diff --git a/opal/mca/sec/Makefile.am b/opal/mca/sec/Makefile.am deleted file mode 100644 index 18e53a55e1..0000000000 --- a/opal/mca/sec/Makefile.am +++ /dev/null @@ -1,32 +0,0 @@ -# -# Copyright (c) 2014 Intel, Inc. All rights reserved. -# $COPYRIGHT$ -# -# Additional copyrights may follow -# -# $HEADER$ -# - -AM_CPPFLAGS = $(LTDLINCL) - -# main library setup -noinst_LTLIBRARIES = libmca_sec.la -libmca_sec_la_SOURCES = - -# pkgdata setup -dist_opaldata_DATA = - -# local files -headers = sec.h -libmca_sec_la_SOURCES += $(headers) - -# Conditionally install the header files -if WANT_INSTALL_HEADERS -opaldir = $(opalincludedir)/$(subdir) -nobase_opal_HEADERS = $(headers) -endif - -include base/Makefile.am - -distclean-local: - rm -f base/static-components.h diff --git a/opal/mca/sec/base/Makefile.am b/opal/mca/sec/base/Makefile.am deleted file mode 100644 index 48e6319d1e..0000000000 --- a/opal/mca/sec/base/Makefile.am +++ /dev/null @@ -1,17 +0,0 @@ -# -# Copyright (c) 2014-2015 Intel, Inc. All rights reserved. -# Copyright (c) 2014 Cisco Systems, Inc. All rights reserved. -# $COPYRIGHT$ -# -# Additional copyrights may follow -# -# $HEADER$ -# - -headers += \ - base/base.h - -libmca_sec_la_SOURCES += \ - base/sec_base_frame.c \ - base/sec_base_select.c \ - base/sec_base_stubs.c diff --git a/opal/mca/sec/base/base.h b/opal/mca/sec/base/base.h deleted file mode 100644 index a918b6f133..0000000000 --- a/opal/mca/sec/base/base.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2014 Intel, Inc. All rights reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ -/** @file: - */ - -#ifndef MCA_SEC_BASE_H -#define MCA_SEC_BASE_H - -#include "opal_config.h" -#include "opal/types.h" - -#include "opal/mca/mca.h" -#include "opal/mca/base/mca_base_framework.h" -#include "opal/class/opal_list.h" -#include "opal/dss/dss.h" - -#include "opal/mca/sec/sec.h" - -BEGIN_C_DECLS - -OPAL_DECLSPEC extern mca_base_framework_t opal_sec_base_framework; -OPAL_DECLSPEC extern opal_list_t opal_sec_base_actives; - -/* object for storing active components */ -typedef struct { - opal_list_item_t super; - int pri; - opal_sec_base_module_t *module; - mca_base_component_t *component; -} opal_sec_handle_t; -OBJ_CLASS_DECLARATION(opal_sec_handle_t); - -/** - * Select a sec module - */ -OPAL_DECLSPEC int opal_sec_base_select(void); - -/* base stubs */ -OPAL_DECLSPEC int opal_sec_base_get_cred(char *method, - opal_process_name_t *my_id, - char **payload, size_t *size); - -OPAL_DECLSPEC int opal_sec_base_validate(char *payload, size_t size, char **method); - -END_C_DECLS - -#endif diff --git a/opal/mca/sec/base/owner.txt b/opal/mca/sec/base/owner.txt deleted file mode 100644 index 85b4416d20..0000000000 --- a/opal/mca/sec/base/owner.txt +++ /dev/null @@ -1,7 +0,0 @@ -# -# owner/status file -# owner: institution that is responsible for this package -# status: e.g. active, maintenance, unmaintained -# -owner: INTEL -status: active diff --git a/opal/mca/sec/base/sec_base_frame.c b/opal/mca/sec/base/sec_base_frame.c deleted file mode 100644 index b26b55d6c2..0000000000 --- a/opal/mca/sec/base/sec_base_frame.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2014-2015 Intel, Inc. All rights reserved. - * Copyright (c) 2015 Research Organization for Information Science - * and Technology (RIST). All rights reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ - - -#include "opal_config.h" -#include "opal/constants.h" - -#include "opal/mca/mca.h" -#include "opal/util/output.h" -#include "opal/mca/base/base.h" -#include "opal/dss/dss_types.h" - -#include "opal/mca/sec/base/base.h" - - -/* - * The following file was created by configure. It contains extern - * secments and the definition of an array of pointers to each - * module's public mca_base_module_t struct. - */ - -#include "opal/mca/sec/base/static-components.h" - -opal_sec_API_module_t opal_sec = { - opal_sec_base_get_cred, - opal_sec_base_validate -}; -opal_list_t opal_sec_base_actives = {{0}}; - -static int opal_sec_base_close(void) -{ - opal_sec_handle_t *hdl; - - /* let the selected modules finalize */ - OPAL_LIST_FOREACH(hdl, &opal_sec_base_actives, opal_sec_handle_t) { - if (NULL != hdl->module->finalize) { - hdl->module->finalize(); - } - } - - OPAL_LIST_DESTRUCT(&opal_sec_base_actives); - - return mca_base_framework_components_close(&opal_sec_base_framework, NULL); -} - -static int opal_sec_base_open(mca_base_open_flag_t flags) -{ - OBJ_CONSTRUCT(&opal_sec_base_actives, opal_list_t); - - /* Open up all available components */ - return mca_base_framework_components_open(&opal_sec_base_framework, flags); -} - -MCA_BASE_FRAMEWORK_DECLARE(opal, sec, NULL, NULL, opal_sec_base_open, opal_sec_base_close, - mca_sec_base_static_components, 0); - -static void hcon(opal_sec_handle_t *p) -{ - p->pri = 0; - p->module = NULL; - p->component = NULL; -} -OBJ_CLASS_INSTANCE(opal_sec_handle_t, - opal_list_item_t, - hcon, NULL); diff --git a/opal/mca/sec/base/sec_base_select.c b/opal/mca/sec/base/sec_base_select.c deleted file mode 100644 index 7fe3fd1de5..0000000000 --- a/opal/mca/sec/base/sec_base_select.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 2014 Intel, Inc. All rights reserved. - * Copyright (c) 2014 Cisco Systems, Inc. All rights reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ - -#include "opal_config.h" -#include "opal/constants.h" - -#include - -#include "opal/mca/mca.h" -#include "opal/mca/base/base.h" -#include "opal/util/output.h" - -#include "opal/mca/sec/base/base.h" - -static bool selected = false; - -/* - * Function for selecting one component from all those that are - * available. - */ -int opal_sec_base_select(void) -{ - mca_base_component_list_item_t *cli = NULL; - mca_base_component_t *component = NULL; - mca_base_module_t *module = NULL; - opal_sec_base_module_t *smodule; - int rc, priority; - opal_sec_handle_t *hdl, *hptr, *hmark; - - if (selected) { - /* ensure we don't do this twice */ - return OPAL_SUCCESS; - } - selected = true; - - /* Query all available components and ask if they have a module */ - OPAL_LIST_FOREACH(cli, &opal_sec_base_framework.framework_components, mca_base_component_list_item_t) { - component = (mca_base_component_t *) cli->cli_component; - - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "mca:sec:select: checking available component %s", component->mca_component_name); - - /* If there's no query function, skip it */ - if (NULL == component->mca_query_component) { - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "mca:sec:select: Skipping component [%s]. It does not implement a query function", - component->mca_component_name ); - continue; - } - - /* Query the component */ - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "mca:sec:select: Querying component [%s]", - component->mca_component_name); - rc = component->mca_query_component(&module, &priority); - - /* If no module was returned, then skip component */ - if (OPAL_SUCCESS != rc || NULL == module) { - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "mca:sec:select: Skipping component [%s]. Query failed to return a module", - component->mca_component_name ); - continue; - } - - smodule = (opal_sec_base_module_t*)module; - /* modules are required to have an init function */ - if (NULL == smodule->init) { - /* report the error */ - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "mca:sec:select: Skipping component [%s]. It does not implement an init function", - component->mca_component_name); - continue; - } - - /* if we got a module, let it try to initialize */ - if (OPAL_SUCCESS != (rc = smodule->init())) { - /* couldn't init - ignore it */ - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "mca:sec:select: Skipping component [%s]. Init returned %d", - component->mca_component_name, rc); - continue; - } - - /* keep this one */ - hdl = OBJ_NEW(opal_sec_handle_t); - hdl->pri = priority; - hdl->module = smodule; - hdl->component = component; - - /* add to the list of actives in priority order */ - hmark = NULL; - OPAL_LIST_FOREACH(hptr, &opal_sec_base_actives, opal_sec_handle_t) { - if (priority > hptr->pri) { - hmark = hptr; - break; - } - } - if (NULL == hmark) { - /* just append to the end */ - opal_list_append(&opal_sec_base_actives, &hdl->super); - } else { - /* insert before hmark */ - opal_list_insert_pos(&opal_sec_base_actives, &hmark->super, &hdl->super); - } - } - return OPAL_SUCCESS;; -} diff --git a/opal/mca/sec/base/sec_base_stubs.c b/opal/mca/sec/base/sec_base_stubs.c deleted file mode 100644 index 627acd3196..0000000000 --- a/opal/mca/sec/base/sec_base_stubs.c +++ /dev/null @@ -1,168 +0,0 @@ -/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */ -/* - * Copyright (c) 2014-2015 Intel, Inc. All rights reserved. - * Copyright (c) 2015 Los Alamos National Security, LLC. All rights - * reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ - - -#include "opal_config.h" -#include "opal/constants.h" - -#include "opal/mca/mca.h" -#include "opal/util/error.h" -#include "opal/util/output.h" -#include "opal/mca/base/base.h" -#include "opal/dss/dss_types.h" - -#include "opal/mca/sec/base/base.h" - -static void cleanup_cred(opal_sec_cred_t *cred) -{ - if (NULL == cred) { - return; - } - if (NULL != cred->method) { - free(cred->method); - cred->method = NULL; - } - if (NULL != cred->credential) { - free(cred->credential); - cred->credential = NULL; - } -} - -int opal_sec_base_get_cred(char *method, - opal_process_name_t *my_id, - char **payload, size_t *size) -{ - opal_sec_handle_t *hdl; - opal_sec_cred_t cred; - opal_buffer_t buf; - int rc; - - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "Requesting credential from source %s", - (NULL == method) ? "ANY" : method); - - OBJ_CONSTRUCT(&buf, opal_buffer_t); - OPAL_LIST_FOREACH(hdl, &opal_sec_base_actives, opal_sec_handle_t) { - if (NULL != method && 0 != strcmp(method, hdl->component->mca_component_name)) { - continue; - } - if (OPAL_SUCCESS == hdl->module->get_my_credential(my_id, &cred)) { - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "Created credential from source %s", hdl->component->mca_component_name); - /* pack the credential */ - if (OPAL_SUCCESS != (rc = opal_dss.pack(&buf, &cred.method, 1, OPAL_STRING))) { - OPAL_ERROR_LOG(rc); - cleanup_cred(&cred); - OBJ_DESTRUCT(&buf); - return rc; - } - if (OPAL_SUCCESS != (rc = opal_dss.pack(&buf, &cred.size, 1, OPAL_SIZE))) { - OPAL_ERROR_LOG(rc); - cleanup_cred(&cred); - OBJ_DESTRUCT(&buf); - return rc; - } - if (0 < cred.size) { - if (OPAL_SUCCESS != (rc = opal_dss.pack(&buf, cred.credential, cred.size, OPAL_BYTE))) { - OPAL_ERROR_LOG(rc); - cleanup_cred(&cred); - OBJ_DESTRUCT(&buf); - return rc; - } - } - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "opal_sec: Created credential %s of size %lu", - cred.credential, (unsigned long)cred.size); - cleanup_cred(&cred); - } - } - if (0 == buf.bytes_used) { - OBJ_DESTRUCT(&buf); - return OPAL_ERROR; - } - *payload = buf.base_ptr; - *size = buf.bytes_used; - buf.base_ptr = NULL; - buf.bytes_used = 0; - OBJ_DESTRUCT(&buf); - return OPAL_SUCCESS; -} - - -int opal_sec_base_validate(char *payload, size_t size, char **method) -{ - opal_sec_handle_t *hdl; - opal_buffer_t buf; - int cnt, rc; - opal_sec_cred_t cred = {.method = NULL, .credential = NULL}; - - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "opal_sec: Received credential of size %lu", - (unsigned long)size); - - OBJ_CONSTRUCT(&buf, opal_buffer_t); - opal_dss.load(&buf, payload, size); - - cnt = 1; - while (OPAL_SUCCESS == (rc = opal_dss.unpack(&buf, &cred.method, &cnt, OPAL_STRING))) { - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "Received credential from source %s", cred.method); - cnt=1; - if (OPAL_SUCCESS != (rc = opal_dss.unpack(&buf, &cred.size, &cnt, OPAL_SIZE))) { - OPAL_ERROR_LOG(rc); - cleanup_cred(&cred); - goto done; - } - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "Received credential of size %lu", (unsigned long)cred.size); - if (0 < cred.size) { - cred.credential = (char*)malloc(cred.size); - cnt=cred.size; - if (OPAL_SUCCESS != (rc = opal_dss.unpack(&buf, cred.credential, &cnt, OPAL_BYTE))) { - OPAL_ERROR_LOG(rc); - cleanup_cred(&cred); - goto done; - } - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "Received credential %s", cred.credential); - } - OPAL_LIST_FOREACH(hdl, &opal_sec_base_actives, opal_sec_handle_t) { - if (NULL != cred.method && - 0 != strcmp(cred.method, hdl->component->mca_component_name)) { - continue; - } - if (OPAL_SUCCESS == hdl->module->authenticate(&cred)) { - rc = OPAL_SUCCESS; - /* record the method */ - if (NULL != method) { - if (NULL != *method) { - free(*method); - } - *method = strdup(cred.method); - } - cleanup_cred(&cred); - goto done; - } - } - cleanup_cred(&cred); - cnt = 1; - } - /* if we get here, then nothing authenticated */ - rc = OPAL_ERR_AUTHENTICATION_FAILED; - - done: - buf.base_ptr = NULL; - OBJ_DESTRUCT(&buf); - return rc; -} - - diff --git a/opal/mca/sec/basic/Makefile.am b/opal/mca/sec/basic/Makefile.am deleted file mode 100644 index 66a0a2e2d5..0000000000 --- a/opal/mca/sec/basic/Makefile.am +++ /dev/null @@ -1,35 +0,0 @@ -# -# Copyright (c) 2014 Intel, Inc. All rights reserved. -# $COPYRIGHT$ -# -# Additional copyrights may follow -# -# $HEADER$ -# - -sources = \ - sec_basic.h \ - sec_basic_component.c \ - sec_basic.c - -# Make the output library in this directory, and name it either -# mca__.la (for DSO builds) or libmca__.la -# (for static builds). - -if MCA_BUILD_opal_sec_basic_DSO -component_noinst = -component_install = mca_sec_basic.la -else -component_noinst = libmca_sec_basic.la -component_install = -endif - -mcacomponentdir = $(opallibdir) -mcacomponent_LTLIBRARIES = $(component_install) -mca_sec_basic_la_SOURCES = $(sources) -mca_sec_basic_la_LDFLAGS = -module -avoid-version -mca_sec_basic_la_LIBADD = $(sec_basic_LIBS) - -noinst_LTLIBRARIES = $(component_noinst) -libmca_sec_basic_la_SOURCES =$(sources) -libmca_sec_basic_la_LDFLAGS = -module -avoid-version diff --git a/opal/mca/sec/basic/owner.txt b/opal/mca/sec/basic/owner.txt deleted file mode 100644 index 4ad6f408ca..0000000000 --- a/opal/mca/sec/basic/owner.txt +++ /dev/null @@ -1,7 +0,0 @@ -# -# owner/status file -# owner: institution that is responsible for this package -# status: e.g. active, maintenance, unmaintained -# -owner: INTEL -status: maintenance diff --git a/opal/mca/sec/basic/sec_basic.c b/opal/mca/sec/basic/sec_basic.c deleted file mode 100644 index 1925b14a40..0000000000 --- a/opal/mca/sec/basic/sec_basic.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 2014-2015 Intel, Inc. All rights reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - * - */ - -#include "opal_config.h" -#include "opal/constants.h" - -#include - -#include "opal_stdint.h" -#include "opal/dss/dss_types.h" -#include "opal/util/error.h" -#include "opal/util/output.h" -#include "opal/util/show_help.h" - -#include "opal/mca/sec/base/base.h" -#include "sec_basic.h" - -static int init(void); -static void finalize(void); -static int get_my_cred(opal_process_name_t *my_id, - opal_sec_cred_t *cred); -static int authenticate(opal_sec_cred_t *cred); - -opal_sec_base_module_t opal_sec_basic_module = { - init, - finalize, - get_my_cred, - authenticate -}; - -static opal_sec_cred_t my_cred; -static bool initialized = false; - -static int init(void) -{ - return OPAL_SUCCESS; -} - -static void finalize(void) -{ - if (initialized) { - free(my_cred.credential); - } -} - -static int get_my_cred(opal_process_name_t *my_id, - opal_sec_cred_t *cred) -{ - if (!initialized) { - /* make the default credential 7-bytes long so we hit a nice - * 8-byte alignment (including NULL terminator) to keep valgrind - * from barking in optimized builds - */ - my_cred.credential = strdup("1234567"); - my_cred.size = strlen(my_cred.credential)+1; // include the NULL - } - initialized = true; - - cred->method = strdup("basic"); - cred->credential = strdup(my_cred.credential); - cred->size = my_cred.size; - - return OPAL_SUCCESS; -} - -static int authenticate(opal_sec_cred_t *cred) -{ - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "opal_sec:basic Received credential %s of size %lu", - cred->credential, (unsigned long)cred->size); - - if (0 == strncmp(cred->credential, "1234567", strlen("1234567"))) { - return OPAL_SUCCESS; - } - return OPAL_ERR_AUTHENTICATION_FAILED; -} - diff --git a/opal/mca/sec/basic/sec_basic.h b/opal/mca/sec/basic/sec_basic.h deleted file mode 100644 index f3f4e124cb..0000000000 --- a/opal/mca/sec/basic/sec_basic.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright (c) 2014 Intel, Inc. All rights reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ - -#ifndef OPAL_SEC_BASIC_H -#define OPAL_SEC_BASIC_H - -#include "opal/mca/sec/sec.h" - -BEGIN_C_DECLS - - -OPAL_MODULE_DECLSPEC extern opal_sec_base_component_t mca_sec_basic_component; -OPAL_DECLSPEC extern opal_sec_base_module_t opal_sec_basic_module; - -END_C_DECLS - -#endif /* OPAL_SEC_BASIC_H */ diff --git a/opal/mca/sec/basic/sec_basic_component.c b/opal/mca/sec/basic/sec_basic_component.c deleted file mode 100644 index 29af865461..0000000000 --- a/opal/mca/sec/basic/sec_basic_component.c +++ /dev/null @@ -1,67 +0,0 @@ -/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */ -/* - * Copyright (c) 2014 Intel, Inc. All rights reserved. - * Copyright (c) 2015 Los Alamos National Security, LLC. All rights - * reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ - -#include "opal_config.h" -#include "opal/constants.h" - -#include "opal/mca/base/base.h" - -#include "opal/mca/sec/sec.h" -#include "opal/mca/sec/base/base.h" -#include "sec_basic.h" - -static int sec_basic_component_open(void); -static int sec_basic_component_query(mca_base_module_t **module, int *priority); -static int sec_basic_component_close(void); - -/* - * Instantiate the public struct with all of our public information - * and pointers to our public functions in it - */ -opal_sec_base_component_t mca_sec_basic_component = { - .base_version = { - OPAL_SEC_BASE_VERSION_1_0_0, - - /* Component name and version */ - .mca_component_name = "basic", - MCA_BASE_MAKE_VERSION(component, OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION, - OPAL_RELEASE_VERSION), - - /* Component open and close functions */ - .mca_open_component = sec_basic_component_open, - .mca_close_component = sec_basic_component_close, - .mca_query_component = sec_basic_component_query, - }, - .base_data = { - /* The component is checkpoint ready */ - MCA_BASE_METADATA_PARAM_CHECKPOINT - } -}; - -static int sec_basic_component_open(void) -{ - return OPAL_SUCCESS; -} - -static int sec_basic_component_query(mca_base_module_t **module, int *priority) -{ - /* we are the default, so set ourselves low in the priority */ - *priority = 0; - *module = (mca_base_module_t*)&opal_sec_basic_module; - return OPAL_SUCCESS; -} - - -static int sec_basic_component_close(void) -{ - return OPAL_SUCCESS; -} diff --git a/opal/mca/sec/keystone/Makefile.am b/opal/mca/sec/keystone/Makefile.am deleted file mode 100644 index 4a7b934978..0000000000 --- a/opal/mca/sec/keystone/Makefile.am +++ /dev/null @@ -1,34 +0,0 @@ -# -# Copyright (c) 2014 Intel, Inc. All rights reserved. -# $COPYRIGHT$ -# -# Additional copyrights may follow -# -# $HEADER$ -# - -sources = \ - sec_keystone.h \ - sec_keystone_component.c \ - sec_keystone.c - -# Make the output library in this directory, and name it either -# mca__.la (for DSO builds) or libmca__.la -# (for static builds). - -if MCA_BUILD_opal_sec_keystone_DSO -component_noinst = -component_install = mca_sec_keystone.la -else -component_noinst = libmca_sec_keystone.la -component_install = -endif - -mcacomponentdir = $(opallibdir) -mcacomponent_LTLIBRARIES = $(component_install) -mca_sec_keystone_la_SOURCES = $(sources) -mca_sec_keystone_la_LDFLAGS = -module -avoid-version - -noinst_LTLIBRARIES = $(component_noinst) -libmca_sec_keystone_la_SOURCES =$(sources) -libmca_sec_keystone_la_LDFLAGS = -module -avoid-version diff --git a/opal/mca/sec/keystone/configure.m4 b/opal/mca/sec/keystone/configure.m4 deleted file mode 100644 index f9dd74ef96..0000000000 --- a/opal/mca/sec/keystone/configure.m4 +++ /dev/null @@ -1,47 +0,0 @@ -dnl -*- shell-script -*- -dnl -dnl Copyright (c) 2014 Intel, Inc. All rights reserved. -dnl Copyright (c) 2015 Research Organization for Information Science -dnl and Technology (RIST). All rights reserved. -dnl $COPYRIGHT$ -dnl -dnl Additional copyrights may follow -dnl -dnl $HEADER$ -dnl - -# MCA_sec_keystone_CONFIG([action-if-found], [action-if-not-found]) -# ----------------------------------------------------------- -AC_DEFUN([MCA_opal_sec_keystone_CONFIG], [ - AC_CONFIG_FILES([opal/mca/sec/keystone/Makefile]) - - AC_ARG_WITH([keystone], - [AC_HELP_STRING([--with-keystone], - [Build keystone support (default: no)])], - [], with_keystone=no) - - # do not build if support not requested - AC_MSG_CHECKING([want keystone security]) - AS_IF([test "$with_keystone" != "no"], - [AC_MSG_RESULT([yes]) - AS_IF([test ! -z "$with_keystone" && test "$with_keystone" != "yes"], - [opal_check_keystone_dir="$with_keystone"]) - OPAL_CHECK_PACKAGE([sec_keystone], - [curl/curl.h], - [curl], - [curl_easy_init], - [], - [], - [], - [$1], - [AC_MSG_WARN([KEYSTONE SUPPORT REQUESTED]) - AC_MSG_WARN([BUT REQUIRED CURL LIBRARY OR HEADER NOT FOUND]) - AC_MSG_ERROR([CANNOT CONTINUE]) - $2])], - [AC_MSG_RESULT([no]) - $2]) - - AC_SUBST(sec_keystone_CPPFLAGS) - AC_SUBST(sec_keystone_LDFLAGS) - AC_SUBST(sec_keystone_LIBS) -])dnl diff --git a/opal/mca/sec/keystone/owner.txt b/opal/mca/sec/keystone/owner.txt deleted file mode 100644 index 4ad6f408ca..0000000000 --- a/opal/mca/sec/keystone/owner.txt +++ /dev/null @@ -1,7 +0,0 @@ -# -# owner/status file -# owner: institution that is responsible for this package -# status: e.g. active, maintenance, unmaintained -# -owner: INTEL -status: maintenance diff --git a/opal/mca/sec/keystone/sec_keystone.c b/opal/mca/sec/keystone/sec_keystone.c deleted file mode 100644 index 1545260e50..0000000000 --- a/opal/mca/sec/keystone/sec_keystone.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2014 Intel, Inc. All rights reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - * - */ - -#include "opal_config.h" -#include "opal/constants.h" - -#include -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ -#include -#include -#include - -#include "opal_stdint.h" -#include "opal/dss/dss_types.h" -#include "opal/util/error.h" -#include "opal/util/output.h" -#include "opal/util/show_help.h" - -#include "opal/mca/sec/base/base.h" -#include "sec_basic.h" - -static int init(void); -static void finalize(void); -static int get_my_cred(opal_process_name_t *my_id, - opal_sec_cred_t *cred); -static int authenticate(opal_sec_cred_t *cred); - -opal_sec_base_module_t opal_sec_keystone_module = { - init, - finalize, - get_my_cred, - authenticate -}; - -static int init(void) -{ - /* init libcurl */ - curl_global_init(CURL_GLOBAL_ALL); - - return OPAL_SUCCESS; -} - -static void finalize(void) -{ - /* cleanup libcurl */ - curl_global_cleanup(); -} - -static size_t op_cbfunc(void *ptr, size_t size, size_t count, void *stream) -{ - opal_output(0, "CURL RETURNED: %s", (char*)stream); - return size; -} - -static int get_my_cred(opal_process_name_t *my_id, - opal_sec_cred_t *cred) -{ - char *cmd; - CURL *curl; - CURLcode rc; - - opal_output_verbose(5, opal_sec_base_framework.framework_output, - "keystone:get_my_cred"); - - /* ensure we return at least a NULL */ - *cred = NULL; - - /* query the keystone server */ - asprintf(&cmd, "%sget_cred", mca_sec_keystone_component.url); - curl = curl_easy_init(); - curl_easy_setopt(curl, CURLOPT_URL, cmd); - /* send the data to this function */ - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, op_cbfunc); - /* execute it */ - if (CURLE_OK != (rc = curl_easy_perform(curl))) { - opal_output(0, "Error while fetching '%s' : %s", - cmd, curl_easy_strerror(rc)); - } - /* the data will have been returned in the callback - * function when easy_perform completes - */ - curl_easy_cleanup(curl); - free(cmd); - - return OPAL_ERR_NOT_IMPLEMENTED; -} - -static int authenticate(opal_sec_cred_t *cred) -{ - return OPAL_ERR_NOT_IMPLEMENTED; -} - diff --git a/opal/mca/sec/keystone/sec_keystone.h b/opal/mca/sec/keystone/sec_keystone.h deleted file mode 100644 index fd18e0b8da..0000000000 --- a/opal/mca/sec/keystone/sec_keystone.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (c) 2014 Intel, Inc. All rights reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ - -#ifndef OPAL_SEC_KEYSTONE_H -#define OPAL_SEC_KEYSTONE_H - -#include "opal/mca/sec/sec.h" - -BEGIN_C_DECLS - -typedef struct { - opal_sec_base_component_t super; - char *url; -} mca_sec_keystone_component_t; - -OPAL_MODULE_DECLSPEC extern mca_sec_keystone_component_t mca_sec_keystone_component; -OPAL_DECLSPEC extern opal_sec_base_module_t opal_sec_keystone_module; - -END_C_DECLS - -#endif /* OPAL_SEC_KEYSTONE_H */ diff --git a/opal/mca/sec/keystone/sec_keystone_component.c b/opal/mca/sec/keystone/sec_keystone_component.c deleted file mode 100644 index a3466bf023..0000000000 --- a/opal/mca/sec/keystone/sec_keystone_component.c +++ /dev/null @@ -1,95 +0,0 @@ -/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */ -/* - * Copyright (c) 2014 Intel, Inc. All rights reserved. - * Copyright (c) 2015 Los Alamos National Security, LLC. All rights - * reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ - -#include "opal_config.h" -#include "opal/constants.h" - -#include "opal/mca/base/base.h" - -#include "opal/mca/sec/sec.h" -#include "opal/mca/sec/base/base.h" -#include "sec_keystone.h" - -static int sec_keystone_component_open(void); -static int sec_keystone_component_query(mca_base_module_t **module, int *priority); -static int sec_keystone_component_close(void); -static int sec_keystone_component_register(void); - -/* - * Instantiate the public struct with all of our public information - * and pointers to our public functions in it - */ -mca_sec_keystone_component_t mca_sec_keystone_component = { - { - .base_version = { - OPAL_SEC_BASE_VERSION_1_0_0, - - /* Component name and version */ - .mca_component_name = "keystone", - MCA_BASE_MAKE_VERSION(component, OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION, - OPAL_RELEASE_VERSION), - - /* Component open and close functions */ - .mca_open_component = sec_keystone_component_open, - .mca_close_component = sec_keystone_component_close, - .mca_query_component = sec_keystone_component_query, - .mca_register_component_params = sec_keystone_component_register, - }, - .base_data ={ - /* The component is checkpoint ready */ - MCA_BASE_METADATA_PARAM_CHECKPOINT - } - } -}; - -static int sec_keystone_component_open(void) -{ - return OPAL_SUCCESS; -} - -static int sec_keystone_component_query(mca_base_module_t **module, int *priority) -{ - if (NULL != mca_sec_keystone_component.url) { - /* we are the default, so set ourselves low in the priority */ - *priority = 0; - *module = (mca_base_module_t*)&opal_sec_keystone_module; - return OPAL_SUCCESS; - } - - /* otherwise, we cannot be selected */ - *module = NULL; - return OPAL_ERROR; -} - - -static int sec_keystone_component_close(void) -{ - return OPAL_SUCCESS; -} - -static int sec_keystone_component_register(void); -{ - mca_base_component_t *c = &mca_sec_keystone_file_component.super.base_version; - char *value; - - mca_sec_keystone_component.url = NULL; - value = NULL; - tmp = mca_base_component_var_register(c, "address", - "Address of the Keystone server (hostname or IP)", - MCA_BASE_VAR_TYPE_STRING, NULL, 0, 0, - OPAL_INFO_LVL_9, - MCA_BASE_VAR_SCOPE_READONLY, &value); - if (NULL != value) { - /* we can operate */ - asprintf(&mca_sec_keystone_component.url, "http://%s/ws/v1/", value); - } -} diff --git a/opal/mca/sec/munge/Makefile.am b/opal/mca/sec/munge/Makefile.am deleted file mode 100644 index 3cba3ffcb6..0000000000 --- a/opal/mca/sec/munge/Makefile.am +++ /dev/null @@ -1,38 +0,0 @@ -# -# Copyright (c) 2015 Intel, Inc. All rights reserved. -# $COPYRIGHT$ -# -# Additional copyrights may follow -# -# $HEADER$ -# - -sources = \ - sec_munge.h \ - sec_munge_component.c \ - sec_munge.c - -# Make the output library in this directory, and name it either -# mca__.la (for DSO builds) or libmca__.la -# (for static builds). - -if MCA_BUILD_opal_sec_munge_DSO -component_noinst = -component_install = mca_sec_munge.la -else -component_noinst = libmca_sec_munge.la -component_install = -endif - -mcacomponentdir = $(opallibdir) -mcacomponent_LTLIBRARIES = $(component_install) -mca_sec_munge_la_SOURCES = $(sources) -mca_sec_munge_la_CPPFLAGS = $(sec_munge_CPPFLAGS) -mca_sec_munge_la_LDFLAGS = -module -avoid-version $(sec_munge_LDFLAGS) -mca_sec_munge_la_LIBADD = $(sec_munge_LIBS) - -noinst_LTLIBRARIES = $(component_noinst) -libmca_sec_munge_la_SOURCES =$(sources) -libmca_sec_munge_la_CPPFLAGS = $(sec_munge_CPPFLAGS) -libmca_sec_munge_la_LDFLAGS = -module -avoid-version $(sec_munge_LDFLAGS) -libmca_sec_munge_la_LIBADD = $(sec_munge_LIBS) diff --git a/opal/mca/sec/munge/configure.m4 b/opal/mca/sec/munge/configure.m4 deleted file mode 100644 index 01e14ed11d..0000000000 --- a/opal/mca/sec/munge/configure.m4 +++ /dev/null @@ -1,88 +0,0 @@ -# -*- shell-script -*- -# -# Copyright (c) 2015 Intel, Inc. All rights reserved -# Copyright (c) 2015 Research Organization for Information Science -# and Technology (RIST). All rights reserved. -# $COPYRIGHT$ -# -# Additional copyrights may follow -# -# $HEADER$ -# - -# MCA_sec_munge_CONFIG([action-if-found], [action-if-not-found]) -# -------------------------------------------------------------------- -AC_DEFUN([MCA_opal_sec_munge_CONFIG],[ - AC_CONFIG_FILES([opal/mca/sec/munge/Makefile]) - - OPAL_VAR_SCOPE_PUSH([sec_munge_support sec_munge_dir sec_munge_libdir save_cpp save_ld]) - - AC_ARG_WITH([munge], - [AC_HELP_STRING([--with-munge=DIR], - [Search for munge headers and libraries in DIR ])]) - - AC_ARG_WITH([munge-libdir], - [AC_HELP_STRING([--with-munge-libdir=DIR], - [Search for munge libraries in DIR ])]) - - sec_munge_support=0 - if test "$with_munge" != "no"; then - AC_MSG_CHECKING([for munge in]) - if test -n "$with_munge" && test "$with_munge" != "yes"; then - if test -d $with_munge/include/munge; then - sec_munge_dir=$with_munge/include/munge - else - sec_munge_dir=$with_munge - fi - if test -d $with_munge/lib; then - sec_munge_libdir=$with_munge/lib - elif -d $with_munge/lib64; then - sec_munge_libdir=$with_munge/lib64 - else - AC_MSG_RESULT([Could not find $with_munge/lib or $with_munge/lib64]) - AC_MSG_ERROR([Can not continue]) - fi - AC_MSG_RESULT([$sec_munge_dir and $sec_munge_libdir]) - else - AC_MSG_RESULT([(default search paths)]) - sec_munge_dir= - fi - AS_IF([test -n "$with_munge_libdir" && test "$with_munge_libdir" != "yes"], - [sec_munge_libdir="$with_munge_libdir"]) - - save_cpp=$CPPFLAGS - save_ld=$LDFLAGS - - OPAL_CHECK_PACKAGE([sec_munge], - [munge.h], - [munge], - [munge_encode], - [-lmunge], - [$sec_munge_dir], - [$sec_munge_libdir], - [sec_munge_support=1], - [sec_munge_support=0]) - - CPPFLAGS=$save_cpp - LDFLAGS=$save_ld - fi - - if test -n "$with_munge" && test "$with_munge" != "no" && test "$sec_munge_support" != "1"; then - AC_MSG_WARN([MUNGE SUPPORT REQUESTED AND NOT FOUND.]) - AC_MSG_ERROR([CANNOT CONTINUE]) - fi - - AC_MSG_CHECKING([will munge support be built]) - AS_IF([test "$sec_munge_support" != "1"], - [AC_MSG_RESULT([no]) - $2], - [AC_MSG_RESULT([yes]) - $1]) - - # set build flags to use in makefile - AC_SUBST([sec_munge_CPPFLAGS]) - AC_SUBST([sec_munge_LDFLAGS]) - AC_SUBST([sec_munge_LIBS]) - - OPAL_VAR_SCOPE_POP -])dnl diff --git a/opal/mca/sec/munge/owner.txt b/opal/mca/sec/munge/owner.txt deleted file mode 100644 index 85b4416d20..0000000000 --- a/opal/mca/sec/munge/owner.txt +++ /dev/null @@ -1,7 +0,0 @@ -# -# owner/status file -# owner: institution that is responsible for this package -# status: e.g. active, maintenance, unmaintained -# -owner: INTEL -status: active diff --git a/opal/mca/sec/munge/sec_munge.c b/opal/mca/sec/munge/sec_munge.c deleted file mode 100644 index ba62b2d2ad..0000000000 --- a/opal/mca/sec/munge/sec_munge.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2015 Intel, Inc. All rights reserved. - * Copyright (c) 2015-2017 Research Organization for Information Science - * and Technology (RIST). All rights reserved. - * Copyright (c) 2015 Cisco Systems, Inc. All rights reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - * - */ - -#include "opal_config.h" -#include "opal/constants.h" - -#include -#include - -#include "opal_stdint.h" -#include "opal/dss/dss_types.h" -#include "opal/util/error.h" -#include "opal/util/output.h" -#include "opal/util/show_help.h" - -#include "opal/mca/sec/base/base.h" -#include "sec_munge.h" - -static int init(void); -static void finalize(void); -static int get_my_cred(opal_process_name_t *my_id, - opal_sec_cred_t *cred); -static int authenticate(opal_sec_cred_t *cred); - -opal_sec_base_module_t opal_sec_munge_module = { - init, - finalize, - get_my_cred, - authenticate -}; - -static opal_sec_cred_t my_cred; -static bool initialized = false; -static bool refresh = false; - -static int init(void) -{ - int rc; - - opal_output_verbose(2, opal_sec_base_framework.framework_output, - "sec: munge init"); - - /* attempt to get a credential as a way of checking that - * the munge server is available - cache the credential - * for later use */ - - if (EMUNGE_SUCCESS != (rc = munge_encode(&my_cred.credential, NULL, NULL, 0))) { - opal_output_verbose(2, opal_sec_base_framework.framework_output, - "sec: munge failed to create credential: %s", - munge_strerror(rc)); - return OPAL_ERR_SERVER_NOT_AVAIL; - } - /* include the '\0' termination string character */ - my_cred.size = strlen(my_cred.credential)+1; - initialized = true; - - return OPAL_SUCCESS; -} - -static void finalize(void) -{ - if (initialized && !refresh) { - free(my_cred.credential); - } -} - -static int get_my_cred(opal_process_name_t *my_id, - opal_sec_cred_t *cred) -{ - int rc; - - if (initialized) { - if (!refresh) { - refresh = true; - } else { - /* get a new credential as munge will not - * allow us to reuse them */ - if (EMUNGE_SUCCESS != (rc = munge_encode(&my_cred.credential, NULL, NULL, 0))) { - opal_output_verbose(2, opal_sec_base_framework.framework_output, - "sec: munge failed to create credential: %s", - munge_strerror(rc)); - return OPAL_ERR_SERVER_NOT_AVAIL; - } - /* include the '\0' termination string character */ - my_cred.size = strlen(my_cred.credential)+1; - } - cred->method = strdup("munge"); - cred->credential = my_cred.credential; - cred->size = my_cred.size; - } else { - rc = OPAL_ERROR; - } - - return OPAL_SUCCESS; -} - -static int authenticate(opal_sec_cred_t *cred) -{ - munge_err_t rc; - - opal_output_verbose(2, opal_sec_base_framework.framework_output, - "sec: munge validate_cred %s", cred->credential); - - /* parse the inbound string */ - if (EMUNGE_SUCCESS != (rc = munge_decode(cred->credential, NULL, NULL, NULL, NULL, NULL))) { - opal_output_verbose(2, opal_sec_base_framework.framework_output, - "sec: munge failed to decode credential: %s", - munge_strerror(rc)); - return OPAL_ERR_AUTHENTICATION_FAILED; - } - - opal_output_verbose(2, opal_sec_base_framework.framework_output, - "sec: munge credential valid"); - return OPAL_SUCCESS; -} - diff --git a/opal/mca/sec/munge/sec_munge.h b/opal/mca/sec/munge/sec_munge.h deleted file mode 100644 index eef8b396c2..0000000000 --- a/opal/mca/sec/munge/sec_munge.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright (c) 2015 Intel, Inc. All rights reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ - -#ifndef OPAL_SEC_MUNGE_H -#define OPAL_SEC_MUNGE_H - -#include "opal/mca/sec/sec.h" - -BEGIN_C_DECLS - - -OPAL_MODULE_DECLSPEC extern opal_sec_base_component_t mca_sec_munge_component; -OPAL_DECLSPEC extern opal_sec_base_module_t opal_sec_munge_module; - -END_C_DECLS - -#endif /* OPAL_SEC_MUNGE_H */ diff --git a/opal/mca/sec/munge/sec_munge_component.c b/opal/mca/sec/munge/sec_munge_component.c deleted file mode 100644 index bbe8a7f7ba..0000000000 --- a/opal/mca/sec/munge/sec_munge_component.c +++ /dev/null @@ -1,64 +0,0 @@ -/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */ -/* - * Copyright (c) 2015 Intel, Inc. All rights reserved. - * Copyright (c) 2015 Los Alamos National Security, LLC. All rights - * reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ - -#include "opal_config.h" -#include "opal/constants.h" - -#include "opal/mca/base/base.h" - -#include "opal/mca/sec/sec.h" -#include "sec_munge.h" - -static int sec_munge_component_open(void); -static int sec_munge_component_query(mca_base_module_t **module, int *priority); -static int sec_munge_component_close(void); - -/* - * Instantiate the public struct with all of our public information - * and pointers to our public functions in it - */ -opal_sec_base_component_t mca_sec_munge_component = { - .base_version = { - OPAL_SEC_BASE_VERSION_1_0_0, - - /* Component name and version */ - .mca_component_name = "munge", - MCA_BASE_MAKE_VERSION(component, OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION, OPAL_RELEASE_VERSION), - - /* Component open and close functions */ - .mca_open_component = sec_munge_component_open, - .mca_close_component = sec_munge_component_close, - .mca_query_component = sec_munge_component_query, - }, - .base_data = { - /* The component is checkpoint ready */ - MCA_BASE_METADATA_PARAM_CHECKPOINT - } -}; - -static int sec_munge_component_open(void) -{ - return OPAL_SUCCESS; -} - -static int sec_munge_component_query(mca_base_module_t **module, int *priority) -{ - *priority = 10; - *module = (mca_base_module_t*)&opal_sec_munge_module; - return OPAL_SUCCESS; -} - - -static int sec_munge_component_close(void) -{ - return OPAL_SUCCESS; -} diff --git a/opal/mca/sec/sec.h b/opal/mca/sec/sec.h deleted file mode 100644 index 5db4837234..0000000000 --- a/opal/mca/sec/sec.h +++ /dev/null @@ -1,140 +0,0 @@ -/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */ -/* - * Copyright (c) 2014-2015 Intel, Inc. All rights reserved. - * Copyright (c) 2014 Research Organization for Information Science - * and Technology (RIST). All rights reserved. - * Copyright (c) 2015 Los Alamos National Security, LLC. All rights - * reserved. - * $COPYRIGHT$ - * - * Additional copyrights may follow - * - * $HEADER$ - */ -/** @file: - * - * The Security Framework - * - */ - -#ifndef OPAL_SEC_H -#define OPAL_SEC_H - -#include "opal_config.h" -#include "opal/types.h" -#include "opal/util/proc.h" - -#include "opal/mca/mca.h" -#include "opal/dss/dss_types.h" - - -/* The security framework is a single-select one - i.e., - * only one plugin is active at any time, though multiple - * plugins may build. When init is called, each plugin that - * built should check to see if it can connect to its - * respective server - if it can, then it should return - * success to indicate it is ready to be used. - * - * For scalability, it is important that each process only - * contact the security server once, and only when requested - * to do so. Thus, the plugin should not get credentials for - * the process until the first call to "get_my_credentials", - * and should then cache the results for future use. - */ - -BEGIN_C_DECLS - -typedef struct { - char *method; - char *credential; - size_t size; -} opal_sec_cred_t; - -/* - * Initialize the module - */ -typedef int (*opal_sec_base_module_init_fn_t)(void); - -/* - * Finalize the module - */ -typedef void (*opal_sec_base_module_finalize_fn_t)(void); - -/* - * Get a security credential for this process - return pointer to - * a "credential" that I can use for authenticating myself to another process. - * The value must be returned in a network-byte-ordered form suitable - * for sending across the network. - * - * It isn't expected that the identifier will be used to obtain a - * certificate as external security systems will have no idea what - * it means. However, some modules may use it, and there is no way - * for the opal layer to know a process identifier without being told, - * so provide it here - * - * Likewise, the security framework isn't going to house its own datastore - * handle, and some modules may want to check to see if a credential - * was stored in the data store, so provide a means for passing in the - * handle where such data might be stored - * - * Function returns OPAL_SUCCESS if a credential was assigned, or an error - * code indicating why it failed - */ -typedef int (*opal_sec_base_module_get_my_cred_fn_t)(opal_process_name_t *my_id, - opal_sec_cred_t *cred); - -typedef int (*opal_sec_API_module_get_my_cred_fn_t)(char *method, - opal_process_name_t *my_id, - char **payload, size_t *size); -/* - * Authenticate a security credential - given a security credential, - * determine if the credential is valid. The credential is passed in - * a network-byte-ordered form as it came across the network. - * - * Function returns OPAL_SUCCESS if the token is authenticated, or an - * error code indicating why it failed - */ -typedef int (*opal_sec_base_module_auth_fn_t)(opal_sec_cred_t *cred); - -typedef int (*opal_sec_API_module_auth_fn_t)(char *payload, size_t size, char **method); - -/* - * the standard module data structure - */ -struct opal_sec_base_module_1_0_0_t { - opal_sec_base_module_init_fn_t init; - opal_sec_base_module_finalize_fn_t finalize; - opal_sec_base_module_get_my_cred_fn_t get_my_credential; - opal_sec_base_module_auth_fn_t authenticate; -}; -typedef struct opal_sec_base_module_1_0_0_t opal_sec_base_module_1_0_0_t; -typedef struct opal_sec_base_module_1_0_0_t opal_sec_base_module_t; - -/* the API structure */ -typedef struct { - opal_sec_API_module_get_my_cred_fn_t get_my_credential; - opal_sec_API_module_auth_fn_t authenticate; -} opal_sec_API_module_t; - -/* - * the standard component data structure - */ -struct opal_sec_base_component_1_0_0_t { - mca_base_component_t base_version; - mca_base_component_data_t base_data; -}; -typedef struct opal_sec_base_component_1_0_0_t opal_sec_base_component_1_0_0_t; -typedef struct opal_sec_base_component_1_0_0_t opal_sec_base_component_t; - -/* - * Macro for use in components that are of type sec - */ -#define OPAL_SEC_BASE_VERSION_1_0_0 \ - OPAL_MCA_BASE_VERSION_2_1_0("sec", 1, 0, 0) - -/* Global structure for accessing SEC functions */ -OPAL_DECLSPEC extern opal_sec_API_module_t opal_sec; /* holds base function pointers */ - -END_C_DECLS - -#endif diff --git a/opal/runtime/opal_finalize.c b/opal/runtime/opal_finalize.c index 4719e1a011..a029d6b293 100644 --- a/opal/runtime/opal_finalize.c +++ b/opal/runtime/opal_finalize.c @@ -12,7 +12,7 @@ * Copyright (c) 2008-2015 Cisco Systems, Inc. All rights reserved. * Copyright (c) 2010-2015 Los Alamos National Security, LLC. * All rights reserved. - * Copyright (c) 2013-2015 Intel, Inc. All rights reserved + * Copyright (c) 2013-2017 Intel, Inc. All rights reserved. * Copyright (c) 2016-2017 Research Organization for Information Science * and Technology (RIST). All rights