Skip to content

Commit

Permalink
Add logging handler for USM security errors.
Browse files Browse the repository at this point in the history
Add no-auth and no-priv protocol objects.
Add the OIDs for all the auth and priv protocol objects.

ZEN-35146
  • Loading branch information
jpeacock-zenoss committed Nov 14, 2024
1 parent a3d527c commit e347790
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 27 deletions.
6 changes: 3 additions & 3 deletions pynetsnmp/CONSTANTS.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
NULL = 0
USM_LENGTH_OID_TRANSFORM = 10
NULL = None
MAX_CALLBACK_IDS = 2
MAX_CALLBACK_SUBIDS = 16
SNMP_CALLBACK_LIBRARY = 0
Expand Down Expand Up @@ -306,7 +306,8 @@
NETSNMP_CALLBACK_OP_SEND_FAILED = 3
NETSNMP_CALLBACK_OP_CONNECT = 4
NETSNMP_CALLBACK_OP_DISCONNECT = 5
snmp_init_statistics = ()
NETSNMP_CALLBACK_OP_RESEND = 6
NETSNMP_CALLBACK_OP_SEC_ERROR = 7
STAT_SNMPUNKNOWNSECURITYMODELS = 0
STAT_SNMPINVALIDMSGS = 1
STAT_SNMPUNKNOWNPDUHANDLERS = 2
Expand Down Expand Up @@ -377,7 +378,6 @@
MAX_STATS = NETSNMP_STAT_MAX_STATS
COMMUNITY_MAX_LEN = 256
SPRINT_MAX_LEN = 2560
NULL = 0
TRUE = 1
FALSE = 0
READ = 1
Expand Down
8 changes: 8 additions & 0 deletions pynetsnmp/netsnmp.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
MAX_OID_LEN,
NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE,
NETSNMP_CALLBACK_OP_TIMED_OUT,
NETSNMP_CALLBACK_OP_SEC_ERROR,
NETSNMP_DS_LIB_APPTYPE,
NETSNMP_DS_LIBRARY_ID,
NETSNMP_LOGHANDLER_CALLBACK,
Expand Down Expand Up @@ -658,6 +659,13 @@ def _callback(operation, sp, reqid, pdu, magic):
sess.callback(pdu.contents)
elif operation == NETSNMP_CALLBACK_OP_TIMED_OUT:
sess.timeout(reqid)
elif operation == NETSNMP_CALLBACK_OP_SEC_ERROR:
_getLogger("callback").error(
"peer has rejected security credentials "
"peername=%s security-name=%s",
sp.contents.peername,
sp.contents.securityName,
)
else:
_getLogger("callback").error("Unknown operation: %d", operation)
except Exception as ex:
Expand Down
13 changes: 4 additions & 9 deletions pynetsnmp/twistedsnmp.py
Original file line number Diff line number Diff line change
Expand Up @@ -201,11 +201,7 @@ def create(
except AttributeError:
ip = address
return cls(
ip,
port=port,
security=security,
timeout=timeout,
tries=retries,
ip, port=port, security=security, timeout=timeout, tries=retries
)

def __init__(
Expand All @@ -214,7 +210,7 @@ def __init__(
port=161,
community="public",
snmpVersion="1",
protocol=None,
protocol=None, # no longer used
allowCache=False, # no longer used
timeout=1.5,
tries=3,
Expand Down Expand Up @@ -390,15 +386,14 @@ def open(self):
if self.session is not None:
self.session.close()
self.session = None
updateReactor()

if self._security:
agent = asAgent(self.ip, self.port)
cmdlineargs = self._security.getArguments() + (
("-t", str(self.timeout), "-r", str(self.tries), agent)
)
self.session = netsnmp.Session(
cmdLineArgs=cmdlineargs
)
self.session = netsnmp.Session(cmdLineArgs=cmdlineargs)
else:
self.session = netsnmp.Session(
version=netsnmp.SNMP_VERSION_MAP.get(
Expand Down
36 changes: 21 additions & 15 deletions pynetsnmp/usm.py
Original file line number Diff line number Diff line change
@@ -1,24 +1,26 @@
from __future__ import absolute_import


class _Protocol(object):
""" """

__slots__ = ("name",)
__slots__ = ("name", "oid")

def __init__(self, name):
def __init__(self, name, oid):
self.name = name
self.oid = oid

def __eq__(self, other):
if not isinstance(other, type(self)):
return NotImplemented
return self.name == other.name
return self.name == other.name and self.oid == other.oid

def __str__(self):
return self.name

def __repr__(self):
return "<{0.__module__}.{0.__name__} {1}>".format(
self.__class__, self.name
return "<{0.__module__}.{0.__name__} {1} {2}>".format(
self.__class__, self.name, ".".join(str(v) for v in self.oid)
)


Expand Down Expand Up @@ -53,12 +55,13 @@ def __repr__(self):
)


AUTH_MD5 = _Protocol("MD5")
AUTH_SHA = _Protocol("SHA")
AUTH_SHA_224 = _Protocol("SHA-224")
AUTH_SHA_256 = _Protocol("SHA-256")
AUTH_SHA_384 = _Protocol("SHA-384")
AUTH_SHA_512 = _Protocol("SHA-512")
AUTH_NOAUTH = _Protocol("NOAUTH", (1, 3, 6, 1, 6, 3, 10, 1, 1, 1))
AUTH_MD5 = _Protocol("MD5", (1, 3, 6, 1, 6, 3, 10, 1, 1, 2))
AUTH_SHA = _Protocol("SHA", (1, 3, 6, 1, 6, 3, 10, 1, 1, 3))
AUTH_SHA_224 = _Protocol("SHA-224", (1, 3, 6, 1, 6, 3, 10, 1, 1, 4))
AUTH_SHA_256 = _Protocol("SHA-256", (1, 3, 6, 1, 6, 3, 10, 1, 1, 5))
AUTH_SHA_384 = _Protocol("SHA-384", (1, 3, 6, 1, 6, 3, 10, 1, 1, 6))
AUTH_SHA_512 = _Protocol("SHA-512", (1, 3, 6, 1, 6, 3, 10, 1, 1, 7))

auth_protocols = _Protocols(
(
Expand All @@ -72,10 +75,11 @@ def __repr__(self):
"authentication",
)

PRIV_DES = _Protocol("DES")
PRIV_AES = _Protocol("AES")
PRIV_AES_192 = _Protocol("AES-192")
PRIV_AES_256 = _Protocol("AES-256")
PRIV_NOPRIV = _Protocol("NOPRIV", (1, 3, 6, 1, 6, 3, 10, 1, 2, 1))
PRIV_DES = _Protocol("DES", (1, 3, 6, 1, 6, 3, 10, 1, 2, 2))
PRIV_AES = _Protocol("AES", (1, 3, 6, 1, 6, 3, 10, 1, 2, 4))
PRIV_AES_192 = _Protocol("AES-192", (1, 3, 6, 1, 4, 1, 14832, 1, 3))
PRIV_AES_256 = _Protocol("AES-256", (1, 3, 6, 1, 4, 1, 14832, 1, 4))

priv_protocols = _Protocols(
(PRIV_DES, PRIV_AES, PRIV_AES_192, PRIV_AES_256), "privacy"
Expand All @@ -85,13 +89,15 @@ def __repr__(self):
del _Protocols

__all__ = (
"AUTH_NOAUTH",
"AUTH_MD5",
"AUTH_SHA",
"AUTH_SHA_224",
"AUTH_SHA_256",
"AUTH_SHA_384",
"AUTH_SHA_512",
"auth_protocols",
"PRIV_NOPRIV",
"PRIV_DES",
"PRIV_AES",
"PRIV_AES_192",
Expand Down

0 comments on commit e347790

Please sign in to comment.