13 #include <sys/param.h> 15 #include <sys/types.h> 18 #include <sys/socket.h> 19 #include <arpa/inet.h> 20 #include <netinet/in.h> 21 #include <netinet/ip.h> 22 #include <netinet/tcp.h> 36 #ifdef HAVE_GNUTLS_GNUTLS_H 37 # include <gnutls/gnutls.h> 41 #ifdef HAVE_LINUX_SWAB_H 42 # include <linux/swab.h> 48 #define __swab16(x) ((uint16_t)( \ 49 (((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \ 50 (((uint16_t)(x) & (uint16_t)0xff00U) >> 8))) 52 #define __swab32(x) ((uint32_t)( \ 53 (((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \ 54 (((uint32_t)(x) & (uint32_t)0x0000ff00UL) << 8) | \ 55 (((uint32_t)(x) & (uint32_t)0x00ff0000UL) >> 8) | \ 56 (((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24))) 58 #define __swab64(x) ((uint64_t)( \ 59 (((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \ 60 (((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \ 61 (((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \ 62 (((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) << 8) | \ 63 (((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >> 8) | \ 64 (((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \ 65 (((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \ 66 (((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56))) 69 #define REMOTE_MSG_VERSION 1 70 #define ENDIAN_LOCAL 0xBADADBBD 72 struct remote_header_v0 {
97 static struct remote_header_v0 *
100 struct remote_header_v0 *header = (
struct remote_header_v0 *)remote->
buffer;
101 if(remote->
buffer_offset <
sizeof(
struct remote_header_v0)) {
109 crm_err(
"Invalid message detected, endian mismatch: %" PRIx32
110 " is neither %" PRIx32
" nor the swab'd %" PRIx32,
116 header->flags =
__swab64(header->flags);
117 header->endian =
__swab32(header->endian);
119 header->version =
__swab32(header->version);
120 header->size_total =
__swab32(header->size_total);
121 header->payload_offset =
__swab32(header->payload_offset);
122 header->payload_compressed =
__swab32(header->payload_compressed);
123 header->payload_uncompressed =
__swab32(header->payload_uncompressed);
129 #ifdef HAVE_GNUTLS_GNUTLS_H 132 pcmk__tls_client_try_handshake(
pcmk__remote_t *remote,
int *gnutls_rc)
136 if (gnutls_rc != NULL) {
137 *gnutls_rc = GNUTLS_E_SUCCESS;
140 rc = gnutls_handshake(*remote->tls_session);
143 case GNUTLS_E_SUCCESS:
147 case GNUTLS_E_INTERRUPTED:
153 if (gnutls_rc != NULL) {
164 int pcmk__tls_client_handshake(
pcmk__remote_t *remote,
int timeout_sec,
167 const time_t time_limit = time(NULL) + timeout_sec;
170 int rc = pcmk__tls_client_try_handshake(remote, gnutls_rc);
175 }
while (time(NULL) < time_limit);
187 set_minimum_dh_bits(
const gnutls_session_t *session)
198 if (dh_min_bits > 0) {
199 crm_info(
"Requiring server use a Diffie-Hellman prime of at least %d bits",
202 "environment variable is deprecated and will be removed " 203 "in a future release");
204 gnutls_dh_set_prime_bits(*session, dh_min_bits);
209 get_bound_dh_bits(
unsigned int dh_bits)
219 if ((dh_max_bits > 0) && (dh_max_bits < dh_min_bits)) {
220 crm_warn(
"Ignoring PCMK_dh_max_bits less than PCMK_dh_min_bits");
223 if ((dh_min_bits > 0) && (dh_bits < dh_min_bits)) {
226 if ((dh_max_bits > 0) && (dh_bits > dh_max_bits)) {
244 pcmk__new_tls_session(
int csock,
unsigned int conn_type,
245 gnutls_credentials_type_t cred_type,
void *credentials)
247 int rc = GNUTLS_E_SUCCESS;
248 const char *prio_base = NULL;
250 gnutls_session_t *session = NULL;
260 if (prio_base == NULL) {
264 (cred_type == GNUTLS_CRD_ANON)?
"+ANON-DH" :
"+DHE-PSK:+PSK");
266 session = gnutls_malloc(
sizeof(gnutls_session_t));
267 if (session == NULL) {
268 rc = GNUTLS_E_MEMORY_ERROR;
272 rc = gnutls_init(session, conn_type);
273 if (rc != GNUTLS_E_SUCCESS) {
281 rc = gnutls_priority_set_direct(*session, prio, NULL);
282 if (rc != GNUTLS_E_SUCCESS) {
285 if (conn_type == GNUTLS_CLIENT) {
286 set_minimum_dh_bits(session);
289 gnutls_transport_set_ptr(*session,
290 (gnutls_transport_ptr_t) GINT_TO_POINTER(csock));
292 rc = gnutls_credentials_set(*session, cred_type, credentials);
293 if (rc != GNUTLS_E_SUCCESS) {
300 crm_err(
"Could not initialize %s TLS %s session: %s " 301 CRM_XS " rc=%d priority='%s'",
302 (cred_type == GNUTLS_CRD_ANON)?
"anonymous" :
"PSK",
303 (conn_type == GNUTLS_SERVER)?
"server" :
"client",
304 gnutls_strerror(rc), rc, prio);
306 if (session != NULL) {
307 gnutls_free(session);
328 pcmk__init_tls_dh(gnutls_dh_params_t *dh_params)
330 int rc = GNUTLS_E_SUCCESS;
331 unsigned int dh_bits = 0;
333 rc = gnutls_dh_params_init(dh_params);
334 if (rc != GNUTLS_E_SUCCESS) {
338 dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
339 GNUTLS_SEC_PARAM_NORMAL);
341 rc = GNUTLS_E_DH_PRIME_UNACCEPTABLE;
344 dh_bits = get_bound_dh_bits(dh_bits);
346 crm_info(
"Generating Diffie-Hellman parameters with %u-bit prime for TLS",
348 rc = gnutls_dh_params_generate2(*dh_params, dh_bits);
349 if (rc != GNUTLS_E_SUCCESS) {
356 crm_err(
"Could not initialize Diffie-Hellman parameters for TLS: %s " 357 CRM_XS " rc=%d", gnutls_strerror(rc), rc);
378 && (client->
remote->tls_session != NULL));
381 rc = gnutls_handshake(*client->
remote->tls_session);
382 }
while (rc == GNUTLS_E_INTERRUPTED);
384 if (rc == GNUTLS_E_AGAIN) {
389 }
else if (rc != GNUTLS_E_SUCCESS) {
390 crm_err(
"TLS handshake with remote client failed: %s " 391 CRM_XS " rc=%d", gnutls_strerror(rc), rc);
399 send_tls(gnutls_session_t *session,
struct iovec *iov)
401 const char *unsent = iov->iov_base;
402 size_t unsent_len = iov->iov_len;
405 if (unsent == NULL) {
409 crm_trace(
"Sending TLS message of %llu bytes",
410 (
unsigned long long) unsent_len);
412 gnutls_rc = gnutls_record_send(*session, unsent, unsent_len);
414 if (gnutls_rc == GNUTLS_E_INTERRUPTED || gnutls_rc == GNUTLS_E_AGAIN) {
415 crm_trace(
"Retrying to send %llu bytes remaining",
416 (
unsigned long long) unsent_len);
418 }
else if (gnutls_rc < 0) {
421 gnutls_strerror((
int) gnutls_rc),
422 (
long long) gnutls_rc);
425 }
else if (gnutls_rc < unsent_len) {
426 crm_trace(
"Sent %lld of %llu bytes remaining",
427 (
long long) gnutls_rc, (
unsigned long long) unsent_len);
428 unsent_len -= gnutls_rc;
431 crm_trace(
"Sent all %lld bytes remaining", (
long long) gnutls_rc);
441 send_plaintext(
int sock,
struct iovec *iov)
443 const char *unsent = iov->iov_base;
444 size_t unsent_len = iov->iov_len;
447 if (unsent == NULL) {
451 crm_debug(
"Sending plaintext message of %llu bytes to socket %d",
452 (
unsigned long long) unsent_len, sock);
454 write_rc = write(sock, unsent, unsent_len);
458 if ((errno == EINTR) || (errno == EAGAIN)) {
459 crm_trace(
"Retrying to send %llu bytes remaining to socket %d",
460 (
unsigned long long) unsent_len, sock);
469 }
else if (write_rc < unsent_len) {
470 crm_trace(
"Sent %lld of %llu bytes remaining",
471 (
long long) write_rc, (
unsigned long long) unsent_len);
473 unsent_len -= write_rc;
477 crm_trace(
"Sent all %lld bytes remaining: %.100s",
478 (
long long) write_rc, (
char *) (iov->iov_base));
487 remote_send_iovs(
pcmk__remote_t *remote,
struct iovec *iov,
int iovs)
491 for (
int lpc = 0; (lpc < iovs) && (rc ==
pcmk_rc_ok); lpc++) {
492 #ifdef HAVE_GNUTLS_GNUTLS_H 493 if (remote->tls_session) {
494 rc = send_tls(remote->tls_session, &(iov[lpc]));
499 rc = send_plaintext(remote->
tcp_socket, &(iov[lpc]));
501 rc = ESOCKTNOSUPPORT;
520 static uint64_t
id = 0;
521 GString *xml_text = NULL;
524 struct remote_header_v0 *header;
526 CRM_CHECK((remote != NULL) && (msg != NULL),
return EINVAL);
528 xml_text = g_string_sized_new(1024);
531 g_string_free(xml_text, TRUE);
return EINVAL);
535 iov[0].iov_base = header;
536 iov[0].iov_len =
sizeof(
struct remote_header_v0);
538 iov[1].iov_len = 1 + xml_text->len;
539 iov[1].iov_base = g_string_free(xml_text, FALSE);
545 header->payload_offset = iov[0].iov_len;
546 header->payload_uncompressed = iov[1].iov_len;
547 header->size_total = iov[0].iov_len + iov[1].iov_len;
549 rc = remote_send_iovs(remote, iov, 2);
551 crm_err(
"Could not send remote message: %s " CRM_XS " rc=%d",
555 free(iov[0].iov_base);
556 g_free((gchar *) iov[1].iov_base);
573 struct remote_header_v0 *header = localized_remote_header(remote);
575 if (header == NULL) {
580 if (header->payload_compressed) {
582 unsigned int size_u = 1 + header->payload_uncompressed;
586 crm_trace(
"Decompressing message data %d bytes into %d bytes",
587 header->payload_compressed, size_u);
589 rc = BZ2_bzBuffToBuffDecompress(uncompressed + header->payload_offset, &size_u,
590 remote->
buffer + header->payload_offset,
591 header->payload_compressed, 1, 0);
595 crm_warn(
"Couldn't decompress v%d message, we only understand v%d",
609 memcpy(uncompressed, remote->
buffer, header->payload_offset);
610 remote->
buffer_size = header->payload_offset + size_u;
613 remote->
buffer = uncompressed;
614 header = localized_remote_header(remote);
620 CRM_LOG_ASSERT(remote->
buffer[
sizeof(
struct remote_header_v0) + header->payload_uncompressed - 1] == 0);
624 crm_warn(
"Couldn't parse v%d message, we only understand v%d",
627 }
else if (xml == NULL) {
628 crm_err(
"Couldn't parse: '%.120s'", remote->
buffer + header->payload_offset);
638 #ifdef HAVE_GNUTLS_GNUTLS_H 639 if (remote->tls_session) {
640 void *sock_ptr = gnutls_transport_get_ptr(*remote->tls_session);
642 return GPOINTER_TO_INT(sock_ptr);
650 crm_err(
"Remote connection type undetermined (bug?)");
668 struct pollfd fds = { 0, };
674 sock = get_remote_socket(remote);
689 if (errno == EINTR && (
timeout > 0)) {
690 timeout = timeout_ms - ((time(NULL) - start) * 1000);
697 }
while (rc < 0 && errno == EINTR);
721 size_t read_len =
sizeof(
struct remote_header_v0);
722 struct remote_header_v0 *header = localized_remote_header(remote);
723 bool received =
false;
728 read_len = header->size_total;
734 crm_trace(
"Expanding buffer to %llu bytes",
739 #ifdef HAVE_GNUTLS_GNUTLS_H 740 if (!received && remote->tls_session) {
741 read_rc = gnutls_record_recv(*(remote->tls_session),
744 if (read_rc == GNUTLS_E_INTERRUPTED) {
746 }
else if (read_rc == GNUTLS_E_AGAIN) {
748 }
else if (read_rc < 0) {
749 crm_debug(
"TLS receive failed: %s (%lld)",
750 gnutls_strerror(read_rc), (
long long) read_rc);
768 crm_err(
"Remote connection type undetermined (bug?)");
769 return ESOCKTNOSUPPORT;
777 crm_trace(
"Received %lld more bytes (%llu total)",
781 }
else if ((rc == EINTR) || (rc == EAGAIN)) {
782 crm_trace(
"No data available for non-blocking remote read: %s (%d)",
785 }
else if (read_rc == 0) {
786 crm_debug(
"End of remote data encountered after %llu bytes",
791 crm_debug(
"Error receiving remote data after %llu bytes: %s (%d)",
797 header = localized_remote_header(remote);
800 crm_trace(
"Read partial remote message (%llu of %u bytes)",
804 crm_trace(
"Read full remote message of %llu bytes",
827 time_t start = time(NULL);
828 int remaining_timeout = 0;
830 if (timeout_ms == 0) {
832 }
else if (timeout_ms < 0) {
836 remaining_timeout = timeout_ms;
837 while (remaining_timeout > 0) {
839 crm_trace(
"Waiting for remote data (%d ms of %d ms timeout remaining)",
840 remaining_timeout, timeout_ms);
844 crm_err(
"Timed out (%d ms) while waiting for remote data",
849 crm_debug(
"Wait for remote data aborted (will retry): %s " 856 }
else if (rc == EAGAIN) {
857 crm_trace(
"Waiting for more remote data");
865 if ((rc == ENOTCONN) || (rc == ESOCKTNOSUPPORT)) {
869 remaining_timeout = timeout_ms - ((time(NULL) - start) * 1000);
874 struct tcp_async_cb_data {
879 void (*callback) (
void *userdata,
int rc,
int sock);
884 check_connect_finished(gpointer userdata)
886 struct tcp_async_cb_data *cb_data = userdata;
890 struct timeval ts = { 0, };
892 if (cb_data->start == 0) {
900 FD_SET(cb_data->sock, &rset);
902 rc = select(cb_data->sock + 1, &rset, &wset, NULL, &ts);
906 if ((rc == EINPROGRESS) || (rc == EAGAIN)) {
907 if ((time(NULL) - cb_data->start) < (cb_data->timeout_ms / 1000)) {
913 crm_trace(
"Could not check socket %d for connection success: %s (%d)",
916 }
else if (rc == 0) {
917 if ((time(NULL) - cb_data->start) < (cb_data->timeout_ms / 1000)) {
920 crm_debug(
"Timed out while waiting for socket %d connection success",
926 }
else if (FD_ISSET(cb_data->sock, &rset)
927 || FD_ISSET(cb_data->sock, &wset)) {
931 socklen_t len =
sizeof(error);
933 if (getsockopt(cb_data->sock, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
935 crm_trace(
"Couldn't check socket %d for connection errors: %s (%d)",
937 }
else if (error != 0) {
939 crm_trace(
"Socket %d connected with error: %s (%d)",
946 crm_trace(
"select() succeeded, but socket %d not in resulting " 947 "read/write sets", cb_data->sock);
953 crm_trace(
"Socket %d is connected", cb_data->sock);
955 close(cb_data->sock);
959 if (cb_data->callback) {
960 cb_data->callback(cb_data->userdata, rc, cb_data->sock);
985 connect_socket_retry(
int sock,
const struct sockaddr *addr, socklen_t addrlen,
986 int timeout_ms,
int *timer_id,
void *userdata,
987 void (*callback) (
void *userdata,
int rc,
int sock))
992 struct tcp_async_cb_data *cb_data = NULL;
996 crm_warn(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
1001 rc = connect(sock, addr, addrlen);
1002 if (rc < 0 && (errno != EINPROGRESS) && (errno != EAGAIN)) {
1010 cb_data->userdata = userdata;
1011 cb_data->callback = callback;
1012 cb_data->sock = sock;
1013 cb_data->timeout_ms = timeout_ms;
1023 cb_data->start = time(NULL);
1035 crm_trace(
"Scheduling check in %dms for whether connect to fd %d finished",
1037 timer = g_timeout_add(interval, check_connect_finished, cb_data);
1058 connect_socket_once(
int sock,
const struct sockaddr *addr, socklen_t addrlen)
1060 int rc = connect(sock, addr, addrlen);
1071 crm_warn(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
1097 int *sock_fd,
void *userdata,
1098 void (*callback) (
void *userdata,
int rc,
int sock))
1100 char buffer[INET6_ADDRSTRLEN];
1101 struct addrinfo *res = NULL;
1102 struct addrinfo *rp = NULL;
1103 struct addrinfo hints;
1104 const char *server =
host;
1108 CRM_CHECK((
host != NULL) && (sock_fd != NULL),
return EINVAL);
1111 memset(&hints, 0,
sizeof(
struct addrinfo));
1112 hints.ai_family = AF_UNSPEC;
1113 hints.ai_socktype = SOCK_STREAM;
1114 hints.ai_flags = AI_CANONNAME;
1116 rc = getaddrinfo(server, NULL, &hints, &res);
1120 crm_err(
"Unable to get IP address info for %s: %s",
1125 if (!res || !res->ai_addr) {
1126 crm_err(
"Unable to get IP address info for %s: no result", server);
1132 for (rp = res; rp != NULL; rp = rp->ai_next) {
1133 struct sockaddr *addr = rp->ai_addr;
1139 if (rp->ai_canonname) {
1140 server = res->ai_canonname;
1144 sock = socket(rp->ai_family, SOCK_STREAM, IPPROTO_TCP);
1147 crm_warn(
"Could not create socket for remote connection to %s:%d: " 1154 if (addr->sa_family == AF_INET6) {
1155 ((
struct sockaddr_in6 *)(
void*)addr)->sin6_port = htons(port);
1157 ((
struct sockaddr_in *)(
void*)addr)->sin_port = htons(port);
1162 crm_info(
"Attempting remote connection to %s:%d", buffer, port);
1165 if (connect_socket_retry(sock, rp->ai_addr, rp->ai_addrlen,
timeout,
1166 timer_id, userdata, callback) ==
pcmk_rc_ok) {
1170 }
else if (connect_socket_once(sock, rp->ai_addr,
1204 switch (((
const struct sockaddr *) sa)->sa_family) {
1206 inet_ntop(AF_INET, &(((
const struct sockaddr_in *) sa)->sin_addr),
1207 s, INET6_ADDRSTRLEN);
1212 &(((
const struct sockaddr_in6 *) sa)->sin6_addr),
1213 s, INET6_ADDRSTRLEN);
1217 strcpy(s,
"<invalid>");
1234 struct sockaddr_storage addr;
1235 socklen_t laddr =
sizeof(addr);
1236 char addr_str[INET6_ADDRSTRLEN];
1237 #ifdef TCP_USER_TIMEOUT 1238 long sbd_timeout = 0;
1242 memset(&addr, 0,
sizeof(addr));
1243 *csock = accept(ssock, (
struct sockaddr *)&addr, &laddr);
1246 crm_err(
"Could not accept remote client connection: %s " 1251 crm_info(
"Accepted new remote client connection from %s", addr_str);
1255 crm_err(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
1262 #ifdef TCP_USER_TIMEOUT 1264 if (sbd_timeout > 0) {
1266 long half = sbd_timeout / 2;
1267 unsigned int optval = (half <= UINT_MAX)? half : UINT_MAX;
1269 rc = setsockopt(*csock, SOL_TCP, TCP_USER_TIMEOUT,
1270 &optval,
sizeof(optval));
1273 crm_err(
"Could not set TCP timeout to %d ms on remote connection: " 1293 static int port = 0;
1300 port = strtol(env, NULL, 10);
1301 if (errno || (port < 1) || (port > 65535)) {
1303 " has invalid value '%s', using %d instead",
#define CRM_CHECK(expr, failure_action)
int pcmk__set_nonblocking(int fd)
#define PCMK__ENV_DH_MIN_BITS
uint32_t payload_compressed
int pcmk__scan_min_int(const char *text, int *result, int minimum)
void pcmk__xml_string(const xmlNode *data, uint32_t options, GString *buffer, int depth)
#define PCMK__ENV_REMOTE_PORT
uint32_t payload_uncompressed
#define CRM_LOG_ASSERT(expr)
int crm_default_remote_port(void)
Get the default remote connection TCP port on this host.
const char * pcmk_rc_str(int rc)
Get a user-friendly description of a return code.
const char * pcmk__env_option(const char *option)
Wrappers for and extensions to glib mainloop.
void pcmk__sockaddr2str(const void *sa, char *s)
#define DEFAULT_REMOTE_PORT
#define PCMK_GNUTLS_PRIORITIES
#define PCMK__ENV_TLS_PRIORITIES
#define crm_warn(fmt, args...)
#define crm_debug(fmt, args...)
int pcmk__remote_ready(const pcmk__remote_t *remote, int timeout_ms)
#define crm_trace(fmt, args...)
char * crm_strdup_printf(char const *format,...) G_GNUC_PRINTF(1
Wrappers for and extensions to libxml2.
int pcmk__read_available_remote_data(pcmk__remote_t *remote)
long pcmk__get_sbd_watchdog_timeout(void)
xmlNode * pcmk__xml_parse(const char *input)
struct tcp_async_cb_data __attribute__
#define pcmk__assert(expr)
int pcmk__bzlib2rc(int bz2)
Map a bz2 return code to the most similar Pacemaker return code.
#define REMOTE_MSG_VERSION
int pcmk__gaierror2rc(int gai)
Map a getaddrinfo() return code to the most similar Pacemaker return code.
#define crm_err(fmt, args...)
int pcmk__accept_remote_connection(int ssock, int *csock)
#define crm_log_xml_trace(xml, text)
#define PCMK__ENV_DH_MAX_BITS
int pcmk__connect_remote(const char *host, int port, int timeout, int *timer_id, int *sock_fd, void *userdata, void(*callback)(void *userdata, int rc, int sock))
int pcmk__read_remote_message(pcmk__remote_t *remote, int timeout_ms)
xmlNode * pcmk__remote_message_xml(pcmk__remote_t *remote)
struct pcmk__remote_s * remote
#define pcmk__assert_alloc(nmemb, size)
#define crm_info(fmt, args...)
int pcmk__remote_send_xml(pcmk__remote_t *remote, const xmlNode *msg)
1.8.14