|
| xmlNode * | create_reply_adv (xmlNode *request, xmlNode *xml_response_data, const char *origin) |
| |
| xmlNode * | create_request_adv (const char *task, xmlNode *xml_data, const char *host_to, const char *sys_to, const char *sys_from, const char *uuid_from, const char *origin) |
| |
| crm_ipc_t * | crm_ipc_new (const char *name, size_t max_size) |
| |
| bool | crm_ipc_connect (crm_ipc_t *client) |
| | Establish an IPC connection to a Pacemaker component. More...
|
| |
| void | crm_ipc_close (crm_ipc_t *client) |
| |
| void | crm_ipc_destroy (crm_ipc_t *client) |
| |
| void | pcmk_free_ipc_event (struct iovec *event) |
| | Free an I/O vector created by pcmk__ipc_prepare_iov() More...
|
| |
| int | crm_ipc_send (crm_ipc_t *client, xmlNode *message, enum crm_ipc_flags flags, int32_t ms_timeout, xmlNode **reply) |
| | Send an IPC XML message. More...
|
| |
| int | crm_ipc_get_fd (crm_ipc_t *client) |
| |
| bool | crm_ipc_connected (crm_ipc_t *client) |
| |
| int | crm_ipc_ready (crm_ipc_t *client) |
| | Check whether an IPC connection is ready to be read. More...
|
| |
| long | crm_ipc_read (crm_ipc_t *client) |
| |
| const char * | crm_ipc_buffer (crm_ipc_t *client) |
| |
| uint32_t | crm_ipc_buffer_flags (crm_ipc_t *client) |
| |
| const char * | crm_ipc_name (crm_ipc_t *client) |
| |
| unsigned int | crm_ipc_default_buffer_size (void) |
| |
| int | crm_ipc_is_authentic_process (int sock, uid_t refuid, gid_t refgid, pid_t *gotpid, uid_t *gotuid, gid_t *gotgid) |
| | Check the authenticity of the IPC socket peer process. More...
|
| |
| xmlNode * | create_hello_message (const char *uuid, const char *client_name, const char *major_version, const char *minor_version) |
| |
Wrappers for and extensions to libqb IPC.
Definition in file ipc.h.
| int crm_ipc_is_authentic_process |
( |
int |
sock, |
|
|
uid_t |
refuid, |
|
|
gid_t |
refgid, |
|
|
pid_t * |
gotpid, |
|
|
uid_t * |
gotuid, |
|
|
gid_t * |
gotgid |
|
) |
| |
Check the authenticity of the IPC socket peer process.
If everything goes well, peer's authenticity is verified by the means of comparing against provided referential UID and GID (either satisfies), and the result of this check can be deduced from the return value. As an exception, detected UID of 0 ("root") satisfies arbitrary provided referential daemon's credentials.
- Parameters
-
| [in] | sock | IPC related, connected Unix socket to check peer of |
| [in] | refuid | referential UID to check against |
| [in] | refgid | referential GID to check against |
| [out] | gotpid | to optionally store obtained PID of the peer (not available on FreeBSD, special value of 1 used instead, and the caller is required to special case this value respectively) |
| [out] | gotuid | to optionally store obtained UID of the peer |
| [out] | gotgid | to optionally store obtained GID of the peer |
- Returns
- 0 if IPC related socket's peer is not authentic given the referential credentials (see above), 1 if it is, negative value on error (generally expressing -errno unless it was zero even on nonhappy path, -pcmk_err_generic is returned then; no message is directly emitted)
- Note
- While this function is tolerant on what constitutes authorized IPC daemon process (its effective user matches UID=0 or
refuid, or at least its group matches refgid), either or both (in case of UID=0) mismatches on the expected credentials of such peer process shall be investigated at the caller when value of 1 gets returned there, since higher-than-expected privileges in respect to the expected/intended credentials possibly violate the least privilege principle and may pose an additional risk (i.e. such accidental inconsistency shall be eventually fixed).
Definition at line 1672 of file ipc.c.
1.8.5