Index: /branches/rel_apv_10_7/usr/click/lib/libca_snmp/snmp_cadmin.c =================================================================== --- /branches/rel_apv_10_7/usr/click/lib/libca_snmp/snmp_cadmin.c (revision 39792) +++ /branches/rel_apv_10_7/usr/click/lib/libca_snmp/snmp_cadmin.c (working copy) @@ -169,6 +169,7 @@ #define SNMPDP_EXE "/ca/bin/snmpdp" #define SNMPDP_PID "/var/run/snmpdp.pid" #define SNMP_RANDOM_KEY "sfG{[5+/af" +#define MASK_PASSWORD "********" extern array_model_t array_models[MAX_MODEL]; @@ -1819,6 +1820,7 @@ char priv_protocol[PASSWORD_MAXLEN + 1] = {0}; char g_comm_user[SNMPV3_USERNAME_MAXLEN + 1]; uint32_t trap_ver; + int use_existing_auth_pw = 0; // To check if auth_password is ******** snmp_info_t *pInfo = snmp_server_attach(); if (pInfo == NULL) { @@ -1880,94 +1882,122 @@ return CA_ERR_SNMP_INVAL; } } - if (0 == strncmp(auth_password, ENCRYPTSTR, ENCRYPTSTR_LEN)) { - encry_auth_pw = 1; - } - - if (auth_pw_len < PASSWORD_MINLEN) { - printf("password must be not less than 8 characters\n"); - snmp_server_unlock(); - return CA_ERR_SNMP_INVAL; - } - - if ((encry_auth_pw && auth_pw_len > MAX_ENCRPT_PASSWD_LEN) || - (!encry_auth_pw && auth_pw_len > PASSWORD_MAXLEN)) { - printf("password is too long\n"); - snmp_server_unlock(); - return CA_ERR_SNMP_INVAL; - } - - if (encry_auth_pw && cli_interactive()) { - printf("Invalid password. It can not be an encrypted password.\n"); - snmp_server_unlock(); - return CA_ERR_SNMP_INVAL; - } - - if (strncasecmp(security_level, SNMP_PRIV_STR, strlen(SNMP_PRIV_STR)) == 0) { - security_flag = SNMPV3_PRIV; - } else if (strncasecmp(security_level, SNMP_AUTH_STR, strlen(SNMP_PRIV_STR)) == 0) { - security_flag = SNMPV3_AUTH; + if (strcmp(auth_password, MASK_PASSWORD) == 0) { + use_existing_auth_pw = 1; } else { - printf("security level error, please choose from {authNopriv|authPriv}\n"); - snmp_server_unlock(); - return CA_ERR_SNMP_INVAL; - } - - if (security_flag == SNMPV3_PRIV) { - if (0 == strncmp(priv_password, ENCRYPTSTR, ENCRYPTSTR_LEN)) { - encry_priv_pw = 1; + if (0 == strncmp(auth_password, ENCRYPTSTR, ENCRYPTSTR_LEN)) { + encry_auth_pw = 1; } - if (priv_pw_len < PASSWORD_MINLEN) { + + if (auth_pw_len < PASSWORD_MINLEN) { printf("password must be not less than 8 characters\n"); snmp_server_unlock(); return CA_ERR_SNMP_INVAL; } - if ((encry_priv_pw && priv_pw_len > MAX_ENCRPT_PASSWD_LEN) || - (!encry_priv_pw && priv_pw_len > PASSWORD_MAXLEN)) { + if ((encry_auth_pw && auth_pw_len > MAX_ENCRPT_PASSWD_LEN) || + (!encry_auth_pw && auth_pw_len > PASSWORD_MAXLEN)) { printf("password is too long\n"); snmp_server_unlock(); return CA_ERR_SNMP_INVAL; } - if (encry_priv_pw && cli_interactive()) { + if (encry_auth_pw && cli_interactive()) { printf("Invalid password. It can not be an encrypted password.\n"); snmp_server_unlock(); return CA_ERR_SNMP_INVAL; } + } + + if (strncasecmp(security_level, SNMP_PRIV_STR, strlen(SNMP_PRIV_STR)) == 0) { + security_flag = SNMPV3_PRIV; + } else if (strncasecmp(security_level, SNMP_AUTH_STR, strlen(SNMP_PRIV_STR)) == 0) { + security_flag = SNMPV3_AUTH; + } else { + printf("security level error, please choose from {authNopriv|authPriv}\n"); + snmp_server_unlock(); + return CA_ERR_SNMP_INVAL; + } - if (encry_priv_pw) { - strlcpy(encry_priv_passwd, priv_password, sizeof(encry_priv_passwd)); - if (decrypt_passwd((unsigned char *)priv_password + ENCRYPTSTR_LEN, SNMP_RANDOM_KEY, decrypt_priv_passwd, sizeof(decrypt_priv_passwd))) { - printf("Password %s decrypt fail!