1616#define SHELLCOMMAND 3
1717#endif
1818
19+ /* This mib is potentially dangerous to turn on by default, since it
20+ * allows arbitrary commands to be set by anyone with SNMP WRITE
21+ * access to the MIB table. If all of your users are "root" level
22+ * users, then it may be safe to turn on. */
23+ #define ENABLE_EXTEND_WRITE_ACCESS 0
24+
1925netsnmp_feature_require (extract_table_row_data );
2026netsnmp_feature_require (table_data_delete_table );
2127#ifndef NETSNMP_NO_WRITE_SUPPORT
@@ -742,7 +748,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
742748 *
743749 **********/
744750
745- #ifndef NETSNMP_NO_WRITE_SUPPORT
751+ #if !defined( NETSNMP_NO_WRITE_SUPPORT ) && ENABLE_EXTEND_WRITE_ACCESS
746752 case MODE_SET_RESERVE1 :
747753 /*
748754 * Validate the new assignments
@@ -1068,15 +1074,15 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
10681074 }
10691075 }
10701076 break ;
1071- #endif /* !NETSNMP_NO_WRITE_SUPPORT */
1077+ #endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
10721078
10731079 default :
10741080 netsnmp_set_request_error (reqinfo , request , SNMP_ERR_GENERR );
10751081 return SNMP_ERR_GENERR ;
10761082 }
10771083 }
10781084
1079- #ifndef NETSNMP_NO_WRITE_SUPPORT
1085+ #if !defined( NETSNMP_NO_WRITE_SUPPORT ) && ENABLE_EXTEND_WRITE_ACCESS
10801086 /*
10811087 * If we're marking a given row as active,
10821088 * then we need to check that it's ready.
@@ -1101,7 +1107,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
11011107 }
11021108 }
11031109 }
1104- #endif /* !NETSNMP_NO_WRITE_SUPPORT */
1110+ #endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
11051111
11061112 return SNMP_ERR_NOERROR ;
11071113}
@@ -1587,7 +1593,7 @@ fixExec2Error(int action,
15871593 idx = name [name_len - 1 ] - 1 ;
15881594 exten = & compatability_entries [ idx ];
15891595
1590- #ifndef NETSNMP_NO_WRITE_SUPPORT
1596+ #if !defined( NETSNMP_NO_WRITE_SUPPORT ) && ENABLE_EXTEND_WRITE_ACCESS
15911597 switch (action ) {
15921598 case MODE_SET_RESERVE1 :
15931599 if (var_val_type != ASN_INTEGER ) {
@@ -1608,7 +1614,7 @@ fixExec2Error(int action,
16081614 case MODE_SET_COMMIT :
16091615 netsnmp_cache_check_and_reload ( exten -> efix_entry -> cache );
16101616 }
1611- #endif /* !NETSNMP_NO_WRITE_SUPPORT */
1617+ #endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
16121618 return SNMP_ERR_NOERROR ;
16131619}
16141620#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */
0 commit comments