bool
VirshType::killVMFast(const char* vmname, virConnectPtr libvirt_con)
{
vmprintf(D_FULLDEBUG, "Inside VirshType::killVMFast\n");
if( !vmname || (vmname[0] == '\0') ) {
return false;
}
priv_state priv = set_root_priv();
virDomainPtr dom = virDomainLookupByName(libvirt_con, vmname);
set_priv(priv);
if(dom == NULL)
{
virErrorPtr err = virConnGetLastError(libvirt_con);
if (err && err->code != VIR_ERR_NO_DOMAIN)
{
vmprintf(D_ALWAYS, "Error finding domain %s: %s\n", vmname, (err ? err->message : "No reason found"));
return false;
}
else
{
return true;
}
}
priv = set_root_priv();
bool ret = (virDomainDestroy(dom) == 0);
virDomainFree(dom);
set_priv(priv);
return ret;
}
bool
VirshType::ResumeFromSoftSuspend(void)
{
vmprintf(D_FULLDEBUG, "Inside VirshType::ResumeFromSoftSuspend\n");
if( (m_configfile.Length() == 0)) {
return false;
}
if( m_is_soft_suspended ) {
priv_state priv = set_root_priv();
virDomainPtr dom = virDomainLookupByName(m_libvirt_connection, m_vm_name.Value());
set_priv(priv);
if(dom == NULL)
{
virErrorPtr err = virConnGetLastError(m_libvirt_connection);
vmprintf(D_ALWAYS, "Error finding domain %s: %s\n", m_vm_name.Value(), (err ? err->message : "No reason found"));
return false;
}
priv = set_root_priv();
int result = virDomainResume(dom);
virDomainFree(dom);
set_priv(priv);
if( result != 0 ) {
// unpause failed.
vmprintf(D_ALWAYS, "Unpausing VM failed in "
"VirshType::ResumeFromSoftSuspend\n");
return false;
}
m_is_soft_suspended = false;
}
return true;
}
void
UserProc::store_core()
{
int core_size;
char *virtual_working_dir = NULL;
MyString new_name;
int free_disk;
priv_state priv;
if( !core_created ) {
dprintf( D_FAILURE|D_ALWAYS, "No core file to send - probably ran out of disk\n");
return;
}
if ( core_name == NULL ) {
EXCEPT( "UserProc::store_core() asked to store unnamed core file that we knew existed!" );
}
priv = set_root_priv();
core_size = physical_file_size( core_name );
set_priv(priv);
if( coredump_limit_exists ) {
if( core_size > coredump_limit ) {
dprintf( D_ALWAYS, "Core file size exceeds user defined limit\n" );
dprintf( D_ALWAYS, "*NOT* sending core file.\n" );
return;
}
}
if( REMOTE_CONDOR_getwd_special(virtual_working_dir) < 0 ) {
EXCEPT( "REMOTE_CONDOR_getwd_special(virtual_working_dir = %s)",
(virtual_working_dir != NULL)?virtual_working_dir:"(null)");
}
free_disk = REMOTE_CONDOR_free_fs_blocks( virtual_working_dir);
if( free_disk < 0 ) {
EXCEPT( "REMOTE_CONDOR_free_fs_blocks(virtual_working_dir = %s)",
(virtual_working_dir != NULL)?virtual_working_dir:"(null)");
}
dprintf( D_ALWAYS, "Core file size is %d kbytes\n", core_size );
dprintf( D_ALWAYS, "Free disk on submitting machine is %d kbytes\n",
free_disk );
if( free_disk > core_size ) {
new_name.formatstr( "%s/core.%d.%d", virtual_working_dir, cluster, proc);
dprintf( D_ALWAYS, "Transferring core file to \"%s\"\n", new_name.Value() );
priv = set_root_priv();
send_a_file( core_name, new_name.Value(), REGULAR_FILE_MODE );
set_priv(priv);
core_transferred = TRUE;
} else {
dprintf( D_ALWAYS, "*NOT* Transferring core file\n" );
core_transferred = FALSE;
}
free( virtual_working_dir );
}
void
VMGahp::killAllProcess()
{
if( !m_jobAd ) {
// Virtual machine is absolutely not created.
