![[first]](../icons/first.png){kind=icon}
![[previous]](../icons/n_left.png){kind=icon}
![[next]](../icons/n_right.png){kind=icon}
![[last]](../icons/n_last.png){kind=icon}
![[top]](../icons/n_top.png){kind=icon}
![[bottom]](../icons/bottom.png){kind=icon}
![[index]](../icons/index.png){kind=icon}
![[help]](../icons/help.png){kind=icon}
*/
1 /*
2 * Copyright 2018-2023 the Pacemaker project contributors
3 *
4 * The version control history for this file may have further details.
5 *
6 * This source code is licensed under the GNU Lesser General Public License
7 * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
8 */
9
10 #ifndef CRMCOMMON_PRIVATE__H
11 # define CRMCOMMON_PRIVATE__H
12
13 /* This header is for the sole use of libcrmcommon, so that functions can be
14 * declared with G_GNUC_INTERNAL for efficiency.
15 */
16
17 #include <stdint.h> // uint8_t, uint32_t
18 #include <stdbool.h> // bool
19 #include <sys/types.h> // size_t
20 #include <glib.h> // GList
21 #include <libxml/tree.h> // xmlNode, xmlAttr
22 #include <qb/qbipcc.h> // struct qb_ipc_response_header
23
24 // Decent chunk size for processing large amounts of data
25 #define PCMK__BUFFER_SIZE 4096
26
27 #if defined(PCMK__UNIT_TESTING)
28 #undef G_GNUC_INTERNAL
29 #define G_GNUC_INTERNAL
30 #endif
31
32 /* When deleting portions of an XML tree, we keep a record so we can know later
33 * (e.g. when checking differences) that something was deleted.
34 */
35 typedef struct pcmk__deleted_xml_s {
36 char *path;
37 int position;
38 } pcmk__deleted_xml_t;
39
40 typedef struct xml_node_private_s {
41 long check;
42 uint32_t flags;
43 } xml_node_private_t;
44
45 typedef struct xml_doc_private_s {
46 long check;
47 uint32_t flags;
48 char *user;
49 GList *acls;
50 GList *deleted_objs; // List of pcmk__deleted_xml_t
51 } xml_doc_private_t;
52
53 #define pcmk__set_xml_flags(xml_priv, flags_to_set) do { \
54 (xml_priv)->flags = pcmk__set_flags_as(__func__, __LINE__, \
55 LOG_NEVER, "XML", "XML node", (xml_priv)->flags, \
56 (flags_to_set), #flags_to_set); \
57 } while (0)
58
59 #define pcmk__clear_xml_flags(xml_priv, flags_to_clear) do { \
60 (xml_priv)->flags = pcmk__clear_flags_as(__func__, __LINE__, \
61 LOG_NEVER, "XML", "XML node", (xml_priv)->flags, \
62 (flags_to_clear), #flags_to_clear); \
63 } while (0)
64
65 G_GNUC_INTERNAL
66 void pcmk__xml2text(xmlNodePtr data, uint32_t options, GString *buffer,
67 int depth);
68
69 G_GNUC_INTERNAL
70 bool pcmk__tracking_xml_changes(xmlNode *xml, bool lazy);
71
72 G_GNUC_INTERNAL
73 void pcmk__mark_xml_created(xmlNode *xml);
74
75 G_GNUC_INTERNAL
76 int pcmk__xml_position(const xmlNode *xml,
77 enum xml_private_flags ignore_if_set);
78
79 G_GNUC_INTERNAL
80 xmlNode *pcmk__xml_match(const xmlNode *haystack, const xmlNode *needle,
81 bool exact);
82
83 G_GNUC_INTERNAL
84 void pcmk__xml_update(xmlNode *parent, xmlNode *target, xmlNode *update,
85 bool as_diff);
86
87 G_GNUC_INTERNAL
88 xmlNode *pcmk__xc_match(const xmlNode *root, const xmlNode *search_comment,
89 bool exact);
90
91 G_GNUC_INTERNAL
92 void pcmk__xc_update(xmlNode *parent, xmlNode *target, xmlNode *update);
93
94 G_GNUC_INTERNAL
95 void pcmk__free_acls(GList *acls);
96
97 G_GNUC_INTERNAL
98 void pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user);
99
100 G_GNUC_INTERNAL
101 bool pcmk__is_user_in_group(const char *user, const char *group);
102
103 G_GNUC_INTERNAL
104 void pcmk__apply_acl(xmlNode *xml);
105
106 G_GNUC_INTERNAL
107 void pcmk__apply_creation_acl(xmlNode *xml, bool check_top);
108
109 G_GNUC_INTERNAL
110 void pcmk__mark_xml_attr_dirty(xmlAttr *a);
111
112 G_GNUC_INTERNAL
113 bool pcmk__xa_filterable(const char *name);
114
115 G_GNUC_INTERNAL
116 void pcmk__log_xmllib_err(void *ctx, const char *fmt, ...)
