From 1ca57e916aeed73eabc26167cc1ff4b09c2483aa Mon Sep 17 00:00:00 2001
From: Tim Wickberg <tim@schedmd.com>
Date: Wed, 6 Mar 2019 21:12:10 -0700
Subject: [PATCH] Add AuthAltTypes config option to slurm.conf / slurmdbd.conf.
---
doc/man/man5/slurm.conf.5 | 7 ++++++-
doc/man/man5/slurmdbd.conf.5 | 7 ++++++-
slurm/slurm.h.in | 1 +
src/api/config_info.c | 5 +++++
src/common/read_config.c | 3 +++
src/common/slurm_protocol_api.c | 19 +++++++++++++++++++
src/common/slurm_protocol_api.h | 6 ++++++
src/slurmdbd/read_config.c | 9 +++++++++
src/slurmdbd/read_config.h | 1 +
9 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/doc/man/man5/slurm.conf.5 b/doc/man/man5/slurm.conf.5
index 14326b90509..e13b307c713 100644
--- a/doc/man/man5/slurm.conf.5
+++ b/doc/man/man5/slurm.conf.5
@@ -1,4 +1,4 @@
-.TH "slurm.conf" "5" "Slurm Configuration File" "February 2019" "Slurm Configuration File"
+.TH "slurm.conf" "5" "Slurm Configuration File" "March 2019" "Slurm Configuration File"
.SH "NAME"
slurm.conf \- Slurm configuration file
@@ -302,6 +302,11 @@ CoreSpecCount value. For a job to take advantage of this feature,
a command line option of \-\-core\-spec must be specified. The default
value for this option is 1 for Cray systems and 0 for other system types.
+.TP
+\fBAuthAltTypes\fR
+Command separated list of alternative authentication plugins that the slurmctld
+will permit for communication.
+
.TP
\fBAuthInfo\fR
Additional information to be used for authentication of communications
diff --git a/doc/man/man5/slurmdbd.conf.5 b/doc/man/man5/slurmdbd.conf.5
index 02ebb101cfa..fe49b7ab2ee 100644
--- a/doc/man/man5/slurmdbd.conf.5
+++ b/doc/man/man5/slurmdbd.conf.5
@@ -1,4 +1,4 @@
-.TH "slurmdbd.conf" "5" "Slurm Configuration File" "August 2018" "Slurm Configuration File"
+.TH "slurmdbd.conf" "5" "Slurm Configuration File" "March 2019" "Slurm Configuration File"
.SH "NAME"
slurmdbd.conf \- Slurm Database Daemon (SlurmDBD) configuration file
@@ -124,6 +124,11 @@ In that case, this will specify the pathname of the socket to use. Per default
this value is left unspecified, which results in the default authentication
mechanism being used.
+.TP
+\fBAuthAltTypes\fR
+Command separated list of alternative authentication plugins that the slurmdbd
+will permit for communication.
+
.TP
\fBAuthType\fR
Define the authentication method for communications between Slurm
diff --git a/slurm/slurm.h.in b/slurm/slurm.h.in
index 7e158b1adc8..2191b805398 100644
--- a/slurm/slurm.h.in
+++ b/slurm/slurm.h.in
@@ -2627,6 +2627,7 @@ typedef struct slurm_ctl_conf {
char *acct_gather_interconnect_type; /* interconnect accounting type */
char *acct_gather_filesystem_type; /* filesystem accounting type */
uint16_t acct_gather_node_freq; /* secs between node acct request */
+ char *authalttypes; /* alternate authentication types */
char *authinfo; /* authentication info */
char *authtype; /* authentication type */
uint16_t batch_start_timeout; /* max secs for batch job to start */
diff --git a/src/api/config_info.c b/src/api/config_info.c
index bcd46fda7f2..0bf166d19fb 100644
--- a/src/api/config_info.c
+++ b/src/api/config_info.c
@@ -588,6 +588,11 @@ extern void *slurm_ctl_conf_2_key_pairs (slurm_ctl_conf_t* slurm_ctl_conf_ptr)
"%u", slurm_ctl_conf_ptr->use_spec_resources);
list_append(ret_list, key_pair);
+ key_pair = xmalloc(sizeof(config_key_pair_t));
+ key_pair->name = xstrdup("AuthAltTypes");
+ key_pair->value = xstrdup(slurm_ctl_conf_ptr->authalttypes);
+ list_append(ret_list, key_pair);
+
key_pair = xmalloc(sizeof(config_key_pair_t));
key_pair->name = xstrdup("AuthInfo");
key_pair->value = xstrdup(slurm_ctl_conf_ptr->authinfo);
diff --git a/src/common/read_config.c b/src/common/read_config.c
index 2bf55f96803..43694325bf9 100644
--- a/src/common/read_config.c
+++ b/src/common/read_config.c
@@ -199,6 +199,7 @@ s_p_options_t slurm_conf_options[] = {
{"AcctGatherInfinibandType", S_P_STRING},
{"AcctGatherFilesystemType", S_P_STRING},
{"AllowSpecResourcesUsage", S_P_BOOLEAN},
+ {"AuthAltTypes", S_P_STRING},
{"AuthInfo", S_P_STRING},
{"AuthType", S_P_STRING},
{"BackupAddr", S_P_STRING},
@@ -3601,6 +3602,8 @@ _validate_and_set_defaults(slurm_ctl_conf_t *conf, s_p_hashtbl_t *hashtbl)
(void) s_p_get_string(&conf->job_credential_public_certificate,
"JobCredentialPublicCertificate", hashtbl);
+ (void) s_p_get_string(&conf->authalttypes, "AuthAltTypes", hashtbl);
+
(void) s_p_get_string(&conf->authinfo, "AuthInfo", hashtbl);
if (!s_p_get_string(&conf->authtype, "AuthType", hashtbl))
diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c
index 12d9d9b3a2b..dc3a3647334 100644
--- a/src/common/slurm_protocol_api.c
+++ b/src/common/slurm_protocol_api.c
@@ -1133,6 +1133,25 @@ extern char *slurm_get_tmp_fs(char *node_name)
return tmp_fs;
}
+/* slurm_get_auth_alt_types
+ * returns the alternate authentication types from slurmctld_conf object
+ * RET char * - auth alternate types, MUST be xfreed by caller
+ */
+char *slurm_get_auth_alt_types(void)
+{
+ char *auth_alt_types = NULL;
+ slurm_ctl_conf_t *conf = NULL;
+
+ if (slurmdbd_conf) {
+ auth_alt_types = xstrdup(slurmdbd_conf->auth_alt_types);
+ } else {
+ conf = slurm_conf_lock();
+ auth_alt_types = xstrdup(conf->authalttypes);
+ slurm_conf_unlock();
+ }
+ return auth_alt_types;
+}
+
/* slurm_get_auth_type
* returns the authentication type from slurmctld_conf object
* RET char * - auth type, MUST be xfreed by caller
diff --git a/src/common/slurm_protocol_api.h b/src/common/slurm_protocol_api.h
index 1d42f20c0b9..dc07a33bf2c 100644
--- a/src/common/slurm_protocol_api.h
+++ b/src/common/slurm_protocol_api.h
@@ -438,6 +438,12 @@ extern char *slurm_get_stepd_loc(void);
*/
extern char *slurm_get_tmp_fs(char *node_name);
+/* slurm_get_auth_alt_types
+ * returns the alternate authentication types from slurmctld_conf object
+ * RET char * - auth alternate types, MUST be xfreed by caller
+ */
+extern char *slurm_get_auth_alt_types(void);
+
/* slurm_get_auth_type
* returns the authentication type from slurmctld_conf object
* RET char * - auth type, MUST be xfreed by caller
diff --git a/src/slurmdbd/read_config.c b/src/slurmdbd/read_config.c
index 791e66439d7..31b833fb005 100644
--- a/src/slurmdbd/read_config.c
+++ b/src/slurmdbd/read_config.c
@@ -142,6 +142,7 @@ extern int read_slurmdbd_conf(void)
{"ArchiveSuspend", S_P_BOOLEAN},
{"ArchiveTXN", S_P_BOOLEAN},
{"ArchiveUsage", S_P_BOOLEAN},
+ {"AuthAltTypes", S_P_STRING},
{"AuthInfo", S_P_STRING},
{"AuthType", S_P_STRING},
{"CommitDelay", S_P_UINT16},
@@ -231,6 +232,8 @@ extern int read_slurmdbd_conf(void)
s_p_get_boolean(&a_suspend, "ArchiveSuspend", tbl);
s_p_get_boolean(&a_txn, "ArchiveTXN", tbl);
s_p_get_boolean(&a_usage, "ArchiveUsage", tbl);
+ s_p_get_string(&slurmdbd_conf->auth_alt_types, "AuthAltTypes",
+ tbl);
s_p_get_string(&slurmdbd_conf->auth_info, "AuthInfo", tbl);
s_p_get_string(&slurmdbd_conf->auth_type, "AuthType", tbl);
s_p_get_uint16(&slurmdbd_conf->commit_delay,
@@ -637,6 +640,7 @@ extern void log_config(void)
debug2("ArchiveDir = %s", slurmdbd_conf->archive_dir);
debug2("ArchiveScript = %s", slurmdbd_conf->archive_script);
+ debug2("AuthAltTypes = %s", slurmdbd_conf->auth_alt_types);
debug2("AuthInfo = %s", slurmdbd_conf->auth_info);
debug2("AuthType = %s", slurmdbd_conf->auth_type);
debug2("CommitDelay = %u", slurmdbd_conf->commit_delay);
@@ -795,6 +799,11 @@ extern List dump_config(void)
slurmdbd_conf->purge_usage) ? "Yes" : "No");
list_append(my_list, key_pair);
+ key_pair = xmalloc(sizeof(config_key_pair_t));
+ key_pair->name = xstrdup("AuthAltTypes");
+ key_pair->value = xstrdup(slurmdbd_conf->auth_alt_types);
+ list_append(my_list, key_pair);
+
key_pair = xmalloc(sizeof(config_key_pair_t));
key_pair->name = xstrdup("AuthInfo");
key_pair->value = xstrdup(slurmdbd_conf->auth_info);
diff --git a/src/slurmdbd/read_config.h b/src/slurmdbd/read_config.h
index 955a7c579ab..4e22d422e5b 100644
--- a/src/slurmdbd/read_config.h
+++ b/src/slurmdbd/read_config.h
@@ -58,6 +58,7 @@ typedef struct {
char * archive_dir; /* location to locally store
* data if not using a script */
char * archive_script; /* script to archive old data */
+ char * auth_alt_types; /* alt authentication plugins */
char * auth_info; /* authentication info */
char * auth_type; /* authentication mechanism */
uint16_t commit_delay; /* On busy systems delay
--
GitLab