Overview

File U_Fix-issue-where-a-coord-could-add-a-user-with-elevated-privileges.patch of Package slurm.38904

From: Danny Auble <da@schedmd.com>
Date: Mon May 26 13:31:09 2025 +0200
Subject: [PATCH]Fix issue where a coord could add a user with elevated privileges
Patch-mainline: Upstream
Git-repo: https://github.com/SchedMD/slurm
Git-commit: a01d1e795ee59a066a016dbb960a3cd572379374
References: CVE-2025-43904
Signed-off-by: Egbert Eich <eich@suse.de>

Changelog: Fix security issue where a coordinator could add a user with
elevated privileges. CVE-2025-43904.

Signed-off-by: Egbert Eich <eich@suse.com>
---
 src/plugins/accounting_storage/mysql/as_mysql_user.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/plugins/accounting_storage/mysql/as_mysql_user.c b/src/plugins/accounting_storage/mysql/as_mysql_user.c
index 8442d4d766..167ab3563a 100644
--- a/src/plugins/accounting_storage/mysql/as_mysql_user.c
+++ b/src/plugins/accounting_storage/mysql/as_mysql_user.c
@@ -274,6 +274,7 @@ extern int as_mysql_add_users(mysql_conn_t *mysql_conn, uint32_t uid,
 	int affect_rows = 0;
 	List assoc_list;
 	List wckey_list;
+	bool is_admin = false;
 
 	if (check_connection(mysql_conn) != SLURM_SUCCESS)
 		return ESLURM_DB_CONNECTION;
@@ -284,6 +285,11 @@ extern int as_mysql_add_users(mysql_conn_t *mysql_conn, uint32_t uid,
 		memset(&user, 0, sizeof(slurmdb_user_rec_t));
 		user.uid = uid;
 
+		if (user.admin_level != SLURMDB_ADMIN_NOTSET) {
+			error("Only admins/operators can add an admin/operator");
+			return ESLURM_ACCESS_DENIED;
+		}
+
 		if (!is_user_any_coord(mysql_conn, &user)) {
 			error("Only admins/operators/coordinators "
 			      "can add accounts");
@@ -294,6 +300,8 @@ extern int as_mysql_add_users(mysql_conn_t *mysql_conn, uint32_t uid,
 		 * these accounts if they are coordinators of the
 		 * parent they are trying to add to
 		 */
+	} else {
+		is_admin = true;
 	}
 
 	assoc_list = list_create(slurmdb_destroy_assoc_rec);
@@ -317,6 +325,11 @@ extern int as_mysql_add_users(mysql_conn_t *mysql_conn, uint32_t uid,
 			   (long)now, (long)now, object->name);
 
 		if (object->admin_level != SLURMDB_ADMIN_NOTSET) {
+			if (!is_admin) {
+				error("Only admins/operators can add an admin/operator");
+				rc = ESLURM_ACCESS_DENIED;
+				break;
+			}
 			xstrcat(cols, ", admin_level");
 			xstrfmtcat(vals, ", %u", object->admin_level);
 			xstrfmtcat(extra, ", admin_level=%u",
@@ -415,7 +428,7 @@ extern int as_mysql_add_users(mysql_conn_t *mysql_conn, uint32_t uid,
 	list_iterator_destroy(itr);
 	xfree(user_name);
 
-	if (rc != SLURM_ERROR) {
+	if (rc == SLURM_SUCCESS) {
 		if (txn_query) {
 			xstrcat(txn_query, ";");
 			rc = mysql_db_query(mysql_conn,
openSUSE Build Service is sponsored by
Places