netsnmp 0.4.2 → 0.6.2

data/lib/netsnmp/security_parameters.rb

@@ -10,7 +10,7 @@ module NETSNMP
     using StringExtensions
     using ASNExtensions
 
-    prepend Loggable
+    include Loggable
 
     IPAD = "\x36" * 64
     OPAD = "\x5c" * 64
@@ -22,13 +22,12 @@ module NETSNMP
     # The 150 Seconds is specified in https://www.ietf.org/rfc/rfc2574.txt 2.2.3
     TIMELINESS_THRESHOLD = 150
 
-    attr_reader :security_level, :username
-    attr_reader :engine_id
+    attr_reader :security_level, :username, :auth_protocol, :engine_id
 
     # @param [String] username the snmp v3 username
     # @param [String] engine_id the device engine id (initialized to '' for report)
     # @param [Symbol, integer] security_level allowed snmp v3 security level (:auth_priv, :auth_no_priv, etc)
-    # @param [Symbol, nil] auth_protocol a supported authentication protocol (currently supported: :md5, :sha)
+    # @param [Symbol, nil] auth_protocol a supported authentication protocol (currently supported: :md5, :sha, :sha256)
     # @param [Symbol, nil] priv_protocol a supported privacy protocol (currently supported: :des, :aes)
     # @param [String, nil] auth_password the authentication password
     # @param [String, nil] priv_password the privacy password
@@ -39,24 +38,42 @@ module NETSNMP
     #   not explicitly set), and :priv_password becomes mandatory.
     #
     def initialize(
-                   username:,
-                   engine_id: "",
-                   security_level: nil,
-                   auth_protocol: nil,
-                   auth_password: nil,
-                   priv_protocol: nil,
-                   priv_password: nil
+      username:,
+      engine_id: "",
+      security_level: nil,
+      auth_protocol: nil,
+      auth_password: nil,
+      priv_protocol: nil,
+      priv_password: nil,
+      **options
     )
-      @security_level = security_level
+      @security_level = case security_level
+                        when /no_?auth/         then 0
+                        when /auth_?no_?priv/   then 1
+                        when /auth_?priv/       then 3
+                        when Integer then security_level
+                        else 3 # rubocop:disable Lint/DuplicateBranch
+                        end
       @username = username
       @engine_id = engine_id
       @auth_protocol = auth_protocol.to_sym unless auth_protocol.nil?
       @priv_protocol = priv_protocol.to_sym unless priv_protocol.nil?
-      @auth_password = auth_password
-      @priv_password = priv_password
-      check_parameters
-      @auth_pass_key = passkey(@auth_password) unless @auth_password.nil?
-      @priv_pass_key = passkey(@priv_password) unless @priv_password.nil?
+
+      if @security_level.positive?
+        @auth_protocol ||= :md5 # this is the default
+        raise "security level requires an auth password" if auth_password.nil?
+        raise "auth password must have between 8 to 32 characters" unless (8..32).cover?(auth_password.length)
+      end
+
+      if @security_level > 1
+        @priv_protocol ||= :des
+        raise "security level requires a priv password" if priv_password.nil?
+        raise "priv password must have between 8 to 32 characters" unless (8..32).cover?(priv_password.length)
+      end
+
+      @auth_pass_key = passkey(auth_password) if auth_password
+      @priv_pass_key = passkey(priv_password) if priv_password
+      initialize_logger(**options)
     end
 
     def engine_id=(id)
@@ -72,9 +89,11 @@ module NETSNMP
     # @return [Array] a pair, where the first argument in the asn structure with the encoded pdu,
     #    and the second is the calculated salt (if it has been encrypted)
     def encode(pdu, salt:, engine_time:, engine_boots:)
-      if encryption
-        encrypted_pdu, salt = encryption.encrypt(pdu.to_der, engine_boots: engine_boots,
-                                                             engine_time: engine_time)
+      encryptor = encryption
+
+      if encryptor
+        encrypted_pdu, salt = encryptor.encrypt(pdu.to_der, engine_boots: engine_boots,
+                                                            engine_time: engine_time)
         [
           OpenSSL::ASN1::OctetString.new(encrypted_pdu).with_label(:encrypted_pdu),
           OpenSSL::ASN1::OctetString.new(salt).with_label(:salt)
@@ -92,10 +111,11 @@ module NETSNMP
       asn = OpenSSL::ASN1.decode(der)
       return asn if security_level < 3
 
