auth/jwt - add jwt_key option to AuthAltParameters

Bug 10018.

auth/jwt - add jwt_key option to AuthAltParameters
Bug 10018.
9b0ba805 · Nate Rini · Tim Wickberg · f55bc2ca · 9b0ba805 · 9b0ba805
Commit 9b0ba805 authored 4 years ago by Nate Rini Committed by Tim Wickberg 4 years ago
--- a/doc/man/man5/slurm.conf.5
+++ b/doc/man/man5/slurm.conf.5
@@ -352,6 +352,13 @@ will permit for communication. Acceptable values at present include "auth/jwt".
 \fBAuthAltParameters\fR
 Used to define alternative authentication plugins options. Multiple options may
 be comma separated.
+.RS
+.TP 15
+\fBjwt_key=\fR
+Absolute path to JWT key file. Key must be HS256, and should only be accessible
+by SlurmUser. If not set, the default key file is jwt_hs256.key in
+\fIStateSaveLocation\fR.
+.RE

 .TP
 \fBAuthInfo\fR

--- a/doc/man/man5/slurmdbd.conf.5
+++ b/doc/man/man5/slurmdbd.conf.5
@@ -138,6 +138,12 @@ will permit for communication.
 \fBAuthAltParameters\fR
 Used to define alternative authentication plugins options. Multiple options may
 be comma separated.
+.RS
+.TP 15
+\fBjwt_key=\fR
+Absolute path to JWT key file. Key must be HS256, and should only be accessible
+by SlurmUser.
+.RE

 .TP
 \fBAuthType\fR

--- a/src/plugins/auth/jwt/auth_jwt.c
+++ b/src/plugins/auth/jwt/auth_jwt.c
@@ -115,17 +115,45 @@ __thread char *thread_username = NULL;

 static int _init_key(void)
 {
-	char *key_file = xstrdup(slurm_conf.state_save_location);
-	xstrcat(key_file, "/jwt_hs256.key");
-	key = create_mmap_buf(key_file);
-	if (!key) {
+	char *key_file = NULL;
+
+	if (slurm_conf.authalt_params && slurm_conf.authalt_params[0]) {
+		const char *jwt_key_field = "jwt_key=";
+		char *begin = xstrcasestr(slurm_conf.authalt_params,
+					  jwt_key_field);
+
+		/* find the begin and ending offsets of the jwt_key */
+		if (begin) {
+			char *start = begin + sizeof(jwt_key_field);
+			char *end = NULL;
+
+			if ((end = xstrstr(start, ",")))
+				key_file = xstrndup(start, (end - start));
+			else
+				key_file = xstrdup(start);
+		}
+	}
+
+	if (!key_file && slurm_conf.state_save_location) {
+		const char *default_key = "jwt_hs256.key";
+		/* default to state_save_location for slurmctld */
+		xstrfmtcat(key_file, "%s/%s",
+			   slurm_conf.state_save_location, default_key);
+	}
+
+	if (!key_file)
+		return ESLURM_AUTH_SKIP;
+
+	debug("%s: Loading key: %s", __func__, key_file);
+
+	if (!(key = create_mmap_buf(key_file))) {
 		error("%s: Could not load key file (%s)",
 		      plugin_type, key_file);
 		xfree(key_file);
-		return SLURM_ERROR;
+		return ESLURM_AUTH_FOPEN_ERROR;
 	}
-	xfree(key_file);

+	xfree(key_file);
 	return SLURM_SUCCESS;
 }