int
main(int argc, char *argv[])
{
int error = 0;
Context ctx;
if (argc < 4) {
fprintf(stderr, "Correct usage %s <config_file> <data_file> <engine>\n",
argv[0]);
return -1;
}
if (!_read_config(&ctx, argv[1]))
return -1;
ctx.f = fopen(argv[2], "r");
if (!ctx.f) {
fprintf(stderr, "Failed to open %s\n", argv[1]);
return -1;
}
ctx.sml_engine = atoi(argv[3]);
ctx.sml = _sml_new(ctx.sml_engine);
ctx.reads = ctx.rights = ctx.predictions = 0;
if (!ctx.sml || !_initialize_sml(&ctx)) {
fprintf(stderr, "Failed to initialize sml\n");
error = -1;
goto end;
}
while (_read_data(&ctx)) {
_do_prediction(&ctx);
ctx.first_train = true;
if ((error = sml_process(ctx.sml))) {
fprintf(stderr, "sml_process error number %d\n", error);
break;
}
ctx.first_train = false;
if ((error = sml_process(ctx.sml))) {
fprintf(stderr, "sml_process error number %d\n", error);
break;
}
}
sml_print_debug(ctx.sml, false);
printf("Right guesses: %d of %d (%d games) \n", ctx.rights,
ctx.predictions, ctx.reads);
printf("Right predictions percentage:%f%%\n",
ctx.rights * 100.0 / ctx.reads);
printf("Total right predictions percentage:%f%%\n",
ctx.rights * 100.0 / ctx.predictions);
sml_free(ctx.sml);
_free_players(ctx.players, ctx.num_players);
end:
fclose(ctx.f);
return error;
}
void ESPSerialWiFiManager::_save_config(String ssid, String pass, bool enc,
bool advanced,
IPAddress ip, IPAddress gateway, IPAddress subnet,
IPAddress dns1, IPAddress dns2){
_set_config(ssid, pass, enc, advanced, ip, gateway, subnet, dns1, dns2);
_write_config();
_read_config();
OFL("Choose Commit Config for changes to persist reboot.\n");
}
/* Set a flag while reading config, to avoid infinite recursion between here and logging
that could be caused by any WHY() or WARN() or DEBUG() invoked in _read_config(). The
problem is that on the first log message, the logging system calls confValueGet() to
discover the path of the log file, and that will return here.
*/
static int read_config()
{
if (reading)
return -1;
reading = 1;
int ret = _read_config();
reading = 0;
return ret;
}
int main(int argc, char *argv[])
{
log_options_t log_opts = LOG_OPTS_INITIALIZER;
hostlist_t hl = NULL;
char *node_name;
pthread_attr_t attr_work;
pthread_t thread_work = 0;
xstrfmtcat(prog_name, "%s[%u]", argv[0], (uint32_t) getpid());
_read_config();
log_opts.stderr_level = LOG_LEVEL_QUIET;
log_opts.syslog_level = LOG_LEVEL_QUIET;
if (slurm_get_debug_flags() && DEBUG_FLAG_NODE_FEATURES)
log_opts.logfile_level += 3;
(void) log_init(argv[0], log_opts, LOG_DAEMON, log_file);
if ((hl = hostlist_create(argv[1])) == NULL) {
error("%s: Invalid hostlist (%s)", prog_name, argv[1]);
exit(2);
}
while ((node_name = hostlist_pop(hl))) {
slurm_mutex_lock(&thread_cnt_mutex);
while (1) {
if (thread_cnt <= MAX_THREADS) {
thread_cnt++;
break;
} else { /* wait for state change and retry */
pthread_cond_wait(&thread_cnt_cond,
&thread_cnt_mutex);
}
}
slurm_mutex_unlock(&thread_cnt_mutex);
slurm_attr_init(&attr_work);
(void) pthread_attr_setdetachstate
(&attr_work, PTHREAD_CREATE_DETACHED);
if (pthread_create(&thread_work, &attr_work, _node_update,
(void *) node_name)) {
_node_update((void *) node_name);
}
slurm_attr_destroy(&attr_work);
}
/* Wait for work threads to complete */
slurm_mutex_lock(&thread_cnt_mutex);
while (1) {
if (thread_cnt == 0)
break;
else /* wait for state change and retry */
pthread_cond_wait(&thread_cnt_cond, &thread_cnt_mutex);
}
slurm_mutex_unlock(&thread_cnt_mutex);
hostlist_destroy(hl);
exit(0);
}
uint8_t ESPSerialWiFiManager::begin(){
EEPROM.begin(_eeprom_size);
_read_config();
_dirty_config = false;
WiFi.mode(WIFI_STA);
WiFi.disconnect();
delay(100);
if(_network_config.config){
_connect_from_config();
}
return WiFi.status();
}
/* no-op function for future use */
PAM_EXTERN
int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
int argc, const char **argv) {
int ctrl, retval;
char *user;
char *pass;
char *tty;
char *r_addr;
const void *pam_pass = NULL;
int srv_i;
int tac_fd, status, msg, communicating;
user = pass = tty = r_addr = NULL;
ctrl = _pam_parse(argc, argv);
if (ctrl & PAM_TAC_DEBUG)
syslog (LOG_DEBUG, "%s: called (pam_tacplus v%u.%u.%u)"
, __FUNCTION__, PAM_TAC_VMAJ, PAM_TAC_VMIN, PAM_TAC_VPAT);
syslog(LOG_DEBUG, "%s(flags=%d, argc=%d)", __func__, flags, argc);
// read config file
_read_config(ctrl);
if ( (pam_get_item(pamh, PAM_OLDAUTHTOK, &pam_pass) == PAM_SUCCESS)
&& (pam_pass != NULL) ) {
if ((pass = strdup(pam_pass)) == NULL)
return PAM_BUF_ERR;
} else {
pass = strdup("");
}
if ((user = _pam_get_user(pamh)) == NULL) {
if(pass) {
xfree(pass);
}
return PAM_USER_UNKNOWN;
}
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: user [%s] obtained", __FUNCTION__, user);
tty = _pam_get_terminal(pamh);
if (!strncmp(tty, "/dev/", 5))
tty += 5;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: tty [%s] obtained", __FUNCTION__, tty);
r_addr = _pam_get_rhost(pamh);
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: rhost [%s] obtained", __FUNCTION__, r_addr);
if (PAM_SILENT == (flags & PAM_SILENT)) {
status = PAM_AUTHTOK_ERR;
goto finish;
}
status = PAM_TRY_AGAIN;
for (srv_i = 0; srv_i < tac_srv_no; srv_i++) {
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: trying srv %d", __FUNCTION__, srv_i );
tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL, tac_timeout);
if (tac_fd < 0) {
_pam_log(LOG_ERR, "connection failed srv %d: %m", srv_i);
continue;
}
if (PAM_PRELIM_CHECK == (flags & PAM_PRELIM_CHECK)) {
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "%s: finishing PAM_PRELIM_CHECK with srv %d",
__FUNCTION__, srv_i);
close(tac_fd);
status = PAM_SUCCESS;
goto finish;
}
if (tac_authen_send(tac_fd, user, "", tty, r_addr, TAC_PLUS_AUTHEN_CHPASS) < 0) {
close(tac_fd);
_pam_log(LOG_ERR, "error sending auth req to TACACS+ server");
continue;
}
communicating = 1;
while (communicating) {
struct areply re = { .attr = NULL, .msg = NULL, status = 0, flags = 0 };
struct pam_message conv_msg = { .msg_style = 0, .msg = NULL };
struct pam_response *resp = NULL;
msg = tac_authen_read(tac_fd, &re);
if (NULL != re.msg) {
conv_msg.msg = re.msg;
}
/* talk the protocol */
switch (msg) {
case TAC_PLUS_AUTHEN_STATUS_PASS:
/* success */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_PASS");
if (NULL != conv_msg.msg) {
int retval = -1;
conv_msg.msg_style = PAM_TEXT_INFO;
retval = converse(pamh, 1, &conv_msg, &resp);
if (PAM_SUCCESS == retval) {
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "send msg=\"%s\"", conv_msg.msg);
}
else {
_pam_log(LOG_WARNING, "%s: error sending msg=\"%s\", retval=%d",
__FUNCTION__, conv_msg.msg, retval);
}
}
status = PAM_SUCCESS;
communicating = 0;
if (active_server.addr != NULL)
{
xfree(active_server.addr);
}
active_server.addr = (struct addrinfo*)xcalloc(1, sizeof(struct addrinfo));
bcopy(tac_srv[srv_i].addr, active_server.addr, sizeof(struct addrinfo));
if (active_server.key != NULL)
{
xfree(active_server.key);
}
active_server.key = xstrdup(tac_srv[srv_i].key);
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: active srv %d", __FUNCTION__, srv_i);
break;
case TAC_PLUS_AUTHEN_STATUS_FAIL:
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_FAIL");
if (NULL != conv_msg.msg) {
int retval = -1;
conv_msg.msg_style = PAM_ERROR_MSG;
retval = converse(pamh, 1, &conv_msg, &resp);
if (PAM_SUCCESS == retval) {
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "send msg=\"%s\"", conv_msg.msg);
}
else {
_pam_log(LOG_WARNING, "%s: error sending msg=\"%s\", retval=%d",
__FUNCTION__, conv_msg.msg, retval);
}
}
status = PAM_AUTHTOK_ERR;
communicating = 0;
_pam_log(LOG_ERR, "chauthtok failed: %d", msg);
break;
case TAC_PLUS_AUTHEN_STATUS_GETDATA:
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_GETDATA");
if (NULL != conv_msg.msg) {
int retval = -1;
int echo_off = (0x1 == (re.flags & 0x1));
conv_msg.msg_style = echo_off ? PAM_PROMPT_ECHO_OFF : PAM_PROMPT_ECHO_ON;
retval = converse(pamh, 1, &conv_msg, &resp);
if (PAM_SUCCESS == retval) {
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "sent msg=\"%s\", resp=\"%s\"",
conv_msg.msg, resp->resp);
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "%s: calling tac_cont_send", __FUNCTION__);
if (0 > tac_cont_send_seq(tac_fd, resp->resp, re.seq_no + 1)) {
_pam_log(LOG_ERR, "error sending continue req to TACACS+ server");
communicating = 0;
}
}
else {
_pam_log(LOG_WARNING, "%s: error sending msg=\"%s\", retval=%d",
__FUNCTION__, conv_msg.msg, retval);
communicating = 0;
}
}
else {
syslog(LOG_ERR, "GETDATA response with no message, returning PAM_TRY_AGAIN");
communicating = 0;
}
break;
case TAC_PLUS_AUTHEN_STATUS_GETUSER:
/* not implemented */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_GETUSER");
communicating = 0;
break;
case TAC_PLUS_AUTHEN_STATUS_GETPASS:
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_GETPASS");
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: calling tac_cont_send", __FUNCTION__);
if (tac_cont_send(tac_fd, pass) < 0) {
_pam_log (LOG_ERR, "error sending continue req to TACACS+ server");
communicating = 0;
break;
}
/* continue the while loop; go read tac response */
break;
case TAC_PLUS_AUTHEN_STATUS_RESTART:
/* try it again */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_RESTART");
/*
* not implemented
* WdJ: I *think* you can just do tac_authen_send(user, pass) again
* but I'm not sure
*/
communicating = 0;
break;
case TAC_PLUS_AUTHEN_STATUS_ERROR:
/* server has problems */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_ERROR");
communicating = 0;
break;
case TAC_PLUS_AUTHEN_STATUS_FOLLOW:
/* server tells to try a different server address */
/* not implemented */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_FOLLOW");
communicating = 0;
break;
default:
if (msg < 0) {
/* connection error */
communicating = 0;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "error communicating with tacacs server");
break;
}
/* unknown response code */
communicating = 0;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: unknown response 0x%02x", msg);
}
if (NULL != resp) {
xfree(resp->resp);
xfree(resp);
}
xfree(re.msg);
} /* end while(communicating) */
close(tac_fd);
if (status == PAM_SUCCESS || status == PAM_AUTHTOK_ERR)
break;
}
finish:
if (status != PAM_SUCCESS && status != PAM_AUTHTOK_ERR)
_pam_log(LOG_ERR, "no more servers to connect");
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: exit with pam status: %d", __FUNCTION__, status);
if (NULL != pass) {
bzero(pass, strlen(pass));
xfree(pass);
pass = NULL;
}
return status;
} /* pam_sm_chauthtok */
#endif
#ifdef PAM_STATIC
struct pam_module _pam_tacplus_modstruct {
"pam_tacplus",
pam_sm_authenticate,
pam_sm_setcred,
pam_sm_acct_mgmt,
pam_sm_open_session,
pam_sm_close_session,
#ifdef PAM_SM_PASSWORD
pam_sm_chauthtok
#else
NULL
#endif
};
/* authenticates user on remote TACACS+ server
* returns PAM_SUCCESS if the supplied username and password
* pair is valid
*/
PAM_EXTERN
int pam_sm_authenticate (pam_handle_t * pamh, int flags,
int argc, const char **argv) {
int ctrl, retval;
char *user;
char *pass;
char *tty;
char *r_addr;
int srv_i;
int tac_fd, status, msg, communicating;
user = pass = tty = r_addr = NULL;
ctrl = _pam_parse(argc, argv);
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: called (pam_tacplus v%u.%u.%u)",
__FUNCTION__, PAM_TAC_VMAJ, PAM_TAC_VMIN, PAM_TAC_VPAT);
if ((user = _pam_get_user(pamh)) == NULL)
return PAM_USER_UNKNOWN;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: user [%s] obtained", __FUNCTION__, user);
// read config file
_read_config(ctrl);
retval = tacacs_get_password (pamh, flags, ctrl, &pass);
if (retval != PAM_SUCCESS || pass == NULL || *pass == '\0') {
_pam_log(LOG_ERR, "unable to obtain password");
xfree(pass);
return PAM_CRED_INSUFFICIENT;
}
retval = pam_set_item (pamh, PAM_AUTHTOK, pass);
if (retval != PAM_SUCCESS) {
_pam_log(LOG_ERR, "unable to set password");
xfree(pass);
return PAM_CRED_INSUFFICIENT;
}
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: password obtained", __FUNCTION__);
tty = _pam_get_terminal(pamh);
if (!strncmp(tty, "/dev/", 5))
tty += 5;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: tty [%s] obtained", __FUNCTION__, tty);
r_addr = _pam_get_rhost(pamh);
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: rhost [%s] obtained", __FUNCTION__, r_addr);
status = PAM_AUTHINFO_UNAVAIL;
for (srv_i = 0; srv_i < tac_srv_no; srv_i++) {
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: trying srv %d", __FUNCTION__, srv_i );
tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL, tac_timeout);
if (tac_fd < 0) {
_pam_log(LOG_ERR, "connection failed srv %d: %m", srv_i);
continue;
}
if (tac_authen_send(tac_fd, user, pass, tty, r_addr, TAC_PLUS_AUTHEN_LOGIN) < 0) {
close(tac_fd);
_pam_log(LOG_ERR, "error sending auth req to TACACS+ server");
continue;
}
communicating = 1;
while (communicating) {
struct areply re = { .attr = NULL, .msg = NULL, status = 0, flags = 0 };
struct pam_message conv_msg = { .msg_style = 0, .msg = NULL };
struct pam_response *resp = NULL;
msg = tac_authen_read(tac_fd, &re);
if (NULL != re.msg) {
conv_msg.msg = re.msg;
}
/* talk the protocol */
switch (msg) {
case TAC_PLUS_AUTHEN_STATUS_PASS:
/* success */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_PASS");
if (NULL != conv_msg.msg) {
int retval = -1;
conv_msg.msg_style = PAM_TEXT_INFO;
retval = converse(pamh, 1, &conv_msg, &resp);
if (PAM_SUCCESS == retval) {
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "send msg=\"%s\"", conv_msg.msg);
}
else {
_pam_log(LOG_WARNING, "%s: error sending msg=\"%s\", retval=%d",
__FUNCTION__, conv_msg.msg, retval);
}
}
status = PAM_SUCCESS;
communicating = 0;
if (active_server.addr != NULL)
{
xfree(active_server.addr);
}
active_server.addr = (struct addrinfo*)xcalloc(1, sizeof(struct addrinfo));
bcopy(tac_srv[srv_i].addr, active_server.addr, sizeof(struct addrinfo));
if (active_server.key != NULL)
{
xfree(active_server.key);
}
active_server.key = xstrdup(tac_srv[srv_i].key);
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: active srv %d", __FUNCTION__, srv_i);
break;
case TAC_PLUS_AUTHEN_STATUS_FAIL:
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_FAIL");
if (NULL != conv_msg.msg) {
int retval = -1;
conv_msg.msg_style = PAM_ERROR_MSG;
retval = converse(pamh, 1, &conv_msg, &resp);
if (PAM_SUCCESS == retval) {
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "send msg=\"%s\"", conv_msg.msg);
}
else {
_pam_log(LOG_WARNING, "%s: error sending msg=\"%s\", retval=%d",
__FUNCTION__, conv_msg.msg, retval);
}
}
status = PAM_AUTH_ERR;
communicating = 0;
_pam_log(LOG_ERR, "auth failed: %d", msg);
break;
case TAC_PLUS_AUTHEN_STATUS_GETDATA:
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_GETDATA");
if (NULL != conv_msg.msg) {
int retval = -1;
int echo_off = (0x1 == (re.flags & 0x1));
conv_msg.msg_style = echo_off ? PAM_PROMPT_ECHO_OFF : PAM_PROMPT_ECHO_ON;
retval = converse(pamh, 1, &conv_msg, &resp);
if (PAM_SUCCESS == retval) {
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "sent msg=\"%s\", resp=\"%s\"",
conv_msg.msg, resp->resp);
if (PAM_TAC_DEBUG == (ctrl & PAM_TAC_DEBUG))
syslog(LOG_DEBUG, "%s: calling tac_cont_send", __FUNCTION__);
if (0 > tac_cont_send_seq(tac_fd, resp->resp, re.seq_no + 1)) {
_pam_log(LOG_ERR, "error sending continue req to TACACS+ server");
status = PAM_AUTH_ERR;
communicating = 0;
}
}
else {
_pam_log(LOG_WARNING, "%s: error sending msg=\"%s\", retval=%d (%s)",
__FUNCTION__, conv_msg.msg, retval, pam_strerror(pamh, retval));
status = PAM_AUTH_ERR;
communicating = 0;
}
}
else {
syslog(LOG_ERR, "GETDATA response with no message, returning PAM_AUTH_ERR");
status = PAM_AUTH_ERR;
communicating = 0;
}
break;
case TAC_PLUS_AUTHEN_STATUS_GETUSER:
/* not implemented */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_GETUSER");
communicating = 0;
break;
case TAC_PLUS_AUTHEN_STATUS_GETPASS:
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_GETPASS");
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: tac_cont_send called", __FUNCTION__);
if (tac_cont_send(tac_fd, pass) < 0) {
_pam_log (LOG_ERR, "error sending continue req to TACACS+ server");
communicating = 0;
}
/* continue the while loop; go read tac response */
break;
case TAC_PLUS_AUTHEN_STATUS_RESTART:
/* try it again */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_RESTART");
/*
* not implemented
* WdJ: I *think* you can just do tac_authen_send(user, pass) again
* but I'm not sure
*/
communicating = 0;
break;
case TAC_PLUS_AUTHEN_STATUS_ERROR:
/* server has problems */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_ERROR");
communicating = 0;
break;
case TAC_PLUS_AUTHEN_STATUS_FOLLOW:
/* server tells to try a different server address */
/* not implemented */
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: TAC_PLUS_AUTHEN_STATUS_FOLLOW");
communicating = 0;
break;
default:
if (msg < 0) {
/* connection error */
communicating = 0;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "error communicating with tacacs server");
break;
}
/* unknown response code */
communicating = 0;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "tacacs status: unknown response 0x%02x", msg);
}
if (NULL != resp)
{
if (resp->resp != NULL)
{
xfree(resp->resp);
}
xfree(resp);
}
if (re.msg != NULL)
{
xfree(re.msg);
}
} /* end while(communicating) */
close(tac_fd);
if (status == PAM_SUCCESS || status == PAM_AUTH_ERR)
break;
}
if (status != PAM_SUCCESS && status != PAM_AUTH_ERR)
_pam_log(LOG_ERR, "no more servers to connect");
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: exit with pam status: %d", __FUNCTION__, status);
if (NULL != pass) {
bzero(pass, strlen (pass));
xfree(pass);
pass = NULL;
}
return status;
} /* pam_sm_authenticate */
/* no-op function to satisfy PAM authentication module */
PAM_EXTERN
int pam_sm_setcred (pam_handle_t * pamh, int flags,
int argc, const char **argv) {
int ctrl = _pam_parse (argc, argv);
if (ctrl & PAM_TAC_DEBUG)
syslog (LOG_DEBUG, "%s: called (pam_tacplus v%u.%u.%u)"
, __FUNCTION__, PAM_TAC_VMAJ, PAM_TAC_VMIN, PAM_TAC_VPAT);
return PAM_SUCCESS;
} /* pam_sm_setcred */
/* authorizes user on remote TACACS+ server, i.e. checks
* his permission to access requested service
* returns PAM_SUCCESS if the service is allowed
*/
PAM_EXTERN
int pam_sm_acct_mgmt (pam_handle_t * pamh, int flags,
int argc, const char **argv) {
int retval, ctrl, status=PAM_AUTH_ERR;
char *user;
char *tty;
char *r_addr;
struct areply arep;
struct tac_attrib *attr = NULL;
int tac_fd;
user = tty = r_addr = NULL;
memset(&arep, 0, sizeof(arep));
/* this also obtains service name for authorization
this should be normally performed by pam_get_item(PAM_SERVICE)
but since PAM service names are incompatible TACACS+
we have to pass it via command line argument until a better
solution is found ;) */
ctrl = _pam_parse (argc, argv);
if (ctrl & PAM_TAC_DEBUG)
syslog (LOG_DEBUG, "%s: called (pam_tacplus v%u.%u.%u)"
, __FUNCTION__, PAM_TAC_VMAJ, PAM_TAC_VMIN, PAM_TAC_VPAT);
if ((user = _pam_get_user(pamh)) == NULL)
return PAM_USER_UNKNOWN;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: username obtained [%s]", __FUNCTION__, user);
// read config file
_read_config(ctrl);
tty = _pam_get_terminal(pamh);
if(!strncmp(tty, "/dev/", 5))
tty += 5;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: tty obtained [%s]", __FUNCTION__, tty);
r_addr = _pam_get_rhost(pamh);
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: rhost obtained [%s]", __FUNCTION__, r_addr);
/* checks if user has been successfully authenticated
by TACACS+; we cannot solely authorize user if it hasn't
been authenticated or has been authenticated by method other
than TACACS+ */
if(active_server.addr == NULL) {
_pam_log (LOG_ERR, "user not authenticated by TACACS+");
return PAM_AUTH_ERR;
}
if (ctrl & PAM_TAC_DEBUG)
syslog (LOG_DEBUG, "%s: active server is [%s]", __FUNCTION__,
tac_ntop(active_server.addr->ai_addr));
/* checks for specific data required by TACACS+, which should
be supplied in command line */
if(!*tac_service) {
_pam_log (LOG_ERR, "SM: TACACS+ service type not configured");
return PAM_AUTH_ERR;
}
if(!*tac_protocol) {
_pam_log (LOG_ERR, "SM: TACACS+ protocol type not configured (IGNORED)");
}
tac_add_attrib(&attr, "service", tac_service);
if(tac_protocol[0] != '\0')
tac_add_attrib(&attr, "protocol", tac_protocol);
tac_fd = tac_connect_single(active_server.addr, active_server.key, NULL, tac_timeout);
if(tac_fd < 0) {
_pam_log (LOG_ERR, "TACACS+ server unavailable");
if(arep.msg != NULL)
xfree (arep.msg);
return PAM_AUTH_ERR;
}
retval = tac_author_send(tac_fd, user, tty, r_addr, attr);
tac_free_attrib(&attr);
if(retval < 0) {
_pam_log (LOG_ERR, "error getting authorization");
if(arep.msg != NULL)
xfree (arep.msg);
close(tac_fd);
return PAM_AUTH_ERR;
}
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: sent authorization request", __FUNCTION__);
tac_author_read(tac_fd, &arep);
if(arep.status != AUTHOR_STATUS_PASS_ADD &&
arep.status != AUTHOR_STATUS_PASS_REPL) {
_pam_log (LOG_ERR, "TACACS+ authorisation failed for [%s]", user);
if(arep.msg != NULL)
xfree (arep.msg);
close(tac_fd);
return PAM_PERM_DENIED;
}
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: user [%s] successfully authorized", __FUNCTION__, user);
status = PAM_SUCCESS;
attr = arep.attr;
while (attr != NULL) {
char attribute[attr->attr_len];
char value[attr->attr_len];
char *sep;
sep = index(attr->attr, '=');
if(sep == NULL)
sep = index(attr->attr, '*');
if(sep != NULL) {
bcopy(attr->attr, attribute, attr->attr_len-strlen(sep));
attribute[attr->attr_len-strlen(sep)] = '\0';
bcopy(sep, value, strlen(sep));
value[strlen(sep)] = '\0';
size_t i;
for (i = 0; attribute[i] != '\0'; i++) {
attribute[i] = toupper(attribute[i]);
if (attribute[i] == '-')
attribute[i] = '_';
}
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: returned attribute `%s%s' from server", __FUNCTION__, attribute, value);
/* make returned attributes available for other PAM modules via PAM environment */
if (pam_putenv(pamh, strncat(attribute, value, strlen(value))) != PAM_SUCCESS)
syslog(LOG_WARNING, "%s: unable to set PAM environment", __FUNCTION__);
} else {
syslog(LOG_WARNING, "%s: invalid attribute `%s', no separator", __FUNCTION__, attr->attr);
}
attr = attr->next;
}
/* free returned attributes */
if(arep.attr != NULL)
tac_free_attrib(&arep.attr);
if(arep.msg != NULL)
xfree (arep.msg);
close(tac_fd);
return status;
} /* pam_sm_acct_mgmt */
int _pam_account(pam_handle_t *pamh, int argc, const char **argv,
