This source file includes following definitions.
- cib_remote_perform_op
- cib_remote_callback_dispatch
- cib_remote_command_dispatch
- cib_tls_close
- cib_remote_connection_destroy
- cib_tls_signon
- cib_remote_signon
- cib_remote_signoff
- cib_remote_free
- cib_remote_register_notification
- cib_remote_set_connection_dnotify
- cib_remote_client_id
- cib_remote_new
- cib__set_output
1
2
3
4
5
6
7
8
9
10 #include <crm_internal.h>
11
12 #include <unistd.h>
13 #include <stdlib.h>
14 #include <stdio.h>
15 #include <stdarg.h>
16 #include <string.h>
17 #include <netdb.h>
18 #include <termios.h>
19 #include <sys/socket.h>
20
21 #include <glib.h>
22
23 #include <crm/crm.h>
24 #include <crm/cib/internal.h>
25 #include <crm/common/ipc_internal.h>
26 #include <crm/common/mainloop.h>
27 #include <crm/common/xml.h>
28 #include <crm/common/remote_internal.h>
29 #include <crm/common/tls_internal.h>
30 #include <crm/common/output_internal.h>
31
32 #include <gnutls/gnutls.h>
33
34
35 #define TLS_HANDSHAKE_TIMEOUT 5
36
37 static pcmk__tls_t *tls = NULL;
38
39 #include <arpa/inet.h>
40
41 typedef struct cib_remote_opaque_s {
42 int port;
43 char *server;
44 char *user;
45 char *passwd;
46 gboolean encrypted;
47 pcmk__remote_t command;
48 pcmk__remote_t callback;
49 pcmk__output_t *out;
50 time_t start_time;
51 int timeout_sec;
52 } cib_remote_opaque_t;
53
54 static int
55 cib_remote_perform_op(cib_t *cib, const char *op, const char *host,
56 const char *section, xmlNode *data,
57 xmlNode **output_data, int call_options,
58 const char *user_name)
59 {
60 int rc;
61 int remaining_time = 0;
62 time_t start_time;
63
64 xmlNode *op_msg = NULL;
65 xmlNode *op_reply = NULL;
66
67 cib_remote_opaque_t *private = cib->variant_opaque;
68
69 if (cib->state == cib_disconnected) {
70 return -ENOTCONN;
71 }
72
73 if (output_data != NULL) {
74 *output_data = NULL;
75 }
76
77 if (op == NULL) {
78 crm_err("No operation specified");
79 return -EINVAL;
80 }
81
82 rc = cib__create_op(cib, op, host, section, data, call_options, user_name,
83 NULL, &op_msg);
84 if (rc != pcmk_ok) {
85 return rc;
86 }
87
88 if (pcmk_is_set(call_options, cib_transaction)) {
89 rc = cib__extend_transaction(cib, op_msg);
90 pcmk__xml_free(op_msg);
91 return rc;
92 }
93
94 crm_trace("Sending %s message to the CIB manager", op);
95 if (!(call_options & cib_sync_call)) {
96 pcmk__remote_send_xml(&private->callback, op_msg);
97 } else {
98 pcmk__remote_send_xml(&private->command, op_msg);
99 }
100 pcmk__xml_free(op_msg);
101
102 if ((call_options & cib_discard_reply)) {
103 crm_trace("Discarding reply");
104 return pcmk_ok;
105
106 } else if (!(call_options & cib_sync_call)) {
107 return cib->call_id;
108 }
109
110 crm_trace("Waiting for a synchronous reply");
111
112 start_time = time(NULL);
113 remaining_time = cib->call_timeout ? cib->call_timeout : 60;
114
115 rc = pcmk_rc_ok;
116 while (remaining_time > 0 && (rc != ENOTCONN)) {
117 int reply_id = -1;
118 int msg_id = cib->call_id;
119
120 rc = pcmk__read_remote_message(&private->command,
121 remaining_time * 1000);
122 op_reply = pcmk__remote_message_xml(&private->command);
123
124 if (!op_reply) {
125 break;
126 }
127
128 crm_element_value_int(op_reply, PCMK__XA_CIB_CALLID, &reply_id);
129
130 if (reply_id == msg_id) {
131 break;
132
133 } else if (reply_id < msg_id) {
