From e91292aa4168a639be6fb1379c8a72c92c029a9a Mon Sep 17 00:00:00 2001 From: Gilles Gouaillardet Date: Wed, 24 Aug 2016 11:14:54 +0900 Subject: [PATCH 1/3] pmix2x: configury: add missing check for header file (back-ported from upstream pmix/master@e54ce6d423fe77798eea0882af13efc4664d18d1) --- opal/mca/pmix/pmix2x/pmix/config/pmix.m4 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/opal/mca/pmix/pmix2x/pmix/config/pmix.m4 b/opal/mca/pmix/pmix2x/pmix/config/pmix.m4 index 8780aab621..e6587809a4 100644 --- a/opal/mca/pmix/pmix2x/pmix/config/pmix.m4 +++ b/opal/mca/pmix/pmix2x/pmix/config/pmix.m4 @@ -18,7 +18,7 @@ dnl reserved. dnl Copyright (c) 2009-2011 Oak Ridge National Labs. All rights reserved. dnl Copyright (c) 2011-2013 NVIDIA Corporation. All rights reserved. dnl Copyright (c) 2013-2015 Intel, Inc. All rights reserved -dnl Copyright (c) 2015 Research Organization for Information Science +dnl Copyright (c) 2015-2016 Research Organization for Information Science dnl and Technology (RIST). All rights reserved. dnl Copyright (c) 2016 Mellanox Technologies, Inc. dnl All rights reserved. @@ -301,7 +301,8 @@ AC_DEFUN([PMIX_SETUP_CORE],[ time.h unistd.h dirent.h \ crt_externs.h signal.h \ ioLib.h sockLib.h hostLib.h limits.h \ - sys/statfs.h sys/statvfs.h]) + sys/statfs.h sys/statvfs.h \ + netdb.h]) # Note that sometimes we have , but it doesn't work (e.g., # have both Portland and GNU installed; using pgcc will find GNU's From c11e8163f8382a64fca7e283ba0a87530a3681e6 Mon Sep 17 00:00:00 2001 From: Gilles Gouaillardet Date: Wed, 24 Aug 2016 11:16:20 +0900 Subject: [PATCH 2/3] pmix2x: sec/native: fix the pmix_native module under solaris by using getpeerucred() and fail with a user friendly message if no method is available: "sec: native cannot validate_cred on this system" (back-ported from upstream pmix/master@c474a1fc6072c96d2c0ee0222846dc64af0fcddf) --- opal/mca/pmix/pmix2x/pmix/config/pmix.m4 | 4 +-- .../pmix/pmix2x/pmix/src/sec/pmix_native.c | 25 +++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/opal/mca/pmix/pmix2x/pmix/config/pmix.m4 b/opal/mca/pmix/pmix2x/pmix/config/pmix.m4 index e6587809a4..af6dc44580 100644 --- a/opal/mca/pmix/pmix2x/pmix/config/pmix.m4 +++ b/opal/mca/pmix/pmix2x/pmix/config/pmix.m4 @@ -302,7 +302,7 @@ AC_DEFUN([PMIX_SETUP_CORE],[ crt_externs.h signal.h \ ioLib.h sockLib.h hostLib.h limits.h \ sys/statfs.h sys/statvfs.h \ - netdb.h]) + netdb.h ucred.h]) # Note that sometimes we have , but it doesn't work (e.g., # have both Portland and GNU installed; using pgcc will find GNU's @@ -508,7 +508,7 @@ AC_DEFUN([PMIX_SETUP_CORE],[ # Darwin doesn't need -lm, as it's a symlink to libSystem.dylib PMIX_SEARCH_LIBS_CORE([ceil], [m]) - AC_CHECK_FUNCS([asprintf snprintf vasprintf vsnprintf strsignal socketpair strncpy_s usleep statfs statvfs getpeereid strnlen]) + AC_CHECK_FUNCS([asprintf snprintf vasprintf vsnprintf strsignal socketpair strncpy_s usleep statfs statvfs getpeereid getpeerucred strnlen]) # On some hosts, htonl is a define, so the AC_CHECK_FUNC will get # confused. On others, it's in the standard library, but stubbed with diff --git a/opal/mca/pmix/pmix2x/pmix/src/sec/pmix_native.c b/opal/mca/pmix/pmix2x/pmix/src/sec/pmix_native.c index 170e186cff..8a85ae596b 100644 --- a/opal/mca/pmix/pmix2x/pmix/src/sec/pmix_native.c +++ b/opal/mca/pmix/pmix2x/pmix/src/sec/pmix_native.c @@ -1,6 +1,8 @@ /* * Copyright (c) 2015-2016 Intel, Inc. All rights reserved. * Copyright (c) 2016 IBM Corporation. All rights reserved. + * Copyright (c) 2016 Research Organization for Information Science + * and Technology (RIST). All rights reserved. * * $COPYRIGHT$ * @@ -24,6 +26,9 @@ #ifdef HAVE_SYS_TYPES_H #include #endif +#ifdef HAVE_UCRED_H +#include +#endif #include "pmix_sec.h" #include "pmix_native.h" @@ -65,6 +70,9 @@ static pmix_status_t validate_cred(pmix_peer_t *peer, char *cred) struct ucred ucred; #endif socklen_t crlen = sizeof (ucred); +#endif +#ifdef HAVE_GETPEERUCRED + ucred_t *ucred = NULL; #endif uid_t euid; gid_t gid; @@ -99,7 +107,24 @@ static pmix_status_t validate_cred(pmix_peer_t *peer, char *cred) strerror (pmix_socket_errno)); return PMIX_ERR_INVALID_CRED; } +#elif defined(HAVE_GETPEERUCRED) + pmix_output_verbose(2, pmix_globals.debug_output, + "sec:native checking getpeerucred for peer credentials"); + if (0 != getpeerucred(peer->sd, &ucred)) { + pmix_output_verbose(2, pmix_globals.debug_output, + "sec: getsockopt getpeerucred failed: %s", + strerror (pmix_socket_errno)); + pmix_output_verbose(2, pmix_globals.debug_output, + "sec: getsockopt getpeerucred failed: %s", + strerror (errno)); + return PMIX_ERR_INVALID_CRED; + } + euid = ucred_geteuid(ucred); + gid = ucred_getrgid(ucred); + ucred_free(ucred); #else + pmix_output_verbose(2, pmix_globals.debug_output, + "sec: native cannot validate_cred on this system"); return PMIX_ERR_NOT_SUPPORTED; #endif From 02847d9e7be7b6792532b017deb0c7f1b5b2eb7f Mon Sep 17 00:00:00 2001 From: Gilles Gouaillardet Date: Wed, 24 Aug 2016 11:17:14 +0900 Subject: [PATCH 3/3] pmix2x: dstore: add missing include file in pmix_esh.c (back-ported from upstream pmix/master@5c66ffe0f09b1d63ba041ad0c15830069f9a6986) --- opal/mca/pmix/pmix2x/pmix/src/dstore/pmix_esh.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/opal/mca/pmix/pmix2x/pmix/src/dstore/pmix_esh.c b/opal/mca/pmix/pmix2x/pmix/src/dstore/pmix_esh.c index df4f670334..eee4745a03 100644 --- a/opal/mca/pmix/pmix2x/pmix/src/dstore/pmix_esh.c +++ b/opal/mca/pmix/pmix2x/pmix/src/dstore/pmix_esh.c @@ -1,6 +1,8 @@ /* * Copyright (c) 2015-2016 Mellanox Technologies, Inc. * All rights reserved. + * Copyright (c) 2016 Research Organization for Information Science + * and Technology (RIST). All rights reserved. * $COPYRIGHT$ * * Additional copyrights may follow @@ -12,6 +14,7 @@ #include #include #include +#include #include #include