diff --git a/src/common/read_config.c b/src/common/read_config.c index bad330ee6e11d5bc35f7a071635aec1ad66f312b..3ea9ad803d1e44d97879503c8c6458d4d89f19b5 100644 --- a/src/common/read_config.c +++ b/src/common/read_config.c @@ -102,6 +102,10 @@ strong_alias(run_in_daemon, slurm_run_in_daemon); slurm_ctl_conf_t slurmctld_conf; bool ignore_state_errors = false; +#ifndef NDEBUG +uint16_t drop_priv_flag = 0; +#endif + static pthread_mutex_t conf_lock = PTHREAD_MUTEX_INITIALIZER; static s_p_hashtbl_t *conf_hashtbl = NULL; static slurm_ctl_conf_t *conf_ptr = &slurmctld_conf; @@ -2763,6 +2767,22 @@ slurm_conf_init(const char *file_name) return SLURM_ERROR; } +#ifndef NDEBUG + /* + * This is done here to ensure all user commands parse this once at + * launch, rather than trying to test this during each RPC call. + * This environment variable is undocumented, and only + * respected in development builds. When set, the remote end + * will treat the request as if it was issued by an unprivileged + * user account rather than the (likely elevated) privileges that + * the account usually operates under. This makes it possible to + * test various access controls while running the testsuite under + * a single user account. + */ + if (getenv("SLURM_TESTSUITE_DROP_PRIV")) + drop_priv_flag = SLURM_DROP_PRIV; +#endif + init_slurm_conf(conf_ptr); if (_init_slurm_conf(file_name) != SLURM_SUCCESS) fatal("Unable to process configuration file"); diff --git a/src/common/read_config.h b/src/common/read_config.h index caaff9177107056660b9def13db634338581210e..d365713a45aea6000cce8274a51e004b918a7b6f 100644 --- a/src/common/read_config.h +++ b/src/common/read_config.h @@ -55,6 +55,10 @@ extern char *default_slurm_config_file; extern char *default_plugin_path; extern char *default_plugstack; +#ifndef NDEBUG +extern uint16_t drop_priv_flag; +#endif + #define ACCOUNTING_ENFORCE_ASSOCS 0x0001 #define ACCOUNTING_ENFORCE_LIMITS 0x0002 #define ACCOUNTING_ENFORCE_WCKEYS 0x0004 diff --git a/src/common/slurm_protocol_defs.c b/src/common/slurm_protocol_defs.c index 3580643f8371652a3ee3c4fa88a9f61de5f7feec..9ee37de4f958c088e86f13add31e1d7a37a47ea9 100644 --- a/src/common/slurm_protocol_defs.c +++ b/src/common/slurm_protocol_defs.c @@ -108,6 +108,10 @@ extern void slurm_msg_t_init(slurm_msg_t *msg) msg->msg_type = (uint16_t)NO_VAL; msg->protocol_version = (uint16_t)NO_VAL; +#ifndef NDEBUG + msg->flags = drop_priv_flag; +#endif + forward_init(&msg->forward, NULL); return;