ports/112766: snmpd rc script $snmpd_conffile does not handle multiple cfg files

Fri May 18 18:10:05 UTC 2007

>Number:         112766
>Category:       ports
>Synopsis:       snmpd rc script $snmpd_conffile does not handle multiple cfg files
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 18 18:10:04 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Royce Williams
>Release:        6.2-RELEASE-p4
>Organization:
>Environment:
FreeBSD beaver.prv.nwc.acsalaska.net 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007   root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP  i386
>Description:
After the change on 2006-09-23 adding support for snmpd_conffile:

http://www.freshports.org/commit.php?category=net-mgmt&port=net-snmp&files=yes&message_id=200609231131.k8NBV94x051193@repoman.freebsd.org

.. handling of multiple snmpd.conf files is not possible using the 
$snmpd_conffile variable.

The rc script assumes that there is only one file specified by -c:

        if [ ! -z "${snmpd_conffile}" -a -f ${snmpd_conffile} ]; then

.. but snmpd supports specifying multiple configuration files:

>From the snmpd man page:

 -c FILE Read FILE as a configuration file (or a comma-separated list of
         configuration  files).   Note  that  the  loaded file will only
         understand snmpd.conf tokens, unless the configuration type  is
         specified  in the file as described in the snmp_config man page
         under SWITCHING CONFIGURATION TYPES IN MID-FILE.


>How-To-Repeat:
1. In /etc/rc.conf, add this line:

snmpd_conffile='/usr/local/etc/snmp/snmpd.conf,/usr/local/etc/snmp/snmpd.conf.local'

2. Stop and start snmpd:

/usr/local/etc/rc.d/snmpd stop
/usr/local/etc/rc.d/snmpd start

3. Check the log:

[root at beaver /usr/local/etc/snmp]# tail /var/log/snmpd.log
Warning: no access control information configured.
  It's unlikely this agent can serve any useful purpose in this state.
  Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for this agent.
NET-SNMP version 5.3.1

>Fix:

1) Revert to handling -c in $snmpd_flags, or

2) Parse $snmp_conffile to verify the existence of all included files.  

#2 is preferable, but it's tricky.  '-c' expects the files to be separated by commas, but most rc parsing appears to expect tokens to be separated by spaces.  

A good compromise: separate them by spaces in /etc/rc.conf:

snmpd_conffile='/usr/local/etc/snmp/snmpd.conf /usr/local/etc/snmp/snmpd.conf.local'

and then assembling the -c parameter in the rc script.  This patch has been tested with a single snmpd.conf value and two values.

--- snmpd       Wed Apr 18 10:51:57 2007
+++ snmpd.new   Fri May 18 09:48:18 2007
@@ -52,15 +52,26 @@
        ;;
 esac

+for conffile in ${snmpd_conffile}; do
+       if [ ! -z ${conffile} -a -f ${conffile} ]; then
+               if [ -z ${snmpd_conffile_set} ]; then
+                       snmpd_conffile_set="${conffile}"
+               else
+                       snmpd_conffile_set="${snmpd_conffile_set},${conffile}"
+               fi
+       else
+               echo "snmpd configuration file $conffile not set or not found."
+               exit 1
+       fi
+done
+
 case "${snmpd_flags}" in
 *-c\ *)
        echo "Warning: \$snmpd_flags includes -c option." \
                "Please use \$snmpd_conffile instead."
        ;;
 *)
-       if [ ! -z "${snmpd_conffile}" -a -f ${snmpd_conffile} ]; then
-               snmpd_flags="-c ${snmpd_conffile} ${snmpd_flags}"
-       fi
+       snmpd_flags="-c ${snmpd_conffile_set} ${snmpd_flags}"
        ;;
 esac




>Release-Note:
>Audit-Trail:
>Unformatted:

