Merged
Conversation
We added the client_connected2 server module upcall so we could pass information to the host about the connecting client. User it to pass the uid and gid of the client. Terminate the connection attempt if the host rejects it. Signed-off-by: Ralph Castain <rhc@pmix.org> (cherry picked from commit 633068a)
If we do use the native regx component, ensure we don't overrun the prefix array when assemplix the prefix on long hostnames Signed-off-by: Ralph Castain <rhc@pmix.org> (cherry picked from commit 37ff4df)
Include the client's pid in the info passed to the host via client_connected2. Signed-off-by: Ralph Castain <rhc@pmix.org> (cherry picked from commit e0e2974)
When a client connects to the server, pass the proc's pid plus the real user and group IDs in addition to the effective ones. When a tool connects, pass those values plus the pid, cmd line, and PMIx version info. Add attributes for the real user and group IDs to distinguish them from the effective values. Add new info-list APIs for uniquely moving values onto the list. Provide an "overwrite" flag to indicate that the current value it to be overwritten by the new one. Signed-off-by: Ralph Castain <rhc@pmix.org> (cherry picked from commit 3162ba5)
Provide the ability to include/exclude connections from tools whose user IDs are different from that of the server (i.e., "foreign" tools). Add an attribute to direct that behavior, default to "exclude". If we allow foreign tools, then modify the rendezvous file permissions to allow read by others. Track both the real user/group IDs vs the effective ones in case someone wants to check both. Pass more information up to the server client_connected2 and tool_connection upcalls so the server can make more informed decisions. Signed-off-by: Ralph Castain <rhc@pmix.org> (cherry picked from commit d577396)
files. Signed-off-by: Ralph Castain <rhc@pmix.org> (cherry picked from commit cc49332)
We strip FQDNs by default because of the inherent problem of interacting with users, who generally don't like typing all that extra stuff. However, that creates a problem when being provided FQDN input during things like nspace registration. So add an MCA param to control the strip operation instead of only switching it on/off via info directing during init. Add logic to the nspace registration process to perform the strip and add aliases (for the case where the host failed to provide them). Signed-off-by: Ralph Castain <rhc@pmix.org> (cherry picked from commit c36cae0)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Provide better FQDN support
We strip FQDNs by default because of the inherent problem
of interacting with users, who generally don't like typing
all that extra stuff. However, that creates a problem when
being provided FQDN input during things like nspace registration.
So add an MCA param to control the strip operation instead of
only switching it on/off via info directing during init.
Add logic to the nspace registration process to perform the
strip and add aliases (for the case where the host failed
to provide them).
Signed-off-by: Ralph Castain rhc@pmix.org
(cherry picked from commit c36cae0)
Pass the uid/gid for client connections
We added the client_connected2 server module upcall so we
could pass information to the host about the connecting client.
User it to pass the uid and gid of the client. Terminate
the connection attempt if the host rejects it.
Signed-off-by: Ralph Castain rhc@pmix.org
(cherry picked from commit 633068a)
Prevent memory overrun in regx calculation
If we do use the native regx component, ensure we don't
overrun the prefix array when assemplix the prefix
on long hostnames
Signed-off-by: Ralph Castain rhc@pmix.org
(cherry picked from commit 37ff4df)
Pass the client's pid as well
Include the client's pid in the info passed to
the host via client_connected2.
Signed-off-by: Ralph Castain rhc@pmix.org
(cherry picked from commit e0e2974)
Provide more info on connections
When a client connects to the server, pass the proc's
pid plus the real user and group IDs in addition to
the effective ones. When a tool connects, pass those
values plus the pid, cmd line, and PMIx version info.
Add attributes for the real user and group IDs to
distinguish them from the effective values.
Add new info-list APIs for uniquely moving values
onto the list. Provide an "overwrite" flag to indicate
that the current value it to be overwritten by the
new one.
Signed-off-by: Ralph Castain rhc@pmix.org
(cherry picked from commit 3162ba5)
Extend authentication support
Provide the ability to include/exclude connections from
tools whose user IDs are different from that of the server
(i.e., "foreign" tools). Add an attribute to direct that
behavior, default to "exclude". If we allow foreign tools,
then modify the rendezvous file permissions to allow read
by others. Track both the real user/group IDs vs the
effective ones in case someone wants to check both. Pass
more information up to the server client_connected2 and
tool_connection upcalls so the server can make more
informed decisions.
Signed-off-by: Ralph Castain rhc@pmix.org
(cherry picked from commit d577396)
Update listener thread setting of permissions on connection files.
Signed-off-by: Ralph Castain rhc@pmix.org
(cherry picked from commit cc49332)