basic support for monitoring 802.1x stuff
authorVictor Kirhenshtein <victor@netxms.org>
Mon, 24 Oct 2011 19:36:10 +0000 (19:36 +0000)
committerVictor Kirhenshtein <victor@netxms.org>
Mon, 24 Oct 2011 19:36:10 +0000 (19:36 +0000)
13 files changed:
include/ieee8021x.h
include/netxmsdb.h
include/nms_cscp.h
include/nxevent.h
sql/events.in
sql/schema.in
src/java/netxms-base/src/main/java/org/netxms/base/NXCPCodes.java
src/java/netxms-client/src/main/java/org/netxms/client/objects/Interface.java
src/java/netxms-client/src/main/java/org/netxms/client/objects/Node.java
src/java/netxms-eclipse/ObjectView/src/org/netxms/ui/eclipse/objectview/objecttabs/elements/GeneralInfo.java
src/server/core/interface.cpp
src/server/include/nms_objects.h
src/server/tools/nxdbmgr/upgrade.cpp

index 86c96e2..256047c 100644 (file)
@@ -27,6 +27,7 @@
 /**
  * States of PAE state machine
  */
+#define PAE_STATE_UNKNOWN        0
 #define PAE_STATE_INITIALIZE     1
 #define PAE_STATE_DISCONNECTED   2
 #define PAE_STATE_CONNECTING     3
@@ -41,6 +42,7 @@
 /**
  * States of backend authentication state machine
  */
+#define BACKEND_STATE_UNKNOWN    0
 #define BACKEND_STATE_REQUEST    1
 #define BACKEND_STATE_RESPONSE   2
 #define BACKEND_STATE_SUCCESS    3
index 699571d..94de9d2 100644 (file)
@@ -23,6 +23,6 @@
 #ifndef _netxmsdb_h
 #define _netxmsdb_h
 
-#define DB_FORMAT_VERSION   243
+#define DB_FORMAT_VERSION   244
 
 #endif
index 029a3ed..ecacbeb 100644 (file)
@@ -883,6 +883,8 @@ typedef struct
 #define VID_RENDER_FORMAT           ((DWORD)400)
 #define VID_FILE_OFFSET             ((DWORD)401)
 #define VID_IS_TEMPLATE             ((DWORD)402)
+#define VID_DOT1X_PAE_STATE         ((DWORD)403)
+#define VID_DOT1X_BACKEND_STATE     ((DWORD)404)
 
 // Base variabe for single threshold in message
 #define VID_THRESHOLD_BASE          ((DWORD)0x00800000)
index dd1bbfc..698ae40 100644 (file)
 #define EVENT_DCI_DISABLED                54
 #define EVENT_DCI_ACTIVE                  55
 #define EVENT_IP_ADDRESS_CHANGED          56
+#define EVENT_8021X_PAE_STATE_CHANGED     57
+#define EVENT_8021X_BACKEND_STATE_CHANGED 58
+#define EVENT_8021X_PAE_FORCE_UNAUTH      59
+#define EVENT_8021X_AUTH_FAILED           60
+#define EVENT_8021X_AUTH_TIMEOUT          61
 
