smilint output for ./RFC1353-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| severe | 1 |
| error | 2 |
| minor error | 6 |
| warning | 7 |
| Message Types |
|---|
| Type | Count |
|---|
| import-failed (error) | 2 |
| import-unused (warning) | 2 |
| index-element-no-size (minor error) | 6 |
| index-exceeds-too-large (warning) | 4 |
| object-identifier-unknown (severe) | 1 |
| type-without-format (warning) | 1 |
Messages:
RFC1353-MIB
1: -- extracted from rfc1353.txt
2: -- at Mon Nov 15 17:11:58 1999
3:
4: RFC1353-MIB DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7: system, mib, private, internet FROM RFC1155-SMI
7: error -
identifier `system' cannot be imported from module `RFC1155-SMI'
7: error -
identifier `mib' cannot be imported from module `RFC1155-SMI'
7: warning -
warning: identifier `private' imported from module `RFC1155-SMI' is never used
7: warning -
warning: identifier `internet' imported from module `RFC1155-SMI' is never used
8: OBJECT-TYPE FROM RFC-1212;
9:
10: snmpParties OBJECT IDENTIFIER ::= { mib-2 20 }
10: severe -
unknown object identifier label `mib-2'
11: partyAdmin OBJECT IDENTIFIER ::= { snmpParties 1 }
12: partyPublic OBJECT IDENTIFIER ::= { snmpParties 2 }
13:
14: snmpSecrets OBJECT IDENTIFIER ::= { mib-2 21 }
15: partyPrivate OBJECT IDENTIFIER ::= { snmpSecrets 1 }
16: partyAccess OBJECT IDENTIFIER ::= { snmpSecrets 2 }
17: partyViews OBJECT IDENTIFIER ::= { snmpSecrets 3 }
18:
19:
20: -- Textual Conventions
21:
22: -- A textual convention denoting a SNMP party identifier:
23:
24: Party ::= OBJECT IDENTIFIER
25:
26:
27: -- A party's authentication clock - a non-negative integer
28: -- which is incremented as specified/allowed by the party's
29: -- Authentication Protocol.
30: -- For noAuth, a party's authentication clock is unused and
31: -- its value is undefined.
32: -- For md5AuthProtocol, a party's authentication clock is a
33: -- relative clock with 1-second granularity.
34:
35: Clock ::= INTEGER (0..2147483647)
35: warning -
warning: type `Clock' has no format specification
36:
37:
38: -- A textual convention denoting a transport service
39: -- address.
40: -- For rfc1351Domain, a TAddress is 6 octets long,
41: -- the initial 4 octets containing the IP-address in
42: -- network-byte order and the last 2 containing the
43: -- UDP port in network-byte order.
44:
45: TAddress ::= OCTET STRING
46:
47:
48: --- Definitions of Security Protocols
49:
50: partyProtocols
51: OBJECT IDENTIFIER ::= { partyAdmin 1 }
52:
53: noAuth -- The protocol without authentication
54: OBJECT IDENTIFIER ::= { partyProtocols 1 }
55:
56: noPriv -- The protocol without privacy
57: OBJECT IDENTIFIER ::= { partyProtocols 3 }
58:
59: desPrivProtocol -- The DES Privacy Protocol
60: OBJECT IDENTIFIER ::= { partyProtocols 4 }
61:
62: md5AuthProtocol -- The MD5 Authentication Protocol
63: OBJECT IDENTIFIER ::= { partyProtocols 5 }
64:
65:
66: --- definitions of Transport Domains
67:
68: transportDomains
69: OBJECT IDENTIFIER ::= { partyAdmin 2 }
70:
71: rfc1351Domain --- RFC-1351 (SNMP over UDP, using SNMP Parties)
72: OBJECT IDENTIFIER ::= { transportDomains 1 }
73:
74: --- definitions of Proxy Domains
75:
76: proxyDomains
77: OBJECT IDENTIFIER ::= { partyAdmin 3 }
78:
79: noProxy --- Local operation
80: OBJECT IDENTIFIER ::= { proxyDomains 1 }
81:
82:
83: --- Definition of Initial Party Identifiers
84:
85: -- When devices are installed, they need to be configured
86: -- with an initial set of SNMP parties. The configuration
87: -- of SNMP parties requires (among other things) the
88: -- assignment of several OBJECT IDENTIFIERs. Any local
89: -- network administration can obtain the delegated
90: -- authority necessary to assign its own OBJECT
91: -- IDENTIFIERs. However, to provide for those
92: -- administrations who have not obtained the necessary
93: -- authority, this document allocates a branch of the
94: -- naming tree for use with the following conventions.
95:
96: initialPartyId
97: OBJECT IDENTIFIER ::= { partyAdmin 4 }
98:
99: -- Note these are identified as "initial" party identifiers
100: -- since these allow secure SNMP communication to proceed,
101: -- thereby allowing further SNMP parties to be configured
102: -- through use of the SNMP itself.
103:
104: -- The following definitions identify a party identifier,
105: -- and specify the initial values of various object
106: -- instances indexed by that identifier. In addition,
107: -- the initial MIB view and access control parameters
108: -- assigned, by convention, to these parties are identified.
109:
110: -- Party Identifiers for use as initial SNMP parties
111: -- at IP address a.b.c.d
112:
113: -- partyIdentity = { initialPartyId a b c d 1 }
114: -- partyTDomain = { rfc1351Domain }
115: -- partyTAddress = a.b.c.d, 161
116: -- partyProxyFor = { noProxy }
117: -- partyAuthProtocol = { noAuth }
118: -- partyAuthClock = 0
119: -- partySecretsAuthPrivate = ''h (the empty string)
120: -- partyAuthPublic = ''h (the empty string)
121: -- partyAuthLifetime = 0
122: -- partyPrivProtocol = { noPriv }
123: -- partySecretsPrivPrivate = ''h (the empty string)
124: -- partyPrivPublic = ''h (the empty string)
125:
126: -- partyIdentity = { initialPartyId a b c d 2 }
127: -- partyTDomain = { rfc1351Domain }
128: -- partyTAddress = assigned by local administration
129: -- partyProxyFor = { noProxy }
130: -- partyAuthProtocol = { noAuth }
131: -- partyAuthClock = 0
132: -- partySecretsAuthPrivate = ''h (the empty string)
133: -- partyAuthPublic = ''h (the empty string)
134: -- partyAuthLifetime = 0
135: -- partyPrivProtocol = { noPriv }
136: -- partySecretsPrivPrivate = ''h (the empty string)
137: -- partyPrivPublic = ''h (the empty string)
138:
139: -- partyIdentity = { initialPartyId a b c d 3 }
140: -- partyTDomain = { rfc1351Domain }
141: -- partyTAddress = a.b.c.d, 161
142: -- partyProxyFor = { noProxy }
143: -- partyAuthProtocol = { md5AuthProtocol }
144: -- partyAuthClock = 0
145: -- partySecretsAuthPrivate = assigned by local administration
146: -- partyAuthPublic = ''h (the empty string)
147: -- partyAuthLifetime = 300
148: -- partyPrivProtocol = { noPriv }
149: -- partySecretsPrivPrivate = ''h (the empty string)
150: -- partyPrivPublic = ''h (the empty string)
151:
152: -- partyIdentity = { initialPartyId a b c d 4 }
153: -- partyTDomain = { rfc1351Domain }
154: -- partyTAddress = assigned by local administration
155: -- partyProxyFor = { noProxy }
156: -- partyAuthProtocol = { md5AuthProtocol }
157: -- partyAuthClock = 0
158: -- partySecretsAuthPrivate = assigned by local administration
159: -- partyAuthPublic = ''h (the empty string)
160: -- partyAuthLifetime = 300
161: -- partyPrivProtocol = { noPriv }
162: -- partySecretsPrivPrivate = ''h (the empty string)
163: -- partyPrivPublic = ''h (the empty string)
164:
165: -- partyIdentity = { initialPartyId a b c d 5 }
166: -- partyTDomain = { rfc1351Domain }
167: -- partyTAddress = a.b.c.d, 161
168: -- partyProxyFor = { noProxy }
169: -- partyAuthProtocol = { md5AuthProtocol }
170: -- partyAuthClock = 0
171: -- partySecretsAuthPrivate = assigned by local administration
172: -- partyAuthPublic = ''h (the empty string)
173: -- partyAuthLifetime = 300
174: -- partyPrivProtocol = { desPrivProtocol }
175: -- partySecretsPrivPrivate = assigned by local administration
176: -- partyPrivPublic = ''h (the empty string)
177:
178: -- partyIdentity = { initialPartyId a b c d 6 }
179: -- partyTDomain = { rfc1351Domain }
180: -- partyTAddress = assigned by local administration
181: -- partyProxyFor = { noProxy }
182: -- partyAuthProtocol = { md5AuthProtocol }
183: -- partyAuthClock = 0
184: -- partySecretsAuthPrivate = assigned by local administration
185: -- partyAuthPublic = ''h (the empty string)
186: -- partyAuthLifetime = 300
187: -- partyPrivProtocol = { desPrivProtocol }
188: -- partySecretsPrivPrivate = assigned by local administration
189: -- partyPrivPublic = ''h (the empty string)
190:
191:
192: -- The initial access control parameters assigned, by
193: -- convention, to these parties are:
194:
195: -- aclTarget = { initialPartyId a b c d 1 }
196: -- aclSubject = { initialPartyId a b c d 2 }
197: -- aclPrivileges = 3 (Get & Get-Next)
198:
199: -- aclTarget = { initialPartyId a b c d 2 }
200: -- aclSubject = { initialPartyId a b c d 1 }
201: -- aclPrivileges = 20 (GetResponse & Trap)
202:
203: -- aclTarget = { initialPartyId a b c d 3 }
204: -- aclSubject = { initialPartyId a b c d 4 }
205: -- aclPrivileges = 11 (Get, Get-Next & Set)
206:
207: -- aclTarget = { initialPartyId a b c d 4 }
208: -- aclSubject = { initialPartyId a b c d 3 }
209: -- aclPrivileges = 20 (GetResponse & Trap)
210:
211: -- aclTarget = { initialPartyId a b c d 5 }
212: -- aclSubject = { initialPartyId a b c d 6 }
213: -- aclPrivileges = 11 (Get, Get-Next & Set)
214:
215: -- aclTarget = { initialPartyId a b c d 6 }
216: -- aclSubject = { initialPartyId a b c d 5 }
217: -- aclPrivileges = 20 (GetResponse & Trap)
218: -- The initial MIB views assigned, by convention, to
219: -- these parties are:
220:
221: -- viewParty = { initialPartyId a b c d 1 }
222: -- viewSubtree = { system }
223: -- viewStatus = { included }
224: -- viewMask = { ''h }
225:
226: -- viewParty = { initialPartyId a b c d 1 }
227: -- viewSubtree = { snmpParties }
228: -- viewStatus = { included }
229: -- viewMask = { ''h }
230:
231: -- viewParty = { initialPartyId a b c d 3 }
232: -- viewSubtree = { internet }
233: -- viewStatus = { included }
234: -- viewMask = { ''h }
235:
236: -- viewParty = { initialPartyId a b c d 3 }
237: -- viewSubtree = { partyPrivate }
238: -- viewStatus = { excluded }
239: -- viewMask = { ''h }
240:
241: -- viewParty = { initialPartyId a b c d 5 }
242: -- viewSubtree = { internet }
243: -- viewStatus = { included }
244: -- viewMask = { ''h }
245:
246:
247: -- The SNMP Party Public Database Group
248: --
249: -- The non-secret party information.
250: --
251: -- Implementation of the objects in this group is mandatory.
252:
253: partyTable OBJECT-TYPE
254: SYNTAX SEQUENCE OF PartyEntry
255: ACCESS not-accessible
256: STATUS mandatory
257: DESCRIPTION
258: "The SNMP Party Public database.
259:
260: An agent must ensure that there is, at all times,
261: a one-to-one correspondence between entries in
262: this table and entries in the partySecretsTable.
263:
264: The creation/deletion of instances in this table
265: via SNMP Set-Requests is not allowed. Instead,
266: entries in this table are created/deleted as a
267: side-effect of the creation/deletion of
268: corresponding entries in the partySecretsTable.
269:
270: Thus, a SNMP Set-Request whose varbinds contain a
271: reference to a non-existent instance of a
272: partyTable object, but no reference to the
273: corresponding instance of a partySecretsTable
274: object, will be rejected."
275: ::= { partyPublic 1 }
276:
277: partyEntry OBJECT-TYPE
277: warning -
warning: index of row `partyEntry' can exceed OID size limit by 7 subidentifier(s)
278: SYNTAX PartyEntry
279: ACCESS not-accessible
280: STATUS mandatory
281: DESCRIPTION
282: "Locally held non-secret information about a
283: particular SNMP party, which is available for
284: access by network management. Note that this does
285: not include all locally held information about a
286: party. In particular, it does not include the
287: 'last-timestamp' (i.e., the timestamp of the last
288: authentic message received) or the 'nonce'
289: values."
290: INDEX { partyIdentity }
291: ::= { partyTable 1 }
292:
293: PartyEntry ::=
294: SEQUENCE {
295: partyIdentity
296: Party,
297: partyTDomain
298: OBJECT IDENTIFIER,
299: partyTAddress
300: TAddress,
301: partyProxyFor
302: Party,
303: partyAuthProtocol
304: OBJECT IDENTIFIER,
305: partyAuthClock
306: Clock,
307: partyAuthPublic
308: OCTET STRING,
309: partyAuthLifetime
310: INTEGER,
311: partyPrivProtocol
312: OBJECT IDENTIFIER,
313: partyPrivPublic
314: OCTET STRING,
315: partyMaxMessageSize
316: INTEGER,
317: partyStatus
318: INTEGER
319: }
320:
321: partyIdentity OBJECT-TYPE
321: minor error -
index element `partyIdentity' of row `partyEntry' should but cannot have a size restriction
322: SYNTAX Party
323: ACCESS read-write
324: STATUS mandatory
325: DESCRIPTION
326: "A party identifier uniquely identifying a
327: particular SNMP party."
