/*
** Put a human readable representation of a network addres into
** a staticly allocated string.
*/
char * netaddr(struct sockaddr_in *ap)
{
static char out[80];
char tmp[80];
if (ap == NULL)
return (char *)"unknown";
netaddr_long( ntohl(ap->sin_addr.s_addr), tmp);
sprintf(out, "%s:%d", tmp, ntohs(ap->sin_port));
return out;
}
/*************************************************
* svr_is_request
*
* Return: svr_is_request always returns a non-zero value
* and it must call close_conn to close the connection
* before returning. PBSE_SOCKET_CLOSE is the code
* for a successful return. But which ever retun
* code is iused it must terminate the while loop
* in start_process_pbs_server_port.
*************************************************/
void *svr_is_request(
void *v)
{
int command = 0;
int ret = DIS_SUCCESS;
int i;
int err;
char nodename[PBS_MAXHOSTNAME];
int perm = ATR_DFLAG_MGRD | ATR_DFLAG_MGWR;
unsigned long ipaddr;
unsigned short mom_port;
unsigned short rm_port;
unsigned long tmpaddr;
struct sockaddr_in addr;
struct pbsnode *node = NULL;
char log_buf[LOCAL_LOG_BUF_SIZE+1];
char msg_buf[80];
char tmp[80];
int version;
struct tcp_chan *chan;
long *args;
is_request_info *isr = (is_request_info *)v;
if (isr == NULL)
return(NULL);
chan = isr->chan;
args = isr->args;
version = disrsi(chan, &ret);
if (ret != DIS_SUCCESS)
{
log_err(-1, __func__, "Cannot read version - skipping this request.\n");
close_conn(chan->sock, FALSE);
DIS_tcp_cleanup(chan);
return(NULL);
}
command = disrsi(chan, &ret);
if (ret != DIS_SUCCESS)
{
snprintf(log_buf, sizeof(log_buf), "could not read command: %d", ret);
log_err(-1, __func__, log_buf);
close_conn(chan->sock, FALSE);
DIS_tcp_cleanup(chan);
return(NULL);
}
if (LOGLEVEL >= 4)
{
snprintf(log_buf, LOCAL_LOG_BUF_SIZE,
"message received from sock %d (version %d)",
chan->sock,
version);
log_event(PBSEVENT_ADMIN, PBS_EVENTCLASS_SERVER, __func__, log_buf);
}
/* Just a note to let us know we only do IPv4 for now */
addr.sin_family = AF_INET;
memcpy(&addr.sin_addr, (void *)&args[1], sizeof(struct in_addr));
addr.sin_port = args[2];
if (version != IS_PROTOCOL_VER)
{
netaddr_long(args[1], tmp);
sprintf(msg_buf, "%s:%ld", tmp, args[2]);
snprintf(log_buf, LOCAL_LOG_BUF_SIZE, "protocol version %d unknown from %s",
version,
msg_buf);
log_err(-1, __func__, log_buf);
close_conn(chan->sock, FALSE);
DIS_tcp_cleanup(chan);
return(NULL);
}
/* check that machine is known */
mom_port = disrsi(chan, &ret);
rm_port = disrsi(chan, &ret);
if (LOGLEVEL >= 3)
{
netaddr_long(args[1], tmp);
sprintf(msg_buf, "%s:%ld", tmp, args[2]);
snprintf(log_buf, LOCAL_LOG_BUF_SIZE,
"message received from addr %s: mom_port %d - rm_port %d",
msg_buf,
mom_port,
rm_port);
log_event(PBSEVENT_ADMIN,PBS_EVENTCLASS_SERVER,__func__,log_buf);
}
ipaddr = args[1];
if ((node = AVL_find(ipaddr, mom_port, ipaddrs)) != NULL)
{
node->lock_node(__func__, "AVL_find", LOGLEVEL);
} /* END if AVL_find != NULL) */
else if (allow_any_mom)
{
const char *name = get_cached_nameinfo(&addr);
if (name != NULL)
snprintf(nodename, sizeof(nodename), "%s", name);
else if (getnameinfo((struct sockaddr *)&addr, sizeof(addr), nodename, sizeof(nodename)-1, NULL, 0, 0) != 0)
{
tmpaddr = ntohl(addr.sin_addr.s_addr);
sprintf(nodename, "0x%lX", tmpaddr);
}
else
insert_addr_name_info(NULL, nodename);
err = create_partial_pbs_node(nodename, ipaddr, perm);
if (err == PBSE_NONE)
{
node = AVL_find(ipaddr, 0, ipaddrs);
node->lock_node(__func__, "no error", LOGLEVEL);
}
}
if (node == NULL)
{
/* node not listed in trusted ipaddrs list */
netaddr_long(args[1], tmp);
sprintf(msg_buf, "%s:%ld", tmp, args[2]);
snprintf(log_buf, LOCAL_LOG_BUF_SIZE,
"bad attempt to connect from %s (address not trusted - check entry in server_priv/nodes)",
msg_buf);
if (LOGLEVEL >= 2)
{
log_record(PBSEVENT_SCHED, PBS_EVENTCLASS_REQUEST, __func__, log_buf);
}
else
{
log_err(-1, __func__, log_buf);
}
close_conn(chan->sock, FALSE);
DIS_tcp_cleanup(chan);
return(NULL);
}
if (LOGLEVEL >= 3)
{
netaddr_long(args[1], tmp);
sprintf(msg_buf, "%s:%ld", tmp, args[2]);
snprintf(log_buf, LOCAL_LOG_BUF_SIZE,
"message %s (%d) received from mom on host %s (%s) (sock %d)",
PBSServerCmds2[command],
command,
node->get_name(),
msg_buf,
chan->sock);
log_event(PBSEVENT_ADMIN,PBS_EVENTCLASS_SERVER,__func__,log_buf);
}
mutex_mgr node_mutex(&node->nd_mutex, true);
switch (command)
{
case IS_NULL: /* a ping from server */
DBPRT(("%s: IS_NULL\n", __func__))
break;
case IS_UPDATE:
DBPRT(("%s: IS_UPDATE\n", __func__))
i = disrui(chan, &ret);
if (ret != DIS_SUCCESS)
{
if (LOGLEVEL >= 1)
{
snprintf(log_buf, LOCAL_LOG_BUF_SIZE,
"IS_UPDATE error %d on node %s\n", ret, node->get_name());
log_err(ret, __func__, log_buf);
}
goto err;
}
DBPRT(("%s: IS_UPDATE %s 0x%x\n", __func__, node->get_name(), i))
update_node_state(node, i);
if ((node->nd_state & INUSE_DOWN) != 0)
{
node->nd_mom_reported_down = TRUE;
}
break;
case IS_STATUS:
{
std::string node_name = node->get_name();
if (LOGLEVEL >= 2)
{
snprintf(log_buf, LOCAL_LOG_BUF_SIZE,
"IS_STATUS received from %s", node->get_name());
log_event(PBSEVENT_ADMIN, PBS_EVENTCLASS_SERVER, __func__, log_buf);
}
node_mutex.unlock();
ret = is_stat_get(node_name.c_str(), chan);
node = find_nodebyname(node_name.c_str());
if (node != NULL)
{
node->nd_stream = -1;
node_mutex.mark_as_locked();
if (ret == SEND_HELLO)
{
//struct hello_info *hi = new hello_info(node->nd_id);
write_tcp_reply(chan, IS_PROTOCOL, IS_PROTOCOL_VER, IS_STATUS, DIS_SUCCESS);
hierarchy_handler.sendHierarchyToANode(node);
ret = DIS_SUCCESS;
}
else
write_tcp_reply(chan,IS_PROTOCOL,IS_PROTOCOL_VER,IS_STATUS,ret);
}
if (ret != DIS_SUCCESS)
{
if (LOGLEVEL >= 1)
{
snprintf(log_buf, LOCAL_LOG_BUF_SIZE,
"IS_STATUS error %d on node %s", ret, node_name.c_str());
log_err(ret, __func__, log_buf);
}
goto err;
}
break;
}
default:
snprintf(log_buf, LOCAL_LOG_BUF_SIZE,
"unknown command %d sent from %s",
command,
node->get_name());
log_err(-1, __func__, log_buf);
goto err;
break;
} /* END switch (command) */
/* must be closed because mom opens and closes this connection each time */
close_conn(chan->sock, FALSE);
DIS_tcp_cleanup(chan);
return(NULL);
err:
/* a DIS write error has occurred */
if (node != NULL)
{
if (LOGLEVEL >= 1)
{
DBPRT(("%s: error processing node %s\n",
__func__,
node->get_name()))
}
netaddr_long(args[1], tmp);
sprintf(msg_buf, "%s:%ld", tmp, args[2]);
sprintf(log_buf, "%s from %s(%s)",
dis_emsg[ret],
node->get_name(),
msg_buf);
}
else
{
int req_signaljob(
batch_request *preq) /* I */
{
job *pjob;
int rc;
char log_buf[LOCAL_LOG_BUF_SIZE];
batch_request *dup_req = NULL;
/* preq free'd in error cases */
if ((pjob = chk_job_request(preq->rq_ind.rq_signal.rq_jid, preq)) == 0)
{
return(PBSE_NONE);
}
mutex_mgr job_mutex(pjob->ji_mutex, true);
/* the job must be running */
if (pjob->ji_qs.ji_state != JOB_STATE_RUNNING)
{
req_reject(PBSE_BADSTATE, 0, preq, NULL, NULL);
return(PBSE_NONE);
}
/* Special pseudo signals for suspend and resume require op/mgr */
if (!strcmp(preq->rq_ind.rq_signal.rq_signame, SIG_RESUME) ||
!strcmp(preq->rq_ind.rq_signal.rq_signame, SIG_SUSPEND))
{
if ((preq->rq_perm & (ATR_DFLAG_OPRD | ATR_DFLAG_OPWR | ATR_DFLAG_MGRD | ATR_DFLAG_MGWR)) == 0)
{
/* for suspend/resume, must be mgr/op */
req_reject(PBSE_PERM, 0, preq, NULL, NULL);
return(PBSE_NONE);
}
}
/* save job ptr for post_signal_req() */
preq->rq_extra = strdup(pjob->ji_qs.ji_jobid);
/* FIXME: need a race-free check for available free subnodes before
* resuming a suspended job */
#ifdef DONOTSUSPINTJOB
/* interactive jobs don't resume correctly so don't allow a suspend */
if (!strcmp(preq->rq_ind.rq_signal.rq_signame, SIG_SUSPEND) &&
(pjob->ji_wattr[JOB_ATR_interactive].at_flags & ATR_VFLAG_SET) &&
(pjob->ji_wattr[JOB_ATR_interactive].at_val.at_long > 0))
{
req_reject(PBSE_JOBTYPE, 0, preq, NULL, NULL);
return(PBSE_NONE);
}
#endif
if (LOGLEVEL >= 6)
{
char ipstr[128];
sprintf(log_buf, "relaying signal request to mom %s", netaddr_long(pjob->ji_qs.ji_un.ji_exect.ji_momaddr,ipstr));
log_record(PBSEVENT_SCHED,PBS_EVENTCLASS_REQUEST,"req_signaljob",log_buf);
}
/* send reply for asynchronous suspend */
if (preq->rq_type == PBS_BATCH_AsySignalJob)
{
/* reply_ack will free preq. We need to copy it before we call reply_ack */
batch_request *new_preq;
new_preq = duplicate_request(preq, -1);
if (new_preq == NULL)
{
sprintf(log_buf, "failed to duplicate batch request");
log_event(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buf);
return(PBSE_MEM_MALLOC);
}
get_batch_request_id(new_preq);
reply_ack(new_preq);
preq->rq_noreply = TRUE;
}
/* pass the request on to MOM */
if ((dup_req = duplicate_request(preq)) == NULL)
{
req_reject(PBSE_SYSTEM, 0, preq, NULL, "can not allocate memory");
}
/* The dup_req is freed in relay_to_mom (failure)
* or in issue_Drequest (success) */
else
{
rc = relay_to_mom(&pjob, dup_req, NULL);
if (pjob != NULL)
job_mutex.unlock();
else
job_mutex.set_unlock_on_exit(false);
if (rc != PBSE_NONE)
{
free_br(dup_req);
req_reject(rc, 0, preq, NULL, NULL); /* unable to get to MOM */
}
else
{
post_signal_req(dup_req);
free_br(preq);
}
}
/* If successful we ack after mom replies to us, we pick up in post_signal_req() */
return(PBSE_NONE);
} /* END req_signaljob() */
int process_request(
struct tcp_chan *chan) /* file descriptor (socket) to get request */
{
int rc = PBSE_NONE;
struct batch_request *request = NULL;
char log_buf[LOCAL_LOG_BUF_SIZE];
long acl_enable = FALSE;
long state = SV_STATE_DOWN;
time_t time_now = time(NULL);
int free_request = TRUE;
char tmpLine[MAXLINE];
char *auth_err = NULL;
enum conn_type conn_active;
unsigned short conn_socktype;
unsigned short conn_authen;
unsigned long conn_addr;
int sfds = chan->sock;
pthread_mutex_lock(svr_conn[sfds].cn_mutex);
conn_active = svr_conn[sfds].cn_active;
conn_socktype = svr_conn[sfds].cn_socktype;
conn_authen = svr_conn[sfds].cn_authen;
conn_addr = svr_conn[sfds].cn_addr;
svr_conn[sfds].cn_lasttime = time_now;
pthread_mutex_unlock(svr_conn[sfds].cn_mutex);
if ((request = alloc_br(0)) == NULL)
{
snprintf(tmpLine, sizeof(tmpLine),
"cannot allocate memory for request from %lu",
conn_addr);
req_reject(PBSE_MEM_MALLOC, 0, request, NULL, tmpLine);
free_request = FALSE;
rc = PBSE_SYSTEM;
goto process_request_cleanup;
}
request->rq_conn = sfds;
/*
* Read in the request and decode it to the internal request structure.
*/
if (conn_active == FromClientDIS || conn_active == ToServerDIS)
{
#ifdef ENABLE_UNIX_SOCKETS
if ((conn_socktype & PBS_SOCK_UNIX) &&
(conn_authen != PBS_NET_CONN_AUTHENTICATED))
{
/* get_creds interestingly always returns 0 */
get_creds(sfds, conn_credent[sfds].username, conn_credent[sfds].hostname);
}
#endif /* END ENABLE_UNIX_SOCKETS */
rc = dis_request_read(chan, request);
}
else
{
char out[80];
snprintf(tmpLine, MAXLINE, "request on invalid type of connection: %d, sock type: %d, from address %s",
conn_active,conn_socktype, netaddr_long(conn_addr, out));
log_event(PBSEVENT_SYSTEM, PBS_EVENTCLASS_REQUEST,
"process_req", tmpLine);
snprintf(tmpLine, sizeof(tmpLine),
"request on invalid type of connection (%d) from %s",
conn_active,
netaddr_long(conn_addr, out));
req_reject(PBSE_BADHOST, 0, request, NULL, tmpLine);
free_request = FALSE;
rc = PBSE_BADHOST;
goto process_request_cleanup;
}
if (rc == -1)
{
/* FAILURE */
/* premature end of file */
rc = PBSE_PREMATURE_EOF;
goto process_request_cleanup;
}
if ((rc == PBSE_SYSTEM) || (rc == PBSE_INTERNAL) || (rc == PBSE_SOCKET_CLOSE))
{
/* FAILURE */
/* read error, likely cannot send reply so just disconnect */
/* ??? not sure about this ??? */
goto process_request_cleanup;
}
if (rc > 0)
{
/* FAILURE */
/*
* request didn't decode, either garbage or unknown
* request type, in either case, return reject-reply
*/
req_reject(rc, 0, request, NULL, "cannot decode message");
free_request = FALSE;
goto process_request_cleanup;
}
if (get_connecthost(sfds, request->rq_host, PBS_MAXHOSTNAME) != 0)
{
sprintf(log_buf, "%s: %lu",
pbse_to_txt(PBSE_BADHOST),
conn_addr);
log_event(PBSEVENT_DEBUG, PBS_EVENTCLASS_REQUEST, "", log_buf);
snprintf(tmpLine, sizeof(tmpLine),
"cannot determine hostname for connection from %lu",
conn_addr);
req_reject(PBSE_BADHOST, 0, request, NULL, tmpLine);
free_request = FALSE;
rc = PBSE_BADHOST;
goto process_request_cleanup;
}
if (LOGLEVEL >= 1)
{
sprintf(log_buf,
msg_request,
reqtype_to_txt(request->rq_type),
request->rq_user,
request->rq_host,
sfds);
log_event(PBSEVENT_DEBUG2, PBS_EVENTCLASS_REQUEST, "", log_buf);
}
/* is the request from a host acceptable to the server */
if (conn_socktype & PBS_SOCK_UNIX)
{
strcpy(request->rq_host, server_name);
}
get_svr_attr_l(SRV_ATR_acl_host_enable, &acl_enable);
if (acl_enable)
{
/* acl enabled, check it; always allow myself and nodes */
struct array_strings *pas = NULL;
struct pbsnode *isanode;
