diff --git a/src/common/slurm_protocol_api.c b/src/common/slurm_protocol_api.c
index 750126d7819620e396da2529a015ab37edbaa667..00d0ce3121d99d0de3bb0535c9fcf16472af3de9 100644
--- a/src/common/slurm_protocol_api.c
+++ b/src/common/slurm_protocol_api.c
@@ -88,6 +88,7 @@ static int message_timeout = -1;
/* STATIC FUNCTIONS */
static void _remap_slurmctld_errno(void);
+static char *_global_auth_key(void);
/* define the slurmdbd_options flag */
slurm_dbd_conf_t *slurmdbd_conf = NULL;
@@ -627,7 +628,44 @@ char *slurm_get_accounting_storage_pass(void)
storage_pass = xstrdup(conf->accounting_storage_pass);
slurm_conf_unlock();
}
- return storage_pass;
+ return storage_pass;
+}
+
+/* _global_auth_key
+ * returns the storage password from slurmctld_conf or slurmdbd_conf object
+ * cache value in local buffer for best performance
+ * RET char * - storage password
+ */
+static char *_global_auth_key(void)
+{
+ static bool loaded_storage_pass = false;
+ static char storage_pass[512] = "\0";
+ slurm_ctl_conf_t *conf;
+
+ if(loaded_storage_pass)
+ return storage_pass;
+
+ if(slurmdbd_conf) {
+ if(slurmdbd_conf->storage_pass) {
+ if(strlen(slurmdbd_conf->storage_pass) >
+ sizeof(storage_pass))
+ fatal("StoragePass is too long");
+ strncpy(storage_pass, slurmdbd_conf->storage_pass,
+ sizeof(storage_pass));
+ }
+ } else {
+ conf = slurm_conf_lock();
+ if(conf->accounting_storage_pass) {
+ if(strlen(conf->accounting_storage_pass) >
+ sizeof(storage_pass))
+ fatal("AccountingStoragePass is too long");
+ strncpy(storage_pass, conf->accounting_storage_pass,
+ sizeof(storage_pass));
+ }
+ slurm_conf_unlock();
+ }
+ loaded_storage_pass = true;
+ return storage_pass;
}
/* slurm_get_accounting_storage_port
@@ -1325,7 +1363,11 @@ int slurm_receive_msg(slurm_fd fd, slurm_msg_t *msg, int timeout)
rc = ESLURM_PROTOCOL_INCOMPLETE_PACKET;
goto total_return;
}
- rc = g_slurm_auth_verify( auth_cred, NULL, 2, NULL );
+ if(header.flags & SLURM_GLOBAL_AUTH_KEY) {
+ rc = g_slurm_auth_verify( auth_cred, NULL, 2,
+ _global_auth_key() );
+ } else
+ rc = g_slurm_auth_verify( auth_cred, NULL, 2, NULL );
if (rc != SLURM_SUCCESS) {
error( "authentication: %s ",
@@ -1340,6 +1382,7 @@ int slurm_receive_msg(slurm_fd fd, slurm_msg_t *msg, int timeout)
* Unpack message body
*/
msg->msg_type = header.msg_type;
+ msg->flags = header.flags;
if ( (header.body_length > remaining_buf(buffer)) ||
(unpack_msg(msg, buffer) != SLURM_SUCCESS) ) {
@@ -1475,7 +1518,11 @@ List slurm_receive_msgs(slurm_fd fd, int steps, int timeout)
rc = ESLURM_PROTOCOL_INCOMPLETE_PACKET;
goto total_return;
}
- rc = g_slurm_auth_verify( auth_cred, NULL, 2, NULL );
+ if(header.flags & SLURM_GLOBAL_AUTH_KEY) {
+ rc = g_slurm_auth_verify( auth_cred, NULL, 2,
+ _global_auth_key() );
+ } else
+ rc = g_slurm_auth_verify( auth_cred, NULL, 2, NULL );
if(rc != SLURM_SUCCESS) {
error("authentication: %s ",
