|
G_GNUC_INTERNAL void | pcmk__xml2text (xmlNodePtr data, int options, GString *buffer, int depth) |
|
G_GNUC_INTERNAL bool | pcmk__tracking_xml_changes (xmlNode *xml, bool lazy) |
|
G_GNUC_INTERNAL void | pcmk__mark_xml_created (xmlNode *xml) |
|
G_GNUC_INTERNAL int | pcmk__xml_position (const xmlNode *xml, enum xml_private_flags ignore_if_set) |
|
G_GNUC_INTERNAL xmlNode * | pcmk__xml_match (const xmlNode *haystack, const xmlNode *needle, bool exact) |
|
G_GNUC_INTERNAL void | pcmk__xml_log (int log_level, const char *file, const char *function, int line, const char *prefix, const xmlNode *data, int depth, int options) |
|
G_GNUC_INTERNAL void | pcmk__xml_update (xmlNode *parent, xmlNode *target, xmlNode *update, bool as_diff) |
|
G_GNUC_INTERNAL xmlNode * | pcmk__xc_match (const xmlNode *root, const xmlNode *search_comment, bool exact) |
|
G_GNUC_INTERNAL void | pcmk__xc_update (xmlNode *parent, xmlNode *target, xmlNode *update) |
|
G_GNUC_INTERNAL void | pcmk__free_acls (GList *acls) |
|
G_GNUC_INTERNAL void | pcmk__unpack_acl (xmlNode *source, xmlNode *target, const char *user) |
|
G_GNUC_INTERNAL bool | pcmk__is_user_in_group (const char *user, const char *group) |
|
G_GNUC_INTERNAL void | pcmk__apply_acl (xmlNode *xml) |
|
G_GNUC_INTERNAL void | pcmk__apply_creation_acl (xmlNode *xml, bool check_top) |
|
G_GNUC_INTERNAL void | pcmk__mark_xml_attr_dirty (xmlAttr *a) |
|
G_GNUC_INTERNAL bool | pcmk__xa_filterable (const char *name) |
|
G_GNUC_INTERNAL int | pcmk__send_ipc_request (pcmk_ipc_api_t *api, xmlNode *request) |
|
G_GNUC_INTERNAL void | pcmk__call_ipc_callback (pcmk_ipc_api_t *api, enum pcmk_ipc_event event_type, crm_exit_t status, void *event_data) |
|
G_GNUC_INTERNAL unsigned int | pcmk__ipc_buffer_size (unsigned int max) |
|
G_GNUC_INTERNAL bool | pcmk__valid_ipc_header (const pcmk__ipc_header_t *header) |
|
G_GNUC_INTERNAL pcmk__ipc_methods_t * | pcmk__attrd_api_methods (void) |
|
G_GNUC_INTERNAL pcmk__ipc_methods_t * | pcmk__controld_api_methods (void) |
|
G_GNUC_INTERNAL pcmk__ipc_methods_t * | pcmk__pacemakerd_api_methods (void) |
|
G_GNUC_INTERNAL pcmk__ipc_methods_t * | pcmk__schedulerd_api_methods (void) |
|
int | pcmk__crm_ipc_is_authentic_process (qb_ipcc_connection_t *qb_ipc, int sock, uid_t refuid, gid_t refgid, pid_t *gotpid, uid_t *gotuid, gid_t *gotgid) |
| Check the authenticity of the IPC socket peer process. More...
|
|
int pcmk__crm_ipc_is_authentic_process |
( |
qb_ipcc_connection_t * |
qb_ipc, |
|
|
int |
sock, |
|
|
uid_t |
refuid, |
|
|
gid_t |
refgid, |
|
|
pid_t * |
gotpid, |
|
|
uid_t * |
gotuid, |
|
|
gid_t * |
gotgid |
|
) |
| |
Check the authenticity of the IPC socket peer process.
If everything goes well, peer's authenticity is verified by the means of comparing against provided referential UID and GID (either satisfies), and the result of this check can be deduced from the return value. As an exception, detected UID of 0 ("root") satisfies arbitrary provided referential daemon's credentials.
- Parameters
-
[in] | qb_ipc | libqb client connection if available |
[in] | sock | IPC related, connected Unix socket to check peer of |
[in] | refuid | referential UID to check against |
[in] | refgid | referential GID to check against |
[out] | gotpid | to optionally store obtained PID of the peer (not available on FreeBSD, special value of 1 used instead, and the caller is required to special case this value respectively) |
[out] | gotuid | to optionally store obtained UID of the peer |
[out] | gotgid | to optionally store obtained GID of the peer |
- Returns
- Standard Pacemaker return code ie: 0 if it the connection is authentic pcmk_rc_ipc_unauthorized if the connection is not authentic, standard errors.
- Note
- While this function is tolerant on what constitutes authorized IPC daemon process (its effective user matches UID=0 or
refuid
, or at least its group matches refgid
), either or both (in case of UID=0) mismatches on the expected credentials of such peer process shall be investigated at the caller when value of 1 gets returned there, since higher-than-expected privileges in respect to the expected/intended credentials possibly violate the least privilege principle and may pose an additional risk (i.e. such accidental inconsistency shall be eventually fixed).
Definition at line 1364 of file ipc_client.c.