Merge branch 'master' of git.vyatta.com:/git/vyatta-op

17 files changed, 222 insertions, 79 deletions

diff --git a/Makefile.am b/Makefile.am
index 99f5da6..0205f74 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -34,6 +34,7 @@ bin_SCRIPTS     += scripts/vyatta-boot-image.pl
 bin_SCRIPTS	+= scripts/vyatta-sudo
 bin_SCRIPTS	+= scripts/vyatta-show-snmp.pl
 bin_SCRIPTS	+= scripts/vyatta-show-snmp-ifmib
+bin_SCRIPTS	+= scripts/vyatta-show-snmp-v3.pl
 bin_SCRIPTS	+= scripts/rename-image.pl
 bin_SCRIPTS	+= scripts/show-image-storage.pl
 bin_SCRIPTS	+= scripts/vyatta-remote-copy.pl
diff --git a/debian/changelog b/debian/changelog
index e8b37f7..e1536bf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+vyatta-op (0.13.278) unstable; urgency=low
+
+  * Sync up SNMPv3 support
+
+ -- James Davidson <james.davidson@vyatta.com>  Thu, 28 Mar 2013 12:53:19 -0700
+
+vyatta-op (0.13.277) unstable; urgency=low
+
+  * Remove format operational mode commands
+  * Remove install system template
+
+ -- Stephen Hemminger <stephen@networkplumber.org>  Mon, 04 Mar 2013 21:21:36 -0800
+
 vyatta-op (0.13.276) unstable; urgency=low
 
   * Support detection of overlayfs
diff --git a/scripts/vyatta-show-snmp-v3.pl b/scripts/vyatta-show-snmp-v3.pl
new file mode 100644
index 0000000..dc81623
--- /dev/null
+++ b/scripts/vyatta-show-snmp-v3.pl
@@ -0,0 +1,168 @@
+#! /usr/bin/perl
+
+use Getopt::Long;
+
+sub show_view() {
+    print <<END;
+
+SNMPv3 Views:
+
+END
+
+    foreach my $view ( listNodes("view") ) {
+        print "View : $view\nOIDs :\n";
+        foreach my $oid ( listNodes("view $view oid") ) {
+            my $exclude = '';
+            $exclude = ' exclude'
+              if ( isExists("view $view oid $oid exclude") );
+            my $mask = '';
+            if ( isExists("view $view oid $oid mask") ) {
+                my $value = returnValue("view $view oid $oid mask");
+                $mask = " mask $value";
+            }
+            print "       .$oid$exclude$mask\n";
+        }
+        print "\n";
+    }
+}
+
+sub show_group() {
+    print <<END;
+
+SNMPv3 Groups:
+
+Group               View
+-----               ----
+END
+
+    foreach my $group ( listNodes("group") ) {
+        my $view = returnValue("group $group view");
+        my $mode = returnValue("group $group mode");
+        if ( length($group) >= 20 ) {
+            print "$group\n                    $view($mode)\n";
+        }
+        else {
+            $~ = "GROUP_FORMAT";
+            format GROUP_FORMAT =
+@<<<<<<<<<<<<<<<<<< @*(@*)
+$group $view $mode
+.
+            write;
+        }
+    }
+    print "\n";
+}
+
+sub show_user() {
+    print <<END;
+
+SNMPv3 Users:
+
+User                Auth Priv Mode Group
+----                ---- ---- ---- -----
+END
+
+    foreach my $user ( listNodes("user") ) {
+        my $auth  = returnValue("user $user auth type");
+        my $priv  = returnValue("user $user privacy type");
+        my $mode  = returnValue("user $user mode");
+        my $group = returnValue("user $user group");
+        if ( length($user) >= 20 ) {
+            print "$user\n                    $auth  $priv  $mode   $group\n";
+        }
+        else {
+            $~ = "USER_FORMAT";
+            format USER_FORMAT =
+@<<<<<<<<<<<<<<<<<< @<<< @<<< @<<< @*
+$user $auth $priv $mode $group
+.
+            write;
+        }
+    }
+    print "\n";
+}
+
+sub show_trap() {
+    print <<END;
+
+SNMPv3 Trap-targets:
+
+Tpap-target                   Port   Protocol Auth Priv Type   EngineID                 User
+-----------                   ----   -------- ---- ---- ----   --------                 ----
+END
+
+    foreach my $trap ( listNodes("trap-target") ) {
+        my $auth     = returnValue("trap-target $trap auth type");
+        my $priv     = returnValue("trap-target $trap privacy type");
+        my $type     = returnValue("trap-target $trap type");
+        my $port     = returnValue("trap-target $trap port");
+        my $user     = returnValue("trap-target $trap user");
+        my $protocol = returnValue("trap-target $trap protocol");
+        my $engineid = returnValue("trap-target $trap engineid");
+        if ( length($trap) >= 30 ) {
+            $~ = "TRAP_BIG_FORMAT";
+            format TRAP_BIG_FORMAT =
+^*
+$trap
+                              @<<<<< @<<<<<<< @<<< @<<< @<<<<< @<<<<<<<<<<<<<<<<<<<<... @*
+$port $protocol $auth $priv $type $engineid $user
+.
+            write;
+        }
+        else {
+            $~ = "TRAP_FORMAT";
+            format TRAP_FORMAT =
+@<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<<<< @<<<<<<< @<<< @<<< @<<<<< @<<<<<<<<<<<<<<<<<<<<... @*
+$trap $port $protocol $auth $priv $type $engineid $user
+.
+            write;
+        }
+    }
+    print "\n";
+}
+
+sub show_all() {
+    show_user();
+    show_group();
+    show_view();
+    show_trap();
+}
+
+sub listNodes {
+    my $path = shift;
+    my @nodes =
+      split( ' ', `cli-shell-api listActiveNodes service snmp v3 $path` );
+    return map { substr $_, 1, -1 } @nodes;
+}
+
+sub returnValue {
+    my $path  = shift;
+    my $value = `cli-shell-api returnActiveValue service snmp v3 $path`;
+    return $value;
+}
+
+sub isExists {
+    my $path = shift;
+    system("cli-shell-api existsActive service snmp v3 $path");
+    return !$?;
+}
+
+my $all;
+my $view;
+my $group;
+my $user;
+my $trap;
+
+GetOptions(
+    "all!"   => \$all,
+    "view!"  => \$view,
+    "group!" => \$group,
+    "user!"  => \$user,
+    "trap!"  => \$trap,
+);
+
+show_all()   if ($all);
+show_view()  if ($view);
+show_group() if ($group);
+show_user()  if ($user);
+show_trap()  if ($trap);
diff --git a/scripts/vyatta-show-snmp.pl b/scripts/vyatta-show-snmp.pl
index 2346a6c..634b3cc 100755
--- a/scripts/vyatta-show-snmp.pl
+++ b/scripts/vyatta-show-snmp.pl
@@ -27,11 +27,14 @@ use NetAddr::IP;
 
 my $SNMPDCFG   = '/etc/snmp/snmpd.conf';
 my $SNMPSTATUS = '/usr/bin/snmpstatus';
+my $password_file = '/config/snmp/superuser_pass';
 
 # generate list of communities in configuration file
 sub read_config {
     my %community;
 
+    die "Service SNMP does not configured.\n" if (! -e $SNMPDCFG);
+
     open( my $cfg, '<', $SNMPDCFG )
       or die "Can't open $SNMPDCFG : $!\n";
 
@@ -65,14 +68,29 @@ sub status_any {
     my %community = %{$cref};
     my $localhost = new NetAddr::IP('localhost');
 
