source-git / net-snmp

Clone
Source Code
GIT

Files

  1.   b38f0b5f5e115b973eb2676245fe33a4d782e478
  2.   testing
  3.   fulltests
  4.   default
  5.   Sv3usmconfigbase
Blob Blame History Raw 
#!/bin/sh
#
# SNMPv3 base config
#
# Input+Output variables:
#   DEFSECURITYLEVEL         noAuthNoPriv|authNoPriv|authPriv
#   DEFAUTHTYPE              MD5|SHA
#   DEFPRIVTYPE              DES|AES
#   TESTNOAUTHUSER           <myuser>
#   TEST(AUTH|PRIV)USER[2]   <myuser>
#   TEST(AUTH|PRIV)PASS[2]   <mypass>
#
# Input variables:
#   CREATEUSERENGINEID       <engineid>
#
# Output variables:
#   CREATEAUTHUSER[2]
#   CREATEPRIVUSER[2]
#   CREATENOAUTHUSER
#   TESTNOAUTHARGS
#   TESTAUTHARGS[NOPASS][2]
#   TESTPRIVARGS[NOPASS][2]
#

SKIPIFNOT NETSNMP_SECMOD_USM

## Defaults
[ "x$DEFSECURITYLEVEL" = "x" ] && DEFSECURITYLEVEL=authPriv

## auto-probe best auth type
if grep '^#define NETSNMP_USE_OPENSSL 1' $SNMP_UPDIR/include/net-snmp/net-snmp-config.h $SNMP_UPDIR/include/net-snmp/agent/mib_module_config.h > /dev/null ; then
  MAXAUTHTYPE=SHA
elif grep '^#define NETSNMP_USE_INTERNAL_CRYPTO 1' $SNMP_UPDIR/include/net-snmp/net-snmp-config.h $SNMP_UPDIR/include/net-snmp/agent/mib_module_config.h > /dev/null ; then
  MAXAUTHTYPE=SHA
else
  # MD5 is always available internally
  MAXAUTHTYPE=MD5
fi

## auto-probe best priv type
# XXX: HAVE_AES depends on cpp logic, so we need to test for lower-level stuff
if grep '^#define NETSNMP_USE_OPENSSL 1' $SNMP_UPDIR/include/net-snmp/net-snmp-config.h $SNMP_UPDIR/include/net-snmp/agent/mib_module_config.h > /dev/null; then
  if grep '^#define HAVE_OPENSSL_AES_H 1' $SNMP_UPDIR/include/net-snmp/net-snmp-config.h $SNMP_UPDIR/include/net-snmp/agent/mib_module_config.h > /dev/null && \
   grep '^#define HAVE_AES_CFB128_ENCRYPT 1' $SNMP_UPDIR/include/net-snmp/net-snmp-config.h $SNMP_UPDIR/include/net-snmp/agent/mib_module_config.h > /dev/null ; then
    MAXPRIVTYPE=AES
  else
    MAXPRIVTYPE=DES
  fi
elif grep '^#define NETSNMP_USE_INTERNAL_CRYPTO 1' $SNMP_UPDIR/include/net-snmp/net-snmp-config.h $SNMP_UPDIR/include/net-snmp/agent/mib_module_config.h > /dev/null; then
    MAXPRIVTYPE=AES
else
    MAXPRIVTYPE=""
fi

CREATEUSERCMD="createUser"
[ "x$CREATEUSERENGINEID" != "x" ] && CREATEUSERCMD="$CREATEUSERCMD -e $CREATEUSERENGINEID"

## auth setup
if [ "x$DEFSECURITYLEVEL" = "xauthPriv" -o "x$DEFSECURITYLEVEL" = "xauthNoPriv" ]; then
  [ "x$MAXAUTHTYPE" = "x" ] && SKIP MAXAUTHTYPE not set
  [ "x$DEFAUTHTYPE" = "xSHA" -a "x$MAXAUTHTYPE" != "xSHA" ] && SKIP Cannot do SHA
  [ "x$DEFAUTHTYPE" = "x" ] && DEFAUTHTYPE=$MAXAUTHTYPE
  # user/pass setup (XXX: randomize)
  [ "x$TESTAUTHUSER" = "x" ] && TESTAUTHUSER=initial_auth
  [ "x$TESTAUTHUSER2" = "x" ] && TESTAUTHUSER2=template_auth
  [ "x$TESTAUTHPASS" = "x" ] && TESTAUTHPASS=initial_test_pass_auth
  [ "x$TESTAUTHPASS2" = "x" ] && TESTAUTHPASS2=template_test_pass_auth
  CREATEAUTHUSER="$CREATEUSERCMD $TESTAUTHUSER $DEFAUTHTYPE $TESTAUTHPASS"
  CREATEAUTHUSER2="$CREATEUSERCMD $TESTAUTHUSER2 $DEFAUTHTYPE $TESTAUTHPASS2"
  # command args
  TESTAUTHARGSNOPASS="-v 3 -l anp -u $TESTAUTHUSER -a $DEFAUTHTYPE"
  TESTAUTHARGSNOPASS2="-v 3 -l anp -u $TESTAUTHUSER2 -a $DEFAUTHTYPE"
  TESTAUTHARGS="$TESTAUTHARGSNOPASS -A $TESTAUTHPASS"
  TESTAUTHARGS2="$TESTAUTHARGSNOPASS2 -A $TESTAUTHPASS2"
fi

## priv setup
if [ "x$DEFSECURITYLEVEL" = "xauthPriv" ]; then
  [ "x$MAXPRIVTYPE" = "x" ] && SKIP MAXPRIVTYPE not set
  [ "x$DEFPRIVTYPE" = "xAES" -a "x$MAXPRIVTYPE" != "xAES" ] && SKIP Cannot do AES
  [ "x$DEFPRIVTYPE" = "x" ] && DEFPRIVTYPE=$MAXPRIVTYPE
  # user/pass setup (XXX: randomize)
  [ "x$TESTPRIVUSER" = "x" ] && TESTPRIVUSER=initial_priv
  [ "x$TESTPRIVUSER2" = "x" ] && TESTPRIVUSER2=template_priv
  [ "x$TESTPRIVPASS" = "x" ] && TESTPRIVPASS=initial_test_pass_priv
  [ "x$TESTPRIVPASS2" = "x" ] && TESTPRIVPASS2=template_test_pass_priv
  CREATEPRIVUSER="$CREATEUSERCMD $TESTPRIVUSER $DEFAUTHTYPE $TESTAUTHPASS $DEFPRIVTYPE $TESTPRIVPASS"
  CREATEPRIVUSER2="$CREATEUSERCMD $TESTPRIVUSER2 $DEFAUTHTYPE $TESTAUTHPASS2 $DEFPRIVTYPE $TESTPRIVPASS2"
  # command args
  TESTPRIVARGSNOPASS="-v 3 -l ap -u $TESTPRIVUSER -a $DEFAUTHTYPE -x $DEFPRIVTYPE"
  TESTPRIVARGSNOPASS2="-v 3 -l ap -u $TESTPRIVUSER2 -a $DEFAUTHTYPE -x $DEFPRIVTYPE"
  TESTPRIVARGS="$TESTPRIVARGSNOPASS -A $TESTAUTHPASS -X $TESTPRIVPASS"
  TESTPRIVARGS2="$TESTPRIVARGSNOPASS2 -A $TESTAUTHPASS2 -X $TESTPRIVPASS2"
fi

## noauth setup
[ "x$TESTNOAUTHUSER" = "x" ] && TESTNOAUTHUSER=initial
TESTNOAUTHARGS="-v 3 -l nanp -u $TESTNOAUTHUSER"
CREATENOAUTHUSER="$CREATEUSERCMD $TESTNOAUTHUSER"

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation