Bug #125332 for Net-SNMP: Bug: security level is always set to noauthnopriv
This queue is for tickets about the Net-SNMP CPAN distribution.
Report information
The Basics
People
Owner:
dtown [...] cpan.org
Requestors:
anexiole [...] gmail.com
Cc:
AdminCc:
BugTracker
Severity:
Normal
Broken in:
(no value)
Fixed in:
(no value)
Subject: | Re: [rt.cpan.org #125332] AutoReply: Bug: security level is always set to noauthnopriv |
Date: | Thu, 17 May 2018 14:43:11 +1000 |
To: | bug-Net-SNMP@rt.cpan.org |
From: | Gordon Yeong <anexiole@gmail.com> |
in line 133 , they set the priv protocol and next, in line 148, they evaluate the priv protocol and of course it fails. Wtf?
In Net::SNMP::Security::USM :
124 '_time_epoc' => time(), # snmpEngineBoots epoc
125 '_user_name' => q{}, # securityName
126 '_auth_data' => undef, # Authentication data
127 '_auth_key' => undef, # authKey
128 '_auth_password' => undef, # Authentication password
129 '_auth_protocol' => AUTH_PROTOCOL_HMACMD5, # authProtocol
130 '_priv_data' => undef, # Privacy data
131 '_priv_key' => undef, # privKey
132 '_priv_password' => undef, # Privacy password
133 '_priv_protocol' => PRIV_PROTOCOL_DES, # privProtocol
134 '_security_level' => SECURITY_LEVEL_NOAUTHNOPRIV
135 }, $class;
136
137 # We first need to find out if we are an authoritative SNMP
138 # engine and set the authProtocol and privProtocol if they
139 # have been provided.
140
141 foreach (keys %argv) {
142
143 if (/^-?authoritative$/i) {
144 $this->{_authoritative} = (delete $argv{$_}) ? TRUE : FALSE;
145 } elsif (/^-?authprotocol$/i) {
146 $this->_auth_protocol(delete $argv{$_});
147 } elsif (/^-?privprotocol$/i) {
148 $this->_priv_protocol(delete $argv{$_});
149 }
150
151 if (defined $this->{_error}) {
152 return wantarray ? (undef, $this->{_error}) : undef;
153 }
154 }
155
156 # Now validate the rest of the passed arguments
157
158 for (keys %argv) {
159
160 if (/^-?version$/i) {
161 $this->_version($argv{$_});
Subject: | Re: [rt.cpan.org #125332] AutoReply: Bug: security level is always set to noauthnopriv |
Date: | Thu, 17 May 2018 14:48:21 +1000 |
To: | bug-Net-SNMP@rt.cpan.org |
From: | Gordon Yeong <anexiole@gmail.com> |
sorry ignore prev reply.
in line 133 , in line 148, they evaluate the priv protocol without any condition and of course it fails (when security level ais either noAuthnoPriv or authNoPriv).
in line 133 , in line 148, they evaluate the priv protocol without any condition and of course it fails (when security level ais either noAuthnoPriv or authNoPriv).
In Net::SNMP::Security::USM :
141 foreach (keys %argv) {
142
143 if (/^-?authoritative$/i) {
144 $this->{_authoritative} = (delete $argv{$_}) ? TRUE : FALSE;
145 } elsif (/^-?authprotocol$/i) {
146 $this->_auth_protocol(delete $argv{$_});
147 } elsif (/^-?privprotocol$/i) {
148 $this->_priv_protocol(delete $argv{$_});
149 }
There should be a filter to only invoke _priv_protocol() ONLY IF $argv{ $key } was defined
Should look like this:
147 } elsif (/^-?privprotocol$/i) {
148 if ( defined($argv{$$}))
149 {
150 $this->_priv_protocol(delete $argv{$_});
151 }
152 }
Subject: | Re: [rt.cpan.org #125332] AutoReply: Bug: security level is always set to noauthnopriv |
Date: | Thu, 17 May 2018 14:50:23 +1000 |
To: | bug-Net-SNMP@rt.cpan.org |
From: | Gordon Yeong <anexiole@gmail.com> |
actually, the filter to make sure the $argv{$key} should apply to all..
