/* * This function establishes a connection to the specified ip and port and * sends a command to varnishd. If varnishd returns an OK status, the result * is printed and 0 returned. Else, an error message is printed and 1 is * returned */ static int cli_sock(struct vadmin_config_t *vadmin, struct agent_core_t *core) { int fd; unsigned status; char *answer = NULL; char buf[CLI_AUTH_RESPONSE_LEN + 1]; n_arg_sock(core); if (core->config->T_arg == NULL) { logger(vadmin->logger, "No T-arg (Administration port) available. Varnishadm-commands wont work."); return (-1); } vadmin->sock = VSS_open(vadmin->logger, core->config->T_arg, core->config->timeout); if (vadmin->sock < 0) { logger(vadmin->logger, "Connection failed (%s)", core->config->T_arg); return (-1); } (void)VCLI_ReadResult(vadmin->sock, &status, &answer, core->config->timeout); if (status == CLIS_AUTH) { if (core->config->S_arg == NULL) { logger(vadmin->logger, "Authentication required"); assert(close(vadmin->sock) == 0); return(-1); } fd = open(core->config->S_arg, O_RDONLY); if (fd < 0) { logger(vadmin->logger, "Cannot open \"%s\": %s", core->config->S_arg, strerror(errno)); assert(close(vadmin->sock) == 0); return (-1); } VCLI_AuthResponse(fd, answer, buf); assert(close(fd) == 0); free(answer); cli_write(vadmin->sock, "auth "); cli_write(vadmin->sock, buf); cli_write(vadmin->sock, "\n"); (void)VCLI_ReadResult(vadmin->sock, &status, &answer, core->config->timeout); } if (status != CLIS_OK) { logger(vadmin->logger, "Rejected %u\n%s", status, answer); assert(close(vadmin->sock) == 0); return (-1); } free(answer); cli_write(vadmin->sock, "ping\n"); (void)VCLI_ReadResult(vadmin->sock, &status, &answer, core->config->timeout); if (status != CLIS_OK || strstr(answer, "PONG") == NULL) { logger(vadmin->logger, "No pong received from server"); assert(close(vadmin->sock) == 0); return(-1); } free(answer); vadmin->state = 1; return (vadmin->sock); }
static void mcf_auth(struct cli *cli, const char *const *av, void *priv) { int fd; char buf[CLI_AUTH_RESPONSE_LEN + 1]; AN(av[2]); (void)priv; if (secret_file == NULL) { VCLI_Out(cli, "Secret file not configured\n"); VCLI_SetResult(cli, CLIS_CANT); return; } fd = open(secret_file, O_RDONLY); if (fd < 0) { VCLI_Out(cli, "Cannot open secret file (%s)\n", strerror(errno)); VCLI_SetResult(cli, CLIS_CANT); return; } mgt_got_fd(fd); VCLI_AuthResponse(fd, cli->challenge, buf); AZ(close(fd)); if (strcasecmp(buf, av[2])) { mgt_cli_challenge(cli); return; } cli->auth = MCF_AUTH; memset(cli->challenge, 0, sizeof cli->challenge); VCLI_SetResult(cli, CLIS_OK); mcf_banner(cli, av, priv); }
/* * This function establishes a connection to the specified ip and port and * sends a command to varnishd. If varnishd returns an OK status, the result * is printed and 0 returned. Else, an error message is printed and 1 is * returned */ static int cli_sock(const char *T_arg, const char *S_arg) { int fd; int sock; unsigned status; char *answer = NULL; char buf[CLI_AUTH_RESPONSE_LEN + 1]; const char *err; sock = VTCP_open(T_arg, NULL, timeout, &err); if (sock < 0) { fprintf(stderr, "Connection failed (%s): %s\n", T_arg, err); return (-1); } (void)VCLI_ReadResult(sock, &status, &answer, timeout); if (status == CLIS_AUTH) { if (S_arg == NULL) { fprintf(stderr, "Authentication required\n"); AZ(close(sock)); return(-1); } fd = open(S_arg, O_RDONLY); if (fd < 0) { fprintf(stderr, "Cannot open \"%s\": %s\n", S_arg, strerror(errno)); AZ(close(sock)); return (-1); } VCLI_AuthResponse(fd, answer, buf); AZ(close(fd)); free(answer); cli_write(sock, "auth "); cli_write(sock, buf); cli_write(sock, "\n"); (void)VCLI_ReadResult(sock, &status, &answer, timeout); } if (status != CLIS_OK) { fprintf(stderr, "Rejected %u\n%s\n", status, answer); AZ(close(sock)); free(answer); return (-1); } free(answer); cli_write(sock, "ping\n"); (void)VCLI_ReadResult(sock, &status, &answer, timeout); if (status != CLIS_OK || strstr(answer, "PONG") == NULL) { fprintf(stderr, "No pong received from server\n"); AZ(close(sock)); free(answer); return (-1); } free(answer); return (sock); }
