[Git][NTPsec/ntpsec][master] 4 commits: Added AgentX sessionID error check and response

Ian Bruene gitlab at mg.gitlab.com
Tue Oct 31 17:32:40 UTC 2017 

Ian Bruene pushed to branch master at NTPsec / ntpsec


Commits:
f77c091f by Ian Bruene at 2017-10-30T15:27:00-05:00
Added AgentX sessionID error check and response

- - - - -
0d7e1b3c by Ian Bruene at 2017-10-30T17:57:52-05:00
Added and used sendErrorPacket() method

- - - - -
cd836f81 by Ian Bruene at 2017-10-30T18:01:07-05:00
Removed redundant, and non-coherent getNextOID() function from getOID()

- - - - -
7ff2aba4 by Ian Bruene at 2017-10-31T12:31:06-05:00
First Mode 6 - SNMP contact

- - - - -


1 changed file:

- ntpclients/ntpsnmpd


Changes:

=====================================
ntpclients/ntpsnmpd
=====================================
--- a/ntpclients/ntpsnmpd
+++ b/ntpclients/ntpsnmpd
@@ -12,6 +12,7 @@ import select
 import subprocess
 
 try:
+    import ntp.packet
     import ntp.util
     import ntp.agentx
     ax = ntp.agentx
@@ -30,6 +31,8 @@ timeout = 5  # default timeout, what shuold this be?
 
 ntpRootOID = (1, 3, 6, 1, 2, 1, 197)  # mib-2 . 197, aka: NTPv4-MIB
 
+DEFHOST = "localhost"  # For now only know how to talk to the local ntp
+
 
 class DataSource:  # This may be broken up in future to be less NTP-specific
     def __init__(self):
@@ -211,18 +214,18 @@ class DataSource:  # This may be broken up in future to be less NTP-specific
                                   # ntpEntNotifGroup NOTIFICATIONS {...}
                                   3: (None, None, None)})})}
         self.oidList = ntp.agentx.mibTree2List(self.oidTree, ntpRootOID)
+        self.session = ntp.packet.ControlSession()
+        self.session.openhost(DEFHOST)  # only local for now
 
-    def getOID(self, oid, acceptNext=False):
+    def getOID(self, oid):
         "Get the requested OID, or the next lexographical OID"
         for node in self.oidList:
             if node[0] is None:  # No read callback
                 continue  # skip over not yet implemented OIDs
             if (node[2] == oid):
-                return node  # (callback, oid)
-            elif (node[2] > oid) and (acceptNext is True):
-                return node
+                return node  # (read_callback, write_callback, oid)
         # Nothing in the list
-        return (None, None)
+        return (None, None, None)
 
     def getNextOID(self, oid):
         "Get the next lexographical OID"
@@ -296,7 +299,8 @@ class DataSource:  # This may be broken up in future to be less NTP-specific
 
     def cb_statusStratum(self, oid):  # DUMMY
         # NTPstratum
-        return ax.Varbind(ax.VALUE_GAUGE32, oid, 16)
+        data = self.session.readvar(0, ["stratum"])
+        return ax.Varbind(ax.VALUE_GAUGE32, oid, data["stratum"])
 
     def cb_statusActiveRefSourceID(self, oid):  # DUMMY
         # range of uint32
@@ -517,6 +521,11 @@ class PacketControl:
             try:
                 pkt, extraData = ntp.agentx.decode_packet(self.recievedData)
                 self.recievedData = extraData
+                if (self.sessionID is not None) and \
+                   (pkt.sessionID != self.sessionID):
+                    # sessionID does not match
+                    self.sendErrorResponse(e.header, ax.RSPERR_NOT_OPEN, 0)
+                    continue
                 self.recievedPackets.append(pkt)
                 dolog("\npacketEater got a full packet: %s\n" % repr(pkt), 3)
             except ax.ParseDataLengthError:
@@ -526,12 +535,7 @@ class PacketControl:
                 if e.header["type"] != ax.PDU_RESPONSE:
                     # Response errors are silently dropped, per RFC
                     # Everything else sends an error response
-                    resp = ax.ResponsePDU(e.header["flags"]["bigEndian"],
-                                          e.header["session_id"],
-                                          e.header["transaction_id"],
-                                          e.header["packet_id"],
-                                          0, ax.RSPERR_PARSE_ERROR, 0)
-                    self.sendPacket(resp, False)
+                    self.sendErrorResponse(e.header, ax.RSPERR_PARSE_ERROR, 0)
                 # *Hopefully* the packet length was correct.....
                 #  if not, all packets will be scrambled. Maybe dump the
                 #  whole buffer if too many failures in a row?
@@ -547,6 +551,14 @@ class PacketControl:
                      packet.packetID)
             self.packetLog[index] = packet
 
+    def sendErrorResponse(self, errorHeader, errorType, errorIndex):
+        err = ax.ResponsePDU(errorHeader["flags"]["bigEndian"],
+                             errorHeader["session_id"],
+                             errorHeader["transaction_id"],
+                             errorHeader["packet_id"],
+                             0, errorType, errorIndex)
+        self.sendPacket(err, False)
+
     def pollSocket(self):
         "Reads all currently available data from the socket, non-blocking"
         data = ""
@@ -571,7 +583,7 @@ class PacketControl:
         binds = []
         for oidr in packet.oidranges:
             target = oidr.start
-            r_clbk, w_clbk, oid = self.database.getOID(target, False)
+            r_clbk, w_clbk, oid = self.database.getOID(target)
             if (oid != target) or (r_clbk is None):
                 binds.append(ax.Varbind(ax.VALUE_NO_SUCH_OBJECT, target))
             else:



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/1af3c8fc5b77671142dad048f7024e819344c058...7ff2aba44053322c1bc93fba0474f46e6e00a357

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/1af3c8fc5b77671142dad048f7024e819344c058...7ff2aba44053322c1bc93fba0474f46e6e00a357
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20171031/aa012b73/attachment.html>

More information about the vc mailing list