18#include <sys/socket.h>
20#include <netinet/in.h>
21#include <netinet/ip.h>
22#include <netinet/tcp.h>
36#ifdef HAVE_GNUTLS_GNUTLS_H
37# include <gnutls/gnutls.h>
41#ifdef HAVE_LINUX_SWAB_H
42# include <linux/swab.h>
48#define __swab16(x) ((uint16_t)( \
49 (((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \
50 (((uint16_t)(x) & (uint16_t)0xff00U) >> 8)))
52#define __swab32(x) ((uint32_t)( \
53 (((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \
54 (((uint32_t)(x) & (uint32_t)0x0000ff00UL) << 8) | \
55 (((uint32_t)(x) & (uint32_t)0x00ff0000UL) >> 8) | \
56 (((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24)))
58#define __swab64(x) ((uint64_t)( \
59 (((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \
60 (((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \
61 (((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \
62 (((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) << 8) | \
63 (((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >> 8) | \
64 (((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \
65 (((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \
66 (((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56)))
69#define REMOTE_MSG_VERSION 1
70#define ENDIAN_LOCAL 0xBADADBBD
72struct remote_header_v0 {
97static struct remote_header_v0 *
100 struct remote_header_v0 *header = (
struct remote_header_v0 *)remote->
buffer;
101 if(remote->buffer_offset <
sizeof(
struct remote_header_v0)) {
109 crm_err(
"Invalid message detected, endian mismatch: %" PRIx32
110 " is neither %" PRIx32
" nor the swab'd %" PRIx32,
116 header->flags =
__swab64(header->flags);
117 header->endian =
__swab32(header->endian);
119 header->version =
__swab32(header->version);
120 header->size_total =
__swab32(header->size_total);
121 header->payload_offset =
__swab32(header->payload_offset);
122 header->payload_compressed =
__swab32(header->payload_compressed);
123 header->payload_uncompressed =
__swab32(header->payload_uncompressed);
129#ifdef HAVE_GNUTLS_GNUTLS_H
136 time_t time_limit = time(NULL) + timeout_ms / 1000;
139 rc = gnutls_handshake(*remote->tls_session);
140 if ((rc == GNUTLS_E_INTERRUPTED) || (rc == GNUTLS_E_AGAIN)) {
144 crm_trace(
"TLS handshake poll failed: %s (%d)",
149 crm_trace(
"TLS handshake failed: %s (%d)",
150 gnutls_strerror(rc), rc);
155 }
while (time(NULL) < time_limit);
166set_minimum_dh_bits(
const gnutls_session_t *session)
177 if (dh_min_bits > 0) {
178 crm_info(
"Requiring server use a Diffie-Hellman prime of at least %d bits",
180 gnutls_dh_set_prime_bits(*session, dh_min_bits);
185get_bound_dh_bits(
unsigned int dh_bits)
195 if ((dh_max_bits > 0) && (dh_max_bits < dh_min_bits)) {
196 crm_warn(
"Ignoring PCMK_dh_max_bits less than PCMK_dh_min_bits");
199 if ((dh_min_bits > 0) && (dh_bits < dh_min_bits)) {
202 if ((dh_max_bits > 0) && (dh_bits > dh_max_bits)) {
220pcmk__new_tls_session(
int csock,
unsigned int conn_type,
221 gnutls_credentials_type_t cred_type,
void *credentials)
223 int rc = GNUTLS_E_SUCCESS;
224 const char *prio_base = NULL;
226 gnutls_session_t *session = NULL;
236 if (prio_base == NULL) {
240 (cred_type == GNUTLS_CRD_ANON)?
"+ANON-DH" :
"+DHE-PSK:+PSK");
242 session = gnutls_malloc(
sizeof(gnutls_session_t));
243 if (session == NULL) {
244 rc = GNUTLS_E_MEMORY_ERROR;
248 rc = gnutls_init(session, conn_type);
249 if (rc != GNUTLS_E_SUCCESS) {
257 rc = gnutls_priority_set_direct(*session, prio, NULL);
258 if (rc != GNUTLS_E_SUCCESS) {
261 if (conn_type == GNUTLS_CLIENT) {
262 set_minimum_dh_bits(session);
265 gnutls_transport_set_ptr(*session,
266 (gnutls_transport_ptr_t) GINT_TO_POINTER(csock));
268 rc = gnutls_credentials_set(*session, cred_type, credentials);
269 if (rc != GNUTLS_E_SUCCESS) {
276 crm_err(
"Could not initialize %s TLS %s session: %s "
277 CRM_XS " rc=%d priority='%s'",
278 (cred_type == GNUTLS_CRD_ANON)?
"anonymous" :
"PSK",
279 (conn_type == GNUTLS_SERVER)?
"server" :
"client",
280 gnutls_strerror(rc), rc, prio);
282 if (session != NULL) {
283 gnutls_free(session);
304pcmk__init_tls_dh(gnutls_dh_params_t *dh_params)
306 int rc = GNUTLS_E_SUCCESS;
307 unsigned int dh_bits = 0;
309 rc = gnutls_dh_params_init(dh_params);
310 if (rc != GNUTLS_E_SUCCESS) {
314 dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
315 GNUTLS_SEC_PARAM_NORMAL);
317 rc = GNUTLS_E_DH_PRIME_UNACCEPTABLE;
320 dh_bits = get_bound_dh_bits(dh_bits);
322 crm_info(
"Generating Diffie-Hellman parameters with %u-bit prime for TLS",
324 rc = gnutls_dh_params_generate2(*dh_params, dh_bits);
325 if (rc != GNUTLS_E_SUCCESS) {
332 crm_err(
"Could not initialize Diffie-Hellman parameters for TLS: %s "
333 CRM_XS " rc=%d", gnutls_strerror(rc), rc);
356 rc = gnutls_handshake(*client->
remote->tls_session);
357 }
while (rc == GNUTLS_E_INTERRUPTED);
359 if (rc == GNUTLS_E_AGAIN) {
364 }
else if (rc != GNUTLS_E_SUCCESS) {
365 crm_err(
"TLS handshake with remote client failed: %s "
366 CRM_XS " rc=%d", gnutls_strerror(rc), rc);
374send_tls(gnutls_session_t *session,
struct iovec *iov)
376 const char *unsent = iov->iov_base;
377 size_t unsent_len = iov->iov_len;
380 if (unsent == NULL) {
384 crm_trace(
"Sending TLS message of %llu bytes",
385 (
unsigned long long) unsent_len);
387 gnutls_rc = gnutls_record_send(*session, unsent, unsent_len);
389 if (gnutls_rc == GNUTLS_E_INTERRUPTED || gnutls_rc == GNUTLS_E_AGAIN) {
390 crm_trace(
"Retrying to send %llu bytes remaining",
391 (
unsigned long long) unsent_len);
393 }
else if (gnutls_rc < 0) {
396 gnutls_strerror((
int) gnutls_rc),
397 (
long long) gnutls_rc);
400 }
else if (gnutls_rc < unsent_len) {
401 crm_trace(
"Sent %lld of %llu bytes remaining",
402 (
long long) gnutls_rc, (
unsigned long long) unsent_len);
403 unsent_len -= gnutls_rc;
406 crm_trace(
"Sent all %lld bytes remaining", (
long long) gnutls_rc);
416send_plaintext(
int sock,
struct iovec *iov)
418 const char *unsent = iov->iov_base;
419 size_t unsent_len = iov->iov_len;
422 if (unsent == NULL) {
426 crm_debug(
"Sending plaintext message of %llu bytes to socket %d",
427 (
unsigned long long) unsent_len, sock);
429 write_rc = write(sock, unsent, unsent_len);
433 if ((errno == EINTR) || (errno == EAGAIN)) {
434 crm_trace(
"Retrying to send %llu bytes remaining to socket %d",
435 (
unsigned long long) unsent_len, sock);
444 }
else if (write_rc < unsent_len) {
445 crm_trace(
"Sent %lld of %llu bytes remaining",
446 (
long long) write_rc, (
unsigned long long) unsent_len);
448 unsent_len -= write_rc;
452 crm_trace(
"Sent all %lld bytes remaining: %.100s",
453 (
long long) write_rc, (
char *) (iov->iov_base));
462remote_send_iovs(
pcmk__remote_t *remote,
struct iovec *iov,
int iovs)
466 for (
int lpc = 0; (lpc < iovs) && (rc ==
pcmk_rc_ok); lpc++) {
467#ifdef HAVE_GNUTLS_GNUTLS_H
468 if (remote->tls_session) {
469 rc = send_tls(remote->tls_session, &(iov[lpc]));
474 rc = send_plaintext(remote->
tcp_socket, &(iov[lpc]));
476 rc = ESOCKTNOSUPPORT;
495 static uint64_t
id = 0;
496 GString *xml_text = NULL;
499 struct remote_header_v0 *header;
501 CRM_CHECK((remote != NULL) && (msg != NULL),
return EINVAL);
503 xml_text = g_string_sized_new(1024);
506 g_string_free(xml_text, TRUE);
return EINVAL);
510 iov[0].iov_base = header;
511 iov[0].iov_len =
sizeof(
struct remote_header_v0);
513 iov[1].iov_len = 1 + xml_text->len;
514 iov[1].iov_base = g_string_free(xml_text, FALSE);
520 header->payload_offset = iov[0].iov_len;
521 header->payload_uncompressed = iov[1].iov_len;
522 header->size_total = iov[0].iov_len + iov[1].iov_len;
524 rc = remote_send_iovs(remote, iov, 2);
526 crm_err(
"Could not send remote message: %s " CRM_XS " rc=%d",
530 free(iov[0].iov_base);
531 g_free((gchar *) iov[1].iov_base);
548 struct remote_header_v0 *header = localized_remote_header(remote);
550 if (header == NULL) {
555 if (header->payload_compressed) {
557 unsigned int size_u = 1 + header->payload_uncompressed;
561 crm_trace(
"Decompressing message data %d bytes into %d bytes",
562 header->payload_compressed, size_u);
564 rc = BZ2_bzBuffToBuffDecompress(uncompressed + header->payload_offset, &size_u,
565 remote->
buffer + header->payload_offset,
566 header->payload_compressed, 1, 0);
570 crm_warn(
"Couldn't decompress v%d message, we only understand v%d",
582 CRM_ASSERT(size_u == header->payload_uncompressed);
584 memcpy(uncompressed, remote->
buffer, header->payload_offset);
585 remote->
buffer_size = header->payload_offset + size_u;
588 remote->
buffer = uncompressed;
589 header = localized_remote_header(remote);
595 CRM_LOG_ASSERT(remote->
buffer[
sizeof(
struct remote_header_v0) + header->payload_uncompressed - 1] == 0);
599 crm_warn(
"Couldn't parse v%d message, we only understand v%d",
602 }
else if (xml == NULL) {
603 crm_err(
"Couldn't parse: '%.120s'", remote->
buffer + header->payload_offset);
612#ifdef HAVE_GNUTLS_GNUTLS_H
613 if (remote->tls_session) {
614 void *sock_ptr = gnutls_transport_get_ptr(*remote->tls_session);
616 return GPOINTER_TO_INT(sock_ptr);
624 crm_err(
"Remote connection type undetermined (bug?)");
642 struct pollfd fds = { 0, };
648 sock = get_remote_socket(remote);
663 if (errno == EINTR && (
timeout > 0)) {
664 timeout = timeout_ms - ((time(NULL) - start) * 1000);
671 }
while (rc < 0 && errno == EINTR);
695 size_t read_len =
sizeof(
struct remote_header_v0);
696 struct remote_header_v0 *header = localized_remote_header(remote);
697 bool received =
false;
702 read_len = header->size_total;
708 crm_trace(
"Expanding buffer to %llu bytes",
713#ifdef HAVE_GNUTLS_GNUTLS_H
714 if (!received && remote->tls_session) {
715 read_rc = gnutls_record_recv(*(remote->tls_session),
718 if (read_rc == GNUTLS_E_INTERRUPTED) {
720 }
else if (read_rc == GNUTLS_E_AGAIN) {
722 }
else if (read_rc < 0) {
723 crm_debug(
"TLS receive failed: %s (%lld)",
724 gnutls_strerror(read_rc), (
long long) read_rc);
742 crm_err(
"Remote connection type undetermined (bug?)");
743 return ESOCKTNOSUPPORT;
751 crm_trace(
"Received %lld more bytes (%llu total)",
755 }
else if ((rc == EINTR) || (rc == EAGAIN)) {
756 crm_trace(
"No data available for non-blocking remote read: %s (%d)",
759 }
else if (read_rc == 0) {
760 crm_debug(
"End of remote data encountered after %llu bytes",
765 crm_debug(
"Error receiving remote data after %llu bytes: %s (%d)",
771 header = localized_remote_header(remote);
774 crm_trace(
"Read partial remote message (%llu of %u bytes)",
778 crm_trace(
"Read full remote message of %llu bytes",
801 time_t start = time(NULL);
802 int remaining_timeout = 0;
804 if (timeout_ms == 0) {
806 }
else if (timeout_ms < 0) {
810 remaining_timeout = timeout_ms;
811 while (remaining_timeout > 0) {
813 crm_trace(
"Waiting for remote data (%d ms of %d ms timeout remaining)",
814 remaining_timeout, timeout_ms);
818 crm_err(
"Timed out (%d ms) while waiting for remote data",
823 crm_debug(
"Wait for remote data aborted (will retry): %s "
827 rc = read_available_remote_data(remote);
830 }
else if (rc == EAGAIN) {
831 crm_trace(
"Waiting for more remote data");
