mtik 4.0.1 → 4.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5ce416fc9ce5a6d6768f40c11b68fc983fcf75ba69e10e3bc660a0b405fc1bcc
+  data.tar.gz: 910a34bcb91770ea3f5607fd91297fa1d518f0020e35e27e810deb4eb797cd71
+SHA512:
+  metadata.gz: 86879188b9b9af32b1d61f61d3c539a3f8482ef1da078f4a347ea548e1480e0c5b6502d73784a7acda610a17d4b6be141dae93a20b07c1c85959aec538834be5
+  data.tar.gz: 6778bcf64f479677ccdaec744a8356b936527471870e21aa6878749ceb22d79d43452415113a2e15de4d4be0bbc133d7a32b1d0c7d70807cf7066eb94acab91e

data/CHANGELOG.txt

@@ -1,3 +1,41 @@
+2020-08-23 (23 AUG 2020)  VERSION 4.1.0
+  * Minor version bump due to changing argument passing for the call to
+    MTik.interactive_client()
+  * Updated tikcli, tikcommand, and tikfetch commands to add options for
+    enabling SSL and/or to use unencrypted plaintext logins (newer API
+    login style).  Also one can set environment variables MTIK_SSL to 
+    specify SSL use, or MTIK_UNENCRYPTED_PLAINTEXT to enable unencrypted
+    plaintext logins if SSL is NOT used for compatibility with cleartext
+    API usage on RouterOS versions 6.43+
+  * THANKS to Zdenek Crha (zdenek-crha on github) for pointing out that
+    the binary commands were lacking proper argument passing to allow
+    for SSL and/or unencrypted plaintext options, and for suggesting the
+    use of environment variables as an alterative to CLI options for
+    enabling such.
+
+2020-08-22 (22 AUG 2020)  VERSION 4.0.5
+  * This is a cosmetic version bump for the purpose of updating the gem for wider
+    availability via rubygems in addition to directly from github prior to some
+    coming feature updates and fixes for newer versions of RouterOS
+
+2019-07-26 (26 JUL 2020)  VERSION 4.0.4  Adam Kubica (github user xcr)
+  * Adam bumped the version number and separated out a gemspec file
+  * Jiacheng (github user krhougs) had submitted a similar update as Adam
+
+2014-02-14 (14 FEB 2014)  VERSION 4.0.3  Aaron D. Gifford (http://www.aarongifford.com)
+ * Update to fetch() utility, along with some very minor some cosmetic changes
+
+2013-06-06 (06 JUN 2013)  VERSION 4.0.2  Aaron D. Gifford (http://www.aarongifford.com)
+                                         Bart Braem (http://www.lalunerouge.net/)
+ * Merged Bart Braem's implementation of timeouts and bumped up the version.  Thanks, Bart!
+ * Updated Rakefile to remove a bit of obsolescence
+
+2012-02-09 (09 FEB 2012)  VERSION 4.0.1  Aaron D. Gifford (http://www.aarongifford.com)
+ * Added os_version to connections.  Upon successful connect and login, the RouterOS
+   version is fetched and stored.  This will allow future updates to better support
+   some commands that differ (like fetch) depending on which RouterOS version is
+   installed on the device.
+
 2011-03-25 (25 MAR 2011)  VERSION 4.0.0  Aaron D. Gifford (http://www.aarongifford.com)
  * Per user suggestion, added a new optional cancel parameter to the MTik#command()
    method that will auto-cancel the supplied command after receiving the specified
@@ -13,6 +51,7 @@
    to symbol and fixed those, updated error messages to reflect state as a symbol,
    eliminated a few redundant key?() calls, and fixed a replycounter initialization
    typo (had set it to 1 instead of 0).
+
 2011-01-11 (11 JAN 2011)  VERSION 3.1.2  Aaron D. Gifford (http://www.aarongifford.com)
  * Added source file encoding comments and updated the copyright notices
  * Fixed a tiny bug in lib/mtik/connection.rb
@@ -42,7 +81,7 @@
  * Fixed RDoc formatting in several files, and added an RDocTask to the Rakefile
 
 2010-04-23 (23 APR 2010)  VERSION 3.0.5  Aaron D. Gifford (http://www.aarongifford.com)
- * Double bug-fix (typo fix and logic fix) to request.rb thanks to Allan Eising and 
+ * Double bug-fix (typo fix and logic fix) to request.rb thanks to Allan Eising and
    Søren Daugaard.  Thank you both for the patch!
  * Added a brief sanity-check in request.rb to help spotlight logic errors.
 