/* ![[first]](../icons/n_first.png)
![[top]](../icons/top.png)
*/
117 G_GNUC_PRINTF(2, 3);
118
119 static inline const char *
120 pcmk__xml_attr_value(const xmlAttr *attr)
121 {
122 return ((attr == NULL) || (attr->children == NULL))? NULL
123 : (const char *) attr->children->content;
124 }
125
126 /*
127 * IPC
128 */
129
130 #define PCMK__IPC_VERSION 1
131
132 #define PCMK__CONTROLD_API_MAJOR "1"
133 #define PCMK__CONTROLD_API_MINOR "0"
134
135 // IPC behavior that varies by daemon
136 typedef struct pcmk__ipc_methods_s {
137 /*!
138 * \internal
139 * \brief Allocate any private data needed by daemon IPC
140 *
141 * \param[in,out] api IPC API connection
142 *
143 * \return Standard Pacemaker return code
144 */
145 int (*new_data)(pcmk_ipc_api_t *api);
146
147 /*!
148 * \internal
149 * \brief Free any private data used by daemon IPC
150 *
151 * \param[in,out] api_data Data allocated by new_data() method
152 */
153 void (*free_data)(void *api_data);
154
155 /*!
156 * \internal
157 * \brief Perform daemon-specific handling after successful connection
158 *
159 * Some daemons require clients to register before sending any other
160 * commands. The controller requires a CRM_OP_HELLO (with no reply), and
161 * the CIB manager, executor, and fencer require a CRM_OP_REGISTER (with a
162 * reply). Ideally this would be consistent across all daemons, but for now
163 * this allows each to do its own authorization.
164 *
165 * \param[in,out] api IPC API connection
166 *
167 * \return Standard Pacemaker return code
168 */
169 int (*post_connect)(pcmk_ipc_api_t *api);
170
171 /*!
172 * \internal
173 * \brief Check whether an IPC request results in a reply
174 *
175 * \param[in,out] api IPC API connection
176 * \param[in,out] request IPC request XML
177 *
178 * \return true if request would result in an IPC reply, false otherwise
179 */
180 bool (*reply_expected)(pcmk_ipc_api_t *api, xmlNode *request);
181
182 /*!
183 * \internal
184 * \brief Perform daemon-specific handling of an IPC message
185 *
186 * \param[in,out] api IPC API connection
187 * \param[in,out] msg Message read from IPC connection
188 *
189 * \return true if more IPC reply messages should be expected
190 */
191 bool (*dispatch)(pcmk_ipc_api_t *api, xmlNode *msg);
192
193 /*!
194 * \internal
195 * \brief Perform daemon-specific handling of an IPC disconnect
196 *
197 * \param[in,out] api IPC API connection
198 */
199 void (*post_disconnect)(pcmk_ipc_api_t *api);
200 } pcmk__ipc_methods_t;
201
202 // Implementation of pcmk_ipc_api_t
203 struct pcmk_ipc_api_s {
204 enum pcmk_ipc_server server; // Daemon this IPC API instance is for
205 enum pcmk_ipc_dispatch dispatch_type; // How replies should be dispatched
206 size_t ipc_size_max; // maximum IPC buffer size
207 crm_ipc_t *ipc; // IPC connection
208 mainloop_io_t *mainloop_io; // If using mainloop, I/O source for IPC
209 bool free_on_disconnect; // Whether disconnect should free object
210 pcmk_ipc_callback_t cb; // Caller-registered callback (if any)
211 void *user_data; // Caller-registered data (if any)
212 void *api_data; // For daemon-specific use
213 pcmk__ipc_methods_t *cmds; // Behavior that varies by daemon
214 };
215
216 typedef struct pcmk__ipc_header_s {
217 struct qb_ipc_response_header qb;
218 uint32_t size_uncompressed;
219 uint32_t size_compressed;
220 uint32_t flags;
221 uint8_t version;
222 } pcmk__ipc_header_t;
223
224 G_GNUC_INTERNAL
225 int pcmk__send_ipc_request(pcmk_ipc_api_t *api, xmlNode *request);
226
227 G_GNUC_INTERNAL
228 void pcmk__call_ipc_callback(pcmk_ipc_api_t *api,
229 enum pcmk_ipc_event event_type,
230 crm_exit_t status, void *event_data);
231
232 G_GNUC_INTERNAL
233 unsigned int pcmk__ipc_buffer_size(unsigned int max);
234
235 G_GNUC_INTERNAL
236 bool pcmk__valid_ipc_header(const pcmk__ipc_header_t *header);
237
238 G_GNUC_INTERNAL
239 pcmk__ipc_methods_t *pcmk__attrd_api_methods(void);
240
241 G_GNUC_INTERNAL
242 pcmk__ipc_methods_t *pcmk__controld_api_methods(void);
243
244 G_GNUC_INTERNAL
245 pcmk__ipc_methods_t *pcmk__pacemakerd_api_methods(void);
246
247 G_GNUC_INTERNAL
248 pcmk__ipc_methods_t *pcmk__schedulerd_api_methods(void);
249
250
251 /*
252 * Logging
253 */
254
255 //! XML is newly created
256 #define PCMK__XML_PREFIX_CREATED "++"
257
258 //! XML has been deleted
259 #define PCMK__XML_PREFIX_DELETED "--"
260
261 //! XML has been modified
262 #define PCMK__XML_PREFIX_MODIFIED "+ "
263
264 //! XML has been moved
265 #define PCMK__XML_PREFIX_MOVED "+~"
266
267 /*!
268 * \brief Check the authenticity of the IPC socket peer process
269 *
270 * If everything goes well, peer's authenticity is verified by the means
271 * of comparing against provided referential UID and GID (either satisfies),
272 * and the result of this check can be deduced from the return value.
273 * As an exception, detected UID of 0 ("root") satisfies arbitrary
274 * provided referential daemon's credentials.
275 *
276 * \param[in] qb_ipc libqb client connection if available
277 * \param[in] sock IPC related, connected Unix socket to check peer of
278 * \param[in] refuid referential UID to check against
279 * \param[in] refgid referential GID to check against
280 * \param[out] gotpid to optionally store obtained PID of the peer
281 * (not available on FreeBSD, special value of 1
282 * used instead, and the caller is required to
283 * special case this value respectively)
284 * \param[out] gotuid to optionally store obtained UID of the peer
285 * \param[out] gotgid to optionally store obtained GID of the peer
286 *
287 * \return Standard Pacemaker return code
288 * ie: 0 if it the connection is authentic
289 * pcmk_rc_ipc_unauthorized if the connection is not authentic,
290 * standard errors.
291 *
292 * \note While this function is tolerant on what constitutes authorized
293 * IPC daemon process (its effective user matches UID=0 or \p refuid,
294 * or at least its group matches \p refgid), either or both (in case
295 * of UID=0) mismatches on the expected credentials of such peer
296 * process \e shall be investigated at the caller when value of 1
297 * gets returned there, since higher-than-expected privileges in
298 * respect to the expected/intended credentials possibly violate
299 * the least privilege principle and may pose an additional risk
300 * (i.e. such accidental inconsistency shall be eventually fixed).
301 */
302 int pcmk__crm_ipc_is_authentic_process(qb_ipcc_connection_t *qb_ipc, int sock,
303 uid_t refuid, gid_t refgid,
304 pid_t *gotpid, uid_t *gotuid,
305 gid_t *gotgid);
306
307
308 /*
309 * Output
310 */
311 G_GNUC_INTERNAL
312 int pcmk__bare_output_new(pcmk__output_t **out, const char *fmt_name,
313 const char *filename, char **argv);
314
315 G_GNUC_INTERNAL
316 void pcmk__register_patchset_messages(pcmk__output_t *out);
317
318
319 /*
320 * Utils
321 */
322 #define PCMK__PW_BUFFER_LEN 500
323
324
325 #endif // CRMCOMMON_PRIVATE__H
![[last]](../icons/last.png){kind=icon}
![[bottom]](../icons/n_bottom.png){kind=icon}
*/