mtik 4.0.3 → 4.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0faffc781b693499b3a24a0b07cc918c146903a6
-  data.tar.gz: 2415ca8ad18b2f83e55ca29e81bfe776f507700c
+SHA256:
+  metadata.gz: 6b5f8b42fee32a8aa6397a13fab80370d50af593ec95862dd6d7f2f483a41000
+  data.tar.gz: 67856a1a7ffc030967c3ec9ab265c1e1d8189813af6d84b6522fbcc2a397fbdb
 SHA512:
-  metadata.gz: 82acc2725c7f074df88f22585a13a1395ffedd4bf9194daa167e893f1d33d11da70bb4a9825c25c294863b7bd88b8bdf3c435d848461862402bf22cf26824e58
-  data.tar.gz: 04e7aca873f26094fdcd701431bba659ad0663f7528b2ab03ddc9192276cafbda3b80f6d68698d366c9ae74c1049e33602adf8a59b2b625e177f0d2b8c2474ad
+  metadata.gz: 81be2978391702f448cc17d10dac4ed7facc7684a4a4270395e7524bc70a41bdfe21d6062a7ec21ca02d1b280352166162c59d099a0e4d1c944e10c68dceafe8
+  data.tar.gz: f6e52a8ba3d6abe04553b4631d7bbef9aa43c25a55b2fbfdf961041ffb6dce488af750ecc7320ecef31322e61a5618785b216921b1a5c868354c5fa9735b1c64

data/Rakefile

@@ -2,38 +2,7 @@ require 'rubygems'
 require 'rubygems/package_task'
 require 'rdoc/task'
 
-gemspec = Gem::Specification.new do |spec|
-  spec.name         = 'mtik'
-  spec.version      = File.open('VERSION.txt','r').to_a.join.strip
-  spec.date         = File.mtime('VERSION.txt')
-  spec.author       = 'Aaron D. Gifford'
-  spec.email        = 'email_not_accepted@aarongifford.com'
-  spec.homepage     = 'http://www.aarongifford.com/computers/mtik/'
-  spec.summary      = 'MTik implements the MikroTik RouterOS API for use in Ruby.'
-  spec.description  = 'MTik implements the MikroTik RouterOS API for use in Ruby.'
-  spec.rubyforge_project = 'mtik'
-  spec.extra_rdoc_files  = [ 'README.txt' ]
-  spec.require_paths     = [ 'lib' ]
-  spec.files             = [
-    'CHANGELOG.txt',
-    'LICENSE.txt',
-    'README.txt',
-    'VERSION.txt',
-    'Rakefile',
-    'examples/tikjson.rb',
-    'bin/tikcli',
-    'bin/tikcommand',
-    'bin/tikfetch',
-    'lib/mtik.rb',
-    'lib/mtik/connection.rb',
-    'lib/mtik/error.rb',
-    'lib/mtik/fatalerror.rb',
-    'lib/mtik/reply.rb',
-    'lib/mtik/request.rb',
-    'lib/mtik/timeouterror.rb'
-  ]
-  spec.executables = [ 'tikcli', 'tikcommand', 'tikfetch' ]
-end
+gemspec = Gem::Specification.load('mtik.gemspec')
 
 Gem::PackageTask.new(gemspec) do |pkg|
   pkg.need_zip = true

data/VERSION.txt

@@ -1 +1 @@
-4.0.3
+4.0.4

data/lib/mtik.rb

@@ -34,15 +34,17 @@
 # encoding: ASCII-8BIT
 
 module MTik
-  require 'mtik/error.rb'
-  require 'mtik/fatalerror.rb'
-  require 'mtik/timeouterror.rb'
-  require 'mtik/request.rb'
-  require 'mtik/reply.rb'
-  require 'mtik/connection.rb'
+  require_relative 'mtik/error.rb'
+  require_relative 'mtik/fatalerror.rb'
+  require_relative 'mtik/timeouterror.rb'
+  require_relative 'mtik/request.rb'
+  require_relative 'mtik/reply.rb'
+  require_relative 'mtik/connection.rb'
 
   ## Default MikroTik RouterOS API TCP port:
   PORT = 8728
+  ## Default MikroTik RouterOS API-SSL TCP port:
+  PORT_SSL = 8729
   ## Default username to use if none is specified:
   USER = 'admin'
   ## Default password to use if none is specified:
@@ -56,6 +58,9 @@ module MTik
   ## Maximum number of replies before a command is auto-canceled:
   MAXREPLIES   = 1000
 
+  ## SSL is set to false by default
+  USE_SSL = false
+
   @verbose = false
   @debug   = false
 

data/lib/mtik/connection.rb

@@ -39,6 +39,7 @@
 class MTik::Connection
   require 'socket'
   require 'digest/md5'
+  require 'openssl'
 
