diff options
author | elie <elie> | 2015-12-19 21:11:53 +0000 |
---|---|---|
committer | elie <elie> | 2015-12-19 21:11:53 +0000 |
commit | ee1bcb9cd549f0a91c0f561951bdaced76b6042f (patch) | |
tree | f127e9a65df9ffcd751925d8803f9ab241e134cc /pysnmp/proto | |
parent | 986c0a7f581a8966f156ab609998a9908d2a69c0 (diff) | |
download | pysnmp-git-ee1bcb9cd549f0a91c0f561951bdaced76b6042f.tar.gz |
two more execution observer points added: rfc2576.processIncomingMsg
and rfc3414.processIncomingMsg to give an insignt on security modules
internals
Diffstat (limited to 'pysnmp/proto')
-rw-r--r-- | pysnmp/proto/secmod/rfc2576.py | 16 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/service.py | 68 |
2 files changed, 58 insertions, 26 deletions
diff --git a/pysnmp/proto/secmod/rfc2576.py b/pysnmp/proto/secmod/rfc2576.py index 337153f3..d531031b 100644 --- a/pysnmp/proto/secmod/rfc2576.py +++ b/pysnmp/proto/secmod/rfc2576.py @@ -323,6 +323,9 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel): snmpEngine.observer.storeExecutionContext( snmpEngine, 'rfc2576.processIncomingMsg:writable', scope ) + snmpEngine.observer.clearExecutionContext( + snmpEngine, 'rfc2576.processIncomingMsg:writable' + ) try: securityName, contextEngineId, contextName = self._com2sec( @@ -339,6 +342,19 @@ class SnmpV1SecurityModel(base.AbstractSecurityModel): securityEngineID = snmpEngineID.syntax + snmpEngine.observer.storeExecutionContext( + snmpEngine, 'rfc2576.processIncomingMsg', + dict(transportInformation=transportInformation, + securityEngineId=securityEngineID, + securityName=securityName, + communityName=communityName, + contextEngineId=contextEngineId, + contextName=contextName) + ) + snmpEngine.observer.clearExecutionContext( + snmpEngine, 'rfc2576.processIncomingMsg' + ) + debug.logger & debug.flagSM and debug.logger('processIncomingMsg: looked up securityName %r securityModel %r contextEngineId %r contextName %r by communityName %r AND transportInformation %r' % (securityName, self.securityModelID, contextEngineId, contextName, communityName, transportInformation)) stateReference = self._cache.push(communityName=communityName) diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py index b0272501..34898b08 100644 --- a/pysnmp/proto/secmod/rfc3414/service.py +++ b/pysnmp/proto/secmod/rfc3414/service.py @@ -22,7 +22,7 @@ from pyasn1.compat.octets import null class UsmSecurityParameters(rfc1155.TypeCoercionHackMixIn, univ.Sequence): componentType = namedtype.NamedTypes( - namedtype.NamedType('msgAuthoritativeEngineID', univ.OctetString()), + namedtype.NamedType('msgAuthoritativeEngineId', univ.OctetString()), namedtype.NamedType('msgAuthoritativeEngineBoots', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))), namedtype.NamedType('msgAuthoritativeEngineTime', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))), namedtype.NamedType('msgUserName', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 32))), @@ -512,7 +512,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): raise error.StatusInformation(errorIndication=errind.parseError) # 3.2.2 - msgAuthoritativeEngineID = securityParameters.getComponentByPosition(0) + msgAuthoritativeEngineId = securityParameters.getComponentByPosition(0) securityStateReference = self._cache.push( msgUserName=securityParameters.getComponentByPosition(3) ) @@ -528,18 +528,18 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): snmpEngineID = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineID')[0].syntax # 3.2.3 - if msgAuthoritativeEngineID != snmpEngineID and \ - msgAuthoritativeEngineID not in self.__timeline: - if msgAuthoritativeEngineID and \ - 4 < len(msgAuthoritativeEngineID) < 33: + if msgAuthoritativeEngineId != snmpEngineID and \ + msgAuthoritativeEngineId not in self.__timeline: + if msgAuthoritativeEngineId and \ + 4 < len(msgAuthoritativeEngineId) < 33: # 3.2.3a - cloned user when request was sent - debug.logger & debug.flagSM and debug.logger('processIncomingMsg: unsynchronized securityEngineID %r' % (msgAuthoritativeEngineID,)) + debug.logger & debug.flagSM and debug.logger('processIncomingMsg: unsynchronized securityEngineID %r' % (msgAuthoritativeEngineId,)) else: # 3.2.3b debug.logger & debug.flagSM and debug.logger('processIncomingMsg: peer requested snmpEngineID discovery') usmStatsUnknownEngineIDs, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('__SNMP-USER-BASED-SM-MIB', 'usmStatsUnknownEngineIDs') usmStatsUnknownEngineIDs.syntax += 1 - debug.logger & debug.flagSM and debug.logger('processIncomingMsg: null or malformed msgAuthoritativeEngineID') + debug.logger & debug.flagSM and debug.logger('processIncomingMsg: null or malformed msgAuthoritativeEngineId') pysnmpUsmDiscoverable, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('__PYSNMP-USM-MIB', 'pysnmpUsmDiscoverable') if pysnmpUsmDiscoverable.syntax: debug.logger & debug.flagSM and debug.logger('processIncomingMsg: starting snmpEngineID discovery procedure') @@ -576,7 +576,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): msgUserName = securityParameters.getComponentByPosition(3) - debug.logger & debug.flagSM and debug.logger('processIncomingMsg: read from securityParams msgAuthoritativeEngineID %r msgUserName %r' % (msgAuthoritativeEngineID, msgUserName)) + debug.logger & debug.flagSM and debug.logger('processIncomingMsg: read from securityParams msgAuthoritativeEngineId %r msgUserName %r' % (msgAuthoritativeEngineId, msgUserName)) if msgUserName: # 3.2.4 @@ -585,12 +585,12 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): usmUserAuthKeyLocalized, usmUserPrivProtocol, usmUserPrivKeyLocalized) = self.__getUserInfo( snmpEngine.msgAndPduDsp.mibInstrumController, - msgAuthoritativeEngineID, msgUserName + msgAuthoritativeEngineId, msgUserName ) debug.logger & debug.flagSM and debug.logger('processIncomingMsg: read user info from LCD') except NoSuchInstanceError: - debug.logger & debug.flagSM and debug.logger('processIncomingMsg: unknown securityEngineID %r msgUserName %r' % (msgAuthoritativeEngineID, msgUserName)) + debug.logger & debug.flagSM and debug.logger('processIncomingMsg: unknown securityEngineID %r msgUserName %r' % (msgAuthoritativeEngineId, msgUserName)) usmStatsUnknownUserNames, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('__SNMP-USER-BASED-SM-MIB', 'usmStatsUnknownUserNames') usmStatsUnknownUserNames.syntax += 1 raise error.StatusInformation( @@ -632,8 +632,24 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): msgAuthoritativeEngineBoots = securityParameters.getComponentByPosition(1) msgAuthoritativeEngineTime = securityParameters.getComponentByPosition(2) + snmpEngine.observer.storeExecutionContext( + snmpEngine, 'rfc3414.processIncomingMsg', + dict(securityEngineId=msgAuthoritativeEngineId, + snmpEngineBoots=msgAuthoritativeEngineBoots, + snmpEngineTime=msgAuthoritativeEngineTime, + userName=usmUserName, + securityName=usmUserSecurityName, + authProtocol=usmUserAuthProtocol, + authKey=usmUserAuthKeyLocalized, + privProtocol=usmUserPrivProtocol, + privKey=usmUserPrivKeyLocalized) + ) + snmpEngine.observer.clearExecutionContext( + snmpEngine, 'rfc3414.processIncomingMsg' + ) + # 3.2.5 - if msgAuthoritativeEngineID == snmpEngineID: + if msgAuthoritativeEngineId == snmpEngineID: # Authoritative SNMP engine: make sure securityLevel is sufficient badSecIndication = None if securityLevel == 3: @@ -702,7 +718,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): debug.logger & debug.flagSM and debug.logger('processIncomingMsg: incoming msg authenticated') # synchronize time with authed peer - self.__timeline[msgAuthoritativeEngineID] = ( + self.__timeline[msgAuthoritativeEngineId] = ( securityParameters.getComponentByPosition(1), securityParameters.getComponentByPosition(2), securityParameters.getComponentByPosition(2), @@ -712,13 +728,13 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): expireAt = int(self.__expirationTimer + 300 / snmpEngine.transportDispatcher.getTimerResolution()) if expireAt not in self.__timelineExpQueue: self.__timelineExpQueue[expireAt] = [] - self.__timelineExpQueue[expireAt].append(msgAuthoritativeEngineID) + self.