328: ::= { partyEntry 1 }
329:
330: partyTDomain OBJECT-TYPE
331: SYNTAX OBJECT IDENTIFIER
332: ACCESS read-write
333: STATUS mandatory
334: DESCRIPTION
335: "Indicates the kind of transport service by which
336: the party receives network management traffic. An
337: example of a transport domain is 'rfc1351Domain'
338: (SNMP over UDP)."
339: DEFVAL { rfc1351Domain }
340: ::= { partyEntry 2 }
341:
342: partyTAddress OBJECT-TYPE
343: SYNTAX TAddress
344: ACCESS read-write
345: STATUS mandatory
346: DESCRIPTION
347: "The transport service address by which the party
348: receives network management traffic, formatted
349: according to the corresponding value of
350: partyTDomain. For rfc1351Domain, partyTAddress is
351: formatted as a 4-octet IP Address concatenated
352: with a 2-octet UDP port number."
353: DEFVAL { '000000000000'h }
354: ::= { partyEntry 3 }
355:
356: partyProxyFor OBJECT-TYPE
357: SYNTAX Party
358: ACCESS read-write
359: STATUS mandatory
360: DESCRIPTION
361: "The identity of a second SNMP party or other
362: management entity with which interaction may be
363: necessary to satisfy received management requests.
364: In this context, the distinguished value { noProxy
365: } signifies that the party responds to received
366: management requests by entirely local mechanisms."
367: DEFVAL { noProxy }
368: ::= { partyEntry 4 }
369:
370: partyAuthProtocol OBJECT-TYPE
371: SYNTAX OBJECT IDENTIFIER
372: ACCESS read-write
373: STATUS mandatory
374: DESCRIPTION
375: "The authentication protocol by which all messages
376: generated by the party are authenticated as to
377: origin and integrity. In this context, the value
378: { noAuth } signifies that messages generated by
379: the party are not authenticated."
380: DEFVAL { md5AuthProtocol }
381: ::= { partyEntry 5 }
382:
383: partyAuthClock OBJECT-TYPE
384: SYNTAX Clock
385: ACCESS read-write
386: STATUS mandatory
387: DESCRIPTION
388: "The authentication clock which represents the
389: local notion of the current time specific to the
390: party. This value must not be decremented unless
391: the party's secret information is changed
392: simultaneously, at which time the party's nonce
393: and last-timestamp values must also be reset to
394: zero, and the new value of the clock,
395: respectively."
396: DEFVAL { 0 }
397: ::= { partyEntry 6 }
398:
399: partyAuthPublic OBJECT-TYPE
400: SYNTAX OCTET STRING -- for md5AuthProtocol: (SIZE (0..16))
401: ACCESS read-write
402: STATUS mandatory
403: DESCRIPTION
404: "A publically-readable value for the party.
405:
406: Depending on the party's authentication protocol,
407: this value may be needed to support the party's
408: authentication protocol. Alternatively, it may be
409: used by a manager during the procedure for
410: altering secret information about a party. (For
411: example, by altering the value of an instance of
412: this object in the same SNMP Set-Request used to
413: update an instance of partyAuthPrivate, a
414: subsequent Get-Request can determine if the Set-
415: Request was successful in the event that no
416: response to the Set-Request is received, see RFC
417: 1352.)
418:
419: The length of the value is dependent on the
420: party's authentication protocol. If not used by
421: the authentication protocol, it is recommended
422: that agents support values of any length up to and
423: including the length of the corresponding
424: partyAuthPrivate object."
425: DEFVAL { ''h } -- the empty string
426: ::= { partyEntry 7 }
427:
428: partyAuthLifetime OBJECT-TYPE
429: SYNTAX INTEGER (0..2147483647)
430: ACCESS read-write
431: STATUS mandatory
432: DESCRIPTION
433: "The lifetime (in units of seconds) which
434: represents an administrative upper bound on
435: acceptable delivery delay for protocol messages
436: generated by the party."
437: DEFVAL { 300 }
438: ::= { partyEntry 8 }
439:
440: partyPrivProtocol OBJECT-TYPE
441: SYNTAX OBJECT IDENTIFIER
442: ACCESS read-write
443: STATUS mandatory
444: DESCRIPTION
445: "The privacy protocol by which all protocol
446: messages received by the party are protected from
447: disclosure. In this context, the value { noPriv }
448: signifies that messages received by the party are
449: not protected."
450: DEFVAL { noPriv }
451: ::= { partyEntry 9 }
452:
453: partyPrivPublic OBJECT-TYPE
454: SYNTAX OCTET STRING -- for desPrivProtocol: (SIZE (0..16))
455: ACCESS read-write
456: STATUS mandatory
457: DESCRIPTION
458: "A publically-readable value for the party.
459:
460: Depending on the party's privacy protocol, this
461: value may be needed to support the party's privacy
462: protocol. Alternatively, it may be used by a
463: manager as a part of its procedure for altering
464: secret information about a party. (For example,
465: by altering the value of an instance of this
466: object in the same SNMP Set-Request used to update
467: an instance of partyPrivPrivate, a subsequent
468: Get-Request can determine if the Set-Request was
469: successful in the event that no response to the
470: Set-Request is received, see RFC 1352.)
471:
472: The length of the value is dependent on the
473: party's privacy protocol. If not used by the
474: privacy protocol, it is recommended that agents
475: support values of any length up to and including
476: the length of the corresponding partyPrivPrivate
477: object."
478: DEFVAL { ''h } -- the empty string
479: ::= { partyEntry 10 }
480:
481: partyMaxMessageSize OBJECT-TYPE
482: SYNTAX INTEGER (484..65507)
483: ACCESS read-write
484: STATUS mandatory
485: DESCRIPTION
486: "The maximum length in octets of a SNMP message
487: which this party will accept. For parties which
488: execute at an agent, the agent initializes this
489: object to the maximum length supported by the
490: agent, and does not let the object be set to any
491: larger value. For parties which do not execute at
492: the agent, the agent must allow the manager to set
493: this object to any legal value, even if it is
494: larger than the agent can generate."
495: DEFVAL { 484 }
496: ::= { partyEntry 11 }
497:
498: partyStatus OBJECT-TYPE
499: SYNTAX INTEGER { valid(1), invalid(2) }
500: ACCESS read-only
501: STATUS mandatory
502: DESCRIPTION
503: "The status of the locally-held information on a
504: particular SNMP party.
505: The instance of this object for a particular party
506: and the instance of partySecretsStatus for the
507: same party always have the same value.
508:
509: This object will typically provide unrestricted
510: read-only access to the status of parties. In
511: contrast, partySecretsStatus will typically
512: provide restricted read-write access to the status
513: of parties."
514: ::= { partyEntry 12 }
515:
516:
517: -- The SNMP Party Secrets Database Group
518:
519: -- The secret party information
520: --
521: -- Implementation of the objects in this group is mandatory.
522:
523: partySecretsTable OBJECT-TYPE
524: SYNTAX SEQUENCE OF PartySecretsEntry
525: ACCESS not-accessible
526: STATUS mandatory
527: DESCRIPTION
528: "The SNMP Party Secrets database."
529: ::= { partyPrivate 1 }
530:
531: partySecretsEntry OBJECT-TYPE
531: warning -
warning: index of row `partySecretsEntry' can exceed OID size limit by 7 subidentifier(s)
532: SYNTAX PartySecretsEntry
533: ACCESS not-accessible
534: STATUS mandatory
535: DESCRIPTION
536: "Locally held secret information about a
537: particular SNMP party, which is available for
538: access by network management.
539:
540: When a SNMP Set-Request is used to update the
541: values of instances of objects in this table, it
542: is recommended that the same SNMP Set-Request also
543: alter the value of a non-secret object instance
544: (e.g., an instance of partyAuthPublic or
545: partyPrivPublic). This allows a Get-Request of
546: that non-secret object instance to determine if
547: the Set-Request was successful in the event that
548: no response which matches the Set-Request is
549: received, see RFC 1352."
550: INDEX { partySecretsIdentity }
551: ::= { partySecretsTable 1 }
552:
553: PartySecretsEntry ::=
554: SEQUENCE {
555: partySecretsIdentity
556: Party,
557: partySecretsAuthPrivate
558: OCTET STRING,
559: partySecretsPrivPrivate
560: OCTET STRING,
561: partySecretsStatus
562: INTEGER
563: }
564:
565: partySecretsIdentity OBJECT-TYPE
565: minor error -
index element `partySecretsIdentity' of row `partySecretsEntry' should but cannot have a size restriction
566: SYNTAX Party
567: ACCESS read-write
568: STATUS mandatory
569: DESCRIPTION
570: "A party identifier uniquely identifying a
571: particular SNMP party."
572: ::= { partySecretsEntry 1 }
573:
574: partySecretsAuthPrivate OBJECT-TYPE
575: SYNTAX OCTET STRING -- for md5AuthProtocol: (SIZE (16))
576: ACCESS read-write
577: STATUS mandatory
578: DESCRIPTION
579: "An encoding of the party's private authentication
580: key which may be needed to support the
581: authentication protocol. Although the value of
582: this variable may be altered by a management
583: operation (e.g., a SNMP Set-Request), its value
584: can never be retrieved by a management operation:
585: when read, the value of this variable is the zero
586: length OCTET STRING.
587:
588: The private authentication key is NOT directly
589: represented by the value of this variable, but
590: rather it is represented according to an encoding.
591: This encoding is the bitwise exclusive-OR of the
592: old key with the new key, i.e., of the old private
593: authentication key (prior to the alteration) with
594: the new private authentication key (after the
595: alteration). Thus, when processing a received
596: protocol Set operation, the new private
597: authentication key is obtained from the value of
598: this variable as the result of a bitwise
599: exclusive-OR of the variable's value and the old
600: private authentication key. In calculating the
601: exclusive-OR, if the old key is shorter than the
602: new key, zero-valued padding is appended to the
603: old key. If no value for the old key exists, a
604: zero-length OCTET STRING is used in the
605: calculation."
606: DEFVAL { ''h } -- the empty string
607: ::= { partySecretsEntry 2 }
608:
609: partySecretsPrivPrivate OBJECT-TYPE
610: SYNTAX OCTET STRING -- for desPrivProtocol: (SIZE (16))
611: ACCESS read-write
612: STATUS mandatory
613: DESCRIPTION
614: "An encoding of the party's private encryption key
615: which may be needed to support the privacy
616: protocol. Although the value of this variable may
617: be altered by a management operation (e.g., a SNMP
618: Set-Request), its value can never be retrieved by
619: a management operation: when read, the value of
620: this variable is the zero length OCTET STRING.
621:
622: The private encryption key is NOT directly
623: represented by the value of this variable, but
624: rather it is represented according to an encoding.
625: This encoding is the bitwise exclusive-OR of the
626: old key with the new key, i.e., of the old private
627: encryption key (prior to the alteration) with the
628: new private encryption key (after the alteration).
629: Thus, when processing a received protocol Set
630: operation, the new private encryption key is
631: obtained from the value of this variable as the
632: result of a bitwise exclusive-OR of the variable's
633: value and the old private encryption key. In
634: calculating the exclusive-OR, if the old key is
635: shorter than the new key, zero-valued padding is
636: appended to the old key. If no value for the old
637: key exists, a zero-length OCTET STRING is used in
638: the calculation."
639: DEFVAL { ''h } -- the empty string
640: ::= { partySecretsEntry 3 }
641:
642: partySecretsStatus OBJECT-TYPE
643: SYNTAX INTEGER { valid(1), invalid(2) }
644: ACCESS read-write
645: STATUS mandatory
646: DESCRIPTION
647: "The status of the locally-held information on a
648: particular SNMP party.
649: Setting an instance of this object to the value
650: 'valid(1)' has the effect of ensuring that valid
651: local knowledge exists for the corresponding
652: party. For valid local knowledge to exist, there
653: must be corresponding instances of each object in
654: this table and in the partyTable. Thus, the
655: creation of instances in the partyTable (but not
656: in the aclTable or viewTable) occurs as a direct
657: result of the creation of instances in this table.
658:
659: Setting an instance of this object to the value
660: 'invalid(2)' has the effect of invalidating all
661: local knowledge of the corresponding party,
662: including the invalidating of any/all entries in
663: the partyTable, the partySecretsTable, the
664: aclTable, and the viewTable which reference said
665: party.
666:
667: It is an implementation-specific matter as to
668: whether the agent removes an invalidated entry
669: from the table. Accordingly, management stations
670: must be prepared to receive from agents tabular
671: information corresponding to entries not currently
672: in use. Proper interpretation of such entries
673: requires examination of the relevant
674: partySecretsStatus object."
675: DEFVAL { valid }
676: ::= { partySecretsEntry 4 }
677:
678:
679: -- The SNMP Access Privileges Database Group
680:
681: -- This group of objects allows the SNMP itself to be used to
682: -- configure new SNMP parties, or to manipulate the access
683: -- privileges of existing parties.
684: --
685: -- Implementation of the objects in this group is mandatory.
686:
687:
688: aclTable OBJECT-TYPE
689: SYNTAX SEQUENCE OF AclEntry
690: ACCESS not-accessible
691: STATUS mandatory
692: DESCRIPTION
693: "The access privileges database."
694: ::= { partyAccess 1 }
695: aclEntry OBJECT-TYPE
695: warning -
warning: index of row `aclEntry' can exceed OID size limit by 136 subidentifier(s)
696: SYNTAX AclEntry
697: ACCESS not-accessible
698: STATUS mandatory
699: DESCRIPTION
700: "The access privileges for a particular requesting
701: SNMP party in accessing a particular target SNMP
702: party."
