iRODS 4.2.2 - development, authentication information lost in transit
316 views
Skip to first unread message
Davor Vusir
Jan 17, 2018, 10:53:11 AM1/17/18
to iRODS-Chat
Hi all!
I'm programming a VFS module for Samba to make it possible for Windows clients to use iRODS. My project is outlined in a Github project, https://github.com/davorvusir/vfs_stor.
iRODS is configured to use Kerberos and authenticates against Active Directory.
When I ssh to the Samba server I am automatically logged on to the iRODS zone. There are no problems issuing an 'ils' or 'iput', I get a listing or the file is transfered to the iRODS server. But if I run 'smbclient -C \\\\isamba\\test' (where '-C' means "-C|--use-ccache Try to use the credentials cached by winbind.") the following happens:
The connection seems to go fine until the function 'setRhostInfo' is called. Somewhere on the way between '_rcConnect' and 'setRhostInfo' the content of myEnv.rodsHost is lost and error -302000 is produced. This error makes 'clientLogin' later on to fail with error -13000. See log below.
I willingly admit that I am a poor programmer, but I expect other errors after being authenticated to iRODS. And to me it looks like I am never authenticated because of portions of the authenticationinformation is lost on the way to the iRODS server.
The code for the VFS module: https://github.com/davorvusir/vfs_stor/blob/master/source3/modules/vfs_stor.c and it is the function 'stor_connect' that I have problem with.
The server is a Ubuntu 16.04 and iRODS 4.2.2 installed via apt.
What did I miss? Grateful for any pointers.
Regards
Davor Vusir
---
davor@isamba:~$ klist -e
Ticket cache: FILE:/tmp/krb5cc_11104
Default principal: da...@DATADELIKATESSER.SE
Valid starting Expires Service principal
01/17/2018 11:09:32 01/17/2018 21:09:32 krbtgt/DATADELIK...@DATADELIKATESSER.SE
renew until 01/24/2018 11:09:29, Etype (skey, tkt): arcfour-hmac, aes256-cts-hmac-sha1-96
01/17/2018 11:09:44 01/17/2018 21:09:32 cifs/ISA...@DATADELIKATESSER.SE
Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
davor@isamba:~$
Excerpt from Samba log (smbd):
[2018/01/17 11:09:44.216455, 3] ../lib/util/modules.c:167(load_module_absolute_path)
load_module_absolute_path: Module '/usr/local/samba/lib/vfs/stor.so' loaded
[2018/01/17 11:09:44.216709, 1] ../source3/modules/vfs_stor.c:78(stor_connect)
[VFS_STOR] - HOME env var: /data/home/davor
[2018/01/17 11:09:44.216904, 1] ../source3/modules/vfs_stor.c:95(stor_connect)
[VFS_STOR] irods_host: rods.datadelikatesser.se
[2018/01/17 11:09:44.220122, 1] ../source3/modules/vfs_stor.c:105(stor_connect)
[VFS_STOR] - getRodsEnv myEnv.rodsHost: rods.datadelikatesser.se
[2018/01/17 11:09:44.220292, 1] ../source3/modules/vfs_stor.c:107(stor_connect)
[VFS_STOR] - getRodsEnv, status: 0
remote addresses: 192.168.1.8 ERROR: _rcConnect: setRhostInfo error, IRODS_HOST is probably not set correctly status = -302000 USER_RODS_HOST_EMPTY
[2018/01/17 11:09:44.221142, 1] ../source3/modules/vfs_stor.c:112(stor_connect)
[VFS_STOR] - Efter handle->data, myEnv.rodsHost:
[2018/01/17 11:09:44.221312, 1] ../source3/modules/vfs_stor.c:116(stor_connect)
[VFS_STOR] - error handle-data: handle->data == NULL
[2018/01/17 11:09:44.221602, 1] ../source3/modules/vfs_stor.c:120(stor_connect)
[VFS_STOR] - Efter clientLogin: -130000
[2018/01/17 11:09:44.221767, 1] ../source3/modules/vfs_stor.c:124(stor_connect)
[VFS_STOR] - error number, rc: -1
Jason Coposky
Jan 17, 2018, 4:02:56 PM1/17/18
to irod...@googlegroups.com
First, thanks for taking on this project. It has been something the community has needed for quite a while.
I looked through your code and it appears some cruft was checked in with your code, but beyond that I noticed on line 108 that if you successfully get the irods environment you continue with the rcConnect and otherwise you just try clientLogin. You will want to add an else to the if and if dvstatus is not valid then log and exit as appropriate.
I am not entirely familiar with how samba operates with cached credentials you may be trying to fetch the irods environment from an invalid location but the error is getting masked by the above issue. You may want to log the myEnv and perhaps the current working directory to get a handle on the situation.
Thanks,
------
Jason Coposky
Executive Director, iRODS Consortium
RENCI at the University of North Carolina at Chapel Hill
w: (919)445-9675
--
--
"iRODS: the Integrated Rule-Oriented Data-management System; A community driven, open source, data grid software solution"
https://www.irods.org
iROD-Chat: http://groups.google.com/group/iROD-Chat
---
You received this message because you are subscribed to the Google Groups "iRODS-Chat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
irod-chat+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Davor Vusir
Jan 18, 2018, 12:32:46 PM1/18/18
to iRODS-Chat
Thank you for taking time to help me forward, Jason.
I know the code lacks some, ehh, elegance, but as long as I can't pass rcConnect, it does not matter. I have rearranged the code some and uploaded a new version.
I am pretty sure it reads the environment file. If I rename the directory .irods I get the following error:
remote addresses: 192.168.1.8 ERROR: environment_properties::capture: missing environment file. should be at [/data/home/davor/.irods/irods_environment.json]
Before I added setenv() I got the same error but it looked in /var/lib/irods.
After decrypting how to use gdb I get:
Breakpoint 1, stor_connect (handle=0x5555558149e0, service=0x5555557e1820 "test",
user=0x5555557c4090 "TEST\\davor") at ../source3/modules/vfs_stor.c:96
96 dvstatus = getRodsEnv(&myEnv);
(gdb) s
98 DEBUG(1, ("[VFS_STOR] - getRodsEnv myEnv.rodsHost: %s\n", myEnv.rodsHost));
(gdb) p myEnv.rodsHost
$1 = "rods.test.vusir.se", '\000' <repeats 45 times>
(gdb) p myEnv.rodsPort
$2 = 1247
(gdb) s
[VFS_STOR] - getRodsEnv myEnv.rodsHost: rods.test.vusir.se
99 if(dvstatus == 0) {
(gdb) s
100 DEBUG(1, ("[VFS_STOR] - getRodsEnv, status: %i\n", dvstatus));
(gdb) s
I know the code lacks some, ehh, elegance, but as long as I can't pass rcConnect, it does not matter. I have rearranged the code some and uploaded a new version.
I am pretty sure it reads the environment file. If I rename the directory .irods I get the following error:
remote addresses: 192.168.1.8 ERROR: environment_properties::capture: missing environment file. should be at [/data/home/davor/.irods/irods_environment.json]
Before I added setenv() I got the same error but it looked in /var/lib/irods.
After decrypting how to use gdb I get:
Breakpoint 1, stor_connect (handle=0x5555558149e0, service=0x5555557e1820 "test",
user=0x5555557c4090 "TEST\\davor") at ../source3/modules/vfs_stor.c:96
96 dvstatus = getRodsEnv(&myEnv);
(gdb) s
98 DEBUG(1, ("[VFS_STOR] - getRodsEnv myEnv.rodsHost: %s\n", myEnv.rodsHost));
(gdb) p myEnv.rodsHost
$1 = "rods.test.vusir.se", '\000' <repeats 45 times>
(gdb) p myEnv.rodsPort
$2 = 1247
(gdb) s
[VFS_STOR] - getRodsEnv myEnv.rodsHost: rods.test.vusir.se
99 if(dvstatus == 0) {
(gdb) s
100 DEBUG(1, ("[VFS_STOR] - getRodsEnv, status: %i\n", dvstatus));
(gdb) s
[VFS_STOR] - getRodsEnv, status: 0
101 handle->data = (rcComm_t *) rcConnect(myEnv.rodsHost,
(gdb) p handle->data
$3 = (void *) 0x0
(gdb) s
(gdb) p handle->data
$3 = (void *) 0x0
(gdb) s
remote addresses: 192.168.1.8 ERROR: _rcConnect: setRhostInfo error, IRODS_HOST is probably not set correctly status = -302000 USER_RODS_HOST_EMPTY
105 DEBUG(1, ("[VFS_STOR] - Efter handle->data, myEnv.rodsHost: %s\n", myEnv.rodsHost));
(gdb) p myEnv.rodsHost
$4 = '\000' <repeats 63 times>
(gdb) p myEnv.rodsPort
$5 = 0
(gdb) p handle->data
$6 = (void *) 0x0
(gdb)
My environment file:
{
"irods_host": "rods.datadelikatesser.se",
"irods_port": 1247,
"irods_user_name": "davor",
"irods_zone_name": "tempZone",
"irods_authentication_scheme": "KRB"
}
What catches my eye is that $1 is the same as after the colon, not just the hostname.
Regards
Davor
(gdb) p myEnv.rodsHost
$4 = '\000' <repeats 63 times>
(gdb) p myEnv.rodsPort
$5 = 0
(gdb) p handle->data
$6 = (void *) 0x0
(gdb)
My environment file:
{
"irods_host": "rods.datadelikatesser.se",
"irods_port": 1247,
"irods_user_name": "davor",
"irods_zone_name": "tempZone",
"irods_authentication_scheme": "KRB"
}
What catches my eye is that $1 is the same as after the colon, not just the hostname.
