int fixmount_check_mount(char *host, struct in_addr hostaddr, char *path) { int start = 0; int err = 0; struct fs_data ment; int found = 0; /* scan mtab for path */ while (!found && (err = getmnt(&start, &ment, sizeof(ment), NOSTAT_MANY, NULL)) > 0) { char *colon; if (colon = strchr(ment.fd_devname, ':')) { *colon = '\0'; if ((STREQ(colon + 1, path) || STREQ(ment.fd_path, path)) && is_same_host(ment.fd_devname, host, hostaddr)) found = 1; } } if (!found && err < 0) { perror("getmnt"); exit(1); } return found; }
int fixmount_check_mount(char *host, struct in_addr hostaddr, char *path) { struct statfs *mntbufp, *mntp; int nloc, i; char *colon; /* read mount table from kernel */ nloc = getmntinfo(&mntbufp, MNT_NOWAIT); if (nloc <= 0) { perror("getmntinfo"); exit(1); } mntp = mntbufp; for (i=0; i<nloc; ++i) { if ((colon = strchr(mntp->f_mntfromname, ':'))) { *colon = '\0'; if (STREQ(colon + 1, path) && is_same_host(mntp->f_mntfromname, host, hostaddr)) return 1; } } return 0; }
int fixmount_check_mount(char *host, struct in_addr hostaddr, char *path) { FILE *mtab; mntent_t *ment; int found = 0; /* scan mtab for path */ if (!(mtab = setmntent(_PATH_MTAB, "r"))) { perror(_PATH_MTAB); exit(1); } /* * setmntent() doesn't do locking in read-only mode. Too bad -- it seems to * rely on mount() and friends to do atomic updates by renaming the file. * Well, our patched amd rewrites mtab in place to avoid NFS lossage, so * better do the locking ourselves. */ #ifdef HAVE_FLOCK if (flock(fileno(mtab), LOCK_SH) < 0) { #else /* not HAVE_FLOCK */ if (lockf(fileno(mtab), F_LOCK, 0) < 0) { #endif /* not HAVE_FLOCK */ perror(_PATH_MTAB); exit(1); } while (!found && (ment = getmntent(mtab))) { char *colon; if ((colon = strchr(ment->mnt_fsname, ':'))) { *colon = '\0'; if ((STREQ(colon + 1, path) || STREQ(ment->mnt_dir, path)) && is_same_host(ment->mnt_fsname, host, hostaddr)) found = 1; } } (void) endmntent(mtab); if (!found) { char *swap; /* swap files never show up in mtab, only root fs */ if ((swap = strstr(path, "swap"))) { strncpy(swap, "root", 4); /* this should NOT use xstrlcpy */ found = fixmount_check_mount(host, hostaddr, path); strncpy(swap, "swap", 4); /* this should NOT use xstrlcpy */ } } return found; }
int fixmount_check_mount(char *host, struct in_addr hostaddr, char *path) { int nentries, i; struct statfs *fslist; int found = 0; nentries = getmntinfo(&fslist, MNT_NOWAIT); if (nentries <= 0) { perror("getmntinfo"); exit(1); } for (i = 0; !found && (i < nentries); i++) { char *delim; /* * Apparently two forms of nfs mount syntax are * accepted: host:/path or /path@host */ if ((delim = strchr(fslist[i].f_mntfromname, ':'))) { *delim = '\0'; if ((STREQ(delim + 1, path) || STREQ(fslist[i].f_mntonname, path)) && is_same_host(fslist[i].f_mntfromname, host, hostaddr)) found = 1; } else if ((delim = strchr(fslist[i].f_mntfromname, '@'))) { *delim = '\0'; if ((STREQ(fslist[i].f_mntfromname, path) || STREQ(fslist[i].f_mntonname, path)) && is_same_host(delim + 1, host, hostaddr)) found = 1; } } return found; }
