From d762b049def9c2fc8ac35b779bc093bc93fd0075 Mon Sep 17 00:00:00 2001
From: James Davidson <james.davidson@vyatta.com>
Date: Wed, 6 Mar 2013 10:01:33 -0800
Subject: Sync up SNMPv3 support

SNMP-100 Implement high-level vyatta CLI
SNMP-135 change 'show snmp', add 'show snmp v3 certificates'
SNMP-142 'sh snmp v3 cert' error/warning messages
SNMP-143 show CLI implementation
SNMP-152 Hide 'No such file or directory' error message
SNMP-143 show CLI implementation
SNMP-154 user friendly error message on 'show snmp'
SNMP-157 Run Perltidy for all Perl scripts
SNMP-158 change output of 'sh snmp v3 trap-target'
(cherry picked from commit 3e5ac8cc1d3bed7fe392ba052f9f037f16441f6f)
---
 scripts/vyatta-show-snmp-v3.pl | 168 +++++++++++++++++++++++++++++++++++++++++
 scripts/vyatta-show-snmp.pl    |  28 +++++--
 2 files changed, 191 insertions(+), 5 deletions(-)
 create mode 100644 scripts/vyatta-show-snmp-v3.pl

(limited to 'scripts')

diff --git a/scripts/vyatta-show-snmp-v3.pl b/scripts/vyatta-show-snmp-v3.pl
new file mode 100644
index 0000000..dc81623
--- /dev/null
+++ b/scripts/vyatta-show-snmp-v3.pl
@@ -0,0 +1,168 @@
+#! /usr/bin/perl
+
+use Getopt::Long;
+
+sub show_view() {
+    print <<END;
+
+SNMPv3 Views:
+
+END
+
+    foreach my $view ( listNodes("view") ) {
+        print "View : $view\nOIDs :\n";
+        foreach my $oid ( listNodes("view $view oid") ) {
+            my $exclude = '';
+            $exclude = ' exclude'
+              if ( isExists("view $view oid $oid exclude") );
+            my $mask = '';
+            if ( isExists("view $view oid $oid mask") ) {
+                my $value = returnValue("view $view oid $oid mask");
+                $mask = " mask $value";
+            }
+            print "       .$oid$exclude$mask\n";
+        }
+        print "\n";
+    }
+}
+
+sub show_group() {
+    print <<END;
+
+SNMPv3 Groups:
+
+Group               View
+-----               ----
+END
+
+    foreach my $group ( listNodes("group") ) {
+        my $view = returnValue("group $group view");
+        my $mode = returnValue("group $group mode");
+        if ( length($group) >= 20 ) {
+            print "$group\n                    $view($mode)\n";
+        }
+        else {
+            $~ = "GROUP_FORMAT";
+            format GROUP_FORMAT =
+@<<<<<<<<<<<<<<<<<< @*(@*)
+$group $view $mode
+.
+            write;
+        }
+    }
+    print "\n";
+}
+
+sub show_user() {
+    print <<END;
+
+SNMPv3 Users:
+
+User                Auth Priv Mode Group
+----                ---- ---- ---- -----
+END
+
+    foreach my $user ( listNodes("user") ) {
+        my $auth  = returnValue("user $user auth type");
+        my $priv  = returnValue("user $user privacy type");
+        my $mode  = returnValue("user $user mode");
+        my $group = returnValue("user $user group");
+        if ( length($user) >= 20 ) {
+            print "$user\n                    $auth  $priv  $mode   $group\n";
+        }
+        else {
+            $~ = "USER_FORMAT";
+            format USER_FORMAT =
+@<<<<<<<<<<<<<<<<<< @<<< @<<< @<<< @*
+$user $auth $priv $mode $group
+.
+            write;
+        }
+    }
+    print "\n";
+}
+
+sub show_trap() {
+    print <<END;
+
+SNMPv3 Trap-targets:
+
+Tpap-target                   Port   Protocol Auth Priv Type   EngineID                 User
+-----------                   ----   -------- ---- ---- ----   --------                 ----
+END
+
+    foreach my $trap ( listNodes("trap-target") ) {
+        my $auth     = returnValue("trap-target $trap auth type");
+        my $priv     = returnValue("trap-target $trap privacy type");
+        my $type     = returnValue("trap-target $trap type");
+        my $port     = returnValue("trap-target $trap port");
+        my $user     = returnValue("trap-target $trap user");
+        my $protocol = returnValue("trap-target $trap protocol");
+        my $engineid = returnValue("trap-target $trap engineid");
+        if ( length($trap) >= 30 ) {
+            $~ = "TRAP_BIG_FORMAT";
+            format TRAP_BIG_FORMAT =
+^*
+$trap
+                              @<<<<< @<<<<<<< @<<< @<<< @<<<<< @<<<<<<<<<<<<<<<<<<<<... @*
+$port $protocol $auth $priv $type $engineid $user
+.
+            write;
+        }
+        else {
+            $~ = "TRAP_FORMAT";
+            format TRAP_FORMAT =
+@<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<<<< @<<<<<<< @<<< @<<< @<<<<< @<<<<<<<<<<<<<<<<<<<<... @*
+$trap $port $protocol $auth $priv $type $engineid $user
+.
+            write;
+        }
+    }
+    print "\n";
+}
+
+sub show_all() {
+    show_user();
+    show_group();
+    show_view();
+    show_trap();
+}
+
+sub listNodes {
+    my $path = shift;
+    my @nodes =
+      split( ' ', `cli-shell-api listActiveNodes service snmp v3 $path` );
+    return map { substr $_, 1, -1 } @nodes;
+}
+
+sub returnValue {
+    my $path  = shift;
+    my $value = `cli-shell-api returnActiveValue service snmp v3 $path`;
+    return $value;
+}
+
+sub isExists {
+    my $path = shift;
+    system("cli-shell-api existsActive service snmp v3 $path");
+    return !$?;
+}
+
+my $all;
+my $view;
+my $group;
+my $user;
+my $trap;
+
+GetOptions(
+    "all!"   => \$all,
+    "view!"  => \$view,
+    "group!" => \$group,
+    "user!"  => \$user,
+    "trap!"  => \$trap,
+);
+
+show_all()   if ($all);
+show_view()  if ($view);
+show_group() if ($group);
+show_user()  if ($user);
+show_trap()  if ($trap);
diff --git a/scripts/vyatta-show-snmp.pl b/scripts/vyatta-show-snmp.pl
index 2346a6c..634b3cc 100755
--- a/scripts/vyatta-show-snmp.pl
+++ b/scripts/vyatta-show-snmp.pl
@@ -27,11 +27,14 @@ use NetAddr::IP;
 
