Implement netgroups for BSD. Also add a note to the snmpd.xonf man page

net-snmp · Apr 11, 2024 · 59acd6e · 59acd6e
1 parent 9efbe46
commit 59acd6e
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 19 deletions.
diff --git a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
@@ -1,4 +1,4 @@
-.TH SNMPD.CONF 5 "30 Jun 2010" VVERSIONINFO "Net-SNMP"
+.TH SNMPD.CONF 5 "10 Mar 2023" VVERSIONINFO "Net-SNMP"
 .SH NAME
 snmpd.conf - configuration file for the Net-SNMP SNMP agent
 .SH DESCRIPTION
@@ -418,7 +418,8 @@ map an SNMPv1 or SNMPv2c community string to a security name - either from
 a particular range of source addresses, or globally (\fI"default"\fR).
 A restricted source can either be a specific hostname (or address), or
 a subnet - represented as IP/MASK (e.g. 10.10.10.0/255.255.255.0), or
-IP/BITS (e.g. 10.10.10.0/24), or the IPv6 equivalents.
+IP/BITS (e.g. 10.10.10.0/24), or the IPv6 equivalents, or
+a netgroup - represented as @netgroup.
 A restriction preceded by an exclamation mark (!) denies access from
 that address or subnet, e.g., !10.10.10.0/24 denies requests from
 sources in that subnet.  Deny restrictions must be before

diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
@@ -372,8 +372,7 @@ netsnmp_udp_com2SecEntry_check_return_code(int rc)
     }
 }
 
-#if defined(HAVE_ENDNETGRENT) && defined(HAVE_GETNETGRENT) &&   \
-    defined(SETNETGRENT_RETURNS_INT)
+#if defined(HAVE_ENDNETGRENT) && defined(HAVE_GETNETGRENT)
 int netsnmp_parse_source_as_netgroup(const char *sourcep, const char *community,
                        const char *secName, const char *contextName, int negate)
 {
@@ -387,23 +386,27 @@ int netsnmp_parse_source_as_netgroup(const char *sourcep, const char *community,
         return 0;
 
     /* Interpret as netgroup */
-    if (setnetgrent(netgroup)) {
-        while (getnetgrent(&host, &user, &domain)) {
-            /* Parse source address and network mask for each netgroup host. */
-            if (netsnmp_udp_resolve_source(host, &network, &mask) == 0) {
-                /* Create a new com2Sec entry. */
-                rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
-                                                     &network, &mask, negate);
-                netsnmp_udp_com2SecEntry_check_return_code(rc);
-            } else {
-                config_perror("netgroup host address parsing issue");
-                break;
-            }
-        }
-        endnetgrent();
-    } else {
+#ifdef SETNETGRENT_RETURNS_INT
+    if (!setnetgrent(netgroup)) {
         config_perror("netgroup could not be found");
+        return 1;
+    }
+#else
+    setnetgrent(netgroup);
+#endif
+    while (getnetgrent(&host, &user, &domain)) {
+        /* Parse source address and network mask for each netgroup host. */
+        if (netsnmp_udp_resolve_source(host, &network, &mask) == 0) {
+            /* Create a new com2Sec entry. */
+            rc = netsnmp_udp_com2SecEntry_create(NULL, community, secName, contextName,
+        					 &network, &mask, negate);
+            netsnmp_udp_com2SecEntry_check_return_code(rc);
+        } else {
+            config_perror("netgroup host address parsing issue");
+            break;
+        }
     }
+    endnetgrent();
     return 1;
 }
 #else