@@ -1490,6 +1537,7 @@ List slurm_receive_msgs(slurm_fd fd, int steps, int timeout)
* Unpack message body
*/
msg.msg_type = header.msg_type;
+ msg.flags = header.flags;
if((header.body_length > remaining_buf(buffer)) ||
(unpack_msg(&msg, buffer) != SLURM_SUCCESS)) {
@@ -1672,7 +1720,11 @@ int slurm_receive_msg_and_forward(slurm_fd fd, slurm_addr *orig_addr,
rc = ESLURM_PROTOCOL_INCOMPLETE_PACKET;
goto total_return;
}
- rc = g_slurm_auth_verify( auth_cred, NULL, 2, NULL );
+ if(header.flags & SLURM_GLOBAL_AUTH_KEY) {
+ rc = g_slurm_auth_verify( auth_cred, NULL, 2,
+ _global_auth_key() );
+ } else
+ rc = g_slurm_auth_verify( auth_cred, NULL, 2, NULL );
if (rc != SLURM_SUCCESS) {
error( "authentication: %s ",
@@ -1687,6 +1739,7 @@ int slurm_receive_msg_and_forward(slurm_fd fd, slurm_addr *orig_addr,
* Unpack message body
*/
msg->msg_type = header.msg_type;
+ msg->flags = header.flags;
if ( (header.body_length > remaining_buf(buffer)) ||
(unpack_msg(msg, buffer) != SLURM_SUCCESS) ) {
@@ -1755,11 +1808,16 @@ int slurm_send_node_msg(slurm_fd fd, slurm_msg_t * msg)
Buf buffer;
int rc;
void * auth_cred;
+ uint16_t auth_flags = SLURM_PROTOCOL_NO_FLAGS;
/*
* Initialize header with Auth credential and message type.
*/
- auth_cred = g_slurm_auth_create(NULL, 2, NULL);
+ if (msg->flags & SLURM_GLOBAL_AUTH_KEY) {
+ auth_flags = SLURM_GLOBAL_AUTH_KEY;
+ auth_cred = g_slurm_auth_create(NULL, 2, _global_auth_key());
+ } else
+ auth_cred = g_slurm_auth_create(NULL, 2, NULL);
if (auth_cred == NULL) {
error("authentication: %s",
g_slurm_auth_errstr(g_slurm_auth_errno(NULL)) );
@@ -1772,7 +1830,7 @@ int slurm_send_node_msg(slurm_fd fd, slurm_msg_t * msg)
}
forward_wait(msg);
- init_header(&header, msg, SLURM_PROTOCOL_NO_FLAGS);
+ init_header(&header, msg, msg->flags);
/*
* Pack header into buffer for transmission
@@ -2162,6 +2220,7 @@ int slurm_send_rc_msg(slurm_msg_t *msg, int rc)
}
rc_msg.return_code = rc;
+ slurm_msg_t_init(&resp_msg);
resp_msg.address = msg->address;
resp_msg.msg_type = RESPONSE_SLURM_RC;
resp_msg.data = &rc_msg;
diff --git a/src/common/slurm_protocol_common.h b/src/common/slurm_protocol_common.h
index e9308e8243227afd16b3d260c3a21ace031bf466..d62cafb6a4e50615f272aa16a1e1ecc24cd4289f 100644
--- a/src/common/slurm_protocol_common.h
+++ b/src/common/slurm_protocol_common.h
@@ -66,6 +66,7 @@
/* used to set flags to empty */
#define SLURM_PROTOCOL_NO_FLAGS 0
+#define SLURM_GLOBAL_AUTH_KEY 1
#if MONGO_IMPLEMENTATION
# include <src/common/slurm_protocol_mongo_common.h>
diff --git a/src/common/slurm_protocol_defs.h b/src/common/slurm_protocol_defs.h
index b9c1afc65122487c44290bbf2e7d26727eac13a9..d5aba50b0257cf1cade6a68f78901cf1e202598a 100644
--- a/src/common/slurm_protocol_defs.h
+++ b/src/common/slurm_protocol_defs.h
@@ -266,6 +266,7 @@ typedef struct slurm_protocol_config {
typedef struct slurm_msg {
slurm_msg_type_t msg_type;
+ uint16_t flags;
slurm_addr address;
slurm_fd conn_fd;
void *auth_cred;