int
fixmount_check_mount(char *host, struct in_addr hostaddr, char *path)
{
int start = 0;
int err = 0;
struct fs_data ment;
int found = 0;
/* scan mtab for path */
while (!found && (err = getmnt(&start, &ment, sizeof(ment),
NOSTAT_MANY, NULL)) > 0) {
char *colon;
if (colon = strchr(ment.fd_devname, ':')) {
*colon = '\0';
if ((STREQ(colon + 1, path) ||
STREQ(ment.fd_path, path)) &&
is_same_host(ment.fd_devname, host, hostaddr))
found = 1;
}
}
if (!found && err < 0) {
perror("getmnt");
exit(1);
}
return found;
}
int
fixmount_check_mount(char *host, struct in_addr hostaddr, char *path)
{
struct statfs *mntbufp, *mntp;
int nloc, i;
char *colon;
/* read mount table from kernel */
nloc = getmntinfo(&mntbufp, MNT_NOWAIT);
if (nloc <= 0) {
perror("getmntinfo");
exit(1);
}
mntp = mntbufp;
for (i=0; i<nloc; ++i) {
if ((colon = strchr(mntp->f_mntfromname, ':'))) {
*colon = '\0';
if (STREQ(colon + 1, path) &&
is_same_host(mntp->f_mntfromname, host, hostaddr))
return 1;
}
}
return 0;
}
int
fixmount_check_mount(char *host, struct in_addr hostaddr, char *path)
{
FILE *mtab;
mntent_t *ment;
int found = 0;
/* scan mtab for path */
if (!(mtab = setmntent(_PATH_MTAB, "r"))) {
perror(_PATH_MTAB);
exit(1);
}
/*
* setmntent() doesn't do locking in read-only mode. Too bad -- it seems to
* rely on mount() and friends to do atomic updates by renaming the file.
* Well, our patched amd rewrites mtab in place to avoid NFS lossage, so
* better do the locking ourselves.
*/
#ifdef HAVE_FLOCK
if (flock(fileno(mtab), LOCK_SH) < 0) {
#else /* not HAVE_FLOCK */
if (lockf(fileno(mtab), F_LOCK, 0) < 0) {
#endif /* not HAVE_FLOCK */
perror(_PATH_MTAB);
exit(1);
}
while (!found && (ment = getmntent(mtab))) {
char *colon;
if ((colon = strchr(ment->mnt_fsname, ':'))) {
*colon = '\0';
if ((STREQ(colon + 1, path) ||
STREQ(ment->mnt_dir, path)) &&
is_same_host(ment->mnt_fsname, host, hostaddr))
found = 1;
}
}
(void) endmntent(mtab);
if (!found) {
char *swap;
/* swap files never show up in mtab, only root fs */
if ((swap = strstr(path, "swap"))) {
strncpy(swap, "root", 4); /* this should NOT use xstrlcpy */
found = fixmount_check_mount(host, hostaddr, path);
strncpy(swap, "swap", 4); /* this should NOT use xstrlcpy */
}
}
return found;
}
int
fixmount_check_mount(char *host, struct in_addr hostaddr, char *path)
{
int nentries, i;
struct statfs *fslist;
int found = 0;
nentries = getmntinfo(&fslist, MNT_NOWAIT);
if (nentries <= 0) {
perror("getmntinfo");
exit(1);
}
for (i = 0; !found && (i < nentries); i++) {
char *delim;
/*
* Apparently two forms of nfs mount syntax are
* accepted: host:/path or /path@host
*/
if ((delim = strchr(fslist[i].f_mntfromname, ':'))) {
*delim = '\0';
if ((STREQ(delim + 1, path) ||
STREQ(fslist[i].f_mntonname, path)) &&
is_same_host(fslist[i].f_mntfromname,
host, hostaddr))
found = 1;
} else if ((delim = strchr(fslist[i].f_mntfromname, '@'))) {
*delim = '\0';
if ((STREQ(fslist[i].f_mntfromname, path) ||
STREQ(fslist[i].f_mntonname, path)) &&
is_same_host(delim + 1, host, hostaddr))
found = 1;
}
}
return found;
}
int
fixmount_check_mount(char *host, struct in_addr hostaddr, char *path)
{
int ret, i;
char *mntinfo = 0, *cp;
char *short_hostname, *long_hostname, *mount_point;
struct vmount *vp;
/*
* First figure out size of mount table and allocate space for a copy...
* Then get mount table for real.
*/
ret = mntctl(MCTL_QUERY, sizeof(i), (char *) &i);
if (ret == 0) {
mntinfo = xmalloc(i);
ret = mntctl(MCTL_QUERY, i, mntinfo);
}
if (ret <= 0) {
fprintf(stderr, "mntctl: %m");
XFREE(mntinfo);
exit(1);
}
/* iterate over each vmount structure */
for (i = 0, cp = mntinfo; i < ret; i++, cp += vp->vmt_length) {
vp = (struct vmount *) cp;
mount_point = vmt2dataptr(vp, VMT_STUB);
long_hostname = vmt2dataptr(vp, VMT_HOSTNAME);
short_hostname = vmt2dataptr(vp, VMT_HOST);
if (STREQ(path, mount_point) &&
(is_same_host(long_hostname, host, hostaddr) ||
is_same_host(short_hostname, host, hostaddr)))
return 1;
}
return 0;
}
int
fixmount_check_mount(char *host, struct in_addr hostaddr, char *path)
{
FILE *mtab;
struct mnttab ment;
int err = 0;
int found = 0;
/* scan mtab for path */
if (!(mtab = fopen(MNTTAB, "r"))) {
perror(MNTTAB);
exit(1);
}
while (!found && (err = getmntent(mtab, &ment)) == 0) {
char *colon;
if ((colon = strchr(ment.mnt_fsname, ':'))) {
*colon = '\0';
if ((STREQ(colon + 1, path) ||
STREQ(ment.mnt_dir, path)) &&
is_same_host(ment.mnt_fsname, host, hostaddr))
found = 1;
}
}
if (err > 0) {
fprintf(stderr, "getmntent: %s: %s\n", MNTTAB,
err == MNT_TOOLONG ? "entry exceeds MNT_LINE_MAX" :
err == MNT_TOOMANY ? "too many fields in line" :
err == MNT_TOOFEW ? "too few fields in line" :
"unknown error code");
exit(1);
}
(void) fclose(mtab);
/* XXX: Is this still valid in SunOS 5.x ? */
if (!found) {
char *swap;
/* swap files never show up in mtab, only root fs */
if ((swap = strstr(path, "swap"))) {
strncpy(swap, "root", 4); /* this should NOT use xstrlcpy */
found = fixmount_check_mount(host, hostaddr, path);
strncpy(swap, "swap", 4); /* this should NOT use xstrlcpy */
}
}
return found;
}
int
svr_get_privilege(char *user, char *host)
{
int is_root = 0;
int priv = (ATR_DFLAG_USRD | ATR_DFLAG_USWR);
char uh[PBS_MAXUSER + PBS_MAXHOSTNAME + 2];
#ifdef WIN32
char server_host_netbios[MAX_COMPUTERNAME_LENGTH+1];
DWORD hsize = MAX_COMPUTERNAME_LENGTH;
char current_domain[PBS_MAXHOSTNAME+1];
char server_host_domain[PBS_MAXHOSTNAME+1];
char user_s[PBS_MAXHOSTNAME+ UNLEN+2];
char *p = NULL;
char *p0 = NULL;
int ch = '\\';
#endif
(void)strcpy(uh, user);
(void)strcat(uh, "@");
(void)strcat(uh, host);
#ifdef WIN32
/* Try to match requesting host against: */
/* localhost */
/* <server_host> */
/* <server_host_netbios_name> */
/* <server_host_netbios_name>.<windows_domain> */
if ( isAdminPrivilege(user) && \
( (strcasecmp(host, server_host) == 0) || \
(strcasecmp(host, LOCALHOST_SHORTNAME) == 0) || \
(GetComputerName(server_host_netbios, &hsize) && \
(strcasecmp(host, server_host_netbios) == 0)) || \
(GetComputerDomainName(current_domain) && \
sprintf(server_host_domain, "%s.%s", server_host_netbios,
current_domain) && \
(strcasecmp(host, server_host_domain) == 0)) ) ) {
is_root = 1;
}
#else
if (strcmp(user, PBS_DEFAULT_ADMIN) == 0) {
char myhostname[PBS_MAXHOSTNAME+1];
/* First try without DNS lookup. */
if (strcasecmp(host, server_host) == 0) {
is_root = 1;
} else if (strcasecmp(host, LOCALHOST_SHORTNAME) == 0) {
is_root = 1;
} else if (strcasecmp(host, LOCALHOST_FULLNAME) == 0) {
is_root = 1;
} else {
if (gethostname(myhostname, (sizeof(myhostname) - 1)) == -1) {
myhostname[0] = '\0';
}
if (strcasecmp(host, myhostname) == 0) {
is_root = 1;
}
}
if (is_root == 0) {
/* Now try with DNS lookup. */
if (is_same_host(host, server_host)) {
is_root = 1;
} else if (is_same_host(host, myhostname)) {
is_root = 1;
}
}
}
#endif /* WIN32 */
#ifdef PBS_ROOT_ALWAYS_ADMIN
if (is_root)
return (priv | ATR_DFLAG_MGRD | ATR_DFLAG_MGWR | ATR_DFLAG_OPRD | ATR_DFLAG_OPWR);
#endif /* PBS_ROOT_ALWAYS_ADMIN */
if (!(server.sv_attr[(int)SRV_ATR_managers].at_flags & ATR_VFLAG_SET)) {
if (is_root)
priv |= (ATR_DFLAG_MGRD | ATR_DFLAG_MGWR);
} else if (acl_check(&server.sv_attr[SRV_ATR_managers], uh, ACL_User))
priv |= (ATR_DFLAG_MGRD | ATR_DFLAG_MGWR);
if (!(server.sv_attr[(int)SRV_ATR_operators].at_flags&ATR_VFLAG_SET)) {
if (is_root)
priv |= (ATR_DFLAG_OPRD | ATR_DFLAG_OPWR);
} else if (acl_check(&server.sv_attr[SRV_ATR_operators], uh, ACL_User))
priv |= (ATR_DFLAG_OPRD | ATR_DFLAG_OPWR);
return (priv);
}
int
svr_chk_owner(struct batch_request *preq, job *pjob)
{
char owner[PBS_MAXUSER+1];
char *pu;
char *ph;
char rmtuser[PBS_MAXUSER+PBS_MAXHOSTNAME+2];
extern int ruserok(const char *rhost, int suser, const char *ruser,
const char *luser);
#ifdef WIN32
extern int user_read_password(char *user, char **cred, size_t *len);
extern int read_cred(job *pjob, char **cred, size_t *len);
extern int decrypt_pwd(char *crypted, size_t len, char **passwd);
#endif
/* Are the owner and requestor the same? */
snprintf(rmtuser, sizeof(rmtuser), "%s",
pjob->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str);
pu = rmtuser;
ph = strchr(rmtuser, '@');
if (!ph)
return -1;
*ph++ = '\0';
if (strcmp(preq->rq_user, pu) == 0) {
/* Avoid the lookup if they match. */
if (strcmp(preq->rq_host, ph) == 0)
return 0;
/* Perform the lookup. */
if (is_same_host(preq->rq_host, ph))
return 0;
}
/* map requestor user@host to "local" name */
pu = site_map_user(preq->rq_user, preq->rq_host);
if (pu == NULL)
return (-1);
(void)strncpy(rmtuser, pu, PBS_MAXUSER);
/*
* Get job owner name without "@host" and then map to "local" name.
*/
get_jobowner(pjob->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str, owner);
pu = site_map_user(owner, get_hostPart(pjob->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str));
if (server.sv_attr[(int)SRV_ATR_FlatUID].at_val.at_long) {
/* with flatuid, all that must match is user names */
return (strcmp(rmtuser, pu));
} else {
/* non-flatuid space, must validate rmtuser vs owner */
#ifdef WIN32
if ( (server.sv_attr[SRV_ATR_ssignon_enable].at_flags & \
ATR_VFLAG_SET) && \
(server.sv_attr[SRV_ATR_ssignon_enable].at_val.at_long \
== 1) ) {
/* read/cache user password */
cache_usertoken_and_homedir(pu, NULL, 0,
user_read_password, (char *)pu, pbs_decrypt_pwd, 0);
} else {
/* read/cache job password */
cache_usertoken_and_homedir(pu, NULL, 0,
read_cred, (job *)pjob, pbs_decrypt_pwd, 0);
}
#endif
return (ruserok(preq->rq_host, 0, rmtuser, pu));
}
}
