From bd6f12193ace8cdf931b1bca2b224a8beab786c4 Mon Sep 17 00:00:00 2001
From: Tim Wickberg <tim@schedmd.com>
Date: Thu, 31 Aug 2017 18:16:07 -0600
Subject: [PATCH] Add handling for SLURM_TESTSUITE_DROP_PRIV environment
 variable.

If SLURM_TESTSUITE_DROP_PRIV is defined (regardless of the value),
set SLURM_DROP_PRIV in the message header so the slurmctld/slurmdbd
will treat the request as if issued from an unprivileged user account.

Bug 4080.
---
 src/common/read_config.c         | 20 ++++++++++++++++++++
 src/common/read_config.h         |  4 ++++
 src/common/slurm_protocol_defs.c |  4 ++++
 3 files changed, 28 insertions(+)

diff --git a/src/common/read_config.c b/src/common/read_config.c
index bad330ee6e1..3ea9ad803d1 100644
--- a/src/common/read_config.c
+++ b/src/common/read_config.c
@@ -102,6 +102,10 @@ strong_alias(run_in_daemon, slurm_run_in_daemon);
 slurm_ctl_conf_t slurmctld_conf;
 bool ignore_state_errors = false;
 
+#ifndef NDEBUG
+uint16_t drop_priv_flag = 0;
+#endif
+
 static pthread_mutex_t conf_lock = PTHREAD_MUTEX_INITIALIZER;
 static s_p_hashtbl_t *conf_hashtbl = NULL;
 static slurm_ctl_conf_t *conf_ptr = &slurmctld_conf;
@@ -2763,6 +2767,22 @@ slurm_conf_init(const char *file_name)
 		return SLURM_ERROR;
 	}
 
+#ifndef NDEBUG
+	/*
+	 * This is done here to ensure all user commands parse this once at
+	 * launch, rather than trying to test this during each RPC call.
+	 * This environment variable is undocumented, and only
+	 * respected in development builds. When set, the remote end
+	 * will treat the request as if it was issued by an unprivileged
+	 * user account rather than the (likely elevated) privileges that
+	 * the account usually operates under. This makes it possible to
+	 * test various access controls while running the testsuite under
+	 * a single user account.
+	 */
+	if (getenv("SLURM_TESTSUITE_DROP_PRIV"))
+		drop_priv_flag = SLURM_DROP_PRIV;
+#endif
+
 	init_slurm_conf(conf_ptr);
 	if (_init_slurm_conf(file_name) != SLURM_SUCCESS)
 		fatal("Unable to process configuration file");
diff --git a/src/common/read_config.h b/src/common/read_config.h
index caaff917710..d365713a45a 100644
--- a/src/common/read_config.h
+++ b/src/common/read_config.h
@@ -55,6 +55,10 @@ extern char *default_slurm_config_file;
 extern char *default_plugin_path;
 extern char *default_plugstack;
 
+#ifndef NDEBUG
+extern uint16_t drop_priv_flag;
+#endif
+
 #define ACCOUNTING_ENFORCE_ASSOCS 0x0001
 #define ACCOUNTING_ENFORCE_LIMITS 0x0002
 #define ACCOUNTING_ENFORCE_WCKEYS 0x0004
diff --git a/src/common/slurm_protocol_defs.c b/src/common/slurm_protocol_defs.c
index 3580643f837..9ee37de4f95 100644
--- a/src/common/slurm_protocol_defs.c
+++ b/src/common/slurm_protocol_defs.c
@@ -108,6 +108,10 @@ extern void slurm_msg_t_init(slurm_msg_t *msg)
 	msg->msg_type = (uint16_t)NO_VAL;
 	msg->protocol_version = (uint16_t)NO_VAL;
 
+#ifndef NDEBUG
+	msg->flags = drop_priv_flag;
+#endif
+
 	forward_init(&msg->forward, NULL);
 
 	return;
-- 
GitLab