cisco_node_utils 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +3 -0
- data/.rubocop_todo.yml +293 -0
- data/CHANGELOG.md +5 -0
- data/CONTRIBUTING.md +31 -0
- data/Gemfile +4 -0
- data/LICENSE +201 -0
- data/README.md +113 -0
- data/Rakefile +4 -0
- data/cisco_node_utils.gemspec +30 -0
- data/lib/cisco_node_utils.rb +33 -0
- data/lib/cisco_node_utils/README_YAML.md +333 -0
- data/lib/cisco_node_utils/cisco_cmn_utils.rb +92 -0
- data/lib/cisco_node_utils/command_reference.rb +415 -0
- data/lib/cisco_node_utils/command_reference_common.yaml +845 -0
- data/lib/cisco_node_utils/command_reference_n3064.yaml +13 -0
- data/lib/cisco_node_utils/command_reference_n7k.yaml +48 -0
- data/lib/cisco_node_utils/command_reference_n9k.yaml +35 -0
- data/lib/cisco_node_utils/configparser_lib.rb +196 -0
- data/lib/cisco_node_utils/interface.rb +501 -0
- data/lib/cisco_node_utils/interface_ospf.rb +241 -0
- data/lib/cisco_node_utils/node.rb +673 -0
- data/lib/cisco_node_utils/platform.rb +184 -0
- data/lib/cisco_node_utils/platform_info.rb +58 -0
- data/lib/cisco_node_utils/platform_info.yaml +10 -0
- data/lib/cisco_node_utils/router_ospf.rb +96 -0
- data/lib/cisco_node_utils/router_ospf_vrf.rb +258 -0
- data/lib/cisco_node_utils/snmpcommunity.rb +91 -0
- data/lib/cisco_node_utils/snmpgroup.rb +55 -0
- data/lib/cisco_node_utils/snmpserver.rb +150 -0
- data/lib/cisco_node_utils/snmpuser.rb +342 -0
- data/lib/cisco_node_utils/tacacs_server.rb +175 -0
- data/lib/cisco_node_utils/tacacs_server_host.rb +128 -0
- data/lib/cisco_node_utils/version.rb +17 -0
- data/lib/cisco_node_utils/vlan.rb +153 -0
- data/lib/cisco_node_utils/vtp.rb +127 -0
- data/lib/cisco_node_utils/yum.rb +84 -0
- data/tests/basetest.rb +93 -0
- data/tests/ciscotest.rb +136 -0
- data/tests/cmd_config.yaml +51 -0
- data/tests/cmd_config_invalid.yaml +16 -0
- data/tests/test_all_cisco.rb +46 -0
- data/tests/test_command_config.rb +192 -0
- data/tests/test_command_reference.rb +222 -0
- data/tests/test_interface.rb +1017 -0
- data/tests/test_interface_ospf.rb +763 -0
- data/tests/test_interface_svi.rb +267 -0
- data/tests/test_interface_switchport.rb +722 -0
- data/tests/test_node.rb +108 -0
- data/tests/test_node_ext.rb +450 -0
- data/tests/test_platform.rb +188 -0
- data/tests/test_router_ospf.rb +164 -0
- data/tests/test_router_ospf_vrf.rb +753 -0
- data/tests/test_snmpcommunity.rb +344 -0
- data/tests/test_snmpgroup.rb +71 -0
- data/tests/test_snmpserver.rb +443 -0
- data/tests/test_snmpuser.rb +803 -0
- data/tests/test_tacacs_server.rb +388 -0
- data/tests/test_tacacs_server_host.rb +391 -0
- data/tests/test_vlan.rb +264 -0
- data/tests/test_vtp.rb +319 -0
- data/tests/test_yum.rb +106 -0
- metadata +188 -0
@@ -0,0 +1,91 @@
|
|
1
|
+
#
|
2
|
+
# NXAPI implementation of SnmpCommunity class
|
3
|
+
#
|
4
|
+
# December 2014, Alex Hunsberger
|
5
|
+
#
|
6
|
+
