source-git / net-snmp

Clone
Source Code
GIT

Files

  1.   b38f0b5f5e115b973eb2676245fe33a4d782e478
  2.   testing
  3.   fulltests
  4.   tls
  5.   STsmPrefix
Blob Blame History Raw 
#!/bin/sh

. STlsVars

# this file contains tests common to both tls and dtls usages

export NET_SNMP_CRT_CFGTOOL="${builddir}/net-snmp-config"
NSCERT="perl $SNMP_BASEDIR/../../../local/net-snmp-cert"
NSCERTARGS="-I -C $SNMP_TMPDIR"

TLSDIR=$SNMP_TMPDIR/tls

#########################################
# Create the certificates

# create the ca
CAPTURE $NSCERT genca --cn ca-net-snmp.org  $NSCERTARGS

# snmpd
HOSTNAME=`hostname`
CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpd --cn $HOSTNAME $NSCERTARGS
SERVERFP=`$NSCERT showcerts --fingerprint --brief snmpd  $NSCERTARGS`
CHECKVALUEISNT "$SERVERFP" "" "generated fingerprint for snmpd certificate"

# user
CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp --cn 'testuser'  $NSCERTARGS
TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS`
CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate"

# user2
CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp2 --cn 'testuser2'  $NSCERTARGS
TESTUSER2FP=`$NSCERT showcerts --fingerprint --brief snmpapp2 $NSCERTARGS`
CHECKVALUEISNT "$TESTUSER2FP" "" "generated fingerprint for testuser2 certificate"

CONFIGAPP peerCert		  $SERVERFP
CONFIGAGENT certSecName 9  $TESTUSERFP     --cn
CONFIGAGENT certSecName 10  $TESTUSER2FP     --cn
CONFIGAGENT  rwuser -s tsm testuser authpriv
CONFIGAGENT  rwuser -s tsm $TSM_PREFIX:testuser2 authpriv
CONFIGAGENT rocommunity public

# app flags
FLAGS="-v3 -r1 -On $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT"

#
# Start the agent
#
AGENT_FLAGS="-Dtsm udp:9999"
STARTAGENT

CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"
CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: false"

# using user 1 - a common name mapped certificate
# (using the default "snmpapp" certificate because we don't specify another)
CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

CHECK       ".1.3.6.1.2.1.1.3.0 = Timeticks:"

# using user 2 should now fail because no prefix is applied
CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
CHECK "authorizationError"

# set the TSM prefix scalar to 1 to turn on prefixing
CAPTURE "snmpset -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0 i 1"


# using user 2 should now work and the prefix should have been added
# to the securityName, so the agent now accepts it
CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"

CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: true"

# using user 1 should now fail because the prefix has added to the
# securityName, so the agent now accepts it
CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"

CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
CHECK "authorizationError"

CAPTURE "snmpget -v 1 -c public 127.0.0.1:9999 .1.3.6.1.2.1.190.1.2.1.0"

# cleanup
STOPAGENT

FINISHED

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation