snmp_user_based_sm_mib (snmp v5.18.1)
View SourceInstrumentation Functions for SNMP-USER-BASED-SM-MIB
The module snmp_user_based_sm_mib
implements the instrumentation functions for
the SNMP-USER-BASED-SM-MIB, and functions for configuring the database.
Note that authentication has been extended according to RFC 7860 (SNMP-USM-HMAC-SHA2-MIB).
The configuration files are described in the SNMP User's Manual.
The size/length of the list depends on auth protocol
"An indication of whether messages sent on behalf of this user to/from the SNMP engine identified by usmUserEngineID, can be authenticated, and if so, the type of authentication protocol which is used."
"A pointer to another conceptual row in this usmUserTable. The user in this other conceptual row is called the clone-from user."
"Every definition of an object with this syntax must identify a protocol P, a secret key K, and a hash algorithm H that produces output of L octets."
"A human readable string representing the name of the user. This is the (User-based Security) Model dependent security ID."
The size/length of the list depends on priv protocol
"An indication of whether messages sent on behalf of this user to/from the SNMP engine identified by usmUserEngineID, can be protected from disclosure, and if so, the type of privacy protocol which is used."
Adds a USM security data (user) to the agent config. Equivalent to one line in
the usm.conf
This function is called from the supervisor at system start-up.
Delete a USM security data (user) from the agent config.
Inserts all data in the configuration files into the database and destroys all
old data, including the rows with StorageType nonVolatile
. The rows created
from the configuration file will have StorageType nonVolatile
-type auth_key() :: snmp:octet_string().
The size/length of the list depends on auth protocol:
Size any for usmNoAuthProtocol
Size 16 for usmHMACMD5AuthProtocol
Size 20 for usmHMACSHAAuthProtocol
Size 28 for usmHMAC128SHA224AuthProtocol
Size 32 for usmHMAC192SHA256AuthProtocol
Size 48 for usmHMAC256SHA384AuthProtocol
Size 64 for usmHMAC384SHA512AuthProtocol
-type auth_protocol() ::
usmNoAuthProtocol | usmHMACMD5AuthProtocol | usmHMACSHAAuthProtocol |
usmHMAC128SHA224AuthProtocol | usmHMAC192SH256AuthProtocol | usmHMAC256SHA384AuthProtocol |
"An indication of whether messages sent on behalf of this user to/from the SNMP engine identified by usmUserEngineID, can be authenticated, and if so, the type of authentication protocol which is used."
Some of the entries of this type are actually defined by the SNMP-USM-HMAC-SHA2-MIB mib.
-type clone_from() :: zeroDotZero | snmp:row_pointer().
"A pointer to another conceptual row in this usmUserTable. The user in this other conceptual row is called the clone-from user."
-type key_change() :: snmp:octet_string().
"Every definition of an object with this syntax must identify a protocol P, a secret key K, and a hash algorithm H that produces output of L octets."
-type name() :: snmp_framework_mib:admin_string().
"A human readable string representing the name of the user. This is the (User-based Security) Model dependent security ID."
SnmpAdminString (SIZE(1..32))
-type priv_key() :: snmp:octet_string().
The size/length of the list depends on priv protocol:
Size any for usmNoPrivProtocol
Size 16 for usmDESPrivProtocol
Size 16 for usmAesCfb128Protocol
-type priv_protocol() :: usmNoPrivProtocol | usmDESPrivProtocol | usmAesCfb128Protocol.
"An indication of whether messages sent on behalf of this user to/from the SNMP engine identified by usmUserEngineID, can be protected from disclosure, and if so, the type of privacy protocol which is used."
Some of the entries of this tyype are actually defined by the SNMP-USM-AES-MIB mib.
-type public() :: string().
-type usm_entry() :: {EngineID :: snmp_framework_mib:engine_id(), UserName :: name(), SecName :: snmp_framework_mib:admin_string(), Clone :: clone_from(), AuthP :: auth_protocol(), AuthKeyC :: key_change(), OwnAuthKeyC :: key_change(), PrivP :: priv_protocol(), PrivKeyC :: key_change(), OwnPrivKeyC :: key_change(), Public :: public(), AuthKey :: auth_key(), PrivKey :: priv_key()}.
-spec add_user(EngineID, Name, SecName, Clone, AuthP, AuthKeyC, OwnAuthKeyC, PrivP, PrivKeyC, OwnPrivKeyC, Public, AuthKey, PrivKey) -> {ok, Key} | {error, Reason} when EngineID :: snmp_framework_mib:engine_id(), Name :: name(), SecName :: snmp_framework_mib:admin_string(), Clone :: clone_from(), AuthP :: auth_protocol(), AuthKeyC :: key_change(), OwnAuthKeyC :: key_change(), PrivP :: priv_protocol(), PrivKeyC :: key_change(), OwnPrivKeyC :: key_change(), Public :: public(), AuthKey :: auth_key(), PrivKey :: priv_key(), Key :: term(), Reason :: term().
Adds a USM security data (user) to the agent config. Equivalent to one line in
the usm.conf
This function is called from the supervisor at system start-up.
Inserts all data in the configuration files into the database and destroys all
old rows with StorageType volatile
. The rows created from the configuration
file will have StorageType nonVolatile
All snmp
counters are set to zero.
If an error is found in the configuration file, it is reported using the
function config_err/2
of the error report module, and the function fails with
the reason configuration_error
is a string which points to the directory where the configuration
files are found.
The configuration file read is: usm.conf
Delete a USM security data (user) from the agent config.
Inserts all data in the configuration files into the database and destroys all
old data, including the rows with StorageType nonVolatile
. The rows created
from the configuration file will have StorageType nonVolatile
Thus, the data in the SNMP-USER-BASED-SM-MIB, after this function has been called, is the data from the configuration files.
All snmp
counters are set to zero.
If an error is found in the configuration file, it is reported using the
function config_err/2
of the error report module, and the function fails with
the reason configuration_error
is a string which points to the directory where the configuration
files are found.
The configuration file read is: usm.conf