netsnmp 0.0.0 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 01d3849f1d3acbab7fa9b57055aafd5150fd3865
-  data.tar.gz: 444a3fae5b5d38df3873a4ee0c35cf16f3bf16a6
+  metadata.gz: 2a043cc79c90239f031b1873089c8a23f50dd5b8
+  data.tar.gz: 05b0baf81082f36cc1a870c3f4f5a87b40041a60
 SHA512:
-  metadata.gz: 6cd620b0b6cc65ba8f58d6c0ec5168270f9f814f930b6bc56bd8f82e26cbc4bb5b146858bf328a27265cc149b5e73ca521655250d6a36e4ccec65b0cc64fa5fc
-  data.tar.gz: 0be3b839d7992a719f4efa6a823899d9b1b98a206ef4a780bf6b044fbf655860daf800534aad976861dbbb39215ddb5ed537df0ff39e4bb0a68a22c94fbd1049
+  metadata.gz: 63c8a7195237c722b4fb7d0db9f00789ca475c7d080cc8d539f6e1f26adca2482c71d1064925fdd788f95f1f8cac9e89e33c06edc878c22b26be964948af0207
+  data.tar.gz: d30bb03a3a0fc19c34f9afd07512260ea0f4f4bc7f407b5b7c980e9bbb39e166730b34ec5be425b3435270b98e82e002d15b6992ae3834eeb1369bfae805bf19

data/lib/netsnmp/oid.rb

@@ -72,23 +72,82 @@ module NETSNMP
   end
 
   # SNMP v3-relevant OIDs
+  class AuthOID < OID
+    def generate_key(session, user, pass)
+      raise Error, "no given Authorization User" unless user
+      raise Error, "no given Authorization Password" unless pass
 
-  class MD5OID < OID
+      session[:securityAuthProto] = pointer
+      session[:securityName] = FFI::MemoryPointer.from_string(user)
+      session[:securityNameLen] = user.length
+
+      auth_len_ptr = FFI::MemoryPointer.new(:size_t)
+      auth_len_ptr.write_int(Core::Constants::USM_AUTH_KU_LEN)
+
+      auth_key_result = Core::LibSNMP.generate_Ku(pointer,
+                                 session[:securityAuthProtoLen],
+                                 pass,
+                                 pass.length,
+                                 session[:securityAuthKey],
+                                 auth_len_ptr)
+      unless auth_key_result == Core::Constants::SNMPERR_SUCCESS
+        raise AuthenticationFailed, "failed to authenticate #{auth_user} in #{@host}"
+      end
+      session[:securityAuthKeyLen] = auth_len_ptr.read_int
+    end
+  end
+
+  class PrivOID < OID
+
+    def generate_key(session, user, pass)
+      raise Error, "no given Priv User" unless user
+      raise Error, "no given Priv Password" unless pass
+
+      session[:securityPrivProto] = pointer
+
+      # other necessary lengths
+      priv_len_ptr = FFI::MemoryPointer.new(:size_t)
+      priv_len_ptr.write_int(Core::Constants::USM_PRIV_KU_LEN)
+
+      # NOTE I know this is handing off the AuthProto, but generates a proper
+      # key for encryption, and using PrivProto does not.
+      priv_key_result = Core::LibSNMP.generate_Ku(session[:securityAuthProto],
+                                                  session[:securityAuthProtoLen],
+                                                  pass,
+                                                  pass.length,
+                                                  session[:securityPrivKey],
+                                                  priv_len_ptr)
+
+      unless priv_key_result == Core::Constants::SNMPERR_SUCCESS
+        raise AuthenticationFailed, "failed to authenticate #{auth_user} in #{@host}"
+      end
+      session[:securityPrivKeyLen] = priv_len_ptr.read_int
+
+    end
+  end
+
+  class MD5OID < AuthOID
     def initialize ; super("1.3.6.1.6.3.10.1.1.2") ; end
   end
-  class SHA1OID < OID
+  class SHA1OID < AuthOID
     def initialize ; super("1.3.6.1.6.3.10.1.1.3") ; end
   end
-  class NoAuthOID < OID
+  class NoAuthOID < AuthOID
     def initialize ; super("1.3.6.1.6.3.10.1.1.1") ; end
+    def generate_key(session, *) 
+      session[:securityAuthProto] = pointer
+    end
   end
-  class AESOID < OID
+  class AESOID < PrivOID
     def initialize ; super("1.3.6.1.6.3.10.1.2.4") ; end
   end
-  class DESOID < OID
+  class DESOID < PrivOID
     def initialize ; super("1.3.6.1.6.3.10.1.2.2") ; end
   end
-  class NoPrivOID < OID
+  class NoPrivOID < PrivOID
     def initialize ; super("1.3.6.1.6.3.10.1.2.1") ; end
+    def generate_key(session, *) 
+      session[:securityPrivProto] = pointer
+    end
   end 
 end

data/lib/netsnmp/session.rb

@@ -22,12 +22,17 @@ module NETSNMP
     # 
     def initialize(host, opts)
       @host = host
+      # this is because other evented clients might discover IP first, but hostnames
+      # give you better trackability of errors. Give the opportunity to the users to
+      # pass it, by setting the hostname explicitly. If not, fallback to the host. 
+      @hostname = opts.fetch(:hostname, @host)
       @options = opts
+      @logged_at = nil
       @request = nil
       # For now, let's eager load the signature
       @signature = build_signature(@options)
       if @signature.null?
-        raise ConnectionFailed, "could not connect to #{host}"
+        raise ConnectionFailed, "could not build signature for #@hostname"
       end
       @requests ||= {}
     end
@@ -44,7 +49,7 @@ module NETSNMP
         transport.close rescue nil
       end
       if Core::LibSNMP.snmp_sess_close(@signature) == 0
-        raise Error, "#@host: Couldn't clean up session properly"
+        raise Error, "#@hostname: Couldn't clean up session properly"
       end
     end
 
@@ -60,6 +65,26 @@ module NETSNMP
 
     private
 
+    LoggedInTimeout = Class.new(Timeout::Error)
+    def try_login
+      return yield unless @logged_at.nil?
+
+      begin
+        # problem for snmp is, there is no login process.
+        # signature is sent on first packet. As we are not using the synch interface, this will not
+        # be handled by the core library. Which sucks. But even core library would just retry and timeout
+        # at some point.
+        # we do something similar: before any PDU succeeds, after first PDU is async-sent, we wait for reads, but we can't block. If 
+        # the socket hasn't anything to read, we can assume it was the wrong USERNAME (?).
+        # TODO: research if this is true. 
+        Timeout.timeout(@timeout, LoggedInTimeout) do
+          yield
+        end
+      rescue LoggedInTimeout
+        raise ConnectionFailed, "failed to login to #@hostname"
+      end
+    end
+
     def transport
       @transport ||= fetch_transport
     end
@@ -73,31 +98,40 @@ module NETSNMP
       if ( @reqid = Core::LibSNMP.snmp_sess_async_send(@signature, pdu.pointer, session_callback, nil) ) == 0
         # it's interesting, pdu's are only fred if the async send is successful... netsnmp 1 - me 0
         Core::LibSNMP.snmp_free_pdu(pdu.pointer)
-        raise SendError, "#@host: Failed to send pdu"
+        # if it's the first time we're passing here and send fails, we can (?) assume that
+        # AUTH_PASSWORD is wrong
+        if @logged_at.nil?
+          raise ConnectionFailed, "failed to login to #@hostname"
+        else
+          raise SendError, "#@hostname: Failed to send pdu"
+        end
       end
     end
 
     def read
       receive # trigger callback ahead of time and wait for it
+      # Sounds a bit unreasonable, but only after we arrived here we know for sure that the credentials are proper.
+      # So we can set this variable, so further errors can be safely ignored.
+      @logged_at ||= Time.now
       handle_response
     end
 
     def handle_response
       operation, response_pdu = @requests.delete(@reqid)
       case operation
-        when :send_failed
-          raise ReceiveError, "#@host: Failed to receive pdu"
-        when :timeout
-          raise Timeout::Error, "#@host: timed out while waiting for pdu response"
         when :success
           response_pdu
+        when :send_failed
+          raise ReceiveError, "#@hostname: Failed to receive pdu"
+        when :timeout
+          raise Timeout::Error, "#@hostname: timed out while waiting for pdu response"
         else
-          raise Error, "#@host: unrecognized operation for request #{@reqid}: #{operation} for #{response_pdu}"
+          raise Error, "#@hostname: unrecognized operation for request #{@reqid}: #{operation} for #{response_pdu}"
       end
     end
 
     def receive
-      readers, _ = wait_readable
+      readers, _ = try_login { wait_readable }
       case readers.size
         when 1..Float::INFINITY
           # triggers callback
@@ -105,13 +139,19 @@ module NETSNMP
         when 0
           Core::LibSNMP.snmp_sess_timeout(@signature)
         else
-          raise ReceiveError, "#@host: error receiving data"
+          raise ReceiveError, "#@hostname: error receiving data"
       end
     end
     
     def async_read
       if Core::LibSNMP.snmp_sess_read(@signature, get_selectable_sockets.pointer) != 0
-        raise ReceiveError, "#@host: Failed to receive pdu response"
+        # if it's the first time we're passing here and send fails, we can (?) assume that
+        # PRIV_PASSWORD is wrong
+        if @logged_at.nil?
+          raise ConnectionFailed, "failed to login to #@hostname"
+        else
+          raise ReceiveError, "#@hostname: Failed to receive pdu response"
+        end
       end
     end
 
@@ -164,79 +204,52 @@ module NETSNMP
       return unless session[:version] == Core::Constants::SNMP_VERSION_3 
 
 
+      session[:securityAuthProtoLen] = 10
+      session[:securityAuthKeyLen] = Core::Constants::USM_AUTH_KU_LEN
+      session[:securityPrivProtoLen] = 10
+      session[:securityPrivKeyLen] = Core::Constants::USM_PRIV_KU_LEN
+
       # Security Authorization
-      session[:securityLevel] =  options[:security_level] || Core::Constants::SNMP_SEC_LEVEL_AUTHPRIV
+      session[:securityLevel] =  case options[:security_level] 
+        when /noauth/         then Core::Constants::SNMP_SEC_LEVEL_NOAUTH
+        when /auth_?no_?priv/ then Core::Constants::SNMP_SEC_LEVEL_AUTHNOPRIV
+        when /auth_?priv/     then Core::Constants::SNMP_SEC_LEVEL_AUTHPRIV 
+        when Integer
+          options[:security_level]
+        else Core::Constants::SNMP_SEC_LEVEL_AUTHPRIV
+      end
+
       auth_protocol_oid = case options[:auth_protocol]
         when :md5   then MD5OID.new
         when :sha1  then SHA1OID.new
         when nil    then NoAuthOID.new
-        else raise Error, "#@host: #{options[:auth_protocol]} is an unsupported authorization protocol"
+        else raise Error, "#@hostname: #{options[:auth_protocol]} is an unsupported authorization protocol"
       end
 
-      session[:securityAuthProto] = auth_protocol_oid.pointer
-
-      # Priv Protocol
+       # Priv Protocol
       priv_protocol_oid = case options[:priv_protocol]
         when :aes then AESOID.new 
         when :des then DESOID.new
         when nil  then NoPrivOID.new
-        else raise Error, "#@host: #{options[:priv_protocol]} is an unsupported privacy protocol"
+        else raise Error, "#@hostname: #{options[:priv_protocol]} is an unsupported privacy protocol"
       end
-      session[:securityPrivProto] = priv_protocol_oid.pointer
-
-      # other necessary lengths
-      session[:securityAuthProtoLen] = 10
-      session[:securityAuthKeyLen] = Core::Constants::USM_AUTH_KU_LEN
-      session[:securityPrivProtoLen] = 10
-      session[:securityPrivKeyLen] = Core::Constants::USM_PRIV_KU_LEN
-
+   
+      user, auth_pass, priv_pass = options.values_at(:username, :auth_password, :priv_password)
+      auth_protocol_oid.generate_key(session, user, auth_pass)
+      priv_protocol_oid.generate_key(session, user, priv_pass )
 
       if options[:context]
         session[:contextName] = FFI::MemoryPointer.from_string(options[:context])
         session[:contextNameLen] = options[:context].length
       end
 
-      # Authentication
-      # Do not generate_Ku, unless we're Auth or AuthPriv
-      auth_user, auth_pass = options.values_at(:username, :auth_password)
-      raise Error, "#@host: no given Authorization User" unless auth_user
-      session[:securityName] = FFI::MemoryPointer.from_string(auth_user)
-      session[:securityNameLen] = auth_user.length
-
-      auth_len_ptr = FFI::MemoryPointer.new(:size_t)
-      auth_len_ptr.write_int(Core::Constants::USM_AUTH_KU_LEN)
-      auth_key_result = Core::LibSNMP.generate_Ku(session[:securityAuthProto],
-                                       session[:securityAuthProtoLen],
-                                       auth_pass,
-                                       auth_pass.length,
-                                       session[:securityAuthKey],
-                                       auth_len_ptr)
-      session[:securityAuthKeyLen] = auth_len_ptr.read_int
-
-      priv_len_ptr = FFI::MemoryPointer.new(:size_t)
-      priv_len_ptr.write_int(Core::Constants::USM_PRIV_KU_LEN)
-
-      priv_pass = options[:priv_password]
-      # NOTE I know this is handing off the AuthProto, but generates a proper
-      # key for encryption, and using PrivProto does not.
-      priv_key_result = Core::LibSNMP.generate_Ku(session[:securityAuthProto],
-                                                  session[:securityAuthProtoLen],
-                                                  priv_pass,
-                                                  priv_pass.length,
-                                                  session[:securityPrivKey],
-                                                  priv_len_ptr)
-      session[:securityPrivKeyLen] = priv_len_ptr.read_int
-
-      unless auth_key_result == Core::Constants::SNMPERR_SUCCESS and 
-             priv_key_result == Core::Constants::SNMPERR_SUCCESS
-        raise AuthenticationFailed, "failed to authenticate #{auth_user} in #{@host}"
-      end
+
     end
 
 
     # @param [Hash] options options to open the net-snmp session
     # @option options [String] :community the snmp community string (defaults to public)
-    # @option options [Integer] :timeout number of millisecs until first timeout
+    # @option options [Integer] :timeout number of sec until first timeout
     # @option options [Integer] :retries number of retries before timeout
     # @return [FFI::Pointer] a pointer to the validated session signature, which will therefore be used in all _sess_ methods from libnetsnmp
     def build_signature(options)
@@ -259,9 +272,9 @@ module NETSNMP
       
       session[:peername] = FFI::MemoryPointer.from_string(peername)
 
-      session[:timeout] = options[:timeout] if options.has_key?(:timeout)
-      session[:retries] = options[:retries] if options.has_key?(:retries)
-
+      @timeout = options[:timeout] || 10
+      session[:timeout] = @timeout * 1000000
+      session[:retries] = options[:retries] || 5
       session_authorization(session, options)
       Core::LibSNMP.snmp_sess_open(session.pointer)
     end
@@ -289,14 +302,14 @@ module NETSNMP
 
         # TODO: pass exception in case of failure
 
+        response_pdu = ResponsePDU.new(pdu_ptr)
+        @requests[@reqid] = [op, response_pdu]
         if reqid == @reqid
-          response_pdu = ResponsePDU.new(pdu_ptr)
           # probably pass the result as a yield from a fiber
-          @requests[@reqid] = [op, response_pdu]
-
           op.eql?(:unrecognized_operation) ? 0 : 1
         else  
-          puts "wow, unexpected #{op}.... #{reqid} different than #{@reqid}"
+          # this is happening when user is unknown(????)
+          #puts "wow, unexpected #{op}.... #{reqid} different than #{@reqid}"
           0
         end
       end

data/lib/netsnmp/version.rb

@@ -1,3 +1,3 @@
 module NETSNMP
-  VERSION = '0.0.0'.freeze
+  VERSION = '0.0.2'.freeze
 end

data/netsnmp.gemspec

@@ -15,6 +15,7 @@ DESC
   gem.homepage    = ""
   gem.platform    = Gem::Platform::RUBY
   gem.required_ruby_version = '>=2.0.0'
+  gem.metadata["allowed_push_hosts"] = "https://rubygems.org/"
 
   # Manifest
   gem.files         = `git ls-files`.split("\n") - Dir['tmp/**/*']

data/spec/client_spec.rb

@@ -12,6 +12,35 @@ RSpec.describe NETSNMP::Client do
 
   subject { described_class.new(host, options) }
 
+  describe "establishing session" do
+    let(:oid) { "1.3.6.1.2.1.1.5.0" } # sysName.0
+    context "with a wrong auth password" do
+      let(:options) { host_options.merge( auth_password: "auctoritas2", timeout: 5) }
+      it { 
+        expect { 
+          subject.get(oid)
+        }.to raise_error(NETSNMP::ConnectionFailed) 
+      }
+    end
+    context "with a wrong priv password" do
+      let(:options) { host_options.merge( priv_password: "privatus2", timeout: 5) }
+      it { 
+        expect { 
+          subject.get(oid)
+        }.to raise_error(NETSNMP::ConnectionFailed) 
+      }
+    end
+
+    context "with an unexisting user" do
+      let(:options) { host_options.merge(username: "simulata", timeout: 5) }
+      it { 
+        expect { 
+          subject.get(oid)
+        }.to raise_error(NETSNMP::ConnectionFailed) 
+      }
+    end
+  end
+
   describe "#get" do
     let(:oid) { "1.3.6.1.2.1.1.5.0" } # sysName.0
     let(:value) { subject.get(oid) }

data/spec/support/start_docker.sh

@@ -1,4 +1,5 @@
 sudo docker build --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy -t snmp-server-emulator -f spec/support/Dockerfile .
 sudo docker run -d -p :1161/udp --name test-snmp-emulator snmp-server-emulator --agent-udpv4-endpoint=0.0.0.0:1161 --agent-udpv6-endpoint='[::0]:1161'
+sleep 20 # give some time for the simulator to boot
 
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: netsnmp
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.0.2
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-07 00:00:00.000000000 Z
+date: 2016-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -147,7 +147,8 @@ files:
 homepage: ''
 licenses:
 - Apache-2.0
-metadata: {}
+metadata:
+  allowed_push_hosts: https://rubygems.org/
 post_install_message: 
 rdoc_options: []
 require_paths: