From: Christian Korber Date: Tue, 25 Mar 2025 19:51:02 +0000 (+0100) Subject: net-snmp: modify init script for SNMPv3 X-Git-Url: http://git.openwrt.org/%22https:/collectd.org//%22/%22https:/collectd.org/%22?a=commitdiff_plain;h=2fc221699dfa296cd13af23827498bf24dfbc97a;p=feed%2Fpackages.git net-snmp: modify init script for SNMPv3 This commit adds function 'snmpd_snmpv3_add' to the init script to support SNMPv3 config parsing. The new uci config section has the following configuration parameters: config v3 option username 'John' option allow_write '0' option auth_type 'SHA|MD5' option auth_pass 'passphrase' option privacy_type 'AES|DES' option privacy_pass 'passphrase' option RestrictOID 'yes|no' option RestrictedOID '1.3.6.1.2.1.1.1' This new section is only relevant if the snmp_version 'v1/v2c/v3' or 'v3' is set in the uci section 'general'. Signed-off-by: Christian Korber Signed-off-by: Florian Eckert --- diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile index 810014ffb9..6ee79d4ebe 100644 --- a/net/net-snmp/Makefile +++ b/net/net-snmp/Makefile @@ -333,7 +333,6 @@ define Package/snmpd-nossl/install $(INSTALL_DIR) $(1)/etc/config $(INSTALL_DATA) ./files/snmpd.conf $(1)/etc/config/snmpd $(INSTALL_DIR) $(1)/etc/snmp - $(LN) /var/run/snmpd.conf $(1)/etc/snmp/ $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/snmpd.init $(1)/etc/init.d/snmpd $(INSTALL_DIR) $(1)/usr/sbin diff --git a/net/net-snmp/files/snmpd.conf b/net/net-snmp/files/snmpd.conf index e18864d539..f3bf7c6d9b 100644 --- a/net/net-snmp/files/snmpd.conf +++ b/net/net-snmp/files/snmpd.conf @@ -128,3 +128,13 @@ config engineid config snmpd general option enabled '1' # list network 'wan' +# +#config v3 +# option username 'John' +# option allow_write '0' +# option auth_type 'SHA|MD5' +# option auth_pass 'passphrase' +# option privacy_type 'AES|DES' +# option privacy_pass 'passphrase' +# option RestrictOID 'yes|no' +# option RestrictedOID '1.3.6.1.2.1.1.1' diff --git a/net/net-snmp/files/snmpd.init b/net/net-snmp/files/snmpd.init index b6a215cf78..7578b7eda4 100644 --- a/net/net-snmp/files/snmpd.init +++ b/net/net-snmp/files/snmpd.init @@ -242,6 +242,71 @@ snmpd_sink_add() { echo "$section $host$port $community" >> $CONFIGFILE } +snmpd_snmpv3_add() { + local cfg="$1" + local cfg2="$2" + + local version + local username + local auth_type + local auth_pass + local privacy_type + local privacy_pass + local allow_write + local oid + + config_get version "$cfg2" snmp_version + if [ "$version" != "v1/v2c/v3" ] && [ "$version" != "v3" ]; then + echo "skipping section '$cfg' wrong 'snmp_version=$version' configured" + return 0 + fi + + config_get username "$cfg" username + [ -n "$username" ] || { + echo "skipping section '$cfg' 'username' missing" + return 0 + } + + config_get auth_pass "$cfg" auth_pass + config_get oid "$cfg" RestrictedOID + config_get_bool allow_write "$cfg" allow_write 0 + local useraccess="rouser" + [ "$allow_write" -eq 1 ] && useraccess="rwuser" + + if [ -z "$auth_pass" ]; then + echo "createUser $username" >> "$CONFIGFILE" + echo "$useraccess $username noauth $oid" >> "$CONFIGFILE" + return + fi + + [ "${#auth_pass}" -lt 8 ] && { + echo "skipping section '$cfg' 'auth_pass' requires a min length of 8" + return 0 + } + + config_get auth_type "$cfg" auth_type + [ -z "$auth_type" ] && { + echo "skipping section '$cfg' 'auth_type' missing" + return 0 + } + + config_get privacy_type "$cfg" privacy_type + config_get privacy_pass "$cfg" privacy_pass + if [ -n "$privacy_type" ] && [ -n "$privacy_pass" ]; then + + [ "${#privacy_pass}" -lt 8 ] && { + echo "skipping section '$cfg' 'privacy_pass' requires a min length of 8" + return 0 + } + + echo "createUser $username $auth_type \"$auth_pass\" $privacy_type \"$privacy_pass\"" >> "$CONFIGFILE" + echo "$useraccess $username priv $oid" >> "$CONFIGFILE" + else + echo "createUser $username $auth_type \"$auth_pass\"" >> "$CONFIGFILE" + echo "$useraccess $username auth $oid" >> "$CONFIGFILE" + fi +} + append_parm() { local section="$1" local option="$2" @@ -319,9 +384,10 @@ start_service() { append_authtrapenable authtrapenable enable authtrapenable append_parm v1trapaddress host v1trapaddress append_parm trapsess trapsess trapsess + config_foreach snmpd_snmpv3_add v3 general procd_set_param command $PROG -Lf /dev/null -f -r - procd_set_param file $CONFIGFILE + procd_append_param command -C -c "$CONFIGFILE" procd_set_param respawn for iface in $(ls /sys/class/net 2>/dev/null); do