12 #if defined(HAVE_UCRED) || defined(HAVE_SOCKPEERCRED) 18 # include <sys/socket.h> 19 #elif defined(HAVE_GETPEERUCRED) 24 #include <sys/types.h> 58 (*api)->server = server;
74 (*api)->ipc_size_max = 512 * 1024;
94 (*api)->ipc_size_max = 5 * 1024 * 1024;
97 if ((*api)->cmds == NULL) {
104 (*api)->ipc_size_max);
105 if ((*api)->ipc == NULL) {
112 if ((*api)->cmds->new_data != NULL) {
113 if ((*api)->cmds->new_data(*api) !=
pcmk_rc_ok) {
126 if ((api != NULL) && (api->
cmds != NULL)) {
149 if ((api != NULL) && (api->
cb != NULL)) {
150 api->
cb(api, event_type, status, event_data, api->
user_data);
163 ipc_post_disconnect(gpointer user_data)
190 free_daemon_specific_data(api);
191 crm_trace(
"Freeing IPC API object after disconnect");
204 bool free_on_disconnect =
false;
211 if (api->
ipc != NULL) {
226 if (!free_on_disconnect) {
227 free_daemon_specific_data(api);
246 return for_log?
"Pacemaker" : NULL;
250 return for_log?
"attribute manager" :
T_ATTRD;
253 return for_log?
"CIB manager" : NULL ;
259 return for_log?
"executor" : NULL ;
262 return for_log?
"fencer" : NULL ;
271 return for_log?
"Pacemaker" : NULL;
331 if (buffer == NULL) {
332 crm_warn(
"Empty message received from %s IPC",
339 crm_warn(
"Malformed message received from %s IPC",
344 more = call_api_dispatch(api, msg);
367 dispatch_ipc_source_data(
const char *buffer, ssize_t length, gpointer user_data)
372 dispatch_ipc_data(buffer, api);
398 struct pollfd pollfd = { 0, };
404 pollfd.events = POLLIN;
405 rc = poll(&pollfd, 1, timeout_ms);
410 return (errno == EAGAIN)? ENOMEM : errno;
411 }
else if (rc == 0) {
447 .
dispatch = dispatch_ipc_source_data,
448 .destroy = ipc_post_disconnect,
456 crm_debug(
"Connected to %s IPC (attached to main loop)",
475 crm_debug(
"Connected to %s IPC (without main loop)",
491 const int n_attempts = 2;
495 crm_err(
"Cannot connect to uninitialized API object");
499 if (api->
ipc == NULL) {
502 if (api->
ipc == NULL) {
503 crm_err(
"Failed to re-create IPC API");
515 for (
int i = 0; i < n_attempts; i++) {
516 switch (dispatch_type) {
518 rc = connect_with_main_loop(api);
523 rc = connect_without_main_loop(api);
534 if (i < (n_attempts - 1)) {
535 crm_trace(
"Connection to %s IPC API failed with EAGAIN, retrying",
567 if ((api == NULL) || (api->
ipc == NULL)) {
597 ipc_post_disconnect(api);
642 xmlNode *reply = NULL;
645 if ((api == NULL) || (api->
ipc == NULL) || (request == NULL)) {
652 && (api->
cmds != NULL)
663 }
else if (rc == 0) {
669 bool more = call_api_dispatch(api, reply);
678 }
else if (rc == -ENOMSG || rc ==
pcmk_ok) {
688 }
else if (rc == EINPROGRESS) {
721 create_purge_node_request(
const pcmk_ipc_api_t *api,
const char *node_name,
724 xmlNode *request = NULL;
770 xmlNode *request = NULL;
775 if ((node_name == NULL) && (nodeid == 0)) {
779 request = create_purge_node_request(api, node_name, nodeid);
780 if (request == NULL) {
786 crm_debug(
"%s peer cache purge of node %s[%lu]: rc=%d",
787 pcmk_ipc_name(api,
true), node_name, (
unsigned long) nodeid, rc);
797 unsigned int max_buf_size;
798 unsigned int buf_size;
803 qb_ipcc_connection_t *ipc;
825 if (client == NULL) {
830 client->server_name = strdup(
name);
831 if (client->server_name == NULL) {
832 crm_err(
"Could not create %s IPC connection: %s",
838 client->buffer = malloc(client->buf_size);
839 if (client->buffer == NULL) {
840 crm_err(
"Could not create %s IPC connection: %s",
842 free(client->server_name);
848 client->max_buf_size = client->buf_size;
851 client->pfd.events = POLLIN;
852 client->pfd.revents = 0;
871 pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
874 if (client == NULL) {
879 client->need_reply = FALSE;
880 client->ipc = qb_ipcc_connect(client->server_name, client->buf_size);
882 if (client->ipc == NULL) {
883 crm_debug(
"Could not establish %s IPC connection: %s (%d)",
889 if (client->pfd.fd < 0) {
906 &found_pid, &found_uid,
908 crm_err(
"%s IPC provider authentication failed: process %lld has " 909 "uid %lld (expected %lld) and gid %lld (expected %lld)",
912 (
long long) found_uid, (
long long) cl_uid,
913 (
long long) found_gid, (
long long) cl_gid);
915 errno = ECONNABORTED;
919 crm_perror(LOG_ERR,
"Could not verify authenticity of %s IPC provider",
920 client->server_name);
930 qb_ipcc_context_set(client->ipc, client);
932 client->max_buf_size = qb_ipcc_get_buffer_size(client->ipc);
933 if (client->max_buf_size > client->buf_size) {
934 free(client->buffer);
935 client->buffer = calloc(1, client->max_buf_size);
936 client->buf_size = client->max_buf_size;
946 qb_ipcc_connection_t *ipc = client->ipc;
949 qb_ipcc_disconnect(ipc);
958 if (client->ipc && qb_ipcc_is_connected(client->ipc)) {
959 crm_notice(
"Destroying active %s IPC connection",
960 client->server_name);
971 crm_trace(
"Destroying inactive %s IPC connection",
972 client->server_name);
974 free(client->buffer);
975 free(client->server_name);
985 if (client && client->ipc && (qb_ipcc_fd_get(client->ipc, &fd) == 0)) {
989 crm_perror(LOG_ERR,
"Could not obtain file descriptor for %s IPC",
990 (client? client->server_name :
"unspecified"));
999 if (client == NULL) {
1003 }
else if (client->ipc == NULL) {
1007 }
else if (client->pfd.fd < 0) {
1012 rc = qb_ipcc_is_connected(client->ipc);
1014 client->pfd.fd = -EINVAL;
1037 client->pfd.revents = 0;
1038 rc = poll(&(client->pfd), 1, 0);
1039 return (rc < 0)? -errno : rc;
1052 unsigned int new_buf_size = QB_MAX((
sizeof(
pcmk__ipc_header_t) + size_u), client->max_buf_size);
1053 char *uncompressed = calloc(1, new_buf_size);
1055 crm_trace(
"Decompressing message data %u bytes into %u bytes",
1081 free(client->buffer);
1082 client->buf_size = new_buf_size;
1083 client->buffer = uncompressed;
1099 client->buffer[0] = 0;
1100 client->msg_size = qb_ipcc_event_recv(client->ipc, client->buffer,
1101 client->buf_size, 0);
1102 if (client->msg_size >= 0) {
1103 int rc = crm_ipc_decompress(client);
1114 crm_trace(
"Received %s IPC event %d size=%u rc=%d text='%.100s'",
1115 client->server_name, header->
qb.id, header->
qb.size,
1120 crm_trace(
"No message received from %s IPC: %s",
1123 if (client->msg_size == -EAGAIN) {
1129 crm_err(
"Connection to %s IPC failed", client->server_name);
1152 if (client->buffer == NULL) {
1157 return header->
flags;
1164 return client->server_name;
1169 internal_ipc_get_reply(
crm_ipc_t *client,
int request_id,
int ms_timeout,
1172 time_t
timeout = time(NULL) + 1 + (ms_timeout / 1000);
1176 crm_trace(
"Waiting on reply to %s IPC message %d",
1177 client->server_name, request_id);
1180 *bytes = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, 1000);
1184 rc = crm_ipc_decompress(client);
1190 if (hdr->
qb.id == request_id) {
1193 }
else if (hdr->
qb.id < request_id) {
1196 crm_err(
"Discarding old reply %d (need %d)", hdr->
qb.id, request_id);
1202 crm_err(
"Discarding newer reply %d (need %d)", hdr->
qb.id, request_id);
1207 crm_err(
"%s IPC provider disconnected while waiting for message %d",
1208 client->server_name, request_id);
1212 }
while (time(NULL) <
timeout);
1241 static uint32_t
id = 0;
1242 static int factor = 8;
1245 if (client == NULL) {
1246 crm_notice(
"Can't send IPC request without connection (bug?): %.100s",
1252 crm_notice(
"Can't send %s IPC requests: Connection closed",
1253 client->server_name);
1257 if (ms_timeout == 0) {
1261 if (client->need_reply) {
1262 qb_rc = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, ms_timeout);
1264 crm_warn(
"Sending %s IPC disabled until pending reply received",
1265 client->server_name);
1269 crm_notice(
"Sending %s IPC re-enabled after pending reply received",
1270 client->server_name);
1271 client->need_reply = FALSE;
1284 header = iov[0].iov_base;
1293 if(factor < 10 && (client->max_buf_size / 10) < (bytes / factor)) {
1294 crm_notice(
"Compressed message exceeds %d0%% of configured IPC " 1295 "limit (%u bytes); consider setting PCMK_ipc_buffer to " 1297 factor, client->max_buf_size, 2 * client->max_buf_size);
1302 crm_trace(
"Sending %s IPC request %d of %u bytes using %dms timeout",
1303 client->server_name, header->
qb.id, header->
qb.size, ms_timeout);
1307 time_t
timeout = time(NULL) + 1 + (ms_timeout / 1000);
1317 qb_rc = qb_ipcc_sendv(client->ipc, iov, 2);
1318 }
while ((qb_rc == -EAGAIN) && (time(NULL) <
timeout));
1325 crm_trace(
"Not waiting for reply to %s IPC request %d",
1326 client->server_name, header->
qb.id);
1330 rc = internal_ipc_get_reply(client, header->
qb.id, ms_timeout, &bytes);
1338 client->need_reply = TRUE;
1345 qb_rc = qb_ipcc_sendv_recv(client->ipc, iov, 2, client->buffer,
1346 client->buf_size, -1);
1354 crm_trace(
"Received %d-byte reply %d to %s IPC %d: %.100s",
1355 rc, hdr->
qb.id, client->server_name, header->
qb.id,
1363 crm_trace(
"No reply to %s IPC %d: rc=%d",
1364 client->server_name, header->
qb.id, rc);
1369 crm_notice(
"Couldn't send %s IPC request %d: Connection closed " 1370 CRM_XS " rc=%d", client->server_name, header->
qb.id, rc);
1372 }
else if (rc == -ETIMEDOUT) {
1373 crm_warn(
"%s IPC request %d failed: %s after %dms " CRM_XS " rc=%d",
1378 }
else if (rc <= 0) {
1380 client->server_name, header->
qb.id,
1390 pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1393 pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
1394 #if defined(HAVE_UCRED) 1396 socklen_t ucred_len =
sizeof(ucred);
1399 #ifdef HAVE_QB_IPCC_AUTH_GET 1400 if (qb_ipc && !qb_ipcc_auth_get(qb_ipc, &found_pid, &found_uid, &found_gid)) {
1405 #if defined(HAVE_UCRED) 1406 if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED,
1408 && ucred_len ==
sizeof(ucred)) {
1409 found_pid = ucred.pid; found_uid = ucred.uid; found_gid = ucred.gid;
1411 #elif defined(HAVE_SOCKPEERCRED) 1412 struct sockpeercred sockpeercred;
1413 socklen_t sockpeercred_len =
sizeof(sockpeercred);
