/*
* Execute the job_submit() function in each job submit plugin.
* If any plugin function returns anything other than SLURM_SUCCESS
* then stop and forward it's return value.
* IN job_desc - Job request specification
* IN submit_uid - User issuing job submit request
* OUT err_msg - Custom error message to the user, caller to xfree results
*/
extern int job_submit_plugin_submit(struct job_descriptor *job_desc,
uint32_t submit_uid, char **err_msg)
{
DEF_TIMERS;
int i, rc;
xassert(verify_lock(CONF_LOCK, READ_LOCK));
xassert(verify_lock(JOB_LOCK, READ_LOCK));
xassert(verify_lock(NODE_LOCK, READ_LOCK));
xassert(verify_lock(PART_LOCK, READ_LOCK));
START_TIMER;
rc = job_submit_plugin_init();
slurm_mutex_lock(&g_context_lock);
/* NOTE: On function entry read locks are set on config, job, node and
* partition structures. Do not attempt to unlock them and then
* lock again (say with a write lock) since doing so will trigger
* a deadlock with the g_context_lock above. */
for (i = 0; ((i < g_context_cnt) && (rc == SLURM_SUCCESS)); i++)
rc = (*(ops[i].submit))(job_desc, submit_uid, err_msg);
slurm_mutex_unlock(&g_context_lock);
END_TIMER2("job_submit_plugin_submit");
return rc;
}
/* This implements the svn_fs_get_locks_callback_t interface, where
BATON is just an svn_fs_t object. */
static svn_error_t *
get_locks_callback(void *baton,
svn_lock_t *lock,
apr_pool_t *pool)
{
return verify_lock(baton, lock, pool);
}
const crypto::key::Asymmetric& Nym::get_public_sign_key(
const T& lock,
proto::AsymmetricKeyType keytype) const
{
OT_ASSERT(!m_mapCredentialSets.empty());
OT_ASSERT(verify_lock(lock));
const CredentialSet* pCredential = nullptr;
for (const auto& it : m_mapCredentialSets) {
// Todo: If we have some criteria, such as which master or
// child credential
// is currently being employed by the user, we'll use that here to
// skip
// through this loop until we find the right one. Until then, I'm
// just
// going to return the first one that's valid (not null).
pCredential = it.second;
if (nullptr != pCredential) break;
}
if (nullptr == pCredential) OT_FAIL;
return pCredential->GetPublicSignKey(
keytype,
&m_listRevokedIDs); // success
}
/*
* Execute the job_modify() function in each job submit plugin.
* If any plugin function returns anything other than SLURM_SUCCESS
* then stop and forward it's return value.
*/
extern int job_submit_plugin_modify(struct job_descriptor *job_desc,
struct job_record *job_ptr,
uint32_t submit_uid)
{
DEF_TIMERS;
int i, rc;
xassert(verify_lock(CONF_LOCK, READ_LOCK));
xassert(verify_lock(JOB_LOCK, READ_LOCK));
xassert(verify_lock(NODE_LOCK, READ_LOCK));
xassert(verify_lock(PART_LOCK, READ_LOCK));
START_TIMER;
rc = job_submit_plugin_init();
slurm_mutex_lock(&g_context_lock);
for (i = 0; ((i < g_context_cnt) && (rc == SLURM_SUCCESS)); i++)
rc = (*(ops[i].modify))(job_desc, job_ptr, submit_uid);
slurm_mutex_unlock(&g_context_lock);
END_TIMER2("job_submit_plugin_modify");
return rc;
}
bool Nym::load_credential_index(
const eLock& lock,
const serializedCredentialIndex& index)
{
if (!proto::Validate<proto::CredentialIndex>(index, VERBOSE)) {
otErr << __FUNCTION__ << ": Unable to load invalid serialized"
<< " credential index." << std::endl;
return false;
}
OT_ASSERT(verify_lock(lock));
const auto nymID = Identifier::Factory(index.nymid());
if (m_nymID != nymID) { return false; }
version_ = index.version();
index_ = index.index();
revision_.store(index.revision());
mode_ = index.mode();
source_ = std::make_shared<NymIDSource>(api_.Factory(), index.source());
proto::KeyMode mode = (proto::CREDINDEX_PRIVATE == mode_)
? proto::KEYMODE_PRIVATE
: proto::KEYMODE_PUBLIC;
contact_data_.reset();
m_mapCredentialSets.clear();
for (auto& it : index.activecredentials()) {
CredentialSet* newSet = new CredentialSet(api_, mode, it);
if (nullptr != newSet) {
m_mapCredentialSets.emplace(
std::make_pair(newSet->GetMasterCredID(), newSet));
}
}
m_mapRevokedSets.clear();
for (auto& it : index.revokedcredentials()) {
CredentialSet* newSet = new CredentialSet(api_, mode, it);
if (nullptr != newSet) {
m_mapRevokedSets.emplace(
std::make_pair(newSet->GetMasterCredID(), newSet));
}
}
return true;
}
void Nym::revoke_verification_credentials(const eLock& lock)
{
OT_ASSERT(verify_lock(lock));
std::list<std::string> revokedIDs;
for (auto& it : m_mapCredentialSets) {
if (nullptr != it.second) {
it.second->RevokeVerificationCredentials(revokedIDs);
}
}
for (auto& it : revokedIDs) { m_listRevokedIDs.push_back(it); }
}
bool Nym::update_nym(const eLock& lock, const std::int32_t version)
{
OT_ASSERT(verify_lock(lock));
if (verify_pseudonym(lock)) {
// Upgrade version
if (version > version_) { version_ = version; }
++revision_;
return true;
}
return false;
}
bool Nym::has_capability(const eLock& lock, const NymCapability& capability)
const
{
OT_ASSERT(verify_lock(lock));
for (auto& it : m_mapCredentialSets) {
OT_ASSERT(nullptr != it.second);
if (nullptr != it.second) {
const CredentialSet& credSet = *it.second;
if (credSet.hasCapability(capability)) { return true; }
}
}
return false;
}
void Nym::clear_credentials(const eLock& lock)
{
OT_ASSERT(verify_lock(lock));
m_listRevokedIDs.clear();
while (!m_mapCredentialSets.empty()) {
CredentialSet* pCredential = m_mapCredentialSets.begin()->second;
m_mapCredentialSets.erase(m_mapCredentialSets.begin());
delete pCredential;
pCredential = nullptr;
}
while (!m_mapRevokedSets.empty()) {
CredentialSet* pCredential = m_mapRevokedSets.begin()->second;
m_mapRevokedSets.erase(m_mapRevokedSets.begin());
delete pCredential;
pCredential = nullptr;
}
}
bool Nym::add_verification_credential(
const eLock& lock,
const proto::VerificationSet& data)
{
OT_ASSERT(verify_lock(lock));
bool added = false;
for (auto& it : m_mapCredentialSets) {
if (nullptr != it.second) {
if (it.second->hasCapability(NymCapability::SIGN_CHILDCRED)) {
added = it.second->AddVerificationCredential(data);
break;
}
}
}
return added;
}
/* The main routine for lock enforcement, used throughout libsvn_fs_base. */
svn_error_t *
svn_fs_base__allow_locked_operation(const char *path,
svn_boolean_t recurse,
trail_t *trail,
apr_pool_t *pool)
{
if (recurse)
{
/* Discover all locks at or below the path. */
SVN_ERR(svn_fs_bdb__locks_get(trail->fs, path, get_locks_callback,
trail->fs, trail, pool));
}
else
{
svn_lock_t *lock;
/* Discover any lock attached to the path. */
SVN_ERR(svn_fs_base__get_lock_helper(&lock, path, trail, pool));
if (lock)
SVN_ERR(verify_lock(trail->fs, lock, pool));
}
return SVN_NO_ERROR;
}
void Nym::init_claims(const eLock& lock) const
{
OT_ASSERT(verify_lock(lock));
const auto nymID{m_nymID->str()};
// const std::string nymID = String::Factory(m_nymID)->Get();
contact_data_.reset(new class ContactData(
nymID,
NYM_CONTACT_DATA_VERSION,
NYM_CONTACT_DATA_VERSION,
ContactData::SectionMap()));
OT_ASSERT(contact_data_);
std::unique_ptr<proto::ContactData> serialized{nullptr};
for (auto& it : m_mapCredentialSets) {
OT_ASSERT(nullptr != it.second);
const auto& credSet = *it.second;
credSet.GetContactData(serialized);
if (serialized) {
OT_ASSERT(
proto::Validate(*serialized, VERBOSE, proto::CLAIMS_NORMAL));
class ContactData claimCred(
nymID, NYM_CONTACT_DATA_VERSION, *serialized);
contact_data_.reset(
new class ContactData(*contact_data_ + claimCred));
serialized.reset();
}
}
OT_ASSERT(contact_data_)
}
bool Nym::set_contact_data(const eLock& lock, const proto::ContactData& data)
{
OT_ASSERT(verify_lock(lock));
auto version = proto::NymRequiredVersion(data.version(), version_);
if (!version || version > NYM_UPGRADE_VERSION) {
otErr << OT_METHOD << __FUNCTION__
<< ": Contact data version not supported by this nym."
<< std::endl;
return false;
}
if (false == has_capability(lock, NymCapability::SIGN_CHILDCRED)) {
otErr << OT_METHOD << __FUNCTION__ << ": This nym can not be modified."
<< std::endl;
return false;
}
if (false == proto::Validate(data, VERBOSE, false)) {
otErr << OT_METHOD << __FUNCTION__ << ": Invalid contact data."
<< std::endl;
return false;
}
revoke_contact_credentials(lock);
if (add_contact_credential(lock, data)) {
return update_nym(lock, version);
}
return false;
}
static struct ref_lock *lock_ref_sha1_basic(const char *ref, const unsigned char *old_sha1, int flags, int *type_p)
{
char *ref_file;
const char *orig_ref = ref;
struct ref_lock *lock;
int last_errno = 0;
int type, lflags;
int mustexist = (old_sha1 && !is_null_sha1(old_sha1));
int missing = 0;
lock = xcalloc(1, sizeof(struct ref_lock));
lock->lock_fd = -1;
ref = resolve_ref(ref, lock->old_sha1, mustexist, &type);
if (!ref && errno == EISDIR) {
/* we are trying to lock foo but we used to
* have foo/bar which now does not exist;
* it is normal for the empty directory 'foo'
* to remain.
*/
ref_file = git_path("%s", orig_ref);
if (remove_empty_directories(ref_file)) {
last_errno = errno;
error("there are still refs under '%s'", orig_ref);
goto error_return;
}
ref = resolve_ref(orig_ref, lock->old_sha1, mustexist, &type);
}
if (type_p)
*type_p = type;
if (!ref) {
last_errno = errno;
error("unable to resolve reference %s: %s",
orig_ref, strerror(errno));
goto error_return;
}
missing = is_null_sha1(lock->old_sha1);
/* When the ref did not exist and we are creating it,
* make sure there is no existing ref that is packed
* whose name begins with our refname, nor a ref whose
* name is a proper prefix of our refname.
*/
if (missing &&
!is_refname_available(ref, NULL, get_packed_refs(NULL), 0)) {
last_errno = ENOTDIR;
goto error_return;
}
lock->lk = xcalloc(1, sizeof(struct lock_file));
lflags = LOCK_DIE_ON_ERROR;
if (flags & REF_NODEREF) {
ref = orig_ref;
lflags |= LOCK_NODEREF;
}
lock->ref_name = xstrdup(ref);
lock->orig_ref_name = xstrdup(orig_ref);
ref_file = git_path("%s", ref);
if (missing)
lock->force_write = 1;
if ((flags & REF_NODEREF) && (type & REF_ISSYMREF))
lock->force_write = 1;
if (safe_create_leading_directories(ref_file)) {
last_errno = errno;
error("unable to create directory for %s", ref_file);
goto error_return;
}
lock->lock_fd = hold_lock_file_for_update(lock->lk, ref_file, lflags);
return old_sha1 ? verify_lock(lock, old_sha1, mustexist) : lock;
error_return:
unlock_ref(lock);
errno = last_errno;
return NULL;
}
