Cleanup the munge support - the credential cannot be reused for multiple connections
Этот коммит содержится в:
Ralph Castain
родитель
e173f9b0c0
Коммит
3de8c5c7c6
@ -42,6 +42,7 @@ opal_sec_base_module_t opal_sec_munge_module = {
|
|||||||
|
|
||||||
static opal_sec_cred_t my_cred;
|
static opal_sec_cred_t my_cred;
|
||||||
static bool initialized = false;
|
static bool initialized = false;
|
||||||
|
static bool refresh = false;
|
||||||
|
|
||||||
static int init(void)
|
static int init(void)
|
||||||
{
|
{
|
||||||
@ -60,6 +61,7 @@ static int init(void)
|
|||||||
munge_strerror(rc));
|
munge_strerror(rc));
|
||||||
return OPAL_ERR_SERVER_NOT_AVAIL;
|
return OPAL_ERR_SERVER_NOT_AVAIL;
|
||||||
}
|
}
|
||||||
|
my_cred.size = strlen(my_cred.credential);
|
||||||
initialized = true;
|
initialized = true;
|
||||||
|
|
||||||
return OPAL_SUCCESS;
|
return OPAL_SUCCESS;
|
||||||
@ -76,8 +78,24 @@ static int get_my_cred(int dstorehandle,
|
|||||||
opal_process_name_t *my_id,
|
opal_process_name_t *my_id,
|
||||||
opal_sec_cred_t **cred)
|
opal_sec_cred_t **cred)
|
||||||
{
|
{
|
||||||
|
int rc;
|
||||||
|
|
||||||
if (initialized) {
|
if (initialized) {
|
||||||
*cred = &my_cred;
|
if (!refresh) {
|
||||||
|
*cred = &my_cred;
|
||||||
|
refresh = true;
|
||||||
|
} else {
|
||||||
|
/* get a new credential as munge will not
|
||||||
|
* allow us to reuse them */
|
||||||
|
if (EMUNGE_SUCCESS != (rc = munge_encode(&my_cred.credential, NULL, NULL, 0))) {
|
||||||
|
opal_output_verbose(2, opal_sec_base_framework.framework_output,
|
||||||
|
"sec: munge failed to create credential: %s",
|
||||||
|
munge_strerror(rc));
|
||||||
|
return OPAL_ERR_SERVER_NOT_AVAIL;
|
||||||
|
}
|
||||||
|
my_cred.size = strlen(my_cred.credential);
|
||||||
|
*cred = &my_cred;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
*cred = NULL;
|
*cred = NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -333,6 +333,8 @@ int pmix_server_recv_connect_ack(pmix_server_peer_t* pr, int sd,
|
|||||||
CLOSE_THE_SOCKET(peer->sd);
|
CLOSE_THE_SOCKET(peer->sd);
|
||||||
return ORTE_ERR_OUT_OF_RESOURCE;
|
return ORTE_ERR_OUT_OF_RESOURCE;
|
||||||
}
|
}
|
||||||
|
memset(msg, 0, hdr.nbytes);
|
||||||
|
|
||||||
if (!usock_peer_recv_blocking(peer, sd, msg, hdr.nbytes)) {
|
if (!usock_peer_recv_blocking(peer, sd, msg, hdr.nbytes)) {
|
||||||
/* unable to complete the recv */
|
/* unable to complete the recv */
|
||||||
opal_output_verbose(2, pmix_server_output,
|
opal_output_verbose(2, pmix_server_output,
|
||||||
@ -364,7 +366,7 @@ int pmix_server_recv_connect_ack(pmix_server_peer_t* pr, int sd,
|
|||||||
|
|
||||||
/* check security token */
|
/* check security token */
|
||||||
creds.credential = (char*)(msg + strlen(version) + 1);
|
creds.credential = (char*)(msg + strlen(version) + 1);
|
||||||
creds.size = hdr.nbytes - strlen(version) - 1;
|
creds.size = strlen(creds.credential);
|
||||||
if (OPAL_SUCCESS != (rc = opal_sec.authenticate(&creds))) {
|
if (OPAL_SUCCESS != (rc = opal_sec.authenticate(&creds))) {
|
||||||
ORTE_ERROR_LOG(rc);
|
ORTE_ERROR_LOG(rc);
|
||||||
}
|
}
|
||||||
|
|||||||
Загрузка…
x
Ссылка в новой задаче
Block a user