   ## Initialize/construct the new _MTik_ object.  One or more
   ## key/value pair style arguments must be specified. The one
@@ -46,7 +47,8 @@ class MTik::Connection
   ## to.
   ## +host+:: This is the only _required_ argument. Example:
   ##          <i> :host => "rb411.example.org" </i>
-  ## +port+:: Override the default API port (8728)
+  ## +ssl+::  Use SSL to encrypt communications
+  ## +port+:: Override the default API port (8728/8729)
   ## +user+:: Override the default API username ('admin')
   ## +pass+:: Override the default API password (blank)
   ## +conn_timeout+:: Override the default connection
@@ -54,18 +56,22 @@ class MTik::Connection
   ## +cmd_timeout+::  Override the default command timeout
   ##                  (60 seconds) -- the number of seconds
   ##                  to wait for additional API input.
+  ## +unencrypted_plaintext+::  Attempt to use the 6.43+ login API even without SSL
   def initialize(args)
-    @sock         = nil
-    @requests     = Hash.new
-    @host         = args[:host]
-    @port         = args[:port] || MTik::PORT
-    @user         = args[:user] || MTik::USER
-    @pass         = args[:pass] || MTik::PASS
-    @conn_timeout = args[:conn_timeout] || MTik::CONN_TIMEOUT
-    @cmd_timeout  = args[:cmd_timeout]  || MTik::CMD_TIMEOUT
-    @data         = ''
-    @parsing      = false  ## Recursion flag
-    @os_version   = nil
+    @sock                  = nil
+    @ssl_sock              = nil
+    @requests              = Hash.new
+    @use_ssl               = args[:ssl] || MTik::USE_SSL
+    @unencrypted_plaintext = args[:unecrypted_plaintext]
+    @host                  = args[:host]
+    @port                  = args[:port] || (@use_ssl ? MTik::PORT_SSL : MTik::PORT)
+    @user                  = args[:user] || MTik::USER
+    @pass                  = args[:pass] || MTik::PASS
+    @conn_timeout          = args[:conn_timeout] || MTik::CONN_TIMEOUT
+    @cmd_timeout           = args[:cmd_timeout]  || MTik::CMD_TIMEOUT
+    @data                  = ''
+    @parsing               = false  ## Recursion flag
+    @os_version            = nil
 
     ## Initiate connection and immediately login to device:
     login
@@ -95,28 +101,41 @@ class MTik::Connection
       raise MTik::Error.new("Login failed: Unable to connect to device.")
     end
 
-    ## Send first /login command to obtain the challenge:
-    reply = get_reply('/login')
-    ## Make sure the reply has the info we expect:
-    if reply.length != 1 || reply[0].length != 3 || !reply[0].key?('ret')
-      raise MTik::Error.new("Login failed: unexpected reply to login attempt.")
+    # Try using the the post-6.43 login API; on older routers this still initiates
+    # a regular challenge-response cycle.
+    if @use_ssl || @unencrypted_plaintext
+      warn("SENDING PLAINTEXT PASSWORD OVER UNENCRYPTED CONNECTION") unless @use_ssl
+      reply = get_reply('/login',["=name=#{@user}","=password=#{@pass}"])
+      if reply.length == 1 && reply[0].length == 2 && reply[0].key?('!done')
+        v_6_43_login_successful = true
+      end
+    else
+      ## Just send first /login command to obtain the challenge, if not using SSL
+      reply = get_reply('/login')
     end
 
-    ## Grab the challenge from first (only) sentence in the reply:
-    challenge = hex2bin(reply[0]['ret'])
+    unless v_6_43_login_successful
+      ## Make sure the reply has the info we expect for challenge-response authentication:
+      if reply.length != 1 || reply[0].length != 3 || !reply[0].key?('ret')
+        raise MTik::Error.new("Login failed: unexpected reply to login attempt.")
+      end
 
-    ## Generate reply MD5 hash and convert binary hash to hex string:
-    response  = Digest::MD5.hexdigest(0.chr + @pass + challenge)
+      ## Grab the challenge from first (only) sentence in the reply:
+      challenge = hex2bin(reply[0]['ret'])
 
-    ## Send second /login command with our response:
-    reply = get_reply('/login', '=name=' + @user, '=response=00' + response)
-    if reply[0].key?('!trap')
-      raise MTik::Error.new("Login failed: " + (reply[0].key?('message') ? reply[0]['message'] : 'Unknown error.'))
-    end
-    unless reply.length == 1 && reply[0].length == 2 && reply[0].key?('!done')
-      @sock.close
-      @sock = nil
-      raise MTik::Error.new('Login failed: Unknown response to login.')
+      ## Generate reply MD5 hash and convert binary hash to hex string:
+      response  = Digest::MD5.hexdigest(0.chr + @pass + challenge)
+
+      ## Send second /login command with our response:
+      reply = get_reply('/login', '=name=' + @user, '=response=00' + response)
+      if reply[0].key?('!trap')
+        raise MTik::Error.new("Login failed: " + (reply[0].key?('message') ? reply[0]['message'] : 'Unknown error.'))
+      end
+      unless reply.length == 1 && reply[0].length == 2 && reply[0].key?('!done')
+        @sock.close
+        @sock = nil
+        raise MTik::Error.new('Login failed: Unknown response to login.')
+      end
     end
 
     ## Request the RouterOS version of the device as different versions
@@ -146,6 +165,8 @@ class MTik::Connection
       end
     end
 
+    connect_ssl(@sock) if @use_ssl
+
     rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, Errno::ENETUNREACH,
            Errno::EHOSTUNREACH => e
       @sock = nil
@@ -153,6 +174,17 @@ class MTik::Connection
     end
   end
 
+  def connect_ssl(sock)
+    ssl_context = OpenSSL::SSL::SSLContext.new()
+    ssl_context.ciphers = ['HIGH']
+    ssl_socket = OpenSSL::SSL::SSLSocket.new(sock, ssl_context)
+    ssl_socket.sync_close = true
+    unless ssl_socket.connect
+      raise MTik::Error.new("Cannot establish SSL connection.")
+    end
+    @ssl_sock = ssl_socket
+  end
+
   ## Wait for and read exactly one sentence, regardless of content:
   def get_sentence
     ## TODO: Implement timeouts, detect disconnection, maybe do auto-reconnect
@@ -206,7 +238,8 @@ class MTik::Connection
       end
       oldlen = @data.length
       ## Read some more data IF any is available:
-      sel = IO.select([@sock],nil,[@sock], @cmd_timeout)
+      sock = @ssl_sock || @sock
+      sel = IO.select([sock],nil,[sock], @cmd_timeout)
       if sel.nil?
         raise MTik::TimeoutError.new(
           "Time-out while awaiting data with #{outstanding} pending " +
@@ -214,7 +247,7 @@ class MTik::Connection
         )
       end
       if sel[0].length == 1
-        @data += @sock.recv(8192)
+        @data += recv(8192)
       elsif sel[2].length == 1
         raise MTik::Error.new(
           "I/O (select) error while awaiting data with #{outstanding} pending " +
@@ -384,10 +417,41 @@ class MTik::Connection
 
   ## Send the request object over the socket
   def xmit(req)
-    @sock.send(req.request, 0)
+    if @ssl_sock
+      @ssl_sock.write(req.request)
+    else
+      @sock.send(req.request, 0)
+    end
+
     return req
   end
 
+  def recv(buffer_size)
+    if @ssl_sock
+      recv_openssl(buffer_size)
+    else
+      @sock.recv(buffer_size)
+    end
+  end
+
+  # 2 cases for backwards compatibility
+  def recv_openssl(buffer_size)
+    if OpenSSL::SSL.const_defined? 'SSLErrorWaitReadable'.freeze
+      begin
+        @ssl_sock.read_nonblock(buffer_size)
+      rescue OpenSSL::SSL::SSLErrorWaitReadable
+        ''
+      end
+    else
+      begin
+        @ssl_sock.read_nonblock(buffer_size)
+      rescue OpenSSL::SSL::SSLError => e
+        return '' if e.message == 'read would block'.freeze
+        raise e
+      end
+    end
+  end
+
   ## Send a command, then wait for the command to complete, then return
   ## the completed reply.
   ##
@@ -420,8 +484,10 @@ class MTik::Connection
 
   ## Close the connection.
   def close
-    return if @sock.nil?
-    @sock.close
+    return if @sock.nil? and @ssl_sock.nil?
+    @ssl_sock.close if @ssl_sock and !@ssl_sock.closed?
+    @sock.close if @sock and !@sock.closed?
+    @ssl_sock = nil
     @sock = nil
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mtik
 version: !ruby/object:Gem::Version
-  version: 4.0.3
+  version: 4.0.4
 platform: ruby
 authors:
 - Aaron D. Gifford
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-06 00:00:00.000000000 Z
+date: 2019-07-26 00:00:00.000000000 Z
 dependencies: []
 description: MTik implements the MikroTik RouterOS API for use in Ruby.
 email: email_not_accepted@aarongifford.com
@@ -45,17 +45,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: mtik
-rubygems_version: 2.2.1
+rubygems_version: 3.0.4
 signing_key: 
 specification_version: 4
 summary: MTik implements the MikroTik RouterOS API for use in Ruby.