Permalink
Browse files

bug#121 : SNMPv3 support - initial implementation

  • Loading branch information...
balleman committed Jul 27, 2010
1 parent af7d1be commit b50dcb59552a06b11a192e0a122bff10348bb5cd
Showing with 165 additions and 21 deletions.
  1. +3 −0 share/doc/ChangeLog
  2. +13 −1 src/devices.cpp
  3. +10 −0 src/include/types.h
  4. +8 −1 src/netmrg.cpp
  5. +80 −10 src/snmp.cpp
  6. +18 −2 www/lib/static.php
  7. +27 −7 www/webfiles/devices.php
  8. +6 −0 www/webfiles/updater.php
View
@@ -1,3 +1,6 @@
2010.07.26 v0.21cvs balleman
- bug#121 : SNMPv3 support - initial implementation
2010.07.26 v0.21cvs balleman
- bug#496 : ajax.php doesn't escape single quotes in addCreateOption()
View
@@ -282,7 +282,13 @@ void process_device(int dev_id)
string("snmp_retries, ") + // 9
string("no_snmp_uptime_check, ") + // 10
string("dev_type, ") + // 11
string("unknowns_on_snmp_restart ") + // 12
string("unknowns_on_snmp_restart,") + // 12
string("snmp3_user, ") + // 13
string("snmp3_seclev, ") + // 14
string("snmp3_aprot, ") + // 15
string("snmp3_apass, ") + // 16
string("snmp3_pprot, ") + // 17
string("snmp3_ppass ") + // 18
string("FROM devices ") +
string("WHERE id=") + inttostr(dev_id);
@@ -305,6 +311,12 @@ void process_device(int dev_id)
{
// set SNMP parameters
info.snmp_read_community = mysql_row[3];
info.snmp3_user = mysql_row[13];
info.snmp3_seclev = strtoint(mysql_row[14]);
info.snmp3_aprot = strtoint(mysql_row[15]);
info.snmp3_apass = mysql_row[16];
info.snmp3_pprot = strtoint(mysql_row[17]);
info.snmp3_ppass = mysql_row[18];
info.snmp_port = strtoint(mysql_row[7]);
info.snmp_timeout = strtoint(mysql_row[8]);
info.snmp_retries = strtoint(mysql_row[9]);
View
@@ -100,6 +100,12 @@ struct DeviceInfo
unsigned short snmp_version;
string snmp_read_community;
string snmp3_user;
int snmp3_seclev;
int snmp3_aprot;
string snmp3_apass;
int snmp3_pprot;
string snmp3_ppass;
unsigned long snmp_timeout;
unsigned int snmp_retries;
unsigned short snmp_port;
@@ -143,6 +149,10 @@ struct DeviceInfo
snmp_retries = 4;
snmp_port = 161;
snmp3_seclev = 0;
snmp3_aprot = 0;
snmp3_pprot = 0;
snmp_sess_p = NULL;
}
};
View
@@ -381,7 +381,8 @@ void external_snmp_recache(int device_id, int type)
info.device_id = device_id;
mysql_res = db_query(&mysql, &info, string("SELECT ip, snmp_read_community, snmp_version, snmp_port, ") +
"snmp_timeout, snmp_retries, dev_type FROM devices WHERE id=" + inttostr(device_id));
string("snmp_timeout, snmp_retries, dev_type, snmp3_user, snmp3_seclev, snmp3_aprot, snmp3_apass, snmp3_pprot, ") +
"snmp3_ppass FROM devices WHERE id=" + inttostr(device_id));
mysql_row = mysql_fetch_row(mysql_res);
if (mysql_row == NULL)
@@ -400,6 +401,12 @@ void external_snmp_recache(int device_id, int type)
info.ip = mysql_row[0];
info.snmp_read_community = mysql_row[1];
info.snmp3_user = mysql_row[7];
info.snmp3_seclev = strtoint(mysql_row[8]);
info.snmp3_aprot = strtoint(mysql_row[9]);
info.snmp3_apass = mysql_row[10];
info.snmp3_pprot = strtoint(mysql_row[11]);
info.snmp3_ppass = mysql_row[12];
info.snmp_port = strtoint(mysql_row[3]);
info.snmp_timeout = strtoint(mysql_row[4]);
info.snmp_retries = strtoint(mysql_row[5]);
View
@@ -4,7 +4,7 @@
* snmp.cpp
* NetMRG Gatherer SNMP Library
*
* Copyright (C) 2001-2008
* Copyright (C) 2001-2010
* Brady Alleman <brady@thtech.net>
* Douglas E. Warner <silfreed@silfreed.net>
* Kevin Bonner <keb@nivek.ws>
@@ -28,10 +28,6 @@
/*
NetMRG SNMP Functions
Copyright 2001-2003 Brady Alleman, All Rights Reserved.
Some of this code was originally part of net-snmp's application and
example code.
*/
@@ -119,8 +115,8 @@ string snmp_result(variable_list *vars)
void snmp_session_init(DeviceInfo &info)
{
struct snmp_session session;
u_char u_temp[250];
char temp[250];
u_char u_temp[250], u_temp1[250], u_temp2[250], u_temp3[250];
char temp[250], temp1[250];
void * sessp;
debuglogger(DEBUG_SNMP, LEVEL_DEBUG, &info, "Starting SNMP Session.");
@@ -136,13 +132,15 @@ void snmp_session_init(DeviceInfo &info)
switch (info.snmp_version)
{
case 1: session.version = SNMP_VERSION_1;
session.securityModel = SNMP_SEC_MODEL_SNMPv1;
debuglogger(DEBUG_SNMP, LEVEL_DEBUG, &info, "SNMPv1");
break;
case 2: session.version = SNMP_VERSION_2c;
session.securityModel = SNMP_SEC_MODEL_SNMPv2c;
debuglogger(DEBUG_SNMP, LEVEL_DEBUG, &info, "SNMPv2c");
break;
case 3: session.version = SNMP_VERSION_3;
debuglogger(DEBUG_SNMP, LEVEL_ERROR, &info, "SNMPv3 - not yet supported.");
debuglogger(DEBUG_SNMP, LEVEL_DEBUG, &info, "SNMPv3");
break;
}
@@ -155,8 +153,80 @@ void snmp_session_init(DeviceInfo &info)
debuglogger(DEBUG_SNMP, LEVEL_DEBUG, &info, log);
// set the SNMPv1/2c community name used for authentication
session.community = u_string(info.snmp_read_community, u_temp);
session.community_len = info.snmp_read_community.length();
if ( (info.snmp_version == 1) || (info.snmp_version == 2) )
{
session.community = u_string(info.snmp_read_community, u_temp);
session.community_len = info.snmp_read_community.length();
}
else if (info.snmp_version == 3)
{
strncpy(temp1, info.snmp3_user.c_str(), 250);
temp1[249] = '\0';
session.securityName = temp1;
session.securityNameLen = strlen(temp1);
session.securityModel = SNMP_SEC_MODEL_USM;
switch (info.snmp3_seclev)
{
case 0: session.securityLevel = SNMP_SEC_LEVEL_NOAUTH; break;
case 1: session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV; break;
case 2: session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV; break;
}
if ( (info.snmp3_seclev == 1) || (info.snmp3_seclev == 2) )
{
// We're using authentication
debuglogger(DEBUG_SNMP, LEVEL_DEBUG, &info, "Setting up SNMPv3 Authentication");
switch (info.snmp3_aprot)
{
case 0:
session.securityAuthProto = usmHMACMD5AuthProtocol;
session.securityAuthProtoLen = sizeof(usmHMACMD5AuthProtocol)/sizeof(oid);
break;
case 1:
session.securityAuthProto = usmHMACSHA1AuthProtocol;
session.securityAuthProtoLen = sizeof(usmHMACSHA1AuthProtocol)/sizeof(oid);
break;
}
session.securityAuthKeyLen = USM_AUTH_KU_LEN;
if (generate_Ku(session.securityAuthProto, session.securityAuthProtoLen, u_string(info.snmp3_apass, u_temp2),
info.snmp3_apass.length(), session.securityAuthKey, &session.securityAuthKeyLen) != SNMPERR_SUCCESS)
{
debuglogger(DEBUG_SNMP, LEVEL_ERROR, &info,
string("Failed to generate Ku from authentication password: {") + info.snmp3_apass + "}");
}
}
if (info.snmp3_seclev == 2)
{
// We're using privacy
debuglogger(DEBUG_SNMP, LEVEL_DEBUG, &info, "Setting up SNMPv3 Privacy");
switch (info.snmp3_pprot)
{
case 0:
session.securityPrivProto = usmDESPrivProtocol;
session.securityPrivProtoLen = sizeof(usmDESPrivProtocol)/sizeof(oid);
break;
case 1:
session.securityPrivProto = usmAESPrivProtocol;
session.securityPrivProtoLen = sizeof(usmAESPrivProtocol)/sizeof(oid);
break;
}
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
if (generate_Ku(session.securityAuthProto, session.securityAuthProtoLen, u_string(info.snmp3_ppass, u_temp3),
info.snmp3_ppass.length(), session.securityPrivKey, &session.securityPrivKeyLen) != SNMPERR_SUCCESS)
{
debuglogger(DEBUG_SNMP, LEVEL_ERROR, &info, string("Failed to generate Ku from privacy password: {") +
info.snmp3_ppass + "}");
}
}
}
netmrg_mutex_lock(lkSNMP);
sessp = snmp_sess_open(&session);
View
@@ -260,10 +260,26 @@
$SNMP_VERSIONS = array(
0 => "No SNMP Support",
1 => "SNMPv1",
2 => "SNMPv2c"/*,
3 => "SNMPv3"*/
2 => "SNMPv2c",
3 => "SNMPv3"
); // end SNMP_VERSIONS
$SNMP_SECLEVS = array(
0 => "No Authentication, No Privacy",
1 => "Authentication, No Privacy",
2 => "Authentication, Privacy"
); // end SNMP_SECLEVS
$SNMP_APROTS = array(
0 => "MD5",
1 => "SHA"
); // end SNMP_APROTS
$SNMP_PPROTS = array(
0 => "DES",
1 => "AES"
); // end SNMP_PPROTS
$RECACHE_METHODS = array(
0 => "Never refresh cache",
1 => "Refresh on SNMP agent restart",
View
@@ -114,6 +114,12 @@ function doedit()
name='{$_REQUEST['dev_name']}',
ip='{$_REQUEST['dev_ip']}',
snmp_read_community='{$_REQUEST['snmp_read_community']}',
snmp3_user='{$_REQUEST['snmp3_user']}',
snmp3_seclev='{$_REQUEST['snmp3_seclev']}',
snmp3_aprot='{$_REQUEST['snmp3_aprot']}',
snmp3_apass='{$_REQUEST['snmp3_apass']}',
snmp3_pprot='{$_REQUEST['snmp3_pprot']}',
snmp3_ppass='{$_REQUEST['snmp3_ppass']}',
dev_type='{$_REQUEST['dev_type']}',
snmp_recache_method='{$_REQUEST['snmp_recache_method']}',
disabled='{$_REQUEST['disabled']}',
@@ -242,6 +248,12 @@ function displayedit()
$dev_row["disabled"] = 0;
$dev_row["snmp_version"] = 0;
$dev_row["snmp_read_community"] = "";
$dev_row["snmp3_user"] = "";
$dev_row["snmp3_seclev"] = 0;
$dev_row["snmp3_aprot"] = 0;
$dev_row["snmp3_apass"] = "";
$dev_row["snmp3_pprot"] = 0;
$dev_row["snmp3_ppass"] = "";
$dev_row["snmp_recache_method"] = 3;
$dev_row["snmp_port"] = 161;
$dev_row["snmp_timeout"] = 1000000;
@@ -258,14 +270,22 @@ function displayedit()
make_edit_checkbox("Disabled (do not monitor this device)", "disabled", $dev_row["disabled"]);
make_edit_group("SNMP");
make_edit_select_from_array("SNMP Support:", "snmp_version", $GLOBALS["SNMP_VERSIONS"], $dev_row["snmp_version"]);
make_edit_text("SNMP Read Community:", "snmp_read_community", 50, 200, $dev_row["snmp_read_community"]);
make_edit_select_from_array("Recaching Method:", "snmp_recache_method", $GLOBALS["RECACHE_METHODS"], $dev_row["snmp_recache_method"]);
make_edit_group("SNMP v1/v2c");
make_edit_text("Read Community:", "snmp_read_community", 50, 200, $dev_row["snmp_read_community"]);
make_edit_group("SNMP v3");
make_edit_text("User:", "snmp3_user", "25", "100", $dev_row["snmp3_user"]);
make_edit_select_from_array("Security Level:", "snmp3_seclev", $GLOBALS['SNMP_SECLEVS'], $dev_row["snmp3_seclev"]);
make_edit_select_from_array("Authentication Protocol:", "snmp3_aprot", $GLOBALS['SNMP_APROTS'], $dev_row["snmp3_aprot"]);
make_edit_text("Authentication Password", "snmp3_apass", "25", "100", $dev_row["snmp3_apass"]);
make_edit_select_from_array("Privacy Protocol:", "snmp3_pprot", $GLOBALS['SNMP_PPROTS'], $dev_row["snmp3_pprot"]);
make_edit_text("Privacy Password", "snmp3_ppass", "25", "100", $dev_row['snmp3_ppass']);
make_edit_group("Advanaced SNMP Options");
make_edit_checkbox("Disable SNMP Uptime Check", "no_snmp_uptime_check", $dev_row["no_snmp_uptime_check"] == 1);
make_edit_checkbox("Unknowns on SNMP Restart", "unknowns_on_snmp_restart", $dev_row["unknowns_on_snmp_restart"] == 1);
make_edit_text("SNMP UDP Port", "snmp_port", 5, 5, $dev_row["snmp_port"]);
make_edit_text("SNMP Timeout (microseconds):", "snmp_timeout", 10, 20, $dev_row["snmp_timeout"]);
make_edit_text("SNMP Retries:", "snmp_retries", 3, 10, $dev_row["snmp_retries"]);
make_edit_select_from_array("Recaching Method:", "snmp_recache_method", $GLOBALS["RECACHE_METHODS"], $dev_row["snmp_recache_method"]);
make_edit_checkbox("Disable Uptime Check", "no_snmp_uptime_check", $dev_row["no_snmp_uptime_check"] == 1);
make_edit_checkbox("Unknowns on Agent Restart", "unknowns_on_snmp_restart", $dev_row["unknowns_on_snmp_restart"] == 1);
make_edit_text("UDP Port", "snmp_port", 5, 5, $dev_row["snmp_port"]);
make_edit_text("Timeout (microseconds):", "snmp_timeout", 10, 20, $dev_row["snmp_timeout"]);
make_edit_text("Retries:", "snmp_retries", 3, 10, $dev_row["snmp_retries"]);
make_edit_hidden("dev_id", $dev_id);
make_edit_hidden("action", "doedit");
make_edit_hidden("grp_id", $_REQUEST["grp_id"]);
View
@@ -252,6 +252,12 @@
"name" => "Device Unknowns on SNMP Restart Field",
"query" => "ALTER TABLE `devices` ADD `unknowns_on_snmp_restart` TINYINT NOT NULL DEFAULT '1'")
), // end 0.20
"0.21" => array(
array(
"name" => "SNMPv3",
"query" => "ALTER TABLE `devices` ADD `snmp3_user` VARCHAR( 200 ) NOT NULL , ADD `snmp3_seclev` TINYINT NOT NULL , ADD `snmp3_aprot` TINYINT NOT NULL , ADD `snmp3_apass` VARCHAR( 200 ) NOT NULL , ADD `snmp3_pprot` TINYINT NOT NULL , ADD `snmp3_ppass` VARCHAR( 200 ) NOT NULL")
), // end 0.21
); // end $dbupdates;

0 comments on commit b50dcb5

Please sign in to comment.