This source file includes following definitions.
- pcmk_new_ipc_api
- free_daemon_specific_data
- pcmk__call_ipc_callback
- ipc_post_disconnect
- pcmk_free_ipc_api
- pcmk_ipc_name
- pcmk_ipc_is_connected
- call_api_dispatch
- dispatch_ipc_data
- dispatch_ipc_source_data
- pcmk_poll_ipc
- pcmk_dispatch_ipc
- connect_with_main_loop
- connect_without_main_loop
- pcmk_connect_ipc
- pcmk_disconnect_ipc
- pcmk_register_ipc_callback
- pcmk__send_ipc_request
- create_purge_node_request
- pcmk_ipc_purge_node
- crm_ipc_new
- crm_ipc_connect
- crm_ipc_close
- crm_ipc_destroy
- crm_ipc_get_fd
- crm_ipc_connected
- crm_ipc_ready
- crm_ipc_decompress
- crm_ipc_read
- crm_ipc_buffer
- crm_ipc_buffer_flags
- crm_ipc_name
- internal_ipc_get_reply
- crm_ipc_send
- pcmk__crm_ipc_is_authentic_process
- crm_ipc_is_authentic_process
- pcmk__ipc_is_authentic_process_active
1
2
3
4
5
6
7
8
9
10 #include <crm_internal.h>
11
12 #if defined(HAVE_UCRED) || defined(HAVE_SOCKPEERCRED)
13 # ifdef HAVE_UCRED
14 # ifndef _GNU_SOURCE
15 # define _GNU_SOURCE
16 # endif
17 # endif
18 # include <sys/socket.h>
19 #elif defined(HAVE_GETPEERUCRED)
20 # include <ucred.h>
21 #endif
22
23 #include <stdio.h>
24 #include <sys/types.h>
25 #include <errno.h>
26 #include <bzlib.h>
27
28 #include <crm/crm.h>
29 #include <crm/msg_xml.h>
30 #include <crm/common/ipc.h>
31 #include <crm/common/ipc_internal.h>
32 #include "crmcommon_private.h"
33
34
35
36
37
38
39
40
41
42
43
44
45
46 int
47 pcmk_new_ipc_api(pcmk_ipc_api_t **api, enum pcmk_ipc_server server)
48 {
49 if (api == NULL) {
50 return EINVAL;
51 }
52
53 *api = calloc(1, sizeof(pcmk_ipc_api_t));
54 if (*api == NULL) {
55 return errno;
56 }
57
58 (*api)->server = server;
59 if (pcmk_ipc_name(*api, false) == NULL) {
60 pcmk_free_ipc_api(*api);
61 *api = NULL;
62 return EOPNOTSUPP;
63 }
64
65 (*api)->ipc_size_max = 0;
66
67
68 switch (server) {
69 case pcmk_ipc_attrd:
70 (*api)->cmds = pcmk__attrd_api_methods();
71 break;
72
73 case pcmk_ipc_based:
74 (*api)->ipc_size_max = 512 * 1024;
75 break;
76
77 case pcmk_ipc_controld:
78 (*api)->cmds = pcmk__controld_api_methods();
79 break;
80
81 case pcmk_ipc_execd:
82 break;
83
84 case pcmk_ipc_fenced:
85 break;
86
87 case pcmk_ipc_pacemakerd:
88 (*api)->cmds = pcmk__pacemakerd_api_methods();
89 break;
90
91 case pcmk_ipc_schedulerd:
92 (*api)->cmds = pcmk__schedulerd_api_methods();
93
94 (*api)->ipc_size_max = 5 * 1024 * 1024;
95 break;
96 }
97 if ((*api)->cmds == NULL) {
98 pcmk_free_ipc_api(*api);
99 *api = NULL;
100 return ENOMEM;
101 }
102
103 (*api)->ipc = crm_ipc_new(pcmk_ipc_name(*api, false),
104 (*api)->ipc_size_max);
105 if ((*api)->ipc == NULL) {
106 pcmk_free_ipc_api(*api);
107 *api = NULL;
108 return ENOMEM;
109 }
110
111
112 if ((*api)->cmds->new_data != NULL) {
113 if ((*api)->cmds->new_data(*api) != pcmk_rc_ok) {
114 pcmk_free_ipc_api(*api);
115 *api = NULL;
116 return ENOMEM;
117 }
118 }
119 crm_trace("Created %s API IPC object", pcmk_ipc_name(*api, true));
120 return pcmk_rc_ok;
121 }
122
123 static void
124 free_daemon_specific_data(pcmk_ipc_api_t *api)
125 {
126 if ((api != NULL) && (api->cmds != NULL)) {
127 if ((api->cmds->free_data != NULL) && (api->api_data != NULL)) {
128 api->cmds->free_data(api->api_data);
129 api->api_data = NULL;
130 }
131 free(api->cmds);
132 api->cmds = NULL;
133 }
134 }
135
136
137
138
139
140
141
142
143
144
145 void
146 pcmk__call_ipc_callback(pcmk_ipc_api_t *api, enum pcmk_ipc_event event_type,
147 crm_exit_t status, void *event_data)
148 {
149 if ((api != NULL) && (api->cb != NULL)) {
150 api->cb(api, event_type, status, event_data, api->user_data);
151 }
152 }
153
154
155
156
157
158
159
160
161
162 static void
163 ipc_post_disconnect(gpointer user_data)
164 {
165 pcmk_ipc_api_t *api = user_data;
166
167 crm_info("Disconnected from %s IPC API", pcmk_ipc_name(api, true));
168
169
170 if ((api->cmds != NULL) && (api->cmds->post_disconnect != NULL)) {
171 api->cmds->post_disconnect(api);
172 }
173
174
175 pcmk__call_ipc_callback(api, pcmk_ipc_event_disconnect, CRM_EX_DISCONNECT,
176 NULL);
177
178
179
180
181
182
183 api->ipc = NULL;
184 api->mainloop_io = NULL;
185
186 if (api->free_on_disconnect) {
187
188
189
190 free_daemon_specific_data(api);
191 crm_trace("Freeing IPC API object after disconnect");
192 free(api);
193 }
194 }
195
196
197
198
199
200
201 void
202 pcmk_free_ipc_api(pcmk_ipc_api_t *api)
203 {
204 bool free_on_disconnect = false;
205
206 if (api == NULL) {
207 return;
208 }
209 crm_debug("Releasing %s IPC API", pcmk_ipc_name(api, true));
210
211 if (api->ipc != NULL) {
212 if (api->mainloop_io != NULL) {
213
214
215
216
217
218
219
220
221
222 free_on_disconnect = api->free_on_disconnect = true;
223 }
224 pcmk_disconnect_ipc(api);
225 }
226 if (!free_on_disconnect) {
227 free_daemon_specific_data(api);
228 crm_trace("Freeing IPC API object");
229 free(api);
230 }
231 }
232
233
234
235
236
237
238
239
240
241
242 const char *
243 pcmk_ipc_name(const pcmk_ipc_api_t *api, bool for_log)
244 {
245 if (api == NULL) {
246 return for_log? "Pacemaker" : NULL;
247 }
248 switch (api->server) {
249 case pcmk_ipc_attrd:
250 return for_log? "attribute manager" : T_ATTRD;
251
252 case pcmk_ipc_based:
253 return for_log? "CIB manager" : NULL ;
254
255 case pcmk_ipc_controld:
256 return for_log? "controller" : CRM_SYSTEM_CRMD;
257
258 case pcmk_ipc_execd:
259 return for_log? "executor" : NULL ;
260
261 case pcmk_ipc_fenced:
262 return for_log? "fencer" : NULL ;
263
264 case pcmk_ipc_pacemakerd:
265 return for_log? "launcher" : CRM_SYSTEM_MCP;
266
267 case pcmk_ipc_schedulerd:
268 return for_log? "scheduler" : CRM_SYSTEM_PENGINE;
269
270 default:
271 return for_log? "Pacemaker" : NULL;
272 }
273 }
274
275
276
277
278
279
280
281
282 bool
283 pcmk_ipc_is_connected(pcmk_ipc_api_t *api)
284 {
285 return (api != NULL) && crm_ipc_connected(api->ipc);
286 }
287
288
289
290
291
292
293
294
295
296
297
298
299 static bool
300 call_api_dispatch(pcmk_ipc_api_t *api, xmlNode *message)
301 {
302 crm_log_xml_trace(message, "ipc-received");
303 if ((api->cmds != NULL) && (api->cmds->dispatch != NULL)) {
304 return api->cmds->dispatch(api, message);
305 }
306
307 return false;
308 }
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325 static int
326 dispatch_ipc_data(const char *buffer, pcmk_ipc_api_t *api)
327 {
328 bool more = false;
329 xmlNode *msg;
330
331 if (buffer == NULL) {
332 crm_warn("Empty message received from %s IPC",
333 pcmk_ipc_name(api, true));
334 return ENOMSG;
335 }
336
337 msg = string2xml(buffer);
338 if (msg == NULL) {
339 crm_warn("Malformed message received from %s IPC",
340 pcmk_ipc_name(api, true));
341 return EPROTO;
342 }
343
344 more = call_api_dispatch(api, msg);
345 free_xml(msg);
346
347 if (more) {
348 return EINPROGRESS;
349 } else {
350 return pcmk_rc_ok;
351 }
352 }
353
354
355
356
357
358
359
360
361
362
363
364
365
366 static int
367 dispatch_ipc_source_data(const char *buffer, ssize_t length, gpointer user_data)
368 {
369 pcmk_ipc_api_t *api = user_data;
370
371 CRM_CHECK(api != NULL, return 0);
372 dispatch_ipc_data(buffer, api);
373 return 0;
374 }
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394 int
395 pcmk_poll_ipc(const pcmk_ipc_api_t *api, int timeout_ms)
396 {
397 int rc;
398 struct pollfd pollfd = { 0, };
399
400 if ((api == NULL) || (api->dispatch_type != pcmk_ipc_dispatch_poll)) {
401 return EINVAL;
402 }
403 pollfd.fd = crm_ipc_get_fd(api->ipc);
404 pollfd.events = POLLIN;
405 rc = poll(&pollfd, 1, timeout_ms);
406 if (rc < 0) {
407 return errno;
408 } else if (rc == 0) {
409 return EAGAIN;
410 }
411 return pcmk_rc_ok;
412 }
413
414
415
416
417
418
419
420
421
422
423
424 void
425 pcmk_dispatch_ipc(pcmk_ipc_api_t *api)
426 {
427 if (api == NULL) {
428 return;
429 }
430 while (crm_ipc_ready(api->ipc) > 0) {
431 if (crm_ipc_read(api->ipc) > 0) {
432 dispatch_ipc_data(crm_ipc_buffer(api->ipc), api);
433 }
434 }
435 }
436
437
438 static int
439 connect_with_main_loop(pcmk_ipc_api_t *api)
440 {
441 int rc;
442
443 struct ipc_client_callbacks callbacks = {
444 .dispatch = dispatch_ipc_source_data,
445 .destroy = ipc_post_disconnect,
446 };
447
448 rc = pcmk__add_mainloop_ipc(api->ipc, G_PRIORITY_DEFAULT, api,
449 &callbacks, &(api->mainloop_io));
450 if (rc != pcmk_rc_ok) {
451 return rc;
452 }
453 crm_debug("Connected to %s IPC (attached to main loop)",
454 pcmk_ipc_name(api, true));
455
456
457
458 return pcmk_rc_ok;
459 }
460
461
462 static int
463 connect_without_main_loop(pcmk_ipc_api_t *api)
464 {
465 int rc;
466
467 if (!crm_ipc_connect(api->ipc)) {
468 rc = errno;
469 crm_ipc_close(api->ipc);
470 return rc;
471 }
472 crm_debug("Connected to %s IPC (without main loop)",
473 pcmk_ipc_name(api, true));
474 return pcmk_rc_ok;
475 }
476
477
478
479
480
481
482
483
484
485 int
486 pcmk_connect_ipc(pcmk_ipc_api_t *api, enum pcmk_ipc_dispatch dispatch_type)
487 {
488 int rc = pcmk_rc_ok;
489
490 if (api == NULL) {
491 crm_err("Cannot connect to uninitialized API object");
492 return EINVAL;
493 }
494
495 if (api->ipc == NULL) {
496 api->ipc = crm_ipc_new(pcmk_ipc_name(api, false),
497 api->ipc_size_max);
498 if (api->ipc == NULL) {
499 crm_err("Failed to re-create IPC API");
500 return ENOMEM;
501 }
502 }
503
504 if (crm_ipc_connected(api->ipc)) {
505 crm_trace("Already connected to %s IPC API", pcmk_ipc_name(api, true));
506 return pcmk_rc_ok;
507 }
508
509 api->dispatch_type = dispatch_type;
510 switch (dispatch_type) {
511 case pcmk_ipc_dispatch_main:
512 rc = connect_with_main_loop(api);
513 break;
514
515 case pcmk_ipc_dispatch_sync:
516 case pcmk_ipc_dispatch_poll:
517 rc = connect_without_main_loop(api);
518 break;
519 }
520 if (rc != pcmk_rc_ok) {
521 return rc;
522 }
523
524 if ((api->cmds != NULL) && (api->cmds->post_connect != NULL)) {
525 rc = api->cmds->post_connect(api);
526 if (rc != pcmk_rc_ok) {
527 crm_ipc_close(api->ipc);
528 }
529 }
530 return rc;
531 }
532
533
534
535
536
537
538
539
540
541
542
543
544 void
545 pcmk_disconnect_ipc(pcmk_ipc_api_t *api)
546 {
547 if ((api == NULL) || (api->ipc == NULL)) {
548 return;
549 }
550 switch (api->dispatch_type) {
551 case pcmk_ipc_dispatch_main:
552 {
553 mainloop_io_t *mainloop_io = api->mainloop_io;
554
555
556 api->mainloop_io = NULL;
557 api->ipc = NULL;
558
559 mainloop_del_ipc_client(mainloop_io);
560
561 }
562 break;
563
564 case pcmk_ipc_dispatch_poll:
565 case pcmk_ipc_dispatch_sync:
566 {
567 crm_ipc_t *ipc = api->ipc;
568
569
570 api->ipc = NULL;
571
572
573 api->free_on_disconnect = false;
574
575 crm_ipc_close(ipc);
576 crm_ipc_destroy(ipc);
577 ipc_post_disconnect(api);
578 }
579 break;
580 }
581 }
582
583
584
585
586
587
588
589
590
591
592
593
594
595 void
596 pcmk_register_ipc_callback(pcmk_ipc_api_t *api, pcmk_ipc_callback_t cb,
597 void *user_data)
598 {
599 if (api == NULL) {
600 return;
601 }
602 api->cb = cb;
603 api->user_data = user_data;
604 }
605
606
607
608
609
610
611
612
613
614
615
616
617
618 int
619 pcmk__send_ipc_request(pcmk_ipc_api_t *api, xmlNode *request)
620 {
621 int rc;
622 xmlNode *reply = NULL;
623 enum crm_ipc_flags flags = crm_ipc_flags_none;
624
625 if ((api == NULL) || (api->ipc == NULL) || (request == NULL)) {
626 return EINVAL;
627 }
628 crm_log_xml_trace(request, "ipc-sent");
629
630
631 if ((api->dispatch_type == pcmk_ipc_dispatch_sync)
632 && (api->cmds != NULL)
633 && (api->cmds->reply_expected != NULL)
634 && (api->cmds->reply_expected(api, request))) {
635 flags = crm_ipc_client_response;
636 }
637
638
639 rc = crm_ipc_send(api->ipc, request, flags, 0, &reply);
640
641 if (rc < 0) {
642 return pcmk_legacy2rc(rc);
643 } else if (rc == 0) {
644 return ENODATA;
645 }
646
647
648 if (reply != NULL) {
649 bool more = call_api_dispatch(api, reply);
650
651 free_xml(reply);
652
653 while (more) {
654 rc = crm_ipc_read(api->ipc);
655
656 if (rc == -EAGAIN) {
657 continue;
658 } else if (rc == -ENOMSG || rc == pcmk_ok) {
659 return pcmk_rc_ok;
660 } else if (rc < 0) {
661 return -rc;
662 }
663
664 rc = dispatch_ipc_data(crm_ipc_buffer(api->ipc), api);
665
666 if (rc == pcmk_rc_ok) {
667 more = false;
668 } else if (rc == EINPROGRESS) {
669 more = true;
670 } else {
671 continue;
672 }
673 }
674 }
675 return pcmk_rc_ok;
676 }
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700 static xmlNode *
701 create_purge_node_request(const pcmk_ipc_api_t *api, const char *node_name,
702 uint32_t nodeid)
703 {
704 xmlNode *request = NULL;
705 const char *client = crm_system_name? crm_system_name : "client";
706
707 switch (api->server) {
708 case pcmk_ipc_attrd:
709 request = create_xml_node(NULL, __func__);
710 crm_xml_add(request, F_TYPE, T_ATTRD);
711 crm_xml_add(request, F_ORIG, crm_system_name);
712 crm_xml_add(request, PCMK__XA_TASK, PCMK__ATTRD_CMD_PEER_REMOVE);
713 pcmk__xe_add_node(request, node_name, nodeid);
714 break;
715
716 case pcmk_ipc_controld:
717 case pcmk_ipc_fenced:
718 case pcmk_ipc_pacemakerd:
719 request = create_request(CRM_OP_RM_NODE_CACHE, NULL, NULL,
720 pcmk_ipc_name(api, false), client, NULL);
721 if (nodeid > 0) {
722 crm_xml_set_id(request, "%lu", (unsigned long) nodeid);
723 }
724 crm_xml_add(request, XML_ATTR_UNAME, node_name);
725 break;
726
727 case pcmk_ipc_based:
728 case pcmk_ipc_execd:
729 case pcmk_ipc_schedulerd:
730 break;
731 }
732 return request;
733 }
734
735
736
737
738
739
740
741
742
743
744
745
746 int
747 pcmk_ipc_purge_node(pcmk_ipc_api_t *api, const char *node_name, uint32_t nodeid)
748 {
749 int rc = 0;
750 xmlNode *request = NULL;
751
752 if (api == NULL) {
753 return EINVAL;
754 }
755 if ((node_name == NULL) && (nodeid == 0)) {
756 return EINVAL;
757 }
758
759 request = create_purge_node_request(api, node_name, nodeid);
760 if (request == NULL) {
761 return EOPNOTSUPP;
762 }
763 rc = pcmk__send_ipc_request(api, request);
764 free_xml(request);
765
766 crm_debug("%s peer cache purge of node %s[%lu]: rc=%d",
767 pcmk_ipc_name(api, true), node_name, (unsigned long) nodeid, rc);
768 return rc;
769 }
770
771
772
773
774
775 struct crm_ipc_s {
776 struct pollfd pfd;
777 unsigned int max_buf_size;
778 unsigned int buf_size;
779 int msg_size;
780 int need_reply;
781 char *buffer;
782 char *server_name;
783 qb_ipcc_connection_t *ipc;
784 };
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799 crm_ipc_t *
800 crm_ipc_new(const char *name, size_t max_size)
801 {
802 crm_ipc_t *client = NULL;
803
804 client = calloc(1, sizeof(crm_ipc_t));
805 if (client == NULL) {
806 crm_err("Could not create IPC connection: %s", strerror(errno));
807 return NULL;
808 }
809
810 client->server_name = strdup(name);
811 if (client->server_name == NULL) {
812 crm_err("Could not create %s IPC connection: %s",
813 name, strerror(errno));
814 free(client);
815 return NULL;
816 }
817 client->buf_size = pcmk__ipc_buffer_size(max_size);
818 client->buffer = malloc(client->buf_size);
819 if (client->buffer == NULL) {
820 crm_err("Could not create %s IPC connection: %s",
821 name, strerror(errno));
822 free(client->server_name);
823 free(client);
824 return NULL;
825 }
826
827
828 client->max_buf_size = client->buf_size;
829
830 client->pfd.fd = -1;
831 client->pfd.events = POLLIN;
832 client->pfd.revents = 0;
833
834 return client;
835 }
836
837
838
839
840
841
842
843
844
845
846 bool
847 crm_ipc_connect(crm_ipc_t *client)
848 {
849 uid_t cl_uid = 0;
850 gid_t cl_gid = 0;
851 pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
852 int rv;
853
854 client->need_reply = FALSE;
855 client->ipc = qb_ipcc_connect(client->server_name, client->buf_size);
856
857 if (client->ipc == NULL) {
858 crm_debug("Could not establish %s IPC connection: %s (%d)",
859 client->server_name, pcmk_rc_str(errno), errno);
860 return FALSE;
861 }
862
863 client->pfd.fd = crm_ipc_get_fd(client);
864 if (client->pfd.fd < 0) {
865 rv = errno;
866
867 crm_ipc_close(client);
868 errno = rv;
869 return FALSE;
870 }
871
872 rv = pcmk_daemon_user(&cl_uid, &cl_gid);
873 if (rv < 0) {
874
875 crm_ipc_close(client);
876 errno = -rv;
877 return FALSE;
878 }
879
880 if ((rv = pcmk__crm_ipc_is_authentic_process(client->ipc, client->pfd.fd, cl_uid, cl_gid,
881 &found_pid, &found_uid,
882 &found_gid)) == pcmk_rc_ipc_unauthorized) {
883 crm_err("%s IPC provider authentication failed: process %lld has "
884 "uid %lld (expected %lld) and gid %lld (expected %lld)",
885 client->server_name,
886 (long long) PCMK__SPECIAL_PID_AS_0(found_pid),
887 (long long) found_uid, (long long) cl_uid,
888 (long long) found_gid, (long long) cl_gid);
889 crm_ipc_close(client);
890 errno = ECONNABORTED;
891 return FALSE;
892
893 } else if (rv != pcmk_rc_ok) {
894 crm_perror(LOG_ERR, "Could not verify authenticity of %s IPC provider",
895 client->server_name);
896 crm_ipc_close(client);
897 if (rv > 0) {
898 errno = rv;
899 } else {
900 errno = ENOTCONN;
901 }
902 return FALSE;
903 }
904
905 qb_ipcc_context_set(client->ipc, client);
906
907 client->max_buf_size = qb_ipcc_get_buffer_size(client->ipc);
908 if (client->max_buf_size > client->buf_size) {
909 free(client->buffer);
910 client->buffer = calloc(1, client->max_buf_size);
911 client->buf_size = client->max_buf_size;
912 }
913 return TRUE;
914 }
915
916 void
917 crm_ipc_close(crm_ipc_t * client)
918 {
919 if (client) {
920 if (client->ipc) {
921 qb_ipcc_connection_t *ipc = client->ipc;
922
923 client->ipc = NULL;
924 qb_ipcc_disconnect(ipc);
925 }
926 }
927 }
928
929 void
930 crm_ipc_destroy(crm_ipc_t * client)
931 {
932 if (client) {
933 if (client->ipc && qb_ipcc_is_connected(client->ipc)) {
934 crm_notice("Destroying active %s IPC connection",
935 client->server_name);
936
937
938
939
940
941
942
943
944
945 } else {
946 crm_trace("Destroying inactive %s IPC connection",
947 client->server_name);
948 }
949 free(client->buffer);
950 free(client->server_name);
951 free(client);
952 }
953 }
954
955 int
956 crm_ipc_get_fd(crm_ipc_t * client)
957 {
958 int fd = 0;
959
960 if (client && client->ipc && (qb_ipcc_fd_get(client->ipc, &fd) == 0)) {
961 return fd;
962 }
963 errno = EINVAL;
964 crm_perror(LOG_ERR, "Could not obtain file descriptor for %s IPC",
965 (client? client->server_name : "unspecified"));
966 return -errno;
967 }
968
969 bool
970 crm_ipc_connected(crm_ipc_t * client)
971 {
972 bool rc = FALSE;
973
974 if (client == NULL) {
975 crm_trace("No client");
976 return FALSE;
977
978 } else if (client->ipc == NULL) {
979 crm_trace("No connection");
980 return FALSE;
981
982 } else if (client->pfd.fd < 0) {
983 crm_trace("Bad descriptor");
984 return FALSE;
985 }
986
987 rc = qb_ipcc_is_connected(client->ipc);
988 if (rc == FALSE) {
989 client->pfd.fd = -EINVAL;
990 }
991 return rc;
992 }
993
994
995
996
997
998
999
1000
1001 int
1002 crm_ipc_ready(crm_ipc_t *client)
1003 {
1004 int rc;
1005
1006 CRM_ASSERT(client != NULL);
1007
1008 if (crm_ipc_connected(client) == FALSE) {
1009 return -ENOTCONN;
1010 }
1011
1012 client->pfd.revents = 0;
1013 rc = poll(&(client->pfd), 1, 0);
1014 return (rc < 0)? -errno : rc;
1015 }
1016
1017
1018 static int
1019 crm_ipc_decompress(crm_ipc_t * client)
1020 {
1021 pcmk__ipc_header_t *header = (pcmk__ipc_header_t *)(void*)client->buffer;
1022
1023 if (header->size_compressed) {
1024 int rc = 0;
1025 unsigned int size_u = 1 + header->size_uncompressed;
1026
1027 unsigned int new_buf_size = QB_MAX((sizeof(pcmk__ipc_header_t) + size_u), client->max_buf_size);
1028 char *uncompressed = calloc(1, new_buf_size);
1029
1030 crm_trace("Decompressing message data %u bytes into %u bytes",
1031 header->size_compressed, size_u);
1032
1033 rc = BZ2_bzBuffToBuffDecompress(uncompressed + sizeof(pcmk__ipc_header_t), &size_u,
1034 client->buffer + sizeof(pcmk__ipc_header_t), header->size_compressed, 1, 0);
1035
1036 if (rc != BZ_OK) {
1037 crm_err("Decompression failed: %s " CRM_XS " bzerror=%d",
1038 bz2_strerror(rc), rc);
1039 free(uncompressed);
1040 return EILSEQ;
1041 }
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051 CRM_ASSERT(size_u == header->size_uncompressed);
1052
1053 memcpy(uncompressed, client->buffer, sizeof(pcmk__ipc_header_t));
1054 header = (pcmk__ipc_header_t *)(void*)uncompressed;
1055
1056 free(client->buffer);
1057 client->buf_size = new_buf_size;
1058 client->buffer = uncompressed;
1059 }
1060
1061 CRM_ASSERT(client->buffer[sizeof(pcmk__ipc_header_t) + header->size_uncompressed - 1] == 0);
1062 return pcmk_rc_ok;
1063 }
1064
1065 long
1066 crm_ipc_read(crm_ipc_t * client)
1067 {
1068 pcmk__ipc_header_t *header = NULL;
1069
1070 CRM_ASSERT(client != NULL);
1071 CRM_ASSERT(client->ipc != NULL);
1072 CRM_ASSERT(client->buffer != NULL);
1073
1074 client->buffer[0] = 0;
1075 client->msg_size = qb_ipcc_event_recv(client->ipc, client->buffer,
1076 client->buf_size, 0);
1077 if (client->msg_size >= 0) {
1078 int rc = crm_ipc_decompress(client);
1079
1080 if (rc != pcmk_rc_ok) {
1081 return pcmk_rc2legacy(rc);
1082 }
1083
1084 header = (pcmk__ipc_header_t *)(void*)client->buffer;
1085 if (!pcmk__valid_ipc_header(header)) {
1086 return -EBADMSG;
1087 }
1088
1089 crm_trace("Received %s IPC event %d size=%u rc=%d text='%.100s'",
1090 client->server_name, header->qb.id, header->qb.size,
1091 client->msg_size,
1092 client->buffer + sizeof(pcmk__ipc_header_t));
1093
1094 } else {
1095 crm_trace("No message received from %s IPC: %s",
1096 client->server_name, pcmk_strerror(client->msg_size));
1097
1098 if (client->msg_size == -EAGAIN) {
1099 return -EAGAIN;
1100 }
1101 }
1102
1103 if (crm_ipc_connected(client) == FALSE || client->msg_size == -ENOTCONN) {
1104 crm_err("Connection to %s IPC failed", client->server_name);
1105 }
1106
1107 if (header) {
1108
1109 return header->size_uncompressed;
1110 }
1111 return -ENOMSG;
1112 }
1113
1114 const char *
1115 crm_ipc_buffer(crm_ipc_t * client)
1116 {
1117 CRM_ASSERT(client != NULL);
1118 return client->buffer + sizeof(pcmk__ipc_header_t);
1119 }
1120
1121 uint32_t
1122 crm_ipc_buffer_flags(crm_ipc_t * client)
1123 {
1124 pcmk__ipc_header_t *header = NULL;
1125
1126 CRM_ASSERT(client != NULL);
1127 if (client->buffer == NULL) {
1128 return 0;
1129 }
1130
1131 header = (pcmk__ipc_header_t *)(void*)client->buffer;
1132 return header->flags;
1133 }
1134
1135 const char *
1136 crm_ipc_name(crm_ipc_t * client)
1137 {
1138 CRM_ASSERT(client != NULL);
1139 return client->server_name;
1140 }
1141
1142
1143 static int
1144 internal_ipc_get_reply(crm_ipc_t *client, int request_id, int ms_timeout,
1145 ssize_t *bytes)
1146 {
1147 time_t timeout = time(NULL) + 1 + (ms_timeout / 1000);
1148 int rc = pcmk_rc_ok;
1149
1150
1151 crm_trace("Waiting on reply to %s IPC message %d",
1152 client->server_name, request_id);
1153 do {
1154
1155 *bytes = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, 1000);
1156 if (*bytes > 0) {
1157 pcmk__ipc_header_t *hdr = NULL;
1158
1159 rc = crm_ipc_decompress(client);
1160 if (rc != pcmk_rc_ok) {
1161 return rc;
1162 }
1163
1164 hdr = (pcmk__ipc_header_t *)(void*)client->buffer;
1165 if (hdr->qb.id == request_id) {
1166
1167 break;
1168 } else if (hdr->qb.id < request_id) {
1169 xmlNode *bad = string2xml(crm_ipc_buffer(client));
1170
1171 crm_err("Discarding old reply %d (need %d)", hdr->qb.id, request_id);
1172 crm_log_xml_notice(bad, "OldIpcReply");
1173
1174 } else {
1175 xmlNode *bad = string2xml(crm_ipc_buffer(client));
1176
1177 crm_err("Discarding newer reply %d (need %d)", hdr->qb.id, request_id);
1178 crm_log_xml_notice(bad, "ImpossibleReply");
1179 CRM_ASSERT(hdr->qb.id <= request_id);
1180 }
1181 } else if (crm_ipc_connected(client) == FALSE) {
1182 crm_err("%s IPC provider disconnected while waiting for message %d",
1183 client->server_name, request_id);
1184 break;
1185 }
1186
1187 } while (time(NULL) < timeout);
1188
1189 if (*bytes < 0) {
1190 rc = (int) -*bytes;
1191 }
1192 return rc;
1193 }
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208 int
1209 crm_ipc_send(crm_ipc_t * client, xmlNode * message, enum crm_ipc_flags flags, int32_t ms_timeout,
1210 xmlNode ** reply)
1211 {
1212 int rc = 0;
1213 ssize_t qb_rc = 0;
1214 ssize_t bytes = 0;
1215 struct iovec *iov;
1216 static uint32_t id = 0;
1217 static int factor = 8;
1218 pcmk__ipc_header_t *header;
1219
1220 if (client == NULL) {
1221 crm_notice("Can't send IPC request without connection (bug?): %.100s",
1222 message);
1223 return -ENOTCONN;
1224
1225 } else if (crm_ipc_connected(client) == FALSE) {
1226
1227 crm_notice("Can't send %s IPC requests: Connection closed",
1228 client->server_name);
1229 return -ENOTCONN;
1230 }
1231
1232 if (ms_timeout == 0) {
1233 ms_timeout = 5000;
1234 }
1235
1236 if (client->need_reply) {
1237 qb_rc = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, ms_timeout);
1238 if (qb_rc < 0) {
1239 crm_warn("Sending %s IPC disabled until pending reply received",
1240 client->server_name);
1241 return -EALREADY;
1242
1243 } else {
1244 crm_notice("Sending %s IPC re-enabled after pending reply received",
1245 client->server_name);
1246 client->need_reply = FALSE;
1247 }
1248 }
1249
1250 id++;
1251 CRM_LOG_ASSERT(id != 0);
1252 rc = pcmk__ipc_prepare_iov(id, message, client->max_buf_size, &iov, &bytes);
1253 if (rc != pcmk_rc_ok) {
1254 crm_warn("Couldn't prepare %s IPC request: %s " CRM_XS " rc=%d",
1255 client->server_name, pcmk_rc_str(rc), rc);
1256 return pcmk_rc2legacy(rc);
1257 }
1258
1259 header = iov[0].iov_base;
1260 pcmk__set_ipc_flags(header->flags, client->server_name, flags);
1261
1262 if (pcmk_is_set(flags, crm_ipc_proxied)) {
1263
1264 pcmk__clear_ipc_flags(flags, "client", crm_ipc_client_response);
1265 }
1266
1267 if(header->size_compressed) {
1268 if(factor < 10 && (client->max_buf_size / 10) < (bytes / factor)) {
1269 crm_notice("Compressed message exceeds %d0%% of configured IPC "
1270 "limit (%u bytes); consider setting PCMK_ipc_buffer to "
1271 "%u or higher",
1272 factor, client->max_buf_size, 2 * client->max_buf_size);
1273 factor++;
1274 }
1275 }
1276
1277 crm_trace("Sending %s IPC request %d of %u bytes using %dms timeout",
1278 client->server_name, header->qb.id, header->qb.size, ms_timeout);
1279
1280 if ((ms_timeout > 0) || !pcmk_is_set(flags, crm_ipc_client_response)) {
1281
1282 time_t timeout = time(NULL) + 1 + (ms_timeout / 1000);
1283
1284 do {
1285
1286
1287
1288 if (!crm_ipc_connected(client)) {
1289 goto send_cleanup;
1290 }
1291
1292 qb_rc = qb_ipcc_sendv(client->ipc, iov, 2);
1293 } while ((qb_rc == -EAGAIN) && (time(NULL) < timeout));
1294
1295 rc = (int) qb_rc;
1296 if (qb_rc <= 0) {
1297 goto send_cleanup;
1298
1299 } else if (!pcmk_is_set(flags, crm_ipc_client_response)) {
1300 crm_trace("Not waiting for reply to %s IPC request %d",
1301 client->server_name, header->qb.id);
1302 goto send_cleanup;
1303 }
1304
1305 rc = internal_ipc_get_reply(client, header->qb.id, ms_timeout, &bytes);
1306 if (rc != pcmk_rc_ok) {
1307
1308
1309
1310
1311
1312
1313 client->need_reply = TRUE;
1314 }
1315 rc = (int) bytes;
1316
1317 } else {
1318
1319 do {
1320 qb_rc = qb_ipcc_sendv_recv(client->ipc, iov, 2, client->buffer,
1321 client->buf_size, -1);
1322 } while ((qb_rc == -EAGAIN) && crm_ipc_connected(client));
1323 rc = (int) qb_rc;
1324 }
1325
1326 if (rc > 0) {
1327 pcmk__ipc_header_t *hdr = (pcmk__ipc_header_t *)(void*)client->buffer;
1328
1329 crm_trace("Received %d-byte reply %d to %s IPC %d: %.100s",
1330 rc, hdr->qb.id, client->server_name, header->qb.id,
1331 crm_ipc_buffer(client));
1332
1333 if (reply) {
1334 *reply = string2xml(crm_ipc_buffer(client));
1335 }
1336
1337 } else {
1338 crm_trace("No reply to %s IPC %d: rc=%d",
1339 client->server_name, header->qb.id, rc);
1340 }
1341
1342 send_cleanup:
1343 if (crm_ipc_connected(client) == FALSE) {
1344 crm_notice("Couldn't send %s IPC request %d: Connection closed "
1345 CRM_XS " rc=%d", client->server_name, header->qb.id, rc);
1346
1347 } else if (rc == -ETIMEDOUT) {
1348 crm_warn("%s IPC request %d failed: %s after %dms " CRM_XS " rc=%d",
1349 client->server_name, header->qb.id, pcmk_strerror(rc),
1350 ms_timeout, rc);
1351 crm_write_blackbox(0, NULL);
1352
1353 } else if (rc <= 0) {
1354 crm_warn("%s IPC request %d failed: %s " CRM_XS " rc=%d",
1355 client->server_name, header->qb.id,
1356 ((rc == 0)? "No bytes sent" : pcmk_strerror(rc)), rc);
1357 }
1358
1359 pcmk_free_ipc_event(iov);
1360 return rc;
1361 }
1362
1363 int
1364 pcmk__crm_ipc_is_authentic_process(qb_ipcc_connection_t *qb_ipc, int sock, uid_t refuid, gid_t refgid,
1365 pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1366 {
1367 int ret = 0;
1368 pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
1369 #if defined(HAVE_UCRED)
1370 struct ucred ucred;
1371 socklen_t ucred_len = sizeof(ucred);
1372 #endif
1373
1374 #ifdef HAVE_QB_IPCC_AUTH_GET
1375 if (qb_ipc && !qb_ipcc_auth_get(qb_ipc, &found_pid, &found_uid, &found_gid)) {
1376 goto do_checks;
1377 }
1378 #endif
1379
1380 #if defined(HAVE_UCRED)
1381 if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED,
1382 &ucred, &ucred_len)
1383 && ucred_len == sizeof(ucred)) {
1384 found_pid = ucred.pid; found_uid = ucred.uid; found_gid = ucred.gid;
1385
1386 #elif defined(HAVE_SOCKPEERCRED)
1387 struct sockpeercred sockpeercred;
1388 socklen_t sockpeercred_len = sizeof(sockpeercred);
1389
1390 if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED,
1391 &sockpeercred, &sockpeercred_len)
1392 && sockpeercred_len == sizeof(sockpeercred_len)) {
1393 found_pid = sockpeercred.pid;
1394 found_uid = sockpeercred.uid; found_gid = sockpeercred.gid;
1395
1396 #elif defined(HAVE_GETPEEREID)
1397 if (!getpeereid(sock, &found_uid, &found_gid)) {
1398 found_pid = PCMK__SPECIAL_PID;
1399
1400 #elif defined(HAVE_GETPEERUCRED)
1401 ucred_t *ucred;
1402 if (!getpeerucred(sock, &ucred)) {
1403 errno = 0;
1404 found_pid = ucred_getpid(ucred);
1405 found_uid = ucred_geteuid(ucred); found_gid = ucred_getegid(ucred);
1406 ret = -errno;
1407 ucred_free(ucred);
1408 if (ret) {
1409 return (ret < 0) ? ret : -pcmk_err_generic;
1410 }
1411
1412 #else
1413 # error "No way to authenticate a Unix socket peer"
1414 errno = 0;
1415 if (0) {
1416 #endif
1417 #ifdef HAVE_QB_IPCC_AUTH_GET
1418 do_checks:
1419 #endif
1420 if (gotpid != NULL) {
1421 *gotpid = found_pid;
1422 }
1423 if (gotuid != NULL) {
1424 *gotuid = found_uid;
1425 }
1426 if (gotgid != NULL) {
1427 *gotgid = found_gid;
1428 }
1429 if (found_uid == 0 || found_uid == refuid || found_gid == refgid) {
1430 ret = 0;
1431 } else {
1432 ret = pcmk_rc_ipc_unauthorized;
1433 }
1434 } else {
1435 ret = (errno > 0) ? errno : pcmk_rc_error;
1436 }
1437 return ret;
1438 }
1439
1440 int
1441 crm_ipc_is_authentic_process(int sock, uid_t refuid, gid_t refgid,
1442 pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1443 {
1444 int ret = pcmk__crm_ipc_is_authentic_process(NULL, sock, refuid, refgid,
1445 gotpid, gotuid, gotgid);
1446
1447
1448 if (ret == 0) {
1449 return 1;
1450 } else if (ret == pcmk_rc_ipc_unauthorized) {
1451 return 0;
1452 } else {
1453 return pcmk_rc2legacy(ret);
1454 }
1455 }
1456
1457 int
1458 pcmk__ipc_is_authentic_process_active(const char *name, uid_t refuid,
1459 gid_t refgid, pid_t *gotpid)
1460 {
1461 static char last_asked_name[PATH_MAX / 2] = "";
1462 int fd;
1463 int rc = pcmk_rc_ipc_unresponsive;
1464 int auth_rc = 0;
1465 int32_t qb_rc;
1466 pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
1467 qb_ipcc_connection_t *c;
1468 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC
1469 struct pollfd pollfd = { 0, };
1470 int poll_rc;
1471
1472 c = qb_ipcc_connect_async(name, 0,
1473 &(pollfd.fd));
1474 #else
1475 c = qb_ipcc_connect(name, 0);
1476 #endif
1477 if (c == NULL) {
1478 crm_info("Could not connect to %s IPC: %s", name, strerror(errno));
1479 rc = pcmk_rc_ipc_unresponsive;
1480 goto bail;
1481 }
1482 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC
1483 pollfd.events = POLLIN;
1484 do {
1485 poll_rc = poll(&pollfd, 1, 2000);
1486 } while ((poll_rc == -1) && (errno == EINTR));
1487 if ((poll_rc <= 0) || (qb_ipcc_connect_continue(c) != 0)) {
1488 crm_info("Could not connect to %s IPC: %s", name,
1489 (poll_rc == 0)?"timeout":strerror(errno));
1490 rc = pcmk_rc_ipc_unresponsive;
1491 if (poll_rc > 0) {
1492 c = NULL;
1493 }
1494 goto bail;
1495 }
1496 #endif
1497
1498 qb_rc = qb_ipcc_fd_get(c, &fd);
1499 if (qb_rc != 0) {
1500 rc = (int) -qb_rc;
1501 crm_err("Could not get fd from %s IPC: %s " CRM_XS " rc=%d",
1502 name, pcmk_rc_str(rc), rc);
1503 goto bail;
1504 }
1505
1506 auth_rc = pcmk__crm_ipc_is_authentic_process(c, fd, refuid, refgid, &found_pid,
1507 &found_uid, &found_gid);
1508 if (auth_rc == pcmk_rc_ipc_unauthorized) {
1509 crm_err("Daemon (IPC %s) effectively blocked with unauthorized"
1510 " process %lld (uid: %lld, gid: %lld)",
1511 name, (long long) PCMK__SPECIAL_PID_AS_0(found_pid),
1512 (long long) found_uid, (long long) found_gid);
1513 rc = pcmk_rc_ipc_unauthorized;
1514 goto bail;
1515 }
1516
1517 if (auth_rc != pcmk_rc_ok) {
1518 rc = auth_rc;
1519 crm_err("Could not get peer credentials from %s IPC: %s "
1520 CRM_XS " rc=%d", name, pcmk_rc_str(rc), rc);
1521 goto bail;
1522 }
1523
1524 if (gotpid != NULL) {
1525 *gotpid = found_pid;
1526 }
1527
1528 rc = pcmk_rc_ok;
1529 if ((found_uid != refuid || found_gid != refgid)
1530 && strncmp(last_asked_name, name, sizeof(last_asked_name))) {
1531 if ((found_uid == 0) && (refuid != 0)) {
1532 crm_warn("Daemon (IPC %s) runs as root, whereas the expected"
1533 " credentials are %lld:%lld, hazard of violating"
1534 " the least privilege principle",
1535 name, (long long) refuid, (long long) refgid);
1536 } else {
1537 crm_notice("Daemon (IPC %s) runs as %lld:%lld, whereas the"
1538 " expected credentials are %lld:%lld, which may"
1539 " mean a different set of privileges than expected",
1540 name, (long long) found_uid, (long long) found_gid,
1541 (long long) refuid, (long long) refgid);
1542 }
1543 memccpy(last_asked_name, name, '\0', sizeof(last_asked_name));
1544 }
1545
1546 bail:
1547 if (c != NULL) {
1548 qb_ipcc_disconnect(c);
1549 }
1550 return rc;
1551 }