aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2014-11-19 01:49:13 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2014-11-19 02:03:58 +0200
commit57a7d63793de517493499e748ce5d5d82def8a57 (patch)
tree35dbead6db811eecc03c0578e8aa3e2ed777b824
parentf0671d1bc19592e5b659959920b51e3da05de79f (diff)
downloadvarnish-mib-57a7d63793de517493499e748ce5d5d82def8a57.tar.gz
varnish-mib-57a7d63793de517493499e748ce5d5d82def8a57.tar.bz2
New rw snmp variable clientBan allows to set bans via snmp
* src/varnish_mib.mib2c: Add support for rw variables. * src/Makefile.am (varnish_mib_la_SOURCES): Add new files. * src/VARNISH-MIB.txt (clientBan): New OID. * src/auth.c: New file. * src/ban.c: New file. * src/sha256.c: New file. * src/sha256.h: New file. * src/varnish_mib.h: New file. * src/vcli.c: New file.
-rw-r--r--src/Makefile.am8
-rw-r--r--src/VARNISH-MIB.txt9
-rw-r--r--src/auth.c63
-rw-r--r--src/ban.c62
-rw-r--r--src/sha256.c570
-rw-r--r--src/sha256.h91
-rw-r--r--src/varnish_mib.h52
-rw-r--r--src/varnish_mib.mib2c173
-rw-r--r--src/vcli.c499
9 files changed, 1481 insertions, 46 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 4efd22c..439cdb3 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -18,7 +18,13 @@ dlmoddir=@DLMODDIR@
18dlmod_LTLIBRARIES = varnish-mib.la 18dlmod_LTLIBRARIES = varnish-mib.la
19 19
20varnish_mib_la_SOURCES = \ 20varnish_mib_la_SOURCES = \
21 varnish_mib.c 21 auth.c\
22 ban.c\
23 sha256.c\
24 sha256.h\
25 varnish_mib.c\
26 varnish_mib.h\
27 vcli.c
22 28
23BUILT_SOURCES = \ 29BUILT_SOURCES = \
24 varnish_mib.c 30 varnish_mib.c
diff --git a/src/VARNISH-MIB.txt b/src/VARNISH-MIB.txt
index 0ec5dac..01def5c 100644
--- a/src/VARNISH-MIB.txt
+++ b/src/VARNISH-MIB.txt
@@ -70,6 +70,14 @@ clientCacheMisses OBJECT-TYPE
70 "Cache misses" 70 "Cache misses"
71 ::= { client 5 } 71 ::= { client 5 }
72 72
73clientBan OBJECT-TYPE
74 SYNTAX OCTET STRING (SIZE(0..1024))
75 MAX-ACCESS read-write
76 STATUS current
77 DESCRIPTION
78 "FIXME"
79 ::= { client 6 }
80
73connections OBJECT IDENTIFIER ::= { backend 1 } 81connections OBJECT IDENTIFIER ::= { backend 1 }
74 82
75backendConnSuccess OBJECT-TYPE 83backendConnSuccess OBJECT-TYPE
@@ -201,6 +209,7 @@ varnishGroup OBJECT-GROUP
201 clientCacheHits, 209 clientCacheHits,
202 clientCacheHitsPass, 210 clientCacheHitsPass,
203 clientCacheMisses, 211 clientCacheMisses,
212 clientBan,
204 backendConnSuccess, 213 backendConnSuccess,
205 backendConnNotAttempted, 214 backendConnNotAttempted,
206 backendConnToMany, 215 backendConnToMany,
diff --git a/src/auth.c b/src/auth.c
new file mode 100644
index 0000000..9ef90ac
--- /dev/null
+++ b/src/auth.c
@@ -0,0 +1,63 @@
1/* This file is part of varnish-mib -*- c -*-
2 Copyright (C) 2014 Sergey Poznyakoff
3
4 Varnish-mib is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 3, or (at your option)
7 any later version.
8
9 Varnish-mib is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with varnish-mib. If not, see <http://www.gnu.org/licenses/>.
16*/
17
18#include "varnish_mib.h"
19#include "sha256.h"
20#include <unistd.h>
21#include <fcntl.h>
22#include <assert.h>
23#include <errno.h>
24
25void
26varnish_auth_response_fd(int fd, const char *challenge,
27 char response[CLI_AUTH_RESPONSE_LEN + 1])
28{
29 struct sha256_ctx ctx;
30 uint8_t buf[BUFSIZ];
31 int i;
32
33 assert(CLI_AUTH_RESPONSE_LEN == (SHA256_DIGEST_SIZE * 2));
34
35 sha256_init_ctx(&ctx);
36 sha256_process_bytes(challenge, 32, &ctx);
37 sha256_process_bytes("\n", 1, &ctx);
38 do {
39 i = read(fd, buf, sizeof buf);
40 if (i > 0)
41 sha256_process_bytes(buf, i, &ctx);
42 } while (i > 0);
43 sha256_process_bytes(challenge, 32, &ctx);
44 sha256_process_bytes("\n", 1, &ctx);
45 sha256_finish_ctx(&ctx, buf);
46 for (i = 0; i < SHA256_DIGEST_SIZE; i++)
47 sprintf(response + 2 * i, "%02x", buf[i]);
48}
49
50int
51varnish_auth_response(const char *file, const char *challenge,
52 char response[CLI_AUTH_RESPONSE_LEN + 1])
53{
54 int fd = open(file, O_RDONLY);
55 if (fd == -1) {
56 snmp_log(LOG_ERR, "can't open secret file %s: %s\n",
57 file, strerror(errno));
58 return -1;
59 }
60 varnish_auth_response_fd(fd, challenge, response);
61 close(fd);
62 return 0;
63}
diff --git a/src/ban.c b/src/ban.c
new file mode 100644
index 0000000..a091e37
--- /dev/null
+++ b/src/ban.c
@@ -0,0 +1,62 @@
1/* This file is part of varnish-mib -*- c -*-
2 Copyright (C) 2014 Sergey Poznyakoff
3
4 Varnish-mib is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 3, or (at your option)
7 any later version.
8
9 Varnish-mib is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with varnish-mib. If not, see <http://www.gnu.org/licenses/>.
16*/
17
18#include "varnish_mib.h"
19
20static int
21send_ban_cmd(vcli_conn_t *conn, const char *expr)
22{
23 if (vcli_asprintf(conn, "ban %s\n", expr) || vcli_write(conn))
24 return 1;
25
26 if (vcli_read_response(conn))
27 return 1;
28
29 if (conn->resp != CLIS_OK) {
30 snmp_log(LOG_ERR, "command rejected: %u %s\n",
31 conn->resp, conn->base);
32 return 1;
33 }
34 return 0;
35}
36
37int
38varnish_ban(netsnmp_agent_request_info *reqinfo,
39 netsnmp_request_info *requests,
40 struct VSM_data *vd)
41{
42 int rc;
43 struct vcli_conn conn;
44 size_t len = requests->requestvb->val_len;
45 char *expr = malloc(len + 1);
46
47 if (!expr) {
48 snmp_log(LOG_ERR, "out of memory\n");
49 return SNMP_ERR_GENERR;
50 }
51 memcpy(expr, requests->requestvb->val.string, len);
52 expr[len] = 0;
53 DEBUGMSGTL(("vcli_mib", "ban %s\n", expr));
54 rc = vcli_connect(vd, &conn);
55 if (rc == SNMP_ERR_NOERROR) {
56 rc = send_ban_cmd(&conn, expr);
57 vcli_disconnect(&conn);
58 }
59 free(expr);
60 return rc ? SNMP_ERR_GENERR : SNMP_ERR_NOERROR;
61}
62
diff --git a/src/sha256.c b/src/sha256.c
new file mode 100644
index 0000000..bcb5f74
--- /dev/null
+++ b/src/sha256.c
@@ -0,0 +1,570 @@
1/* sha256.c - Functions to compute SHA256 and SHA224 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-2.
3
4 Copyright (C) 2005-2006, 2008-2013 Free Software Foundation, Inc.
5
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19/* Written by David Madore, considerably copypasting from
20 Scott G. Miller's sha1.c
21*/
22
23#include <config.h>
24
25#include "sha256.h"
26
27#include <stddef.h>
28#include <stdint.h>
29#include <stdlib.h>
30#include <string.h>
31
32#if USE_UNLOCKED_IO
33# include "unlocked-io.h"
34#endif
35
36#ifdef WORDS_BIGENDIAN
37# define SWAP(n) (n)
38#else
39# define SWAP(n) \
40 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
41#endif
42
43#define BLOCKSIZE 32768
44#if BLOCKSIZE % 64 != 0
45# error "invalid BLOCKSIZE"
46#endif
47
48/* This array contains the bytes used to pad the buffer to the next