| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
Fixed a regression in SNMPv3 `msgFlag` initialization on
authoritative SNMP engine ID discovery. This bug causes secure
communication with peer SNMP engines to stall at SNMP engine ID
discovery procedure.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change introduces "wildcard" SNMP engine ID (0x00000000). Right
before deciding on firing up SNMP engine ID discovery and key
localization procedure, originating SNMP engine will check for
the presence of this magical engine ID (5 zeros), if it is present
in LCD along with the user name being used, localized keys from that
entry will be used.
Does this have security implications?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This SNMP engine ID discovery procedure is spread across message
processing and security modules. This is weird!
Anyway, this change moves SNMP message rewriting, associated with
starting out SNMP discovery sequence, to security module. The
motivation is to let security module making the ultimate decision
whether or not SNMP engine discovery is required.
For example, if localized keys are committed directly to the DB,
security module may just use them without engine discovery phase.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds details debugging on USM initial configuration process
and runtime USM user cloning.
Besides that, this patch eliminates storing of incomplete
USM keys (in case when master/localized keys are configured
directly).
On top of that, this commit fixes a bug in USM configuration
which did not allow the same user names to be added under
different security names.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added new optional parameters to `addUsmUser()` and
`hlapi.UsmUserData()` functions allowing specifying key material
type being passed to the respective routines.
Plain-text pass-phrase remains the default, while user can change that
to `master` or `localized` types.
Refer to RFC3414 for technical details on SNMP USM key localization
algorithm.
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously, MIB resolution errors were ignored (whenever possible)
for objects we were sending and receiving. This change tightens
outgoing objects MIB compliance (send will fail), but tolerate
non quite compliant objects we receive.
Also, extend the same policy onto `NotificationOriginator`.
|
|
|
|
|
| |
Added optional `ignoreErrors` parameter to `ObjectType.resolveWithMib()`
to control that behaviour.
|
|
|
|
| |
This fixes release 4.4.10 before it's actually released.
|
| |
|
|
|
|
| |
@property.setter has not been invented back then
|
|
|
|
| |
@property.setter has not been invented back then
|
|
|
|
|
|
|
|
| |
Most important changes include:
* Added subtree match negation support (vacmViewTreeFamilyType)
* Added subtree family mask support (vacmViewTreeFamilyMask)
* Added prefix content name matching support (vacmAccessContextMatch)
* Added key VACM tables caching for better lookup performance
|
|
|
|
|
| |
Fixed crash on uninitialized component serialization left out in
SNMP v1 TRAP PDU to SNMPv2/3 TRAP PDU translation routine.
|
|
|
|
|
|
|
| |
Set `var-bindings` to an empty sequence by default. Otherwise
it can remain a "pyasn1 schema object" failing to encode. This
can happen with newer pyasn1 versions where `SequenceOf` type
does not have default initializer.
|
|
|
|
| |
Also fixes bug in `imp`-based initialization
|
| |
|
|
|
|
|
| |
Fix to updates call interval of the existing periodic dispatcher
jobs on call interval change (via .setTimerResolution())
|
|
|
|
|
| |
Fixes asyncore main loop upper bound timeout to respect
currently set timer resolution.
|
| |
|
| |
|
|
|
|
|
| |
Added missing SNMP PDU error classes and their handling in
Command Responder
|
| |
|
|
|
|
|
| |
Trying to understand why sendmsg() fails on a transparent
IPv6 socket
|
| |
|
| |
|
|
|
|
| |
SO says this is required for proper UDP socket multi-homing.
|
|
|
|
|
| |
When running in transparent proxy mode, log syscall parameters
to aid troubleshooting
|
|
|
|
|
| |
Also fixed crash on MIB load failure in case of directory
access error
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Also, updated thr `.update` and `__init__` methods signatures to
match `dict` interface. Implementation details renewed.
|
|
|
|
| |
Seems like they discontinued those.
|