pmix2x: sec/native: fix the pmix_native module under solaris by using getpeerucred()

and fail with a user friendly message if no method is available:
"sec: native cannot validate_cred on this system"

(back-ported from upstream openpmix/openpmix@c474a1f)

(back-ported from commit open-mpi/ompi@c11e816)

Author: ggouaillardet

opal/mca/pmix/pmix112/pmix/config/pmix.m4

@@ -18,7 +18,7 @@ dnl                         reserved.
 dnl Copyright (c) 2009-2011 Oak Ridge National Labs.  All rights reserved.
 dnl Copyright (c) 2011-2013 NVIDIA Corporation.  All rights reserved.
 dnl Copyright (c) 2013-2015 Intel, Inc. All rights reserved
-dnl Copyright (c) 2015      Research Organization for Information Science
+dnl Copyright (c) 2015-2016 Research Organization for Information Science
 dnl                         and Technology (RIST). All rights reserved.
 dnl Copyright (c) 2016      Mellanox Technologies, Inc.
 dnl                         All rights reserved.
@@ -318,7 +318,8 @@ AC_DEFUN([PMIX_SETUP_CORE],[
                       sys/wait.h syslog.h \
                       time.h unistd.h \
                       crt_externs.h signal.h \
-                      ioLib.h sockLib.h hostLib.h limits.h])
+                      ioLib.h sockLib.h hostLib.h limits.h \
+                      ucred.h])
 
     # Note that sometimes we have <stdbool.h>, but it doesn't work (e.g.,
     # have both Portland and GNU installed; using pgcc will find GNU's
@@ -495,7 +496,7 @@ AC_DEFUN([PMIX_SETUP_CORE],[
     # Darwin doesn't need -lm, as it's a symlink to libSystem.dylib
     PMIX_SEARCH_LIBS_CORE([ceil], [m])
 
-    AC_CHECK_FUNCS([asprintf snprintf vasprintf vsnprintf strsignal socketpair strncpy_s usleep getpeereid])
+    AC_CHECK_FUNCS([asprintf snprintf vasprintf vsnprintf strsignal socketpair strncpy_s usleep getpeereid getpeerucred])
 
     # On some hosts, htonl is a define, so the AC_CHECK_FUNC will get
     # confused.  On others, it's in the standard library, but stubbed with

opal/mca/pmix/pmix112/pmix/src/sec/pmix_native.c

@@ -1,6 +1,9 @@
 /*
  * Copyright (c) 2015      Intel, Inc.  All rights reserved.
  * Copyright (c) 2016      IBM Corporation.  All rights reserved.
+ * Copyright (c) 2016      Research Organization for Information Science
+ *                         and Technology (RIST). All rights reserved.
+ *
  * $COPYRIGHT$
  *
  * Additional copyrights may follow
@@ -22,6 +25,9 @@
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
+#ifdef HAVE_UCRED_H
+#include <ucred.h>
+#endif
 
 #include "pmix_sec.h"
 #include "pmix_native.h"
@@ -63,6 +69,9 @@ static pmix_status_t validate_cred(pmix_peer_t *peer, char *cred)
     struct ucred ucred;
 #endif
     socklen_t crlen = sizeof (ucred);
+#endif
+#ifdef HAVE_GETPEERUCRED
+    ucred_t *ucred = NULL;
 #endif
     uid_t euid;
     gid_t gid;
@@ -97,7 +106,24 @@ static pmix_status_t validate_cred(pmix_peer_t *peer, char *cred)
                             strerror (pmix_socket_errno));
         return PMIX_ERR_INVALID_CRED;
     }
+#elif defined(HAVE_GETPEERUCRED)
+    pmix_output_verbose(2, pmix_globals.debug_output,
+                        "sec:native checking getpeerucred for peer credentials");
+    if (0 != getpeerucred(peer->sd, &ucred)) {
+        pmix_output_verbose(2, pmix_globals.debug_output,
+                            "sec: getsockopt getpeerucred failed: %s",
+                            strerror (pmix_socket_errno));
+        pmix_output_verbose(2, pmix_globals.debug_output,
+                            "sec: getsockopt getpeerucred failed: %s",
+                            strerror (errno));
+        return PMIX_ERR_INVALID_CRED;
+    }
+    euid = ucred_geteuid(ucred);
+    gid = ucred_getrgid(ucred);
+    ucred_free(ucred);
 #else
+    pmix_output_verbose(2, pmix_globals.debug_output,
+                        "sec: native cannot validate_cred on this system");
     return PMIX_ERR_NOT_SUPPORTED;
 #endif