/src/pacemaker/lib/cib/cib_file.c
Line | Count | Source |
1 | | /* |
2 | | * Original copyright 2004 International Business Machines |
3 | | * Later changes copyright 2008-2026 the Pacemaker project contributors |
4 | | * |
5 | | * The version control history for this file may have further details. |
6 | | * |
7 | | * This source code is licensed under the GNU Lesser General Public License |
8 | | * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY. |
9 | | */ |
10 | | |
11 | | #include <crm_internal.h> |
12 | | #include <unistd.h> |
13 | | #include <limits.h> |
14 | | #include <stdbool.h> |
15 | | #include <stdlib.h> |
16 | | #include <stdint.h> |
17 | | #include <stdio.h> |
18 | | #include <stdarg.h> |
19 | | #include <string.h> |
20 | | #include <pwd.h> |
21 | | |
22 | | #include <sys/stat.h> |
23 | | #include <sys/types.h> |
24 | | #include <glib.h> |
25 | | |
26 | | #include <crm/crm.h> |
27 | | #include <crm/cib/internal.h> |
28 | | #include <crm/common/ipc.h> |
29 | | #include <crm/common/xml.h> |
30 | | |
31 | 0 | #define CIB_SERIES "cib" |
32 | 0 | #define CIB_SERIES_MAX 100 |
33 | 4 | #define CIB_LIVE_NAME CIB_SERIES ".xml" |
34 | | |
35 | | // key: client ID (const char *) -> value: client (cib_t *) |
36 | | static GHashTable *client_table = NULL; |
37 | | |
38 | | enum file_flags { |
39 | | file_flag_dirty = (UINT32_C(1) << 0), |
40 | | file_flag_live = (UINT32_C(1) << 1), |
41 | | }; |
42 | | |
43 | | typedef struct { |
44 | | char *id; |
45 | | char *filename; |
46 | | uint32_t flags; // Group of enum file_flags |
47 | | xmlNode *cib_xml; |
48 | | } file_opaque_t; |
49 | | |
50 | | /* backup_cib_file() and cib_file_write_with_digest() need to chown the |
51 | | * written files only in limited circumstances, so these variables allow |
52 | | * that to be indicated without affecting external callers |
53 | | */ |
54 | | static uid_t file_owner = 0; |
55 | | static uid_t file_group = 0; |
56 | | static bool do_chown = false; |
57 | | |
58 | | static cib__op_fn_t get_op_function(const cib__operation_t *operation); |
59 | | |
60 | 0 | #define set_file_flags(cibfile, flags_to_set) do { \ |
61 | 0 | (cibfile)->flags = pcmk__set_flags_as(__func__, __LINE__, \ |
62 | 0 | LOG_TRACE, "CIB file", \ |
63 | 0 | cibfile->filename, \ |
64 | 0 | (cibfile)->flags, \ |
65 | 0 | (flags_to_set), \ |
66 | 0 | #flags_to_set); \ |
67 | 0 | } while (0) |
68 | | |
69 | 0 | #define clear_file_flags(cibfile, flags_to_clear) do { \ |
70 | 0 | (cibfile)->flags = pcmk__clear_flags_as(__func__, __LINE__, \ |
71 | 0 | LOG_TRACE, "CIB file", \ |
72 | 0 | cibfile->filename, \ |
73 | 0 | (cibfile)->flags, \ |
74 | 0 | (flags_to_clear), \ |
75 | 0 | #flags_to_clear); \ |
76 | 0 | } while (0) |
77 | | |
78 | | /*! |
79 | | * \internal |
80 | | * \brief Add a CIB file client to client table |
81 | | * |
82 | | * \param[in] cib CIB client |
83 | | */ |
84 | | static void |
85 | | register_client(const cib_t *cib) |
86 | 0 | { |
87 | 0 | file_opaque_t *private = cib->variant_opaque; |
88 | |
|
89 | 0 | if (client_table == NULL) { |
90 | 0 | client_table = pcmk__strkey_table(NULL, NULL); |
91 | 0 | } |
92 | 0 | g_hash_table_insert(client_table, private->id, (void *) cib); |
93 | 0 | } |
94 | | |
95 | | /*! |
96 | | * \internal |
97 | | * \brief Remove a CIB file client from client table |
98 | | * |
99 | | * \param[in] cib CIB client |
100 | | */ |
101 | | static void |
102 | | unregister_client(const cib_t *cib) |
103 | 0 | { |
104 | 0 | file_opaque_t *private = cib->variant_opaque; |
105 | |
|
106 | 0 | if (client_table == NULL) { |
107 | 0 | return; |
108 | 0 | } |
109 | | |
110 | 0 | g_hash_table_remove(client_table, private->id); |
111 | | |
112 | | /* @COMPAT: Add to crm_exit() when libcib and libcrmcommon are merged, |
113 | | * instead of destroying the client table when there are no more clients. |
114 | | */ |
115 | 0 | if (g_hash_table_size(client_table) == 0) { |
116 | 0 | g_clear_pointer(&client_table, g_hash_table_destroy); |
117 | 0 | } |
118 | 0 | } |
119 | | |
120 | | /*! |
121 | | * \internal |
122 | | * \brief Look up a CIB file client by its ID |
123 | | * |
124 | | * \param[in] client_id CIB client ID |
125 | | * |
126 | | * \return CIB client with matching ID if found, or \p NULL otherwise |
127 | | */ |
128 | | static cib_t * |
129 | | get_client(const char *client_id) |
130 | 0 | { |
131 | 0 | if (client_table == NULL) { |
132 | 0 | return NULL; |
133 | 0 | } |
134 | 0 | return g_hash_table_lookup(client_table, (void *) client_id); |
135 | 0 | } |
136 | | |
137 | | static int |
138 | | process_request(cib_t *cib, xmlNode *request, xmlNode **output) |
139 | 0 | { |
140 | 0 | int rc = pcmk_rc_ok; |
141 | 0 | const cib__operation_t *operation = NULL; |
142 | 0 | cib__op_fn_t op_function = NULL; |
143 | |
|
144 | 0 | uint32_t call_options = cib_none; |
145 | 0 | const char *op = pcmk__xe_get(request, PCMK__XA_CIB_OP); |
146 | |
|
147 | 0 | bool changed = false; |
148 | 0 | bool read_only = false; |
149 | 0 | xmlNode *result_cib = NULL; |
150 | 0 | xmlNode *cib_diff = NULL; |
151 | 0 | xmlNode *local_output = NULL; |
152 | |
|
153 | 0 | file_opaque_t *private = cib->variant_opaque; |
154 | |
|
155 | 0 | if (output != NULL) { |
156 | 0 | *output = NULL; |
157 | 0 | } |
158 | | |
159 | | // We error checked these in callers, but make Coverity happy |
