class ScopedPDU(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('contextEngineId', univ.OctetString()), namedtype.NamedType('contextName', univ.OctetString()), namedtype.NamedType('data', rfc1905.PDUs()))
def processMachoBinary(filename): outDict = dict() outDict['result'] = False setOfArchDigests = SetOfArchitectureDigest() archDigestIdx = 0 parsedMacho = macholib.MachO.MachO(filename) for header in parsedMacho.headers : arch_digest = ArchitectureDigest() lc_segment = LC_SEGMENT arch_digest.setComponentByName('cpuType', CPUType(header.header.cputype)) arch_digest.setComponentByName('cpuSubType', CPUSubType(header.header.cpusubtype)) if header.header.cputype == 0x1000007: lc_segment = LC_SEGMENT_64 segment_commands = list(filter(lambda x: x[0].cmd == lc_segment, header.commands)) text_segment_commands = list(filter(lambda x: x[1].segname.decode("utf-8").startswith("__TEXT"), segment_commands)) code_segment_digests = SetOfCodeSegmentDigest() code_segment_idx = 0 for text_command in text_segment_commands: codeSegmentDigest = CodeSegmentDigest() codeSegmentDigest.setComponentByName('offset', text_command[1].fileoff) sectionDigestIdx = 0 set_of_digest = SetOfCodeSectionDigest() for section in text_command[2]: digester = hashlib.sha256() digester.update(section.section_data) digest = digester.digest() code_section_digest = CodeSectionDigest() code_section_digest.setComponentByName('offset', section.offset) code_section_digest.setComponentByName('digestAlgorithm', univ.ObjectIdentifier('2.16.840.1.101.3.4.2.1')) code_section_digest.setComponentByName('digest', univ.OctetString(digest)) set_of_digest.setComponentByPosition(sectionDigestIdx, code_section_digest) sectionDigestIdx += 1 codeSegmentDigest.setComponentByName('codeSectionDigests', set_of_digest) code_segment_digests.setComponentByPosition(code_segment_idx, codeSegmentDigest) code_segment_idx += 1 arch_digest.setComponentByName('CodeSegmentDigests', code_segment_digests) setOfArchDigests.setComponentByPosition(archDigestIdx, arch_digest) archDigestIdx += 1 outDict['result'] = True if outDict['result']: appDigest = ApplicationDigest() appDigest.setComponentByName('version', 1) appDigest.setComponentByName('digests', setOfArchDigests) outDict['digest'] = appDigest return outDict
def main(): parser = argparse.ArgumentParser(add_help=False) parser.add_argument( '-v', '--version', action='version', version=utils.TITLE) parser.add_argument( '-h', action='store_true', dest='usage', help='Brief usage message') parser.add_argument( '--help', action='store_true', help='Detailed help message') parser.add_argument( '--quiet', action='store_true', help='Do not print out informational messages') parser.add_argument( '--debug', choices=pysnmp_debug.flagMap, action='append', type=str, default=[], help='Enable one or more categories of SNMP debugging.') parser.add_argument( '--debug-asn1', choices=pyasn1_debug.FLAG_MAP, action='append', type=str, default=[], help='Enable one or more categories of ASN.1 debugging.') parser.add_argument( '--logging-method', type=lambda x: x.split(':'), metavar='=<%s[:args]>]' % '|'.join(log.METHODS_MAP), default='stderr', help='Logging method.') parser.add_argument( '--log-level', choices=log.LEVELS_MAP, type=str, default='info', help='Logging level.') parser.add_argument( '--reporting-method', type=lambda x: x.split(':'), metavar='=<%s[:args]>]' % '|'.join(ReportingManager.REPORTERS), default='null', help='Activity metrics reporting method.') parser.add_argument( '--daemonize', action='store_true', help='Disengage from controlling terminal and become a daemon') parser.add_argument( '--process-user', type=str, help='If run as root, switch simulator daemon to this user right ' 'upon binding privileged ports') parser.add_argument( '--process-group', type=str, help='If run as root, switch simulator daemon to this group right ' 'upon binding privileged ports') parser.add_argument( '--pid-file', metavar='<FILE>', type=str, default='/var/run/%s/%s.pid' % (__name__, os.getpid()), help='SNMP simulation data file to write records to') parser.add_argument( '--cache-dir', metavar='<DIR>', type=str, help='Location for SNMP simulation data file indices to create') parser.add_argument( '--force-index-rebuild', action='store_true', help='Rebuild simulation data files indices even if they seem ' 'up to date') parser.add_argument( '--validate-data', action='store_true', help='Validate simulation data files on daemon start-up') parser.add_argument( '--variation-modules-dir', metavar='<DIR>', type=str, action='append', default=[], help='Variation modules search path(s)') parser.add_argument( '--variation-module-options', metavar='<module[=alias][:args]>', type=str, action='append', default=[], help='Options for a specific variation module') parser.add_argument( '--v3-only', action='store_true', help='Trip legacy SNMP v1/v2c support to gain a little lesser memory ' 'footprint') parser.add_argument( '--transport-id-offset', type=int, default=0, help='Start numbering the last sub-OID of transport endpoint OIDs ' 'starting from this ID') parser.add_argument( '--max-var-binds', type=int, default=64, help='Maximum number of variable bindings to include in a single ' 'response') parser.add_argument( '--args-from-file', metavar='<FILE>', type=str, help='Read SNMP engine(s) command-line configuration from this ' 'file. Can be useful when command-line is too long') # We do not parse SNMP params with argparse, but we want its -h/--help snmp_helper = argparse.ArgumentParser( description=DESCRIPTION, add_help=False, parents=[parser]) v3_usage = """\ Configure one or more independent SNMP engines. Each SNMP engine has a distinct engine ID, its own set of SNMP USM users, one or more network transport endpoints to listen on and its own simulation data directory. Each SNMP engine configuration starts with `--v3-engine-id <arg>` parameter followed by other configuration options up to the next `--v3-engine-id` option or end of command line Example ------- $ snmp-command-responder \\ --v3-engine-id auto \\ --data-dir ./data --agent-udpv4-endpoint=127.0.0.1:1024 \\ --v3-engine-id auto \\ --data-dir ./data --agent-udpv4-endpoint=127.0.0.1:1025 \\ --data-dir ./data --agent-udpv4-endpoint=127.0.0.1:1026 Besides network endpoints, simulated agents can be addressed by SNMPv1/v2c community name or SNMPv3 context engine ID/name. These parameters are configured automatically based on simulation data file paths relative to `--data-dir`. """ v3_group = snmp_helper.add_argument_group(v3_usage) v3_group.add_argument( '--v3-engine-id', type=str, metavar='<HEX|auto>', default='auto', help='SNMPv3 engine ID') v3_group.add_argument( '--v3-user', metavar='<STRING>', type=functools.partial(_parse_sized_string, min_length=1), help='SNMPv3 USM user (security) name') v3_group.add_argument( '--v3-auth-key', type=_parse_sized_string, help='SNMPv3 USM authentication key (must be > 8 chars)') v3_group.add_argument( '--v3-auth-proto', choices=AUTH_PROTOCOLS, type=lambda x: x.upper(), default='NONE', help='SNMPv3 USM authentication protocol') v3_group.add_argument( '--v3-priv-key', type=_parse_sized_string, help='SNMPv3 USM privacy (encryption) key (must be > 8 chars)') v3_group.add_argument( '--v3-priv-proto', choices=PRIV_PROTOCOLS, type=lambda x: x.upper(), default='NONE', help='SNMPv3 USM privacy (encryption) protocol') v3_group.add_argument( '--v3-context-engine-id', type=lambda x: univ.OctetString(hexValue=x[2:]), help='SNMPv3 context engine ID') v3_group.add_argument( '--v3-context-name', type=str, default='', help='SNMPv3 context engine ID') v3_group.add_argument( '--agent-udpv4-endpoint', type=endpoints.parse_endpoint, metavar='<[X.X.X.X]:NNNNN>', help='SNMP agent UDP/IPv4 address to listen on (name:port)') v3_group.add_argument( '--agent-udpv6-endpoint', type=functools.partial(endpoints.parse_endpoint, ipv6=True), metavar='<[X:X:..X]:NNNNN>', help='SNMP agent UDP/IPv6 address to listen on ([name]:port)') v3_group.add_argument( '--data-dir', type=str, metavar='<DIR>', help='SNMP simulation data recordings directory.') args, unparsed_args = parser.parse_known_args() if args.usage: snmp_helper.print_usage(sys.stderr) return 1 if args.help: snmp_helper.print_help(sys.stderr) return 1 _, unknown_args = snmp_helper.parse_known_args(unparsed_args) if unknown_args: sys.stderr.write( 'ERROR: Unknown command-line parameter(s) ' '%s\r\n' % ' '.join(unknown_args)) snmp_helper.print_usage(sys.stderr) return 1 # Reformat unparsed args into a list of (option, value) tuples snmp_args = [] name = None for opt in unparsed_args: if '=' in opt: snmp_args.append(opt.split('=')) elif name: snmp_args.append((name, opt)) name = None else: name = opt if name: sys.stderr.write( 'ERROR: Non-paired command-line key-value parameter ' '%s\r\n' % name) snmp_helper.print_usage(sys.stderr) return 1 if args.cache_dir: confdir.cache = args.cache_dir if args.variation_modules_dir: confdir.variation = args.variation_modules_dir variation_modules_options = variation.parse_modules_options( args.variation_module_options) if