diff --git a/src/slurmd/elan_interconnect.c b/src/slurmd/elan_interconnect.c
index 9a9739069f40875bab85f7a952d033e29f4ee5a1..4312d18204a2abc5239d20686d0b2e890e6424f7 100644
--- a/src/slurmd/elan_interconnect.c
+++ b/src/slurmd/elan_interconnect.c
@@ -25,8 +25,6 @@
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
\*****************************************************************************/
-#include <src/slurmd/interconnect.h>
-
#include <sys/types.h>
#include <sys/wait.h>
#include <stdio.h>
@@ -35,16 +33,16 @@
#include <string.h>
#include <stdarg.h>
-#include <src/common/xmalloc.h>
-#include <src/common/xstring.h>
-#include <src/common/bitstring.h>
-#include <src/common/log.h>
-#include <src/common/qsw.h>
-#include <src/common/slurm_errno.h>
-#include <src/common/slurm_protocol_api.h>
-#include <src/slurmd/interconnect.h>
-#include <src/slurmd/setenvpf.h>
-#include <src/slurmd/shm.h>
+#include "src/common/xmalloc.h"
+#include "src/common/xstring.h"
+#include "src/common/bitstring.h"
+#include "src/common/log.h"
+#include "src/common/qsw.h"
+#include "src/common/slurm_errno.h"
+#include "src/common/slurm_protocol_api.h"
+#include "src/slurmd/interconnect.h"
+#include "src/slurmd/setenvpf.h"
+#include "src/slurmd/shm.h"
static int
_wait_and_destroy_prg(qsw_jobinfo_t qsw_job, pid_t pid)
diff --git a/src/slurmd/get_mach_stat.c b/src/slurmd/get_mach_stat.c
index 82a5b138daadba0075fb018e21ec499c49efb20f..e90309c15b8ab459aee15a7d7e423d46369ae244 100644
--- a/src/slurmd/get_mach_stat.c
+++ b/src/slurmd/get_mach_stat.c
@@ -30,7 +30,7 @@
\*****************************************************************************/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
#endif
#include <errno.h>
@@ -43,11 +43,11 @@
#include <sys/vfs.h>
#include <unistd.h>
-#include <src/common/hostlist.h>
-#include <src/common/log.h>
-#include <src/common/parse_spec.h>
-#include <src/slurmctld/slurmctld.h>
-#include <src/slurmd/get_mach_stat.h>
+#include "src/common/hostlist.h"
+#include "src/common/log.h"
+#include "src/common/parse_spec.h"
+#include "src/slurmctld/slurmctld.h"
+#include "src/slurmd/get_mach_stat.h"
char *get_tmp_fs_name (void);
diff --git a/src/slurmd/get_mach_stat.h b/src/slurmd/get_mach_stat.h
index 17d10af47d3e54ecb2565ce6846ad72f7cb1a7d7..4ce1e1ee071143939f397c9a43ec1da987e9525d 100644
--- a/src/slurmd/get_mach_stat.h
+++ b/src/slurmd/get_mach_stat.h
@@ -28,7 +28,7 @@
#define _GET_MACH_STAT_H
#define _SLURMD_H
#if HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
# if HAVE_INTTYPES_H
# include <inttypes.h>
# else
diff --git a/src/slurmd/interconnect.h b/src/slurmd/interconnect.h
index 405bdb0042016278af8dc833fb06bd6f9857c965..e9984cd8b4874609a8d2e690959f99745bbfcf96 100644
--- a/src/slurmd/interconnect.h
+++ b/src/slurmd/interconnect.h
@@ -29,8 +29,8 @@
#ifndef _INTERCONNECT_H_
#define _INTERCONNECT_H_
-#include <src/common/slurm_protocol_api.h>
-#include <src/slurmd/job.h>
+#include "src/common/slurm_protocol_api.h"
+#include "src/slurmd/job.h"
/*
* initialize interconnect on node
diff --git a/src/slurmd/io.c b/src/slurmd/io.c
index 0396d6e3007b664f70876ff52c8d9447bb764a5d..ad793f226fbac9d116f1dacbdc117af46c503b86 100644
--- a/src/slurmd/io.c
+++ b/src/slurmd/io.c
@@ -26,7 +26,7 @@
\*****************************************************************************/
#if HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
#endif
#if HAVE_UNISTD_H
@@ -47,17 +47,17 @@
#include <unistd.h>
#include <errno.h>