839 if ((rc == ENOTCONN) || (rc == ESOCKTNOSUPPORT)) {
843 remaining_timeout = timeout_ms - ((time(NULL) - start) * 1000);
848struct tcp_async_cb_data {
853 void (*callback) (
void *userdata,
int rc,
int sock);
858check_connect_finished(gpointer userdata)
860 struct tcp_async_cb_data *cb_data = userdata;
864 struct timeval ts = { 0, };
866 if (cb_data->start == 0) {
874 FD_SET(cb_data->sock, &rset);
876 rc = select(cb_data->sock + 1, &rset, &wset, NULL, &ts);
880 if ((rc == EINPROGRESS) || (rc == EAGAIN)) {
881 if ((time(NULL) - cb_data->start) < (cb_data->timeout_ms / 1000)) {
887 crm_trace(
"Could not check socket %d for connection success: %s (%d)",
890 }
else if (rc == 0) {
891 if ((time(NULL) - cb_data->start) < (cb_data->timeout_ms / 1000)) {
894 crm_debug(
"Timed out while waiting for socket %d connection success",
900 }
else if (FD_ISSET(cb_data->sock, &rset)
901 || FD_ISSET(cb_data->sock, &wset)) {
905 socklen_t len =
sizeof(error);
907 if (getsockopt(cb_data->sock, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
909 crm_trace(
"Couldn't check socket %d for connection errors: %s (%d)",
911 }
else if (error != 0) {
913 crm_trace(
"Socket %d connected with error: %s (%d)",
920 crm_trace(
"select() succeeded, but socket %d not in resulting "
921 "read/write sets", cb_data->sock);
927 crm_trace(
"Socket %d is connected", cb_data->sock);
929 close(cb_data->sock);
933 if (cb_data->callback) {
934 cb_data->callback(cb_data->userdata, rc, cb_data->sock);
959connect_socket_retry(
int sock,
const struct sockaddr *addr, socklen_t addrlen,
960 int timeout_ms,
int *timer_id,
void *userdata,
961 void (*callback) (
void *userdata,
int rc,
int sock))
966 struct tcp_async_cb_data *cb_data = NULL;
970 crm_warn(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
975 rc = connect(sock, addr, addrlen);
976 if (rc < 0 && (errno != EINPROGRESS) && (errno != EAGAIN)) {
984 cb_data->userdata = userdata;
985 cb_data->callback = callback;
986 cb_data->sock = sock;
987 cb_data->timeout_ms = timeout_ms;
997 cb_data->start = time(NULL);
1009 crm_trace(
"Scheduling check in %dms for whether connect to fd %d finished",
1011 timer = g_timeout_add(interval, check_connect_finished, cb_data);
1032connect_socket_once(
int sock,
const struct sockaddr *addr, socklen_t addrlen)
1034 int rc = connect(sock, addr, addrlen);
1045 crm_warn(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
1071 int *sock_fd,
void *userdata,
1072 void (*callback) (
void *userdata,
int rc,
int sock))
1074 char buffer[INET6_ADDRSTRLEN];
1075 struct addrinfo *res = NULL;
1076 struct addrinfo *rp = NULL;
1077 struct addrinfo hints;
1078 const char *server =
host;
1082 CRM_CHECK((
host != NULL) && (sock_fd != NULL),
return EINVAL);
1085 memset(&hints, 0,
sizeof(
struct addrinfo));
1086 hints.ai_family = AF_UNSPEC;
1087 hints.ai_socktype = SOCK_STREAM;
1088 hints.ai_flags = AI_CANONNAME;
1090 rc = getaddrinfo(server, NULL, &hints, &res);
1094 crm_err(
"Unable to get IP address info for %s: %s",
1099 if (!res || !res->ai_addr) {
1100 crm_err(
"Unable to get IP address info for %s: no result", server);
1106 for (rp = res; rp != NULL; rp = rp->ai_next) {
1107 struct sockaddr *addr = rp->ai_addr;
1113 if (rp->ai_canonname) {
1114 server = res->ai_canonname;
1118 sock = socket(rp->ai_family, SOCK_STREAM, IPPROTO_TCP);
1121 crm_warn(
"Could not create socket for remote connection to %s:%d: "
1128 if (addr->sa_family == AF_INET6) {
1129 ((
struct sockaddr_in6 *)(
void*)addr)->sin6_port = htons(port);
1131 ((
struct sockaddr_in *)(
void*)addr)->sin_port = htons(port);
1136 crm_info(
"Attempting remote connection to %s:%d", buffer, port);
1139 if (connect_socket_retry(sock, rp->ai_addr, rp->ai_addrlen,
timeout,
1140 timer_id, userdata, callback) ==
pcmk_rc_ok) {
1144 }
else if (connect_socket_once(sock, rp->ai_addr,
1178 switch (((
const struct sockaddr *) sa)->sa_family) {
1180 inet_ntop(AF_INET, &(((
const struct sockaddr_in *) sa)->sin_addr),
1181 s, INET6_ADDRSTRLEN);
1186 &(((
const struct sockaddr_in6 *) sa)->sin6_addr),
1187 s, INET6_ADDRSTRLEN);
1191 strcpy(s,
"<invalid>");
1208 struct sockaddr_storage addr;
1209 socklen_t laddr =
sizeof(addr);
1210 char addr_str[INET6_ADDRSTRLEN];
1211#ifdef TCP_USER_TIMEOUT
1212 long sbd_timeout = 0;
1216 memset(&addr, 0,
sizeof(addr));
1217 *csock = accept(ssock, (
struct sockaddr *)&addr, &laddr);
1220 crm_err(
"Could not accept remote client connection: %s "
1225 crm_info(
"Accepted new remote client connection from %s", addr_str);
1229 crm_err(
"Could not set socket non-blocking: %s " CRM_XS " rc=%d",
1236#ifdef TCP_USER_TIMEOUT
1238 if (sbd_timeout > 0) {
1240 long half = sbd_timeout / 2;
1241 unsigned int optval = (half <= UINT_MAX)? half : UINT_MAX;
1243 rc = setsockopt(*csock, SOL_TCP, TCP_USER_TIMEOUT,
1244 &optval,
sizeof(optval));
1247 crm_err(
"Could not set TCP timeout to %d ms on remote connection: "
1267 static int port = 0;
1274 port = strtol(env, NULL, 10);
1275 if (errno || (port < 1) || (port > 65535)) {
1277 " has invalid value '%s', using %d instead",
#define pcmk__assert_alloc(nmemb, size)
struct tcp_async_cb_data __attribute__
int pcmk__remote_ready(const pcmk__remote_t *remote, int timeout_ms)
uint32_t payload_uncompressed
#define REMOTE_MSG_VERSION
uint32_t payload_compressed
int crm_default_remote_port(void)
Get the default remote connection TCP port on this host.
int pcmk__remote_send_xml(pcmk__remote_t *remote, const xmlNode *msg)
int pcmk__accept_remote_connection(int ssock, int *csock)
void pcmk__sockaddr2str(const void *sa, char *s)
xmlNode * pcmk__remote_message_xml(pcmk__remote_t *remote)
int pcmk__connect_remote(const char *host, int port, int timeout, int *timer_id, int *sock_fd, void *userdata, void(*callback)(void *userdata, int rc, int sock))
int pcmk__read_remote_message(pcmk__remote_t *remote, int timeout_ms)
char * crm_strdup_printf(char const *format,...) G_GNUC_PRINTF(1
#define PCMK_GNUTLS_PRIORITIES
int pcmk__set_nonblocking(int fd)
#define crm_info(fmt, args...)
#define crm_warn(fmt, args...)
#define CRM_LOG_ASSERT(expr)
#define CRM_CHECK(expr, failure_action)
#define crm_debug(fmt, args...)
#define crm_err(fmt, args...)
#define crm_trace(fmt, args...)
#define DEFAULT_REMOTE_PORT
Wrappers for and extensions to glib mainloop.
#define PCMK__ENV_REMOTE_PORT
#define PCMK__ENV_DH_MAX_BITS
#define PCMK__ENV_TLS_PRIORITIES
long pcmk__get_sbd_watchdog_timeout(void)
const char * pcmk__env_option(const char *option)
#define PCMK__ENV_DH_MIN_BITS
const char * pcmk_strerror(int rc)
const char * pcmk_rc_str(int rc)
Get a user-friendly description of a return code.
int pcmk_legacy2rc(int legacy_rc)
int pcmk__gaierror2rc(int gai)
Map a getaddrinfo() return code to the most similar Pacemaker return code.
int pcmk__bzlib2rc(int bz2)
Map a bz2 return code to the most similar Pacemaker return code.
int pcmk__scan_min_int(const char *text, int *result, int minimum)
struct pcmk__remote_s * remote
Wrappers for and extensions to libxml2.
void pcmk__xml_string(const xmlNode *data, uint32_t options, GString *buffer, int depth)
xmlNode * pcmk__xml_parse(const char *input)
