static int32_t
attrd_ipc_accept(qb_ipcs_connection_t *c, uid_t uid, gid_t gid)
{
attrd_client_t *new_client = NULL;
#if ENABLE_ACL
struct group *crm_grp = NULL;
#endif
crm_trace("Connecting %p for connection from %d by uid=%d gid=%d",
c, crm_ipcs_client_pid(c), uid, gid);
if (need_shutdown) {
crm_info("Ignoring connection request during shutdown");
return FALSE;
}
new_client = calloc(1, sizeof(attrd_client_t));
#if ENABLE_ACL
crm_grp = getgrnam(CRM_DAEMON_GROUP);
if (crm_grp) {
qb_ipcs_connection_auth_set(c, -1, crm_grp->gr_gid, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
}
new_client->user = uid2username(uid);
#endif
qb_ipcs_context_set(c, new_client);
return 0;
}
crm_client_t *
crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client)
{
static uid_t uid_server = 0;
static gid_t gid_cluster = 0;
crm_client_t *client = NULL;
CRM_LOG_ASSERT(c);
if (c == NULL) {
return NULL;
}
if (gid_cluster == 0) {
uid_server = getuid();
if(crm_user_lookup(CRM_DAEMON_USER, NULL, &gid_cluster) < 0) {
static bool have_error = FALSE;
if(have_error == FALSE) {
crm_warn("Could not find group for user %s", CRM_DAEMON_USER);
have_error = TRUE;
}
}
}
if(gid_cluster != 0 && gid_client != 0) {
uid_t best_uid = -1; /* Passing -1 to chown(2) means don't change */
if(uid_client == 0 || uid_server == 0) { /* Someone is priveliged, but the other may not be */
best_uid = QB_MAX(uid_client, uid_server);
crm_trace("Allowing user %u to clean up after disconnect", best_uid);
}
crm_trace("Giving access to group %u", gid_cluster);
qb_ipcs_connection_auth_set(c, best_uid, gid_cluster, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
}
crm_client_init();
/* TODO: Do our own auth checking, return NULL if unauthorized */
client = calloc(1, sizeof(crm_client_t));
client->ipcs = c;
client->kind = CRM_CLIENT_IPC;
client->pid = crm_ipcs_client_pid(c);
client->id = crm_generate_uuid();
crm_debug("Connecting %p for uid=%d gid=%d pid=%u id=%s", c, uid_client, gid_client, client->pid, client->id);
#if ENABLE_ACL
client->user = uid2username(uid_client);
#endif
g_hash_table_insert(client_connections, c, client);
return client;
}
const char *
crm_acl_get_set_user(xmlNode * request, const char *field, const char *peer_user)
{
/* field is only checked for backwards compatibility */
static const char *effective_user = NULL;
const char *requested_user = NULL;
const char *user = NULL;
if(effective_user == NULL) {
effective_user = uid2username(geteuid());
}
requested_user = crm_element_value(request, XML_ACL_TAG_USER);
if(requested_user == NULL) {
requested_user = crm_element_value(request, field);
}
if (is_privileged(effective_user) == FALSE) {
/* We're not running as a privileged user, set or overwrite any existing value for $XML_ACL_TAG_USER */
user = effective_user;
} else if(peer_user == NULL && requested_user == NULL) {
/* No user known or requested, use 'effective_user' and make sure one is set for the request */
user = effective_user;
} else if(peer_user == NULL) {
/* No user known, trusting 'requested_user' */
user = requested_user;
} else if (is_privileged(peer_user) == FALSE) {
/* The peer is not a privileged user, set or overwrite any existing value for $XML_ACL_TAG_USER */
user = peer_user;
} else if (requested_user == NULL) {
/* Even if we're privileged, make sure there is always a value set */
user = peer_user;
} else {
/* Legal delegation to 'requested_user' */
user = requested_user;
}
// This requires pointer comparison, not string comparison
if(user != crm_element_value(request, XML_ACL_TAG_USER)) {
crm_xml_add(request, XML_ACL_TAG_USER, user);
}
if(field != NULL && user != crm_element_value(request, field)) {
crm_xml_add(request, field, user);
}
return requested_user;
}
void Line::show (int row, unsigned int proglen)
{
assert (m_pid >= 0);
// actually m_pid can be bigger than this..
// https://sourceforge.net/tracker/?func=detail&aid=3459408&group_id=110349&atid=656353
//assert (m_pid <= 100000);
if (DEBUG || tracemode)
{
std::cout << m_name << '/' << m_pid << '/' << m_uid << "\t" << sent_value << "\t" << recv_value << std::endl;
return;
}
if (m_pid == 0)
mvprintw (row, 0, "?");
else
mvprintw (row, 0, "%d", m_pid);
std::string username = uid2username(m_uid);
mvprintw (row, 6, "%s", username.c_str());
if (strlen (m_name) > proglen) {
// truncate oversized names
char * tmp = strdup(m_name);
char * start = tmp + strlen (m_name) - proglen;
start[0] = '.';
start[1] = '.';
mvprintw (row, 6 + 9, "%s", start);
free (tmp);
} else {
mvprintw (row, 6 + 9, "%s", m_name);
}
mvprintw (row, 6 + 9 + proglen + 2, "%s", devicename);
mvprintw (row, 6 + 9 + proglen + 2 + 6, "%10.3f", sent_value);
mvprintw (row, 6 + 9 + proglen + 2 + 6 + 9 + 3, "%10.3f", recv_value);
if (viewMode == VIEWMODE_KBPS)
{
mvprintw (row, 6 + 9 + proglen + 2 + 6 + 9 + 3 + 11, "KB/sec");
}
else if (viewMode == VIEWMODE_TOTAL_MB)
{
mvprintw (row, 6 + 9 + proglen + 2 + 6 + 9 + 3 + 11, "MB ");
}
else if (viewMode == VIEWMODE_TOTAL_KB)
{
mvprintw (row, 6 + 9 + proglen + 2 + 6 + 9 + 3 + 11, "KB ");
}
else if (viewMode == VIEWMODE_TOTAL_B)
{
mvprintw (row, 6 + 9 + proglen + 2 + 6 + 9 + 3 + 11, "B ");
}
}
const char *
crm_acl_get_set_user(xmlNode *request, const char *field, const char *peer_user)
{
static const char *effective_user = NULL;
const char *requested_user = NULL;
const char *user = NULL;
if (effective_user == NULL) {
effective_user = uid2username(geteuid());
if (effective_user == NULL) {
effective_user = strdup("#unprivileged");
CRM_CHECK(effective_user != NULL, return NULL);
crm_err("Unable to determine effective user, assuming unprivileged for ACLs");
}
crm_client_t *
crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client)
{
static gid_t uid_cluster = 0;
static gid_t gid_cluster = 0;
crm_client_t *client = NULL;
CRM_LOG_ASSERT(c);
if (c == NULL) {
return NULL;
}
if (uid_cluster == 0) {
if (crm_user_lookup(CRM_DAEMON_USER, &uid_cluster, &gid_cluster) < 0) {
static bool have_error = FALSE;
if(have_error == FALSE) {
crm_warn("Could not find user and group IDs for user %s",
CRM_DAEMON_USER);
have_error = TRUE;
}
}
}
if (uid_client != 0) {
crm_trace("Giving access to group %u", gid_cluster);
/* Passing -1 to chown(2) means don't change */
qb_ipcs_connection_auth_set(c, -1, gid_cluster, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
}
crm_client_init();
/* TODO: Do our own auth checking, return NULL if unauthorized */
client = crm_client_alloc(c);
client->ipcs = c;
client->kind = CRM_CLIENT_IPC;
client->pid = crm_ipcs_client_pid(c);
if ((uid_client == 0) || (uid_client == uid_cluster)) {
/* Remember when a connection came from root or hacluster */
set_bit(client->flags, crm_client_flag_ipc_privileged);
}
crm_debug("Connecting %p for uid=%d gid=%d pid=%u id=%s", c, uid_client, gid_client, client->pid, client->id);
#if ENABLE_ACL
client->user = uid2username(uid_client);
#endif
return client;
}
void Line::show (int row)
{
assert (m_pid >= 0);
assert (m_pid <= 100000);
if (DEBUG || tracemode)
{
std::cout << m_name << '/' << m_pid << '/' << m_uid << "\t" << sent_value << "\t" << recv_value << std::endl;
return;
}
mvprintw (3+row, 0, "%d", m_pid);
char * username = uid2username(m_uid);
mvprintw (3+row, 6, "%s", username);
free (username);
if (strlen (m_name) > PROGNAME_WIDTH) {
// truncate oversized names
char * tmp = strdup(m_name);
char * start = tmp + strlen (m_name) - PROGNAME_WIDTH;
start[0] = '.';
start[1] = '.';
mvprintw (3+row, 6 + 9, "%s", start);
free (tmp);
} else {
mvprintw (3+row, 6 + 9, "%s", m_name);
}
mvprintw (3+row, 6 + 9 + PROGNAME_WIDTH + 2, "%s", devicename);
mvprintw (3+row, 6 + 9 + PROGNAME_WIDTH + 2 + 6, "%10.3f", sent_value);
mvprintw (3+row, 6 + 9 + PROGNAME_WIDTH + 2 + 6 + 9 + 3, "%10.3f", recv_value);
if (viewMode == VIEWMODE_KBPS)
{
mvprintw (3+row, 6 + 9 + PROGNAME_WIDTH + 2 + 6 + 9 + 3 + 11, "KB/sec");
}
else if (viewMode == VIEWMODE_TOTAL_MB)
{
mvprintw (3+row, 6 + 9 + PROGNAME_WIDTH + 2 + 6 + 9 + 3 + 11, "MB ");
}
else if (viewMode == VIEWMODE_TOTAL_KB)
{
mvprintw (3+row, 6 + 9 + PROGNAME_WIDTH + 2 + 6 + 9 + 3 + 11, "KB ");
}
else if (viewMode == VIEWMODE_TOTAL_B)
{
mvprintw (3+row, 6 + 9 + PROGNAME_WIDTH + 2 + 6 + 9 + 3 + 11, "B ");
}
}
void Line::show (int row, unsigned int proglen)
{
assert (m_pid >= 0);
assert (m_pid <= PID_MAX);
if (m_pid == 0)
mvprintw (row, 6, "?");
else
mvprintw (row, 0, "%7d", m_pid);
std::string username = uid2username(m_uid);
mvprintw (row, 8, "%s", username.c_str());
if (strlen (m_name) > proglen) {
// truncate oversized names
char * tmp = strdup(m_name);
char * start = tmp + strlen (m_name) - proglen;
start[0] = '.';
start[1] = '.';
mvprintw (row, 8 + 9, "%s", start);
free (tmp);
} else {
mvprintw (row, 8 + 9, "%s", m_name);
}
mvprintw (row, 8 + 9 + proglen + 2, "%s", devicename);
mvprintw (row, 8 + 9 + proglen + 2 + 6, "%10.3f", sent_value);
mvprintw (row, 8 + 9 + proglen + 2 + 6 + 9 + 3, "%10.3f", recv_value);
if (viewMode == VIEWMODE_KBPS)
{
mvprintw (row, 8 + 9 + proglen + 2 + 6 + 9 + 3 + 11, "KB/sec");
}
else if (viewMode == VIEWMODE_TOTAL_MB)
{
mvprintw (row, 8 + 9 + proglen + 2 + 6 + 9 + 3 + 11, "MB ");
}
else if (viewMode == VIEWMODE_TOTAL_KB)
{
mvprintw (row, 8 + 9 + proglen + 2 + 6 + 9 + 3 + 11, "KB ");
}
else if (viewMode == VIEWMODE_TOTAL_B)
{
mvprintw (row, 8 + 9 + proglen + 2 + 6 + 9 + 3 + 11, "B ");
}
}
static int32_t
cib_ipc_accept(qb_ipcs_connection_t *c, uid_t uid, gid_t gid)
{
cib_client_t *new_client = NULL;
#if ENABLE_ACL
struct group *crm_grp = NULL;
#endif
crm_trace("Connecting %p for uid=%d gid=%d pid=%d", c, uid, gid, crm_ipcs_client_pid(c));
if (cib_shutdown_flag) {
crm_info("Ignoring new client [%d] during shutdown", crm_ipcs_client_pid(c));
return -EPERM;
}
new_client = calloc(1, sizeof(cib_client_t));
new_client->ipc = c;
CRM_CHECK(new_client->id == NULL, free(new_client->id));
new_client->id = crm_generate_uuid();
#if ENABLE_ACL
crm_grp = getgrnam(CRM_DAEMON_GROUP);
if (crm_grp) {
qb_ipcs_connection_auth_set(c, -1, crm_grp->gr_gid, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
}
new_client->user = uid2username(uid);
#endif
/* make sure we can find ourselves later for sync calls
* redirected to the master instance
*/
g_hash_table_insert(client_list, new_client->id, new_client);
qb_ipcs_context_set(c, new_client);
return 0;
}