summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorJames Davidson <james.davidson@vyatta.com>2013-03-06 10:16:06 -0800
committerJames Davidson <james.davidson@vyatta.com>2013-03-28 09:40:24 -0700
commitaa3cc1e9e91cfc54397b8a065b109e80538ae209 (patch)
tree14a40450ea878eb2600ee091f7d3c664e6eabe6f /templates
parent4aea4a53988339a768767d0e6f08d8fa7a2e268b (diff)
downloadvyatta-cfg-system-aa3cc1e9e91cfc54397b8a065b109e80538ae209.tar.gz
vyatta-cfg-system-aa3cc1e9e91cfc54397b8a065b109e80538ae209.zip
Sync up SNMPv3 support
SNMP-135 store SNMP superuser password to config file SNMP-130 add engineId for trap-target SNMP-134 use 'stop' and 'start' instead of 'restart' SNMP-141 change engineID syntax checking SNMP-136 Users are lost after changing TSM port SNMP-149 TLS Error: Permission denied SNMP-147 Not correct priority in TSM users SNMP-148 Configuring already use port for TSM is destroying users. SNMP-151 Errors in logs after first snmp configuration SNMP-152 Hide 'No such file or directory' error message SNMP-153 Debug messages after 'delete service snmp' SNMP-157 Run Perltidy for all Perl scripts SNMP-158 change syntax of trap-target engineID SNMP-163: added script to check name, apply it for user, group and view names SNMP-161 Faulty configuration with many trap-target SNMP-160 Look for TSM keys in /config folder SNMP-162 CLI permit not correct oid SNMP-163: typo in script SNMP-160 Look for TSM keys in /config folder SNMP-163: added support of upper case for names in the script SNMP-163: create rule for names, permit only a-zA-Z0-9 SNMP-163: typo (cherry picked from commit e4c3ae81d2d1f040a8ad363928302d72f8431ef9)
Diffstat (limited to 'templates')
-rw-r--r--templates/service/snmp/node.def7
-rw-r--r--templates/service/snmp/v3/group/node.def2
-rw-r--r--templates/service/snmp/v3/node.def4
-rw-r--r--templates/service/snmp/v3/trap-target/node.def2
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/engineid/node.def3
-rw-r--r--templates/service/snmp/v3/tsm/local-key/node.def8
-rw-r--r--templates/service/snmp/v3/user/node.def5
-rw-r--r--templates/service/snmp/v3/user/node.tag/tsm-key/node.def8
-rw-r--r--templates/service/snmp/v3/view/node.def5
-rw-r--r--templates/service/snmp/v3/view/node.tag/oid/node.def2
10 files changed, 35 insertions, 11 deletions
diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def
index 8047121f..9fb161dc 100644
--- a/templates/service/snmp/node.def
+++ b/templates/service/snmp/node.def
@@ -3,6 +3,7 @@ help: Simple Network Management Protocol (SNMP)
commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" || $VAR(v3/) != "" \
; "must configure a community or community6 or v3"
+create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi
delete: touch /tmp/snmp.$PPID
end:if [ -f "/tmp/snmp.$PPID" ]
then
@@ -10,6 +11,12 @@ end:if [ -f "/tmp/snmp.$PPID" ]
rm /tmp/snmp.$PPID;
sudo rm -f /etc/snmp/snmpd.conf;
else
+ if [ -n "$VAR(v3/)" ]; then
+ sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --check-config;
+ if [ $? != 0 ]; then
+ exit 1;
+ fi
+ fi
sudo /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp;
if [ -n "$VAR(v3/)" ]
then
diff --git a/templates/service/snmp/v3/group/node.def b/templates/service/snmp/v3/group/node.def
index bcfe6795..13579174 100644
--- a/templates/service/snmp/v3/group/node.def
+++ b/templates/service/snmp/v3/group/node.def
@@ -1,5 +1,7 @@
tag:
type: txt
help: Specifies the group with name groupname
+syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)"
commit:expression: $VAR(view/) != "" ; "must specify view"
commit:expression: $VAR(mode/) != "" ; "must specify mode"
diff --git a/templates/service/snmp/v3/node.def b/templates/service/snmp/v3/node.def
index 756a156f..f89d2328 100644
--- a/templates/service/snmp/v3/node.def
+++ b/templates/service/snmp/v3/node.def
@@ -1,7 +1,6 @@
help: Simple Network Management Protocol (SNMP) v3
-create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi
- if [ ! -d "/config/snmp/tls" ]; then
+create: if [ ! -d "/config/snmp/tls" ]; then
sudo mkdir /config/snmp/tls ;
if [ -d "/etc/snmp/tls" ] ; then
sudo mv /etc/snmp/tls/* /config/snmp/tls > /dev/null 2>&1;
@@ -18,6 +17,7 @@ create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi
fi
begin: if [ -d "/config/snmp/tls" ]; then
+ sudo chown -R snmp /config/snmp/tls;
sudo chmod -R 600 /config/snmp/tls;
fi
diff --git a/templates/service/snmp/v3/trap-target/node.def b/templates/service/snmp/v3/trap-target/node.def
index d6203e9b..6c2717a8 100644
--- a/templates/service/snmp/v3/trap-target/node.def
+++ b/templates/service/snmp/v3/trap-target/node.def
@@ -7,6 +7,8 @@ commit:expression: $VAR(auth/) != ""; "must specify auth"
commit:expression: $VAR(protocol/) != ""; "must specify protocol"
commit:expression: $VAR(user/) != ""; "must specify user"
commit:expression: $VAR(port/) != ""; "must specify port"
+commit:expression: $VAR(type/@) == "inform" || ( $VAR(type/@) == "trap" && $VAR(engineid/) != "" ); \
+ "must specify engineid if type is 'trap'"
val_help: <x.x.x.x>; IP address of trap target
val_help: <h:h:h:h:h:h:h:h>; IPv6 address of trap target \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def b/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def
new file mode 100644
index 00000000..7a621af6
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/engineid/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: Defines the engineID. (needs for trap)
+syntax:expression: pattern $VAR(@) "^([0-9a-f][0-9a-f]){1,16}$" ; "id must contain from 2 to 32 hex digits" \ No newline at end of file
diff --git a/templates/service/snmp/v3/tsm/local-key/node.def b/templates/service/snmp/v3/tsm/local-key/node.def
index d238d310..4bc3d07b 100644
--- a/templates/service/snmp/v3/tsm/local-key/node.def
+++ b/templates/service/snmp/v3/tsm/local-key/node.def
@@ -1,8 +1,12 @@
type: txt
help: Defines the server certificate fingerprint or key-file name.
-allowed: sudo ls /etc/snmp/tls/certs
+allowed: if sudo [ -d /etc/snmp/tls/certs ]; then
+ sudo ls /etc/snmp/tls/certs 2> /dev/null
+ else
+ sudo ls /config/snmp/tls/certs 2> /dev/null
+ fi
syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" ||
- exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \
+ exec "if sudo [ -f /etc/snmp/tls/certs/$VAR(@) -o -f /config/snmp/tls/certs/$VAR(@) ]; \
then \
exit 0; \
else \
diff --git a/templates/service/snmp/v3/user/node.def b/templates/service/snmp/v3/user/node.def
index e6a8bc87..32e0f61f 100644
--- a/templates/service/snmp/v3/user/node.def
+++ b/templates/service/snmp/v3/user/node.def
@@ -1,6 +1,7 @@
tag:
type: txt
help: Specifies the user with name username
-syntax:expression: pattern $VAR(@) "^[^-]*$" ; "characters '-' in name is not supported yet"
+syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)"
commit:expression: $VAR(auth/) != "" || $VAR(tsm-key/) != ""; "must specify auth or tsm-key"
-commit:expression: $VAR(mode/) != ""; "must specify mode" \ No newline at end of file
+commit:expression: $VAR(mode/) != ""; "must specify mode"
diff --git a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def
index e9f55a5f..b41be079 100644
--- a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def
+++ b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def
@@ -1,8 +1,12 @@
type: txt
help: Specifies finger print or file name of TSM certificate.
-allowed: sudo ls /etc/snmp/tls/certs
+allowed: if sudo [ -d /etc/snmp/tls/certs ]; then
+ sudo ls /etc/snmp/tls/certs 2> /dev/null
+ else
+ sudo ls /config/snmp/tls/certs 2> /dev/null
+ fi
syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" ||
- exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \
+ exec "if sudo [ -f /etc/snmp/tls/certs/$VAR(@) -o -f /config/snmp/tls/certs/$VAR(@) ]; \
then \
exit 0; \
else \
diff --git a/templates/service/snmp/v3/view/node.def b/templates/service/snmp/v3/view/node.def
index a83c978b..1fa589ae 100644
--- a/templates/service/snmp/v3/view/node.def
+++ b/templates/service/snmp/v3/view/node.def
@@ -1,5 +1,6 @@
tag:
type: txt
help: Specifies the view with name viewname
-
-commit:expression: $VAR(oid/) != ""; "must configure an oid" \ No newline at end of file
+syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in name"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)"
+commit:expression: $VAR(oid/) != ""; "must configure an oid"
diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.def
index beed3274..ca2a5c5d 100644
--- a/templates/service/snmp/v3/view/node.tag/oid/node.def
+++ b/templates/service/snmp/v3/view/node.tag/oid/node.def
@@ -1,4 +1,4 @@
tag:
type: txt
help: Specifies the oid
-syntax:expression: pattern $VAR(@) "^[0-9]+(\.[0-9]+)*$" ; "oid must start from a number"
+syntax:expression: pattern $VAR(@) "^[0-9]+(\\.[0-9]+)*$" ; "oid must start from a number"