From c41b122d3771d11cb253eaae10d06afb6a3b6f05 Mon Sep 17 00:00:00 2001
From: fguigues <fguigues@localhost>
Date: Wed, 30 Apr 2008 16:04:54 +0000
Subject: [PATCH]
---
opends/src/snmp/resource/mib/mib_core.txt | 12 -
opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java | 21 +
opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPSyncManagerV2AccessTest.java | 4
opends/src/snmp/resource/mib/rfc2605.txt | 2
opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java | 14 +
opends/src/guitools/org/opends/guitools/statuspanel/ConfigFromFile.java | 2
opends/src/admin/defn/org/opends/server/admin/std/SNMPConnectionHandlerConfiguration.xml | 18 -
opends/src/snmp/resource/mib/rfc2788.txt | 2
opends/src/snmp/resource/security/opends-snmp.security | 29 ++
opends/src/snmp/src/org/opends/server/snmp/SNMPInetAddressAcl.java | 6
opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPTrapManagerTest.java | 10 -
opends/src/snmp/resource/mib/rfc1213.txt | 445 --------------------------------------------
12 files changed, 82 insertions(+), 483 deletions(-)
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/SNMPConnectionHandlerConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/SNMPConnectionHandlerConfiguration.xml
index 19d11d3..85e0423 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/SNMPConnectionHandlerConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/SNMPConnectionHandlerConfiguration.xml
@@ -103,13 +103,12 @@
<adm:synopsis>
Specifies the hosts of the managers to be granted the access rights.
This property is required for SNMP v1 and v2 security configuration.
+ An asterik (*) opens access to all managers.
</adm:synopsis>
<adm:default-behavior>
- <adm:alias>
- <adm:synopsis>
- An empty list opens access to all managers.
- </adm:synopsis>
- </adm:alias>
+ <adm:defined>
+ <adm:value>*</adm:value>
+ </adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:string />
@@ -125,13 +124,12 @@
<adm:synopsis>
Specifies the users to be granted the access rights. This property
is required for SNMP v3 security configuration.
+ An asterik (*) opens access to all users.
</adm:synopsis>
<adm:default-behavior>
- <adm:alias>
- <adm:synopsis>
- An asterik (*) opens access to all users.
- </adm:synopsis>
- </adm:alias>
+ <adm:defined>
+ <adm:value>*</adm:value>
+ </adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:string />
diff --git a/opends/src/guitools/org/opends/guitools/statuspanel/ConfigFromFile.java b/opends/src/guitools/org/opends/guitools/statuspanel/ConfigFromFile.java
index 91e637f..ce58708 100644
--- a/opends/src/guitools/org/opends/guitools/statuspanel/ConfigFromFile.java
+++ b/opends/src/guitools/org/opends/guitools/statuspanel/ConfigFromFile.java
@@ -588,7 +588,7 @@
protocol = ListenerDescriptor.Protocol.SNMP;
protocolDescription = INFO_SNMP_PROTOCOL_LABEL.get();
boolean enabled = "true".equalsIgnoreCase(
- getFirstValue(entry, "ds-cfg-connection-handler-enabled"));
+ getFirstValue(entry, "ds-cfg-enabled"));
if (enabled)
{
state = ListenerDescriptor.State.ENABLED;
diff --git a/opends/src/snmp/resource/mib/mib_core.txt b/opends/src/snmp/resource/mib/mib_core.txt
index 1300723..af449a2 100644
--- a/opends/src/snmp/resource/mib/mib_core.txt
+++ b/opends/src/snmp/resource/mib/mib_core.txt
@@ -1,14 +1,4 @@
---
--- @(#)file mib_core.txt
--- @(#)author Sun Microsystems, Inc.
--- @(#)version 1.4
--- @(#)date 03/05/30
---
--- The file contains all the definitions scattered around many different
--- RFCs.
