From c91131158b817731bc4249bfe31b0ec554852fd0 Mon Sep 17 00:00:00 2001
From: fguigues <fguigues@localhost>
Date: Wed, 04 Jun 2008 16:26:47 +0000
Subject: [PATCH]
---
opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java | 91 ++++++++++--
opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPConnectionHandlerDefinitions.java | 240 ++++++++++++++++-----------------
opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java | 38 ++++-
opendj-sdk/opends/src/messages/messages/protocol.properties | 6
4 files changed, 223 insertions(+), 152 deletions(-)
diff --git a/opendj-sdk/opends/src/messages/messages/protocol.properties b/opendj-sdk/opends/src/messages/messages/protocol.properties
index bc8f468..c1000a3 100644
--- a/opendj-sdk/opends/src/messages/messages/protocol.properties
+++ b/opendj-sdk/opends/src/messages/messages/protocol.properties
@@ -1453,13 +1453,15 @@
for this connection handler. The configuration parameters ds-cfg-listen-port \
and ds-cfg-trap-port are required by the connection handler to start
SEVERE_ERR_SNMP_CONNHANDLER_TRAPS_DESTINATION_1463=Traps Destination %s is \
- an unknown host
+ an unknown host. Traps will not be sent to this destination.
SEVERE_ERR_SNMP_CONNHANDLER_NO_OPENDMK_JARFILES_1464=You do not have the \
appropriated OpenDMK jar files to enable the SNMP Connection Handler. \
Please go under http://opendmk.dev.java.net and set the \
ds-cfg-opendmk-jarfile configuration parameter to set the full path \
of the required jdmkrt.jar file. The SNMP connection Handler didn't started
SEVERE_ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION_1465=An unexpected \
- error occurred while trying to initialize the SNMP Connection Hanlder. \
+ error occurred while trying to initialize the SNMP Connection Handler. \
Please check the configuration attributes
+SEVERE_ERR_SNMP_CONNHANDLER_NO_VALID_TRAP_DESTINATIONS_1466=No valid trap \
+ destinations has been found. No trap will be sent
diff --git a/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java b/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java
index c70e5d0..8f90136 100644
--- a/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java
+++ b/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java
@@ -26,6 +26,7 @@
*/
package org.opends.server.snmp;
+import com.sun.management.comm.CommunicatorServer;
import java.io.File;
import org.opends.server.loggers.debug.DebugLogger;
@@ -39,10 +40,14 @@
import com.sun.management.snmp.SnmpEngineParameters;
import com.sun.management.snmp.UserAcl;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
import java.util.Iterator;
import java.util.Set;
+import java.util.SortedSet;
import javax.management.MBeanServer;
import javax.management.ObjectName;
+import org.opends.messages.Message;
import org.opends.server.admin.std.server.SNMPConnectionHandlerCfg;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.ConfigChangeResult;
@@ -51,6 +56,7 @@
import org.opends.server.util.Validator;
import static org.opends.messages.ProtocolMessages.*;
+import static org.opends.server.loggers.ErrorLogger.*;
/**
* The SNMPClassLoaderProvider.
@@ -103,6 +109,7 @@
private ObjectName UsmObjName;
private SnmpV3AdaptorServer snmpAdaptor;
private String contextName;
+ private boolean sentTraps = true;
/**
* Default constructor.
@@ -226,8 +233,7 @@
this.snmpAdaptor = this.getSnmpAdaptor(this.currentConfig);
if (this.snmpAdaptor == null) {
- throw new Exception(
- ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION.get().toString());
+ throw new Exception();
}
// Create the Usm MIB to allow user management
@@ -241,21 +247,42 @@
this.snmpAdaptor.registerUsmMib(server, this.UsmObjName);
} catch (Exception ex) {
throw new Exception(
- ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION.get().toString());
+ ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION.get().toString());
}
}
this.snmpAdaptor.start();
- // Send a coldStart SNMP Trap.
