diff options
Diffstat (limited to 'pysnmp/hlapi/auth.py')
| -rw-r--r-- | pysnmp/hlapi/auth.py | 105 |
1 files changed, 88 insertions, 17 deletions
diff --git a/pysnmp/hlapi/auth.py b/pysnmp/hlapi/auth.py index 2c729b22..13120a6d 100644 --- a/pysnmp/hlapi/auth.py +++ b/pysnmp/hlapi/auth.py @@ -34,21 +34,30 @@ class CommunityData(object): Parameters ---------- - communityIndex: py:class:`str` + communityIndex: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` Unique index value of a row in snmpCommunityTable. If it is the only positional parameter, it is treated as a *communityName*. - communityName: py:class:`str` + + communityName: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` SNMP v1/v2c community string. - mpModel: py:class:`int` - SNMP version - 0 for SNMPv1 and 1 for SNMPv2c. - contextEngineId: py:class:`str` + + mpModel: :py:class:`int` + SNMP message processing model AKA SNMP version. Known SNMP versions are: + + * `0` - for SNMP v1 + * `1` - for SNMP v2c (default) + + + contextEngineId: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` Indicates the location of the context in which management information is accessed when using the community string specified by the above communityName. - contextName: py:class:`str` + + contextName: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` The context in which management information is accessed when using the above communityName. - tag: py:class:`str` + + tag: :py:class:`str` Arbitrary string that specifies a set of transport endpoints from which a command responder application will accept management requests with given *communityName* or to which @@ -196,6 +205,15 @@ usmAesBlumenthalCfb192Protocol = config.usmAesBlumenthalCfb192Protocol usmAesBlumenthalCfb256Protocol = config.usmAesBlumenthalCfb256Protocol """The CFB128-AES-256 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 <https:://tools.ietf.org/html/draft-blumenthal-aes-usm-04#section-3>`_)""" +usmKeyTypePassphrase = config.usmKeyTypePassphrase +"""USM key material type - plain-text pass phrase (:RFC:`3414#section-2.6`)""" + +usmKeyTypeMaster = config.usmKeyTypeMaster +"""USM key material type - hashed pass-phrase AKA master key (:RFC:`3414#section-2.6`)""" + +usmKeyTypeLocalized = config.usmKeyTypeLocalized +"""USM key material type - hashed pass-phrase hashed with Context SNMP Engine ID (:RFC:`3414#section-2.6`)""" + class UsmUserData(object): """Creates SNMP v3 User Security Model (USM) configuration entry. @@ -212,21 +230,26 @@ class UsmUserData(object): Parameters ---------- - userName: py:class:`str` + userName: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` A human readable string representing the name of the SNMP USM user. - authKey: py:class:`str` + + Other Parameters + ---------------- + authKey: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` Initial value of the secret authentication key. If not set, :py:class:`~pysnmp.hlapi.usmNoAuthProtocol` is implied. If set and no *authProtocol* is specified, :py:class:`~pysnmp.hlapi.usmHMACMD5AuthProtocol` takes effect. - privKey: py:class:`str` + + privKey: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` Initial value of the secret encryption key. If not set, :py:class:`~pysnmp.hlapi.usmNoPrivProtocol` is implied. If set and no *privProtocol* is specified, :py:class:`~pysnmp.hlapi.usmDESPrivProtocol` takes effect. - authProtocol: py:class:`tuple` + + authProtocol: :py:class:`tuple`, :py:class:`~pysnmp.proto.rfc1902.ObjectIdentifier` An indication of whether messages sent on behalf of this USM user can be authenticated, and if so, the type of authentication protocol which is used. @@ -240,7 +263,23 @@ class UsmUserData(object): * :py:class:`~pysnmp.hlapi.usmHMAC192SHA256AuthProtocol` * :py:class:`~pysnmp.hlapi.usmHMAC256SHA384AuthProtocol` * :py:class:`~pysnmp.hlapi.usmHMAC384SHA512AuthProtocol` - privProtocol: py:class:`tuple` + + + securityEngineId: :py:class:`~pysnmp.proto.rfc1902.OctetString` + The snmpEngineID of the authoritative SNMP engine to which a + dateRequest message is to be sent. Will be automatically + discovered from peer if not given. + + See :RFC:`3414#section-2.5.1` for technical explanation. + + securityName: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` + Together with the snmpEngineID it identifies a row in the + *SNMP-USER-BASED-SM-MIB::usmUserTable* that is to be used + for securing the message. + + See :RFC:`3414#section-2.5.1` for technical explanation. + + privProtocol: :py:class:`tuple`, :py:class:`~pysnmp.proto.rfc1902.ObjectIdentifier` An indication of whether messages sent on behalf of this USM user be encrypted, and if so, the type of encryption protocol which is used. @@ -253,6 +292,29 @@ class UsmUserData(object): * :py:class:`~pysnmp.hlapi.usmAesCfb192Protocol` * :py:class:`~pysnmp.hlapi.usmAesCfb256Protocol` + + authKeyType: :py:class:`int` + Type of `authKey` material. See :RFC:`3414#section-2.6` for + technical explanation. + + Supported key types are: + + * :py:class:`~pysnmp.hlapi.usmKeyTypePassphrase` (default) + * :py:class:`~pysnmp.hlapi.usmKeyTypeMaster` + * :py:class:`~pysnmp.hlapi.usmKeyTypeLocalized` + + + privKeyType: :py:class:`int` + Type of `privKey` material. See :RFC:`3414#section-2.6` for + technical explanation. + + Supported key types are: + + * :py:class:`~pysnmp.hlapi.usmKeyTypePassphrase` (default) + * :py:class:`~pysnmp.hlapi.usmKeyTypeMaster` + * :py:class:`~pysnmp.hlapi.usmKeyTypeLocalized` + + Examples -------- >>> from pysnmp.hlapi import UsmUserData @@ -275,7 +337,9 @@ class UsmUserData(object): authKey=None, privKey=None, authProtocol=None, privProtocol=None, securityEngineId=None, - securityName=None): + securityName=None, + authKeyType=usmKeyTypePassphrase, + privKeyType=usmKeyTypePassphrase): self.userName = userName if securityName is None: self.securityName = userName @@ -302,24 +366,29 @@ class UsmUserData(object): self.privProtocol = privProtocol self.securityEngineId = securityEngineId + self.authKeyType = authKeyType + self.privKeyType = privKeyType def __hash__(self): raise TypeError('%s is not hashable' % self.__class__.__name__) def __repr__(self): - return '%s(userName=%r, authKey=<AUTHKEY>, privKey=<PRIVKEY>, authProtocol=%r, privProtocol=%r, securityEngineId=%r, securityName=%r)' % ( + return '%s(userName=%r, authKey=<AUTHKEY>, privKey=<PRIVKEY>, authProtocol=%r, privProtocol=%r, securityEngineId=%r, securityName=%r, authKeyType=%r, privKeyType=%r)' % ( self.__class__.__name__, self.userName, self.authProtocol, self.privProtocol, self.securityEngineId is None and '<DEFAULT>' or self.securityEngineId, - self.securityName + self.securityName, + self.authKeyType, + self.privKeyType ) def clone(self, userName=None, authKey=None, privKey=None, authProtocol=None, privProtocol=None, - securityEngineId=None, securityName=None): + securityEngineId=None, securityName=None, + authKeyType=None, privKeyType=None): return self.__class__( userName is None and self.userName or userName, authKey is None and self.authKey or authKey, @@ -327,5 +396,7 @@ class UsmUserData(object): authProtocol is None and self.authProtocol or authProtocol, privProtocol is None and self.privProtocol or privProtocol, securityEngineId is None and self.securityEngineId or securityEngineId, - securityName=securityName is None and self.securityName or securityName + securityName is None and self.securityName or securityName, + authKeyType is None and self.authKeyType or usmKeyTypePassphrase, + privKeyType is None and self.privKeyType or usmKeyTypePassphrase ) |