From 3de22ad1368f8c7e087903e95b6777c559755793 Mon Sep 17 00:00:00 2001
From: Christian Ramseyer <ramseyer@netnea.com>
Date: Fri, 5 Aug 2022 00:20:11 +0200
Subject: [PATCH] Initial commit of PortAccessEntity/IEEE8021-PAE-MIB module

---
 lib/SNMP/Info/Layer3/CiscoSwitch.pm |   6 +
 lib/SNMP/Info/PortAccessEntity.pm   | 179 ++++++++++++++++++++++++++++
 2 files changed, 185 insertions(+)
 create mode 100644 lib/SNMP/Info/PortAccessEntity.pm

diff --git a/lib/SNMP/Info/Layer3/CiscoSwitch.pm b/lib/SNMP/Info/Layer3/CiscoSwitch.pm
index 8a723d84..a02ea995 100644
--- a/lib/SNMP/Info/Layer3/CiscoSwitch.pm
+++ b/lib/SNMP/Info/Layer3/CiscoSwitch.pm
@@ -35,6 +35,7 @@ use Exporter;
 use SNMP::Info::CiscoAgg;
 use SNMP::Info::CiscoPortSecurity;
 use SNMP::Info::Layer3::Cisco;
+use SNMP::Info::PortAccessEntity;
 
 our ($VERSION, %GLOBALS, %MIBS, %FUNCS, %MUNGE);
 
@@ -42,6 +43,7 @@ our ($VERSION, %GLOBALS, %MIBS, %FUNCS, %MUNGE);
     SNMP::Info::CiscoAgg
     SNMP::Info::CiscoPortSecurity
     SNMP::Info::Layer3::Cisco
+    SNMP::Info::PortAccessEntity
     Exporter
 /;
 
@@ -53,24 +55,28 @@ $VERSION = '3.86';
     %SNMP::Info::Layer3::Cisco::MIBS,
     %SNMP::Info::CiscoPortSecurity::MIBS,
     %SNMP::Info::CiscoAgg::MIBS,
+    %SNMP::Info::PortAccessEntity::MIBS,
 );
 
 %GLOBALS = (
     %SNMP::Info::Layer3::Cisco::GLOBALS,
     %SNMP::Info::CiscoPortSecurity::GLOBALS,
     %SNMP::Info::CiscoAgg::GLOBALS,
+    %SNMP::Info::PortAccessEntity::GLOBALS,
 );
 
 %FUNCS = (
     %SNMP::Info::Layer3::Cisco::FUNCS,
     %SNMP::Info::CiscoPortSecurity::FUNCS,
     %SNMP::Info::CiscoAgg::FUNCS,
+    %SNMP::Info::PortAccessEntity::FUNCS,
 );
 
 %MUNGE = (
     %SNMP::Info::Layer3::Cisco::MUNGE,
     %SNMP::Info::CiscoPortSecurity::MUNGE,
     %SNMP::Info::CiscoAgg::MUNGE,
+    %SNMP::Info::PortAccessEntity::MUNGE,
 );
 
 sub cisco_comm_indexing { return 1; }
diff --git a/lib/SNMP/Info/PortAccessEntity.pm b/lib/SNMP/Info/PortAccessEntity.pm
new file mode 100644
index 00000000..60833148
--- /dev/null
+++ b/lib/SNMP/Info/PortAccessEntity.pm
@@ -0,0 +1,179 @@
+# SNMP::Info::PortAccessEntity
+#
+# Copyright (c) 2022 Christian Ramseyer
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#     * Redistributions of source code must retain the above copyright notice,
+#       this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the University of California, Santa Cruz nor the
+#       names of its contributors may be used to endorse or promote products
+#       derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+package SNMP::Info::PortAccessEntity;
+
+use strict;
+use warnings;
+use Exporter;
+use SNMP::Info;
+use Regexp::Common qw /net/;
+
+@SNMP::Info::PortAccessEntity::ISA       = qw/SNMP::Info Exporter/;
+@SNMP::Info::PortAccessEntity::EXPORT_OK = qw//;
+
+our ($VERSION, %MIBS, %FUNCS, %GLOBALS, %MUNGE);
+
+$VERSION = '3.85';
+
+%MIBS = ( 'IEEE8021-PAE-MIB' => 'dot1xPaeSystemAuthControl' );
+
+%GLOBALS = ();
+
+%FUNCS = (
+
+    # dot1xPaeSystem
+    'pae_control'  => 'dot1xPaeSystemAuthControl',
+
+    # dot1xAuthConfigEntry
+    'pae_authconfig_state'         => 'dot1xAuthPaeState', # disconnected|authenticated
+    'pae_authconfig_port_status'   => 'dot1xAuthAuthControlledPortStatus', #(un)authorized
+
+    # dot1xAuthSessionStatsTable
+    'pae_authsess_user'  => 'dot1xAuthSessionUserName',
+
+);
+
+%MUNGE = ();
+
+# try to figure out whether the method is mac address bypass (mab) or dot1x. At least on Cisco,
+# having a MAC address as the "UserName" seems to point at mab.
+sub pae_authsess_mab {
+    my $this    = shift;
+
+    my $u = $this->pae_authsess_user();
+
+    my $mab = {};
+    foreach my $i ( keys %$u ) {
+	    if ($u->{$i} =~ /$RE{net}{MAC}{hex}{-sep=>'[-:]'}/ ) {
+	        $mab->{$i} = "mab" ;
+	    }
+    }
+    return $mab;
+}
+
+
+1;
+
+__END__
+
+=head1 NAME
+
+SNMP::Info::PortAccessEntity - SNMP Interface to data stored in
+F<IEEE8021-PAE-MIB>.
+
+=head1 AUTHOR
+
+Christian Ramseyer
+
+=head1 SYNOPSIS
+
+ # Let SNMP::Info determine the correct subclass for you.
+ my $pae = new SNMP::Info(
+                          AutoSpecify => 1,
+                          Debug       => 1,
+                          DestHost    => 'myswitch',
+                          Community   => 'public',
+                          Version     => 2
+                        )
+    or die "Can't connect to DestHost.\n";
+
+ my $class      = $pae->class();
+ print "SNMP::Info determined this device to fall under subclass : $class\n";
+
+=head1 DESCRIPTION
+
+F<IEEE8021-PAE-MIB> is used to describe Port Access Entities, aka NAC/dot1x features.
+
+Create or use a device subclass that inherit this class.  Do not use directly.
+
+For debugging purposes you can call this class directly as you would
+SNMP::Info
+
+ my $pae = new SNMP::Info::PortAccessEntity (...);
+
+=head2 Inherited Classes
+
+none.
+
+=head2 Required MIBs
+
+=over
+
+=item F<IEEE8021-PAE-MIB>
+
+=back
+
+=head1 GLOBALS
+
+none.
+
+=head1 METHODS
+
+=over
+
+=item $pae->pae_control()
+
+The administrative enable/disable state for Port Access Control in a System.
+Possible values are enabled and disabled.
+
+C<dot1xPaeSystemAuthControl>
+
+=back
+
+=head1 TABLE METHODS
+
+These are methods that return tables of information in the form of a reference
+to a hash.
+
+=over
+
+=item $pae->pae_authconfig_state()
+
+Authentication state: is the port authenticated, disconnected, etc. 
+
+C<dot1xAuthPaeState>
+
+=item $pae->pae_authconfig_port_status()
+
+Controlled Port status parameter for the Port: can only be authorized or unauthorized
+
+C<dot1xAuthAuthControlledPortStatus>
+
+=item $pae->pae_authsess_user()
+
+The User-Name representing the identity of the Supplicant PAE. This can be a pretty
+arbitrary string besides an actual username, e.g. a MAC address for MAB or a hostname
+for dot1x.
+
+C<dot1xAuthSessionUserName>
+
+=back
+
+=cut