netsnmp 0.2.0 → 0.5.0

data/lib/netsnmp/oid.rb

@@ -10,16 +10,10 @@ module NETSNMP
 
     module_function
 
-    def build(o)
-      case o
-      when Array
-        o.join(".")
-      when OIDREGEX
-        o = o[1..-1] if o.start_with?(".")
-        o
-      # TODO: MIB to OID
-      else raise Error, "can't convert #{o} to OID"
-      end
+    def build(id)
+      oid = MIB.oid(id)
+      oid = oid[1..-1] if oid.start_with?(".")
+      oid
     end
 
     def to_asn(oid)

data/lib/netsnmp/pdu.rb

@@ -5,7 +5,11 @@ module NETSNMP
   # Abstracts the PDU base structure into a ruby object. It gives access to its varbinds.
   #
   class PDU
-    MAXREQUESTID = 2147483647
+    using ASNExtensions
+
+    MAXREQUESTID = 0x7fffffff
+
+    using ASNExtensions
     class << self
       def decode(der)
         asn_tree = case der
@@ -53,6 +57,7 @@ module NETSNMP
               when :inform    then 6
               when :trap      then 7
               when :response  then 2
+              when :report    then 8
               else raise Error, "#{type} is not supported as type"
               end
         new(type: typ, **args)
@@ -85,6 +90,10 @@ module NETSNMP
       to_asn.to_der
     end
 
+    def to_hex
+      to_asn.to_hex
+    end
+
     # Adds a request varbind to the pdu
     #
     # @param [OID] oid a valid oid
@@ -96,25 +105,27 @@ module NETSNMP
     alias << add_varbind
 
     def to_asn
-      request_id_asn = OpenSSL::ASN1::Integer.new(@request_id)
-      error_asn = OpenSSL::ASN1::Integer.new(@error_status)
-      error_index_asn = OpenSSL::ASN1::Integer.new(@error_index)
+      request_id_asn = OpenSSL::ASN1::Integer.new(@request_id).with_label(:request_id)
+      error_asn = OpenSSL::ASN1::Integer.new(@error_status).with_label(:error)
+      error_index_asn = OpenSSL::ASN1::Integer.new(@error_index).with_label(:error_index)
 
-      varbind_asns = OpenSSL::ASN1::Sequence.new(@varbinds.map(&:to_asn))
+      varbind_asns = OpenSSL::ASN1::Sequence.new(@varbinds.map(&:to_asn)).with_label(:varbinds)
 
       request_asn = OpenSSL::ASN1::ASN1Data.new([request_id_asn,
                                                  error_asn, error_index_asn,
                                                  varbind_asns], @type,
-                                                :CONTEXT_SPECIFIC)
+                                                :CONTEXT_SPECIFIC).with_label(:request)
 
-      OpenSSL::ASN1::Sequence.new([*encode_headers_asn, request_asn])
+      OpenSSL::ASN1::Sequence.new([*encode_headers_asn, request_asn]).with_label(:pdu)
     end
 
     private
 
     def encode_headers_asn
-      [OpenSSL::ASN1::Integer.new(@version),
-       OpenSSL::ASN1::OctetString.new(@community)]
+      [
+        OpenSSL::ASN1::Integer.new(@version).with_label(:snmp_version),
+        OpenSSL::ASN1::OctetString.new(@community).with_label(:community)
+      ]
     end
 
     # http://www.tcpipguide.com/free/t_SNMPVersion2SNMPv2MessageFormats-5.htm#Table_219

data/lib/netsnmp/scoped_pdu.rb

@@ -2,8 +2,12 @@
 
 module NETSNMP
   class ScopedPDU < PDU
+    using ASNExtensions
+
     attr_reader :engine_id
 
+    attr_accessor :security_level, :auth_param
+
     def initialize(type:, headers:, **options)
       @engine_id, @context = headers
       super(type: type, headers: [3, nil], **options)
@@ -12,8 +16,10 @@ module NETSNMP
     private
 
     def encode_headers_asn
-      [OpenSSL::ASN1::OctetString.new(@engine_id || ""),
-       OpenSSL::ASN1::OctetString.new(@context || "")]
+      [
+        OpenSSL::ASN1::OctetString.new(@engine_id || "").with_label(:engine_id),
+        OpenSSL::ASN1::OctetString.new(@context || "").with_label(:context)
+      ]
     end
   end
 end

data/lib/netsnmp/security_parameters.rb

@@ -8,6 +8,9 @@ module NETSNMP
   # It also provides validation of the security options passed with a client is initialized in v3 mode.
   class SecurityParameters
     using StringExtensions
+    using ASNExtensions
+
+    prepend Loggable
 
     IPAD = "\x36" * 64
     OPAD = "\x5c" * 64
@@ -72,7 +75,10 @@ module NETSNMP
       if encryption
         encrypted_pdu, salt = encryption.encrypt(pdu.to_der, engine_boots: engine_boots,
                                                              engine_time: engine_time)
-        [OpenSSL::ASN1::OctetString.new(encrypted_pdu), OpenSSL::ASN1::OctetString.new(salt)]
+        [
+          OpenSSL::ASN1::OctetString.new(encrypted_pdu).with_label(:encrypted_pdu),
+          OpenSSL::ASN1::OctetString.new(salt).with_label(:salt)
+        ]
       else
         [pdu.to_asn, salt]
       end
@@ -82,15 +88,16 @@ module NETSNMP
     # @param [String] salt the salt from the incoming der
     # @param [Integer] engine_time the reported engine time
     # @param [Integer] engine_boots the reported engine boots
-    def decode(der, salt:, engine_time:, engine_boots:)
+    def decode(der, salt:, engine_time:, engine_boots:, security_level: @security_level)
       asn = OpenSSL::ASN1.decode(der)
-      if encryption
-        encrypted_pdu = asn.value
-        pdu_der = encryption.decrypt(encrypted_pdu, salt: salt, engine_time: engine_time, engine_boots: engine_boots)
-        OpenSSL::ASN1.decode(pdu_der)
-      else
-        asn
-      end
+      return asn if security_level < 3
+
+      return asn unless encryption
+
+      encrypted_pdu = asn.value
+      pdu_der = encryption.decrypt(encrypted_pdu, salt: salt, engine_time: engine_time, engine_boots: engine_boots)
+      log(level: 2) { "message has been decrypted" }
+      OpenSSL::ASN1.decode(pdu_der)
     end
 
     # @param [String] message the already encoded snmp v3 message
@@ -120,10 +127,11 @@ module NETSNMP
     # @param [String] salt the incoming payload''s salt
     #
     # @raise [NETSNMP::Error] if the message's integration has been violated
-    def verify(stream, salt)
-      return if @security_level < 1
+    def verify(stream, salt, security_level: @security_level)
+      return if security_level < 1
       verisalt = sign(stream)
       raise Error, "invalid message authentication salt" unless verisalt == salt
+      log(level: 2) { "message has been verified" }
     end
 
     def must_revalidate?

data/lib/netsnmp/session.rb

@@ -4,6 +4,8 @@ module NETSNMP
   # Let's just remind that there is no session in snmp, this is just an abstraction.
   #
   class Session
+    prepend Loggable
+
     TIMEOUT = 2
 
     # @param [Hash] opts the options set
@@ -36,9 +38,16 @@ module NETSNMP
     # @return [NETSNMP::PDU] the response pdu
     #
     def send(pdu)
+      log { "sending request..." }
+      log(level: 2) { pdu.to_hex }
       encoded_request = pdu.to_der
+      log { Hexdump.dump(encoded_request) }
       encoded_response = @transport.send(encoded_request)
-      PDU.decode(encoded_response)
+      log { "received response" }
+      log { Hexdump.dump(encoded_response) }
+      response_pdu = PDU.decode(encoded_response)
+      log(level: 2) { response_pdu.to_hex }
+      response_pdu
     end
 
     private
@@ -66,7 +75,7 @@ module NETSNMP
 
       def initialize(host, port, timeout:)
         @socket = UDPSocket.new
-        @socket.connect(host, port)
+        @destaddr = Socket.sockaddr_in(port, host)
         @timeout = timeout
       end
 
@@ -81,13 +90,13 @@ module NETSNMP
 
       def write(payload)
         perform_io do
-          @socket.send(payload, 0)
+          @socket.sendmsg(payload, Socket::MSG_DONTWAIT | Socket::MSG_NOSIGNAL, @destaddr)
         end
       end
 
       def recv(bytesize = MAXPDUSIZE)
         perform_io do
-          datagram, = @socket.recvfrom_nonblock(bytesize)
+          datagram, = @socket.recvmsg_nonblock(bytesize, Socket::MSG_DONTWAIT)
           datagram
         end
       end

data/lib/netsnmp/v3_session.rb

@@ -8,6 +8,7 @@ module NETSNMP
       @context = context
       @security_parameters = opts.delete(:security_parameters)
       super
+      @message_serializer = Message.new(**opts)
     end
 
     # @see {NETSNMP::Session#build_pdu}
@@ -20,10 +21,11 @@ module NETSNMP
 
     # @see {NETSNMP::Session#send}
     def send(pdu)
+      log { "sending request..." }
       encoded_request = encode(pdu)
       encoded_response = @transport.send(encoded_request)
-      pdu, = decode(encoded_response)
-      pdu
+      response_pdu, * = decode(encoded_response)
+      response_pdu
     end
 
     private
@@ -60,7 +62,8 @@ module NETSNMP
       report_sec_params = SecurityParameters.new(security_level: 0,
                                                  username: @security_parameters.username)
       pdu = ScopedPDU.build(:get, headers: [])
-      encoded_report_pdu = Message.encode(pdu, security_parameters: report_sec_params)
+      log { "sending probe..." }
+      encoded_report_pdu = @message_serializer.encode(pdu, security_parameters: report_sec_params)
 
       encoded_response_pdu = @transport.send(encoded_report_pdu)
 
@@ -69,13 +72,39 @@ module NETSNMP
     end
 
     def encode(pdu)
-      Message.encode(pdu, security_parameters: @security_parameters,
-                          engine_boots: @engine_boots,
-                          engine_time: @engine_time)
+      @message_serializer.encode(pdu, security_parameters: @security_parameters,
+                                      engine_boots: @engine_boots,
+                                      engine_time: @engine_time)
     end
 
     def decode(stream, security_parameters: @security_parameters)
-      Message.decode(stream, security_parameters: security_parameters)
+      return_pdu = @message_serializer.decode(stream, security_parameters: security_parameters)
+
+      pdu, *args = return_pdu
+
+      # usmStats: http://oidref.com/1.3.6.1.6.3.15.1.1
+      if pdu.type == 8
+        case pdu.varbinds.first.oid
+        when "1.3.6.1.6.3.15.1.1.1.0" # usmStatsUnsupportedSecLevels
+          raise Error, "Unsupported security level"
+        when "1.3.6.1.6.3.15.1.1.2.0" # usmStatsNotInTimeWindows
+          _, @engine_boots, @engine_time = args
+          raise IdNotInTimeWindowError, "Not in time window"
+        when "1.3.6.1.6.3.15.1.1.3.0" # usmStatsUnknownUserNames
+          raise Error, "Unknown user name"
+        when "1.3.6.1.6.3.15.1.1.4.0" # usmStatsUnknownEngineIDs
+          raise Error, "Unknown engine ID" unless @security_parameters.must_revalidate?
+        when "1.3.6.1.6.3.15.1.1.5.0" # usmStatsWrongDigests
+          raise Error, "Authentication failure (incorrect password, community or key)"
+        when "1.3.6.1.6.3.15.1.1.6.0" # usmStatsDecryptionErrors
+          raise Error, "Decryption error"
+        end
+      end
+
+      # validate_authentication
+      @message_serializer.verify(stream, pdu.auth_param, pdu.security_level, security_parameters: @security_parameters)
+
+      return_pdu
     end
   end
 end

data/lib/netsnmp/varbind.rb

@@ -4,6 +4,8 @@ module NETSNMP
   # Abstracts the PDU variable structure into a ruby object
   #
   class Varbind
+    using StringExtensions
+
     attr_reader :oid, :value
 
     def initialize(oid, value: nil, type: nil)
@@ -48,18 +50,15 @@ module NETSNMP
     def convert_val(asn_value)
       case asn_value
       when OpenSSL::ASN1::OctetString
-        # yes, we are forcing all output to UTF-8
+        val = asn_value.value
+
         # it's kind of common in snmp, some stuff can't be converted,
         # like Hexa Strings. Parse them into a readable format a la netsnmp
-        val = asn_value.value
-        begin
-          val.encode("UTF-8")
-        rescue Encoding::UndefinedConversionError,
-               Encoding::ConverterNotFoundError,
-               Encoding::InvalidByteSequenceError
-          # hexdump me!
-          val.unpack("H*")[0].upcase.scan(/../).join(" ")
-        end
+        # https://github.com/net-snmp/net-snmp/blob/ed90aaaaea0d9cc6c5c5533f1863bae598d3b820/snmplib/mib.c#L650
+        is_hex_string = val.each_char.any? { |c| !c.match?(/[[:print:]]/) && !c.match?(/[[:space:]]/) }
+
+        val = HexString.new(val) if is_hex_string
+        val
       when OpenSSL::ASN1::Primitive
         val = asn_value.value
         val = val.to_i if val.is_a?(OpenSSL::BN)
@@ -81,11 +80,11 @@ module NETSNMP
                    when :ipaddress then 0
                    when :counter32
                      asn_val = [value].pack("N*")
-                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack("B").first != "1"
+                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack1("B") != "1"
                      1
                    when :gauge
                      asn_val = [value].pack("N*")
-                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack("B").first != "1"
+                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack1("B") != "1"
                      2
                    when :timetick
                      return Timetick.new(value).to_asn

data/lib/netsnmp/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module NETSNMP
-  VERSION = "0.2.0"
+  VERSION = "0.5.0"
 end

data/sig/loggable.rbs

@@ -0,0 +1,16 @@
+module NETSNMP
+  module Loggable
+    interface _Debugger
+      def <<: (string) -> void
+    end
+
+    DEBUG_LEVEL: Integer
+    DEBUG: _Debugger
+
+    private
+
+    def initialize: (?debug: _DEBUGGER, ?debug_level: Integer, **untyped) -> void
+
+    def log: (?level: Integer) { () -> String } -> void
+  end
+end

data/sig/message.rbs

@@ -1,7 +1,11 @@
 module NETSNMP
-  module Message
-    def self?.decode: (String stream, security_parameters: SecurityParameters) -> [ScopedPDU, String, Integer, Integer]
+  class Message
+    prepend Loggable
 
-    def self?.encode: (ScopedPDU pdu, security_parameters: SecurityParameters, ?engine_boots: Integer, ?engine_time: Integer) -> String
+    def verify: (String stream, String auth_param, Integer? security_level, security_parameters: SecurityParameters) -> void
+
+    def decode: (String stream, security_parameters: SecurityParameters) -> [ScopedPDU, String, Integer, Integer]
+
+    def encode: (ScopedPDU pdu, security_parameters: SecurityParameters, ?engine_boots: Integer, ?engine_time: Integer) -> String
   end
 end

data/sig/mib.rbs

@@ -0,0 +1,21 @@
+module NETSNMP
+  module MIB
+    type import = {ids: Array[{name: string}], name: string} | {ids: {name: string}, name: string}
+
+
+    MIBDIRS: Array[String]
+    PARSER: Parser
+
+    @parser_mutex: Mutex
+    @modules_loaded: Array[String]
+    @object_identifiers: Hash[String, String]
+
+    def self?.oid: (String identifier) -> String?
+                 | (Array[_ToS] identifier) -> String?
+
+    def self?.load: (String mod) -> void
+
+    def self?.load_imports: ((Array[import] | import)? data) -> Hash[String, Array[String]]?
+    def self?.load_defaults: () -> void
+  end
+end

data/sig/mib/parser.rbs

@@ -0,0 +1,7 @@
+module NETSNMP
+  module MIB
+    class Parser
+
+    end
+  end
+end

data/sig/netsnmp.rbs

@@ -16,8 +16,4 @@ module NETSNMP
   end
 
   type snmp_version = 0 | 1 | 3 | :v1 | :v2c | :v3 | nil
-
-  def self.debug=: (_Logger) -> void
-
-  def self.debug: { () -> string } -> void
 end

data/sig/oid.rbs

@@ -1,5 +1,5 @@
 module NETSNMP
-  type oid = String | Array[Integer]
+  type oid = String | Array[_ToS]
 
   type oid_type = Integer | :ipaddress | :counter32 | :gauge | :timetick | :opaque | :nsap | :counter64 | :uinteger
 

data/sig/pdu.rbs

@@ -12,7 +12,7 @@ module NETSNMP
     # }
 
     attr_reader varbinds: Array[Varbind]
-    attr_reader type: pdu_type
+    attr_reader type: Integer
     attr_reader version: snmp_version
     attr_reader community: String
     attr_reader request_id: Integer