Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
slurm.26118
Prevent_credential_abuse.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Prevent_credential_abuse.patch of Package slurm.26118
From 85e8b61bf8c91358560db4dc10b016ba4cb5ca8a Mon Sep 17 00:00:00 2001 From: Dominik Bartkiewicz <bart@schedmd.com> Date: Wed, 4 May 2022 13:06:36 -0600 Subject: [PATCH 01/31] Prevent credential abuse. CVE-2022-29500 --- NEWS | 1 + src/api/config_info.c | 1 + src/api/job_info.c | 2 + src/api/job_step_info.c | 2 + src/api/node_info.c | 1 + src/api/pmi_server.c | 1 + src/api/reconfigure.c | 1 + src/api/signal.c | 3 + src/api/slurm_pmi.c | 3 + src/api/step_launch.c | 2 + src/bcast/file_bcast.c | 1 + src/common/forward.c | 5 +- src/common/slurm_auth.c | 34 ++- src/common/slurm_auth.h | 16 +- src/common/slurm_persist_conn.c | 1 + src/common/slurm_persist_conn.h | 1 + src/common/slurm_protocol_api.c | 224 +++++++++++++++++- src/common/slurm_protocol_api.h | 3 + src/common/slurm_protocol_defs.c | 4 + src/common/slurm_protocol_defs.h | 14 ++ src/common/slurmdb_defs.c | 1 + src/common/slurmdbd_defs.c | 1 + src/common/stepd_api.c | 3 +- src/common/stepd_api.h | 3 +- .../accounting_storage/common/common_as.c | 1 + src/plugins/auth/munge/auth_munge.c | 64 +++-- src/plugins/auth/none/auth_none.c | 17 +- src/plugins/mpi/pmi2/setup.c | 2 + src/plugins/mpi/pmi2/setup.h | 1 + src/plugins/mpi/pmi2/spawn.c | 3 +- src/plugins/mpi/pmix/pmixp_dconn.c | 1 + src/plugins/mpi/pmix/pmixp_dconn.h | 3 + src/plugins/mpi/pmix/pmixp_server.c | 27 ++- src/plugins/mpi/pmix/pmixp_utils.c | 1 + src/sattach/sattach.c | 1 + src/slurmctld/agent.c | 19 ++ src/slurmctld/agent.h | 5 + src/slurmctld/backup.c | 9 +- src/slurmctld/controller.c | 1 + src/slurmctld/fed_mgr.c | 2 + src/slurmctld/job_mgr.c | 13 +- src/slurmctld/job_scheduler.c | 2 + src/slurmctld/node_mgr.c | 2 +- src/slurmctld/node_scheduler.c | 3 + src/slurmctld/ping_nodes.c | 4 + src/slurmctld/srun_comm.c | 37 ++- src/slurmctld/step_mgr.c | 3 + src/slurmd/slurmd/req.c | 21 +- src/slurmd/slurmd/slurmd.c | 6 +- src/slurmd/slurmstepd/io.c | 1 + src/slurmd/slurmstepd/mgr.c | 16 +- src/slurmd/slurmstepd/mgr.h | 2 +- src/slurmd/slurmstepd/req.c | 1 + src/slurmd/slurmstepd/slurmstepd.c | 23 +- src/slurmd/slurmstepd/slurmstepd_job.c | 7 +- src/slurmd/slurmstepd/slurmstepd_job.h | 4 +- src/slurmd/slurmstepd/x11_forwarding.c | 4 + src/slurmdbd/read_config.c | 1 + src/slurmdbd/slurmdbd.c | 1 + 59 files changed, 554 insertions(+), 82 deletions(-) diff --git a/NEWS b/NEWS index 3b7b68a3c6..d6625715ce 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,7 @@ This file describes changes in recent versions of Slurm. It primarily documents those changes that are of interest to users and administrators. + -- CVE-2022-29500 - Prevent credential abuse. -- CVE-2022-29501 - Prevent abuse of REQUEST_FORWARD_DATA. * Changes in Slurm 17.11.13-2 diff --git a/src/api/config_info.c b/src/api/config_info.c index 786fdfff98..9dc735af35 100644 --- a/src/api/config_info.c +++ b/src/api/config_info.c @@ -1817,6 +1817,7 @@ slurm_load_slurmd_status(slurmd_status_t **slurmd_status_ptr) } req_msg.msg_type = REQUEST_DAEMON_STATUS; req_msg.data = NULL; + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); rc = slurm_send_recv_node_msg(&req_msg, &resp_msg, 0); diff --git a/src/api/job_info.c b/src/api/job_info.c index f5b5219076..e2845f3913 100644 --- a/src/api/job_info.c +++ b/src/api/job_info.c @@ -1512,6 +1512,7 @@ slurm_pid2jobid (pid_t job_pid, uint32_t *jobid) req.job_pid = job_pid; req_msg.msg_type = REQUEST_JOB_ID; req_msg.data = &req; + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); rc = slurm_send_recv_node_msg(&req_msg, &resp_msg, 0); @@ -1886,6 +1887,7 @@ slurm_network_callerid (network_callerid_msg_t req, uint32_t *job_id, req_msg.msg_type = REQUEST_NETWORK_CALLERID; req_msg.data = &req; + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); if (slurm_send_recv_node_msg(&req_msg, &resp_msg, 0) < 0) return SLURM_ERROR; diff --git a/src/api/job_step_info.c b/src/api/job_step_info.c index fb4a6cbf32..6529951a95 100644 --- a/src/api/job_step_info.c +++ b/src/api/job_step_info.c @@ -613,6 +613,7 @@ extern int slurm_job_step_stat(uint32_t job_id, uint32_t step_id, job_id, step_id, node_list); slurm_msg_t_init(&req_msg); + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); memset(&req, 0, sizeof(job_step_id_msg_t)); resp_out->job_id = req.job_id = job_id; @@ -729,6 +730,7 @@ extern int slurm_job_step_get_pids(uint32_t job_id, uint32_t step_id, job_id, step_id, node_list); slurm_msg_t_init(&req_msg); + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); memset(&req, 0, sizeof(job_step_id_msg_t)); resp_out->job_id = req.job_id = job_id; diff --git a/src/api/node_info.c b/src/api/node_info.c index 2605464b21..0b0a9de697 100644 --- a/src/api/node_info.c +++ b/src/api/node_info.c @@ -877,6 +877,7 @@ extern int slurm_get_node_energy(char *host, uint16_t delta, req.delta = delta; req_msg.msg_type = REQUEST_ACCT_GATHER_ENERGY; req_msg.data = &req; + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); rc = slurm_send_recv_node_msg(&req_msg, &resp_msg, 0); diff --git a/src/api/pmi_server.c b/src/api/pmi_server.c index 4dd58c23f3..4f8316d932 100644 --- a/src/api/pmi_server.c +++ b/src/api/pmi_server.c @@ -141,6 +141,7 @@ static void *_msg_thread(void *x) slurm_msg_t msg_send; slurm_msg_t_init(&msg_send); + slurm_msg_set_r_uid(&msg_send, SLURM_AUTH_UID_ANY); debug2("KVS_Barrier msg to %s:%hu", msg_arg_ptr->bar_ptr->hostname, diff --git a/src/api/reconfigure.c b/src/api/reconfigure.c index 190b7b9d73..a53172e743 100644 --- a/src/api/reconfigure.c +++ b/src/api/reconfigure.c @@ -160,6 +160,7 @@ _send_message_controller (enum controller_id dest, slurm_msg_t *req) if ((fd = slurm_open_controller_conn_spec(dest,working_cluster_rec)) <0) slurm_seterrno_ret(SLURMCTLD_COMMUNICATIONS_CONNECTION_ERROR); + slurm_msg_set_r_uid(req, slurm_conf.slurm_user_id); if (slurm_send_node_msg(fd, req) < 0) { slurm_shutdown_msg_conn(fd); slurm_seterrno_ret(SLURMCTLD_COMMUNICATIONS_SEND_ERROR); diff --git a/src/api/signal.c b/src/api/signal.c index 3c2917c225..d829db36a5 100644 --- a/src/api/signal.c +++ b/src/api/signal.c @@ -59,6 +59,7 @@ static int _local_send_recv_rc_msgs(const char *nodelist, slurm_msg_t *msg = xmalloc(sizeof(slurm_msg_t)); slurm_msg_t_init(msg); + slurm_msg_set_r_uid(msg, SLURM_AUTH_UID_ANY); msg->msg_type = type; msg->data = data; @@ -100,6 +101,7 @@ static int _signal_batch_script_step(const resource_allocation_response_msg_t rpc.flags = KILL_JOB_BATCH; slurm_msg_t_init(&msg); + slurm_msg_set_r_uid(&msg, slurm_conf.slurmd_user_id); msg.msg_type = REQUEST_SIGNAL_TASKS; msg.data = &rpc; if (slurm_conf_get_addr(name, &msg.address) == SLURM_ERROR) { @@ -154,6 +156,7 @@ static int _terminate_batch_script_step(const resource_allocation_response_msg_t slurm_msg_t_init(&msg); msg.msg_type = REQUEST_TERMINATE_TASKS; + slurm_msg_set_r_uid(&msg, slurm_conf.slurmd_user_id); msg.data = &rpc; if (slurm_conf_get_addr(name, &msg.address) == SLURM_ERROR) { diff --git a/src/api/slurm_pmi.c b/src/api/slurm_pmi.c index a8ad173db7..ed7cf93460 100644 --- a/src/api/slurm_pmi.c +++ b/src/api/slurm_pmi.c @@ -178,6 +178,7 @@ int slurm_send_kvs_comm_set(kvs_comm_set_t *kvs_set_ptr, _set_pmi_time(); slurm_msg_t_init(&msg_send); + slurm_msg_set_r_uid(&msg_send, SLURM_AUTH_UID_ANY); msg_send.address = srun_addr; msg_send.msg_type = PMI_KVS_PUT_REQ; msg_send.data = (void *) kvs_set_ptr; @@ -259,6 +260,7 @@ int slurm_get_kvs_comm_set(kvs_comm_set_t **kvs_set_ptr, data.port = port; data.hostname = hostname; slurm_msg_t_init(&msg_send); + slurm_msg_set_r_uid(&msg_send, SLURM_AUTH_UID_ANY); slurm_msg_t_init(&msg_rcv); msg_send.address = srun_addr; msg_send.msg_type = PMI_KVS_GET_REQ; @@ -343,6 +345,7 @@ static int _forward_comm_set(kvs_comm_set_t *kvs_set_ptr) if (kvs_set_ptr->kvs_host_ptr[i].port == 0) continue; /* empty */ slurm_msg_t_init(&msg_send); + slurm_msg_set_r_uid(&msg_send, SLURM_AUTH_UID_ANY); msg_send.msg_type = PMI_KVS_GET_RESP; msg_send.data = (void *) kvs_set_ptr; slurm_set_addr(&msg_send.address, diff --git a/src/api/step_launch.c b/src/api/step_launch.c index abebc0d69b..2a8cf4c6bc 100644 --- a/src/api/step_launch.c +++ b/src/api/step_launch.c @@ -910,6 +910,7 @@ extern void slurm_step_launch_fwd_signal(slurm_step_ctx_t *ctx, int signo) hostlist_destroy(hl); RESEND: slurm_msg_t_init(&req); + slurm_msg_set_r_uid(&req, SLURM_AUTH_UID_ANY); req.msg_type = REQUEST_SIGNAL_TASKS; req.data = &msg; @@ -1742,6 +1743,7 @@ static int _launch_tasks(slurm_step_ctx_t *ctx, } slurm_msg_t_init(&msg); + slurm_msg_set_r_uid(&msg, SLURM_AUTH_UID_ANY); msg.msg_type = REQUEST_LAUNCH_TASKS; msg.data = launch_msg; diff --git a/src/bcast/file_bcast.c b/src/bcast/file_bcast.c index e4254832c7..d517e9c9ba 100644 --- a/src/bcast/file_bcast.c +++ b/src/bcast/file_bcast.c @@ -190,6 +190,7 @@ static int _file_bcast(struct bcast_parameters *params, slurm_msg_t msg; slurm_msg_t_init(&msg); + slurm_msg_set_r_uid(&msg, SLURM_AUTH_UID_ANY); msg.data = bcast_msg; msg.msg_type = REQUEST_FILE_BCAST; diff --git a/src/common/forward.c b/src/common/forward.c index 1fbeeb0d11..2b2796343c 100644 --- a/src/common/forward.c +++ b/src/common/forward.c @@ -248,7 +248,7 @@ void *_forward_thread(void *arg) /* steps, fwd_msg->timeout); */ } - ret_list = slurm_receive_msgs(fd, steps, fwd_msg->timeout); + ret_list = slurm_receive_resp_msgs(fd, steps, fwd_msg->timeout); /* info("sent %d forwards got %d back", */ /* fwd_msg->header.forward.cnt, list_count(ret_list)); */ @@ -356,6 +356,9 @@ void *_fwd_tree_thread(void *arg) send_msg.msg_type = fwd_tree->orig_msg->msg_type; send_msg.data = fwd_tree->orig_msg->data; send_msg.protocol_version = fwd_tree->orig_msg->protocol_version; + if (fwd_tree->orig_msg->restrict_uid_set) + slurm_msg_set_r_uid(&send_msg, + fwd_tree->orig_msg->restrict_uid); /* repeat until we are sure the message was sent */ while ((name = hostlist_shift(fwd_tree->tree_hl))) { diff --git a/src/common/slurm_auth.c b/src/common/slurm_auth.c index f7811e71aa..7ce0887ead 100644 --- a/src/common/slurm_auth.c +++ b/src/common/slurm_auth.c @@ -60,7 +60,8 @@ static bool init_run = false; * end of the structure. */ typedef struct slurm_auth_ops { - void * (*create) ( char *auth_info ); + void * (*create) ( char *auth_infouid_t, uid_t r_uid, + void *data, int dlen); int (*destroy) ( void *cred ); int (*verify) ( void *cred, char *auth_info ); uid_t (*get_uid) ( void *cred, char *auth_info ); @@ -70,6 +71,9 @@ typedef struct slurm_auth_ops { int (*print) ( void *cred, FILE *fp ); int (*sa_errno) ( void *cred ); const char * (*sa_errstr) ( int slurm_errno ); + bool (*hash_enable); + int (*get_data) (void *cred, char **data, + uint32_t *len); } slurm_auth_ops_t; /* * These strings must be kept in the same order as the fields @@ -85,7 +89,9 @@ static const char *syms[] = { "slurm_auth_unpack", "slurm_auth_print", "slurm_auth_errno", - "slurm_auth_errstr" + "slurm_auth_errstr", + "hash_enable", + "auth_p_get_data" }; /* @@ -125,6 +131,15 @@ slurm_auth_generic_errstr( int slurm_errno ) } } +extern bool slurm_get_plugin_hash_enable(int index) +{ + if (slurm_auth_init(NULL) < 0) + return true; + + return *(ops[index].hash_enable); + +} + extern int slurm_auth_init( char *auth_type ) { int retval = SLURM_SUCCESS; @@ -182,12 +197,13 @@ slurm_auth_fini( void ) * the API function dispatcher. */ -void *g_slurm_auth_create(char *auth_info) +void *g_slurm_auth_create(char *auth_info, uid_t r_uid, + void *data, int dlen) { if (slurm_auth_init(NULL) < 0) return NULL; - return (*(ops.create))(auth_info); + return (*(ops.create))(auth_info, r_uid, data, dlen); } int g_slurm_auth_destroy(void *cred) @@ -206,6 +222,16 @@ int g_slurm_auth_verify(void *cred, char *auth_info) return (*(ops.verify))(cred, auth_info); } +int auth_g_get_data(void *cred, char **data, uint32_t *len) +{ + cred_wrapper_t *wrap = (cred_wrapper_t *) cred; + + if (!wrap || slurm_auth_init(NULL) < 0) + return SLURM_ERROR; + + return (*(ops[wrap->index].get_data))(cred, data, len); +} + uid_t g_slurm_auth_get_uid(void *cred, char *auth_info) { if (slurm_auth_init(NULL) < 0) diff --git a/src/common/slurm_auth.h b/src/common/slurm_auth.h index b430809ca5..f7ab7ac68e 100644 --- a/src/common/slurm_auth.h +++ b/src/common/slurm_auth.h @@ -88,6 +88,12 @@ enum { ARG_COUNT, }; +/* + * This should be equal to MUNGE_UID_ANY + * do not restrict decode via uid + */ +#define SLURM_AUTH_UID_ANY -1 + /* * SLURM authentication context opaque type. */ @@ -128,15 +134,23 @@ extern int slurm_auth_init( char *auth_type ); */ extern int slurm_auth_fini( void ); +/* + * Check if plugin type corresponding to the authentication + * plugin index supports hash. + */ +extern bool slurm_get_plugin_hash_enable(int index); + /* * Static bindings for the global authentication context. */ -extern void * g_slurm_auth_create(char *auth_info); +extern void * g_slurm_auth_create(char *auth_info, uid_t r_uid, + void *data, int dlen); extern int g_slurm_auth_destroy( void *cred ); extern int g_slurm_auth_verify(void *cred, char *auth_info); extern uid_t g_slurm_auth_get_uid( void *cred, char *auth_info ); extern gid_t g_slurm_auth_get_gid( void *cred, char *auth_info ); extern int g_slurm_auth_pack( void *cred, Buf buf ); +extern int auth_g_get_data(void *cred, char **data, uint32_t *len); /* * WARNING! The returned auth pointer WILL have pointers diff --git a/src/common/slurm_persist_conn.c b/src/common/slurm_persist_conn.c index a15624b219..75e01e8c84 100644 --- a/src/common/slurm_persist_conn.c +++ b/src/common/slurm_persist_conn.c @@ -575,6 +575,7 @@ extern int slurm_persist_conn_open(slurm_persist_conn_t *persist_conn) req_msg.flags |= SLURM_GLOBAL_AUTH_KEY; if (persist_conn->flags & PERSIST_FLAG_DBD) req_msg.flags |= SLURMDBD_CONNECTION; + slurm_msg_set_r_uid(&req_msg, persist_conn->r_uid); memset(&req, 0, sizeof(persist_init_req_msg_t)); req.cluster_name = persist_conn->cluster_name; diff --git a/src/common/slurm_persist_conn.h b/src/common/slurm_persist_conn.h index ba6df4c904..30a01ef398 100644 --- a/src/common/slurm_persist_conn.h +++ b/src/common/slurm_persist_conn.h @@ -72,6 +72,7 @@ typedef struct { uint16_t flags; bool inited; persist_conn_type_t persist_type; + uid_t r_uid; char *rem_host; uint16_t rem_port; time_t *shutdown; diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index 707eedb8e7..01ea2648ba 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -884,6 +884,36 @@ char *slurm_get_priority_weight_tres(void) return weights; } +static int _check_hash(buf_t *buffer, header_t *header, slurm_msg_t *msg, + void *cred) +{ + char *cred_hash = NULL; + uint32_t cred_hash_len = 0; + int rc; + static time_t config_update = (time_t) -1; + static bool block_null_hash = true; + + if (config_update != slurm_conf.last_update) { + block_null_hash = (xstrcasestr(slurm_conf.comm_params, + "block_null_hash")); + config_update = slurm_conf.last_update; + } + + rc = auth_g_get_data(cred, &cred_hash, &cred_hash_len); + + if (cred_hash || cred_hash_len) { + if (cred_hash_len != 3 || cred_hash[0] != 1 || + memcmp(cred_hash + 1, + &msg->msg_type, sizeof(msg->msg_type))) + rc = SLURM_ERROR; + } else if (block_null_hash && + slurm_get_plugin_hash_enable(msg->auth_index)) + rc = SLURM_ERROR; + + xfree(cred_hash); + return rc; +} + static int _get_tres_id(char *type, char *name) { slurmdb_tres_rec_t tres_rec; @@ -3209,6 +3239,9 @@ extern int slurm_unpack_received_msg(slurm_msg_t *msg, int fd, Buf buffer) goto total_return; } + msg->auth_uid = g_slurm_auth_get_uid(auth_cred); + msg->auth_uid_set = true; + /* * Unpack message body */ @@ -3219,6 +3252,7 @@ extern int slurm_unpack_received_msg(slurm_msg_t *msg, int fd, Buf buffer) msg->body_offset = get_buf_offset(buffer); if ((header.body_length > remaining_buf(buffer)) || + _check_hash(buffer, &header, msg, auth_cred) || (unpack_msg(msg, buffer) != SLURM_SUCCESS)) { rc = ESLURM_PROTOCOL_INCOMPLETE_PACKET; (void) g_slurm_auth_destroy(auth_cred); @@ -3319,6 +3353,8 @@ int slurm_receive_msg(int fd, slurm_msg_t *msg, int timeout) */ if (slurm_msg_recvfrom_timeout(fd, &buf, &buflen, 0, timeout) < 0) { rc = errno; + if (!rc) + rc = SLURMCTLD_COMMUNICATIONS_RECEIVE_ERROR; goto endit; } @@ -3481,6 +3517,8 @@ List slurm_receive_msgs(int fd, int steps, int timeout) goto total_return; } + msg.auth_uid = g_slurm_auth_get_uid(auth_cred); + msg.auth_uid_set = true; /* * Unpack message body */ @@ -3489,6 +3527,7 @@ List slurm_receive_msgs(int fd, int steps, int timeout) msg.flags = header.flags; if ((header.body_length > remaining_buf(buffer)) || + _check_hash(buffer, &header, &msg, auth_cred) || (unpack_msg(&msg, buffer) != SLURM_SUCCESS)) { (void) g_slurm_auth_destroy(auth_cred); free_buf(buffer); @@ -3530,6 +3569,155 @@ total_return: } +List slurm_receive_resp_msgs(int fd, int steps, int timeout) +{ + char *buf = NULL; + size_t buflen = 0; + header_t header; + int rc; + void *auth_cred = NULL; + slurm_msg_t msg; + buf_t *buffer; + ret_data_info_t *ret_data_info = NULL; + List ret_list = NULL; + int orig_timeout = timeout; + + xassert(fd >= 0); + + slurm_msg_t_init(&msg); + msg.conn_fd = fd; + + if (timeout <= 0) { + /* convert secs to msec */ + timeout = slurm_conf.msg_timeout * 1000; + orig_timeout = timeout; + } + if (steps) { + if (message_timeout < 0) + message_timeout = slurm_conf.msg_timeout * 1000; + orig_timeout = (timeout - + (message_timeout*(steps-1)))/steps; + steps--; + } + + log_flag(NET, "%s: orig_timeout was %d we have %d steps and a timeout of %d", + __func__, orig_timeout, steps, timeout); + /* we compare to the orig_timeout here because that is really + * what we are going to wait for each step + */ + if (orig_timeout >= (slurm_conf.msg_timeout * 10000)) { + log_flag(NET, "%s: Sending a message with timeout's greater than %d seconds, requested timeout is %d seconds", + __func__, (slurm_conf.msg_timeout * 10), + (timeout/1000)); + } else if (orig_timeout < 1000) { + log_flag(NET, "%s: Sending a message with a very short timeout of %d milliseconds each step in the tree has %d milliseconds", + __func__, timeout, orig_timeout); + } + + + /* + * Receive a msg. slurm_msg_recvfrom() will read the message + * length and allocate space on the heap for a buffer containing + * the message. + */ + if (slurm_msg_recvfrom_timeout(fd, &buf, &buflen, 0, timeout) < 0) { + forward_init(&header.forward); + rc = errno; + goto total_return; + } + + log_flag_hex(NET_RAW, buf, buflen, "%s: read", __func__); + buffer = create_buf(buf, buflen); + + if (unpack_header(&header, buffer) == SLURM_ERROR) { + free_buf(buffer); + rc = SLURM_COMMUNICATIONS_RECEIVE_ERROR; + goto total_return; + } + + if (check_header_version(&header) < 0) { + slurm_addr_t resp_addr; + if (!slurm_get_peer_addr(fd, &resp_addr)) { + error("%s: Invalid Protocol Version %u from at %pA", + __func__, header.version, &resp_addr); + } else { + error("%s: Invalid Protocol Version %u from problem connection: %m", + __func__, header.version); + } + + free_buf(buffer); + rc = SLURM_PROTOCOL_VERSION_ERROR; + goto total_return; + } + //info("ret_cnt = %d",header.ret_cnt); + if (header.ret_cnt > 0) { + if (header.ret_list) + ret_list = header.ret_list; + else + ret_list = list_create(destroy_data_info); + header.ret_cnt = 0; + header.ret_list = NULL; + } + + /* Forward message to other nodes */ + if (header.forward.cnt > 0) { + error("%s: We need to forward this to other nodes use slurm_receive_msg_and_forward instead", + __func__); + } + + if (!(auth_cred = g_slurm_auth_unpack(buffer, header.version))) { + error("%s: auth_g_unpack: %m", __func__); + free_buf(buffer); + rc = ESLURM_PROTOCOL_INCOMPLETE_PACKET; + goto total_return; + } + g_slurm_auth_destroy(auth_cred); + /* + * Unpack message body + */ + msg.protocol_version = header.version; + msg.msg_type = header.msg_type; + msg.flags = header.flags; + + if ((header.body_length > remaining_buf(buffer)) || + (unpack_msg(&msg, buffer) != SLURM_SUCCESS)) { + free_buf(buffer); + rc = ESLURM_PROTOCOL_INCOMPLETE_PACKET; + goto total_return; + } + free_buf(buffer); + rc = SLURM_SUCCESS; + +total_return: + destroy_forward(&header.forward); + + if (rc != SLURM_SUCCESS) { + if (ret_list) { + ret_data_info = xmalloc(sizeof(ret_data_info_t)); + ret_data_info->err = rc; + ret_data_info->type = RESPONSE_FORWARD_FAILED; + ret_data_info->data = NULL; + list_push(ret_list, ret_data_info); + } + + error("%s: failed: %s", + __func__, slurm_strerror(rc)); + usleep(10000); /* Discourage brute force attack */ + } else { + if (!ret_list) + ret_list = list_create(destroy_data_info); + ret_data_info = xmalloc(sizeof(ret_data_info_t)); + ret_data_info->err = rc; + ret_data_info->node_name = NULL; + ret_data_info->type = msg.msg_type; + ret_data_info->data = msg.data; + list_push(ret_list, ret_data_info); + } + + errno = rc; + return ret_list; + +} /* try to determine the UID associated with a message with different * message header version, return -1 if we can't tell */ static int _unpack_msg_uid(Buf buffer) @@ -3715,6 +3903,9 @@ int slurm_receive_msg_and_forward(int fd, slurm_addr_t *orig_addr, goto total_return; } + msg->auth_uid = g_slurm_auth_get_uid(auth_cred); + msg->auth_uid_set = true; + /* * Unpack message body */ @@ -3728,6 +3919,7 @@ int slurm_receive_msg_and_forward(int fd, slurm_addr_t *orig_addr, } if ( (header.body_length > remaining_buf(buffer)) || + _check_hash(buffer, &header, msg, auth_cred) || (unpack_msg(msg, buffer) != SLURM_SUCCESS) ) { (void) g_slurm_auth_destroy(auth_cred); free_buf(buffer); @@ -3795,6 +3987,7 @@ int slurm_send_node_msg(int fd, slurm_msg_t * msg) int rc; void * auth_cred; time_t start_time = time(NULL); + unsigned char auth_payload[3] = { 1 }; /* uint8_t + uint16_t (msg_type) */ if (msg->conn) { persist_msg_t persist_msg; @@ -3830,6 +4023,9 @@ int slurm_send_node_msg(int fd, slurm_msg_t * msg) return rc; } + if (!msg->restrict_uid_set) + fatal("%s: restrict_uid is not set", __func__); + memcpy(auth_payload + 1, &msg->msg_type, sizeof(msg->msg_type)); /* * Initialize header with Auth credential and message type. * We get the credential now rather than later so the work can @@ -3838,10 +4034,14 @@ int slurm_send_node_msg(int fd, slurm_msg_t * msg) * wait too long for the incoming message. */ if (msg->flags & SLURM_GLOBAL_AUTH_KEY) { - auth_cred = g_slurm_auth_create(_global_auth_key()); + auth_cred = g_slurm_auth_create(_global_auth_key(), + msg->restrict_uid, auth_payload, + sizeof(auth_payload)); } else { char *auth_info = slurm_get_auth_info(); - auth_cred = g_slurm_auth_create(auth_info); + auth_cred = g_slurm_auth_create(auth_info, + msg->restrict_uid, auth_payload, + sizeof(auth_payload)); xfree(auth_info); } @@ -3858,10 +4058,16 @@ int slurm_send_node_msg(int fd, slurm_msg_t * msg) if (difftime(time(NULL), start_time) >= 60) { (void) g_slurm_auth_destroy(auth_cred); if (msg->flags & SLURM_GLOBAL_AUTH_KEY) { - auth_cred = g_slurm_auth_create(_global_auth_key()); + auth_cred = g_slurm_auth_create(_global_auth_key(), + msg->restrict_uid, + auth_payload, + sizeof(auth_payload)); } else { char *auth_info = slurm_get_auth_info(); - auth_cred = g_slurm_auth_create(auth_info); + auth_cred = g_slurm_auth_create(auth_info, + msg->restrict_uid, + auth_payload, + sizeof(auth_payload)); xfree(auth_info); } } @@ -4373,6 +4579,7 @@ extern int slurm_send_recv_controller_msg(slurm_msg_t * request_msg, forward_init(&request_msg->forward, NULL); request_msg->ret_list = NULL; request_msg->forward_struct = NULL; + slurm_msg_set_r_uid(request_msg, SLURM_AUTH_UID_ANY); tryagain: retry = 1; @@ -4498,6 +4705,8 @@ extern int slurm_send_only_controller_msg(slurm_msg_t *req, goto cleanup; } + slurm_msg_set_r_uid(req, slurm_conf.slurm_user_id); + if ((rc = slurm_send_node_msg(fd, req)) < 0) { rc = SLURM_ERROR; } else { @@ -4866,6 +5075,12 @@ extern void slurm_free_msg(slurm_msg_t *msg) } } +extern void slurm_msg_set_r_uid(slurm_msg_t *msg, uid_t r_uid) +{ + msg->restrict_uid = r_uid; + msg->restrict_uid_set = true; +} + extern char *nodelist_nth_host(const char *nodelist, int inx) { hostlist_t hl = hostlist_create(nodelist); @@ -5062,6 +5277,7 @@ extern int slurm_forward_data( req.len = len; req.data = (char *)data; + slurm_msg_set_r_uid(&msg, SLURM_AUTH_UID_ANY); msg.msg_type = REQUEST_FORWARD_DATA; msg.data = &req; diff --git a/src/common/slurm_protocol_api.h b/src/common/slurm_protocol_api.h index 194d5b137b..8da140c565 100644 --- a/src/common/slurm_protocol_api.h +++ b/src/common/slurm_protocol_api.h @@ -1023,6 +1023,7 @@ int slurm_receive_msg(int fd, slurm_msg_t *msg, int timeout); * errno set. */ List slurm_receive_msgs(int fd, int steps, int timeout); +List slurm_receive_resp_msgs(int fd, int steps, int timeout); /* * Receive a slurm message on the open slurm descriptor "fd" waiting @@ -1333,6 +1334,8 @@ extern int *set_span(int total, uint16_t tree_width); extern void slurm_free_msg_members(slurm_msg_t *msg); extern void slurm_free_msg(slurm_msg_t * msg); +extern void slurm_msg_set_r_uid(slurm_msg_t *msg, uid_t r_uid); + /* must free this memory with free not xfree */ extern char *nodelist_nth_host(const char *nodelist, int inx); extern int nodelist_find(const char *nodelist, const char *name); diff --git a/src/common/slurm_protocol_defs.c b/src/common/slurm_protocol_defs.c index 0e1d86597c..42297b75c3 100644 --- a/src/common/slurm_protocol_defs.c +++ b/src/common/slurm_protocol_defs.c @@ -51,6 +51,7 @@ #include "src/common/power.h" #include "src/common/slurm_accounting_storage.h" #include "src/common/slurm_acct_gather_energy.h" +#include "src/common/slurm_auth.h" #include "src/common/slurm_cred.h" #include "src/common/slurm_ext_sensors.h" #include "src/common/slurm_jobacct_gather.h" @@ -104,6 +105,7 @@ extern void slurm_msg_t_init(slurm_msg_t *msg) { memset(msg, 0, sizeof(slurm_msg_t)); + msg->auth_uid = SLURM_AUTH_NOBODY; msg->conn_fd = -1; msg->msg_type = NO_VAL16; msg->protocol_version = NO_VAL16; @@ -133,6 +135,8 @@ extern void slurm_msg_t_copy(slurm_msg_t *dest, slurm_msg_t *src) dest->ret_list = src->ret_list; dest->forward_struct = src->forward_struct; dest->orig_addr.sin_addr.s_addr = 0; + if (src->auth_uid_set) + slurm_msg_set_r_uid(dest, src->auth_uid); return; } diff --git a/src/common/slurm_protocol_defs.h b/src/common/slurm_protocol_defs.h index d4409ff300..c9fc171912 100644 --- a/src/common/slurm_protocol_defs.h +++ b/src/common/slurm_protocol_defs.h @@ -50,6 +50,7 @@ #include "src/common/job_options.h" #include "src/common/list.h" #include "src/common/macros.h" +#include "src/common/slurm_auth.h" #include "src/common/slurm_cred.h" #include "src/common/slurm_protocol_common.h" #include "src/common/slurm_persist_conn.h" @@ -459,6 +460,19 @@ typedef struct slurm_protocol_config { typedef struct slurm_msg { slurm_addr_t address; void *auth_cred; + uid_t auth_uid; /* NEVER PACK. Authenticated uid from auth + * credential. Only valid if auth_uid_set is + * true. Set to SLURM_AUTH_NOBODY if not set + * yet. + */ + bool auth_uid_set; /* NEVER PACK. True when auth_uid has been set. + * This is a safety measure against handling + * a slurm_msg_t that has been xmalloc()'d but + * slurm_msg_t_init() was not called since + * auth_uid would be root. + */ + uid_t restrict_uid; + bool restrict_uid_set; uint32_t body_offset; /* DON'T PACK: offset in buffer where body part of buffer starts. */ Buf buffer; /* DON't PACK! ptr to buffer that msg was unpacked from. */ diff --git a/src/common/slurmdb_defs.c b/src/common/slurmdb_defs.c index bf3cfb32ec..cb6611159f 100644 --- a/src/common/slurmdb_defs.c +++ b/src/common/slurmdb_defs.c @@ -2882,6 +2882,7 @@ extern int slurmdb_send_accounting_update(List update_list, char *cluster, slurm_set_addr_char(&req.address, port, host); req.protocol_version = rpc_version; + slurm_msg_set_r_uid(&req, SLURM_AUTH_UID_ANY); req.msg_type = ACCOUNTING_UPDATE_MSG; if (slurmdbd_conf) diff --git a/src/common/slurmdbd_defs.c b/src/common/slurmdbd_defs.c index 9b288e17e3..3ea61902a6 100644 --- a/src/common/slurmdbd_defs.c +++ b/src/common/slurmdbd_defs.c @@ -457,6 +457,7 @@ static void _open_slurmdbd_conn(bool need_db) slurm_set_accounting_storage_port( slurmdbd_conn->rem_port); } + slurmdbd_conn->r_uid = SLURM_AUTH_UID_ANY; } slurmdbd_shutdown = 0; slurmdbd_conn->shutdown = &slurmdbd_shutdown; diff --git a/src/common/stepd_api.c b/src/common/stepd_api.c index 5f15a45cf1..05c0a810b1 100644 --- a/src/common/stepd_api.c +++ b/src/common/stepd_api.c @@ -485,7 +485,7 @@ rwfail: int stepd_attach(int fd, uint16_t protocol_version, slurm_addr_t *ioaddr, slurm_addr_t *respaddr, - void *job_cred_sig, reattach_tasks_response_msg_t *resp) + void *job_cred_sig, uid_t uid, reattach_tasks_response_msg_t *resp) { int req = REQUEST_ATTACH; int rc = SLURM_SUCCESS; @@ -495,6 +495,7 @@ stepd_attach(int fd, uint16_t protocol_version, safe_write(fd, ioaddr, sizeof(slurm_addr_t)); safe_write(fd, respaddr, sizeof(slurm_addr_t)); safe_write(fd, job_cred_sig, SLURM_IO_KEY_SIZE); + safe_write(fd, &uid, sizeof(uid_t)); safe_write(fd, &proto, sizeof(int)); /* Receive the return code */ diff --git a/src/common/stepd_api.h b/src/common/stepd_api.h index 205cfd3c90..7482979597 100644 --- a/src/common/stepd_api.h +++ b/src/common/stepd_api.h @@ -189,7 +189,8 @@ int stepd_signal_container(int fd, uint16_t protocol_version, int signal, */ int stepd_attach(int fd, uint16_t protocol_version, slurm_addr_t *ioaddr, slurm_addr_t *respaddr, - void *job_cred_sig, reattach_tasks_response_msg_t *resp); + void *job_cred_sig, uid_t uid, + reattach_tasks_response_msg_t *resp); /* * Scan for available running slurm step daemons by checking diff --git a/src/plugins/accounting_storage/common/common_as.c b/src/plugins/accounting_storage/common/common_as.c index fc811188e4..d0a62dac01 100644 --- a/src/plugins/accounting_storage/common/common_as.c +++ b/src/plugins/accounting_storage/common/common_as.c @@ -385,6 +385,7 @@ extern int cluster_first_reg(char *host, uint16_t port, uint16_t rpc_version) out_msg.msg_type = ACCOUNTING_FIRST_REG; out_msg.flags = SLURM_GLOBAL_AUTH_KEY; out_msg.data = &update; + slurm_msg_set_r_uid(&out_msg, SLURM_AUTH_UID_ANY); slurm_send_node_msg(fd, &out_msg); /* We probably need to add matching recv_msg function * for an arbitray fd or should these be fire diff --git a/src/plugins/auth/munge/auth_munge.c b/src/plugins/auth/munge/auth_munge.c index 3f98a3343a..fbcd1bbd52 100644 --- a/src/plugins/auth/munge/auth_munge.c +++ b/src/plugins/auth/munge/auth_munge.c @@ -84,6 +84,7 @@ const char plugin_name[] = "Munge authentication plugin"; const char plugin_type[] = "auth/munge"; const uint32_t plugin_version = SLURM_VERSION_NUMBER; +bool hash_enable = true; static int plugin_errno = SLURM_SUCCESS; static int bad_cred_test = -1; @@ -102,12 +103,12 @@ typedef struct _slurm_auth_credential { int magic; /* magical munge validity magic */ #endif char *m_str; /* munged string */ - void *buf; /* Application specific data */ bool verified; /* true if this cred has been verified */ - int len; /* amount of App data */ uid_t