| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Fixed a regression in SNMPv3 `msgFlag` initialization on
authoritative SNMP engine ID discovery. This bug causes secure
communication with peer SNMP engines to stall at SNMP engine ID
discovery procedure.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces "wildcard" SNMP engine ID (0x00000000). Right
before deciding on firing up SNMP engine ID discovery and key
localization procedure, originating SNMP engine will check for
the presence of this magical engine ID (5 zeros), if it is present
in LCD along with the user name being used, localized keys from that
entry will be used.
Does this have security implications?
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This SNMP engine ID discovery procedure is spread across message
processing and security modules. This is weird!
Anyway, this change moves SNMP message rewriting, associated with
starting out SNMP discovery sequence, to security module. The
motivation is to let security module making the ultimate decision
whether or not SNMP engine discovery is required.
For example, if localized keys are committed directly to the DB,
security module may just use them without engine discovery phase.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds details debugging on USM initial configuration process
and runtime USM user cloning.
Besides that, this patch eliminates storing of incomplete
USM keys (in case when master/localized keys are configured
directly).
On top of that, this commit fixes a bug in USM configuration
which did not allow the same user names to be added under
different security names.
|
| |
|
|
|
|
|
|
|
|
|
| |
Most important changes include:
* Added subtree match negation support (vacmViewTreeFamilyType)
* Added subtree family mask support (vacmViewTreeFamilyMask)
* Added prefix content name matching support (vacmAccessContextMatch)
* Added key VACM tables caching for better lookup performance
|
|
|
|
|
| |
Fixed crash on uninitialized component serialization left out in
SNMP v1 TRAP PDU to SNMPv2/3 TRAP PDU translation routine.
|
|
|
|
|
|
|
| |
Set `var-bindings` to an empty sequence by default. Otherwise
it can remain a "pyasn1 schema object" failing to encode. This
can happen with newer pyasn1 versions where `SequenceOf` type
does not have default initializer.
|
|
|
|
| |
This patch massively reformats the whole codebase mainly wrapping
long lines and eliminating dundered private attributes.
|
| |
|
|
|
|
| |
To make them PEP8-compliant
|
|
|
|
| |
Specifically, set literals not yet supported.
|
|
|
|
| |
Perhaps previous commits have already broken older Python
support. This commit mostly declares Python 2.6+ support.
|
|
|
|
|
|
|
|
|
| |
This is a massive patch essentially upper-casing global/class attributes
that mean to be constants.
Some previously exposed constants have been preserved for compatibility
reasons (notably, in `hlapi`), though the rest might break user code relying
on pysnmp 4.
|
| |
|
| |
|
|
|
|
|
| |
Added missing SNMP PDU error classes and their handling in
Command Responder
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The primary motivation behind this redesign is to allow asynchronous
operations between SNMP responder and the data source feeding its
MIB.
This is achieved by redesigning all `read*`, `write*`, `create*` and
`destroy*` methods of the `SNMPv2-SMI` MIB objects to return
immediately and deliver their results via a call back.
This modification brings significant and backward incompatible
changes to the low-level MIB operations.
The pysnmp MIB modules compiled for older pysnmp remain compatible.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It can happen that SNMP community table contains uninitialized entries.
These entries may stop internal SNMP community table indexing which
is done in rfc2576 to speed up SNMP engine operations when SNMPv1/v2c
is involved. Once a bad entry gets into SNMP community table, all
the rest queries would start failing.
This patch ignores incomplete SNMP community table entries in the
course of building indices.
|
|
|
|
|
|
| |
Possible duplicate enumerations in `Bits` and `Integer` SMI types
causes pyasn1 exception. This fix reduces duplicates prior to
passing them to pyasn1.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add `hlapi.v1arch` API
Introduce new sub-package `pysnmp.hlapi.v1arch` which
wraps otherwise very detailed packet-level SNMP
messaging into a handful of convenience functions.
As a side effect, the `pysnmp.hlapi.*` sub-packages
moved under `pysnmp.hlapi.v3arch` though `pysnmp.hlapi`
still exposes `pysnmp.hlappi.v3arch.*` symbols to
retain some degree of backward compatibility.
The signature of the hlapi `.sendNotification()` call
has changed to accept `*varBinds` instead of a sequence
of `varBinds`. The rationale is to unify this method
call with similar methods of CommandGenerator.
* Add v1arch docs and reshuffle hlapi docs
|
|
|
|
|
| |
Fixed crash caused by incoming SNMPv3 message
requesting SNMPv1/v2c security model
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Overhaul SMI/MIB instrumentation API
SMI/MIB managed objects API overhauled for simplicity and
flexibility breaking backward compatibility.
This change would allow way more control over custom MIB
managed objects and also is the prerequisite for
asynchronous MIB instrumentation.
|
| |
|
| |
|
| |
|
|
|
|
| |
fixing copy-pasted parameter names on decyrpt methods
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This is a prerequisite for pyasn1 0.4.x
|
|
|
|
|
| |
This is to meet the basic clone() contract and unbreak round-trip index
conversions. Previously only IPAddress values were allowed as the clone
source.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add OID-index roundtrip methods to NetworkAddress
This enables use of NetworkAddress as a table index.
* Use NetworkAddress for RFC1213-MIB::atNetAddress
Previously atNetAddress defined to be an IpAddress, whose table index
mapping was different from that of NetworkAddress. This prevented
proper use of RFC1213-MIB::atTable instances, because:
- OID-to-symbol resolution was failing;
- Symbol-to-OID mapping result was invalid.
* Move clone() from Choice to NetworkAddress
Previously it was implemented in pyasn1.type.univ.Choice in case there
may be more Choice-based types—such as NetworkAddress—used as a table
index. However, SMIv2 (RFC 2578) limits the SYNTAX of an OBJECT-TYPE to
be only PyASN1 “simple” types, and NetworkAddress is the only known
Choice-based type used as a table index in MIB-I, so there is little
reason to clutter PyASN1 with the one-off logic in anticipation of
something will probably never happen.
Having NetworkAddress's own clone() method also allows use of string
literals as the value, so the following invocations are all valid:
na = NetworkAddress()
na1234 = na.clone('1.2.3.4')
na1234_2 = na1234.clone()
na1234_3 = na.clone(na1234)
na4321 = na.clone(IpAddress('4.3.2.1'))
To elaborate on simple types, SMIv2 limits the object syntax to be:
- a base type (or its refinement)
- a textual convention (or its refinement); or
- a BITS pseudo-type.
All base types descend from ASN.1 integer, octet string, or OID, all of
which are simple types. PySNMP defines SMIv2 BITS as a subclass of
OctetString, which is again a simple type. Finally, a SMIv2 textual
convention (RFC 2579) is simply a syntactic sugar applied on top of
either a base type a BITS type, so it is a simple type.
|
| |
|
| |
|
| |
|