From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc2592.txt | 2971 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2971 insertions(+) create mode 100644 doc/rfc/rfc2592.txt (limited to 'doc/rfc/rfc2592.txt') diff --git a/doc/rfc/rfc2592.txt b/doc/rfc/rfc2592.txt new file mode 100644 index 0000000..3d0fa8d --- /dev/null +++ b/doc/rfc/rfc2592.txt @@ -0,0 +1,2971 @@ + + + + + + +Network Working Group D. Levi +Request for Comments: 2592 Nortel Networks +Category: Standards Track J. Schoenwaelder + TU Braunschweig + May 1999 + + + Definitions of Managed Objects for the + Delegation of Management Scripts + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (1999). All Rights Reserved. + +Abstract + + This memo defines a portion of the Management Information Base (MIB) + for use with network management protocols in the Internet community. + In particular, it describes a set of managed objects that allow the + delegation of management scripts to distributed managers. + +Table of Contents + + 1. Introduction ................................................. 2 + 2. The SNMP Management Framework ................................ 2 + 3. Overview ..................................................... 3 + 3.1 Terms ...................................................... 4 + 4. Requirements and Design Issues .............................. 5 + 4.1 Script Languages ........................................... 5 + 4.2 Script Transfer ............................................ 6 + 4.3 Script Execution ........................................... 7 + 5. The Structure of the MIB ..................................... 8 + 5.1 The smLanguageGroup ........................................ 9 + 5.2 The smScriptGroup .......................................... 9 + 5.3 The smCodeGroup ............................................ 10 + 5.4 The smLaunchGroup .......................................... 10 + 5.5 The smRunGroup ............................................. 11 + 6 Definitions .................................................. 11 + 7. Usage Examples ............................................... 41 + 7.1 Pushing a script via SNMP .................................. 41 + + + +Levi & Schoenwaelder Standards Track [Page 1] + +RFC 2592 Script MIB May 1999 + + + 7.2 Pulling a script from a URL ................................ 42 + 7.3 Modifying an existing script ............................... 42 + 7.4 Removing an existing script ................................ 43 + 7.5 Creating a launch button ................................... 43 + 7.6 Launching a script ......................................... 44 + 7.7 Terminating a script ....................................... 44 + 7.8 Removing a launch button ................................... 45 + 8. VACM Configuration Examples .................................. 45 + 8.1 Sandbox for guests ......................................... 45 + 8.2 Sharing scripts ............................................ 46 + 8.3 Emergency scripts .......................................... 47 + 9. IANA Considerations .......................................... 48 + 10. Security Considerations ..................................... 48 + 11. Intellectual Property ....................................... 49 + 12. Acknowledgments ............................................. 49 + 13. References .................................................. 50 + 14. Editors' Addresses .......................................... 52 + 16. Full Copyright Statement .................................... 53 + +1. Introduction + + This memo defines a portion of the Management Information Base (MIB) + for use with network management protocols in the Internet community. + In particular, it describes a set of managed objects that allow the + delegation of management scripts to distributed managers. + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119 [21]. + +2. The SNMP Management Framework + + The SNMP Management Framework presently consists of five major + components: + + o An overall architecture, described in RFC 2271 [1]. + + o Mechanisms for describing and naming objects and events for + the purpose of management. The first version of this Structure + of Management Information (SMI) is called SMIv1 and described + in STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 + [4]. The second version, called SMIv2, is described in STD 58, + RFC 2578 [5], RFC 2579 [6] and RFC 2580 [7]. + + + + + + + + +Levi & Schoenwaelder Standards Track [Page 2] + +RFC 2592 Script MIB May 1999 + + + o Message protocols for transferring management information. The + first version of the SNMP message protocol is called SNMPv1 + and described in STD 15, RFC 1157 [8]. A second version of the + SNMP message protocol, which is not an Internet standards + track protocol, is called SNMPv2c and described in RFC 1901 + [9] and RFC 1906 [10]. The third version of the message + protocol is called SNMPv3 and described in RFC 1906 [10], RFC + 2272 [11] and RFC 2274 [12]. + + o Protocol operations for accessing management information. The + first set of protocol operations and associated PDU formats is + described in STD 15, RFC 1157 [8]. A second set of protocol + operations and associated PDU formats is described in RFC 1905 + [13]. + + o A set of fundamental applications described in RFC 2273 [14] + and the view-based access control mechanism described in RFC + 2275 [15]. + + Managed objects are accessed via a virtual information store, termed + the Management Information Base or MIB. Objects in the MIB are + defined using the mechanisms defined in the SMI. + + MIB conforming to the SMIv1 can be produced through the appropriate + translations. The resulting translated MIB must be semantically + equivalent, except where objects or events are omitted because no + translation is possible (use of Counter64). Some machine readable + information in SMIv2 will be converted into textual descriptions in + SMIv1 during the translation process. However, this loss of machine + readable information is not considered to change the semantics of the + MIB. + +3. Overview + + The Script MIB module defined in this memo can be used to delegate + management functions to distributed managers. Management functions + are defined as management scripts written in a management scripting + language. This MIB makes no assumptions about the language itself and + even allows distribution of compiled native code, if an + implementation is able to execute native code under the control of + this MIB. + + The Script MIB defines a standard interface for the delegation of + management functions based on the Internet management framework. In + particular, it provides the following capabilities: + + 1. Capabilities to transfer management scripts to a distributed + manager. + + + +Levi & Schoenwaelder Standards Track [Page 3] + +RFC 2592 Script MIB May 1999 + + + 2. Capabilities for initiating, suspending, resuming and + terminating management scripts. + + 3. Capabilities to transfer arguments for management scripts. + + 4. Capabilities to monitor and control running management scripts. + + 5. Capabilities to transfer the results produced by running + management scripts. + + This memo does not address any additional topics like the generation + of notifications or how to address remote agents from a Script MIB + implementation. + +3.1. Terms + + This section defines the terms used throughout this memo. + + o A `distributed manager' is a processing entity which is capable + of performing network management functions. For the scope of + this memo, a distributed manager is assumed to implement the + Script MIB. + + o A `higher-level manager', or just `manager', is a processing + entity or human who initiates and controls the operations + performed by one or more distributed managers. + + o A `management script' is a set of instructions written in an + executable language which implements a management function. + + o A `management scripting language' is a language used to write + management scripts. Note, the term scripting language does not + imply that the language must have the characteristics of + scripting languages (e.g. string orientation, interpretation, + weak typing). The MIB defined in this memo also allows to + control management scripts written in arbitrary compiled system + programming languages. + + o A `distributed manager' can be decomposed into an `SNMP entity' + which implements the Script MIB defined in this memo and the + `runtime system' that executes scripts. The Script MIB sees the + runtime system as the managed resource which is controlled by + the MIB. + + The runtime system can act as an SNMP application, according to + the SNMP architecture defined in RFC 2271 [1]. For example, a + runtime system which sends SNMP requests to other SNMP entities + will act as a command generator application. The SNMP + + + +Levi & Schoenwaelder Standards Track [Page 4] + +RFC 2592 Script MIB May 1999 + + + applications in the runtime system may use the same SNMP engine + which also serves the command responder application used to + implement the Script MIB, but they are not required to do so. + + o A `launch button' is the conceptual button used to start the + execution of a management script. It assignes control parameters + to a management script. In particular, it defines the ownership + of the scripts started from a launch button. The ownership can + be used by the language runtime system to enforce security + profiles on a running management script. + +4. Requirements and Design Issues + + This section discusses some general requirements that have influenced + the design of the Script MIB. + + o The Script MIB must not make any assumptions about specific + languages or runtime systems. + + o The Script MIB must provide mechanisms that help to avoid new + management problems (e.g. script version problems). + + o The Script MIB must provide SNMP interfaces to all functions + required to delegate management scripts. However, other + protocols might be used in addition if they provide a + significant improvement in terms of convenience for + implementation or performance. + + o The Script MIB must be organized so that access can be + controlled effectively by using view-based access control [15]. + + The following sections discuss some design issues in more detail. + +4.1. Script Languages + + The Script MIB defined in this memo makes no assumption about the + script language. This MIB can therefore be used in combination with + different languages (such as Tcl or Java) and/or different versions + of the same language. No assumptions are made about the format in + which management scripts are transferred. + + The Script MIB provides access to information about the language + versions supported by a Script MIB implementation so that a manager + can learn about the capabilities provided by an implementation. + Languages and language versions are identified as follows: + + + + + + +Levi & Schoenwaelder Standards Track [Page 5] + +RFC 2592 Script MIB May 1999 + + + 1. The language is identified by an object identifier. Object + identifier for well-known languages will be registered by the + Internet Assigned Numbers Authority (IANA). Enterprise specific + languages can also be registered in the enterprise specific OID + subtree. + + 2. A particular version of a language is identified by a language + version number. The combination of a language object identifier + and a language version is in most cases sufficient to decide + whether a script can be executed or not. + + 3. Different implementations of the same language version might + have differences due to ambiguities in the language definition + or additional language features provided by an implementor. An + additional object identifier value is provided which identifies + the organization which provides the implementation of a + language. This might be used by scripts that require a + particular implementation of a language. + + 4. Finally, there might be different versions of a language + implementation. A version number for the language implementation + is provided so that the manager can also distinguish between + different implementations from the same organization of a + particular language version. + + The version numbers can either be used by a manager to select the + language version required to execute a particular script or to select + a script that fits the language versions supported by a particular + Script MIB implementation. + + An additional table lists language extensions that provide features + not provided by the core language. Language extensions are usually + required to turn a general purpose language into a management + language. In many cases, language extensions will come in the form of + libraries that provide capabilities like sending SNMP requests to + remote SNMP agents or accessing the local MIB instrumentation. Every + extension is associated with a language and carries its own version + numbers. + +4.2. Script Transfer + + There are two different ways to transfer management scripts to a + distributed manager. The first approach requires that the manager + pushes the script to the distributed manager. This is therefore + called the `push model'. The second approach is the `pull model' + where the manager tells the distributed manager the location of the + script and the distributed manager retrieves the script itself. + + + + +Levi & Schoenwaelder Standards Track [Page 6] + +RFC 2592 Script MIB May 1999 + + + The MIB defined in this memo supports both models. The `push model' + is realized by a table which allows a manager to write scripts by + sending a sequence of SNMP set requests. The script can be split into + several fragments in order to deal with SNMP message size + limitations. + + The `pull model' is realized by the use of Uniform Resource Locators + (URLs) [17] that point to the script source. The manager writes the + URL which points to the script source to the distributed manager by + sending an SNMP set request. The distributed manager is then + responsible for retrieving the document using the protocol specified + in the URL. This allows the use of protocols like FTP [18] or HTTP + [19] to transfer large management scripts efficiently. + + The Script MIB also allows management scripts that are hard-wired + into the Script MIB implementation. Built-in scripts can either be + implemented in a language runtime system, or they can be built + natively into the Script MIB implementation. The implementation of + the `push model' or the `pull model' is not required. + + Scripts can be stored in non-volatile storage. This allows a + distributed manager to restart scripts if it is restarted (off-line + restart). A manager is not required to push scripts back into the + distributed manager after a restart if the script is backed up in + non-volatile storage. + + Every script is identified by an administratively assigned name. This + name may be used to derive the name which is used to access the + script in non-volatile storage. This mapping is implementation + specific. However, the mapping must ensure that the Script MIB + implementation can handle scripts with the same administrative name + owned by different managers. One way to achieve this is to use the + script owner in addition to the script name in order to derive the + internal name used to refer to a particular script in non-volatile + storage. + +4.3. Script Execution + + The Script MIB permits execution of several instances of the same or + different management scripts. Script arguments are passed as OCTET + STRING values. Scripts return a single result value which is also an + OCTET STRING value. The semantic interpretation of result values is + left to the invoking manager or other management scripts. A script + invoker must understand the format and semantics of both the + arguments and the results of the scripts that it invokes. + + + + + + +Levi & Schoenwaelder Standards Track [Page 7] + +RFC 2592 Script MIB May 1999 + + + Scripts can also export complex results through a MIB interface. This + allows a management application to access and use script results in + the same manner as it processes any other MIB data. However, the + Script MIB does not provide any special support for the + implementation of MIBs through scripts. + + Runtime errors terminate active scripts. An exit code and a human + readable error message is left in the MIB. A notification containing + the exit code, the error message and a timestamp is generated when a + script terminates with an error exit code. + + Script arguments and results do not have any size limitations other + than the limits imposed by the SMI and the SNMP protocol. However, + implementations of this MIB might have further restrictions. A script + designer might therefore choose to return the results via other + mechanisms if the script results can be very large. One possibility + is to return a URL as a script result which points to the file + containing the script output. + + Executing scripts have a status object attached which allows script + execution to be suspended, resumed, or aborted. The precise + semantics of the suspend and resume operations are language and + runtime system dependent. Some runtime systems may choose to not + implement the suspend/resume operations. + + A history of finished scripts is kept in the MIB. A script invoker + can collect results at a later point in time (offline operation). + Control objects can be used to control how entries in the history are + aged out if the table fills up. + +5. The Structure of the MIB + + This section presents the structure of the MIB. The objects are + arranged into the following groups: + + o language group (smLanguageGroup) + + o script group (smScriptGroup) + + o script code group (smCodeGroup) + + o script launch group (smLaunchGroup) + + o running script group (smRunGroup) + + + + + + + +Levi & Schoenwaelder Standards Track [Page 8] + +RFC 2592 Script MIB May 1999 + + +5.1. The smLanguageGroup + + The smLanguageGroup is used to provide information about the + languages and the language extensions supported by a Script MIB + implementation. This group includes two tables. The smLangTable + lists all languages supported by a Script MIB implementation and the + smExtsnTable lists the extensions that are available for a given + language. + +5.2. The smScriptGroup + + The smScriptGroup consists of a single table, called the + smScriptTable. The smScriptTable lists all scripts known to a Script + MIB implementation. The smScriptTable contains objects that allow the + following operations: + + o download scripts from a URL (pull model) + + o read scripts from local non-volatile storage + + o store scripts in local non-volatile storage + + o delete scripts from local non-volatile storage + + o list permanent scripts (that can not be changed or removed) + + o read and modify the script status (enabled, disabled, editing) + + A status object called smScriptOperStatus allows a manager to obtain + the current status of a script. It is also used to provide an error + indication if an attempt to invoke one of the operations listed above + fails. The status change of a script can be requested by modifying + the associated smScriptAdminStatus object. + + The source of a script is defined by the smScriptSource object. This + object may contain a URL pointing to a remote location which provides + access to the management script. The script source is read from the + smCodeTable (described below) or from non-volatile storage if the + smScriptSource object contains an empty URL. The smScriptStorageType + object is used to distinguish between scripts read from non-volatile + storage and scripts read from the smCodeTable. + + Scripts are automatically loaded once the smScriptAdminStatus object + is set to `enabled'. Loading a script includes retrieving the script + (probably from a remote location), compiling the script for languages + that require a compilation step, and making the code available to the + runtime system. The smScriptOperStatus object is used to indicate + the status of the loading process. This object will start in the + + + +Levi & Schoenwaelder Standards Track [Page 9] + +RFC 2592 Script MIB May 1999 + + + state `retrieving', switch to the state `compiling' and finally reach + the state `enabled'. Errors during the retrieval or compilation phase + will result in an error state such as `compilationFailed'. + +5.3. The smCodeGroup + + The smCodeGroup consists of a single table, called the smCodeTable, + which provides the ability to transfer and modify scripts via SNMP + set requests. In particular, the smCodeTable allows the following + operations: + + o download scripts via SNMP (push model) + + o modify scripts via SNMP (editing) + + The smCodeTable lists the code of a script. A script can be + fragmented over multiple rows of the smCodeTable in order to handle + SNMP message size limitations. Modifications of the smCodeTable are + only possible if the associated smScriptOperStatus object has the + value `editing'. The Script MIB implementation reloads the modified + script code once the smScriptOperStatus changes to `enabled' again. + + The implementation of the smCodeGroup is optional. + +5.4. The smLaunchGroup + + The smLaunchGroup contains a single table, the smLaunchTable. An + entry in the smLaunchTable represents a launch button which can be + used to start a script. The smLaunchTable allows the following + operations: + + o associate a script with an owner used during script execution + + o provide arguments and parameters for script invocation + + o invoke scripts with a single set operation + + The smLaunchTable describes scripts and their parameters that are + ready to be launched. An entry in the smLaunchTable attaches an + argument to a script and control values which, for example, define + the maximum number of times that a script invoked from a particular + row in the smLaunchTable may be running concurrently. + + An entry in the smLaunchTable also defines the owner which will be + used to associate permissions with the script execution. + + + + + + +Levi & Schoenwaelder Standards Track [Page 10] + +RFC 2592 Script MIB May 1999 + + +5.5. The smRunGroup + + The smRunGroup contains a single table, called the smRunTable, which + lists all scripts that are currently running or have terminated + recently. The smRunTable contains objects that allow the following + operations: + + o retrieve status information from running scripts + + o control running scripts (suspend, resume, abort) + + o retrieve results from recently terminated scripts + + o control the remaining maximum lifetime of a running script + + o control how long script results are accessible + + Every row in the smRunTable contains the argument passed during + script invocation, the result produced by the script and the script + exit code. The smRunTable also provides information about the + current run state as well as start and end time-stamps. There are + three writable objects in the smRunTable. The smRunLifeTime object + defines the maximum time a running script may run before it is + terminated by the Script MIB implementation. The smRunExpireTime + object defines the time that a completed script can stay in the + smRunTable before it is aged out. The smRunControl object allows + running scripts to be suspended, resumed, or aborted. + +6. Definitions + + DISMAN-SCRIPT-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, + Integer32, Unsigned32, mib-2 + FROM SNMPv2-SMI + + RowStatus, TimeInterval, DateAndTime, StorageType, DisplayString + FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP + FROM SNMPv2-CONF + + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB; + + scriptMIB MODULE-IDENTITY + LAST-UPDATED "9902221800Z" + + + +Levi & Schoenwaelder Standards Track [Page 11] + +RFC 2592 Script MIB May 1999 + + + ORGANIZATION "IETF Distributed Management Working Group" + CONTACT-INFO + "David B. Levi + Nortel Networks + 4401 Great America Parkway + Santa Clara, CA 95052-8185 + U.S.A. + Tel: +1 423 686 0432 + E-mail: dlevi@nortelnetworks.com + + Juergen Schoenwaelder + TU Braunschweig + Bueltenweg 74/75 + 38106 Braunschweig + Germany + Tel: +49 531 391-3283 + E-mail: schoenw@ibr.cs.tu-bs.de" + DESCRIPTION + "This MIB module defines a set of objects that allow to + delegate management scripts to distributed managers." + ::= { mib-2 64 } + + -- + -- The groups defined within this MIB module: + -- + + smObjects OBJECT IDENTIFIER ::= { scriptMIB 1 } + smNotifications OBJECT IDENTIFIER ::= { scriptMIB 2 } + smConformance OBJECT IDENTIFIER ::= { scriptMIB 3 } + + -- + -- Script language and language extensions. + -- + -- This group defines tables which list the languages and the + -- language extensions supported by a script MIB implementation. + -- Languages are uniquely identified by object identifier values. + -- + + smLangTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmLangEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists supported script languages." + ::= { smObjects 1 } + + smLangEntry OBJECT-TYPE + SYNTAX SmLangEntry + + + +Levi & Schoenwaelder Standards Track [Page 12] + +RFC 2592 Script MIB May 1999 + + + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular language." + INDEX { smLangIndex } + ::= { smLangTable 1 } + + SmLangEntry ::= SEQUENCE { + smLangIndex Integer32, + smLangLanguage OBJECT IDENTIFIER, + smLangVersion SnmpAdminString, + smLangVendor OBJECT IDENTIFIER, + smLangRevision SnmpAdminString, + smLangDescr SnmpAdminString + } + + smLangIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this language entry. + + The value is expected to remain constant at least from one + re-initialization of the entity's network management system + to the next re-initialization. + + Note, the data type and the range of this object must be + consistent with the definition of smScriptLanguage." + ::= { smLangEntry 1 } + + smLangLanguage OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The globally unique identification of the language." + ::= { smLangEntry 2 } + + smLangVersion OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version number of the language. The zero-length string + shall be used if the language does not have a version + number. + + + +Levi & Schoenwaelder Standards Track [Page 13] + +RFC 2592 Script MIB May 1999 + + + It is suggested that the version number consist of one or + more decimal numbers separated by dots, where the first + number is called the major version number." + ::= { smLangEntry 3 } + + smLangVendor OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An object identifer which identifies the vendor who + provides the implementation of the language. This object + identifer SHALL point to the object identifier directly + below the enterprise object identifier {1 3 6 1 4 1} + allocated for the vendor. The value must be the object + identifier {0 0} if the vendor is not known." + ::= { smLangEntry 4 } + + smLangRevision OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version number of the language implementation. + The value of this object must be an empty string if + version number of the implementation is unknown. + + It is suggested that the value consist of one or more + decimal numbers separated by dots, where the first + number is called the major version number." + ::= { smLangEntry 5 } + + smLangDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of the language." + ::= { smLangEntry 6 } + + + smExtsnTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmExtsnEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists supported language extensions." + ::= { smObjects 2 } + + + +Levi & Schoenwaelder Standards Track [Page 14] + +RFC 2592 Script MIB May 1999 + + + smExtsnEntry OBJECT-TYPE + SYNTAX SmExtsnEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular language extension." + INDEX { smLangIndex, smExtsnIndex } + ::= { smExtsnTable 1 } + + SmExtsnEntry ::= SEQUENCE { + smExtsnIndex Integer32, + smExtsnExtension OBJECT IDENTIFIER, + smExtsnVersion SnmpAdminString, + smExtsnVendor OBJECT IDENTIFIER, + smExtsnRevision SnmpAdminString, + smExtsnDescr SnmpAdminString + } + + smExtsnIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this language extension entry. + + The value is expected to remain constant at least from one + re-initialization of the entity's network management system + to the next re-initialization." + ::= { smExtsnEntry 1} + + smExtsnExtension OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The globally unique identification of the language + extension." + ::= { smExtsnEntry 2 } + + smExtsnVersion OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version number of the language extension. + + + + +Levi & Schoenwaelder Standards Track [Page 15] + +RFC 2592 Script MIB May 1999 + + + It is suggested that the version number consist of one or + more decimal numbers separated by dots, where the first + number is called the major version number." + ::= { smExtsnEntry 3 } + + smExtsnVendor OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "An object identifer which identifies the vendor who + provides the implementation of the extension. The + object identifer value should point to the OID node + directly below the enterprise OID {1 3 6 1 4 1} + allocated for the vendor. The value must by the object + identifier {0 0} if the vendor is not known." + ::= { smExtsnEntry 4 } + + smExtsnRevision OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The version number of the extension implementation. + The value of this object must be an empty string if + version number of the implementation is unknown. + + It is suggested that the value consist of one or more + decimal numbers separated by dots, where the first + number is called the major version number." + ::= { smExtsnEntry 5 } + + smExtsnDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A textual description of the language extension." + ::= { smExtsnEntry 6 } + + + -- + -- Scripts known by the Script MIB implementation. + -- + -- This group defines a table which lists all known scripts. + -- Scripts can be added and removed through manipulation of the + -- smScriptTable. + -- + + + +Levi & Schoenwaelder Standards Track [Page 16] + +RFC 2592 Script MIB May 1999 + + + smScriptObjects OBJECT IDENTIFIER ::= { smObjects 3 } + + smScriptTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmScriptEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists and describes locally known scripts." + ::= { smScriptObjects 1 } + + smScriptEntry OBJECT-TYPE + SYNTAX SmScriptEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular script. Every script that + is stored in non-volatile memory is required to appear in + this script table." + INDEX { smScriptOwner, smScriptName } + ::= { smScriptTable 1 } + SmScriptEntry ::= SEQUENCE { + smScriptOwner SnmpAdminString, + smScriptName SnmpAdminString, + smScriptDescr SnmpAdminString, + smScriptLanguage Integer32, + smScriptSource DisplayString, + smScriptAdminStatus INTEGER, + smScriptOperStatus INTEGER, + smScriptStorageType StorageType, + smScriptRowStatus RowStatus + } + + smScriptOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The manager who owns this row in the smScriptTable." + ::= { smScriptEntry 1 } + + smScriptName OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally-unique, administratively assigned name for this + script. This object allows an smScriptOwner to have multiple + entries in the smScriptTable. + + + +Levi & Schoenwaelder Standards Track [Page 17] + +RFC 2592 Script MIB May 1999 + + + This value of this object may be used to derive the name + (e.g. a file name) which is used by the Script MIB + implementation to access the script in non-volatile + storage. The details of this mapping are implementation + specific. However, the mapping needs to ensure that scripts + created by different owners with the same script name do not + map to the same name in non-volatile storage." + ::= { smScriptEntry 2 } + + smScriptDescr OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A description of the purpose of the script." + ::= { smScriptEntry 3 } + + smScriptLanguage OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object type identifies an entry in the + smLangTable which is used to execute this script. + The special value 0 may be used by hard-wired scripts + that can not be modified and that are executed by + internal functions. + + Note, the data type and the range of this object must be + consistent with the definition of smLangIndex." + ::= { smScriptEntry 4 } + + smScriptSource OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object either contains a reference to the script + source or an empty string. A reference must be given + in the form of a Uniform Resource Locator (URL) as + defined in RFC 2396. The allowed character sets and the + encoding rules defined in RFC 2396 section 2 apply. + + When the smScriptAdminStatus object is set to `enabled', + the Script MIB implementation will `pull' the script + source from the URL contained in this object if the URL + is not empty. + + + + +Levi & Schoenwaelder Standards Track [Page 18] + +RFC 2592 Script MIB May 1999 + + + An empty URL indicates that the script source is loaded + from local storage. The script is read from the smCodeTable + if the value of smScriptStorageType is volatile. Otherwise, + the script is read from non-volatile storage. + + Note: This document does not mandate implementation of any + specific URL scheme. A attempt to load a script from a + nonsupported URL scheme will cause the smScriptOperStatus + to report an `unknownProtocol' error. + + Set requests to change this object are invalid if the + value of smScriptOperStatus is `enabled', `editing', + `retrieving' or `compiling' and will result in an + inconsistentValue error." + DEFVAL { ''H } + ::= { smScriptEntry 5 } + smScriptAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2), + editing(3) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object indicates the desired status of + the script. See the definition of smScriptOperStatus for + a description of the values. + + When the smScriptAdminStatus object is set to `enabled' and + the smScriptOperStatus is `disabled' or one of the error + states, the Script MIB implementation will `pull' the script + source from the URL contained in the smScriptSource object + if the URL is not empty." + DEFVAL { disabled } + ::= { smScriptEntry 6 } + + smScriptOperStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2), + editing(3), + retrieving(4), + compiling(5), + noSuchScript(6), + accessDenied(7), + wrongLanguage(8), + wrongVersion(9), + + + +Levi & Schoenwaelder Standards Track [Page 19] + +RFC 2592 Script MIB May 1999 + + + compilationFailed(10), + noResourcesLeft(11), + unknownProtocol(12), + protocolFailure(13), + genericError(14) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The actual status of the script in the runtime system. The + value of this object is only meaningful when the value of the + smScriptRowStatus object is `active'. + + The smScriptOperStatus object may have the following values: + - `enabled' indicates that the script is available and can + be started by a launch table entry. + + - `disabled' indicates that the script can not be used. + + - `editing' indicates that the script can be modified in the + smCodeTable. + + - `retrieving' indicates that the script is currently being + loaded from non-volatile storage or a remote system. + + - `compiling' indicates that the script is currently being + compiled by the runtime system. + + - `noSuchScript' indicates that the script does not exist + at the smScriptSource. + + - `accessDenied' indicates that the script can not be loaded + from the smScriptSource due to a lack of permissions. + + - `wrongLanguage' indicates that the script can not be loaded + from the smScriptSource because of a language mismatch. + + - `wrongVersion' indicates that the script can not be loaded + from the smScriptSource because of a language version + mismatch. + + - `compilationFailed' indicates that the compilation failed. + + - `noResourcesLeft' indicates that the runtime system does + not have enough resources to load the script. + + - `unknownProtocol' indicates that the script could not be + loaded from the smScriptSource because the requested + + + +Levi & Schoenwaelder Standards Track [Page 20] + +RFC 2592 Script MIB May 1999 + + + protocol is not supported. + + - `protocolFailure' indicates that the script could not be + loaded from the smScriptSource because of a protocol + failure. + + - `genericError' indicates that the script could not be + loaded due to an error condition not listed above. + + The `retrieving' and `compiling' states are transient states + which will either lead to one of the error states or the + `enabled' state. The `disabled' and `editing' states are + administrative states which are only reached by explicit + management operations. + + All launch table entries that refer to this script table + entry shall have an smLaunchOperStatus value of `disabled' + when the value of this object is not `enabled'." + DEFVAL { disabled } + ::= { smScriptEntry 7 } + + smScriptStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object defines whether this row and the script + controlled by this row are kept in volatile storage and + lost upon reboot or if this row is backed up by + non-volatile or permanent storage. + + The script controlled by this row is written into local + non-volatile storage if the following condition becomes + true: + + (a) the URL contained in the smScriptSource object is empty + and + (b) the smScriptStorageType is `nonVolatile' + and + (c) the smScriptOperStatus is `enabled' + + Setting this object to `volatile' removes a script from + non-volatile storage if the script controlled by this row + has been in non-volatile storage before. Attempts to set + this object to permanent will always fail with an + inconsistentValue error. + + The value of smScriptStorageType is only meaningful if the + + + +Levi & Schoenwaelder Standards Track [Page 21] + +RFC 2592 Script MIB May 1999 + + + value of the corresponding RowStatus object is `active'. + + If smScriptStorageType has the value permanent(4), then all + objects whose MAX-ACCESS value is read-create must be + writable, with the exception of the smScriptStorageType and + smScriptRowStatus objects, which shall be read-only." + DEFVAL { volatile } + ::= { smScriptEntry 8 } + + smScriptRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A control that allows entries to be added and removed from + this table. + + Changing the smScriptRowStatus from `active' to `notInService' + will remove the associated script from the runtime system. + The value of smScriptOperStatus will be reset to `disabled'. + + Deleting conceptual rows from this table includes the + deletion of all resources associated with this row. This + implies that a script stored in non-volatile storage is + removed from non-volatile storage. + + An entry may not exist in the `active' state unless all + required objects in the entry have appropriate values. Rows + that are not complete or not in service are not known by the + script runtime system. + + Attempts to `destroy' a row or to set a row `notInService' + while the script is executing will result in an + inconsistentValue error. + + Attempts to `destroy' a row or to set a row `notInService' + where the value of the smScriptStorageType object is + `permanent' or `readOnly' will result in an + inconsistentValue error." + ::= { smScriptEntry 9 } + + + -- + -- Access to script code via SNMP + -- + -- The smCodeTable allows script code to be read and modified + -- via SNMP. + -- + + + +Levi & Schoenwaelder Standards Track [Page 22] + +RFC 2592 Script MIB May 1999 + + + smCodeTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmCodeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the script code for scripts that are + written via SNMP write operations." + ::= { smScriptObjects 2 } + + smCodeEntry OBJECT-TYPE + SYNTAX SmCodeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular fragment of a script." + INDEX { smScriptOwner, smScriptName, smCodeIndex } + ::= { smCodeTable 1 } + + SmCodeEntry ::= SEQUENCE { + smCodeIndex Unsigned32, + smCodeText OCTET STRING, + smCodeRowStatus RowStatus + } + + smCodeIndex OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The index value identifying this code fragment." + ::= { smCodeEntry 1 } + + smCodeText OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (1..1024)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The code that makes up a fragment of a script. The format + of this code fragment depends on the script language which + is identified by the associated smScriptLanguage object." + ::= { smCodeEntry 2 } + + smCodeRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A control that allows entries to be added and removed from + + + +Levi & Schoenwaelder Standards Track [Page 23] + +RFC 2592 Script MIB May 1999 + + + this table." + ::= { smCodeEntry 3 } + + -- + -- Script execution. + -- + -- This group defines tables which allow script execution to be + -- initiated, suspended, resumed, and terminated. It also provides + -- a mechanism for keeping a history of recent script executions + -- and their results. + -- + + smRunObjects OBJECT IDENTIFIER ::= { smObjects 4 } + + smLaunchTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmLaunchEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists and describes scripts that are ready + to be executed together with their parameters." + ::= { smRunObjects 1 } + + smLaunchEntry OBJECT-TYPE + SYNTAX SmLaunchEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry describing a particular executable script." + INDEX { smLaunchOwner, smLaunchName } + ::= { smLaunchTable 1 } + + SmLaunchEntry ::= SEQUENCE { + smLaunchOwner SnmpAdminString, + smLaunchName SnmpAdminString, + smLaunchScriptOwner SnmpAdminString, + smLaunchScriptName SnmpAdminString, + smLaunchArgument OCTET STRING, + smLaunchMaxRunning Unsigned32, + smLaunchMaxCompleted Unsigned32, + smLaunchLifeTime TimeInterval, + smLaunchExpireTime TimeInterval, + smLaunchStart Integer32, + smLaunchControl INTEGER, + smLaunchAdminStatus INTEGER, + smLaunchOperStatus INTEGER, + smLaunchRunIndexNext Integer32, + smLaunchStorageType StorageType, + + + +Levi & Schoenwaelder Standards Track [Page 24] + +RFC 2592 Script MIB May 1999 + + + smLaunchRowStatus RowStatus + } + + smLaunchOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + + "The manager who owns this row in the smLaunchTable. Every + instance of a running script started from a particular entry + in the smLaunchTable (i.e. entries in the smRunTable) will be + owned by the same smLaunchOwner used to index the entry in + the smLaunchTable. This owner is not necessarily the same as + the owner of the script itself (smLaunchScriptOwner)." + ::= { smLaunchEntry 1 } + + smLaunchName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally-unique, administratively assigned name for this + launch table entry. This object allows an smLaunchOwner to + have multiple entries in the smLaunchTable. The smLaunchName + is an arbitrary name that must be different from any other + smLaunchTable entries with the same smLaunchOwner but can be + the same as other entries in the smLaunchTable with different + smLaunchOwner values. Note that the value of smLaunchName + is not related in any way to the name of the script being + launched." + ::= { smLaunchEntry 2 } + + smLaunchScriptOwner OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The value of this object in combination with the value of + smLaunchScriptName identifies the script that can be + launched from this smLaunchTable entry. Attempts to write + this object will fail with an inconsistentValue error if + the value of smLaunchOperStatus is `enabled'." + ::= { smLaunchEntry 3 } + + smLaunchScriptName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE (0..32)) + MAX-ACCESS read-create + + + +Levi & Schoenwaelder Standards Track [Page 25] + +RFC 2592 Script MIB May 1999 + + + STATUS current + DESCRIPTION + "The value of this object in combination with the value of + the smLaunchScriptOwner identifies the script that can be + launched from this smLaunchTable entry. Attempts to write + this objects will fail with an inconsistentValue error if + the value of smLaunchOperStatus is `enabled'." + ::= { smLaunchEntry 4 } + + smLaunchArgument OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The argument supplied to the script. When a script is + invoked, the value of this object is used to initialize + the smRunArgument object." + DEFVAL { ''H } + ::= { smLaunchEntry 5 } + + smLaunchMaxRunning OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of concurrently running scripts that may + be invoked from this entry in the smLaunchTable. Lowering the + current value of this object does not affect any scripts that + are already executing." + DEFVAL { 1 } + ::= { smLaunchEntry 6 } + + smLaunchMaxCompleted OBJECT-TYPE + SYNTAX Unsigned32 (1..4294967295) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The maximum number of finished scripts invoked from this + entry in the smLaunchTable allowed to be retained in the + smRunTable. Whenever the value of this object is changed + and whenever a script terminates, entries in the smRunTable + are deleted if necessary until the number of completed + scripts is smaller than the value of this object. Scripts + whose smRunEndTime value indicates the oldest completion + time are deleted first." + DEFVAL { 1 } + ::= { smLaunchEntry 7 } + + + + +Levi & Schoenwaelder Standards Track [Page 26] + +RFC 2592 Script MIB May 1999 + + + smLaunchLifeTime OBJECT-TYPE + SYNTAX TimeInterval + UNITS "centi-seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The default maximum amount of time a script launched + from this entry may run. The value of this object is used + to initialize the smRunLifeTime object when a script is + launched. Changing the value of an smLaunchLifeTime + instance does not affect scripts previously launched from + this entry." + DEFVAL { 360000 } + ::= { smLaunchEntry 8 } + + smLaunchExpireTime OBJECT-TYPE + SYNTAX TimeInterval + UNITS "centi-seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The default maximum amount of time information about a + script launched from this entry is kept in the smRunTable + after the script has completed execution. The value of + this object is used to initialize the smRunExpireTime + object when a script is launched. Changing the value of an + smLaunchExpireTime instance does not affect scripts + previously launched from this entry." + DEFVAL { 360000 } + ::= { smLaunchEntry 9 } + + smLaunchStart OBJECT-TYPE + SYNTAX Integer32 (0..2147483647) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to start the execution of scripts. + When retrieved, the value will be the value of smRunIndex + for the last script that started execution by manipulating + this object. The value will be zero if no script started + execution yet. + + A script is started by setting this object to an unused + smRunIndex value. A new row in the smRunTable will be + created which is indexed by the value supplied by the + set-request in addition to the value of smLaunchOwner and + smLaunchName. An unused value can be obtained by reading + the smLaunchRunIndexNext object. + + + +Levi & Schoenwaelder Standards Track [Page 27] + +RFC 2592 Script MIB May 1999 + + + Setting this object to the special value 0 will start + the script with a self-generated smRunIndex value. The + consequence is that the script invoker has no reliable + way to determine the smRunIndex value for this script + invocation and that the invoker has therefore no way + to obtain the results from this script invocation. The + special value 0 is however useful for scheduled script + invocations. + + If this object is set, the following checks must be + performed: + + 1) The value of the smLaunchOperStatus object in this + entry of the smLaunchTable must be `enabled'. + 2) The values of smLaunchScriptOwner and + smLaunchScriptName of this row must identify an + existing entry in the smScriptTable. + 3) The value of smScriptOperStatus of this entry must + be `enabled'. + 4) The principal performing the set operation must have + read access to the script. This must be checked by + calling the isAccessAllowed abstract service interface + defined in RFC 2271 on the row in the smScriptTable + identified by smLaunchScriptOwner and smLaunchScriptName. + The isAccessAllowed abstract service interface must be + called on all columnar objects in the smScriptTable with + a MAX-ACCESS value different than `not-accessible'. The + test fails as soon as a call indicates that access is + not allowed. + 5) If the value provided by the set operation is not 0, + a check must be made that the value is currently not + in use. Otherwise, if the value provided by the set + operation is 0, a suitable unused value must be + generated. + 6) The number of currently executing scripts invoked + from this smLaunchTable entry must be less than + smLaunchMaxRunning. + + Attempts to start a script will fail with an + inconsistentValue error if one of the checks described + above fails. + + Otherwise, if all checks have been passed, a new entry + in the smRunTable will be created indexed by smLaunchOwner, + smLaunchName and the new value for smRunIndex. The value + of smLaunchArgument will be copied into smRunArgument, + the value of smLaunchLifeTime will be copied to + smRunLifeTime, and the value of smLaunchExpireTime + + + +Levi & Schoenwaelder Standards Track [Page 28] + +RFC 2592 Script MIB May 1999 + + + will be copied to smRunExpireTime. + + The smRunStartTime will be set to the current time and + the smRunState will be set to `initializing' before the + script execution is initiated in the appropriate runtime + system. + + Note, the data type and the range of this object must + be consistent with the smRunIndex object. Since this + object might be written from the scheduling MIB, the + data type Integer32 rather than Unsigned32 is used." + DEFVAL { 0 } + ::= { smLaunchEntry 10 } + + smLaunchControl OBJECT-TYPE + SYNTAX INTEGER { + abort(1), + suspend(2), + resume(3), + nop(4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object is used to request a state change for all + running scripts in the smRunTable that were started from + this row in the smLaunchTable. + + Setting this object to abort(1), suspend(2) or resume(3) + will set the smRunControl object of all applicable rows + in the smRunTable to abort(1), suspend(2) or resume(3) + respectively. The phrase `applicable rows' means the set of + rows which were created from this entry in the smLaunchTable + and whose value of smRunState allows the corresponding + state change as described in the definition of the + smRunControl object. Setting this object to nop(4) has no + effect." + DEFVAL { nop } + ::= { smLaunchEntry 11 } + + smLaunchAdminStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + + + +Levi & Schoenwaelder Standards Track [Page 29] + +RFC 2592 Script MIB May 1999 + + + "The value of this object indicates the desired status of + this launch table entry." + DEFVAL { disabled } + ::= { smLaunchEntry 12 } + + smLaunchOperStatus OBJECT-TYPE + SYNTAX INTEGER { + enabled(1), + disabled(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object indicates the actual status of + this launch table entry. An `enabled' launch table + entry can be used to start scripts while a `disabled' + launch table entry will refuse any attempts to start + scripts. The value `enabled' requires that the + smLaunchRowStatus object is active. The value + `disabled' requires that there are no entries in the + smRunTable associated with this smLaunchTable entry." + DEFVAL { disabled } + ::= { smLaunchEntry 13 } + + smLaunchRunIndexNext OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This variable is used for creating rows in the smRunTable. + The value of this variable is a currently unused value + for smRunIndex, which can be written into the smLaunchStart + object associated with this row to launch a script. + + The value returned when reading this variable must be unique + for the smLaunchOwner and smLauchName associated with this + row. Subsequent attempts to read this variable must return + different values. + + This variable will return the special value 0 if no new rows + can be created. + + Note, the data type and the range of this object must be + consistent with the definition of smRunIndex." + ::= { smLaunchEntry 14 } + + smLaunchStorageType OBJECT-TYPE + SYNTAX StorageType + + + +Levi & Schoenwaelder Standards Track [Page 30] + +RFC 2592 Script MIB May 1999 + + + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object defines if this row is kept in volatile storage + and lost upon reboot or if this row is backed up by stable + storage. + + The value of smLaunchStorageType is only meaningful if the + value of the corresponding RowStatus object is active. + + If smLaunchStorageType has the value permanent(4), then all + objects whose MAX-ACCESS value is read-create must be + writable, with the exception of the smLaunchStorageType and + smLaunchRowStatus objects, which shall be read-only." + DEFVAL { volatile } + ::= { smLaunchEntry 15 } + + smLaunchRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "A control that allows entries to be added and removed from + this table. + + Attempts to `destroy' a row or to set a row `notInService' + while scripts started from this launch table entry are + running will result in an inconsistentValue error. + + Attempts to `destroy' a row or to set a row `notInService' + where the value of the smLaunchStorageType object is + `permanent' or `readOnly' will result in an + inconsistentValue error." + ::= { smLaunchEntry 16 } + + + smRunTable OBJECT-TYPE + SYNTAX SEQUENCE OF SmRunEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table lists and describes scripts that are currently + running or have been running in the past." + ::= { smRunObjects 2 } + + smRunEntry OBJECT-TYPE + SYNTAX SmRunEntry + MAX-ACCESS not-accessible + + + +Levi & Schoenwaelder Standards Track [Page 31] + +RFC 2592 Script MIB May 1999 + + + STATUS current + DESCRIPTION + "An entry describing a particular running or finished + script." + INDEX { smLaunchOwner, smLaunchName, smRunIndex } + ::= { smRunTable 1 } + + SmRunEntry ::= SEQUENCE { + smRunIndex Integer32, + smRunArgument OCTET STRING, + smRunStartTime DateAndTime, + smRunEndTime DateAndTime, + smRunLifeTime TimeInterval, + smRunExpireTime TimeInterval, + smRunExitCode INTEGER, + smRunResult OCTET STRING, + smRunControl INTEGER, + smRunState INTEGER, + smRunError SnmpAdminString + } + + smRunIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The locally arbitrary, but unique identifier associated + with this running or finished script. This value must be + unique for all rows in the smRunTable with the same + smLaunchOwner and smLaunchName. + + Note, the data type and the range of this object must be + consistent with the definition of smLaunchRunIndexNext + and smLaunchStart." + ::= { smRunEntry 1 } + + smRunArgument OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The argument supplied to the script when it started." + DEFVAL { ''H } + ::= { smRunEntry 2 } + + smRunStartTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + + + +Levi & Schoenwaelder Standards Track [Page 32] + +RFC 2592 Script MIB May 1999 + + + STATUS current + DESCRIPTION + "The date and time when the execution started. The value + '0000000000000000'H is returned if the script has not + started yet." + DEFVAL { '0000000000000000'H } + ::= { smRunEntry 3 } + + smRunEndTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The date and time when the execution terminated. The value + '0000000000000000'H is returned if the script has not + terminated yet." + DEFVAL { '0000000000000000'H } + ::= { smRunEntry 4 } + + smRunLifeTime OBJECT-TYPE + SYNTAX TimeInterval + UNITS "centi-seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object specifies how long the script can execute. + This object returns the remaining time that the script + may run. The object is initialized with the value of the + associated smLaunchLifeTime object and ticks backwards. + The script is aborted immediately when the value reaches 0. + + The value of this object may be set in order to increase or + reduce the remaining time that the script may run. Setting + this value to 0 will abort script execution immediately, + and, if the value of smRunExpireTime is also 0, will remove + this entry from the smRunTable once it has terminated. + + The value of smRunLifeTime reflects the real-time execution + time as seen by the outside world. The value of this object + will always be 0 for a script that finished execution, that + is smRunState has the value `terminated'. + + The value of smRunLifeTime does not change while a script + is suspended, that is smRunState has the value `suspended'. + Note, this does not affect set operations. It is legal to + modify smRunLifeTime via set operations while a script is + suspended." + ::= { smRunEntry 5 } + + + +Levi & Schoenwaelder Standards Track [Page 33] + +RFC 2592 Script MIB May 1999 + + + smRunExpireTime OBJECT-TYPE + SYNTAX TimeInterval + UNITS "centi-seconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This value specifies how long this row can exist in the + smRunTable after the script has terminated. This object + returns the remaining time that the row may exist before it + is aged out. The object is initialized with the value of the + associated smLaunchExpireTime object and ticks backwards. The + entry in the smRunTable is destroyed when the value reaches 0 + and the smRunState has the value `terminated'. + + The value of this object may be set in order to increase or + reduce the remaining time that the row may exist. Setting + the value to 0 will destroy this entry as soon as the + smRunState has the value `terminated'." + ::= { smRunEntry 6 } + + smRunExitCode OBJECT-TYPE + SYNTAX INTEGER { + noError(1), + halted(2), + lifeTimeExceeded(3), + noResourcesLeft(4), + languageError(5), + runtimeError(6), + invalidArgument(7), + securityViolation(8), + genericError(9) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object indicates the reason why a + script finished execution. The smRunExitCode code may have + one of the following values: + + - `noError', which indicates that the script completed + successfully without errors; + + - `halted', which indicates that the script was halted + by a request from an authorized manager; + + - `lifeTimeExceeded', which indicates that the script + exited because a time limit was exceeded; + + + + +Levi & Schoenwaelder Standards Track [Page 34] + +RFC 2592 Script MIB May 1999 + + + - `noResourcesLeft', which indicates that the script + exited because it ran out of resources (e.g. memory); + + - `languageError', which indicates that the script exited + because of a language error (e.g. a syntax error in an + interpreted language); + + - `runtimeError', which indicates that the script exited + due to a runtime error (e.g. a division by zero); + + - `invalidArgument', which indicates that the script could + not be run because of invalid script arguments; + + - `securityViolation', which indicates that the script + exited due to a security violation; + + - `genericError', which indicates that the script exited + for an unspecified reason. + + If the script has not yet begun running, or is currently + running, the value will be `noError'." + DEFVAL { noError } + ::= { smRunEntry 7 } + + smRunResult OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The result value produced by the running script. Note that + the result may change while the script is executing." + DEFVAL { ''H } + ::= { smRunEntry 8 } + + smRunControl OBJECT-TYPE + SYNTAX INTEGER { + abort(1), + suspend(2), + resume(3), + nop(4) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The value of this object indicates the desired status of the + script execution defined by this row. + + Setting this object to `abort' will abort execution if the + + + +Levi & Schoenwaelder Standards Track [Page 35] + +RFC 2592 Script MIB May 1999 + + + value of smRunState is `initializing', `executing', + `suspending', `suspended' or `resuming'. Setting this object + to `abort' when the value of smRunState is `aborting' or + `terminated' will result in an inconsistentValue error. + + Setting this object to `suspend' will suspend execution + if the value of smRunState is `executing'. Setting this + object to `suspend' will cause an inconsistentValue error + if the value of smRunState is not `executing'. + + Setting this object to `resume' will resume execution + if the value of smRunState is `suspending' or + `suspended'. Setting this object to `resume' will cause an + inconsistentValue error if the value of smRunState is + not `suspending' or `suspended'. + + Setting this object to nop(4) has no effect." + DEFVAL { nop } + ::= { smRunEntry 9 } + + smRunState OBJECT-TYPE + SYNTAX INTEGER { + initializing(1), + executing(2), + suspending(3), + suspended(4), + resuming(5), + aborting(6), + terminated(7) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this object indicates the script's execution + status. If the script has been invoked but has not yet + begun execution, the value will be `initializing'. If the + script is running, the value will be `executing'. A script + which received a request to suspend execution but which + did not actually suspend execution will be `suspending'. + A script which has suspended execution will be `suspended'. + A script which received a request to resume execution but + which is not yet running is `resuming'. The resuming state + will finally lead to the `executing' state. A script which + received a request to abort execution but which is still + running is `aborting'. A script which stopped execution + is `terminated'." + ::= { smRunEntry 10 } + + + + +Levi & Schoenwaelder Standards Track [Page 36] + +RFC 2592 Script MIB May 1999 + + + smRunError OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This contains a descriptive error message if the script + terminates in an abnormally. An implementation must store a + descriptive error message in this object if the script exits + with the smRunExitCode `genericError'. + + The value of this object is the zero-length string as long + as the smRunExitCode has the value `noError'" + DEFVAL { ''H } + ::= { smRunEntry 11 } + + -- + -- Notifications. The definition of smTraps makes notification + -- registrations reversible (see STD 58, RFC 2578). + -- + + smTraps OBJECT IDENTIFIER ::= { smNotifications 0 } + + smScriptAbort NOTIFICATION-TYPE + OBJECTS { smRunExitCode, smRunEndTime, smRunError } + STATUS current + DESCRIPTION + "This notification is generated whenever a running script + terminates with an smRunExitCode unequal to `noError'." + ::= { smTraps 1 } + + smScriptResult NOTIFICATION-TYPE + OBJECTS { smRunResult } + STATUS current + DESCRIPTION + "This notification can be used by scripts to notify other + management applications about script results. It can be + used to notify managers about a script result. + + This notification is not automatically generated by the + script MIB implementation. It is the responsibility of + the executing script to emit this notification where it + is appropriate to do so." + ::= { smTraps 2 } + + -- conformance information + smCompliances OBJECT IDENTIFIER ::= { smConformance 1 } + smGroups OBJECT IDENTIFIER ::= { smConformance 2 } + + + + +Levi & Schoenwaelder Standards Track [Page 37] + +RFC 2592 Script MIB May 1999 + + + -- compliance statements + + smCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for SNMP entities which implement + the script MIB." + MODULE -- this module + MANDATORY-GROUPS { + smLanguageGroup, smScriptGroup, smLaunchGroup, smRunGroup + } + GROUP smCodeGroup + DESCRIPTION + "The smCodeGroup is mandatory only for those implementations + that support the downloading of scripts via SNMP." + OBJECT smScriptSource + MIN-ACCESS read-only + DESCRIPTION + "The smScriptSource object is read-only for implementations + that are not able to download script code from a URL." + OBJECT smLaunchArgument + DESCRIPTION + "A compliant implementation has to support a minimum size + for smLaunchArgument of 255 octets." + OBJECT smRunArgument + DESCRIPTION + "A compliant implementation has to support a minimum size + for smRunArgument of 255 octets." + OBJECT smRunResult + DESCRIPTION + "A compliant implementation has to support a minimum size + for smRunResult of 255 octets." + OBJECT smRunState + DESCRIPTION + "A compliant implementation does not have to support script + suspension and the smRunState `suspended'. Such an + implementation will change into the `suspending' state + when the smRunControl is set to `suspend' and remain in this + state until smRunControl is set to `resume' or the script + terminates." + ::= { smCompliances 1 } + + smLanguageGroup OBJECT-GROUP + OBJECTS { + smLangLanguage, + smLangVersion, + smLangVendor, + smLangRevision, + + + +Levi & Schoenwaelder Standards Track [Page 38] + +RFC 2592 Script MIB May 1999 + + + smLangDescr, + smExtsnExtension, + smExtsnVersion, + smExtsnVendor, + smExtsnRevision, + smExtsnDescr + } + STATUS current + DESCRIPTION + "A collection of objects providing information about the + capabilities of the scripting engine." + ::= { smGroups 1 } + + smScriptGroup OBJECT-GROUP + OBJECTS { + smScriptDescr, + smScriptLanguage, + smScriptSource, + smScriptAdminStatus, + smScriptOperStatus, + smScriptStorageType, + smScriptRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects providing information about + installed scripts." + ::= { smGroups 2 } + + smCodeGroup OBJECT-GROUP + OBJECTS { + smCodeText, + smCodeRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects used to download or modify scripts + by using SNMP set requests." + ::= { smGroups 3 } + + smLaunchGroup OBJECT-GROUP + OBJECTS { + smLaunchScriptOwner, + smLaunchScriptName, + smLaunchArgument, + smLaunchMaxRunning, + smLaunchMaxCompleted, + smLaunchLifeTime, + + + +Levi & Schoenwaelder Standards Track [Page 39] + +RFC 2592 Script MIB May 1999 + + + smLaunchExpireTime, + smLaunchStart, + smLaunchControl, + smLaunchAdminStatus, + smLaunchOperStatus, + smLaunchRunIndexNext, + smLaunchStorageType, + smLaunchRowStatus + } + STATUS current + DESCRIPTION + "A collection of objects providing information about scripts + that can be launched." + ::= { smGroups 4 } + + smRunGroup OBJECT-GROUP + OBJECTS { + smRunArgument, + smRunStartTime, + smRunEndTime, + smRunLifeTime, + smRunExpireTime, + smRunExitCode, + smRunResult, + smRunState, + smRunControl, + smRunError + } + STATUS current + DESCRIPTION + "A collection of objects providing information about running + scripts." + ::= { smGroups 5 } + + smNotificationsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + smScriptAbort, + smScriptResult + } + STATUS current + DESCRIPTION + "The notifications emitted by the script MIB." + ::= { smGroups 6 } + + END + + + + + + +Levi & Schoenwaelder Standards Track [Page 40] + +RFC 2592 Script MIB May 1999 + + +7. Usage Examples + + This section presents some examples that explain how a manager can + use the Script MIB defined in this memo. The purpose of these + examples is to explain the steps that are normally used to delegate + management scripts. + +7.1. Pushing a script via SNMP + + This example explains the steps performed by a manager to push a + script into a distributed manager. + + 1. The manager first checks the smLanguageTable and the + smExtensionTable in order to select the appropriate script or + language. + + 2. The manager creates a row in the smScriptTable by issuing an + SNMP set-request. The smScriptRowStatus object is set to + `createAndWait' and the smScriptSource object is set to an empty + string. The smScriptLanguage object is set to the language in + which the script was written. The smScriptStorageType object is + set to `volatile' to indicate that the script will be loaded via + the smCodeTable. The smScriptOwner is set to a string which + identifies the principal who owns the new row. The smScriptName + defines the administratively assigned unique name for the + script. + + 3. The manager sets the smScriptRowStatus object to `active' and + the smScriptAdminStatus object to `editing'. + + 4. The manager pushes the script to the distributed manager by + issuing a couple of SNMP set-requests to fill the smCodeTable. + + 5. Once the whole script has been transferred, the manager sends a + set-request to set the smScriptAdminStatus object to `enabled'. + The Script MIB implementation now makes the script accessible to + the runtime system. This might include the compilation of the + script if the language requires a compilation step. + + 6. The manager polls the smScriptOperStatus object until the value + is either `enabled' or one of the error status codes. The + script can only be used if the value of smScriptOperStatus is + `enabled'. + + 7. If the manager wants to store the script in local non-volatile + storage, it should send a set-request which changes the + smScriptStorageType object to `nonVolatile'. + + + + +Levi & Schoenwaelder Standards Track [Page 41] + +RFC 2592 Script MIB May 1999 + + +7.2. Pulling a script from a URL + + This example explains the steps performed by a manager to cause a + distributed manager to pull a script from a URL. + + 1. The manager first checks the smLanguageTable and the + smExtensionTable in order to select the appropriate script or + language. + + 2. The manager creates a row in the smScriptTable by issuing an + SNMP set-request. The smScriptRowStatus object is set to + `createAndWait' and the smScriptSource object is set to the URL + which points to the script source. The smScriptLanguage object + is set to the language in which the script was written. The + smScriptOwner is set to a string which identifies the principal + who owns the new row. The smScriptName defines the + administratively assigned unique name for the script. + + 3. The manager sets the smScriptRowStatus object to `active'. + + 4. The manager sends a set-request to set the smScriptAdminStatus + object to `enabled'. The Script MIB implementation now makes the + script accessible to the runtime system. This causes a retrieval + operation to pull the script from the URL stored in + smScriptSource. This retrieval operation might be followed by a + compile operation if the language requires a compilation step. + + 5. The manager polls the smScriptOperStatus object until the value + is either `enabled' or one of the error status codes. The + script can only be used if the value of smScriptOperStatus is + `enabled'. + + 6. If the manager wants to store the script in local non-volatile + storage, it should send a set-request which changes the + smScriptStorageType object to `nonVolatile'. + +7.3. Modifying an existing script + + This section explains how a manager can modify a script by sending + SNMP set-requests. + + 1. First, the script is de-activated by setting the + smScriptAdminStatus to `disabled'. + + 2. The manager polls the smScriptOperStatus object until the value + is `disabled'. + + + + + +Levi & Schoenwaelder Standards Track [Page 42] + +RFC 2592 Script MIB May 1999 + + + 3. The manager sets smScriptSource to an empty string and + smScriptAdminStatus to `editing'. This makes the script source + available in the smCodeTable. + + 4. The manager polls the smScriptOperStatus object until the value + is `editing'. + + 5. The manager sends SNMP set-requests to modify the script in the + smCodeTable. + + 6. The manager sends a set-request to set the smScriptAdminStatus + object to `enabled'. The Script MIB implementation now makes the + script accessible to the runtime system. This might include the + compilation of the script if the language requires a compilation + step. + + 7. The manager polls the smScriptOperStatus object until the value + is either `enabled' or one of the error status codes. The + script can only be used if the value of smScriptOperStatus is + `enabled'. + +7.4. Removing an existing script + + This section explains how a manager can remove a script from a + distributed manager. + + 1. First, the manager sets the smScriptAdminStatus to `disabled'. + This will ensure that no new scripts can be started while + running scripts finish their execution. + + 2. The manager polls the smScriptOperStatus object until the value + is `disabled'. + + 3. The manager sends an SNMP set-request to change the + smScriptRowStatus object to `destroy'. This will remove the row + and all associated resources from the Script MIB implementation. + +7.5. Creating a launch button + + This section explains how a manager can create a launch button for + starting a script. + + 1. The manager, who is identified by an smLaunchOwner value, first + chooses a name for the new row in the smLaunchTable. The manager + sends an SNMP set-request to set the smLaunchRowStatus object + for this smLaunchOwner and smLaunchName to `createAndWait'. + + + + + +Levi & Schoenwaelder Standards Track [Page 43] + +RFC 2592 Script MIB May 1999 + + + 2. The manager fills the new smLaunchTable row with all required + parameters. The smLaunchScriptOwner and smLaunchScriptName + values point to the script that should be started from this + launch button. + + 3. The manager sends a set-request to change smLaunchAdminStatus to + `enabled' once the new smLaunchTable row is complete. + + 4. The manager polls the smLaunchOperStatus object until the value + is `enabled'. + +7.6. Launching a script + + This section explains the suggested way to launch a script from a + given launch button. + + 1. The manager first retrieves the value of smLaunchRunIndexNext + from the launch button selected to start the script. + + 2. The manager sends an SNMP set-request to set the smLaunchStart + object to the value obtained in step 1. This will launch the + script if all necessary pre-conditions are satisfied (see the + definition of smLaunchStart for more details). The manager can + also provide the smLaunchArgument in the same set-request that + is used to start the script. Upon successful start, a new row + will be created in the smRunTable indexed by smLaunchOwner, + smLaunchName and the value written to smLaunchStart. + + Note, the first step is not required. A manager can also try to guess + an unused value for smRunIndex if he wants to start script in a + single transaction. A manager can also use the special value 0 if he + does not care about the results produced by the script. + +7.7. Terminating a script + + This section explains two ways to terminate a running script. The + first approach is as follows: + + 1. The manager sets the smRunControl object of the running script + or the smLaunchControl object of the launch button used to start + the running script to `abort'. Setting smLaunchControl will + abort all running scripts started from the launch button while + smRunControl will only abort the running script associated with + the smRunControl instance. + + + + + + + +Levi & Schoenwaelder Standards Track [Page 44] + +RFC 2592 Script MIB May 1999 + + + The second way to terminate a script is to set the smRunLifeTime to + zero which causes the runtime system to terminate the script with a + `lifeTimeExceeded' exit code: + + 1. The manager changes the value of smRunLifeTime to 0. This causes + the Script MIB implementation to abort the script because the + remaining life time has expired. + + Note, changing the smRunLifeTime value can also be used to increase + the permitted lifetime of a running script. For example, a manager + can choose to set smRunLifeTime to a small fixed time interval and + increase the value periodically. This strategy has the nice effect + that scripts terminate automatically if the manager loses contact + with the Script MIB engine. + +7.8. Removing a launch button + + This section explains how a manager can remove a launch button from a + distributed manager. + + 1. First, the manager sets the smLaunchAdminStatus to + `disabled'. This will ensure that no new scripts can be started + from this launch button while running script will finish their + execution. + + 2. The manager polls the smLaunchOperStatus object until the value + is `disabled'. + + 3. The manager sends an SNMP set-request to change the + smLaunchRowStatus object to `destroy'. This will remove the row + and all associated resources from the Script MIB implementation. + +8. VACM Configuration Examples + + This section shows how the view-based access control model defined in + RFC 2275 [15] can be configured to control access to the script MIB. + +8.1. Sandbox for guests + + The first example demonstrates how to configure VACM to give the + members of the VACM group "guest" limited access to the script MIB. + The MIB views defined below give the members of the "guest" group a + sandbox where they can install and start their own scripts, but not + access any other scripts maintained by the Script MIB implementation. + + vacmAccessReadView."guest"."".usm.authNoPriv = "guestReadView" + vacmAccessWriteView."guest"."".usm.authNoPriv = "guestWriteView" + + + + +Levi & Schoenwaelder Standards Track [Page 45] + +RFC 2592 Script MIB May 1999 + + + The guestReadView grants read access to the smLangTable, the + smExtsnTable and to all the table entries owned by "guest": + + guestReadView: + smLangTable (included) + smExtsnTable (included) + smScriptObjects.*.*.*."guest" (included) + smRunObjects.*.*.*."guest" (included) + + The guestWriteView grants write access to all the table entries owned + by "guest": + + guestWriteView: + smScriptObjects.*.*.*."guest" (included) + smRunObjects.*.*.*."guest" (included) + +8.2. Sharing scripts + + This example demonstrates how VACM can be used to share a repository + of scripts between the members of the "senior" and the members of the + "junior" VACM group: + + vacmAccessReadView."junior"."".usm.authNoPriv = "juniorReadView" + vacmAccessWriteView."junior"."".usm.authNoPriv = "juniorWriteView" + + juniorReadView: + smLangTable (included) + smExtsnTable (included) + smScriptObjects.*.*.*."junior" (included) + smRunObjects.*.*.*."junior" (included) + smScriptObjects.*.*.*."utils" (included) + + juniorWriteView: + smScriptObjects.*.*.*."junior" (included) + smRunObjects.*.*.*."junior" (included) + + The definitions above allow the members of the "junior" VACM group to + start the scripts owned by "utils" in addition to the script the + members of the "junior" VACM group installed themself. This is + accomplished by giving the members of "junior" read access to scripts + in "utils". This allows members of "junior" to create entries in the + smLauchTable which refer to scripts in "utils", and to launch those + scripts using these entries in the smLaunchTable. + + + + + + + + +Levi & Schoenwaelder Standards Track [Page 46] + +RFC 2592 Script MIB May 1999 + + + vacmAccessReadView."senior"."".usm.authNoPriv = "seniorReadView" + vacmAccessWriteView."senior"."".usm.authNoPriv = "seniorWriteView" + + seniorReadView: + smLangTable (included) + smExtsnTable (included) + smScriptObjects.*.*.*."senior" (included) + smRunObjects.*.*.*."senior" (included) + smScriptObjects.*.*.*."utils" (included) + + seniorWriteView: + smScriptObjects.*.*.*."senior" (included) + smRunObjects.*.*.*."senior" (included) + smScriptObjects.*.*.*."utils" (included) + + The definitions for the members of the "senior" VACM group allow to + start the scripts owned by "utils" in addition to the script the + members of the "senior" VACM group installed themself. The third + write access rule in the seniorWriteView also grants the permission + to install scripts owned by "utils". The members of the "senior" VACM + group therefore have the permissions to install and modify scripts + that can be called by the members of the "junior" VACM group. + +8.3. Emergency scripts + + + This example demonstrates how VACM can be used to allow the members + of the "junior" VACM group to launch scripts that are executed with + the permissions associated with the "emergency" owner. This works by + adding the following rules to the juniorReadView and the + juniorWriteView: + + juniorReadView: + smScriptObjects.*.*.*."emergency" (included) + smRunObjects.*.*.*."emergency" (included) + + juniorWriteView + smLaunchStart."emergency" (included) + smLaunchArgument."emergency" (included) + + The rules added to the juniorReadView grant read access to the + scripts, the launch buttons and the results owned by "emergency". The + rules added to the juniorWriteView grant write permissions to the + smLaunchStart and smLaunchArgument variables ownded by "emergency". + Members of the "junior" VACM group can therefore start scripts that + will execute under the owner "emergency". + + + + + +Levi & Schoenwaelder Standards Track [Page 47] + +RFC 2592 Script MIB May 1999 + + + seniorReadView: + smScriptObjects.*.*.*."emergency" (included) + smRunObjects.*.*.*."emergency" (included) + + seniorWriteView: + smScriptObjects.*.*.*."emergency" (included) + smRunObjects.*.*.*."emergency" (included) + + The rules added to the seniorReadView and the seniorWriteView will + give the members of the "senior" VACM group the rights to install + emergency scripts and to configure appropriate launch buttons. + +9. IANA Considerations + + The Internet Assigned Numbers Authority (IANA) is responsible for + maintaining a MIB module which provides OID registrations for well- + known languages. The IANA language registry is intented to reduce + interoperability problems by providing a single list of well-known + languages. However, it is of course still possible to register + languages in private OID spaces. Registering languages in private + spaces is especially attractive if a language is used for + experimentation or if a language is only used in environments where + the distribution of MIB modules with the language registration does + not cause any maintenance problems. + + Any additions or changes to the list of languages registered via IANA + require Designated Expert Review as defined in the IANA guidelines + [20]. The Designated Expert will be selected by the IESG Area + Director for the IETF Operations and Management Area. + +10. Security Considerations + + This MIB provides the ability to distribute applications written in + an arbitrary language to remote systems in a network. The security + features of the languages available in a particular implementation + should be taken into consideration when deploying an implementation + of this MIB. + + To facilitate the provisioning of access control by a security + administrator using the View-Based Access Control Model (VACM) + defined in RFC 2275 [15] for tables in which multiple users may need + to independently create or modify entries, the initial index is used + as an "owner index". Such an initial index has a syntax of + SnmpAdminString, and can thus be trivially mapped to a securityName + or groupName as defined in VACM, in accordance with a security + policy. + + + + + +Levi & Schoenwaelder Standards Track [Page 48] + +RFC 2592 Script MIB May 1999 + + + All entries in related tables belonging to a particular user will + have the same value for this initial index. For a given user's + entries in a particular table, the object identifiers for the + information in these entries will have the same subidentifiers + (except for the "column" subidentifier) up to the end of the encoded + owner index. To configure VACM to permit access to this portion of + the table, one would create vacmViewTreeFamilyTable entries with the + value of vacmViewTreeFamilySubtree including the owner index portion, + and vacmViewTreeFamilyMask "wildcarding" the column subidentifier. + More elaborate configurations are possible. + + The VACM access control mechanism described above provides control + over SNMP access to Script MIB objects. There are a number of other + access control issues that are outside of the scope of this MIB. For + example, access control on URLs, especially those that use the file + scheme, must be realized by the underlying operating system. A + mapping of the owner index value to a local operating system security + user identity should be used by an implementation of this MIB to + control access to operating system resources when resolving URLs or + executing scripts. + +11. Intellectual Property + + The IETF takes no position regarding the validity or scope of any + intellectual property or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; neither does it represent that it + has made any effort to identify any such rights. Information on the + IETF's procedures with respect to rights in standards-track and + standards-related documentation can be found in BCP-11. Copies of + claims of rights made available for publication and any assurances of + licenses to be made available, or the result of an attempt made to + obtain a general license or permission for the use of such + proprietary rights by implementors or users of this specification can + be obtained from the IETF Secretariat. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights which may cover technology that may be required to practice + this standard. Please address the information to the IETF Executive + Director. + +12. Acknowledgments + + This document was produced by the IETF Distributed Management + (DISMAN) working group. + + + + +Levi & Schoenwaelder Standards Track [Page 49] + +RFC 2592 Script MIB May 1999 + + +13. References + + [1] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for + Describing SNMP Management Frameworks", RFC 2271, January 1998. + + [2] Rose, M. and K. McCloghrie, "Structure and Identification of + Management Information for TCP/IP-based Internets", STD 16, RFC + 1155, May 1990. + + [3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, + RFC 1212, March 1991. + + [4] Rose, M., "A Convention for Defining Traps for use with the + SNMP", RFC 1215, March 1991. + + [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, + M. and S. Waldbusser, "Structure of Management Information + Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. + + [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, + M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, + RFC 2579, April 1999. + + [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, + M. and S. Waldbusser, "Conformance Statements for SMIv2", STD + 58, RFC 2580, April 1999. + + [8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple + Network Management Protocol", STD 15, RFC 1157, May 1990. + + [9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, + "Introduction to Community-based SNMPv2", RFC 1901, January + 1996. + + [10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport + Mappings for Version 2 of the Simple Network Management Protocol + (SNMPv2)", RFC 1906, January 1996. + + [11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message + Processing and Dispatching for the Simple Network Management + Protocol (SNMP)", RFC 2272, January 1998. + + [12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) + for version 3 of the Simple Network Management Protocol + (SNMPv3)", RFC 2274, January 1998. + + + + + + +Levi & Schoenwaelder Standards Track [Page 50] + +RFC 2592 Script MIB May 1999 + + + [13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol + Operations for Version 2 of the Simple Network Management + Protocol (SNMPv2)", RFC 1905, January 1996. + + [14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC + 2273, January 1998. + + [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access + Control Model (VACM) for the Simple Network Management Protocol + (SNMP)", RFC 2275, January 1998. + + [16] Hovey, R. and S. Bradner, "The Organizations Involved in the + IETF Standards Process", BCP 11, RFC 2028, October 1996. + + [17] Berners-Lee, T., Fielding, R. and L. Masinter, " Uniform + Resource Identifiers (URI): Generic Syntax", RFC 2396, August + 1998. + + [18] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, RFC + 959, October 1985. + + [19] Fielding, R., Gettys, J., Mogul, J., Frystyk, H. and T. + Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC + 2068, January 1997. + + [20] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA + Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. + + [21] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", BCP 14, RFC 2119, March 1997. + + + + + + + + + + + + + + + + + + + + + +Levi & Schoenwaelder Standards Track [Page 51] + +RFC 2592 Script MIB May 1999 + + +14. Editors' Addresses + + David B. Levi + Nortel Networks + 4401 Great America Parkway + Santa Clara, CA 95052-8185 + U.S.A. + + Phone: +1 423 686 0432 + EMail: dlevi@nortelnetworks.com + + + Juergen Schoenwaelder + TU Braunschweig + Bueltenweg 74/75 + 38106 Braunschweig + Germany + + Phone: +49 531 391-3683 + EMail: schoenw@ibr.cs.tu-bs.de + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Levi & Schoenwaelder Standards Track [Page 52] + +RFC 2592 Script MIB May 1999 + + +16. Full Copyright Statement + + Copyright (C) The Internet Society (1999). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Levi & Schoenwaelder Standards Track [Page 53] + -- cgit v1.2.3