[Mauiusers] Re: More bugs in maui reg adminhosts

Thu, 16 Nov 2006 06:51:13 -0800 

On Thu, 2006-11-16 at 15:39 +0100, Åke Sandgren wrote:
> Hi again.
> According to the maui doc, E.1.4 ADMINHOSTS should restrict ALL admin
> level commands (admin1-3). The code to do this only restricted level 1
> commands, and besides that it was broken.
> 
> Here is a patch that moves the adminhosts check to affect all admin
> level commands and it also makes sure that there is a hostname to match
> against.
> 
> This has only been given a short test locally, but given the earlier
> state of being totally broken, its a step forward.

Oops.

Leftover cruft in the patch.
Corrected patch attached.


diff -ru site/src/mcom/MSU.c p1/src/mcom/MSU.c
--- site/src/mcom/MSU.c	2006-10-23 18:42:30.000000000 +0200
+++ p1/src/mcom/MSU.c	2006-11-16 14:45:53.000000000 +0100
@@ -982,6 +982,8 @@
 #   endif  /* END !__AIX** */
     }  /* END if (MISSET(SocketType,msftTCP)) */
 
+  strncpy(C->RemoteHost, inet_ntoa(c_sockaddr.sin_addr), sizeof(C->RemoteHost));
+
   if ((hoststruct = gethostbyaddr(
                       (char *)&c_sockaddr.sin_addr.s_addr,
                       sizeof(c_sockaddr.sin_addr.s_addr),
@@ -1001,6 +1003,7 @@
     }
   else
     {
+    strncpy(C->RemoteHost, hoststruct->h_name, sizeof(C->RemoteHost));
     MDB(2,fSOCK) MLog("INFO:     received service request from host '%s'\n",
       hoststruct->h_name);
     }
diff -ru site/src/server/OUserI.c p1/src/server/OUserI.c
--- site/src/server/OUserI.c	2006-11-16 14:47:41.000000000 +0100
+++ p1/src/server/OUserI.c	2006-11-16 14:47:23.000000000 +0100
@@ -85,7 +86,7 @@
 
   S->SBuffer = SBuffer;
 
-  strcpy(CurrentHostName,S->Host);  /* NOTE:  not very threadsafe :) */
+  strcpy(CurrentHostName,S->RemoteHost);  /* NOTE:  not very threadsafe :) */
 
   if ((X.XUIHandler != (int (*)())0) && 
     ((*X.XUIHandler)(X.xd,S,MSched.DefaultCSKey,0) == SUCCESS))
@@ -296,33 +297,16 @@
         break;
         }
 
-      hostcheck = FALSE;
-
-      for (index = 0;index < MAX_MADMINHOSTS;index++)
-        {
-        if (MSched.AdminHost[index][0] == '\0')
-          break;
-
-        if (!strcmp(MSched.AdminHost[index],S->Host))
-          {
-          hostcheck = TRUE;
-
-          break;
-          }
-
-        if (!strcmp(MSched.AdminHost[index],"ALL"))
-          {
-          hostcheck = TRUE;
+    /* admin1 or admin2 function */
 
-          break;
-          }
-        }    /* END for (index) */
+    case svcSetJobSystemPrio:
+    case svcRunJob:
 
-      if (hostcheck == FALSE)
+      if (!(FLAGS & ((1 << fAdmin1) | (1 << fAdmin2))))
         {
-        sprintf(Message,"ERROR:    command '%s' cannot be executed from host '%s'\n",
-          MService[sindex],
-          S->Host);
+        sprintf(Message,"ERROR:    user '%s' is not authorized to execute command '%s'\n",
+          Auth,
+          MService[sindex]);
 
         sprintf(S->SBuffer,"%s%d %s%s\n",
           MCKeyword[mckStatusCode],
@@ -341,12 +325,18 @@
         break;
         }
 
-    /* admin1 or admin2 function */
+    /* admin1, admin2, or admin3 functions */
 
-    case svcSetJobSystemPrio:
-    case svcRunJob:
+    case svcShowStats:
+    case svcDiagnose:
+    case svcShowJobDeadline:
+    case svcShowConfig:
+    case svcNodeShow:
+    case svcShowEstimatedStartTime:
+    case svcShowGrid:
+    case svcClusterShow:
 
-      if (!(FLAGS & ((1 << fAdmin1) | (1 << fAdmin2))))
+      if (!(FLAGS & ((1 << fAdmin1) | (1 << fAdmin2) | (1 << fAdmin3))))
         {
         sprintf(Message,"ERROR:    user '%s' is not authorized to execute command '%s'\n",
           Auth,
@@ -369,22 +359,33 @@
         break;
         }
 
-    /* admin1, admin2, or admin3 functions */
+      hostcheck = FALSE;
 
-    case svcShowStats:
-    case svcDiagnose:
-    case svcShowJobDeadline:
-    case svcShowConfig:
-    case svcNodeShow:
-    case svcShowEstimatedStartTime:
-    case svcShowGrid:
-    case svcClusterShow:
+      for (index = 0;index < MAX_MADMINHOSTS;index++)
+        {
+        if (MSched.AdminHost[index][0] == '\0')
+          break;
 
-      if (!(FLAGS & ((1 << fAdmin1) | (1 << fAdmin2) | (1 << fAdmin3))))
+        if (!strcmp(MSched.AdminHost[index],S->RemoteHost))
+          {
+          hostcheck = TRUE;
+
+          break;
+          }
+
+        if (!strcmp(MSched.AdminHost[index],"ALL"))
+          {
+          hostcheck = TRUE;
+
+          break;
+          }
+        }    /* END for (index) */
+
+      if (hostcheck == FALSE)
         {
-        sprintf(Message,"ERROR:    user '%s' is not authorized to execute command '%s'\n",
-          Auth,
-          MService[sindex]);
+        sprintf(Message,"ERROR:    command '%s' cannot be executed from host '%s'\n",
+          MService[sindex],
+          S->RemoteHost);
 
         sprintf(S->SBuffer,"%s%d %s%s\n",
           MCKeyword[mckStatusCode],
@@ -403,6 +404,7 @@
         break;
         }
 
+
     /* global functions or case specific functions */
 
     case svcResCreate:  
diff -ru site/src/server/UserI.c p1/src/server/UserI.c
--- site/src/server/UserI.c	2006-11-01 13:26:14.000000000 +0100
+++ p1/src/server/UserI.c	2006-11-16 14:46:56.000000000 +0100
@@ -465,13 +465,9 @@
 
         if (S->sd <= 0)
           {
-          memset(S,0,sizeof(MClS[index]));
+          memcpy(S, &C, sizeof(MClS[index]));
 
-          S->sd = C.sd;
-
-          if (C.SocketProtocol != 0)
-            S->SocketProtocol = C.SocketProtocol;
-          else
+          if (S->SocketProtocol == 0)
             S->SocketProtocol = MSched.DefaultMCSocketProtocol;
 
           DBG(5,fUI) DPrint("INFO:     client connected at sd %d\n",

_______________________________________________
mauiusers mailing list
[email protected]
http://www.supercluster.org/mailman/listinfo/mauiusers

Reply via email to