[torquedev] torque trunk-3664 cygwin patch

Garrick Staples garrick at usc.edu
Mon Jun 7 12:57:25 MDT 2010


I've checked it in. Thank you!

On Mon, Jun 07, 2010 at 04:45:09PM +0300, Igor Ilyenko alleged:
> David,
> 
> I send a Cygwin patch against the current trunk.
> 
> It works not only on Windows XP / 2003 (Cygwin 1.5)
> but also on Windows 7 (Cygwin 1.7).
> 
> -- 
> 
> Igor  Ilyenko
> 
> Software Architect
> 
> United Institute of Information Problems NAS of Belarus
> http://uiip.bas-net.by
> 

> diff -Naur ./trunk-3664/contrib/AddPrivileges ./new/contrib/AddPrivileges
> --- ./trunk-3664/contrib/AddPrivileges	2010-04-01 19:03:08.000000000 +0300
> +++ ./new/contrib/AddPrivileges	2010-06-02 16:23:04.249554901 +0300
> @@ -60,22 +60,20 @@
>  
>  ADMINGRL=544
>  
> -ADMINGRD=512
> +ADMINGRD=10512
>  
> +mkpasswd -l -d > $PASSWDF
> +mkgroup -l -d -u > $GROUPF;
>  
>  if id -G | grep -q "$ADMINGRD"
>  
>      then
>      echo "   $CURRENTU is a domain administrator"
> -    mkpasswd -l -d > $PASSWDF
> -    mkgroup -l -d -u > $GROUPF;
>  
>      elif id -G | grep -q "$ADMINGRL"
>  
>          then
>          echo "   $CURRENTU is a local administrator"
> -        mkpasswd -l > $PASSWDF
> -        mkgroup -l -u > $GROUPF;
>  
>      else echo "   Current user '$CURRENTU' has not administrator privileges"
>      exit $?;
> diff -Naur ./trunk-3664/README.cygwin ./new/README.cygwin
> --- ./trunk-3664/README.cygwin	2010-04-01 19:03:08.000000000 +0300
> +++ ./new/README.cygwin	2010-06-04 14:31:26.062857484 +0300
> @@ -1,32 +1,34 @@
>  
>  
> -Tested with the stable release Cygwin 1.5.25-15 on 
> +Tested with the stable release Cygwin 1.5.25 on 
>  Windows XP Pro and on Windows Server 2003 SE (both 32-bit).
> +Tested with the stable release Cygwin 1.7.5 on 64-bit Windows 7 Ultimate.
> +Can be used on heterogeneous Torque clusters.
>  
>  GUI and Tcl/Tk components are untested
>  Interactive jobs are untested.
> -Can be used on heterogeneous Torque clusters.
> -Scheduler C is used only.
> +Scheduler C is tested only. Can be used with Maui.
>  Mail and drmaa are untested.
> -In mom quota and setrlimit are not supported
> -because Cygwin doesn't support ones.
> +In mom quota and setrlimit are not supported because Cygwin doesn't support ones.
>  
> -Windows file system must be NTFS!!!
> -Torque needs two Windows users on each host:
> +Torque needs two Windows users (local or domain) on each host:
>  <UserAdmin> with Computer administrator privileges and 
>  <SimpleUser> with Limited account.
>  Both users must be password protected.
> -Torque server-sched-mom can run as Cygwin daemons
> -or as Windows services.
> +Torque server-sched-mom can run as Cygwin daemons or as Windows services.
> +Run as administrator (right-click) on Windows 7 and similar.
> +
>  
>  
>  ###########################
>  ###   Install  Cygwin   ###
>  ###########################
> -   
> -To install Cygwin, enter into Windows as user <UserAdmin>.
> -Browse to http://cygwin.com/win-9x.html and click the "setup-legacy.exe" link.  
> +
> +Enter into Windows as user <UserAdmin>.
> +To install Cygwin 1.5.25 browse to http://cygwin.com/win-9x.html and click the "setup-legacy.exe" link.
>  Download and run setup-legacy.exe.
> +To install Cygwin 1.7.5 (or later) browse to http://cygwin.com and click the "Install Cygwin now" link.
> +Download and run setup.exe.
>  Click through the defaults and under the package selection 
>  select the following packages:
>  
> @@ -34,12 +36,13 @@
>     automake;
>     cygrunsrv;
>     email;
> -   gcc4;
> +   gcc or gcc4;
>     make;
>     openssh;
>     sunrpc;
> +   util-linux;
>     vim or mc is desirable.
> -   
> +
>  Download and install the default's and selected Cygwin packages.
>  
>  
> @@ -50,25 +53,25 @@
>  Adjust an access without password prompting on each host.
>  
>  
> -     
> -######################################
> -###   Start Torque under Cygwin    ###
> -######################################
> -   
> +
> +#####################################
> +###   Start Torque under Cygwin   ###
> +#####################################
> +
>  Enter into working directory as <UserAdmin> and execute the following commands:
> -   
> +
>     #./configure --disable-unixsockets --disable-gcc-warnings [--disable-daemons]
>     #make
>     #make install
> -   
> +
>  The next command must be at the server installation:
>  
>     #./contrib/AddPrivileges --add
>  
> -The next command must be at the mom installation:   
> +The next command must be at the mom installation:
>  
>     #./contrib/AddPrivileges --add mom
> -   
> +
>  The AddPrivileges script creates passwd&group files and adds privileges
>  necessary for normal work Torque components.
>  As a rule pbs_mom is demanded more privileges than pbs_server.
> @@ -86,7 +89,7 @@
>  !-------------------!!-----------------------!--------------------------!--------------------------!
>  !                   !!                       !                          !                          !
>  !  Windows service  !!  SeServiceLogonRight  !  SeServiceLogonRight     !  Windows XP/Server 2003  !
> -!   by <UserAdmin>  !!                       !  SeCreateTokenPrivilege  !                          !
> +!   by <UserAdmin>  !!                       !  SeCreateTokenPrivilege  !       Windows 7          !
>  !                   !!                       !                          !                          !
>  !-------------------!!-----------------------!--------------------------!--------------------------!
>  !                   !!                       !                          !                          !
> @@ -107,9 +110,9 @@
>  Configure pbs_server via the .../torque/server_priv/nodes file. 
>  
>  Initiate a pbs_server database and adjust a appropriate structure of queues:
> -   
> +
>     #pbs_server -t create
> -   
> +
>     #qmgr -c "s s scheduling=true"
>     #qmgr -c "c q batch queue_type=execution"
>     #qmgr -c "s q batch started=true"
> @@ -117,29 +120,29 @@
>     #qmgr -c "s q batch resources_default.nodes=1"
>     #qmgr -c "s q batch resources_default.walltime=3600"
>     #qmgr -c "s s default_queue=batch"
> -   
> +
>  Further restart the server:
>  
>     #qterm -t quick
>     #pbs_server
> -   
> +
>  Start the scheduler:
> -   
> +
>     #pbs_sched
>  
>  
>  
> -Configure pbs_mom via the .../torque/mom_priv/config file. 
> +Configure pbs_mom via the .../torque/mom_priv/config file.
>  
>  Start the mom:
> -   
> +
>     #pbs_mom
>  
>  
>  
>  Add the client's hostname to your server's submit_hosts
>  
> -Set your server's hostsname in the .../torque/server_name file. 
> +Set your server's hostsname in the .../torque/server_name file.
>  
>  Submit jobs as <SimpleUser> with Limited account.
>  
> @@ -154,7 +157,7 @@
>  See nodes information:
>  
>     #pbsnodes -a
> -   
> +
>  Run simple jobs:
>  
>     #echo "sleep 30" | qsub
> @@ -168,7 +171,7 @@
>  ########################################################
>  
>  Enter into working directory as <UserAdmin> and execute the following commands:
> -   
> +
>     #./configure --disable-daemons --disable-unixsockets --disable-gcc-warnings
>     #make
>     #make install
> @@ -184,16 +187,18 @@
>     #./contrib/AddPrivileges --add
>     #cygrunsrv.exe -I pbs_server -p /usr/sbin/pbs_server.exe ???u <UserAdmin> -w <password>
>     #cygrunsrv.exe -I pbs_sched -p /usr/sbin/pbs_sched.exe ???u <UserAdmin> -w <password>
> - 
> +
>     #./contrib/AddPrivileges --add mom
>     #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe ???u <UserAdmin> -w <password>
> - 
> -On Windows XP <UserAdmin> also can start server-sched-mom as services by Windows 
> -native user SYSTEM (uid=18):
> - 
> +
> +On Windows XP <UserAdmin> also can start server-sched-mom as services by
> +Windows native user SYSTEM (uid=18):
> +
>     #./contrib/AddPrivileges --add SYSTEM
>     #chown SYSTEM -R /var/spool/torque
> +   #cygrunsrv.exe -I pbs_server -p /usr/sbin/pbs_server.exe
> +   #cygrunsrv.exe -I pbs_sched -p /usr/sbin/pbs_sched.exe
>     #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe
>  
> -Services and privileges are managed via the Windows Control Panel or comand line.
> +Services and privileges are managed via the Windows Control Panel or command line.
>  
> diff -Naur ./trunk-3664/src/include/pbs_config.h.in ./new/src/include/pbs_config.h.in
> --- ./trunk-3664/src/include/pbs_config.h.in	2010-05-28 07:53:55.000000000 +0300
> +++ ./new/src/include/pbs_config.h.in	2010-06-02 17:32:35.827555121 +0300
> @@ -563,22 +563,10 @@
>  #endif
>  
>  
> -
>  #ifndef __GNUC__
>  #       define __attribute__ /* nothing */
>  #endif
>  
> -#ifdef __CYGWIN__
> -/* sys/types.h from cygwin fails to define uid_t and gid_t */
> -#ifndef uid_t
> -#define uid_t int
> -#endif
> -#ifndef gid_t
> -#define gid_t int
> -#endif
> -#endif  /* __CYGWIN__  */
> -
> -
>  
>  #endif /* _PBS_CONFIG_H_ */
>  
> diff -Naur ./trunk-3664/src/lib/Liblog/chk_file_sec.c ./new/src/lib/Liblog/chk_file_sec.c
> --- ./trunk-3664/src/lib/Liblog/chk_file_sec.c	2010-04-01 19:03:08.000000000 +0300
> +++ ./new/src/lib/Liblog/chk_file_sec.c	2010-06-04 14:36:39.380124111 +0300
> @@ -78,7 +78,6 @@
>  */
>  
>  #include <pbs_config.h>   /* the master config generated by configure */
> -
>  #include <sys/types.h>
>  #include <sys/stat.h>
>  #include <errno.h>
> @@ -94,6 +93,44 @@
>  #include <unistd.h>
>  #include <string.h>
>  
> +#ifdef __CYGWIN__
> +
> +#include <ctype.h>
> +#include <wchar.h>
> +#include <windows.h>
> +#include <io.h>
> +#include <sys/cygwin.h>
> +#include <getopt.h>
> +#include <lmaccess.h>
> +#include <lmapibuf.h>
> +#include <ntsecapi.h>
> +#include <ntdef.h>
> +#include <sys/fcntl.h>
> +#include <lmerr.h>
> +#include <lmcons.h>
> +
> +SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY};
> +SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY};
> +
> +NET_API_STATUS WINAPI (*netapibufferfree)(PVOID);
> +NET_API_STATUS WINAPI (*netuserenum)(LPWSTR,DWORD,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netgroupenum)(LPWSTR,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netlocalgroupenum)(LPWSTR,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netlocalgroupgetmembers)(LPWSTR,LPWSTR,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netgroupgetusers)(LPWSTR,LPWSTR,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
> +NET_API_STATUS WINAPI (*netgetdcname)(LPWSTR,LPWSTR,PBYTE*);
> +NET_API_STATUS WINAPI (*netusergetinfo)(LPWSTR,LPWSTR,DWORD,PBYTE*);
> +
> +NTSTATUS NTAPI (*lsaclose)(LSA_HANDLE);
> +NTSTATUS NTAPI (*lsaopenpolicy)(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,ACCESS_MASK,PLSA_HANDLE);
> +NTSTATUS NTAPI (*lsaqueryinformationpolicy)(LSA_HANDLE,POLICY_INFORMATION_CLASS,PVOID*);
> +NTSTATUS NTAPI (*lsafreememory)(PVOID);
> +
> +LPWSTR servername;
> +
> +#endif  /* __CYGWIN__ */
> +
> +
>  #ifndef S_ISLNK
>  #define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
>  #endif
> @@ -101,126 +138,374 @@
>  int chk_file_sec_stderr = 0;
>  
>  
> +#ifdef __CYGWIN__
> +
> +/* ----------------------------- HELPERS ---------------------------------------- */
> +
> +BOOL load_netapi (HANDLE hNetapi,HANDLE hAdvapi)
> +{
> +    if ((!hNetapi) || (!hAdvapi))
> +	return FALSE;
> +
> +    if (!(netapibufferfree = (void *) GetProcAddress (hNetapi, "NetApiBufferFree")))
> +	return FALSE;
> +    if (!(netuserenum = (void *) GetProcAddress (hNetapi, "NetUserEnum")))
> +	return FALSE;
> +    if (!(netlocalgroupenum = (void *) GetProcAddress (hNetapi, "NetLocalGroupEnum")))
> +	return FALSE;
> +    if (!(netgetdcname = (void *) GetProcAddress (hNetapi, "NetGetDCName")))
> +	return FALSE;
> +    if (!(netusergetinfo = (void *) GetProcAddress (hNetapi, "NetUserGetInfo")))
> +	return FALSE;
> +    if (!(netgroupenum = (void *) GetProcAddress (hNetapi, "NetGroupEnum")))
> +	return FALSE;
> +    if (!(netgroupgetusers = (void *) GetProcAddress (hNetapi, "NetGroupGetUsers")))
> +	return FALSE;  
> +    if (!(netlocalgroupgetmembers = (void *) GetProcAddress (hNetapi, "NetLocalGroupGetMembers")))
> +	return FALSE;
> +    if (!(lsaclose = (void *) GetProcAddress (hAdvapi, "LsaClose")))
> +	return FALSE;
> +    if (!(lsaopenpolicy = (void *) GetProcAddress (hAdvapi, "LsaOpenPolicy")))
> +	return FALSE;
> +    if (!(lsaqueryinformationpolicy = (void *) GetProcAddress (hAdvapi, "LsaQueryInformationPolicy")))
> +	return FALSE;
> +    if (!(lsafreememory = (void *) GetProcAddress (hAdvapi, "LsaFreeMemory")))
> +	return FALSE;  
> +
> +    return TRUE;
> +}
> +
> +void uni2ansi (LPWSTR wcs, char *mbs, int size)
> +{
> +	if (wcs)
> +		WideCharToMultiByte (CP_ACP, 0, wcs, -1, mbs, size, NULL, NULL);
> +	else
> +		*mbs = '\0';
> +}
> +
> +void uni2utf8 (LPWSTR wcs, char *mbs, int size)
> +{
> +	if (wcs)
> +		WideCharToMultiByte (CP_UTF8, 0, wcs, -1, mbs, size, NULL, NULL);
> +	else
> +		*mbs = '\0';
> +}
> +
> +/* ----------------------------- BASIC FUNCTIONS ----------------------------------- */
> +
> +int enum_local_users (LPWSTR groupname,char *username)
> +{
> +	GROUP_USERS_INFO_0 *buf0; 
> +	LOCALGROUP_MEMBERS_INFO_1 *buf1;
> +	DWORD entries = 0;
> +	DWORD total = 0;
> +	DWORD reshdl = 0;
> +	int i,ret=-1;
> +	char grp_username[128];
> +
> +	/* Print local users*/
> +		if (!netlocalgroupgetmembers (NULL, groupname, 1, (void *) &buf1, MAX_PREFERRED_LENGTH, &entries, &total, &reshdl))
> +		{
> +			ret=0;
> +			for (i = 0; i < entries; ++i)
> +				if (buf1[i].lgrmi1_sidusage == SidTypeUser)
> +				{
> +					uni2utf8 (buf1[i].lgrmi1_name, grp_username, sizeof (grp_username));
> +					if (strcmp(grp_username,username)==0)
> +					{
> +						ret=1;
> +						break;
> +					}
> +				}
> +		  netapibufferfree (buf1);
> +		} 
> +
> +	return ret;
> +}
> +
> +int enum_domain_users (LPWSTR server_name, LPWSTR groupname,char *username)
> +{
> +	GROUP_USERS_INFO_0 *buf0; 
> +	LOCALGROUP_MEMBERS_INFO_1 *buf1;
> +	DWORD entries = 0;
> +	DWORD total = 0;
> +	DWORD reshdl = 0;
> +	int i,ret=-1;
> +	char grp_username[128];
> +
> +		if (!netgroupgetusers (server_name, groupname, 0, (void *) &buf0,  MAX_PREFERRED_LENGTH, &entries, &total, &reshdl))
> +		{
> +			ret=0;
> +			for (i = 0; i < entries; ++i)
> +			{
> +				uni2utf8 (buf0[i].grui0_name, grp_username, sizeof (grp_username));
> +
> +
> +				if (strcmp(grp_username,username)==0)
> +				{
> +					ret=1;
> +					break;
> +				}
> +			}
> +			netapibufferfree (buf0);
> +		}
> +
> +	return ret;
> +}
> +
> +int check_local_user_privileges (char *username_utf8, int usertype)
> +{
> +
> +	LOCALGROUP_INFO_0 *buffer;
> +	DWORD entriesread = 0;
> +	DWORD totalentries = 0;
> +	DWORD resume_handle = 0;
> +	DWORD rc;
> +
> +	char errbuf[1024];
> +	int user=-1,admin=-1,ret;
> +
> +	do
> +    {
> +		DWORD i;
> +		rc = netlocalgroupenum (NULL, 0, (void *) &buffer, 1024, &entriesread, &totalentries, &resume_handle);
> +		switch (rc)
> +		{
> +			case ERROR_ACCESS_DENIED:
> +				return 1;
> +			case ERROR_MORE_DATA:
> +			case ERROR_SUCCESS:
> +				break;
> +			default:
> +				return 1;
> +		}
> +
> +		for (i = 0; i < entriesread; i++)
> +		{
> +			char localgroup_name_acp[128];
> +			char domain_name[128];
> +			DWORD domain_name_len = 128;
> +			char psid_buffer[1024];	
> +
> +			DWORD sid_length = 1024;
> +			int gid;
> +			SID_NAME_USE acc_type;
> +
> +			uni2ansi (buffer[i].lgrpi0_name, localgroup_name_acp, sizeof (localgroup_name_acp));
> +
> +			if (!LookupAccountName (NULL, localgroup_name_acp, &psid_buffer, &sid_length, domain_name, &domain_name_len, &acc_type))
> +			{
> +				continue;
> +			}
> +
> +			gid = *GetSidSubAuthority (&psid_buffer, *GetSidSubAuthorityCount(&psid_buffer) - 1);
> +
> +			if (gid==544)
> +			{
> +				ret = enum_local_users (buffer[i].lgrpi0_name,username_utf8);
> +					if (ret>admin)
> +						admin=ret;
> +			}
> +
> +			if (gid==545)
> +			{
> +				ret = enum_local_users (buffer[i].lgrpi0_name, username_utf8);
> +					if (ret>user)
> +						user=ret;
> +			}
> +
> +		}
> +		netapibufferfree (buffer);
> +	}
> +	while (rc == ERROR_MORE_DATA);
> +
> +	/* check if user is Admin */
> +	if (usertype==0) 
> +		return (admin==1)?1:0;
> +
> +	/* check if user is Simple User */
> +	return (admin==0 && user==1)?1:0;
> +}
> +
> +int check_domain_user_privileges (LPWSTR servername, char *username_utf8, int usertype)
> +{
> +	GROUP_INFO_2 *buffer;
> +	DWORD entriesread = 0;
> +	DWORD totalentries = 0;
> +	DWORD resume_handle = 0;
> +	DWORD rc;
> +
> +	char errbuf[1024];
> +	int user=-1,admin=-1,ret;
> +
> +	do
> +	{
> +	DWORD i;
> +	rc = netgroupenum (servername, 2, (void *) &buffer, 1024, &entriesread, &totalentries, &resume_handle);
> +
