12 #if defined(US_AUTH_PEERCRED_UCRED) || defined(US_AUTH_PEERCRED_SOCKPEERCRED) 13 # ifdef US_AUTH_PEERCRED_UCRED 18 # include <sys/socket.h> 19 #elif defined(US_AUTH_GETPEERUCRED) 24 #include <sys/types.h> 58 (*api)->server = server;
73 (*api)->ipc_size_max = 512 * 1024;
93 (*api)->ipc_size_max = 5 * 1024 * 1024;
96 if ((*api)->cmds == NULL) {
103 (*api)->ipc_size_max);
104 if ((*api)->ipc == NULL) {
111 if ((*api)->cmds->new_data != NULL) {
112 if ((*api)->cmds->new_data(*api) !=
pcmk_rc_ok) {
125 if ((api != NULL) && (api->
cmds != NULL)) {
148 if ((api != NULL) && (api->
cb != NULL)) {
149 api->
cb(api, event_type, status, event_data, api->
user_data);
162 ipc_post_disconnect(gpointer user_data)
189 free_daemon_specific_data(api);
190 crm_trace(
"Freeing IPC API object after disconnect");
203 bool free_on_disconnect =
false;
210 if (api->
ipc != NULL) {
225 if (!free_on_disconnect) {
226 free_daemon_specific_data(api);
245 return for_log?
"Pacemaker" : NULL;
249 return for_log?
"attribute manager" : NULL ;
252 return for_log?
"CIB manager" : NULL ;
258 return for_log?
"executor" : NULL ;
261 return for_log?
"fencer" : NULL ;
270 return for_log?
"Pacemaker" : NULL;
329 if (buffer == NULL) {
330 crm_warn(
"Empty message received from %s IPC",
337 crm_warn(
"Malformed message received from %s IPC",
342 more = call_api_dispatch(api, msg);
365 dispatch_ipc_source_data(
const char *buffer, ssize_t length, gpointer user_data)
370 dispatch_ipc_data(buffer, api);
396 struct pollfd pollfd = { 0, };
402 pollfd.events = POLLIN;
403 rc = poll(&pollfd, 1, timeout_ms);
406 }
else if (rc == 0) {
442 .
dispatch = dispatch_ipc_source_data,
443 .destroy = ipc_post_disconnect,
451 crm_debug(
"Connected to %s IPC (attached to main loop)",
470 crm_debug(
"Connected to %s IPC (without main loop)",
489 crm_err(
"Cannot connect to uninitialized API object");
493 if (api->
ipc == NULL) {
496 if (api->
ipc == NULL) {
497 crm_err(
"Failed to re-create IPC API");
508 switch (dispatch_type) {
510 rc = connect_with_main_loop(api);
515 rc = connect_without_main_loop(api);
545 if ((api == NULL) || (api->
ipc == NULL)) {
574 ipc_post_disconnect(api);
619 xmlNode *reply = NULL;
622 if ((api == NULL) || (api->
ipc == NULL) || (request == NULL)) {
629 && (api->
cmds != NULL)
640 }
else if (rc == 0) {
646 bool more = call_api_dispatch(api, reply);
655 }
else if (rc == -ENOMSG || rc ==
pcmk_ok) {
665 }
else if (rc == EINPROGRESS) {
698 create_purge_node_request(
pcmk_ipc_api_t *api,
const char *node_name,
701 xmlNode *request = NULL;
750 xmlNode *request = NULL;
755 if ((node_name == NULL) && (nodeid == 0)) {
759 request = create_purge_node_request(api, node_name, nodeid);
760 if (request == NULL) {
766 crm_debug(
"%s peer cache purge of node %s[%lu]: rc=%d",
767 pcmk_ipc_name(api,
true), node_name, (
unsigned long) nodeid, rc);
777 unsigned int max_buf_size;
778 unsigned int buf_size;
783 qb_ipcc_connection_t *ipc;
805 if (client == NULL) {
810 client->server_name = strdup(
name);
811 if (client->server_name == NULL) {
812 crm_err(
"Could not create %s IPC connection: %s",
818 client->buffer = malloc(client->buf_size);
819 if (client->buffer == NULL) {
820 crm_err(
"Could not create %s IPC connection: %s",
822 free(client->server_name);
828 client->max_buf_size = client->buf_size;
831 client->pfd.events = POLLIN;
832 client->pfd.revents = 0;
851 pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
854 client->need_reply = FALSE;
855 client->ipc = qb_ipcc_connect(client->server_name, client->buf_size);
857 if (client->ipc == NULL) {
858 crm_debug(
"Could not establish %s IPC connection: %s (%d)",
864 if (client->pfd.fd < 0) {
881 &found_pid, &found_uid,
883 crm_err(
"%s IPC provider authentication failed: process %lld has " 884 "uid %lld (expected %lld) and gid %lld (expected %lld)",
887 (
long long) found_uid, (
long long) cl_uid,
888 (
long long) found_gid, (
long long) cl_gid);
890 errno = ECONNABORTED;
894 crm_perror(LOG_ERR,
"Could not verify authenticity of %s IPC provider",
895 client->server_name);
905 qb_ipcc_context_set(client->ipc, client);
907 client->max_buf_size = qb_ipcc_get_buffer_size(client->ipc);
908 if (client->max_buf_size > client->buf_size) {
909 free(client->buffer);
910 client->buffer = calloc(1, client->max_buf_size);
911 client->buf_size = client->max_buf_size;
921 qb_ipcc_connection_t *ipc = client->ipc;
924 qb_ipcc_disconnect(ipc);
933 if (client->ipc && qb_ipcc_is_connected(client->ipc)) {
934 crm_notice(
"Destroying active %s IPC connection",
935 client->server_name);
946 crm_trace(
"Destroying inactive %s IPC connection",
947 client->server_name);
949 free(client->buffer);
950 free(client->server_name);
960 if (client && client->ipc && (qb_ipcc_fd_get(client->ipc, &fd) == 0)) {
964 crm_perror(LOG_ERR,
"Could not obtain file descriptor for %s IPC",
965 (client? client->server_name :
"unspecified"));
974 if (client == NULL) {
978 }
else if (client->ipc == NULL) {
982 }
else if (client->pfd.fd < 0) {
987 rc = qb_ipcc_is_connected(client->ipc);
989 client->pfd.fd = -EINVAL;
1012 client->pfd.revents = 0;
1013 rc = poll(&(client->pfd), 1, 0);
1014 return (rc < 0)? -errno : rc;
1027 unsigned int new_buf_size = QB_MAX((
sizeof(
pcmk__ipc_header_t) + size_u), client->max_buf_size);
1028 char *uncompressed = calloc(1, new_buf_size);
1030 crm_trace(
"Decompressing message data %u bytes into %u bytes",
1056 free(client->buffer);
1057 client->buf_size = new_buf_size;
1058 client->buffer = uncompressed;
1074 client->buffer[0] = 0;
1075 client->msg_size = qb_ipcc_event_recv(client->ipc, client->buffer,
1076 client->buf_size, 0);
1077 if (client->msg_size >= 0) {
1078 int rc = crm_ipc_decompress(client);
1089 crm_trace(
"Received %s IPC event %d size=%u rc=%d text='%.100s'",
1090 client->server_name, header->
qb.id, header->
qb.size,
1095 crm_trace(
"No message received from %s IPC: %s",
1098 if (client->msg_size == -EAGAIN) {
1104 crm_err(
"Connection to %s IPC failed", client->server_name);
1127 if (client->buffer == NULL) {
1132 return header->
flags;
1139 return client->server_name;
1144 internal_ipc_get_reply(
crm_ipc_t *client,
int request_id,
int ms_timeout,
1147 time_t
timeout = time(NULL) + 1 + (ms_timeout / 1000);
1151 crm_trace(
"Waiting on reply to %s IPC message %d",
1152 client->server_name, request_id);
1155 *bytes = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, 1000);
1159 rc = crm_ipc_decompress(client);
1165 if (hdr->
qb.id == request_id) {
1168 }
else if (hdr->
qb.id < request_id) {
1171 crm_err(
"Discarding old reply %d (need %d)", hdr->
qb.id, request_id);
1177 crm_err(
"Discarding newer reply %d (need %d)", hdr->
qb.id, request_id);
1182 crm_err(
"%s IPC provider disconnected while waiting for message %d",
1183 client->server_name, request_id);
1187 }
while (time(NULL) <
timeout);
1216 static uint32_t
id = 0;
1217 static int factor = 8;
1220 if (client == NULL) {
1221 crm_notice(
"Can't send IPC request without connection (bug?): %.100s",
1227 crm_notice(
"Can't send %s IPC requests: Connection closed",
1228 client->server_name);
1232 if (ms_timeout == 0) {
1236 if (client->need_reply) {
1237 qb_rc = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, ms_timeout);
1239 crm_warn(
"Sending %s IPC disabled until pending reply received",
1240 client->server_name);
1244 crm_notice(
"Sending %s IPC re-enabled after pending reply received",
1245 client->server_name);
1246 client->need_reply = FALSE;
1259 header = iov[0].iov_base;
1268 if(factor < 10 && (client->max_buf_size / 10) < (bytes / factor)) {
1269 crm_notice(
"Compressed message exceeds %d0%% of configured IPC " 1270 "limit (%u bytes); consider setting PCMK_ipc_buffer to " 1272 factor, client->max_buf_size, 2 * client->max_buf_size);
1277 crm_trace(
"Sending %s IPC request %d of %u bytes using %dms timeout",
1278 client->server_name, header->
qb.id, header->
qb.size, ms_timeout);
1282 time_t
timeout = time(NULL) + 1 + (ms_timeout / 1000);
1292 qb_rc = qb_ipcc_sendv(client->ipc, iov, 2);
1293 }
while ((qb_rc == -EAGAIN) && (time(NULL) <
timeout));
1300 crm_trace(
"Not waiting for reply to %s IPC request %d",
1301 client->server_name, header->
qb.id);
1305 rc = internal_ipc_get_reply(client, header->
qb.id, ms_timeout, &bytes);
1313 client->need_reply = TRUE;
1320 qb_rc = qb_ipcc_sendv_recv(client->ipc, iov, 2, client->buffer,
1321 client->buf_size, -1);
1329 crm_trace(
"Received %d-byte reply %d to %s IPC %d: %.100s",
1330 rc, hdr->
qb.id, client->server_name, header->
qb.id,
1338 crm_trace(
"No reply to %s IPC %d: rc=%d",
1339 client->server_name, header->
qb.id, rc);
1344 crm_notice(
"Couldn't send %s IPC request %d: Connection closed " 1345 CRM_XS " rc=%d", client->server_name, header->
qb.id, rc);
1347 }
else if (rc == -ETIMEDOUT) {
1348 crm_warn(
"%s IPC request %d failed: %s after %dms " CRM_XS " rc=%d",
1353 }
else if (rc <= 0) {
1355 client->server_name, header->
qb.id,
1365 pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1368 pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
1369 #if defined(US_AUTH_PEERCRED_UCRED) 1371 socklen_t ucred_len =
sizeof(ucred);
1374 #ifdef HAVE_QB_IPCC_AUTH_GET 1375 if (qb_ipc && !qb_ipcc_auth_get(qb_ipc, &found_pid, &found_uid, &found_gid)) {
1380 #if defined(US_AUTH_PEERCRED_UCRED) 1381 if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED,
1383 && ucred_len ==
sizeof(ucred)) {
1384 found_pid = ucred.pid; found_uid = ucred.uid; found_gid = ucred.gid;
1386 #elif defined(US_AUTH_PEERCRED_SOCKPEERCRED) 1387 struct sockpeercred sockpeercred;
1388 socklen_t sockpeercred_len =
sizeof(sockpeercred);
1390 if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED,
1391 &sockpeercred, &sockpeercred_len)
1392 && sockpeercred_len ==
sizeof(sockpeercred_len)) {
1393 found_pid = sockpeercred.pid;
1394 found_uid = sockpeercred.uid; found_gid = sockpeercred.gid;
1396 #elif defined(US_AUTH_GETPEEREID) 1397 if (!getpeereid(sock, &found_uid, &found_gid)) {
1400 #elif defined(US_AUTH_GETPEERUCRED) 1402 if (!getpeerucred(sock, &ucred)) {
1404 found_pid = ucred_getpid(ucred);
1405 found_uid = ucred_geteuid(ucred); found_gid = ucred_getegid(ucred);
1413 # error "No way to authenticate a Unix socket peer" 1417 #ifdef HAVE_QB_IPCC_AUTH_GET 1420 if (gotpid != NULL) {
1421 *gotpid = found_pid;
1423 if (gotuid != NULL) {
1424 *gotuid = found_uid;
1426 if (gotgid != NULL) {
1427 *gotgid = found_gid;
1429 if (found_uid == 0 || found_uid == refuid || found_gid == refgid) {
1442 pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1445 gotpid, gotuid, gotgid);
1459 gid_t refgid, pid_t *gotpid)
1461 static char last_asked_name[PATH_MAX / 2] =
"";
1466 pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
1467 qb_ipcc_connection_t *c;
1468 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC 1469 struct pollfd pollfd = { 0, };
1472 c = qb_ipcc_connect_async(
name, 0,
1475 c = qb_ipcc_connect(
name, 0);
1482 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC 1483 pollfd.events = POLLIN;
1485 poll_rc = poll(&pollfd, 1, 2000);
1486 }
while ((poll_rc == -1) && (errno == EINTR));
1487 if ((poll_rc <= 0) || (qb_ipcc_connect_continue(c) != 0)) {
1489 (poll_rc == 0)?
"timeout":
strerror(errno));
1498 qb_rc = qb_ipcc_fd_get(c, &fd);
1501 crm_err(
"Could not get fd from %s IPC: %s " CRM_XS " rc=%d",
1507 &found_uid, &found_gid);
1509 crm_err(
"Daemon (IPC %s) effectively blocked with unauthorized" 1510 " process %lld (uid: %lld, gid: %lld)",
1512 (
long long) found_uid, (
long long) found_gid);
1519 crm_err(
"Could not get peer credentials from %s IPC: %s " 1524 if (gotpid != NULL) {
1525 *gotpid = found_pid;
1529 if ((found_uid != refuid || found_gid != refgid)
1530 && strncmp(last_asked_name,
name,
sizeof(last_asked_name))) {
1531 if ((found_uid == 0) && (refuid != 0)) {
1532 crm_warn(
"Daemon (IPC %s) runs as root, whereas the expected" 1533 " credentials are %lld:%lld, hazard of violating" 1534 " the least privilege principle",
1535 name, (
long long) refuid, (
long long) refgid);
1537 crm_notice(
"Daemon (IPC %s) runs as %lld:%lld, whereas the" 1538 " expected credentials are %lld:%lld, which may" 1539 " mean a different set of privileges than expected",
1540 name, (
long long) found_uid, (
long long) found_gid,
1541 (
long long) refuid, (
long long) refgid);
1543 memccpy(last_asked_name,
name,
'\0',
sizeof(last_asked_name));
1548 qb_ipcc_disconnect(c);
#define CRM_CHECK(expr, failure_action)
int pcmk__ipc_prepare_iov(uint32_t request, xmlNode *message, uint32_t max_send_size, struct iovec **result, ssize_t *bytes)
void crm_write_blackbox(int nsig, struct qb_log_callsite *callsite)
#define crm_notice(fmt, args...)
const char * pcmk_strerror(int rc)
const char * bz2_strerror(int rc)
enum pcmk_ipc_dispatch dispatch_type
#define PCMK__ATTRD_CMD_PEER_REMOVE
int pcmk_rc2legacy(int rc)
int pcmk_poll_ipc(pcmk_ipc_api_t *api, int timeout_ms)
Check whether an IPC connection has data available (without main loop)
long crm_ipc_read(crm_ipc_t *client)
void pcmk_free_ipc_api(pcmk_ipc_api_t *api)
Free the contents of an IPC API object.
G_GNUC_INTERNAL pcmk__ipc_methods_t * pcmk__schedulerd_api_methods(void)
G_GNUC_INTERNAL pcmk__ipc_methods_t * pcmk__pacemakerd_api_methods(void)
const char * crm_ipc_buffer(crm_ipc_t *client)
const char * crm_xml_add_int(xmlNode *node, const char *name, int value)
Create an XML attribute with specified name and integer value.
int pcmk_ipc_purge_node(pcmk_ipc_api_t *api, const char *node_name, uint32_t nodeid)
Ask a Pacemaker daemon to purge a node from its peer cache.
struct mainloop_io_s mainloop_io_t
#define PCMK__SPECIAL_PID_AS_0(p)
const char * crm_xml_add(xmlNode *node, const char *name, const char *value)
Create an XML attribute with specified name and value.
#define PCMK__XA_ATTR_NODE_ID
int pcmk_new_ipc_api(pcmk_ipc_api_t **api, enum pcmk_ipc_server server)
Create a new object for using Pacemaker daemon IPC.
#define PCMK__SPECIAL_PID
enum crm_exit_e crm_exit_t
void crm_ipc_destroy(crm_ipc_t *client)
#define CRM_LOG_ASSERT(expr)
int pcmk__send_ipc_request(pcmk_ipc_api_t *api, xmlNode *request)
int pcmk_daemon_user(uid_t *uid, gid_t *gid)
Get user and group IDs of pacemaker daemon user.
struct pcmk__ipc_header_s pcmk__ipc_header_t
const char * pcmk_rc_str(int rc)
Get a user-friendly description of a return code.
char * strerror(int errnum)
int crm_ipc_get_fd(crm_ipc_t *client)
xmlNode * string2xml(const char *input)
int pcmk__ipc_is_authentic_process_active(const char *name, uid_t refuid, gid_t refgid, pid_t *gotpid)
Caller will poll and dispatch IPC.
#define crm_warn(fmt, args...)
pcmk_ipc_server
Available IPC interfaces.
#define crm_debug(fmt, args...)
bool crm_ipc_connect(crm_ipc_t *client)
Establish an IPC connection to a Pacemaker component.
crm_ipc_t * crm_ipc_new(const char *name, size_t max_size)
Create a new (legacy) object for using Pacemaker daemon IPC.
struct crm_ipc_s crm_ipc_t
void pcmk_register_ipc_callback(pcmk_ipc_api_t *api, pcmk_ipc_callback_t cb, void *user_data)
Register a callback for IPC API events.
const char * pcmk_ipc_name(pcmk_ipc_api_t *api, bool for_log)
Get the IPC name used with an IPC API connection.
#define crm_trace(fmt, args...)
#define pcmk_is_set(g, f)
Convenience alias for pcmk_all_flags_set(), to check single flag.
void crm_xml_set_id(xmlNode *xml, const char *format,...) G_GNUC_PRINTF(2
void pcmk__call_ipc_callback(pcmk_ipc_api_t *api, enum pcmk_ipc_event event_type, crm_exit_t status, void *event_data)
uint32_t crm_ipc_buffer_flags(crm_ipc_t *client)
#define CRM_SYSTEM_PENGINE
#define pcmk__clear_ipc_flags(ipc_flags, ipc_name, flags_to_clear)
void pcmk_disconnect_ipc(pcmk_ipc_api_t *api)
Disconnect an IPC API instance.
G_GNUC_INTERNAL bool pcmk__valid_ipc_header(const pcmk__ipc_header_t *header)
xmlNode * create_xml_node(xmlNode *parent, const char *name)
void crm_ipc_close(crm_ipc_t *client)
void mainloop_del_ipc_client(mainloop_io_t *client)
int crm_ipc_send(crm_ipc_t *client, xmlNode *message, enum crm_ipc_flags flags, int32_t ms_timeout, xmlNode **reply)
Send an IPC XML message.
int pcmk_legacy2rc(int legacy_rc)
void free_xml(xmlNode *child)
void pcmk_free_ipc_event(struct iovec *event)
Free an I/O vector created by pcmk__ipc_prepare_iov()
void(* pcmk_ipc_callback_t)(pcmk_ipc_api_t *api, enum pcmk_ipc_event event_type, crm_exit_t status, void *event_data, void *user_data)
Callback function type for Pacemaker daemon IPC APIs.
int pcmk__crm_ipc_is_authentic_process(qb_ipcc_connection_t *qb_ipc, int sock, uid_t refuid, gid_t refgid, pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
Check the authenticity of the IPC socket peer process.
int(* post_connect)(pcmk_ipc_api_t *api)
G_GNUC_INTERNAL unsigned int pcmk__ipc_buffer_size(unsigned int max)
#define CRM_OP_RM_NODE_CACHE
pcmk_ipc_dispatch
How IPC replies should be dispatched.
pcmk_ipc_event
Possible event types that an IPC event callback can be called for.
bool crm_ipc_connected(crm_ipc_t *client)
#define PCMK__XA_ATTR_NODE_NAME
Attach IPC to GMainLoop for dispatch.
Termination of IPC connection.
mainloop_io_t * mainloop_io
#define crm_perror(level, fmt, args...)
Send a system error message to both the log and stderr.
bool(* dispatch)(pcmk_ipc_api_t *api, xmlNode *msg)
#define pcmk__set_ipc_flags(ipc_flags, ipc_name, flags_to_set)
#define crm_err(fmt, args...)
Sending a command will wait for any reply.
void pcmk_dispatch_ipc(pcmk_ipc_api_t *api)
Dispatch available messages on an IPC connection (without main loop)
#define crm_log_xml_notice(xml, text)
Lost connection to something.
int crm_ipc_ready(crm_ipc_t *client)
Check whether an IPC connection is ready to be read.
void(* free_data)(void *api_data)
bool(* reply_expected)(pcmk_ipc_api_t *api, xmlNode *request)
bool pcmk_ipc_is_connected(pcmk_ipc_api_t *api)
Check whether an IPC API connection is active.
IPC interface to Pacemaker daemons.
int pcmk_connect_ipc(pcmk_ipc_api_t *api, enum pcmk_ipc_dispatch dispatch_type)
Connect to a Pacemaker daemon via IPC.
#define crm_log_xml_trace(xml, text)
G_GNUC_INTERNAL pcmk__ipc_methods_t * pcmk__controld_api_methods(void)
pcmk__ipc_methods_t * cmds
void(* post_disconnect)(pcmk_ipc_api_t *api)
int pcmk__add_mainloop_ipc(crm_ipc_t *ipc, int priority, void *userdata, struct ipc_client_callbacks *callbacks, mainloop_io_t **source)
Connect to IPC and add it as a main loop source.
enum pcmk_ipc_server server
#define create_request(task, xml_data, host_to, sys_to, sys_from, uuid_from)
#define crm_info(fmt, args...)
int(* dispatch)(const char *buffer, ssize_t length, gpointer userdata)
Dispatch function for an IPC connection used as mainloop source.
int crm_ipc_is_authentic_process(int sock, uid_t refuid, gid_t refgid, pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
Check the authenticity of the IPC socket peer process (legacy)
const char * crm_ipc_name(crm_ipc_t *client)
