (flags & NETSNMP_DIR_SORTED)) |
||||
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc); |
||||
+ /** default to duplicates not allowed */ |
||||
+ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES)) |
||||
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc); |
||||
} |
||||
|
||||
dir = opendir(dirname); |
||||
diff --git a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c |
||||
index a3a85bc..b9baeae 100644 |
||||
--- a/snmplib/transports/snmpTLSBaseDomain.c |
||||
+++ b/snmplib/transports/snmpTLSBaseDomain.c |
||||
@@ -68,7 +68,7 @@ static unsigned long ERR_get_error_all(const char **file, int *line, |
||||
/* this is called during negotiation */ |
||||
int verify_callback(int ok, X509_STORE_CTX *ctx) { |
||||
int err, depth; |
||||
- char buf[1024], *fingerprint; |
||||
+ char subject[SNMP_MAXBUF_MEDIUM], issuer[SNMP_MAXBUF_MEDIUM], *fingerprint; |
||||
X509 *thecert; |
||||
netsnmp_cert *cert; |
||||
_netsnmp_verify_info *verify_info; |
||||
@@ -80,10 +80,12 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) { |
||||
|
||||
/* things to do: */ |
||||
|
||||
- X509_NAME_oneline(X509_get_subject_name(thecert), buf, sizeof(buf)); |
||||
+ X509_NAME_oneline(X509_get_subject_name(thecert), subject, sizeof(subject)); |
||||
+ X509_NAME_oneline(X509_get_issuer_name(thecert), issuer, sizeof(issuer)); |
||||
fingerprint = netsnmp_openssl_cert_get_fingerprint(thecert, -1); |
||||
- DEBUGMSGTL(("tls_x509:verify", "Cert: %s\n", buf)); |
||||
- DEBUGMSGTL(("tls_x509:verify", " fp: %s\n", fingerprint ? |
||||
+ DEBUGMSGTL(("tls_x509:verify", " subject: %s\n", subject)); |
||||
+ DEBUGMSGTL(("tls_x509:verify", " issuer: %s\n", issuer)); |
||||
+ DEBUGMSGTL(("tls_x509:verify", " fp: %s\n", fingerprint ? |
||||
fingerprint : "unknown")); |
||||
|
||||
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); |
||||
@@ -118,7 +120,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) { |
||||
} else { |
||||
DEBUGMSGTL(("tls_x509:verify", " no matching fp found\n")); |
||||
/* log where we are and why called */ |
||||
- snmp_log(LOG_ERR, "tls verification failure: ok=%d ctx=%p depth=%d err=%i:%s\n", ok, ctx, depth, err, X509_verify_cert_error_string(err)); |
||||
+ snmp_log(LOG_ERR, "tls verification failure: ok=%d ctx=%p depth=%d fp=%s subject='%s' issuer='%s' err=%i:%s\n", ok, ctx, depth, fingerprint, subject, issuer, err, X509_verify_cert_error_string(err)); |
||||
SNMP_FREE(fingerprint); |
||||
return 0; |
||||
} |
||||
@@ -434,21 +436,48 @@ netsnmp_tlsbase_extract_security_name(SSL *ssl, _netsnmpTLSBaseData *tlsdata) { |
||||
int |
||||
_trust_this_cert(SSL_CTX *the_ctx, char *certspec) { |
||||
netsnmp_cert *trustcert; |
||||
+ netsnmp_cert *candidate; |
||||
+ netsnmp_void_array *matching = NULL; |
||||
+ |
||||
+ int i; |
||||
|
||||
DEBUGMSGTL(("sslctx_client", "Trying to load a trusted certificate: %s\n", |
||||
certspec)); |
||||
|
||||
/* load this identifier into the trust chain */ |
||||
trustcert = netsnmp_cert_find(NS_CERT_CA, |
||||
- NS_CERTKEY_MULTIPLE, |
||||
+ NS_CERTKEY_FINGERPRINT, |
||||
certspec); |
||||
+ |
||||
+ /* loop through all CA certs in the given files */ |
||||
+ if (!trustcert) { |
||||
+ matching = netsnmp_certs_find(NS_CERT_CA, |
||||
+ NS_CERTKEY_FILE, |
||||
+ certspec); |
||||
+ for (i = 0; (matching) && (i < matching->size); ++i) { |
||||
+ candidate = (netsnmp_cert*)matching->array[i]; |
||||
+ if (netsnmp_cert_trust(the_ctx, candidate) != SNMPERR_SUCCESS) { |
||||
+ free(matching->array); |
||||
+ free(matching); |
||||
+ LOGANDDIE("failed to load trust certificate"); |
||||
+ } |
||||
+ } /** matching loop */ |
||||
+ |
||||
+ if (matching) { |
||||
+ free(matching->array); |
||||
+ free(matching); |
||||
+ return 1; |
||||
+ } |
||||
+ } |
||||
+ |
||||
+ /* fall back to trusting the remote peer certificate */ |
||||
if (!trustcert) |
||||
trustcert = netsnmp_cert_find(NS_CERT_REMOTE_PEER, |
||||
NS_CERTKEY_MULTIPLE, |
||||
certspec); |
||||
if (!trustcert) |
||||
LOGANDDIE("failed to find requested certificate to trust"); |
||||
- |
||||
+ |
||||
/* Add the certificate to the context */ |
||||
if (netsnmp_cert_trust(the_ctx, trustcert) != SNMPERR_SUCCESS) |
||||
LOGANDDIE("failed to load trust certificate"); |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c |
||||
--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100 |
||||
+++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100 |
||||
@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc, |
||||
char * |
||||
snmp_log_syslogname(const char *pstr) |
||||
{ |
||||
- if (pstr) |
||||
+ if (pstr && (pstr != syslogname)) |
||||
strlcpy (syslogname, pstr, sizeof(syslogname)); |
||||
|
||||
return syslogname; |
@ -0,0 +1,13 @@
@@ -0,0 +1,13 @@
|
||||
diff --git a/apps/Makefile.in b/apps/Makefile.in |
||||
index d4529d3..175242b 100644 |
||||
--- a/apps/Makefile.in |
||||
+++ b/apps/Makefile.in |
||||
@@ -237,7 +237,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS) |
||||
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap |
||||
|
||||
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS) |
||||
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LDFLAGS) |
||||
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS) |
||||
$(RANLIB) $@ |
||||
|
||||
snmpinforminstall: |
@ -0,0 +1,28 @@
@@ -0,0 +1,28 @@
|
||||
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c |
||||
index 6d5e86c..68b55d2 100644 |
||||
--- a/agent/mibgroup/hardware/memory/memory_linux.c |
||||
+++ b/agent/mibgroup/hardware/memory/memory_linux.c |
||||
@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) { |
||||
if (first) |
||||
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n"); |
||||
} |
||||
