Cleanup the munge support - the credential cannot be reused for multiple connections

opal/mca/sec/munge/sec_munge.c

@@ -42,6 +42,7 @@ opal_sec_base_module_t opal_sec_munge_module = {
 
 static opal_sec_cred_t my_cred;
 static bool initialized = false;
+static bool refresh = false;
 
 static int init(void)
 {
@@ -60,6 +61,7 @@ static int init(void)
                             munge_strerror(rc));
         return OPAL_ERR_SERVER_NOT_AVAIL;
     }
+    my_cred.size = strlen(my_cred.credential);
     initialized = true;
     
     return OPAL_SUCCESS;
@@ -76,8 +78,24 @@ static int get_my_cred(int dstorehandle,
                        opal_process_name_t *my_id,
                        opal_sec_cred_t **cred)
 {
+    int rc;
+    
     if (initialized) {
-        *cred = &my_cred;
+        if (!refresh) {
+            *cred = &my_cred;
+            refresh = true;
+        } else {
+            /* get a new credential as munge will not
+             * allow us to reuse them */
+            if (EMUNGE_SUCCESS != (rc = munge_encode(&my_cred.credential, NULL, NULL, 0))) {
+                opal_output_verbose(2, opal_sec_base_framework.framework_output,
+                                    "sec: munge failed to create credential: %s",
+                                    munge_strerror(rc));
+                return OPAL_ERR_SERVER_NOT_AVAIL;
+            }
+            my_cred.size = strlen(my_cred.credential);
+            *cred = &my_cred;
+        }
     } else {
         *cred = NULL;
     }

orte/orted/pmix/pmix_server_connection.c

@@ -333,6 +333,8 @@ int pmix_server_recv_connect_ack(pmix_server_peer_t* pr, int sd,
         CLOSE_THE_SOCKET(peer->sd);
         return ORTE_ERR_OUT_OF_RESOURCE;
     }
+    memset(msg, 0, hdr.nbytes);
+    
     if (!usock_peer_recv_blocking(peer, sd, msg, hdr.nbytes)) {
         /* unable to complete the recv */
         opal_output_verbose(2, pmix_server_output,
@@ -364,7 +366,7 @@ int pmix_server_recv_connect_ack(pmix_server_peer_t* pr, int sd,
 
     /* check security token */
     creds.credential = (char*)(msg + strlen(version) + 1);
-    creds.size = hdr.nbytes - strlen(version) - 1;
+    creds.size = strlen(creds.credential);
     if (OPAL_SUCCESS != (rc = opal_sec.authenticate(&creds))) {
         ORTE_ERROR_LOG(rc);
     }