Add logging handler for USM security errors.

Add no-auth and no-priv protocol objects.
Add the OIDs for all the auth and priv protocol objects.

ZEN-35146

Author: jpeacock-zenoss

Diff for: pynetsnmp/CONSTANTS.py

@@ -1,5 +1,5 @@
+NULL = 0
 USM_LENGTH_OID_TRANSFORM = 10
-NULL = None
 MAX_CALLBACK_IDS = 2
 MAX_CALLBACK_SUBIDS = 16
 SNMP_CALLBACK_LIBRARY = 0
@@ -306,7 +306,8 @@
 NETSNMP_CALLBACK_OP_SEND_FAILED = 3
 NETSNMP_CALLBACK_OP_CONNECT = 4
 NETSNMP_CALLBACK_OP_DISCONNECT = 5
-snmp_init_statistics = ()
+NETSNMP_CALLBACK_OP_RESEND = 6
+NETSNMP_CALLBACK_OP_SEC_ERROR = 7
 STAT_SNMPUNKNOWNSECURITYMODELS = 0
 STAT_SNMPINVALIDMSGS = 1
 STAT_SNMPUNKNOWNPDUHANDLERS = 2
@@ -377,7 +378,6 @@
 MAX_STATS = NETSNMP_STAT_MAX_STATS
 COMMUNITY_MAX_LEN = 256
 SPRINT_MAX_LEN = 2560
-NULL = 0
 TRUE = 1
 FALSE = 0
 READ = 1

Diff for: pynetsnmp/netsnmp.py

@@ -59,6 +59,7 @@
     MAX_OID_LEN,
     NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE,
     NETSNMP_CALLBACK_OP_TIMED_OUT,
+    NETSNMP_CALLBACK_OP_SEC_ERROR,
     NETSNMP_DS_LIB_APPTYPE,
     NETSNMP_DS_LIBRARY_ID,
     NETSNMP_LOGHANDLER_CALLBACK,
@@ -658,6 +659,13 @@ def _callback(operation, sp, reqid, pdu, magic):
             sess.callback(pdu.contents)
         elif operation == NETSNMP_CALLBACK_OP_TIMED_OUT:
             sess.timeout(reqid)
+        elif operation == NETSNMP_CALLBACK_OP_SEC_ERROR:
+            _getLogger("callback").error(
+                "peer has rejected security credentials  "
+                "peername=%s security-name=%s",
+                sp.contents.peername,
+                sp.contents.securityName,
+            )
         else:
             _getLogger("callback").error("Unknown operation: %d", operation)
     except Exception as ex:

Diff for: pynetsnmp/twistedsnmp.py

@@ -201,11 +201,7 @@ def create(
             except AttributeError:
                 ip = address
         return cls(
-            ip,
-            port=port,
-            security=security,
-            timeout=timeout,
-            tries=retries,
+            ip, port=port, security=security, timeout=timeout, tries=retries
         )
 
     def __init__(
@@ -214,7 +210,7 @@ def __init__(
         port=161,
         community="public",
         snmpVersion="1",
-        protocol=None,
+        protocol=None,  # no longer used
         allowCache=False,  # no longer used
         timeout=1.5,
         tries=3,
@@ -390,15 +386,14 @@ def open(self):
         if self.session is not None:
             self.session.close()
             self.session = None
+            updateReactor()
 
         if self._security:
             agent = asAgent(self.ip, self.port)
             cmdlineargs = self._security.getArguments() + (
                 ("-t", str(self.timeout), "-r", str(self.tries), agent)
             )
-            self.session = netsnmp.Session(
-                cmdLineArgs=cmdlineargs
-            )
+            self.session = netsnmp.Session(cmdLineArgs=cmdlineargs)
         else:
             self.session = netsnmp.Session(
                 version=netsnmp.SNMP_VERSION_MAP.get(