-#include <src/common/eio.h>
-#include <src/common/cbuf.h>
-#include <src/common/log.h>
-#include <src/common/fd.h>
-#include <src/common/list.h>
-#include <src/common/xmalloc.h>
-#include <src/common/xsignal.h>
-
-#include <src/slurmd/job.h>
-#include <src/slurmd/shm.h>
-#include <src/slurmd/io.h>
+#include "src/common/eio.h"
+#include "src/common/cbuf.h"
+#include "src/common/log.h"
+#include "src/common/fd.h"
+#include "src/common/list.h"
+#include "src/common/xmalloc.h"
+#include "src/common/xsignal.h"
+
+#include "src/slurmd/job.h"
+#include "src/slurmd/shm.h"
+#include "src/slurmd/io.h"
typedef enum slurmd_io_tupe {
TASK_STDERR = 0,
diff --git a/src/slurmd/io.h b/src/slurmd/io.h
index d15c4ca519da4d4348d332e59e13c54c1c91e54a..4dc5454187fe07bb5eec4fc5dd08ff2f828e0670 100644
--- a/src/slurmd/io.h
+++ b/src/slurmd/io.h
@@ -28,8 +28,8 @@
#ifndef _IO_H
#define _IO_H
-#include <src/slurmd/job.h>
-#include <src/common/eio.h>
+#include "src/slurmd/job.h"
+#include "src/common/eio.h"
/*
* Spawn IO handling thread.
diff --git a/src/slurmd/job.c b/src/slurmd/job.c
index a15d2ace289c95f08a8780a9c024c9745f55c12d..db120bdbc9d4c8d6b14184899b343e034c273687 100644
--- a/src/slurmd/job.c
+++ b/src/slurmd/job.c
@@ -26,7 +26,7 @@
\*****************************************************************************/
#if HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
#endif
#if HAVE_STRING_H
@@ -35,16 +35,16 @@
#include <signal.h>
-#include <src/common/xmalloc.h>
-#include <src/common/xassert.h>
-#include <src/common/xstring.h>
-#include <src/common/log.h>
-#include <src/common/eio.h>
-#include <src/common/slurm_protocol_api.h>
+#include "src/common/xmalloc.h"
+#include "src/common/xassert.h"
+#include "src/common/xstring.h"
+#include "src/common/log.h"
+#include "src/common/eio.h"
+#include "src/common/slurm_protocol_api.h"
-#include <src/slurmd/job.h>
-#include <src/slurmd/shm.h>
-#include <src/slurmd/io.h>
+#include "src/slurmd/job.h"
+#include "src/slurmd/shm.h"
+#include "src/slurmd/io.h"
static char ** _array_copy(int n, char **src);
static void _array_free(int n, char ***array);
diff --git a/src/slurmd/job.h b/src/slurmd/job.h
index 535794279f60ee966ef8aaa3ab7c2e320b0f891a..e19d323b7f5481498845c608fb0593fddd66dfc4 100644
--- a/src/slurmd/job.h
+++ b/src/slurmd/job.h
@@ -34,10 +34,10 @@
#include <pwd.h>
-#include <src/common/macros.h>
-#include <src/common/slurm_protocol_api.h>
-#include <src/common/list.h>
-#include <src/common/eio.h>
+#include "src/common/macros.h"
+#include "src/common/slurm_protocol_api.h"
+#include "src/common/list.h"
+#include "src/common/eio.h"
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 64
diff --git a/src/slurmd/mgr.h b/src/slurmd/mgr.h
index c3f29f03179853500c227ce87f97fc25c4b37974..5dfbb252f836fa2830e2a181ac0a7f96223c06c5 100644
--- a/src/slurmd/mgr.h
+++ b/src/slurmd/mgr.h
@@ -27,12 +27,12 @@
#define _MGR_H
#if HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
#endif
-#include <src/common/slurm_protocol_defs.h>
+#include "src/common/slurm_protocol_defs.h"
-#include <src/slurmd/job.h>
+#include "src/slurmd/job.h"
/* Launch a job step on this node
*/
diff --git a/src/slurmd/read_proc.c b/src/slurmd/read_proc.c
index 932ff579e8e05f73e3001f4e567be584fd43f3ce..51f8cb11a216adf4f2f95ec9f2df1606d0ba3ff9 100644
--- a/src/slurmd/read_proc.c
+++ b/src/slurmd/read_proc.c
@@ -27,7 +27,7 @@
\*****************************************************************************/
