This source file includes following definitions.
- cib_remote_inputfd
- cib_remote_set_connection_dnotify
- cib_remote_register_notification
- cib_remote_new
- cib_tls_close
- cib_tls_signon
- cib_remote_connection_destroy
- cib_remote_command_dispatch
- cib_remote_callback_dispatch
- cib_remote_signon
- cib_remote_signoff
- cib_remote_free
- cib_remote_perform_op
- cib__set_output
1
2
3
4
5
6
7
8
9
10 #include <crm_internal.h>
11
12 #include <unistd.h>
13 #include <stdlib.h>
14 #include <stdio.h>
15 #include <stdarg.h>
16 #include <string.h>
17 #include <netdb.h>
18 #include <termios.h>
19 #include <sys/socket.h>
20
21 #include <glib.h>
22
23 #include <crm/crm.h>
24 #include <crm/cib/internal.h>
25 #include <crm/msg_xml.h>
26 #include <crm/common/ipc_internal.h>
27 #include <crm/common/mainloop.h>
28 #include <crm/common/remote_internal.h>
29 #include <crm/common/output_internal.h>
30
31 #ifdef HAVE_GNUTLS_GNUTLS_H
32 # undef KEYFILE
33 # include <gnutls/gnutls.h>
34 gnutls_anon_client_credentials_t anon_cred_c;
35
36 #define TLS_HANDSHAKE_TIMEOUT_MS 5000
37
38 const int kx_prio[] = {
39 GNUTLS_KX_ANON_DH,
40 0
41 };
42
43 static gboolean remote_gnutls_credentials_init = FALSE;
44 #else
45 typedef void gnutls_session_t;
46 #endif
47
48 #include <arpa/inet.h>
49
50 #define DH_BITS 1024
51
52 typedef struct cib_remote_opaque_s {
53 int flags;
54 int socket;
55 int port;
56 char *server;
57 char *user;
58 char *passwd;
59 gboolean encrypted;
60 pcmk__remote_t command;
61 pcmk__remote_t callback;
62 pcmk__output_t *out;
63
64 } cib_remote_opaque_t;
65
66 void cib_remote_connection_destroy(gpointer user_data);
67 int cib_remote_callback_dispatch(gpointer user_data);
68 int cib_remote_command_dispatch(gpointer user_data);
69 int cib_remote_signon(cib_t * cib, const char *name, enum cib_conn_type type);
70 int cib_remote_signoff(cib_t * cib);
71 int cib_remote_free(cib_t * cib);
72
73 int cib_remote_perform_op(cib_t * cib, const char *op, const char *host, const char *section,
74 xmlNode * data, xmlNode ** output_data, int call_options,
75 const char *name);
76
77 static int
78 cib_remote_inputfd(cib_t * cib)
79 {
80 cib_remote_opaque_t *private = cib->variant_opaque;
81
82 return private->callback.tcp_socket;
83 }
84
85 static int
86 cib_remote_set_connection_dnotify(cib_t * cib, void (*dnotify) (gpointer user_data))
87 {
88 return -EPROTONOSUPPORT;
89 }
90
91 static int
92 cib_remote_register_notification(cib_t * cib, const char *callback, int enabled)
93 {
94 xmlNode *notify_msg = create_xml_node(NULL, "cib_command");
95 cib_remote_opaque_t *private = cib->variant_opaque;
96
97 crm_xml_add(notify_msg, F_CIB_OPERATION, T_CIB_NOTIFY);
98 crm_xml_add(notify_msg, F_CIB_NOTIFY_TYPE, callback);
99 crm_xml_add_int(notify_msg, F_CIB_NOTIFY_ACTIVATE, enabled);
100 pcmk__remote_send_xml(&private->callback, notify_msg);
101 free_xml(notify_msg);
102 return pcmk_ok;
103 }
104
105 cib_t *
106 cib_remote_new(const char *server, const char *user, const char *passwd, int port,
107 gboolean encrypted)
108 {
109 cib_remote_opaque_t *private = NULL;
110 cib_t *cib = cib_new_variant();
111
112 if (cib == NULL) {
113 return NULL;
114 }
115
116 private = calloc(1, sizeof(cib_remote_opaque_t));
117
118 if (private == NULL) {
119 free(cib);
120 return NULL;
121 }
122
123 cib->variant = cib_remote;
124 cib->variant_opaque = private;
125
126 if (server) {
127 private->server = strdup(server);
128 }
129
130 if (user) {
131 private->user = strdup(user);
132 }
133
134 if (passwd) {
135 private->passwd = strdup(passwd);
136 }
137
138 private->port = port;
139 private->encrypted = encrypted;
140
141
142 cib->delegate_fn = cib_remote_perform_op;
143 cib->cmds->signon = cib_remote_signon;
144 cib->cmds->signoff = cib_remote_signoff;
145 cib->cmds->free = cib_remote_free;
146 cib->cmds->inputfd = cib_remote_inputfd;
147
148 cib->cmds->register_notification = cib_remote_register_notification;
149 cib->cmds->set_connection_dnotify = cib_remote_set_connection_dnotify;
150
151 return cib;
152 }
153
154 static int
155 cib_tls_close(cib_t * cib)
156 {
157 cib_remote_opaque_t *private = cib->variant_opaque;
158
159 #ifdef HAVE_GNUTLS_GNUTLS_H
160 if (private->encrypted) {
161 if (private->command.tls_session) {
162 gnutls_bye(*(private->command.tls_session), GNUTLS_SHUT_RDWR);
163 gnutls_deinit(*(private->command.tls_session));
164 gnutls_free(private->command.tls_session);
165 }
166
167 if (private->callback.tls_session) {
168 gnutls_bye(*(private->callback.tls_session), GNUTLS_SHUT_RDWR);
169 gnutls_deinit(*(private->callback.tls_session));
170 gnutls_free(private->callback.tls_session);
171 }
172 private->command.tls_session = NULL;
173 private->callback.tls_session = NULL;
174 if (remote_gnutls_credentials_init) {
175 gnutls_anon_free_client_credentials(anon_cred_c);
176 gnutls_global_deinit();
177 remote_gnutls_credentials_init = FALSE;
178 }
179 }
180 #endif
181
182 if (private->command.tcp_socket) {
183 shutdown(private->command.tcp_socket, SHUT_RDWR);
184 close(private->command.tcp_socket);
185 }
186 if (private->callback.tcp_socket) {
187 shutdown(private->callback.tcp_socket, SHUT_RDWR);
188 close(private->callback.tcp_socket);
189 }
190 private->command.tcp_socket = 0;
191 private->callback.tcp_socket = 0;
192
193 free(private->command.buffer);
194 free(private->callback.buffer);
195 private->command.buffer = NULL;
196 private->callback.buffer = NULL;
197
198 return 0;
199 }
200
201 static int
202 cib_tls_signon(cib_t *cib, pcmk__remote_t *connection, gboolean event_channel)
203 {
204 cib_remote_opaque_t *private = cib->variant_opaque;
205 int rc;
206
207 xmlNode *answer = NULL;
208 xmlNode *login = NULL;
209
210 static struct mainloop_fd_callbacks cib_fd_callbacks = { 0, };
211
212 cib_fd_callbacks.dispatch =
213 event_channel ? cib_remote_callback_dispatch : cib_remote_command_dispatch;
214 cib_fd_callbacks.destroy = cib_remote_connection_destroy;
215
216 connection->tcp_socket = -1;
217 #ifdef HAVE_GNUTLS_GNUTLS_H
218 connection->tls_session = NULL;
219 #endif
220 rc = pcmk__connect_remote(private->server, private->port, 0, NULL,
221 &(connection->tcp_socket), NULL, NULL);
222 if (rc != pcmk_rc_ok) {
223 crm_info("Remote connection to %s:%d failed: %s " CRM_XS " rc=%d",
224 private->server, private->port, pcmk_rc_str(rc), rc);
225 return -ENOTCONN;
226 }
227
228 if (private->encrypted) {
229
230 #ifdef HAVE_GNUTLS_GNUTLS_H
231 if (remote_gnutls_credentials_init == FALSE) {
232 crm_gnutls_global_init();
233 gnutls_anon_allocate_client_credentials(&anon_cred_c);
234 remote_gnutls_credentials_init = TRUE;
235 }
236
237
238 connection->tls_session = pcmk__new_tls_session(connection->tcp_socket,
239 GNUTLS_CLIENT,
240 GNUTLS_CRD_ANON,
241 anon_cred_c);
242 if (connection->tls_session == NULL) {
243 cib_tls_close(cib);
244 return -1;
245 }
246
247 if (pcmk__tls_client_handshake(connection, TLS_HANDSHAKE_TIMEOUT_MS)
248 != pcmk_rc_ok) {
249 crm_err("Session creation for %s:%d failed", private->server, private->port);
250
251 gnutls_deinit(*connection->tls_session);
252 gnutls_free(connection->tls_session);
253 connection->tls_session = NULL;
254 cib_tls_close(cib);
255 return -1;
256 }
257 #else
258 return -EPROTONOSUPPORT;
259 #endif
260 }
261
262
263 login = create_xml_node(NULL, "cib_command");
264 crm_xml_add(login, "op", "authenticate");
265 crm_xml_add(login, "user", private->user);
266 crm_xml_add(login, "password", private->passwd);
267 crm_xml_add(login, "hidden", "password");
268
269 pcmk__remote_send_xml(connection, login);
270 free_xml(login);
271
272 rc = pcmk_ok;
273 if (pcmk__read_remote_message(connection, -1) == ENOTCONN) {
274 rc = -ENOTCONN;
275 }
276
277 answer = pcmk__remote_message_xml(connection);
278
279 crm_log_xml_trace(answer, "Reply");
280 if (answer == NULL) {
281 rc = -EPROTO;
282
283 } else {
284
285 const char *msg_type = crm_element_value(answer, F_CIB_OPERATION);
286 const char *tmp_ticket = crm_element_value(answer, F_CIB_CLIENTID);
287
288 if (!pcmk__str_eq(msg_type, CRM_OP_REGISTER, pcmk__str_casei)) {
289 crm_err("Invalid registration message: %s", msg_type);
290 rc = -EPROTO;
291
292 } else if (tmp_ticket == NULL) {
293 rc = -EPROTO;
294
295 } else {
296 connection->token = strdup(tmp_ticket);
297 }
298 }
299 free_xml(answer);
300 answer = NULL;
301
302 if (rc != 0) {
303 cib_tls_close(cib);
304 return rc;
305 }
306
307 crm_trace("remote client connection established");
308 connection->source = mainloop_add_fd("cib-remote", G_PRIORITY_HIGH,
309 connection->tcp_socket, cib,
310 &cib_fd_callbacks);
311 return rc;
312 }
313
314 void
315 cib_remote_connection_destroy(gpointer user_data)
316 {
317 crm_err("Connection destroyed");
318 #ifdef HAVE_GNUTLS_GNUTLS_H
319 cib_tls_close(user_data);
320 #endif
321 return;
322 }
323
324 int
325 cib_remote_command_dispatch(gpointer user_data)
326 {
327 int rc;
328 cib_t *cib = user_data;
329 cib_remote_opaque_t *private = cib->variant_opaque;
330
331 rc = pcmk__read_remote_message(&private->command, -1);
332
333 free(private->command.buffer);
334 private->command.buffer = NULL;
335 crm_err("received late reply for remote cib connection, discarding");
336
337 if (rc == ENOTCONN) {
338 return -1;
339 }
340 return 0;
341 }
342
343 int
344 cib_remote_callback_dispatch(gpointer user_data)
345 {
346 int rc;
347 cib_t *cib = user_data;
348 cib_remote_opaque_t *private = cib->variant_opaque;
349
350 xmlNode *msg = NULL;
351
352 crm_info("Message on callback channel");
353
354 rc = pcmk__read_remote_message(&private->callback, -1);
355
356 msg = pcmk__remote_message_xml(&private->callback);
357 while (msg) {
358 const char *type = crm_element_value(msg, F_TYPE);
359
360 crm_trace("Activating %s callbacks...", type);
361
362 if (pcmk__str_eq(type, T_CIB, pcmk__str_casei)) {
363 cib_native_callback(cib, msg, 0, 0);
364
365 } else if (pcmk__str_eq(type, T_CIB_NOTIFY, pcmk__str_casei)) {
366 g_list_foreach(cib->notify_list, cib_native_notify, msg);
367
368 } else {
369 crm_err("Unknown message type: %s", type);
370 }
371
372 free_xml(msg);
373 msg = pcmk__remote_message_xml(&private->callback);
374 }
375
376 if (rc == ENOTCONN) {
377 return -1;
378 }
379
380 return 0;
381 }
382
383 int
384 cib_remote_signon(cib_t * cib, const char *name, enum cib_conn_type type)
385 {
386 int rc = pcmk_ok;
387 cib_remote_opaque_t *private = cib->variant_opaque;
388
389 if (private->passwd == NULL) {
390 if (private->out == NULL) {
391
392
393
394 pcmk__text_prompt("Password", false, &(private->passwd));
395 } else {
396 private->out->prompt("Password", false, &(private->passwd));
397 }
398 }
399
400 if (private->server == NULL || private->user == NULL) {
401 rc = -EINVAL;
402 }
403
404 if (rc == pcmk_ok) {
405 rc = cib_tls_signon(cib, &(private->command), FALSE);
406 }
407
408 if (rc == pcmk_ok) {
409 rc = cib_tls_signon(cib, &(private->callback), TRUE);
410 }
411
412 if (rc == pcmk_ok) {
413 xmlNode *hello =
414 cib_create_op(0, private->callback.token, CRM_OP_REGISTER, NULL, NULL, NULL, 0, NULL);
415 crm_xml_add(hello, F_CIB_CLIENTNAME, name);
416 pcmk__remote_send_xml(&private->command, hello);
417 free_xml(hello);
418 }
419
420 if (rc == pcmk_ok) {
421 crm_info("Opened connection to %s:%d for %s",
422 private->server, private->port, name);
423 cib->state = cib_connected_command;
424 cib->type = cib_command;
425
426 } else {
427 crm_info("Connection to %s:%d for %s failed: %s\n",
428 private->server, private->port, name, pcmk_strerror(rc));
429 }
430
431 return rc;
432 }
433
434 int
435 cib_remote_signoff(cib_t * cib)
436 {
437 int rc = pcmk_ok;
438
439
440
441 crm_debug("Disconnecting from the CIB manager");
442 #ifdef HAVE_GNUTLS_GNUTLS_H
443 cib_tls_close(cib);
444 #endif
445
446 cib->state = cib_disconnected;
447 cib->type = cib_no_connection;
448
449 return rc;
450 }
451
452 int
453 cib_remote_free(cib_t * cib)
454 {
455 int rc = pcmk_ok;
456
457 crm_warn("Freeing CIB");
458 if (cib->state != cib_disconnected) {
459 rc = cib_remote_signoff(cib);
460 if (rc == pcmk_ok) {
461 cib_remote_opaque_t *private = cib->variant_opaque;
462
463 free(private->server);
464 free(private->user);
465 free(private->passwd);
466 free(cib->cmds);
467 free(private);
468 free(cib);
469 }
470 }
471
472 return rc;
473 }
474
475 int
476 cib_remote_perform_op(cib_t * cib, const char *op, const char *host, const char *section,
477 xmlNode * data, xmlNode ** output_data, int call_options, const char *name)
478 {
479 int rc;
480 int remaining_time = 0;
481 time_t start_time;
482
483 xmlNode *op_msg = NULL;
484 xmlNode *op_reply = NULL;
485
486 cib_remote_opaque_t *private = cib->variant_opaque;
487
488 if (cib->state == cib_disconnected) {
489 return -ENOTCONN;
490 }
491
492 if (output_data != NULL) {
493 *output_data = NULL;
494 }
495
496 if (op == NULL) {
497 crm_err("No operation specified");
498 return -EINVAL;
499 }
500
501 cib->call_id++;
502 if (cib->call_id < 1) {
503 cib->call_id = 1;
504 }
505
506 op_msg =
507 cib_create_op(cib->call_id, private->callback.token, op, host, section, data, call_options,
508 NULL);
509 if (op_msg == NULL) {
510 return -EPROTO;
511 }
512
513 crm_trace("Sending %s message to the CIB manager", op);
514 if (!(call_options & cib_sync_call)) {
515 pcmk__remote_send_xml(&private->callback, op_msg);
516 } else {
517 pcmk__remote_send_xml(&private->command, op_msg);
518 }
519 free_xml(op_msg);
520
521 if ((call_options & cib_discard_reply)) {
522 crm_trace("Discarding reply");
523 return pcmk_ok;
524
525 } else if (!(call_options & cib_sync_call)) {
526 return cib->call_id;
527 }
528
529 crm_trace("Waiting for a synchronous reply");
530
531 start_time = time(NULL);
532 remaining_time = cib->call_timeout ? cib->call_timeout : 60;
533
534 rc = pcmk_rc_ok;
535 while (remaining_time > 0 && (rc != ENOTCONN)) {
536 int reply_id = -1;
537 int msg_id = cib->call_id;
538
539 rc = pcmk__read_remote_message(&private->command,
540 remaining_time * 1000);
541 op_reply = pcmk__remote_message_xml(&private->command);
542
543 if (!op_reply) {
544 break;
545 }
546
547 crm_element_value_int(op_reply, F_CIB_CALLID, &reply_id);
548
549 if (reply_id == msg_id) {
550 break;
551
552 } else if (reply_id < msg_id) {
553 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
554 crm_log_xml_trace(op_reply, "Old reply");
555
556 } else if ((reply_id - 10000) > msg_id) {
557
558 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
559 crm_log_xml_trace(op_reply, "Old reply");
560 } else {
561 crm_err("Received a __future__ reply:" " %d (wanted %d)", reply_id, msg_id);
562 }
563
564 free_xml(op_reply);
565 op_reply = NULL;
566
567
568 remaining_time = time(NULL) - start_time;
569 }
570
571
572
573
574
575
576
577 if (rc == ENOTCONN) {
578 crm_err("Disconnected while waiting for reply.");
579 return -ENOTCONN;
580 } else if (op_reply == NULL) {
581 crm_err("No reply message - empty");
582 return -ENOMSG;
583 }
584
585 crm_trace("Synchronous reply received");
586
587
588 if (crm_element_value_int(op_reply, F_CIB_RC, &rc) != 0) {
589 rc = -EPROTO;
590 }
591
592 if (rc == -pcmk_err_diff_resync) {
593
594 rc = pcmk_ok;
595 }
596
597 if (rc == pcmk_ok || rc == -EPERM) {
598 crm_log_xml_debug(op_reply, "passed");
599
600 } else {
601
602 crm_err("Call failed: %s", pcmk_strerror(rc));
603 crm_log_xml_warn(op_reply, "failed");
604 }
605
606 if (output_data == NULL) {
607
608
609 } else if (!(call_options & cib_discard_reply)) {
610 xmlNode *tmp = get_message_xml(op_reply, F_CIB_CALLDATA);
611
612 if (tmp == NULL) {
613 crm_trace("No output in reply to \"%s\" command %d", op, cib->call_id - 1);
614 } else {
615 *output_data = copy_xml(tmp);
616 }
617 }
618
619 free_xml(op_reply);
620
621 return rc;
622 }
623
624 void
625 cib__set_output(cib_t *cib, pcmk__output_t *out)
626 {
627 cib_remote_opaque_t *private;
628
629 if (cib->variant != cib_remote) {
630 return;
631 }
632
633 private = cib->variant_opaque;
634 private->out = out;
635 }
![[first]](../icons/first.png){kind=icon}
![[previous]](../icons/n_left.png){kind=icon}
![[next]](../icons/n_right.png){kind=icon}
![[last]](../icons/last.png){kind=icon}
![[top]](../icons/n_top.png){kind=icon}
![[bottom]](../icons/bottom.png){kind=icon}
![[index]](../icons/index.png){kind=icon}
![[help]](../icons/help.png){kind=icon}
*/
![[next]](../icons/right.png)
![[first]](../icons/n_first.png)
![[top]](../icons/top.png)
![[previous]](../icons/left.png)
![[last]](../icons/n_last.png)
![[bottom]](../icons/n_bottom.png){kind=icon}