Bug 4474 - globus-gridmap-and-execute problem with additional PDPs
: globus-gridmap-and-execute problem with additional PDPs
Status: CLOSED FIXED
: GRAM
wsrf managed execution job service
: unspecified
: All All
: P3 normal
: 4.0.5
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2006-06-05 16:19 by
Modified: 2007-06-27 09:57 (History)


Attachments
Updated GRAM service jar. (160.56 KB, application/octet-stream)
2006-10-06 12:26, Peter Lane
Details


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2006-06-05 16:19:20
Multiple authorization PDPs may be specified in the security descriptor. If the
"gridmap" PDP is still listed as one of the active PDPs, then
globus-gridmap-and-execute should not be disabled.
------- Comment #1 From 2006-10-06 03:57:19 -------
Hi,
What about this bug? target milestone was 4.0.3 but seems like still not fixed!
------- Comment #2 From 2006-10-06 11:21:32 -------
Actually, I'm not sure this makes sense for the 4.0.x series. I don't think the
4.0.x code allows more than one PDP. Rachana, can you confirm that for me? The
4.0.3 code definitely disables globus-gridmap-and-execute if the service's
security descriptor's authz attribute is not "gridmap".

I'm going to set the target milestone to 4.2 instead. If Rachana tells me I can
specify more than one PDP for the 4.0.x series, then I'll set it to 4.0.4.
4.0.3 came out sooner than expected because of some security patches that
needed to be distributed ASAP.
------- Comment #3 From 2006-10-06 11:30:44 -------
Ok, it is possible to the specify more than one. The value I'm checking is a
space-separated string of PDP names, so I need to simply parse that and check
for "gridmap" as one of the tokens. I'll doe this right now so it for sure
makes it into the next point release.
------- Comment #4 From 2006-10-06 11:41:42 -------
Would be great if a is provided as soon as possible. Thanks
------- Comment #5 From 2006-10-06 11:42:33 -------
(In reply to comment #4)
> Would be great if a is provided as soon as possible. Thanks
> 

I mean a patch
------- Comment #6 From 2006-10-06 12:26:19 -------
Created an attachment (id=1074) [details]
Updated GRAM service jar.

Here's an updated jar file that contains the fix. Copy it over the
gram-service.jar file already in $GLOBUS_LOCATION/lib.

Here's the actual source patch:

---
service/java/source/src/org/globus/exec/service/utils/AuthorizationHelper.java 
    2006-01-27 14:32:33.000000000 -0700
+++
/home/lane/Development/Globus/globus_4_0_branch/packaging/source-trees/wsrf-cvs/ws-gram/service/java/source/src/org/globus/exec/service/utils/AuthorizationHelper.java
     2006-10-06 10:46:05.000000000 -0600
@@ -46,14 +46,24 @@
                 = ServiceSecurityConfig.getSecurityDescriptor(
                     factoryServiceName);
             logger.debug("getting authz PDP name");
-            String authzPDPName = securityDescriptor.getAuthz();
+            String authz = securityDescriptor.getAuthz();
+            String[] authzPDPNames = null;
+            if (authz != null)
+            {
+                authzPDPNames = authz.split(" ");

-            logger.debug("Detected authorization PDP plugin"
-                       +" \"" + authzPDPName + "\"");
+                for (int index=0; index<authzPDPNames.length; index++)
+                {
+                    logger.debug("Detected authorization PDP plugin"
+                               +" \"" + authzPDPNames[index] + "\".");

-            if (authzPDPName.equals(GRIDMAP_AUTHZ_PDP_NAME))
-            {
-                AuthorizationHelper.authorizationGridmap = true;
+                    if (authzPDPNames[index].equals(GRIDMAP_AUTHZ_PDP_NAME))
+                    {
+                        logger.debug("Using gridmap authorization PDP
plugin.");
+                        AuthorizationHelper.authorizationGridmap = true;
+
+                    }
+                }
             }
         }
         catch (Exception e)
------- Comment #7 From 2007-02-14 15:49:14 -------
Martin,

Can you check if this patch was committed?  If not, then should we commit it as
is in time for 4.0.4?  Or do you recommend we wait until 4.0.5?

Thanks,
Stu 
------- Comment #8 From 2007-06-16 12:24:44 -------
This patch has been committed to the 4.0 branch while ago.