__timelineExpQueue[expireAt].append(msgAuthoritativeEngineId) - debug.logger & debug.flagSM and debug.logger('processIncomingMsg: store timeline for securityEngineID %r' % (msgAuthoritativeEngineID,)) + debug.logger & debug.flagSM and debug.logger('processIncomingMsg: store timeline for securityEngineID %r' % (msgAuthoritativeEngineId,)) # 3.2.7 if securityLevel == 3 or securityLevel == 2: - if msgAuthoritativeEngineID == snmpEngineID: + if msgAuthoritativeEngineId == snmpEngineID: # Authoritative SNMP engine: use local notion (SF bug #1649032) (snmpEngineBoots, snmpEngineTime) = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineBoots', 'snmpEngineTime') snmpEngineBoots = snmpEngineBoots.syntax @@ -727,20 +743,20 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): debug.logger & debug.flagSM and debug.logger('processIncomingMsg: read snmpEngineBoots (%s), snmpEngineTime (%s) from LCD' % (snmpEngineBoots, snmpEngineTime)) else: # Non-authoritative SNMP engine: use cached estimates - if msgAuthoritativeEngineID in self.__timeline: + if msgAuthoritativeEngineId in self.__timeline: (snmpEngineBoots, snmpEngineTime, latestReceivedEngineTime, latestUpdateTimestamp) = self.__timeline[ - msgAuthoritativeEngineID + msgAuthoritativeEngineId ] # time passed since last talk with this SNMP engine idleTime = int(time.time())-latestUpdateTimestamp - debug.logger & debug.flagSM and debug.logger('processIncomingMsg: read timeline snmpEngineBoots %s snmpEngineTime %s for msgAuthoritativeEngineID %r, idle time %s secs' % (snmpEngineBoots, snmpEngineTime, msgAuthoritativeEngineID, idleTime)) + debug.logger & debug.flagSM and debug.logger('processIncomingMsg: read timeline snmpEngineBoots %s snmpEngineTime %s for msgAuthoritativeEngineId %r, idle time %s secs' % (snmpEngineBoots, snmpEngineTime, msgAuthoritativeEngineId, idleTime)) else: raise error.ProtocolError('Peer SNMP engine info missing') # 3.2.7a - if msgAuthoritativeEngineID == snmpEngineID: + if msgAuthoritativeEngineId == snmpEngineID: if snmpEngineBoots == 2147483647 or \ snmpEngineBoots != msgAuthoritativeEngineBoots or \ abs(idleTime + int(snmpEngineTime) - \ @@ -763,7 +779,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): if msgAuthoritativeEngineBoots > snmpEngineBoots or \ msgAuthoritativeEngineBoots == snmpEngineBoots and \ msgAuthoritativeEngineTime > latestReceivedEngineTime: - self.__timeline[msgAuthoritativeEngineID] = ( + self.__timeline[msgAuthoritativeEngineId] = ( msgAuthoritativeEngineBoots, msgAuthoritativeEngineTime, msgAuthoritativeEngineTime, @@ -772,9 +788,9 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): expireAt = int(self.__expirationTimer + 300 / snmpEngine.transportDispatcher.getTimerResolution()) if expireAt not in self.__timelineExpQueue: self.__timelineExpQueue[expireAt] = [] - self.__timelineExpQueue[expireAt].append(msgAuthoritativeEngineID) + self.__timelineExpQueue[expireAt].append(msgAuthoritativeEngineId) - debug.logger & debug.flagSM and debug.logger('processIncomingMsg: stored timeline msgAuthoritativeEngineBoots %s msgAuthoritativeEngineTime %s for msgAuthoritativeEngineID %r' % (msgAuthoritativeEngineBoots, msgAuthoritativeEngineTime, msgAuthoritativeEngineID)) + debug.logger & debug.flagSM and debug.logger('processIncomingMsg: stored timeline msgAuthoritativeEngineBoots %s msgAuthoritativeEngineTime %s for msgAuthoritativeEngineId %r' % (msgAuthoritativeEngineBoots, msgAuthoritativeEngineTime, msgAuthoritativeEngineId)) # 3.2.7b.2 if snmpEngineBoots == 2147483647 or \ @@ -854,7 +870,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): debug.logger & debug.flagSM and debug.logger('processIncomingMsg: cached msgUserName %s info by securityStateReference %s' % (msgUserName, securityStateReference)) # Delayed to include details - if not msgUserName and not msgAuthoritativeEngineID: + if not msgUserName and not msgAuthoritativeEngineId: usmStatsUnknownUserNames, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('__SNMP-USER-BASED-SM-MIB', 'usmStatsUnknownUserNames') usmStatsUnknownUserNames.syntax += 1 raise error.StatusInformation( @@ -862,7 +878,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): oid=usmStatsUnknownUserNames.name, val=usmStatsUnknownUserNames.syntax, securityStateReference=securityStateReference, - securityEngineID=msgAuthoritativeEngineID, + securityEngineID=msgAuthoritativeEngineId, securityLevel=securityLevel, contextEngineId=contextEngineId, contextName=contextName, @@ -871,7 +887,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): ) # 3.2.12 - return (msgAuthoritativeEngineID, securityName, scopedPDU, + return (msgAuthoritativeEngineId, securityName, scopedPDU, maxSizeResponseScopedPDU, securityStateReference) def __expireTimelineInfo(self): |