return;
}
#if defined (HAVE_EXT_LIBVIRT) && !defined(VMWARE_ONLY)
if( strcasecmp(m_gahp_config->m_vm_type.Value(),
CONDOR_VM_UNIVERSE_XEN ) == 0 ) {
priv_state priv = set_root_priv();
if( m_jobAd && XenType::checkXenParams(m_gahp_config) ) {
MyString vmname;
if( VMType::createVMName(m_jobAd, vmname) ) {
XenType::killVMFast(vmname.Value());
vmprintf( D_FULLDEBUG, "killVMFast is called\n");
}
}
set_priv(priv);
} else if(strcasecmp(m_gahp_config->m_vm_type.Value(),
CONDOR_VM_UNIVERSE_KVM ) == 0 ) {
priv_state priv = set_root_priv();
if( m_jobAd && KVMType::checkXenParams(m_gahp_config) ) {
MyString vmname;
if( VMType::createVMName(m_jobAd, vmname) ) {
KVMType::killVMFast(vmname.Value());
vmprintf( D_FULLDEBUG, "killVMFast is called\n");
}
}
set_priv(priv);
} else
#endif
if( strcasecmp(m_gahp_config->m_vm_type.Value(),
CONDOR_VM_UNIVERSE_VMWARE ) == 0 ) {
priv_state priv = set_user_priv();
if( VMwareType::checkVMwareParams(m_gahp_config) ) {
VMwareType::killVMFast(m_gahp_config->m_prog_for_script.Value(),
m_gahp_config->m_vm_script.Value(), m_workingdir.Value());
vmprintf( D_FULLDEBUG, "killVMFast is called\n");
}
set_priv(priv);
}
// [PRAGMA] Kill Rocks VM Process
else if( strcasecmp(m_gahp_config->m_vm_type.Value(),
CONDOR_VM_UNIVERSE_VMWARE ) == 0 ) {
priv_state priv = set_user_priv();
if( RocksType::checkRocksParams(m_gahp_config) ) {
RocksType::killVMFast(m_gahp_config->m_prog_for_script.Value(),
m_gahp_config->m_vm_script.Value(), m_workingdir.Value());
vmprintf( D_FULLDEBUG, "killVMFast is called\n");
}
set_priv(priv);
}
}
int BaseShadow::cdToIwd() {
int iRet =0;
#if ! defined(WIN32)
priv_state p = PRIV_UNKNOWN;
if (m_RunAsNobody)
p = set_root_priv();
#endif
if (chdir(iwd.Value()) < 0) {
int chdir_errno = errno;
dprintf(D_ALWAYS, "\n\nPath does not exist.\n"
"He who travels without bounds\n"
"Can't locate data.\n\n" );
MyString hold_reason;
hold_reason.formatstr("Cannot access initial working directory %s: %s",
iwd.Value(), strerror(chdir_errno));
dprintf( D_ALWAYS, "%s\n",hold_reason.Value());
holdJobAndExit(hold_reason.Value(),CONDOR_HOLD_CODE_IwdError,chdir_errno);
iRet = -1;
}
#if ! defined(WIN32)
if ( m_RunAsNobody )
set_priv(p);
#endif
return iRet;
}
void Partition::back(char *script)
{
FILE *fin = NULL;
ArgList args;
MyString line;
priv_state priv;
dprintf(D_ALWAYS, "\t%s %s %ld %s\n",
script,
get_name().Value(),
get_size(),
pkind_xlate(get_pkind()).Value());
args.AppendArg(script);
args.AppendArg(get_name());
args.AppendArg(get_size());
args.AppendArg(pkind_xlate(get_pkind()).Value());
priv = set_root_priv();
fin = my_popen(args, "r", MY_POPEN_OPT_WANT_STDERR);
line.readLine(fin); // read back OK or NOT_OK, XXX ignore
my_pclose(fin);
set_priv(priv);
// we don't know it is backed until the
// STARTD_FACTORY_SCRIPT_AVAILABLE_PARTITIONS
// tells us it is actually backed. This prevents overcommit of a
// partition to multiple startds.
set_pstate(ASSIGNED);
}
int
SaveCredentialList() {
priv_state priv = set_root_priv();
FILE * fp = safe_fopen_wrapper(cred_index_file, "w");
if (!fp) {
set_priv (priv);
dprintf (D_ALWAYS, "Unable to open credential index file %s!\n", cred_index_file);
return FALSE;
}
classad::ClassAdXMLUnParser unparser;
CredentialWrapper * pCred = NULL;
// Clear the old list
credentials.Rewind();
while (credentials.Next(pCred)) {
const classad::ClassAd * pclassad = pCred->cred->GetMetadata();
classad::ClassAd temp_classad(*pclassad); // lame
std::string buff;
unparser.Unparse (buff, &temp_classad);
fprintf (fp, "%s\n", buff.c_str());
}
fclose (fp);
set_priv (priv);
return TRUE;
}
void PartitionManager::query_available_partitions(char *script)
{
FILE *fin = NULL;
ArgList args;
priv_state priv;
/* load a description of the available partitions which could be
backed, booted, or generatable. */
dprintf(D_ALWAYS, "Finding available partitions with: %s\n", script);
args.AppendArg(script);
priv = set_root_priv();
fin = my_popen(args, "r", TRUE);
if (fin == NULL) {
EXCEPT("Can't execute %s", script);
}
read_partitions(fin);
my_pclose(fin);
set_priv(priv);
}
int
LoadData (const char * file_name, void *& data, int & data_size) {
priv_state priv = set_root_priv();
int fd = safe_open_wrapper_follow(file_name, O_RDONLY);
if (fd == -1) {
fprintf (stderr, "Can't open %s\n", file_name);
set_priv (priv);
return FALSE;
}
char buff [MAX_CRED_DATA_SIZE+1];
data_size = read (fd, buff, MAX_CRED_DATA_SIZE);
close (fd);
if (data_size <= 0) {
set_priv (priv);
return FALSE;
}
data = malloc (data_size);
memcpy (data, buff, data_size);
set_priv (priv);
return TRUE;
}
// This is a blocking call and must provide a fully booted partition when it
// returns. Otherwise, this partition could be overcommitted given the
// nature of the use of this call.
// script partition_name size kind
void Partition::boot(char *script, PKind pkind)
{
FILE *fin = NULL;
ArgList args;
MyString line;
priv_state priv;
// we're told what kind of partition this is going to be
set_pkind(pkind);
dprintf(D_ALWAYS, "\t%s %s %ld %s\n",
script,
get_name().Value(),
get_size(),
pkind_xlate(get_pkind()).Value());
args.AppendArg(script);
args.AppendArg(get_name());
args.AppendArg(get_size());
args.AppendArg(pkind_xlate(get_pkind()).Value());
priv = set_root_priv();
fin = my_popen(args, "r", MY_POPEN_OPT_WANT_STDERR);
line.readLine(fin); // read back OK or NOT_OK, XXX ignore
my_pclose(fin);
set_priv(priv);
// Now that the script is done, mark it booted.
set_pstate(BOOTED);
}
bool
BaseLinuxHibernator::writeSysFile ( const char *file, const char *str ) const
{
// Write to the "/sys or /proc" file(s)
dprintf( D_FULLDEBUG,
"LinuxHibernator: Writing '%s' to '%s'\n", str, file );
priv_state p = set_root_priv( );
int fd = safe_open_wrapper_follow( file, O_WRONLY );
set_priv( p );
if ( fd < 0 ) {
dprintf( D_ALWAYS,
"LinuxHibernator: Error writing '%s' to '%s': %s\n",
str, file, strerror(errno) );
return false;
}
int len = strlen(str);
if ( write( fd, str, len ) != len ) {
close( fd );
dprintf( D_ALWAYS,
"LinuxHibernator: Error writing '%s' to '%s': %s\n",
str, file, strerror(errno) );
return false;
}
close( fd );
return true;
}
bool
XenType::killVMFast(const char* vmname)
{
vmprintf(D_FULLDEBUG, "Inside XenType::killVMFast\n");
priv_state priv = set_root_priv();
virConnectPtr libvirt_connection = virConnectOpen("xen:///");
set_priv(priv);
return VirshType::killVMFast(vmname, libvirt_connection);
}
int
LoadCredentialList () {
CredentialWrapper * pCred;
// Clear the old list
if (!credentials.IsEmpty()) {
credentials.Rewind();
while (credentials.Next(pCred)) {
credentials.DeleteCurrent();
delete pCred;
}
}
credentials.Rewind();
classad::ClassAdXMLParser parser;
char buff[50000];
priv_state priv = set_root_priv();
FILE * fp = safe_fopen_wrapper(cred_index_file, "r");
if (!fp) {
dprintf (D_FULLDEBUG, "Credential database %s does not exist!\n", cred_index_file);
set_priv (priv);
return TRUE;
}
while (fgets(buff, 50000, fp)) {
if ((buff[0] == '\n') || (buff[0] == '\r')) {
continue;
}
classad::ClassAd * classad = parser.ParseClassAd (buff);
int type=0;
if ((!classad) || (!classad->EvaluateAttrInt ("Type", type))) {
dprintf (D_ALWAYS, "Invalid classad %s\n", buff);
set_priv (priv);
fclose (fp);
return FALSE;
}
if (type == X509_CREDENTIAL_TYPE) {
pCred = new X509CredentialWrapper (*classad);
credentials.Append (pCred);
}
else {
dprintf (D_ALWAYS, "Invalid type %d\n",type);
}
}
fclose (fp);
set_priv (priv);
return TRUE;
}
bool
SharedPortEndpoint::RemoveSocket( char const *fname )
{
priv_state orig_state = set_root_priv();
int unlink_rc = remove( fname );
set_priv( orig_state );
return unlink_rc == 0;
}
// helper method to determine whether the given execute directory
// is root-squashed. this function assumes that the given directory
// is owned and writable by condor, and that our real UID is 0. it
// returns true if we can verify that root squash is NOT in effect,
// false if not (i.e. false is returned if we detemine root squash
// is in effect or we hit an error)
//
static bool
not_root_squashed( char const *exec_path )
{
MyString test_dir;
test_dir.formatstr("%s/.root_squash_test", exec_path);
if (rmdir(test_dir.Value()) == -1) {
if (errno != ENOENT) {
dprintf(D_FULLDEBUG,
"not_root_squashed: rmdir of %s failed: %s\n",
test_dir.Value(),
strerror(errno));
return false;
}
}
priv_state priv = set_root_priv();
int rv = mkdir(test_dir.Value(), 0755);
set_priv(priv);
if (rv == -1) {
if (errno == EACCES) {
dprintf(D_FULLDEBUG,
"execute directory %s root-squashed\n",
exec_path);
}
else {
dprintf(D_FULLDEBUG,
"not_root_squashed: mkdir of %s failed: %s\n",
test_dir.Value(),
strerror(errno));
}
return false;
}
struct stat st;
if (stat(test_dir.Value(), &st) == -1) {
dprintf(D_FULLDEBUG,
"not_root_squashed: stat of %s failed: %s\n",
test_dir.Value(),
strerror(errno));
return false;
}
if (rmdir(test_dir.Value()) == -1) {
dprintf(D_FULLDEBUG,
"rmdir of %s failed: %s\n",
test_dir.Value(),
strerror(errno));
return false;
}
bool not_squashed = (st.st_uid == 0);
dprintf(D_FULLDEBUG,
"execute directory %s %s root-squashed\n",
exec_path,
not_squashed ? "not" : "");
return not_squashed;
}
void
VMUniverseMgr::killVM(const char *matchstring)
{
if ( !matchstring ) {
return;
}
if( !m_vm_type.Length() || !m_vmgahp_server.Length() ) {
return;
}
// vmgahp is daemonCore, so we need to add -f -t options of daemonCore.
// Then, try to execute vmgahp with
// vmtype <vmtype> match <string>"
ArgList systemcmd;
systemcmd.AppendArg(m_vmgahp_server);
systemcmd.AppendArg("-f");
char *gahp_log_file = param("VM_GAHP_LOG");
if( gahp_log_file ) {
free(gahp_log_file);
}else {
systemcmd.AppendArg("-t");
}
systemcmd.AppendArg("-M");
systemcmd.AppendArg(VMGAHP_KILL_MODE);
systemcmd.AppendArg("vmtype");
systemcmd.AppendArg(m_vm_type);
systemcmd.AppendArg("match");
systemcmd.AppendArg(matchstring);
#if !defined(WIN32)
if( can_switch_ids() ) {
MyString tmp_str;
tmp_str.formatstr("%d", (int)get_condor_uid());
SetEnv("VMGAHP_USER_UID", tmp_str.Value());
}
#endif
// execute vmgahp with root privilege
priv_state priv = set_root_priv();
int ret = my_system(systemcmd);
// restore privilege
set_priv(priv);
if( ret == 0 ) {
dprintf( D_ALWAYS, "VMUniverseMgr::killVM() is called with "
"'%s'\n", matchstring );
}else {
dprintf( D_ALWAYS, "VMUniverseMgr::killVM() failed!\n");
}
return;
}
bool
SharedPortEndpoint::ChownSocket(priv_state priv)
{
#ifndef HAVE_SHARED_PORT
return false;
#elif WIN32
return false;
#elif HAVE_SCM_RIGHTS_PASSFD
if( !can_switch_ids() ) {
return true;
}
switch( priv ) {
case PRIV_ROOT:
case PRIV_CONDOR:
case PRIV_CONDOR_FINAL:
case PRIV_UNKNOWN:
// Nothing needs to be done in this case, because the named
// socket was created with condor ownership (we assume).
return true;
case PRIV_FILE_OWNER:
case _priv_state_threshold:
// these don't really make sense, but include them so
// the compiler can warn about priv states not covered
return true;
case PRIV_USER:
case PRIV_USER_FINAL:
{
priv_state orig_priv = set_root_priv();
int rc = fchown( m_listener_sock.get_file_desc(),get_user_uid(),get_user_gid() );
if( rc != 0 ) {
dprintf(D_ALWAYS,"SharedPortEndpoint: failed to chown %s to %d:%d: %s.\n",
m_full_name.Value(),
get_user_uid(),
get_user_gid(),
strerror(errno));
}
set_priv( orig_priv );
return rc == 0;
}
}
EXCEPT("Unexpected priv state in SharedPortEndpoint(%d)",(int)priv);
return false;
#else
#error HAVE_SHARED_PORT is defined, but no method for passing fds is enabled.
#endif
}
bool
VirshType::Resume()
{
vmprintf(D_FULLDEBUG, "Inside VirshType::Resume\n");
if((m_configfile.Length() == 0)) {
m_result_msg = VMGAHP_ERR_INTERNAL;
return false;
}
// If a VM is soft suspended, resume it first.
ResumeFromSoftSuspend();
if( getVMStatus() == VM_RUNNING ) {
return true;
}
if( !m_restart_with_ckpt &&
( getVMStatus() != VM_SUSPENDED) ) {
m_result_msg = VMGAHP_ERR_VM_INVALID_OPERATION;
return false;
}
m_restart_with_ckpt = false;
m_is_checkpointed = false;
if( check_vm_read_access_file(m_suspendfile.Value(), true) == false ) {
m_result_msg = VMGAHP_ERR_VM_INVALID_SUSPEND_FILE;
return false;
}
priv_state priv = set_root_priv();
int result = virDomainRestore(m_libvirt_connection, m_suspendfile.Value());
set_priv(priv);
if( result != 0 ) {
// Read error output
// char *temp = cmd_out.print_to_delimed_string("/");
// m_result_msg = temp;
// free( temp );
return false;
}
setVMStatus(VM_RUNNING);
m_cpu_time = 0;
// Delete suspend file
unlink(m_suspendfile.Value());
m_suspendfile = "";
return true;
}
void WorkloadManager::query_workloads(char *script)
{
FILE *fin = NULL;
int idx;
ClassAd *ad = NULL;
int eof, error, empty;
const char *classad_delimitor = "---\n";
ArgList args;
priv_state priv;
dprintf(D_ALWAYS, "Querying workloads with: %s\n", script);
args.AppendArg(script);
priv = set_root_priv();
fin = my_popen(args, "r", TRUE);
if (fin == NULL) {
EXCEPT("Can't execute %s\n", script);
}
// wipe out whatever was there initially.
for (idx = 0; idx < m_wklds.getsize(); idx++)
{
ad = m_wklds[idx].detach();
delete ad;
}
m_wklds.truncate(0);
// read a series of classads which represent the workloads this daemon
// must try to allocate/deallocate partitions to match.
idx = 0;
ad = new ClassAd(fin,classad_delimitor,eof,error,empty);
while(!empty)
{
m_wklds[idx].attach(ad);
// get ready for the next one.
idx++;
ad = new ClassAd(fin,classad_delimitor,eof,error,empty);
}
// The last ad is empty, doesn't get recorded anywhere, and is deleted.
delete(ad);
my_pclose(fin);
set_priv(priv);
}
int
handle_shutdown_program( int cmd, Stream* stream )
{
if ( cmd != SET_SHUTDOWN_PROGRAM ) {
EXCEPT( "Unknown command (%d) in handle_shutdown_program", cmd );
}
char *name = NULL;
stream->decode();
if( ! stream->code(name) ) {
dprintf( D_ALWAYS, "Can't read program name\n" );
if ( name ) {
free( name );
}
return FALSE;
}
// Can we find it in the configuration?
MyString pname;
pname = "master_shutdown_";
pname += name;
char *path = param( pname.Value() );
if ( NULL == path ) {
dprintf( D_ALWAYS, "No shutdown program defined for '%s'\n", name );
return FALSE;
}
// Try to access() it
# if defined(HAVE_ACCESS)
priv_state priv = set_root_priv();
int status = access( path, X_OK );
if ( status ) {
dprintf( D_ALWAYS,
"WARNING: no execute access to shutdown program (%s)"
": %d/%s\n", path, errno, strerror(errno) );
}
set_priv( priv );
# endif
// OK, let's run with that
if ( shutdown_program ) {
free( shutdown_program );
}
shutdown_program = path;
dprintf( D_ALWAYS,
"Shutdown program path set to %s\n", shutdown_program );
return TRUE;
}
int bindWithin( const int fd, const int lowPort, const int highPort ) {
int pid = (int)getpid();
int range = highPort - lowPort + 1;
int initialPort = lowPort + (pid * 173 % range);
condor_sockaddr initializedSA;
int rv = condor_getsockname( fd, initializedSA );
if( rv != 0 ) {
dprintf( D_ALWAYS, "_condor_local_bind::bindWithin() - getsockname() failed.\n" );
return FALSE;
}
initializedSA.set_addr_any();
int trialPort = initialPort;
do {
condor_sockaddr trialSA = initializedSA;
trialSA.set_port( trialPort++ );
#ifndef WIN32
priv_state oldPriv = PRIV_UNKNOWN;
if( trialPort <= 1024 ) {
// use root priv for the call to bind to allow privileged ports
oldPriv = set_root_priv();
}
#endif
rv = bind( fd, trialSA.to_sockaddr(), trialSA.get_socklen() );
#ifndef WIN32
if( trialPort <= 1024 ) {
set_priv( oldPriv );
}
#endif
if( rv == 0 ) {
dprintf( D_NETWORK, "_condor_local_bind::bindWithin(): bound to %d\n", trialPort - 1 );
return TRUE;
} else {
dprintf( D_NETWORK, "_condor_local_bind::bindWithin(): failed to bind to %d (%s)\n", trialPort - 1, strerror(errno) );
}
if( trialPort > highPort ) { trialPort = lowPort; }
} while( trialPort != initialPort );
dprintf( D_ALWAYS, "_condor_local_bind::bindWithin() - failed to bind any port within (%d ~ %d)\n", lowPort, highPort );
return FALSE;
}
void VirshType::Connect()
{
priv_state priv = set_root_priv();
if ( m_libvirt_connection )
{
virConnectClose( m_libvirt_connection );
}
m_libvirt_connection = virConnectOpen( m_sessionID.c_str() );
set_priv(priv);
if( m_libvirt_connection == NULL )
{
virErrorPtr err = virGetLastError();
EXCEPT("Failed to create libvirt connection: %s", (err ? err->message : "No reason found"));
}
}
XInterface::XInterface(int id)
{
char *tmp;
_daemon_core_timer = id;
logged_on_users = 0;
_display_name = NULL;
// disable bump check by setting move delta to 0
_small_move_delta = 0;
_bump_check_after_idle_time_sec = 15*60;
// We may need access to other user's home directories, so we must run
// as root.
set_root_priv();
if( geteuid() != 0 ) {
dprintf(D_FULLDEBUG, "NOTE: Daemon can't use Xauthority if not"
" running as root.\n");
}
set_condor_priv();
g_connected = false;
tmp = param( "XAUTHORITY_USERS" );
if(tmp != NULL) {
_xauth_users = new StringList();
_xauth_users->initializeFromString( tmp );
free( tmp );
} else {
_xauth_users = NULL;
}
_display_name = param( "X_CONSOLE_DISPLAY" );
/* If there's no specified display name, we'll use the default... */
if (_display_name == NULL) {
_display_name = strdup(DEFAULT_DISPLAY_NAME);
}
Connect();
}
bool
VirshType::SoftSuspend()
{
vmprintf(D_FULLDEBUG, "Inside VirshType::SoftSuspend\n");
if( (m_configfile.Length() == 0)) {
m_result_msg = VMGAHP_ERR_INTERNAL;
return false;
}
if( m_is_soft_suspended ) {
return true;
}
if( getVMStatus() != VM_RUNNING ) {
m_result_msg = VMGAHP_ERR_VM_INVALID_OPERATION;
return false;
}
priv_state priv = set_root_priv();
virDomainPtr dom = virDomainLookupByName(m_libvirt_connection, m_vm_name.Value());
set_priv(priv);
if(dom == NULL)
{
virErrorPtr err = virConnGetLastError(m_libvirt_connection);
vmprintf(D_ALWAYS, "Error finding domain %s: %s\n", m_vm_name.Value(), (err ? err->message : "No reason found"));
return false;
}
int result = virDomainSuspend(dom);
virDomainFree(dom);
if( result == 0 ) {
// pause succeeds.
m_is_soft_suspended = true;
return true;
}
// Failed to suspend a VM softly.
// Instead of soft suspend, we use hard suspend.
vmprintf(D_ALWAYS, "SoftSuspend failed, so try hard Suspend instead!.\n");
return Suspend();
}
int
StoreData (const char * file_name, const void * data, const int data_size) {
if (!data) {
return FALSE;
}
priv_state priv = set_root_priv();
dprintf (D_FULLDEBUG, "in StoreData(), euid=%d\n", geteuid());
int fd = safe_open_wrapper_follow(file_name, O_WRONLY | O_CREAT | O_TRUNC, 0600 );
if (fd == -1) {
dprintf (D_ALWAYS, "Unable to store in %s\n", file_name);
set_priv(priv);
return FALSE;
}
// Change to user owning the cred (assume init_user_ids() has been called)
if (fchmod (fd, S_IRUSR | S_IWUSR)) {
dprintf(D_ALWAYS, "Failed to fchmod %s to S_IRUSR | S_IWUSR: %s\n",
file_name, strerror(errno));
}
if (fchown (fd, get_user_uid(), get_user_gid())) {
dprintf(D_ALWAYS, "Failed to fchown %s to %d.%d: %s\n",
file_name, get_user_uid(), get_user_gid(), strerror(errno));
}
int written = write (fd, data, data_size);
if (written < data_size) {
dprintf (D_ALWAYS, "Can't write to %s: (%d) \n", file_name, errno);
set_priv(priv);
close(fd);
return FALSE;
}
close (fd);
set_priv(priv);
return TRUE;
}
bool
check_vm_execute_file(const char *file, bool is_root /*false*/)
{
if( (file == NULL) || (file[0] == '\0') ) {
return false;
}
priv_state priv = PRIV_UNKNOWN;
if( is_root ) {
priv = set_root_priv();
}
int ret = access(file, X_OK);
if( is_root ) {
set_priv(priv);
}
if( ret < 0 ) {
vmprintf(D_ALWAYS, "File(%s) can't be executed\n", file);
return false;
}
return true;
}
char* getStoredCredential(const char *username, const char *domain)
{
lsa_mgr lsaMan;
char pw[255];
wchar_t w_fullname[512];
wchar_t *w_pw;
if ( !username || !domain ) {
return NULL;
}
if ( _snwprintf(w_fullname, 254, L"%S@%S", username, domain) < 0 ) {
return NULL;
}
// make sure we're SYSTEM when we do this
priv_state priv = set_root_priv();
w_pw = lsaMan.query(w_fullname);
set_priv(priv);
if ( ! w_pw ) {
dprintf(D_ALWAYS,
"getStoredCredential(): Could not locate credential for user "
"'%s@%s'\n", username, domain);
return NULL;
}
if ( _snprintf(pw, sizeof(pw), "%S", w_pw) < 0 ) {
return NULL;
}
// we don't need the wide char pw anymore, so clean it up
SecureZeroMemory(w_pw, wcslen(w_pw)*sizeof(wchar_t));
delete[](w_pw);
dprintf(D_FULLDEBUG, "Found credential for user '%s@%s'\n",
username, domain );
return strdup(pw);
}
// This is a blocking call and must provide a fully shutdown partition when it
// returns.
// script partition_name
void Partition::shutdown(char *script)
{
FILE *fin = NULL;
ArgList args;
MyString line;
priv_state priv;
dprintf(D_ALWAYS, "\t%s %s\n",
script,
get_name().Value());
args.AppendArg(script);
args.AppendArg(get_name());
priv = set_root_priv();
fin = my_popen(args, "r", MY_POPEN_OPT_WANT_STDERR);
line.readLine(fin); // read back OK or NOT_OK, XXX ignore
my_pclose(fin);
set_priv(priv);
// Now that the script is done, mark it simply generated.
set_pstate(GENERATED);
}
bool
XInterface::TryUser(const char *user)
{
static char env[1024];
static bool need_uninit = false;
passwd *passwd_entry;
passwd_entry = getpwnam(user);
if(passwd_entry == NULL) {
// We couldn't find the current user in the passwd file?
dprintf( D_FULLDEBUG,
"Current user cannot be found in passwd file.\n" );
return false;
} else {
sprintf(env, "XAUTHORITY=%s/.Xauthority", passwd_entry->pw_dir);
if(putenv(env) != 0) {
EXCEPT("Putenv failed!.");
}
}
if ( need_uninit ) {
uninit_user_ids();
need_uninit = false;
}
// passing "root" to init_user_ids is fatal
if (strcmp(user, "root") == 0) {
set_root_priv();
} else {
init_user_ids( user, NULL );
set_user_priv();
need_uninit = true;
}
dprintf( D_FULLDEBUG, "Using %s's .Xauthority: \n", passwd_entry->pw_name );
return true;
}
void
UserProc::handle_termination( int exit_st )
{
/* XXX I wonder what the kernel does if a core file is created such that
the entire path up to the core file is path max, and when you add the
pid, it overshoots the path max... */
MyString corebuf;
struct stat sbuf;
int core_name_type = CORE_NAME_UNKNOWN;
pid_t user_job_pid;
exit_status = exit_st;
exit_status_valid = TRUE;
accumulate_cpu_time();
if( exit_requested && job_class == CONDOR_UNIVERSE_VANILLA ) { // job exited by request
dprintf( D_FAILURE|D_ALWAYS, "Process exited by request\n" );
state = NON_RUNNABLE;
} else if( WIFEXITED(exit_status) ) {
// exited on own accord with some status
dprintf( D_FAILURE|D_ALWAYS,
"Process %d exited with status %d\n", pid, WEXITSTATUS(exit_status)
);
if( WEXITSTATUS(exit_status) == JOB_EXEC_FAILED ) {
dprintf( D_FAILURE|D_ALWAYS,
"EXEC of user process failed, probably insufficient swap\n"
);
state = NON_RUNNABLE;
} else {
state = NORMAL_EXIT;
commit_cpu_time();
}
} else {
dprintf( D_ALWAYS,
"Process %d killed by signal %d\n", pid, WTERMSIG(exit_status)
);
switch( WTERMSIG(exit_status) ) {
case SIGUSR2: // ckpt and vacate exit
dprintf( D_FAILURE|D_ALWAYS, "Process exited for checkpoint\n" );
state = CHECKPOINTING;
commit_cpu_time();
break;
case SIGQUIT: // exited for a checkpoint
dprintf( D_FAILURE|D_ALWAYS, "Process exited for checkpoint\n" );
state = CHECKPOINTING;
/*
For bytestream checkpointing: the only way the process exits
with signal SIGQUIT is if has transferred a checkpoint
successfully.
*/
ckpt_transferred = TRUE;
break;
case SIGUSR1:
case SIGKILL: // exited by request - no ckpt
dprintf( D_FAILURE|D_ALWAYS, "Process exited by request\n" );
state = NON_RUNNABLE;
break;
default: // exited abnormally due to signal
dprintf( D_FAILURE|D_ALWAYS, "Process exited abnormally\n" );
state = ABNORMAL_EXIT;
commit_cpu_time(); // should this be here on ABNORMAL_EXIT ???? -Todd
}
}
user_job_pid = pid;
pid = 0;
// removed some vanilla-specific code here
//
ASSERT(job_class != CONDOR_UNIVERSE_VANILLA);
priv_state priv;
switch( state ) {
case CHECKPOINTING:
core_created = FALSE;
ckpt_transferred = TRUE;
break;
case ABNORMAL_EXIT:
priv = set_root_priv(); // need to be root to access core file
/* figure out the name of the core file, it could be either
"core.pid" which we will try first, or "core". We'll take
the first one we find, and ignore the other one. */
/* the default */
core_name_type = CORE_NAME_UNKNOWN;
/* try the 'core.pid' form first */
corebuf.formatstr( "%s/core.%lu", local_dir,
(unsigned long)user_job_pid);
if (stat(corebuf.Value(), &sbuf) >= 0) {
core_name_type = CORE_NAME_KNOWN;
} else {
/* now try the normal 'core' form */
corebuf.formatstr( "%s/core", local_dir);
if (stat(corebuf.Value(), &sbuf) >= 0) {
core_name_type = CORE_NAME_KNOWN;
}
}
/* If I know a core file name, then set up its retrival */
core_created = FALSE; // assume false if unknown
if (core_name_type == CORE_NAME_KNOWN) {
/* AFAICT, This is where core_name should be set up,
if it had already been setup somehow, then that is a logic
error and I'd need to find out why/where */
if (core_name != NULL) {
EXCEPT( "core_name should have been NULL!" );
}
/* this gets deleted when this objects destructs */
core_name = new char [ corebuf.Length() + 1 ];
if(core_name != NULL) strcpy( core_name,corebuf.Value() );
/* core_is_valid checks to make sure it isn't a symlink and
returns false if it is */
if( core_is_valid(corebuf.Value()) == TRUE) {
dprintf( D_FAILURE|D_ALWAYS,
"A core file was created: %s\n", corebuf.Value());
core_created = TRUE;
} else {
dprintf( D_FULLDEBUG, "No core file was created\n" );
core_created = FALSE;
if (core_name != NULL) {
// remove any incomplete core, or possible symlink
(void)unlink(corebuf.Value());
}
}
}
set_priv(priv);
break;
default:
dprintf( D_FULLDEBUG, "No core file was created\n" );
core_created = FALSE;
break;
}
}
