/*
* Determine if the job has permission to use the identified image
*/
static int _test_image_perms(char *image_name, List image_list,
struct job_record* job_ptr)
{
int allow = 0, i, rc;
ListIterator itr;
ListIterator itr2;
image_t *image = NULL;
image_group_t *image_group = NULL;
/* Cache group information for most recently checked user */
static gid_t groups[MAX_GROUPS];
static int ngroups = -1;
static int32_t cache_user = -1;
itr = list_iterator_create(image_list);
while ((image = list_next(itr))) {
if (!strcasecmp(image->name, image_name)
|| !strcasecmp(image->name, "*")) {
if (image->def) {
allow = 1;
break;
}
if (!image->groups || !list_count(image->groups)) {
allow = 1;
break;
}
if (job_ptr->user_id != cache_user) {
rc = _get_user_groups(job_ptr->user_id,
job_ptr->group_id,
groups,
MAX_GROUPS, &ngroups);
if (rc) /* Failed to get groups */
break;
cache_user = job_ptr->user_id;
}
itr2 = list_iterator_create(image->groups);
while (!allow && (image_group = list_next(itr2))) {
for (i=0; i<ngroups; i++) {
if (image_group->gid
== groups[i]) {
allow = 1;
break;
}
}
}
list_iterator_destroy(itr2);
if (allow)
break;
}
}
list_iterator_destroy(itr);
return allow;
}
/*
* _check_mcs_label() is called to check a mcs_label of a job
*/
static int _check_mcs_label (struct job_record *job_ptr, char *label)
{
int rc = SLURM_ERROR;
int i = 0;
gid_t gid;
uint32_t tmp_group ;
gid_t groups[MAX_GROUPS];
int ngroups = -1;
/* test if real unix group */
if (gid_from_string(label, &gid ) != 0)
return rc;
/* test if this group is owned by the user */
rc = _get_user_groups(job_ptr->user_id, job_ptr->group_id,
groups, MAX_GROUPS, &ngroups);
if (rc) /* Failed to get groups */
return rc;
rc = SLURM_ERROR;
for (i = 0; i < ngroups; i++) {
tmp_group = (uint32_t) groups[i];
if (gid == tmp_group) {
rc = SLURM_SUCCESS;
break;
}
}
if (rc == SLURM_ERROR)
return rc;
rc = SLURM_ERROR;
/* test if mcs_label is in list of possible mcs_label */
for (i = 0; i < nb_mcs_groups; i++) {
if (array_mcs_parameter[i] == gid) {
rc = SLURM_SUCCESS;
return rc;
}
}
return rc;
}
/*
* mcs_p_check_mcs_label() is called to check mcs_label.
*/
extern int mcs_p_check_mcs_label (uint32_t user_id, char *mcs_label)
{
int rc = SLURM_ERROR;
int i = 0;
gid_t gid;
gid_t slurm_user_gid;
uint32_t tmp_group ;
gid_t groups[MAX_GROUPS];
uint32_t group_id;
int ngroups = -1;
if (mcs_label != NULL) {
/* test if real unix group */
if (gid_from_string(mcs_label, &gid ) != 0)
return rc;
/* test if this group is owned by the user */
slurm_user_gid = gid_from_uid(user_id);
group_id = (uint32_t) slurm_user_gid;
rc = _get_user_groups(user_id, group_id, groups, MAX_GROUPS,
&ngroups);
if (rc) /* Failed to get groups */
return rc;
rc = SLURM_ERROR;
for (i = 0; i < ngroups; i++) {
tmp_group = (uint32_t) groups[i];
if (gid == tmp_group) {
rc = SLURM_SUCCESS;
break;
}
}
} else
rc = SLURM_SUCCESS;
return rc;
}
/*
* mcs_p_set_mcs_label() is called to obtain/check mcs_label.
* Return job_ptr->mcs_label value must be xfreed
*/
extern int mcs_p_set_mcs_label (struct job_record *job_ptr, char *label)
{
char *result = NULL;
gid_t groups[MAX_GROUPS];
int ngroups = -1;
int rc;
if (label == NULL) {
if ((slurm_mcs_get_enforced() == 0) && job_ptr->details &&
(job_ptr->details->whole_node != WHOLE_NODE_MCS))
return SLURM_SUCCESS;
rc = _get_user_groups(job_ptr->user_id,job_ptr->group_id,
groups, MAX_GROUPS, &ngroups);
if (rc) { /* Failed to get groups */
if (slurm_mcs_get_enforced() == 0)
return SLURM_SUCCESS;
else
return SLURM_ERROR;
}
rc = _find_mcs_label(groups, ngroups, &result);
if (rc) {
return SLURM_ERROR;
} else {
xfree(job_ptr->mcs_label);
job_ptr->mcs_label = xstrdup(result);
return SLURM_SUCCESS;
}
} else {
if (_check_mcs_label(job_ptr, label) == 0 )
return SLURM_SUCCESS;
else
return SLURM_ERROR;
}
}
