1 /*
2 * Copyright 2008-2026 the Pacemaker project contributors
3 *
4 * The version control history for this file may have further details.
5 *
6 * This source code is licensed under the GNU Lesser General Public License
7 * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
8 */
9
10 #include <crm_internal.h>
11
12 #include <errno.h> // ENOTCONN, EPROTO, EAGAIN
13 #include <stdbool.h> // false, bool, true
14 #include <stdlib.h> // NULL, free, calloc
15 #include <string.h> // strdup
16 #include <sys/socket.h> // shutdown, SHUT_RDWR
17 #include <time.h> // time, time_t
18 #include <unistd.h> // close
19
20 #include <glib.h> // gboolean, g_*, G_*
21 #include <gnutls/gnutls.h> // gnutls_deinit, gnutls_bye
22 #include <libxml/tree.h> // xmlNode
23 #include <qb/qblog.h> // QB_XS
24
25 #include <crm/cib.h> // cib_t, cib_remote_new
26 #include <crm/cib/internal.h> // cib__create_op, cib__extend_transaction
27 #include <crm/common/internal.h>
28 #include <crm/common/mainloop.h> // mainloop_fd_callbacks
29 #include <crm/common/results.h> // pcmk_rc_str, pcmk_rc_*
30 #include <crm/common/xml.h> // PCMK_XA_*,
31 #include <crm/crm.h> // CRM_OP_REGISTER, crm_system_name
32
33 // GnuTLS handshake timeout in seconds
34 #define TLS_HANDSHAKE_TIMEOUT 5
35
36 static pcmk__tls_t *tls = NULL;
37
38 #include <arpa/inet.h>
39
40 typedef struct {
41 int port;
42 char *server;
43 char *user;
44 char *passwd;
45 gboolean encrypted;
46 pcmk__remote_t command;
47 pcmk__remote_t callback;
48 pcmk__output_t *out;
49 time_t start_time;
50 int timeout_sec;
51 } cib_remote_opaque_t;
52
53 static bool
54 ack_is_failure(const xmlNode *reply)
55 {
56 int status = 0;
57
58 pcmk__xe_get_int(reply, PCMK_XA_STATUS, &status);
59 if (status != CRM_EX_OK) {
60 pcmk__err("Received error response from based: %s", crm_exit_str(status));
61 return true;
62 }
63
64 return false;
65 }
66
67 static int
68 cib_remote_perform_op(cib_t *cib, const char *op, const char *host,
69 const char *section, xmlNode *data,
70 xmlNode **output_data, int call_options,
71 const char *user_name)
72 {
73 int rc;
74 int remaining_time = 0;
75 time_t start_time;
76
77 xmlNode *op_msg = NULL;
78 xmlNode *op_reply = NULL;
79
80 cib_remote_opaque_t *private = cib->variant_opaque;
81
82 if (cib->state == cib_disconnected) {
83 return -ENOTCONN;
84 }
85
86 if (output_data != NULL) {
87 *output_data = NULL;
88 }
89
90 if (op == NULL) {
91 pcmk__err("No operation specified");
92 return -EINVAL;
93 }
94
95 rc = cib__create_op(cib, op, host, section, data, call_options, user_name,
96 NULL, &op_msg);
97 rc = pcmk_rc2legacy(rc);
98 if (rc != pcmk_ok) {
99 return rc;
100 }
101
102 if (pcmk__is_set(call_options, cib_transaction)) {
103 rc = cib__extend_transaction(cib, op_msg);
104 pcmk__xml_free(op_msg);
105 return pcmk_rc2legacy(rc);
106 }
107
108 pcmk__trace("Sending %s message to the CIB manager", op);
109 if (!(call_options & cib_sync_call)) {
110 pcmk__remote_send_xml(&private->callback, op_msg);
111 } else {
112 pcmk__remote_send_xml(&private->command, op_msg);
113 }
114 pcmk__xml_free(op_msg);
115
116 if ((call_options & cib_discard_reply)) {
117 pcmk__trace("Discarding reply");
118 return pcmk_ok;
119
120 } else if (!(call_options & cib_sync_call)) {
121 return cib->call_id;
122 }
123
124 pcmk__trace("Waiting for a synchronous reply");
125
126 start_time = time(NULL);
127 remaining_time = cib->call_timeout ? cib->call_timeout : 60;
128
129 rc = pcmk_rc_ok;
130 while (remaining_time > 0 && (rc != ENOTCONN)) {
131 int reply_id = -1;
132 int msg_id = cib->call_id;
133
134 rc = pcmk__read_remote_message(&private->command,
135 remaining_time * 1000);
136 op_reply = pcmk__remote_message_xml(&private->command);
137
138 if (!op_reply) {
139 break;
140 }
141
142 pcmk__xe_get_int(op_reply, PCMK__XA_CIB_CALLID, &reply_id);
143
144 if (reply_id == msg_id) {
145 break;
146
147 } else if (reply_id < msg_id) {
148 pcmk__debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
149 pcmk__log_xml_trace(op_reply, "Old reply");
150
151 } else if ((reply_id - 10000) > msg_id) {
152 /* wrap-around case */
153 pcmk__debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
154 pcmk__log_xml_trace(op_reply, "Old reply");
155 } else {
156 pcmk__err("Received a __future__ reply: %d (wanted %d)", reply_id,
157 msg_id);
158 }
159
160 g_clear_pointer(&op_reply, pcmk__xml_free);
161
162 /* wasn't the right reply, try and read some more */
163 remaining_time = time(NULL) - start_time;
164 }
165
166 if (rc == ENOTCONN) {
167 pcmk__err("Disconnected while waiting for reply");
168 return -ENOTCONN;
169 }
170
171 if (op_reply == NULL) {
172 pcmk__err("No reply message - empty");
173 return -ENOMSG;
174 }
175
176 /* The only reason we can receive an ACK here is if dispatch_common ->
177 * pcmk__client_data2xml processed something that's not valid XML.
178 * dispatch_common does not return ACK, unlike other daemons.
179 */
180 if (pcmk__xe_is(op_reply, PCMK__XE_ACK) && ack_is_failure(op_reply)) {
181 pcmk__xml_free(op_reply);
182 return -EPROTO;
183 }
184
185 pcmk__trace("Synchronous reply received");
186
187 /* Start processing the reply... */
188 if (pcmk__xe_get_int(op_reply, PCMK__XA_CIB_RC, &rc) != pcmk_rc_ok) {
189 rc = -EPROTO;
190 }
191
192 if (rc == pcmk_ok || rc == -EPERM) {
193 pcmk__log_xml_debug(op_reply, "passed");
194
195 } else {
196 pcmk__err("Call failed: %s", pcmk_strerror(rc));
197 pcmk__log_xml_warn(op_reply, "failed");
198 }
199
200 if (output_data == NULL) {
201 /* do nothing more */
202
203 } else if (!(call_options & cib_discard_reply)) {
204 xmlNode *tmp = cib__get_calldata(op_reply);
205
206 if (tmp == NULL) {
207 pcmk__trace("No output in reply to \"%s\" command %d", op,
208 (cib->call_id - 1));
209 } else {
210 *output_data = pcmk__xml_copy(NULL, tmp);
211 }
212 }
213
214 pcmk__xml_free(op_reply);
215
216 return rc;
217 }
218
219 static int
220 cib_remote_callback_dispatch(void *user_data)
221 {
222 int rc;
223 cib_t *cib = user_data;
224 cib_remote_opaque_t *private = cib->variant_opaque;
225
226 xmlNode *msg = NULL;
227 const char *type = NULL;
228
229 /* If start time is 0, we've previously handled a complete message and this
230 * connection is being reused for a new message. Reset the start_time,
231 * giving this new message timeout_sec from now to complete.