get_svr_attr_arst(SRV_ATR_acl_hosts, &pas);
isanode = PGetNodeFromAddr(conn_addr);
if ((isanode == NULL) &&
(strcmp(server_host, request->rq_host) != 0) &&
(acl_check_my_array_string(pas, request->rq_host, ACL_Host) == 0))
{
char tmpLine[MAXLINE];
snprintf(tmpLine, sizeof(tmpLine), "request not authorized from host %s",
request->rq_host);
req_reject(PBSE_BADHOST, 0, request, NULL, tmpLine);
free_request = FALSE;
rc = PBSE_BADHOST;
goto process_request_cleanup;
}
if (isanode != NULL)
unlock_node(isanode, "process_request", NULL, LOGLEVEL);
}
/*
* determine source (user client or another server) of request.
* set the permissions granted to the client
*/
if (conn_authen == PBS_NET_CONN_FROM_PRIVIL)
{
/* request came from another server */
request->rq_fromsvr = 1;
request->rq_perm =
ATR_DFLAG_USRD | ATR_DFLAG_USWR |
ATR_DFLAG_OPRD | ATR_DFLAG_OPWR |
ATR_DFLAG_MGRD | ATR_DFLAG_MGWR |
ATR_DFLAG_SvWR;
}
else
{
/* request not from another server */
conn_credent[sfds].timestamp = time_now;
request->rq_fromsvr = 0;
/*
* Client must be authenticated by an Authenticate User Request, if not,
* reject request and close connection. -- The following is retained for
* compat with old cmds -- The exception to this is of course the Connect
* Request which cannot have been authenticated, because it contains the
* needed ticket; so trap it here. Of course, there is no prior
* authentication on the Authenticate User request either, but it comes
* over a reserved port and appears from another server, hence is
* automatically granted authentication.
*
* The above is only true with inet sockets. With unix domain sockets, the
* user creds were read before the first dis_request_read call above.
* We automatically granted authentication because we can trust the socket
* creds. Authorization is still granted in svr_get_privilege below
*/
if (request->rq_type == PBS_BATCH_Connect)
{
req_connect(request);
if (conn_socktype == PBS_SOCK_INET)
{
rc = PBSE_IVALREQ;
req_reject(rc, 0, request, NULL, NULL);
free_request = FALSE;
goto process_request_cleanup;
}
}
if (conn_socktype & PBS_SOCK_UNIX)
{
pthread_mutex_lock(svr_conn[sfds].cn_mutex);
svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
pthread_mutex_unlock(svr_conn[sfds].cn_mutex);
}
if (ENABLE_TRUSTED_AUTH == TRUE )
rc = PBSE_NONE; /* bypass the authentication of the user--trust the client completely */
else if (munge_on)
{
/* If munge_on is true we will validate the connection now */
if (request->rq_type == PBS_BATCH_AltAuthenUser)
{
rc = req_altauthenuser(request);
free_request = FALSE;
goto process_request_cleanup;
}
else
{
rc = authenticate_user(request, &conn_credent[sfds], &auth_err);
}
}
else if (conn_authen != PBS_NET_CONN_AUTHENTICATED)
/* skip checking user if we did not get an authenticated credential */
rc = PBSE_BADCRED;
else
rc = authenticate_user(request, &conn_credent[sfds], &auth_err);
if (rc != 0)
{
req_reject(rc, 0, request, NULL, auth_err);
if (auth_err != NULL)
free(auth_err);
free_request = FALSE;
goto process_request_cleanup;
}
/*
* pbs_mom and checkpoint restart scripts both need the authority to do
* alters and releases on checkpointable jobs. Allow manager permission
* for root on the jobs execution node.
*/
if (((request->rq_type == PBS_BATCH_ModifyJob) ||
(request->rq_type == PBS_BATCH_ReleaseJob)) &&
(strcmp(request->rq_user, PBS_DEFAULT_ADMIN) == 0))
{
job *pjob;
char *dptr;
int skip = FALSE;
char short_host[PBS_MAXHOSTNAME+1];
/* make short host name */
strcpy(short_host, request->rq_host);
if ((dptr = strchr(short_host, '.')) != NULL)
{
*dptr = '\0';
}
if ((pjob = svr_find_job(request->rq_ind.rq_modify.rq_objname, FALSE)) != (job *)0)
{
if (pjob->ji_qs.ji_state == JOB_STATE_RUNNING)
{
if ((pjob->ji_wattr[JOB_ATR_checkpoint].at_flags & ATR_VFLAG_SET) &&
((csv_find_string(pjob->ji_wattr[JOB_ATR_checkpoint].at_val.at_str, "s") != NULL) ||
(csv_find_string(pjob->ji_wattr[JOB_ATR_checkpoint].at_val.at_str, "c") != NULL) ||
(csv_find_string(pjob->ji_wattr[JOB_ATR_checkpoint].at_val.at_str, "enabled") != NULL)) &&
(strstr(pjob->ji_wattr[JOB_ATR_exec_host].at_val.at_str, short_host) != NULL))
{
request->rq_perm = svr_get_privilege(request->rq_user, server_host);
skip = TRUE;
}
}
unlock_ji_mutex(pjob, __func__, "1", LOGLEVEL);
}
if (!skip)
{
request->rq_perm = svr_get_privilege(request->rq_user, request->rq_host);
}
}
else
{
request->rq_perm = svr_get_privilege(request->rq_user, request->rq_host);
}
} /* END else (conn_authen == PBS_NET_CONN_FROM_PRIVIL) */
/* if server shutting down, disallow new jobs and new running */
get_svr_attr_l(SRV_ATR_State, &state);
if (state > SV_STATE_RUN)
{
switch (request->rq_type)
{
case PBS_BATCH_AsyrunJob:
case PBS_BATCH_JobCred:
case PBS_BATCH_MoveJob:
case PBS_BATCH_QueueJob:
case PBS_BATCH_RunJob:
case PBS_BATCH_StageIn:
case PBS_BATCH_jobscript:
req_reject(PBSE_SVRDOWN, 0, request, NULL, NULL);
rc = PBSE_SVRDOWN;
free_request = FALSE;
goto process_request_cleanup;
/*NOTREACHED*/
break;
}
}
/*
* dispatch the request to the correct processing function.
* The processing function must call reply_send() to free
* the request struture.
*/
rc = dispatch_request(sfds, request);
return(rc);
process_request_cleanup:
if (free_request == TRUE)
free_br(request);
return(rc);
} /* END process_request() */
void *mom_process_request(
void *sock_num) /* file descriptor (socket) to get request */
{
int rc;
struct batch_request *request = NULL;
int sfds = *(int *)sock_num;
struct tcp_chan *chan = NULL;
time_now = time(NULL);
if ((request = alloc_br(0)) == NULL)
{
mom_close_client(sfds);
return NULL;
}
request->rq_conn = sfds;
if ((chan = DIS_tcp_setup(sfds)) == NULL)
{
mom_close_client(sfds);
free_br(request);
return NULL;
}
/* Read in the request and decode it to the internal request structure. */
rc = dis_request_read(chan, request);
if (rc == -1)
{
/* FAILURE */
/* premature end of file */
mom_close_client(chan->sock);
free_br(request);
DIS_tcp_cleanup(chan);
return NULL;
}
if ((rc == PBSE_SYSTEM) || (rc == PBSE_INTERNAL) || (rc == PBSE_SOCKET_CLOSE))
{
/* FAILURE */
/* read error, likely cannot send reply so just disconnect */
/* ??? not sure about this ??? */
mom_close_client(chan->sock);
free_br(request);
DIS_tcp_cleanup(chan);
return NULL;
}
if (rc != PBSE_NONE)
{
/* FAILURE */
/*
* request didn't decode, either garbage or unknown
* request type, in either case, return reject-reply
*/
req_reject(rc, 0, request, NULL, "cannot decode message");
mom_close_client(chan->sock);
DIS_tcp_cleanup(chan);
return NULL;
}
if (get_connecthost(chan->sock, request->rq_host, PBS_MAXHOSTNAME) != 0)
{
char tmpLine[MAXLINE];
char ipstr[128];
sprintf(log_buffer, "%s: %s",
pbse_to_txt(PBSE_BADHOST),
netaddr_long(get_connectaddr(chan->sock,FALSE), ipstr));
log_event(PBSEVENT_DEBUG, PBS_EVENTCLASS_REQUEST, "", log_buffer);
snprintf(tmpLine, sizeof(tmpLine), "cannot determine hostname for connection from %s",
ipstr);
req_reject(PBSE_BADHOST, 0, request, NULL, tmpLine);
mom_close_client(chan->sock);
DIS_tcp_cleanup(chan);
return NULL;
}
if (LOGLEVEL >= 1)
{
sprintf(
log_buffer,
msg_request,
reqtype_to_txt(request->rq_type),
request->rq_user,
request->rq_host,
chan->sock);
log_event(PBSEVENT_DEBUG2, PBS_EVENTCLASS_REQUEST, "", log_buffer);
}
/* is the request from a host acceptable to the server */
{
/*extern tree *okclients; */
extern void mom_server_update_receive_time_by_ip(u_long ipaddr, const char *cmd);
/* check connecting host against allowed list of ok clients */
if (LOGLEVEL >= 6)
{
sprintf(log_buffer, "request type %s from host %s received",
reqtype_to_txt(request->rq_type),
request->rq_host);
log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
}
if (svr_conn[chan->sock].cn_authen != PBS_NET_CONN_FROM_PRIVIL)
{
sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)",
reqtype_to_txt(request->rq_type),
request->rq_host);
log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
mom_close_client(chan->sock);
DIS_tcp_cleanup(chan);
return NULL;
}
if (!AVL_is_in_tree_no_port_compare(svr_conn[chan->sock].cn_addr, 0, okclients))
{
sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",
reqtype_to_txt(request->rq_type),
request->rq_host);
log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
mom_close_client(chan->sock);
DIS_tcp_cleanup(chan);
return NULL;
}
if (LOGLEVEL >= 3)
{
sprintf(log_buffer, "request type %s from host %s allowed",
reqtype_to_txt(request->rq_type),
request->rq_host);
log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, __func__, log_buffer);
}
mom_server_update_receive_time_by_ip(svr_conn[chan->sock].cn_addr, reqtype_to_txt(request->rq_type));
} /* END BLOCK */
request->rq_fromsvr = 1;
request->rq_perm =
ATR_DFLAG_USRD | ATR_DFLAG_USWR |
ATR_DFLAG_OPRD | ATR_DFLAG_OPWR |
ATR_DFLAG_MGRD | ATR_DFLAG_MGWR |
ATR_DFLAG_SvWR | ATR_DFLAG_MOM;
/*
* dispatch the request to the correct processing function.
* The processing function must call reply_send() to free
* the request struture.
*/
mom_dispatch_request(chan->sock, request);
DIS_tcp_cleanup(chan);
return NULL;
} /* END mom_process_request() */
