blob: ec0f8d63db99a5e8aad6ea94743f11b0dba83f2a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
#!/bin/sh
. STlsVars
# this file contains tests common to both tls and dtls usages
export NET_SNMP_CRT_CFGTOOL="${builddir}/net-snmp-config"
NSCERT="perl $SNMP_BASEDIR/../../../local/net-snmp-cert"
NSCERTARGS="-I -C $SNMP_TMPDIR"
TLSDIR=$SNMP_TMPDIR/tls
#########################################
# Create the certificates
# create the ca
CAPTURE $NSCERT genca --cn ca-net-snmp.org $NSCERTARGS
# snmpd
HOSTNAME=`hostname`
CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpd --cn $HOSTNAME $NSCERTARGS
SERVERFP=`$NSCERT showcerts --fingerprint --brief snmpd $NSCERTARGS`
CHECKVALUEISNT "$SERVERFP" "" "generated fingerprint for snmpd certificate"
# user
CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp --cn 'testuser' $NSCERTARGS
TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS`
CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate"
# user2
CAPTURE $NSCERT gencert --with-ca ca-net-snmp.org -t snmpapp2 --cn 'testuser2' $NSCERTARGS
TESTUSER2FP=`$NSCERT showcerts --fingerprint --brief snmpapp2 $NSCERTARGS`
CHECKVALUEISNT "$TESTUSER2FP" "" "generated fingerprint for testuser2 certificate"
CONFIGAPP serverCert $SERVERFP
CONFIGAGENT certSecName 9 $TESTUSERFP --cn
CONFIGAGENT certSecName 10 $TESTUSER2FP --cn
CONFIGAGENT rwuser -s tsm testuser authpriv
CONFIGAGENT rwuser -s tsm $TSM_PREFIX:testuser2 authpriv
CONFIGAGENT rocommunity public
#
# Start the agent
#
AGENT_FLAGS="-Dtsm udp:9999"
FLAGS="-On $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT"
STARTAGENT
CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"
CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: false"
# using user 1 - a common name mapped certificate
# (using the default "snmpapp" certificate because we don't specify another)
CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"
CHECK ".1.3.6.1.2.1.1.3.0 = Timeticks:"
# using user 2 should now fail because no prefix is applied
CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"
CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
CHECK "authorizationError"
# set the TSM prefix scalar to 1 to turn on prefixing
CAPTURE "snmpset -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0 i 1"
# using user 2 should now work and the prefix should have been added
# to the securityName, so the agent now accepts it
CAPTURE "snmpget -T our_identity=snmpapp2 -Dssl $FLAGS .1.3.6.1.2.1.190.1.2.1.0"
CHECK ".1.3.6.1.2.1.190.1.2.1.0 = INTEGER: true"
# using user 1 should now fail because the prefix has added to the
# securityName, so the agent now accepts it
CAPTURE "snmpget -Dssl $FLAGS .1.3.6.1.2.1.1.3.0"
CHECKCOUNT 0 ".1.3.6.1.2.1.1.3.0 = Timeticks:"
CHECK "authorizationError"
CAPTURE "snmpget -v 1 -c public 127.0.0.1:9999 .1.3.6.1.2.1.190.1.2.1.0"
# cleanup
STOPAGENT
FINISHED
|