2 * collectd - src/netcmd.c
3 * Copyright (C) 2007-2013 Florian octo Forster
5 * Permission is hereby granted, free of charge, to any person obtaining a
6 * copy of this software and associated documentation files (the "Software"),
7 * to deal in the Software without restriction, including without limitation
8 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
9 * and/or sell copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following conditions:
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
21 * DEALINGS IN THE SOFTWARE.
24 * Florian octo Forster <octo at collectd.org>
30 #include "configfile.h"
32 #include "utils_cmd_flush.h"
33 #include "utils_cmd_getval.h"
34 #include "utils_cmd_listval.h"
35 #include "utils_cmd_putval.h"
36 #include "utils_cmd_putnotif.h"
38 /* Folks without pthread will need to disable this plugin. */
41 #include <sys/socket.h>
49 #include <gnutls/gnutls.h>
51 #define NC_DEFAULT_SERVICE "25826"
52 #define NC_TLS_DH_BITS 1024
55 * Private data structures
57 struct nc_peer_s /* {{{ */
68 _Bool tls_verify_peer;
70 gnutls_certificate_credentials_t tls_credentials;
71 gnutls_dh_params_t tls_dh_params;
72 gnutls_priority_t tls_priority;
74 typedef struct nc_peer_s nc_peer_t;
77 # define NC_READ_BUFFER_SIZE PAGESIZE
78 #elif defined(PAGE_SIZE)
79 # define NC_READ_BUFFER_SIZE PAGE_SIZE
81 # define NC_READ_BUFFER_SIZE 4096
84 struct nc_connection_s /* {{{ */
89 size_t read_buffer_fill;
95 gnutls_session_t tls_session;
96 _Bool have_tls_session;
97 _Bool tls_verify_peer;
99 typedef struct nc_connection_s nc_connection_t;
106 gnutls_session_t tls_session;
108 typedef struct nc_proxy_s nc_proxy_t;
114 /* socket configuration */
115 static nc_peer_t *peers = NULL;
116 static size_t peers_num;
118 static struct pollfd *pollfd = NULL;
119 static size_t pollfd_num;
121 static _Bool listen_thread_loop = 0;
122 static _Bool listen_thread_running = 0;
123 static pthread_t listen_thread;
128 static const char *nc_verify_status_to_string (gnutls_certificate_status_t status)
132 else if (status & GNUTLS_CERT_INVALID)
134 else if (status & GNUTLS_CERT_REVOKED)
136 else if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
137 return ("Signer not found");
138 else if (status & GNUTLS_CERT_SIGNER_NOT_CA)
139 return ("Signer not a CA");
140 else if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
141 return ("Insecure algorithm");
142 #if GNUTLS_VERSION_NUMBER >= 0x020708
143 else if (status & GNUTLS_CERT_NOT_ACTIVATED)
144 return ("Not activated");
145 else if (status & GNUTLS_CERT_EXPIRED)
150 } /* }}} const char *nc_verify_status_to_string */
152 static void *nc_proxy_thread (void *args) /* {{{ */
154 nc_proxy_t *data = args;
155 struct pollfd fds[2];
159 gtls_fd = (int) gnutls_transport_get_ptr (data->tls_session);
160 DEBUG ("netcmd plugin: nc_proxy_thread: pipe_rx = %i; pipe_tx = %i; gtls_fd = %i;",
161 data->pipe_rx, data->pipe_tx, gtls_fd);
163 memset (fds, 0, sizeof (fds));
164 fds[0].fd = data->pipe_rx;
165 fds[0].events = POLLIN | POLLPRI;
167 fds[1].events = POLLIN | POLLPRI;
169 pagesize = sysconf (_SC_PAGESIZE);
174 char buffer[pagesize];
177 status = poll (fds, STATIC_ARRAY_SIZE(fds), /* timeout = */ -1);
180 if ((errno == EINTR) || (errno == EAGAIN))
182 ERROR ("netcmd plugin: poll(2) failed: %s",
183 sstrerror (errno, errbuf, sizeof (errbuf)));
188 if (fds[0].revents != 0) /* {{{ */
194 DEBUG ("netcmd plugin: nc_proxy_thread: Something's up on the pipe.");
196 /* Check for hangup, error, ... */
197 if ((fds[0].revents & (POLLIN | POLLPRI)) == 0)
200 iostatus = read (fds[0].fd, buffer, sizeof (buffer));
201 DEBUG ("netcmd plugin: nc_proxy_thread: Received %zi bytes from pipe.",
205 if ((errno == EINTR) || (errno == EAGAIN))
207 ERROR ("netcmd plugin: read(2) failed: %s",
208 sstrerror (errno, errbuf, sizeof (errbuf)));
211 else if (iostatus == 0)
217 buffer_size = (size_t) iostatus;
218 while (buffer_size > 0)
220 iostatus = gnutls_record_send (data->tls_session,
221 buffer, buffer_size);
222 DEBUG ("netcmd plugin: nc_proxy_thread: Wrote %zi bytes to GNU-TLS.",
226 ERROR ("netcmd plugin: gnutls_record_send failed: %s",
227 gnutls_strerror ((int) iostatus));
231 assert (iostatus <= buffer_size);
232 buffer_ptr += iostatus;
233 buffer_size -= iostatus;
234 } /* while (buffer_size > 0) */
236 if (buffer_size != 0)
240 } /* }}} if (fds[0].revents != 0) */
243 if (fds[1].revents != 0) /* {{{ */
248 DEBUG ("netcmd plugin: nc_proxy_thread: Something's up on the TLS socket.");
250 /* Check for hangup, error, ... */
251 if ((fds[1].revents & (POLLIN | POLLPRI)) == 0)
254 iostatus = gnutls_record_recv (data->tls_session, buffer, sizeof (buffer));
255 DEBUG ("netcmd plugin: nc_proxy_thread: Received %zi bytes from GNU-TLS.",
259 if ((iostatus == GNUTLS_E_INTERRUPTED)
260 || (iostatus == GNUTLS_E_AGAIN))
262 ERROR ("netcmd plugin: gnutls_record_recv failed: %s",
263 gnutls_strerror ((int) iostatus));
266 else if (iostatus == 0)
271 buffer_size = (size_t) iostatus;
272 iostatus = swrite (data->pipe_tx, buffer, buffer_size);
273 DEBUG ("netcmd plugin: nc_proxy_thread: Wrote %zi bytes to pipe.",
277 } /* }}} if (fds[1].revents != 0) */
280 DEBUG ("netcmd plugin: nc_proxy_thread: Shutting down.");
282 } /* }}} void *nc_proxy_thread */
284 /* Creates two pipes and a separate thread to pass data between two FILE* and
285 * the GNUTLS back and forth. This is required because the handle_<cmd>
286 * functions expect to be able to write to a FILE*. */
287 static int nc_start_tls_file_handles (nc_connection_t *conn) /* {{{ */
289 #define BAIL_OUT(status) do { \
290 DEBUG ("netcmd plugin: nc_start_tls_file_handles: Bailing out with status %i.", (status)); \
291 if (proxy_config->pipe_rx >= 0) { close (proxy_config->pipe_rx); } \
292 if (proxy_config->pipe_tx >= 0) { close (proxy_config->pipe_tx); } \
293 if (conn->fh_in != NULL) { fclose (conn->fh_in); conn->fh_in = NULL; } \
294 if (conn->fh_out != NULL) { fclose (conn->fh_out); conn->fh_out = NULL; } \
295 free (proxy_config); \
299 nc_proxy_t *proxy_config;
306 if ((conn->fh_in != NULL) || (conn->fh_out != NULL))
308 ERROR ("netcmd plugin: nc_start_tls_file_handles: Connection already connected.");
312 proxy_config = malloc (sizeof (*proxy_config));
313 if (proxy_config == NULL)
315 ERROR ("netcmd plugin: malloc failed.");
318 memset (proxy_config, 0, sizeof (*proxy_config));
319 proxy_config->pipe_rx = -1;
320 proxy_config->pipe_tx = -1;
321 proxy_config->tls_session = conn->tls_session;
323 pipe_fd[0] = pipe_fd[1] = -1;
324 status = pipe (pipe_fd);
328 ERROR ("netcmd plugin: pipe(2) failed: %s",
329 sstrerror (errno, errmsg, sizeof (errmsg)));
332 proxy_config->pipe_rx = pipe_fd[0];
333 conn->fh_out = fdopen (pipe_fd[1], "w");
334 if (conn->fh_out == NULL)
337 ERROR ("netcmd plugin: fdopen(2) failed: %s",
338 sstrerror (errno, errmsg, sizeof (errmsg)));
343 pipe_fd[0] = pipe_fd[1] = -1;
344 status = pipe (pipe_fd);
348 ERROR ("netcmd plugin: pipe(2) failed: %s",
349 sstrerror (errno, errmsg, sizeof (errmsg)));
352 proxy_config->pipe_tx = pipe_fd[1];
353 conn->fh_in = fdopen (pipe_fd[0], "r");
354 if (conn->fh_in == NULL)
357 ERROR ("netcmd plugin: fdopen(2) failed: %s",
358 sstrerror (errno, errmsg, sizeof (errmsg)));
363 pthread_attr_init (&attr);
364 pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
366 status = pthread_create (&thread, &attr, nc_proxy_thread, proxy_config);
367 pthread_attr_destroy (&attr);
371 ERROR ("netcmd plugin: pthread_create(2) failed: %s",
372 sstrerror (errno, errmsg, sizeof (errmsg)));
376 DEBUG ("netcmd plugin: nc_start_tls_file_handles: Successfully started proxy thread.");
378 } /* }}} int nc_start_tls_file_handles */
380 static nc_peer_t *nc_fd_to_peer (int fd) /* {{{ */
384 for (i = 0; i < peers_num; i++)
388 for (j = 0; j < peers[i].fds_num; j++)
389 if (peers[i].fds[j] == fd)
394 } /* }}} nc_peer_t *nc_fd_to_peer */
396 static void nc_free_peer (nc_peer_t *p) /* {{{ */
405 for (i = 0; i < p->fds_num; i++)
414 sfree (p->tls_cert_file);
415 sfree (p->tls_key_file);
416 sfree (p->tls_ca_file);
417 sfree (p->tls_crl_file);
419 gnutls_certificate_free_credentials (p->tls_credentials);
420 gnutls_dh_params_deinit (p->tls_dh_params);
421 gnutls_priority_deinit (p->tls_priority);
422 } /* }}} void nc_free_peer */
424 static int nc_register_fd (nc_peer_t *peer, int fd) /* {{{ */
426 struct pollfd *poll_ptr;
429 poll_ptr = realloc (pollfd, (pollfd_num + 1) * sizeof (*pollfd));
430 if (poll_ptr == NULL)
432 ERROR ("netcmd plugin: realloc failed.");
437 memset (&pollfd[pollfd_num], 0, sizeof (pollfd[pollfd_num]));
438 pollfd[pollfd_num].fd = fd;
439 pollfd[pollfd_num].events = POLLIN | POLLPRI;
440 pollfd[pollfd_num].revents = 0;
446 fd_ptr = realloc (peer->fds, (peer->fds_num + 1) * sizeof (*peer->fds));
449 ERROR ("netcmd plugin: realloc failed.");
453 peer->fds[peer->fds_num] = fd;
457 } /* }}} int nc_register_fd */
459 static int nc_tls_init (nc_peer_t *peer) /* {{{ */
466 if (peer->tls_key_file == NULL)
468 DEBUG ("netcmd plugin: Not setting up TLS environment for peer.");
472 DEBUG ("netcmd plugin: Setting up TLS environment for peer.");
474 /* Initialize the structure holding our certificate information. */
475 status = gnutls_certificate_allocate_credentials (&peer->tls_credentials);
476 if (status != GNUTLS_E_SUCCESS)
478 ERROR ("netcmd plugin: gnutls_certificate_allocate_credentials failed: %s",
479 gnutls_strerror (status));
483 /* Set up the configured certificates. */
484 if (peer->tls_ca_file != NULL)
486 status = gnutls_certificate_set_x509_trust_file (peer->tls_credentials,
487 peer->tls_ca_file, GNUTLS_X509_FMT_PEM);
490 ERROR ("netcmd plugin: gnutls_certificate_set_x509_trust_file (%s) "
492 peer->tls_ca_file, gnutls_strerror (status));
497 DEBUG ("netcmd plugin: Successfully loaded %i CA(s).", status);
501 if (peer->tls_crl_file != NULL)
503 status = gnutls_certificate_set_x509_crl_file (peer->tls_credentials,
504 peer->tls_crl_file, GNUTLS_X509_FMT_PEM);
507 ERROR ("netcmd plugin: gnutls_certificate_set_x509_crl_file (%s) "
509 peer->tls_crl_file, gnutls_strerror (status));
514 DEBUG ("netcmd plugin: Successfully loaded %i CRL(s).", status);
518 status = gnutls_certificate_set_x509_key_file (peer->tls_credentials,
519 peer->tls_cert_file, peer->tls_key_file, GNUTLS_X509_FMT_PEM);
520 if (status != GNUTLS_E_SUCCESS)
522 ERROR ("netcmd plugin: gnutls_certificate_set_x509_key_file failed: %s",
523 gnutls_strerror (status));
527 /* Initialize Diffie-Hellman parameters. */
528 gnutls_dh_params_init (&peer->tls_dh_params);
529 gnutls_dh_params_generate2 (peer->tls_dh_params, NC_TLS_DH_BITS);
530 gnutls_certificate_set_dh_params (peer->tls_credentials,
531 peer->tls_dh_params);
533 /* Initialize a "priority cache". This will tell GNUTLS which algorithms to
534 * use and which to avoid. We use the "NORMAL" method for now. */
535 gnutls_priority_init (&peer->tls_priority,
536 /* priority = */ "NORMAL", /* errpos = */ NULL);
539 } /* }}} int nc_tls_init */
541 static gnutls_session_t nc_tls_get_session (nc_peer_t *peer) /* {{{ */
543 gnutls_session_t session;
546 if (peer->tls_credentials == NULL)
549 DEBUG ("netcmd plugin: nc_tls_get_session (%s)", peer->node);
551 /* Initialize new session. */
552 gnutls_init (&session, GNUTLS_SERVER);
554 /* Set cipher priority and credentials based on the information stored with
556 status = gnutls_priority_set (session, peer->tls_priority);
557 if (status != GNUTLS_E_SUCCESS)
559 ERROR ("netcmd plugin: gnutls_priority_set failed: %s",
560 gnutls_strerror (status));
561 gnutls_deinit (session);
565 status = gnutls_credentials_set (session,
566 GNUTLS_CRD_CERTIFICATE, peer->tls_credentials);
567 if (status != GNUTLS_E_SUCCESS)
569 ERROR ("netcmd plugin: gnutls_credentials_set failed: %s",
570 gnutls_strerror (status));
571 gnutls_deinit (session);
575 /* Request the client certificate. If TLSVerifyPeer is set to true,
576 * *require* a client certificate. */
577 gnutls_certificate_server_set_request (session,
578 peer->tls_verify_peer ? GNUTLS_CERT_REQUIRE : GNUTLS_CERT_REQUEST);
581 } /* }}} gnutls_session_t nc_tls_get_session */
583 static int nc_open_socket (nc_peer_t *peer) /* {{{ */
585 struct addrinfo ai_hints;
586 struct addrinfo *ai_list;
587 struct addrinfo *ai_ptr;
590 const char *node = NULL;
591 const char *service = NULL;
596 service = peer->service;
600 service = NC_DEFAULT_SERVICE;
602 memset (&ai_hints, 0, sizeof (ai_hints));
604 ai_hints.ai_flags |= AI_PASSIVE;
607 ai_hints.ai_flags |= AI_ADDRCONFIG;
609 ai_hints.ai_family = AF_UNSPEC;
610 ai_hints.ai_socktype = SOCK_STREAM;
615 service = NC_DEFAULT_SERVICE;
617 status = getaddrinfo (node, service, &ai_hints, &ai_list);
620 ERROR ("netcmd plugin: getaddrinfo failed: %s",
621 gai_strerror (status));
625 for (ai_ptr = ai_list; ai_ptr != NULL; ai_ptr = ai_ptr->ai_next)
630 fd = socket (ai_ptr->ai_family, ai_ptr->ai_socktype,
631 ai_ptr->ai_protocol);
634 ERROR ("netcmd plugin: socket(2) failed: %s",
635 sstrerror (errno, errbuf, sizeof (errbuf)));
639 status = bind (fd, ai_ptr->ai_addr, ai_ptr->ai_addrlen);
643 ERROR ("netcmd plugin: bind(2) failed: %s",
644 sstrerror (errno, errbuf, sizeof (errbuf)));
648 status = listen (fd, /* backlog = */ 8);
652 ERROR ("netcmd plugin: listen(2) failed: %s",
653 sstrerror (errno, errbuf, sizeof (errbuf)));
657 status = nc_register_fd (peer, fd);
663 } /* for (ai_next) */
665 freeaddrinfo (ai_list);
667 return (nc_tls_init (peer));
668 } /* }}} int nc_open_socket */
670 static void nc_connection_close (nc_connection_t *conn) /* {{{ */
681 if (conn->fh_in != NULL)
683 fclose (conn->fh_in);
687 if (conn->fh_out != NULL)
689 fclose (conn->fh_out);
693 if (conn->have_tls_session)
695 gnutls_deinit (conn->tls_session);
696 conn->have_tls_session = 0;
700 } /* }}} void nc_connection_close */
702 static int nc_connection_init_tls (nc_connection_t *conn) /* {{{ */
707 conn->read_buffer = malloc (NC_READ_BUFFER_SIZE);
708 if (conn->read_buffer == NULL)
710 memset (conn->read_buffer, 0, NC_READ_BUFFER_SIZE);
712 /* Make (relatively) sure that 'fd' and 'void*' have the same size to make
714 fd = (intptr_t) conn->fd;
715 gnutls_transport_set_ptr (conn->tls_session,
716 (gnutls_transport_ptr_t) fd);
720 status = gnutls_handshake (conn->tls_session);
721 if (status == GNUTLS_E_SUCCESS)
723 else if ((status == GNUTLS_E_AGAIN) || (status == GNUTLS_E_INTERRUPTED))
727 ERROR ("netcmd plugin: gnutls_handshake failed: %s",
728 gnutls_strerror (status));
733 if (conn->tls_verify_peer)
735 unsigned int verify_status = 0;
737 status = gnutls_certificate_verify_peers2 (conn->tls_session,
739 if (status != GNUTLS_E_SUCCESS)
741 ERROR ("netcmd plugin: gnutls_certificate_verify_peers2 failed: %s",
742 gnutls_strerror (status));
746 if (verify_status != 0)
750 reason = nc_verify_status_to_string (verify_status);
752 ERROR ("netcmd plugin: Verification of peer failed with "
753 "status %i (%#x)", verify_status, verify_status);
755 ERROR ("netcmd plugin: Verification of peer failed with "
756 "status %i (%s)", verify_status, reason);
760 } /* if (conn->tls_verify_peer) */
762 status = nc_start_tls_file_handles (conn);
765 nc_connection_close (conn);
770 } /* }}} int nc_connection_init_tls */
772 static int nc_connection_init (nc_connection_t *conn) /* {{{ */
777 if (conn->have_tls_session)
778 return (nc_connection_init_tls (conn));
780 /* Duplicate the file descriptor. We need two file descriptors, because we
781 * create two FILE* objects. If they pointed to the same FD and we called
782 * fclose() on each, that would call close() twice on the same FD. If
783 * another file is opened in between those two calls, it could get assigned
784 * that FD and weird stuff would happen. */
785 fd_copy = dup (conn->fd);
788 ERROR ("netcmd plugin: dup(2) failed: %s",
789 sstrerror (errno, errbuf, sizeof (errbuf)));
793 conn->fh_in = fdopen (conn->fd, "r");
794 if (conn->fh_in == NULL)
796 ERROR ("netcmd plugin: fdopen failed: %s",
797 sstrerror (errno, errbuf, sizeof (errbuf)));
800 /* Prevent other code from using the FD directly. */
803 conn->fh_out = fdopen (fd_copy, "w");
804 /* Prevent nc_connection_close from calling close(2) on this fd. */
805 if (conn->fh_out == NULL)
807 ERROR ("netcmd plugin: fdopen failed: %s",
808 sstrerror (errno, errbuf, sizeof (errbuf)));
812 /* change output buffer to line buffered mode */
813 if (setvbuf (conn->fh_out, NULL, _IOLBF, 0) != 0)
815 ERROR ("netcmd plugin: setvbuf failed: %s",
816 sstrerror (errno, errbuf, sizeof (errbuf)));
817 nc_connection_close (conn);
822 } /* }}} int nc_connection_init */
824 static char *nc_connection_gets (nc_connection_t *conn, /* {{{ */
825 char *buffer, size_t buffer_size)
828 char *orig_buffer = buffer;
836 if (!conn->have_tls_session)
837 return (fgets (buffer, (int) buffer_size, conn->fh_in));
839 if ((buffer == NULL) || (buffer_size < 2))
845 /* ensure null termination */
846 memset (buffer, 0, buffer_size);
851 size_t max_copy_bytes;
856 /* If there's no more data in the read buffer, read another chunk from the
858 if (conn->read_buffer_fill < 1)
860 status = gnutls_record_recv (conn->tls_session,
861 conn->read_buffer, NC_READ_BUFFER_SIZE);
862 if (status < 0) /* error */
864 ERROR ("netcmd plugin: Error while reading from TLS stream.");
867 else if (status == 0) /* we reached end of file */
869 if (orig_buffer == buffer) /* nothing has been written to the buffer yet */
870 return (NULL); /* end of file */
872 return (orig_buffer);
876 conn->read_buffer_fill = (size_t) status;
879 assert (conn->read_buffer_fill > 0);
881 /* Determine where the first newline character is in the buffer. We're not
882 * using strcspn(3) here, becaus the buffer is possibly not
883 * null-terminated. */
884 newline_pos = conn->read_buffer_fill;
886 for (i = 0; i < conn->read_buffer_fill; i++)
888 if (conn->read_buffer[i] == '\n')
896 /* Determine how many bytes to copy at most. This is MIN(buffer available,
897 * read buffer size, characters to newline). */
898 max_copy_bytes = buffer_size;
899 if (max_copy_bytes > conn->read_buffer_fill)
900 max_copy_bytes = conn->read_buffer_fill;
901 if (max_copy_bytes > (newline_pos + 1))
902 max_copy_bytes = newline_pos + 1;
903 assert (max_copy_bytes > 0);
905 /* Copy bytes to the output buffer. */
906 memcpy (buffer, conn->read_buffer, max_copy_bytes);
907 buffer += max_copy_bytes;
908 assert (buffer_size >= max_copy_bytes);
909 buffer_size -= max_copy_bytes;
911 /* If there is data left in the read buffer, move it to the front of the
913 if (max_copy_bytes < conn->read_buffer_fill)
915 size_t data_left_size = conn->read_buffer_fill - max_copy_bytes;
916 memmove (conn->read_buffer, conn->read_buffer + max_copy_bytes,
918 conn->read_buffer_fill -= max_copy_bytes;
922 assert (max_copy_bytes == conn->read_buffer_fill);
923 conn->read_buffer_fill = 0;
929 if (buffer_size == 0) /* no more space in the output buffer */
933 return (orig_buffer);
934 } /* }}} char *nc_connection_gets */
936 static void *nc_handle_client (void *arg) /* {{{ */
938 nc_connection_t *conn;
944 DEBUG ("netcmd plugin: nc_handle_client: Reading from fd #%i", conn->fd);
946 status = nc_connection_init (conn);
949 nc_connection_close (conn);
950 pthread_exit ((void *) 1);
956 char buffer_copy[1024];
962 if (nc_connection_gets (conn, buffer, sizeof (buffer)) == NULL)
966 WARNING ("netcmd plugin: failed to read from socket #%i: %s",
967 fileno (conn->fh_in),
968 sstrerror (errno, errbuf, sizeof (errbuf)));
973 len = strlen (buffer);
975 && ((buffer[len - 1] == '\n') || (buffer[len - 1] == '\r')))
976 buffer[--len] = '\0';
981 sstrncpy (buffer_copy, buffer, sizeof (buffer_copy));
983 fields_num = strsplit (buffer_copy, fields,
984 sizeof (fields) / sizeof (fields[0]));
988 nc_connection_close (conn);
992 if (strcasecmp (fields[0], "getval") == 0)
994 handle_getval (conn->fh_out, buffer);
996 else if (strcasecmp (fields[0], "putval") == 0)
998 handle_putval (conn->fh_out, buffer);
1000 else if (strcasecmp (fields[0], "listval") == 0)
1002 handle_listval (conn->fh_out, buffer);
1004 else if (strcasecmp (fields[0], "putnotif") == 0)
1006 handle_putnotif (conn->fh_out, buffer);
1008 else if (strcasecmp (fields[0], "flush") == 0)
1010 handle_flush (conn->fh_out, buffer);
1014 if (fprintf (conn->fh_out, "-1 Unknown command: %s\n", fields[0]) < 0)
1016 WARNING ("netcmd plugin: failed to write to socket #%i: %s",
1017 fileno (conn->fh_out),
1018 sstrerror (errno, errbuf, sizeof (errbuf)));
1022 } /* while (fgets) */
1024 DEBUG ("netcmd plugin: nc_handle_client: Exiting..");
1025 nc_connection_close (conn);
1027 pthread_exit ((void *) 0);
1028 return ((void *) 0);
1029 } /* }}} void *nc_handle_client */
1031 static void *nc_server_thread (void __attribute__((unused)) *arg) /* {{{ */
1035 pthread_attr_t th_attr;
1039 for (i = 0; i < peers_num; i++)
1040 nc_open_socket (peers + i);
1043 nc_open_socket (NULL);
1045 if (pollfd_num == 0)
1047 ERROR ("netcmd plugin: No sockets could be opened.");
1048 pthread_exit ((void *) -1);
1051 while (listen_thread_loop)
1053 status = poll (pollfd, (nfds_t) pollfd_num, /* timeout = */ -1);
1056 if ((errno == EINTR) || (errno == EAGAIN))
1059 ERROR ("netcmd plugin: poll(2) failed: %s",
1060 sstrerror (errno, errbuf, sizeof (errbuf)));
1061 listen_thread_loop = 0;
1065 for (i = 0; i < pollfd_num; i++)
1068 nc_connection_t *conn;
1070 if (pollfd[i].revents == 0)
1074 else if ((pollfd[i].revents & (POLLERR | POLLHUP | POLLNVAL))
1077 WARNING ("netcmd plugin: File descriptor %i failed.",
1079 close (pollfd[i].fd);
1081 pollfd[i].events = 0;
1082 pollfd[i].revents = 0;
1085 pollfd[i].revents = 0;
1087 peer = nc_fd_to_peer (pollfd[i].fd);
1090 ERROR ("netcmd plugin: Unable to find peer structure for file "
1091 "descriptor #%i.", pollfd[i].fd);
1095 status = accept (pollfd[i].fd,
1096 /* sockaddr = */ NULL,
1097 /* sockaddr_len = */ NULL);
1101 ERROR ("netcmd plugin: accept failed: %s",
1102 sstrerror (errno, errbuf, sizeof (errbuf)));
1106 conn = malloc (sizeof (*conn));
1109 ERROR ("netcmd plugin: malloc failed.");
1113 memset (conn, 0, sizeof (*conn));
1115 conn->fh_out = NULL;
1119 /* Start up the TLS session if the required configuration options have
1122 && (peer->tls_key_file != NULL))
1124 DEBUG ("netcmd plugin: Starting TLS session on a connection "
1126 (peer->node != NULL) ? peer->node : "any",
1127 (peer->service != NULL) ? peer->service : NC_DEFAULT_SERVICE);
1128 conn->tls_session = nc_tls_get_session (peer);
1129 if (conn->tls_session == NULL)
1131 ERROR ("netcmd plugin: Creating TLS session on a connection via "
1132 "[%s]:%s failed. For security reasons this connection will be "
1134 (peer->node != NULL) ? peer->node : "any",
1135 (peer->service != NULL) ? peer->service : NC_DEFAULT_SERVICE);
1136 nc_connection_close (conn);
1139 conn->have_tls_session = 1;
1140 conn->tls_verify_peer = peer->tls_verify_peer;
1143 DEBUG ("netcmd plugin: Spawning child to handle connection on fd #%i",
1146 pthread_attr_init (&th_attr);
1147 pthread_attr_setdetachstate (&th_attr, PTHREAD_CREATE_DETACHED);
1149 status = pthread_create (&th, &th_attr, nc_handle_client, conn);
1150 pthread_attr_destroy (&th_attr);
1153 WARNING ("netcmd plugin: pthread_create failed: %s",
1154 sstrerror (errno, errbuf, sizeof (errbuf)));
1155 nc_connection_close (conn);
1159 } /* while (listen_thread_loop) */
1161 for (i = 0; i < pollfd_num; i++)
1163 if (pollfd[i].fd < 0)
1166 close (pollfd[i].fd);
1168 pollfd[i].events = 0;
1169 pollfd[i].revents = 0;
1175 return ((void *) 0);
1176 } /* }}} void *nc_server_thread */
1183 * TLSCertFile "/path/to/cert"
1184 * TLSKeyFile "/path/to/key"
1185 * TLSCAFile "/path/to/ca"
1186 * TLSCRLFile "/path/to/crl"
1187 * TLSVerifyPeer yes|no
1191 static int nc_config_peer (const oconfig_item_t *ci) /* {{{ */
1197 p = realloc (peers, sizeof (*peers) * (peers_num + 1));
1200 ERROR ("netcmd plugin: realloc failed.");
1204 p = peers + peers_num;
1205 memset (p, 0, sizeof (*p));
1208 p->tls_cert_file = NULL;
1209 p->tls_key_file = NULL;
1210 p->tls_ca_file = NULL;
1211 p->tls_crl_file = NULL;
1212 p->tls_verify_peer = 0;
1214 for (i = 0; i < ci->children_num; i++)
1216 oconfig_item_t *child = ci->children + i;
1218 if (strcasecmp ("Address", child->key) == 0)
1219 cf_util_get_string (child, &p->node);
1220 else if (strcasecmp ("Port", child->key) == 0)
