netsnmp 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/netsnmp/message.rb +7 -2
  3. data/lib/netsnmp/scoped_pdu.rb +2 -0
  4. data/lib/netsnmp/v3_session.rb +28 -9
  5. data/lib/netsnmp/version.rb +1 -1
  6. data/sig/message.rbs +2 -0
  7. data/sig/scoped_pdu.rbs +2 -0
  8. data/spec/client_spec.rb +12 -0
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c87bf65264474758aed741b992dadbd6bbb277aae52b925254da2e5fea56c5b3
4
- data.tar.gz: cf7134f2e8b451c619aabdf9dcd6b931404ab51afd7953c785e4013a348cce02
3
+ metadata.gz: 8b92d6d77d4874c6d3d76ed0bbbb3358a72fd33131d9a971e41b73cb5584cfbd
4
+ data.tar.gz: c2ae854a2a1f8268115291447bdd1ede0686258840aa41ba1778e41bb6c94c22
5
5
  SHA512:
6
- metadata.gz: 1cade51302613f51f8da018351401b27c2d0fe08a43b915a79252ff420d5efdfe4a405ce29a60f10ade2d0f0f4a03dc2302117653043c451dd01683e8eb2c7a5
7
- data.tar.gz: 0ce54aa2fb2cba42f47ccab2fd83e2536e8fd9e73d29d2f7a85aef4ab90d9e0c956f64f0f8fbe19f95c36a048ab2911492f55c4ca95ada0843941a896564b2cf
6
+ metadata.gz: f439b2ebd5777390ed34ec9bd893e943918b201f81fcfa1f9e55cb5800d1eba20712d5ebd2e9660b291383ba6d413977691842124cb97dad909283cbf1483fff
7
+ data.tar.gz: fde5a6b1ec4340505e65c2f8dc49f04b6621136f4fc48c366742d8acb32e8f157f25554790fe2e64d672801307289f0b00d7f9945c561970729bc326dd5af34d
data/lib/netsnmp/message.rb CHANGED
@@ -16,6 +16,10 @@ module NETSNMP
16
16
 
17
17
  def initialize(**); end
18
18
 
19
+ def verify(stream, auth_param, security_level, security_parameters:)
20
+ security_parameters.verify(stream.sub(auth_param, AUTHNONE.value), auth_param, security_level: security_level)
21
+ end
22
+
19
23
  # @param [String] payload of an snmp v3 message which can be decoded
20
24
  # @param [NETSMP::SecurityParameters, #decode] security_parameters knowns how to decode the stream
21
25
  #
@@ -51,9 +55,7 @@ module NETSNMP
51
55
  log(level: 2) { asn_tree.to_hex }
52
56
  log(level: 2) { sec_params_asn.to_hex }
53
57
 
54
- # validate_authentication
55
58
  auth_param = auth_param.value
56
- security_parameters.verify(stream.sub(auth_param, AUTHNONE.value), auth_param, security_level: security_level)
57
59
 
58
60
  engine_boots = engine_boots.value.to_i
59
61
  engine_time = engine_time.value.to_i
@@ -65,6 +67,9 @@ module NETSNMP
65
67
 
66
68
  log { "received response PDU" }
67
69
  pdu = ScopedPDU.decode(encoded_pdu)
70
+ pdu.auth_param = auth_param
71
+ pdu.security_level = security_level
72
+
68
73
  log(level: 2) { pdu.to_hex }
69
74
  [pdu, engine_id.value, engine_boots, engine_time]
70
75
  end
data/lib/netsnmp/scoped_pdu.rb CHANGED
@@ -6,6 +6,8 @@ module NETSNMP
6
6
 
7
7
  attr_reader :engine_id
8
8
 
9
+ attr_accessor :security_level, :auth_param
10
+
9
11
  def initialize(type:, headers:, **options)
10
12
  @engine_id, @context = headers
11
13
  super(type: type, headers: [3, nil], **options)
data/lib/netsnmp/v3_session.rb CHANGED
@@ -24,14 +24,7 @@ module NETSNMP
24
24
  log { "sending request..." }
25
25
  encoded_request = encode(pdu)
26
26
  encoded_response = @transport.send(encoded_request)
27
- response_pdu, *args = decode(encoded_response)
28
- if response_pdu.type == 8
29
- varbind = response_pdu.varbinds.first
30
- if varbind.oid == "1.3.6.1.6.3.15.1.1.2.0" # IdNotInTimeWindow
31
- _, @engine_boots, @engine_time = args
32
- raise IdNotInTimeWindowError, "request timestamp is already out of time window"
33
- end
34
- end
27
+ response_pdu, * = decode(encoded_response)
35
28
  response_pdu
36
29
  end
37
30
 
