search

soulwing / tnm4j

A simplified SNMP API for Java, based on Jürgen Schönwälder's Tnm extension for Tcl.
GNU General Public License v3.0
41 stars 18 forks source link

Unable to set authNoPriv security level #24

Closed spidloun closed 2 years ago

spidloun commented 2 years ago

Hello, I am trying to authenticate against device using SNMPv3 with auth but no encryption (authNoPriv mode).

However, if I create a SimpleSNMPv3Target with setPrivType set to null, I got a NullPointerException.

I went through the source code and I have come to a conclusion, that it cannot be done. If I look at this line https://github.com/soulwing/tnm4j/blob/1ad1a15562f4ca79a11c745faf38273cca75dd05/src/main/java/org/soulwing/snmp/provider/snmp4j/UserTargetStrategy.java#L80 I understand, that the setPrivType should be set to null in order to get authNoPriv security level as stated on the very next line.

However, if I do that, the code fails because of this line https://github.com/soulwing/tnm4j/blob/1ad1a15562f4ca79a11c745faf38273cca75dd05/src/main/java/org/soulwing/snmp/provider/snmp4j/UserTargetStrategy.java#L70 as it expects the privType to be non-null in every case.

As a consequence, the desired security level is never reached.

Additional notes: NullPointerException is obviously fired by the switch-case statement in privType function here https://github.com/soulwing/tnm4j/blob/1ad1a15562f4ca79a11c745faf38273cca75dd05/src/main/java/org/soulwing/snmp/provider/snmp4j/UserTargetStrategy.java#L108 As switch-case is known not to accept null`s until Java v18, this will not work.

ceharris commented 2 years ago

Apparently no one has been using authNoPriv mode, since it's pretty obviously broken. Thanks for reporting it!

The constructor for the UsmUser class in SNMP4j will accept null for the privacy protocol and passphrase. It will also accept null for the auth protocol and auth passphrase.

The fix for this is pretty straightforward.

  1. Return null early in the privType method if the priv type specified in v3Target is null. Same change in the authType method.
  2. Introduce private privPassphrase and authPassphrase methods that return null if the corresponding type property in v3Target is null or the passphrase is null, otherwise return the passphrase string wrapped in an OctetString. Use the new methods in place of the direct calls to the OctetString constructor in the call to the UsmUser constructor.

If you'd like to get this fixed quickly, you could do a pull request that implements the above changes.

If you don't submit a PR for it, I'll fix myself in a subsequent release the next time I give this project some cycles.

ceharris commented 2 years ago

Fixed by #26