 #define EVENT_SNMP_UNMATCHED_TRAP         500
 #define EVENT_SNMP_COLD_START             501
index 9531eb3..e13b659 100644 (file)
@@ -619,6 +619,64 @@ INSERT INTO event_cfg (event_code,event_name,severity,flags,message,description)
                '   2) Old IP address#0D#0A' CONCAT
                '   3) Primary host name'
        );
+INSERT INTO event_cfg (event_code,event_name,severity,flags,message,description) VALUES
+       (
+               EVENT_8021X_PAE_STATE_CHANGED, 'SYS_8021X_PAE_STATE_CHANGED',
+               EVENT_SEVERITY_NORMAL, 1,
+               'Port %6 PAE state changed from %4 to %2',
+               'Generated when switch port PAE state changed.#0D#0A' CONCAT
+               'Parameters:#0D#0A' CONCAT
+               '   1) New PAE state code#0D#0A' CONCAT
+               '   2) New PAE state as text#0D#0A' CONCAT
+               '   3) Old PAE state code#0D#0A' CONCAT
+               '   4) Old PAE state as text#0D#0A' CONCAT
+               '   5) Interface index#0D#0A' CONCAT
+               '   6) Interface name'
+       );
+INSERT INTO event_cfg (event_code,event_name,severity,flags,message,description) VALUES
+       (
+               EVENT_8021X_BACKEND_STATE_CHANGED, 'SYS_8021X_BACKEND_STATE_CHANGED',
+               EVENT_SEVERITY_NORMAL, 1,
+               'Port %6 backend authentication state changed from %4 to %2',
+               'Generated when switch port backend authentication state changed.#0D#0A' CONCAT
+               'Parameters:#0D#0A' CONCAT
+               '   1) New backend state code#0D#0A' CONCAT
+               '   2) New backend state as text#0D#0A' CONCAT
+               '   3) Old backend state code#0D#0A' CONCAT
+               '   4) Old backend state as text#0D#0A' CONCAT
+               '   5) Interface index#0D#0A' CONCAT
+               '   6) Interface name'
+       );
+INSERT INTO event_cfg (event_code,event_name,severity,flags,message,description) VALUES
+       (
+               EVENT_8021X_PAE_FORCE_UNAUTH, 'SYS_8021X_PAE_FORCE_UNAUTH',
+               EVENT_SEVERITY_MAJOR, 1,
+               'Port %2 switched to force unauthorize state',
+               'Generated when switch port PAE state changed to FORCE UNAUTHORIZE.#0D#0A' CONCAT
+               'Parameters:#0D#0A' CONCAT
+               '   1) Interface index#0D#0A' CONCAT
+               '   2) Interface name'
+       );
+INSERT INTO event_cfg (event_code,event_name,severity,flags,message,description) VALUES
+       (
+               EVENT_8021X_AUTH_FAILED, 'SYS_8021X_AUTH_FAILED',
+               EVENT_SEVERITY_MAJOR, 1,
+               '802.1x authentication failed on port %2',
+               'Generated when switch port backend authentication state changed to FAIL.#0D#0A' CONCAT
+               'Parameters:#0D#0A' CONCAT
+               '   1) Interface index#0D#0A' CONCAT
+               '   2) Interface name'
+       );
+INSERT INTO event_cfg (event_code,event_name,severity,flags,message,description) VALUES
+       (
+               EVENT_8021X_AUTH_TIMEOUT, 'SYS_8021X_AUTH_TIMEOUT',
+               EVENT_SEVERITY_MAJOR, 1,
+               '802.1x authentication time out on port %2',
+               'Generated when switch port backend authentication state changed to TIMEOUT.#0D#0A' CONCAT
+               'Parameters:#0D#0A' CONCAT
+               '   1) Interface index#0D#0A' CONCAT
+               '   2) Interface name'
+       );
 
 
 /*
index 61d4eb6..b4e9c69 100644 (file)
@@ -313,6 +313,8 @@ CREATE TABLE interfaces
        peer_if_id integer not null,
        mac_addr varchar(15) not null,
        required_polls integer not null,
+       dot1x_pae_state integer not null,
+       dot1x_backend_state integer not null,
        description varchar(255),
        PRIMARY KEY(id)
 ) TABLE_TYPE;
index 85c39db..3efd4cb 100644 (file)
@@ -687,6 +687,8 @@ public final class NXCPCodes
        public static final long VID_RENDER_FORMAT           = 400;\r
        public static final long VID_FILE_OFFSET             = 401;\r
        public static final long VID_IS_TEMPLATE             = 402;\r
+       public static final long VID_DOT1X_PAE_STATE         = 403;\r
+       public static final long VID_DOT1X_BACKEND_STATE     = 404;\r
 \r
        public static final long VID_ACL_USER_BASE            = 0x00001000L;\r
        public static final long VID_ACL_USER_LAST            = 0x00001FFFL;\r
index 1dafe9f..bec8115 100644 (file)
@@ -32,6 +32,55 @@ public class Interface extends GenericObject
        public static final int IF_SYNTHETIC_MASK = 0x00000001;\r
        public static final int IF_PHYSICAL_PORT  = 0x00000002;\r
        \r
+       public static final int PAE_STATE_UNKNOWN        = 0;\r
+       public static final int PAE_STATE_INITIALIZE     = 1;\r
+       public static final int PAE_STATE_DISCONNECTED   = 2;\r
+       public static final int PAE_STATE_CONNECTING     = 3;\r
+       public static final int PAE_STATE_AUTHENTICATING = 4;\r
+       public static final int PAE_STATE_AUTHENTICATED  = 5;\r
+       public static final int PAE_STATE_ABORTING       = 6;\r
+       public static final int PAE_STATE_HELD           = 7;\r
+       public static final int PAE_STATE_FORCE_AUTH     = 8;\r
+       public static final int PAE_STATE_FORCE_UNAUTH   = 9;\r
+       public static final int PAE_STATE_RESTART        = 10;\r
+\r
+       public static final int BACKEND_STATE_UNKNOWN    = 0;\r
+       public static final int BACKEND_STATE_REQUEST    = 1;\r
+       public static final int BACKEND_STATE_RESPONSE   = 2;\r
+       public static final int BACKEND_STATE_SUCCESS    = 3;\r
+       public static final int BACKEND_STATE_FAIL       = 4;\r
+       public static final int BACKEND_STATE_TIMEOUT    = 5;\r
+       public static final int BACKEND_STATE_IDLE       = 6;\r
+       public static final int BACKEND_STATE_INITIALIZE = 7;\r
+       public static final int BACKEND_STATE_IGNORE     = 8;\r
+       \r
+       private static final String[] paeStateText =\r
+               {\r
+                       "UNKNOWN",\r
+                       "INITIALIZE",\r
+                       "DISCONNECTED",\r
+                       "CONNECTING",\r
+                       "AUTHENTICATING",\r
+                       "AUTHENTICATED",\r
+                       "ABORTING",\r
+                       "HELD",\r
+                       "FORCE AUTH",\r
+                       "FORCE UNAUTH",\r
+                       "RESTART"\r
+               };\r
+       private static final String[] backendStateText =\r
+               {\r
+                       "UNKNOWN",\r
+                       "REQUEST",\r
+                       "RESPONSE",\r
+                       "SUCCESS",\r
+                       "FAIL",\r
+                       "TIMEOUT",\r
+                       "IDLE",\r
+                       "INITIALIZE",\r
+                       "IGNORE"\r
+               };\r
+       \r
        private int flags;\r
        private InetAddress subnetMask;\r
        private int ifIndex;\r
@@ -44,6 +93,8 @@ public class Interface extends GenericObject
        private long peerInterfaceId;\r
        private long zoneId;\r
        private String description;\r
+       private int dot1xPaeState;\r
+       private int dot1xBackendState;\r
        \r
        /**\r
         * @param msg\r
@@ -64,6 +115,8 @@ public class Interface extends GenericObject
