mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

device - Add Procurve NAC support (#15794)

Browse Source 
* Update to new HP-DOT1X-EXTENSIONS-MIB

* Add NAC support to Procurve OS

* Fix code style issues.

* Fix more code style issues.

* Fix code style issues. For real this time.

* Update HP-DOT1X-EXTENSIONS-MIB dependencies.

* use ::table(2) rather than reinventing the wheel.

* Fix the code style issues.
This commit is contained in:
Ville Hukkamäki
2024-02-03 21:42:12 +02:00
committed by GitHub
parent cf99657c51
commit 0611f81b14
6 changed files with 16261 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
LibreNMS/OS/Procurve.php
View File

@@ -25,11 +25,15 @@
namespace LibreNMS\OS;
use App\Models\PortsNac;
use Illuminate\Support\Collection;
use LibreNMS\Interfaces\Data\DataStorageInterface;
use LibreNMS\Interfaces\Polling\NacPolling;
use LibreNMS\Interfaces\Polling\OSPolling;
use LibreNMS\RRD\RrdDefinition;
use SnmpQuery;
class Procurve extends \LibreNMS\OS implements OSPolling
class Procurve extends \LibreNMS\OS implements OSPolling, NacPolling
{
public function pollOS(DataStorageInterface $datastore): void
{
@@ -48,4 +52,86 @@ class Procurve extends \LibreNMS\OS implements OSPolling
$this->enableGraph('fdb_count');
}
}
public function pollNac()
{
$nac = new Collection();
$enabled = SnmpQuery::mibs(['IEEE8021-PAE-MIB'])->hideMib()->enumStrings()->get('dot1xPaeSystemAuthControl.0')->value();
if ($enabled !== 'enabled') {
return $nac;
}
$rowSet = [];
$ifIndex_map = $this->getDevice()->ports()->pluck('port_id', 'ifIndex');
$table = SnmpQuery::mibDir('hp')->mibs(['HP-DOT1X-EXTENSIONS-MIB'])->hideMib()->enumStrings()->walk('hpicfDot1xSMAuthConfigTable')->table(2);
foreach ($table as $ifIndex => $entry) {
$nacEntry = array_pop($entry);
$rowSet[$ifIndex] = [
'domain' => '',
'ip_address' => '',
'host_mode' => '',
'authz_by' => '',
'username' => '',
];
$rowSet[$ifIndex]['authc_status'] = match ($nacEntry['hpicfDot1xSMAuthPaeState']) {
null => '',
'connecting' => 'authcFailed',
'authenticated' => 'authcSuccess',
default => $nacEntry['hpicfDot1xSMAuthPaeState']
};
$rowSet[$ifIndex]['mac_address'] = $nacEntry['hpicfDot1xSMAuthMacAddr'];
$rowSet[$ifIndex]['timeout'] = $nacEntry['hpicfDot1xSMAuthSessionTimeout'];
}
$table = SnmpQuery::mibs(['IEEE8021-PAE-MIB'])->hideMib()->enumStrings()->walk('dot1xAuthConfigTable')->table(2);
foreach ($table as $ifIndex => $row) {
if (! isset($rowSet[$ifIndex])) {
continue;
}
$rowSet[$ifIndex]['auth_id'] = $ifIndex;
$rowSet[$ifIndex]['authz_status'] = match ($row['dot1xAuthAuthControlledPortStatus']) {
'authorized' => 'authorizationSuccess',
'unauthorized' => 'authorizationFailed',
default => $row['dot1xAuthAuthControlledPortStatus']
};
$rowSet[$ifIndex]['port_id'] = $ifIndex_map->get($ifIndex, 0);
}
$table = SnmpQuery::mibs(['HP-DOT1X-EXTENSIONS-MIB'])->mibDir('hp')->hideMib()->enumStrings()->walk('hpicfDot1xAuthSessionStatsTable')->table(2);
foreach ($table as $ifIndex => $entry) {
if (! isset($rowSet[$ifIndex])) {
continue;
}
$nacEntry = array_pop($entry);
$rowSet[$ifIndex]['vlan'] = $nacEntry['hpicfDot1xAuthSessionVid'];
$rowSet[$ifIndex]['authz_by'] = $nacEntry['hpicfDot1xAuthSessionAuthenticMethod'];
$rowSet[$ifIndex]['username'] = $nacEntry['hpicfDot1xAuthSessionUserName'];
$rowSet[$ifIndex]['time_elapsed'] = $nacEntry['hpicfDot1xAuthSessionTime'] / 100;
}
$table = SnmpQuery::mibs(['HP-DOT1X-EXTENSIONS-MIB'])->hideMib()->enumStrings()->walk('hpicfDot1xPaePortTable')->table(2);
foreach ($table as $ifIndex => $nacEntry) {
if (! isset($rowSet[$ifIndex])) {
continue;
}
$rowSet[$ifIndex]['method'] = ($nacEntry['hpicfDot1xPaePortAuth'] === 'true') ? 'dot1x' : '';
}
foreach ($rowSet as $row) {
$nac->put($row['mac_address'], new PortsNac($row));
}
return $nac;
}
}