add SHA256 and SHA512 for security protocol

2024-11-24 02:15:04 +08:00 · 2021-08-11 13:02:18 +02:00 · 2021-08-11 13:02:18 +02:00 · 718e91343f
commit 718e91343f
parent 28500fe4ef
4 changed files with 51 additions and 4 deletions
--- a/ext/snmp/config.m4
+++ b/ext/snmp/config.m4
@ -30,7 +30,7 @@ if test "$PHP_SNMP" != "no"; then
        AC_MSG_ERROR([Could not find the required paths. Please check your net-snmp installation.])
      fi
    else
-      AC_MSG_ERROR([Net-SNMP version 5.3 or greater reqired (detected $snmp_full_version).])
+      AC_MSG_ERROR([Net-SNMP version 5.3 or greater required (detected $snmp_full_version).])
    fi
  else
    AC_MSG_ERROR([Could not find net-snmp-config binary. Please check your net-snmp installation.])
@ -54,6 +54,22 @@ if test "$PHP_SNMP" != "no"; then
    $SNMP_SHARED_LIBADD
  ])

+  dnl Check whether usmHMAC192SHA256AuthProtocol exists.
+  PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC192SHA256AuthProtocol,
+  [
+    AC_DEFINE(HAVE_SNMP_SHA256, 1, [ ])
+  ], [], [
+    $SNMP_SHARED_LIBADD
+  ])
+
+  dnl Check whether usmHMAC384SHA512AuthProtocol exists.
+  PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC384SHA512AuthProtocol,
+  [
+    AC_DEFINE(HAVE_SNMP_SHA512, 1, [ ])
+  ], [], [
+    $SNMP_SHARED_LIBADD
+  ])
+
  PHP_NEW_EXTENSION(snmp, snmp.c, $ext_shared)
  PHP_SUBST(SNMP_SHARED_LIBADD)
 fi
--- a/ext/snmp/snmp.c
+++ b/ext/snmp/snmp.c
@ -29,6 +29,7 @@
 #include "php_snmp.h"

 #include "zend_exceptions.h"
+#include "zend_smart_string.h"
 #include "ext/spl/spl_exceptions.h"
 #include "snmp_arginfo.h"

@ -936,7 +937,37 @@ static bool netsnmp_session_set_auth_protocol(struct snmp_session *s, zend_strin
 		return true;
 	}

-	zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\"");
+#ifdef HAVE_SNMP_SHA256
+	if (zend_string_equals_literal_ci(prot, "SHA256")) {
+		s->securityAuthProto = usmHMAC192SHA256AuthProtocol;
+		s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid);
+		return true;
+	}
+#endif
+
+#ifdef HAVE_SNMP_SHA512
+	if (zend_string_equals_literal_ci(prot, "SHA512")) {
+		s->securityAuthProto = usmHMAC384SHA512AuthProtocol;
+		s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid);
+		return true;
+	}
+#endif
+
+	smart_string err = {0};
+
+	smart_string_appends(&err, "Authentication protocol must be \"SHA\"");
+#ifdef HAVE_SNMP_SHA256
+	smart_string_appends(&err, " or \"SHA256\"");
+#endif
+#ifdef HAVE_SNMP_SHA512
+	smart_string_appends(&err, " or \"SHA512\"");
+#endif
+#ifndef DISABLE_MD5
+	smart_string_appends(&err, " or \"MD5\"");
+#endif
+	smart_string_0(&err);
+	zend_value_error("%s", err.c);
+	smart_string_free(&err);
 	return false;
 }
 /* }}} */
--- a/ext/snmp/tests/snmp-object-setSecurity_error.phpt
+++ b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
@ -61,7 +61,7 @@ var_dump($session->close());
 --EXPECTF--
 Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
 Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
-Authentication protocol must be either "MD5" or "SHA"
+Authentication protocol must be %s

 Warning: SNMP::setSecurity(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
 bool(false)
--- a/ext/snmp/tests/snmp3-error.phpt
+++ b/ext/snmp/tests/snmp3-error.phpt
@ -60,7 +60,7 @@ try {
 Checking error handling
 Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
 Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
-Authentication protocol must be either "MD5" or "SHA"
+Authentication protocol must be %s

 Warning: snmp3_get(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
 bool(false)