netsnmp 0.4.1 → 0.4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/netsnmp/message.rb +7 -2
  3. data/lib/netsnmp/scoped_pdu.rb +2 -0
  4. data/lib/netsnmp/v3_session.rb +28 -9
  5. data/lib/netsnmp/version.rb +1 -1
  6. data/sig/message.rbs +2 -0
  7. data/sig/scoped_pdu.rbs +2 -0
  8. data/spec/client_spec.rb +12 -0
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c87bf65264474758aed741b992dadbd6bbb277aae52b925254da2e5fea56c5b3
4
- data.tar.gz: cf7134f2e8b451c619aabdf9dcd6b931404ab51afd7953c785e4013a348cce02
3
+ metadata.gz: 8b92d6d77d4874c6d3d76ed0bbbb3358a72fd33131d9a971e41b73cb5584cfbd
4
+ data.tar.gz: c2ae854a2a1f8268115291447bdd1ede0686258840aa41ba1778e41bb6c94c22
5
5
  SHA512:
6
- metadata.gz: 1cade51302613f51f8da018351401b27c2d0fe08a43b915a79252ff420d5efdfe4a405ce29a60f10ade2d0f0f4a03dc2302117653043c451dd01683e8eb2c7a5
7
- data.tar.gz: 0ce54aa2fb2cba42f47ccab2fd83e2536e8fd9e73d29d2f7a85aef4ab90d9e0c956f64f0f8fbe19f95c36a048ab2911492f55c4ca95ada0843941a896564b2cf
6
+ metadata.gz: f439b2ebd5777390ed34ec9bd893e943918b201f81fcfa1f9e55cb5800d1eba20712d5ebd2e9660b291383ba6d413977691842124cb97dad909283cbf1483fff
7
+ data.tar.gz: fde5a6b1ec4340505e65c2f8dc49f04b6621136f4fc48c366742d8acb32e8f157f25554790fe2e64d672801307289f0b00d7f9945c561970729bc326dd5af34d
data/lib/netsnmp/message.rb CHANGED
@@ -16,6 +16,10 @@ module NETSNMP
16
16
 
17
17
  def initialize(**); end
18
18
 
19
+ def verify(stream, auth_param, security_level, security_parameters:)
20
+ security_parameters.verify(stream.sub(auth_param, AUTHNONE.value), auth_param, security_level: security_level)
21
+ end
22
+
19
23
  # @param [String] payload of an snmp v3 message which can be decoded
20
24
  # @param [NETSMP::SecurityParameters, #decode] security_parameters knowns how to decode the stream
21
25
  #
@@ -51,9 +55,7 @@ module NETSNMP
51
55
  log(level: 2) { asn_tree.to_hex }
52
56
  log(level: 2) { sec_params_asn.to_hex }
53
57
 
54
- # validate_authentication
55
58
  auth_param = auth_param.value
56
- security_parameters.verify(stream.sub(auth_param, AUTHNONE.value), auth_param, security_level: security_level)
57
59
 
58
60
  engine_boots = engine_boots.value.to_i
59
61
  engine_time = engine_time.value.to_i
@@ -65,6 +67,9 @@ module NETSNMP
65
67
 
66
68
  log { "received response PDU" }
67
69
  pdu = ScopedPDU.decode(encoded_pdu)
70
+ pdu.auth_param = auth_param
71
+ pdu.security_level = security_level
72
+
68
73
  log(level: 2) { pdu.to_hex }
69
74
  [pdu, engine_id.value, engine_boots, engine_time]
70
75
  end
data/lib/netsnmp/scoped_pdu.rb CHANGED
@@ -6,6 +6,8 @@ module NETSNMP
6
6
 
7
7
  attr_reader :engine_id
8
8
 
9
+ attr_accessor :security_level, :auth_param
10
+
9
11
  def initialize(type:, headers:, **options)
10
12
  @engine_id, @context = headers
11
13
  super(type: type, headers: [3, nil], **options)
data/lib/netsnmp/v3_session.rb CHANGED
@@ -24,14 +24,7 @@ module NETSNMP
24
24
  log { "sending request..." }
25
25
  encoded_request = encode(pdu)
26
26
  encoded_response = @transport.send(encoded_request)
27
- response_pdu, *args = decode(encoded_response)
28
- if response_pdu.type == 8
29
- varbind = response_pdu.varbinds.first
30
- if varbind.oid == "1.3.6.1.6.3.15.1.1.2.0" # IdNotInTimeWindow
31
- _, @engine_boots, @engine_time = args
32
- raise IdNotInTimeWindowError, "request timestamp is already out of time window"
33
- end
34
- end
27
+ response_pdu, * = decode(encoded_response)
35
28
  response_pdu
36
29
  end
37
30
 
