mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/messages/messages/protocol.properties
@@ -1453,13 +1453,15 @@ for this connection handler. The configuration parameters ds-cfg-listen-port \ and ds-cfg-trap-port are required by the connection handler to start SEVERE_ERR_SNMP_CONNHANDLER_TRAPS_DESTINATION_1463=Traps Destination %s is \ an unknown host an unknown host. Traps will not be sent to this destination. SEVERE_ERR_SNMP_CONNHANDLER_NO_OPENDMK_JARFILES_1464=You do not have the \ appropriated OpenDMK jar files to enable the SNMP Connection Handler. \ Please go under http://opendmk.dev.java.net and set the \ ds-cfg-opendmk-jarfile configuration parameter to set the full path \ of the required jdmkrt.jar file. The SNMP connection Handler didn't started SEVERE_ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION_1465=An unexpected \ error occurred while trying to initialize the SNMP Connection Hanlder. \ error occurred while trying to initialize the SNMP Connection Handler. \ Please check the configuration attributes SEVERE_ERR_SNMP_CONNHANDLER_NO_VALID_TRAP_DESTINATIONS_1466=No valid trap \ destinations has been found. No trap will be sent
@@ -26,6 +26,7 @@ */ package org.opends.server.snmp; import com.sun.management.comm.CommunicatorServer; import java.io.File; import org.opends.server.loggers.debug.DebugLogger; @@ -39,10 +40,14 @@ import com.sun.management.snmp.SnmpEngineParameters; import com.sun.management.snmp.UserAcl; import java.net.InetAddress; import java.net.UnknownHostException; import java.util.Iterator; import java.util.Set; import java.util.SortedSet; import javax.management.MBeanServer; import javax.management.ObjectName; import org.opends.messages.Message; import org.opends.server.admin.std.server.SNMPConnectionHandlerCfg; import org.opends.server.core.DirectoryServer; import org.opends.server.types.ConfigChangeResult; @@ -51,6 +56,7 @@ import org.opends.server.util.Validator; import static org.opends.messages.ProtocolMessages.*; import static org.opends.server.loggers.ErrorLogger.*; /** * The SNMPClassLoaderProvider. @@ -103,6 +109,7 @@ private ObjectName UsmObjName; private SnmpV3AdaptorServer snmpAdaptor; private String contextName; private boolean sentTraps = true; /** * Default constructor. @@ -226,8 +233,7 @@ this.snmpAdaptor = this.getSnmpAdaptor(this.currentConfig); if (this.snmpAdaptor == null) { throw new Exception( ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION.get().toString()); throw new Exception(); } // Create the Usm MIB to allow user management @@ -241,21 +247,42 @@ this.snmpAdaptor.registerUsmMib(server, this.UsmObjName); } catch (Exception ex) { throw new Exception( ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION.get().toString()); ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION.get().toString()); } } this.snmpAdaptor.start(); // Send a coldStart SNMP Trap. this.snmpAdaptor.setTrapPort(snmpTrapPort); this.snmpAdaptor.snmpV1Trap( null, this.currentConfig.getTrapsCommunity(), 0, 0, null); // Test the snmpAdaptor State while (this.snmpAdaptor.getState() == CommunicatorServer.STARTING) { Thread.sleep(1000); } // Check if the snmpAdaptor is online if (this.snmpAdaptor.getState() != CommunicatorServer.ONLINE) { throw new Exception( ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION.get().toString()); } // Check the trap destinations before trying to sent traps this.sentTraps = checkTrapsDestinations( this.currentConfig.getTrapsDestination()); if (this.sentTraps == false) { Message message = ERR_SNMP_CONNHANDLER_NO_VALID_TRAP_DESTINATIONS.get(); logError(message); } else { // Send a coldStart SNMP Trap. this.snmpAdaptor.setTrapPort(snmpTrapPort); this.snmpAdaptor.snmpV1Trap( null, this.currentConfig.getTrapsCommunity(), 0, 0, null); } // Create an instance of the customized MIB this.mibObjName = new ObjectName( SNMPConnectionHandlerDefinitions.SNMP_DOMAIN + @@ -286,14 +313,15 @@ try { // Send a trap when stop this.snmpAdaptor.snmpV1Trap( null, this.currentConfig.getTrapsCommunity(), 0, 0, null); if (this.sentTraps == true) { // Send a trap when stop this.snmpAdaptor.snmpV1Trap( null, this.currentConfig.getTrapsCommunity(), 0, 0, null); } String[] names = this.snmpAdaptor.getMibs(); // Stop the SNMP Adaptor @@ -373,5 +401,30 @@ return null; } } private boolean checkTrapsDestinations(SortedSet destinations) { // If the traps destinations is empty, the traps have to be sent // to localhosts if ((destinations == null) || (destinations.isEmpty())) { return true; } boolean found = false; for (Iterator iter = destinations.iterator(); iter.hasNext();) { String dest = null; try { dest = (String) iter.next(); InetAddress addr = InetAddress.getByName(dest); found = true; } catch (UnknownHostException ex) { Message message = ERR_SNMP_CONNHANDLER_TRAPS_DESTINATION.get( dest); logError(message); } } return found; } }
@@ -27,6 +27,7 @@ package org.opends.server.snmp; import java.util.HashSet; import java.util.Hashtable; import java.util.Set; /** @@ -34,128 +35,123 @@ */ public class SNMPConnectionHandlerDefinitions { /** * SNMP V1 supported. */ public static String SNMP_VERSION_V1 = "v1"; /** * SNMP V1 supported. */ public static String SNMP_VERSION_V1 = "v1"; /** * SNMP V2 supported. */ public static String SNMP_VERSION_V2 = "v2"; /** * SNMP V3 supported. */ public static String SNMP_VERSION_V3 = "v3"; /** * List of Supported SNMP Version. */ public static Set<String> SUPPORTED_SNMP_VERSION = new HashSet<String>(); /** * SNMP V2 supported. */ public static String SNMP_VERSION_V2 = "v2"; static { SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V1); SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V2); SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V3); } /** * List of Supported Security levels. */ public static Hashtable<String, Integer> SECURITY_LEVELS = new Hashtable<String, Integer>(); /** * SNMP V3 supported. */ public static String SNMP_VERSION_V3 = "v3"; /** * List of Supported SNMP Version. */ public static Set<String> SUPPORTED_SNMP_VERSION=new HashSet<String>(); static { SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V1); SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V2); SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V3); } /** * Domain for SNMP MBeans. */ public static final String SNMP_DOMAIN = "org.opends.server.snmp:"; /** * Domain for Monitor MBeans. */ public static final String JMX_DOMAIN = "org.opends.server:"; /** * Name of MONITOR_CLIENT_CONNECTIONS_OBJECTNAME monitor Mbean. */ public static final String MONITOR_CLIENT_CONNECTIONS_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Client_Connections"; /** * Name of MONITOR_ENTRY_CACHES_OBJECTNANE monitor Mbean. */ public static final String MONITOR_ENTRY_CACHES_OBJECTNANE = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Entry_Caches"; /** * Name of MONITOR_JVM_MEMORY_USAGE_OBJECTNAME monitor Mbean. */ public static final String MONITOR_JVM_MEMORY_USAGE_OBJECTNAME = "RootDSE,Rdn1=cn-monitor,Rdn2=cn-JVM_Memory_Usage"; /** * Name of MONITOR_JVM_STACK_TRACE_OBJECTNAME monitor Mbean. */ public static final String MONITOR_JVM_STACK_TRACE_OBJECTNAME = "" + "rootDSE,Rdn1=cn-monitor,Rdn2=cn-JVM_Stack_Trace"; /** * Name of MONITOR_SYSTEM_INFORMATION_OBJECTNAME monitor Mbean. */ public static final String MONITOR_SYSTEM_INFORMATION_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-System_Information"; /** * Name of MONITOR_VERSION_OBJECTNAME monitor Mbean. */ public static final String MONITOR_VERSION_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Version"; /** * Name of MONITOR_WORK_QUEUE_OBJECTNAME monitor Mbean. */ public static final String MONITOR_WORK_QUEUE_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Work_Queue"; /** * Name of MONITOR_ADMIN_ROOT_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_ADMIN_ROOT_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-adminRoot_Backend"; /** * Name of MONITOR_ADSTRUSTSTORE_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_ADSTRUSTSTORE_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-adstruststore_Backend"; /** * Name of MONITOR_BACKUP_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_BACKUP_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-backup_Backend"; /** * Name of MONITOR_MONITOR_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_MONITOR_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-monitor_Backend"; /** * Name of MONITOR_SCHEMA_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_SCHEMA_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-schema_Backend"; /** * Name of MONITOR_TASKS_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_TASKS_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-tasks_Backend"; /** * Name of MONITOR_USERROOT_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_USERROOT_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-userRoot_Backend"; /** * Name of MONITOR_USERROOT_DATABASE_ENVIRONMENT_OBJECTNAME monitor Mbean. */ public static final String MONITOR_USERROOT_DATABASE_ENVIRONMENT_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-userRoot_Database_Environment"; static { SECURITY_LEVELS.put("noauthnopriv", 0); SECURITY_LEVELS.put("authnopriv", 1); SECURITY_LEVELS.put("authpriv", 2); } /** * Domain for SNMP MBeans. */ public static final String SNMP_DOMAIN = "org.opends.server.snmp:"; /** * Domain for Monitor MBeans. */ public static final String JMX_DOMAIN = "org.opends.server:"; /** * Name of MONITOR_CLIENT_CONNECTIONS_OBJECTNAME monitor Mbean. */ public static final String MONITOR_CLIENT_CONNECTIONS_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Client_Connections"; /** * Name of MONITOR_ENTRY_CACHES_OBJECTNANE monitor Mbean. */ public static final String MONITOR_ENTRY_CACHES_OBJECTNANE = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Entry_Caches"; /** * Name of MONITOR_JVM_MEMORY_USAGE_OBJECTNAME monitor Mbean. */ public static final String MONITOR_JVM_MEMORY_USAGE_OBJECTNAME = "RootDSE,Rdn1=cn-monitor,Rdn2=cn-JVM_Memory_Usage"; /** * Name of MONITOR_JVM_STACK_TRACE_OBJECTNAME monitor Mbean. */ public static final String MONITOR_JVM_STACK_TRACE_OBJECTNAME = "" + "rootDSE,Rdn1=cn-monitor,Rdn2=cn-JVM_Stack_Trace"; /** * Name of MONITOR_SYSTEM_INFORMATION_OBJECTNAME monitor Mbean. */ public static final String MONITOR_SYSTEM_INFORMATION_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-System_Information"; /** * Name of MONITOR_VERSION_OBJECTNAME monitor Mbean. */ public static final String MONITOR_VERSION_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Version"; /** * Name of MONITOR_WORK_QUEUE_OBJECTNAME monitor Mbean. */ public static final String MONITOR_WORK_QUEUE_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Work_Queue"; /** * Name of MONITOR_ADMIN_ROOT_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_ADMIN_ROOT_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-adminRoot_Backend"; /** * Name of MONITOR_ADSTRUSTSTORE_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_ADSTRUSTSTORE_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-adstruststore_Backend"; /** * Name of MONITOR_BACKUP_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_BACKUP_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-backup_Backend"; /** * Name of MONITOR_MONITOR_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_MONITOR_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-monitor_Backend"; /** * Name of MONITOR_SCHEMA_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_SCHEMA_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-schema_Backend"; /** * Name of MONITOR_TASKS_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_TASKS_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-tasks_Backend"; /** * Name of MONITOR_USERROOT_BACKEND_OBJECTNAME monitor Mbean. */ public static final String MONITOR_USERROOT_BACKEND_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-userRoot_Backend"; /** * Name of MONITOR_USERROOT_DATABASE_ENVIRONMENT_OBJECTNAME monitor Mbean. */ public static final String MONITOR_USERROOT_DATABASE_ENVIRONMENT_OBJECTNAME = "rootDSE,Rdn1=cn-monitor,Rdn2=cn-userRoot_Database_Environment"; } opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java
@@ -55,7 +55,6 @@ * Admin User for cloning mechanism. */ private static final String ADMIN_USER = "snmpAdmin"; /** * Current Security Configuration for the SNMP Connection Handler. */ @@ -75,7 +74,7 @@ /** * Configured Security level. */ private SecurityLevel securityLevel; private int securityLevel; /** * {@inheritDoc} @@ -91,7 +90,10 @@ // Get the traps destinations this.trapDestinations = this.currentConfig.getTrapsDestination(); // Get the min security level to accept this.securityLevel = this.currentConfig.getSecurityLevel(); SecurityLevel level = this.currentConfig.getSecurityLevel(); this.securityLevel = SNMPConnectionHandlerDefinitions.SECURITY_LEVELS.get( level.toString()); } /** @@ -126,21 +128,23 @@ /** * {@inheritDoc} * @param user * @param contextName * @param securityLevel */ public boolean checkReadPermission(String user, String contextName, int securityLevel) { // Special check for the defaultUser if ((user.equals(ADMIN_USER)) && (contextName.equals("null")) && ((this.securityLevel.ordinal() + 1) >= securityLevel)) { if ((user.equals(ADMIN_USER)) && (contextName.equals("null")) && ((checkSecurityLevel(securityLevel)))) { return true; } // Else if ((checkReadPermission(user)) && if ((checkReadPermission(user)) && ((checkContextName(contextName))) && ((this.securityLevel.ordinal() + 1) >= securityLevel)) { (checkSecurityLevel(securityLevel))) { return true; } return false; @@ -148,6 +152,7 @@ /** * {@inheritDoc} * @return true if the context is correct, false otherwise. */ public boolean checkContextName(String contextName) { return this.contextName.equals(contextName); @@ -155,6 +160,8 @@ /** * {@inheritDoc} * @param user to check the write permission. * @return true if the user has the write permission, false otherwise. */ public boolean checkWritePermission(String user) { if (user.equals(ADMIN_USER)) { @@ -170,7 +177,20 @@ int securityLevel) { if ((checkWritePermission(user)) && (contextName.equals("null")) && ((this.securityLevel.ordinal() + 1) >= securityLevel)) { (checkSecurityLevel(securityLevel))) { return true; } return false; } /** * Check the incoming security level of the request. * @param securityLevel * @return true if the securityLevel is appropriated, else return false */ private boolean checkSecurityLevel(int securityLevel) { if (securityLevel >= this.securityLevel) { return true; } return false;
