/* * Determine if the job has permission to use the identified image */ static int _test_image_perms(char *image_name, List image_list, struct job_record* job_ptr) { int allow = 0, i, rc; ListIterator itr; ListIterator itr2; image_t *image = NULL; image_group_t *image_group = NULL; /* Cache group information for most recently checked user */ static gid_t groups[MAX_GROUPS]; static int ngroups = -1; static int32_t cache_user = -1; itr = list_iterator_create(image_list); while ((image = list_next(itr))) { if (!strcasecmp(image->name, image_name) || !strcasecmp(image->name, "*")) { if (image->def) { allow = 1; break; } if (!image->groups || !list_count(image->groups)) { allow = 1; break; } if (job_ptr->user_id != cache_user) { rc = _get_user_groups(job_ptr->user_id, job_ptr->group_id, groups, MAX_GROUPS, &ngroups); if (rc) /* Failed to get groups */ break; cache_user = job_ptr->user_id; } itr2 = list_iterator_create(image->groups); while (!allow && (image_group = list_next(itr2))) { for (i=0; i<ngroups; i++) { if (image_group->gid == groups[i]) { allow = 1; break; } } } list_iterator_destroy(itr2); if (allow) break; } } list_iterator_destroy(itr); return allow; }
/* * _check_mcs_label() is called to check a mcs_label of a job */ static int _check_mcs_label (struct job_record *job_ptr, char *label) { int rc = SLURM_ERROR; int i = 0; gid_t gid; uint32_t tmp_group ; gid_t groups[MAX_GROUPS]; int ngroups = -1; /* test if real unix group */ if (gid_from_string(label, &gid ) != 0) return rc; /* test if this group is owned by the user */ rc = _get_user_groups(job_ptr->user_id, job_ptr->group_id, groups, MAX_GROUPS, &ngroups); if (rc) /* Failed to get groups */ return rc; rc = SLURM_ERROR; for (i = 0; i < ngroups; i++) { tmp_group = (uint32_t) groups[i]; if (gid == tmp_group) { rc = SLURM_SUCCESS; break; } } if (rc == SLURM_ERROR) return rc; rc = SLURM_ERROR; /* test if mcs_label is in list of possible mcs_label */ for (i = 0; i < nb_mcs_groups; i++) { if (array_mcs_parameter[i] == gid) { rc = SLURM_SUCCESS; return rc; } } return rc; }
/* * mcs_p_check_mcs_label() is called to check mcs_label. */ extern int mcs_p_check_mcs_label (uint32_t user_id, char *mcs_label) { int rc = SLURM_ERROR; int i = 0; gid_t gid; gid_t slurm_user_gid; uint32_t tmp_group ; gid_t groups[MAX_GROUPS]; uint32_t group_id; int ngroups = -1; if (mcs_label != NULL) { /* test if real unix group */ if (gid_from_string(mcs_label, &gid ) != 0) return rc; /* test if this group is owned by the user */ slurm_user_gid = gid_from_uid(user_id); group_id = (uint32_t) slurm_user_gid; rc = _get_user_groups(user_id, group_id, groups, MAX_GROUPS, &ngroups); if (rc) /* Failed to get groups */ return rc; rc = SLURM_ERROR; for (i = 0; i < ngroups; i++) { tmp_group = (uint32_t) groups[i]; if (gid == tmp_group) { rc = SLURM_SUCCESS; break; } } } else rc = SLURM_SUCCESS; return rc; }
/* * mcs_p_set_mcs_label() is called to obtain/check mcs_label. * Return job_ptr->mcs_label value must be xfreed */ extern int mcs_p_set_mcs_label (struct job_record *job_ptr, char *label) { char *result = NULL; gid_t groups[MAX_GROUPS]; int ngroups = -1; int rc; if (label == NULL) { if ((slurm_mcs_get_enforced() == 0) && job_ptr->details && (job_ptr->details->whole_node != WHOLE_NODE_MCS)) return SLURM_SUCCESS; rc = _get_user_groups(job_ptr->user_id,job_ptr->group_id, groups, MAX_GROUPS, &ngroups); if (rc) { /* Failed to get groups */ if (slurm_mcs_get_enforced() == 0) return SLURM_SUCCESS; else return SLURM_ERROR; } rc = _find_mcs_label(groups, ngroups, &result); if (rc) { return SLURM_ERROR; } else { xfree(job_ptr->mcs_label); job_ptr->mcs_label = xstrdup(result); return SLURM_SUCCESS; } } else { if (_check_mcs_label(job_ptr, label) == 0 ) return SLURM_SUCCESS; else return SLURM_ERROR; } }