134 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
135 crm_log_xml_trace(op_reply, "Old reply");
136
137 } else if ((reply_id - 10000) > msg_id) {
138
139 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
140 crm_log_xml_trace(op_reply, "Old reply");
141 } else {
142 crm_err("Received a __future__ reply:" " %d (wanted %d)", reply_id, msg_id);
143 }
144
145 pcmk__xml_free(op_reply);
146 op_reply = NULL;
147
148
149 remaining_time = time(NULL) - start_time;
150 }
151
152 if (rc == ENOTCONN) {
153 crm_err("Disconnected while waiting for reply.");
154 return -ENOTCONN;
155 } else if (op_reply == NULL) {
156 crm_err("No reply message - empty");
157 return -ENOMSG;
158 }
159
160 crm_trace("Synchronous reply received");
161
162
163 if (crm_element_value_int(op_reply, PCMK__XA_CIB_RC, &rc) != 0) {
164 rc = -EPROTO;
165 }
166
167 if (rc == -pcmk_err_diff_resync) {
168
169 rc = pcmk_ok;
170 }
171
172 if (rc == pcmk_ok || rc == -EPERM) {
173 crm_log_xml_debug(op_reply, "passed");
174
175 } else {
176 crm_err("Call failed: %s", pcmk_strerror(rc));
177 crm_log_xml_warn(op_reply, "failed");
178 }
179
180 if (output_data == NULL) {
181
182
183 } else if (!(call_options & cib_discard_reply)) {
184 xmlNode *wrapper = pcmk__xe_first_child(op_reply, PCMK__XE_CIB_CALLDATA,
185 NULL, NULL);
186 xmlNode *tmp = pcmk__xe_first_child(wrapper, NULL, NULL, NULL);
187
188 if (tmp == NULL) {
189 crm_trace("No output in reply to \"%s\" command %d", op, cib->call_id - 1);
190 } else {
191 *output_data = pcmk__xml_copy(NULL, tmp);
192 }
193 }
194
195 pcmk__xml_free(op_reply);
196
197 return rc;
198 }
199
200 static int
201 cib_remote_callback_dispatch(gpointer user_data)
202 {
203 int rc;
204 cib_t *cib = user_data;
205 cib_remote_opaque_t *private = cib->variant_opaque;
206
207 xmlNode *msg = NULL;
208 const char *type = NULL;
209
210
211
212
213
214 if (private->start_time == 0) {
215 private->start_time = time(NULL);
216 }
217
218 rc = pcmk__read_available_remote_data(&private->callback);
219 switch (rc) {
220 case pcmk_rc_ok:
221
222 break;
223
224 case EAGAIN:
225
226 if (time(NULL) >= private->start_time + private->timeout_sec) {
227 crm_info("Error reading from CIB manager connection: %s",
228 pcmk_rc_str(ETIME));
229 return -1;
230 }
231
232
233 return 0;
234
235 default:
236
237 crm_info("Error reading from CIB manager connection: %s",
238 pcmk_rc_str(rc));
239 return -1;
240 }
241
242
243 msg = pcmk__remote_message_xml(&private->callback);
244 if (msg == NULL) {
245 private->start_time = 0;
246 return 0;
247 }
248
249 type = crm_element_value(msg, PCMK__XA_T);
250
251 crm_trace("Activating %s callbacks...", type);
252
253 if (pcmk__str_eq(type, PCMK__VALUE_CIB, pcmk__str_none)) {
254 cib_native_callback(cib, msg, 0, 0);
255 } else if (pcmk__str_eq(type, PCMK__VALUE_CIB_NOTIFY, pcmk__str_none)) {
256 g_list_foreach(cib->notify_list, cib_native_notify, msg);
257 } else {
258 crm_err("Unknown message type: %s", type);
259 }
260
261 pcmk__xml_free(msg);
262 private->start_time = 0;
263 return 0;
264 }
265
266 static int
267 cib_remote_command_dispatch(gpointer user_data)
268 {
269 int rc;
270 cib_t *cib = user_data;
271 cib_remote_opaque_t *private = cib->variant_opaque;
272
273
274 if (private->start_time == 0) {
275 private->start_time = time(NULL);
276 }
277
278 rc = pcmk__read_available_remote_data(&private->command);
