lib/common/ipc

/* */
This source file includes following definitions.
pcmk_new_ipc_api
free_daemon_specific_data
pcmk__call_ipc_callback
ipc_post_disconnect
pcmk_free_ipc_api
pcmk_ipc_name
pcmk_ipc_is_connected
call_api_dispatch
dispatch_ipc_data
dispatch_ipc_source_data
pcmk_poll_ipc
pcmk_dispatch_ipc
connect_with_main_loop
connect_without_main_loop
pcmk__connect_ipc
pcmk_connect_ipc
pcmk_disconnect_ipc
pcmk_register_ipc_callback
pcmk__send_ipc_request
create_purge_node_request
pcmk_ipc_purge_node
crm_ipc_new
pcmk__connect_generic_ipc
crm_ipc_connect
crm_ipc_close
crm_ipc_destroy
pcmk__ipc_fd
crm_ipc_get_fd
crm_ipc_connected
crm_ipc_ready
crm_ipc_decompress
crm_ipc_read
crm_ipc_buffer
crm_ipc_buffer_flags
crm_ipc_name
internal_ipc_get_reply
crm_ipc_send
is_ipc_provider_expected
crm_ipc_is_authentic_process
pcmk__ipc_is_authentic_process_active
   1 /*
   2  * Copyright 2004-2023 the Pacemaker project contributors
   3  *
   4  * The version control history for this file may have further details.
   5  *
   6  * This source code is licensed under the GNU Lesser General Public License
   7  * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
   8  */
   9 
  10 #include <crm_internal.h>
  11 
  12 #if defined(HAVE_UCRED) || defined(HAVE_SOCKPEERCRED)
  13 #  ifdef HAVE_UCRED
  14 #    ifndef _GNU_SOURCE
  15 #      define _GNU_SOURCE
  16 #    endif
  17 #  endif
  18 #  include <sys/socket.h>
  19 #elif defined(HAVE_GETPEERUCRED)
  20 #  include <ucred.h>
  21 #endif
  22 
  23 #include <stdio.h>
  24 #include <sys/types.h>
  25 #include <errno.h>
  26 #include <bzlib.h>
  27 
  28 #include <crm/crm.h>   /* indirectly: pcmk_err_generic */
  29 #include <crm/msg_xml.h>
  30 #include <crm/common/ipc.h>
  31 #include <crm/common/ipc_internal.h>
  32 #include "crmcommon_private.h"
  33 
  34 static int is_ipc_provider_expected(qb_ipcc_connection_t *qb_ipc, int sock,
  35                                     uid_t refuid, gid_t refgid, pid_t *gotpid,
  36                                     uid_t *gotuid, gid_t *gotgid);
  37 
  38 /*!
  39  * \brief Create a new object for using Pacemaker daemon IPC
  40  *
  41  * \param[out] api     Where to store new IPC object
  42  * \param[in]  server  Which Pacemaker daemon the object is for
  43  *
  44  * \return Standard Pacemaker result code
  45  *
  46  * \note The caller is responsible for freeing *api using pcmk_free_ipc_api().
  47  * \note This is intended to supersede crm_ipc_new() but currently only
  48  *       supports the controller, pacemakerd, and schedulerd IPC API.
  49  */
  50 int
  51 pcmk_new_ipc_api(pcmk_ipc_api_t **api, enum pcmk_ipc_server server)
     /*  */
  52 {
  53     if (api == NULL) {
  54         return EINVAL;
  55     }
  56 
  57     *api = calloc(1, sizeof(pcmk_ipc_api_t));
  58     if (*api == NULL) {
  59         return errno;
  60     }
  61 
  62     (*api)->server = server;
  63     if (pcmk_ipc_name(*api, false) == NULL) {
  64         pcmk_free_ipc_api(*api);
  65         *api = NULL;
  66         return EOPNOTSUPP;
  67     }
  68 
  69     (*api)->ipc_size_max = 0;
  70 
  71     // Set server methods and max_size (if not default)
  72     switch (server) {
  73         case pcmk_ipc_attrd:
  74             (*api)->cmds = pcmk__attrd_api_methods();
  75             break;
  76 
  77         case pcmk_ipc_based:
  78             (*api)->ipc_size_max = 512 * 1024; // 512KB
  79             break;
  80 
  81         case pcmk_ipc_controld:
  82             (*api)->cmds = pcmk__controld_api_methods();
  83             break;
  84 
  85         case pcmk_ipc_execd:
  86             break;
  87 
  88         case pcmk_ipc_fenced:
  89             break;
  90 
  91         case pcmk_ipc_pacemakerd:
  92             (*api)->cmds = pcmk__pacemakerd_api_methods();
  93             break;
  94 
  95         case pcmk_ipc_schedulerd:
  96             (*api)->cmds = pcmk__schedulerd_api_methods();
  97             // @TODO max_size could vary by client, maybe take as argument?
  98             (*api)->ipc_size_max = 5 * 1024 * 1024; // 5MB
  99             break;
 100     }
 101     if ((*api)->cmds == NULL) {
 102         pcmk_free_ipc_api(*api);
 103         *api = NULL;
 104         return ENOMEM;
 105     }
 106 
 107     (*api)->ipc = crm_ipc_new(pcmk_ipc_name(*api, false),
 108                               (*api)->ipc_size_max);
 109     if ((*api)->ipc == NULL) {
 110         pcmk_free_ipc_api(*api);
 111         *api = NULL;
 112         return ENOMEM;
 113     }
 114 
 115     // If daemon API has its own data to track, allocate it
 116     if ((*api)->cmds->new_data != NULL) {
 117         if ((*api)->cmds->new_data(*api) != pcmk_rc_ok) {
 118             pcmk_free_ipc_api(*api);
 119             *api = NULL;
 120             return ENOMEM;
 121         }
 122     }
 123     crm_trace("Created %s API IPC object", pcmk_ipc_name(*api, true));
 124     return pcmk_rc_ok;
 125 }
 126 
 127 static void
 128 free_daemon_specific_data(pcmk_ipc_api_t *api)
     /*  */
 129 {
 130     if ((api != NULL) && (api->cmds != NULL)) {
 131         if ((api->cmds->free_data != NULL) && (api->api_data != NULL)) {
 132             api->cmds->free_data(api->api_data);
 133             api->api_data = NULL;
 134         }
 135         free(api->cmds);
 136         api->cmds = NULL;
 137     }
 138 }
 139 
 140 /*!
 141  * \internal
 142  * \brief Call an IPC API event callback, if one is registed
 143  *
 144  * \param[in,out] api         IPC API connection
 145  * \param[in]     event_type  The type of event that occurred
 146  * \param[in]     status      Event status
 147  * \param[in,out] event_data  Event-specific data
 148  */
 149 void
 150 pcmk__call_ipc_callback(pcmk_ipc_api_t *api, enum pcmk_ipc_event event_type,
     /*  */
 151                         crm_exit_t status, void *event_data)
 152 {
 153     if ((api != NULL) && (api->cb != NULL)) {
 154         api->cb(api, event_type, status, event_data, api->user_data);
 155     }
 156 }
 157 
 158 /*!
 159  * \internal
 160  * \brief Clean up after an IPC disconnect
 161  *
 162  * \param[in,out] user_data  IPC API connection that disconnected
 163  *
 164  * \note This function can be used as a main loop IPC destroy callback.
 165  */
 166 static void
 167 ipc_post_disconnect(gpointer user_data)
     /*  */
 168 {
 169     pcmk_ipc_api_t *api = user_data;
 170 
 171     crm_info("Disconnected from %s", pcmk_ipc_name(api, true));
 172 
 173     // Perform any daemon-specific handling needed
 174     if ((api->cmds != NULL) && (api->cmds->post_disconnect != NULL)) {
 175         api->cmds->post_disconnect(api);
 176     }
 177 
 178     // Call client's registered event callback
 179     pcmk__call_ipc_callback(api, pcmk_ipc_event_disconnect, CRM_EX_DISCONNECT,
 180                             NULL);
 181 
 182     /* If this is being called from a running main loop, mainloop_gio_destroy()
 183      * will free ipc and mainloop_io immediately after calling this function.
 184      * If this is called from a stopped main loop, these will leak, so the best
 185      * practice is to close the connection before stopping the main loop.
 186      */
 187     api->ipc = NULL;
 188     api->mainloop_io = NULL;
 189 
 190     if (api->free_on_disconnect) {
 191         /* pcmk_free_ipc_api() has already been called, but did not free api
 192          * or api->cmds because this function needed them. Do that now.
 193          */
 194         free_daemon_specific_data(api);
 195         crm_trace("Freeing IPC API object after disconnect");
 196         free(api);
 197     }
 198 }
 199 
 200 /*!
 201  * \brief Free the contents of an IPC API object
 202  *
 203  * \param[in,out] api  IPC API object to free
 204  */
 205 void
 206 pcmk_free_ipc_api(pcmk_ipc_api_t *api)
     /*  */
 207 {
 208     bool free_on_disconnect = false;
 209 
 210     if (api == NULL) {
 211         return;
 212     }
 213     crm_debug("Releasing %s IPC API", pcmk_ipc_name(api, true));
 214 
 215     if (api->ipc != NULL) {
 216         if (api->mainloop_io != NULL) {
 217             /* We need to keep the api pointer itself around, because it is the
 218              * user data for the IPC client destroy callback. That will be
 219              * triggered by the pcmk_disconnect_ipc() call below, but it might
 220              * happen later in the main loop (if still running).
 221              *
 222              * This flag tells the destroy callback to free the object. It can't
 223              * do that unconditionally, because the application might call this
 224              * function after a disconnect that happened by other means.
 225              */
 226             free_on_disconnect = api->free_on_disconnect = true;
 227         }
 228         pcmk_disconnect_ipc(api); // Frees api if free_on_disconnect is true
 229     }
 230     if (!free_on_disconnect) {
 231         free_daemon_specific_data(api);
 232         crm_trace("Freeing IPC API object");
 233         free(api);
 234     }
 235 }
 236 
 237 /*!
 238  * \brief Get the IPC name used with an IPC API connection
 239  *
 240  * \param[in] api      IPC API connection
 241  * \param[in] for_log  If true, return human-friendly name instead of IPC name
 242  *
 243  * \return IPC API's human-friendly or connection name, or if none is available,
 244  *         "Pacemaker" if for_log is true and NULL if for_log is false
 245  */
 246 const char *
 247 pcmk_ipc_name(const pcmk_ipc_api_t *api, bool for_log)
     /*  */
 248 {
 249     if (api == NULL) {
 250         return for_log? "Pacemaker" : NULL;
 251     }
 252     switch (api->server) {
 253         case pcmk_ipc_attrd:
 254             return for_log? "attribute manager" : T_ATTRD;
 255 
 256         case pcmk_ipc_based:
 257             return for_log? "CIB manager" : NULL /* PCMK__SERVER_BASED_RW */;
 258 
 259         case pcmk_ipc_controld:
 260             return for_log? "controller" : CRM_SYSTEM_CRMD;
 261 
 262         case pcmk_ipc_execd:
 263             return for_log? "executor" : NULL /* CRM_SYSTEM_LRMD */;
 264 
 265         case pcmk_ipc_fenced:
 266             return for_log? "fencer" : NULL /* "stonith-ng" */;
 267 
 268         case pcmk_ipc_pacemakerd:
 269             return for_log? "launcher" : CRM_SYSTEM_MCP;
 270 
 271         case pcmk_ipc_schedulerd:
 272             return for_log? "scheduler" : CRM_SYSTEM_PENGINE;
 273 
 274         default:
 275             return for_log? "Pacemaker" : NULL;
 276     }
 277 }
 278 
 279 /*!
 280  * \brief Check whether an IPC API connection is active
 281  *
 282  * \param[in,out] api  IPC API connection
 283  *
 284  * \return true if IPC is connected, false otherwise
 285  */
 286 bool
 287 pcmk_ipc_is_connected(pcmk_ipc_api_t *api)
     /*  */
 288 {
 289     return (api != NULL) && crm_ipc_connected(api->ipc);
 290 }
 291 
 292 /*!
 293  * \internal
 294  * \brief Call the daemon-specific API's dispatch function
 295  *
 296  * Perform daemon-specific handling of IPC reply dispatch. It is the daemon
 297  * method's responsibility to call the client's registered event callback, as
 298  * well as allocate and free any event data.
 299  *
 300  * \param[in,out] api      IPC API connection
 301  * \param[in,out] message  IPC reply XML to dispatch
 302  */
 303 static bool
 304 call_api_dispatch(pcmk_ipc_api_t *api, xmlNode *message)
     /*  */
 305 {
 306     crm_log_xml_trace(message, "ipc-received");
 307     if ((api->cmds != NULL) && (api->cmds->dispatch != NULL)) {
 308         return api->cmds->dispatch(api, message);
 309     }
 310 
 311     return false;
 312 }
 313 
 314 /*!
 315  * \internal
 316  * \brief Dispatch previously read IPC data
 317  *
 318  * \param[in]     buffer  Data read from IPC
 319  * \param[in,out] api     IPC object
 320  *
 321  * \return Standard Pacemaker return code.  In particular:
 322  *
 323  * pcmk_rc_ok: There are no more messages expected from the server.  Quit
 324  *             reading.
 325  * EINPROGRESS: There are more messages expected from the server.  Keep reading.
 326  *
 327  * All other values indicate an error.
 328  */
 329 static int
 330 dispatch_ipc_data(const char *buffer, pcmk_ipc_api_t *api)
     /*  */
 331 {
 332     bool more = false;
 333     xmlNode *msg;
 334 
 335     if (buffer == NULL) {
 336         crm_warn("Empty message received from %s IPC",
 337                  pcmk_ipc_name(api, true));
 338         return ENOMSG;
 339     }
 340 
 341     msg = string2xml(buffer);
 342     if (msg == NULL) {
 343         crm_warn("Malformed message received from %s IPC",
 344                  pcmk_ipc_name(api, true));
 345         return EPROTO;
 346     }
 347 
 348     more = call_api_dispatch(api, msg);
 349     free_xml(msg);
 350 
 351     if (more) {
 352         return EINPROGRESS;
 353     } else {
 354         return pcmk_rc_ok;
 355     }
 356 }
 357 
 358 /*!
 359  * \internal
 360  * \brief Dispatch data read from IPC source
 361  *
 362  * \param[in]     buffer     Data read from IPC
 363  * \param[in]     length     Number of bytes of data in buffer (ignored)
 364  * \param[in,out] user_data  IPC object
 365  *
 366  * \return Always 0 (meaning connection is still required)
 367  *
 368  * \note This function can be used as a main loop IPC dispatch callback.
 369  */
 370 static int
 371 dispatch_ipc_source_data(const char *buffer, ssize_t length, gpointer user_data)
     /*  */
 372 {
 373     pcmk_ipc_api_t *api = user_data;
 374 
 375     CRM_CHECK(api != NULL, return 0);
 376     dispatch_ipc_data(buffer, api);
 377     return 0;
 378 }
 379 
 380 /*!
 381  * \brief Check whether an IPC connection has data available (without main loop)
 382  *
 383  * \param[in]  api         IPC API connection
 384  * \param[in]  timeout_ms  If less than 0, poll indefinitely; if 0, poll once
 385  *                         and return immediately; otherwise, poll for up to
 386  *                         this many milliseconds
 387  *
 388  * \return Standard Pacemaker return code
 389  *
 390  * \note Callers of pcmk_connect_ipc() using pcmk_ipc_dispatch_poll should call
 391  *       this function to check whether IPC data is available. Return values of
 392  *       interest include pcmk_rc_ok meaning data is available, and EAGAIN
 393  *       meaning no data is available; all other values indicate errors.
 394  * \todo This does not allow the caller to poll multiple file descriptors at
 395  *       once. If there is demand for that, we could add a wrapper for
 396  *       pcmk__ipc_fd(api->ipc), so the caller can call poll() themselves.
 397  */
 398 int
 399 pcmk_poll_ipc(const pcmk_ipc_api_t *api, int timeout_ms)
     /*  */
 400 {
 401     int rc;
 402     struct pollfd pollfd = { 0, };
 403 
 404     if ((api == NULL) || (api->dispatch_type != pcmk_ipc_dispatch_poll)) {
 405         return EINVAL;
 406     }
 407 
 408     rc = pcmk__ipc_fd(api->ipc, &(pollfd.fd));
 409     if (rc != pcmk_rc_ok) {
 410         crm_debug("Could not obtain file descriptor for %s IPC: %s",
 411                   pcmk_ipc_name(api, true), pcmk_rc_str(rc));
 412         return rc;
 413     }
 414 
 415     pollfd.events = POLLIN;
 416     rc = poll(&pollfd, 1, timeout_ms);
 417     if (rc < 0) {
 418         /* Some UNIX systems return negative and set EAGAIN for failure to
 419          * allocate memory; standardize the return code in that case
 420          */
 421         return (errno == EAGAIN)? ENOMEM : errno;
 422     } else if (rc == 0) {
 423         return EAGAIN;
 424     }
 425     return pcmk_rc_ok;
 426 }
 427 
 428 /*!
 429  * \brief Dispatch available messages on an IPC connection (without main loop)
 430  *
 431  * \param[in,out] api  IPC API connection
 432  *
 433  * \return Standard Pacemaker return code
 434  *
 435  * \note Callers of pcmk_connect_ipc() using pcmk_ipc_dispatch_poll should call
 436  *       this function when IPC data is available.
 437  */
 438 void
 439 pcmk_dispatch_ipc(pcmk_ipc_api_t *api)
     /*  */
 440 {
 441     if (api == NULL) {
 442         return;
 443     }
 444     while (crm_ipc_ready(api->ipc) > 0) {
 445         if (crm_ipc_read(api->ipc) > 0) {
 446             dispatch_ipc_data(crm_ipc_buffer(api->ipc), api);
 447         }
 448     }
 449 }
 450 
 451 // \return Standard Pacemaker return code
 452 static int
 453 connect_with_main_loop(pcmk_ipc_api_t *api)
     /*  */
 454 {
 455     int rc;
 456 
 457     struct ipc_client_callbacks callbacks = {
 458         .dispatch = dispatch_ipc_source_data,
 459         .destroy = ipc_post_disconnect,
 460     };
 461 
 462     rc = pcmk__add_mainloop_ipc(api->ipc, G_PRIORITY_DEFAULT, api,
 463                                 &callbacks, &(api->mainloop_io));
 464     if (rc != pcmk_rc_ok) {
 465         return rc;
 466     }
 467     crm_debug("Connected to %s IPC (attached to main loop)",
 468               pcmk_ipc_name(api, true));
 469     /* After this point, api->mainloop_io owns api->ipc, so api->ipc
 470      * should not be explicitly freed.
 471      */
 472     return pcmk_rc_ok;
 473 }
 474 
 475 // \return Standard Pacemaker return code
 476 static int
 477 connect_without_main_loop(pcmk_ipc_api_t *api)
     /*  */
 478 {
 479     int rc = pcmk__connect_generic_ipc(api->ipc);
 480 
 481     if (rc != pcmk_rc_ok) {
 482         crm_ipc_close(api->ipc);
 483     } else {
 484         crm_debug("Connected to %s IPC (without main loop)",
 485                   pcmk_ipc_name(api, true));
 486     }
 487     return rc;
 488 }
 489 
 490 /*!
 491  * \internal
 492  * \brief Connect to a Pacemaker daemon via IPC (retrying after soft errors)
 493  *
 494  * \param[in,out] api            IPC API instance
 495  * \param[in]     dispatch_type  How IPC replies should be dispatched
 496  * \param[in]     attempts       How many times to try (in case of soft error)
 497  *
 498  * \return Standard Pacemaker return code
 499  */
 500 int
 501 pcmk__connect_ipc(pcmk_ipc_api_t *api, enum pcmk_ipc_dispatch dispatch_type,
     /*  */
 502                   int attempts)
 503 {
 504     int rc = pcmk_rc_ok;
 505 
 506     if ((api == NULL) || (attempts < 1)) {
 507         return EINVAL;
 508     }
 509 
 510     if (api->ipc == NULL) {
 511         api->ipc = crm_ipc_new(pcmk_ipc_name(api, false), api->ipc_size_max);
 512         if (api->ipc == NULL) {
 513             return ENOMEM;
 514         }
 515     }
 516 
 517     if (crm_ipc_connected(api->ipc)) {
 518         crm_trace("Already connected to %s", pcmk_ipc_name(api, true));
 519         return pcmk_rc_ok;
 520     }
 521 
 522     api->dispatch_type = dispatch_type;
 523 
 524     crm_debug("Attempting connection to %s (up to %d time%s)",
 525               pcmk_ipc_name(api, true), attempts, pcmk__plural_s(attempts));
 526     for (int remaining = attempts - 1; remaining >= 0; --remaining) {
 527         switch (dispatch_type) {
 528             case pcmk_ipc_dispatch_main:
 529                 rc = connect_with_main_loop(api);
 530                 break;
 531 
 532             case pcmk_ipc_dispatch_sync:
 533             case pcmk_ipc_dispatch_poll:
 534                 rc = connect_without_main_loop(api);
 535                 break;
 536         }
 537 
 538         if ((remaining == 0) || ((rc != EAGAIN) && (rc != EALREADY))) {
 539             break; // Result is final
 540         }
 541 
 542         // Retry after soft error (interrupted by signal, etc.)
 543         pcmk__sleep_ms((attempts - remaining) * 500);
 544         crm_debug("Re-attempting connection to %s (%d attempt%s remaining)",
 545                   pcmk_ipc_name(api, true), remaining,
 546                   pcmk__plural_s(remaining));
 547     }
 548 
 549     if (rc != pcmk_rc_ok) {
 550         return rc;
 551     }
 552 
 553     if ((api->cmds != NULL) && (api->cmds->post_connect != NULL)) {
 554         rc = api->cmds->post_connect(api);
 555         if (rc != pcmk_rc_ok) {
 556             crm_ipc_close(api->ipc);
 557         }
 558     }
 559     return rc;
 560 }
 561 
 562 /*!
 563  * \brief Connect to a Pacemaker daemon via IPC
 564  *
 565  * \param[in,out] api            IPC API instance
 566  * \param[in]     dispatch_type  How IPC replies should be dispatched
 567  *
 568  * \return Standard Pacemaker return code
 569  */
 570 int
 571 pcmk_connect_ipc(pcmk_ipc_api_t *api, enum pcmk_ipc_dispatch dispatch_type)
     /*  */
 572 {
 573     int rc = pcmk__connect_ipc(api, dispatch_type, 2);
 574 
 575     if (rc != pcmk_rc_ok) {
 576         crm_err("Connection to %s failed: %s",
 577                 pcmk_ipc_name(api, true), pcmk_rc_str(rc));
 578     }
 579     return rc;
 580 }
 581 
 582 /*!
 583  * \brief Disconnect an IPC API instance
 584  *
 585  * \param[in,out] api  IPC API connection
 586  *
 587  * \return Standard Pacemaker return code
 588  *
 589  * \note If the connection is attached to a main loop, this function should be
 590  *       called before quitting the main loop, to ensure that all memory is
 591  *       freed.
 592  */
 593 void
 594 pcmk_disconnect_ipc(pcmk_ipc_api_t *api)
     /*  */
 595 {
 596     if ((api == NULL) || (api->ipc == NULL)) {
 597         return;
 598     }
 599     switch (api->dispatch_type) {
 600         case pcmk_ipc_dispatch_main:
 601             {
 602                 mainloop_io_t *mainloop_io = api->mainloop_io;
 603 
 604                 // Make sure no code with access to api can use these again
 605                 api->mainloop_io = NULL;
 606                 api->ipc = NULL;
 607 
 608                 mainloop_del_ipc_client(mainloop_io);
 609                 // After this point api might have already been freed
 610             }
 611             break;
 612 
 613         case pcmk_ipc_dispatch_poll:
 614         case pcmk_ipc_dispatch_sync:
 615             {
 616                 crm_ipc_t *ipc = api->ipc;
 617 
 618                 // Make sure no code with access to api can use ipc again
 619                 api->ipc = NULL;
 620 
 621                 // This should always be the case already, but to be safe
 622                 api->free_on_disconnect = false;
 623 
 624                 crm_ipc_close(ipc);
 625                 crm_ipc_destroy(ipc);
 626                 ipc_post_disconnect(api);
 627             }
 628             break;
 629     }
 630 }
 631 
 632 /*!
 633  * \brief Register a callback for IPC API events
 634  *
 635  * \param[in,out] api       IPC API connection
 636  * \param[in]     callback  Callback to register
 637  * \param[in]     userdata  Caller data to pass to callback
 638  *
 639  * \note This function may be called multiple times to update the callback
 640  *       and/or user data. The caller remains responsible for freeing
 641  *       userdata in any case (after the IPC is disconnected, if the
 642  *       user data is still registered with the IPC).
 643  */
 644 void
 645 pcmk_register_ipc_callback(pcmk_ipc_api_t *api, pcmk_ipc_callback_t cb,
     /*  */
 646                            void *user_data)
 647 {
 648     if (api == NULL) {
 649         return;
 650     }
 651     api->cb = cb;
 652     api->user_data = user_data;
 653 }
 654 
 655 /*!
 656  * \internal
 657  * \brief Send an XML request across an IPC API connection
 658  *
 659  * \param[in,out] api      IPC API connection
 660  * \param[in]     request  XML request to send
 661  *
 662  * \return Standard Pacemaker return code
 663  *
 664  * \note Daemon-specific IPC API functions should call this function to send
 665  *       requests, because it handles different dispatch types appropriately.
 666  */
 667 int
 668 pcmk__send_ipc_request(pcmk_ipc_api_t *api, const xmlNode *request)
     /*  */
 669 {
 670     int rc;
 671     xmlNode *reply = NULL;
 672     enum crm_ipc_flags flags = crm_ipc_flags_none;
 673 
 674     if ((api == NULL) || (api->ipc == NULL) || (request == NULL)) {
 675         return EINVAL;
 676     }
 677     crm_log_xml_trace(request, "ipc-sent");
 678 
 679     // Synchronous dispatch requires waiting for a reply
 680     if ((api->dispatch_type == pcmk_ipc_dispatch_sync)
 681         && (api->cmds != NULL)
 682         && (api->cmds->reply_expected != NULL)
 683         && (api->cmds->reply_expected(api, request))) {
 684         flags = crm_ipc_client_response;
 685     }
 686 
 687     // The 0 here means a default timeout of 5 seconds
 688     rc = crm_ipc_send(api->ipc, request, flags, 0, &reply);
 689 
 690     if (rc < 0) {
 691         return pcmk_legacy2rc(rc);
 692     } else if (rc == 0) {
 693         return ENODATA;
 694     }
 695 
 696     // With synchronous dispatch, we dispatch any reply now
 697     if (reply != NULL) {
 698         bool more = call_api_dispatch(api, reply);
 699 
 700         free_xml(reply);
 701 
 702         while (more) {
 703             rc = crm_ipc_read(api->ipc);
 704 
 705             if (rc == -EAGAIN) {
 706                 continue;
 707             } else if (rc == -ENOMSG || rc == pcmk_ok) {
 708                 return pcmk_rc_ok;
 709             } else if (rc < 0) {
 710                 return -rc;
 711             }
 712 
 713             rc = dispatch_ipc_data(crm_ipc_buffer(api->ipc), api);
 714 
 715             if (rc == pcmk_rc_ok) {
 716                 more = false;
 717             } else if (rc == EINPROGRESS) {
 718                 more = true;
 719             } else {
 720                 continue;
 721             }
 722         }
 723     }
 724     return pcmk_rc_ok;
 725 }
 726 
 727 /*!
 728  * \internal
 729  * \brief Create the XML for an IPC request to purge a node from the peer cache
 730  *
 731  * \param[in]  api        IPC API connection
 732  * \param[in]  node_name  If not NULL, name of node to purge
 733  * \param[in]  nodeid     If not 0, node ID of node to purge
 734  *
 735  * \return Newly allocated IPC request XML
 736  *
 737  * \note The controller, fencer, and pacemakerd use the same request syntax, but
 738  *       the attribute manager uses a different one. The CIB manager doesn't
 739  *       have any syntax for it. The executor and scheduler don't connect to the
 740  *       cluster layer and thus don't have or need any syntax for it.
 741  *
 742  * \todo Modify the attribute manager to accept the common syntax (as well
 743  *       as its current one, for compatibility with older clients). Modify
 744  *       the CIB manager to accept and honor the common syntax. Modify the
 745  *       executor and scheduler to accept the syntax (immediately returning
 746  *       success), just for consistency. Modify this function to use the
 747  *       common syntax with all daemons if their version supports it.
 748  */
 749 static xmlNode *
 750 create_purge_node_request(const pcmk_ipc_api_t *api, const char *node_name,
     /*  */
 751                           uint32_t nodeid)
 752 {
 753     xmlNode *request = NULL;
 754     const char *client = crm_system_name? crm_system_name : "client";
 755 
 756     switch (api->server) {
 757         case pcmk_ipc_attrd:
 758             request = create_xml_node(NULL, __func__);
 759             crm_xml_add(request, F_TYPE, T_ATTRD);
 760             crm_xml_add(request, F_ORIG, crm_system_name);
 761             crm_xml_add(request, PCMK__XA_TASK, PCMK__ATTRD_CMD_PEER_REMOVE);
 762             pcmk__xe_add_node(request, node_name, nodeid);
 763             break;
 764 
 765         case pcmk_ipc_controld:
 766         case pcmk_ipc_fenced:
 767         case pcmk_ipc_pacemakerd:
 768             request = create_request(CRM_OP_RM_NODE_CACHE, NULL, NULL,
 769                                      pcmk_ipc_name(api, false), client, NULL);
 770             if (nodeid > 0) {
 771                 crm_xml_set_id(request, "%lu", (unsigned long) nodeid);
 772             }
 773             crm_xml_add(request, XML_ATTR_UNAME, node_name);
 774             break;
 775 
 776         case pcmk_ipc_based:
 777         case pcmk_ipc_execd:
 778         case pcmk_ipc_schedulerd:
 779             break;
 780     }
 781     return request;
 782 }
 783 
 784 /*!
 785  * \brief Ask a Pacemaker daemon to purge a node from its peer cache
 786  *
 787  * \param[in,out] api        IPC API connection
 788  * \param[in]     node_name  If not NULL, name of node to purge
 789  * \param[in]     nodeid     If not 0, node ID of node to purge
 790  *
 791  * \return Standard Pacemaker return code
 792  *
 793  * \note At least one of node_name or nodeid must be specified.
 794  */
 795 int
 796 pcmk_ipc_purge_node(pcmk_ipc_api_t *api, const char *node_name, uint32_t nodeid)
     /*  */
 797 {
 798     int rc = 0;
 799     xmlNode *request = NULL;
 800 
 801     if (api == NULL) {
 802         return EINVAL;
 803     }
 804     if ((node_name == NULL) && (nodeid == 0)) {
 805         return EINVAL;
 806     }
 807 
 808     request = create_purge_node_request(api, node_name, nodeid);
 809     if (request == NULL) {
 810         return EOPNOTSUPP;
 811     }
 812     rc = pcmk__send_ipc_request(api, request);
 813     free_xml(request);
 814 
 815     crm_debug("%s peer cache purge of node %s[%lu]: rc=%d",
 816               pcmk_ipc_name(api, true), node_name, (unsigned long) nodeid, rc);
 817     return rc;
 818 }
 819 
 820 /*
 821  * Generic IPC API (to eventually be deprecated as public API and made internal)
 822  */
 823 
 824 struct crm_ipc_s {
 825     struct pollfd pfd;
 826     unsigned int max_buf_size; // maximum bytes we can send or receive over IPC
 827     unsigned int buf_size;     // size of allocated buffer
 828     int msg_size;
 829     int need_reply;
 830     char *buffer;
 831     char *server_name;          // server IPC name being connected to
 832     qb_ipcc_connection_t *ipc;
 833 };
 834 
 835 /*!
 836  * \brief Create a new (legacy) object for using Pacemaker daemon IPC
 837  *
 838  * \param[in] name      IPC system name to connect to
 839  * \param[in] max_size  Use a maximum IPC buffer size of at least this size
 840  *
 841  * \return Newly allocated IPC object on success, NULL otherwise
 842  *
 843  * \note The caller is responsible for freeing the result using
 844  *       crm_ipc_destroy().
 845  * \note This should be considered deprecated for use with daemons supported by
 846  *       pcmk_new_ipc_api().
 847  */
 848 crm_ipc_t *
 849 crm_ipc_new(const char *name, size_t max_size)
     /*  */
 850 {
 851     crm_ipc_t *client = NULL;
 852 
 853     client = calloc(1, sizeof(crm_ipc_t));
 854     if (client == NULL) {
 855         crm_err("Could not create IPC connection: %s", strerror(errno));
 856         return NULL;
 857     }
 858 
 859     client->server_name = strdup(name);
 860     if (client->server_name == NULL) {
 861         crm_err("Could not create %s IPC connection: %s",
 862                 name, strerror(errno));
 863         free(client);
 864         return NULL;
 865     }
 866     client->buf_size = pcmk__ipc_buffer_size(max_size);
 867     client->buffer = malloc(client->buf_size);
 868     if (client->buffer == NULL) {
 869         crm_err("Could not create %s IPC connection: %s",
 870                 name, strerror(errno));
 871         free(client->server_name);
 872         free(client);
 873         return NULL;
 874     }
 875 
 876     /* Clients initiating connection pick the max buf size */
 877     client->max_buf_size = client->buf_size;
 878 
 879     client->pfd.fd = -1;
 880     client->pfd.events = POLLIN;
 881     client->pfd.revents = 0;
 882 
 883     return client;
 884 }
 885 
 886 /*!
 887  * \internal
 888  * \brief Connect a generic (not daemon-specific) IPC object
 889  *
 890  * \param[in,out] ipc  Generic IPC object to connect
 891  *
 892  * \return Standard Pacemaker return code
 893  */
 894 int
 895 pcmk__connect_generic_ipc(crm_ipc_t *ipc)
     /*  */
 896 {
 897     uid_t cl_uid = 0;
 898     gid_t cl_gid = 0;
 899     pid_t found_pid = 0;
 900     uid_t found_uid = 0;
 901     gid_t found_gid = 0;
 902     int rc = pcmk_rc_ok;
 903 
 904     if (ipc == NULL) {
 905         return EINVAL;
 906     }
 907 
 908     ipc->need_reply = FALSE;
 909     ipc->ipc = qb_ipcc_connect(ipc->server_name, ipc->buf_size);
 910     if (ipc->ipc == NULL) {
 911         return errno;
 912     }
 913 
 914     rc = qb_ipcc_fd_get(ipc->ipc, &ipc->pfd.fd);
 915     if (rc < 0) { // -errno
 916         crm_ipc_close(ipc);
 917         return -rc;
 918     }
 919 
 920     rc = pcmk_daemon_user(&cl_uid, &cl_gid);
 921     rc = pcmk_legacy2rc(rc);
 922     if (rc != pcmk_rc_ok) {
 923         crm_ipc_close(ipc);
 924         return rc;
 925     }
 926 
 927     rc = is_ipc_provider_expected(ipc->ipc, ipc->pfd.fd, cl_uid, cl_gid,
 928                                   &found_pid, &found_uid, &found_gid);
 929     if (rc != pcmk_rc_ok) {
 930         if (rc == pcmk_rc_ipc_unauthorized) {
 931             crm_info("%s IPC provider authentication failed: process %lld has "
 932                      "uid %lld (expected %lld) and gid %lld (expected %lld)",
 933                      ipc->server_name,
 934                      (long long) PCMK__SPECIAL_PID_AS_0(found_pid),
 935                      (long long) found_uid, (long long) cl_uid,
 936                      (long long) found_gid, (long long) cl_gid);
 937         }
 938         crm_ipc_close(ipc);
 939         return rc;
 940     }
 941 
 942     ipc->max_buf_size = qb_ipcc_get_buffer_size(ipc->ipc);
 943     if (ipc->max_buf_size > ipc->buf_size) {
 944         free(ipc->buffer);
 945         ipc->buffer = calloc(ipc->max_buf_size, sizeof(char));
 946         if (ipc->buffer == NULL) {
 947             rc = errno;
 948             crm_ipc_close(ipc);
 949             return rc;
 950         }
 951         ipc->buf_size = ipc->max_buf_size;
 952     }
 953 
 954     return pcmk_rc_ok;
 955 }
 956 
 957 /*!
 958  * \brief Establish an IPC connection to a Pacemaker component
 959  *
 960  * \param[in,out] client  Connection instance obtained from crm_ipc_new()
 961  *
 962  * \return true on success, false otherwise (in which case errno will be set;
 963  *         specifically, in case of discovering the remote side is not
 964  *         authentic, its value is set to ECONNABORTED).
 965  */
 966 bool
 967 crm_ipc_connect(crm_ipc_t *client)
     /*  */
 968 {
 969     int rc = pcmk__connect_generic_ipc(client);
 970 
 971     if (rc == pcmk_rc_ok) {
 972         return true;
 973     }
 974     if ((client != NULL) && (client->ipc == NULL)) {
 975         errno = (rc > 0)? rc : ENOTCONN;
 976         crm_debug("Could not establish %s IPC connection: %s (%d)",
 977                   client->server_name, pcmk_rc_str(errno), errno);
 978     } else if (rc == pcmk_rc_ipc_unauthorized) {
 979         crm_err("%s IPC provider authentication failed",
 980                 (client == NULL)? "Pacemaker" : client->server_name);
 981         errno = ECONNABORTED;
 982     } else {
 983         crm_perror(LOG_ERR,
 984                    "Could not verify authenticity of %s IPC provider",
 985                    (client == NULL)? "Pacemaker" : client->server_name);
 986         errno = ENOTCONN;
 987     }
 988     return false;
 989 }
 990 
 991 void
 992 crm_ipc_close(crm_ipc_t * client)
     /*  */
 993 {
 994     if (client) {
 995         if (client->ipc) {
 996             qb_ipcc_connection_t *ipc = client->ipc;
 997 
 998             client->ipc = NULL;
 999             qb_ipcc_disconnect(ipc);
1000         }
1001     }
1002 }
1003 
1004 void
1005 crm_ipc_destroy(crm_ipc_t * client)
     /*  */
1006 {
1007     if (client) {
1008         if (client->ipc && qb_ipcc_is_connected(client->ipc)) {
1009             crm_notice("Destroying active %s IPC connection",
1010                        client->server_name);
1011             /* The next line is basically unsafe
1012              *
1013              * If this connection was attached to mainloop and mainloop is active,
1014              *   the 'disconnected' callback will end up back here and we'll end
1015              *   up free'ing the memory twice - something that can still happen
1016              *   even without this if we destroy a connection and it closes before
1017              *   we call exit
1018              */
1019             /* crm_ipc_close(client); */
1020         } else {
1021             crm_trace("Destroying inactive %s IPC connection",
1022                       client->server_name);
1023         }
1024         free(client->buffer);
1025         free(client->server_name);
1026         free(client);
1027     }
1028 }
1029 
1030 /*!
1031  * \internal
1032  * \brief Get the file descriptor for a generic IPC object
1033  *
1034  * \param[in,out] ipc  Generic IPC object to get file descriptor for
1035  * \param[out]    fd   Where to store file descriptor
1036  *
1037  * \return Standard Pacemaker return code
1038  */
1039 int
1040 pcmk__ipc_fd(crm_ipc_t *ipc, int *fd)
     /*  */
1041 {
1042     if ((ipc == NULL) || (fd == NULL)) {
1043         return EINVAL;
1044     }
1045     if ((ipc->ipc == NULL) || (ipc->pfd.fd < 0)) {
1046         return ENOTCONN;
1047     }
1048     *fd = ipc->pfd.fd;
1049     return pcmk_rc_ok;
1050 }
1051 
1052 int
1053 crm_ipc_get_fd(crm_ipc_t * client)
     /*  */
1054 {
1055     int fd = -1;
1056 
1057     if (pcmk__ipc_fd(client, &fd) != pcmk_rc_ok) {
1058         crm_err("Could not obtain file descriptor for %s IPC",
1059                 ((client == NULL)? "unspecified" : client->server_name));
1060         errno = EINVAL;
1061         return -EINVAL;
1062     }
1063     return fd;
1064 }
1065 
1066 bool
1067 crm_ipc_connected(crm_ipc_t * client)
     /*  */
1068 {
1069     bool rc = FALSE;
1070 
1071     if (client == NULL) {
1072         crm_trace("No client");
1073         return FALSE;
1074 
1075     } else if (client->ipc == NULL) {
1076         crm_trace("No connection");
1077         return FALSE;
1078 
1079     } else if (client->pfd.fd < 0) {
1080         crm_trace("Bad descriptor");
1081         return FALSE;
1082     }
1083 
1084     rc = qb_ipcc_is_connected(client->ipc);
1085     if (rc == FALSE) {
1086         client->pfd.fd = -EINVAL;
1087     }
1088     return rc;
1089 }
1090 
1091 /*!
1092  * \brief Check whether an IPC connection is ready to be read
1093  *
1094  * \param[in,out] client  Connection to check
1095  *
1096  * \return Positive value if ready to be read, 0 if not ready, -errno on error
1097  */
1098 int
1099 crm_ipc_ready(crm_ipc_t *client)
     /*  */
1100 {
1101     int rc;
1102 
1103     CRM_ASSERT(client != NULL);
1104 
1105     if (!crm_ipc_connected(client)) {
1106         return -ENOTCONN;
1107     }
1108 
1109     client->pfd.revents = 0;
1110     rc = poll(&(client->pfd), 1, 0);
1111     return (rc < 0)? -errno : rc;
1112 }
1113 
1114 // \return Standard Pacemaker return code
1115 static int
1116 crm_ipc_decompress(crm_ipc_t * client)
     /*  */
1117 {
1118     pcmk__ipc_header_t *header = (pcmk__ipc_header_t *)(void*)client->buffer;
1119 
1120     if (header->size_compressed) {
1121         int rc = 0;
1122         unsigned int size_u = 1 + header->size_uncompressed;
1123         /* never let buf size fall below our max size required for ipc reads. */
1124         unsigned int new_buf_size = QB_MAX((sizeof(pcmk__ipc_header_t) + size_u), client->max_buf_size);
1125         char *uncompressed = calloc(1, new_buf_size);
1126 
1127         crm_trace("Decompressing message data %u bytes into %u bytes",
1128                  header->size_compressed, size_u);
1129 
1130         rc = BZ2_bzBuffToBuffDecompress(uncompressed + sizeof(pcmk__ipc_header_t), &size_u,
1131                                         client->buffer + sizeof(pcmk__ipc_header_t), header->size_compressed, 1, 0);
1132         rc = pcmk__bzlib2rc(rc);
1133 
1134         if (rc != pcmk_rc_ok) {
1135             crm_err("Decompression failed: %s " CRM_XS " rc=%d",
1136                     pcmk_rc_str(rc), rc);
1137             free(uncompressed);
1138             return rc;
1139         }
1140 
1141         /*
1142          * This assert no longer holds true.  For an identical msg, some clients may
1143          * require compression, and others may not. If that same msg (event) is sent
1144          * to multiple clients, it could result in some clients receiving a compressed
1145          * msg even though compression was not explicitly required for them.
1146          *
1147          * CRM_ASSERT((header->size_uncompressed + sizeof(pcmk__ipc_header_t)) >= ipc_buffer_max);
1148          */
1149         CRM_ASSERT(size_u == header->size_uncompressed);
1150 
1151         memcpy(uncompressed, client->buffer, sizeof(pcmk__ipc_header_t));       /* Preserve the header */
1152         header = (pcmk__ipc_header_t *)(void*)uncompressed;
1153 
1154         free(client->buffer);
1155         client->buf_size = new_buf_size;
1156         client->buffer = uncompressed;
1157     }
1158 
1159     CRM_ASSERT(client->buffer[sizeof(pcmk__ipc_header_t) + header->size_uncompressed - 1] == 0);
1160     return pcmk_rc_ok;
1161 }
1162 
1163 long
1164 crm_ipc_read(crm_ipc_t * client)
     /*  */
1165 {
1166     pcmk__ipc_header_t *header = NULL;
1167 
1168     CRM_ASSERT(client != NULL);
1169     CRM_ASSERT(client->ipc != NULL);
1170     CRM_ASSERT(client->buffer != NULL);
1171 
1172     client->buffer[0] = 0;
1173     client->msg_size = qb_ipcc_event_recv(client->ipc, client->buffer,
1174                                           client->buf_size, 0);
1175     if (client->msg_size >= 0) {
1176         int rc = crm_ipc_decompress(client);
1177 
1178         if (rc != pcmk_rc_ok) {
1179             return pcmk_rc2legacy(rc);
1180         }
1181 
1182         header = (pcmk__ipc_header_t *)(void*)client->buffer;
1183         if (!pcmk__valid_ipc_header(header)) {
1184             return -EBADMSG;
1185         }
1186 
1187         crm_trace("Received %s IPC event %d size=%u rc=%d text='%.100s'",
1188                   client->server_name, header->qb.id, header->qb.size,
1189                   client->msg_size,
1190                   client->buffer + sizeof(pcmk__ipc_header_t));
1191 
1192     } else {
1193         crm_trace("No message received from %s IPC: %s",
1194                   client->server_name, pcmk_strerror(client->msg_size));
1195 
1196         if (client->msg_size == -EAGAIN) {
1197             return -EAGAIN;
1198         }
1199     }
1200 
1201     if (!crm_ipc_connected(client) || client->msg_size == -ENOTCONN) {
1202         crm_err("Connection to %s IPC failed", client->server_name);
1203     }
1204 
1205     if (header) {
1206         /* Data excluding the header */
1207         return header->size_uncompressed;
1208     }
1209     return -ENOMSG;
1210 }
1211 
1212 const char *
1213 crm_ipc_buffer(crm_ipc_t * client)
     /*  */
1214 {
1215     CRM_ASSERT(client != NULL);
1216     return client->buffer + sizeof(pcmk__ipc_header_t);
1217 }
1218 
1219 uint32_t
1220 crm_ipc_buffer_flags(crm_ipc_t * client)
     /*  */
1221 {
1222     pcmk__ipc_header_t *header = NULL;
1223 
1224     CRM_ASSERT(client != NULL);
1225     if (client->buffer == NULL) {
1226         return 0;
1227     }
1228 
1229     header = (pcmk__ipc_header_t *)(void*)client->buffer;
1230     return header->flags;
1231 }
1232 
1233 const char *
1234 crm_ipc_name(crm_ipc_t * client)
     /*  */
1235 {
1236     CRM_ASSERT(client != NULL);
1237     return client->server_name;
1238 }
1239 
1240 // \return Standard Pacemaker return code
1241 static int
1242 internal_ipc_get_reply(crm_ipc_t *client, int request_id, int ms_timeout,
     /*  */
1243                        ssize_t *bytes)
1244 {
1245     time_t timeout = time(NULL) + 1 + (ms_timeout / 1000);
1246     int rc = pcmk_rc_ok;
1247 
1248     /* get the reply */
1249     crm_trace("Waiting on reply to %s IPC message %d",
1250               client->server_name, request_id);
1251     do {
1252 
1253         *bytes = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, 1000);
1254         if (*bytes > 0) {
1255             pcmk__ipc_header_t *hdr = NULL;
1256 
1257             rc = crm_ipc_decompress(client);
1258             if (rc != pcmk_rc_ok) {
1259                 return rc;
1260             }
1261 
1262             hdr = (pcmk__ipc_header_t *)(void*)client->buffer;
1263             if (hdr->qb.id == request_id) {
1264                 /* Got it */
1265                 break;
1266             } else if (hdr->qb.id < request_id) {
1267                 xmlNode *bad = string2xml(crm_ipc_buffer(client));
1268 
1269                 crm_err("Discarding old reply %d (need %d)", hdr->qb.id, request_id);
1270                 crm_log_xml_notice(bad, "OldIpcReply");
1271 
1272             } else {
1273                 xmlNode *bad = string2xml(crm_ipc_buffer(client));
1274 
1275                 crm_err("Discarding newer reply %d (need %d)", hdr->qb.id, request_id);
1276                 crm_log_xml_notice(bad, "ImpossibleReply");
1277                 CRM_ASSERT(hdr->qb.id <= request_id);
1278             }
1279         } else if (!crm_ipc_connected(client)) {
1280             crm_err("%s IPC provider disconnected while waiting for message %d",
1281                     client->server_name, request_id);
1282             break;
1283         }
1284 
1285     } while (time(NULL) < timeout);
1286 
1287     if (*bytes < 0) {
1288         rc = (int) -*bytes; // System errno
1289     }
1290     return rc;
1291 }
1292 
1293 /*!
1294  * \brief Send an IPC XML message
1295  *
1296  * \param[in,out] client      Connection to IPC server
1297  * \param[in]     message     XML message to send
1298  * \param[in]     flags       Bitmask of crm_ipc_flags
1299  * \param[in]     ms_timeout  Give up if not sent within this much time
1300  *                            (5 seconds if 0, or no timeout if negative)
1301  * \param[out]    reply       Reply from server (or NULL if none)
1302  *
1303  * \return Negative errno on error, otherwise size of reply received in bytes
1304  *         if reply was needed, otherwise number of bytes sent
1305  */
1306 int
1307 crm_ipc_send(crm_ipc_t *client, const xmlNode *message,
     /*  */
1308              enum crm_ipc_flags flags, int32_t ms_timeout, xmlNode **reply)
1309 {
1310     int rc = 0;
1311     ssize_t qb_rc = 0;
1312     ssize_t bytes = 0;
1313     struct iovec *iov;
1314     static uint32_t id = 0;
1315     static int factor = 8;
1316     pcmk__ipc_header_t *header;
1317 
1318     if (client == NULL) {
1319         crm_notice("Can't send IPC request without connection (bug?): %.100s",
1320                    message);
1321         return -ENOTCONN;
1322 
1323     } else if (!crm_ipc_connected(client)) {
1324         /* Don't even bother */
1325         crm_notice("Can't send %s IPC requests: Connection closed",
1326                    client->server_name);
1327         return -ENOTCONN;
1328     }
1329 
1330     if (ms_timeout == 0) {
1331         ms_timeout = 5000;
1332     }
1333 
1334     if (client->need_reply) {
1335         qb_rc = qb_ipcc_recv(client->ipc, client->buffer, client->buf_size, ms_timeout);
1336         if (qb_rc < 0) {
1337             crm_warn("Sending %s IPC disabled until pending reply received",
1338                      client->server_name);
1339             return -EALREADY;
1340 
1341         } else {
1342             crm_notice("Sending %s IPC re-enabled after pending reply received",
1343                        client->server_name);
1344             client->need_reply = FALSE;
1345         }
1346     }
1347 
1348     id++;
1349     CRM_LOG_ASSERT(id != 0); /* Crude wrap-around detection */
1350     rc = pcmk__ipc_prepare_iov(id, message, client->max_buf_size, &iov, &bytes);
1351     if (rc != pcmk_rc_ok) {
1352         crm_warn("Couldn't prepare %s IPC request: %s " CRM_XS " rc=%d",
1353                  client->server_name, pcmk_rc_str(rc), rc);
1354         return pcmk_rc2legacy(rc);
1355     }
1356 
1357     header = iov[0].iov_base;
1358     pcmk__set_ipc_flags(header->flags, client->server_name, flags);
1359 
1360     if (pcmk_is_set(flags, crm_ipc_proxied)) {
1361         /* Don't look for a synchronous response */
1362         pcmk__clear_ipc_flags(flags, "client", crm_ipc_client_response);
1363     }
1364 
1365     if(header->size_compressed) {
1366         if(factor < 10 && (client->max_buf_size / 10) < (bytes / factor)) {
1367             crm_notice("Compressed message exceeds %d0%% of configured IPC "
1368                        "limit (%u bytes); consider setting PCMK_ipc_buffer to "
1369                        "%u or higher",
1370                        factor, client->max_buf_size, 2 * client->max_buf_size);
1371             factor++;
1372         }
1373     }
1374 
1375     crm_trace("Sending %s IPC request %d of %u bytes using %dms timeout",
1376               client->server_name, header->qb.id, header->qb.size, ms_timeout);
1377 
1378     if ((ms_timeout > 0) || !pcmk_is_set(flags, crm_ipc_client_response)) {
1379 
1380         time_t timeout = time(NULL) + 1 + (ms_timeout / 1000);
1381 
1382         do {
1383             /* @TODO Is this check really needed? Won't qb_ipcc_sendv() return
1384              * an error if it's not connected?
1385              */
1386             if (!crm_ipc_connected(client)) {
1387                 goto send_cleanup;
1388             }
1389 
1390             qb_rc = qb_ipcc_sendv(client->ipc, iov, 2);
1391         } while ((qb_rc == -EAGAIN) && (time(NULL) < timeout));
1392 
1393         rc = (int) qb_rc; // Negative of system errno, or bytes sent
1394         if (qb_rc <= 0) {
1395             goto send_cleanup;
1396 
1397         } else if (!pcmk_is_set(flags, crm_ipc_client_response)) {
1398             crm_trace("Not waiting for reply to %s IPC request %d",
1399                       client->server_name, header->qb.id);
1400             goto send_cleanup;
1401         }
1402 
1403         rc = internal_ipc_get_reply(client, header->qb.id, ms_timeout, &bytes);
1404         if (rc != pcmk_rc_ok) {
1405             /* We didn't get the reply in time, so disable future sends for now.
1406              * The only alternative would be to close the connection since we
1407              * don't know how to detect and discard out-of-sequence replies.
1408              *
1409              * @TODO Implement out-of-sequence detection
1410              */
1411             client->need_reply = TRUE;
1412         }
1413         rc = (int) bytes; // Negative system errno, or size of reply received
1414 
1415     } else {
1416         // No timeout, and client response needed
1417         do {
1418             qb_rc = qb_ipcc_sendv_recv(client->ipc, iov, 2, client->buffer,
1419                                        client->buf_size, -1);
1420         } while ((qb_rc == -EAGAIN) && crm_ipc_connected(client));
1421         rc = (int) qb_rc; // Negative system errno, or size of reply received
1422     }
1423 
1424     if (rc > 0) {
1425         pcmk__ipc_header_t *hdr = (pcmk__ipc_header_t *)(void*)client->buffer;
1426 
1427         crm_trace("Received %d-byte reply %d to %s IPC %d: %.100s",
1428                   rc, hdr->qb.id, client->server_name, header->qb.id,
1429                   crm_ipc_buffer(client));
1430 
1431         if (reply) {
1432             *reply = string2xml(crm_ipc_buffer(client));
1433         }
1434 
1435     } else {
1436         crm_trace("No reply to %s IPC %d: rc=%d",
1437                   client->server_name, header->qb.id, rc);
1438     }
1439 
1440   send_cleanup:
1441     if (!crm_ipc_connected(client)) {
1442         crm_notice("Couldn't send %s IPC request %d: Connection closed "
1443                    CRM_XS " rc=%d", client->server_name, header->qb.id, rc);
1444 
1445     } else if (rc == -ETIMEDOUT) {
1446         crm_warn("%s IPC request %d failed: %s after %dms " CRM_XS " rc=%d",
1447                  client->server_name, header->qb.id, pcmk_strerror(rc),
1448                  ms_timeout, rc);
1449         crm_write_blackbox(0, NULL);
1450 
1451     } else if (rc <= 0) {
1452         crm_warn("%s IPC request %d failed: %s " CRM_XS " rc=%d",
1453                  client->server_name, header->qb.id,
1454                  ((rc == 0)? "No bytes sent" : pcmk_strerror(rc)), rc);
1455     }
1456 
1457     pcmk_free_ipc_event(iov);
1458     return rc;
1459 }
1460 
1461 /*!
1462  * \brief Ensure an IPC provider has expected user or group
1463  *
1464  * \param[in]  qb_ipc  libqb client connection if available
1465  * \param[in]  sock    Connected Unix socket for IPC
1466  * \param[in]  refuid  Expected user ID
1467  * \param[in]  refgid  Expected group ID
1468  * \param[out] gotpid  If not NULL, where to store provider's actual process ID
1469  *                     (or 1 on platforms where ID is not available)
1470  * \param[out] gotuid  If not NULL, where to store provider's actual user ID
1471  * \param[out] gotgid  If not NULL, where to store provider's actual group ID
1472  *
1473  * \return Standard Pacemaker return code
1474  * \note An actual user ID of 0 (root) will always be considered authorized,
1475  *       regardless of the expected values provided. The caller can use the
1476  *       output arguments to be stricter than this function.
1477  */
1478 static int
1479 is_ipc_provider_expected(qb_ipcc_connection_t *qb_ipc, int sock,
     /*  */
1480                          uid_t refuid, gid_t refgid,
1481                          pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1482 {
1483     int rc = EOPNOTSUPP;
1484     pid_t found_pid = 0;
1485     uid_t found_uid = 0;
1486     gid_t found_gid = 0;
1487 
1488 #ifdef HAVE_QB_IPCC_AUTH_GET
1489     if (qb_ipc != NULL) {
1490         rc = qb_ipcc_auth_get(qb_ipc, &found_pid, &found_uid, &found_gid);
1491         rc = -rc; // libqb returns 0 or -errno
1492         if (rc == pcmk_rc_ok) {
1493             goto found;
1494         }
1495     }
1496 #endif
1497 
1498 #ifdef HAVE_UCRED
1499     {
1500         struct ucred ucred;
1501         socklen_t ucred_len = sizeof(ucred);
1502 
1503         if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &ucred, &ucred_len) < 0) {
1504             rc = errno;
1505         } else if (ucred_len != sizeof(ucred)) {
1506             rc = EOPNOTSUPP;
1507         } else {
1508             found_pid = ucred.pid;
1509             found_uid = ucred.uid;
1510             found_gid = ucred.gid;
1511             goto found;
1512         }
1513     }
1514 #endif
1515 
1516 #ifdef HAVE_SOCKPEERCRED
1517     {
1518         struct sockpeercred sockpeercred;
1519         socklen_t sockpeercred_len = sizeof(sockpeercred);
1520 
1521         if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED,
1522                        &sockpeercred, &sockpeercred_len) < 0) {
1523             rc = errno;
1524         } else if (sockpeercred_len != sizeof(sockpeercred)) {
1525             rc = EOPNOTSUPP;
1526         } else {
1527             found_pid = sockpeercred.pid;
1528             found_uid = sockpeercred.uid;
1529             found_gid = sockpeercred.gid;
1530             goto found;
1531         }
1532     }
1533 #endif
1534 
1535 #ifdef HAVE_GETPEEREID // For example, FreeBSD
1536     if (getpeereid(sock, &found_uid, &found_gid) < 0) {
1537         rc = errno;
1538     } else {
1539         found_pid = PCMK__SPECIAL_PID;
1540         goto found;
1541     }
1542 #endif
1543 
1544 #ifdef HAVE_GETPEERUCRED
1545     {
1546         ucred_t *ucred = NULL;
1547 
1548         if (getpeerucred(sock, &ucred) < 0) {
1549             rc = errno;
1550         } else {
1551             found_pid = ucred_getpid(ucred);
1552             found_uid = ucred_geteuid(ucred);
1553             found_gid = ucred_getegid(ucred);
1554             ucred_free(ucred);
1555             goto found;
1556         }
1557     }
1558 #endif
1559 
1560     return rc; // If we get here, nothing succeeded
1561 
1562 found:
1563     if (gotpid != NULL) {
1564         *gotpid = found_pid;
1565     }
1566     if (gotuid != NULL) {
1567         *gotuid = found_uid;
1568     }
1569     if (gotgid != NULL) {
1570         *gotgid = found_gid;
1571     }
1572     if ((found_uid != 0) && (found_uid != refuid) && (found_gid != refgid)) {
1573         return pcmk_rc_ipc_unauthorized;
1574     }
1575     return pcmk_rc_ok;
1576 }
1577 
1578 int
1579 crm_ipc_is_authentic_process(int sock, uid_t refuid, gid_t refgid,
     /*  */
1580                              pid_t *gotpid, uid_t *gotuid, gid_t *gotgid)
1581 {
1582     int ret = is_ipc_provider_expected(NULL, sock, refuid, refgid,
1583                                        gotpid, gotuid, gotgid);
1584 
1585     /* The old function had some very odd return codes*/
1586     if (ret == 0) {
1587         return 1;
1588     } else if (ret == pcmk_rc_ipc_unauthorized) {
1589         return 0;
1590     } else {
1591         return pcmk_rc2legacy(ret);
1592     }
1593 }
1594 
1595 int
1596 pcmk__ipc_is_authentic_process_active(const char *name, uid_t refuid,
     /*  */
1597                                       gid_t refgid, pid_t *gotpid)
1598 {
1599     static char last_asked_name[PATH_MAX / 2] = "";  /* log spam prevention */
1600     int fd;
1601     int rc = pcmk_rc_ipc_unresponsive;
1602     int auth_rc = 0;
1603     int32_t qb_rc;
1604     pid_t found_pid = 0; uid_t found_uid = 0; gid_t found_gid = 0;
1605     qb_ipcc_connection_t *c;
1606 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC
1607     struct pollfd pollfd = { 0, };
1608     int poll_rc;
1609 
1610     c = qb_ipcc_connect_async(name, 0,
1611                               &(pollfd.fd));
1612 #else
1613     c = qb_ipcc_connect(name, 0);
1614 #endif
1615     if (c == NULL) {
1616         crm_info("Could not connect to %s IPC: %s", name, strerror(errno));
1617         rc = pcmk_rc_ipc_unresponsive;
1618         goto bail;
1619     }
1620 #ifdef HAVE_QB_IPCC_CONNECT_ASYNC
1621     pollfd.events = POLLIN;
1622     do {
1623         poll_rc = poll(&pollfd, 1, 2000);
1624     } while ((poll_rc == -1) && (errno == EINTR));
1625     if ((poll_rc <= 0) || (qb_ipcc_connect_continue(c) != 0)) {
1626         crm_info("Could not connect to %s IPC: %s", name,
1627                  (poll_rc == 0)?"timeout":strerror(errno));
1628         rc = pcmk_rc_ipc_unresponsive;
1629         if (poll_rc > 0) {
1630             c = NULL; // qb_ipcc_connect_continue cleaned up for us
1631         }
1632         goto bail;
1633     }
1634 #endif
1635 
1636     qb_rc = qb_ipcc_fd_get(c, &fd);
1637     if (qb_rc != 0) {
1638         rc = (int) -qb_rc; // System errno
1639         crm_err("Could not get fd from %s IPC: %s " CRM_XS " rc=%d",
1640                 name, pcmk_rc_str(rc), rc);
1641         goto bail;
1642     }
1643 
1644     auth_rc = is_ipc_provider_expected(c, fd, refuid, refgid,
1645                                        &found_pid, &found_uid, &found_gid);
1646     if (auth_rc == pcmk_rc_ipc_unauthorized) {
1647         crm_err("Daemon (IPC %s) effectively blocked with unauthorized"
1648                 " process %lld (uid: %lld, gid: %lld)",
1649                 name, (long long) PCMK__SPECIAL_PID_AS_0(found_pid),
1650                 (long long) found_uid, (long long) found_gid);
1651         rc = pcmk_rc_ipc_unauthorized;
1652         goto bail;
1653     }
1654 
1655     if (auth_rc != pcmk_rc_ok) {
1656         rc = auth_rc;
1657         crm_err("Could not get peer credentials from %s IPC: %s "
1658                 CRM_XS " rc=%d", name, pcmk_rc_str(rc), rc);
1659         goto bail;
1660     }
1661 
1662     if (gotpid != NULL) {
1663         *gotpid = found_pid;
1664     }
1665 
1666     rc = pcmk_rc_ok;
1667     if ((found_uid != refuid || found_gid != refgid)
1668             && strncmp(last_asked_name, name, sizeof(last_asked_name))) {
1669         if ((found_uid == 0) && (refuid != 0)) {
1670             crm_warn("Daemon (IPC %s) runs as root, whereas the expected"
1671                      " credentials are %lld:%lld, hazard of violating"
1672                      " the least privilege principle",
1673                      name, (long long) refuid, (long long) refgid);
1674         } else {
1675             crm_notice("Daemon (IPC %s) runs as %lld:%lld, whereas the"
1676                        " expected credentials are %lld:%lld, which may"
1677                        " mean a different set of privileges than expected",
1678                        name, (long long) found_uid, (long long) found_gid,
1679                        (long long) refuid, (long long) refgid);
1680         }
1681         memccpy(last_asked_name, name, '\0', sizeof(last_asked_name));
1682     }
1683 
1684 bail:
1685     if (c != NULL) {
1686         qb_ipcc_disconnect(c);
1687     }
1688     return rc;
1689 }
/* */
root/lib/common/ipc_client.c

DEFINITIONS
