1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
#!/usr/bin/env expect
############################################################################
# Purpose: Test of Slurm functionality
# Test if we can trick Slurm into using the wrong user ID
# through an LD_PRELOAD option.
############################################################################
# Copyright (C) 2007 The Regents of the University of California.
# Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
# Written by Morris Jette <jette1@llnl.gov>
# CODE-OCEC-09-009. All rights reserved.
#
# This file is part of Slurm, a resource management program.
# For details, see <https://slurm.schedmd.com/>.
# Please also read the included file: DISCLAIMER.
#
# Slurm is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation; either version 2 of the License, or (at your option)
# any later version.
#
# Slurm is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with Slurm; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
############################################################################
source ./globals
set ld_preload "ld_preload"
proc cleanup {} {
global bin_rm ld_preload test_name sacctmgr testsuite_user
run_command -none "$sacctmgr -vi delete user name=$testsuite_user"
run_command -none "$sacctmgr -vi delete account name=$test_name"
exec $bin_rm -f ${ld_preload}.c ${ld_preload}.lo ${ld_preload}.so
}
if {[param_contains [get_config_param "AuthType"] "*none"]} {
skip "This test is incompatible with auth/none"
}
if {![check_run_as_user $testsuite_user]} {
skip "This test needs testsuite_user configured in globals.local"
}
if { [get_config_param -dbd "AllowNoDefAcct"] eq "Yes" } {
set def_acct " defaultaccount=$test_name"
} else {
set def_acct ""
}
# Provide the right permissions to $testsuite_user
cleanup
run_command -fail "$sacctmgr -vi add account name=$test_name"
run_command -fail "$sacctmgr -vi add user name=$testsuite_user account=$test_name$def_acct"
run_command -fail "$sacctmgr -vi update user $testsuite_user set adminlevel=None"
#
# Build a shared object that emulates getuid/getgid functions
#
exec $bin_rm -f ${ld_preload}.c ${ld_preload}.lo ${ld_preload}.so
exec $bin_echo "#define ID 0" >${ld_preload}.c
exec $bin_echo "int getuid(void) { return ID; }" >>${ld_preload}.c
exec $bin_echo "int geteuid(void) { return ID; }" >>${ld_preload}.c
exec $bin_echo "int getgid(void) { return ID; }" >>${ld_preload}.c
exec $bin_echo "int getegid(void) { return ID; }" >>${ld_preload}.c
exec $bin_cc -c -fPIC -o ${ld_preload}.lo ${ld_preload}.c
exec $bin_cc -shared -o ${ld_preload}.so ${ld_preload}.lo
#
# Submit a slurm job that will execute 'id'
#
set output [run_command_output -user $testsuite_user -fail "$srun -N1 -t1 $bin_id"]
subtest {[regexp "(uid=.*\n)" $output]} "Verify that id command can be executed"
set output [run_command_output -user $testsuite_user -xfail -fail "LD_PRELOAD=./${ld_preload}.so $srun -N1 -t1 $bin_id"]
subtest {![regexp "(uid=.*\n)" $output]} "Verify that id command cannot not executed with LD_PRELOAD"
subtest {[regexp "error.* Invalid user id" $output]} "Verify that an error is reported by srun"
|
