netsnmp 0.4.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 60a9c68e56e5ad0600d056eedd315d8639cfd3965aa5e1eb62f5f3f935b4ad6a
-  data.tar.gz: ea560ac1131bff9ca6af0fec5e426bd37edbfbc7520ceb629f1de279a905ced0
+  metadata.gz: 93b380d735dc2250a9c3528e7ab1e6c70147124a6dc439fe7dd4eac1f4c0fd55
+  data.tar.gz: 52db8f559bc3485ab4802d72ccba98fb29429a0b9a0cceec13fc5a489409e35e
 SHA512:
-  metadata.gz: 8410a3a38d7d7eab07692009ae4d870dbae8e7abc50dbc724d9ad3f8a4e029b441ffba62e9477ae587f8845a561cb0ba2e2c5613540d615bdce0cf62cb448098
-  data.tar.gz: 85d0d898983f99dedb4a71cf6bd33f665cfda496bb8a60eb76be36a96de6f28a9984505c564701bfab6bf74e8367544ec2f5adbcf8faf152d9a71679b73b5df1
+  metadata.gz: 1a7573fe1ca2f0d78a3ca4d88d8054b9fd872078352d8ed3f700525e049719d601fe8f7dda94f0ff77b866e75961eb26af80a4acd332e04d390c433405970fd7
+  data.tar.gz: 3524298a40a89f5364a27cfe0444f7e298016822439020c04b203960cc4c77622453f9a48d6c01ea1e072c3a004705299b6a8f34a89cb1ce00f66a98f3919d7a

data/README.md

@@ -31,6 +31,7 @@ $ gem install netsnmp
 This gem provides:
 
 * Implementation in ruby of the SNMP Protocol for v3, v2c and v1 (most notable the rfc3414 and 3826).
+* SNMPv3 USM supporting MD5/SHA/SHA256 auth and DES/AES128 privacy crypto algorithms.
 * Client/Manager API with simple interface for get, genext, set and walk.
 * Pure Ruby.
 * Support for concurrency and evented I/O.
@@ -80,7 +81,7 @@ manager.get(oid: "sysName.0") #=> 'tt'
 # SNMP walk
 # sysORDescr
 manager.walk(oid: "sysORDescr").each do |oid_code, value|
-  # do something with them  
+  # do something with them
   puts "for #{oid_code}: #{value}"
 end
 
@@ -214,8 +215,8 @@ gem 'netsnmp'
 
 # or, in the command line
 
-$ gem install netsnmp      
-```                        
+$ gem install netsnmp
+```
 
 and `netsnmp` will automatically pick it up.
 
@@ -245,6 +246,8 @@ This library supports and is tested against ruby versions 2.1 or more recent, in
 
 All encoding/decoding/encryption/decryption/digests are done using `openssl`, which is (still) a part of the standard library. If at some point `openssl` is removed and not specifically distributed, you'll have to install it yourself. Hopefully this will never happen.
 
+It also uses the `openssl` ASN.1 API to encode/decode BERs, which is known to be strict, and [may not be able to decode PDUs if not compliant with the supported RFC](https://github.com/swisscom/ruby-netsnmp/issues/47).
+
 ## Debugging
 
 You can either set the `NETSNMP_DEBUG` to the desided debug level (currently, 1 and 2). The logs will be written to stderr.

data/lib/netsnmp/message.rb

@@ -7,8 +7,7 @@ module NETSNMP
 
     prepend Loggable
 
-    AUTHNONE               = OpenSSL::ASN1::OctetString.new("\x00" * 12).with_label(:auth_mask)
-    PRIVNONE               = OpenSSL::ASN1::OctetString.new("")
+    PRIVNONE           = OpenSSL::ASN1::OctetString.new("")
     MSG_MAX_SIZE       = OpenSSL::ASN1::Integer.new(65507).with_label(:max_message_size)
     MSG_SECURITY_MODEL = OpenSSL::ASN1::Integer.new(3).with_label(:security_model) # usmSecurityModel
     MSG_VERSION        = OpenSSL::ASN1::Integer.new(3).with_label(:message_version)
@@ -16,6 +15,10 @@ module NETSNMP
 
