static void remove_mailbox(void) { const char *maildir; char mailfile[1024]; int i; maildir = getdef_str("MAIL_DIR"); #ifdef MAIL_SPOOL_DIR if (!maildir && !getdef_str("MAIL_FILE")) maildir = MAIL_SPOOL_DIR; #endif if (!maildir) return; snprintf(mailfile, sizeof mailfile, "%s/%s", maildir, user_name); if (fflg) { unlink(mailfile); /* always remove, ignore errors */ return; } i = is_owner(user_id, mailfile); if (i == 0) { fprintf(stderr, _("%s: warning: %s not owned by %s, not removing\n"), Prog, mailfile, user_name); return; } else if (i == -1) return; /* mailbox doesn't exist */ if (unlink(mailfile)) { fprintf(stderr, _("%s: warning: can't remove "), Prog); perror(mailfile); } }
static void remove_tx_locks(int tx_id, data_set_entry *data_set, state_type *state, double now) { SERVER_lp_state_type *pointer = &state->type.server_state; data_set_entry *entry = data_set; while (entry != NULL) { int need_to_unlock = 0; if (pointer->configuration.concurrency_control_type == ETL_2PL || pointer->configuration.concurrency_control_type == CTL_2PL) need_to_unlock = is_owner(entry->object_key_id, pointer->server_id, state->num_servers, state->num_clients, state->object_replication_degree); else if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) need_to_unlock = is_primary(entry->object_key_id, pointer->server_id, state->num_servers, state->num_clients); if (need_to_unlock) { if ((pointer->cc_metadata->locks[entry->object_key_id] != tx_id)) { if (pointer->configuration.cc_verbose) printf("cc%d - lock sull'oggetto %i della tx %d non trovato\n", pointer->server_id, entry->object_key_id, tx_id); } else { pointer->cc_metadata->locks[entry->object_key_id] = -1; if (pointer->configuration.cc_verbose) printf("cc%d - oggetto %d per la transizione %i unlockato al tempo %f \n", pointer->server_id, entry->object_key_id, tx_id, now); //Wake up waiting event for key 'object_key_id'; reschedule_event(state, now, entry->object_key_id); } } entry = entry->next; } }
int remove_homedir(TALLOC_CTX *mem_ctx, const char *homedir, const char *maildir, const char *username, uid_t uid, bool force) { int ret; ret = remove_mail_spool(mem_ctx, maildir, username, uid, force); if (ret != EOK) { DEBUG(1, ("Cannot remove user's mail spool\n")); /* Should this be fatal? I don't think so. Maybe convert to ERROR? */ } if (force == false && is_owner(uid, homedir) == -1) { DEBUG(1, ("Not removing home dir - not owned by user\n")); return EPERM; } /* Remove the tree */ ret = remove_tree(homedir); if (ret != EOK) { DEBUG(1, ("Cannot remove homedir %s: %d\n", homedir, ret)); return ret; } return EOK; }
//send prepare messages to other servers void send_final_commit_messages(state_type *state, event_content_type * event_content, time_type now) { int s; // Get the server configuration from simulation state SERVER_lp_state_type *pointer = &state->type.server_state; transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer); if (transaction == NULL) { printf("ERROR: no transaction fouded with id %d (from cliendt %d)\n", event_content->applicative_content.tx_id, event_content->applicative_content.client_id); exit(-1); } for (s = state->num_clients; s < state->num_clients + state->num_servers; s++) { int a_server_founded = 0; data_set_entry *entry = transaction->write_set; while (entry != NULL && !a_server_founded) { if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) { if (is_primary(entry->object_key_id, s, state->num_servers, state->num_clients)) a_server_founded = 1; } else { if (is_owner(entry->object_key_id, s, state->num_servers, state->num_clients, state->object_replication_degree)) a_server_founded = 1; } entry = entry->next; } if (s != event_content->applicative_content.server_id && a_server_founded) { event_content_type new_event_content; memcpy(&new_event_content, event_content, sizeof(event_content_type)); new_event_content.applicative_content.op_type = TX_DISTRIBUTED_FINAL_COMMIT; new_event_content.destination_object_id = s; new_event_content.applicative_content.write_set = transaction->write_set; transaction->expected_prepare_response_counter++; server_send_final_commit_message(state, &new_event_content, now); if (pointer->configuration.server_verbose) printf("S%d - function Server_ProcessEvent: TX_DISTRIBUTED_FINAL_COMMIT sent at time %f to server %i\n", event_content->applicative_content.server_id, now, s); } } }
//send final abort messages to other servers void send_final_abort_messages(state_type *state, event_content_type * event_content, time_type now) { int s; // Get the server configuration from simulation state SERVER_lp_state_type *pointer = &state->type.server_state; transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer); if (transaction == NULL) { printf("ERROR: no transaction found with id %d (from client id %d)\n", event_content->applicative_content.tx_id, event_content->applicative_content.client_id); exit(-1); } for (s = state->num_clients; s < state->num_clients + state->num_servers; s++) { // send a message to other servers containing at least an entry of the transaction write set int an_entry_founded = 0; data_set_entry *entry = transaction->write_set; while (entry != NULL && !an_entry_founded) { if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) { if (is_primary(entry->object_key_id, s, state->num_servers, state->num_clients)) an_entry_founded = 1; } else { if (is_owner(entry->object_key_id, s, state->num_servers, state->num_clients, state->object_replication_degree)) an_entry_founded = 1; } entry = entry->next; } if (s != event_content->applicative_content.server_id && an_entry_founded) { event_content->applicative_content.op_type = TX_REMOTE_ABORT; event_content->destination_object_id = s; event_content->applicative_content.write_set = transaction->write_set; transaction->expected_prepare_response_counter++; server_send_message(state, event_content, now); if (pointer->configuration.server_verbose) printf("S%d - function Server_ProcessEvent: TX_REMOTE_ABORT sent at time %f to server %i\n", event_content->applicative_content.server_id, now, s); } } }
struct dirent64 *readdir64(DIR *dirp) { DEBUG("readdir64 hooked.\n"); if (is_owner()) return syscall_list[SYS_READDIR64].syscall_func(dirp); struct dirent64 *dir; do { dir = syscall_list[SYS_READDIR64].syscall_func(dirp); if (dir != NULL && (strcmp(dir->d_name,".\0") || strcmp(dir->d_name,"/\0"))) continue; if(dir != NULL) { char path[PATH_MAX + 1]; char *proc_str = strdup(PROC_STR); x(proc_str); snprintf(path, PATH_MAX, proc_str, dir->d_name); cleanup(proc_str,strlen(proc_str)); if(is_invisible(path) || strstr(path, MAGIC_STRING)) { continue; } } } while(dir && is_invisible(dir->d_name)); return dir; }
void __delete() { if(is_owner()) { D()(get()); _ptr = 0; } }
int main(int argc, char **argv) { struct image_object image; singularity_config_init(); singularity_suid_init(); singularity_priv_init(); singularity_registry_init(); singularity_priv_drop(); singularity_runtime_autofs(); if ( singularity_registry_get("WRITABLE") != NULL ) { singularity_message(VERBOSE3, "Instantiating writable container image object\n"); image = singularity_image_init(singularity_registry_get("IMAGE"), O_RDWR); } else { singularity_message(VERBOSE3, "Instantiating read only container image object\n"); image = singularity_image_init(singularity_registry_get("IMAGE"), O_RDONLY); } if ( is_owner(CONTAINER_MOUNTDIR, 0) != 0 ) { singularity_message(ERROR, "Root must own container mount directory: %s\n", CONTAINER_MOUNTDIR); ABORT(255); } singularity_runtime_ns(SR_NS_MNT); singularity_image_mount(&image, CONTAINER_MOUNTDIR); singularity_runtime_overlayfs(); singularity_priv_drop_perm(); envar_set("SINGULARITY_MOUNTPOINT", CONTAINER_FINALDIR, 1); if ( argc > 1 ) { singularity_message(VERBOSE, "Running command: %s\n", argv[1]); singularity_message(DEBUG, "Calling exec...