diff options
| author | Christian Poessinger <christian@poessinger.com> | 2018-06-05 21:47:55 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2018-06-05 21:47:55 +0200 |
| commit | 0d38d4f13c24450aaa7b1a0a748e5f007b73ba8f (patch) | |
| tree | c511c078100f37de2c91fe027f832b032c3e8c02 /src/conf_mode/snmp.py | |
| parent | 2a3a7fc621b7bfe0b707a708b61065fc0a1284a3 (diff) | |
| download | vyos-1x-0d38d4f13c24450aaa7b1a0a748e5f007b73ba8f.tar.gz vyos-1x-0d38d4f13c24450aaa7b1a0a748e5f007b73ba8f.zip | |
T652: snmp.py: convert plaintext-keys into encrypted-keys
Diffstat (limited to 'src/conf_mode/snmp.py')
| -rwxr-xr-x | src/conf_mode/snmp.py | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 429181550..8238eb42a 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -20,7 +20,7 @@ import sys import os import stat import pwd - +import time import jinja2 import ipaddress import random @@ -696,6 +696,37 @@ def apply(snmp): # start SNMP daemon os.system("sudo systemctl restart snmpd.service") + # the passwords are not available immediately so this is a workaround + # and should be changed to polling + time.sleep(2) + + # Back in the Perl days the configuration was re-read and any + # plaintext password inside the configuration was replaced by + # the encrypted one which can be found in 'config_file_user' + with open(config_file_user, 'r') as f: + for line in f: + # we are only interested in the user database + if line.startswith('usmUser'): + string = line.split(' ') + cfg = { + 'user': string[4].replace(r'"', ''), + 'engineID': string[3], + 'auth_pw': string[8], + 'priv_pw': string[10] + } + # No need to take care about the VyOS internal user + if cfg['user'] == snmp['vyos_user']: + continue + + # Now update the running configuration + # + # Currently when executing os.system() the environment does not have the vyos_libexec_dir variable set, see T685 + os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set service snmp v3 user "{0}" engineid {1}'.format(cfg['user'], cfg['engineID'])) + os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set service snmp v3 user "{0}" auth encrypted-key {1}'.format(cfg['user'], cfg['auth_pw'])) + os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_set service snmp v3 user "{0}" privacy encrypted-key {1}'.format(cfg['user'], cfg['priv_pw'])) + os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_delete service snmp v3 user "{0}" auth plaintext-key'.format(cfg['user'])) + os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_delete service snmp v3 user "{0}" privacy plaintext-key'.format(cfg['user'])) + return None if __name__ == '__main__': |