#!/bin/sh . STlsVars # this file contains tests common to both tls and dtls usages export NET_SNMP_CRT_CFGTOOL="${builddir}/net-snmp-config" NSCERT="perl $SNMP_BASEDIR/../../../local/net-snmp-cert" NSCERTARGS="-I -C $SNMP_TMPDIR" TLSDIR=$SNMP_TMPDIR/tls ######################################### # Create the certificates # create the ca CAPTURE $NSCERT genca --cn ca-net-snmp.org $NSCERTARGS # snmpd HOSTNAME=`hostname` CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpd --cn $HOSTNAME $NSCERTARGS SERVERFP=`$NSCERT showcerts --fingerprint --brief snmpd $NSCERTARGS` CHECKVALUEISNT "$SERVERFP" "" "generated fingerprint for snmpd certificate" # user CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp --cn 'testuser' $NSCERTARGS TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS` CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate" # user2 CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp2 --cn 'testuser2' $NSCERTARGS TESTUSER2FP=`$NSCERT showcerts --fingerprint --brief snmpapp2 $NSCERTARGS` CHECKVALUEISNT "$TESTUSER2FP" "" "generated fingerprint for testuser2 certificate" CONFIGAPP serverCert $SERVERFP CONFIGAGENT certSecName 9 $TESTUSERFP --cn CONFIGAGENT certSecName 10 $TESTUSER2FP --cn CONFIGAGENT rwuser -s tsm testuser authpriv CONFIGAGENT rwuser -s tsm $TSM_PREFIX:testuser2 authpriv CONFIGAGENT rocommunity public # # Start the agent # AGENT_FLAGS="-Dtsm udp:9999" FLAGS="-On $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT" STARTAGENT CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0" CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: false" # using user 1 - a common name mapped certificate # (using the default "snmpapp" certificate because we don't specify another) CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0" CHECK ".1.3.6.1.2.1.1.3.0 = Timeticks:" # using user 2 should now fail because no prefix is applied CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.1.3.0" CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:" CHECK "authorizationError" # set the TSM prefix scalar to 1 to turn on prefixing CAPTURE "snmpset -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0 i 1" # using user 2 should now work and the prefix should have been added # to the securityName, so the agent now accepts it CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0" CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: true" # using user 1 should now fail because the prefix has added to the # securityName, so the agent now accepts it CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0" CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:" CHECK "authorizationError" CAPTURE "snmpget -v 1 -c public 127.0.0.1:9999 .1.3.6.1.2.1.190.1.2.1.0" # cleanup STOPAGENT FINISHED