cisco_node_utils 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +3 -0
- data/.rubocop_todo.yml +293 -0
- data/CHANGELOG.md +5 -0
- data/CONTRIBUTING.md +31 -0
- data/Gemfile +4 -0
- data/LICENSE +201 -0
- data/README.md +113 -0
- data/Rakefile +4 -0
- data/cisco_node_utils.gemspec +30 -0
- data/lib/cisco_node_utils.rb +33 -0
- data/lib/cisco_node_utils/README_YAML.md +333 -0
- data/lib/cisco_node_utils/cisco_cmn_utils.rb +92 -0
- data/lib/cisco_node_utils/command_reference.rb +415 -0
- data/lib/cisco_node_utils/command_reference_common.yaml +845 -0
- data/lib/cisco_node_utils/command_reference_n3064.yaml +13 -0
- data/lib/cisco_node_utils/command_reference_n7k.yaml +48 -0
- data/lib/cisco_node_utils/command_reference_n9k.yaml +35 -0
- data/lib/cisco_node_utils/configparser_lib.rb +196 -0
- data/lib/cisco_node_utils/interface.rb +501 -0
- data/lib/cisco_node_utils/interface_ospf.rb +241 -0
- data/lib/cisco_node_utils/node.rb +673 -0
- data/lib/cisco_node_utils/platform.rb +184 -0
- data/lib/cisco_node_utils/platform_info.rb +58 -0
- data/lib/cisco_node_utils/platform_info.yaml +10 -0
- data/lib/cisco_node_utils/router_ospf.rb +96 -0
- data/lib/cisco_node_utils/router_ospf_vrf.rb +258 -0
- data/lib/cisco_node_utils/snmpcommunity.rb +91 -0
- data/lib/cisco_node_utils/snmpgroup.rb +55 -0
- data/lib/cisco_node_utils/snmpserver.rb +150 -0
- data/lib/cisco_node_utils/snmpuser.rb +342 -0
- data/lib/cisco_node_utils/tacacs_server.rb +175 -0
- data/lib/cisco_node_utils/tacacs_server_host.rb +128 -0
- data/lib/cisco_node_utils/version.rb +17 -0
- data/lib/cisco_node_utils/vlan.rb +153 -0
- data/lib/cisco_node_utils/vtp.rb +127 -0
- data/lib/cisco_node_utils/yum.rb +84 -0
- data/tests/basetest.rb +93 -0
- data/tests/ciscotest.rb +136 -0
- data/tests/cmd_config.yaml +51 -0
- data/tests/cmd_config_invalid.yaml +16 -0
- data/tests/test_all_cisco.rb +46 -0
- data/tests/test_command_config.rb +192 -0
- data/tests/test_command_reference.rb +222 -0
- data/tests/test_interface.rb +1017 -0
- data/tests/test_interface_ospf.rb +763 -0
- data/tests/test_interface_svi.rb +267 -0
- data/tests/test_interface_switchport.rb +722 -0
- data/tests/test_node.rb +108 -0
- data/tests/test_node_ext.rb +450 -0
- data/tests/test_platform.rb +188 -0
- data/tests/test_router_ospf.rb +164 -0
- data/tests/test_router_ospf_vrf.rb +753 -0
- data/tests/test_snmpcommunity.rb +344 -0
- data/tests/test_snmpgroup.rb +71 -0
- data/tests/test_snmpserver.rb +443 -0
- data/tests/test_snmpuser.rb +803 -0
- data/tests/test_tacacs_server.rb +388 -0
- data/tests/test_tacacs_server_host.rb +391 -0
- data/tests/test_vlan.rb +264 -0
- data/tests/test_vtp.rb +319 -0
- data/tests/test_yum.rb +106 -0
- metadata +188 -0
@@ -0,0 +1,91 @@
|
|
1
|
+
#
|
2
|
+
# NXAPI implementation of SnmpCommunity class
|
3
|
+
#
|
4
|
+
# December 2014, Alex Hunsberger
|
5
|
+
#
|
6
|
+
# Copyright (c) 2014-2015 Cisco and/or its affiliates.
|
7
|
+
#
|
8
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
9
|
+
# you may not use this file except in compliance with the License.
|
10
|
+
# You may obtain a copy of the License at
|
11
|
+
#
|
12
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
13
|
+
#
|
14
|
+
# Unless required by applicable law or agreed to in writing, software
|
15
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
16
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
17
|
+
# See the License for the specific language governing permissions and
|
18
|
+
# limitations under the License.
|
19
|
+
|
20
|
+
require File.join(File.dirname(__FILE__), 'node')
|
21
|
+
|
22
|
+
module Cisco
|
23
|
+
class SnmpCommunity
|
24
|
+
@@communities = nil
|
25
|
+
@@node = Cisco::Node.instance
|
26
|
+
|
27
|
+
def initialize(name, group, instantiate=true)
|
28
|
+
raise TypeError unless name.is_a?(String) and group.is_a?(String)
|
29
|
+
@name = name
|
30
|
+
|
31
|
+
if instantiate
|
32
|
+
@@node.config_set("snmp_community", "community", "", name, group)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def SnmpCommunity.communities
|
37
|
+
@@communities = {}
|
38
|
+
comms = @@node.config_get("snmp_community", "all_communities")
|
39
|
+
unless comms.nil?
|
40
|
+
comms.each { |comm|
|
41
|
+
@@communities[comm] = SnmpCommunity.new(comm, "", false)
|
42
|
+
}
|
43
|
+
end
|
44
|
+
@@communities
|
45
|
+
end
|
46
|
+
|
47
|
+
def destroy
|
48
|
+
# CLI requires specifying a group even for "no" commands
|
49
|
+
@@node.config_set("snmp_community", "community", "no", @name, "null")
|
50
|
+
@@communities.delete(@name) unless @@communities.nil?
|
51
|
+
end
|
52
|
+
|
53
|
+
# name is read only
|
54
|
+
# def name
|
55
|
+
# @name
|
56
|
+
# end
|
57
|
+
|
58
|
+
def group
|
59
|
+
result = @@node.config_get("snmp_community", "group", @name)
|
60
|
+
result.nil? ? SnmpCommunity.default_group : result.first
|
61
|
+
end
|
62
|
+
|
63
|
+
def group=(group)
|
64
|
+
raise TypeError unless group.is_a?(String)
|
65
|
+
@@node.config_set("snmp_community", "group", @name, group)
|
66
|
+
end
|
67
|
+
|
68
|
+
def SnmpCommunity.default_group
|
69
|
+
@@node.config_get_default("snmp_community", "group")
|
70
|
+
end
|
71
|
+
|
72
|
+
def acl
|
73
|
+
result = @@node.config_get("snmp_community", "acl", @name)
|
74
|
+
result.nil? ? SnmpCommunity.default_acl : result.first
|
75
|
+
end
|
76
|
+
|
77
|
+
def acl=(acl)
|
78
|
+
raise TypeError unless acl.is_a?(String)
|
79
|
+
if acl.empty?
|
80
|
+
acl = self.acl
|
81
|
+
@@node.config_set("snmp_community", "acl", "no", @name, acl) unless acl.empty?