+ b = strstr(buff, "SReclaimable: "); |
||||
+ if (b) |
||||
+ sscanf(b, "SReclaimable: %lu", &sreclaimable); |
||||
+ else { |
||||
+ if (first) |
||||
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n"); |
||||
+ } |
||||
b = strstr(buff, "SwapFree: "); |
||||
if (b) |
||||
sscanf(b, "SwapFree: %lu", &swapfree); |
||||
@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) { |
||||
if (first) |
||||
snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n"); |
||||
} |
||||
- b = strstr(buff, "SReclaimable: "); |
||||
- if (b) |
||||
- sscanf(b, "SReclaimable: %lu", &sreclaimable); |
||||
first = 0; |
||||
|
||||
|
@ -0,0 +1,48 @@
@@ -0,0 +1,48 @@
|
||||
diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def |
||||
index 90b20d9..bd5abe1 100644 |
||||
--- a/man/netsnmp_config_api.3.def |
||||
+++ b/man/netsnmp_config_api.3.def |
||||
@@ -295,7 +295,7 @@ for one particular machine. |
||||
.PP |
||||
The default list of directories to search is \fC SYSCONFDIR/snmp\fP, |
||||
followed by \fC DATADIR/snmp\fP, |
||||
-followed by \fC LIBDIR/snmp\fP, |
||||
+followed by \fC /usr/lib(64)/snmp\fP, |
||||
followed by \fC $HOME/.snmp\fP. |
||||
This list can be changed by setting the environmental variable |
||||
.I SNMPCONFPATH |
||||
@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration |
||||
files in. |
||||
Default: |
||||
.br |
||||
-SYSCONFDIR/snmp:\:DATADIR/snmp:\:LIBDIR/snmp:\:$HOME/.snmp |
||||
+SYSCONFDIR/snmp:\:DATADIR/snmp:\:/usr/lib(64)/snmp:\:$HOME/.snmp |
||||
.SH "SEE ALSO" |
||||
netsnmp_mib_api(3), snmp_api(3) |
||||
.\" Local Variables: |
||||
diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def |
||||
index fd30873..c3437d6 100644 |
||||
--- a/man/snmp_config.5.def |
||||
+++ b/man/snmp_config.5.def |
||||
@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be |
||||
found and read from. By default, the applications look for |
||||
configuration files in the following 4 directories, in order: |
||||
SYSCONFDIR/snmp, |
||||
-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these |
||||
+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these |
||||
directories, it looks for files snmp.conf, snmpd.conf and/or |
||||
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf |
||||
and/or snmptrapd.local.conf. *.local.conf are always |
||||
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def |
||||
index 7ce8a46..a4000f9 100644 |
||||
--- a/man/snmpd.conf.5.def |
||||
+++ b/man/snmpd.conf.5.def |
||||
@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR. |
||||
.RS |
||||
.IP "Note:" |
||||
If the specified PATH is not a fully qualified filename, it will |
||||
-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR |
||||
+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR |
||||
will be appended to the filename. |
||||
.RE |
||||
.PP |
@ -0,0 +1,84 @@
@@ -0,0 +1,84 @@
|
||||
diff -urNp a/include/net-snmp/library/snmp_openssl.h b/include/net-snmp/library/snmp_openssl.h |
||||
--- a/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:55:39.829901038 +0200 |
||||
+++ b/include/net-snmp/library/snmp_openssl.h 2021-09-15 07:56:18.656412998 +0200 |
||||
@@ -44,7 +44,6 @@ extern "C" { |
||||
/* |
||||
* misc |
||||
*/ |
||||
- void netsnmp_openssl_err_log(const char *prefix); |
||||
void netsnmp_openssl_null_checks(SSL *ssl, int *nullAuth, int *nullCipher); |
||||
|
||||
/* |
||||
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c |
||||
--- a/snmplib/snmp_openssl.c 2021-09-15 07:55:39.785900458 +0200 |
||||
+++ b/snmplib/snmp_openssl.c 2021-09-15 07:57:30.914417600 +0200 |
||||
@@ -937,20 +937,6 @@ netsnmp_openssl_cert_issued_by(X509 *iss |
||||
return (X509_check_issued(issuer, cert) == X509_V_OK); |
||||
} |
||||
|
||||
- |
||||
-#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG |
||||
-void |
||||
-netsnmp_openssl_err_log(const char *prefix) |
||||
-{ |
||||
- unsigned long err; |
||||
- for (err = ERR_get_error(); err; err = ERR_get_error()) { |
||||
- snmp_log(LOG_ERR,"%s: %ld\n", prefix ? prefix: "openssl error", err); |
||||
- snmp_log(LOG_ERR, "library=%d, function=%d, reason=%d\n", |
||||
- ERR_GET_LIB(err), ERR_GET_FUNC(err), ERR_GET_REASON(err)); |
||||
- } |
||||
-} |
||||
-#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG */ |
||||
- |
||||
void |
||||
netsnmp_openssl_null_checks(SSL *ssl, int *null_auth, int *null_cipher) |
||||
{ |
||||
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c |
||||
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-05-18 11:15:09.247472175 +0200 |
||||
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-05-24 09:39:29.297494727 +0200 |
||||
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util); |
||||
|
||||
int openssl_local_index; |
||||
|
||||
-#ifndef HAVE_ERR_GET_ERROR_ALL |
||||
-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */ |
||||
-static unsigned long ERR_get_error_all(const char **file, int *line, |
||||
- const char **func, |
||||
- const char **data, int *flags) |
||||
-{ |
||||
- *func = NULL; |
||||
- return ERR_get_error_line_data(file, line, data, flags); |
||||
-} |
||||
-#endif |
||||
- |
||||
/* this is called during negotiation */ |
||||
int verify_callback(int ok, X509_STORE_CTX *ctx) { |
||||
int err, depth; |
||||
@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con |
||||
ERR_reason_error_string(ERR_get_error())); |
||||
|
||||
} |
||||
- |
||||
- /* other errors */ |
||||
- while ((numerical_reason = |
||||
- ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) { |
||||
- snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n", |
||||
- ERR_error_string(numerical_reason, NULL), file, func, line); |
||||
- |
||||
- /* if we have a text translation: */ |
||||
- if (data && (flags & ERR_TXT_STRING)) { |
||||
- snmp_log(LOG_ERR, " Textual Error: %s\n", data); |
||||
- /* |
||||
- * per openssl man page: If it has been allocated by |
||||
- * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true. |
||||
- * |
||||
- * arggh... stupid openssl prototype for ERR_get_error_line_data |
||||
- * wants a const char **, but returns something that we might |
||||
- * need to free?? |
||||
- */ |
||||
- if (flags & ERR_TXT_MALLOCED) |
||||
- OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); } |
||||
- } |
||||
|
||||
snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n"); |
||||
} |
@ -0,0 +1,26 @@
@@ -0,0 +1,26 @@
|
||||
diff --git a/agent/Makefile.in b/agent/Makefile.in |
||||
index b5d692d..1a30209 100644 |
||||
--- a/agent/Makefile.in |
||||
+++ b/agent/Makefile.in |
||||
@@ -297,7 +297,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c |
||||
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? |
||||
|
||||
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) |
||||
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} |
||||
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} |
||||
|
||||
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS) |
||||
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@ |
||||
diff --git a/apps/Makefile.in b/apps/Makefile.in |
||||
index 43f3b9c..d4529d3 100644 |
||||
--- a/apps/Makefile.in |
||||
+++ b/apps/Makefile.in |
||||
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS) |
||||
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS} |
||||
|
||||
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS) |
||||
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS} |
||||
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS} |
||||
|
||||
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS) |
||||
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS} |
@ -0,0 +1,38 @@
@@ -0,0 +1,38 @@
|
||||
diff --git a/Makefile.in b/Makefile.in |
||||
index 912f6b2..862fb5f 100644 |
||||
--- a/Makefile.in |
||||
+++ b/Makefile.in |
||||
@@ -227,7 +227,7 @@ perlcleanfeatures: |
||||
|
||||
# python specific build rules |
||||
# |
||||
-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS) |
||||
+PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS) |
||||
pythonmodules: subdirs |
||||
@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \ |
||||
if test $$? != 0 ; then \ |
||||
diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py |
||||
index daf11a4..3a30a64 100644 |
||||
--- a/python/netsnmp/client.py |
||||
+++ b/python/netsnmp/client.py |
||||
@@ -56,7 +56,7 @@ class Varbind(object): |
||||
def __init__(self, tag=None, iid=None, val=None, type_arg=None): |
||||
self.tag = STR(tag) |
||||
self.iid = STR(iid) |
||||
- self.val = STR(val) |
||||
+ self.val = val |
||||
self.type = STR(type_arg) |
||||
# parse iid out of tag if needed |
||||
if iid is None and tag is not None: |
||||
@@ -66,7 +66,10 @@ class Varbind(object): |
||||
(self.tag, self.iid) = match.group(1, 2) |
||||
|
||||
def __setattr__(self, name, val): |
||||
- self.__dict__[name] = STR(val) |
||||
+ if name == 'val': |
||||
+ self.__dict__[name] = val |
||||
+ else: |
||||
+ self.__dict__[name] = STR(val) |
||||
|
||||
def __str__(self): |
||||
return obj_to_str(self) |
@ -0,0 +1,110 @@
@@ -0,0 +1,110 @@
|
||||
diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple |
||||
index 6c07f74..7df0b51 100644 |
||||
--- a/testing/fulltests/default/T070com2sec_simple |
||||
+++ b/testing/fulltests/default/T070com2sec_simple |
||||
@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"' |
||||
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies |
||||
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies |
||||
|
||||
-if false; then |
||||
- # The two tests below have been disabled because these rely on resolving a |
||||
- # domain name into a local IP address. Such DNS replies are filtered out by |
||||
- # many security devices because to avoid DNS rebinding attacks. See also |
||||
- # https://en.wikipedia.org/wiki/DNS_rebinding. |
||||
- |
||||
- CHECKAGENT '<"c408a"' |
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then |
||||
- CHECKAGENT 'line 32: Error:' |
||||
- if [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
- return_value=1 |
||||
- FINISHED |
||||
- fi |
||||
- elif [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
+FINISHED |
||||
+ |
||||
+# don't test the rest, it depends on DNS, which is not available in Koji |
||||
+ |
||||
+CHECKAGENT '<"c408a"' |
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then |
||||
+ CHECKAGENT 'line 32: Error:' |
||||
+ if [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
return_value=1 |
||||
FINISHED |
||||
fi |
||||
+elif [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
+ return_value=1 |
||||
+ FINISHED |
||||
+fi |
||||
|
||||
- CHECKAGENT '<"c408b"' |
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then |
||||
- CHECKAGENT 'line 33: Error:' |
||||
- if [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
- return_value=1 |
||||
- fi |
||||
- elif [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
+CHECKAGENT '<"c408b"' |
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then |
||||
+ CHECKAGENT 'line 33: Error:' |
||||
+ if [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
return_value=1 |
||||
fi |
||||
- |
||||
+elif [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
+ return_value=1 |
||||
fi |
||||
|
||||
FINISHED |
||||
diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple |
||||
index 76da70b..bc2d432 100644 |
||||
--- a/testing/fulltests/default/T071com2sec6_simple |
||||
+++ b/testing/fulltests/default/T071com2sec6_simple |
||||
