pmix2x: sec/native: fix the pmix_native module under solaris by using getpeerucred()

and fail with a user friendly message if no method is available:
"sec: native cannot validate_cred on this system"

(back-ported from upstream openpmix/openpmix@c474a1f)

Author: ggouaillardet

opal/mca/pmix/pmix2x/pmix/config/pmix.m4

@@ -302,7 +302,7 @@ AC_DEFUN([PMIX_SETUP_CORE],[
                       crt_externs.h signal.h \
                       ioLib.h sockLib.h hostLib.h limits.h \
                       sys/statfs.h sys/statvfs.h \
-                      netdb.h])
+                      netdb.h ucred.h])
 
     # Note that sometimes we have <stdbool.h>, but it doesn't work (e.g.,
     # have both Portland and GNU installed; using pgcc will find GNU's
@@ -508,7 +508,7 @@ AC_DEFUN([PMIX_SETUP_CORE],[
     # Darwin doesn't need -lm, as it's a symlink to libSystem.dylib
     PMIX_SEARCH_LIBS_CORE([ceil], [m])
 
-    AC_CHECK_FUNCS([asprintf snprintf vasprintf vsnprintf strsignal socketpair strncpy_s usleep statfs statvfs getpeereid strnlen])
+    AC_CHECK_FUNCS([asprintf snprintf vasprintf vsnprintf strsignal socketpair strncpy_s usleep statfs statvfs getpeereid getpeerucred strnlen])
 
     # On some hosts, htonl is a define, so the AC_CHECK_FUNC will get
     # confused.  On others, it's in the standard library, but stubbed with

opal/mca/pmix/pmix2x/pmix/src/sec/pmix_native.c

@@ -1,6 +1,8 @@
 /*
  * Copyright (c) 2015-2016 Intel, Inc.  All rights reserved.
  * Copyright (c) 2016      IBM Corporation.  All rights reserved.
+ * Copyright (c) 2016      Research Organization for Information Science
+ *                         and Technology (RIST). All rights reserved.
  *
  * $COPYRIGHT$
  *
@@ -24,6 +26,9 @@
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
+#ifdef HAVE_UCRED_H
+#include <ucred.h>
+#endif
 
 #include "pmix_sec.h"
 #include "pmix_native.h"
@@ -65,6 +70,9 @@ static pmix_status_t validate_cred(pmix_peer_t *peer, char *cred)
     struct ucred ucred;
 #endif
     socklen_t crlen = sizeof (ucred);
+#endif
+#ifdef HAVE_GETPEERUCRED
+    ucred_t *ucred = NULL;
 #endif
     uid_t euid;
     gid_t gid;
@@ -99,7 +107,24 @@ static pmix_status_t validate_cred(pmix_peer_t *peer, char *cred)
                             strerror (pmix_socket_errno));
         return PMIX_ERR_INVALID_CRED;
     }
+#elif defined(HAVE_GETPEERUCRED)
+    pmix_output_verbose(2, pmix_globals.debug_output,
+                        "sec:native checking getpeerucred for peer credentials");
+    if (0 != getpeerucred(peer->sd, &ucred)) {
+        pmix_output_verbose(2, pmix_globals.debug_output,
+                            "sec: getsockopt getpeerucred failed: %s",
+                            strerror (pmix_socket_errno));
+        pmix_output_verbose(2, pmix_globals.debug_output,
+                            "sec: getsockopt getpeerucred failed: %s",
+                            strerror (errno));
+        return PMIX_ERR_INVALID_CRED;
+    }
+    euid = ucred_geteuid(ucred);
+    gid = ucred_getrgid(ucred);
+    ucred_free(ucred);
 #else
+    pmix_output_verbose(2, pmix_globals.debug_output,
+                        "sec: native cannot validate_cred on this system");
     return PMIX_ERR_NOT_SUPPORTED;
 #endif