projects / feed / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7013ea4)
net-snmp: modify init script for SNMPv3
authorChristian Korber <[email protected]>
Tue, 25 Mar 2025 19:51:02 +0000 (20:51 +0100)
committerFlorian Eckert <[email protected]>
Mon, 11 Aug 2025 06:13:44 +0000 (08:13 +0200)
This commit adds function 'snmpd_snmpv3_add' to the init script
to support SNMPv3 config parsing.

The new uci config section has the following configuration parameters:

config v3
option username 'John'
option allow_write '0'
option auth_type 'SHA|MD5'
option auth_pass 'passphrase'
option privacy_type 'AES|DES'
option privacy_pass 'passphrase'
option RestrictOID 'yes|no'
option RestrictedOID '1.3.6.1.2.1.1.1'

This new section is only relevant if the snmp_version 'v1/v2c/v3' or 'v3'
is set in the uci section 'general'.

Signed-off-by: Christian Korber <[email protected]>
Signed-off-by: Florian Eckert <[email protected]>
net/net-snmp/Makefile patch | blob | history
net/net-snmp/files/snmpd.conf patch | blob | history
net/net-snmp/files/snmpd.init patch | blob | history

diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile
index 810014ffb979df3b7b878c519db15dede850547a..6ee79d4ebe80b0e045d1efb963d854fa47ad3e0c 100644 (file)
--- a/net/net-snmp/Makefile
+++ b/net/net-snmp/Makefile
@@ -333,7 +333,6 @@ define Package/snmpd-nossl/install
        $(INSTALL_DIR) $(1)/etc/config
        $(INSTALL_DATA) ./files/snmpd.conf $(1)/etc/config/snmpd
        $(INSTALL_DIR) $(1)/etc/snmp
-       $(LN) /var/run/snmpd.conf $(1)/etc/snmp/
        $(INSTALL_DIR) $(1)/etc/init.d
        $(INSTALL_BIN) ./files/snmpd.init $(1)/etc/init.d/snmpd
        $(INSTALL_DIR) $(1)/usr/sbin
diff --git a/net/net-snmp/files/snmpd.conf b/net/net-snmp/files/snmpd.conf
index e18864d539bef1bb99d306f1f3a355d36f531267..f3bf7c6d9b8c005d0e3b13c4fb41ed3973d43f9f 100644 (file)
--- a/net/net-snmp/files/snmpd.conf
+++ b/net/net-snmp/files/snmpd.conf
@@ -128,3 +128,13 @@ config engineid
 config snmpd general
        option enabled '1'
 #      list network 'wan'
+#
+#config v3
+#      option username 'John'
+#      option allow_write '0'
+#      option auth_type 'SHA|MD5'
+#      option auth_pass 'passphrase'
+#      option privacy_type 'AES|DES'
+#      option privacy_pass 'passphrase'
+#      option RestrictOID 'yes|no'
+#      option RestrictedOID '1.3.6.1.2.1.1.1'
diff --git a/net/net-snmp/files/snmpd.init b/net/net-snmp/files/snmpd.init
index b6a215cf783d245bea12151fd8598beec7ba94fd..7578b7eda47c77395dc2a6e06d2b6fdd8d1faaa2 100644 (file)
--- a/net/net-snmp/files/snmpd.init
+++ b/net/net-snmp/files/snmpd.init
@@ -242,6 +242,71 @@ snmpd_sink_add() {
        echo "$section $host$port $community" >> $CONFIGFILE
 }
 
+snmpd_snmpv3_add() {
+       local cfg="$1"
+       local cfg2="$2"
+
+       local version
+       local username
+       local auth_type
+       local auth_pass
+       local privacy_type
+       local privacy_pass
+       local allow_write
+       local oid
+
+       config_get version "$cfg2" snmp_version
+       if [ "$version" != "v1/v2c/v3" ] && [ "$version" != "v3" ]; then
+               echo "skipping section '$cfg' wrong 'snmp_version=$version' configured"
+               return 0
+       fi
+
+       config_get username "$cfg" username
+       [ -n "$username" ] || {
+               echo "skipping section '$cfg' 'username' missing"
+               return 0
+       }
+
+       config_get auth_pass "$cfg" auth_pass
+       config_get oid "$cfg" RestrictedOID
+       config_get_bool allow_write "$cfg" allow_write 0
+       local useraccess="rouser"
+       [ "$allow_write" -eq 1 ] && useraccess="rwuser"
+
+       if [ -z "$auth_pass" ]; then
+               echo "createUser $username" >> "$CONFIGFILE"
+               echo "$useraccess $username noauth $oid" >> "$CONFIGFILE"
+               return
+       fi
+
+       [ "${#auth_pass}" -lt 8 ] && {
+               echo "skipping section '$cfg' 'auth_pass' requires a min length of 8"
+               return 0
+       }
+
+       config_get auth_type "$cfg" auth_type
+       [ -z "$auth_type" ] && {
+               echo "skipping section '$cfg' 'auth_type' missing"
+               return 0
+       }
+
+       config_get privacy_type "$cfg" privacy_type
+       config_get privacy_pass "$cfg" privacy_pass
+       if [ -n "$privacy_type" ] && [ -n "$privacy_pass" ]; then
+
+               [ "${#privacy_pass}" -lt 8 ] && {
+                       echo "skipping section '$cfg' 'privacy_pass' requires a min length of 8"
+                       return 0
+               }
+
+               echo "createUser $username $auth_type \"$auth_pass\" $privacy_type \"$privacy_pass\"" >> "$CONFIGFILE"
+               echo "$useraccess $username priv $oid" >> "$CONFIGFILE"
+       else
+               echo "createUser $username $auth_type \"$auth_pass\"" >> "$CONFIGFILE"
+               echo "$useraccess $username auth $oid" >> "$CONFIGFILE"
+       fi
+}
+
 append_parm() {
        local section="$1"
        local option="$2"
@@ -319,9 +384,10 @@ start_service() {
        append_authtrapenable authtrapenable enable authtrapenable
        append_parm v1trapaddress host v1trapaddress
        append_parm trapsess trapsess trapsess
+       config_foreach snmpd_snmpv3_add v3 general
 
        procd_set_param command $PROG -Lf /dev/null -f -r
-       procd_set_param file $CONFIGFILE
+       procd_append_param command -C -c "$CONFIGFILE"
        procd_set_param respawn
 
        for iface in $(ls /sys/class/net 2>/dev/null); do
Mirror of packages feed