#ifdef HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
#endif
#include <stdlib.h>
@@ -41,7 +41,7 @@
#include <syslog.h>
#include <unistd.h>
-#include <src/common/log.h>
+#include "src/common/log.h"
#define SESSION_RECS 50
diff --git a/src/slurmd/req.c b/src/slurmd/req.c
index 53e8eb8bbc564409350697c8bfa763e2a351f11a..af995d0b7b4f26184b4c350e9efa4db45ded4a44 100644
--- a/src/slurmd/req.c
+++ b/src/slurmd/req.c
@@ -25,7 +25,7 @@
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
\*****************************************************************************/
#if HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
#endif
#include <pthread.h>
@@ -33,15 +33,15 @@
#include <string.h>
#include <sys/param.h>
-#include <src/common/slurm_protocol_api.h>
-#include <src/common/credential_utils.h>
-#include <src/common/slurm_auth.h>
-#include <src/common/log.h>
-#include <src/common/xmalloc.h>
+#include "src/common/credential_utils.h"
+#include "src/common/log.h"
+#include "src/common/slurm_auth.h"
+#include "src/common/slurm_protocol_api.h"
+#include "src/common/xmalloc.h"
-#include <src/slurmd/slurmd.h>
-#include <src/slurmd/shm.h>
-#include <src/slurmd/mgr.h>
+#include "src/slurmd/slurmd.h"
+#include "src/slurmd/shm.h"
+#include "src/slurmd/mgr.h"
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 64
@@ -51,7 +51,8 @@ static void _rpc_launch_tasks(slurm_msg_t *, slurm_addr *);
static void _rpc_batch_job(slurm_msg_t *, slurm_addr *);
static void _rpc_kill_tasks(slurm_msg_t *, slurm_addr *);
static void _rpc_revoke_credential(slurm_msg_t *, slurm_addr *);
-static void _rpc_ping(slurm_msg_t *, slurm_addr *);
+static void _rpc_shutdown(slurm_msg_t *msg, slurm_addr *cli_addr);
+static int _rpc_ping(slurm_msg_t *, slurm_addr *);
static int _launch_tasks(launch_tasks_request_msg_t *, slurm_addr *);
void
@@ -76,19 +77,19 @@ slurmd_req(slurm_msg_t *msg, slurm_addr *cli)
break;
case REQUEST_SHUTDOWN:
case REQUEST_SHUTDOWN_IMMEDIATE:
- kill(conf->pid, SIGTERM);
+ _rpc_shutdown(msg, cli);
slurm_free_shutdown_msg(msg->data);
break;
case REQUEST_NODE_REGISTRATION_STATUS:
/* Treat as ping (for slurmctld agent) */
- _rpc_ping(msg, cli);
- /* Then initiate a separate node registration */
- slurm_free_node_registration_status_msg(msg->data);
- send_registration_msg();
+ if (_rpc_ping(msg, cli) == SLURM_SUCCESS) {
+ /* Then initiate a separate node registration */
+ slurm_free_node_registration_status_msg(msg->data);
+ send_registration_msg();
+ }
break;
case REQUEST_PING:
_rpc_ping(msg, cli);
- /* XXX: Is there a slurm_free_blahblah* for this one? */
break;
default:
error("slurmd_req: invalid request msg type %d\n",
@@ -172,14 +173,12 @@ _rpc_launch_tasks(slurm_msg_t *msg, slurm_addr *cli)
uint16_t port;
char host[MAXHOSTNAMELEN];
uid_t req_uid;
- gid_t req_gid;
slurm_msg_t resp_msg;
launch_tasks_response_msg_t resp;
launch_tasks_request_msg_t *req = msg->data;
slurm_get_addr(cli, &port, host, sizeof(host));
req_uid = slurm_auth_uid(msg->cred);
- req_gid = slurm_auth_gid(msg->cred);
info("launch tasks request from %ld@%s", req_uid, host);
@@ -213,33 +212,50 @@ _rpc_batch_job(slurm_msg_t *msg, slurm_addr *cli)
{
batch_job_launch_msg_t *req = (batch_job_launch_msg_t *)msg->data;
int rc = SLURM_SUCCESS;
- uint16_t port;
- char host[MAXHOSTNAMELEN];
- uid_t req_uid;
- gid_t req_gid;
-
- slurm_get_addr(cli, &port, host, sizeof(host));
- req_uid = slurm_auth_uid(msg->cred);
- req_gid = slurm_auth_gid(msg->cred);
+ uid_t req_uid = slurm_auth_uid(msg->cred);
