/** * @brief * Return 1 if there is no credential, 0 if there is and -1 on error. * * @param[in] remote - server name * @param[in] jobp - job whose credentials needs to be read. * @param[in] from - can have the following values, * PBS_GC_BATREQ, PBS_GC_CPYFILE and PBS_GC_EXEC * @param[out] data - kerberos credential * @param[out] dsize - kerberos credential data length * * @return int * @retval 1 - there is no credential * @retval 0 - there is credential * @retval -1 - error */ int get_credential(char *remote, job *jobp, int from, char **data, size_t *dsize) { int ret; switch (jobp->ji_extended.ji_ext.ji_credtype) { default: #ifndef PBS_MOM /* ensure job's euser exists as this can be called */ /* from pbs_send_job who is moving a job from a routing */ /* queue which doesn't have euser set */ if ( ((jobp->ji_wattr[JOB_ATR_euser].at_flags & ATR_VFLAG_SET) \ && jobp->ji_wattr[JOB_ATR_euser].at_val.at_str) && \ (server.sv_attr[SRV_ATR_ssignon_enable].at_flags & \ ATR_VFLAG_SET) && \ (server.sv_attr[SRV_ATR_ssignon_enable].at_val.at_long \ == 1) ) { ret = user_read_password( jobp->ji_wattr[(int)JOB_ATR_euser].at_val.at_str, data, dsize); /* we have credential but type is NONE, force DES */ if( ret == 0 && \ (jobp->ji_extended.ji_ext.ji_credtype == \ PBS_CREDTYPE_NONE) ) jobp->ji_extended.ji_ext.ji_credtype = \ PBS_CREDTYPE_AES; } else ret = read_cred(jobp, data, dsize); #else ret = read_cred(jobp, data, dsize); #endif break; } return ret; }
/** * @brief * Return 1 if there is no credential, 0 if there is and -1 on error. * * @param[in] remote - server name * @param[in] jobp - job whose credentials needs to be read. * @param[in] from - can have the following values, * PBS_GC_BATREQ, PBS_GC_CPYFILE and PBS_GC_EXEC * @param[out] data - kerberos credential * @param[out] dsize - kerberos credential data length * * @return int * @retval 1 - there is no credential * @retval 0 - there is credential * @retval -1 - error */ int get_credential(char *remote, job *jobp, int from, char **data, size_t *dsize) { int ret; int type; switch (jobp->ji_extended.ji_ext.ji_credtype) { case PBS_CREDTYPE_DCE_KRB5: ret = get_kerb_cred(remote, jobp, data, dsize); break; case PBS_CREDTYPE_GRIDPROXY: ret = read_cred(jobp, data, dsize); if (ret) break; if (from != PBS_GC_BATREQ) { /* need to encrypt */ char *newcred; size_t newlen; ret = pbs_encrypt_data(*data, &type, *dsize, &newcred, &newlen); if (ret) break; free(*data); *data = newcred; *dsize = newlen; } break; default: #ifndef PBS_MOM /* ensure job's euser exists as this can be called */ /* from pbs_send_job who is moving a job from a routing */ /* queue which doesn't have euser set */ if ( ((jobp->ji_wattr[JOB_ATR_euser].at_flags & ATR_VFLAG_SET) \ && jobp->ji_wattr[JOB_ATR_euser].at_val.at_str) && \ (server.sv_attr[SRV_ATR_ssignon_enable].at_flags & \ ATR_VFLAG_SET) && \ (server.sv_attr[SRV_ATR_ssignon_enable].at_val.at_long \ == 1) ) { ret = user_read_password( jobp->ji_wattr[(int)JOB_ATR_euser].at_val.at_str, data, dsize); /* we have credential but type is NONE, force DES */ if( ret == 0 && \ (jobp->ji_extended.ji_ext.ji_credtype == \ PBS_CREDTYPE_NONE) ) jobp->ji_extended.ji_ext.ji_credtype = \ PBS_CREDTYPE_AES; } else ret = read_cred(jobp, data, dsize); #else ret = read_cred(jobp, data, dsize); #endif break; } return ret; }