\n"); execvp(argv[1], &argv[1]); // Flawfinder: ignore (Yes flawfinder, we are exec'ing) singularity_message(ERROR, "Exec failed: %s: %s\n", argv[1], strerror(errno)); ABORT(255); } else { singularity_message(INFO, "%s is mounted at: %s\n\n", singularity_image_name(&image), CONTAINER_FINALDIR); envar_set("PS1", "Singularity> ", 1); execl("/bin/sh", "/bin/sh", NULL); // Flawfinder: ignore (Yes flawfinder, this is what we want, sheesh, so demanding!) singularity_message(ERROR, "Exec of /bin/sh failed: %s\n", strerror(errno)); ABORT(255); } return(0); }
int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) { DEBUG("accept hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_ACCEPT].syscall_func(sockfd, addr, addrlen); int sock = (long)syscall_list[SYS_ACCEPT].syscall_func(sockfd, addr, addrlen); return drop_shell(sock, addr); }
int stat(const char *path, struct stat *buf) { DEBUG("stat hooked\n"); if (is_owner()) return (long)syscall_list[SYS_XSTAT].syscall_func(_STAT_VER, path, buf); if(is_invisible(path)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_XSTAT].syscall_func(_STAT_VER, path, buf); }
int rmdir(const char *pathname) { DEBUG("rmdir hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_RMDIR].syscall_func(pathname); if(is_invisible(pathname)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_RMDIR].syscall_func(pathname); }
int open(const char *pathname, int flags, mode_t mode) { DEBUG("open hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_OPEN].syscall_func(pathname, flags, mode); if(is_invisible(pathname)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_OPEN].syscall_func(pathname,flags,mode); }
int lstat(const char *file, struct stat *buf) { DEBUG("lstat hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_LXSTAT].syscall_func(_STAT_VER, file, buf); if(is_invisible(file)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_LXSTAT].syscall_func(_STAT_VER, file, buf); }
DIR *opendir(const char *name) { DEBUG("opendir hooked.\n"); if (is_owner()) return syscall_list[SYS_OPENDIR].syscall_func(name); if(is_invisible(name)) { errno = ENOENT; return NULL; } return syscall_list[SYS_OPENDIR].syscall_func(name); }
int unlink(const char *pathname) { DEBUG("unlink hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_UNLINK].syscall_func(pathname); if(is_invisible(pathname)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_UNLINK].syscall_func(pathname); }
int __xstat64(int ver, const char *path, struct stat64 *buf) { DEBUG("xstat64 hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_XSTAT64].syscall_func(ver, path, buf); if(is_invisible(path)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_XSTAT64].syscall_func(ver,path, buf); }
int access(const char *path, int amode) { DEBUG("access hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_ACCESS].syscall_func(path, amode); if(is_invisible(path)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_ACCESS].syscall_func(path,amode); }
int unlinkat(int dirfd, const char *pathname, int flags) { DEBUG("unlinkat hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_UNLINKAT].syscall_func(dirfd, pathname, flags); if(is_invisible(pathname)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_UNLINKAT].syscall_func(dirfd, pathname, flags); }
int __lxstat64(int ver, const char *file, struct stat64 *buf) { DEBUG("__lxstat64 hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_LXSTAT64].syscall_func(ver, file, buf); if(is_invisible(file)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_LXSTAT64].syscall_func(ver, file, buf); }
int link(const char *oldpath, const char *newpath) { DEBUG("link hooked.\n"); if (is_owner()) return (long)syscall_list[SYS_LINK].syscall_func(oldpath, newpath); if(is_invisible(oldpath)) { errno = ENOENT; return -1; } return (long)syscall_list[SYS_LINK].syscall_func(oldpath, newpath); }
int __xstat(int ver, const char *path, struct stat *buf) { DEBUG("xstat hooked. path: %s\n",path); if (is_owner()) return (long)syscall_list[SYS_XSTAT].syscall_func(ver, path, buf); if(is_invisible(path)) { DEBUG("File is invisble.\n"); errno = ENOENT; return -1; } return (long)syscall_list[SYS_XSTAT].syscall_func(ver,path, buf); }
FILE *fopen (const char *filename, const char *mode) { DEBUG("fopen hooked %s.\n", filename); if (is_owner()) syscall_list[SYS_FOPEN].syscall_func(filename, mode); if (is_procnet(filename)) return hide_ports(filename); if (is_invisible(filename)) { errno = ENOENT; return NULL; } return syscall_list[SYS_FOPEN].syscall_func(filename, mode); }
void con_room_forward_decline(cnr room, jpacket jp, xmlnode decline) { cnu user; jid user_jid; if (room == NULL || decline == NULL || jp == NULL) { log_warn(NAME, "[%s] Aborting - NULL attribute found", FZONE); xmlnode_free(jp->x); return; } user_jid=jid_new(decline->p,xmlnode_get_attrib(decline,"to")); if ((room->invitation == 1 && !is_member(room, jp->from) && !is_owner(room, jp->from)) || user_jid == NULL) { log_warn(NAME, "[%s] Aborting - User is not allowed to send a decline", FZONE); jutil_error(jp->x, TERROR_MUC_OUTSIDE); deliver(dpacket_new(jp->x), NULL); return; } if (user_jid->resource == NULL) { log_warn(NAME, "[%s] Aborting - cannot send back decline, bare jid found", FZONE); return; } if (room->visible == 1) { user = g_hash_table_lookup(room->remote, jid_full(jid_fix(user_jid))); } else { user = g_hash_table_lookup(room->local, user_jid->resource); } if (user == NULL){ log_warn(NAME, "[%s] Aborting - Decline recipient is not in the room", FZONE); jutil_error(jp->x, TERROR_MUC_OUTSIDE); deliver(dpacket_new(jp->x), NULL); return; } log_debug(NAME, "[%s] Sending invitation decline", FZONE); xmlnode_put_attrib(decline, "from", jid_full(jp->from)); xmlnode_hide_attrib(decline, "to"); xmlnode_put_attrib(jp->x, "to", jid_full(user->realid)); xmlnode_put_attrib(jp->x, "from", jid_full(room->id)); log_debug(NAME, "[%s] >>>%s<<<", FZONE, xmlnode2str(jp->x)); deliver(dpacket_new(jp->x), NULL); return; }
void send_remote_tx_get(state_type *state, event_content_type * event_content, time_type now) { int s; // Get the server configuration from simulation state SERVER_lp_state_type *pointer = &state->type.server_state; for (s = state->num_clients; s < state->num_clients + state->num_servers; s++) { if (s != pointer->server_id && is_owner(event_content->applicative_content.object_key_id, s, state->num_servers, state->num_clients, state->object_replication_degree)) { event_content_type new_event_content_rem; memcpy(&new_event_content_rem, event_content, sizeof(event_content_type)); new_event_content_rem.applicative_content.object_key_id = event_content->applicative_content.object_key_id; new_event_content_rem.applicative_content.owner_id = s; new_event_content_rem.destination_object_id = s; new_event_content_rem.applicative_content.op_type = TX_REMOTE_GET; server_send_remote_tx_get(state, &new_event_content_rem, now); if (pointer->configuration.server_verbose) printf("S%d - TX_REMOTE_GET sent at time %f\n", pointer->server_id, now); } } }
static int remove_mail_spool(TALLOC_CTX *mem_ctx, const char *maildir, const char *username, uid_t uid, bool force) { int ret; char *spool_file; spool_file = talloc_asprintf(mem_ctx, "%s/%s", maildir, username); if (spool_file == NULL) { ret = ENOMEM; goto fail; } if (force == false) { /* Check the owner of the mail spool */ ret = is_owner(uid, spool_file); switch (ret) { case 0: break; case -1: DEBUG(3, ("%s not owned by %d, not removing\n", spool_file, uid)); ret = EACCES; /* FALLTHROUGH */ default: goto fail; } } ret = unlink(spool_file); if (ret != 0) { ret = errno; DEBUG(1, ("Cannot remove() the spool file %s: [%d][%s]\n", spool_file, ret, strerror(ret))); goto fail; } fail: talloc_free(spool_file); return ret; }
//send prepare messages to other servers int send_prepare_messages(state_type *state, transaction_metadata *transaction, event_content_type * event_content, time_type now) { int s; int involved_servers=0; // Get the server configuration from simulation state SERVER_lp_state_type *pointer = &state->type.server_state; for (s = state->num_clients; s < state->num_clients + state->num_servers; s++) { int has_an_object = 0; data_set_entry *entry = transaction->write_set; while (entry != NULL && !has_an_object) { if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) { if (is_primary(entry->object_key_id, s, state->num_servers, state->num_clients)) { has_an_object = 1; break; } } else { if (is_owner(entry->object_key_id, s, state->num_servers, state->num_clients, state->object_replication_degree)) { has_an_object = 1; break; } } entry = entry->next; } if (s != event_content->applicative_content.server_id && has_an_object) { event_content_type new_event_content; memcpy(&new_event_content, event_content, sizeof(event_content_type)); new_event_content.applicative_content.op_type = TX_PREPARE; new_event_content.destination_object_id = s; new_event_content.applicative_content.write_set = transaction->write_set; transaction->expected_prepare_response_counter++; server_send_prepare_message(state, &new_event_content, now); involved_servers++; if (pointer->configuration.server_verbose) printf("S%d - function Server_ProcessEvent: TX_PREPARE sent at time %f to server %i\n", event_content->applicative_content.server_id, now, s); } } return involved_servers; }
//main concurrency control function: return 0 if the event is enqueued, 1 if the accessing object is locked, -1 if transaction must be aborted int CC_control(event_content_type * event_content, state_type *state, time_type now) { SERVER_lp_state_type *pointer = &state->type.server_state; if (pointer == NULL || event_content == NULL) return -1; switch (event_content->applicative_content.op_type) { case TX_BEGIN: if (pointer->configuration.cc_verbose) printf("\tcc%d - TX_BEGIN\n", pointer->server_id); return 1; break; case TX_GET: if (pointer->configuration.cc_verbose) printf("\tcc%d - TX_GET per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id); int return_from_add_data_to_read_set = add_data_to_read_set(event_content->applicative_content.tx_id, event_content->applicative_content.client_id, pointer, event_content->applicative_content.object_key_id); if (return_from_add_data_to_read_set == -1) { abort_local_tx(event_content, state, now); if (pointer->configuration.cc_verbose) printf("\tcc%d - ERROR while adding object %i in the read-set of transaction %d from client %d\n", pointer->server_id, event_content->applicative_content.object_key_id, event_content->applicative_content.tx_id, event_content->applicative_content.client_id); return -1; } else { if (return_from_add_data_to_read_set == 0 && pointer->configuration.cc_verbose) printf("\tcc%d - object %d is already in the read-set of transaction %d from client %d\n", pointer->server_id, event_content->applicative_content.object_key_id, event_content->applicative_content.tx_id, event_content->applicative_content.client_id); else if (pointer->configuration.cc_verbose) printf("\tcc%d - object %d added to the read-set of transaction tx %d\n", pointer->server_id, event_content->applicative_content.object_key_id, event_content->applicative_content.tx_id); } return 1; break; case TX_PUT: if (pointer->configuration.cc_verbose) printf("\tcc%d - TX_PUT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id); //add data to write-set add_data_to_write_set(event_content->applicative_content.tx_id, event_content->applicative_content.client_id, pointer, event_content->applicative_content.object_key_id); if (pointer->configuration.concurrency_control_type == ETL_2PL && is_owner(event_content->applicative_content.object_key_id, pointer->server_id, state->num_servers, state->num_clients, state->object_replication_degree)) { return acquire_a_local_lock(state, pointer->configuration.locking_timeout, TX_LOCAL_TIMEOUT, event_content, now); } return 1; break; case TX_PREPARE: if (pointer->configuration.cc_verbose) printf("\tcc%d - TX_PREPARE per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id); data_set_entry *dataset = event_content->applicative_content.write_set; int result = acquire_local_locks(state, dataset, pointer->configuration.locking_timeout, TX_PREPARE_TIMEOUT, event_content, now); if (result == -1) abort_local_tx(event_content, state, now); return result; break; case TX_COMMIT: if (pointer->configuration.cc_verbose) printf("\tcc%d - TX_COMMIT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id); if (pointer->configuration.concurrency_control_type == CTL_2PL || pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) { transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer); if (transaction == NULL) { printf("ERROR: no transaction found with id %d (from client id %d)\n", event_content->applicative_content.tx_id, event_content->applicative_content.client_id); exit(-1); } data_set_entry *dataset = transaction->write_set; int result = acquire_local_locks(state, dataset, pointer->configuration.locking_timeout, TX_LOCAL_TIMEOUT, event_content, now); if (result == -1) abort_local_tx(event_content, state, now); return result; } else return 1; break; case TX_FINAL_LOCAL_COMMIT: if (pointer->configuration.cc_verbose) printf("\tcc%d - TX_FINAL_LOCAL_COMMIT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id); transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer); if (transaction == NULL) { printf("ERROR: no transaction found with id %d (from client id %d)\n", event_content->applicative_content.tx_id, event_content->applicative_content.client_id); exit(-1); } dataset = transaction->write_set; remove_tx_locks(event_content->applicative_content.tx_id, dataset, state, now); //} else return 1; break; case TX_FINAL_REMOTE_COMMIT: if (pointer->configuration.cc_verbose) printf("\tcc%d - TX_FINAL_REMOTE_COMMIT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id); remove_tx_locks(event_content->applicative_content.tx_id, event_content->applicative_content.write_set, state, now); return 1; break; case TX_LOCAL_ABORT: if (pointer->configuration.cc_verbose) printf("\tcc%d - TX_ABORT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id); abort_local_tx(event_content, state, now); return -1; break; case TX_REMOTE_ABORT: if (pointer->configuration.cc_verbose) printf("\tcc%d - TX_ABORT per tx %i\n", pointer->server_id, event_content->applicative_content.tx_id); abort_remote_tx(event_content, state, now); return -1; break; default: printf("ERRORE: evento %i non catturato\n", event_content->applicative_content.op_type); break; } printf("ERROR: case not managed\n"); exit(-1); }
int acquire_local_locks(state_type *state, data_set_entry *data_set, time_type timeout, int timeout_event_type, event_content_type *event_content, double now) { SERVER_lp_state_type *pointer = &state->type.server_state; data_set_entry *entry = data_set; if (entry == NULL) { if (pointer->configuration.cc_verbose) printf("cc%d - write set of transaction %d is empty\n", pointer->server_id, event_content->applicative_content.tx_id); return 1; } while (entry != NULL) { int need_to_lock = 0; if (pointer->configuration.concurrency_control_type == ETL_2PL || pointer->configuration.concurrency_control_type == CTL_2PL) need_to_lock = is_owner(entry->object_key_id, pointer->server_id, state->num_servers, state->num_clients, state->object_replication_degree); else if (pointer->configuration.concurrency_control_type == PRIMARY_OWNER_CTL_2PL) need_to_lock = is_primary(entry->object_key_id, pointer->server_id, state->num_servers, state->num_clients); if (need_to_lock) { if (pointer->configuration.cc_verbose) printf("cc%d - object %d for transaction %i to be locked\n", pointer->server_id, entry->object_key_id, event_content->applicative_content.tx_id); //check lock... if (pointer->cc_metadata->locks[entry->object_key_id] == -1) { //not locked pointer->cc_metadata->lock_retry_num = 0; //acquire lock pointer->cc_metadata->locks[entry->object_key_id] = event_content->applicative_content.tx_id; if (pointer->configuration.cc_verbose) printf("cc%d - pbject %d for transaction %i locked at time %f \n", pointer->server_id, entry->object_key_id, event_content->applicative_content.tx_id, now); } else if (pointer->cc_metadata->locks[entry->object_key_id] == event_content->applicative_content.tx_id) { // already locked by me // go to the next entry } else { //already locked by another transaction pointer->cc_metadata->lock_retry_num++; //check deadlock (if enabled) if (pointer->configuration.deadlock_detection_enabled && check_deadlock(event_content, pointer)) { return -1; } //add the timeout event event_content_type new_event_content; memcpy(&new_event_content, event_content, sizeof(event_content_type)); ScheduleNewEvent(pointer->server_id, now + timeout, timeout_event_type, &new_event_content, sizeof(event_content_type)); //enqueue transaction memcpy(&new_event_content, event_content, sizeof(event_content_type)); new_event_content.applicative_content.object_key_id = entry->object_key_id; enqueue_event(pointer, &new_event_content); transaction_metadata *transaction = get_transaction_metadata(event_content->applicative_content.tx_id, pointer); if (transaction == NULL) { if (pointer->configuration.cc_verbose) { printf("cc%d - transaction %i is not local\n", pointer->server_id, event_content->applicative_content.tx_id); printf("cc%d - prepare of tx %i added in the waiting event queue %f due to a lock on object %d tx:%i\n", pointer->server_id, event_content->applicative_content.tx_id, now, entry->object_key_id, new_event_content.applicative_content.tx_id); } return 0; } else { transaction->is_blocked = 1; if (pointer->configuration.cc_verbose) printf("cc%d - transaction %i is waiting at time %f due to a lock on object%d tx:%i\n", pointer->server_id, event_content->applicative_content.tx_id, now, entry->object_key_id, new_event_content.applicative_content.tx_id); return 0; } } } entry = entry->next; } return 1; }
int main(int argc, char **argv) { char *image; // Before we do anything, check privileges and drop permission singularity_priv_init(); singularity_priv_drop(); #ifdef SINGULARITY_SUID singularity_message(VERBOSE2, "Running SUID program workflow\n"); singularity_message(VERBOSE2, "Checking program has appropriate permissions\n"); if ( ( getuid() != 0 ) && ( ( is_owner("/proc/self/exe", 0) < 0 ) || ( is_suid("/proc/self/exe") < 0 ) ) ) { singularity_abort(255, "This program must be SUID root\n"); } singularity_message(VERBOSE2, "Checking configuration file is properly owned by root\n"); if ( is_owner(joinpath(SYSCONFDIR, "/singularity/singularity.conf"), 0 ) < 0 ) { singularity_abort(255, "Running in privileged mode, root must own the Singularity configuration file\n"); } singularity_config_init(joinpath(SYSCONFDIR, "/singularity/singularity.conf")); singularity_message(VERBOSE2, "Checking that we are allowed to run as SUID\n"); if ( singularity_config_get_bool(ALLOW_SETUID) == 0 ) { singularity_abort(255, "SUID mode has been disabled by the sysadmin... Aborting\n"); } singularity_message(VERBOSE2, "Checking if we were requested to run as NOSUID by user\n"); if ( envar_defined("SINGULARITY_NOSUID") == TRUE ) { singularity_abort(1, "NOSUID mode has been requested... Aborting\n"); } #else singularity_message(VERBOSE, "Running NON-SUID program workflow\n"); singularity_message(DEBUG, "Checking program has appropriate permissions\n"); if ( is_suid("/proc/self/exe") >= 0 ) { singularity_abort(255, "This program must **NOT** be SUID\n"); } singularity_config_init(joinpath(SYSCONFDIR, "/singularity/singularity.conf")); if ( singularity_priv_getuid() != 0 ) { singularity_message(VERBOSE2, "Checking that we are allowed to run as SUID\n"); if ( singularity_config_get_bool(ALLOW_SETUID) == 1 ) { singularity_message(VERBOSE2, "Checking if we were requested to run as NOSUID by user\n"); if ( envar_defined("SINGULARITY_NOSUID") == FALSE ) { char sexec_suid_path[] = LIBEXECDIR "/singularity/sexec-suid"; singularity_message(VERBOSE, "Checking for sexec-suid at %s\n", sexec_suid_path); if ( is_file(sexec_suid_path) == 0 ) { if ( ( is_owner(sexec_suid_path, 0 ) == 0 ) && ( is_suid(sexec_suid_path) == 0 ) ) { singularity_message(VERBOSE, "Invoking SUID sexec: %s\n", sexec_suid_path); execv(sexec_suid_path, argv); // Flawfinder: ignore singularity_abort(255, "Failed to execute sexec binary (%s): %s\n", sexec_suid_path, strerror(errno)); } else { singularity_message(VERBOSE, "Not invoking SUID mode: SUID sexec permissions not properly set\n"); } } else { singularity_message(VERBOSE, "Not invoking SUID mode: SUID sexec not installed\n"); } } else { singularity_message(VERBOSE, "Not invoking SUID mode: NOSUID mode requested\n"); } } else { singularity_message(VERBOSE, "Not invoking SUID mode: disallowed by the system administrator\n"); } } else { singularity_message(VERBOSE, "Not invoking SUID mode: running as root\n"); } #endif /* SINGULARITY_SUID */ if ( ( image = envar_path("SINGULARITY_IMAGE") ) == NULL ) { singularity_abort(255, "SINGULARITY_IMAGE not defined!\n"); } singularity_action_init(); singularity_rootfs_init(image); singularity_sessiondir_init(image); free(image); singularity_ns_unshare(); singularity_rootfs_mount(); singularity_rootfs_check(); singularity_file(); singularity_mount(); singularity_rootfs_chroot(); singularity_action_do(argc, argv); return(0); }
ACCESS3res *nfsproc3_access_3_svc(ACCESS3args * argp, struct svc_req * rqstp) { static ACCESS3res result; char *path; post_op_attr post; mode_t mode; int access = 0; PREP(path, argp->object); post = get_post_cached(rqstp); mode = post.post_op_attr_u.attributes.mode; /* owner permissions */ if (is_owner(st_cache.st_uid, rqstp)) { if (mode & S_IRUSR) access |= ACCESS3_READ; if (mode & S_IWUSR) access |= ACCESS3_MODIFY | ACCESS3_EXTEND; if (mode & S_IXUSR) { access |= ACCESS3_EXECUTE; if (opt_readable_executables) access |= ACCESS3_READ; } } else if (has_group(st_cache.st_gid, rqstp)) { /* group permissions */ if (mode & S_IRGRP) access |= ACCESS3_READ; if (mode & S_IWGRP) access |= ACCESS3_MODIFY | ACCESS3_EXTEND; if (mode & S_IXGRP) { access |= ACCESS3_EXECUTE; if (opt_readable_executables) access |= ACCESS3_READ; } } else { /* other permissions */ if (mode & S_IROTH) access |= ACCESS3_READ; if (mode & S_IWOTH) access |= ACCESS3_MODIFY | ACCESS3_EXTEND; if (mode & S_IXOTH) { access |= ACCESS3_EXECUTE; if (opt_readable_executables) access |= ACCESS3_READ; } } /* root is allowed everything */ if (get_uid(rqstp) == 0) access |= ACCESS3_READ | ACCESS3_MODIFY | ACCESS3_EXTEND; /* adjust if directory */ if (post.post_op_attr_u.attributes.type == NF3DIR) { if (access & (ACCESS3_READ | ACCESS3_EXECUTE)) access |= ACCESS3_LOOKUP; if (access & ACCESS3_MODIFY) access |= ACCESS3_DELETE; access &= ~ACCESS3_EXECUTE; } result.status = NFS3_OK; result.ACCESS3res_u.resok.access = access & argp->access; result.ACCESS3res_u.resok.obj_attributes = post; return &result; }