snmpsim import error while running with root about snmpsim HOT 16 CLOSED

Hmm, is not that p variable assigned unconditionally prior to reading the folder?

from snmpsim.

I tried to run this on Fedora with python3 and 2, and on Centos7 with python 2. In both distros it works with normal user but doesn't with root. The nobody group is present on both systems.

Here is pip freeze

(snmpsim-env) [root@management ~]# pip freeze
ply==3.11
pyasn1==0.4.5
pycryptodomex==3.7.2
pysmi==0.3.3
pysnmp==4.4.8
snmpsim==0.4.5

from snmpsim.

I can't reproduce this issue so far. Is there any traceback revealing line number? Or may be you could run snmpsimd with --debug all in hope that this will give us more hints on where exactly it fails?

from snmpsim.

I can get a stack trace for you, I track it down to the pysnmp, an import error happens at ZipMibBuider or something like this. I send it to you tonight! (I'm not in home now)

from snmpsim.

ImportError here https://github.com/etingof/pysnmp/blob/master/pysnmp/smi/builder.py#L161
and them it follows to https://github.com/etingof/pysnmp/blob/master/pysnmp/smi/builder.py#L229 where listdir fails before p is assigned, and is referred here: https://github.com/etingof/pysnmp/blob/master/pysnmp/smi/builder.py#L239

I was trying to get something alike with normal user but it seems to take totally different path. I notice that ZipMibSource was never invoked with user. The same break points aren't reached. What I could see is that with root it enters at https://github.com/etingof/snmpsim/blob/master/scripts/snmpsimd.py#L1200 where the user doesn't. It could be something on my environment? I have a VM where is triggering this behavior, I can share with you.

from snmpsim.

Here it is:

(snmpsim) [root@localhost ~]# snmpsimd.py --data-dir ./data --agent-udpv4-endpoint=192.168.123.1:1611 --process-user=nobody --process-group=nobody
Scanning "/root/.snmpsim/variation" directory for variation modules...
Directory "/root/.snmpsim/variation" does not exist
Scanning "/root/snmpsim/snmpsim/variation" directory for variation modules...
Directory "/root/snmpsim/snmpsim/variation" does not exist
Scanning "/root/snmpsim/share/snmpsim/variation" directory for variation modules...
Directory "/root/snmpsim/share/snmpsim/variation" does not exist
Scanning "/root/snmpsim/lib64/python3.6/site-packages/snmpsim/variation" directory for variation modules...
Directory "/root/snmpsim/lib64/python3.6/site-packages/snmpsim/variation" does not exist
> /root/snmpsim/lib64/python3.6/site-packages/pysnmp/smi/builder.py(240)_getData()
(Pdb) bt
  /root/snmpsim/bin/snmpsimd.py(1363)<module>()
  /root/snmpsim/lib64/python3.6/site-packages/pysnmp/entity/engine.py(63)__init__()
  /root/snmpsim/lib64/python3.6/site-packages/pysnmp/proto/rfc3412.py(32)__init__()
  /root/snmpsim/lib64/python3.6/site-packages/pysnmp/smi/builder.py(381)loadModules()
  /root/snmpsim/lib64/python3.6/site-packages/pysnmp/smi/builder.py(321)loadModule()
  /root/snmpsim/lib64/python3.6/site-packages/pysnmp/smi/builder.py(81)read()
> /root/snmpsim/lib64/python3.6/site-packages/pysnmp/smi/builder.py(240)_getData()
(Pdb) why
PermissionError(13, 'Permission denied')
(Pdb) 

from snmpsim.

This may be useful too:

(Pdb) self._srcName
'pysnmp.smi.mibs'
(Pdb) 

from snmpsim.

Thank you for the thorough report! This reminds me that we've had similar problem in OpenStack...

Commit etingof/pysnmp@fd7f6a7 in the release-4.4.9 branch should have fixed this problem.

I wonder if you could give it a try before I make a release?

from snmpsim.

For sure! I will ask you some patience since my Fedora died at the last update, I still have the VMs, as soon as I have my desk up to date I check it out for you. Regards!

from snmpsim.

No worries, take your time!

from snmpsim.

I have another problem right now, the release-4.4.9. dropPrivileges('nobody, 'nobody') break SnmpEngine()

(snmpsim-env) [root@localhost ~]# python
Python 3.7.2 (default, Jan  3 2019, 09:14:01) 
[GCC 8.2.1 20181215 (Red Hat 8.2.1-6)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from pysnmp.entity.engine import SnmpEngine
>>> from snmpsim.daemon import dropPrivileges
>>> 
>>> SnmpEngine()
SnmpEngine(snmpEngineID=<SnmpEngineID value object at 0x7fd6ac757198 tagSet <TagSet object at 0x7fd6af2dcc88 tags 0:0:4> subtypeSpec <ConstraintsIntersection object at 0x7fd6ac757358 consts <ValueSizeConstraint object at 0x7fd6af2b8080 consts 0, 65535>, <ValueSizeConstraint object at 0x7fd6ac757320 consts 5, 32>> encoding iso-8859-1 payload [0x80004fb8056c6f...63616c6413be2f88]>)
>>> 
>>> 
>>> dropPrivileges('nobody', 'nobody')
>>> SnmpEngine()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/root/snmpsim-env/lib64/python3.7/site-packages/pysnmp/entity/engine.py", line 91, in __init__
  File "/root/snmpsim-env/lib64/python3.7/site-packages/pysnmp/smi/builder.py", line 426, in importSymbols
pysnmp.smi.error.MibNotFoundError: No module __SNMP-FRAMEWORK-MIB loaded at <pysnmp.smi.builder.MibBuilder object at 0x7fd6ac770be0>
>>> 

from snmpsim.

This is a better way of running the test:

from unittest import TestCase, main

from snmpsim.daemon import dropPrivileges
from pysnmp.entity.engine import SnmpEngine


class DropPrivileges(TestCase):
    def test_dropPrivileges(self):
        'SnmpEngine should work after dropping privileges' 
        dropPrivileges('nobody', 'nobody')
        SnmpEngine()


if __name__ == '__main__':
    main(verbosity=2)

from snmpsim.

I just created a pull request, for this. I move the privileges drop to the end of file, just before starting the server (and opening the ports), is this okay? Is there any tests for validating the rest?

Regards!!!

from snmpsim.

#55

from snmpsim.

Just a little comment,

There is still a little bug at https://github.com/etingof/pysnmp/blob/master/pysnmp/smi/builder.py#L241. If user hasn't permission to read self._srcName folder an PermissionError is raised. Since permission error is an specialization of OSError the flow controls jump to the pointed line, prior assigning p, this leads to p referenced before assignment error.

This would only happen if you pass a user at --process-user that wasn't the user used to install pysnmp. Is just a matter of passing the right user and everything works.

from snmpsim.

Yeah you're right, I was using an old revision, sorry!

Regards!

from snmpsim.