Should look like this:
143 if ( defined($argv{$$}))
144 {
145 if (/^-?authoritative$/i) {
146 $this->{_authoritative} = (delete $argv{$_}) ? TRUE : FALSE;
147 } elsif (/^-?authprotocol$/i) {
148 $this->_auth_protocol(delete $argv{$_});
149 } elsif (/^-?privprotocol$/i) {
150 $this->_priv_protocol(delete $argv{$_});
151 }
152 }
Subject: | Re: [rt.cpan.org #125332] AutoReply: Bug: security level is always set to noauthnopriv |
Date: | Thu, 17 May 2018 14:51:24 +1000 |
To: | bug-Net-SNMP@rt.cpan.org |
From: | Gordon Yeong <anexiole@gmail.com> |
actually, the filter to make sure the $argv{$key} should apply to all..
Should look like this:
143 if ( defined($argv{$}))
144 {
145 if (/^-?authoritative$/i) {
146 $this->{_authoritative} = (delete $argv{$_}) ? TRUE : FALSE;
147 } elsif (/^-?authprotocol$/i) {
148 $this->_auth_protocol(delete $argv{$_});
149 } elsif (/^-?privprotocol$/i) {
Subject: | Re: [rt.cpan.org #125332] AutoReply: Bug: security level is always set to noauthnopriv |
Date: | Thu, 17 May 2018 15:03:11 +1000 |
To: | bug-Net-SNMP@rt.cpan.org |
From: | Gordon Yeong <anexiole@gmail.com> |
this is another stupid mistake. Different security levels such as authNoPriv dont give a fuck about privpassword or privprotocol. So why check for it?
160 # Now validate the rest of the passed arguments
161
162 for (keys %argv) {
163
164 if (/^-?version$/i) {
165 $this->_version($argv{$_});
166 } elsif (/^-?debug$/i) {
167 $this->debug($argv{$_});
168 } elsif ((/^-?engineid$/i) && ($this->{_authoritative})) {
169 $this->_engine_id($argv{$_});
170 } elsif (/^-?username$/i) {
171 $this->_user_name($argv{$_});
172 } elsif (/^-?authkey$/i) {
173 $this->_auth_key($argv{$_});
174 } elsif (/^-?authpassword$/i) {
175 $this->_auth_password($argv{$_});
176 } elsif (/^-?privkey$/i) {
177 $this->_priv_key($argv{$_});
178 } elsif (/^-?privpassword$/i) {
179 $this->_priv_password($argv{$_});
180 } else {
181 $this->_error('The argument "%s" is unknown', $_);
182 }
183
184 if (defined $this->{_error}) {
185 return wantarray ? (undef, $this->{_error}) : undef;
186 }
187
188 }
Subject: | Re: [rt.cpan.org #125332] Bug: security level is always set to noauthnopriv |
Date: | Fri, 18 May 2018 10:34:00 +1000 |
To: | bug-Net-SNMP@rt.cpan.org |
From: | Gordon Yeong <anexiole@gmail.com> |
$VAR1 = {
'-version' => 3,
'-port' => 161,
'-authpassword' => 't3stPasWOQD',
'-domain' => 'udp4',
'-username' => 'test_authnopriv',
'-authprotocol' => 'SHA',
'-hostname' => <deleted>
};
Seems that once it gets to privPassword, it bails out.
Then again , by passing in authpassword and authprotocol, that should be a good sign I want authNoPriv as a security level (since we cannot explicitly define the security level).
I had also tried the following and it still fails because when it gets to privPassword in %argv, it will also evaluate the _discovery and _authorirty attributes thus causing the security level to move from authNoPriv to authPriv thus a failure in my snmp get request.
$VAR1 = {
'-version' => 3,
'-port' => 161,
'-authpassword' => '
t3stPasWOQD
',
'-privprotocol' => 'AES',
'-domain' => 'udp4',
'-privpassword' => ' ',
'-username' => '
test_authnopriv
',
'-authoritative' => 1,
'-authprotocol' => 'SHA',
'-hostname' => <deleted>
};
Subject: | Re: [rt.cpan.org #125332] Bug: security level is always set to noauthnopriv |
Date: | Fri, 18 May 2018 10:42:44 +1000 |
To: | bug-Net-SNMP@rt.cpan.org |
From: | Gordon Yeong <anexiole@gmail.com> |
This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.
Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.
Time to display: 0.409761 - RT Version 5.0.1
Copyright 1996-2021 »|« Best Practical Solutions, LLC.