Skip to content

Commit 1a25d9a

Browse files
mergify[bot]mergify[bot]
authored
Merge pull request #5162 from garlick/issue#5136
restrict remote access to sdbus on rank 0
2 parents cebabb1 + 9f3466d commit 1a25d9a

File tree

14 files changed

+171
-65
lines changed

14 files changed

+171
-65
lines changed

src/broker/broker.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -217,7 +217,7 @@ int main (int argc, char *argv[])
217217
ctx.cred.userid = getuid ();
218218
/* Set default rolemask for messages sent with flux_send()
219219
* on the broker's internal handle. */
220-
ctx.cred.rolemask = FLUX_ROLE_OWNER;
220+
ctx.cred.rolemask = FLUX_ROLE_OWNER | FLUX_ROLE_LOCAL;
221221

222222
init_attrs (ctx.attrs, getpid (), &ctx.cred);
223223

src/broker/exec.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ static int reject_nonlocal (const flux_msg_t *msg,
2424
void *arg,
2525
flux_error_t *error)
2626
{
27-
if (!overlay_msg_is_local (msg)) {
27+
if (!flux_msg_is_local (msg)) {
2828
errprintf (error,
2929
"Remote rexec requests are not allowed on rank 0");
3030
return -1;

src/broker/module.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -658,7 +658,7 @@ module_t *module_add (modhash_t *mh,
658658
* credentials are always those of the instance owner.
659659
*/
660660
p->cred.userid = getuid ();
661-
p->cred.rolemask = FLUX_ROLE_OWNER;
661+
p->cred.rolemask = FLUX_ROLE_OWNER | FLUX_ROLE_LOCAL;
662662

663663
/* Update the modhash.
664664
*/

src/broker/overlay.c

Lines changed: 16 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -454,14 +454,6 @@ static struct child *child_lookup (struct overlay *ov, const char *id)
454454
return NULL;
455455
}
456456

457-
bool overlay_msg_is_local (const flux_msg_t *msg)
458-
{
459-
/* Return true only if msg is non-NULL and the message does not
460-
* have the overlay supplied "remote" tag.
461-
*/
462-
return (msg && flux_msg_aux_get (msg, "overlay::remote") == NULL);
463-
}
464-
465457
/* Lookup (direct) child peer by rank.
466458
* Returns NULL on lookup failure.
467459
*/
@@ -869,6 +861,18 @@ static void logdrop (struct overlay *ov,
869861
reason);
870862
}
871863

864+
static int clear_msg_role (flux_msg_t *msg, uint32_t role)
865+
{
866+
uint32_t rolemask;
867+
868+
if (flux_msg_get_rolemask (msg, &rolemask) < 0)
869+
return -1;
870+
rolemask &= ~role;
871+
if (flux_msg_set_rolemask (msg, rolemask) < 0)
872+
return -1;
873+
return 0;
874+
}
875+
872876
/* Handle a message received from TBON child (downstream).
873877
*/
874878
static void child_cb (flux_reactor_t *r, flux_watcher_t *w,
@@ -883,11 +887,8 @@ static void child_cb (flux_reactor_t *r, flux_watcher_t *w,
883887

884888
if (!(msg = zmqutil_msg_recv (ov->bind_zsock)))
885889
return;
886-
/* Flag this message as remotely received. This allows efficient
887-
* operation of the overlay_msg_is_local() function.
888-
*/
889-
if (flux_msg_aux_set (msg, "overlay::remote", int2ptr (1), NULL) < 0) {
890-
logdrop (ov, OVERLAY_DOWNSTREAM, msg, "failed to tag msg as remote");
890+
if (clear_msg_role (msg, FLUX_ROLE_LOCAL) < 0) {
891+
logdrop (ov, OVERLAY_DOWNSTREAM, msg, "failed to clear local role");
891892
goto done;
892893
}
893894
if (flux_msg_get_type (msg, &type) < 0
@@ -992,11 +993,8 @@ static void parent_cb (flux_reactor_t *r, flux_watcher_t *w,
992993

993994
if (!(msg = zmqutil_msg_recv (ov->parent.zsock)))
994995
return;
995-
/* Flag this message as remotely received. This allows efficient
996-
* operation of the overlay_msg_is_local() function.
997-
*/
998-
if (flux_msg_aux_set (msg, "overlay::remote", int2ptr (1), NULL) < 0) {
999-
logdrop (ov, OVERLAY_UPSTREAM, msg, "failed to tag msg as remote");
996+
if (clear_msg_role (msg, FLUX_ROLE_LOCAL) < 0) {
997+
logdrop (ov, OVERLAY_UPSTREAM, msg, "failed to clear local role");
1000998
goto done;
1001999
}
10021000
if (flux_msg_get_type (msg, &type) < 0) {

src/broker/overlay.h

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -142,11 +142,6 @@ int overlay_set_monitor_cb (struct overlay *ov,
142142
*/
143143
int overlay_register_attrs (struct overlay *overlay);
144144

145-
/* Return true if this message was routed locally, i.e. wasn't delivered
146-
* via an overlay parent or child.
147-
*/
148-
bool overlay_msg_is_local (const flux_msg_t *msg);
149-
150145
/* Stop allowing new connections from downstream peers.
151146
*/
152147
void overlay_shutdown (struct overlay *overlay);

src/broker/test/overlay.c

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -330,8 +330,8 @@ void trio (flux_t *h)
330330
rmsg = recvmsg_timeout (ctx[0], 5);
331331
ok (rmsg != NULL,
332332
"%s: request was received by overlay", ctx[0]->name);
333-
ok (!overlay_msg_is_local (rmsg),
334-
"%s: overlay_msg_is_local fails on parent from child",
333+
ok (!flux_msg_is_local (rmsg),
334+
"%s: flux_msg_is_local fails on parent from child",
335335
ctx[1]->name);
336336
ok (flux_msg_get_topic (rmsg, &topic) == 0 && !strcmp (topic, "meep"),
337337
"%s: received message has expected topic", ctx[0]->name);
@@ -354,8 +354,8 @@ void trio (flux_t *h)
354354
rmsg = recvmsg_timeout (ctx[1], 5);
355355
ok (rmsg != NULL,
356356
"%s: request was received by overlay", ctx[1]->name);
357-
ok (!overlay_msg_is_local (rmsg),
358-
"%s: overlay_msg_is_local fails on child from parent",
357+
ok (!flux_msg_is_local (rmsg),
358+
"%s: flux_msg_is_local fails on child from parent",
359359
ctx[1]->name);
360360
ok (flux_msg_get_topic (rmsg, &topic) == 0 && !strcmp (topic, "errr"),
361361
"%s: request has expected topic", ctx[1]->name);
@@ -376,8 +376,8 @@ void trio (flux_t *h)
376376
rmsg = recvmsg_timeout (ctx[0], 5);
377377
ok (rmsg != NULL,
378378
"%s: response was received by overlay", ctx[0]->name);
379-
ok (!overlay_msg_is_local (rmsg),
380-
"%s: overlay_msg_is_local returns false for response from child");
379+
ok (!flux_msg_is_local (rmsg),
380+
"%s: flux_msg_is_local returns false for response from child");
381381
ok (flux_msg_get_topic (rmsg, &topic) == 0 && !strcmp (topic, "m000"),
382382
"%s: received message has expected topic", ctx[0]->name);
383383
ok (flux_msg_route_count (rmsg) == 0,
@@ -396,8 +396,8 @@ void trio (flux_t *h)
396396
"%s: event was received by overlay", ctx[0]->name);
397397
ok (flux_msg_get_topic (rmsg, &topic) == 0 && !strcmp (topic, "eeek"),
398398
"%s: received message has expected topic", ctx[0]->name);
399-
ok (!overlay_msg_is_local (rmsg),
400-
"%s: overlay_msg_is_local returns false for event from child");
399+
ok (!flux_msg_is_local (rmsg),
400+
"%s: flux_msg_is_local returns false for event from child");
401401

