ports/openmpi
ports/openmpi
1
1
Форкнуть 0
Код Релизы Активность

Add munge security

Просмотр исходного кода
Этот коммит содержится в:
Ralph Castain 2015-02-07 12:01:36 -08:00
родитель f38f2a159b
Коммит 56b81fbd67
5 изменённых файлов: 318 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

38
opal/mca/sec/munge/Makefile.am Обычный файл
Просмотреть файл

@ -0,0 +1,38 @@
#
# Copyright (c) 2015 Intel, Inc. All rights reserved.
# $COPYRIGHT$
#
# Additional copyrights may follow
#
# $HEADER$
#
sources = \
sec_munge.h \
sec_munge_component.c \
sec_munge.c
# Make the output library in this directory, and name it either
# mca_<type>_<name>.la (for DSO builds) or libmca_<type>_<name>.la
# (for static builds).
if MCA_BUILD_opal_sec_munge_DSO
component_noinst =
component_install = mca_sec_munge.la
else
component_noinst = libmca_sec_munge.la
component_install =
endif
mcacomponentdir = $(opallibdir)
mcacomponent_LTLIBRARIES = $(component_install)
mca_sec_munge_la_SOURCES = $(sources)
mca_sec_munge_la_CPPFLAGS = $(sec_munge_CPPFLAGS)
mca_sec_munge_la_LDFLAGS = -module -avoid-version $(sec_munge_LDFLAGS)
mca_sec_munge_la_LIBADD = $(sec_munge_LIBS)
noinst_LTLIBRARIES = $(component_noinst)
libmca_sec_munge_la_SOURCES =$(sources)
libmca_sec_munge_la_CPPFLAGS = $(sec_munge_CPPFLAGS)
libmca_sec_munge_la_LDFLAGS = -module -avoid-version $(sec_munge_LDFLAGS)
libmca_sec_munge_la_LIBADD = $(sec_munge_LIBS)

86
opal/mca/sec/munge/configure.m4 Обычный файл
Просмотреть файл

@ -0,0 +1,86 @@
# -*- shell-script -*-
#
# Copyright (c) 2015 Intel, Inc. All rights reserved
# $COPYRIGHT$
#
# Additional copyrights may follow
#
# $HEADER$
#
# MCA_sec_munge_CONFIG([action-if-found], [action-if-not-found])
# --------------------------------------------------------------------
AC_DEFUN([MCA_opal_sec_munge_CONFIG],[
AC_CONFIG_FILES([opal/mca/sec/munge/Makefile])
OPAL_VAR_SCOPE_PUSH([sec_munge_support sec_munge_dir sec_munge_libdir save_cpp save_ld])
AC_ARG_WITH([munge],
[AC_HELP_STRING([--with-munge=DIR],
[Search for munge headers and libraries in DIR ])])
AC_ARG_WITH([munge-libdir],
[AC_HELP_STRING([--with-munge-libdir=DIR],
[Search for munge libraries in DIR ])])
sec_munge_support=0
if test "$with_munge" != "no"; then
AC_MSG_CHECKING([for munge in])
if test ! -z "$with_munge" -a "$with_munge" != "yes"; then
if test -d $with_munge/include/munge; then
sec_munge_dir=$with_munge/include/munge
else
sec_munge_dir=$with_munge
fi
if test -d $with_munge/lib; then
sec_munge_libdir=$with_munge/lib
elif -d $with_munge/lib64; then
sec_munge_libdir=$with_munge/lib64
else
AC_MSG_RESULT([Could not find $with_munge/lib or $with_munge/lib64])
AC_MSG_ERROR([Can not continue])
fi
AC_MSG_RESULT([$sec_munge_dir and $sec_munge_libdir])
else
AC_MSG_RESULT([(default search paths)])
sec_munge_dir=
fi
AS_IF([test ! -z "$with_munge_libdir" && test "$with_munge_libdir" != "yes"],
[sec_munge_libdir="$with_munge_libdir"])
save_cpp=$CPPFLAGS
save_ld=$LDFLAGS
OPAL_CHECK_PACKAGE([sec_munge],
[munge.h],
[munge],
[munge_encode],
[-lmunge],
[$sec_munge_dir],
[$sec_munge_libdir],
[sec_munge_support=1],
[sec_munge_support=0])
CPPFLAGS=$save_cpp
LDFLAGS=$save_ld
fi
if test ! -z "$with_munge" && test "$with_munge" != "no" && test "$sec_munge_support" != "1"; then
AC_MSG_WARN([MUNGE SUPPORT REQUESTED AND NOT FOUND.])
AC_MSG_ERROR([CANNOT CONTINUE])
fi
AC_MSG_CHECKING([will munge support be built])
AS_IF([test "$sec_munge_support" != "1"],
[AC_MSG_RESULT([no])
$2],
[AC_MSG_RESULT([yes])
$1])
# set build flags to use in makefile
AC_SUBST([sec_munge_CPPFLAGS])
AC_SUBST([sec_munge_LDFLAGS])
AC_SUBST([sec_munge_LIBS])
OPAL_VAR_SCOPE_POP
])dnl

107
opal/mca/sec/munge/sec_munge.c Обычный файл
Просмотреть файл

@ -0,0 +1,107 @@
/*
* Copyright (c) 2015 Intel, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*
*/
#include "opal_config.h"
#include "opal/constants.h"
#ifdef HAVE_STRING_H
#include <string.h>
#endif
#include <munge.h>
#include "opal_stdint.h"
#include "opal/dss/dss_types.h"
#include "opal/util/error.h"
#include "opal/util/output.h"
#include "opal/util/show_help.h"
#include "opal/mca/dstore/dstore.h"
#include "opal/mca/sec/base/base.h"
#include "sec_munge.h"
static int init(void);
static void finalize(void);
static int get_my_cred(int dstorehandle,
opal_process_name_t *my_id,
opal_sec_cred_t **cred);
static int authenticate(opal_sec_cred_t *cred);
opal_sec_base_module_t opal_sec_munge_module = {
init,
finalize,
get_my_cred,
authenticate
};
static opal_sec_cred_t my_cred;
static bool initialized = false;
static int init(void)
{
int rc;
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge init");
/* attempt to get a credential as a way of checking that
* the munge server is available - cache the credential
* for later use */
if (EMUNGE_SUCCESS != (rc = munge_encode(&my_cred.credential, NULL, NULL, 0))) {
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge failed to create credential: %s",
munge_strerror(rc));
return OPAL_ERR_SERVER_NOT_AVAIL;
}
initialized = true;
return OPAL_SUCCESS;
}
static void finalize(void)
{
if (initialized) {
free(my_cred.credential);
}
}
static int get_my_cred(int dstorehandle,
opal_process_name_t *my_id,
opal_sec_cred_t **cred)
{
if (initialized) {
*cred = &my_cred;
} else {
*cred = NULL;
}
return OPAL_SUCCESS;
}
static int authenticate(opal_sec_cred_t *cred)
{
munge_err_t rc;
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge validate_cred %s", cred);
/* parse the inbound string */
if (EMUNGE_SUCCESS != (rc = munge_decode(cred->credential, NULL, NULL, NULL, NULL, NULL))) {
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge failed to decode credential: %s",
munge_strerror(rc));
return OPAL_ERR_AUTHENTICATION_FAILED;
}
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge credential valid");
return OPAL_SUCCESS;
}

23
opal/mca/sec/munge/sec_munge.h Обычный файл
Просмотреть файл

@ -0,0 +1,23 @@
/*
* Copyright (c) 2015 Intel, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#ifndef OPAL_SEC_MUNGE_H
#define OPAL_SEC_MUNGE_H
#include "opal/mca/sec/sec.h"
BEGIN_C_DECLS
OPAL_MODULE_DECLSPEC extern opal_sec_base_component_t mca_sec_munge_component;
OPAL_DECLSPEC extern opal_sec_base_module_t opal_sec_munge_module;
END_C_DECLS
#endif /* OPAL_SEC_MUNGE_H */

64
opal/mca/sec/munge/sec_munge_component.c Обычный файл
Просмотреть файл

@ -0,0 +1,64 @@
/*
* Copyright (c) 2015 Intel, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#include "opal_config.h"
#include "opal/constants.h"
#include "opal/mca/base/base.h"
#include "opal/mca/sec/sec.h"
#include "sec_munge.h"
static int sec_munge_component_open(void);
static int sec_munge_component_query(mca_base_module_t **module, int *priority);
static int sec_munge_component_close(void);
/*
* Instantiate the public struct with all of our public information
* and pointers to our public functions in it
*/
opal_sec_base_component_t mca_sec_munge_component = {
{
OPAL_SEC_BASE_VERSION_1_0_0,
/* Component name and version */
"munge",
OPAL_MAJOR_VERSION,
OPAL_MINOR_VERSION,
OPAL_RELEASE_VERSION,
/* Component open and close functions */
sec_munge_component_open,
sec_munge_component_close,
sec_munge_component_query,
NULL
},
{
/* The component is checkpoint ready */
MCA_BASE_METADATA_PARAM_CHECKPOINT
}
};
static int sec_munge_component_open(void)
{
return OPAL_SUCCESS;
}
static int sec_munge_component_query(mca_base_module_t **module, int *priority)
{
*priority = 10;
*module = (mca_base_module_t*)&opal_sec_munge_module;
return OPAL_SUCCESS;
}
static int sec_munge_component_close(void)
{
return OPAL_SUCCESS;
}