args.args_from_file: try: with open(args.args_from_file) as fl: snmp_args.extend([handler.split('=', 1) for handler in fl.read().split()]) except Exception as exc: sys.stderr.write( 'ERROR: file %s opening failure: ' '%s\r\n' % (args.args_from_file, exc)) snmp_helper.print_usage(sys.stderr) return 1 with daemon.PrivilegesOf(args.process_user, args.process_group): proc_name = os.path.basename(sys.argv[0]) try: log.set_logger(proc_name, *args.logging_method, force=True) if args.log_level: log.set_level(args.log_level) except SnmpsimError as exc: sys.stderr.write('%s\r\n' % exc) snmp_helper.print_usage(sys.stderr) return 1 try: ReportingManager.configure(*args.reporting_method) except SnmpsimError as exc: sys.stderr.write('%s\r\n' % exc) snmp_helper.print_usage(sys.stderr) return 1 if args.daemonize: try: daemon.daemonize(args.pid_file) except Exception as exc: sys.stderr.write( 'ERROR: cant daemonize process: %s\r\n' % exc) snmp_helper.print_usage(sys.stderr) return 1 if not os.path.exists(confdir.cache): try: with daemon.PrivilegesOf(args.process_user, args.process_group): os.makedirs(confdir.cache) except OSError as exc: log.error('failed to create cache directory "%s": ' '%s' % (confdir.cache, exc)) return 1 else: log.info('Cache directory "%s" created' % confdir.cache) variation_modules = variation.load_variation_modules( confdir.variation, variation_modules_options) with daemon.PrivilegesOf(args.process_user, args.process_group): variation.initialize_variation_modules( variation_modules, mode='variating') def configure_managed_objects( data_dirs, data_index_instrum_controller, snmp_engine=None, snmp_context=None): """Build pysnmp Managed Objects base from data files information""" _mib_instrums = {} _data_files = {} for dataDir in data_dirs: log.info( 'Scanning "%s" directory for %s data ' 'files...' % (dataDir, ','.join( [' *%s%s' % (os.path.extsep, x.ext) for x in variation.RECORD_TYPES.values()]))) if not os.path.exists(dataDir): log.info('Directory "%s" does not exist' % dataDir) continue log.msg.inc_ident() for (full_path, text_parser, community_name) in datafile.get_data_files(dataDir): if community_name in _data_files: log.error( 'ignoring duplicate Community/ContextName "%s" for data ' 'file %s (%s already loaded)' % (community_name, full_path, _data_files[community_name])) continue elif full_path in _mib_instrums: mib_instrum = _mib_instrums[full_path] log.info('Configuring *shared* %s' % (mib_instrum,)) else: data_file = datafile.DataFile( full_path, text_parser, variation_modules) data_file.index_text(args.force_index_rebuild, args.validate_data) MibController = controller.MIB_CONTROLLERS[data_file.layout] mib_instrum = MibController(data_file) _mib_instrums[full_path] = mib_instrum _data_files[community_name] = full_path log.info('Configuring %s' % (mib_instrum,)) log.info('SNMPv1/2c community name: %s' % (community_name,)) agent_name = md5( univ.OctetString(community_name).asOctets()).hexdigest() context_name = agent_name if not args.v3_only: # snmpCommunityTable::snmpCommunityIndex can't be > 32 config.addV1System( snmp_engine, agent_name, community_name, contextName=context_name) snmp_context.registerContextName(context_name, mib_instrum) if len(community_name) <= 32: snmp_context.registerContextName(community_name, mib_instrum) data_index_instrum_controller.add_data_file( full_path, community_name, context_name) log.info( 'SNMPv3 Context Name: %s' '%s' % (context_name, len(community_name) <= 32 and ' or %s' % community_name or '')) log.msg.dec_ident() del _mib_instrums del _data_files # Bind transport endpoints for idx, opt in enumerate(snmp_args): if opt[0] == '--agent-udpv4-endpoint': snmp_args[idx] = ( opt[0], endpoints.IPv4TransportEndpoints().add(opt[1])) elif opt[0] == '--agent-udpv6-endpoint': snmp_args[idx] = ( opt[0], endpoints.IPv6TransportEndpoints().add(opt[1])) # Start configuring SNMP engine(s) transport_dispatcher = AsyncoreDispatcher() transport_dispatcher.registerRoutingCbFun(lambda td, t, d: td) if not snmp_args or snmp_args[0][0] != '--v3-engine-id': snmp_args.insert(0, ('--v3-engine-id', 'auto')) if snmp_args and snmp_args[-1][0] != 'end-of-options': snmp_args.append(('end-of-options', '')) snmp_engine = None transport_index = { 'udpv4': args.transport_id_offset, 'udpv6': args.transport_id_offset, } for opt in snmp_args: if opt[0] in ('--v3-engine-id', 'end-of-options'): if snmp_engine: log.info('--- SNMP Engine configuration') log.info( 'SNMPv3 EngineID: ' '%s' % (hasattr(snmp_engine, 'snmpEngineID') and snmp_engine.snmpEngineID.prettyPrint() or '<unknown>',)) if not v3_context_engine_ids: v3_context_engine_ids.append((None, [])) log.msg.inc_ident() log.info('--- Simulation data recordings configuration') for v3_context_engine_id, ctx_data_dirs in v3_context_engine_ids: snmp_context = context.SnmpContext(snmp_engine, v3_context_engine_id) # unregister default context snmp_context.unregisterContextName(null) log.info( 'SNMPv3 Context Engine ID: ' '%s' % snmp_context.contextEngineId.prettyPrint()) data_index_instrum_controller = controller.DataIndexInstrumController() with daemon.PrivilegesOf(args.process_user, args.process_group): configure_managed_objects( ctx_data_dirs or data_dirs or confdir.data, data_index_instrum_controller, snmp_engine, snmp_context ) # Configure access to data index config.addV1System(snmp_engine, 'index', 'index', contextName='index') log.info('--- SNMPv3 USM configuration') if not v3_users: v3_users = ['simulator'] v3_auth_keys[v3_users[0]] = 'auctoritas' v3_auth_protos[v3_users[0]] = 'MD5' v3_priv_keys[v3_users[0]] = 'privatus' v3_priv_protos[v3_users[0]] = 'DES' for v3User in v3_users: if v3User in v3_auth_keys: if v3User not in v3_auth_protos: v3_auth_protos[v3User] = 'MD5' elif v3User in v3_auth_protos: log.error( 'auth protocol configured without key for user ' '%s' % v3User) return 1 else: v3_auth_keys[v3User] = None v3_auth_protos[v3User] = 'NONE' if v3User in v3_priv_keys: if v3User not in v3_priv_protos: v3_priv_protos[v3User] = 'DES' elif v3User in v3_priv_protos: log.error( 'privacy protocol configured without key for user ' '%s' % v3User) return 1 else: v3_priv_keys[v3User] = None v3_priv_protos[v3User] = 'NONE' if (AUTH_PROTOCOLS[v3_auth_protos[v3User]] == config.usmNoAuthProtocol and PRIV_PROTOCOLS[v3_priv_protos[v3User]] != config.usmNoPrivProtocol): log.error( 'privacy impossible without authentication for USM user ' '%s' % v3User) return 1 try: config.addV3User( snmp_engine, v3User, AUTH_PROTOCOLS[v3_auth_protos[v3User]], v3_auth_keys[v3User], PRIV_PROTOCOLS[v3_priv_protos[v3User]], v3_priv_keys[v3User]) except error.PySnmpError as exc: log.error( 'bad USM values for user %s: ' '%s' % (v3User, exc)) return 1 log.info('SNMPv3 USM SecurityName: %s' % v3User) if AUTH_PROTOCOLS[v3_auth_protos[v3User]] != config.usmNoAuthProtocol: log.info( 'SNMPv3 USM authentication key: %s, ' 'authentication protocol: ' '%s' % (v3_auth_keys[v3User], v3_auth_protos[v3User])) if PRIV_PROTOCOLS[v3_priv_protos[v3User]] != config.usmNoPrivProtocol: log.info( 'SNMPv3 USM encryption (privacy) key: %s, ' 'encryption protocol: ' '%s' % (v3_priv_keys[v3User], v3_priv_protos[v3User])) snmp_context.registerContextName('index', data_index_instrum_controller) log.info( 'Maximum number of variable bindings in SNMP response: ' '%s' % local_max_var_binds) log.info('--- Transport configuration') if not agent_udpv4_endpoints and not agent_udpv6_endpoints: log.error( 'agent endpoint address(es) not specified for SNMP ' 'engine ID %s' % v3_engine_id) return 1 for agent_udpv4_endpoint in agent_udpv4_endpoints: transport_domain = udp.domainName + (transport_index['udpv4'],) transport_index['udpv4'] += 1 snmp_engine.registerTransportDispatcher( transport_dispatcher, transport_domain) config.addSocketTransport( snmp_engine, transport_domain, agent_udpv4_endpoint[0]) log.info( 'Listening at UDP/IPv4 endpoint %s, transport ID ' '%s' % (agent_udpv4_endpoint[1], '.'.join([str(handler) for handler in transport_domain]))) for agent_udpv6_endpoint in agent_udpv6_endpoints: transport_domain = udp6.domainName + (transport_index['udpv6'],) transport_index['udpv6'] += 1 snmp_engine.registerTransportDispatcher( transport_dispatcher, transport_domain) config.addSocketTransport( snmp_engine, transport_domain, agent_udpv6_endpoint[0]) log.info( 'Listening at UDP/IPv6 endpoint %s, transport ID ' '%s' % (agent_udpv6_endpoint[1], '.'.join([str(handler) for handler in transport_domain]))) # SNMP applications GetCommandResponder(snmp_engine, snmp_context) SetCommandResponder(snmp_engine, snmp_context) NextCommandResponder(snmp_engine, snmp_context) BulkCommandResponder( snmp_engine, snmp_context).maxVarBinds = local_max_var_binds log.msg.dec_ident() if opt[0] == 'end-of-options': # Load up the rest of MIBs while running privileged (snmp_engine .msgAndPduDsp .mibInstrumController .mibBuilder.loadModules()) break # Prepare for next engine ID configuration v3_context_engine_ids = [] data_dirs = [] local_max_var_binds = args.max_var_binds v3_users = [] v3_auth_keys = {} v3_auth_protos = {} v3_priv_keys = {} v3_priv_protos = {} agent_udpv4_endpoints = [] agent_udpv6_endpoints = [] try: v3_engine_id = opt[1] if not v3_engine_id or v3_engine_id.lower() == 'auto': snmp_engine = engine.SnmpEngine() else: snmp_engine = engine.SnmpEngine( snmpEngineID=univ.OctetString(hexValue=v3_engine_id)) except Exception as exc: log.error( 'SNMPv3 Engine initialization failed, EngineID "%s": ' '%s' % (v3_engine_id, exc)) return 1 config.addContext(snmp_engine, '') elif opt[0] == '--v3-context-engine-id': v3_context_engine_ids.append((univ.OctetString(hexValue=opt[1]), [])) elif opt[0] == '--data-dir': if v3_context_engine_ids: v3_context_engine_ids[-1][1].append(opt[1]) else: data_dirs.append(opt[1]) elif opt[0] == '--max-varbinds': local_max_var_binds = opt[1] elif opt[0] == '--v3-user': v3_users.append(opt[1]) elif opt[0] == '--v3-auth-key': if not v3_users: log.error('--v3-user should precede %s' % opt[0]) return 1 if v3_users[-1] in v3_auth_keys: log.error( 'repetitive %s option for user %s' % (opt[0], v3_users[-1])) return 1 v3_auth_keys[v3_users[-1]] = opt[1] elif opt[0] == '--v3-auth-proto': if opt[1].upper() not in AUTH_PROTOCOLS: log.error('bad v3 auth protocol %s' % opt[1]) return 1 else: if not v3_users: log.error('--v3-user should precede %s' % opt[0]) return 1 if v3_users[-1] in v3_auth_protos: log.error( 'repetitive %s option for user %s' % (opt[0], v3_users[-1])) return 1 v3_auth_protos[v3_users[-1]] = opt[1].upper() elif opt[0] == '--v3-priv-key': if not v3_users: log.error('--v3-user should precede %s' % opt[0]) return 1 if v3_users[-1] in v3_priv_keys: log.error( 'repetitive %s option for user %s' % (opt[0], v3_users[-1])) return 1 v3_priv_keys[v3_users[-1]] = opt[1] elif opt[0] == '--v3-priv-proto': if opt[1].upper() not in PRIV_PROTOCOLS: log.error('bad v3 privacy protocol %s' % opt[1]) return 1 else: if not v3_users: log.error('--v3-user should precede %s' % opt[0]) return 1 if v3_users[-1] in v3_priv_protos: log.error( 'repetitive %s option for user %s' % (opt[0], v3_users[-1])) return 1 v3_priv_protos[v3_users[-1]] = opt[1].upper() elif opt[0] == '--agent-udpv4-endpoint': agent_udpv4_endpoints.append(opt[1]) elif opt[0] == '--agent-udpv6-endpoint': agent_udpv6_endpoints.append(opt[1]) transport_dispatcher.jobStarted(1) # server job would never finish with daemon.PrivilegesOf(args.process_user, args.process_group, final=True): try: transport_dispatcher.runDispatcher() except KeyboardInterrupt: log.info('Shutting down process...') finally: if variation_modules: log.info('Shutting down variation modules:') for name, contexts in variation_modules.items(): body = contexts[0] try: body['shutdown'](options=body['args'], mode='variation') except Exception as exc: log.error( 'Variation module "%s" shutdown FAILED: ' '%s' % (name, exc)) else: log.info('Variation module "%s" shutdown OK' % name) transport_dispatcher.closeDispatcher() log.info('Process terminated') return 0
def testSimple(self): s = self.s.clone() s[1] = univ.OctetString('xx') assert decoder.decode({'first-name': 'xx'}, asn1Spec=self.s) == s
pass # Content Reference Attribute id_aa_contentReference = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.10') class ContentReference(univ.Sequence): pass ContentReference.componentType = namedtype.NamedTypes( namedtype.NamedType('contentType', ContentType()), namedtype.NamedType('signedContentIdentifier', ContentIdentifier()), namedtype.NamedType('originatorSignatureValue', univ.OctetString())) # Message Signature Digest Attribute id_aa_msgSigDigest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.5') class MsgSigDigest(univ.OctetString): pass # Content Hints Attribute id_aa_contentHint = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.4')
subtypeSpec=constraint.ValueSizeConstraint( 1, ub_domain_defined_attribute_value_length)))) id_pkix = _OID(1, 3, 6, 1, 5, 5, 7) id_qt = _OID(id_pkix, 2) class PresentationAddress(univ.Sequence): pass PresentationAddress.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'pSelector', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType( 'sSelector', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType( 'tSelector', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.NamedType( 'nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))) class AlgorithmIdentifier(univ.Sequence):
# X.509 Extension for MUD Signer id_pe_mudsigner = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.30') class MUDsignerSyntax(rfc5280.Name): pass # Object Identifier for CMS Content Type for a MUD file id_ct_mudtype = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.41') # Update the Certificate Extensions Map _certificateExtensionsMapUpdate = { id_pe_mud_url: MUDURLSyntax(), id_pe_mudsigner: MUDsignerSyntax(), } certificateExtensionsMap.update(_certificateExtensionsMapUpdate) # Update the CMS Content Types Map _cmsContentTypesMapUpdate = { id_ct_mudtype: univ.OctetString(), } cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
class PartialHashtree(univ.SequenceOf): componentType = univ.OctetString()
class NegoToken(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('negoToken', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), )
class Extension(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('extnID', univ.ObjectIdentifier()), namedtype.DefaultedNamedType('critical', univ.Boolean('False')), namedtype.NamedType('extnValue', univ.OctetString()))
class Message(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('version-2c', 1)))), namedtype.NamedType('community', univ.OctetString()), namedtype.NamedType('data', univ.Any()) )
tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType( 'b6', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 6)))) class AuthorityInfoAccess(univ.SequenceOf): componentType = AccessDescription() sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint( 1, MAX) # end of ASN.1 data structures octetType = univ.OctetString() certType = Certificate() genNames = GeneralNames() name_2_5_29_37 = KeyPurposeIds() name_2_5_29_14 = SubjectKeyIdentifier() name_2_5_29_35 = AuthorityKeyIdentifier() name_2_5_29_31 = CRLDistPointsSyntax() name_1_3_6_1_5_5_7_1_1 = AuthorityInfoAccess() # Read PEM certs from stdin and print them out in plain text stSpam, stHam, stDump = 0, 1, 2 state = stSpam certCnt = 0 # Convert between OID and String Representation
class SnmpV3MessageProcessingModel(AbstractMessageProcessingModel): messageProcessingModelID = univ.Integer(3) # SNMPv3 snmpMsgSpec = SNMPv3Message _emptyStr = univ.OctetString('') _msgFlags = { 0: univ.OctetString('\x00'), 1: univ.OctetString('\x01'), 3: univ.OctetString('\x03'), 4: univ.OctetString('\x04'), 5: univ.OctetString('\x05'), 7: univ.OctetString('\x07') } def __init__(self): AbstractMessageProcessingModel.__init__(self) self.__scopedPDU = ScopedPDU() self.__engineIdCache = {} self.__engineIdCacheExpQueue = {} self.__expirationTimer = 0 def getPeerEngineInfo(self, transportDomain, transportAddress): k = transportDomain, transportAddress if k in self.__engineIdCache: return (self.__engineIdCache[k]['securityEngineId'], self.__engineIdCache[k]['contextEngineId'], self.__engineIdCache[k]['contextName']) else: return None, None, None # 7.1.1a def prepareOutgoingMessage(self, snmpEngine, transportDomain, transportAddress, messageProcessingModel, securityModel, securityName, securityLevel, contextEngineId, contextName, pduVersion, pdu, expectResponse, sendPduHandle): snmpEngineID, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols( '__SNMP-FRAMEWORK-MIB', 'snmpEngineID') snmpEngineID = snmpEngineID.syntax # 7.1.1b msgID = self._cache.newMsgID() debug.logger & debug.flagMP and debug.logger( 'prepareOutgoingMessage: new msgID %s' % msgID) k = (transportDomain, transportAddress) if k in self.__engineIdCache: peerSnmpEngineData = self.__engineIdCache[k] else: peerSnmpEngineData = None debug.logger & debug.flagMP and debug.logger( 'prepareOutgoingMessage: peer SNMP engine data %s for transport %s, address %s' % (peerSnmpEngineData, transportDomain, transportAddress)) # 7.1.4 if contextEngineId is None: if peerSnmpEngineData is None: contextEngineId = snmpEngineID else: contextEngineId = peerSnmpEngineData['contextEngineId'] # Defaulting contextEngineID to securityEngineId should # probably be done on Agent side (see 7.1.3.d.2,) so this # is a sort of workaround. if not contextEngineId: contextEngineId = peerSnmpEngineData['securityEngineId'] # 7.1.5 if not contextName: contextName = self._emptyStr debug.logger & debug.flagMP and debug.logger( 'prepareOutgoingMessage: using contextEngineId %r, contextName %r' % (contextEngineId, contextName)) # 7.1.6 scopedPDU = self.__scopedPDU scopedPDU.setComponentByPosition(0, contextEngineId) scopedPDU.setComponentByPosition(1, contextName) scopedPDU.setComponentByPosition(2) scopedPDU.getComponentByPosition(2).setComponentByType( pdu.tagSet, pdu, verifyConstraints=False, matchTags=False, matchConstraints=False) # 7.1.7 msg = self._snmpMsgSpec # 7.1.7a msg.setComponentByPosition(0, self.messageProcessingModelID, verifyConstraints=False, matchTags=False, matchConstraints=False) headerData = msg.setComponentByPosition(1).getComponentByPosition(1) # 7.1.7b headerData.setComponentByPosition(0, msgID, verifyConstraints=False, matchTags=False, matchConstraints=False) snmpEngineMaxMessageSize, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols( '__SNMP-FRAMEWORK-MIB', 'snmpEngineMaxMessageSize') # 7.1.7c # XXX need to coerce MIB value as it has incompatible constraints set headerData.setComponentByPosition(1, snmpEngineMaxMessageSize.syntax, verifyConstraints=False, matchTags=False, matchConstraints=False) # 7.1.7d msgFlags = 0 if securityLevel == 1: pass elif securityLevel == 2: msgFlags |= 0x01 elif securityLevel == 3: msgFlags |= 0x03 else: raise error.ProtocolError('Unknown securityLevel %s' % securityLevel) if pdu.tagSet in rfc3411.confirmedClassPDUs: msgFlags |= 0x04 headerData.setComponentByPosition(2, self._msgFlags[msgFlags], verifyConstraints=False, matchTags=False, matchConstraints=False) # 7.1.7e # XXX need to coerce MIB value as it has incompatible constraints set headerData.setComponentByPosition(3, int(securityModel)) debug.logger & debug.flagMP and debug.logger( 'prepareOutgoingMessage: %s' % (msg.prettyPrint(), )) if securityModel in snmpEngine.securityModels: smHandler = snmpEngine.securityModels[securityModel] else: raise error.StatusInformation( errorIndication=errind.unsupportedSecurityModel) # 7.1.9.a if pdu.tagSet in rfc3411.unconfirmedClassPDUs: securityEngineId = snmpEngineID else: if peerSnmpEngineData is None: # Force engineID discovery (rfc3414, 4) securityEngineId = securityName = self._emptyStr securityLevel = 1 # Clear possible auth&priv flags headerData.setComponentByPosition(2, self._msgFlags[msgFlags & 0xfc], verifyConstraints=False, matchTags=False, matchConstraints=False) # XXX scopedPDU = self.__scopedPDU scopedPDU.setComponentByPosition(0, self._emptyStr, verifyConstraints=False, matchTags=False, matchConstraints=False) scopedPDU.setComponentByPosition(1, contextName) scopedPDU.setComponentByPosition(2) # Use dead-empty PDU for engine-discovery report emptyPdu = pdu.clone() pMod.apiPDU.setDefaults(emptyPdu) scopedPDU.getComponentByPosition(2).setComponentByType( emptyPdu.tagSet, emptyPdu, verifyConstraints=False, matchTags=False, matchConstraints=False) debug.logger & debug.flagMP and debug.logger( 'prepareOutgoingMessage: force engineID discovery') else: securityEngineId = peerSnmpEngineData['securityEngineId'] debug.logger & debug.flagMP and debug.logger( 'prepareOutgoingMessage: securityModel %r, securityEngineId %r, securityName %r, securityLevel %r' % (securityModel, securityEngineId, securityName, securityLevel)) # 7.1.9.b (securityParameters, wholeMsg) = smHandler.generateRequestMsg( snmpEngine, self.messageProcessingModelID, msg, snmpEngineMaxMessageSize.syntax, securityModel, securityEngineId, securityName, securityLevel, scopedPDU) # Message size constraint verification if len(wholeMsg) > snmpEngineMaxMessageSize.syntax: raise error.StatusInformation(errorIndication=errind.tooBig) # 7.1.9.c if pdu.tagSet in rfc3411.confirmedClassPDUs: # XXX rfc bug? why stateReference should be created? self._cache.pushByMsgId(msgID, sendPduHandle=sendPduHandle, msgID=msgID, snmpEngineID=snmpEngineID, securityModel=securityModel, securityName=securityName, securityLevel=securityLevel, contextEngineId=contextEngineId, contextName=contextName, transportDomain=transportDomain, transportAddress=transportAddress) snmpEngine.observer.storeExecutionContext( snmpEngine, 'rfc3412.prepareOutgoingMessage', dict(transportDomain=transportDomain, transportAddress=transportAddress, wholeMsg=wholeMsg, securityModel=securityModel, securityName=securityName, securityLevel=securityLevel, contextEngineId=contextEngineId, contextName=contextName, pdu=pdu)) snmpEngine.observer.clearExecutionContext( snmpEngine, 'rfc3412.prepareOutgoingMessage') return transportDomain, transportAddress, wholeMsg def prepareResponseMessage(self, snmpEngine, messageProcessingModel, securityModel, securityName, securityLevel, contextEngineId, contextName, pduVersion, pdu, maxSizeResponseScopedPDU, stateReference, statusInformation): snmpEngineID, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols( '__SNMP-FRAMEWORK-MIB', 'snmpEngineID') snmpEngineID = snmpEngineID.syntax # 7.1.2.b cachedParams = self._cache.popByStateRef(stateReference) msgID = cachedParams['msgID'] contextEngineId = cachedParams['contextEngineId'] contextName = cachedParams['contextName'] securityModel = cachedParams['securityModel'] securityName = cachedParams['securityName'] securityLevel = cachedParams['securityLevel'] securityStateReference = cachedParams['securityStateReference'] reportableFlag = cachedParams['reportableFlag'] maxMessageSize = cachedParams['msgMaxSize'] transportDomain = cachedParams['transportDomain'] transportAddress = cachedParams['transportAddress'] debug.logger & debug.flagMP and debug.logger( 'prepareResponseMessage: stateReference %s' % stateReference) # 7.1.3 if statusInformation is not None and 'oid' in statusInformation: # 7.1.3a if pdu is None: pduType = None else: requestID = pdu.getComponentByPosition(0) pduType = pdu.tagSet # 7.1.3b if (pdu is None and not reportableFlag or pduType is not None and pduType not in rfc3411.confirmedClassPDUs): raise error.StatusInformation( errorIndication=errind.loopTerminated) # 7.1.3c reportPDU = rfc1905.ReportPDU() pMod.apiPDU.setVarBinds( reportPDU, ((statusInformation['oid'], statusInformation['val']), )) pMod.apiPDU.setErrorStatus(reportPDU, 0) pMod.apiPDU.setErrorIndex(reportPDU, 0) if pdu is None: pMod.apiPDU.setRequestID(reportPDU, 0) else: # noinspection PyUnboundLocalVariable pMod.apiPDU.setRequestID(reportPDU, requestID) # 7.1.3d.1 if 'securityLevel' in statusInformation: securityLevel = statusInformation['securityLevel'] else: securityLevel = 1 # 7.1.3d.2 if 'contextEngineId' in statusInformation: contextEngineId = statusInformation['contextEngineId'] else: contextEngineId = snmpEngineID # 7.1.3d.3 if 'contextName' in statusInformation: contextName = statusInformation['contextName'] else: contextName = "" # 7.1.3e pdu = reportPDU debug.logger & debug.flagMP and debug.logger( 'prepareResponseMessage: prepare report PDU for statusInformation %s' % statusInformation) # 7.1.4 if not contextEngineId: contextEngineId = snmpEngineID # XXX impl-dep manner # 7.1.5 if not contextName: contextName = self._emptyStr debug.logger & debug.flagMP and debug.logger( 'prepareResponseMessage: using contextEngineId %r, contextName %r' % (contextEngineId, contextName)) # 7.1.6 scopedPDU = self.__scopedPDU scopedPDU.setComponentByPosition(0, contextEngineId) scopedPDU.setComponentByPosition(1, contextName) scopedPDU.setComponentByPosition(2) scopedPDU.getComponentByPosition(2).setComponentByType( pdu.tagSet, pdu, verifyConstraints=False, matchTags=False, matchConstraints=False) # 7.1.7 msg = self._snmpMsgSpec # 7.1.7a msg.setComponentByPosition(0, self.messageProcessingModelID, verifyConstraints=False, matchTags=False, matchConstraints=False) headerData = msg.setComponentByPosition(1).getComponentByPosition(1) # 7.1.7b headerData.setComponentByPosition(0, msgID, verifyConstraints=False, matchTags=False, matchConstraints=False) snmpEngineMaxMessageSize, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols( '__SNMP-FRAMEWORK-MIB', 'snmpEngineMaxMessageSize') # 7.1.7c # XXX need to coerce MIB value as it has incompatible constraints set headerData.setComponentByPosition(1, snmpEngineMaxMessageSize.syntax, verifyConstraints=False, matchTags=False, matchConstraints=False) # 7.1.7d msgFlags = 0 if securityLevel == 1: pass elif securityLevel == 2: msgFlags |= 0x01 elif securityLevel == 3: msgFlags |= 0x03 else: raise error.ProtocolError('Unknown securityLevel %s' % securityLevel) if pdu.tagSet in rfc3411.confirmedClassPDUs: # XXX not needed? msgFlags |= 0x04 headerData.setComponentByPosition(2, self._msgFlags[msgFlags], verifyConstraints=False, matchTags=False, matchConstraints=False) # 7.1.7e headerData.setComponentByPosition(3, securityModel, verifyConstraints=False, matchTags=False, matchConstraints=False) debug.logger & debug.flagMP and debug.logger( 'prepareResponseMessage: %s' % (msg.prettyPrint(), )) if securityModel in snmpEngine.securityModels: smHandler = snmpEngine.securityModels[securityModel] else: raise error.StatusInformation( errorIndication=errind.unsupportedSecurityModel) debug.logger & debug.flagMP and debug.logger( 'prepareResponseMessage: securityModel %r, securityEngineId %r, securityName %r, securityLevel %r' % (securityModel, snmpEngineID, securityName, securityLevel)) # 7.1.8a try: (securityParameters, wholeMsg) = smHandler.generateResponseMsg( snmpEngine, self.messageProcessingModelID, msg, snmpEngineMaxMessageSize.syntax, securityModel, snmpEngineID, securityName, securityLevel, scopedPDU, securityStateReference) except error.StatusInformation: # 7.1.8.b raise debug.logger & debug.flagMP and debug.logger( 'prepareResponseMessage: SM finished') # Message size constraint verification