402402
/* Response 0->1
403403
*/
@@ -664,8 +664,8 @@ void wrongness (flux_t *h)
664664
ok (overlay_bind (ov, "ipc://@foobar") < 0 && errno == EINVAL,
665665
"overlay_bind fails if called before rank is known");
666666

667-
ok (!overlay_msg_is_local (NULL),
668-
"overlay_msg_is_local (NULL) returns false");
667+
ok (!flux_msg_is_local (NULL),
668+
"flux_msg_is_local (NULL) returns false");
669669

670670
overlay_destroy (ov);
671671
attr_destroy (attrs);

src/common/libflux/message.c

Lines changed: 39 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -507,6 +507,15 @@ int flux_msg_authorize (const flux_msg_t *msg, uint32_t userid)
507507
return 0;
508508
}
509509

510+
bool flux_msg_is_local (const flux_msg_t *msg)
511+
{
512+
uint32_t rolemask;
513+
if (flux_msg_get_rolemask (msg, &rolemask) == 0
514+
&& (rolemask & FLUX_ROLE_LOCAL))
515+
return true;
516+
return false;
517+
}
518+
510519
int flux_msg_set_nodeid (flux_msg_t *msg, uint32_t nodeid)
511520
{
512521
if (msg_validate (msg) < 0)
@@ -1238,26 +1247,39 @@ static void userid2str (uint32_t userid, char *buf, int buflen)
12381247
assert (n < buflen);
12391248
}
12401249

1241-
static void rolemask2str (uint32_t rolemask, char *buf, int buflen)
1250+
static int roletostr (uint32_t role, const char *sep, char *buf, int buflen)
12421251
{
12431252
int n;
1244-
switch (rolemask) {
1245-
case FLUX_ROLE_NONE:
1246-
n = snprintf (buf, buflen, "none");
1247-
break;
1248-
case FLUX_ROLE_OWNER:
1249-
n = snprintf (buf, buflen, "owner");
1250-
break;
1251-
case FLUX_ROLE_USER:
1252-
n = snprintf (buf, buflen, "user");
1253-
break;
1254-
case FLUX_ROLE_ALL:
1255-
n = snprintf (buf, buflen, "all");
1256-
break;
1257-
default:
1258-
n = snprintf (buf, buflen, "unknown");
1253+
if (role == FLUX_ROLE_OWNER)
1254+
n = snprintf (buf, buflen, "%sowner", sep);
1255+
else if (role == FLUX_ROLE_USER)
1256+
n = snprintf (buf, buflen, "%suser", sep);
1257+
else if (role == FLUX_ROLE_LOCAL)
1258+
n = snprintf (buf, buflen, "%slocal", sep);
1259+
else
1260+
n = snprintf (buf, buflen, "%s0x%x", sep, role);
1261+
if (n >= buflen)
1262+
n = buflen;
1263+
return n;
1264+
}
1265+
1266+
static void rolemask2str (uint32_t rolemask, char *buf, int buflen)
1267+
{
1268+
if (rolemask == FLUX_ROLE_NONE)
1269+
snprintf (buf, buflen, "none");
1270+
else if (rolemask == FLUX_ROLE_ALL)
1271+
snprintf (buf, buflen, "all");
1272+
else {
1273+
int offset = 0;
1274+
for (int i = 0; i < sizeof (rolemask)*8; i++) {
1275+
if (rolemask & 1<<i) {
1276+
offset += roletostr (rolemask & 1<<i,
1277+
offset > 0 ? "," : "",
1278+
buf + offset,
1279+
buflen - offset);
1280+
}
1281+
}
12591282
}
1260-
assert (n < buflen);
12611283
}
12621284

12631285
static void nodeid2str (uint32_t nodeid, char *buf, int buflen)

src/common/libflux/message.h

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -233,6 +233,7 @@ enum {
233233
FLUX_ROLE_NONE = 0,
234234
FLUX_ROLE_OWNER = 1,
235235
FLUX_ROLE_USER = 2,
236+
FLUX_ROLE_LOCAL = 4,
236237
FLUX_ROLE_ALL = 0xFFFFFFFF,
237238
};
238239
int flux_msg_set_rolemask (flux_msg_t *msg, uint32_t rolemask);
@@ -260,6 +261,11 @@ int flux_msg_cred_authorize (struct flux_msg_cred cred, uint32_t userid);
260261
*/
261262
int flux_msg_authorize (const flux_msg_t *msg, uint32_t userid);
262263

264+
/* Return true if 'msg' credential carries FLUX_ROLE_LOCAL, indicating
265+
* that the message has not traversed brokers.
266+
*/
267+
bool flux_msg_is_local (const flux_msg_t *msg);
268+
263269
/* Get/set errnum (response only)
264270
*/
265271
int flux_msg_set_errnum (flux_msg_t *msg, int errnum);

src/common/libflux/test/message.c

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1161,6 +1161,29 @@ void check_print (void)
11611161
fclose (f);
11621162
}
11631163

1164+
void check_print_rolemask (void)
1165+
{
1166+
flux_msg_t *msg;
1167+
FILE *fp;
1168+
uint32_t rolemask;
1169+
char *buf = NULL;
1170+
size_t size = 0;
1171+
1172+
rolemask = FLUX_ROLE_LOCAL | FLUX_ROLE_USER | 0x10;
1173+
if (!(msg = flux_msg_create (FLUX_MSGTYPE_REQUEST))
1174+
|| flux_msg_set_rolemask (msg, rolemask) < 0)
1175+
BAIL_OUT ("failed to create test request");
1176+
if (!(fp = open_memstream (&buf, &size)))
1177+
BAIL_OUT ("open_memstream failed");
1178+
flux_msg_fprint (fp, msg);
1179+
fclose (fp); // close flushes content
1180+
diag ("%s", buf);
1181+
ok (buf && strstr (buf, "rolemask=user,local,0x10") != NULL,
1182+
"flux_msg_fprint() rolemask string is correct");
1183+
free (buf);
1184+
flux_msg_destroy (msg);
1185+
}
1186+
11641187
void check_flags (void)
11651188
{
11661189
flux_msg_t *msg;
@@ -1404,6 +1427,7 @@ int main (int argc, char *argv[])
14041427
check_refcount();
14051428

14061429
check_print ();
1430+
check_print_rolemask ();
14071431

14081432
check_proto_internal ();
14091433

src/connectors/local/local.c

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ static int op_send (void *impl, const flux_msg_t *msg, int flags)
7777
struct local_connector *ctx = impl;
7878

7979
if (ctx->testing_userid != FLUX_USERID_UNKNOWN
80-
|| ctx->testing_rolemask != FLUX_ROLE_NONE)
80+
|| ctx->testing_rolemask != FLUX_ROLE_NONE)
8181
return send_testing (ctx, msg, flags);
8282

8383
return usock_client_send (ctx->uclient, msg, flags);
@@ -104,14 +104,16 @@ static int op_setopt (void *impl, const char *option,
104104
goto done;
105105
}
106106
memcpy (&ctx->testing_userid, val, val_size);
107-
} else if (option && !strcmp (option, FLUX_OPT_TESTING_ROLEMASK)) {
107+
}
108+
else if (option && !strcmp (option, FLUX_OPT_TESTING_ROLEMASK)) {
108109
val_size = sizeof (ctx->testing_rolemask);
109110
if (size != val_size) {
110111
errno = EINVAL;
111112
goto done;
112113
}
113114
memcpy (&ctx->testing_rolemask, val, val_size);
114-
} else {
115+
}
116+
else {
115117
errno = EINVAL;
116118
goto done;
117119
}
@@ -134,7 +136,8 @@ static int op_getopt (void *impl, const char *option,
134136
goto done;
135137
}
136138
memcpy (val, &ctx->owner, val_size);
137-
} else {
139+
}
140+
else {
138141
errno = EINVAL;
139142
goto done;
140143
}

0 commit comments

Comments
 (0)