torque/torque-fix-munge-rhbz#752079.patch
2011-11-17 21:15:32 +01:00

95 lines
2.9 KiB
Diff

Index: branches/2.5-fixes/src/include/batch_request.h
===================================================================
--- branches/2.5-fixes/src/include/batch_request.h (revision 5100)
+++ branches/2.5-fixes/src/include/batch_request.h (revision 5101)
@@ -404,7 +404,7 @@
#ifndef PBS_MOM
extern void req_authenuser (struct batch_request *req);
-extern void req_altauthenuser (struct batch_request *req);
+extern int req_altauthenuser (struct batch_request *req);
extern void req_connect (struct batch_request *req);
extern void req_locatejob (struct batch_request *req);
extern void req_manager (struct batch_request *req);
Index: branches/2.5-fixes/src/server/req_getcred.c
===================================================================
--- branches/2.5-fixes/src/server/req_getcred.c (revision 5100)
+++ branches/2.5-fixes/src/server/req_getcred.c (revision 5101)
@@ -436,7 +436,7 @@
* utility
*
*/
-void req_altauthenuser(
+int req_altauthenuser(
struct batch_request *preq) /* I */
@@ -462,7 +462,7 @@
if(s >= PBS_NET_MAX_CONNECTIONS)
{
req_reject(PBSE_BADCRED, 0, preq, NULL, "cannot authenticate user");
- return;
+ return (PBSE_BADCRED);
}
@@ -470,7 +470,8 @@
if(rc)
{
/* FAILED */
- return;
+ req_reject(PBSE_SYSTEM, 0, preq, NULL, "munge failure");
+ return (PBSE_SYSTEM);
}
/* SUCCESS */
@@ -482,7 +483,7 @@
svr_conn[s].cn_authen = PBS_NET_CONN_AUTHENTICATED;
reply_ack(preq);
- return;
+ return (PBSE_NONE);
} /* END req_altauthenuser() */
Index: branches/2.5-fixes/src/server/process_request.c
===================================================================
--- branches/2.5-fixes/src/server/process_request.c (revision 5100)
+++ branches/2.5-fixes/src/server/process_request.c (revision 5101)
@@ -541,10 +541,21 @@
rc = 0; /* bypass the authentication of the user--trust the client completely */
else if(munge_on)
{
- /* If munge_on is true we will validate the connection later */
- conn_credent[sfds].timestamp = time_now;
- svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
- rc = 0;
+ /* If munge_on is true we will validate the connection now */
+ if ( request->rq_type == PBS_BATCH_AltAuthenUser)
+ {
+ rc = req_altauthenuser(request);
+ if (rc == PBSE_NONE)
+ {
+ conn_credent[sfds].timestamp = time_now;
+ svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
+ }
+ return;
+ }
+ else
+ {
+ rc = authenticate_user(request, &conn_credent[sfds]);
+ }
}
else if (svr_conn[sfds].cn_authen != PBS_NET_CONN_AUTHENTICATED)
rc = PBSE_BADCRED;
@@ -1021,9 +1032,6 @@
break;
case PBS_BATCH_AltAuthenUser:
- /* Use given authentication method to determine
- if user is valid */
- req_altauthenuser(request);
break;