|
82
|
+
else
|
83
|
+
@@node.config_set("snmp_community", "acl", "", @name, acl)
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
def SnmpCommunity.default_acl
|
88
|
+
@@node.config_get_default("snmp_community", "acl")
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
#
|
2
|
+
# NXAPI implementation of SnmpGroup class
|
3
|
+
#
|
4
|
+
# February 2015, Chris Van Heuveln
|
5
|
+
#
|
6
|
+
# Copyright (c) 2015 Cisco and/or its affiliates.
|
7
|
+
#
|
8
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
9
|
+
# you may not use this file except in compliance with the License.
|
10
|
+
# You may obtain a copy of the License at
|
11
|
+
#
|
12
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
13
|
+
#
|
14
|
+
# Unless required by applicable law or agreed to in writing, software
|
15
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
16
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
17
|
+
# See the License for the specific language governing permissions and
|
18
|
+
# limitations under the License.
|
19
|
+
#
|
20
|
+
# "group" is a standard SNMP term but in NXOS "role" is used to serve the
|
21
|
+
# purpose of group; thus this provider utility does not create snmp groups
|
22
|
+
# and is limited to reporting group (role) existence only.
|
23
|
+
|
24
|
+
require File.join(File.dirname(__FILE__), 'node')
|
25
|
+
|
26
|
+
module Cisco
|
27
|
+
class SnmpGroup
|
28
|
+
attr_reader :name
|
29
|
+
|
30
|
+
@@node = Cisco::Node.instance
|
31
|
+
|
32
|
+
def initialize(name)
|
33
|
+
raise TypeError unless name.is_a?(String)
|
34
|
+
@name = name
|
35
|
+
end
|
36
|
+
|
37
|
+
def self.groups
|
38
|
+
group_ids = @@node.config_get("snmp_group", "group")
|
39
|
+
return {} if group_ids.nil?
|
40
|
+
|
41
|
+
hash = {}
|
42
|
+
group_ids.each do |name|
|
43
|
+
hash[name] = SnmpGroup.new(name)
|
44
|
+
end
|
45
|
+
hash
|
46
|
+
end
|
47
|
+
|
48
|
+
def self.exists?(group)
|
49
|
+
raise ArgumentError if group.empty?
|
50
|
+
raise TypeError unless group.is_a? String
|
51
|
+
groups = @@node.config_get("snmp_group", "group")
|
52
|
+
(!groups.nil? and groups.include? group)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -0,0 +1,150 @@
|
|
1
|
+
#
|
2
|
+
# NXAPI implementation of SnmpCommunity class
|
3
|
+
#
|
4
|
+
# November 2014, Alex Hunsberger
|
5
|
+
#
|
6
|
+
# Copyright (c) 2014-2015 Cisco and/or its affiliates.
|
7
|
+
#
|
8
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
9
|
+
# you may not use this file except in compliance with the License.
|
10
|
+
# You may obtain a copy of the License at
|
11
|
+
#
|
12
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
13
|
+
#
|
14
|
+
# Unless required by applicable law or agreed to in writing, software
|
15
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
16
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
17
|
+
# See the License for the specific language governing permissions and
|
18
|
+
# limitations under the License.
|
19
|
+
|
20
|
+
require File.join(File.dirname(__FILE__), 'node')
|
21
|
+
|
22
|
+
module Cisco
|
23
|
+
class SnmpServer
|
24
|
+
@@node = Cisco::Node.instance
|
25
|
+
|
26
|
+
def aaa_user_cache_timeout
|
27
|
+
match = @@node.config_get("snmp_server", "aaa_user_cache_timeout")
|
28
|
+
# regex in yaml returns an array result, use .first to get match
|
29
|
+
match.nil? ? default_aaa_user_cache_timeout : match.first.to_i
|
30
|
+
end
|
31
|
+
|
32
|
+
def aaa_user_cache_timeout=(timeout)
|
33
|
+
if timeout == default_aaa_user_cache_timeout
|
34
|
+
@@node.config_set("snmp_server", "aaa_user_cache_timeout", "no",
|
35
|
+
aaa_user_cache_timeout)
|
36
|
+
else
|
37
|
+
@@node.config_set("snmp_server", "aaa_user_cache_timeout", "", timeout)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def default_aaa_user_cache_timeout
|
42
|
+
@@node.config_get_default("snmp_server", "aaa_user_cache_timeout")
|
43
|
+
end
|
44
|
+
|
45
|
+
def location
|
46
|
+
match = @@node.config_get("snmp_server", "location")
|
47
|
+
match.nil? ? default_location : match
|
48
|
+
end
|
49
|
+
|
50
|
+
def location=(location)
|
51
|
+
raise TypeError unless location.is_a?(String)
|
52
|
+
if location.empty?