- this.snmpAdaptor.setTrapPort(snmpTrapPort);
- this.snmpAdaptor.snmpV1Trap(
- null,
- this.currentConfig.getTrapsCommunity(),
- 0,
- 0,
- null);
+ // Test the snmpAdaptor State
+ while (this.snmpAdaptor.getState() == CommunicatorServer.STARTING) {
+ Thread.sleep(1000);
+ }
+ // Check if the snmpAdaptor is online
+ if (this.snmpAdaptor.getState() != CommunicatorServer.ONLINE) {
+ throw new Exception(
+ ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION.get().toString());
+ }
+
+ // Check the trap destinations before trying to sent traps
+ this.sentTraps =
+ checkTrapsDestinations(
+ this.currentConfig.getTrapsDestination());
+
+ if (this.sentTraps == false) {
+ Message message =
+ ERR_SNMP_CONNHANDLER_NO_VALID_TRAP_DESTINATIONS.get();
+ logError(message);
+ } else {
+ // Send a coldStart SNMP Trap.
+ this.snmpAdaptor.setTrapPort(snmpTrapPort);
+ this.snmpAdaptor.snmpV1Trap(
+ null,
+ this.currentConfig.getTrapsCommunity(),
+ 0,
+ 0,
+ null);
+ }
// Create an instance of the customized MIB
this.mibObjName = new ObjectName(
SNMPConnectionHandlerDefinitions.SNMP_DOMAIN +
@@ -286,14 +313,15 @@
try {
- // Send a trap when stop
- this.snmpAdaptor.snmpV1Trap(
- null,
- this.currentConfig.getTrapsCommunity(),
- 0,
- 0,
- null);
-
+ if (this.sentTraps == true) {
+ // Send a trap when stop
+ this.snmpAdaptor.snmpV1Trap(
+ null,
+ this.currentConfig.getTrapsCommunity(),
+ 0,
+ 0,
+ null);
+ }
String[] names = this.snmpAdaptor.getMibs();
// Stop the SNMP Adaptor
@@ -373,5 +401,30 @@
return null;
}
}
+
+ private boolean checkTrapsDestinations(SortedSet destinations) {
+
+ // If the traps destinations is empty, the traps have to be sent
+ // to localhosts
+ if ((destinations == null) || (destinations.isEmpty())) {
+ return true;
+ }
+
+ boolean found = false;
+ for (Iterator iter = destinations.iterator(); iter.hasNext();) {
+ String dest = null;
+ try {
+ dest = (String) iter.next();
+ InetAddress addr = InetAddress.getByName(dest);
+ found = true;
+ } catch (UnknownHostException ex) {
+ Message message = ERR_SNMP_CONNHANDLER_TRAPS_DESTINATION.get(
+ dest);
+ logError(message);
+ }
+ }
+ return found;
+
+ }
}
diff --git a/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPConnectionHandlerDefinitions.java b/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPConnectionHandlerDefinitions.java
index 1d5f2a2..1052371 100644
--- a/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPConnectionHandlerDefinitions.java
+++ b/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPConnectionHandlerDefinitions.java
@@ -27,6 +27,7 @@
package org.opends.server.snmp;
import java.util.HashSet;
+import java.util.Hashtable;
import java.util.Set;
/**
@@ -34,128 +35,123 @@
*/
public class SNMPConnectionHandlerDefinitions {
- /**
- * SNMP V1 supported.
- */
- public static String SNMP_VERSION_V1 = "v1";
+ /**
+ * SNMP V1 supported.
+ */
+ public static String SNMP_VERSION_V1 = "v1";
+ /**
+ * SNMP V2 supported.
+ */
+ public static String SNMP_VERSION_V2 = "v2";
+ /**
+ * SNMP V3 supported.
+ */
+ public static String SNMP_VERSION_V3 = "v3";
+ /**
+ * List of Supported SNMP Version.
+ */
+ public static Set<String> SUPPORTED_SNMP_VERSION = new HashSet<String>();
- /**
- * SNMP V2 supported.
- */
- public static String SNMP_VERSION_V2 = "v2";
+ static {
+ SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V1);
+ SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V2);
+ SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V3);
+ }
+ /**
+ * List of Supported Security levels.
+ */
+ public static Hashtable<String, Integer> SECURITY_LEVELS =
+ new Hashtable<String, Integer>();
- /**
- * SNMP V3 supported.
- */
- public static String SNMP_VERSION_V3 = "v3";
-
- /**
- * List of Supported SNMP Version.
- */
- public static Set<String> SUPPORTED_SNMP_VERSION=new HashSet<String>();
- static {
- SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V1);
- SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V2);
- SUPPORTED_SNMP_VERSION.add(SNMP_VERSION_V3);
- }
-
- /**
- * Domain for SNMP MBeans.
