Compare commits
10 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
1ab0d2849e | ||
|
4d8a87c5a4 | ||
|
8df2ee9d53 | ||
|
23c35c2652 | ||
|
f0f4ae298d | ||
|
6f76683403 | ||
|
91e545102d | ||
|
5223b26e39 | ||
|
6cee7090f7 | ||
|
ec72afaee7 |
13
.gitignore
vendored
13
.gitignore
vendored
@ -1,12 +1 @@
|
||||
net-snmp-5.5.tar.gz
|
||||
/net-snmp-5.6.tar.gz
|
||||
/net-snmp-5.6.1.tar.gz
|
||||
/net-snmp-5.7.tar.gz
|
||||
/net-snmp-5.7.1.tar.gz
|
||||
/net-snmp-5.7.2.tar.gz
|
||||
/net-snmp-5.7.3.tar.gz
|
||||
/net-snmp-5.8.tar.gz
|
||||
/net-snmp-5.9.tar.gz
|
||||
/net-snmp-5.9.1.tar.gz
|
||||
/net-snmp-5.9.3.tar.gz
|
||||
/net-snmp-5.9.4.tar.gz
|
||||
net-snmp-5.4.1.tar.gz
|
||||
|
@ -1,41 +0,0 @@
|
||||
MIBs included in this software taken from IETF Documents are considered
|
||||
Code Components in accordance with the IETF Trust License Policy, as found
|
||||
here:
|
||||
|
||||
http://trustee.ietf.org/license-info/
|
||||
|
||||
They are available under the terms of the Simplified BSD license, a copy of
|
||||
which is included below.
|
||||
|
||||
*****
|
||||
|
||||
Copyright (c) 2013 IETF Trust and the persons identified as authors of
|
||||
the code. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
· Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
|
||||
· Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
|
||||
· Neither the name of Internet Society, IETF or IETF Trust, nor the
|
||||
names of specific contributors, may be used to endorse or promote
|
||||
products derived from this software without specific prior written
|
||||
permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS
|
||||
IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
|
||||
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
10
net-snmp-5.0.8-ipv6-sock-close.patch
Normal file
10
net-snmp-5.0.8-ipv6-sock-close.patch
Normal file
@ -0,0 +1,10 @@
|
||||
--- net-snmp-5.0.8/agent/mibgroup/mibII/ipv6.c.orig 2003-02-25 16:35:58.000000000 +0200
|
||||
+++ net-snmp-5.0.8/agent/mibgroup/mibII/ipv6.c 2003-02-25 16:36:30.000000000 +0200
|
||||
@@ -1961,6 +1961,7 @@
|
||||
break;
|
||||
}
|
||||
long_return = (ifr.ifr_flags & flag) ? 1 : 2;
|
||||
+ close(s);
|
||||
return (u_char *) & long_return;
|
||||
}
|
||||
}
|
15
net-snmp-5.0.8-readonly.patch
Normal file
15
net-snmp-5.0.8-readonly.patch
Normal file
@ -0,0 +1,15 @@
|
||||
--- net-snmp-5.0.8/agent/snmp_agent.c.readonly 2003-08-05 14:55:44.000000000 +0200
|
||||
+++ net-snmp-5.0.8/agent/snmp_agent.c 2003-08-06 16:05:56.000000000 +0200
|
||||
@@ -1133,6 +1133,12 @@
|
||||
int i, n = 0, r = 0;
|
||||
|
||||
/*
|
||||
+ * Update asp->status if necessary. Fixes ro/rw problem.
|
||||
+ */
|
||||
+ if ( status != 0 && asp->status == 0 )
|
||||
+ asp->status = status;
|
||||
+
|
||||
+ /*
|
||||
* if this request was a set, clear the global now that we are
|
||||
* done.
|
||||
*/
|
11
net-snmp-5.1.2-dir-fix.patch
Normal file
11
net-snmp-5.1.2-dir-fix.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- net-snmp-5.1.2/net-snmp-config.in.dir-fix 2004-06-17 15:39:28.000000000 +0200
|
||||
+++ net-snmp-5.1.2/net-snmp-config.in 2004-11-16 10:26:28.928414992 +0100
|
||||
@@ -249,7 +249,7 @@
|
||||
echo " " $line
|
||||
echo $line >> $outfile
|
||||
|
||||
- outfile="@datadir@/snmp/snmpd.conf"
|
||||
+ outfile="/etc/snmp/snmpd.conf"
|
||||
line="$token $user"
|
||||
echo "adding the following line to $outfile:"
|
||||
echo " " $line
|
10
net-snmp-5.1.2-snmpconf-selinux.patch
Normal file
10
net-snmp-5.1.2-snmpconf-selinux.patch
Normal file
@ -0,0 +1,10 @@
|
||||
--- net-snmp-5.1.2/local/snmpconf.orig 2004-04-20 16:20:51.000000000 +0200
|
||||
+++ net-snmp-5.1.2/local/snmpconf 2007-07-09 15:34:48.000000000 +0200
|
||||
@@ -585,6 +585,7 @@
|
||||
}
|
||||
}
|
||||
close(O);
|
||||
+ system("restorecon $outputf");
|
||||
}
|
||||
}
|
||||
|
44
net-snmp-5.2.1-file_offset.patch
Normal file
44
net-snmp-5.2.1-file_offset.patch
Normal file
@ -0,0 +1,44 @@
|
||||
--- net-snmp-5.2.1/include/net-snmp/agent/snmp_vars.h.long 2004-04-15 14:47:10.000000000 +0200
|
||||
+++ net-snmp-5.2.1/include/net-snmp/agent/snmp_vars.h 2005-03-21 17:03:29.909271960 +0100
|
||||
@@ -73,7 +73,7 @@
|
||||
|
||||
struct nlist;
|
||||
|
||||
- extern long long_return;
|
||||
+ extern fsblkcnt_t long_return;
|
||||
extern u_char return_buf[];
|
||||
|
||||
extern oid nullOid[];
|
||||
--- net-snmp-5.2.1/agent/mibgroup/host/hr_filesys.c.long 2004-06-19 15:34:11.000000000 +0200
|
||||
+++ net-snmp-5.2.1/agent/mibgroup/host/hr_filesys.c 2005-03-21 17:03:29.910271808 +0100
|
||||
@@ -773,7 +773,7 @@
|
||||
return 0;
|
||||
}
|
||||
|
||||
-long
|
||||
+fsblkcnt_t
|
||||
Get_FSSize(char *dev)
|
||||
{
|
||||
struct HRFS_statfs statfs_buf;
|
||||
--- net-snmp-5.2.1/agent/mibgroup/host/hr_filesys.h.long 2002-07-04 14:56:35.000000000 +0200
|
||||
+++ net-snmp-5.2.1/agent/mibgroup/host/hr_filesys.h 2005-03-21 17:03:29.910271808 +0100
|
||||
@@ -12,7 +12,7 @@
|
||||
extern int Check_HR_FileSys_NFS(void);
|
||||
|
||||
extern int Get_FSIndex(char *);
|
||||
-extern long Get_FSSize(char *); /* Temporary */
|
||||
+extern fsblkcnt_t Get_FSSize(char *); /* Temporary */
|
||||
|
||||
|
||||
#endif /* _MIBGROUP_HRFSYS_H */
|
||||
--- net-snmp-5.2.1/agent/snmp_vars.c.long 2005-03-21 17:08:37.790466904 +0100
|
||||
+++ net-snmp-5.2.1/agent/snmp_vars.c 2005-03-21 17:08:37.790466904 +0100
|
||||
@@ -223,7 +223,7 @@
|
||||
* int name_len IN - number of sub-ids in the name
|
||||
*/
|
||||
|
||||
-long long_return;
|
||||
+fsblkcnt_t long_return;
|
||||
#ifndef ibm032
|
||||
u_char return_buf[258];
|
||||
#else
|
20
net-snmp-5.3.1-multilib.patch
Normal file
20
net-snmp-5.3.1-multilib.patch
Normal file
@ -0,0 +1,20 @@
|
||||
--- net-snmp-5.3.1.pre2/man/read_config.3.def.old 2003-04-25 16:02:55.000000000 +0200
|
||||
+++ net-snmp-5.3.1.pre2/man/read_config.3.def 2006-05-23 09:41:35.000000000 +0200
|
||||
@@ -257,7 +257,7 @@
|
||||
.I SNMPCONFPATH
|
||||
environment variable (or its default value, which will be
|
||||
SYSCONFDIR/snmp, followed by
|
||||
-DATADIR/snmp, followed by LIBDIR/snmp, followed by $HOME/.snmp) and
|
||||
+DATADIR/snmp, followed by /usr/lib/snmp (or /usr/lib64/snmp), followed by $HOME/.snmp) and
|
||||
reading in the files found that match both the prefix registered and
|
||||
the two suffixes
|
||||
.I .conf
|
||||
@@ -285,7 +285,7 @@
|
||||
SNMPCONFPATH
|
||||
A colon separated list of directories to search for configuration
|
||||
files in.
|
||||
-Default: SYSCONFDIR/snmp:DATADIR/snmp:LIBDIR/snmp:$HOME/.snmp
|
||||
+Default: SYSCONFDIR/snmp:DATADIR/snmp:/usr/lib(64)/snmp:$HOME/.snmp
|
||||
.SH "SEE ALSO"
|
||||
.BR mib_api "(3), " snmp_api (3)
|
||||
.\" Local Variables:
|
227
net-snmp-5.4-64bit.patch
Normal file
227
net-snmp-5.4-64bit.patch
Normal file
@ -0,0 +1,227 @@
|
||||
--- net-snmp-5.4/agent/mibgroup/ucd-snmp/pass_persist.c.64bit 2006-10-18 04:59:10.000000000 +0200
|
||||
+++ net-snmp-5.4/agent/mibgroup/ucd-snmp/pass_persist.c 2006-11-27 13:56:30.000000000 +0100
|
||||
@@ -218,6 +218,7 @@
|
||||
oid newname[MAX_OID_LEN];
|
||||
int i, rtest, newlen;
|
||||
static long long_ret;
|
||||
+ static in_addr_t addr_ret;
|
||||
char buf[SNMP_MAXBUF];
|
||||
static char buf2[SNMP_MAXBUF];
|
||||
static oid objid[MAX_OID_LEN];
|
||||
@@ -366,13 +367,13 @@
|
||||
*var_len = 0;
|
||||
return (NULL);
|
||||
}
|
||||
- long_ret =
|
||||
+ addr_ret =
|
||||
(objid[0] << (8 * 3)) + (objid[1] << (8 * 2)) +
|
||||
(objid[2] << 8) + objid[3];
|
||||
- long_ret = htonl(long_ret);
|
||||
- *var_len = sizeof(long_ret);
|
||||
+ addr_ret = htonl(addr_ret);
|
||||
+ *var_len = sizeof(addr_ret);
|
||||
vp->type = ASN_IPADDRESS;
|
||||
- return ((unsigned char *) &long_ret);
|
||||
+ return ((unsigned char *) &addr_ret);
|
||||
}
|
||||
}
|
||||
*var_len = 0;
|
||||
--- net-snmp-5.4/agent/mibgroup/ucd-snmp/pass.c.64bit 2005-08-18 02:44:02.000000000 +0200
|
||||
+++ net-snmp-5.4/agent/mibgroup/ucd-snmp/pass.c 2006-11-27 13:56:30.000000000 +0100
|
||||
@@ -287,6 +287,7 @@
|
||||
oid newname[MAX_OID_LEN];
|
||||
int i, rtest, fd, newlen;
|
||||
static long long_ret;
|
||||
+ static in_addr_t addr_ret;
|
||||
char buf[SNMP_MAXBUF];
|
||||
static char buf2[SNMP_MAXBUF];
|
||||
static oid objid[MAX_OID_LEN];
|
||||
@@ -412,13 +413,13 @@
|
||||
*var_len = 0;
|
||||
return (NULL);
|
||||
}
|
||||
- long_ret =
|
||||
+ addr_ret =
|
||||
(objid[0] << (8 * 3)) + (objid[1] << (8 * 2)) +
|
||||
(objid[2] << 8) + objid[3];
|
||||
- long_ret = htonl(long_ret);
|
||||
- *var_len = sizeof(long_ret);
|
||||
+ addr_ret = htonl(addr_ret);
|
||||
+ *var_len = sizeof(addr_ret);
|
||||
vp->type = ASN_IPADDRESS;
|
||||
- return ((unsigned char *) &long_ret);
|
||||
+ return ((unsigned char *) &addr_ret);
|
||||
}
|
||||
}
|
||||
*var_len = 0;
|
||||
--- net-snmp-5.4/agent/mibgroup/mibII/at.c.64bit 2006-11-07 00:43:27.000000000 +0100
|
||||
+++ net-snmp-5.4/agent/mibgroup/mibII/at.c 2006-11-27 13:59:46.000000000 +0100
|
||||
@@ -126,9 +126,9 @@
|
||||
#ifndef solaris2
|
||||
static void ARP_Scan_Init(void);
|
||||
#ifdef ARP_SCAN_FOUR_ARGUMENTS
|
||||
-static int ARP_Scan_Next(u_long *, char *, u_long *, u_short *);
|
||||
+static int ARP_Scan_Next(u_int *, char *, u_long *, u_short *);
|
||||
#else
|
||||
-static int ARP_Scan_Next(u_long *, char *, u_long *);
|
||||
+static int ARP_Scan_Next(u_int *, char *, u_long *);
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
@@ -204,7 +204,8 @@
|
||||
oid lowest[16];
|
||||
oid current[16];
|
||||
static char PhysAddr[6], LowPhysAddr[6];
|
||||
- u_long Addr, LowAddr, foundone;
|
||||
+ u_int Addr, LowAddr, foundone;
|
||||
+ static int addr_ret;
|
||||
#ifdef ARP_SCAN_FOUR_ARGUMENTS
|
||||
u_short ifIndex, lowIfIndex = 0;
|
||||
#endif /* ARP_SCAN_FOUR_ARGUMENTS */
|
||||
@@ -314,9 +315,9 @@
|
||||
*var_len = sizeof(LowPhysAddr);
|
||||
return (u_char *) LowPhysAddr;
|
||||
case IPMEDIANETADDRESS: /* also ATNETADDRESS */
|
||||
- *var_len = sizeof(uint32_t);
|
||||
- long_return = LowAddr;
|
||||
- return (u_char *) & long_return;
|
||||
+ *var_len = sizeof addr_ret;
|
||||
+ addr_ret = LowAddr;
|
||||
+ return (u_char *) & addr_ret;
|
||||
case IPMEDIATYPE:
|
||||
*var_len = sizeof long_return;
|
||||
long_return = lowIfType;
|
||||
@@ -707,11 +708,11 @@
|
||||
|
||||
#ifdef ARP_SCAN_FOUR_ARGUMENTS
|
||||
static int
|
||||
-ARP_Scan_Next(u_long * IPAddr, char *PhysAddr, u_long * ifType,
|
||||
+ARP_Scan_Next(u_int * IPAddr, char *PhysAddr, u_long * ifType,
|
||||
u_short * ifIndex)
|
||||
#else
|
||||
static int
|
||||
-ARP_Scan_Next(u_long * IPAddr, char *PhysAddr, u_long * ifType)
|
||||
+ARP_Scan_Next(u_int * IPAddr, char *PhysAddr, u_long * ifType)
|
||||
#endif
|
||||
{
|
||||
#ifndef NETSNMP_CAN_USE_SYSCTL
|
||||
--- net-snmp-5.4/agent/mibgroup/mibII/var_route.c.64bit 2006-11-07 00:43:27.000000000 +0100
|
||||
+++ net-snmp-5.4/agent/mibgroup/mibII/var_route.c 2006-11-27 14:13:13.000000000 +0100
|
||||
@@ -434,6 +434,7 @@
|
||||
static oid saveName[MAX_OID_LEN], Current[MAX_OID_LEN];
|
||||
u_char *cp;
|
||||
oid *op;
|
||||
+ static in_addr_t addr_ret;
|
||||
#if NEED_KLGETSA
|
||||
struct sockaddr_in *sa;
|
||||
#endif
|
||||
@@ -538,13 +539,13 @@
|
||||
|
||||
switch (vp->magic) {
|
||||
case IPROUTEDEST:
|
||||
- *var_len = sizeof(uint32_t);
|
||||
+ *var_len = sizeof(addr_ret);
|
||||
#if NEED_KLGETSA
|
||||
sa = klgetsa((struct sockaddr_in *) rthead[RtIndex]->rt_dst);
|
||||
return (u_char *) & (sa->sin_addr.s_addr);
|
||||
#elif defined(hpux11)
|
||||
- long_return = rt[RtIndex].Dest;
|
||||
- return (u_char *) & long_return;
|
||||
+ addr_ret = rt[RtIndex].Dest;
|
||||
+ return (u_char *) & addr_ret;
|
||||
#else
|
||||
return (u_char *) & ((struct sockaddr_in *) &rthead[RtIndex]->
|
||||
rt_dst)->sin_addr.s_addr;
|
||||
@@ -597,13 +598,13 @@
|
||||
long_return = -1;
|
||||
return (u_char *) & long_return;
|
||||
case IPROUTENEXTHOP:
|
||||
- *var_len = sizeof(uint32_t);
|
||||
+ *var_len = sizeof(addr_ret);
|
||||
#if NEED_KLGETSA
|
||||
sa = klgetsa((struct sockaddr_in *) rthead[RtIndex]->rt_gateway);
|
||||
return (u_char *) & (sa->sin_addr.s_addr);
|
||||
#elif defined(hpux11)
|
||||
- long_return = rt[RtIndex].NextHop;
|
||||
- return (u_char *) & long_return;
|
||||
+ addr_ret = rt[RtIndex].NextHop;
|
||||
+ return (u_char *) & addr_ret;
|
||||
#else
|
||||
return (u_char *) & ((struct sockaddr_in *) &rthead[RtIndex]->
|
||||
rt_gateway)->sin_addr.s_addr;
|
||||
@@ -649,14 +650,14 @@
|
||||
#if NETSNMP_NO_DUMMY_VALUES
|
||||
return NULL;
|
||||
#endif
|
||||
- long_return = 0;
|
||||
+ addr_ret = 0;
|
||||
#elif defined(hpux11)
|
||||
- long_return = rt[RtIndex].Mask;
|
||||
- return (u_char *) & long_return;
|
||||
+ addr_ret = rt[RtIndex].Mask;
|
||||
+ return (u_char *) & addr_ret;
|
||||
#else /* !NEED_KLGETSA && !hpux11 */
|
||||
if (((struct sockaddr_in *) &rthead[RtIndex]->rt_dst)->sin_addr.
|
||||
s_addr == 0)
|
||||
- long_return = 0; /* Default route */
|
||||
+ addr_ret = 0; /* Default route */
|
||||
else {
|
||||
#ifndef linux
|
||||
if (!NETSNMP_KLOOKUP(rthead[RtIndex]->rt_ifp,
|
||||
@@ -681,7 +682,7 @@
|
||||
#endif /* linux */
|
||||
}
|
||||
#endif /* NEED_KLGETSA */
|
||||
- return (u_char *) & long_return;
|
||||
+ return (u_char *) & addr_ret;
|
||||
case IPROUTEINFO:
|
||||
*var_len = nullOidLen;
|
||||
return (u_char *) nullOid;
|
||||
--- net-snmp-5.4/agent/mibgroup/mibII/ipCidrRouteTable_access.c.64bit 2003-02-22 05:19:51.000000000 +0100
|
||||
+++ net-snmp-5.4/agent/mibgroup/mibII/ipCidrRouteTable_access.c 2006-11-27 13:56:30.000000000 +0100
|
||||
@@ -22,6 +22,7 @@
|
||||
/** a global static we'll make use of a lot to map to the right
|
||||
datatype to return (which for SNMP integer's is always a long). */
|
||||
static u_long long_ret;
|
||||
+static in_addr_t addr_ret;
|
||||
|
||||
|
||||
/*
|
||||
@@ -32,18 +33,18 @@
|
||||
get_ipCidrRouteDest(void *data_context, size_t * ret_len)
|
||||
{
|
||||
RTENTRY *ourroute = (RTENTRY *) data_context;
|
||||
- long_ret = ((struct sockaddr_in *) (&ourroute->rt_dst))->sin_addr.s_addr;
|
||||
- *ret_len = sizeof(long_ret);
|
||||
- return &long_ret;
|
||||
+ addr_ret = ((struct sockaddr_in *) (&ourroute->rt_dst))->sin_addr.s_addr;
|
||||
+ *ret_len = sizeof(addr_ret);
|
||||
+ return &addr_ret;
|
||||
}
|
||||
|
||||
u_long *
|
||||
get_ipCidrRouteMask(void *data_context, size_t * ret_len)
|
||||
{
|
||||
RTENTRY *ourroute = (RTENTRY *) data_context;
|
||||
- long_ret = ((struct sockaddr_in *) (&ourroute->rt_genmask))->sin_addr.s_addr;
|
||||
- *ret_len = sizeof(long_ret);
|
||||
- return &long_ret;
|
||||
+ addr_ret = ((struct sockaddr_in *) (&ourroute->rt_genmask))->sin_addr.s_addr;
|
||||
+ *ret_len = sizeof(addr_ret);
|
||||
+ return &addr_ret;
|
||||
}
|
||||
|
||||
long *
|
||||
@@ -59,9 +60,9 @@
|
||||
get_ipCidrRouteNextHop(void *data_context, size_t * ret_len)
|
||||
{
|
||||
RTENTRY *ourroute = (RTENTRY *) data_context;
|
||||
- long_ret = ((struct sockaddr_in *) (&ourroute->rt_gateway))->sin_addr.s_addr;
|
||||
- *ret_len = sizeof(long_ret);
|
||||
- return &long_ret;
|
||||
+ addr_ret = ((struct sockaddr_in *) (&ourroute->rt_gateway))->sin_addr.s_addr;
|
||||
+ *ret_len = sizeof(addr_ret);
|
||||
+ return &addr_ret;
|
||||
}
|
||||
|
||||
long *
|
34
net-snmp-5.4-ethtool-config.patch
Normal file
34
net-snmp-5.4-ethtool-config.patch
Normal file
@ -0,0 +1,34 @@
|
||||
--- net-snmp-5.4/configure.ethtool-config 2007-01-11 17:26:28.000000000 +0100
|
||||
+++ net-snmp-5.4/configure 2007-01-11 17:26:28.000000000 +0100
|
||||
@@ -32741,10 +32741,10 @@
|
||||
/* end confdefs.h. */
|
||||
|
||||
#include <sys/types.h>
|
||||
-typedef unsigned long long u64; /* hack, so we may include kernel's ethtool.h */
|
||||
-typedef __uint32_t u32; /* ditto */
|
||||
-typedef __uint16_t u16; /* ditto */
|
||||
-typedef __uint8_t u8; /* ditto */
|
||||
+typedef unsigned long long __u64; /* hack, so we may include kernel's ethtool.h */
|
||||
+typedef __uint32_t __u32; /* ditto */
|
||||
+typedef __uint16_t __u16; /* ditto */
|
||||
+typedef __uint8_t __u8; /* ditto */
|
||||
|
||||
|
||||
#include <$ac_header>
|
||||
--- net-snmp-5.4/agent/mibgroup/if-mib/data_access/interface_linux.c.ethtool-config 2006-09-21 15:09:18.000000000 +0200
|
||||
+++ net-snmp-5.4/agent/mibgroup/if-mib/data_access/interface_linux.c 2007-01-11 17:27:32.000000000 +0100
|
||||
@@ -26,10 +26,10 @@
|
||||
#include <unistd.h>
|
||||
|
||||
#ifdef HAVE_LINUX_ETHTOOL_H
|
||||
-typedef unsigned long long u64; /* hack, so we may include kernel's ethtool.h */
|
||||
-typedef __uint32_t u32; /* ditto */
|
||||
-typedef __uint16_t u16; /* ditto */
|
||||
-typedef __uint8_t u8; /* ditto */
|
||||
+typedef unsigned long long __u64; /* hack, so we may include kernel's ethtool.h */
|
||||
+typedef __uint32_t __u32; /* ditto */
|
||||
+typedef __uint16_t __u16; /* ditto */
|
||||
+typedef __uint8_t __u8; /* ditto */
|
||||
#include <linux/ethtool.h>
|
||||
#endif /* HAVE_LINUX_ETHTOOL_H */
|
||||
#include <linux/sockios.h>
|
12
net-snmp-5.4-exec-crash.patch
Normal file
12
net-snmp-5.4-exec-crash.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- net-snmp-5.4/agent/mibgroup/agent/extend.c.orig 2006-10-18 21:07:35.000000000 +0200
|
||||
+++ net-snmp-5.4/agent/mibgroup/agent/extend.c 2007-06-27 14:30:08.000000000 +0200
|
||||
@@ -448,6 +448,9 @@
|
||||
extension->command = strdup( exec_command );
|
||||
if (cptr)
|
||||
extension->args = strdup( cptr );
|
||||
+ } else {
|
||||
+ snmp_log(LOG_ERR, "Duplicate MIBOID '%s' detected in exec statement, only the first one will be used.\n", exec_name);
|
||||
+ return;
|
||||
}
|
||||
|
||||
#ifndef USING_UCD_SNMP_EXTENSIBLE_MODULE
|
100
net-snmp-5.4.1-config_libdir.patch
Normal file
100
net-snmp-5.4.1-config_libdir.patch
Normal file
@ -0,0 +1,100 @@
|
||||
--- net-snmp-5.4/configure.libdir 2006-11-27 14:27:52.000000000 +0100
|
||||
+++ net-snmp-5.4/configure 2006-11-27 14:31:34.000000000 +0100
|
||||
@@ -5161,7 +5161,7 @@
|
||||
# Let's accept both of them until this is cleared up.
|
||||
lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
|
||||
lt_cv_file_magic_cmd=/usr/bin/file
|
||||
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
|
||||
+ lt_cv_file_magic_test_file=`echo $LIBDIR/libc.so.*`
|
||||
;;
|
||||
esac
|
||||
else
|
||||
@@ -5178,15 +5178,15 @@
|
||||
case $host_cpu in
|
||||
ia64*)
|
||||
lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
|
||||
- lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
|
||||
+ lt_cv_file_magic_test_file=$LIBDIR/hpux32/libc.so
|
||||
;;
|
||||
hppa*64*)
|
||||
lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
|
||||
- lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
|
||||
+ lt_cv_file_magic_test_file=$LIBDIR/pa20_64/libc.sl
|
||||
;;
|
||||
*)
|
||||
lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
|
||||
- lt_cv_file_magic_test_file=/usr/lib/libc.sl
|
||||
+ lt_cv_file_magic_test_file=$LIBDIR/libc.sl
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
@@ -5222,7 +5222,7 @@
|
||||
newos6*)
|
||||
lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
|
||||
lt_cv_file_magic_cmd=/usr/bin/file
|
||||
- lt_cv_file_magic_test_file=/usr/lib/libnls.so
|
||||
+ lt_cv_file_magic_test_file=$LIBDIR/libnls.so
|
||||
;;
|
||||
|
||||
nto-qnx*)
|
||||
@@ -5249,7 +5249,7 @@
|
||||
case $host_vendor in
|
||||
motorola)
|
||||
lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
|
||||
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
|
||||
+ lt_cv_file_magic_test_file=`echo $LIBDIR/libc.so*`
|
||||
;;
|
||||
ncr)
|
||||
lt_cv_deplibs_check_method=pass_all
|
||||
@@ -8761,13 +8761,13 @@
|
||||
fi
|
||||
rm -f conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
+if test -z "$aix_libpath"; then aix_libpath="$LIBDIR:/lib"; fi
|
||||
|
||||
hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
|
||||
archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
|
||||
else
|
||||
if test "$host_cpu" = ia64; then
|
||||
- hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
|
||||
+ hardcode_libdir_flag_spec='${wl}-R $libdir:$LIBDIR:/lib'
|
||||
allow_undefined_flag="-z nodefs"
|
||||
archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
|
||||
else
|
||||
@@ -8822,7 +8822,7 @@
|
||||
fi
|
||||
rm -f conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
+if test -z "$aix_libpath"; then aix_libpath="$LIBDIR:/lib"; fi
|
||||
|
||||
hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
|
||||
# Warning - without using the other run time loading flags,
|
||||
@@ -8936,7 +8936,7 @@
|
||||
# does not break anything, and helps significantly (at the cost of a little
|
||||
# extra space).
|
||||
freebsd2.2*)
|
||||
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
|
||||
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags $LIBDIR/c++rt0.o'
|
||||
hardcode_libdir_flag_spec='-R$libdir'
|
||||
hardcode_direct=yes
|
||||
hardcode_shlibpath_var=no
|
||||
@@ -9504,7 +9504,7 @@
|
||||
shlibpath_overrides_runpath=unknown
|
||||
version_type=none
|
||||
dynamic_linker="$host_os ld.so"
|
||||
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
|
||||
+sys_lib_dlsearch_path_spec="/lib $LIBDIR"
|
||||
|
||||
if test "$GCC" = yes; then
|
||||
case $host_os in
|
||||
@@ -9363,7 +9363,7 @@
|
||||
sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
|
||||
fi
|
||||
else
|
||||
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
|
||||
+ sys_lib_search_path_spec="/lib $LIBDIR /usr/local/lib"
|
||||
fi
|
||||
need_lib_prefix=unknown
|
||||
hardcode_into_libs=no
|
64
net-snmp-5.4.1-getbulk-crash.patch
Normal file
64
net-snmp-5.4.1-getbulk-crash.patch
Normal file
@ -0,0 +1,64 @@
|
||||
CVE-2008-4309: net-snmp: numresponses calculation integer overflow in snmp_agent.c
|
||||
|
||||
Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17272
|
||||
|
||||
Index: clean/agent/snmp_agent.c
|
||||
===================================================================
|
||||
--- clean.orig/agent/snmp_agent.c 2008-10-28 23:12:10.000000000 +0100
|
||||
+++ clean/agent/snmp_agent.c 2008-10-28 23:15:11.000000000 +0100
|
||||
@@ -2234,7 +2234,6 @@
|
||||
r = 0;
|
||||
asp->bulkcache = NULL;
|
||||
} else {
|
||||
- int numresponses;
|
||||
int maxbulk =
|
||||
netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
|
||||
NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
|
||||
@@ -2245,28 +2244,31 @@
|
||||
if (maxresponses == 0)
|
||||
maxresponses = 100; /* more than reasonable default */
|
||||
|
||||
- if (maxbulk == 0)
|
||||
- maxbulk = -1;
|
||||
+ /* ensure that the total number of responses fits in a mallocable
|
||||
+ * result vector
|
||||
+ */
|
||||
+ if (maxresponses < 0 ||
|
||||
+ maxresponses > INT_MAX / sizeof(struct varbind_list *))
|
||||
+ maxresponses = INT_MAX / sizeof(struct varbind_list *);
|
||||
+
|
||||
+ /* ensure that the maximum number of repetitions will fit in the
|
||||
+ * result vector
|
||||
+ */
|
||||
+ if (maxbulk <= 0 || maxbulk > maxresponses / r)
|
||||
+ maxbulk = maxresponses / r;
|
||||
|
||||
/* limit getbulk number of repeats to a configured size */
|
||||
- if (asp->pdu->errindex > maxbulk && maxbulk != -1) {
|
||||
+ if (asp->pdu->errindex > maxbulk) {
|
||||
asp->pdu->errindex = maxbulk;
|
||||
- }
|
||||
-
|
||||
- numresponses = asp->pdu->errindex * r;
|
||||
-
|
||||
- /* limit getbulk number of getbulk responses to a configured size */
|
||||
- if (maxresponses != -1 && numresponses > maxresponses) {
|
||||
- /* attempt to truncate this */
|
||||
- asp->pdu->errindex = maxresponses/r;
|
||||
- numresponses = asp->pdu->errindex * r;
|
||||
- DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex));
|
||||
+ DEBUGMSGTL(("snmp_agent",
|
||||
+ "truncating number of getbulk repeats to %d\n",
|
||||
+ asp->pdu->errindex));
|
||||
}
|
||||
|
||||
asp->bulkcache =
|
||||
- (netsnmp_variable_list **) malloc(numresponses *
|
||||
- sizeof(struct
|
||||
- varbind_list *));
|
||||
+ (netsnmp_variable_list **) malloc(
|
||||
+ asp->pdu->errindex * r * sizeof(struct varbind_list *));
|
||||
+
|
||||
if (!asp->bulkcache) {
|
||||
DEBUGMSGTL(("snmp_agent", "Bulkcache malloc failed\n"));
|
||||
return SNMP_ERR_GENERR;
|
18
net-snmp-5.4.1-hmac-check.patch
Normal file
18
net-snmp-5.4.1-hmac-check.patch
Normal file
@ -0,0 +1,18 @@
|
||||
447974: CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)
|
||||
|
||||
Source: upstream, https://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
|
||||
Reviewed-by: Jan Safranek <jsafrane@redhat.com>
|
||||
|
||||
diff -up net-snmp-5.0.9/snmplib/scapi.c.orig net-snmp-5.0.9/snmplib/scapi.c
|
||||
--- net-snmp-5.0.9/snmplib/scapi.c.orig 2008-06-04 10:19:26.000000000 +0200
|
||||
+++ net-snmp-5.0.9/snmplib/scapi.c 2008-06-04 10:20:45.000000000 +0200
|
||||
@@ -460,6 +460,9 @@ sc_check_keyed_hash(const oid * authtype
|
||||
QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
|
||||
}
|
||||
|
||||
+ if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
|
||||
+ QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Generate a full hash of the message, then compare
|
212
net-snmp-5.4.1-hostname.patch
Normal file
212
net-snmp-5.4.1-hostname.patch
Normal file
@ -0,0 +1,212 @@
|
||||
--- net-snmp-5.4/snmplib/snmpUDPDomain.c.orig 2006-09-20 01:42:17.000000000 +0200
|
||||
+++ net-snmp-5.4/snmplib/snmpUDPDomain.c 2007-05-03 12:17:30.000000000 +0200
|
||||
@@ -87,6 +87,7 @@
|
||||
netsnmp_udp_fmtaddr(netsnmp_transport *t, void *data, int len)
|
||||
{
|
||||
netsnmp_udp_addr_pair *addr_pair = NULL;
|
||||
+ struct hostent *host;
|
||||
|
||||
if (data != NULL && len == sizeof(netsnmp_udp_addr_pair)) {
|
||||
addr_pair = (netsnmp_udp_addr_pair *) data;
|
||||
@@ -104,6 +105,10 @@
|
||||
return strdup("UDP: unknown");
|
||||
}
|
||||
|
||||
+ if ( t && t->flags & NETSNMP_TRANSPORT_FLAG_HOSTNAME ) {
|
||||
+ host = gethostbyaddr((char *)&to->sin_addr, 4, AF_INET);
|
||||
+ return (host ? strdup(host->h_name) : NULL);
|
||||
+ }
|
||||
sprintf(tmp, "UDP: [%s]:%hu",
|
||||
inet_ntoa(to->sin_addr), ntohs(to->sin_port));
|
||||
return strdup(tmp);
|
||||
--- net-snmp-5.3.1/include/net-snmp/library/snmp_transport.h.orig 2005-09-15 15:46:58.000000000 +0200
|
||||
+++ net-snmp-5.3.1/include/net-snmp/library/snmp_transport.h 2007-05-02 17:21:30.000000000 +0200
|
||||
@@ -19,6 +19,7 @@
|
||||
#define NETSNMP_TRANSPORT_FLAG_STREAM 0x01
|
||||
#define NETSNMP_TRANSPORT_FLAG_LISTEN 0x02
|
||||
#define NETSNMP_TRANSPORT_FLAG_TUNNELED 0x04
|
||||
+#define NETSNMP_TRANSPORT_FLAG_HOSTNAME 0x80 /* for fmtaddr hook */
|
||||
|
||||
/* The standard SNMP domains. */
|
||||
|
||||
--- net-snmp-5.4.1/apps/snmptrapd_log.c.orig 2007-05-31 16:39:14.000000000 +0200
|
||||
+++ net-snmp-5.4.1/apps/snmptrapd_log.c 2007-08-07 13:46:40.000000000 +0200
|
||||
@@ -626,6 +626,8 @@ realloc_handle_ip_fmt(u_char ** buf, siz
|
||||
char fmt_cmd = options->cmd; /* what we're formatting */
|
||||
u_char *temp_buf = NULL;
|
||||
size_t temp_buf_len = 64, temp_out_len = 0;
|
||||
+ char *tstr;
|
||||
+ unsigned int oflags;
|
||||
|
||||
if ((temp_buf = calloc(temp_buf_len, 1)) == NULL) {
|
||||
return 0;
|
||||
@@ -681,130 +683,59 @@ realloc_handle_ip_fmt(u_char ** buf, siz
|
||||
* Write the numerical transport information.
|
||||
*/
|
||||
if (transport != NULL && transport->f_fmtaddr != NULL) {
|
||||
- char *tstr =
|
||||
- transport->f_fmtaddr(transport, pdu->transport_data,
|
||||
- pdu->transport_data_length);
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1, (u_char *)tstr)) {
|
||||
- if (tstr != NULL) {
|
||||
- free(tstr);
|
||||
- }
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
+ oflags = transport->flags;
|
||||
+ transport->flags &= ~NETSNMP_TRANSPORT_FLAG_HOSTNAME;
|
||||
+ tstr = transport->f_fmtaddr(transport, pdu->transport_data,
|
||||
+ pdu->transport_data_length);
|
||||
+ transport->flags = oflags;
|
||||
+
|
||||
+ if (!tstr) goto noip;
|
||||
+ if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len,
|
||||
+ 1, (u_char *)tstr)) {
|
||||
+ SNMP_FREE(temp_buf);
|
||||
+ SNMP_FREE(tstr);
|
||||
return 0;
|
||||
}
|
||||
- if (tstr != NULL) {
|
||||
- free(tstr);
|
||||
- }
|
||||
+ SNMP_FREE(tstr);
|
||||
} else {
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
- (const u_char*)"<UNKNOWN>")) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
+noip:
|
||||
+ if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
+ (const u_char*)"<UNKNOWN>")) {
|
||||
+ SNMP_FREE(temp_buf);
|
||||
return 0;
|
||||
- }
|
||||
+ }
|
||||
}
|
||||
break;
|
||||
|
||||
- /*
|
||||
- * Write a host name.
|
||||
- */
|
||||
case CHR_PDU_NAME:
|
||||
/*
|
||||
- * Right, apparently a name lookup is wanted. This is only reasonable
|
||||
- * for the UDP and TCP transport domains (we don't want to try to be
|
||||
- * too clever here).
|
||||
+ * Try to convert the numerical transport information
|
||||
+ * into a hostname. Or rather, have the transport-specific
|
||||
+ * address formatting routine do this.
|
||||
+ * Otherwise falls back to the numeric address format.
|
||||
*/
|
||||
-#ifdef NETSNMP_TRANSPORT_TCP_DOMAIN
|
||||
- if (transport != NULL && (transport->domain == netsnmpUDPDomain ||
|
||||
- transport->domain ==
|
||||
- netsnmp_snmpTCPDomain)) {
|
||||
-#else
|
||||
- if (transport != NULL && transport->domain == netsnmpUDPDomain) {
|
||||
-#endif
|
||||
- /*
|
||||
- * This is kind of bletcherous -- it breaks the opacity of
|
||||
- * transport_data but never mind -- the alternative is a lot of
|
||||
- * munging strings from f_fmtaddr.
|
||||
- */
|
||||
-typedef struct netsnmp_udp_addr_pair_s { /* From snmpUDPDomain.c */
|
||||
- struct sockaddr_in remote_addr;
|
||||
- struct in_addr local_addr;
|
||||
-} netsnmp_udp_addr_pair;
|
||||
-
|
||||
- netsnmp_udp_addr_pair *addr =
|
||||
- (netsnmp_udp_addr_pair *) pdu->transport_data;
|
||||
- if (addr != NULL
|
||||
- && pdu->transport_data_length ==
|
||||
- sizeof(netsnmp_udp_addr_pair)) {
|
||||
- if (!netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
- NETSNMP_DS_APP_NUMERIC_IP)) {
|
||||
- host =
|
||||
- gethostbyaddr((char *) &(addr->remote_addr.sin_addr),
|
||||
- sizeof(struct in_addr), AF_INET);
|
||||
- }
|
||||
- if (host != NULL) {
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
- (u_char *)host->h_name)) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
- return 0;
|
||||
- }
|
||||
- } else {
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
- (u_char *)inet_ntoa(addr->remote_addr.sin_addr))) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
- return 0;
|
||||
- }
|
||||
- }
|
||||
- } else {
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
- (const u_char*)"<UNKNOWN>")) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
- return 0;
|
||||
- }
|
||||
- }
|
||||
- } else if (transport != NULL && transport->f_fmtaddr != NULL) {
|
||||
- /*
|
||||
- * Some other domain for which we do not know how to do a name
|
||||
- * lookup. Fall back to the formatted transport address.
|
||||
- */
|
||||
- char *tstr =
|
||||
- transport->f_fmtaddr(transport, pdu->transport_data,
|
||||
- pdu->transport_data_length);
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1, (u_char *)tstr)) {
|
||||
- if (tstr != NULL) {
|
||||
- free(tstr);
|
||||
- }
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
+ if (transport != NULL && transport->f_fmtaddr != NULL) {
|
||||
+ oflags = transport->flags;
|
||||
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
+ NETSNMP_DS_APP_NUMERIC_IP))
|
||||
+ transport->flags |= NETSNMP_TRANSPORT_FLAG_HOSTNAME;
|
||||
+ tstr = transport->f_fmtaddr(transport, pdu->transport_data,
|
||||
+ pdu->transport_data_length);
|
||||
+ transport->flags = oflags;
|
||||
+
|
||||
+ if (!tstr) goto nohost;
|
||||
+ if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len,
|
||||
+ 1, (u_char *)tstr)) {
|
||||
+ SNMP_FREE(temp_buf);
|
||||
+ SNMP_FREE(tstr);
|
||||
return 0;
|
||||
}
|
||||
- if (tstr != NULL) {
|
||||
- free(tstr);
|
||||
- }
|
||||
- } else {
|
||||
- /*
|
||||
- * We are kind of stuck!
|
||||
- */
|
||||
+ SNMP_FREE(tstr);
|
||||
+ } else {
|
||||
+nohost:
|
||||
if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
(const u_char*)"<UNKNOWN>")) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
+ SNMP_FREE(temp_buf);
|
||||
return 0;
|
||||
}
|
||||
}
|
51
net-snmp-5.4.1-long-iface-names.patch
Normal file
51
net-snmp-5.4.1-long-iface-names.patch
Normal file
@ -0,0 +1,51 @@
|
||||
468045: Interface name too long: "ioctl 35123 returned -1"
|
||||
|
||||
Source: upstream, svn rev. 16797
|
||||
|
||||
Support longer interface names.
|
||||
|
||||
diff --git a/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||
index 51cde1b..72c1d2d 100644
|
||||
--- a/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||
+++ b/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||
@@ -189,7 +189,8 @@ _load_v6(netsnmp_container *container, int idx_offset)
|
||||
return -1;
|
||||
#else
|
||||
FILE *in;
|
||||
- char line[80], addr[40], if_name[IFNAMSIZ];
|
||||
+ char line[80], addr[40];
|
||||
+ char if_name[IFNAMSIZ+1];/* +1 for '\0' because of the ugly sscanf below */
|
||||
u_char *buf;
|
||||
int if_index, pfx_len, scope, flags, rc = 0;
|
||||
size_t in_len, out_len;
|
||||
@@ -229,7 +230,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
|
||||
* F: flags (see include/linux/rtnetlink.h, net/ipv6/addrconf.c)
|
||||
* I: interface
|
||||
*/
|
||||
- rc = sscanf(line, "%39s %02x %02x %02x %02x %8s\n",
|
||||
+ rc = sscanf(line, "%39s %02x %02x %02x %02x %" SNMP_MACRO_VAL_TO_STR(IFNAMSIZ) "s\n",
|
||||
addr, &if_index, &pfx_len, &scope, &flags, if_name);
|
||||
if( 6 != rc ) {
|
||||
snmp_log(LOG_ERR, PROCFILE " data format error (%d!=6), line ==|%s|\n",
|
||||
diff --git a/net-snmp/include/net-snmp/library/tools.h b/net-snmp/include/net-snmp/library/tools.h
|
||||
index 7822855..e57d1ac 100644
|
||||
--- a/net-snmp/include/net-snmp/library/tools.h
|
||||
+++ b/net-snmp/include/net-snmp/library/tools.h
|
||||
@@ -88,6 +88,17 @@ extern "C" {
|
||||
Computers the minimum of a and b. */
|
||||
#define SNMP_MIN(a,b) ((a) > (b) ? (b) : (a))
|
||||
|
||||
+/** @def SNMP_MACRO_VAL_TO_STR(s)
|
||||
+ * Expands to string with value of the s.
|
||||
+ * If s is macro, the resulting string is value of the macro.
|
||||
+ * Example:
|
||||
+ * #define TEST 1234
|
||||
+ * SNMP_MACRO_VAL_TO_STR(TEST) expands to "1234"
|
||||
+ * SNMP_MACRO_VAL_TO_STR(TEST+1) expands to "1234+1"
|
||||
+ */
|
||||
+#define SNMP_MACRO_VAL_TO_STR(s) SNMP_MACRO_VAL_TO_STR_PRIV(s)
|
||||
+#define SNMP_MACRO_VAL_TO_STR_PRIV(s) #s
|
||||
+
|
||||
#ifndef FALSE
|
||||
#define FALSE 0
|
||||
#endif
|
43
net-snmp-5.4.1-perl-set.patch
Normal file
43
net-snmp-5.4.1-perl-set.patch
Normal file
@ -0,0 +1,43 @@
|
||||
452131: net-snmp-perl is broken for 5.10, cannot set oids
|
||||
|
||||
Source: jbjohnso@us.ibm.com, accepted upstream, SVN rev. 17097
|
||||
|
||||
diff -urN net-snmp-5.4.1/perl/SNMP/SNMP.xs net-snmp-5.4.1-f9fix/perl/SNMP/SNMP.xs
|
||||
--- net-snmp-5.4.1/perl/SNMP/SNMP.xs 2008-06-13 15:48:46.000000000 -0500
|
||||
+++ net-snmp-5.4.1-f9fix/perl/SNMP/SNMP.xs 2008-06-13 15:48:05.000000000 -0500
|
||||
@@ -3072,7 +3072,7 @@
|
||||
res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
|
||||
(varbind_val_f && SvOK(*varbind_val_f) ?
|
||||
SvPV(*varbind_val_f,na):NULL),
|
||||
- (varbind_val_f && SvOK(*varbind_val_f) ?
|
||||
+ (varbind_val_f && SvPOK(*varbind_val_f) ?
|
||||
SvCUR(*varbind_val_f):0), type);
|
||||
|
||||
if (verbose && res == FAILURE)
|
||||
@@ -4266,7 +4266,7 @@
|
||||
res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
|
||||
(varbind_val_f && SvOK(*varbind_val_f) ?
|
||||
SvPV(*varbind_val_f,na):NULL),
|
||||
- (varbind_val_f && SvOK(*varbind_val_f) ?
|
||||
+ (varbind_val_f && SvPOK(*varbind_val_f) ?
|
||||
SvCUR(*varbind_val_f):0),
|
||||
type);
|
||||
|
||||
@@ -4424,7 +4424,7 @@
|
||||
res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
|
||||
(varbind_val_f && SvOK(*varbind_val_f) ?
|
||||
SvPV(*varbind_val_f,na):NULL),
|
||||
- (varbind_val_f && SvOK(*varbind_val_f) ?
|
||||
+ (varbind_val_f && SvPOK(*varbind_val_f) ?
|
||||
SvCUR(*varbind_val_f):0),
|
||||
type);
|
||||
|
||||
@@ -4563,7 +4563,7 @@
|
||||
res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
|
||||
(varbind_val_f && SvOK(*varbind_val_f) ?
|
||||
SvPV(*varbind_val_f,na):NULL),
|
||||
- (varbind_val_f && SvOK(*varbind_val_f) ?
|
||||
+ (varbind_val_f && SvPOK(*varbind_val_f) ?
|
||||
SvCUR(*varbind_val_f):0),
|
||||
type);
|
||||
|
106
net-snmp-5.4.1-perl-snprintf.patch
Normal file
106
net-snmp-5.4.1-perl-snprintf.patch
Normal file
@ -0,0 +1,106 @@
|
||||
447262: CVE-2008-2292 net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
|
||||
|
||||
Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&sortby=date&revision=16770
|
||||
Reviewed-By: Jan Safranek <jsafrane@redhat.com>
|
||||
|
||||
--- branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs 2007/12/21 23:19:29 16769
|
||||
+++ branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs 2007/12/22 19:22:44 16770
|
||||
@@ -470,14 +470,16 @@
|
||||
if (flag == USE_ENUMS) {
|
||||
for(ep = tp->enums; ep; ep = ep->next) {
|
||||
if (ep->value == *var->val.integer) {
|
||||
- strcpy(buf, ep->label);
|
||||
+ strncpy(buf, ep->label, buf_len);
|
||||
+ buf[buf_len-1] = '\0';
|
||||
len = strlen(buf);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!len) {
|
||||
- sprintf(buf,"%ld", *var->val.integer);
|
||||
+ snprintf(buf, buf_len, "%ld", *var->val.integer);
|
||||
+ buf[buf_len-1] = '\0';
|
||||
len = strlen(buf);
|
||||
}
|
||||
break;
|
||||
@@ -486,21 +488,25 @@
|
||||
case ASN_COUNTER:
|
||||
case ASN_TIMETICKS:
|
||||
case ASN_UINTEGER:
|
||||
- sprintf(buf,"%lu", (unsigned long) *var->val.integer);
|
||||
+ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
|
||||
+ buf[buf_len-1] = '\0';
|
||||
len = strlen(buf);
|
||||
break;
|
||||
|
||||
case ASN_OCTET_STR:
|
||||
case ASN_OPAQUE:
|
||||
- memcpy(buf, (char*)var->val.string, var->val_len);
|
||||
len = var->val_len;
|
||||
+ if ( len > buf_len )
|
||||
+ len = buf_len;
|
||||
+ memcpy(buf, (char*)var->val.string, len);
|
||||
break;
|
||||
|
||||
case ASN_IPADDRESS:
|
||||
- ip = (u_char*)var->val.string;
|
||||
- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
|
||||
- len = strlen(buf);
|
||||
- break;
|
||||
+ ip = (u_char*)var->val.string;
|
||||
+ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
|
||||
+ buf[buf_len-1] = '\0';
|
||||
+ len = strlen(buf);
|
||||
+ break;
|
||||
|
||||
case ASN_NULL:
|
||||
break;
|
||||
@@ -512,14 +518,14 @@
|
||||
break;
|
||||
|
||||
case SNMP_ENDOFMIBVIEW:
|
||||
- sprintf(buf,"%s", "ENDOFMIBVIEW");
|
||||
- break;
|
||||
+ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
|
||||
+ break;
|
||||
case SNMP_NOSUCHOBJECT:
|
||||
- sprintf(buf,"%s", "NOSUCHOBJECT");
|
||||
- break;
|
||||
+ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
|
||||
+ break;
|
||||
case SNMP_NOSUCHINSTANCE:
|
||||
- sprintf(buf,"%s", "NOSUCHINSTANCE");
|
||||
- break;
|
||||
+ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
|
||||
+ break;
|
||||
|
||||
case ASN_COUNTER64:
|
||||
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
|
||||
@@ -538,19 +544,19 @@
|
||||
#endif
|
||||
|
||||
case ASN_BIT_STR:
|
||||
- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
|
||||
+ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
|
||||
len = strlen(buf);
|
||||
break;
|
||||
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
|
||||
case ASN_OPAQUE_FLOAT:
|
||||
- if (var->val.floatVal)
|
||||
- sprintf(buf,"%f", *var->val.floatVal);
|
||||
- break;
|
||||
+ if (var->val.floatVal)
|
||||
+ snprintf(buf, buf_len, "%f", *var->val.floatVal);
|
||||
+ break;
|
||||
|
||||
case ASN_OPAQUE_DOUBLE:
|
||||
- if (var->val.doubleVal)
|
||||
- sprintf(buf,"%f", *var->val.doubleVal);
|
||||
- break;
|
||||
+ if (var->val.doubleVal)
|
||||
+ snprintf(buf, buf_len, "%f", *var->val.doubleVal);
|
||||
+ break;
|
||||
#endif
|
||||
|
||||
case ASN_NSAP:
|
22
net-snmp-5.4.1-pie.patch
Normal file
22
net-snmp-5.4.1-pie.patch
Normal file
@ -0,0 +1,22 @@
|
||||
--- net-snmp-5.4.1/apps/Makefile.in.orig 2007-07-05 01:26:56.000000000 +0200
|
||||
+++ net-snmp-5.4.1/apps/Makefile.in 2007-08-07 11:05:41.000000000 +0200
|
||||
@@ -115,7 +115,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX
|
||||
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) $(LOCAL_LIBS) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) $(LOCAL_LIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) $(LOCAL_LIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||
|
||||
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
|
||||
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) $(LOCAL_LIBS) ${LDFLAGS} ${LIBS}
|
||||
--- net-snmp-5.4.1/agent/Makefile.in.orig 2007-07-05 01:26:56.000000000 +0200
|
||||
+++ net-snmp-5.4.1/agent/Makefile.in 2007-08-07 11:05:19.000000000 +0200
|
||||
@@ -139,7 +139,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
|
||||
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
|
||||
|
||||
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
|
||||
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} $(LOCAL_LIBS) ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} $(LOCAL_LIBS) ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||
|
||||
|
||||
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
|
1326
net-snmp-5.4.1-sensors3.patch
Normal file
1326
net-snmp-5.4.1-sensors3.patch
Normal file
File diff suppressed because it is too large
Load Diff
111
net-snmp-5.4.1-shared-ip.patch
Normal file
111
net-snmp-5.4.1-shared-ip.patch
Normal file
@ -0,0 +1,111 @@
|
||||
--- net-snmp-5.3.1/include/net-snmp/library/container.h.orig 2005-12-04 19:43:04.000000000 +0100
|
||||
+++ net-snmp-5.3.1/include/net-snmp/library/container.h 2007-05-04 10:01:38.000000000 +0200
|
||||
@@ -370,8 +370,32 @@
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
- }
|
||||
+ }
|
||||
+
|
||||
-
|
||||
+ NETSNMP_STATIC_INLINE
|
||||
+ int CONTAINER_TRY_INSERT(netsnmp_container *x, const void *k)
|
||||
+ {
|
||||
+ const void *res = NULL;
|
||||
+
|
||||
+ netsnmp_container *start;
|
||||
+ /** start at first container */
|
||||
+ while(x->prev)
|
||||
+ x = x->prev;
|
||||
+
|
||||
+ start = x;
|
||||
+
|
||||
+ for(; x; x = x->next) {
|
||||
+ if ((NULL != x->insert_filter) &&
|
||||
+ (x->insert_filter(x,k) == 1))
|
||||
+ continue;
|
||||
+ res = x->find(x,k);
|
||||
+ if (res) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+ return CONTAINER_INSERT(start, k);
|
||||
+ }
|
||||
+
|
||||
/*------------------------------------------------------------------
|
||||
* These functions should EXACTLY match the function version in
|
||||
* container.c. If you change one, change them both.
|
||||
--- net-snmp-5.3.1/snmplib/container.c.orig 2006-04-21 02:24:47.000000000 +0200
|
||||
+++ net-snmp-5.3.1/snmplib/container.c 2007-05-04 10:34:23.000000000 +0200
|
||||
@@ -286,6 +286,29 @@
|
||||
return rc;
|
||||
}
|
||||
|
||||
+int CONTAINER_TRY_INSERT(netsnmp_container *x, const void *k)
|
||||
+{
|
||||
+ const void *res = NULL;
|
||||
+
|
||||
+ netsnmp_container *start;
|
||||
+ /** start at first container */
|
||||
+ while(x->prev)
|
||||
+ x = x->prev;
|
||||
+
|
||||
+ start = x;
|
||||
+
|
||||
+ for(; x; x = x->next) {
|
||||
+ if ((NULL != x->insert_filter) &&
|
||||
+ (x->insert_filter(x,k) == 1))
|
||||
+ continue;
|
||||
+ res = x->find(x,k);
|
||||
+ if (res) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+ return CONTAINER_INSERT(start, k);
|
||||
+}
|
||||
+
|
||||
/*------------------------------------------------------------------
|
||||
* These functions should EXACTLY match the inline version in
|
||||
* container.h. If you change one, change them both.
|
||||
--- net-snmp-5.4.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c.orig 2007-05-17 23:53:28.000000000 +0200
|
||||
+++ net-snmp-5.4.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c 2007-08-07 13:49:49.000000000 +0200
|
||||
@@ -272,11 +272,15 @@ _netsnmp_ioctl_ipaddress_container_load_
|
||||
/*
|
||||
* add entry to container
|
||||
*/
|
||||
- if (CONTAINER_INSERT(container, entry) < 0)
|
||||
- {
|
||||
- DEBUGMSGTL(("access:ipaddress:container","error with ipaddress_entry: insert into container failed.\n"));
|
||||
+ rc = CONTAINER_TRY_INSERT(container, entry);
|
||||
+ if (rc < 0) {
|
||||
+ static int logged = 0;
|
||||
+ if (!logged) {
|
||||
+ snmp_log(LOG_NOTICE, "Duplicate IP address detected, some interfaces may not be visible in IP-MIB\n");
|
||||
+ logged = 1;
|
||||
+ }
|
||||
+ rc = 0;
|
||||
netsnmp_access_ipaddress_entry_free(entry);
|
||||
- continue;
|
||||
}
|
||||
}
|
||||
|
||||
--- net-snmp-5.4.1/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c.orig 2006-09-15 02:48:50.000000000 +0200
|
||||
+++ net-snmp-5.4.1/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2007-08-07 13:47:55.000000000 +0200
|
||||
@@ -324,7 +324,16 @@ _load_v6(netsnmp_container *container, i
|
||||
/*
|
||||
* add entry to container
|
||||
*/
|
||||
- CONTAINER_INSERT(container, entry);
|
||||
+ rc = CONTAINER_TRY_INSERT(container, entry);
|
||||
+ if (rc < 0) {
|
||||
+ static int logged = 0;
|
||||
+ if (!logged) {
|
||||
+ snmp_log(LOG_NOTICE, "Duplicate IP address detected, some interfaces may not be visible in IP-MIB\n");
|
||||
+ logged = 1;
|
||||
+ }
|
||||
+ netsnmp_access_ipaddress_entry_free(entry);
|
||||
+ }
|
||||
+
|
||||
}
|
||||
|
||||
fclose(in);
|
145
net-snmp-5.4.1-strange_libpath.patch
Normal file
145
net-snmp-5.4.1-strange_libpath.patch
Normal file
@ -0,0 +1,145 @@
|
||||
--- net-snmp-5.4.1/configure.mnttab.orig 2007-07-27 19:04:19.000000000 +0200
|
||||
+++ net-snmp-5.4.1/configure.mnttab 2007-08-07 13:32:45.000000000 +0200
|
||||
@@ -27930,7 +27930,7 @@ if test "${with_libwrap+set}" = set; the
|
||||
if test "$with_libwrap" != "no"; then
|
||||
if test "$with_libwrap" != "yes"; then
|
||||
CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
|
||||
- LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
|
||||
+ LDFLAGS="${LDFLAGS} -L$with_libwrap"
|
||||
fi
|
||||
|
||||
_libs=${LIBS}
|
||||
@@ -28134,7 +28134,7 @@ echo "${ECHO_T}yes" >&6
|
||||
#define NETSNMP_USE_LIBWRAP 1
|
||||
_ACEOF
|
||||
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap"
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
@@ -28362,7 +28362,7 @@ echo "${ECHO_T}yes" >&6
|
||||
#define NETSNMP_USE_LIBWRAP 1
|
||||
_ACEOF
|
||||
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap -lnsl"
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
--- net-snmp-5.4.1/configure.libdir.orig 2007-08-07 13:31:31.000000000 +0200
|
||||
+++ net-snmp-5.4.1/configure.libdir 2007-08-07 13:32:05.000000000 +0200
|
||||
@@ -27922,7 +27922,7 @@ if test "${with_libwrap+set}" = set; the
|
||||
if test "$with_libwrap" != "no"; then
|
||||
if test "$with_libwrap" != "yes"; then
|
||||
CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
|
||||
- LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
|
||||
+ LDFLAGS="${LDFLAGS} -L$with_libwrap"
|
||||
fi
|
||||
|
||||
_libs=${LIBS}
|
||||
@@ -28126,7 +28126,7 @@ echo "${ECHO_T}yes" >&6
|
||||
#define NETSNMP_USE_LIBWRAP 1
|
||||
_ACEOF
|
||||
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap"
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
@@ -28354,7 +28354,7 @@ echo "${ECHO_T}yes" >&6
|
||||
#define NETSNMP_USE_LIBWRAP 1
|
||||
_ACEOF
|
||||
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap -lnsl"
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
--- net-snmp-5.4.1/configure.orig 2007-08-07 13:31:31.000000000 +0200
|
||||
+++ net-snmp-5.4.1/configure 2007-08-07 13:33:29.000000000 +0200
|
||||
@@ -27922,7 +27922,7 @@ if test "${with_libwrap+set}" = set; the
|
||||
if test "$with_libwrap" != "no"; then
|
||||
if test "$with_libwrap" != "yes"; then
|
||||
CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
|
||||
- LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
|
||||
+ LDFLAGS="${LDFLAGS} -L$with_libwrap"
|
||||
fi
|
||||
|
||||
_libs=${LIBS}
|
||||
@@ -28126,7 +28126,7 @@ echo "${ECHO_T}yes" >&6
|
||||
#define NETSNMP_USE_LIBWRAP 1
|
||||
_ACEOF
|
||||
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap"
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
@@ -28354,7 +28354,7 @@ echo "${ECHO_T}yes" >&6
|
||||
#define NETSNMP_USE_LIBWRAP 1
|
||||
_ACEOF
|
||||
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap -lnsl"
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
--- net-snmp-5.4.1/configure.in.orig 2007-07-27 19:02:00.000000000 +0200
|
||||
+++ net-snmp-5.4.1/configure.in 2007-08-07 13:33:55.000000000 +0200
|
||||
@@ -2714,7 +2714,7 @@ AC_ARG_WITH(libwrap,
|
||||
if test "$with_libwrap" != "no"; then
|
||||
if test "$with_libwrap" != "yes"; then
|
||||
CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
|
||||
- LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
|
||||
+ LDFLAGS="${LDFLAGS} -L$with_libwrap"
|
||||
fi
|
||||
|
||||
_libs=${LIBS}
|
||||
@@ -2732,7 +2732,7 @@ AC_ARG_WITH(libwrap,
|
||||
|
||||
AC_MSG_RESULT([yes])
|
||||
AC_DEFINE(NETSNMP_USE_LIBWRAP)
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap"],
|
||||
[
|
||||
AC_MSG_RESULT([no])
|
||||
@@ -2748,7 +2748,7 @@ AC_ARG_WITH(libwrap,
|
||||
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(NETSNMP_USE_LIBWRAP)
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap -lnsl",
|
||||
|
||||
AC_MSG_RESULT(no)
|
||||
--- net-snmp-5.4.1/configure.libpath.orig 2007-08-07 13:31:31.000000000 +0200
|
||||
+++ net-snmp-5.4.1/configure.libpath 2007-08-07 13:34:52.000000000 +0200
|
||||
@@ -27922,7 +27922,7 @@ if test "${with_libwrap+set}" = set; the
|
||||
if test "$with_libwrap" != "no"; then
|
||||
if test "$with_libwrap" != "yes"; then
|
||||
CPPFLAGS="${CPPFLAGS} -I$with_libwrap/include"
|
||||
- LDFLAGS="${LDFLAGS} -L$with_libwrap/lib"
|
||||
+ LDFLAGS="${LDFLAGS} -L$with_libwrap"
|
||||
fi
|
||||
|
||||
_libs=${LIBS}
|
||||
@@ -28126,7 +28126,7 @@ echo "${ECHO_T}yes" >&6
|
||||
#define NETSNMP_USE_LIBWRAP 1
|
||||
_ACEOF
|
||||
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap"
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
@@ -28354,7 +28354,7 @@ echo "${ECHO_T}yes" >&6
|
||||
#define NETSNMP_USE_LIBWRAP 1
|
||||
_ACEOF
|
||||
|
||||
- test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap/lib"
|
||||
+ test "$with_libwrap" != no -a "$with_libwrap" != yes && _wraplibs="-L$with_libwrap"
|
||||
_wraplibs="$_wraplibs -lwrap -lnsl"
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
157
net-snmp-5.4.1-xen-crash.patch
Normal file
157
net-snmp-5.4.1-xen-crash.patch
Normal file
@ -0,0 +1,157 @@
|
||||
386611: snmpd segfaults on xen network interfaces
|
||||
Source: http://sourceforge.net/tracker/index.php?func=detail&aid=1794532&group_id=12694&atid=112694
|
||||
Reviewed-By: Jan Safranek <jsafrane@redhat.com>
|
||||
|
||||
Index: agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c
|
||||
===================================================================
|
||||
--- agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c (revision 16711)
|
||||
+++ agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_data_access.c (working copy)
|
||||
@@ -258,9 +258,10 @@
|
||||
if ((NULL != rowreq_ctx) &&
|
||||
(MFD_SUCCESS ==
|
||||
ipAddressTable_indexes_set(rowreq_ctx,
|
||||
+ ipaddress_entry->ia_address_len + 1,
|
||||
+ ipaddress_entry->ia_address,
|
||||
ipaddress_entry->ia_address_len,
|
||||
- ipaddress_entry->ia_address,
|
||||
- ipaddress_entry->ia_address_len))) {
|
||||
+ ipaddress_entry->if_index))) {
|
||||
if (CONTAINER_INSERT(container, rowreq_ctx) < 0) {
|
||||
DEBUGMSGTL (("ipAddressTable:access","container insert failed for new entry\n"));
|
||||
ipAddressTable_release_rowreq_ctx(rowreq_ctx);
|
||||
Index: agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.c
|
||||
===================================================================
|
||||
--- agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.c (revision 16711)
|
||||
+++ agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.c (working copy)
|
||||
@@ -348,10 +348,18 @@
|
||||
*mib_ipAddressAddrType_val_ptr = INETADDRESSTYPE_IPV4;
|
||||
break;
|
||||
|
||||
+ case INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV4Z:
|
||||
+ *mib_ipAddressAddrType_val_ptr = INETADDRESSTYPE_IPV4Z;
|
||||
+ break;
|
||||
+
|
||||
case INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV6:
|
||||
*mib_ipAddressAddrType_val_ptr = INETADDRESSTYPE_IPV6;
|
||||
break;
|
||||
|
||||
+ case INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV6Z:
|
||||
+ *mib_ipAddressAddrType_val_ptr = INETADDRESSTYPE_IPV6Z;
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
snmp_log(LOG_ERR, "couldn't map value %ld for ipAddressAddrType\n",
|
||||
raw_ipAddressAddrType_val);
|
||||
@@ -382,8 +390,11 @@
|
||||
ipAddressTable_indexes_set_tbl_idx(ipAddressTable_mib_index * tbl_idx,
|
||||
u_long ipAddressAddrType_val,
|
||||
char *ipAddressAddr_val_ptr,
|
||||
- size_t ipAddressAddr_val_ptr_len)
|
||||
+ size_t ipAddressAddr_val_ptr_len,
|
||||
+ u_long ipAddressAddr_ifIndex)
|
||||
{
|
||||
+ uint32_t zone = htonl(ipAddressAddr_ifIndex);
|
||||
+
|
||||
DEBUGMSGTL(("verbose:ipAddressTable:ipAddressTable_indexes_set_tbl_idx", "called\n"));
|
||||
|
||||
/*
|
||||
@@ -409,6 +420,11 @@
|
||||
memcpy(tbl_idx->ipAddressAddr, ipAddressAddr_val_ptr,
|
||||
ipAddressAddr_val_ptr_len * sizeof(ipAddressAddr_val_ptr[0]));
|
||||
|
||||
+ /** zone */
|
||||
+ tbl_idx->ipAddressAddr_len += sizeof(zone);
|
||||
+ memcpy(&tbl_idx->ipAddressAddr[ipAddressAddr_val_ptr_len *
|
||||
+ sizeof(ipAddressAddr_val_ptr[0])],
|
||||
+ &zone, sizeof(zone));
|
||||
|
||||
return MFD_SUCCESS;
|
||||
} /* ipAddressTable_indexes_set_tbl_idx */
|
||||
@@ -430,7 +446,8 @@
|
||||
ipAddressTable_indexes_set(ipAddressTable_rowreq_ctx * rowreq_ctx,
|
||||
u_long ipAddressAddrType_val,
|
||||
char *ipAddressAddr_val_ptr,
|
||||
- size_t ipAddressAddr_val_ptr_len)
|
||||
+ size_t ipAddressAddr_val_ptr_len,
|
||||
+ u_long ipAddressAddr_ifIndex)
|
||||
{
|
||||
DEBUGMSGTL(("verbose:ipAddressTable:ipAddressTable_indexes_set",
|
||||
"called\n"));
|
||||
@@ -439,7 +456,8 @@
|
||||
ipAddressTable_indexes_set_tbl_idx(&rowreq_ctx->tbl_idx,
|
||||
ipAddressAddrType_val,
|
||||
ipAddressAddr_val_ptr,
|
||||
- ipAddressAddr_val_ptr_len))
|
||||
+ ipAddressAddr_val_ptr_len,
|
||||
+ ipAddressAddr_ifIndex))
|
||||
return MFD_ERROR;
|
||||
|
||||
/*
|
||||
Index: agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_constants.h
|
||||
===================================================================
|
||||
--- agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_constants.h (revision 16711)
|
||||
+++ agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable_constants.h (working copy)
|
||||
@@ -106,7 +106,9 @@
|
||||
* simplistic map of address length to type
|
||||
*/
|
||||
#define INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV4 4
|
||||
+#define INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV4Z 5
|
||||
#define INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV6 16
|
||||
+#define INTERNAL_IPADDRESSTABLE_IPADDRESSADDRTYPE_IPV6Z 17
|
||||
|
||||
|
||||
/*************************************************************
|
||||
Index: agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.h
|
||||
===================================================================
|
||||
--- agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.h (revision 16711)
|
||||
+++ agent/mibgroup/ip-mib/ipAddressTable/ipAddressTable.h (working copy)
|
||||
@@ -273,14 +273,16 @@
|
||||
u_long ipAddressAddrType_val,
|
||||
char *ipAddressAddr_val_ptr,
|
||||
size_t
|
||||
- ipAddressAddr_val_ptr_len);
|
||||
+ ipAddressAddr_val_ptr_len,
|
||||
+ u_long ipAddressAddr_ifIndex);
|
||||
int ipAddressTable_indexes_set(ipAddressTable_rowreq_ctx *
|
||||
rowreq_ctx,
|
||||
u_long
|
||||
ipAddressAddrType_val,
|
||||
char *ipAddressAddr_val_ptr,
|
||||
size_t
|
||||
- ipAddressAddr_val_ptr_len);
|
||||
+ ipAddressAddr_val_ptr_len,
|
||||
+ u_long ipAddressAddr_ifIndex);
|
||||
|
||||
|
||||
|
||||
Index: agent/mibgroup/ip-mib/data_access/ipaddress_common.c
|
||||
===================================================================
|
||||
--- agent/mibgroup/ip-mib/data_access/ipaddress_common.c (revision 16711)
|
||||
+++ agent/mibgroup/ip-mib/data_access/ipaddress_common.c (working copy)
|
||||
@@ -411,6 +415,7 @@
|
||||
{
|
||||
const netsnmp_ipaddress_entry *lh = (const netsnmp_ipaddress_entry *)lhs;
|
||||
const netsnmp_ipaddress_entry *rh = (const netsnmp_ipaddress_entry *)rhs;
|
||||
+ int rc;
|
||||
|
||||
netsnmp_assert(NULL != lhs);
|
||||
netsnmp_assert(NULL != rhs);
|
||||
@@ -426,5 +431,17 @@
|
||||
/*
|
||||
* length equal, compare address
|
||||
*/
|
||||
- return memcmp(lh->ia_address, rh->ia_address, lh->ia_address_len);
|
||||
+ rc = memcmp(lh->ia_address, rh->ia_address, lh->ia_address_len);
|
||||
+ if (rc)
|
||||
+ return rc;
|
||||
+
|
||||
+ /*
|
||||
+ * address same, compare ifIndex
|
||||
+ */
|
||||
+ if (lh->if_index < rh->if_index)
|
||||
+ return -1;
|
||||
+ else if (lh->if_index > rh->if_index)
|
||||
+ return 1;
|
||||
+
|
||||
+ return 0;
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
1134475 - dependency in perl package
|
||||
|
||||
Use hardcoded path to configuration directories instead of net-snmp-config.
|
||||
net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
|
||||
depending on -devel.
|
||||
|
||||
diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
|
||||
--- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200
|
||||
+++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200
|
||||
@@ -819,8 +819,7 @@ sub set_default {
|
||||
sub cfg_path {
|
||||
my $path;
|
||||
|
||||
- $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`;
|
||||
- chomp $path;
|
||||
+ $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp";
|
||||
return (wantarray ? split(':', $path) : $path);
|
||||
}
|
||||
|
||||
@@ -1414,8 +1413,8 @@ sub checkReqs {
|
||||
die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later")
|
||||
if ($ossl_ver cmp $ossl_min_ver) < 0;
|
||||
|
||||
- die("$NetSNMP::Cert::CFGTOOL not found: please install")
|
||||
- if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
|
||||
+# die("$NetSNMP::Cert::CFGTOOL not found: please install")
|
||||
+# if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
|
||||
}
|
||||
|
||||
sub initOpts {
|
@ -1,14 +0,0 @@
|
||||
diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
|
||||
--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200
|
||||
+++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200
|
||||
@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
|
||||
return 0; /* or -1 */
|
||||
|
||||
it = CONTAINER_ITERATOR( swrun_container );
|
||||
+ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
|
||||
+ if (0 == strcmp( entry->hrSWRunName, name ))
|
||||
+ i++;
|
||||
+ }
|
||||
while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
|
||||
if (0 == strcmp( entry->hrSWRunName, name ))
|
||||
i++;
|
@ -1,12 +0,0 @@
|
||||
diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h
|
||||
--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200
|
||||
+++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200
|
||||
@@ -10,7 +10,7 @@ extern "C" {
|
||||
* Note: using the U64 typedef is deprecated because this typedef conflicts
|
||||
* with a typedef with the same name defined in the Perl header files.
|
||||
*/
|
||||
- typedef struct counter64 U64;
|
||||
+// typedef struct counter64 U64;
|
||||
#endif
|
||||
|
||||
#define I64CHARSZ 21
|
@ -1,35 +0,0 @@
|
||||
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
|
||||
--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100
|
||||
+++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100
|
||||
@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
|
||||
"No error", /* SNMPERR_SUCCESS */
|
||||
"Generic error", /* SNMPERR_GENERR */
|
||||
"Invalid local port", /* SNMPERR_BAD_LOCPORT */
|
||||
- "Unknown host", /* SNMPERR_BAD_ADDRESS */
|
||||
+ "Invalid address", /* SNMPERR_BAD_ADDRESS */
|
||||
"Unknown session", /* SNMPERR_BAD_SESSION */
|
||||
"Too long", /* SNMPERR_TOO_LONG */
|
||||
"No socket", /* SNMPERR_NO_SOCKET */
|
||||
@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
|
||||
DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
|
||||
in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
|
||||
in_session->s_errno = errno;
|
||||
- snmp_set_detail(in_session->peername);
|
||||
+ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
|
||||
+ NETSNMP_DS_LIB_CLIENT_ADDR))
|
||||
+ snmp_set_detail(in_session->peername);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
|
||||
--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100
|
||||
+++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100
|
||||
@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
|
||||
DEBUGMSGTL(("netsnmp_udpbase",
|
||||
"failed to bind for clientaddr: %d %s\n",
|
||||
errno, strerror(errno)));
|
||||
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
|
||||
+ strerror(errno)));
|
||||
goto err;
|
||||
}
|
||||
|
@ -1,11 +0,0 @@
|
||||
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
|
||||
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200
|
||||
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200
|
||||
@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
|
||||
for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
|
||||
if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
|
||||
/* 'entry' is duplicate of the previous one -> delete it */
|
||||
+ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
|
||||
netsnmp_access_ipaddress_entry_free(entry);
|
||||
} else {
|
||||
CONTAINER_INSERT(ret, entry);
|
@ -1,12 +0,0 @@
|
||||
diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
|
||||
--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200
|
||||
+++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200
|
||||
@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
|
||||
* save a warning header to the top of the new file
|
||||
*/
|
||||
snprintf(fileold, sizeof(fileold),
|
||||
- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
|
||||
+ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
|
||||
"#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
|
||||
"#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
|
||||
type, type, type,
|
@ -1,82 +0,0 @@
|
||||
diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
|
||||
--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200
|
||||
+++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200
|
||||
@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
|
||||
}
|
||||
|
||||
#elif defined(linux)
|
||||
+#include <errno.h>
|
||||
static struct ifreq *ifr;
|
||||
static int ifr_counter;
|
||||
|
||||
static void
|
||||
Address_Scan_Init(void)
|
||||
{
|
||||
- int num_interfaces = 0;
|
||||
+ int i;
|
||||
int fd;
|
||||
+ int lastlen = 0;
|
||||
|
||||
/* get info about all interfaces */
|
||||
|
||||
@@ -510,28 +512,45 @@ Address_Scan_Init(void)
|
||||
SNMP_FREE(ifc.ifc_buf);
|
||||
ifr_counter = 0;
|
||||
|
||||
- do
|
||||
- {
|
||||
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
|
||||
{
|
||||
DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
|
||||
return;
|
||||
}
|
||||
- num_interfaces += 16;
|
||||
|
||||
- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
|
||||
- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
|
||||
-
|
||||
- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
|
||||
- {
|
||||
- ifr=NULL;
|
||||
- close(fd);
|
||||
- return;
|
||||
- }
|
||||
- close(fd);
|
||||
+ /*
|
||||
+ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
|
||||
+ * on some platforms; see W. R. Stevens, ``Unix Network Programming
|
||||
+ * Volume I'', p.435...
|
||||
+ */
|
||||
+
|
||||
+ for (i = 8;; i *= 2) {
|
||||
+ ifc.ifc_len = sizeof(struct ifreq) * i;
|
||||
+ ifc.ifc_req = calloc(i, sizeof(struct ifreq));
|
||||
+
|
||||
+ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
|
||||
+ if (errno != EINVAL || lastlen != 0) {
|
||||
+ /*
|
||||
+ * Something has gone genuinely wrong...
|
||||
+ */
|
||||
+ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
|
||||
+ SNMP_FREE(ifc.ifc_buf);
|
||||
+ close(fd);
|
||||
+ return;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (ifc.ifc_len == lastlen) {
|
||||
+ /*
|
||||
+ * The length is the same as the last time; we're done...
|
||||
+ */
|
||||
+ break;
|
||||
+ }
|
||||
+ lastlen = ifc.ifc_len;
|
||||
+ }
|
||||
+ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
|
||||
}
|
||||
- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
|
||||
-
|
||||
+
|
||||
+ close(fd);
|
||||
ifr = ifc.ifc_req;
|
||||
}
|
||||
|
@ -1,36 +0,0 @@
|
||||
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
|
||||
--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200
|
||||
+++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
|
||||
.SH SYNOPSIS
|
||||
.PP
|
||||
-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
|
||||
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
|
||||
.B [username]
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
@@ -16,13 +16,16 @@ new user in net-snmp configuration file
|
||||
displays the net-snmp version number
|
||||
.TP
|
||||
\fB\-ro\fR
|
||||
-create an user with read-only permissions
|
||||
+creates a user with read-only permissions
|
||||
.TP
|
||||
-\fB\-a authpass\fR
|
||||
-specify authentication password
|
||||
+\fB\-A authpass\fR
|
||||
+specifies the authentication password
|
||||
.TP
|
||||
-\fB\-x privpass\fR
|
||||
-specify encryption password
|
||||
+\fB\-a MD5|SHA\fR
|
||||
+specifies the authentication password hashing algorithm
|
||||
.TP
|
||||
-\fB\-X DES|AES\fR
|
||||
-specify encryption algorithm
|
||||
+\fB\-X privpass\fR
|
||||
+specifies the encryption password
|
||||
+.TP
|
||||
+\fB\-x DES|AES\fR
|
||||
+specifies the encryption algorithm
|
@ -1,83 +0,0 @@
|
||||
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:12:19.583503903 +0200
|
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:50:38.599703588 +0200
|
||||
@@ -102,7 +102,6 @@ netsnmp_swinst_arch_load( netsnmp_contai
|
||||
rpmtd td_name, td_version, td_release, td_group, td_time;
|
||||
#else
|
||||
char *n, *v, *r, *g;
|
||||
- int32_t *t;
|
||||
#endif
|
||||
time_t install_time;
|
||||
size_t date_len;
|
||||
@@ -146,14 +145,13 @@ netsnmp_swinst_arch_load( netsnmp_contai
|
||||
install_time = rpmtdGetNumber(td_time);
|
||||
g = rpmtdGetString(td_group);
|
||||
#else
|
||||
- headerGetEntry( h, RPMTAG_NAME, NULL, (void**)&n, NULL);
|
||||
- headerGetEntry( h, RPMTAG_VERSION, NULL, (void**)&v, NULL);
|
||||
- headerGetEntry( h, RPMTAG_RELEASE, NULL, (void**)&r, NULL);
|
||||
- headerGetEntry( h, RPMTAG_GROUP, NULL, (void**)&g, NULL);
|
||||
- headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL);
|
||||
+ n = headerGetString( h, RPMTAG_NAME);
|
||||
+ v = headerGetString( h, RPMTAG_VERSION);
|
||||
+ r = headerGetString( h, RPMTAG_RELEASE);
|
||||
+ g = headerGetString( h, RPMTAG_GROUP);
|
||||
+ install_time = headerGetNumber( h, RPMTAG_INSTALLTIME);
|
||||
entry->swName_len = snprintf( entry->swName, sizeof(entry->swName),
|
||||
"%s-%s-%s", n, v, r);
|
||||
- install_time = *t;
|
||||
#endif
|
||||
entry->swType = (g && NULL != strstr( g, "System Environment"))
|
||||
? 2 /* operatingSystem */
|
||||
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||
--- a/agent/mibgroup/host/hr_swinst.c 2018-07-18 16:12:19.582503907 +0200
|
||||
+++ b/agent/mibgroup/host/hr_swinst.c 2018-07-18 17:09:29.716564197 +0200
|
||||
@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp,
|
||||
}
|
||||
#else
|
||||
# ifdef HAVE_LIBRPM
|
||||
- char *rpm_groups;
|
||||
- if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) {
|
||||
- if ( strstr(rpm_groups, "System Environment") != NULL )
|
||||
+ const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP);
|
||||
+ if ( NULL != rpm_group ) {
|
||||
+ if ( strstr(rpm_group, "System Environment") != NULL )
|
||||
long_return = 2; /* operatingSystem */
|
||||
else
|
||||
long_return = 4; /* applcation */
|
||||
@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp,
|
||||
case HRSWINST_DATE:
|
||||
{
|
||||
#ifdef HAVE_LIBRPM
|
||||
- int32_t *rpm_data;
|
||||
- if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) {
|
||||
- time_t installTime = *rpm_data;
|
||||
+ time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME);
|
||||
+ if ( 0 != installTime ) {
|
||||
ret = date_n_time(&installTime, var_len);
|
||||
} else {
|
||||
ret = date_n_time(NULL, var_len);
|
||||
@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix)
|
||||
if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) {
|
||||
int offset;
|
||||
Header h;
|
||||
- char *n, *v, *r;
|
||||
+ const char *n, *v, *r;
|
||||
|
||||
offset = swi->swi_recs[ix - 1];
|
||||
|
||||
@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix)
|
||||
swi->swi_h = h;
|
||||
swi->swi_prevx = ix;
|
||||
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL);
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v,
|
||||
- NULL);
|
||||
- headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r,
|
||||
- NULL);
|
||||
+ n = headerGetString(swi->swi_h, RPMTAG_NAME);
|
||||
+ v = headerGetString(swi->swi_h, RPMTAG_VERSION);
|
||||
+ r = headerGetString(swi->swi_h, RPMTAG_RELEASE);
|
||||
snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r);
|
||||
swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
|
||||
}
|
@ -1,28 +0,0 @@
|
||||
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
index 695c469..dd0e487 100644
|
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
|
||||
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
|
||||
SNMP_FREE(rpmdbpath);
|
||||
dbpath = NULL;
|
||||
+#ifdef HAVE_RPMGETPATH
|
||||
+ rpmFreeRpmrc();
|
||||
+#endif
|
||||
if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||
snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
|
||||
pkg_directory[0] = '\0';
|
||||
diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||
index 1f52733..ccf1cab 100644
|
||||
--- a/agent/mibgroup/host/hr_swinst.c
|
||||
+++ b/agent/mibgroup/host/hr_swinst.c
|
||||
@@ -231,6 +231,9 @@ init_hr_swinst(void)
|
||||
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
|
||||
path[ sizeof(path)-1 ] = 0;
|
||||
swi->swi_directory = strdup(path);
|
||||
+#ifdef HAVE_RPMGETPATH
|
||||
+ rpmFreeRpmrc();
|
||||
+#endif
|
||||
}
|
||||
#else
|
||||
# ifdef _PATH_HRSW_directory
|
@ -1,18 +0,0 @@
|
||||
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||
index afd6fa4..07c26fe 100644
|
||||
--- a/net-snmp-create-v3-user.in
|
||||
+++ b/net-snmp-create-v3-user.in
|
||||
@@ -58,11 +58,11 @@ case $1 in
|
||||
exit 1
|
||||
fi
|
||||
case $1 in
|
||||
- DES|AES|AES128)
|
||||
+ DES|AES|AES128|AES192|AES256)
|
||||
Xalgorithm=$1
|
||||
shift
|
||||
;;
|
||||
- des|aes|aes128)
|
||||
+ des|aes|aes128|aes192|aes256)
|
||||
Xalgorithm=$(echo "$1" | tr a-z A-Z)
|
||||
shift
|
||||
;;
|
@ -1,12 +0,0 @@
|
||||
diff --git a/agent/mibgroup/host/hr_filesys.c b/agent/mibgroup/host/hr_filesys.c
|
||||
index e7ca92f..80b3e0d 100644
|
||||
--- a/agent/mibgroup/host/hr_filesys.c
|
||||
+++ b/agent/mibgroup/host/hr_filesys.c
|
||||
@@ -704,6 +704,7 @@ static const char *HRFS_ignores[] = {
|
||||
"shm",
|
||||
"sockfs",
|
||||
"sysfs",
|
||||
+ "tmpfs",
|
||||
"usbdevfs",
|
||||
"usbfs",
|
||||
#endif
|
@ -1,20 +0,0 @@
|
||||
diff -urNp a/perl/Makefile.PL b/perl/Makefile.PL
|
||||
--- a/perl/Makefile.PL 2020-08-26 08:32:52.498909823 +0200
|
||||
+++ b/perl/Makefile.PL 2020-08-26 09:30:45.584951552 +0200
|
||||
@@ -1,3 +1,4 @@
|
||||
+use lib '.';
|
||||
use strict;
|
||||
use warnings;
|
||||
use ExtUtils::MakeMaker;
|
||||
diff -urNp a/perl/MakefileSubs.pm b/perl/MakefileSubs.pm
|
||||
--- a/perl/MakefileSubs.pm 2020-08-26 08:32:52.498909823 +0200
|
||||
+++ b/perl/MakefileSubs.pm 2020-08-26 08:36:44.097218448 +0200
|
||||
@@ -116,7 +116,7 @@ sub AddCommonParams {
|
||||
append($Params->{'CCFLAGS'}, $cflags);
|
||||
append($Params->{'CCFLAGS'}, $Config{'ccflags'});
|
||||
# Suppress known Perl header shortcomings.
|
||||
- $Params->{'CCFLAGS'} =~ s/ -W(cast-qual|write-strings)//g;
|
||||
+ $Params->{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g;
|
||||
append($Params->{'CCFLAGS'}, '-Wformat');
|
||||
}
|
||||
}
|
@ -1,22 +0,0 @@
|
||||
diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
|
||||
index e9a8831..5a1d8e7 100644
|
||||
--- a/agent/mibgroup/disman/event/mteTrigger.c
|
||||
+++ b/agent/mibgroup/disman/event/mteTrigger.c
|
||||
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
|
||||
* Similarly, if no fallEvent is configured,
|
||||
* there's no point in trying to fire it either.
|
||||
*/
|
||||
- if (entry->mteTThRiseEvent[0] != '\0' ) {
|
||||
+ if (entry->mteTThFallEvent[0] != '\0' ) {
|
||||
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||
entry->mteTriggerFired = vp1;
|
||||
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg)
|
||||
* Similarly, if no fallEvent is configured,
|
||||
* there's no point in trying to fire it either.
|
||||
*/
|
||||
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
|
||||
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
|
||||
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||
entry->mteTriggerFired = vp1;
|
@ -1,30 +0,0 @@
|
||||
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||
index 19895a1..ac3c60f 100644
|
||||
--- a/net-snmp-create-v3-user.in
|
||||
+++ b/net-snmp-create-v3-user.in
|
||||
@@ -14,6 +14,10 @@ Xalgorithm="DES"
|
||||
token=rwuser
|
||||
|
||||
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
|
||||
+case "$1" in
|
||||
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
||||
+ *) optarg= ;;
|
||||
+esac
|
||||
|
||||
unset shifted
|
||||
case $1 in
|
||||
@@ -134,11 +138,9 @@ if test ! -d "$outfile"; then
|
||||
touch "$outfile"
|
||||
fi
|
||||
echo "$line" >> "$outfile"
|
||||
-prefix=@prefix@
|
||||
-datarootdir=@datarootdir@
|
||||
-# To suppress shellcheck complaints about $prefix and $datarootdir.
|
||||
-: "$prefix" "$datarootdir"
|
||||
-outfile="@datadir@/snmp/snmpd.conf"
|
||||
+# Avoid that configure complains that this script ignores @datarootdir@
|
||||
+echo "@datarootdir@" >/dev/null
|
||||
+outfile="/etc/snmp/snmpd.conf"
|
||||
line="$token $user"
|
||||
echo "adding the following line to $outfile:"
|
||||
echo " $line"
|
@ -1,855 +0,0 @@
|
||||
diff --git a/include/net-snmp/library/cert_util.h b/include/net-snmp/library/cert_util.h
|
||||
index 80e2a19..143adbb 100644
|
||||
--- a/include/net-snmp/library/cert_util.h
|
||||
+++ b/include/net-snmp/library/cert_util.h
|
||||
@@ -55,7 +55,8 @@ extern "C" {
|
||||
char *common_name;
|
||||
|
||||
u_char hash_type;
|
||||
- u_char _pad[3]; /* for future use */
|
||||
+ u_char _pad[1]; /* for future use */
|
||||
+ u_short offset;
|
||||
} netsnmp_cert;
|
||||
|
||||
/** types */
|
||||
@@ -100,6 +101,7 @@ extern "C" {
|
||||
|
||||
NETSNMP_IMPORT
|
||||
netsnmp_cert *netsnmp_cert_find(int what, int where, void *hint);
|
||||
+ netsnmp_void_array *netsnmp_certs_find(int what, int where, void *hint);
|
||||
|
||||
int netsnmp_cert_check_vb_fingerprint(const netsnmp_variable_list *var);
|
||||
|
||||
diff --git a/include/net-snmp/library/dir_utils.h b/include/net-snmp/library/dir_utils.h
|
||||
index 471bb0b..ac7f69a 100644
|
||||
--- a/include/net-snmp/library/dir_utils.h
|
||||
+++ b/include/net-snmp/library/dir_utils.h
|
||||
@@ -53,7 +53,8 @@ extern "C" {
|
||||
#define NETSNMP_DIR_NSFILE 0x0010
|
||||
/** load stats in netsnmp_file */
|
||||
#define NETSNMP_DIR_NSFILE_STATS 0x0020
|
||||
-
|
||||
+/** allow files to be indexed more than once */
|
||||
+#define NETSNMP_DIR_ALLOW_DUPLICATES 0x0040
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
|
||||
index 210ad8b..b1f8144 100644
|
||||
--- a/snmplib/cert_util.c
|
||||
+++ b/snmplib/cert_util.c
|
||||
@@ -100,7 +100,7 @@ netsnmp_feature_child_of(tls_fingerprint_build, cert_util_all);
|
||||
* bump this value whenever cert index format changes, so indexes
|
||||
* will be regenerated with new format.
|
||||
*/
|
||||
-#define CERT_INDEX_FORMAT 1
|
||||
+#define CERT_INDEX_FORMAT 2
|
||||
|
||||
static netsnmp_container *_certs = NULL;
|
||||
static netsnmp_container *_keys = NULL;
|
||||
@@ -126,6 +126,8 @@ static int _cert_fn_ncompare(netsnmp_cert_common *lhs,
|
||||
netsnmp_cert_common *rhs);
|
||||
static void _find_partner(netsnmp_cert *cert, netsnmp_key *key);
|
||||
static netsnmp_cert *_find_issuer(netsnmp_cert *cert);
|
||||
+static netsnmp_void_array *_cert_reduce_subset_first(netsnmp_void_array *matching);
|
||||
+static netsnmp_void_array *_cert_reduce_subset_what(netsnmp_void_array *matching, int what);
|
||||
static netsnmp_void_array *_cert_find_subset_fn(const char *filename,
|
||||
const char *directory);
|
||||
static netsnmp_void_array *_cert_find_subset_sn(const char *subject);
|
||||
@@ -345,6 +347,8 @@ _get_cert_container(const char *use)
|
||||
{
|
||||
netsnmp_container *c;
|
||||
|
||||
+ int rc;
|
||||
+
|
||||
c = netsnmp_container_find("certs:binary_array");
|
||||
if (NULL == c) {
|
||||
snmp_log(LOG_ERR, "could not create container for %s\n", use);
|
||||
@@ -354,6 +358,8 @@ _get_cert_container(const char *use)
|
||||
c->free_item = (netsnmp_container_obj_func*)_cert_free;
|
||||
c->compare = (netsnmp_container_compare*)_cert_compare;
|
||||
|
||||
+ CONTAINER_SET_OPTIONS(c, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
+
|
||||
return c;
|
||||
}
|
||||
|
||||
@@ -362,6 +368,8 @@ _setup_containers(void)
|
||||
{
|
||||
netsnmp_container *additional_keys;
|
||||
|
||||
+ int rc;
|
||||
+
|
||||
_certs = _get_cert_container("netsnmp certificates");
|
||||
if (NULL == _certs)
|
||||
return;
|
||||
@@ -376,6 +384,7 @@ _setup_containers(void)
|
||||
additional_keys->container_name = strdup("certs_cn");
|
||||
additional_keys->free_item = NULL;
|
||||
additional_keys->compare = (netsnmp_container_compare*)_cert_cn_compare;
|
||||
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
netsnmp_container_add_index(_certs, additional_keys);
|
||||
|
||||
/** additional keys: subject name */
|
||||
@@ -389,6 +398,7 @@ _setup_containers(void)
|
||||
additional_keys->free_item = NULL;
|
||||
additional_keys->compare = (netsnmp_container_compare*)_cert_sn_compare;
|
||||
additional_keys->ncompare = (netsnmp_container_compare*)_cert_sn_ncompare;
|
||||
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
netsnmp_container_add_index(_certs, additional_keys);
|
||||
|
||||
/** additional keys: file name */
|
||||
@@ -402,6 +412,7 @@ _setup_containers(void)
|
||||
additional_keys->free_item = NULL;
|
||||
additional_keys->compare = (netsnmp_container_compare*)_cert_fn_compare;
|
||||
additional_keys->ncompare = (netsnmp_container_compare*)_cert_fn_ncompare;
|
||||
+ CONTAINER_SET_OPTIONS(additional_keys, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
netsnmp_container_add_index(_certs, additional_keys);
|
||||
|
||||
_keys = netsnmp_container_find("cert_keys:binary_array");
|
||||
@@ -424,7 +435,7 @@ netsnmp_cert_map_container(void)
|
||||
}
|
||||
|
||||
static netsnmp_cert *
|
||||
-_new_cert(const char *dirname, const char *filename, int certType,
|
||||
+_new_cert(const char *dirname, const char *filename, int certType, int offset,
|
||||
int hashType, const char *fingerprint, const char *common_name,
|
||||
const char *subject)
|
||||
{
|
||||
@@ -446,8 +457,10 @@ _new_cert(const char *dirname, const char *filename, int certType,
|
||||
|
||||
cert->info.dir = strdup(dirname);
|
||||
cert->info.filename = strdup(filename);
|
||||
- cert->info.allowed_uses = NS_CERT_REMOTE_PEER;
|
||||
+ /* only the first certificate is allowed to be a remote peer */
|
||||
+ cert->info.allowed_uses = offset ? 0 : NS_CERT_REMOTE_PEER;
|
||||
cert->info.type = certType;
|
||||
+ cert->offset = offset;
|
||||
if (fingerprint) {
|
||||
cert->hash_type = hashType;
|
||||
cert->fingerprint = strdup(fingerprint);
|
||||
@@ -884,14 +897,86 @@ _certindex_new( const char *dirname )
|
||||
* certificate utility functions
|
||||
*
|
||||
*/
|
||||
+static BIO *
|
||||
+netsnmp_open_bio(const char *dir, const char *filename)
|
||||
+{
|
||||
+ BIO *certbio;
|
||||
+ char file[SNMP_MAXPATH];
|
||||
+
|
||||
+ DEBUGMSGT(("9:cert:read", "Checking file %s\n", filename));
|
||||
+
|
||||
+ certbio = BIO_new(BIO_s_file());
|
||||
+ if (NULL == certbio) {
|
||||
+ snmp_log(LOG_ERR, "error creating BIO\n");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ snprintf(file, sizeof(file),"%s/%s", dir, filename);
|
||||
+ if (BIO_read_filename(certbio, file) <=0) {
|
||||
+ snmp_log(LOG_ERR, "error reading certificate/key %s into BIO\n", file);
|
||||
+ BIO_vfree(certbio);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ return certbio;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+netsnmp_ocert_parse(netsnmp_cert *cert, X509 *ocert)
|
||||
+{
|
||||
+ int is_ca;
|
||||
+
|
||||
+ cert->ocert = ocert;
|
||||
+
|
||||
+ /*
|
||||
+ * X509_check_ca return codes:
|
||||
+ * 0 not a CA
|
||||
+ * 1 is a CA
|
||||
+ * 2 basicConstraints absent so "maybe" a CA
|
||||
+ * 3 basicConstraints absent but self signed V1.
|
||||
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
|
||||
+ * 5 outdated Netscape Certificate Type CA extension.
|
||||
+ */
|
||||
+ is_ca = X509_check_ca(ocert);
|
||||
+ if (1 == is_ca)
|
||||
+ cert->info.allowed_uses |= NS_CERT_CA;
|
||||
+
|
||||
+ if (NULL == cert->subject) {
|
||||
+ cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
|
||||
+ 0);
|
||||
+ DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
|
||||
+ }
|
||||
+
|
||||
+ if (NULL == cert->issuer) {
|
||||
+ cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
|
||||
+ if (strcmp(cert->subject, cert->issuer) == 0) {
|
||||
+ free(cert->issuer);
|
||||
+ cert->issuer = strdup("self-signed");
|
||||
+ }
|
||||
+ DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
|
||||
+ }
|
||||
+
|
||||
+ if (NULL == cert->fingerprint) {
|
||||
+ cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
|
||||
+ cert->fingerprint =
|
||||
+ netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
|
||||
+ }
|
||||
+
|
||||
+ if (NULL == cert->common_name) {
|
||||
+ cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
|
||||
+ NULL);
|
||||
+ DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
|
||||
+ }
|
||||
+
|
||||
+}
|
||||
+
|
||||
static X509 *
|
||||
netsnmp_ocert_get(netsnmp_cert *cert)
|
||||
{
|
||||
BIO *certbio;
|
||||
X509 *ocert = NULL;
|
||||
+ X509 *ncert = NULL;
|
||||
EVP_PKEY *okey = NULL;
|
||||
- char file[SNMP_MAXPATH];
|
||||
- int is_ca;
|
||||
|
||||
if (NULL == cert)
|
||||
return NULL;
|
||||
@@ -908,51 +993,33 @@ netsnmp_ocert_get(netsnmp_cert *cert)
|
||||
}
|
||||
}
|
||||
|
||||
- DEBUGMSGT(("9:cert:read", "Checking file %s\n", cert->info.filename));
|
||||
-
|
||||
- certbio = BIO_new(BIO_s_file());
|
||||
- if (NULL == certbio) {
|
||||
- snmp_log(LOG_ERR, "error creating BIO\n");
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- snprintf(file, sizeof(file),"%s/%s", cert->info.dir, cert->info.filename);
|
||||
- if (BIO_read_filename(certbio, file) <=0) {
|
||||
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n", file);
|
||||
- BIO_vfree(certbio);
|
||||
+ certbio = netsnmp_open_bio(cert->info.dir, cert->info.filename);
|
||||
+ if (!certbio) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- if (NS_CERT_TYPE_UNKNOWN == cert->info.type) {
|
||||
- char *pos = strrchr(cert->info.filename, '.');
|
||||
- if (NULL == pos)
|
||||
- return NULL;
|
||||
- cert->info.type = _cert_ext_type(++pos);
|
||||
- netsnmp_assert(cert->info.type != NS_CERT_TYPE_UNKNOWN);
|
||||
- }
|
||||
-
|
||||
switch (cert->info.type) {
|
||||
|
||||
case NS_CERT_TYPE_DER:
|
||||
+ (void)BIO_seek(certbio, cert->offset);
|
||||
ocert = d2i_X509_bio(certbio,NULL); /* DER/ASN1 */
|
||||
if (NULL != ocert)
|
||||
break;
|
||||
- (void)BIO_reset(certbio);
|
||||
/* Check for PEM if DER didn't work */
|
||||
/* FALLTHROUGH */
|
||||
|
||||
case NS_CERT_TYPE_PEM:
|
||||
- ocert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||
+ (void)BIO_seek(certbio, cert->offset);
|
||||
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||
if (NULL == ocert)
|
||||
break;
|
||||
if (NS_CERT_TYPE_DER == cert->info.type) {
|
||||
DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
|
||||
cert->info.type = NS_CERT_TYPE_PEM;
|
||||
}
|
||||
- /** check for private key too */
|
||||
- if (NULL == cert->key) {
|
||||
- (void)BIO_reset(certbio);
|
||||
- okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||
+ /** check for private key too, but only if we're the first certificate */
|
||||
+ if (0 == cert->offset && NULL == cert->key) {
|
||||
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||
if (NULL != okey) {
|
||||
netsnmp_key *key;
|
||||
DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
|
||||
@@ -979,7 +1046,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
|
||||
break;
|
||||
#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
|
||||
case NS_CERT_TYPE_PKCS12:
|
||||
- (void)BIO_reset(certbio);
|
||||
+ (void)BIO_seek(certbio, cert->offset);
|
||||
PKCS12 *p12 = d2i_PKCS12_bio(certbio, NULL);
|
||||
if ( (NULL != p12) && (PKCS12_verify_mac(p12, "", 0) ||
|
||||
PKCS12_verify_mac(p12, NULL, 0)))
|
||||
@@ -999,46 +1066,7 @@ netsnmp_ocert_get(netsnmp_cert *cert)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- cert->ocert = ocert;
|
||||
- /*
|
||||
- * X509_check_ca return codes:
|
||||
- * 0 not a CA
|
||||
- * 1 is a CA
|
||||
- * 2 basicConstraints absent so "maybe" a CA
|
||||
- * 3 basicConstraints absent but self signed V1.
|
||||
- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
|
||||
- * 5 outdated Netscape Certificate Type CA extension.
|
||||
- */
|
||||
- is_ca = X509_check_ca(ocert);
|
||||
- if (1 == is_ca)
|
||||
- cert->info.allowed_uses |= NS_CERT_CA;
|
||||
-
|
||||
- if (NULL == cert->subject) {
|
||||
- cert->subject = X509_NAME_oneline(X509_get_subject_name(ocert), NULL,
|
||||
- 0);
|
||||
- DEBUGMSGT(("9:cert:add:subject", "subject name: %s\n", cert->subject));
|
||||
- }
|
||||
-
|
||||
- if (NULL == cert->issuer) {
|
||||
- cert->issuer = X509_NAME_oneline(X509_get_issuer_name(ocert), NULL, 0);
|
||||
- if (strcmp(cert->subject, cert->issuer) == 0) {
|
||||
- free(cert->issuer);
|
||||
- cert->issuer = strdup("self-signed");
|
||||
- }
|
||||
- DEBUGMSGT(("9:cert:add:issuer", "CA issuer: %s\n", cert->issuer));
|
||||
- }
|
||||
-
|
||||
- if (NULL == cert->fingerprint) {
|
||||
- cert->hash_type = netsnmp_openssl_cert_get_hash_type(ocert);
|
||||
- cert->fingerprint =
|
||||
- netsnmp_openssl_cert_get_fingerprint(ocert, cert->hash_type);
|
||||
- }
|
||||
-
|
||||
- if (NULL == cert->common_name) {
|
||||
- cert->common_name =netsnmp_openssl_cert_get_commonName(ocert, NULL,
|
||||
- NULL);
|
||||
- DEBUGMSGT(("9:cert:add:name","%s\n", cert->common_name));
|
||||
- }
|
||||
+ netsnmp_ocert_parse(cert, ocert);
|
||||
|
||||
return ocert;
|
||||
}
|
||||
@@ -1048,7 +1076,6 @@ netsnmp_okey_get(netsnmp_key *key)
|
||||
{
|
||||
BIO *keybio;
|
||||
EVP_PKEY *okey;
|
||||
- char file[SNMP_MAXPATH];
|
||||
|
||||
if (NULL == key)
|
||||
return NULL;
|
||||
@@ -1056,19 +1083,8 @@ netsnmp_okey_get(netsnmp_key *key)
|
||||
if (key->okey)
|
||||
return key->okey;
|
||||
|
||||
- snprintf(file, sizeof(file),"%s/%s", key->info.dir, key->info.filename);
|
||||
- DEBUGMSGT(("cert:key:read", "Checking file %s\n", key->info.filename));
|
||||
-
|
||||
- keybio = BIO_new(BIO_s_file());
|
||||
- if (NULL == keybio) {
|
||||
- snmp_log(LOG_ERR, "error creating BIO\n");
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- if (BIO_read_filename(keybio, file) <=0) {
|
||||
- snmp_log(LOG_ERR, "error reading certificate %s into BIO\n",
|
||||
- key->info.filename);
|
||||
- BIO_vfree(keybio);
|
||||
+ keybio = netsnmp_open_bio(key->info.dir, key->info.filename);
|
||||
+ if (!keybio) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -1154,7 +1170,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
|
||||
cert->issuer_cert = _find_issuer(cert);
|
||||
if (NULL == cert->issuer_cert) {
|
||||
DEBUGMSGT(("cert:load:warn",
|
||||
- "couldn't load CA chain for cert %s\n",
|
||||
+ "couldn't load full CA chain for cert %s\n",
|
||||
cert->info.filename));
|
||||
rc = CERT_LOAD_PARTIAL;
|
||||
break;
|
||||
@@ -1163,7 +1179,7 @@ netsnmp_cert_load_x509(netsnmp_cert *cert)
|
||||
/** get issuer ocert */
|
||||
if ((NULL == cert->issuer_cert->ocert) &&
|
||||
(netsnmp_ocert_get(cert->issuer_cert) == NULL)) {
|
||||
- DEBUGMSGT(("cert:load:warn", "couldn't load cert chain for %s\n",
|
||||
+ DEBUGMSGT(("cert:load:warn", "couldn't load full cert chain for %s\n",
|
||||
cert->info.filename));
|
||||
rc = CERT_LOAD_PARTIAL;
|
||||
break;
|
||||
@@ -1184,7 +1200,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||
return;
|
||||
}
|
||||
|
||||
- if(key) {
|
||||
+ if (key) {
|
||||
if (key->cert) {
|
||||
DEBUGMSGT(("cert:partner", "key already has partner\n"));
|
||||
return;
|
||||
@@ -1197,7 +1213,8 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||
return;
|
||||
*pos = 0;
|
||||
|
||||
- matching = _cert_find_subset_fn( filename, key->info.dir );
|
||||
+ matching = _cert_reduce_subset_first(_cert_find_subset_fn( filename,
|
||||
+ key->info.dir ));
|
||||
if (!matching)
|
||||
return;
|
||||
if (1 == matching->size) {
|
||||
@@ -1217,7 +1234,7 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||
DEBUGMSGT(("cert:partner", "%s matches multiple certs\n",
|
||||
key->info.filename));
|
||||
}
|
||||
- else if(cert) {
|
||||
+ else if (cert) {
|
||||
if (cert->key) {
|
||||
DEBUGMSGT(("cert:partner", "cert already has partner\n"));
|
||||
return;
|
||||
@@ -1255,76 +1272,182 @@ _find_partner(netsnmp_cert *cert, netsnmp_key *key)
|
||||
}
|
||||
}
|
||||
|
||||
+static netsnmp_key *
|
||||
+_add_key(EVP_PKEY *okey, const char* dirname, const char* filename, FILE *index)
|
||||
+{
|
||||
+ netsnmp_key *key;
|
||||
+
|
||||
+ key = _new_key(dirname, filename);
|
||||
+ if (NULL == key) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ key->okey = okey;
|
||||
+
|
||||
+ if (-1 == CONTAINER_INSERT(_keys, key)) {
|
||||
+ DEBUGMSGT(("cert:key:file:add:err",
|
||||
+ "error inserting key into container\n"));
|
||||
+ netsnmp_key_free(key);
|
||||
+ key = NULL;
|
||||
+ }
|
||||
+ if (index) {
|
||||
+ fprintf(index, "k:%s\n", filename);
|
||||
+ }
|
||||
+
|
||||
+ return key;
|
||||
+}
|
||||
+
|
||||
+static netsnmp_cert *
|
||||
+_add_cert(X509 *ocert, const char* dirname, const char* filename, int type, int offset, FILE *index)
|
||||
+{
|
||||
+ netsnmp_cert *cert;
|
||||
+
|
||||
+ cert = _new_cert(dirname, filename, type, offset, -1, NULL, NULL, NULL);
|
||||
+ if (NULL == cert)
|
||||
+ return NULL;
|
||||
+
|
||||
+ netsnmp_ocert_parse(cert, ocert);
|
||||
+
|
||||
+ if (-1 == CONTAINER_INSERT(_certs, cert)) {
|
||||
+ DEBUGMSGT(("cert:file:add:err",
|
||||
+ "error inserting cert into container\n"));
|
||||
+ netsnmp_cert_free(cert);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (index) {
|
||||
+ /** filename = NAME_MAX = 255 */
|
||||
+ /** fingerprint max = 64*3=192 for sha512 */
|
||||
+ /** common name / CN = 64 */
|
||||
+ if (cert)
|
||||
+ fprintf(index, "c:%s %d %d %d %s '%s' '%s'\n", filename,
|
||||
+ cert->info.type, cert->offset, cert->hash_type, cert->fingerprint,
|
||||
+ cert->common_name, cert->subject);
|
||||
+ }
|
||||
+
|
||||
+ return cert;
|
||||
+}
|
||||
+
|
||||
static int
|
||||
_add_certfile(const char* dirname, const char* filename, FILE *index)
|
||||
{
|
||||
- X509 *ocert;
|
||||
- EVP_PKEY *okey;
|
||||
+ BIO *certbio;
|
||||
+ X509 *ocert = NULL;
|
||||
+ X509 *ncert;
|
||||
+ EVP_PKEY *okey = NULL;
|
||||
netsnmp_cert *cert = NULL;
|
||||
netsnmp_key *key = NULL;
|
||||
char certfile[SNMP_MAXPATH];
|
||||
int type;
|
||||
+ int offset = 0;
|
||||
|
||||
if (((const void*)NULL == dirname) || (NULL == filename))
|
||||
return -1;
|
||||
|
||||
type = _type_from_filename(filename);
|
||||
- netsnmp_assert(type != NS_CERT_TYPE_UNKNOWN);
|
||||
+ if (type == NS_CERT_TYPE_UNKNOWN) {
|
||||
+ snmp_log(LOG_ERR, "certificate file '%s' type not recognised, ignoring\n", filename);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
- snprintf(certfile, sizeof(certfile),"%s/%s", dirname, filename);
|
||||
+ certbio = netsnmp_open_bio(dirname, filename);
|
||||
+ if (!certbio) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
- DEBUGMSGT(("9:cert:file:add", "Checking file: %s (type %d)\n", filename,
|
||||
- type));
|
||||
+ switch (type) {
|
||||
|
||||
- if (NS_CERT_TYPE_KEY == type) {
|
||||
- key = _new_key(dirname, filename);
|
||||
- if (NULL == key)
|
||||
- return -1;
|
||||
- okey = netsnmp_okey_get(key);
|
||||
- if (NULL == okey) {
|
||||
- netsnmp_key_free(key);
|
||||
- return -1;
|
||||
- }
|
||||
- key->okey = okey;
|
||||
- if (-1 == CONTAINER_INSERT(_keys, key)) {
|
||||
- DEBUGMSGT(("cert:key:file:add:err",
|
||||
- "error inserting key into container\n"));
|
||||
- netsnmp_key_free(key);
|
||||
- key = NULL;
|
||||
- }
|
||||
- }
|
||||
- else {
|
||||
- cert = _new_cert(dirname, filename, type, -1, NULL, NULL, NULL);
|
||||
- if (NULL == cert)
|
||||
- return -1;
|
||||
- ocert = netsnmp_ocert_get(cert);
|
||||
- if (NULL == ocert) {
|
||||
- netsnmp_cert_free(cert);
|
||||
- return -1;
|
||||
- }
|
||||
- cert->ocert = ocert;
|
||||
- if (-1 == CONTAINER_INSERT(_certs, cert)) {
|
||||
- DEBUGMSGT(("cert:file:add:err",
|
||||
- "error inserting cert into container\n"));
|
||||
- netsnmp_cert_free(cert);
|
||||
- cert = NULL;
|
||||
- }
|
||||
- }
|
||||
- if ((NULL == cert) && (NULL == key)) {
|
||||
- DEBUGMSGT(("cert:file:add:failure", "for %s\n", certfile));
|
||||
- return -1;
|
||||
+ case NS_CERT_TYPE_KEY:
|
||||
+
|
||||
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||
+ if (NULL == okey)
|
||||
+ snmp_log(LOG_ERR, "error parsing key file %s\n",
|
||||
+ key->info.filename);
|
||||
+ else {
|
||||
+ key = _add_key(okey, dirname, filename, index);
|
||||
+ if (NULL == key) {
|
||||
+ EVP_PKEY_free(okey);
|
||||
+ okey = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
+ case NS_CERT_TYPE_DER:
|
||||
+
|
||||
+ ocert = d2i_X509_bio(certbio, NULL); /* DER/ASN1 */
|
||||
+ if (NULL != ocert) {
|
||||
+ if (!_add_cert(ocert, dirname, filename, type, 0, index)) {
|
||||
+ X509_free(ocert);
|
||||
+ ocert = NULL;
|
||||
+ }
|
||||
+ break;
|
||||
+ }
|
||||
+ (void)BIO_reset(certbio);
|
||||
+ /* Check for PEM if DER didn't work */
|
||||
+ /* FALLTHROUGH */
|
||||
+
|
||||
+ case NS_CERT_TYPE_PEM:
|
||||
+
|
||||
+ if (NS_CERT_TYPE_DER == type) {
|
||||
+ DEBUGMSGT(("9:cert:read", "Changing type from DER to PEM\n"));
|
||||
+ type = NS_CERT_TYPE_PEM;
|
||||
+ }
|
||||
+ ocert = ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||
+ if (NULL != ocert) {
|
||||
+ cert = _add_cert(ncert, dirname, filename, type, offset, index);
|
||||
+ if (NULL == cert) {
|
||||
+ X509_free(ocert);
|
||||
+ ocert = ncert = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ while (NULL != ncert) {
|
||||
+ offset = BIO_tell(certbio);
|
||||
+ ncert = PEM_read_bio_X509_AUX(certbio, NULL, NULL, NULL);