1415 if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED,
1416 &sockpeercred, &sockpeercred_len)
1417 && sockpeercred_len ==
sizeof(sockpeercred_len)) {
1418 found_pid = sockpeercred.pid;
1419 found_uid = sockpeercred.uid; found_gid = sockpeercred.gid;
1421 #elif defined(HAVE_GETPEEREID) 1422 if (!getpeereid(sock, &found_uid, &found_gid)) {
1425 #elif defined(HAVE_GETPEERUCRED) 1427 if (!getpeerucred(sock, &ucred)) {
1429 found_pid = ucred_getpid(ucred);
1430 found_uid = ucred_geteuid(ucred); found_gid = ucred_getegid(ucred);
1438 # error "No way to authenticate a Unix socket peer" 1442 #ifdef HAVE_QB_IPCC_AUTH_GET 1445 if (gotpid != NULL) {
1446 *gotpid = found_pid;
1448 if (gotuid != NULL) {
1449 *gotuid = found_uid;
1451 if (gotgid != NULL) {
1452 *gotgid = found_gid;
1454 if (found_uid == 0 || found_uid == refuid || found_gid == refgid) {
1467 pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1470 gotpid, gotuid, gotgid);
1484 gid_t refgid, pid_t *gotpid)
1486 static char last_asked_name[PATH_MAX / 2] =
"";
1491 pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
1492 qb_ipcc_connection_t *c;
1493 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC 1494 struct pollfd pollfd = { 0, };
1497 c = qb_ipcc_connect_async(
name, 0,
1500 c = qb_ipcc_connect(
name, 0);
1507 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC 1508 pollfd.events = POLLIN;
1510 poll_rc = poll(&pollfd, 1, 2000);
1511 }
while ((poll_rc == -1) && (errno == EINTR));
1512 if ((poll_rc <= 0) || (qb_ipcc_connect_continue(c) != 0)) {
1514 (poll_rc == 0)?
"timeout":
strerror(errno));
1523 qb_rc = qb_ipcc_fd_get(c, &fd);
1526 crm_err(
"Could not get fd from %s IPC: %s " CRM_XS " rc=%d",
1532 &found_uid, &found_gid);
1534 crm_err(
"Daemon (IPC %s) effectively blocked with unauthorized" 1535 " process %lld (uid: %lld, gid: %lld)",
1537 (
long long) found_uid, (
long long) found_gid);
1544 crm_err(
"Could not get peer credentials from %s IPC: %s " 1549 if (gotpid != NULL) {
1550 *gotpid = found_pid;
1554 if ((found_uid != refuid || found_gid != refgid)
1555 && strncmp(last_asked_name,
name,
sizeof(last_asked_name))) {
1556 if ((found_uid == 0) && (refuid != 0)) {
1557 crm_warn(
"Daemon (IPC %s) runs as root, whereas the expected" 1558 " credentials are %lld:%lld, hazard of violating" 1559 " the least privilege principle",
1560 name, (
long long) refuid, (
long long) refgid);
1562 crm_notice(
"Daemon (IPC %s) runs as %lld:%lld, whereas the" 1563 " expected credentials are %lld:%lld, which may" 1564 " mean a different set of privileges than expected",
1565 name, (
long long) found_uid, (
long long) found_gid,
1566 (
long long) refuid, (
long long) refgid);
1568 memccpy(last_asked_name,
name,
'\0',
sizeof(last_asked_name));
1573 qb_ipcc_disconnect(c);
#define CRM_CHECK(expr, failure_action)
int pcmk__ipc_prepare_iov(uint32_t request, xmlNode *message, uint32_t max_send_size, struct iovec **result, ssize_t *bytes)
#define crm_notice(fmt, args...)
const char * pcmk_strerror(int rc)
const char * bz2_strerror(int rc)
enum pcmk_ipc_dispatch dispatch_type
#define PCMK__ATTRD_CMD_PEER_REMOVE
int pcmk_rc2legacy(int rc)
long crm_ipc_read(crm_ipc_t *client)
void pcmk_free_ipc_api(pcmk_ipc_api_t *api)
Free the contents of an IPC API object.
