net-snmp-coders

Re: read_objid() capability to interpret strings

[Wes H. <wjh...@uc...>]

>>>>> On Wed, 22 Nov 2000 15:22:29 -0800, "David T. Perkins" <dpe...@ds...> said:

David> It seems like the problem can be solved in two ways, which are:
David> 1) the user has to specify the length (if needed). For example,
David> if a length is needed, the user must specify .3."foo" instead
David> of just ."foo".
David> 2) a new symbol can be specified to indicate that a length
David> needs to prefix the OIDfied string. For example, for
David> a length to be inserted, how about the following: .+."foo".

3) what we're doing now:

   .'foo' = f.o.o
   ."foo" = 3.f.o.o

-- 
Wes Hardaker
Please mail all replies to net...@li...

Re: read_objid() capability to interpret strings

[Juergen S. <sc...@ib...>]

>>>>> Wes Hardaker writes:

Wes> Anyway, would you apply the same strictness to other tools like
Wes> chown (picking one at random), not allowing it to accept a number
Wes> and forcing the user to have the user name in the password file
Wes> for translation?

Wes, chown does not have this flaw. If you pass a number, then it is
clear what it will do as the file system only cares about numbers. If
you pass a user name, then it looks up the UID in a password database
and calls chown(2) only if the lookup was successful. Thus, the chown
behaviour is well defined.

The analogy would be a chown which takes a string argument and if it
does not find a match in the password database, it makes a best guess
what the UID could be and calls chown(2). Such a chown program might
be fun for a hacker but not for me.

/js

-- 
Juergen Schoenwaelder      Technical University Braunschweig
<sc...@ib...>  Dept. Operating Systems & Computer Networks
Phone: +49 531 391 3289    Bueltenweg 74/75, 38106 Braunschweig, Germany
Fax:   +49 531 391 5936    <URL:http://www.ibr.cs.tu-bs.de/~schoenw/>

Re: read_objid() capability to interpret strings

[Wes H. <wjh...@uc...>]

>>>>> On Thu, 23 Nov 2000 00:02:49 +0100, Juergen Schoenwaelder <sc...@ib...> said:

Juergen> Wes, chown does not have this flaw. If you pass a number,
Juergen> then it is clear what it will do as the file system only
Juergen> cares about numbers. If you pass a user name, then it looks
Juergen> up the UID in a password database and calls chown(2) only if
Juergen> the lookup was successful. Thus, the chown behaviour is well
Juergen> defined.

Juergen> The analogy would be a chown which takes a string argument
Juergen> and if it does not find a match in the password database, it
Juergen> makes a best guess what the UID could be and calls
Juergen> chown(2). Such a chown program might be fun for a hacker but
Juergen> not for me.

The SNMP protocol doesn't care about the name, only the numeric
translation.

And, anyway, we're *not* coming up with a random number assignment.
We're coming up with the translation that the user asked for:

  ...foo ->   unknown object identifier
  ..."foo" -> ...3.102.111.111
  ...'foo' -> ...102.111.111

There is *no* guesswork on our part.  The user has given us a very
very clear indication of what he wants.
-- 
Wes Hardaker
Please mail all replies to net...@li...

Re: read_objid() capability to interpret strings

[Juergen S. <sc...@ib...>]

>>>>> Wes Hardaker writes:

Wes> And, anyway, we're *not* coming up with a random number
Wes> assignment.  We're coming up with the translation that the user
Wes> asked for:

Wes>  ...foo ->   unknown object identifier
Wes>  ..."foo" -> ...3.102.111.111
Wes>  ...'foo' -> ...102.111.111

Wes> There is *no* guesswork on our part.  The user has given us a
Wes> very very clear indication of what he wants.

OK. I did not know at the beginning of this thread that the 'foo'
conversion exists in addition to the "foo" conversion. So in this
case, it is indeed the user's responsibility.

(Although I would personally prefer to be able to just pass a string
 without being responsible to distinguish between " and ' and the MIB
 lookup would take care of the rest.)

[Enough bits wasted on this - back to some more serious stuff.]

/js

Re: read_objid() capability to interpret strings

[Wes H. <wjh...@uc...>]

>>>>> On Thu, 23 Nov 2000 00:34:04 +0100, Juergen Schoenwaelder <sc...@ib...> said:

Juergen> (Although I would personally prefer to be able to just pass a
Juergen> string without being responsible to distinguish between " and
Juergen> ' and the MIB lookup would take care of the rest.)

Actually, I'd like to see (but haven't done it, though I thought Niels
had) that strings could be specified without quotes entirely if the
MIB structure was in place.  That makes the most sense.

Juergen> [Enough bits wasted on this - back to some more serious stuff.]

no kidding.
-- 
Wes Hardaker
Please mail all replies to net...@li...