- if ((req_uid != 0) && (req_uid != (uid_t)req->uid)) {
- rc = EPERM;
- goto done;
+ if ((req_uid != conf->slurm_user_id) && (req_uid != 0)) {
+ error("Security violation, batch launch RPC from uid %u",
+ (unsigned int) req_uid);
+ rc = ESLURM_USER_ID_MISSING; /* or bad in this case */
+ } else {
+ info("Launching batch job %u for UID %d",
+ req->job_id, req->uid);
+ if (_launch_batch_job(req, cli) < 0)
+ rc = SLURM_FAILURE;
}
- info("batch launch request from %ld@%s", req_uid, host);
-
- if (_launch_batch_job(req, cli) < 0)
- rc = SLURM_FAILURE;
-
- done:
slurm_send_rc_msg(msg, rc);
}
static void
+_rpc_shutdown(slurm_msg_t *msg, slurm_addr *cli_addr)
+{
+ uid_t req_uid = slurm_auth_uid(msg->cred);
+
+ if ((req_uid != conf->slurm_user_id) && (req_uid != 0)) {
+ error("Security violation, shutdown RPC from uid %u",
+ (unsigned int) req_uid);
+ slurm_send_rc_msg(msg, ESLURM_USER_ID_MISSING); /* uid bad */
+ } else
+ kill(conf->pid, SIGTERM);
+}
+
+static int
_rpc_ping(slurm_msg_t *msg, slurm_addr *cli_addr)
{
- slurm_send_rc_msg(msg, SLURM_SUCCESS);
+ int rc = SLURM_SUCCESS;
+ uid_t req_uid = slurm_auth_uid(msg->cred);
+
+ if ((req_uid != conf->slurm_user_id) && (req_uid != 0)) {
+ error("Security violation, ping RPC from uid %u",
+ (unsigned int) req_uid);
+ rc = ESLURM_USER_ID_MISSING; /* or bad in this case */
+ }
+
+ /* return result */
+ slurm_send_rc_msg(msg, rc);
+ return rc;
}
static void
@@ -261,7 +277,7 @@ _rpc_kill_tasks(slurm_msg_t *msg, slurm_addr *cli_addr)
if ((req_uid != step->uid) && (req_uid != 0)) {
debug("kill req from uid %ld for job %d.%d owned by uid %ld",
req_uid, step->jobid, step->stepid, step->uid);
- rc = EPERM;
+ rc = ESLURM_USER_ID_MISSING; /* or bad in this case */
goto done;
}
@@ -297,11 +313,10 @@ _rpc_revoke_credential(slurm_msg_t *msg, slurm_addr *cli)
uid_t req_uid = slurm_auth_uid(msg->cred);
revoke_credential_msg_t *req = (revoke_credential_msg_t *) msg->data;
- if ((req_uid != 0) && (req_uid != getuid())) {
+ if ((req_uid != conf->slurm_user_id) && (req_uid != 0)) {
rc = ESLURM_USER_ID_MISSING;
- error
- ("Security violation, uid %u can't set node down",
- (unsigned int) req_uid);
+ error("Security violation, uid %u can't revoke credentials",
+ (unsigned int) req_uid);
} else {
rc = revoke_credential(req, conf->cred_state_list);
diff --git a/src/slurmd/req.h b/src/slurmd/req.h
index d8f41d6e2e4a24d982af5f5beb7350cf2d32e7c4..013479d8346672dca494602eb3cbaef94a265e49 100644
--- a/src/slurmd/req.h
+++ b/src/slurmd/req.h
@@ -27,7 +27,7 @@
#ifndef _REQ_H
#define _REQ_H
-#include <src/common/slurm_protocol_defs.h>
+#include "src/common/slurm_protocol_defs.h"
/* Process request contained in slurm message `msg' from client at
* "*client_addr"
diff --git a/src/slurmd/setenvpf.c b/src/slurmd/setenvpf.c
index ff633e7f93324af0e0d10e0f75a08262f0a6513d..568f1c2c5b0f04809bb8371896de71be9350e691 100644
--- a/src/slurmd/setenvpf.c
+++ b/src/slurmd/setenvpf.c
@@ -26,16 +26,16 @@
\*****************************************************************************/
#if HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
#endif
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
-#include <src/common/xmalloc.h>
-#include <src/common/xassert.h>
-#include <src/common/xstring.h>
+#include "src/common/xmalloc.h"
+#include "src/common/xassert.h"
+#include "src/common/xstring.h"
/* add environment variable to end of env vector allocated with
* xmalloc() extending *envp if necessary.
