Add regression tests for snmpd. Not hooked into regress/usr.sbin/Makefile yet.

Ok benno@, tb@
2025-01-10 06:47:55 -08:00 · 2017-08-11 17:45:02 +00:00 · 2017-08-11 17:45:02 +00:00 · abd1180a2d
commit abd1180a2d
parent ba6872dd93
2 changed files with 330 additions and 0 deletions
--- a/regress/usr.sbin/snmpd/Makefile
+++ b/regress/usr.sbin/snmpd/Makefile
@ -0,0 +1,19 @@
+# $OpenBSD: Makefile,v 1.1 2017/08/11 17:45:02 rob Exp $
+# Regress tests for snmpd
+
+REGRESS_TARGETS =	run-regress-snmpd
+
+# Needs netsnmp
+
+NETSNMP_DEP != which snmpset >/dev/null 2>&1 ; echo $?
+
+.if ("${NETSNMP_DEP}" !=0)
+run-regress-snmpd:
+	@echo install netsnmp
+	@echo SKIPPED
+.endif
+
+run-regress-snmpd:
+	env OBJDIR=${.OBJDIR} ${SUDO} sh ${.CURDIR}/snmpd.sh
+
+.include <bsd.regress.mk>
--- a/regress/usr.sbin/snmpd/snmpd.sh
+++ b/regress/usr.sbin/snmpd/snmpd.sh
@ -0,0 +1,311 @@
+#!/bin/sh
+#
+# $OpenBSD: snmpd.sh,v 1.1 2017/08/11 17:45:02 rob Exp $
+#/*
+# * Copyright (c) Rob Pierce <rob@2keys.ca>
+# *
+# * Permission to use, copy, modify, and distribute this software for any
+# * purpose with or without fee is hereby granted, provided that the above
+# * copyright notice and this permission notice appear in all copies.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+# */
+
+# Basic snmpd regression script.
+
+export OBJDIR
+
+FAILED=0
+SLEEP=1
+PF[0]="disabled"
+PF[1]="enabled"
+
+# This file will be creatred by traphandler.c as user _snmp
+TMPFILE=$(mktemp -q /tmp/_snmpd_traptest.XXXXXX)
+
+trap 'skip' INT
+
+if [ "$(pgrep snmpd)" ]
+then
+	echo "The snmpd daemon is already running."
+	echo SKIPPED
+	exit 0
+fi
+
+cleanup() {
+	rm ${TMPFILE} >/dev/null 2>&1
+	rm ${OBJDIR}/nohup.out >/dev/null 2>&1
+	rm ${OBJDIR}/snmpd.log >/dev/null 2>&1
+	rm ${OBJDIR}/snmpd.conf >/dev/null 2>&1
+}
+
+fail() {
+	echo FAILED
+	cleanup
+	exit 1
+}
+
+skip() {
+	echo SKIPPED
+	cleanup
+	exit 0
+}
+
+# # # # # CONFIG ONE # # # # #
+
+cat > ${OBJDIR}/snmpd.conf <<EOF
+# This is config template (1) for snmpd regression testing
+listen_addr="127.0.0.1"
+
+# Restrict daemon to listen on localhost only
+listen on \$listen_addr
+
+# Specify a number of trap receivers
+trap receiver localhost
+
+trap handle 1.2.3.4 "/usr/bin/touch ${TMPFILE}"
+EOF
+
+(cd ${OBJDIR} && nohup snmpd -dvf ./snmpd.conf > snmpd.log 2>&1) &
+
+sleep ${SLEEP}
+
+[ ! -n "$(pgrep snmpd)" ] && echo "Failed to start snmpd." && fail
+
+# pf (also checks "oid all" which obtains privileged kernel data
+
+pf_enabled="$(pfctl -si | grep ^Status | awk '{ print $2 }' | tr [A-Z] [a-z])"
+enabled="$(snmpctl snmp walk localhost oid all | grep -vi parameters | \
+   grep -i pfrunning | awk -F= '{ print $2 }')"
+if [ ${PF[$enabled]} != ${PF[enabled]} ]
+then
+	if [ ${PF[$enabled]} != ${PF[disabled]} ]
+	then
+		echo "Retrieval of pf status failed."
+		FAILED=1
+	fi
+fi
+
+# hostname
+
+sys_name=$(hostname)
+name="$(snmpctl snmp get localhost oid 1.3.6.1.2.1.1.5.0 | \
+   awk -F= '{ print $2 }' | sed 's/"//g')"
+if [ $name != $sys_name ]
+then
+	echo "Retrieval of hostname failed."
+	FAILED=1
+fi
+
+# carp allow
+
+carp="$(sysctl net.inet.carp.allow | awk -F= '{ print $2 }')"
+carp_allow="$(snmpctl snmp get localhost oid 1.3.6.1.4.1.30155.6.1.1.0 | \
+   awk -F= '{ print $2 }')"
+if [ "$carp" -ne "$carp_allow" ]
+then
+	echo "Retrieval of carp.allow failed."
+	FAILED=1
+fi
+
+# carp allow with default ro community string
+
+carp="$(sysctl net.inet.carp.allow | awk -F= '{ print $2 }')"
+carp_allow="$(snmpctl snmp get localhost community public \
+   oid 1.3.6.1.4.1.30155.6.1.1.0 | awk -F= '{ print $2 }')"
+if [ "$carp" -ne "$carp_allow" ]
+then
+	echo "Retrieval of carp.allow with default ro cummunity string failed."
+	FAILED=1
+fi
+
+# trap handler with command execution
+
+rm -f ${TMPFILE}
+snmpctl trap send 1.2.3.4
+sleep ${SLEEP}
+if [ ! -f ${TMPFILE} ]
+then
+	echo "Trap handler test failed."
+	FAILED=1
+fi
+
+# system.sysContact set with default rw community string
+
+puffy="puffy@openbsd.org"
+snmpset -c private -v 1 localhost system.sysContact.0 s $puffy \
+   > /dev/null 2>&1
+contact="$(snmpctl snmp get localhost oid 1.3.6.1.2.1.1.4.0 | \
+   awk -F= '{ print $2 }' | sed 's/"//g')"
+if [ "$contact" !=  "$puffy" ]
+then
+	echo "Setting with default rw community string failed."
+	FAILED=1
+fi
+
+kill $(pgrep snmpd) >/dev/null 2>&1
+
+# # # # # CONFIG TWO # # # # #
+
+cat > ${OBJDIR}/snmpd.conf <<EOF
+# This is config template (2) for snmpd regression testing
+listen_addr="127.0.0.1"
+
+# Restrict daemon to listen on localhost only
+listen on \$listen_addr
+
+seclevel auth
+
+user "hans" authkey "password123"
+EOF
+
+(cd ${OBJDIR} && nohup snmpd -dvf ./snmpd.conf > snmpd.log 2>&1) &
+
+sleep ${SLEEP}
+
+[ ! -n "$(pgrep snmpd)" ] && echo "Failed to start snmpd." && fail
+
+# make sure we can't get an oid with deault community string
+
+snmpctl snmp get localhost oid 1.3.6.1.2.1.1.5.0 > /dev/null 2>&1
+if [ $? -eq 0 ]
+then
+	echo "Non-defaut ro community string test failed."
+	fail=1
+fi
+
+# get with SHA authentication
+
+os="$(uname -s)"
+system="$(snmpget -Oq -l authNoPriv -u hans -a SHA -A password123 localhost \
+   system.sysDescr.0 | awk '{ print $2 }')"
+if [ "$system" != "$os" ]
+then
+	echo "Retrieval test with seclevel auth and SHA failed."
+	fail=1
+fi
+
+kill $(pgrep snmpd) >/dev/null 2>&1
+
+# # # # # CONFIG THREE # # # # #
+
+cat > ${OBJDIR}/snmpd.conf <<EOF
+# This is config template (3) for snmpd regression testing
+listen_addr="127.0.0.1"
+
+# Restrict daemon to listen on localhost only
+listen on \$listen_addr
+
+seclevel enc
+
+user "hans" authkey "password123" enc aes enckey "321drowssap"
+EOF
+
+(cd ${OBJDIR} && nohup snmpd -dvf ./snmpd.conf > snmpd.log 2>&1) &
+
+sleep ${SLEEP}
+
+[ ! -n "$(pgrep snmpd)" ] && echo "Failed to start snmpd." && fail
+
+# get with SHA authentication and AES encryption
+
+os="$(uname -s)"
+system="$(snmpget -Oq -l authPriv -u hans -a SHA -A password123 -x AES \
+   -X 321drowssap localhost system.sysDescr.0 | awk '{ print $2 }')"
+if [ "$system" != "$os" ]
+then
+	echo "seclevel auth with SHA failed"
+	fail=1
+fi
+
+kill $(pgrep snmpd) >/dev/null 2>&1
+
+# # # # # CONFIG FOUR # # # # #
+
+cat > ${OBJDIR}/snmpd.conf <<EOF
+# This is config template (4) for snmpd regression testing
+listen_addr="127.0.0.1"
+
+# Restrict daemon to listen on localhost only
+listen on \$listen_addr
+
+read-only community non-default-ro
+
+read-write community non-default-rw
+
+oid 1.3.6.1.4.1.30155.42.1 name myName read-only string "humppa"
+oid 1.3.6.1.4.1.30155.42.2 name myStatus read-only integer 1
+EOF
+
+(cd ${OBJDIR} && nohup snmpd -dvf ./snmpd.conf > snmpd.log 2>&1) &
+
+sleep ${SLEEP}
+
+[ ! -n "$(pgrep snmpd)" ] && echo "Failed to start snmpd." && fail
+
+# carp allow with non-default ro community string
+
+carp="$(sysctl net.inet.carp.allow | awk -F= '{ print $2 }')"
+carp_allow="$(snmpctl snmp get localhost community non-default-ro \
+   oid 1.3.6.1.4.1.30155.6.1.1.0 | awk -F= '{ print $2 }')"
+if [ "$carp" -ne "$carp_allow" ]
+then
+	echo "Retrieval test with default ro cummunity string failed."
+	FAILED=1
+fi
+
+# system.sysContact set with non-default rw/ro community strings
+
+puffy="puffy@openbsd.org"
+snmpset -c non-default-rw -v 1 localhost system.sysContact.0 s $puffy \
+   > /dev/null 2>&1
+contact="$(snmpctl snmp get localhost community non-default-ro \
+   oid 1.3.6.1.2.1.1.4.0 | awk -F= '{ print $2 }' | sed 's/"//g')"
+if [ "$contact" !=  "$puffy" ]
+then
+	echo "Setting with default rw community string failed."
+	FAILED=1
+fi
+
+# custom oids, with a ro that we should not be able to set
+
+string="$(snmpctl snmp get localhost community non-default-rw \
+   oid 1.3.6.1.4.1.30155.42.1.0 | awk -F= '{ print $2 }' | sed 's/"//g')"
+if [ "$string" !=  "humppa" ]
+then
+	echo "couldn't get customer oid string"
+	FAILED=1
+fi
+
+integer="$(snmpctl snmp get localhost community non-default-rw \
+   oid 1.3.6.1.4.1.30155.42.2.0 | awk -F= '{ print $2 }' | sed 's/"//g')"
+if [ $integer -ne  1 ]
+then
+	echo "Retrieval of customer oid integer failed."
+	FAILED=1
+fi
+
+snmpset -c non-default-rw -v 1 localhost 1.3.6.1.4.1.30155.42.1 s "bula" \
+   > /dev/null 2>&1
+if [ $? -eq 0 ]
+then
+	echo "Setting of a ro custom oid test unexpectedly succeeded."
+	fail=1
+fi
+
+kill $(pgrep snmpd) >/dev/null 2>&1
+
+case $FAILED in
+0)	echo PASSED
+	cleanup
+	exit 0
+	;;
+1)	fail
+	;;
+esac