1 files changed, 39 insertions, 5 deletions

diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py
index 74bdaff9..9fdfe707 100644
--- a/pysnmp/proto/secmod/rfc3414/service.py
+++ b/pysnmp/proto/secmod/rfc3414/service.py
@@ -16,6 +16,7 @@ from pyasn1.type import namedtype
 from pyasn1.type import univ
 
 from pysnmp import debug
+from pysnmp.proto import api
 from pysnmp.proto import errind
 from pysnmp.proto import error
 from pysnmp.proto import rfc1155
@@ -33,6 +34,9 @@ from pysnmp.proto.secmod.rfc3826.priv import aes
 from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
 from pysnmp.smi.error import NoSuchInstanceError
 
+# API to rfc1905 protocol objects
+pMod = api.PROTOCOL_MODULES[api.SNMP_VERSION_2C]
+
 
 # USM security params
 
@@ -304,6 +308,8 @@ class SnmpUSMSecurityModel(AbstractSecurityModel):
         snmpEngineID = mibBuilder.importSymbols(
             '__SNMP-FRAMEWORK-MIB', 'snmpEngineID')[0].syntax
 
+        msg = globalData
+
         # 3.1.1
         if securityStateReference is not None:
             # 3.1.1a
@@ -361,7 +367,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel):
                     securityEngineID.prettyPrint(),
                     securityName, securityStateReference))
 
-        elif securityName:
+        elif securityEngineID:
             # 3.1.1b
             try:
                 (usmUserName, usmUserSecurityName, usmUserAuthProtocol,
@@ -447,7 +453,35 @@ class SnmpUSMSecurityModel(AbstractSecurityModel):
                 raise error.StatusInformation(errorIndication=errind.invalidMsg)
 
         else:
-            # empty username used for engineID discovery
+            # 4. (start SNMP engine ID discovery)
+            securityEngineID = securityName = null
+            securityLevel = 1
+
+            scopedPDU.setComponentByPosition(
+                0, null, verifyConstraints=False,
+                matchTags=False, matchConstraints=False)
+
+            headerData = msg.getComponentByPosition(1)
+
+            # Clear possible auth&priv flags
+            headerData.setComponentByPosition(
+                2, univ.OctetString(hexValue='00'), verifyConstraints=False,
+                matchTags=False, matchConstraints=False
+            )
+
+            emptyPdu = scopedPDU.getComponentByPosition(2).getComponent()
+
+            # we edit the rest of the structures in-place because they
+            # are ours for as long as this stack lasts, however PDU
+            # is more persistent and should not be touched
+
+            emptyPdu = emptyPdu.clone()
+            pMod.apiPDU.setDefaults(emptyPdu)
+
+            scopedPDU.getComponentByPosition(2).setComponentByType(
+                emptyPdu.tagSet, emptyPdu, verifyConstraints=False,
+                matchTags=False, matchConstraints=False)
+
             usmUserName = usmUserSecurityName = null
             usmUserAuthProtocol = noauth.NoAuth.SERVICE_ID
             usmUserPrivProtocol = nopriv.NoPriv.SERVICE_ID
@@ -456,6 +490,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel):
 
             debug.logger & debug.FLAG_SM and debug.logger(
                 '__generateRequestOrResponseMsg: using blank USM info '
+                'for peer SNMP engine ID discovery '
                 'usmUserName "%s" '
                 'usmUserSecurityName "%s" '
                 'usmUserAuthProtocol "%s" '
@@ -466,9 +501,8 @@ class SnmpUSMSecurityModel(AbstractSecurityModel):
                     usmUserName, usmUserSecurityName,
                     usmUserAuthProtocol, usmUserAuthKeyLocalized,
                     usmUserPrivProtocol, usmUserPrivKeyLocalized,
-                    securityEngineID.prettyPrint(), securityName))
-
-        msg = globalData
+                    securityEngineID and securityEngineID.prettyPrint(),
+                    securityName))
 
         # 3.1.2
         if securityLevel == 3: