#!/bin/bash
#
# VERSION=5
# CHANGES="configurable syslocation"

SNMP_BIN=/usr/local/sbin/snmpd
SNMP_PID=/var/run/snmpd
SNMP_CFG=/usr/conf/snmpd_berofix.conf
SNMP_OPT="-c ${SNMP_CFG}"

PREFIX="[init_snmpd]"

if [ -x /usr/local/bin/beroconf ] ; then
	BEROCONF=/usr/local/bin/beroconf
else
	BEROCONF=/usr/fallback/beroconf
fi


function snmp_write_config () {

		rm -f /usr/conf/snmpd_berofix.conf
		rm -f /usr/conf/snmpd.conf
		
		CONFLINK=`readlink -f /usr/local/lib/snmp/`
		
		if [ "$CONFLINK" != /usr/conf ]; then
			rm -rf /usr/local/lib/snmp
			mount -o remount,rw /usr/local/
			ln -s /usr/conf/ /usr/local/lib/snmp
			mount -o remount,ro /usr/local/
		fi
		SNMP_VERSION=$(${BEROCONF} get root snmp-version | grep -v failed	)
		SNMP_SYSLOCATION=$(${BEROCONF} get root snmp-syslocation | grep -v failed	)
		
		[[ -z "$SNMP_SYSLOCATION" ]] && SNMP_SYSLOCATION=unknown

		echo "# generated by S80snmpd on "`date` >> $SNMP_CFG
		echo sysdescr        berofix VoIP Gateway >> $SNMP_CFG
		echo syslocation     $SNMP_SYSLOCATION >> $SNMP_CFG
		echo sysobjectid     .1.3.6.1.4.1.29886 >> $SNMP_CFG
		
		if [ "$SNMP_VERSION" = SNMPv2 ]; then
		
			SNMP_ROCOMMUNITY=$(${BEROCONF} get root snmp-community-ro | grep -v failed	)
			SNMP_RWCOMMUNITY=$(${BEROCONF} get root snmp-community-rw | grep -v failed	)
			SNMP_TRAP_COMMUNITY=$(${BEROCONF} get root snmp-community-rw | grep -v failed	)
			
			[[ -z "$SNMP_ROCOMMUNITY" ]] && SNMP_ROCOMMUNITY=public
			[[ -z "$SNMP_RWCOMMUNITY" ]] && SNMP_RWCOMMUNITY=private
			[[ -z "$SNMP_TRAPCOMMUNITY" ]] && SNMP_TRAPCOMMUNITY=private

			echo >> $SNMP_CFG
			echo >> $SNMP_CFG
			echo >> $SNMP_CFG
			echo rocommunity $SNMP_ROCOMMUNITY >> $SNMP_CFG
			echo rwcommunity $SNMP_RWCOMMUNITY >> $SNMP_CFG
			echo trapcommunity $SNMP_TRAPCOMMUNITY >> $SNMP_CFG
		else
				
			SNMP_USER=$(${BEROCONF} get root snmp-ro-user | grep -v failed	)
			SNMP_SYSLOCATION=$(${BEROCONF} get root snmp-version | grep -v failed )

			SNMP_SECURITY_LEVEL=$(${BEROCONF} get root snmp-security-level | grep -v failed )
			if [ "$SNMP_SECURITY_LEVEL" = "NoAuthNoPriv" ]; then
				:
			elif [ "$SNMP_SECURITY_LEVEL" = "AuthNoPriv" ]; then
				:
			else
				SNMPUSER_SECURITY_MODE="AuthPriv"
			fi

			SNMPUSER_AUTHENTICATION_MODE=$(${BEROCONF} get root snmp-auth-method | grep -v failed )
			if [ "$SNMPUSER_AUTHENTICATION_MODE" != "SHA" ]; then
				SNMPUSER_AUTHENTICATION_MODE=MD5
			fi
			
			SNMPUSER_ENCRYPTION_MODE=$(${BEROCONF} get root snmp-encrypt-method | grep -v failed )
			if [ "$SNMPUSER_ENCRYPTION_MODE" != "DES" ]; then
				SNMPUSER_ENCRYPTION_MODE=AES
			fi
			
			SNMP_SECURITY_LEVEL=$(${BEROCONF} get root snmp-security-level | grep -v failed )
			SNMP_PASSWORD_AUTHENTICATION=$(${BEROCONF} get root snmp-ro-auth-password | grep -v failed )
			SNMP_PASSWORD_ENCRYPTION=$(${BEROCONF} get root snmp-ro-encrypt-password | grep -v failed )
			[ -z $SNMP_SECURITY_LEVEL ] && SNMP_SECURITY_LEVEL=AuthPriv
			[ -z $SNMP_USER ] && SNMP_USER=ANONYMOUS
			
			
			if [ "$SNMP_VERSION" = SNMPv3_usm ]; then
			
				echo >> $SNMP_CFG
				echo >> $SNMP_CFG
				echo >> $SNMP_CFG
	
				echo createUser $SNMP_USER $SNMPUSER_AUTHENTICATION_MODE \"$SNMP_PASSWORD_AUTHENTICATION\" $SNMPUSER_ENCRYPTION_MODE \"$SNMP_PASSWORD_ENCRYPTION\" >> $SNMP_CFG
				echo rouser $SNMP_USER $SNMP_SECURITY_LEVEL >> $SNMP_CFG
			
			elif [ "$SNMP_VERSION" = SNMPv3_tsm ]; then
				
				echo >> $SNMP_CFG
				echo >> $SNMP_CFG
				echo >> $SNMP_CFG
				
				SNMP_USER=adminuser
				SNMPUSER_SECURITY_MODE="NoAuthNoPriv"
				
				echo rouser -s tsm $SNMP_USER $SNMP_SECURITY_LEVEL >> $SNMP_CFG
				
				SNMP_CLIENT_=$(${BEROCONF} get root snmp-password | grep -v failed	)
				# server/agent fingerprint
				SNMP_SERVER_FINGERPRINT=`openssl x509 -fingerprint -in  /usr/conf/tls/certs/snmpd_agent.crt|grep Fingerprint|head -1|sed 's/.*=//'`
				
				echo [snmp] localCert $SNMP_SERVER_FINGERPRINT >> $SNMP_CFG
				SNMP_MANAGER_FINGERPRINT=`openssl x509 -fingerprint -in  /usr/conf/tls/certs/snmpd_manager.crt|grep Fingerprint|head -1|sed 's/.*=//'`
				
				# managerfingerprint
				echo certSecName 20 $SNMP_MANAGER_FINGERPRINT  --sn "$SNMP_USER" >> $SNMP_CFG
			else
				echo "# unknown version $SNMP_VERSION" >> $SNMP_CFG
			fi
		fi
}

case "${1}" in
	start)
		SNMP_ACT=$(${BEROCONF} get root snmp-enabled | grep -v failed)
		if [ "${SNMP_ACT}" != "1" ]; then
			echo "${PREFIX} snmpd disabled in root.db, leaving."
			exit 1
		fi
		snmp_write_config
		
		SNMP_SRV=$(${BEROCONF} get root snmpserver_enabled | grep -v failed)
		if [ "${SNMP_SRV}" != "1" ]; then
			echo "${PREFIX} snmpd server disabled in root.db, leaving."
			exit 1
		fi
		
		echo -n "${PREFIX} Starting snmpd: "
		export SNMPCONFPATH=/usr/conf

		if [ "$SNMP_VERSION" = SNMPv3_tsm ]; then
			${SNMP_BIN} ${SNMP_OPT} tlstcp:0.0.0.0:10161 &
		else
			${SNMP_BIN} ${SNMP_OPT} &
		fi
		pid_val=${!}
		echo ${pid_val} > ${SNMP_PID}
		echo "Done."
	;;
	stop)
		echo -n "${PREFIX} Stopping snmpd: "
		if [ -f ${SNMP_PID} ]; then
			kill $(cat ${SNMP_PID}) 2> /dev/null
			rm -f ${SNMP_PID}
			sleep 1
		fi
		killall -9 snmpd 2> /dev/null
		echo "Done."
	;;
	restart)
		${0} stop
		${0} start
	;;
	*)
		echo "${PREFIX} Usage: ${0} [start|stop|restart]" >&2
		exit 1
esac