160 | 0 | pcmk__assert(cib__get_operation(op, &operation) == pcmk_rc_ok); |
161 | 0 | op_function = get_op_function(operation); |
162 | |
|
163 | 0 | rc = pcmk__xe_get_flags(request, PCMK__XA_CIB_CALLOPT, &call_options, |
164 | 0 | cib_none); |
165 | 0 | if (rc != pcmk_rc_ok) { |
166 | 0 | pcmk__warn("Couldn't parse options from request: %s", pcmk_rc_str(rc)); |
167 | 0 | } |
168 | |
|
169 | 0 | read_only = !pcmk__is_set(operation->flags, cib__op_attr_modifies); |
170 | |
|
171 | 0 | if (read_only) { |
172 | 0 | rc = cib__perform_op_ro(op_function, request, &private->cib_xml, |
173 | 0 | &local_output); |
174 | 0 | } else { |
175 | 0 | result_cib = private->cib_xml; |
176 | 0 | rc = cib__perform_op_rw(cib_file, op_function, request, &changed, |
177 | 0 | &result_cib, &cib_diff, &local_output); |
178 | 0 | } |
179 | |
|
180 | 0 | if (pcmk__is_set(call_options, cib_transaction)) { |
181 | | /* The rest of the logic applies only to the transaction as a whole, not |
182 | | * to individual requests. |
183 | | */ |
184 | 0 | goto done; |
185 | 0 | } |
186 | | |
187 | 0 | if (rc == pcmk_rc_schema_validation) { |
188 | | // Show validation errors to stderr |
189 | 0 | pcmk__validate_xml(result_cib, NULL, NULL); |
190 | |
|
191 | 0 | } else if ((rc == pcmk_rc_ok) && !read_only) { |
192 | 0 | if (result_cib != private->cib_xml) { |
193 | 0 | pcmk__xml_free(private->cib_xml); |
194 | 0 | private->cib_xml = result_cib; |
195 | 0 | } |
196 | 0 | set_file_flags(private, file_flag_dirty); |
197 | 0 | } |
198 | |
|
199 | 0 | if (local_output == NULL) { |
200 | 0 | goto done; |
201 | 0 | } |
202 | | |
203 | 0 | if ((output != NULL) && (local_output->doc != private->cib_xml->doc)) { |
204 | 0 | *output = local_output; |
205 | 0 | goto done; |
206 | 0 | } |
207 | | |
208 | 0 | if (output != NULL) { |
209 | 0 | *output = pcmk__xml_copy(NULL, local_output); |
210 | 0 | goto done; |
211 | 0 | } |
212 | | |
213 | 0 | if (local_output->doc != private->cib_xml->doc) { |
214 | 0 | pcmk__xml_free(local_output); |
215 | 0 | } |
216 | |
|
217 | 0 | done: |
218 | 0 | if (result_cib != private->cib_xml) { |
219 | 0 | pcmk__xml_free(result_cib); |
220 | 0 | } |
221 | 0 | pcmk__xml_free(cib_diff); |
222 | 0 | return rc; |
223 | 0 | } |
224 | | |
225 | | /*! |
226 | | * \internal |
227 | | * \brief Process requests in a CIB transaction |
228 | | * |
229 | | * Stop when a request fails or when all requests have been processed. |
230 | | * |
231 | | * \param[in,out] cib CIB client |
232 | | * \param[in,out] transaction CIB transaction |
233 | | * |
234 | | * \return Standard Pacemaker return code |
235 | | */ |
236 | | static int |
237 | | process_transaction_requests(cib_t *cib, xmlNode *transaction) |
238 | 0 | { |
239 | 0 | file_opaque_t *private = cib->variant_opaque; |
240 | |
|
241 | 0 | for (xmlNode *request = pcmk__xe_first_child(transaction, |
242 | 0 | PCMK__XE_CIB_COMMAND, NULL, |
243 | 0 | NULL); |
244 | 0 | request != NULL; |
245 | 0 | request = pcmk__xe_next(request, PCMK__XE_CIB_COMMAND)) { |
246 | |
|
247 | 0 | xmlNode *output = NULL; |
248 | 0 | const char *op = pcmk__xe_get(request, PCMK__XA_CIB_OP); |
249 | |
|
250 | 0 | int rc = process_request(cib, request, &output); |
251 | |
|
252 | 0 | pcmk__xml_free(output); |
253 | |
|
254 | 0 | if (rc != pcmk_rc_ok) { |
255 | 0 | pcmk__err("Aborting transaction for CIB file client (%s) on file " |
256 | 0 | "'%s' due to failed %s request: %s", |
257 | 0 | private->id, private->filename, op, pcmk_rc_str(rc)); |
258 | 0 | pcmk__log_xml_info(request, "Failed request"); |
259 | 0 | return rc; |
260 | 0 | } |
261 | | |
262 | 0 | pcmk__trace("Applied %s request to transaction working CIB for CIB " |
263 | 0 | "file client (%s) on file '%s'", |
264 | 0 | op, private->id, private->filename); |
265 | 0 | pcmk__log_xml_trace(request, "Successful request"); |
266 | 0 | } |
267 | | |
268 | 0 | return pcmk_rc_ok; |
269 | 0 | } |
270 | | |
271 | | /*! |
272 | | * \internal |
273 | | * \brief Commit a given CIB file client's transaction to a working CIB copy |
274 | | * |
275 | | * \param[in,out] cib CIB file client |
276 | | * \param[in] transaction CIB transaction |
277 | | * \param[in,out] result_cib Where to store result CIB |
278 | | * |
279 | | * \return Standard Pacemaker return code |
280 | | * |
281 | | * \note The caller is responsible for replacing the \p cib argument's |
282 | | * \p private->cib_xml with \p result_cib on success, and for freeing |
283 | | * \p result_cib using \p pcmk__xml_free() on failure. |
284 | | */ |
285 | | static int |
286 | | commit_transaction(cib_t *cib, xmlNode *transaction, xmlNode **result_cib) |
287 | 0 | { |
288 | 0 | int rc = pcmk_rc_ok; |
289 | 0 | file_opaque_t *private = cib->variant_opaque; |
290 | 0 | xmlNode *saved_cib = private->cib_xml; |
291 | | |
292 | | /* *result_cib should be a copy of private->cib_xml (created by |
293 | | * cib__perform_op_rw()) |
294 | | */ |
295 | 0 | pcmk__assert((result_cib != NULL) && (*result_cib != NULL) |
296 | 0 | && (*result_cib != private->cib_xml)); |
297 | |
|
298 | 0 | CRM_CHECK(pcmk__xe_is(transaction, PCMK__XE_CIB_TRANSACTION), |
299 | 0 | return pcmk_rc_no_transaction); |
300 | | |
301 | 0 | pcmk__trace("Committing transaction for CIB file client (%s) on file '%s' " |
302 | 0 | "to working CIB", |
303 | 0 | private->id, private->filename); |
304 | | |