     def initialize(**); end
 
+    def verify(stream, auth_param, security_level, security_parameters:)
+      security_parameters.verify(stream.sub(auth_param, authnone(security_parameters.auth_protocol).value), auth_param, security_level: security_level)
+    end
+
     # @param [String] payload of an snmp v3 message which can be decoded
     # @param [NETSMP::SecurityParameters, #decode] security_parameters knowns how to decode the stream
     #
@@ -51,9 +54,7 @@ module NETSNMP
       log(level: 2) { asn_tree.to_hex }
       log(level: 2) { sec_params_asn.to_hex }
 
-      # validate_authentication
       auth_param = auth_param.value
-      security_parameters.verify(stream.sub(auth_param, AUTHNONE.value), auth_param, security_level: security_level)
 
       engine_boots = engine_boots.value.to_i
       engine_time = engine_time.value.to_i
@@ -65,6 +66,9 @@ module NETSNMP
 
       log { "received response PDU" }
       pdu = ScopedPDU.decode(encoded_pdu)
+      pdu.auth_param = auth_param
+      pdu.security_level = security_level
+
       log(level: 2) { pdu.to_hex }
       [pdu, engine_id.value, engine_boots, engine_time]
     end
@@ -86,7 +90,7 @@ module NETSNMP
                                                  OpenSSL::ASN1::Integer.new(engine_boots).with_label(:engine_boots),
                                                  OpenSSL::ASN1::Integer.new(engine_time).with_label(:engine_time),
                                                  OpenSSL::ASN1::OctetString.new(security_parameters.username).with_label(:username),
-                                                 AUTHNONE,
+                                                 authnone(security_parameters.auth_protocol),
                                                  salt_param
                                                ]).with_label(:security_params)
       log(level: 2) { sec_params.to_hex }
@@ -115,10 +119,22 @@ module NETSNMP
         log { "signing V3 message..." }
         auth_salt = OpenSSL::ASN1::OctetString.new(signature).with_label(:auth)
         log(level: 2) { auth_salt.to_hex }
-        encoded.sub!(AUTHNONE.to_der, auth_salt.to_der)
+        none_der = authnone(security_parameters.auth_protocol).to_der
+        encoded[encoded.index(none_der), none_der.size] = auth_salt.to_der
         log { Hexdump.dump(encoded) }
       end
       encoded
     end
+
+    private
+
+    # https://datatracker.ietf.org/doc/html/rfc7860#section-4.2.2 part 3
+    # https://datatracker.ietf.org/doc/html/rfc3414#section-6.3.2 part 3
+    def authnone(auth_protocol)
+      # The digest in the msgAuthenticationParameters field is replaced by the 12 zero octets.
+      # 24 octets for sha256
+      number_of_octets = auth_protocol == :sha256 ? 24 : 12
+      OpenSSL::ASN1::OctetString.new("\x00" * number_of_octets).with_label(:auth_mask)
+    end
   end
 end

data/lib/netsnmp/mib.rb

@@ -33,7 +33,9 @@ module NETSNMP
         if idx
           mod = prefix[0..(idx - 1)]
           type = prefix[(idx + 2)..-1]
-          return unless load(mod)
+          unless module_loaded?(mod)
+            return unless load(mod)
+          end
         else
           type = prefix
         end
@@ -84,6 +86,14 @@ module NETSNMP
       true
     end
 
+    def module_loaded?(mod)
+      if File.file?(mod)
+        @modules_loaded.include?(mod)
+      else
+        @modules_loaded.map { |path| File.basename(path, ".*") }.include?(mod)
+      end
+    end
+
     TYPES = ["OBJECT IDENTIFIER", "OBJECT-TYPE", "MODULE-IDENTITY"].freeze
 
     STATIC_MIB_TO_OID = {

data/lib/netsnmp/pdu.rb

@@ -7,7 +7,7 @@ module NETSNMP
   class PDU
     using ASNExtensions
 
-    MAXREQUESTID = 2147483647
+    MAXREQUESTID = 0x7fffffff
 
     using ASNExtensions
     class << self

data/lib/netsnmp/scoped_pdu.rb

@@ -6,6 +6,8 @@ module NETSNMP
 
     attr_reader :engine_id
 
+    attr_accessor :security_level, :auth_param
+
     def initialize(type:, headers:, **options)
       @engine_id, @context = headers
       super(type: type, headers: [3, nil], **options)

data/lib/netsnmp/security_parameters.rb

@@ -22,13 +22,13 @@ module NETSNMP
     # The 150 Seconds is specified in https://www.ietf.org/rfc/rfc2574.txt 2.2.3
     TIMELINESS_THRESHOLD = 150
 
-    attr_reader :security_level, :username
+    attr_reader :security_level, :username, :auth_protocol
     attr_reader :engine_id
 
     # @param [String] username the snmp v3 username
     # @param [String] engine_id the device engine id (initialized to '' for report)
     # @param [Symbol, integer] security_level allowed snmp v3 security level (:auth_priv, :auth_no_priv, etc)
-    # @param [Symbol, nil] auth_protocol a supported authentication protocol (currently supported: :md5, :sha)
+    # @param [Symbol, nil] auth_protocol a supported authentication protocol (currently supported: :md5, :sha, :sha256)
     # @param [Symbol, nil] priv_protocol a supported privacy protocol (currently supported: :des, :aes)
     # @param [String, nil] auth_password the authentication password
     # @param [String, nil] priv_password the privacy password
@@ -110,6 +110,12 @@ module NETSNMP
 
       key = auth_key.dup
 
+      # SHA256 => https://datatracker.ietf.org/doc/html/rfc7860#section-4.2.2
+      # The 24 first octets of HMAC are taken as the computed MAC value
+      return OpenSSL::HMAC.digest("SHA256", key, message)[0, 24] if @auth_protocol == :sha256
+
+      # MD5 => https://datatracker.ietf.org/doc/html/rfc3414#section-6.3.2
+      # SHA1 => https://datatracker.ietf.org/doc/html/rfc3414#section-7.3.2
       key << "\x00" * (@auth_protocol == :md5 ? 48 : 44)
       k1 = key.xor(IPAD)
       k2 = key.xor(OPAD)
@@ -120,6 +126,7 @@ module NETSNMP
 
       digest.reset
       digest << (k2 + d1)
+      # The 12 first octets of the digest are taken as the computed MAC value
       digest.digest[0, 12]
     end
 
@@ -204,6 +211,7 @@ module NETSNMP
       @digest ||= case @auth_protocol
                   when :md5 then OpenSSL::Digest::MD5.new
                   when :sha then OpenSSL::Digest::SHA1.new
+                  when :sha256 then OpenSSL::Digest::SHA256.new
                   else
                     raise Error, "unsupported auth protocol: #{@auth_protocol}"
                   end

data/lib/netsnmp/session.rb

@@ -75,7 +75,7 @@ module NETSNMP
 
       def initialize(host, port, timeout:)
         @socket = UDPSocket.new
-        @socket.connect(host, port)
+        @destaddr = Socket.sockaddr_in(port, host)
         @timeout = timeout
       end
 
@@ -90,13 +90,13 @@ module NETSNMP
 
       def write(payload)
         perform_io do
-          @socket.send(payload, 0)
+          @socket.sendmsg(payload, Socket::MSG_DONTWAIT | Socket::MSG_NOSIGNAL, @destaddr)
         end
       end
 
       def recv(bytesize = MAXPDUSIZE)
         perform_io do
-          datagram, = @socket.recvfrom_nonblock(bytesize)
+          datagram, = @socket.recvmsg_nonblock(bytesize, Socket::MSG_DONTWAIT)
           datagram
         end
       end

data/lib/netsnmp/v3_session.rb

@@ -24,14 +24,7 @@ module NETSNMP
       log { "sending request..." }
       encoded_request = encode(pdu)
       encoded_response = @transport.send(encoded_request)
-      response_pdu, *args = decode(encoded_response)
-      if response_pdu.type == 8
-        varbind = response_pdu.varbinds.first
-        if varbind.oid == "1.3.6.1.6.3.15.1.1.2.0" # IdNotInTimeWindow
-          _, @engine_boots, @engine_time = args
-          raise IdNotInTimeWindowError, "request timestamp is already out of time window"
-        end
-      end
+      response_pdu, * = decode(encoded_response)
       response_pdu
     end
 
@@ -85,7 +78,33 @@ module NETSNMP
     end
 
     def decode(stream, security_parameters: @security_parameters)
-      @message_serializer.decode(stream, security_parameters: security_parameters)
+      return_pdu = @message_serializer.decode(stream, security_parameters: security_parameters)
+
+      pdu, *args = return_pdu
+
+      # usmStats: http://oidref.com/1.3.6.1.6.3.15.1.1
+      if pdu.type == 8
+        case pdu.varbinds.first.oid
+        when "1.3.6.1.6.3.15.1.1.1.0" # usmStatsUnsupportedSecLevels
+          raise Error, "Unsupported security level"
+        when "1.3.6.1.6.3.15.1.1.2.0" # usmStatsNotInTimeWindows
+          _, @engine_boots, @engine_time = args
+          raise IdNotInTimeWindowError, "Not in time window"
+        when "1.3.6.1.6.3.15.1.1.3.0" # usmStatsUnknownUserNames
+          raise Error, "Unknown user name"
+        when "1.3.6.1.6.3.15.1.1.4.0" # usmStatsUnknownEngineIDs
+          raise Error, "Unknown engine ID" unless @security_parameters.must_revalidate?
+        when "1.3.6.1.6.3.15.1.1.5.0" # usmStatsWrongDigests
+          raise Error, "Authentication failure (incorrect password, community or key)"
+        when "1.3.6.1.6.3.15.1.1.6.0" # usmStatsDecryptionErrors
+          raise Error, "Decryption error"
+        end
+      end
+
+      # validate_authentication
+      @message_serializer.verify(stream, pdu.auth_param, pdu.security_level, security_parameters: @security_parameters)
+
+      return_pdu
     end
   end
 end

data/lib/netsnmp/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module NETSNMP
-  VERSION = "0.4.0"
+  VERSION = "0.6.0"
 end

data/sig/message.rbs

@@ -2,8 +2,14 @@ module NETSNMP
   class Message
     prepend Loggable
 
+    def verify: (String stream, String auth_param, Integer? security_level, security_parameters: SecurityParameters) -> void
+
     def decode: (String stream, security_parameters: SecurityParameters) -> [ScopedPDU, String, Integer, Integer]
 
     def encode: (ScopedPDU pdu, security_parameters: SecurityParameters, ?engine_boots: Integer, ?engine_time: Integer) -> String
+
+    private
+
+    def authnone: (SecurityParameters::auth_protocol?) -> OpenSSL::ASN1::ASN1Data
   end
 end

data/sig/scoped_pdu.rbs

@@ -1,6 +1,8 @@
 module NETSNMP
   class ScopedPDU < PDU
     attr_reader engine_id: String
+    attr_reader auth_param: String?
+    attr_reader security_level: Integer?
 
     private
 

data/sig/security_parameters.rbs

@@ -4,11 +4,10 @@ module NETSNMP
 
     type security_level = :noauth | :auth_no_priv | :auth_priv | 0 | 1 | 3 | nil
 
-    type auth_protocol = :md5 | :sha
+    type auth_protocol = :md5 | :sha | :sha256
     type priv_protocol = :des | :aes
 
 
-    @auth_protocol: auth_protocol?
     @auth_password: String?
     @priv_protocol: priv_protocol?
     @priv_password: String?
@@ -18,6 +17,7 @@ module NETSNMP
     attr_reader security_level: security_level
     attr_reader username: String
     attr_reader engine_id: String
+    attr_reader auth_protocol: auth_protocol?
 
     def engine_id=: (String id) -> void
 

data/spec/client_spec.rb

@@ -23,19 +23,19 @@ RSpec.describe NETSNMP::Client do
       let(:next_oid) { "1.3.6.1.2.1.1.6.0" }
       let(:walk_oid) { "1.3.6.1.2.1.1" }
       let(:set_oid) { "sysUpTime.0" } # sysUpTimeInstance
-      let(:get_result) { "DEVICE-192.168.1.1" }
-      let(:next_result) { "The Cloud" }
+      let(:get_result) { "zeus.snmplabs.com (you can change this!)" }
+      let(:next_result) { "San Francisco, California, United States" }
       let(:walk_result) do
-        <<-WALK
-1.3.6.1.2.1.1.1.0: Device description
-1.3.6.1.2.1.1.2.0: 1.3.6.1.4.1.3454
-1.3.6.1.2.1.1.3.0: Timeticks: (78171676) 9 days, 1:8:36.76
-1.3.6.1.2.1.1.4.0: The Owner
-1.3.6.1.2.1.1.5.0: DEVICE-192.168.1.1
-1.3.6.1.2.1.1.6.0: The Cloud
-1.3.6.1.2.1.1.7.0: 72
-1.3.6.1.2.1.1.8.0: Timeticks: (0) 0 days, 0:0:0.0
-        WALK
+        {
+          "1.3.6.1.2.1.1.1.0" => "Linux zeus 4.8.6.5-smp #2 SMP Sun Nov 13 14:58:11 CDT 2016 i686",
+          "1.3.6.1.2.1.1.2.0" => "1.3.6.1.4.1.8072.3.2.10",
+          "1.3.6.1.2.1.1.3.0" => /Timeticks: \(\d+\) \d+ days, \d+:\d+:\d+\.\d+/,
+          "1.3.6.1.2.1.1.4.0" => "SNMP Laboratories, info@snmplabs.com",
+          "1.3.6.1.2.1.1.5.0" => "zeus.snmplabs.com (you can change this!)",
+          "1.3.6.1.2.1.1.6.0" => "San Francisco, California, United States",
+          "1.3.6.1.2.1.1.7.0" => "72",
+          "1.3.6.1.2.1.1.8.0" => /Timeticks: \(\d+\) \d+ days, \d+:\d+:\d+\.\d+/
+        }
       end
       let(:set_oid_result) { 43 }
     end
@@ -52,19 +52,19 @@ RSpec.describe NETSNMP::Client do
       let(:next_oid) { "1.3.6.1.2.1.1.6.0" }
       let(:walk_oid) { "system" }
       let(:set_oid) { "sysUpTime.0" }
-      let(:get_result) { "DEVICE-192.168.1.1" }
-      let(:next_result) { "The Cloud" }
+      let(:get_result) { "zeus.snmplabs.com (you can change this!)" }
+      let(:next_result) { "San Francisco, California, United States" }
       let(:walk_result) do
-        <<-WALK
-1.3.6.1.2.1.1.1.0: Device description
-1.3.6.1.2.1.1.2.0: 1.3.6.1.4.1.3454
-1.3.6.1.2.1.1.3.0: Timeticks: (78171676) 9 days, 1:8:36.76
-1.3.6.1.2.1.1.4.0: The Owner
-1.3.6.1.2.1.1.5.0: DEVICE-192.168.1.1
-1.3.6.1.2.1.1.6.0: The Cloud
-1.3.6.1.2.1.1.7.0: 72
-1.3.6.1.2.1.1.8.0: Timeticks: (0) 0 days, 0:0:0.0
-        WALK
+        {
+          "1.3.6.1.2.1.1.1.0" =>  "Linux zeus 4.8.6.5-smp #2 SMP Sun Nov 13 14:58:11 CDT 2016 i686",
+          "1.3.6.1.2.1.1.2.0" =>  "1.3.6.1.4.1.8072.3.2.10",
+          "1.3.6.1.2.1.1.3.0" =>  /Timeticks: \(\d+\) \d+ days, \d+:\d+:\d+\.\d+/,
+          "1.3.6.1.2.1.1.4.0" =>  "SNMP Laboratories, info@snmplabs.com",
+          "1.3.6.1.2.1.1.5.0" =>  "zeus.snmplabs.com (you can change this!)",
+          "1.3.6.1.2.1.1.6.0" =>  "San Francisco, California, United States",
+          "1.3.6.1.2.1.1.7.0" =>  "72",
+          "1.3.6.1.2.1.1.8.0" =>  /Timeticks: \(\d+\) \d+ days, \d+:\d+:\d+\.\d+/
+        }
       end
       let(:set_oid_result) { 43 }
 
@@ -101,18 +101,18 @@ RSpec.describe NETSNMP::Client do
     let(:set_oid) { "sysUpTime.0" } # sysUpTimeInstance
     let(:walk_oid) { "1.3.6.1.2.1.1.9.1.3" }
     let(:get_result) { "tt" }
-    let(:next_result) { "KK12" }
+    let(:next_result) { "KK12 (edit /etc/snmp/snmpd.conf)" }
     let(:walk_result) do
-      <<-WALK
-1.3.6.1.2.1.1.9.1.3.1: The SNMP Management Architecture MIB.
-1.3.6.1.2.1.1.9.1.3.2: The MIB for Message Processing and Dispatching.
-1.3.6.1.2.1.1.9.1.3.3: The management information definitions for the SNMP User-based Security Model.
-1.3.6.1.2.1.1.9.1.3.4: The MIB module for SNMPv2 entities
-1.3.6.1.2.1.1.9.1.3.5: The MIB module for managing TCP implementations
-1.3.6.1.2.1.1.9.1.3.6: The MIB module for managing IP and ICMP implementations
-1.3.6.1.2.1.1.9.1.3.7: The MIB module for managing UDP implementations
-1.3.6.1.2.1.1.9.1.3.8: View-based Access Control Model for SNMP.
-      WALK
+      {
+        "1.3.6.1.2.1.1.9.1.3.1" => "The SNMP Management Architecture MIB.",
+        "1.3.6.1.2.1.1.9.1.3.2" => "The MIB for Message Processing and Dispatching.",
+        "1.3.6.1.2.1.1.9.1.3.3" => "The management information definitions for the SNMP User-based Security Model.",
+        "1.3.6.1.2.1.1.9.1.3.4" => "The MIB module for SNMPv2 entities",
+        "1.3.6.1.2.1.1.9.1.3.5" => "The MIB module for managing TCP implementations",
+        "1.3.6.1.2.1.1.9.1.3.6" => "The MIB module for managing IP and ICMP implementations",
+        "1.3.6.1.2.1.1.9.1.3.7" => "The MIB module for managing UDP implementations",
+        "1.3.6.1.2.1.1.9.1.3.8" => "View-based Access Control Model for SNMP."
+      }
     end
     let(:set_oid_result) { 43 }
     context "with a no auth no priv policy" do
@@ -157,6 +157,15 @@ RSpec.describe NETSNMP::Client do
           let(:protocol_options) { version_options.merge(user_options).merge(extra_options) }
         end
       end
+      context "speaking sha256" do
+        let(:user_options) do
+          { username: "authsha256", security_level: :auth_no_priv,
+            auth_password: "maplesyrup", auth_protocol: :sha256 }
+        end
+        it_behaves_like "an snmp client" do
+          let(:protocol_options) { version_options.merge(user_options).merge(extra_options) }
+        end
+      end
     end
     context "with an auth priv policy" do
       context "auth in md5, encrypting in des" do
@@ -177,6 +186,18 @@ RSpec.describe NETSNMP::Client do
         end
         it_behaves_like "an snmp client" do
           let(:protocol_options) { version_options.merge(user_options).merge(extra_options) }
+
+          context "with wrong auth password and wrong encrypting password" do
+            let(:user_options) do
+              { username: "authprivmd5des", auth_password: "wrongpassword",
+                auth_protocol: :md5, priv_password: "maplesyrup",
+                priv_protocol: :des }
+            end
+            let(:protocol_options) { version_options.merge(user_options).merge(extra_options) }
+            it "raises authentication error" do
+              expect { subject.get(oid: get_oid) }.to raise_error(NETSNMP::Error, "Authentication failure (incorrect password, community or key)")
+            end
+          end
         end
       end
 

data/spec/handlers/celluloid_spec.rb

@@ -4,7 +4,7 @@ require "celluloid/io"
 require_relative "../support/request_examples"
 require_relative "../support/celluloid"
 
-RSpec.describe "with cellulloid", type: :celluloid, if: RUBY_ENGINE == "truffleruby" do
+RSpec.describe "with cellulloid", type: :celluloid do
   include CelluloidHelpers
   let(:user_options) do
     { username: "authprivmd5des", auth_password: "maplesyrup",
@@ -17,18 +17,18 @@ RSpec.describe "with cellulloid", type: :celluloid, if: RUBY_ENGINE == "truffler
   let(:set_oid) { "1.3.6.1.2.1.1.3.0" } # sysUpTimeInstance
   let(:walk_oid) { "1.3.6.1.2.1.1.9.1.3" }
   let(:get_result) { "tt" }
-  let(:next_result) { "KK12" }
+  let(:next_result) { "KK12 (edit /etc/snmp/snmpd.conf)" }
   let(:walk_result) do
-    <<-WALK
-1.3.6.1.2.1.1.9.1.3.1: The SNMP Management Architecture MIB.
-1.3.6.1.2.1.1.9.1.3.2: The MIB for Message Processing and Dispatching.
-1.3.6.1.2.1.1.9.1.3.3: The management information definitions for the SNMP User-based Security Model.
-1.3.6.1.2.1.1.9.1.3.4: The MIB module for SNMPv2 entities
-1.3.6.1.2.1.1.9.1.3.5: The MIB module for managing TCP implementations
-1.3.6.1.2.1.1.9.1.3.6: The MIB module for managing IP and ICMP implementations
-1.3.6.1.2.1.1.9.1.3.7: The MIB module for managing UDP implementations
-1.3.6.1.2.1.1.9.1.3.8: View-based Access Control Model for SNMP.
-    WALK
+    {
+      "1.3.6.1.2.1.1.9.1.3.1" => "The SNMP Management Architecture MIB.",
+      "1.3.6.1.2.1.1.9.1.3.2" => "The MIB for Message Processing and Dispatching.",
+      "1.3.6.1.2.1.1.9.1.3.3" => "The management information definitions for the SNMP User-based Security Model.",
+      "1.3.6.1.2.1.1.9.1.3.4" => "The MIB module for SNMPv2 entities",
+      "1.3.6.1.2.1.1.9.1.3.5" => "The MIB module for managing TCP implementations",
+      "1.3.6.1.2.1.1.9.1.3.6" => "The MIB module for managing IP and ICMP implementations",
+      "1.3.6.1.2.1.1.9.1.3.7" => "The MIB module for managing UDP implementations",
+      "1.3.6.1.2.1.1.9.1.3.8" => "View-based Access Control Model for SNMP."
+    }
   end
 
   before(:all) { Celluloid.boot }

data/spec/security_parameters_spec.rb

@@ -13,6 +13,13 @@ RSpec.describe NETSNMP::SecurityParameters do
       subject { described_class.new(security_level: :auth_priv, auth_protocol: :sha, username: "username", engine_id: engine_id, auth_password: "maplesyrup", priv_password: "maplesyrup") }
       it { expect(subject.send(:passkey, password).b).to eq("\x9f\xb5\xcc\x03\x81\x49\x7b\x37\x93\x52\x89\x39\xff\x78\x8d\x5d\x79\x14\x52\x11".b) }
     end
+    context "sha256" do
+      subject do
+        described_class.new(security_level: :auth_priv, auth_protocol: :sha256, username: "username", engine_id: engine_id, auth_password: "maplesyrup", priv_password: "maplesyrup")
+      end
+
+      it { expect(subject.send(:passkey, password).b).to eq("\xABQ\x01M\x1E\a\x7F`\x17\xDF+\x12\xBE\xE5\xF5\xAAr\x991w\xE9\xBBV\x9CM\xFFZL\xA0\xB4\xAF\xAC".b) }
+    end
   end
 
   describe "keys" do
@@ -34,11 +41,22 @@ RSpec.describe NETSNMP::SecurityParameters do
                           priv_password: password,
                           engine_id: engine_id)
     end
+    let(:sha256_sec) do
+      described_class.new(security_level: :auth_priv,
+                          auth_protocol: :sha256,
+                          priv_protocol: :des,
+                          username: "username",
+                          auth_password: password,
+                          priv_password: password,
+                          engine_id: engine_id)
+    end
     it do
       expect(md5_sec.send(:auth_key)).to eq("\x52\x6f\x5e\xed\x9f\xcc\xe2\x6f\x89\x64\xc2\x93\x07\x87\xd8\x2b".b)
       expect(md5_sec.send(:priv_key)).to eq("\x52\x6f\x5e\xed\x9f\xcc\xe2\x6f\x89\x64\xc2\x93\x07\x87\xd8\x2b".b)
       expect(sha_sec.send(:auth_key)).to eq("\x66\x95\xfe\xbc\x92\x88\xe3\x62\x82\x23\x5f\xc7\x15\x1f\x12\x84\x97\xb3\x8f\x3f".b)
       expect(sha_sec.send(:priv_key)).to eq("\x66\x95\xfe\xbc\x92\x88\xe3\x62\x82\x23\x5f\xc7\x15\x1f\x12\x84\x97\xb3\x8f\x3f".b)
+      expect(sha256_sec.send(:auth_key)).to eq("\x89\x82\xE0\xE5I\xE8f\xDB6\x1Akb]\x84\xCC\xCC\x11\x16-E>\xE8\xCE:dE\xC2\xD6wo\x0F\x8B".b)
+      expect(sha256_sec.send(:priv_key)).to eq("\x89\x82\xE0\xE5I\xE8f\xDB6\x1Akb]\x84\xCC\xCC\x11\x16-E>\xE8\xCE:dE\xC2\xD6wo\x0F\x8B".b)
     end
   end
 

data/spec/support/celluloid.rb

@@ -26,7 +26,7 @@ module CelluloidHelpers
     end
   end
 
-  class Proxy < NETSNMP::Session::Transport
+  class Proxy
     MAXPDUSIZE = 0xffff + 1
 
     def initialize(host, port)
@@ -35,18 +35,22 @@ module CelluloidHelpers
       @timeout = 2
     end
 
-    def close
-      @socket.close
+    def send(payload)
+      @socket.send(payload, 0)
+      recv
     end
 
-    private
-
-    def wait(mode)
+    def recv(bytesize = MAXPDUSIZE)
       Celluloid.timeout(@timeout) do
-        @socket.__send__(mode)
+        datagram, = @socket.recvfrom(bytesize)
+        datagram
       end
     rescue Celluloid::TaskTimeout
       raise Timeout::Error, "Timeout after #{@timeout} seconds"
     end
+
+    def close
+      @socket.close
+    end
   end
 end

data/spec/support/request_examples.rb

@@ -22,8 +22,8 @@ RSpec.shared_examples "an snmp client" do
       let(:value) { subject.get({ oid: get_oid }, oid: next_oid) }
       it "returns the values for both" do
         expect(value).to be_a(Array)
-        expect(value).to include(/#{get_result}/)
-        expect(value).to include(/#{next_result}/)
+        expect(value).to include(get_result)
+        expect(value).to include(next_result)
       end
     end
   end
@@ -40,8 +40,17 @@ RSpec.shared_examples "an snmp client" do
   describe "#walk" do
     let(:value) { subject.walk(oid: walk_oid) }
     it "fetches the varbinds for the next oid" do
-      values = value.map { |oid, val| "#{oid}: #{val}" }.join("\n") << "\n"
-      expect(values).to eq(walk_result)
+      value.each do |oid, val|
+        match = walk_result[oid]
+        case match
+        when String
+          expect(val.to_s).to eq(match)
+        when Regexp
+          expect(val.to_s).to match(match)
+        else
+          next
+        end
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: netsnmp
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-26 00:00:00.000000000 Z
+date: 2021-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: parslet
@@ -104,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - net-snmp
-rubygems_version: 3.2.3
+rubygems_version: 3.2.15
 signing_key:
 specification_version: 4
 summary: SNMP Client library