> +        switch (rc)
> +		{
> +			case ERROR_ACCESS_DENIED: 
> +				return;
> +			case ERROR_MORE_DATA:
> +			case ERROR_SUCCESS:
> +				break;
> +			default: 
> +				return;
> +		}
> +
> +		for (i = 0; i < entriesread; i++)
> +		{
> +
> +			int gid = buffer[i].grpi2_group_id;
> +
> +			if (gid==512)
> +			{
> +				ret = enum_domain_users (servername, buffer[i].grpi2_name,username_utf8);
> +					if (ret>admin)
> +						admin=ret;
> +			}
> +			if (gid==513)
> +			{
> +				ret = enum_domain_users (servername, buffer[i].grpi2_name, username_utf8);
> +					if (ret>user)
> +						user=ret;
> +			}
> +		}
> +		netapibufferfree (buffer);
> +	}
> +	while (rc == ERROR_MORE_DATA);
> +
> +	/* check if user is Admin */
> +	if (usertype==0) 
> +		return (admin==1)?1:0;
> +	/* check if user is Simple User */
> +	return (admin==0 && user==1)?1:0;
> +}
> +
> +/* ----------------------------- TORQUE FUNCTIONS ----------------------------------- */
> +
>  /* 
>   * IamRoot returns 1 if current user has root (Administrator) account, 
>   * else returns 0
>  */
> +
>  int IamRoot()
> -  {
> -#ifndef __CYGWIN__
> -  if ((getuid() == 0) && (geteuid() == 0))
> -    {
> -	return 1;				
> -    }
> -  fprintf(stderr, "Must be run as root\n");
> +{
> +	struct passwd *p;   
> +	int uid;
> +	HANDLE hAdvapi, hNetapi;
> +
> +	servername=NULL;
> +	hNetapi = LoadLibrary ("netapi32.dll");
> +	hAdvapi = LoadLibrary ("advapi32.dll");
>  
> -#else
> -  struct group *gr;
> -  struct passwd *p;
> -  char **t;
> +	if (!load_netapi (hNetapi,hAdvapi))
> +	{
> +		log_err(-1, "IamRoot","Cann`t load netapi32.dll and advapi32.dll libraries\n");          				
> +		return 0;
> +	}
>  
> -  if (getuid() == 18)
> -    {
> -	return 1;
> -    }
> -  if ((p = getpwuid(getuid())) == NULL)
> -    {
> -	fprintf(stderr, "No password entry for current user. Check your /etc/passwd file.\n");
> -  	return 0;
> -    }
> -  if ((gr=getgrgid(544)) != NULL)
> -    {
> -	for (t = gr->gr_mem; t && *t; t++)
> +	if (netgetdcname (NULL, NULL, (void *) &servername) != ERROR_SUCCESS)
>  	{
> -	    if (!strcmp (p->pw_name, *t)) 
> +		log_err(-1, "IamRoot","Cann`t get the name of the primary domain controller\n");
> +	}
> +
> +	uid=getuid();
> +
> +	if (uid==18) 
>  		return 1;
> +
> +	if ((p = getpwuid(uid))==NULL)
> +	{
> +		log_err(-1, "IamRoot","WARNING!!! No password entry for currient user. Check your /etc/passwd file.\n");
> +  		return 0;
>  	}
> -	fprintf(stderr, "Must be run as user with Administrator privileges\n");
> -    }
> -  else
> -    {
> -	fprintf(stderr, "No group entry. Check your /etc/group file.\n");
> -    }
> -#endif  /* __CYGWIN__ */
> -  return 0;
> -  }  /* END IamRoot() */
> +
> +	if (check_local_user_privileges(p->pw_name,0) || check_domain_user_privileges(servername,p->pw_name,0))
> +        return 1;  
> +  
> +	log_err(-1, "IamRoot","WARNING!!! Must be run with Administrator privileges.\n");
> +	return 0;
> +}
>  
>  
> -#ifdef __CYGWIN__
>  /* 
>   * IamAdminByName returns 1 if user <userName> has Administrator account, 
>   * else returns 0 
>  */
> -int IamAdminByName(char *userName)
> -  {
> -  struct group *gr;
> -  char **t;
> -
> -  if ((gr=getgrgid(544)) != NULL)
> -    {
> -	for (t = gr->gr_mem; t && *t; t++)
> -	    if (!strcmp (userName, *t))	
> -		return 1;
> -    }
> -  return 0;
> -  }  /* END IamAdminByName */
>  
> +int IamAdminByName(char *userName)
> +{
> +	return (check_local_user_privileges(userName,0) || check_domain_user_privileges(servername,userName,0))?1:0;
> +}
>  
>  
>  /*
>   * IamUser returns 1 if current user isn't included to Administrators group
>   * (i.e. has a limited account), else returns 0 
>  */
> +
>  int IamUser()
> -  {
> -  struct group *gr;
> -  struct passwd *p;
> -  char **t;  
> +{  
> +	struct passwd *p;
>  
> -  if ((p = getpwuid(getuid())) && (gr = getgrgid(544)) != NULL)
> +	if ((p = getpwuid(getuid())) != NULL)
>      {
> -	for (t = gr->gr_mem; t && *t; t++)
> -	{
> -	    if (!strcmp (p->pw_name, *t)) 
> -		return 0;
> -	}
> -	return 1;
> +		printf("Check %s\n",p->pw_name);
> +    	if (check_local_user_privileges(p->pw_name,1) || check_domain_user_privileges(servername,p->pw_name,1))
> +			return 1;
>      }
> -  log_err(-1, "WARNING!!!", "Check your /etc/group and /etc/passwd files.\n");
> -  return 0;
> -  }  /* END IamUser() */
>  
> +	log_err(-1, "IamUser","WARNING!!! Check your /etc/group and /etc/passwd files.\n");
> +	return 0;
> +}  /* END IamUser() */
>  
>  
> -/* 
> - * IamUserByName returns 1 if user <userName> isn't included to Administrators group
> - * (i.e. has a limited account), else returns 0
> +/*
> + * IamUserByName returns 1 if current user isn't included to Administrators group
> + * (i.e. has a limited account), else returns 0 
>  */
> +
>  int IamUserByName(char *userName)
> -  {
> -  struct group *gr;
> -  char **t;
> -  char buff[512];
> +{  
> +	char buff[512];	
> +
> +
> +	if (check_local_user_privileges(userName,1) || check_domain_user_privileges(servername,userName,1))
> +	{
> +		return 1;
> +	}
> +	else
> +		if (IamAdminByName(userName))
> +		{
> +			sprintf(buff, "WARNING!!! Can`t run job with Administrator privileges. Your should limit preveleges for \"%s\"!",userName);
> +			log_err(-1, "IamUserByName", buff);
> +			return 0;
> +		}
> +	sprintf(buff, "WARNING!!! Can`t find user \"%s\"!",userName);
> +	log_err(-1, "IamUserByName", buff);
> +    return 0;
> +} 
> +
> +
> +#else /* not def __CYGWIN__ */
> +
> +int IamRoot()
> +{
> +	if ((getuid() == 0) && (geteuid() == 0))
> +		return 1;
> +	fprintf(stderr, "Must be run as root\n");
> +	return 0;
> +}
>  
> -  if ((gr = getgrgid(544)) != NULL)
> -    {
> -	for (t = gr->gr_mem; t && *t; t++)
> -	    if (!strcmp (userName, *t))	
> -	    {
> -		sprintf(buff, "Can`t run job with Administrator privileges. Your should limit privileges for \"%s\"", userName);
> -		log_err(-1, "WARNING!!!", buff);
> -		return 0;
> -	    }
> -	    /* else  log_err(-1,"Try",*t); */
> -	return 1;
> -    }
> -  return 0;
> -  }  /* END IamUserByName */
>  #endif /* __CYGWIN__ */
>  
>  
>  
>  
> +
> +
>  /*
>   * chk_file_sec() - Check file/directory security
>   *      Part of the PBS System Security "Feature"

> _______________________________________________
> torquedev mailing list
> torquedev at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torquedev


-- 
Garrick Staples, GNU/Linux HPCC SysAdmin
University of Southern California

Life is Good!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torquedev/attachments/20100607/47a185ce/attachment.bin 


More information about the torquedev mailing list