uid; /* UID. valid only if verified == true */ gid_t gid; /* GID. valid only if verified == true */ int cr_errno; + void *data; /* payload data */ + int dlen; /* payload data length */ } slurm_auth_credential_t; /* @@ -154,7 +155,8 @@ int init ( void ) * allocate a credential. Whether the credential is populated with useful * data at this time is implementation-dependent. */ -slurm_auth_credential_t *slurm_auth_create(char *opts) +slurm_auth_credential_t *slurm_auth_create(char *opts, uid_t r_uid, + void *data, int dlen) { int rc, retry = RETRY_COUNT, auth_ttl; slurm_auth_credential_t *cred = NULL; @@ -191,6 +193,13 @@ slurm_auth_credential_t *slurm_auth_create(char *opts) } } + rc = munge_ctx_set(ctx, MUNGE_OPT_UID_RESTRICTION, r_uid); + if (rc != EMUNGE_SUCCESS) { + error("munge_ctx_set failure"); + munge_ctx_destroy(ctx); + return NULL; + } + auth_ttl = slurm_get_auth_ttl(); if (auth_ttl) (void) munge_ctx_set(ctx, MUNGE_OPT_TTL, auth_ttl); @@ -198,8 +207,8 @@ slurm_auth_credential_t *slurm_auth_create(char *opts) cred = xmalloc(sizeof(*cred)); cred->verified = false; cred->m_str = NULL; - cred->buf = NULL; - cred->len = 0; + cred->data = NULL; + cred->dlen = 0; cred->cr_errno = SLURM_SUCCESS; xassert((cred->magic = MUNGE_MAGIC)); @@ -213,7 +222,7 @@ slurm_auth_credential_t *slurm_auth_create(char *opts) ohandler = xsignal(SIGALRM, (SigFunc *)SIG_BLOCK); again: - err = munge_encode(&cred->m_str, ctx, cred->buf, cred->len); + err = munge_encode(&cred->m_str, ctx, data, dlen); if (err != EMUNGE_SUCCESS) { if ((err == EMUNGE_SOCKET) && retry--) { debug("Munge encode failed: %s (retrying ...)", @@ -258,8 +267,8 @@ slurm_auth_destroy( slurm_auth_credential_t *cred ) */ if (cred->m_str) free(cred->m_str); - if (cred->buf) - free(cred->buf); + if (cred->data) + free(cred->data); xfree(cred); return SLURM_SUCCESS; @@ -351,6 +360,34 @@ slurm_auth_get_gid( slurm_auth_credential_t *cred, char *opts ) return cred->gid; } +/* + * auth_p_verify() must be called first. + */ +int auth_p_get_data(slurm_auth_credential_t *cred, char **data, uint32_t *len) +{ + if (!cred || !cred->verified) { + /* + * This xassert will trigger on a development build if + * the calling path did not verify the credential first. + */ + xassert(!cred); + slurm_seterrno(ESLURM_AUTH_BADARG); + return SLURM_ERROR; + } + + xassert(cred->magic == MUNGE_MAGIC); + + if (cred->data && cred->dlen) { + *data = xmalloc(cred->dlen); + memcpy(*data, cred->data, cred->dlen); + *len = cred->dlen; + } else { + *data = NULL; + *len = 0; + } + return SLURM_SUCCESS; +} + /* * Marshall a credential for transmission over the network, according to * SLURM's marshalling protocol. @@ -418,8 +455,6 @@ slurm_auth_unpack( Buf buf ) cred = xmalloc(sizeof(*cred)); cred->verified = false; cred->m_str = NULL; - cred->buf = NULL; - cred->len = 0; cred->cr_errno = SLURM_SUCCESS; xassert((cred->magic = MUNGE_MAGIC)); @@ -521,14 +556,9 @@ _decode_cred(slurm_auth_credential_t *c, char *socket) return SLURM_ERROR; } - again: - c->buf = NULL; - err = munge_decode(c->m_str, ctx, &c->buf, &c->len, &c->uid, &c->gid); +again: + err = munge_decode(c->m_str, ctx, &c->data, &c->dlen, &c->uid, &c->gid); if (err != EMUNGE_SUCCESS) { - if (c->buf) { - free(c->buf); - c->buf = NULL; - } if ((err == EMUNGE_SOCKET) && retry--) { debug("Munge decode failed: %s (retrying ...)", munge_ctx_strerror(ctx)); diff --git a/src/plugins/auth/none/auth_none.c b/src/plugins/auth/none/auth_none.c index 6bd3beee88..34c7d79b1c 100644 --- a/src/plugins/auth/none/auth_none.c +++ b/src/plugins/auth/none/auth_none.c @@ -74,6 +74,7 @@ const char plugin_name[] = "Null authentication plugin"; const char plugin_type[] = "auth/none"; const uint32_t plugin_version = SLURM_VERSION_NUMBER; +bool hash_enable = false; /* * An opaque type representing authentication credentials. This type can be @@ -148,7 +149,8 @@ extern int fini ( void ) * Allocate and initializes a credential. This function should return * NULL if it cannot allocate a credential. */ -slurm_auth_credential_t *slurm_auth_create(char *auth_info) +slurm_auth_credential_t *slurm_auth_create(char *auth_info, uid_t r_uid, + void *data, int dlen) { slurm_auth_credential_t *cred; cred = xmalloc(sizeof(slurm_auth_credential_t)); @@ -214,6 +216,19 @@ slurm_auth_get_gid( slurm_auth_credential_t *cred, char *auth_info ) } } +int auth_p_get_data(slurm_auth_credential_t *cred, char **data, uint32_t *len) +{ + if (!cred) { + slurm_seterrno(ESLURM_AUTH_BADARG); + return SLURM_ERROR; + } + + *data = NULL; + *len = 0; + + return SLURM_SUCCESS; +} + /* * Marshall a credential for transmission over the network, according to * SLURM's marshalling protocol. diff --git a/src/plugins/mpi/pmi2/setup.c b/src/plugins/mpi/pmi2/setup.c index e54f215b97..b57a47dd80 100644 --- a/src/plugins/mpi/pmi2/setup.c +++ b/src/plugins/mpi/pmi2/setup.c @@ -106,6 +106,8 @@ _setup_stepd_job_info(const stepd_step_rec_t *job, char ***env) memset(&job_info, 0, sizeof(job_info)); + job_info.uid = job->uid; + if (job->pack_jobid && (job->pack_jobid != NO_VAL)) { job_info.jobid = job->pack_jobid; job_info.stepid = job->stepid; diff --git a/src/plugins/mpi/pmi2/setup.h b/src/plugins/mpi/pmi2/setup.h index 2ce15af978..59c55399a8 100644 --- a/src/plugins/mpi/pmi2/setup.h +++ b/src/plugins/mpi/pmi2/setup.h @@ -59,6 +59,7 @@ typedef struct pmi2_job_info { uint32_t jobid; /* Current SLURM job id */ uint32_t stepid; /* Current step id (or NO_VAL) */ + uid_t uid; /* user id for job */ uint32_t nnodes; /* number of nodes in current job step */ uint32_t nodeid; /* relative position of this node in job */ uint32_t ntasks; /* total number of tasks in current job */ diff --git a/src/plugins/mpi/pmi2/spawn.c b/src/plugins/mpi/pmi2/spawn.c index 9115060272..df48901dc3 100644 --- a/src/plugins/mpi/pmi2/spawn.c +++ b/src/plugins/mpi/pmi2/spawn.c @@ -151,7 +151,8 @@ spawn_req_pack(spawn_req_t *req, Buf buf) void *auth_cred; char *auth_info = slurm_get_auth_info(); - auth_cred = g_slurm_auth_create(auth_info); + auth_cred = g_slurm_auth_create(auth_info, + job_info.uid, NULL, 0); xfree(auth_info); if (auth_cred == NULL) { error("authentication: %s", diff --git a/src/plugins/mpi/pmix/pmixp_dconn.c b/src/plugins/mpi/pmix/pmixp_dconn.c index 39b2082aeb..eb8888a32c 100644 --- a/src/plugins/mpi/pmix/pmixp_dconn.c +++ b/src/plugins/mpi/pmix/pmixp_dconn.c @@ -79,6 +79,7 @@ int pmixp_dconn_init(int node_cnt, pmixp_p2p_data_t direct_hdr) _pmixp_dconn_conns[i].nodeid = i; _pmixp_dconn_conns[i].state = PMIXP_DIRECT_INIT; _pmixp_dconn_conns[i].priv = _pmixp_dconn_h.init(i, direct_hdr); + _pmixp_dconn_conns[i].uid = slurm_conf.slurmd_user_id; } return SLURM_SUCCESS; } diff --git a/src/plugins/mpi/pmix/pmixp_dconn.h b/src/plugins/mpi/pmix/pmixp_dconn.h index 8dbc37bc01..8a48dbd9e8 100644 --- a/src/plugins/mpi/pmix/pmixp_dconn.h +++ b/src/plugins/mpi/pmix/pmixp_dconn.h @@ -82,6 +82,9 @@ typedef struct { /* remote node info */ int nodeid; void *priv; + + /* authenticated uid on remote */ + uid_t uid; } pmixp_dconn_t; typedef void *(*pmixp_dconn_p2p_init_t)(int nodeid, diff --git a/src/plugins/mpi/pmix/pmixp_server.c b/src/plugins/mpi/pmix/pmixp_server.c index 2d4da9e2fc..294fe5eeac 100644 --- a/src/plugins/mpi/pmix/pmixp_server.c +++ b/src/plugins/mpi/pmix/pmixp_server.c @@ -494,13 +494,14 @@ void pmixp_server_cleanup(void) * --------------------- Authentication functionality ------------------- */ -static int _auth_cred_create(Buf buf) +static int _auth_cred_create(Buf buf, uid_t uid) { void *auth_cred = NULL; char *auth_info = slurm_get_auth_info(); int rc = SLURM_SUCCESS; - auth_cred = g_slurm_auth_create(auth_info); + auth_cred = g_slurm_auth_create(auth_info, + uid, NULL, 0); xfree(auth_info); if (!auth_cred) { rc = g_slurm_auth_errno(NULL); @@ -519,7 +520,7 @@ static int _auth_cred_create(Buf buf) return rc; } -static int _auth_cred_verify(Buf buf) +static int _auth_cred_verify(Buf buf, uid_t *uid) { void *auth_cred = NULL; char *auth_info = NULL; @@ -536,9 +537,19 @@ static int _auth_cred_verify(Buf buf) rc = g_slurm_auth_verify(auth_cred, auth_info); xfree(auth_info); - if (rc) + if (rc) { PMIXP_ERROR("Verifying authentication credential: %s", g_slurm_auth_errstr(g_slurm_auth_errno(auth_cred))); + } else { + uid_t auth_uid; + auth_uid = g_slurm_auth_get_uid(auth_cred); + if ((auth_uid != slurm_conf.slurmd_user_id) && + (auth_uid != _pmixp_job_info.uid)) { + PMIXP_ERROR("Credential from uid %u", auth_uid); + rc = SLURM_ERROR; + } + *uid = auth_uid; + } g_slurm_auth_destroy(auth_cred); return rc; } @@ -706,7 +717,7 @@ static int _process_extended_hdr(pmixp_base_hdr_t *hdr, Buf buf) pmixp_base_hdr_t bhdr; init_msg = xmalloc(sizeof(*init_msg)); - rc = _auth_cred_create(buf_init); + rc = _auth_cred_create(buf_init, dconn->uid); if (rc) { free_buf(init_msg->buf_ptr); xfree(init_msg); @@ -1099,6 +1110,7 @@ _direct_conn_establish(pmixp_conn_t *conn, void *_hdr, void *msg) Buf buf_msg; int rc; char *nodename = NULL; + uid_t uid = SLURM_AUTH_NOBODY; if (!hdr->ext_flag) { nodename = pmixp_info_job_host(hdr->nodeid); @@ -1122,7 +1134,7 @@ _direct_conn_establish(pmixp_conn_t *conn, void *_hdr, void *msg) return; } /* Unpack and verify the auth credential */ - rc = _auth_cred_verify(buf_msg); + rc = _auth_cred_verify(buf_msg, &uid); free_buf(buf_msg); if (rc) { close(fd); @@ -1146,6 +1158,9 @@ _direct_conn_establish(pmixp_conn_t *conn, void *_hdr, void *msg) xfree(nodename); return; } + + dconn->uid = uid; + new_conn = pmixp_conn_new_persist(PMIXP_PROTO_DIRECT, pmixp_dconn_engine(dconn), _direct_new_msg_conn, diff --git a/src/plugins/mpi/pmix/pmixp_utils.c b/src/plugins/mpi/pmix/pmixp_utils.c index 69bbf3ceca..ba755552a7 100644 --- a/src/plugins/mpi/pmix/pmixp_utils.c +++ b/src/plugins/mpi/pmix/pmixp_utils.c @@ -404,6 +404,7 @@ static int _pmix_p2p_send_core(const char *nodename, const char *address, msg.forward.timeout = timeout; msg.forward.cnt = 0; msg.forward.nodelist = NULL; + slurm_msg_set_r_uid(&msg, slurm_conf.slurmd_user_id); ret_list = slurm_send_addr_recv_msgs(&msg, (char*)nodename, timeout); if (!ret_list) { /* This should never happen (when this was diff --git a/src/sattach/sattach.c b/src/sattach/sattach.c index 6bc70c8458..96b328da8f 100644 --- a/src/sattach/sattach.c +++ b/src/sattach/sattach.c @@ -405,6 +405,7 @@ static int _attach_to_tasks(uint32_t jobid, reattach_msg.io_port = io_ports; reattach_msg.cred = fake_cred; + slurm_msg_set_r_uid(&msg, SLURM_AUTH_UID_ANY); msg.msg_type = REQUEST_REATTACH_TASKS; msg.data = &reattach_msg; msg.protocol_version = layout->start_protocol_ver; diff --git a/src/slurmctld/agent.c b/src/slurmctld/agent.c index 6cdc9068eb..667856e7db 100644 --- a/src/slurmctld/agent.c +++ b/src/slurmctld/agent.c @@ -140,6 +140,7 @@ typedef struct agent_info { uint16_t retry; /* if set, keep trying */ thd_t *thread_struct; /* thread structures */ bool get_reply; /* flag if reply expected */ + uid_t r_uid; /* receiver UID */ slurm_msg_type_t msg_type; /* RPC to be issued */ void **msg_args_pptr; /* RPC data to be used */ uint16_t protocol_version; /* if set, use this version */ @@ -153,6 +154,7 @@ typedef struct task_info { uint32_t *threads_active_ptr; /* currently active thread ptr */ thd_t *thread_struct_ptr; /* thread structures ptr */ bool get_reply; /* flag if reply expected */ + uid_t r_uid; /* receiver UID */ slurm_msg_type_t msg_type; /* RPC to be issued */ void *msg_args_ptr; /* ptr to RPC data to be used */ uint16_t protocol_version; /* if set, use this version */ @@ -409,6 +411,11 @@ static int _valid_agent_arg(agent_arg_t *agent_arg_ptr) __func__, agent_arg_ptr->node_count, hostlist_cnt); return SLURM_FAILURE; /* no messages to be sent */ } + if (!agent_arg_ptr->r_uid_set) { + error("%s: r_uid not set for message:%u ", + __func__, agent_arg_ptr->msg_type); + return SLURM_ERROR; + } return SLURM_SUCCESS; } @@ -431,6 +438,7 @@ static agent_info_t *_make_agent_info(agent_arg_t *agent_arg_ptr) thread_ptr = xmalloc(agent_info_ptr->thread_count * sizeof(thd_t)); memset(thread_ptr, 0, (agent_info_ptr->thread_count * sizeof(thd_t))); agent_info_ptr->thread_struct = thread_ptr; + agent_info_ptr->r_uid = agent_arg_ptr->r_uid; agent_info_ptr->msg_type = agent_arg_ptr->msg_type; agent_info_ptr->msg_args_pptr = &agent_arg_ptr->msg_args; agent_info_ptr->protocol_version = agent_arg_ptr->protocol_version; @@ -514,6 +522,7 @@ static task_info_t *_make_task_data(agent_info_t *agent_info_ptr, int inx) task_info_ptr->threads_active_ptr= &agent_info_ptr->threads_active; task_info_ptr->thread_struct_ptr = &agent_info_ptr->thread_struct[inx]; task_info_ptr->get_reply = agent_info_ptr->get_reply; + task_info_ptr->r_uid = agent_info_ptr->r_uid; task_info_ptr->msg_type = agent_info_ptr->msg_type; task_info_ptr->msg_args_ptr = *agent_info_ptr->msg_args_pptr; task_info_ptr->protocol_version = agent_info_ptr->protocol_version; @@ -905,6 +914,7 @@ static void *_thread_per_group_rpc(void *args) msg.msg_type = msg_type; msg.data = task_ptr->msg_args_ptr; + slurm_msg_set_r_uid(&msg, task_ptr->r_uid); #if 0 info("sending message type %u to %s", msg_type, thread_ptr->nodelist); #endif @@ -1237,6 +1247,8 @@ static void _queue_agent_retry(agent_info_t * agent_info_ptr, int count) agent_arg_ptr->msg_args = *(agent_info_ptr->msg_args_pptr); *(agent_info_ptr->msg_args_pptr) = NULL; + set_agent_arg_r_uid(agent_arg_ptr, agent_info_ptr->r_uid); + j = 0; for (i = 0; i < agent_info_ptr->thread_count; i++) { if (!thread_ptr[i].ret_list) { @@ -1987,3 +1999,10 @@ extern int retry_list_size(void) return 0; return list_count(retry_list); } + +/* Set r_uid of agent_arg */ +extern void set_agent_arg_r_uid(agent_arg_t *agent_arg_ptr, uid_t r_uid) +{ + agent_arg_ptr->r_uid = r_uid; + agent_arg_ptr->r_uid_set = true; +} diff --git a/src/slurmctld/agent.h b/src/slurmctld/agent.h index 64ba75ea30..3a92e9282b 100644 --- a/src/slurmctld/agent.h +++ b/src/slurmctld/agent.h @@ -54,6 +54,8 @@ typedef struct agent_arg { uint32_t node_count; /* number of nodes to communicate * with */ uint16_t retry; /* if set, keep trying */ + uid_t r_uid; /* receiver UID */ + bool r_uid_set; /* True if receiver UID set*/ slurm_addr_t *addr; /* if set will send to this addr not hostlist */ hostlist_t hostlist; /* hostlist containing the @@ -108,4 +110,7 @@ extern void mail_job_info (struct job_record *job_ptr, uint16_t mail_type); /* Return length of agent's retry_list */ extern int retry_list_size(void); +/* Set r_uid of agent_arg */ +extern void set_agent_arg_r_uid(agent_arg_t *agent_arg_ptr, uid_t r_uid); + #endif /* !_AGENT_H */ diff --git a/src/slurmctld/backup.c b/src/slurmctld/backup.c index 24ddcde10f..9b98594c9c 100644 --- a/src/slurmctld/backup.c +++ b/src/slurmctld/backup.c @@ -304,7 +304,7 @@ static void *_background_rpc_mgr(void *no_data) int sockfd; slurm_addr_t cli_addr; slurm_msg_t msg; - int error_code; + int error_code = SLURM_ERROR; char* node_addr = NULL; /* Read configuration only */ @@ -358,8 +358,9 @@ static void *_background_rpc_mgr(void *no_data) slurm_msg_t_init(&msg); if (slurm_receive_msg(newsockfd, &msg, 0) != 0) error("slurm_receive_msg: %m"); + else + error_code = _background_process_msg(&msg); - error_code = _background_process_msg(&msg); if ((error_code == SLURM_SUCCESS) && (msg.msg_type == REQUEST_SHUTDOWN_IMMEDIATE) && (slurmctld_config.shutdown_time == 0)) @@ -381,6 +382,10 @@ static int _background_process_msg(slurm_msg_t * msg) { int error_code = SLURM_SUCCESS; + if (!msg->auth_uid_set) + fatal("%s: received message without previously validated auth", + __func__); + if (msg->msg_type != REQUEST_PING) { bool super_user = false; char *auth_info = slurm_get_auth_info(); diff --git a/src/slurmctld/controller.c b/src/slurmctld/controller.c index 478f150826..3fbcb29f0e 100644 --- a/src/slurmctld/controller.c +++ b/src/slurmctld/controller.c @@ -1681,6 +1681,7 @@ static void _queue_reboot_msg(void) reboot_agent_args->hostlist); debug("Queuing reboot request for nodes %s", host_str); xfree(host_str); + set_agent_arg_r_uid(reboot_agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(reboot_agent_args); last_node_update = now; schedule_node_save(); diff --git a/src/slurmctld/fed_mgr.c b/src/slurmctld/fed_mgr.c index 7d94e938bb..8b464847b7 100644 --- a/src/slurmctld/fed_mgr.c +++ b/src/slurmctld/fed_mgr.c @@ -352,6 +352,8 @@ static int _open_controller_conn(slurmdb_cluster_rec_t *cluster, bool locked) persist_conn->rem_port = cluster->control_port; } + persist_conn->r_uid = SLURM_AUTH_UID_ANY; + rc = slurm_persist_conn_open(persist_conn); if (rc != SLURM_SUCCESS) { if (_comm_fail_log(cluster)) { diff --git a/src/slurmctld/job_mgr.c b/src/slurmctld/job_mgr.c index e5ad96cdbc..781988ec45 100644 --- a/src/slurmctld/job_mgr.c +++ b/src/slurmctld/job_mgr.c @@ -5643,6 +5643,7 @@ _signal_batch_job(struct job_record *job_ptr, uint16_t signal, uint16_t flags) signal_tasks_msg->signal = signal; agent_args->msg_args = signal_tasks_msg; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } @@ -13659,8 +13660,7 @@ extern int update_job_str(slurm_msg_t *msg, uid_t uid) reply: if ((rc != ESLURM_JOB_SETTING_DB_INX) && (msg->conn_fd >= 0)) { - slurm_msg_t_init(&resp_msg); - resp_msg.protocol_version = msg->protocol_version; + response_init(&resp_msg, msg); if (resp_array) { resp_array_msg = _resp_array_xlate(resp_array, job_id); resp_msg.msg_type = RESPONSE_JOB_ARRAY_ERRORS; @@ -13670,7 +13670,6 @@ reply: rc_msg.return_code = rc; resp_msg.data = &rc_msg; } - resp_msg.conn = msg->conn; slurm_send_node_msg(msg->conn_fd, &resp_msg); if (resp_array_msg) { @@ -13761,6 +13760,7 @@ static void _send_job_kill(struct job_record *job_ptr) } agent_args->msg_args = kill_job; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } @@ -14161,6 +14161,7 @@ abort_job_on_node(uint32_t job_id, struct job_record *job_ptr, char *node_name) agent_info->msg_type = REQUEST_ABORT_JOB; agent_info->msg_args = kill_req; + set_agent_arg_r_uid(agent_info, SLURM_AUTH_UID_ANY); agent_queue_request(agent_info); } @@ -14209,6 +14210,7 @@ kill_job_on_node(uint32_t job_id, struct job_record *job_ptr, agent_info->msg_type = REQUEST_TERMINATE_JOB; agent_info->msg_args = kill_req; + set_agent_arg_r_uid(agent_info, SLURM_AUTH_UID_ANY); agent_queue_request(agent_info); } @@ -15199,6 +15201,7 @@ static void _signal_job(struct job_record *job_ptr, int signal, uint16_t flags) } agent_args->msg_args = signal_job_msg; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } @@ -15279,6 +15282,7 @@ static void _suspend_job(struct job_record *job_ptr, uint16_t op, } agent_args->msg_args = sus_ptr; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } @@ -15629,6 +15633,7 @@ extern int job_suspend(suspend_msg_t *sus_ptr, uid_t uid, resp_msg.msg_type = RESPONSE_SLURM_RC; rc_msg.return_code = rc; resp_msg.data = &rc_msg; + slurm_msg_set_r_uid(&resp_msg, uid); slurm_send_node_msg(conn_fd, &resp_msg); } return rc; @@ -15784,6 +15789,7 @@ extern int job_suspend2(suspend_msg_t *sus_ptr, uid_t uid, rc_msg.return_code = rc; resp_msg.data = &rc_msg; } + slurm_msg_set_r_uid(&resp_msg, uid); slurm_send_node_msg(conn_fd, &resp_msg); if (resp_array_msg) { @@ -16509,6 +16515,7 @@ reply: FREE_NULL_LIST(top_job_list); resp_msg.msg_type = RESPONSE_SLURM_RC; rc_msg.return_code = rc; resp_msg.data = &rc_msg; + slurm_msg_set_r_uid(&resp_msg, uid); slurm_send_node_msg(conn_fd, &resp_msg); } diff --git a/src/slurmctld/job_scheduler.c b/src/slurmctld/job_scheduler.c index a1a7372359..91d77644fd 100644 --- a/src/slurmctld/job_scheduler.c +++ b/src/slurmctld/job_scheduler.c @@ -2701,6 +2701,7 @@ extern void launch_job(struct job_record *job_ptr) agent_arg_ptr->hostlist = hostlist_create(launch_job_ptr->batch_host); agent_arg_ptr->msg_type = REQUEST_BATCH_JOB_LAUNCH; agent_arg_ptr->msg_args = (void *) launch_msg_ptr; + set_agent_arg_r_uid(agent_arg_ptr, SLURM_AUTH_UID_ANY); /* Launch the RPC via agent */ agent_queue_request(agent_arg_ptr); @@ -4176,6 +4177,7 @@ extern int reboot_job_nodes(struct job_record *job_ptr) node_ptr->last_response = now + slurmctld_conf.resume_timeout; } FREE_NULL_BITMAP(boot_node_bitmap); + set_agent_arg_r_uid(reboot_agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(reboot_agent_args); job_ptr->details->prolog_running++; diff --git a/src/slurmctld/node_mgr.c b/src/slurmctld/node_mgr.c index 4177cbe9fc..fe5fec4e62 100644 --- a/src/slurmctld/node_mgr.c +++ b/src/slurmctld/node_mgr.c @@ -3658,11 +3658,11 @@ void msg_to_slurmd (slurm_msg_type_t msg_type) xfree (kill_agent_args); } else { debug ("Spawning agent msg_type=%d", msg_type); + set_agent_arg_r_uid(kill_agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(kill_agent_args); } } - /* make_node_alloc - flag specified node as allocated to a job * IN node_ptr - pointer to node being allocated * IN job_ptr - pointer to job that is starting diff --git a/src/slurmctld/node_scheduler.c b/src/slurmctld/node_scheduler.c index e94548ee8a..cdbb4eda78 100644 --- a/src/slurmctld/node_scheduler.c +++ b/src/slurmctld/node_scheduler.c @@ -623,6 +623,7 @@ extern void deallocate_nodes(struct job_record *job_ptr, bool timeout, } agent_args->msg_args = kill_job; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } @@ -2938,6 +2939,7 @@ extern void launch_prolog(struct job_record *job_ptr) select_g_step_start(build_extern_step(job_ptr)); /* Launch the RPC via agent */ + set_agent_arg_r_uid(agent_arg_ptr, SLURM_AUTH_UID_ANY); agent_queue_request(agent_arg_ptr); } @@ -4057,6 +4059,7 @@ extern void re_kill_job(struct job_record *job_ptr) last_job_id = job_ptr->job_id; hostlist_destroy(kill_hostlist); agent_args->msg_args = kill_job; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } diff --git a/src/slurmctld/ping_nodes.c b/src/slurmctld/ping_nodes.c index 4aae28f01e..f7baf70fae 100644 --- a/src/slurmctld/ping_nodes.c +++ b/src/slurmctld/ping_nodes.c @@ -348,6 +348,7 @@ void ping_nodes (void) debug("Spawning ping agent for %s", host_str); xfree(host_str); ping_begin(); + set_agent_arg_r_uid(ping_agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(ping_agent_args); } @@ -362,6 +363,7 @@ void ping_nodes (void) host_str, reg_agent_args->node_count); xfree(host_str); ping_begin(); + set_agent_arg_r_uid(reg_agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(reg_agent_args); } @@ -522,6 +524,7 @@ extern void run_health_check(void) debug("Spawning health check agent for %s", host_str); xfree(host_str); ping_begin(); + set_agent_arg_r_uid(check_agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(check_agent_args); } } @@ -581,6 +584,7 @@ extern void update_nodes_acct_gather_data(void) info("Updating acct_gather data for %s", host_str); xfree(host_str); ping_begin(); + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); } } diff --git a/src/slurmctld/srun_comm.c b/src/slurmctld/srun_comm.c index 570cbe219e..da4ad39f83 100644 --- a/src/slurmctld/srun_comm.c +++ b/src/slurmctld/srun_comm.c @@ -57,7 +57,7 @@ */ static void _srun_agent_launch(slurm_addr_t *addr, char *host, slurm_msg_type_t type, void *msg_args, - uint16_t protocol_version) + uid_t r_uid, uint16_t protocol_version) { agent_arg_t *agent_args = xmalloc(sizeof(agent_arg_t)); @@ -67,6 +67,7 @@ static void _srun_agent_launch(slurm_addr_t *addr, char *host, agent_args->hostlist = hostlist_create(host); agent_args->msg_type = type; agent_args->msg_args = msg_args; + set_agent_arg_r_uid(agent_args, r_uid); agent_args->protocol_version = protocol_version; agent_queue_request(agent_args); @@ -146,6 +147,7 @@ extern void srun_allocate (uint32_t job_id) msg_arg = build_alloc_msg(job_ptr, SLURM_SUCCESS, NULL); _srun_agent_launch(addr, job_ptr->alloc_node, RESPONSE_RESOURCE_ALLOCATION, msg_arg, + job_ptr->user_id, job_ptr->start_protocol_ver); } else if (_pending_pack_jobs(job_ptr)) { return; @@ -169,6 +171,7 @@ extern void srun_allocate (uint32_t job_id) list_iterator_destroy(iter); _srun_agent_launch(addr, job_ptr->alloc_node, RESPONSE_JOB_PACK_ALLOCATION, job_resp_list, + job_ptr->user_id, job_ptr->start_protocol_ver); } else { error("%s: Can not find pack job leader %u", @@ -194,7 +197,7 @@ extern void srun_allocate_abort(struct job_record *job_ptr) msg_arg->step_id = NO_VAL; _srun_agent_launch(addr, job_ptr->alloc_node, SRUN_JOB_COMPLETE, - msg_arg, + msg_arg, job_ptr->user_id, job_ptr->start_protocol_ver); } } @@ -248,7 +251,8 @@ extern void srun_node_fail (uint32_t job_id, char *node_name) msg_arg->step_id = step_ptr->step_id; msg_arg->nodelist = xstrdup(node_name); _srun_agent_launch(addr, step_ptr->host, SRUN_NODE_FAIL, - msg_arg, step_ptr->start_protocol_ver); + msg_arg, job_ptr->user_id, + step_ptr->start_protocol_ver); } list_iterator_destroy(step_iterator); @@ -260,7 +264,8 @@ extern void srun_node_fail (uint32_t job_id, char *node_name) msg_arg->step_id = NO_VAL; msg_arg->nodelist = xstrdup(node_name); _srun_agent_launch(addr, job_ptr->alloc_node, SRUN_NODE_FAIL, - msg_arg, job_ptr->start_protocol_ver); + msg_arg, job_ptr->user_id, + job_ptr->start_protocol_ver); } } @@ -294,7 +299,7 @@ extern void srun_ping (void) msg_arg->job_id = job_ptr->job_id; msg_arg->step_id = NO_VAL; _srun_agent_launch(addr, job_ptr->alloc_node, - SRUN_PING, msg_arg, + SRUN_PING, msg_arg, job_ptr->user_id, job_ptr->start_protocol_ver); } } @@ -325,6 +330,7 @@ extern void srun_step_timeout(struct step_record *step_ptr, time_t timeout_val) msg_arg->step_id = step_ptr->step_id; msg_arg->timeout = timeout_val; _srun_agent_launch(addr, step_ptr->host, SRUN_TIMEOUT, msg_arg, + step_ptr->job_ptr->user_id, step_ptr->start_protocol_ver); } @@ -351,7 +357,8 @@ extern void srun_timeout (struct job_record *job_ptr) msg_arg->step_id = NO_VAL; msg_arg->timeout = job_ptr->end_time; _srun_agent_launch(addr, job_ptr->alloc_node, SRUN_TIMEOUT, - msg_arg, job_ptr->start_protocol_ver); + msg_arg, job_ptr->user_id, + job_ptr->start_protocol_ver); } @@ -381,7 +388,8 @@ extern int srun_user_message(struct job_record *job_ptr, char *msg) msg_arg->job_id = job_ptr->job_id; msg_arg->msg = xstrdup(msg); _srun_agent_launch(addr, job_ptr->resp_host, SRUN_USER_MSG, - msg_arg, job_ptr->start_protocol_ver); + msg_arg, job_ptr->user_id, + job_ptr->start_protocol_ver); return SLURM_SUCCESS; } else if (job_ptr->batch_flag && IS_JOB_RUNNING(job_ptr)) { #ifndef HAVE_FRONT_END @@ -420,6 +428,7 @@ extern int srun_user_message(struct job_record *job_ptr, char *msg) agent_arg_ptr->msg_type = REQUEST_JOB_NOTIFY; agent_arg_ptr->msg_args = (void *) notify_msg_ptr; /* Launch the RPC via agent */ + set_agent_arg_r_uid(agent_arg_ptr, SLURM_AUTH_UID_ANY); agent_queue_request(agent_arg_ptr); return SLURM_SUCCESS; } @@ -447,6 +456,7 @@ extern void srun_job_complete (struct job_record *job_ptr) msg_arg->step_id = NO_VAL; _srun_agent_launch(addr, job_ptr->alloc_node, SRUN_JOB_COMPLETE, msg_arg, + job_ptr->user_id, job_ptr->start_protocol_ver); } @@ -481,6 +491,7 @@ extern bool srun_job_suspend (struct job_record *job_ptr, uint16_t op) msg_arg->op = op; _srun_agent_launch(addr, job_ptr->alloc_node, SRUN_REQUEST_SUSPEND, msg_arg, + job_ptr->user_id, job_ptr->start_protocol_ver); msg_sent = true; } @@ -504,7 +515,8 @@ extern void srun_step_complete (struct step_record *step_ptr) msg_arg->job_id = step_ptr->job_ptr->job_id; msg_arg->step_id = step_ptr->step_id; _srun_agent_launch(addr, step_ptr->host, SRUN_JOB_COMPLETE, - msg_arg, step_ptr->start_protocol_ver); + msg_arg, step_ptr->job_ptr->user_id, + step_ptr->start_protocol_ver); } } @@ -529,7 +541,8 @@ extern void srun_step_missing (struct step_record *step_ptr, msg_arg->step_id = step_ptr->step_id; msg_arg->nodelist = xstrdup(node_list); _srun_agent_launch(addr, step_ptr->host, SRUN_STEP_MISSING, - msg_arg, step_ptr->start_protocol_ver); + msg_arg, step_ptr->job_ptr->user_id, + step_ptr->start_protocol_ver); } } @@ -553,7 +566,8 @@ extern void srun_step_signal (struct step_record *step_ptr, uint16_t signal) msg_arg->job_step_id = step_ptr->step_id; msg_arg->signal = signal; _srun_agent_launch(addr, step_ptr->host, SRUN_STEP_SIGNAL, - msg_arg, step_ptr->start_protocol_ver); + msg_arg, step_ptr->job_ptr->user_id, + step_ptr->start_protocol_ver); } } @@ -584,7 +598,8 @@ extern void srun_exec(struct step_record *step_ptr, char **argv) for (i=0; i<cnt ; i++) msg_arg->argv[i] = xstrdup(argv[i]); _srun_agent_launch(addr, step_ptr->host, SRUN_EXEC, - msg_arg, step_ptr->start_protocol_ver); + msg_arg, step_ptr->job_ptr->user_id, + step_ptr->start_protocol_ver); } else { error("srun_exec %u.%u lacks communication channel", step_ptr->job_ptr->job_id, step_ptr->step_id); diff --git a/src/slurmctld/step_mgr.c b/src/slurmctld/step_mgr.c index cfda0f805e..947511d7d6 100644 --- a/src/slurmctld/step_mgr.c +++ b/src/slurmctld/step_mgr.c @@ -692,6 +692,7 @@ void signal_step_tasks(struct step_record *step_ptr, uint16_t signal, } agent_args->msg_args = signal_tasks_msg; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } @@ -737,6 +738,7 @@ void signal_step_tasks_on_node(char* node_name, struct step_record *step_ptr, signal_tasks_msg->job_step_id = step_ptr->step_id; signal_tasks_msg->signal = signal; agent_args->msg_args = signal_tasks_msg; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } @@ -4371,6 +4373,7 @@ static void _signal_step_timelimit(struct job_record *job_ptr, } agent_args->msg_args = kill_step; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } diff --git a/src/slurmd/slurmd/req.c b/src/slurmd/slurmd/req.c index 8233908682..db0e4e9bf2 100644 --- a/src/slurmd/slurmd/req.c +++ b/src/slurmd/slurmd/req.c @@ -472,7 +472,7 @@ rwfail: static int _send_slurmstepd_init(int fd, int type, void *req, - slurm_addr_t *cli, slurm_addr_t *self, + slurm_addr_t *cli, uid_t cli_uid, slurm_addr_t *self, hostset_t step_hset, uint16_t protocol_version) { int len = 0; @@ -581,6 +581,7 @@ _send_slurmstepd_init(int fd, int type, void *req, safe_write(fd, get_buf_data(buffer), len); free_buf(buffer); buffer = NULL; + safe_write(fd, &cli_uid, sizeof(uid_t)); /* send self address over to slurmstepd */ if (self) { @@ -660,7 +661,7 @@ rwfail: */ static int _forkexec_slurmstepd(uint16_t type, void *req, - slurm_addr_t *cli, slurm_addr_t *self, + slurm_addr_t *cli, uid_t cli_uid, slurm_addr_t *self, const hostset_t step_hset, uint16_t protocol_version) { pid_t pid; @@ -702,7 +703,7 @@ _forkexec_slurmstepd(uint16_t type, void *req, error("Unable to close write to_slurmd in parent: %m"); if ((rc = _send_slurmstepd_init(to_stepd[1], type, - req, cli, self, + req, cli, cli_uid, self, step_hset, protocol_version)) != 0) { error("Unable to init slurmstepd"); @@ -1548,8 +1549,9 @@ _rpc_launch_tasks(slurm_msg_t *msg) } debug3("_rpc_launch_tasks: call to _forkexec_slurmstepd"); - errnum = _forkexec_slurmstepd(LAUNCH_TASKS, (void *)req, cli, &self, - step_hset, msg->protocol_version); + errnum = _forkexec_slurmstepd(LAUNCH_TASKS, (void *)req, cli, + msg->auth_uid, &self, step_hset, + msg->protocol_version); debug3("_rpc_launch_tasks: return from _forkexec_slurmstepd"); _launch_complete_add(req->job_id); @@ -2195,7 +2197,7 @@ static int _spawn_prolog_stepd(slurm_msg_t *msg) debug3("%s: call to _forkexec_slurmstepd", __func__); rc = _forkexec_slurmstepd(LAUNCH_TASKS, (void *)launch_req, - cli, &self, step_hset, + cli, msg->auth_uid, &self, step_hset, msg->protocol_version); debug3("%s: return from _forkexec_slurmstepd %d", __func__, rc); @@ -2508,8 +2510,9 @@ _rpc_batch_job(slurm_msg_t *msg, bool new_msg) info("Launching batch job %u for UID %u", req->job_id, req->uid); debug3("_rpc_batch_job: call to _forkexec_slurmstepd"); - rc = _forkexec_slurmstepd(LAUNCH_BATCH_JOB, (void *)req, cli, NULL, - (hostset_t)NULL, SLURM_PROTOCOL_VERSION); + rc = _forkexec_slurmstepd(LAUNCH_BATCH_JOB, (void *)req, cli, + msg->auth_uid, NULL, (hostset_t)NULL, + SLURM_PROTOCOL_VERSION); debug3("_rpc_batch_job: return from _forkexec_slurmstepd: %d", rc); slurm_mutex_unlock(&launch_mutex); @@ -4479,7 +4482,7 @@ _rpc_reattach_tasks(slurm_msg_t *msg) /* Following call fills in gtids and local_pids when successful. */ rc = stepd_attach(fd, protocol_version, &ioaddr, - &resp_msg.address, job_cred_sig, resp); + &resp_msg.address, job_cred_sig, msg->auth_uid, resp); if (rc != SLURM_SUCCESS) { debug2("stepd_attach call failed"); goto done2; diff --git a/src/slurmd/slurmd/slurmd.c b/src/slurmd/slurmd/slurmd.c index 649324e42c..26107ee852 100644 --- a/src/slurmd/slurmd/slurmd.c +++ b/src/slurmd/slurmd/slurmd.c @@ -535,7 +535,11 @@ _service_connection(void *arg) /* if this fails we need to make sure the nodes we forward to are taken care of and sent back. This way the control also has a better idea what happened to us */ - slurm_send_rc_msg(msg, rc); + if (msg->auth_uid_set) + slurm_send_rc_msg(msg, rc); + else + debug("%s: incomplete message", __func__); + goto cleanup; } debug2("got this type of message %d", msg->msg_type); diff --git a/src/slurmd/slurmstepd/io.c b/src/slurmd/slurmstepd/io.c index 730e7fc9f0..047225efa6 100644 --- a/src/slurmd/slurmstepd/io.c +++ b/src/slurmd/slurmstepd/io.c @@ -1938,6 +1938,7 @@ _user_managed_io_connect(srun_info_t *srun, uint32_t gtid) slurm_msg_t_init(&msg); msg.protocol_version = srun->protocol_version; msg.msg_type = TASK_USER_MANAGED_IO_STREAM; + slurm_msg_set_r_uid(&msg, srun->uid); msg.data = &user_io_msg; user_io_msg.task_id = gtid; diff --git a/src/slurmd/slurmstepd/mgr.c b/src/slurmd/slurmstepd/mgr.c index 5a095c0089..b1e3d4d796 100644 --- a/src/slurmd/slurmstepd/mgr.c +++ b/src/slurmd/slurmstepd/mgr.c @@ -158,7 +158,7 @@ typedef struct kill_thread { static bool _access(const char *path, int modes, uid_t uid, int ngids, gid_t *gids); static void _send_launch_failure(launch_tasks_request_msg_t *, - slurm_addr_t *, int, uint16_t); + slurm_addr_t *, uid_t, int, uint16_t); static int _fork_all_tasks(stepd_step_rec_t *job, bool *io_initialized); static int _become_user(stepd_step_rec_t *job, struct priv_state *ps); static void _set_prio_process (stepd_step_rec_t *job); @@ -196,7 +196,8 @@ static stepd_step_rec_t *reattach_job; */ extern stepd_step_rec_t * mgr_launch_tasks_setup(launch_tasks_request_msg_t *msg, slurm_addr_t *cli, - slurm_addr_t *self, uint16_t protocol_version) + uid_t cli_uid, slurm_addr_t *self, + uint16_t protocol_version) { stepd_step_rec_t *job = NULL; @@ -206,7 +207,8 @@ mgr_launch_tasks_setup(launch_tasks_request_msg_t *msg, slurm_addr_t *cli, reset in _send_launch_failure. */ int fail = errno; - _send_launch_failure(msg, cli, errno, protocol_version); + _send_launch_failure(msg, cli, cli_uid, errno, + protocol_version); errno = fail; return NULL; } @@ -679,6 +681,7 @@ _send_exit_msg(stepd_step_rec_t *job, uint32_t *tid, int n, int status) /* This should always be set to something else we have a bug. */ xassert(srun->protocol_version); resp.protocol_version = srun->protocol_version; + slurm_msg_set_r_uid(&resp, srun->uid); if (_send_srun_resp_msg(&resp, job->nnodes) != SLURM_SUCCESS) error("Failed to send MESSAGE_TASK_EXIT: %m"); @@ -774,6 +777,7 @@ _one_step_complete_msg(stepd_step_rec_t *job, int first, int last) } /*********************************************/ slurm_msg_t_init(&req); + slurm_msg_set_r_uid(&req, slurm_conf.slurmd_user_id); req.msg_type = REQUEST_STEP_COMPLETE; req.data = &msg; req.address = step_complete.parent_addr; @@ -2330,8 +2334,8 @@ extern int stepd_drain_node(char *reason) } static void -_send_launch_failure(launch_tasks_request_msg_t *msg, slurm_addr_t *cli, int rc, - uint16_t protocol_version) +_send_launch_failure(launch_tasks_request_msg_t *msg, slurm_addr_t *cli, + uid_t cli_uid, int rc, uint16_t protocol_version) { slurm_msg_t resp_msg; launch_tasks_response_msg_t resp; @@ -2367,6 +2371,7 @@ _send_launch_failure(launch_tasks_request_msg_t *msg, slurm_addr_t *cli, int rc, resp_msg.data = &resp; resp_msg.msg_type = RESPONSE_LAUNCH_TASKS; resp_msg.protocol_version = protocol_version; + slurm_msg_set_r_uid(&resp_msg, cli_uid); resp.job_id = msg->job_id; resp.step_id = msg->job_step_id; @@ -2395,6 +2400,7 @@ _send_launch_resp(stepd_step_rec_t *job, int rc) slurm_msg_t_init(&resp_msg); resp_msg.address = srun->resp_addr; + slurm_msg_set_r_uid(&resp_msg, srun->uid); resp_msg.protocol_version = srun->protocol_version; resp_msg.data = &resp; resp_msg.msg_type = RESPONSE_LAUNCH_TASKS; diff --git a/src/slurmd/slurmstepd/mgr.h b/src/slurmd/slurmstepd/mgr.h index 645d5aea20..a5f81106d5 100644 --- a/src/slurmd/slurmstepd/mgr.h +++ b/src/slurmd/slurmstepd/mgr.h @@ -53,7 +53,7 @@ void batch_finish(stepd_step_rec_t *job, int rc); * Initialize a stepd_step_rec_t structure for a launch tasks */ stepd_step_rec_t *mgr_launch_tasks_setup(launch_tasks_request_msg_t *msg, - slurm_addr_t *client, + slurm_addr_t *cli, uid_t cli_uid, slurm_addr_t *self, uint16_t protocol_version); diff --git a/src/slurmd/slurmstepd/req.c b/src/slurmd/slurmstepd/req.c index 110a40d695..b521ba1e38 100644 --- a/src/slurmd/slurmstepd/req.c +++ b/src/slurmd/slurmstepd/req.c @@ -1110,6 +1110,7 @@ _handle_attach(int fd, stepd_step_rec_t *job, uid_t uid) safe_read(fd, &srun->ioaddr, sizeof(slurm_addr_t)); safe_read(fd, &srun->resp_addr, sizeof(slurm_addr_t)); safe_read(fd, srun->key, SLURM_IO_KEY_SIZE); + safe_read(fd, &srun->uid, sizeof(uid_t)); safe_read(fd, &protocol_version, sizeof(int)); if (!protocol_version) diff --git a/src/slurmd/slurmstepd/slurmstepd.c b/src/slurmd/slurmstepd/slurmstepd.c index b589432f9d..31b03a94ab 100644 --- a/src/slurmd/slurmstepd/slurmstepd.c +++ b/src/slurmd/slurmstepd/slurmstepd.c @@ -71,15 +71,16 @@ #include "src/slurmd/slurmstepd/slurmstepd.h" #include "src/slurmd/slurmstepd/slurmstepd_job.h" -static int _init_from_slurmd(int sock, char **argv, slurm_addr_t **_cli, +static int _init_from_slurmd(int sock, char **argv, + slurm_addr_t **_cli, uid_t *_cli_uid, slurm_addr_t **_self, slurm_msg_t **_msg); static void _dump_user_env(void); static void _send_ok_to_slurmd(int sock); static void _send_fail_to_slurmd(int sock); static void _got_ack_from_slurmd(int); -static stepd_step_rec_t *_step_setup(slurm_addr_t *cli, slurm_addr_t *self, - slurm_msg_t *msg); +static stepd_step_rec_t *_step_setup(slurm_addr_t *cli, uid_t cli_uid, + slurm_addr_t *self, slurm_msg_t *msg); #ifdef MEMORY_LEAK_DEBUG static void _step_cleanup(stepd_step_rec_t *job, slurm_msg_t *msg, int rc); #endif @@ -102,6 +103,7 @@ int main (int argc, char **argv) { slurm_addr_t *cli; + uid_t cli_uid; slurm_addr_t *self; slurm_msg_t *msg; stepd_step_rec_t *job; @@ -122,11 +124,11 @@ main (int argc, char **argv) fatal( "failed to initialize authentication plugin" ); /* Receive job parameters from the slurmd */ - _init_from_slurmd(STDIN_FILENO, argv, &cli, &self, &msg); + _init_from_slurmd(STDIN_FILENO, argv, &cli, &cli_uid, &self, &msg); /* Create the stepd_step_rec_t, mostly from info in a * launch_tasks_request_msg_t or a batch_job_launch_msg_t */ - if (!(job = _step_setup(cli, self, msg))) { + if (!(job = _step_setup(cli, cli_uid, self, msg))) { _send_fail_to_slurmd(STDOUT_FILENO); rc = SLURM_FAILURE; goto ending; @@ -460,7 +462,8 @@ static void _set_job_log_prefix(uint32_t jobid, uint32_t stepid) */ static int _init_from_slurmd(int sock, char **argv, - slurm_addr_t **_cli, slurm_addr_t **_self, slurm_msg_t **_msg) + slurm_addr_t **_cli, uid_t *_cli_uid, slurm_addr_t **_self, + slurm_msg_t **_msg) { char *incoming_buffer = NULL; Buf buffer; @@ -468,6 +471,7 @@ _init_from_slurmd(int sock, char **argv, int len; uint16_t proto; slurm_addr_t *cli = NULL; + uid_t cli_uid; slurm_addr_t *self = NULL; slurm_msg_t *msg = NULL; uint16_t port; @@ -521,6 +525,7 @@ _init_from_slurmd(int sock, char **argv, if (slurm_unpack_slurm_addr_no_alloc(cli, buffer) == SLURM_ERROR) fatal("slurmstepd: problem with unpack of slurmd_conf"); free_buf(buffer); + safe_read(sock, &cli_uid, sizeof(uid_t)); /* receive self from slurmd */ safe_read(sock, &len, sizeof(int)); @@ -601,6 +606,7 @@ _init_from_slurmd(int sock, char **argv, msg->protocol_version = proto; *_cli = cli; + *_cli_uid = cli_uid; *_self = self; *_msg = msg; @@ -612,7 +618,8 @@ rwfail: } static stepd_step_rec_t * -_step_setup(slurm_addr_t *cli, slurm_addr_t *self, slurm_msg_t *msg) +_step_setup(slurm_addr_t *cli, uid_t cli_uid, slurm_addr_t *self, + slurm_msg_t *msg) { stepd_step_rec_t *job = NULL; @@ -623,7 +630,7 @@ _step_setup(slurm_addr_t *cli, slurm_addr_t *self, slurm_msg_t *msg) break; case REQUEST_LAUNCH_TASKS: debug2("setup for a launch_task"); - job = mgr_launch_tasks_setup(msg->data, cli, self, + job = mgr_launch_tasks_setup(msg->data, cli, cli_uid, self, msg->protocol_version); break; default: diff --git a/src/slurmd/slurmstepd/slurmstepd_job.c b/src/slurmd/slurmstepd/slurmstepd_job.c index 6a02047084..9a7fa951b2 100644 --- a/src/slurmd/slurmstepd/slurmstepd_job.c +++ b/src/slurmd/slurmstepd/slurmstepd_job.c @@ -376,7 +376,7 @@ extern stepd_step_rec_t *stepd_step_rec_create(launch_tasks_request_msg_t *msg, memset(&io_addr, 0, sizeof(slurm_addr_t)); } - srun = srun_info_create(msg->cred, &resp_addr, &io_addr, + srun = srun_info_create(msg->cred, &resp_addr, &io_addr, job->uid, protocol_version); job->profile = msg->profile; @@ -549,7 +549,7 @@ batch_stepd_step_rec_create(batch_job_launch_msg_t *msg) get_cred_gres(msg->cred, conf->node_name, &job->job_gres_list, &job->step_gres_list); - srun = srun_info_create(NULL, NULL, NULL, NO_VAL16); + srun = srun_info_create(NULL, NULL, NULL, job->uid, NO_VAL16); list_append(job->sruns, (void *) srun); @@ -632,7 +632,7 @@ stepd_step_rec_destroy(stepd_step_rec_t *job) extern srun_info_t * srun_info_create(slurm_cred_t *cred, slurm_addr_t *resp_addr, - slurm_addr_t *ioaddr, uint16_t protocol_version) + slurm_addr_t *ioaddr, uid_t uid, uint16_t protocol_version) { char *data = NULL; uint32_t len = 0; @@ -643,6 +643,7 @@ srun_info_create(slurm_cred_t *cred, slurm_addr_t *resp_addr, if (!protocol_version || (protocol_version == NO_VAL16)) protocol_version = SLURM_PROTOCOL_VERSION; srun->protocol_version = protocol_version; + srun->uid = uid; /* * If no credential was provided, return the empty * srun info object. (This is used, for example, when diff --git a/src/slurmd/slurmstepd/slurmstepd_job.h b/src/slurmd/slurmstepd/slurmstepd_job.h index 3bf972125a..db4b3c94be 100644 --- a/src/slurmd/slurmstepd/slurmstepd_job.h +++ b/src/slurmd/slurmstepd/slurmstepd_job.h @@ -68,6 +68,7 @@ typedef struct { slurm_addr_t ioaddr; /* Address to connect on for normal I/O. Spawn IO uses messages to the normal resp_addr. */ + uid_t uid; /* user id for job */ uint16_t protocol_version; /* protocol_version of the srun */ } srun_info_t; @@ -253,7 +254,8 @@ stepd_step_rec_t * batch_stepd_step_rec_create(batch_job_launch_msg_t *msg); void stepd_step_rec_destroy(stepd_step_rec_t *job); srun_info_t * srun_info_create(slurm_cred_t *cred, slurm_addr_t *respaddr, - slurm_addr_t *ioaddr, uint16_t protocol_version); + slurm_addr_t *ioaddr, uid_t uid, + uint16_t protocol_version); void srun_info_destroy(srun_info_t *srun); diff --git a/src/slurmd/slurmstepd/x11_forwarding.c b/src/slurmd/slurmstepd/x11_forwarding.c index 92398a9f23..f09018572a 100644 --- a/src/slurmd/slurmstepd/x11_forwarding.c +++ b/src/slurmd/slurmstepd/x11_forwarding.c @@ -82,6 +82,8 @@ static int x11_display = 0; void *_handle_channel(void *x); void *_keepalive_engine(void *x); void *_accept_engine(void *x); +/* Target UID */ +static uid_t job_uid; /* * libssh2 has some quirks with the mixed use of blocking vs. non-blocking @@ -197,6 +199,8 @@ extern int setup_x11_forward(stepd_step_rec_t *job, int *display) xsignal(SIGTERM, _shutdown_x11); xsignal_unblock(sig_array); + job_uid = job->uid; + if (!(home = _get_home(job->uid))) { error("could not find HOME in environment"); return SLURM_ERROR; diff --git a/src/slurmdbd/read_config.c b/src/slurmdbd/read_config.c index 03beae60fd..dede47c2be 100644 --- a/src/slurmdbd/read_config.c +++ b/src/slurmdbd/read_config.c @@ -616,6 +616,7 @@ extern int read_slurmdbd_conf(void) if (!slurmdbd_conf->purge_usage) slurmdbd_conf->purge_usage = NO_VAL; + slurm_conf.last_update = time(NULL); slurm_mutex_unlock(&conf_mutex); return SLURM_SUCCESS; } diff --git a/src/slurmdbd/slurmdbd.c b/src/slurmdbd/slurmdbd.c index ae2f27d617..a43b279f41 100644 --- a/src/slurmdbd/slurmdbd.c +++ b/src/slurmdbd/slurmdbd.c @@ -816,6 +816,7 @@ static int _send_slurmctld_register_req(slurmdb_cluster_rec_t *cluster_rec) } else { slurm_msg_t out_msg; slurm_msg_t_init(&out_msg); + slurm_msg_set_r_uid(&out_msg, SLURM_AUTH_UID_ANY); out_msg.msg_type = ACCOUNTING_REGISTER_CTLD; out_msg.flags = SLURM_GLOBAL_AUTH_KEY; out_msg.protocol_version = cluster_rec->rpc_version; -- 2.35.3 From d9a32698c209d183a9c18166201275f5b2dcc757 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Tue, 10 May 2022 21:39:56 +0200 Subject: [PATCH 02/31] Convert slurm_conf.slurmd_user_id -> slurm_get_slurmd_user_id() Signed-off-by: Egbert Eich <eich@suse.com> --- src/api/signal.c | 4 ++-- src/plugins/mpi/pmix/pmixp_dconn.c | 2 +- src/plugins/mpi/pmix/pmixp_server.c | 2 +- src/plugins/mpi/pmix/pmixp_utils.c | 2 +- src/slurmd/slurmstepd/mgr.c | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/api/signal.c b/src/api/signal.c index d829db36a5..c8e85547e2 100644 --- a/src/api/signal.c +++ b/src/api/signal.c @@ -101,7 +101,7 @@ static int _signal_batch_script_step(const resource_allocation_response_msg_t rpc.flags = KILL_JOB_BATCH; slurm_msg_t_init(&msg); - slurm_msg_set_r_uid(&msg, slurm_conf.slurmd_user_id); + slurm_msg_set_r_uid(&msg, slurm_get_slurmd_user_id()); msg.msg_type = REQUEST_SIGNAL_TASKS; msg.data = &rpc; if (slurm_conf_get_addr(name, &msg.address) == SLURM_ERROR) { @@ -156,7 +156,7 @@ static int _terminate_batch_script_step(const resource_allocation_response_msg_t slurm_msg_t_init(&msg); msg.msg_type = REQUEST_TERMINATE_TASKS; - slurm_msg_set_r_uid(&msg, slurm_conf.slurmd_user_id); + slurm_msg_set_r_uid(&msg, slurm_get_slurmd_user_id()); msg.data = &rpc; if (slurm_conf_get_addr(name, &msg.address) == SLURM_ERROR) { diff --git a/src/plugins/mpi/pmix/pmixp_dconn.c b/src/plugins/mpi/pmix/pmixp_dconn.c index eb8888a32c..becdae85f6 100644 --- a/src/plugins/mpi/pmix/pmixp_dconn.c +++ b/src/plugins/mpi/pmix/pmixp_dconn.c @@ -79,7 +79,7 @@ int pmixp_dconn_init(int node_cnt, pmixp_p2p_data_t direct_hdr) _pmixp_dconn_conns[i].nodeid = i; _pmixp_dconn_conns[i].state = PMIXP_DIRECT_INIT; _pmixp_dconn_conns[i].priv = _pmixp_dconn_h.init(i, direct_hdr); - _pmixp_dconn_conns[i].uid = slurm_conf.slurmd_user_id; + _pmixp_dconn_conns[i].uid = slurm_get_slurmd_user_id(); } return SLURM_SUCCESS; } diff --git a/src/plugins/mpi/pmix/pmixp_server.c b/src/plugins/mpi/pmix/pmixp_server.c index 294fe5eeac..e77f0f2034 100644 --- a/src/plugins/mpi/pmix/pmixp_server.c +++ b/src/plugins/mpi/pmix/pmixp_server.c @@ -543,7 +543,7 @@ static int _auth_cred_verify(Buf buf, uid_t *uid) } else { uid_t auth_uid; auth_uid = g_slurm_auth_get_uid(auth_cred); - if ((auth_uid != slurm_conf.slurmd_user_id) && + if ((auth_uid != slurm_get_slurmd_user_id()) && (auth_uid != _pmixp_job_info.uid)) { PMIXP_ERROR("Credential from uid %u", auth_uid); rc = SLURM_ERROR; diff --git a/src/plugins/mpi/pmix/pmixp_utils.c b/src/plugins/mpi/pmix/pmixp_utils.c index ba755552a7..1812062715 100644 --- a/src/plugins/mpi/pmix/pmixp_utils.c +++ b/src/plugins/mpi/pmix/pmixp_utils.c @@ -404,7 +404,7 @@ static int _pmix_p2p_send_core(const char *nodename, const char *address, msg.forward.timeout = timeout; msg.forward.cnt = 0; msg.forward.nodelist = NULL; - slurm_msg_set_r_uid(&msg, slurm_conf.slurmd_user_id); + slurm_msg_set_r_uid(&msg, slurm_get_slurmd_user_id()); ret_list = slurm_send_addr_recv_msgs(&msg, (char*)nodename, timeout); if (!ret_list) { /* This should never happen (when this was diff --git a/src/slurmd/slurmstepd/mgr.c b/src/slurmd/slurmstepd/mgr.c index b1e3d4d796..e2d5fac92b 100644 --- a/src/slurmd/slurmstepd/mgr.c +++ b/src/slurmd/slurmstepd/mgr.c @@ -777,7 +777,7 @@ _one_step_complete_msg(stepd_step_rec_t *job, int first, int last) } /*********************************************/ slurm_msg_t_init(&req); - slurm_msg_set_r_uid(&req, slurm_conf.slurmd_user_id); + slurm_msg_set_r_uid(&req, slurm_get_slurmd_user_id()); req.msg_type = REQUEST_STEP_COMPLETE; req.data = &msg; req.address = step_complete.parent_addr; -- 2.35.3 From a762c179ad3ed41aae9c10d2602c7c91d5fd1b98 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Tue, 10 May 2022 21:44:04 +0200 Subject: [PATCH 03/31] Convert slurm_conf.slurm_user_id -> slurm_get_slurm_user_id() Signed-off-by: Egbert Eich <eich@suse.com> # Conflicts: # src/common/slurm_protocol_api.c # src/slurmctld/backup.c # src/slurmctld/controller.c --- src/api/reconfigure.c | 2 +- src/common/slurm_protocol_api.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/api/reconfigure.c b/src/api/reconfigure.c index a53172e743..a62a1ddc60 100644 --- a/src/api/reconfigure.c +++ b/src/api/reconfigure.c @@ -160,7 +160,7 @@ _send_message_controller (enum controller_id dest, slurm_msg_t *req) if ((fd = slurm_open_controller_conn_spec(dest,working_cluster_rec)) <0) slurm_seterrno_ret(SLURMCTLD_COMMUNICATIONS_CONNECTION_ERROR); - slurm_msg_set_r_uid(req, slurm_conf.slurm_user_id); + slurm_msg_set_r_uid(req, slurm_get_slurm_user_id()); if (slurm_send_node_msg(fd, req) < 0) { slurm_shutdown_msg_conn(fd); slurm_seterrno_ret(SLURMCTLD_COMMUNICATIONS_SEND_ERROR); diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index 01ea2648ba..f297bf512d 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -4705,7 +4705,7 @@ extern int slurm_send_only_controller_msg(slurm_msg_t *req, goto cleanup; } - slurm_msg_set_r_uid(req, slurm_conf.slurm_user_id); + slurm_msg_set_r_uid(req, slurm_get_slurm_user_id()); if ((rc = slurm_send_node_msg(fd, req)) < 0) { rc = SLURM_ERROR; -- 2.35.3 From dc3f4f2a5e57d0e6b84bac74267a25c2ee1e0866 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Tue, 10 May 2022 21:46:37 +0200 Subject: [PATCH 04/31] Convert slurm_conf.last_update -> slurmctld_conf.last_update Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 4 ++-- src/slurmdbd/read_config.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index f297bf512d..ac4a05fe7c 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -893,10 +893,10 @@ static int _check_hash(buf_t *buffer, header_t *header, slurm_msg_t *msg, static time_t config_update = (time_t) -1; static bool block_null_hash = true; - if (config_update != slurm_conf.last_update) { + if (config_update != slurmctld_conf.last_update) { block_null_hash = (xstrcasestr(slurm_conf.comm_params, "block_null_hash")); - config_update = slurm_conf.last_update; + config_update = slurmctld_conf.last_update; } rc = auth_g_get_data(cred, &cred_hash, &cred_hash_len); diff --git a/src/slurmdbd/read_config.c b/src/slurmdbd/read_config.c index dede47c2be..f29850c8e5 100644 --- a/src/slurmdbd/read_config.c +++ b/src/slurmdbd/read_config.c @@ -616,7 +616,7 @@ extern int read_slurmdbd_conf(void) if (!slurmdbd_conf->purge_usage) slurmdbd_conf->purge_usage = NO_VAL; - slurm_conf.last_update = time(NULL); + slurmctld_conf.last_update = time(NULL); slurm_mutex_unlock(&conf_mutex); return SLURM_SUCCESS; } -- 2.35.3 From 8a4504becf4d031a8554d280b6599bdca1953412 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Tue, 10 May 2022 21:54:56 +0200 Subject: [PATCH 05/31] Convert log_flag_hex() to local _print_data() Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index ac4a05fe7c..b607076e7f 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -3626,7 +3626,9 @@ List slurm_receive_resp_msgs(int fd, int steps, int timeout) goto total_return; } - log_flag_hex(NET_RAW, buf, buflen, "%s: read", __func__); +#if _DEBUG + _print_data (buf, buflen); +#endif buffer = create_buf(buf, buflen); if (unpack_header(&header, buffer) == SLURM_ERROR) { -- 2.35.3 From 916dd96ac9a599ced5f561826e7bd3b4fb1c0d51 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Tue, 10 May 2022 21:57:09 +0200 Subject: [PATCH 06/31] Convert slurm_conf.comm_params -> slurm_get_comm_parameters() Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index b607076e7f..cf5aa07181 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -894,8 +894,10 @@ static int _check_hash(buf_t *buffer, header_t *header, slurm_msg_t *msg, static bool block_null_hash = true; if (config_update != slurmctld_conf.last_update) { - block_null_hash = (xstrcasestr(slurm_conf.comm_params, + char * comm_parameters = slurm_get_comm_parameters(); + block_null_hash = (xstrcasestr(comm_parameters, "block_null_hash")); + xfree(comm_parameters); config_update = slurmctld_conf.last_update; } -- 2.35.3 From 911413c3740ac62989f74e254b4aae2e8b33fe3e Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Tue, 10 May 2022 21:58:46 +0200 Subject: [PATCH 07/31] Convert slurm_conf.msg_timeout no -> slurm_get_msg_timeout() Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index cf5aa07181..db258255f3 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -3591,12 +3591,12 @@ List slurm_receive_resp_msgs(int fd, int steps, int timeout) if (timeout <= 0) { /* convert secs to msec */ - timeout = slurm_conf.msg_timeout * 1000; + timeout = slurm_get_msg_timeout() * 1000; orig_timeout = timeout; } if (steps) { if (message_timeout < 0) - message_timeout = slurm_conf.msg_timeout * 1000; + message_timeout = slurm_get_msg_timeout() * 1000; orig_timeout = (timeout - (message_timeout*(steps-1)))/steps; steps--; @@ -3607,9 +3607,9 @@ List slurm_receive_resp_msgs(int fd, int steps, int timeout) /* we compare to the orig_timeout here because that is really * what we are going to wait for each step */ - if (orig_timeout >= (slurm_conf.msg_timeout * 10000)) { + if (orig_timeout >= (slurm_get_msg_timeout() * 10000)) { log_flag(NET, "%s: Sending a message with timeout's greater than %d seconds, requested timeout is %d seconds", - __func__, (slurm_conf.msg_timeout * 10), + __func__, (slurm_get_msg_timeout() * 10), (timeout/1000)); } else if (orig_timeout < 1000) { log_flag(NET, "%s: Sending a message with a very short timeout of %d milliseconds each step in the tree has %d milliseconds", -- 2.35.3 From 85e1d5c256d5a65e100508d314a6175ab3df972c Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Wed, 11 May 2022 08:36:38 +0200 Subject: [PATCH 08/31] Fix g_slurm_auth_create in _pack_composite_msg Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_pack.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/common/slurm_protocol_pack.c b/src/common/slurm_protocol_pack.c index aa82f727f6..6910c47211 100644 --- a/src/common/slurm_protocol_pack.c +++ b/src/common/slurm_protocol_pack.c @@ -5106,7 +5106,8 @@ _pack_composite_msg(composite_msg_t *msg, Buf buffer, uint16_t protocol_version) /* FIXME: this should handle the * _global_auth_key() as well. */ tmp_info->auth_cred = - g_slurm_auth_create(auth_info); + g_slurm_auth_create(auth_info, + tmp_info->restrict_uid, NULL, 0); xfree(auth_info); } -- 2.35.3 From 2e7281f07b769c01ea2d083a85470f08afd58b61 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Wed, 11 May 2022 17:49:40 +0200 Subject: [PATCH 09/31] Add to set_agent_arg_r_uid() call to _xmit_new_end_time() Signed-off-by: Egbert Eich <eich@suse.com> --- src/slurmctld/job_mgr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/slurmctld/job_mgr.c b/src/slurmctld/job_mgr.c index 781988ec45..afc3e2cd52 100644 --- a/src/slurmctld/job_mgr.c +++ b/src/slurmctld/job_mgr.c @@ -14501,6 +14501,7 @@ _xmit_new_end_time(struct job_record *job_ptr) #endif agent_args->msg_args = job_time_msg_ptr; + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); return; } -- 2.35.3 From 3ca9b210dee1ae9e315edf0b7015cd2d585e0044 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Wed, 11 May 2022 19:41:13 +0200 Subject: [PATCH 10/31] Disable Message Aggregation Signed-off-by: Egbert Eich <eich@suse.com> --- src/slurmd/slurmd/slurmd.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/slurmd/slurmd/slurmd.c b/src/slurmd/slurmd/slurmd.c index 26107ee852..171656bbed 100644 --- a/src/slurmd/slurmd/slurmd.c +++ b/src/slurmd/slurmd/slurmd.c @@ -176,7 +176,9 @@ static void _decrement_thd_count(void); static void _destroy_conf(void); static int _drain_node(char *reason); static void _fill_registration_msg(slurm_node_registration_status_msg_t *); +#if 0 static uint64_t _get_int(const char *my_str); +#endif static void _handle_connection(int fd, slurm_addr_t *client); static void _hup_handler(int); static void _increment_thd_count(void); @@ -1978,6 +1980,7 @@ static int _set_topo_info(void) return rc; } +#if 0 static uint64_t _get_int(const char *my_str) { char *end = NULL; @@ -1990,23 +1993,33 @@ static uint64_t _get_int(const char *my_str) return NO_VAL; return value; } +#endif static uint64_t _parse_msg_aggr_params(int type, char *params) { uint64_t value = NO_VAL; +#if 0 char *sub_str = NULL; - +#endif if (!params) return NO_VAL; switch (type) { case WINDOW_TIME: + info("Message aggregation has been disabled, " + "please check SLE release notes!"); +#if 0 if ((sub_str = xstrcasestr(params, "WindowTime="))) value = _get_int(sub_str + 11); +#endif break; case WINDOW_MSGS: + info("Message aggregation has been disabled, " + "please check SLE release notes!"); +#if 0 if ((sub_str = xstrcasestr(params, "WindowMsgs="))) value = _get_int(sub_str + 11); +#endif break; default: fatal("invalid message aggregation parameters: %s", params); -- 2.35.3 From da5f8aa27dc60792809abffe32f735167d7202b6 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Fri, 13 May 2022 09:01:15 +0200 Subject: [PATCH 11/31] Add missing slurm_msg_set_r_uid() Signed-off-by: Egbert Eich <eich@suse.com> --- src/slurmd/slurmstepd/mgr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/slurmd/slurmstepd/mgr.c b/src/slurmd/slurmstepd/mgr.c index e2d5fac92b..4af220970b 100644 --- a/src/slurmd/slurmstepd/mgr.c +++ b/src/slurmd/slurmstepd/mgr.c @@ -2472,6 +2472,7 @@ _send_complete_batch_script_msg(stepd_step_rec_t *job, int err, int status) slurm_set_addr_char(&req_msg.address, conf->port, conf->hostname); } + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); msg_rc = slurm_send_recv_rc_msg_only_one(&req_msg, &rc, 0); } -- 2.35.3 From c6814bf001839d288b3f634ca73d17a53e77c95b Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Fri, 13 May 2022 20:16:05 +0200 Subject: [PATCH 12/31] Fix g_slurm_auth_create in _stepd_connect_legacy Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/stepd_api.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/common/stepd_api.c b/src/common/stepd_api.c index 05c0a810b1..348e29064d 100644 --- a/src/common/stepd_api.c +++ b/src/common/stepd_api.c @@ -252,7 +252,8 @@ stepd_connect(const char *directory, const char *nodename, buffer = init_buf(0); /* Create an auth credential */ auth_info = slurm_get_auth_info(); - auth_cred = g_slurm_auth_create(auth_info); + auth_cred = g_slurm_auth_create(auth_info, + slurm_get_slurmd_user_id(), NULL, 0); xfree(auth_info); if (auth_cred == NULL) { error("Creating authentication credential: %s", -- 2.35.3 From c901d16afc747b133b2e6ae28f22e12dead0abe7 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Sat, 14 May 2022 09:23:17 +0200 Subject: [PATCH 13/31] Add missing auth_info arguments Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index db258255f3..94d6ea38c0 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -884,7 +884,7 @@ char *slurm_get_priority_weight_tres(void) return weights; } -static int _check_hash(buf_t *buffer, header_t *header, slurm_msg_t *msg, +static int _check_hash(struct slurm_buf *buffer, header_t *header, slurm_msg_t *msg, void *cred) { char *cred_hash = NULL; @@ -3178,6 +3178,7 @@ extern int slurm_unpack_received_msg(slurm_msg_t *msg, int fd, Buf buffer) header_t header; int rc; void *auth_cred = NULL; + char *auth_info; if (unpack_header(&header, buffer) == SLURM_ERROR) { rc = SLURM_COMMUNICATIONS_RECEIVE_ERROR; @@ -3227,7 +3228,7 @@ extern int slurm_unpack_received_msg(slurm_msg_t *msg, int fd, Buf buffer) if (header.flags & SLURM_GLOBAL_AUTH_KEY) { rc = g_slurm_auth_verify(auth_cred, _global_auth_key()); } else { - char *auth_info = slurm_get_auth_info(); + auth_info = slurm_get_auth_info(); rc = g_slurm_auth_verify(auth_cred, auth_info); xfree(auth_info); } @@ -3241,7 +3242,9 @@ extern int slurm_unpack_received_msg(slurm_msg_t *msg, int fd, Buf buffer) goto total_return; } - msg->auth_uid = g_slurm_auth_get_uid(auth_cred); + auth_info = slurm_get_auth_info(); + msg->auth_uid = g_slurm_auth_get_uid(auth_cred, auth_info); + xfree(auth_info); msg->auth_uid_set = true; /* @@ -3400,6 +3403,7 @@ List slurm_receive_msgs(int fd, int steps, int timeout) ret_data_info_t *ret_data_info = NULL; List ret_list = NULL; int orig_timeout = timeout; + char *auth_info; xassert(fd >= 0); @@ -3505,7 +3509,7 @@ List slurm_receive_msgs(int fd, int steps, int timeout) if (header.flags & SLURM_GLOBAL_AUTH_KEY) { rc = g_slurm_auth_verify(auth_cred, _global_auth_key()); } else { - char *auth_info = slurm_get_auth_info(); + auth_info = slurm_get_auth_info(); rc = g_slurm_auth_verify(auth_cred, auth_info); xfree(auth_info); } @@ -3519,7 +3523,9 @@ List slurm_receive_msgs(int fd, int steps, int timeout) goto total_return; } - msg.auth_uid = g_slurm_auth_get_uid(auth_cred); + auth_info = slurm_get_auth_info(); + msg.auth_uid = g_slurm_auth_get_uid(auth_cred, auth_info); + xfree(auth_info); msg.auth_uid_set = true; /* * Unpack message body @@ -3758,6 +3764,7 @@ int slurm_receive_msg_and_forward(int fd, slurm_addr_t *orig_addr, int rc; void *auth_cred = NULL; Buf buffer; + char *auth_info; xassert(fd >= 0); @@ -3893,7 +3900,7 @@ int slurm_receive_msg_and_forward(int fd, slurm_addr_t *orig_addr, if (header.flags & SLURM_GLOBAL_AUTH_KEY) { rc = g_slurm_auth_verify(auth_cred, _global_auth_key()); } else { - char *auth_info = slurm_get_auth_info(); + auth_info = slurm_get_auth_info(); rc = g_slurm_auth_verify(auth_cred, auth_info); xfree(auth_info); } @@ -3907,7 +3914,9 @@ int slurm_receive_msg_and_forward(int fd, slurm_addr_t *orig_addr, goto total_return; } - msg->auth_uid = g_slurm_auth_get_uid(auth_cred); + auth_info = slurm_get_auth_info(); + msg->auth_uid = g_slurm_auth_get_uid(auth_cred, auth_info); + xfree(auth_info); msg->auth_uid_set = true; /* -- 2.35.3 From fd4a977e5a9c2da9dc7b37b3acde87e5f9489e7b Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 08:04:00 +0200 Subject: [PATCH 14/31] Fix argument in call to slurm_get_plugin_hash_enable Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_auth.c | 4 ++-- src/common/slurm_auth.h | 2 +- src/common/slurm_protocol_api.