diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 8 | ||||
-rw-r--r-- | src/VARNISH-MIB.txt | 9 | ||||
-rw-r--r-- | src/auth.c | 63 | ||||
-rw-r--r-- | src/ban.c | 62 | ||||
-rw-r--r-- | src/sha256.c | 570 | ||||
-rw-r--r-- | src/sha256.h | 91 | ||||
-rw-r--r-- | src/varnish_mib.h | 52 | ||||
-rw-r--r-- | src/varnish_mib.mib2c | 173 | ||||
-rw-r--r-- | src/vcli.c | 499 |
9 files changed, 1481 insertions, 46 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 4efd22c..439cdb3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am | |||
@@ -18,7 +18,13 @@ dlmoddir=@DLMODDIR@ | |||
18 | dlmod_LTLIBRARIES = varnish-mib.la | 18 | dlmod_LTLIBRARIES = varnish-mib.la |
19 | 19 | ||
20 | varnish_mib_la_SOURCES = \ | 20 | varnish_mib_la_SOURCES = \ |
21 | varnish_mib.c | 21 | auth.c\ |
22 | ban.c\ | ||
23 | sha256.c\ | ||
24 | sha256.h\ | ||
25 | varnish_mib.c\ | ||
26 | varnish_mib.h\ | ||
27 | vcli.c | ||
22 | 28 | ||
23 | BUILT_SOURCES = \ | 29 | BUILT_SOURCES = \ |
24 | varnish_mib.c | 30 | varnish_mib.c |
diff --git a/src/VARNISH-MIB.txt b/src/VARNISH-MIB.txt index 0ec5dac..01def5c 100644 --- a/src/VARNISH-MIB.txt +++ b/src/VARNISH-MIB.txt | |||
@@ -70,6 +70,14 @@ clientCacheMisses OBJECT-TYPE | |||
70 | "Cache misses" | 70 | "Cache misses" |
71 | ::= { client 5 } | 71 | ::= { client 5 } |
72 | 72 | ||
73 | clientBan OBJECT-TYPE | ||
74 | SYNTAX OCTET STRING (SIZE(0..1024)) | ||
75 | MAX-ACCESS read-write | ||
76 | STATUS current | ||
77 | DESCRIPTION | ||
78 | "FIXME" | ||
79 | ::= { client 6 } | ||
80 | |||
73 | connections OBJECT IDENTIFIER ::= { backend 1 } | 81 | connections OBJECT IDENTIFIER ::= { backend 1 } |
74 | 82 | ||
75 | backendConnSuccess OBJECT-TYPE | 83 | backendConnSuccess OBJECT-TYPE |
@@ -201,6 +209,7 @@ varnishGroup OBJECT-GROUP | |||
201 | clientCacheHits, | 209 | clientCacheHits, |
202 | clientCacheHitsPass, | 210 | clientCacheHitsPass, |
203 | clientCacheMisses, | 211 | clientCacheMisses, |
212 | clientBan, | ||
204 | backendConnSuccess, | 213 | backendConnSuccess, |
205 | backendConnNotAttempted, | 214 | backendConnNotAttempted, |
206 | backendConnToMany, | 215 | backendConnToMany, |
diff --git a/src/auth.c b/src/auth.c new file mode 100644 index 0000000..9ef90ac --- /dev/null +++ b/src/auth.c | |||
@@ -0,0 +1,63 @@ | |||
1 | /* This file is part of varnish-mib -*- c -*- | ||
2 | Copyright (C) 2014 Sergey Poznyakoff | ||
3 | |||
4 | Varnish-mib is free software; you can redistribute it and/or modify | ||
5 | it under the terms of the GNU General Public License as published by | ||
6 | the Free Software Foundation; either version 3, or (at your option) | ||
7 | any later version. | ||
8 | |||
9 | Varnish-mib is distributed in the hope that it will be useful, | ||
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
12 | GNU General Public License for more details. | ||
13 | |||
14 | You should have received a copy of the GNU General Public License | ||
15 | along with varnish-mib. If not, see <http://www.gnu.org/licenses/>. | ||
16 | */ | ||
17 | |||
18 | #include "varnish_mib.h" | ||
19 | #include "sha256.h" | ||
20 | #include <unistd.h> | ||
21 | #include <fcntl.h> | ||
22 | #include <assert.h> | ||
23 | #include <errno.h> | ||
24 | |||
25 | void | ||
26 | varnish_auth_response_fd(int fd, const char *challenge, | ||
27 | char response[CLI_AUTH_RESPONSE_LEN + 1]) | ||
28 | { | ||
29 | struct sha256_ctx ctx; | ||
30 | uint8_t buf[BUFSIZ]; | ||
31 | int i; | ||
32 | |||
33 | assert(CLI_AUTH_RESPONSE_LEN == (SHA256_DIGEST_SIZE * 2)); | ||
34 | |||
35 | sha256_init_ctx(&ctx); | ||
36 | sha256_process_bytes(challenge, 32, &ctx); | ||
37 | sha256_process_bytes("\n", 1, &ctx); | ||
38 | do { | ||
39 | i = read(fd, buf, sizeof buf); | ||
40 | if (i > 0) | ||
41 | sha256_process_bytes(buf, i, &ctx); | ||
42 | } while (i > 0); | ||
43 | sha256_process_bytes(challenge, 32, &ctx); | ||
44 | sha256_process_bytes("\n", 1, &ctx); | ||
45 | sha256_finish_ctx(&ctx, buf); | ||
46 | for (i = 0; i < SHA256_DIGEST_SIZE; i++) | ||
47 | sprintf(response + 2 * i, "%02x", buf[i]); | ||
48 | } | ||
49 | |||
50 | int | ||
51 | varnish_auth_response(const char *file, const char *challenge, | ||
52 | char response[CLI_AUTH_RESPONSE_LEN + 1]) | ||
53 | { | ||
54 | int fd = open(file, O_RDONLY); | ||
55 | if (fd == -1) { | ||
56 | snmp_log(LOG_ERR, "can't open secret file %s: %s\n", | ||
57 | file, strerror(errno)); | ||
58 | return -1; | ||
59 | } | ||
60 | varnish_auth_response_fd(fd, challenge, response); | ||
61 | close(fd); | ||
62 | return 0; | ||
63 | } | ||
diff --git a/src/ban.c b/src/ban.c new file mode 100644 index 0000000..a091e37 --- /dev/null +++ b/src/ban.c | |||
@@ -0,0 +1,62 @@ | |||
1 | /* This file is part of varnish-mib -*- c -*- | ||
2 | Copyright (C) 2014 Sergey Poznyakoff | ||
3 | |||
4 | Varnish-mib is free software; you can redistribute it and/or modify | ||
5 | it under the terms of the GNU General Public License as published by | ||
6 | the Free Software Foundation; either version 3, or (at your option) | ||
7 | any later version. | ||
8 | |||
9 | Varnish-mib is distributed in the hope that it will be useful, | ||
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
12 | GNU General Public License for more details. | ||
13 | |||
14 | You should have received a copy of the GNU General Public License | ||
15 | along with varnish-mib. If not, see <http://www.gnu.org/licenses/>. | ||
16 | */ | ||
17 | |||
18 | #include "varnish_mib.h" | ||
19 | |||
20 | static int | ||
21 | send_ban_cmd(vcli_conn_t *conn, const char *expr) | ||
22 | { | ||
23 | if (vcli_asprintf(conn, "ban %s\n", expr) || vcli_write(conn)) | ||
24 | return 1; | ||
25 | |||
26 | if (vcli_read_response(conn)) | ||
27 | return 1; | ||
28 | |||
29 | if (conn->resp != CLIS_OK) { | ||
30 | snmp_log(LOG_ERR, "command rejected: %u %s\n", | ||
31 | conn->resp, conn->base); | ||
32 | return 1; | ||
33 | } | ||
34 | return 0; | ||
35 | } | ||
36 | |||
37 | int | ||
38 | varnish_ban(netsnmp_agent_request_info *reqinfo, | ||
39 | netsnmp_request_info *requests, | ||
40 | struct VSM_data *vd) | ||
41 | { | ||
42 | int rc; | ||
43 | struct vcli_conn conn; | ||
44 | size_t len = requests->requestvb->val_len; | ||
45 | char *expr = malloc(len + 1); | ||
46 | |||
47 | if (!expr) { | ||
48 | snmp_log(LOG_ERR, "out of memory\n"); | ||
49 | return SNMP_ERR_GENERR; | ||
50 | } | ||
51 | memcpy(expr, requests->requestvb->val.string, len); | ||
52 | expr[len] = 0; | ||
53 | DEBUGMSGTL(("vcli_mib", "ban %s\n", expr)); | ||
54 | rc = vcli_connect(vd, &conn); | ||
55 | if (rc == SNMP_ERR_NOERROR) { | ||
56 | rc = send_ban_cmd(&conn, expr); | ||
57 | vcli_disconnect(&conn); | ||
58 | } | ||
59 | free(expr); | ||
60 | return rc ? SNMP_ERR_GENERR : SNMP_ERR_NOERROR; | ||
61 | } | ||
62 | |||
diff --git a/src/sha256.c b/src/sha256.c new file mode 100644 index 0000000..bcb5f74 --- /dev/null +++ b/src/sha256.c | |||
@@ -0,0 +1,570 @@ | |||
1 | /* sha256.c - Functions to compute SHA256 and SHA224 message digest of files or | ||
2 | memory blocks according to the NIST specification FIPS-180-2. | ||
3 | |||
4 | Copyright (C) 2005-2006, 2008-2013 Free Software Foundation, Inc. | ||
5 | |||
6 | This program is free software: you can redistribute it and/or modify | ||
7 | it under the terms of the GNU General Public License as published by | ||
8 | the Free Software Foundation, either version 3 of the License, or | ||
9 | (at your option) any later version. | ||
10 | |||
11 | This program is distributed in the hope that it will be useful, | ||
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | GNU General Public License for more details. | ||
15 | |||
16 | You should have received a copy of the GNU General Public License | ||
17 | along with this program. If not, see <http://www.gnu.org/licenses/>. */ | ||
18 | |||
19 | /* Written by David Madore, considerably copypasting from | ||
20 | Scott G. Miller's sha1.c | ||
21 | */ | ||
22 | |||
23 | #include <config.h> | ||
24 | |||
25 | #include "sha256.h" | ||
26 | |||
27 | #include <stddef.h> | ||
28 | #include <stdint.h> | ||
29 | #include <stdlib.h> | ||
30 | #include <string.h> | ||
31 | |||
32 | #if USE_UNLOCKED_IO | ||
33 | # include "unlocked-io.h" | ||
34 | #endif | ||
35 | |||
36 | #ifdef WORDS_BIGENDIAN | ||
37 | # define SWAP(n) (n) | ||
38 | #else | ||
39 | # define SWAP(n) \ | ||
40 | (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) | ||
41 | #endif | ||
42 | |||
43 | #define BLOCKSIZE 32768 | ||
44 | #if BLOCKSIZE % 64 != 0 | ||
45 | # error "invalid BLOCKSIZE" | ||
46 | #endif | ||
47 | |||
48 | /* This array contains the bytes used to pad the buffer to the next | ||
49 | 64-byte boundary. */ | ||
50 | static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; | ||
51 | |||