Regards
Davor
01/17/2018 11:09:32 01/17/2018 21:09:32 krbtgt/DATADE...@DATADELIKATESSER.SE
renew until 01/24/2018 11:09:29, Etype (skey, tkt): arcfour-hmac, aes256-cts-hmac-sha1-96
01/17/2018 11:09:44 01/17/2018 21:09:32 cifs/...@DATADELIKATESSER.SE
Davor Vusir
Jan 18, 2018, 12:38:13 PM1/18/18
to iRODS-Chat
I have to add that I have used the host 'rods.test.vusir.se' all along. The server rods.datadelikatesser.se used earlier was an attempt to hide the real server name. I basically blew my cover... :)
Jason Coposky
Jan 18, 2018, 2:02:19 PM1/18/18
to irod...@googlegroups.com
Davor Vusir
Jan 24, 2018, 6:02:30 AM1/24/18
to iRODS-Chat
I have made som progress. At least I think I know why I can't pass rcConnect().
In the log file smbd produces when it crashes it all goes well until sendStartUpPack(), #10, calls sendRodsMsg(), #9. See #10-#6.
The iRODS-server get a request from the client to connect but a time out occurs as the client crashes. See rodsServerLog below.
During connect, rcConnect() calls sendStartUpPack() which in turn calls getRodsEnv(). The comment above the call getRodsEnv() in sockComm.cpp:L1108 says:
// if the advanced negotiation is requested from the irodsEnv,
// tack those results onto the startup pack option string
I guess Kerberos authentication is classified as 'advanced negotiation' and getRodsEnv(), which calls _getRodsEnv(), which in turn calls getRodsEnvFromFile(). This function, getRodsEnvFromFile() sets myEnv.rodsAuthScheme to 'native' (getRodsEnv.cpp:L190).
Next step is that getRodsEnvFromEnv() is called and myEnv.rodsAuthScheme is set to 'KRB' (see getRodsEnv.cpp:L510) as stated in the environment file.
Please have a look at the printing of rods_data->myEnv below from gdb:
rodsAuthScheme = "KRB\000ve", '\000' <repeats 57 times>
'native' is replaced by 'KRB' but the letters 've' from 'native' are never overwritten.
All looks fine to sendStartUpPack() but sendRodsMsg() cannot handle the data and crashes. Something (an initiator?) is sent to the server but StartUpPack never comes in full. The server logs the error -115000.
Regards
Davor
From gdb, debugging smbd/vfs_stor.c:
load_module_absolute_path: Module '/usr/local/samba/lib/vfs/stor.so' loaded
[VFS_STOR] - home_dir: /data/home/davor
[VFS_STOR] - home_directory: /data/home/davor
[VFS_STOR] - HOME env var: /data/home/davor
[VFS_STOR] - getRodsEnv myEnv.rodsHost: rods.test.vusir.se
[VFS_STOR] - getRodsEnv, status: 0
Breakpoint 1, stor_connect (handle=0x5555558154e0, service=0x5555557ed950 "test",
user=0x5555557fcf20 "TEST\\davor") at ../source3/modules/vfs_stor.c:134
134 rods_data->irods_conn = rcConnect(rods_data->myEnv.rodsHost,
(gdb) p rods_data->myEnv
$1 = {rodsUserName = "davor", '\000' <repeats 58 times>,
rodsHost = "rods.test.vusir.se", '\000' <repeats 45 times>, rodsPort = 1247,
xmsgHost = '\000' <repeats 63 times>, xmsgPort = 0,
rodsHome = "/tempZone/home/davor", '\000' <repeats 1067 times>,
rodsCwd = "/tempZone/home/davor", '\000' <repeats 1067 times>,
rodsAuthScheme = "KRB\000ve", '\000' <repeats 57 times>, rodsDefResource = '\000' <repeats 63 times>,
rodsZone = "tempZone", '\000' <repeats 55 times>, rodsLogLevel = 0,
rodsAuthFile = '\000' <repeats 255 times>, rodsDebug = '\000' <repeats 63 times>,
rodsClientServerPolicy = '\000' <repeats 255 times>,
rodsClientServerNegotiation = '\000' <repeats 255 times>, rodsEncryptionKeySize = 0,
rodsEncryptionSaltSize = 0, rodsEncryptionNumHashRounds = 0,
rodsEncryptionAlgorithm = '\000' <repeats 127 times>, rodsDefaultHashScheme = '\000' <repeats 63 times>,
rodsMatchHashPolicy = '\000' <repeats 63 times>, irodsSSLCACertificatePath = '\000' <repeats 1087 times>,
irodsSSLCACertificateFile = '\000' <repeats 1087 times>, irodsSSLVerifyServer = '\000' <repeats 1087 times>,
irodsSSLCertificateChainFile = '\000' <repeats 1087 times>,
irodsSSLCertificateKeyFile = '\000' <repeats 1087 times>,
irodsSSLDHParamsFile = '\000' <repeats 1087 times>, irodsCtrlPlaneKey = '\000' <repeats 1087 times>,
irodsCtrlPlanePort = 0, irodsCtrlPlaneEncryptionNumHashRounds = 0,
irodsCtrlPlaneEncryptionAlgorithm = '\000' <repeats 127 times>, irodsMaxSizeForSingleBuffer = 32,