@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff |
||||
SAVECHECKAGENT 'line 27: Error:' |
||||
SAVECHECKAGENT 'line 28: Error:' |
||||
|
||||
-if false; then |
||||
- # The two tests below have been disabled because these rely on resolving a |
||||
- # domain name into a local IP address. Such DNS replies are filtered out by |
||||
- # many security devices because to avoid DNS rebinding attacks. See also |
||||
- # https://en.wikipedia.org/wiki/DNS_rebinding. |
||||
- |
||||
- # 608 |
||||
- CHECKAGENT '<"c608a"' |
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then |
||||
- CHECKAGENT 'line 29: Error:' |
||||
- errnum=`expr $errnum - 1` |
||||
- if [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
- FINISHED |
||||
- fi |
||||
- elif [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
+FINISHED |
||||
+ |
||||
+# don't test the rest, it depends on DNS, which is not available in Koji |
||||
+ |
||||
+# 608 |
||||
+CHECKAGENT '<"c608a"' |
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then |
||||
+ CHECKAGENT 'line 29: Error:' |
||||
+ errnum=`expr $errnum - 1` |
||||
+ if [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
FINISHED |
||||
fi |
||||
+elif [ "$snmp_last_test_result" -ne 1 ] ; then |
||||
+ FINISHED |
||||
+fi |
||||
|
||||
- CHECKAGENTCOUNT atleastone '<"c608b"' |
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then |
||||
- CHECKAGENT 'line 30: Error:' |
||||
- if [ "$snmp_last_test_result" -eq 1 ] ; then |
||||
- errnum=`expr $errnum - 1` |
||||
- fi |
||||
+CHECKAGENTCOUNT atleastone '<"c608b"' |
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then |
||||
+ CHECKAGENT 'line 30: Error:' |
||||
+ if [ "$snmp_last_test_result" -eq 1 ] ; then |
||||
+ errnum=`expr $errnum - 1` |
||||
fi |
||||
fi |
||||
|
@ -0,0 +1,16 @@
@@ -0,0 +1,16 @@
|
||||
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c |
||||
index e6f5b20..41a5e01 100644 |
||||
--- a/snmplib/transports/snmpUDPIPv6Domain.c |
||||
+++ b/snmplib/transports/snmpUDPIPv6Domain.c |
||||
@@ -34,6 +34,11 @@ |
||||
#if HAVE_SYS_SOCKET_H |
||||
#include <sys/socket.h> |
||||
#endif |
||||
+ |
||||
+#if defined(HAVE_WINSOCK_H) && !defined(mingw32) |
||||
+static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; |
||||
+#endif |
||||
+ |
||||
#if HAVE_NETINET_IN_H |
||||
#include <netinet/in.h> |
||||
#endif |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff --git a/agent/snmpd.c b/agent/snmpd.c |
||||
index ae73eda..f01b890 100644 |
||||
--- a/agent/snmpd.c |
||||
+++ b/agent/snmpd.c |
||||
@@ -289,6 +289,7 @@ usage(char *prog) |
||||
" -S d|i|0-7\t\tuse -Ls <facility> instead\n" |
||||
"\n" |
||||
); |
||||
+ exit(1); |
||||
} |
||||
|
||||
static void |
@ -0,0 +1,60 @@
@@ -0,0 +1,60 @@
|
||||
From 8c1dad23301692799749d75a3c039b8ae7c07f8e Mon Sep 17 00:00:00 2001 |
||||
From: Bart Van Assche <bvanassche@acm.org> |
||||
Date: Wed, 9 Jun 2021 14:19:46 -0700 |
||||
Subject: [PATCH] Python: Fix snmpwalk with UseNumeric=1 |
||||
|
||||
Fixes: c744be5ffed6 ("Python: Introduce build_python_varbind()") |
||||
Fixes: https://github.com/net-snmp/net-snmp/issues/303 |
||||
--- |
||||
python/netsnmp/client_intf.c | 9 ++++----- |
||||
1 file changed, 4 insertions(+), 5 deletions(-) |
||||
|
||||
diff --git a/python/netsnmp/client_intf.c b/python/netsnmp/client_intf.c |
||||
index e5e7372303..94da39fe34 100644 |
||||
--- a/python/netsnmp/client_intf.c |
||||
+++ b/python/netsnmp/client_intf.c |
||||
@@ -1316,7 +1316,7 @@ netsnmp_delete_session(PyObject *self, PyObject *args) |
||||
|
||||
static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars, |
||||
int varlist_ind, int sprintval_flag, int *len, |
||||
- char **str_buf) |
||||
+ char **str_buf, int getlabel_flag) |
||||
{ |
||||
struct tree *tp; |
||||
int type; |
||||
@@ -1326,7 +1326,6 @@ static int build_python_varbind(PyObject *varbind, netsnmp_variable_list *vars, |
||||
int buf_over = 0; |
||||
const char *tag; |
||||
const char *iid; |
||||
- int getlabel_flag = NO_FLAGS; |
||||
|
||||
if (!PyObject_HasAttrString(varbind, "tag")) |
||||
return TYPE_OTHER; |
||||
@@ -1523,7 +1522,7 @@ netsnmp_get_or_getnext(PyObject *self, PyObject *args, int pdu_type, |
||||
|
||||
varbind = PySequence_GetItem(varlist, varlist_ind); |
||||
type = build_python_varbind(varbind, vars, varlist_ind, sprintval_flag, |
||||
- &len, &str_buf); |
||||
+ &len, &str_buf, getlabel_flag); |
||||
if (type != TYPE_OTHER) { |
||||
/* save in return tuple as well */ |
||||
if ((type == SNMP_ENDOFMIBVIEW) || |
||||
@@ -1832,7 +1831,7 @@ netsnmp_walk(PyObject *self, PyObject *args) |
||||
|
||||
varbind = py_netsnmp_construct_varbind(); |
||||
if (varbind && build_python_varbind(varbind, vars, varlist_ind, |
||||
- sprintval_flag, &len, &str_buf) != |
||||
+ sprintval_flag, &len, &str_buf, getlabel_flag) != |
||||
TYPE_OTHER) { |
||||
const int hex = is_hex(str_buf, len); |
||||
|
||||
@@ -2055,7 +2054,7 @@ netsnmp_getbulk(PyObject *self, PyObject *args) |
||||
|
||||
varbind = py_netsnmp_construct_varbind(); |
||||
if (varbind && build_python_varbind(varbind, vars, varbind_ind, |
||||
- sprintval_flag, &len, &str_buf) != TYPE_OTHER) { |
||||
+ sprintval_flag, &len, &str_buf, getlabel_flag) != TYPE_OTHER) { |
||||
const int hex = is_hex(str_buf, len); |
||||
|
||||
/* push varbind onto varbinds */ |
||||
|
@ -0,0 +1,62 @@
@@ -0,0 +1,62 @@
|
||||
#!/bin/sh |
||||
# |
||||
# net-snmp-config |
||||
# |
||||
# this shell script is designed to merely dump the configuration |
||||
# information about how the net-snmp package was compiled. The |
||||
# information is particularily useful for applications that need to |
||||
# link against the net-snmp libraries and hence must know about any |
||||
# other libraries that must be linked in as well. |
||||
|
||||
# this particular shell script calls arch specific script to avoid |
||||
# multilib conflicts |
||||
|
||||
# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha sparc sparc64 |
||||
|
||||
arch=`arch` |
||||
echo $arch | grep -q i.86 |
||||
if [ $? -eq 0 ] ; then |
||||
net-snmp-config-i386 "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "ia64" ] ; then |
||||
net-snmp-config-ia64 "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "ppc" ] ; then |
||||
net-snmp-config-ppc "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "ppc64" ] ; then |
||||
net-snmp-config-ppc64 "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "s390" ] ; then |
||||
net-snmp-config-s390 "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "s390x" ] ; then |
||||
net-snmp-config-s390x "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "x86_64" ] ; then |
||||
net-snmp-config-x86_64 "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "alpha" ] ; then |
||||
net-snmp-config-alpha "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "sparc" ] ; then |
||||
net-snmp-config-sparc "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "sparc64" ] ; then |
||||
net-snmp-config-sparc64 "$@" |
||||
exit 0 |
||||
fi |
||||
if [ "$arch" = "aarch64" ] ; then |
||||
net-snmp-config-aarch64 "$@" |
||||
exit 0 |
||||
fi |
||||
echo "Cannot determine architecture" |
@ -0,0 +1,38 @@
@@ -0,0 +1,38 @@
|
||||
/* This file is here to prevent a file conflict on multiarch systems. A |
||||
* conflict will frequently occur because arch-specific build-time |
||||
* configuration options are stored (and used, so they can't just be stripped |
||||
* out) in net-snmp-config.h. The original net-snmp-config.h has been renamed. |
||||
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ |
||||
|
||||
#ifdef net_snmp_config_multilib_redirection_h |
||||
#error "Do not define net_snmp_config_multilib_redirection_h!" |
||||
#endif |
||||
#define net_snmp_config_multilib_redirection_h |
||||
|
||||
#if defined(__i386__) |
||||
#include "net-snmp-config-i386.h" |
||||
#elif defined(__ia64__) |
||||
#include "net-snmp-config-ia64.h" |
||||
#elif defined(__powerpc64__) |
||||
#include "net-snmp-config-ppc64.h" |
||||
#elif defined(__powerpc__) |
||||
#include "net-snmp-config-ppc.h" |
||||
#elif defined(__s390x__) |
||||
#include "net-snmp-config-s390x.h" |
||||
#elif defined(__s390__) |
||||
#include "net-snmp-config-s390.h" |
||||
#elif defined(__x86_64__) |
||||
#include "net-snmp-config-x86_64.h" |
||||
#elif defined(__alpha__) |
||||
#include "net-snmp-config-alpha.h" |
||||
#elif defined(__sparc__) && defined (__arch64__) |
||||
#include "net-snmp-config-sparc64.h" |
||||
#elif defined(__sparc__) |
||||
#include "net-snmp-config-sparc.h" |
||||
#elif defined(__aarch64__) |
||||
#include "net-snmp-config-aarch64.h" |
||||
#else |
||||
#error "net-snmp-devel package does not work on your architecture" |
||||
#endif |
||||
|
||||
#undef net_snmp_config_multilib_redirection_h |
@ -0,0 +1 @@
@@ -0,0 +1 @@
|
||||
d /run/net-snmp 0755 root root |
@ -0,0 +1,6 @@
@@ -0,0 +1,6 @@
|
||||
# Example configuration file for snmptrapd |
||||
# |
||||
# No traps are handled by default, you must edit this file! |
||||
# |
||||
# authCommunity log,execute,net public |
||||
# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold |
@ -0,0 +1,462 @@
@@ -0,0 +1,462 @@
|
||||
############################################################################### |
||||
# |
||||
# snmpd.conf: |
||||
# An example configuration file for configuring the ucd-snmp snmpd agent. |
||||
# |
||||
############################################################################### |
||||
# |
||||
# This file is intended to only be as a starting point. Many more |
||||
# configuration directives exist than are mentioned in this file. For |
||||
# full details, see the snmpd.conf(5) manual page. |
||||
# |
||||
# All lines beginning with a '#' are comments and are intended for you |
||||
# to read. All other lines are configuration commands for the agent. |
||||
|
||||
############################################################################### |
||||
# Access Control |
||||
############################################################################### |
||||
|
||||
# As shipped, the snmpd demon will only respond to queries on the |
||||
# system mib group until this file is replaced or modified for |
||||
# security purposes. Examples are shown below about how to increase the |
||||
# level of access. |
||||
|
||||
# By far, the most common question I get about the agent is "why won't |
||||
# it work?", when really it should be "how do I configure the agent to |
||||
# allow me to access it?" |
||||
# |
||||
# By default, the agent responds to the "public" community for read |
||||
# only access, if run out of the box without any configuration file in |
||||
# place. The following examples show you other ways of configuring |
||||
# the agent so that you can change the community names, and give |
||||
# yourself write access to the mib tree as well. |
||||
# |
||||
# For more information, read the FAQ as well as the snmpd.conf(5) |
||||
# manual page. |
||||
|
||||
#### |
||||
# First, map the community name "public" into a "security name" |
||||
|
||||
# sec.name source community |
||||
com2sec notConfigUser default public |
||||
|
||||
#### |
||||
# Second, map the security name into a group name: |
||||
|
||||
# groupName securityModel securityName |
||||
group notConfigGroup v1 notConfigUser |
||||
group notConfigGroup v2c notConfigUser |
||||
|
||||
#### |
||||
# Third, create a view for us to let the group have rights to: |
||||
