Bug 2128 - gridftp server checks ownership of hostcert after setuid
: gridftp server checks ownership of hostcert after setuid
Status: RESOLVED FIXED
: GridFTP
GridFTP
: development
: PC Linux
: P3 normal
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2004-10-21 15:50 by
Modified: 2004-10-21 18:16 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2004-10-21 15:50:51
I have been trying to set up the new gridftp server for multiuser support, 
running from inetd or xinetd. The problem I'm seeing is that if the user has a 
user proxy on the _remote_ side (the one running the gridftp server) of the 
transfer, the transfer is successful. If I remove the user proxy, I get: 
 
500-Attempt 1 
500- 
500-globus_credential: Error reading host credential 
500-globus_sysconfig: File is not owned by current 
user: /etc/grid-security/hostcert.pem is not owned by current user 
500- 
 
 
 
======================================================================= 
The command I'm running: 
 
[rynge@dc-user2 rynge]$ globus-url-copy -dbg file:/scratch/rynge/test.iso 
gsiftp://ned-0.isi.edu:9001/tmp/test.iso 
debug: starting to put gsiftp://ned-0.isi.edu:9001/tmp/test.iso 
debug: connecting to gsiftp://ned-0.isi.edu:9001/tmp/test.iso 
debug: response from gsiftp://ned-0.isi.edu:9001/tmp/test.iso: 
220 GridFTP Server ned-0 0.9 (gcc32dbg, 1098122917-1) ready. ** Development 
Release ** 
 
debug: authenticating with gsiftp://ned-0.isi.edu:9001/tmp/test.iso 
debug: response from gsiftp://ned-0.isi.edu:9001/tmp/test.iso: 
230 User :globus-mapping: logged in. 
 
debug: sending command: 
SITE HELP 
 
debug: response from gsiftp://ned-0.isi.edu:9001/tmp/test.iso: 
214-The following commands are recognized: 
    ALLO    ESTO    RNTO    CWD     ERET    FEAT    LIST    NLST 
    MLSD    MLST    PORT    PROT    EPRT    PWD     QUIT    REST 
    STAT    SYST    MKD     RMD     CDUP    HELP    NOOP    DCAU 
    MODE    SIZE    STRU    TYPE    DELE    SITE    EPSV    PASV 
    TREV    SBUF    MDTM    CKSM    OPTS    PASS    SPAS    PBSZ 
    SPOR    RETR    STOR    USER    RNFR    LANG 
214 End 
 
debug: sending command: 
FEAT 
 
debug: response from gsiftp://ned-0.isi.edu:9001/tmp/test.iso: 
211-Extensions supported 
 UTF8 
 LANG EN 
 DCAU 
 PARALLEL 
 SIZE 
 MLST Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;Unique*;UNIX.slink*; 
 ERET 
 ESTO 
 SPAS 
 SPOR 
 REST STREAM 
 MDTM 
211 End. 
 
debug: sending command: 
TYPE I 
debug: response from gsiftp://ned-0.isi.edu:9001/tmp/test.iso: 
200 Type set to I. 
 
debug: sending command: 
PBSZ 1048576 
 
debug: response from gsiftp://ned-0.isi.edu:9001/tmp/test.iso: 
200 PBSZ=1048576 
 
debug: sending command: 
PASV 
 
debug: response from gsiftp://ned-0.isi.edu:9001/tmp/test.iso: 
227 Entering Passive Mode (128,9,72,140,189,111) 
 
debug: sending command: 
STOR /tmp/test.iso 
 
debug: response from gsiftp://ned-0.isi.edu:9001/tmp/test.iso: 
500-Command failed. : callback failed. 
500-Valid credentials could not be found in any of the possible locations 
specified by the credential search order. 
500- 
500-Attempt 1 
500- 
500-globus_credential: Error reading host credential 
500-globus_sysconfig: File is not owned by current 
user: /etc/grid-security/hostcert.pem is not owned by current user 
500- 
500-Attempt 2 
500- 
500-globus_credential: Error reading proxy credential 
500-globus_sysconfig: File does not exist: /tmp/x509up_u1000 is not a valid 
file 
500- 
500-Attempt 3 
500- 
500-globus_credential: Error reading user credential 
500-OpenSSL Error: pem_lib.c:401: in library: PEM routines, function 
PEM_do_header: bad password read 
500- 
500 End. 
 
debug: fault on connection to gsiftp://ned-0.isi.edu:9001/tmp/test.iso: 
globus_ftp_client: the server responded with an error 
debug: data callback, error globus_ftp_client: the server responded with an 
error, buffer 0x40382008, length 0, offset=0, eof=true 
debug: operation complete 
 
error: globus_ftp_client: the server responded with an error 
500 500-Command failed. : callback failed. 
500-Valid credentials could not be found in any of the possible locations 
specified by the credential search order. 
500- 
500-Attempt 1 
500- 
500-globus_credential: Error reading host credential 
500-globus_sysconfig: File is not owned by current 
user: /etc/grid-security/hostcert.pem is not owned by current user 
500- 
500-Attempt 2 
500- 
500-globus_credential: Error reading proxy credential 
500-globus_sysconfig: File does not exist: /tmp/x509up_u1000 is not a valid 
file 
500- 
500-Attempt 3 
500- 
500-globus_credential: Error reading user credential 
500-OpenSSL Error: pem_lib.c:401: in library: PEM routines, function 
PEM_do_header: bad password read 
500- 
500 End. 
 
 
 
======================================================================= 
The inetd config is: 
 
testgrid-gridftp stream tcp nowait root /usr/bin/env env 
LD_LIBRARY_PATH=/nfs/software/gt4-testgrid/install/lib 
GLOBUS_LOCATION=/nfs/software/gt4-testgrid/install /nfs/software/gt4-testgrid/install/sbin/globus-gridftp-server 
-i -d 11 -l /var/globus/gridftp.log 
 
 
======================================================================= 
And the gridftp server log: 
 
Thu Oct 21 13:48:13 2004 :: New connection from: dc-user2.isi.edu:42951 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: 
USER :globus-mapping: 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [SERVER]: 331 Password 
required for :globus-mapping:. 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: PASS 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: PASS 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [SERVER]: 230 
User :globus-mapping: logged in. 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: SITE HELP 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [SERVER]: 214-The 
following commands are recognized: 
    ALLO    ESTO    RNTO    CWD     ERET    FEAT    LIST    NLST 
    MLSD    MLST    PORT    PROT    EPRT    PWD     QUIT    REST 
    STAT    SYST    MKD     RMD     CDUP    HELP    NOOP    DCAU 
    MODE    SIZE    STRU    TYPE    DELE    SITE    EPSV    PASV 
    TREV    SBUF    MDTM    CKSM    OPTS    PASS    SPAS    PBSZ 
    SPOR    RETR    STOR    USER    RNFR    LANG 
214 End 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: FEAT 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [SERVER]: 211-Extensions 
supported 
 UTF8 
 LANG EN 
 DCAU 
 PARALLEL 
 SIZE 
 MLST Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;Unique*;UNIX.slink*; 
 ERET 
 ESTO 
 SPAS 
 SPOR 
 REST STREAM 
 MDTM 
211 End. 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: TYPE I 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [SERVER]: 200 Type set to 
I. 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: PBSZ 1048576 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [SERVER]: 200 PBSZ=1048576 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: PASV 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [SERVER]: 227 Entering 
Passive Mode (128,9,72,140,189,122) 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: 
STOR /tmp/test.iso 
Thu Oct 21 13:48:13 2004 :: force_close: 
Handle not in the proper state 
 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [SERVER]: 500-Command 
failed. : callback failed. 
500-Valid credentials could not be found in any of the possible locations 
specified by the credential search order. 
500- 
500-Attempt 1 
500- 
500-globus_credential: Error reading host credential 
500-globus_sysconfig: File is not owned by current 
user: /etc/grid-security/hostcert.pem is not owned by current user 
500- 
500-Attempt 2 
500- 
500-globus_credential: Error reading proxy credential 
500-globus_sysconfig: File does not exist: /tmp/x509up_u1000 is not a valid 
file 
500- 
500-Attempt 3 
500- 
500-globus_credential: Error reading user credential 
500-OpenSSL Error: pem_lib.c:401: in library: PEM routines, function 
PEM_do_header: bad password read 
500- 
500 End. 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [CLIENT]: QUIT 
Thu Oct 21 13:48:13 2004 :: dc-user2.isi.edu:42951: [SERVER]: 221 Goodbye. 
Thu Oct 21 13:48:13 2004 :: Control connection closed with error: globus_xio: 
Operation was canceled 
 
Thu Oct 21 13:48:13 2004 :: Closed connection from dc-user2.isi.edu:42951
------- Comment #1 From 2004-10-21 18:16:32 -------
This was bug with the delgated cred handling, fixed.
It will be in the trunk when we sync up our bugfix branch again.