[torquedev] torque trunk-3664 cygwin patch
Garrick Staples
garrick at usc.edu
Mon Jun 7 12:57:25 MDT 2010
I've checked it in. Thank you!
On Mon, Jun 07, 2010 at 04:45:09PM +0300, Igor Ilyenko alleged:
> David,
>
> I send a Cygwin patch against the current trunk.
>
> It works not only on Windows XP / 2003 (Cygwin 1.5)
> but also on Windows 7 (Cygwin 1.7).
>
> --
>
> Igor Ilyenko
>
> Software Architect
>
> United Institute of Information Problems NAS of Belarus
> http://uiip.bas-net.by
>
> diff -Naur ./trunk-3664/contrib/AddPrivileges ./new/contrib/AddPrivileges
> --- ./trunk-3664/contrib/AddPrivileges 2010-04-01 19:03:08.000000000 +0300
> +++ ./new/contrib/AddPrivileges 2010-06-02 16:23:04.249554901 +0300
> @@ -60,22 +60,20 @@
>
> ADMINGRL=544
>
> -ADMINGRD=512
> +ADMINGRD=10512
>
> +mkpasswd -l -d > $PASSWDF
> +mkgroup -l -d -u > $GROUPF;
>
> if id -G | grep -q "$ADMINGRD"
>
> then
> echo " $CURRENTU is a domain administrator"
> - mkpasswd -l -d > $PASSWDF
> - mkgroup -l -d -u > $GROUPF;
>
> elif id -G | grep -q "$ADMINGRL"
>
> then
> echo " $CURRENTU is a local administrator"
> - mkpasswd -l > $PASSWDF
> - mkgroup -l -u > $GROUPF;
>
> else echo " Current user '$CURRENTU' has not administrator privileges"
> exit $?;
> diff -Naur ./trunk-3664/README.cygwin ./new/README.cygwin
> --- ./trunk-3664/README.cygwin 2010-04-01 19:03:08.000000000 +0300
> +++ ./new/README.cygwin 2010-06-04 14:31:26.062857484 +0300
> @@ -1,32 +1,34 @@
>
>
> -Tested with the stable release Cygwin 1.5.25-15 on
> +Tested with the stable release Cygwin 1.5.25 on
> Windows XP Pro and on Windows Server 2003 SE (both 32-bit).
> +Tested with the stable release Cygwin 1.7.5 on 64-bit Windows 7 Ultimate.
> +Can be used on heterogeneous Torque clusters.
>
> GUI and Tcl/Tk components are untested
> Interactive jobs are untested.
> -Can be used on heterogeneous Torque clusters.
> -Scheduler C is used only.
> +Scheduler C is tested only. Can be used with Maui.
> Mail and drmaa are untested.
> -In mom quota and setrlimit are not supported
> -because Cygwin doesn't support ones.
> +In mom quota and setrlimit are not supported because Cygwin doesn't support ones.
>
> -Windows file system must be NTFS!!!
> -Torque needs two Windows users on each host:
> +Torque needs two Windows users (local or domain) on each host:
> <UserAdmin> with Computer administrator privileges and
> <SimpleUser> with Limited account.
> Both users must be password protected.
> -Torque server-sched-mom can run as Cygwin daemons
> -or as Windows services.
> +Torque server-sched-mom can run as Cygwin daemons or as Windows services.
> +Run as administrator (right-click) on Windows 7 and similar.
> +
>
>
> ###########################
> ### Install Cygwin ###
> ###########################
> -
> -To install Cygwin, enter into Windows as user <UserAdmin>.
> -Browse to http://cygwin.com/win-9x.html and click the "setup-legacy.exe" link.
> +
> +Enter into Windows as user <UserAdmin>.
> +To install Cygwin 1.5.25 browse to http://cygwin.com/win-9x.html and click the "setup-legacy.exe" link.
> Download and run setup-legacy.exe.
> +To install Cygwin 1.7.5 (or later) browse to http://cygwin.com and click the "Install Cygwin now" link.
> +Download and run setup.exe.
> Click through the defaults and under the package selection
> select the following packages:
>
> @@ -34,12 +36,13 @@
> automake;
> cygrunsrv;
> email;
> - gcc4;
> + gcc or gcc4;
> make;
> openssh;
> sunrpc;
> + util-linux;
> vim or mc is desirable.
> -
> +
> Download and install the default's and selected Cygwin packages.
>
>
> @@ -50,25 +53,25 @@
> Adjust an access without password prompting on each host.
>
>
> -
> -######################################
> -### Start Torque under Cygwin ###
> -######################################
> -
> +
> +#####################################
> +### Start Torque under Cygwin ###
> +#####################################
> +
> Enter into working directory as <UserAdmin> and execute the following commands:
> -
> +
> #./configure --disable-unixsockets --disable-gcc-warnings [--disable-daemons]
> #make
> #make install
> -
> +
> The next command must be at the server installation:
>
> #./contrib/AddPrivileges --add
>
> -The next command must be at the mom installation:
> +The next command must be at the mom installation:
>
> #./contrib/AddPrivileges --add mom
> -
> +
> The AddPrivileges script creates passwd&group files and adds privileges
> necessary for normal work Torque components.
> As a rule pbs_mom is demanded more privileges than pbs_server.
> @@ -86,7 +89,7 @@
> !-------------------!!-----------------------!--------------------------!--------------------------!
> ! !! ! ! !
> ! Windows service !! SeServiceLogonRight ! SeServiceLogonRight ! Windows XP/Server 2003 !
> -! by <UserAdmin> !! ! SeCreateTokenPrivilege ! !
> +! by <UserAdmin> !! ! SeCreateTokenPrivilege ! Windows 7 !
> ! !! ! ! !
> !-------------------!!-----------------------!--------------------------!--------------------------!
> ! !! ! ! !
> @@ -107,9 +110,9 @@
> Configure pbs_server via the .../torque/server_priv/nodes file.
>
> Initiate a pbs_server database and adjust a appropriate structure of queues:
> -
> +
> #pbs_server -t create
> -
> +
> #qmgr -c "s s scheduling=true"
> #qmgr -c "c q batch queue_type=execution"
> #qmgr -c "s q batch started=true"
> @@ -117,29 +120,29 @@
> #qmgr -c "s q batch resources_default.nodes=1"
> #qmgr -c "s q batch resources_default.walltime=3600"
> #qmgr -c "s s default_queue=batch"
> -
> +
> Further restart the server:
>
> #qterm -t quick
> #pbs_server
> -
> +
> Start the scheduler:
> -
> +
> #pbs_sched
>
>
>
> -Configure pbs_mom via the .../torque/mom_priv/config file.
> +Configure pbs_mom via the .../torque/mom_priv/config file.
>
> Start the mom:
> -
> +
> #pbs_mom
>
>
>
> Add the client's hostname to your server's submit_hosts
>
> -Set your server's hostsname in the .../torque/server_name file.
> +Set your server's hostsname in the .../torque/server_name file.
>
> Submit jobs as <SimpleUser> with Limited account.
>
> @@ -154,7 +157,7 @@
> See nodes information:
>
> #pbsnodes -a
> -
> +
> Run simple jobs:
>
> #echo "sleep 30" | qsub
> @@ -168,7 +171,7 @@
> ########################################################
>
> Enter into working directory as <UserAdmin> and execute the following commands:
> -
> +
> #./configure --disable-daemons --disable-unixsockets --disable-gcc-warnings
> #make
> #make install
> @@ -184,16 +187,18 @@
> #./contrib/AddPrivileges --add
> #cygrunsrv.exe -I pbs_server -p /usr/sbin/pbs_server.exe ???u <UserAdmin> -w <password>
> #cygrunsrv.exe -I pbs_sched -p /usr/sbin/pbs_sched.exe ???u <UserAdmin> -w <password>
> -
> +
> #./contrib/AddPrivileges --add mom
> #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe ???u <UserAdmin> -w <password>
> -
> -On Windows XP <UserAdmin> also can start server-sched-mom as services by Windows
> -native user SYSTEM (uid=18):
> -
> +
> +On Windows XP <UserAdmin> also can start server-sched-mom as services by
> +Windows native user SYSTEM (uid=18):
> +
> #./contrib/AddPrivileges --add SYSTEM
> #chown SYSTEM -R /var/spool/torque
> + #cygrunsrv.exe -I pbs_server -p /usr/sbin/pbs_server.exe
> + #cygrunsrv.exe -I pbs_sched -p /usr/sbin/pbs_sched.exe
> #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe
>
> -Services and privileges are managed via the Windows Control Panel or comand line.
> +Services and privileges are managed via the Windows Control Panel or command line.
>
> diff -Naur ./trunk-3664/src/include/pbs_config.h.in ./new/src/include/pbs_config.h.in
> --- ./trunk-3664/src/include/pbs_config.h.in 2010-05-28 07:53:55.000000000 +0300
> +++ ./new/src/include/pbs_config.h.in 2010-06-02 17:32:35.827555121 +0300
> @@ -563,22 +563,10 @@
> #endif
>
>
> -
> #ifndef __GNUC__
> # define __attribute__ /* nothing */
> #endif
>
> -#ifdef __CYGWIN__
> -/* sys/types.h from cygwin fails to define uid_t and gid_t */
> -#ifndef uid_t
> -#define uid_t int
> -#endif
> -#ifndef gid_t
> -#define gid_t int
> -#endif
> -#endif /* __CYGWIN__ */
> -
> -
>
> #endif /* _PBS_CONFIG_H_ */
>
> diff -Naur ./trunk-3664/src/lib/Liblog/chk_file_sec.c ./new/src/lib/Liblog/chk_file_sec.c
> --- ./trunk-3664/src/lib/Liblog/chk_file_sec.c 2010-04-01 19:03:08.000000000 +0300
> +++ ./new/src/lib/Liblog/chk_file_sec.c 2010-06-04 14:36:39.380124111 +0300
> @@ -78,7 +78,6 @@
> */
>
> #include <pbs_config.h> /* the master config generated by configure */
> -
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <errno.h>
> @@ -94,6 +93,44 @@
> #include <unistd.h>
> #include <string.h>
>
> +#ifdef __CYGWIN__
> +
> +#include <ctype.h>
> +#include <wchar.h>
> +#include <windows.h>
> +#include <io.h>
> +#include <sys/cygwin.h>
> +#include <getopt.h>
> +#include <lmaccess.h>
> +#include <lmapibuf.h>
> +#include <ntsecapi.h>
> +#include <ntdef.h>
> +#include <sys/fcntl.h>
> +#include <lmerr.h>
> +#include <lmcons.h>
> +
> +SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY};
> +SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY};
> +
> +NET_API_STATUS WINAPI (*netapibufferfree)(PVOID);
> +NET_API_STATUS WINAPI (*netuserenum)(LPWSTR,DWORD,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netgroupenum)(LPWSTR,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netlocalgroupenum)(LPWSTR,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netlocalgroupgetmembers)(LPWSTR,LPWSTR,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netgroupgetusers)(LPWSTR,LPWSTR,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netgetdcname)(LPWSTR,LPWSTR,PBYTE*);
> +NET_API_STATUS WINAPI (*netusergetinfo)(LPWSTR,LPWSTR,DWORD,PBYTE*);
> +
> +NTSTATUS NTAPI (*lsaclose)(LSA_HANDLE);
> +NTSTATUS NTAPI (*lsaopenpolicy)(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,ACCESS_MASK,PLSA_HANDLE);
> +NTSTATUS NTAPI (*lsaqueryinformationpolicy)(LSA_HANDLE,POLICY_INFORMATION_CLASS,PVOID*);
> +NTSTATUS NTAPI (*lsafreememory)(PVOID);
> +
> +LPWSTR servername;
> +
> +#endif /* __CYGWIN__ */
> +
> +
> #ifndef S_ISLNK
> #define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
> #endif
> @@ -101,126 +138,374 @@
> int chk_file_sec_stderr = 0;
>
>
> +#ifdef __CYGWIN__
> +
> +/* ----------------------------- HELPERS ---------------------------------------- */
> +
> +BOOL load_netapi (HANDLE hNetapi,HANDLE hAdvapi)
> +{
> + if ((!hNetapi) || (!hAdvapi))
> + return FALSE;
> +
> + if (!(netapibufferfree = (void *) GetProcAddress (hNetapi, "NetApiBufferFree")))
> + return FALSE;
> + if (!(netuserenum = (void *) GetProcAddress (hNetapi, "NetUserEnum")))
> + return FALSE;
> + if (!(netlocalgroupenum = (void *) GetProcAddress (hNetapi, "NetLocalGroupEnum")))
> + return FALSE;
> + if (!(netgetdcname = (void *) GetProcAddress (hNetapi, "NetGetDCName")))
> + return FALSE;
> + if (!(netusergetinfo = (void *) GetProcAddress (hNetapi, "NetUserGetInfo")))
> + return FALSE;
> + if (!(netgroupenum = (void *) GetProcAddress (hNetapi, "NetGroupEnum")))
> + return FALSE;
> + if (!(netgroupgetusers = (void *) GetProcAddress (hNetapi, "NetGroupGetUsers")))
> + return FALSE;
> + if (!(netlocalgroupgetmembers = (void *) GetProcAddress (hNetapi, "NetLocalGroupGetMembers")))
> + return FALSE;
> + if (!(lsaclose = (void *) GetProcAddress (hAdvapi, "LsaClose")))
> + return FALSE;
> + if (!(lsaopenpolicy = (void *) GetProcAddress (hAdvapi, "LsaOpenPolicy")))
> + return FALSE;
> + if (!(lsaqueryinformationpolicy = (void *) GetProcAddress (hAdvapi, "LsaQueryInformationPolicy")))
> + return FALSE;
> + if (!(lsafreememory = (void *) GetProcAddress (hAdvapi, "LsaFreeMemory")))
> + return FALSE;
> +
> + return TRUE;
> +}
> +
> +void uni2ansi (LPWSTR wcs, char *mbs, int size)
> +{
> + if (wcs)
> + WideCharToMultiByte (CP_ACP, 0, wcs, -1, mbs, size, NULL, NULL);
> + else
> + *mbs = '\0';
> +}
> +
> +void uni2utf8 (LPWSTR wcs, char *mbs, int size)
> +{
> + if (wcs)
> + WideCharToMultiByte (CP_UTF8, 0, wcs, -1, mbs, size, NULL, NULL);
> + else
> + *mbs = '\0';
> +}
> +
> +/* ----------------------------- BASIC FUNCTIONS ----------------------------------- */
> +
> +int enum_local_users (LPWSTR groupname,char *username)
> +{
> + GROUP_USERS_INFO_0 *buf0;
> + LOCALGROUP_MEMBERS_INFO_1 *buf1;
> + DWORD entries = 0;
> + DWORD total = 0;
> + DWORD reshdl = 0;
> + int i,ret=-1;
> + char grp_username[128];
> +
> + /* Print local users*/
> + if (!netlocalgroupgetmembers (NULL, groupname, 1, (void *) &buf1, MAX_PREFERRED_LENGTH, &entries, &total, &reshdl))
> + {
> + ret=0;
> + for (i = 0; i < entries; ++i)
> + if (buf1[i].lgrmi1_sidusage == SidTypeUser)
> + {
> + uni2utf8 (buf1[i].lgrmi1_name, grp_username, sizeof (grp_username));
> + if (strcmp(grp_username,username)==0)
> + {
> + ret=1;
> + break;
> + }
> + }
> + netapibufferfree (buf1);
> + }
> +
> + return ret;
> +}
> +
> +int enum_domain_users (LPWSTR server_name, LPWSTR groupname,char *username)
> +{
> + GROUP_USERS_INFO_0 *buf0;
> + LOCALGROUP_MEMBERS_INFO_1 *buf1;
> + DWORD entries = 0;
> + DWORD total = 0;
> + DWORD reshdl = 0;
> + int i,ret=-1;
> + char grp_username[128];
> +
> + if (!netgroupgetusers (server_name, groupname, 0, (void *) &buf0, MAX_PREFERRED_LENGTH, &entries, &total, &reshdl))
> + {
> + ret=0;
> + for (i = 0; i < entries; ++i)
> + {
> + uni2utf8 (buf0[i].grui0_name, grp_username, sizeof (grp_username));
> +
> +
> + if (strcmp(grp_username,username)==0)
> + {
> + ret=1;
> + break;
> + }
> + }
> + netapibufferfree (buf0);
> + }
> +
> + return ret;
> +}
> +
> +int check_local_user_privileges (char *username_utf8, int usertype)
> +{
> +
> + LOCALGROUP_INFO_0 *buffer;
> + DWORD entriesread = 0;
> + DWORD totalentries = 0;
> + DWORD resume_handle = 0;
> + DWORD rc;
> +
> + char errbuf[1024];
> + int user=-1,admin=-1,ret;
> +
> + do
> + {
> + DWORD i;
> + rc = netlocalgroupenum (NULL, 0, (void *) &buffer, 1024, &entriesread, &totalentries, &resume_handle);
> + switch (rc)
> + {
> + case ERROR_ACCESS_DENIED:
> + return 1;
> + case ERROR_MORE_DATA:
> + case ERROR_SUCCESS:
> + break;
> + default:
> + return 1;
> + }
> +
> + for (i = 0; i < entriesread; i++)
> + {
> + char localgroup_name_acp[128];
> + char domain_name[128];
> + DWORD domain_name_len = 128;
> + char psid_buffer[1024];
> +
> + DWORD sid_length = 1024;
> + int gid;
> + SID_NAME_USE acc_type;
> +
> + uni2ansi (buffer[i].lgrpi0_name, localgroup_name_acp, sizeof (localgroup_name_acp));
> +
> + if (!LookupAccountName (NULL, localgroup_name_acp, &psid_buffer, &sid_length, domain_name, &domain_name_len, &acc_type))
> + {
> + continue;
> + }
> +
> + gid = *GetSidSubAuthority (&psid_buffer, *GetSidSubAuthorityCount(&psid_buffer) - 1);
> +
> + if (gid==544)
> + {
> + ret = enum_local_users (buffer[i].lgrpi0_name,username_utf8);
> + if (ret>admin)
> + admin=ret;
> + }
> +
> + if (gid==545)
> + {
> + ret = enum_local_users (buffer[i].lgrpi0_name, username_utf8);
> + if (ret>user)
> + user=ret;
> + }
> +
> + }
> + netapibufferfree (buffer);
> + }
> + while (rc == ERROR_MORE_DATA);
> +
> + /* check if user is Admin */
> + if (usertype==0)
> + return (admin==1)?1:0;
> +
> + /* check if user is Simple User */
> + return (admin==0 && user==1)?1:0;
> +}
> +
> +int check_domain_user_privileges (LPWSTR servername, char *username_utf8, int usertype)
> +{
> + GROUP_INFO_2 *buffer;
> + DWORD entriesread = 0;
> + DWORD totalentries = 0;
> + DWORD resume_handle = 0;
> + DWORD rc;
> +
> + char errbuf[1024];
> + int user=-1,admin=-1,ret;
> +
> + do
> + {
> + DWORD i;
> + rc = netgroupenum (servername, 2, (void *) &buffer, 1024, &entriesread, &totalentries, &resume_handle);
> +
> + switch (rc)
> + {
> + case ERROR_ACCESS_DENIED:
> + return;
> + case ERROR_MORE_DATA:
> + case ERROR_SUCCESS:
> + break;
> + default:
> + return;
> + }
> +
> + for (i = 0; i < entriesread; i++)
> + {
> +
> + int gid = buffer[i].grpi2_group_id;
> +
> + if (gid==512)
> + {
> + ret = enum_domain_users (servername, buffer[i].grpi2_name,username_utf8);
> + if (ret>admin)
> + admin=ret;
> + }
> + if (gid==513)
> + {
> + ret = enum_domain_users (servername, buffer[i].grpi2_name, username_utf8);
> + if (ret>user)
> + user=ret;
> + }
> + }
> + netapibufferfree (buffer);
> + }
> + while (rc == ERROR_MORE_DATA);
> +
> + /* check if user is Admin */
> + if (usertype==0)
> + return (admin==1)?1:0;
> + /* check if user is Simple User */
> + return (admin==0 && user==1)?1:0;
> +}
> +
> +/* ----------------------------- TORQUE FUNCTIONS ----------------------------------- */
> +
> /*
> * IamRoot returns 1 if current user has root (Administrator) account,
> * else returns 0
> */
> +
> int IamRoot()
> - {
> -#ifndef __CYGWIN__
> - if ((getuid() == 0) && (geteuid() == 0))
> - {
> - return 1;
> - }
> - fprintf(stderr, "Must be run as root\n");
> +{
> + struct passwd *p;
> + int uid;
> + HANDLE hAdvapi, hNetapi;
> +
> + servername=NULL;
> + hNetapi = LoadLibrary ("netapi32.dll");
> + hAdvapi = LoadLibrary ("advapi32.dll");
>
> -#else
> - struct group *gr;
> - struct passwd *p;
> - char **t;
> + if (!load_netapi (hNetapi,hAdvapi))
> + {
> + log_err(-1, "IamRoot","Cann`t load netapi32.dll and advapi32.dll libraries\n");
> + return 0;
> + }
>
> - if (getuid() == 18)
> - {
> - return 1;
> - }
> - if ((p = getpwuid(getuid())) == NULL)
> - {
> - fprintf(stderr, "No password entry for current user. Check your /etc/passwd file.\n");
> - return 0;
> - }
> - if ((gr=getgrgid(544)) != NULL)
> - {
> - for (t = gr->gr_mem; t && *t; t++)
> + if (netgetdcname (NULL, NULL, (void *) &servername) != ERROR_SUCCESS)
> {
> - if (!strcmp (p->pw_name, *t))
> + log_err(-1, "IamRoot","Cann`t get the name of the primary domain controller\n");
> + }
> +
> + uid=getuid();
> +
> + if (uid==18)
> return 1;
> +
> + if ((p = getpwuid(uid))==NULL)
> + {
> + log_err(-1, "IamRoot","WARNING!!! No password entry for currient user. Check your /etc/passwd file.\n");
> + return 0;
> }
> - fprintf(stderr, "Must be run as user with Administrator privileges\n");
> - }
> - else
> - {
> - fprintf(stderr, "No group entry. Check your /etc/group file.\n");
> - }
> -#endif /* __CYGWIN__ */
> - return 0;
> - } /* END IamRoot() */
> +
> + if (check_local_user_privileges(p->pw_name,0) || check_domain_user_privileges(servername,p->pw_name,0))
> + return 1;
> +
> + log_err(-1, "IamRoot","WARNING!!! Must be run with Administrator privileges.\n");
> + return 0;
> +}
>
>
> -#ifdef __CYGWIN__
> /*
> * IamAdminByName returns 1 if user <userName> has Administrator account,
> * else returns 0
> */
> -int IamAdminByName(char *userName)
> - {
> - struct group *gr;
> - char **t;
> -
> - if ((gr=getgrgid(544)) != NULL)
> - {
> - for (t = gr->gr_mem; t && *t; t++)
> - if (!strcmp (userName, *t))
> - return 1;
> - }
> - return 0;
> - } /* END IamAdminByName */
>
> +int IamAdminByName(char *userName)
> +{
> + return (check_local_user_privileges(userName,0) || check_domain_user_privileges(servername,userName,0))?1:0;
> +}
>
>
> /*
> * IamUser returns 1 if current user isn't included to Administrators group
> * (i.e. has a limited account), else returns 0
> */
> +
> int IamUser()
> - {
> - struct group *gr;
> - struct passwd *p;
> - char **t;
> +{
> + struct passwd *p;
>
> - if ((p = getpwuid(getuid())) && (gr = getgrgid(544)) != NULL)
> + if ((p = getpwuid(getuid())) != NULL)
> {
> - for (t = gr->gr_mem; t && *t; t++)
> - {
> - if (!strcmp (p->pw_name, *t))
> - return 0;
> - }
> - return 1;
> + printf("Check %s\n",p->pw_name);
> + if (check_local_user_privileges(p->pw_name,1) || check_domain_user_privileges(servername,p->pw_name,1))
> + return 1;
> }
> - log_err(-1, "WARNING!!!", "Check your /etc/group and /etc/passwd files.\n");
> - return 0;
> - } /* END IamUser() */
>
> + log_err(-1, "IamUser","WARNING!!! Check your /etc/group and /etc/passwd files.\n");
> + return 0;
> +} /* END IamUser() */
>
>
> -/*
> - * IamUserByName returns 1 if user <userName> isn't included to Administrators group
> - * (i.e. has a limited account), else returns 0
> +/*
> + * IamUserByName returns 1 if current user isn't included to Administrators group
> + * (i.e. has a limited account), else returns 0
> */
> +
> int IamUserByName(char *userName)
> - {
> - struct group *gr;
> - char **t;
> - char buff[512];
> +{
> + char buff[512];
> +
> +
> + if (check_local_user_privileges(userName,1) || check_domain_user_privileges(servername,userName,1))
> + {
> + return 1;
> + }
> + else
> + if (IamAdminByName(userName))
> + {
> + sprintf(buff, "WARNING!!! Can`t run job with Administrator privileges. Your should limit preveleges for \"%s\"!",userName);
> + log_err(-1, "IamUserByName", buff);
> + return 0;
> + }
> + sprintf(buff, "WARNING!!! Can`t find user \"%s\"!",userName);
> + log_err(-1, "IamUserByName", buff);
> + return 0;
> +}
> +
> +
> +#else /* not def __CYGWIN__ */
> +
> +int IamRoot()
> +{
> + if ((getuid() == 0) && (geteuid() == 0))
> + return 1;
> + fprintf(stderr, "Must be run as root\n");
> + return 0;
> +}
>
> - if ((gr = getgrgid(544)) != NULL)
> - {
> - for (t = gr->gr_mem; t && *t; t++)
> - if (!strcmp (userName, *t))
> - {
> - sprintf(buff, "Can`t run job with Administrator privileges. Your should limit privileges for \"%s\"", userName);
> - log_err(-1, "WARNING!!!", buff);
> - return 0;
> - }
> - /* else log_err(-1,"Try",*t); */
> - return 1;
> - }
> - return 0;
> - } /* END IamUserByName */
> #endif /* __CYGWIN__ */
>
>
>
>
> +
> +
> /*
> * chk_file_sec() - Check file/directory security
> * Part of the PBS System Security "Feature"
> _______________________________________________
> torquedev mailing list
> torquedev at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torquedev
--
Garrick Staples, GNU/Linux HPCC SysAdmin
University of Southern California
Life is Good!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torquedev/attachments/20100607/47a185ce/attachment.bin
More information about the torquedev
mailing list