o B]@sddlZddlZddlmZddlmZmZmZddlm Z m Z ddl m Z ddl mZddlmZmZmZddlmZdd lmZmZmZmZdd lmZdd lmZmZmZdd l m!Z!m"Z"m#Z#dd l$m%Z%ddl&m'Z'ej(ej)Z*Gdddej+ej,Z-GdddeZ.dS)N)AbstractSecurityModel)hmacmd5hmacshanoauth)desnopriv)aes)hmacsha2)des3aes192aes256)NoSuchInstanceError)apirfc1155errinderror)debug)univ namedtype constraint)encoderdecodereoo) PyAsn1Error)nullc @seZdZeedeedej e dddedej e dddedej e ddded eed eZ d S) UsmSecurityParametersmsgAuthoritativeEngineIdmsgAuthoritativeEngineBootsr)Z subtypeSpecmsgAuthoritativeEngineTime msgUserName ZmsgAuthenticationParametersZmsgPrivacyParametersN)__name__ __module__ __qualname__rZ NamedTypesZ NamedTyper OctetStringZIntegerZsubtyperZValueRangeConstraintZValueSizeConstraintZ componentTyper&r&E/usr/lib/python3/dist-packages/pysnmp/proto/secmod/rfc3414/service.pyrsrc@sFeZdZdZejjeejjee j j e e j j e j j e e j j e j j e e j j e j je e j jejjeiZejjeejjeejjeejjeejjeejjeejjeejjeiZ e!j"ddZ#ddZ$dddZ%e&d d Z'd d Z(d dZ)ddZ*ddZ+ddZ,ddZ-ddZ.dS)SnmpUSMSecurityModelZ 0000000000ZhexValuecCs.t|t|_i|_i|_d|_d|_dS)Nr)r__init__r-_SnmpUSMSecurityModel__securityParametersSpec_SnmpUSMSecurityModel__timeline'_SnmpUSMSecurityModel__timelineExpQueue&_SnmpUSMSecurityModel__expirationTimer%_SnmpUSMSecurityModel__paramsBranchId)selfr&r&r'r,Cs  zSnmpUSMSecurityModel.__init__NcCs|jjj}|dd\}|j|jkr||ddd\}}i|_|} z||j}Wnt yG|j|_t j t j @oDt d|j|jfYn5w|jt |jd} ||j| j} ||j| j} ||j| j} | | f} | |jvr{| |j| <q!|dur|dd\}|j}z |j||f}Wntyt j t j @ot d ||ft t wt j t j @ot d |||f|S|S) NSNMP-USER-BASED-SM-MIBusmUserEngineID usmUserNameusmUserSecurityNameTzK_sec2usr: built snmpEngineId + securityName to userName map, version %s: %r__SNMP-FRAMEWORK-MIB snmpEngineIDz>_sec2usr: no entry exists for snmpEngineId %r, securityName %rz@_sec2usr: using userName %r for snmpEngineId %r, securityName %r) msgAndPduDspmibInstrumController mibBuilder importSymbolsr1ZbranchVersionIdZ(_SnmpUSMSecurityModel__securityToUserMapZ getNextNodenamer rloggerflagSMlengetNodesyntaxKeyError)r2 snmpEngine securityNamesecurityEngineIDr;r4r5r6Z nextMibNodeZinstIdZ_SnmpUSMSecurityModel__engineIDZ_SnmpUSMSecurityModel__userNameZ#_SnmpUSMSecurityModel__securityNamekr8userNamer&r&r'Z __sec2usrKsh       zSnmpUSMSecurityModel.__sec2usrc Cs|jdd\}|||}||jd|j}||jd|j}||jd|j}||jd|j}|jdd\} | | jd |j} | | jd|j} |||| || fS) Nr3 usmUserEntryr)PYSNMP-USM-MIBpysnmpUsmKeyEntry)r;r<getInstIdFromIndicesrAr=rB) r:rFrHrIZtblIdxr5r6usmUserAuthProtocolusmUserPrivProtocolrRpysnmpUsmKeyAuthLocalizedpysnmpUsmKeyPrivLocalizedr&r&r'Z __getUserInfos" z"SnmpUSMSecurityModel.__getUserInfocCsb|jdd\}|jdd\}||j|}||jd|}||jd|}||jd|} ||jd|} ||jd |} |jd d \} | | jd|} | | jd|}|||}||jd |d ff|j||jd|_|j||jd|_| j|||jd|_| j||jd|_| j||jd |_|jd d \} | | jd|}| j|jvr|j| jj }|| j|}nt j t j d|dur|j||_| | jd|}| j|jvr|j| jj }|| j|j|}nt j t jd|dur#|j||_|j|j| j|j| j|jfS)Nr7r8r3rIrJrL)rMrOrQrR) rZrSerrorIndication)r;r<rUrBrAr=Z writeVarsclone authServices localizeKeyrStatusInformationrZunsupportedAuthProtocol privServicesZunsupportedPrivProtocol)r2r:rFrHr8rIZtblIdx1r5r6ZusmUserCloneFromrVrWrRZpysnmpUsmKeyAuthZpysnmpUsmKeyPrivZtblIdx2rXr`Z localAuthKeyrYZ localPrivKeyr&r&r'Z__cloneUserInfosx     z$SnmpUSMSecurityModel.__cloneUserInfoc 'Cs> |jjj} | dddj} |} | dur}|j| }|d}d|vr'|d}n|}d|vr2|d}ntjj }d|vr?|d}nd}d|vrJ|d}nt j j }d |vrW|d }nd}| }t j t j@ozt d ||||ol|||or|||| f n|rzXz||jj|||||\}}}}}}Wnty||jj|j||||j\}}}}}}Ynwt j t j@ot d ||||o|||o|||fWn(tyN| d d \}|j }|sBz7||jj||||\}}}}}}t j t j@o#t d||||o|||o|||fWntyAt j t j@or? prettyPrint"_SnmpUSMSecurityModel__getUserInfo_SnmpUSMSecurityModel__sec2usrr wildcardSecurityEngineId$_SnmpUSMSecurityModel__cloneUserInforrarunknownSecurityNamersysexc_info invalidMsgrsetComponentByPositiongetComponentByPositionrr% getComponentr^pModZapiPDUZ setDefaultsZsetComponentByTypeZtagSetunsupportedSecurityLevelr-r.rbZencryptionErrorrencodeZserializationErrorhexdumpZ encryptDatar_authenticationFailureZ digestLengthZauthenticateOutgoingMsg)'r2rDmessageProcessingModel globalDatamaxMessageSize securityModelrFrE securityLevel scopedPDUsecurityStateReferencer;r8msgZcachedSecurityDatar5r6rVrcrWrdrfZreportUnknownNamerhZ headerDataZemptyPdusecurityParametersZ scopedPDUDatarjrklatestReceivedEngineTimelatestUpdateTimestamp privHandlerZ dataToEncryptZ encryptedDataZprivParameters authHandlerwholeMsgZauthenticatedWholeMsgr&r&r'Z__generateRequestOrResponseMsgs                                                    z3SnmpUSMSecurityModel.__generateRequestOrResponseMsgc Cs|||||||||| d SN3_SnmpUSMSecurityModel__generateRequestOrResponseMsg) r2rDrrrrrFrErrr&r&r'generateRequestMsgpsz'SnmpUSMSecurityModel.generateRequestMsgc Cs|||||||||| | Srr) r2rDrrrrrFrErrrr&r&r'generateResponseMsgs z(SnmpUSMSecurityModel.generateResponseMsgc 3CsP |jjj} t|t|d} tjtj@otdt|t j ||j d\}} tjtj@o8td| ft j|rFtjtjd|d} |jj|dd} tjtj@oftd | |df|d}| d d dj}t}| d d dj}| |krD| |jvrD| rd t| krd krnntjtj@otd| fntjtj@otd| dd\}|jd7_tjtj@otd| dd\}|jr)tjtj@otd|dkr tjtj@otd| tjtjdtjtjd|}|d}|d}tjtj|j|j| ||||| d tjtj@otjtj@o(tdt$%df| d!d"\}|jd7_tjtj&d| d!d"\}|jd7_tjtj&dwt}}t'j(j)}t*j+j)}d}}tjtj@oatd#|||||f|j,| |jj|d|||||d$} |d}|d%}|j-.|d&t/| ||||||||d' |j-0|d&| |kr3d} |dkr|t'j(j)krd(} |t*j+j)krd)} n5|d%kr|t'j(j)krd*} |t*j+j)kr|s|rd+} n|dkr|t'j(j)krd,} |t*j+j)krd-} | r3| dd.\}!|!jd7_tjtj@o!td/|| ftjtj1|!j|!j| ||||| d tjtj1|!j|!j| ||||| d |dks=|d%kr||j2vrI|j2|}"ntjtj3dz |"4||d |Wn(tjy| dd0\}#|#jd7_tjtj3|#j|#j| ||||| d wtjtj@otd1|d|d%|d%tt55f|j| <|j6durd2p|j67}$t|j8d3|$}%|%|j9vrg|j9|%<|j9|%:| tjtj@otd4| f|dks|d%kr| |kr| d d5d6\}&}'|&j}&|'j;}'d}(tjtj@otd7|&|'fn/| |jvr=|j| \}&}'})}*tt55|*}(tjtj@o;td8|&|'| |(fnt|+j|+j| d%|||| d n}||&ks||&kr||)kr|||tt55f|j| <|j6durd2p|j67}$t|j8d3|$}%|%|j9vrg|j9|%<|j9|%:| tjtj@otd=||| f|&d:ks||&ks||&krt=|(t|'t|d;krtjtj>|d>|dkr||j?vr|j?|},ntjtj@|d>|d}-|-dur(tjtj@|d>z&|,A||d|d%|d?f|-}.tjtj@oLtd@t|.Wn(tjyv| ddA\}/|/jd7_tjtj@|/j|/j| ||||| d w|Bdd}0z t j |.|0d\}1} Wn+t#ytjtj@otdBt$%dtjtj@|d>tjtj@|d>wt j|1rtjtj@|d>n|d}1|1durtjtj@|d>tjtj@otdC|1 |}2tjtj@otdD|| f|s!| s!| dd\}|jd7_tjtj"|j|j| | ||||| |1dE | |2|1| | fS)FN0z)processIncomingMsg: securityParameters %s)Zasn1SpeczprocessIncomingMsg: %sr\rr))r zKprocessIncomingMsg: cache write securityStateReference %s by msgUserName %sr7r8rZ!z8processIncomingMsg: non-synchronized securityEngineID %rz9processIncomingMsg: peer requested snmpEngineID discoveryz__SNMP-USER-BASED-SM-MIBusmStatsUnknownEngineIDsrTz>processIncomingMsg: null or malformed msgAuthoritativeEngineIdrepysnmpUsmDiscoverablez=processIncomingMsg: starting snmpEngineID discovery procedureZ plaintextz2processIncomingMsg: scopedPduData not plaintext %s) r]oidvalrrcontextEngineId contextNamermaxSizeResponseScopedPDUz.processIncomingMsg: will not discover EngineIDzWprocessIncomingMsg: read from securityParams msgAuthoritativeEngineId %r msgUserName %rz+processIncomingMsg: read user info from LCDz4processIncomingMsg: read wildcard user info from LCDz>processIncomingMsg: unknown securityEngineID %r msgUserName %rusmStatsUnknownUserNames) r]rrrrrrr rrgrhzprocessIncomingMsg: now have usmUserName %r usmUserSecurityName %r usmUserAuthProtocol %r usmUserPrivProtocol %r for msgUserName %r)r r6rVrcrWrdrKzrfc3414.processIncomingMsg) ZsecurityEngineIdrjrkrHrEZ authProtocolZauthKeyZ privProtocolZprivKeyz'authPriv wanted while auth not expectedz'authPriv wanted while priv not expectedz)authNoPriv wanted while auth not expectedz%authNoPriv wanted while priv expectedz'noAuthNoPriv wanted while auth expectedz'noAuthNoPriv wanted while priv expectedusmStatsUnsupportedSecLevelszJprocessIncomingMsg: reporting inappropriate security level for user %s: %susmStatsWrongDigestsz.processIncomingMsg: incoming msg authenticatedg?i,z:processIncomingMsg: store timeline for securityEngineID %rrjrkzKprocessIncomingMsg: read snmpEngineBoots (%s), snmpEngineTime (%s) from LCDzyprocessIncomingMsg: read timeline snmpEngineBoots %s snmpEngineTime %s for msgAuthoritativeEngineId %r, idle time %s secszPeer SNMP engine info missingrusmStatsNotInTimeWindowszprocessIncomingMsg: stored timeline msgAuthoritativeEngineBoots %s msgAuthoritativeEngineTime %s for msgAuthoritativeEngineId %r)r]r rNz*processIncomingMsg: PDU deciphered into %susmStatsDecryptionErrorsz/processIncomingMsg: scopedPDU decoder failed %sz(processIncomingMsg: scopedPDU decoded %szKprocessIncomingMsg: cached msgUserName %s info by securityStateReference %s) r]rrrrFrrrr rZPDU)Cr9r:r;intr@rr>r?rrdecoder-rsrZ endOfOctetsZisSameTypeWithrrarZ parseErrorr}rnpushr<rBrr.ZgetNameZunknownEngineIDr~r=rtr rvrxrryrzr{rrprqrrrroZobserverZstoreExecutionContextdictZclearExecutionContextrr_rZauthenticateIncomingMsgtimeZtransportDispatcherZgetTimerResolutionr0r/appendr^Z ProtocolErrorabsZnotInTimeWindowrbZdecryptionErrorZ decryptDatar|)3r2rDrrrrrrrr;rrestrrZ scopedPduDatarrr8rrZ scopedPdur r5r6rVrcrWrdrrhrrZbadSecIndicationrrrZtimerResolutionZexpireAtrjrkZidleTimerrrrZ encryptedPDUZ decryptedDatarZ scopedPduSpecrrEr&r&r'processIncomingMsgs              &                                     z'SnmpUSMSecurityModel.processIncomingMsgcCsh|j|jvr+|j|jD]}||jvr%|j|=tjtj@o$td|fq |j|j=|jd7_dS)Nz!__expireTimelineInfo: expiring %rrT)r0r/r.rr>r?)r2Z engineIdKeyr&r&r'Z__expireTimelineInfocs   z)SnmpUSMSecurityModel.__expireTimelineInfocCs |dSr))_SnmpUSMSecurityModel__expireTimelineInfo)r2rDZtimeNowr&r&r'receiveTimerTickls z%SnmpUSMSecurityModel.receiveTimerTickr)/r"r#r$ZsecurityModelIDrZHmacMd5rqrZHmacShar ZHmacSha2Zsha224ServiceIDZsha256ServiceIDZsha384ServiceIDZsha512ServiceIDrrpr_rZDesr ZDes3rZAesr ZAesBlumenthal192r ZAesBlumenthal256ZAes192ZAes256rrrrbrr%rvr,ru staticmethodrtrwrrrrrrr&r&r&r'r(+sJ             4 N \ r()/rryZpysnmp.proto.secmod.baserZ pysnmp.proto.secmod.rfc3414.authrrrZ pysnmp.proto.secmod.rfc3414.privrrZ pysnmp.proto.secmod.rfc3826.privrZ pysnmp.proto.secmod.rfc7860.authr Zpysnmp.proto.secmod.eso.privr r r Zpysnmp.smi.errorr Z pysnmp.protorrrrZpysnmprZ pyasn1.typerrrZpyasn1.codec.berrrrZ pyasn1.errorrZpyasn1.compat.octetsrZ protoModulesZprotoVersion2crZTypeCoercionHackMixInSequencerr(r&r&r&r's$