-      return asn unless encryption
+      encryptor = encryption
+      return asn unless encryptor
 
       encrypted_pdu = asn.value
-      pdu_der = encryption.decrypt(encrypted_pdu, salt: salt, engine_time: engine_time, engine_boots: engine_boots)
+      pdu_der = encryptor.decrypt(encrypted_pdu, salt: salt, engine_time: engine_time, engine_boots: engine_boots)
       log(level: 2) { "message has been decrypted" }
       OpenSSL::ASN1.decode(pdu_der)
     end
@@ -110,7 +130,13 @@ module NETSNMP
 
       key = auth_key.dup
 
-      key << "\x00" * (@auth_protocol == :md5 ? 48 : 44)
+      # SHA256 => https://datatracker.ietf.org/doc/html/rfc7860#section-4.2.2
+      # The 24 first octets of HMAC are taken as the computed MAC value
+      return OpenSSL::HMAC.digest("SHA256", key, message)[0, 24] if @auth_protocol == :sha256
+
+      # MD5 => https://datatracker.ietf.org/doc/html/rfc3414#section-6.3.2
+      # SHA1 => https://datatracker.ietf.org/doc/html/rfc3414#section-7.3.2
+      key << ("\x00" * (@auth_protocol == :md5 ? 48 : 44))
       k1 = key.xor(IPAD)
       k2 = key.xor(OPAD)
 
@@ -120,6 +146,7 @@ module NETSNMP
 
       digest.reset
       digest << (k2 + d1)
+      # The 12 first octets of the digest are taken as the computed MAC value
       digest.digest[0, 12]
     end
 
@@ -128,15 +155,18 @@ module NETSNMP
     #
     # @raise [NETSNMP::Error] if the message's integration has been violated
     def verify(stream, salt, security_level: @security_level)
-      return if security_level < 1
+      return if security_level.nil? || security_level < 1
+
       verisalt = sign(stream)
       raise Error, "invalid message authentication salt" unless verisalt == salt
+
       log(level: 2) { "message has been verified" }
     end
 
     def must_revalidate?
       return @engine_id.empty? unless authorizable?
       return true if @engine_id.empty? || @timeliness.nil?
+
       (Process.clock_gettime(Process::CLOCK_MONOTONIC, :second) - @timeliness) >= TIMELINESS_THRESHOLD
     end
 
@@ -150,27 +180,6 @@ module NETSNMP
       @priv_key ||= localize_key(@priv_pass_key)
     end
 
-    def check_parameters
-      @security_level = case @security_level
-                        when Integer then @security_level
-                        when /no_?auth/         then 0
-                        when /auth_?no_?priv/   then 1
-                        when /auth_?priv/, nil  then 3
-                        else
-                          raise Error, "security level not supported: #{@security_level}"
-                        end
-
-      if @security_level.positive?
-        @auth_protocol ||= :md5 # this is the default
-        raise "security level requires an auth password" if @auth_password.nil?
-        raise "auth password must have between 8 to 32 characters" unless (8..32).cover?(@auth_password.length)
-      end
-      return unless @security_level > 1
-      @priv_protocol ||= :des
-      raise "security level requires a priv password" if @priv_password.nil?
-      raise "priv password must have between 8 to 32 characters" unless (8..32).cover?(@priv_password.length)
-    end
-
     def localize_key(key)
       digest.reset
       digest << key
@@ -188,8 +197,8 @@ module NETSNMP
       password_length = password.length
       while password_index < 1048576
         initial = password_index % password_length
-        rotated = password[initial..-1] + password[0, initial]
-        buffer = rotated * (64 / rotated.length) + rotated[0, 64 % rotated.length]
+        rotated = String(password[initial..-1]) + String(password[0, initial])
+        buffer = (rotated * (64 / rotated.length)) + String(rotated[0, 64 % rotated.length])
         password_index += 64
         digest << buffer
         buffer.clear
@@ -197,13 +206,14 @@ module NETSNMP
 