232 */
233 if (private->start_time == 0) {
234 private->start_time = time(NULL);
235 }
236
237 rc = pcmk__read_available_remote_data(&private->callback);
238 switch (rc) {
239 case pcmk_rc_ok:
240 /* We have the whole message so process it */
241 break;
242
243 case EAGAIN:
244 /* Have we timed out? */
245 if (time(NULL) >= private->start_time + private->timeout_sec) {
246 pcmk__info("Error reading from CIB manager connection: %s",
247 pcmk_rc_str(ETIME));
248 return -1;
249 }
250
251 /* We haven't read the whole message yet */
252 return 0;
253
254 default:
255 /* Error */
256 pcmk__info("Error reading from CIB manager connection: %s",
257 pcmk_rc_str(rc));
258 return -1;
259 }
260
261 msg = pcmk__remote_message_xml(&private->callback);
262 if (msg == NULL) {
263 private->start_time = 0;
264 return 0;
265 }
266
267 type = pcmk__xe_get(msg, PCMK__XA_T);
268
269 pcmk__trace("Activating %s callbacks...", type);
270
271 if (pcmk__str_eq(type, PCMK__VALUE_CIB, pcmk__str_none)) {
272 cib_native_callback(cib, msg, 0, 0);
273 } else if (pcmk__str_eq(type, PCMK__VALUE_CIB_NOTIFY, pcmk__str_none)) {
274 g_list_foreach(cib->notify_list, cib_native_notify, msg);
275 } else {
276 pcmk__err("Unknown message type: %s", type);
277 }
278
279 pcmk__xml_free(msg);
280 private->start_time = 0;
281 return 0;
282 }
283
284 static int
285 cib_remote_command_dispatch(void *user_data)
286 {
287 int rc;
288 cib_t *cib = user_data;
289 cib_remote_opaque_t *private = cib->variant_opaque;
290
291 /* See cib_remote_callback_dispatch */
292 if (private->start_time == 0) {
293 private->start_time = time(NULL);
294 }
295
296 rc = pcmk__read_available_remote_data(&private->command);
297 if (rc == EAGAIN) {
298 /* Have we timed out? */
299 if (time(NULL) >= private->start_time + private->timeout_sec) {
300 pcmk__info("Error reading from CIB manager connection: %s",
301 pcmk_rc_str(ETIME));
302 return -1;
303 }
304
305 /* We haven't read the whole message yet */
306 return 0;
307 }
308
309 g_clear_pointer(&private->command.buffer, free);
310 pcmk__err("Received late reply for remote cib connection, discarding");
311
312 if (rc != pcmk_rc_ok) {
313 pcmk__info("Error reading from CIB manager connection: %s",
314 pcmk_rc_str(rc));
315 return -1;
316 }
317
318 private->start_time = 0;
319 return 0;
320 }
321
322 static int
323 cib_tls_close(cib_t *cib)
324 {
325 cib_remote_opaque_t *private = cib->variant_opaque;
326
327 if (private->encrypted) {
328 if (private->command.tls_session) {
329 gnutls_bye(private->command.tls_session, GNUTLS_SHUT_RDWR);
330 gnutls_deinit(private->command.tls_session);
331 }
332
333 if (private->callback.tls_session) {
334 gnutls_bye(private->callback.tls_session, GNUTLS_SHUT_RDWR);
335 gnutls_deinit(private->callback.tls_session);
336 }
337
338 private->command.tls_session = NULL;
339 private->callback.tls_session = NULL;
340 g_clear_pointer(&tls, pcmk__free_tls);
341 }
342
343 if (private->command.tcp_socket >= 0) {
344 shutdown(private->command.tcp_socket, SHUT_RDWR); /* no more receptions */
345 close(private->command.tcp_socket);
346 }
347 if (private->callback.tcp_socket >= 0) {
348 shutdown(private->callback.tcp_socket, SHUT_RDWR); /* no more receptions */
349 close(private->callback.tcp_socket);
350 }
351 private->command.tcp_socket = -1;
352 private->callback.tcp_socket = -1;
353
354 g_clear_pointer(&private->command.buffer, free);
355 g_clear_pointer(&private->callback.buffer, free);
356
357 return 0;
358 }
359
360 static void
361 cib_remote_connection_destroy(void *user_data)
362 {
363 pcmk__err("Connection destroyed");
364 cib_tls_close(user_data);
365 }
366
367 static int
368 cib_setup_tls(pcmk__remote_t *connection, const char *server, int port,
369 const char *user)
370 {
371 int rc = pcmk_rc_ok;
372 int tls_rc = GNUTLS_E_SUCCESS;
373 bool have_psk = false;
374 const char *key_location = getenv("CIB_key_file");
375
376 /* X509 certificates take precedence over PSK in pcmk__init_tls,
377 * so don't perform any of the following (potentially noisy) checks
378 * if we don't care about their results.
379 */
380 if (!pcmk__x509_enabled()) {
381 bool file_exists = false;
382
383 if (key_location != NULL) {
384 have_psk = pcmk__cred_file_useable(key_location, &file_exists);
385 }
386
387 if (!have_psk && file_exists) {
388 /* The credential file exists but doesn't have the right owner
389 * or permissions. Don't fall back to anonymous on config
390 * errors.
391 */
392 pcmk__err("Remote CIB session creation for %s:%d failed",
393 server, port);
394 rc = EACCES;
395 goto done;
396 }
397
398 if (!have_psk) {
399 /* The credential file does not exist at all, so fall back
400 * to anonymous auth.
401 *
402 * @COMPAT Remove fallback to anonymous authentication
403 */
404 pcmk__warn("Falling back to anonymous authentication for remote "
405 "CIB connections");
406 }
407 }
408
409 rc = pcmk__init_tls(&tls, false, have_psk);
410 if (rc != pcmk_rc_ok) {
411 goto done;
412 }
413
414 if (tls->cred_type == GNUTLS_CRD_PSK) {
415 gnutls_datum_t psk_key = { NULL, 0 };
416
417 rc = pcmk__load_key(key_location, &psk_key, false);
418
419 if (rc != pcmk_rc_ok) {
420 pcmk__warn("Could not read remote CIB key from %s: %s",
421 key_location, pcmk_rc_str(rc));
422 goto done;
423 }
424
425 pcmk__tls_client_add_psk_key(tls, user, &psk_key, false);
426 gnutls_free(psk_key.data);
427 }
428
429 connection->tls_session = pcmk__new_tls_session(tls, connection->tcp_socket);
430 if (connection->tls_session == NULL) {
431 rc = ENOTCONN;
432 goto done;
433 }
434
435 rc = pcmk__tls_client_handshake(connection, TLS_HANDSHAKE_TIMEOUT, &tls_rc);
436 if (rc != pcmk_rc_ok) {
437 const char *msg = NULL;
438
439 if (rc == EPROTO) {
440 msg = gnutls_strerror(tls_rc);
441 } else {
442 msg = pcmk_rc_str(rc);
443 }
444
445 pcmk__err("Remote CIB session creation for %s:%d failed: %s",
446 server, port, msg);
447 g_clear_pointer(&connection->tls_session, gnutls_deinit);
448 }
449
450 done:
451 return rc;
452 }
453
454 static int
455 cib_tls_signon(cib_t *cib, pcmk__remote_t *connection, gboolean event_channel)
456 {
457 cib_remote_opaque_t *private = cib->variant_opaque;
458 int rc;
459
460 xmlNode *answer = NULL;
461 xmlNode *login = NULL;
462 const char *msg_type = NULL;
463 const char *tmp_ticket = NULL;
464
465 static struct mainloop_fd_callbacks cib_fd_callbacks = { 0, };
466
467 cib_fd_callbacks.dispatch =
468 event_channel ? cib_remote_callback_dispatch : cib_remote_command_dispatch;
469 cib_fd_callbacks.destroy = cib_remote_connection_destroy;
470
471 connection->tcp_socket = -1;
472 connection->tls_session = NULL;
473 rc = pcmk__connect_remote(private->server, private->port, 0, NULL,
474 &(connection->tcp_socket), NULL, NULL);
475 if (rc != pcmk_rc_ok) {
476 pcmk__info("Remote connection to %s:%d failed: %s " QB_XS " rc=%d",
477 private->server, private->port, pcmk_rc_str(rc), rc);
478 return -ENOTCONN;
479 }
480
481 if (private->encrypted) {
482 rc = cib_setup_tls(connection, private->server, private->port,
483 private->user);
484
485 if (rc != pcmk_rc_ok) {
486 if (connection->tls_session == NULL) {
487 cib_tls_close(cib);
488 }
489
490 return -rc;
491 }
492
493 } else {
494 pcmk__warn("Connecting to remote CIB without encryption. This is "
495 "insecure and will be removed in a future release. Use "
496 "the CIB_encrypted=true environment variable instead.");
497 }
498
499 /* Now that the handshake is done, see if any client TLS certificate is
500 * close to its expiration date and log if so. If a TLS certificate is not
501 * in use, this function will just return so we don't need to check for the
502 * session type here.
503 */
504 pcmk__tls_check_cert_expiration(connection->tls_session);
505
506 /* login to server */
507 login = pcmk__xe_create(NULL, PCMK__XE_CIB_COMMAND);
508 pcmk__xe_set_props(login,
509 PCMK_XA_OP, "authenticate",
510 PCMK_XA_USER, private->user,
511 PCMK__XA_PASSWORD, private->passwd,
512 PCMK__XA_HIDDEN, PCMK__VALUE_PASSWORD,
513 NULL);
514
515 pcmk__remote_send_xml(connection, login);
516 pcmk__xml_free(login);
517
518 rc = pcmk_ok;
519 if (pcmk__read_remote_message(connection, -1) == ENOTCONN) {
520 rc = -ENOTCONN;
521 }
522
523 answer = pcmk__remote_message_xml(connection);
524
525 if (answer == NULL) {
526 rc = -EPROTO;
527 goto done;
528 }
529
530 /* The only reason we can receive an ACK here is if dispatch_common ->
531 * pcmk__client_data2xml processed something that's not valid XML.
532 * dispatch_common does not return ACK, unlike other daemons.
533 */
534 if (pcmk__xe_is(answer, PCMK__XE_ACK) && ack_is_failure(answer)) {
535 rc = -EPROTO;
536 goto done;
537 }
538
539 pcmk__log_xml_trace(answer, "reg-reply");
540
541 /* grab the token */
542 msg_type = pcmk__xe_get(answer, PCMK__XA_CIB_OP);
543 tmp_ticket = pcmk__xe_get(answer, PCMK__XA_CIB_CLIENTID);
544
545 if (!pcmk__str_eq(msg_type, CRM_OP_REGISTER, pcmk__str_casei)) {
546 pcmk__err("Invalid registration message: %s", msg_type);
547 rc = -EPROTO;
548
549 } else if (tmp_ticket == NULL) {
550 rc = -EPROTO;
551
552 } else {
553 connection->token = strdup(tmp_ticket);
554 }
555
556 done:
557 g_clear_pointer(&answer, pcmk__xml_free);
558
559 if (rc != 0) {
560 cib_tls_close(cib);
561 return rc;
562 }
563
564 pcmk__trace("remote client connection established");
565 private->timeout_sec = 60;
566 connection->source = mainloop_add_fd("cib-remote", G_PRIORITY_HIGH,
567 connection->tcp_socket, cib,
568 &cib_fd_callbacks);
569 return rc;
570 }
571
572 static int
573 cib_remote_signon(cib_t *cib, const char *name, enum cib_conn_type type)
574 {
575 int rc = pcmk_ok;
576 cib_remote_opaque_t *private = cib->variant_opaque;
577
578 if (name == NULL) {
579 name = pcmk__s(crm_system_name, "client");
580 }
581
582 if (private->passwd == NULL) {
583 if (private->out == NULL) {
584 /* If no pcmk__output_t is set, just assume that a text prompt
585 * is good enough.
586 */
587 pcmk__text_prompt("Password", false, &(private->passwd));
588 } else {
589 private->out->prompt("Password", false, &(private->passwd));
590 }
591 }
592
593 if (private->server == NULL || private->user == NULL) {
594 rc = -EINVAL;
595 goto done;
596 }
597
598 rc = cib_tls_signon(cib, &(private->command), FALSE);
599 if (rc != pcmk_ok) {
600 goto done;
601 }
602
603 rc = cib_tls_signon(cib, &(private->callback), TRUE);
604
605 done:
606 if (rc == pcmk_ok) {
607 pcmk__info("Opened connection to %s:%d for %s", private->server,
608 private->port, name);
609 cib->state = cib_connected_command;
610 cib->type = cib_command;
611
612 } else {
613 pcmk__info("Connection to %s:%d for %s failed: %s\n", private->server,
614 private->port, name, pcmk_strerror(rc));
615 }
616
617 return rc;
618 }
619
620 static int
621 cib_remote_signoff(cib_t *cib)
622 {
623 int rc = pcmk_ok;
624
625 pcmk__debug("Disconnecting from the CIB manager");
626 cib_tls_close(cib);
627
628 cib->cmds->end_transaction(cib, false, cib_none);
629 cib->state = cib_disconnected;
630 cib->type = cib_no_connection;
631
632 return rc;
633 }
634
635 static int
636 cib_remote_free(cib_t *cib)
637 {
638 int rc = pcmk_ok;
639
640 pcmk__warn("Freeing CIB");
641 if (cib->state != cib_disconnected) {
642 rc = cib_remote_signoff(cib);
643 if (rc == pcmk_ok) {
644 cib_remote_opaque_t *private = cib->variant_opaque;
645
646 free(private->server);
647 free(private->user);
648 free(private->passwd);
649 free(cib->cmds);
650 free(cib->user);
651 free(private);
652 free(cib);
653 }
654 }
655
656 return rc;
657 }
658
659 static int
660 cib_remote_register_notification(cib_t * cib, const char *callback, int enabled)
661 {
662 xmlNode *notify_msg = pcmk__xe_create(NULL, PCMK__XE_CIB_COMMAND);
663 cib_remote_opaque_t *private = cib->variant_opaque;
664
665 pcmk__xe_set(notify_msg, PCMK__XA_CIB_OP, PCMK__VALUE_CIB_NOTIFY);
666 pcmk__xe_set(notify_msg, PCMK__XA_CIB_NOTIFY_TYPE, callback);
667 pcmk__xe_set_int(notify_msg, PCMK__XA_CIB_NOTIFY_ACTIVATE, enabled);
668 pcmk__remote_send_xml(&private->callback, notify_msg);
669 pcmk__xml_free(notify_msg);
670 return pcmk_ok;
671 }
672
673 static int
674 cib_remote_set_connection_dnotify(cib_t *cib, void (*dnotify)(void *user_data))
675 {
676 return -EPROTONOSUPPORT;
677 }
678
679 /*!
680 * \internal
681 * \brief Get the given CIB connection's unique client identifiers
682 *
683 * These can be used to check whether this client requested the action that
684 * triggered a CIB notification.
685 *
686 * \param[in] cib CIB connection
687 * \param[out] async_id If not \p NULL, where to store asynchronous client ID
688 * \param[out] sync_id If not \p NULL, where to store synchronous client ID
689 *
690 * \return Legacy Pacemaker return code (specifically, \p pcmk_ok)
691 *
692 * \note This is the \p cib_remote variant implementation of
693 * \p cib_api_operations_t:client_id().
694 * \note The client IDs are assigned during CIB sign-on.
695 */
696 static int
697 cib_remote_client_id(const cib_t *cib, const char **async_id,
698 const char **sync_id)
699 {
700 cib_remote_opaque_t *private = cib->variant_opaque;
701
702 if (async_id != NULL) {
703 // private->callback is the channel for async requests
704 *async_id = private->callback.token;
705 }
706 if (sync_id != NULL) {
707 // private->command is the channel for sync requests
708 *sync_id = private->command.token;
709 }
710 return pcmk_ok;
711 }
712
713 cib_t *
714 cib_remote_new(const char *server, const char *user, const char *passwd, int port,
715 gboolean encrypted)
716 {
717 cib_remote_opaque_t *private = NULL;
|
(1) Event alloc_arg: |
"cib_new_variant" allocates memory that is stored into "cib_new_variant()->cmds". [details] |
|
(2) Event var_assign: |
Assigning: "cib->cmds" = "cib_new_variant()->cmds". |
| Also see events: |
[leaked_storage] |
718 cib_t *cib = cib_new_variant();
719
|
(3) Event path: |
Condition "cib == NULL", taking false branch. |
720 if (cib == NULL) {
721 return NULL;
722 }
723
724 private = calloc(1, sizeof(cib_remote_opaque_t));
725
|
(4) Event path: |
Condition "private == NULL", taking true branch. |
726 if (private == NULL) {
|
CID (unavailable; MK=4a12853161e2d8c167707dd391f8150b) (#1 of 1): Resource leak (RESOURCE_LEAK): |
|
(5) Event leaked_storage: |
Freeing "cib" without freeing its pointer field "cmds" leaks the storage that "cmds" points to. |
| Also see events: |
[alloc_arg][var_assign] |
727 free(cib);
728 return NULL;
729 }
730
731 cib->variant = cib_remote;
732 cib->variant_opaque = private;
733
734 private->server = pcmk__str_copy(server);
735 private->user = pcmk__str_copy(user);
736 private->passwd = pcmk__str_copy(passwd);
737 private->port = port;
738 private->encrypted = encrypted;
739
740 /* assign variant specific ops */
741 cib->delegate_fn = cib_remote_perform_op;
742 cib->cmds->signon = cib_remote_signon;
743 cib->cmds->signoff = cib_remote_signoff;
744 cib->cmds->free = cib_remote_free;
745 cib->cmds->register_notification = cib_remote_register_notification;
746 cib->cmds->set_connection_dnotify = cib_remote_set_connection_dnotify;
747
748 cib->cmds->client_id = cib_remote_client_id;
749
750 return cib;
751 }
752
753 void
754 cib__set_output(cib_t *cib, pcmk__output_t *out)
755 {
756 cib_remote_opaque_t *private;
757
758 if (cib->variant != cib_remote) {
759 return;
760 }
761
762 private = cib->variant_opaque;
763 private->out = out;
764 }
765