[torqueusers] acl_hosts oddity

Garrick Staples garrick at usc.edu
Wed Feb 1 12:33:07 MST 2006


On Tue, Jan 31, 2006 at 09:10:34PM -0500, Steven A. DuChene alleged:
> settings? There are two ways to use this that are distinctly different depending
> on what you set acl_hosts_enable to (true or false). I.E. it is possible
> to use the functionality of acl_hosts system lists for a different function
> if acl_hosts_enable is set to false.

What are the different behaviours?  Greping through the source, I only
see one place where the *server* acl_hosts is checked, and that is at an
early part of the processing all incoming requests.  It is only used if
server acl_host_enable is true.

It seems to me that nodes should always be allowed access, regardless of
any other ACLs.

I know that maui/moab look at a *queue* host acl list to tie nodes to
queues, and it doesn't check if the host acl list is enabled.

This is the only mention of SRV_ATR_acl_host_enable and
SRV_ATR_acl_hosts anywhere in the source (other than where it is
defined.)

src/server/process_request.c:

  if (server.sv_attr[(int)SRV_ATR_acl_host_enable].at_val.at_long)
    {
    /* acl enabled, check it; always allow myself */

    if ((acl_check(
         &server.sv_attr[(int)SRV_ATR_acl_hosts],
         request->rq_host,
         ACL_Host) == 0) &&
       (strcmp(server_host,request->rq_host) != 0))
      {
      req_reject(PBSE_BADHOST,0,request,NULL,NULL);

      close_client(sfds);

      return;
      }
    }

-- 
Garrick Staples, Linux/HPCC Administrator
University of Southern California
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20060201/5a3031c7/attachment.bin


More information about the torqueusers mailing list