Hello community, here is the log from the commit of package python-pysnmp for openSUSE:Factory checked in at 2019-09-11 10:36:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pysnmp (Old) and /work/SRC/openSUSE:Factory/.python-pysnmp.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pysnmp" Wed Sep 11 10:36:33 2019 rev:14 rq:729835 version:4.4.11 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pysnmp/python-pysnmp.changes 2019-08-05 10:36:27.439334026 +0200 +++ /work/SRC/openSUSE:Factory/.python-pysnmp.new.7948/python-pysnmp.changes 2019-09-11 10:36:35.775275270 +0200 @@ -1,0 +2,9 @@ +Tue Sep 10 11:39:16 UTC 2019 - Tomáš Chvátal <tchva...@suse.com> + +- Update to 4.4.11: + - Added SNMPv3 USM master and localized keys support to LCD configuration + - Improved initial and runtime USM debugging + - Fixed a bug in USM configuration which did not allow the same user names + to be added under different security names + +------------------------------------------------------------------- Old: ---- pysnmp-4.4.10.tar.gz New: ---- pysnmp-4.4.11.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pysnmp.spec ++++++ --- /var/tmp/diff_new_pack.xWJsFq/_old 2019-09-11 10:36:36.187275150 +0200 +++ /var/tmp/diff_new_pack.xWJsFq/_new 2019-09-11 10:36:36.187275150 +0200 @@ -18,12 +18,12 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-pysnmp -Version: 4.4.10 +Version: 4.4.11 Release: 0 Summary: A pure-Python SNMPv1/v2c/v3 library License: BSD-2-Clause Group: Development/Languages/Python -URL: http://pysnmp.sourceforge.net/ +URL: https://github.com/etingof/pysnmp Source: https://github.com/etingof/pysnmp/archive/v%{version}.tar.gz#/pysnmp-%{version}.tar.gz BuildRequires: %{python_module pyasn1 >= 0.2.3} BuildRequires: %{python_module pycryptodome} ++++++ pysnmp-4.4.10.tar.gz -> pysnmp-4.4.11.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/CHANGES.txt new/pysnmp-4.4.11/CHANGES.txt --- old/pysnmp-4.4.10/CHANGES.txt 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/CHANGES.txt 2019-08-11 10:12:23.000000000 +0200 @@ -1,4 +1,12 @@ +Revision 4.4.11, released 2019-08-10 +------------------------------------ + +- Added SNMPv3 USM master and localized keys support to LCD configuration +- Improved initial and runtime USM debugging +- Fixed a bug in USM configuration which did not allow the same user names + to be added under different security names + Revision 4.4.10, released 2019-07-29 ------------------------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/devel-requirements.txt new/pysnmp-4.4.11/devel-requirements.txt --- old/pysnmp-4.4.10/devel-requirements.txt 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/devel-requirements.txt 2019-08-11 10:12:23.000000000 +0200 @@ -1,10 +1,16 @@ Sphinx <= 1.6; python_version < '2.7' Sphinx > 1.6; python_version >= '2.7' trollius; python_version < '3.0' +# NOTE: Twisted < 19.2.1 has a security problem in URL handling. +# However, newer Twisted does not work on older Pythons. That's why +# we have to pin to older Twisted here. +# On the other hand, pysnmp does not use anything HTTP, however other +# dependencies can rely on that. twisted < 15.4; python_version < '2.7' twisted; python_version == '2.7' twisted < 17.9; python_version == '3.0' twisted < 17.9; python_version == '3.1' twisted < 17.9; python_version == '3.2' twisted <= 17.9; python_version == '3.3' -twisted; python_version >= '3.4' +twisted <= 17.9; python_version == '3.4' +twisted; python_version >= '3.5' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/docs/mibs/PYSNMP-USM-MIB.txt new/pysnmp-4.4.11/docs/mibs/PYSNMP-USM-MIB.txt --- old/pysnmp-4.4.10/docs/mibs/PYSNMP-USM-MIB.txt 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/docs/mibs/PYSNMP-USM-MIB.txt 2019-08-11 10:12:23.000000000 +0200 @@ -21,6 +21,8 @@ DESCRIPTION "This MIB module defines objects specific to User Security Model (USM) implementation at PySNMP." + REVISION "201908300000Z" + DESCRIPTION "Added USM key types" REVISION "201707300000Z" DESCRIPTION "Extended authentication key size" REVISION "201704140000Z" @@ -56,6 +58,19 @@ DEFVAL { doDiscover } ::= { pysnmpUsmCfg 2 } +pysnmpUsmKeyType OBJECT-TYPE + SYNTAX INTEGER { passphrase (0), master(1), localized(2) } + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "When configuring USM user, the value of this enumeration + determines how the keys should be treated. The default + value "passphrase" means that given keys are plain-text + pass-phrases, "master" indicates that the keys are pre-hashed + pass-phrases, while "localized" stands for pre-hashed + pass-phrases mixed with SNMP Security Engine ID value." + DEFVAL { passphrase } + ::= { pysnmpUsmCfg 3 } + -- The usmUser Group ************************************************ pysnmpUsmUser OBJECT IDENTIFIER ::= { pysnmpUsmMIBObjects 3 } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/docs/source/docs/api-reference.rst new/pysnmp-4.4.11/docs/source/docs/api-reference.rst --- old/pysnmp-4.4.10/docs/source/docs/api-reference.rst 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/docs/source/docs/api-reference.rst 2019-08-11 10:12:23.000000000 +0200 @@ -217,7 +217,7 @@ The :py:class:`~pysnmp.hlapi.UsmUserData` class provides SNMPv3 User-Based Security Model configuration for SNMP v3 systems. -.. autoclass:: pysnmp.hlapi.UsmUserData(userName, authKey=None, privKey=None, authProtocol=usmNoAuthProtocol, privProtocol=usmNoPrivProtocol, securityEngineId=None) +.. autoclass:: pysnmp.hlapi.UsmUserData(userName, authKey=None, privKey=None, authProtocol=usmNoAuthProtocol, privProtocol=usmNoPrivProtocol, securityEngineId=None, authKeyType=usmKeyTypePassphrase, privKeyType=usmKeyTypePassphrase) **Authentication protocol identifiers** @@ -240,10 +240,16 @@ .. autodata:: pysnmp.hlapi.usmAesBlumenthalCfb192Protocol .. autodata:: pysnmp.hlapi.usmAesBlumenthalCfb256Protocol +**Key material types** + +.. autodata:: pysnmp.hlapi.usmKeyTypePassphrase +.. autodata:: pysnmp.hlapi.usmKeyTypeMaster +.. autodata:: pysnmp.hlapi.usmKeyTypeLocalized + .. note:: - SNMP authentication and encryption keys must be at least *eight* - octets long. + SNMP authentication and encryption keys must be at least *8* + and at most *32* octets long. Transport configuration is I/O framework specific and is described in respective sections. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/examples/v3arch/asyncore/agent/cmdrsp/multiple-usm-users.py new/pysnmp-4.4.11/examples/v3arch/asyncore/agent/cmdrsp/multiple-usm-users.py --- old/pysnmp-4.4.10/examples/v3arch/asyncore/agent/cmdrsp/multiple-usm-users.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/examples/v3arch/asyncore/agent/cmdrsp/multiple-usm-users.py 2019-08-11 10:12:23.000000000 +0200 @@ -32,7 +32,7 @@ config.addTransport( snmpEngine, udp.domainName, - udp.UdpTransport().openServerMode(('127.0.0.1', 161)) + udp.UdpTransport().openServerMode(('127.0.0.1', 1161)) ) # SNMPv3/USM setup diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/__init__.py new/pysnmp-4.4.11/pysnmp/__init__.py --- old/pysnmp-4.4.10/pysnmp/__init__.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/__init__.py 2019-08-11 10:12:23.000000000 +0200 @@ -1,5 +1,5 @@ # http://www.python.org/dev/peps/pep-0396/ -__version__ = '4.4.10' +__version__ = '4.4.11' # backward compatibility version = tuple([int(x) for x in __version__.split('.')]) majorVersionId = version[0] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/entity/config.py new/pysnmp-4.4.11/pysnmp/entity/config.py --- old/pysnmp-4.4.10/pysnmp/entity/config.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/entity/config.py 2019-08-11 10:12:23.000000000 +0200 @@ -14,6 +14,7 @@ from pysnmp.proto import rfc1902 from pysnmp.proto import rfc1905 from pysnmp import error +from pysnmp import debug # A shortcut to popular constants @@ -43,6 +44,11 @@ usmAesCfb256Protocol = aes256.Aes256.serviceID # non-standard but used by many vendors usmNoPrivProtocol = nopriv.NoPriv.serviceID +# USM key types (PYSNMP-USM-MIB::pysnmpUsmKeyType) +usmKeyTypePassphrase = 0 +usmKeyTypeMaster = 1 +usmKeyTypeLocalized = 2 + # Auth services authServices = {hmacmd5.HmacMd5.serviceID: hmacmd5.HmacMd5(), hmacsha.HmacSha.serviceID: hmacsha.HmacSha(), @@ -86,13 +92,15 @@ if contextName is None: contextName = null + securityName = securityName is not None and securityName or communityIndex + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((snmpCommunityEntry.name + (8,) + tblIdx, 'destroy'),) ) snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((snmpCommunityEntry.name + (1,) + tblIdx, communityIndex), (snmpCommunityEntry.name + (2,) + tblIdx, communityName), - (snmpCommunityEntry.name + (3,) + tblIdx, securityName is not None and securityName or communityIndex), + (snmpCommunityEntry.name + (3,) + tblIdx, securityName), (snmpCommunityEntry.name + (4,) + tblIdx, contextEngineId), (snmpCommunityEntry.name + (5,) + tblIdx, contextName), (snmpCommunityEntry.name + (6,) + tblIdx, transportTag), @@ -100,6 +108,13 @@ (snmpCommunityEntry.name + (8,) + tblIdx, 'createAndGo')) ) + debug.logger & debug.flagSM and debug.logger( + 'addV1System: added new table entry ' + 'communityIndex "%s" communityName "%s" securityName "%s" ' + 'contextEngineId "%s" contextName "%s" transportTag ' + '"%s"' % (communityIndex, communityName, securityName, + contextEngineId, contextName, transportTag)) + def delV1System(snmpEngine, communityIndex): (snmpCommunityEntry, tblIdx, @@ -108,6 +123,10 @@ ((snmpCommunityEntry.name + (8,) + tblIdx, 'destroy'),) ) + debug.logger & debug.flagSM and debug.logger( + 'delV1System: deleted table entry by communityIndex ' + '"%s"' % (communityIndex,)) + def __cookV3UserInfo(snmpEngine, securityName, securityEngineId): mibBuilder = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder @@ -115,17 +134,17 @@ snmpEngineID, = mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineID') if securityEngineId is None: - snmpEngineID = snmpEngineID.syntax + securityEngineId = snmpEngineID.syntax else: - snmpEngineID = snmpEngineID.syntax.clone(securityEngineId) + securityEngineId = snmpEngineID.syntax.clone(securityEngineId) usmUserEntry, = mibBuilder.importSymbols('SNMP-USER-BASED-SM-MIB', 'usmUserEntry') - tblIdx1 = usmUserEntry.getInstIdFromIndices(snmpEngineID, securityName) + tblIdx1 = usmUserEntry.getInstIdFromIndices(securityEngineId, securityName) pysnmpUsmSecretEntry, = mibBuilder.importSymbols('PYSNMP-USM-MIB', 'pysnmpUsmSecretEntry') tblIdx2 = pysnmpUsmSecretEntry.getInstIdFromIndices(securityName) - return snmpEngineID, usmUserEntry, tblIdx1, pysnmpUsmSecretEntry, tblIdx2 + return securityEngineId, usmUserEntry, tblIdx1, pysnmpUsmSecretEntry, tblIdx2 def addV3User(snmpEngine, userName, @@ -133,16 +152,22 @@ privProtocol=usmNoPrivProtocol, privKey=None, securityEngineId=None, securityName=None, - # deprecated parameters follow + authKeyType=usmKeyTypePassphrase, + privKeyType=usmKeyTypePassphrase, + # deprecated parameter contextEngineId=None): + mibBuilder = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder if securityName is None: securityName = userName + if securityEngineId is None: # backward compatibility securityEngineId = contextEngineId - (snmpEngineID, usmUserEntry, tblIdx1, - pysnmpUsmSecretEntry, tblIdx2) = __cookV3UserInfo(snmpEngine, userName, securityEngineId) + + (securityEngineId, usmUserEntry, tblIdx1, + pysnmpUsmSecretEntry, tblIdx2) = __cookV3UserInfo( + snmpEngine, securityName, securityEngineId) # Load augmenting table before creating new row in base one pysnmpUsmKeyEntry, = mibBuilder.importSymbols('PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry') @@ -162,47 +187,109 @@ (usmUserEntry.name + (13,) + tblIdx1, 'createAndGo')) ) - # Localize keys - if authProtocol in authServices: - hashedAuthPassphrase = authServices[authProtocol].hashPassphrase( - authKey and authKey or null + if authProtocol not in authServices: + raise error.PySnmpError('Unknown auth protocol %s' % (authProtocol,)) + + if privProtocol not in privServices: + raise error.PySnmpError('Unknown privacy protocol %s' % (privProtocol,)) + + pysnmpUsmKeyType, = mibBuilder.importSymbols('__PYSNMP-USM-MIB', 'pysnmpUsmKeyType') + + authKeyType = pysnmpUsmKeyType.syntax.clone(authKeyType) + + # Localize authentication key unless given + + authKey = authKey and rfc1902.OctetString(authKey) + + masterAuthKey = localAuthKey = authKey + + if authKeyType < usmKeyTypeMaster: # pass phrase is given + masterAuthKey = authServices[authProtocol].hashPassphrase( + authKey or null ) + + if authKeyType < usmKeyTypeLocalized: # pass phrase or master key is given localAuthKey = authServices[authProtocol].localizeKey( - hashedAuthPassphrase, snmpEngineID + masterAuthKey, securityEngineId ) - else: - raise error.PySnmpError('Unknown auth protocol %s' % (authProtocol,)) - if privProtocol in privServices: - hashedPrivPassphrase = privServices[privProtocol].hashPassphrase( - authProtocol, privKey and privKey or null + # Localize privacy key unless given + + privKeyType = pysnmpUsmKeyType.syntax.clone(privKeyType) + + privKey = privKey and rfc1902.OctetString(privKey) + + masterPrivKey = localPrivKey = privKey + + if privKeyType < usmKeyTypeMaster: # pass phrase is given + masterPrivKey = privServices[privProtocol].hashPassphrase( + authProtocol, privKey or null ) + + if privKeyType < usmKeyTypeLocalized: # pass phrase or master key is given localPrivKey = privServices[privProtocol].localizeKey( - authProtocol, hashedPrivPassphrase, snmpEngineID + authProtocol, masterPrivKey, securityEngineId ) - else: - raise error.PySnmpError('Unknown priv protocol %s' % (privProtocol,)) - # Commit localized keys + # Commit only the keys we have + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( - ((pysnmpUsmKeyEntry.name + (1,) + tblIdx1, localAuthKey), - (pysnmpUsmKeyEntry.name + (2,) + tblIdx1, localPrivKey), - (pysnmpUsmKeyEntry.name + (3,) + tblIdx1, hashedAuthPassphrase), - (pysnmpUsmKeyEntry.name + (4,) + tblIdx1, hashedPrivPassphrase)) + ((pysnmpUsmKeyEntry.name + (1,) + tblIdx1, localAuthKey),) ) - # Commit passphrases + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( + ((pysnmpUsmKeyEntry.name + (2,) + tblIdx1, localPrivKey),) + ) + + if authKeyType < usmKeyTypeLocalized: + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( + ((pysnmpUsmKeyEntry.name + (3,) + tblIdx1, masterAuthKey),) + ) + + if privKeyType < usmKeyTypeLocalized: + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( + ((pysnmpUsmKeyEntry.name + (4,) + tblIdx1, masterPrivKey),) + ) snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'destroy'),) ) + + # Commit plain-text pass-phrases if we have them + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( - ((pysnmpUsmSecretEntry.name + (1,) + tblIdx2, userName), - (pysnmpUsmSecretEntry.name + (2,) + tblIdx2, authKey), - (pysnmpUsmSecretEntry.name + (3,) + tblIdx2, privKey), - (pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'createAndGo')) + ((pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'createAndGo'),) ) + if authKeyType < usmKeyTypeMaster: + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( + ((pysnmpUsmSecretEntry.name + (1,) + tblIdx2, userName), + (pysnmpUsmSecretEntry.name + (2,) + tblIdx2, authKey)) + ) + + if privKeyType < usmKeyTypeMaster: + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( + ((pysnmpUsmSecretEntry.name + (1,) + tblIdx2, userName), + (pysnmpUsmSecretEntry.name + (3,) + tblIdx2, privKey)) + ) + + debug.logger & debug.flagSM and debug.logger( + 'addV3User: added new table entries ' + 'userName "%s" securityName "%s" authProtocol %s ' + 'privProtocol %s localAuthKey "%s" localPrivKey "%s" ' + 'masterAuthKey "%s" masterPrivKey "%s" authKey "%s" ' + 'privKey "%s" by index securityName "%s" securityEngineId ' + '"%s"' % ( + userName, securityName, authProtocol, privProtocol, + localAuthKey and localAuthKey.prettyPrint(), + localPrivKey and localPrivKey.prettyPrint(), + masterAuthKey and masterAuthKey.prettyPrint(), + masterPrivKey and masterPrivKey.prettyPrint(), + authKey and authKey.prettyPrint(), + privKey and privKey.prettyPrint(), + securityName, + securityEngineId.prettyPrint())) + def delV3User(snmpEngine, userName, @@ -211,21 +298,31 @@ contextEngineId=None): if securityEngineId is None: # backward compatibility securityEngineId = contextEngineId - (snmpEngineID, usmUserEntry, tblIdx1, pysnmpUsmSecretEntry, + (securityEngineId, usmUserEntry, tblIdx1, pysnmpUsmSecretEntry, tblIdx2) = __cookV3UserInfo(snmpEngine, userName, securityEngineId) + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((usmUserEntry.name + (13,) + tblIdx1, 'destroy'),) ) + snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'destroy'),) ) + debug.logger & debug.flagSM and debug.logger( + 'delV3User: deleted table entries by index ' + 'userName "%s" securityEngineId ' + '"%s"' % ( + userName, + securityEngineId.prettyPrint())) + # Drop all derived rows varBinds = initialVarBinds = ( (usmUserEntry.name + (1,), None), # usmUserEngineID (usmUserEntry.name + (2,), None), # usmUserName (usmUserEntry.name + (4,), None) # usmUserCloneFrom ) + while varBinds: varBinds = snmpEngine.msgAndPduDsp.mibInstrumController.readNextVars( varBinds diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/hlapi/__init__.py new/pysnmp-4.4.11/pysnmp/hlapi/__init__.py --- old/pysnmp-4.4.10/pysnmp/hlapi/__init__.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/hlapi/__init__.py 2019-08-11 10:12:23.000000000 +0200 @@ -62,3 +62,13 @@ usmAesBlumenthalCfb256Protocol = auth.usmAesBlumenthalCfb256Protocol """The CFB128-AES-256 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 <https:://tools.ietf.org/html/draft-blumenthal-aes-usm-04#section-3>`_)""" + +usmKeyTypePassphrase = auth.usmKeyTypePassphrase +"""USM key material type - plain-text pass phrase (:RFC:`3414#section-2.6`)""" + +usmKeyTypeMaster = auth.usmKeyTypeMaster +"""USM key material type - hashed pass-phrase AKA master key (:RFC:`3414#section-2.6`)""" + +usmKeyTypeLocalized = auth.usmKeyTypeLocalized +"""USM key material type - hashed pass-phrase hashed with Context SNMP Engine ID (:RFC:`3414#section-2.6`)""" + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/hlapi/auth.py new/pysnmp-4.4.11/pysnmp/hlapi/auth.py --- old/pysnmp-4.4.10/pysnmp/hlapi/auth.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/hlapi/auth.py 2019-08-11 10:12:23.000000000 +0200 @@ -34,21 +34,30 @@ Parameters ---------- - communityIndex: py:class:`str` + communityIndex: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` Unique index value of a row in snmpCommunityTable. If it is the only positional parameter, it is treated as a *communityName*. - communityName: py:class:`str` + + communityName: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` SNMP v1/v2c community string. - mpModel: py:class:`int` - SNMP version - 0 for SNMPv1 and 1 for SNMPv2c. - contextEngineId: py:class:`str` + + mpModel: :py:class:`int` + SNMP message processing model AKA SNMP version. Known SNMP versions are: + + * `0` - for SNMP v1 + * `1` - for SNMP v2c (default) + + + contextEngineId: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` Indicates the location of the context in which management information is accessed when using the community string specified by the above communityName. - contextName: py:class:`str` + + contextName: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` The context in which management information is accessed when using the above communityName. - tag: py:class:`str` + + tag: :py:class:`str` Arbitrary string that specifies a set of transport endpoints from which a command responder application will accept management requests with given *communityName* or to which @@ -196,6 +205,15 @@ usmAesBlumenthalCfb256Protocol = config.usmAesBlumenthalCfb256Protocol """The CFB128-AES-256 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 <https:://tools.ietf.org/html/draft-blumenthal-aes-usm-04#section-3>`_)""" +usmKeyTypePassphrase = config.usmKeyTypePassphrase +"""USM key material type - plain-text pass phrase (:RFC:`3414#section-2.6`)""" + +usmKeyTypeMaster = config.usmKeyTypeMaster +"""USM key material type - hashed pass-phrase AKA master key (:RFC:`3414#section-2.6`)""" + +usmKeyTypeLocalized = config.usmKeyTypeLocalized +"""USM key material type - hashed pass-phrase hashed with Context SNMP Engine ID (:RFC:`3414#section-2.6`)""" + class UsmUserData(object): """Creates SNMP v3 User Security Model (USM) configuration entry. @@ -212,21 +230,26 @@ Parameters ---------- - userName: py:class:`str` + userName: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` A human readable string representing the name of the SNMP USM user. - authKey: py:class:`str` + + Other Parameters + ---------------- + authKey: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` Initial value of the secret authentication key. If not set, :py:class:`~pysnmp.hlapi.usmNoAuthProtocol` is implied. If set and no *authProtocol* is specified, :py:class:`~pysnmp.hlapi.usmHMACMD5AuthProtocol` takes effect. - privKey: py:class:`str` + + privKey: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` Initial value of the secret encryption key. If not set, :py:class:`~pysnmp.hlapi.usmNoPrivProtocol` is implied. If set and no *privProtocol* is specified, :py:class:`~pysnmp.hlapi.usmDESPrivProtocol` takes effect. - authProtocol: py:class:`tuple` + + authProtocol: :py:class:`tuple`, :py:class:`~pysnmp.proto.rfc1902.ObjectIdentifier` An indication of whether messages sent on behalf of this USM user can be authenticated, and if so, the type of authentication protocol which is used. @@ -240,7 +263,25 @@ * :py:class:`~pysnmp.hlapi.usmHMAC192SHA256AuthProtocol` * :py:class:`~pysnmp.hlapi.usmHMAC256SHA384AuthProtocol` * :py:class:`~pysnmp.hlapi.usmHMAC384SHA512AuthProtocol` - privProtocol: py:class:`tuple` + + + securityEngineId: :py:class:`~pysnmp.proto.rfc1902.OctetString` + The snmpEngineID of the authoritative SNMP engine to which a + dateRequest message is to be sent. Will be automatically + discovered from peer if not given, unless localized keys + are used. In the latter case *securityEngineId* must be + specified. + + See :RFC:`3414#section-2.5.1` for technical explanation. + + securityName: :py:class:`str`, :py:class:`~pysnmp.proto.rfc1902.OctetString` + Together with the snmpEngineID it identifies a row in the + *SNMP-USER-BASED-SM-MIB::usmUserTable* that is to be used + for securing the message. + + See :RFC:`3414#section-2.5.1` for technical explanation. + + privProtocol: :py:class:`tuple`, :py:class:`~pysnmp.proto.rfc1902.ObjectIdentifier` An indication of whether messages sent on behalf of this USM user be encrypted, and if so, the type of encryption protocol which is used. @@ -253,6 +294,43 @@ * :py:class:`~pysnmp.hlapi.usmAesCfb192Protocol` * :py:class:`~pysnmp.hlapi.usmAesCfb256Protocol` + + authKeyType: :py:class:`int` + Type of `authKey` material. See :RFC:`3414#section-2.6` for + technical explanation. + + Supported key types are: + + * :py:class:`~pysnmp.hlapi.usmKeyTypePassphrase` (default) + * :py:class:`~pysnmp.hlapi.usmKeyTypeMaster` + * :py:class:`~pysnmp.hlapi.usmKeyTypeLocalized` + + privKeyType: :py:class:`int` + Type of `privKey` material. See :RFC:`3414#section-2.6` for + technical explanation. + + Supported key types are: + + * :py:class:`~pysnmp.hlapi.usmKeyTypePassphrase` (default) + * :py:class:`~pysnmp.hlapi.usmKeyTypeMaster` + * :py:class:`~pysnmp.hlapi.usmKeyTypeLocalized` + + Notes + ----- + If `~pysnmp.hlapi.usmKeyTypeLocalized` is used when running a + non-authoritative SNMP engine, USM key localization mechanism + is not invoked. As a consequence, local SNMP engine configuration + won't get automatically populated with remote SNMP engine's + *securityEngineId*. + + Therefore peer SNMP engine's *securityEngineId* must be added + to local configuration and associated with its localized keys. + + Alternatively, the magic *securityEngineId* value of five zeros + (*0x0000000000*) can be used to refer to the localized keys that + should be used with any unknown remote SNMP engine. This feature + is specific to pysnmp. + Examples -------- >>> from pysnmp.hlapi import UsmUserData @@ -275,7 +353,9 @@ authKey=None, privKey=None, authProtocol=None, privProtocol=None, securityEngineId=None, - securityName=None): + securityName=None, + authKeyType=usmKeyTypePassphrase, + privKeyType=usmKeyTypePassphrase): self.userName = userName if securityName is None: self.securityName = userName @@ -302,24 +382,29 @@ self.privProtocol = privProtocol self.securityEngineId = securityEngineId + self.authKeyType = authKeyType + self.privKeyType = privKeyType def __hash__(self): raise TypeError('%s is not hashable' % self.__class__.__name__) def __repr__(self): - return '%s(userName=%r, authKey=<AUTHKEY>, privKey=<PRIVKEY>, authProtocol=%r, privProtocol=%r, securityEngineId=%r, securityName=%r)' % ( + return '%s(userName=%r, authKey=<AUTHKEY>, privKey=<PRIVKEY>, authProtocol=%r, privProtocol=%r, securityEngineId=%r, securityName=%r, authKeyType=%r, privKeyType=%r)' % ( self.__class__.__name__, self.userName, self.authProtocol, self.privProtocol, self.securityEngineId is None and '<DEFAULT>' or self.securityEngineId, - self.securityName + self.securityName, + self.authKeyType, + self.privKeyType ) def clone(self, userName=None, authKey=None, privKey=None, authProtocol=None, privProtocol=None, - securityEngineId=None, securityName=None): + securityEngineId=None, securityName=None, + authKeyType=None, privKeyType=None): return self.__class__( userName is None and self.userName or userName, authKey is None and self.authKey or authKey, @@ -327,5 +412,7 @@ authProtocol is None and self.authProtocol or authProtocol, privProtocol is None and self.privProtocol or privProtocol, securityEngineId is None and self.securityEngineId or securityEngineId, - securityName=securityName is None and self.securityName or securityName + securityName is None and self.securityName or securityName, + authKeyType is None and self.authKeyType or usmKeyTypePassphrase, + privKeyType is None and self.privKeyType or usmKeyTypePassphrase ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/hlapi/lcd.py new/pysnmp-4.4.11/pysnmp/hlapi/lcd.py --- old/pysnmp-4.4.10/pysnmp/hlapi/lcd.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/hlapi/lcd.py 2019-08-11 10:12:23.000000000 +0200 @@ -58,8 +58,10 @@ authData.userName, authData.authProtocol, authData.authKey, authData.privProtocol, authData.privKey, - authData.securityEngineId, - securityName=authData.securityName + securityEngineId=authData.securityEngineId, + securityName=authData.securityName, + authKeyType=authData.authKeyType, + privKeyType=authData.privKeyType ) cache['auth'][authDataKey] = authData else: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/proto/mpmod/rfc3412.py new/pysnmp-4.4.11/pysnmp/proto/mpmod/rfc3412.py --- old/pysnmp-4.4.10/pysnmp/proto/mpmod/rfc3412.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/proto/mpmod/rfc3412.py 2019-08-11 10:12:23.000000000 +0200 @@ -203,31 +203,14 @@ # 7.1.9.a if pdu.tagSet in rfc3411.unconfirmedClassPDUs: securityEngineId = snmpEngineID + else: if peerSnmpEngineData is None: - # Force engineID discovery (rfc3414, 4) - securityEngineId = securityName = self._emptyStr - securityLevel = 1 - # Clear possible auth&priv flags - headerData.setComponentByPosition( - 2, self._msgFlags[msgFlags & 0xfc], verifyConstraints=False, matchTags=False, matchConstraints=False - ) - # XXX - scopedPDU = self.__scopedPDU - scopedPDU.setComponentByPosition( - 0, self._emptyStr, verifyConstraints=False, matchTags=False, matchConstraints=False - ) - scopedPDU.setComponentByPosition(1, contextName) - scopedPDU.setComponentByPosition(2) + debug.logger & debug.flagMP and debug.logger( + 'prepareOutgoingMessage: peer SNMP engine is not known') - # Use dead-empty PDU for engine-discovery report - emptyPdu = pdu.clone() - pMod.apiPDU.setDefaults(emptyPdu) + securityEngineId = None - scopedPDU.getComponentByPosition(2).setComponentByType( - emptyPdu.tagSet, emptyPdu, verifyConstraints=False, matchTags=False, matchConstraints=False - ) - debug.logger & debug.flagMP and debug.logger('prepareOutgoingMessage: force engineID discovery') else: securityEngineId = peerSnmpEngineData['securityEngineId'] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/proto/secmod/eso/priv/aesbase.py new/pysnmp-4.4.11/pysnmp/proto/secmod/eso/priv/aesbase.py --- old/pysnmp-4.4.10/pysnmp/proto/secmod/eso/priv/aesbase.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/proto/secmod/eso/priv/aesbase.py 2019-08-11 10:12:23.000000000 +0200 @@ -42,7 +42,8 @@ # now extend this key if too short by repeating steps that includes the hashPassphrase step for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): - localPrivKey += hashAlgo(localPrivKey).digest() + localPrivKey += localPrivKey.clone( + hashAlgo(localPrivKey.asOctets()).digest()) return localPrivKey[:self.keySize] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/proto/secmod/rfc3414/localkey.py new/pysnmp-4.4.11/pysnmp/proto/secmod/rfc3414/localkey.py --- old/pysnmp-4.4.10/pysnmp/proto/secmod/rfc3414/localkey.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/proto/secmod/rfc3414/localkey.py 2019-08-11 10:12:23.000000000 +0200 @@ -37,7 +37,8 @@ ) mark = e - ringBufferLen count += 1 - return hasher.digest() + digest = hasher.digest() + return univ.OctetString(digest) def passwordToKey(passphrase, snmpEngineId, hashFunc): @@ -47,7 +48,8 @@ def localizeKey(passKey, snmpEngineId, hashFunc): passKey = univ.OctetString(passKey).asOctets() # noinspection PyDeprecation,PyCallingNonCallable - return hashFunc(passKey + snmpEngineId.asOctets() + passKey).digest() + digest = hashFunc(passKey + snmpEngineId.asOctets() + passKey).digest() + return univ.OctetString(digest) # RFC3414: A.2.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/proto/secmod/rfc3414/service.py new/pysnmp-4.4.11/pysnmp/proto/secmod/rfc3414/service.py --- old/pysnmp-4.4.10/pysnmp/proto/secmod/rfc3414/service.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/proto/secmod/rfc3414/service.py 2019-08-11 10:12:23.000000000 +0200 @@ -13,13 +13,16 @@ from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 from pysnmp.proto.secmod.eso.priv import des3, aes192, aes256 from pysnmp.smi.error import NoSuchInstanceError -from pysnmp.proto import rfc1155, errind, error +from pysnmp.proto import api, rfc1155, errind, error from pysnmp import debug from pyasn1.type import univ, namedtype, constraint from pyasn1.codec.ber import encoder, decoder, eoo from pyasn1.error import PyAsn1Error from pyasn1.compat.octets import null +# API to rfc1905 protocol objects +pMod = api.protoModules[api.protoVersion2c] + # USM security params @@ -56,6 +59,11 @@ aes256.Aes256.serviceID: aes256.Aes256(), # non-standard nopriv.NoPriv.serviceID: nopriv.NoPriv()} + # If this, normally impossible, SNMP engine ID is present in LCD, we will use + # its master/localized keys when preparing SNMP message towards any unknown peer + # SNMP engine + wildcardSecurityEngineId = pMod.OctetString(hexValue='0000000000') + def __init__(self): AbstractSecurityModel.__init__(self) self.__securityParametersSpec = UsmSecurityParameters() @@ -224,6 +232,7 @@ scopedPDU, securityStateReference): mibBuilder = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder snmpEngineID = mibBuilder.importSymbols('__SNMP-FRAMEWORK-MIB', 'snmpEngineID')[0].syntax + msg = globalData # 3.1.1 if securityStateReference is not None: @@ -250,19 +259,66 @@ usmUserPrivKeyLocalized = cachedSecurityData['usmUserPrivKeyLocalized'] else: usmUserPrivKeyLocalized = None + securityEngineID = snmpEngineID - debug.logger & debug.flagSM and debug.logger('__generateRequestOrResponseMsg: user info read from cache') - elif securityName: + + debug.logger & debug.flagSM and debug.logger( + '__generateRequestOrResponseMsg: using cached USM user entry ' + 'usmUserName "%s" ' + 'usmUserSecurityName "%s" ' + 'usmUserAuthProtocol "%s" ' + 'usmUserAuthKeyLocalized "%s" ' + 'usmUserPrivProtocol "%s" ' + 'usmUserPrivKeyLocalized "%s" for ' + 'securityEngineID "%s" and securityName "%s" found by ' + 'securityStateReference "%s" ' % ( + usmUserName, usmUserSecurityName, + usmUserAuthProtocol, + usmUserAuthKeyLocalized and usmUserAuthKeyLocalized.prettyPrint(), + usmUserPrivProtocol, + usmUserPrivKeyLocalized and usmUserPrivKeyLocalized.prettyPrint(), + securityEngineID.prettyPrint(), + securityName, securityStateReference)) + + elif securityEngineID: # 3.1.1b try: - (usmUserName, usmUserSecurityName, usmUserAuthProtocol, - usmUserAuthKeyLocalized, usmUserPrivProtocol, - usmUserPrivKeyLocalized) = self.__getUserInfo( - snmpEngine.msgAndPduDsp.mibInstrumController, - securityEngineID, - self.__sec2usr(snmpEngine, securityName, securityEngineID) - ) - debug.logger & debug.flagSM and debug.logger('__generateRequestOrResponseMsg: read user info') + try: + (usmUserName, usmUserSecurityName, usmUserAuthProtocol, + usmUserAuthKeyLocalized, usmUserPrivProtocol, + usmUserPrivKeyLocalized) = self.__getUserInfo( + snmpEngine.msgAndPduDsp.mibInstrumController, + securityEngineID, + self.__sec2usr(snmpEngine, securityName, + securityEngineID) + ) + + except NoSuchInstanceError: + (usmUserName, usmUserSecurityName, usmUserAuthProtocol, + usmUserAuthKeyLocalized, usmUserPrivProtocol, + usmUserPrivKeyLocalized) = self.__getUserInfo( + snmpEngine.msgAndPduDsp.mibInstrumController, + self.wildcardSecurityEngineId, + self.__sec2usr(snmpEngine, securityName, + self.wildcardSecurityEngineId) + ) + + debug.logger & debug.flagSM and debug.logger( + '__generateRequestOrResponseMsg: found USM user entry ' + 'usmUserName "%s" ' + 'usmUserSecurityName "%s" ' + 'usmUserAuthProtocol "%s" ' + 'usmUserAuthKeyLocalized "%s" ' + 'usmUserPrivProtocol "%s" ' + 'usmUserPrivKeyLocalized "%s" by ' + 'securityEngineID "%s" and securityName "%s"' % ( + usmUserName, usmUserSecurityName, + usmUserAuthProtocol, + usmUserAuthKeyLocalized and usmUserAuthKeyLocalized.prettyPrint(), + usmUserPrivProtocol, + usmUserPrivKeyLocalized and usmUserPrivKeyLocalized.prettyPrint(), + securityEngineID.prettyPrint(), + securityName)) except NoSuchInstanceError: pysnmpUsmDiscovery, = mibBuilder.importSymbols('__PYSNMP-USM-MIB', 'pysnmpUsmDiscovery') @@ -278,7 +334,28 @@ self.