summaryrefslogtreecommitdiffstats
path: root/lib/common/crmcommon_private.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 07:45:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 07:45:40 +0000
commit07d7f4cfa4b10de87a31b68191036ff446add675 (patch)
tree7162524d8aaf1aef62d2f4fa51f595ed113981ff /lib/common/crmcommon_private.h
parentAdding upstream version 2.1.6. (diff)
downloadpacemaker-upstream/2.1.7.tar.xz
pacemaker-upstream/2.1.7.zip
Adding upstream version 2.1.7.upstream/2.1.7
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--lib/common/crmcommon_private.h63
1 files changed, 12 insertions, 51 deletions
diff --git a/lib/common/crmcommon_private.h b/lib/common/crmcommon_private.h
index 7faccb6..121d663 100644
--- a/lib/common/crmcommon_private.h
+++ b/lib/common/crmcommon_private.h
@@ -63,7 +63,7 @@ typedef struct xml_doc_private_s {
} while (0)
G_GNUC_INTERNAL
-void pcmk__xml2text(xmlNodePtr data, uint32_t options, GString *buffer,
+void pcmk__xml2text(const xmlNode *data, uint32_t options, GString *buffer,
int depth);
G_GNUC_INTERNAL
@@ -116,12 +116,14 @@ G_GNUC_INTERNAL
void pcmk__log_xmllib_err(void *ctx, const char *fmt, ...)
G_GNUC_PRINTF(2, 3);
-static inline const char *
-pcmk__xml_attr_value(const xmlAttr *attr)
-{
- return ((attr == NULL) || (attr->children == NULL))? NULL
- : (const char *) attr->children->content;
-}
+G_GNUC_INTERNAL
+void pcmk__mark_xml_node_dirty(xmlNode *xml);
+
+G_GNUC_INTERNAL
+bool pcmk__marked_as_deleted(xmlAttrPtr a, void *user_data);
+
+G_GNUC_INTERNAL
+void pcmk__dump_xml_attr(const xmlAttr *attr, GString *buffer);
/*
* IPC
@@ -173,11 +175,11 @@ typedef struct pcmk__ipc_methods_s {
* \brief Check whether an IPC request results in a reply
*
* \param[in,out] api IPC API connection
- * \param[in,out] request IPC request XML
+ * \param[in] request IPC request XML
*
* \return true if request would result in an IPC reply, false otherwise
*/
- bool (*reply_expected)(pcmk_ipc_api_t *api, xmlNode *request);
+ bool (*reply_expected)(pcmk_ipc_api_t *api, const xmlNode *request);
/*!
* \internal
@@ -222,7 +224,7 @@ typedef struct pcmk__ipc_header_s {
} pcmk__ipc_header_t;
G_GNUC_INTERNAL
-int pcmk__send_ipc_request(pcmk_ipc_api_t *api, xmlNode *request);
+int pcmk__send_ipc_request(pcmk_ipc_api_t *api, const xmlNode *request);
G_GNUC_INTERNAL
void pcmk__call_ipc_callback(pcmk_ipc_api_t *api,
@@ -264,47 +266,6 @@ pcmk__ipc_methods_t *pcmk__schedulerd_api_methods(void);
//! XML has been moved
#define PCMK__XML_PREFIX_MOVED "+~"
-/*!
- * \brief Check the authenticity of the IPC socket peer process
- *
- * If everything goes well, peer's authenticity is verified by the means
- * of comparing against provided referential UID and GID (either satisfies),
- * and the result of this check can be deduced from the return value.
- * As an exception, detected UID of 0 ("root") satisfies arbitrary
- * provided referential daemon's credentials.
- *
- * \param[in] qb_ipc libqb client connection if available
- * \param[in] sock IPC related, connected Unix socket to check peer of
- * \param[in] refuid referential UID to check against
- * \param[in] refgid referential GID to check against
- * \param[out] gotpid to optionally store obtained PID of the peer
- * (not available on FreeBSD, special value of 1
- * used instead, and the caller is required to
- * special case this value respectively)
- * \param[out] gotuid to optionally store obtained UID of the peer
- * \param[out] gotgid to optionally store obtained GID of the peer
- *
- * \return Standard Pacemaker return code
- * ie: 0 if it the connection is authentic
- * pcmk_rc_ipc_unauthorized if the connection is not authentic,
- * standard errors.
- *
- * \note While this function is tolerant on what constitutes authorized
- * IPC daemon process (its effective user matches UID=0 or \p refuid,
- * or at least its group matches \p refgid), either or both (in case
- * of UID=0) mismatches on the expected credentials of such peer
- * process \e shall be investigated at the caller when value of 1
- * gets returned there, since higher-than-expected privileges in
- * respect to the expected/intended credentials possibly violate
- * the least privilege principle and may pose an additional risk
- * (i.e. such accidental inconsistency shall be eventually fixed).
- */
-int pcmk__crm_ipc_is_authentic_process(qb_ipcc_connection_t *qb_ipc, int sock,
- uid_t refuid, gid_t refgid,
- pid_t *gotpid, uid_t *gotuid,
- gid_t *gotgid);
-
-
/*
* Output
*/