Bug 5919 - UserDN based authorization
: UserDN based authorization
Status: RESOLVED FIXED
: RFT
RFT
: 4.0.6
: Macintosh All
: P3 normal
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2008-03-17 07:51 by
Modified: 2008-03-17 16:01 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2008-03-17 07:51:45
From the gt-user report:
When I submited job, it work fine as below.

   asou% globusrun-ws -submit -factory
'https://example.org:18443/wsrf/services/ManagedJobFactoryService' -subject
'/C=JP/O=AIST/OU=GRID/CN=Masato Asou' -c /bin/hostnameSubmitting job...Done.
   Job ID: uuid:04d9cf16-f0b8-11dc-ab54-0014511f4afc
   Termination time: 03/14/2008 04:43 GMT
   Current job state: Active
   Current job state: CleanUp
   Current job state: Done
   Destroying job...Done.

However, state was Failed as below if -streaming is specified.

   asou% globusrun-ws -submit -streaming -factory
'https://example.org:18443/wsrf/services/ManagedJobFactoryService' -subject
'/C=JP/O=AIST/OU=GRID/CN=Masato Asou' -c /bin/hostname
   Delegating user credentials...Done.
   Submitting job...Done.
   Job ID: uuid:1979b986-f0b8-11dc-940e-0014511f4afc
   Termination time: 03/14/2008 04:44 GMT
   Current job state: Active
   Current job state: CleanUp-Hold
   example.org
   Current job state: CleanUp
   Current job state: Failed
   Destroying job...Done.
   Cleaning up any delegated credentials...Done.

Is this a bug or mistake of my configuretion?

My environment as below.

   asou% uname -mrsv
   Darwin 8.11.0 Darwin Kernel Version 8.11.0: Wed Oct 10 18:26:00 PDT 2007;
root:xnu-792.24.17~1/RELEASE_PPC Power Macintosh
   asou% globus-version
   4.0.6

WS container's log as below.

   asou% globus-start-container -p 18443
   Starting SOAP server at: https://192.168.0.1:18443/wsrf/services/ 
   With the following services:

   [1]: https://192.168.0.1:18443/wsrf/services/AdminService
   [2]: https://192.168.0.1:18443/wsrf/services/AuthzCalloutTestService
   [3]: https://192.168.0.1:18443/wsrf/services/CASService
   [4]: https://192.168.0.1:18443/wsrf/services/ContainerRegistryEntryService
   [5]: https://192.168.0.1:18443/wsrf/services/ContainerRegistryService
   [6]: https://192.168.0.1:18443/wsrf/services/CounterService
   [7]: https://192.168.0.1:18443/wsrf/services/DefaultIndexService
   [8]: https://192.168.0.1:18443/wsrf/services/DefaultIndexServiceEntry
   [9]: https://192.168.0.1:18443/wsrf/services/DefaultTriggerService
   [10]: https://192.168.0.1:18443/wsrf/services/DefaultTriggerServiceEntry
   [11]: https://192.168.0.1:18443/wsrf/services/DelegationFactoryService
   [12]: https://192.168.0.1:18443/wsrf/services/DelegationService
   [13]: https://192.168.0.1:18443/wsrf/services/DelegationTestService
   [14]: https://192.168.0.1:18443/wsrf/services/InMemoryServiceGroup
   [15]: https://192.168.0.1:18443/wsrf/services/InMemoryServiceGroupEntry
   [16]: https://192.168.0.1:18443/wsrf/services/InMemoryServiceGroupFactory
   [17]: https://192.168.0.1:18443/wsrf/services/IndexFactoryService
   [18]: https://192.168.0.1:18443/wsrf/services/IndexService
   [19]: https://192.168.0.1:18443/wsrf/services/IndexServiceEntry
   [20]: https://192.168.0.1:18443/wsrf/services/ManagedExecutableJobService
   [21]: https://192.168.0.1:18443/wsrf/services/ManagedJobFactoryService
   [22]: https://192.168.0.1:18443/wsrf/services/ManagedMultiJobService
   [23]: https://192.168.0.1:18443/wsrf/services/ManagementService
   [24]:
https://192.168.0.1:18443/wsrf/services/NotificationConsumerFactoryService
   [25]: https://192.168.0.1:18443/wsrf/services/NotificationConsumerService
   [26]: https://192.168.0.1:18443/wsrf/services/NotificationTestService
   [27]:
https://192.168.0.1:18443/wsrf/services/PersistenceTestSubscriptionManager
   [28]:
https://192.168.0.1:18443/wsrf/services/ReliableFileTransferFactoryService
   [29]: https://192.168.0.1:18443/wsrf/services/ReliableFileTransferService
   [30]: https://192.168.0.1:18443/wsrf/services/RendezvousFactoryService
   [31]: https://192.168.0.1:18443/wsrf/services/ReplicationService
   [32]: https://192.168.0.1:18443/wsrf/services/SampleAuthzService
   [33]: https://192.168.0.1:18443/wsrf/services/SecureCounterService
   [34]: https://192.168.0.1:18443/wsrf/services/SecurityTestService
   [35]: https://192.168.0.1:18443/wsrf/services/ShutdownService
   [36]: https://192.168.0.1:18443/wsrf/services/SubscriptionManagerService
   [37]: https://192.168.0.1:18443/wsrf/services/TestAuthzService
   [38]: https://192.168.0.1:18443/wsrf/services/TestRPCService
   [39]: https://192.168.0.1:18443/wsrf/services/TestService
   [40]: https://192.168.0.1:18443/wsrf/services/TestServiceRequest
   [41]: https://192.168.0.1:18443/wsrf/services/TestServiceWrongWSDL
   [42]: https://192.168.0.1:18443/wsrf/services/TriggerFactoryService
   [43]: https://192.168.0.1:18443/wsrf/services/TriggerService
   [44]: https://192.168.0.1:18443/wsrf/services/TriggerServiceEntry
   [45]: https://192.168.0.1:18443/wsrf/services/Version
   [46]: https://192.168.0.1:18443/wsrf/services/WidgetNotificationService
   [47]: https://192.168.0.1:18443/wsrf/services/WidgetService
   [48]: https://192.168.0.1:18443/wsrf/services/gsi/AuthenticationService
   [49]:
https://192.168.0.1:18443/wsrf/services/mds/test/execsource/IndexService
   [50]:
https://192.168.0.1:18443/wsrf/services/mds/test/execsource/IndexServiceEntry
   [51]:
https://192.168.0.1:18443/wsrf/services/mds/test/subsource/IndexService
   [52]:
https://192.168.0.1:18443/wsrf/services/mds/test/subsource/IndexServiceEntry
   2008-03-13 13:43:22,805 INFO  impl.DefaultIndexService
[ServiceThread-11,processConfigFile:107] Reading default registration
configuration from file:
/Users/asou/GT/gt4.0.6/etc/globus_wsrf_mds_index/hierarchy.xml
   2008-03-13 13:43:27,169 INFO  exec.StateMachine
[RunQueueThread_0,logJobAccepted:3400] Job 0519ae10-f0b8-11dc-b53f-88433d888d33
accepted for local user 'asou'
   2008-03-13 13:43:28,308 INFO  exec.StateMachine
[RunQueueThread_2,logJobSubmitted:3412] Job
0519ae10-f0b8-11dc-b53f-88433d888d33 submitted with local job ID
'0629f3a0-f0b8-11dc-a49b-0014511f4afc:9656'
   2008-03-13 13:43:31,373 INFO  exec.StateMachine
[RunQueueThread_7,logJobSucceeded:3422] Job
0519ae10-f0b8-11dc-b53f-88433d888d33 finished successfully
   2008-03-13 13:44:02,809 INFO  exec.StateMachine
[RunQueueThread_11,logJobAccepted:3400] Job
1aadd1c0-f0b8-11dc-b53f-88433d888d33 accepted for local user 'asou'
   2008-03-13 13:44:03,957 INFO  exec.StateMachine
[RunQueueThread_13,logJobSubmitted:3412] Job
1aadd1c0-f0b8-11dc-b53f-88433d888d33 submitted with local job ID
'1b66a088-f0b8-11dc-bb96-0014511f4afc:9666'
   2008-03-13 13:44:10,208 ERROR service.TransferWork [WorkThread-18,run:494]
Transient transfer error 
   Authentication with credential only failed on server example.org [Caused by:
Authentication failed [Caused by: Operation unauthorized (Mechanism level:
Authorization failed. Expected "/CN=host/example.org" target but received
"/C=JP/O=AIST/OU=GRID/CN=Masato Asou")]]
   Authentication with credential only failed on server example.org. Caused by
Authentication failed. Caused by GSSException: Operation unauthorized
(Mechanism level: Authorization failed. Expected "/CN=host/example.org" target
but received "/C=JP/O=AIST/OU=GRID/CN=Masato Asou")
           at
org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSContextImpl.java:509)
           at
org.globus.ftp.extended.GridFTPControlChannel.authenticate(GridFTPControlChannel.java:203)
           at org.globus.ftp.GridFTPClient.authenticate(GridFTPClient.java:99)
           at org.globus.ftp.GridFTPClient.authenticate(GridFTPClient.java:84)
           at
org.globus.transfer.reliable.service.cache.SingleConnectionImpl.<init>(SingleConnectionImpl.java:85)
           at
org.globus.transfer.reliable.service.cache.ConnectionManager.createNewConnection(ConnectionManager.java:364)
           at
org.globus.transfer.reliable.service.cache.ConnectionManager.getConnection(ConnectionManager.java:259)
           at
org.globus.transfer.reliable.service.client.DeleteClient.<init>(DeleteClient.java:44)
           at
org.globus.transfer.reliable.service.client.ClientFactory.createDeleteClient(ClientFactory.java:51)
           at
org.globus.transfer.reliable.service.TransferWork.run(TransferWork.java:435)
           at
org.globus.wsrf.impl.work.WorkManagerImpl$WorkWrapper.run(WorkManagerImpl.java:355)
           at java.lang.Thread.run(Thread.java:613)
   2008-03-13 13:44:10,847 ERROR service.TransferWork [WorkThread-20,run:494]
Transient transfer error 
   Authentication with credential only failed on server example.org [Caused by:
Authentication failed [Caused by: Operation unauthorized (Mechanism level:
Authorization failed. Expected "/CN=host/example.org" target but received
"/C=JP/O=AIST/OU=GRID/CN=Masato Asou")]]
   Authentication with credential only failed on server example.org. Caused by
Authentication failed. Caused by GSSException: Operation unauthorized
(Mechanism level: Authorization failed. Expected "/CN=host/example.org" target
but received "/C=JP/O=AIST/OU=GRID/CN=Masato Asou")
           at
org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSContextImpl.java:509)
           at
org.globus.ftp.extended.GridFTPControlChannel.authenticate(GridFTPControlChannel.java:203)
           at org.globus.ftp.GridFTPClient.authenticate(GridFTPClient.java:99)
           at org.globus.ftp.GridFTPClient.authenticate(GridFTPClient.java:84)
           at
org.globus.transfer.reliable.service.cache.SingleConnectionImpl.<init>(SingleConnectionImpl.java:85)
           at
org.globus.transfer.reliable.service.cache.ConnectionManager.createNewConnection(ConnectionManager.java:364)
           at
org.globus.transfer.reliable.service.cache.ConnectionManager.getConnection(ConnectionManager.java:259)
           at
org.globus.transfer.reliable.service.client.DeleteClient.<init>(DeleteClient.java:44)
           at
org.globus.transfer.reliable.service.client.ClientFactory.createDeleteClient(ClientFactory.java:51)
           at
org.globus.transfer.reliable.service.TransferWork.run(TransferWork.java:435)
           at
org.globus.wsrf.impl.work.WorkManagerImpl$WorkWrapper.run(WorkManagerImpl.java:355)
           at java.lang.Thread.run(Thread.java:613)
   2008-03-13 13:44:13,191 ERROR exec.RunThread [RunQueueThread_3,run:89]
Unable to process state transition.
   java.lang.RuntimeException: Unable to invoke state transition method
processFailedState
           at
org.globus.exec.service.exec.StateMachine.processState(StateMachine.java:335)
           at org.globus.exec.service.exec.RunThread.run(RunThread.java:85)
   Caused by: java.lang.reflect.InvocationTargetException
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
           at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:585)
           at
org.globus.exec.service.exec.StateMachine.processState(StateMachine.java:329)
           ... 1 more
   Caused by: java.lang.IllegalArgumentException: Argument fault is null
           at org.globus.wsrf.utils.FaultHelper.<init>(FaultHelper.java:89)
           at org.globus.wsrf.utils.FaultHelper.<init>(FaultHelper.java:75)
           at
org.globus.exec.service.exec.StateMachine.getErrorMessageFromFault(StateMachine.java:3439)
           at
org.globus.exec.service.exec.StateMachine.logJobFailed(StateMachine.java:3430)
           at
org.globus.exec.service.exec.StateMachine.processFailedState(StateMachine.java:2401)
           ... 6 more
------- Comment #1 From 2008-03-17 16:01:57 -------
The fix for this is available as an update package now :
http://www.globus.org/toolkit/advisories.html