|
Packit Service |
b38f0b |
#!/bin/sh
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
. ../support/simple_eval_tools.sh
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
HEADER SNMPv3 agent USM user management with snmpusm
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
SKIPIF NETSNMP_DISABLE_SET_SUPPORT
|
|
Packit Service |
b38f0b |
SKIPIF NETSNMP_NO_WRITE_SUPPORT
|
|
Packit Service |
b38f0b |
SKIPIFNOT USING_SNMPV3_USMUSER_MODULE
|
|
Packit Service |
b38f0b |
SKIPIFNOT NETSNMP_CAN_DO_CRYPTO
|
|
Packit Service |
b38f0b |
SKIPIFNOT NETSNMP_ENABLE_SCAPI_AUTHPRIV
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
#
|
|
Packit Service |
b38f0b |
# Begin test
|
|
Packit Service |
b38f0b |
#
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# standard SNMPv3 USM agent configuration
|
|
Packit Service |
b38f0b |
DEFSECURITYLEVEL=authPriv
|
|
Packit Service |
b38f0b |
. ./Sv3usmconfigagent
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test user
|
|
Packit Service |
b38f0b |
NEWUSER=newtestuser
|
|
Packit Service |
b38f0b |
NEWAUTHPASS=newauthpass
|
|
Packit Service |
b38f0b |
NEWPRIVPASS=newprivpass
|
|
Packit Service |
b38f0b |
NEWAUTHPRIVPASS=newauthprivpass
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# configure agent
|
|
Packit Service |
b38f0b |
CONFIGAGENT rwuser $NEWUSER
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# Start the agent
|
|
Packit Service |
b38f0b |
STARTAGENT
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## usmUserTable management
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## 1) create, clone, test, delete
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# create new (vanilla) user
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $TESTPRIVARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT create $NEWUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "User successfully created"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# clone
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $TESTPRIVARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT cloneFrom $NEWUSER $TESTPRIVUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "User successfully cloned"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (authPriv)
|
|
Packit Service |
b38f0b |
CAPTURE "snmpget -On $SNMP_FLAGS -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $TESTAUTHPASS -x $DEFPRIVTYPE -X $TESTPRIVPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.3.0"
|
|
Packit Service |
b38f0b |
CHECKORDIE ".1.3.6.1.2.1.1.3.0 = Timeticks:"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# delete
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $TESTPRIVARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT delete $NEWUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "User successfully deleted"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## 2) create w/ clone, passwd (auth), passwd (priv), test (authPriv+authNoPriv)
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# create+clone template user
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $TESTPRIVARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT create $NEWUSER $TESTPRIVUSER2"
|
|
Packit Service |
b38f0b |
CHECKORDIE "User successfully created"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# change auth passphrase of new user
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $TESTPRIVARGS -Ca $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $TESTAUTHPASS2 $NEWAUTHPASS $NEWUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "SNMPv3 Key(s) successfully changed"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# change priv passphrase of new user
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS $TESTPRIVARGS -Cx $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $TESTPRIVPASS2 $NEWPRIVPASS $NEWUSER"
|
|
Packit Service |
b38f0b |
CHECKORDIE "SNMPv3 Key(s) successfully changed"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (authNoPriv)
|
|
Packit Service |
b38f0b |
CAPTURE "snmpget -On $SNMP_FLAGS -v 3 -u $NEWUSER -l anp -a $DEFAUTHTYPE -A $NEWAUTHPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.3.0"
|
|
Packit Service |
b38f0b |
CHECKORDIE ".1.3.6.1.2.1.1.3.0 = Timeticks:"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (authPriv)
|
|
Packit Service |
b38f0b |
CAPTURE "snmpget -On $SNMP_FLAGS -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $NEWAUTHPASS -x $DEFPRIVTYPE -X $NEWPRIVPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.3.0"
|
|
Packit Service |
b38f0b |
CHECKORDIE ".1.3.6.1.2.1.1.3.0 = Timeticks:"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## 3) passwd (priv), passwd (auth+priv), test
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# change priv passphrase (to auth passphrase) by the user himself
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $NEWAUTHPASS -x $DEFPRIVTYPE -X $NEWPRIVPASS -Cx $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $NEWPRIVPASS $NEWAUTHPASS"
|
|
Packit Service |
b38f0b |
CHECKORDIE "SNMPv3 Key(s) successfully changed"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# change both passphrases at once
|
|
Packit Service |
b38f0b |
CAPTURE "snmpusm $SNMP_FLAGS -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $NEWAUTHPASS -x $DEFPRIVTYPE -X $NEWAUTHPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $NEWAUTHPASS $NEWAUTHPRIVPASS"
|
|
Packit Service |
b38f0b |
CHECKORDIE "SNMPv3 Key(s) successfully changed"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (authPriv)
|
|
Packit Service |
b38f0b |
CAPTURE "snmpget -On $SNMP_FLAGS -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $NEWAUTHPRIVPASS -x $DEFPRIVTYPE -X $NEWAUTHPRIVPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.3.0"
|
|
Packit Service |
b38f0b |
CHECKORDIE ".1.3.6.1.2.1.1.3.0 = Timeticks:"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## 5) persistency I: reconfigure (SIGHUP), re-test
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
if ISDEFINED HAVE_SIGHUP; then
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
HUPAGENT
|
|
Packit Service |
b38f0b |
DELAY
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (authPriv)
|
|
Packit Service |
b38f0b |
CAPTURE "snmpget -On $SNMP_FLAGS -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $NEWAUTHPRIVPASS -x $DEFPRIVTYPE -X $NEWAUTHPRIVPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.3.0"
|
|
Packit Service |
b38f0b |
CHECKORDIE ".1.3.6.1.2.1.1.3.0 = Timeticks:"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## 5) persistency II: stop, start, re-test
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
STOPAGENT
|
|
Packit Service |
b38f0b |
DELAY
|
|
Packit Service |
b38f0b |
# make sure it picks up persistent config and uses a new logfile
|
|
Packit Service |
b38f0b |
SNMPCONFPATH="${SNMP_TMPDIR}${SNMP_ENV_SEPARATOR}${SNMP_TMP_PERSISTENTDIR}"
|
|
Packit Service |
b38f0b |
export SNMPCONFPATH
|
|
Packit Service |
b38f0b |
SNMP_CONFIG_FILE="does-not-exist"
|
|
Packit Service |
b38f0b |
SNMP_SNMPD_LOG_FILE=${SNMP_TMPDIR}/snmpd2.log
|
|
Packit Service |
b38f0b |
STARTAGENT
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
# test (authPriv)
|
|
Packit Service |
b38f0b |
CAPTURE "snmpget -On $SNMP_FLAGS -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $NEWAUTHPRIVPASS -x $DEFPRIVTYPE -X $NEWAUTHPRIVPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.3.0"
|
|
Packit Service |
b38f0b |
CHECKORDIE ".1.3.6.1.2.1.1.3.0 = Timeticks:"
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
fi
|
|
Packit Service |
b38f0b |
|
|
Packit Service |
b38f0b |
## stop agent and finish
|
|
Packit Service |
b38f0b |
STOPAGENT
|
|
Packit Service |
b38f0b |
FINISHED
|