This source file includes following definitions.
- cib_remote_perform_op
- cib_remote_callback_dispatch
- cib_remote_command_dispatch
- cib_tls_close
- cib_remote_connection_destroy
- cib_tls_signon
- cib_remote_signon
- cib_remote_signoff
- cib_remote_free
- cib_remote_register_notification
- cib_remote_set_connection_dnotify
- cib_remote_client_id
- cib_remote_new
- cib__set_output
1
2
3
4
5
6
7
8
9
10 #include <crm_internal.h>
11
12 #include <unistd.h>
13 #include <stdlib.h>
14 #include <stdio.h>
15 #include <stdarg.h>
16 #include <string.h>
17 #include <netdb.h>
18 #include <termios.h>
19 #include <sys/socket.h>
20
21 #include <glib.h>
22
23 #include <crm/crm.h>
24 #include <crm/cib/internal.h>
25 #include <crm/common/ipc_internal.h>
26 #include <crm/common/mainloop.h>
27 #include <crm/common/xml.h>
28 #include <crm/common/remote_internal.h>
29 #include <crm/common/tls_internal.h>
30 #include <crm/common/output_internal.h>
31
32 #include <gnutls/gnutls.h>
33
34
35 #define TLS_HANDSHAKE_TIMEOUT 5
36
37 static pcmk__tls_t *tls = NULL;
38
39 #include <arpa/inet.h>
40
41 typedef struct cib_remote_opaque_s {
42 int port;
43 char *server;
44 char *user;
45 char *passwd;
46 gboolean encrypted;
47 pcmk__remote_t command;
48 pcmk__remote_t callback;
49 pcmk__output_t *out;
50 time_t start_time;
51 int timeout_sec;
52 } cib_remote_opaque_t;
53
54 static int
55 cib_remote_perform_op(cib_t *cib, const char *op, const char *host,
56 const char *section, xmlNode *data,
57 xmlNode **output_data, int call_options,
58 const char *user_name)
59 {
60 int rc;
61 int remaining_time = 0;
62 time_t start_time;
63
64 xmlNode *op_msg = NULL;
65 xmlNode *op_reply = NULL;
66
67 cib_remote_opaque_t *private = cib->variant_opaque;
68
69 if (cib->state == cib_disconnected) {
70 return -ENOTCONN;
71 }
72
73 if (output_data != NULL) {
74 *output_data = NULL;
75 }
76
77 if (op == NULL) {
78 crm_err("No operation specified");
79 return -EINVAL;
80 }
81
82 rc = cib__create_op(cib, op, host, section, data, call_options, user_name,
83 NULL, &op_msg);
84 if (rc != pcmk_ok) {
85 return rc;
86 }
87
88 if (pcmk_is_set(call_options, cib_transaction)) {
89 rc = cib__extend_transaction(cib, op_msg);
90 pcmk__xml_free(op_msg);
91 return rc;
92 }
93
94 crm_trace("Sending %s message to the CIB manager", op);
95 if (!(call_options & cib_sync_call)) {
96 pcmk__remote_send_xml(&private->callback, op_msg);
97 } else {
98 pcmk__remote_send_xml(&private->command, op_msg);
99 }
100 pcmk__xml_free(op_msg);
101
102 if ((call_options & cib_discard_reply)) {
103 crm_trace("Discarding reply");
104 return pcmk_ok;
105
106 } else if (!(call_options & cib_sync_call)) {
107 return cib->call_id;
108 }
109
110 crm_trace("Waiting for a synchronous reply");
111
112 start_time = time(NULL);
113 remaining_time = cib->call_timeout ? cib->call_timeout : 60;
114
115 rc = pcmk_rc_ok;
116 while (remaining_time > 0 && (rc != ENOTCONN)) {
117 int reply_id = -1;
118 int msg_id = cib->call_id;
119
120 rc = pcmk__read_remote_message(&private->command,
121 remaining_time * 1000);
122 op_reply = pcmk__remote_message_xml(&private->command);
123
124 if (!op_reply) {
125 break;
126 }
127
128 crm_element_value_int(op_reply, PCMK__XA_CIB_CALLID, &reply_id);
129
130 if (reply_id == msg_id) {
131 break;
132
133 } else if (reply_id < msg_id) {
134 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