Diff for: pynetsnmp/usm.py

@@ -1,24 +1,26 @@
 from __future__ import absolute_import
 
+
 class _Protocol(object):
     """ """
 
-    __slots__ = ("name",)
+    __slots__ = ("name", "oid")
 
-    def __init__(self, name):
+    def __init__(self, name, oid):
         self.name = name
+        self.oid = oid
 
     def __eq__(self, other):
         if not isinstance(other, type(self)):
             return NotImplemented
-        return self.name == other.name
+        return self.name == other.name and self.oid == other.oid
 
     def __str__(self):
         return self.name
 
     def __repr__(self):
-        return "<{0.__module__}.{0.__name__} {1}>".format(
-            self.__class__, self.name
+        return "<{0.__module__}.{0.__name__} {1} {2}>".format(
+            self.__class__, self.name, ".".join(str(v) for v in self.oid)
         )
 
 
@@ -53,12 +55,13 @@ def __repr__(self):
         )
 
 
-AUTH_MD5 = _Protocol("MD5")
-AUTH_SHA = _Protocol("SHA")
-AUTH_SHA_224 = _Protocol("SHA-224")
-AUTH_SHA_256 = _Protocol("SHA-256")
-AUTH_SHA_384 = _Protocol("SHA-384")
-AUTH_SHA_512 = _Protocol("SHA-512")
+AUTH_NOAUTH = _Protocol("NOAUTH", (1, 3, 6, 1, 6, 3, 10, 1, 1, 1))
+AUTH_MD5 = _Protocol("MD5", (1, 3, 6, 1, 6, 3, 10, 1, 1, 2))
+AUTH_SHA = _Protocol("SHA", (1, 3, 6, 1, 6, 3, 10, 1, 1, 3))
+AUTH_SHA_224 = _Protocol("SHA-224", (1, 3, 6, 1, 6, 3, 10, 1, 1, 4))
+AUTH_SHA_256 = _Protocol("SHA-256", (1, 3, 6, 1, 6, 3, 10, 1, 1, 5))
+AUTH_SHA_384 = _Protocol("SHA-384", (1, 3, 6, 1, 6, 3, 10, 1, 1, 6))
+AUTH_SHA_512 = _Protocol("SHA-512", (1, 3, 6, 1, 6, 3, 10, 1, 1, 7))
 
 auth_protocols = _Protocols(
     (
@@ -72,10 +75,11 @@ def __repr__(self):
     "authentication",
 )
 
-PRIV_DES = _Protocol("DES")
-PRIV_AES = _Protocol("AES")
-PRIV_AES_192 = _Protocol("AES-192")
-PRIV_AES_256 = _Protocol("AES-256")
+PRIV_NOPRIV = _Protocol("NOPRIV", (1, 3, 6, 1, 6, 3, 10, 1, 2, 1))
+PRIV_DES = _Protocol("DES", (1, 3, 6, 1, 6, 3, 10, 1, 2, 2))
+PRIV_AES = _Protocol("AES", (1, 3, 6, 1, 6, 3, 10, 1, 2, 4))
+PRIV_AES_192 = _Protocol("AES-192", (1, 3, 6, 1, 4, 1, 14832, 1, 3))
+PRIV_AES_256 = _Protocol("AES-256", (1, 3, 6, 1, 4, 1, 14832, 1, 4))
 
 priv_protocols = _Protocols(
     (PRIV_DES, PRIV_AES, PRIV_AES_192, PRIV_AES_256), "privacy"
@@ -85,13 +89,15 @@ def __repr__(self):
 del _Protocols
 
 __all__ = (
+    "AUTH_NOAUTH",
     "AUTH_MD5",
     "AUTH_SHA",
     "AUTH_SHA_224",
     "AUTH_SHA_256",
     "AUTH_SHA_384",
     "AUTH_SHA_512",
     "auth_protocols",
+    "PRIV_NOPRIV",
     "PRIV_DES",
     "PRIV_AES",
     "PRIV_AES_192",