#!/bin/sh . ../support/simple_eval_tools.sh HEADER SNMPv3 snmptrapd USM user management with snmpusm SKIPIFNOT USING_AGENTX_MASTER_MODULE SKIPIFNOT USING_AGENTX_SUBAGENT_MODULE SKIPIFNOT USING_SNMPV3_USMUSER_MODULE SKIPIF NETSNMP_SNMPTRAPD_DISABLE_AGENTX SKIPIF NETSNMP_DISABLE_SET_SUPPORT SKIPIF NETSNMP_NO_WRITE_SUPPORT SKIPIFNOT NETSNMP_CAN_DO_CRYPTO SKIPIFNOT NETSNMP_ENABLE_SCAPI_AUTHPRIV # # Begin test # # configure AgentX socket if [ "x$SNMP_TRANSPORT_SPEC" = "xunix" ]; then AGENT_FLAGS="$AGENT_FLAGS -x $SNMP_TMPDIR/agentx_socket" TRAPD_FLAGS="$TRAPD_FLAGS -x $SNMP_TMPDIR/agentx_socket" else AGENT_FLAGS="$AGENT_FLAGS -x tcp:${SNMP_TEST_DEST}${SNMP_AGENTX_PORT}" TRAPD_FLAGS="$TRAPD_FLAGS -x tcp:${SNMP_TEST_DEST}${SNMP_AGENTX_PORT}" fi # standard SNMPv3 USM agent configuration DEFSECURITYLEVEL=authPriv . ./Sv3usmconfigagent # save agent access AGENT_TESTAUTHARGS=$TESTAUTHARGS AGENT_TESTPRIVARGS=$TESTPRIVARGS # configure agent as AgentX master CONFIGAGENT master agentx # Start the master agent STARTAGENT # standard SNMPv3 USM snmptrapd configuration . ./Sv3usmconfigtrapd # configure snmptrapd NEWAUTHKEY=0x7458ead7a0b5a753e21bfcb87f6c9803ebef68cf NEWPRIVKEY=0x98e2696d1cf34d904dfcae76bf01c473 NEWUSER=newtestuser NEWAUTHPASS=newauthpass NEWPRIVPASS=newprivpass NEWUSER2=newtestuser_vanilla CONFIGTRAPD authuser log $NEWUSER auth # start snmptrapd STARTTRAPD # delay to let it connect and register all MIBs DELAY ## verify snmptrapd usmUserTable management SNMPUSM_TRAPD_CONTEXT_ARGS="-n snmptrapd -CE $TRAPD_ENGINEID" ## 1) create, clone, passwd auth, passwd priv, test # create vanilla user CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT create $NEWUSER2" CHECKORDIE "User successfully created" # clone template user CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT create $NEWUSER $TESTPRIVUSER" CHECKORDIE "User successfully created" # change auth passphrase of new user CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Ca $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $TESTAUTHPASS $NEWAUTHPASS $NEWUSER" CHECKORDIE "SNMPv3 Key(s) successfully changed" # change priv passphrase of new user CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTPRIVARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Cx $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $TESTPRIVPASS $NEWPRIVPASS $NEWUSER" CHECKORDIE "SNMPv3 Key(s) successfully changed" # test (anp) CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l anp -a $DEFAUTHTYPE -A $NEWAUTHPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_anp" DELAY CHECKTRAPDORDIE "received_inform_anp" # test (ap) CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -A $NEWAUTHPASS -x $DEFPRIVTYPE -X $NEWPRIVPASS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_ap" DELAY CHECKTRAPDORDIE "received_inform_ap" ## 2) change localized auth key, test, change localized priv key, test # change localized auth key CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTAUTHARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Ca -Ck $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $NEWAUTHPASS $NEWAUTHKEY $NEWUSER" CHECKORDIE "SNMPv3 Key(s) successfully changed" # test (anp) CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l anp -a $DEFAUTHTYPE -3k $NEWAUTHKEY $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_anp2" DELAY CHECKTRAPDORDIE "received_inform_anp2" # change localized priv key CAPTURE "snmpusm $SNMP_FLAGS $AGENT_TESTPRIVARGS $SNMPUSM_TRAPD_CONTEXT_ARGS -Cx -Ck $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT passwd $NEWPRIVPASS $NEWPRIVKEY $NEWUSER" CHECKORDIE "SNMPv3 Key(s) successfully changed" # test (ap) CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -3k $NEWAUTHKEY -x $DEFPRIVTYPE -3K $NEWPRIVKEY $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_ap2" DELAY CHECKTRAPDORDIE "received_inform_ap2" ## 3) persistency I: reconfigure (SIGHUP), re-test # reconfigure snmptrapd HUPTRAPD # test (ap) CAPTURE "snmptrap -Ci -t $SNMP_SLEEP -d -v 3 -u $NEWUSER -l ap -a $DEFAUTHTYPE -3k $NEWAUTHKEY -x $DEFPRIVTYPE -3K $NEWPRIVKEY $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPTRAPD_PORT 0 .1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.4.0 s received_inform_ap3" DELAY CHECKTRAPDORDIE "received_inform_ap3" ## stop daemons and finish STOPTRAPD STOPAGENT FINISHED