int type, char *cmd) {
int retval;
static int ctrl;
char *user = NULL;
char *tty = NULL;
char *r_addr = NULL;
char *typemsg;
int status = PAM_SESSION_ERR;
int srv_i, tac_fd;
typemsg = tac_acct_flag2str(type);
ctrl = _pam_parse (argc, argv);
if (ctrl & PAM_TAC_DEBUG) {
syslog (LOG_DEBUG, "%s: [%s] called (pam_tacplus v%u.%u.%u)",
__FUNCTION__, typemsg, PAM_TAC_VMAJ, PAM_TAC_VMIN, PAM_TAC_VPAT);
syslog(LOG_DEBUG, "%s: tac_srv_no=%d", __FUNCTION__, tac_srv_no);
}
if ((user = _pam_get_user(pamh)) == NULL)
return PAM_USER_UNKNOWN;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: username [%s] obtained", __FUNCTION__, user);
// read config file
_read_config(ctrl);
tty = _pam_get_terminal(pamh);
if(!strncmp(tty, "/dev/", 5))
tty += 5;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: tty [%s] obtained", __FUNCTION__, tty);
r_addr = _pam_get_rhost(pamh);
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: rhost [%s] obtained", __FUNCTION__, r_addr);
/* checks for specific data required by TACACS+, which should
be supplied in command line */
if(*tac_service == '\0') {
_pam_log (LOG_ERR, "ACC: TACACS+ service type not configured");
return PAM_AUTH_ERR;
}
if(*tac_protocol == '\0') {
_pam_log (LOG_ERR, "ACC: TACACS+ protocol type not configured (IGNORED)");
}
/* when this module is called from within pppd or other
application dealing with serial lines, it is likely
that we will get hit with signal caused by modem hangup;
this is important only for STOP packets, it's relatively
rare that modem hangs up on accounting start */
if(type == TAC_PLUS_ACCT_FLAG_STOP) {
signal(SIGALRM, SIG_IGN);
signal(SIGCHLD, SIG_IGN);
signal(SIGHUP, SIG_IGN);
}
status = PAM_SESSION_ERR;
for(srv_i = 0; srv_i < tac_srv_no; srv_i++) {
tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL, tac_timeout);
if (tac_fd < 0) {
_pam_log(LOG_WARNING, "%s: error sending %s (fd)",
__FUNCTION__, typemsg);
continue;
}
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: connected with fd=%d (srv %d)", __FUNCTION__, tac_fd, srv_i);
retval = _pam_send_account(tac_fd, type, user, tty, r_addr, cmd);
if (retval < 0) {
_pam_log(LOG_WARNING, "%s: error sending %s (acct)",
__FUNCTION__, typemsg);
} else {
status = PAM_SUCCESS;
if (ctrl & PAM_TAC_DEBUG)
syslog(LOG_DEBUG, "%s: [%s] for [%s] sent", __FUNCTION__, typemsg, user);
}
close(tac_fd);
if ((status == PAM_SUCCESS) && !(ctrl & PAM_TAC_ACCT)) {
/* do not send acct start/stop packets to _all_ servers */
break;
}
}
if (type == TAC_PLUS_ACCT_FLAG_STOP) {
signal(SIGALRM, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
signal(SIGHUP, SIG_DFL);
}
return status;
}
static void
_reconfigure(void)
{
List steps;
ListIterator i;
slurm_ctl_conf_t *cf;
step_loc_t *stepd;
bool did_change;
_reconfig = 0;
slurm_conf_reinit(conf->conffile);
_read_config();
/*
* Rebuild topology information and refresh slurmd topo infos
*/
slurm_topo_build_config();
_set_topo_info();
/*
* In case the administrator changed the cpu frequency set capabilities
* on this node, rebuild the cpu frequency table information
*/
cpu_freq_init(conf);
_print_conf();
/*
* Make best effort at changing to new public key
*/
slurm_cred_ctx_key_update(conf->vctx, conf->pubkey);
/*
* Reinitialize the groups cache
*/
cf = slurm_conf_lock();
if (cf->group_info & GROUP_CACHE)
init_gids_cache(1);
else
init_gids_cache(0);
slurm_conf_unlock();
/* send reconfig to each stepd so they can refresh their log
* file handle
*/
steps = stepd_available(conf->spooldir, conf->node_name);
i = list_iterator_create(steps);
while ((stepd = list_next(i))) {
int fd;
fd = stepd_connect(stepd->directory, stepd->nodename,
stepd->jobid, stepd->stepid);
if (fd == -1)
continue;
if (stepd_reconfig(fd) != SLURM_SUCCESS)
debug("Reconfig jobid=%u.%u failed: %m",
stepd->jobid, stepd->stepid);
close(fd);
}
list_iterator_destroy(i);
list_destroy(steps);
gres_plugin_reconfig(&did_change);
(void) switch_g_reconfig();
container_g_reconfig();
if (did_change) {
uint32_t cpu_cnt = MAX(conf->conf_cpus, conf->block_map_size);
(void) gres_plugin_node_config_load(cpu_cnt);
send_registration_msg(SLURM_SUCCESS, false);
}
/* reconfigure energy */
acct_gather_energy_g_set_data(ENERGY_DATA_RECONFIG, NULL);
/*
* XXX: reopen slurmd port?
*/
}
static int
_slurmd_init(void)
{
struct rlimit rlim;
slurm_ctl_conf_t *cf;
struct stat stat_buf;
uint32_t cpu_cnt;
/*
* Process commandline arguments first, since one option may be
* an alternate location for the slurm config file.
*/
_process_cmdline(*conf->argc, *conf->argv);
/*
* Build nodes table like in slurmctld
* This is required by the topology stack
* Node tables setup must preceed _read_config() so that the
* proper hostname is set.
*/
slurm_conf_init(conf->conffile);
init_node_conf();
/* slurm_select_init() must be called before
* build_all_nodeline_info() to be called with proper argument. */
if (slurm_select_init(1) != SLURM_SUCCESS )
return SLURM_FAILURE;
build_all_nodeline_info(true);
build_all_frontend_info(true);
/*
* Read global slurm config file, override necessary values from
* defaults and command line.
*/
_read_config();
cpu_cnt = MAX(conf->conf_cpus, conf->block_map_size);
if ((gres_plugin_init() != SLURM_SUCCESS) ||
(gres_plugin_node_config_load(cpu_cnt) != SLURM_SUCCESS))
return SLURM_FAILURE;
if (slurm_topo_init() != SLURM_SUCCESS)
return SLURM_FAILURE;
/*
* Get and set slurmd topology information
* Build node hash table first to speed up the topo build
*/
rehash_node();
slurm_topo_build_config();
_set_topo_info();
/*
* Check for cpu frequency set capabilities on this node
*/
cpu_freq_init(conf);
_print_conf();
if (slurm_proctrack_init() != SLURM_SUCCESS)
return SLURM_FAILURE;
if (slurmd_task_init() != SLURM_SUCCESS)
return SLURM_FAILURE;
if (slurm_auth_init(NULL) != SLURM_SUCCESS)
return SLURM_FAILURE;
if (spank_slurmd_init() < 0)
return SLURM_FAILURE;
if (getrlimit(RLIMIT_CPU, &rlim) == 0) {
rlim.rlim_cur = rlim.rlim_max;
setrlimit(RLIMIT_CPU, &rlim);
if (rlim.rlim_max != RLIM_INFINITY) {
error("Slurmd process CPU time limit is %d seconds",
(int) rlim.rlim_max);
}
}
if (getrlimit(RLIMIT_NOFILE, &rlim) == 0) {
rlim.rlim_cur = rlim.rlim_max;
setrlimit(RLIMIT_NOFILE, &rlim);
}
#ifndef NDEBUG
if (getrlimit(RLIMIT_CORE, &rlim) == 0) {
rlim.rlim_cur = rlim.rlim_max;
setrlimit(RLIMIT_CORE, &rlim);
}
#endif /* !NDEBUG */
/*
* Create a context for verifying slurm job credentials
*/
if (!(conf->vctx = slurm_cred_verifier_ctx_create(conf->pubkey)))
return SLURM_FAILURE;
if (!strcmp(conf->select_type, "select/serial")) {
/* Only cache credential for 5 seconds with select/serial
* for shorter cache searches and higher throughput */
slurm_cred_ctx_set(conf->vctx, SLURM_CRED_OPT_EXPIRY_WINDOW, 5);
}
/*
* Create slurmd spool directory if necessary.
*/
if (_set_slurmd_spooldir() < 0) {
error("Unable to initialize slurmd spooldir");
return SLURM_FAILURE;
}
if (conf->cleanstart) {
/*
* Need to kill any running slurmd's here
*/
_kill_old_slurmd();
stepd_cleanup_sockets(conf->spooldir, conf->node_name);
_stepd_cleanup_batch_dirs(conf->spooldir, conf->node_name);
}
if (conf->daemonize) {
bool success = false;
if (conf->logfile && (conf->logfile[0] == '/')) {
char *slash_ptr, *work_dir;
work_dir = xstrdup(conf->logfile);
slash_ptr = strrchr(work_dir, '/');
if (slash_ptr == work_dir)
work_dir[1] = '\0';
else
slash_ptr[0] = '\0';
if ((access(work_dir, W_OK) != 0) ||
(chdir(work_dir) < 0)) {
error("Unable to chdir to %s", work_dir);
} else
success = true;
xfree(work_dir);
}
if (!success) {
if ((access(conf->spooldir, W_OK) != 0) ||
(chdir(conf->spooldir) < 0)) {
error("Unable to chdir to %s", conf->spooldir);
} else
success = true;
}
if (!success) {
if ((access("/var/tmp", W_OK) != 0) ||
(chdir("/var/tmp") < 0)) {
error("chdir(/var/tmp): %m");
return SLURM_FAILURE;
} else
info("chdir to /var/tmp");
}
}
/*
* Cache the group access list
*/
cf = slurm_conf_lock();
if (cf->group_info & GROUP_CACHE)
init_gids_cache(1);
else
init_gids_cache(0);
slurm_conf_unlock();
if ((devnull = open_cloexec("/dev/null", O_RDWR)) < 0) {
error("Unable to open /dev/null: %m");
return SLURM_FAILURE;
}
/* make sure we have slurmstepd installed */
if (stat(conf->stepd_loc, &stat_buf))
fatal("Unable to find slurmstepd file at %s", conf->stepd_loc);
if (!S_ISREG(stat_buf.st_mode))
fatal("slurmstepd not a file at %s", conf->stepd_loc);
return SLURM_SUCCESS;
}
static RTNumberPField *
create_pfield(const Arg args[], const int nargs)
{
if (nargs < 6)
return _midi_usage();
static bool configRead = false;
if (configRead == false) {
_read_config();
configRead = true;
}
double minval, maxval, defaultval, lag;
int chan;
MIDIType type = kMIDIInvalidType;
MIDISubType subtype = kMIDIInvalidSubType;
if (args[0].isType(DoubleType))
minval = args[0];
else
return _midi_usage();
if (args[1].isType(DoubleType))
maxval = args[1];
else
return _midi_usage();
if (args[2].isType(DoubleType))
defaultval = args[2];
else
return _midi_usage();
if (args[3].isType(DoubleType))
lag = args[3];
else
return _midi_usage();
if (lag < 0.0 || lag > 100.0) {
die("makeconnection (midi)", "<lag> must be between 0 and 100");
return NULL;
}
lag *= 0.01;
if (args[4].isType(DoubleType))
chan = (int) args[4] - 1; // convert to zero-based channel
else
return _midi_usage();
if (chan < 0 || chan > 15) {
die("makeconnection (midi)", "<chan> must be between 1 and 16");
return NULL;
}
if (args[5].isType(StringType))
type = _string_to_type(args[5]);
else
return _midi_usage();
if (type == kMIDIInvalidType)
return _midi_usage();
if (nargs > 6) {
if (args[6].isType(StringType))
subtype = _string_to_subtype(type, args[6]);
else if (args[6].isType(DoubleType))
// NB: this can be a code or a literal int, e.g. note or controller num
subtype = (MIDISubType) (int) args[6];
else
return _midi_usage();
if (subtype == kMIDIInvalidSubType)
return _midi_usage();
}
static RTcmixMIDI *midiport = NULL;
if (midiport == NULL) // first time, so init midi system
midiport = createMIDIPort();
if (midiport == NULL)
return NULL;
return new RTMidiPField(midiport, minval, maxval, defaultval, lag, chan,
type, subtype);
}
int main(int argc, char *argv[])
{
log_options_t log_opts = LOG_OPTS_INITIALIZER;
char *features, *save_ptr = NULL, *tok;
update_node_msg_t node_msg;
int rc = SLURM_SUCCESS;
hostlist_t hl = NULL;
char *node_name;
pthread_attr_t attr_work;
pthread_t thread_work = 0;
prog_name = argv[0];
_read_config();
log_opts.stderr_level = LOG_LEVEL_QUIET;
log_opts.syslog_level = LOG_LEVEL_QUIET;
if (slurm_get_debug_flags() && DEBUG_FLAG_NODE_FEATURES)
log_opts.logfile_level += 3;
(void) log_init(argv[0], log_opts, LOG_DAEMON, log_file);
/* Parse the MCDRAM and NUMA boot options */
if (argc == 3) {
features = xstrdup(argv[2]);
tok = strtok_r(features, ",", &save_ptr);
while (tok) {
printf("%s\n", tok);
if (!strcasecmp(tok, "a2a") ||
!strcasecmp(tok, "hemi") ||
!strcasecmp(tok, "quad") ||
!strcasecmp(tok, "snc2") ||
!strcasecmp(tok, "snc4")) {
xfree(mcdram_mode);
mcdram_mode = xstrdup(tok);
} else if (!strcasecmp(tok, "cache") ||
!strcasecmp(tok, "equal") ||
!strcasecmp(tok, "flat")) {
xfree(numa_mode);
numa_mode = xstrdup(tok);
}
tok = strtok_r(NULL, ",", &save_ptr);
}
xfree(features);
}
/* Spawn threads to change MCDRAM and NUMA states and start node
* reboot process */
if ((hl = hostlist_create(argv[1])) == NULL) {
error("%s: Invalid hostlist (%s)", prog_name, argv[1]);
exit(2);
}
node_bitmap = bit_alloc(100000);
while ((node_name = hostlist_pop(hl))) {
slurm_mutex_lock(&thread_cnt_mutex);
while (1) {
if (thread_cnt <= MAX_THREADS) {
thread_cnt++;
break;
} else { /* wait for state change and retry */
pthread_cond_wait(&thread_cnt_cond,
&thread_cnt_mutex);
}
}
slurm_mutex_unlock(&thread_cnt_mutex);
slurm_attr_init(&attr_work);
(void) pthread_attr_setdetachstate
(&attr_work, PTHREAD_CREATE_DETACHED);
if (pthread_create(&thread_work, &attr_work, _node_update,
(void *) node_name)) {
_node_update((void *) node_name);
}
slurm_attr_destroy(&attr_work);
}
/* Wait for work threads to complete */
slurm_mutex_lock(&thread_cnt_mutex);
while (1) {
if (thread_cnt == 0)
break;
else /* wait for state change and retry */
pthread_cond_wait(&thread_cnt_cond, &thread_cnt_mutex);
}
slurm_mutex_unlock(&thread_cnt_mutex);
hostlist_destroy(hl);
xfree(mcdram_mode);
xfree(numa_mode);
/* Wait for all nodes to change state to "on" */
_wait_all_nodes_on();
if ((argc == 3) && !syscfg_path) {
slurm_init_update_node_msg(&node_msg);
node_msg.node_names = argv[1];
node_msg.features_act = argv[2];
rc = slurm_update_node(&node_msg);
}
if (rc == SLURM_SUCCESS) {
exit(0);
} else {
error("%s: slurm_update_node(\'%s\', \'%s\'): %s\n",
prog_name, argv[1], argv[2],
slurm_strerror(slurm_get_errno()));
exit(1);
}
}
