torque/torque-fix-munge-rhbz#752079.patch

Index: branches/2.5-fixes/src/include/batch_request.h
===================================================================
--- branches/2.5-fixes/src/include/batch_request.h	(revision 5100)
+++ branches/2.5-fixes/src/include/batch_request.h	(revision 5101)
@@ -404,7 +404,7 @@
 
 #ifndef PBS_MOM
 extern void  req_authenuser (struct batch_request *req);
-extern void  req_altauthenuser (struct batch_request *req);
+extern int   req_altauthenuser (struct batch_request *req);
 extern void  req_connect (struct batch_request *req);
 extern void  req_locatejob (struct batch_request *req);
 extern void  req_manager (struct batch_request *req);
Index: branches/2.5-fixes/src/server/req_getcred.c
===================================================================
--- branches/2.5-fixes/src/server/req_getcred.c	(revision 5100)
+++ branches/2.5-fixes/src/server/req_getcred.c	(revision 5101)
@@ -436,7 +436,7 @@
  * utility 
  * 
 */
-void req_altauthenuser(
+int req_altauthenuser(
 
   struct batch_request *preq)  /* I */
 
@@ -462,7 +462,7 @@
   if(s >= PBS_NET_MAX_CONNECTIONS)
 	{
 	req_reject(PBSE_BADCRED, 0, preq, NULL, "cannot authenticate user");
-	return;
+	return (PBSE_BADCRED);
 	}
 
 
@@ -470,7 +470,8 @@
   if(rc)
 	{
 	/* FAILED */
-	return;
+	req_reject(PBSE_SYSTEM, 0, preq, NULL, "munge failure");
+	return (PBSE_SYSTEM);
 	}
 
   /* SUCCESS */
@@ -482,7 +483,7 @@
   svr_conn[s].cn_authen = PBS_NET_CONN_AUTHENTICATED;
 
   reply_ack(preq);
-  return;
+  return (PBSE_NONE);
 
   }  /* END req_altauthenuser() */
 
Index: branches/2.5-fixes/src/server/process_request.c
===================================================================
--- branches/2.5-fixes/src/server/process_request.c	(revision 5100)
+++ branches/2.5-fixes/src/server/process_request.c	(revision 5101)
@@ -541,10 +541,21 @@
       rc = 0;  /* bypass the authentication of the user--trust the client completely */
     else if(munge_on)
       {
-      /* If munge_on is true we will validate the connection later */
-      conn_credent[sfds].timestamp = time_now;
-      svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
-      rc = 0;
+      /* If munge_on is true we will validate the connection now */
+      if ( request->rq_type == PBS_BATCH_AltAuthenUser)
+        {
+        rc = req_altauthenuser(request);
+        if (rc == PBSE_NONE)
+          {
+          conn_credent[sfds].timestamp = time_now;
+          svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
+          }
+        return;
+        }
+      else
+        {
+        rc = authenticate_user(request, &conn_credent[sfds]);
+        }
       }
     else if (svr_conn[sfds].cn_authen != PBS_NET_CONN_AUTHENTICATED)
       rc = PBSE_BADCRED;
@@ -1021,9 +1032,6 @@
       break;
 
     case PBS_BATCH_AltAuthenUser:
-      /* Use given authentication method to determine
-         if user is valid */
-       req_altauthenuser(request); 
 
       break;
Revert "torque fails to build from source: https://bugzilla.redhat.com/show_bug.cgi?id=1676147" This reverts commit 3b709249eacc91270514eda65ea1ab417aa8a34e. Unretirement request: https://pagure.io/releng/issue/8733 2019-09-04 05:10:06 +00:00			`Index: branches/2.5-fixes/src/include/batch_request.h`
			`===================================================================`
			`--- branches/2.5-fixes/src/include/batch_request.h (revision 5100)`
			`+++ branches/2.5-fixes/src/include/batch_request.h (revision 5101)`
			`@@ -404,7 +404,7 @@`

			`#ifndef PBS_MOM`
			`extern void req_authenuser (struct batch_request *req);`
			`-extern void req_altauthenuser (struct batch_request *req);`
			`+extern int req_altauthenuser (struct batch_request *req);`
			`extern void req_connect (struct batch_request *req);`
			`extern void req_locatejob (struct batch_request *req);`
			`extern void req_manager (struct batch_request *req);`
			`Index: branches/2.5-fixes/src/server/req_getcred.c`
			`===================================================================`
			`--- branches/2.5-fixes/src/server/req_getcred.c (revision 5100)`
			`+++ branches/2.5-fixes/src/server/req_getcred.c (revision 5101)`
			`@@ -436,7 +436,7 @@`
			`* utility`
			`*`
			`*/`
			`-void req_altauthenuser(`
			`+int req_altauthenuser(`

			`struct batch_request preq) / I */`

			`@@ -462,7 +462,7 @@`
			`if(s >= PBS_NET_MAX_CONNECTIONS)`
			`{`
			`req_reject(PBSE_BADCRED, 0, preq, NULL, "cannot authenticate user");`
			`- return;`
			`+ return (PBSE_BADCRED);`
			`}`


			`@@ -470,7 +470,8 @@`
			`if(rc)`
			`{`
			`/* FAILED */`
			`- return;`
			`+ req_reject(PBSE_SYSTEM, 0, preq, NULL, "munge failure");`
			`+ return (PBSE_SYSTEM);`
			`}`

			`/* SUCCESS */`
			`@@ -482,7 +483,7 @@`
			`svr_conn[s].cn_authen = PBS_NET_CONN_AUTHENTICATED;`

			`reply_ack(preq);`
			`- return;`
			`+ return (PBSE_NONE);`

			`} /* END req_altauthenuser() */`

			`Index: branches/2.5-fixes/src/server/process_request.c`
			`===================================================================`
			`--- branches/2.5-fixes/src/server/process_request.c (revision 5100)`
			`+++ branches/2.5-fixes/src/server/process_request.c (revision 5101)`
			`@@ -541,10 +541,21 @@`
			`rc = 0; /* bypass the authentication of the user--trust the client completely */`
			`else if(munge_on)`
			`{`
			`- /* If munge_on is true we will validate the connection later */`
			`- conn_credent[sfds].timestamp = time_now;`
			`- svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;`
			`- rc = 0;`
			`+ /* If munge_on is true we will validate the connection now */`
			`+ if ( request->rq_type == PBS_BATCH_AltAuthenUser)`
			`+ {`
			`+ rc = req_altauthenuser(request);`
			`+ if (rc == PBSE_NONE)`
			`+ {`
			`+ conn_credent[sfds].timestamp = time_now;`
			`+ svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;`
			`+ }`
			`+ return;`
			`+ }`
			`+ else`
			`+ {`
			`+ rc = authenticate_user(request, &conn_credent[sfds]);`
			`+ }`
			`}`
			`else if (svr_conn[sfds].cn_authen != PBS_NET_CONN_AUTHENTICATED)`
			`rc = PBSE_BADCRED;`
			`@@ -1021,9 +1032,6 @@`
			`break;`

			`case PBS_BATCH_AltAuthenUser:`
			`- /* Use given authentication method to determine`
			`- if user is valid */`
			`- req_altauthenuser(request);`

			`break;`