Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix broken SNMPv3 authoritative engine ID discovery | Ilya Etingof | 2019-09-24 | 1 | -1/+1 |
| | | | | | | | Fixed a regression in SNMPv3 `msgFlag` initialization on authoritative SNMP engine ID discovery. This bug causes secure communication with peer SNMP engines to stall at SNMP engine ID discovery procedure. | ||||
* | Introduce "wildcard" SNMP engine ID (#297) | Ilya Etingof | 2019-08-11 | 1 | -24/+59 |
| | | | | | | | | | | | This change introduces "wildcard" SNMP engine ID (0x00000000). Right before deciding on firing up SNMP engine ID discovery and key localization procedure, originating SNMP engine will check for the presence of this magical engine ID (5 zeros), if it is present in LCD along with the user name being used, localized keys from that entry will be used. Does this have security implications? | ||||
* | Move SNMP engine discovery code to security module | Ilya Etingof | 2019-08-10 | 1 | -5/+39 |
| | | | | | | | | | | | | | This SNMP engine ID discovery procedure is spread across message processing and security modules. This is weird! Anyway, this change moves SNMP message rewriting, associated with starting out SNMP discovery sequence, to security module. The motivation is to let security module making the ultimate decision whether or not SNMP engine discovery is required. For example, if localized keys are committed directly to the DB, security module may just use them without engine discovery phase. | ||||
* | Fix crashing VACM debugging | Ilya Etingof | 2019-08-10 | 1 | -4/+4 |
| | |||||
* | Do not store incomplete USM keys and improve debug | Ilya Etingof | 2019-08-05 | 1 | -12/+65 |
| | | | | | | | | | | | | | This adds details debugging on USM initial configuration process and runtime USM user cloning. Besides that, this patch eliminates storing of incomplete USM keys (in case when master/localized keys are configured directly). On top of that, this commit fixes a bug in USM configuration which did not allow the same user names to be added under different security names. | ||||
* | PEP-8 long lines and dunders (#245) | Ilya Etingof | 2019-02-26 | 1 | -278/+454 |
| | | | | This patch massively reformats the whole codebase mainly wrapping long lines and eliminating dundered private attributes. | ||||
* | PEP8 optimize imports (#242) | Ilya Etingof | 2019-02-12 | 1 | -10/+23 |
| | | | | To make them PEP8-compliant | ||||
* | Uppercase global constants (#238) | Ilya Etingof | 2019-02-10 | 1 | -97/+102 |
| | | | | | | | | | This is a massive patch essentially upper-casing global/class attributes that mean to be constants. Some previously exposed constants have been preserved for compatibility reasons (notably, in `hlapi`), though the rest might break user code relying on pysnmp 4. | ||||
* | Drop Python < 2.6 except statement compatibility trick | Ilya Etingof | 2019-02-09 | 1 | -16/+16 |
| | |||||
* | Drop Python < 2.6 kwargs expansion compatibility trick | Ilya Etingof | 2019-02-09 | 1 | -2/+2 |
| | |||||
* | Extend copyright notice to year 2019 | Ilya Etingof | 2018-12-30 | 1 | -1/+1 |
| | |||||
* | Redesigned SMI objects management model (#214) | Ilya Etingof | 2018-12-29 | 1 | -3/+8 |
| | | | | | | | | | | | | | | The primary motivation behind this redesign is to allow asynchronous operations between SNMP responder and the data source feeding its MIB. This is achieved by redesigning all `read*`, `write*`, `create*` and `destroy*` methods of the `SNMPv2-SMI` MIB objects to return immediately and deliver their results via a call back. This modification brings significant and backward incompatible changes to the low-level MIB operations. The pysnmp MIB modules compiled for older pysnmp remain compatible. | ||||
* | Overhaul SMI/MIB instrumentation API (#161) | Ilya Etingof | 2018-06-30 | 1 | -4/+5 |
| | | | | | | | | | | | Overhaul SMI/MIB instrumentation API SMI/MIB managed objects API overhauled for simplicity and flexibility breaking backward compatibility. This change would allow way more control over custom MIB managed objects and also is the prerequisite for asynchronous MIB instrumentation. | ||||
* | fixed zero boots/time values put into SNMPv3 TRAP | Ilya Etingof | 2018-04-21 | 1 | -24/+29 |
| | |||||
* | copyright notice extendedv4.4.4 | Ilya Etingof | 2018-01-03 | 1 | -1/+1 |
| | |||||
* | migrated references from SourceForge (#110) | Ilya Etingof | 2017-11-17 | 1 | -1/+1 |
| | |||||
* | refactor digest size getter into property, handle the case of unavailable crypto | Ilya Etingof | 2017-08-03 | 1 | -1/+1 |
