Merge pull request #1846 from garlick/flux_sec_private

libflux: drop flux_sec_t class from public API

src/bindings/python/flux/Makefile.am

@@ -7,7 +7,6 @@ fluxpy_PYTHON=\
 	      constants.py\
 	      jsc.py\
 	      kz.py\
-	      sec.py \
 	      job.py \
 	      mrpc.py \
 	      util.py

src/bindings/python/flux/__init__.py

@@ -12,6 +12,5 @@ def Flux(*args, **kwargs):
            'jsc',
            'rpc',
            'mrpc',
-           'sec',
            'constants',
            'Flux', ]

src/broker/broker.c

@@ -64,6 +64,7 @@
 #include "src/common/libutil/ipaddr.h"
 #include "src/common/libutil/kary.h"
 #include "src/common/libutil/monotime.h"
+#include "src/common/libutil/zsecurity.h"
 #include "src/common/libpmi/pmi.h"
 #include "src/common/libpmi/pmi_strerror.h"
 
@@ -97,7 +98,7 @@ typedef enum {
 typedef struct {
     /* 0MQ
      */
-    flux_sec_t *sec;             /* security context (MT-safe) */
+    zsecurity_t *sec;             /* security context (MT-safe) */
 
     /* Reactor
      */
@@ -221,11 +222,11 @@ void parse_command_line_arguments(int argc, char *argv[],
             if (!strcmp (optarg, "none")) {
                 *sec_typemask = 0;
             } else if (!strcmp (optarg, "plain")) {
-                *sec_typemask |= FLUX_SEC_TYPE_PLAIN;
-                *sec_typemask &= ~FLUX_SEC_TYPE_CURVE;
+                *sec_typemask |= ZSECURITY_TYPE_PLAIN;
+                *sec_typemask &= ~ZSECURITY_TYPE_CURVE;
             } else if (!strcmp (optarg, "curve")) {
-                *sec_typemask |= FLUX_SEC_TYPE_CURVE;
-                *sec_typemask &= ~FLUX_SEC_TYPE_PLAIN;
+                *sec_typemask |= ZSECURITY_TYPE_CURVE;
+                *sec_typemask &= ~ZSECURITY_TYPE_PLAIN;
             } else {
                 log_msg_exit ("--security arg must be none|plain|curve");
             }
@@ -298,7 +299,7 @@ int main (int argc, char *argv[])
 {
     broker_ctx_t ctx;
     zlist_t *sigwatchers;
-    int sec_typemask = FLUX_SEC_TYPE_CURVE;
+    int sec_typemask = ZSECURITY_TYPE_CURVE;
     sigset_t old_sigmask;
     struct sigaction old_sigact_int;
     struct sigaction old_sigact_term;
@@ -383,17 +384,17 @@ int main (int argc, char *argv[])
     broker_handle_signals (&ctx, sigwatchers);
 
     /* Initialize security context.
-     * Delay calling flux_sec_comms_init() so that we can defer creating
+     * Delay calling zsecurity_comms_init() so that we can defer creating
      * the libzmq work thread until we are ready to communicate.
      */
     const char *keydir;
     if (attr_get (ctx.attrs, "security.keydir", &keydir, NULL) < 0)
         log_err_exit ("getattr security.keydir");
-    if (!(ctx.sec = flux_sec_create (sec_typemask, keydir)))
-        log_err_exit ("flux_sec_create");
+    if (!(ctx.sec = zsecurity_create (sec_typemask, keydir)))
+        log_err_exit ("zsecurity_create");
 
     /* The first call to overlay_bind() or overlay_connect() calls
-     * flux_sec_comms_init().
+     * zsecurity_comms_init().
      */
     overlay_set_sec (ctx.overlay, ctx.sec);
     overlay_set_flux (ctx.overlay, ctx.h);
@@ -662,7 +663,7 @@ int main (int argc, char *argv[])
     if (ctx.verbose)
         log_msg ("cleaning up");
     if (ctx.sec)
-        flux_sec_destroy (ctx.sec);
+        zsecurity_destroy (ctx.sec);
     overlay_destroy (ctx.overlay);
     heartbeat_destroy (ctx.heartbeat);
     service_switch_destroy (ctx.services);

src/broker/overlay.c

@@ -37,6 +37,7 @@
 #include "src/common/libutil/iterators.h"
 #include "src/common/libutil/kary.h"
 #include "src/common/libutil/cleanup.h"
+#include "src/common/libutil/zsecurity.h"
 
 #include "heartbeat.h"
 #include "overlay.h"
@@ -49,7 +50,7 @@ struct endpoint {
 };
 
 struct overlay_struct {
-    flux_sec_t *sec;
+    zsecurity_t *sec;
     bool sec_initialized;
     flux_t *h;
     zhash_t *children;          /* child_t - by uuid */
@@ -135,7 +136,7 @@ void overlay_init (overlay_t *overlay,
     overlay->tbon_descendants = kary_sum_descendants (tbon_k, size, rank);
 }
 
-void overlay_set_sec (overlay_t *ov, flux_sec_t *sec)
+void overlay_set_sec (overlay_t *ov, zsecurity_t *sec)
 {
     ov->sec = sec;
 }
@@ -368,8 +369,8 @@ static int bind_child (overlay_t *ov, struct endpoint *ep)
 {
     if (!(ep->zs = zsock_new_router (NULL)))
         log_err_exit ("zsock_new_router");
-    if (flux_sec_ssockinit (ov->sec, ep->zs) < 0)
-        log_msg_exit ("flux_sec_ssockinit: %s", flux_sec_errstr (ov->sec));
+    if (zsecurity_ssockinit (ov->sec, ep->zs) < 0)
+        log_msg_exit ("zsecurity_ssockinit: %s", zsecurity_errstr (ov->sec));
     if (zsock_bind (ep->zs, "%s", ep->uri) < 0)
         log_err_exit ("%s", ep->uri);
     if (strchr (ep->uri, '*')) { /* capture dynamically assigned port */
@@ -404,9 +405,9 @@ static int connect_parent (overlay_t *ov, struct endpoint *ep)
 
     if (!(ep->zs = zsock_new_dealer (NULL)))
         goto error;
-    if (flux_sec_csockinit (ov->sec, ep->zs) < 0) {
+    if (zsecurity_csockinit (ov->sec, ep->zs) < 0) {
         savederr = errno;
-        log_msg ("flux_sec_csockinit: %s", flux_sec_errstr (ov->sec));
+        log_msg ("zsecurity_csockinit: %s", zsecurity_errstr (ov->sec));
         errno = savederr;
         goto error;
     }
@@ -431,8 +432,8 @@ static int connect_parent (overlay_t *ov, struct endpoint *ep)
 static int overlay_sec_init (overlay_t *ov)
 {
     if (!ov->sec_initialized) {
-        if (flux_sec_comms_init (ov->sec) < 0) {
-            log_msg ("flux_sec_comms_init: %s", flux_sec_errstr (ov->sec));
+        if (zsecurity_comms_init (ov->sec) < 0) {
+            log_msg ("zsecurity_comms_init: %s", zsecurity_errstr (ov->sec));
             return -1;
         }
         ov->sec_initialized = true;

src/broker/overlay.h

@@ -2,6 +2,7 @@
 #define _BROKER_OVERLAY_H
 
 #include "attr.h"
+#include "src/common/libutil/zsecurity.h"
 
 typedef struct overlay_struct overlay_t;
 typedef void (*overlay_cb_f)(overlay_t *ov, void *sock, void *arg);
@@ -11,7 +12,7 @@ void overlay_destroy (overlay_t *ov);
 
 /* These need to be called before connect/bind.
  */
-void overlay_set_sec (overlay_t *ov, flux_sec_t *sec);
+void overlay_set_sec (overlay_t *ov, zsecurity_t *sec);
 void overlay_set_flux (overlay_t *ov, flux_t *h);
 void overlay_init (overlay_t *ov, uint32_t size, uint32_t rank, int tbon_k);
 void overlay_set_idle_warning (overlay_t *ov, int heartbeats);

src/cmd/flux-keygen.c

@@ -29,6 +29,7 @@
 #include <flux/core.h>
 
 #include "src/common/libutil/log.h"
+#include "src/common/libutil/zsecurity.h"
 
 
 #define OPTIONS "hfpd:"
@@ -51,8 +52,8 @@ void usage (void)
 int main (int argc, char *argv[])
 {
     int ch;
-    flux_sec_t *sec;
-    int typemask = FLUX_SEC_TYPE_CURVE | FLUX_SEC_VERBOSE;
+    zsecurity_t *sec;
+    int typemask = ZSECURITY_TYPE_CURVE | ZSECURITY_VERBOSE;
     const char *secdir = getenv ("FLUX_SEC_DIRECTORY");
 
     log_init ("flux-keygen");
@@ -63,11 +64,11 @@ int main (int argc, char *argv[])
                 usage ();
                 break;
             case 'f': /* --force */
-                typemask |= FLUX_SEC_KEYGEN_FORCE;
+                typemask |= ZSECURITY_KEYGEN_FORCE;
                 break;
             case 'p': /* --plain */
-                typemask |= FLUX_SEC_TYPE_PLAIN;
-                typemask &= ~FLUX_SEC_TYPE_CURVE;
+                typemask |= ZSECURITY_TYPE_PLAIN;
+                typemask &= ~ZSECURITY_TYPE_CURVE;
                 break;
             case 'd': /* --secdir */
                 secdir = optarg;
@@ -80,11 +81,11 @@ int main (int argc, char *argv[])
     if (optind < argc)
         usage ();
 
-     if (!(sec = flux_sec_create (typemask, secdir)))
-        log_err_exit ("flux_sec_create");
-    if (flux_sec_keygen (sec) < 0)
-        log_msg_exit ("%s", flux_sec_errstr (sec));
-    flux_sec_destroy (sec);
+     if (!(sec = zsecurity_create (typemask, secdir)))
+        log_err_exit ("zsecurity_create");
+    if (zsecurity_keygen (sec) < 0)
+        log_msg_exit ("%s", zsecurity_errstr (sec));
+    zsecurity_destroy (sec);
 
     log_fini ();
 

src/common/libflux/Makefile.am

@@ -58,7 +58,6 @@ fluxcoreinclude_HEADERS = \
 	connector.h \
 	reactor.h \
 	msg_handler.h \
-	security.h \
 	message.h \
 	request.h \
 	keepalive.h \
@@ -90,7 +89,6 @@ libflux_la_SOURCES = \
 	handle.c \
 	reactor.c \
 	msg_handler.c \
-	security.c \
 	message.c \
 	request.c \
 	response.c \
@@ -130,7 +128,6 @@ TESTS = test_message.t \
 	test_response.t \
 	test_event.t \
 	test_tagpool.t \
-	test_security.t \
 	test_future.t \
 	test_composite_future.t \
 	test_reactor.t \
@@ -199,10 +196,6 @@ test_reactor_t_SOURCES = test/reactor.c
 test_reactor_t_CPPFLAGS = $(test_cppflags)
 test_reactor_t_LDADD = $(test_ldadd) $(LIBDL)
 
-test_security_t_SOURCES = test/security.c
-test_security_t_CPPFLAGS = $(test_cppflags)
-test_security_t_LDADD = $(test_ldadd) $(LIBDL)
-
 test_future_t_SOURCES = test/future.c
 test_future_t_CPPFLAGS = $(test_cppflags)
 test_future_t_LDADD = $(test_ldadd) $(LIBDL)

src/common/libflux/flux.h

@@ -30,7 +30,6 @@
 #include "reactor.h"
 #include "msg_handler.h"
 #include "connector.h"
-#include "security.h"
 #include "message.h"
 #include "request.h"
 #include "response.h"

src/common/libflux/message.h

@@ -30,7 +30,6 @@
 #include <stdarg.h>
 #include <stdio.h>
 #include "types.h"
-#include "security.h"
 
 #ifdef __cplusplus
 extern "C" {

src/common/libutil/Makefile.am

@@ -86,7 +86,9 @@ libutil_la_SOURCES = \
 	aux.c \
 	aux.h \
 	fdutils.c \
-	fdutils.h
+	fdutils.h \
+	zsecurity.c \
+	zsecurity.h
 
 EXTRA_DIST = veb_mach.c
 
@@ -112,7 +114,8 @@ TESTS = test_nodeset.t \
 	test_ipaddr.t \
 	test_fluid.t \
 	test_aux.t \
-	test_fdutils.t
+	test_fdutils.t \
+	test_zsecurity.t
 
 
 test_ldadd = \
@@ -224,3 +227,7 @@ test_aux_t_LDADD = $(test_ldadd)
 test_fdutils_t_SOURCES = test/fdutils.c
 test_fdutils_t_CPPFLAGS = $(test_cppflags)
 test_fdutils_t_LDADD = $(test_ldadd)
+
+test_zsecurity_t_SOURCES = test/zsecurity.c
+test_zsecurity_t_CPPFLAGS = $(test_cppflags)
+test_zsecurity_t_LDADD = $(test_ldadd)