@@ -85,7 +78,33 @@ module NETSNMP
85
78
  end
86
79
 
87
80
  def decode(stream, security_parameters: @security_parameters)
88
- @message_serializer.decode(stream, security_parameters: security_parameters)
81
+ return_pdu = @message_serializer.decode(stream, security_parameters: security_parameters)
82
+
83
+ pdu, *args = return_pdu
84
+
85
+ # usmStats: http://oidref.com/1.3.6.1.6.3.15.1.1
86
+ if pdu.type == 8
87
+ case pdu.varbinds.first.oid
88
+ when "1.3.6.1.6.3.15.1.1.1.0" # usmStatsUnsupportedSecLevels
89
+ raise Error, "Unsupported security level"
90
+ when "1.3.6.1.6.3.15.1.1.2.0" # usmStatsNotInTimeWindows
91
+ _, @engine_boots, @engine_time = args
92
+ raise IdNotInTimeWindowError, "Not in time window"
93
+ when "1.3.6.1.6.3.15.1.1.3.0" # usmStatsUnknownUserNames
94
+ raise Error, "Unknown user name"
95
+ when "1.3.6.1.6.3.15.1.1.4.0" # usmStatsUnknownEngineIDs
96
+ raise Error, "Unknown engine ID" unless @security_parameters.must_revalidate?
97
+ when "1.3.6.1.6.3.15.1.1.5.0" # usmStatsWrongDigests
98
+ raise Error, "Authentication failure (incorrect password, community or key)"
99
+ when "1.3.6.1.6.3.15.1.1.6.0" # usmStatsDecryptionErrors
100
+ raise Error, "Decryption error"
101
+ end
102
+ end
103
+
104
+ # validate_authentication
105
+ @message_serializer.verify(stream, pdu.auth_param, pdu.security_level, security_parameters: @security_parameters)
106
+
107
+ return_pdu
89
108
  end
90
109
  end
91
110
  end
data/lib/netsnmp/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module NETSNMP
4
- VERSION = "0.4.1"
4
+ VERSION = "0.4.2"
5
5
  end
data/sig/message.rbs CHANGED
@@ -2,6 +2,8 @@ module NETSNMP
2
2
  class Message
3
3
  prepend Loggable
4
4
 
5
+ def verify: (String stream, String auth_param, Integer? security_level, security_parameters: SecurityParameters) -> void
6
+
5
7
  def decode: (String stream, security_parameters: SecurityParameters) -> [ScopedPDU, String, Integer, Integer]
6
8
 
7
9
  def encode: (ScopedPDU pdu, security_parameters: SecurityParameters, ?engine_boots: Integer, ?engine_time: Integer) -> String
data/sig/scoped_pdu.rbs CHANGED
@@ -1,6 +1,8 @@
1
1
  module NETSNMP
2
2
  class ScopedPDU < PDU
3
3
  attr_reader engine_id: String
4
+ attr_reader auth_param: String?
5
+ attr_reader security_level: Integer?
4
6
 
5
7
  private
6
8
 
data/spec/client_spec.rb CHANGED
@@ -177,6 +177,18 @@ RSpec.describe NETSNMP::Client do
177
177
  end
178
178
  it_behaves_like "an snmp client" do
179
179
  let(:protocol_options) { version_options.merge(user_options).merge(extra_options) }
180
+
181
+ context "with wrong auth password and wrong encrypting password" do
182
+ let(:user_options) do
183
+ { username: "authprivmd5des", auth_password: "wrongpassword",
184
+ auth_protocol: :md5, priv_password: "maplesyrup",
185
+ priv_protocol: :des }
186
+ end
187
+ let(:protocol_options) { version_options.merge(user_options).merge(extra_options) }
188
+ it "raises authentication error" do
189
+ expect { subject.get(oid: get_oid) }.to raise_error(NETSNMP::Error, "Authentication failure (incorrect password, community or key)")
190
+ end
191
+ end
180
192
  end
181
193
  end
182
194
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: netsnmp
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tiago Cardoso
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-28 00:00:00.000000000 Z
11
+ date: 2021-06-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: parslet