G_GNUC_INTERNAL pcmk__ipc_methods_t * pcmk__schedulerd_api_methods(void)
G_GNUC_INTERNAL pcmk__ipc_methods_t * pcmk__pacemakerd_api_methods(void)
const char * crm_ipc_buffer(crm_ipc_t *client)
int pcmk_ipc_purge_node(pcmk_ipc_api_t *api, const char *node_name, uint32_t nodeid)
Ask a Pacemaker daemon to purge a node from its peer cache.
struct mainloop_io_s mainloop_io_t
#define PCMK__SPECIAL_PID_AS_0(p)
const char * crm_xml_add(xmlNode *node, const char *name, const char *value)
Create an XML attribute with specified name and value.
int pcmk_new_ipc_api(pcmk_ipc_api_t **api, enum pcmk_ipc_server server)
Create a new object for using Pacemaker daemon IPC.
#define PCMK__SPECIAL_PID
enum crm_exit_e crm_exit_t
void crm_ipc_destroy(crm_ipc_t *client)
int pcmk_poll_ipc(const pcmk_ipc_api_t *api, int timeout_ms)
Check whether an IPC connection has data available (without main loop)
#define CRM_LOG_ASSERT(expr)
int pcmk__send_ipc_request(pcmk_ipc_api_t *api, xmlNode *request)
int pcmk_daemon_user(uid_t *uid, gid_t *gid)
Get user and group IDs of pacemaker daemon user.
struct pcmk__ipc_header_s pcmk__ipc_header_t
const char * pcmk_rc_str(int rc)
Get a user-friendly description of a return code.
char * strerror(int errnum)
int crm_ipc_get_fd(crm_ipc_t *client)
xmlNode * string2xml(const char *input)
int pcmk__ipc_is_authentic_process_active(const char *name, uid_t refuid, gid_t refgid, pid_t *gotpid)
Caller will poll and dispatch IPC.
#define crm_warn(fmt, args...)
pcmk_ipc_server
Available IPC interfaces.
#define crm_debug(fmt, args...)
bool crm_ipc_connect(crm_ipc_t *client)
Establish an IPC connection to a Pacemaker component.
crm_ipc_t * crm_ipc_new(const char *name, size_t max_size)
Create a new (legacy) object for using Pacemaker daemon IPC.
struct crm_ipc_s crm_ipc_t
void pcmk_register_ipc_callback(pcmk_ipc_api_t *api, pcmk_ipc_callback_t cb, void *user_data)
Register a callback for IPC API events.
G_GNUC_INTERNAL pcmk__ipc_methods_t * pcmk__attrd_api_methods(void)
#define crm_trace(fmt, args...)
#define pcmk_is_set(g, f)
Convenience alias for pcmk_all_flags_set(), to check single flag.
void crm_xml_set_id(xmlNode *xml, const char *format,...) G_GNUC_PRINTF(2
void pcmk__call_ipc_callback(pcmk_ipc_api_t *api, enum pcmk_ipc_event event_type, crm_exit_t status, void *event_data)
uint32_t crm_ipc_buffer_flags(crm_ipc_t *client)
#define CRM_SYSTEM_PENGINE
#define pcmk__clear_ipc_flags(ipc_flags, ipc_name, flags_to_clear)
void pcmk_disconnect_ipc(pcmk_ipc_api_t *api)
Disconnect an IPC API instance.
