#!/bin/sh /etc/rc.common
# Copyright (C) 2008 OpenWrt.org
START=51

USE_PROCD=1
PROG="/usr/sbin/snmpd"

CONFIGFILE="/var/run/snmpd.conf"
PERSISTFILE="/usr/lib/snmp/snmpd.conf"

snmpd_agent_add() {
	local cfg="$1"

	config_get agentaddress "$cfg" agentaddress
	[ -n "$agentaddress" ] || return 0
	echo "agentaddress $agentaddress" >> $CONFIGFILE
}

snmpd_agentx_add() {
	local cfg="$1"
	echo "master agentx" >> $CONFIGFILE
	config_get agentxsocket "$cfg" agentxsocket
	[ -n "$agentxsocket" ] && echo "agentXSocket $agentxsocket" >> $CONFIGFILE
}

snmpd_v3_user_add() {
	local cfg="$1"
	config_get username "$cfg" username
	config_get security_level "$cfg" security_level			#(noAuthNoPriv|authNoPriv|authPriv)
	config_get auth_protocol "$cfg" auth_protocol
	config_get auth_password "$cfg" auth_password
	config_get priv_protocol "$cfg" priv_protocol
	config_get priv_password "$cfg" priv_password
	[ -n "$username" ] && echo "createUser $username $auth_protocol $auth_password $priv_protocol $priv_password" >> $PERSISTFILE
	# config_get allow_access "$cfg" allow_access
	# if [ "$security_level" == "noAuthNoPriv" ]; then
	# 	echo "$allow_access $username noauth" >> $CONFIGFILE
	# elif [ "$security_level" == "authNoPriv" ]; then
	# 	echo "$allow_access $username auth" >> $CONFIGFILE
	# elif [ "$security_level" == "authPriv" ]; then
	# 	echo "$allow_access $username priv" >> $CONFIGFILE
	# fi	
	#option trapsess	'-v 3 -e 0x80001f88808c18d3f7b0000 -u trapuser -a MD5 -A administrator -l authPriv -x DES -X rootpasswd 
	# config_get trap_enabled "$cfg" trap_enabled
	# [ "$trap_enabled" -eq 0 ] && return 0
	# config_get host "$cfg" host
	# echo "iquerySecName $username" >> $CONFIGFILE
	# if [ "$security_level" == "noAuthNoPriv" ]; then
	# 	echo "trapsess -Ci -v3 -u $username -l $security_level $host" >> $CONFIGFILE
	# elif [ "$security_level" == "authNoPriv" ]; then
	# 	echo "trapsess -Ci -v3 -u $username -l $security_level -a $auth_protocol -A $auth_password $host" >> $CONFIGFILE
	# elif [ "$security_level" == "authPriv" ]; then
	# 	echo "trapsess -Ci -v3 -u $username -l $security_level -a $auth_protocol -A $auth_password -x $priv_protocol -X $priv_password $host" >> $CONFIGFILE
	# fi
}

snmpd_system_add() {
	local cfg="$1"
	# config_get syslocation "$cfg" sysLocation
	# [ -n "$syslocation" ] && echo "sysLocation $syslocation" >> $CONFIGFILE
	# config_get syscontact "$cfg" sysContact
	# [ -n "$syscontact" ] && echo "sysContact $syscontact" >> $CONFIGFILE
	# config_get sysname "$cfg" sysName
	# [ -n "$sysname" ] && echo "sysName $sysname" >> $CONFIGFILE
	# config_get sysservice "$cfg" sysService
	# [ -n "$sysservice" ] && echo "sysService $sysservice" >> $CONFIGFILE
	# config_get sysdescr "$cfg" sysDescr
	# [ -n "$sysdescr" ] && echo "sysDescr $sysdescr" >> $CONFIGFILE
	config_get sysobjectid "$cfg" sysObjectID
	[ -n "$sysobjectid" ] && echo "sysObjectID $sysobjectid" >> $CONFIGFILE
}

snmpd_com2sec_add() {
	local cfg="$1"
	config_get secname "$cfg" secname
	[ -n "$secname" ] || return 0
	config_get source "$cfg" source
	[ -n "$source" ] || return 0
	config_get community "$cfg" community
	[ -n "$community" ] || return 0
	echo "com2sec $secname $source $community" >> $CONFIGFILE
}

snmpd_com2sec6_add() {
	local cfg="$1"
	config_get secname "$cfg" secname
	[ -n "$secname" ] || return 0
	config_get source "$cfg" source
	[ -n "$source" ] || return 0
	config_get community "$cfg" community
	[ -n "$community" ] || return 0
	echo "com2sec6 $secname $source $community" >> $CONFIGFILE
}

snmpd_group_add() {
	local cfg="$1"
	config_get group "$cfg" group
	[ -n "$group" ] || return 0
	config_get version "$cfg" version
	[ -n "$version" ] || return 0
	config_get secname "$cfg" secname
	[ -n "$secname" ] || return 0
	echo "group $group $version $secname" >> $CONFIGFILE
}

snmpd_view_add() {
	local cfg="$1"
	config_get viewname "$cfg" viewname
	[ -n "$viewname" ] || return 0
	config_get type "$cfg" type
	[ -n "$type" ] || return 0
	config_get oid "$cfg" oid
	[ -n "$oid" ] || return 0
	# optional mask
	config_get mask "$cfg" mask
	echo "view $viewname $type $oid $mask" >> $CONFIGFILE
}

snmpd_access_add() {
	local cfg="$1"
	config_get group "$cfg" group
	[ -n "$group" ] || return 0
	config_get context "$cfg" context
	[ -n $context ] || return 0
	[ "$context" == "none" ] && context='""'
	config_get version "$cfg" version
	[ -n "$version" ] || return 0
	config_get level "$cfg" level
	[ -n "$level" ] || return 0
	config_get prefix "$cfg" prefix
	[ -n "$prefix" ] || return 0
	config_get read "$cfg" read
	[ -z "$read" ] && read="none"
	config_get write "$cfg" write
	[ -z "$write" ] && write="none"
	config_get notify "$cfg" notify
	[ -z "$notify" ] && notify="none"
	echo "access $group $context $version $level $prefix $read $write $notify" >> $CONFIGFILE
}
snmpd_process_monitoring() {
	local cfg="$1"
	config_get name "$cfg" name
	config_get max "$cfg" max
	config_get min "$cfg" min
	[ -n "$name" ] && echo "proc $name $max $min" >> $CONFIGFILE
	config_get enable "$cfg" enable
	#echo "enable=$enable"
	[ "$enable" -eq 1 ] || return 0
	config_get prog "$cfg" prog
	config_get args "$cfg" args
	echo "procfix $name $prog $args" >> $CONFIGFILE 
}
snmpd_trap_hostname_add() {
	local cfg="$1"
	config_get hostname "$cfg" HostName
	config_get port "$cfg" Port
	config_get community "$cfg" Community
	config_get type "$cfg" Type
	echo "$type $hostname $community $port" >> $CONFIGFILE
}

snmpd_trap_ip_add() {
	local cfg="$1"
	config_get host_ip "$cfg" HostIP
	config_get port "$cfg" Port
	config_get community "$cfg" Community
	config_get type "$cfg" Type
	echo "$type $host_ip $community $port" >> $CONFIGFILE
}

snmpd_access_default_add() {
	local cfg="$1"
	config_get mode "$cfg" Mode
	config_get community "$cfg" CommunityName
	config_get oidrestrict "$cfg" RestrictOID
	config_get oid "$cfg" RestrictedOID
	echo -n "$mode $community default" >> $CONFIGFILE
	[ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE
	[ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE
}

snmpd_access_HostName_add() {
	local cfg="$1"
	config_get hostname "$cfg" HostName
	config_get mode "$cfg" Mode
	config_get community "$cfg" CommunityName
	config_get oidrestrict "$cfg" RestrictOID
	config_get oid "$cfg" RestrictedOID
	echo -n "$mode $community $hostname" >> $CONFIGFILE
	[ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE
	[ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE
}

snmpd_access_HostIP_add() {
	local cfg="$1"
	config_get host_ip "$cfg" HostIP
	config_get ip_mask "$cfg" IPMask
	config_get mode "$cfg" Mode
	config_get community "$cfg" CommunityName
	config_get oidrestrict "$cfg" RestrictOID
	config_get oid "$cfg" RestrictedOID
	echo -n "$mode $community $host_ip/$ip_mask" >> $CONFIGFILE
	[ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE
	[ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE
}

snmpd_pass_add() {
	local cfg="$1"
	local pass='pass'

	config_get miboid "$cfg" miboid
	[ -n "$miboid" ] || return 0
	config_get prog "$cfg" prog
	[ -n "$prog" ] || return 0
	config_get_bool persist "$cfg" persist 0
	[ $persist -ne 0 ] && pass='pass_persist'
	config_get priority "$cfg" priority
	priority=${priority:+-p $priority}
	echo "$pass $priority $miboid $prog" >> $CONFIGFILE
}

snmpd_exec_add() {
	local cfg="$1"

	config_get name "$cfg" name
	[ -n "$name" ] || return 0
	config_get prog "$cfg" prog
	[ -n "$prog" ] || return 0
	config_get args "$cfg" args
	config_get miboid "$cfg" miboid
	echo "exec $miboid $name $prog $args" >> $CONFIGFILE
}

snmpd_extend_add() {
	local cfg="$1"

	config_get name "$cfg" name
	[ -n "$name" ] || return 0
	config_get prog "$cfg" prog
	[ -n "$prog" ] || return 0
	config_get args "$cfg" args
	config_get miboid "$cfg" miboid
	echo "extend $miboid $name $prog $args" >> $CONFIGFILE
}

snmpd_disk_add() {
	local cfg="$1"
	local disk='disk'

	config_get partition "$cfg" partition
	[ -n "$partition" ] || return 0
	config_get size "$cfg" size
	[ -n "$size" ] || return 0
	echo "$disk $partition $size" >> $CONFIGFILE
}
add_alldisk() {
	local cfg="$1"

	config_get enable "$cfg" enable
	[ "$enable" -eq 0 ] && return 0
	config_get threshold "$cfg" threshold
	echo "includeAllDisks $threshold" >> $CONFIGFILE
}
snmpd_file_add() {
	local cfg="$1"
	local file='file'

	config_get file_name "$cfg" file_name
	config_get maxsize "$cfg" maxsize
	echo "$file $file_name $maxsize" >> $CONFIGFILE
}
add_load() {
	local cfg="$1"
	local _loctmp
	config_get_bool _loctmp "$cfg" enable
	if [ "$_loctmp" -eq 1 ]; then
		config_get max1 "$cfg" max1
		config_get max5 "$cfg" max5
		config_get max15 "$cfg" max15
		echo "load $max1 $max5 $max15" >> $CONFIGFILE
	fi
	config_get threshold "$cfg" threshold
	[ -n "$threshold" ] && echo "swap $threshold" >> $CONFIGFILE	
}

snmpd_engineid_add() {
	local cfg="$1"

	config_get id_enabled "$cfg" id_enabled
	[ "$id_enabled" -eq 0 ] && return
	config_get engineid "$cfg" engineid
	[ -n "$engineid" ] && echo "engineID $engineid" >> $CONFIGFILE
	config_get engineidtype "$cfg" engineidtype
	[ "$engineidtype" -ge 1 -a "$engineidtype" -le 3 ] && \
	echo "engineIDType $engineidtype" >> $CONFIGFILE
	config_get engineidnic "$cfg" engineidnic
	[ -n "$engineidnic" ] && echo "engineIDNic $engineidnic" >> $CONFIGFILE
}
add_internal(){
	local section="$1"
	local param1="$2"
	local param2="$3"
	local val1
	local val2
	config_get val1 "$section" "$param1"
	config_get val2 "$section" "$param2"
	if [ "$val1" == "1" -o "$val2" == "1" ]; then 
		echo "createUser _internal" >> $PERSISTFILE
		echo "rouser _internal" >> $CONFIGFILE
		echo "iquerySecName _internal" >> $CONFIGFILE
	fi
}
snmpd_sink_add() {
	local cfg="$1"
	#local section="$2"
	local community
	local port
	local host
	config_get version "$cfg" version
	config_get host "$cfg" host
	if [ "$version" == "v1" ]; then
		section="trapsink"
	elif [ "$version" == "v2c" ]; then
		config_get type "$cfg" type
		[ "$type" == "trap" ] && section="trap2sink"
		[ "$type" == "inform" ] && section="informsink"
	elif [ "$version" == "v3" ]; then
		section="trapsess"
		config_get type "$cfg" type
		config_get username "$cfg" username
		config_get security_level "$cfg" security_level			#(noAuthNoPriv|authNoPriv|authPriv)
		config_get auth_protocol "$cfg" auth_protocol
		config_get auth_password "$cfg" auth_password
		config_get priv_protocol "$cfg" priv_protocol
		config_get priv_password "$cfg" priv_password
		echo "createUser $username $auth_protocol $auth_password $priv_protocol $priv_password" >> $PERSISTFILE
		if [ "$security_level" == "noAuthNoPriv" ]; then
			[ "$type" == "trap" ] && echo "$section -v3 -u $username -l $security_level $host" >> $CONFIGFILE
			[ "$type" == "inform" ] && echo "$section -Ci -v3 -u $username -l $security_level $host" >> $CONFIGFILE
		elif [ "$security_level" == "authNoPriv" ]; then
			[ "$type" == "trap" ] && echo "$section -v3 -u $username -l $security_level -a $auth_protocol -A $auth_password $host" >> $CONFIGFILE
			[ "$type" == "inform" ] && echo "$section -Ci -v3 -u $username -l $security_level -a $auth_protocol -A $auth_password $host" >> $CONFIGFILE
		elif [ "$security_level" == "authPriv" ]; then
			[ "$type" == "trap" ] && echo "$section -v3 -u $username -l $security_level -a $auth_protocol -A $auth_password -x $priv_protocol -X $priv_password $host" >> $CONFIGFILE
			[ "$type" == "inform" ] && echo "$section -Ci -v3 -u $username -l $security_level -a $auth_protocol -A $auth_password -x $priv_protocol -X $priv_password $host" >> $CONFIGFILE
		fi
		return 0
	fi
	[ -n "section" -a -n "$host" ] || return 0
	# optional community
	config_get community "$cfg" community
	# optional port
	config_get port "$cfg" port
	port=${port:+:$port}
	echo "$section $host$port $community" >> $CONFIGFILE
}
add_notification(){
	local section="$1"
	local option="$2"
	local switch="$3"
	local _loctmp
	config_get_bool _loctmp "$section" "$option"
	if [ "$_loctmp" -eq 1 ]; then
		echo "$switch yes" >> $CONFIGFILE
	else
		echo "$switch no" >> $CONFIGFILE
	fi
}

append_parm() {
	local section="$1"
	local option="$2"
	local switch="$3"
	local _loctmp
	config_get _loctmp "$section" "$option"
	[ -z "$_loctmp" ] && return 0
	echo "$switch $_loctmp" >> $CONFIGFILE
}

append_authtrapenable() {
	local section="$1"
	local option="$2"
	local switch="$3"
	local _loctmp
	config_get_bool _loctmp "$section" "$option"
	[ -z "$_loctmp" ] && return 0
	[ "$_loctmp" -gt 0 ] && echo "$switch $_loctmp" >> $CONFIGFILE
}

snmpd_setup_fw_rules() {
	local net="$1"
	local zone

	zone=$(fw3 -q network "$net" 2>/dev/null)

	local handled_zone
	for handled_zone in $HANDLED_SNMP_ZONES; do
		[ "$handled_zone" = "$zone" ] && return
	done

	json_add_object ""
	json_add_string type rule
	json_add_string src "$zone"
	json_add_string proto udp
	json_add_string dest_port 161
	json_add_string target ACCEPT
	json_close_object

	HANDLED_SNMP_ZONES="$HANDLED_SNMP_ZONES $zone"
}

start_service() {
	[ -f "$CONFIGFILE" ] && rm -f "$CONFIGFILE"

	config_load snmpd

	config_get_bool snmp_enabled general enabled 1
	[ "$snmp_enabled" -eq 0 ] && return

	procd_open_instance
	## AGENT BEHAVIOUR ##
	config_foreach snmpd_agent_add agent
	#config_foreach snmpd_agentx_add agentx
	
	## SYSTEM CONFIGURATION ##
	config_foreach snmpd_system_add system

	## VACM TABLE CONFIGURATION ##
	config_foreach snmpd_com2sec_add com2sec
	#config_foreach snmpd_com2sec6_add com2sec6
	config_foreach snmpd_group_add group
	config_foreach snmpd_access_add access
	config_foreach snmpd_view_add view
	
	## SNMP V3 Settings ##
	config_foreach snmpd_engineid_add engineid
	config_foreach snmpd_v3_user_add snmpd_v3_user
	
	## SNMP GENERAL SETTINGS ##
	#config_foreach snmpd_trap_hostname_add trap_HostName
	#config_foreach snmpd_trap_ip_add trap_HostIP
	#config_foreach snmpd_access_default_add access_default
	#config_foreach snmpd_access_HostName_add access_HostName
	#config_foreach snmpd_access_HostIP_add access_HostIP
	
	## MONITORING CONFIGURATION DIRECTIVES ##
	config_foreach snmpd_process_monitoring process_monitoring
	config_foreach snmpd_disk_add disk_monitoring
	add_alldisk includeAllDisks
	add_load load_monitoring
	config_foreach snmpd_file_add file_monitoring
	
	## Arbitrary Extension Commands ##
	#config_foreach snmpd_pass_add pass
	#config_foreach snmpd_exec_add exec
	#config_foreach snmpd_extend_add extend

	## TRAP CONFIGURATIONS ##
	config_foreach snmpd_sink_add trapaccess	#trapsink trapsink
	#config_foreach snmpd_sink_add trap2sink trap2sink
	#config_foreach snmpd_sink_add informsink informsink
	#append_parm trapcommunity community trapcommunity
	#append_parm v1trapaddress host v1trapaddress
	#append_parm trapsess trapsess trapsess

	## EVENT AND MONITORING ##
	append_authtrapenable authtrapenable enable authtrapenable
	add_notification v3_traps defaultMonitors defaultMonitors
	add_notification v3_traps linkUpDownNotifications linkUpDownNotifications
	add_internal v3_traps defaultMonitors linkUpDownNotifications

	## SNMPD COMMAND ARGUMENTS ##
	procd_set_param command $PROG -Lf /dev/null -f
	procd_set_param file $CONFIGFILE
	procd_set_param respawn

	for iface in $(ls /sys/class/net 2>/dev/null); do
		procd_append_param netdev "$iface"
	done

	procd_open_data

	json_add_array firewall
	config_list_foreach general network snmpd_setup_fw_rules
	json_close_array

	procd_close_data

	procd_close_instance
}

stop_service() {
	[ -f "$CONFIGFILE" ] && rm -f "$CONFIGFILE"
	procd_set_config_changed firewall
}
service_triggers(){
	local script=$(readlink "$initscript")
	local name=$(basename ${script:-$initscript})
	#procd_open_trigger
	#procd_add_raw_trigger "interface.*" 2000 /etc/init.d/$name reload
	#procd_close_trigger

	customaction="restart" procd_add_reload_trigger 'snmpd'
}

service_started() {
	procd_set_config_changed firewall
}