delV3User() function improved to drop all rows from USM table that
were cloned from the target onepull/45/head
parent
6e6d1c2788
commit
35ad15e048
|
@ -1,4 +1,4 @@
|
|||
Revision 4.2.5rc1
|
||||
Revision 4.2.5rc0
|
||||
-----------------
|
||||
|
||||
- License updated to vanilla BSD 2-Clause to ease package use
|
||||
|
@ -27,6 +27,8 @@ Revision 4.2.5rc1
|
|||
use of global default of 0.5 sec.
|
||||
- Fix to twisted/udp non-default local endpoint binding features. Common
|
||||
socket ('host', port) notation is now supported.
|
||||
- The delV3User() function improved to drop all rows from USM table that
|
||||
were cloned from the target one.
|
||||
- Typos fixed in error-status constants at CommandResponder
|
||||
- Missing import added to oneliner auth module.
|
||||
- Cosmetic changes to v3arch example scripts.
|
||||
|
|
|
@ -126,37 +126,37 @@ def addV3User(snmpEngine, securityName,
|
|||
|
||||
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
|
||||
((usmUserEntry.name + (13,) + tblIdx1, 'destroy'),)
|
||||
)
|
||||
)
|
||||
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
|
||||
((usmUserEntry.name + (13,) + tblIdx1, 'createAndGo'),
|
||||
(usmUserEntry.name + (3,) + tblIdx1, securityName),
|
||||
(usmUserEntry.name + (4,) + tblIdx1, zeroDotZero.name),
|
||||
(usmUserEntry.name + (5,) + tblIdx1, authProtocol),
|
||||
(usmUserEntry.name + (8,) + tblIdx1, privProtocol))
|
||||
)
|
||||
)
|
||||
|
||||
# Localize keys
|
||||
if authProtocol in authServices:
|
||||
hashedAuthPassphrase = authServices[authProtocol].hashPassphrase(
|
||||
authKey and authKey or null
|
||||
)
|
||||
)
|
||||
localAuthKey = authServices[authProtocol].localizeKey(
|
||||
hashedAuthPassphrase, snmpEngineID
|
||||
)
|
||||
)
|
||||
else:
|
||||
raise error.PySnmpError('Unknown auth protocol %s' % (authProtocol,))
|
||||
|
||||
if privProtocol in privServices:
|
||||
hashedPrivPassphrase = privServices[privProtocol].hashPassphrase(
|
||||
authProtocol, privKey and privKey or null
|
||||
)
|
||||
)
|
||||
localPrivKey = privServices[privProtocol].localizeKey(
|
||||
authProtocol, hashedPrivPassphrase, snmpEngineID
|
||||
)
|
||||
)
|
||||
else:
|
||||
raise error.PySnmpError(
|
||||
'Unknown priv protocol %s' % (privProtocol,)
|
||||
)
|
||||
)
|
||||
|
||||
# Commit localized keys
|
||||
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
|
||||
|
@ -184,10 +184,25 @@ def delV3User(snmpEngine, securityName, contextEngineId=None):
|
|||
)
|
||||
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
|
||||
((usmUserEntry.name + (13,) + tblIdx1, 'destroy'),)
|
||||
)
|
||||
)
|
||||
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
|
||||
((pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'destroy'),)
|
||||
)
|
||||
|
||||
# Drop all derived rows
|
||||
varBinds = initialVarBinds = (
|
||||
(usmUserEntry.name + (1,), None),
|
||||
(usmUserEntry.name + (4,), None)
|
||||
)
|
||||
while True:
|
||||
varBinds = snmpEngine.msgAndPduDsp.mibInstrumController.readNextVars(
|
||||
varBinds
|
||||
)
|
||||
if varBinds[0][0][:len(initialVarBinds[0][0])]!=initialVarBinds[0][0]:
|
||||
break
|
||||
elif varBinds[1][1] == tblIdx1: # cloned from this entry
|
||||
delV3User(snmpEngine, securityName, varBinds[0][1])
|
||||
varBinds = initialVarBinds
|
||||
|
||||
def __cookTargetParamsInfo(snmpEngine, name):
|
||||
snmpTargetParamsEntry, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('SNMP-TARGET-MIB', 'snmpTargetParamsEntry')
|
||||
|
|
|
@ -94,56 +94,65 @@ class SnmpUSMSecurityModel(AbstractSecurityModel):
|
|||
usmUserEntry, = mibInstrumController.mibBuilder.importSymbols(
|
||||
'SNMP-USER-BASED-SM-MIB', 'usmUserEntry'
|
||||
)
|
||||
tblIdx = usmUserEntry.getInstIdFromIndices(
|
||||
tblIdx1 = usmUserEntry.getInstIdFromIndices(
|
||||
snmpEngineID.syntax, securityName
|
||||
)
|
||||
# Get proto protocols
|
||||
usmUserSecurityName = usmUserEntry.getNode(
|
||||
usmUserEntry.name + (3,) + tblIdx
|
||||
usmUserEntry.name + (3,) + tblIdx1
|
||||
)
|
||||
usmUserCloneFrom = usmUserEntry.getNode(
|
||||
usmUserEntry.name + (4,) + tblIdx1
|
||||
)
|
||||
usmUserAuthProtocol = usmUserEntry.getNode(
|
||||
usmUserEntry.name + (5,) + tblIdx
|
||||
usmUserEntry.name + (5,) + tblIdx1
|
||||
)
|
||||
usmUserPrivProtocol = usmUserEntry.getNode(
|
||||
usmUserEntry.name + (8,) + tblIdx
|
||||
usmUserEntry.name + (8,) + tblIdx1
|
||||
)
|
||||
# Get proto keys
|
||||
pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols(
|
||||
'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry'
|
||||
)
|
||||
pysnmpUsmKeyAuth = pysnmpUsmKeyEntry.getNode(
|
||||
pysnmpUsmKeyEntry.name + (3,) + tblIdx
|
||||
pysnmpUsmKeyEntry.name + (3,) + tblIdx1
|
||||
)
|
||||
pysnmpUsmKeyPriv = pysnmpUsmKeyEntry.getNode(
|
||||
pysnmpUsmKeyEntry.name + (4,) + tblIdx
|
||||
pysnmpUsmKeyEntry.name + (4,) + tblIdx1
|
||||
)
|
||||
|
||||
# Create new row from proto values
|
||||
|
||||
tblIdx = usmUserEntry.getInstIdFromIndices(
|
||||
|
||||
tblIdx2 = usmUserEntry.getInstIdFromIndices(
|
||||
securityEngineID, securityName
|
||||
)
|
||||
|
||||
# New row
|
||||
mibInstrumController.writeVars(
|
||||
((usmUserEntry.name + (13,) + tblIdx, 4),)
|
||||
((usmUserEntry.name + (13,) + tblIdx2, 4),)
|
||||
)
|
||||
# Set protocols
|
||||
usmUserEntry.getNode(
|
||||
usmUserEntry.name + (3,) + tblIdx
|
||||
).syntax = usmUserSecurityName.syntax
|
||||
usmUserEntry.name + (3,) + tblIdx2
|
||||
).syntax = usmUserSecurityName.syntax
|
||||
usmUserEntry.getNode(
|
||||
usmUserEntry.name + (5,) + tblIdx
|
||||
).syntax = usmUserAuthProtocol.syntax
|
||||
usmUserEntry.name + (5,) + tblIdx2
|
||||
).syntax = usmUserAuthProtocol.syntax
|
||||
usmUserEntry.getNode(
|
||||
usmUserEntry.name + (8,) + tblIdx
|
||||
).syntax = usmUserPrivProtocol.syntax
|
||||
usmUserEntry.name + (8,) + tblIdx2
|
||||
).syntax = usmUserPrivProtocol.syntax
|
||||
|
||||
# Store a reference to original row
|
||||
usmUserEntry.getNode(
|
||||
usmUserEntry.name + (4,) + tblIdx2
|
||||
).syntax = usmUserCloneFrom.syntax.clone(tblIdx1)
|
||||
|
||||
# Localize and set keys
|
||||
pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols(
|
||||
'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry'
|
||||
)
|
||||
pysnmpUsmKeyAuthLocalized = pysnmpUsmKeyEntry.getNode(
|
||||
pysnmpUsmKeyEntry.name + (1,) + tblIdx
|
||||
pysnmpUsmKeyEntry.name + (1,) + tblIdx2
|
||||
)
|
||||
if usmUserAuthProtocol.syntax in self.authServices:
|
||||
localizeKey = self.authServices[usmUserAuthProtocol.syntax].localizeKey
|
||||
|
@ -158,7 +167,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel):
|
|||
if localAuthKey is not None:
|
||||
pysnmpUsmKeyAuthLocalized.syntax = pysnmpUsmKeyAuthLocalized.syntax.clone(localAuthKey)
|
||||
pysnmpUsmKeyPrivLocalized = pysnmpUsmKeyEntry.getNode(
|
||||
pysnmpUsmKeyEntry.name + (2,) + tblIdx
|
||||
pysnmpUsmKeyEntry.name + (2,) + tblIdx2
|
||||
)
|
||||
if usmUserPrivProtocol.syntax in self.privServices:
|
||||
localizeKey = self.privServices[usmUserPrivProtocol.syntax].localizeKey
|
||||
|
|
|
@ -87,7 +87,7 @@ class UsmUserSecurityName(MibTableColumn):
|
|||
)
|
||||
usmUserSecurityName = UsmUserSecurityName((1, 3, 6, 1, 6, 3, 15, 1, 2, 2, 1, 3), SnmpAdminString()).setMaxAccess("readonly")
|
||||
if mibBuilder.loadTexts: usmUserSecurityName.setDescription("A human readable string representing the user in\nSecurity Model independent format.\n\nThe default transformation of the User-based Security\nModel dependent security ID to the securityName and\nvice versa is the identity function so that the\nsecurityName is the same as the userName.")