G_GNUC_INTERNAL bool pcmk__valid_ipc_header(const pcmk__ipc_header_t *header)
const char * pcmk_ipc_name(const pcmk_ipc_api_t *api, bool for_log)
Get the IPC name used with an IPC API connection.
xmlNode * create_xml_node(xmlNode *parent, const char *name)
void crm_ipc_close(crm_ipc_t *client)
void mainloop_del_ipc_client(mainloop_io_t *client)
int crm_ipc_send(crm_ipc_t *client, xmlNode *message, enum crm_ipc_flags flags, int32_t ms_timeout, xmlNode **reply)
Send an IPC XML message.
int pcmk_legacy2rc(int legacy_rc)
void free_xml(xmlNode *child)
void pcmk_free_ipc_event(struct iovec *event)
Free an I/O vector created by pcmk__ipc_prepare_iov()
void(* pcmk_ipc_callback_t)(pcmk_ipc_api_t *api, enum pcmk_ipc_event event_type, crm_exit_t status, void *event_data, void *user_data)
Callback function type for Pacemaker daemon IPC APIs.
int pcmk__crm_ipc_is_authentic_process(qb_ipcc_connection_t *qb_ipc, int sock, uid_t refuid, gid_t refgid, pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
Check the authenticity of the IPC socket peer process.
int(* post_connect)(pcmk_ipc_api_t *api)
int pcmk__add_mainloop_ipc(crm_ipc_t *ipc, int priority, void *userdata, const struct ipc_client_callbacks *callbacks, mainloop_io_t **source)
Connect to IPC and add it as a main loop source.
void crm_write_blackbox(int nsig, const struct qb_log_callsite *callsite)
G_GNUC_INTERNAL unsigned int pcmk__ipc_buffer_size(unsigned int max)
#define CRM_OP_RM_NODE_CACHE
pcmk_ipc_dispatch
How IPC replies should be dispatched.
pcmk_ipc_event
Possible event types that an IPC event callback can be called for.
bool crm_ipc_connected(crm_ipc_t *client)
Attach IPC to GMainLoop for dispatch.
Termination of IPC connection.
mainloop_io_t * mainloop_io
#define crm_perror(level, fmt, args...)
Send a system error message to both the log and stderr.
bool(* dispatch)(pcmk_ipc_api_t *api, xmlNode *msg)
#define pcmk__set_ipc_flags(ipc_flags, ipc_name, flags_to_set)
#define crm_err(fmt, args...)
Sending a command will wait for any reply.
void pcmk_dispatch_ipc(pcmk_ipc_api_t *api)
Dispatch available messages on an IPC connection (without main loop)
#define crm_log_xml_notice(xml, text)
Lost connection to something.
int crm_ipc_ready(crm_ipc_t *client)
Check whether an IPC connection is ready to be read.
void(* free_data)(void *api_data)
bool(* reply_expected)(pcmk_ipc_api_t *api, xmlNode *request)
bool pcmk_ipc_is_connected(pcmk_ipc_api_t *api)
Check whether an IPC API connection is active.
IPC interface to Pacemaker daemons.
int pcmk_connect_ipc(pcmk_ipc_api_t *api, enum pcmk_ipc_dispatch dispatch_type)
Connect to a Pacemaker daemon via IPC.
#define crm_log_xml_trace(xml, text)
G_GNUC_INTERNAL pcmk__ipc_methods_t * pcmk__controld_api_methods(void)
pcmk__ipc_methods_t * cmds
void pcmk__xe_add_node(xmlNode *xml, const char *node, int nodeid)
void(* post_disconnect)(pcmk_ipc_api_t *api)
enum pcmk_ipc_server server
#define create_request(task, xml_data, host_to, sys_to, sys_from, uuid_from)
#define crm_info(fmt, args...)
int(* dispatch)(const char *buffer, ssize_t length, gpointer userdata)
Dispatch function for an IPC connection used as mainloop source.
int crm_ipc_is_authentic_process(int sock, uid_t refuid, gid_t refgid, pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
Check the authenticity of the IPC socket peer process (legacy)
const char * crm_ipc_name(crm_ipc_t *client)
