lib/common/ipc

/* */
This source file includes following definitions.
pcmk_new_ipc_api
free_daemon_specific_data
pcmk__call_ipc_callback
ipc_post_disconnect
pcmk_free_ipc_api
pcmk_ipc_name
pcmk_ipc_is_connected
call_api_dispatch
dispatch_ipc_data
dispatch_ipc_source_data
pcmk_poll_ipc
pcmk_dispatch_ipc
connect_with_main_loop
connect_without_main_loop
pcmk_connect_ipc
pcmk_disconnect_ipc
pcmk_register_ipc_callback
pcmk__send_ipc_request
create_purge_node_request
pcmk_ipc_purge_node
crm_ipc_new
crm_ipc_connect
crm_ipc_close
crm_ipc_destroy
crm_ipc_get_fd
crm_ipc_connected
crm_ipc_ready
crm_ipc_decompress
crm_ipc_read
crm_ipc_buffer
crm_ipc_buffer_flags
crm_ipc_name
internal_ipc_get_reply
crm_ipc_send
pcmk__crm_ipc_is_authentic_process
crm_ipc_is_authentic_process
pcmk__ipc_is_authentic_process_active
   1 /*
   2  * Copyright 2004-2022 the Pacemaker project contributors
   3  *
   4  * The version control history for this file may have further details.
   5  *
   6  * This source code is licensed under the GNU Lesser General Public License
   7  * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
   8  */
   9 
  10 #include <crm_internal.h>
  11 
  12 #if defined(HAVE_UCRED) || defined(HAVE_SOCKPEERCRED)
  13 #  ifdef HAVE_UCRED
  14 #    ifndef _GNU_SOURCE
  15 #      define _GNU_SOURCE
  16 #    endif
  17 #  endif
  18 #  include <sys/socket.h>
  19 #elif defined(HAVE_GETPEERUCRED)
  20 #  include <ucred.h>
  21 #endif
  22 
  23 #include <stdio.h>
  24 #include <sys/types.h>
  25 #include <errno.h>
  26 #include <bzlib.h>
  27 
  28 #include <crm/crm.h>   /* indirectly: pcmk_err_generic */
  29 #include <crm/msg_xml.h>
  30 #include <crm/common/ipc.h>
  31 #include <crm/common/ipc_internal.h>
  32 #include "crmcommon_private.h"
  33 
  34 /*!
  35  * \brief Create a new object for using Pacemaker daemon IPC
  36  *
  37  * \param[out] api     Where to store new IPC object
  38  * \param[in]  server  Which Pacemaker daemon the object is for
  39  *
  40  * \return Standard Pacemaker result code
  41  *
  42  * \note The caller is responsible for freeing *api using pcmk_free_ipc_api().
  43  * \note This is intended to supersede crm_ipc_new() but currently only
  44  *       supports the controller, pacemakerd, and schedulerd IPC API.
  45  */
  46 int
  47 pcmk_new_ipc_api(pcmk_ipc_api_t **api, enum pcmk_ipc_server server)
     /*  */
  48 {
  49     if (api == NULL) {
  50         return EINVAL;
  51     }
  52 
  53     *api = calloc(1, sizeof(pcmk_ipc_api_t));
  54     if (*api == NULL) {
  55         return errno;
  56     }
  57 
  58     (*api)->server = server;
  59     if (pcmk_ipc_name(*api, false) == NULL) {
  60         pcmk_free_ipc_api(*api);
  61         *api = NULL;
  62         return EOPNOTSUPP;
  63     }
  64 
  65     (*api)->ipc_size_max = 0;
  66 
  67     // Set server methods and max_size (if not default)
  68     switch (server) {
  69         case pcmk_ipc_attrd:
  70             (*api)->cmds = pcmk__attrd_api_methods();
  71             break;
  72 
  73         case pcmk_ipc_based:
  74             (*api)->ipc_size_max = 512 * 1024; // 512KB
  75             break;
  76 
  77         case pcmk_ipc_controld:
  78             (*api)->cmds = pcmk__controld_api_methods();
  79             break;
  80 
  81         case pcmk_ipc_execd:
  82             break;
  83 
  84         case pcmk_ipc_fenced:
  85             break;
  86 
  87         case pcmk_ipc_pacemakerd:
  88             (*api)->cmds = pcmk__pacemakerd_api_methods();
  89             break;
  90 
  91         case pcmk_ipc_schedulerd:
  92             (*api)->cmds = pcmk__schedulerd_api_methods();
  93             // @TODO max_size could vary by client, maybe take as argument?
  94             (*api)->ipc_size_max = 5 * 1024 * 1024; // 5MB
  95             break;
  96     }
  97     if ((*api)->cmds == NULL) {
  98         pcmk_free_ipc_api(*api);
  99         *api = NULL;
 100         return ENOMEM;
 101     }
 102 
 103     (*api)->ipc = crm_ipc_new(pcmk_ipc_name(*api, false),
 104                               (*api)->ipc_size_max);
 105     if ((*api)->ipc == NULL) {
 106         pcmk_free_ipc_api(*api);
 107         *api = NULL;
 108         return ENOMEM;
 109     }
 110 
 111     // If daemon API has its own data to track, allocate it
 112     if ((*api)->cmds->new_data != NULL) {
 113         if ((*api)->cmds->new_data(*api) != pcmk_rc_ok) {
 114             pcmk_free_ipc_api(*api);
 115             *api = NULL;
 116             return ENOMEM;
 117         }
 118     }
 119     crm_trace("Created %s API IPC object", pcmk_ipc_name(*api, true));
 120     return pcmk_rc_ok;
 121 }
 122 
 123 static void
 124 free_daemon_specific_data(pcmk_ipc_api_t *api)
     /*  */
 125 {
 126     if ((api != NULL) && (api->cmds != NULL)) {
 127         if ((api->cmds->free_data != NULL) && (api->api_data != NULL)) {
 128             api->cmds->free_data(api->api_data);
 129             api->api_data = NULL;
 130         }
 131         free(api->cmds);
 132         api->cmds = NULL;
 133     }
 134 }
 135 
 136 /*!
 137  * \internal
 138  * \brief Call an IPC API event callback, if one is registed
 139  *
 140  * \param[in,out] api         IPC API connection
 141  * \param[in]     event_type  The type of event that occurred
 142  * \param[in]     status      Event status
 143  * \param[in,out] event_data  Event-specific data
 144  */
 145 void
 146 pcmk__call_ipc_callback(pcmk_ipc_api_t *api, enum pcmk_ipc_event event_type,
     /*  */
 147                         crm_exit_t status, void *event_data)
 148 {
 149     if ((api != NULL) && (api->cb != NULL)) {
 150         api->cb(api, event_type, status, event_data, api->user_data);
 151     }
 152 }
 153 
 154 /*!
 155  * \internal
 156  * \brief Clean up after an IPC disconnect
 157  *
 158  * \param[in,out] user_data  IPC API connection that disconnected
 159  *
 160  * \note This function can be used as a main loop IPC destroy callback.
 161  */
 162 static void
 163 ipc_post_disconnect(gpointer user_data)
     /*  */
 164 {
 165     pcmk_ipc_api_t *api = user_data;
 166 
 167     crm_info("Disconnected from %s IPC API", pcmk_ipc_name(api, true));
 168 
 169     // Perform any daemon-specific handling needed
 170     if ((api->cmds != NULL) && (api->cmds->post_disconnect != NULL)) {
 171         api->cmds->post_disconnect(api);
 172     }
 173 
 174     // Call client's registered event callback
 175     pcmk__call_ipc_callback(api, pcmk_ipc_event_disconnect, CRM_EX_DISCONNECT,
 176                             NULL);
 177 
 178     /* If this is being called from a running main loop, mainloop_gio_destroy()
 179      * will free ipc and mainloop_io immediately after calling this function.
 180      * If this is called from a stopped main loop, these will leak, so the best
 181      * practice is to close the connection before stopping the main loop.
 182      */
 183     api->ipc = NULL;
 184     api->mainloop_io = NULL;
 185 
 186     if (api->free_on_disconnect) {
 187         /* pcmk_free_ipc_api() has already been called, but did not free api
 188          * or api->cmds because this function needed them. Do that now.
 189          */
 190         free_daemon_specific_data(api);
 191         crm_trace("Freeing IPC API object after disconnect");
 192         free(api);
 193     }
 194 }
 195 
 196 /*!
 197  * \brief Free the contents of an IPC API object
 198  *
 199  * \param[in,out] api  IPC API object to free
 200  */
 201 void
 202 pcmk_free_ipc_api(pcmk_ipc_api_t *api)
     /*  */
 203 {
 204     bool free_on_disconnect = false;
 205 
 206     if (api == NULL) {
 207         return;
 208     }
 209     crm_debug("Releasing %s IPC API", pcmk_ipc_name(api, true));
 210 
 211     if (api->ipc != NULL) {
 212         if (api->mainloop_io != NULL) {
 213             /* We need to keep the api pointer itself around, because it is the
 214              * user data for the IPC client destroy callback. That will be
 215              * triggered by the pcmk_disconnect_ipc() call below, but it might
 216              * happen later in the main loop (if still running).
 217              *
 218              * This flag tells the destroy callback to free the object. It can't
 219              * do that unconditionally, because the application might call this
 220              * function after a disconnect that happened by other means.
 221              */
 222             free_on_disconnect = api->free_on_disconnect = true;
 223         }
 224         pcmk_disconnect_ipc(api); // Frees api if free_on_disconnect is true
 225     }
 226     if (!free_on_disconnect) {
 227         free_daemon_specific_data(api);
 228         crm_trace("Freeing IPC API object");
 229         free(api);
 230     }
 231 }
 232 
 233 /*!
 234  * \brief Get the IPC name used with an IPC API connection
 235  *
 236  * \param[in] api      IPC API connection
 237  * \param[in] for_log  If true, return human-friendly name instead of IPC name
 238  *
 239  * \return IPC API's human-friendly or connection name, or if none is available,
 240  *         "Pacemaker" if for_log is true and NULL if for_log is false
 241  */
 242 const char *
 243 pcmk_ipc_name(const pcmk_ipc_api_t *api, bool for_log)
     /*  */
 244 {
 245     if (api == NULL) {
 246         return for_log? "Pacemaker" : NULL;
 247     }
 248     switch (api->server) {
 249         case pcmk_ipc_attrd:
 250             return for_log? "attribute manager" : T_ATTRD;
 251 
 252         case pcmk_ipc_based:
 253             return for_log? "CIB manager" : NULL /* PCMK__SERVER_BASED_RW */;
 254 
 255         case pcmk_ipc_controld:
 256             return for_log? "controller" : CRM_SYSTEM_CRMD;
 257 
 258         case pcmk_ipc_execd:
 259             return for_log? "executor" : NULL /* CRM_SYSTEM_LRMD */;
 260 
 261         case pcmk_ipc_fenced:
 262             return for_log? "fencer" : NULL /* "stonith-ng" */;
 263 
 264         case pcmk_ipc_pacemakerd:
 265             return for_log? "launcher" : CRM_SYSTEM_MCP;
 266 
 267         case pcmk_ipc_schedulerd:
 268             return for_log? "scheduler" : CRM_SYSTEM_PENGINE;
 269 
 270         default:
 271             return for_log? "Pacemaker" : NULL;
 272     }
 273 }
 274 
 275 /*!
 276  * \brief Check whether an IPC API connection is active
 277  *
 278  * \param[in,out] api  IPC API connection
 279  *
 280  * \return true if IPC is connected, false otherwise
 281  */
 282 bool
 283 pcmk_ipc_is_connected(pcmk_ipc_api_t *api)
     /*  */
 284 {
 285     return (api != NULL) && crm_ipc_connected(api->ipc);
 286 }
 287 
 288 /*!
 289  * \internal
 290  * \brief Call the daemon-specific API's dispatch function
 291  *
 292  * Perform daemon-specific handling of IPC reply dispatch. It is the daemon
 293  * method's responsibility to call the client's registered event callback, as
 294  * well as allocate and free any event data.
 295  *
 296  * \param[in,out] api      IPC API connection
 297  * \param[in,out] message  IPC reply XML to dispatch
 298  */
 299 static bool
 300 call_api_dispatch(pcmk_ipc_api_t *api, xmlNode *message)
     /*  */
 301 {
 302     crm_log_xml_trace(message, "ipc-received");
 303     if ((api->cmds != NULL) && (api->cmds->dispatch != NULL)) {
 304         return api->cmds->dispatch(api, message);
 305     }
 306 
 307     return false;
 308 }
 309 
 310 /*!
 311  * \internal
 312  * \brief Dispatch previously read IPC data
 313  *
 314  * \param[in]     buffer  Data read from IPC
 315  * \param[in,out] api     IPC object
 316  *
 317  * \return Standard Pacemaker return code.  In particular:
 318  *
 319  * pcmk_rc_ok: There are no more messages expected from the server.  Quit
 320  *             reading.
 321  * EINPROGRESS: There are more messages expected from the server.  Keep reading.
 322  *
 323  * All other values indicate an error.
 324  */
 325 static int
 326 dispatch_ipc_data(const char *buffer, pcmk_ipc_api_t *api)
     /*  */
 327 {
 328     bool more = false;
 329     xmlNode *msg;
 330 
 331     if (buffer == NULL) {
 332         crm_warn("Empty message received from %s IPC",
 333                  pcmk_ipc_name(api, true));
 334         return ENOMSG;
 335     }
 336 
 337     msg = string2xml(buffer);
 338     if (msg == NULL) {
 339         crm_warn("Malformed message received from %s IPC",
 340                  pcmk_ipc_name(api, true));
 341         return EPROTO;
 342     }
 343 
 344     more = call_api_dispatch(api, msg);
 345     free_xml(msg);
 346 
 347     if (more) {
 348         return EINPROGRESS;
 349     } else {
 350         return pcmk_rc_ok;
 351     }
 352 }
 353 
 354 /*!
 355  * \internal
 356  * \brief Dispatch data read from IPC source
 357  *
 358  * \param[in]     buffer     Data read from IPC
 359  * \param[in]     length     Number of bytes of data in buffer (ignored)
 360  * \param[in,out] user_data  IPC object
 361  *
 362  * \return Always 0 (meaning connection is still required)
 363  *
 364  * \note This function can be used as a main loop IPC dispatch callback.
 365  */
 366 static int
 367 dispatch_ipc_source_data(const char *buffer, ssize_t length, gpointer user_data)
     /*  */
 368 {
 369     pcmk_ipc_api_t *api = user_data;
 370 
 371     CRM_CHECK(api != NULL, return 0);
 372     dispatch_ipc_data(buffer, api);
 373     return 0;
 374 }
 375 
 376 /*!
 377  * \brief Check whether an IPC connection has data available (without main loop)
 378  *
 379  * \param[in]  api         IPC API connection
 380  * \param[in]  timeout_ms  If less than 0, poll indefinitely; if 0, poll once
 381  *                         and return immediately; otherwise, poll for up to
 382  *                         this many milliseconds
 383  *
 384  * \return Standard Pacemaker return code
 385  *
 386  * \note Callers of pcmk_connect_ipc() using pcmk_ipc_dispatch_poll should call
 387  *       this function to check whether IPC data is available. Return values of
 388  *       interest include pcmk_rc_ok meaning data is available, and EAGAIN
 389  *       meaning no data is available; all other values indicate errors.
 390  * \todo This does not allow the caller to poll multiple file descriptors at
 391  *       once. If there is demand for that, we could add a wrapper for
 392  *       crm_ipc_get_fd(api->ipc), so the caller can call poll() themselves.
 393  */
 394 int
 395 pcmk_poll_ipc(const pcmk_ipc_api_t *api, int timeout_ms)
     /*  */
 396 {
 397     int rc;
 398     struct pollfd pollfd = { 0, };
 399 
 400     if ((api == NULL) || (api->dispatch_type != pcmk_ipc_dispatch_poll)) {
 401         return EINVAL;
 402     }
 403     pollfd.fd = crm_ipc_get_fd(api->ipc);
 404     pollfd.events = POLLIN;
 405     rc = poll(&pollfd, 1, timeout_ms);
 406     if (rc < 0) {
 407         return errno;
 408     } else if (rc == 0) {
 409         return EAGAIN;
 410     }
 411     return pcmk_rc_ok;
 412 }
 413 
 414 /*!
 415  * \brief Dispatch available messages on an IPC connection (without main loop)
 416  *
 417  * \param[in,out] api  IPC API connection
 418  *
 419  * \return Standard Pacemaker return code
 420  *
 421  * \note Callers of pcmk_connect_ipc() using pcmk_ipc_dispatch_poll should call
 422  *       this function when IPC data is available.
 423  */
 424 void
 425 pcmk_dispatch_ipc(pcmk_ipc_api_t *api)
     /*  */
 426 {
 427     if (api == NULL) {
 428         return;
 429     }
 430     while (crm_ipc_ready(api->ipc) > 0) {
 431         if (crm_ipc_read(api->ipc) > 0) {
 432             dispatch_ipc_data(crm_ipc_buffer(api->ipc), api);
 433         }
 434     }
 435 }
 436 
 437 // \return Standard Pacemaker return code
 438 static int
 439 connect_with_main_loop(pcmk_ipc_api_t *api)
     /*  */
 440 {
 441     int rc;
 442 
 443     struct ipc_client_callbacks callbacks = {
 444         .dispatch = dispatch_ipc_source_data,
 445         .destroy = ipc_post_disconnect,
 446     };
 447 
 448     rc = pcmk__add_mainloop_ipc(api->ipc, G_PRIORITY_DEFAULT, api,
 449                                 &callbacks, &(api->mainloop_io));
 450     if (rc != pcmk_rc_ok) {
 451         return rc;
 452     }
 453     crm_debug("Connected to %s IPC (attached to main loop)",
 454               pcmk_ipc_name(api, true));
 455     /* After this point, api->mainloop_io owns api->ipc, so api->ipc
 456      * should not be explicitly freed.
 457      */
 458     return pcmk_rc_ok;
 459 }
 460 
 461 // \return Standard Pacemaker return code
 462 static int
 463 connect_without_main_loop(pcmk_ipc_api_t *api)
     /*  */
 464 {
 465     int rc;
 466 
 467     if (!crm_ipc_connect(api->ipc)) {
 468         rc = errno;
 469         crm_ipc_close(api->ipc);
 470         return rc;
 471     }
 472     crm_debug("Connected to %s IPC (without main loop)",
 473               pcmk_ipc_name(api, true));
 474     return pcmk_rc_ok;
 475 }
 476 
 477 /*!
 478  * \brief Connect to a Pacemaker daemon via IPC
 479  *
 480  * \param[in,out] api            IPC API instance
 481  * \param[in]     dispatch_type  How IPC replies should be dispatched
 482  *
 483  * \return Standard Pacemaker return code
 484  */
 485 int
 486 pcmk_connect_ipc(pcmk_ipc_api_t *api, enum pcmk_ipc_dispatch dispatch_type)
     /*  */
 487 {
 488     int rc = pcmk_rc_ok;
 489 
 490     if (api == NULL) {
 491         crm_err("Cannot connect to uninitialized API object");
 492         return EINVAL;
 493     }
 494 
 495     if (api->ipc == NULL) {
 496         api->ipc = crm_ipc_new(pcmk_ipc_name(api, false),
 497                                   api->ipc_size_max);
 498         if (api->ipc == NULL) {
 499             crm_err("Failed to re-create IPC API");
 500             return ENOMEM;
 501         }
 502     }
 503 
 504     if (crm_ipc_connected(api->ipc)) {
 505         crm_trace("Already connected to %s IPC API", pcmk_ipc_name(api, true));
 506         return pcmk_rc_ok;
 507     }
 508 
 509     api->dispatch_type = dispatch_type;
 510     switch (dispatch_type) {
 511         case pcmk_ipc_dispatch_main:
 512             rc = connect_with_main_loop(api);
 513             break;
 514 
 515         case pcmk_ipc_dispatch_sync:
 516         case pcmk_ipc_dispatch_poll:
 517             rc = connect_without_main_loop(api);
 518             break;
 519     }
 520     if (rc != pcmk_rc_ok) {
 521         return rc;
 522     }
 523 
 524     if ((api->cmds != NULL) && (api->cmds->post_connect != NULL)) {
 525         rc = api->cmds->post_connect(api);
 526         if (rc != pcmk_rc_ok) {
 527             crm_ipc_close(api->ipc);
 528         }
 529     }
 530     return rc;
 531 }
 532 
 533 /*!
 534  * \brief Disconnect an IPC API instance
 535  *
 536  * \param[in,out] api  IPC API connection
 537  *
 538  * \return Standard Pacemaker return code
 539  *
 540  * \note If the connection is attached to a main loop, this function should be
 541  *       called before quitting the main loop, to ensure that all memory is
 542  *       freed.
 543  */
 544 void
 545 pcmk_disconnect_ipc(pcmk_ipc_api_t *api)
     /*  */
 546 {
 547     if ((api == NULL) || (api->ipc == NULL)) {
 548         return;
 549     }
 550     switch (api->dispatch_type) {
 551         case pcmk_ipc_dispatch_main:
 552             {
 553                 mainloop_io_t *mainloop_io = api->mainloop_io;
 554 
 555                 // Make sure no code with access to api can use these again
 556                 api->mainloop_io = NULL;
 557                 api->ipc = NULL;
 558 
 559                 mainloop_del_ipc_client(mainloop_io);
 560                 // After this point api might have already been freed
 561             }
 562             break;
 563 
 564         case pcmk_ipc_dispatch_poll:
 565         case pcmk_ipc_dispatch_sync:
 566             {
 567                 crm_ipc_t *ipc = api->ipc;
 568 
 569                 // Make sure no code with access to api can use ipc again
 570                 api->ipc = NULL;
 571 
 572                 // This should always be the case already, but to be safe
 573                 api->free_on_disconnect = false;
 574 
 575                 crm_ipc_close(ipc);
 576                 crm_ipc_destroy(ipc);
 577                 ipc_post_disconnect(api);
 578             }
 579             break;
 580     }
 581 }
 582 
 583 /*!
 584  * \brief Register a callback for IPC API events
 585  *
 586  * \param[in,out] api       IPC API connection
 587  * \param[in]     callback  Callback to register
 588  * \param[in]     userdata  Caller data to pass to callback
 589  *
 590  * \note This function may be called multiple times to update the callback
 591  *       and/or user data. The caller remains responsible for freeing
 592  *       userdata in any case (after the IPC is disconnected, if the
 593  *       user data is still registered with the IPC).
