Hi,
I am unable to access managed objects using SNMPv3 from the following agent codes.
There is some authorization issues.
I am using the iReasoning MIB browser, and have configured it to use SNMPv3 with the following USM configuration:
user: cm2get
auth algorithm: sha
auth password: password
privacy algo: des
privacy password: password
My Agent Code:
package snmp;
import java.io.File;
import java.io.IOException;
import org.snmp4j.TransportMapping;
import org.snmp4j.agent.BaseAgent;
import org.snmp4j.agent.CommandProcessor;
import org.snmp4j.agent.DuplicateRegistrationException;
import org.snmp4j.agent.MOGroup;
import org.snmp4j.agent.ManagedObject;
import org.snmp4j.agent.mo.DefaultMOFactory;
import org.snmp4j.agent.mo.MOTableRow;
import org.snmp4j.agent.mo.snmp.RowStatus;
import org.snmp4j.agent.mo.snmp.SnmpCommunityMIB;
import org.snmp4j.agent.mo.snmp.SnmpCommunityMIB.SnmpCommunityEntryRow;
import org.snmp4j.agent.mo.snmp.SnmpNotificationMIB;
import org.snmp4j.agent.mo.snmp.SnmpTargetMIB;
import org.snmp4j.agent.mo.snmp.StorageType;
import org.snmp4j.agent.mo.snmp.VacmMIB;
import org.snmp4j.agent.security.MutableVACM;
import org.snmp4j.log.ConsoleLogAdapter;
import org.snmp4j.log.ConsoleLogFactory;
import org.snmp4j.log.LogFactory;
import org.snmp4j.mp.MPv3;
import org.snmp4j.security.SecurityLevel;
import org.snmp4j.security.SecurityModel;
import org.snmp4j.security.SecurityProtocols;
import org.snmp4j.security.USM;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.GenericAddress;
import org.snmp4j.smi.Integer32;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.OctetString;
import org.snmp4j.smi.Variable;
import org.snmp4j.transport.TransportMappings;
import org.snmp4j.security.AuthSHA;
import org.snmp4j.security.PrivDES;
import org.snmp4j.security.UsmUser;
public class SnmpApp extends BaseAgent
{
private static final String address = "0.0.0.0/2001";
private static SnmpApp m_instance = null;
private MYMib mymib ;
private static final OID AUTHENTICATION_PROTOCOL = AuthSHA.ID;
private static final String AUTHENTICATION_PASSWORD = "password";
private static final OID PRIVACY_PROTOCOL = PrivDES.ID;
private static final String PRIVACY_PASSWORD = "password";
private String securityName = "cm2get";
public static SnmpApp getInstance()
{
if (m_instance == null)
try {
m_instance = new SnmpApp(address) ;
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return m_instance;
}
public SnmpApp(String address) throws IOException {
// These files does not exist and are not used but has to be specified
// Read snmp4j docs for more info
super(new File("conf.agent"), new File("bootCounter.agent"),
new CommandProcessor(
new OctetString(MPv3.createLocalEngineID())));
try {
LogFactory.setLogFactory(new ConsoleLogFactory());
ConsoleLogAdapter.setDebugEnabled(true);
mymib = new MYMib(DefaultMOFactory.getInstance());
mymib.registerMOs(server, new OctetString("public")); // Register MY mib
} catch (DuplicateRegistrationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
/**
* We let clients of this agent register the MO they
* need so this method does nothing
*/
@Override
protected void registerManagedObjects() {
}
/**
* Clients can register the MO they need
*/
public void registerManagedObject(ManagedObject mo) {
try {
server.register(mo, null);
} catch (DuplicateRegistrationException ex) {
throw new RuntimeException(ex);
}
}
public void unregisterManagedObject(MOGroup moGroup) {
moGroup.unregisterMOs(server, getContext(moGroup));
}
/*
* Empty implementation
*/
@Override
protected void addNotificationTargets(SnmpTargetMIB targetMIB,
SnmpNotificationMIB notificationMIB) {
}
/**
* Minimal View based Access Control
*
* http://www.faqs.org/rfcs/rfc2575.html
*/
@Override
protected void addViews(VacmMIB vacm) {
// SNMPv3
if (securityName != null && !securityName.equals("")) {
System.out.println("Test");
**vacm.addGroup(
SecurityModel.SECURITY_MODEL_USM,
new OctetString(securityName),
new OctetString("v3group"),
StorageType.volatile_
);
vacm.addAccess(
new OctetString("v3group"),
new OctetString("public"),
SecurityModel.SECURITY_MODEL_USM,
SecurityLevel.AUTH_PRIV,
MutableVACM.VACM_MATCH_EXACT,
new OctetString("fullReadView"),
new OctetString("fullWriteView"),
new OctetString("fullNotifyView"),
StorageType.volatile_
);
}
vacm.addViewTreeFamily(new OctetString("fullReadView"), new OID("1.3"),
new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullWriteView"), new OID("1.3"),
new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
vacm.addViewTreeFamily(new OctetString("fullNotifyView"), new OID("1.3"),
new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);
}
/**
* User based Security Model, only applicable to
* SNMP v.3
*
*/
protected void addUsmUser(USM usm) {
if (securityName == null || securityName.equals("")) {
System.out.println("No security name.");
return;
}
UsmUser user = new UsmUser(
new OctetString(securityName),
AUTHENTICATION_PROTOCOL,
new OctetString(AUTHENTICATION_PASSWORD),
PRIVACY_PROTOCOL,
new OctetString(PRIVACY_PASSWORD)
);
usm.addUser(user.getSecurityName(), null, user);
}
protected void initTransportMappings() throws IOException {
transportMappings = new TransportMapping[1];
Address addr = GenericAddress.parse(address);
TransportMapping tm = TransportMappings.getInstance()
.createTransportMapping(addr);
transportMappings[0] = tm;
}
/**
* Start method invokes some initialization methods needed to
* start the agent
* @throws IOException
*/
public void start() throws IOException {
init();
System.out.println("Started SnmpApp") ;
// This method reads some old config from a file and causes
// unexpected behavior.
// loadConfig(ImportModes.REPLACE_CREATE);
addShutdownHook();
getServer().addContext(new OctetString("public"));
finishInit();
SecurityProtocols.getInstance().addDefaultProtocols();
run();
sendColdStartNotification();
}
protected void unregisterManagedObjects() {
// here we should unregister those objects previously registered...
}
/**
* The table of community strings configured in the SNMP
* engine's Local Configuration Datastore (LCD).
*
* We only configure one, "public".
*/
protected void addCommunities(SnmpCommunityMIB communityMIB) {
Variable[] com2sec = new Variable[] {
new OctetString("public"), // community name
new OctetString("cpublic"), // security name
getAgent().getContextEngineID(), // local engine ID
new OctetString("public"), // default context name
new OctetString(), // transport tag
new Integer32(StorageType.nonVolatile), // storage type
new Integer32(RowStatus.active) // row status
};
MOTableRow row = communityMIB.getSnmpCommunityEntry().createRow(
new OctetString("public2public").toSubIndex(true), com2sec);
communityMIB.getSnmpCommunityEntry().addRow((SnmpCommunityEntryRow) row);
}
}
This is the debug log:
Api Tested
Initialized Salt to b737e2e718b626c2.
Adding user cm2get = UsmUser[secName=cm2get,authProtocol=1.3.6.1.6.3.10.1.1.3,authPassphrase=password,privProtocol=1.3.6.1.6.3.10.1.2.2,privPassphrase=password,localizationEngineID=null]
Test
Started SnmpApp
UDP receive buffer size for socket 0.0.0.0/2001 is set to: 65536
Notification 1.3.6.1.6.3.1.1.5.1 reported with [] for context
Received message from /127.0.0.1/54217 with length 44: 30:2a:02:01:01:04:06:70:75:62:6c:69:63:a0:1d:02:04:50:c0:64:31:02:01:00:02:01:00:30:0f:30:0d:06:09:2b:06:01:04:01:01:01:02:00:05:00
Fire process PDU event: CommandResponderEvent[securityModel=2, securityLevel=1, maxSizeResponsePDU=65535, pduHandle=PduHandle[1354785841], stateReference=StateReference[msgID=0,pduHandle=PduHandle[1354785841],securityEngineID=null,securityModel=null,securityName=public,securityLevel=1,contextEngineID=null,contextName=null,retryMsgIDs=null], pdu=GET[requestID=1354785841, errorStatus=Success(0), errorIndex=0, VBS[1.3.6.1.4.1.1.1.2.0 = Null]], messageProcessingModel=1, securityName=public, processed=false, peerAddress=127.0.0.1/54217, transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping@63f78fb6, tmStateReference=null]
Looking up coexistence info for 'public'
Found coexistence info for 'public'=CoexistenceInfo[securityName=cpublic,contextEngineID=80:00:13:70:01:c0:a8:b8:01:6a:40:2c:a8,contextName=public,transportTag=]
Address 127.0.0.1/54217 passes filter, because source address filtering is disabled
Created subrequest 0 with scope org.snmp4j.agent.DefaultMOContextScope[context=public,lowerBound=1.3.6.1.4.1.1.1.2.0,lowerIncluded=true,upperBound=1.3.6.1.4.1.1.1.2.0,upperIncluded=true] from 1.3.6.1.4.1.1.1.2.0 = Null
SnmpSubRequests initialized: [org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.DefaultMOContextScope[context=public,lowerBound=1.3.6.1.4.1.1.1.2.0,lowerIncluded=true,upperBound=1.3.6.1.4.1.1.1.2.0,upperIncluded=true],vb=1.3.6.1.4.1.1.1.2.0 = Null,status=RequestStatus{processed=false, phaseComplete=false, errorStatus=0},query=null,index=0,targetMO=null]]
java.lang.Exception: Error 'Authorization error' generated at: 1.3.6.1.4.1.1.1.2.0 = Null
Sending message to 127.0.0.1/54217 with length 44: 30:2a:02:01:01:04:06:70:75:62:6c:69:63:a2:1d:02:04:50:c0:64:31:02:01:10:02:01:01:30:0f:30:0d:06:09:2b:06:01:04:01:01:01:02:00:05:00
at org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChanged(SnmpRequest.java:627)
at org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(RequestStatus.java:89)
at org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.java:52)
at org.snmp4j.agent.CommandProcessor.setAuthorizationError(CommandProcessor.java:506)
at org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.java:379)
at org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.java:340)
at org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:566)
at org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:163)
at org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl.java:694)
at org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:310)
at org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:390)
at org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:350)
at org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(AbstractTransportMapping.java:76)
at org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(DefaultUdpTransportMapping.java:430)
at java.base/java.lang.Thread.run(Unknown Source)