|
53
|
+
@@node.config_set("snmp_server", "location", "no", "")
|
54
|
+
else
|
55
|
+
@@node.config_set("snmp_server", "location", "", location)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
def default_location
|
60
|
+
@@node.config_get_default("snmp_server", "location")
|
61
|
+
end
|
62
|
+
|
63
|
+
def contact
|
64
|
+
match = @@node.config_get("snmp_server", "contact")
|
65
|
+
match.nil? ? default_contact : match
|
66
|
+
end
|
67
|
+
|
68
|
+
def contact=(contact)
|
69
|
+
raise TypeError unless contact.is_a?(String)
|
70
|
+
if contact.empty?
|
71
|
+
@@node.config_set("snmp_server", "contact", "no", "")
|
72
|
+
else
|
73
|
+
@@node.config_set("snmp_server", "contact", "", contact)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
def default_contact
|
78
|
+
@@node.config_get_default("snmp_server", "contact")
|
79
|
+
end
|
80
|
+
|
81
|
+
def packet_size
|
82
|
+
match = @@node.config_get("snmp_server", "packet_size")
|
83
|
+
# regex in yaml returns an array result, use .first to get match
|
84
|
+
match.nil? ? default_packet_size : match.first.to_i
|
85
|
+
end
|
86
|
+
|
87
|
+
def packet_size=(size)
|
88
|
+
if size == 0
|
89
|
+
ps = packet_size
|
90
|
+
@@node.config_set("snmp_server", "packet_size", "no", ps) unless ps == 0
|
91
|
+
else
|
92
|
+
@@node.config_set("snmp_server", "packet_size", "", size)
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
def default_packet_size
|
97
|
+
@@node.config_get_default("snmp_server", "packet_size")
|
98
|
+
end
|
99
|
+
|
100
|
+
def global_enforce_priv?
|
101
|
+
not @@node.config_get("snmp_server", "global_enforce_priv").nil?
|
102
|
+
end
|
103
|
+
|
104
|
+
def global_enforce_priv=(enforce)
|
105
|
+
if enforce
|
106
|
+
@@node.config_set("snmp_server", "global_enforce_priv", "")
|
107
|
+
else
|
108
|
+
@@node.config_set("snmp_server", "global_enforce_priv", "no")
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
def default_global_enforce_priv
|
113
|
+
@@node.config_get_default("snmp_server", "global_enforce_priv")
|
114
|
+
end
|
115
|
+
|
116
|
+
def protocol?
|
117
|
+
match = @@node.config_get("snmp_server", "protocol")
|
118
|
+
not match.nil? and match.include?("Enable")
|
119
|
+
end
|
120
|
+
|
121
|
+
def protocol=(enable)
|
122
|
+
if enable
|
123
|
+
@@node.config_set("snmp_server", "protocol", "")
|
124
|
+
else
|
125
|
+
@@node.config_set("snmp_server", "protocol", "no")
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
def default_protocol
|
130
|
+
@@node.config_get_default("snmp_server", "protocol")
|
131
|
+
end
|
132
|
+
|
133
|
+
def tcp_session_auth?
