diff --git a/AUTHORS.md b/AUTHORS.md index e7e6e75dad..81e7e5739f 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -75,4 +75,5 @@ Contributors to LibreNMS: - Eldon Koyle (ekoyle) - Jonathan Bailey (jcbailey2) - Ruairi Carroll (rucarrol) +- Maxim Tsyplakov (tsypa) [1]: http://observium.org/ "Observium web site" diff --git a/daily.php b/daily.php index 40d4cd10a6..1c3e4d04fb 100644 --- a/daily.php +++ b/daily.php @@ -30,7 +30,7 @@ Take a look at https://dev.mysql.com/doc/refman/5.6/en/innodb-buffer-pool.html f The ' . $config['project_name'] . ' team.'; send_mail($config['alert']['default_mail'],$subject,$message,$html=false); - } + } echo warn_innodb_buffer($innodb_buffer); exit(2); } @@ -110,3 +110,19 @@ if ($options['f'] === 'device_perf') { if ($options['f'] === 'notifications') { include_once 'notifications.php'; } + +if ($options['f'] === 'purgeusers') { + $purge = 0; + if (is_numeric($config['radius']['users_purge']) && $config['auth_mechanism'] === 'radius') { + $purge = $config['radius']['users_purge']; + } + if ($purge > 0) { + foreach (dbFetchRows("SELECT DISTINCT(`user`) FROM `authlog` WHERE `datetime` >= DATE_SUB(NOW(), INTERVAL ? DAY)", array($purge)) as $user) { + $users[] = $user['user']; + } + $del_users = '"'.implode('","',$users).'"'; + if (dbDelete('users', "username NOT IN ($del_users)",array($del_users))) { + echo "Removed users that haven't logged in for $purge days"; + } + } +} diff --git a/daily.sh b/daily.sh index 34b17fe4b3..795311e900 100755 --- a/daily.sh +++ b/daily.sh @@ -4,12 +4,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program. If not, see . @@ -64,6 +64,7 @@ else php daily.php -f perf_times php daily.php -f callback php daily.php -f device_perf + php daily.php -f purgeusers ;; submodules) # Init+Update our submodules diff --git a/doc/API/API-Docs.md b/doc/API/API-Docs.md index 6b6e0afbb1..fed5072c1d 100644 --- a/doc/API/API-Docs.md +++ b/doc/API/API-Docs.md @@ -20,6 +20,10 @@ - [`add_device`](#api-route-11) - [`list_oxidized`](#api-route-21) - [`update_device_field`](#api-route-update_device_field) + - [`get_device_groups`](#api-route-get_device_groups) + - [`devicegroups`](#api-devicegroups) + - [`get_devicegroups`](#api-route-get_devicegroups) + - [`get_devices_by_group`](#api-route-get_devices_by_group) - [`routing`](#api-routing) - [`list_bgp`](#api-route-1) - [`switching`](#api-switching) @@ -381,6 +385,7 @@ Input: - to: This is the date you would like the graph to end - See http://oss.oetiker.ch/rrdtool/doc/rrdgraph.en.html for more information. - width: The graph width, defaults to 1075. - height: The graph height, defaults to 300. + - ifDescr: If this is set to true then we will use ifDescr to lookup the port instead of ifName. Pass the ifDescr value you want to search as you would ifName. Example: ```curl @@ -534,6 +539,8 @@ Update devices field in the database. Route: /api/v0/devices/:hostname +- hostname can be either the device hostname or id + Input (JSON): - field: The column name within the database @@ -555,6 +562,154 @@ Output: ] ``` +### Function `get_device_groups` [`top`](#top) + +List the device groups that a device is matched on. + +Route: /api/v0/devices/:hostname/groups + +- hostname can be either the device hostname or id + +Input (JSON): + + - + +Examples: +```curl +curl -H 'X-Auth-Token: YOURAPITOKENHERE' https://librenms.org/api/v0/devices/localhost/groups +``` + +Output: +```text +[ + { + "status": "ok", + "message": "Found 1 device groups", + "count": 1, + "groups": [ + { + "id": "1", + "name": "Testing", + "desc": "Testing", + "pattern": "%devices.status = \"1\" &&" + } + ] + } +] +``` + +## `Device Groups` [`top`](#top) + +### Function `get_devicegroups` [`top`](#top) + +List all device groups. + +Route: /api/v0/devicegroups + +Input (JSON): + + - + +Examples: +```curl +curl -H 'X-Auth-Token: YOURAPITOKENHERE' https://librenms.org/api/v0/devicegroups +``` + +Output: +```text +[ + { + "status": "ok", + "message": "Found 1 device groups", + "count": 1, + "groups": [ + { + "id": "1", + "name": "Testing", + "desc": "Testing", + "pattern": "%devices.status = \"1\" &&" + } + ] + } +] +``` + +### Function `get_devices_by_group` [`top`](#top) + +List all devices matching the group provided. + +Route: /api/v0/devicegroups/:name + +- name Is the name of the device group which can be obtained using [`get_devicegroups`](#api-route-get_devicegroups). Please ensure that the name is urlencoded if it needs to be (i.e Linux Servers would need to be urlencoded. + +Input (JSON): + + - + +Examples: +```curl +curl -H 'X-Auth-Token: YOURAPITOKENHERE' https://librenms.org/api/v0/devicegroups/LinuxServers +``` + +Output: +```text +[ + { + "status": "error", + "message": "Found 1 in group LinuxServers", + "count": 1, + "devices": [ + { + "device_id": "1", + "hostname": "localhost", + "sysName": "hostname", + "community": "librenms", + "authlevel": null, + "authname": null, + "authpass": null, + "authalgo": null, + "cryptopass": null, + "cryptoalgo": null, + "snmpver": "v2c", + "port": "161", + "transport": "udp", + "timeout": null, + "retries": null, + "bgpLocalAs": null, + "sysObjectID": ".1.3.6.1.4.1.8072.3.2.10", + "sysDescr": "Linux li1045-133.members.linode.com 4.1.5-x86_64-linode61 #7 SMP Mon Aug 24 13:46:31 EDT 2015 x86_64", + "sysContact": "", + "version": "4.1.5-x86_64-linode61", + "hardware": "Generic x86 64-bit", + "features": "CentOS 7.1.1503", + "location": "", + "os": "linux", + "status": "1", + "status_reason": "", + "ignore": "0", + "disabled": "0", + "uptime": "4615964", + "agent_uptime": "0", + "last_polled": "2015-12-12 13:20:04", + "last_poll_attempted": null, + "last_polled_timetaken": "1.90", + "last_discovered_timetaken": "79.53", + "last_discovered": "2015-12-12 12:34:21", + "last_ping": "2015-12-12 13:20:04", + "last_ping_timetaken": "0.08", + "purpose": null, + "type": "server", + "serial": null, + "icon": null, + "poller_group": "0", + "override_sysLocation": "0", + "notes": "Nope" + } + ] + } +] +``` + ## `Routing` [`top`](#top) ### Function: `list_bgp` [`top`](#top) diff --git a/doc/Extensions/Authentication.md b/doc/Extensions/Authentication.md index 48ad0e92fd..633b8ed13c 100644 --- a/doc/Extensions/Authentication.md +++ b/doc/Extensions/Authentication.md @@ -13,6 +13,8 @@ Here we will provide configuration details for these modules. - HTTP Auth: http-auth +- Radius: radius + #### User levels - 1: Normal User. You will need to assign device / port permissions for users at this level. @@ -125,3 +127,19 @@ $config['auth_ad_groups']['admin']['level'] = 10; $config['auth_ad_groups']['pfy']['level'] = 7; $config['auth_ad_require_groupmembership'] = 0; ``` + +#### Radius Authentication + +Please note that a mysql user is created for each user the logs in successfully. User level 1 is assigned to those accounts so you will then need to assign the relevant permissions unless you set `$config['radius']['userlevel']` to be something other than 1. + +> Cleanup of old accounts is done using the authlog. You will need to set the cleanup date for when old accounts will be purged which will happen AUTOMATICALLY. +> Please ensure that you set the $config['authlog_purge'] value to be greater than $config['radius']['users_purge'] otherwise old users won't be removed. + +```php +$config['radius']['hostname'] = 'localhost'; +$config['radius']['port'] = '1812'; +$config['radius']['secret'] = 'testing123'; +$config['radius']['timeout'] = 3; +$config['radius']['users_purge'] = 14;//Purge users who haven't logged in for 14 days. +$config['radius']['default_level'] = 1;//Set the default user level when automatically creating a user. +``` diff --git a/doc/General/Acknowledgement.md b/doc/General/Acknowledgement.md index 6f9b50ea28..328a8f8677 100644 --- a/doc/General/Acknowledgement.md +++ b/doc/General/Acknowledgement.md @@ -23,6 +23,7 @@ LibreNMS 3rd party acknowledgements - Tag Manager (http://soliantconsulting.github.io/tagmanager/): MIT - TW Sack (https://code.google.com/p/tw-sack/): GPLv3 - Gridster (http://gridster.net/): MIT + - Pure PHP radius class (http://developer.sysco.ch/php/): GPLv3 #### 3rd Party GPLv3 Non-compliant diff --git a/doc/General/Changelog.md b/doc/General/Changelog.md index 8eb76733d8..5e83df17dc 100644 --- a/doc/General/Changelog.md +++ b/doc/General/Changelog.md @@ -5,26 +5,59 @@ - Fixed regex for negative lat/lng coords (PR2524) - Fixed map page looping due to device connected to itself (PR2545) - Fixed PATH_INFO for nginx (PR2551) + - urlencode the custom port types (PR2597) + - Stop non-admin users from being able to get to settings pages (PR2627) + - Fix JpGraph php version compare (PR2631) - Discovery / Polling: - Pointed snmp calls for Huawei to correct MIB folder (PR2541) + - Fixed Ceph unix-agent support. (PR2588) + - Moved memory graphs from storage to memory polling (PR2616) + - Mask alert_log mysql output when debug is enabled to stop console crashes (PR2618) + - Stop Quanta devices being detected as Ubiquiti (PR2632) + - Fix MySQL unix-agent graphs (PR2645) + - Added MTA-MIB and NETWORK-SERVICES-MIB to stop warnings printed in poller debug (PR2653) + - Services: + - Fix SSL check for PHP 7 (PR2647) - Alerting: - Fix glue-expansion for alerts (PR2522) + - Fix HipChat transport (PR2586) - Documentation: - Removed duplicate mysql-client install from Debian/Ubuntu install docs (PR2543) + - Misc: + - Update daily.sh to ignore issues writing to log file (PR2595) #### Improvements - WebUI: - Converted sensors page to use bootgrid (PR2531) + - Added new widgets for dashboard. Notes (PR2582), Generic image (PR2617) + - Added config option to disable lazy loading of images (PR2589) + - Visual update to Navbar. (PR2593) + - Update alert rules to show actual alert rule ID (PR2603) + - Initial support added for per user default dashboard (PR2620) + - Updated Worldmap to show clusters in red if one device is down (PR2621) - Discovery / Polling - Added traffic bits as default for Cambium devices (PR2525) - Overwrite eth0 port data from UniFi MIBs for AirFibre devices (PR2544) + - Added lastupdate column to sensors table for use with alerts (PR2590,PR2592) + - Updated auto discovery via lldp to check for devices that use mac address in lldpRemPortId (PR2591) + - Updated auto discovery via lldp with absent lldpRemSysName (PR2619) - API: - Added ability to filter devices by type and os for Oxidized API call (PR2539) + - Added ability to update device information (PR2585) + - Added support for returning device groups (PR2611) + - Added ability to select port graphs based on ifDescr (PR2648) - Documentation: - Improved alerting docs explaining more options (PR2560) + - Added Docs for Ubuntu/Debian Smokeping integration (PR2610) - Added detection for: - Updated Netonix switch MIBs (PR2523) - Updated Fotinet MIBs (PR2529, PR2534) + - Cisco SG500 (PR2609) + - Updated processor support for Fortigate (PR2613) + - Misc: + - Updated validation to check for php extension and classes required (PR2602) + - Added Radius Authentication support (PR2615) + - Removed distinct() from alerts query to use indexes (PR2649) ### November 2015 diff --git a/html/api_v0.php b/html/api_v0.php index c77c0066bf..389ac1db66 100644 --- a/html/api_v0.php +++ b/html/api_v0.php @@ -51,6 +51,7 @@ $app->group( // api/v0/devices/$hostname/ports $app->get('/:hostname/components', 'authToken', 'get_components')->name('get_components'); // api/v0/devices/$hostname/components + $app->get('/:hostname/groups', 'authToken', 'get_device_groups')->name('get_device_groups'); $app->get('/:hostname/:type', 'authToken', 'get_graph_generic_by_hostname')->name('get_graph_generic_by_hostname'); // api/v0/devices/$hostname/$type $app->get('/:hostname/ports/:ifname', 'authToken', 'get_port_stats_by_port_hostname')->name('get_port_stats_by_port_hostname'); @@ -63,6 +64,13 @@ $app->group( // api/v0/devices $app->post('/devices', 'authToken', 'add_device')->name('add_device'); // api/v0/devices (json data needs to be passed) + $app->group( + '/devicegroups', + function () use ($app) { + $app->get('/:name', 'authToken', 'get_devices_by_group')->name('get_devices_by_group'); + } + ); + $app->get('/devicegroups', 'authToken', 'get_device_groups')->name('get_devicegroups'); $app->group( '/portgroups', function () use ($app) { diff --git a/html/css/styles.css b/html/css/styles.css index 211dfe7c75..ea9dde5754 100644 --- a/html/css/styles.css +++ b/html/css/styles.css @@ -1834,3 +1834,24 @@ label { @media only screen and (min-width: 1024px) { } + +.redCluster { + background-color: rgba(255,0,0); + background-color: rgba(255,0,0,0.7); + text-align: center; + width: 25px !important; + height: 25px !important; + font-size: 14px; + color: white; +} + +.greenCluster { + background-color: rgba(0,255,0); + background-color: rgba(0,255,0,0.7); + text-align: center; + width: 25px !important; + height: 25px !important; + font-size: 14px; + color: black; + border-color:transparent; +} diff --git a/html/images/os/ligowave.png b/html/images/os/ligowave.png new file mode 100644 index 0000000000..fb54f80bd4 Binary files /dev/null and b/html/images/os/ligowave.png differ diff --git a/html/includes/api_functions.inc.php b/html/includes/api_functions.inc.php index 5dc4aee4cb..0e50b65db2 100644 --- a/html/includes/api_functions.inc.php +++ b/html/includes/api_functions.inc.php @@ -14,7 +14,7 @@ require_once '../includes/functions.php'; require_once '../includes/component.php'; - +require_once '../includes/device-groups.inc.php'; function authToken(\Slim\Route $route) { $app = \Slim\Slim::getInstance(); @@ -63,10 +63,17 @@ function get_graph_by_port_hostname() { $vars['to'] = $_GET['to']; } + if ($_GET['ifDescr'] == true) { + $port = 'ifDescr'; + } + else { + $port = 'ifName'; + } + $vars['width'] = $_GET['width'] ?: 1075; $vars['height'] = $_GET['height'] ?: 300; $auth = '1'; - $vars['id'] = dbFetchCell('SELECT `P`.`port_id` FROM `ports` AS `P` JOIN `devices` AS `D` ON `P`.`device_id` = `D`.`device_id` WHERE `D`.`hostname`=? AND `P`.`ifName`=?', array($hostname, $vars['port'])); + $vars['id'] = dbFetchCell("SELECT `P`.`port_id` FROM `ports` AS `P` JOIN `devices` AS `D` ON `P`.`device_id` = `D`.`device_id` WHERE `D`.`hostname`=? AND `P`.`$port`=?", array($hostname, $vars['port'])); $app->response->headers->set('Content-Type', 'image/png'); include 'includes/graphs/graph.inc.php'; @@ -1068,3 +1075,73 @@ function update_device() { $app->response->headers->set('Content-Type', 'application/json'); echo _json_encode($output); } + +function get_device_groups() { + $app = \Slim\Slim::getInstance(); + $router = $app->router()->getCurrentRoute()->getParams(); + $status = 'error'; + $code = 404; + $hostname = $router['hostname']; + // use hostname as device_id if it's all digits + $device_id = ctype_digit($hostname) ? $hostname : getidbyname($hostname); + if (is_numeric($device_id)) { + $groups = GetGroupsFromDevice($device_id,1); + } + else { + $groups = GetDeviceGroups(); + } + if (empty($groups)) { + $message = 'No device groups found'; + } + else { + $status = 'ok'; + $code = 200; + $message = 'Found ' . count($groups) . ' device groups'; + } + + $output = array( + 'status' => $status, + 'message' => $message, + 'count' => count($groups), + 'groups' => $groups, + ); + $app->response->setStatus($code); + $app->response->headers->set('Content-Type', 'application/json'); + echo _json_encode($output); +} + +function get_devices_by_group() { + $app = \Slim\Slim::getInstance(); + $router = $app->router()->getCurrentRoute()->getParams(); + $status = 'error'; + $code = 404; + $count = 0; + $name = urldecode($router['name']); + $devices = array(); + if (empty($name)) { + $message = 'No device group name provided'; + } + else { + $group_id = dbFetchCell("SELECT `id` FROM `device_groups` WHERE `name`=?",array($name)); + $devices = GetDevicesFromGroup($group_id); + $count = count($devices); + if (empty($devices)) { + $message = 'No devices found in group ' . $name; + } + else { + $message = "Found $count in group $name"; + $code = 200; + } + } + $output = array( + 'status' => $status, + 'message' => $message, + 'count' => $count, + 'devices' => $devices, + ); + + $app->response->setStatus($code); + $app->response->headers->set('Content-Type', 'application/json'); + echo _json_encode($output); + +} diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php index f1f5087d2e..12ccd7d2e3 100644 --- a/html/includes/authenticate.inc.php +++ b/html/includes/authenticate.inc.php @@ -62,7 +62,7 @@ else { $auth_success = 0; if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token']))) { - if ((authenticate($_SESSION['username'], $_SESSION['password'])) || (reauthenticate($_COOKIE['sess_id'], $_COOKIE['token']))) { + if (reauthenticate($_COOKIE['sess_id'], $_COOKIE['token']) || authenticate($_SESSION['username'], $_SESSION['password'])) { $_SESSION['userlevel'] = get_userlevel($_SESSION['username']); $_SESSION['user_id'] = get_userid($_SESSION['username']); if (!$_SESSION['authenticated']) { diff --git a/html/includes/authentication/radius.inc.php b/html/includes/authentication/radius.inc.php new file mode 100644 index 0000000000..3e2fb16415 --- /dev/null +++ b/html/includes/authentication/radius.inc.php @@ -0,0 +1,120 @@ +SetDebugMode(TRUE); + } + $rad = $radius->AccessRequest($username,$password); + if($rad === true) { + adduser($username); + return 1; + } + else { + return 0; + } + } +} + +function reauthenticate() { + return 0; +} + + +function passwordscanchange() { + // not supported so return 0 + return 0; +} + + +function changepassword() { + // not supported so return 0 + return 0; +} + + +function auth_usermanagement() { + // not supported so return 0 + return 1; +} + + +function adduser($username, $password, $level=1, $email='', $realname='', $can_modify_passwd=0, $description='', $twofactor=0) { + // Check to see if user is already added in the database + global $config; + if (!user_exists($username)) { + $hasher = new PasswordHash(8, false); + $encrypted = $hasher->HashPassword($password); + if ($config['radius']['default_level'] > 0) { + $level = $config['radius']['default_level']; + } + $userid = dbInsert(array('username' => $username, 'password' => $encrypted, 'realname' => $realname, 'email' => $email, 'descr' => $description, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'twofactor' => $twofactor), 'users'); + if ($userid == false) { + return false; + } + else { + foreach (dbFetchRows('select notifications.* from notifications where not exists( select 1 from notifications_attribs where notifications.notifications_id = notifications_attribs.notifications_id and notifications_attribs.user_id = ?) order by notifications.notifications_id desc',array($userid)) as $notif) { + dbInsert(array('notifications_id'=>$notif['notifications_id'],'user_id'=>$userid,'key'=>'read','value'=>1),'notifications_attribs'); + } + } + return $userid; + } + else { + return false; + } +} + +function user_exists($username) { + return dbFetchCell('SELECT COUNT(*) FROM users WHERE username = ?', array($username), true); +} + + +function get_userlevel($username) { + return dbFetchCell('SELECT `level` FROM `users` WHERE `username` = ?', array($username), true); +} + + +function get_userid($username) { + return dbFetchCell('SELECT `user_id` FROM `users` WHERE `username` = ?', array($username), true); +} + + +function deluser($username) { + dbDelete('bill_perms', '`user_name` = ?', array($username)); + dbDelete('devices_perms', '`user_name` = ?', array($username)); + dbDelete('ports_perms', '`user_name` = ?', array($username)); + dbDelete('users_prefs', '`user_name` = ?', array($username)); + dbDelete('users', '`user_name` = ?', array($username)); + return dbDelete('users', '`username` = ?', array($username)); +} + + +function get_userlist() { + return dbFetchRows('SELECT * FROM `users`'); +} + + +function can_update_users() { + // supported so return 1 + return 1; +} + + +function get_user($user_id) { + return dbFetchRow('SELECT * FROM `users` WHERE `user_id` = ?', array($user_id), true); +} + + +function update_user($user_id, $realname, $level, $can_modify_passwd, $email) { + dbUpdate(array('realname' => $realname, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id)); + +} diff --git a/html/includes/common/generic-image.inc.php b/html/includes/common/generic-image.inc.php new file mode 100644 index 0000000000..440168202b --- /dev/null +++ b/html/includes/common/generic-image.inc.php @@ -0,0 +1,54 @@ + + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +/** + * Generic Image Widget + * @author Daniel Preussker + * @copyright 2015 Daniel Preussker, QuxLabs UG + * @license GPL + * @package LibreNMS + * @subpackage Widgets + */ + +if( defined('show_settings') || empty($widget_settings) ) { + $common_output[] = ' +
+
+
+ +
+
+ +
+
+
+
+ +
+
+ +
+
+
+
+ +
+
+
'; +} +else { + $widget_settings['title'] = $widget_settings['image_title']; + $common_output[] = ''; +} diff --git a/html/includes/common/worldmap.inc.php b/html/includes/common/worldmap.inc.php index cceb080b93..fabda7779f 100644 --- a/html/includes/common/worldmap.inc.php +++ b/html/includes/common/worldmap.inc.php @@ -137,6 +137,17 @@ L.tileLayer(\'//{s}.tile.openstreetmap.org/{z}/{x}/{y}.png\', { var markers = L.markerClusterGroup({ maxClusterRadius: ' . $group_radius . ', + iconCreateFunction: function (cluster) { + var markers = cluster.getAllChildMarkers(); + var n = 0; + newClass = "greenCluster marker-cluster marker-cluster-small leaflet-zoom-animated leaflet-clickable"; + for (var i = 0; i < markers.length; i++) { + if (markers[i].options.icon.options.markerColor == "red") { + newClass = "redCluster marker-cluster marker-cluster-small leaflet-zoom-animated leaflet-clickable"; + } + } + return L.divIcon({ html: cluster.getChildCount(), className: newClass, iconSize: L.point(40, 40) }); + }, }); var redMarker = L.AwesomeMarkers.icon({ icon: \'server\', diff --git a/html/includes/jpgraph/src/jpgraph.php b/html/includes/jpgraph/src/jpgraph.php index f5df2afe35..a92e58836f 100644 --- a/html/includes/jpgraph/src/jpgraph.php +++ b/html/includes/jpgraph/src/jpgraph.php @@ -222,21 +222,16 @@ if (!defined('MBTTF_DIR')) { } } -// -// Check minimum PHP version -// +/* + * Check minimum PHP version + * @author f0o + * @copyright 2015 f0o, LibreNMS + * @license GPL + * @package LibreNMS + * @subpackage Billing + */ function CheckPHPVersion($aMinVersion) { - list($majorC, $minorC, $editC) = preg_split('/[\/.-]/', PHP_VERSION); - list($majorR, $minorR, $editR) = preg_split('/[\/.-]/', $aMinVersion); - - if ($majorC != $majorR) return false; - if ($majorC < $majorR) return false; - // same major - check minor - if ($minorC > $minorR) return true; - if ($minorC < $minorR) return false; - // and same minor - if ($editC >= $editR) return true; - return true; + return version_compare(PHP_VERSION, $aMinVersion, '>='); } // diff --git a/html/includes/print-interface.inc.php b/html/includes/print-interface.inc.php index 996069a44b..1c02fb8a14 100644 --- a/html/includes/print-interface.inc.php +++ b/html/includes/print-interface.inc.php @@ -38,9 +38,18 @@ else { echo " "; -echo ' + +// Don't echo out ports ifIndex if it's a NOS device since their ifIndex is, for lack of better words....different +if ($device['os'] == 'nos') { + echo ' + '.generate_port_link($port, $port['label'])." $error_img $mac +
".$port['ifAlias'].''; +} +else { + echo ' '.generate_port_link($port, $port['ifIndex'].'. '.$port['label'])." $error_img $mac
".$port['ifAlias'].''; +} if ($port['ifAlias']) { echo '
'; diff --git a/html/pages/edituser.inc.php b/html/pages/edituser.inc.php index 61bc615f9b..c07c48037b 100644 --- a/html/pages/edituser.inc.php +++ b/html/pages/edituser.inc.php @@ -312,6 +312,10 @@ else { } } + if (!empty($vars['dashboard'])) { + dbUpdate(array('dashboard'=>$vars['dashboard']),'users','user_id = ?',array($vars['user_id'])); + } + echo "
@@ -374,6 +378,18 @@ if (passwordscanchange($users_details['username'])) { "; } + echo " +
+ +
+
+
+ "; echo "
diff --git a/html/pages/front/tiles.php b/html/pages/front/tiles.php index f847d41c1d..67b1b8f591 100644 --- a/html/pages/front/tiles.php +++ b/html/pages/front/tiles.php @@ -16,8 +16,13 @@ * Code for Gridster.sort_by_row_and_col_asc(serialization) call is from http://gridster.net/demos/grid-from-serialize.html */ -$no_refresh = true; -if (dbFetchCell('SELECT dashboard_id FROM dashboards WHERE user_id=?',array($_SESSION['user_id'])) == 0) { +$no_refresh = true; +$default_dash = 0; +if (($tmp = dbFetchCell('SELECT dashboard FROM users WHERE user_id=?',array($_SESSION['user_id']))) != 0) { + $default_dash = $tmp; +} +else if (dbFetchCell('SELECT dashboard_id FROM dashboards WHERE user_id=?',array($_SESSION['user_id'])) == 0) { + $tmp = dbInsert(array('dashboard_name'=>'Default','user_id'=>$_SESSION['user_id']),'dashboards'); $vars['dashboard'] = dbInsert(array('dashboard_name'=>'Default','user_id'=>$_SESSION['user_id']),'dashboards'); if (dbFetchCell('select 1 from users_widgets where user_id = ? && dashboard_id = ?',array($_SESSION['user_id'],0)) == 1) { dbUpdate(array('dashboard_id'=>$vars['dashboard']),'users_widgets','user_id = ? && dashboard_id = ?',array($_SESSION['user_id'],0)); @@ -31,7 +36,12 @@ if (!empty($vars['dashboard'])) { } } if (empty($vars['dashboard'])) { - $vars['dashboard'] = dbFetchRow('select * from dashboards where user_id = ? order by dashboard_id limit 1',array($_SESSION['user_id'])); + if ($default_dash != 0) { + $vars['dashboard'] = dbFetchRow('select * from dashboards where dashboard_id = ?',array($default_dash)); + } + else { + $vars['dashboard'] = dbFetchRow('select * from dashboards where user_id = ? order by dashboard_id limit 1',array($_SESSION['user_id'])); + } if (isset($orig)) { $msg_box[] = array('type' => 'error', 'message' => 'Dashboard #'.$orig.' does not exist! Loaded '.$vars['dashboard']['dashboard_name'].' instead.','title' => 'Requested Dashboard Not Found!'); } diff --git a/html/pages/settings.inc.php b/html/pages/settings.inc.php index 1271e8d227..27efd4f1dd 100644 --- a/html/pages/settings.inc.php +++ b/html/pages/settings.inc.php @@ -53,31 +53,32 @@ echo $pagetitle[0];
Settings
@@ -90,33 +91,32 @@ else { * @return string */ - function a2t($a) { - $r = ""; - foreach( $a as $k=>$v ) { - if( !empty($v) ) { - $r .= ""; + function a2t($a) { + $r = "
".$k."".(is_array($v)?a2t($v):"".wordwrap($v,75,"
")."")."
"; + foreach( $a as $k=>$v ) { + if( !empty($v) ) { + $r .= ""; + } + } + $r .= '
".$k."".(is_array($v)?a2t($v):"".wordwrap($v,75,"
")."")."
'; + return $r; + } + echo "
".a2t($config)."
"; + + if ($_SESSION['userlevel'] >= '10') { + + if ($debug) { + echo("
");
+                print_r($config);
+                echo("
"); } } - $r .= ''; - return $r; - } - if( $_SESSION['userlevel'] >= 10 ) { - echo "
".a2t($config)."