if len(wholeMsg) > min(snmpEngineMaxMessageSize.syntax, maxMessageSize): raise error.StatusInformation(errorIndication=errind.tooBig) snmpEngine.observer.storeExecutionContext( snmpEngine, 'rfc3412.prepareResponseMessage', dict(transportDomain=transportDomain, transportAddress=transportAddress, securityModel=securityModel, securityName=securityName, securityLevel=securityLevel, contextEngineId=contextEngineId, contextName=contextName, securityEngineId=snmpEngineID, pdu=pdu)) snmpEngine.observer.clearExecutionContext( snmpEngine, 'rfc3412.prepareResponseMessage') return transportDomain, transportAddress, wholeMsg # 7.2.1 def prepareDataElements(self, snmpEngine, transportDomain, transportAddress, wholeMsg): # 7.2.2 msg, restOfwholeMsg = decoder.decode(wholeMsg, asn1Spec=self._snmpMsgSpec) debug.logger & debug.flagMP and debug.logger( 'prepareDataElements: %s' % (msg.prettyPrint(), )) if eoo.endOfOctets.isSameTypeWith(msg): raise error.StatusInformation(errorIndication=errind.parseError) # 7.2.3 headerData = msg.getComponentByPosition(1) msgVersion = messageProcessingModel = msg.getComponentByPosition(0) msgID = headerData.getComponentByPosition(0) msgFlags, = headerData.getComponentByPosition(2).asNumbers() maxMessageSize = headerData.getComponentByPosition(1) securityModel = headerData.getComponentByPosition(3) securityParameters = msg.getComponentByPosition(2) debug.logger & debug.flagMP and debug.logger( 'prepareDataElements: msg data msgVersion %s msgID %s securityModel %s' % (msgVersion, msgID, securityModel)) # 7.2.4 if securityModel not in snmpEngine.securityModels: snmpUnknownSecurityModels, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols( '__SNMP-MPD-MIB', 'snmpUnknownSecurityModels') snmpUnknownSecurityModels.syntax += 1 raise error.StatusInformation( errorIndication=errind.unsupportedSecurityModel) # 7.2.5 if msgFlags & 0x03 == 0x00: securityLevel = 1 elif (msgFlags & 0x03) == 0x01: securityLevel = 2 elif (msgFlags & 0x03) == 0x03: securityLevel = 3 else: snmpInvalidMsgs, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols( '__SNMP-MPD-MIB', 'snmpInvalidMsgs') snmpInvalidMsgs.syntax += 1 raise error.StatusInformation(errorIndication=errind.invalidMsg) if msgFlags & 0x04: reportableFlag = 1 else: reportableFlag = 0 # 7.2.6 smHandler = snmpEngine.securityModels[securityModel] try: (securityEngineId, securityName, scopedPDU, maxSizeResponseScopedPDU, securityStateReference) = smHandler.processIncomingMsg( snmpEngine, messageProcessingModel, maxMessageSize, securityParameters, securityModel, securityLevel, wholeMsg, msg) debug.logger & debug.flagMP and debug.logger( 'prepareDataElements: SM succeeded') except error.StatusInformation: statusInformation, origTraceback = sys.exc_info()[1:3] debug.logger & debug.flagMP and debug.logger( 'prepareDataElements: SM failed, statusInformation %s' % statusInformation) snmpEngine.observer.storeExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:sm-failure', dict(transportDomain=transportDomain, transportAddress=transportAddress, securityModel=securityModel, securityLevel=securityLevel, securityParameters=securityParameters, statusInformation=statusInformation)) snmpEngine.observer.clearExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:sm-failure') if 'errorIndication' in statusInformation: # 7.2.6a if 'oid' in statusInformation: # 7.2.6a1 securityStateReference = statusInformation[ 'securityStateReference'] contextEngineId = statusInformation['contextEngineId'] contextName = statusInformation['contextName'] if 'scopedPDU' in statusInformation: scopedPDU = statusInformation['scopedPDU'] pdu = scopedPDU.getComponentByPosition( 2).getComponent() else: pdu = None maxSizeResponseScopedPDU = statusInformation[ 'maxSizeResponseScopedPDU'] securityName = None # XXX secmod cache used # 7.2.6a2 stateReference = self._cache.newStateReference() self._cache.pushByStateRef( stateReference, msgVersion=messageProcessingModel, msgID=msgID, contextEngineId=contextEngineId, contextName=contextName, securityModel=securityModel, securityName=securityName, securityLevel=securityLevel, securityStateReference=securityStateReference, reportableFlag=reportableFlag, msgMaxSize=maxMessageSize, maxSizeResponseScopedPDU=maxSizeResponseScopedPDU, transportDomain=transportDomain, transportAddress=transportAddress) # 7.2.6a3 try: snmpEngine.msgAndPduDsp.returnResponsePdu( snmpEngine, 3, securityModel, securityName, securityLevel, contextEngineId, contextName, 1, pdu, maxSizeResponseScopedPDU, stateReference, statusInformation) except error.StatusInformation: pass debug.logger & debug.flagMP and debug.logger( 'prepareDataElements: error reported') # 7.2.6b if sys.version_info[0] <= 2: raise statusInformation else: try: raise statusInformation.with_traceback(origTraceback) finally: # Break cycle between locals and traceback object # (seems to be irrelevant on Py3 but just in case) del origTraceback else: # Sniff for engineIdCache k = (transportDomain, transportAddress) if k not in self.__engineIdCache: contextEngineId = scopedPDU[0] contextName = scopedPDU[1] pdus = scopedPDU[2] pdu = pdus.getComponent() # Here we assume that authentic/default EngineIDs # come only in the course of engine-to-engine communication. if pdu.tagSet in rfc3411.internalClassPDUs: self.__engineIdCache[k] = { 'securityEngineId': securityEngineId, 'contextEngineId': contextEngineId, 'contextName': contextName } expireAt = int( self.__expirationTimer + 300 / snmpEngine.transportDispatcher.getTimerResolution()) if expireAt not in self.__engineIdCacheExpQueue: self.__engineIdCacheExpQueue[expireAt] = [] self.__engineIdCacheExpQueue[expireAt].append(k) debug.logger & debug.flagMP and debug.logger( 'prepareDataElements: cache securityEngineId %r for %r %r' % (securityEngineId, transportDomain, transportAddress)) snmpEngineID, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols( '__SNMP-FRAMEWORK-MIB', 'snmpEngineID') snmpEngineID = snmpEngineID.syntax # 7.2.7 XXX PDU would be parsed here? contextEngineId = scopedPDU[0] contextName = scopedPDU[1] pdu = scopedPDU[2] pdu = pdu.getComponent() # PDUs # 7.2.8 pduVersion = api.protoVersion2c # 7.2.9 pduType = pdu.tagSet # 7.2.10 if (pduType in rfc3411.responseClassPDUs or pduType in rfc3411.internalClassPDUs): # 7.2.10a try: cachedReqParams = self._cache.popByMsgId(msgID) except error.ProtocolError: smHandler.releaseStateInformation(securityStateReference) raise error.StatusInformation( errorIndication=errind.dataMismatch) # 7.2.10b sendPduHandle = cachedReqParams['sendPduHandle'] else: sendPduHandle = None debug.logger & debug.flagMP and debug.logger( 'prepareDataElements: using sendPduHandle %s for msgID %s' % (sendPduHandle, msgID)) # 7.2.11 if pduType in rfc3411.internalClassPDUs: # 7.2.11a varBinds = pMod.apiPDU.getVarBinds(pdu) if varBinds: statusInformation = error.StatusInformation( errorIndication=_snmpErrors.get( varBinds[0][0], errind.ReportPduReceived( varBinds[0][0].prettyPrint())), oid=varBinds[0][0], val=varBinds[0][1], sendPduHandle=sendPduHandle) else: statusInformation = error.StatusInformation( sendPduHandle=sendPduHandle) # 7.2.11b (incomplete implementation) snmpEngine.observer.storeExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:internal', dict(transportDomain=transportDomain, transportAddress=transportAddress, securityModel=securityModel, securityName=securityName, securityLevel=securityLevel, contextEngineId=contextEngineId, contextName=contextName, securityEngineId=securityEngineId, pdu=pdu)) snmpEngine.observer.clearExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:internal') # 7.2.11c smHandler.releaseStateInformation(securityStateReference) # 7.2.11d # no-op # 7.2.11e XXX may need to pass Reports up to app in some cases... raise statusInformation statusInformation = None # no errors ahead # 7.2.12 if pduType in rfc3411.responseClassPDUs: # 7.2.12a -> no-op # 7.2.12b # noinspection PyUnboundLocalVariable if (securityModel != cachedReqParams['securityModel'] or securityName != cachedReqParams['securityName'] or securityLevel != cachedReqParams['securityLevel'] or contextEngineId != cachedReqParams['contextEngineId'] or contextName != cachedReqParams['contextName']): smHandler.releaseStateInformation(securityStateReference) raise error.StatusInformation( errorIndication=errind.dataMismatch) snmpEngine.observer.storeExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:response', dict(transportDomain=transportDomain, transportAddress=transportAddress, securityModel=securityModel, securityName=securityName, securityLevel=securityLevel, contextEngineId=contextEngineId, contextName=contextName, securityEngineId=securityEngineId, pdu=pdu)) snmpEngine.observer.clearExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:response') # 7.2.12c smHandler.releaseStateInformation(securityStateReference) stateReference = None # 7.2.12d return (messageProcessingModel, securityModel, securityName, securityLevel, contextEngineId, contextName, pduVersion, pdu, pduType, sendPduHandle, maxSizeResponseScopedPDU, statusInformation, stateReference) # 7.2.13 if pduType in rfc3411.confirmedClassPDUs: # 7.2.13a if securityEngineId != snmpEngineID: smHandler.releaseStateInformation(securityStateReference) raise error.StatusInformation( errorIndication=errind.engineIDMismatch) # 7.2.13b stateReference = self._cache.newStateReference() self._cache.pushByStateRef( stateReference, msgVersion=messageProcessingModel, msgID=msgID, contextEngineId=contextEngineId, contextName=contextName, securityModel=securityModel, securityName=securityName, securityLevel=securityLevel, securityStateReference=securityStateReference, reportableFlag=reportableFlag, msgMaxSize=maxMessageSize, maxSizeResponseScopedPDU=maxSizeResponseScopedPDU, transportDomain=transportDomain, transportAddress=transportAddress) debug.logger & debug.flagMP and debug.logger( 'prepareDataElements: new stateReference %s' % stateReference) snmpEngine.observer.storeExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:confirmed', dict(transportDomain=transportDomain, transportAddress=transportAddress, securityModel=securityModel, securityName=securityName, securityLevel=securityLevel, contextEngineId=contextEngineId, contextName=contextName, securityEngineId=securityEngineId, pdu=pdu)) snmpEngine.observer.clearExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:confirmed') # 7.2.13c return (messageProcessingModel, securityModel, securityName, securityLevel, contextEngineId, contextName, pduVersion, pdu, pduType, sendPduHandle, maxSizeResponseScopedPDU, statusInformation, stateReference) # 7.2.14 if pduType in rfc3411.unconfirmedClassPDUs: # Pass new stateReference to let app browse request details stateReference = self._cache.newStateReference() snmpEngine.observer.storeExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:unconfirmed', dict(transportDomain=transportDomain, transportAddress=transportAddress, securityModel=securityModel, securityName=securityName, securityLevel=securityLevel, contextEngineId=contextEngineId, contextName=contextName, securityEngineId=securityEngineId, pdu=pdu)) snmpEngine.observer.clearExecutionContext( snmpEngine, 'rfc3412.prepareDataElements:unconfirmed') # This is not specified explicitly in RFC smHandler.releaseStateInformation(securityStateReference) return (messageProcessingModel, securityModel, securityName, securityLevel, contextEngineId, contextName, pduVersion, pdu, pduType, sendPduHandle, maxSizeResponseScopedPDU, statusInformation, stateReference) smHandler.releaseStateInformation(securityStateReference) raise error.StatusInformation( errorIndication=errind.unsupportedPDUtype) def __expireEnginesInfo(self): if self.__expirationTimer in self.__engineIdCacheExpQueue: for engineKey in self.__engineIdCacheExpQueue[ self.__expirationTimer]: del self.__engineIdCache[engineKey] debug.logger & debug.flagMP and debug.logger( '__expireEnginesInfo: expiring %r' % (engineKey, )) del self.__engineIdCacheExpQueue[self.__expirationTimer] self.__expirationTimer += 1 def receiveTimerTick(self, snmpEngine, timeNow): self.__expireEnginesInfo() AbstractMessageProcessingModel.receiveTimerTick( self, snmpEngine, timeNow)
class ScopedPduData(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('plaintext', ScopedPDU()), namedtype.NamedType('encryptedPDU', univ.OctetString()), )
def testLongMode(self): assert encoder.encode( univ.OctetString('Q' * 1001) ) == ints2octs((36, 128, 4, 130, 3, 232) + (81,) * 1000 + (4, 1, 81, 0, 0))
def localizeKey(passKey, snmpEngineId, hashFunc): passKey = univ.OctetString(passKey).asOctets() # noinspection PyDeprecation,PyCallingNonCallable return hashFunc(passKey + snmpEngineId.asOctets() + passKey).digest()
def __initWithOptionalAndDefaulted(self): self.s.clear() self.s.setComponentByPosition(0, univ.Null('')) self.s.setComponentByPosition(1, univ.OctetString('quick brown')) self.s.setComponentByPosition(2, univ.Integer(1))
class SpcSerializedObject(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('classId', SpcUuid()), namedtype.NamedType('serializedData', univ.OctetString()))
def main(): variation_module = None parser = argparse.ArgumentParser(description=DESCRIPTION) parser.add_argument( '-v', '--version', action='version', version=utils.TITLE) parser.add_argument( '--quiet', action='store_true', help='Do not print out informational messages') parser.add_argument( '--debug', choices=pysnmp_debug.flagMap, action='append', type=str, default=[], help='Enable one or more categories of SNMP debugging.') parser.add_argument( '--debug-asn1', choices=pyasn1_debug.FLAG_MAP, action='append', type=str, default=[], help='Enable one or more categories of ASN.1 debugging.') parser.add_argument( '--logging-method', type=lambda x: x.split(':'), metavar='=<%s[:args]>]' % '|'.join(log.METHODS_MAP), default='stderr', help='Logging method.') parser.add_argument( '--log-level', choices=log.LEVELS_MAP, type=str, default='info', help='Logging level.') v1arch_group = parser.add_argument_group('SNMPv1/v2c parameters') v1arch_group.add_argument( '--protocol-version', choices=['1', '2c'], default='2c', help='SNMPv1/v2c protocol version') v1arch_group.add_argument( '--community', type=str, default='public', help='SNMP community name') v3arch_group = parser.add_argument_group('SNMPv3 parameters') v3arch_group.add_argument( '--v3-user', metavar='<STRING>', type=functools.partial(_parse_sized_string, min_length=1), help='SNMPv3 USM user (security) name') v3arch_group.add_argument( '--v3-auth-key', type=_parse_sized_string, help='SNMPv3 USM authentication key (must be > 8 chars)') v3arch_group.add_argument( '--v3-auth-proto', choices=AUTH_PROTOCOLS, type=lambda x: x.upper(), default='NONE', help='SNMPv3 USM authentication protocol') v3arch_group.add_argument( '--v3-priv-key', type=_parse_sized_string, help='SNMPv3 USM privacy (encryption) key (must be > 8 chars)') v3arch_group.add_argument( '--v3-priv-proto', choices=PRIV_PROTOCOLS, type=lambda x: x.upper(), default='NONE', help='SNMPv3 USM privacy (encryption) protocol') v3arch_group.add_argument( '--v3-context-engine-id', type=lambda x: univ.OctetString(hexValue=x[2:]), help='SNMPv3 context engine ID') v3arch_group.add_argument( '--v3-context-name', type=str, default='', help='SNMPv3 context engine ID') parser.add_argument( '--use-getbulk', action='store_true', help='Use SNMP GETBULK PDU for mass SNMP managed objects retrieval') parser.add_argument( '--getbulk-repetitions', type=int, default=25, help='Use SNMP GETBULK PDU for mass SNMP managed objects retrieval') endpoint_group = parser.add_mutually_exclusive_group(required=True) endpoint_group.add_argument( '--agent-udpv4-endpoint', type=endpoints.parse_endpoint, metavar='<[X.X.X.X]:NNNNN>', help='SNMP agent UDP/IPv4 address to pull simulation data ' 'from (name:port)') endpoint_group.add_argument( '--agent-udpv6-endpoint', type=functools.partial(endpoints.parse_endpoint, ipv6=True), metavar='<[X:X:..X]:NNNNN>', help='SNMP agent UDP/IPv6 address to pull simulation data ' 'from ([name]:port)') parser.add_argument( '--timeout', type=int, default=3, help='SNMP command response timeout (in seconds)') parser.add_argument( '--retries', type=int, default=3, help='SNMP command retries') parser.add_argument( '--start-object', metavar='<MIB::Object|OID>', type=_parse_mib_object, default=univ.ObjectIdentifier('1.3.6'), help='Drop all simulation data records prior to this OID specified ' 'as MIB object (MIB::Object) or OID (1.3.6.)') parser.add_argument( '--stop-object', metavar='<MIB::Object|OID>', type=functools.partial(_parse_mib_object, last=True), help='Drop all simulation data records after this OID specified ' 'as MIB object (MIB::Object) or OID (1.3.6.)') parser.add_argument( '--mib-source', dest='mib_sources', metavar='<URI|PATH>', action='append', type=str, default=['http://mibs.snmplabs.com/asn1/@mib@'], help='One or more URIs pointing to a collection of ASN.1 MIB files.' 