|
||||
# Make at least snmpwalk -v 1 localhost -c public system fast again. |
||||
# name incl/excl subtree mask(optional) |
||||
view systemview included .1.3.6.1.2.1.1 |
||||
view systemview included .1.3.6.1.2.1.25.1.1 |
||||
|
||||
#### |
||||
# Finally, grant the group read-only access to the systemview view. |
||||
|
||||
# group context sec.model sec.level prefix read write notif |
||||
access notConfigGroup "" any noauth exact systemview none none |
||||
|
||||
# ----------------------------------------------------------------------------- |
||||
|
||||
# Here is a commented out example configuration that allows less |
||||
# restrictive access. |
||||
|
||||
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY |
||||
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO |
||||
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. |
||||
|
||||
## sec.name source community |
||||
#com2sec local localhost COMMUNITY |
||||
#com2sec mynetwork NETWORK/24 COMMUNITY |
||||
|
||||
## group.name sec.model sec.name |
||||
#group MyRWGroup any local |
||||
#group MyROGroup any mynetwork |
||||
# |
||||
#group MyRWGroup any otherv3user |
||||
#... |
||||
|
||||
## incl/excl subtree mask |
||||
#view all included .1 80 |
||||
|
||||
## -or just the mib2 tree- |
||||
|
||||
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc |
||||
|
||||
|
||||
## context sec.model sec.level prefix read write notif |
||||
#access MyROGroup "" any noauth 0 all none none |
||||
#access MyRWGroup "" any noauth 0 all all all |
||||
|
||||
|
||||
############################################################################### |
||||
# Sample configuration to make net-snmpd RFC 1213. |
||||
# Unfortunately v1 and v2c don't allow any user based authentification, so |
||||
# opening up the default config is not an option from a security point. |
||||
# |
||||
# WARNING: If you uncomment the following lines you allow write access to your |
||||
# snmpd daemon from any source! To avoid this use different names for your |
||||
# community or split out the write access to a different community and |
||||
# restrict it to your local network. |
||||
# Also remember to comment the syslocation and syscontact parameters later as |
||||
# otherwise they are still read only (see FAQ for net-snmp). |
||||
# |
||||
|
||||
# First, map the community name "public" into a "security name" |
||||
# sec.name source community |
||||
#com2sec notConfigUser default public |
||||
|
||||
# Second, map the security name into a group name: |
||||
# groupName securityModel securityName |
||||
#group notConfigGroup v1 notConfigUser |
||||
#group notConfigGroup v2c notConfigUser |
||||
|
||||
# Third, create a view for us to let the group have rights to: |
||||
# Open up the whole tree for ro, make the RFC 1213 required ones rw. |
||||
# name incl/excl subtree mask(optional) |
||||
#view roview included .1 |
||||
#view rwview included system.sysContact |
||||
#view rwview included system.sysName |
||||
#view rwview included system.sysLocation |
||||
#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus |
||||
#view rwview included at.atTable.atEntry.atPhysAddress |
||||
#view rwview included at.atTable.atEntry.atNetAddress |
||||
#view rwview included ip.ipForwarding |
||||
#view rwview included ip.ipDefaultTTL |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1 |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2 |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3 |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4 |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask |
||||
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5 |
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex |
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress |
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress |
||||
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType |
||||
#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState |
||||
#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger |
||||
#view rwview included snmp.snmpEnableAuthenTraps |
||||
|
||||
# Finally, grant the group read-only access to the systemview view. |
||||
# group context sec.model sec.level prefix read write notif |
||||
#access notConfigGroup "" any noauth exact roview rwview none |
||||
|
||||
|
||||
|
||||
############################################################################### |
||||
# System contact information |
||||
# |
||||
|
||||
# It is also possible to set the sysContact and sysLocation system |
||||
# variables through the snmpd.conf file: |
||||
|
||||
syslocation Unknown (edit /etc/snmp/snmpd.conf) |
||||
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf) |
||||
|
||||
# Example output of snmpwalk: |
||||
# % snmpwalk -v 1 localhost -c public system |
||||
# system.sysDescr.0 = "SunOS name sun4c" |
||||
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 |
||||
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 |
||||
# system.sysContact.0 = "Me <me@somewhere.org>" |
||||
# system.sysName.0 = "name" |
||||
# system.sysLocation.0 = "Right here, right now." |
||||
# system.sysServices.0 = 72 |
||||
|
||||
|
||||
############################################################################### |
||||
# Logging |
||||
# |
||||
|
||||
# We do not want annoying "Connection from UDP: " messages in syslog. |
||||
# If the following option is commented out, snmpd will print each incoming |
||||
# connection, which can be useful for debugging. |
||||
|
||||
dontLogTCPWrappersConnects yes |
||||
|
||||
# ----------------------------------------------------------------------------- |
||||
|
||||
|
||||
