1 /*
2 * Copyright 2008-2025 the Pacemaker project contributors
3 *
4 * The version control history for this file may have further details.
5 *
6 * This source code is licensed under the GNU Lesser General Public License
7 * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
8 */
9
10 #include <crm_internal.h>
11
12 #include <unistd.h>
13 #include <stdlib.h>
14 #include <stdio.h>
15 #include <stdarg.h>
16 #include <string.h>
17 #include <netdb.h>
18 #include <termios.h>
19 #include <sys/socket.h>
20
21 #include <glib.h>
22
23 #include <crm/crm.h>
24 #include <crm/cib/internal.h>
25 #include <crm/common/ipc_internal.h>
26 #include <crm/common/mainloop.h>
27 #include <crm/common/xml.h>
28 #include <crm/common/remote_internal.h>
29 #include <crm/common/tls_internal.h>
30 #include <crm/common/output_internal.h>
31
32 #include <gnutls/gnutls.h>
33
34 // GnuTLS handshake timeout in seconds
35 #define TLS_HANDSHAKE_TIMEOUT 5
36
37 static pcmk__tls_t *tls = NULL;
38
39 #include <arpa/inet.h>
40
41 typedef struct cib_remote_opaque_s {
42 int port;
43 char *server;
44 char *user;
45 char *passwd;
46 gboolean encrypted;
47 pcmk__remote_t command;
48 pcmk__remote_t callback;
49 pcmk__output_t *out;
50 time_t start_time;
51 int timeout_sec;
52 } cib_remote_opaque_t;
53
54 static int
55 cib_remote_perform_op(cib_t *cib, const char *op, const char *host,
56 const char *section, xmlNode *data,
57 xmlNode **output_data, int call_options,
58 const char *user_name)
59 {
60 int rc;
61 int remaining_time = 0;
62 time_t start_time;
63
64 xmlNode *op_msg = NULL;
65 xmlNode *op_reply = NULL;
66
67 cib_remote_opaque_t *private = cib->variant_opaque;
68
69 if (cib->state == cib_disconnected) {
70 return -ENOTCONN;
71 }
72
73 if (output_data != NULL) {
74 *output_data = NULL;
75 }
76
77 if (op == NULL) {
78 crm_err("No operation specified");
79 return -EINVAL;
80 }
81
82 rc = cib__create_op(cib, op, host, section, data, call_options, user_name,
83 NULL, &op_msg);
84 if (rc != pcmk_ok) {
85 return rc;
86 }
87
88 if (pcmk_is_set(call_options, cib_transaction)) {
89 rc = cib__extend_transaction(cib, op_msg);
90 pcmk__xml_free(op_msg);
91 return rc;
92 }
93
94 crm_trace("Sending %s message to the CIB manager", op);
95 if (!(call_options & cib_sync_call)) {
96 pcmk__remote_send_xml(&private->callback, op_msg);
97 } else {
98 pcmk__remote_send_xml(&private->command, op_msg);
99 }
100 pcmk__xml_free(op_msg);
101
102 if ((call_options & cib_discard_reply)) {
103 crm_trace("Discarding reply");
104 return pcmk_ok;
105
106 } else if (!(call_options & cib_sync_call)) {
107 return cib->call_id;
108 }
109
110 crm_trace("Waiting for a synchronous reply");
111
112 start_time = time(NULL);
113 remaining_time = cib->call_timeout ? cib->call_timeout : 60;
114
115 rc = pcmk_rc_ok;
116 while (remaining_time > 0 && (rc != ENOTCONN)) {
117 int reply_id = -1;
118 int msg_id = cib->call_id;
119
120 rc = pcmk__read_remote_message(&private->command,
121 remaining_time * 1000);
122 op_reply = pcmk__remote_message_xml(&private->command);
123
124 if (!op_reply) {
125 break;
126 }
127
128 crm_element_value_int(op_reply, PCMK__XA_CIB_CALLID, &reply_id);
129
130 if (reply_id == msg_id) {
131 break;
132
133 } else if (reply_id < msg_id) {
134 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
135 crm_log_xml_trace(op_reply, "Old reply");
136
137 } else if ((reply_id - 10000) > msg_id) {
138 /* wrap-around case */
139 crm_debug("Received old reply: %d (wanted %d)", reply_id, msg_id);
140 crm_log_xml_trace(op_reply, "Old reply");
141 } else {
142 crm_err("Received a __future__ reply:" " %d (wanted %d)", reply_id, msg_id);
143 }
144
145 pcmk__xml_free(op_reply);
146 op_reply = NULL;
147
148 /* wasn't the right reply, try and read some more */
149 remaining_time = time(NULL) - start_time;
150 }
151
152 if (rc == ENOTCONN) {
153 crm_err("Disconnected while waiting for reply.");
154 return -ENOTCONN;
155 } else if (op_reply == NULL) {
156 crm_err("No reply message - empty");
157 return -ENOMSG;
158 }
159
160 crm_trace("Synchronous reply received");
161
162 /* Start processing the reply... */
163 if (crm_element_value_int(op_reply, PCMK__XA_CIB_RC, &rc) != 0) {
164 rc = -EPROTO;
165 }
166
167 if (rc == -pcmk_err_diff_resync) {
168 /* This is an internal value that clients do not and should not care about */
169 rc = pcmk_ok;
170 }
171
172 if (rc == pcmk_ok || rc == -EPERM) {
173 crm_log_xml_debug(op_reply, "passed");
174
175 } else {
176 crm_err("Call failed: %s", pcmk_strerror(rc));
177 crm_log_xml_warn(op_reply, "failed");
178 }
179
180 if (output_data == NULL) {
181 /* do nothing more */
182
183 } else if (!(call_options & cib_discard_reply)) {
184 xmlNode *wrapper = pcmk__xe_first_child(op_reply, PCMK__XE_CIB_CALLDATA,
185 NULL, NULL);
186 xmlNode *tmp = pcmk__xe_first_child(wrapper, NULL, NULL, NULL);
187
188 if (tmp == NULL) {
189 crm_trace("No output in reply to \"%s\" command %d", op, cib->call_id - 1);
190 } else {
191 *output_data = pcmk__xml_copy(NULL, tmp);
192 }
193 }
194
195 pcmk__xml_free(op_reply);
196
197 return rc;
198 }
199
200 static int
201 cib_remote_callback_dispatch(gpointer user_data)
202 {
203 int rc;
204 cib_t *cib = user_data;
205 cib_remote_opaque_t *private = cib->variant_opaque;
206
207 xmlNode *msg = NULL;
208 const char *type = NULL;
209
210 /* If start time is 0, we've previously handled a complete message and this
211 * connection is being reused for a new message. Reset the start_time,
212 * giving this new message timeout_sec from now to complete.
213 */
214 if (private->start_time == 0) {
215 private->start_time = time(NULL);
216 }
217
218 rc = pcmk__read_available_remote_data(&private->callback);
219 switch (rc) {
220 case pcmk_rc_ok:
221 /* We have the whole message so process it */
222 break;
223
224 case EAGAIN:
225 /* Have we timed out? */
226 if (time(NULL) >= private->start_time + private->timeout_sec) {
227 crm_info("Error reading from CIB manager connection: %s",
228 pcmk_rc_str(ETIME));
229 return -1;
230 }
231
232 /* We haven't read the whole message yet */
233 return 0;
234
235 default:
236 /* Error */
237 crm_info("Error reading from CIB manager connection: %s",
238 pcmk_rc_str(rc));
239 return -1;
240 }
241
242 msg = pcmk__remote_message_xml(&private->callback);
243 if (msg == NULL) {
244 private->start_time = 0;
245 return 0;
246 }
247
248 type = crm_element_value(msg, PCMK__XA_T);
249
250 crm_trace("Activating %s callbacks...", type);
251
252 if (pcmk__str_eq(type, PCMK__VALUE_CIB, pcmk__str_none)) {
253 cib_native_callback(cib, msg, 0, 0);
254 } else if (pcmk__str_eq(type, PCMK__VALUE_CIB_NOTIFY, pcmk__str_none)) {
255 g_list_foreach(cib->notify_list, cib_native_notify, msg);
256 } else {
257 crm_err("Unknown message type: %s", type);
258 }
259
260 pcmk__xml_free(msg);
261 private->start_time = 0;
262 return 0;
263 }
264
265 static int
266 cib_remote_command_dispatch(gpointer user_data)
267 {
268 int rc;
269 cib_t *cib = user_data;
270 cib_remote_opaque_t *private = cib->variant_opaque;
271
272 /* See cib_remote_callback_dispatch */
273 if (private->start_time == 0) {
274 private->start_time = time(NULL);
275 }
276
277 rc = pcmk__read_available_remote_data(&private->command);
278 if (rc == EAGAIN) {
279 /* Have we timed out? */
280 if (time(NULL) >= private->start_time + private->timeout_sec) {
281 crm_info("Error reading from CIB manager connection: %s",
282 pcmk_rc_str(ETIME));
283 return -1;
284 }
285
286 /* We haven't read the whole message yet */
287 return 0;
288 }
289
290 free(private->command.buffer);
291 private->command.buffer = NULL;
292 crm_err("received late reply for remote cib connection, discarding");
293
294 if (rc != pcmk_rc_ok) {
295 crm_info("Error reading from CIB manager connection: %s",
296 pcmk_rc_str(rc));
297 return -1;
298 }
299
300 private->start_time = 0;
301 return 0;
302 }
303
304 static int
305 cib_tls_close(cib_t *cib)
306 {
307 cib_remote_opaque_t *private = cib->variant_opaque;
308
309 if (private->encrypted) {
310 if (private->command.tls_session) {
311 gnutls_bye(private->command.tls_session, GNUTLS_SHUT_RDWR);
312 gnutls_deinit(private->command.tls_session);
313 }
314
315 if (private->callback.tls_session) {
316 gnutls_bye(private->callback.tls_session, GNUTLS_SHUT_RDWR);
317 gnutls_deinit(private->callback.tls_session);
318 }
319
320 private->command.tls_session = NULL;
321 private->callback.tls_session = NULL;
322 pcmk__free_tls(tls);
323 tls = NULL;
324 }
325
326 if (private->command.tcp_socket >= 0) {
327 shutdown(private->command.tcp_socket, SHUT_RDWR); /* no more receptions */
328 close(private->command.tcp_socket);
329 }
330 if (private->callback.tcp_socket >= 0) {
331 shutdown(private->callback.tcp_socket, SHUT_RDWR); /* no more receptions */
332 close(private->callback.tcp_socket);
333 }
334 private->command.tcp_socket = -1;
335 private->callback.tcp_socket = -1;
336
337 free(private->command.buffer);
338 free(private->callback.buffer);
339 private->command.buffer = NULL;
340 private->callback.buffer = NULL;
341
342 return 0;
343 }
344
345 static void
346 cib_remote_connection_destroy(gpointer user_data)
347 {
348 crm_err("Connection destroyed");
349 cib_tls_close(user_data);
350 }
351
352 static int
353 cib_tls_signon(cib_t *cib, pcmk__remote_t *connection, gboolean event_channel)
354 {
355 cib_remote_opaque_t *private = cib->variant_opaque;
356 int rc;
357
358 xmlNode *answer = NULL;
359 xmlNode *login = NULL;
360
361 static struct mainloop_fd_callbacks cib_fd_callbacks = { 0, };
362
363 cib_fd_callbacks.dispatch =
364 event_channel ? cib_remote_callback_dispatch : cib_remote_command_dispatch;
365 cib_fd_callbacks.destroy = cib_remote_connection_destroy;
366
367 connection->tcp_socket = -1;
368 connection->tls_session = NULL;
369 rc = pcmk__connect_remote(private->server, private->port, 0, NULL,
370 &(connection->tcp_socket), NULL, NULL);
371 if (rc != pcmk_rc_ok) {
372 crm_info("Remote connection to %s:%d failed: %s " QB_XS " rc=%d",
373 private->server, private->port, pcmk_rc_str(rc), rc);
374 return -ENOTCONN;
375 }
376
377 if (private->encrypted) {
378 bool use_cert = pcmk__x509_enabled();
379 int tls_rc = GNUTLS_E_SUCCESS;
380
381 rc = pcmk__init_tls(&tls, false, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_ANON);
382 if (rc != pcmk_rc_ok) {
383 return -1;
384 }
385
386 /* bind the socket to GnuTls lib */
387 connection->tls_session = pcmk__new_tls_session(tls, connection->tcp_socket);
388 if (connection->tls_session == NULL) {
389 cib_tls_close(cib);
390 return -1;
391 }
392
393 rc = pcmk__tls_client_handshake(connection, TLS_HANDSHAKE_TIMEOUT,
394 &tls_rc);
395 if (rc != pcmk_rc_ok) {
396 crm_err("Remote CIB session creation for %s:%d failed: %s",
397 private->server, private->port,
398 (rc == EPROTO)? gnutls_strerror(tls_rc) : pcmk_rc_str(rc));
399 gnutls_deinit(connection->tls_session);
400 connection->tls_session = NULL;
401 cib_tls_close(cib);
402 return -1;
403 }
404 }
405
406 /* Now that the handshake is done, see if any client TLS certificate is
407 * close to its expiration date and log if so. If a TLS certificate is not
408 * in use, this function will just return so we don't need to check for the
409 * session type here.
410 */
411 pcmk__tls_check_cert_expiration(connection->tls_session);
412
413 /* login to server */
414 login = pcmk__xe_create(NULL, PCMK__XE_CIB_COMMAND);
415 crm_xml_add(login, PCMK_XA_OP, "authenticate");
416 crm_xml_add(login, PCMK_XA_USER, private->user);
417 crm_xml_add(login, PCMK__XA_PASSWORD, private->passwd);
418 crm_xml_add(login, PCMK__XA_HIDDEN, PCMK__VALUE_PASSWORD);
419
420 pcmk__remote_send_xml(connection, login);
421 pcmk__xml_free(login);
422
423 rc = pcmk_ok;
424 if (pcmk__read_remote_message(connection, -1) == ENOTCONN) {
425 rc = -ENOTCONN;
426 }
427
428 answer = pcmk__remote_message_xml(connection);
429
430 crm_log_xml_trace(answer, "Reply");
431 if (answer == NULL) {
432 rc = -EPROTO;
433
434 } else {
435 /* grab the token */
436 const char *msg_type = crm_element_value(answer, PCMK__XA_CIB_OP);
437 const char *tmp_ticket = crm_element_value(answer,
438 PCMK__XA_CIB_CLIENTID);
439
440 if (!pcmk__str_eq(msg_type, CRM_OP_REGISTER, pcmk__str_casei)) {
441 crm_err("Invalid registration message: %s", msg_type);
442 rc = -EPROTO;
443
444 } else if (tmp_ticket == NULL) {
445 rc = -EPROTO;
446
447 } else {
448 connection->token = strdup(tmp_ticket);
449 }
450 }
451 pcmk__xml_free(answer);
452 answer = NULL;
453
454 if (rc != 0) {
455 cib_tls_close(cib);
456 return rc;
457 }
458
459 crm_trace("remote client connection established");
460 private->timeout_sec = 60;
461 connection->source = mainloop_add_fd("cib-remote", G_PRIORITY_HIGH,
462 connection->tcp_socket, cib,
463 &cib_fd_callbacks);
464 return rc;
465 }
466
467 static int
468 cib_remote_signon(cib_t *cib, const char *name, enum cib_conn_type type)
469 {
470 int rc = pcmk_ok;
471 cib_remote_opaque_t *private = cib->variant_opaque;
472
473 if (name == NULL) {
474 name = pcmk__s(crm_system_name, "client");
475 }
476
477 if (private->passwd == NULL) {
478 if (private->out == NULL) {
479 /* If no pcmk__output_t is set, just assume that a text prompt
480 * is good enough.
481 */
482 pcmk__text_prompt("Password", false, &(private->passwd));
483 } else {
484 private->out->prompt("Password", false, &(private->passwd));
485 }
486 }
487
488 if (private->server == NULL || private->user == NULL) {
489 rc = -EINVAL;
490 goto done;
491 }
492
493 rc = cib_tls_signon(cib, &(private->command), FALSE);
494 if (rc != pcmk_ok) {
495 goto done;
496 }
497
498 rc = cib_tls_signon(cib, &(private->callback), TRUE);
499
500 done:
501 if (rc == pcmk_ok) {
502 crm_info("Opened connection to %s:%d for %s",
503 private->server, private->port, name);
504 cib->state = cib_connected_command;
505 cib->type = cib_command;
506
507 } else {
508 crm_info("Connection to %s:%d for %s failed: %s\n",
509 private->server, private->port, name, pcmk_strerror(rc));
510 }
511
512 return rc;
513 }
514
515 static int
516 cib_remote_signoff(cib_t *cib)
517 {
518 int rc = pcmk_ok;
519
520 crm_debug("Disconnecting from the CIB manager");
521 cib_tls_close(cib);
522
523 cib->cmds->end_transaction(cib, false, cib_none);
524 cib->state = cib_disconnected;
525 cib->type = cib_no_connection;
526
527 return rc;
528 }
529
530 static int
531 cib_remote_free(cib_t *cib)
532 {
533 int rc = pcmk_ok;
534
535 crm_warn("Freeing CIB");
536 if (cib->state != cib_disconnected) {
537 rc = cib_remote_signoff(cib);
538 if (rc == pcmk_ok) {
539 cib_remote_opaque_t *private = cib->variant_opaque;
540
541 free(private->server);
542 free(private->user);
543 free(private->passwd);
544 free(cib->cmds);
545 free(cib->user);
546 free(private);
547 free(cib);
548 }
549 }
550
551 return rc;
552 }
553
554 static int
555 cib_remote_register_notification(cib_t * cib, const char *callback, int enabled)
556 {
557 xmlNode *notify_msg = pcmk__xe_create(NULL, PCMK__XE_CIB_COMMAND);
558 cib_remote_opaque_t *private = cib->variant_opaque;
559
560 crm_xml_add(notify_msg, PCMK__XA_CIB_OP, PCMK__VALUE_CIB_NOTIFY);
561 crm_xml_add(notify_msg, PCMK__XA_CIB_NOTIFY_TYPE, callback);
562 crm_xml_add_int(notify_msg, PCMK__XA_CIB_NOTIFY_ACTIVATE, enabled);
563 pcmk__remote_send_xml(&private->callback, notify_msg);
564 pcmk__xml_free(notify_msg);
565 return pcmk_ok;
566 }
567
568 static int
569 cib_remote_set_connection_dnotify(cib_t * cib, void (*dnotify) (gpointer user_data))
570 {
571 return -EPROTONOSUPPORT;
572 }
573
574 /*!