703: INDEX { aclTarget, aclSubject }
704: ::= { aclTable 1 }
705:
706: AclEntry ::=
707: SEQUENCE {
708: aclTarget
709: Party,
710: aclSubject
711: Party,
712: aclPrivileges
713: INTEGER,
714: aclStatus
715: INTEGER
716: }
717:
718: aclTarget OBJECT-TYPE
718: minor error -
index element `aclTarget' of row `aclEntry' should but cannot have a size restriction
719: SYNTAX Party
720: ACCESS read-write
721: STATUS mandatory
722: DESCRIPTION
723: "The target SNMP party whose performance of
724: management operations is constrained by this set
725: of access privileges."
726: ::= { aclEntry 1 }
727:
728: aclSubject OBJECT-TYPE
728: minor error -
index element `aclSubject' of row `aclEntry' should but cannot have a size restriction
729: SYNTAX Party
730: ACCESS read-write
731: STATUS mandatory
732: DESCRIPTION
733: "The subject SNMP party whose requests for
734: management operations to be performed is
735: constrained by this set of access privileges."
736: ::= { aclEntry 2 }
737:
738: aclPrivileges OBJECT-TYPE
739: SYNTAX INTEGER (0..31)
740: ACCESS read-write
741: STATUS mandatory
742: DESCRIPTION
743: "The access privileges which govern what
744: management operations a particular target party
745: may perform when requested by a particular subject
746: party. These privileges are specified as a sum of
747: values, where each value specifies a SNMP PDU type
748: by which the subject party may request a permitted
749: operation. The value for a particular PDU type is
750: computed as 2 raised to the value of the ASN.1
751: context-specific tag for the appropriate SNMP PDU
752: type. The values (for the tags defined in RFC
753: 1157) are defined in RFC 1351 as:
754:
755: Get : 1
756: GetNext : 2
757: GetResponse : 4
758: Set : 8
759: Trap : 16
760:
761: The null set is represented by the value zero."
762: DEFVAL { 3 } -- Get & Get-Next
763: ::= { aclEntry 3 }
764:
765: aclStatus OBJECT-TYPE
766: SYNTAX INTEGER { valid(1), invalid(2) }
767: ACCESS read-write
768: STATUS mandatory
769: DESCRIPTION
770: "The status of the access privileges for a
771: particular requesting SNMP party in accessing a
772: particular target SNMP party. Setting an instance
773: of this object to the value 'invalid(2)' has the
774: effect of invalidating the corresponding access
775: privileges.
776:
777: It is an implementation-specific matter as to
778: whether the agent removes an invalidated entry
779: from the table. Accordingly, management stations
780: must be prepared to receive from agents tabular
781: information corresponding to entries not currently
782: in use. Proper interpretation of such entries
783: requires examination of the relevant aclStatus
784: object."
785: DEFVAL { valid }
786: ::= { aclEntry 4 }
787:
788: -- The MIB View Database Group
789:
790: -- This group of objects allows the SNMP itself to be used to
791: -- configure new SNMP parties, or to manipulate the MIB
792: -- MIB views of existing parties.
793: --
794: -- Implementation of the objects in this group is mandatory.
795:
796:
797: viewTable OBJECT-TYPE
798: SYNTAX SEQUENCE OF ViewEntry
799: ACCESS not-accessible
800: STATUS mandatory
801: DESCRIPTION
802: "The table contained in the local database which
803: defines local MIB views. Each SNMP party has a
804: single MIB view which is defined by two
805: collections of view subtrees: the included view
806: subtrees, and the excluded view subtrees. Every
807: such subtree, both included and excluded, is
808: defined in this table.
809:
810: To determine if a particular object instance is in
811: a particular SNMP party's MIB view, compare the
812: object instance's Object Identifier with each
813: entry (for this party) in this table. If none
814: match, then the object instance is not in the MIB
815: view. If one or more match, then the object
816: instance is included in, or excluded from, the MIB
817: view according to the value of viewStatus in the
818: entry whose value of viewSubtree has the most
819: sub-identifiers. If multiple entries match and
820: have the same number of sub-identifiers, then the
821: lexicographically greatest instance of viewStatus
822: determines the inclusion or exclusion.
823:
824: An object instance's Object Identifier X matches
825: an entry in this table when the number of sub-
826: identifiers in X is at least as many as in the
827: value of viewSubtree for the entry, and each sub-
828: identifier in the value of viewSubtree matches its
829: corresponding sub-identifier in X. Two sub-
830: identifiers match either if the corresponding bit
831: of viewMask is zero (the 'wild card' value), or if
832: they are equal.
833:
834: Due to this 'wild card' capability, we introduce
835: the term, a 'family' of view subtrees, to refer to
836: the set of subtrees defined by a particular
837: combination of values of viewSubtree and viewMask.
838: In the case where no 'wild card' is defined in
839: viewMask, the family of view subtrees reduces to a
840: single view subtree."
841: ::= { partyViews 1 }
842:
843: viewEntry OBJECT-TYPE
843: warning -
warning: index of row `viewEntry' can exceed OID size limit by 136 subidentifier(s)
844: SYNTAX ViewEntry
845: ACCESS not-accessible
846: STATUS mandatory
847: DESCRIPTION
848: "Information on a particular family of view
849: subtrees included in or excluded from a particular
850: SNMP party's MIB view."
851: INDEX { viewParty, viewSubtree }
852: ::= { viewTable 1 }
853:
854: ViewEntry ::=
855: SEQUENCE {
856: viewParty
857: Party,
858: viewSubtree
859: OBJECT IDENTIFIER,
860: viewStatus
861: INTEGER,
862: viewMask
863: OCTET STRING
864: }
865:
866: viewParty OBJECT-TYPE
866: minor error -
index element `viewParty' of row `viewEntry' should but cannot have a size restriction
867: SYNTAX Party
868: ACCESS read-write
869: STATUS mandatory
870: DESCRIPTION
871: "The SNMP party whose single MIB view includes or
872: excludes a particular family of view subtrees."
873: ::= { viewEntry 1 }
874:
875: viewSubtree OBJECT-TYPE
875: minor error -
index element `viewSubtree' of row `viewEntry' should but cannot have a size restriction
876: SYNTAX OBJECT IDENTIFIER
877: ACCESS read-write
878: STATUS mandatory
879: DESCRIPTION
880: "The view subtree which, in combination with the
881: corresponding instance of viewMask, defines a
882: family of view subtrees. This family is included
883: in, or excluded from the particular SNMP party's
884: MIB view, according to the value of the
885: corresponding instance of viewStatus."
886: ::= { viewEntry 2 }
887:
888: viewStatus OBJECT-TYPE
889: SYNTAX INTEGER {
890: included(1),
891: excluded(2),
892: invalid(3)
893: }
894: ACCESS read-write
895: STATUS mandatory
896: DESCRIPTION
897: "The status of a particular family of view
898: subtrees within the particular SNMP party's MIB
899: view. The value 'included(1)' indicates that the
900: corresponding instances of viewSubtree and
901: viewMask define a family of view subtrees included
902: in the MIB view. The value 'excluded(2)'
903: indicates that the corresponding instances of
904: viewSubtree and viewMask define a family of view
905: subtrees excluded from the MIB view.
906:
907: Setting an instance of this object to the value
908: 'invalid(3)' has the effect of invalidating the
909: presence or absence of the corresponding family of
910: view subtrees in the corresponding SNMP party's
911: MIB view.
912:
913: It is an implementation-specific matter as to
914: whether the agent removes an invalidated entry
915: from the table. Accordingly, management stations
916: must be prepared to receive from agents tabular
917: information corresponding to entries not currently
918: in use. Proper interpretation of such entries
919: requires examination of the relevant viewStatus
920: object."
921: DEFVAL { included }
922: ::= { viewEntry 3 }
923:
924: viewMask OBJECT-TYPE
925: SYNTAX OCTET STRING (SIZE (0..16))
926: ACCESS read-write
927: STATUS mandatory
928: DESCRIPTION
929: "The bit mask which, in combination with the
930: corresponding instance of viewSubtree, defines a
931: family of view subtrees.
932: Each bit of this bit mask corresponds to a sub-
933: identifier of viewSubtree, with the most
934: significant bit of the i-th octet of this octet
935: string value (extended if necessary, see below)
936: corresponding to the (8*i - 7)-th sub-identifier,
937: and the least significant bit of the i-th octet of
938: this octet string corresponding to the (8*i)-th
939: sub-identifier, where i is in the range 1 through
940: 16.
941:
942: Each bit of this bit mask specifies whether or not
943: the corresponding sub-identifiers must match when
944: determining if an Object Identifier is in this
945: family of view subtrees; a '1' indicates that an
946: exact match must occur; a '0' indicates 'wild
947: card', i.e., any sub-identifier value matches.
948:
949: Thus, the Object Identifier X of an object
950: instance is contained in a family of view subtrees
951: if the following criteria are met:
952:
953: for each sub-identifier of the value of
954: viewSubtree, either:
955:
956: the i-th bit of viewMask is 0, or
957:
958: the i-th sub-identifier of X is equal to
959: the i-th sub-identifier of the value of
960: viewSubtree.
961:
962: If the value of this bit mask is M bits long and
963: there are more than M sub-identifiers in the
964: corresponding instance of viewSubtree, then the
965: bit mask is extended with 1's to be the required
966: length.
967:
968: Note that when the value of this object is the
969: zero-length string, this extension rule results in
970: a mask of all-1's being used (i.e., no 'wild
971: card'), and the family of view subtrees is the one
972: view subtree uniquely identified by the
973: corresponding instance of viewSubtree."
974: DEFVAL { ''h }
975: ::= { viewEntry 4 }
976:
977:
978: END