diff options
author | Micael Karlberg <[email protected]> | 2013-07-04 11:25:58 +0200 |
---|---|---|
committer | Micael Karlberg <[email protected]> | 2013-07-04 11:25:58 +0200 |
commit | e0fa927ff00f7e6a4b25664a10a379e20ab50407 (patch) | |
tree | 051a8e4d9168e8d369663ddcfb68fc9bb9fb5af0 /lib | |
parent | 8cece79b77952c991e62ae595bcf71cde016a052 (diff) | |
parent | a6ba7a3327b146d8472b154cc8ba4544f9d4d0fe (diff) | |
download | otp-e0fa927ff00f7e6a4b25664a10a379e20ab50407.tar.gz otp-e0fa927ff00f7e6a4b25664a10a379e20ab50407.tar.bz2 otp-e0fa927ff00f7e6a4b25664a10a379e20ab50407.zip |
Merge branch 'bmk/snmp/agent/fix_vacm_mask/OTP-11177' into bmk/snmp/snmp4241_integration/r16
Diffstat (limited to 'lib')
-rw-r--r-- | lib/snmp/doc/src/notes.xml | 74 | ||||
-rw-r--r-- | lib/snmp/doc/src/snmp_agent_config_files.xml | 260 | ||||
-rw-r--r-- | lib/snmp/src/agent/snmp_view_based_acm_mib.erl | 133 | ||||
-rw-r--r-- | lib/snmp/src/app/snmp.appup.src | 12 | ||||
-rw-r--r-- | lib/snmp/src/misc/snmp_conf.erl | 35 | ||||
-rw-r--r-- | lib/snmp/vsn.mk | 2 |
6 files changed, 358 insertions, 158 deletions
diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml index 80de9738f1..9f668bf28a 100644 --- a/lib/snmp/doc/src/notes.xml +++ b/lib/snmp/doc/src/notes.xml @@ -34,6 +34,80 @@ <section> + <title>SNMP Development Toolkit 4.24.1</title> + <p>Version 4.24.1 supports code replacement in runtime from/to + version 4.24, 4.23.1 and 4.23. </p> + + <section> + <title>Improvements and new features</title> + <p>-</p> + +<!-- + <list type="bulleted"> + <item> + <p>[agent,manager] Updated to support the new crypto interface. </p> + <p>Own Id: OTP-11009</p> + </item> + + </list> +--> + + </section> + + <section> + <title>Fixed Bugs and Malfunctions</title> +<!-- + <p>-</p> +--> + + <list type="bulleted"> + <item> + <p>[agent] Reading the value of the vacmViewTreeFamilyMask returns + it in the wrong (internal bitlist) format. </p> + <p>The vacmViewTreeFamilyMask is defined as a bit string in the MIB + (OCTET STRING). Internally a bitlist (list of 1's and 0's, + see <seealso marker="snmp_agent_config_files#vacm">vacm config file</seealso> + for more info) is used. + However, the MIB implementation assumed the latter, effectively + rendering all attempts to read/set masks via SNMP unsuccessful. </p> + <p>Since the mask is used in hot paths (e.g. access permission checks + for each SNMP operation, the bitlist representation of the mask has + benefits (e.g. faster processing). Reading/writing the view mask + objects is less time-critical. Therefore, to fix the issue, convert + between the bitlist (internal) representation and bitstring + (external) when the vacmViewTreeFamilyMask objects are accessed. </p> + <p>Also, the check of the vacm config file was invalid with + regard to the mask value. It was assumed to be a proper oid, which + is not strictly the case (see bitlist above). </p> + <p>Own Id: OTP-11177</p> + <p>Stefan Zegenhagen</p> + </item> + + </list> + + </section> + + <section> + <title>Incompatibilities</title> + <p>-</p> + +<!-- + <list type="bulleted"> + <item> + <p>[manager] The old Addr-and-Port based API functions, previously + long deprecated and marked for deletion in R16B, has now been + removed. </p> + <p>Own Id: OTP-10027</p> + </item> + + </list> +--> + </section> + + </section> <!-- 4.24.1 --> + + + <section> <title>SNMP Development Toolkit 4.24</title> <p>Version 4.24 supports code replacement in runtime from/to version 4.23.1 and 4.23. </p> diff --git a/lib/snmp/doc/src/snmp_agent_config_files.xml b/lib/snmp/doc/src/snmp_agent_config_files.xml index bd5c537522..866b00b77b 100644 --- a/lib/snmp/doc/src/snmp_agent_config_files.xml +++ b/lib/snmp/doc/src/snmp_agent_config_files.xml @@ -4,7 +4,7 @@ <chapter> <header> <copyright> - <year>1997</year><year>2011</year> + <year>1997</year><year>2013</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -32,13 +32,15 @@ <file>snmp_agent_config_files.xml</file> </header> <p>All configuration data must be included in configuration files - that are located in the configuration directory. The name of this - directory is given in the <c>config_dir</c> configuration - parameter. These files are read at start-up, and are used to - initialize the SNMPv2-MIB or STANDARD-MIB, SNMP-FRAMEWORK-MIB, - SNMP-MPD-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-COMMUNITY-MIB, - SNMP-USER-BASED-SM-MIB, SNMP-TARGET-MIB and SNMP-NOTIFICATION-MIB - (refer to the <seealso marker="snmp_agent_funct_descr#management">Management of the Agent</seealso> for a description of the MIBs). </p> + that are located in the configuration directory. The name of this + directory is given in the <c>config_dir</c> configuration + parameter. These files are read at start-up, and are used to + initialize the SNMPv2-MIB or STANDARD-MIB, SNMP-FRAMEWORK-MIB, + SNMP-MPD-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-COMMUNITY-MIB, + SNMP-USER-BASED-SM-MIB, SNMP-TARGET-MIB and SNMP-NOTIFICATION-MIB + (refer to the + <seealso marker="snmp_agent_funct_descr#management">Management of the Agent</seealso> + for a description of the MIBs). </p> <p>The files are: </p> <list type="bulleted"> <item> @@ -79,35 +81,35 @@ </item> </list> <p>The directory where the configuration files are found is given as - a parameter to the agent. </p> + a parameter to the agent. </p> <p>The entry format in all files are Erlang terms, separated by a - '<em>.</em>' and a <em>newline</em>. In the following sections, the - formats of these terms are described. Comments may be specified as - ordinary Erlang comments. </p> + '<em>.</em>' and a <em>newline</em>. In the following sections, the + formats of these terms are described. Comments may be specified as + ordinary Erlang comments. </p> <p>Syntax errors in these files are discovered and reported with the - function <c>config_err/2</c> of the error report module at start-up. </p> - + function <c>config_err/2</c> of the error report module at start-up. </p> + + <marker id="agent_information"></marker> + <section> - <marker id="agent_information"></marker> <title>Agent Information</title> <p>The agent information should be stored in a file called - <c>agent.conf</c>. - </p> - <p>Each entry is a tuple of size two: - </p> + <c>agent.conf</c>. </p> + <p>Each entry is a tuple of size two:</p> <p><c>{AgentVariable, Value}.</c></p> <list type="bulleted"> - <item><c>AgentVariable</c> is one of the variables is - SNMP-FRAMEWORK-MIB or one of the internal variables - <c>intAgentUDPPort</c>, which defines which UDP port the agent - listens to, or <c>intAgentIpAddress</c>, which defines the IP - address of the agent. + <item> + <p><c>AgentVariable</c> is one of the variables is + SNMP-FRAMEWORK-MIB or one of the internal variables + <c>intAgentUDPPort</c>, which defines which UDP port the agent + listens to, or <c>intAgentIpAddress</c>, which defines the IP + address of the agent. </p> </item> - <item><c>Value</c> is the value for the variable. + <item> + <p><c>Value</c> is the value for the variable.</p> </item> </list> - <p>The following example shows a <c>agent.conf</c> file: - </p> + <p>The following example shows a <c>agent.conf</c> file: </p> <pre> {intAgentUDPPort, 4000}. {intAgentIpAddress,[141,213,11,24]}. @@ -115,49 +117,47 @@ {snmpEngineMaxPacketSize, 484}. </pre> <p>The value of <c>snmpEngineID</c> is a string, which for a - deployed agent should have a very specific structure. See - RFC 2271/2571 for details. - </p> + deployed agent should have a very specific structure. See + RFC 2271/2571 for details.</p> + + <marker id="context"></marker> </section> <section> - <marker id="context"></marker> <title>Contexts</title> <p>The context information should be stored in a file called - <c>context.conf</c>. The default context <c>""</c> - need not be present. - </p> + <c>context.conf</c>. The default context <c>""</c> + need not be present.</p> <p>Each row defines a context in the agent. This information is - used in the table <c>vacmContextTable</c> in the - SNMP-VIEW-BASED-ACM-MIB. - </p> - <p>Each entry is a term: - </p> + used in the table <c>vacmContextTable</c> in the + SNMP-VIEW-BASED-ACM-MIB.</p> + <p>Each entry is a term:</p> <p><c>ContextName.</c></p> <list type="bulleted"> - <item><c>ContextName</c> is a string. + <item> + <p><c>ContextName</c> is a string.</p> </item> </list> + + <marker id="system_information"></marker> </section> <section> - <marker id="system_information"></marker> <title>System Information</title> <p>The system information should be stored in a file called - <c>standard.conf</c>. - </p> - <p>Each entry is a tuple of size two: - </p> + <c>standard.conf</c>.</p> + <p>Each entry is a tuple of size two:</p> <p><c>{SystemVariable, Value}.</c></p> <list type="bulleted"> - <item><c>SystemVariable</c> is one of the variables in the - system group, or <c>snmpEnableAuthenTraps</c>. + <item> + <p><c>SystemVariable</c> is one of the variables in the + system group, or <c>snmpEnableAuthenTraps</c>. </p> </item> - <item><c>Value</c> is the value for the variable. + <item> + <p><c>Value</c> is the value for the variable. </p> </item> </list> - <p>The following example shows a valid <c>standard.conf</c> file: - </p> + <p>The following example shows a valid <c>standard.conf</c> file: </p> <pre> {sysDescr, "Erlang SNMP agent"}. {sysObjectID, [1,2,3]}. @@ -167,59 +167,60 @@ {snmpEnableAuthenTraps, enabled}. </pre> <p>A value must be provided for all variables, which lack default - values in the MIB. - </p> + values in the MIB. </p> + + <marker id="community"></marker> </section> <section> - <marker id="community"></marker> <title>Communities</title> <p>The community information should be stored in a file called - <c>community.conf</c>. It must be present if the agent is - configured for SNMPv1 or SNMPv2c. - </p> + <c>community.conf</c>. It must be present if the agent is + configured for SNMPv1 or SNMPv2c. </p> <p>An SNMP <em>community</em> is a relationship between an SNMP agent and a set of SNMP managers that defines authentication, access control and proxy characteristics. </p> <p>The corresponding table is <c>snmpCommunityTable</c> in the - SNMP-COMMUNITY-MIB. </p> + SNMP-COMMUNITY-MIB. </p> <p>Each entry is a term: </p> - <p><c>{CommunityIndex, CommunityName, SecurityName, ContextName, TransportTag}.</c></p> + <p><c>{CommunityIndex, CommunityName, SecurityName, ContextName, TransportTag}.</c> </p> <list type="bulleted"> - <item><c>CommunityIndex</c> is a non-empty string. + <item> + <p><c>CommunityIndex</c> is a non-empty string.</p> </item> - <item><c>CommunityName</c> is a string. + <item> + <p><c>CommunityName</c> is a string.</p> </item> - <item><c>SecurityName</c> is a string. + <item> + <p><c>SecurityName</c> is a string.</p> </item> - <item><c>ContextName</c> is a string. + <item> + <p><c>ContextName</c> is a string.</p> </item> - <item><c>TransportTag</c> is a string. + <item> + <p><c>TransportTag</c> is a string.</p> </item> </list> + + <marker id="vacm"></marker> </section> <section> - <marker id="vacm"></marker> <title>MIB Views for VACM</title> <p>The information about MIB Views for VACM should be stored in a - file called - <c>vacm.conf</c>. - </p> + file called <c>vacm.conf</c>.</p> <p>The corresponding tables are <c>vacmSecurityToGroupTable</c>, - <c>vacmAccessTable</c> and <c>vacmViewTreeFamilyTable</c> in the - SNMP-VIEW-BASED-ACM-MIB. - </p> + <c>vacmAccessTable</c> and <c>vacmViewTreeFamilyTable</c> in the + SNMP-VIEW-BASED-ACM-MIB.</p> <p>Each entry is one of the terms, one entry corresponds to one - row in one of the tables. - </p> + row in one of the tables.</p> <p><c>{vacmSecurityToGroup, SecModel, SecName, GroupName}.</c></p> <p><c>{vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.</c></p> <p><c>{vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.</c></p> <list type="bulleted"> <item> <p><c>SecModel</c> is <c>any</c>, <c>v1</c>, <c>v2c</c>, or - <c>usm</c>.</p> + <c>usm</c>.</p> </item> <item> <p><c>SecName</c> is a string.</p> @@ -232,7 +233,7 @@ </item> <item> <p><c>SecLevel</c> is <c>noAuthNoPriv</c>, <c>authNoPriv</c>, - or <c>authPriv</c></p> + or <c>authPriv</c></p> </item> <item> <p><c>Match</c> is <c>prefix</c> or <c>exact</c>.</p> @@ -244,8 +245,7 @@ <p><c>WriteView</c> is a string.</p> </item> <item> - <p><c>NotifyView</c> is a string. - </p> + <p><c>NotifyView</c> is a string.</p> </item> <item> <p><c>ViewIndex</c> is an integer.</p> @@ -258,33 +258,29 @@ </item> <item> <p><c>ViewMask</c> is either <c>null</c> or a list of ones and - zeros. Ones nominate that an exact match is used for this - sub-identifier. Zeros are wild-cards which match any - sub-identifier. If the mask is shorter than the sub-tree, the - tail is regarded as all ones. <c>null</c> is shorthand for a - mask with all ones.</p> + zeros. Ones nominate that an exact match is used for this + sub-identifier. Zeros are wild-cards which match any + sub-identifier. If the mask is shorter than the sub-tree, the + tail is regarded as all ones. <c>null</c> is shorthand for a + mask with all ones. </p> </item> </list> + + <marker id="usm"></marker> </section> <section> - <marker id="usm"></marker> <title>Security data for USM</title> <p>The information about Security data for USM should be stored in a - file called - <c>usm.conf</c>, which must be present if the agent is configured - for SNMPv3. - </p> + file called <c>usm.conf</c>, which must be present if the agent is + configured for SNMPv3. </p> <p>The corresponding table is <c>usmUserTable</c> in the - SNMP-USER-BASED-SM-MIB. - </p> - <p>Each entry is a term: - </p> + SNMP-USER-BASED-SM-MIB.</p> + <p>Each entry is a term:</p> <p><c>{EngineID, UserName, SecName, Clone, AuthP, AuthKeyC, OwnAuthKeyC, PrivP, PrivKeyC, OwnPrivKeyC, Public, AuthKey, PrivKey}.</c></p> <list type="bulleted"> <item> - <p><c>EngineID</c> is a string. - </p> + <p><c>EngineID</c> is a string.</p> </item> <item> <p><c>UserName</c> is a string.</p> @@ -297,7 +293,7 @@ </item> <item> <p><c>AuthP</c> is a <c>usmNoAuthProtocol</c>, - <c>usmHMACMD5AuthProtocol</c>, or <c>usmHMACSHAAuthProtocol</c>.</p> + <c>usmHMACMD5AuthProtocol</c>, or <c>usmHMACSHAAuthProtocol</c>.</p> </item> <item> <p><c>AuthKeyC</c> is a string.</p> @@ -307,7 +303,7 @@ </item> <item> <p><c>PrivP</c> is a <c>usmNoPrivProtocol</c>, - <c>usmDESPrivProtocol</c> or <c>usmAesCfb128Protocol</c>.</p> + <c>usmDESPrivProtocol</c> or <c>usmAesCfb128Protocol</c>.</p> </item> <item> <p><c>PrivKeyC</c> is a string.</p> @@ -319,66 +315,59 @@ <p><c>Public</c> is a string.</p> </item> <item> - <p><c>AuthKey</c> is a list (of integer). This is the User's secret - localized authentication key. It is not visible in the MIB. The length - of this key needs to be 16 if <c>usmHMACMD5AuthProtocol</c> is used, and - 20 if <c>usmHMACSHAAuthProtocol</c> is used.</p> + <p><c>AuthKey</c> is a list (of integer). This is the User's secret + localized authentication key. It is not visible in the MIB. The length + of this key needs to be 16 if <c>usmHMACMD5AuthProtocol</c> is used, + and 20 if <c>usmHMACSHAAuthProtocol</c> is used.</p> </item> <item> <p><c>PrivKey</c> is a list (of integer). This is the User's secret - localized encryption key. It is not visible in the MIB. The length - of this key needs to be 16 if <c>usmDESPrivProtocol</c> or - <c>usmAesCfb128Protocol</c> is used. - </p> + localized encryption key. It is not visible in the MIB. The length + of this key needs to be 16 if <c>usmDESPrivProtocol</c> or + <c>usmAesCfb128Protocol</c> is used. </p> </item> </list> + + <marker id="notify"></marker> </section> <section> - <marker id="notify"></marker> <title>Notify Definitions</title> <p>The information about Notify Definitions should be stored in a - file called - <c>notify.conf</c>. - </p> + file called <c>notify.conf</c>. </p> <p>The corresponding table is <c>snmpNotifyTable</c> in the - SNMP-NOTIFICATION-MIB. - </p> - <p>Each entry is a term: - </p> + SNMP-NOTIFICATION-MIB.</p> + <p>Each entry is a term:</p> <p><c>{NotifyName, Tag, Type}.</c></p> <list type="bulleted"> <item> - <p><c>NotifyName</c> is a unique non-empty string. - </p> + <p><c>NotifyName</c> is a unique non-empty string.</p> </item> <item> - <p><c>Tag</c> is a string. - </p> + <p><c>Tag</c> is a string.</p> </item> <item> - <p><c>Type</c> is <c>trap</c> or <c>inform</c>. - </p> + <p><c>Type</c> is <c>trap</c> or <c>inform</c>.</p> </item> </list> + + <marker id="target_addr"></marker> </section> <section> - <marker id="target_addr"></marker> <title>Target Address Definitions</title> <p>The information about Target Address Definitions should be - stored in a file called <c>target_addr.conf</c>. </p> + stored in a file called <c>target_addr.conf</c>. </p> <p>The corresponding tables are <c>snmpTargetAddrTable</c> in the - SNMP-TARGET-MIB and <c>snmpTargetAddrExtTable</c> in the - SNMP-COMMUNITY-MIB. </p> + SNMP-TARGET-MIB and <c>snmpTargetAddrExtTable</c> in the + SNMP-COMMUNITY-MIB. </p> <p>Each entry is a term: </p> <p><c>{TargetName, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId}.</c> <br></br> or <br></br> <c>{TargetName, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.</c> <br></br> or <br></br> -<c>{TargetName, Domain, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.</c></p> +<c>{TargetName, Domain, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.</c> </p> <list type="bulleted"> <item> - <p><c>TargetName</c> is a unique non-empty string. - </p> + <p><c>TargetName</c> is a unique non-empty string. </p> </item> <item> <p><c>Domain</c> is one of the atoms: @@ -414,40 +403,37 @@ </item> </list> <p>Note that if <c>EngineId</c> has the value <c>discovery</c>, - the agent cannot send - <c>inform</c> messages to that manager until it has performed the - <em>discovery</em> process with that manager. </p> + the agent cannot send + <c>inform</c> messages to that manager until it has performed the + <em>discovery</em> process with that manager. </p> + + <marker id="target_params"></marker> </section> <section> - <marker id="target_params"></marker> <title>Target Parameters Definitions</title> <p>The information about Target Parameters Definitions should be - stored in a file called <c>target_params.conf</c>. </p> + stored in a file called <c>target_params.conf</c>. </p> <p>The corresponding table is <c>snmpTargetParamsTable</c> in the - SNMP-TARGET-MIB. </p> + SNMP-TARGET-MIB. </p> <p>Each entry is a term: </p> <p><c>{ParamsName, MPModel, SecurityModel, SecurityName, SecurityLevel}.</c></p> <list type="bulleted"> <item> - <p><c>ParamsName</c> is a unique non-empty string. - </p> + <p><c>ParamsName</c> is a unique non-empty string. </p> </item> <item> <p><c>MPModel</c> is <c>v1</c>, <c>v2c</c> or <c>v3</c></p> </item> <item> - <p><c>SecurityModel</c> is <c>v1</c>, <c>v2c</c>, or <c>usm</c>. - </p> + <p><c>SecurityModel</c> is <c>v1</c>, <c>v2c</c>, or <c>usm</c>.</p> </item> <item> - <p><c>SecurityName</c> is a string. - </p> + <p><c>SecurityName</c> is a string.</p> </item> <item> <p><c>SecurityLevel</c> is <c>noAuthNoPriv</c>, <c>authNoPriv</c> - or <c>authPriv</c>. - </p> + or <c>authPriv</c>. </p> </item> </list> </section> diff --git a/lib/snmp/src/agent/snmp_view_based_acm_mib.erl b/lib/snmp/src/agent/snmp_view_based_acm_mib.erl index ad9540e886..c0177b1cea 100644 --- a/lib/snmp/src/agent/snmp_view_based_acm_mib.erl +++ b/lib/snmp/src/agent/snmp_view_based_acm_mib.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 1999-2012. All Rights Reserved. +%% Copyright Ericsson AB 1999-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -49,6 +49,14 @@ -endif. +-type internal_view_mask() :: null | [internal_view_mask_element()]. +-type internal_view_mask_element() :: 0 | 1. + +-type external_view_mask() :: octet_string(). % At most length of 16 octet +-type octet_string() :: [octet()]. +-type octet() :: byte(). + + %%----------------------------------------------------------------- %% Func: configure/1 %% Args: Dir is the directory where the configuration files are found. @@ -160,14 +168,7 @@ check_vacm({vacmViewTreeFamily, ViewName, Tree, Type, Mask}) -> {ok, TypeVal} = snmp_conf:check_atom(Type, [{included, ?view_included}, {excluded, ?view_excluded}]), - MaskVal = - case (catch snmp_conf:check_atom(Mask, [{null, []}])) of - {error, _} -> - snmp_conf:check_oid(Mask), - Mask; - {ok, X} -> - X - end, + {ok, MaskVal} = snmp_conf:check_imask(Mask), Vacm = {ViewName, Tree, MaskVal, TypeVal, ?'StorageType_nonVolatile', ?'RowStatus_active'}, {ok, {vacmViewTreeFamily, Vacm}}; @@ -194,8 +195,8 @@ init_tabs(Sec2Group, Access, View) -> ok. init_sec2group_table([Row | T]) -> -%% ?vtrace("init security-to-group table: " -%% "~n Row: ~p",[Row]), + %% ?vtrace("init security-to-group table: " + %% "~n Row: ~p",[Row]), Key1 = element(1, Row), Key2 = element(2, Row), Key = [Key1, length(Key2) | Key2], @@ -953,13 +954,23 @@ verify_vacmViewTreeFamilyTable_col(?vacmViewTreeFamilySubtree, Tree) -> wrongValue(?vacmViewTreeFamilySubtree) end; verify_vacmViewTreeFamilyTable_col(?vacmViewTreeFamilyMask, Mask) -> + %% Mask here is in the "external" format. That is, according + %% to the MIB, which means that its an OCTET STRING of max 16 + %% octets. + %% We however store the mask as a list of 1's (exact) and + %% 0's (wildcard), which means we have to convert the mask. case Mask of - null -> []; - [] -> []; + %% The Mask can only have this value if the vacmViewTreeFamilyTable + %% is called locally! + null -> + []; + [] -> + []; _ -> - case (catch snmp_conf:check_oid(Mask)) of - ok -> - Mask; + %% Check and convert to our internal format + case check_mask(Mask) of + {ok, IMask} -> + IMask; _ -> wrongValue(?vacmViewTreeFamilyMask) end @@ -977,6 +988,60 @@ verify_vacmViewTreeFamilyTable_col(_, Val) -> Val. +check_mask(Mask) when is_list(Mask) andalso (length(Mask) =< 16) -> + try + begin + {ok, emask2imask(Mask)} + end + catch + throw:{error, _} -> + {error, {bad_mask, Mask}}; + T:E -> + {error, {bad_mask, Mask, T, E}} + end; +check_mask(BadMask) -> + {error, {bad_mask, BadMask}}. + +-spec emask2imask(EMask :: external_view_mask()) -> + IMask :: internal_view_mask(). + +%% Convert an External Mask (OCTET STRING) to Internal Mask (list of 0 or 1) +emask2imask(EMask) -> + lists:flatten([octet2bits(Octet) || Octet <- EMask]). + +octet2bits(Octet) + when is_integer(Octet) andalso (Octet >= 16#00) andalso (16#FF >= Octet) -> + <<A:1, B:1, C:1, D:1, E:1, F:1, G:1, H:1>> = <<Octet>>, + [A, B, C, D, E, F, G, H]; +octet2bits(BadOctet) -> + throw({error, {bad_octet, BadOctet}}). + +-spec imask2emask(IMask :: internal_view_mask()) -> + EMask :: external_view_mask(). + +%% Convert an Internal Mask (list of 0 or 1) to External Mask (OCTET STRING) +imask2emask(IMask) -> + imask2emask(IMask, []). + +imask2emask([], EMask) -> + lists:reverse(EMask); +imask2emask(IMask, EMask) -> + %% Make sure we have atleast 8 bits + %% (maybe extend with 1's) + IMask2 = + case length(IMask) of + Small when Small < 8 -> + IMask ++ lists:duplicate(8-Small, 1); + _ -> + IMask + end, + %% Extract 8 bits + [A, B, C, D, E, F, G, H | IMaskRest] = IMask2, + <<Octet:8>> = <<A:1, B:1, C:1, D:1, E:1, F:1, G:1, H:1>>, + imask2emask(IMaskRest, [Octet | EMask]). + + + table_next(Name, RestOid) -> snmp_generic:table_next(db(Name), RestOid). @@ -1014,11 +1079,41 @@ stc(vacmSecurityToGroupTable) -> ?vacmSecurityToGroupStorageType; stc(vacmViewTreeFamilyTable) -> ?vacmViewTreeFamilyStorageType. next(Name, RowIndex, Cols) -> - snmp_generic:handle_table_next(db(Name), RowIndex, Cols, - fa(Name), foi(Name), noc(Name)). + Result = snmp_generic:handle_table_next(db(Name), RowIndex, Cols, + fa(Name), foi(Name), noc(Name)), + externalize_next(Name, Result). get(Name, RowIndex, Cols) -> - snmp_generic:handle_table_get(db(Name), RowIndex, Cols, foi(Name)). + Result = snmp_generic:handle_table_get(db(Name), RowIndex, Cols, + foi(Name)), + externalize_get(Name, Cols, Result). + + +externalize_next(Name, Result) when is_list(Result) -> + F = fun({[Col | _] = Idx, Val}) -> {Idx, externalize(Name, Col, Val)}; + (Other) -> Other + end, + [F(R) || R <- Result]; +externalize_next(_, Result) -> + Result. + + +externalize_get(Name, Cols, Result) when is_list(Result) -> + %% Patch returned values + F = fun({Col, {value, Val}}) -> {value, externalize(Name, Col, Val)}; + ({_, Other}) -> Other + end, + %% Merge column numbers and return values. there must be as much + %% return values as there are columns requested. And then patch all values + [F(R) || R <- lists:zip(Cols, Result)]; +externalize_get(_, _, Result) -> + Result. + +externalize(vacmViewTreeFamilyTable, ?vacmViewTreeFamilyMask, Val) -> + imask2emask(Val); +externalize(_, _, Val) -> + Val. + wrongValue(V) -> throw({wrongValue, V}). diff --git a/lib/snmp/src/app/snmp.appup.src b/lib/snmp/src/app/snmp.appup.src index 7ffa4a725d..106fed749d 100644 --- a/lib/snmp/src/app/snmp.appup.src +++ b/lib/snmp/src/app/snmp.appup.src @@ -22,6 +22,12 @@ %% ----- U p g r a d e ------------------------------------------------------- [ + {"4.24", + [ + {load_module, snmp_conf, soft_purge, soft_purge, []}, + {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, [snmp_conf]} + ] + }, {"4.23.1", [{restart_application, snmp}]}, {"4.23", [{restart_application, snmp}]} ], @@ -29,6 +35,12 @@ %% ------D o w n g r a d e --------------------------------------------------- [ + {"4.24", + [ + {load_module, snmp_conf, soft_purge, soft_purge, []}, + {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, [snmp_conf]} + ] + }, {"4.23.1", [{restart_application, snmp}]}, {"4.23", [{restart_application, snmp}]} ] diff --git a/lib/snmp/src/misc/snmp_conf.erl b/lib/snmp/src/misc/snmp_conf.erl index e1e7fab57b..46625989d5 100644 --- a/lib/snmp/src/misc/snmp_conf.erl +++ b/lib/snmp/src/misc/snmp_conf.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 1996-2012. All Rights Reserved. +%% Copyright Ericsson AB 1996-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -50,6 +50,7 @@ check_packet_size/1, check_oid/1, + check_imask/1, check_emask/1, check_mp_model/1, check_sec_model/1, check_sec_model/2, check_sec_model/3, @@ -488,6 +489,7 @@ do_check_timer(WaitFor, Factor, Incr, Retry) -> check_integer(Retry, {gte, 0}), ok. + %% --------- all_domains() -> @@ -618,6 +620,37 @@ check_oid(X) -> %% --------- +%% Check a (view) mask in the internal form (all 0 and 1): +check_imask(null) -> + {ok, []}; +check_imask(IMask) when is_list(IMask) -> + do_check_imask(IMask), + {ok, IMask}. + +do_check_imask([0|IMask]) -> + do_check_imask(IMask); +do_check_imask([1|IMask]) -> + do_check_imask(IMask); +do_check_imask([X|_]) -> + error({invalid_internal_mask_element, X}). + + +%% Check a (view) mask in the external form (according to MIB, +%% an OCTET STRING of at most length 16). +check_emask(EMask) when is_list(EMask) andalso (length(EMask) =< 16) -> + do_check_emask(EMask). + +do_check_emask([]) -> + ok; +do_check_emask([X|EMask]) + when is_integer(X) andalso (X >= 16#00) andalso (X =< 16#FF) -> + do_check_emask(EMask); +do_check_emask([X|_]) -> + error({invalid_external_mask_element, X}). + + +%% --------- + all_integer([H|T]) when is_integer(H) -> all_integer(T); all_integer([_H|_T]) -> false; all_integer([]) -> true. diff --git a/lib/snmp/vsn.mk b/lib/snmp/vsn.mk index 0e48e7ea56..e987649e11 100644 --- a/lib/snmp/vsn.mk +++ b/lib/snmp/vsn.mk @@ -18,6 +18,6 @@ # %CopyrightEnd% APPLICATION = snmp -SNMP_VSN = 4.24 +SNMP_VSN = 4.24.1 PRE_VSN = APP_VSN = "$(APPLICATION)-$(SNMP_VSN)$(PRE_VSN)" |