\n", priv_password); + if (security_flag == SNMPV3_PRIV) { + if (strcmp(priv_password, MASK_PASSWORD) == 0) { + // If priv_password is ********, use the existing encrypted password pInfo->host[i].privPassword + // and decrypt it to get the plain text and set to priv_password + strlcpy(encry_priv_passwd, pInfo->host[i].privPassword, sizeof(encry_priv_passwd)); + if (decrypt_passwd((unsigned char *)pInfo->host[i].privPassword + ENCRYPTSTR_LEN, SNMP_RANDOM_KEY, decrypt_priv_passwd, sizeof(decrypt_priv_passwd))) { + printf("Password %s decrypt fail!\n", pInfo->host[i].privPassword); snmp_server_unlock(); return CA_ERR_SNMP_INVAL; } priv_password = decrypt_priv_passwd; } else { - strncpy(encry_priv_passwd, ENCRYPTSTR, ENCRYPTSTR_LEN); - if (encrypt_passwd((unsigned char*)priv_password, SNMP_RANDOM_KEY, encry_priv_passwd + ENCRYPTSTR_LEN, sizeof(encry_priv_passwd) - ENCRYPTSTR_LEN)) { - printf("Password %s encrypt fail!\n", priv_password); + if (0 == strncmp(priv_password, ENCRYPTSTR, ENCRYPTSTR_LEN)) { + encry_priv_pw = 1; + } + if (priv_pw_len < PASSWORD_MINLEN) { + printf("password must be not less than 8 characters\n"); + snmp_server_unlock(); + return CA_ERR_SNMP_INVAL; + } + + if ((encry_priv_pw && priv_pw_len > MAX_ENCRPT_PASSWD_LEN) || + (!encry_priv_pw && priv_pw_len > PASSWORD_MAXLEN)) { + printf("password is too long\n"); snmp_server_unlock(); return CA_ERR_SNMP_INVAL; } + + if (encry_priv_pw && cli_interactive()) { + printf("Invalid password. It can not be an encrypted password.\n"); + snmp_server_unlock(); + return CA_ERR_SNMP_INVAL; + } + + if (encry_priv_pw) { + strlcpy(encry_priv_passwd, priv_password, sizeof(encry_priv_passwd)); + if (decrypt_passwd((unsigned char *)priv_password + ENCRYPTSTR_LEN, SNMP_RANDOM_KEY, decrypt_priv_passwd, sizeof(decrypt_priv_passwd))) { + printf("Password %s decrypt fail!\n", priv_password); + snmp_server_unlock(); + return CA_ERR_SNMP_INVAL; + } + priv_password = decrypt_priv_passwd; + } else { + strncpy(encry_priv_passwd, ENCRYPTSTR, ENCRYPTSTR_LEN); + if (encrypt_passwd((unsigned char*)priv_password, SNMP_RANDOM_KEY, encry_priv_passwd + ENCRYPTSTR_LEN, sizeof(encry_priv_passwd) - ENCRYPTSTR_LEN)) { + printf("Password %s encrypt fail!\n", priv_password); + snmp_server_unlock(); + return CA_ERR_SNMP_INVAL; + } + } } } - if (encry_auth_pw) { - strlcpy(encry_auth_passwd, auth_password, sizeof(encry_auth_passwd)); - if (decrypt_passwd((unsigned char *)auth_password + ENCRYPTSTR_LEN, SNMP_RANDOM_KEY, decrypt_auth_passwd, sizeof(decrypt_auth_passwd))) { - printf("Password %s decrypt fail!\n", auth_password); + if (use_existing_auth_pw == 1) { + // If auth_password is ********, use the existing encrypted password pInfo->host[i].authPassword + // and decrypt it to get the plain text and set to auth_password + strlcpy(encry_auth_passwd, pInfo->host[i].authPassword, sizeof(encry_auth_passwd)); + if (decrypt_passwd((unsigned char *)pInfo->host[i].authPassword + ENCRYPTSTR_LEN, SNMP_RANDOM_KEY, decrypt_auth_passwd, sizeof(decrypt_auth_passwd))) { + printf("Password %s decrypt fail!\n", pInfo->host[i].authPassword); snmp_server_unlock(); return CA_ERR_SNMP_INVAL; } auth_password = decrypt_auth_passwd; } else { - strncpy(encry_auth_passwd, ENCRYPTSTR, ENCRYPTSTR_LEN); - if (encrypt_passwd((unsigned char*)auth_password, SNMP_RANDOM_KEY, encry_auth_passwd + ENCRYPTSTR_LEN, sizeof(encry_auth_passwd) - ENCRYPTSTR_LEN)) { - printf("Password %s encrypt fail!\n", auth_password); - snmp_server_unlock(); - return CA_ERR_SNMP_INVAL; + if (encry_auth_pw) { + strlcpy(encry_auth_passwd, auth_password, sizeof(encry_auth_passwd)); + if (decrypt_passwd((unsigned char *)auth_password + ENCRYPTSTR_LEN, SNMP_RANDOM_KEY, decrypt_auth_passwd, sizeof(decrypt_auth_passwd))) { + printf("Password %s decrypt fail!