irodsDefaultNumberTransferThreads = 4, irodsTransBufferSizeForParaTrans = 4,
irodsPluginHome = '\000' <repeats 1087 times>}
(gdb) p rods_data
$2 = (struct stor *) 0x555555815580
(gdb) p rods_data->irods_conn
$3 = (rcComm_t *) 0x0
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x00007fffe0047403 in boost::unordered::detail::table_impl<boost::unordered::detail::map<std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, boost::any> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, boost::any, irods::irods_string_hash, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > >::operator[](std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) () from /usr/lib/libirods_client.so.4.2.2
(gdb)
---
From smbd.log:
[2018/01/23 18:38:41.973629, 1] ../source3/modules/vfs_stor.c:133(stor_connect)
[VFS_STOR] - getRodsEnv, status: 0
[2018/01/23 18:38:41.997155, 0] ../lib/util/fault.c:78(fault_report)
===============================================================
[2018/01/23 18:38:41.997236, 0] ../lib/util/fault.c:79(fault_report)
INTERNAL ERROR: Signal 11 in pid 1786 (4.7.3)
Please read the Trouble-Shooting section of the Samba HOWTO
[2018/01/23 18:38:41.997283, 0] ../lib/util/fault.c:81(fault_report)
===============================================================
[2018/01/23 18:38:41.997314, 0] ../source3/lib/util.c:804(smb_panic_s3)
PANIC (pid 1786): internal error
[2018/01/23 18:38:41.998186, 0] ../source3/lib/util.c:915(log_stack_trace)
BACKTRACE: 44 stack frames:
#0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f32452d3236]
#1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6d) [0x7f32452d3087]
#2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7f32477983a2]
#3 /usr/local/samba/lib/libsamba-util.so.0(+0x2d080) [0x7f3247798080]
#4 /usr/local/samba/lib/libsamba-util.so.0(+0x2d095) [0x7f3247798095]
#5 /lib/x86_64-linux-gnu/libpthread.so.0(+0x11390) [0x7f3247c01390]
#6 /usr/lib/libirods_client.so.4.2.2(_ZN5boost9unordered6detail10table_implINS1_3mapINSt3__19allocatorINS4_4pairIKNS4_12basic_stringIcNS4_11char_traitsIcEENS5_IcEEEENS_3anyEEEEESB_SD_N5irods17irods_string_hashENS4_8equal_toISB_EEEEEixERSC_+0x13) [0x7f32300e9403]
#7 /usr/lib/libirods_client.so.4.2.2(_ZZN5irods11plugin_base4callIJPKcP8BytesBufS5_S5_i11irodsProt_tEEENS_5errorEP8rsComm_tRKNSt3__112basic_stringIcNSA_11char_traitsIcEENSA_9allocatorIcEEEEN5boost10shared_ptrINS_18first_class_objectEEEDpT_ENKUlRNS_14plugin_contextEPSG_S3_S5_S5_S5_iS6_E_clESQ_SR_S3_S5_S5_S5_iS6_+0x5a) [0x7f323012a30a]
#8 /usr/lib/libirods_client.so.4.2.2(_ZN5irods11plugin_base4callIJPKcP8BytesBufS5_S5_i11irodsProt_tEEENS_5errorEP8rsComm_tRKNSt3__112basic_stringIcNSA_11char_traitsIcEENSA_9allocatorIcEEEEN5boost10shared_ptrINS_18first_class_objectEEEDpT_+0x1af) [0x7f3230128b7f]
#9 /usr/lib/libirods_client.so.4.2.2(_Z11sendRodsMsgN5boost10shared_ptrIN5irods14network_objectEEEPKcP8BytesBufS7_S7_i11irodsProt_t+0x153) [0x7f3230124cf3]
#10 /usr/lib/libirods_client.so.4.2.2(sendStartupPack+0x233) [0x7f3230124283]
#11 /usr/lib/libirods_client.so.4.2.2(connectToRhost+0x55) [0x7f3230123175]
#12 /usr/lib/libirods_client.so.4.2.2(_rcConnect+0x24d) [0x7f323010f65d]
#13 /usr/lib/libirods_client.so.4.2.2(rcConnect+0x6b) [0x7f323010f3fb]
#14 /usr/local/samba/lib/vfs/stor.so(+0x1f22) [0x7f323037cf22]
#15 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smb_vfs_call_connect+0x4d) [0x7f324733f8bc]
#16 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x21c788) [0x7f3247360788]
#17 /usr/local/samba/lib/private/libsmbd-base-samba4.so(make_connection_smb2+0xe1) [0x7f324736183d]
#18 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x2416d9) [0x7f32473856d9]
#19 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x241afb) [0x7f3247385afb]
#20 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_smb2_request_process_tcon+0x2b1) [0x7f3247384c5a]
#21 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_smb2_request_dispatch+0x15c0) [0x7f3247378b0b]
#22 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x239ed0) [0x7f324737ded0]
#23 /usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x239fd6) [0x7f324737dfd6]
#24 /usr/local/samba/lib/private/libtevent.so.0(+0xe4ac) [0x7f32467284ac]
#25 /usr/local/samba/lib/private/libtevent.so.0(+0xeae4) [0x7f3246728ae4]
#26 /usr/local/samba/lib/private/libtevent.so.0(+0xb7e0) [0x7f32467257e0]
#27 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0x10f) [0x7f324671f0f1]
#28 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_wait+0x25) [0x7f324671f408]
#29 /usr/local/samba/lib/private/libtevent.so.0(+0xb882) [0x7f3246725882]
#30 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_wait+0x2b) [0x7f324671f4ab]
#31 /usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_process+0xc32) [0x7f324735e6fa]
#32 /usr/local/samba/sbin/smbd(+0xcbf2) [0x558081a89bf2]
#33 /usr/local/samba/lib/private/libtevent.so.0(+0xe4ac) [0x7f32467284ac]
#34 /usr/local/samba/lib/private/libtevent.so.0(+0xeae4) [0x7f3246728ae4]
#35 /usr/local/samba/lib/private/libtevent.so.0(+0xb7e0) [0x7f32467257e0]
#36 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0x10f) [0x7f324671f0f1]
#37 /usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_wait+0x25) [0x7f324671f408]
#38 /usr/local/samba/lib/private/libtevent.so.0(+0xb882) [0x7f3246725882]
#39 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_wait+0x2b) [0x7f324671f4ab]
#40 /usr/local/samba/sbin/smbd(+0xd98c) [0x558081a8a98c]
#41 /usr/local/samba/sbin/smbd(main+0x18b7) [0x558081a8cb32]
#42 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7f3243951830]
#43 /usr/local/samba/sbin/smbd(_start+0x29) [0x558081a82fd9]
[2018/01/23 18:38:41.998833, 0] ../source3/lib/util.c:816(smb_panic_s3)
smb_panic(): calling panic action [/bin/sleep 999999999]
---
From rodsServerLog:
Jan 24 05:40:20 pid:1164 remote addresses: 192.168.1.8 ERROR: readWorkerTask - readStartupPack failed. -115000
Jason Coposky
Jan 24, 2018, 8:20:04 AM1/24/18
to irod...@googlegroups.com
To confirm the cause of the behavior, does rcConnect succeed with just native authentication?
Davor Vusir
Jan 31, 2018, 12:15:17 AM1/31/18
to iRODS-Chat
Sorry for the late response, Jason.
It produces the same result. But I found something else; when I change
rErrMsg_t err_msg; to rErrMsg_t *err_msg;
It produces the same result. But I found something else; when I change
rErrMsg_t err_msg; to rErrMsg_t *err_msg;
I get the following error:
[VFS_STOR] - getRodsEnv, status: 0
Breakpoint 1, stor_connect (handle=0x5555558156a0, service=0x5555557ef5d0 "test",
user=0x5555557faad0 "TEST\\davor") at ../source3/modules/vfs_stor.c:100
100 rods_data->irods_conn = rcConnect(
(gdb) p rods_data->stor_env
user=0x5555557faad0 "TEST\\davor") at ../source3/modules/vfs_stor.c:100
100 rods_data->irods_conn = rcConnect(
(gdb) p rods_data->stor_env
$1 = {rodsUserName = "davor", '\000' <repeats 58 times>,
rodsHost = "rods.test.vusir.se", '\000' <repeats 45 times>, rodsPort = 1247,
xmsgHost = '\000' <repeats 63 times>, xmsgPort = 0,
rodsHome = "/tempZone/home/davor", '\000' <repeats 1067 times>,
rodsCwd = "/tempZone/home/davor", '\000' <repeats 1067 times>,
rodsAuthScheme = "KRB\000ve", '\000' <repeats 57 times>
(gdb) c
Continuing.
Continuing.
remote addresses: 192.168.1.8 ERROR: _rcConnect: setRhostInfo error, IRODS_HOST is probably not set correctly status = -302000 USER_RODS_HOST_EMPTY
[VFS_STOR] - error iRODS connection: rods_data->irods_conn == NULL
Regards
Davor
Regards
Davor
Jason Coposky
Jan 31, 2018, 3:40:24 AM1/31/18
to irod...@googlegroups.com
You will want to pass in an initialized rErrMsg_t, otherwise you will not get additional error information should something fail.
Can you then examine the err_msg->msg and err_msg->status?
The host name is passed through rcConnect, to _rcConnect, to setRHostInfo, to setSockAddr, which calls getaddrinfo_with_retry on the hostname.
Finally, this function calls getaddrinfo on your hostname until it succeeds, and retries ( within reason ) until it gets a terminal error.
Hopefully the rErrMsg_t has a helpful error as to why this might fail.
Davor Vusir
Feb 4, 2018, 1:29:04 PM2/4/18
to iRODS-Chat
Hi Jason,
I have uploaded an error log, https://github.com/davorvusir/vfs_stor/blob/master/Samba_irods_error.txt, for you to read. I hope I did not misunderstand you and that you find answers to your questions. Please let me know if something is missing.
