Cleanup the munge support - the credential cannot be reused for multiple connections

2015-02-10 20:34:35 -08:00 · 2015-02-10 20:34:35 -08:00 · 3de8c5c7c6
--- a/opal/mca/sec/munge/sec_munge.c
+++ b/opal/mca/sec/munge/sec_munge.c
@ -42,6 +42,7 @@ opal_sec_base_module_t opal_sec_munge_module = {

 static opal_sec_cred_t my_cred;
 static bool initialized = false;
+static bool refresh = false;

 static int init(void)
 {
@ -60,6 +61,7 @@ static int init(void)
                            munge_strerror(rc));
        return OPAL_ERR_SERVER_NOT_AVAIL;
    }
+    my_cred.size = strlen(my_cred.credential);
    initialized = true;
    
    return OPAL_SUCCESS;
@ -76,8 +78,24 @@ static int get_my_cred(int dstorehandle,
                       opal_process_name_t *my_id,
                       opal_sec_cred_t **cred)
 {
+    int rc;
+    
    if (initialized) {
+        if (!refresh) {
            *cred = &my_cred;
+            refresh = true;
+        } else {
+            /* get a new credential as munge will not
+             * allow us to reuse them */
+            if (EMUNGE_SUCCESS != (rc = munge_encode(&my_cred.credential, NULL, NULL, 0))) {
+                opal_output_verbose(2, opal_sec_base_framework.framework_output,
+                                    "sec: munge failed to create credential: %s",
+                                    munge_strerror(rc));
+                return OPAL_ERR_SERVER_NOT_AVAIL;
+            }
+            my_cred.size = strlen(my_cred.credential);
+            *cred = &my_cred;
+        }
    } else {
        *cred = NULL;
    }
--- a/orte/orted/pmix/pmix_server_connection.c
+++ b/orte/orted/pmix/pmix_server_connection.c
@ -333,6 +333,8 @@ int pmix_server_recv_connect_ack(pmix_server_peer_t* pr, int sd,
        CLOSE_THE_SOCKET(peer->sd);
        return ORTE_ERR_OUT_OF_RESOURCE;
    }
+    memset(msg, 0, hdr.nbytes);
+    
    if (!usock_peer_recv_blocking(peer, sd, msg, hdr.nbytes)) {
        /* unable to complete the recv */
        opal_output_verbose(2, pmix_server_output,
@ -364,7 +366,7 @@ int pmix_server_recv_connect_ack(pmix_server_peer_t* pr, int sd,

    /* check security token */
    creds.credential = (char*)(msg + strlen(version) + 1);
-    creds.size = hdr.nbytes - strlen(version) - 1;
+    creds.size = strlen(creds.credential);
    if (OPAL_SUCCESS != (rc = opal_sec.authenticate(&creds))) {
        ORTE_ERROR_LOG(rc);
    }