#!/bin/sh /etc/rc.common # Copyright (C) 2008 OpenWrt.org START=99 USE_PROCD=1 PROG="/usr/sbin/snmpd" CONFIGFILE="/var/run/snmpd.conf" snmpd_agent_add() { local cfg="$1" config_get agentaddress "$cfg" agentaddress [ -n "$agentaddress" ] || return 0 echo "agentaddress $agentaddress" >> $CONFIGFILE } snmpd_agentx_add() { local cfg="$1" echo "master agentx" >> $CONFIGFILE config_get agentxsocket "$cfg" agentxsocket [ -n "$agentxsocket" ] && echo "agentXSocket $agentxsocket" >> $CONFIGFILE } snmpd_system_add() { local cfg="$1" local hostname config_get syslocation "$cfg" sysLocation [ -n "$syslocation" ] && echo "sysLocation $syslocation" >> $CONFIGFILE config_get syscontact "$cfg" sysContact [ -n "$syscontact" ] && echo "sysContact $syscontact" >> $CONFIGFILE config_get sysname "$cfg" sysName [ -n "$sysname" ] && echo "sysName $sysname" >> $CONFIGFILE [ -z "$sysname" ] && hostname=$(uci_get system.@system[0].hostname) && echo "sysName $hostname" >> $CONFIGFILE config_get sysservice "$cfg" sysService [ -n "$sysservice" ] && echo "sysService $sysservice" >> $CONFIGFILE config_get sysdescr "$cfg" sysDescr [ -n "$sysdescr" ] && echo "sysDescr $sysdescr" >> $CONFIGFILE config_get sysobjectid "$cfg" sysObjectID [ -n "$sysobjectid" ] && echo "sysObjectID $sysobjectid" >> $CONFIGFILE } snmpd_com2sec_add() { local cfg="$1" config_get secname "$cfg" secname [ -n "$secname" ] || return 0 config_get source "$cfg" source [ -n "$source" ] || return 0 config_get community "$cfg" community [ -n "$community" ] || return 0 echo "com2sec $secname $source $community" >> $CONFIGFILE } snmpd_com2sec6_add() { local cfg="$1" config_get secname "$cfg" secname [ -n "$secname" ] || return 0 config_get source "$cfg" source [ -n "$source" ] || return 0 config_get community "$cfg" community [ -n "$community" ] || return 0 echo "com2sec6 $secname $source $community" >> $CONFIGFILE } snmpd_group_add() { local cfg="$1" config_get group "$cfg" group [ -n "$group" ] || return 0 config_get version "$cfg" version [ -n "$version" ] || return 0 config_get secname "$cfg" secname [ -n "$secname" ] || return 0 echo "group $group $version $secname" >> $CONFIGFILE } snmpd_view_add() { local cfg="$1" config_get viewname "$cfg" viewname [ -n "$viewname" ] || return 0 config_get type "$cfg" type [ -n "$type" ] || return 0 config_get oid "$cfg" oid [ -n "$oid" ] || return 0 # optional mask config_get mask "$cfg" mask echo "view $viewname $type $oid $mask" >> $CONFIGFILE } snmpd_access_add() { local cfg="$1" config_get group "$cfg" group [ -n "$group" ] || return 0 config_get context "$cfg" context [ -n $context ] || return 0 [ "$context" == "none" ] && context='""' config_get version "$cfg" version [ -n "$version" ] || return 0 config_get level "$cfg" level [ -n "$level" ] || return 0 config_get prefix "$cfg" prefix [ -n "$prefix" ] || return 0 config_get read "$cfg" read [ -n "$read" ] || return 0 config_get write "$cfg" write [ -n "$write" ] || return 0 config_get notify "$cfg" notify [ -n "$notify" ] || return 0 echo "access $group $context $version $level $prefix $read $write $notify" >> $CONFIGFILE } snmpd_trap_hostname_add() { local cfg="$1" config_get hostname "$cfg" HostName config_get port "$cfg" Port config_get community "$cfg" Community config_get type "$cfg" Type echo "$type $hostname $community $port" >> $CONFIGFILE } snmpd_trap_ip_add() { local cfg="$1" config_get host_ip "$cfg" HostIP config_get port "$cfg" Port config_get community "$cfg" Community config_get type "$cfg" Type echo "$type $host_ip $community $port" >> $CONFIGFILE } snmpd_access_default_add() { local cfg="$1" config_get mode "$cfg" Mode config_get community "$cfg" CommunityName config_get oidrestrict "$cfg" RestrictOID config_get oid "$cfg" RestrictedOID echo -n "$mode $community default" >> $CONFIGFILE [ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE [ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE } snmpd_access_HostName_add() { local cfg="$1" config_get hostname "$cfg" HostName config_get mode "$cfg" Mode config_get community "$cfg" CommunityName