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/common/slurm_auth.c b/src/common/slurm_auth.c index 7ce0887ead..a423ad98a4 100644 --- a/src/common/slurm_auth.c +++ b/src/common/slurm_auth.c @@ -131,12 +131,12 @@ slurm_auth_generic_errstr( int slurm_errno ) } } -extern bool slurm_get_plugin_hash_enable(int index) +extern bool slurm_get_plugin_hash_enable() { if (slurm_auth_init(NULL) < 0) return true; - return *(ops[index].hash_enable); + return *(ops.hash_enable); } diff --git a/src/common/slurm_auth.h b/src/common/slurm_auth.h index f7ab7ac68e..1be28f3aa9 100644 --- a/src/common/slurm_auth.h +++ b/src/common/slurm_auth.h @@ -138,7 +138,7 @@ extern int slurm_auth_fini( void ); * Check if plugin type corresponding to the authentication * plugin index supports hash. */ -extern bool slurm_get_plugin_hash_enable(int index); +extern bool slurm_get_plugin_hash_enable(); /* * Static bindings for the global authentication context. diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index 94d6ea38c0..bbdf10855a 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -909,7 +909,7 @@ static int _check_hash(struct slurm_buf *buffer, header_t *header, slurm_msg_t * &msg->msg_type, sizeof(msg->msg_type))) rc = SLURM_ERROR; } else if (block_null_hash && - slurm_get_plugin_hash_enable(msg->auth_index)) + slurm_get_plugin_hash_enable()) rc = SLURM_ERROR; xfree(cred_hash); -- 2.35.3 From b29995356ce0a08e638e7c626dced096854b3449 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 08:04:48 +0200 Subject: [PATCH 15/31] Fix buffer type Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index bbdf10855a..481b418e67 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -3585,7 +3585,7 @@ List slurm_receive_resp_msgs(int fd, int steps, int timeout) int rc; void *auth_cred = NULL; slurm_msg_t msg; - buf_t *buffer; + Buf buffer; ret_data_info_t *ret_data_info = NULL; List ret_list = NULL; int orig_timeout = timeout; -- 2.35.3 From a3f5ed878c7872f2d64e685750f463007988f952 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 08:06:49 +0200 Subject: [PATCH 16/31] Fix arguments to forward_init() Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index 481b418e67..e90979c4ad 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -3629,7 +3629,7 @@ List slurm_receive_resp_msgs(int fd, int steps, int timeout) * the message. */ if (slurm_msg_recvfrom_timeout(fd, &buf, &buflen, 0, timeout) < 0) { - forward_init(&header.forward); + forward_init(&header.forward, NULL); rc = errno; goto total_return; } -- 2.35.3 From 8db39a8468aef6ffdf6b8babf4f1e61128e1e145 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 08:07:20 +0200 Subject: [PATCH 17/31] Fix log message function Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index e90979c4ad..f0596490e7 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -3608,17 +3608,17 @@ List slurm_receive_resp_msgs(int fd, int steps, int timeout) steps--; } - log_flag(NET, "%s: orig_timeout was %d we have %d steps and a timeout of %d", + debug("%s: orig_timeout was %d we have %d steps and a timeout of %d", __func__, orig_timeout, steps, timeout); /* we compare to the orig_timeout here because that is really * what we are going to wait for each step */ if (orig_timeout >= (slurm_get_msg_timeout() * 10000)) { - log_flag(NET, "%s: Sending a message with timeout's greater than %d seconds, requested timeout is %d seconds", + debug("%s: Sending a message with timeout's greater than %d seconds, requested timeout is %d seconds", __func__, (slurm_get_msg_timeout() * 10), (timeout/1000)); } else if (orig_timeout < 1000) { - log_flag(NET, "%s: Sending a message with a very short timeout of %d milliseconds each step in the tree has %d milliseconds", + debug("%s: Sending a message with a very short timeout of %d milliseconds each step in the tree has %d milliseconds", __func__, timeout, orig_timeout); } -- 2.35.3 From 268094f7c4c0319bc02b4ac10ab7f12f61774c3e Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 08:26:13 +0200 Subject: [PATCH 18/31] Fix aruments in g_slurm_auth_unpack() Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index f0596490e7..435495c1ae 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -3675,7 +3675,7 @@ List slurm_receive_resp_msgs(int fd, int steps, int timeout) __func__); } - if (!(auth_cred = g_slurm_auth_unpack(buffer, header.version))) { + if (!(auth_cred = g_slurm_auth_unpack(buffer))) { error("%s: auth_g_unpack: %m", __func__); free_buf(buffer); rc = ESLURM_PROTOCOL_INCOMPLETE_PACKET; -- 2.35.3 From b87fc1b346fa6a75e803b6dfd9337e30f01c43bd Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 10:12:08 +0200 Subject: [PATCH 19/31] Fix auth_g_get_data() Remove not existing wrapper. Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_auth.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/common/slurm_auth.c b/src/common/slurm_auth.c index a423ad98a4..7b8a3ff61b 100644 --- a/src/common/slurm_auth.c +++ b/src/common/slurm_auth.c @@ -224,12 +224,10 @@ int g_slurm_auth_verify(void *cred, char *auth_info) int auth_g_get_data(void *cred, char **data, uint32_t *len) { - cred_wrapper_t *wrap = (cred_wrapper_t *) cred; - - if (!wrap || slurm_auth_init(NULL) < 0) + if (slurm_auth_init(NULL) < 0) return SLURM_ERROR; - return (*(ops[wrap->index].get_data))(cred, data, len); + return (*(ops.get_data))(cred, data, len); } uid_t g_slurm_auth_get_uid(void *cred, char *auth_info) -- 2.35.3 From f2b152c95cbc771006130f18ebfb4dbfaeb5815e Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 10:18:26 +0200 Subject: [PATCH 20/31] Add support for ESLURM_AUTH_BADARG Signed-off-by: Egbert Eich <eich@suse.com> --- slurm/slurm_errno.h | 1 + src/common/slurm_errno.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/slurm/slurm_errno.h b/slurm/slurm_errno.h index c1d6f935e7..af5baa2441 100644 --- a/slurm/slurm_errno.h +++ b/slurm/slurm_errno.h @@ -262,6 +262,7 @@ enum { ESLURM_AUTH_FOPEN_ERROR, ESLURM_AUTH_NET_ERROR, ESLURM_AUTH_UNABLE_TO_SIGN, + ESLURM_AUTH_BADARG, /* accounting errors */ ESLURM_DB_CONNECTION = 7000, diff --git a/src/common/slurm_errno.c b/src/common/slurm_errno.c index 74cfc6b1c5..d4ff6d3f10 100644 --- a/src/common/slurm_errno.c +++ b/src/common/slurm_errno.c @@ -444,7 +444,8 @@ static slurm_errtab_t slurm_errtab[] = { "Failed to open authentication public key" }, { ESLURM_AUTH_NET_ERROR, "Failed to connect to authentication agent" }, - + { ESLURM_AUTH_BADARG, + "Bad argument to plugin function" }, /* accounting errors */ { ESLURM_DB_CONNECTION, "Unable to connect to database" }, -- 2.35.3 From 0f7d6f873ac480e3ff08513a9fe7e1f40ca65809 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 10:41:08 +0200 Subject: [PATCH 21/31] Replace response_init() by slurm_msg_t_init() Signed-off-by: Egbert Eich <eich@suse.com> --- src/slurmctld/job_mgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/slurmctld/job_mgr.c b/src/slurmctld/job_mgr.c index afc3e2cd52..e3963a1877 100644 --- a/src/slurmctld/job_mgr.c +++ b/src/slurmctld/job_mgr.c @@ -13660,7 +13660,7 @@ extern int update_job_str(slurm_msg_t *msg, uid_t uid) reply: if ((rc != ESLURM_JOB_SETTING_DB_INX) && (msg->conn_fd >= 0)) { - response_init(&resp_msg, msg); + slurm_msg_t_init(&resp_msg); if (resp_array) { resp_array_msg = _resp_array_xlate(resp_array, job_id); resp_msg.msg_type = RESPONSE_JOB_ARRAY_ERRORS; -- 2.35.3 From f3faf8a9165caa9728ad8f812ea792b07917c829 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 14:33:14 +0200 Subject: [PATCH 22/31] Replace response_init() Signed-off-by: Egbert Eich <eich@suse.com> # Conflicts: # src/slurmctld/proc_req.c --- src/slurmctld/job_mgr.c | 4 +++ src/slurmctld/proc_req.c | 78 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) diff --git a/src/slurmctld/job_mgr.c b/src/slurmctld/job_mgr.c index e3963a1877..add1f934f7 100644 --- a/src/slurmctld/job_mgr.c +++ b/src/slurmctld/job_mgr.c @@ -13661,6 +13661,8 @@ extern int update_job_str(slurm_msg_t *msg, uid_t uid) reply: if ((rc != ESLURM_JOB_SETTING_DB_INX) && (msg->conn_fd >= 0)) { slurm_msg_t_init(&resp_msg); + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&resp_msg, msg->auth_uid); if (resp_array) { resp_array_msg = _resp_array_xlate(resp_array, job_id); resp_msg.msg_type = RESPONSE_JOB_ARRAY_ERRORS; @@ -16235,6 +16237,8 @@ extern int job_requeue2(uid_t uid, requeue_msg_t *req_ptr, slurm_msg_t *msg, reply: if (msg) { slurm_msg_t_init(&resp_msg); + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&resp_msg, msg->auth_uid); resp_msg.protocol_version = msg->protocol_version; resp_msg.conn = msg->conn; if (resp_array) { diff --git a/src/slurmctld/proc_req.c b/src/slurmctld/proc_req.c index 54a28ff9f2..b2e34d624a 100644 --- a/src/slurmctld/proc_req.c +++ b/src/slurmctld/proc_req.c @@ -1437,6 +1437,8 @@ static void _slurm_rpc_allocate_pack(slurm_msg_t * msg) response_msg.conn = msg->conn; response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.msg_type = RESPONSE_JOB_PACK_ALLOCATION; response_msg.data = resp; @@ -1619,6 +1621,8 @@ send_msg: response_msg.conn = msg->conn; response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.msg_type = RESPONSE_RESOURCE_ALLOCATION; response_msg.data = alloc_msg; @@ -1682,6 +1686,8 @@ static void _slurm_rpc_dump_conf(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_BUILD_INFO; @@ -1737,6 +1743,8 @@ static void _slurm_rpc_dump_jobs(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_JOB_INFO; @@ -1779,6 +1787,8 @@ static void _slurm_rpc_dump_jobs_user(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_JOB_INFO; @@ -1823,6 +1833,8 @@ static void _slurm_rpc_dump_job_single(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_JOB_INFO; @@ -1852,6 +1864,8 @@ static void _slurm_rpc_get_shares(slurm_msg_t *msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_SHARE_INFO; @@ -1881,6 +1895,8 @@ static void _slurm_rpc_get_priority_factors(slurm_msg_t *msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_PRIORITY_FACTORS; @@ -1919,6 +1935,8 @@ static void _slurm_rpc_end_time(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = SRUN_TIMEOUT; @@ -1947,6 +1965,8 @@ static void _slurm_rpc_get_fed(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_FED_INFO; @@ -1995,6 +2015,8 @@ static void _slurm_rpc_dump_front_end(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_FRONT_END_INFO; @@ -2055,6 +2077,8 @@ static void _slurm_rpc_dump_nodes(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_NODE_INFO; @@ -2113,6 +2137,8 @@ static void _slurm_rpc_dump_node_single(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_NODE_INFO; @@ -2166,6 +2192,8 @@ static void _slurm_rpc_dump_partitions(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_PARTITION_INFO; @@ -2676,6 +2704,8 @@ static void _slurm_rpc_dump_batch_script(slurm_msg_t *msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_BATCH_SCRIPT; @@ -2801,6 +2831,8 @@ static void _slurm_rpc_job_step_create(slurm_msg_t * msg) slurm_msg_t_init(&resp); resp.flags = msg->flags; resp.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&resp, msg->auth_uid); resp.address = msg->address; resp.conn = msg->conn; resp.msg_type = RESPONSE_JOB_STEP_CREATE; @@ -2870,6 +2902,8 @@ static void _slurm_rpc_job_step_get_info(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_JOB_STEP_INFO; @@ -2977,6 +3011,8 @@ send_reply: slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_JOB_WILL_RUN; @@ -3153,6 +3189,8 @@ static void _slurm_rpc_job_alloc_info(slurm_msg_t * msg) response_msg.data = job_info_resp_msg; response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); slurm_send_node_msg(msg->conn_fd, &response_msg); @@ -3257,6 +3295,8 @@ static void _slurm_rpc_job_pack_alloc_info(slurm_msg_t * msg) response_msg.data = resp; response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); slurm_send_node_msg(msg->conn_fd, &response_msg); FREE_NULL_LIST(resp); @@ -3500,6 +3540,8 @@ static void _slurm_rpc_job_sbcast_cred(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.msg_type = RESPONSE_JOB_SBCAST_CRED; response_msg.data = &job_info_resp_msg; @@ -3866,6 +3908,8 @@ static void _slurm_rpc_step_layout(slurm_msg_t *msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.msg_type = RESPONSE_STEP_LAYOUT; response_msg.data = step_layout; @@ -4026,6 +4070,8 @@ send_msg: slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_SUBMIT_BATCH_JOB; response_msg.data = &submit_msg; @@ -4302,6 +4348,8 @@ send_msg: slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_SUBMIT_BATCH_JOB; response_msg.data = &submit_msg; @@ -4839,6 +4887,8 @@ static void _slurm_rpc_resv_create(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); resv_resp_msg.name = resv_desc_ptr->name; response_msg.msg_type = RESPONSE_CREATE_RESERVATION; response_msg.data = &resv_resp_msg; @@ -4969,6 +5019,8 @@ static void _slurm_rpc_resv_show(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_RESERVATION_INFO; @@ -5025,6 +5077,8 @@ static void _slurm_rpc_layout_show(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_LAYOUT_INFO; @@ -5117,6 +5171,8 @@ static void _slurm_rpc_job_ready(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; rc_msg.return_code = result; @@ -5230,6 +5286,8 @@ static void _slurm_rpc_burst_buffer_info(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_BURST_BUFFER_INFO; @@ -5628,6 +5686,8 @@ inline static void _slurm_rpc_trigger_get(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_TRIGGER_GET; @@ -5715,6 +5775,8 @@ inline static void _slurm_rpc_get_topo(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_TOPO_INFO; @@ -5747,6 +5809,8 @@ inline static void _slurm_rpc_get_powercap(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_POWERCAP_INFO; @@ -6227,6 +6291,8 @@ inline static void _slurm_rpc_dump_spank(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONCE_SPANK_ENVIRONMENT; @@ -6313,6 +6379,8 @@ inline static void _slurm_rpc_dump_stats(slurm_msg_t * msg) slurm_msg_t_init(&response_msg); response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_STATS_INFO; @@ -6376,6 +6444,8 @@ _slurm_rpc_dump_licenses(slurm_msg_t * msg) response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_LICENSE_INFO; @@ -6591,6 +6661,8 @@ static void _slurm_rpc_composite_msg(slurm_msg_t *msg) slurm_msg_t_init(&resp_msg); resp_msg.flags = msg->flags; resp_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&resp_msg, msg->auth_uid); memcpy(&resp_msg.address, &comp_msg->sender, sizeof(slurm_addr_t)); resp_msg.msg_type = RESPONSE_MESSAGE_COMPOSITE; @@ -6676,6 +6748,8 @@ static void _slurm_rpc_comp_msg_list(composite_msg_t * comp_msg, resp_msg->flags = next_msg->flags; resp_msg->protocol_version = next_msg->protocol_version; + if (next_msg->auth_uid_set) + slurm_msg_set_r_uid(resp_msg, next_msg->auth_uid); resp_msg->msg_type = RESPONSE_MESSAGE_COMPOSITE; /* You can't just set the * resp_msg->address here, it won't @@ -6751,6 +6825,8 @@ static void _slurm_rpc_assoc_mgr_info(slurm_msg_t * msg) response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_ASSOC_MGR_INFO; @@ -7019,6 +7095,8 @@ static void _proc_multi_msg(uint32_t rpc_uid, slurm_msg_t *msg) slurm_msg_t_init(&response_msg); response_msg.flags = msg->flags; response_msg.protocol_version = msg->protocol_version; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.address = msg->address; response_msg.conn = msg->conn; response_msg.msg_type = RESPONSE_CTLD_MULT_MSG; -- 2.35.3 From d079c59d888083d6cf11681b1caa713fd6dea863 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 16 May 2022 14:33:47 +0200 Subject: [PATCH 23/31] Add missing auth_uid init setting Signed-off-by: Egbert Eich <eich@suse.com> --- src/slurmctld/proc_req.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/slurmctld/proc_req.c b/src/slurmctld/proc_req.c index b2e34d624a..3d308f9055 100644 --- a/src/slurmctld/proc_req.c +++ b/src/slurmctld/proc_req.c @@ -6857,6 +6857,9 @@ static int _process_persist_conn(void *arg, slurm_msg_t_init(&msg); msg.auth_cred = persist_conn->auth_cred; + msg.auth_uid = *uid; + msg.auth_uid_set = true; + msg.conn = persist_conn; msg.conn_fd = persist_conn->fd; -- 2.35.3 From fb75cf0c8ba09d858320e9c9d0acacccf61b323f Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Wed, 18 May 2022 15:09:34 +0200 Subject: [PATCH 24/31] Add missing set_agent_arg_r_uid() Signed-off-by: Egbert Eich <eich@suse.com> --- src/plugins/checkpoint/blcr/checkpoint_blcr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/plugins/checkpoint/blcr/checkpoint_blcr.c b/src/plugins/checkpoint/blcr/checkpoint_blcr.c index b8ec15a566..23d3a4cd8b 100644 --- a/src/plugins/checkpoint/blcr/checkpoint_blcr.c +++ b/src/plugins/checkpoint/blcr/checkpoint_blcr.c @@ -583,6 +583,7 @@ static void _send_sig(uint32_t job_id, uint32_t step_id, uint16_t signal, } hostlist_iterator_destroy(hi); + set_agent_arg_r_uid(agent_args, SLURM_AUTH_UID_ANY); agent_queue_request(agent_args); } -- 2.35.3 From 3a67696a66dae9ed78b6db0f76260d3560971a47 Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Wed, 18 May 2022 20:35:02 +0200 Subject: [PATCH 25/31] Add slurm_msg_set_r_uid() to _persist_fed_job_lock_bool() and _agent_thread() This seems to be missing from upstream as well. Signed-off-by: Egbert Eich <eich@suse.com> --- src/slurmctld/fed_mgr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/slurmctld/fed_mgr.c b/src/slurmctld/fed_mgr.c index 8b464847b7..7d8043dbd8 100644 --- a/src/slurmctld/fed_mgr.c +++ b/src/slurmctld/fed_mgr.c @@ -1038,6 +1038,7 @@ static int _persist_fed_job_lock_bool(slurmdb_cluster_rec_t *conn, req_msg.protocol_version = conn->rpc_version; req_msg.data = &sib_msg; + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); if (_send_recv_msg(conn, &req_msg, &resp_msg, false)) { rc = SLURM_PROTOCOL_ERROR; @@ -2280,6 +2281,7 @@ static void *_agent_thread(void *arg) slurm_msg_t_init(&req_msg); req_msg.msg_type = REQUEST_CTLD_MULT_MSG; req_msg.data = &ctld_req_msg; + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); rc = _send_recv_msg(cluster, &req_msg, &resp_msg, false); -- 2.35.3 From eca4da6d1c99bea7f277a1c8e8b071575d3f9cec Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Wed, 18 May 2022 20:52:16 +0200 Subject: [PATCH 26/31] Fix slurm_msg_set_r_uid() settings for checkpointing Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/checkpoint.c | 1 + src/slurmctld/job_mgr.c | 2 ++ src/slurmctld/step_mgr.c | 3 +++ 3 files changed, 6 insertions(+) diff --git a/src/common/checkpoint.c b/src/common/checkpoint.c index 2f4ce092ab..4df2235314 100644 --- a/src/common/checkpoint.c +++ b/src/common/checkpoint.c @@ -359,6 +359,7 @@ extern int checkpoint_tasks (uint32_t job_id, uint32_t step_id, ckpt_req.image_dir = image_dir; req_msg.msg_type = REQUEST_CHECKPOINT_TASKS; req_msg.data = &ckpt_req; + slurm_msg_set_r_uid(&req_msg, SLURM_AUTH_UID_ANY); if ((ret_list = slurm_send_recv_msgs(nodelist, &req_msg, (wait*1000), false))) { diff --git a/src/slurmctld/job_mgr.c b/src/slurmctld/job_mgr.c index add1f934f7..995e49dba2 100644 --- a/src/slurmctld/job_mgr.c +++ b/src/slurmctld/job_mgr.c @@ -16987,6 +16987,7 @@ extern int job_checkpoint(checkpoint_msg_t *ckpt_ptr, uid_t uid, if (conn_fd < 0) /* periodic checkpoint */ return rc; + slurm_msg_set_r_uid(&resp_msg, uid); if ((rc == SLURM_SUCCESS) && ((ckpt_ptr->op == CHECK_ABLE) || (ckpt_ptr->op == CHECK_ERROR))) { resp_msg.msg_type = RESPONSE_CHECKPOINT; @@ -17397,6 +17398,7 @@ extern int job_restart(checkpoint_msg_t *ckpt_ptr, uid_t uid, int conn_fd, rc_msg.return_code = rc; resp_msg.msg_type = RESPONSE_SLURM_RC; resp_msg.data = &rc_msg; + slurm_msg_set_r_uid(&resp_msg, uid); (void) slurm_send_node_msg(conn_fd, &resp_msg); return rc; diff --git a/src/slurmctld/step_mgr.c b/src/slurmctld/step_mgr.c index 947511d7d6..5ae6b0ce04 100644 --- a/src/slurmctld/step_mgr.c +++ b/src/slurmctld/step_mgr.c @@ -3307,6 +3307,7 @@ extern int job_step_checkpoint(checkpoint_msg_t *ckpt_ptr, } reply: + slurm_msg_set_r_uid(&resp_msg, uid); if ((rc == SLURM_SUCCESS) && ((ckpt_ptr->op == CHECK_ABLE) || (ckpt_ptr->op == CHECK_ERROR))) { resp_msg.msg_type = RESPONSE_CHECKPOINT; @@ -3376,6 +3377,7 @@ extern int job_step_checkpoint_comp(checkpoint_comp_msg_t *ckpt_ptr, rc_msg.return_code = rc; resp_msg.msg_type = RESPONSE_SLURM_RC; resp_msg.data = &rc_msg; + slurm_msg_set_r_uid(&resp_msg, uid); (void) slurm_send_node_msg(conn_fd, &resp_msg); return rc; } @@ -3435,6 +3437,7 @@ extern int job_step_checkpoint_task_comp(checkpoint_task_comp_msg_t *ckpt_ptr, rc_msg.return_code = rc; resp_msg.msg_type = RESPONSE_SLURM_RC; resp_msg.data = &rc_msg; + slurm_msg_set_r_uid(&resp_msg, uid); (void) slurm_send_node_msg(conn_fd, &resp_msg); return rc; } -- 2.35.3 From 5382605a3968a109b7d35619b968b9726c2d29ed Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Thu, 19 May 2022 09:48:08 +0200 Subject: [PATCH 27/31] Add missing calls to slurm_msg_set_r_uid() Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index 435495c1ae..48f0e10fba 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -4397,7 +4397,14 @@ int slurm_send_rc_err_msg(slurm_msg_t *msg, int rc, char *err_msg) resp_msg.forward_struct = msg->forward_struct; resp_msg.ret_list = msg->ret_list; resp_msg.orig_addr = msg->orig_addr; - + /* like _resp_msg_setup() */ + if (!msg->auth_uid_set) + slurm_msg_set_r_uid(&resp_msg, SLURM_AUTH_NOBODY); + else if ((msg->auth_uid != slurm_get_slurm_user_id()) && + (msg->auth_uid != slurm_get_slurmd_user_id())) + slurm_msg_set_r_uid(&resp_msg, msg->auth_uid); + else + slurm_msg_set_r_uid(&resp_msg, SLURM_AUTH_UID_ANY); /* send message */ return slurm_send_node_msg(msg->conn_fd, &resp_msg); } @@ -4434,6 +4441,14 @@ int slurm_send_reroute_msg(slurm_msg_t *msg, slurmdb_cluster_rec_t *cluster_rec) resp_msg.ret_list = msg->ret_list; resp_msg.orig_addr = msg->orig_addr; + /* like _resp_msg_setup() */ + if (!msg->auth_uid_set) + slurm_msg_set_r_uid(&resp_msg, SLURM_AUTH_NOBODY); + else if ((msg->auth_uid != slurm_get_slurm_user_id()) && + (msg->auth_uid != slurm_get_slurmd_user_id())) + slurm_msg_set_r_uid(&resp_msg, msg->auth_uid); + else + slurm_msg_set_r_uid(&resp_msg, SLURM_AUTH_UID_ANY); /* send message */ return slurm_send_node_msg(msg->conn_fd, &resp_msg); } -- 2.35.3 From b076857cc6f697d0cb05991c356ce9e509dac83e Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Thu, 19 May 2022 22:13:56 +0200 Subject: [PATCH 28/31] Add slurm_msg_set_r_uid() for replace_batch_job() which as been deleted since Signed-off-by: Egbert Eich <eich@suse.com> --- src/slurmctld/job_scheduler.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/slurmctld/job_scheduler.c b/src/slurmctld/job_scheduler.c index 91d77644fd..ac6a50a76e 100644 --- a/src/slurmctld/job_scheduler.c +++ b/src/slurmctld/job_scheduler.c @@ -969,6 +969,7 @@ send_reply: resp_msg->address = msg->address; resp_msg->msg_type = REQUEST_BATCH_JOB_LAUNCH; resp_msg->data = launch_msg; + slurm_msg_set_r_uid(resp_msg, msg->auth_uid); list_append(msg->ret_list, resp_msg); } else { slurm_msg_t response_msg; @@ -978,6 +979,7 @@ send_reply: response_msg.address = msg->address; response_msg.msg_type = REQUEST_BATCH_JOB_LAUNCH; response_msg.data = launch_msg; + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); slurm_send_node_msg(msg->conn_fd, &response_msg); slurm_free_job_launch_msg(launch_msg); } -- 2.35.3 From 191b41486a32cb8218ae2fb56aa589b485b6566e Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 23 May 2022 09:31:38 +0200 Subject: [PATCH 29/31] Add type bool to proc_req.c Signed-off-by: Egbert Eich <eich@suse.com> --- src/slurmdbd/proc_req.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/slurmdbd/proc_req.c b/src/slurmdbd/proc_req.c index aca876a503..8256eb9e39 100644 --- a/src/slurmdbd/proc_req.c +++ b/src/slurmdbd/proc_req.c @@ -44,6 +44,7 @@ #include <sys/prctl.h> #endif +#include <stdbool.h> #include "src/common/slurm_auth.h" #include "src/common/gres.h" #include "src/common/macros.h" -- 2.35.3 From 73c9a26c60fc1cd07b234858165881286969238c Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Mon, 23 May 2022 09:33:49 +0200 Subject: [PATCH 30/31] Add config CommunicationParameters for 'block_null_hash' option Signed-off-by: Egbert Eich <eich@suse.com> --- slurm/slurm.h.in | 1 + src/common/read_config.c | 6 ++++++ src/common/slurm_protocol_api.c | 18 ++++++++++++++++++ src/common/slurm_protocol_api.h | 6 ++++++ 4 files changed, 31 insertions(+) diff --git a/slurm/slurm.h.in b/slurm/slurm.h.in index dc75c9308f..b8f11d3249 100644 --- a/slurm/slurm.h.in +++ b/slurm/slurm.h.in @@ -2971,6 +2971,7 @@ typedef struct slurm_ctl_conf { char *version; /* version of slurmctld */ uint16_t vsize_factor; /* virtual memory limit size factor */ uint16_t wait_time; /* default job --wait time */ + char *comm_params; /* Communication parameters */ } slurm_ctl_conf_t; typedef struct slurmd_status_msg { diff --git a/src/common/read_config.c b/src/common/read_config.c index 5913df1cdc..225937520b 100644 --- a/src/common/read_config.c +++ b/src/common/read_config.c @@ -194,6 +194,7 @@ s_p_options_t slurm_conf_options[] = { {"ChosLoc", S_P_STRING}, {"CoreSpecPlugin", S_P_STRING}, {"ClusterName", S_P_STRING}, + {"CommunicationParameters", S_P_STRING}, {"CompleteWait", S_P_UINT16}, {"ControlAddr", S_P_STRING}, {"ControlMachine", S_P_STRING}, @@ -2337,6 +2338,7 @@ free_slurm_conf (slurm_ctl_conf_t *ctl_conf_ptr, bool purge_node_hash) xfree (ctl_conf_ptr->checkpoint_type); xfree (ctl_conf_ptr->chos_loc); xfree (ctl_conf_ptr->cluster_name); + xfree (ctl_conf_ptr->comm_params); xfree (ctl_conf_ptr->control_addr); xfree (ctl_conf_ptr->control_machine); xfree (ctl_conf_ptr->core_spec_plugin); @@ -2460,6 +2462,7 @@ init_slurm_conf (slurm_ctl_conf_t *ctl_conf_ptr) xfree (ctl_conf_ptr->checkpoint_type); xfree (ctl_conf_ptr->chos_loc); xfree (ctl_conf_ptr->cluster_name); + xfree (ctl_conf_ptr->comm_params); ctl_conf_ptr->complete_wait = NO_VAL16; xfree (ctl_conf_ptr->control_addr); xfree (ctl_conf_ptr->control_machine); @@ -3096,6 +3099,9 @@ _validate_and_set_defaults(slurm_ctl_conf_t *conf, s_p_hashtbl_t *hashtbl) if (s_p_get_uint16(&uint16_tmp, "CacheGroups", hashtbl)) debug("Ignoring obsolete CacheGroups option."); + (void) s_p_get_string(&conf->comm_params, "CommunicationParameters", + hashtbl); + if (!s_p_get_string(&conf->core_spec_plugin, "CoreSpecPlugin", hashtbl)) { conf->core_spec_plugin = diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index 48f0e10fba..e9f05c0319 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -1179,6 +1179,24 @@ char *slurm_get_cluster_name(void) return name; } +/* slurm_get_comm_parameters + * returns the value of comm_param in slurmctld_conf object + * RET char * - comm parameters, MUST be xfreed by caller + */ +extern char *slurm_get_comm_parameters(void) +{ + char *comm_params = NULL; + slurm_ctl_conf_t *conf; + + if (slurmdbd_conf) { + } else { + conf = slurm_conf_lock(); + comm_params = xstrdup(conf->comm_params); + slurm_conf_unlock(); + } + return comm_params; +} + /* slurm_get_crypto_type * returns the crypto_type from slurmctld_conf object * RET char * - crypto type, MUST be xfreed by caller diff --git a/src/common/slurm_protocol_api.h b/src/common/slurm_protocol_api.h index 8da140c565..267cfe627a 100644 --- a/src/common/slurm_protocol_api.h +++ b/src/common/slurm_protocol_api.h @@ -468,6 +468,12 @@ extern char *slurm_get_checkpoint_dir(void); */ char *slurm_get_cluster_name(void); +/* slurm_get_comm_parameters + * returns the value of comm_param in slurmctld_conf object + * RET char * - comm parameters, MUST be xfreed by caller + */ +extern char *slurm_get_comm_parameters(void); + /* slurm_get_crypto_type * returns the crypto_type from slurmctld_conf object * RET char * - crypto type, MUST be xfreed by caller -- 2.35.3 From 0a33589bc684ae9db9f2b1a05221266bd2886e7f Mon Sep 17 00:00:00 2001 From: Egbert Eich <eich@suse.com> Date: Tue, 24 May 2022 08:27:27 +0200 Subject: [PATCH 31/31] Add missing calls to slurm_msg_set_r_uid() Signed-off-by: Egbert Eich <eich@suse.com> --- src/common/slurm_protocol_api.c | 8 ++++++++ src/slurmctld/backup.c | 2 ++ src/slurmctld/controller.c | 2 ++ src/slurmctld/proc_req.c | 2 ++ 4 files changed, 14 insertions(+) diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c index e9f05c0319..938f7bb4c6 100644 --- a/src/common/slurm_protocol_api.c +++ b/src/common/slurm_protocol_api.c @@ -4338,6 +4338,14 @@ static void _rc_msg_setup(slurm_msg_t *msg, slurm_msg_t *resp_msg, resp_msg->forward_struct = msg->forward_struct; resp_msg->ret_list = msg->ret_list; resp_msg->orig_addr = msg->orig_addr; + /* like _resp_msg_setup() */ + if (!msg->auth_uid_set) + slurm_msg_set_r_uid(resp_msg, SLURM_AUTH_NOBODY); + else if ((msg->auth_uid != slurm_get_slurm_user_id()) && + (msg->auth_uid != slurm_get_slurmd_user_id())) + slurm_msg_set_r_uid(resp_msg, msg->auth_uid); + else + slurm_msg_set_r_uid(resp_msg, SLURM_AUTH_UID_ANY); } diff --git a/src/slurmctld/backup.c b/src/slurmctld/backup.c index 9b98594c9c..d9b296a180 100644 --- a/src/slurmctld/backup.c +++ b/src/slurmctld/backup.c @@ -445,6 +445,7 @@ static int _ping_controller(void) unlock_slurmctld(config_read_lock); req.msg_type = REQUEST_PING; + slurm_msg_set_r_uid(&req, SLURM_AUTH_UID_ANY); if (slurm_send_recv_rc_msg_only_one(&req, &rc, 0) < 0) { error("_ping_controller/slurm_send_node_msg error: %m"); @@ -500,6 +501,7 @@ static int _shutdown_primary_controller(int wait_time) /* send request message */ req.msg_type = REQUEST_CONTROL; + slurm_msg_set_r_uid(&req, SLURM_AUTH_UID_ANY); if (slurm_send_recv_rc_msg_only_one(&req, &rc, (CONTROL_TIMEOUT * 1000)) < 0) { diff --git a/src/slurmctld/controller.c b/src/slurmctld/controller.c index 3fbcb29f0e..9ade6d7638 100644 --- a/src/slurmctld/controller.c +++ b/src/slurmctld/controller.c @@ -2567,6 +2567,7 @@ static int _shutdown_backup_controller(int wait_time) /* send request message */ req.msg_type = REQUEST_CONTROL; + slurm_msg_set_r_uid(&req, SLURM_AUTH_UID_ANY); if (slurm_send_recv_rc_msg_only_one(&req, &rc, (CONTROL_TIMEOUT * 1000)) < 0) { @@ -3103,6 +3104,7 @@ static int _ping_backup_controller(void) unlock_slurmctld(config_read_lock); req.msg_type = REQUEST_PING; + slurm_msg_set_r_uid(&req, SLURM_AUTH_UID_ANY); if (slurm_send_recv_rc_msg_only_one(&req, &rc, 0) < 0) { debug2("_ping_backup_controller/slurm_send_node_msg error: %m"); diff --git a/src/slurmctld/proc_req.c b/src/slurmctld/proc_req.c index 3d308f9055..2645a9b8ca 100644 --- a/src/slurmctld/proc_req.c +++ b/src/slurmctld/proc_req.c @@ -5245,6 +5245,8 @@ static void _slurm_rpc_block_info(slurm_msg_t * msg) response_msg.protocol_version = msg->protocol_version; response_msg.address = msg->address; response_msg.conn = msg->conn; + if (msg->auth_uid_set) + slurm_msg_set_r_uid(&response_msg, msg->auth_uid); response_msg.msg_type = RESPONSE_BLOCK_INFO; response_msg.data = get_buf_data(buffer); response_msg.data_size = get_buf_offset(buffer); -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor