diff options
| author | Alex Harpin <development@landsofshadow.co.uk> | 2015-11-20 21:49:11 +0000 |
|---|---|---|
| committer | Alex Harpin <development@landsofshadow.co.uk> | 2015-11-20 21:49:11 +0000 |
| commit | e7f7e8741f16575fb6e2a3c88ed310a831866af2 (patch) | |
| tree | 8e6f60c52f351385511b0740d3ddf280333d71b8 | |
| parent | bc190b19f87b0529c109981d0d8157a2adbd6328 (diff) | |
| download | vyatta-cfg-system-e7f7e8741f16575fb6e2a3c88ed310a831866af2.tar.gz vyatta-cfg-system-e7f7e8741f16575fb6e2a3c88ed310a831866af2.zip | |
vyatta-cfg-system: formatting changes for style consistency
Update scripts/snmp/vyatta-snmp-v3.pl and scripts/snmp/vyatta-snmp.pl
to maintain style and consistency.
| -rwxr-xr-x | scripts/snmp/vyatta-snmp-v3.pl | 399 | ||||
| -rwxr-xr-x | scripts/snmp/vyatta-snmp.pl | 104 |
2 files changed, 228 insertions, 275 deletions
diff --git a/scripts/snmp/vyatta-snmp-v3.pl b/scripts/snmp/vyatta-snmp-v3.pl index 5cd1ab87..293f2907 100755 --- a/scripts/snmp/vyatta-snmp-v3.pl +++ b/scripts/snmp/vyatta-snmp-v3.pl @@ -41,46 +41,45 @@ my $oldEngineID = ""; my $setserialno = ""; my %OIDs = ( - "md5", ".1.3.6.1.6.3.10.1.1.2", "sha", ".1.3.6.1.6.3.10.1.1.3", - "aes", ".1.3.6.1.6.3.10.1.2.4", "des", ".1.3.6.1.6.3.10.1.2.2", + "md5", ".1.3.6.1.6.3.10.1.1.2", + "sha", ".1.3.6.1.6.3.10.1.1.3", + "aes", ".1.3.6.1.6.3.10.1.2.4", + "des", ".1.3.6.1.6.3.10.1.2.2", "none", ".1.3.6.1.6.3.10.1.2.1" ); # generate a random character hex string sub randhex { my $length = shift; - return join "", map { unpack "H*", chr( rand(256) ) } 1 .. ( $length / 2 ); + return join "", map {unpack "H*", chr(rand(256))} 1 .. ($length / 2); } sub snmpd_running { - open( my $pidf, '<', "/var/run/snmpd.pid" ) - or return; + open(my $pidf, '<', "/var/run/snmpd.pid") + or return; my $pid = <$pidf>; close $pidf; chomp $pid; my $exe = readlink "/proc/$pid/exe"; - return ( defined($exe) && $exe eq "/usr/sbin/snmpd" ); + return (defined($exe) && $exe eq "/usr/sbin/snmpd"); } sub check_snmp_exit_code { my $code = shift; # snmpd can start/restart with exit code 256 if trap-target is unavailable - if ( $code != 0 && $code != 256 ) { + if ($code != 0 && $code != 256) { return 1; - } - else { + }else { return 0; } } sub snmpd_stop { - system( -"start-stop-daemon --stop --exec /usr/sbin/snmpd --oknodo -R 2 > /dev/null 2>&1" - ); - if ( check_snmp_exit_code($?) ) { + system("start-stop-daemon --stop --exec /usr/sbin/snmpd --oknodo -R 2 > /dev/null 2>&1"); + if (check_snmp_exit_code($?)) { print "ERROR: Can not stop snmpd!\n"; exit(1); } @@ -88,7 +87,7 @@ sub snmpd_stop { sub snmpd_start { system("$snmp_init start > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { + if (check_snmp_exit_code($?)) { print "ERROR: Can not start snmpd!\n"; exit(1); } @@ -96,7 +95,7 @@ sub snmpd_start { sub snmpd_update { system("$snmp_init reload > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { + if (check_snmp_exit_code($?)) { print "ERROR: Can not reload snmpd!\n"; exit(1); } @@ -104,7 +103,7 @@ sub snmpd_update { sub snmpd_restart { system("$snmp_init restart > /dev/null 2>&1"); - if ( check_snmp_exit_code($?) ) { + if (check_snmp_exit_code($?)) { print "ERROR: Can not restart snmpd!\n"; exit(1); } @@ -114,7 +113,7 @@ sub snmpd_restart { sub get_version { my $version = "unknown-version"; - if ( open( my $f, '<', $versionfile ) ) { + if (open(my $f, '<', $versionfile)) { while (<$f>) { chomp; if (m/^Version\s*:\s*(.*)$/) { @@ -128,8 +127,8 @@ sub get_version { } sub ipv6_disabled { - socket( my $s, PF_INET6, SOCK_DGRAM, 0 ) - or return 1; + socket(my $s, PF_INET6, SOCK_DGRAM, 0) + or return 1; close($s); return; } @@ -137,12 +136,10 @@ sub ipv6_disabled { # write tsm config from current to snmpd_conf sub set_tsm { my $config = get_snmp_config(); - if ( $config->exists("tsm") ) { + if ($config->exists("tsm")) { my $port = $config->returnValue("tsm port"); my $local_key = $config->returnValue("tsm local-key"); - system( -"sed -i 's/^agentaddress.