diff options
| author | Christian Poessinger <christian@poessinger.com> | 2018-06-06 21:24:45 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2018-06-06 21:24:47 +0200 |
| commit | a9f57961008800f45ac96fc67e55fdba4d9943f9 (patch) | |
| tree | 6748bd51f745c74a08e4b81740f1a0c920aa38a9 | |
| parent | 743b16de1aac4c6b579767f28d57bc2156d3acdf (diff) | |
| download | vyos-1x-a9f57961008800f45ac96fc67e55fdba4d9943f9.tar.gz vyos-1x-a9f57961008800f45ac96fc67e55fdba4d9943f9.zip | |
T652: snmp.py: bugfix writing encrypted keys to config
... in the past an encrypted key was encrypted again b/c we only used
createUser in /var/lib/snmp/snmpd.conf nad not usmUser in addition.
| -rwxr-xr-x | src/conf_mode/snmp.py | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 4f76442f9..3b02ffc3b 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -38,6 +38,15 @@ config_file_daemon = r'/etc/snmp/snmpd.conf' config_file_access = r'/usr/share/snmp/snmpd.conf' config_file_user = r'/var/lib/snmp/snmpd.conf' +# SNMP OIDs used to mark auth/priv type +OIDs = { + 'md5' : '.1.3.6.1.6.3.10.1.1.2', + 'sha' : '.1.3.6.1.6.3.10.1.1.3', + 'aes' : '.1.3.6.1.6.3.10.1.2.4', + 'des' : '.1.3.6.1.6.3.10.1.2.2', + 'none': '.1.3.6.1.6.3.10.1.2.1' +} + # SNMPS template - be careful if you edit the template. client_config_tmpl = """ ### Autogenerated by snmp.py ### @@ -65,7 +74,11 @@ user_config_tmpl = """ # user {% if v3_users %} {% for u in v3_users %} -createUser {{ u.name }} {{ u.authProtocol | upper }} {% if u.authPassword %} "{{ u.authPassword }}" {% elif u.authMasterKey %} "{{ u.authMasterKey }}"{% endif %} {{ u.privProtocol | upper }}{% if u.privPassword %} {{ u.privPassword }}{% elif u.privMasterKey %} {{ u.privMasterKey }}{% endif %} +{% if u.authPassword %} +createUser {{ u.name }} {{ u.authProtocol | upper }} "{{ u.authPassword }}" {{ u.privProtocol | upper }} {{ u.privPassword }} +{% else %} +usmUser 1 3 {{ u.engineID }} "{{ u.name }}" "{{ u.name }}" NULL {{ u.authOID }} {{ u.authMasterKey }} {{ u.privOID }} {{ u.privMasterKey }} 0x +{% endif %} {% endfor %} {% endif %} @@ -451,11 +464,13 @@ def get_config(): 'authMasterKey': '', 'authPassword': '', 'authProtocol': '', + 'authOID': '', 'engineID': '', 'group': '', 'mode': 'ro', 'privMasterKey': '', 'privPassword': '', + 'privOID': '', 'privTsmKey': '', 'privProtocol': '' } @@ -470,7 +485,9 @@ def get_config(): user_cfg['authPassword'] = conf.return_value('v3 user {0} auth plaintext-key'.format(user)) if conf.exists('v3 user {0} auth type'.format(user)): - user_cfg['authProtocol'] = conf.return_value('v3 user {0} auth type'.format(user)) + type = conf.return_value('v3 user {0} auth type'.format(user)) + user_cfg['authProtocol'] = type + user_cfg['authOID'] = OIDs[type] # # v3 user {0} engineid @@ -503,7 +520,9 @@ def get_config(): user_cfg['privTsmKey'] = conf.return_value('v3 user {0} privacy tsm-key'.format(user)) if conf.exists('v3 user {0} privacy type'.format(user)): - user_cfg['privProtocol'] = conf.return_value('v3 user {0} privacy type'.format(user)) + type = conf.return_value('v3 user {0} privacy type'.format(user)) + user_cfg['privProtocol'] = type + user_cfg['privOID'] = OIDs[type] snmp['v3_users'].append(user_cfg) |