2014-05-03 20:02:22 +02:00
|
|
|
/******************************************************************************
|
|
|
|
* Icinga 2 *
|
2015-01-22 12:00:23 +01:00
|
|
|
* Copyright (C) 2012-2015 Icinga Development Team (http://www.icinga.org) *
|
2014-05-03 20:02:22 +02:00
|
|
|
* *
|
|
|
|
* This program is free software; you can redistribute it and/or *
|
|
|
|
* modify it under the terms of the GNU General Public License *
|
|
|
|
* as published by the Free Software Foundation; either version 2 *
|
|
|
|
* of the License, or (at your option) any later version. *
|
|
|
|
* *
|
|
|
|
* This program is distributed in the hope that it will be useful, *
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
|
|
* GNU General Public License for more details. *
|
|
|
|
* *
|
|
|
|
* You should have received a copy of the GNU General Public License *
|
|
|
|
* along with this program; if not, write to the Free Software Foundation *
|
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
|
|
|
******************************************************************************/
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
#include "remote/jsonrpcconnection.hpp"
|
2014-05-25 16:23:35 +02:00
|
|
|
#include "remote/apilistener.hpp"
|
|
|
|
#include "remote/apifunction.hpp"
|
|
|
|
#include "remote/jsonrpc.hpp"
|
2015-08-15 20:28:05 +02:00
|
|
|
#include "base/configtype.hpp"
|
2014-05-25 16:23:35 +02:00
|
|
|
#include "base/objectlock.hpp"
|
|
|
|
#include "base/utility.hpp"
|
2014-10-19 14:21:12 +02:00
|
|
|
#include "base/logger.hpp"
|
2014-05-25 16:23:35 +02:00
|
|
|
#include "base/exception.hpp"
|
2015-02-27 20:18:20 +01:00
|
|
|
#include <boost/thread/once.hpp>
|
2014-05-03 20:02:22 +02:00
|
|
|
|
|
|
|
using namespace icinga;
|
|
|
|
|
2015-08-04 14:47:44 +02:00
|
|
|
static Value SetLogPositionHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
|
2014-05-03 20:02:22 +02:00
|
|
|
REGISTER_APIFUNCTION(SetLogPosition, log, &SetLogPositionHandler);
|
2015-08-04 14:47:44 +02:00
|
|
|
static Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
|
2014-10-16 12:27:09 +02:00
|
|
|
REGISTER_APIFUNCTION(RequestCertificate, pki, &RequestCertificateHandler);
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
static boost::once_flag l_JsonRpcConnectionOnceFlag = BOOST_ONCE_INIT;
|
|
|
|
static Timer::Ptr l_JsonRpcConnectionTimeoutTimer;
|
2015-02-27 20:18:20 +01:00
|
|
|
|
2015-09-22 17:58:12 +02:00
|
|
|
JsonRpcConnection::JsonRpcConnection(const String& identity, bool authenticated,
|
|
|
|
const TlsStream::Ptr& stream, ConnectionRole role)
|
|
|
|
: m_Identity(identity), m_Authenticated(authenticated), m_Stream(stream),
|
|
|
|
m_Role(role), m_Seen(Utility::GetTime()),
|
2015-06-24 09:44:59 +02:00
|
|
|
m_NextHeartbeat(0), m_HeartbeatTimeout(0)
|
2014-05-08 15:00:09 +02:00
|
|
|
{
|
2015-06-22 11:11:21 +02:00
|
|
|
boost::call_once(l_JsonRpcConnectionOnceFlag, &JsonRpcConnection::StaticInitialize);
