From afa7bc626af7ee010fbe3604a3ed7a6484be79a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Tue, 9 Nov 2010 12:37:06 +0200
Subject: auth-snmp: option to syslog authentication requests

Including some information where it fails.
---
 src/squark-auth-snmp.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 51 insertions(+), 3 deletions(-)

diff --git a/src/squark-auth-snmp.c b/src/squark-auth-snmp.c
index 40ef6b5..f6e8d5b 100644
--- a/src/squark-auth-snmp.c
+++ b/src/squark-auth-snmp.c
@@ -20,6 +20,7 @@
 
 #include <fcntl.h>
 #include <stdio.h>
+#include <syslog.h>
 #include <string.h>
 #include <unistd.h>
 
@@ -98,6 +99,7 @@ struct switch_info;
 static int num_queries = 0;
 static int running = TRUE;
 static int kick_out = FALSE;
+static int do_syslog = FALSE;
 
 static struct sqdb db;
 static struct authdb adb;
@@ -259,6 +261,7 @@ struct switch_info {
 struct auth_context {
 	char *			token;
 	sockaddr_any		addr;
+	char			status_msg[64];
 	unsigned char		mac[MAC_LEN];
 	int			info_available;
 	struct switch_info *	current_switch;
@@ -553,7 +556,7 @@ static int auth_ok(struct auth_context *auth)
 
 static void auth_completed(struct auth_context *auth)
 {
-	char tmp[256];
+	char tmp[256], *uf_a, *uf_b;
 	void *token;
 	struct authdb_entry entry;
 	blob_t b = BLOB_BUF(tmp), un;
@@ -573,12 +576,27 @@ static void auth_completed(struct auth_context *auth)
 		}
 
 		blob_push(&b, BLOB_STR(" OK user="));
+		uf_a = b.ptr;
 		blob_push_formatted_username(&b, username_format, auth);
+		uf_b = b.ptr;
 		blob_push(&b, BLOB_PTR_LEN("\n", 1));
+		if (do_syslog) {
+			blob_t tmp = BLOB_PTR_PTR(uf_a, uf_b);
+			syslog(LOG_AUTHPRIV | LOG_INFO,
+				"%s authenticated as %.*s",
+				addr_print(&auth->addr),
+				tmp.len, tmp.ptr);
+		}
 	} else {
 		if (token != NULL)
 			authdb_commit_logout(token);
 		blob_push(&b, BLOB_STR(" ERR\n"));
+		if (do_syslog) {
+			syslog(LOG_AUTHPRIV | LOG_WARNING,
+				"%s failed: %s",
+				addr_print(&auth->addr),
+				auth->status_msg);
+		}
 	}
 	b = blob_pushed(BLOB_BUF(tmp), b);
 	write(STDOUT_FILENO, b.ptr, b.len);
@@ -659,6 +677,10 @@ static int auth_handle_portinfo_reply(int oper, netsnmp_session *s, int reqid, n
 	if (auth->webauth_name)
 		auth->info_available |= FORMAT_PORT_WEBAUTH;
 
+	snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+		 "required info missing: info_available=%08x",
+		 auth->info_available);
+
 done:
 	if (kick_out && auth_ok(auth))
 		auth_force_reauthentication(auth);
@@ -702,6 +724,9 @@ static void auth_query_port_info(struct auth_context *auth)
 		query = blob_pushed(BLOB_OID(query_oids), query);
 		snmp_add_null_var(pdu, oid_blob(query));
 	}
+	snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+		 "%s: query port info (%d)",
+		 si->session->peername, auth->local_port);
 	auth_talk_snmp(auth, si->session, pdu, auth_handle_portinfo_reply);
 }
 
@@ -807,6 +832,9 @@ static void auth_query_lldp(struct auth_context *auth, int root_query)
 		snmp_add_null_var(pdu, oid_blob(query));
 	}
 
+	snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+		 "%s: query LLDP tables (%s)",
+		 si->session->peername, root_query ? "link" : "lacp slaves");
 	cache_talk_snmp(&spi->cache_control, si->session, pdu, auth_handle_lldp_reply, auth);
 }
 
@@ -875,6 +903,9 @@ static void auth_query_fib(struct auth_context *auth)
 	query = blob_pushed(BLOB_OID(query_oids), query);
 	snmp_add_null_var(pdu, oid_blob(query));
 
+	snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+		 "%s: probe FIB",
+		 si->session->peername);
 	auth_talk_snmp(auth, si->session, pdu, auth_handle_fib_reply);
 }
 
@@ -927,9 +958,17 @@ static void auth_query_switch_info(struct auth_context *auth)
 		~(FORMAT_SWITCH_NAME | FORMAT_SWITCH_LOCATION |
 		  FORMAT_PORT_INDEX);
 
+	snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+		 "%s: refresh switch information",
+		 si->session->peername);
+
 	if (!cache_refresh(&si->cache_control, auth, auth_query_fib))
 		return;
 
+	snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+		 "%s: query switch information",
+		 si->session->peername);
+
 	pdu = snmp_pdu_create(SNMP_MSG_GET);
 	snmp_add_null_var(pdu, oid_const(SNMPv2_MIB_sysName));
 	snmp_add_null_var(pdu, oid_const(SNMPv2_MIB_sysLocation));
@@ -988,6 +1027,10 @@ void start_authentication(blob_t token, blob_t ip)
 	query = blob_pushed(BLOB_OID(query_oids), query);
 	snmp_add_null_var(pdu, oid_blob(query));
 
+	snprintf(auth->status_msg, sizeof(auth->status_msg)-1,
+		 "%s: map IP %s to MAC on VLAN %d",
+		 l3_root_dev->session->peername,
+		 addr_print(&auth->addr), l3_if_ndx);
 	auth_talk_snmp(auth, l3_root_dev->session, pdu, auth_handle_arp_reply);
 }
 
@@ -1067,9 +1110,10 @@ int main(int argc, char **argv)
 	int opt, fds, block, i, rc = 1;
 
 	setenv("MIBS", "", 1);
-	init_snmp("squark-auth");
+	init_snmp("squark-auth-snmp");
+	openlog("squark-auth-snmp", LOG_PID, LOG_DAEMON);
 
-	while ((opt = getopt(argc, argv, "Vc:r:i:R:v:f:T:K")) != -1) {
+	while ((opt = getopt(argc, argv, "Vc:r:i:R:v:f:T:Ks")) != -1) {
 		switch (opt) {
 		case 'V':
 			fprintf(stderr, "squark-auth-snmp %s\n", squark_version);
@@ -1098,6 +1142,9 @@ int main(int argc, char **argv)
 		case 'K':
 			kick_out = TRUE;
 			break;
+		case 's':
+			do_syslog = TRUE;
+			break;
 		}
 	}
 	argc -= optind;
@@ -1162,6 +1209,7 @@ int main(int argc, char **argv)
 err_adb:
 	sqdb_close(&db);
 err_sqdb:
+	closelog();
 
 	return rc;
 }
-- 
cgit v1.2.3