libutil/zsecurity: namespace with zsecurity_

Problem: flux_sec_ functions, now intended to be private to flux-core, still leak out because of flux_ prefix. Rename flux_sec_* to zsecurity_*. Rneame FLUX_SEC_* to ZSECURITY_*. Leave the FLUX_SEC_DIRECTORY environment variable that points to the location of certs as is. Update valgrind.supp.
flux-framework · Nov 19, 2018 · eb3350c · eb3350c
1 parent e098c8b
commit eb3350c
Show file tree

Hide file tree

Showing 8 changed files with 214 additions and 214 deletions.
diff --git a/src/broker/broker.c b/src/broker/broker.c
@@ -98,7 +98,7 @@ typedef enum {
 typedef struct {
     /* 0MQ
      */
-    flux_sec_t *sec;             /* security context (MT-safe) */
+    zsecurity_t *sec;             /* security context (MT-safe) */
 
     /* Reactor
      */
@@ -222,11 +222,11 @@ void parse_command_line_arguments(int argc, char *argv[],
             if (!strcmp (optarg, "none")) {
                 *sec_typemask = 0;
             } else if (!strcmp (optarg, "plain")) {
-                *sec_typemask |= FLUX_SEC_TYPE_PLAIN;
-                *sec_typemask &= ~FLUX_SEC_TYPE_CURVE;
+                *sec_typemask |= ZSECURITY_TYPE_PLAIN;
+                *sec_typemask &= ~ZSECURITY_TYPE_CURVE;
             } else if (!strcmp (optarg, "curve")) {
-                *sec_typemask |= FLUX_SEC_TYPE_CURVE;
-                *sec_typemask &= ~FLUX_SEC_TYPE_PLAIN;
+                *sec_typemask |= ZSECURITY_TYPE_CURVE;
+                *sec_typemask &= ~ZSECURITY_TYPE_PLAIN;
             } else {
                 log_msg_exit ("--security arg must be none|plain|curve");
             }
@@ -299,7 +299,7 @@ int main (int argc, char *argv[])
 {
     broker_ctx_t ctx;
     zlist_t *sigwatchers;
-    int sec_typemask = FLUX_SEC_TYPE_CURVE;
+    int sec_typemask = ZSECURITY_TYPE_CURVE;
     sigset_t old_sigmask;
     struct sigaction old_sigact_int;
     struct sigaction old_sigact_term;
@@ -384,17 +384,17 @@ int main (int argc, char *argv[])
     broker_handle_signals (&ctx, sigwatchers);
 
     /* Initialize security context.
-     * Delay calling flux_sec_comms_init() so that we can defer creating
+     * Delay calling zsecurity_comms_init() so that we can defer creating
      * the libzmq work thread until we are ready to communicate.
      */
     const char *keydir;
     if (attr_get (ctx.attrs, "security.keydir", &keydir, NULL) < 0)
         log_err_exit ("getattr security.keydir");
-    if (!(ctx.sec = flux_sec_create (sec_typemask, keydir)))
-        log_err_exit ("flux_sec_create");
+    if (!(ctx.sec = zsecurity_create (sec_typemask, keydir)))
+        log_err_exit ("zsecurity_create");
 
     /* The first call to overlay_bind() or overlay_connect() calls
-     * flux_sec_comms_init().
+     * zsecurity_comms_init().
      */
     overlay_set_sec (ctx.overlay, ctx.sec);
     overlay_set_flux (ctx.overlay, ctx.h);
@@ -663,7 +663,7 @@ int main (int argc, char *argv[])
     if (ctx.verbose)
         log_msg ("cleaning up");
     if (ctx.sec)
-        flux_sec_destroy (ctx.sec);
+        zsecurity_destroy (ctx.sec);
     overlay_destroy (ctx.overlay);
     heartbeat_destroy (ctx.heartbeat);
     service_switch_destroy (ctx.services);

diff --git a/src/broker/overlay.c b/src/broker/overlay.c
@@ -50,7 +50,7 @@ struct endpoint {
 };
 
 struct overlay_struct {
-    flux_sec_t *sec;
+    zsecurity_t *sec;
     bool sec_initialized;
     flux_t *h;
     zhash_t *children;          /* child_t - by uuid */
@@ -136,7 +136,7 @@ void overlay_init (overlay_t *overlay,
     overlay->tbon_descendants = kary_sum_descendants (tbon_k, size, rank);
 }
 
-void overlay_set_sec (overlay_t *ov, flux_sec_t *sec)
+void overlay_set_sec (overlay_t *ov, zsecurity_t *sec)
 {
     ov->sec = sec;
 }
@@ -369,8 +369,8 @@ static int bind_child (overlay_t *ov, struct endpoint *ep)
 {
     if (!(ep->zs = zsock_new_router (NULL)))
         log_err_exit ("zsock_new_router");
-    if (flux_sec_ssockinit (ov->sec, ep->zs) < 0)
-        log_msg_exit ("flux_sec_ssockinit: %s", flux_sec_errstr (ov->sec));
+    if (zsecurity_ssockinit (ov->sec, ep->zs) < 0)
+        log_msg_exit ("zsecurity_ssockinit: %s", zsecurity_errstr (ov->sec));
     if (zsock_bind (ep->zs, "%s", ep->uri) < 0)
         log_err_exit ("%s", ep->uri);
     if (strchr (ep->uri, '*')) { /* capture dynamically assigned port */
@@ -405,9 +405,9 @@ static int connect_parent (overlay_t *ov, struct endpoint *ep)
 
     if (!(ep->zs = zsock_new_dealer (NULL)))
         goto error;
-    if (flux_sec_csockinit (ov->sec, ep->zs) < 0) {
+    if (zsecurity_csockinit (ov->sec, ep->zs) < 0) {
         savederr = errno;
-        log_msg ("flux_sec_csockinit: %s", flux_sec_errstr (ov->sec));
+        log_msg ("zsecurity_csockinit: %s", zsecurity_errstr (ov->sec));
         errno = savederr;
         goto error;
     }
@@ -432,8 +432,8 @@ static int connect_parent (overlay_t *ov, struct endpoint *ep)
 static int overlay_sec_init (overlay_t *ov)
 {
     if (!ov->sec_initialized) {
-        if (flux_sec_comms_init (ov->sec) < 0) {
-            log_msg ("flux_sec_comms_init: %s", flux_sec_errstr (ov->sec));
+        if (zsecurity_comms_init (ov->sec) < 0) {
+            log_msg ("zsecurity_comms_init: %s", zsecurity_errstr (ov->sec));
             return -1;
         }
         ov->sec_initialized = true;

diff --git a/src/broker/overlay.h b/src/broker/overlay.h
@@ -12,7 +12,7 @@ void overlay_destroy (overlay_t *ov);
 
 /* These need to be called before connect/bind.
  */
-void overlay_set_sec (overlay_t *ov, flux_sec_t *sec);
+void overlay_set_sec (overlay_t *ov, zsecurity_t *sec);
 void overlay_set_flux (overlay_t *ov, flux_t *h);
 void overlay_init (overlay_t *ov, uint32_t size, uint32_t rank, int tbon_k);
 void overlay_set_idle_warning (overlay_t *ov, int heartbeats);

diff --git a/src/cmd/flux-keygen.c b/src/cmd/flux-keygen.c
@@ -52,8 +52,8 @@ void usage (void)
 int main (int argc, char *argv[])
 {
     int ch;
-    flux_sec_t *sec;
-    int typemask = FLUX_SEC_TYPE_CURVE | FLUX_SEC_VERBOSE;
+    zsecurity_t *sec;
+    int typemask = ZSECURITY_TYPE_CURVE | ZSECURITY_VERBOSE;
     const char *secdir = getenv ("FLUX_SEC_DIRECTORY");
 
     log_init ("flux-keygen");
@@ -64,11 +64,11 @@ int main (int argc, char *argv[])
                 usage ();
                 break;
             case 'f': /* --force */
-                typemask |= FLUX_SEC_KEYGEN_FORCE;
+                typemask |= ZSECURITY_KEYGEN_FORCE;
                 break;
             case 'p': /* --plain */
-                typemask |= FLUX_SEC_TYPE_PLAIN;
-                typemask &= ~FLUX_SEC_TYPE_CURVE;
+                typemask |= ZSECURITY_TYPE_PLAIN;
+                typemask &= ~ZSECURITY_TYPE_CURVE;
                 break;
             case 'd': /* --secdir */
                 secdir = optarg;
@@ -81,11 +81,11 @@ int main (int argc, char *argv[])
     if (optind < argc)
         usage ();
 
-     if (!(sec = flux_sec_create (typemask, secdir)))
-        log_err_exit ("flux_sec_create");
-    if (flux_sec_keygen (sec) < 0)
-        log_msg_exit ("%s", flux_sec_errstr (sec));
-    flux_sec_destroy (sec);
+     if (!(sec = zsecurity_create (typemask, secdir)))
+        log_err_exit ("zsecurity_create");
+    if (zsecurity_keygen (sec) < 0)
+        log_msg_exit ("%s", zsecurity_errstr (sec));
+    zsecurity_destroy (sec);
 
     log_fini ();