/**
* @brief
* Return 1 if there is no credential, 0 if there is and -1 on error.
*
* @param[in] remote - server name
* @param[in] jobp - job whose credentials needs to be read.
* @param[in] from - can have the following values,
* PBS_GC_BATREQ, PBS_GC_CPYFILE and PBS_GC_EXEC
* @param[out] data - kerberos credential
* @param[out] dsize - kerberos credential data length
*
* @return int
* @retval 1 - there is no credential
* @retval 0 - there is credential
* @retval -1 - error
*/
int
get_credential(char *remote, job *jobp, int from, char **data, size_t *dsize)
{
int ret;
switch (jobp->ji_extended.ji_ext.ji_credtype) {
default:
#ifndef PBS_MOM
/* ensure job's euser exists as this can be called */
/* from pbs_send_job who is moving a job from a routing */
/* queue which doesn't have euser set */
if ( ((jobp->ji_wattr[JOB_ATR_euser].at_flags & ATR_VFLAG_SET) \
&& jobp->ji_wattr[JOB_ATR_euser].at_val.at_str) && \
(server.sv_attr[SRV_ATR_ssignon_enable].at_flags & \
ATR_VFLAG_SET) && \
(server.sv_attr[SRV_ATR_ssignon_enable].at_val.at_long \
== 1) ) {
ret = user_read_password(
jobp->ji_wattr[(int)JOB_ATR_euser].at_val.at_str,
data, dsize);
/* we have credential but type is NONE, force DES */
if( ret == 0 && \
(jobp->ji_extended.ji_ext.ji_credtype == \
PBS_CREDTYPE_NONE) )
jobp->ji_extended.ji_ext.ji_credtype = \
PBS_CREDTYPE_AES;
} else
ret = read_cred(jobp, data, dsize);
#else
ret = read_cred(jobp, data, dsize);
#endif
break;
}
return ret;
}
/**
* @brief
* Return 1 if there is no credential, 0 if there is and -1 on error.
*
* @param[in] remote - server name
* @param[in] jobp - job whose credentials needs to be read.
* @param[in] from - can have the following values,
* PBS_GC_BATREQ, PBS_GC_CPYFILE and PBS_GC_EXEC
* @param[out] data - kerberos credential
* @param[out] dsize - kerberos credential data length
*
* @return int
* @retval 1 - there is no credential
* @retval 0 - there is credential
* @retval -1 - error
*/
int
get_credential(char *remote, job *jobp, int from, char **data, size_t *dsize)
{
int ret;
int type;
switch (jobp->ji_extended.ji_ext.ji_credtype) {
case PBS_CREDTYPE_DCE_KRB5:
ret = get_kerb_cred(remote, jobp, data, dsize);
break;
case PBS_CREDTYPE_GRIDPROXY:
ret = read_cred(jobp, data, dsize);
if (ret)
break;
if (from != PBS_GC_BATREQ) { /* need to encrypt */
char *newcred;
size_t newlen;
ret = pbs_encrypt_data(*data, &type, *dsize, &newcred, &newlen);
if (ret)
break;
free(*data);
*data = newcred;
*dsize = newlen;
}
break;
default:
#ifndef PBS_MOM
/* ensure job's euser exists as this can be called */
/* from pbs_send_job who is moving a job from a routing */
/* queue which doesn't have euser set */
if ( ((jobp->ji_wattr[JOB_ATR_euser].at_flags & ATR_VFLAG_SET) \
&& jobp->ji_wattr[JOB_ATR_euser].at_val.at_str) && \
(server.sv_attr[SRV_ATR_ssignon_enable].at_flags & \
ATR_VFLAG_SET) && \
(server.sv_attr[SRV_ATR_ssignon_enable].at_val.at_long \
== 1) ) {
ret = user_read_password(
jobp->ji_wattr[(int)JOB_ATR_euser].at_val.at_str,
data, dsize);
/* we have credential but type is NONE, force DES */
if( ret == 0 && \
(jobp->ji_extended.ji_ext.ji_credtype == \
PBS_CREDTYPE_NONE) )
jobp->ji_extended.ji_ext.ji_credtype = \
PBS_CREDTYPE_AES;
} else
ret = read_cred(jobp, data, dsize);
#else
ret = read_cred(jobp, data, dsize);
#endif
break;
}
return ret;
}
