| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
Fixed a regression in SNMPv3 `msgFlag` initialization on
authoritative SNMP engine ID discovery. This bug causes secure
communication with peer SNMP engines to stall at SNMP engine ID
discovery procedure.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces "wildcard" SNMP engine ID (0x00000000). Right
before deciding on firing up SNMP engine ID discovery and key
localization procedure, originating SNMP engine will check for
the presence of this magical engine ID (5 zeros), if it is present
in LCD along with the user name being used, localized keys from that
entry will be used.
Does this have security implications?
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This SNMP engine ID discovery procedure is spread across message
processing and security modules. This is weird!
Anyway, this change moves SNMP message rewriting, associated with
starting out SNMP discovery sequence, to security module. The
motivation is to let security module making the ultimate decision
whether or not SNMP engine discovery is required.
For example, if localized keys are committed directly to the DB,
security module may just use them without engine discovery phase.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds details debugging on USM initial configuration process
and runtime USM user cloning.
Besides that, this patch eliminates storing of incomplete
USM keys (in case when master/localized keys are configured
directly).
On top of that, this commit fixes a bug in USM configuration
which did not allow the same user names to be added under
different security names.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added new optional parameters to `addUsmUser()` and
`hlapi.UsmUserData()` functions allowing specifying key material
type being passed to the respective routines.
Plain-text pass-phrase remains the default, while user can change that
to `master` or `localized` types.
Refer to RFC3414 for technical details on SNMP USM key localization
algorithm.
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously, MIB resolution errors were ignored (whenever possible)
for objects we were sending and receiving. This change tightens
outgoing objects MIB compliance (send will fail), but tolerate
non quite compliant objects we receive.
Also, extend the same policy onto `NotificationOriginator`.
|
|
|
|
|
| |
Added optional `ignoreErrors` parameter to `ObjectType.resolveWithMib()`
to control that behaviour.
|
|
|
|
| |
This fixes release 4.4.10 before it's actually released.
|
|
|
|
|
|
|
|
|
| |
Most important changes include:
* Added subtree match negation support (vacmViewTreeFamilyType)
* Added subtree family mask support (vacmViewTreeFamilyMask)
* Added prefix content name matching support (vacmAccessContextMatch)
* Added key VACM tables caching for better lookup performance
|
|
|
|
|
| |
Fixed crash on uninitialized component serialization left out in
SNMP v1 TRAP PDU to SNMPv2/3 TRAP PDU translation routine.
|
|
|
|
|
|
|
| |
Set `var-bindings` to an empty sequence by default. Otherwise
it can remain a "pyasn1 schema object" failing to encode. This
can happen with newer pyasn1 versions where `SequenceOf` type
does not have default initializer.
|
|
|
|
| |
Also fixes bug in `imp`-based initialization
|
| |
|
|
|
|
|
| |
Missing MIB condition has been ignored if MIB compiler is not
configured.
|
| |
|
|
|
|
|
| |
The sub-package is now known under the name `asyncore`
because of the presence of many other event loops.
|
|
|
|
| |
This patch massively reformats the whole codebase mainly wrapping
long lines and eliminating dundered private attributes.
|
| |
|
| |
|
|
|
|
|
|
| |
Also, consistency ensuring code unified with v3arch piece what
has the side effect of *requiring* snmpTrapOID to be always
present anywhere among user-supplied variable-bindings.
|
| |
|
| |
|
|
|
|
|
| |
The hlapi.v1arch asyncio API is intended to be very similar to
hlapi.v3arch.asyncio from its signature viewpoint, however it
should be faster at the expense of no SNMPv3 support.
|
| |
|
| |
|
|
|
|
|
|
| |
Add the missing defaults (pyasn1 fault), add non-existing
'vacmContextStatus' MIB object which is required for table
management.
|
|
|
|
|
| |
The base Pythonized MIBs being shipped with pysnmp have been rebuilt
with the latest pysmi mainly for the purpose of making them
PEP-8 compliant.
|
|
|
|
| |
To make them PEP8-compliant
|
| |
|
| |
|
|
|
|
| |
Specifically, set literals not yet supported.
|
|
|
|
| |
Drop everything related to the legacy "oneliner" and
"mibvar" APIs.
|
|
|
|
| |
Perhaps previous commits have already broken older Python
support. This commit mostly declares Python 2.6+ support.
|
|
|
|
|
| |
This is a follow up to 588b9b902d191d8010cb6b247fcb07887d59542c
fixing a couple of improperly named constants.
|
|
|
|
|
|
|
|
|
| |
This is a massive patch essentially upper-casing global/class attributes
that mean to be constants.
Some previously exposed constants have been preserved for compatibility
reasons (notably, in `hlapi`), though the rest might break user code relying
on pysnmp 4.
|
|
|
|
| |
Due to a bug in the 'Add missing SNMP PDU error classes' change.
|
| |
|
| |
|
|
|
|
|
| |
Added missing SNMP PDU error classes and their handling in
Command Responder
|
| |
|
|
|
|
|
| |
Trying to understand why sendmsg() fails on a transparent
IPv6 socket
|