From e361f0b0b0ebc7b853ea743af70f1c4d93354329 Mon Sep 17 00:00:00 2001
From: tewk <tewk@unknown>
Date: Mon, 29 Jul 2002 22:05:14 +0000
Subject: [PATCH] Finished credential stuff for jobs

---
 src/common/credential_utils.c | 137 +++++++++++++++++++++++++++++-----
 src/common/credential_utils.h |  22 +++++-
 src/common/slurm_errno.h      |   2 +
 src/slurmd/slurmd.c           |  10 ++-
 4 files changed, 146 insertions(+), 25 deletions(-)

diff --git a/src/common/credential_utils.c b/src/common/credential_utils.c
index 603f853f567..e384717f372 100644
--- a/src/common/credential_utils.c
+++ b/src/common/credential_utils.c
@@ -19,14 +19,40 @@
 #include <src/common/hostlist.h>
 #define MAX_NAME_LEN 1024
 
-typedef struct revoked_credential
+/* global variables */
+
+/* prototypes */
+
+static int clear_expired_revoked_credentials ( List list ) ;
+static int is_credential_still_valid ( slurm_job_credential_t * credential , List list ) ;
+	
+	
+static int init_credential_state ( credential_state_t * credential_state , slurm_job_credential_t * credential ) ;
+void free_credential_state ( void * credential_state ) ;
+static int insert_credential_state ( slurm_job_credential_t * credential , List list ) ;
+	
+int sign_credential ( slurm_ssl_key_ctx_t * sign_ctx , slurm_job_credential_t * credential ) 
 {
-	int job_id ;
-	time_t expiration ;
-} revoked_credential_t ;
+	char buffer [4096] ;
+	char * buf_ptr = buffer ;
+	int buf_size = sizeof ( buffer ) ;
+	int size = sizeof ( buffer ) ;
+	int error_code = SLURM_SUCCESS ;
+	int signature_size ;
+	
+	pack_job_credential ( credential , (void ** ) & buf_ptr , & size ) ;
+	if ( slurm_ssl_sign ( sign_ctx , buffer , buf_size - size - SLURM_SSL_SIGNATURE_LENGTH , credential -> signature , & signature_size ) )
+	{
+		slurm_seterrno ( ESLURMD_ERROR_SIGNING_CREDENTIAL ) ;
+		error_code = SLURM_ERROR ;
+		goto return_ ;
+	}
 
-int clear_expired_revoked_credentials ( List list ) ;
-int verify_credential ( slurm_ssl_key_ctx_t * verify_ctx , slurm_job_credential_t * credential )
+	return_:
+	return error_code ;
+}
+
+int verify_credential ( slurm_ssl_key_ctx_t * verify_ctx , slurm_job_credential_t * credential , List credential_state_list ) 
 {
 	char buffer [4096] ;
 	char * buf_ptr = buffer ;
@@ -62,35 +88,70 @@ int verify_credential ( slurm_ssl_key_ctx_t * verify_ctx , slurm_job_credential_
 		goto return_ ;
 
 	}
+	*/
+	
+	/*
+	 * need code to check to make sure that only the specified number of procs per node
+	 * are used to launch tasks and not more
+	 */
 
-	if ( is_credential_still_valid ( credential , revoked_credentials_list_t * list ) )
+	if ( is_credential_still_valid ( credential , credential_state_list ) )
 	{
-		slurm_seterrno ( ESLURMD_CREDENTIAL_REVOKED ) ;
 		error_code = SLURM_ERROR ;
 		goto return_ ;
 	}
-	*/
 
 	return_:
 	return error_code ;
 }
 
-int insert_expired_credential ( slurm_job_credential_t * credential , List list ) 
+int expire_credential ( revoke_credential_msg_t * revoke_msg , List list ) 
 {
-	return SLURM_SUCCESS ;
+	time_t now = time ( NULL ) ;
+	ListIterator iterator ;
+	credential_state_t * credential_state ;
+	
+	iterator = list_iterator_create( list ) ;
+
+	while ( ( credential_state = list_next ( iterator ) ) )
+	{
+		if ( revoke_msg -> job_id == credential_state -> job_id ) ;
+		{
+			credential_state -> revoked = true ;
+			credential_state -> revoke_time = now ;
+			return SLURM_SUCCESS ;
+		}
+	}
+	slurm_seterrno ( ESLURMD_CREDENTIAL_TO_EXPIRE_DOESNOT_EXIST ) ;
+	return SLURM_FAILURE ;
 }
 
 int is_credential_still_valid ( slurm_job_credential_t * credential , List list )
 {
 	ListIterator iterator ;
+	credential_state_t * credential_state ;
+	
 	iterator = list_iterator_create( list ) ;
 	clear_expired_revoked_credentials ( list ) ;
-	/*revoked_credential_t * revoked_credential ;
-	while ( ( revoked_credential = list_next ( iterator ) ) )
+
+	while ( ( credential_state = list_next ( iterator ) ) )
 	{
-		if ( credential -> job_id == revoked_credential -> job_id ) ;
+		if ( credential -> job_id == credential_state -> job_id ) ;
+		{
+			if ( credential_state -> revoked )
+			{
+				return ESLURMD_CREDENTIAL_REVOKED ;
+			}
+			/* only allows one launch this is a problem but othrewise we have to do accounting 
+			 * of how many proccess are running and how many the credential allows. */
+			credential_state -> revoked = true ;
+			/* credential_state and is good */
+			return SLURM_SUCCESS ;
+		}
 	}
-	*/
+	/* credential_state does not exist */
+	insert_credential_state ( credential , list ) ;	
+
 	return SLURM_SUCCESS ;
 }
 
@@ -98,16 +159,52 @@ int clear_expired_revoked_credentials ( List list )
 {
 	time_t now = time ( NULL ) ;
 	ListIterator iterator ;
+	credential_state_t * credential_state ;
+
 	iterator = list_iterator_create( list ) ;
-	/*revoked_credential_t * revoked_credential ;
-	while ( ( revoked_credential = list_next ( iterator ) ) )
+	while ( ( credential_state = list_next ( iterator ) ) )
 	{
-		if ( now + EXPIATION_WINDOW > revoked_credential -> expiration )
+		if ( now + EXPIRATION_WINDOW > credential_state -> expiration )
 		{
 			list_delete ( iterator ) ;
 		}
 	}
-	*/
 	return SLURM_SUCCESS ;
 }
-	
+
+int initialize_credential_state_list ( List * list )
+{
+	*list = list_create ( free_credential_state ) ;
+	return SLURM_SUCCESS ;
+}
+
+int destroy_credential_state_list ( List list )
+{
+	list_destroy ( list ) ;
+	return SLURM_SUCCESS ;
+}
+
+int init_credential_state ( credential_state_t * credential_state , slurm_job_credential_t * credential )
+{
+	credential_state -> job_id = credential -> job_id ;	
+	credential_state -> expiration = credential -> expiration_time  ;
+	credential_state -> revoked = false ;
+	return SLURM_SUCCESS ;
+}
+
+void free_credential_state ( void * credential_state )
+{
+	if ( credential_state )
+	{
+		xfree ( credential_state ) ;
+	}
+}
+
+int insert_credential_state ( slurm_job_credential_t * credential , List list )
+{
+	credential_state_t * credential_state ;
+	credential_state = xmalloc ( sizeof ( slurm_job_credential_t ) ) ;
+	init_credential_state ( credential_state , credential ) ;
+	list_append ( list , credential_state ) ;
+	return SLURM_SUCCESS ;	
+}
diff --git a/src/common/credential_utils.h b/src/common/credential_utils.h
index 8d39b962712..ccefa5cd2ae 100644
--- a/src/common/credential_utils.h
+++ b/src/common/credential_utils.h
@@ -9,8 +9,28 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 
+#include <src/common/list.h>
 #include <src/common/slurm_protocol_api.h>
 #include <src/slurmd/signature_utils.h>
-int verify_credential ( slurm_ssl_key_ctx_t * verfify_ctx , slurm_job_credential_t * credential ) ;
+
+typedef struct credential_state
+{
+	int job_id ;
+	short int revoked ;
+	short int procs ;
+	short int totol_procs ;
+	short int procs_allocated ;
+	time_t revoke_time ;
+	time_t expiration ;
+} credential_state_t ;
+
+#define EXPIRATION_WINDOW 600
+
+/* function prototypes */
+int initialize_credential_state_list ( List * list ) ;
+int destroy_credential_state_list ( List list ) ;
+int verify_credential ( slurm_ssl_key_ctx_t * verfify_ctx , slurm_job_credential_t * credential , List credential_state_list ) ;
+int sign_credential ( slurm_ssl_key_ctx_t * sign_ctx , slurm_job_credential_t * credential ) ; 
+int expire_credential ( revoke_credential_msg_t * revoke_msg , List list ) ;
 
 #endif
diff --git a/src/common/slurm_errno.h b/src/common/slurm_errno.h
index 51b5d8d8d61..3a8ad1b007a 100644
--- a/src/common/slurm_errno.h
+++ b/src/common/slurm_errno.h
@@ -14,4 +14,6 @@
 #define ESLURMD_NODE_NAME_NOT_PRESENT_IN_CREDENTIAL	90006
 #define ESLURMD_CREDENTIAL_EXPIRED			90007
 #define ESLURMD_CREDENTIAL_REVOKED			90008
+#define ESLURMD_CREDENTIAL_TO_EXPIRE_DOESNOT_EXIST	90009
+#define ESLURMD_ERROR_SIGNING_CREDENTIAL		90010
 #endif
diff --git a/src/slurmd/slurmd.c b/src/slurmd/slurmd.c
index 26e11626306..038ef0c1811 100644
--- a/src/slurmd/slurmd.c
+++ b/src/slurmd/slurmd.c
@@ -57,6 +57,7 @@ time_t init_time;
 slurmd_shmem_t * shmem_seg ;
 char hostname[MAX_NAME_LEN] ;
 slurm_ssl_key_ctx_t verify_ctx ;
+List credential_state_list ;
 
 /* function prototypes */
 static void slurmd_req ( slurm_msg_t * msg );
@@ -96,7 +97,7 @@ int main (int argc, char *argv[])
 
 	/* shared memory init */
 	slurmd_init ( ) ;
-
+	
 	if ( ( error_code = getnodename (node_name, MAX_NAME_LEN) ) ) 
 		fatal ("slurmd: %m errno %d from getnodename", errno);
 
@@ -119,11 +120,13 @@ int slurmd_init ( )
 	init_shmem ( shmem_seg ) ;
 	slurm_ssl_init ( ) ;
 	slurm_init_verifier ( & verify_ctx , "pub_key_file" ) ;
+	initialize_credential_state_list ( & credential_state_list ) ;
 	return SLURM_SUCCESS ;
 }
 
 int slurmd_destroy ( )
 {
+	destroy_credential_state_list ( credential_state_list ) ;
 	rel_shmem ( shmem_seg ) ;
 	slurm_destroy_ssl_key_ctx ( & verify_ctx ) ;
 	slurm_ssl_destroy ( ) ;
@@ -314,7 +317,7 @@ void slurm_rpc_launch_tasks ( slurm_msg_t * msg )
 
 	/* do RPC call */
 	/* test credentials */
-	verify_credential ( & verify_ctx , task_desc -> credential ) ;
+	verify_credential ( & verify_ctx , task_desc -> credential , credential_state_list ) ;
 
 	task_resp . return_code = error_code ;
 	task_resp . node_name = node_name ;
@@ -408,8 +411,7 @@ void slurm_rpc_revoke_credential ( slurm_msg_t * msg )
 	start_time = clock ();
 
 	/* do RPC call */
-	
-	/*error_code = revoke credential ( revoke_credential_msg ); */
+	error_code = expire_credential ( revoke_credential_msg, credential_state_list ) ;
 	
 	/* return result */
 	if (error_code)
-- 
GitLab