/*
* This function establishes a connection to the specified ip and port and
* sends a command to varnishd. If varnishd returns an OK status, the result
* is printed and 0 returned. Else, an error message is printed and 1 is
* returned
*/
static int
cli_sock(struct vadmin_config_t *vadmin, struct agent_core_t *core)
{
int fd;
unsigned status;
char *answer = NULL;
char buf[CLI_AUTH_RESPONSE_LEN + 1];
n_arg_sock(core);
if (core->config->T_arg == NULL) {
logger(vadmin->logger, "No T-arg (Administration port) available. Varnishadm-commands wont work.");
return (-1);
}
vadmin->sock = VSS_open(vadmin->logger, core->config->T_arg, core->config->timeout);
if (vadmin->sock < 0) {
logger(vadmin->logger, "Connection failed (%s)", core->config->T_arg);
return (-1);
}
(void)VCLI_ReadResult(vadmin->sock, &status, &answer, core->config->timeout);
if (status == CLIS_AUTH) {
if (core->config->S_arg == NULL) {
logger(vadmin->logger, "Authentication required");
assert(close(vadmin->sock) == 0);
return(-1);
}
fd = open(core->config->S_arg, O_RDONLY);
if (fd < 0) {
logger(vadmin->logger, "Cannot open \"%s\": %s",
core->config->S_arg, strerror(errno));
assert(close(vadmin->sock) == 0);
return (-1);
}
VCLI_AuthResponse(fd, answer, buf);
assert(close(fd) == 0);
free(answer);
cli_write(vadmin->sock, "auth ");
cli_write(vadmin->sock, buf);
cli_write(vadmin->sock, "\n");
(void)VCLI_ReadResult(vadmin->sock, &status, &answer, core->config->timeout);
}
if (status != CLIS_OK) {
logger(vadmin->logger, "Rejected %u\n%s", status, answer);
assert(close(vadmin->sock) == 0);
return (-1);
}
free(answer);
cli_write(vadmin->sock, "ping\n");
(void)VCLI_ReadResult(vadmin->sock, &status, &answer, core->config->timeout);
if (status != CLIS_OK || strstr(answer, "PONG") == NULL) {
logger(vadmin->logger, "No pong received from server");
assert(close(vadmin->sock) == 0);
return(-1);
}
free(answer);
vadmin->state = 1;
return (vadmin->sock);
}
static void
mcf_auth(struct cli *cli, const char *const *av, void *priv)
{
int fd;
char buf[CLI_AUTH_RESPONSE_LEN + 1];
AN(av[2]);
(void)priv;
if (secret_file == NULL) {
VCLI_Out(cli, "Secret file not configured\n");
VCLI_SetResult(cli, CLIS_CANT);
return;
}
fd = open(secret_file, O_RDONLY);
if (fd < 0) {
VCLI_Out(cli, "Cannot open secret file (%s)\n",
strerror(errno));
VCLI_SetResult(cli, CLIS_CANT);
return;
}
mgt_got_fd(fd);
VCLI_AuthResponse(fd, cli->challenge, buf);
AZ(close(fd));
if (strcasecmp(buf, av[2])) {
mgt_cli_challenge(cli);
return;
}
cli->auth = MCF_AUTH;
memset(cli->challenge, 0, sizeof cli->challenge);
VCLI_SetResult(cli, CLIS_OK);
mcf_banner(cli, av, priv);
}
/*
* This function establishes a connection to the specified ip and port and
* sends a command to varnishd. If varnishd returns an OK status, the result
* is printed and 0 returned. Else, an error message is printed and 1 is
* returned
*/
static int
cli_sock(const char *T_arg, const char *S_arg)
{
int fd;
int sock;
unsigned status;
char *answer = NULL;
char buf[CLI_AUTH_RESPONSE_LEN + 1];
const char *err;
sock = VTCP_open(T_arg, NULL, timeout, &err);
if (sock < 0) {
fprintf(stderr, "Connection failed (%s): %s\n", T_arg, err);
return (-1);
}
(void)VCLI_ReadResult(sock, &status, &answer, timeout);
if (status == CLIS_AUTH) {
if (S_arg == NULL) {
fprintf(stderr, "Authentication required\n");
AZ(close(sock));
return(-1);
}
fd = open(S_arg, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Cannot open \"%s\": %s\n",
S_arg, strerror(errno));
AZ(close(sock));
return (-1);
}
VCLI_AuthResponse(fd, answer, buf);
AZ(close(fd));
free(answer);
cli_write(sock, "auth ");
cli_write(sock, buf);
cli_write(sock, "\n");
(void)VCLI_ReadResult(sock, &status, &answer, timeout);
}
if (status != CLIS_OK) {
fprintf(stderr, "Rejected %u\n%s\n", status, answer);
AZ(close(sock));
free(answer);
return (-1);
}
free(answer);
cli_write(sock, "ping\n");
(void)VCLI_ReadResult(sock, &status, &answer, timeout);
if (status != CLIS_OK || strstr(answer, "PONG") == NULL) {
fprintf(stderr, "No pong received from server\n");
AZ(close(sock));
free(answer);
return (-1);
}
free(answer);
return (sock);
}
static void
mcf_auth(struct cli *cli, const char *const *av, void *priv)
{
int fd;
char buf[CLI_AUTH_RESPONSE_LEN + 1];
AN(av[2]);
(void)priv;
if (secret_file == NULL) {
VCLI_Out(cli, "Secret file not configured\n");
VCLI_SetResult(cli, CLIS_CANT);
return;
}
VJ_master(JAIL_MASTER_FILE);
fd = open(secret_file, O_RDONLY);
if (fd < 0) {
VCLI_Out(cli, "Cannot open secret file (%s)\n",
strerror(errno));
VCLI_SetResult(cli, CLIS_CANT);
VJ_master(JAIL_MASTER_LOW);
return;
}
VJ_master(JAIL_MASTER_LOW);
mgt_got_fd(fd);
VCLI_AuthResponse(fd, cli->challenge, buf);
AZ(close(fd));
if (strcasecmp(buf, av[2])) {
MGT_complain(C_SECURITY,
"CLI Authentication failure from %s", cli->ident);
VCLI_SetResult(cli, CLIS_CLOSE);
return;
}
cli->auth = MCF_AUTH;
memset(cli->challenge, 0, sizeof cli->challenge);
VCLI_SetResult(cli, CLIS_OK);
mcf_banner(cli, av, priv);
}
static void
varnish_launch(struct varnish *v)
{
struct vsb *vsb, *vsb1;
int i, nfd, nap;
struct vss_addr **ap;
char abuf[128], pbuf[128];
struct pollfd fd[2];
enum VCLI_status_e u;
char *r;
v->vd = VSM_New();
VSC_Setup(v->vd);
/* Create listener socket */
nap = VSS_resolve("127.0.0.1", "0", &ap);
AN(nap);
v->cli_fd = VSS_listen(ap[0], 1);
VTCP_myname(v->cli_fd, abuf, sizeof abuf, pbuf, sizeof pbuf);
AZ(VSB_finish(v->args));
vtc_log(v->vl, 2, "Launch");
vsb = VSB_new_auto();
AN(vsb);
VSB_printf(vsb, "cd ${pwd} &&");
VSB_printf(vsb, " ${varnishd} -d -d -n %s", v->workdir);
VSB_printf(vsb, " -l 10m,1m,-");
VSB_printf(vsb, " -p auto_restart=off");
VSB_printf(vsb, " -p syslog_cli_traffic=off");
VSB_printf(vsb, " -a '%s'", "127.0.0.1:0");
VSB_printf(vsb, " -S %s/_S", v->workdir);
VSB_printf(vsb, " -M '%s %s'", abuf, pbuf);
VSB_printf(vsb, " -P %s/varnishd.pid", v->workdir);
VSB_printf(vsb, " %s", VSB_data(v->storage));
VSB_printf(vsb, " %s", VSB_data(v->args));
AZ(VSB_finish(vsb));
vtc_log(v->vl, 3, "CMD: %s", VSB_data(vsb));
vsb1 = macro_expand(v->vl, VSB_data(vsb));
AN(vsb1);
VSB_delete(vsb);
vsb = vsb1;
vtc_log(v->vl, 3, "CMD: %s", VSB_data(vsb));
AZ(pipe(&v->fds[0]));
AZ(pipe(&v->fds[2]));
v->pid = fork();
assert(v->pid >= 0);
if (v->pid == 0) {
assert(dup2(v->fds[0], 0) == 0);
assert(dup2(v->fds[3], 1) == 1);
assert(dup2(1, 2) == 2);
AZ(close(v->fds[0]));
AZ(close(v->fds[1]));
AZ(close(v->fds[2]));
AZ(close(v->fds[3]));
for (i = 3; i <getdtablesize(); i++)
(void)close(i);
AZ(execl("/bin/sh", "/bin/sh", "-c", VSB_data(vsb), (char*)0));
exit(1);
} else {
vtc_log(v->vl, 3, "PID: %ld", (long)v->pid);
}
AZ(close(v->fds[0]));
AZ(close(v->fds[3]));
v->fds[0] = v->fds[2];
v->fds[2] = v->fds[3] = -1;
VSB_delete(vsb);
AZ(pthread_create(&v->tp, NULL, varnish_thread, v));
AZ(pthread_create(&v->tp_vsl, NULL, varnishlog_thread, v));
/* Wait for the varnish to call home */
memset(fd, 0, sizeof fd);
fd[0].fd = v->cli_fd;
fd[0].events = POLLIN;
fd[1].fd = v->fds[0];
fd[1].events = 0; /* Only care about POLLHUP, which is output-only */
i = poll(fd, 2, 10000);
vtc_log(v->vl, 4, "CLIPOLL %d 0x%x 0x%x",
i, fd[0].revents, fd[1].revents);
if (i == 0) {
vtc_log(v->vl, 0, "FAIL timeout waiting for CLI connection");
return;
}
if (fd[1].revents & POLLHUP) {
vtc_log(v->vl, 0, "FAIL debug pipe closed");
return;
}
if (!(fd[0].revents & POLLIN)) {
vtc_log(v->vl, 0, "FAIL CLI connection wait failure");
return;
}
nfd = accept(v->cli_fd, NULL, NULL);
if (nfd < 0) {
vtc_log(v->vl, 0, "FAIL no CLI connection accepted");
return;
}
AZ(close(v->cli_fd));
v->cli_fd = nfd;
vtc_log(v->vl, 3, "CLI connection fd = %d", v->cli_fd);
assert(v->cli_fd >= 0);
/* Receive the banner or auth response */
u = varnish_ask_cli(v, NULL, &r);
if (vtc_error)
return;
if (u != CLIS_AUTH)
vtc_log(v->vl, 0, "CLI auth demand expected: %u %s", u, r);
bprintf(abuf, "%s/_S", v->workdir);
nfd = open(abuf, O_RDONLY);
assert(nfd >= 0);
assert(sizeof abuf >= CLI_AUTH_RESPONSE_LEN + 7);
strcpy(abuf, "auth ");
VCLI_AuthResponse(nfd, r, abuf + 5);
AZ(close(nfd));
free(r);
strcat(abuf, "\n");
u = varnish_ask_cli(v, abuf, &r);
if (vtc_error)
return;
if (u != CLIS_OK)
vtc_log(v->vl, 0, "CLI auth command failed: %u %s", u, r);
free(r);
(void)VSL_Arg(v->vd, 'n', v->workdir);
AZ(VSC_Open(v->vd, 1));
}