575 * \internal
576 * \brief Get the given CIB connection's unique client identifiers
577 *
578 * These can be used to check whether this client requested the action that
579 * triggered a CIB notification.
580 *
581 * \param[in] cib CIB connection
582 * \param[out] async_id If not \p NULL, where to store asynchronous client ID
583 * \param[out] sync_id If not \p NULL, where to store synchronous client ID
584 *
585 * \return Legacy Pacemaker return code (specifically, \p pcmk_ok)
586 *
587 * \note This is the \p cib_remote variant implementation of
588 * \p cib_api_operations_t:client_id().
589 * \note The client IDs are assigned during CIB sign-on.
590 */
591 static int
592 cib_remote_client_id(const cib_t *cib, const char **async_id,
593 const char **sync_id)
594 {
595 cib_remote_opaque_t *private = cib->variant_opaque;
596
597 if (async_id != NULL) {
598 // private->callback is the channel for async requests
599 *async_id = private->callback.token;
600 }
601 if (sync_id != NULL) {
602 // private->command is the channel for sync requests
603 *sync_id = private->command.token;
604 }
605 return pcmk_ok;
606 }
607
608 cib_t *
609 cib_remote_new(const char *server, const char *user, const char *passwd, int port,
610 gboolean encrypted)
611 {
612 cib_remote_opaque_t *private = NULL;
|
(1) Event alloc_arg: |
"cib_new_variant" allocates memory that is stored into "cib_new_variant()->cmds". [details] |
|
(2) Event var_assign: |
Assigning: "cib->cmds" = "cib_new_variant()->cmds". |
| Also see events: |
[leaked_storage] |
613 cib_t *cib = cib_new_variant();
614
|
(3) Event path: |
Condition "cib == NULL", taking false branch. |
615 if (cib == NULL) {
616 return NULL;
617 }
618
619 private = calloc(1, sizeof(cib_remote_opaque_t));
620
|
(4) Event path: |
Condition "private == NULL", taking true branch. |
621 if (private == NULL) {
|
CID (unavailable; MK=4a12853161e2d8c167707dd391f8150b) (#1 of 1): Resource leak (RESOURCE_LEAK): |
|
(5) Event leaked_storage: |
Freeing "cib" without freeing its pointer field "cmds" leaks the storage that "cmds" points to. |
| Also see events: |
[alloc_arg][var_assign] |
622 free(cib);
623 return NULL;
624 }
625
626 cib->variant = cib_remote;
627 cib->variant_opaque = private;
628
629 private->server = pcmk__str_copy(server);
630 private->user = pcmk__str_copy(user);
631 private->passwd = pcmk__str_copy(passwd);
632 private->port = port;
633 private->encrypted = encrypted;
634
635 /* assign variant specific ops */
636 cib->delegate_fn = cib_remote_perform_op;
637 cib->cmds->signon = cib_remote_signon;
638 cib->cmds->signoff = cib_remote_signoff;
639 cib->cmds->free = cib_remote_free;
640 cib->cmds->register_notification = cib_remote_register_notification;
641 cib->cmds->set_connection_dnotify = cib_remote_set_connection_dnotify;
642
643 cib->cmds->client_id = cib_remote_client_id;
644
645 return cib;
646 }
647
648 void
649 cib__set_output(cib_t *cib, pcmk__output_t *out)
650 {
651 cib_remote_opaque_t *private;
652
653 if (cib->variant != cib_remote) {
654 return;
655 }
656
657 private = cib->variant_opaque;
658 private->out = out;
659 }
660