|
2015-02-27 20:18:20 +01:00
|
|
|
|
2014-10-16 09:01:18 +02:00
|
|
|
if (authenticated)
|
|
|
|
m_Endpoint = Endpoint::GetByName(identity);
|
2014-05-08 15:00:09 +02:00
|
|
|
}
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
void JsonRpcConnection::StaticInitialize(void)
|
2015-02-27 20:18:20 +01:00
|
|
|
{
|
2015-06-22 11:11:21 +02:00
|
|
|
l_JsonRpcConnectionTimeoutTimer = new Timer();
|
|
|
|
l_JsonRpcConnectionTimeoutTimer->OnTimerExpired.connect(boost::bind(&JsonRpcConnection::TimeoutTimerHandler));
|
|
|
|
l_JsonRpcConnectionTimeoutTimer->SetInterval(15);
|
|
|
|
l_JsonRpcConnectionTimeoutTimer->Start();
|
2015-02-27 20:18:20 +01:00
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
void JsonRpcConnection::Start(void)
|
2014-05-03 20:02:22 +02:00
|
|
|
{
|
2015-11-02 17:34:01 +01:00
|
|
|
/* the stream holds an owning reference to this object through the callback we're registering here */
|
|
|
|
m_Stream->RegisterDataHandler(boost::bind(&JsonRpcConnection::DataAvailableHandler, JsonRpcConnection::Ptr(this)));
|
2015-06-24 09:44:59 +02:00
|
|
|
if (m_Stream->IsDataAvailable())
|
|
|
|
DataAvailableHandler();
|
2014-05-03 20:02:22 +02:00
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
String JsonRpcConnection::GetIdentity(void) const
|
2014-05-08 15:00:09 +02:00
|
|
|
{
|
|
|
|
return m_Identity;
|
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
bool JsonRpcConnection::IsAuthenticated(void) const
|
2014-10-16 09:01:18 +02:00
|
|
|
{
|
|
|
|
return m_Authenticated;
|
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
Endpoint::Ptr JsonRpcConnection::GetEndpoint(void) const
|
2014-05-03 20:02:22 +02:00
|
|
|
{
|
|
|
|
return m_Endpoint;
|
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
TlsStream::Ptr JsonRpcConnection::GetStream(void) const
|
2014-05-03 20:02:22 +02:00
|
|
|
{
|
|
|
|
return m_Stream;
|
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
ConnectionRole JsonRpcConnection::GetRole(void) const
|
2014-05-03 20:02:22 +02:00
|
|
|
{
|
|
|
|
return m_Role;
|
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
void JsonRpcConnection::SendMessage(const Dictionary::Ptr& message)
|
2014-05-03 20:02:22 +02:00
|
|
|
{
|
|
|
|
try {
|
2014-07-01 08:57:57 +02:00
|
|
|
ObjectLock olock(m_Stream);
|
2014-09-09 15:12:39 +02:00
|
|
|
if (m_Stream->IsEof())
|
|
|
|
return;
|
2014-05-03 20:02:22 +02:00
|
|
|
JsonRpc::SendMessage(m_Stream, message);
|
|
|
|
} catch (const std::exception& ex) {
|
2014-10-19 17:52:17 +02:00
|
|
|
std::ostringstream info;
|
2014-05-22 16:07:14 +02:00
|
|
|
info << "Error while sending JSON-RPC message for identity '" << m_Identity << "'";
|
2015-06-22 11:11:21 +02:00
|
|
|
Log(LogWarning, "JsonRpcConnection")
|
2014-10-19 17:52:17 +02:00
|
|
|
<< info.str() << "\n" << DiagnosticInformation(ex);
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2015-11-02 17:34:01 +01:00