\n", auth_password); + snmp_server_unlock(); + return CA_ERR_SNMP_INVAL; + } + auth_password = decrypt_auth_passwd; + } else { + strncpy(encry_auth_passwd, ENCRYPTSTR, ENCRYPTSTR_LEN); + if (encrypt_passwd((unsigned char*)auth_password, SNMP_RANDOM_KEY, encry_auth_passwd + ENCRYPTSTR_LEN, sizeof(encry_auth_passwd) - ENCRYPTSTR_LEN)) { + printf("Password %s encrypt fail!\n", auth_password); + snmp_server_unlock(); + return CA_ERR_SNMP_INVAL; + } } } } else { Index: /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/apv/models/admintools/snmp/__init__.py =================================================================== --- /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/apv/models/admintools/snmp/__init__.py (revision 39792) +++ /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/apv/models/admintools/snmp/__init__.py (working copy) @@ -243,7 +243,6 @@ ('v3','V3'), ), primary_key=True) ip = IPAddressField(verbose_name='IP', primary_key=True) - port = PortField(verbose_name=_('Host Port'), default=162, optional=True) class Meta: abstract = True @@ -360,6 +359,20 @@ host_cli = 'snmp host %(ip_str)s 3 "%(username)s"' % data cli.cmd(host_cli, BlankParser(nonblank_exception=CLICmdError, supplement=True, ignore_msg=["please run \"snmp auth\" for trap version 3 to be functional"])) + result = self.update_by_version(cli, instance, data) + return result + + def update_by_version(self, cli, instance, data=None): + """ + Update SNMP server auth info based on version + :param self: model instance + :param cli: cli instance + :param instance: updated model instance + :param data: dict from instance.get_field_dict() + """ + if data is None: + data = instance.get_field_dict() + data['ip_str'] = data['ip'].values()[0] # handle auth CLI param for different version auth_data = [ '%(ip_str)s', @@ -390,6 +403,7 @@ class SNMPV1V2Servers(Server): type = DerivedField(value='v1v2') + port = PortField(verbose_name=_('Host Port'), default=162, optional=True) version_id = EnumField(verbose_name='Version ID',values=( ('1', '1'), ('2', '2'), @@ -418,22 +432,23 @@ class SNMPV3Servers(Server): type = DerivedField(value='v3') - engine_id = CharField(verbose_name='Engine ID', length='0..32', optional=True) + port = PortField(verbose_name=_('Host Port'), default=162, optional=True, editable=True) + engine_id = CharField(verbose_name='Engine ID', length='0..32', optional=True, editable=True) username = CharField(verbose_name='User Name') level = EnumField(verbose_name='Security Level',values=( ('authNopriv', 'authNopriv'), ('authPriv', 'authPriv'), - ), default='authNopriv') - auth_password = CharField(verbose_name='Authentication Password', length='8..32') + ), default='authNopriv', editable=True) + auth_password = CharField(verbose_name='Authentication Password', length='8..32', editable=True) auth_protocol = EnumField(verbose_name='Authentication Protocol', values=( ('MD5', 'MD5'), ('SHA1', 'SHA1'), - ), default='MD5', optional=True) - priv_password = CharField(verbose_name='Private Password', length='8..32', condition=ValueCondition('level', 'authPriv'), optional=True) + ), default='MD5', optional=True, editable=True) + priv_password = CharField(verbose_name='Private Password', length='8..32', condition=ValueCondition('level', 'authPriv'), editable=True) priv_protocol = EnumField(verbose_name='Private Password Protocol', condition=ValueCondition('level', 'authPriv'), values=( ('AES', 'AES'), ('DES', 'DES'), - ), default='DES', optional=True) + ), default='DES', optional=True, editable=True) class Meta: verbose_name = 'SNMP V3 Servers' @@ -452,6 +467,11 @@ result = server_manager.insert_by_version(self.cli, instance) return result + def _update(self, instance): + self.cli.set_config() + server_manager = Server.get_manager(self._session) + result = server_manager.update_by_version(self.cli, instance) + return result class SNMPV3User(ANModel):