|
134
|
+
match = @@node.config_get("snmp_server", "tcp_session_auth")
|
135
|
+
not match.nil? and match.include?("Enabled")
|
136
|
+
end
|
137
|
+
|
138
|
+
def tcp_session_auth=(enable)
|
139
|
+
if enable
|
140
|
+
@@node.config_set("snmp_server", "tcp_session_auth", "", "auth")
|
141
|
+
else
|
142
|
+
@@node.config_set("snmp_server", "tcp_session_auth", "no", "")
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
def default_tcp_session_auth
|
147
|
+
@@node.config_get_default("snmp_server", "tcp_session_auth")
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
@@ -0,0 +1,342 @@
|
|
1
|
+
# Copyright (c) 2014-2015 Cisco and/or its affiliates.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require File.join(File.dirname(__FILE__), 'node')
|
16
|
+
|
17
|
+
module Cisco
|
18
|
+
SNMP_USER_NAME_KEY = "user"
|
19
|
+
SNMP_USER_GROUP_KEY = "group"
|
20
|
+
SNMP_USER_AUTH_KEY = "auth"
|
21
|
+
SNMP_USER_PRIV_KEY = "priv"
|
22
|
+
SNMP_USER_ENGINE_ID = "engineID"
|
23
|
+
SNMP_USER_ENGINE_ID_PATTERN = /([0-9]{1,3}(:[0-9]{1,3}){4,31})/
|
24
|
+
|
25
|
+
class SnmpUser
|
26
|
+
@@users = {}
|
27
|
+
@@node = Cisco::Node.instance
|
28
|
+
|
29
|
+
def initialize(name, groups, authproto, authpass, privproto,
|
30
|
+
privpass, localizedkey, engineid, instantiate=true)
|
31
|
+
raise TypeError unless name.is_a?(String)
|
32
|
+
raise ArgumentError if name.empty?
|
33
|
+
raise TypeError unless groups.is_a?(Array)
|
34
|
+
raise TypeError unless authproto.is_a?(Symbol)
|
35
|
+
raise TypeError unless authpass.is_a?(String)
|
36
|
+
# empty password but protocol provided = bad
|
37
|
+
# non-empty password and no protocol provided = bad
|
38
|
+
raise ArgumentError if authpass.empty? and [:sha, :md5].include?(authproto) and instantiate
|
39
|
+
raise ArgumentError if not authpass.empty? and not [:sha, :md5].include?(authproto)
|
40
|
+
raise TypeError unless privproto.is_a?(Symbol)
|
41
|
+
raise TypeError unless privpass.is_a?(String)
|
42
|
+
raise ArgumentError if privpass.empty? and [:des, :aes128].include?(privproto) and instantiate
|
43
|
+
raise ArgumentError if not privpass.empty? and not [:des, :aes128].include?(privproto)
|
44
|
+
raise TypeError unless !!localizedkey == localizedkey # bool check
|
45
|
+
raise TypeError unless engineid.is_a?(String)
|
46
|
+
|
47
|
+
@name = name
|
48
|
+
@engine_id = engineid
|
49
|
+
|
50
|
+
@authproto = authproto
|
51
|
+
@privproto = privproto
|
52
|
+
@groups_arr = groups
|
53
|
+
|
54
|
+
authprotostr = _auth_sym_to_str(authproto)
|
55
|
+
privprotostr = _priv_sym_to_str(privproto)
|
56
|
+
|
57
|
+
# Config string syntax:
|
58
|
+
# [no] snmp-server user <user> [group] [auth {md5|sha} <passwd1> [priv [aes-128] <passwd2>] [localizedkey] [engineID <id>]]
|
59
|
+
if instantiate
|
60
|
+
# assume if multiple groups, apply all config to each
|
61
|
+
groups = [""] if groups.empty?
|
62
|
+
groups.each { |group|
|
63
|
+
@@node.config_set("snmp_user", "user", "",
|
64
|
+
name,
|
65
|
+
group,
|
66
|
+
authpass.empty? ? "" : "auth #{authprotostr} #{authpass}",
|
67
|
+
privpass.empty? ? "" : "priv #{privprotostr} #{privpass}",
|
68
|
+
localizedkey ? "localizedkey" : "",
|
69
|
+
engineid.empty? ? "" : "engineID #{engineid}")
|
70
|
+
}
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
def SnmpUser.users
|
75
|
+
@@users = {}
|
76
|
+
# config_get returns hash if 1 user, array if multiple, nil if none
|
77
|
+
users = @@node.config_get("snmp_user", "user")
|
78
|
+
unless users.nil?
|
79
|
+
users = [users] if users.is_a?(Hash)
|
80
|
+
users.each { |user|
|
81
|
+
name = user[SNMP_USER_NAME_KEY]
|
82
|
+
engineid = user[SNMP_USER_ENGINE_ID]
|
83
|
+
if engineid.nil?
|
84
|
+
index = name
|
85
|
+
else
|
86
|
+
engineid_str = engineid.match(SNMP_USER_ENGINE_ID_PATTERN)[1]
|
87
|
+
index = name + " " + engineid_str
|
88
|
+
end
|
89
|
+
auth = _auth_str_to_sym(user[SNMP_USER_AUTH_KEY])
|
90
|
+
priv = _priv_str_to_sym(user[SNMP_USER_PRIV_KEY])
|
91
|
+
|
92
|
+
groups_arr = []
|
93
|
+
groups = _user_to_groups(user)
|
94
|
+
groups.each { |group| groups_arr << group[SNMP_USER_GROUP_KEY].strip }
|
95
|
+
|
96
|
+
@@users[index] = SnmpUser.new(name, groups_arr, auth,
|
97
|
+
"", priv, "", false, engineid.nil? ? "": engineid_str, false)
|
98
|
+
}
|
99
|
+
end
|
100
|
+
@@users
|
101
|
+
end
|
102
|
+
|
103
|
+
def destroy
|
104
|
+
# the parser doesn't care what the real value is but need to come to the
|
105
|
+
# end of the parser chain. Hence we just pass in some fake values for
|
106
|
+
# auth method and password
|
107
|
+
@@node.config_set("snmp_user", "user", "no",
|
108
|
+
@name, "",
|
109
|
+
(auth_password.nil? or auth_password.empty?) ?
|
110
|
+
"": "auth #{_auth_sym_to_str(auth_protocol)} #{auth_password}",
|
111
|
+
(priv_password.nil? or priv_password.empty?) ?
|
112
|
+
"": "priv #{_priv_sym_to_str(priv_protocol)} #{priv_password}",
|
113
|
+
(auth_password.nil? or auth_password.empty?) ?
|
114
|
+
"" : "localizedkey",
|
115
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
116
|
+
@@users.delete(@name + " " + @engine_id)
|
117
|
+
end
|
118
|
+
|
119
|
+
attr_reader :name
|
120
|
+
|
121
|
+
def groups
|
122
|
+
@groups_arr
|
123
|
+
end
|
124
|
+
|
125
|
+
def SnmpUser.default_groups
|
126
|
+
[@@node.config_get_default("snmp_user", "group")]
|
127
|
+
end
|
128
|
+
|
129
|
+
def auth_protocol
|
130
|
+
@authproto
|
131
|
+
end
|
132
|
+
|
133
|
+
def SnmpUser.default_auth_protocol
|
134
|
+
_auth_str_to_sym(@@node.config_get_default("snmp_user", "auth_protocol"))
|
135
|
+
end
|
136
|
+
|
137
|
+
def SnmpUser.default_auth_password
|
138
|
+
@@node.config_get_default("snmp_user", "auth_password")
|
139
|
+
end
|
140
|
+
|
141
|
+
def SnmpUser.auth_password(name, engine_id)
|
142
|
+
if engine_id.empty?
|
143
|
+
users = @@node.config_get("snmp_user", "auth_password")
|
144
|
+
return nil if users.nil?
|
145
|
+
users.each_entry { |user|
|
146
|
+
return user[1] if user[0] == name
|
147
|
+
}
|
148
|
+
else
|
149
|
+
users = @@node.config_get("snmp_user", "auth_password_with_engine_id")
|
150
|
+
return nil if users.nil?
|
151
|
+
users.each_entry { |user|
|
152
|
+
return user[1] if user[0] == name and user[2] == engine_id
|
153
|
+
}
|
154
|
+
end
|
155
|
+
nil
|
156
|
+
end
|
157
|
+
|
158
|
+
def auth_password
|
159
|
+
SnmpUser.auth_password(@name, @engine_id)
|
160
|
+
end
|
161
|
+
|
162
|
+
def priv_protocol
|
163
|
+
@privproto
|
164
|
+
end
|
165
|
+
|
166
|
+
def SnmpUser.priv_password(name, engine_id)
|
167
|
+
if engine_id.empty?
|
168
|
+
users = @@node.config_get("snmp_user", "priv_password")
|
169
|
+
unless users.nil?
|
170
|
+
users.each_entry { |user|
|
171
|
+
return user[1] if user[0] == name
|
172
|
+
}
|
173
|
+
end
|
174
|
+
else
|
175
|
+
users = @@node.config_get("snmp_user", "priv_password_with_engine_id")
|
176
|
+
unless users.nil?
|
177
|
+
users.each_entry { |user|
|
178
|
+
return user[1] if user[0] == name and user[2] == engine_id
|
179
|
+
}
|
180
|
+
end
|
181
|
+
end
|
182
|
+
nil
|
183
|
+
end
|
184
|
+
|
185
|
+
def priv_password
|
186
|
+
SnmpUser.priv_password(@name, @engine_id)
|
187
|
+
end
|
188
|
+
|
189
|
+
def SnmpUser.default_priv_protocol
|
190
|
+
_priv_str_to_sym(@@node.config_get_default("snmp_user", "priv_protocol"))
|
191
|
+
end
|
192
|
+
|
193
|
+
def SnmpUser.default_priv_password
|
194
|
+
@@node.config_get_default("snmp_user", "priv_password")
|
195
|
+
end
|
196
|
+
|
197
|
+
attr_reader :engine_id
|
198
|
+
|
199
|
+
def SnmpUser.default_engine_id
|
200
|
+
@@node.config_get_default("snmp_user", "engine_id")
|
201
|
+
end
|
202
|
+
|
203
|
+
# passwords are hashed and so cannot be retrieved directly, but can be
|
204
|
+
# checked for equality. this is done by creating a fake user with the
|
205
|
+
# password and then comparing the hashes
|
206
|
+
def auth_password_equal?(passwd, is_localized=false)
|
207
|
+
throw TypeError unless passwd.is_a?(String)
|
208
|
+
return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
|
209
|
+
dummypw = passwd
|
210
|
+
pw = nil
|
211
|
+
|
212
|
+
if is_localized
|
213
|
+
# In this case, the password is hashed. We only need to get current
|
214
|
+
# running config to compare
|
215
|
+
pw = auth_password
|
216
|
+
else
|
217
|
+
# In this case passed in password is clear text while the running
|
218
|
+
# config is hashed value. We need to hash the
|
219
|
+
# passed in clear text to hash
|
220
|
+
|
221
|
+
# create dummy user
|
222
|
+
@@node.config_set("snmp_user", "user", "", "dummy_user", "",
|
223
|
+
"auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
|
224
|
+
"", "",
|
225
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
226
|
+
|
227
|
+
# retrieve password hashes
|
228
|
+
dummypw = SnmpUser.auth_password("dummy_user", @engine_id)
|
229
|
+
pw = auth_password
|
230
|
+
|
231
|
+
# delete dummy user
|
232
|
+
@@node.config_set("snmp_user", "user", "no", "dummy_user", "",
|
233
|
+
"auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
|
234
|
+
"", "localizedkey",
|
235
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
236
|
+
end
|
237
|
+
return false if pw.nil? or dummypw.nil?
|
238
|
+
pw == dummypw
|
239
|
+
end
|
240
|
+
|
241
|
+
def priv_password_equal?(passwd, is_localized=false)
|
242
|
+
throw TypeError unless passwd.is_a?(String)
|
243
|
+
return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
|
244
|
+
dummypw = passwd
|
245
|
+
pw = nil
|
246
|
+
|
247
|
+
if is_localized
|
248
|
+
# In this case, the password is hashed. We only need to get current
|
249
|
+
# and compare directly
|
250
|
+
pw = priv_password
|
251
|
+
else
|
252
|
+
# In this case passed in password is clear text while the running
|
253
|
+
# config is hashed value. We need to hash the
|
254
|
+
# passed in clear text to hash
|
255
|
+
|
256
|
+
# create dummy user
|
257
|
+
@@node.config_set("snmp_user", "user", "", "dummy_user", "",
|
258
|
+
"auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
|
259
|
+
"priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
|
260
|
+
"",
|
261
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
262
|
+
|
263
|
+
# retrieve password hashes
|
264
|
+
dummypw = SnmpUser.priv_password("dummy_user", @engine_id)
|
265
|
+
pw = priv_password
|
266
|
+
|
267
|
+
# delete dummy user
|
268
|
+
@@node.config_set("snmp_user", "user", "no", "dummy_user", "",
|
269
|
+
"auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
|
270
|
+
"priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
|
271
|
+
"localizedkey",
|
272
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
273
|
+
end
|
274
|
+
return false if pw.nil? or dummypw.nil?
|
275
|
+
pw == dummypw
|
276
|
+
end
|
277
|
+
|
278
|
+
private
|
279
|
+
|
280
|
+
def _auth_sym_to_str(sym)
|
281
|
+
case sym
|
282
|
+
when :sha
|
283
|
+
return "sha"
|
284
|
+
when :md5
|
285
|
+
return "md5"
|
286
|
+
else
|
287
|
+
return ""
|
288
|
+
end
|
289
|
+
end
|
290
|
+
|
291
|
+
def _priv_sym_to_str(sym)
|
292
|
+
case sym
|
293
|
+
when :des
|
294
|
+
return "" # no protocol specified defaults to DES
|
295
|
+
when :aes128
|
296
|
+
return "aes-128"
|
297
|
+
else
|
298
|
+
return ""
|
299
|
+
end
|
300
|
+
end
|
301
|
+
|
302
|
+
def _auth_str_to_sym(str)
|
303
|
+
SnmpUser._auth_str_to_sym(str)
|
304
|
+
end
|
305
|
+
|
306
|
+
# must be class method b/c it's used by default methods
|
307
|
+
def SnmpUser._auth_str_to_sym(str)
|
308
|
+
case str
|
309
|
+
when /sha/i
|
310
|
+
return :sha
|
311
|
+
when /md5/i
|
312
|
+
return :md5
|
313
|
+
else
|
314
|
+
return :none
|
315
|
+
end
|
316
|
+
end
|
317
|
+
|
318
|
+
def _priv_str_to_sym(str)
|
319
|
+
SnmpUser._priv_str_to_sym(str)
|
320
|
+
end
|
321
|
+
|
322
|
+
def SnmpUser._priv_str_to_sym(str)
|
323
|
+
case str
|
324
|
+
when /des/i
|
325
|
+
return :des
|
326
|
+
when /aes/i
|
327
|
+
return :aes128
|
328
|
+
else
|
329
|
+
return :none
|
330
|
+
end
|
331
|
+
end
|
332
|
+
|
333
|
+
def SnmpUser._user_to_groups(user_hash)
|
334
|
+
return [] if user_hash.nil?
|
335
|
+
groups = user_hash["TABLE_groups"]["ROW_groups"] unless
|
336
|
+
user_hash["TABLE_groups"].nil?
|
337
|
+
return [] if groups.nil?
|
338
|
+
groups = [groups] if groups.is_a?(Hash)
|
339
|
+
groups
|
340
|
+
end
|
341
|
+
end
|
342
|
+
end
|