[erlang-questions] snmp vacm.conf erronous behaviour

Grasl Christoph <>
Thu Jan 22 12:24:45 CET 2009


hi OTP-team!

erronous behaviour report:

If 'any' is used for the  'SecModel' in the 'vacm.conf' in the 'vacmSecurityToGroup' declaration 

the snmp framework returns a error with the reason 'noGroupName'. It seems to be that there's a 
conflict with 
the  'SecName' when the agent is only configured for v1 and v2c and 'any' is used 
as value for 'SecModel'. 

EXAMPLE: 

[community.conf]

{"1", "public", "secName", "", ""}.
{"2", "all-rights", "all-rights", "", ""}.
{"3", "standard trap", "initial", "", ""}.

[vacm.conf]

doesn't work:

{vacmSecurityToGroup, any, "secName", "group1"}.
{vacmSecurityToGroup, any, "secName", "group2"}.
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.

does work: 

{vacmSecurityToGroup, v1, "secName", "group1"}. 
{vacmSecurityToGroup, v2c, "secName", "group1"}.
{vacmSecurityToGroup, v1, "all-rights", "group2"}.  
{vacmSecurityToGroup, v2c, "all-rights", "group2"}.                    
{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.

also: 

The documentation under 

http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm

states that the value for 'ViewIndex' in the 'vacmViewTreeFamily' declaration is an integer.

Is this a documentation error (the 'vacmViewTreeFamily' declaration could never match the 'VIEWs' this way) 
or does the mentioned data-type relate to the internal representation in the db? 

EXAMPLE (with an obvious result..): 

[vacm.conf]

%% {vacmSecurityToGroup, SecModel, SecurityName, GroupName}.
%% {vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.
%% {vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.

{vacmSecurityToGroup, v1, "secName", "group_1"}.
{vacmSecurityToGroup, v2c, "secName", "group_1"}.
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.         
{vacmViewTreeFamily, 23, [1,3,6,1,2,1,1], included, null}.

RESULT: 

=ERROR REPORT==== 22-Jan-2009::12:09:02 ===

** Configuration error: [VIEW-BASED-ACM-MIB]: reconfigure failed: {failed_check, 
                                                                   "/opt/app/data/snmp/vacm.conf",
                                                                   25,26,
                                                                   {invalid_string,
                                                                    23}}

02.637'751 "."** exception exit: {noproc,
                       {gen_server,call,
                           [snmp_master_agent,
                            {load_mibs,
                                ["/opt/app/data/snmp/KEYTRONIX-CHRONOS-MIB"]},
                            infinity]}}
     in function  gen_server:call/3
     in call from snmp_handler:start/1

does work:

{vacmSecurityToGroup, v1, "secName", "group_1"}.
{vacmSecurityToGroup, v2c, "secName", "group_1"}.
{vacmSecurityToGroup, v1, "all-rights", "group_1"}.
{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.
{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.
{vacmViewTreeFamily,"sys", [1,3,6,1,2,1,1], included, null}.

all the best,

Christoph Grasl
Embedded Software Entwickler

KEYTRONIX
Gesellschaft für industrielle Elektronik und Informationstechnologie mbH

Ungargasse 64-66/1/109
A-1030 WIEN

E-Mail: 
Tel.: +43 (1) 718 06 60 - 323
Mobil: +43 (664) 8556456
WWW: http://www.keytronix.com

HG Wien FN 261131t

Confidentiality Notice:
This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email.



If 'any' is used for the  'SecModel' in the 'vacm.conf' in the 'vacmSecurityToGroup' declaration 

the snmp framework returns a error with the reason 'noGroupName'. It seems to be that there's a 
conflict with 
the  'SecName' when the agent is only configured for v1 and v2c and 'any' is used 
as value for 'SecModel'. 



EXAMPLE: 



[community.conf]



{"1", "public", "secName", "", ""}.

{"2", "all-rights", "all-rights", "", ""}.

{"3", "standard trap", "initial", "", ""}.



[vacm.conf]



doesn't work:



{vacmSecurityToGroup, any, "secName", "group1"}.

{vacmSecurityToGroup, any, "secName", "group2"}.

{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.

{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.

{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.



does work: 



{vacmSecurityToGroup, v1, "secName", "group1"}. 

{vacmSecurityToGroup, v2c, "secName", "group1"}.

{vacmSecurityToGroup, v1, "all-rights", "group2"}.  

{vacmSecurityToGroup, v2c, "all-rights", "group2"}.                    

{vacmAccess, "group1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.

{vacmAccess, "group2", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.

{vacmViewTreeFamily, "sys", [1,3,6,1,2,1,1], included, null}.

also: 

The documentation under 

http://erlang.org/doc/apps/snmp/snmp_agent_config_files.html#vacm

states that the value for 'ViewIndex' in the 'vacmViewTreeFamily' declaration is an integer.

Is this a documentation error (the 'vacmViewTreeFamily' declaration could never match the 'VIEWs' this way) 
or does the mentioned data-type relate to the internal representation in the db? 

EXAMPLE (with an obvious result..): 



[vacm.conf]


%% {vacmSecurityToGroup, SecModel, SecurityName, GroupName}.
%% {vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.
%% {vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.

{vacmSecurityToGroup, v1, "secName", "group_1"}.

{vacmSecurityToGroup, v2c, "secName", "group_1"}.

{vacmSecurityToGroup, v1, "all-rights", "group_1"}.

{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.

{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.         

{vacmViewTreeFamily, 23, [1,3,6,1,2,1,1], included, null}.

RESULT: 

=ERROR REPORT==== 22-Jan-2009::12:09:02 ===

** Configuration error: [VIEW-BASED-ACM-MIB]: reconfigure failed: {failed_check, 

                                                                   "/opt/app/data/snmp/vacm.conf",

                                                                   25,26,

                                                                   {invalid_string,

                                                                    23}}

02.637'751 "."** exception exit: {noproc,

                       {gen_server,call,

                           [snmp_master_agent,

                            {load_mibs,

                                ["/opt/app/data/snmp/KEYTRONIX-CHRONOS-MIB"]},

                            infinity]}}

     in function  gen_server:call/3

     in call from snmp_handler:start/1


does work:

{vacmSecurityToGroup, v1, "secName", "group_1"}.

{vacmSecurityToGroup, v2c, "secName", "group_1"}.

{vacmSecurityToGroup, v1, "all-rights", "group_1"}.

{vacmSecurityToGroup, v2c, "all-rights", "group_1"}.

{vacmAccess, "group_1", "", any, noAuthNoPriv, exact, "sys", "sys", "sys"}.         

{vacmViewTreeFamily,"sys", [1,3,6,1,2,1,1], included, null}.

all the best,

Christoph Grasl
Embedded Software Entwickler

KEYTRONIX
Gesellschaft für industrielle Elektronik und Informationstechnologie mbH

Ungargasse 64-66/1/109
A-1030 WIEN

E-Mail: 
Tel.: +43 (1) 718 06 60 - 323
Mobil: +43 (664) 8556456
WWW: http://www.keytronix.com

HG Wien FN 261131t

Confidentiality Notice:
This message may contain privileged and confidential information. If you think, for any reason, that this message may have been addressed to you in error, you must not disseminate, copy or take any action in reliance on it, and we would ask you to notify us immediately by return email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20090122/8bdf9329/attachment.html>


More information about the erlang-questions mailing list