Add minimum version number to the auth plugins

doc/html/authplugins.shtml

@@ -5,7 +5,7 @@
 <h2> Overview</h2>
 <p> This document describes SLURM authentication plugins and the API that defines 
 them. It is intended as a resource to programmers wishing to write their own SLURM 
-authentication plugins. This is version 90 of the API.</p>
+authentication plugins. This is version 100 of the API.</p>
 <p>SLURM authentication plugins are SLURM plugins that implement the SLURM authentication 
 API described herein. They must conform to the SLURM Plugin API with the following 
 specifications:</p>

src/common/slurm_auth.c

 /*****************************************************************************\
  *  slurm_auth.c - implementation-independent authentication API definitions
  *****************************************************************************
- *  Copyright (C) 2002-2006 The Regents of the University of California.
+ *  Copyright (C) 2002-2007 The Regents of the University of California.
+ *  Copyright (C) 2008-2009 Lawrence Livermore National Security.
  *  Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
  *  Written by Jay Windley <jwindley@lnxi.com>
  *  CODE-OCEC-09-009. All rights reserved.
@@ -257,22 +258,23 @@ slurm_auth_generic_errstr( int slurm_errno )
                 int err;
                 const char *msg;
         } generic_table[] = {
-                { SLURM_SUCCESS, "no error" },
-                { SLURM_ERROR, "unknown error" },
-                { SLURM_AUTH_NOPLUGIN, "no authentication plugin installed" },
-                { SLURM_AUTH_BADARG, "bad argument to plugin function" },
-                { SLURM_AUTH_MEMORY, "memory management error" },
-                { SLURM_AUTH_NOUSER, "no such user" },
-                { SLURM_AUTH_INVALID, "authentication credential invalid" },
-                { SLURM_AUTH_MISMATCH, 
-		  "authentication type or verstion mismatch" },
-                { 0, NULL }
+		{ SLURM_SUCCESS, "no error" },
+		{ SLURM_ERROR, "unknown error" },
+		{ SLURM_AUTH_NOPLUGIN, "no authentication plugin installed" },
+		{ SLURM_AUTH_BADARG, "bad argument to plugin function" },
+		{ SLURM_AUTH_MEMORY, "memory management error" },
+		{ SLURM_AUTH_NOUSER, "no such user" },
+		{ SLURM_AUTH_INVALID, "authentication credential invalid" },
+		{ SLURM_AUTH_MISMATCH, "authentication type mismatch" },
+		{ SLURM_AUTH_VERSION, "authentication version too old" },
+		{ 0, NULL }
         };
 
         int i;
 
         for ( i = 0; ; ++i ) {
-                if ( generic_table[ i ].msg == NULL ) return NULL;
+                if ( generic_table[ i ].msg == NULL )
+			return NULL;
                 if ( generic_table[ i ].err == slurm_errno )
                         return generic_table[ i ].msg;
         }

src/common/slurm_auth.h

@@ -89,6 +89,7 @@ enum {
     SLURM_AUTH_NOUSER,              /* User not defined on host.         */
     SLURM_AUTH_INVALID,             /* Invalid credential.               */
     SLURM_AUTH_MISMATCH,            /* Credential from another plugin.   */
+    SLURM_AUTH_VERSION,             /* Credential from old plugin.       */
 
     SLURM_AUTH_FIRST_LOCAL_ERROR    /* Always keep me last. */
 };

src/plugins/auth/authd/auth_authd.c

 /*****************************************************************************\
  *  auth_authd - plugin for Brent Chun's authd
  *****************************************************************************
- *  Copyright (C) 2002 The Regents of the University of California.
+ *  Copyright (C) 2002-2007 The Regents of the University of California.
+ *  Copyright (C) 2008-2009 Lawrence Livermore National Security.
  *  Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
  *  Written by Kevin Tew <tew1@llnl.gov> et. al.
  *  CODE-OCEC-09-009. All rights reserved.
@@ -63,9 +64,36 @@
 #include <slurm/slurm_errno.h>
 #include "src/common/slurm_xlator.h"
 
-const char plugin_name[]	= "Brent Chun's authd authentication plugin";
-const char plugin_type[]	= "auth/authd";
-const uint32_t plugin_version = 90;
+/*
+ * These variables are required by the generic plugin interface.  If they
+ * are not found in the plugin, the plugin loader will ignore it.
+ *
+ * plugin_name - a string giving a human-readable description of the
+ * plugin.  There is no maximum length, but the symbol must refer to
+ * a valid string.
+ *
+ * plugin_type - a string suggesting the type of the plugin or its
+ * applicability to a particular form of data or method of data handling.
+ * If the low-level plugin API is used, the contents of this string are
+ * unimportant and may be anything.  SLURM uses the higher-level plugin
+ * interface which requires this string to be of the form
+ *
+ *	<application>/<method>
+ *
+ * where <application> is a description of the intended application of
+ * the plugin (e.g., "auth" for SLURM authentication) and <method> is a
+ * description of how this plugin satisfies that application.  SLURM will
+ * only load authentication plugins if the plugin_type string has a prefix
+ * of "auth/".
+ *
+ * plugin_version   - specifies the version number of the plugin.  
+ * min_plug_version - specifies the minumum version number of incomming 
+ *                    messages that this plugin can accept
+ */
+const char plugin_name[]        = "Brent Chun's authd authentication plugin";
+const char plugin_type[]        = "auth/authd";
+const uint32_t plugin_version   = 100;
+const uint32_t min_plug_version = 90;
 
