From 873e9ef110039289b3554e4e579bbaa249f9ca77 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 8 Jun 2018 09:12:03 +0200 Subject: T652: user encrypted-key not possible without engineid --- src/conf_mode/snmp.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/conf_mode/snmp.py') diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 7623206b4..83ae27bbd 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -634,6 +634,9 @@ def verify(snmp): if user['privPassword'] == '' and user['privMasterKey'] == '': raise ConfigError('Must specify encrypted-key or plaintext-key for user privacy') + if user['privMasterKey'] and user['engineID'] == '': + raise ConfigError('Can not have "encrypted-key" without engineid') + if user['authPassword'] == '' and user['authMasterKey'] == '' and user['privTsmKey'] == '': raise ConfigError('Must specify auth or tsm-key for user auth') -- cgit v1.2.3 From a4b60ec2056662767b2736206d8f3be00f94a275 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 8 Jun 2018 10:36:53 +0200 Subject: T652: import SNMP keys from volatile into nonvolatile location --- src/conf_mode/snmp.py | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) (limited to 'src/conf_mode/snmp.py') diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 83ae27bbd..863f7e2e2 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -18,6 +18,7 @@ import sys import os +import shutil import stat import pwd import time @@ -46,7 +47,6 @@ OIDs = { 'des' : '.1.3.6.1.6.3.10.1.2.2', 'none': '.1.3.6.1.6.3.10.1.2.1' } - # SNMPS template - be careful if you edit the template. client_config_tmpl = """ ### Autogenerated by snmp.py ### @@ -714,12 +714,30 @@ def generate(snmp): def apply(snmp): if snmp is not None: - if not os.path.exists('/config/snmp/tls'): - os.makedirs('/config/snmp/tls') - os.chmod('/config/snmp/tls', stat.S_IWUSR | stat.S_IRUSR) + nonvolatiledir = '/config/snmp/tls' + volatiledir = '/etc/snmp/tls' + if not os.path.exists(nonvolatiledir): + os.makedirs(nonvolatiledir) + os.chmod(nonvolatiledir, stat.S_IWUSR | stat.S_IRUSR) # get uid for user 'snmp' snmp_uid = pwd.getpwnam('snmp').pw_uid - os.chown('/config/snmp/tls', snmp_uid, -1) + os.chown(nonvolatiledir, snmp_uid, -1) + + # move SNMP certificate files from volatile location to non volatile /config/snmp + if os.path.exists(volatiledir) and os.path.isdir(volatiledir): + files = os.listdir(volatiledir) + for f in files: + shutil.move(volatiledir + '/' + f, nonvolatiledir) + os.chmod(nonvolatiledir + '/' + f, stat.S_IWUSR | stat.S_IRUSR) + + os.rmdir(volatiledir) + os.symlink(nonvolatiledir, volatiledir) + + if os.path.islink(volatiledir): + link = os.readlink(volatiledir) + if link != nonvolatiledir: + os.unlink(volatiledir) + os.symlink(nonvolatiledir, volatiledir) # start SNMP daemon os.system("sudo systemctl restart snmpd.service") -- cgit v1.2.3