@@ -85,7 +78,33 @@ module NETSNMP
85
78
  end
86
79
 
87
80
  def decode(stream, security_parameters: @security_parameters)
88
- @message_serializer.decode(stream, security_parameters: security_parameters)
81
+ return_pdu = @message_serializer.decode(stream, security_parameters: security_parameters)
82
+
83
+ pdu, *args = return_pdu
84
+
85
+ # usmStats: http://oidref.com/1.3.6.1.6.3.15.1.1
86
+ if pdu.type == 8
87
+ case pdu.varbinds.first.oid
88
+ when "1.3.6.1.6.3.15.1.1.1.0" # usmStatsUnsupportedSecLevels
89
+ raise Error, "Unsupported security level"
90
+ when "1.3.6.1.6.3.15.1.1.2.0" # usmStatsNotInTimeWindows
91
+ _, @engine_boots, @engine_time = args
92
+ raise IdNotInTimeWindowError, "Not in time window"
93
+ when "1.3.6.1.6.3.15.1.1.3.0" # usmStatsUnknownUserNames
94
+ raise Error, "Unknown user name"
95
+ when "1.3.6.1.6.3.15.1.1.4.0" # usmStatsUnknownEngineIDs
96
+ raise Error, "Unknown engine ID" unless @security_parameters.must_revalidate?
97
+ when "1.3.6.1.6.3.15.1.1.5.0" # usmStatsWrongDigests
98
+ raise Error, "Authentication failure (incorrect password, community or key)"
99
+ when "1.3.6.1.6.3.15.1.1.6.0" # usmStatsDecryptionErrors
100
+ raise Error, "Decryption error"
101
+ end
102
+ end
103
+
104
+ # validate_authentication
105
+ @message_serializer.verify(stream, pdu.auth_param, pdu.security_level, security_parameters: @security_parameters)
106
+
107
+ return_pdu
89
108
  end
90
109
  end
91
110
  end
data/lib/netsnmp/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module NETSNMP
4
- VERSION = "0.4.1"
4
+ VERSION = "0.4.2"
5
5
  end
data/sig/message.rbs CHANGED
@@ -2,6 +2,8 @@ module NETSNMP
2
2
  class Message
3
3
  prepend Loggable
4
4
 
5
+ def verify: (String stream, String auth_param, Integer? security_level, security_parameters: SecurityParameters) -> void
6
+
5
7
  def decode: (String stream, security_parameters: SecurityParameters) -> [ScopedPDU, String, Integer, Integer]
6
8
 
7
9
  def encode: (ScopedPDU pdu, security_parameters: SecurityParameters, ?engine_boots: Integer, ?engine_time: Integer) -> String
data/sig/scoped_pdu.rbs CHANGED
@@ -1,6 +1,8 @@
1
1
  module NETSNMP
2
2
  class ScopedPDU < PDU
3
3
  attr_reader engine_id: String
4
+ attr_reader auth_param: String?
5
+ attr_reader security_level: Integer?
4
6
 
5
7
  private
6
8
 
data/spec/client_spec.rb CHANGED
@@ -177,6 +177,18 @@ RSpec.describe NETSNMP::Client do
177
177
  end
178
178
  it_behaves_like "an snmp client" do
179
179
  let(:protocol_options) { version_options.merge(user_options).merge(extra_options) }
180
+
181
+ context "with wrong auth password and wrong encrypting password" do
182
+ let(:user_options) do
183
+ { username: "authprivmd5des", auth_password: "wrongpassword",
184
+ auth_protocol: :md5, priv_password: "maplesyrup",
185
+ priv_protocol: :des }
186
+ end
187
+ let(:protocol_options) { version_options.merge(user_options).merge(extra_options) }
188
+ it "raises authentication error" do
189
+ expect { subject.get(oid: get_oid) }.to raise_error(NETSNMP::Error, "Authentication failure (incorrect password, community or key)")
190
+ end
191
+ end
180
192
  end
181
193
  end
182
194
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: netsnmp
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tiago Cardoso
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-28 00:00:00.000000000 Z
11
+ date: 2021-06-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: parslet