############################################################################### |
||||
# Process checks. |
||||
# |
||||
# The following are examples of how to use the agent to check for |
||||
# processes running on the host. The syntax looks something like: |
||||
# |
||||
# proc NAME [MAX=0] [MIN=0] |
||||
# |
||||
# NAME: the name of the process to check for. It must match |
||||
# exactly (ie, http will not find httpd processes). |
||||
# MAX: the maximum number allowed to be running. Defaults to 0. |
||||
# MIN: the minimum number to be running. Defaults to 0. |
||||
|
||||
# |
||||
# Examples (commented out by default): |
||||
# |
||||
|
||||
# Make sure mountd is running |
||||
#proc mountd |
||||
|
||||
# Make sure there are no more than 4 ntalkds running, but 0 is ok too. |
||||
#proc ntalkd 4 |
||||
|
||||
# Make sure at least one sendmail, but less than or equal to 10 are running. |
||||
#proc sendmail 10 1 |
||||
|
||||
# A snmpwalk of the process mib tree would look something like this: |
||||
# |
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2 |
||||
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 |
||||
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 |
||||
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 |
||||
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" |
||||
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" |
||||
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" |
||||
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 |
||||
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 |
||||
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 |
||||
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 |
||||
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 |
||||
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 |
||||
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 |
||||
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 |
||||
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 |
||||
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 |
||||
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 |
||||
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 |
||||
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." |
||||
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" |
||||
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" |
||||
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 |
||||
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 |
||||
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 |
||||
# |
||||
# Note that the errorFlag for mountd is set to 1 because one is not |
||||
# running (in this case an rpc.mountd is, but thats not good enough), |
||||
# and the ErrMessage tells you what's wrong. The configuration |
||||
# imposed in the snmpd.conf file is also shown. |
||||
# |
||||
# Special Case: When the min and max numbers are both 0, it assumes |
||||
# you want a max of infinity and a min of 1. |
||||
# |
||||
|
||||
|
||||
# ----------------------------------------------------------------------------- |
||||
|
||||
|
||||
############################################################################### |
||||
# Executables/scripts |
||||
# |
||||
|
||||
# |
||||
# You can also have programs run by the agent that return a single |
||||
# line of output and an exit code. Here are two examples. |
||||
# |
||||
# exec NAME PROGRAM [ARGS ...] |
||||
# |
||||
# NAME: A generic name. The name must be unique for each exec statement. |
||||
# PROGRAM: The program to run. Include the path! |
||||
# ARGS: optional arguments to be passed to the program |
||||
|
||||
# a simple hello world |
||||
|
||||
#exec echotest /bin/echo hello world |
||||
|
||||
# Run a shell script containing: |
||||
# |
||||
# #!/bin/sh |
||||
# echo hello world |
||||
# echo hi there |
||||
# exit 35 |
||||
# |
||||
# Note: this has been specifically commented out to prevent |
||||
# accidental security holes due to someone else on your system writing |
||||
# a /tmp/shtest before you do. Uncomment to use it. |
||||
# |
||||
#exec shelltest /bin/sh /tmp/shtest |
||||
|
||||
# Then, |
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8 |
||||
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 |
||||
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 |
||||
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" |
||||
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" |
||||
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" |
||||
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" |
||||
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 |
||||
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 |
||||
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." |
||||
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." |
||||
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 |
||||
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 |
||||
|
||||
# Note that the second line of the /tmp/shtest shell script is cut |
||||
# off. Also note that the exit status of 35 was returned. |
||||
|
||||
# ----------------------------------------------------------------------------- |
||||
|
||||
|
||||
############################################################################### |
||||
# disk checks |
||||
# |
||||
|
||||
# The agent can check the amount of available disk space, and make |
||||
# sure it is above a set limit. |
||||
|
||||
# disk PATH [MIN=100000] |
||||
# |
||||
# PATH: mount path to the disk in question. |
||||
# MIN: Disks with space below this value will have the Mib's errorFlag set. |
||||
# Default value = 100000. |
||||
|
||||
# Check the / partition and make sure it contains at least 10 megs. |
||||
|
||||
#disk / 10000 |
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9 |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 |
||||
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" |
||||
|
||||
# ----------------------------------------------------------------------------- |
||||
|
||||
|
||||
############################################################################### |
||||
# load average checks |
||||
# |
||||
|
||||
# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0] |
||||
# |
||||
# 1MAX: If the 1 minute load average is above this limit at query |
||||
# time, the errorFlag will be set. |
||||
# 5MAX: Similar, but for 5 min average. |
||||
# 15MAX: Similar, but for 15 min average. |
||||
|
||||
# Check for loads: |
||||
#load 12 14 14 |
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" |
||||
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" |
||||
|
||||
# ----------------------------------------------------------------------------- |
||||
|
||||
|
||||
############################################################################### |
||||
# Extensible sections. |
||||
# |
||||
|
||||
# This alleviates the multiple line output problem found in the |
||||
# previous executable mib by placing each mib in its own mib table: |
||||
|
||||
# Run a shell script containing: |
||||
# |
||||
# #!/bin/sh |
||||
# echo hello world |
||||
# echo hi there |
||||
# exit 35 |
||||
# |
||||
# Note: this has been specifically commented out to prevent |
||||
# accidental security holes due to someone else on your system writing |
||||
# a /tmp/shtest before you do. Uncomment to use it. |
||||
# |
||||
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest |
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50 |
||||
# enterprises.ucdavis.50.1.1 = 1 |
||||
# enterprises.ucdavis.50.2.1 = "shelltest" |
||||
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" |
||||
# enterprises.ucdavis.50.100.1 = 35 |
||||
# enterprises.ucdavis.50.101.1 = "hello world." |
||||
# enterprises.ucdavis.50.101.2 = "hi there." |
||||
# enterprises.ucdavis.50.102.1 = 0 |
||||
|
||||
# Now the Output has grown to two lines, and we can see the 'hi |
||||
# there.' output as the second line from our shell script. |
||||
# |
||||
# Note that you must alter the mib.txt file to be correct if you want |
||||
# the .50.* outputs above to change to reasonable text descriptions. |
||||
|
||||
# Other ideas: |
||||
# |
||||
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps |
||||
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top |
||||
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq |
||||
|
||||
# ----------------------------------------------------------------------------- |
||||
|
||||
|
||||
############################################################################### |
||||
# Pass through control. |
||||
# |
||||
|
||||
# Usage: |
||||
# pass MIBOID EXEC-COMMAND |
||||
# |
||||
# This will pass total control of the mib underneath the MIBOID |
||||
# portion of the mib to the EXEC-COMMAND. |
||||
# |
||||
# Note: You'll have to change the path of the passtest script to your |
||||
# source directory or install it in the given location. |
||||
# |
||||
# Example: (see the script for details) |
||||
# (commented out here since it requires that you place the |
||||
# script in the right location. (its not installed by default)) |
||||
|
||||
# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest |
||||
|
||||
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255 |
||||
# enterprises.ucdavis.255.1 = "life the universe and everything" |
||||
# enterprises.ucdavis.255.2.1 = 42 |
||||
# enterprises.ucdavis.255.2.2 = OID: 42.42.42 |
||||
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 |
||||
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 |
||||
# enterprises.ucdavis.255.5 = 42 |
||||
# enterprises.ucdavis.255.6 = Gauge: 42 |
||||
# |
||||
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5 |
||||
# enterprises.ucdavis.255.5 = 42 |
||||
# |
||||
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string" |
||||
# enterprises.ucdavis.255.1 = "New string" |
||||
# |
||||
|
||||
# For specific usage information, see the man/snmpd.conf.5 manual page |
||||
# as well as the local/passtest script used in the above example. |
||||
|
||||
############################################################################### |
||||
# Further Information |
||||
# |
||||
# See the snmpd.conf manual page, and the output of "snmpd -H". |
@ -0,0 +1,3 @@
@@ -0,0 +1,3 @@
|
||||
# snmpd command line options |
||||
# '-f' is implicitly added by snmpd systemd unit file |
||||
# OPTIONS="-LS0-6d" |
@ -0,0 +1,3 @@
@@ -0,0 +1,3 @@
|
||||
# snmptrapd command line options |
||||
# '-f' is implicitly added by snmptrapd systemd unit file |
||||
# OPTIONS="-Lsd" |
@ -0,0 +1,13 @@
@@ -0,0 +1,13 @@
|
||||
[Unit] |
||||
Description=Simple Network Management Protocol (SNMP) Daemon. |
||||
After=syslog.target network-online.target |
||||
|
||||
[Service] |
||||
Type=notify |
||||
Environment=OPTIONS="-LS0-6d" |
||||
EnvironmentFile=-/etc/sysconfig/snmpd |
||||
ExecStart=/usr/sbin/snmpd $OPTIONS -f |
||||
ExecReload=/bin/kill -HUP $MAINPID |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,13 @@
@@ -0,0 +1,13 @@
|
||||
[Unit] |
||||
Description=Simple Network Management Protocol (SNMP) Trap Daemon. |
||||
After=syslog.target network-online.target |
||||
|
||||
[Service] |
||||
Type=notify |
||||
Environment=OPTIONS="-Lsd" |
||||
EnvironmentFile=-/etc/sysconfig/snmptrapd |
||||
ExecStart=/usr/sbin/snmptrapd $OPTIONS -f |
||||
ExecReload=/bin/kill -HUP $MAINPID |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
Loading…
Reference in new issue