-    die "No SNMP community's configured\n"
-      unless scalar(%community);
-
-    foreach my $c ( keys %community ) {
+    if (scalar(%community)) {
+      foreach my $c ( keys %community ) {
         my $addr = $community{$c};
         status( $c, $localhost->addr() ) if ( $addr->contains($localhost) );
+      }
+    }
+    status_v3();
+
+}
+
+sub status_v3 {
+    open (my $file, '<' , $password_file) or die "Couldn't open $password_file - $!";
+    my $superuser_pass = do { local $/; <$file> };
+    close $file;
+    open ($file, '<', $SNMPDCFG) or die "Couldn't open $SNMPDCFG - $!";
+    my $superuser_login = '';
+    while (my $line = <$file>) {
+      if ($line =~ /^iquerySecName (.*)$/) {
+	$superuser_login = $1;
+      }
     }
-    die "No SNMP community's accessible from ", $localhost->addr(), "\n";
+    close $file;
+    exec $SNMPSTATUS, '-v3', '-l', 'authNoPriv', '-u', $superuser_login, '-A', $superuser_pass, 'localhost';
 }
 
 # check status of one community
diff --git a/templates/format/disk/node.def b/templates/format/disk/node.def
deleted file mode 100644
index 97df9b7..0000000
--- a/templates/format/disk/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help:  Format a disk drive
diff --git a/templates/format/disk/node.tag/like/node.def b/templates/format/disk/node.tag/like/node.def
deleted file mode 100644
index c4a5126..0000000
--- a/templates/format/disk/node.tag/like/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help: Format this disk the same as another disk
diff --git a/templates/format/disk/node.tag/like/node.tag/node.def b/templates/format/disk/node.tag/like/node.tag/node.def
deleted file mode 100644
index a98cbcc..0000000
--- a/templates/format/disk/node.tag/like/node.tag/node.def
+++ /dev/null
@@ -1,61 +0,0 @@
-help:  Name of disk drive to partition it like
-
-allowed:
-	local -a disks ;
-	proto_disk=${COMP_WORDS[2]}
-        disks=`cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | egrep -v "[0-9]"`
-	disks=`echo $disks | sed -e s/$proto_disk//g`
-	echo -n $disks
-
-run:
-	proto_disk=$5
-	format_disk=$3
-	backup_dir=/var/tmp
-	eligible_format_disks=`cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | egrep -v "[0-9]"`
-	eligible_proto_disks=`echo $eligible_format_disks | sed -e s/$format_disk//g`
-	proto_eligible=`echo $eligible_proto_disks | grep $proto_disk`
-	format_eligible=`echo $eligible_format_disks | grep $format_disk`
-	busy_check=`sudo /sbin/sfdisk -R /dev/$format_disk 2>&1`
-
-	if [ $proto_disk = $format_disk ]; then
-	    echo "The two disk drives must be different."
-	elif [ ! -b /dev/$proto_disk ]; then
-	    echo "Device /dev/$proto_disk does not exist"
-	elif [ ! -b /dev/$format_disk ]; then
-	    echo "Device /dev/$format_disk does not exist"
-	elif [ -z "$format_eligible" ]; then
-	    echo "Device $format_disk can not be formatted"
-	elif [ -z "$proto_eligible" ]; then
-	    echo "Device $proto_disk can not be used as a prototype for $format_disk"
-	elif [ -n "$busy_check" ]; then
-	    echo "Disk device $format_disk is busy.  Can't format it now."
-	elif [ ! -r /dev/$format_disk ]; then
-	    echo "Must be admin or root to format disk"
-	else
-	    echo "This will re-format disk $format_disk so that it has the same disk"
-	    echo "partion sizes and offsets as $proto_disk.  This will not copy"
-	    echo "data from $proto_disk to $format_disk.  But this will erase all"
-	    echo "data on $format_disk."
-	    echo
-	    echo -n "Do you wish to proceed (yes, NO)? "
-	    read response
-	    if [ "$response" = "yes" ]; then
-		echo "OK.  Re-formating disk drive $format_disk..."
-		echo "Making backup copy of partitions..."
-		sudo /sbin/sfdisk -d /dev/$format_disk > $backup_dir/backup_$format_disk.`date +%F-%R`
-		sleep 1
-		partitions=`cat /proc/partitions | grep $format_disk'[0-9]' | awk '{ print $4 }' | sed 's/[a-z]//g'`
