Class: Cisco::SnmpUser

Inherits:

Object

• Object
• Cisco::SnmpUser

Defined in:

lib/cisco_node_utils/snmpuser.rb

Constant Summary

@@users =

{}

@@node =

Cisco::Node.instance

Instance Attribute Summary

• #engine_id ⇒ Object readonly

  Returns the value of attribute engine_id.

• #name ⇒ Object readonly

  Returns the value of attribute name.

Class Method Summary

• .auth_password(name, engine_id) ⇒ Object
• .default_auth_password ⇒ Object
• .default_auth_protocol ⇒ Object
• .default_engine_id ⇒ Object
• .default_groups ⇒ Object
• .default_priv_password ⇒ Object
• .default_priv_protocol ⇒ Object
• .priv_password(name, engine_id) ⇒ Object
• .users ⇒ Object

Instance Method Summary

• #auth_password ⇒ Object
• #auth_password_equal?(passwd, is_localized = false) ⇒ Boolean

  passwords are hashed and so cannot be retrieved directly, but can be checked for equality.

• #auth_protocol ⇒ Object
• #destroy ⇒ Object
• #groups ⇒ Object
• #initialize(name, groups, authproto, authpass, privproto, privpass, localizedkey, engineid, instantiate = true) ⇒ SnmpUser constructor

  A new instance of SnmpUser.

• #priv_password ⇒ Object
• #priv_password_equal?(passwd, is_localized = false) ⇒ Boolean
• #priv_protocol ⇒ Object

Constructor Details

#initialize(name, groups, authproto, authpass, privproto, privpass, localizedkey, engineid, instantiate = true) ⇒ SnmpUser

Returns a new instance of SnmpUser.

Raises:

• (TypeError)

# File 'lib/cisco_node_utils/snmpuser.rb', line 29

def initialize(name, groups, authproto, authpass, privproto,
               privpass, localizedkey, engineid, instantiate=true)
  raise TypeError unless name.is_a?(String)
  raise ArgumentError if name.empty?
  raise TypeError unless groups.is_a?(Array)
  raise TypeError unless authproto.is_a?(Symbol)
  raise TypeError unless authpass.is_a?(String)
  # empty password but protocol provided = bad
  # non-empty password and no protocol provided = bad
  raise ArgumentError if authpass.empty? and [:sha, :md5].include?(authproto) and instantiate
  raise ArgumentError if not authpass.empty? and not [:sha, :md5].include?(authproto)
  raise TypeError unless privproto.is_a?(Symbol)
  raise TypeError unless privpass.is_a?(String)
  raise ArgumentError if privpass.empty? and [:des, :aes128].include?(privproto) and instantiate
  raise ArgumentError if not privpass.empty? and not [:des, :aes128].include?(privproto)
  raise TypeError unless !!localizedkey == localizedkey # bool check
  raise TypeError unless engineid.is_a?(String)

  @name = name
  @engine_id = engineid

  @authproto = authproto
  @privproto = privproto
  @groups_arr = groups

  authprotostr = _auth_sym_to_str(authproto)
  privprotostr = _priv_sym_to_str(privproto)

  # Config string syntax:
  # [no] snmp-server user <user> [group] [auth {md5|sha} <passwd1> [priv [aes-128] <passwd2>] [localizedkey] [engineID <id>]]
  if instantiate
    # assume if multiple groups, apply all config to each
    groups = [""] if groups.empty?
    groups.each { |group|
      @@node.config_set("snmp_user", "user", "",
                        name,
                        group,
                        authpass.empty? ? "" : "auth #{authprotostr} #{authpass}",
                        privpass.empty? ? "" : "priv #{privprotostr} #{privpass}",
                        localizedkey ? "localizedkey" : "",
                        engineid.empty? ? "" : "engineID #{engineid}")
    }
  end
end

Instance Attribute Details

#engine_id ⇒ Object (readonly)

Returns the value of attribute engine_id.

# File 'lib/cisco_node_utils/snmpuser.rb', line 197

def engine_id
  @engine_id
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/cisco_node_utils/snmpuser.rb', line 119

def name
  @name
end

Class Method Details

.auth_password(name, engine_id) ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 141

def SnmpUser.auth_password(name, engine_id)
  if engine_id.empty?
      users = @@node.config_get("snmp_user", "auth_password")
      return nil if users.nil?
      users.each_entry { |user|
          return user[1] if user[0] == name
      }
  else
      users = @@node.config_get("snmp_user", "auth_password_with_engine_id")
      return nil if users.nil?
      users.each_entry { |user|
          return user[1] if user[0] == name and user[2] == engine_id
      }
  end
  nil
end

.default_auth_password ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 137

def SnmpUser.default_auth_password
  @@node.config_get_default("snmp_user", "auth_password")
end

.default_auth_protocol ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 133

def SnmpUser.default_auth_protocol
  _auth_str_to_sym(@@node.config_get_default("snmp_user", "auth_protocol"))
end

.default_engine_id ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 199

def SnmpUser.default_engine_id
  @@node.config_get_default("snmp_user", "engine_id")
end

.default_groups ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 125

def SnmpUser.default_groups
  [@@node.config_get_default("snmp_user", "group")]
end

.default_priv_password ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 193

def SnmpUser.default_priv_password
  @@node.config_get_default("snmp_user", "priv_password")
end

.default_priv_protocol ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 189

def SnmpUser.default_priv_protocol
  _priv_str_to_sym(@@node.config_get_default("snmp_user", "priv_protocol"))
end

.priv_password(name, engine_id) ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 166

def SnmpUser.priv_password(name, engine_id)
  if engine_id.empty?
    users = @@node.config_get("snmp_user", "priv_password")
    unless users.nil?
      users.each_entry { |user|
        return user[1] if user[0] == name
      }
    end
  else
    users = @@node.config_get("snmp_user", "priv_password_with_engine_id")
    unless users.nil?
      users.each_entry { |user|
          return user[1] if user[0] == name and user[2] == engine_id
      }
    end
  end
  nil
end

.users ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 74

def SnmpUser.users
  @@users = {}
  # config_get returns hash if 1 user, array if multiple, nil if none
  users = @@node.config_get("snmp_user", "user")
  unless users.nil?
    users = [users] if users.is_a?(Hash)
    users.each { |user|
      name = user[SNMP_USER_NAME_KEY]
      engineid = user[SNMP_USER_ENGINE_ID]
      if engineid.nil?
          index = name
      else
          engineid_str = engineid.match(SNMP_USER_ENGINE_ID_PATTERN)[1]
          index = name + " " + engineid_str
      end
      auth = _auth_str_to_sym(user[SNMP_USER_AUTH_KEY])
      priv = _priv_str_to_sym(user[SNMP_USER_PRIV_KEY])

      groups_arr = []
      groups = _user_to_groups(user)
      groups.each { |group| groups_arr << group[SNMP_USER_GROUP_KEY].strip }

      @@users[index] = SnmpUser.new(name, groups_arr, auth,
        "", priv, "", false, engineid.nil? ? "": engineid_str, false)
    }
  end
  @@users
end

Instance Method Details

#auth_password ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 158

def auth_password
  SnmpUser.auth_password(@name, @engine_id)
end

#auth_password_equal?(passwd, is_localized = false) ⇒ Boolean

passwords are hashed and so cannot be retrieved directly, but can be checked for equality. this is done by creating a fake user with the password and then comparing the hashes

Returns:

• (Boolean)

# File 'lib/cisco_node_utils/snmpuser.rb', line 206

def auth_password_equal?(passwd, is_localized=false)
  throw TypeError unless passwd.is_a?(String)
  return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
  dummypw = passwd
  pw = nil

  if is_localized
      # In this case, the password is hashed. We only need to get current
      # running config to compare
      pw = auth_password
  else
      # In this case passed in password is clear text while the running
      # config is hashed value. We need to hash the
      # passed in clear text to hash

      # create dummy user
      @@node.config_set("snmp_user", "user", "", "dummy_user", "",
                        "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
                        "", "",
                        @engine_id.empty? ? "" : "engineID #{@engine_id}")

      # retrieve password hashes
      dummypw = SnmpUser.auth_password("dummy_user", @engine_id)
      pw = auth_password

      # delete dummy user
      @@node.config_set("snmp_user", "user", "no", "dummy_user", "",
                        "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
                        "", "localizedkey",
                        @engine_id.empty? ? "" : "engineID #{@engine_id}")
  end
  return false if pw.nil? or dummypw.nil?
  pw == dummypw
end

#auth_protocol ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 129

def auth_protocol
  @authproto
end

#destroy ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 103

def destroy
  # the parser doesn't care what the real value is but need to come to the
  # end of the parser chain. Hence we just pass in some fake values for
  # auth method and password
  @@node.config_set("snmp_user", "user", "no",
                    @name, "",
                    (auth_password.nil? or auth_password.empty?) ?
                    "": "auth #{_auth_sym_to_str(auth_protocol)} #{auth_password}",
                    (priv_password.nil? or priv_password.empty?) ?
                    "": "priv #{_priv_sym_to_str(priv_protocol)} #{priv_password}",
                    (auth_password.nil? or auth_password.empty?) ?
                    "" : "localizedkey",
                    @engine_id.empty? ? "" : "engineID #{@engine_id}")
  @@users.delete(@name + " " + @engine_id)
end

#groups ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 121

def groups
  @groups_arr
end

#priv_password ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 185

def priv_password
  SnmpUser.priv_password(@name, @engine_id)
end

#priv_password_equal?(passwd, is_localized = false) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/cisco_node_utils/snmpuser.rb', line 241

def priv_password_equal?(passwd, is_localized=false)
  throw TypeError unless passwd.is_a?(String)
  return false if passwd.empty? or _auth_sym_to_str(auth_protocol).empty?
  dummypw = passwd
  pw = nil

  if is_localized
      # In this case, the password is hashed. We only need to get current
      # and compare directly
      pw = priv_password
  else
      # In this case passed in password is clear text while the running
      # config is hashed value. We need to hash the
      # passed in clear text to hash

      # create dummy user
      @@node.config_set("snmp_user", "user", "", "dummy_user", "",
                        "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
                        "priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
                        "",
                        @engine_id.empty? ? "" : "engineID #{@engine_id}")

      # retrieve password hashes
      dummypw = SnmpUser.priv_password("dummy_user", @engine_id)
      pw = priv_password

      # delete dummy user
      @@node.config_set("snmp_user", "user", "no", "dummy_user", "",
                        "auth #{_auth_sym_to_str(auth_protocol)} #{dummypw}",
                        "priv #{_priv_sym_to_str(priv_protocol)} #{dummypw}",
                        "localizedkey",
                        @engine_id.empty? ? "" : "engineID #{@engine_id}")
  end
  return false if pw.nil? or dummypw.nil?
  pw == dummypw
end

#priv_protocol ⇒ Object

# File 'lib/cisco_node_utils/snmpuser.rb', line 162

def priv_protocol
  @privproto
end