 594  */
 595 void
 596 pcmk_register_ipc_callback(pcmk_ipc_api_t *api, pcmk_ipc_callback_t cb,
     /*  */
 597                            void *user_data)
 598 {
 599     if (api == NULL) {
 600         return;
 601     }
 602     api->cb = cb;
 603     api->user_data = user_data;
 604 }
 605 
 606 /*!
 607  * \internal
 608  * \brief Send an XML request across an IPC API connection
 609  *
 610  * \param[in,out] api      IPC API connection
 611  * \param[in,out] request  XML request to send
 612  *
 613  * \return Standard Pacemaker return code
 614  *
 615  * \note Daemon-specific IPC API functions should call this function to send
 616  *       requests, because it handles different dispatch types appropriately.
 617  */
 618 int
 619 pcmk__send_ipc_request(pcmk_ipc_api_t *api, xmlNode *request)
     /*  */
 620 {
 621     int rc;
 622     xmlNode *reply = NULL;
 623     enum crm_ipc_flags flags = crm_ipc_flags_none;
 624 
 625     if ((api == NULL) || (api->ipc == NULL) || (request == NULL)) {
 626         return EINVAL;
 627     }
 628     crm_log_xml_trace(request, "ipc-sent");
 629 
 630     // Synchronous dispatch requires waiting for a reply
 631     if ((api->dispatch_type == pcmk_ipc_dispatch_sync)
 632         && (api->cmds != NULL)
 633         && (api->cmds->reply_expected != NULL)
 634         && (api->cmds->reply_expected(api, request))) {
 635         flags = crm_ipc_client_response;
 636     }
 637 
 638     // The 0 here means a default timeout of 5 seconds
 639     rc = crm_ipc_send(api->ipc, request, flags, 0, &reply);
 640 
 641     if (rc < 0) {
 642         return pcmk_legacy2rc(rc);
 643     } else if (rc == 0) {
 644         return ENODATA;
 645     }
 646 
 647     // With synchronous dispatch, we dispatch any reply now
 648     if (reply != NULL) {
 649         bool more = call_api_dispatch(api, reply);
 650 
 651         free_xml(reply);
 652 
 653         while (more) {
 654             rc = crm_ipc_read(api->ipc);
 655 
 656             if (rc == -EAGAIN) {
 657                 continue;
 658             } else if (rc == -ENOMSG || rc == pcmk_ok) {
 659                 return pcmk_rc_ok;
 660             } else if (rc < 0) {
 661                 return -rc;
 662             }
 663 
 664             rc = dispatch_ipc_data(crm_ipc_buffer(api->ipc), api);
 665 
 666             if (rc == pcmk_rc_ok) {
 667                 more = false;
 668             } else if (rc == EINPROGRESS) {
 669                 more = true;
 670             } else {
 671                 continue;
 672             }
 673         }
 674     }
 675     return pcmk_rc_ok;
 676 }
 677 
 678 /*!
 679  * \internal
 680  * \brief Create the XML for an IPC request to purge a node from the peer cache
 681  *
 682  * \param[in]  api        IPC API connection
 683  * \param[in]  node_name  If not NULL, name of node to purge
 684  * \param[in]  nodeid     If not 0, node ID of node to purge
 685  *
 686  * \return Newly allocated IPC request XML
 687  *
 688  * \note The controller, fencer, and pacemakerd use the same request syntax, but
 689  *       the attribute manager uses a different one. The CIB manager doesn't
 690  *       have any syntax for it. The executor and scheduler don't connect to the
 691  *       cluster layer and thus don't have or need any syntax for it.
 692  *
 693  * \todo Modify the attribute manager to accept the common syntax (as well
 694  *       as its current one, for compatibility with older clients). Modify
 695  *       the CIB manager to accept and honor the common syntax. Modify the
 696  *       executor and scheduler to accept the syntax (immediately returning
 697  *       success), just for consistency. Modify this function to use the
 698  *       common syntax with all daemons if their version supports it.
 699  */
 700 static xmlNode *
 701 create_purge_node_request(const pcmk_ipc_api_t *api, const char *node_name,
     /*  */
 702                           uint32_t nodeid)
 703 {
 704     xmlNode *request = NULL;
 705     const char *client = crm_system_name? crm_system_name : "client";
 706 
 707     switch (api->server) {
 708         case pcmk_ipc_attrd:
 709             request = create_xml_node(NULL, __func__);
 710             crm_xml_add(request, F_TYPE, T_ATTRD);
 711             crm_xml_add(request, F_ORIG, crm_system_name);
 712             crm_xml_add(request, PCMK__XA_TASK, PCMK__ATTRD_CMD_PEER_REMOVE);
 713             pcmk__xe_add_node(request, node_name, nodeid);
 714             break;
 715 
 716         case pcmk_ipc_controld:
 717         case pcmk_ipc_fenced:
 718         case pcmk_ipc_pacemakerd:
 719             request = create_request(CRM_OP_RM_NODE_CACHE, NULL, NULL,
 720                                      pcmk_ipc_name(api, false), client, NULL);
 721             if (nodeid > 0) {
 722                 crm_xml_set_id(request, "%lu", (unsigned long) nodeid);
 723             }
 724             crm_xml_add(request, XML_ATTR_UNAME, node_name);
 725             break;
 726 
 727         case pcmk_ipc_based:
 728         case pcmk_ipc_execd:
 729         case pcmk_ipc_schedulerd:
 730             break;
 731     }
 732     return request;
 733 }
 734 
 735 /*!
 736  * \brief Ask a Pacemaker daemon to purge a node from its peer cache
 737  *
 738  * \param[in,out] api        IPC API connection
 739  * \param[in]     node_name  If not NULL, name of node to purge
 740  * \param[in]     nodeid     If not 0, node ID of node to purge
 741  *
 742  * \return Standard Pacemaker return code
 743  *
 744  * \note At least one of node_name or nodeid must be specified.
 745  */
 746 int
 747 pcmk_ipc_purge_node(pcmk_ipc_api_t *api, const char *node_name, uint32_t nodeid)
     /*  */
 748 {
 749     int rc = 0;
 750     xmlNode *request = NULL;
 751 
 752     if (api == NULL) {
 753         return EINVAL;
 754     }
 755     if ((node_name == NULL) && (nodeid == 0)) {
 756         return EINVAL;
 757     }
 758 
 759     request = create_purge_node_request(api, node_name, nodeid);
 760     if (request == NULL) {
 761         return EOPNOTSUPP;
 762     }
 763     rc = pcmk__send_ipc_request(api, request);
 764     free_xml(request);
 765 
 766     crm_debug("%s peer cache purge of node %s[%lu]: rc=%d",
 767               pcmk_ipc_name(api, true), node_name, (unsigned long) nodeid, rc);
 768     return rc;
 769 }
 770 
 771 /*
 772  * Generic IPC API (to eventually be deprecated as public API and made internal)
 773  */
 774 
 775 struct crm_ipc_s {
 776     struct pollfd pfd;
 777     unsigned int max_buf_size; // maximum bytes we can send or receive over IPC
 778     unsigned int buf_size;     // size of allocated buffer
 779     int msg_size;
 780     int need_reply;
 781     char *buffer;
 782     char *server_name;          // server IPC name being connected to
 783     qb_ipcc_connection_t *ipc;
 784 };
 785 
 786 /*!
 787  * \brief Create a new (legacy) object for using Pacemaker daemon IPC
 788  *
 789  * \param[in] name      IPC system name to connect to
 790  * \param[in] max_size  Use a maximum IPC buffer size of at least this size
 791  *
 792  * \return Newly allocated IPC object on success, NULL otherwise
 793  *
 794  * \note The caller is responsible for freeing the result using
 795  *       crm_ipc_destroy().
 796  * \note This should be considered deprecated for use with daemons supported by
 797  *       pcmk_new_ipc_api().
 798  */
 799 crm_ipc_t *
 800 crm_ipc_new(const char *name, size_t max_size)
     /*  */
 801 {
 802     crm_ipc_t *client = NULL;
 803 
 804     client = calloc(1, sizeof(crm_ipc_t));
 805     if (client == NULL) {
 806         crm_err("Could not create IPC connection: %s", strerror(errno));
 807         return NULL;
 808     }
 809 
 810     client->server_name = strdup(name);
 811     if (client->server_name == NULL) {
 812         crm_err("Could not create %s IPC connection: %s",
 813                 name, strerror(errno));
 814         free(client);
 815         return NULL;
 816     }
 817     client->buf_size = pcmk__ipc_buffer_size(max_size);
 818     client->buffer = malloc(client->buf_size);
 819     if (client->buffer == NULL) {
 820         crm_err("Could not create %s IPC connection: %s",
 821                 name, strerror(errno));
 822         free(client->server_name);
 823         free(client);
 824         return NULL;
 825     }
 826 
 827     /* Clients initiating connection pick the max buf size */
 828     client->max_buf_size = client->buf_size;
 829 
 830     client->pfd.fd = -1;
 831     client->pfd.events = POLLIN;
 832     client->pfd.revents = 0;
 833 
 834     return client;
 835 }
 836 
 837 /*!
 838  * \brief Establish an IPC connection to a Pacemaker component
 839  *
 840  * \param[in,out] client  Connection instance obtained from crm_ipc_new()
 841  *
 842  * \return TRUE on success, FALSE otherwise (in which case errno will be set;
 843  *         specifically, in case of discovering the remote side is not
 844  *         authentic, its value is set to ECONNABORTED).
 845  */
 846 bool
 847 crm_ipc_connect(crm_ipc_t *client)
     /*  */
 848 {
 849     uid_t cl_uid = 0;
 850     gid_t cl_gid = 0;
 851     pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
 852     int rv;
 853 
 854     client->need_reply = FALSE;
 855     client->ipc = qb_ipcc_connect(client->server_name, client->buf_size);
 856 
 857     if (client->ipc == NULL) {
 858         crm_debug("Could not establish %s IPC connection: %s (%d)",
 859                   client->server_name, pcmk_rc_str(errno), errno);
 860         return FALSE;
 861     }
 862 
 863     client->pfd.fd = crm_ipc_get_fd(client);
 864     if (client->pfd.fd < 0) {
 865         rv = errno;
 866         /* message already omitted */
 867         crm_ipc_close(client);
 868         errno = rv;
 869         return FALSE;
 870     }
 871 
 872     rv = pcmk_daemon_user(&cl_uid, &cl_gid);
 873     if (rv < 0) {
 874         /* message already omitted */
 875         crm_ipc_close(client);
 876         errno = -rv;
 877         return FALSE;
 878     }
 879 
 880     if ((rv = pcmk__crm_ipc_is_authentic_process(client->ipc, client->pfd.fd, cl_uid, cl_gid,
 881                                                   &found_pid, &found_uid,
 882                                                   &found_gid)) == pcmk_rc_ipc_unauthorized) {
 883         crm_err("%s IPC provider authentication failed: process %lld has "
 884                 "uid %lld (expected %lld) and gid %lld (expected %lld)",
 885                 client->server_name,
 886                 (long long) PCMK__SPECIAL_PID_AS_0(found_pid),
 887                 (long long) found_uid, (long long) cl_uid,
 888                 (long long) found_gid, (long long) cl_gid);
 889         crm_ipc_close(client);
 890         errno = ECONNABORTED;
 891         return FALSE;
 892 
 893     } else if (rv != pcmk_rc_ok) {
 894         crm_perror(LOG_ERR, "Could not verify authenticity of %s IPC provider",
 895                    client->server_name);
 896         crm_ipc_close(client);
 897         if (rv > 0) {
 898             errno = rv;
 899         } else {
 900             errno = ENOTCONN;
 901         }
 902         return FALSE;
 903     }
 904 
 905     qb_ipcc_context_set(client->ipc, client);
 906 
 907     client->max_buf_size = qb_ipcc_get_buffer_size(client->ipc);
 908     if (client->max_buf_size > client->buf_size) {
 909         free(client->buffer);
 910         client->buffer = calloc(1, client->max_buf_size);
 911         client->buf_size = client->max_buf_size;
 912     }
 913     return TRUE;
 914 }
 915 
 916 void
 917 crm_ipc_close(crm_ipc_t * client)
     /*  */
 918 {
 919     if (client) {
 920         if (client->ipc) {
 921             qb_ipcc_connection_t *ipc = client->ipc;
 922 
 923             client->ipc = NULL;
 924             qb_ipcc_disconnect(ipc);
 925         }
 926     }
 927 }
 928 
 929 void
 930 crm_ipc_destroy(crm_ipc_t * client)
     /*  */
 931 {
 932     if (client) {
 933         if (client->ipc && qb_ipcc_is_connected(client->ipc)) {
 934             crm_notice("Destroying active %s IPC connection",
 935                        client->server_name);
 936             /* The next line is basically unsafe
 937              *
 938              * If this connection was attached to mainloop and mainloop is active,
 939              *   the 'disconnected' callback will end up back here and we'll end
 940              *   up free'ing the memory twice - something that can still happen
 941              *   even without this if we destroy a connection and it closes before
 942              *   we call exit
 943              */
 944             /* crm_ipc_close(client); */
 945         } else {
 946             crm_trace("Destroying inactive %s IPC connection",
 947                       client->server_name);
 948         }
 949         free(client->buffer);
 950         free(client->server_name);
 951         free(client);
 952     }
 953 }
 954 
 955 int
 956 crm_ipc_get_fd(crm_ipc_t * client)
     /*  */
 957 {
 958     int fd = 0;
 959 
 960     if (client && client->ipc && (qb_ipcc_fd_get(client->ipc, &fd) == 0)) {
 961         return fd;
 962     }
 963     errno = EINVAL;
 964     crm_perror(LOG_ERR, "Could not obtain file descriptor for %s IPC",
 965                (client? client->server_name : "unspecified"));
 966     return -errno;
 967 }
 968 
 969 bool
 970 crm_ipc_connected(crm_ipc_t * client)
     /*  */
 971 {
 972     bool rc = FALSE;
 973 
 974     if (client == NULL) {
 975         crm_trace("No client");
 976         return FALSE;
 977 
 978     } else if (client->ipc == NULL) {
 979         crm_trace("No connection");
 980         return FALSE;
 981 
 982     } else if (client->pfd.fd < 0) {
 983         crm_trace("Bad descriptor");
 984         return FALSE;
 985     }
 986 
 987     rc = qb_ipcc_is_connected(client->ipc);
 988     if (rc == FALSE) {
 989         client->pfd.fd = -EINVAL;
 990     }
 991     return rc;
 992 }
 993 
 994 /*!
 995  * \brief Check whether an IPC connection is ready to be read
 996  *
 997  * \param[in,out] client  Connection to check
 998  *
 999  * \return Positive value if ready to be read, 0 if not ready, -errno on error
1000  */
1001 int
1002 crm_ipc_ready(crm_ipc_t *client)
     /*  */
1003 {
1004     int rc;
1005 
1006     CRM_ASSERT(client != NULL);
1007 
1008     if (crm_ipc_connected(client) == FALSE) {
1009         return -ENOTCONN;
1010     }
1011 
1012     client->pfd.revents = 0;
1013     rc = poll(&(client->pfd), 1, 0);
1014     return (rc < 0)? -errno : rc;
1015 }
1016 
1017 // \return Standard Pacemaker return code
1018 static int
1019 crm_ipc_decompress(crm_ipc_t * client)
     /*  */
1020 {
1021     pcmk__ipc_header_t *header = (pcmk__ipc_header_t *)(void*)client->buffer;
1022 
1023     if (header->size_compressed) {
1024         int rc = 0;
1025         unsigned int size_u = 1 + header->size_uncompressed;
1026         /* never let buf size fall below our max size required for ipc reads. */
1027         unsigned int new_buf_size = QB_MAX((sizeof(pcmk__ipc_header_t) + size_u), client->max_buf_size);
1028         char *uncompressed = calloc(1, new_buf_size);
1029 
1030         crm_trace("Decompressing message data %u bytes into %u bytes",
1031                  header->size_compressed, size_u);
1032 
1033         rc = BZ2_bzBuffToBuffDecompress(uncompressed + sizeof(pcmk__ipc_header_t), &size_u,
1034                                         client->buffer + sizeof(pcmk__ipc_header_t), header->size_compressed, 1, 0);
1035 
1036         if (rc != BZ_OK) {
1037             crm_err("Decompression failed: %s " CRM_XS " bzerror=%d",
1038                     bz2_strerror(rc), rc);
1039             free(uncompressed);
1040             return EILSEQ;
1041         }
1042 
1043         /*
1044          * This assert no longer holds true.  For an identical msg, some clients may
1045          * require compression, and others may not. If that same msg (event) is sent
1046          * to multiple clients, it could result in some clients receiving a compressed
1047          * msg even though compression was not explicitly required for them.
1048          *
1049          * CRM_ASSERT((header->size_uncompressed + sizeof(pcmk__ipc_header_t)) >= ipc_buffer_max);
1050          */
1051         CRM_ASSERT(size_u == header->size_uncompressed);
1052 
1053         memcpy(uncompressed, client->buffer, sizeof(pcmk__ipc_header_t));       /* Preserve the header */
1054         header = (pcmk__ipc_header_t *)(void*)uncompressed;
1055 
1056         free(client->buffer);
1057         client->buf_size = new_buf_size;
1058         client->buffer = uncompressed;
1059     }
1060 
1061     CRM_ASSERT(client->buffer[sizeof(pcmk__ipc_header_t) + header->size_uncompressed - 1] == 0);
1062     return pcmk_rc_ok;
1063 }
1064 
1065 long
1066 crm_ipc_read(crm_ipc_t * client)
     /*  */
1067 {
1068     pcmk__ipc_header_t *header = NULL;
1069 
1070     CRM_ASSERT(client != NULL);
1071     CRM_ASSERT(client->ipc != NULL);
1072     CRM_ASSERT(client->buffer != NULL);
1073 
1074     client->buffer[0] = 0;
1075     client->msg_size = qb_ipcc_event_recv(client->ipc, client->buffer,
1076                                           client->buf_size, 0);
1077     if (client->msg_size >= 0) {
1078         int rc = crm_ipc_decompress(client);
1079 
1080         if (rc != pcmk_rc_ok) {
1081             return pcmk_rc2legacy(rc);
1082         }
1083 
1084         header = (pcmk__ipc_header_t *)(void*)client->buffer;
1085         if (!pcmk__valid_ipc_header(header)) {
1086             return -EBADMSG;
1087         }
1088 
1089         crm_trace("Received %s IPC event %d size=%u rc=%d text='%.100s'",
1090                   client->server_name, header->qb.id, header->qb.size,
1091                   client->msg_size,
1092                   client->buffer + sizeof(pcmk__ipc_header_t));
1093 
1094     } else {
1095         crm_trace("No message received from %s IPC: %s",
1096                   client->server_name, pcmk_strerror(client->msg_size));
1097 
1098         if (client->msg_size == -EAGAIN) {
1099             return -EAGAIN;
1100         }
1101     }
1102 
1103     if (crm_ipc_connected(client) == FALSE || client->msg_size == -ENOTCONN) {
1104         crm_err("Connection to %s IPC failed", client->server_name);
1105     }
1106 
1107     if (header) {
1108         /* Data excluding the header */
1109         return header->size_uncompressed;
1110     }
1111     return -ENOMSG;
1112 }
1113 
1114 const char *
1115 crm_ipc_buffer(crm_ipc_t * client)
     /*  */
1116 {
1117     CRM_ASSERT(client != NULL);
1118     return client->buffer + sizeof(pcmk__ipc_header_t);
1119 }
1120 
1121 uint32_t
1122 crm_ipc_buffer_flags(crm_ipc_t * client)
     /*  */
1123 {
1124     pcmk__ipc_header_t *header = NULL;
1125 
1126     CRM_ASSERT(client != NULL);
1127     if (client->buffer == NULL) {
1128         return 0;
1129     }
1130 
1131     header = (pcmk__ipc_header_t *)(void*)client->buffer;
1132     return header->flags;
1133 }
1134 
1135 const char *
1136 crm_ipc_name(crm_ipc_t * client)
     /*  */
1137 {
1138     CRM_ASSERT(client != NULL);
1139     return client->server_name;
1140 }
1141 
1142 // \return Standard Pacemaker return code
1143 static int
1144 internal_ipc_get_reply(crm_ipc_t *client, int request_id, int ms_timeout,
     /*  */
1145                        ssize_t *bytes)
1146 {
1147     time_t timeout = time(NULL) + 1 + (ms_timeout / 1000);
1148     int rc = pcmk_rc_ok;
1149 
1150     /* get the reply */
1151     crm_trace("Waiting on reply to %s IPC message %d",
1152               client->server_name, request_id);
1153     do {
1154 
1155         *bytes = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, 1000);
1156         if (*bytes > 0) {
1157             pcmk__ipc_header_t *hdr = NULL;
1158 
1159             rc = crm_ipc_decompress(client);
1160             if (rc != pcmk_rc_ok) {
1161                 return rc;
1162             }
1163 
1164             hdr = (pcmk__ipc_header_t *)(void*)client->buffer;
1165             if (hdr->qb.id == request_id) {
1166                 /* Got it */
1167                 break;
1168             } else if (hdr->qb.id < request_id) {
1169                 xmlNode *bad = string2xml(crm_ipc_buffer(client));
1170 
1171                 crm_err("Discarding old reply %d (need %d)", hdr->qb.id, request_id);
1172                 crm_log_xml_notice(bad, "OldIpcReply");
1173 
1174             } else {
1175                 xmlNode *bad = string2xml(crm_ipc_buffer(client));
1176 
1177                 crm_err("Discarding newer reply %d (need %d)", hdr->qb.id, request_id);
1178                 crm_log_xml_notice(bad, "ImpossibleReply");
1179                 CRM_ASSERT(hdr->qb.id <= request_id);
1180             }
1181         } else if (crm_ipc_connected(client) == FALSE) {
1182             crm_err("%s IPC provider disconnected while waiting for message %d",
1183                     client->server_name, request_id);
1184             break;
1185         }
1186 
1187     } while (time(NULL) < timeout);
1188 
1189     if (*bytes < 0) {
1190         rc = (int) -*bytes; // System errno
1191     }
1192     return rc;
1193 }
1194 
1195 /*!
1196  * \brief Send an IPC XML message
1197  *
1198  * \param[in,out] client      Connection to IPC server
1199  * \param[in,out] message     XML message to send
1200  * \param[in]     flags       Bitmask of crm_ipc_flags
1201  * \param[in]     ms_timeout  Give up if not sent within this much time
1202  *                            (5 seconds if 0, or no timeout if negative)
1203  * \param[out]    reply       Reply from server (or NULL if none)
1204  *
1205  * \return Negative errno on error, otherwise size of reply received in bytes
1206  *         if reply was needed, otherwise number of bytes sent
1207  */
1208 int
1209 crm_ipc_send(crm_ipc_t * client, xmlNode * message, enum crm_ipc_flags flags, int32_t ms_timeout,
     /*  */
1210              xmlNode ** reply)
1211 {
1212     int rc = 0;
1213     ssize_t qb_rc = 0;
1214     ssize_t bytes = 0;
1215     struct iovec *iov;
1216     static uint32_t id = 0;
1217     static int factor = 8;
1218     pcmk__ipc_header_t *header;
1219 
1220     if (client == NULL) {
1221         crm_notice("Can't send IPC request without connection (bug?): %.100s",
1222                    message);
1223         return -ENOTCONN;
1224 
1225     } else if (crm_ipc_connected(client) == FALSE) {
1226         /* Don't even bother */
1227         crm_notice("Can't send %s IPC requests: Connection closed",
1228                    client->server_name);
1229         return -ENOTCONN;
1230     }
1231 
1232     if (ms_timeout == 0) {
1233         ms_timeout = 5000;
1234     }
1235 
1236     if (client->need_reply) {
1237         qb_rc = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, ms_timeout);
1238         if (qb_rc < 0) {
1239             crm_warn("Sending %s IPC disabled until pending reply received",
1240                      client->server_name);
1241             return -EALREADY;
1242 
1243         } else {
1244             crm_notice("Sending %s IPC re-enabled after pending reply received",
1245                        client->server_name);
1246             client->need_reply = FALSE;
1247         }
1248     }
1249 
1250     id++;
1251     CRM_LOG_ASSERT(id != 0); /* Crude wrap-around detection */
1252     rc = pcmk__ipc_prepare_iov(id, message, client->max_buf_size, &iov, &bytes);
1253     if (rc != pcmk_rc_ok) {
1254         crm_warn("Couldn't prepare %s IPC request: %s " CRM_XS " rc=%d",
1255                  client->server_name, pcmk_rc_str(rc), rc);
1256         return pcmk_rc2legacy(rc);
1257     }
1258 
1259     header = iov[0].iov_base;
1260     pcmk__set_ipc_flags(header->flags, client->server_name, flags);
1261 
1262     if (pcmk_is_set(flags, crm_ipc_proxied)) {
1263         /* Don't look for a synchronous response */
1264         pcmk__clear_ipc_flags(flags, "client", crm_ipc_client_response);
1265     }
1266 
1267     if(header->size_compressed) {
1268         if(factor < 10 && (client->max_buf_size / 10) < (bytes / factor)) {
1269             crm_notice("Compressed message exceeds %d0%% of configured IPC "
1270                        "limit (%u bytes); consider setting PCMK_ipc_buffer to "
1271                        "%u or higher",
1272                        factor, client->max_buf_size, 2 * client->max_buf_size);
1273             factor++;
1274         }
1275     }
1276 
1277     crm_trace("Sending %s IPC request %d of %u bytes using %dms timeout",
1278               client->server_name, header->qb.id, header->qb.size, ms_timeout);
1279 
1280     if ((ms_timeout > 0) || !pcmk_is_set(flags, crm_ipc_client_response)) {
1281 
1282         time_t timeout = time(NULL) + 1 + (ms_timeout / 1000);
1283 
1284         do {
1285             /* @TODO Is this check really needed? Won't qb_ipcc_sendv() return
1286              * an error if it's not connected?
1287              */
1288             if (!crm_ipc_connected(client)) {
1289                 goto send_cleanup;
1290             }
1291 
1292             qb_rc = qb_ipcc_sendv(client->ipc, iov, 2);
1293         } while ((qb_rc == -EAGAIN) && (time(NULL) < timeout));
1294 
1295         rc = (int) qb_rc; // Negative of system errno, or bytes sent
1296         if (qb_rc <= 0) {
1297             goto send_cleanup;
1298 
1299         } else if (!pcmk_is_set(flags, crm_ipc_client_response)) {
1300             crm_trace("Not waiting for reply to %s IPC request %d",
1301                       client->server_name, header->qb.id);
1302             goto send_cleanup;
1303         }
1304 
1305         rc = internal_ipc_get_reply(client, header->qb.id, ms_timeout, &bytes);
1306         if (rc != pcmk_rc_ok) {
1307             /* We didn't get the reply in time, so disable future sends for now.
1308              * The only alternative would be to close the connection since we
1309              * don't know how to detect and discard out-of-sequence replies.
1310              *
1311              * @TODO Implement out-of-sequence detection
1312              */
1313             client->need_reply = TRUE;
1314         }
1315         rc = (int) bytes; // Negative system errno, or size of reply received
1316 
1317     } else {
1318         // No timeout, and client response needed
1319         do {
1320             qb_rc = qb_ipcc_sendv_recv(client->ipc, iov, 2, client->buffer,
1321                                        client->buf_size, -1);
1322         } while ((qb_rc == -EAGAIN) && crm_ipc_connected(client));
1323         rc = (int) qb_rc; // Negative system errno, or size of reply received
1324     }
1325 
1326     if (rc > 0) {
1327         pcmk__ipc_header_t *hdr = (pcmk__ipc_header_t *)(void*)client->buffer;
1328 
1329         crm_trace("Received %d-byte reply %d to %s IPC %d: %.100s",
1330                   rc, hdr->qb.id, client->server_name, header->qb.id,
1331                   crm_ipc_buffer(client));
1332 
1333         if (reply) {
1334             *reply = string2xml(crm_ipc_buffer(client));
1335         }
1336 
1337     } else {
1338         crm_trace("No reply to %s IPC %d: rc=%d",
1339                   client->server_name, header->qb.id, rc);
1340     }
1341 
1342   send_cleanup:
1343     if (crm_ipc_connected(client) == FALSE) {
1344         crm_notice("Couldn't send %s IPC request %d: Connection closed "
1345                    CRM_XS " rc=%d", client->server_name, header->qb.id, rc);
1346 
1347     } else if (rc == -ETIMEDOUT) {
1348         crm_warn("%s IPC request %d failed: %s after %dms " CRM_XS " rc=%d",
1349                  client->server_name, header->qb.id, pcmk_strerror(rc),
1350                  ms_timeout, rc);
1351         crm_write_blackbox(0, NULL);
1352 
1353     } else if (rc <= 0) {
1354         crm_warn("%s IPC request %d failed: %s " CRM_XS " rc=%d",
1355                  client->server_name, header->qb.id,
1356                  ((rc == 0)? "No bytes sent" : pcmk_strerror(rc)), rc);
1357     }
1358 
1359     pcmk_free_ipc_event(iov);
1360     return rc;
1361 }
1362 
1363 int
1364 pcmk__crm_ipc_is_authentic_process(qb_ipcc_connection_t *qb_ipc, int sock, uid_t refuid, gid_t refgid,
     /*  */
1365                                    pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1366 {
1367     int ret = 0;
1368     pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
1369 #if defined(HAVE_UCRED)
1370     struct ucred ucred;
1371     socklen_t ucred_len = sizeof(ucred);
1372 #endif
1373 
1374 #ifdef HAVE_QB_IPCC_AUTH_GET
1375     if (qb_ipc && !qb_ipcc_auth_get(qb_ipc, &found_pid, &found_uid, &found_gid)) {
1376         goto do_checks;
1377     }
1378 #endif
1379 
1380 #if defined(HAVE_UCRED)
1381     if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED,
1382                     &ucred, &ucred_len)
1383                 && ucred_len == sizeof(ucred)) {
1384         found_pid = ucred.pid; found_uid = ucred.uid; found_gid = ucred.gid;
1385 
1386 #elif defined(HAVE_SOCKPEERCRED)
1387     struct sockpeercred sockpeercred;
1388     socklen_t sockpeercred_len = sizeof(sockpeercred);
1389 
1390     if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED,
1391                     &sockpeercred, &sockpeercred_len)
1392                 && sockpeercred_len == sizeof(sockpeercred_len)) {
1393         found_pid = sockpeercred.pid;
1394         found_uid = sockpeercred.uid; found_gid = sockpeercred.gid;
1395 
1396 #elif defined(HAVE_GETPEEREID)
1397     if (!getpeereid(sock, &found_uid, &found_gid)) {
1398         found_pid = PCMK__SPECIAL_PID;  /* cannot obtain PID (FreeBSD) */
1399 
1400 #elif defined(HAVE_GETPEERUCRED)
1401     ucred_t *ucred;
1402     if (!getpeerucred(sock, &ucred)) {
1403         errno = 0;
1404         found_pid = ucred_getpid(ucred);
1405         found_uid = ucred_geteuid(ucred); found_gid = ucred_getegid(ucred);
1406         ret = -errno;
1407         ucred_free(ucred);
1408         if (ret) {
1409             return (ret < 0) ? ret : -pcmk_err_generic;
1410         }
1411 
1412 #else
1413 #  error "No way to authenticate a Unix socket peer"
1414     errno = 0;
1415     if (0) {
1416 #endif
1417 #ifdef HAVE_QB_IPCC_AUTH_GET
1418     do_checks:
1419 #endif
1420         if (gotpid != NULL) {
1421             *gotpid = found_pid;
1422         }
1423         if (gotuid != NULL) {
1424             *gotuid = found_uid;
1425         }
1426         if (gotgid != NULL) {
1427             *gotgid = found_gid;
1428         }
1429         if (found_uid == 0 || found_uid == refuid || found_gid == refgid) {
1430                 ret = 0;
1431         } else {
1432                 ret = pcmk_rc_ipc_unauthorized;
1433         }
1434     } else {
1435         ret = (errno > 0) ? errno : pcmk_rc_error;
1436     }
1437     return ret;
1438 }
1439 
1440 int
1441 crm_ipc_is_authentic_process(int sock, uid_t refuid, gid_t refgid,
     /*  */
1442                              pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1443 {
1444     int ret  = pcmk__crm_ipc_is_authentic_process(NULL, sock, refuid, refgid,
1445                                                   gotpid, gotuid, gotgid);
1446 
1447     /* The old function had some very odd return codes*/
1448     if (ret == 0) {
1449         return 1;
1450     } else if (ret == pcmk_rc_ipc_unauthorized) {
1451         return 0;
1452     } else {
1453         return pcmk_rc2legacy(ret);
1454     }
1455 }
1456 
1457 int
1458 pcmk__ipc_is_authentic_process_active(const char *name, uid_t refuid,
     /*  */
1459                                       gid_t refgid, pid_t *gotpid)
1460 {
1461     static char last_asked_name[PATH_MAX / 2] = "";  /* log spam prevention */
1462     int fd;
1463     int rc = pcmk_rc_ipc_unresponsive;
1464     int auth_rc = 0;
1465     int32_t qb_rc;
1466     pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
1467     qb_ipcc_connection_t *c;
1468 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC
1469     struct pollfd pollfd = { 0, };
1470     int poll_rc;
1471 
1472     c = qb_ipcc_connect_async(name, 0,
1473                               &(pollfd.fd));
1474 #else
1475     c = qb_ipcc_connect(name, 0);
1476 #endif
1477     if (c == NULL) {
1478         crm_info("Could not connect to %s IPC: %s", name, strerror(errno));
1479         rc = pcmk_rc_ipc_unresponsive;
1480         goto bail;
1481     }
1482 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC
1483     pollfd.events = POLLIN;
1484     do {
1485         poll_rc = poll(&pollfd, 1, 2000);
1486     } while ((poll_rc == -1) && (errno == EINTR));
1487     if ((poll_rc <= 0) || (qb_ipcc_connect_continue(c) != 0)) {
1488         crm_info("Could not connect to %s IPC: %s", name,
1489                  (poll_rc == 0)?"timeout":strerror(errno));
1490         rc = pcmk_rc_ipc_unresponsive;
1491         if (poll_rc > 0) {
1492             c = NULL; // qb_ipcc_connect_continue cleaned up for us
1493         }
1494         goto bail;
1495     }
1496 #endif
1497 
1498     qb_rc = qb_ipcc_fd_get(c, &fd);
1499     if (qb_rc != 0) {
1500         rc = (int) -qb_rc; // System errno
1501         crm_err("Could not get fd from %s IPC: %s " CRM_XS " rc=%d",
1502                 name, pcmk_rc_str(rc), rc);
1503         goto bail;
1504     }
1505 
1506     auth_rc = pcmk__crm_ipc_is_authentic_process(c, fd, refuid, refgid, &found_pid,
1507                                                  &found_uid, &found_gid);
1508     if (auth_rc == pcmk_rc_ipc_unauthorized) {
1509         crm_err("Daemon (IPC %s) effectively blocked with unauthorized"
1510                 " process %lld (uid: %lld, gid: %lld)",
1511                 name, (long long) PCMK__SPECIAL_PID_AS_0(found_pid),
1512                 (long long) found_uid, (long long) found_gid);
1513         rc = pcmk_rc_ipc_unauthorized;
1514         goto bail;
1515     }
1516 
1517     if (auth_rc != pcmk_rc_ok) {
1518         rc = auth_rc;
1519         crm_err("Could not get peer credentials from %s IPC: %s "
1520                 CRM_XS " rc=%d", name, pcmk_rc_str(rc), rc);
1521         goto bail;
1522     }
1523 
1524     if (gotpid != NULL) {
1525         *gotpid = found_pid;
1526     }
1527 
1528     rc = pcmk_rc_ok;
1529     if ((found_uid != refuid || found_gid != refgid)
1530             && strncmp(last_asked_name, name, sizeof(last_asked_name))) {
1531         if ((found_uid == 0) && (refuid != 0)) {
1532             crm_warn("Daemon (IPC %s) runs as root, whereas the expected"
1533                      " credentials are %lld:%lld, hazard of violating"
1534                      " the least privilege principle",
1535                      name, (long long) refuid, (long long) refgid);
1536         } else {
1537             crm_notice("Daemon (IPC %s) runs as %lld:%lld, whereas the"
1538                        " expected credentials are %lld:%lld, which may"
1539                        " mean a different set of privileges than expected",
1540                        name, (long long) found_uid, (long long) found_gid,
1541                        (long long) refuid, (long long) refgid);
1542         }
1543         memccpy(last_asked_name, name, '\0', sizeof(last_asked_name));
1544     }
1545 
1546 bail:
1547     if (c != NULL) {
1548         qb_ipcc_disconnect(c);
1549     }
1550     return rc;
1551 }
/* */
root/lib/common/ipc_client.c

DEFINITIONS