|
|
|
Disconnect();
|
2014-05-03 20:02:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
void JsonRpcConnection::Disconnect(void)
|
2014-05-03 20:02:22 +02:00
|
|
|
{
|
2015-06-22 11:11:21 +02:00
|
|
|
Log(LogWarning, "JsonRpcConnection")
|
2014-10-19 17:52:17 +02:00
|
|
|
<< "API client disconnected for identity '" << m_Identity << "'";
|
2014-05-08 15:00:09 +02:00
|
|
|
|
2015-09-29 16:03:38 +02:00
|
|
|
m_Stream->Close();
|
|
|
|
|
2014-05-08 15:00:09 +02:00
|
|
|
if (m_Endpoint)
|
2014-11-08 21:17:16 +01:00
|
|
|
m_Endpoint->RemoveClient(this);
|
2014-05-08 15:12:56 +02:00
|
|
|
else {
|
|
|
|
ApiListener::Ptr listener = ApiListener::GetInstance();
|
2014-11-08 21:17:16 +01:00
|
|
|
listener->RemoveAnonymousClient(this);
|
2014-05-08 15:12:56 +02:00
|
|
|
}
|
2014-05-03 20:02:22 +02:00
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
bool JsonRpcConnection::ProcessMessage(void)
|
2014-05-03 20:02:22 +02:00
|
|
|
{
|
2014-09-09 15:28:55 +02:00
|
|
|
Dictionary::Ptr message;
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
StreamReadStatus srs = JsonRpc::ReadMessage(m_Stream, &message, m_Context, false);
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2015-02-14 16:34:36 +01:00
|
|
|
if (srs != StatusNewItem)
|
2014-05-03 20:02:22 +02:00
|
|
|
return false;
|
|
|
|
|
2015-02-26 12:41:47 +01:00
|
|
|
m_Seen = Utility::GetTime();
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2015-03-11 12:53:43 +01:00
|
|
|
if (m_HeartbeatTimeout != 0)
|
|
|
|
m_NextHeartbeat = Utility::GetTime() + m_HeartbeatTimeout;
|
|
|
|
|
2014-05-08 15:00:09 +02:00
|
|
|
if (m_Endpoint && message->Contains("ts")) {
|
2014-05-03 20:02:22 +02:00
|
|
|
double ts = message->Get("ts");
|
|
|
|
|
|
|
|
/* ignore old messages */
|
|
|
|
if (ts < m_Endpoint->GetRemoteLogPosition())
|
|
|
|
return true;
|
|
|
|
|
|
|
|
m_Endpoint->SetRemoteLogPosition(ts);
|
|
|
|
}
|
|
|
|
|
2015-08-04 14:47:44 +02:00
|
|
|
MessageOrigin::Ptr origin = new MessageOrigin();
|
|
|
|
origin->FromClient = this;
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2014-05-08 15:00:09 +02:00
|
|
|
if (m_Endpoint) {
|
|
|
|
if (m_Endpoint->GetZone() != Zone::GetLocalZone())
|
2015-08-04 14:47:44 +02:00
|
|
|
origin->FromZone = m_Endpoint->GetZone();
|
2014-05-08 15:00:09 +02:00
|
|
|
else
|
2015-08-04 14:47:44 +02:00
|
|
|
origin->FromZone = Zone::GetByName(message->Get("originZone"));
|
2014-05-08 15:00:09 +02:00
|
|
|
}
|
2014-05-03 20:02:22 +02:00
|
|
|
|
|
|
|
String method = message->Get("method");
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
Log(LogNotice, "JsonRpcConnection")
|
2014-10-19 17:52:17 +02:00
|
|
|
<< "Received '" << method << "' message from '" << m_Identity << "'";
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2014-11-08 21:17:16 +01:00
|
|
|
Dictionary::Ptr resultMessage = new Dictionary();
|
2014-05-03 20:02:22 +02:00
|
|
|
|
|
|
|
try {
|
|
|
|
ApiFunction::Ptr afunc = ApiFunction::GetByName(method);
|
|
|
|
|
|
|
|
if (!afunc)
|
|
|
|
BOOST_THROW_EXCEPTION(std::invalid_argument("Function '" + method + "' does not exist."));
|
|
|
|
|
|
|
|
resultMessage->Set("result", afunc->Invoke(origin, message->Get("params")));
|
2014-08-25 08:35:35 +02:00
|
|
|
} catch (const std::exception& ex) {
|
2015-09-22 17:58:12 +02:00
|
|
|
/* TODO: Add a user readable error message for the remote caller */
|
2014-05-03 20:02:22 +02:00
|
|
|
resultMessage->Set("error", DiagnosticInformation(ex));
|
2014-11-02 19:38:35 +01:00
|
|
|
std::ostringstream info;
|
|
|
|
info << "Error while processing message for identity '" << m_Identity << "'";
|
2015-06-22 11:11:21 +02:00
|
|
|
Log(LogWarning, "JsonRpcConnection")
|
2014-11-02 19:38:35 +01:00
|
|
|
<< info.str() << "\n" << DiagnosticInformation(ex);
|
2014-05-03 20:02:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (message->Contains("id")) {
|
|
|
|
resultMessage->Set("jsonrpc", "2.0");
|
|
|
|
resultMessage->Set("id", message->Get("id"));
|
|
|
|
JsonRpc::SendMessage(m_Stream, resultMessage);
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
void JsonRpcConnection::DataAvailableHandler(void)
|
2014-05-03 20:02:22 +02:00
|
|
|
{
|
2015-06-24 09:44:59 +02:00
|
|
|
boost::mutex::scoped_lock lock(m_DataHandlerMutex);
|
|
|
|
|
2014-05-03 20:02:22 +02:00
|
|
|
try {
|
|
|
|
while (ProcessMessage())
|
|
|
|
; /* empty loop body */
|
|
|
|
} catch (const std::exception& ex) {
|
2015-06-22 11:11:21 +02:00
|
|
|
Log(LogWarning, "JsonRpcConnection")
|
2015-09-22 17:58:12 +02:00
|
|
|
<< "Error while reading JSON-RPC message for identity '" << m_Identity
|
|
|
|
<< "': " << DiagnosticInformation(ex);
|
2014-08-22 15:39:34 +02:00
|
|
|
|
2015-02-14 16:34:36 +01:00
|
|
|
Disconnect();
|
|
|
|
}
|
2014-05-03 20:02:22 +02:00
|
|
|
}
|
|
|
|
|
2015-08-04 14:47:44 +02:00
|
|
|
Value SetLogPositionHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params)
|
2014-05-03 20:02:22 +02:00
|
|
|
{
|
|
|
|
if (!params)
|
|
|
|
return Empty;
|
|
|
|
|
|
|
|
double log_position = params->Get("log_position");
|
2015-08-04 14:47:44 +02:00
|
|
|
Endpoint::Ptr endpoint = origin->FromClient->GetEndpoint();
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2014-05-08 15:00:09 +02:00
|
|
|
if (!endpoint)
|
|
|
|
return Empty;
|
|
|
|
|
2014-05-03 20:02:22 +02:00
|
|
|
if (log_position > endpoint->GetLocalLogPosition())
|
|
|
|
endpoint->SetLocalLogPosition(log_position);
|
|
|
|
|
|
|
|
return Empty;
|
|
|
|
}
|
2014-10-16 12:27:09 +02:00
|
|
|
|
2015-08-04 14:47:44 +02:00
|
|
|
Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params)
|
2014-10-16 12:27:09 +02:00
|
|
|
{
|
|
|
|
if (!params)
|
|
|
|
return Empty;
|
|
|
|
|
2014-11-08 21:17:16 +01:00
|
|
|
Dictionary::Ptr result = new Dictionary();
|
2014-10-16 12:27:09 +02:00
|
|
|
|
2015-08-04 14:47:44 +02:00
|
|
|
if (!origin->FromClient->IsAuthenticated()) {
|
2015-02-11 09:56:22 +01:00
|
|
|
ApiListener::Ptr listener = ApiListener::GetInstance();
|
|
|
|
String salt = listener->GetTicketSalt();
|
|
|
|
|
|
|
|
if (salt.IsEmpty()) {
|
|
|
|
result->Set("error", "Ticket salt is not configured.");
|
|
|
|
return result;
|
|
|
|
}
|
2014-10-16 12:27:09 +02:00
|
|
|
|
2015-02-11 09:56:22 +01:00
|
|
|
String ticket = params->Get("ticket");
|
2015-08-04 14:47:44 +02:00
|
|
|
String realTicket = PBKDF2_SHA1(origin->FromClient->GetIdentity(), salt, 50000);
|
2014-10-16 12:27:09 +02:00
|
|
|
|
2015-02-11 09:56:22 +01:00
|
|
|
if (ticket != realTicket) {
|
|
|
|
result->Set("error", "Invalid ticket.");
|
|
|
|
return result;
|
|
|
|
}
|
2014-10-16 12:27:09 +02:00
|
|
|
}
|
|
|
|
|
2015-08-04 14:47:44 +02:00
|
|
|
boost::shared_ptr<X509> cert = origin->FromClient->GetStream()->GetPeerCertificate();
|
2014-10-16 12:27:09 +02:00
|
|
|
|
|
|
|
EVP_PKEY *pubkey = X509_get_pubkey(cert.get());
|
|
|
|
X509_NAME *subject = X509_get_subject_name(cert.get());
|
|
|
|
|
2014-11-08 21:17:16 +01:00
|
|
|
boost::shared_ptr<X509> newcert = CreateCertIcingaCA(pubkey, subject);
|
2014-10-16 12:27:09 +02:00
|
|
|
result->Set("cert", CertificateToString(newcert));
|
|
|
|
|
|
|
|
String cacertfile = GetIcingaCADir() + "/ca.crt";
|
2014-11-08 21:17:16 +01:00
|
|
|
boost::shared_ptr<X509> cacert = GetX509Certificate(cacertfile);
|
2014-10-16 12:27:09 +02:00
|
|
|
result->Set("ca", CertificateToString(cacert));
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
2015-02-26 12:41:47 +01:00
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
void JsonRpcConnection::CheckLiveness(void)
|
2015-02-26 12:41:47 +01:00
|
|
|
{
|
2015-02-27 14:09:46 +01:00
|
|
|
if (m_Seen < Utility::GetTime() - 60 && (!m_Endpoint || !m_Endpoint->GetSyncing())) {
|
2015-06-22 11:11:21 +02:00
|
|
|
Log(LogInformation, "JsonRpcConnection")
|
2015-02-26 13:09:13 +01:00
|
|
|
<< "No messages for identity '" << m_Identity << "' have been received in the last 60 seconds.";
|
2015-02-27 20:18:20 +01:00
|
|
|
Disconnect();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
void JsonRpcConnection::TimeoutTimerHandler(void)
|
2015-02-27 20:18:20 +01:00
|
|
|
{
|
|
|
|
ApiListener::Ptr listener = ApiListener::GetInstance();
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
BOOST_FOREACH(const JsonRpcConnection::Ptr& client, listener->GetAnonymousClients()) {
|
2015-02-27 20:18:20 +01:00
|
|
|
client->CheckLiveness();
|
|
|
|
}
|
|
|
|
|
2015-08-15 20:28:05 +02:00
|
|
|
BOOST_FOREACH(const Endpoint::Ptr& endpoint, ConfigType::GetObjectsByType<Endpoint>()) {
|
2015-06-22 11:11:21 +02:00
|
|
|
BOOST_FOREACH(const JsonRpcConnection::Ptr& client, endpoint->GetClients()) {
|
2015-02-27 20:18:20 +01:00
|
|
|
client->CheckLiveness();
|
|
|
|
}
|
2015-02-26 13:09:13 +01:00
|
|
|
}
|
2015-02-26 12:41:47 +01:00
|
|
|
}
|
2015-09-22 17:58:12 +02:00
|
|
|
|