13 #include <sys/param.h> 15 #include <sys/types.h> 18 #include <sys/socket.h> 19 #include <arpa/inet.h> 20 #include <netinet/in.h> 21 #include <netinet/ip.h> 22 #include <netinet/tcp.h> 36 #ifdef HAVE_GNUTLS_GNUTLS_H 37 # include <gnutls/gnutls.h> 41 #ifdef HAVE_LINUX_SWAB_H 42 # include <linux/swab.h> 48 #define __swab16(x) ((uint16_t)( \ 49 (((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \ 50 (((uint16_t)(x) & (uint16_t)0xff00U) >> 8))) 52 #define __swab32(x) ((uint32_t)( \ 53 (((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \ 54 (((uint32_t)(x) & (uint32_t)0x0000ff00UL) << 8) | \ 55 (((uint32_t)(x) & (uint32_t)0x00ff0000UL) >> 8) | \ 56 (((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24))) 58 #define __swab64(x) ((uint64_t)( \ 59 (((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \ 60 (((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \ 61 (((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \ 62 (((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) << 8) | \ 63 (((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >> 8) | \ 64 (((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \ 65 (((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \ 66 (((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56))) 69 #define REMOTE_MSG_VERSION 1 70 #define ENDIAN_LOCAL 0xBADADBBD 72 struct remote_header_v0 {
97 static struct remote_header_v0 *
100 struct remote_header_v0 *header = (
struct remote_header_v0 *)remote->
buffer;
101 if(remote->
buffer_offset <
sizeof(
struct remote_header_v0)) {
109 crm_err(
"Invalid message detected, endian mismatch: %" PRIx32
110 " is neither %" PRIx32
" nor the swab'd %" PRIx32,
116 header->flags =
__swab64(header->flags);
117 header->endian =
__swab32(header->endian);
119 header->version =
__swab32(header->version);
120 header->size_total =
__swab32(header->size_total);
121 header->payload_offset =
__swab32(header->payload_offset);
122 header->payload_compressed =
__swab32(header->payload_compressed);
123 header->payload_uncompressed =
__swab32(header->payload_uncompressed);
129 #ifdef HAVE_GNUTLS_GNUTLS_H 132 pcmk__tls_client_handshake(
pcmk__remote_t *remote,
int timeout_sec,
135 const time_t time_limit = time(NULL) + timeout_sec;
137 if (gnutls_rc != NULL) {
138 *gnutls_rc = GNUTLS_E_SUCCESS;
141 int rc = gnutls_handshake(*remote->tls_session);
144 case GNUTLS_E_SUCCESS:
147 case GNUTLS_E_INTERRUPTED:
156 if (gnutls_rc != NULL) {
161 }
while (time(NULL) < time_limit);
172 set_minimum_dh_bits(
const gnutls_session_t *session)
183 if (dh_min_bits > 0) {
184 crm_info(
"Requiring server use a Diffie-Hellman prime of at least %d bits",
187 "environment variable is deprecated and will be removed " 188 "in a future release");
189 gnutls_dh_set_prime_bits(*session, dh_min_bits);
194 get_bound_dh_bits(
unsigned int dh_bits)
204 if ((dh_max_bits > 0) && (dh_max_bits < dh_min_bits)) {
205 crm_warn(
"Ignoring PCMK_dh_max_bits less than PCMK_dh_min_bits");
208 if ((dh_min_bits > 0) && (dh_bits < dh_min_bits)) {
211 if ((dh_max_bits > 0) && (dh_bits > dh_max_bits)) {
229 pcmk__new_tls_session(
int csock,
unsigned int conn_type,
230 gnutls_credentials_type_t cred_type,
void *credentials)
232 int rc = GNUTLS_E_SUCCESS;
233 const char *prio_base = NULL;
235 gnutls_session_t *session = NULL;
245 if (prio_base == NULL) {
249 (cred_type == GNUTLS_CRD_ANON)?
"+ANON-DH" :
"+DHE-PSK:+PSK");
251 session = gnutls_malloc(
sizeof(gnutls_session_t));
252 if (session == NULL) {
253 rc = GNUTLS_E_MEMORY_ERROR;
257 rc = gnutls_init(session, conn_type);
258 if (rc != GNUTLS_E_SUCCESS) {
266 rc = gnutls_priority_set_direct(*session, prio, NULL);
267 if (rc != GNUTLS_E_SUCCESS) {
270 if (conn_type == GNUTLS_CLIENT) {
271 set_minimum_dh_bits(session);
274 gnutls_transport_set_ptr(*session,
275 (gnutls_transport_ptr_t) GINT_TO_POINTER(csock));
277 rc = gnutls_credentials_set(*session, cred_type, credentials);
278 if (rc != GNUTLS_E_SUCCESS) {
285 crm_err(
"Could not initialize %s TLS %s session: %s " 286 CRM_XS " rc=%d priority='%s'",
287 (cred_type == GNUTLS_CRD_ANON)?
"anonymous" :
"PSK",
288 (conn_type == GNUTLS_SERVER)?
"server" :
"client",
289 gnutls_strerror(rc), rc, prio);
291 if (session != NULL) {
292 gnutls_free(session);
313 pcmk__init_tls_dh(gnutls_dh_params_t *dh_params)
315 int rc = GNUTLS_E_SUCCESS;
316 unsigned int dh_bits = 0;
318 rc = gnutls_dh_params_init(dh_params);
319 if (rc != GNUTLS_E_SUCCESS) {
323 dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
324 GNUTLS_SEC_PARAM_NORMAL);
326 rc = GNUTLS_E_DH_PRIME_UNACCEPTABLE;
329 dh_bits = get_bound_dh_bits(dh_bits);
331 crm_info(
"Generating Diffie-Hellman parameters with %u-bit prime for TLS",
333 rc = gnutls_dh_params_generate2(*dh_params, dh_bits);
334 if (rc != GNUTLS_E_SUCCESS) {
341 crm_err(
"Could not initialize Diffie-Hellman parameters for TLS: %s " 342 CRM_XS " rc=%d", gnutls_strerror(rc), rc);
365 rc = gnutls_handshake(*client->
remote->tls_session);
366 }
while (rc == GNUTLS_E_INTERRUPTED);
368 if (rc == GNUTLS_E_AGAIN) {
373 }
else if (rc != GNUTLS_E_SUCCESS) {
374 crm_err(
"TLS handshake with remote client failed: %s " 375 CRM_XS " rc=%d", gnutls_strerror(rc), rc);
383 send_tls(gnutls_session_t *session,
struct iovec *iov)
385 const char *unsent = iov->iov_base;
386 size_t unsent_len = iov->iov_len;
389 if (unsent == NULL) {
393 crm_trace(
"Sending TLS message of %llu bytes",
394 (
unsigned long long) unsent_len);
396 gnutls_rc = gnutls_record_send(*session, unsent, unsent_len);
398 if (gnutls_rc == GNUTLS_E_INTERRUPTED || gnutls_rc == GNUTLS_E_AGAIN) {
399 crm_trace(
"Retrying to send %llu bytes remaining",
400 (
unsigned long long) unsent_len);
402 }
else if (gnutls_rc < 0) {
405 gnutls_strerror((
int) gnutls_rc),
406 (
long long) gnutls_rc);
409 }
else if (gnutls_rc < unsent_len) {
410 crm_trace(
"Sent %lld of %llu bytes remaining",
411 (
long long) gnutls_rc, (
unsigned long long) unsent_len);
412 unsent_len -= gnutls_rc;
415 crm_trace(
"Sent all %lld bytes remaining", (
long long) gnutls_rc);
425 send_plaintext(
int sock,
struct iovec *iov)
427 const char *unsent = iov->iov_base;
428 size_t unsent_len = iov->iov_len;
431 if (unsent == NULL) {
435 crm_debug(
"Sending plaintext message of %llu bytes to socket %d",
436 (
unsigned long long) unsent_len, sock);
438 write_rc = write(sock, unsent, unsent_len);
442 if ((errno == EINTR) || (errno == EAGAIN)) {
443 crm_trace(
"Retrying to send %llu bytes remaining to socket %d",
444 (
unsigned long long) unsent_len, sock);
453 }
else if (write_rc < unsent_len) {
454 crm_trace(
"Sent %lld of %llu bytes remaining",
455 (
long long) write_rc, (
unsigned long long) unsent_len);
457 unsent_len -= write_rc;
461 crm_trace(
"Sent all %lld bytes remaining: %.100s",
462 (
long long) write_rc, (
char *) (iov->iov_base));
471 remote_send_iovs(
pcmk__remote_t *remote,
struct iovec *iov,
int iovs)
475 for (
int lpc = 0; (lpc < iovs) && (rc ==
pcmk_rc_ok); lpc++) {
476 #ifdef HAVE_GNUTLS_GNUTLS_H 477 if (remote->tls_session) {
478 rc = send_tls(remote->tls_session, &(iov[lpc]));
483 rc = send_plaintext(remote->
tcp_socket, &(iov[lpc]));
485 rc = ESOCKTNOSUPPORT;
504 static uint64_t
id = 0;
505 GString *xml_text = NULL;
508 struct remote_header_v0 *header;
510 CRM_CHECK((remote != NULL) && (msg != NULL),
return EINVAL);
512 xml_text = g_string_sized_new(1024);
515 g_string_free(xml_text, TRUE);
return EINVAL);
519 iov[0].iov_base = header;
520 iov[0].iov_len =
sizeof(
struct remote_header_v0);
522 iov[1].iov_len = 1 + xml_text->len;
523 iov[1].iov_base = g_string_free(xml_text, FALSE);
529 header->payload_offset = iov[0].iov_len;
530 header->payload_uncompressed = iov[1].iov_len;
531 header->size_total = iov[0].iov_len + iov[1].iov_len;
533 rc = remote_send_iovs(remote, iov, 2);
535 crm_err(
"Could not send remote message: %s " CRM_XS " rc=%d",
539 free(iov[0].iov_base);
540 g_free((gchar *) iov[1].iov_base);
557 struct remote_header_v0 *header = localized_remote_header(remote);
559 if (header == NULL) {
564 if (header->payload_compressed) {
566 unsigned int size_u = 1 + header->payload_uncompressed;
570 crm_trace(
"Decompressing message data %d bytes into %d bytes",
571 header->payload_compressed, size_u);
573 rc = BZ2_bzBuffToBuffDecompress(uncompressed + header->payload_offset, &size_u,
574 remote->
buffer + header->payload_offset,
575 header->payload_compressed, 1, 0);
579 crm_warn(
"Couldn't decompress v%d message, we only understand v%d",
591 CRM_ASSERT(size_u == header->payload_uncompressed);
593 memcpy(uncompressed, remote->
buffer, header->payload_offset);
594 remote->
buffer_size = header->payload_offset + size_u;
597 remote->
buffer = uncompressed;
598 header = localized_remote_header(remote);
604 CRM_LOG_ASSERT(remote->
buffer[
sizeof(
struct remote_header_v0) + header->payload_uncompressed - 1] == 0);
608 crm_warn(
"Couldn't parse v%d message, we only understand v%d",
611 }
else if (xml == NULL) {
612 crm_err(
"Couldn't parse: '%.120s'", remote->
buffer + header->payload_offset);
621 #ifdef HAVE_GNUTLS_GNUTLS_H 622 if (remote->tls_session) {
623 void *sock_ptr = gnutls_transport_get_ptr(*remote->tls_session);
625 return GPOINTER_TO_INT(sock_ptr);
633 crm_err(
"Remote connection type undetermined (bug?)");
651 struct pollfd fds = { 0, };
657 sock = get_remote_socket(remote);
672 if (errno == EINTR && (
timeout > 0)) {
673 timeout = timeout_ms - ((time(NULL) - start) * 1000);
680 }
while (rc < 0 && errno == EINTR);
704 size_t read_len =
sizeof(
struct remote_header_v0);
705 struct remote_header_v0 *header = localized_remote_header(remote);
706 bool received =
false;
711 read_len = header->size_total;
717 crm_trace(
"Expanding buffer to %llu bytes",
722 #ifdef HAVE_GNUTLS_GNUTLS_H 723 if (!received && remote->tls_session) {
724 read_rc = gnutls_record_recv(*(remote->tls_session),
727 if (read_rc == GNUTLS_E_INTERRUPTED) {
729 }
else if (read_rc == GNUTLS_E_AGAIN) {
731 }
else if (read_rc < 0) {
732 crm_debug(
"TLS receive failed: %s (%lld)",
733 gnutls_strerror(read_rc), (
long long) read_rc);
751 crm_err(
"Remote connection type undetermined (bug?)");
752 return ESOCKTNOSUPPORT;
760 crm_trace(
"Received %lld more bytes (%llu total)",
764 }
else if ((rc == EINTR) || (rc == EAGAIN)) {
765 crm_trace(
"No data available for non-blocking remote read: %s (%d)",
768 }
else if (read_rc == 0) {
769 crm_debug(
"End of remote data encountered after %llu bytes",
774 crm_debug(
"Error receiving remote data after %llu bytes: %s (%d)",
780 header = localized_remote_header(remote);
783 crm_trace(
"Read partial remote message (%llu of %u bytes)",
787 crm_trace(
"Read full remote message of %llu bytes",
810 time_t start = time(NULL);
811 int remaining_timeout = 0;
813 if (timeout_ms == 0) {
815 }
else if (timeout_ms < 0) {
819 remaining_timeout = timeout_ms;
820 while (remaining_timeout > 0) {
822 crm_trace(
"Waiting for remote data (%d ms of %d ms timeout remaining)",
823 remaining_timeout, timeout_ms);
827 crm_err(
"Timed out (%d ms) while waiting for remote data",
832 crm_debug(
"Wait for remote data aborted (will retry): %s " 836 rc = read_available_remote_data(remote);
839 }
else if (rc == EAGAIN) {
840 crm_trace(
"Waiting for more remote data");
848 if ((rc == ENOTCONN) || (rc == ESOCKTNOSUPPORT)) {
852 remaining_timeout = timeout_ms - ((time(NULL) - start) * 1000);
857 struct tcp_async_cb_data {
862 void (*callback) (
void *userdata,
int rc,
int sock);
867 check_connect_finished(gpointer userdata)
869 struct tcp_async_cb_data *cb_data = userdata;
873 struct timeval ts = { 0, };
875 if (cb_data->start == 0) {
883 FD_SET(cb_data->sock, &rset);
885 rc = select(cb_data->sock + 1, &rset, &wset, NULL, &ts);
889 if ((rc == EINPROGRESS) || (rc == EAGAIN)) {
890 if ((time(NULL) - cb_data->start) < (cb_data->timeout_ms / 1000)) {
896 crm_trace(
"Could not check socket %d for connection success: %s (%d)",
899 }
else if (rc == 0) {
900 if ((time(NULL) - cb_data->start) < (cb_data->timeout_ms / 1000)) {
903 crm_debug(
"Timed out while waiting for socket %d connection success",
909 }
else if (FD_ISSET(cb_data->sock, &rset)
910 || FD_ISSET(cb_data->sock, &wset)) {
914 socklen_t len =
sizeof(error);
916 if (getsockopt(cb_data->sock, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
918 crm_trace(
"Couldn't check socket %d for connection errors: %s (%d)",
920 }
else if (error != 0) {
922 crm_trace(
"Socket %d connected with error: %s (%d)",
929 crm_trace(
"select() succeeded, but socket %d not in resulting " 930 "read/write sets", cb_data->sock);
936 crm_trace(
"Socket %d is connected", cb_data->sock);
938 close(cb_data->sock);
942 if (cb_data->callback) {
943 cb_data->callback(cb_data->userdata, rc, cb_data->sock);
968 connect_socket_retry(
int sock,
const struct sockaddr *addr, socklen_t addrlen,
969 int timeout_ms,
int *timer_id,
void *userdata,
970 void (*callback) (
void *userdata,
int rc,
int sock))
975 struct tcp_async_cb_data *cb_data = NULL;
979 crm_warn(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
984 rc = connect(sock, addr, addrlen);
985 if (rc < 0 && (errno != EINPROGRESS) && (errno != EAGAIN)) {
993 cb_data->userdata = userdata;
994 cb_data->callback = callback;
995 cb_data->sock = sock;
996 cb_data->timeout_ms = timeout_ms;
1006 cb_data->start = time(NULL);
1018 crm_trace(
"Scheduling check in %dms for whether connect to fd %d finished",
1020 timer = g_timeout_add(interval, check_connect_finished, cb_data);
1041 connect_socket_once(
int sock,
const struct sockaddr *addr, socklen_t addrlen)
1043 int rc = connect(sock, addr, addrlen);
1054 crm_warn(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
1080 int *sock_fd,
void *userdata,
1081 void (*callback) (
void *userdata,
int rc,
int sock))
1083 char buffer[INET6_ADDRSTRLEN];
1084 struct addrinfo *res = NULL;
1085 struct addrinfo *rp = NULL;
1086 struct addrinfo hints;
1087 const char *server =
host;
1091 CRM_CHECK((
host != NULL) && (sock_fd != NULL),
return EINVAL);
1094 memset(&hints, 0,
sizeof(
struct addrinfo));
1095 hints.ai_family = AF_UNSPEC;
1096 hints.ai_socktype = SOCK_STREAM;
1097 hints.ai_flags = AI_CANONNAME;
1099 rc = getaddrinfo(server, NULL, &hints, &res);
1103 crm_err(
"Unable to get IP address info for %s: %s",
1108 if (!res || !res->ai_addr) {
1109 crm_err(
"Unable to get IP address info for %s: no result", server);
1115 for (rp = res; rp != NULL; rp = rp->ai_next) {
1116 struct sockaddr *addr = rp->ai_addr;
1122 if (rp->ai_canonname) {
1123 server = res->ai_canonname;
1127 sock = socket(rp->ai_family, SOCK_STREAM, IPPROTO_TCP);
1130 crm_warn(
"Could not create socket for remote connection to %s:%d: " 1137 if (addr->sa_family == AF_INET6) {
1138 ((
struct sockaddr_in6 *)(
void*)addr)->sin6_port = htons(port);
1140 ((
struct sockaddr_in *)(
void*)addr)->sin_port = htons(port);
1145 crm_info(
"Attempting remote connection to %s:%d", buffer, port);
1148 if (connect_socket_retry(sock, rp->ai_addr, rp->ai_addrlen,
timeout,
1149 timer_id, userdata, callback) ==
pcmk_rc_ok) {
1153 }
else if (connect_socket_once(sock, rp->ai_addr,
1187 switch (((
const struct sockaddr *) sa)->sa_family) {
1189 inet_ntop(AF_INET, &(((
const struct sockaddr_in *) sa)->sin_addr),
1190 s, INET6_ADDRSTRLEN);
1195 &(((
const struct sockaddr_in6 *) sa)->sin6_addr),
1196 s, INET6_ADDRSTRLEN);
1200 strcpy(s,
"<invalid>");
1217 struct sockaddr_storage addr;
1218 socklen_t laddr =
sizeof(addr);
1219 char addr_str[INET6_ADDRSTRLEN];
1220 #ifdef TCP_USER_TIMEOUT 1221 long sbd_timeout = 0;
1225 memset(&addr, 0,
sizeof(addr));
1226 *csock = accept(ssock, (
struct sockaddr *)&addr, &laddr);
1229 crm_err(
"Could not accept remote client connection: %s " 1234 crm_info(
"Accepted new remote client connection from %s", addr_str);
1238 crm_err(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
1245 #ifdef TCP_USER_TIMEOUT 1247 if (sbd_timeout > 0) {
1249 long half = sbd_timeout / 2;
1250 unsigned int optval = (half <= UINT_MAX)? half : UINT_MAX;
1252 rc = setsockopt(*csock, SOL_TCP, TCP_USER_TIMEOUT,
1253 &optval,
sizeof(optval));
1256 crm_err(
"Could not set TCP timeout to %d ms on remote connection: " 1276 static int port = 0;
1283 port = strtol(env, NULL, 10);
1284 if (errno || (port < 1) || (port > 65535)) {
1286 " has invalid value '%s', using %d instead",
#define CRM_CHECK(expr, failure_action)
int pcmk__set_nonblocking(int fd)
#define PCMK__ENV_DH_MIN_BITS
uint32_t payload_compressed
int pcmk__scan_min_int(const char *text, int *result, int minimum)
void pcmk__xml_string(const xmlNode *data, uint32_t options, GString *buffer, int depth)
#define PCMK__ENV_REMOTE_PORT
uint32_t payload_uncompressed
#define CRM_LOG_ASSERT(expr)
int crm_default_remote_port(void)
Get the default remote connection TCP port on this host.
const char * pcmk_rc_str(int rc)
Get a user-friendly description of a return code.
const char * pcmk__env_option(const char *option)
Wrappers for and extensions to glib mainloop.
void pcmk__sockaddr2str(const void *sa, char *s)
#define DEFAULT_REMOTE_PORT
#define PCMK_GNUTLS_PRIORITIES
#define PCMK__ENV_TLS_PRIORITIES
#define crm_warn(fmt, args...)
#define crm_debug(fmt, args...)
int pcmk__remote_ready(const pcmk__remote_t *remote, int timeout_ms)
#define crm_trace(fmt, args...)
char * crm_strdup_printf(char const *format,...) G_GNUC_PRINTF(1
Wrappers for and extensions to libxml2.
long pcmk__get_sbd_watchdog_timeout(void)
xmlNode * pcmk__xml_parse(const char *input)
struct tcp_async_cb_data __attribute__
int pcmk__bzlib2rc(int bz2)
Map a bz2 return code to the most similar Pacemaker return code.
#define REMOTE_MSG_VERSION
int pcmk__gaierror2rc(int gai)
Map a getaddrinfo() return code to the most similar Pacemaker return code.
#define crm_err(fmt, args...)
int pcmk__accept_remote_connection(int ssock, int *csock)
#define PCMK__ENV_DH_MAX_BITS
int pcmk__connect_remote(const char *host, int port, int timeout, int *timer_id, int *sock_fd, void *userdata, void(*callback)(void *userdata, int rc, int sock))
int pcmk__read_remote_message(pcmk__remote_t *remote, int timeout_ms)
xmlNode * pcmk__remote_message_xml(pcmk__remote_t *remote)
struct pcmk__remote_s * remote
#define pcmk__assert_alloc(nmemb, size)
#define crm_info(fmt, args...)
int pcmk__remote_send_xml(pcmk__remote_t *remote, const xmlNode *msg)
