netsnmp 0.1.8 → 0.4.1

data/lib/netsnmp/oid.rb

@@ -4,21 +4,16 @@ module NETSNMP
   # Abstracts the OID structure
   #
   module OID
+    using StringExtensions unless String.method_defined?(:match?)
+
     OIDREGEX = /^[\d\.]*$/
 
     module_function
 
-    def build(o)
-      case o
-      when OID then o
-      when Array
-        o.join(".")
-      when OIDREGEX
-        o = o[1..-1] if o.start_with?(".")
-        o
-      # TODO: MIB to OID
-      else raise Error, "can't convert #{o} to OID"
-      end
+    def build(id)
+      oid = MIB.oid(id)
+      oid = oid[1..-1] if oid.start_with?(".")
+      oid
     end
 
     def to_asn(oid)
@@ -29,7 +24,7 @@ module NETSNMP
     # @return [true, false] whether the given OID belongs to the sub-tree
     #
     def parent?(parent_oid, child_oid)
-      child_oid.match(/\A#{parent_oid}\./)
+      child_oid.match?(/\A#{parent_oid}\./)
     end
   end
 end

data/lib/netsnmp/pdu.rb

@@ -5,7 +5,11 @@ module NETSNMP
   # Abstracts the PDU base structure into a ruby object. It gives access to its varbinds.
   #
   class PDU
+    using ASNExtensions
+
     MAXREQUESTID = 2147483647
+
+    using ASNExtensions
     class << self
       def decode(der)
         asn_tree = case der
@@ -53,9 +57,10 @@ module NETSNMP
               when :inform    then 6
               when :trap      then 7
               when :response  then 2
+              when :report    then 8
               else raise Error, "#{type} is not supported as type"
               end
-        new(args.merge(type: typ))
+        new(type: typ, **args)
       end
     end
 
@@ -64,7 +69,7 @@ module NETSNMP
     attr_reader :version, :community, :request_id
 
     def initialize(type:, headers:,
-                   request_id: nil,
+                   request_id: SecureRandom.random_number(MAXREQUESTID),
                    error_status: 0,
                    error_index: 0,
                    varbinds: [])
@@ -75,9 +80,9 @@ module NETSNMP
       @type = type
       @varbinds = []
       varbinds.each do |varbind|
-        add_varbind(varbind)
+        add_varbind(**varbind)
       end
-      @request_id = request_id || SecureRandom.random_number(MAXREQUESTID)
+      @request_id = request_id
       check_error_status(@error_status)
     end
 
@@ -85,6 +90,10 @@ module NETSNMP
       to_asn.to_der
     end
 
+    def to_hex
+      to_asn.to_hex
+    end
+
     # Adds a request varbind to the pdu
     #
     # @param [OID] oid a valid oid
@@ -96,25 +105,27 @@ module NETSNMP
     alias << add_varbind
 
     def to_asn
-      request_id_asn = OpenSSL::ASN1::Integer.new(@request_id)
-      error_asn = OpenSSL::ASN1::Integer.new(@error_status)
-      error_index_asn = OpenSSL::ASN1::Integer.new(@error_index)
+      request_id_asn = OpenSSL::ASN1::Integer.new(@request_id).with_label(:request_id)
+      error_asn = OpenSSL::ASN1::Integer.new(@error_status).with_label(:error)
+      error_index_asn = OpenSSL::ASN1::Integer.new(@error_index).with_label(:error_index)
 
-      varbind_asns = OpenSSL::ASN1::Sequence.new(@varbinds.map(&:to_asn))
+      varbind_asns = OpenSSL::ASN1::Sequence.new(@varbinds.map(&:to_asn)).with_label(:varbinds)
 
       request_asn = OpenSSL::ASN1::ASN1Data.new([request_id_asn,
                                                  error_asn, error_index_asn,
                                                  varbind_asns], @type,
-                                                :CONTEXT_SPECIFIC)
+                                                :CONTEXT_SPECIFIC).with_label(:request)
 
-      OpenSSL::ASN1::Sequence.new([*encode_headers_asn, request_asn])
+      OpenSSL::ASN1::Sequence.new([*encode_headers_asn, request_asn]).with_label(:pdu)
     end
 
     private
 
     def encode_headers_asn
-      [OpenSSL::ASN1::Integer.new(@version),
-       OpenSSL::ASN1::OctetString.new(@community)]
+      [
+        OpenSSL::ASN1::Integer.new(@version).with_label(:snmp_version),
+        OpenSSL::ASN1::OctetString.new(@community).with_label(:community)
+      ]
     end
 