*\$/&,tlstcp:$port,dtlsudp:$port/' $snmpd_conf_tmp" - ); + system("sed -i 's/^agentaddress.*\$/&,tlstcp:$port,dtlsudp:$port/' $snmpd_conf_tmp"); system("echo \"[snmp] localCert $local_key\" >> $snmpd_conf_tmp"); } } @@ -152,9 +149,9 @@ sub set_tsm { sub snmp_delete { snmpd_stop(); - my @files = ( $snmpd_conf, $snmpd_usr_conf, $snmpd_var_conf ); + my @files = ($snmpd_conf, $snmpd_usr_conf, $snmpd_var_conf); foreach my $file (@files) { - if ( -e $file ) { + if (-e $file) { unlink($file); } } @@ -170,15 +167,14 @@ sub get_snmp_config { sub set_views { print "# views \n"; my $config = get_snmp_config(); - foreach my $view ( $config->listNodes("view") ) { - foreach my $oid ( $config->listNodes("view $view oid") ) { + foreach my $view ($config->listNodes("view")) { + foreach my $oid ($config->listNodes("view $view oid")) { my $mask = ''; $mask = $config->returnValue("view $view oid $oid mask") - if $config->exists("view $view oid $oid mask"); - if ( $config->exists("view $view oid $oid exclude") ) { + if $config->exists("view $view oid $oid mask"); + if ($config->exists("view $view oid $oid exclude")) { print "view $view excluded .$oid $mask\n"; - } - else { + }else { print "view $view included .$oid $mask\n"; } } @@ -188,18 +184,16 @@ sub set_views { # write groups from vyatta config to snmpd_conf sub set_groups { - print -"#access\n# context sec.model sec.level match read write notif\n"; + print"#access\n# context sec.model sec.level match read write notif\n"; my $config = get_snmp_config(); - foreach my $group ( $config->listNodes("group") ) { + foreach my $group ($config->listNodes("group")) { my $mode = $config->returnValue("group $group mode"); my $view = $config->returnValue("group $group view"); my $secLevel = $config->returnValue("group $group seclevel"); - if ( $mode eq "ro" ) { + if ($mode eq "ro") { print "access $group \"\" usm $secLevel exact $view none none\n"; print "access $group \"\" tsm $secLevel exact $view none none\n"; - } - else { + }else { print "access $group \"\" usm $secLevel exact $view $view none\n"; print "access $group \"\" tsm $secLevel exact $view $view none\n"; } @@ -213,14 +207,14 @@ sub set_users_in_etc { print "#group\n"; my $tsm_counter = 0; my $config = get_snmp_config(); - foreach my $user ( $config->listNodes("user") ) { - $config->setLevel( $snmp_v3_level . " user $user" ); - if ( $config->exists("group") ) { + foreach my $user ($config->listNodes("user")) { + $config->setLevel($snmp_v3_level . " user $user"); + if ($config->exists("group")) { my $group = $config->returnValue("group"); print "group $group usm $user\n"; print "group $group tsm $user\n"; } - if ( $config->exists("tsm-key") ) { + if ($config->exists("tsm-key")) { my $cert = $config->returnValue("tsm-key"); $tsm_counter++; print "certSecName $tsm_counter $cert --sn $user\n"; @@ -232,65 +226,60 @@ sub set_users_in_etc { # write users from vyatta config to config files in /usr & /var sub set_users_to_other { - open( my $usr_conf, '>>', $snmpd_usr_conf_tmp ) - or die "Couldn't open $snmpd_usr_conf_tmp - $!"; - open( my $var_conf, '>>', $snmpd_var_conf_tmp ) - or die "Couldn't open $snmpd_var_conf_tmp - $!"; + open(my $usr_conf, '>>', $snmpd_usr_conf_tmp) + or die "Couldn't open $snmpd_usr_conf_tmp - $!"; + open(my $var_conf, '>>', $snmpd_var_conf_tmp) + or die "Couldn't open $snmpd_var_conf_tmp - $!"; print $var_conf "\n"; my $config = get_snmp_config(); my $needTsm = 0; - if ( $config->exists("tsm") ) { + if ($config->exists("tsm")) { $needTsm = 1; } my %trap_users = (); - foreach