| | |||||
* | add support for USM SHA-2 algorithms (RFC 7860) (#71) | verrio | 2017-08-03 | 1 | -2/+8 |
| | |||||
* | fixed a crash happening on incomplete inbound SNMP message | Ilya Etingof | 2017-07-13 | 1 | -12/+4 |
| | |||||
* | Added instrumentation hooks to catch SNMP auth/crypto failures (#59) | Ilya Etingof | 2017-05-27 | 1 | -8/+25 |
| | | | | | | * security module failure instrumentation hook added also fixed mistyped 'unsupportedSecLevel' object | ||||
* | minor pep8 improvements | Ilya Etingof | 2017-05-27 | 1 | -17/+17 |
| | |||||
* | required pyasn1 version is now 0.2.3 | Ilya Etingof | 2017-02-14 | 1 | -9/+9 |
| | | | | added matchTags, matchConstraints flags to .setComponentBy() call | ||||
* | email changed, copyright extended to the year 2017 | Ilya Etingof | 2017-01-12 | 1 | -1/+1 |
| | |||||
* | Reeder key localization refactored | Ilya Etingof | 2016-08-21 | 1 | -4/+4 |
| | |||||
* | Reeder key localization for AES192/256 encryption implemented | Ilya Etingof | 2016-08-21 | 1 | -0/+2 |
| | |||||
* | work even if transport dispatcher is not available | Ilya Etingof | 2016-04-17 | 1 | -2/+5 |
| | |||||
* | pep8 reformatted | Ilya Etingof | 2016-04-03 | 1 | -98/+180 |
| | |||||
* | copyright updated | elie | 2015-12-29 | 1 | -1/+1 |
| | |||||
* | two more execution observer points added: rfc2576.processIncomingMsg | elie | 2015-12-19 | 1 | -26/+42 |
| | | | | | and rfc3414.processIncomingMsg to give an insignt on security modules internals | ||||
* | fix to USM: extra user entry clone removed on incoming message | elie | 2015-12-19 | 1 | -62/+48 |
| | | | | | processing. It made USM accepting SNMPv3 TRAPs from unknown SNMP engine IDs | ||||
* | typos | elie | 2015-12-19 | 1 | -2/+2 |
| | |||||
* | all SNMP counters now incremented via '+= 1' rather than 'x = x + 1' | elie | 2015-12-12 | 1 | -8/+8 |
| | |||||
* | copyright notice added to source code | elie | 2015-11-20 | 1 | -1/+6 |
| | |||||
* | linted for bad-whitespace and some other issues | elie | 2015-10-17 | 1 | -5/+5 |
| | |||||
* | linted the bad-continuation issue as well as some others | elie | 2015-10-17 | 1 | -350/+224 |
| | |||||
* | linted for trailing whitespaces | elie | 2015-10-17 | 1 | -34/+34 |
| | |||||
* | fix to authoritative engine side snmpEngineID discovery procedure: | elie | 2014-04-23 | 1 | -7/+10 |
| | | | | | respond with notInTimeWindows rather then with unsupportedSecurityLevel at time synchronization phase | ||||
* | missing check for null scopedPDU added | elie | 2014-03-21 | 1 | -0/+5 |
| | |||||
* | fixes to verify pyasn1 decoder.decode() return to withstand | elie | 2014-03-21 | 1 | -2/+7 |
| | | | | broken SNMP messages or its components | ||||
* | gracefully handle malformed SnmpEngineID coming from SNMPv3 header | elie | 2013-09-14 | 1 | -0/+14 |
| | |||||
* | cache and uncache usmUserSecurityName for debugging purposes | elie | 2013-06-26 | 1 | -0/+5 |
| | |||||
* | Fix to SnmpUSMSecurityModel._sec2usr() - raise NoSuchInstance error | elie | 2013-06-10 | 1 | -3/+6 |
| | | | | | | to emulate MIB lookup failure. Previous version of the code always succeeded returning securityName on failure. That screwed new row creation logic. | ||||
* | unused variables, imports; wrong indentation; undefined prototype attribues | elie | 2013-06-04 | 1 | -18/+18 |
| | | | | all the things that bothers linter | ||||
* | the userName parameter is now fully separated from securityName at | elie | 2013-05-25 | 1 | -45/+99 |
| | | | | usmUserTable. | ||||
* | SNMP credentials management reworked to allow multiple securityNames's in | elie | 2013-05-18 | 1 | -7/+16 |
| | | | | | snmpCommunityEntry and usmUserEntry tables. Changes made to addV1System(), addV3User() functions as well as to their oneliner's wrappers. | ||||
* | delV3User() function improved to drop all rows from USM table that | elie | 2013-04-17 | 1 | -17/+26 |
| | | | | were cloned from the target one | ||||
* | catch possible exceptions on pyasn1 encoder invocation | elie | 2012-12-04 | 1 | -10/+35 |
| | | | | | report SerializationError indication in those cases addded DeserializationError indication alias to Parse Error for clarity | ||||
* | maxSizeResponseScopedPDU must not be a [constrained] instance of maxMessageSize | elie | 2012-08-28 | 1 | -1/+1 |
| | |||||
* | hexdump() added | elie | 2012-07-23 | 1 | -1/+1 |
| | |||||
* | cast transportDispatcher's timing values into ints to match incrementing | elie | 2012-07-22 | 1 | -3/+3 |
| | | | | integer counter |