ports/openmpi
ports/openmpi
1
1
Форкнуть 0
Код Релизы Активность

Merge pull request #3096 from rhc54/topic/psec

Просмотр исходного кода 
Remove the stale opal/sec framework
Этот коммит содержится в:
Ralph Castain 2017-03-02 17:15:51 -08:00 коммит произвёл GitHub
родитель 802deb685f 83199979ba
Коммит a7d42e5f30
29 изменённых файлов: 6 добавлений и 1544 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

32
opal/mca/sec/Makefile.am
Просмотреть файл

@ -1,32 +0,0 @@
#
# Copyright (c) 2014 Intel, Inc. All rights reserved.
# $COPYRIGHT$
#
# Additional copyrights may follow
#
# $HEADER$
#
AM_CPPFLAGS = $(LTDLINCL)
# main library setup
noinst_LTLIBRARIES = libmca_sec.la
libmca_sec_la_SOURCES =
# pkgdata setup
dist_opaldata_DATA =
# local files
headers = sec.h
libmca_sec_la_SOURCES += $(headers)
# Conditionally install the header files
if WANT_INSTALL_HEADERS
opaldir = $(opalincludedir)/$(subdir)
nobase_opal_HEADERS = $(headers)
endif
include base/Makefile.am
distclean-local:
rm -f base/static-components.h

17
opal/mca/sec/base/Makefile.am
Просмотреть файл

@ -1,17 +0,0 @@
#
# Copyright (c) 2014-2015 Intel, Inc. All rights reserved.
# Copyright (c) 2014 Cisco Systems, Inc. All rights reserved.
# $COPYRIGHT$
#
# Additional copyrights may follow
#
# $HEADER$
#
headers += \
base/base.h
libmca_sec_la_SOURCES += \
base/sec_base_frame.c \
base/sec_base_select.c \
base/sec_base_stubs.c

53
opal/mca/sec/base/base.h
Просмотреть файл

@ -1,53 +0,0 @@
/*
* Copyright (c) 2014 Intel, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
/** @file:
*/
#ifndef MCA_SEC_BASE_H
#define MCA_SEC_BASE_H
#include "opal_config.h"
#include "opal/types.h"
#include "opal/mca/mca.h"
#include "opal/mca/base/mca_base_framework.h"
#include "opal/class/opal_list.h"
#include "opal/dss/dss.h"
#include "opal/mca/sec/sec.h"
BEGIN_C_DECLS
OPAL_DECLSPEC extern mca_base_framework_t opal_sec_base_framework;
OPAL_DECLSPEC extern opal_list_t opal_sec_base_actives;
/* object for storing active components */
typedef struct {
opal_list_item_t super;
int pri;
opal_sec_base_module_t *module;
mca_base_component_t *component;
} opal_sec_handle_t;
OBJ_CLASS_DECLARATION(opal_sec_handle_t);
/**
* Select a sec module
*/
OPAL_DECLSPEC int opal_sec_base_select(void);
/* base stubs */
OPAL_DECLSPEC int opal_sec_base_get_cred(char *method,
opal_process_name_t *my_id,
char **payload, size_t *size);
OPAL_DECLSPEC int opal_sec_base_validate(char *payload, size_t size, char **method);
END_C_DECLS
#endif

7
opal/mca/sec/base/owner.txt
Просмотреть файл

@ -1,7 +0,0 @@
#
# owner/status file
# owner: institution that is responsible for this package
# status: e.g. active, maintenance, unmaintained
#
owner: INTEL
status: active

73
opal/mca/sec/base/sec_base_frame.c
Просмотреть файл

@ -1,73 +0,0 @@
/*
* Copyright (c) 2014-2015 Intel, Inc. All rights reserved.
* Copyright (c) 2015 Research Organization for Information Science
* and Technology (RIST). All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#include "opal_config.h"
#include "opal/constants.h"
#include "opal/mca/mca.h"
#include "opal/util/output.h"
#include "opal/mca/base/base.h"
#include "opal/dss/dss_types.h"
#include "opal/mca/sec/base/base.h"
/*
* The following file was created by configure. It contains extern
* secments and the definition of an array of pointers to each
* module's public mca_base_module_t struct.
*/
#include "opal/mca/sec/base/static-components.h"
opal_sec_API_module_t opal_sec = {
opal_sec_base_get_cred,
opal_sec_base_validate
};
opal_list_t opal_sec_base_actives = {{0}};
static int opal_sec_base_close(void)
{
opal_sec_handle_t *hdl;
/* let the selected modules finalize */
OPAL_LIST_FOREACH(hdl, &opal_sec_base_actives, opal_sec_handle_t) {
if (NULL != hdl->module->finalize) {
hdl->module->finalize();
}
}
OPAL_LIST_DESTRUCT(&opal_sec_base_actives);
return mca_base_framework_components_close(&opal_sec_base_framework, NULL);
}
static int opal_sec_base_open(mca_base_open_flag_t flags)
{
OBJ_CONSTRUCT(&opal_sec_base_actives, opal_list_t);
/* Open up all available components */
return mca_base_framework_components_open(&opal_sec_base_framework, flags);
}
MCA_BASE_FRAMEWORK_DECLARE(opal, sec, NULL, NULL, opal_sec_base_open, opal_sec_base_close,
mca_sec_base_static_components, 0);
static void hcon(opal_sec_handle_t *p)
{
p->pri = 0;
p->module = NULL;
p->component = NULL;
}
OBJ_CLASS_INSTANCE(opal_sec_handle_t,
opal_list_item_t,
hcon, NULL);

114
opal/mca/sec/base/sec_base_select.c
Просмотреть файл

@ -1,114 +0,0 @@
/*
* Copyright (c) 2014 Intel, Inc. All rights reserved.
* Copyright (c) 2014 Cisco Systems, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#include "opal_config.h"
#include "opal/constants.h"
#include <string.h>
#include "opal/mca/mca.h"
#include "opal/mca/base/base.h"
#include "opal/util/output.h"
#include "opal/mca/sec/base/base.h"
static bool selected = false;
/*
* Function for selecting one component from all those that are
* available.
*/
int opal_sec_base_select(void)
{
mca_base_component_list_item_t *cli = NULL;
mca_base_component_t *component = NULL;
mca_base_module_t *module = NULL;
opal_sec_base_module_t *smodule;
int rc, priority;
opal_sec_handle_t *hdl, *hptr, *hmark;
if (selected) {
/* ensure we don't do this twice */
return OPAL_SUCCESS;
}
selected = true;
/* Query all available components and ask if they have a module */
OPAL_LIST_FOREACH(cli, &opal_sec_base_framework.framework_components, mca_base_component_list_item_t) {
component = (mca_base_component_t *) cli->cli_component;
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"mca:sec:select: checking available component %s", component->mca_component_name);
/* If there's no query function, skip it */
if (NULL == component->mca_query_component) {
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"mca:sec:select: Skipping component [%s]. It does not implement a query function",
component->mca_component_name );
continue;
}
/* Query the component */
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"mca:sec:select: Querying component [%s]",
component->mca_component_name);
rc = component->mca_query_component(&module, &priority);
/* If no module was returned, then skip component */
if (OPAL_SUCCESS != rc || NULL == module) {
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"mca:sec:select: Skipping component [%s]. Query failed to return a module",
component->mca_component_name );
continue;
}
smodule = (opal_sec_base_module_t*)module;
/* modules are required to have an init function */
if (NULL == smodule->init) {
/* report the error */
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"mca:sec:select: Skipping component [%s]. It does not implement an init function",
component->mca_component_name);
continue;
}
/* if we got a module, let it try to initialize */
if (OPAL_SUCCESS != (rc = smodule->init())) {
/* couldn't init - ignore it */
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"mca:sec:select: Skipping component [%s]. Init returned %d",
component->mca_component_name, rc);
continue;
}
/* keep this one */
hdl = OBJ_NEW(opal_sec_handle_t);
hdl->pri = priority;
hdl->module = smodule;
hdl->component = component;
/* add to the list of actives in priority order */
hmark = NULL;
OPAL_LIST_FOREACH(hptr, &opal_sec_base_actives, opal_sec_handle_t) {
if (priority > hptr->pri) {
hmark = hptr;
break;
}
}
if (NULL == hmark) {
/* just append to the end */
opal_list_append(&opal_sec_base_actives, &hdl->super);
} else {
/* insert before hmark */
opal_list_insert_pos(&opal_sec_base_actives, &hmark->super, &hdl->super);
}
}
return OPAL_SUCCESS;;
}

168
opal/mca/sec/base/sec_base_stubs.c
Просмотреть файл

@ -1,168 +0,0 @@
/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */
/*
* Copyright (c) 2014-2015 Intel, Inc. All rights reserved.
* Copyright (c) 2015 Los Alamos National Security, LLC. All rights
* reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#include "opal_config.h"
#include "opal/constants.h"
#include "opal/mca/mca.h"
#include "opal/util/error.h"
#include "opal/util/output.h"
#include "opal/mca/base/base.h"
#include "opal/dss/dss_types.h"
#include "opal/mca/sec/base/base.h"
static void cleanup_cred(opal_sec_cred_t *cred)
{
if (NULL == cred) {
return;
}
if (NULL != cred->method) {
free(cred->method);
cred->method = NULL;
}
if (NULL != cred->credential) {
free(cred->credential);
cred->credential = NULL;
}
}
int opal_sec_base_get_cred(char *method,
opal_process_name_t *my_id,
char **payload, size_t *size)
{
opal_sec_handle_t *hdl;
opal_sec_cred_t cred;
opal_buffer_t buf;
int rc;
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"Requesting credential from source %s",
(NULL == method) ? "ANY" : method);
OBJ_CONSTRUCT(&buf, opal_buffer_t);
OPAL_LIST_FOREACH(hdl, &opal_sec_base_actives, opal_sec_handle_t) {
if (NULL != method && 0 != strcmp(method, hdl->component->mca_component_name)) {
continue;
}
if (OPAL_SUCCESS == hdl->module->get_my_credential(my_id, &cred)) {
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"Created credential from source %s", hdl->component->mca_component_name);
/* pack the credential */
if (OPAL_SUCCESS != (rc = opal_dss.pack(&buf, &cred.method, 1, OPAL_STRING))) {
OPAL_ERROR_LOG(rc);
cleanup_cred(&cred);
OBJ_DESTRUCT(&buf);
return rc;
}
if (OPAL_SUCCESS != (rc = opal_dss.pack(&buf, &cred.size, 1, OPAL_SIZE))) {
OPAL_ERROR_LOG(rc);
cleanup_cred(&cred);
OBJ_DESTRUCT(&buf);
return rc;
}
if (0 < cred.size) {
if (OPAL_SUCCESS != (rc = opal_dss.pack(&buf, cred.credential, cred.size, OPAL_BYTE))) {
OPAL_ERROR_LOG(rc);
cleanup_cred(&cred);
OBJ_DESTRUCT(&buf);
return rc;
}
}
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"opal_sec: Created credential %s of size %lu",
cred.credential, (unsigned long)cred.size);
cleanup_cred(&cred);
}
}
if (0 == buf.bytes_used) {
OBJ_DESTRUCT(&buf);
return OPAL_ERROR;
}
*payload = buf.base_ptr;
*size = buf.bytes_used;
buf.base_ptr = NULL;
buf.bytes_used = 0;
OBJ_DESTRUCT(&buf);
return OPAL_SUCCESS;
}
int opal_sec_base_validate(char *payload, size_t size, char **method)
{
opal_sec_handle_t *hdl;
opal_buffer_t buf;
int cnt, rc;
opal_sec_cred_t cred = {.method = NULL, .credential = NULL};
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"opal_sec: Received credential of size %lu",
(unsigned long)size);
OBJ_CONSTRUCT(&buf, opal_buffer_t);
opal_dss.load(&buf, payload, size);
cnt = 1;
while (OPAL_SUCCESS == (rc = opal_dss.unpack(&buf, &cred.method, &cnt, OPAL_STRING))) {
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"Received credential from source %s", cred.method);
cnt=1;
if (OPAL_SUCCESS != (rc = opal_dss.unpack(&buf, &cred.size, &cnt, OPAL_SIZE))) {
OPAL_ERROR_LOG(rc);
cleanup_cred(&cred);
goto done;
}
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"Received credential of size %lu", (unsigned long)cred.size);
if (0 < cred.size) {
cred.credential = (char*)malloc(cred.size);
cnt=cred.size;
if (OPAL_SUCCESS != (rc = opal_dss.unpack(&buf, cred.credential, &cnt, OPAL_BYTE))) {
OPAL_ERROR_LOG(rc);
cleanup_cred(&cred);
goto done;
}
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"Received credential %s", cred.credential);
}
OPAL_LIST_FOREACH(hdl, &opal_sec_base_actives, opal_sec_handle_t) {
if (NULL != cred.method &&
0 != strcmp(cred.method, hdl->component->mca_component_name)) {
continue;
}
if (OPAL_SUCCESS == hdl->module->authenticate(&cred)) {
rc = OPAL_SUCCESS;
/* record the method */
if (NULL != method) {
if (NULL != *method) {
free(*method);
}
*method = strdup(cred.method);
}
cleanup_cred(&cred);
goto done;
}
}
cleanup_cred(&cred);
cnt = 1;
}
/* if we get here, then nothing authenticated */
rc = OPAL_ERR_AUTHENTICATION_FAILED;
done:
buf.base_ptr = NULL;
OBJ_DESTRUCT(&buf);
return rc;
}

35
opal/mca/sec/basic/Makefile.am
Просмотреть файл

@ -1,35 +0,0 @@
#
# Copyright (c) 2014 Intel, Inc. All rights reserved.
# $COPYRIGHT$
#
# Additional copyrights may follow
#
# $HEADER$
#
sources = \
sec_basic.h \
sec_basic_component.c \
sec_basic.c
# Make the output library in this directory, and name it either
# mca_<type>_<name>.la (for DSO builds) or libmca_<type>_<name>.la
# (for static builds).
if MCA_BUILD_opal_sec_basic_DSO
component_noinst =
component_install = mca_sec_basic.la
else
component_noinst = libmca_sec_basic.la
component_install =
endif
mcacomponentdir = $(opallibdir)
mcacomponent_LTLIBRARIES = $(component_install)
mca_sec_basic_la_SOURCES = $(sources)
mca_sec_basic_la_LDFLAGS = -module -avoid-version
mca_sec_basic_la_LIBADD = $(sec_basic_LIBS)
noinst_LTLIBRARIES = $(component_noinst)
libmca_sec_basic_la_SOURCES =$(sources)
libmca_sec_basic_la_LDFLAGS = -module -avoid-version

7
opal/mca/sec/basic/owner.txt
Просмотреть файл

@ -1,7 +0,0 @@
#
# owner/status file
# owner: institution that is responsible for this package
# status: e.g. active, maintenance, unmaintained
#
owner: INTEL
status: maintenance

84
opal/mca/sec/basic/sec_basic.c
Просмотреть файл

@ -1,84 +0,0 @@
/*
* Copyright (c) 2014-2015 Intel, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*
*/
#include "opal_config.h"
#include "opal/constants.h"
#include <string.h>
#include "opal_stdint.h"
#include "opal/dss/dss_types.h"
#include "opal/util/error.h"
#include "opal/util/output.h"
#include "opal/util/show_help.h"
#include "opal/mca/sec/base/base.h"
#include "sec_basic.h"
static int init(void);
static void finalize(void);
static int get_my_cred(opal_process_name_t *my_id,
opal_sec_cred_t *cred);
static int authenticate(opal_sec_cred_t *cred);
opal_sec_base_module_t opal_sec_basic_module = {
init,
finalize,
get_my_cred,
authenticate
};
static opal_sec_cred_t my_cred;
static bool initialized = false;
static int init(void)
{
return OPAL_SUCCESS;
}
static void finalize(void)
{
if (initialized) {
free(my_cred.credential);
}
}
static int get_my_cred(opal_process_name_t *my_id,
opal_sec_cred_t *cred)
{
if (!initialized) {
/* make the default credential 7-bytes long so we hit a nice
* 8-byte alignment (including NULL terminator) to keep valgrind
* from barking in optimized builds
*/
my_cred.credential = strdup("1234567");
my_cred.size = strlen(my_cred.credential)+1; // include the NULL
}
initialized = true;
cred->method = strdup("basic");
cred->credential = strdup(my_cred.credential);
cred->size = my_cred.size;
return OPAL_SUCCESS;
}
static int authenticate(opal_sec_cred_t *cred)
{
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"opal_sec:basic Received credential %s of size %lu",
cred->credential, (unsigned long)cred->size);
if (0 == strncmp(cred->credential, "1234567", strlen("1234567"))) {
return OPAL_SUCCESS;
}
return OPAL_ERR_AUTHENTICATION_FAILED;
}

23
opal/mca/sec/basic/sec_basic.h
Просмотреть файл

@ -1,23 +0,0 @@
/*
* Copyright (c) 2014 Intel, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#ifndef OPAL_SEC_BASIC_H
#define OPAL_SEC_BASIC_H
#include "opal/mca/sec/sec.h"
BEGIN_C_DECLS
OPAL_MODULE_DECLSPEC extern opal_sec_base_component_t mca_sec_basic_component;
OPAL_DECLSPEC extern opal_sec_base_module_t opal_sec_basic_module;
END_C_DECLS
#endif /* OPAL_SEC_BASIC_H */

67
opal/mca/sec/basic/sec_basic_component.c
Просмотреть файл

@ -1,67 +0,0 @@
/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */
/*
* Copyright (c) 2014 Intel, Inc. All rights reserved.
* Copyright (c) 2015 Los Alamos National Security, LLC. All rights
* reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#include "opal_config.h"
#include "opal/constants.h"
#include "opal/mca/base/base.h"
#include "opal/mca/sec/sec.h"
#include "opal/mca/sec/base/base.h"
#include "sec_basic.h"
static int sec_basic_component_open(void);
static int sec_basic_component_query(mca_base_module_t **module, int *priority);
static int sec_basic_component_close(void);
/*
* Instantiate the public struct with all of our public information
* and pointers to our public functions in it
*/
opal_sec_base_component_t mca_sec_basic_component = {
.base_version = {
OPAL_SEC_BASE_VERSION_1_0_0,
/* Component name and version */
.mca_component_name = "basic",
MCA_BASE_MAKE_VERSION(component, OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION,
OPAL_RELEASE_VERSION),
/* Component open and close functions */
.mca_open_component = sec_basic_component_open,
.mca_close_component = sec_basic_component_close,
.mca_query_component = sec_basic_component_query,
},
.base_data = {
/* The component is checkpoint ready */
MCA_BASE_METADATA_PARAM_CHECKPOINT
}
};
static int sec_basic_component_open(void)
{
return OPAL_SUCCESS;
}
static int sec_basic_component_query(mca_base_module_t **module, int *priority)
{
/* we are the default, so set ourselves low in the priority */
*priority = 0;
*module = (mca_base_module_t*)&opal_sec_basic_module;
return OPAL_SUCCESS;
}
static int sec_basic_component_close(void)
{
return OPAL_SUCCESS;
}

34
opal/mca/sec/keystone/Makefile.am
Просмотреть файл

@ -1,34 +0,0 @@
#
# Copyright (c) 2014 Intel, Inc. All rights reserved.
# $COPYRIGHT$
#
# Additional copyrights may follow
#
# $HEADER$
#
sources = \
sec_keystone.h \
sec_keystone_component.c \
sec_keystone.c
# Make the output library in this directory, and name it either
# mca_<type>_<name>.la (for DSO builds) or libmca_<type>_<name>.la
# (for static builds).
if MCA_BUILD_opal_sec_keystone_DSO
component_noinst =
component_install = mca_sec_keystone.la
else
component_noinst = libmca_sec_keystone.la
component_install =
endif
mcacomponentdir = $(opallibdir)
mcacomponent_LTLIBRARIES = $(component_install)
mca_sec_keystone_la_SOURCES = $(sources)
mca_sec_keystone_la_LDFLAGS = -module -avoid-version
noinst_LTLIBRARIES = $(component_noinst)
libmca_sec_keystone_la_SOURCES =$(sources)
libmca_sec_keystone_la_LDFLAGS = -module -avoid-version

47
opal/mca/sec/keystone/configure.m4
Просмотреть файл

@ -1,47 +0,0 @@
dnl -*- shell-script -*-
dnl
dnl Copyright (c) 2014 Intel, Inc. All rights reserved.
dnl Copyright (c) 2015 Research Organization for Information Science
dnl and Technology (RIST). All rights reserved.
dnl $COPYRIGHT$
dnl
dnl Additional copyrights may follow
dnl
dnl $HEADER$
dnl
# MCA_sec_keystone_CONFIG([action-if-found], [action-if-not-found])
# -----------------------------------------------------------
AC_DEFUN([MCA_opal_sec_keystone_CONFIG], [
AC_CONFIG_FILES([opal/mca/sec/keystone/Makefile])
AC_ARG_WITH([keystone],
[AC_HELP_STRING([--with-keystone],
[Build keystone support (default: no)])],
[], with_keystone=no)
# do not build if support not requested
AC_MSG_CHECKING([want keystone security])
AS_IF([test "$with_keystone" != "no"],
[AC_MSG_RESULT([yes])
AS_IF([test ! -z "$with_keystone" && test "$with_keystone" != "yes"],
[opal_check_keystone_dir="$with_keystone"])
OPAL_CHECK_PACKAGE([sec_keystone],
[curl/curl.h],
[curl],
[curl_easy_init],
[],
[],
[],
[$1],
[AC_MSG_WARN([KEYSTONE SUPPORT REQUESTED])
AC_MSG_WARN([BUT REQUIRED CURL LIBRARY OR HEADER NOT FOUND])
AC_MSG_ERROR([CANNOT CONTINUE])
$2])],
[AC_MSG_RESULT([no])
$2])
AC_SUBST(sec_keystone_CPPFLAGS)
AC_SUBST(sec_keystone_LDFLAGS)
AC_SUBST(sec_keystone_LIBS)
])dnl

7
opal/mca/sec/keystone/owner.txt
Просмотреть файл

@ -1,7 +0,0 @@
#
# owner/status file
# owner: institution that is responsible for this package
# status: e.g. active, maintenance, unmaintained
#
owner: INTEL
status: maintenance

101
opal/mca/sec/keystone/sec_keystone.c
Просмотреть файл

@ -1,101 +0,0 @@
/*
* Copyright (c) 2014 Intel, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*
*/
#include "opal_config.h"
#include "opal/constants.h"
#include <errno.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <string.h>
#include <stdio.h>
#include <curl/curl.h>
#include "opal_stdint.h"
#include "opal/dss/dss_types.h"
#include "opal/util/error.h"
#include "opal/util/output.h"
#include "opal/util/show_help.h"
#include "opal/mca/sec/base/base.h"
#include "sec_basic.h"
static int init(void);
static void finalize(void);
static int get_my_cred(opal_process_name_t *my_id,
opal_sec_cred_t *cred);
static int authenticate(opal_sec_cred_t *cred);
opal_sec_base_module_t opal_sec_keystone_module = {
init,
finalize,
get_my_cred,
authenticate
};
static int init(void)
{
/* init libcurl */
curl_global_init(CURL_GLOBAL_ALL);
return OPAL_SUCCESS;
}
static void finalize(void)
{
/* cleanup libcurl */
curl_global_cleanup();
}
static size_t op_cbfunc(void *ptr, size_t size, size_t count, void *stream)
{
opal_output(0, "CURL RETURNED: %s", (char*)stream);
return size;
}
static int get_my_cred(opal_process_name_t *my_id,
opal_sec_cred_t *cred)
{
char *cmd;
CURL *curl;
CURLcode rc;
opal_output_verbose(5, opal_sec_base_framework.framework_output,
"keystone:get_my_cred");
/* ensure we return at least a NULL */
*cred = NULL;
/* query the keystone server */
asprintf(&cmd, "%sget_cred", mca_sec_keystone_component.url);
curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, cmd);
/* send the data to this function */
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, op_cbfunc);
/* execute it */
if (CURLE_OK != (rc = curl_easy_perform(curl))) {
opal_output(0, "Error while fetching '%s' : %s",
cmd, curl_easy_strerror(rc));
}
/* the data will have been returned in the callback
* function when easy_perform completes
*/
curl_easy_cleanup(curl);
free(cmd);
return OPAL_ERR_NOT_IMPLEMENTED;
}
static int authenticate(opal_sec_cred_t *cred)
{
return OPAL_ERR_NOT_IMPLEMENTED;
}

27
opal/mca/sec/keystone/sec_keystone.h
Просмотреть файл

@ -1,27 +0,0 @@
/*
* Copyright (c) 2014 Intel, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#ifndef OPAL_SEC_KEYSTONE_H
#define OPAL_SEC_KEYSTONE_H
#include "opal/mca/sec/sec.h"
BEGIN_C_DECLS
typedef struct {
opal_sec_base_component_t super;
char *url;
} mca_sec_keystone_component_t;
OPAL_MODULE_DECLSPEC extern mca_sec_keystone_component_t mca_sec_keystone_component;
OPAL_DECLSPEC extern opal_sec_base_module_t opal_sec_keystone_module;
END_C_DECLS
#endif /* OPAL_SEC_KEYSTONE_H */

95
opal/mca/sec/keystone/sec_keystone_component.c
Просмотреть файл

@ -1,95 +0,0 @@
/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */
/*
* Copyright (c) 2014 Intel, Inc. All rights reserved.
* Copyright (c) 2015 Los Alamos National Security, LLC. All rights
* reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#include "opal_config.h"
#include "opal/constants.h"
#include "opal/mca/base/base.h"
#include "opal/mca/sec/sec.h"
#include "opal/mca/sec/base/base.h"
#include "sec_keystone.h"
static int sec_keystone_component_open(void);
static int sec_keystone_component_query(mca_base_module_t **module, int *priority);
static int sec_keystone_component_close(void);
static int sec_keystone_component_register(void);
/*
* Instantiate the public struct with all of our public information
* and pointers to our public functions in it
*/
mca_sec_keystone_component_t mca_sec_keystone_component = {
{
.base_version = {
OPAL_SEC_BASE_VERSION_1_0_0,
/* Component name and version */
.mca_component_name = "keystone",
MCA_BASE_MAKE_VERSION(component, OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION,
OPAL_RELEASE_VERSION),
/* Component open and close functions */
.mca_open_component = sec_keystone_component_open,
.mca_close_component = sec_keystone_component_close,
.mca_query_component = sec_keystone_component_query,
.mca_register_component_params = sec_keystone_component_register,
},
.base_data ={
/* The component is checkpoint ready */
MCA_BASE_METADATA_PARAM_CHECKPOINT
}
}
};
static int sec_keystone_component_open(void)
{
return OPAL_SUCCESS;
}
static int sec_keystone_component_query(mca_base_module_t **module, int *priority)
{
if (NULL != mca_sec_keystone_component.url) {
/* we are the default, so set ourselves low in the priority */
*priority = 0;
*module = (mca_base_module_t*)&opal_sec_keystone_module;
return OPAL_SUCCESS;
}
/* otherwise, we cannot be selected */
*module = NULL;
return OPAL_ERROR;
}
static int sec_keystone_component_close(void)
{
return OPAL_SUCCESS;
}
static int sec_keystone_component_register(void);
{
mca_base_component_t *c = &mca_sec_keystone_file_component.super.base_version;
char *value;
mca_sec_keystone_component.url = NULL;
value = NULL;
tmp = mca_base_component_var_register(c, "address",
"Address of the Keystone server (hostname or IP)",
MCA_BASE_VAR_TYPE_STRING, NULL, 0, 0,
OPAL_INFO_LVL_9,
MCA_BASE_VAR_SCOPE_READONLY, &value);
if (NULL != value) {
/* we can operate */
asprintf(&mca_sec_keystone_component.url, "http://%s/ws/v1/", value);
}
}

38
opal/mca/sec/munge/Makefile.am
Просмотреть файл

@ -1,38 +0,0 @@
#
# Copyright (c) 2015 Intel, Inc. All rights reserved.
# $COPYRIGHT$
#
# Additional copyrights may follow
#
# $HEADER$
#
sources = \
sec_munge.h \
sec_munge_component.c \
sec_munge.c
# Make the output library in this directory, and name it either
# mca_<type>_<name>.la (for DSO builds) or libmca_<type>_<name>.la
# (for static builds).
if MCA_BUILD_opal_sec_munge_DSO
component_noinst =
component_install = mca_sec_munge.la
else
component_noinst = libmca_sec_munge.la
component_install =
endif
mcacomponentdir = $(opallibdir)
mcacomponent_LTLIBRARIES = $(component_install)
mca_sec_munge_la_SOURCES = $(sources)
mca_sec_munge_la_CPPFLAGS = $(sec_munge_CPPFLAGS)
mca_sec_munge_la_LDFLAGS = -module -avoid-version $(sec_munge_LDFLAGS)
mca_sec_munge_la_LIBADD = $(sec_munge_LIBS)
noinst_LTLIBRARIES = $(component_noinst)
libmca_sec_munge_la_SOURCES =$(sources)
libmca_sec_munge_la_CPPFLAGS = $(sec_munge_CPPFLAGS)
libmca_sec_munge_la_LDFLAGS = -module -avoid-version $(sec_munge_LDFLAGS)
libmca_sec_munge_la_LIBADD = $(sec_munge_LIBS)

88
opal/mca/sec/munge/configure.m4
Просмотреть файл

@ -1,88 +0,0 @@
# -*- shell-script -*-
#
# Copyright (c) 2015 Intel, Inc. All rights reserved
# Copyright (c) 2015 Research Organization for Information Science
# and Technology (RIST). All rights reserved.
# $COPYRIGHT$
#
# Additional copyrights may follow
#
# $HEADER$
#
# MCA_sec_munge_CONFIG([action-if-found], [action-if-not-found])
# --------------------------------------------------------------------
AC_DEFUN([MCA_opal_sec_munge_CONFIG],[
AC_CONFIG_FILES([opal/mca/sec/munge/Makefile])
OPAL_VAR_SCOPE_PUSH([sec_munge_support sec_munge_dir sec_munge_libdir save_cpp save_ld])
AC_ARG_WITH([munge],
[AC_HELP_STRING([--with-munge=DIR],
[Search for munge headers and libraries in DIR ])])
AC_ARG_WITH([munge-libdir],
[AC_HELP_STRING([--with-munge-libdir=DIR],
[Search for munge libraries in DIR ])])
sec_munge_support=0
if test "$with_munge" != "no"; then
AC_MSG_CHECKING([for munge in])
if test -n "$with_munge" && test "$with_munge" != "yes"; then
if test -d $with_munge/include/munge; then
sec_munge_dir=$with_munge/include/munge
else
sec_munge_dir=$with_munge
fi
if test -d $with_munge/lib; then
sec_munge_libdir=$with_munge/lib
elif -d $with_munge/lib64; then
sec_munge_libdir=$with_munge/lib64
else
AC_MSG_RESULT([Could not find $with_munge/lib or $with_munge/lib64])
AC_MSG_ERROR([Can not continue])
fi
AC_MSG_RESULT([$sec_munge_dir and $sec_munge_libdir])
else
AC_MSG_RESULT([(default search paths)])
sec_munge_dir=
fi
AS_IF([test -n "$with_munge_libdir" && test "$with_munge_libdir" != "yes"],
[sec_munge_libdir="$with_munge_libdir"])
save_cpp=$CPPFLAGS
save_ld=$LDFLAGS
OPAL_CHECK_PACKAGE([sec_munge],
[munge.h],
[munge],
[munge_encode],
[-lmunge],
[$sec_munge_dir],
[$sec_munge_libdir],
[sec_munge_support=1],
[sec_munge_support=0])
CPPFLAGS=$save_cpp
LDFLAGS=$save_ld
fi
if test -n "$with_munge" && test "$with_munge" != "no" && test "$sec_munge_support" != "1"; then
AC_MSG_WARN([MUNGE SUPPORT REQUESTED AND NOT FOUND.])
AC_MSG_ERROR([CANNOT CONTINUE])
fi
AC_MSG_CHECKING([will munge support be built])
AS_IF([test "$sec_munge_support" != "1"],
[AC_MSG_RESULT([no])
$2],
[AC_MSG_RESULT([yes])
$1])
# set build flags to use in makefile
AC_SUBST([sec_munge_CPPFLAGS])
AC_SUBST([sec_munge_LDFLAGS])
AC_SUBST([sec_munge_LIBS])
OPAL_VAR_SCOPE_POP
])dnl

7
opal/mca/sec/munge/owner.txt
Просмотреть файл

@ -1,7 +0,0 @@
#
# owner/status file
# owner: institution that is responsible for this package
# status: e.g. active, maintenance, unmaintained
#
owner: INTEL
status: active

126
opal/mca/sec/munge/sec_munge.c
Просмотреть файл

@ -1,126 +0,0 @@
/*
* Copyright (c) 2015 Intel, Inc. All rights reserved.
* Copyright (c) 2015-2017 Research Organization for Information Science
* and Technology (RIST). All rights reserved.
* Copyright (c) 2015 Cisco Systems, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*
*/
#include "opal_config.h"
#include "opal/constants.h"
#include <string.h>
#include <munge.h>
#include "opal_stdint.h"
#include "opal/dss/dss_types.h"
#include "opal/util/error.h"
#include "opal/util/output.h"
#include "opal/util/show_help.h"
#include "opal/mca/sec/base/base.h"
#include "sec_munge.h"
static int init(void);
static void finalize(void);
static int get_my_cred(opal_process_name_t *my_id,
opal_sec_cred_t *cred);
static int authenticate(opal_sec_cred_t *cred);
opal_sec_base_module_t opal_sec_munge_module = {
init,
finalize,
get_my_cred,
authenticate
};
static opal_sec_cred_t my_cred;
static bool initialized = false;
static bool refresh = false;
static int init(void)
{
int rc;
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge init");
/* attempt to get a credential as a way of checking that
* the munge server is available - cache the credential
* for later use */
if (EMUNGE_SUCCESS != (rc = munge_encode(&my_cred.credential, NULL, NULL, 0))) {
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge failed to create credential: %s",
munge_strerror(rc));
return OPAL_ERR_SERVER_NOT_AVAIL;
}
/* include the '\0' termination string character */
my_cred.size = strlen(my_cred.credential)+1;
initialized = true;
return OPAL_SUCCESS;
}
static void finalize(void)
{
if (initialized && !refresh) {
free(my_cred.credential);
}
}
static int get_my_cred(opal_process_name_t *my_id,
opal_sec_cred_t *cred)
{
int rc;
if (initialized) {
if (!refresh) {
refresh = true;
} else {
/* get a new credential as munge will not
* allow us to reuse them */
if (EMUNGE_SUCCESS != (rc = munge_encode(&my_cred.credential, NULL, NULL, 0))) {
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge failed to create credential: %s",
munge_strerror(rc));
return OPAL_ERR_SERVER_NOT_AVAIL;
}
/* include the '\0' termination string character */
my_cred.size = strlen(my_cred.credential)+1;
}
cred->method = strdup("munge");
cred->credential = my_cred.credential;
cred->size = my_cred.size;
} else {
rc = OPAL_ERROR;
}
return OPAL_SUCCESS;
}
static int authenticate(opal_sec_cred_t *cred)
{
munge_err_t rc;
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge validate_cred %s", cred->credential);
/* parse the inbound string */
if (EMUNGE_SUCCESS != (rc = munge_decode(cred->credential, NULL, NULL, NULL, NULL, NULL))) {
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge failed to decode credential: %s",
munge_strerror(rc));
return OPAL_ERR_AUTHENTICATION_FAILED;
}
opal_output_verbose(2, opal_sec_base_framework.framework_output,
"sec: munge credential valid");
return OPAL_SUCCESS;
}

23
opal/mca/sec/munge/sec_munge.h
Просмотреть файл

@ -1,23 +0,0 @@
/*
* Copyright (c) 2015 Intel, Inc. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#ifndef OPAL_SEC_MUNGE_H
#define OPAL_SEC_MUNGE_H
#include "opal/mca/sec/sec.h"
BEGIN_C_DECLS
OPAL_MODULE_DECLSPEC extern opal_sec_base_component_t mca_sec_munge_component;
OPAL_DECLSPEC extern opal_sec_base_module_t opal_sec_munge_module;
END_C_DECLS
#endif /* OPAL_SEC_MUNGE_H */

64
opal/mca/sec/munge/sec_munge_component.c
Просмотреть файл

@ -1,64 +0,0 @@
/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */
/*
* Copyright (c) 2015 Intel, Inc. All rights reserved.
* Copyright (c) 2015 Los Alamos National Security, LLC. All rights
* reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
#include "opal_config.h"
#include "opal/constants.h"
#include "opal/mca/base/base.h"
#include "opal/mca/sec/sec.h"
#include "sec_munge.h"
static int sec_munge_component_open(void);
static int sec_munge_component_query(mca_base_module_t **module, int *priority);
static int sec_munge_component_close(void);
/*
* Instantiate the public struct with all of our public information
* and pointers to our public functions in it
*/
opal_sec_base_component_t mca_sec_munge_component = {
.base_version = {
OPAL_SEC_BASE_VERSION_1_0_0,
/* Component name and version */
.mca_component_name = "munge",
MCA_BASE_MAKE_VERSION(component, OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION, OPAL_RELEASE_VERSION),
/* Component open and close functions */
.mca_open_component = sec_munge_component_open,
.mca_close_component = sec_munge_component_close,
.mca_query_component = sec_munge_component_query,
},
.base_data = {
/* The component is checkpoint ready */
MCA_BASE_METADATA_PARAM_CHECKPOINT
}
};
static int sec_munge_component_open(void)
{
return OPAL_SUCCESS;
}
static int sec_munge_component_query(mca_base_module_t **module, int *priority)
{
*priority = 10;
*module = (mca_base_module_t*)&opal_sec_munge_module;
return OPAL_SUCCESS;
}
static int sec_munge_component_close(void)
{
return OPAL_SUCCESS;
}

140
opal/mca/sec/sec.h
Просмотреть файл

@ -1,140 +0,0 @@
/* -*- Mode: C; c-basic-offset:4 ; indent-tabs-mode:nil -*- */
/*
* Copyright (c) 2014-2015 Intel, Inc. All rights reserved.
* Copyright (c) 2014 Research Organization for Information Science
* and Technology (RIST). All rights reserved.
* Copyright (c) 2015 Los Alamos National Security, LLC. All rights
* reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
*
* $HEADER$
*/
/** @file:
*
* The Security Framework
*
*/
#ifndef OPAL_SEC_H
#define OPAL_SEC_H
#include "opal_config.h"
#include "opal/types.h"
#include "opal/util/proc.h"
#include "opal/mca/mca.h"
#include "opal/dss/dss_types.h"
/* The security framework is a single-select one - i.e.,
* only one plugin is active at any time, though multiple
* plugins may build. When init is called, each plugin that
* built should check to see if it can connect to its
* respective server - if it can, then it should return
* success to indicate it is ready to be used.
*
* For scalability, it is important that each process only
* contact the security server once, and only when requested
* to do so. Thus, the plugin should not get credentials for
* the process until the first call to "get_my_credentials",
* and should then cache the results for future use.
*/
BEGIN_C_DECLS
typedef struct {
char *method;
char *credential;
size_t size;
} opal_sec_cred_t;
/*
* Initialize the module
*/
typedef int (*opal_sec_base_module_init_fn_t)(void);
/*
* Finalize the module
*/
typedef void (*opal_sec_base_module_finalize_fn_t)(void);
/*
* Get a security credential for this process - return pointer to
* a "credential" that I can use for authenticating myself to another process.
* The value must be returned in a network-byte-ordered form suitable
* for sending across the network.
*
* It isn't expected that the identifier will be used to obtain a
* certificate as external security systems will have no idea what
* it means. However, some modules may use it, and there is no way
* for the opal layer to know a process identifier without being told,
* so provide it here
*
* Likewise, the security framework isn't going to house its own datastore
* handle, and some modules may want to check to see if a credential
* was stored in the data store, so provide a means for passing in the
* handle where such data might be stored
*
* Function returns OPAL_SUCCESS if a credential was assigned, or an error
* code indicating why it failed
*/
typedef int (*opal_sec_base_module_get_my_cred_fn_t)(opal_process_name_t *my_id,
opal_sec_cred_t *cred);
typedef int (*opal_sec_API_module_get_my_cred_fn_t)(char *method,
opal_process_name_t *my_id,
char **payload, size_t *size);
/*
* Authenticate a security credential - given a security credential,
* determine if the credential is valid. The credential is passed in
* a network-byte-ordered form as it came across the network.
*
* Function returns OPAL_SUCCESS if the token is authenticated, or an
* error code indicating why it failed
*/
typedef int (*opal_sec_base_module_auth_fn_t)(opal_sec_cred_t *cred);
typedef int (*opal_sec_API_module_auth_fn_t)(char *payload, size_t size, char **method);
/*
* the standard module data structure
*/
struct opal_sec_base_module_1_0_0_t {
opal_sec_base_module_init_fn_t init;
opal_sec_base_module_finalize_fn_t finalize;
opal_sec_base_module_get_my_cred_fn_t get_my_credential;
opal_sec_base_module_auth_fn_t authenticate;
};
typedef struct opal_sec_base_module_1_0_0_t opal_sec_base_module_1_0_0_t;
typedef struct opal_sec_base_module_1_0_0_t opal_sec_base_module_t;
/* the API structure */
typedef struct {
opal_sec_API_module_get_my_cred_fn_t get_my_credential;
opal_sec_API_module_auth_fn_t authenticate;
} opal_sec_API_module_t;
/*
* the standard component data structure
*/
struct opal_sec_base_component_1_0_0_t {
mca_base_component_t base_version;
mca_base_component_data_t base_data;
};
typedef struct opal_sec_base_component_1_0_0_t opal_sec_base_component_1_0_0_t;
typedef struct opal_sec_base_component_1_0_0_t opal_sec_base_component_t;
/*
* Macro for use in components that are of type sec
*/
#define OPAL_SEC_BASE_VERSION_1_0_0 \
OPAL_MCA_BASE_VERSION_2_1_0("sec", 1, 0, 0)
/* Global structure for accessing SEC functions */
OPAL_DECLSPEC extern opal_sec_API_module_t opal_sec; /* holds base function pointers */
END_C_DECLS
#endif

10
opal/runtime/opal_finalize.c
Просмотреть файл

@ -12,7 +12,7 @@
* Copyright (c) 2008-2015 Cisco Systems, Inc. All rights reserved.
* Copyright (c) 2010-2015 Los Alamos National Security, LLC.
* All rights reserved.
* Copyright (c) 2013-2015 Intel, Inc. All rights reserved
* Copyright (c) 2013-2017 Intel, Inc. All rights reserved.
* Copyright (c) 2016-2017 Research Organization for Information Science
* and Technology (RIST). All rights reserved.
* $COPYRIGHT$
@ -31,6 +31,7 @@
#include "opal/util/output.h"
#include "opal/util/malloc.h"
#include "opal/util/net.h"
#include "opal/util/proc.h"
#include "opal/util/keyval_parse.h"
#include "opal/util/show_help.h"
#include "opal/memoryhooks/memory.h"
@ -43,7 +44,6 @@
#include "opal/mca/memchecker/base/base.h"
#include "opal/mca/memcpy/base/base.h"
#include "opal/mca/backtrace/base/base.h"
#include "opal/mca/sec/base/base.h"
#include "opal/mca/timer/base/base.h"
#include "opal/mca/hwloc/base/base.h"
#include "opal/mca/event/base/base.h"
@ -131,9 +131,6 @@ opal_finalize(void)
/* close the checkpoint and restart service */
opal_cr_finalize();
/* close the security framework */
(void) mca_base_framework_close(&opal_sec_base_framework);
#if OPAL_ENABLE_FT_CR == 1
(void) mca_base_framework_close(&opal_compress_base_framework);
#endif
@ -158,9 +155,6 @@ opal_finalize(void)
/* close the shmem framework */
(void) mca_base_framework_close(&opal_shmem_base_framework);
/* close the sec framework */
(void) mca_base_framework_close(&opal_sec_base_framework);
/* cleanup the main thread specific stuff */
opal_tsd_keys_destruct();

13
opal/runtime/opal_init.c
Просмотреть файл

@ -15,7 +15,7 @@
* Copyright (c) 2009 Oak Ridge National Labs. All rights reserved.
* Copyright (c) 2010-2015 Los Alamos National Security, LLC.
* All rights reserved.
* Copyright (c) 2013-2016 Intel, Inc. All rights reserved
* Copyright (c) 2013-2017 Intel, Inc. All rights reserved.
* Copyright (c) 2015-2017 Research Organization for Information Science
* and Technology (RIST). All rights reserved.
* $COPYRIGHT$
@ -49,7 +49,6 @@
#include "opal/mca/patcher/base/base.h"
#include "opal/mca/memcpy/base/base.h"
#include "opal/mca/hwloc/base/base.h"
#include "opal/mca/sec/base/base.h"
#include "opal/mca/timer/base/base.h"
#include "opal/mca/memchecker/base/base.h"
#include "opal/mca/if/base/base.h"
@ -597,16 +596,6 @@ opal_init(int* pargc, char*** pargv)
goto return_error;
}
/* initialize the security framework */
if( OPAL_SUCCESS != (ret = mca_base_framework_open(&opal_sec_base_framework, 0)) ) {
error = "opal_sec_base_open";
goto return_error;
}
if( OPAL_SUCCESS != (ret = opal_sec_base_select()) ) {
error = "opal_sec_base_select";
goto return_error;
}
return OPAL_SUCCESS;
return_error:

1
orte/mca/oob/tcp/oob_tcp.c
Просмотреть файл

@ -55,7 +55,6 @@
#include "opal/util/net.h"
#include "opal/util/argv.h"
#include "opal/class/opal_hash_table.h"
#include "opal/mca/sec/sec.h"
#include "orte/mca/errmgr/errmgr.h"
#include "orte/mca/ess/ess.h"

49
orte/mca/oob/tcp/oob_tcp_connection.c
Просмотреть файл

@ -54,7 +54,6 @@
#include "opal_stdint.h"
#include "opal/mca/backtrace/backtrace.h"
#include "opal/mca/base/mca_base_var.h"
#include "opal/mca/sec/sec.h"
#include "opal/util/output.h"
#include "opal/util/net.h"
#include "opal/util/fd.h"
@ -385,10 +384,7 @@ static int tcp_peer_send_connect_ack(mca_oob_tcp_peer_t* peer)
char *msg;
mca_oob_tcp_hdr_t hdr;
uint16_t ack_flag = htons(1);
int rc;
size_t sdsize, offset = 0;
char *cred;
size_t credsize;
opal_output_verbose(OOB_TCP_DEBUG_CONNECT, orte_oob_base_framework.framework_output,
"%s SEND CONNECT ACK", ORTE_NAME_PRINT(ORTE_PROC_MY_NAME));
@ -401,20 +397,8 @@ static int tcp_peer_send_connect_ack(mca_oob_tcp_peer_t* peer)
hdr.seq_num = 0;
memset(hdr.routed, 0, ORTE_MAX_RTD_SIZE+1);
/* get our security credential*/
if (OPAL_SUCCESS != (rc = opal_sec.get_my_credential(peer->auth_method,
ORTE_PROC_MY_NAME,
&cred, &credsize))) {
ORTE_ERROR_LOG(rc);
return rc;
}
opal_output_verbose(OOB_TCP_DEBUG_CONNECT, orte_oob_base_framework.framework_output,
"%s SENDING CREDENTIAL OF SIZE %lu",
ORTE_NAME_PRINT(ORTE_PROC_MY_NAME),
(unsigned long)credsize);
/* payload size */
sdsize = sizeof(ack_flag) + strlen(orte_version_string) + 1 + credsize;
sdsize = sizeof(ack_flag) + strlen(orte_version_string) + 1;
hdr.nbytes = sdsize;
MCA_OOB_TCP_HDR_HTON(&hdr);
@ -432,11 +416,6 @@ static int tcp_peer_send_connect_ack(mca_oob_tcp_peer_t* peer)
offset += sizeof(ack_flag);
memcpy(msg + offset, orte_version_string, strlen(orte_version_string));
offset += strlen(orte_version_string)+1;
memcpy(msg + offset, cred, credsize);
/* clear the memory */
if (NULL != cred) {
free(cred);
}
/* send it */
if (ORTE_SUCCESS != tcp_peer_send_blocking(peer->sd, msg, sdsize)) {
@ -720,9 +699,7 @@ int mca_oob_tcp_peer_recv_connect_ack(mca_oob_tcp_peer_t* pr,
{
char *msg;
char *version;
int rc;
char *cred;
size_t credsize, offset = 0;
size_t offset = 0;
mca_oob_tcp_hdr_t hdr;
mca_oob_tcp_peer_t *peer;
uint64_t *ui64;
@ -916,30 +893,10 @@ int mca_oob_tcp_peer_recv_connect_ack(mca_oob_tcp_peer_t* pr,
free(msg);
return ORTE_ERR_CONNECTION_REFUSED;
}
opal_output_verbose(OOB_TCP_DEBUG_CONNECT, orte_oob_base_framework.framework_output,
"%s connect-ack version from %s matches ours",
ORTE_NAME_PRINT(ORTE_PROC_MY_NAME),
ORTE_NAME_PRINT(&peer->name));
/* check security token */
cred = (char*)((char*)msg + offset);
credsize = hdr.nbytes - offset;
if (OPAL_SUCCESS != (rc = opal_sec.authenticate(cred, credsize, &peer->auth_method))) {
char *hostname;
hostname = orte_get_proc_hostname(&peer->name);
orte_show_help("help-oob-tcp.txt", "authent-fail", true,
(NULL == hostname) ? "unknown" : hostname,
orte_process_info.nodename);
peer->state = MCA_OOB_TCP_FAILED;
mca_oob_tcp_peer_close(peer);
free(msg);
return ORTE_ERR_CONNECTION_REFUSED;
}
free(msg);
opal_output_verbose(OOB_TCP_DEBUG_CONNECT, orte_oob_base_framework.framework_output,
"%s connect-ack %s authenticated",
"%s connect-ack version from %s matches ours",
ORTE_NAME_PRINT(ORTE_PROC_MY_NAME),
ORTE_NAME_PRINT(&peer->name));