From 2346e0a9af12681bd093adc2e6b2ae525743c557 Mon Sep 17 00:00:00 2001 From: Ilya Etingof Date: Sat, 21 Apr 2018 01:18:06 +0200 Subject: fixed zero boots/time values put into SNMPv3 TRAP --- CHANGES.txt | 1 + pysnmp/proto/secmod/rfc3414/service.py | 53 +++++++++++++++++++--------------- 2 files changed, 30 insertions(+), 24 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 34ea5879..7639e71c 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -16,6 +16,7 @@ Revision 5.0.0, released 2018-03-?? Revision 4.4.5, released 2018-04-XX ----------------------------------- +- Fixed zero SNMPv3 boots/time values put in SNMPv3 TRAP messages - Fixed broken InetAddressType rendering caused by a pyasn1 regression - Fixed typo in RFC1158 module diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py index e8e363b9..b7760e4b 100644 --- a/pysnmp/proto/secmod/rfc3414/service.py +++ b/pysnmp/proto/secmod/rfc3414/service.py @@ -13,7 +13,7 @@ from pysnmp.proto.secmod.rfc3826.priv import aes from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 from pysnmp.proto.secmod.eso.priv import des3, aes192, aes256 from pysnmp.smi.error import NoSuchInstanceError -from pysnmp.proto import rfc1155, errind, error +from pysnmp.proto import rfc1155, rfc3411, errind, error from pysnmp import debug from pyasn1.type import univ, namedtype, constraint from pyasn1.codec.ber import encoder, decoder, eoo @@ -333,35 +333,40 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): 0, scopedPDU, verifyConstraints=False, matchTags=False, matchConstraints=False ) - # 3.1.6a - if securityStateReference is None and securityLevel in (2, 3): - if securityEngineID in self.__timeline: - (snmpEngineBoots, snmpEngineTime, latestReceivedEngineTime, + snmpEngineBoots = snmpEngineTime = 0 + + if securityLevel in (2, 3): + pdu = scopedPDU.getComponentByPosition(2).getComponent() + + # 3.1.6.b + if pdu.tagSet in rfc3411.unconfirmedClassPDUs: + (snmpEngineBoots, + snmpEngineTime) = mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineBoots', 'snmpEngineTime') + + snmpEngineBoots = snmpEngineBoots.syntax + snmpEngineTime = snmpEngineTime.syntax.clone() + + debug.logger & debug.flagSM and debug.logger( + '__generateRequestOrResponseMsg: read snmpEngineBoots, snmpEngineTime from LCD') + + # 3.1.6a + elif securityEngineID in self.__timeline: + (snmpEngineBoots, + snmpEngineTime, + latestReceivedEngineTime, latestUpdateTimestamp) = self.__timeline[securityEngineID] + debug.logger & debug.flagSM and debug.logger( '__generateRequestOrResponseMsg: read snmpEngineBoots, snmpEngineTime from timeline') + + # 3.1.6.c else: - # 2.3 XXX is this correct? - snmpEngineBoots = snmpEngineTime = 0 debug.logger & debug.flagSM and debug.logger( - '__generateRequestOrResponseMsg: no timeline for securityEngineID %r' % (securityEngineID,)) - # 3.1.6.b - elif securityStateReference is not None: # XXX Report? - (snmpEngineBoots, - snmpEngineTime) = mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineBoots', 'snmpEngineTime') - snmpEngineBoots = snmpEngineBoots.syntax - snmpEngineTime = snmpEngineTime.syntax.clone() - debug.logger & debug.flagSM and debug.logger( - '__generateRequestOrResponseMsg: read snmpEngineBoots, snmpEngineTime from LCD') - # 3.1.6.c - else: - snmpEngineBoots = snmpEngineTime = 0 - debug.logger & debug.flagSM and debug.logger( - '__generateRequestOrResponseMsg: assuming zero snmpEngineBoots, snmpEngineTime') + '__generateRequestOrResponseMsg: assuming zero snmpEngineBoots, snmpEngineTime') - debug.logger & debug.flagSM and debug.logger( - '__generateRequestOrResponseMsg: use snmpEngineBoots %s snmpEngineTime %s for securityEngineID %r' % ( - snmpEngineBoots, snmpEngineTime, securityEngineID)) + debug.logger & debug.flagSM and debug.logger( + '__generateRequestOrResponseMsg: use snmpEngineBoots %s snmpEngineTime %s for securityEngineID %r' % ( + snmpEngineBoots, snmpEngineTime, securityEngineID)) # 3.1.4a if securityLevel == 3: -- cgit v1.2.1