From: <pn...@hy...> - 2010-03-05 23:33:31
|
Author: pnguyen Date: 2010-03-05 15:33:23 -0800 (Fri, 05 Mar 2010) New Revision: 14350 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=14350 Modified: trunk/src/org/hyperic/snmp/SNMPClient.java trunk/src/org/hyperic/snmp/SNMPSession_v1.java trunk/src/org/hyperic/snmp/SNMPSession_v2c.java trunk/src/org/hyperic/snmp/SNMPSession_v3.java Log: [HHQ-3674] (a) For SNMPv3 responses, process the Report PDU if applicable. (b) Cache and store a SNMP session using a key that includes the ip address, port, SNMP version, community, transport, user name, password, authentication protocol, privacy password, and privacy protocol. (c) Store the SNMP user with the appropriate remote engine ID. (d) Update the SNMP user if user credentials change. Modified: trunk/src/org/hyperic/snmp/SNMPClient.java =================================================================== --- trunk/src/org/hyperic/snmp/SNMPClient.java 2010-03-05 09:17:50 UTC (rev 14349) +++ trunk/src/org/hyperic/snmp/SNMPClient.java 2010-03-05 23:33:23 UTC (rev 14350) @@ -1,18 +1,25 @@ /* - * 'SNMPClient.java' NOTE: This copyright does *not* cover user programs that - * use HQ program services by normal system calls through the application - * program interfaces provided as part of the Hyperic Plug-in Development Kit or - * the Hyperic Client Development Kit - this is merely considered normal use of - * the program, and does *not* fall under the heading of "derived work". - * Copyright (C) [2004, 2005, 2006, 2007, 2008, 2009], Hyperic, Inc. This file - * is part of HQ. HQ is free software; you can redistribute it and/or modify it - * under the terms version 2 of the GNU General Public License as published by - * the Free Software Foundation. This program is distributed in the hope that it - * will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty - * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General - * Public License for more details. You should have received a copy of the GNU - * General Public License along with this program; if not, write to the Free - * Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004-2010], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA. */ @@ -43,15 +50,15 @@ public static final String DEFAULT_TRANSPORT = "udp"; public static final String DEFAULT_USERNAME = "username"; - public static final String DEFAULT_PASSWORD = "password"; + public static final String DEFAULT_PASSWORD = ""; + public static final String DEFAULT_AUTHTYPE = "none"; + public static final String DEFAULT_PRIV_TYPE = "none"; public static final String DEFAULT_PORT_STRING = String.valueOf(DEFAULT_PORT); public static final String DEFAULT_COMMUNITY = System.getProperty("snmp.defaultCommunity", "public"); public static final String[] VALID_VERSIONS = { "v1", "v2c", "v3" }; - public static final String[] VALID_AUTHTYPES = { "md5", "sha" }; - public static final String PROP_IP = "snmpIp"; public static final String PROP_PORT = "snmpPort"; public static final String PROP_TRANSPORT = "snmpTransport"; @@ -199,11 +206,19 @@ String version = props.getProperty(PROP_VERSION, VALID_VERSIONS[1]); String community = props.getProperty(PROP_COMMUNITY, DEFAULT_COMMUNITY); String transport = props.getProperty(PROP_TRANSPORT, DEFAULT_TRANSPORT); + String user = props.getProperty(PROP_USER, DEFAULT_USERNAME); + String authtype = props.getProperty(PROP_AUTHTYPE, DEFAULT_AUTHTYPE); + String authpass = props.getProperty(PROP_PASSWORD, DEFAULT_PASSWORD); + String privtype = props.getProperty(PROP_PRIV_TYPE, DEFAULT_PRIV_TYPE); + String privpass = props.getProperty(PROP_PRIV_PASSPHRASE, DEFAULT_PASSWORD); SNMPSession session = null; - int id = address.hashCode() ^ port.hashCode() ^ version.hashCode() ^ community.hashCode() ^ - transport.hashCode(); + int id = address.hashCode() ^ port.hashCode() ^ + version.hashCode() ^ community.hashCode() ^ + transport.hashCode() ^ user.hashCode() ^ + authtype.hashCode() ^ authpass.hashCode() ^ + privtype.hashCode() ^ privpass.hashCode(); synchronized (sessionCache) { session = (SNMPSession) sessionCache.get(id); @@ -229,14 +244,8 @@ case SNMPClient.VERSION_3: - String user = props.getProperty(PROP_USER, DEFAULT_USERNAME); - String pass = props.getProperty(PROP_PASSWORD); - String authtype = props.getProperty(PROP_AUTHTYPE); - String privtype = props.getProperty(PROP_PRIV_TYPE); - String privpass = props.getProperty(PROP_PRIV_PASSPHRASE); - ((SNMPSession_v3) session).init(address, port, transport, user, - authtype, pass, privtype, privpass); + authtype, authpass, privtype, privpass); break; Modified: trunk/src/org/hyperic/snmp/SNMPSession_v1.java =================================================================== --- trunk/src/org/hyperic/snmp/SNMPSession_v1.java 2010-03-05 09:17:50 UTC (rev 14349) +++ trunk/src/org/hyperic/snmp/SNMPSession_v1.java 2010-03-05 23:33:23 UTC (rev 14350) @@ -1,18 +1,25 @@ /* - * 'SNMPSession_v1.java' NOTE: This copyright does *not* cover user programs - * that use HQ program services by normal system calls through the application - * program interfaces provided as part of the Hyperic Plug-in Development Kit or - * the Hyperic Client Development Kit - this is merely considered normal use of - * the program, and does *not* fall under the heading of "derived work". - * Copyright (C) [2004, 2005, 2006, 2007, 2008, 2009], Hyperic, Inc. This file - * is part of HQ. HQ is free software; you can redistribute it and/or modify it - * under the terms version 2 of the GNU General Public License as published by - * the Free Software Foundation. This program is distributed in the hope that it - * will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty - * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General - * Public License for more details. You should have received a copy of the GNU - * General Public License along with this program; if not, write to the Free - * Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004-2010], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA. */ @@ -214,9 +221,7 @@ response = event.getResponse(); - if (response == null) { - throw new SNMPException("No response for " + name); - } + validateResponsePDU(name, response); VariableBinding var = response.get(0); @@ -227,7 +232,15 @@ return new SNMPValue(var); } + + protected void validateResponsePDU(String name, PDU response) + throws SNMPException { + if (response == null) { + throw new SNMPException("No response PDU for " + name); + } + } + public SNMPValue getSingleValue(String name) throws SNMPException { return getValue(name, PDU.GET); } Modified: trunk/src/org/hyperic/snmp/SNMPSession_v2c.java =================================================================== --- trunk/src/org/hyperic/snmp/SNMPSession_v2c.java 2010-03-05 09:17:50 UTC (rev 14349) +++ trunk/src/org/hyperic/snmp/SNMPSession_v2c.java 2010-03-05 23:33:23 UTC (rev 14350) @@ -1,18 +1,25 @@ /* - * 'SNMPSession_v2c.java' NOTE: This copyright does *not* cover user programs - * that use HQ program services by normal system calls through the application - * program interfaces provided as part of the Hyperic Plug-in Development Kit or - * the Hyperic Client Development Kit - this is merely considered normal use of - * the program, and does *not* fall under the heading of "derived work". - * Copyright (C) [2004, 2005, 2006, 2007, 2008, 2009], Hyperic, Inc. This file - * is part of HQ. HQ is free software; you can redistribute it and/or modify it - * under the terms version 2 of the GNU General Public License as published by - * the Free Software Foundation. This program is distributed in the hope that it - * will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty - * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General - * Public License for more details. You should have received a copy of the GNU - * General Public License along with this program; if not, write to the Free - * Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004-2010], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA. */ @@ -21,6 +28,7 @@ import java.util.List; import java.util.Map; +import org.snmp4j.PDU; import org.snmp4j.mp.SnmpConstants; class SNMPSession_v2c @@ -39,4 +47,11 @@ // Optimize using snmp4j v2 specific stuff... return super.getTable(name, index); } + + protected void validateResponsePDU(String name, PDU response) + throws SNMPException { + + // No specific SNMPv2c logic currently + super.validateResponsePDU(name, response); + } } Modified: trunk/src/org/hyperic/snmp/SNMPSession_v3.java =================================================================== --- trunk/src/org/hyperic/snmp/SNMPSession_v3.java 2010-03-05 09:17:50 UTC (rev 14349) +++ trunk/src/org/hyperic/snmp/SNMPSession_v3.java 2010-03-05 23:33:23 UTC (rev 14350) @@ -1,18 +1,25 @@ /* - * 'SNMPSession_v3.java' NOTE: This copyright does *not* cover user programs - * that use HQ program services by normal system calls through the application - * program interfaces provided as part of the Hyperic Plug-in Development Kit or - * the Hyperic Client Development Kit - this is merely considered normal use of - * the program, and does *not* fall under the heading of "derived work". - * Copyright (C) [2004, 2005, 2006, 2007, 2008, 2009], Hyperic, Inc. This file - * is part of HQ. HQ is free software; you can redistribute it and/or modify it - * under the terms version 2 of the GNU General Public License as published by - * the Free Software Foundation. This program is distributed in the hope that it - * will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty - * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General - * Public License for more details. You should have received a copy of the GNU - * General Public License along with this program; if not, write to the Free - * Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * NOTE: This copyright does *not* cover user programs that use HQ + * program services by normal system calls through the application + * program interfaces provided as part of the Hyperic Plug-in Development + * Kit or the Hyperic Client Development Kit - this is merely considered + * normal use of the program, and does *not* fall under the heading of + * "derived work". + * + * Copyright (C) [2004-2010], Hyperic, Inc. + * This file is part of HQ. + * + * HQ is free software; you can redistribute it and/or modify + * it under the terms version 2 of the GNU General Public License as + * published by the Free Software Foundation. This program is distributed + * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A + * PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA. */ @@ -41,6 +48,7 @@ import org.snmp4j.security.UsmUser; import org.snmp4j.smi.OID; import org.snmp4j.smi.OctetString; +import org.snmp4j.smi.VariableBinding; /** * Implements the SNMPSession interface for SNMPv3 sessions by extending the @@ -69,18 +77,8 @@ return pdu; } - - private OctetString getAuthPassphrase(String val) { - if (val == null || val.length() == 0) { - return null; - } - - return new OctetString(val); - } - private OctetString getPrivPassphrase(String defVal) { - String val = System.getProperty("snmpPrivacyPassPhrase", defVal); - + private OctetString createOctetString(String val) { if (val == null || val.length() == 0) { return null; } @@ -134,9 +132,9 @@ OID authProtocol = getAuthProtocol(authType); OID privProtocol = getPrivProtocol(privType); - OctetString securityName = new OctetString(user); - OctetString authPassphrase = getAuthPassphrase(authPassword); - OctetString privPassphrase = getPrivPassphrase(privPassword); + OctetString securityName = createOctetString(user); + OctetString authPassphrase = createOctetString(authPassword); + OctetString privPassphrase = createOctetString(privPassword); UserTarget target = new UserTarget(); @@ -155,13 +153,73 @@ this.target = target; initSession(host, port, transport); + + UsmUser usmUser = new UsmUser(securityName, + authProtocol, authPassphrase, + privProtocol, privPassphrase); + // Need to add user by engineID. + byte[] engineID = this.session.discoverAuthoritativeEngineID( + this.target.getAddress(), + this.target.getTimeout()); + USM usm = this.session.getUSM(); - if (usm.getUserTable().getUser(securityName) != null) { - return; + // Need to call addUser each time, even if user name exists, + // in case the user credentials change. + usm.addUser(securityName, + (engineID == null) ? null : new OctetString(engineID), + usmUser); + } + + /** + * Remote SNMPv3 engines will send back a Report PDU + * if there is a problem with the request. + */ + protected void validateResponsePDU(String name, PDU response) + throws SNMPException { + + super.validateResponsePDU(name, response); + + if (response.getType() == PDU.REPORT) { + processReport(response); } + } + + private void processReport(PDU report) + throws SNMPException { + + if (report.size() < 1) { + throw new SNMPException("REPORT PDU does not contain a variable binding."); + } - usm.addUser(securityName, new UsmUser(securityName, authProtocol, authPassphrase, privProtocol, privPassphrase)); + VariableBinding vb = report.get(0); + OID oid = vb.getOid(); + + if (SnmpConstants.usmStatsUnsupportedSecLevels.equals(oid)) { + throw new SNMPException("Unsupported Security Level."); + } else if (SnmpConstants.usmStatsNotInTimeWindows.equals(oid)) { + throw new SNMPException("Message not within time window."); + } else if (SnmpConstants.usmStatsUnknownUserNames.equals(oid)) { + throw new SNMPException("Unknown user name."); + } else if (SnmpConstants.usmStatsUnknownEngineIDs.equals(oid)) { + throw new SNMPException("Unknown engine id."); + } else if (SnmpConstants.usmStatsWrongDigests.equals(oid)) { + throw new SNMPException("Invalid authentication digest."); + } else if (SnmpConstants.usmStatsDecryptionErrors.equals(oid)) { + throw new SNMPException("Decryption error."); + } else if (SnmpConstants.snmpUnknownSecurityModels.equals(oid)) { + throw new SNMPException("Unknown security model."); + } else if (SnmpConstants.snmpInvalidMsgs.equals(oid)) { + throw new SNMPException("Invalid message."); + } else if (SnmpConstants.snmpUnknownPDUHandlers.equals(oid)) { + throw new SNMPException("Unknown PDU handler."); + } else if (SnmpConstants.snmpUnavailableContexts.equals(oid)) { + throw new SNMPException("Unavailable context."); + } else if (SnmpConstants.snmpUnknownContexts.equals(oid)) { + throw new SNMPException("Unknown context."); + } else { + throw new SNMPException("REPORT PDU contains unknown OID (" + oid + ")."); + } } } |