From 89e4accd58f57de7ec42655134aefcc4f2663523 Mon Sep 17 00:00:00 2001
From: Moe Jette <jette1@llnl.gov>
Date: Thu, 2 Mar 2006 16:24:46 +0000
Subject: [PATCH] Modify bcast to disable use on BGL. Add sbcast security test.

---
 src/sbcast/opts.c         |   4 ++
 testsuite/expect/test14.4 |   5 ++
 testsuite/expect/test14.5 |   5 ++
 testsuite/expect/test14.6 |   7 +-
 testsuite/expect/test14.7 | 140 ++++++++++++++++++++++++++++++++++++++
 5 files changed, 160 insertions(+), 1 deletion(-)
 create mode 100755 testsuite/expect/test14.7

diff --git a/src/sbcast/opts.c b/src/sbcast/opts.c
index 6d07749d5e2..b89910f2c0b 100644
--- a/src/sbcast/opts.c
+++ b/src/sbcast/opts.c
@@ -124,6 +124,10 @@ extern void parse_command_line(int argc, char *argv[])
 
 	if (params.verbose)
 		_print_options();
+#ifdef HAVE_BG
+	fprintf(stderr, "sbcast not supported on BlueGene systems\n");
+	exit(1);
+#endif
 }
 
 /* print the parameters specified */
diff --git a/testsuite/expect/test14.4 b/testsuite/expect/test14.4
index 1a3268ba147..7c67899f1b4 100755
--- a/testsuite/expect/test14.4
+++ b/testsuite/expect/test14.4
@@ -44,6 +44,11 @@ set job_id               0
 
 print_header $test_id
 
+if {[test_front_end] != 0} {
+	send_user "\nWARNING: This test is incompatable with front-end systems\n"
+	exit 0
+}
+
 #
 # Delete left-over input script plus stdout/err files
 # Build input script file that broacasts a file
diff --git a/testsuite/expect/test14.5 b/testsuite/expect/test14.5
index bbfdabff5dd..e0fae6a3960 100755
--- a/testsuite/expect/test14.5
+++ b/testsuite/expect/test14.5
@@ -44,6 +44,11 @@ set job_id               0
 
 print_header $test_id
 
+if {[test_front_end] != 0} {
+	send_user "\nWARNING: This test is incompatable with front-end systems\n"
+	exit 0
+}
+
 #
 # Delete left-over input script plus stdout/err files
 # Build input script file that broacasts a file
diff --git a/testsuite/expect/test14.6 b/testsuite/expect/test14.6
index dbb76dd4572..45a85d468fb 100755
--- a/testsuite/expect/test14.6
+++ b/testsuite/expect/test14.6
@@ -44,6 +44,11 @@ set job_id               0
 
 print_header $test_id
 
+if {[test_front_end] != 0} {
+	send_user "\nWARNING: This test is incompatable with front-end systems\n"
+	exit 0
+}
+
 #
 # Delete left-over input script plus stdout/err files
 # Build input script file that broacasts a file
@@ -92,7 +97,7 @@ if {[wait_for_job $job_id "DONE"] != 0} {
 }
 
 set matches 0
-if {[wait_for_file $file_out] == 0} {
+if {[wait_for_file $file_err] == 0} {
 	spawn $bin_cat $file_err
 	expect {
 		-re "force" {
diff --git a/testsuite/expect/test14.7 b/testsuite/expect/test14.7
new file mode 100755
index 00000000000..86f93a1838b
--- /dev/null
+++ b/testsuite/expect/test14.7
@@ -0,0 +1,140 @@
+#!/usr/bin/expect
+############################################################################
+# Purpose: Test of SLURM functionality
+#          Test sbcast security issues.
+#
+# Output:  "TEST: #.#" followed by "SUCCESS" if test was successful, OR
+#          "FAILURE: ..." otherwise with an explanation of the failure, OR
+#          anything else indicates a failure mode that must be investigated.
+#
+# Note:    This script generates and then deletes files in the working directory 
+#          named test14.4.input, test14.4.output, and test14.4.error
+############################################################################
+# Copyright (C) 2006 The Regents of the University of California.
+# Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
+# Written by Morris Jette <jette1@llnl.gov>
+# UCRL-CODE-217948.
+# 
+# This file is part of SLURM, a resource management program.
+# For details, see <http://www.llnl.gov/linux/slurm/>.
+#  
+# SLURM is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation; either version 2 of the License, or (at your option)
+# any later version.
+# 
+# SLURM is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+# 
+# You should have received a copy of the GNU General Public License along
+# with SLURM; if not, write to the Free Software Foundation, Inc.,
+# 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA.
+############################################################################
+source ./globals
+
+set test_id     "14.7"
+set file_in     "test$test_id.input"
+set file_out    "test$test_id.output"
+set file_err    "test$test_id.error"
+
+set exit_code            0
+set job_id               0
+
+print_header $test_id
+
+if {[test_front_end] != 0} {
+	send_user "\nWARNING: This test is incompatable with front-end systems\n"
+	exit 0
+}
+
+set uid 0
+spawn $bin_id
+expect {
+	-re "(uid=.*\n)" {
+		set uid $expect_out(1,string)
+		exp_continue
+	}
+	eof {
+		wait
+	}
+}
+if {$uid == 0} {
+	send_user "\nWARNING: This test is unsuitable for execution as user root\n"
+	exit 0
+}
+
+#
+# Delete left-over input script plus stdout/err files
+# Build input script file that broacasts a file
+#
+exec $bin_rm -f $file_in $file_out $file_err
+exec echo "#!$bin_bash"					 >$file_in
+exec echo "$sbcast $sbcast /test1.$test_id"		>>$file_in
+exec echo "$srun ls  /test1.$test_id"	 		>>$file_in
+exec $bin_chmod 700 $file_in
+
+#
+# Spawn a srun batch job that uses stdout/err and confirm their contents
+#
+set timeout $max_job_delay
+spawn $srun -N1 --batch --output=$file_out --error=$file_err -t1 $file_in
+expect {
+	-re "jobid ($number) submitted" {
+		set job_id $expect_out(1,string)
+		exp_continue
+	}
+	timeout {
+		send_user "\nFAILURE: srun not responding\n"
+		kill_srun
+		set exit_code 1
+		exp_continue
+	}
+	eof {
+		wait
+	}
+}
+
+if {$job_id == 0} {
+	send_user "\nFAILURE: batch submit failure\n"
+	exit 1
+}
+
+#
+# Wait for job to complete and check output file
+#
+if {[wait_for_job $job_id "DONE"] != 0} {
+	send_user "\nFAILURE: waiting for job to complete\n"
+	set exit_code 1
+}
+
+set matches 0
+if {[wait_for_file $file_err] == 0} {
+	spawn $bin_cat $file_err
+	expect {
+		-re "REQUEST_FILE_BCAST: Permission denied" {
+			send_user "These errors are expected, no worries\n"
+			incr matches
+			exp_continue
+		}
+		-re "No such file" {
+			send_user "These errors are expected, no worries\n"
+			incr matches
+			exp_continue
+		}
+		eof {
+			wait
+		}
+	}
+}
+if {$matches != 2} {
+	send_user "\nFAILURE: sbcast wrote into root file system without root access\n"
+	set exit_code 1
+}
+
+if {$exit_code == 0} {
+	exec $bin_rm -f $file_in $file_out $file_err
+	send_user "\nSUCCESS\n"
+}
+exit $exit_code
-- 
GitLab