From owner-freebsd-bugs@FreeBSD.ORG  Fri Jan  4 16:20:00 2013
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id AAF884B7
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Fri,  4 Jan 2013 16:20:00 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 9275DBFA
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Fri,  4 Jan 2013 16:20:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id r04GK0IQ036748
 for <freebsd-bugs@freefall.freebsd.org>; Fri, 4 Jan 2013 16:20:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.5/8.14.5/Submit) id r04GK0GM036747;
 Fri, 4 Jan 2013 16:20:00 GMT (envelope-from gnats)
Resent-Date: Fri, 4 Jan 2013 16:20:00 GMT
Resent-Message-Id: <201301041620.r04GK0GM036747@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 Paul Guyot <pguyot@kallisys.net>
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 23A30416
 for <freebsd-gnats-submit@FreeBSD.org>; Fri,  4 Jan 2013 16:12:09 +0000 (UTC)
 (envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
 by mx1.freebsd.org (Postfix) with ESMTP id 161FEB4B
 for <freebsd-gnats-submit@FreeBSD.org>; Fri,  4 Jan 2013 16:12:09 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
 by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r04GC8ou047460
 for <freebsd-gnats-submit@FreeBSD.org>; Fri, 4 Jan 2013 16:12:08 GMT
 (envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
 by red.freebsd.org (8.14.5/8.14.5/Submit) id r04GC8Qd047459;
 Fri, 4 Jan 2013 16:12:08 GMT (envelope-from nobody)
Message-Id: <201301041612.r04GC8Qd047459@red.freebsd.org>
Date: Fri, 4 Jan 2013 16:12:08 GMT
From: Paul Guyot <pguyot@kallisys.net>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: bin/174974: bsnmpd SNMPv3 engine discovery is broken
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2013 16:20:00 -0000


>Number:         174974
>Category:       bin
>Synopsis:       bsnmpd SNMPv3 engine discovery is broken
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 04 16:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Paul Guyot
>Release:        9.1
>Organization:
Semiocast
>Environment:
FreeBSD serenae.semiocast.net 9.1-RELEASE FreeBSD 9.1-RELEASE #1 r244484M: Thu Dec 20 12:17:24 UTC 2012     root@serenae.semiocast.net:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
bsnmpd apparently does not properly reply to discovery packets.

According to RFC3414 § 4, response to discovery packets should be of REPORT type. Instead, bsnmpd replies with packets of RESPONSE type. As a result, bsnmpd does not work with clients that require a Report PDU (or, more precisely, that validate that Response PDUs match the EngineID of the Request).

bsnmp* clients accept both types of responses and is therefore unaffected.
>How-To-Repeat:
Install net-snmp from ports.
Configure bsnmpd with SNMPv3 authentication.
Try to connect with net-snmp to the bsnmpd server.
>Fix:
Attached patch fixes the problem by using the SNMP_MSG_AUTODISCOVER internal flag of bsnmp. Patch is designed as the minimum change to fix the issue. However, bsnmp implementation obviously does not match the layout of the RFC.

Also, compiling bsnmp with clang reveals several bad issues which should be fixed...

Patch attached with submission follows:

Index: contrib/bsnmp/lib/snmpagent.c
===================================================================
--- contrib/bsnmp/lib/snmpagent.c	(revision 245044)
+++ contrib/bsnmp/lib/snmpagent.c	(working copy)
@@ -171,7 +171,11 @@
 	memset(resp, 0, sizeof(*resp));
 	strcpy(resp->community, pdu->community);
 	resp->version = pdu->version;
-	resp->type = SNMP_PDU_RESPONSE;
+	if (pdu->flags & SNMP_MSG_AUTODISCOVER) {
+		resp->type = SNMP_PDU_REPORT; /* RFC 3414.4 */
+	} else {
+		resp->type = SNMP_PDU_RESPONSE;
+	}
 	resp->request_id = pdu->request_id;
 	resp->version = pdu->version;
 
Index: contrib/bsnmp/snmpd/main.c
===================================================================
--- contrib/bsnmp/snmpd/main.c	(revision 245044)
+++ contrib/bsnmp/snmpd/main.c	(working copy)
@@ -627,6 +627,7 @@
 		} else
 			community = comm->value;
 	} else if (pdu->nbindings == 0) {
+		pdu->flags |= SNMP_MSG_AUTODISCOVER;
 		/* RFC 3414 - snmpEngineID Discovery */
 		if (strlen(pdu->user.sec_name) == 0) {
 			asn_append_oid(&(pdu->bindings[pdu->nbindings++].var),


>Release-Note:
>Audit-Trail:
>Unformatted: