netutils 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4337b8ba35a0b0febbea6e122cc64282245a10df86c7d8b6d52e8e45fb9dc4af
+  data.tar.gz: 59bbc51b9ccce2333fe8ada98787c341845a53b1b9ca78e71eb06c27cd26bfac
+SHA512:
+  metadata.gz: 1b69938caa6c89a849ea1eed54b525243588ed4ebeafd92bfce7521802b0282abd5e3eb73477ee1fc74e100d2c885ee3f3a38eaa0e4bd8976644a17354597e43
+  data.tar.gz: c91e953d6776071026ea164cb483be97e7c6ec100ad27ee10e658b44e6edefeea63196d1d6bb71ca7ad3adfcfa462b0c73abc1642f7295236d7967d16dc6c15b

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+
+#
+*.swp

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.3
+before_install: gem install bundler -v 1.14.3

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at ohmori@tottori-u.ac.jp. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in netutils.gemspec
+gemspec

data/README.md

@@ -0,0 +1,36 @@
+# Netutils
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/netutils`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'netutils'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install netutils
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/ohmori7/netutils. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/acl

@@ -0,0 +1,109 @@
+#!/usr/bin/env ruby
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)).untaint, '/..')
+
+require 'netutils'
+
+################################################################################
+def usage(errmsg = nil)
+	progname = File.basename($0)
+	STDERR.print "ERROR: #{errmsg}\n\n" if errmsg
+	STDERR.print "\
+Usage:
+	#{progname} -h
+	#{progname} [-d] (add|delete) <switch> <type> <name> <number> <address>
+Description:
+	configure IP/MAC address filtering on a specified switch.
+Arguments:
+	 switch: an IP address of a switch.
+	   type: access-list type. possible values are:
+		     ip: IP address base
+		    mac: MAC address base (for non IP packet only)
+		advance: MAC address base (Alaxala only)
+  	   name: access-list name.
+	 number: a sequence number of an access list entry.
+	address: a MAC or IP address to be filtered.
+Options:
+	-h:	output this help message.
+	-d:	dry run.
+Example:
+	#{progname} add 192.168.0.1 advance INCIDENT-FILTER 999 dead.beef.dead
+	#{progname} delete 192.168.0.2 advance INCIDENT-FILTER 999 dead.beef.dead
+"
+        exit 1
+end
+
+usage if ARGV[0] === '-h'
+if ARGV[0] === '-d'
+	ARGV.shift
+	dry = true
+end
+
+case ARGV.size
+when 6
+else
+	usage("Wrong number (#{ARGV.size}) of arguments")
+end
+
+cmd = ARGV.shift
+case cmd
+when 'add'
+	add = true
+when 'delete'
+else
+	usage("Invalid command: #{cmd}")
+end
+
+swname = 'unknown'
+ia = ARGV.shift
+type = ARGV.shift
+name = ARGV.shift
+seq = ARGV.shift.to_i
+addr = ARGV.shift
+
+usage("Invalid IP address format: #{ia}") if ia !~ /^[0-9\.]+$/
+# we assume that max. sequence # is used for ``permit any any''
+usage if seq >= ACL_MAX_SEQ
+
+begin
+	log_without_newline "#{cmd} a filter for #{addr} on #{ia}... "
+	sw = Switch.new(nil, Switch::Type::ROUTER, ia)
+	sw.login
+	swname = sw.name
+	if ! sw.acl_exists?(type, name)
+		raise(ArgumentError, "No such ACL found: #{type} #{name}")
+	end
+	if dry
+		log_without_newline "(skip due to dry run)... "
+	elsif add
+		sw.acl_add(type, name, addr, seq)
+	else
+		sw.acl_delete(type, name, seq)
+	end
+	log 'done'
+	if add
+		m = "please run below command on recovery:\n"
+		s = File.expand_path(__FILE__)
+		m += "\t#{s} delete #{ia} #{type} #{name} #{seq} #{addr}\n"
+		puts m
+	else
+		m = "Allow traffic from #{addr} on #{swname}\n"
+	end
+	exitcode = 0
+rescue => e
+	r = ' FAILED'
+	m = e.to_s
+	puts "\n#{r}: #{m}"
+	exitcode = 1
+end
+
+#
+m += <<EOL
+
+log:
+#{log_buffer}
+EOL
+
+#
+mail "Filter #{cmd.upcase}#{r}: #{addr} on #{swname} (#{ia})", m
+
+exit exitcode