305 | | // Apply all changes to a working copy of the CIB |
306 | 0 | private->cib_xml = *result_cib; |
307 | |
|
308 | 0 | rc = process_transaction_requests(cib, transaction); |
309 | |
|
310 | 0 | pcmk__trace("Transaction commit %s for CIB file client (%s) on file '%s'", |
311 | 0 | ((rc == pcmk_rc_ok)? "succeeded" : "failed"), |
312 | 0 | private->id, private->filename); |
313 | | |
314 | | /* Some request types (for example, erase) may have freed private->cib_xml |
315 | | * (the working copy) and pointed it at a new XML object. In that case, it |
316 | | * follows that *result_cib (the working copy) was freed. |
317 | | * |
318 | | * Point *result_cib at the updated working copy stored in private->cib_xml. |
319 | | */ |
320 | 0 | *result_cib = private->cib_xml; |
321 | | |
322 | | // Point private->cib_xml back to the unchanged original copy |
323 | 0 | private->cib_xml = saved_cib; |
324 | |
|
325 | 0 | return rc; |
326 | 0 | } |
327 | | |
328 | | static int |
329 | | process_commit_transact(xmlNode *req, xmlNode **cib_xml, xmlNode **answer) |
330 | 0 | { |
331 | 0 | int rc = pcmk_rc_ok; |
332 | 0 | xmlNode *input = cib__get_calldata(req); |
333 | 0 | const char *client_id = pcmk__xe_get(req, PCMK__XA_CIB_CLIENTID); |
334 | 0 | cib_t *cib = NULL; |
335 | |
|
336 | 0 | CRM_CHECK(client_id != NULL, return -EINVAL); |
337 | | |
338 | 0 | cib = get_client(client_id); |
339 | 0 | CRM_CHECK(cib != NULL, return -EINVAL); |
340 | | |
341 | 0 | rc = commit_transaction(cib, input, cib_xml); |
342 | 0 | if (rc != pcmk_rc_ok) { |
343 | 0 | file_opaque_t *private = cib->variant_opaque; |
344 | |
|
345 | 0 | pcmk__err("Could not commit transaction for CIB file client (%s) on " |
346 | 0 | "file '%s': %s", |
347 | 0 | private->id, private->filename, pcmk_rc_str(rc)); |
348 | 0 | } |
349 | 0 | return pcmk_rc2legacy(rc); |
350 | 0 | } |
351 | | |
352 | | static const cib__op_fn_t op_functions[] = { |
353 | | [cib__op_apply_patch] = cib__process_apply_patch, |
354 | | [cib__op_bump] = cib__process_bump, |
355 | | [cib__op_commit_transact] = process_commit_transact, |
356 | | [cib__op_create] = cib__process_create, |
357 | | [cib__op_delete] = cib__process_delete, |
358 | | [cib__op_erase] = cib__process_erase, |
359 | | [cib__op_modify] = cib__process_modify, |
360 | | [cib__op_query] = cib__process_query, |
361 | | [cib__op_replace] = cib__process_replace, |
362 | | [cib__op_upgrade] = cib__process_upgrade, |
363 | | }; |
364 | | |
365 | | /*! |
366 | | * \internal |
367 | | * \brief Get the function that performs a given CIB file operation |
368 | | * |
369 | | * \param[in] operation Operation whose function to look up |
370 | | * |
371 | | * \return Function that performs \p operation for a CIB file client |
372 | | */ |
373 | | static cib__op_fn_t |
374 | | get_op_function(const cib__operation_t *operation) |
375 | 0 | { |
376 | 0 | enum cib__op_type type = operation->type; |
377 | |
|
378 | 0 | pcmk__assert(type >= 0); |
379 | |
|
380 | 0 | if (type >= PCMK__NELEM(op_functions)) { |
381 | 0 | return NULL; |
382 | 0 | } |
383 | 0 | return op_functions[type]; |
384 | 0 | } |
385 | | |
386 | | /*! |
387 | | * \internal |
388 | | * \brief Check whether a file is the live CIB |
389 | | * |
390 | | * \param[in] filename Name of file to check |
391 | | * |
392 | | * \return \c true if file exists and its real path is same as the live CIB's, |
393 | | * or \c false otherwise |
394 | | */ |
395 | | static bool |
396 | | is_live(const char *filename) |
397 | 23 | { |
398 | 23 | bool same = false; |
399 | | |
400 | 23 | if (filename != NULL) { |
401 | | // Canonicalize file names for true comparison |
402 | 23 | char *real_filename = NULL; |
403 | | |
404 | 23 | if (pcmk__real_path(filename, &real_filename) == pcmk_rc_ok) { |
405 | 4 | char *real_livename = NULL; |
406 | | |
407 | 4 | if (pcmk__real_path(CRM_CONFIG_DIR "/" CIB_LIVE_NAME, |
408 | 4 | &real_livename) == pcmk_rc_ok) { |
409 | 0 | same = !strcmp(real_filename, real_livename); |
410 | 0 | free(real_livename); |
411 | 0 | } |
412 | 4 | free(real_filename); |
413 | 4 | } |
414 | 23 | } |
415 | 23 | return same; |
416 | 23 | } |
417 | | |
418 | | static int |
419 | | file_perform_op_delegate(cib_t *cib, const char *op, const char *host, |
420 | | const char *section, xmlNode *data, |
421 | | xmlNode **output_data, int call_options, |
422 | | const char *user_name) |
423 | 0 | { |
424 | 0 | int rc = pcmk_ok; |
425 | 0 | xmlNode *request = NULL; |
426 | 0 | file_opaque_t *private = cib->variant_opaque; |
427 | |
|
428 | 0 | const cib__operation_t *operation = NULL; |
429 | |
|
430 | 0 | pcmk__info("Handling %s operation for %s as %s", pcmk__s(op, "invalid"), |
431 | 0 | pcmk__s(section, "entire CIB"), |
432 | 0 | pcmk__s(user_name, "default user")); |
433 | |
|
434 | 0 | if (cib->state == cib_disconnected) { |
435 | 0 | rc = ENOTCONN; |
436 | 0 | goto done; |
437 | 0 | } |
438 | | |
439 | 0 | rc = cib__get_operation(op, &operation); |
440 | 0 | if (rc != pcmk_rc_ok) { |
441 | | // @COMPAT: At compatibility break, use rc directly |
442 | 0 | rc = EPROTONOSUPPORT; |
443 | 0 | goto done; |
444 | 0 | } |
445 | | |
446 | 0 | if (get_op_function(operation) == NULL) { |
447 | | // @COMPAT: At compatibility break, use EOPNOTSUPP |
448 | 0 | pcmk__err("Operation %s is not supported by CIB file clients", op); |
449 | 0 | rc = EPROTONOSUPPORT; |
450 | 0 | goto done; |
451 | 0 | } |
452 | | |
453 | 0 | cib__set_call_options(call_options, "file operation", cib_no_mtime); |
454 | |
|
455 | 0 | rc = cib__create_op(cib, op, host, section, data, call_options, user_name, |
456 | 0 | NULL, &request); |
457 | 0 | if (rc != pcmk_rc_ok) { |
458 | 0 | goto done; |
459 | 0 | } |
460 | | |
461 | 0 | pcmk__xe_set(request, PCMK__XA_ACL_TARGET, user_name); |
462 | 0 | pcmk__xe_set(request, PCMK__XA_CIB_CLIENTID, private->id); |
463 | |
|
464 | 0 | if (pcmk__is_set(call_options, cib_transaction)) { |
465 | 0 | rc = cib__extend_transaction(cib, request); |
466 | 0 | goto done; |
467 | 0 | } |
468 | | |
469 | 0 | rc = process_request(cib, request, output_data); |
470 | |
|
471 | 0 | done: |
472 | 0 | pcmk__xml_free(request); |
473 | 0 | return pcmk_rc2legacy(rc); |
474 | 0 | } |
475 | | |
476 | | /*! |
477 | | * \internal |
478 | | * \brief Read CIB from disk and validate it against XML schema |
479 | | * |
480 | | * \param[in] filename Name of file to read CIB from |
481 | | * \param[out] output Where to store the read CIB XML |
482 | | * |
483 | | * \return pcmk_ok on success, |
484 | | * -ENXIO if file does not exist (or stat() otherwise fails), or |
485 | | * -pcmk_err_schema_validation if XML doesn't parse or validate |
486 | | * \note If filename is the live CIB, this will *not* verify its digest, |
487 | | * though that functionality would be trivial to add here. |
488 | | * Also, this will *not* verify that the file is writable, |
489 | | * because some callers might not need to write. |
490 | | */ |
491 | | static int |
492 | | load_file_cib(const char *filename, xmlNode **output) |
493 | 0 | { |
494 | 0 | struct stat buf; |
495 | 0 | xmlNode *root = NULL; |
496 | | |
497 | | /* Ensure file is readable */ |
498 | 0 | if (strcmp(filename, "-") && (stat(filename, &buf) < 0)) { |
499 | 0 | return -ENXIO; |
500 | 0 | } |
501 | | |
502 | | /* Parse XML from file */ |
503 | 0 | root = pcmk__xml_read(filename); |
504 | 0 | if (root == NULL) { |
505 | 0 | return -pcmk_err_schema_validation; |
506 | 0 | } |
507 | | |
508 | | /* Add a status section if not already present */ |
509 | 0 | if (pcmk__xe_first_child(root, PCMK_XE_STATUS, NULL, NULL) == NULL) { |
510 | 0 | pcmk__xe_create(root, PCMK_XE_STATUS); |
511 | 0 | } |
512 | | |
513 | | /* Validate XML against its specified schema */ |
514 | 0 | if (!pcmk__configured_schema_validates(root)) { |
515 | 0 | pcmk__xml_free(root); |
516 | 0 | return -pcmk_err_schema_validation; |
517 | 0 | } |
518 | | |
519 | | /* Remember the parsed XML for later use */ |
520 | 0 | *output = root; |
521 | 0 | return pcmk_ok; |
522 | 0 | } |
523 | | |
524 | | static int |
525 | | file_signon(cib_t *cib, const char *name, enum cib_conn_type type) |
526 | 0 | { |
527 | 0 | int rc = pcmk_ok; |
528 | 0 | file_opaque_t *private = cib->variant_opaque; |
529 | |
|
530 | 0 | if (private->filename == NULL) { |
531 | 0 | rc = -EINVAL; |
532 | 0 | } else { |
533 | 0 | rc = load_file_cib(private->filename, &private->cib_xml); |
534 | 0 | } |
535 | |
|
536 | 0 | if (rc == pcmk_ok) { |
537 | 0 | pcmk__debug("Opened connection to local file '%s' for %s", |
538 | 0 | private->filename, pcmk__s(name, "client")); |
539 | 0 | cib->state = cib_connected_command; |
540 | 0 | cib->type = cib_command; |
541 | 0 | register_client(cib); |
542 | |
|
543 | 0 | } else { |
544 | 0 | pcmk__info("Connection to local file '%s' for %s (client %s) failed: " |
545 | 0 | "%s", |
546 | 0 | private->filename, pcmk__s(name, "client"), private->id, |
547 | 0 | pcmk_strerror(rc)); |
548 | 0 | } |
549 | 0 | return rc; |
550 | 0 | } |
551 | | |
552 | | /*! |
553 | | * \internal |
554 | | * \brief Write out the in-memory CIB to a live CIB file |
555 | | * |
556 | | * \param[in] cib_root Root of XML tree to write |
557 | | * \param[in,out] path Full path to file to write |
558 | | * |
559 | | * \return Standard Pacemaker return code |
560 | | */ |
561 | | static int |
562 | | write_live(xmlNode *cib_root, char *path) |
563 | 0 | { |
564 | 0 | uid_t euid = geteuid(); |
565 | 0 | uid_t daemon_uid = 0; |
566 | 0 | gid_t daemon_gid = 0; |
567 | 0 | char *sep = strrchr(path, '/'); |
568 | 0 | const char *cib_dirname, *cib_filename; |
569 | 0 | int rc = pcmk_rc_ok; |
570 | | |
571 | | /* Get the desired uid/gid */ |
572 | 0 | rc = pcmk__daemon_user(&daemon_uid, &daemon_gid); |
573 | 0 | if (rc != pcmk_rc_ok) { |
574 | 0 | pcmk__err("Could not find user " CRM_DAEMON_USER ": %s", |
575 | 0 | pcmk_rc_str(rc)); |
576 | 0 | return rc; |
577 | 0 | } |
578 | | |
579 | | /* If we're root, we can change the ownership; |
580 | | * if we're daemon, anything we create will be OK; |
581 | | * otherwise, block access so we don't create wrong owner |
582 | | */ |
583 | 0 | if ((euid != 0) && (euid != daemon_uid)) { |
584 | 0 | pcmk__err("Must be root or " CRM_DAEMON_USER " to modify live CIB"); |
585 | | |
586 | | // @TODO Should this return an error instead? |
587 | 0 | return pcmk_rc_ok; |
588 | 0 | } |
589 | | |
590 | | /* fancy footwork to separate dirname from filename |
591 | | * (we know the canonical name maps to the live CIB, |
592 | | * but the given name might be relative, or symlinked) |
593 | | */ |
594 | 0 | if (sep == NULL) { /* no directory component specified */ |
595 | 0 | cib_dirname = "./"; |
596 | 0 | cib_filename = path; |
597 | 0 | } else if (sep == path) { /* given name is in / */ |
598 | 0 | cib_dirname = "/"; |
599 | 0 | cib_filename = path + 1; |
600 | 0 | } else { /* typical case; split given name into parts */ |
601 | 0 | *sep = '\0'; |
602 | 0 | cib_dirname = path; |
603 | 0 | cib_filename = sep + 1; |
604 | 0 | } |
605 | | |
606 | | /* if we're root, we want to update the file ownership */ |
607 | 0 | if (euid == 0) { |
608 | 0 | file_owner = daemon_uid; |
609 | 0 | file_group = daemon_gid; |
610 | 0 | do_chown = true; |
611 | 0 | } |
612 | | |
613 | | /* write the file */ |
614 | 0 | rc = cib_file_write_with_digest(cib_root, cib_dirname, cib_filename); |
615 | 0 | rc = pcmk_legacy2rc(rc); |
616 | | |
617 | | /* turn off file ownership changes, for other callers */ |
618 | 0 | if (euid == 0) { |
619 | 0 | do_chown = false; |
620 | 0 | } |
621 | | |
622 | | /* undo fancy stuff */ |
623 | 0 | if ((sep != NULL) && (*sep == '\0')) { |
624 | 0 | *sep = '/'; |
625 | 0 | } |
626 | |
|
627 | 0 | return rc; |
628 | 0 | } |
629 | | |
630 | | /*! |
631 | | * \internal |
632 | | * \brief Sign-off method for CIB file variants |
633 | | * |
634 | | * This will write the file to disk if needed, and free the in-memory CIB. If |
635 | | * the file is the live CIB, it will compute and write a signature as well. |
636 | | * |
637 | | * \param[in,out] cib CIB object to sign off |
638 | | * |
639 | | * \return pcmk_ok on success, pcmk_err_generic on failure |
640 | | * \todo This method should refuse to write the live CIB if the CIB manager is |
641 | | * running. |
642 | | */ |
643 | | static int |
644 | | file_signoff(cib_t *cib) |
645 | 0 | { |
646 | 0 | int rc = pcmk_ok; |
647 | 0 | file_opaque_t *private = cib->variant_opaque; |
648 | |
|
649 | 0 | pcmk__debug("Disconnecting from the CIB manager"); |
650 | 0 | cib->state = cib_disconnected; |
651 | 0 | cib->type = cib_no_connection; |
652 | 0 | unregister_client(cib); |
653 | 0 | cib->cmds->end_transaction(cib, false, cib_none); |
654 | | |
655 | | /* If the in-memory CIB has been changed, write it to disk */ |
656 | 0 | if (pcmk__is_set(private->flags, file_flag_dirty)) { |
657 | | |
658 | | /* If this is the live CIB, write it out with a digest */ |
659 | 0 | if (pcmk__is_set(private->flags, file_flag_live)) { |
660 | 0 | rc = write_live(private->cib_xml, private->filename); |
661 | 0 | rc = pcmk_rc2legacy(rc); |
662 | | |
663 | | /* Otherwise, it's a simple write */ |
664 | 0 | } else { |
665 | 0 | bool compress = g_str_has_suffix(private->filename, ".bz2"); |
666 | |
|
667 | 0 | if (pcmk__xml_write_file(private->cib_xml, private->filename, |
668 | 0 | compress) != pcmk_rc_ok) { |
669 | 0 | rc = pcmk_err_generic; |
670 | 0 | } |
671 | 0 | } |
672 | |
|
673 | 0 | if (rc == pcmk_ok) { |
674 | 0 | pcmk__info("Wrote CIB to %s", private->filename); |
675 | 0 | clear_file_flags(private, file_flag_dirty); |
676 | 0 | } else { |
677 | 0 | pcmk__err("Could not write CIB to %s", private->filename); |
678 | 0 | } |
679 | 0 | } |
680 | | |
681 | | /* Free the in-memory CIB */ |
682 | 0 | g_clear_pointer(&private->cib_xml, pcmk__xml_free); |
683 | 0 | return rc; |
684 | 0 | } |
685 | | |
686 | | static int |
687 | | file_free(cib_t *cib) |
688 | 23 | { |
689 | 23 | int rc = pcmk_ok; |
690 | | |
691 | 23 | if (cib->state != cib_disconnected) { |
692 | 0 | rc = file_signoff(cib); |
693 | 0 | } |
694 | | |
695 | 23 | if (rc == pcmk_ok) { |
696 | 23 | file_opaque_t *private = cib->variant_opaque; |
697 | | |
698 | 23 | free(private->id); |
699 | 23 | free(private->filename); |
700 | 23 | free(private); |
701 | 23 | free(cib->cmds); |
702 | 23 | free(cib->user); |
703 | 23 | free(cib); |
704 | | |
705 | 23 | } else { |
706 | 0 | fprintf(stderr, "Couldn't sign off: %d\n", rc); |
707 | 0 | } |
708 | | |
709 | 23 | return rc; |
710 | 23 | } |
711 | | |
712 | | static int |
713 | | file_register_notification(cib_t *cib, const char *callback, int enabled) |
714 | 0 | { |
715 | 0 | return -EPROTONOSUPPORT; |
716 | 0 | } |
717 | | |
718 | | static int |
719 | | file_set_connection_dnotify(cib_t *cib, void (*dnotify)(void *user_data)) |
720 | 0 | { |
721 | 0 | return -EPROTONOSUPPORT; |
722 | 0 | } |
723 | | |
724 | | /*! |
725 | | * \internal |
726 | | * \brief Get the given CIB connection's unique client identifier |
727 | | * |
728 | | * \param[in] cib CIB connection |
729 | | * \param[out] async_id If not \p NULL, where to store asynchronous client ID |
730 | | * \param[out] sync_id If not \p NULL, where to store synchronous client ID |
731 | | * |
732 | | * \return Legacy Pacemaker return code |
733 | | * |
734 | | * \note This is the \p cib_file variant implementation of |
735 | | * \p cib_api_operations_t:client_id(). |
736 | | */ |
737 | | static int |
738 | | file_client_id(const cib_t *cib, const char **async_id, const char **sync_id) |
739 | 0 | { |
740 | 0 | file_opaque_t *private = cib->variant_opaque; |
741 | |
|
742 | 0 | if (async_id != NULL) { |
743 | 0 | *async_id = private->id; |
744 | 0 | } |
745 | 0 | if (sync_id != NULL) { |
746 | 0 | *sync_id = private->id; |
747 | 0 | } |
748 | 0 | return pcmk_ok; |
749 | 0 | } |
750 | | |
751 | | cib_t * |
752 | | cib_file_new(const char *cib_location) |
753 | 23 | { |
754 | 23 | cib_t *cib = NULL; |
755 | 23 | file_opaque_t *private = NULL; |
756 | 23 | char *filename = NULL; |
757 | | |
758 | 23 | if (cib_location == NULL) { |
759 | 0 | cib_location = getenv("CIB_file"); |
760 | 0 | if (cib_location == NULL) { |
761 | 0 | return NULL; // Shouldn't be possible if we were called internally |
762 | 0 | } |
763 | 0 | } |
764 | | |
765 | 23 | cib = cib_new_variant(); |
766 | 23 | if (cib == NULL) { |
767 | 0 | return NULL; |
768 | 0 | } |
769 | | |
770 | 23 | filename = strdup(cib_location); |
771 | 23 | if (filename == NULL) { |
772 | 0 | free(cib); |
773 | 0 | return NULL; |
774 | 0 | } |
775 | | |
776 | 23 | private = calloc(1, sizeof(file_opaque_t)); |
777 | 23 | if (private == NULL) { |
778 | 0 | free(cib); |
779 | 0 | free(filename); |
780 | 0 | return NULL; |
781 | 0 | } |
782 | | |
783 | 23 | private->id = pcmk__generate_uuid(); |
784 | 23 | private->filename = filename; |
785 | | |
786 | 23 | cib->variant = cib_file; |
787 | 23 | cib->variant_opaque = private; |
788 | | |
789 | 23 | private->flags = 0; |
790 | 23 | if (is_live(cib_location)) { |
791 | 0 | set_file_flags(private, file_flag_live); |
792 | 0 | pcmk__trace("File %s detected as live CIB", cib_location); |
793 | 0 | } |
794 | | |
795 | | /* assign variant specific ops */ |
796 | 23 | cib->delegate_fn = file_perform_op_delegate; |
797 | 23 | cib->cmds->signon = file_signon; |
798 | 23 | cib->cmds->signoff = file_signoff; |
799 | 23 | cib->cmds->free = file_free; |
800 | 23 | cib->cmds->register_notification = file_register_notification; |
801 | 23 | cib->cmds->set_connection_dnotify = file_set_connection_dnotify; |
802 | | |
803 | 23 | cib->cmds->client_id = file_client_id; |
804 | | |
805 | 23 | return cib; |
806 | 23 | } |
807 | | |
808 | | /*! |
809 | | * \internal |
810 | | * \brief Compare the calculated digest of an XML tree against a signature file |
811 | | * |
812 | | * \param[in] root Root of XML tree to compare |
813 | | * \param[in] sigfile Name of signature file containing digest to compare |
814 | | * |
815 | | * \return \c true if digests match or signature file does not exist, or |
816 | | * \c false otherwise |
817 | | */ |
818 | | static bool |
819 | | verify_digest(xmlNode *root, const char *sigfile) |
820 | 0 | { |
821 | 0 | bool passed = false; |
822 | 0 | char *expected; |
823 | 0 | int rc = pcmk__file_contents(sigfile, &expected); |
824 | |
|
825 | 0 | switch (rc) { |
826 | 0 | case pcmk_rc_ok: |
827 | 0 | if (expected == NULL) { |
828 | 0 | pcmk__err("On-disk digest at %s is empty", sigfile); |
829 | 0 | return false; |
830 | 0 | } |
831 | 0 | break; |
832 | 0 | case ENOENT: |
833 | 0 | pcmk__warn("No on-disk digest present at %s", sigfile); |
834 | 0 | return true; |
835 | 0 | default: |
836 | 0 | pcmk__err("Could not read on-disk digest from %s: %s", sigfile, |
837 | 0 | pcmk_rc_str(rc)); |
838 | 0 | return false; |
839 | 0 | } |
840 | 0 | passed = pcmk__verify_digest(root, expected); |
841 | 0 | free(expected); |
842 | 0 | return passed; |
843 | 0 | } |
844 | | |
845 | | /*! |
846 | | * \internal |
847 | | * \brief Read an XML tree from a file and verify its digest |
848 | | * |
849 | | * \param[in] filename Name of XML file to read |
850 | | * \param[in] sigfile Name of signature file containing digest to compare |
851 | | * \param[out] root If non-NULL, will be set to pointer to parsed XML tree |
852 | | * |
853 | | * \return 0 if file was successfully read, parsed and verified, otherwise: |
854 | | * -errno on stat() failure, |
855 | | * -pcmk_err_cib_corrupt if file size is 0 or XML is not parseable, or |
856 | | * -pcmk_err_cib_modified if digests do not match |
857 | | * \note If root is non-NULL, it is the caller's responsibility to free *root on |
858 | | * successful return. |
859 | | */ |
860 | | int |
861 | | cib_file_read_and_verify(const char *filename, const char *sigfile, xmlNode **root) |
862 | 0 | { |
863 | 0 | int s_res; |
864 | 0 | struct stat buf; |
865 | 0 | char *local_sigfile = NULL; |
866 | 0 | xmlNode *local_root = NULL; |
867 | |
|
868 | 0 | pcmk__assert(filename != NULL); |
869 | 0 | if (root) { |
870 | 0 | *root = NULL; |
871 | 0 | } |
872 | | |
873 | | /* Verify that file exists and its size is nonzero */ |
874 | 0 | s_res = stat(filename, &buf); |
875 | 0 | if (s_res < 0) { |
876 | 0 | pcmk__warn("Could not verify cluster configuration file %s: " |
877 | 0 | "stat() failed: %s", |
878 | 0 | filename, strerror(errno)); |
879 | 0 | return -errno; |
880 | 0 | } else if (buf.st_size == 0) { |
881 | 0 | pcmk__warn("Cluster configuration file %s is corrupt (size is zero)", |
882 | 0 | filename); |
883 | 0 | return -pcmk_err_cib_corrupt; |
884 | 0 | } |
885 | | |
886 | | /* Parse XML */ |
887 | 0 | local_root = pcmk__xml_read(filename); |
888 | 0 | if (local_root == NULL) { |
889 | 0 | pcmk__warn("Cluster configuration file %s is corrupt (unparseable as " |
890 | 0 | "XML)", |
891 | 0 | filename); |
892 | 0 | return -pcmk_err_cib_corrupt; |
893 | 0 | } |
894 | | |
895 | | /* If sigfile is not specified, use original file name plus .sig */ |
896 | 0 | if (sigfile == NULL) { |
897 | 0 | sigfile = local_sigfile = pcmk__assert_asprintf("%s.sig", filename); |
898 | 0 | } |
899 | | |
900 | | /* Verify that digests match */ |
901 | 0 | if (!verify_digest(local_root, sigfile)) { |
902 | 0 | free(local_sigfile); |
903 | 0 | pcmk__xml_free(local_root); |
904 | 0 | return -pcmk_err_cib_modified; |
905 | 0 | } |
906 | | |
907 | 0 | free(local_sigfile); |
908 | 0 | if (root) { |
909 | 0 | *root = local_root; |
910 | 0 | } else { |
911 | 0 | pcmk__xml_free(local_root); |
912 | 0 | } |
913 | 0 | return pcmk_ok; |
914 | 0 | } |
915 | | |
916 | | /*! |
917 | | * \internal |
918 | | * \brief Back up a CIB |
919 | | * |
920 | | * \param[in] cib_dirname Directory containing CIB file and backups |
921 | | * \param[in] cib_filename Name (relative to cib_dirname) of CIB file to back up |
922 | | * |
923 | | * \return 0 on success, -1 on error |
924 | | */ |
925 | | static int |
926 | | backup_cib_file(const char *cib_dirname, const char *cib_filename) |
927 | 0 | { |
928 | 0 | int rc = 0; |
929 | 0 | unsigned int seq = 0U; |
930 | 0 | char *cib_path = pcmk__assert_asprintf("%s/%s", cib_dirname, cib_filename); |
931 | 0 | char *cib_digest = pcmk__assert_asprintf("%s.sig", cib_path); |
932 | 0 | char *backup_path; |
933 | 0 | char *backup_digest; |
934 | | |
935 | | // Determine backup and digest file names |
936 | 0 | if (pcmk__read_series_sequence(cib_dirname, CIB_SERIES, |
937 | 0 | &seq) != pcmk_rc_ok) { |
938 | | // @TODO maybe handle errors better ... |
939 | 0 | seq = 0U; |
940 | 0 | } |
941 | | |
942 | | // Must pass false because archived copies are created with hard links |
943 | 0 | backup_path = pcmk__series_filename(cib_dirname, CIB_SERIES, seq, false); |
944 | 0 | backup_digest = pcmk__assert_asprintf("%s.sig", backup_path); |
945 | | |
946 | | /* Remove the old backups if they exist */ |
947 | 0 | unlink(backup_path); |
948 | 0 | unlink(backup_digest); |
949 | | |
950 | | /* Back up the CIB, by hard-linking it to the backup name */ |
951 | 0 | if ((link(cib_path, backup_path) < 0) && (errno != ENOENT)) { |
952 | 0 | pcmk__err("Could not archive %s by linking to %s: %s", cib_path, |
953 | 0 | backup_path, strerror(errno)); |
954 | 0 | rc = -1; |
955 | | |
956 | | /* Back up the CIB signature similarly */ |
957 | 0 | } else if ((link(cib_digest, backup_digest) < 0) && (errno != ENOENT)) { |
958 | 0 | pcmk__err("Could not archive %s by linking to %s: %s", cib_digest, |
959 | 0 | backup_digest, strerror(errno)); |
960 | 0 | rc = -1; |
961 | | |
962 | | /* Update the last counter and ensure everything is sync'd to media */ |
963 | 0 | } else { |
964 | 0 | pcmk__write_series_sequence(cib_dirname, CIB_SERIES, ++seq, |
965 | 0 | CIB_SERIES_MAX); |
966 | 0 | if (do_chown) { |
967 | 0 | int rc2; |
968 | |
|
969 | 0 | if ((chown(backup_path, file_owner, file_group) < 0) |
970 | 0 | && (errno != ENOENT)) { |
971 | |
|
972 | 0 | pcmk__err("Could not set owner of %s: %s", backup_path, |
973 | 0 | strerror(errno)); |
974 | 0 | rc = -1; |
975 | 0 | } |
976 | 0 | if ((chown(backup_digest, file_owner, file_group) < 0) |
977 | 0 | && (errno != ENOENT)) { |
978 | |
|
979 | 0 | pcmk__err("Could not set owner of %s: %s", backup_digest, |
980 | 0 | strerror(errno)); |
981 | 0 | rc = -1; |
982 | 0 | } |
983 | 0 | rc2 = pcmk__chown_series_sequence(cib_dirname, CIB_SERIES, |
984 | 0 | file_owner, file_group); |
985 | 0 | if (rc2 != pcmk_rc_ok) { |
986 | 0 | pcmk__err("Could not set owner of sequence file in %s: %s", |
987 | 0 | cib_dirname, pcmk_rc_str(rc2)); |
988 | 0 | rc = -1; |
989 | 0 | } |
990 | 0 | } |
991 | 0 | pcmk__sync_directory(cib_dirname); |
992 | 0 | pcmk__info("Archived previous version as %s", backup_path); |
993 | 0 | } |
994 | |
|
995 | 0 | free(cib_path); |
996 | 0 | free(cib_digest); |
997 | 0 | free(backup_path); |
998 | 0 | free(backup_digest); |
999 | 0 | return rc; |
1000 | 0 | } |
1001 | | |
1002 | | /*! |
1003 | | * \internal |
1004 | | * \brief Prepare CIB XML to be written to disk |
1005 | | * |
1006 | | * Set \c PCMK_XA_NUM_UPDATES to 0, set \c PCMK_XA_CIB_LAST_WRITTEN to the |
1007 | | * current timestamp, and strip out the status section. |
1008 | | * |
1009 | | * \param[in,out] root Root of CIB XML tree |
1010 | | * |
1011 | | * \return void |
1012 | | */ |
1013 | | static void |
1014 | | prepare_xml(xmlNode *root) |
1015 | 0 | { |
1016 | 0 | xmlNode *cib_status_root = NULL; |
1017 | | |
1018 | | /* Always write out with num_updates=0 and current last-written timestamp */ |
1019 | 0 | pcmk__xe_set(root, PCMK_XA_NUM_UPDATES, "0"); |
1020 | 0 | pcmk__xe_add_last_written(root); |
1021 | | |
1022 | | /* Delete status section before writing to file, because |
1023 | | * we discard it on startup anyway, and users get confused by it */ |
1024 | 0 | cib_status_root = pcmk__xe_first_child(root, PCMK_XE_STATUS, NULL, NULL); |
1025 | 0 | CRM_CHECK(cib_status_root != NULL, return); |
1026 | 0 | pcmk__xml_free(cib_status_root); |
1027 | 0 | } |
1028 | | |
1029 | | /*! |
1030 | | * \internal |
1031 | | * \brief Write CIB to disk, along with a signature file containing its digest |
1032 | | * |
1033 | | * \param[in,out] cib_root Root of XML tree to write |
1034 | | * \param[in] cib_dirname Directory containing CIB and signature files |
1035 | | * \param[in] cib_filename Name (relative to cib_dirname) of file to write |
1036 | | * |
1037 | | * \return pcmk_ok on success, |
1038 | | * pcmk_err_cib_modified if existing cib_filename doesn't match digest, |
1039 | | * pcmk_err_cib_backup if existing cib_filename couldn't be backed up, |
1040 | | * or pcmk_err_cib_save if new cib_filename couldn't be saved |
1041 | | */ |
1042 | | int |
1043 | | cib_file_write_with_digest(xmlNode *cib_root, const char *cib_dirname, |
1044 | | const char *cib_filename) |
1045 | 0 | { |
1046 | 0 | int exit_rc = pcmk_ok; |
1047 | 0 | int rc, fd; |
1048 | 0 | char *digest = NULL; |
1049 | | |
1050 | | /* Detect CIB version for diagnostic purposes */ |
1051 | 0 | const char *epoch = pcmk__xe_get(cib_root, PCMK_XA_EPOCH); |
1052 | 0 | const char *admin_epoch = pcmk__xe_get(cib_root, PCMK_XA_ADMIN_EPOCH); |
1053 | | |
1054 | | /* Determine full CIB and signature pathnames */ |
1055 | 0 | char *cib_path = pcmk__assert_asprintf("%s/%s", cib_dirname, cib_filename); |
1056 | 0 | char *digest_path = pcmk__assert_asprintf("%s.sig", cib_path); |
1057 | | |
1058 | | /* Create temporary file name patterns for writing out CIB and signature */ |
1059 | 0 | char *tmp_cib = pcmk__assert_asprintf("%s/cib.XXXXXX", cib_dirname); |
1060 | 0 | char *tmp_digest = pcmk__assert_asprintf("%s/cib.XXXXXX", cib_dirname); |
1061 | | |
1062 | | /* Ensure the admin didn't modify the existing CIB underneath us */ |
1063 | 0 | pcmk__trace("Reading cluster configuration file %s", cib_path); |
1064 | 0 | rc = cib_file_read_and_verify(cib_path, NULL, NULL); |
1065 | 0 | if ((rc != pcmk_ok) && (rc != -ENOENT)) { |
1066 | 0 | pcmk__err("%s was manually modified while the cluster was active!", |
1067 | 0 | cib_path); |
1068 | 0 | exit_rc = pcmk_err_cib_modified; |
1069 | 0 | goto cleanup; |
1070 | 0 | } |
1071 | | |
1072 | | /* Back up the existing CIB */ |
1073 | 0 | if (backup_cib_file(cib_dirname, cib_filename) < 0) { |
1074 | 0 | exit_rc = pcmk_err_cib_backup; |
1075 | 0 | goto cleanup; |
1076 | 0 | } |
1077 | | |
1078 | 0 | pcmk__debug("Writing CIB to disk"); |
1079 | 0 | umask(S_IWGRP | S_IWOTH | S_IROTH); |
1080 | 0 | prepare_xml(cib_root); |
1081 | | |
1082 | | /* Write the CIB to a temporary file, so we can deploy (near) atomically */ |
1083 | 0 | fd = mkstemp(tmp_cib); |
1084 | 0 | if (fd < 0) { |
1085 | 0 | pcmk__err("Couldn't open temporary file %s for writing CIB: %s", |
1086 | 0 | tmp_cib, strerror(errno)); |
1087 | 0 | exit_rc = pcmk_err_cib_save; |
1088 | 0 | goto cleanup; |
1089 | 0 | } |
1090 | | |
1091 | | /* Protect the temporary file */ |
1092 | 0 | if (fchmod(fd, S_IRUSR | S_IWUSR) < 0) { |
1093 | 0 | pcmk__err("Couldn't protect temporary file %s for writing CIB: %s", |
1094 | 0 | tmp_cib, strerror(errno)); |
1095 | 0 | exit_rc = pcmk_err_cib_save; |
1096 | 0 | goto cleanup; |
1097 | 0 | } |
1098 | 0 | if (do_chown && (fchown(fd, file_owner, file_group) < 0)) { |
1099 | 0 | pcmk__err("Couldn't protect temporary file %s for writing CIB: %s", |
1100 | 0 | tmp_cib, strerror(errno)); |
1101 | 0 | exit_rc = pcmk_err_cib_save; |
1102 | 0 | goto cleanup; |
1103 | 0 | } |
1104 | | |
1105 | | /* Write out the CIB */ |
1106 | 0 | if (pcmk__xml_write_fd(cib_root, tmp_cib, fd) != pcmk_rc_ok) { |
1107 | 0 | pcmk__err("Changes couldn't be written to %s", tmp_cib); |
1108 | 0 | exit_rc = pcmk_err_cib_save; |
1109 | 0 | goto cleanup; |
1110 | 0 | } |
1111 | | |
1112 | | /* Calculate CIB digest */ |
1113 | 0 | digest = pcmk__digest_on_disk_cib(cib_root); |
1114 | 0 | pcmk__assert(digest != NULL); |
1115 | 0 | pcmk__info("Wrote version %s.%s.0 of the CIB to disk (digest: %s)", |
1116 | 0 | pcmk__s(admin_epoch, "0"), pcmk__s(epoch, "0"), digest); |
1117 | | |
1118 | | /* Write the CIB digest to a temporary file */ |
1119 | 0 | fd = mkstemp(tmp_digest); |
1120 | 0 | if (fd < 0) { |
1121 | 0 | pcmk__err("Could not create temporary file %s for CIB digest: %s", |
1122 | 0 | tmp_digest, strerror(errno)); |
1123 | 0 | exit_rc = pcmk_err_cib_save; |
1124 | 0 | goto cleanup; |
1125 | 0 | } |
1126 | 0 | if (do_chown && (fchown(fd, file_owner, file_group) < 0)) { |
1127 | 0 | pcmk__err("Couldn't protect temporary file %s for writing CIB: %s", |
1128 | 0 | tmp_cib, strerror(errno)); |
1129 | 0 | exit_rc = pcmk_err_cib_save; |
1130 | 0 | close(fd); |
1131 | 0 | goto cleanup; |
1132 | 0 | } |
1133 | 0 | rc = pcmk__write_sync(fd, digest); |
1134 | 0 | if (rc != pcmk_rc_ok) { |
1135 | 0 | pcmk__err("Could not write digest to %s: %s", tmp_digest, |
1136 | 0 | pcmk_rc_str(rc)); |
1137 | 0 | exit_rc = pcmk_err_cib_save; |
1138 | 0 | close(fd); |
1139 | 0 | goto cleanup; |
1140 | 0 | } |
1141 | 0 | close(fd); |
1142 | 0 | pcmk__debug("Wrote digest %s to disk", digest); |
1143 | | |
1144 | | /* Verify that what we wrote is sane */ |
1145 | 0 | pcmk__info("Reading cluster configuration file %s (digest: %s)", tmp_cib, |
1146 | 0 | tmp_digest); |
1147 | 0 | rc = cib_file_read_and_verify(tmp_cib, tmp_digest, NULL); |
1148 | 0 | pcmk__assert(rc == 0); |
1149 | | |
1150 | | /* Rename temporary files to live, and sync directory changes to media */ |
1151 | 0 | pcmk__debug("Activating %s", tmp_cib); |
1152 | 0 | if (rename(tmp_cib, cib_path) < 0) { |
1153 | 0 | pcmk__err("Couldn't rename %s as %s: %s", tmp_cib, cib_path, |
1154 | 0 | strerror(errno)); |
1155 | 0 | exit_rc = pcmk_err_cib_save; |
1156 | 0 | } |
1157 | 0 | if (rename(tmp_digest, digest_path) < 0) { |
1158 | 0 | pcmk__err("Couldn't rename %s as %s: %s", tmp_digest, digest_path, |
1159 | 0 | strerror(errno)); |
1160 | 0 | exit_rc = pcmk_err_cib_save; |
1161 | 0 | } |
1162 | 0 | pcmk__sync_directory(cib_dirname); |
1163 | |
|
1164 | 0 | cleanup: |
1165 | 0 | free(cib_path); |
1166 | 0 | free(digest_path); |
1167 | 0 | free(digest); |
1168 | 0 | free(tmp_digest); |
1169 | 0 | free(tmp_cib); |
1170 | 0 | return exit_rc; |
1171 | 0 | } |