-		if [ -n "$partitions" ]; then
-		    echo -n "Deleting old partitions..."
-		    for part in $partitions ; do
-			sudo /sbin/parted /dev/$format_disk rm $part
-		    done
-		    echo ""
-		fi
-		echo "Creating new partitions on $format_disk based on $proto_disk..."
-		sudo /sbin/sfdisk -d /dev/$proto_disk | sudo /sbin/sfdisk --force /dev/$format_disk
-		echo "Done."
-	    else
-		echo "OK. Disk drive $format_drive will not be re-formated."
-	    fi
-	fi
diff --git a/templates/format/disk/node.tag/node.def b/templates/format/disk/node.tag/node.def
deleted file mode 100644
index 2b77c5b..0000000
--- a/templates/format/disk/node.tag/node.def
+++ /dev/null
@@ -1,6 +0,0 @@
-help:  Disk drive name
-
-allowed:
-        local -a array ;
-        array=`cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | egrep -v "[0-9]"`
-        echo -n $array
diff --git a/templates/format/node.def b/templates/format/node.def
deleted file mode 100644
index 5775951..0000000
--- a/templates/format/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help:  Format a device
diff --git a/templates/format/system-floppy/node.def b/templates/format/system-floppy/node.def
deleted file mode 100644
index c897913..0000000
--- a/templates/format/system-floppy/node.def
+++ /dev/null
@@ -1,2 +0,0 @@
-help: Format and prepare a floppy to save the config.boot file
-run: sudo /opt/vyatta/sbin/init-floppy
diff --git a/templates/install/system/node.def b/templates/install/system/node.def
deleted file mode 100644
index c200404..0000000
--- a/templates/install/system/node.def
+++ /dev/null
@@ -1,2 +0,0 @@
-help: Install system to hard drive
-run: sudo /opt/vyatta/sbin/install-system
diff --git a/templates/show/snmp/v3/certificates/node.def b/templates/show/snmp/v3/certificates/node.def
new file mode 100644
index 0000000..e66fc0d
--- /dev/null
+++ b/templates/show/snmp/v3/certificates/node.def
@@ -0,0 +1,7 @@
+help: Show TSM certificates
+run: files=`sudo ls /etc/snmp/tls/certs/ 2> /dev/null`;
+  if [ -n "$files" ]; then
+    sudo /usr/bin/net-snmp-cert showcerts --subject --fingerprint
+  else
+    echo "You don't have any certificates. Put it in '/etc/snmp/tls/certs/' folder."
+  fi
diff --git a/templates/show/snmp/v3/group/node.def b/templates/show/snmp/v3/group/node.def
new file mode 100644
index 0000000..7ff947a
--- /dev/null
+++ b/templates/show/snmp/v3/group/node.def
@@ -0,0 +1,2 @@
+help: Show the list of configured groups
+run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --group
\ No newline at end of file
diff --git a/templates/show/snmp/v3/node.def b/templates/show/snmp/v3/node.def
new file mode 100644
index 0000000..70c0df2
--- /dev/null
+++ b/templates/show/snmp/v3/node.def
@@ -0,0 +1,2 @@
+help: Show status of SNMP v3 on localhost
+run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --all
\ No newline at end of file
diff --git a/templates/show/snmp/v3/trap-target/node.def b/templates/show/snmp/v3/trap-target/node.def
new file mode 100644
index 0000000..9f0d2f1
--- /dev/null
+++ b/templates/show/snmp/v3/trap-target/node.def
@@ -0,0 +1,2 @@
+help: Show the list of configured targets
+run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --trap
diff --git a/templates/show/snmp/v3/user/node.def b/templates/show/snmp/v3/user/node.def
new file mode 100644
index 0000000..621ccc8
--- /dev/null
+++ b/templates/show/snmp/v3/user/node.def
@@ -0,0 +1,2 @@
+help: Show the list of configured users
+run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --user
diff --git a/templates/show/snmp/v3/view/node.def b/templates/show/snmp/v3/view/node.def
new file mode 100644
index 0000000..7e05d84
--- /dev/null
+++ b/templates/show/snmp/v3/view/node.def
@@ -0,0 +1,2 @@
+help: Show the list of configured views
+run: /opt/vyatta/bin/vyatta-show-snmp-v3.pl --view
\ No newline at end of file