config_get oidrestrict "$cfg" RestrictOID config_get oid "$cfg" RestrictedOID echo -n "$mode $community $hostname" >> $CONFIGFILE [ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE [ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE } snmpd_access_HostIP_add() { local cfg="$1" config_get host_ip "$cfg" HostIP config_get ip_mask "$cfg" IPMask config_get mode "$cfg" Mode config_get community "$cfg" CommunityName config_get oidrestrict "$cfg" RestrictOID config_get oid "$cfg" RestrictedOID echo -n "$mode $community $host_ip/$ip_mask" >> $CONFIGFILE [ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE [ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE } snmpd_pass_add() { local cfg="$1" local pass='pass' config_get miboid "$cfg" miboid [ -n "$miboid" ] || return 0 config_get prog "$cfg" prog [ -n "$prog" ] || return 0 config_get_bool persist "$cfg" persist 0 [ $persist -ne 0 ] && pass='pass_persist' config_get priority "$cfg" priority priority=${priority:+-p $priority} echo "$pass $priority $miboid $prog" >> $CONFIGFILE } snmpd_exec_add() { local cfg="$1" config_get name "$cfg" name [ -n "$name" ] || return 0 config_get prog "$cfg" prog [ -n "$prog" ] || return 0 config_get args "$cfg" args config_get miboid "$cfg" miboid echo "exec $miboid $name $prog $args" >> $CONFIGFILE } snmpd_extend_add() { local cfg="$1" config_get name "$cfg" name [ -n "$name" ] || return 0 config_get prog "$cfg" prog [ -n "$prog" ] || return 0 config_get args "$cfg" args config_get miboid "$cfg" miboid echo "extend $miboid $name $prog $args" >> $CONFIGFILE } snmpd_disk_add() { local cfg="$1" local disk='disk' config_get partition "$cfg" partition [ -n "$partition" ] || return 0 config_get size "$cfg" size [ -n "$size" ] || return 0 echo "$disk $partition $size" >> $CONFIGFILE } snmpd_engineid_add() { local cfg="$1" config_get engineid "$cfg" engineid [ -n "$engineid" ] && echo "engineID $engineid" >> $CONFIGFILE config_get engineidtype "$cfg" engineidtype [ "$engineidtype" -ge 1 -a "$engineidtype" -le 3 ] && \ echo "engineIDType $engineidtype" >> $CONFIGFILE config_get engineidnic "$cfg" engineidnic [ -n "$engineidnic" ] && echo "engineIDNic $engineidnic" >> $CONFIGFILE } snmpd_sink_add() { local cfg="$1" local section="$2" local community local port local host config_get host "$cfg" host [ -n "section" -a -n "$host" ] || return 0 # optional community config_get community "$cfg" community # optional port config_get port "$cfg" port port=${port:+:$port} echo "$section $host$port $community" >> $CONFIGFILE } snmpd_snmpv3_add() { local cfg="$1" local cfg2="$2" local version local username local auth_type local auth_pass local privacy_type local privacy_pass local allow_write local oid config_get version "$cfg2" snmp_version if [ "$version" != "v1/v2c/v3" ] && [ "$version" != "v3" ]; then echo "skipping section '$cfg' wrong 'snmp_version=$version' configured" return 0 fi config_get username "$cfg" username [ -n "$username" ] || { echo "skipping section '$cfg' 'username' missing" return 0 } config_get auth_pass "$cfg" auth_pass config_get oid "$cfg" RestrictedOID config_get_bool allow_write "$cfg" allow_write 0 local useraccess="rouser" [ "$allow_write" -eq 1 ] && useraccess="rwuser" if [ -z "$auth_pass" ]; then echo "createUser $username" >> "$CONFIGFILE" echo "$useraccess $username noauth $oid" >> "$CONFIGFILE" return fi [ "${#auth_pass}" -lt 8 ] && { echo "skipping section '$cfg' 'auth_pass' requires a min length of 8" return 0 } config_get auth_type "$cfg" auth_type [ -z "$auth_type" ] && { echo "skipping section '$cfg' 'auth_type' missing" return 0 } config_get privacy_type "$cfg" privacy_type config_get privacy_pass "$cfg" privacy_pass if [ -n "$privacy_type" ] && [ -n "$privacy_pass" ]; then [ "${#privacy_pass}" -lt 8 ] && { echo "skipping section '$cfg' 'privacy_pass' requires a min length of 8" return 0 } echo "createUser $username $auth_type \"$auth_pass\" $privacy_type \"$privacy_pass\"" >> "$CONFIGFILE" echo "$useraccess $username priv $oid" >> "$CONFIGFILE" else echo "createUser $username $auth_type \"$auth_pass\"" >> "$CONFIGFILE" echo "$useraccess $username auth $oid" >> "$CONFIGFILE" fi } append_parm() { local section="$1" local option="$2" local switch="$3" local _loctmp config_get _loctmp "$section" "$option" [ -z "$_loctmp" ] && return 0 echo "$switch $_loctmp" >> $CONFIGFILE } append_authtrapenable() { local section="$1" local option="$2" local switch="$3" local _loctmp config_get_bool _loctmp "$section" "$option" [ -z "$_loctmp" ] && return 0 [ "$_loctmp" -gt 0 ] && echo "$switch $_loctmp" >> $CONFIGFILE } snmpd_setup_fw_rules() { local net="$1" local zone zone=$(fw3 -q network "$net" 2>/dev/null) local handled_zone for handled_zone in $HANDLED_SNMP_ZONES; do [ "$handled_zone" = "$zone" ] && return done json_add_object "" json_add_string type rule json_add_string src "$zone" json_add_string proto udp json_add_string dest_port 161 json_add_string target ACCEPT json_close_object HANDLED_SNMP_ZONES="$HANDLED_SNMP_ZONES $zone" } snmpd_configure_logging() { local cfg="$1" local log_syslog local log_syslog_facility local log_file local log_file_priority config_get_bool log_syslog "$cfg" log_syslog 0 # d - LOG_DAEMON, # u - LOG_USER, # 0-7 - LOG_LOCAL0 through LOG_LOCAL7. # 0 or ! - LOG_EMERG # 1 or a - LOG_ALERT # 2 or c - LOG_CRIT # 3 or e - LOG_ERR # 4 or w - LOG_WARN # 5 or n - LOG_NOTICE # 6 or i - LOG_INFO # 7 or d - LOG_DEBUG if [ $log_syslog -eq 1 ]; then config_get log_syslog_facility "$cfg" log_syslog_facility "d" procd_append_param command -Ls "${log_syslog_facility}" fi config_get log_file "$cfg" log_file if [ -n "$log_file" ]; then config_get log_file_priority "$cfg" log_file_priority "i" mkdir -p "$(dirname "${log_file}")" procd_append_param command -LF "${log_file_priority} ${log_file}" fi if [ "$log_syslog" -eq 0 ] && [ -z "$log_file" ]; then procd_append_param command -Lf /dev/null fi } start_service() { [ -f "$CONFIGFILE" ] && rm -f "$CONFIGFILE" config_load snmpd config_get_bool snmp_enabled general enabled 1 [ "$snmp_enabled" -eq 0 ] && return local pid_file="/var/run/snmpd.pid" procd_open_instance config_foreach snmpd_agent_add agent config_foreach snmpd_agentx_add agentx config_foreach snmpd_system_add system config_foreach snmpd_com2sec_add com2sec config_foreach snmpd_com2sec6_add com2sec6 config_foreach snmpd_group_add group config_foreach snmpd_view_add view config_foreach snmpd_access_add access config_foreach snmpd_trap_hostname_add trap_HostName config_foreach snmpd_trap_ip_add trap_HostIP config_foreach snmpd_access_default_add access_default config_foreach snmpd_access_HostName_add access_HostName config_foreach snmpd_access_HostIP_add access_HostIP config_foreach snmpd_pass_add pass config_foreach snmpd_exec_add exec config_foreach snmpd_extend_add extend config_foreach snmpd_disk_add disk config_foreach snmpd_engineid_add engineid append_parm trapcommunity community trapcommunity config_foreach snmpd_sink_add trapsink trapsink config_foreach snmpd_sink_add trap2sink trap2sink config_foreach snmpd_sink_add informsink informsink append_authtrapenable authtrapenable enable authtrapenable append_parm v1trapaddress host v1trapaddress append_parm trapsess trapsess trapsess config_foreach snmpd_snmpv3_add v3 general procd_set_param command $PROG -f -r -p "$pid_file" procd_append_param command -C -c "$CONFIGFILE" config_foreach snmpd_configure_logging log procd_set_param respawn for iface in $(ls /sys/class/net 2>/dev/null); do procd_append_param netdev "$iface" done procd_open_data json_add_array firewall config_list_foreach general network snmpd_setup_fw_rules json_close_array procd_close_data procd_close_instance } service_stopped() { [ -f "$CONFIGFILE" ] || return rm -f "$CONFIGFILE" procd_set_config_changed firewall } service_triggers(){ local script=$(readlink "$initscript") local name=$(basename ${script:-$initscript}) procd_open_trigger procd_add_raw_trigger "interface.*" 2000 /etc/init.d/$name reload procd_close_trigger procd_add_reload_trigger 'snmpd' 'system' } service_started() { [ "$snmp_enabled" -eq 0 ] && return procd_set_config_changed firewall }