279 if (rc == EAGAIN) {
280
281 if (time(NULL) >= private->start_time + private->timeout_sec) {
282 crm_info("Error reading from CIB manager connection: %s",
283 pcmk_rc_str(ETIME));
284 return -1;
285 }
286
287
288 return 0;
289 }
290
291 free(private->command.buffer);
292 private->command.buffer = NULL;
293 crm_err("received late reply for remote cib connection, discarding");
294
295 if (rc != pcmk_rc_ok) {
296 crm_info("Error reading from CIB manager connection: %s",
297 pcmk_rc_str(rc));
298 return -1;
299 }
300
301 private->start_time = 0;
302 return 0;
303 }
304
305 static int
306 cib_tls_close(cib_t *cib)
307 {
308 cib_remote_opaque_t *private = cib->variant_opaque;
309
310 if (private->encrypted) {
311 if (private->command.tls_session) {
312 gnutls_bye(private->command.tls_session, GNUTLS_SHUT_RDWR);
313 gnutls_deinit(private->command.tls_session);
314 }
315
316 if (private->callback.tls_session) {
317 gnutls_bye(private->callback.tls_session, GNUTLS_SHUT_RDWR);
318 gnutls_deinit(private->callback.tls_session);
319 }
320
321 private->command.tls_session = NULL;
322 private->callback.tls_session = NULL;
323 pcmk__free_tls(tls);
324 tls = NULL;
325 }
326
327 if (private->command.tcp_socket >= 0) {
328 shutdown(private->command.tcp_socket, SHUT_RDWR);
329 close(private->command.tcp_socket);
330 }
331 if (private->callback.tcp_socket >= 0) {
332 shutdown(private->callback.tcp_socket, SHUT_RDWR);
333 close(private->callback.tcp_socket);
334 }
335 private->command.tcp_socket = -1;
336 private->callback.tcp_socket = -1;
337
338 free(private->command.buffer);
339 free(private->callback.buffer);
340 private->command.buffer = NULL;
341 private->callback.buffer = NULL;
342
343 return 0;
344 }
345
346 static void
347 cib_remote_connection_destroy(gpointer user_data)
348 {
349 crm_err("Connection destroyed");
350 cib_tls_close(user_data);
351 }
352
353 static int
354 cib_tls_signon(cib_t *cib, pcmk__remote_t *connection, gboolean event_channel)
355 {
356 cib_remote_opaque_t *private = cib->variant_opaque;
357 int rc;
358
359 xmlNode *answer = NULL;
360 xmlNode *login = NULL;
361
362 static struct mainloop_fd_callbacks cib_fd_callbacks = { 0, };
363
364 cib_fd_callbacks.dispatch =
365 event_channel ? cib_remote_callback_dispatch : cib_remote_command_dispatch;
366 cib_fd_callbacks.destroy = cib_remote_connection_destroy;
367
368 connection->tcp_socket = -1;
369 connection->tls_session = NULL;
370 rc = pcmk__connect_remote(private->server, private->port, 0, NULL,
371 &(connection->tcp_socket), NULL, NULL);
372 if (rc != pcmk_rc_ok) {
373 crm_info("Remote connection to %s:%d failed: %s " QB_XS " rc=%d",
374 private->server, private->port, pcmk_rc_str(rc), rc);
375 return -ENOTCONN;
376 }
377
378 if (private->encrypted) {
379 bool use_cert = pcmk__x509_enabled();
380 int tls_rc = GNUTLS_E_SUCCESS;
381
382 rc = pcmk__init_tls(&tls, false, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_ANON);
383 if (rc != pcmk_rc_ok) {
384 return -1;
385 }
386
387
388 connection->tls_session = pcmk__new_tls_session(tls, connection->tcp_socket);
389 if (connection->tls_session == NULL) {
390 cib_tls_close(cib);
391 return -1;
392 }
393
394 rc = pcmk__tls_client_handshake(connection, TLS_HANDSHAKE_TIMEOUT,
395 &tls_rc);
396 if (rc != pcmk_rc_ok) {
397 crm_err("Remote CIB session creation for %s:%d failed: %s",
398 private->server, private->port,
399 (rc == EPROTO)? gnutls_strerror(tls_rc) : pcmk_rc_str(rc));
400 gnutls_deinit(connection->tls_session);
401 connection->tls_session = NULL;
402 cib_tls_close(cib);
403 return -1;
404 }
405 }
406
407
408
409
410
411
412 pcmk__tls_check_cert_expiration(connection->tls_session);
413
414
415 login = pcmk__xe_create(NULL, PCMK__XE_CIB_COMMAND);
416 crm_xml_add(login, PCMK_XA_OP, "authenticate");
417 crm_xml_add(login, PCMK_XA_USER, private->user);
418 crm_xml_add(login, PCMK__XA_PASSWORD, private->passwd);
419 crm_xml_add(login, PCMK__XA_HIDDEN, PCMK__VALUE_PASSWORD);
420
421 pcmk__remote_send_xml(connection, login);
422 pcmk__xml_free(login);
423
424 rc = pcmk_ok;
425 if (pcmk__read_remote_message(connection, -1) == ENOTCONN) {
426 rc = -ENOTCONN;
427 }
428
429 answer = pcmk__remote_message_xml(connection);
430
431 crm_log_xml_trace(answer, "Reply");
432 if (answer == NULL) {
433 rc = -EPROTO;
434
435 } else {
436
437 const char *msg_type = crm_element_value(answer, PCMK__XA_CIB_OP);
438 const char *tmp_ticket = crm_element_value(answer,
439 PCMK__XA_CIB_CLIENTID);
440
441 if (!pcmk__str_eq(msg_type, CRM_OP_REGISTER, pcmk__str_casei)) {
442 crm_err("Invalid registration message: %s", msg_type);
443 rc = -EPROTO;
444
445 } else if (tmp_ticket == NULL) {
446 rc = -EPROTO;
447
448 } else {
449 connection->token = strdup(tmp_ticket);
450 }
451 }
452 pcmk__xml_free(answer);
453 answer = NULL;
454
455 if (rc != 0) {
456 cib_tls_close(cib);
457 return rc;
458 }
459
460 crm_trace("remote client connection established");
461 private->timeout_sec = 60;
462 connection->source = mainloop_add_fd("cib-remote", G_PRIORITY_HIGH,
463 connection->tcp_socket, cib,
464 &cib_fd_callbacks);
465 return rc;
466 }
467
468 static int
469 cib_remote_signon(cib_t *cib, const char *name, enum cib_conn_type type)
470 {
471 int rc = pcmk_ok;
472 cib_remote_opaque_t *private = cib->variant_opaque;
473
474 if (name == NULL) {
475 name = pcmk__s(crm_system_name, "client");
476 }
477
478 if (private->passwd == NULL) {
479 if (private->out == NULL) {
480
481
482
483 pcmk__text_prompt("Password", false, &(private->passwd));
484 } else {
485 private->out->prompt("Password", false, &(private->passwd));
486 }
487 }
488
489 if (private->server == NULL || private->user == NULL) {
490 rc = -EINVAL;
491 goto done;
492 }
493
494 rc = cib_tls_signon(cib, &(private->command), FALSE);
495 if (rc != pcmk_ok) {
496 goto done;
497 }
498
499 rc = cib_tls_signon(cib, &(private->callback), TRUE);
500
501 done:
502 if (rc == pcmk_ok) {
503 crm_info("Opened connection to %s:%d for %s",
504 private->server, private->port, name);
505 cib->state = cib_connected_command;
506 cib->type = cib_command;
507
508 } else {
509 crm_info("Connection to %s:%d for %s failed: %s\n",
510 private->server, private->port, name, pcmk_strerror(rc));
511 }
512
513 return rc;
514 }
515
516 static int
517 cib_remote_signoff(cib_t *cib)
518 {
519 int rc = pcmk_ok;
520
521 crm_debug("Disconnecting from the CIB manager");
522 cib_tls_close(cib);
523
524 cib->cmds->end_transaction(cib, false, cib_none);
525 cib->state = cib_disconnected;
526 cib->type = cib_no_connection;
527
528 return rc;
529 }
530
531 static int
532 cib_remote_free(cib_t *cib)
533 {
534 int rc = pcmk_ok;
535