|
||||
usmUserCloneFrom = MibTableColumn((1, 3, 6, 1, 6, 3, 15, 1, 2, 2, 1, 4), RowPointer()).setMaxAccess("readcreate")
|
||||
usmUserCloneFrom = MibTableColumn((1, 3, 6, 1, 6, 3, 15, 1, 2, 2, 1, 4), RowPointer((0,0))).setMaxAccess("readcreate")
|
||||
if mibBuilder.loadTexts: usmUserCloneFrom.setDescription("A pointer to another conceptual row in this\nusmUserTable. The user in this other conceptual\nrow is called the clone-from user.\n\nWhen a new user is created (i.e., a new conceptual\nrow is instantiated in this table), the privacy and\nauthentication parameters of the new user must be\ncloned from its clone-from user. These parameters are:\n - authentication protocol (usmUserAuthProtocol)\n - privacy protocol (usmUserPrivProtocol)\nThey will be copied regardless of what the current\nvalue is.\n\nCloning also causes the initial values of the secret\nauthentication key (authKey) and the secret encryption\n\nkey (privKey) of the new user to be set to the same\nvalues as the corresponding secrets of the clone-from\nuser to allow the KeyChange process to occur as\nrequired during user creation.\n\nThe first time an instance of this object is set by\na management operation (either at or after its\ninstantiation), the cloning process is invoked.\nSubsequent writes are successful but invoke no\naction to be taken by the receiver.\nThe cloning process fails with an 'inconsistentName'\nerror if the conceptual row representing the\nclone-from user does not exist or is not in an active\nstate when the cloning process is invoked.\n\nWhen this object is read, the ZeroDotZero OID\nis returned.")
|
||||
usmUserAuthProtocol = MibTableColumn((1, 3, 6, 1, 6, 3, 15, 1, 2, 2, 1, 5), AutonomousType().clone('1.3.6.1.6.3.10.1.1.1')).setMaxAccess("readcreate")
|
||||
if mibBuilder.loadTexts: usmUserAuthProtocol.setDescription("An indication of whether messages sent on behalf of\nthis user to/from the SNMP engine identified by\nusmUserEngineID, can be authenticated, and if so,\nthe type of authentication protocol which is used.\n\nAn instance of this object is created concurrently\nwith the creation of any other object instance for\nthe same user (i.e., as part of the processing of\nthe set operation which creates the first object\ninstance in the same conceptual row).\n\nIf an initial set operation (i.e. at row creation time)\ntries to set a value for an unknown or unsupported\nprotocol, then a 'wrongValue' error must be returned.\n\nThe value will be overwritten/set when a set operation\nis performed on the corresponding instance of\nusmUserCloneFrom.\n\nOnce instantiated, the value of such an instance of\nthis object can only be changed via a set operation to\nthe value of the usmNoAuthProtocol.\n\nIf a set operation tries to change the value of an\n\nexisting instance of this object to any value other\nthan usmNoAuthProtocol, then an 'inconsistentValue'\nerror must be returned.\n\nIf a set operation tries to set the value to the\nusmNoAuthProtocol while the usmUserPrivProtocol value\nin the same row is not equal to usmNoPrivProtocol,\nthen an 'inconsistentValue' error must be returned.\nThat means that an SNMP command generator application\nmust first ensure that the usmUserPrivProtocol is set\nto the usmNoPrivProtocol value before it can set\nthe usmUserAuthProtocol value to usmNoAuthProtocol.")
|
||||
|
|
Loading…
Reference in New Issue