summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2010-11-09 12:37:06 +0200
committerTimo Teräs <timo.teras@iki.fi>2010-11-09 12:37:06 +0200
commitafa7bc626af7ee010fbe3604a3ed7a6484be79a7 (patch)
treea400e9b54317c0d3665e3d851914a07d19abb1f3
parentc6a8db7d5385b773a8cfedb41444f348d984b383 (diff)
downloadsquark-afa7bc626af7ee010fbe3604a3ed7a6484be79a7.tar.bz2
squark-afa7bc626af7ee010fbe3604a3ed7a6484be79a7.tar.xz
auth-snmp: option to syslog authentication requests
Including some information where it fails.
-rw-r--r--src/squark-auth-snmp.c54
1 files changed, 51 insertions, 3 deletions
diff --git a/src/squark-auth-snmp.c b/src/squark-auth-snmp.c
index 40ef6b5..f6e8d5b 100644
--- a/src/squark-auth-snmp.c
+++ b/src/squark-auth-snmp.c
@@ -20,6 +20,7 @@
#include <fcntl.h>
#include <stdio.h>
+#include <syslog.h>
#include <string.h>
#include <unistd.h>
@@ -98,6 +99,7 @@ struct switch_info;
static int num_queries = 0;
static int running = TRUE;
static int kick_out = FALSE;
+static int do_syslog = FALSE;
static struct sqdb db;
static struct authdb adb;
@@ -259,6 +261,7 @@ struct switch_info {
struct auth_context {
char * token;
sockaddr_any addr;
+ char status_msg[64];
unsigned char mac[MAC_LEN];
int info_available;
struct switch_info * current_switch;
@@ -553,7 +556,7 @@ static int auth_ok(struct auth_context *auth)
static void auth_completed(struct auth_context *auth)
{
- char tmp[256];
+ char tmp[256], *uf_a, *uf_b;
void *token;
struct authdb_entry entry;
blob_t b = BLOB_BUF(tmp), un;
@@ -573,12 +576,27 @@ static void auth_completed(struct auth_context *auth)
}
blob_push(&b, BLOB_STR(" OK user="));
+ uf_a = b.ptr;
blob_push_formatted_username(&b, username_format, auth);
+ uf_b = b.ptr;
blob_push(&b, BLOB_PTR_LEN("\n", 1));
+ if (do_syslog) {
+ blob_t tmp = BLOB_PTR_PTR(uf_a, uf_b);
+ syslog(LOG_AUTHPRIV | LOG_INFO,
+ "%s authenticated as %.*s",
+ addr_print(&auth->addr),
+ tmp.len, tmp.ptr);
+ }
} else {
if (token != NULL)
authdb_commit_logout(token);
blob_push(&b, BLOB_STR(" ERR\n"));
+ if (do_syslog) {
+ syslog(LOG_AUTHPRIV | LOG_WARNING,
+ "%s failed: %s",
+ addr_print(&auth->addr),
+ auth->status_msg);
+ }
}
b = blob_pushed(BLOB_BUF(tmp), b);
write(STDOUT_FILENO, b.ptr, b.len);
@@ -659,6 +677,10 @@ static int auth_handle_portinfo_reply(int oper, netsnmp_session *s, int reqid, n
if (auth->webauth_name)
auth->info_available |= FORMAT_PORT_WEBAUTH;
+ snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+ "required info missing: info_available=%08x",
+ auth->info_available);
+
done:
if (kick_out && auth_ok(auth))
auth_force_reauthentication(auth);
@@ -702,6 +724,9 @@ static void auth_query_port_info(struct auth_context *auth)
query = blob_pushed(BLOB_OID(query_oids), query);
snmp_add_null_var(pdu, oid_blob(query));
}
+ snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+ "%s: query port info (%d)",
+ si->session->peername, auth->local_port);
auth_talk_snmp(auth, si->session, pdu, auth_handle_portinfo_reply);
}
@@ -807,6 +832,9 @@ static void auth_query_lldp(struct auth_context *auth, int root_query)
snmp_add_null_var(pdu, oid_blob(query));
}
+ snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+ "%s: query LLDP tables (%s)",
+ si->session->peername, root_query ? "link" : "lacp slaves");
cache_talk_snmp(&spi->cache_control, si->session, pdu, auth_handle_lldp_reply, auth);
}
@@ -875,6 +903,9 @@ static void auth_query_fib(struct auth_context *auth)
query = blob_pushed(BLOB_OID(query_oids), query);
snmp_add_null_var(pdu, oid_blob(query));
+ snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+ "%s: probe FIB",
+ si->session->peername);
auth_talk_snmp(auth, si->session, pdu, auth_handle_fib_reply);
}
@@ -927,9 +958,17 @@ static void auth_query_switch_info(struct auth_context *auth)
~(FORMAT_SWITCH_NAME | FORMAT_SWITCH_LOCATION |
FORMAT_PORT_INDEX);
+ snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+ "%s: refresh switch information",
+ si->session->peername);
+
if (!cache_refresh(&si->cache_control, auth, auth_query_fib))
return;
+ snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+ "%s: query switch information",
+ si->session->peername);
+
pdu = snmp_pdu_create(SNMP_MSG_GET);
snmp_add_null_var(pdu, oid_const(SNMPv2_MIB_sysName));
snmp_add_null_var(pdu, oid_const(SNMPv2_MIB_sysLocation));
@@ -988,6 +1027,10 @@ void start_authentication(blob_t token, blob_t ip)
query = blob_pushed(BLOB_OID(query_oids), query);
snmp_add_null_var(pdu, oid_blob(query));
+ snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+ "%s: map IP %s to MAC on VLAN %d",
+ l3_root_dev->session->peername,
+ addr_print(&auth->addr), l3_if_ndx);
auth_talk_snmp(auth, l3_root_dev->session, pdu, auth_handle_arp_reply);
}
@@ -1067,9 +1110,10 @@ int main(int argc, char **argv)
int opt, fds, block, i, rc = 1;
setenv("MIBS", "", 1);
- init_snmp("squark-auth");
+ init_snmp("squark-auth-snmp");
+ openlog("squark-auth-snmp", LOG_PID, LOG_DAEMON);
- while ((opt = getopt(argc, argv, "Vc:r:i:R:v:f:T:K")) != -1) {
+ while ((opt = getopt(argc, argv, "Vc:r:i:R:v:f:T:Ks")) != -1) {
switch (opt) {
case 'V':
fprintf(stderr, "squark-auth-snmp %s\n", squark_version);
@@ -1098,6 +1142,9 @@ int main(int argc, char **argv)
case 'K':
kick_out = TRUE;
break;
+ case 's':
+ do_syslog = TRUE;
+ break;
}
}
argc -= optind;
@@ -1162,6 +1209,7 @@ int main(int argc, char **argv)
err_adb:
sqdb_close(&db);
err_sqdb:
+ closelog();
return rc;
}