#!/bin/sh

. ../support/simple_eval_tools.sh

HEADER SNMPv3 snmptrapd USM user management with snmpusm

SKIPIFNOT USING_AGENTX_MASTER_MODULE

SKIPIFNOT USING_AGENTX_SUBAGENT_MODULE

SKIPIFNOT USING_SNMPV3_USMUSER_MODULE

SKIPIF    NETSNMP_SNMPTRAPD_DISABLE_AGENTX

SKIPIF    NETSNMP_DISABLE_SET_SUPPORT

SKIPIFNOT NETSNMP_USE_OPENSSL

SKIPIF    NETSNMP_NO_WRITE_SUPPORT

SKIPIFNOT NETSNMP_CAN_DO_CRYPTO

SKIPIFNOT NETSNMP_ENABLE_SCAPI_AUTHPRIV

#

# Begin test

#

# configure AgentX socket

if [ "x$SNMP_TRANSPORT_SPEC" = "xunix" ]; then

  AGENT_FLAGS="$AGENT_FLAGS -x $SNMP_TMPDIR/agentx_socket"

  TRAPD_FLAGS="$TRAPD_FLAGS -x $SNMP_TMPDIR/agentx_socket"

else

  AGENT_FLAGS="$AGENT_FLAGS -x tcp:${SNMP_TEST_DEST}${SNMP_AGENTX_PORT}"

  TRAPD_FLAGS="$TRAPD_FLAGS -x tcp:${SNMP_TEST_DEST}${SNMP_AGENTX_PORT}"

fi

# standard SNMPv3 USM agent configuration

DEFSECURITYLEVEL=authPriv

. ./Sv3usmconfigagent

# save agent access

AGENT_TESTAUTHARGS=$TESTAUTHARGS

AGENT_TESTPRIVARGS=$TESTPRIVARGS

# configure agent as AgentX master

CONFIGAGENT master agentx

# Start the master agent

STARTAGENT

# standard SNMPv3 USM snmptrapd configuration

. ./Sv3usmconfigtrapd

# configure snmptrapd

NEWAUTHKEY=0x7458ead7a0b5a753e21bfcb87f6c9803ebef68cf

NEWPRIVKEY=0x98e2696d1cf34d904dfcae76bf01c473

NEWUSER=newtestuser

NEWAUTHPASS=newauthpass

NEWPRIVPASS=newprivpass

NEWUSER2=newtestuser_vanilla

CONFIGTRAPD authuser log $NEWUSER auth

# start snmptrapd

STARTTRAPD

# delay to let it connect and register all MIBs

DELAY

## verify snmptrapd usmUserTable management

SNMPUSM_TRAPD_CONTEXT_ARGS="-n snmptrapd -CE $TRAPD_ENGINEID"

## 1) create, clone, passwd auth, passwd priv, test

# create vanilla user

CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT create $NEWUSER2"

CHECKORDIE "User successfully created"

# clone template user

CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT create $NEWUSER $TESTPRIVUSER"

CHECKORDIE "User successfully created"

# change auth passphrase of new user

CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Ca $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $TESTAUTHPASS $NEWAUTHPASS $NEWUSER"

CHECKORDIE "SNMPv3 Key(s) successfully changed"

# change priv passphrase of new user

CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTPRIVARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Cx $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $TESTPRIVPASS $NEWPRIVPASS $NEWUSER"

CHECKORDIE "SNMPv3 Key(s) successfully changed"

# test (anp)

CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l anp -a $DEFAUTHTYPE -A $NEWAUTHPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_anp"

DELAY

CHECKTRAPDORDIE "received_inform_anp"

# test (ap)

CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $NEWAUTHPASS -x $DEFPRIVTYPE -X $NEWPRIVPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_ap"

DELAY

CHECKTRAPDORDIE "received_inform_ap"

## 2) change localized auth key, test, change localized priv key, test

# change localized auth key

CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Ca -Ck $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $NEWAUTHPASS $NEWAUTHKEY $NEWUSER"

CHECKORDIE "SNMPv3 Key(s) successfully changed"

# test (anp)

CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l anp -a $DEFAUTHTYPE -3k $NEWAUTHKEY $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_anp2"

DELAY

CHECKTRAPDORDIE "received_inform_anp2"

# change localized priv key

CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTPRIVARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Cx -Ck $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $NEWPRIVPASS $NEWPRIVKEY $NEWUSER"

CHECKORDIE "SNMPv3 Key(s) successfully changed"

# test (ap)

CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -3k $NEWAUTHKEY -x $DEFPRIVTYPE -3K $NEWPRIVKEY $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_ap2"

DELAY

CHECKTRAPDORDIE "received_inform_ap2"

## 3) persistency I: reconfigure (SIGHUP), re-test

# reconfigure snmptrapd

HUPTRAPD

# test (ap)

CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -3k $NEWAUTHKEY -x $DEFPRIVTYPE -3K $NEWPRIVKEY $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_ap3"

DELAY

CHECKTRAPDORDIE "received_inform_ap3"

## stop daemons and finish

STOPTRAPD

STOPAGENT

FINISHED