diff options
| -rwxr-xr-x | scripts/snmp/vyatta-snmp-v3.pl | 15 | ||||
| -rw-r--r-- | templates/service/snmp/v3/group/node.def | 1 | ||||
| -rw-r--r-- | templates/service/snmp/v3/group/node.tag/seclevel/node.def | 7 |
3 files changed, 17 insertions, 6 deletions
diff --git a/scripts/snmp/vyatta-snmp-v3.pl b/scripts/snmp/vyatta-snmp-v3.pl index 5391a85f..ca648477 100755 --- a/scripts/snmp/vyatta-snmp-v3.pl +++ b/scripts/snmp/vyatta-snmp-v3.pl @@ -191,7 +191,8 @@ sub set_views { my $config = get_snmp_config(); foreach my $view ( $config->listNodes("view") ) { foreach my $oid ( $config->listNodes("view $view oid") ) { - my $mask = $config->returnValue("view $view oid $oid mask"); + my $mask = ''; + $mask = $config->returnValue("view $view oid $oid mask") if $config->exists("view $view oid $oid mask"); if ( $config->exists("view $view oid $oid exclude") ) { print "view $view excluded .$oid $mask\n"; } @@ -210,13 +211,14 @@ sub set_groups { foreach my $group ( $config->listNodes("group") ) { my $mode = $config->returnValue("group $group mode"); my $view = $config->returnValue("group $group view"); + my $secLevel = $config->returnValue("group $group seclevel"); if ( $mode eq "ro" ) { - print "access $group \"\" usm auth exact $view none none\n"; - print "access $group \"\" tsm auth exact $view none none\n"; + print "access $group \"\" usm $secLevel exact $view none none\n"; + print "access $group \"\" tsm $secLevel exact $view none none\n"; } else { - print "access $group \"\" usm auth exact $view $view none\n"; - print "access $group \"\" tsm auth exact $view $view none\n"; + print "access $group \"\" usm $secLevel exact $view $view none\n"; + print "access $group \"\" tsm $secLevel exact $view $view none\n"; } } print "\n"; @@ -272,7 +274,8 @@ sub set_users_to_other { if ( $config->exists("auth") ) { if ( $config->exists("auth plaintext-key") ) { my $auth_key = $config->returnValue("auth plaintext-key"); - my $priv_key = $config->returnValue("privacy plaintext-key"); + my $priv_key = ''; + $priv_key = $config->returnValue("privacy plaintext-key") if $config->exists("privacy plaintext-key"); print $var_conf "createUser $user \U$auth_type\E $auth_key \U$priv_type\E $priv_key\n"; } diff --git a/templates/service/snmp/v3/group/node.def b/templates/service/snmp/v3/group/node.def index 13579174..95d0413c 100644 --- a/templates/service/snmp/v3/group/node.def +++ b/templates/service/snmp/v3/group/node.def @@ -5,3 +5,4 @@ syntax:expression: pattern $VAR(@) "^[^\(\)\|\&-]+$" ; "illegal characters in na syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_snmp_name.pl $VAR(@)" commit:expression: $VAR(view/) != "" ; "must specify view" commit:expression: $VAR(mode/) != "" ; "must specify mode" +commit:expression: $VAR(seclevel/) != "" ; "must specify security level" diff --git a/templates/service/snmp/v3/group/node.tag/seclevel/node.def b/templates/service/snmp/v3/group/node.tag/seclevel/node.def new file mode 100644 index 00000000..2b0aa67b --- /dev/null +++ b/templates/service/snmp/v3/group/node.tag/seclevel/node.def @@ -0,0 +1,7 @@ +type: txt +help: Defines security level +syntax:expression: $VAR(@) in "auth", "priv" +allowed: echo auth priv + +val_help: priv; +val_help: auth; |