/* * Execute the job_submit() function in each job submit plugin. * If any plugin function returns anything other than SLURM_SUCCESS * then stop and forward it's return value. * IN job_desc - Job request specification * IN submit_uid - User issuing job submit request * OUT err_msg - Custom error message to the user, caller to xfree results */ extern int job_submit_plugin_submit(struct job_descriptor *job_desc, uint32_t submit_uid, char **err_msg) { DEF_TIMERS; int i, rc; xassert(verify_lock(CONF_LOCK, READ_LOCK)); xassert(verify_lock(JOB_LOCK, READ_LOCK)); xassert(verify_lock(NODE_LOCK, READ_LOCK)); xassert(verify_lock(PART_LOCK, READ_LOCK)); START_TIMER; rc = job_submit_plugin_init(); slurm_mutex_lock(&g_context_lock); /* NOTE: On function entry read locks are set on config, job, node and * partition structures. Do not attempt to unlock them and then * lock again (say with a write lock) since doing so will trigger * a deadlock with the g_context_lock above. */ for (i = 0; ((i < g_context_cnt) && (rc == SLURM_SUCCESS)); i++) rc = (*(ops[i].submit))(job_desc, submit_uid, err_msg); slurm_mutex_unlock(&g_context_lock); END_TIMER2("job_submit_plugin_submit"); return rc; }
/* This implements the svn_fs_get_locks_callback_t interface, where BATON is just an svn_fs_t object. */ static svn_error_t * get_locks_callback(void *baton, svn_lock_t *lock, apr_pool_t *pool) { return verify_lock(baton, lock, pool); }
const crypto::key::Asymmetric& Nym::get_public_sign_key( const T& lock, proto::AsymmetricKeyType keytype) const { OT_ASSERT(!m_mapCredentialSets.empty()); OT_ASSERT(verify_lock(lock)); const CredentialSet* pCredential = nullptr; for (const auto& it : m_mapCredentialSets) { // Todo: If we have some criteria, such as which master or // child credential // is currently being employed by the user, we'll use that here to // skip // through this loop until we find the right one. Until then, I'm // just // going to return the first one that's valid (not null). pCredential = it.second; if (nullptr != pCredential) break; } if (nullptr == pCredential) OT_FAIL; return pCredential->GetPublicSignKey( keytype, &m_listRevokedIDs); // success }
/* * Execute the job_modify() function in each job submit plugin. * If any plugin function returns anything other than SLURM_SUCCESS * then stop and forward it's return value. */ extern int job_submit_plugin_modify(struct job_descriptor *job_desc, struct job_record *job_ptr, uint32_t submit_uid) { DEF_TIMERS; int i, rc; xassert(verify_lock(CONF_LOCK, READ_LOCK)); xassert(verify_lock(JOB_LOCK, READ_LOCK)); xassert(verify_lock(NODE_LOCK, READ_LOCK)); xassert(verify_lock(PART_LOCK, READ_LOCK)); START_TIMER; rc = job_submit_plugin_init(); slurm_mutex_lock(&g_context_lock); for (i = 0; ((i < g_context_cnt) && (rc == SLURM_SUCCESS)); i++) rc = (*(ops[i].modify))(job_desc, job_ptr, submit_uid); slurm_mutex_unlock(&g_context_lock); END_TIMER2("job_submit_plugin_modify"); return rc; }
bool Nym::load_credential_index( const eLock& lock, const serializedCredentialIndex& index) { if (!proto::Validate<proto::CredentialIndex>(index, VERBOSE)) { otErr << __FUNCTION__ << ": Unable to load invalid serialized" << " credential index." << std::endl; return false; } OT_ASSERT(verify_lock(lock)); const auto nymID = Identifier::Factory(index.nymid()); if (m_nymID != nymID) { return false; } version_ = index.version(); index_ = index.index(); revision_.store(index.revision()); mode_ = index.mode(); source_ = std::make_shared<NymIDSource>(api_.Factory(), index.source()); proto::KeyMode mode = (proto::CREDINDEX_PRIVATE == mode_) ? proto::KEYMODE_PRIVATE : proto::KEYMODE_PUBLIC; contact_data_.reset(); m_mapCredentialSets.clear(); for (auto& it : index.activecredentials()) { CredentialSet* newSet = new CredentialSet(api_, mode, it); if (nullptr != newSet) { m_mapCredentialSets.emplace( std::make_pair(newSet->GetMasterCredID(), newSet)); } } m_mapRevokedSets.clear(); for (auto& it : index.revokedcredentials()) { CredentialSet* newSet = new CredentialSet(api_, mode, it); if (nullptr != newSet) { m_mapRevokedSets.emplace( std::make_pair(newSet->GetMasterCredID(), newSet)); } } return true; }
void Nym::revoke_verification_credentials(const eLock& lock) { OT_ASSERT(verify_lock(lock)); std::list<std::string> revokedIDs; for (auto& it : m_mapCredentialSets) { if (nullptr != it.second) { it.second->RevokeVerificationCredentials(revokedIDs); } } for (auto& it : revokedIDs) { m_listRevokedIDs.push_back(it); } }
bool Nym::update_nym(const eLock& lock, const std::int32_t version) { OT_ASSERT(verify_lock(lock)); if (verify_pseudonym(lock)) { // Upgrade version if (version > version_) { version_ = version; } ++revision_; return true; } return false; }
bool Nym::has_capability(const eLock& lock, const NymCapability& capability) const { OT_ASSERT(verify_lock(lock)); for (auto& it : m_mapCredentialSets) { OT_ASSERT(nullptr != it.second); if (nullptr != it.second) { const CredentialSet& credSet = *it.second; if (credSet.hasCapability(capability)) { return true; } } } return false; }
void Nym::clear_credentials(const eLock& lock) { OT_ASSERT(verify_lock(lock)); m_listRevokedIDs.clear(); while (!m_mapCredentialSets.empty()) { CredentialSet* pCredential = m_mapCredentialSets.begin()->second; m_mapCredentialSets.erase(m_mapCredentialSets.begin()); delete pCredential; pCredential = nullptr; } while (!m_mapRevokedSets.empty()) { CredentialSet* pCredential = m_mapRevokedSets.begin()->second; m_mapRevokedSets.erase(m_mapRevokedSets.begin()); delete pCredential; pCredential = nullptr; } }
bool Nym::add_verification_credential( const eLock& lock, const proto::VerificationSet& data) { OT_ASSERT(verify_lock(lock)); bool added = false; for (auto& it : m_mapCredentialSets) { if (nullptr != it.second) { if (it.second->hasCapability(NymCapability::SIGN_CHILDCRED)) { added = it.second->AddVerificationCredential(data); break; } } } return added; }
/* The main routine for lock enforcement, used throughout libsvn_fs_base. */ svn_error_t * svn_fs_base__allow_locked_operation(const char *path, svn_boolean_t recurse, trail_t *trail, apr_pool_t *pool) { if (recurse) { /* Discover all locks at or below the path. */ SVN_ERR(svn_fs_bdb__locks_get(trail->fs, path, get_locks_callback, trail->fs, trail, pool)); } else { svn_lock_t *lock; /* Discover any lock attached to the path. */ SVN_ERR(svn_fs_base__get_lock_helper(&lock, path, trail, pool)); if (lock) SVN_ERR(verify_lock(trail->fs, lock, pool)); } return SVN_NO_ERROR; }
void Nym::init_claims(const eLock& lock) const { OT_ASSERT(verify_lock(lock)); const auto nymID{m_nymID->str()}; // const std::string nymID = String::Factory(m_nymID)->Get(); contact_data_.reset(new class ContactData( nymID, NYM_CONTACT_DATA_VERSION, NYM_CONTACT_DATA_VERSION, ContactData::SectionMap())); OT_ASSERT(contact_data_); std::unique_ptr<proto::ContactData> serialized{nullptr}; for (auto& it : m_mapCredentialSets) { OT_ASSERT(nullptr != it.second); const auto& credSet = *it.second; credSet.GetContactData(serialized); if (serialized) { OT_ASSERT( proto::Validate(*serialized, VERBOSE, proto::CLAIMS_NORMAL)); class ContactData claimCred( nymID, NYM_CONTACT_DATA_VERSION, *serialized); contact_data_.reset( new class ContactData(*contact_data_ + claimCred)); serialized.reset(); } } OT_ASSERT(contact_data_) }
bool Nym::set_contact_data(const eLock& lock, const proto::ContactData& data) { OT_ASSERT(verify_lock(lock)); auto version = proto::NymRequiredVersion(data.version(), version_); if (!version || version > NYM_UPGRADE_VERSION) { otErr << OT_METHOD << __FUNCTION__ << ": Contact data version not supported by this nym." << std::endl; return false; } if (false == has_capability(lock, NymCapability::SIGN_CHILDCRED)) { otErr << OT_METHOD << __FUNCTION__ << ": This nym can not be modified." << std::endl; return false; } if (false == proto::Validate(data, VERBOSE, false)) { otErr << OT_METHOD << __FUNCTION__ << ": Invalid contact data." << std::endl; return false; } revoke_contact_credentials(lock); if (add_contact_credential(lock, data)) { return update_nym(lock, version); } return false; }
static struct ref_lock *lock_ref_sha1_basic(const char *ref, const unsigned char *old_sha1, int flags, int *type_p) { char *ref_file; const char *orig_ref = ref; struct ref_lock *lock; int last_errno = 0; int type, lflags; int mustexist = (old_sha1 && !is_null_sha1(old_sha1)); int missing = 0; lock = xcalloc(1, sizeof(struct ref_lock)); lock->lock_fd = -1; ref = resolve_ref(ref, lock->old_sha1, mustexist, &type); if (!ref && errno == EISDIR) { /* we are trying to lock foo but we used to * have foo/bar which now does not exist; * it is normal for the empty directory 'foo' * to remain. */ ref_file = git_path("%s", orig_ref); if (remove_empty_directories(ref_file)) { last_errno = errno; error("there are still refs under '%s'", orig_ref); goto error_return; } ref = resolve_ref(orig_ref, lock->old_sha1, mustexist, &type); } if (type_p) *type_p = type; if (!ref) { last_errno = errno; error("unable to resolve reference %s: %s", orig_ref, strerror(errno)); goto error_return; } missing = is_null_sha1(lock->old_sha1); /* When the ref did not exist and we are creating it, * make sure there is no existing ref that is packed * whose name begins with our refname, nor a ref whose * name is a proper prefix of our refname. */ if (missing && !is_refname_available(ref, NULL, get_packed_refs(NULL), 0)) { last_errno = ENOTDIR; goto error_return; } lock->lk = xcalloc(1, sizeof(struct lock_file)); lflags = LOCK_DIE_ON_ERROR; if (flags & REF_NODEREF) { ref = orig_ref; lflags |= LOCK_NODEREF; } lock->ref_name = xstrdup(ref); lock->orig_ref_name = xstrdup(orig_ref); ref_file = git_path("%s", ref); if (missing) lock->force_write = 1; if ((flags & REF_NODEREF) && (type & REF_ISSYMREF)) lock->force_write = 1; if (safe_create_leading_directories(ref_file)) { last_errno = errno; error("unable to create directory for %s", ref_file); goto error_return; } lock->lock_fd = hold_lock_file_for_update(lock->lk, ref_file, lflags); return old_sha1 ? verify_lock(lock, old_sha1, mustexist) : lock; error_return: unlock_ref(lock); errno = last_errno; return NULL; }