From 2346e0a9af12681bd093adc2e6b2ae525743c557 Mon Sep 17 00:00:00 2001 From: Ilya Etingof Date: Sat, 21 Apr 2018 01:18:06 +0200 Subject: fixed zero boots/time values put into SNMPv3 TRAP --- pysnmp/proto/secmod/rfc3414/service.py | 53 +++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 24 deletions(-) (limited to 'pysnmp') diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py index e8e363b9..b7760e4b 100644 --- a/pysnmp/proto/secmod/rfc3414/service.py +++ b/pysnmp/proto/secmod/rfc3414/service.py @@ -13,7 +13,7 @@ from pysnmp.proto.secmod.rfc3826.priv import aes from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 from pysnmp.proto.secmod.eso.priv import des3, aes192, aes256 from pysnmp.smi.error import NoSuchInstanceError -from pysnmp.proto import rfc1155, errind, error +from pysnmp.proto import rfc1155, rfc3411, errind, error from pysnmp import debug from pyasn1.type import univ, namedtype, constraint from pyasn1.codec.ber import encoder, decoder, eoo @@ -333,35 +333,40 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): 0, scopedPDU, verifyConstraints=False, matchTags=False, matchConstraints=False ) - # 3.1.6a - if securityStateReference is None and securityLevel in (2, 3): - if securityEngineID in self.__timeline: - (snmpEngineBoots, snmpEngineTime, latestReceivedEngineTime, + snmpEngineBoots = snmpEngineTime = 0 + + if securityLevel in (2, 3): + pdu = scopedPDU.getComponentByPosition(2).getComponent() + + # 3.1.6.b + if pdu.tagSet in rfc3411.unconfirmedClassPDUs: + (snmpEngineBoots, + snmpEngineTime) = mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineBoots', 'snmpEngineTime') + + snmpEngineBoots = snmpEngineBoots.syntax + snmpEngineTime = snmpEngineTime.syntax.clone() + + debug.logger & debug.flagSM and debug.logger( + '__generateRequestOrResponseMsg: read snmpEngineBoots, snmpEngineTime from LCD') + + # 3.1.6a + elif securityEngineID in self.__timeline: + (snmpEngineBoots, + snmpEngineTime, + latestReceivedEngineTime, latestUpdateTimestamp) = self.__timeline[securityEngineID] + debug.logger & debug.flagSM and debug.logger( '__generateRequestOrResponseMsg: read snmpEngineBoots, snmpEngineTime from timeline') + + # 3.1.6.c else: - # 2.3 XXX is this correct? - snmpEngineBoots = snmpEngineTime = 0 debug.logger & debug.flagSM and debug.logger( - '__generateRequestOrResponseMsg: no timeline for securityEngineID %r' % (securityEngineID,)) - # 3.1.6.b - elif securityStateReference is not None: # XXX Report? - (snmpEngineBoots, - snmpEngineTime) = mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineBoots', 'snmpEngineTime') - snmpEngineBoots = snmpEngineBoots.syntax - snmpEngineTime = snmpEngineTime.syntax.clone() - debug.logger & debug.flagSM and debug.logger( - '__generateRequestOrResponseMsg: read snmpEngineBoots, snmpEngineTime from LCD') - # 3.1.6.c - else: - snmpEngineBoots = snmpEngineTime = 0 - debug.logger & debug.flagSM and debug.logger( - '__generateRequestOrResponseMsg: assuming zero snmpEngineBoots, snmpEngineTime') + '__generateRequestOrResponseMsg: assuming zero snmpEngineBoots, snmpEngineTime') - debug.logger & debug.flagSM and debug.logger( - '__generateRequestOrResponseMsg: use snmpEngineBoots %s snmpEngineTime %s for securityEngineID %r' % ( - snmpEngineBoots, snmpEngineTime, securityEngineID)) + debug.logger & debug.flagSM and debug.logger( + '__generateRequestOrResponseMsg: use snmpEngineBoots %s snmpEngineTime %s for securityEngineID %r' % ( + snmpEngineBoots, snmpEngineTime, securityEngineID)) # 3.1.4a if securityLevel == 3: -- cgit v1.2.1