summaryrefslogtreecommitdiffstats
path: root/php-8.0.10-snmp-sha.patch
blob: 3ef67eab479246fc28f770d7c6cce10004a0a6e7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
Backported for 8.0 from


From 718e91343fddb8817a004f96f111c424843bf746 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@php.net>
Date: Wed, 11 Aug 2021 13:02:18 +0200
Subject: [PATCH] add SHA256 and SHA512 for security protocol

---
 ext/snmp/config.m4                            | 18 +++++++++-
 ext/snmp/snmp.c                               | 33 ++++++++++++++++++-
 .../tests/snmp-object-setSecurity_error.phpt  |  2 +-
 ext/snmp/tests/snmp3-error.phpt               |  2 +-
 4 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/ext/snmp/config.m4 b/ext/snmp/config.m4
index 1475ddfe2b7f0..f285a572de9cb 100644
--- a/ext/snmp/config.m4
+++ b/ext/snmp/config.m4
@@ -30,7 +30,7 @@ if test "$PHP_SNMP" != "no"; then
         AC_MSG_ERROR([Could not find the required paths. Please check your net-snmp installation.])
       fi
     else
-      AC_MSG_ERROR([Net-SNMP version 5.3 or greater reqired (detected $snmp_full_version).])
+      AC_MSG_ERROR([Net-SNMP version 5.3 or greater required (detected $snmp_full_version).])
     fi
   else
     AC_MSG_ERROR([Could not find net-snmp-config binary. Please check your net-snmp installation.])
@@ -54,6 +54,22 @@ if test "$PHP_SNMP" != "no"; then
     $SNMP_SHARED_LIBADD
   ])
 
+  dnl Check whether usmHMAC192SHA256AuthProtocol exists.
+  PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC192SHA256AuthProtocol,
+  [
+    AC_DEFINE(HAVE_SNMP_SHA256, 1, [ ])
+  ], [], [
+    $SNMP_SHARED_LIBADD
+  ])
+
+  dnl Check whether usmHMAC384SHA512AuthProtocol exists.
+  PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC384SHA512AuthProtocol,
+  [
+    AC_DEFINE(HAVE_SNMP_SHA512, 1, [ ])
+  ], [], [
+    $SNMP_SHARED_LIBADD
+  ])
+
   PHP_NEW_EXTENSION(snmp, snmp.c, $ext_shared)
   PHP_SUBST(SNMP_SHARED_LIBADD)
 fi
diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
index 69d6549405b17..f0917501751f5 100644
--- a/ext/snmp/snmp.c
+++ b/ext/snmp/snmp.c
@@ -29,6 +29,7 @@
 #include "php_snmp.h"
 
 #include "zend_exceptions.h"
+#include "zend_smart_string.h"
 #include "ext/spl/spl_exceptions.h"
 #include "snmp_arginfo.h"
 
@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_prot
 	if (!strcasecmp(prot, "MD5")) {
 		s->securityAuthProto = usmHMACMD5AuthProtocol;
 		s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
-	} else
+		return true;
+	}
 #endif
+
 	if (!strcasecmp(prot, "SHA")) {
 		s->securityAuthProto = usmHMACSHA1AuthProtocol;
 		s->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;
-	} else {
-		zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\"");
-		return (-1);
+		return true;
 	}
-	return (0);
+
+#ifdef HAVE_SNMP_SHA256
+	if (!strcasecmp(prot, "SHA256")) {
+		s->securityAuthProto = usmHMAC192SHA256AuthProtocol;
+		s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid);
+		return true;
+	}
+#endif
+
+#ifdef HAVE_SNMP_SHA512
+	if (!strcasecmp(prot, "SHA512")) {
+		s->securityAuthProto = usmHMAC384SHA512AuthProtocol;
+		s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid);
+		return true;
+	}
+#endif
+
+	smart_string err = {0};
+
+	smart_string_appends(&err, "Authentication protocol must be \"SHA\"");
+#ifdef HAVE_SNMP_SHA256
+	smart_string_appends(&err, " or \"SHA256\"");
+#endif
+#ifdef HAVE_SNMP_SHA512
+	smart_string_appends(&err, " or \"SHA512\"");
+#endif
+#ifndef DISABLE_MD5
+	smart_string_appends(&err, " or \"MD5\"");
+#endif
+	smart_string_0(&err);
+	zend_value_error("%s", err.c);
+	smart_string_free(&err);
+	return false;
 }
 /* }}} */
 
diff --git a/ext/snmp/tests/snmp-object-setSecurity_error.phpt b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
index f8de846492a75..cf4f928837773 100644
--- a/ext/snmp/tests/snmp-object-setSecurity_error.phpt
+++ b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
@@ -59,7 +59,7 @@ var_dump($session->close());
 --EXPECTF--
 Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
 Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
-Authentication protocol must be either "MD5" or "SHA"
+Authentication protocol must be %s
 
 Warning: SNMP::setSecurity(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
 bool(false)
diff --git a/ext/snmp/tests/snmp3-error.phpt b/ext/snmp/tests/snmp3-error.phpt
index 849e363b45058..389800dad6b28 100644
--- a/ext/snmp/tests/snmp3-error.phpt
+++ b/ext/snmp/tests/snmp3-error.phpt
@@ -58,7 +58,7 @@ try {
 Checking error handling
 Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
 Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
-Authentication protocol must be either "MD5" or "SHA"
+Authentication protocol must be %s
 
 Warning: snmp3_get(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
 bool(false)