arif/maui
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

FIX: fixed security bug and also a problem with resource policy ExtendViolationTime

Browse Source 
git-svn-id: svn://opensvn.adaptivecomputing.com/maui/trunk@86 3f5042e3-fb1d-0410-be18-d6ca2573e517
This commit is contained in:
josh 2007-04-18 18:08:06 +00:00
parent 0ff243e826
commit e6a0157bd8
4 changed files with 47 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@ -1,3 +1,7 @@
Maui 3.2.6p20
- Fixed a potential security issue when Maui is used with some PBS configurations.
- Fixed a bug pertaining to Maui's resource policy ExtendedViolation time (thanks goes to Nick Sonneveld).
Maui 3.2.6p19
- Implemented fixes for a segfault, FSPOLICY loading, and workload traces submitted by Ake Sandgren

3
include/moab.h
View File

@ -341,7 +341,8 @@ enum MHoldReasonEnum {
mhrAPIFailure,
mhrRMReject,
mhrPolicyViolation,
mhrQOSAccess };
mhrQOSAccess,
mhrCredAccess };
/* node states */

17
src/moab/MLimit.c
View File

@ -31,7 +31,8 @@ int MLimitEnforceAll(
mjob_t *J;
mreq_t *RQ;
int ResourceLimitsExceeded; /* boolean */
mbool_t ResourceLimitsExceeded;
mbool_t JobExceedsLimits;
int VRes = -1;
int VLimit = -1;
@ -105,6 +106,7 @@ int MLimitEnforceAll(
/* enforce CRes utilization limits */
ResourceLimitsExceeded = FALSE;
JobExceedsLimits = FALSE;
RQ = J->Req[0]; /* FIXME */
@ -121,6 +123,7 @@ int MLimitEnforceAll(
VVal = RQ->URes.Procs;
ResourceLimitsExceeded = TRUE;
JobExceedsLimits = TRUE;
}
else if ((P->ResourceLimitPolicy[mrMem] != mrlpNONE) &&
(RQ->DRes.Mem > 0) &&
@ -136,6 +139,7 @@ int MLimitEnforceAll(
VVal = RQ->URes.Mem;
ResourceLimitsExceeded = TRUE;
JobExceedsLimits = TRUE;
}
else if ((P->ResourceLimitPolicy[mrSwap] != mrlpNONE) &&
(RQ->DRes.Swap > 0) &&
@ -151,6 +155,7 @@ int MLimitEnforceAll(
VVal = RQ->URes.Swap;
ResourceLimitsExceeded = TRUE;
JobExceedsLimits = TRUE;
}
else if ((P->ResourceLimitPolicy[mrDisk] != mrlpNONE) &&
(RQ->DRes.Disk > 0) &&
@ -166,6 +171,7 @@ int MLimitEnforceAll(
VVal = RQ->URes.Disk;
ResourceLimitsExceeded = TRUE;
JobExceedsLimits = TRUE;
}
if (ResourceLimitsExceeded == FALSE)
@ -175,7 +181,7 @@ int MLimitEnforceAll(
/* job is using more resources than requested */
J->RULVTime += MSched.Iteration;
J->RULVTime += (mulong)((MSched.Interval + 50) / 100);
switch (P->ResourceLimitPolicy[VRes])
{
@ -274,6 +280,13 @@ int MLimitEnforceAll(
DBG(1,fSCHED) DPrint("ALERT: limit violation action %s %s\n",
MPolicyAction[P->ResourceLimitViolationAction[VRes]],
(rc == SUCCESS) ? "succeeded" : "failed");
if (JobExceedsLimits == FALSE)
{
/* clear job violation time */
J->RULVTime = 0;
}
} /* END for (jindex) */
return(SUCCESS);

34
src/moab/MPBSI.c
View File

@ -5430,15 +5430,33 @@ int MPBSJobSetAttr(
return(FAILURE);
}
if (MUserAdd(ptr,&J->Cred.U) == FAILURE)
if ((J->Cred.U == NULL) || !strcmp(AP->name,ATTR_owner))
{
DBG(1,fPBS) DPrint("ERROR: cannot add user for job %s (Name: %s)\n",
J->Name,
ptr);
MJobRemove(J);
return(FAILURE);
if (MUserAdd(ptr,&J->Cred.U) == FAILURE)
{
DBG(1,fPBS) DPrint("ERROR: cannot add user for job %s (Name: %s)\n",
J->Name,
ptr);
MJobRemove(J);
return(FAILURE);
}
}
if ((J->Cred.U != NULL) && (!strcmp(AP->name,ATTR_euser)))
{
if (strcmp(J->Cred.U->Name,ptr))
{
/* effective user requested which does not match job owner */
MJobSetHold(
J,
(1 << mhBatch),
0,
mhrCredAccess,
"job not authorized to use proxy credentials");
}
}
}
else if (!strcmp(AP->name,ATTR_egroup))