536 crm_warn("Freeing CIB");
537 if (cib->state != cib_disconnected) {
538 rc = cib_remote_signoff(cib);
539 if (rc == pcmk_ok) {
540 cib_remote_opaque_t *private = cib->variant_opaque;
541
542 free(private->server);
543 free(private->user);
544 free(private->passwd);
545 free(cib->cmds);
546 free(cib->user);
547 free(private);
548 free(cib);
549 }
550 }
551
552 return rc;
553 }
554
555 static int
556 cib_remote_register_notification(cib_t * cib, const char *callback, int enabled)
557 {
558 xmlNode *notify_msg = pcmk__xe_create(NULL, PCMK__XE_CIB_COMMAND);
559 cib_remote_opaque_t *private = cib->variant_opaque;
560
561 crm_xml_add(notify_msg, PCMK__XA_CIB_OP, PCMK__VALUE_CIB_NOTIFY);
562 crm_xml_add(notify_msg, PCMK__XA_CIB_NOTIFY_TYPE, callback);
563 crm_xml_add_int(notify_msg, PCMK__XA_CIB_NOTIFY_ACTIVATE, enabled);
564 pcmk__remote_send_xml(&private->callback, notify_msg);
565 pcmk__xml_free(notify_msg);
566 return pcmk_ok;
567 }
568
569 static int
570 cib_remote_set_connection_dnotify(cib_t * cib, void (*dnotify) (gpointer user_data))
571 {
572 return -EPROTONOSUPPORT;
573 }
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592 static int
593 cib_remote_client_id(const cib_t *cib, const char **async_id,
594 const char **sync_id)
595 {
596 cib_remote_opaque_t *private = cib->variant_opaque;
597
598 if (async_id != NULL) {
599
600 *async_id = private->callback.token;
601 }
602 if (sync_id != NULL) {
603
604 *sync_id = private->command.token;
605 }
606 return pcmk_ok;
607 }
608
609 cib_t *
610 cib_remote_new(const char *server, const char *user, const char *passwd, int port,
611 gboolean encrypted)
612 {
613 cib_remote_opaque_t *private = NULL;
614 cib_t *cib = cib_new_variant();
615
616 if (cib == NULL) {
617 return NULL;
618 }
619
620 private = calloc(1, sizeof(cib_remote_opaque_t));
621
622 if (private == NULL) {
623 free(cib);
624 return NULL;
625 }
626
627 cib->variant = cib_remote;
628 cib->variant_opaque = private;
629
630 private->server = pcmk__str_copy(server);
631 private->user = pcmk__str_copy(user);
632 private->passwd = pcmk__str_copy(passwd);
633 private->port = port;
634 private->encrypted = encrypted;
635
636
637 cib->delegate_fn = cib_remote_perform_op;
638 cib->cmds->signon = cib_remote_signon;
639 cib->cmds->signoff = cib_remote_signoff;
640 cib->cmds->free = cib_remote_free;
641 cib->cmds->register_notification = cib_remote_register_notification;
642 cib->cmds->set_connection_dnotify = cib_remote_set_connection_dnotify;
643
644 cib->cmds->client_id = cib_remote_client_id;
645
646 return cib;
647 }
648
649 void
650 cib__set_output(cib_t *cib, pcmk__output_t *out)
651 {
652 cib_remote_opaque_t *private;
653
654 if (cib->variant != cib_remote) {
655 return;
656 }
657
658 private = cib->variant_opaque;
659 private->out = out;
660 }
![[first]](../icons/first.png){kind=icon}
![[previous]](../icons/n_left.png){kind=icon}
![[next]](../icons/n_right.png){kind=icon}
![[last]](../icons/last.png){kind=icon}
![[top]](../icons/n_top.png){kind=icon}
![[bottom]](../icons/bottom.png){kind=icon}
![[index]](../icons/index.png){kind=icon}
![[help]](../icons/help.png){kind=icon}
*/
![[next]](../icons/right.png)
![[first]](../icons/n_first.png)
![[top]](../icons/top.png)
![[previous]](../icons/left.png)
![[last]](../icons/n_last.png)
![[bottom]](../icons/n_bottom.png){kind=icon}