       dig = digest.digest
       dig = dig[0, 16] if @auth_protocol == :md5
-      dig
+      dig || ""
     end
 
     def digest
       @digest ||= case @auth_protocol
-                  when :md5 then OpenSSL::Digest::MD5.new
-                  when :sha then OpenSSL::Digest::SHA1.new
+                  when :md5 then OpenSSL::Digest.new("MD5")
+                  when :sha then OpenSSL::Digest.new("SHA1")
+                  when :sha256 then OpenSSL::Digest.new("SHA256")
                   else
                     raise Error, "unsupported auth protocol: #{@auth_protocol}"
                   end
@@ -211,10 +221,8 @@ module NETSNMP
 
     def encryption
       @encryption ||= case @priv_protocol
-                      when :des
-                        Encryption::DES.new(priv_key)
-                      when :aes
-                        Encryption::AES.new(priv_key)
+                      when :des then Encryption::DES.new(priv_key)
+                      when :aes then Encryption::AES.new(priv_key)
                       end
     end
 

data/lib/netsnmp/session.rb

@@ -4,15 +4,23 @@ module NETSNMP
   # Let's just remind that there is no session in snmp, this is just an abstraction.
   #
   class Session
-    prepend Loggable
+    include Loggable
 
     TIMEOUT = 2
 
     # @param [Hash] opts the options set
     def initialize(version: 1, community: "public", **options)
-      @version   = version
+      @version = case version
+                 when Integer then version # assume the use know what he's doing
+                 when /v?1/ then 0
+                 when /v?2c?/ then 1
+                 when /v?3/ then 3
+                 else
+                   raise "unsupported snmp version (#{version})"
+                 end
       @community = community
       validate(**options)
+      initialize_logger(**options)
     end
 
     # Closes the session
@@ -28,7 +36,7 @@ module NETSNMP
     # @return [NETSNMP::PDU] a pdu
     #
     def build_pdu(type, *vars)
-      PDU.build(type, headers: [@version, @community], varbinds: vars)
+      PDU.build(type, version: @version, community: @community, varbinds: vars)
     end
 
     # send a pdu, receives a pdu
@@ -58,16 +66,9 @@ module NETSNMP
         @transport = proxy
       else
         raise "you must provide an hostname/ip under :host" unless host
+
         @transport = Transport.new(host, port.to_i, timeout: timeout)
       end
-      @version = case @version
-                 when Integer then @version # assume the use know what he's doing
-                 when /v?1/ then 0
-                 when /v?2c?/ then 1
-                 when /v?3/ then 3
-                 else
-                   raise "unsupported snmp version (#{@version})"
-                 end
     end
 
     class Transport
@@ -75,7 +76,7 @@ module NETSNMP
 
       def initialize(host, port, timeout:)
         @socket = UDPSocket.new
-        @socket.connect(host, port)
+        @destaddr = Socket.sockaddr_in(port, host)
         @timeout = timeout
       end
 
@@ -90,13 +91,13 @@ module NETSNMP
 
       def write(payload)
         perform_io do
-          @socket.send(payload, 0)
+          @socket.sendmsg(payload, Socket::MSG_DONTWAIT, @destaddr)
         end
       end
 
       def recv(bytesize = MAXPDUSIZE)
         perform_io do
-          datagram, = @socket.recvfrom_nonblock(bytesize)
+          datagram, = @socket.recvmsg_nonblock(bytesize, Socket::MSG_DONTWAIT)
           datagram
         end
       end
@@ -117,6 +118,7 @@ module NETSNMP
 
       def wait(mode)
         return if @socket.__send__(mode, @timeout)
+
         raise Timeout::Error, "Timeout after #{@timeout} seconds"
       end
     end

data/lib/netsnmp/timeticks.rb

@@ -5,6 +5,7 @@ module NETSNMP
     # @param [Integer] ticks number of microseconds since the time it was read
     def initialize(ticks)
       @ticks = ticks
+      super()
     end
 
     def to_s

data/lib/netsnmp/v3_session.rb

@@ -16,7 +16,7 @@ module NETSNMP
     # @return [NETSNMP::ScopedPDU] a pdu
     def build_pdu(type, *vars)
       engine_id = security_parameters.engine_id
-      ScopedPDU.build(type, headers: [engine_id, @context], varbinds: vars)
+      ScopedPDU.build(type, engine_id: engine_id, context: @context, varbinds: vars)
     end
 