@@ -85,3 +124,4 @@
       fetch.rb
   * Added VERSION.txt, CHANGELOG.txt, README.txt, LICENSE.txt, and *.gemspec files, moved
     the example files into the bin subdirectory
+

data/README.txt

@@ -27,7 +27,7 @@ The latest version of MTik can be found at
 
 Ruby RDoc documentation can be found online at
 
-* http://www.aarongifford.com/computers/mtik/latest/doc/ 
+* http://www.aarongifford.com/computers/mtik/latest/doc/
 
 Additional documentation is available at
 

data/Rakefile

@@ -1,46 +1,15 @@
 require 'rubygems'
-require 'rake/gempackagetask'
-require 'rake/rdoctask'
+require 'rubygems/package_task'
+require 'rdoc/task'
 
-gemspec = Gem::Specification.new do |spec|
-  spec.name         = 'mtik'
-  spec.version      = File.open('VERSION.txt','r').to_a.join.strip
-  spec.date         = File.mtime('VERSION.txt')
-  spec.author       = 'Aaron D. Gifford'
-  spec.email        = 'email_not_accepted@aarongifford.com'
-  spec.homepage     = 'http://www.aarongifford.com/computers/mtik/'
-  spec.summary      = 'MTik implements the MikroTik RouterOS API for use in Ruby.'
-  spec.description  = 'MTik implements the MikroTik RouterOS API for use in Ruby.'
-  spec.rubyforge_project = 'mtik'
-  spec.extra_rdoc_files  = [ 'README.txt' ]
-  spec.require_paths     = [ 'lib' ]
-  spec.files             = [
-    'CHANGELOG.txt',
-    'LICENSE.txt',
-    'README.txt',
-    'VERSION.txt',
-    'Rakefile',
-    'examples/tikjson.rb',
-    'bin/tikcli',
-    'bin/tikcommand',
-    'bin/tikfetch',
-    'lib/mtik.rb',
-    'lib/mtik/connection.rb',
-    'lib/mtik/error.rb',
-    'lib/mtik/fatalerror.rb',
-    'lib/mtik/reply.rb',
-    'lib/mtik/request.rb',
-    'lib/mtik/timeouterror.rb'
-  ]
-  spec.executables = [ 'tikcli', 'tikcommand', 'tikfetch' ]
-end
+gemspec = Gem::Specification.load('mtik.gemspec')
 
-Rake::GemPackageTask.new(gemspec) do |pkg|
+Gem::PackageTask.new(gemspec) do |pkg|
   pkg.need_zip = true
   pkg.need_tar = true
 end
 
-Rake::RDocTask.new do |rdoc|
+RDoc::Task.new do |rdoc|
   rdoc.name     = 'rdoc'
   rdoc.main     = 'README.txt'
   rdoc.rdoc_dir = 'doc'

data/VERSION.txt

@@ -1 +1 @@
-4.0.1
+4.1.0

data/bin/tikcli

@@ -42,10 +42,46 @@ $LOAD_PATH.unshift(File.dirname(__FILE__)+'/../lib')
 require 'rubygems'
 require 'mtik'
 
-unless ARGV.length == 3
-  STDERR.print("Usage: #{$0} <host> <user> <pass>\n")
+def usage(msg='')
+  STDERR.print(
+    (msg.size > 0 ? msg + "\n\n" : '') +
+    "Usage: #{$0} [-s|--ssl] [-u|--unencrypted_plaintext] <host> <user> <pass>\n"  +
+    "       --unencrypted_plaintext OR -u  - Use the 6.43+ login API even if NOT\n" +
+    "                                        using SSL.\n"                          +
+    "       --ssl OR -s                    - Use SSL for the API connection.\n"
+  )
   exit(-1)
 end
 
-MTik::interactive_client(ARGV[0], ARGV[1], ARGV[2])
+use_ssl = unencrypted_plaintext = false
+while !ARGV[0].nil? && ARGV[0][0] == '-'
+  arg = ARGV.shift
+  case arg
+  when '--ssl', '-s'
+    usage("Please do not repeat the --ssl (or -s) parameter") if use_ssl
+    use_ssl = true
+  when '--unencrypted_plaintext', '-u'
+    usage("Please do not repeat the --unencrypted_plaintext (or -u) parameter") if unencrypted_plaintext
+    unencrypted_plaintext = true
+  else
+    usage("Unknown argument #{arg.inspect}")
+  end
+end
+usage("Too many arguments.")     if ARGV.size > 3
+usage("Insufficient arguments.") if ARGV.size < 3
+
+## Permit setting use_ssl and unencrypted_plaintext via environment variables:
+use_ssl               = true if ENV['MTIK_SSL']
+unencrypted_plaintext = true if ENV['MTIK_UNENCRYPTED_PLAINTEXT']
+
+args = {
+  :host => ARGV[0],
+  :user => ARGV[1],
+  :pass => ARGV[2],
+  :ssl  => use_ssl,
+  :unencrypted_plaintext => unencrypted_plaintext
+}
+p args
+
+MTik::interactive_client(args)
 

data/bin/tikcommand

@@ -42,12 +42,39 @@ $LOAD_PATH.unshift(File.dirname(__FILE__)+'/../lib')
 require 'rubygems'
 require 'mtik'
 
-unless ARGV.length > 3
-  STDERR.print("Usage: #{$0} <host> <user> <pass> <command> [<args>...] [<command> [<args> ...]]\n")
+def usage(msg='')
+  STDERR.print(
+    (msg.size > 0 ? msg + "\n\n" : '') +
+    "Usage: #{$0} [-s|--ssl] [-u|--unencrypted_plaintext] <host> <user> <pass> <command> [<args>...] [<command> [<args> ...]]\n" +
+    "       --unencrypted_plaintext OR -u  - Use the 6.43+ login API even if NOT\n" +
+    "                                        using SSL.\n"                          +
+    "       --ssl OR -s                    - Use SSL for the API connection.\n"
+  )
   exit(-1)
 end
 
-MTik::verbose = true  ## Set how you want
+MTik::verbose = true  ## Set how verbose you want things
+
+use_ssl = unencrypted_plaintext = false
+while !ARGV[0].nil? && ARGV[0][0] == '-'
+  arg = ARGV.shift
+  case arg
+  when '--ssl', '-s'
+    usage("Please do not repeat the --ssl (or -s) parameter") if use_ssl
+    use_ssl = true
+  when '--unencrypted_plaintext', '-u'
+    usage("Please do not repeat the --unencrypted_plaintext (or -u) parameter") if unencrypted_plaintext
+    unencrypted_plaintext = true
+  else
+    usage("Unknown argument #{arg.inspect}")
+  end
+end
+usage("Too few arguments.") if ARGV.size < 4
+usage("First command must start with a slash '/' character. #{ARGV[3].inspect}") if ARGV[3].nil? || ARGV[3][0] != '/'
+
+## Permit setting use_ssl and unencrypted_plaintext via environment variables:
+use_ssl               = true if ENV['MTIK_SSL']
+unencrypted_plaintext = true if ENV['MTIK_UNENCRYPTED_PLAINTEXT']
 
 ## Detect multiple command sequences and build an array of arrays
 ## where each outer array element is a command plus arguments:
@@ -62,10 +89,14 @@ while i < ARGV.length
   i += 1
 end
 
-p MTik::command(
-  :host=>ARGV[0],
-  :user=>ARGV[1],
-  :pass=>ARGV[2],
-  :command=>command
-)
+args = {
+  :host    => ARGV[0],
+  :user    => ARGV[1],
+  :pass    => ARGV[2],
+  :command => command,
+  :ssl     => use_ssl,
+  :unencrypted_plaintext => unencrypted_plaintext
+}
+
+p MTik::command(args)
 

data/bin/tikfetch

@@ -46,16 +46,48 @@ require 'mtik'
 ## output of all API interactions:
 #MTik::verbose = true
 
-if ARGV.length < 4
-  print "Usage: #{$0} <device> <user> <pass> <url> [<localfilename> [<url> [<localfilename> ... ]]]\n"
-  exit
+def usage(msg='')
+  STDERR.print(
+    (msg.size > 0 ? msg + "\n\n" : '') +
+    "Usage: #{$0} [-s|--ssl] [-u|--unencrypted_plaintext] <device> <user> <pass> <url> [<localfilename> [<url> [<localfilename> ... ]]]\n" +
+    "       --unencrypted_plaintext OR -u  - Use the 6.43+ login API even if NOT\n" +
+    "                                        using SSL.\n"                          +
+    "       --ssl OR -s                    - Use SSL for the API connection.\n"
+  )
+  exit(-1)
+end
+
+use_ssl = unencrypted_plaintext = false
+while !ARGV[0].nil? && ARGV[0][0] == '-'
+  arg = ARGV.shift
+  case arg
+  when '--ssl', '-s'
+    usage("Please do not repeat the --ssl (or -s) parameter") if use_ssl
+    use_ssl = true
+  when '--unencrypted_plaintext', '-u'
+    usage("Please do not repeat the --unencrypted_plaintext (or -u) parameter") if unencrypted_plaintext
+    unencrypted_plaintext = true
+  else
+    usage("Unknown argument #{arg.inspect}")
+  end
 end
+usage("Too few arguments.") if ARGV.size < 4
+
+## Permit setting use_ssl and unencrypted_plaintext via environment variables:
+use_ssl               = true if ENV['MTIK_SSL']
+unencrypted_plaintext = true if ENV['MTIK_UNENCRYPTED_PLAINTEXT']
+
+args = {
+  :host => ARGV.shift,
+  :user => ARGV.shift,
+  :pass => ARGV.shift,
+  :ssl  => use_ssl,
+  :unencrypted_plaintext => unencrypted_plaintext
+}
+
 
-host = ARGV.shift
-user = ARGV.shift
-pass = ARGV.shift
 begin
-  mt = MTik::Connection.new(:host=>host, :user=>user, :pass=>pass)
+  mt = MTik::Connection.new(args)
 rescue Errno::ETIMEDOUT, Errno::ENETUNREACH, Errno::EHOSTUNREACH, MTik::Error => e
   print ">>> ERROR CONNECTING: #{e}\n"
   exit
@@ -129,6 +161,7 @@ print "SIZE        CREATED               FILENAME\n"
 print "====================================================================\n"
 mt.get_reply_each('/file/getall') do |req, s|
   unless s.key?('!done')
+    s['size'] = 'directory' if s['type'] == 'directory'
     print "#{(s['size']+'        ')[0,10]}  #{s['creation-time']}  #{s['name']}\n"
   end
 end

data/examples/tikjson.rb

@@ -2,11 +2,13 @@
 ########################################################################
 #--
 #
-# FILE:     json.rb -- Example of using the Ruby MikroTik API in Ruby
+# FILE:  tikjson.rb -- Example of using the Ruby MikroTik API in Ruby
+#                      to execute an API command and retrieve results
+#                      in JSON format
 #
 #++
 # Author::    Aaron D. Gifford - http://www.aarongifford.com/
-# Copyright:: Copyright (c) 2009-2011, InfoWest, Inc.
+# Copyright:: Copyright (c) 2009-2014, InfoWest, Inc.
 # License::   BSD license
 #--
 # Redistribution and use in source and binary forms, with or without

data/lib/mtik.rb

@@ -34,20 +34,22 @@
 # encoding: ASCII-8BIT
 
 module MTik
-  require 'mtik/error.rb'
-  require 'mtik/fatalerror.rb'
-  require 'mtik/timeouterror.rb'
-  require 'mtik/request.rb'
-  require 'mtik/reply.rb'
-  require 'mtik/connection.rb'
+  require_relative 'mtik/error.rb'
+  require_relative 'mtik/fatalerror.rb'
+  require_relative 'mtik/timeouterror.rb'
+  require_relative 'mtik/request.rb'
+  require_relative 'mtik/reply.rb'
+  require_relative 'mtik/connection.rb'
 
   ## Default MikroTik RouterOS API TCP port:
   PORT = 8728
+  ## Default MikroTik RouterOS API-SSL TCP port:
+  PORT_SSL = 8729
   ## Default username to use if none is specified:
   USER = 'admin'
   ## Default password to use if none is specified:
   PASS = ''
-  ## Connection timeout default -- *NOT USED* 
+  ## Connection timeout default -- *NOT USED*
   CONN_TIMEOUT = 60
   ## Command timeout -- The maximum number of seconds to wait for more
   ## API data when expecting one or more command responses.
@@ -56,6 +58,9 @@ module MTik
   ## Maximum number of replies before a command is auto-canceled:
   MAXREPLIES   = 1000
 
+  ## SSL is set to false by default
+  USE_SSL = false
+
   @verbose = false
   @debug   = false
 
@@ -81,12 +86,30 @@ module MTik
 
 
   ## Act as an interactive client with the device, accepting user
-  ## input from STDIN.
-  def self.interactive_client(host, user, pass)
+  ## input from STDIN.  Arguments are key/value pairs, and are
+  ## simply passed directly to MTik::Connection().  The below
+  ## documentation is taken directly from MTik::Connection. One
+  ## more ## key/value pair style arguments must be specified.
+  ## The one ## required argument is the host or IP of the device
+  ## to connect to.
+  ## +host+:: This is the only _required_ argument. Example:
+  ##          <i> :host => "rb411.example.org" </i>
+  ## +ssl+::  Use SSL to encrypt communications
+  ## +port+:: Override the default API port (8728/8729)
+  ## +user+:: Override the default API username ('admin')
+  ## +pass+:: Override the default API password (blank)
+  ## +conn_timeout+:: Override the default connection
+  ##                  timeout (60 seconds)
+  ## +cmd_timeout+::  Override the default command timeout
+  ##                  (60 seconds) -- the number of seconds
+  ##                  to wait for additional API input.
+  ## +unencrypted_plaintext+::  Attempt to use the 6.43+ login API
+  ##                            even without SSL
+  def self.interactive_client(args)
     old_verbose = MTik::verbose
     MTik::verbose = true
     begin
-      tk = MTik::Connection.new(:host => host, :user => user, :pass => pass)
+      tk = MTik::Connection.new(args)
     rescue MTik::Error, Errno::ECONNREFUSED => e
       print "=== LOGIN ERROR: #{e.message}\n"
       exit
@@ -127,7 +150,7 @@ module MTik
               cmd == '/tool/fetch' && sentence['status'] == 'finished'
             ) || (maxreply > 0 && count == maxreply)
               state = 2
-              req.cancel do |r, s|  
+              req.cancel do |r, s|
                 state = 1
               end
             end
@@ -154,7 +177,7 @@ module MTik
         end
       end
     end
- 
+
     reply = tk.get_reply('/quit')
     unless reply[0].key?('!fatal')
       raise MTik::Error.new("Unexpected response to '/quit' command.")
@@ -240,16 +263,9 @@ module MTik
   ## Remember that the limit applies separately to each API command
   ## executed.
   def self.command(args)
-    tk = MTik::Connection.new(
-      :host => args[:host],
-      :user => args[:user],
-      :pass => args[:pass],
-      :port => args[:port],
-      :conn_timeout => args[:conn_timeout],
-      :cmd_timeout  => args[:cmd_timeout]
-    )
-    limit = args[:limit]  ## Optional reply limit
-    cmd = args[:command]
+    tk      = MTik::Connection.new(args)
+    limit   = args[:limit]  ## Optional reply limit
+    cmd     = args[:command]
     replies = Array.new
     if cmd.is_a?(String)
       ## Single command, no arguments

data/lib/mtik/connection.rb

@@ -39,6 +39,7 @@
 class MTik::Connection
   require 'socket'
   require 'digest/md5'
+  require 'openssl'
 
   ## Initialize/construct the new _MTik_ object.  One or more
   ## key/value pair style arguments must be specified. The one
@@ -46,26 +47,31 @@ class MTik::Connection
   ## to.
   ## +host+:: This is the only _required_ argument. Example:
   ##          <i> :host => "rb411.example.org" </i>
-  ## +port+:: Override the default API port (8728)
+  ## +ssl+::  Use SSL to encrypt communications
+  ## +port+:: Override the default API port (8728/8729)
   ## +user+:: Override the default API username ('admin')
   ## +pass+:: Override the default API password (blank)
   ## +conn_timeout+:: Override the default connection
-  ##                  timeout (60 seconds) -- *NOT USED*
+  ##                  timeout (60 seconds)
   ## +cmd_timeout+::  Override the default command timeout
   ##                  (60 seconds) -- the number of seconds
   ##                  to wait for additional API input.
+  ## +unencrypted_plaintext+::  Attempt to use the 6.43+ login API even without SSL
   def initialize(args)
-    @sock         = nil
-    @requests     = Hash.new
-    @host         = args[:host]
-    @port         = args[:port] || MTik::PORT
-    @user         = args[:user] || MTik::USER
-    @pass         = args[:pass] || MTik::PASS
-    @conn_timeout = args[:conn_timeout] || MTik::CONN_TIMEOUT
-    @cmd_timeout  = args[:cmd_timeout]  || MTik::CMD_TIMEOUT
-    @data         = ''
-    @parsing      = false  ## Recursion flag
-    @os_version   = nil
+    @sock                  = nil
+    @ssl_sock              = nil
+    @requests              = Hash.new
+    @use_ssl               = args[:ssl] || MTik::USE_SSL
+    @unencrypted_plaintext = args[:unencrypted_plaintext]
+    @host                  = args[:host]
+    @port                  = args[:port] || (@use_ssl ? MTik::PORT_SSL : MTik::PORT)
+    @user                  = args[:user] || MTik::USER
+    @pass                  = args[:pass] || MTik::PASS
+    @conn_timeout          = args[:conn_timeout] || MTik::CONN_TIMEOUT
+    @cmd_timeout           = args[:cmd_timeout]  || MTik::CMD_TIMEOUT
+    @data                  = ''
+    @parsing               = false  ## Recursion flag
+    @os_version            = nil
 
     ## Initiate connection and immediately login to device:
     login
@@ -95,28 +101,41 @@ class MTik::Connection
       raise MTik::Error.new("Login failed: Unable to connect to device.")
     end
 
-    ## Send first /login command to obtain the challenge:
-    reply = get_reply('/login')
-    ## Make sure the reply has the info we expect:
-    if reply.length != 1 || reply[0].length != 3 || !reply[0].key?('ret')
-      raise MTik::Error.new("Login failed: unexpected reply to login attempt.")
+    # Try using the the post-6.43 login API; on older routers this still initiates
+    # a regular challenge-response cycle.
+    if @use_ssl || @unencrypted_plaintext
+      warn("SENDING PLAINTEXT PASSWORD OVER UNENCRYPTED CONNECTION") unless @use_ssl
+      reply = get_reply('/login',["=name=#{@user}","=password=#{@pass}"])
+      if reply.length == 1 && reply[0].length == 2 && reply[0].key?('!done')
+        v_6_43_login_successful = true
+      end
+    else
+      ## Just send first /login command to obtain the challenge, if not using SSL
+      reply = get_reply('/login')
     end
 
-    ## Grab the challenge from first (only) sentence in the reply:
-    challenge = hex2bin(reply[0]['ret'])
+    unless v_6_43_login_successful
+      ## Make sure the reply has the info we expect for challenge-response authentication:
+      if reply.length != 1 || reply[0].length != 3 || !reply[0].key?('ret')
+        raise MTik::Error.new("Login failed: unexpected reply to login attempt.")
+      end
 
-    ## Generate reply MD5 hash and convert binary hash to hex string:
-    response  = Digest::MD5.hexdigest(0.chr + @pass + challenge)
+      ## Grab the challenge from first (only) sentence in the reply:
+      challenge = hex2bin(reply[0]['ret'])
 
-    ## Send second /login command with our response:
-    reply = get_reply('/login', '=name=' + @user, '=response=00' + response)
-    if reply[0].key?('!trap')
-      raise MTik::Error.new("Login failed: " + (reply[0].key?('message') ? reply[0]['message'] : 'Unknown error.'))
-    end
-    unless reply.length == 1 && reply[0].length == 2 && reply[0].key?('!done')
-      @sock.close
-      @sock = nil
-      raise MTik::Error.new('Login failed: Unknown response to login.')
+      ## Generate reply MD5 hash and convert binary hash to hex string:
+      response  = Digest::MD5.hexdigest(0.chr + @pass + challenge)
+
+      ## Send second /login command with our response:
+      reply = get_reply('/login', '=name=' + @user, '=response=00' + response)
+      if reply[0].key?('!trap')
+        raise MTik::Error.new("Login failed: " + (reply[0].key?('message') ? reply[0]['message'] : 'Unknown error.'))
+      end
+      unless reply.length == 1 && reply[0].length == 2 && reply[0].key?('!done')
+        @sock.close
+        @sock = nil
+        raise MTik::Error.new('Login failed: Unknown response to login.')
+      end
     end
 
     ## Request the RouterOS version of the device as different versions
@@ -130,16 +149,39 @@ class MTik::Connection
   ## Connect to the device
   def connect
     return unless @sock.nil?
-    ## TODO: Perhaps catch more errors; implement connection timeout
+    ## TODO: Perhaps catch more errors
     begin
-      @sock = TCPSocket::new(@host, @port)
-    rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, Errno::ENETUNREACH,
+      addr  = Socket.getaddrinfo(@host, nil)
+      @sock = Socket.new(Socket.const_get(addr[0][0]), Socket::SOCK_STREAM, 0)
+
+      begin
+        @sock.connect_nonblock(Socket.pack_sockaddr_in(@port, addr[0][3]))
+      rescue Errno::EINPROGRESS
+        ready = IO.select([@sock], [@sock], [], @conn_timeout)
+        raise Errno::ETIMEDOUT unless ready
+      end
+
+      connect_ssl(@sock) if @use_ssl
+    rescue Errno::ECONNREFUSED,
+           Errno::ETIMEDOUT,
+           Errno::ENETUNREACH,
            Errno::EHOSTUNREACH => e
       @sock = nil
       raise e ## Re-raise the exception
     end
   end
 
+  def connect_ssl(sock)
+    ssl_context = OpenSSL::SSL::SSLContext.new()
+    ssl_context.ciphers = ['HIGH']
+    ssl_socket = OpenSSL::SSL::SSLSocket.new(sock, ssl_context)
+    ssl_socket.sync_close = true
+    unless ssl_socket.connect
+      raise MTik::Error.new("Cannot establish SSL connection.")
+    end
+    @ssl_sock = ssl_socket
+  end
+
   ## Wait for and read exactly one sentence, regardless of content:
   def get_sentence
     ## TODO: Implement timeouts, detect disconnection, maybe do auto-reconnect
@@ -193,7 +235,8 @@ class MTik::Connection
       end
       oldlen = @data.length
       ## Read some more data IF any is available:
-      sel = IO.select([@sock],nil,[@sock], @cmd_timeout)
+      sock = @ssl_sock || @sock
+      sel = IO.select([sock],nil,[sock], @cmd_timeout)
       if sel.nil?
         raise MTik::TimeoutError.new(
           "Time-out while awaiting data with #{outstanding} pending " +
@@ -201,7 +244,7 @@ class MTik::Connection
         )
       end
       if sel[0].length == 1
-        @data += @sock.recv(8192)
+        @data += recv(8192)
       elsif sel[2].length == 1
         raise MTik::Error.new(
           "I/O (select) error while awaiting data with #{outstanding} pending " +
@@ -244,7 +287,7 @@ class MTik::Connection
       sentence = get_sentence  ## This call must be ATOMIC or re-entrant safety fails
 
       ## Check for '!fatal' before checking for a tag--'!fatal'
-      ## is never(???) tagged: 
+      ## is never(???) tagged:
       if sentence.key?('!fatal')
         ## FATAL ERROR has occured! (Or a '/quit' command was issued...)
         if @data.length > 0
@@ -343,7 +386,7 @@ class MTik::Connection
   ## +args+::              Zero or more arguments to the command
   ## +callback+::          Proc/lambda code (or code block if not provided as
   ##                       an argument) to be called.  (See the +await_completion+
-  ##                    
+  ##
   def send_request(await_completion, command, *args, &callback)
     if await_completion.is_a?(MTik::Request)
       req = await_completion
@@ -371,10 +414,45 @@ class MTik::Connection
 
   ## Send the request object over the socket
   def xmit(req)
-    @sock.send(req.request, 0)
+    begin
+      if @ssl_sock
+        @ssl_sock.write(req.request)
+      else
+        @sock.send(req.request, 0)
+      end
+    rescue Errno::EPIPE => e
+      @sock = @ssl_sock = nil
+      raise e ## Re-raise the exception
+    end
     return req
   end
 
+  def recv(buffer_size)
+    if @ssl_sock
+      recv_openssl(buffer_size)
+    else
+      @sock.recv(buffer_size)
+    end
+  end
+
+  # 2 cases for backwards compatibility
+  def recv_openssl(buffer_size)
+    if OpenSSL::SSL.const_defined? 'SSLErrorWaitReadable'.freeze
+      begin
+        @ssl_sock.read_nonblock(buffer_size)
+      rescue OpenSSL::SSL::SSLErrorWaitReadable
+        ''
+      end
+    else
+      begin
+        @ssl_sock.read_nonblock(buffer_size)
+      rescue OpenSSL::SSL::SSLError => e
+        return '' if e.message == 'read would block'.freeze
+        raise e
+      end
+    end
+  end
+
   ## Send a command, then wait for the command to complete, then return
   ## the completed reply.
   ##
@@ -407,8 +485,10 @@ class MTik::Connection
 
   ## Close the connection.
   def close
-    return if @sock.nil?
-    @sock.close
+    return if @sock.nil? and @ssl_sock.nil?
+    @ssl_sock.close if @ssl_sock and !@ssl_sock.closed?
+    @sock.close if @sock and !@sock.closed?
+    @ssl_sock = nil
     @sock = nil
   end
 
@@ -512,16 +592,53 @@ class MTik::Connection
   ## +total+::    Final expected file size in bytes
   ## +bytes+::    Number of bytes transferred so far
   ## +request+::  The MTik::Request object
-  def fetch(url, filename, timeout=nil, &callback)
+  def fetch(url, filename=nil, timeout=nil, &callback)
+    require 'uri'
+
+    uri = URI(url)
+    filename = File.basename(uri.path) if filename.nil?
+
     total  = bytes = oldbytes = 0
     status = ''
     done   = false
     lastactivity = Time.now
-    req = get_reply_each(
-      '/tool/fetch',
-      '=url=' + url,
-      '=dst-path=' + filename
-    ) do |r, s|
+
+    ## RouterOS versions 4.9 and prior (not sure if this version cut-off
+    ## is exactly right) would accept the url parameter, but failed to
+    ## download the files.  So for versions older than this, we'll use
+    ## the mode/src-path/port parameters instead if possible.
+    if !@os_version.nil? && lambda {|a,b|
+      sr = %r{(?:\.|rc|beta|alpha)}
+      a = a.split(sr).map{|i| i.to_i}
+      b = b.split(sr).map{|i| i.to_i}
+      i = 0
+      while i < a.size && i < b.size
+        return -1 if a[i] < b[i]
+        return  1 if a[i] > b[i]
+        i += 1
+      end
+      return a.size <=> b.size
+    }.call(@os_version, '4.9') < 1
+      command = [
+        '/tool/fetch', '=mode=' + uri.scheme,
+        '=src-path=' + uri.path + (uri.query.size > 0 ? '?' + uri.query : ''),
+        '=dst-path=' + filename
+      ]
+      case uri.scheme
+      when 'http'
+        command << '=port=80'
+      when 'https'
+        command << '=port=443'
+      end
+    else
+      command = [
+        '/tool/fetch',
+        '=url=' + url,
+        '=dst-path=' + filename
+      ]
+    end
+
+    req = get_reply_each(command[0], *command[1..-1])  do |r, s|
       if s.key?('!re') && !done
         unless s.key?('status')
           raise MTik::Error.new("Unknown response to '/tool/fetch': missing 'status' in response.")
@@ -611,7 +728,7 @@ class MTik::Connection
           else
             raise MTik::Error.new("Invalid settings match class '#{keyitem}' (expected Array, Regexp, or String)")
           end
-            
+
           if s.key?(key)
             ## A key matches! && s[k] != v
             oldv = s[k]

metadata

@@ -1,15 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mtik
 version: !ruby/object:Gem::Version
-  version: 4.0.1
-  prerelease: 
+  version: 4.1.0
 platform: ruby
 authors:
 - Aaron D. Gifford
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-02-09 00:00:00.000000000 Z
+date: 2020-08-22 00:00:00.000000000 Z
 dependencies: []
 description: MTik implements the MikroTik RouterOS API for use in Ruby.
 email: email_not_accepted@aarongifford.com
@@ -24,12 +23,12 @@ files:
 - CHANGELOG.txt
 - LICENSE.txt
 - README.txt
-- VERSION.txt
 - Rakefile
-- examples/tikjson.rb
+- VERSION.txt
 - bin/tikcli
 - bin/tikcommand
 - bin/tikfetch
+- examples/tikjson.rb
 - lib/mtik.rb
 - lib/mtik/connection.rb
 - lib/mtik/error.rb
@@ -39,26 +38,24 @@ files:
 - lib/mtik/timeouterror.rb
 homepage: http://www.aarongifford.com/computers/mtik/
 licenses: []
-post_install_message: 
+metadata: {}
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: mtik
-rubygems_version: 1.8.11
-signing_key: 
-specification_version: 3
+rubygems_version: 3.0.6
+signing_key:
+specification_version: 4
 summary: MTik implements the MikroTik RouterOS API for use in Ruby.
 test_files: []