diff options
| author | Ilya Etingof <etingof@gmail.com> | 2019-08-04 12:16:27 +0200 |
|---|---|---|
| committer | Ilya Etingof <etingof@gmail.com> | 2019-08-05 09:22:45 +0200 |
| commit | 17a63974eb7df7eb47f822f32a05afd1081b8c06 (patch) | |
| tree | 9991c89dc97c92c759d3770b547482dbda2f470b /pysnmp/proto | |
| parent | 9d6c7b5e44a7ec728ac9990a19edd13a61cc70d1 (diff) | |
| download | pysnmp-git-17a63974eb7df7eb47f822f32a05afd1081b8c06.tar.gz | |
Do not store incomplete USM keys and improve debug
This adds details debugging on USM initial configuration process
and runtime USM user cloning.
Besides that, this patch eliminates storing of incomplete
USM keys (in case when master/localized keys are configured
directly).
On top of that, this commit fixes a bug in USM configuration
which did not allow the same user names to be added under
different security names.
Diffstat (limited to 'pysnmp/proto')
| -rw-r--r-- | pysnmp/proto/secmod/rfc3414/localkey.py | 7 | ||||
| -rw-r--r-- | pysnmp/proto/secmod/rfc3414/service.py | 77 |
2 files changed, 69 insertions, 15 deletions
diff --git a/pysnmp/proto/secmod/rfc3414/localkey.py b/pysnmp/proto/secmod/rfc3414/localkey.py index bc4faa91..61ce5ff9 100644 --- a/pysnmp/proto/secmod/rfc3414/localkey.py +++ b/pysnmp/proto/secmod/rfc3414/localkey.py @@ -36,8 +36,8 @@ def hashPassphrase(passphrase, hashFunc): mark = e - ringBufferLen count += 1 - - return hasher.digest() + digest = hasher.digest() + return univ.OctetString(digest) def passwordToKey(passphrase, snmpEngineId, hashFunc): @@ -49,7 +49,8 @@ def localizeKey(passKey, snmpEngineId, hashFunc): passKey = univ.OctetString(passKey).asOctets() # noinspection PyDeprecation,PyCallingNonCallable - return hashFunc(passKey + snmpEngineId.asOctets() + passKey).digest() + digest = hashFunc(passKey + snmpEngineId.asOctets() + passKey).digest() + return univ.OctetString(digest) # RFC3414: A.2.1 diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py index 0a8f54e5..f20df861 100644 --- a/pysnmp/proto/secmod/rfc3414/service.py +++ b/pysnmp/proto/secmod/rfc3414/service.py @@ -344,7 +344,22 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): securityEngineID = snmpEngineID debug.logger & debug.FLAG_SM and debug.logger( - '__generateRequestOrResponseMsg: user info read from cache') + '__generateRequestOrResponseMsg: using cached USM user entry ' + 'usmUserName "%s" ' + 'usmUserSecurityName "%s" ' + 'usmUserAuthProtocol "%s" ' + 'usmUserAuthKeyLocalized "%s" ' + 'usmUserPrivProtocol "%s" ' + 'usmUserPrivKeyLocalized "%s" for ' + 'securityEngineID "%s" and securityName "%s" found by ' + 'securityStateReference "%s" ' % ( + usmUserName, usmUserSecurityName, + usmUserAuthProtocol, + usmUserAuthKeyLocalized and usmUserAuthKeyLocalized.prettyPrint(), + usmUserPrivProtocol, + usmUserPrivKeyLocalized and usmUserPrivKeyLocalized.prettyPrint(), + securityEngineID.prettyPrint(), + securityName, securityStateReference)) elif securityName: # 3.1.1b @@ -356,8 +371,23 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): securityEngineID, self._sec2usr(snmpEngine, securityName, securityEngineID) ) + debug.logger & debug.FLAG_SM and debug.logger( - '__generateRequestOrResponseMsg: read user info') + '__generateRequestOrResponseMsg: found USM user entry ' + 'usmUserName "%s" ' + 'usmUserSecurityName "%s" ' + 'usmUserAuthProtocol "%s" ' + 'usmUserAuthKeyLocalized "%s" ' + 'usmUserPrivProtocol "%s" ' + 'usmUserPrivKeyLocalized "%s" by ' + 'securityEngineID "%s" and securityName "%s"' % ( + usmUserName, usmUserSecurityName, + usmUserAuthProtocol, + usmUserAuthKeyLocalized.prettyPrint(), + usmUserPrivProtocol, + usmUserPrivKeyLocalized.prettyPrint(), + securityEngineID.prettyPrint(), + securityName)) except NoSuchInstanceError: pysnmpUsmDiscovery, = mibBuilder.importSymbols( @@ -375,7 +405,28 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): self._sec2usr(snmpEngine, securityName) ) + debug.logger & debug.FLAG_SM and debug.logger( + '__generateRequestOrResponseMsg: cloned USM user entry ' + 'usmUserName "%s" ' + 'usmUserSecurityName "%s" ' + 'usmUserAuthProtocol "%s" ' + 'usmUserAuthKeyLocalized "%s" ' + 'usmUserPrivProtocol "%s" ' + 'usmUserPrivKeyLocalized "%s" for ' + 'securityEngineID "%s" and securityName "%s"' % ( + usmUserName, usmUserSecurityName, + usmUserAuthProtocol, + usmUserAuthKeyLocalized.prettyPrint(), + usmUserPrivProtocol, + usmUserPrivKeyLocalized.prettyPrint(), + securityEngineID.prettyPrint(), securityName)) + except NoSuchInstanceError: + debug.logger & debug.FLAG_SM and debug.logger( + '__generateRequestOrResponseMsg: failed to clone ' + 'USM user for securityEngineID "%s" securityName ' + '"%s"' % (securityEngineID, securityName)) + reportUnknownName = True if reportUnknownName: @@ -404,16 +455,18 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): usmUserAuthKeyLocalized = usmUserPrivKeyLocalized = None debug.logger & debug.FLAG_SM and debug.logger( - '__generateRequestOrResponseMsg: use empty USM data') - - # noinspection PyUnboundLocalVariable - debug.logger & debug.FLAG_SM and debug.logger( - '__generateRequestOrResponseMsg: local usmUserName %r ' - 'usmUserSecurityName %r usmUserAuthProtocol %s ' - 'usmUserPrivProtocol %s securityEngineID %r ' - 'securityName %r' % ( - usmUserName, usmUserSecurityName, usmUserAuthProtocol, - usmUserPrivProtocol, securityEngineID, securityName)) + '__generateRequestOrResponseMsg: using blank USM info ' + 'usmUserName "%s" ' + 'usmUserSecurityName "%s" ' + 'usmUserAuthProtocol "%s" ' + 'usmUserAuthKeyLocalized "%s" ' + 'usmUserPrivProtocol "%s" ' + 'usmUserPrivKeyLocalized "%s" for ' + 'securityEngineID "%s" and securityName "%s"' % ( + usmUserName, usmUserSecurityName, + usmUserAuthProtocol, usmUserAuthKeyLocalized, + usmUserPrivProtocol, usmUserPrivKeyLocalized, + securityEngineID.prettyPrint(), securityName)) msg = globalData |