     # @see {NETSNMP::Session#send}
@@ -42,11 +42,11 @@ module NETSNMP
         end
       else
         @security_parameters = SecurityParameters.new(security_level: options[:security_level],
-                                                      username:       options[:username],
-                                                      auth_protocol:  options[:auth_protocol],
-                                                      priv_protocol:  options[:priv_protocol],
-                                                      auth_password:  options[:auth_password],
-                                                      priv_password:  options[:priv_password])
+                                                      username: options[:username],
+                                                      auth_protocol: options[:auth_protocol],
+                                                      priv_protocol: options[:priv_protocol],
+                                                      auth_password: options[:auth_password],
+                                                      priv_password: options[:priv_password])
 
       end
     end
@@ -61,7 +61,7 @@ module NETSNMP
     def probe_for_engine
       report_sec_params = SecurityParameters.new(security_level: 0,
                                                  username: @security_parameters.username)
-      pdu = ScopedPDU.build(:get, headers: [])
+      pdu = ScopedPDU.build(:get)
       log { "sending probe..." }
       encoded_report_pdu = @message_serializer.encode(pdu, security_parameters: report_sec_params)
 

data/lib/netsnmp/varbind.rb

@@ -24,8 +24,10 @@ module NETSNMP
 
     def to_asn
       asn_oid = OID.to_asn(@oid)
-      asn_val = if @type
-                  convert_to_asn(@type, @value)
+      type = @type
+
+      asn_val = if type
+                  convert_to_asn(type, @value)
                 else
                   case @value
                   when String
@@ -37,8 +39,10 @@ module NETSNMP
                   when nil
                     OpenSSL::ASN1::Null.new(nil)
                   when IPAddr
+                    # @type ivar @value: IPAddr
                     OpenSSL::ASN1::ASN1Data.new(@value.hton, 0, :APPLICATION)
                   when Timetick
+                    # @type ivar @value: Timetick
                     @value.to_asn
                   else
                     raise Error, "#{@value}: unsupported varbind type"
@@ -73,37 +77,41 @@ module NETSNMP
     end
 
     def convert_to_asn(typ, value)
-      asn_type = typ
       asn_val = value
-      if typ.is_a?(Symbol)
-        asn_type = case typ
+
+      asn_type = if typ.is_a?(Symbol)
+                   case typ
                    when :ipaddress then 0
                    when :counter32
                      asn_val = [value].pack("N*")
-                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack1("B") != "1"
+                     asn_val = asn_val.delete_prefix("\x00") while asn_val[0] == "\x00".b && String(asn_val[1]).unpack1("B") != "1"
                      1
                    when :gauge
                      asn_val = [value].pack("N*")
-                     asn_val = asn_val[1..-1] while asn_val[0] == "\x00".b && asn_val[1].unpack1("B") != "1"
+                     asn_val = asn_val.delete_prefix("\x00") while asn_val[0] == "\x00".b && String(asn_val[1]).unpack1("B") != "1"
                      2
                    when :timetick
+                     # @type var value: Integer
                      return Timetick.new(value).to_asn
                    when :opaque then 4
                    when :nsap then 5
                    when :counter64
+                     # @type var value: Integer
                      asn_val = [
                        (value >> 96) & 0xFFFFFFFF,
                        (value >> 64) & 0xFFFFFFFF,
                        (value >> 32) & 0xFFFFFFFF,
                        value & 0xFFFFFFFF
                      ].pack("NNNN")
-                     asn_val = asn_val[1..-1] while asn_val.start_with?("\x00")
+                     asn_val = asn_val.delete_prefix("\x00") while asn_val.start_with?("\x00")
                      6
                    when :uinteger then 7
                    else
                      raise Error, "#{typ}: unsupported application type"
                    end
-      end
+                 else
+                   typ
+                 end
       OpenSSL::ASN1::ASN1Data.new(asn_val, asn_type, :APPLICATION)
     end
 
@@ -128,12 +136,12 @@ module NETSNMP
 
     def unpack_32bit_integer(payload)
       payload.prepend("\x00") until (payload.bytesize % 4).zero?
-      payload.unpack("N*")[-1] || 0
+      payload.unpack("N*")[-1].to_i
     end
 
     def unpack_64bit_integer(payload)
       payload.prepend("\x00") until (payload.bytesize % 16).zero?
-      payload.unpack("NNNN").reduce(0) { |sum, elem| (sum << 32) + elem }
+      payload.unpack("NNNN").reduce(0) { |sum, elem| (sum << 32) + elem.to_i }
     end
   end
 end

data/lib/netsnmp/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module NETSNMP
-  VERSION = "0.4.2"
+  VERSION = "0.6.2"
 end

data/lib/netsnmp.rb

@@ -8,13 +8,13 @@ require "ipaddr"
 
 # core structures
 
-begin
-  require "xorcist"
-  require "xorcist/refinements"
-  NETSNMP::StringExtensions = Xorcist::Refinements
-rescue LoadError
-  # "no xorcist"
-  module NETSNMP
+module NETSNMP
+  begin
+    require "xorcist"
+    require "xorcist/refinements"
+    StringExtensions = Xorcist::Refinements
+  rescue LoadError
+    # "no xorcist"
     module StringExtensions
       refine String do
         # Bitwise XOR operator for the String class
@@ -24,8 +24,8 @@ rescue LoadError
 
           b2 = other.unpack("C*")
           longest = [b1.length, b2.length].max
-          b1 = [0] * (longest - b1.length) + b1
-          b2 = [0] * (longest - b2.length) + b2
+          b1 = ([0] * (longest - b1.length)) + b1
+          b2 = ([0] * (longest - b2.length)) + b2
           b1.zip(b2).map { |a, b| a ^ b }.pack("C*")
         end
       end

data/sig/client.rbs

@@ -1,5 +1,9 @@
 module NETSNMP
   class Client
+    RETRIES: Integer
+
+    @retries: Integer
+    @session: Session
 
     def get: (*untyped) -> untyped
            | (*untyped) { (PDU) -> void } -> untyped
@@ -13,12 +17,14 @@ module NETSNMP
     def inform: (*untyped) -> untyped
               | (*untyped) { (PDU) -> void } -> untyped
 
-    def walk: (oid: oid) -> _Each[oid_type, oid_value]
+    def walk: (oid: oid) -> _Each[[oid_type, oid_value]]
 
     def close: () -> void
 
     private
 
-    def initialize: (?version?: snmp_version, **untyped) -> untyped
+    def initialize: (?version: snmp_version, **untyped) ?{ (instance) -> void } -> void
+
+    def handle_retries: [U] { () -> U } -> U
   end
 end

data/sig/encryption/aes.rbs

@@ -0,0 +1,23 @@
+module NETSNMP
+  module Encryption
+    class AES
+
+      @priv_key: String
+      @local: Integer
+
+      def encrypt: (String decrypted_data, engine_boots: Integer, engine_time: Integer) -> [String, String]
+
+      def decrypt: (String encrypted_data, salt: String, engine_boots: Integer, engine_time: Integer) -> String
+
+      private
+
+      def initialize: (String priv_key, ?local: Integer) -> untyped
+
+      def generate_encryption_key: (Integer boots, Integer time) -> [String, String]
+
+      def generate_decryption_key: (Integer boots, Integer time, String salt) -> String
+
+      def aes_key: () -> String
+    end
+  end
+end

data/sig/encryption/des.rbs

@@ -0,0 +1,23 @@
+module NETSNMP
+  module Encryption
+    class DES
+
+      @priv_key: String
+      @local: Integer
+
+      def encrypt: (String decrypted_data, engine_boots: Integer, **untyped) -> [String, String]
+
+      def decrypt: (String encrypted_data, salt: String, **untyped) -> String
+
+      private
+
+      def initialize: (String priv_key, ?local: Integer) -> untyped
+
+      def generate_encryption_key: (Integer boots) -> [String, String]
+
+      def generate_decryption_key: (String salt) -> String
+
+      def des_key: () -> String
+    end
+  end
+end

data/sig/errors.rbs

@@ -0,0 +1,13 @@
+module NETSNMP
+  class Error < StandardError
+  end
+
+  class ConnectionFailed < Error
+  end
+
+  class AuthenticationFailed < Error
+  end
+
+  class IdNotInTimeWindowError < Error
+  end
+end

data/sig/extensions.rbs

@@ -0,0 +1,12 @@
+module NETSNMP
+  module ASNExtensions
+    ASN_COLORS: Hash[singleton(OpenSSL::ASN1::ASN1Data), Integer]
+  end
+
+  module Hexdump
+    def self?.dump: (String data, ?width: Integer, ?in_groups_of: Integer, ?separator: String) -> String
+  end
+
+  class HexString < String
+  end
+end

data/sig/loggable.rbs

@@ -1,15 +1,12 @@
 module NETSNMP
   module Loggable
-    interface _Debugger
-      def <<: (string) -> void
-    end
-
     DEBUG_LEVEL: Integer
-    DEBUG: _Debugger
+    DEBUG: IO?
+    COLORS: Hash[Symbol, Integer]
 
-    private
+    def initialize_logger: (?debug: IO, ?debug_level: Integer, **untyped) -> void
 
-    def initialize: (?debug: _DEBUGGER, ?debug_level: Integer, **untyped) -> void
+     private
 
     def log: (?level: Integer) { () -> String } -> void
   end

data/sig/message.rbs

@@ -1,11 +1,23 @@
 module NETSNMP
   class Message
-    prepend Loggable
+    include Loggable
+
+    PRIVNONE: OpenSSL::ASN1::OctetString
+    MSG_MAX_SIZE: OpenSSL::ASN1::Integer
+    MSG_SECURITY_MODEL: OpenSSL::ASN1::Integer
+    MSG_VERSION: OpenSSL::ASN1::Integer
+    MSG_REPORTABLE: Integer
 
     def verify: (String stream, String auth_param, Integer? security_level, security_parameters: SecurityParameters) -> void
 
     def decode: (String stream, security_parameters: SecurityParameters) -> [ScopedPDU, String, Integer, Integer]
 
     def encode: (ScopedPDU pdu, security_parameters: SecurityParameters, ?engine_boots: Integer, ?engine_time: Integer) -> String
+
+    private
+
+    def initialize: (**untyped options) -> void
+
+    def authnone: (Symbol?) -> OpenSSL::ASN1::ASN1Data
   end
 end

data/sig/mib.rbs

@@ -2,20 +2,34 @@ module NETSNMP
   module MIB
     type import = {ids: Array[{name: string}], name: string} | {ids: {name: string}, name: string}
 
-
+    OIDREGEX: Regexp
     MIBDIRS: Array[String]
     PARSER: Parser
 
-    @parser_mutex: Mutex
+    TYPES: Array[String]
+    STATIC_MIB_TO_OID: Hash[String, String]
+
+    @parser_mutex: Thread::Mutex
     @modules_loaded: Array[String]
     @object_identifiers: Hash[String, String]
 
-    def self?.oid: (String identifier) -> String?
-                 | (Array[_ToS] identifier) -> String?
+    def self?.oid: (oid identifier) -> String?
 
-    def self?.load: (String mod) -> void
+    def self?.load: (String mod) -> bool
+
+    def self?.load_imports: (Array[import] | import | nil data) -> Hash[String, Array[String]]?
 
-    def self?.load_imports: ((Array[import] | import)? data) -> Hash[String, Array[String]]?
     def self?.load_defaults: () -> void
+
+    def self?.do_load: (String mod) -> void
+
+    def self?.module_loaded?: (String mod) -> bool
+
+    def self?.store_oid_in_identifiers: (String name, Array[String] value, imports: Hash[String, Array[String]]?, declarations: Hash[String, Array[String]]) -> void
+
+    # workaround
+    class Parser
+      def parse: (String data) -> Hash[:imports | :declarations, untyped?]
+    end
   end
 end