fixed zero boots/time values put into SNMPv3 TRAP

author: Ilya Etingof <etingof@gmail.com> 2018-04-21 01:18:06 +0200
committer: Ilya Etingof <etingof@gmail.com> 2018-04-21 17:46:28 +0200
commit: 2346e0a9af12681bd093adc2e6b2ae525743c557 (patch)
tree: 0efc37a9c107d436fdad1a4b58aac9eae21cf8e2
parent: 04f1fa847612d448a9a0aecf7363d1fddd311872 (diff)
download: pysnmp-git-2346e0a9af12681bd093adc2e6b2ae525743c557.tar.gz
2 files changed, 30 insertions, 24 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 34ea5879..7639e71c 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -16,6 +16,7 @@ Revision 5.0.0, released 2018-03-??
 Revision 4.4.5, released 2018-04-XX
 -----------------------------------
 
+- Fixed zero SNMPv3 boots/time values put in SNMPv3 TRAP messages
 - Fixed broken InetAddressType rendering caused by a pyasn1 regression
 - Fixed typo in RFC1158 module
 
diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py
index e8e363b9..b7760e4b 100644
--- a/pysnmp/proto/secmod/rfc3414/service.py
+++ b/pysnmp/proto/secmod/rfc3414/service.py
@@ -13,7 +13,7 @@ from pysnmp.proto.secmod.rfc3826.priv import aes
 from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
 from pysnmp.proto.secmod.eso.priv import des3, aes192, aes256
 from pysnmp.smi.error import NoSuchInstanceError
-from pysnmp.proto import rfc1155, errind, error
+from pysnmp.proto import rfc1155, rfc3411, errind, error
 from pysnmp import debug
 from pyasn1.type import univ, namedtype, constraint
 from pyasn1.codec.ber import encoder, decoder, eoo
@@ -333,35 +333,40 @@ class SnmpUSMSecurityModel(AbstractSecurityModel):
             0, scopedPDU, verifyConstraints=False, matchTags=False, matchConstraints=False
         )
 
-        # 3.1.6a
-        if securityStateReference is None and securityLevel in (2, 3):
-            if securityEngineID in self.__timeline:
-                (snmpEngineBoots, snmpEngineTime, latestReceivedEngineTime,
+        snmpEngineBoots = snmpEngineTime = 0
+
+        if securityLevel in (2, 3):
+            pdu = scopedPDU.getComponentByPosition(2).getComponent()
+
+            # 3.1.6.b
+            if pdu.tagSet in rfc3411.unconfirmedClassPDUs:
+                (snmpEngineBoots,
+                 snmpEngineTime) = mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineBoots', 'snmpEngineTime')
+
+                snmpEngineBoots = snmpEngineBoots.syntax
+                snmpEngineTime = snmpEngineTime.syntax.clone()
+
+                debug.logger & debug.flagSM and debug.logger(
+                    '__generateRequestOrResponseMsg: read snmpEngineBoots, snmpEngineTime from LCD')
+
+            # 3.1.6a
+            elif securityEngineID in self.__timeline:
+                (snmpEngineBoots,
+                 snmpEngineTime,
+                 latestReceivedEngineTime,
                  latestUpdateTimestamp) = self.__timeline[securityEngineID]
+
                 debug.logger & debug.flagSM and debug.logger(
                     '__generateRequestOrResponseMsg: read snmpEngineBoots, snmpEngineTime from timeline')
+
+            # 3.1.6.c
             else:
-                # 2.3 XXX is this correct?
-                snmpEngineBoots = snmpEngineTime = 0
                 debug.logger & debug.flagSM and debug.logger(
-                    '__generateRequestOrResponseMsg: no timeline for securityEngineID %r' % (securityEngineID,))
-        # 3.1.6.b
-        elif securityStateReference is not None:  # XXX Report?
-            (snmpEngineBoots,
-             snmpEngineTime) = mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineBoots', 'snmpEngineTime')
-            snmpEngineBoots = snmpEngineBoots.syntax
-            snmpEngineTime = snmpEngineTime.syntax.clone()
-            debug.logger & debug.flagSM and debug.logger(
-                '__generateRequestOrResponseMsg: read snmpEngineBoots, snmpEngineTime from LCD')
-        # 3.1.6.c
-        else:
-            snmpEngineBoots = snmpEngineTime = 0
-            debug.logger & debug.flagSM and debug.logger(
-                '__generateRequestOrResponseMsg: assuming zero snmpEngineBoots, snmpEngineTime')
+                    '__generateRequestOrResponseMsg: assuming zero snmpEngineBoots, snmpEngineTime')
 
-        debug.logger & debug.flagSM and debug.logger(
-            '__generateRequestOrResponseMsg: use snmpEngineBoots %s snmpEngineTime %s for securityEngineID %r' % (
-                snmpEngineBoots, snmpEngineTime, securityEngineID))
+            debug.logger & debug.flagSM and debug.logger(
+                '__generateRequestOrResponseMsg: use snmpEngineBoots %s snmpEngineTime %s for securityEngineID %r' % (
+                    snmpEngineBoots, snmpEngineTime, securityEngineID))
 
         # 3.1.4a
         if securityLevel == 3:
author	Ilya Etingof <etingof@gmail.com>	2018-04-21 01:18:06 +0200
committer	Ilya Etingof <etingof@gmail.com>	2018-04-21 17:46:28 +0200
commit	2346e0a9af12681bd093adc2e6b2ae525743c557 (patch)
tree	0efc37a9c107d436fdad1a4b58aac9eae21cf8e2
parent	04f1fa847612d448a9a0aecf7363d1fddd311872 (diff)
download	pysnmp-git-2346e0a9af12681bd093adc2e6b2ae525743c557.tar.gz