int fixmount_check_mount(char *host, struct in_addr hostaddr, char *path) { int ret, i; char *mntinfo = 0, *cp; char *short_hostname, *long_hostname, *mount_point; struct vmount *vp; /* * First figure out size of mount table and allocate space for a copy... * Then get mount table for real. */ ret = mntctl(MCTL_QUERY, sizeof(i), (char *) &i); if (ret == 0) { mntinfo = xmalloc(i); ret = mntctl(MCTL_QUERY, i, mntinfo); } if (ret <= 0) { fprintf(stderr, "mntctl: %m"); XFREE(mntinfo); exit(1); } /* iterate over each vmount structure */ for (i = 0, cp = mntinfo; i < ret; i++, cp += vp->vmt_length) { vp = (struct vmount *) cp; mount_point = vmt2dataptr(vp, VMT_STUB); long_hostname = vmt2dataptr(vp, VMT_HOSTNAME); short_hostname = vmt2dataptr(vp, VMT_HOST); if (STREQ(path, mount_point) && (is_same_host(long_hostname, host, hostaddr) || is_same_host(short_hostname, host, hostaddr))) return 1; } return 0; }
int fixmount_check_mount(char *host, struct in_addr hostaddr, char *path) { FILE *mtab; struct mnttab ment; int err = 0; int found = 0; /* scan mtab for path */ if (!(mtab = fopen(MNTTAB, "r"))) { perror(MNTTAB); exit(1); } while (!found && (err = getmntent(mtab, &ment)) == 0) { char *colon; if ((colon = strchr(ment.mnt_fsname, ':'))) { *colon = '\0'; if ((STREQ(colon + 1, path) || STREQ(ment.mnt_dir, path)) && is_same_host(ment.mnt_fsname, host, hostaddr)) found = 1; } } if (err > 0) { fprintf(stderr, "getmntent: %s: %s\n", MNTTAB, err == MNT_TOOLONG ? "entry exceeds MNT_LINE_MAX" : err == MNT_TOOMANY ? "too many fields in line" : err == MNT_TOOFEW ? "too few fields in line" : "unknown error code"); exit(1); } (void) fclose(mtab); /* XXX: Is this still valid in SunOS 5.x ? */ if (!found) { char *swap; /* swap files never show up in mtab, only root fs */ if ((swap = strstr(path, "swap"))) { strncpy(swap, "root", 4); /* this should NOT use xstrlcpy */ found = fixmount_check_mount(host, hostaddr, path); strncpy(swap, "swap", 4); /* this should NOT use xstrlcpy */ } } return found; }
int svr_get_privilege(char *user, char *host) { int is_root = 0; int priv = (ATR_DFLAG_USRD | ATR_DFLAG_USWR); char uh[PBS_MAXUSER + PBS_MAXHOSTNAME + 2]; #ifdef WIN32 char server_host_netbios[MAX_COMPUTERNAME_LENGTH+1]; DWORD hsize = MAX_COMPUTERNAME_LENGTH; char current_domain[PBS_MAXHOSTNAME+1]; char server_host_domain[PBS_MAXHOSTNAME+1]; char user_s[PBS_MAXHOSTNAME+ UNLEN+2]; char *p = NULL; char *p0 = NULL; int ch = '\\'; #endif (void)strcpy(uh, user); (void)strcat(uh, "@"); (void)strcat(uh, host); #ifdef WIN32 /* Try to match requesting host against: */ /* localhost */ /* <server_host> */ /* <server_host_netbios_name> */ /* <server_host_netbios_name>.<windows_domain> */ if ( isAdminPrivilege(user) && \ ( (strcasecmp(host, server_host) == 0) || \ (strcasecmp(host, LOCALHOST_SHORTNAME) == 0) || \ (GetComputerName(server_host_netbios, &hsize) && \ (strcasecmp(host, server_host_netbios) == 0)) || \ (GetComputerDomainName(current_domain) && \ sprintf(server_host_domain, "%s.%s", server_host_netbios, current_domain) && \ (strcasecmp(host, server_host_domain) == 0)) ) ) { is_root = 1; } #else if (strcmp(user, PBS_DEFAULT_ADMIN) == 0) { char myhostname[PBS_MAXHOSTNAME+1]; /* First try without DNS lookup. */ if (strcasecmp(host, server_host) == 0) { is_root = 1; } else if (strcasecmp(host, LOCALHOST_SHORTNAME) == 0) { is_root = 1; } else if (strcasecmp(host, LOCALHOST_FULLNAME) == 0) { is_root = 1; } else { if (gethostname(myhostname, (sizeof(myhostname) - 1)) == -1) { myhostname[0] = '\0'; } if (strcasecmp(host, myhostname) == 0) { is_root = 1; } } if (is_root == 0) { /* Now try with DNS lookup. */ if (is_same_host(host, server_host)) { is_root = 1; } else if (is_same_host(host, myhostname)) { is_root = 1; } } } #endif /* WIN32 */ #ifdef PBS_ROOT_ALWAYS_ADMIN if (is_root) return (priv | ATR_DFLAG_MGRD | ATR_DFLAG_MGWR | ATR_DFLAG_OPRD | ATR_DFLAG_OPWR); #endif /* PBS_ROOT_ALWAYS_ADMIN */ if (!(server.sv_attr[(int)SRV_ATR_managers].at_flags & ATR_VFLAG_SET)) { if (is_root) priv |= (ATR_DFLAG_MGRD | ATR_DFLAG_MGWR); } else if (acl_check(&server.sv_attr[SRV_ATR_managers], uh, ACL_User)) priv |= (ATR_DFLAG_MGRD | ATR_DFLAG_MGWR); if (!(server.sv_attr[(int)SRV_ATR_operators].at_flags&ATR_VFLAG_SET)) { if (is_root) priv |= (ATR_DFLAG_OPRD | ATR_DFLAG_OPWR); } else if (acl_check(&server.sv_attr[SRV_ATR_operators], uh, ACL_User)) priv |= (ATR_DFLAG_OPRD | ATR_DFLAG_OPWR); return (priv); }
int svr_chk_owner(struct batch_request *preq, job *pjob) { char owner[PBS_MAXUSER+1]; char *pu; char *ph; char rmtuser[PBS_MAXUSER+PBS_MAXHOSTNAME+2]; extern int ruserok(const char *rhost, int suser, const char *ruser, const char *luser); #ifdef WIN32 extern int user_read_password(char *user, char **cred, size_t *len); extern int read_cred(job *pjob, char **cred, size_t *len); extern int decrypt_pwd(char *crypted, size_t len, char **passwd); #endif /* Are the owner and requestor the same? */ snprintf(rmtuser, sizeof(rmtuser), "%s", pjob->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str); pu = rmtuser; ph = strchr(rmtuser, '@'); if (!ph) return -1; *ph++ = '\0'; if (strcmp(preq->rq_user, pu) == 0) { /* Avoid the lookup if they match. */ if (strcmp(preq->rq_host, ph) == 0) return 0; /* Perform the lookup. */ if (is_same_host(preq->rq_host, ph)) return 0; } /* map requestor user@host to "local" name */ pu = site_map_user(preq->rq_user, preq->rq_host); if (pu == NULL) return (-1); (void)strncpy(rmtuser, pu, PBS_MAXUSER); /* * Get job owner name without "@host" and then map to "local" name. */ get_jobowner(pjob->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str, owner); pu = site_map_user(owner, get_hostPart(pjob->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str)); if (server.sv_attr[(int)SRV_ATR_FlatUID].at_val.at_long) { /* with flatuid, all that must match is user names */ return (strcmp(rmtuser, pu)); } else { /* non-flatuid space, must validate rmtuser vs owner */ #ifdef WIN32 if ( (server.sv_attr[SRV_ATR_ssignon_enable].at_flags & \ ATR_VFLAG_SET) && \ (server.sv_attr[SRV_ATR_ssignon_enable].at_val.at_long \ == 1) ) { /* read/cache user password */ cache_usertoken_and_homedir(pu, NULL, 0, user_read_password, (char *)pu, pbs_decrypt_pwd, 0); } else { /* read/cache job password */ cache_usertoken_and_homedir(pu, NULL, 0, read_cred, (job *)pjob, pbs_decrypt_pwd, 0); } #endif return (ruserok(preq->rq_host, 0, rmtuser, pu)); } }