reserved. * $COPYRIGHT$ @@ -31,6 +31,7 @@ #include "opal/util/output.h" #include "opal/util/malloc.h" #include "opal/util/net.h" +#include "opal/util/proc.h" #include "opal/util/keyval_parse.h" #include "opal/util/show_help.h" #include "opal/memoryhooks/memory.h" @@ -43,7 +44,6 @@ #include "opal/mca/memchecker/base/base.h" #include "opal/mca/memcpy/base/base.h" #include "opal/mca/backtrace/base/base.h" -#include "opal/mca/sec/base/base.h" #include "opal/mca/timer/base/base.h" #include "opal/mca/hwloc/base/base.h" #include "opal/mca/event/base/base.h" @@ -131,9 +131,6 @@ opal_finalize(void) /* close the checkpoint and restart service */ opal_cr_finalize(); - /* close the security framework */ - (void) mca_base_framework_close(&opal_sec_base_framework); - #if OPAL_ENABLE_FT_CR == 1 (void) mca_base_framework_close(&opal_compress_base_framework); #endif @@ -158,9 +155,6 @@ opal_finalize(void) /* close the shmem framework */ (void) mca_base_framework_close(&opal_shmem_base_framework); - /* close the sec framework */ - (void) mca_base_framework_close(&opal_sec_base_framework); - /* cleanup the main thread specific stuff */ opal_tsd_keys_destruct(); diff --git a/opal/runtime/opal_init.c b/opal/runtime/opal_init.c index 28e0ef92a9..fc11e826af 100644 --- a/opal/runtime/opal_init.c +++ b/opal/runtime/opal_init.c @@ -15,7 +15,7 @@ * Copyright (c) 2009 Oak Ridge National Labs. All rights reserved. * Copyright (c) 2010-2015 Los Alamos National Security, LLC. * All rights reserved. - * Copyright (c) 2013-2016 Intel, Inc. All rights reserved + * Copyright (c) 2013-2017 Intel, Inc. All rights reserved. * Copyright (c) 2015-2017 Research Organization for Information Science * and Technology (RIST). All rights reserved. * $COPYRIGHT$ @@ -49,7 +49,6 @@ #include "opal/mca/patcher/base/base.h" #include "opal/mca/memcpy/base/base.h" #include "opal/mca/hwloc/base/base.h" -#include "opal/mca/sec/base/base.h" #include "opal/mca/timer/base/base.h" #include "opal/mca/memchecker/base/base.h" #include "opal/mca/if/base/base.h" @@ -597,16 +596,6 @@ opal_init(int* pargc, char*** pargv) goto return_error; } - /* initialize the security framework */ - if( OPAL_SUCCESS != (ret = mca_base_framework_open(&opal_sec_base_framework, 0)) ) { - error = "opal_sec_base_open"; - goto return_error; - } - if( OPAL_SUCCESS != (ret = opal_sec_base_select()) ) { - error = "opal_sec_base_select"; - goto return_error; - } - return OPAL_SUCCESS; return_error: diff --git a/orte/mca/oob/tcp/oob_tcp.c b/orte/mca/oob/tcp/oob_tcp.c index 73ce8861b2..6d7e9c8c35 100644 --- a/orte/mca/oob/tcp/oob_tcp.c +++ b/orte/mca/oob/tcp/oob_tcp.c @@ -55,7 +55,6 @@ #include "opal/util/net.h" #include "opal/util/argv.h" #include "opal/class/opal_hash_table.h" -#include "opal/mca/sec/sec.h" #include "orte/mca/errmgr/errmgr.h" #include "orte/mca/ess/ess.h" diff --git a/orte/mca/oob/tcp/oob_tcp_connection.c b/orte/mca/oob/tcp/oob_tcp_connection.c index 43a081b9f3..704398649a 100644 --- a/orte/mca/oob/tcp/oob_tcp_connection.c +++ b/orte/mca/oob/tcp/oob_tcp_connection.c @@ -54,7 +54,6 @@ #include "opal_stdint.h" #include "opal/mca/backtrace/backtrace.h" #include "opal/mca/base/mca_base_var.h" -#include "opal/mca/sec/sec.h" #include "opal/util/output.h" #include "opal/util/net.h" #include "opal/util/fd.h" @@ -385,10 +384,7 @@ static int tcp_peer_send_connect_ack(mca_oob_tcp_peer_t* peer) char *msg; mca_oob_tcp_hdr_t hdr; uint16_t ack_flag = htons(1); - int rc; size_t sdsize, offset = 0; - char *cred; - size_t credsize; opal_output_verbose(OOB_TCP_DEBUG_CONNECT, orte_oob_base_framework.framework_output, "%s SEND CONNECT ACK", ORTE_NAME_PRINT(ORTE_PROC_MY_NAME)); @@ -401,20 +397,8 @@ static int tcp_peer_send_connect_ack(mca_oob_tcp_peer_t* peer) hdr.seq_num = 0; memset(hdr.routed, 0, ORTE_MAX_RTD_SIZE+1); - /* get our security credential*/ - if (OPAL_SUCCESS != (rc = opal_sec.get_my_credential(peer->auth_method, - ORTE_PROC_MY_NAME, - &cred, &credsize))) { - ORTE_ERROR_LOG(rc); - return rc; - } - opal_output_verbose(OOB_TCP_DEBUG_CONNECT, orte_oob_base_framework.framework_output, - "%s SENDING CREDENTIAL OF SIZE %lu", - ORTE_NAME_PRINT(ORTE_PROC_MY_NAME), - (unsigned long)credsize); - /* payload size */ - sdsize = sizeof(ack_flag) + strlen(orte_version_string) + 1 + credsize; + sdsize = sizeof(ack_flag) + strlen(orte_version_string) + 1; hdr.nbytes = sdsize; MCA_OOB_TCP_HDR_HTON(&hdr); @@ -432,11 +416,6 @@ static int tcp_peer_send_connect_ack(mca_oob_tcp_peer_t* peer) offset += sizeof(ack_flag); memcpy(msg + offset, orte_version_string, strlen(orte_version_string)); offset += strlen(orte_version_string)+1; - memcpy(msg + offset, cred, credsize); - /* clear the memory */ - if (NULL != cred) { - free(cred); - } /* send it */ if (ORTE_SUCCESS != tcp_peer_send_blocking(peer->sd, msg, sdsize)) { @@ -720,9 +699,7 @@ int mca_oob_tcp_peer_recv_connect_ack(mca_oob_tcp_peer_t* pr, { char *msg; char *version; - int rc; - char *cred; - size_t credsize, offset = 0; + size_t offset = 0; mca_oob_tcp_hdr_t hdr; mca_oob_tcp_peer_t *peer; uint64_t *ui64; @@ -916,30 +893,10 @@ int mca_oob_tcp_peer_recv_connect_ack(mca_oob_tcp_peer_t* pr, free(msg); return ORTE_ERR_CONNECTION_REFUSED; } - - opal_output_verbose(OOB_TCP_DEBUG_CONNECT, orte_oob_base_framework.framework_output, - "%s connect-ack version from %s matches ours", - ORTE_NAME_PRINT(ORTE_PROC_MY_NAME), - ORTE_NAME_PRINT(&peer->name)); - - /* check security token */ - cred = (char*)((char*)msg + offset); - credsize = hdr.nbytes - offset; - if (OPAL_SUCCESS != (rc = opal_sec.authenticate(cred, credsize, &peer->auth_method))) { - char *hostname; - hostname = orte_get_proc_hostname(&peer->name); - orte_show_help("help-oob-tcp.txt", "authent-fail", true, - (NULL == hostname) ? "unknown" : hostname, - orte_process_info.nodename); - peer->state = MCA_OOB_TCP_FAILED; - mca_oob_tcp_peer_close(peer); - free(msg); - return ORTE_ERR_CONNECTION_REFUSED; - } free(msg); opal_output_verbose(OOB_TCP_DEBUG_CONNECT, orte_oob_base_framework.framework_output, - "%s connect-ack %s authenticated", + "%s connect-ack version from %s matches ours", ORTE_NAME_PRINT(ORTE_PROC_MY_NAME), ORTE_NAME_PRINT(&peer->name));