diff --git a/src/slurmd/shm.c b/src/slurmd/shm.c
index 6d8670ec20877e9b1f4a51a8deb4af45fd345661..fa8967fc82cd4a68776d10ee5454693ce84c23d7 100644
--- a/src/slurmd/shm.c
+++ b/src/slurmd/shm.c
@@ -26,7 +26,7 @@
\*****************************************************************************/
#if HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
#endif
#if HAVE_SYS_IPC_H
diff --git a/src/slurmd/shm.h b/src/slurmd/shm.h
index c678e0a955812c8eecd59a4b2f1e2d622be7a4e6..d10b5611e368bd54dbd9ab1bcc7dcb76701fafc4 100644
--- a/src/slurmd/shm.h
+++ b/src/slurmd/shm.h
@@ -28,7 +28,7 @@
#define _SHM_H
#if HAVE_CONFIG_H
-# include <config.h>
+# include "config.h"
#endif
#if HAVE_INTTYPES_H
@@ -47,10 +47,10 @@
# include <unistd.h>
#endif
-#include <src/common/slurm_protocol_api.h>
-#include <src/common/list.h>
+#include "src/common/slurm_protocol_api.h"
+#include "src/common/list.h"
-#include <src/slurmd/job.h>
+#include "src/slurmd/job.h"
/* local job states */
typedef enum job_state {
diff --git a/src/slurmd/slurmd.c b/src/slurmd/slurmd.c
index e623915b339d609a24caddc65a6620ba301cc266..efba4575ade17f38f2d5a5aed77704ed7a532fb7 100644
--- a/src/slurmd/slurmd.c
+++ b/src/slurmd/slurmd.c
@@ -106,14 +106,14 @@ main (int argc, char *argv[])
_init_conf();
_process_cmdline(argc, argv);
_read_config();
- _print_conf();
_set_slurmd_spooldir();
if (conf->daemonize)
daemon(0,0);
- create_pidfile(DEFAULT_PIDFILE);
+ create_pidfile(conf->pidfile);
log_init(argv[0], conf->log_opts, LOG_DAEMON, conf->logfile);
+ _print_conf();
info("%s started on %T", xbasename(argv[0]));
_create_msg_socket();
conf->pid = getpid();
@@ -349,6 +349,7 @@ _read_config()
}
conf->port = slurmctld_conf.slurmd_port;
+ conf->slurm_user_id = slurmctld_conf.slurm_user_id;
_free_and_set(&conf->epilog, slurmctld_conf.epilog );
_free_and_set(&conf->prolog, slurmctld_conf.prolog );
_free_and_set(&conf->tmpfs, slurmctld_conf.tmp_fs );
@@ -370,6 +371,7 @@ _print_conf()
debug3("Public Cert = `%s'", conf->pubkey);
debug3("Spool Dir = `%s'", conf->spooldir);
debug3("Pid File = `%s'", conf->pidfile);
+ debug3("Slurm UID = %u", conf->slurm_user_id);
}
diff --git a/src/slurmd/slurmd.h b/src/slurmd/slurmd.h
index 923fa1755118a3b052da7508e90666449bccdf30..d162a96f85f30ef8cd57013a650c5deab7954135 100644
--- a/src/slurmd/slurmd.h
+++ b/src/slurmd/slurmd.h
@@ -40,6 +40,8 @@
# include <inttypes.h>
#endif /* HAVE_CONFIG_H */
+#include <sys/types.h>
+
#include "src/common/log.h"
#include "src/common/list.h"
#include "src/common/slurm_protocol_api.h"
@@ -71,6 +73,7 @@ typedef struct slurmd_config {
List cred_state_list; /* credential stat list */
List threads; /* list of active threads */
slurm_ssl_ctx vctx; /* ssl context for cred utils */
+ uid_t slurm_user_id; /* UID that slurmctld runs as */
} slurmd_conf_t;
slurmd_conf_t * conf;