# Copyright (c) 2014-2015 Cisco and/or its affiliates.
|
7
|
+
#
|
8
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
9
|
+
# you may not use this file except in compliance with the License.
|
10
|
+
# You may obtain a copy of the License at
|
11
|
+
#
|
12
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
13
|
+
#
|
14
|
+
# Unless required by applicable law or agreed to in writing, software
|
15
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
16
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
17
|
+
# See the License for the specific language governing permissions and
|
18
|
+
# limitations under the License.
|
19
|
+
|
20
|
+
require File.join(File.dirname(__FILE__), 'node')
|
21
|
+
|
22
|
+
module Cisco
|
23
|
+
class SnmpCommunity
|
24
|
+
@@communities = nil
|
25
|
+
@@node = Cisco::Node.instance
|
26
|
+
|
27
|
+
def initialize(name, group, instantiate=true)
|
28
|
+
raise TypeError unless name.is_a?(String) and group.is_a?(String)
|
29
|
+
@name = name
|
30
|
+
|
31
|
+
if instantiate
|
32
|
+
@@node.config_set("snmp_community", "community", "", name, group)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def SnmpCommunity.communities
|
37
|
+
@@communities = {}
|
38
|
+
comms = @@node.config_get("snmp_community", "all_communities")
|
39
|
+
unless comms.nil?
|
40
|
+
comms.each { |comm|
|
41
|
+
@@communities[comm] = SnmpCommunity.new(comm, "", false)
|
42
|
+
}
|
43
|
+
end
|
44
|
+
@@communities
|
45
|
+
end
|
46
|
+
|
47
|
+
def destroy
|
48
|
+
# CLI requires specifying a group even for "no" commands
|
49
|
+
@@node.config_set("snmp_community", "community", "no", @name, "null")
|
50
|
+
@@communities.delete(@name) unless @@communities.nil?
|
51
|
+
end
|
52
|
+
|
53
|
+
# name is read only
|
54
|
+
# def name
|
55
|
+
# @name
|
56
|
+
# end
|
57
|
+
|
58
|
+
def group
|
59
|
+
result = @@node.config_get("snmp_community", "group", @name)
|
60
|
+
result.nil? ? SnmpCommunity.default_group : result.first
|
61
|
+
end
|
62
|
+
|
63
|
+
def group=(group)
|
64
|
+
raise TypeError unless group.is_a?(String)
|
65
|
+
@@node.config_set("snmp_community", "group", @name, group)
|
66
|
+
end
|
67
|
+
|
68
|
+
def SnmpCommunity.default_group
|
69
|
+
@@node.config_get_default("snmp_community", "group")
|
70
|
+
end
|
71
|
+
|
72
|
+
def acl
|
73
|
+
result = @@node.config_get("snmp_community", "acl", @name)
|
74
|
+
result.nil? ? SnmpCommunity.default_acl : result.first
|
75
|
+
end
|
76
|
+
|
77
|
+
def acl=(acl)
|
78
|
+
raise TypeError unless acl.is_a?(String)
|
79
|
+
if acl.empty?
|
80
|
+
acl = self.acl
|
81
|
+
@@node.config_set("snmp_community", "acl", "no", @name, acl) unless acl.empty?
|
82
|
+
else
|
83
|
+
@@node.config_set("snmp_community", "acl", "", @name, acl)
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
def SnmpCommunity.default_acl
|
88
|
+
@@node.config_get_default("snmp_community", "acl")
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
#
|
2
|
+
# NXAPI implementation of SnmpGroup class
|
3
|
+
#
|
4
|
+
# February 2015, Chris Van Heuveln
|
5
|
+
#
|
6
|
+
# Copyright (c) 2015 Cisco and/or its affiliates.
|
7
|
+
#
|
8
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
9
|
+
# you may not use this file except in compliance with the License.
|
10
|
+
# You may obtain a copy of the License at
|
11
|
+
#
|
12
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
13
|
+
#
|
14
|
+
# Unless required by applicable law or agreed to in writing, software
|
15
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
16
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
17
|
+
# See the License for the specific language governing permissions and
|
18
|
+
# limitations under the License.
|
19
|
+
#
|
20
|
+
# "group" is a standard SNMP term but in NXOS "role" is used to serve the
|
21
|
+
# purpose of group; thus this provider utility does not create snmp groups
|
22
|
+
# and is limited to reporting group (role) existence only.
|
23
|
+
|
24
|
+
require File.join(File.dirname(__FILE__), 'node')
|
25
|
+
|
26
|
+
module Cisco
|
27
|
+
class SnmpGroup
|
28
|
+
attr_reader :name
|
29
|
+
|
30
|
+
@@node = Cisco::Node.instance
|
31
|
+
|
32
|
+
def initialize(name)
|
33
|
+
raise TypeError unless name.is_a?(String)
|
34
|
+
@name = name
|
35
|
+
end
|
36
|
+
|
37
|
+
def self.groups
|
38
|
+
group_ids = @@node.config_get("snmp_group", "group")
|
39
|
+
return {} if group_ids.nil?
|
40
|
+
|
41
|
+
hash = {}
|
42
|
+
group_ids.each do |name|
|
43
|
+
hash[name] = SnmpGroup.new(name)
|
44
|
+
end
|
45
|
+
hash
|
46
|
+
end
|
47
|
+
|
48
|
+
def self.exists?(group)
|
49
|
+
raise ArgumentError if group.empty?
|
50
|
+
raise TypeError unless group.is_a? String
|
51
|
+
groups = @@node.config_get("snmp_group", "group")
|
52
|
+
(!groups.nil? and groups.include? group)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -0,0 +1,150 @@
|
|
1
|
+
#
|
2
|
+
# NXAPI implementation of SnmpCommunity class
|
3
|
+
#
|
4
|
+
# November 2014, Alex Hunsberger
|
5
|
+
#
|
6
|
+
# Copyright (c) 2014-2015 Cisco and/or its affiliates.
|
7
|
+
#
|
8
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
9
|
+
# you may not use this file except in compliance with the License.
|
10
|
+
# You may obtain a copy of the License at
|
11
|
+
#
|
12
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
13
|
+
#
|
14
|
+
# Unless required by applicable law or agreed to in writing, software
|
15
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
16
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
17
|
+
# See the License for the specific language governing permissions and
|
18
|
+
# limitations under the License.
|
19
|
+
|
20
|
+
require File.join(File.dirname(__FILE__), 'node')
|
21
|
+
|
22
|
+
module Cisco
|
23
|
+
class SnmpServer
|
24
|
+
@@node = Cisco::Node.instance
|
25
|
+
|
26
|
+
def aaa_user_cache_timeout
|
27
|
+
match = @@node.config_get("snmp_server", "aaa_user_cache_timeout")
|
28
|
+
# regex in yaml returns an array result, use .first to get match
|
29
|
+
match.nil? ? default_aaa_user_cache_timeout : match.first.to_i
|
30
|
+
end
|
31
|
+
|
32
|
+
def aaa_user_cache_timeout=(timeout)
|
33
|
+
if timeout == default_aaa_user_cache_timeout
|
34
|
+
@@node.config_set("snmp_server", "aaa_user_cache_timeout", "no",
|
35
|
+
aaa_user_cache_timeout)
|
36
|
+
else
|
37
|
+
@@node.config_set("snmp_server", "aaa_user_cache_timeout", "", timeout)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def default_aaa_user_cache_timeout
|
42
|
+
@@node.config_get_default("snmp_server", "aaa_user_cache_timeout")
|
43
|
+
end
|
44
|
+
|
45
|
+
def location
|
46
|
+
match = @@node.config_get("snmp_server", "location")
|
47
|
+
match.nil? ? default_location : match
|
48
|
+
end
|
49
|
+
|
50
|
+
def location=(location)
|
51
|
+
raise TypeError unless location.is_a?(String)
|
52
|
+
if location.empty?
|
53
|
+
@@node.config_set("snmp_server", "location", "no", "")
|
54
|
+
else
|
55
|
+
@@node.config_set("snmp_server", "location", "", location)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
def default_location
|
60
|
+
@@node.config_get_default("snmp_server", "location")
|
61
|
+
end
|
62
|
+
|
63
|
+
def contact
|
64
|
+
match = @@node.config_get("snmp_server", "contact")
|
65
|
+
match.nil? ? default_contact : match
|
66
|
+
end
|
67
|
+
|
68
|
+
def contact=(contact)
|
69
|
+
raise TypeError unless contact.is_a?(String)
|
70
|
+
if contact.empty?
|
71
|
+
@@node.config_set("snmp_server", "contact", "no", "")
|
72
|
+
else
|
73
|
+
@@node.config_set("snmp_server", "contact", "", contact)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
def default_contact
|
78
|
+
@@node.config_get_default("snmp_server", "contact")
|
79
|
+
end
|
80
|
+
|
81
|
+
def packet_size
|
82
|
+
match = @@node.config_get("snmp_server", "packet_size")
|
83
|
+
# regex in yaml returns an array result, use .first to get match
|
84
|
+
match.nil? ? default_packet_size : match.first.to_i
|
85
|
+
end
|
86
|
+
|
87
|
+
def packet_size=(size)
|
88
|
+
if size == 0
|
89
|
+
ps = packet_size
|
90
|
+
@@node.config_set("snmp_server", "packet_size", "no", ps) unless ps == 0
|
91
|
+
else
|
92
|
+
@@node.config_set("snmp_server", "packet_size", "", size)
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
def default_packet_size
|
97
|
+
@@node.config_get_default("snmp_server", "packet_size")
|
98
|
+
end
|
99
|
+
|
100
|
+
def global_enforce_priv?
|
101
|
+
not @@node.config_get("snmp_server", "global_enforce_priv").nil?
|
102
|
+
end
|
103
|
+
|
104
|
+
def global_enforce_priv=(enforce)
|
105
|
+
if enforce
|
106
|
+
@@node.config_set("snmp_server", "global_enforce_priv", "")
|
107
|
+
else
|
108
|
+
@@node.config_set("snmp_server", "global_enforce_priv", "no")
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
def default_global_enforce_priv
|
113
|
+
@@node.config_get_default("snmp_server", "global_enforce_priv")
|
114
|
+
end
|
115
|
+
|
116
|
+
def protocol?
|
117
|
+
match = @@node.config_get("snmp_server", "protocol")
|
118
|
+
not match.nil? and match.include?("Enable")
|
119
|
+
end
|
120
|
+
|
121
|
+
def protocol=(enable)
|
122
|
+
if enable
|
123
|
+
@@node.config_set("snmp_server", "protocol", "")
|
124
|
+
else
|
125
|
+
@@node.config_set("snmp_server", "protocol", "no")
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
def default_protocol
|
130
|
+
@@node.config_get_default("snmp_server", "protocol")
|
131
|
+
end
|
132
|
+
|
133
|
+
def tcp_session_auth?
|
134
|
+
match = @@node.config_get("snmp_server", "tcp_session_auth")
|
135
|
+
not match.nil? and match.include?("Enabled")
|
136
|
+
end
|
137
|
+
|
138
|
+
def tcp_session_auth=(enable)
|
139
|
+
if enable
|
140
|
+
@@node.config_set("snmp_server", "tcp_session_auth", "", "auth")
|
141
|
+
else
|
142
|
+
@@node.config_set("snmp_server", "tcp_session_auth", "no", "")
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
def default_tcp_session_auth
|
147
|
+
@@node.config_get_default("snmp_server", "tcp_session_auth")
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
@@ -0,0 +1,342 @@
|
|
1
|
+
# Copyright (c) 2014-2015 Cisco and/or its affiliates.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require File.join(File.dirname(__FILE__), 'node')
|
16
|
+
|
17
|
+
module Cisco
|
18
|
+
SNMP_USER_NAME_KEY = "user"
|
19
|
+
SNMP_USER_GROUP_KEY = "group"
|
20
|
+
SNMP_USER_AUTH_KEY = "auth"
|
21
|
+
SNMP_USER_PRIV_KEY = "priv"
|
22
|
+
SNMP_USER_ENGINE_ID = "engineID"
|
23
|
+
SNMP_USER_ENGINE_ID_PATTERN = /([0-9]{1,3}(:[0-9]{1,3}){4,31})/
|
24
|
+
|
25
|
+
class SnmpUser
|
26
|
+
@@users = {}
|
27
|
+
@@node = Cisco::Node.instance
|
28
|
+
|
29
|
+
def initialize(name, groups, authproto, authpass, privproto,
|
30
|
+
privpass, localizedkey, engineid, instantiate=true)
|
31
|
+
raise TypeError unless name.is_a?(String)
|
32
|
+
raise ArgumentError if name.empty?
|
33
|
+
raise TypeError unless groups.is_a?(Array)
|
34
|
+
raise TypeError unless authproto.is_a?(Symbol)
|
35
|
+
raise TypeError unless authpass.is_a?(String)
|
36
|
+
# empty password but protocol provided = bad
|
37
|
+
# non-empty password and no protocol provided = bad
|
38
|
+
raise ArgumentError if authpass.empty? and [:sha, :md5].include?(authproto) and instantiate
|
39
|
+
raise ArgumentError if not authpass.empty? and not [:sha, :md5].include?(authproto)
|
40
|
+
raise TypeError unless privproto.is_a?(Symbol)
|
41
|
+
raise TypeError unless privpass.is_a?(String)
|
42
|
+
raise ArgumentError if privpass.empty? and [:des, :aes128].include?(privproto) and instantiate
|
43
|
+
raise ArgumentError if not privpass.empty? and not [:des, :aes128].include?(privproto)
|
44
|
+
raise TypeError unless !!localizedkey == localizedkey # bool check
|
45
|
+
raise TypeError unless engineid.is_a?(String)
|
46
|
+
|
47
|
+
@name = name
|
48
|
+
@engine_id = engineid
|
49
|
+
|
50
|
+
@authproto = authproto
|
51
|
+
@privproto = privproto
|
52
|
+
@groups_arr = groups
|
53
|
+
|
54
|
+
authprotostr = _auth_sym_to_str(authproto)
|
55
|
+
privprotostr = _priv_sym_to_str(privproto)
|
56
|
+
|
57
|
+
# Config string syntax:
|
58
|
+
# [no] snmp-server user <user> [group] [auth {md5|sha} <passwd1> [priv [aes-128] <passwd2>] [localizedkey] [engineID <id>]]
|
59
|
+
if instantiate
|
60
|
+
# assume if multiple groups, apply all config to each
|
61
|
+
groups = [""] if groups.empty?
|
62
|
+
groups.each { |group|
|
63
|
+
@@node.config_set("snmp_user", "user", "",
|
64
|
+
name,
|
65
|
+
group,
|
66
|
+
authpass.empty? ? "" : "auth #{authprotostr} #{authpass}",
|
67
|
+
privpass.empty? ? "" : "priv #{privprotostr} #{privpass}",
|
68
|
+
localizedkey ? "localizedkey" : "",
|
69
|
+
engineid.empty? ? "" : "engineID #{engineid}")
|
70
|
+
}
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
def SnmpUser.users
|
75
|
+
@@users = {}
|
76
|
+
# config_get returns hash if 1 user, array if multiple, nil if none
|
77
|
+
users = @@node.config_get("snmp_user", "user")
|
78
|
+
unless users.nil?
|
79
|
+
users = [users] if users.is_a?(Hash)
|
80
|
+
users.each { |user|
|
81
|
+
name = user[SNMP_USER_NAME_KEY]
|
82
|
+
engineid = user[SNMP_USER_ENGINE_ID]
|
83
|
+
if engineid.nil?
|
84
|
+
index = name
|
85
|
+
else
|
86
|
+
engineid_str = engineid.match(SNMP_USER_ENGINE_ID_PATTERN)[1]
|
87
|
+
index = name + " " + engineid_str
|
88
|
+
end
|
89
|
+
auth = _auth_str_to_sym(user[SNMP_USER_AUTH_KEY])
|
90
|
+
priv = _priv_str_to_sym(user[SNMP_USER_PRIV_KEY])
|
91
|
+
|
92
|
+
groups_arr = []
|
93
|
+
groups = _user_to_groups(user)
|
94
|
+
groups.each { |group| groups_arr << group[SNMP_USER_GROUP_KEY].strip }
|
95
|
+
|
96
|
+
@@users[index] = SnmpUser.new(name, groups_arr, auth,
|
97
|
+
"", priv, "", false, engineid.nil? ? "": engineid_str, false)
|
98
|
+
}
|
99
|
+
end
|
100
|
+
@@users
|
101
|
+
end
|
102
|
+
|
103
|
+
def destroy
|
104
|
+
# the parser doesn't care what the real value is but need to come to the
|
105
|
+
# end of the parser chain. Hence we just pass in some fake values for
|
106
|
+
# auth method and password
|
107
|
+
@@node.config_set("snmp_user", "user", "no",
|
108
|
+
@name, "",
|
109
|
+
(auth_password.nil? or auth_password.empty?) ?
|
110
|
+
"": "auth #{_auth_sym_to_str(auth_protocol)} #{auth_password}",
|
111
|
+
(priv_password.nil? or priv_password.empty?) ?
|
112
|
+
"": "priv #{_priv_sym_to_str(priv_protocol)} #{priv_password}",
|
113
|
+
(auth_password.nil? or auth_password.empty?) ?
|
114
|
+
"" : "localizedkey",
|
115
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
116
|
+
@@users.delete(@name + " " + @engine_id)
|
117
|
+
end
|
118
|
+
|
119
|
+
attr_reader :name
|
120
|
+
|
121
|
+
def groups
|
122
|
+
@groups_arr
|
123
|
+
end
|
124
|
+
|
125
|
+
def SnmpUser.default_groups
|
126
|
+
[@@node.config_get_default("snmp_user", "group")]
|
127
|
+
end
|
128
|
+
|
129
|
+
def auth_protocol
|
130
|
+
@authproto
|
131
|
+
end
|
132
|
+
|
133
|
+
def SnmpUser.default_auth_protocol
|
134
|
+
_auth_str_to_sym(@@node.config_get_default("snmp_user", "auth_protocol"))
|
135
|
+
end
|
136
|
+
|
137
|
+
def SnmpUser.default_auth_password
|
138
|
+
@@node.config_get_default("snmp_user", "auth_password")
|
139
|
+
end
|
140
|
+
|
141
|
+
def SnmpUser.auth_password(name, engine_id)
|
142
|
+
if engine_id.empty?
|
143
|
+
users = @@node.config_get("snmp_user", "auth_password")
|
144
|
+
return nil if users.nil?
|
145
|
+
users.each_entry { |user|
|
146
|
+
return user[1] if user[0] == name
|
147
|
+
}
|
148
|
+
else
|
149
|
+
users = @@node.config_get("snmp_user", "auth_password_with_engine_id")
|
150
|
+
return nil if users.nil?
|
151
|
+
users.each_entry { |user|
|
152
|
+
return user[1] if user[0] == name and user[2] == engine_id
|
153
|
+
}
|
154
|
+
end
|
155
|
+
nil
|
156
|
+
end
|
157
|
+
|
158
|
+
def auth_password
|
159
|
+
SnmpUser.auth_password(@name, @engine_id)
|
160
|
+
end
|
161
|
+
|
162
|
+
def priv_protocol
|
163
|
+
@privproto
|
164
|
+
end
|
165
|
+
|
166
|
+
def SnmpUser.priv_password(name, engine_id)
|
167
|
+
if engine_id.empty?
|
168
|
+
users = @@node.config_get("snmp_user", "priv_password")
|
169
|
+
unless users.nil?
|
170
|
+
users.each_entry { |user|
|
171
|
+
return user[1] if user[0] == name
|
172
|
+
}
|
173
|
+
end
|
174
|
+
else
|
175
|
+
users = @@node.config_get("snmp_user", "priv_password_with_engine_id")
|
176
|
+
unless users.nil?
|
177
|
+
users.each_entry { |user|
|
178
|
+
return user[1] if user[0] == name and user[2] == engine_id
|
179
|
+
}
|
180
|
+
end
|
181
|
+
end
|
182
|
+
nil
|
183
|
+
end
|
184
|
+
|
185
|
+
def priv_password
|
186
|
+
SnmpUser.priv_password(@name, @engine_id)
|
187
|
+
end
|
188
|
+
|
189
|
+
def SnmpUser.default_priv_protocol
|
190
|
+
_priv_str_to_sym(@@node.config_get_default("snmp_user", "priv_protocol"))
|
191
|
+
end
|
192
|
+
|
193
|
+
def SnmpUser.default_priv_password
|
194
|
+
@@node.config_get_default("snmp_user", "priv_password")
|
195
|
+
end
|
196
|
+
|
197
|
+
attr_reader :engine_id
|
198
|
+
|
199
|
+
def SnmpUser.default_engine_id
|
200
|
+
@@node.config_get_default("snmp_user", "engine_id")
|
201
|
+
end
|
202
|
+
|
203
|
+
# passwords are hashed and so cannot be retrieved directly, but can be
|
204
|
+
# checked for equality. this is done by creating a fake user with the
|
205
|
+
# password and then comparing the hashes
|
206
|
+
def auth_password_equal?(passwd, is_localized=false)
|
207
|
+
throw TypeError unless passwd.is_a?(String)
|
208
|
+
return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
|
209
|
+
dummypw = passwd
|
210
|
+
pw = nil
|
211
|
+
|
212
|
+
if is_localized
|
213
|
+
# In this case, the password is hashed. We only need to get current
|
214
|
+
# running config to compare
|
215
|
+
pw = auth_password
|
216
|
+
else
|
217
|
+
# In this case passed in password is clear text while the running
|
218
|
+
# config is hashed value. We need to hash the
|
219
|
+
# passed in clear text to hash
|
220
|
+
|
221
|
+
# create dummy user
|
222
|
+
@@node.config_set("snmp_user", "user", "", "dummy_user", "",
|
223
|
+
"auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
|
224
|
+
"", "",
|
225
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
226
|
+
|
227
|
+
# retrieve password hashes
|
228
|
+
dummypw = SnmpUser.auth_password("dummy_user", @engine_id)
|
229
|
+
pw = auth_password
|
230
|
+
|
231
|
+
# delete dummy user
|
232
|
+
@@node.config_set("snmp_user", "user", "no", "dummy_user", "",
|
233
|
+
"auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
|
234
|
+
"", "localizedkey",
|
235
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
236
|
+
end
|
237
|
+
return false if pw.nil? or dummypw.nil?
|
238
|
+
pw == dummypw
|
239
|
+
end
|
240
|
+
|
241
|
+
def priv_password_equal?(passwd, is_localized=false)
|
242
|
+
throw TypeError unless passwd.is_a?(String)
|
243
|
+
return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
|
244
|
+
dummypw = passwd
|
245
|
+
pw = nil
|
246
|
+
|
247
|
+
if is_localized
|
248
|
+
# In this case, the password is hashed. We only need to get current
|
249
|
+
# and compare directly
|
250
|
+
pw = priv_password
|
251
|
+
else
|
252
|
+
# In this case passed in password is clear text while the running
|
253
|
+
# config is hashed value. We need to hash the
|
254
|
+
# passed in clear text to hash
|
255
|
+
|
256
|
+
# create dummy user
|
257
|
+
@@node.config_set("snmp_user", "user", "", "dummy_user", "",
|
258
|
+
"auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
|
259
|
+
"priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
|
260
|
+
"",
|
261
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
262
|
+
|
263
|
+
# retrieve password hashes
|
264
|
+
dummypw = SnmpUser.priv_password("dummy_user", @engine_id)
|
265
|
+
pw = priv_password
|
266
|
+
|
267
|
+
# delete dummy user
|
268
|
+
@@node.config_set("snmp_user", "user", "no", "dummy_user", "",
|
269
|
+
"auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
|
270
|
+
"priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
|
271
|
+
"localizedkey",
|
272
|
+
@engine_id.empty? ? "" : "engineID #{@engine_id}")
|
273
|
+
end
|
274
|
+
return false if pw.nil? or dummypw.nil?
|
275
|
+
pw == dummypw
|
276
|
+
end
|
277
|
+
|
278
|
+
private
|
279
|
+
|
280
|
+
def _auth_sym_to_str(sym)
|
281
|
+
case sym
|
282
|
+
when :sha
|
283
|
+
return "sha"
|
284
|
+
when :md5
|
285
|
+
return "md5"
|
286
|
+
else
|
287
|
+
return ""
|
288
|
+
end
|
289
|
+
end
|
290
|
+
|
291
|
+
def _priv_sym_to_str(sym)
|
292
|
+
case sym
|
293
|
+
when :des
|
294
|
+
return "" # no protocol specified defaults to DES
|
295
|
+
when :aes128
|
296
|
+
return "aes-128"
|
297
|
+
else
|
298
|
+
return ""
|
299
|
+
end
|
300
|
+
end
|
301
|
+
|
302
|
+
def _auth_str_to_sym(str)
|
303
|
+
SnmpUser._auth_str_to_sym(str)
|
304
|
+
end
|
305
|
+
|
306
|
+
# must be class method b/c it's used by default methods
|
307
|
+
def SnmpUser._auth_str_to_sym(str)
|
308
|
+
case str
|
309
|
+
when /sha/i
|
310
|
+
return :sha
|
311
|
+
when /md5/i
|
312
|
+
return :md5
|
313
|
+
else
|
314
|
+
return :none
|
315
|
+
end
|
316
|
+
end
|
317
|
+
|
318
|
+
def _priv_str_to_sym(str)
|
319
|
+
SnmpUser._priv_str_to_sym(str)
|
320
|
+
end
|
321
|
+
|
322
|
+
def SnmpUser._priv_str_to_sym(str)
|
323
|
+
case str
|
324
|
+
when /des/i
|
325
|
+
return :des
|
326
|
+
when /aes/i
|
327
|
+
return :aes128
|
328
|
+
else
|
329
|
+
return :none
|
330
|
+
end
|
331
|
+
end
|
332
|
+
|
333
|
+
def SnmpUser._user_to_groups(user_hash)
|
334
|
+
return [] if user_hash.nil?
|
335
|
+
groups = user_hash["TABLE_groups"]["ROW_groups"] unless
|
336
|
+
user_hash["TABLE_groups"].nil?
|
337
|
+
return [] if groups.nil?
|
338
|
+
groups = [groups] if groups.is_a?(Hash)
|
339
|
+
groups
|
340
|
+
end
|
341
|
+
end
|
342
|
+
end
|