int handle_level(
char *level_iter,
int path_index,
int &level_index)
{
const char *delims = ",";
char *host_tok;
level_index++;
/* find each hostname */
host_tok = threadsafe_tokenizer(&level_iter, delims);
while (host_tok != NULL)
{
struct addrinfo *addr_info = NULL;
char *colon;
unsigned short rm_port;
host_tok = trim(host_tok);
if ((colon = strchr(host_tok, ':')) != NULL)
{
*colon = '\0';
rm_port = strtol(colon+1, NULL, 10);
}
else
rm_port = PBS_MANAGER_SERVICE_PORT;
if (pbs_getaddrinfo(host_tok, NULL, &addr_info) == 0)
add_network_entry(mh, host_tok, addr_info, rm_port, path_index, level_index);
host_tok = threadsafe_tokenizer(&level_iter, delims);
}
return(PBSE_NONE);
} /* END handle_level() */
int pbs_original_connect(
char *server) /* I (FORMAT: NULL | '\0' | HOSTNAME | HOSTNAME:PORT )*/
{
struct sockaddr_in server_addr;
char *if_name;
struct addrinfo *addr_info;
int out;
int i;
int opt_value = 1;
int rc = PBSE_NONE;
int local_errno;
struct sockaddr preferred_addr; /* set if TRQ_IFNAME set in torque.cfg */
struct passwd *pw;
int use_unixsock = 0;
uid_t pbs_current_uid;
long sockflags;
int retry = 1;
#ifdef ENABLE_UNIX_SOCKETS
struct sockaddr_un unserver_addr;
char hnamebuf[256];
#endif
char *ptr;
memset(&server_addr, 0, sizeof(server_addr));
/* Read the timeout from the environment */
if ((ptr = getenv("PBSAPITIMEOUT")) != NULL)
{
pbs_tcp_timeout = strtol(ptr, NULL, 0);
if (pbs_tcp_timeout <= 0)
pbs_tcp_timeout = 300;
if (pbs_tcp_timeout > 2)
retry = 0;
}
else
pbs_tcp_timeout = 300;
/* reserve a connection state record */
out = -1;
for (i = 1;i < NCONNECTS;i++)
{
if (connection[i].ch_mutex == NULL)
{
connection[i].ch_mutex = (pthread_mutex_t *)calloc(1, sizeof(pthread_mutex_t));
pthread_mutex_init(connection[i].ch_mutex,NULL);
}
pthread_mutex_lock(connection[i].ch_mutex);
if (connection[i].ch_inuse == FALSE)
{
out = i;
connection[out].ch_inuse = TRUE;
connection[out].ch_errno = 0;
connection[out].ch_socket = -1;
connection[out].ch_errtxt = NULL;
break;
}
pthread_mutex_unlock(connection[i].ch_mutex);
}
if (out < 0)
{
if (getenv("PBSDEBUG"))
fprintf(stderr, "ALERT: cannot locate free channel\n");
/* FAILURE */
/* no need to unlock mutex here - in this case no connection was found */
return(PBSE_NOCONNECTS * -1);
}
/* get server host and port */
server = PBS_get_server(server, &server_port);
if (server == NULL)
{
connection[out].ch_inuse = FALSE;
pthread_mutex_unlock(connection[out].ch_mutex);
if (getenv("PBSDEBUG"))
fprintf(stderr, "ALERT: PBS_get_server() failed\n");
rc = PBSE_NOSERVER * -1;
goto cleanup_conn_lite;
}
/* determine who we are */
pbs_current_uid = getuid();
if ((pw = getpwuid(pbs_current_uid)) == NULL)
{
if (getenv("PBSDEBUG"))
{
fprintf(stderr, "ALERT: cannot get password info for uid %ld\n",
(long)pbs_current_uid);
}
rc = PBSE_NOSERVER * -1;
goto cleanup_conn_lite;
}
snprintf(pbs_current_user, PBS_MAXUSER, "%s", pw->pw_name);
pbs_server = server; /* set for error messages from commands */
#ifdef ENABLE_UNIX_SOCKETS
/* determine if we want to use unix domain socket */
if (!strcmp(server, "localhost"))
use_unixsock = 1;
else if ((gethostname(hnamebuf, sizeof(hnamebuf) - 1) == 0) && !strcmp(hnamebuf, server))
use_unixsock = 1;
/* NOTE: if any part of using unix domain sockets fails,
* we just cleanup and try again with inet sockets */
/* get socket */
if (use_unixsock)
{
connection[out].ch_socket = socket(AF_UNIX, SOCK_STREAM, 0);
if (connection[out].ch_socket < 0)
{
if (getenv("PBSDEBUG"))
{
fprintf(stderr, "ERROR: cannot create socket: errno=%d (%s)\n",
errno,
strerror(errno));
}
connection[out].ch_inuse = FALSE;
local_errno = PBSE_PROTOCOL;
use_unixsock = 0;
}
}
/* and connect... */
if (use_unixsock)
{
unserver_addr.sun_family = AF_UNIX;
strcpy(unserver_addr.sun_path, TSOCK_PATH);
if (connect(
connection[out].ch_socket,
(struct sockaddr *)&unserver_addr,
(strlen(unserver_addr.sun_path) + sizeof(unserver_addr.sun_family))) < 0)
{
close(connection[out].ch_socket);
connection[out].ch_inuse = FALSE;
local_errno = errno;
if (getenv("PBSDEBUG"))
{
fprintf(stderr, "ERROR: cannot connect to server, errno=%d (%s)\n",
errno,
strerror(errno));
}
use_unixsock = 0; /* will try again with inet socket */
}
}
if (use_unixsock)
{
if (!send_unix_creds(connection[out].ch_socket))
{
if (getenv("PBSDEBUG"))
{
fprintf(stderr, "ERROR: cannot send unix creds to pbs_server: errno=%d (%s)\n",
errno,
strerror(errno));
}
close(connection[out].ch_socket);
connection[out].ch_inuse = FALSE;
local_errno = PBSE_PROTOCOL;
use_unixsock = 0; /* will try again with inet socket */
}
}
#endif /* END ENABLE_UNIX_SOCKETS */
if (!use_unixsock)
{
int retries = 0;
std::string err_msg;
/* at this point, either using unix sockets failed, or we determined not to
* try */
do
{
connection[out].ch_socket = socket(AF_INET, SOCK_STREAM, 0);
if (connection[out].ch_socket < 0)
{
if (getenv("PBSDEBUG"))
{
if (!retry || retries >= MAX_RETRIES)
fprintf(stderr, "ERROR: cannot connect to server \"%s\", errno=%d (%s)\n",
server,
errno,
strerror(errno));
}
retries++;
if (!retry || retries >= MAX_RETRIES)
{
rc = PBSE_SYSTEM * -1;
goto cleanup_conn;
}
else
{
connection[out].ch_inuse = FALSE;
pthread_mutex_unlock(connection[out].ch_mutex);
usleep(1000);
continue;
}
}
if (setsockopt(connection[out].ch_socket, SOL_SOCKET, SO_REUSEADDR, &opt_value, sizeof(opt_value)))
perror("Couldn't set socket option");
/* This is probably an IPv4 solution for the if_name and preferred_addr
We need to see what ioctl call we need for IPv6 */
if_name = trq_get_if_name();
if (if_name)
{
rc = trq_set_preferred_network_interface(if_name, &preferred_addr);
if (rc != PBSE_NONE)
{
if (!retry || retries >= MAX_RETRIES)
fprintf(stderr, "could not set preferred network interface (%s): %d\n",
if_name, rc);
if (if_name)
free(if_name);
retries++;
if (!retry || retries >= MAX_RETRIES)
{
rc = rc * -1;
goto cleanup_conn;
}
else
{
connection[out].ch_inuse = FALSE;
pthread_mutex_unlock(connection[out].ch_mutex);
usleep(1000);
continue;
}
}
rc = bind(connection[out].ch_socket, &preferred_addr, sizeof(struct sockaddr));
if (rc < 0)
{
if (!retry || retries >= MAX_RETRIES)
fprintf(stderr, "ERROR: could not bind preferred network interface (%s): errno: %d",
if_name, errno);
if (if_name)
free(if_name);
retries++;
if (!retry || retries >= MAX_RETRIES)
{
rc = PBSE_SYSTEM * -1;
goto cleanup_conn;
}
else
{
close(connection[out].ch_socket);
connection[out].ch_inuse = FALSE;
usleep(1000);
continue;
}
}
}
/* we are done with if_name at this point. trq_get_if_name allocated
space for it. We need to free it */
if (if_name)
free(if_name);
server_addr.sin_family = AF_INET;
if ((rc = pbs_getaddrinfo(server, NULL, &addr_info)) != 0)
{
if (getenv("PBSDEBUG"))
{
if (!retry || retries >= MAX_RETRIES)
fprintf(stderr, "ERROR: cannot get servername (%s) errno=%d (%s)\n",
server,
errno,
strerror(errno));
}
retries++;
if (!retry || retries >= MAX_RETRIES)
{
rc = PBSE_BADHOST * -1;
goto cleanup_conn;
}
else
{
close(connection[out].ch_socket);
connection[out].ch_inuse = FALSE;
usleep(1000);
continue;
}
}
server_addr.sin_addr = ((struct sockaddr_in *)addr_info->ai_addr)->sin_addr;
server_addr.sin_port = htons(server_port);
/* Set the socket to non-blocking mode so we can timeout */
if ((sockflags = fcntl(connection[out].ch_socket, F_GETFL, NULL)) < 0)
{
retries++;
if (!retry || retries >= MAX_RETRIES)
{
if (getenv("PBSDEBUG"))
fprintf(stderr, "ERROR: getting socket flags failed\n");
rc = errno * -1;
goto cleanup_conn;
}
else
{
close(connection[out].ch_socket);
connection[out].ch_inuse = FALSE;
rc = sockflags;
usleep(1000);
continue;
}
}
sockflags |= O_NONBLOCK;
if ((rc = fcntl(connection[out].ch_socket, F_SETFL, sockflags)) < 0)
{
retries++;
if (!retry || retries >= MAX_RETRIES)
{
if (getenv("PBSDEBUG"))
fprintf(stderr, "ERROR: setting socket flags failed\n");
rc = errno * -1;
goto cleanup_conn;
}
else
{
close(connection[out].ch_socket);
connection[out].ch_inuse = FALSE;
usleep(1000);
continue;
}
}
int sock = connection[out].ch_socket;
int conn_retries = 0;
while (((rc = connect(sock, (struct sockaddr *)&server_addr, sizeof(server_addr))) != 0) &&
(conn_retries < MAX_RETRIES))
{
rc = socket_wait_for_write(sock);
if (rc == PERMANENT_SOCKET_FAIL)
{
rc = errno;
break;
}
conn_retries++;
}
if (rc != 0)
{
close(sock);
retries++;
continue;
}
// if we are at this point, connect has succeeded, proceed to authorize
/* Set the socket back to blocking so read()s actually work */
sockflags &= (~O_NONBLOCK);
if ((rc = fcntl(connection[out].ch_socket, F_SETFL, sockflags)) < 0)
{
if (getenv("PBSDEBUG"))
fprintf(stderr, "ERROR: setting socket flags failed\n");
retries++;
if (!retry || retries >= MAX_RETRIES)
{
rc = PBSE_SOCKET_FAULT * -1;
goto cleanup_conn;
}
else
{
close(connection[out].ch_socket);
connection[out].ch_inuse = FALSE;
usleep(1000);
continue;
}
}
/* FIXME: is this necessary? Contributed by one user that fixes a problem,
but doesn't fix the same problem for another user! */
#if 0
#if defined(__hpux)
/*HP-UX : avoiding socket caching */
send(connection[out].ch_socket, '?', 1, MSG_OOB);
#endif
#endif
#ifdef MUNGE_AUTH
rc = PBSD_munge_authenticate(connection[out].ch_socket, out);
if (rc != 0)
{
if (rc == PBSE_MUNGE_NOT_FOUND)
{
local_errno = PBSE_MUNGE_NOT_FOUND;
if (getenv("PBSDEBUG"))
{
fprintf(stderr, "ERROR: cannot find munge executable\n");
}
rc = -1 * local_errno;
goto cleanup_conn;
}
else
{
retries++;
if (!retry || retries >= MAX_RETRIES)
{
local_errno = PBSE_PERM;
if (getenv("PBSDEBUG"))
{
fprintf(stderr, "ERROR: cannot authenticate connection to server \"%s\", errno=%d (%s)\n",
server,
errno,
strerror(errno));
}
rc = -1 * local_errno;
goto cleanup_conn;
}
else
{
close(connection[out].ch_socket);
connection[out].ch_inuse = FALSE;
usleep(1000);
continue;
}
}
}
#else
/* new version of iff using daemon */
if ((ENABLE_TRUSTED_AUTH == FALSE) &&
((rc = validate_socket(connection[out].ch_socket, err_msg)) != PBSE_NONE))
{
if (!retry || retries >= MAX_RETRIES)
{
if (getenv("PBSDEBUG"))
{
const char *tmp_err_msg = "";
if (rc > 0)
tmp_err_msg = pbs_strerror(rc);
fprintf(stderr,
"ERROR: cannot authenticate connection to server \"%s\", errno=%d (%s)\n",
server, rc, tmp_err_msg);
}
local_errno = PBSE_SOCKET_FAULT;
rc = -1 * local_errno;
goto cleanup_conn;
}
else
{
close(connection[out].ch_socket);
connection[out].ch_inuse = FALSE;
retries++;
usleep(1000);
continue;
}
}
#endif /* ifdef MUNGE_AUTH */
} while ((rc != PBSE_NONE) && (retries < MAX_RETRIES));
if (rc != PBSE_NONE)
{
fprintf(stderr, "%s\n", err_msg.c_str());
goto cleanup_conn;
}
} /* END if !use_unixsock */
pthread_mutex_unlock(connection[out].ch_mutex);
return(out);
cleanup_conn:
if (connection[out].ch_socket >= 0)
close(connection[out].ch_socket);
cleanup_conn_lite:
connection[out].ch_inuse = FALSE;
pthread_mutex_unlock(connection[out].ch_mutex);
return(rc < 0 ? rc : rc * -1);
} /* END pbs_original_connect() */
int get_hostaddr_hostent_af(
int *rc,
char *hostname,
unsigned short *af_family,
char **host_addr,
int *host_addr_len)
{
int addr_rc;
struct sockaddr_in *sa;
struct addrinfo *pAddrInfo;
char log_buf[LOCAL_LOG_BUF_SIZE];
char *tmp_ip = NULL;
#ifdef NUMA_SUPPORT
/* if this is a numa host, just get the parent node's address */
char *dash;
if ((dash = strchr(hostname,'-')) != NULL)
{
char *tmp;
/* make sure to use the last dash */
while ((tmp = strchr(dash+1,'-')))
dash = tmp;
if (isdigit(*(dash+1)))
{
/* terminate string temporarily */
*dash = '\0';
/* check if this resolves to a hostname without the dash */
if ((addr_rc = pbs_getaddrinfo(hostname, NULL, &pAddrInfo)) != 0)
{
/* not a numa-owned node, act normal */
*dash = '-';
addr_rc = pbs_getaddrinfo(hostname, NULL, &pAddrInfo);
}
}
/* otherwise proceed with just the parent hostname so
* it can be resolved */
else
addr_rc = pbs_getaddrinfo(hostname, NULL, &pAddrInfo);
}
else
addr_rc = pbs_getaddrinfo(hostname, NULL, &pAddrInfo);
#else
addr_rc = pbs_getaddrinfo(hostname, NULL, &pAddrInfo);
#endif /* NUMA_SUPPORT */
*rc = PBSE_NONE;
if (addr_rc != 0)
{
snprintf(log_buf, sizeof(log_buf),
"cannot resolve IP address for host '%s' herror=%d: %s",
hostname,
h_errno,
hstrerror(h_errno));
/* This is for cases where the client is running this command */
if (log_mutex == NULL)
fprintf(stderr, "%s\n", log_buf);
else
log_event(PBSEVENT_SYSTEM, PBS_EVENTCLASS_SERVER, __func__, log_buf);
if (h_errno == TRY_AGAIN)
*rc = PBS_NET_RC_RETRY;
else
*rc = PBS_NET_RC_FATAL;
return(*rc);
}
if ((tmp_ip = (char *)calloc(1, sizeof(struct in_addr) + 1)) == NULL)
{
*rc = PBS_NET_RC_FATAL;