                peerInterfaceId = msg.getVariableAsInt64(NXCPCodes.VID_PEER_INTERFACE_ID);\r
                zoneId = msg.getVariableAsInt64(NXCPCodes.VID_ZONE_ID);\r
                description = msg.getVariableAsString(NXCPCodes.VID_DESCRIPTION);\r
+               dot1xPaeState = msg.getVariableAsInteger(NXCPCodes.VID_DOT1X_PAE_STATE);\r
+               dot1xBackendState = msg.getVariableAsInteger(NXCPCodes.VID_DOT1X_BACKEND_STATE);\r
        }\r
        \r
        /**\r
@@ -193,4 +246,54 @@ public class Interface extends GenericObject
        {\r
                return flags;\r
        }\r
+\r
+       /**\r
+        * @return the dot1xPaeState\r
+        */\r
+       public int getDot1xPaeState()\r
+       {\r
+               return dot1xPaeState;\r
+       }\r
+       \r
+       /**\r
+        * Get 802.1x PAE state as text\r
+        * \r
+        * @return\r
+        */\r
+       public String getDot1xPaeStateAsText()\r
+       {\r
+               try\r
+               {\r
+                       return paeStateText[dot1xPaeState];\r
+               }\r
+               catch(ArrayIndexOutOfBoundsException e)\r
+               {\r
+                       return paeStateText[PAE_STATE_UNKNOWN];\r
+               }\r
+       }\r
+\r
+       /**\r
+        * @return the dot1xBackendState\r
+        */\r
+       public int getDot1xBackendState()\r
+       {\r
+               return dot1xBackendState;\r
+       }\r
+\r
+       /**\r
+        * Get 802.1x backend state as text\r
+        * \r
+        * @return\r
+        */\r
+       public String getDot1xBackendStateAsText()\r
+       {\r
+               try\r
+               {\r
+                       return backendStateText[dot1xBackendState];\r
+               }\r
+               catch(ArrayIndexOutOfBoundsException e)\r
+               {\r
+                       return backendStateText[BACKEND_STATE_UNKNOWN];\r
+               }\r
+       }\r
 }\r
index 90f9cda..d6c3d6d 100644 (file)
@@ -50,8 +50,9 @@ public class Node extends GenericObject
        public static final int NF_IS_SONMP             = 0x00000400;\r
        public static final int NF_IS_LLDP              = 0x00000800;\r
        public static final int NF_IS_VRRP              = 0x00001000;\r
-       public static final int NF_IS_8021X             = 0x00002000;\r
-       public static final int NF_IS_STP               = 0x00004000;\r
+       public static final int NF_HAS_VLANS            = 0x00002000;\r
+       public static final int NF_IS_8021X             = 0x00004000;\r
+       public static final int NF_IS_STP               = 0x00008000;\r
 \r
        // Node flags (user)\r
        public static final int NF_DISABLE_SNMP         = 0x01000000;\r
index 05cd68d..65aad6a 100644 (file)
@@ -68,7 +68,15 @@ public class GeneralInfo extends TableElement
                                addPair("Description", iface.getDescription());\r
                                addPair("MAC Address", iface.getMacAddress().toString());\r
                                if ((iface.getFlags() & Interface.IF_PHYSICAL_PORT) != 0)\r
+                               {\r
                                        addPair("Slot/Port", Integer.toString(iface.getSlot()) + "/" + Integer.toString(iface.getPort()));\r
+                                       Node node = iface.getParentNode();\r
+                                       if ((node != null) && node.is8021xSupported())\r
+                                       {\r
+                                               addPair("802.1x PAE State", iface.getDot1xPaeStateAsText());\r
+                                               addPair("802.1x Backend State", iface.getDot1xBackendStateAsText());\r
+                                       }\r
+                               }\r
                                if (!iface.getPrimaryIP().isAnyLocalAddress())\r
                                {\r
                                        if (session.isZoningEnabled())\r
index be05868..042cdad 100644 (file)
@@ -21,6 +21,7 @@
 **/
 
 #include "nxcore.h"
+#include <ieee8021x.h>
 
 
 //
@@ -40,8 +41,8 @@ Interface::Interface()
        m_portNumber = 0;
        m_peerNodeId = 0;
        m_peerInterfaceId = 0;
-       m_dot1xPaeAuthState = 0;
-       m_dot1xBackendAuthState = 0;
+       m_dot1xPaeAuthState = PAE_STATE_UNKNOWN;
+       m_dot1xBackendAuthState = BACKEND_STATE_UNKNOWN;
    m_qwLastDownEventId = 0;
        m_iPendingStatus = -1;
        m_iPollCount = 0;
@@ -69,8 +70,8 @@ Interface::Interface(DWORD dwAddr, DWORD dwNetMask, DWORD zoneId, bool bSyntheti
        m_portNumber = 0;
        m_peerNodeId = 0;
        m_peerInterfaceId = 0;
-       m_dot1xPaeAuthState = 0;
-       m_dot1xBackendAuthState = 0;
+       m_dot1xPaeAuthState = PAE_STATE_UNKNOWN;
+       m_dot1xBackendAuthState = BACKEND_STATE_UNKNOWN;
    memset(m_bMacAddr, 0, MAC_ADDR_LENGTH);
    m_qwLastDownEventId = 0;
        m_iPendingStatus = -1;
@@ -100,8 +101,8 @@ Interface::Interface(const TCHAR *name, const TCHAR *descr, DWORD index, DWORD i
        m_portNumber = 0;
        m_peerNodeId = 0;
        m_peerInterfaceId = 0;
-       m_dot1xPaeAuthState = 0;
-       m_dot1xBackendAuthState = 0;
+       m_dot1xPaeAuthState = PAE_STATE_UNKNOWN;
+       m_dot1xBackendAuthState = BACKEND_STATE_UNKNOWN;
    memset(m_bMacAddr, 0, MAC_ADDR_LENGTH);
    m_qwLastDownEventId = 0;
        m_iPendingStatus = -1;
@@ -140,7 +141,8 @@ BOOL Interface::CreateFromDB(DWORD dwId)
 
    _sntprintf(szQuery, 256, _T("SELECT ip_addr,ip_netmask,if_type,if_index,node_id,")
                             _T("mac_addr,flags,required_polls,bridge_port,phy_slot,")
-                                                                        _T("phy_port,peer_node_id,peer_if_id,description FROM interfaces WHERE id=%d"), dwId);
+                                                                        _T("phy_port,peer_node_id,peer_if_id,description,")
+                                                                        _T("dot1x_pae_state,dot1x_backend_state FROM interfaces WHERE id=%d"), (int)dwId);
    hResult = DBSelect(g_hCoreDB, szQuery);
    if (hResult == NULL)
       return FALSE;     // Query failed
@@ -161,6 +163,8 @@ BOOL Interface::CreateFromDB(DWORD dwId)
                m_peerNodeId = DBGetFieldULong(hResult, 0, 11);
                m_peerInterfaceId = DBGetFieldULong(hResult, 0, 12);
                DBGetField(hResult, 0, 13, m_description, MAX_DB_STRING);
+               m_dot1xPaeAuthState = (WORD)DBGetFieldLong(hResult, 0, 14);
+               m_dot1xBackendAuthState = (WORD)DBGetFieldLong(hResult, 0, 15);
 
       // Link interface to node
       if (!m_bIsDeleted)
@@ -236,26 +240,29 @@ BOOL Interface::SaveToDB(DB_HANDLE hdb)
    if (bNewObject)
       _sntprintf(szQuery, 2048, _T("INSERT INTO interfaces (id,ip_addr,")
                        _T("ip_netmask,node_id,if_type,if_index,mac_addr,flags,required_polls,")
-                                                         _T("bridge_port,phy_slot,phy_port,peer_node_id,peer_if_id,description) ")
-                       _T("VALUES (%d,'%s','%s',%d,%d,%d,'%s',%d,%d,%d,%d,%d,%d,%d,%s)"),
+                                                         _T("bridge_port,phy_slot,phy_port,peer_node_id,peer_if_id,description,")
+                       _T("dot1x_pae_state,dot1x_backend_state) ")
+                                                         _T("VALUES (%d,'%s','%s',%d,%d,%d,'%s',%d,%d,%d,%d,%d,%d,%d,%s,%d,%d)"),
               m_dwId, IpToStr(m_dwIpAddr, szIpAddr),
               IpToStr(m_dwIpNetMask, szNetMask), dwNodeId,
                                  m_dwIfType, m_dwIfIndex, szMacStr, (int)m_flags,
                                  m_iRequiredPollCount, (int)m_bridgePortNumber, (int)m_slotNumber,
                                  (int)m_portNumber, (int)m_peerNodeId, (int)m_peerInterfaceId,
-                                 (const TCHAR *)DBPrepareString(hdb, m_description));
+                                 (const TCHAR *)DBPrepareString(hdb, m_description),
+                                 (int)m_dot1xPaeAuthState, (int)m_dot1xBackendAuthState);
    else
       _sntprintf(szQuery, 2048, _T("UPDATE interfaces SET ip_addr='%s',ip_netmask='%s',")
-                       _T("node_id=%d,if_type=%d,if_index=%d,")
-                       _T("mac_addr='%s',flags=%d,")
+                       _T("node_id=%d,if_type=%d,if_index=%d,mac_addr='%s',flags=%d,")
                                                          _T("required_polls=%d,bridge_port=%d,phy_slot=%d,phy_port=%d,")
-                                                         _T("peer_node_id=%d,peer_if_id=%d,description=%s WHERE id=%d"),
+                                                         _T("peer_node_id=%d,peer_if_id=%d,description=%s,")
+                                                         _T("dot1x_pae_state=%d,dot1x_backend_state=%d WHERE id=%d"),
               IpToStr(m_dwIpAddr, szIpAddr),
               IpToStr(m_dwIpNetMask, szNetMask), dwNodeId,
                                  m_dwIfType, m_dwIfIndex, szMacStr, (int)m_flags,
                                  m_iRequiredPollCount, (int)m_bridgePortNumber, (int)m_slotNumber,
                                  (int)m_portNumber, (int)m_peerNodeId, (int)m_peerInterfaceId,
-                                 (const TCHAR *)DBPrepareString(hdb, m_description), m_dwId);
+                                 (const TCHAR *)DBPrepareString(hdb, m_description), 
+                                 (int)m_dot1xPaeAuthState, (int)m_dot1xBackendAuthState, (int)m_dwId);
    DBQuery(hdb, szQuery);
 
    // Save access list
@@ -466,7 +473,104 @@ void Interface::StatusPoll(ClientSession *pSession, DWORD dwRqId,
                UnlockData();
    }
    SendPollerMsg(dwRqId, _T("      Interface status after poll is %s\r\n"), g_szStatusText[m_iStatus]);
-   SendPollerMsg(dwRqId, _T("   Finished status poll on interface %s\r\n"), m_szName);
+
+       if ((pNode->getFlags() & NF_IS_8021X) && isPhysicalPort())
+       {
+               DbgPrintf(5, _T("StatusPoll(%s): Checking 802.1x state for interface %s"), pNode->Name(), m_szName);
+               paeStatusPoll(pSession, dwRqId, pTransport, pNode);
+       }
+   
+       SendPollerMsg(dwRqId, _T("   Finished status poll on interface %s\r\n"), m_szName);
+}
+
+
+//
+// PAE (802.1x) status poll
+//
+
+void Interface::paeStatusPoll(ClientSession *pSession, DWORD dwRqId, SNMP_Transport *pTransport, Node *node)
+{
+       static TCHAR *paeStateText[] = 
+       {
+               _T("UNKNOWN"),
+               _T("INITIALIZE"),
+               _T("DISCONNECTED"),
+               _T("CONNECTING"),
+               _T("AUTHENTICATING"),
+               _T("AUTHENTICATED"),
+               _T("ABORTING"),
+               _T("HELD"),
+               _T("FORCE AUTH"),
+               _T("FORCE UNAUTH"),
+               _T("RESTART")
+       };
+       static TCHAR *backendStateText[] = 
+       {
+               _T("UNKNOWN"),
+               _T("REQUEST"),
+               _T("RESPONSE"),
+               _T("SUCCESS"),
+               _T("FAIL"),
+               _T("TIMEOUT"),
+               _T("IDLE"),
+               _T("INITIALIZE"),
+               _T("IGNORE")
+       };
+#define PAE_STATE_TEXT(x) ((((x) <= PAE_STATE_RESTART) && ((x) >= 0)) ? paeStateText[x] : paeStateText[0])
+#define BACKEND_STATE_TEXT(x) ((((x) <= BACKEND_STATE_IGNORE) && ((x) >= 0)) ? backendStateText[x] : backendStateText[0])
+
+   SendPollerMsg(dwRqId, _T("      Checking port 802.1x status...\r\n"));
+
+       TCHAR oid[256];
+       LONG paeState = PAE_STATE_UNKNOWN, backendState = BACKEND_STATE_UNKNOWN;
+       bool modified = false;
+
+       _sntprintf(oid, 256, _T(".1.0.8802.1.1.1.1.2.1.1.1.%d"), m_dwIfIndex);
+       SnmpGet(pTransport->getSnmpVersion(), pTransport, oid, NULL, 0, &paeState, sizeof(LONG), 0);
+
+       _sntprintf(oid, 256, _T(".1.0.8802.1.1.1.1.2.1.1.2.%d"), m_dwIfIndex);
+       SnmpGet(pTransport->getSnmpVersion(), pTransport, oid, NULL, 0, &backendState, sizeof(LONG), 0);
+
+       if (m_dot1xPaeAuthState != (WORD)paeState)
+       {
+          SendPollerMsg(dwRqId, _T("      Port PAE state changed to %s...\r\n"), PAE_STATE_TEXT(paeState));
+               modified = true;
+
+               PostEvent(EVENT_8021X_PAE_STATE_CHANGED, node->Id(), "dsdsds", paeState, PAE_STATE_TEXT(paeState),
+                         (DWORD)m_dot1xPaeAuthState, PAE_STATE_TEXT(m_dot1xPaeAuthState), m_dwId, m_szName);
+
+               if (paeState == PAE_STATE_FORCE_UNAUTH)
+               {
+                       PostEvent(EVENT_8021X_PAE_FORCE_UNAUTH, node->Id(), "ds", m_dwId, m_szName);
+               }
+       }
+
+       if (m_dot1xBackendAuthState != (WORD)backendState)
+       {
+          SendPollerMsg(dwRqId, _T("      Port backend state changed to %s...\r\n"), BACKEND_STATE_TEXT(backendState));
+               modified = true;
+
+               PostEvent(EVENT_8021X_BACKEND_STATE_CHANGED, node->Id(), "dsdsds", backendState, BACKEND_STATE_TEXT(backendState),
+                         (DWORD)m_dot1xBackendAuthState, BACKEND_STATE_TEXT(m_dot1xBackendAuthState), m_dwId, m_szName);
+
+               if (backendState == BACKEND_STATE_FAIL)
+               {
+                       PostEvent(EVENT_8021X_AUTH_FAILED, node->Id(), "ds", m_dwId, m_szName);
+               }
+               else if (backendState == BACKEND_STATE_TIMEOUT)
+               {
+                       PostEvent(EVENT_8021X_AUTH_TIMEOUT, node->Id(), "ds", m_dwId, m_szName);
+               }
+       }
+
+       if (modified)
+       {
+               LockData();
+               m_dot1xPaeAuthState = (WORD)paeState;
+               m_dot1xBackendAuthState = (WORD)backendState;
+               Modify();
+               UnlockData();
+       }
 }
 
 
@@ -488,6 +592,8 @@ void Interface::CreateMessage(CSCPMessage *pMsg)
        pMsg->SetVariable(VID_PEER_NODE_ID, m_peerNodeId);
        pMsg->SetVariable(VID_PEER_INTERFACE_ID, m_peerInterfaceId);
        pMsg->SetVariable(VID_DESCRIPTION, m_description);
+       pMsg->SetVariable(VID_DOT1X_PAE_STATE, m_dot1xPaeAuthState);
+       pMsg->SetVariable(VID_DOT1X_BACKEND_STATE, m_dot1xBackendAuthState);
 }
 
 
index 53a30ec..5271e1c 100644 (file)
@@ -553,6 +553,8 @@ protected:
        int m_iRequiredPollCount;
    DWORD m_zoneId;
 
+       void paeStatusPoll(ClientSession *pSession, DWORD dwRqId, SNMP_Transport *pTransport, Node *node);
+
 public:
    Interface();
    Interface(DWORD dwAddr, DWORD dwNetMask, DWORD zoneId, bool bSyntheticMask);
index 424fcfd..666a444 100644 (file)
@@ -253,6 +253,81 @@ static BOOL SetColumnNullable(const TCHAR *table, const TCHAR *column, const TCH
 
 
 //
+// Create new event template
+//
+
+static BOOL CreateEventTemplate(int code, const TCHAR *name, int severity, int flags, const TCHAR *message, const TCHAR *description)
+{
+       TCHAR query[4096], *escMessage, *escDescription;
+
+       escMessage = EncodeSQLString(message);
+       escDescription = EncodeSQLString(description);
+       _sntprintf(query, 4096, _T("INSERT INTO event_cfg (event_code,event_name,severity,flags,message,description) VALUES (%d,'%s',%d,%d,'%s','%s')"),
+                  code, name, severity, flags, escMessage, escDescription);
+       free(escMessage);
+       free(escDescription);
+       return SQLQuery(query);
+}
+
+
+//
+// Upgrade from V243 to V244
+//
+
+static BOOL H_UpgradeFromV243(int currVersion, int newVersion)
+{
+       static TCHAR batch[] = 
+               _T("ALTER TABLE interfaces ADD dot1x_pae_state integer\n")
+               _T("ALTER TABLE interfaces ADD dot1x_backend_state integer\n")
+               _T("UPDATE interfaces SET dot1x_pae_state=0,dot1x_backend_state=0\n")
+               _T("<END>");
+
+       CHK_EXEC(SQLBatch(batch));
+
+       CHK_EXEC(CreateEventTemplate(EVENT_8021X_PAE_STATE_CHANGED, _T("SYS_8021X_PAE_STATE_CHANGED"),
+               EVENT_SEVERITY_NORMAL, 1, _T("Port %6 PAE state changed from %4 to %2"), 
+               _T("Generated when switch port PAE state changed.\r\nParameters:\r\n")
+               _T("   1) New PAE state code\r\n")
+               _T("   2) New PAE state as text\r\n")
+               _T("   3) Old PAE state code\r\n")
+               _T("   4) Old PAE state as text\r\n")
+               _T("   5) Interface index\r\n")
+               _T("   6) Interface name")));
+
+       CHK_EXEC(CreateEventTemplate(EVENT_8021X_BACKEND_STATE_CHANGED, _T("SYS_8021X_BACKEND_STATE_CHANGED"),
+               EVENT_SEVERITY_NORMAL, 1, _T("Port %6 backend authentication state changed from %4 to %2"), 
+               _T("Generated when switch port backend authentication state changed.\r\nParameters:\r\n")
+               _T("   1) New backend state code\r\n")
+               _T("   2) New backend state as text\r\n")
+               _T("   3) Old backend state code\r\n")
+               _T("   4) Old backend state as text\r\n")
+               _T("   5) Interface index\r\n")
+               _T("   6) Interface name")));
+
+       CHK_EXEC(CreateEventTemplate(EVENT_8021X_PAE_FORCE_UNAUTH, _T("SYS_8021X_PAE_FORCE_UNAUTH"),
+               EVENT_SEVERITY_MAJOR, 1, _T("Port %2 switched to force unauthorize state"), 
+               _T("Generated when switch port PAE state changed to FORCE UNAUTHORIZE.\r\nParameters:\r\n")
+               _T("   1) Interface index\r\n")
+               _T("   2) Interface name")));
+
+       CHK_EXEC(CreateEventTemplate(EVENT_8021X_AUTH_FAILED, _T("SYS_8021X_AUTH_FAILED"),
+               EVENT_SEVERITY_MAJOR, 1, _T("802.1x authentication failed on port %2"), 
+               _T("Generated when switch port backend authentication state changed to FAIL.\r\nParameters:\r\n")
+               _T("   1) Interface index\r\n")
+               _T("   2) Interface name")));
+
+       CHK_EXEC(CreateEventTemplate(EVENT_8021X_AUTH_TIMEOUT, _T("SYS_8021X_AUTH_TIMEOUT"),
+               EVENT_SEVERITY_MAJOR, 1, _T("802.1x authentication time out on port %2"), 
+               _T("Generated when switch port backend authentication state changed to TIMEOUT.\r\nParameters:\r\n")
+               _T("   1) Interface index\r\n")
+               _T("   2) Interface name")));
+
+       CHK_EXEC(SQLQuery(_T("UPDATE metadata SET var_value='244' WHERE var_name='SchemaVersion'")));
+   return TRUE;
+}
+
+
+//
 // Upgrade from V242 to V243
 //
 
@@ -5778,6 +5853,7 @@ static struct
        { 240, 241, H_UpgradeFromV240 },
        { 241, 242, H_UpgradeFromV241 },
        { 242, 243, H_UpgradeFromV242 },
+       { 243, 244, H_UpgradeFromV243 },
    { 0, NULL }
 };