static void mcf_auth(struct cli *cli, const char *const *av, void *priv) { int fd; char buf[CLI_AUTH_RESPONSE_LEN + 1]; AN(av[2]); (void)priv; if (secret_file == NULL) { VCLI_Out(cli, "Secret file not configured\n"); VCLI_SetResult(cli, CLIS_CANT); return; } VJ_master(JAIL_MASTER_FILE); fd = open(secret_file, O_RDONLY); if (fd < 0) { VCLI_Out(cli, "Cannot open secret file (%s)\n", strerror(errno)); VCLI_SetResult(cli, CLIS_CANT); VJ_master(JAIL_MASTER_LOW); return; } VJ_master(JAIL_MASTER_LOW); mgt_got_fd(fd); VCLI_AuthResponse(fd, cli->challenge, buf); AZ(close(fd)); if (strcasecmp(buf, av[2])) { MGT_complain(C_SECURITY, "CLI Authentication failure from %s", cli->ident); VCLI_SetResult(cli, CLIS_CLOSE); return; } cli->auth = MCF_AUTH; memset(cli->challenge, 0, sizeof cli->challenge); VCLI_SetResult(cli, CLIS_OK); mcf_banner(cli, av, priv); }
static void varnish_launch(struct varnish *v) { struct vsb *vsb, *vsb1; int i, nfd, nap; struct vss_addr **ap; char abuf[128], pbuf[128]; struct pollfd fd[2]; enum VCLI_status_e u; char *r; v->vd = VSM_New(); VSC_Setup(v->vd); /* Create listener socket */ nap = VSS_resolve("127.0.0.1", "0", &ap); AN(nap); v->cli_fd = VSS_listen(ap[0], 1); VTCP_myname(v->cli_fd, abuf, sizeof abuf, pbuf, sizeof pbuf); AZ(VSB_finish(v->args)); vtc_log(v->vl, 2, "Launch"); vsb = VSB_new_auto(); AN(vsb); VSB_printf(vsb, "cd ${pwd} &&"); VSB_printf(vsb, " ${varnishd} -d -d -n %s", v->workdir); VSB_printf(vsb, " -l 10m,1m,-"); VSB_printf(vsb, " -p auto_restart=off"); VSB_printf(vsb, " -p syslog_cli_traffic=off"); VSB_printf(vsb, " -a '%s'", "127.0.0.1:0"); VSB_printf(vsb, " -S %s/_S", v->workdir); VSB_printf(vsb, " -M '%s %s'", abuf, pbuf); VSB_printf(vsb, " -P %s/varnishd.pid", v->workdir); VSB_printf(vsb, " %s", VSB_data(v->storage)); VSB_printf(vsb, " %s", VSB_data(v->args)); AZ(VSB_finish(vsb)); vtc_log(v->vl, 3, "CMD: %s", VSB_data(vsb)); vsb1 = macro_expand(v->vl, VSB_data(vsb)); AN(vsb1); VSB_delete(vsb); vsb = vsb1; vtc_log(v->vl, 3, "CMD: %s", VSB_data(vsb)); AZ(pipe(&v->fds[0])); AZ(pipe(&v->fds[2])); v->pid = fork(); assert(v->pid >= 0); if (v->pid == 0) { assert(dup2(v->fds[0], 0) == 0); assert(dup2(v->fds[3], 1) == 1); assert(dup2(1, 2) == 2); AZ(close(v->fds[0])); AZ(close(v->fds[1])); AZ(close(v->fds[2])); AZ(close(v->fds[3])); for (i = 3; i <getdtablesize(); i++) (void)close(i); AZ(execl("/bin/sh", "/bin/sh", "-c", VSB_data(vsb), (char*)0)); exit(1); } else { vtc_log(v->vl, 3, "PID: %ld", (long)v->pid); } AZ(close(v->fds[0])); AZ(close(v->fds[3])); v->fds[0] = v->fds[2]; v->fds[2] = v->fds[3] = -1; VSB_delete(vsb); AZ(pthread_create(&v->tp, NULL, varnish_thread, v)); AZ(pthread_create(&v->tp_vsl, NULL, varnishlog_thread, v)); /* Wait for the varnish to call home */ memset(fd, 0, sizeof fd); fd[0].fd = v->cli_fd; fd[0].events = POLLIN; fd[1].fd = v->fds[0]; fd[1].events = 0; /* Only care about POLLHUP, which is output-only */ i = poll(fd, 2, 10000); vtc_log(v->vl, 4, "CLIPOLL %d 0x%x 0x%x", i, fd[0].revents, fd[1].revents); if (i == 0) { vtc_log(v->vl, 0, "FAIL timeout waiting for CLI connection"); return; } if (fd[1].revents & POLLHUP) { vtc_log(v->vl, 0, "FAIL debug pipe closed"); return; } if (!(fd[0].revents & POLLIN)) { vtc_log(v->vl, 0, "FAIL CLI connection wait failure"); return; } nfd = accept(v->cli_fd, NULL, NULL); if (nfd < 0) { vtc_log(v->vl, 0, "FAIL no CLI connection accepted"); return; } AZ(close(v->cli_fd)); v->cli_fd = nfd; vtc_log(v->vl, 3, "CLI connection fd = %d", v->cli_fd); assert(v->cli_fd >= 0); /* Receive the banner or auth response */ u = varnish_ask_cli(v, NULL, &r); if (vtc_error) return; if (u != CLIS_AUTH) vtc_log(v->vl, 0, "CLI auth demand expected: %u %s", u, r); bprintf(abuf, "%s/_S", v->workdir); nfd = open(abuf, O_RDONLY); assert(nfd >= 0); assert(sizeof abuf >= CLI_AUTH_RESPONSE_LEN + 7); strcpy(abuf, "auth "); VCLI_AuthResponse(nfd, r, abuf + 5); AZ(close(nfd)); free(r); strcat(abuf, "\n"); u = varnish_ask_cli(v, abuf, &r); if (vtc_error) return; if (u != CLIS_OK) vtc_log(v->vl, 0, "CLI auth command failed: %u %s", u, r); free(r); (void)VSL_Arg(v->vd, 'n', v->workdir); AZ(VSC_Open(v->vd, 1)); }