}
else
{
sa = (struct sockaddr_in *)pAddrInfo->ai_addr;
memcpy(tmp_ip, &sa->sin_addr, sizeof(struct in_addr));
*host_addr = tmp_ip;
*host_addr_len = sizeof(struct in_addr);
*af_family = sa->sin_family;
}
return(*rc);
} /* END get_hostaddr_hostent() */
int start_listener_addrinfo(
char *host_name,
int server_port,
void *(*process_meth)(void *))
{
struct addrinfo *adr_svr = NULL;
struct sockaddr adr_client;
struct sockaddr_in *in_addr;
struct sockaddr_in svr_address;
socklen_t len_inet;
int rc = PBSE_NONE;
int sockoptval;
int new_conn_port = -1;
int listen_socket = 0;
int total_cntr = 0;
unsigned short port_net_byte_order;
pthread_attr_t t_attr;
char err_msg[MAXPATHLEN];
char log_buf[LOCAL_LOG_BUF_SIZE + 1];
int ret = pbs_getaddrinfo(host_name, NULL, &adr_svr);
if (ret != 0)
{
/* hostname didn't resolve */
snprintf(err_msg, sizeof(err_msg),
"Error with getaddrinfo on host name %s. Error code = %d, '%s'.\n",
host_name, ret, gai_strerror(ret));
log_event(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, err_msg);
rc = PBSE_SOCKET_FAULT;
return rc;
}
port_net_byte_order = htons(server_port);
memcpy(&adr_svr->ai_addr->sa_data, &port_net_byte_order, sizeof(unsigned short));
memset(&svr_address, 0, sizeof(svr_address));
svr_address.sin_family = adr_svr->ai_family;
svr_address.sin_port = htons(server_port);
svr_address.sin_addr.s_addr = htonl(INADDR_ANY);
if ((listen_socket = get_listen_socket(adr_svr)) < 0)
{
/* Can not get socket for listening */
rc = PBSE_SOCKET_FAULT;
}
else if ((bind(listen_socket, (struct sockaddr *)&svr_address, sizeof(svr_address))) == -1)
{
/* Can not bind local socket */
rc = PBSE_SOCKET_FAULT;
}
else if (listen(listen_socket, 256) == -1)
{
/* Can not listener on local socket */
rc = PBSE_SOCKET_LISTEN;
}
else if ((rc = pthread_attr_init(&t_attr)) != 0)
{
/* Can not init thread attribute structure */
rc = PBSE_THREADATTR;
}
else if ((rc = pthread_attr_setdetachstate(&t_attr, PTHREAD_CREATE_DETACHED)) != 0)
{
/* Can not set thread initial state as detached */
pthread_attr_destroy(&t_attr);
}
else
{
// record this so it can be closed by children
listening_socket = listen_socket;
int exit_loop = FALSE;
int retry_tolerance = NUM_ACCEPT_RETRIES;
while (1)
{
long *args = NULL;
/* if successfully allocated args will be freed in process_meth */
args = (long *)calloc(3, sizeof(long));
if (args == NULL)
{
snprintf(log_buf, sizeof(log_buf), "failed to allocate argument space");
log_event(PBSEVENT_ERROR, PBS_EVENTCLASS_REQUEST, __func__, log_buf);
/* Let's try to recover */
sleep(5);
continue;
}
len_inet = sizeof(struct sockaddr);
if ((new_conn_port = accept(listen_socket, (struct sockaddr *)&adr_client, (socklen_t *)&len_inet)) == -1)
{
switch (errno)
{
case EMFILE:
case ENFILE:
case EINTR:
/* transient error, try again */
if (retry_tolerance-- <= 0)
{
exit_loop = TRUE;
snprintf(err_msg, sizeof(err_msg), "Exiting loop because we passed our retry tolerance: %d", errno);
}
else
sleep(1);
break;
default:
snprintf(err_msg, sizeof(err_msg), "error in accept %s - stopping accept loop", strerror(errno));
exit_loop = TRUE;
break;
}
if (exit_loop == TRUE)
{
if (args)
free(args);
break;
}
errno = 0;
}
else
{
retry_tolerance = NUM_ACCEPT_RETRIES;
sockoptval = 1;
setsockopt(new_conn_port, SOL_SOCKET, SO_REUSEADDR, (void *)&sockoptval, sizeof(sockoptval));
in_addr = (struct sockaddr_in *)&adr_client;
args[0] = new_conn_port;
args[1] = ntohl(in_addr->sin_addr.s_addr);
args[2] = htons(in_addr->sin_port);
if (debug_mode == TRUE)
{
process_meth((void *)args);
}
else
{
if (new_conn_port == PBS_LOCAL_CONNECTION)
{
snprintf(log_buf, LOCAL_LOG_BUF_SIZE, "Ignoring local incoming request %d", new_conn_port);
log_record(PBSEVENT_SYSTEM, PBS_EVENTCLASS_REQUEST, __func__, log_buf);
}
else
{
/* add_conn is not protocol independent. We need to
do some IPv4 stuff here */
add_conn(
new_conn_port,
FromClientDIS,
(pbs_net_t)ntohl(in_addr->sin_addr.s_addr),
(unsigned int)htons(in_addr->sin_port),
PBS_SOCK_INET,
NULL);
enqueue_threadpool_request(process_meth, args, request_pool);
}
}
}
if (debug_mode == TRUE)
{
if (total_cntr % 1000 == 0)
{
printf("Total requests: %d\n", total_cntr);
}
total_cntr++;
}
} /* END infinite_loop() */
pthread_attr_destroy(&t_attr);
/* all conditions for exiting the loop must populate err_msg */
log_event(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, err_msg);
}
if (listen_socket != -1)
close(listen_socket);
return(rc);
} /* END start_listener_addrinfo() */
int authenticate_user(
struct batch_request *preq, /* I */
struct credential *pcred,
char **autherr) /* O */
{
int rc;
char uath[PBS_MAXUSER + PBS_MAXHOSTNAME + 1];
time_t time_now = time(NULL);
char error_msg[1024];
bool acl_enabled = false;
#ifdef MUNGE_AUTH
if (strncmp(preq->rq_user, pcred->username, PBS_MAXUSER))
{
/* extra check for munge */
struct array_strings *my_acl = NULL;
char uh[PBS_MAXUSER + PBS_MAXHOSTNAME + 2];
sprintf(uh, "%s@%s", preq->rq_user, pcred->hostname);
get_svr_attr_arst(SRV_ATR_authusers, &my_acl);
if ((acl_check_my_array_string(my_acl, uh, ACL_User_Host)) == 0)
{
*autherr = strdup("User not in authorized user list.");
sprintf(error_msg, "%s Requested user %s: requested from host %s",
*autherr, preq->rq_user, preq->rq_host);
log_event(PBSEVENT_ADMIN, PBS_EVENTCLASS_SERVER, __func__, error_msg);
return(PBSE_BADCRED);
}
}
#else
if (strncmp(preq->rq_user, pcred->username, PBS_MAXUSER))
{
*autherr = strdup("Users do not match");
sprintf(error_msg, "%s: Requested user %s: credential user %s: requested from host %s",
*autherr, preq->rq_user, pcred->username, preq->rq_host);
log_event(PBSEVENT_ADMIN, PBS_EVENTCLASS_SERVER, __func__, error_msg);
return(PBSE_BADCRED);
}
#endif
if (strncmp(preq->rq_host, pcred->hostname, PBS_MAXHOSTNAME))
{
struct sockaddr_in *sai1;
struct sockaddr_in *sai2;
struct addrinfo *addr_info1 = NULL;
struct addrinfo *addr_info2 = NULL;
sai1 = get_cached_addrinfo(preq->rq_host);
sai2 = get_cached_addrinfo(pcred->hostname);
if ((sai1 == NULL) &&
(pbs_getaddrinfo(preq->rq_host, NULL, &addr_info1) == PBSE_NONE))
{
sai1 = (struct sockaddr_in *)addr_info1->ai_addr;
}
if ((sai2 == NULL) &&
(pbs_getaddrinfo(pcred->hostname, NULL, &addr_info2) == PBSE_NONE))
{
sai2 = (struct sockaddr_in *)addr_info2->ai_addr;
}
if ((sai1 == NULL) ||
(sai2 == NULL) ||
(memcmp(sai1, sai2, sizeof(struct sockaddr_in))))
{
*autherr = strdup("Hosts do not match");
sprintf(error_msg, "%s: Requested host %s: credential host: %s",
*autherr, preq->rq_host, pcred->hostname);
log_event(PBSEVENT_ADMIN, PBS_EVENTCLASS_SERVER, __func__, error_msg);
return(PBSE_BADCRED);
}
}
if (pcred->timestamp)
{
long lifetime = 0;
if (get_svr_attr_l(SRV_ATR_CredentialLifetime, &lifetime) == PBSE_NONE)
{
/* use configured value if set */
}
else
{
/* if not use the default */
lifetime = CREDENTIAL_LIFETIME;
}
/* negative values mean that credentials have an infinite lifetime */
if (lifetime > -1)
{
if ((pcred->timestamp - CREDENTIAL_TIME_DELTA > time_now) ||
(pcred->timestamp + lifetime < time_now))
{
return(PBSE_EXPIRED);
}
}
}
/* If Server's Acl_User enabled, check if user in list */
get_svr_attr_b(SRV_ATR_AclUserEnabled, &acl_enabled);
if (acl_enabled)
{
struct array_strings *acl_users = NULL;
snprintf(uath, sizeof(uath), "%s@%s", preq->rq_user, preq->rq_host);
get_svr_attr_arst(SRV_ATR_AclUsers, &acl_users);
if (acl_check_my_array_string(acl_users, uath, ACL_User) == 0)
{
int my_err;
pbs_net_t connect_addr = get_hostaddr(&my_err, preq->rq_host);
pbs_net_t server_addr = get_hostaddr(&my_err, server_host);
#ifdef __CYGWIN__
if ((!IamAdminByName(preq->rq_user)) ||
(connect_addr != server_addr))
{
return(PBSE_PERM);
}
#else /* __CYGWIN__ */
#ifdef PBS_ROOT_ALWAYS_ADMIN
if ((strcmp(preq->rq_user, PBS_DEFAULT_ADMIN) != 0) ||
(connect_addr != server_addr))
{
return(PBSE_PERM);
}
#else /* PBS_ROOT_ALWAYS_ADMIN */
return(PBSE_PERM);
#endif /* PBS_ROOT_ALWAYS_ADMIN */
#endif /* __CYGWIN__ */
}
}
/* A site stub for additional checking */
rc = site_allow_u(preq->rq_user, preq->rq_host);
return(rc);
} /* END authenticate_user() */
int openrm(
char *host, /* I */
unsigned int port) /* I (optional,0=DEFAULT) */
{
int stream;
int rc;
int retries = 0;
static unsigned int gotport = 0;
if (port == 0)
{
if (gotport == 0)
{
gotport = get_svrport((char *)PBS_MANAGER_SERVICE_NAME, (char *)"tcp",
PBS_MANAGER_SERVICE_PORT);
} /* END if (gotport == 0) */
port = gotport;
}
if ((stream = socket(AF_INET, SOCK_STREAM, 0)) != -1)
{
struct sockaddr_in addr;
struct addrinfo *addr_info;
if (pbs_getaddrinfo(host, NULL, &addr_info) != 0)
{
DBPRT(("host %s not found\n", host))
close(stream);
return(ENOENT * -1);
}
memset(&addr, '\0', sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = htonl(INADDR_ANY);
while (retries++ < MAX_RETRIES)
{
rc = bindresvport(stream, &addr);
if (rc != 0)
{
if (retries >= MAX_RETRIES)
{
close(stream);
return(-1*errno);
}
sleep(1);
}
else
break;
}
memset(&addr, '\0', sizeof(addr));
addr.sin_addr = ((struct sockaddr_in *)addr_info->ai_addr)->sin_addr;
addr.sin_family = AF_INET;
addr.sin_port = htons((unsigned short)port);
if (connect(stream, (struct sockaddr *)&addr, sizeof(addr)) == -1)
{
close(stream);
return(-1 * errno);
}
} /* END if ((stream = socket(AF_INET,SOCK_STREAM,0)) != -1) */
if (stream < 0)
{
return(-1 * errno);
}
if (addrm(stream) == -1)
{
close(stream);
return(-1 * errno);
}
return(stream);
} /* END openrm() */