__sec2usr(snmpEngine, securityName) ) + debug.logger & debug.flagSM and debug.logger( + '__generateRequestOrResponseMsg: cloned USM user entry ' + 'usmUserName "%s" ' + 'usmUserSecurityName "%s" ' + 'usmUserAuthProtocol "%s" ' + 'usmUserAuthKeyLocalized "%s" ' + 'usmUserPrivProtocol "%s" ' + 'usmUserPrivKeyLocalized "%s" for ' + 'securityEngineID "%s" and securityName "%s"' % ( + usmUserName, usmUserSecurityName, + usmUserAuthProtocol, + usmUserAuthKeyLocalized and usmUserAuthKeyLocalized.prettyPrint(), + usmUserPrivProtocol, + usmUserPrivKeyLocalized and usmUserPrivKeyLocalized.prettyPrint(), + securityEngineID.prettyPrint(), securityName)) + except NoSuchInstanceError: + debug.logger & debug.flagSM and debug.logger( + '__generateRequestOrResponseMsg: failed to clone ' + 'USM user for securityEngineID "%s" securityName ' + '"%s"' % (securityEngineID, securityName)) + reportUnknownName = True if reportUnknownName: @@ -286,8 +363,6 @@ errorIndication=errind.unknownSecurityName ) - debug.logger & debug.flagSM and debug.logger('__generateRequestOrResponseMsg: clone user info') - except PyAsn1Error: debug.logger & debug.flagSM and debug.logger( '__generateRequestOrResponseMsg: %s' % (sys.exc_info()[1],)) @@ -296,20 +371,57 @@ raise error.StatusInformation( errorIndication=errind.invalidMsg ) + else: - # empty username used for engineID discovery + # 4. (start SNMP engine ID discovery) + securityEngineID = securityName = null + securityLevel = 1 + + scopedPDU.setComponentByPosition( + 0, null, verifyConstraints=False, + matchTags=False, matchConstraints=False) + + headerData = msg.getComponentByPosition(1) + + # Clear possible auth&priv flags + headerData.setComponentByPosition( + 2, univ.OctetString(hexValue='00'), verifyConstraints=False, + matchTags=False, matchConstraints=False + ) + + emptyPdu = scopedPDU.getComponentByPosition(2).getComponent() + + # we edit the rest of the structures in-place because they + # are ours for as long as this stack lasts, however PDU + # is more persistent and should not be touched + + emptyPdu = emptyPdu.clone() + pMod.apiPDU.setDefaults(emptyPdu) + + scopedPDU.getComponentByPosition(2).setComponentByType( + emptyPdu.tagSet, emptyPdu, verifyConstraints=False, + matchTags=False, matchConstraints=False) + usmUserName = usmUserSecurityName = null usmUserAuthProtocol = noauth.NoAuth.serviceID usmUserPrivProtocol = nopriv.NoPriv.serviceID usmUserAuthKeyLocalized = usmUserPrivKeyLocalized = None - debug.logger & debug.flagSM and debug.logger('__generateRequestOrResponseMsg: use empty USM data') - # noinspection PyUnboundLocalVariable - debug.logger & debug.flagSM and debug.logger( - '__generateRequestOrResponseMsg: local usmUserName %r usmUserSecurityName %r usmUserAuthProtocol %s usmUserPrivProtocol %s securityEngineID %r securityName %r' % ( - usmUserName, usmUserSecurityName, usmUserAuthProtocol, usmUserPrivProtocol, securityEngineID, securityName)) - - msg = globalData + debug.logger & debug.flagSM and debug.logger( + '__generateRequestOrResponseMsg: using blank USM info for peer ' + 'SNMP engine ID discovery ' + 'usmUserName "%s" ' + 'usmUserSecurityName "%s" ' + 'usmUserAuthProtocol "%s" ' + 'usmUserAuthKeyLocalized "%s" ' + 'usmUserPrivProtocol "%s" ' + 'usmUserPrivKeyLocalized "%s" for ' + 'securityEngineID "%s" and securityName "%s"' % ( + usmUserName, usmUserSecurityName, + usmUserAuthProtocol, usmUserAuthKeyLocalized, + usmUserPrivProtocol, usmUserPrivKeyLocalized, + securityEngineID and securityEngineID.prettyPrint(), + securityName)) # 3.1.2 if securityLevel == 3: @@ -648,28 +760,44 @@ snmpEngine.msgAndPduDsp.mibInstrumController, msgAuthoritativeEngineId, msgUserName ) - debug.logger & debug.flagSM and debug.logger('processIncomingMsg: read user info from LCD') + debug.logger & debug.flagSM and debug.logger( + 'processIncomingMsg: read user info from LCD') except NoSuchInstanceError: - debug.logger & debug.flagSM and debug.logger( - 'processIncomingMsg: unknown securityEngineID %r msgUserName %r' % ( - msgAuthoritativeEngineId, msgUserName)) + try: + (usmUserName, + usmUserSecurityName, + usmUserAuthProtocol, + usmUserAuthKeyLocalized, + usmUserPrivProtocol, + usmUserPrivKeyLocalized) = self.__getUserInfo( + snmpEngine.msgAndPduDsp.mibInstrumController, + self.wildcardSecurityEngineId, msgUserName + ) + debug.logger & debug.flagSM and debug.logger( + 'processIncomingMsg: read wildcard user info from LCD') - usmStatsUnknownUserNames, = mibBuilder.importSymbols( - '__SNMP-USER-BASED-SM-MIB', 'usmStatsUnknownUserNames') - usmStatsUnknownUserNames.syntax += 1 + except NoSuchInstanceError: - raise error.StatusInformation( - errorIndication=errind.unknownSecurityName, - oid=usmStatsUnknownUserNames.name, - val=usmStatsUnknownUserNames.syntax, - securityStateReference=securityStateReference, - securityLevel=securityLevel, - contextEngineId=contextEngineId, - contextName=contextName, - msgUserName=msgUserName, - maxSizeResponseScopedPDU=maxSizeResponseScopedPDU - ) + debug.logger & debug.flagSM and debug.logger( + 'processIncomingMsg: unknown securityEngineID %r msgUserName %r' % ( + msgAuthoritativeEngineId, msgUserName)) + + usmStatsUnknownUserNames, = mibBuilder.importSymbols( + '__SNMP-USER-BASED-SM-MIB', 'usmStatsUnknownUserNames') + usmStatsUnknownUserNames.syntax += 1 + + raise error.StatusInformation( + errorIndication=errind.unknownSecurityName, + oid=usmStatsUnknownUserNames.name, + val=usmStatsUnknownUserNames.syntax, + securityStateReference=securityStateReference, + securityLevel=securityLevel, + contextEngineId=contextEngineId, + contextName=contextName, + msgUserName=msgUserName, + maxSizeResponseScopedPDU=maxSizeResponseScopedPDU + ) except PyAsn1Error: debug.logger & debug.flagSM and debug.logger('processIncomingMsg: %s' % (sys.exc_info()[1],)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/smi/mibs/PYSNMP-USM-MIB.py new/pysnmp-4.4.11/pysnmp/smi/mibs/PYSNMP-USM-MIB.py --- old/pysnmp-4.4.10/pysnmp/smi/mibs/PYSNMP-USM-MIB.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/smi/mibs/PYSNMP-USM-MIB.py 2019-08-11 10:12:23.000000000 +0200 @@ -34,6 +34,9 @@ pysnmpUsmDiscovery = MibScalar((1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 1, 1, 2), Integer32().subtype(subtypeSpec=ConstraintsUnion(SingleValueConstraint(0, 1))).clone(namedValues=NamedValues(("doNotDiscover", 0), ("doDiscover", 1))).clone('doDiscover')).setMaxAccess("readwrite") if mibBuilder.loadTexts: pysnmpUsmDiscovery.setStatus('current') if mibBuilder.loadTexts: pysnmpUsmDiscovery.setDescription('Whether SNMP engine would try to figure out the EngineIDs of its peers by sending discover requests.') +pysnmpUsmKeyType = MibScalar((1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 1, 1, 3), Integer32().subtype(subtypeSpec=ConstraintsUnion(SingleValueConstraint(0, 1, 2))).clone(namedValues=NamedValues(("passphrase", 0), ("master", 1), ("localized", 2))).clone('passphrase')).setMaxAccess("not-accessible") +if mibBuilder.loadTexts: pysnmpUsmKeyType.setStatus('current') +if mibBuilder.loadTexts: pysnmpUsmKeyType.setDescription('When configuring USM user, the value of this enumeration determines how the keys should be treated. The default value "passphrase" means that given keys are plain-text pass-phrases, "master" indicates that the keys are pre-hashed pass-phrases, while "localized" stands for pre-hashed pass-phrases mixed with SNMP Security Engine ID value.') pysnmpUsmUser = MibIdentifier((1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 1, 3)) pysnmpUsmSecretTable = MibTable((1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 1, 2), ) if mibBuilder.loadTexts: pysnmpUsmSecretTable.setStatus('current') @@ -75,4 +78,4 @@ if mibBuilder.loadTexts: pysnmpUsmKeyPriv.setDescription("User's non-localized key used for encryption.") pysnmpUsmMIBCompliances = MibIdentifier((1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 2, 1)) pysnmpUsmMIBGroups = MibIdentifier((1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 2, 2)) -mibBuilder.exportSymbols("PYSNMP-USM-MIB", pysnmpUsmCfg=pysnmpUsmCfg, pysnmpUsmDiscoverable=pysnmpUsmDiscoverable, pysnmpUsmKeyEntry=pysnmpUsmKeyEntry, pysnmpUsmKeyTable=pysnmpUsmKeyTable, pysnmpUsmKeyPrivLocalized=pysnmpUsmKeyPrivLocalized, pysnmpUsmMIBCompliances=pysnmpUsmMIBCompliances, pysnmpUsmMIBObjects=pysnmpUsmMIBObjects, pysnmpUsmSecretTable=pysnmpUsmSecretTable, PYSNMP_MODULE_ID=pysnmpUsmMIB, pysnmpUsmSecretEntry=pysnmpUsmSecretEntry, pysnmpUsmMIBConformance=pysnmpUsmMIBConformance, pysnmpUsmUser=pysnmpUsmUser, pysnmpUsmKeyAuth=pysnmpUsmKeyAuth, pysnmpUsmSecretPrivKey=pysnmpUsmSecretPrivKey, pysnmpUsmKeyAuthLocalized=pysnmpUsmKeyAuthLocalized, pysnmpUsmMIB=pysnmpUsmMIB, pysnmpUsmDiscovery=pysnmpUsmDiscovery, pysnmpUsmSecretUserName=pysnmpUsmSecretUserName, pysnmpUsmKeyPriv=pysnmpUsmKeyPriv, pysnmpUsmSecretAuthKey=pysnmpUsmSecretAuthKey, pysnmpUsmSecretStatus=pysnmpUsmSecretStatus, pysnmpUsmMIBGroups=pysnmpUsmMIBGroups) +mibBuilder.exportSymbols("PYSNMP-USM-MIB", pysnmpUsmCfg=pysnmpUsmCfg, pysnmpUsmDiscoverable=pysnmpUsmDiscoverable, pysnmpUsmKeyType=pysnmpUsmKeyType, pysnmpUsmKeyEntry=pysnmpUsmKeyEntry, pysnmpUsmKeyTable=pysnmpUsmKeyTable, pysnmpUsmKeyPrivLocalized=pysnmpUsmKeyPrivLocalized, pysnmpUsmMIBCompliances=pysnmpUsmMIBCompliances, pysnmpUsmMIBObjects=pysnmpUsmMIBObjects, pysnmpUsmSecretTable=pysnmpUsmSecretTable, PYSNMP_MODULE_ID=pysnmpUsmMIB, pysnmpUsmSecretEntry=pysnmpUsmSecretEntry, pysnmpUsmMIBConformance=pysnmpUsmMIBConformance, pysnmpUsmUser=pysnmpUsmUser, pysnmpUsmKeyAuth=pysnmpUsmKeyAuth, pysnmpUsmSecretPrivKey=pysnmpUsmSecretPrivKey, pysnmpUsmKeyAuthLocalized=pysnmpUsmKeyAuthLocalized, pysnmpUsmMIB=pysnmpUsmMIB, pysnmpUsmDiscovery=pysnmpUsmDiscovery, pysnmpUsmSecretUserName=pysnmpUsmSecretUserName, pysnmpUsmKeyPriv=pysnmpUsmKeyPriv, pysnmpUsmSecretAuthKey=pysnmpUsmSecretAuthKey, pysnmpUsmSecretStatus=pysnmpUsmSecretStatus, pysnmpUsmMIBGroups=pysnmpUsmMIBGroups) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pysnmp-4.4.10/pysnmp/smi/mibs/instances/__PYSNMP-USM-MIB.py new/pysnmp-4.4.11/pysnmp/smi/mibs/instances/__PYSNMP-USM-MIB.py --- old/pysnmp-4.4.10/pysnmp/smi/mibs/instances/__PYSNMP-USM-MIB.py 2019-07-30 20:29:22.000000000 +0200 +++ new/pysnmp-4.4.11/pysnmp/smi/mibs/instances/__PYSNMP-USM-MIB.py 2019-08-11 10:12:23.000000000 +0200 @@ -7,17 +7,21 @@ MibScalarInstance, = mibBuilder.importSymbols('SNMPv2-SMI', 'MibScalarInstance') (pysnmpUsmDiscoverable, - pysnmpUsmDiscovery) = mibBuilder.importSymbols( + pysnmpUsmDiscovery, + pysnmpUsmKeyType) = mibBuilder.importSymbols( 'PYSNMP-USM-MIB', 'pysnmpUsmDiscoverable', - 'pysnmpUsmDiscovery' + 'pysnmpUsmDiscovery', + 'pysnmpUsmKeyType' ) __pysnmpUsmDiscoverable = MibScalarInstance(pysnmpUsmDiscoverable.name, (0,), pysnmpUsmDiscoverable.syntax) __pysnmpUsmDiscovery = MibScalarInstance(pysnmpUsmDiscovery.name, (0,), pysnmpUsmDiscovery.syntax) +__pysnmpUsmKeyType = MibScalarInstance(pysnmpUsmKeyType.name, (0,), pysnmpUsmKeyType.syntax) mibBuilder.exportSymbols( "__PYSNMP-USM-MIB", pysnmpUsmDiscoverable=__pysnmpUsmDiscoverable, - pysnmpUsmDiscovery=__pysnmpUsmDiscovery + pysnmpUsmDiscovery=__pysnmpUsmDiscovery, + pysnmpUsmKeyType=__pysnmpUsmKeyType )