VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=mergify%2Fbp%2Fcircinus%2Fpr-4091 2024-09-11T16:53:48+00:00 2024-09-11T16:53:48+00:00 John Estabrook jestabro@vyos.io 2024-06-20T01:16:05+00:00 urn:sha1:b5db9395ed576ef97b1692ca66c00900c532d6a1 (cherry picked from commit 26740a8d583f64dc0a27b59dd4ae303056972c0b) 2024-04-06T08:46:30+00:00 Christian Breunig christian@breunig.cc 2024-04-06T08:46:30+00:00 urn:sha1:489e6fababa60d9c0fbfdb421305cbe563432499 2023-08-02T09:12:23+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-08-02T09:12:23+00:00 urn:sha1:d1923b7b58795f0d9635ae0e8df110f591881bdf The script's name is always provided as the first argument sys.argv[0] Expected length for argv is 2 (script itself + config file) Change: 'if (len(argv) < 1)' to 'if len(argv) < 2' 2023-02-12T19:55:16+00:00 Christian Breunig christian@breunig.cc 2023-02-12T19:55:16+00:00 urn:sha1:bd9416a6aa9d5d0a746dc2cebc8d0330fd27d1a2 Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev 2023-01-18T15:16:05+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-01-18T15:09:32+00:00 urn:sha1:1ce8e672b57e03e144998cb0a56ad1622c667a1d 2020-07-11T15:55:21+00:00 Christian Poessinger christian@poessinger.com 2020-07-11T15:55:21+00:00 urn:sha1:d9c7dfb1e7a8ad4a44b571e3d4b8d87ff3898678 As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start. 2019-10-27T03:29:31+00:00 Christian Poessinger christian@poessinger.com 2019-10-27T03:23:13+00:00 urn:sha1:556b528ef9cc1eca9d142ebe1f8f88cd02d536da The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested and I know no way how it could be tested. Instead of carrying on dead and unused code we should favour a drop of it using a proper config migration script. 2019-10-27T03:07:11+00:00 Christian Poessinger christian@poessinger.com 2019-10-26T22:47:50+00:00 urn:sha1:d523111279b3a9a5266b442db5f04049a31685f7 As of the SNMP specification an SNMP engine ID should be unique per device. To not make it more complicated for users - only use the global SNMP engine ID.