---
-
- CORE-MIB DEFINITIONS ::= BEGIN
+CORE-MIB DEFINITIONS ::= BEGIN
IMPORTS ;
diff --git a/opends/src/snmp/resource/mib/rfc1213.txt b/opends/src/snmp/resource/mib/rfc1213.txt
index e518449..2aef233 100644
--- a/opends/src/snmp/resource/mib/rfc1213.txt
+++ b/opends/src/snmp/resource/mib/rfc1213.txt
@@ -24,12 +24,6 @@
-- with this syntax are declared as having
-
-SNMP Working Group [Page 12]
-�
-RFC 1213 MIB-II March 1991
-
-
--
-- SIZE (0..255)
@@ -80,12 +74,6 @@
STATUS mandatory
-
-SNMP Working Group [Page 13]
-�
-RFC 1213 MIB-II March 1991
-
-
DESCRIPTION
"A textual description of the entity. This value
should include the full name and version
@@ -134,14 +122,6 @@
sysName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
-
-
-
-SNMP Working Group [Page 14]
-�
-RFC 1213 MIB-II March 1991
-
-
ACCESS read-write
STATUS mandatory
DESCRIPTION
@@ -190,14 +170,6 @@
6 may also be counted."
::= { system 7 }
-
-
-
-SNMP Working Group [Page 15]
-�
-RFC 1213 MIB-II March 1991
-
-
-- the Interfaces group
-- Implementation of the Interfaces group is mandatory for
@@ -246,14 +218,6 @@
SEQUENCE {
ifIndex
INTEGER,
-
-
-
-SNMP Working Group [Page 16]
-�
-RFC 1213 MIB-II March 1991
-
-
ifDescr
DisplayString,
ifType
@@ -302,14 +266,6 @@
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
-
-
-
-SNMP Working Group [Page 17]
-�
-RFC 1213 MIB-II March 1991
-
-
DESCRIPTION
"A unique value for each interface. Its value
ranges between 1 and the value of ifNumber. The
@@ -358,14 +314,6 @@
softwareLoopback(24),
eon(25), -- CLNP over IP [11]
ethernet-3Mbit(26),
-
-
-
-SNMP Working Group [Page 18]
-�
-RFC 1213 MIB-II March 1991
-
-
nsip(27), -- XNS over IP
slip(28), -- generic SLIP
ultra(29), -- ULTRA technologies
@@ -414,14 +362,6 @@
"The interface's address at the protocol layer
immediately `below' the network layer in the
protocol stack. For interfaces which do not have
-
-
-
-SNMP Working Group [Page 19]
-�
-RFC 1213 MIB-II March 1991
-
-
such an address (e.g., a serial line), this object
should contain an octet string of zero length."
::= { ifEntry 6 }
@@ -470,14 +410,6 @@
ifInOctets OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
-
-
-
-SNMP Working Group [Page 20]
-�
-RFC 1213 MIB-II March 1991
-
-
STATUS mandatory
DESCRIPTION
"The total number of octets received on the
@@ -525,16 +457,7 @@
errors preventing them from being deliverable to a
higher-layer protocol."
::= { ifEntry 14 }
-
-
-
-
-SNMP Working Group [Page 21]
-�
-RFC 1213 MIB-II March 1991
-
-
- ifInUnknownProtos OBJECT-TYPE
+ ifInUnknownProtos OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
@@ -582,14 +505,6 @@
STATUS mandatory
DESCRIPTION
"The number of outbound packets which were chosen
-
-
-
-SNMP Working Group [Page 22]
-�
-RFC 1213 MIB-II March 1991
-
-
to be discarded even though no errors had been
detected to prevent their being transmitted. One
possible reason for discarding such a packet could
@@ -638,14 +553,6 @@
-- Implementation of the Address Translation group is
-- mandatory for all systems. Note however that this group
-- is deprecated by MIB-II. That is, it is being included
-
-
-
-SNMP Working Group [Page 23]
-�
-RFC 1213 MIB-II March 1991
-
-
-- solely for compatibility with MIB-I nodes, and will most
-- likely be excluded from MIB-III nodes. From MIB-II and
-- onwards, each network protocol group contains its own
@@ -694,14 +601,6 @@
SEQUENCE {
atIfIndex
INTEGER,
-
-
-
-SNMP Working Group [Page 24]
-�
-RFC 1213 MIB-II March 1991
-
-
atPhysAddress
PhysAddress,
atNetAddress
@@ -750,14 +649,6 @@
"The NetworkAddress (e.g., the IP address)
corresponding to the media-dependent `physical'
address."
-
-
-
-SNMP Working Group [Page 25]
-�
-RFC 1213 MIB-II March 1991
-
-
::= { atEntry 3 }
@@ -806,14 +697,6 @@
DESCRIPTION
"The total number of input datagrams received from
interfaces, including those received in error."
-
-
-
-SNMP Working Group [Page 26]
-�
-RFC 1213 MIB-II March 1991
-
-
::= { ip 3 }
ipInHdrErrors OBJECT-TYPE
@@ -862,14 +745,6 @@
ipInUnknownProtos OBJECT-TYPE
SYNTAX Counter
-
-
-
-SNMP Working Group [Page 27]
-�
-RFC 1213 MIB-II March 1991
-
-
ACCESS read-only
STATUS mandatory
DESCRIPTION
@@ -918,14 +793,6 @@
STATUS mandatory
DESCRIPTION
"The number of output IP datagrams for which no
-
-
-
-SNMP Working Group [Page 28]
-�
-RFC 1213 MIB-II March 1991
-
-
problem was encountered to prevent their
transmission to their destination, but which were
discarded (e.g., for lack of buffer space). Note
@@ -974,14 +841,6 @@
DESCRIPTION
"The number of IP datagrams successfully re-
assembled."
-
-
-
-SNMP Working Group [Page 29]
-�
-RFC 1213 MIB-II March 1991
-
-
::= { ip 15 }
ipReasmFails OBJECT-TYPE
@@ -1028,16 +887,6 @@
this entity."
::= { ip 19 }
-
-
-
-
-
-SNMP Working Group [Page 30]
-�
-RFC 1213 MIB-II March 1991
-
-
-- the IP address table
-- The IP address table contains this entity's IP addressing
@@ -1085,15 +934,6 @@
information pertains."
::= { ipAddrEntry 1 }
-
-
-
-
-SNMP Working Group [Page 31]
-�
-RFC 1213 MIB-II March 1991
-
-
ipAdEntIfIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
@@ -1142,14 +982,6 @@
datagrams received on this interface."
::= { ipAddrEntry 5 }
-
-
-
-SNMP Working Group [Page 32]
-�
-RFC 1213 MIB-II March 1991
-
-
-- the IP routing table
-- The IP routing table contains an entry for each route
@@ -1199,17 +1031,6 @@
ipRouteMetric5
INTEGER,
-
-
-SNMP Working Group [Page 33]
-�
-RFC 1213 MIB-II March 1991
-
-
- ipRouteInfo
- OBJECT IDENTIFIER
- }
-
ipRouteDest OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
@@ -1254,15 +1075,7 @@
ACCESS read-write
STATUS mandatory
DESCRIPTION
-
-
-
-SNMP Working Group [Page 34]
-�
-RFC 1213 MIB-II March 1991
-
-
- "An alternate routing metric for this route. The
+ "An alternate routing metric for this route. The
semantics of this metric are determined by the
routing-protocol specified in the route's
ipRouteProto value. If this metric is not used,
@@ -1311,13 +1124,6 @@
invalid(2), -- an invalidated route
-
-
-SNMP Working Group [Page 35]
-�
-RFC 1213 MIB-II March 1991
-
-
-- route to directly
direct(3), -- connected (sub-)network
@@ -1366,14 +1172,6 @@
-- protocols
egp(5),
ggp(6),
-
-
-
-SNMP Working Group [Page 36]
-�
-RFC 1213 MIB-II March 1991
-
-
hello(7),
rip(8),
is-is(9),
@@ -1423,13 +1221,6 @@
255.255.0.0 class-B
255.255.255.0 class-C
-
-
-SNMP Working Group [Page 37]
-�
-RFC 1213 MIB-II March 1991
-
-
If the value of the ipRouteDest is 0.0.0.0 (a
default route), then the mask value is also
0.0.0.0. It should be noted that all IP routing
@@ -1478,14 +1269,6 @@
SYNTAX SEQUENCE OF IpNetToMediaEntry
ACCESS not-accessible
STATUS mandatory
-
-
-
-SNMP Working Group [Page 38]
-�
-RFC 1213 MIB-II March 1991
-
-
DESCRIPTION
"The IP Address Translation table used for mapping
from IP addresses to physical addresses."
@@ -1534,14 +1317,6 @@
"The media-dependent `physical' address."
::= { ipNetToMediaEntry 2 }
-
-
-
-SNMP Working Group [Page 39]
-�
-RFC 1213 MIB-II March 1991
-
-
ipNetToMediaNetAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
@@ -1590,14 +1365,6 @@
to be discarded even though they are valid. One
possible reason for discarding such an entry could
be to free-up buffer space for other routing
-
-
-
-SNMP Working Group [Page 40]
-�
-RFC 1213 MIB-II March 1991
-
-
entries."
::= { ip 23 }
@@ -1645,15 +1412,6 @@
received."
::= { icmp 4 }
-
-
-
-
-SNMP Working Group [Page 41]
-�
-RFC 1213 MIB-II March 1991
-
-
icmpInParmProbs OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
@@ -1702,14 +1460,6 @@
ACCESS read-only
STATUS mandatory
DESCRIPTION
-
-
-
-SNMP Working Group [Page 42]
-�
-RFC 1213 MIB-II March 1991
-
-
"The number of ICMP Timestamp (request) messages
received."
::= { icmp 10 }
@@ -1758,14 +1508,6 @@
DESCRIPTION
"The number of ICMP messages which this entity did
not send due to problems discovered within ICMP
-
-
-
-SNMP Working Group [Page 43]
-�
-RFC 1213 MIB-II March 1991
-
-
such as a lack of buffers. This value should not
include errors discovered outside the ICMP layer
such as the inability of IP to route the resultant
@@ -1814,14 +1556,6 @@
STATUS mandatory
DESCRIPTION
"The number of ICMP Redirect messages sent. For a
-
-
-
-SNMP Working Group [Page 44]
-�
-RFC 1213 MIB-II March 1991
-
-
host, this object will always be zero, since hosts
do not send redirects."
::= { icmp 20 }
@@ -1869,15 +1603,6 @@
sent."
::= { icmp 25 }
-
-
-
-
-SNMP Working Group [Page 45]
-�
-RFC 1213 MIB-II March 1991
-
-
icmpOutAddrMaskReps OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
@@ -1926,14 +1651,6 @@
particular, when the timeout algorithm is rsre(3),
an object of this type has the semantics of the
LBOUND quantity described in RFC 793."
-
-
-
-SNMP Working Group [Page 46]
-�
-RFC 1213 MIB-II March 1991
-
-
::= { tcp 2 }
@@ -1983,13 +1700,6 @@
LISTEN state."
::= { tcp 6 }
-
-
-SNMP Working Group [Page 47]
-�
-RFC 1213 MIB-II March 1991
-
-
tcpAttemptFails OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
@@ -2038,14 +1748,6 @@
SYNTAX Counter
ACCESS read-only
STATUS mandatory
-
-
-
-SNMP Working Group [Page 48]
-�
-RFC 1213 MIB-II March 1991
-
-
DESCRIPTION
"The total number of segments sent, including
those on current connections but excluding those
@@ -2094,14 +1796,6 @@
tcpConnRemPort }
::= { tcpConnTable 1 }
-
-
-
-SNMP Working Group [Page 49]
-�
-RFC 1213 MIB-II March 1991
-
-
TcpConnEntry ::=
SEQUENCE {
tcpConnState
@@ -2150,14 +1844,6 @@
connection.
As an implementation-specific option, a RST
-
-
-
-SNMP Working Group [Page 50]
-�
-RFC 1213 MIB-II March 1991
-
-
segment may be sent from the managed node to the
other TCP endpoint (note however that RST segments
are not sent reliably)."
@@ -2206,14 +1892,6 @@
SYNTAX Counter
ACCESS read-only
STATUS mandatory
-
-
-
-SNMP Working Group [Page 51]
-�
-RFC 1213 MIB-II March 1991
-
-
DESCRIPTION
"The total number of segments received in error
(e.g., bad TCP checksums)."
@@ -2263,13 +1941,6 @@
of an application at the destination port."
::= { udp 3 }
-
-
-SNMP Working Group [Page 52]
-�
-RFC 1213 MIB-II March 1991
-
-
udpOutDatagrams OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
@@ -2318,14 +1989,6 @@
STATUS mandatory
DESCRIPTION
"The local IP address for this UDP listener. In
-
-
-
-SNMP Working Group [Page 53]
-�
-RFC 1213 MIB-II March 1991
-
-
the case of a UDP listener which is willing to
accept datagrams for any IP interface associated
with the node, the value 0.0.0.0 is used."
@@ -2374,14 +2037,6 @@
egpOutErrors OBJECT-TYPE
SYNTAX Counter
-
-
-
-SNMP Working Group [Page 54]
-�
-RFC 1213 MIB-II March 1991
-
-
ACCESS read-only
STATUS mandatory
DESCRIPTION
@@ -2430,14 +2085,6 @@
Counter,
egpNeighOutErrs
Counter,
-
-
-
-SNMP Working Group [Page 55]
-�
-RFC 1213 MIB-II March 1991
-
-
egpNeighInErrMsgs
Counter,
egpNeighOutErrMsgs
@@ -2486,14 +2133,6 @@
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
-
-
-
-SNMP Working Group [Page 56]
-�
-RFC 1213 MIB-II March 1991
-
-
DESCRIPTION
"The autonomous system of this EGP peer. Zero
should be specified if the autonomous system
@@ -2542,14 +2181,6 @@
SYNTAX Counter
ACCESS read-only
STATUS mandatory
-
-
-
-SNMP Working Group [Page 57]
-�
-RFC 1213 MIB-II March 1991
-
-
DESCRIPTION
"The number of EGP-defined error messages received
from this EGP peer."
@@ -2598,14 +2229,6 @@
STATUS mandatory
DESCRIPTION
"The interval between EGP poll command
-
-
-
-SNMP Working Group [Page 58]
-�
-RFC 1213 MIB-II March 1991
-
-
retransmissions (in hundredths of a second). This
represents the t3 timer as defined in RFC 904."
::= { egpNeighEntry 13 }
@@ -2654,14 +2277,6 @@
"The autonomous system number of this EGP entity."
::= { egp 6 }
-
-
-
-SNMP Working Group [Page 59]
-�
-RFC 1213 MIB-II March 1991
-
-
-- the Transmission group
-- Based on the transmission media underlying each interface
@@ -2710,14 +2325,6 @@
snmpOutPkts OBJECT-TYPE
SYNTAX Counter
-
-
-
-SNMP Working Group [Page 60]
-�
-RFC 1213 MIB-II March 1991
-
-
ACCESS read-only
STATUS mandatory
DESCRIPTION
@@ -2767,13 +2374,6 @@
decoding received SNMP Messages."
::= { snmp 6 }
-
-
-SNMP Working Group [Page 61]
-�
-RFC 1213 MIB-II March 1991
-
-
-- { snmp 7 } is not used
snmpInTooBigs OBJECT-TYPE
@@ -2822,14 +2422,6 @@
contains the value `readOnly' in the error-status
field, as such this object is provided as a means
of detecting incorrect implementations of the
-
-
-
-SNMP Working Group [Page 62]
-�
-RFC 1213 MIB-II March 1991
-
-
SNMP."
::= { snmp 11 }
@@ -2878,14 +2470,6 @@
snmpInGetNexts OBJECT-TYPE
SYNTAX Counter
-
-
-
-SNMP Working Group [Page 63]
-�
-RFC 1213 MIB-II March 1991
-
-
ACCESS read-only
STATUS mandatory
DESCRIPTION
@@ -2935,13 +2519,6 @@
`tooBig.'"
::= { snmp 20 }
-
-
-SNMP Working Group [Page 64]
-�
-RFC 1213 MIB-II March 1991
-
-
snmpOutNoSuchNames OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
@@ -2990,14 +2567,6 @@
SYNTAX Counter
ACCESS read-only
STATUS mandatory
-
-
-
-SNMP Working Group [Page 65]
-�
-RFC 1213 MIB-II March 1991
-
-
DESCRIPTION
"The total number of SNMP Get-Next PDUs which have
been generated by the SNMP protocol entity."
@@ -3046,14 +2615,6 @@
object be stored in non-volatile memory so that it
remains constant between re-initializations of the
network management system."
-
-
-
-SNMP Working Group [Page 66]
-�
-RFC 1213 MIB-II March 1991
-
-
- ::= { snmp 30 }
+ ::= { snmp 30 }
END
diff --git a/opends/src/snmp/resource/mib/rfc2605.txt b/opends/src/snmp/resource/mib/rfc2605.txt
index 3dfabbc..ebc3b13 100644
--- a/opends/src/snmp/resource/mib/rfc2605.txt
+++ b/opends/src/snmp/resource/mib/rfc2605.txt
@@ -1,4 +1,4 @@
- DIRECTORY-SERVER-MIB DEFINITIONS ::= BEGIN
+DIRECTORY-SERVER-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, Counter32, Gauge32, OBJECT-TYPE
diff --git a/opends/src/snmp/resource/mib/rfc2788.txt b/opends/src/snmp/resource/mib/rfc2788.txt
index b3820fe..56a5c6b 100644
--- a/opends/src/snmp/resource/mib/rfc2788.txt
+++ b/opends/src/snmp/resource/mib/rfc2788.txt
@@ -1,4 +1,4 @@
- NETWORK-SERVICES-MIB DEFINITIONS ::= BEGIN
+NETWORK-SERVICES-MIB DEFINITIONS ::= BEGIN
IMPORTS
OBJECT-TYPE, Counter32, Gauge32, MODULE-IDENTITY, mib-2
diff --git a/opends/src/snmp/resource/security/opends-snmp.security b/opends/src/snmp/resource/security/opends-snmp.security
index 4b3d557..0047eb0 100644
--- a/opends/src/snmp/resource/security/opends-snmp.security
+++ b/opends/src/snmp/resource/security/opends-snmp.security
@@ -1,6 +1,35 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright 2008 Sun Microsystems, Inc.
+#
+#
localEngineID=0x8000002a017f000001000000a1
localEngineBoots=0
+# Admin User to use to add access controls for users
+userEntry=localEngineID,snmpAdmin,null,usmHMACMD5AuthProtocol,passadmin
+
+# User to clone no read or write acess
userEntry=localEngineID,defaultUser,,usmHMACMD5AuthProtocol,password,,,3,true
diff --git a/opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java b/opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java
index 8c6dfe8..de3d54b 100644
--- a/opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java
+++ b/opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java
@@ -116,6 +116,8 @@
private SnmpV3AdaptorServer snmpAdaptor;
+ private String contextName;
+
/**
* Default constructor.
*/
@@ -222,6 +224,7 @@
this.snmpPort = this.currentConfig.getListenPort();
this.snmpTrapPort = this.currentConfig.getTrapPort();
this.registeredSNMPMBeans = this.currentConfig.isRegisteredMbean();
+ this.contextName = this.currentConfig.getCommunity();
// Creates all the required objects for SNMP MIB 2605 Support
try {
@@ -262,7 +265,9 @@
this.dsMib = new DIRECTORY_SERVER_MIBImpl(
this.registeredSNMPMBeans, this.mibObjName);
this.dsMib.preRegister(this.server, this.mibObjName);
- this.dsMib.setSnmpAdaptor(snmpAdaptor);
+
+ // Register the DS MIB into the defined context
+ this.dsMib.setSnmpAdaptor(snmpAdaptor, this.contextName);
this.server.registerMBean(this.snmpAdaptor, snmpObjName);
@@ -290,7 +295,12 @@
this.snmpAdaptor.stop();
this.server.unregisterMBean(this.snmpObjName);
- this.server.unregisterMBean(this.mibObjName );
+
+ if (this.server.isRegistered(this.mibObjName)) {
+ this.server.unregisterMBean(this.mibObjName);
+ }
+
+
this.server.unregisterMBean(new ObjectName(
SNMPConnectionHandlerDefinitions.SNMP_DOMAIN +
"type=group,name=DsMib"));
diff --git a/opends/src/snmp/src/org/opends/server/snmp/SNMPInetAddressAcl.java b/opends/src/snmp/src/org/opends/server/snmp/SNMPInetAddressAcl.java
index 669d545..7c727d50 100644
--- a/opends/src/snmp/src/org/opends/server/snmp/SNMPInetAddressAcl.java
+++ b/opends/src/snmp/src/org/opends/server/snmp/SNMPInetAddressAcl.java
@@ -52,6 +52,10 @@
* Current Security Configuration for the SNMP Connection Handler.
*/
private SNMPConnectionHandlerCfg currentConfig;
+ /**
+ * If * then all the users are allowed to access in read.
+ */
+ private static final String ALL_MANAGERS_ALLOWED = "*";
private TreeSet<InetAddress> hostsList;
private boolean allManagers = false;
@@ -73,7 +77,7 @@
// hostsList
SortedSet tmp = this.currentConfig.getAllowedManager();
- if (tmp.isEmpty()) {
+ if (tmp.contains(ALL_MANAGERS_ALLOWED)) {
this.allManagers=true;
}
this.hostsList = new TreeSet<InetAddress>();
diff --git a/opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java b/opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java
index d51b9d0..44dd066 100644
--- a/opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java
+++ b/opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java
@@ -52,6 +52,11 @@
*/
private static final String DEFAULT_USER = "defaultUser";
/**
+ * Admin User for cloning mechanism.
+ */
+ private static final String ADMIN_USER = "snmpAdmin";
+
+ /**
* Current Security Configuration for the SNMP Connection Handler.
*/
private SNMPConnectionHandlerCfg currentConfig;
@@ -101,6 +106,17 @@
* {@inheritDoc}
*/
public boolean checkReadPermission(String user) {
+
+ // Test if clone user
+ if (user.equals(DEFAULT_USER)) {
+ return false;
+ }
+
+ // Test if clone user
+ if (user.equals(ADMIN_USER)) {
+ return false;
+ }
+
if ((this.usersList.contains(ALL_USERS_ALLOWED)) ||
(this.usersList.contains(user))) {
return true;
@@ -115,7 +131,7 @@
int securityLevel) {
// Special check for the defaultUser
- if ((user.equals(DEFAULT_USER))
+ if ((user.equals(ADMIN_USER))
&& (contextName.equals("null"))
&& ((this.securityLevel.ordinal() + 1) >= securityLevel)) {
return true;
@@ -123,6 +139,7 @@
// Else
if ((checkReadPermission(user)) &&
+ ((checkContextName(contextName))) &&
((this.securityLevel.ordinal() + 1) >= securityLevel)) {
return true;
}
@@ -140,7 +157,7 @@
* {@inheritDoc}
*/
public boolean checkWritePermission(String user) {
- if (user.equals(DEFAULT_USER)) {
+ if (user.equals(ADMIN_USER)) {
return true;
}
return false;
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPSyncManagerV2AccessTest.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPSyncManagerV2AccessTest.java
index 6daa483..1a34cb9 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPSyncManagerV2AccessTest.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPSyncManagerV2AccessTest.java
@@ -101,7 +101,7 @@
new SnmpParameters();
// Set to the allowed the community string
- params.setRdCommunity("OpenDS");
+ params.setRdCommunity("OpenDS@OpenDS");
// The newly created parameter must be associated to the agent.
//
@@ -188,7 +188,7 @@
return new Object[][]{
{"public", false},
{"private", false},
- {"OpenDS", true},
+ {"OpenDS@OpenDS", true},
{"dummy", false},
{"", false}};
}
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPTrapManagerTest.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPTrapManagerTest.java
index 39c827d..86fe4be 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPTrapManagerTest.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPTrapManagerTest.java
@@ -32,14 +32,6 @@
import com.sun.management.snmp.SnmpScopedPduRequest;
import com.sun.management.snmp.SnmpEventReportDispatcher;
import com.sun.management.snmp.manager.SnmpTrapListener;
-import java.net.InetAddress;
-import java.util.ArrayList;
-import org.opends.server.core.ModifyOperationBasis;
-import org.opends.server.protocols.internal.InternalClientConnection;
-import org.opends.server.types.Control;
-import org.opends.server.types.DN;
-import org.opends.server.types.Modification;
-import org.opends.server.types.ModificationType;
import org.testng.annotations.BeforeClass;
import static org.testng.Assert.*;
import org.testng.annotations.Test;
@@ -97,8 +89,6 @@
// Should received 1 traps
assertEquals(trapNumbers, 1);
- // Nicely stop the SnmpEventReportDispatcher.
- //
trapAgent.close();
taskServer.terminate();
--
Gitblit v1.10.0