 /*
  * Where to find the timeout in the argument vector.  This is set
@@ -278,8 +306,8 @@ slurm_auth_unpack( Buf buf )
 	}
 
 	safe_unpack32( &version, buf );
-	if( version != plugin_version ) {
-		plugin_errno = SLURM_AUTH_MISMATCH;
+	if( version < min_plug_version ) {
+		plugin_errno = SLURM_AUTH_VERSION;
 		return NULL;
 	}
 

src/plugins/auth/munge/auth_munge.c

@@ -3,7 +3,7 @@
  *  $Id$
  *****************************************************************************
  *  Copyright (C) 2002-2007 The Regents of the University of California.
- *  Copyright (C) 2008 Lawrence Livermore National Security.
+ *  Copyright (C) 2008-2009 Lawrence Livermore National Security.
  *  Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
  *  Written by Mark Grondona <mgrondona@llnl.gov> 
  *  CODE-OCEC-09-009. All rights reserved.
@@ -74,9 +74,37 @@
 
 #define MUNGE_ERRNO_OFFSET	1000
 
-const char plugin_name[]       	= "auth plugin for Munge (http://home.gna.org/munge/)";
+/*
+ * These variables are required by the generic plugin interface.  If they
+ * are not found in the plugin, the plugin loader will ignore it.
+ *
+ * plugin_name - a string giving a human-readable description of the
+ * plugin.  There is no maximum length, but the symbol must refer to
+ * a valid string.
+ *
+ * plugin_type - a string suggesting the type of the plugin or its
+ * applicability to a particular form of data or method of data handling.
+ * If the low-level plugin API is used, the contents of this string are
+ * unimportant and may be anything.  SLURM uses the higher-level plugin
+ * interface which requires this string to be of the form
+ *
+ *	<application>/<method>
+ *
+ * where <application> is a description of the intended application of
+ * the plugin (e.g., "auth" for SLURM authentication) and <method> is a
+ * description of how this plugin satisfies that application.  SLURM will
+ * only load authentication plugins if the plugin_type string has a prefix
+ * of "auth/".
+ *
+ * plugin_version   - specifies the version number of the plugin.  
+ * min_plug_version - specifies the minumum version number of incomming 
+ *                    messages that this plugin can accept
+ */
+const char plugin_name[]       	= "auth plugin for Munge "
+				  "(http://home.gna.org/munge/)";
 const char plugin_type[]       	= "auth/munge";
-const uint32_t plugin_version	= 10;
+const uint32_t plugin_version   = 100;
+const uint32_t min_plug_version = 10; /* minimum version accepted */
 
 static int plugin_errno = SLURM_SUCCESS;
 
@@ -366,8 +394,8 @@ slurm_auth_unpack( Buf buf )
 		return NULL;
 	}
 	safe_unpack32( &version, buf );
-	if ( version != plugin_version ) {
-		plugin_errno = SLURM_AUTH_MISMATCH;
+	if ( version < min_plug_version ) {
+		plugin_errno = SLURM_AUTH_VERSION;
 		return NULL;
 	}
 

src/plugins/auth/none/auth_none.c

 /*****************************************************************************\
  *  auth_none.c - NO-OP slurm authentication plugin, validates all users.
  *****************************************************************************
- *  Copyright (C) 2002 The Regents of the University of California.
+ *  Copyright (C) 2002-2007 The Regents of the University of California.
+ *  Copyright (C) 2008-2009 Lawrence Livermore National Security.
  *  Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
  *  Written by Kevin Tew <tew1@llnl.gov> et. al.
  *  CODE-OCEC-09-009. All rights reserved.
@@ -88,16 +89,14 @@
  * only load authentication plugins if the plugin_type string has a prefix
  * of "auth/".
  *
- * plugin_version - an unsigned 32-bit integer giving the version number
- * of the plugin.  If major and minor revisions are desired, the major
- * version number may be multiplied by a suitable magnitude constant such
- * as 100 or 1000.  Various SLURM versions will likely require a certain
- * minimum versions for their plugins as the authentication API matures.
+ * plugin_version   - specifies the version number of the plugin.  
+ * min_plug_version - specifies the minumum version number of incomming 
+ *                    messages that this plugin can accept
  */
 const char plugin_name[]       	= "Null authentication plugin";
 const char plugin_type[]       	= "auth/none";
-const uint32_t plugin_version	= 90;
-
+const uint32_t plugin_version   = 100;
+const uint32_t min_plug_version = 90;
 
 /*
  * An opaque type representing authentication credentials.  This type can be
@@ -296,8 +295,8 @@ slurm_auth_unpack( Buf buf )
 		return NULL;
 	}
 	safe_unpack32( &version, buf );
-	if ( version != plugin_version ) {
-		plugin_errno = SLURM_AUTH_MISMATCH;
+	if ( version < min_plug_version ) {
+		plugin_errno = SLURM_AUTH_VERSION;
 		return NULL;
 	}