- */
- public static final String SNMP_DOMAIN =
- "org.opends.server.snmp:";
- /**
- * Domain for Monitor MBeans.
- */
- public static final String JMX_DOMAIN =
- "org.opends.server:";
-
- /**
- * Name of MONITOR_CLIENT_CONNECTIONS_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_CLIENT_CONNECTIONS_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Client_Connections";
- /**
- * Name of MONITOR_ENTRY_CACHES_OBJECTNANE monitor Mbean.
- */
- public static final String MONITOR_ENTRY_CACHES_OBJECTNANE =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Entry_Caches";
-
- /**
- * Name of MONITOR_JVM_MEMORY_USAGE_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_JVM_MEMORY_USAGE_OBJECTNAME =
- "RootDSE,Rdn1=cn-monitor,Rdn2=cn-JVM_Memory_Usage";
-
- /**
- * Name of MONITOR_JVM_STACK_TRACE_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_JVM_STACK_TRACE_OBJECTNAME = "" +
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-JVM_Stack_Trace";
-
- /**
- * Name of MONITOR_SYSTEM_INFORMATION_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_SYSTEM_INFORMATION_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-System_Information";
-
- /**
- * Name of MONITOR_VERSION_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_VERSION_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Version";
-
- /**
- * Name of MONITOR_WORK_QUEUE_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_WORK_QUEUE_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Work_Queue";
-
- /**
- * Name of MONITOR_ADMIN_ROOT_BACKEND_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_ADMIN_ROOT_BACKEND_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-adminRoot_Backend";
-
- /**
- * Name of MONITOR_ADSTRUSTSTORE_BACKEND_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_ADSTRUSTSTORE_BACKEND_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-adstruststore_Backend";
-
- /**
- * Name of MONITOR_BACKUP_BACKEND_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_BACKUP_BACKEND_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-backup_Backend";
-
- /**
- * Name of MONITOR_MONITOR_BACKEND_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_MONITOR_BACKEND_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-monitor_Backend";
-
- /**
- * Name of MONITOR_SCHEMA_BACKEND_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_SCHEMA_BACKEND_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-schema_Backend";
-
- /**
- * Name of MONITOR_TASKS_BACKEND_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_TASKS_BACKEND_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-tasks_Backend";
-
- /**
- * Name of MONITOR_USERROOT_BACKEND_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_USERROOT_BACKEND_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-userRoot_Backend";
-
- /**
- * Name of MONITOR_USERROOT_DATABASE_ENVIRONMENT_OBJECTNAME monitor Mbean.
- */
- public static final String MONITOR_USERROOT_DATABASE_ENVIRONMENT_OBJECTNAME =
- "rootDSE,Rdn1=cn-monitor,Rdn2=cn-userRoot_Database_Environment";
+ static {
+ SECURITY_LEVELS.put("noauthnopriv", 0);
+ SECURITY_LEVELS.put("authnopriv", 1);
+ SECURITY_LEVELS.put("authpriv", 2);
+ }
+ /**
+ * Domain for SNMP MBeans.
+ */
+ public static final String SNMP_DOMAIN =
+ "org.opends.server.snmp:";
+ /**
+ * Domain for Monitor MBeans.
+ */
+ public static final String JMX_DOMAIN =
+ "org.opends.server:";
+ /**
+ * Name of MONITOR_CLIENT_CONNECTIONS_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_CLIENT_CONNECTIONS_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Client_Connections";
+ /**
+ * Name of MONITOR_ENTRY_CACHES_OBJECTNANE monitor Mbean.
+ */
+ public static final String MONITOR_ENTRY_CACHES_OBJECTNANE =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Entry_Caches";
+ /**
+ * Name of MONITOR_JVM_MEMORY_USAGE_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_JVM_MEMORY_USAGE_OBJECTNAME =
+ "RootDSE,Rdn1=cn-monitor,Rdn2=cn-JVM_Memory_Usage";
+ /**
+ * Name of MONITOR_JVM_STACK_TRACE_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_JVM_STACK_TRACE_OBJECTNAME = "" +
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-JVM_Stack_Trace";
+ /**
+ * Name of MONITOR_SYSTEM_INFORMATION_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_SYSTEM_INFORMATION_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-System_Information";
+ /**
+ * Name of MONITOR_VERSION_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_VERSION_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Version";
+ /**
+ * Name of MONITOR_WORK_QUEUE_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_WORK_QUEUE_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-Work_Queue";
+ /**
+ * Name of MONITOR_ADMIN_ROOT_BACKEND_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_ADMIN_ROOT_BACKEND_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-adminRoot_Backend";
+ /**
+ * Name of MONITOR_ADSTRUSTSTORE_BACKEND_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_ADSTRUSTSTORE_BACKEND_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-adstruststore_Backend";
+ /**
+ * Name of MONITOR_BACKUP_BACKEND_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_BACKUP_BACKEND_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-backup_Backend";
+ /**
+ * Name of MONITOR_MONITOR_BACKEND_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_MONITOR_BACKEND_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-monitor_Backend";
+ /**
+ * Name of MONITOR_SCHEMA_BACKEND_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_SCHEMA_BACKEND_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-schema_Backend";
+ /**
+ * Name of MONITOR_TASKS_BACKEND_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_TASKS_BACKEND_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-tasks_Backend";
+ /**
+ * Name of MONITOR_USERROOT_BACKEND_OBJECTNAME monitor Mbean.
+ */
+ public static final String MONITOR_USERROOT_BACKEND_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-userRoot_Backend";
+ /**
+ * Name of MONITOR_USERROOT_DATABASE_ENVIRONMENT_OBJECTNAME monitor Mbean.
+ */
+ public static final String
+ MONITOR_USERROOT_DATABASE_ENVIRONMENT_OBJECTNAME =
+ "rootDSE,Rdn1=cn-monitor,Rdn2=cn-userRoot_Database_Environment";
}
diff --git a/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java b/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java
index 44dd066..71c6127 100644
--- a/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java
+++ b/opendj-sdk/opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java
@@ -55,7 +55,6 @@
* Admin User for cloning mechanism.
*/
private static final String ADMIN_USER = "snmpAdmin";
-
/**
* Current Security Configuration for the SNMP Connection Handler.
*/
@@ -75,7 +74,7 @@
/**
* Configured Security level.
*/
- private SecurityLevel securityLevel;
+ private int securityLevel;
/**
* {@inheritDoc}
@@ -91,7 +90,10 @@
// Get the traps destinations
this.trapDestinations = this.currentConfig.getTrapsDestination();
// Get the min security level to accept
- this.securityLevel = this.currentConfig.getSecurityLevel();
+ SecurityLevel level = this.currentConfig.getSecurityLevel();
+ this.securityLevel =
+ SNMPConnectionHandlerDefinitions.SECURITY_LEVELS.get(
+ level.toString());
}
/**
@@ -126,21 +128,23 @@
/**
* {@inheritDoc}
+ * @param user
+ * @param contextName
+ * @param securityLevel
*/
public boolean checkReadPermission(String user, String contextName,
int securityLevel) {
// Special check for the defaultUser
- if ((user.equals(ADMIN_USER))
- && (contextName.equals("null"))
- && ((this.securityLevel.ordinal() + 1) >= securityLevel)) {
+ if ((user.equals(ADMIN_USER)) && (contextName.equals("null"))
+ && ((checkSecurityLevel(securityLevel)))) {
return true;
}
// Else
- if ((checkReadPermission(user)) &&
+ if ((checkReadPermission(user)) &&
((checkContextName(contextName))) &&
- ((this.securityLevel.ordinal() + 1) >= securityLevel)) {
+ (checkSecurityLevel(securityLevel))) {
return true;
}
return false;
@@ -148,6 +152,7 @@
/**
* {@inheritDoc}
+ * @return true if the context is correct, false otherwise.
*/
public boolean checkContextName(String contextName) {
return this.contextName.equals(contextName);
@@ -155,6 +160,8 @@
/**
* {@inheritDoc}
+ * @param user to check the write permission.
+ * @return true if the user has the write permission, false otherwise.
*/
public boolean checkWritePermission(String user) {
if (user.equals(ADMIN_USER)) {
@@ -170,7 +177,20 @@
int securityLevel) {
if ((checkWritePermission(user)) &&
(contextName.equals("null")) &&
- ((this.securityLevel.ordinal() + 1) >= securityLevel)) {
+ (checkSecurityLevel(securityLevel))) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Check the incoming security level of the request.
+ * @param securityLevel
+ * @return true if the securityLevel is appropriated, else return false
+ */
+ private boolean checkSecurityLevel(int securityLevel) {
+
+ if (securityLevel >= this.securityLevel) {
return true;
}
return false;
--
Gitblit v1.10.0