Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1817225

Summary: net-snmp-create-v3-user quoting an empty privpass leads to error
Product: Red Hat Enterprise Linux 8 Reporter: Tom Crider <tcrider>
Component: net-snmpAssignee: Josef Ridky <jridky>
Status: CLOSED ERRATA QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: ccheney, efedin, ovasik
Target Milestone: rcKeywords: Patch, Triaged, Upstream
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: net-snmp-5.8-19.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-18 14:57:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom Crider 2020-03-25 20:45:17 UTC 
Description of problem:

net-snmp-create-v3-user quoting an empty privpass leads to error

createUser privpass is optional as shown in 'man snmpd.conf'
-------------
createUser [-e ENGINEID] username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase]

If the privacy passphrase is not specified, it is assumed to be the same as the authentication passphrase.
-------------

However, in fixing bug #2812 privpass is quoted even when it is empty:

https://sourceforge.net/p/net-snmp/bugs/2812/

https://sourceforge.net/p/net-snmp/code/ci/e5ad10de8e175e443351be3e14e87067ff9bded8

This leads to this error:

# net-snmp-create-v3-user -A testpass -a SHA -x AES testuser
adding the following line to /var/lib/net-snmp/snmpd.conf:
   createUser testuser SHA "testpass" AES ""
adding the following line to /etc/snmp/snmpd.conf:
   rwuser testuser`

/var/lib/net-snmp/snmpd.conf

 createUser testuser SHA "testpass" AES ""

# systemctl start snmpd
# systemctl status snmpd
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
   Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2020-03-24 17:36:22 CDT; 4s ago
 Main PID: 3167 (snmpd)
    Tasks: 1
   Memory: 12.8M
   CGroup: /system.slice/snmpd.service
           └─3167 /usr/sbin/snmpd -LS0-6d -f

Mar 24 17:36:22 localhost.localdomain systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Mar 24 17:36:22 localhost.localdomain snmpd[3167]: Error: passphrase chosen is below the length requirements of the USM (min=8).
Mar 24 17:36:22 localhost.localdomain snmpd[3167]: /var/lib/net-snmp/snmpd.conf: line 53: Error: could not generate the privacy key from the supplied pass phrase.
Mar 24 17:36:22 localhost.localdomain snmpd[3167]: net-snmp: 1 error(s) in config file(s)
Mar 24 17:36:22 localhost.localdomain snmpd[3167]: NET-SNMP version 5.8
Mar 24 17:36:22 localhost.localdomain systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..

And so it does not actually create the user.

If I manually delete the "" in /var/lib/net-snmp/snmpd.conf and then start it works.

>> Either createUser needs to check for blank passwords and ignore them or net-snmp-create-v3-user should check for blank passwords and not add the "" to /var/lib/net-snmp/snmpd.conf.

Version-Release number of selected component (if applicable):

Any net-snmp version in RHEL 8.0+

How reproducible:

invoke the net-snmp-create-v3-user script without a priv passphrase specified

Steps to Reproduce:

# net-snmp-create-v3-user -A testpass -a SHA -x AES testuser
adding the following line to /var/lib/net-snmp/snmpd.conf:
   createUser testuser SHA "testpass" AES ""
adding the following line to /etc/snmp/snmpd.conf:
   rwuser testuser`

/var/lib/net-snmp/snmpd.conf

 createUser testuser SHA "testpass" AES ""

# systemctl start snmpd
# systemctl status snmpd
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
   Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2020-03-24 17:36:22 CDT; 4s ago
 Main PID: 3167 (snmpd)
    Tasks: 1
   Memory: 12.8M
   CGroup: /system.slice/snmpd.service
           └─3167 /usr/sbin/snmpd -LS0-6d -f

Mar 24 17:36:22 localhost.localdomain systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Mar 24 17:36:22 localhost.localdomain snmpd[3167]: Error: passphrase chosen is below the length requirements of the USM (min=8).
Mar 24 17:36:22 localhost.localdomain snmpd[3167]: /var/lib/net-snmp/snmpd.conf: line 53: Error: could not generate the privacy key from the supplied pass phrase.
Mar 24 17:36:22 localhost.localdomain snmpd[3167]: net-snmp: 1 error(s) in config file(s)
Mar 24 17:36:22 localhost.localdomain snmpd[3167]: NET-SNMP version 5.8
Mar 24 17:36:22 localhost.localdomain systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..

And so it does not actually create the user.

If I manually delete the "" in /var/lib/net-snmp/snmpd.conf and then start it works.


Actual results:

It does not actually create the user, and instead adds ""


Expected results:

Either createUser needs to check for blank passwords and ignore them or net-snmp-create-v3-user should check for blank passwords and not add the "" to /var/lib/net-snmp/snmpd.conf.

Additional info:

https://github.com/net-snmp/net-snmp/issues/86
Comment 9 Josef Ridky 2020-12-01 07:57:11 UTC 
Build: https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1397026
Comment 12 errata-xmlrpc 2021-05-18 14:57:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (net-snmp bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1637