diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:45:40 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:45:40 +0000 |
commit | 07d7f4cfa4b10de87a31b68191036ff446add675 (patch) | |
tree | 7162524d8aaf1aef62d2f4fa51f595ed113981ff /lib/common/crmcommon_private.h | |
parent | Adding upstream version 2.1.6. (diff) | |
download | pacemaker-upstream/2.1.7.tar.xz pacemaker-upstream/2.1.7.zip |
Adding upstream version 2.1.7.upstream/2.1.7
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | lib/common/crmcommon_private.h | 63 |
1 files changed, 12 insertions, 51 deletions
diff --git a/lib/common/crmcommon_private.h b/lib/common/crmcommon_private.h index 7faccb6..121d663 100644 --- a/lib/common/crmcommon_private.h +++ b/lib/common/crmcommon_private.h @@ -63,7 +63,7 @@ typedef struct xml_doc_private_s { } while (0) G_GNUC_INTERNAL -void pcmk__xml2text(xmlNodePtr data, uint32_t options, GString *buffer, +void pcmk__xml2text(const xmlNode *data, uint32_t options, GString *buffer, int depth); G_GNUC_INTERNAL @@ -116,12 +116,14 @@ G_GNUC_INTERNAL void pcmk__log_xmllib_err(void *ctx, const char *fmt, ...) G_GNUC_PRINTF(2, 3); -static inline const char * -pcmk__xml_attr_value(const xmlAttr *attr) -{ - return ((attr == NULL) || (attr->children == NULL))? NULL - : (const char *) attr->children->content; -} +G_GNUC_INTERNAL +void pcmk__mark_xml_node_dirty(xmlNode *xml); + +G_GNUC_INTERNAL +bool pcmk__marked_as_deleted(xmlAttrPtr a, void *user_data); + +G_GNUC_INTERNAL +void pcmk__dump_xml_attr(const xmlAttr *attr, GString *buffer); /* * IPC @@ -173,11 +175,11 @@ typedef struct pcmk__ipc_methods_s { * \brief Check whether an IPC request results in a reply * * \param[in,out] api IPC API connection - * \param[in,out] request IPC request XML + * \param[in] request IPC request XML * * \return true if request would result in an IPC reply, false otherwise */ - bool (*reply_expected)(pcmk_ipc_api_t *api, xmlNode *request); + bool (*reply_expected)(pcmk_ipc_api_t *api, const xmlNode *request); /*! * \internal @@ -222,7 +224,7 @@ typedef struct pcmk__ipc_header_s { } pcmk__ipc_header_t; G_GNUC_INTERNAL -int pcmk__send_ipc_request(pcmk_ipc_api_t *api, xmlNode *request); +int pcmk__send_ipc_request(pcmk_ipc_api_t *api, const xmlNode *request); G_GNUC_INTERNAL void pcmk__call_ipc_callback(pcmk_ipc_api_t *api, @@ -264,47 +266,6 @@ pcmk__ipc_methods_t *pcmk__schedulerd_api_methods(void); //! XML has been moved #define PCMK__XML_PREFIX_MOVED "+~" -/*! - * \brief Check the authenticity of the IPC socket peer process - * - * If everything goes well, peer's authenticity is verified by the means - * of comparing against provided referential UID and GID (either satisfies), - * and the result of this check can be deduced from the return value. - * As an exception, detected UID of 0 ("root") satisfies arbitrary - * provided referential daemon's credentials. - * - * \param[in] qb_ipc libqb client connection if available - * \param[in] sock IPC related, connected Unix socket to check peer of - * \param[in] refuid referential UID to check against - * \param[in] refgid referential GID to check against - * \param[out] gotpid to optionally store obtained PID of the peer - * (not available on FreeBSD, special value of 1 - * used instead, and the caller is required to - * special case this value respectively) - * \param[out] gotuid to optionally store obtained UID of the peer - * \param[out] gotgid to optionally store obtained GID of the peer - * - * \return Standard Pacemaker return code - * ie: 0 if it the connection is authentic - * pcmk_rc_ipc_unauthorized if the connection is not authentic, - * standard errors. - * - * \note While this function is tolerant on what constitutes authorized - * IPC daemon process (its effective user matches UID=0 or \p refuid, - * or at least its group matches \p refgid), either or both (in case - * of UID=0) mismatches on the expected credentials of such peer - * process \e shall be investigated at the caller when value of 1 - * gets returned there, since higher-than-expected privileges in - * respect to the expected/intended credentials possibly violate - * the least privilege principle and may pose an additional risk - * (i.e. such accidental inconsistency shall be eventually fixed). - */ -int pcmk__crm_ipc_is_authentic_process(qb_ipcc_connection_t *qb_ipc, int sock, - uid_t refuid, gid_t refgid, - pid_t *gotpid, uid_t *gotuid, - gid_t *gotgid); - - /* * Output */ |