'Optional "@mib@" token gets replaced with desired MIB module ' 'name during MIB search.') parser.add_argument( '--destination-record-type', choices=variation.RECORD_TYPES, default='snmprec', help='Produce simulation data with record of this type') parser.add_argument( '--output-file', metavar='<FILE>', type=str, help='SNMP simulation data file to write records to') parser.add_argument( '--continue-on-errors', metavar='<tolerance-level>', type=int, default=0, help='Keep on pulling SNMP data even if intermittent errors occur') variation_group = parser.add_argument_group( 'Simulation data variation options') parser.add_argument( '--variation-modules-dir', action='append', type=str, help='Search variation module by this path') variation_group.add_argument( '--variation-module', type=str, help='Pass gathered simulation data through this variation module') variation_group.add_argument( '--variation-module-options', type=str, default='', help='Variation module options') args = parser.parse_args() if args.debug: pysnmp_debug.setLogger(pysnmp_debug.Debug(*args.debug)) if args.debug_asn1: pyasn1_debug.setLogger(pyasn1_debug.Debug(*args.debug_asn1)) if args.output_file: ext = os.path.extsep ext += variation.RECORD_TYPES[args.destination_record_type].ext if not args.output_file.endswith(ext): args.output_file += ext record = variation.RECORD_TYPES[args.destination_record_type] args.output_file = record.open(args.output_file, 'wb') else: args.output_file = sys.stdout if sys.version_info >= (3, 0, 0): # binary mode write args.output_file = sys.stdout.buffer elif sys.platform == "win32": import msvcrt msvcrt.setmode(sys.stdout.fileno(), os.O_BINARY) # Catch missing params if args.protocol_version == '3': if not args.v3_user: sys.stderr.write('ERROR: --v3-user is missing\r\n') parser.print_usage(sys.stderr) return 1 if args.v3_priv_key and not args.v3_auth_key: sys.stderr.write('ERROR: --v3-auth-key is missing\r\n') parser.print_usage(sys.stderr) return 1 if AUTH_PROTOCOLS[args.v3_auth_proto] == config.usmNoAuthProtocol: if args.v3_auth_key: args.v3_auth_proto = 'MD5' else: if not args.v3_auth_key: sys.stderr.write('ERROR: --v3-auth-key is missing\r\n') parser.print_usage(sys.stderr) return 1 if PRIV_PROTOCOLS[args.v3_priv_proto] == config.usmNoPrivProtocol: if args.v3_priv_key: args.v3_priv_proto = 'DES' else: if not args.v3_priv_key: sys.stderr.write('ERROR: --v3-priv-key is missing\r\n') parser.print_usage(sys.stderr) return 1 proc_name = os.path.basename(sys.argv[0]) try: log.set_logger(proc_name, *args.logging_method, force=True) if args.log_level: log.set_level(args.log_level) except error.SnmpsimError as exc: sys.stderr.write('%s\r\n' % exc) parser.print_usage(sys.stderr) return 1 if args.use_getbulk and args.protocol_version == '1': log.info('will be using GETNEXT with SNMPv1!') args.use_getbulk = False # Load variation module if args.variation_module: for variation_modules_dir in ( args.variation_modules_dir or confdir.variation): log.info( 'Scanning "%s" directory for variation ' 'modules...' % variation_modules_dir) if not os.path.exists(variation_modules_dir): log.info('Directory "%s" does not exist' % variation_modules_dir) continue mod = os.path.join(variation_modules_dir, args.variation_module + '.py') if not os.path.exists(mod): log.info('Variation module "%s" not found' % mod) continue ctx = {'path': mod, 'moduleContext': {}} try: with open(mod) as fl: exec (compile(fl.read(), mod, 'exec'), ctx) except Exception as exc: log.error('Variation module "%s" execution failure: ' '%s' % (mod, exc)) return 1 variation_module = ctx log.info('Variation module "%s" loaded' % args.variation_module) break else: log.error('variation module "%s" not found' % args.variation_module) return 1 # SNMP configuration snmp_engine = engine.SnmpEngine() if args.protocol_version == '3': if args.v3_priv_key is None and args.v3_auth_key is None: secLevel = 'noAuthNoPriv' elif args.v3_priv_key is None: secLevel = 'authNoPriv' else: secLevel = 'authPriv' config.addV3User( snmp_engine, args.v3_user, AUTH_PROTOCOLS[args.v3_auth_proto], args.v3_auth_key, PRIV_PROTOCOLS[args.v3_priv_proto], args.v3_priv_key) log.info( 'SNMP version 3, Context EngineID: %s Context name: %s, SecurityName: %s, ' 'SecurityLevel: %s, Authentication key/protocol: %s/%s, Encryption ' '(privacy) key/protocol: ' '%s/%s' % ( args.v3_context_engine_id and args.v3_context_engine_id.prettyPrint() or '<default>', args.v3_context_name and args.v3_context_name.prettyPrint() or '<default>', args.v3_user, secLevel, args.v3_auth_key is None and '<NONE>' or args.v3_auth_key, args.v3_auth_proto, args.v3_priv_key is None and '<NONE>' or args.v3_priv_key, args.v3_priv_proto)) else: args.v3_user = '******' secLevel = 'noAuthNoPriv' config.addV1System(snmp_engine, args.v3_user, args.community) log.info( 'SNMP version %s, Community name: ' '%s' % (args.protocol_version, args.community)) config.addTargetParams( snmp_engine, 'pms', args.v3_user, secLevel, VERSION_MAP[args.protocol_version]) if args.agent_udpv6_endpoint: config.addSocketTransport( snmp_engine, udp6.domainName, udp6.Udp6SocketTransport().openClientMode()) config.addTargetAddr( snmp_engine, 'tgt', udp6.domainName, args.agent_udpv6_endpoint, 'pms', args.timeout * 100, args.retries) log.info('Querying UDP/IPv6 agent at [%s]:%s' % args.agent_udpv6_endpoint) elif args.agent_udpv4_endpoint: config.addSocketTransport( snmp_engine, udp.domainName, udp.UdpSocketTransport().openClientMode()) config.addTargetAddr( snmp_engine, 'tgt', udp.domainName, args.agent_udpv4_endpoint, 'pms', args.timeout * 100, args.retries) log.info('Querying UDP/IPv4 agent at %s:%s' % args.agent_udpv4_endpoint) log.info('Agent response timeout: %d secs, retries: ' '%s' % (args.timeout, args.retries)) if (isinstance(args.start_object, ObjectIdentity) or isinstance(args.stop_object, ObjectIdentity)): compiler.addMibCompiler( snmp_engine.getMibBuilder(), sources=args.mib_sources) mib_view_controller = view.MibViewController( snmp_engine.getMibBuilder()) try: if isinstance(args.start_object, ObjectIdentity): args.start_object.resolveWithMib(mib_view_controller) if isinstance(args.stop_object, ObjectIdentity): args.stop_object.resolveWithMib(mib_view_controller) except PySnmpError as exc: sys.stderr.write('ERROR: %s\r\n' % exc) return 1 # Variation module initialization if variation_module: log.info('Initializing variation module...') for x in ('init', 'record', 'shutdown'): if x not in variation_module: log.error('missing "%s" handler at variation module ' '"%s"' % (x, args.variation_module)) return 1 try: handler = variation_module['init'] handler(snmpEngine=snmp_engine, options=args.variation_module_options, mode='recording', startOID=args.start_object, stopOID=args.stop_object) except Exception as exc: log.error( 'Variation module "%s" initialization FAILED: ' '%s' % (args.variation_module, exc)) else: log.info( 'Variation module "%s" initialization OK' % args.variation_module) data_file_handler = variation.RECORD_TYPES[args.destination_record_type] # SNMP worker def cbFun(snmp_engine, send_request_handle, error_indication, error_status, error_index, var_bind_table, cb_ctx): if error_indication and not cb_ctx['retries']: cb_ctx['errors'] += 1 log.error('SNMP Engine error: %s' % error_indication) return # SNMPv1 response may contain noSuchName error *and* SNMPv2c exception, # so we ignore noSuchName error here if error_status and error_status != 2 or error_indication: log.error( 'Remote SNMP error %s' % ( error_indication or error_status.prettyPrint())) if cb_ctx['retries']: try: next_oid = var_bind_table[-1][0][0] except IndexError: next_oid = cb_ctx['lastOID'] else: log.error('Failed OID: %s' % next_oid) # fuzzy logic of walking a broken OID if len(next_oid) < 4: pass elif (args.continue_on_errors - cb_ctx['retries']) * 10 / args.continue_on_errors > 5: next_oid = next_oid[:-2] + (next_oid[-2] + 1,) elif next_oid[-1]: next_oid = next_oid[:-1] + (next_oid[-1] + 1,) else: next_oid = next_oid[:-2] + (next_oid[-2] + 1, 0) cb_ctx['retries'] -= 1 cb_ctx['lastOID'] = next_oid log.info( 'Retrying with OID %s (%s retries left)' '...' % (next_oid, cb_ctx['retries'])) # initiate another SNMP walk iteration if args.use_getbulk: cmd_gen.sendVarBinds( snmp_engine, 'tgt', args.v3_context_engine_id, args.v3_context_name, 0, args.getbulk_repetitions, [(next_oid, None)], cbFun, cb_ctx) else: cmd_gen.sendVarBinds( snmp_engine, 'tgt', args.v3_context_engine_id, args.v3_context_name, [(next_oid, None)], cbFun, cb_ctx) cb_ctx['errors'] += 1 return if args.continue_on_errors != cb_ctx['retries']: cb_ctx['retries'] += 1 if var_bind_table and var_bind_table[-1] and var_bind_table[-1][0]: cb_ctx['lastOID'] = var_bind_table[-1][0][0] stop_flag = False # Walk var-binds for var_bind_row in var_bind_table: for oid, value in var_bind_row: # EOM if args.stop_object and oid >= args.stop_object: stop_flag = True # stop on out of range condition elif (value is None or value.tagSet in (rfc1905.NoSuchObject.tagSet, rfc1905.NoSuchInstance.tagSet, rfc1905.EndOfMibView.tagSet)): stop_flag = True # remove value enumeration if value.tagSet == rfc1902.Integer32.tagSet: value = rfc1902.Integer32(value) if value.tagSet == rfc1902.Unsigned32.tagSet: value = rfc1902.Unsigned32(value) if value.tagSet == rfc1902.Bits.tagSet: value = rfc1902.OctetString(value) # Build .snmprec record context = { 'origOid': oid, 'origValue': value, 'count': cb_ctx['count'], 'total': cb_ctx['total'], 'iteration': cb_ctx['iteration'], 'reqTime': cb_ctx['reqTime'], 'args.start_object': args.start_object, 'stopOID': args.stop_object, 'stopFlag': stop_flag, 'variationModule': variation_module } try: line = data_file_handler.format(oid, value, **context) except error.MoreDataNotification as exc: cb_ctx['count'] = 0 cb_ctx['iteration'] += 1 more_data_notification = exc if 'period' in more_data_notification: log.info( '%s OIDs dumped, waiting %.2f sec(s)' '...' % (cb_ctx['total'], more_data_notification['period'])) time.sleep(more_data_notification['period']) # initiate another SNMP walk iteration if args.use_getbulk: cmd_gen.sendVarBinds( snmp_engine, 'tgt', args.v3_context_engine_id, args.v3_context_name, 0, args.getbulk_repetitions, [(args.start_object, None)], cbFun, cb_ctx) else: cmd_gen.sendVarBinds( snmp_engine, 'tgt', args.v3_context_engine_id, args.v3_context_name, [(args.start_object, None)], cbFun, cb_ctx) stop_flag = True # stop current iteration except error.NoDataNotification: pass except error.SnmpsimError as exc: log.error(exc) continue else: args.output_file.write(line) cb_ctx['count'] += 1 cb_ctx['total'] += 1 if cb_ctx['count'] % 100 == 0: log.info('OIDs dumped: %s/%s' % ( cb_ctx['iteration'], cb_ctx['count'])) # Next request time cb_ctx['reqTime'] = time.time() # Continue walking return not stop_flag cb_ctx = { 'total': 0, 'count': 0, 'errors': 0, 'iteration': 0, 'reqTime': time.time(), 'retries': args.continue_on_errors, 'lastOID': args.start_object } if args.use_getbulk: cmd_gen = cmdgen.BulkCommandGenerator() cmd_gen.sendVarBinds( snmp_engine, 'tgt', args.v3_context_engine_id, args.v3_context_name, 0, args.getbulk_repetitions, [(args.start_object, rfc1902.Null(''))], cbFun, cb_ctx) else: cmd_gen = cmdgen.NextCommandGenerator() cmd_gen.sendVarBinds( snmp_engine, 'tgt', args.v3_context_engine_id, args.v3_context_name, [(args.start_object, rfc1902.Null(''))], cbFun, cb_ctx) log.info( 'Sending initial %s request for %s (stop at %s)' '....' % (args.use_getbulk and 'GETBULK' or 'GETNEXT', args.start_object, args.stop_object or '<end-of-mib>')) started = time.time() try: snmp_engine.transportDispatcher.runDispatcher() except KeyboardInterrupt: log.info('Shutting down process...') finally: if variation_module: log.info('Shutting down variation module ' '%s...' % args.variation_module) try: handler = variation_module['shutdown'] handler(snmpEngine=snmp_engine, options=args.variation_module_options, mode='recording') except Exception as exc: log.error( 'Variation module %s shutdown FAILED: ' '%s' % (args.variation_module, exc)) else: log.info( 'Variation module %s shutdown OK' % args.variation_module) snmp_engine.transportDispatcher.closeDispatcher() started = time.time() - started cb_ctx['total'] += cb_ctx['count'] log.info( 'OIDs dumped: %s, elapsed: %.2f sec, rate: %.2f OIDs/sec, errors: ' '%d' % (cb_ctx['total'], started, started and cb_ctx['count'] // started or 0, cb_ctx['errors'])) args.output_file.flush() args.output_file.close() return cb_ctx.get('errors', 0) and 1 or 0
def testDefMode2(self): s = univ.SequenceOf() s.append(univ.OctetString('ab')) s.append(univ.OctetString('a')) assert encoder.encode(s) == ints2octs((48, 128, 4, 2, 97, 98, 4, 1, 97, 0, 0))
class Message(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', version), namedtype.NamedType('community', univ.OctetString()), namedtype.NamedType('data', rfc1905.PDUs()))
def testDefMode4(self): s = univ.SetOf() s.append(univ.OctetString('a')) s.append(univ.OctetString('b')) assert encoder.encode(s) == ints2octs((49, 128, 4, 1, 97, 4, 1, 98, 0, 0))
def testSimple(self): assert decoder.decode( 'Quick brown fox', asn1Spec=univ.OctetString()) == univ.OctetString('Quick brown fox')
def setUp(self): BaseTestCase.setUp(self) self.s = univ.SetOf(componentType=univ.OctetString())
class CodeSectionDigest(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('offset', univ.Integer()), namedtype.NamedType('digestAlgorithm', univ.ObjectIdentifier()), namedtype.NamedType('digest', univ.OctetString()))
def testShortMode(self): assert encoder.encode( univ.OctetString('Quick brown fox') ) == ints2octs((4, 15, 81, 117, 105, 99, 107, 32, 98, 114, 111, 119, 110, 32, 102, 111, 120))
def processCOFFBinary(stream): outDict = dict() outDict['result'] = False # find the COFF header. # skip forward past the MSDOS stub header to 0x3c. stream.bytepos = 0x3c # read 4 bytes, this is the file offset of the PE signature. pe_sig_offset = stream.read('uintle:32') stream.bytepos = pe_sig_offset # read 4 bytes, make sure it's a PE signature. signature = stream.read('uintle:32') if signature != 0x00004550: return outDict # after signature is the actual COFF file header. coff_header = COFFFileHeader(stream) arch_digest = ArchitectureDigest() if coff_header.items['Machine'] == 0x14c: arch_digest.setComponentByName('cpuType', CPUType('IMAGE_FILE_MACHINE_I386')) elif coff_header.items['Machine'] == 0x8664: arch_digest.setComponentByName('cpuType', CPUType('IMAGE_FILE_MACHINE_AMD64')) arch_digest.setComponentByName('cpuSubType', CPUSubType('IMAGE_UNUSED')) text_section_headers = list(filter(lambda x: (x.items['Characteristics'] & IMAGE_SCN_MEM_EXECUTE) == IMAGE_SCN_MEM_EXECUTE, coff_header.section_headers)) code_segment_digests = SetOfCodeSegmentDigest() code_segment_idx = 0 for code_sect_header in text_section_headers: stream.bytepos = code_sect_header.offset code_sect_bytes = stream.read('bytes:' + str(code_sect_header.items['VirtualSize'])) digester = hashlib.sha256() digester.update(code_sect_bytes) digest = digester.digest() # with open('segment_' + str(code_sect_header.offset) + ".bin", 'wb') as f: # f.write(code_sect_bytes) code_section_digest = CodeSectionDigest() code_section_digest.setComponentByName('offset', code_sect_header.offset) code_section_digest.setComponentByName('digestAlgorithm', univ.ObjectIdentifier('2.16.840.1.101.3.4.2.1')) code_section_digest.setComponentByName('digest', univ.OctetString(digest)) set_of_digest = SetOfCodeSectionDigest() set_of_digest.setComponentByPosition(0, code_section_digest) codeSegmentDigest = CodeSegmentDigest() codeSegmentDigest.setComponentByName('offset', code_sect_header.offset) codeSegmentDigest.setComponentByName('codeSectionDigests', set_of_digest) code_segment_digests.setComponentByPosition(code_segment_idx, codeSegmentDigest) code_segment_idx += 1 arch_digest.setComponentByName('CodeSegmentDigests', code_segment_digests) setOfArchDigests = SetOfArchitectureDigest() setOfArchDigests.setComponentByPosition(0, arch_digest) appDigest = ApplicationDigest() appDigest.setComponentByName('version', 1) appDigest.setComponentByName('digests', setOfArchDigests) outDict['result'] = True outDict['digest'] = appDigest return outDict
def setUp(self): BaseTestCase.setUp(self) self.s = univ.Sequence() self.s.setComponentByPosition(0, univ.Null('')) self.s.setComponentByPosition(1, univ.OctetString('quick brown')) self.s.setComponentByPosition(2, univ.Integer(1))
def configure_managed_objects( data_dirs, data_index_instrum_controller, snmp_engine=None, snmp_context=None): """Build pysnmp Managed Objects base from data files information""" _mib_instrums = {} _data_files = {} for dataDir in data_dirs: log.info( 'Scanning "%s" directory for %s data ' 'files...' % (dataDir, ','.join( [' *%s%s' % (os.path.extsep, x.ext) for x in variation.RECORD_TYPES.values()]))) if not os.path.exists(dataDir): log.info('Directory "%s" does not exist' % dataDir) continue log.msg.inc_ident() for (full_path, text_parser, community_name) in datafile.get_data_files(dataDir): if community_name in _data_files: log.error( 'ignoring duplicate Community/ContextName "%s" for data ' 'file %s (%s already loaded)' % (community_name, full_path, _data_files[community_name])) continue elif full_path in _mib_instrums: mib_instrum = _mib_instrums[full_path] log.info('Configuring *shared* %s' % (mib_instrum,)) else: data_file = datafile.DataFile( full_path, text_parser, variation_modules) data_file.index_text(args.force_index_rebuild, args.validate_data) MibController = controller.MIB_CONTROLLERS[data_file.layout] mib_instrum = MibController(data_file) _mib_instrums[full_path] = mib_instrum _data_files[community_name] = full_path log.info('Configuring %s' % (mib_instrum,)) log.info('SNMPv1/2c community name: %s' % (community_name,)) agent_name = md5( univ.OctetString(community_name).asOctets()).hexdigest() context_name = agent_name if not args.v3_only: # snmpCommunityTable::snmpCommunityIndex can't be > 32 config.addV1System( snmp_engine, agent_name, community_name, contextName=context_name) snmp_context.registerContextName(context_name, mib_instrum) if len(community_name) <= 32: snmp_context.registerContextName(community_name, mib_instrum) data_index_instrum_controller.add_data_file( full_path, community_name, context_name) log.info( 'SNMPv3 Context Name: %s' '%s' % (context_name, len(community_name) <= 32 and ' or %s' % community_name or '')) log.msg.dec_ident() del _mib_instrums del _data_files
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.NamedType( 'unsigned', univ.Integer().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.NamedType( 'floating-point', FloatingPoint().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), namedtype.NamedType( 'real', univ.Real().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), namedtype.NamedType( 'octet-string', univ.OctetString().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), namedtype.NamedType( 'visible-string', char.VisibleString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 10))), namedtype.NamedType( 'binary-time', TimeOfDay().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12))), namedtype.NamedType( 'bcd', univ.Integer().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 13))), namedtype.NamedType( 'booleanArray', univ.BitString().subtype(implicitTag=tag.Tag(