"; - } - else { - include 'includes/error-no-perm.inc.php'; - } - - if ($_SESSION['userlevel'] >= '10') { - - if ($debug) { - echo("
");
-            print_r($config);
-            echo("
"); + else { + include 'includes/error-no-perm.inc.php'; } } - else { - include 'includes/error-no-perm.inc.php'; - } +} +else { + include 'includes/error-no-perm.inc.php'; } ?> diff --git a/includes/alerts.inc.php b/includes/alerts.inc.php index 9d8dfa923a..23a56932d4 100644 --- a/includes/alerts.inc.php +++ b/includes/alerts.inc.php @@ -207,7 +207,7 @@ function IsMaintenance( $device ) { $where .= " || alert_schedule_items.target = ?"; $params[] = 'g'.$group; } - return dbFetchCell('SELECT DISTINCT(alert_schedule.schedule_id) FROM alert_schedule LEFT JOIN alert_schedule_items ON alert_schedule.schedule_id=alert_schedule_items.schedule_id WHERE ( alert_schedule_items.target = ?'.$where.' ) && NOW() BETWEEN alert_schedule.start AND alert_schedule.end LIMIT 1',$params); + return dbFetchCell('SELECT alert_schedule.schedule_id FROM alert_schedule LEFT JOIN alert_schedule_items ON alert_schedule.schedule_id=alert_schedule_items.schedule_id WHERE ( alert_schedule_items.target = ?'.$where.' ) && NOW() BETWEEN alert_schedule.start AND alert_schedule.end LIMIT 1',$params); } /** diff --git a/includes/dbFacile.mysql.php b/includes/dbFacile.mysql.php index bdcce1ac15..f2bb56c0be 100644 --- a/includes/dbFacile.mysql.php +++ b/includes/dbFacile.mysql.php @@ -28,7 +28,12 @@ function dbQuery($sql, $parameters=array()) { $fullSql = dbMakeQuery($sql, $parameters); if ($debug) { if (php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR'])) { - print $console_color->convert("\nSQL[%y".$fullSql.'%n] '); + if (preg_match('/(INSERT INTO `alert_log`).*(details)/i',$fullSql)) { + echo "\nINSERT INTO `alert_log` entry masked due to binary data\n"; + } + else { + print $console_color->convert("\nSQL[%y".$fullSql.'%n] '); + } } else { $sql_debug[] = $fullSql; diff --git a/includes/dbFacile.mysqli.php b/includes/dbFacile.mysqli.php index 9e49491a63..15a48962cf 100644 --- a/includes/dbFacile.mysqli.php +++ b/includes/dbFacile.mysqli.php @@ -28,7 +28,12 @@ function dbQuery($sql, $parameters=array()) { $fullSql = dbMakeQuery($sql, $parameters); if ($debug) { if (php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR'])) { - print $console_color->convert("\nSQL[%y".$fullSql.'%n] '); + if (preg_match('/(INSERT INTO `alert_log`).*(details)/i',$fullSql)) { + echo "\nINSERT INTO `alert_log` entry masked due to binary data\n"; + } + else { + print $console_color->convert("\nSQL[%y".$fullSql.'%n] '); + } } else { $sql_debug[] = $fullSql; diff --git a/includes/definitions.inc.php b/includes/definitions.inc.php index 56e4b28ebf..b2fc891122 100644 --- a/includes/definitions.inc.php +++ b/includes/definitions.inc.php @@ -110,6 +110,7 @@ $config['os'][$os]['over'][2]['text'] = 'Memory Usage'; $os = 'infinity'; $config['os'][$os]['text'] = 'LigoWave Infinity'; $config['os'][$os]['type'] = 'wireless'; +$config['os'][$os]['icon'] = 'ligowave'; $config['os'][$os]['nobulk'] = 1; $config['os'][$os]['over'][0]['graph'] = 'device_bits'; $config['os'][$os]['over'][0]['text'] = 'Device Traffic'; @@ -452,7 +453,6 @@ $os = 'nos'; $config['os'][$os]['text'] = 'Brocade NOS'; $config['os'][$os]['type'] = 'network'; $config['os'][$os]['ifname'] = 1; -$config['os'][$os]['descr_to_alias'] = 1; $config['os'][$os]['over'][0]['graph'] = 'device_bits'; $config['os'][$os]['over'][0]['text'] = 'Device Traffic'; $config['os'][$os]['over'][1]['graph'] = 'device_processor'; @@ -1380,6 +1380,14 @@ $config['os'][$os]['icon'] = 'riverbed'; $config['os'][$os]['over'][0]['graph'] = 'device_bits'; $config['os'][$os]['over'][0]['text'] = 'Traffic'; +// Ligowave LigoOS +$os = 'ligoos'; +$config['os'][$os]['text'] = 'LigoWave LigoOS'; +$config['os'][$os]['type'] = 'wireless'; +$config['os'][$os]['icon'] = 'ligowave'; +$config['os'][$os]['over'][0]['graph'] = 'device_bits'; +$config['os'][$os]['over'][0]['text'] = 'Traffic'; + // Appliances $os = 'fortios'; $config['os'][$os]['text'] = 'FortiOS'; @@ -1770,10 +1778,6 @@ if (isset($config['rrdgraph_def_text'])) { $config['rrd_opts_array'] = explode(' ', trim($config['rrdgraph_def_text'])); } -if (!isset($config['log_file'])) { - $config['log_file'] = $config['log_dir'].'/'.$config['project_id'].'.log'; -} - if (isset($config['cdp_autocreate'])) { $config['dp_autocreate'] = $config['cdp_autocreate']; } @@ -1842,7 +1846,7 @@ if (!isset($config['log_dir'])) { } if (!isset($config['log_file'])) { - $config['log_dir'].'/'.$config['project_id'].'.log'; + $config['log_file'] = $config['log_dir'].'/'.$config['project_id'].'.log'; } if (!isset($config['plugin_dir'])) { diff --git a/includes/device-groups.inc.php b/includes/device-groups.inc.php index 45d5afcd21..3624db490c 100644 --- a/includes/device-groups.inc.php +++ b/includes/device-groups.inc.php @@ -31,7 +31,7 @@ * @param string $search What to searchid for * @return string */ -function GenGroupSQL($pattern, $search='') { +function GenGroupSQL($pattern, $search='',$extra=0) { $pattern = RunGroupMacros($pattern); if ($pattern === false) { return false; @@ -66,7 +66,11 @@ function GenGroupSQL($pattern, $search='') { $search .= ' &&'; } - $sql = 'SELECT DISTINCT('.str_replace('(', '', $tables[0]).'.device_id) FROM '.implode(',', $tables).' WHERE '.$search.' ('.str_replace(array('%', '@', '!~', '~'), array('', '.*', 'NOT REGEXP', 'REGEXP'), $pattern).')'; + $sql_extra = ''; + if ($extra === 1) { + $sql_extra = ",`devices`.*"; + } + $sql = 'SELECT DISTINCT('.str_replace('(', '', $tables[0]).'.device_id)'.$sql_extra.' FROM '.implode(',', $tables).' WHERE '.$search.' ('.str_replace(array('%', '@', '!~', '~'), array('', '.*', 'NOT REGEXP', 'REGEXP'), $pattern).')'; return $sql; }//end GenGroupSQL() @@ -99,17 +103,21 @@ function GetDeviceGroups() { }//end GetDeviceGroups() - /** * Get all groups of Device * @param integer $device Device-ID * @return array */ -function GetGroupsFromDevice($device) { +function GetGroupsFromDevice($device,$extra=0) { $ret = array(); foreach (GetDeviceGroups() as $group) { - if (dbFetchCell(GenGroupSQL($group['pattern'], 'device_id=?').' LIMIT 1', array($device)) == $device) { - $ret[] = $group['id']; + if (dbFetchCell(GenGroupSQL($group['pattern'], 'device_id=?',$extra).' LIMIT 1', array($device)) == $device) { + if ($extra === 0) { + $ret[] = $group['id']; + } + else { + $ret[] = $group; + } } } diff --git a/includes/discovery/discovery-protocols.inc.php b/includes/discovery/discovery-protocols.inc.php index 93a130878c..5563da898f 100644 --- a/includes/discovery/discovery-protocols.inc.php +++ b/includes/discovery/discovery-protocols.inc.php @@ -143,12 +143,24 @@ if ($device['os'] == 'pbn' && $config['autodiscovery']['xdp'] === true) { if (!$remote_device_id && is_valid_hostname($lldp['lldpRemSysName'])) { $remote_device_id = discover_new_device($lldp['lldpRemSysName'], $device, 'LLDP', $interface); } - + // normalize MAC address if present + if ($lldp['lldpRemChassisIdSubtype'] == 'macAddress') { + $remote_mac_address = str_replace(array(' ', ':', '-'), '', strtolower($lldp['lldpRemChassisId'])); + } + // get remote device hostname from db by MAC address and replace lldpRemSysName if absent + if (!$remote_device_id && $remote_mac_address) { + $remote_device_id = dbFetchCell('SELECT `device_id` FROM `ports` WHERE ifPhysAddress = ? AND `deleted` = ?', array($remote_mac_address, '0')); + if ($remote_device_id) { + $remote_device_hostname = dbFetchRow('SELECT `hostname` FROM `devices` WHERE `device_id` = ?', array($remote_device_id)); + } + if ($remote_device_hostname['hostname']) { + $lldp['lldpRemSysName'] = $remote_device_hostname['hostname']; + } + } if ($remote_device_id) { $if = $lldp['lldpRemPortDesc']; $id = $lldp['lldpRemPortId']; - $PhysAddress = preg_replace('/ /', '', $id); - $remote_port_id = dbFetchCell('SELECT `port_id` FROM `ports` WHERE (`ifDescr` = ? OR `ifName` = ? OR `ifDescr` = ? OR `ifName` = ? OR `ifPhysAddress` = ?) AND `device_id` = ?', array($if, $if, $id, $id, $PhysAddress, $remote_device_id)); + $remote_port_id = dbFetchCell('SELECT `port_id` FROM `ports` WHERE (`ifDescr` = ? OR `ifName` = ? OR `ifDescr` = ? OR `ifName` = ? OR `ifPhysAddress` = ?) AND `device_id` = ?', array($if, $if, $id, $id, $remote_mac_address, $remote_device_id)); } else { $remote_port_id = '0'; @@ -163,7 +175,7 @@ if ($device['os'] == 'pbn' && $config['autodiscovery']['xdp'] === true) { }//end if }//end elseif -echo 'OSPF Discovery: '; +echo ' OSPF Discovery: '; if ($config['autodiscovery']['ospf'] === true) { echo "enabled\n"; diff --git a/includes/discovery/mempools/hrstorage.inc.php b/includes/discovery/mempools/hrstorage.inc.php index acef0138f8..5a853245a6 100644 --- a/includes/discovery/mempools/hrstorage.inc.php +++ b/includes/discovery/mempools/hrstorage.inc.php @@ -31,6 +31,10 @@ if (is_array($storage_array)) { break; } + if ($device['os'] == 'vmware' && $descr == 'Real Memory') { + $deny = 0; + } + if ($device['os'] == 'routeros' && $descr == 'main memory') { $deny = 0; } diff --git a/includes/discovery/mempools/nos.inc.php b/includes/discovery/mempools/nos.inc.php new file mode 100644 index 0000000000..a801e52af4 --- /dev/null +++ b/includes/discovery/mempools/nos.inc.php @@ -0,0 +1,15 @@ + + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or (at your + * option) any later version. Please see LICENSE.txt at the top level of + * the source code distribution for details. + */ + +if (!$os) { + if (preg_match('/^LigoPTP/', $sysDescr)) { + $os = 'ligoos'; + } +} diff --git a/includes/discovery/os/nos.inc.php b/includes/discovery/os/nos.inc.php index d6f0ae58fe..765f1a22bd 100644 --- a/includes/discovery/os/nos.inc.php +++ b/includes/discovery/os/nos.inc.php @@ -1,7 +1,7 @@ Num CPUs in the device + if ($device['os'] == 'fortigate') { - echo 'Fortigate : '; + echo 'Fortigate : '; - $descr = 'Processor'; - $usage = snmp_get($device, '.1.3.6.1.4.1.12356.101.4.1.3.0', '-Ovq'); +// Forti have logical CPU numbering - start at 1 and increment to $num_cpu in the box. +$num_cpu = snmp_get($device, 'FORTINET-FORTIGATE-MIB::fgProcessorCount.0', '-Ovq'); - if (is_numeric($usage)) { - discover_processor($valid['processor'], $device, '.1.3.6.1.4.1.12356.101.4.1.3.0', '0', 'fortigate-fixed', $descr, '1', $usage, null, null); - } -} +print "Forti-found $num_cpu CPUs\n"; + +for($i = 1; $i <= $num_cpu; $i++) { + // HERP DERP IM A FORTIGATE AND I PUT NON NUMERIC VALUES IN A GAUGE + $cpu_usage = snmp_get($device, "FORTINET-FORTIGATE-MIB::fgProcessorUsage.$i", '-Ovq'); + $usage = trim ( str_replace(" %", "", $cpu_usage ) ) ; + $descr = snmp_get($device, "FORTINET-FORTIGATE-MIB::fgProcModDescr.$i", '-Ovq'); + print "CPU: $num_cpu - USAGE: $cpu_usage - TYPE $descr\n"; + if (is_numeric($usage)) { + discover_processor($valid['processor'], $device, "FORTINET-FORTIGATE-MIB::fgProcessorUsage." . $num_cpu, '0', 'fortigate-fixed', $descr, '1', $usage, null, null); + } +} // END For loop for CPU discovery + +} // END if device is Fortigate unset($processors_array); diff --git a/includes/discovery/processors/nos.inc.php b/includes/discovery/processors/nos.inc.php new file mode 100644 index 0000000000..c0051e466d --- /dev/null +++ b/includes/discovery/processors/nos.inc.php @@ -0,0 +1,14 @@ + $v) { $fields[$k] = isset($map[$v]) ? $map[$v] : (-1); } diff --git a/includes/polling/functions.inc.php b/includes/polling/functions.inc.php index 72332250ed..f9b6221e24 100644 --- a/includes/polling/functions.inc.php +++ b/includes/polling/functions.inc.php @@ -119,7 +119,7 @@ function poll_sensor($device, $class, $unit) { log_event(ucfirst($class).' '.$sensor['sensor_descr'].' above threshold: '.$sensor_value." $unit (> ".$sensor['sensor_limit']." $unit)", $device, $class, $sensor['sensor_id']); } - dbUpdate(array('sensor_current' => $sensor_value), 'sensors', '`sensor_class` = ? AND `sensor_id` = ?', array($class, $sensor['sensor_id'])); + dbUpdate(array('sensor_current' => $sensor_value, 'lastupdate' => array('NOW()')), 'sensors', '`sensor_class` = ? AND `sensor_id` = ?', array($class, $sensor['sensor_id'])); }//end foreach }//end poll_sensor() diff --git a/includes/polling/ipmi.inc.php b/includes/polling/ipmi.inc.php index dffd192777..ddb4915946 100644 --- a/includes/polling/ipmi.inc.php +++ b/includes/polling/ipmi.inc.php @@ -50,7 +50,7 @@ if ($ipmi['host'] = get_dev_attrib($device, 'ipmi_hostname')) { rrdtool_update($rrd_file, $fields); // FIXME warnings in event & mail not done here yet! - dbUpdate(array('sensor_current' => $sensor), 'sensors', 'poller_type = ? AND sensor_class = ? AND sensor_id = ?', array('ipmi', $ipmisensors['sensor_class'], $ipmisensors['sensor_id'])); + dbUpdate(array('sensor_current' => $sensor, 'lastupdate' => array('NOW()')), 'sensors', 'poller_type = ? AND sensor_class = ? AND sensor_id = ?', array('ipmi', $ipmisensors['sensor_class'], $ipmisensors['sensor_id'])); } unset($ipmi_sensor); diff --git a/includes/polling/mempools/nos.inc.php b/includes/polling/mempools/nos.inc.php new file mode 100644 index 0000000000..4188302630 --- /dev/null +++ b/includes/polling/mempools/nos.inc.php @@ -0,0 +1,7 @@ + $cpu_usage, - ); - - rrdtool_update($cpurrd, $fields); - - $graphs['fortigate_cpu'] = true; -} diff --git a/includes/polling/os/ligoos.inc.php b/includes/polling/os/ligoos.inc.php new file mode 100644 index 0000000000..66f7b195fb --- /dev/null +++ b/includes/polling/os/ligoos.inc.php @@ -0,0 +1,15 @@ + + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or (at your + * option) any later version. Please see LICENSE.txt at the top level of + * the source code distribution for details. + */ + +list($hardware,$version) = explode(',', $poll_device['sysDescr']); +preg_match('/(v[0-9\-\.]+)/', $version, $tmp_version); +$version = rtrim($tmp_version[0],'.'); diff --git a/includes/polling/os/nos.inc.php b/includes/polling/os/nos.inc.php index 74363298d0..bdf1702fee 100644 --- a/includes/polling/os/nos.inc.php +++ b/includes/polling/os/nos.inc.php @@ -1,6 +1,5 @@ . + * + * + * @author: SysCo/al + * @since CreationDate: 2008-01-04 + * @copyright (c) 2008 by SysCo systemes de communication sa + * @version $LastChangedRevision: 1.2.2 $ + * @version $LastChangedDate: 2009-01-05 $ + * @version $LastChangedBy: SysCo/al $ + * @link $HeadURL: radius.class.php $ + * @link http://developer.sysco.ch/php/ + * @link developer@sysco.ch + * Language: PHP 4.0.7 or higher + * + * + * Usage + * + * require_once('radius.class.php'); + * $radius = new Radius($ip_radius_server = 'radius_server_ip_address', $shared_secret = 'radius_shared_secret'[, $radius_suffix = 'optional_radius_suffix'[, $udp_timeout = udp_timeout_in_seconds[, $authentication_port = 1812]]]); + * $result = $radius->Access_Request($username = 'username', $password = 'password'[, $udp_timeout = udp_timeout_in_seconds]); + * + * + * Examples + * + * Example 1 + * SetNasIpAddress('1.2.3.4'); // Needed for some devices, and not auto_detected if PHP not runned through a web server + * if ($radius->AccessRequest('user', 'pass')) + * { + * echo "Authentication accepted."; + * } + * else + * { + * echo "Authentication rejected."; + * } + * ?> + * + * Example 2 + * SetNasPort(0); + * $radius->SetNasIpAddress('1.2.3.4'); // Needed for some devices, and not auto_detected if PHP not runned through a web server + * if ($radius->AccessRequest('user', 'pass')) + * { + * echo "Authentication accepted."; + * echo "
"; + * } + * else + * { + * echo "Authentication rejected."; + * echo "
"; + * } + * echo $radius->GetReadableReceivedAttributes(); + * ?> + * + * + * External file needed + * + * none. + * + * + * External file created + * + * none. + * + * + * Special issues + * + * - Sockets support must be enabled. + * * In Linux and *nix environments, the extension is enabled at + * compile time using the --enable-sockets configure option + * * In Windows, PHP Sockets can be activated by un-commenting + * extension=php_sockets.dll in php.ini + * + * + * Other related ressources + * + * FreeRADIUS, a free Radius server implementation for Linux and *nix environments: + * http://www.freeradius.org/ + * + * WinRadius, Windows Radius server (free for 5 users): + * http://www.itconsult2000.com/en/product/WinRadius.zip + * + * Radl, a free Radius server for Windows: + * http://www.loriotpro.com/Products/RadiusServer/FreeRadiusServer_EN.php + * + * DOS command line Radius client: + * http://www.itconsult2000.com/en/product/WinRadiusClient.zip + * + * + * Users feedbacks and comments + * + * 2008-07-02 Pim Koeman/Parantion + * + * When using a radius connection behind a linux iptables firewall + * allow port 1812 and 1813 with udp protocol + * + * IPTABLES EXAMPLE (command line): + * iptables -A AlwaysACCEPT -p udp --dport 1812 -j ACCEPT + * iptables -A AlwaysACCEPT -p udp --dport 1813 -j ACCEPT + * + * or put the lines in /etc/sysconfig/iptables (red-hat type systems (fedora, centos, rhel etc.) + * -A AlwaysACCEPT -p udp --dport 1812 -j ACCEPT + * -A AlwaysACCEPT -p udp --dport 1813 -j ACCEPT + * + * + * Change Log + * + * 2009-01-05 1.2.2 SysCo/al Added Robert Svensson feedback, Mideye RADIUS server is supported + * 2008-11-11 1.2.1 SysCo/al Added Carlo Ferrari resolution in examples (add NAS IP Address for a VASCO Middleware server) + * 2008-07-07 1.2 SysCo/al Added Pim Koeman (Parantion) contribution + * - comments concerning using radius behind a linux iptables firewall + * Added Jon Bright (tick Trading Software AG) contribution + * - false octal encoding with 0xx indexes (indexes are now rewritten in xx only) + * - challenge/response support for the RSA SecurID New-PIN mode + * Added GetRadiusPacketInfo() method + * Added GetAttributesInfo() method + * Added DecodeVendorSpecificContent() (to answer Raul Carvalho's question) + * Added Decoded Vendor Specific Content in debug messages + * 2008-02-04 1.1 SysCo/al Typo error for the udp_timeout parameter (line 256 in the version 1.0) + * 2008-01-07 1.0 SysCo/al Initial release + * + *********************************************************************/ + + +/********************************************************************* + * + * Radius + * Pure PHP radius class + * + * Creation 2008-01-04 + * Update 2009-01-05 + * @package radius + * @version v.1.2.2 + * @author SysCo/al + * + *********************************************************************/ +class Radius +{ + var $_ip_radius_server; // Radius server IP address + var $_shared_secret; // Shared secret with the radius server + var $_radius_suffix; // Radius suffix (default is ''); + var $_udp_timeout; // Timeout of the UDP connection in seconds (default value is 5) + var $_authentication_port; // Authentication port (default value is 1812) + var $_accounting_port; // Accouting port (default value is 1813) + var $_nas_ip_address; // NAS IP address + var $_nas_port; // NAS port + var $_encrypted_password; // Encrypted password, as described in the RFC 2865 + var $_user_ip_address; // Remote IP address of the user + var $_request_authenticator; // Request-Authenticator, 16 octets random number + var $_response_authenticator; // Request-Authenticator, 16 octets random number + var $_username; // Username to sent to the Radius server + var $_password; // Password to sent to the Radius server (clear password, must be encrypted) + var $_identifier_to_send; // Identifier field for the packet to be sent + var $_identifier_received; // Identifier field for the received packet + var $_radius_packet_to_send; // Radius packet code (1=Access-Request, 2=Access-Accept, 3=Access-Reject, 4=Accounting-Request, 5=Accounting-Response, 11=Access-Challenge, 12=Status-Server (experimental), 13=Status-Client (experimental), 255=Reserved + var $_radius_packet_received; // Radius packet code (1=Access-Request, 2=Access-Accept, 3=Access-Reject, 4=Accounting-Request, 5=Accounting-Response, 11=Access-Challenge, 12=Status-Server (experimental), 13=Status-Client (experimental), 255=Reserved + var $_attributes_to_send; // Radius attributes to send + var $_attributes_received; // Radius attributes received + var $_socket_to_server; // Socket connection + var $_debug_mode; // Debug mode flag + var $_attributes_info; // Attributes info array + var $_radius_packet_info; // Radius packet codes info array + var $_last_error_code; // Last error code + var $_last_error_message; // Last error message + + + /********************************************************************* + * + * Name: Radius + * short description: Radius class constructor + * + * Creation 2008-01-04 + * Update 2009-01-05 + * @version v.1.2.2 + * @author SysCo/al + * @param string ip address of the radius server + * @param string shared secret with the radius server + * @param string radius domain name suffix (default is empty) + * @param integer UDP timeout (default is 5) + * @param integer authentication port + * @param integer accounting port + * @return NULL + *********************************************************************/ + public function Radius($ip_radius_server = '127.0.0.1', $shared_secret = '', $radius_suffix = '', $udp_timeout = 5, $authentication_port = 1812, $accounting_port = 1813) + { + $this->_radius_packet_info[1] = 'Access-Request'; + $this->_radius_packet_info[2] = 'Access-Accept'; + $this->_radius_packet_info[3] = 'Access-Reject'; + $this->_radius_packet_info[4] = 'Accounting-Request'; + $this->_radius_packet_info[5] = 'Accounting-Response'; + $this->_radius_packet_info[11] = 'Access-Challenge'; + $this->_radius_packet_info[12] = 'Status-Server (experimental)'; + $this->_radius_packet_info[13] = 'Status-Client (experimental)'; + $this->_radius_packet_info[255] = 'Reserved'; + + $this->_attributes_info[1] = array('User-Name', 'S'); + $this->_attributes_info[2] = array('User-Password', 'S'); + $this->_attributes_info[3] = array('CHAP-Password', 'S'); // Type (1) / Length (1) / CHAP Ident (1) / String + $this->_attributes_info[4] = array('NAS-IP-Address', 'A'); + $this->_attributes_info[5] = array('NAS-Port', 'I'); + $this->_attributes_info[6] = array('Service-Type', 'I'); + $this->_attributes_info[7] = array('Framed-Protocol', 'I'); + $this->_attributes_info[8] = array('Framed-IP-Address', 'A'); + $this->_attributes_info[9] = array('Framed-IP-Netmask', 'A'); + $this->_attributes_info[10] = array('Framed-Routing', 'I'); + $this->_attributes_info[11] = array('Filter-Id', 'T'); + $this->_attributes_info[12] = array('Framed-MTU', 'I'); + $this->_attributes_info[13] = array('Framed-Compression', 'I'); + $this->_attributes_info[14] = array( 'Login-IP-Host', 'A'); + $this->_attributes_info[15] = array('Login-service', 'I'); + $this->_attributes_info[16] = array('Login-TCP-Port', 'I'); + $this->_attributes_info[17] = array('(unassigned)', ''); + $this->_attributes_info[18] = array('Reply-Message', 'T'); + $this->_attributes_info[19] = array('Callback-Number', 'S'); + $this->_attributes_info[20] = array('Callback-Id', 'S'); + $this->_attributes_info[21] = array('(unassigned)', ''); + $this->_attributes_info[22] = array('Framed-Route', 'T'); + $this->_attributes_info[23] = array('Framed-IPX-Network', 'I'); + $this->_attributes_info[24] = array('State', 'S'); + $this->_attributes_info[25] = array('Class', 'S'); + $this->_attributes_info[26] = array('Vendor-Specific', 'S'); // Type (1) / Length (1) / Vendor-Id (4) / Vendor type (1) / Vendor length (1) / Attribute-Specific... + $this->_attributes_info[27] = array('Session-Timeout', 'I'); + $this->_attributes_info[28] = array('Idle-Timeout', 'I'); + $this->_attributes_info[29] = array('Termination-Action', 'I'); + $this->_attributes_info[30] = array('Called-Station-Id', 'S'); + $this->_attributes_info[31] = array('Calling-Station-Id', 'S'); + $this->_attributes_info[32] = array('NAS-Identifier', 'S'); + $this->_attributes_info[33] = array('Proxy-State', 'S'); + $this->_attributes_info[34] = array('Login-LAT-Service', 'S'); + $this->_attributes_info[35] = array('Login-LAT-Node', 'S'); + $this->_attributes_info[36] = array('Login-LAT-Group', 'S'); + $this->_attributes_info[37] = array('Framed-AppleTalk-Link', 'I'); + $this->_attributes_info[38] = array('Framed-AppleTalk-Network', 'I'); + $this->_attributes_info[39] = array('Framed-AppleTalk-Zone', 'S'); + $this->_attributes_info[60] = array('CHAP-Challenge', 'S'); + $this->_attributes_info[61] = array('NAS-Port-Type', 'I'); + $this->_attributes_info[62] = array('Port-Limit', 'I'); + $this->_attributes_info[63] = array('Login-LAT-Port', 'S'); + $this->_attributes_info[76] = array('Prompt', 'I'); + + $this->_identifier_to_send = 0; + $this->_user_ip_address = (isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'0.0.0.0'); + + $this->GenerateRequestAuthenticator(); + $this->SetIpRadiusServer($ip_radius_server); + $this->SetSharedSecret($shared_secret); + $this->SetAuthenticationPort($authentication_port); + $this->SetAccountingPort($accounting_port); + $this->SetRadiusSuffix($radius_suffix); + $this->SetUdpTimeout($udp_timeout); + $this->SetUsername(); + $this->SetPassword(); + $this->SetNasIpAddress(); + $this->SetNasPort(); + + $this->ClearLastError(); + $this->ClearDataToSend(); + $this->ClearDataReceived(); + } + + + function GetNextIdentifier() + { + $this->_identifier_to_send = (($this->_identifier_to_send + 1) % 256); + return $this->_identifier_to_send; + } + + + function GenerateRequestAuthenticator() + { + $this->_request_authenticator = ''; + for ($ra_loop = 0; $ra_loop <= 15; $ra_loop++) + { + $this->_request_authenticator .= chr(rand(1, 255)); + } + } + + + function GetRequestAuthenticator() + { + return $this->_request_authenticator; + } + + + function GetLastError() + { + if (0 < $this->_last_error_code) + { + return $this->_last_error_message.' ('.$this->_last_error_code.')'; + } + else + { + return ''; + } + } + + + function ClearDataToSend() + { + $this->_radius_packet_to_send = 0; + $this->_attributes_to_send = NULL; + } + + + function ClearDataReceived() + { + $this->_radius_packet_received = 0; + $this->_attributes_received = NULL; + } + + + function SetPacketCodeToSend($packet_code) + { + $this->_radius_packet_to_send = $packet_code; + } + + + function SetDebugMode($debug_mode) + { + $this->_debug_mode = (TRUE === $debug_mode); + } + + + function SetIpRadiusServer($ip_radius_server) + { + $this->_ip_radius_server = gethostbyname($ip_radius_server); + } + + + function SetSharedSecret($shared_secret) + { + $this->_shared_secret = $shared_secret; + } + + + function SetRadiusSuffix($radius_suffix) + { + $this->_radius_suffix = $radius_suffix; + } + + + function SetUsername($username = '') + { + $temp_username = $username; + if (false === strpos($temp_username, '@')) + { + $temp_username .= $this->_radius_suffix; + } + + $this->_username = $temp_username; + $this->SetAttribute(1, $this->_username); + } + + + function SetPassword($password = '') + { + $this->_password = $password; + $encrypted_password = ''; + $padded_password = $password; + + if (0 != (strlen($password)%16)) + { + $padded_password .= str_repeat(chr(0),(16-strlen($password)%16)); + } + + $previous_result = $this->_request_authenticator; + + for ($full_loop = 0; $full_loop < (strlen($padded_password)/16); $full_loop++) + { + $xor_value = md5($this->_shared_secret.$previous_result); + + $previous_result = ''; + for ($xor_loop = 0; $xor_loop <= 15; $xor_loop++) + { + $value1 = ord(substr($padded_password, ($full_loop * 16) + $xor_loop, 1)); + $value2 = hexdec(substr($xor_value, 2*$xor_loop, 2)); + $xor_result = $value1 ^ $value2; + $previous_result .= chr($xor_result); + } + $encrypted_password .= $previous_result; + } + + $this->_encrypted_password = $encrypted_password; + $this->SetAttribute(2, $this->_encrypted_password); + } + + + function SetNasIPAddress($nas_ip_address = '') + { + if (0 < strlen($nas_ip_address)) + { + $this->_nas_ip_address = gethostbyname($nas_ip_address); + } + else + { + $this->_nas_ip_address = gethostbyname(isset($_SERVER['SERVER_ADDR'])?$_SERVER['SERVER_ADDR']:'0.0.0.0'); + } + $this->SetAttribute(4, $this->_nas_ip_address); + } + + + function SetNasPort($nas_port = 0) + { + $this->_nas_port = intval($nas_port); + $this->SetAttribute(5, $this->_nas_port); + } + + + function SetUdpTimeout($udp_timeout = 5) + { + if (intval($udp_timeout) > 0) + { + $this->_udp_timeout = intval($udp_timeout); + } + } + + + function ClearLastError() + { + $this->_last_error_code = 0; + $this->_last_error_message = ''; + } + + + function SetAuthenticationPort($authentication_port) + { + if ((intval($authentication_port) > 0) && (intval($authentication_port) < 65536)) + { + $this->_authentication_port = intval($authentication_port); + } + } + + + function SetAccountingPort($accounting_port) + { + if ((intval($accounting_port) > 0) && (intval($accounting_port) < 65536)) + { + $this->_accounting_port = intval($accounting_port); + } + } + + + function GetReceivedPacket() + { + return $this->_radius_packet_received; + } + + + function GetReceivedAttributes() + { + return $this->_attributes_received; + } + + + function GetReadableReceivedAttributes() + { + $readable_attributes = ''; + if (isset($this->_attributes_received)) + { + foreach($this->_attributes_received as $one_received_attribute) + { + $attributes_info = $this->GetAttributesInfo($one_received_attribute[0]); + $readable_attributes .= $attributes_info[0].": "; + if (26 == $one_received_attribute[0]) + { + $vendor_array = $this->DecodeVendorSpecificContent($one_received_attribute[1]); + foreach($vendor_array as $vendor_one) + { + $readable_attributes .= 'Vendor-Id: '.$vendor_one[0].", Vendor-type: ".$vendor_one[1].", Attribute-specific: ".$vendor_one[2]; + } + } + else + { + $readable_attributes .= $one_received_attribute[1]; + } + $readable_attributes .= "
\n"; + } + } + return $readable_attributes; + } + + + function GetAttribute($attribute_type) + { + $attribute_value = NULL; + foreach($this->_attributes_received as $one_received_attribute) + { + if (intval($attribute_type) == $one_received_attribute[0]) + { + $attribute_value = $one_received_attribute[1]; + break; + } + } + return $attribute_value; + } + + + function GetRadiusPacketInfo($info_index) + { + if (isset($this->_radius_packet_info[intval($info_index)])) + { + return $this->_radius_packet_info[intval($info_index)]; + } + else + { + return ''; + } + } + + + function GetAttributesInfo($info_index) + { + if (isset($this->_attributes_info[intval($info_index)])) + { + return $this->_attributes_info[intval($info_index)]; + } + else + { + return array('',''); + } + } + + + function DebugInfo($debug_info) + { + if ($this->_debug_mode) + { + echo date('Y-m-d H:i:s').' DEBUG: '; + echo $debug_info; + echo '
'; + flush(); + } + } + + + function SetAttribute($type, $value) + { + $attribute_index = -1; + for ($attributes_loop = 0; $attributes_loop < count($this->_attributes_to_send); $attributes_loop++) + { + if ($type == ord(substr($this->_attributes_to_send[$attributes_loop], 0, 1))) + { + $attribute_index = $attributes_loop; + break; + } + } + + $temp_attribute = NULL; + + if (isset($this->_attributes_info[$type])) + { + switch ($this->_attributes_info[$type][1]) + { + case 'T': // Text, 1-253 octets containing UTF-8 encoded ISO 10646 characters (RFC 2279). + $temp_attribute = chr($type).chr(2+strlen($value)).$value; + break; + case 'S': // String, 1-253 octets containing binary data (values 0 through 255 decimal, inclusive). + $temp_attribute = chr($type).chr(2+strlen($value)).$value; + break; + case 'A': // Address, 32 bit value, most significant octet first. + $ip_array = explode(".", $value); + $temp_attribute = chr($type).chr(6).chr($ip_array[0]).chr($ip_array[1]).chr($ip_array[2]).chr($ip_array[3]); + break; + case 'I': // Integer, 32 bit unsigned value, most significant octet first. + $temp_attribute = chr($type).chr(6).chr(($value/(256*256*256))%256).chr(($value/(256*256))%256).chr(($value/(256))%256).chr($value%256); + break; + case 'D': // Time, 32 bit unsigned value, most significant octet first -- seconds since 00:00:00 UTC, January 1, 1970. (not used in this RFC) + $temp_attribute = NULL; + break; + default: + $temp_attribute = NULL; + } + } + + if ($attribute_index > -1) + { + $this->_attributes_to_send[$attribute_index] = $temp_attribute; + $additional_debug = 'Modified'; + } + else + { + $this->_attributes_to_send[] = $temp_attribute; + $additional_debug = 'Added'; + } + $attribute_info = $this->GetAttributesInfo($type); + $this->DebugInfo($additional_debug.' Attribute '.$type.' ('.$attribute_info[0].'), format '.$attribute_info[1].', value '.$value.''); + } + + + function DecodeAttribute($attribute_raw_value, $attribute_format) + { + $attribute_value = NULL; + + if (isset($this->_attributes_info[$attribute_format])) + { + switch ($this->_attributes_info[$attribute_format][1]) + { + case 'T': // Text, 1-253 octets containing UTF-8 encoded ISO 10646 characters (RFC 2279). + $attribute_value = $attribute_raw_value; + break; + case 'S': // String, 1-253 octets containing binary data (values 0 through 255 decimal, inclusive). + $attribute_value = $attribute_raw_value; + break; + case 'A': // Address, 32 bit value, most significant octet first. + $attribute_value = ord(substr($attribute_raw_value, 0, 1)).'.'.ord(substr($attribute_raw_value, 1, 1)).'.'.ord(substr($attribute_raw_value, 2, 1)).'.'.ord(substr($attribute_raw_value, 3, 1)); + break; + case 'I': // Integer, 32 bit unsigned value, most significant octet first. + $attribute_value = (ord(substr($attribute_raw_value, 0, 1))*256*256*256)+(ord(substr($attribute_raw_value, 1, 1))*256*256)+(ord(substr($attribute_raw_value, 2, 1))*256)+ord(substr($attribute_raw_value, 3, 1)); + break; + case 'D': // Time, 32 bit unsigned value, most significant octet first -- seconds since 00:00:00 UTC, January 1, 1970. (not used in this RFC) + $attribute_value = NULL; + break; + default: + $attribute_value = NULL; + } + } + return $attribute_value; + } + + + /********************************************************************* + * Array returned: array(array(Vendor-Id1, Vendor type1, Attribute-Specific1), ..., array(Vendor-IdN, Vendor typeN, Attribute-SpecificN) + *********************************************************************/ + function DecodeVendorSpecificContent($vendor_specific_raw_value) + { + $result = array(); + $offset_in_raw = 0; + $vendor_id = (ord(substr($vendor_specific_raw_value, 0, 1))*256*256*256)+(ord(substr($vendor_specific_raw_value, 1, 1))*256*256)+(ord(substr($vendor_specific_raw_value, 2, 1))*256)+ord(substr($vendor_specific_raw_value, 3, 1)); + $offset_in_raw += 4; + while ($offset_in_raw < strlen($vendor_specific_raw_value)) + { + $vendor_type = (ord(substr($vendor_specific_raw_value, 0+$offset_in_raw, 1))); + $vendor_length = (ord(substr($vendor_specific_raw_value, 1+$offset_in_raw, 1))); + $attribute_specific = substr($vendor_specific_raw_value, 2+$offset_in_raw, $vendor_length); + $result[] = array($vendor_id, $vendor_type, $attribute_specific); + $offset_in_raw += ($vendor_length); + } + + return $result; + } + + + /* + * Function : AccessRequest + * + * Return TRUE if Access-Request is accepted, FALSE otherwise + */ + function AccessRequest($username = '', $password = '', $udp_timeout = 0, $state = NULL) + { + $this->ClearDataReceived(); + $this->ClearLastError(); + + $this->SetPacketCodeToSend(1); // Access-Request + + if (0 < strlen($username)) + { + $this->SetUsername($username); + } + + if (0 < strlen($password)) + { + $this->SetPassword($password); + } + + if ($state!==NULL) + { + $this->SetAttribute(24, $state); + } + else + { + $this->SetAttribute(6, 1); // 1=Login + } + + if (intval($udp_timeout) > 0) + { + $this->SetUdpTimeout($udp_timeout); + } + + $attributes_content = ''; + for ($attributes_loop = 0; $attributes_loop < count($this->_attributes_to_send); $attributes_loop++) + { + $attributes_content .= $this->_attributes_to_send[$attributes_loop]; + } + + $packet_length = 4; // Radius packet code + Identifier + Length high + Length low + $packet_length += strlen($this->_request_authenticator); // Request-Authenticator + $packet_length += strlen($attributes_content); // Attributes + + $packet_data = chr($this->_radius_packet_to_send); + $packet_data .= chr($this->GetNextIdentifier()); + $packet_data .= chr(intval($packet_length/256)); + $packet_data .= chr(intval($packet_length%256)); + $packet_data .= $this->_request_authenticator; + $packet_data .= $attributes_content; + + $_socket_to_server = socket_create(AF_INET, SOCK_DGRAM, 17); // UDP packet = 17 + + if ($_socket_to_server === FALSE) + { + $this->_last_error_code = socket_last_error(); + $this->_last_error_message = socket_strerror($this->_last_error_code); + } + elseif (FALSE === socket_connect($_socket_to_server, $this->_ip_radius_server, $this->_authentication_port)) + { + $this->_last_error_code = socket_last_error(); + $this->_last_error_message = socket_strerror($this->_last_error_code); + } + elseif (FALSE === socket_write($_socket_to_server, $packet_data, $packet_length)) + { + $this->_last_error_code = socket_last_error(); + $this->_last_error_message = socket_strerror($this->_last_error_code); + } + else + { + $this->DebugInfo('Packet type '.$this->_radius_packet_to_send.' ('.$this->GetRadiusPacketInfo($this->_radius_packet_to_send).')'.' sent'); + if ($this->_debug_mode) + { + $readable_attributes = ''; + foreach($this->_attributes_to_send as $one_attribute_to_send) + { + $attribute_info = $this->GetAttributesInfo(ord(substr($one_attribute_to_send,0,1))); + $this->DebugInfo('Attribute '.ord(substr($one_attribute_to_send,0,1)).' ('.$attribute_info[0].'), length '.(ord(substr($one_attribute_to_send,1,1))-2).', format '.$attribute_info[1].', value '.$this->DecodeAttribute(substr($one_attribute_to_send,2), ord(substr($one_attribute_to_send,0,1))).''); + } + } + $read_socket_array = array($_socket_to_server); + $write_socket_array = NULL; + $except_socket_array = NULL; + + $received_packet = chr(0); + + if (!(FALSE === socket_select($read_socket_array, $write_socket_array, $except_socket_array, $this->_udp_timeout))) + { + if (in_array($_socket_to_server, $read_socket_array)) + { + if (FALSE === ($received_packet = @socket_read($_socket_to_server, 1024))) // @ used, than no error is displayed if the connection is closed by the remote host + { + $received_packet = chr(0); + $this->_last_error_code = socket_last_error(); + $this->_last_error_message = socket_strerror($this->_last_error_code); + } + else + { + socket_close($_socket_to_server); + } + } + } + else + { + socket_close($_socket_to_server); + } + } + + $this->_radius_packet_received = intval(ord(substr($received_packet, 0, 1))); + + $this->DebugInfo('Packet type '.$this->_radius_packet_received.' ('.$this->GetRadiusPacketInfo($this->_radius_packet_received).')'.' received'); + + if ($this->_radius_packet_received > 0) + { + $this->_identifier_received = intval(ord(substr($received_packet, 1, 1))); + $packet_length = (intval(ord(substr($received_packet, 2, 1))) * 256) + (intval(ord(substr($received_packet, 3, 1)))); + $this->_response_authenticator = substr($received_packet, 4, 16); + $attributes_content = substr($received_packet, 20, ($packet_length - 4 - 16)); + while (strlen($attributes_content) > 2) + { + $attribute_type = intval(ord(substr($attributes_content,0,1))); + $attribute_length = intval(ord(substr($attributes_content,1,1))); + $attribute_raw_value = substr($attributes_content,2,$attribute_length-2); + $attributes_content = substr($attributes_content, $attribute_length); + + $attribute_value = $this->DecodeAttribute($attribute_raw_value, $attribute_type); + + $attribute_info = $this->GetAttributesInfo($attribute_type); + if (26 == $attribute_type) + { + $vendor_array = $this->DecodeVendorSpecificContent($attribute_value); + foreach($vendor_array as $vendor_one) + { + $this->DebugInfo('Attribute '.$attribute_type.' ('.$attribute_info[0].'), length '.($attribute_length-2).', format '.$attribute_info[1].', Vendor-Id: '.$vendor_one[0].", Vendor-type: ".$vendor_one[1].", Attribute-specific: ".$vendor_one[2]); + } + } + else + { + $this->DebugInfo('Attribute '.$attribute_type.' ('.$attribute_info[0].'), length '.($attribute_length-2).', format '.$attribute_info[1].', value '.$attribute_value.''); + } + + $this->_attributes_received[] = array($attribute_type, $attribute_value); + } + } + + return (2 == ($this->_radius_packet_received)); + } +} + +?> diff --git a/mibs/MTA-MIB.txt b/mibs/MTA-MIB.txt new file mode 100644 index 0000000000..29618adc84 --- /dev/null +++ b/mibs/MTA-MIB.txt @@ -0,0 +1,1226 @@ +MTA-MIB DEFINITIONS ::= BEGIN + +IMPORTS + OBJECT-TYPE, Counter32, Gauge32, MODULE-IDENTITY, mib-2 + FROM SNMPv2-SMI + TimeInterval + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + applIndex, URLString + FROM NETWORK-SERVICES-MIB; + +mta MODULE-IDENTITY + LAST-UPDATED "200003030000Z" + ORGANIZATION "IETF Mail and Directory Management Working Group" + CONTACT-INFO + " Ned Freed + + Postal: Innosoft International, Inc. + 1050 Lakes Drive + West Covina, CA 91790 + US + + Tel: +1 626 919 3600 + Fax: +1 626 919 3614 + + E-Mail: ned.freed@innosoft.com" + DESCRIPTION + "The MIB module describing Message Transfer Agents (MTAs)" + REVISION "200003030000Z" + DESCRIPTION + "This revision, published in RFC 2789, changes a number of + DisplayStrings to SnmpAdminStrings. Note that this change + + is not strictly supported by SMIv2. However, the alternative + of deprecating the old objects and defining new objects + would have a more adverse impact on backward compatibility + and interoperability, given the particular semantics of + these objects. The defining reference for distinguished + names has also been updated from RFC 1779 to RFC 2253." + REVISION "199905120000Z" + DESCRIPTION + "This revision fixes a number of technical problems found in + previous versions: The conformance groups for different + versions of this MIB have been corrected, the recommendation + that an empty string be returned if the last operation was + successful has been removed from + mtaGroupInboundRejectionReason and + mtaGroupOutboundConnectFailureReason as it conflicts + with the stated purpose of these variables, and the + required mtaStatusCode entry has been added to + MtaGroupErrorEntry. It should be noted that this last + change in no way affects the bits on the wire." + REVISION "199708170000Z" + DESCRIPTION + "This revision, published in RFC 2249, adds the + mtaGroupDescription and mtaGroupURL fields, conversion + operation counters, a group hierarchy description mechanism, + counters for specific errors, oldest message IDs, per-MTA + and per-group loop counters, and a new table for tracking + any errors an MTA encounters." + REVISION "199311280000Z" + DESCRIPTION + "The original version of this MIB was published in RFC 1566" + ::= {mib-2 28} + +mtaTable OBJECT-TYPE + SYNTAX SEQUENCE OF MtaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding information specific to an MTA." + ::= {mta 1} + +mtaEntry OBJECT-TYPE + SYNTAX MtaEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry associated with each MTA." + INDEX {applIndex} + ::= {mtaTable 1} + +MtaEntry ::= SEQUENCE { + mtaReceivedMessages + Counter32, + mtaStoredMessages + Gauge32, + mtaTransmittedMessages + Counter32, + mtaReceivedVolume + Counter32, + mtaStoredVolume + Gauge32, + mtaTransmittedVolume + Counter32, + mtaReceivedRecipients + Counter32, + mtaStoredRecipients + Gauge32, + mtaTransmittedRecipients + Counter32, + mtaSuccessfulConvertedMessages + Counter32, + mtaFailedConvertedMessages + Counter32, + mtaLoopsDetected + Counter32 +} + +mtaReceivedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages received since MTA initialization. + This includes messages transmitted to this MTA from other + MTAs as well as messages that have been submitted to the + MTA directly by end-users or applications." + ::= {mtaEntry 1} + +mtaStoredMessages OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of messages currently stored in the MTA. + This includes messages that are awaiting transmission to + some other MTA or are waiting for delivery to an end-user + or application." + ::= {mtaEntry 2} + +mtaTransmittedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages transmitted since MTA initialization. + This includes messages that were transmitted to some other + MTA or are waiting for delivery to an end-user or + application." + ::= {mtaEntry 3} + +mtaReceivedVolume OBJECT-TYPE + SYNTAX Counter32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages received since MTA + initialization, measured in kilo-octets. This volume should + include all transferred data that is logically above the mail + transport protocol level. For example, an SMTP-based MTA + should use the number of kilo-octets in the message header + and body, while an X.400-based MTA should use the number of + kilo-octets of P2 data. This includes messages transmitted + to this MTA from other MTAs as well as messages that have + been submitted to the MTA directly by end-users or + applications." + ::= {mtaEntry 4} + +mtaStoredVolume OBJECT-TYPE + SYNTAX Gauge32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages currently stored in the MTA, + measured in kilo-octets. This volume should include all + stored data that is logically above the mail transport + protocol level. For example, an SMTP-based MTA should + use the number of kilo-octets in the message header and + body, while an X.400-based MTA would use the number of + kilo-octets of P2 data. This includes messages that are + awaiting transmission to some other MTA or are waiting + for delivery to an end-user or application." + ::= {mtaEntry 5} + +mtaTransmittedVolume OBJECT-TYPE + SYNTAX Counter32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages transmitted since MTA + initialization, measured in kilo-octets. This volume should + include all transferred data that is logically above the mail + transport protocol level. For example, an SMTP-based MTA + should use the number of kilo-octets in the message header + and body, while an X.400-based MTA should use the number of + kilo-octets of P2 data. This includes messages that were + transmitted to some other MTA or are waiting for delivery + to an end-user or application." + ::= {mtaEntry 6} + +mtaReceivedRecipients OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + received since MTA initialization. Recipients this MTA + has no responsibility for, i.e. inactive envelope + recipients or ones referred to in message headers, + should not be counted even if information about such + recipients is available. This includes messages + transmitted to this MTA from other MTAs as well as + messages that have been submitted to the MTA directly + by end-users or applications." + ::= {mtaEntry 7} + +mtaStoredRecipients OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + currently stored in the MTA. Recipients this MTA has no + responsibility for, i.e. inactive envelope recipients or + ones referred to in message headers, should not be + counted. This includes messages that are awaiting + transmission to some other MTA or are waiting for + delivery to an end-user or application." + ::= {mtaEntry 8} + +mtaTransmittedRecipients OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + transmitted since MTA initialization. Recipients this + MTA had no responsibility for, i.e. inactive envelope + recipients or ones referred to in message headers, + should not be counted. This includes messages that were + transmitted to some other MTA or are waiting for + delivery to an end-user or application." + ::= {mtaEntry 9} + +mtaSuccessfulConvertedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages that have been successfully + converted from one form to another since MTA + initialization." + ::= {mtaEntry 10} + +mtaFailedConvertedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages for which an unsuccessful + attempt was made to convert them from one form to + another since MTA initialization." + ::= {mtaEntry 11} + +mtaLoopsDetected OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A message loop is defined as a situation where the MTA + decides that a given message will never be delivered to + one or more recipients and instead will continue to + loop endlessly through one or more MTAs. This variable + counts the number of times the MTA has detected such a + situation since MTA initialization. Note that the + mechanism MTAs use to detect loops (e.g., trace field + counting, count of references to this MTA in a trace + field, examination of DNS or other directory information, + etc.), the level at which loops are detected (e.g., per + message, per recipient, per directory entry, etc.), and + the handling of a loop once it is detected (e.g., looping + + messages are held, looping messages are bounced or sent + to the postmaster, messages that the MTA knows will loop + won't be accepted, etc.) vary widely from one MTA to the + next and cannot be inferred from this variable." + ::= {mtaEntry 12} + +-- MTAs typically group inbound reception, queue storage, and +-- outbound transmission in some way, rather than accounting for +-- such operations only across the MTA as a whole. In the most +-- extreme case separate information will be maintained for each +-- different entity that receives messages and for each entity +-- the MTA stores messages for and delivers messages to. Other +-- MTAs may elect to treat all reception equally, all queue +-- storage equally, all deliveries equally, or some combination +-- of this. Overlapped groupings are also possible, where an MTA +-- decomposes its traffic in different ways for different +-- purposes. + +-- In any case, a grouping abstraction is an extremely useful for +-- breaking down the activities of an MTA. For purposes of +-- labelling this will be called a "group" in this MIB. + +-- Each group contains all the variables needed to monitor all +-- aspects of an MTA's operation. However, the fact that all +-- groups contain all possible variables does not imply that all +-- groups must use all possible variables. For example, a single +-- group might be used to monitor only one kind of event (inbound +-- processing, outbound processing, or storage). In this sort of +-- configuration any counters that are unused as a result of a +-- given MTA's use of the group construct must be inaccessible; +-- e.g., returning either a noSuchName error (for an SNMPv1 get), +-- or a noSuchInstance exception (for an SNMPv2 get). + +-- Groups can be created at any time after MTA initialization. Once +-- a group is created it should not be deleted or its mtaGroupIndex +-- changed unless the MTA is reinitialized. + +-- Groups are not necessarily mutually exclusive. A given event may +-- be recorded by more than one group, a message may be seen as +-- stored by more than one group, and so on. Groups should be all +-- inclusive, however: if groups are implemented all aspects of an +-- MTA's operation should be registered in at least one group. +-- This freedom lets implementors use different sets of groups to +-- provide different "views" of an MTA. + +-- The possibility of overlap between groups means that summing +-- variables across groups may not produce values equal to those in +-- the mtaTable. mtaTable should always provide accurate information + +-- about the MTA as a whole. + +-- The term "channel" is often used in MTA implementations; channels +-- are usually, but not always, equivalent to a group. However, +-- this MIB does not use the term "channel" because there is no +-- requirement that an MTA supporting this MIB has to map its +-- "channel" abstraction one-to-one onto the MIB's group abstraction. + +-- An MTA may create a group or group of groups at any time. Once +-- created, however, an MTA cannot delete an entry for a group from +-- the group table. Deletion is only allowed when the MTA is +-- reinitialized, and is not required even then. This restriction +-- is imposed so that monitoring agents can rely on group +-- assignments being consistent across multiple query operations. + +-- Groups may be laid out so as to form a hierarchical arrangement, +-- with some groups acting as subgroups for other groups. +-- Alternately, disjoint groups of groups may be used to provide +-- different sorts of "snapshots" of MTA operation. The +-- mtaGroupHierarchy variable provides an indication of how each +-- group fits into the overall arrangement being used. + +-- Note that SNMP also defines and uses term "group". MTA groups are +-- NOT the same as SNMP groups. + +mtaGroupTable OBJECT-TYPE + SYNTAX SEQUENCE OF MtaGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding information specific to each MTA group." + ::= {mta 2} + +mtaGroupEntry OBJECT-TYPE + SYNTAX MtaGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry associated with each MTA group." + INDEX {applIndex, mtaGroupIndex} + ::= {mtaGroupTable 1} + +MtaGroupEntry ::= SEQUENCE { + mtaGroupIndex + INTEGER, + mtaGroupReceivedMessages + Counter32, + mtaGroupRejectedMessages + + Counter32, + mtaGroupStoredMessages + Gauge32, + mtaGroupTransmittedMessages + Counter32, + mtaGroupReceivedVolume + Counter32, + mtaGroupStoredVolume + Gauge32, + mtaGroupTransmittedVolume + Counter32, + mtaGroupReceivedRecipients + Counter32, + mtaGroupStoredRecipients + Gauge32, + mtaGroupTransmittedRecipients + Counter32, + mtaGroupOldestMessageStored + TimeInterval, + mtaGroupInboundAssociations + Gauge32, + mtaGroupOutboundAssociations + Gauge32, + mtaGroupAccumulatedInboundAssociations + Counter32, + mtaGroupAccumulatedOutboundAssociations + Counter32, + mtaGroupLastInboundActivity + TimeInterval, + mtaGroupLastOutboundActivity + TimeInterval, + mtaGroupLastOutboundAssociationAttempt + TimeInterval, + mtaGroupRejectedInboundAssociations + Counter32, + mtaGroupFailedOutboundAssociations + Counter32, + mtaGroupInboundRejectionReason + SnmpAdminString, + mtaGroupOutboundConnectFailureReason + SnmpAdminString, + mtaGroupScheduledRetry + TimeInterval, + mtaGroupMailProtocol + OBJECT IDENTIFIER, + mtaGroupName + SnmpAdminString, + mtaGroupSuccessfulConvertedMessages + + Counter32, + mtaGroupFailedConvertedMessages + Counter32, + mtaGroupDescription + SnmpAdminString, + mtaGroupURL + URLString, + mtaGroupCreationTime + TimeInterval, + mtaGroupHierarchy + INTEGER, + mtaGroupOldestMessageId + SnmpAdminString, + mtaGroupLoopsDetected + Counter32 +} + +mtaGroupIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index associated with a group for a given MTA." + ::= {mtaGroupEntry 1} + +mtaGroupReceivedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages received to this group since + group creation." + ::= {mtaGroupEntry 2} + +mtaGroupRejectedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages rejected by this group since + group creation." + ::= {mtaGroupEntry 3} + +mtaGroupStoredMessages OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of messages currently stored in this + group's queue." + ::= {mtaGroupEntry 4} + +mtaGroupTransmittedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages transmitted by this group since + group creation." + ::= {mtaGroupEntry 5} + +mtaGroupReceivedVolume OBJECT-TYPE + SYNTAX Counter32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages received to this group since + group creation, measured in kilo-octets. This volume + should include all transferred data that is logically above + the mail transport protocol level. For example, an + SMTP-based MTA should use the number of kilo-octets in the + message header and body, while an X.400-based MTA should use + the number of kilo-octets of P2 data." + ::= {mtaGroupEntry 6} + +mtaGroupStoredVolume OBJECT-TYPE + SYNTAX Gauge32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages currently stored in this + group's queue, measured in kilo-octets. This volume should + include all stored data that is logically above the mail + transport protocol level. For example, an SMTP-based + MTA should use the number of kilo-octets in the message + header and body, while an X.400-based MTA would use the + number of kilo-octets of P2 data." + ::= {mtaGroupEntry 7} + +mtaGroupTransmittedVolume OBJECT-TYPE + SYNTAX Counter32 + UNITS "K-octets" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total volume of messages transmitted by this group + since group creation, measured in kilo-octets. This + volume should include all transferred data that is logically + above the mail transport protocol level. For example, an + SMTP-based MTA should use the number of kilo-octets in the + message header and body, while an X.400-based MTA should use + the number of kilo-octets of P2 data." + ::= {mtaGroupEntry 8} + +mtaGroupReceivedRecipients OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + received to this group since group creation. + Recipients this MTA has no responsibility for should not + be counted." + ::= {mtaGroupEntry 9} + +mtaGroupStoredRecipients OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + currently stored in this group's queue. Recipients this + MTA has no responsibility for should not be counted." + ::= {mtaGroupEntry 10} + +mtaGroupTransmittedRecipients OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of recipients specified in all messages + transmitted by this group since group creation. + Recipients this MTA had no responsibility for should not + be counted." + ::= {mtaGroupEntry 11} + +mtaGroupOldestMessageStored OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since the oldest message in this group's queue was + + placed in the queue." + ::= {mtaGroupEntry 12} + +mtaGroupInboundAssociations OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current associations to the group, where the + group is the responder." + ::= {mtaGroupEntry 13} + +mtaGroupOutboundAssociations OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current associations to the group, where the + group is the initiator." + ::= {mtaGroupEntry 14} + +mtaGroupAccumulatedInboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of associations to the group since + group creation, where the MTA was the responder." + ::= {mtaGroupEntry 15} + +mtaGroupAccumulatedOutboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of associations from the group since + group creation, where the MTA was the initiator." + ::= {mtaGroupEntry 16} + +mtaGroupLastInboundActivity OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since the last time that this group had an active + inbound association for purposes of message reception." + ::= {mtaGroupEntry 17} + +mtaGroupLastOutboundActivity OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since the last time that this group had a + successful outbound association for purposes of + message delivery." + ::= {mtaGroupEntry 18} + +mtaGroupLastOutboundAssociationAttempt OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since the last time that this group attempted + to make an outbound association for purposes of + message delivery." + ::= {mtaGroupEntry 34} + +mtaGroupRejectedInboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound associations the group has + rejected, since group creation. Rejected associations + are not counted in the accumulated association totals." + ::= {mtaGroupEntry 19} + +mtaGroupFailedOutboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number associations where the group was the + initiator and association establishment has failed, + since group creation. Failed associations are + not counted in the accumulated association totals." + ::= {mtaGroupEntry 20} + +mtaGroupInboundRejectionReason OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The failure reason, if any, for the last association this + group refused to respond to. If no association attempt + + has been made since the MTA was initialized the value + should be 'never'." + ::= {mtaGroupEntry 21} + +mtaGroupOutboundConnectFailureReason OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The failure reason, if any, for the last association attempt + this group initiated. If no association attempt has been + made since the MTA was initialized the value should be + 'never'." + ::= {mtaGroupEntry 22} + +mtaGroupScheduledRetry OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The amount of time until this group is next scheduled to + attempt to make an association." + ::= {mtaGroupEntry 23} + +mtaGroupMailProtocol OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An identification of the protocol being used by this group. + For an group employing OSI protocols, this will be the + Application Context. For Internet applications, OID + values of the form {applTCPProtoID port} or {applUDPProtoID + port} are used for TCP-based and UDP-based protocols, + respectively. In either case 'port' corresponds to the + primary port number being used by the protocol. The + usual IANA procedures may be used to register ports for + new protocols. applTCPProtoID and applUDPProtoID are + defined in the NETWORK-SERVICES-MIB, RFC 2788." + ::= {mtaGroupEntry 24} + +mtaGroupName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A descriptive name for the group. If this group connects to + a single remote MTA this should be the name of that MTA. If + + this in turn is an Internet MTA this should be the domain + name. For an OSI MTA it should be the string encoded + distinguished name of the managed object using the format + defined in RFC 2253. For X.400(1984) MTAs which do not + have a Distinguished Name, the RFC 2156 syntax + 'mta in globalid' used in X400-Received: fields can be + used." + ::= {mtaGroupEntry 25} + +mtaGroupSuccessfulConvertedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages that have been successfully + converted from one form to another in this group + since group creation." + ::= {mtaGroupEntry 26} + +mtaGroupFailedConvertedMessages OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of messages for which an unsuccessful + attempt was made to convert them from one form to + another in this group since group creation." + ::= {mtaGroupEntry 27} + +mtaGroupDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A description of the group's purpose. This information is + intended to identify the group in a status display." + ::= {mtaGroupEntry 28} + +mtaGroupURL OBJECT-TYPE + SYNTAX URLString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A URL pointing to a description of the group. This + information is intended to identify and briefly describe + the group in a status display." + ::= {mtaGroupEntry 29} + +mtaGroupCreationTime OBJECT-TYPE + SYNTAX TimeInterval + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time since this group was first created." + ::= {mtaGroupEntry 30} + +mtaGroupHierarchy OBJECT-TYPE + SYNTAX INTEGER (-2147483648..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Describes how this group fits into the hierarchy. A + positive value is interpreted as an mtaGroupIndex + value for some other group whose variables include + those of this group (and usually others). A negative + value is interpreted as a group collection code: Groups + with common negative hierarchy values comprise one + particular breakdown of MTA activity as a whole. A + zero value means that this MIB implementation doesn't + implement hierarchy indicators and thus the overall + group hierarchy cannot be determined." + ::= {mtaGroupEntry 31} + +mtaGroupOldestMessageId OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Message ID of the oldest message in the group's queue. + Whenever possible this should be in the form of an + RFC 822 msg-id; X.400 may convert X.400 message + identifiers to this form by following the rules laid + out in RFC2156." + ::= {mtaGroupEntry 32} + +mtaGroupLoopsDetected OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A message loop is defined as a situation where the MTA + decides that a given message will never be delivered to + one or more recipients and instead will continue to + loop endlessly through one or more MTAs. This variable + counts the number of times the MTA has detected such a + situation in conjunction with something associated with + + this group since group creation. Note that the + mechanism MTAs use to detect loops (e.g., trace field + counting, count of references to this MTA in a trace + field, examination of DNS or other directory information, + etc.), the level at which loops are detected (e.g., per + message, per recipient, per directory entry, etc.), and + the handling of a loop once it is detected (e.g., looping + messages are held, looping messages are bounced or sent + to the postmaster, messages that the MTA knows will loop + won't be accepted, etc.) vary widely from one MTA to the + next and cannot be inferred from this variable." + ::= {mtaGroupEntry 33} + +-- The mtaGroupAssociationTable provides a means of correlating +-- entries in the network services association table with the +-- MTA group responsible for the association. + +mtaGroupAssociationTable OBJECT-TYPE + SYNTAX SEQUENCE OF MtaGroupAssociationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding information regarding the associations + for each MTA group." + ::= {mta 3} + +mtaGroupAssociationEntry OBJECT-TYPE + SYNTAX MtaGroupAssociationEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry holding information regarding the associations + for each MTA group." + INDEX {applIndex, mtaGroupIndex, mtaGroupAssociationIndex} + ::= {mtaGroupAssociationTable 1} + +MtaGroupAssociationEntry ::= SEQUENCE { + mtaGroupAssociationIndex + INTEGER +} + +mtaGroupAssociationIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reference into association table to allow correlation of + this group's active associations with the association table." + ::= {mtaGroupAssociationEntry 1} + +-- The mtaGroupErrorTable gives each group a way of tallying +-- the specific errors it has encountered. The mechanism +-- defined here uses RFC 1893 status codes to identify +-- various specific errors. There are also classes for generic +-- errors of various sorts, and the entire mechanism is also +-- extensible, in that new error codes can be defined at any +-- time. + +mtaGroupErrorTable OBJECT-TYPE + SYNTAX SEQUENCE OF MtaGroupErrorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding information regarding accumulated errors + for each MTA group." + ::= {mta 5} + +mtaGroupErrorEntry OBJECT-TYPE + SYNTAX MtaGroupErrorEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The entry holding information regarding accumulated + errors for each MTA group." + INDEX {applIndex, mtaGroupIndex, mtaStatusCode} + ::= {mtaGroupErrorTable 1} + +MtaGroupErrorEntry ::= SEQUENCE { + mtaStatusCode + INTEGER (4000000..5999999), + mtaGroupInboundErrorCount + Counter32, + mtaGroupInternalErrorCount + Counter32, + mtaGroupOutboundErrorCount + Counter32 +} + +mtaGroupInboundErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Count of the number of errors of a given type that have + been accumulated in association with a particular group + while processing incoming messages. In the case of SMTP + + these will typically be errors reporting by an SMTP + server to the remote client; in the case of X.400 + these will typically be errors encountered while + processing an incoming message." + ::= {mtaGroupErrorEntry 1} + +mtaGroupInternalErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Count of the number of errors of a given type that have + been accumulated in association with a particular group + during internal MTA processing." + ::= {mtaGroupErrorEntry 2} + +mtaGroupOutboundErrorCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Count of the number of errors of a given type that have + been accumulated in association with a particular group's + outbound connection activities. In the case of an SMTP + client these will typically be errors reported while + attempting to contact or while communicating with the + remote SMTP server. In the case of X.400 these will + typically be errors encountered while constructing + or attempting to deliver an outgoing message." + ::= {mtaGroupErrorEntry 3} + +mtaStatusCode OBJECT-TYPE + SYNTAX INTEGER (4000000..5999999) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index capable of representing an Enhanced Mail System + Status Code. Enhanced Mail System Status Codes are + defined in RFC 1893. These codes have the form + + class.subject.detail + + Here 'class' is either 2, 4, or 5 and both 'subject' and + 'detail' are integers in the range 0..999. Given a status + code the corresponding index value is defined to be + ((class * 1000) + subject) * 1000 + detail. Both SMTP + error response codes and X.400 reason and diagnostic codes + can be mapped into these codes, resulting in a namespace + + capable of describing most error conditions a mail system + encounters in a generic yet detailed way." + ::= {mtaGroupErrorEntry 4} + +-- Conformance information + +mtaConformance OBJECT IDENTIFIER ::= {mta 4} + +mtaGroups OBJECT IDENTIFIER ::= {mtaConformance 1} +mtaCompliances OBJECT IDENTIFIER ::= {mtaConformance 2} + +-- Compliance statements + +mtaCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 1566 implementations + which support the Mail Monitoring MIB for basic + monitoring of MTAs." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC1566Group} + ::= {mtaCompliances 1} + +mtaAssocCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 1566 implementations + which support the Mail Monitoring MIB for monitoring + of MTAs and their associations." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC1566Group, mtaRFC1566AssocGroup} + ::= {mtaCompliances 2} + +mtaRFC2249Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2249 implementations + which support the Mail Monitoring MIB for basic + monitoring of MTAs." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2249Group} + ::= {mtaCompliances 5} + +mtaRFC2249AssocCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2249 implementations + + which support the Mail Monitoring MIB for monitoring of + MTAs and their associations." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2249Group, mtaRFC2249AssocGroup} + ::= {mtaCompliances 6} + +mtaRFC2249ErrorCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2249 implementations + which support the Mail Monitoring MIB for monitoring of + MTAs and detailed errors." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2249Group, mtaRFC2249ErrorGroup} + ::= {mtaCompliances 7} + +mtaRFC2249FullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2249 implementations + which support the full Mail Monitoring MIB for + monitoring of MTAs, associations, and detailed errors." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2249Group, mtaRFC2249AssocGroup, + mtaRFC2249ErrorGroup} + ::= {mtaCompliances 8} + +mtaRFC2789Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2789 implementations + which support the Mail Monitoring MIB for basic + monitoring of MTAs." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2789Group} + ::= {mtaCompliances 9} + +mtaRFC2789AssocCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2789 implementations + which support the Mail Monitoring MIB for monitoring of + MTAs and their associations." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2789Group, mtaRFC2789AssocGroup} + ::= {mtaCompliances 10} + +mtaRFC2789ErrorCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2789 implementations + which support the Mail Monitoring MIB for monitoring of + MTAs and detailed errors." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2789Group, mtaRFC2789ErrorGroup} + ::= {mtaCompliances 11} + +mtaRFC2789FullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2789 implementations + which support the full Mail Monitoring MIB for + monitoring of MTAs, associations, and detailed errors." + MODULE -- this module + MANDATORY-GROUPS {mtaRFC2789Group, mtaRFC2789AssocGroup, + mtaRFC2789ErrorGroup} + ::= {mtaCompliances 12} + +-- Units of conformance + +mtaRFC1566Group OBJECT-GROUP + OBJECTS { + mtaReceivedMessages, mtaStoredMessages, + mtaTransmittedMessages, mtaReceivedVolume, mtaStoredVolume, + mtaTransmittedVolume, mtaReceivedRecipients, + mtaStoredRecipients, mtaTransmittedRecipients, + mtaGroupReceivedMessages, mtaGroupRejectedMessages, + mtaGroupStoredMessages, mtaGroupTransmittedMessages, + mtaGroupReceivedVolume, mtaGroupStoredVolume, + mtaGroupTransmittedVolume, mtaGroupReceivedRecipients, + mtaGroupStoredRecipients, mtaGroupTransmittedRecipients, + mtaGroupOldestMessageStored, mtaGroupInboundAssociations, + mtaGroupOutboundAssociations, + mtaGroupAccumulatedInboundAssociations, + mtaGroupAccumulatedOutboundAssociations, + mtaGroupLastInboundActivity, mtaGroupLastOutboundActivity, + mtaGroupRejectedInboundAssociations, + mtaGroupFailedOutboundAssociations, + mtaGroupInboundRejectionReason, + mtaGroupOutboundConnectFailureReason, + mtaGroupScheduledRetry, mtaGroupMailProtocol, mtaGroupName} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of MTAs. + This is the original set of such objects defined in RFC + 1566." + ::= {mtaGroups 10} + +mtaRFC1566AssocGroup OBJECT-GROUP + OBJECTS { + mtaGroupAssociationIndex} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of MTA + associations. This is the original set of such objects + defined in RFC 1566." + ::= {mtaGroups 11} + +mtaRFC2249Group OBJECT-GROUP + OBJECTS { + mtaReceivedMessages, mtaStoredMessages, + mtaTransmittedMessages, mtaReceivedVolume, mtaStoredVolume, + mtaTransmittedVolume, mtaReceivedRecipients, + mtaStoredRecipients, mtaTransmittedRecipients, + mtaSuccessfulConvertedMessages, mtaFailedConvertedMessages, + mtaGroupReceivedMessages, mtaGroupRejectedMessages, + mtaGroupStoredMessages, mtaGroupTransmittedMessages, + mtaGroupReceivedVolume, mtaGroupStoredVolume, + mtaGroupTransmittedVolume, mtaGroupReceivedRecipients, + mtaGroupStoredRecipients, mtaGroupTransmittedRecipients, + mtaGroupOldestMessageStored, mtaGroupInboundAssociations, + mtaGroupOutboundAssociations, mtaLoopsDetected, + mtaGroupAccumulatedInboundAssociations, + mtaGroupAccumulatedOutboundAssociations, + mtaGroupLastInboundActivity, mtaGroupLastOutboundActivity, + mtaGroupLastOutboundAssociationAttempt, + mtaGroupRejectedInboundAssociations, + mtaGroupFailedOutboundAssociations, + mtaGroupInboundRejectionReason, + mtaGroupOutboundConnectFailureReason, + mtaGroupScheduledRetry, mtaGroupMailProtocol, mtaGroupName, + mtaGroupSuccessfulConvertedMessages, + mtaGroupFailedConvertedMessages, mtaGroupDescription, + mtaGroupURL, mtaGroupCreationTime, mtaGroupHierarchy, + mtaGroupOldestMessageId, mtaGroupLoopsDetected} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of MTAs. + This group was originally defined in RFC 2249." + ::= {mtaGroups 4} + +mtaRFC2249AssocGroup OBJECT-GROUP + OBJECTS { + mtaGroupAssociationIndex} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of MTA + associations. This group was originally defined in RFC + 2249." + ::= {mtaGroups 5} + +mtaRFC2249ErrorGroup OBJECT-GROUP + OBJECTS { + mtaGroupInboundErrorCount, mtaGroupInternalErrorCount, + mtaGroupOutboundErrorCount} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of + detailed MTA errors. This group was originally defined + in RFC 2249." + ::= {mtaGroups 6} + +mtaRFC2789Group OBJECT-GROUP + OBJECTS { + mtaReceivedMessages, mtaStoredMessages, + mtaTransmittedMessages, mtaReceivedVolume, mtaStoredVolume, + mtaTransmittedVolume, mtaReceivedRecipients, + mtaStoredRecipients, mtaTransmittedRecipients, + mtaSuccessfulConvertedMessages, mtaFailedConvertedMessages, + mtaGroupReceivedMessages, mtaGroupRejectedMessages, + mtaGroupStoredMessages, mtaGroupTransmittedMessages, + mtaGroupReceivedVolume, mtaGroupStoredVolume, + mtaGroupTransmittedVolume, mtaGroupReceivedRecipients, + mtaGroupStoredRecipients, mtaGroupTransmittedRecipients, + mtaGroupOldestMessageStored, mtaGroupInboundAssociations, + mtaGroupOutboundAssociations, mtaLoopsDetected, + mtaGroupAccumulatedInboundAssociations, + mtaGroupAccumulatedOutboundAssociations, + mtaGroupLastInboundActivity, mtaGroupLastOutboundActivity, + mtaGroupLastOutboundAssociationAttempt, + mtaGroupRejectedInboundAssociations, + mtaGroupFailedOutboundAssociations, + mtaGroupInboundRejectionReason, + mtaGroupOutboundConnectFailureReason, + mtaGroupScheduledRetry, mtaGroupMailProtocol, mtaGroupName, + mtaGroupSuccessfulConvertedMessages, + mtaGroupFailedConvertedMessages, mtaGroupDescription, + mtaGroupURL, mtaGroupCreationTime, mtaGroupHierarchy, + mtaGroupOldestMessageId, mtaGroupLoopsDetected} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of MTAs. + + This is the appropriate group for RFC 2789." + ::= {mtaGroups 7} + +mtaRFC2789AssocGroup OBJECT-GROUP + OBJECTS { + mtaGroupAssociationIndex} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of MTA + associations. This is the appropriate group for RFC + 2789 association monitoring." + ::= {mtaGroups 8} + +mtaRFC2789ErrorGroup OBJECT-GROUP + OBJECTS { + mtaGroupInboundErrorCount, mtaGroupInternalErrorCount, + mtaGroupOutboundErrorCount} + STATUS current + DESCRIPTION + "A collection of objects providing monitoring of + detailed MTA errors. This is the appropriate group + for RFC 2789 error monitoring." + ::= {mtaGroups 9} + +END diff --git a/mibs/NETWORK-SERVICES-MIB.txt b/mibs/NETWORK-SERVICES-MIB.txt new file mode 100644 index 0000000000..0f2cabecbd --- /dev/null +++ b/mibs/NETWORK-SERVICES-MIB.txt @@ -0,0 +1,626 @@ +NETWORK-SERVICES-MIB DEFINITIONS ::= BEGIN + +IMPORTS + OBJECT-TYPE, Counter32, Gauge32, MODULE-IDENTITY, mib-2 + FROM SNMPv2-SMI + TimeStamp, TEXTUAL-CONVENTION + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB; + +application MODULE-IDENTITY + LAST-UPDATED "200003030000Z" + ORGANIZATION "IETF Mail and Directory Management Working Group" + + CONTACT-INFO + " Ned Freed + + Postal: Innosoft International, Inc. + 1050 Lakes Drive + West Covina, CA 91790 + US + + Tel: +1 626 919 3600 + Fax: +1 626 919 3614 + + E-Mail: ned.freed@innosoft.com" + DESCRIPTION + "The MIB module describing network service applications" + REVISION "200003030000Z" + DESCRIPTION + "This revision, published in RFC 2788, changes a number of + DisplayStrings to SnmpAdminStrings. Note that this change + is not strictly supported by SMIv2. However, the alternative + of deprecating the old objects and defining new objects + would have a more adverse impact on backward compatibility + and interoperability, given the particular semantics of + these objects. The defining reference for distinguished + names has also been updated from RFC 1779 to RFC 2253." + REVISION "199905120000Z" + DESCRIPTION + "This revision fixes a few small technical problems found + in previous versions, mostly in regards to the conformance + groups for different versions of this MIB. No changes have + been made to the objects this MIB defines since RFC 2248." + REVISION "199708170000Z" + DESCRIPTION + "This revision, published in RFC 2248, adds the + applDescription and applURL objects, adds the quiescing + state to the applOperStatus object and renames the MIB + from the APPLICATION-MIB to the NETWORK-SERVICE-MIB." + REVISION "199311280000Z" + DESCRIPTION + "The original version of this MIB was published in RFC 1565" + ::= {mib-2 27} + +-- Textual conventions + +-- DistinguishedName is used to refer to objects in the +-- directory. + +DistinguishedName ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255a" + STATUS current + DESCRIPTION + "A Distinguished Name represented in accordance with + RFC 2253, presented in the UTF-8 charset defined in + RFC 2279." + SYNTAX OCTET STRING (SIZE (0..255)) + +-- Uniform Resource Locators are stored in URLStrings. + +URLString ::= TEXTUAL-CONVENTION + DISPLAY-HINT "255a" + STATUS current + DESCRIPTION + "A Uniform Resource Locator represented in accordance + with RFCs 1738 and 2368, presented in the NVT ASCII + charset defined in RFC 854." + SYNTAX OCTET STRING (SIZE (0..255)) + +-- The basic applTable contains a list of the application +-- entities. + +applTable OBJECT-TYPE + SYNTAX SEQUENCE OF ApplEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding objects which apply to all different + kinds of applications providing network services. + Each network service application capable of being + monitored should have a single entry in this table." + ::= {application 1} + +applEntry OBJECT-TYPE + SYNTAX ApplEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry associated with a single network service + application." + INDEX {applIndex} + ::= {applTable 1} + +ApplEntry ::= SEQUENCE { + applIndex + INTEGER, + applName + SnmpAdminString, + applDirectoryName + + DistinguishedName, + applVersion + SnmpAdminString, + applUptime + TimeStamp, + applOperStatus + INTEGER, + applLastChange + TimeStamp, + applInboundAssociations + Gauge32, + applOutboundAssociations + Gauge32, + applAccumulatedInboundAssociations + Counter32, + applAccumulatedOutboundAssociations + Counter32, + applLastInboundActivity + TimeStamp, + applLastOutboundActivity + TimeStamp, + applRejectedInboundAssociations + Counter32, + applFailedOutboundAssociations + Counter32, + applDescription + SnmpAdminString, + applURL + URLString +} + +applIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index to uniquely identify the network service + application. This attribute is the index used for + lexicographic ordering of the table." + ::= {applEntry 1} + +applName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name the network service application chooses to be + known by." + ::= {applEntry 2} + +applDirectoryName OBJECT-TYPE + SYNTAX DistinguishedName + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The Distinguished Name of the directory entry where + static information about this application is stored. + An empty string indicates that no information about + the application is available in the directory." + ::= {applEntry 3} + +applVersion OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version of network service application software. + This field is usually defined by the vendor of the + network service application software." + ::= {applEntry 4} +applUptime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time the network service + application was last initialized. If the application was + last initialized prior to the last initialization of the + network management subsystem, then this object contains + a zero value." + ::= {applEntry 5} + +applOperStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), + down(2), + halted(3), + congested(4), + restarting(5), + quiescing(6) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the operational status of the network service + application. 'down' indicates that the network service is + + not available. 'up' indicates that the network service + is operational and available. 'halted' indicates that the + service is operational but not available. 'congested' + indicates that the service is operational but no additional + inbound associations can be accommodated. 'restarting' + indicates that the service is currently unavailable but is + in the process of restarting and will be available soon. + 'quiescing' indicates that service is currently operational + but is in the process of shutting down. Additional inbound + associations may be rejected by applications in the + 'quiescing' state." + ::= {applEntry 6} + +applLastChange OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time the network service + application entered its current operational state. If + the current state was entered prior to the last + initialization of the local network management subsystem, + then this object contains a zero value." + ::= {applEntry 7} + +applInboundAssociations OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current associations to the network service + application, where it is the responder. An inbound + association occurs when another application successfully + connects to this one." + ::= {applEntry 8} + +applOutboundAssociations OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of current associations to the network service + application, where it is the initiator. An outbound + association occurs when this application successfully + connects to another one." + ::= {applEntry 9} + +applAccumulatedInboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of associations to the application entity + since application initialization, where it was the responder." + ::= {applEntry 10} + +applAccumulatedOutboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of associations to the application entity + since application initialization, where it was the initiator." + ::= {applEntry 11} + +applLastInboundActivity OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this application last + had an inbound association. If the last association + occurred prior to the last initialization of the network + subsystem, then this object contains a zero value." + ::= {applEntry 12} + +applLastOutboundActivity OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this application last + had an outbound association. If the last association + occurred prior to the last initialization of the network + subsystem, then this object contains a zero value." + ::= {applEntry 13} + +applRejectedInboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of inbound associations the application + entity has rejected, since application initialization. + Rejected associations are not counted in the accumulated + association totals. Note that this only counts + + associations the application entity has rejected itself; + it does not count rejections that occur at lower layers + of the network. Thus, this counter may not reflect the + true number of failed inbound associations." + ::= {applEntry 14} + +applFailedOutboundAssociations OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number associations where the application entity + is initiator and association establishment has failed, + since application initialization. Failed associations are + not counted in the accumulated association totals." + ::= {applEntry 15} + +applDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A text description of the application. This information + is intended to identify and briefly describe the + application in a status display." + ::= {applEntry 16} + +applURL OBJECT-TYPE + SYNTAX URLString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A URL pointing to a description of the application. + This information is intended to identify and describe + the application in a status display." + ::= {applEntry 17} + +-- The assocTable augments the information in the applTable +-- with information about associations. Note that two levels +-- of compliance are specified below, depending on whether +-- association monitoring is mandated. + +assocTable OBJECT-TYPE + SYNTAX SEQUENCE OF AssocEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table holding a set of all active application + + associations." + ::= {application 2} + +assocEntry OBJECT-TYPE + SYNTAX AssocEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry associated with an association for a network + service application." + INDEX {applIndex, assocIndex} + ::= {assocTable 1} + +AssocEntry ::= SEQUENCE { + assocIndex + INTEGER, + assocRemoteApplication + SnmpAdminString, + assocApplicationProtocol + OBJECT IDENTIFIER, + assocApplicationType + INTEGER, + assocDuration + TimeStamp +} + +assocIndex OBJECT-TYPE + SYNTAX INTEGER (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index to uniquely identify each association for a network + service application. This attribute is the index that is + used for lexicographic ordering of the table. Note that the + table is also indexed by the applIndex." + ::= {assocEntry 1} + +assocRemoteApplication OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the system running remote network service + application. For an IP-based application this should be + either a domain name or IP address. For an OSI application + it should be the string encoded distinguished name of the + managed object. For X.400(1984) MTAs which do not have a + Distinguished Name, the RFC 2156 syntax 'mta in + + globalid' used in X400-Received: fields can be used. Note, + however, that not all connections an MTA makes are + necessarily to another MTA." + ::= {assocEntry 2} + +assocApplicationProtocol OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An identification of the protocol being used for the + application. For an OSI Application, this will be the + Application Context. For Internet applications, OID + values of the form {applTCPProtoID port} or {applUDPProtoID + port} are used for TCP-based and UDP-based protocols, + respectively. In either case 'port' corresponds to the + primary port number being used by the protocol. The + usual IANA procedures may be used to register ports for + new protocols." + ::= {assocEntry 3} + +assocApplicationType OBJECT-TYPE + SYNTAX INTEGER { + uainitiator(1), + uaresponder(2), + peerinitiator(3), + peerresponder(4)} + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This indicates whether the remote application is some type of + client making use of this network service (e.g., a Mail User + Agent) or a server acting as a peer. Also indicated is whether + the remote end initiated an incoming connection to the network + service or responded to an outgoing connection made by the + local application. MTAs and messaging gateways are + considered to be peers for the purposes of this variable." + ::= {assocEntry 4} + +assocDuration OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime at the time this association was + started. If this association started prior to the last + initialization of the network subsystem, then this + object contains a zero value." + ::= {assocEntry 5} + +-- Conformance information + +applConformance OBJECT IDENTIFIER ::= {application 3} + +applGroups OBJECT IDENTIFIER ::= {applConformance 1} +applCompliances OBJECT IDENTIFIER ::= {applConformance 2} + +-- Compliance statements + +applCompliance MODULE-COMPLIANCE + STATUS obsolete + DESCRIPTION + "The compliance statement for RFC 1565 implementations + which support the Network Services Monitoring MIB + for basic monitoring of network service applications. + This is the basic compliance statement for RFC 1565." + MODULE + MANDATORY-GROUPS {applRFC1565Group} + ::= {applCompliances 1} + +assocCompliance MODULE-COMPLIANCE + STATUS obsolete + DESCRIPTION + "The compliance statement for RFC 1565 implementations + which support the Network Services Monitoring MIB + for basic monitoring of network service applications + and their associations." + MODULE + MANDATORY-GROUPS {applRFC1565Group, assocRFC1565Group} + ::= {applCompliances 2} + +applRFC2248Compliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for RFC 2248 implementations + which support the Network Services Monitoring MIB + for basic monitoring of network service applications." + MODULE + MANDATORY-GROUPS {applRFC2248Group} + ::= {applCompliances 3} + +assocRFC2248Compliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for RFC 2248 implementations + + which support the Network Services Monitoring MIB for + basic monitoring of network service applications and + their associations." + MODULE + MANDATORY-GROUPS {applRFC2248Group, assocRFC2248Group} + ::= {applCompliances 4} + +applRFC2788Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2788 implementations + which support the Network Services Monitoring MIB + for basic monitoring of network service applications." + MODULE + MANDATORY-GROUPS {applRFC2788Group} + ::= {applCompliances 5} + +assocRFC2788Compliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for RFC 2788 implementations + which support the Network Services Monitoring MIB for + basic monitoring of network service applications and + their associations." + MODULE + MANDATORY-GROUPS {applRFC2788Group, assocRFC2788Group} + ::= {applCompliances 6} + +-- Units of conformance + +applRFC1565Group OBJECT-GROUP + OBJECTS { + applName, applVersion, applUptime, applOperStatus, + applLastChange, applInboundAssociations, + applOutboundAssociations, applAccumulatedInboundAssociations, + applAccumulatedOutboundAssociations, applLastInboundActivity, + applLastOutboundActivity, applRejectedInboundAssociations, + applFailedOutboundAssociations} + STATUS obsolete + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications. This is the original set + of such objects defined in RFC 1565." + ::= {applGroups 7} + +assocRFC1565Group OBJECT-GROUP + OBJECTS { + + assocRemoteApplication, assocApplicationProtocol, + assocApplicationType, assocDuration} + STATUS obsolete + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications' associations. This is the + original set of such objects defined in RFC 1565." + ::= {applGroups 2} + +applRFC2248Group OBJECT-GROUP + OBJECTS { + applName, applVersion, applUptime, applOperStatus, + applLastChange, applInboundAssociations, + applOutboundAssociations, applAccumulatedInboundAssociations, + applAccumulatedOutboundAssociations, applLastInboundActivity, + applLastOutboundActivity, applRejectedInboundAssociations, + applFailedOutboundAssociations, applDescription, applURL} + STATUS deprecated + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications. This group was originally + defined in RFC 2248; note that applDirectoryName is + missing." + ::= {applGroups 3} + +assocRFC2248Group OBJECT-GROUP + OBJECTS { + assocRemoteApplication, assocApplicationProtocol, + assocApplicationType, assocDuration} + STATUS deprecated + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications' associations. This group + was originally defined by RFC 2248." + ::= {applGroups 4} + +applRFC2788Group OBJECT-GROUP + OBJECTS { + applName, applDirectoryName, applVersion, applUptime, + applOperStatus, applLastChange, applInboundAssociations, + applOutboundAssociations, applAccumulatedInboundAssociations, + applAccumulatedOutboundAssociations, applLastInboundActivity, + applLastOutboundActivity, applRejectedInboundAssociations, + applFailedOutboundAssociations, applDescription, applURL} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications. This is the appropriate + + group for RFC 2788 -- it adds the applDirectoryName object + missing in RFC 2248." + ::= {applGroups 5} + +assocRFC2788Group OBJECT-GROUP + OBJECTS { + assocRemoteApplication, assocApplicationProtocol, + assocApplicationType, assocDuration} + STATUS current + DESCRIPTION + "A collection of objects providing basic monitoring of + network service applications' associations. This is + the appropriate group for RFC 2788." + ::= {applGroups 6} + +-- OIDs of the form {applTCPProtoID port} are intended to be used +-- for TCP-based protocols that don't have OIDs assigned by other +-- means. {applUDPProtoID port} serves the same purpose for +-- UDP-based protocols. In either case 'port' corresponds to +-- the primary port number being used by the protocol. For example, +-- assuming no other OID is assigned for SMTP, an OID of +-- {applTCPProtoID 25} could be used, since SMTP is a TCP-based +-- protocol that uses port 25 as its primary port. + +applTCPProtoID OBJECT IDENTIFIER ::= {application 4} +applUDPProtoID OBJECT IDENTIFIER ::= {application 5} + +END diff --git a/sql-schema/083.sql b/sql-schema/083.sql new file mode 100644 index 0000000000..038e674cc7 --- /dev/null +++ b/sql-schema/083.sql @@ -0,0 +1 @@ +INSERT INTO widgets VALUES (NULL, 'External Images', 'generic-image', '5,4'); diff --git a/sql-schema/084.sql b/sql-schema/084.sql new file mode 100644 index 0000000000..b9df6c3d26 --- /dev/null +++ b/sql-schema/084.sql @@ -0,0 +1 @@ +ALTER TABLE `users` ADD `dashboard` INT( 11 ) DEFAULT 0 NOT NULL;