my $trap ( $config->listNodes("trap-target") ) { - $trap_users{ $config->returnValue("trap-target $trap user") } = 1; + foreach my $trap ($config->listNodes("trap-target")) { + $trap_users{$config->returnValue("trap-target $trap user")} = 1; } - foreach my $user ( $config->listNodes("user") ) { + foreach my $user ($config->listNodes("user")) { delete $trap_users{$user}; - $config->setLevel( $snmp_v3_level . " user $user" ); + $config->setLevel($snmp_v3_level . " user $user"); my $auth_type = $config->returnValue("auth type"); my $priv_type = $config->returnValue("privacy type"); - if ( $config->exists("auth") ) { - if ( $config->exists("auth plaintext-key") ) { + if ($config->exists("auth")) { + if ($config->exists("auth plaintext-key")) { my $auth_key = $config->returnValue("auth plaintext-key"); my $priv_key = ''; $priv_key = $config->returnValue("privacy plaintext-key") - if $config->exists("privacy plaintext-key"); - print $var_conf -"createUser $user \U$auth_type\E $auth_key \U$priv_type\E $priv_key\n"; - } - else { + if $config->exists("privacy plaintext-key"); + print $var_conf "createUser $user \U$auth_type\E $auth_key \U$priv_type\E $priv_key\n"; + }else { my $name_print = get_printable_name($user); my $EngineID = $config->returnValue("engineid"); - if ( $EngineID eq "" ) { - die "ERROR: engineid is null\n"; + if ($EngineID eq "") { + die "ERROR: engineid is null\n"; } my $auth_type_oid = $OIDs{$auth_type}; my $auth_key_hex = $config->returnValue("auth encrypted-key"); - my ( $priv_type_oid, $priv_key_hex ); - if ( $config->exists("privacy") ) { + my ($priv_type_oid, $priv_key_hex); + if ($config->exists("privacy")) { $priv_type_oid = $OIDs{$priv_type}; - $priv_key_hex = - $config->returnValue("privacy encrypted-key"); - } - else { + $priv_key_hex =$config->returnValue("privacy encrypted-key"); + }else { $priv_type_oid = $OIDs{'none'}; $priv_key_hex = '0x'; } - print $var_conf -"usmUser 1 3 $EngineID $name_print $name_print NULL $auth_type_oid $auth_key_hex $priv_type_oid $priv_key_hex 0x\n"; + print $var_conf "usmUser 1 3 $EngineID $name_print $name_print NULL $auth_type_oid $auth_key_hex $priv_type_oid $priv_key_hex 0x\n"; } } my $mode = $config->returnValue("mode"); my $end = "auth"; - if ( $config->exists("privacy") ) { + if ($config->exists("privacy")) { $end = "priv"; } print $usr_conf $mode . "user $user $end\n"; @@ -299,21 +288,17 @@ sub set_users_to_other { } } -# add users for trap if they are not exists in vyatta config /services/snmp/v3/user - foreach my $user ( keys %trap_users ) { + # add users for trap if they are not exists in vyatta config /services/snmp/v3/user + foreach my $user (keys %trap_users) { my $name_print = get_printable_name($user); - print $var_conf "usmUser 1 3 0x" - . randhex(26) - . " $name_print $name_print NULL .1.3.6.1.6.3.10.1.1.2 0x" - . randhex(32) - . " .1.3.6.1.6.3.10.1.2.1 0x 0x\n"; + print $var_conf "usmUser 1 3 0x". randhex(26). " $name_print $name_print NULL .1.3.6.1.6.3.10.1.1.2 0x". randhex(32). " .1.3.6.1.6.3.10.1.2.1 0x 0x\n"; print $usr_conf "rouser $user auth\n"; } print $var_conf "setserialno $setserialno\n" - if !($setserialno eq ""); + if !($setserialno eq ""); print $var_conf "oldEngineID $oldEngineID\n" - if !($oldEngineID eq ""); + if !($oldEngineID eq ""); close $usr_conf; close $var_conf; @@ -322,67 +307,53 @@ sub set_users_to_other { # if name contains '-' then it must be printed in hex format sub get_printable_name { my $name = shift; - if ( $name =~ /-/ ) { - my @array = unpack( 'C*', $name ); + if ($name =~ /-/) { + my @array = unpack('C*', $name); my $stringHex = '0x'; foreach my $c (@array) { - $stringHex .= sprintf( "%lx", $c ); + $stringHex .= sprintf("%lx", $c); } return $stringHex; - } - else { + }else { return "\"$name\""; } } - # read encrypted keys from config file in /var to vyatta config # read additional info from config file in /var to VConfig variable # delete plaintext passwords in vyatta config sub update_users_vyatta_conf { - open( my $var_conf, '<', $snmpd_var_conf ) - or die "Couldn't open $snmpd_usr_conf - $!"; + open(my $var_conf, '<', $snmpd_var_conf) + or die "Couldn't open $snmpd_usr_conf - $!"; my $config = get_snmp_config(); - while ( my $line = <$var_conf> ) { - if ( $line =~ /^oldEngineID (.*)$/ ) { - my $value = $1; - if ($config->exists("engineid") && - $config->returnValue("engineid") eq ""){ - system( -"/opt/vyatta/sbin/my_set service snmp v3 engineid $value > /dev/null" - ); - } - } - if ( $line =~ /^usmUser / ) { - my @values = split( / /, $line ); + while (my $line = <$var_conf>) { + if ($line =~ /^oldEngineID (.*)$/) { + my $value = $1; + if ( $config->exists("engineid") + &&$config->returnValue("engineid") eq "") + { + system("/opt/vyatta/sbin/my_set service snmp v3 engineid $value > /dev/null"); + } + } + if ($line =~ /^usmUser /) { + my @values = split(/ /, $line); my $name = $values[4]; - if ( $name =~ /^"(.*)"$/ ) { + if ($name =~ /^"(.*)"$/) { $name = $1; - } - else { - $name = pack( 'H*', $name ); + }else { + $name = pack('H*', $name); } # this file contain users for trap-target and vyatta... user # these users recreating automatically on each commit - if ( $config->exists("user $name") ) { - system( -"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" engineid $values[3] > /dev/null" - ); - system( -"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" auth encrypted-key $values[8] > /dev/null" - ); - if ( $values[10] ne "\"\"" && $values[10] ne "0x" ) { - system( -"/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" privacy encrypted-key $values[10] > /dev/null" - ); - system( -"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" privacy plaintext-key > /dev/null" - ); + if ($config->exists("user $name")) { + system("/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" engineid $values[3] > /dev/null"); + system("/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" auth encrypted-key $values[8] > /dev/null"); + if ($values[10] ne "\"\"" && $values[10] ne "0x") { + system("/opt/vyatta/sbin/my_set service snmp v3 user \"$name\" privacy encrypted-key $values[10] > /dev/null"); + system("/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" privacy plaintext-key > /dev/null"); } - system( -"/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" auth plaintext-key > /dev/null" - ); + system("/opt/vyatta/sbin/my_delete service snmp v3 user \"$name\" auth plaintext-key > /dev/null"); } } } @@ -393,13 +364,12 @@ sub update_users_vyatta_conf { sub set_hosts { print "#trap-target\n"; my $config = get_snmp_config(); - foreach my $target ( $config->listNodes("trap-target") ) { - $config->setLevel( $snmp_v3_level . " trap-target $target" ); + foreach my $target ($config->listNodes("trap-target")) { + $config->setLevel($snmp_v3_level . " trap-target $target"); my $auth_key = ''; - if ( $config->exists("auth plaintext-key") ) { + if ($config->exists("auth plaintext-key")) { $auth_key = "-A " . $config->returnValue("auth plaintext-key"); - } - else { + }else { $auth_key = "-3m " . $config->returnValue("auth encrypted-key"); } my $auth_type = $config->returnValue("auth type"); @@ -408,22 +378,19 @@ sub set_hosts { my $protocol = $config->returnValue("protocol"); my $type = $config->returnValue("type"); my $inform_flag = '-Ci'; - $inform_flag = '-Ci' if ( $type eq 'inform' ); + $inform_flag = '-Ci' if ($type eq 'inform'); - if ( $type eq 'trap' ) { + if ($type eq 'trap') { $inform_flag = '-e ' . $config->returnValue("engineid"); } my $privacy = ''; my $secLevel = 'authNoPriv'; - if ( $config->exists("privacy") ) { + if ($config->exists("privacy")) { my $priv_key = ''; - if ( $config->exists("privacy plaintext-key") ) { - $priv_key = - "-X " . $config->returnValue("privacy plaintext-key"); - } - else { - $priv_key = - "-3M " . $config->returnValue("privacy encrypted-key"); + if ($config->exists("privacy plaintext-key")) { + $priv_key ="-X " . $config->returnValue("privacy plaintext-key"); + }else { + $priv_key ="-3M " . $config->returnValue("privacy encrypted-key"); } my $priv_type = $config->returnValue("privacy type"); $privacy = "-x $priv_type $priv_key"; @@ -431,17 +398,16 @@ sub set_hosts { } # TODO understand difference between master and local - # Uses: + # Uses: # set -3m / -3M for auth / priv for master # or -3k / -3K for local - # Current use only master + # Current use only master my $target_print = $target; - if ( $target =~ /:/ ) { + if ($target =~ /:/) { $target_print = "[$target]"; $protocol = $protocol . "6"; } - print -"trapsess -v 3 $inform_flag -u $user -l $secLevel -a $auth_type $auth_key $privacy $protocol:$target_print:$port\n"; + print"trapsess -v 3 $inform_flag -u $user -l $secLevel -a $auth_type $auth_key $privacy $protocol:$target_print:$port\n"; } print "\n"; } @@ -451,56 +417,48 @@ sub set_hosts { sub check_user_auth_changes { my $config = get_snmp_config(); my $v3engineid = ""; - + if($config->exists("engineid")){ - $v3engineid=$config->returnValue("engineid"); - } - - if ( $config->isChanged("user") || $config->isChanged("engineid")) { + $v3engineid=$config->returnValue("engineid"); + } + + if ($config->isChanged("user") || $config->isChanged("engineid")) { my $haveError = 0; - foreach my $user ( $config->listNodes("user") ) { - $config->setLevel( $snmp_v3_level . " user $user" ); - if ( $config->exists("engineid") && - !($v3engineid eq "" ) && - !($config->returnValue("engineid") eq "" ) && - !($config->returnValue("engineid") eq $v3engineid)){ - print -"Warning: Encrypted key(s) for snmp v3 user \"$user\" was(were) generated for another SNMP engineid. It won't work. Please recreate this user.\n"; + foreach my $user ($config->listNodes("user")) { + $config->setLevel($snmp_v3_level . " user $user"); + if ( $config->exists("engineid") + &&!($v3engineid eq "") + &&!($config->returnValue("engineid") eq "") + &&!($config->returnValue("engineid") eq $v3engineid)) + { + print"Warning: Encrypted key(s) for snmp v3 user \"$user\" was(were) generated for another SNMP engineid. It won't work. Please recreate this user.\n"; } - if ( $config->exists("auth") ) { + if ($config->exists("auth")) { if ( - !( - $config->exists("engineid") && - ( - $config->exists("auth encrypted-key") || - $config->exists("privacy encrypted-key") - ) - ) - ) + !( + $config->exists("engineid") &&($config->exists("auth encrypted-key") + ||$config->exists("privacy encrypted-key")) + ) + ) { $haveError = 1; - print -"Discard encrypted-key on user \"$user\". It's necessary to setup engineid the encrypted-key was generated with.\n"; + print"Discard encrypted-key on user \"$user\". It's necessary to setup engineid the encrypted-key was generated with.\n"; } my $isAuthKeyChanged = $config->isChanged("auth plaintext-key"); my $isAuthEKeyChanged = $config->isChanged("auth encrypted-key"); - if ( $config->exists("privacy") ) { - my $isPrivKeyChanged = - $config->isChanged("privacy plaintext-key"); - my $isPrivEKeyChanged = - $config->isChanged("privacy encrypted-key"); - if ( ($isPrivEKeyChanged && !$isAuthEKeyChanged) - || ($isPrivKeyChanged && !$isAuthKeyChanged) ) { + if ($config->exists("privacy")) { + my $isPrivKeyChanged =$config->isChanged("privacy plaintext-key"); + my $isPrivEKeyChanged =$config->isChanged("privacy encrypted-key"); + if ( ($isPrivEKeyChanged && !$isAuthEKeyChanged) + || ($isPrivKeyChanged && !$isAuthKeyChanged)) + { $haveError = 1; - print - "Please, set correct auth and privacy for user \"$user\"\n"; - print - "Set plaintext-key for auth and privacy or set encrypted-key for both\n"; + print"Please, set correct auth and privacy for user \"$user\"\n"; + print"Set plaintext-key for auth and privacy or set encrypted-key for both\n"; } } - } - else { - if ( $config->exists("privacy") ) { + }else { + if ($config->exists("privacy")) { $haveError = 1; print "Please, delete privacy for user \"$user\"\n"; } @@ -516,22 +474,20 @@ sub check_user_auth_changes { sub check_relation { my $config = get_snmp_config(); my $haveError = 0; - foreach my $user ( $config->listNodes("user") ) { - if ( $config->exists("user $user group") ) { + foreach my $user ($config->listNodes("user")) { + if ($config->exists("user $user group")) { my $group = $config->returnValue("user $user group"); - if ( !$config->exists("group $group") ) { + if (!$config->exists("group $group")) { $haveError = 1; - print -"Please, create group \"$group\". It's need for user \"$user\"\n"; + print"Please, create group \"$group\". It's need for user \"$user\"\n"; } } } - foreach my $group ( $config->listNodes("group") ) { + foreach my $group ($config->listNodes("group")) { my $view = $config->returnValue("group $group view"); - if ( !$config->exists("view $view") ) { + if (!$config->exists("view $view")) { $haveError = 1; - print - "Please, create view \"$view\". It's need for group \"$group\"\n"; + print"Please, create view \"$view\". It's need for group \"$group\"\n"; } } if ($haveError) { @@ -542,14 +498,13 @@ sub check_relation { # check is new tsm port free on system sub check_tsm_port { my $config = get_snmp_config(); - if ( $config->isChanged("tsm port") ) { + if ($config->isChanged("tsm port")) { my $port = $config->returnValue("tsm port"); my $reg = ":$port\$"; my $output = `netstat -anltup | awk '{print \$4}'`; - foreach my $line ( split( /\n/, $output ) ) { - if ( $line =~ /$reg/ ) { - print - "Actually port $port is using. It can not be used for tsm.\n"; + foreach my $line (split(/\n/, $output)) { + if ($line =~ /$reg/) { + print"Actually port $port is using. It can not be used for tsm.\n"; exit(1); } } @@ -560,25 +515,21 @@ sub check_tsm_port { sub check_seclevel { my $config = get_snmp_config(); my $haveError = 0; - if ( $config->isChanged("user") || $config->isChanged("group") ) { - foreach my $user ( $config->listNodes("user") ) { - if ( $config->exists("user $user group") ) { + if ($config->isChanged("user") || $config->isChanged("group")) { + foreach my $user ($config->listNodes("user")) { + if ($config->exists("user $user group")) { my $group = $config->returnValue("user $user group"); if ( $config->isChanged("user $user") - || $config->isChanged("group $group") ) + || $config->isChanged("group $group")) { - my $group_seclevel = - $config->returnValue("group $group seclevel"); - if ( $config->exists("user $user privacy") ) { - if ( $group_seclevel eq "auth" ) { - print -"User \"$user\" have privacy, but group \"$group\" have \"auth\" as seclevel. So auth and priv work both.\n"; + my $group_seclevel =$config->returnValue("group $group seclevel"); + if ($config->exists("user $user privacy")) { + if ($group_seclevel eq "auth") { + print"User \"$user\" have privacy, but group \"$group\" have \"auth\" as seclevel. So auth and priv work both.\n"; } - } - else { - if ( $group_seclevel eq "priv" ) { - print -"User \"$user\" will not work, because he haven't privacy, but group \"$group\" have \"priv\" as seclevel.\n"; + }else { + if ($group_seclevel eq "priv") { + print"User \"$user\" will not work, because he haven't privacy, but group \"$group\" have \"priv\" as seclevel.\n"; $haveError = 1; } } @@ -594,12 +545,12 @@ sub check_seclevel { sub copy_conf_to_tmp { # these files already contain SNMPv2 configuration - copy( $snmpd_conf, $snmpd_conf_tmp ) - or die "Couldn't copy $snmpd_conf to $snmpd_conf_tmp - $!"; - copy( $snmpd_usr_conf, $snmpd_usr_conf_tmp ) - or die "Couldn't copy $snmpd_usr_conf to $snmpd_usr_conf_tmp - $!"; - copy( $snmpd_var_conf, $snmpd_var_conf_tmp ) - or die "Couldn't copy $snmpd_var_conf to $snmpd_var_conf_tmp - $!"; + copy($snmpd_conf, $snmpd_conf_tmp) + or die "Couldn't copy $snmpd_conf to $snmpd_conf_tmp - $!"; + copy($snmpd_usr_conf, $snmpd_usr_conf_tmp) + or die "Couldn't copy $snmpd_usr_conf to $snmpd_usr_conf_tmp - $!"; + copy($snmpd_var_conf, $snmpd_var_conf_tmp) + or die "Couldn't copy $snmpd_var_conf to $snmpd_var_conf_tmp - $!"; } # update all vyatta config @@ -610,8 +561,8 @@ sub snmp_update { set_tsm(); - open( my $fh, '>>', $snmpd_conf_tmp ) - or die "Couldn't open $snmpd_conf_tmp - $!"; + open(my $fh, '>>', $snmpd_conf_tmp) + or die "Couldn't open $snmpd_conf_tmp - $!"; select $fh; @@ -623,28 +574,28 @@ sub snmp_update { close $fh; select STDOUT; - move( $snmpd_conf_tmp, $snmpd_conf ) - or die "Couldn't move $snmpd_conf_tmp to $snmpd_conf - $!"; + move($snmpd_conf_tmp, $snmpd_conf) + or die "Couldn't move $snmpd_conf_tmp to $snmpd_conf - $!"; my $config = get_snmp_config(); - if ($config->exists("engineid")) { - $oldEngineID = $config->returnValue("engineid"); - } + if ($config->exists("engineid")) { + $oldEngineID = $config->returnValue("engineid"); + } snmpd_stop(); - #add newly added users to var config to get encrypted values + #add newly added users to var config to get encrypted values set_users_to_other(); - move( $snmpd_usr_conf_tmp, $snmpd_usr_conf ) - or die "Couldn't move $snmpd_usr_conf_tmp to $snmpd_usr_conf - $!"; - move( $snmpd_var_conf_tmp, $snmpd_var_conf ) - or die "Couldn't move $snmpd_var_conf_tmp to $snmpd_var_conf - $!"; + move($snmpd_usr_conf_tmp, $snmpd_usr_conf) + or die "Couldn't move $snmpd_usr_conf_tmp to $snmpd_usr_conf - $!"; + move($snmpd_var_conf_tmp, $snmpd_var_conf) + or die "Couldn't move $snmpd_var_conf_tmp to $snmpd_var_conf - $!"; snmpd_start(); snmpd_stop(); - # now we have encrypted user config - start and read it after + # now we have encrypted user config - start and read it after snmpd_start(); update_users_vyatta_conf(); } diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index c0bd5070..328237ef 100755 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -49,8 +49,8 @@ my $password_file = '/config/snmp/superuser_pass'; my $snmp_level = 'service snmp'; sub snmp_running { - open (my $pidf, '<', "/var/run/snmpd.pid") - or return; + open(my $pidf, '<', "/var/run/snmpd.pid") + or return; my $pid = <$pidf>; close $pidf; @@ -65,10 +65,11 @@ sub snmp_stop { } sub snmp_start { + # we must stop snmpd first for creating vyatta user system("$snmp_init stop > /dev/null 2>&1"); - open (my $fh, '>', $snmp_tmp) - or die "Couldn't open $snmp_tmp - $!"; + open(my $fh, '>', $snmp_tmp) + or die "Couldn't open $snmp_tmp - $!"; select $fh; snmp_get_constants(); @@ -80,21 +81,21 @@ sub snmp_start { snmp_client_config(); move($snmp_tmp, $snmp_conf) - or die "Couldn't move $snmp_tmp to $snmp_conf - $!"; + or die "Couldn't move $snmp_tmp to $snmp_conf - $!"; } sub get_version { my $version = "unknown-version"; - if (open (my $f, '<', $versionfile)) { - while (<$f>) { - chomp; - if (m/^Version\s*:\s*(.*)$/) { - $version = $1; - last; - } - } - close $f; + if (open(my $f, '<', $versionfile)) { + while (<$f>) { + chomp; + if (m/^Version\s*:\s*(.*)$/) { + $version = $1; + last; + } + } + close $f; } return $version; } @@ -113,8 +114,8 @@ sub transport_syntax { # Test if IPv6 is possible by opening a socket sub ipv6_disabled { - socket ( my $s, PF_INET6, SOCK_DGRAM, 0) - or return 1; + socket(my $s, PF_INET6, SOCK_DGRAM, 0) + or return 1; close($s); return; } @@ -128,15 +129,16 @@ sub get_listen_address { my @address = $config->listNodes(); if(@address) { - foreach my $addr (@address) { - my $port = $config->returnValue("$addr port"); - push @listen, transport_syntax($addr, $port); - } + foreach my $addr (@address) { + my $port = $config->returnValue("$addr port"); + push @listen, transport_syntax($addr, $port); + } } else { - # default if no address specified - @listen = ( 'udp:161' ); - push @listen, 'udp6:161' unless ipv6_disabled(); - return @listen; + + # default if no address specified + @listen = ('udp:161'); + push @listen, 'udp6:161' unless ipv6_disabled(); + return @listen; } return @listen; @@ -173,7 +175,7 @@ sub snmp_get_constants { # generate a random character hex string sub randhex { my $length = shift; - return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2); + return join "", map {unpack "H*", chr(rand(256))} 1..($length/2); } # output snmpd.conf file syntax for community @@ -187,22 +189,22 @@ sub print_community { my @restriction = (@clients, @networks); if (!@restriction) { - print $ro . "community $community\n"; - print $ro . "community6 $community\n" unless ipv6_disabled(); - return; + print $ro . "community $community\n"; + print $ro . "community6 $community\n" unless ipv6_disabled(); + return; } foreach my $addr (@restriction) { - my $ip = new NetAddr::IP $addr; - die "$addr: Not a valid IP address" unless $ip; - - if ($ip->version() == 4) { - print $ro . "community $community $addr\n"; - } elsif ($ip->version() == 6) { - print $ro . "community6 $community $addr\n"; - } else { - die "$addr: bad IP version ", $ip->version(); - } + my $ip = new NetAddr::IP $addr; + die "$addr: Not a valid IP address" unless $ip; + + if ($ip->version() == 4) { + print $ro . "community $community $addr\n"; + } elsif ($ip->version() == 6) { + print $ro . "community6 $community $addr\n"; + } else { + die "$addr: bad IP version ", $ip->version(); + } } } @@ -211,8 +213,8 @@ sub snmp_get_values { my @communities = $config->listNodes("service snmp community"); foreach my $community (@communities) { - $config->setLevel("service snmp community $community"); - print_community($config, $community); + $config->setLevel("service snmp community $community"); + print_community($config, $community); } $config->setLevel("service snmp smux-peer"); @@ -265,14 +267,13 @@ EOF return unless @trap_targets; foreach my $trap_target (@trap_targets) { - my $port = $config->returnValue("trap-target $trap_target port"); - my $community - = $config->returnValue("trap-target $trap_target community"); + my $port = $config->returnValue("trap-target $trap_target port"); + my $community= $config->returnValue("trap-target $trap_target community"); print "trap2sink $trap_target"; - print ":$port" if $port; - print " $community" if $community; - print "\n"; + print ":$port" if $port; + print " $community" if $community; + print "\n"; } } @@ -281,8 +282,8 @@ sub snmp_client_config { my $config = new Vyatta::Config; $config->setLevel($snmp_level); - open (my $cf, '>', $snmp_client) - or die "Couldn't open $snmp_client - $!"; + open(my $cf, '>', $snmp_client) + or die "Couldn't open $snmp_client - $!"; my $version = get_version(); my $now = localtime; @@ -317,15 +318,16 @@ sub snmp_write_snmpv3_user { close $fh; } - # # main # my $update_snmp; my $stop_snmp; -GetOptions("update-snmp!" => \$update_snmp, - "stop-snmp!" => \$stop_snmp); +GetOptions( + "update-snmp!" => \$update_snmp, + "stop-snmp!" => \$stop_snmp +); snmp_start() if ($update_snmp); snmp_stop() if ($stop_snmp); |