summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIlya Etingof <etingof@gmail.com>2018-09-13 18:45:27 +0200
committerIlya Etingof <etingof@gmail.com>2018-09-13 19:42:05 +0200
commit51a15bdaa0d64ea1bfcce5c461ebdbe54ac701d7 (patch)
tree0c3df4f883c8c7808fd34c6eae250dae11b21852
parent2a9466dbe4da15757f888eb88200923a57ca09b0 (diff)
downloadpysnmp-git-51a15bdaa0d64ea1bfcce5c461ebdbe54ac701d7.tar.gz
Tolerate non-initialised entries in SNMP community table
It can happen that SNMP community table contains uninitialized entries. These entries may stop internal SNMP community table indexing which is done in rfc2576 to speed up SNMP engine operations when SNMPv1/v2c is involved. Once a bad entry gets into SNMP community table, all the rest queries would start failing. This patch ignores incomplete SNMP community table entries in the course of building indices.
Diffstat
-rw-r--r--pysnmp/proto/secmod/rfc2576.py100
1 files changed, 75 insertions, 25 deletions
diff --git a/pysnmp/proto/secmod/rfc2576.py b/pysnmp/proto/secmod/rfc2576.py
index 69794272..3e4b96c1 100644
--- a/pysnmp/proto/secmod/rfc2576.py
+++ b/pysnmp/proto/secmod/rfc2576.py
@@ -38,7 +38,7 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
nextMibNode = snmpTargetParamsSecurityName
- while 1:
+ while True:
try:
nextMibNode = snmpTargetParamsSecurityName.getNextNode(nextMibNode.name)
@@ -49,10 +49,18 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
mibNode = snmpTargetParamsSecurityModel.getNode(snmpTargetParamsSecurityModel.name + instId)
- if mibNode.syntax not in self.__nameToModelMap:
- self.__nameToModelMap[nextMibNode.syntax] = set()
+ try:
+ if mibNode.syntax not in self.__nameToModelMap:
+ self.__nameToModelMap[nextMibNode.syntax] = set()
+
+ self.__nameToModelMap[nextMibNode.syntax].add(mibNode.syntax)
- self.__nameToModelMap[nextMibNode.syntax].add(mibNode.syntax)
+ except PyAsn1Error:
+ debug.logger & debug.flagSM and debug.logger(
+ '_sec2com: table entries %r/%r hashing failed' % (
+ nextMibNode.syntax, mibNode.syntax)
+ )
+ continue
self.__paramsBranchId = snmpTargetParamsSecurityName.branchVersionId
@@ -72,7 +80,8 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
self.__securityMap = {}
nextMibNode = snmpCommunityName
- while 1:
+
+ while True:
try:
nextMibNode = snmpCommunityName.getNextNode(nextMibNode.name)
@@ -88,9 +97,17 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
_contextName = snmpCommunityContextName.getNode(snmpCommunityContextName.name + instId).syntax
- self.__securityMap[(_securityName,
- _contextEngineId,
- _contextName)] = nextMibNode.syntax
+ try:
+ self.__securityMap[(_securityName,
+ _contextEngineId,
+ _contextName)] = nextMibNode.syntax
+
+ except PyAsn1Error:
+ debug.logger & debug.flagSM and debug.logger(
+ '_sec2com: table entries %r/%r/%r hashing failed' % (
+ _securityName, _contextEngineId, _contextName)
+ )
+ continue
self.__securityBranchId = snmpCommunityName.branchVersionId
@@ -123,11 +140,14 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
self.__transportToTagMap = {}
nextMibNode = snmpTargetAddrTagList
+
while True:
try:
nextMibNode = snmpTargetAddrTagList.getNextNode(nextMibNode.name)
+
except NoSuchInstanceError:
break
+
instId = nextMibNode.name[len(snmpTargetAddrTagList.name):]
targetAddrTDomain = snmpTargetAddrTDomain.getNode(snmpTargetAddrTDomain.name + instId).syntax
targetAddrTAddress = snmpTargetAddrTAddress.getNode(snmpTargetAddrTAddress.name + instId).syntax
@@ -144,17 +164,29 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
targetAddrTAddress = tuple(TransportAddressIPv6(targetAddrTAddress))
elif targetAddrTDomain[:len(unix.snmpLocalDomain)] == unix.snmpLocalDomain:
targetAddrTAddress = str(targetAddrTAddress)
+
targetAddr = targetAddrTDomain, targetAddrTAddress
targetAddrTagList = snmpTargetAddrTagList.getNode(snmpTargetAddrTagList.name + instId).syntax
+
if targetAddr not in self.__transportToTagMap:
self.__transportToTagMap[targetAddr] = set()
- if targetAddrTagList:
- self.__transportToTagMap[targetAddr].update(
- [SnmpTagValue(x)
- for x in targetAddrTagList.asOctets().split()]
+
+ try:
+ if targetAddrTagList:
+ self.__transportToTagMap[targetAddr].update(
+ [SnmpTagValue(x)
+ for x in targetAddrTagList.asOctets().split()]
+ )
+
+ else:
+ self.__transportToTagMap[targetAddr].add(self.__emptyTag)
+
+ except PyAsn1Error:
+ debug.logger & debug.flagSM and debug.logger(
+ '_com2sec: table entries %r/%r hashing failed' % (
+ targetAddr, targetAddrTagList)
)
- else:
- self.__transportToTagMap[targetAddr].add(self.__emptyTag)
+ continue
self.__transportBranchId = snmpTargetAddrTAddress.branchVersionId
@@ -163,6 +195,7 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
snmpTargetParamsSecurityName, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols(
'SNMP-TARGET-MIB', 'snmpTargetParamsSecurityName')
+
if self.__paramsBranchId != snmpTargetParamsSecurityName.branchVersionId:
snmpTargetParamsSecurityModel, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols(
'SNMP-TARGET-MIB', 'snmpTargetParamsSecurityModel')
@@ -182,10 +215,18 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
mibNode = snmpTargetParamsSecurityModel.getNode(snmpTargetParamsSecurityModel.name + instId)
- if nextMibNode.syntax not in self.__nameToModelMap:
- self.__nameToModelMap[nextMibNode.syntax] = set()
+ try:
+ if nextMibNode.syntax not in self.__nameToModelMap:
+ self.__nameToModelMap[nextMibNode.syntax] = set()
+
+ self.__nameToModelMap[nextMibNode.syntax].add(mibNode.syntax)
- self.__nameToModelMap[nextMibNode.syntax].add(mibNode.syntax)
+ except PyAsn1Error:
+ debug.logger & debug.flagSM and debug.logger(
+ '_com2sec: table entries %r/%r hashing failed' % (
+ nextMibNode.syntax, mibNode.syntax)
+ )
+ continue
self.__paramsBranchId = snmpTargetParamsSecurityName.branchVersionId
@@ -211,6 +252,7 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
self.__tagAndCommunityToSecurityMap = {}
nextMibNode = snmpCommunityName
+
while True:
try:
nextMibNode = snmpCommunityName.getNextNode(nextMibNode.name)
@@ -231,17 +273,25 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel):
_tagAndCommunity = transportTag, nextMibNode.syntax
- if _tagAndCommunity not in self.__tagAndCommunityToSecurityMap:
- self.__tagAndCommunityToSecurityMap[_tagAndCommunity] = set()
+ try:
+ if _tagAndCommunity not in self.__tagAndCommunityToSecurityMap:
+ self.__tagAndCommunityToSecurityMap[_tagAndCommunity] = set()
- self.__tagAndCommunityToSecurityMap[_tagAndCommunity].add(
- (securityName, contextEngineId, contextName)
- )
+ self.__tagAndCommunityToSecurityMap[_tagAndCommunity].add(
+ (securityName, contextEngineId, contextName)
+ )
+
+ if nextMibNode.syntax not in self.__communityToTagMap:
+ self.__communityToTagMap[nextMibNode.syntax] = set()
- if nextMibNode.syntax not in self.__communityToTagMap:
- self.__communityToTagMap[nextMibNode.syntax] = set()
+ self.__communityToTagMap[nextMibNode.syntax].add(transportTag)
- self.__communityToTagMap[nextMibNode.syntax].add(transportTag)
+ except PyAsn1Error:
+ debug.logger & debug.flagSM and debug.logger(
+ '_com2sec: table entries %r/%r hashing failed' % (
+ _tagAndCommunity, nextMibNode.syntax)
+ )
+ continue
self.__communityBranchId = snmpCommunityName.branchVersionId
View Lorry Controller Status