1 /*
2 * Copyright (c) 2008 Andrew Beekhof
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 *
18 */
19 #include <crm_internal.h>
20
21 #include <unistd.h>
22 #include <stdlib.h>
23 #include <stdio.h>
24 #include <stdarg.h>
25 #include <string.h>
26 #include <netdb.h>
27 #include <termios.h>
28 #include <sys/socket.h>
29
30 #include <glib.h>
31
32 #include <crm/crm.h>
33 #include <crm/cib/internal.h>
34 #include <crm/msg_xml.h>
35 #include <crm/common/ipcs.h>
36 #include <crm/common/mainloop.h>
37 #include <crm/common/remote_internal.h>
38
39 #ifdef HAVE_GNUTLS_GNUTLS_H
40 # undef KEYFILE
41 # include <gnutls/gnutls.h>
42 gnutls_anon_client_credentials_t anon_cred_c;
43
44 # define DEFAULT_CLIENT_HANDSHAKE_TIMEOUT 5000 /* 5 seconds */
45
46 const int kx_prio[] = {
47 GNUTLS_KX_ANON_DH,
48 0
49 };
50
51 static gboolean remote_gnutls_credentials_init = FALSE;
52 #else
53 typedef void gnutls_session_t;
54 #endif
55
56 #include <arpa/inet.h>
57 #ifndef ON_BSD
58 # include <sgtty.h>
59 #endif
60
61 #define DH_BITS 1024
62
63 typedef struct cib_remote_opaque_s {
64 int flags;
65 int socket;
66 int port;
67 char *server;
68 char *user;
69 char *passwd;
70 gboolean encrypted;
71 crm_remote_t command;
72 crm_remote_t callback;
73
74 } cib_remote_opaque_t;
75
76 void cib_remote_connection_destroy(gpointer user_data);
77 int cib_remote_callback_dispatch(gpointer user_data);
78 int cib_remote_command_dispatch(gpointer user_data);
79 int cib_remote_signon(cib_t * cib, const char *name, enum cib_conn_type type);
80 int cib_remote_signoff(cib_t * cib);
81 int cib_remote_free(cib_t * cib);
82
83 int cib_remote_perform_op(cib_t * cib, const char *op, const char *host, const char *section,
84 xmlNode * data, xmlNode ** output_data, int call_options,
85 const char *name);
86
87 static int
cib_remote_inputfd(cib_t * cib)88 cib_remote_inputfd(cib_t * cib)
89 {
90 cib_remote_opaque_t *private = cib->variant_opaque;
91
92 return private->callback.tcp_socket;
93 }
94
95 static int
cib_remote_set_connection_dnotify(cib_t * cib,void (* dnotify)(gpointer user_data))96 cib_remote_set_connection_dnotify(cib_t * cib, void (*dnotify) (gpointer user_data))
97 {
98 return -EPROTONOSUPPORT;
99 }
100
101 static int
cib_remote_register_notification(cib_t * cib,const char * callback,int enabled)102 cib_remote_register_notification(cib_t * cib, const char *callback, int enabled)
103 {
104 xmlNode *notify_msg = create_xml_node(NULL, "cib_command");
105 cib_remote_opaque_t *private = cib->variant_opaque;
106
107 crm_xml_add(notify_msg, F_CIB_OPERATION, T_CIB_NOTIFY);
108 crm_xml_add(notify_msg, F_CIB_NOTIFY_TYPE, callback);
109 crm_xml_add_int(notify_msg, F_CIB_NOTIFY_ACTIVATE, enabled);
110 crm_remote_send(&private->callback, notify_msg);
111 free_xml(notify_msg);
112 return pcmk_ok;
113 }
114
115 cib_t *
cib_remote_new(const char * server,const char * user,const char * passwd,int port,gboolean encrypted)116 cib_remote_new(const char *server, const char *user, const char *passwd, int port,
117 gboolean encrypted)
118 {
119 cib_remote_opaque_t *private = NULL;
120 cib_t *cib = cib_new_variant();
121
122 private = calloc(1, sizeof(cib_remote_opaque_t));
123
124 cib->variant = cib_remote;
125 cib->variant_opaque = private;
126
127 if (server) {
128 private->server = strdup(server);
129 }
130
131 if (user) {
132 private->user = strdup(user);
133 }
134
135 if (passwd) {
136 private->passwd = strdup(passwd);
137 }
