From e3477906461a78afd786d08038670bc5a1bbca2b Mon Sep 17 00:00:00 2001 From: Jason Peacock Date: Thu, 14 Nov 2024 11:22:24 -0600 Subject: [PATCH] Add logging handler for USM security errors. Add no-auth and no-priv protocol objects. Add the OIDs for all the auth and priv protocol objects. ZEN-35146 --- pynetsnmp/CONSTANTS.py | 6 +++--- pynetsnmp/netsnmp.py | 8 ++++++++ pynetsnmp/twistedsnmp.py | 13 ++++--------- pynetsnmp/usm.py | 36 +++++++++++++++++++++--------------- 4 files changed, 36 insertions(+), 27 deletions(-) diff --git a/pynetsnmp/CONSTANTS.py b/pynetsnmp/CONSTANTS.py index 61d699f..2828148 100644 --- a/pynetsnmp/CONSTANTS.py +++ b/pynetsnmp/CONSTANTS.py @@ -1,5 +1,5 @@ +NULL = 0 USM_LENGTH_OID_TRANSFORM = 10 -NULL = None MAX_CALLBACK_IDS = 2 MAX_CALLBACK_SUBIDS = 16 SNMP_CALLBACK_LIBRARY = 0 @@ -306,7 +306,8 @@ NETSNMP_CALLBACK_OP_SEND_FAILED = 3 NETSNMP_CALLBACK_OP_CONNECT = 4 NETSNMP_CALLBACK_OP_DISCONNECT = 5 -snmp_init_statistics = () +NETSNMP_CALLBACK_OP_RESEND = 6 +NETSNMP_CALLBACK_OP_SEC_ERROR = 7 STAT_SNMPUNKNOWNSECURITYMODELS = 0 STAT_SNMPINVALIDMSGS = 1 STAT_SNMPUNKNOWNPDUHANDLERS = 2 @@ -377,7 +378,6 @@ MAX_STATS = NETSNMP_STAT_MAX_STATS COMMUNITY_MAX_LEN = 256 SPRINT_MAX_LEN = 2560 -NULL = 0 TRUE = 1 FALSE = 0 READ = 1 diff --git a/pynetsnmp/netsnmp.py b/pynetsnmp/netsnmp.py index 43dab9d..4240a94 100644 --- a/pynetsnmp/netsnmp.py +++ b/pynetsnmp/netsnmp.py @@ -59,6 +59,7 @@ MAX_OID_LEN, NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE, NETSNMP_CALLBACK_OP_TIMED_OUT, + NETSNMP_CALLBACK_OP_SEC_ERROR, NETSNMP_DS_LIB_APPTYPE, NETSNMP_DS_LIBRARY_ID, NETSNMP_LOGHANDLER_CALLBACK, @@ -658,6 +659,13 @@ def _callback(operation, sp, reqid, pdu, magic): sess.callback(pdu.contents) elif operation == NETSNMP_CALLBACK_OP_TIMED_OUT: sess.timeout(reqid) + elif operation == NETSNMP_CALLBACK_OP_SEC_ERROR: + _getLogger("callback").error( + "peer has rejected security credentials " + "peername=%s security-name=%s", + sp.contents.peername, + sp.contents.securityName, + ) else: _getLogger("callback").error("Unknown operation: %d", operation) except Exception as ex: diff --git a/pynetsnmp/twistedsnmp.py b/pynetsnmp/twistedsnmp.py index 701e804..9a4592f 100644 --- a/pynetsnmp/twistedsnmp.py +++ b/pynetsnmp/twistedsnmp.py @@ -201,11 +201,7 @@ def create( except AttributeError: ip = address return cls( - ip, - port=port, - security=security, - timeout=timeout, - tries=retries, + ip, port=port, security=security, timeout=timeout, tries=retries ) def __init__( @@ -214,7 +210,7 @@ def __init__( port=161, community="public", snmpVersion="1", - protocol=None, + protocol=None, # no longer used allowCache=False, # no longer used timeout=1.5, tries=3, @@ -390,15 +386,14 @@ def open(self): if self.session is not None: self.session.close() self.session = None + updateReactor() if self._security: agent = asAgent(self.ip, self.port) cmdlineargs = self._security.getArguments() + ( ("-t", str(self.timeout), "-r", str(self.tries), agent) ) - self.session = netsnmp.Session( - cmdLineArgs=cmdlineargs - ) + self.session = netsnmp.Session(cmdLineArgs=cmdlineargs) else: self.session = netsnmp.Session( version=netsnmp.SNMP_VERSION_MAP.get( diff --git a/pynetsnmp/usm.py b/pynetsnmp/usm.py index 2e9a422..7455e9f 100644 --- a/pynetsnmp/usm.py +++ b/pynetsnmp/usm.py @@ -1,24 +1,26 @@ from __future__ import absolute_import + class _Protocol(object): """ """ - __slots__ = ("name",) + __slots__ = ("name", "oid") - def __init__(self, name): + def __init__(self, name, oid): self.name = name + self.oid = oid def __eq__(self, other): if not isinstance(other, type(self)): return NotImplemented - return self.name == other.name + return self.name == other.name and self.oid == other.oid def __str__(self): return self.name def __repr__(self): - return "<{0.__module__}.{0.__name__} {1}>".format( - self.__class__, self.name + return "<{0.__module__}.{0.__name__} {1} {2}>".format( + self.__class__, self.name, ".".join(str(v) for v in self.oid) ) @@ -53,12 +55,13 @@ def __repr__(self): ) -AUTH_MD5 = _Protocol("MD5") -AUTH_SHA = _Protocol("SHA") -AUTH_SHA_224 = _Protocol("SHA-224") -AUTH_SHA_256 = _Protocol("SHA-256") -AUTH_SHA_384 = _Protocol("SHA-384") -AUTH_SHA_512 = _Protocol("SHA-512") +AUTH_NOAUTH = _Protocol("NOAUTH", (1, 3, 6, 1, 6, 3, 10, 1, 1, 1)) +AUTH_MD5 = _Protocol("MD5", (1, 3, 6, 1, 6, 3, 10, 1, 1, 2)) +AUTH_SHA = _Protocol("SHA", (1, 3, 6, 1, 6, 3, 10, 1, 1, 3)) +AUTH_SHA_224 = _Protocol("SHA-224", (1, 3, 6, 1, 6, 3, 10, 1, 1, 4)) +AUTH_SHA_256 = _Protocol("SHA-256", (1, 3, 6, 1, 6, 3, 10, 1, 1, 5)) +AUTH_SHA_384 = _Protocol("SHA-384", (1, 3, 6, 1, 6, 3, 10, 1, 1, 6)) +AUTH_SHA_512 = _Protocol("SHA-512", (1, 3, 6, 1, 6, 3, 10, 1, 1, 7)) auth_protocols = _Protocols( ( @@ -72,10 +75,11 @@ def __repr__(self): "authentication", ) -PRIV_DES = _Protocol("DES") -PRIV_AES = _Protocol("AES") -PRIV_AES_192 = _Protocol("AES-192") -PRIV_AES_256 = _Protocol("AES-256") +PRIV_NOPRIV = _Protocol("NOPRIV", (1, 3, 6, 1, 6, 3, 10, 1, 2, 1)) +PRIV_DES = _Protocol("DES", (1, 3, 6, 1, 6, 3, 10, 1, 2, 2)) +PRIV_AES = _Protocol("AES", (1, 3, 6, 1, 6, 3, 10, 1, 2, 4)) +PRIV_AES_192 = _Protocol("AES-192", (1, 3, 6, 1, 4, 1, 14832, 1, 3)) +PRIV_AES_256 = _Protocol("AES-256", (1, 3, 6, 1, 4, 1, 14832, 1, 4)) priv_protocols = _Protocols( (PRIV_DES, PRIV_AES, PRIV_AES_192, PRIV_AES_256), "privacy" @@ -85,6 +89,7 @@ def __repr__(self): del _Protocols __all__ = ( + "AUTH_NOAUTH", "AUTH_MD5", "AUTH_SHA", "AUTH_SHA_224", @@ -92,6 +97,7 @@ def __repr__(self): "AUTH_SHA_384", "AUTH_SHA_512", "auth_protocols", + "PRIV_NOPRIV", "PRIV_DES", "PRIV_AES", "PRIV_AES_192",