|
||||
+ if (ncert) {
|
||||
+ if (NULL == _add_cert(ncert, dirname, filename, type, offset, index)) {
|
||||
+ X509_free(ncert);
|
||||
+ ncert = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ BIO_seek(certbio, offset);
|
||||
+
|
||||
+ /** check for private key too */
|
||||
+ okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
|
||||
+
|
||||
+ if (NULL != okey) {
|
||||
+ DEBUGMSGT(("cert:read:key", "found key with cert in %s\n",
|
||||
+ cert->info.filename));
|
||||
+ key = _add_key(okey, dirname, filename, NULL);
|
||||
+ if (NULL != key) {
|
||||
+ DEBUGMSGT(("cert:read:partner", "%s match found!\n",
|
||||
+ cert->info.filename));
|
||||
+ key->cert = cert;
|
||||
+ cert->key = key;
|
||||
+ cert->info.allowed_uses |= NS_CERT_IDENTITY;
|
||||
+ }
|
||||
+ else {
|
||||
+ EVP_PKEY_free(okey);
|
||||
+ okey = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ break;
|
||||
+
|
||||
+#ifdef CERT_PKCS12_SUPPORT_MAYBE_LATER
|
||||
+ case NS_CERT_TYPE_PKCS12:
|
||||
+#endif
|
||||
+
|
||||
+ default:
|
||||
+ break;
|
||||
}
|
||||
|
||||
- if (index) {
|
||||
- /** filename = NAME_MAX = 255 */
|
||||
- /** fingerprint max = 64*3=192 for sha512 */
|
||||
- /** common name / CN = 64 */
|
||||
- if (cert)
|
||||
- fprintf(index, "c:%s %d %d %s '%s' '%s'\n", filename,
|
||||
- cert->info.type, cert->hash_type, cert->fingerprint,
|
||||
- cert->common_name, cert->subject);
|
||||
- else if (key)
|
||||
- fprintf(index, "k:%s\n", filename);
|
||||
+ BIO_vfree(certbio);
|
||||
+
|
||||
+ if ((NULL == ocert) && (NULL == okey)) {
|
||||
+ snmp_log(LOG_ERR, "certificate file '%s' contained neither certificate nor key, ignoring\n", certfile);
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -1338,7 +1461,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||
struct stat idx_stat;
|
||||
char tmpstr[SNMP_MAXPATH + 5], filename[NAME_MAX];
|
||||
char fingerprint[EVP_MAX_MD_SIZE*3], common_name[64+1], type_str[15];
|
||||
- char subject[SNMP_MAXBUF_SMALL], hash_str[15];
|
||||
+ char subject[SNMP_MAXBUF_SMALL], hash_str[15], offset_str[15];
|
||||
+ ssize_t offset;
|
||||
int count = 0, type, hash, version;
|
||||
netsnmp_cert *cert;
|
||||
netsnmp_key *key;
|
||||
@@ -1381,7 +1505,8 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||
netsnmp_directory_container_read_some(NULL, dirname,
|
||||
_time_filter, &idx_stat,
|
||||
NETSNMP_DIR_NSFILE |
|
||||
- NETSNMP_DIR_NSFILE_STATS);
|
||||
+ NETSNMP_DIR_NSFILE_STATS |
|
||||
+ NETSNMP_DIR_ALLOW_DUPLICATES);
|
||||
if (newer) {
|
||||
DEBUGMSGT(("cert:index:parse", "Index outdated; files modified\n"));
|
||||
CONTAINER_FREE_ALL(newer, NULL);
|
||||
@@ -1426,6 +1551,7 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||
pos = &tmpstr[2];
|
||||
if ((NULL == (pos=copy_nword(pos, filename, sizeof(filename)))) ||
|
||||
(NULL == (pos=copy_nword(pos, type_str, sizeof(type_str)))) ||
|
||||
+ (NULL == (pos=copy_nword(pos, offset_str, sizeof(offset_str)))) ||
|
||||
(NULL == (pos=copy_nword(pos, hash_str, sizeof(hash_str)))) ||
|
||||
(NULL == (pos=copy_nword(pos, fingerprint,
|
||||
sizeof(fingerprint)))) ||
|
||||
@@ -1438,8 +1564,9 @@ _cert_read_index(const char *dirname, struct stat *dirstat)
|
||||
break;
|
||||
}
|
||||
type = atoi(type_str);
|
||||
+ offset = atoi(offset_str);
|
||||
hash = atoi(hash_str);
|
||||
- cert = _new_cert(dirname, filename, type, hash, fingerprint,
|
||||
+ cert = _new_cert(dirname, filename, type, offset, hash, fingerprint,
|
||||
common_name, subject);
|
||||
if (cert && 0 == CONTAINER_INSERT(found, cert))
|
||||
++count;
|
||||
@@ -1546,7 +1673,8 @@ _add_certdir(const char *dirname)
|
||||
netsnmp_directory_container_read_some(NULL, dirname,
|
||||
_cert_cert_filter, NULL,
|
||||
NETSNMP_DIR_RELATIVE_PATH |
|
||||
- NETSNMP_DIR_EMPTY_OK );
|
||||
+ NETSNMP_DIR_EMPTY_OK |
|
||||
+ NETSNMP_DIR_ALLOW_DUPLICATES);
|
||||
if (NULL == cert_container) {
|
||||
DEBUGMSGT(("cert:index:dir",
|
||||
"error creating container for cert files\n"));
|
||||
@@ -1634,7 +1762,7 @@ _cert_print(netsnmp_cert *c, void *context)
|
||||
if (NULL == c)
|
||||
return;
|
||||
|
||||
- DEBUGMSGT(("cert:dump", "cert %s in %s\n", c->info.filename, c->info.dir));
|
||||
+ DEBUGMSGT(("cert:dump", "cert %s in %s at offset %d\n", c->info.filename, c->info.dir, c->offset));
|
||||
DEBUGMSGT(("cert:dump", " type %d flags 0x%x (%s)\n",
|
||||
c->info.type, c->info.allowed_uses,
|
||||
_mode_str(c->info.allowed_uses)));
|
||||
@@ -1838,7 +1966,8 @@ netsnmp_cert_find(int what, int where, void *hint)
|
||||
netsnmp_void_array *matching;
|
||||
|
||||
DEBUGMSGT(("cert:find:params", " hint = %s\n", (char *)hint));
|
||||
- matching = _cert_find_subset_fn( filename, NULL );
|
||||
+ matching = _cert_reduce_subset_what(_cert_find_subset_fn(
|
||||
+ filename, NULL ), what);
|
||||
if (!matching)
|
||||
return NULL;
|
||||
if (1 == matching->size)
|
||||
@@ -2281,6 +2410,124 @@ _reduce_subset_dir(netsnmp_void_array *matching, const char *directory)
|
||||
}
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * reduce subset by eliminating any certificates that are not the
|
||||
+ * first certficate in a file. This allows us to ignore certificate
|
||||
+ * chains when testing for specific certificates, and to match keys
|
||||
+ * to the first certificate only.
|
||||
+ */
|
||||
+static netsnmp_void_array *
|
||||
+_cert_reduce_subset_first(netsnmp_void_array *matching)
|
||||
+{
|
||||
+ netsnmp_cert *cc;
|
||||
+ int i = 0, j, newsize;
|
||||
+
|
||||
+ if ((NULL == matching))
|
||||
+ return matching;
|
||||
+
|
||||
+ newsize = matching->size;
|
||||
+
|
||||
+ for( ; i < matching->size; ) {
|
||||
+ /*
|
||||
+ * if we've shifted matches down we'll hit a NULL entry before
|
||||
+ * we hit the end of the array.
|
||||
+ */
|
||||
+ if (NULL == matching->array[i])
|
||||
+ break;
|
||||
+ /*
|
||||
+ * skip over valid matches. The first entry has an offset of zero.
|
||||
+ */
|
||||
+ cc = (netsnmp_cert*)matching->array[i];
|
||||
+ if (0 == cc->offset) {
|
||||
+ ++i;
|
||||
+ continue;
|
||||
+ }
|
||||
+ /*
|
||||
+ * shrink array by shifting everything down a spot. Might not be
|
||||
+ * the most efficient soloution, but this is just happening at
|
||||
+ * startup and hopefully most certs won't have common prefixes.
|
||||
+ */
|
||||
+ --newsize;
|
||||
+ for ( j=i; j < newsize; ++j )
|
||||
+ matching->array[j] = matching->array[j+1];
|
||||
+ matching->array[j] = NULL;
|
||||
+ /** no ++i; just shifted down, need to look at same position again */
|
||||
+ }
|
||||
+ /*
|
||||
+ * if we shifted, set the new size
|
||||
+ */
|
||||
+ if (newsize != matching->size) {
|
||||
+ DEBUGMSGT(("9:cert:subset:first", "shrank from %" NETSNMP_PRIz "d to %d\n",
|
||||
+ matching->size, newsize));
|
||||
+ matching->size = newsize;
|
||||
+ }
|
||||
+
|
||||
+ if (0 == matching->size) {
|
||||
+ free(matching->array);
|
||||
+ SNMP_FREE(matching);
|
||||
+ }
|
||||
+
|
||||
+ return matching;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * reduce subset by eliminating any certificates that do not match
|
||||
+ * purpose specified.
|
||||
+ */
|
||||
+static netsnmp_void_array *
|
||||
+_cert_reduce_subset_what(netsnmp_void_array *matching, int what)
|
||||
+{
|
||||
+ netsnmp_cert_common *cc;
|
||||
+ int i = 0, j, newsize;
|
||||
+
|
||||
+ if ((NULL == matching))
|
||||
+ return matching;
|
||||
+
|
||||
+ newsize = matching->size;
|
||||
+
|
||||
+ for( ; i < matching->size; ) {
|
||||
+ /*
|
||||
+ * if we've shifted matches down we'll hit a NULL entry before
|
||||
+ * we hit the end of the array.
|
||||
+ */
|
||||
+ if (NULL == matching->array[i])
|
||||
+ break;
|
||||
+ /*
|
||||
+ * skip over valid matches. The first entry has an offset of zero.
|
||||
+ */
|
||||
+ cc = (netsnmp_cert_common *)matching->array[i];
|
||||
+ if ((cc->allowed_uses & what)) {
|
||||
+ ++i;
|
||||
+ continue;
|
||||
+ }
|
||||
+ /*
|
||||
+ * shrink array by shifting everything down a spot. Might not be
|
||||
+ * the most efficient soloution, but this is just happening at
|
||||
+ * startup and hopefully most certs won't have common prefixes.
|
||||
+ */
|
||||
+ --newsize;
|
||||
+ for ( j=i; j < newsize; ++j )
|
||||
+ matching->array[j] = matching->array[j+1];
|
||||
+ matching->array[j] = NULL;
|
||||
+ /** no ++i; just shifted down, need to look at same position again */
|
||||
+ }
|
||||
+ /*
|
||||
+ * if we shifted, set the new size
|
||||
+ */
|
||||
+ if (newsize != matching->size) {
|
||||
+ DEBUGMSGT(("9:cert:subset:what", "shrank from %" NETSNMP_PRIz "d to %d\n",
|
||||
+ matching->size, newsize));
|
||||
+ matching->size = newsize;
|
||||
+ }
|
||||
+
|
||||
+ if (0 == matching->size) {
|
||||
+ free(matching->array);
|
||||
+ SNMP_FREE(matching);
|
||||
+ }
|
||||
+
|
||||
+ return matching;
|
||||
+}
|
||||
+
|
||||
static netsnmp_void_array *
|
||||
_cert_find_subset_common(const char *filename, netsnmp_container *container)
|
||||
{
|
||||
diff --git a/snmplib/dir_utils.c b/snmplib/dir_utils.c
|
||||
index c2dd989..e7145e4 100644
|
||||
--- a/snmplib/dir_utils.c
|
||||
+++ b/snmplib/dir_utils.c
|
||||
@@ -107,6 +107,9 @@ netsnmp_directory_container_read_some(netsnmp_container *user_container,
|
||||
/** default to unsorted */
|
||||
if (! (flags & NETSNMP_DIR_SORTED))
|
||||
CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_UNSORTED, rc);
|
||||
+ /** default to duplicates not allowed */
|
||||
+ if (! (flags & NETSNMP_DIR_ALLOW_DUPLICATES))
|
||||
+ CONTAINER_SET_OPTIONS(container, CONTAINER_KEY_ALLOW_DUPLICATES, rc);
|
||||
}
|
||||
|
||||
dir = opendir(dirname);
|
@ -1,12 +0,0 @@
|
||||
diff -urNp a/snmplib/snmp_logging.c b/snmplib/snmp_logging.c
|
||||
--- a/snmplib/snmp_logging.c 2023-02-15 10:19:15.691827254 +0100
|
||||
+++ b/snmplib/snmp_logging.c 2023-02-15 10:24:41.006642974 +0100
|
||||
@@ -490,7 +490,7 @@ snmp_log_options(char *optarg, int argc,
|
||||
char *
|
||||
snmp_log_syslogname(const char *pstr)
|
||||
{
|
||||
- if (pstr)
|
||||
+ if (pstr && (pstr != syslogname))
|
||||
strlcpy (syslogname, pstr, sizeof(syslogname));
|
||||
|
||||
return syslogname;
|
@ -1,28 +0,0 @@
|
||||
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
index 6d5e86c..68b55d2 100644
|
||||
--- a/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
|
||||
@@ -123,6 +123,13 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
|
||||
if (first)
|
||||
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
|
||||
}
|
||||
+ b = strstr(buff, "SReclaimable: ");
|
||||
+ if (b)
|
||||
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
|
||||
+ else {
|
||||
+ if (first)
|
||||
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
|
||||
+ }
|
||||
b = strstr(buff, "SwapFree: ");
|
||||
if (b)
|
||||
sscanf(b, "SwapFree: %lu", &swapfree);
|
||||
@@ -130,9 +137,6 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
|
||||
if (first)
|
||||
snmp_log(LOG_ERR, "No SwapFree line in /proc/meminfo\n");
|
||||
}
|
||||
- b = strstr(buff, "SReclaimable: ");
|
||||
- if (b)
|
||||
- sscanf(b, "SReclaimable: %lu", &sreclaimable);
|
||||
first = 0;
|
||||
|
||||
|
@ -1,48 +0,0 @@
|
||||
diff --git a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
|
||||
index 90b20d9..bd5abe1 100644
|
||||
--- a/man/netsnmp_config_api.3.def
|
||||
+++ b/man/netsnmp_config_api.3.def
|
||||
@@ -295,7 +295,7 @@ for one particular machine.
|
||||
.PP
|
||||
The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
|
||||
followed by \fC DATADIR/snmp\fP,
|
||||
-followed by \fC LIBDIR/snmp\fP,
|
||||
+followed by \fC /usr/lib(64)/snmp\fP,
|
||||
followed by \fC $HOME/.snmp\fP.
|
||||
This list can be changed by setting the environmental variable
|
||||
.I SNMPCONFPATH
|
||||
@@ -367,7 +367,7 @@ A colon separated list of directories to search for configuration
|
||||
files in.
|
||||
Default:
|
||||
.br
|
||||
-SYSCONFDIR/snmp:\:DATADIR/snmp:\:LIBDIR/snmp:\:$HOME/.snmp
|
||||
+SYSCONFDIR/snmp:\:DATADIR/snmp:\:/usr/lib(64)/snmp:\:$HOME/.snmp
|
||||
.SH "SEE ALSO"
|
||||
netsnmp_mib_api(3), snmp_api(3)
|
||||
.\" Local Variables:
|
||||
diff --git a/man/snmp_config.5.def b/man/snmp_config.5.def
|
||||
index fd30873..c3437d6 100644
|
||||
--- a/man/snmp_config.5.def
|
||||
+++ b/man/snmp_config.5.def
|
||||
@@ -10,7 +10,7 @@ First off, there are numerous places that configuration files can be
|
||||
found and read from. By default, the applications look for
|
||||
configuration files in the following 4 directories, in order:
|
||||
SYSCONFDIR/snmp,
|
||||
-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these
|
||||
+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these
|
||||
directories, it looks for files snmp.conf, snmpd.conf and/or
|
||||
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
|
||||
and/or snmptrapd.local.conf. *.local.conf are always
|
||||
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
|
||||
index 7ce8a46..a4000f9 100644
|
||||
--- a/man/snmpd.conf.5.def
|
||||
+++ b/man/snmpd.conf.5.def
|
||||
@@ -1593,7 +1593,7 @@ filename), and call the initialisation routine \fIinit_NAME\fR.
|
||||
.RS
|
||||
.IP "Note:"
|
||||
If the specified PATH is not a fully qualified filename, it will
|
||||
-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
|
||||
+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
|
||||
will be appended to the filename.
|
||||
.RE
|
||||
.PP
|
@ -1,26 +0,0 @@
|
||||
diff --git a/agent/Makefile.in b/agent/Makefile.in
|
||||
index 047d880..38d40aa 100644
|
||||
--- a/agent/Makefile.in
|
||||
+++ b/agent/Makefile.in
|
||||
@@ -300,7 +300,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
|
||||
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
|
||||
|
||||
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
|
||||
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
|
||||
|
||||
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
|
||||
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) @AGENTLIBS@
|
||||
diff --git a/apps/Makefile.in b/apps/Makefile.in
|
||||
index 3dbb1d1..48ed23a 100644
|
||||
--- a/apps/Makefile.in
|
||||
+++ b/apps/Makefile.in
|
||||
@@ -190,7 +190,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
|
||||
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
||||
|
||||
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
|
||||
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
|
||||
|
||||
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
|
||||
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
|
@ -1,38 +0,0 @@
|
||||
diff --git a/Makefile.in b/Makefile.in
|
||||
index 912f6b2..862fb5f 100644
|
||||
--- a/Makefile.in
|
||||
+++ b/Makefile.in
|
||||
@@ -227,7 +227,7 @@ perlcleanfeatures:
|
||||
|
||||
# python specific build rules
|
||||
#
|
||||
-PYMAKE=$(PYTHON) setup.py $(PYTHONARGS)
|
||||
+PYMAKE=/usr/bin/python3 setup.py $(PYTHONARGS)
|
||||
pythonmodules: subdirs
|
||||
@(dir=`pwd`; cd python; $(PYMAKE) build --basedir=$$dir) ; \
|
||||
if test $$? != 0 ; then \
|
||||
diff --git a/python/netsnmp/client.py b/python/netsnmp/client.py
|
||||
index daf11a4..3a30a64 100644
|
||||
--- a/python/netsnmp/client.py
|
||||
+++ b/python/netsnmp/client.py
|
||||
@@ -56,7 +56,7 @@ class Varbind(object):
|
||||
def __init__(self, tag=None, iid=None, val=None, type_arg=None):
|
||||
self.tag = STR(tag)
|
||||
self.iid = STR(iid)
|
||||
- self.val = STR(val)
|
||||
+ self.val = val
|
||||
self.type = STR(type_arg)
|
||||
# parse iid out of tag if needed
|
||||
if iid is None and tag is not None:
|
||||
@@ -66,7 +66,10 @@ class Varbind(object):
|
||||
(self.tag, self.iid) = match.group(1, 2)
|
||||
|
||||
def __setattr__(self, name, val):
|
||||
- self.__dict__[name] = STR(val)
|
||||
+ if name == 'val':
|
||||
+ self.__dict__[name] = val
|
||||
+ else:
|
||||
+ self.__dict__[name] = STR(val)
|
||||
|
||||
def __str__(self):
|
||||
return obj_to_str(self)
|
@ -1,65 +0,0 @@
|
||||
From ed4ee14af5b83fa4a86dfaa783f841d3e8545ce4 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
|
||||
Date: Wed, 9 Aug 2023 16:51:28 +0200
|
||||
Subject: [PATCH] Add support for RPM SQLite DB background.
|
||||
|
||||
From RPM 4.16 the SQLite support is available for RPM DB.
|
||||
After https://fedoraproject.org/wiki/Changes/Sqlite_Rpmdb, rpm changed
|
||||
it's background DB from Berkeley to SQLite in Fedora.
|
||||
Net-SNMP is using hard coded paths to determine where RPM DB files are.
|
||||
|
||||
This update is adding check for rpmdb.sqlite file in order to be able
|
||||
invalidate internal cache after system package change.
|
||||
|
||||
Closes #596
|
||||
---
|
||||
agent/mibgroup/host/data_access/swinst_rpm.c | 18 +++++++++++++-----
|
||||
agent/mibgroup/host/hr_swinst.c | 3 +++
|
||||
2 files changed, 16 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
index 050edff307..7ad91a3194 100644
|
||||
--- a/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c
|
||||
@@ -73,15 +73,23 @@ netsnmp_swinst_arch_init(void)
|
||||
#endif
|
||||
|
||||
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
|
||||
+
|
||||
+ if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||
+
|
||||
+ /* check for SQLite DB backend */
|
||||
+ snprintf( pkg_directory, SNMP_MAXPATH, "%s/rpmdb.sqlite", dbpath );
|
||||
+
|
||||
+ if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||
+ snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
|
||||
+ pkg_directory[0] = '\0';
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
SNMP_FREE(rpmdbpath);
|
||||
dbpath = NULL;
|
||||
#ifdef HAVE_RPMGETPATH
|
||||
rpmFreeRpmrc();
|
||||
-#endif
|
||||
- if (-1 == stat( pkg_directory, &stat_buf )) {
|
||||
- snmp_log(LOG_ERR, "Can't find directory of RPM packages\n");
|
||||
- pkg_directory[0] = '\0';
|
||||
- }
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
|
||||
--- a/agent/mibgroup/host/hr_swinst.c 2023-07-31 11:37:44.855071535 +0200
|
||||
+++ b/agent/mibgroup/host/hr_swinst.c 2023-08-14 12:45:14.846357019 +0200
|
||||
@@ -229,6 +229,9 @@ init_hr_swinst(void)
|
||||
snprintf(path, sizeof(path), "%s/Packages", swi->swi_dbpath);
|
||||
if (stat(path, &stat_buf) == -1)
|
||||
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
|
||||
+ /* check for SQLite DB backend */
|
||||
+ if (stat(path, &stat_buf) == -1)
|
||||
+ snprintf(path, sizeof(path), "%s/rpmdb.sqlite", swi->swi_dbpath);
|
||||
path[ sizeof(path)-1 ] = 0;
|
||||
swi->swi_directory = strdup(path);
|
||||
#ifdef HAVE_RPMGETPATH
|
@ -1,110 +0,0 @@
|
||||
diff --git a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
|
||||
index 6c07f74..7df0b51 100644
|
||||
--- a/testing/fulltests/default/T070com2sec_simple
|
||||
+++ b/testing/fulltests/default/T070com2sec_simple
|
||||
@@ -134,34 +134,30 @@ SAVECHECKAGENT '<"c406a", 255.255.255.255/255.255.255.255> => "t406a"'
|
||||
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
|
||||
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
|
||||
|
||||
-if false; then
|
||||
- # The two tests below have been disabled because these rely on resolving a
|
||||
- # domain name into a local IP address. Such DNS replies are filtered out by
|
||||
- # many security devices because to avoid DNS rebinding attacks. See also
|
||||
- # https://en.wikipedia.org/wiki/DNS_rebinding.
|
||||
-
|
||||
- CHECKAGENT '<"c408a"'
|
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
- CHECKAGENT 'line 32: Error:'
|
||||
- if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
- return_value=1
|
||||
- FINISHED
|
||||
- fi
|
||||
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+FINISHED
|
||||
+
|
||||
+# don't test the rest, it depends on DNS, which is not available in Koji
|
||||
+
|
||||
+CHECKAGENT '<"c408a"'
|
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
+ CHECKAGENT 'line 32: Error:'
|
||||
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
return_value=1
|
||||
FINISHED
|
||||
fi
|
||||
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+ return_value=1
|
||||
+ FINISHED
|
||||
+fi
|
||||
|
||||
- CHECKAGENT '<"c408b"'
|
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
- CHECKAGENT 'line 33: Error:'
|
||||
- if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
- return_value=1
|
||||
- fi
|
||||
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+CHECKAGENT '<"c408b"'
|
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
+ CHECKAGENT 'line 33: Error:'
|
||||
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
return_value=1
|
||||
fi
|
||||
-
|
||||
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+ return_value=1
|
||||
fi
|
||||
|
||||
FINISHED
|
||||
diff --git a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
|
||||
index 76da70b..bc2d432 100644
|
||||
--- a/testing/fulltests/default/T071com2sec6_simple
|
||||
+++ b/testing/fulltests/default/T071com2sec6_simple
|
||||
@@ -132,30 +132,27 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/ffff:ffff:ffff
|
||||
SAVECHECKAGENT 'line 27: Error:'
|
||||
SAVECHECKAGENT 'line 28: Error:'
|
||||
|
||||
-if false; then
|
||||
- # The two tests below have been disabled because these rely on resolving a
|
||||
- # domain name into a local IP address. Such DNS replies are filtered out by
|
||||
- # many security devices because to avoid DNS rebinding attacks. See also
|
||||
- # https://en.wikipedia.org/wiki/DNS_rebinding.
|
||||
-
|
||||
- # 608
|
||||
- CHECKAGENT '<"c608a"'
|
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
- CHECKAGENT 'line 29: Error:'
|
||||
- errnum=`expr $errnum - 1`
|
||||
- if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
- FINISHED
|
||||
- fi
|
||||
- elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+FINISHED
|
||||
+
|
||||
+# don't test the rest, it depends on DNS, which is not available in Koji
|
||||
+
|
||||
+# 608
|
||||
+CHECKAGENT '<"c608a"'
|
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
+ CHECKAGENT 'line 29: Error:'
|
||||
+ errnum=`expr $errnum - 1`
|
||||
+ if [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
FINISHED
|
||||
fi
|
||||
+elif [ "$snmp_last_test_result" -ne 1 ] ; then
|
||||
+ FINISHED
|
||||
+fi
|
||||
|
||||
- CHECKAGENTCOUNT atleastone '<"c608b"'
|
||||
- if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
- CHECKAGENT 'line 30: Error:'
|
||||
- if [ "$snmp_last_test_result" -eq 1 ] ; then
|
||||
- errnum=`expr $errnum - 1`
|
||||
- fi
|
||||
+CHECKAGENTCOUNT atleastone '<"c608b"'
|
||||
+if [ "$snmp_last_test_result" -eq 0 ] ; then
|
||||
+ CHECKAGENT 'line 30: Error:'
|
||||
+ if [ "$snmp_last_test_result" -eq 1 ] ; then
|
||||
+ errnum=`expr $errnum - 1`
|
||||
fi
|
||||
fi
|
||||
|
@ -1,175 +0,0 @@
|
||||
diff -urNp a/man/net-snmp-config.1.def b/man/net-snmp-config.1.def
|
||||
--- a/man/net-snmp-config.1.def 2021-05-26 09:30:07.430790003 +0200
|
||||
+++ b/man/net-snmp-config.1.def 2021-05-26 09:35:36.703673542 +0200
|
||||
@@ -30,7 +30,7 @@ code for a list of available debug token
|
||||
SNMP Setup commands:
|
||||
.TP
|
||||
\fB\-\-create\-snmpv3\-user\fR [\-ro] [\-a authpass] [\-x privpass]
|
||||
-[\-X DES|AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
|
||||
+[\-X AES] [\-A MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [username]
|
||||
.PP
|
||||
These options produce the various compilation flags needed when
|
||||
building external SNMP applications:
|
||||
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
|
||||
--- a/man/net-snmp-create-v3-user.1.def 2021-05-26 09:30:07.430790003 +0200
|
||||
+++ b/man/net-snmp-create-v3-user.1.def 2021-05-26 09:34:23.702034230 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
|
||||
.SH SYNOPSIS
|
||||
.PP
|
||||
-.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
|
||||
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x AES]
|
||||
.B [username]
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
@@ -27,5 +27,5 @@ specifies the authentication password ha
|
||||
\fB\-X privpass\fR
|
||||
specifies the encryption password
|
||||
.TP
|
||||
-\fB\-x DES|AES\fR
|
||||
+\fB\-x AES\fR
|
||||
specifies the encryption algorithm
|
||||
diff -urNp a/man/snmpcmd.1.def b/man/snmpcmd.1.def
|
||||
--- a/man/snmpcmd.1.def 2021-05-26 09:30:07.429789994 +0200
|
||||
+++ b/man/snmpcmd.1.def 2021-05-26 09:37:51.104850500 +0200
|
||||
@@ -311,7 +311,7 @@ Overrides the \fIdefSecurityName\fR toke
|
||||
file.
|
||||
.TP
|
||||
.BI \-x " privProtocol"
|
||||
-Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages.
|
||||
+Set the privacy protocol (AES) used for encrypted SNMPv3 messages.
|
||||
Overrides the \fIdefPrivType\fR token in the
|
||||
.I snmp.conf
|
||||
file. This option is only valid if the Net-SNMP software was build
|
||||
diff -urNp a/man/snmp.conf.5.def b/man/snmp.conf.5.def
|
||||
--- a/man/snmp.conf.5.def 2021-05-26 09:30:07.429789994 +0200
|
||||
+++ b/man/snmp.conf.5.def 2021-05-26 09:40:03.730011937 +0200
|
||||
@@ -221,13 +221,13 @@ The
|
||||
value will be used for the authentication and/or privacy pass phrases
|
||||
if either of the other directives are not specified.
|
||||
.IP "defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224"
|
||||
-.IP "defPrivType DES|AES"
|
||||
+.IP "defPrivType AES"
|
||||
define the default authentication and privacy protocols to use for
|
||||
SNMPv3 requests.
|
||||
These can be overridden using the \fB\-a\fR and \fB\-x\fR options respectively.
|
||||
.IP
|
||||
If not specified, SNMPv3 requests will default to MD5 authentication
|
||||
-and DES encryption.
|
||||
+and AES encryption.
|
||||
.RS
|
||||
.IP "Note:
|
||||
If the software has not been compiled to use the OpenSSL libraries,
|
||||
@@ -262,8 +262,7 @@ master keys which have been converted to
|
||||
suitable for on particular SNMP engine (agent). The length of the key
|
||||
needs to be appropriate for the authentication or encryption type
|
||||
being used (auth keys: MD5=16 bytes, SHA1=20 bytes;
|
||||
-priv keys: DES=16 bytes (8
|
||||
-bytes of which is used as an IV and not a key), and AES=16 bytes).
|
||||
+priv keys: AES=16 bytes).
|
||||
.IP "sshtosnmpsocket PATH"
|
||||
Sets the path of the \fBsshtosnmp\fR socket created by an application
|
||||
(e.g. snmpd) listening for incoming ssh connections through the
|
||||
diff -urNp a/man/snmpd.examples.5.def b/man/snmpd.examples.5.def
|
||||
--- a/man/snmpd.examples.5.def 2021-05-26 09:30:07.429789994 +0200
|
||||
+++ b/man/snmpd.examples.5.def 2021-05-26 09:41:29.170761436 +0200
|
||||
@@ -87,8 +87,8 @@ the same authentication and encryption s
|
||||
.RS
|
||||
.nf
|
||||
createUser me MD5 "single pass phrase"
|
||||
-createUser myself MD5 "single pass phrase" DES
|
||||
-createUser andI MD5 "single pass phrase" DES "single pass phrase"
|
||||
+createUser myself MD5 "single pass phrase" AES
|
||||
+createUser andI MD5 "single pass phrase" AES "single pass phrase"
|
||||
.fi
|
||||
.RE
|
||||
Note that this defines three \fIdistinct\fR users, who could be granted
|
||||
diff -urNp a/man/snmptrapd.conf.5.def b/man/snmptrapd.conf.5.def
|
||||
--- a/man/snmptrapd.conf.5.def 2021-05-26 09:30:07.428789985 +0200
|
||||
+++ b/man/snmptrapd.conf.5.def 2021-05-26 09:42:02.963064029 +0200
|
||||
@@ -117,7 +117,7 @@ to trigger the types of processing liste
|
||||
See
|
||||
.IR snmpd.conf (5)
|
||||
for more details.
|
||||
-.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES]"
|
||||
+.IP "createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [AES]"
|
||||
See the
|
||||
.IR snmpd.conf (5)
|
||||
manual page for a description of how to create SNMPv3 users. This
|
||||
diff -urNp a/man/snmpusm.1.def b/man/snmpusm.1.def
|
||||
--- a/man/snmpusm.1.def 2021-05-26 09:30:07.430790003 +0200
|
||||
+++ b/man/snmpusm.1.def 2021-05-26 09:42:24.178253990 +0200
|
||||
@@ -216,7 +216,7 @@ rwuser initial
|
||||
# lets add the new user we'll create too:
|
||||
rwuser wes
|
||||
# USM configuration entries
|
||||
-createUser initial MD5 setup_passphrase DES
|
||||
+createUser initial MD5 setup_passphrase AES
|
||||
.fi
|
||||
.RE
|
||||
.PP
|
||||
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
||||
--- a/net-snmp-create-v3-user.in 2021-05-26 09:30:07.369789468 +0200
|
||||
+++ b/net-snmp-create-v3-user.in 2021-05-26 09:33:23.966511123 +0200
|
||||
@@ -10,7 +10,7 @@ if @PSCMD@ | egrep ' snmpd *$' > /dev/nu
|
||||
fi
|
||||
|
||||
Aalgorithm="MD5"
|
||||
-Xalgorithm="DES"
|
||||
+Xalgorithm="AES"
|
||||
token=rwuser
|
||||
|
||||
while test "x$done" = "x" -a "x$1" != "x" -a "x$usage" != "xyes"; do
|
||||
@@ -57,11 +57,11 @@ case $1 in
|
||||
exit 1
|
||||
fi
|
||||
case $1 in
|
||||
- DES|AES|AES128|AES192|AES256)
|
||||
+ AES|AES128|AES192|AES256)
|
||||
Xalgorithm=$1
|
||||
shift
|
||||
;;
|
||||
- des|aes|aes128|aes192|aes256)
|
||||
+ aes|aes128|aes192|aes256)
|
||||
Xalgorithm=$(echo "$1" | tr a-z A-Z)
|
||||
shift
|
||||
;;
|
||||
@@ -90,7 +90,7 @@ if test "x$usage" = "xyes"; then
|
||||
echo ""
|
||||
echo "Usage:"
|
||||
echo " net-snmp-create-v3-user [-ro] [-A authpass] [-X privpass]"
|
||||
- echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x DES|AES] [username]"
|
||||
+ echo " [-a MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224] [-x AES] [username]"
|
||||
echo ""
|
||||
exit
|
||||
fi
|
||||
diff -urNp a/README.snmpv3 b/README.snmpv3
|
||||
--- a/README.snmpv3 2021-05-26 09:30:07.352789320 +0200
|
||||
+++ b/README.snmpv3 2021-05-26 09:44:49.109551728 +0200
|
||||
@@ -4,7 +4,7 @@ How to setup SNMPv3, a very brief docume
|
||||
do a better job on since I suck at writing documentation and he
|
||||
doesn't ;-) --Wes:
|
||||
|
||||
-Note: SHA authentication and DES/AES encryption support is only available
|
||||
+Note: SHA authentication and AES encryption support is only available
|
||||
if you have OpenSSL installed or if you've compiled using
|
||||
--with-openssl=internal. If you use --with-openssl=internal please
|
||||
read the documentation in snmplib/openssl/README for important details.
|
||||
@@ -27,7 +27,7 @@ CREATING THE FIRST USER:
|
||||
WARNING: SNMPv3 pass phrases must be at least 8 characters long!
|
||||
|
||||
The above line creates the user "myuser" with a password of
|
||||
- "my_password" (and uses MD5 and DES for protection). (Note that
|
||||
+ "my_password" (and uses MD5 and AES for protection). (Note that
|
||||
encryption support isn't enabled in the binary releases downloadable
|
||||
from the net-snmp web site.) net-snmp-config will also add a line
|
||||
to your snmpd.conf file to let that user have read/write access to
|
||||
@@ -44,7 +44,7 @@ CREATING THE FIRST USER:
|
||||
[ this should return information about how long your agent has been up]
|
||||
|
||||
snmpget -v 3 -u myuser -l authPriv -a MD5 -A my_password
|
||||
- -x DES -X my_password localhost sysUpTime.0
|
||||
+ -x AES -X my_password localhost sysUpTime.0
|
||||
[ this should return similar information, but encrypts the transmission ]
|
||||
|
||||
CREATING A SECOND USER:
|
@ -1,6 +0,0 @@
|
||||
diff -urNp a/dist/autoconf-version b/dist/autoconf-version
|
||||
--- a/dist/autoconf-version 2024-02-16 08:21:36.551729028 +0100
|
||||
+++ b/dist/autoconf-version 2024-02-16 08:24:39.035608191 +0100
|
||||
@@ -1 +1 @@
|
||||
-2.71
|
||||
+2.72
|
@ -1,120 +0,0 @@
|
||||
From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
|
||||
From: Philippe Troin <phil+github-commits@fifi.org>
|
||||
Date: Sat, 3 Feb 2024 10:30:30 -0800
|
||||
Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
|
||||
|
||||
Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
|
||||
This breaks the hard-coded assumptions about the Ip line length.
|
||||
Add compatibility to parse Linux 6.7 Ip header while keep support
|
||||
for previous versions.
|
||||
---
|
||||
.../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++----
|
||||
1 file changed, 37 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||
index 49e0a34d5c..f04e828a94 100644
|
||||
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||
@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
|
||||
}
|
||||
|
||||
/*
|
||||
- /proc/net/snmp
|
||||
+ /proc/net/snmp - Linux 6.6 and lower
|
||||
|
||||
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
|
||||
Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
|
||||
@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
|
||||
|
||||
Udp: InDatagrams NoPorts InErrors OutDatagrams
|
||||
Udp: 1491094 122 0 1466178
|
||||
+*
|
||||
+ /proc/net/snmp - Linux 6.7 and higher
|
||||
+
|
||||
+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
|
||||
+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
|
||||
+
|
||||
+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
|
||||
+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
|
||||
+
|
||||
+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
|
||||
+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484
|
||||
+
|
||||
+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
|
||||
+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
|
||||
+
|
||||
+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
|
||||
+ Udp: 2257832 1422 0 2252835 0 0 0 84 0
|
||||
+
|
||||
+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
|
||||
+ UdpLite: 0 0 0 0 0 0 0 0 0
|
||||
*/
|
||||
|
||||
|
||||
@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||
FILE *devin;
|
||||
char line[1024];
|
||||
netsnmp_systemstats_entry *entry = NULL;
|
||||
- int scan_count;
|
||||
+ int scan_count, expected_scan_count;
|
||||
char *stats, *start = line;
|
||||
int len;
|
||||
- unsigned long long scan_vals[19];
|
||||
+ unsigned long long scan_vals[20];
|
||||
|
||||
DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
|
||||
load_flags));
|
||||
@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||
*/
|
||||
NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
|
||||
len = strlen(line);
|
||||
- if (224 != len) {
|
||||
+ switch (len) {
|
||||
+ case 224:
|
||||
+ expected_scan_count = 19;
|
||||
+ break;
|
||||
+ case 237:
|
||||
+ expected_scan_count = 20;
|
||||
+ break;
|
||||
+ default:
|
||||
fclose(devin);
|
||||
snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
|
||||
- " %d != 224\n", len);
|
||||
+ " %d not in { 224, 237 } \n", len);
|
||||
return -4;
|
||||
}
|
||||
|
||||
@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||
memset(scan_vals, 0x0, sizeof(scan_vals));
|
||||
scan_count = sscanf(stats,
|
||||
"%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
|
||||
- "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
|
||||
+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
|
||||
&scan_vals[0],&scan_vals[1],&scan_vals[2],
|
||||
&scan_vals[3],&scan_vals[4],&scan_vals[5],
|
||||
&scan_vals[6],&scan_vals[7],&scan_vals[8],
|
||||
&scan_vals[9],&scan_vals[10],&scan_vals[11],
|
||||
&scan_vals[12],&scan_vals[13],&scan_vals[14],
|
||||
&scan_vals[15],&scan_vals[16],&scan_vals[17],
|
||||
- &scan_vals[18]);
|
||||
+ &scan_vals[18],&scan_vals[19]);
|
||||
DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count));
|
||||
|
||||
- if(scan_count != 19) {
|
||||
+ if(scan_count != expected_scan_count) {
|
||||
snmp_log(LOG_ERR,
|
||||
"error scanning systemstats data (expected %d, got %d)\n",
|
||||
- 19, scan_count);
|
||||
+ expected_scan_count, scan_count);
|
||||
netsnmp_access_systemstats_entry_free(entry);
|
||||
return -4;
|
||||
}
|
||||
@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||
entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
|
||||
entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
|
||||
entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
|
||||
+ /* entry->stats. = scan_vals[19]; / * OutTransmits */
|
||||
|
||||
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
|
||||
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;
|
||||
|
@ -16,47 +16,43 @@
|
||||
arch=`arch`
|
||||
echo $arch | grep -q i.86
|
||||
if [ $? -eq 0 ] ; then
|
||||
net-snmp-config-i386 "$@"
|
||||
net-snmp-config-i386 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "ia64" ] ; then
|
||||
net-snmp-config-ia64 "$@"
|
||||
net-snmp-config-ia64 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "ppc" ] ; then
|
||||
net-snmp-config-ppc "$@"
|
||||
net-snmp-config-ppc $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "ppc64" ] ; then
|
||||
net-snmp-config-ppc64 "$@"
|
||||
net-snmp-config-ppc64 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "s390" ] ; then
|
||||
net-snmp-config-s390 "$@"
|
||||
net-snmp-config-s390 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "s390x" ] ; then
|
||||
net-snmp-config-s390x "$@"
|
||||
net-snmp-config-s390x $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "x86_64" ] ; then
|
||||
net-snmp-config-x86_64 "$@"
|
||||
net-snmp-config-x86_64 $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "alpha" ] ; then
|
||||
net-snmp-config-alpha "$@"
|
||||
net-snmp-config-alpha $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "sparc" ] ; then
|
||||
net-snmp-config-sparc "$@"
|
||||
net-snmp-config-sparc $*
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "sparc64" ] ; then
|
||||
net-snmp-config-sparc64 "$@"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$arch" = "aarch64" ] ; then
|
||||
net-snmp-config-aarch64 "$@"
|
||||
net-snmp-config-sparc64 $*
|
||||
exit 0
|
||||
fi
|
||||
echo "Cannot determine architecture"
|
||||
|
@ -4,10 +4,10 @@
|
||||
* out) in net-snmp-config.h. The original net-snmp-config.h has been renamed.
|
||||
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
|
||||
|
||||
#ifdef net_snmp_config_multilib_redirection_h
|
||||
#error "Do not define net_snmp_config_multilib_redirection_h!"
|
||||
#ifdef net-snmp-config_multilib_redirection_h
|
||||
#error "Do not define net-snmp-config_multilib_redirection_h!"
|
||||
#endif
|
||||
#define net_snmp_config_multilib_redirection_h
|
||||
#define net-snmp-config_multilib_redirection_h
|
||||
|
||||
#if defined(__i386__)
|
||||
#include "net-snmp-config-i386.h"
|
||||
@ -29,10 +29,8 @@
|
||||
#include "net-snmp-config-sparc64.h"
|
||||
#elif defined(__sparc__)
|
||||
#include "net-snmp-config-sparc.h"
|
||||
#elif defined(__aarch64__)
|
||||
#include "net-snmp-config-aarch64.h"
|
||||
#else
|
||||
#error "net-snmp-devel package does not work on your architecture"
|
||||
#endif
|
||||
|
||||
#undef net_snmp_config_multilib_redirection_h
|
||||
#undef net-snmp-config_multilib_redirection_h
|
||||
|
@ -1,59 +0,0 @@
|
||||
Libs.private should contain a list of libraries the library that the package
|
||||
exposes is linked too. So let's filter out unrelated link flags.
|
||||
|
||||
diff --git net-snmp-5.9.1/netsnmp.pc.in~ net-snmp-5.9.1/netsnmp.pc.in
|
||||
index 0a1f5785a4..524ca91d82 100644
|
||||
--- net-snmp-5.9.1/netsnmp.pc.in~
|
||||
+++ net-snmp-5.9.1/netsnmp.pc.in
|
||||
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
|
||||
Version: @PACKAGE_VERSION@
|
||||
Cflags: -I${includedir}
|
||||
Libs: -L${libdir} -lnetsnmp
|
||||
-Libs.private: @LDFLAGS@ @LNETSNMPLIBS@ @LIBS@ @PERLLDOPTS_FOR_APPS@
|
||||
+Libs.private: @LNETSNMPLIBS@ @LIBS@
|
||||
diff --git net-snmp-5.9.1/netsnmp-agent.pc.in~ net-snmp-5.9.1/netsnmp-agent.pc.in
|
||||
index 3a1c77bbf8..3d3b308d21 100644
|
||||
--- net-snmp-5.9.1/netsnmp-agent.pc.in~
|
||||
+++ net-snmp-5.9.1/netsnmp-agent.pc.in
|
||||
@@ -9,4 +9,4 @@ URL: http://www.net-snmp.org
|
||||
Version: @PACKAGE_VERSION@
|
||||
Cflags: -I${includedir}
|
||||
Libs: -L${libdir} -lnetsnmpmibs -lnetsnmpagent -lnetsnmp
|
||||
-Libs.private: @LDFLAGS@ @LMIBLIBS@ @LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@ @LNETSNMPLIBS@ @LIBS@
|
||||
+Libs.private: @LMIBLIBS@ @LAGENTLIBS@ @LNETSNMPLIBS@ @LIBS@
|
||||
diff --git net-snmp-5.9.1/net-snmp-config.in~ net-snmp-5.9.1/net-snmp-config.in
|
||||
index 6b5abf8f83..ee81ce98fa 100644
|
||||
--- net-snmp-5.9.1/net-snmp-config.in~
|
||||
+++ net-snmp-5.9.1/net-snmp-config.in
|
||||
@@ -193,13 +193,13 @@ else
|
||||
#################################################### client lib
|
||||
--libs)
|
||||
# use this one == --netsnmp-libs + --external-libs
|
||||
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
|
||||
+ echo $NSC_LIBDIR $NSC_SNMPLIBS $NSC_LIBS
|
||||
;;
|
||||
--netsnmp-libs)
|
||||
echo $NSC_LIBDIR $NSC_BASE_SNMP_LIBS
|
||||
;;
|
||||
--external-libs)
|
||||
- echo $NSC_LDFLAGS $NSC_LNETSNMPLIBS $NSC_LIBS @PERLLDOPTS_FOR_APPS@
|
||||
+ echo $NSC_LNETSNMPLIBS $NSC_LIBS
|
||||
;;
|
||||
#################################################### agent lib
|
||||
--base-agent-libs)
|
||||
@@ -210,13 +210,13 @@ else
|
||||
;;
|
||||
--agent-libs)
|
||||
# use this one == --netsnmp-agent-libs + --external-libs
|
||||
- echo $NSC_LDFLAGS $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
|
||||
+ echo $NSC_LIBDIR $NSC_AGENTLIBS $NSC_LIBS
|
||||
;;
|
||||
--netsnmp-agent-libs)
|
||||
echo $NSC_LIBDIR $NSC_BASE_AGENT_LIBS
|
||||
;;
|
||||
--external-agent-libs)
|
||||
- echo $NSC_LDFLAGS $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
|
||||
+ echo $NSC_LMIBLIBS $NSC_LAGENTLIBS $NSC_LNETSNMPLIBS $NSC_LIBS
|
||||
;;
|
||||
####################################################
|
||||
--version|--ver*)
|
@ -1 +0,0 @@
|
||||
d /run/net-snmp 0755 root root
|
@ -38,14 +38,14 @@
|
||||
# First, map the community name "public" into a "security name"
|
||||
|
||||
# sec.name source community
|
||||
#com2sec notConfigUser default public
|
||||
com2sec notConfigUser default public
|
||||
|
||||
####
|
||||
# Second, map the security name into a group name:
|
||||
|
||||
# groupName securityModel securityName
|
||||
#group notConfigGroup v1 notConfigUser
|
||||
#group notConfigGroup v2c notConfigUser
|
||||
group notConfigGroup v1 notConfigUser
|
||||
group notConfigGroup v2c notConfigUser
|
||||
|
||||
####
|
||||
# Third, create a view for us to let the group have rights to:
|
||||
@ -173,16 +173,6 @@ syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
|
||||
# system.sysServices.0 = 72
|
||||
|
||||
|
||||
###############################################################################
|
||||
# Logging
|
||||
#
|
||||
|
||||
# We do not want annoying "Connection from UDP: " messages in syslog.
|
||||
# If the following option is commented out, snmpd will print each incoming
|
||||
# connection, which can be useful for debugging.
|
||||
|
||||
dontLogTCPWrappersConnects yes
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
|
||||
@ -456,6 +446,9 @@ dontLogTCPWrappersConnects yes
|
||||
# For specific usage information, see the man/snmpd.conf.5 manual page
|
||||
# as well as the local/passtest script used in the above example.
|
||||
|
||||
# Added for support of bcm5820 cards.
|
||||
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
|
||||
|
||||
###############################################################################
|
||||
# Further Information
|
||||
#
|
||||
|
1349
net-snmp.spec
1349
net-snmp.spec
File diff suppressed because it is too large
Load Diff
115
net-snmpd.init
Executable file
115
net-snmpd.init
Executable file
@ -0,0 +1,115 @@
|
||||
#!/bin/bash
|
||||
# ucd-snmp init file for snmpd
|
||||
#
|
||||
# chkconfig: - 50 50
|
||||
# description: Simple Network Management Protocol (SNMP) Daemon
|
||||
#
|
||||
# processname: /usr/sbin/snmpd
|
||||
# config: /etc/snmp/snmpd.conf
|
||||
# config: /usr/share/snmp/snmpd.conf
|
||||
# pidfile: /var/run/snmpd.pid
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: snmpd
|
||||
# Required-Start: $local_fs $network
|
||||
# Required-Stop: $local_fs $network
|
||||
# Should-Start:
|
||||
# Should-Stop:
|
||||
# Default-Start:
|
||||
# Default-Stop:
|
||||
# Short-Description: start and stop Net-SNMP daemon
|
||||
# Description: Simple Network Management Protocol (SNMP) Daemon
|
||||
### END INIT INFO
|
||||
|
||||
# source function library
|
||||
. /etc/init.d/functions
|
||||
|
||||
|
||||
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
|
||||
if [ -e /etc/sysconfig/snmpd ]; then
|
||||
. /etc/sysconfig/snmpd
|
||||
fi
|
||||
|
||||
RETVAL=0
|
||||
prog="snmpd"
|
||||
binary=/usr/sbin/snmpd
|
||||
pidfile=/var/run/snmpd.pid
|
||||
|
||||
start() {
|
||||
[ -x $binary ] || exit 5
|
||||
echo -n $"Starting $prog: "
|
||||
if [ $UID -ne 0 ]; then
|
||||
RETVAL=1
|
||||
failure
|
||||
else
|
||||
daemon --pidfile=$pidfile $binary $OPTIONS
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/snmpd
|
||||
fi;
|
||||
echo
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Stopping $prog: "
|
||||
if [ $UID -ne 0 ]; then
|
||||
RETVAL=1
|
||||
failure
|
||||
else
|
||||
killproc -p $pidfile $binary
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/snmpd
|
||||
fi;
|
||||
echo
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
reload(){
|
||||
echo -n $"Reloading $prog: "
|
||||
killproc -p $pidfile $binary -HUP
|
||||
RETVAL=$?
|
||||
echo
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
restart(){
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
condrestart(){
|
||||
[ -e /var/lock/subsys/snmpd ] && restart
|
||||
return 0
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
RETVAL=$?
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
RETVAL=$?
|
||||
;;
|
||||
restart)
|
||||
restart
|
||||
RETVAL=$?
|
||||
;;
|
||||
reload)
|
||||
reload
|
||||
RETVAL=$?
|
||||
;;
|
||||
condrestart|try-restart)
|
||||
condrestart
|
||||
RETVAL=$?
|
||||
;;
|
||||
status)
|
||||
status snmpd
|
||||
RETVAL=$?
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
|
||||
RETVAL=2
|
||||
esac
|
||||
|
||||
exit $RETVAL
|
7
net-snmpd.logrotate
Normal file
7
net-snmpd.logrotate
Normal file
@ -0,0 +1,7 @@
|
||||
/var/log/snmpd.log {
|
||||
notifempty
|
||||
missingok
|
||||
postrotate
|
||||
/sbin/service snmpd condrestart 2> /dev/null > /dev/null || true
|
||||
endscript
|
||||
}
|
@ -1,3 +1,2 @@
|
||||
# snmpd command line options
|
||||
# '-f' is implicitly added by snmpd systemd unit file
|
||||
# OPTIONS="-LS0-6d"
|
||||
# OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
|
||||
|
104
net-snmptrapd.init
Executable file
104
net-snmptrapd.init
Executable file
@ -0,0 +1,104 @@
|
||||
#!/bin/bash
|
||||
|
||||
# ucd-snmp init file for snmptrapd
|
||||
#
|
||||
# chkconfig: - 50 50
|
||||
# description: Simple Network Management Protocol (SNMP) Trap Daemon
|
||||
#
|
||||
# processname: /usr/sbin/snmptrapd
|
||||
# config: /etc/snmp/snmptrapd.conf
|
||||
# config: /usr/share/snmp/snmptrapd.conf
|
||||
# pidfile: /var/run/snmptrapd.pid
|
||||
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: snmptrapd
|
||||
# Required-Start: $local_fs $network
|
||||
# Required-Stop: $local_fs $network
|
||||
# Should-Start:
|
||||
# Should-Stop:
|
||||
# Default-Start:
|
||||
# Default-Stop:
|
||||
# Short-Description: start and stop Net-SNMP trap daemon
|
||||
# Description: Simple Network Management Protocol (SNMP) trap daemon
|
||||
### END INIT INFO
|
||||
|
||||
# source function library
|
||||
. /etc/init.d/functions
|
||||
|
||||
if [ -e /etc/snmp/snmptrapd.options ]; then
|
||||
. /etc/snmp/snmptrapd.options
|
||||
else
|
||||
OPTIONS="-Lsd -p /var/run/snmptrapd.pid"
|
||||
fi
|
||||
|
||||
RETVAL=0
|
||||
prog="snmptrapd"
|
||||
binary=/usr/sbin/snmptrapd
|
||||
pidfile=/var/run/snmptrapd.pid
|
||||
|
||||
start() {
|
||||
[ -x $binary ] || exit 5
|
||||
echo -n $"Starting $prog: "
|
||||
daemon --pidfile=$pidfile /usr/sbin/snmptrapd $OPTIONS
|
||||
RETVAL=$?
|
||||
echo
|
||||
touch /var/lock/subsys/snmptrapd
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Stopping $prog: "
|
||||
killproc -p $pidfile /usr/sbin/snmptrapd
|
||||
RETVAL=$?
|
||||
echo
|
||||
rm -f /var/lock/subsys/snmptrapd
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
reload(){
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
restart(){
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
condrestart(){
|
||||
[ -e /var/lock/subsys/snmptrapd ] && restart
|
||||
return 0
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
RETVAL=$?
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
RETVAL=$?
|
||||
;;
|
||||
restart)
|
||||
restart
|
||||
RETVAL=$?
|
||||
;;
|
||||
reload)
|
||||
reload
|
||||
RETVAL=$?
|
||||
;;
|
||||
condrestart|try-restart)
|
||||
condrestart
|
||||
RETVAL=$?
|
||||
;;
|
||||
status)
|
||||
status snmptrapd
|
||||
RETVAL=$?
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
|
||||
RETVAL=2
|
||||
esac
|
||||
|
||||
exit $RETVAL
|
@ -1,3 +0,0 @@
|
||||
# snmptrapd command line options
|
||||
# '-f' is implicitly added by snmptrapd systemd unit file
|
||||
# OPTIONS="-Lsd"
|
@ -1,13 +0,0 @@
|
||||
[Unit]
|
||||
Description=Simple Network Management Protocol (SNMP) Daemon.
|
||||
After=syslog.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
Environment=OPTIONS="-LS0-6d"
|
||||
EnvironmentFile=-/etc/sysconfig/snmpd
|
||||
ExecStart=/usr/sbin/snmpd $OPTIONS -f
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,13 +0,0 @@
|
||||
[Unit]
|
||||
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
|
||||
After=syslog.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
Environment=OPTIONS="-Lsd"
|
||||
EnvironmentFile=-/etc/sysconfig/snmptrapd
|
||||
ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (net-snmp-5.9.4.tar.gz) = a510fa91a21e9ddc86a12fd1d0bc6b356e63f3ea53f184d2e31439004d41d902390664134dc40b3b828eabb4282eaf3da628a07c4d480fa00eff7e700950c423
|
||||
6c974df7a5a5b1579f72115e6b045bda net-snmp-5.4.1.tar.gz
|
||||
|
@ -1,36 +0,0 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1+
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/net-snmp
|
||||
# Description: Test if net-snmp working ok
|
||||
# Author: Susant Sahani<susant@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
export TEST=/CoreOS/net-snmp
|
||||
export TESTVERSION=1.0
|
||||
BUILT_FILES=
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
.PHONY: all install download clean
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Susant Sahani<susant@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Test snmpd" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: net-snmp" >> $(METADATA)
|
||||
@echo "Requires: net=snmp" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -Fedora 28" >> $(METADATA)
|
||||
rhts-lint $(METADATA)
|
@ -1,3 +0,0 @@
|
||||
PURPOSE of /CoreOS/net-snmp
|
||||
Description: tests for net-snmp
|
||||
Author: Susant Sahani<susant@redhat.com>
|
@ -1,175 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
# SPDX-License-Identifier: LGPL-2.1+
|
||||
# ~~~
|
||||
# Description: Tests for snmpd
|
||||
#
|
||||
# Author: Susant Sahani <susant@redhat.com>
|
||||
# Copyright (c) 2018 Red Hat, Inc.
|
||||
# ~~~
|
||||
|
||||
import errno
|
||||
import os
|
||||
import sys
|
||||
import time
|
||||
import unittest
|
||||
import subprocess
|
||||
import signal
|
||||
import shutil
|
||||
import psutil
|
||||
import socket
|
||||
import platform
|
||||
import re
|
||||
from pyroute2 import IPRoute
|
||||
from psutil import virtual_memory
|
||||
from collections import OrderedDict
|
||||
|
||||
HOST='192.168.111.50'
|
||||
|
||||
def setUpModule():
|
||||
"""Initialize the environment, and perform sanity checks on it."""
|
||||
|
||||
if shutil.which('snmpd') is None:
|
||||
raise OSError(errno.ENOENT, 'snmpd not found')
|
||||
|
||||
if shutil.which('snmpwalk') is None:
|
||||
raise OSError(errno.ENOENT, 'snmpwalk not found')
|
||||
|
||||
def tearDownModule():
|
||||
pass
|
||||
|
||||
class GenericUtilities():
|
||||
"""Provide a set of utility functions start stop daemons. write config files etc """
|
||||
|
||||
def StartSnmpd(self):
|
||||
"""Start snmpd"""
|
||||
subprocess.check_output(['systemctl', 'start', 'snmpd'])
|
||||
|
||||
def StopSnmpd(self):
|
||||
"""Stop snmpd"""
|
||||
subprocess.check_output(['systemctl', 'stop', 'snmpd'])
|
||||
|
||||
def SetupVethInterface(self):
|
||||
"""Setup veth interface"""
|
||||
|
||||
ip = IPRoute()
|
||||
|
||||
ip.link('add', ifname='veth-test', peer='veth-peer', kind='veth')
|
||||
idx_veth_test = ip.link_lookup(ifname='veth-test')[0]
|
||||
idx_veth_peer = ip.link_lookup(ifname='veth-peer')[0]
|
||||
|
||||
ip.link('set', index=idx_veth_test, address='12:11:12:13:14:18')
|
||||
ip.link('set', index=idx_veth_peer, address='22:21:22:23:24:29')
|
||||
ip.link('set', index=idx_veth_test, state='up')
|
||||
ip.link('set', index=idx_veth_peer, state='up')
|
||||
ip.addr('add', index=idx_veth_test, address='192.168.111.50')
|
||||
ip.addr('add', index=idx_veth_peer, address='192.168.111.51')
|
||||
|
||||
ip.close()
|
||||
|
||||
def TearDownVethInterface(self):
|
||||
ip = IPRoute()
|
||||
|
||||
ip.link('del', index=ip.link_lookup(ifname='veth-test')[0])
|
||||
ip.close()
|
||||
|
||||
class SnmpdTests(unittest.TestCase, GenericUtilities):
|
||||
|
||||
def setUp(self):
|
||||
self.SetupVethInterface()
|
||||
time.sleep(1)
|
||||
self.StartSnmpd()
|
||||
|
||||
def tearDown(self):
|
||||
self.StopSnmpd()
|
||||
self.TearDownVethInterface()
|
||||
|
||||
def test_UCD_SNMP_MIB_memory(self):
|
||||
''' UCD-SNMP-MIB::memory '''
|
||||
|
||||
subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public', HOST, 'UCD-SNMP-MIB::memory'])
|
||||
|
||||
meminfo=OrderedDict()
|
||||
with open('/proc/meminfo') as f:
|
||||
for line in f:
|
||||
meminfo[line.split(':')[0]] = line.split(':')[1].strip()
|
||||
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public', HOST, 'UCD-SNMP-MIB::memTotalReal.0']).rstrip().decode('utf-8')
|
||||
self.assertRegex(output, meminfo['MemTotal'])
|
||||
|
||||
def test_SNMP_hrSWRunPath(self):
|
||||
""" process id """
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c' , 'public', HOST, 'HOST-RESOURCES-MIB::hrSWRunPath.1']).rstrip().decode('utf-8')
|
||||
self.assertRegex(output, 'systemd')
|
||||
|
||||
def test_SNMP_IF_MIB_network_interface(self):
|
||||
""" verify network interface (1.3.6.1.2.1.2.2.1) SNMP variables """
|
||||
|
||||
ip = IPRoute()
|
||||
|
||||
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1'])
|
||||
|
||||
# 1.3.6.1.2.1.2.2.1.1 IF-MIB::ifIndex
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.1']).rstrip().decode('utf-8')
|
||||
self.assertRegex(output, 'IF-MIB::ifIndex.1 = INTEGER: 1')
|
||||
|
||||
# 1.3.6.1.2.1.2.2.1.1 IF-MIB::ifDescr
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.2']).rstrip().decode('utf-8')
|
||||
for link in ip.get_links():
|
||||
self.assertRegex(output, link.get_attr('IFLA_IFNAME'))
|
||||
|
||||
# IP-MIB::ipAdEntAddr 1.3.6.1.2.1.4.20.1.1
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.4.20.1.1']).rstrip().decode('utf-8')
|
||||
for addr in ip.get_addr():
|
||||
if addr.get_attr('IFA_ADDRESS'):
|
||||
if addr.get_attr('IFA_ADDRESS') != '::1' and addr.get_attr('Ifamily') == 2:
|
||||
self.assertRegex(output, addr.get_attr('IFA_ADDRESS'))
|
||||
|
||||
# IF-MIB::ifPhysAddress. 1.3.6.1.2.1.2.2.1.6
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.2.2.1.6']).rstrip().decode('utf-8')
|
||||
for link in ip.get_links():
|
||||
if link.get_attr('IFLA_ADDRESS') and link.get_attr('IFLA_ADDRESS') != '00:00:00:00:00:00':
|
||||
snmp_mac = re.sub(r'\b0+(\d)', r'\1', link.get_attr('IFLA_ADDRESS')).lstrip('0')
|
||||
self.assertRegex(output, snmp_mac)
|
||||
|
||||
ip.close()
|
||||
|
||||
def test_SNMP_MIB_2_System(self):
|
||||
""" verify RFC 1213 System (1.3.6.1.2.1.1) SNMP variables"""
|
||||
|
||||
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1']).rstrip().decode('utf-8')
|
||||
|
||||
# 1.3.6.1.2.1.1.1 - sysDescr
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.1']).rstrip().decode('utf-8')
|
||||
self.assertRegex(output, platform.machine())
|
||||
self.assertRegex(output, platform.node())
|
||||
self.assertRegex(output, platform.processor())
|
||||
self.assertRegex(output, platform.release())
|
||||
self.assertRegex(output, platform.version())
|
||||
|
||||
# 1.3.6.1.2.1.1.2 - sysObjectID
|
||||
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.2'])
|
||||
|
||||
# 1.3.6.1.2.1.1.3 - sysUpTime
|
||||
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.3'])
|
||||
|
||||
# 1.3.6.1.2.1.1.4 - sysContact
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.4']).rstrip().decode('utf-8')
|
||||
self.assertRegex(output, 'fedora-ci <fedoraci@fedoraproject.org>')
|
||||
|
||||
# 1.3.6.1.2.1.1.5 - sysName
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.5']).rstrip().decode('utf-8')
|
||||
self.assertRegex(output, socket.gethostname())
|
||||
|
||||
# 1.3.6.1.2.1.1.6 - sysLocation
|
||||
output=subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST, '1.3.6.1.2.1.1.6']).rstrip().decode('utf-8')
|
||||
self.assertRegex(output, 'Pune, IN')
|
||||
|
||||
def test_basic_snmpwalk(self):
|
||||
""" verify snmpwalk getting success snmpwalk -v2c -c public localhost """
|
||||
|
||||
subprocess.check_output(['snmpwalk', '-v2c', '-c', 'public', HOST])
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
|
||||
verbosity=3))
|
@ -1,51 +0,0 @@
|
||||
#!/bin/bash
|
||||
# SPDX-License-Identifier: LGPL-2.1+
|
||||
# ~~~
|
||||
# runtest.sh of net-snmp
|
||||
# Description: net-snmp tests
|
||||
#
|
||||
# Author: Susant Sahani <susant@redhat.com>
|
||||
# Copyright (c) 2018 Red Hat, Inc.
|
||||
# ~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE_NET_SNMP="net-snmp"
|
||||
PACKAGE_NET_SNMP_UTILS="net-snmp-utils"
|
||||
|
||||
NET_SNMP_CONF_FILE="/etc/snmp/snmpd.conf"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm $PACKAGE_NET_SNMP
|
||||
rlAssertRpm $PACKAGE_NET_SNMP_UTILS
|
||||
|
||||
rlRun "systemctl stop firewalld" 0,5
|
||||
rlRun "setenforce 0" 0,1
|
||||
|
||||
rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
|
||||
rlRun "cp net-snmp-tests.py /usr/bin/"
|
||||
|
||||
rlFileBackup "$NET_SNMP_CONF_FILE"
|
||||
rlRun "cp snmpd.conf $NET_SNMP_CONF_FILE"
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
rlLog "Starting net-snmp tests ..."
|
||||
rlRun "/usr/bin/python3 /usr/bin/net-snmp-tests.py"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "rm /usr/bin/net-snmp-tests.py $NET_SNMP_CONFIG_FILE"
|
||||
rlRun "systemctl daemon-reload"
|
||||
rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
|
||||
rlFileRestore
|
||||
rlRun "setenforce 1" 0,1
|
||||
rlLog "net-snmp tests done"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
||||
rlGetTestState
|
@ -1,7 +0,0 @@
|
||||
agentAddress udp:192.168.111.50:161
|
||||
|
||||
syslocation Pune, IN
|
||||
syscontact fedora-ci <fedoraci@fedoraproject.org>
|
||||
|
||||
dontLogTCPWrappersConnects yes
|
||||
rocommunity public
|
@ -1,14 +0,0 @@
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
tests:
|
||||
- integration-tests
|
||||
required_packages:
|
||||
- python3
|
||||
- systemd
|
||||
- iproute
|
||||
- python3-pyroute2
|
||||
- net-snmp
|
||||
- net-snmp-utils
|
19
ucd-snmp-4.2.4.pre3-mnttab.patch
Normal file
19
ucd-snmp-4.2.4.pre3-mnttab.patch
Normal file
@ -0,0 +1,19 @@
|
||||
--- ucd-snmp-4.2.4.pre3/configure.mnttab Tue Apr 9 13:56:13 2002
|
||||
+++ ucd-snmp-4.2.4.pre3/configure Tue Apr 9 13:58:14 2002
|
||||
@@ -7148,15 +7148,7 @@
|
||||
if eval "test \"`echo '$''{'ac_cv_ETC_MNTTAB'+set}'`\" = set"; then
|
||||
echo $ac_n "(cached) $ac_c" 1>&6
|
||||
else
|
||||
- ac_cv_ETC_MNTTAB="unknown"
|
||||
-for i in /etc/mnttab /etc/mtab /etc/filesystems
|
||||
- do
|
||||
- if test -f $i; then
|
||||
- ac_cv_ETC_MNTTAB="$i"
|
||||
- break;
|
||||
- fi
|
||||
-done
|
||||
-
|
||||
+ ac_cv_ETC_MNTTAB="/etc/mtab"
|
||||
fi
|
||||
|
||||
echo "$ac_t""$ac_cv_ETC_MNTTAB" 1>&6
|
2
ucd5820stat
Executable file
2
ucd5820stat
Executable file
@ -0,0 +1,2 @@
|
||||
#!/bin/sh -f
|
||||
[ -x /usr/bin/get5820stats ] && /usr/bin/get5820stats $@
|
Loading…
Reference in New Issue
Block a user