18#include <sys/socket.h>
20#include <netinet/in.h>
21#include <netinet/ip.h>
22#include <netinet/tcp.h>
36#ifdef HAVE_GNUTLS_GNUTLS_H
37# include <gnutls/gnutls.h>
41#ifdef HAVE_LINUX_SWAB_H
42# include <linux/swab.h>
48#define __swab16(x) ((uint16_t)( \
49 (((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \
50 (((uint16_t)(x) & (uint16_t)0xff00U) >> 8)))
52#define __swab32(x) ((uint32_t)( \
53 (((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \
54 (((uint32_t)(x) & (uint32_t)0x0000ff00UL) << 8) | \
55 (((uint32_t)(x) & (uint32_t)0x00ff0000UL) >> 8) | \
56 (((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24)))
58#define __swab64(x) ((uint64_t)( \
59 (((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \
60 (((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \
61 (((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \
62 (((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) << 8) | \
63 (((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >> 8) | \
64 (((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \
65 (((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \
66 (((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56)))
69#define REMOTE_MSG_VERSION 1
70#define ENDIAN_LOCAL 0xBADADBBD
72struct remote_header_v0 {
97static struct remote_header_v0 *
100 struct remote_header_v0 *header = (
struct remote_header_v0 *)remote->
buffer;
101 if(remote->
buffer_offset <
sizeof(
struct remote_header_v0)) {
109 crm_err(
"Invalid message detected, endian mismatch: %" PRIx32
110 " is neither %" PRIx32
" nor the swab'd %" PRIx32,
116 header->flags =
__swab64(header->flags);
117 header->endian =
__swab32(header->endian);
119 header->version =
__swab32(header->version);
120 header->size_total =
__swab32(header->size_total);
121 header->payload_offset =
__swab32(header->payload_offset);
122 header->payload_compressed =
__swab32(header->payload_compressed);
123 header->payload_uncompressed =
__swab32(header->payload_uncompressed);
129#ifdef HAVE_GNUTLS_GNUTLS_H
136 time_t time_limit = time(NULL) + timeout_ms / 1000;
139 rc = gnutls_handshake(*remote->tls_session);
140 if ((rc == GNUTLS_E_INTERRUPTED) || (rc == GNUTLS_E_AGAIN)) {
144 crm_trace(
"TLS handshake poll failed: %s (%d)",
149 crm_trace(
"TLS handshake failed: %s (%d)",
150 gnutls_strerror(rc), rc);
155 }
while (time(NULL) < time_limit);
176 if (dh_min_bits > 0) {
177 crm_info(
"Requiring server use a Diffie-Hellman prime of at least %d bits",
179 gnutls_dh_set_prime_bits(*session, dh_min_bits);
184get_bound_dh_bits(
unsigned int dh_bits)
191 if ((dh_max_bits > 0) && (dh_max_bits < dh_min_bits)) {
192 crm_warn(
"Ignoring PCMK_dh_max_bits less than PCMK_dh_min_bits");
195 if ((dh_min_bits > 0) && (dh_bits < dh_min_bits)) {
198 if ((dh_max_bits > 0) && (dh_bits > dh_max_bits)) {
216pcmk__new_tls_session(
int csock,
unsigned int conn_type,
217 gnutls_credentials_type_t cred_type,
void *credentials)
219 int rc = GNUTLS_E_SUCCESS;
220 const char *prio_base = NULL;
231 prio_base = getenv(
"PCMK_tls_priorities");
232 if (prio_base == NULL) {
236 (cred_type == GNUTLS_CRD_ANON)?
"+ANON-DH" :
"+DHE-PSK:+PSK");
239 if (session == NULL) {
240 rc = GNUTLS_E_MEMORY_ERROR;
244 rc = gnutls_init(session, conn_type);
245 if (rc != GNUTLS_E_SUCCESS) {
253 rc = gnutls_priority_set_direct(*session, prio, NULL);
254 if (rc != GNUTLS_E_SUCCESS) {
257 if (conn_type == GNUTLS_CLIENT) {
258 set_minimum_dh_bits(session);
261 gnutls_transport_set_ptr(*session,
262 (gnutls_transport_ptr_t) GINT_TO_POINTER(csock));
264 rc = gnutls_credentials_set(*session, cred_type, credentials);
265 if (rc != GNUTLS_E_SUCCESS) {
272 crm_err(
"Could not initialize %s TLS %s session: %s "
273 CRM_XS " rc=%d priority='%s'",
274 (cred_type == GNUTLS_CRD_ANON)?
"anonymous" :
"PSK",
275 (conn_type == GNUTLS_SERVER)?
"server" :
"client",
276 gnutls_strerror(rc), rc, prio);
278 if (session != NULL) {
279 gnutls_free(session);
300pcmk__init_tls_dh(gnutls_dh_params_t *dh_params)
302 int rc = GNUTLS_E_SUCCESS;
303 unsigned int dh_bits = 0;
305 rc = gnutls_dh_params_init(dh_params);
306 if (rc != GNUTLS_E_SUCCESS) {
310 dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
311 GNUTLS_SEC_PARAM_NORMAL);
313 rc = GNUTLS_E_DH_PRIME_UNACCEPTABLE;
316 dh_bits = get_bound_dh_bits(dh_bits);
318 crm_info(
"Generating Diffie-Hellman parameters with %u-bit prime for TLS",
320 rc = gnutls_dh_params_generate2(*dh_params, dh_bits);
321 if (rc != GNUTLS_E_SUCCESS) {
328 crm_err(
"Could not initialize Diffie-Hellman parameters for TLS: %s "
329 CRM_XS " rc=%d", gnutls_strerror(rc), rc);
352 rc = gnutls_handshake(*client->
remote->tls_session);
353 }
while (rc == GNUTLS_E_INTERRUPTED);
355 if (rc == GNUTLS_E_AGAIN) {
360 }
else if (rc != GNUTLS_E_SUCCESS) {
361 crm_err(
"TLS handshake with remote client failed: %s "
362 CRM_XS " rc=%d", gnutls_strerror(rc), rc);
372 const char *unsent = iov->iov_base;
373 size_t unsent_len = iov->iov_len;
376 if (unsent == NULL) {
380 crm_trace(
"Sending TLS message of %llu bytes",
381 (
unsigned long long) unsent_len);
383 gnutls_rc = gnutls_record_send(*session, unsent, unsent_len);
385 if (gnutls_rc == GNUTLS_E_INTERRUPTED || gnutls_rc == GNUTLS_E_AGAIN) {
386 crm_trace(
"Retrying to send %llu bytes remaining",
387 (
unsigned long long) unsent_len);
389 }
else if (gnutls_rc < 0) {
392 gnutls_strerror((
int) gnutls_rc),
393 (
long long) gnutls_rc);
396 }
else if (gnutls_rc < unsent_len) {
397 crm_trace(
"Sent %lld of %llu bytes remaining",
398 (
long long) gnutls_rc, (
unsigned long long) unsent_len);
399 unsent_len -= gnutls_rc;
402 crm_trace(
"Sent all %lld bytes remaining", (
long long) gnutls_rc);
412send_plaintext(
int sock,
struct iovec *iov)
414 const char *unsent = iov->iov_base;
415 size_t unsent_len = iov->iov_len;
418 if (unsent == NULL) {
422 crm_debug(
"Sending plaintext message of %llu bytes to socket %d",
423 (
unsigned long long) unsent_len, sock);
425 write_rc = write(sock, unsent, unsent_len);
429 if ((errno == EINTR) || (errno == EAGAIN)) {
430 crm_trace(
"Retrying to send %llu bytes remaining to socket %d",
431 (
unsigned long long) unsent_len, sock);
440 }
else if (write_rc < unsent_len) {
441 crm_trace(
"Sent %lld of %llu bytes remaining",
442 (
long long) write_rc, (
unsigned long long) unsent_len);
444 unsent_len -= write_rc;
448 crm_trace(
"Sent all %lld bytes remaining: %.100s",
449 (
long long) write_rc, (
char *) (iov->iov_base));
458remote_send_iovs(
pcmk__remote_t *remote,
struct iovec *iov,
int iovs)
462 for (
int lpc = 0; (lpc < iovs) && (rc ==
pcmk_rc_ok); lpc++) {
463#ifdef HAVE_GNUTLS_GNUTLS_H
464 if (remote->tls_session) {
465 rc = send_tls(remote->tls_session, &(iov[lpc]));
470 rc = send_plaintext(remote->
tcp_socket, &(iov[lpc]));
472 rc = ESOCKTNOSUPPORT;
491 static uint64_t
id = 0;
492 char *xml_text = NULL;
495 struct remote_header_v0 *header;
497 CRM_CHECK((remote != NULL) && (msg != NULL),
return EINVAL);
500 CRM_CHECK(xml_text != NULL,
return EINVAL);
502 header = calloc(1,
sizeof(
struct remote_header_v0));
505 iov[0].iov_base = header;
506 iov[0].iov_len =
sizeof(
struct remote_header_v0);
508 iov[1].iov_base = xml_text;
509 iov[1].iov_len = 1 + strlen(xml_text);
515 header->payload_offset = iov[0].iov_len;
516 header->payload_uncompressed = iov[1].iov_len;
517 header->size_total = iov[0].iov_len + iov[1].iov_len;
519 rc = remote_send_iovs(remote, iov, 2);
521 crm_err(
"Could not send remote message: %s " CRM_XS " rc=%d",
525 free(iov[0].iov_base);
526 free(iov[1].iov_base);
543 struct remote_header_v0 *header = localized_remote_header(remote);
545 if (header == NULL) {
550 if (header->payload_compressed) {
552 unsigned int size_u = 1 + header->payload_uncompressed;
553 char *uncompressed = calloc(1, header->payload_offset + size_u);
555 crm_trace(
"Decompressing message data %d bytes into %d bytes",
556 header->payload_compressed, size_u);
558 rc = BZ2_bzBuffToBuffDecompress(uncompressed + header->payload_offset, &size_u,
559 remote->
buffer + header->payload_offset,
560 header->payload_compressed, 1, 0);
563 crm_warn(
"Couldn't decompress v%d message, we only understand v%d",
568 }
else if (rc != BZ_OK) {
575 CRM_ASSERT(size_u == header->payload_uncompressed);
577 memcpy(uncompressed, remote->
buffer, header->payload_offset);
578 remote->
buffer_size = header->payload_offset + size_u;
581 remote->
buffer = uncompressed;
582 header = localized_remote_header(remote);
588 CRM_LOG_ASSERT(remote->
buffer[
sizeof(
struct remote_header_v0) + header->payload_uncompressed - 1] == 0);
592 crm_warn(
"Couldn't parse v%d message, we only understand v%d",
595 }
else if (xml == NULL) {
596 crm_err(
"Couldn't parse: '%.120s'", remote->
buffer + header->payload_offset);
605#ifdef HAVE_GNUTLS_GNUTLS_H
606 if (remote->tls_session) {
607 void *sock_ptr = gnutls_transport_get_ptr(*remote->tls_session);
609 return GPOINTER_TO_INT(sock_ptr);
617 crm_err(
"Remote connection type undetermined (bug?)");
635 struct pollfd fds = { 0, };
641 sock = get_remote_socket(remote);
656 if (errno == EINTR && (
timeout > 0)) {
657 timeout = timeout_ms - ((time(NULL) - start) * 1000);
664 }
while (rc < 0 && errno == EINTR);
688 size_t read_len =
sizeof(
struct remote_header_v0);
689 struct remote_header_v0 *header = localized_remote_header(remote);
690 bool received =
false;
695 read_len = header->size_total;
701 crm_trace(
"Expanding buffer to %llu bytes",
706#ifdef HAVE_GNUTLS_GNUTLS_H
707 if (!received && remote->tls_session) {
708 read_rc = gnutls_record_recv(*(remote->tls_session),
711 if (read_rc == GNUTLS_E_INTERRUPTED) {
713 }
else if (read_rc == GNUTLS_E_AGAIN) {
715 }
else if (read_rc < 0) {
716 crm_debug(
"TLS receive failed: %s (%lld)",
717 gnutls_strerror(read_rc), (
long long) read_rc);
735 crm_err(
"Remote connection type undetermined (bug?)");
736 return ESOCKTNOSUPPORT;
744 crm_trace(
"Received %lld more bytes (%llu total)",
748 }
else if ((rc == EINTR) || (rc == EAGAIN)) {
749 crm_trace(
"No data available for non-blocking remote read: %s (%d)",
752 }
else if (read_rc == 0) {
753 crm_debug(
"End of remote data encountered after %llu bytes",
758 crm_debug(
"Error receiving remote data after %llu bytes: %s (%d)",
764 header = localized_remote_header(remote);
767 crm_trace(
"Read partial remote message (%llu of %u bytes)",
771 crm_trace(
"Read full remote message of %llu bytes",
794 time_t start = time(NULL);
795 int remaining_timeout = 0;
797 if (timeout_ms == 0) {
799 }
else if (timeout_ms < 0) {
803 remaining_timeout = timeout_ms;
804 while (remaining_timeout > 0) {
806 crm_trace(
"Waiting for remote data (%d ms of %d ms timeout remaining)",
807 remaining_timeout, timeout_ms);
811 crm_err(
"Timed out (%d ms) while waiting for remote data",
816 crm_debug(
"Wait for remote data aborted (will retry): %s "
820 rc = read_available_remote_data(remote);
823 }
else if (rc == EAGAIN) {
824 crm_trace(
"Waiting for more remote data");
832 if ((rc == ENOTCONN) || (rc == ESOCKTNOSUPPORT)) {
836 remaining_timeout = timeout_ms - ((time(NULL) - start) * 1000);
841struct tcp_async_cb_data {
846 void (*callback) (
void *userdata,
int rc,
int sock);
851check_connect_finished(gpointer userdata)
853 struct tcp_async_cb_data *cb_data = userdata;
857 struct timeval ts = { 0, };
859 if (cb_data->start == 0) {
867 FD_SET(cb_data->sock, &rset);
869 rc = select(cb_data->sock + 1, &rset, &wset, NULL, &ts);
873 if ((rc == EINPROGRESS) || (rc == EAGAIN)) {
874 if ((time(NULL) - cb_data->start) < (cb_data->timeout_ms / 1000)) {
880 crm_trace(
"Could not check socket %d for connection success: %s (%d)",
883 }
else if (rc == 0) {
884 if ((time(NULL) - cb_data->start) < (cb_data->timeout_ms / 1000)) {
887 crm_debug(
"Timed out while waiting for socket %d connection success",
893 }
else if (FD_ISSET(cb_data->sock, &rset)
894 || FD_ISSET(cb_data->sock, &wset)) {
898 socklen_t len =
sizeof(error);
900 if (getsockopt(cb_data->sock, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
902 crm_trace(
"Couldn't check socket %d for connection errors: %s (%d)",
904 }
else if (error != 0) {
906 crm_trace(
"Socket %d connected with error: %s (%d)",
913 crm_trace(
"select() succeeded, but socket %d not in resulting "
914 "read/write sets", cb_data->sock);
920 crm_trace(
"Socket %d is connected", cb_data->sock);
922 close(cb_data->sock);
926 if (cb_data->callback) {
927 cb_data->callback(cb_data->userdata, rc, cb_data->sock);
952connect_socket_retry(
int sock,
const struct sockaddr *addr, socklen_t addrlen,
953 int timeout_ms,
int *timer_id,
void *userdata,
954 void (*callback) (
void *userdata,
int rc,
int sock))
959 struct tcp_async_cb_data *cb_data = NULL;
963 crm_warn(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
968 rc = connect(sock, addr, addrlen);
969 if (rc < 0 && (errno != EINPROGRESS) && (errno != EAGAIN)) {
976 cb_data = calloc(1,
sizeof(
struct tcp_async_cb_data));
977 cb_data->userdata = userdata;
978 cb_data->callback = callback;
979 cb_data->sock = sock;
980 cb_data->timeout_ms = timeout_ms;
990 cb_data->start = time(NULL);
1002 crm_trace(
"Scheduling check in %dms for whether connect to fd %d finished",
1004 timer = g_timeout_add(interval, check_connect_finished, cb_data);
1025connect_socket_once(
int sock,
const struct sockaddr *addr, socklen_t addrlen)
1027 int rc = connect(sock, addr, addrlen);
1038 crm_warn(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
1064 int *sock_fd,
void *userdata,
1065 void (*callback) (
void *userdata,
int rc,
int sock))
1067 char buffer[INET6_ADDRSTRLEN];
1068 struct addrinfo *res = NULL;
1069 struct addrinfo *rp = NULL;
1070 struct addrinfo hints;
1071 const char *server =
host;
1075 CRM_CHECK((
host != NULL) && (sock_fd != NULL),
return EINVAL);
1078 memset(&hints, 0,
sizeof(
struct addrinfo));
1079 hints.ai_family = AF_UNSPEC;
1080 hints.ai_socktype = SOCK_STREAM;
1081 hints.ai_flags = AI_CANONNAME;
1082 rc = getaddrinfo(server, NULL, &hints, &res);
1084 crm_err(
"Unable to get IP address info for %s: %s",
1085 server, gai_strerror(rc));
1089 if (!res || !res->ai_addr) {
1090 crm_err(
"Unable to get IP address info for %s: no result", server);
1096 for (rp = res; rp != NULL; rp = rp->ai_next) {
1097 struct sockaddr *addr = rp->ai_addr;
1103 if (rp->ai_canonname) {
1104 server = res->ai_canonname;
1108 sock = socket(rp->ai_family, SOCK_STREAM, IPPROTO_TCP);
1111 crm_warn(
"Could not create socket for remote connection to %s:%d: "
1118 if (addr->sa_family == AF_INET6) {
1119 ((
struct sockaddr_in6 *)(
void*)addr)->sin6_port = htons(port);
1121 ((
struct sockaddr_in *)(
void*)addr)->sin_port = htons(port);
1126 crm_info(
"Attempting remote connection to %s:%d", buffer, port);
1129 if (connect_socket_retry(sock, rp->ai_addr, rp->ai_addrlen,
timeout,
1130 timer_id, userdata, callback) ==
pcmk_rc_ok) {
1134 }
else if (connect_socket_once(sock, rp->ai_addr,
1168 switch (((
const struct sockaddr *) sa)->sa_family) {
1170 inet_ntop(AF_INET, &(((
const struct sockaddr_in *) sa)->sin_addr),
1171 s, INET6_ADDRSTRLEN);
1176 &(((
const struct sockaddr_in6 *) sa)->sin6_addr),
1177 s, INET6_ADDRSTRLEN);
1181 strcpy(s,
"<invalid>");
1198 struct sockaddr_storage addr;
1199 socklen_t laddr =
sizeof(addr);
1200 char addr_str[INET6_ADDRSTRLEN];
1203 memset(&addr, 0,
sizeof(addr));
1204 *csock = accept(ssock, (
struct sockaddr *)&addr, &laddr);
1207 crm_err(
"Could not accept remote client connection: %s "
1212 crm_info(
"Accepted new remote client connection from %s", addr_str);
1216 crm_err(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
1223#ifdef TCP_USER_TIMEOUT
1228 rc = setsockopt(*csock, SOL_TCP, TCP_USER_TIMEOUT,
1229 &optval,
sizeof(optval));
1232 crm_err(
"Could not set TCP timeout to %d ms on remote connection: "
1252 static int port = 0;
1255 const char *env = getenv(
"PCMK_remote_port");
1259 port = strtol(env, NULL, 10);
1260 if (errno || (port < 1) || (port > 65535)) {
1261 crm_warn(
"Environment variable PCMK_remote_port has invalid value '%s', using %d instead",
struct tcp_async_cb_data __attribute__
int pcmk__remote_ready(const pcmk__remote_t *remote, int timeout_ms)
uint32_t payload_uncompressed
#define REMOTE_MSG_VERSION
int pcmk__remote_send_xml(pcmk__remote_t *remote, xmlNode *msg)
uint32_t payload_compressed
int crm_default_remote_port(void)
Get the default remote connection TCP port on this host.
int pcmk__accept_remote_connection(int ssock, int *csock)
void pcmk__sockaddr2str(const void *sa, char *s)
xmlNode * pcmk__remote_message_xml(pcmk__remote_t *remote)
int pcmk__connect_remote(const char *host, int port, int timeout, int *timer_id, int *sock_fd, void *userdata, void(*callback)(void *userdata, int rc, int sock))
int pcmk__read_remote_message(pcmk__remote_t *remote, int timeout_ms)
char * crm_strdup_printf(char const *format,...) G_GNUC_PRINTF(1
#define PCMK_GNUTLS_PRIORITIES
int pcmk__set_nonblocking(int fd)
#define crm_info(fmt, args...)
#define crm_warn(fmt, args...)
#define CRM_LOG_ASSERT(expr)
#define CRM_CHECK(expr, failure_action)
#define crm_debug(fmt, args...)
#define crm_err(fmt, args...)
#define crm_trace(fmt, args...)
#define DEFAULT_REMOTE_PORT
Wrappers for and extensions to glib mainloop.
long pcmk__get_sbd_timeout(void)
const char * bz2_strerror(int rc)
const char * pcmk_strerror(int rc)
const char * pcmk_rc_str(int rc)
Get a user-friendly description of a return code.
int pcmk_legacy2rc(int legacy_rc)
int pcmk__scan_min_int(const char *text, int *result, int minimum)
struct pcmk__remote_s * remote
Wrappers for and extensions to libxml2.
char * dump_xml_unformatted(xmlNode *msg)
xmlNode * string2xml(const char *input)