138
139 private->port = port;
140 private->encrypted = encrypted;
141
142 /* assign variant specific ops */
143 cib->delegate_fn = cib_remote_perform_op;
144 cib->cmds->signon = cib_remote_signon;
145 cib->cmds->signoff = cib_remote_signoff;
146 cib->cmds->free = cib_remote_free;
147 cib->cmds->inputfd = cib_remote_inputfd;
148
149 cib->cmds->register_notification = cib_remote_register_notification;
150 cib->cmds->set_connection_dnotify = cib_remote_set_connection_dnotify;
151
152 return cib;
153 }
154
155 static int
cib_tls_close(cib_t * cib)156 cib_tls_close(cib_t * cib)
157 {
158 cib_remote_opaque_t *private = cib->variant_opaque;
159
160 #ifdef HAVE_GNUTLS_GNUTLS_H
161 if (private->encrypted) {
162 if (private->command.tls_session) {
163 gnutls_bye(*(private->command.tls_session), GNUTLS_SHUT_RDWR);
164 gnutls_deinit(*(private->command.tls_session));
165 gnutls_free(private->command.tls_session);
166 }
167
168 if (private->callback.tls_session) {
169 gnutls_bye(*(private->callback.tls_session), GNUTLS_SHUT_RDWR);
170 gnutls_deinit(*(private->callback.tls_session));
171 gnutls_free(private->callback.tls_session);
172 }
173 private->command.tls_session = NULL;
174 private->callback.tls_session = NULL;
175 if (remote_gnutls_credentials_init) {
176 gnutls_anon_free_client_credentials(anon_cred_c);
177 gnutls_global_deinit();
178 remote_gnutls_credentials_init = FALSE;
179 }
180 }
181 #endif
182
183 if (private->command.tcp_socket) {
184 shutdown(private->command.tcp_socket, SHUT_RDWR); /* no more receptions */
185 close(private->command.tcp_socket);
186 }
187 if (private->callback.tcp_socket) {
188 shutdown(private->callback.tcp_socket, SHUT_RDWR); /* no more receptions */
189 close(private->callback.tcp_socket);
190 }
191 private->command.tcp_socket = 0;
192 private->callback.tcp_socket = 0;
193
194 free(private->command.buffer);
195 free(private->callback.buffer);
196 private->command.buffer = NULL;
197 private->callback.buffer = NULL;
198
199 return 0;
200 }
201
202 static int
cib_tls_signon(cib_t * cib,crm_remote_t * connection,gboolean event_channel)203 cib_tls_signon(cib_t * cib, crm_remote_t * connection, gboolean event_channel)
204 {
205 int sock;
206 cib_remote_opaque_t *private = cib->variant_opaque;
207 int rc = 0;
208 int disconnected = 0;
209
210 xmlNode *answer = NULL;
211 xmlNode *login = NULL;
212
213 static struct mainloop_fd_callbacks cib_fd_callbacks = { 0, };
214
215 cib_fd_callbacks.dispatch =
216 event_channel ? cib_remote_callback_dispatch : cib_remote_command_dispatch;
217 cib_fd_callbacks.destroy = cib_remote_connection_destroy;
218
219 connection->tcp_socket = 0;
220 #ifdef HAVE_GNUTLS_GNUTLS_H
221 connection->tls_session = NULL;
222 #endif
223 sock = crm_remote_tcp_connect(private->server, private->port);
224 if (sock < 0) {
225 crm_perror(LOG_ERR, "remote tcp connection to %s:%d failed", private->server,
226 private->port);
227 return -ENOTCONN;
228 }
229
230 connection->tcp_socket = sock;
231
232 if (private->encrypted) {
233 /* initialize GnuTls lib */
234 #ifdef HAVE_GNUTLS_GNUTLS_H
235 if (remote_gnutls_credentials_init == FALSE) {
236 crm_gnutls_global_init();
237 gnutls_anon_allocate_client_credentials(&anon_cred_c);
238 remote_gnutls_credentials_init = TRUE;
239 }
240
241 /* bind the socket to GnuTls lib */
242 connection->tls_session = pcmk__new_tls_session(sock, GNUTLS_CLIENT,
243 GNUTLS_CRD_ANON,
244 anon_cred_c);
245 if (connection->tls_session == NULL) {
246 cib_tls_close(cib);
247 return -1;
248 }
249
250 if (crm_initiate_client_tls_handshake(connection, DEFAULT_CLIENT_HANDSHAKE_TIMEOUT) != 0) {
251 crm_err("Session creation for %s:%d failed", private->server, private->port);
252
253 gnutls_deinit(*connection->tls_session);
254 gnutls_free(connection->tls_session);
255 connection->tls_session = NULL;
256 cib_tls_close(cib);
257 return -1;
258 }
259 #else
260 return -EPROTONOSUPPORT;
261 #endif
262 }
263
264 /* login to server */
265 login = create_xml_node(NULL, "cib_command");
266 crm_xml_add(login, "op", "authenticate");
267 crm_xml_add(login, "user", private->user);
268 crm_xml_add(login, "password", private->passwd);
269 crm_xml_add(login, "hidden", "password");
270
271 crm_remote_send(connection, login);
272 free_xml(login);
273
274 crm_remote_recv(connection, -1, &disconnected);
275
276 if (disconnected) {
277 rc = -ENOTCONN;
278 }
279
280 answer = crm_remote_parse_buffer(connection);
281
282 crm_log_xml_trace(answer, "Reply");
283 if (answer == NULL) {
284 rc = -EPROTO;
285
286 } else {
287 /* grab the token */
288 const char *msg_type = crm_element_value(answer, F_CIB_OPERATION);
289 const char *tmp_ticket = crm_element_value(answer, F_CIB_CLIENTID);
290
291 if (safe_str_neq(msg_type, CRM_OP_REGISTER)) {
292 crm_err("Invalid registration message: %s", msg_type);
293 rc = -EPROTO;
294
295 } else if (tmp_ticket == NULL) {
296 rc = -EPROTO;
297
298 } else {
299 connection->token = strdup(tmp_ticket);
300 }
301 }
302 free_xml(answer);
303 answer = NULL;
304
305 if (rc != 0) {
306 cib_tls_close(cib);
307 return rc;
308 }
309
310 crm_trace("remote client connection established");
311 connection->source =
312 mainloop_add_fd("cib-remote", G_PRIORITY_HIGH, sock, cib,
313 &cib_fd_callbacks);
314 return rc;
315 }
316
317 void
cib_remote_connection_destroy(gpointer user_data)318 cib_remote_connection_destroy(gpointer user_data)
319 {
320 crm_err("Connection destroyed");
321 #ifdef HAVE_GNUTLS_GNUTLS_H
322 cib_tls_close(user_data);
323 #endif
324 return;
325 }
326
327 int
cib_remote_command_dispatch(gpointer user_data)328 cib_remote_command_dispatch(gpointer user_data)
329 {
330 int disconnected = 0;
331 cib_t *cib = user_data;
332 cib_remote_opaque_t *private = cib->variant_opaque;
333
334 crm_remote_recv(&private->command, -1, &disconnected);
335
336 free(private->command.buffer);
337 private->command.buffer = NULL;
338 crm_err("received late reply for remote cib connection, discarding");
339
340 if (disconnected) {
341 return -1;
342 }
343 return 0;
344 }
345
346 int
cib_remote_callback_dispatch(gpointer user_data)347 cib_remote_callback_dispatch(gpointer user_data)
348 {
349 cib_t *cib = user_data;
350 cib_remote_opaque_t *private = cib->variant_opaque;
351
352 xmlNode *msg = NULL;
353 int disconnected = 0;
354
355 crm_info("Message on callback channel");
356
357 crm_remote_recv(&private->callback, -1, &disconnected);
358
359 msg = crm_remote_parse_buffer(&private->callback);
360 while (msg) {
361 const char *type = crm_element_value(msg, F_TYPE);
362
363 crm_trace("Activating %s callbacks...", type);
364
365 if (safe_str_eq(type, T_CIB)) {
366 cib_native_callback(cib, msg, 0, 0);
367
368 } else if (safe_str_eq(type, T_CIB_NOTIFY)) {
369 g_list_foreach(cib->notify_list, cib_native_notify, msg);
370
371 } else {
372 crm_err("Unknown message type: %s", type);
373 }
374
375 free_xml(msg);
376 msg = crm_remote_parse_buffer(&private->callback);
377 }
378
379 if (disconnected) {
380 return -1;
381 }
382
383 return 0;
384 }
385
386 int
cib_remote_signon(cib_t * cib,const char * name,enum cib_conn_type type)387 cib_remote_signon(cib_t * cib, const char *name, enum cib_conn_type type)
388 {
389 int rc = pcmk_ok;
390 cib_remote_opaque_t *private = cib->variant_opaque;
391
392 if (private->passwd == NULL) {
393 struct termios settings;
394
395 rc = tcgetattr(0, &settings);
396 if(rc == 0) {
397 settings.c_lflag &= ~ECHO;
398 rc = tcsetattr(0, TCSANOW, &settings);
399 }
400
401 if(rc == 0) {
402 fprintf(stderr, "Password: ");
403 private->passwd = calloc(1, 1024);
404 rc = scanf("%1023s", private->passwd);
405 fprintf(stderr, "\n");
406 }
407
408 /* fprintf(stderr, "entered: '%s'\n", buffer); */
409 if (rc < 1) {
410 private->passwd = NULL;
411 }
412
413 settings.c_lflag |= ECHO;
414 rc = tcsetattr(0, TCSANOW, &settings);
415 }
416
417 if (private->server == NULL || private->user == NULL) {
418 rc = -EINVAL;
419 }
420
421 if (rc == pcmk_ok) {
422 rc = cib_tls_signon(cib, &(private->command), FALSE);
423 }
424
425 if (rc == pcmk_ok) {
426 rc = cib_tls_signon(cib, &(private->callback), TRUE);
427 }
428
429 if (rc == pcmk_ok) {
430 xmlNode *hello =
431 cib_create_op(0, private->callback.token, CRM_OP_REGISTER, NULL, NULL, NULL, 0, NULL);
432 crm_xml_add(hello, F_CIB_CLIENTNAME, name);
433 crm_remote_send(&private->command, hello);
434 free_xml(hello);
435 }
436
437 if (rc == pcmk_ok) {
438 crm_notice("%s: Opened connection to %s:%d", name, private->server, private->port);
439 cib->state = cib_connected_command;
440 cib->type = cib_command;
441
442 } else {
443 fprintf(stderr, "%s: Connection to %s:%d failed: %s\n",
444 name, private->server, private->port, pcmk_strerror(rc));
445 }
446
447 return rc;
448 }
449
450 int
cib_remote_signoff(cib_t * cib)451 cib_remote_signoff(cib_t * cib)
452 {
453 int rc = pcmk_ok;
454
455 /* cib_remote_opaque_t *private = cib->variant_opaque; */
456
457 crm_debug("Signing out of the CIB Service");
458 #ifdef HAVE_GNUTLS_GNUTLS_H
459 cib_tls_close(cib);
460 #endif
461
462 cib->state = cib_disconnected;
463 cib->type = cib_no_connection;
464
465 return rc;
466 }
467
468 int
cib_remote_free(cib_t * cib)469 cib_remote_free(cib_t * cib)
470 {
471 int rc = pcmk_ok;
472
473 crm_warn("Freeing CIB");
474 if (cib->state != cib_disconnected) {
475 rc = cib_remote_signoff(cib);
476 if (rc == pcmk_ok) {
477 cib_remote_opaque_t *private = cib->variant_opaque;
478
479 free(private->server);
480 free(private->user);
481 free(private->passwd);
482 free(cib->cmds);
483 free(private);
484 free(cib);
485 }
486 }
487
488 return rc;
489 }
490
491 int
cib_remote_perform_op(cib_t * cib,const char * op,const char * host,const char * section,xmlNode * data,xmlNode ** output_data,int call_options,const char * name)492 cib_remote_perform_op(cib_t * cib, const char *op, const char *host, const char *section,
493 xmlNode * data, xmlNode ** output_data, int call_options, const char *name)
494 {
495 int rc = pcmk_ok;
496 int disconnected = 0;
497 int remaining_time = 0;
498 time_t start_time;
499
500 xmlNode *op_msg = NULL;
501 xmlNode *op_reply = NULL;
502
503 cib_remote_opaque_t *private = cib->variant_opaque;
504
505 if (cib->state == cib_disconnected) {
506 return -ENOTCONN;
507 }
508
509 if (output_data != NULL) {
510 *output_data = NULL;
511 }
512
513 if (op == NULL) {
514 crm_err("No operation specified");
515 return -EINVAL;
516 }
517
518 cib->call_id++;
519 /* prevent call_id from being negative (or zero) and conflicting
520 * with the cib_errors enum
521 * use 2 because we use it as (cib->call_id - 1) below
522 */
523 if (cib->call_id < 1) {
524 cib->call_id = 1;
525 }
526
527 op_msg =
528 cib_create_op(cib->call_id, private->callback.token, op, host, section, data, call_options,
529 NULL);
530 if (op_msg == NULL) {
531 return -EPROTO;
532 }
533
534 crm_trace("Sending %s message to CIB service", op);
535 if (!(call_options & cib_sync_call)) {
536 crm_remote_send(&private->callback, op_msg);
537 } else {
538 crm_remote_send(&private->command, op_msg);
539 }
540 free_xml(op_msg);
541
542 if ((call_options & cib_discard_reply)) {
543 crm_trace("Discarding reply");
544 return pcmk_ok;
545
546 } else if (!(call_options & cib_sync_call)) {
547 return cib->call_id;
548 }
549
550 crm_trace("Waiting for a synchronous reply");
551
552 start_time = time(NULL);
553 remaining_time = cib->call_timeout ? cib->call_timeout : 60;
554
555 while (remaining_time > 0 && !disconnected) {
556 int reply_id = -1;
557 int msg_id = cib->call_id;
558
559 crm_remote_recv(&private->command, remaining_time * 1000, &disconnected);
560 op_reply = crm_remote_parse_buffer(&private->command);
561
562 if (!op_reply) {
563 break;
564 }
565
566 crm_element_value_int(op_reply, F_CIB_CALLID, &reply_id);
567
568 if (reply_id == msg_id) {
569 break;
570
571 } else if (reply_id < msg_id) {
572 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
573 crm_log_xml_trace(op_reply, "Old reply");
574
575 } else if ((reply_id - 10000) > msg_id) {
576 /* wrap-around case */
577 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
578 crm_log_xml_trace(op_reply, "Old reply");
579 } else {
580 crm_err("Received a __future__ reply:" " %d (wanted %d)", reply_id, msg_id);
581 }
582
583 free_xml(op_reply);
584 op_reply = NULL;
585
586 /* wasn't the right reply, try and read some more */
587 remaining_time = time(NULL) - start_time;
588 }
589
590 /* if(IPC_ISRCONN(native->command_channel) == FALSE) { */
591 /* crm_err("CIB disconnected: %d", */
592 /* native->command_channel->ch_status); */
593 /* cib->state = cib_disconnected; */
594 /* } */
595
596 if (disconnected) {
597 crm_err("Disconnected while waiting for reply.");
598 return -ENOTCONN;
599 } else if (op_reply == NULL) {
600 crm_err("No reply message - empty");
601 return -ENOMSG;
602 }
603
604 crm_trace("Synchronous reply received");
605
606 /* Start processing the reply... */
607 if (crm_element_value_int(op_reply, F_CIB_RC, &rc) != 0) {
608 rc = -EPROTO;
609 }
610
611 if (rc == -pcmk_err_diff_resync) {
612 /* This is an internal value that clients do not and should not care about */
613 rc = pcmk_ok;
614 }
615
616 if (rc == pcmk_ok || rc == -EPERM) {
617 crm_log_xml_debug(op_reply, "passed");
618
619 } else {
620 /* } else if(rc == -ETIME) { */
621 crm_err("Call failed: %s", pcmk_strerror(rc));
622 crm_log_xml_warn(op_reply, "failed");
623 }
624
625 if (output_data == NULL) {
626 /* do nothing more */
627
628 } else if (!(call_options & cib_discard_reply)) {
629 xmlNode *tmp = get_message_xml(op_reply, F_CIB_CALLDATA);
630
631 if (tmp == NULL) {
632 crm_trace("No output in reply to \"%s\" command %d", op, cib->call_id - 1);
633 } else {
634 *output_data = copy_xml(tmp);
635 }
636 }
637
638 free_xml(op_reply);
639
640 return rc;
641 }
642