New rw snmp variable clientBan allows to set bans via snmp

* src/varnish_mib.mib2c: Add support for rw variables.
* src/Makefile.am (varnish_mib_la_SOURCES): Add new files.
* src/VARNISH-MIB.txt (clientBan): New OID.
* src/auth.c: New file.
* src/ban.c: New file.
* src/sha256.c: New file.
* src/sha256.h: New file.
* src/varnish_mib.h: New file.
* src/vcli.c: New file.

9 files changed, 1481 insertions, 46 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index 4efd22c..439cdb3 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -15,13 +15,19 @@
 # along with varnish-mib.  If not, see <http://www.gnu.org/licenses/>.
 
 dlmoddir=@DLMODDIR@
 dlmod_LTLIBRARIES = varnish-mib.la
 
 varnish_mib_la_SOURCES = \
- varnish_mib.c
+ auth.c\
+ ban.c\
+ sha256.c\
+ sha256.h\
+ varnish_mib.c\
+ varnish_mib.h\
+ vcli.c
 
 BUILT_SOURCES = \
  varnish_mib.c
 
 varnish_mib.c: varnish_mib.mib2c
 
diff --git a/src/VARNISH-MIB.txt b/src/VARNISH-MIB.txt
index 0ec5dac..01def5c 100644
--- a/src/VARNISH-MIB.txt
+++ b/src/VARNISH-MIB.txt
@@ -67,12 +67,20 @@ clientCacheMisses OBJECT-TYPE
         MAX-ACCESS read-only
         STATUS  current
         DESCRIPTION
                 "Cache misses"
         ::= { client 5 }
 
+clientBan OBJECT-TYPE
+        SYNTAX  OCTET STRING (SIZE(0..1024))
+        MAX-ACCESS  read-write
+        STATUS      current
+        DESCRIPTION
+                "FIXME"
+        ::= { client 6 }
+        
 connections OBJECT IDENTIFIER    ::= { backend 1 }
 
 backendConnSuccess OBJECT-TYPE
         SYNTAX  Counter32
         MAX-ACCESS read-only
         STATUS  current
@@ -198,12 +206,13 @@ varnishGroup OBJECT-GROUP
         OBJECTS {
                 clientAcceptedConnections,
                 clientRequestsReceived,
                 clientCacheHits,
                 clientCacheHitsPass,
                 clientCacheMisses,
+                clientBan,
                 backendConnSuccess,
                 backendConnNotAttempted,
                 backendConnToMany,
                 backendConnFailures,
                 backendConnReuses,
                 backendConnRecycled,
diff --git a/src/auth.c b/src/auth.c
new file mode 100644
index 0000000..9ef90ac
--- /dev/null
+++ b/src/auth.c
@@ -0,0 +1,63 @@
+/* This file is part of varnish-mib -*- c -*-
+   Copyright (C) 2014 Sergey Poznyakoff
+
+   Varnish-mib is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3, or (at your option)
+   any later version.
+
+   Varnish-mib is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with varnish-mib.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "varnish_mib.h"
+#include "sha256.h"
+#include <unistd.h>
+#include <fcntl.h>
+#include <assert.h>
+#include <errno.h>
+
+void
+varnish_auth_response_fd(int fd, const char *challenge,
+                         char response[CLI_AUTH_RESPONSE_LEN + 1])
+{
+        struct sha256_ctx ctx;
+        uint8_t buf[BUFSIZ];
+        int i;
+
+        assert(CLI_AUTH_RESPONSE_LEN == (SHA256_DIGEST_SIZE * 2));
+
+        sha256_init_ctx(&ctx);
+        sha256_process_bytes(challenge, 32, &ctx);
+        sha256_process_bytes("\n", 1, &ctx);
+        do {
+                i = read(fd, buf, sizeof buf);
+                if (i > 0)
+                        sha256_process_bytes(buf, i, &ctx);
+        } while (i > 0);
+        sha256_process_bytes(challenge, 32, &ctx);
+        sha256_process_bytes("\n", 1, &ctx);
+        sha256_finish_ctx(&ctx, buf);
+        for (i = 0; i < SHA256_DIGEST_SIZE; i++)
+                sprintf(response + 2 * i, "%02x", buf[i]);
+}
+
+int
+varnish_auth_response(const char *file, const char *challenge,
+                      char response[CLI_AUTH_RESPONSE_LEN + 1])
+{
+        int fd = open(file, O_RDONLY);
+        if (fd == -1) {
+                snmp_log(LOG_ERR, "can't open secret file %s: %s\n",
+                         file, strerror(errno));
+                return -1;
+        }
+        varnish_auth_response_fd(fd, challenge, response);
+        close(fd);
+        return 0;
+}
diff --git a/src/ban.c b/src/ban.c
new file mode 100644
index 0000000..a091e37
--- /dev/null
+++ b/src/ban.c
@@ -0,0 +1,62 @@
+/* This file is part of varnish-mib -*- c -*-
+   Copyright (C) 2014 Sergey Poznyakoff
+
+   Varnish-mib is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3, or (at your option)
+   any later version.
+
+   Varnish-mib is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with varnish-mib.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "varnish_mib.h"
+
+static int
+send_ban_cmd(vcli_conn_t *conn, const char *expr)
+{
+        if (vcli_asprintf(conn, "ban %s\n", expr) || vcli_write(conn))
+                return 1;
+
+        if (vcli_read_response(conn))
+                return 1;
+        
+        if (conn->resp != CLIS_OK) {
+                snmp_log(LOG_ERR, "command rejected: %u %s\n",
+                         conn->resp, conn->base);
+                return 1;
+        }
+        return 0;
+}
+
+int
+varnish_ban(netsnmp_agent_request_info   *reqinfo,
+            netsnmp_request_info         *requests,
+            struct VSM_data              *vd)
+{
+        int rc;
+        struct vcli_conn conn;
+        size_t len = requests->requestvb->val_len;
+        char *expr = malloc(len + 1);
+        
+        if (!expr) {
+                snmp_log(LOG_ERR, "out of memory\n");
+                return SNMP_ERR_GENERR;
+        }
+        memcpy(expr, requests->requestvb->val.string, len);
+        expr[len] = 0;
+        DEBUGMSGTL(("vcli_mib", "ban %s\n", expr));
+        rc = vcli_connect(vd, &conn);
+        if (rc == SNMP_ERR_NOERROR) {
+                rc = send_ban_cmd(&conn, expr);
+                vcli_disconnect(&conn);
+        }
+        free(expr);
+        return rc ? SNMP_ERR_GENERR : SNMP_ERR_NOERROR;
+}
+
diff --git a/src/sha256.c b/src/sha256.c
new file mode 100644
index 0000000..bcb5f74
--- /dev/null
+++ b/src/sha256.c
@@ -0,0 +1,570 @@
+/* sha256.c - Functions to compute SHA256 and SHA224 message digest of files or
+   memory blocks according to the NIST specification FIPS-180-2.
+
+   Copyright (C) 2005-2006, 2008-2013 Free Software Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License