#! /bin/sh
# vim: ts=4 sw=4
###########################################################################
# /usr/sbin/update_snmpd $1 $2 $3 $4 $5 $6 $7
# inputs:
# 	$1, whether use version 1 (1 is yes, 0 is no)
# 	$2, whether use version 2c (1 is yes, 0 is no)
# 	$3, whether version 3 (1 is yes, 0 is no)
# 	$4, read community string
# 	$5, write community string
# 	$6, security name, if version 3 is enabled, this value is effective.
# 	$7, authentication protocol pass phrase, if version 3 is enabled, this 
#			  value is effective.(our default authentication protocol is MD5, and
#			  default security level is authNoPriv)
# return: 
# 	always 0
###########################################################################

### Global variable ###
SNMP_ENABLED=no
V1=no
V2c=no
V3=no
username=
authpassphrase=
ReadCommunity=
WriteCommunity=

if [ $1 -eq 1 ]; then
	SNMP_ENABLED=yes
	V1=yes
fi
if [ $2 -eq 1 ]; then
	SNMP_ENABLED=yes
	V2c=yes
fi
if [ $3 -eq 1 ]; then
	SNMP_ENABLED=yes
	V3=yes
	username=$6
	authpassphrase=$7
fi

ReadCommunity=$4
WriteCommunity=$5

###############################################################################
# Next, The shell script will produces $OUTPUT_CONF file for snmpd daemon     #
###############################################################################
OUTPUT_DIR=/var
OUTPUT_CONF=$OUTPUT_DIR/snmpd.conf
NAME=snmpd
DAEMON=/usr/sbin/$NAME
DESC=$NAME
PIDFILE=/var/run/snmpd.pid

#### First, kill snmpd #####
if [ -f $PIDFILE ]; then
	pid=`cat $PIDFILE`
	kill -9 $pid
fi
############################

if [ "$SNMP_ENABLED" = yes ]; then
	if [ ! -d $OUTPUT_DIR ]; then
		mkdir $OUTPUT_DIR
	fi
	echo "####" > $OUTPUT_CONF
#	echo "syslocation \"\"" >> $OUTPUT_CONF
#	echo "syscontact \"\"" >> $OUTPUT_CONF
#	echo "sysname \"\"" >> $OUTPUT_CONF
	echo "sysDescr ACM8511; PTZ Camera; AID-220-V3.12.01-AC;" >> $OUTPUT_CONF
	echo "sysObjectID .1.3.6.1.4.1.384" >> $OUTPUT_CONF
	echo "# First, map the community name (COMMUNITY) into a security name" >> $OUTPUT_CONF
	echo "# (local and mynetwork, depending on where the request is coming" >> $OUTPUT_CONF
	echo "# from):"  >> $OUTPUT_CONF
	echo "#       sec.name  source          community" >> $OUTPUT_CONF
	
	#	echo "com2sec ronet 172.16.3.0/24      public" >> $OUTPUT_CONF
	echo "com2sec ronet default      $ReadCommunity" >> $OUTPUT_CONF
	echo "com2sec rwnet	default			 $WriteCommunity" >> $OUTPUT_CONF
	
	echo "####" >> $OUTPUT_CONF
	echo "# Second, map the security names into group names:" >> $OUTPUT_CONF
	echo "#             	sec.model  sec.name" >> $OUTPUT_CONF
	
	if [ "$V1" = yes ]; then
		echo "group MyRWGroup	v1         rwnet" >> $OUTPUT_CONF
		echo "group MyROGroup v1         ronet" >> $OUTPUT_CONF
	fi
	if [ "$V2c" = yes ]; then
		echo "group MyRWGroup	v2c        rwnet" >> $OUTPUT_CONF
		echo "group MyROGroup v2c        ronet" >> $OUTPUT_CONF
	fi
	if [ "$V3" = yes ]; then
		echo "group MyRWGroup	usm        rwnet" >> $OUTPUT_CONF
		echo "group MyROGroup usm        ronet" >> $OUTPUT_CONF
	fi
	
	echo "####" >> $OUTPUT_CONF
	echo "# Third, create a view for us to let the groups have rights to:" >> $OUTPUT_CONF
	echo "#           incl/excl subtree                          mask" >> $OUTPUT_CONF
	
	echo "view all    included  .1                               80" >> $OUTPUT_CONF
	
	echo "####" >> $OUTPUT_CONF
	echo "# Finally, grant the 2 groups access to the 1 view with different" >> $OUTPUT_CONF
	echo "# write permissions:" >> $OUTPUT_CONF
	echo "#                context sec.model sec.level match  read   write  notif" >> $OUTPUT_CONF
	
	echo "access MyROGroup \"\"      any       noauth    exact  all    none   none" >> $OUTPUT_CONF
	echo "access MyRWGroup \"\"      any       noauth    exact  all    all    none" >> $OUTPUT_CONF

	echo "# -----------------------------------------------------------------------------" >> $OUTPUT_CONF

	if [ "$V3" = yes ] && [ "$username" ] && [ "$authpassphrase" ]; then
		echo "createUser $username	MD5	\"$authpassphrase\" DES" >> $OUTPUT_CONF
		echo "rouser $username" >> $OUTPUT_CONF
		echo "rwuser $username" >> $OUTPUT_CONF
	fi
	echo "trapsink 172.16.3.68 trapcommunity1" >> $OUTPUT_CONF
	echo "coldstart 1" >> $OUTPUT_CONF
	echo "warmstart 1" >> $OUTPUT_CONF
	echo "trap2sink 172.16.3.33 trapcommunity" >> $OUTPUT_CONF
#	echo "trapsess -v 3 -u $username -u $username -a MD5 -A \"$authpassphrase\" -l authNoPriv 172.16.3.33" >> $OUTPUT_CONF
#	echo "trapcommunity public" >> $OUTPUT_CONF
	echo "authtrapenable 1" >> $OUTPUT_CONF
#	echo "informsink 172.16.3.68" >> $OUTPUT_CONF
#	echo "linkUpDownNotifications yes" >> $OUTPUT_CONF	
#	echo "notificationEvent linkUpTrap linkUp ifIndex ifAdminStatus ifOperStatus" >> $OUTPUT_CONF
#	echo "monitor -r 60 -u Admin -o sysUpTime.0 -e linkUpTrap "GlinkUp" ifOperStatus != 2" >> $OUTPUT_CONF
	$DAEMON -Lo -C -p $PIDFILE -c $OUTPUT_CONF
fi
exit 0
