Dear ALL,
Issue: On my network device SNMP v2c walk is successfull from any manager
using community "private".
As per RFC SNMP V2c walk should be authenticated with " community & manager ip
address". Only authenticated managers can do snmpv2c walk.
I debugged snmp agent code and found that in snmp_parse function there is
implementation for v2c authenticator, but authenticator function pointer is
null and so
authentication is not happening and snmp agent is accepting every v2c request
with community "private". Below u can see gdb capture and bt.
1. why session->authenticator pointer is null in snmp_parse function?
2. How to make sure SNMP V2c walk authenticated?
Breakpoint 1, _snmp_parse (sessp=0xa0613f8, session=0xa061410, pdu=0xb7400468,
data=0xb74014d0 "0*\002\001\001\004\aprivate�\034\002\004P\r�t\002\001",
length=44) at snmp_api.c:4323
4323 size_t community_length = COMMUNITY_MAX_LEN;
(gdb) bt
#0 _snmp_parse (sessp=0xa0613f8, session=0xa061410, pdu=0xb7400468,
data=0xb74014d0 "0*\002\001\001\004\aprivate�\034\002\004P\r�t\002\001",
length=44) at snmp_api.c:4323
#1 0x085a376a in snmp_parse (sessp=0xa0613f8, pss=0xa061410, pdu=0xb7400468,
data=0xb74014d0 "0*\002\001\001\004\aprivate�\034\002\004P\r�t\002\001",
length=44) at snmp_api.c:4485
#2 0x085a4fd3 in _sess_process_packet (sessp=0xa0613f8, sp=0xa061410,
isp=0xa0613a8, transport=0xa061220, opaque=0xb7401410, olength=20,
packetptr=0xb74014d0
"0*\002\001\001\004\aprivate�\034\002\004P\r�t\002\001", length=44) at
snmp_api.c:5427
#3 0x085a5e96 in _sess_read (sessp=0xa0613f8, fdset=0xb7f59f8c) at
snmp_api.c:6105
#4 0x085a5edd in snmp_sess_read (sessp=0xa0613f8, fdset=0xb7f59f8c) at
snmp_api.c:6125
#5 0x085a5552 in snmp_read (fdset=0xb7f59f8c) at snmp_api.c:5699
#6 0x0846cbed in receive (sh=0x9fc5dc0) at snmpd.c:1484
#7 0x0846c0ac in snmpd (args=0x9fc5dc0) at snmpd.c:1177
#8 0x0073950b in start_thread () from /lib/libpthread.so.0
#9 0x0067ab2e in clone () from /lib/libc.so.6
(gdb) p *session
$1 = {version = -1, retries = 5, timeout = 1000000, flags = 0, subsession =
0x0, next = 0x0, peername = 0x0, remote_port = 0, localname = 0x0, local_port =
0, authenticator = 0,
callback = 0x8458b62 <handle_snmp_packet>, callback_magic = 0x0, s_errno = 0,
s_snmp_errno = 0, sessid = 1, community = 0xa0611d0 "", community_len = 0,
rcvMsgMaxSize = 65507,
sndMsgMaxSize = 0, isAuthoritative = 1 '\001', contextEngineID = 0x0,
contextEngineIDLen = 0, engineBoots = 0, engineTime = 0, contextName =
0xa060e88 "", contextNameLen = 0,
securityEngineID = 0x0, securityEngineIDLen = 0, securityName = 0x0,
securityNameLen = 0, securityAuthProto = 0x0, securityAuthProtoLen = 0,
securityAuthKey = {0 '\0' <repeats 32 times>},
securityAuthKeyLen = 0, securityAuthLocalKey = 0x0, securityAuthLocalKeyLen =
0, securityPrivProto = 0x0, securityPrivProtoLen = 0, securityPrivKey = {0 '\0'
<repeats 32 times>},
securityPrivKeyLen = 0, securityPrivLocalKey = 0x0, securityPrivLocalKeyLen =
0, securityModel = 3, securityLevel = 1, paramName = 0x0, securityInfo = 0x0,
myvoid = 0x0}
thanks & regards,
hemanth
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