     # http://www.tcpipguide.com/free/t_SNMPVersion2SNMPv2MessageFormats-5.htm#Table_219

data/lib/netsnmp/scoped_pdu.rb

@@ -2,6 +2,8 @@
 
 module NETSNMP
   class ScopedPDU < PDU
+    using ASNExtensions
+
     attr_reader :engine_id
 
     def initialize(type:, headers:, **options)
@@ -9,9 +11,13 @@ module NETSNMP
       super(type: type, headers: [3, nil], **options)
     end
 
+    private
+
     def encode_headers_asn
-      [OpenSSL::ASN1::OctetString.new(@engine_id || ""),
-       OpenSSL::ASN1::OctetString.new(@context || "")]
+      [
+        OpenSSL::ASN1::OctetString.new(@engine_id || "").with_label(:engine_id),
+        OpenSSL::ASN1::OctetString.new(@context || "").with_label(:context)
+      ]
     end
   end
 end

data/lib/netsnmp/security_parameters.rb

@@ -8,6 +8,9 @@ module NETSNMP
   # It also provides validation of the security options passed with a client is initialized in v3 mode.
   class SecurityParameters
     using StringExtensions
+    using ASNExtensions
+
+    prepend Loggable
 
     IPAD = "\x36" * 64
     OPAD = "\x5c" * 64
@@ -24,7 +27,7 @@ module NETSNMP
 
     # @param [String] username the snmp v3 username
     # @param [String] engine_id the device engine id (initialized to '' for report)
-    # @param [Symbol, integer] security_level allowed snmp v3 security level (:auth_priv, :auh_no_priv, etc)
+    # @param [Symbol, integer] security_level allowed snmp v3 security level (:auth_priv, :auth_no_priv, etc)
     # @param [Symbol, nil] auth_protocol a supported authentication protocol (currently supported: :md5, :sha)
     # @param [Symbol, nil] priv_protocol a supported privacy protocol (currently supported: :des, :aes)
     # @param [String, nil] auth_password the authentication password
@@ -72,7 +75,10 @@ module NETSNMP
       if encryption
         encrypted_pdu, salt = encryption.encrypt(pdu.to_der, engine_boots: engine_boots,
                                                              engine_time: engine_time)
-        [OpenSSL::ASN1::OctetString.new(encrypted_pdu), OpenSSL::ASN1::OctetString.new(salt)]
+        [
+          OpenSSL::ASN1::OctetString.new(encrypted_pdu).with_label(:encrypted_pdu),
+          OpenSSL::ASN1::OctetString.new(salt).with_label(:salt)
+        ]
       else
         [pdu.to_asn, salt]
       end
@@ -82,15 +88,16 @@ module NETSNMP
     # @param [String] salt the salt from the incoming der
     # @param [Integer] engine_time the reported engine time
     # @param [Integer] engine_boots the reported engine boots
-    def decode(der, salt:, engine_time:, engine_boots:)
+    def decode(der, salt:, engine_time:, engine_boots:, security_level: @security_level)
       asn = OpenSSL::ASN1.decode(der)
-      if encryption
-        encrypted_pdu = asn.value
-        pdu_der = encryption.decrypt(encrypted_pdu, salt: salt, engine_time: engine_time, engine_boots: engine_boots)
-        OpenSSL::ASN1.decode(pdu_der)
-      else
-        asn
-      end
+      return asn if security_level < 3
+
+      return asn unless encryption
+
+      encrypted_pdu = asn.value
+      pdu_der = encryption.decrypt(encrypted_pdu, salt: salt, engine_time: engine_time, engine_boots: engine_boots)
+      log(level: 2) { "message has been decrypted" }
+      OpenSSL::ASN1.decode(pdu_der)
     end
 
     # @param [String] message the already encoded snmp v3 message
@@ -99,7 +106,7 @@ module NETSNMP
     # @note this method is used in the process of authenticating a message
     def sign(message)
       # don't sign unless you have to
-      return nil unless @auth_protocol
+      return unless @auth_protocol
 
       key = auth_key.dup
 
@@ -120,10 +127,11 @@ module NETSNMP
     # @param [String] salt the incoming payload''s salt
     #
     # @raise [NETSNMP::Error] if the message's integration has been violated
-    def verify(stream, salt)
-      return if @security_level < 1
+    def verify(stream, salt, security_level: @security_level)
+      return if security_level < 1
       verisalt = sign(stream)
       raise Error, "invalid message authentication salt" unless verisalt == salt
+      log(level: 2) { "message has been verified" }
     end
 
     def must_revalidate?
@@ -211,7 +219,7 @@ module NETSNMP
     end
 
     def authorizable?
-      @auth_protocol && @auth_protocol != :none
+      @auth_protocol != :none
     end
   end
 end

data/lib/netsnmp/session.rb

@@ -4,13 +4,15 @@ module NETSNMP
   # Let's just remind that there is no session in snmp, this is just an abstraction.
   #
   class Session
+    prepend Loggable
+
     TIMEOUT = 2
 
     # @param [Hash] opts the options set
     def initialize(version: 1, community: "public", **options)
       @version   = version
       @community = community
-      validate(options)
+      validate(**options)
     end
 
     # Closes the session
@@ -36,23 +38,27 @@ module NETSNMP
     # @return [NETSNMP::PDU] the response pdu
     #
     def send(pdu)
-      encoded_request = encode(pdu)
+      log { "sending request..." }
+      log(level: 2) { pdu.to_hex }
+      encoded_request = pdu.to_der
+      log { Hexdump.dump(encoded_request) }
       encoded_response = @transport.send(encoded_request)
-      decode(encoded_response)
+      log { "received response" }
+      log { Hexdump.dump(encoded_response) }
+      response_pdu = PDU.decode(encoded_response)
+      log(level: 2) { response_pdu.to_hex }
+      response_pdu
     end
 
     private
 
-    def validate(**options)
-      proxy = options[:proxy]
+    def validate(host: nil, port: 161, proxy: nil, timeout: TIMEOUT, **)
       if proxy
         @proxy = true
         @transport = proxy
       else
-        host, port = options.values_at(:host, :port)
         raise "you must provide an hostname/ip under :host" unless host
-        port ||= 161 # default snmp port
-        @transport = Transport.new(host, port.to_i, timeout: options.fetch(:timeout, TIMEOUT))
+        @transport = Transport.new(host, port.to_i, timeout: timeout)
       end
       @version = case @version
                  when Integer then @version # assume the use know what he's doing
@@ -64,14 +70,6 @@ module NETSNMP
                  end
     end
 
-    def encode(pdu)
-      pdu.to_der
-    end
-
-    def decode(stream)
-      PDU.decode(stream)
-    end
-
     class Transport
       MAXPDUSIZE = 0xffff + 1
 

data/lib/netsnmp/v3_session.rb

@@ -4,10 +4,11 @@ module NETSNMP
   # Abstraction for the v3 semantics.
   class V3Session < Session
     # @param [String, Integer] version SNMP version (always 3)
-    def initialize(version: 3, context: "", **opts)
+    def initialize(context: "", **opts)
       @context = context
       @security_parameters = opts.delete(:security_parameters)
       super
+      @message_serializer = Message.new(**opts)
     end
 
     # @see {NETSNMP::Session#build_pdu}
@@ -19,9 +20,19 @@ module NETSNMP
     end
 
     # @see {NETSNMP::Session#send}
-    def send(*)
-      pdu, = super
-      pdu
+    def send(pdu)
+      log { "sending request..." }
+      encoded_request = encode(pdu)
+      encoded_response = @transport.send(encoded_request)
+      response_pdu, *args = decode(encoded_response)
+      if response_pdu.type == 8
+        varbind = response_pdu.varbinds.first
+        if varbind.oid == "1.3.6.1.6.3.15.1.1.2.0" # IdNotInTimeWindow
+          _, @engine_boots, @engine_time = args
+          raise IdNotInTimeWindowError, "request timestamp is already out of time window"
+        end
+      end
+      response_pdu
     end
 
     private
@@ -58,7 +69,8 @@ module NETSNMP
       report_sec_params = SecurityParameters.new(security_level: 0,
                                                  username: @security_parameters.username)
       pdu = ScopedPDU.build(:get, headers: [])
-      encoded_report_pdu = Message.encode(pdu, security_parameters: report_sec_params)
+      log { "sending probe..." }
+      encoded_report_pdu = @message_serializer.encode(pdu, security_parameters: report_sec_params)
 
       encoded_response_pdu = @transport.send(encoded_report_pdu)
 
@@ -67,13 +79,13 @@ module NETSNMP
     end
 
     def encode(pdu)
-      Message.encode(pdu, security_parameters: @security_parameters,
-                          engine_boots: @engine_boots,
-                          engine_time: @engine_time)
+      @message_serializer.encode(pdu, security_parameters: @security_parameters,
+                                      engine_boots: @engine_boots,
+                                      engine_time: @engine_time)
     end
 
     def decode(stream, security_parameters: @security_parameters)
-      Message.decode(stream, security_parameters: security_parameters)
+      @message_serializer.decode(stream, security_parameters: security_parameters)
     end
   end
 end

data/lib/netsnmp/varbind.rb

@@ -4,9 +4,11 @@ module NETSNMP
   # Abstracts the PDU variable structure into a ruby object
   #
   class Varbind
+    using StringExtensions
+
     attr_reader :oid, :value
 
-    def initialize(oid, value: nil, type: nil, **_opts)
+    def initialize(oid, value: nil, type: nil)
       @oid = OID.build(oid)
       @type = type
       @value = convert_val(value) if value
@@ -48,18 +50,15 @@ module NETSNMP
     def convert_val(asn_value)
       case asn_value
       when OpenSSL::ASN1::OctetString
-        # yes, we are forcing all output to UTF-8
+        val = asn_value.value
+
         # it's kind of common in snmp, some stuff can't be converted,
         # like Hexa Strings. Parse them into a readable format a la netsnmp
-        val = asn_value.value
-        begin
-          val.encode("UTF-8")
-        rescue Encoding::UndefinedConversionError,
-               Encoding::ConverterNotFoundError,
-               Encoding::InvalidByteSequenceError
-          # hexdump me!
-          val.unpack("H*")[0].upcase.scan(/../).join(" ")
-        end
+        # https://github.com/net-snmp/net-snmp/blob/ed90aaaaea0d9cc6c5c5533f1863bae598d3b820/snmplib/mib.c#L650
+        is_hex_string = val.each_char.any? { |c| !c.match?(/[[:print:]]/) && !c.match?(/[[:space:]]/) }
+
+        val = HexString.new(val) if is_hex_string
+        val
       when OpenSSL::ASN1::Primitive
         val = asn_value.value
         val = val.to_i if val.is_a?(OpenSSL::BN)
@@ -81,11 +80,11 @@ module NETSNMP
                    when :ipaddress then 0
                    when :counter32
                      asn_val = [value].pack("N*")
-                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack("B").first != "1"
+                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack1("B") != "1"
                      1
                    when :gauge
                      asn_val = [value].pack("N*")
-                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack("B").first != "1"
+                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack1("B") != "1"
                      2
                    when :timetick
                      return Timetick.new(value).to_asn
@@ -114,21 +113,27 @@ module NETSNMP
         IPAddr.new_ntoh(asn.value)
       when 1, # ASN counter 32
            2 # gauge
-        val = asn.value
-        val.prepend("\x00") while val.bytesize < 4
-        val.unpack("N*")[0] || 0
+        unpack_32bit_integer(asn.value)
       when 3 # timeticks
-        val = asn.value
-        val.prepend("\x00") while val.bytesize < 4
-        Timetick.new(val.unpack("N*")[0] || 0)
+        Timetick.new(unpack_32bit_integer(asn.value))
         # when 4 # opaque
         # when 5 # NSAP
       when 6 # ASN Counter 64
-        val = asn.value
-        val.prepend("\x00") while val.bytesize % 16 != 0
-        val.unpack("NNNN").reduce(0) { |sum, elem| (sum << 32) + elem }
+        unpack_64bit_integer(asn.value)
         # when 7 # ASN UInteger
       end
     end
+
+    private
+
+    def unpack_32bit_integer(payload)
+      payload.prepend("\x00") until (payload.bytesize % 4).zero?
+      payload.unpack("N*")[-1] || 0
+    end
+
+    def unpack_64bit_integer(payload)
+      payload.prepend("\x00") until (payload.bytesize % 16).zero?
+      payload.unpack("NNNN").reduce(0) { |sum, elem| (sum << 32) + elem }
+    end
   end
 end