data/bin/alaxala-deploy

@@ -0,0 +1,271 @@
+#!/usr/bin/env ruby
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)).untaint, '/..')
+#
+require 'io/console'	# Ruby 1.9.3 or later
+require 'time'
+require 'thread'
+require 'optparse'
+require 'netutils'
+
+#
+PATH = '/home/conf/net/certs'
+CERT = "#{WEBAUTH_HOST}.cer"
+KEY  = "#{WEBAUTH_HOST}.key"
+INT  = 'nii-odca3sha2.cer'
+CERTFILES = [
+    CERT,
+    KEY,
+    INT
+    ]
+#
+HTML = '/home/conf/net/html/wired'
+HTMLFILES = [
+    'favicon.ico',
+    'login.html',
+    'loginNG.html',
+    'loginOK.html',
+    'loginProcess.html',
+    'logout.html',
+    'logoutNG.html',
+    'logoutOK.html',
+    'webauth.msg'
+    ]
+HTMLDIR = 'html'	# a directory on a switch for HTML files
+#
+def usage(errmsg = nil)
+	progname = File.basename($0)
+	STDERR.print "ERROR: #{errmsg}\n\n" if errmsg
+	STDERR.print "\
+Usage:
+	#{progname} -h
+	#{progname} [-c] [-w] [-r] -a
+	#{progname} [-c] [-w] [-r] <switch IP address1> <switch IP address2> ...
+Description:
+	deploy files to Alaxala switches, such as certificate files (i.e.,
+	certificate itself, private key, intermediate CA certificate), HTML
+	files for Web authentication.
+	If an option, ``-a,'' is given, deploy to all switches using LLDP or
+	CDP.  All files should be placed into the FTP server,
+		#{FTP_SERVER}:#{PATH} (for certificate files),
+		#{FTP_SERVER}:#{HTML} (for HTML files),
+	in advance.
+Arguments:
+	switch IP address: an IP address of a switch.
+Options:
+	-h:	output this help message.
+	-c:	deploy certificate files.
+	-w:	deploy HTML files.
+	-r:	reload a switch if necessary (only for certificate files).
+	-a:	deploy to all switches.
+Example:
+	output information:
+		#{progname} 192.168.0.1
+		#{progname} -a
+	installing certificate files:
+		#{progname} -c 192.168.0.1
+		#{progname} -c -a
+	installing certificate and HTML files:
+		#{progname} -c -w 192.168.0.1
+		#{progname} -c -w -a
+	reload switches if and only if necessary (only for certificate files):
+		#{progname} -r 192.168.0.1
+		#{progname} -r -a
+"
+        exit 1
+end
+
+##
+# inject() requires Ruby2.4... take a more operational way.
+options0 = ARGV.getopts('hcwra', 'help', 'certificate', 'web', 'reload', 'all')
+options = {}
+options0.map { |k, v| options[k.to_sym] = v }
+
+usage if options[:h]
+if options[:a]
+	if ARGV.length != 0
+		usage('Extra argument specified')
+	end
+	Switch.set_retrieve_all
+	SWITCHES.each { |name, ia| Switch.new(name, Switch::Type::ROUTER, ia, ) }
+elsif ARGV.length > 0
+	ARGV.each do |ia|
+		Switch.new(nil, Switch::Type::ROUTER, ia)
+	end
+else
+	usage('No IP address is given.')
+end
+
+##
+user = nil
+password = nil
+if options[:c] || options[:w]
+	print 'Input FTP user name: '
+	user = STDIN.gets.strip
+	print 'Input FTP password: '
+	password = STDIN.noecho(&:gets).strip
+	puts
+end
+
+##
+reboots = Queue.new
+Switch.retrieve do |sw|
+	if sw.name
+		print "Connecting: ``#{sw.name}'' (#{sw.ia})\n"
+	else
+		print "Connecting: #{sw.ia}\n"
+	end
+	sw.login
+	msg = " Connected: ``#{sw.name}'' (#{sw.ia}) (#{sw.maker_to_s} " +
+	    "#{sw.product})"
+	if sw.maker != CLI::Maker::ALAXALA
+		puts "#{msg} SKIP non-Alaxala equipment."
+		next
+	end
+	config = sw.config_get
+	if config !~ /web-authentication system-auth-control/m
+		puts "#{msg} SKIP no Web authentication configured."
+		next
+	end
+	puts msg
+	r = sw.cmd('show web-authentication ssl-crt')
+	# SSL key               : default now
+	# SSL certificate       : 2018/04/03 20:04:11
+	# SSL intermediate cert : 2018/04/03 20:04:11
+	sep = ''
+	installedtime = nil
+	msg = " #{sw.name} (#{sw.ia}): CERT:"
+	r.scan(/SSL ([^:]*) : ([^\n]+)/) do |k, v|
+		k.strip!
+		v.strip!
+		if v =~ /^default/
+			v = 'none'
+		elsif installedtime === nil
+			installedtime = Time.parse(v)
+		end
+		msg += "#{sep} #{k}: #{v}"
+		sep = ','
+	end
+	r = sw.cmd('show system')
+	if r =~ /^.*Boot Date[^:]+: ([^\n]+).*$/
+		v = $1.strip
+		boottime = Time.parse(v)
+		msg += ", boot: #{v}"
+		if boottime < installedtime || options[:c]
+			reboots.push(sw)
+			msg += ' (need reboot)'
+		end
+	end
+	puts msg
+
+	#
+	r = sw.cmd('show web-authentication html-files')
+	sep = ''
+	msg = " #{sw.name} (#{sw.ia}): HTML:"
+	r.scan(/^ +([0-9\/]+ [0-9:]+) + ([0-9,]+) ([^\n]+)/) do |date, size, f|
+		date.strip!
+		size.strip!
+		f.strip!
+		msg += "#{sep} #{f} #{size} (#{date})"
+		sep = ','
+	end
+	puts msg
+
+	next if ! options[:c] && ! options[:w]
+
+	oprompt = sw.prompt
+	sw.cmd("ftp #{FTP_SERVER}", 'Name: ')
+	sw.cmd(user, 'Password:')
+	r = sw.cmd(password, "ftp> |#{oprompt}")
+	if r =~ /530 Login incorrect./
+		raise('Invalid FTP password')
+	end
+	r = sw.cmd('passive')
+	r += sw.cmd('bin')
+	if options[:c]
+		r += sw.cmd("cd #{PATH}")
+		CERTFILES.each { |f| r += sw.cmd("get #{f}") }
+		if r =~ /Failed/
+			raise('cannot get certificate files')
+		end
+	end
+	htmlfiles = nil
+	if options[:w]
+		r  = sw.cmd("cd #{HTML}")
+		r += sw.cmd('mget *', 'mget.*\? ?')
+		r += sw.cmd('a', 'ftp> ')
+		if r =~ /Failed/
+			raise('cannot get html files')
+		end
+		htmlfiles = r.scan(/nnection for ([^ ]+) /).collect { |a| a[0] }
+		HTMLFILES.each do |f|
+			next if htmlfiles.include?(f)
+			raise("missing HTML file: #{f}")
+		end
+	end
+	sw.cmd('exit', oprompt)
+	if options[:c]
+		sw.cmd('set web-authentication ssl-crt', '[^:]+: ')
+		sw.cmd(KEY)
+		sw.cmd(CERT)
+		sw.cmd(INT, '[^:]+:')
+		sw.cmd('y', oprompt)
+		CERTFILES.each { |f| sw.cmd("del ramdisk #{f}") }
+	end
+	if options[:w]
+		#
+		# here create a directory and move files in order to avoid that
+		# unnecessary files are loaded into HTML files area.
+		#
+		sw.cmd("mkdir ramdisk #{HTMLDIR}")
+		htmlfiles.each do |f|
+			# they do not have ``move''...sign...
+			sw.cmd("copy ramdisk #{f} ramdisk #{HTMLDIR}")
+			sw.cmd("del ramdisk #{f}")
+		end
+
+		sw.cmd("set web-authentication html-files ramdisk #{HTMLDIR}",
+		    '[^:]+: ')
+		# Do you wish to install new html-files? (y/n): y
+		sw.cmd('y', oprompt)
+
+		# okay remove our files.
+		htmlfiles.each do |f|
+			sw.cmd("del ramdisk #{HTMLDIR}/#{f}")
+		end
+		sw.cmd("rmdir ramdisk #{HTMLDIR}")
+	end
+	print "      Done: ``#{sw.name}'' (#{sw.ia}) " +
+	    "(#{sw.maker_to_s} #{sw.product})\n"
+end
+Switch.warn
+
+exit if ! options[:r]
+
+thread_concurrency = 64
+threads = []
+for i in 1..thread_concurrency do
+	threads <<= Thread.new do
+		begin
+			while sw = reboots.pop(true) do
+				sw.configure
+				sw.cmd('save')
+				sw.unconfigure
+				begin
+					#
+					# note that pager configuration or
+					# other configurations barks without
+					# an option, ``-f.''
+					#
+					sw.cmd('reload -f')
+				rescue
+				end
+				puts "   Reboot: ``#{sw.name}'' (#{sw.ia}) done"
+			end
+		rescue
+		end
+	end
+end
+
+threads.each do |thread|
+	thread.join
+end