135 crm_log_xml_trace(op_reply, "Old reply");
136
137 } else if ((reply_id - 10000) > msg_id) {
138
139 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
140 crm_log_xml_trace(op_reply, "Old reply");
141 } else {
142 crm_err("Received a __future__ reply:" " %d (wanted %d)", reply_id, msg_id);
143 }
144
145 pcmk__xml_free(op_reply);
146 op_reply = NULL;
147
148
149 remaining_time = time(NULL) - start_time;
150 }
151
152 if (rc == ENOTCONN) {
153 crm_err("Disconnected while waiting for reply.");
154 return -ENOTCONN;
155 } else if (op_reply == NULL) {
156 crm_err("No reply message - empty");
157 return -ENOMSG;
158 }
159
160 crm_trace("Synchronous reply received");
161
162
163 if (crm_element_value_int(op_reply, PCMK__XA_CIB_RC, &rc) != 0) {
164 rc = -EPROTO;
165 }
166
167 if (rc == -pcmk_err_diff_resync) {
168
169 rc = pcmk_ok;
170 }
171
172 if (rc == pcmk_ok || rc == -EPERM) {
173 crm_log_xml_debug(op_reply, "passed");
174
175 } else {
176 crm_err("Call failed: %s", pcmk_strerror(rc));
177 crm_log_xml_warn(op_reply, "failed");
178 }
179
180 if (output_data == NULL) {
181
182
183 } else if (!(call_options & cib_discard_reply)) {
184 xmlNode *wrapper = pcmk__xe_first_child(op_reply, PCMK__XE_CIB_CALLDATA,
185 NULL, NULL);
186 xmlNode *tmp = pcmk__xe_first_child(wrapper, NULL, NULL, NULL);
187
188 if (tmp == NULL) {
189 crm_trace("No output in reply to \"%s\" command %d", op, cib->call_id - 1);
190 } else {
191 *output_data = pcmk__xml_copy(NULL, tmp);
192 }
193 }
194
195 pcmk__xml_free(op_reply);
196
197 return rc;
198 }
199
200 static int
201 cib_remote_callback_dispatch(gpointer user_data)
202 {
203 int rc;
204 cib_t *cib = user_data;
205 cib_remote_opaque_t *private = cib->variant_opaque;
206
207 xmlNode *msg = NULL;
208 const char *type = NULL;
209
210
211
212
213
214 if (private->start_time == 0) {
215 private->start_time = time(NULL);
216 }
217
218 rc = pcmk__read_available_remote_data(&private->callback);
219 switch (rc) {
220 case pcmk_rc_ok:
221
222 break;
223
224 case EAGAIN:
225
226 if (time(NULL) >= private->start_time + private->timeout_sec) {
227 crm_info("Error reading from CIB manager connection: %s",
228 pcmk_rc_str(ETIME));
229 return -1;
230 }
231
232
233 return 0;
234
235 default:
236
237 crm_info("Error reading from CIB manager connection: %s",
238 pcmk_rc_str(rc));
239 return -1;
240 }
241
242 msg = pcmk__remote_message_xml(&private->callback);
243 if (msg == NULL) {
244 private->start_time = 0;
245 return 0;
246 }
247
248 type = crm_element_value(msg, PCMK__XA_T);
249
250 crm_trace("Activating %s callbacks...", type);
251
252 if (pcmk__str_eq(type, PCMK__VALUE_CIB, pcmk__str_none)) {
253 cib_native_callback(cib, msg, 0, 0);
254 } else if (pcmk__str_eq(type, PCMK__VALUE_CIB_NOTIFY, pcmk__str_none)) {
255 g_list_foreach(cib->notify_list, cib_native_notify, msg);
256 } else {
257 crm_err("Unknown message type: %s", type);
258 }
259
260 pcmk__xml_free(msg);
261 private->start_time = 0;
262 return 0;
263 }
264
265 static int
266 cib_remote_command_dispatch(gpointer user_data)
267 {
268 int rc;
269 cib_t *cib = user_data;
270 cib_remote_opaque_t *private = cib->variant_opaque;
271
272
273 if (private->start_time == 0) {
274 private->start_time = time(NULL);
275 }
276
277 rc = pcmk__read_available_remote_data(&private->command);
278 if (rc == EAGAIN) {
279
280 if (time(NULL) >= private->start_time + private->timeout_sec) {
281 crm_info("Error reading from CIB manager connection: %s",
282 pcmk_rc_str(ETIME));
283 return -1;
284 }
285
286
287 return 0;
288 }
289
290 free(private->command.buffer);
291 private->command.buffer = NULL;
292 crm_err("received late reply for remote cib connection, discarding");
293
294 if (rc != pcmk_rc_ok) {
295 crm_info("Error reading from CIB manager connection: %s",
296 pcmk_rc_str(rc));
297 return -1;
298 }
299
300 private->start_time = 0;
301 return 0;
302 }
303
304 static int
305 cib_tls_close(cib_t *cib)
306 {
307 cib_remote_opaque_t *private = cib->variant_opaque;
308
309 if (private->encrypted) {
310 if (private->command.tls_session) {
311 gnutls_bye(private->command.tls_session, GNUTLS_SHUT_RDWR);
312 gnutls_deinit(private->command.tls_session);
313 }
314
315 if (private->callback.tls_session) {
316 gnutls_bye(private->callback.tls_session, GNUTLS_SHUT_RDWR);
317 gnutls_deinit(private->callback.tls_session);
318 }
319
320 private->command.tls_session = NULL;
321 private->callback.tls_session = NULL;
322 pcmk__free_tls(tls);
323 tls = NULL;
324 }
325
326 if (private->command.tcp_socket) {
327 shutdown(private->command.tcp_socket, SHUT_RDWR);
328 close(private->command.tcp_socket);
329 }
330 if (private->callback.tcp_socket) {
331 shutdown(private->callback.tcp_socket, SHUT_RDWR);
332 close(private->callback.tcp_socket);
333 }
334 private->command.tcp_socket = 0;
335 private->callback.tcp_socket = 0;
336
337 free(private->command.buffer);
338 free(private->callback.buffer);
339 private->command.buffer = NULL;
340 private->callback.buffer = NULL;
341
342 return 0;
343 }
344
345 static void
346 cib_remote_connection_destroy(gpointer user_data)
347 {
348 crm_err("Connection destroyed");
349 cib_tls_close(user_data);
350 }
351
352 static int
353 cib_tls_signon(cib_t *cib, pcmk__remote_t *connection, gboolean event_channel)
354 {
355 cib_remote_opaque_t *private = cib->variant_opaque;
356 int rc;
357
358 xmlNode *answer = NULL;
359 xmlNode *login = NULL;
360
361 static struct mainloop_fd_callbacks cib_fd_callbacks = { 0, };
362
363 cib_fd_callbacks.dispatch =
364 event_channel ? cib_remote_callback_dispatch : cib_remote_command_dispatch;
365 cib_fd_callbacks.destroy = cib_remote_connection_destroy;
366
367 connection->tcp_socket = -1;
368 connection->tls_session = NULL;
369 rc = pcmk__connect_remote(private->server, private->port, 0, NULL,
370 &(connection->tcp_socket), NULL, NULL);
371 if (rc != pcmk_rc_ok) {
372 crm_info("Remote connection to %s:%d failed: %s " QB_XS " rc=%d",
373 private->server, private->port, pcmk_rc_str(rc), rc);
374 return -ENOTCONN;
375 }
376
377 if (private->encrypted) {
378 bool use_cert = pcmk__x509_enabled();
379 int tls_rc = GNUTLS_E_SUCCESS;
380
381 rc = pcmk__init_tls(&tls, false, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_ANON);
382 if (rc != pcmk_rc_ok) {
383 return -1;
384 }
385
386
387 connection->tls_session = pcmk__new_tls_session(tls, connection->tcp_socket);
388 if (connection->tls_session == NULL) {
389 cib_tls_close(cib);
390 return -1;
391 }
392
393 rc = pcmk__tls_client_handshake(connection, TLS_HANDSHAKE_TIMEOUT,
394 &tls_rc);
395 if (rc != pcmk_rc_ok) {
396 crm_err("Remote CIB session creation for %s:%d failed: %s",
397 private->server, private->port,
398 (rc == EPROTO)? gnutls_strerror(tls_rc) : pcmk_rc_str(rc));
399 gnutls_deinit(connection->tls_session);
400 connection->tls_session = NULL;
401 cib_tls_close(cib);
402 return -1;
403 }
404 }
405
406
407
408
409
410
411 pcmk__tls_check_cert_expiration(connection->tls_session);
412
413
414 login = pcmk__xe_create(NULL, PCMK__XE_CIB_COMMAND);
415 crm_xml_add(login, PCMK_XA_OP, "authenticate");
416 crm_xml_add(login, PCMK_XA_USER, private->user);
417 crm_xml_add(login, PCMK__XA_PASSWORD, private->passwd);
418 crm_xml_add(login, PCMK__XA_HIDDEN, PCMK__VALUE_PASSWORD);
419
420 pcmk__remote_send_xml(connection, login);
421 pcmk__xml_free(login);
422
423 rc = pcmk_ok;
424 if (pcmk__read_remote_message(connection, -1) == ENOTCONN) {
425 rc = -ENOTCONN;
426 }
427
428 answer = pcmk__remote_message_xml(connection);
429
430 crm_log_xml_trace(answer, "Reply");
431 if (answer == NULL) {
432 rc = -EPROTO;
433
434 } else {
435
436 const char *msg_type = crm_element_value(answer, PCMK__XA_CIB_OP);
437 const char *tmp_ticket = crm_element_value(answer,
438 PCMK__XA_CIB_CLIENTID);
439
440 if (!pcmk__str_eq(msg_type, CRM_OP_REGISTER, pcmk__str_casei)) {
441 crm_err("Invalid registration message: %s", msg_type);
442 rc = -EPROTO;
443
444 } else if (tmp_ticket == NULL) {
445 rc = -EPROTO;
446
447 } else {
448 connection->token = strdup(tmp_ticket);
449 }
450 }
451 pcmk__xml_free(answer);
452 answer = NULL;
453
454 if (rc != 0) {
455 cib_tls_close(cib);
456 return rc;
457 }
458
459 crm_trace("remote client connection established");
460 private->timeout_sec = 60;
461 connection->source = mainloop_add_fd("cib-remote", G_PRIORITY_HIGH,
462 connection->tcp_socket, cib,
463 &cib_fd_callbacks);
464 return rc;
465 }
466
467 static int
468 cib_remote_signon(cib_t *cib, const char *name, enum cib_conn_type type)
469 {
470 int rc = pcmk_ok;
471 cib_remote_opaque_t *private = cib->variant_opaque;
472 xmlNode *hello = NULL;
473
474 if (name == NULL) {
475 name = pcmk__s(crm_system_name, "client");
476 }
477
478 if (private->passwd == NULL) {
479 if (private->out == NULL) {
480
481
482
483 pcmk__text_prompt("Password", false, &(private->passwd));
484 } else {
485 private->out->prompt("Password", false, &(private->passwd));
486 }
487 }
488
489 if (private->server == NULL || private->user == NULL) {
490 rc = -EINVAL;
491 goto done;
492 }
493
494 rc = cib_tls_signon(cib, &(private->command), FALSE);
495 if (rc != pcmk_ok) {
496 goto done;
497 }
498
499 rc = cib_tls_signon(cib, &(private->callback), TRUE);
500 if (rc != pcmk_ok) {
501 goto done;
502 }
503
504 rc = cib__create_op(cib, CRM_OP_REGISTER, NULL, NULL, NULL, cib_none, NULL,
505 name, &hello);
506 if (rc != pcmk_ok) {
507 goto done;
508 }
509
510 rc = pcmk__remote_send_xml(&private->command, hello);
511 rc = pcmk_rc2legacy(rc);
512 pcmk__xml_free(hello);
513
514 done:
515 if (rc == pcmk_ok) {
516 crm_info("Opened connection to %s:%d for %s",
517 private->server, private->port, name);
518 cib->state = cib_connected_command;
519 cib->type = cib_command;
520
521 } else {
522 crm_info("Connection to %s:%d for %s failed: %s\n",
523 private->server, private->port, name, pcmk_strerror(rc));
524 }
525
526 return rc;
527 }
528
529 static int
530 cib_remote_signoff(cib_t *cib)
531 {
532 int rc = pcmk_ok;
533
534 crm_debug("Disconnecting from the CIB manager");
535 cib_tls_close(cib);
536
537 cib->cmds->end_transaction(cib, false, cib_none);
538 cib->state = cib_disconnected;
539 cib->type = cib_no_connection;
540
541 return rc;
542 }
543
544 static int
545 cib_remote_free(cib_t *cib)
546 {
547 int rc = pcmk_ok;
548
549 crm_warn("Freeing CIB");
550 if (cib->state != cib_disconnected) {
551 rc = cib_remote_signoff(cib);
552 if (rc == pcmk_ok) {
553 cib_remote_opaque_t *private = cib->variant_opaque;
554
555 free(private->server);
556 free(private->user);
557 free(private->passwd);
558 free(cib->cmds);
559 free(cib->user);
560 free(private);
561 free(cib);
562 }
563 }
564
565 return rc;
566 }
567
568 static int
569 cib_remote_register_notification(cib_t * cib, const char *callback, int enabled)
570 {
571 xmlNode *notify_msg = pcmk__xe_create(NULL, PCMK__XE_CIB_COMMAND);
572 cib_remote_opaque_t *private = cib->variant_opaque;
573
574 crm_xml_add(notify_msg, PCMK__XA_CIB_OP, PCMK__VALUE_CIB_NOTIFY);
575 crm_xml_add(notify_msg, PCMK__XA_CIB_NOTIFY_TYPE, callback);
576 crm_xml_add_int(notify_msg, PCMK__XA_CIB_NOTIFY_ACTIVATE, enabled);
577 pcmk__remote_send_xml(&private->callback, notify_msg);
578 pcmk__xml_free(notify_msg);
579 return pcmk_ok;
580 }
581
582 static int
583 cib_remote_set_connection_dnotify(cib_t * cib, void (*dnotify) (gpointer user_data))
584 {
585 return -EPROTONOSUPPORT;
586 }
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605 static int
606 cib_remote_client_id(const cib_t *cib, const char **async_id,
607 const char **sync_id)
608 {
609 cib_remote_opaque_t *private = cib->variant_opaque;
610
611 if (async_id != NULL) {
612
613 *async_id = private->callback.token;
614 }
615 if (sync_id != NULL) {
616
617 *sync_id = private->command.token;
618 }
619 return pcmk_ok;
620 }
621
622 cib_t *
623 cib_remote_new(const char *server, const char *user, const char *passwd, int port,
624 gboolean encrypted)
625 {
626 cib_remote_opaque_t *private = NULL;
627 cib_t *cib = cib_new_variant();
628
629 if (cib == NULL) {
630 return NULL;
631 }
632
633 private = calloc(1, sizeof(cib_remote_opaque_t));
634
635 if (private == NULL) {
636 free(cib);
637 return NULL;
638 }
639
640 cib->variant = cib_remote;
641 cib->variant_opaque = private;
642
643 private->server = pcmk__str_copy(server);
644 private->user = pcmk__str_copy(user);
645 private->passwd = pcmk__str_copy(passwd);
646 private->port = port;
647 private->encrypted = encrypted;
648
649
650 cib->delegate_fn = cib_remote_perform_op;
651 cib->cmds->signon = cib_remote_signon;
652 cib->cmds->signoff = cib_remote_signoff;
653 cib->cmds->free = cib_remote_free;
654 cib->cmds->register_notification = cib_remote_register_notification;
655 cib->cmds->set_connection_dnotify = cib_remote_set_connection_dnotify;
656
657 cib->cmds->client_id = cib_remote_client_id;
658
659 return cib;
660 }
661
662 void
663 cib__set_output(cib_t *cib, pcmk__output_t *out)
664 {
665 cib_remote_opaque_t *private;
666
667 if (cib->variant != cib_remote) {
668 return;
669 }
670
671 private = cib->variant_opaque;
672 private->out = out;
673 }
![[first]](../icons/first.png){kind=icon}
![[previous]](../icons/n_left.png){kind=icon}
![[next]](../icons/n_right.png){kind=icon}
![[last]](../icons/last.png){kind=icon}
![[top]](../icons/n_top.png){kind=icon}
![[bottom]](../icons/bottom.png){kind=icon}
![[index]](../icons/index.png){kind=icon}
![[help]](../icons/help.png){kind=icon}
*/
![[next]](../icons/right.png)
![[first]](../icons/n_first.png)
![[top]](../icons/top.png)
![[previous]](../icons/left.png)
![[last]](../icons/n_last.png)
![[bottom]](../icons/n_bottom.png){kind=icon}