1221 cf_util_get_string (child, &p->service);
1222 else if (strcasecmp ("TLSCertFile", child->key) == 0)
1223 cf_util_get_string (child, &p->tls_cert_file);
1224 else if (strcasecmp ("TLSKeyFile", child->key) == 0)
1225 cf_util_get_string (child, &p->tls_key_file);
1226 else if (strcasecmp ("TLSCAFile", child->key) == 0)
1227 cf_util_get_string (child, &p->tls_ca_file);
1228 else if (strcasecmp ("TLSCRLFile", child->key) == 0)
1229 cf_util_get_string (child, &p->tls_crl_file);
1230 else if (strcasecmp ("TLSVerifyPeer", child->key) == 0)
1231 cf_util_get_boolean (child, &p->tls_verify_peer);
1233 WARNING ("netcmd plugin: The option \"%s\" is not recognized within "
1234 "a \"%s\" block.", child->key, ci->key);
1237 /* TLS is confusing for many people. Be verbose on mis-configurations to
1238 * help people set up encryption correctly. */
1240 if (p->tls_key_file == NULL)
1242 if (p->tls_cert_file != NULL)
1244 WARNING ("netcmd plugin: The \"TLSCertFile\" option is only valid in "
1245 "combination with the \"TLSKeyFile\" option.");
1248 if (p->tls_ca_file != NULL)
1250 WARNING ("netcmd plugin: The \"TLSCAFile\" option is only valid when "
1251 "the \"TLSKeyFile\" option has been specified.");
1254 if (p->tls_crl_file != NULL)
1256 WARNING ("netcmd plugin: The \"TLSCRLFile\" option is only valid when "
1257 "the \"TLSKeyFile\" option has been specified.");
1261 else if (p->tls_cert_file == NULL)
1263 WARNING ("netcmd plugin: The \"TLSKeyFile\" option is only valid in "
1264 "combination with the \"TLSCertFile\" option.");
1270 ERROR ("netcmd plugin: Problems in the security settings have been "
1271 "detected in the <Listen /> block for [%s]:%s. The entire block "
1272 "will be ignored to prevent unauthorized access.",
1273 (p->node == NULL) ? "::0" : p->node,
1274 (p->service == NULL) ? NC_DEFAULT_SERVICE : p->service);
1279 DEBUG ("netcmd plugin: node = \"%s\"; service = \"%s\";", p->node, p->service);
1284 } /* }}} int nc_config_peer */
1286 static int nc_config (oconfig_item_t *ci) /* {{{ */
1290 for (i = 0; i < ci->children_num; i++)
1292 oconfig_item_t *child = ci->children + i;
1294 if (strcasecmp ("Listen", child->key) == 0)
1295 nc_config_peer (child);
1297 WARNING ("netcmd plugin: The option \"%s\" is not recognized.",
1302 } /* }}} int nc_config */
1304 static int nc_init (void) /* {{{ */
1306 static int have_init = 0;
1310 /* Initialize only once. */
1315 gnutls_global_init ();
1317 listen_thread_loop = 1;
1319 status = pthread_create (&listen_thread, NULL, nc_server_thread, NULL);
1323 listen_thread_loop = 0;
1324 listen_thread_running = 0;
1325 ERROR ("netcmd plugin: pthread_create failed: %s",
1326 sstrerror (errno, errbuf, sizeof (errbuf)));
1330 listen_thread_running = 1;
1332 } /* }}} int nc_init */
1334 static int nc_shutdown (void) /* {{{ */
1338 listen_thread_loop = 0;
1340 if (listen_thread != (pthread_t) 0)
1344 pthread_kill (listen_thread, SIGTERM);
1345 pthread_join (listen_thread, &ret);
1346 listen_thread = (pthread_t) 0;
1349 plugin_unregister_init ("netcmd");
1350 plugin_unregister_shutdown ("netcmd");
1352 for (i = 0; i < peers_num; i++)
1353 nc_free_peer (peers + i);
1358 } /* }}} int nc_shutdown */
1360 void module_register (void) /* {{{ */
1362 plugin_register_complex_config ("netcmd", nc_config);
1363 plugin_register_init ("netcmd", nc_init);
1364 plugin_register_shutdown ("netcmd", nc_shutdown);
1365 } /* }}} void module_register (void) */
1367 /* vim: set sw=2 sts=2 tw=78 et fdm=marker : */