 my $SNMPDCFG   = '/etc/snmp/snmpd.conf';
 my $SNMPSTATUS = '/usr/bin/snmpstatus';
+my $password_file = '/config/snmp/superuser_pass';
 
 # generate list of communities in configuration file
 sub read_config {
     my %community;
 
+    die "Service SNMP does not configured.\n" if (! -e $SNMPDCFG);
+
     open( my $cfg, '<', $SNMPDCFG )
       or die "Can't open $SNMPDCFG : $!\n";
 
@@ -65,14 +68,29 @@ sub status_any {
     my %community = %{$cref};
     my $localhost = new NetAddr::IP('localhost');
 
-    die "No SNMP community's configured\n"
-      unless scalar(%community);
-
-    foreach my $c ( keys %community ) {
+    if (scalar(%community)) {
+      foreach my $c ( keys %community ) {
         my $addr = $community{$c};
         status( $c, $localhost->addr() ) if ( $addr->contains($localhost) );
+      }
+    }
+    status_v3();
+
+}
+
+sub status_v3 {
+    open (my $file, '<' , $password_file) or die "Couldn't open $password_file - $!";
+    my $superuser_pass = do { local $/; <$file> };
+    close $file;
+    open ($file, '<', $SNMPDCFG) or die "Couldn't open $SNMPDCFG - $!";
+    my $superuser_login = '';
+    while (my $line = <$file>) {
+      if ($line =~ /^iquerySecName (.*)$/) {
+	$superuser_login = $1;
+      }
     }
-    die "No SNMP community's accessible from ", $localhost->addr(), "\n";
+    close $file;
+    exec $SNMPSTATUS, '-v3', '-l', 'authNoPriv', '-u', $superuser_login, '-A', $superuser_pass, 'localhost';
 }
 
 # check status of one community
-- 
cgit v1.2.3