The only way I can get a status code and error message is to make "rErrMsg_t err_msg" a pointer (rErrMsg_t *err_msg) and pass that as parameter to rcConnect.
I don't believe it's a name resolving issue, because when running iinit and other iCommands I have no issues.
One thing that caught my eye when looking through rcConnect.cpp is:
in rcConnect.h the parameter "rErrMsg_t *errMsg" is defined as parameters in both functions rcConnect and _rcConnect.
But in rcConnect.cpp:L48, rcConnect passes "errMsg" but not "&errMsg" as an argument to _rcConnect. Might that be an issue?
Regards
Davor
I have uploaded an error log, https://github.com/davorvusir/vfs_stor/blob/master/Samba_irods_error.txt, for you to read. I hope I did not misunderstand you and that you find answers to your questions. Please let me know if something is missing.
The only way I can get a status code and error message is to make "rErrMsg_t err_msg" a pointer (rErrMsg_t *err_msg) and pass that as parameter to rcConnect.
I don't believe it's a name resolving issue, because when running iinit and other iCommands I have no issues.
One thing that caught my eye when looking through rcConnect.cpp is:
in rcConnect.h the parameter "rErrMsg_t *errMsg" is defined as parameters in both functions rcConnect and _rcConnect.
But in rcConnect.cpp:L48, rcConnect passes "errMsg" but not "&errMsg" as an argument to _rcConnect. Might that be an issue?
Regards
Davor
Davor Vusir
Mar 4, 2018, 6:48:58 AM3/4/18
to iRODS-Chat
I have recently found out that using Kerberos for authentication is not possible.
After a succesful Kerberos authentication a ticket is created locally. The iCommands in turn presents this ticket to the iRODS server.
If you logon to a domain joined workstation and mount a Samba file share or use the UNC path to connect, the client computer will forward it's ticket to the Samba server. Unfortunally the server has no way of converting the ticket to a CCNAME (for instance) and in turn present it to the iRODS server. This functionality is not yet implemented.
For now 'native' authentication has to be used. And this will not pose a problem.
See:
https://lists.samba.org/archive/samba/2017-May/208220.html
https://github.com/samba-team/samba/blob/master/source3/librpc/crypto/gse.c
https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions
Jason, I think you were right when you initially said that the error is being masked.
If I run Samba in a gdb session in a user context with sudo privileges (the account created by Ubuntu installer), I get the following error:
remote addresses: 192.168.1.8 ERROR: environment_properties::capture: missing environment file. should be at [/home/localadmin/.irods/irods_environment.json]
[VFS_STOR] - getRodsEnv stor_env.rodsHost:
After a succesful Kerberos authentication a ticket is created locally. The iCommands in turn presents this ticket to the iRODS server.
If you logon to a domain joined workstation and mount a Samba file share or use the UNC path to connect, the client computer will forward it's ticket to the Samba server. Unfortunally the server has no way of converting the ticket to a CCNAME (for instance) and in turn present it to the iRODS server. This functionality is not yet implemented.
For now 'native' authentication has to be used. And this will not pose a problem.
See:
https://lists.samba.org/archive/samba/2017-May/208220.html
https://github.com/samba-team/samba/blob/master/source3/librpc/crypto/gse.c
https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions
Jason, I think you were right when you initially said that the error is being masked.
If I run Samba in a gdb session in a user context with sudo privileges (the account created by Ubuntu installer), I get the following error:
remote addresses: 192.168.1.8 ERROR: environment_properties::capture: missing environment file. should be at [/home/localadmin/.irods/irods_environment.json]
[VFS_STOR] - getRodsEnv stor_env.rodsHost:
[VFS_STOR] - getRodsEnv, status: 0
remote addresses: 192.168.1.8 ERROR: _rcConnect: setRhostInfo error, IRODS_HOST is probably not set correctly status = -302000 USER_RODS_HOST_EMPTY
If i run Samba in a gdb session as root, I get the following error:
Breakpoint 1, stor_connect (handle=0x555555814340, service=0x5555557ecb00 "test",
user=0x5555557f3100 "TEST\\davor") at ../source3/modules/vfs_stor.c:114
114 if(auth_pipe_user_ok){
(gdb) s
115 home_dir = handle->conn->session_info->info->home_directory;
(gdb)
116 DEBUG(1, ("[VFS_STOR] - home_dir: %s\n", home_dir));
(gdb)
[VFS_STOR] - home_dir: /data/home/davor
117 DEBUG(1, ("[VFS_STOR] - home_directory: %s\n",
(gdb)
[VFS_STOR] - home_directory: /data/home/davor
120 home_dir = getenv("HOME");
(gdb)
121 DEBUG(1, ("[VFS_STOR] - HOME env var: %s\n", home_dir));
(gdb)
[VFS_STOR] - HOME env var: /root
124 status = getRodsEnv(&env);
(gdb)
terminating with uncaught exception of type boost::filesystem::filesystem_error: boost::filesystem::status: Permission denied: "/root/.irods/irods_environment.json"
When Samba is started through /etc/init.d, I get the following error:
[2018/03/04 07:01:39.469744, 1] ../source3/modules/vfs_stor.c:116(stor_connect)
[VFS_STOR] - home_dir: /data/home/davor
[2018/03/04 07:01:39.469803, 1] ../source3/modules/vfs_stor.c:118(stor_connect)
[VFS_STOR] - home_directory: /data/home/davor
[2018/03/04 07:01:39.469857, 1] ../source3/modules/vfs_stor.c:121(stor_connect)
[VFS_STOR] - HOME env var: (null)
remote addresses: 192.168.1.8 ERROR: environment_properties::capture: missing environment file. should be at [/var/lib/irods/.irods/irods_environment.json]
[2018/03/04 07:01:39.473358, 1] ../source3/modules/vfs_stor.c:126(stor_connect)
[VFS_STOR] - getRodsEnv stor_env.rodsHost:
[2018/03/04 07:01:39.473440, 1] ../source3/modules/vfs_stor.c:130(stor_connect)
Breakpoint 1, stor_connect (handle=0x555555814340, service=0x5555557ecb00 "test",
user=0x5555557f3100 "TEST\\davor") at ../source3/modules/vfs_stor.c:114
114 if(auth_pipe_user_ok){
(gdb) s
115 home_dir = handle->conn->session_info->info->home_directory;
(gdb)
116 DEBUG(1, ("[VFS_STOR] - home_dir: %s\n", home_dir));
(gdb)
[VFS_STOR] - home_dir: /data/home/davor
117 DEBUG(1, ("[VFS_STOR] - home_directory: %s\n",
(gdb)
[VFS_STOR] - home_directory: /data/home/davor
120 home_dir = getenv("HOME");
(gdb)
121 DEBUG(1, ("[VFS_STOR] - HOME env var: %s\n", home_dir));
(gdb)
[VFS_STOR] - HOME env var: /root
124 status = getRodsEnv(&env);
(gdb)
terminating with uncaught exception of type boost::filesystem::filesystem_error: boost::filesystem::status: Permission denied: "/root/.irods/irods_environment.json"
When Samba is started through /etc/init.d, I get the following error:
[2018/03/04 07:01:39.469744, 1] ../source3/modules/vfs_stor.c:116(stor_connect)
[VFS_STOR] - home_dir: /data/home/davor
[2018/03/04 07:01:39.469803, 1] ../source3/modules/vfs_stor.c:118(stor_connect)
[VFS_STOR] - home_directory: /data/home/davor
[2018/03/04 07:01:39.469857, 1] ../source3/modules/vfs_stor.c:121(stor_connect)
[VFS_STOR] - HOME env var: (null)
remote addresses: 192.168.1.8 ERROR: environment_properties::capture: missing environment file. should be at [/var/lib/irods/.irods/irods_environment.json]
[2018/03/04 07:01:39.473358, 1] ../source3/modules/vfs_stor.c:126(stor_connect)
[VFS_STOR] - getRodsEnv stor_env.rodsHost:
[2018/03/04 07:01:39.473440, 1] ../source3/modules/vfs_stor.c:130(stor_connect)
[VFS_STOR] - getRodsEnv, status: 0
remote addresses: 192.168.1.8 ERROR: _rcConnect: setRhostInfo error, IRODS_HOST is probably not set correctly status = -302000 USER_RODS_HOST_EMPTY
[2018/03/04 07:01:39.474017, 1] ../source3/modules/vfs_stor.c:140(stor_connect)
[VFS_STOR] - error iRODS connection: data->conn == NULL
When getRodsEnv() re-reads the environment file, via sendStartUpPack() and rcConnect(), it has lost knowledge of the calling user. getRodsEnv(), when called at first hand, works fine, reads the AD user's environment file. But called in fourth hand/level (rcConnect() -> _rcConnect() -> connectToRhost() -> sendStartUpPack() -> getRodsEnv()) somewhere along the line the function looses track of the actual user and 'HOME' variable and starts to read the potential environment file of the account running Samba.
Does this make sense?
Samba has got a set of functions; become_user(), become_user_permanently() and others which might be helpful. As of today I have done the connection attempts within the VFS modules 'stor_connect()' function. It might work if I put the iRODS's connection function in separate VFS functions and use 'become_XXX()'.
If the above doesn't work (which I believe it won't), I have to conclude that I'm too much of a novice but also that this project is not going to fly.
Thank you for your time, Jason. It has been very valuable for me.
Regards
Davor Vusir
[VFS_STOR] - error iRODS connection: data->conn == NULL
When getRodsEnv() re-reads the environment file, via sendStartUpPack() and rcConnect(), it has lost knowledge of the calling user. getRodsEnv(), when called at first hand, works fine, reads the AD user's environment file. But called in fourth hand/level (rcConnect() -> _rcConnect() -> connectToRhost() -> sendStartUpPack() -> getRodsEnv()) somewhere along the line the function looses track of the actual user and 'HOME' variable and starts to read the potential environment file of the account running Samba.
Does this make sense?
Samba has got a set of functions; become_user(), become_user_permanently() and others which might be helpful. As of today I have done the connection attempts within the VFS modules 'stor_connect()' function. It might work if I put the iRODS's connection function in separate VFS functions and use 'become_XXX()'.
If the above doesn't work (which I believe it won't), I have to conclude that I'm too much of a novice but also that this project is not going to fly.
Thank you for your time, Jason. It has been very valuable for me.
Regards
Davor Vusir
Davor Vusir
Mar 23, 2018, 4:44:55 AM3/23/18
to iRODS-Chat
Hi all,
I just wanted to give you a quick update. I believe I have come a bit further but sendRodsMsg() crashes when using Boost-libraries. See below. And rodServerLog gives:
tail -100 /var/lib/irods/log/rodsServerLog.2018.03.21:
Mar 22 05:53:21 pid:1294 remote addresses: 192.168.1.8 ERROR: readWorkerTask - readStartupPack failed. -115000
Mar 23 05:58:17 pid:1294 remote addresses: 192.168.1.8 ERROR: readWorkerTask - readStartupPack failed. -4000
Soon I'll have a proper connect. :)
Regards
Davor
---
I just wanted to give you a quick update. I believe I have come a bit further but sendRodsMsg() crashes when using Boost-libraries. See below. And rodServerLog gives:
tail -100 /var/lib/irods/log/rodsServerLog.2018.03.21:
Mar 22 05:53:21 pid:1294 remote addresses: 192.168.1.8 ERROR: readWorkerTask - readStartupPack failed. -115000
Mar 23 05:58:17 pid:1294 remote addresses: 192.168.1.8 ERROR: readWorkerTask - readStartupPack failed. -4000
Soon I'll have a proper connect. :)
Regards
Davor
---
Program received signal SIGSEGV, Segmentation fault.
0x00007fffdff16403 in boost::unordered::detail::table_impl<boost::unordered::detail::map<std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, boost::any> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, boost::any, irods::irods_string_hash, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > >::operator[](std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) () from /usr/lib/libirods_client.so.4.2.2
(gdb) bt
#0 0x00007fffdff16403 in boost::unordered::detail::table_impl<boost::unordered::detail::map<std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, boost::any> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, boost::any, irods::irods_string_hash, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > >::operator[](std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) () from /usr/lib/libirods_client.so.4.2.2
#1 0x00007fffdff5730a in irods::error irods::plugin_base::call<char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t>(rsComm_t*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, boost::shared_ptr<irods::first_class_object>, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t)::{lambda(irods::plugin_context&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t)#1}::operator()(irods::plugin_context&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t) const () from /usr/lib/libirods_client.so.4.2.2
#2 0x00007fffdff55b7f in irods::error irods::plugin_base::call<char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t>(rsComm_t*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, boost::shared_ptr<irods::first_class_object>, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t) () from /usr/lib/libirods_client.so.4.2.2
#3 0x00007fffdff51cf3 in sendRodsMsg(boost::shared_ptr<irods::network_object>, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t) ()
from /usr/lib/libirods_client.so.4.2.2
#4 0x00007fffdff51283 in sendStartupPack () from /usr/lib/libirods_client.so.4.2.2
#5 0x00007fffdff50175 in connectToRhost () from /usr/lib/libirods_client.so.4.2.2
#6 0x00007fffdff3c65d in _rcConnect () from /usr/lib/libirods_client.so.4.2.2
#7 0x00007fffdff3c3fb in rcConnect () from /usr/lib/libirods_client.so.4.2.2
(gdb) bt
#0 0x00007fffdff16403 in boost::unordered::detail::table_impl<boost::unordered::detail::map<std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, boost::any> >, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, boost::any, irods::irods_string_hash, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > >::operator[](std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) () from /usr/lib/libirods_client.so.4.2.2
#1 0x00007fffdff5730a in irods::error irods::plugin_base::call<char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t>(rsComm_t*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, boost::shared_ptr<irods::first_class_object>, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t)::{lambda(irods::plugin_context&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t)#1}::operator()(irods::plugin_context&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t) const () from /usr/lib/libirods_client.so.4.2.2
#2 0x00007fffdff55b7f in irods::error irods::plugin_base::call<char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t>(rsComm_t*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, boost::shared_ptr<irods::first_class_object>, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t) () from /usr/lib/libirods_client.so.4.2.2
#3 0x00007fffdff51cf3 in sendRodsMsg(boost::shared_ptr<irods::network_object>, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t) ()
from /usr/lib/libirods_client.so.4.2.2
#4 0x00007fffdff51283 in sendStartupPack () from /usr/lib/libirods_client.so.4.2.2
#5 0x00007fffdff50175 in connectToRhost () from /usr/lib/libirods_client.so.4.2.2
#6 0x00007fffdff3c65d in _rcConnect () from /usr/lib/libirods_client.so.4.2.2
#7 0x00007fffdff3c3fb in rcConnect () from /usr/lib/libirods_client.so.4.2.2
Davor Vusir
Mar 29, 2018, 2:55:29 PM3/29/18
to iRODS-Chat
I'm wondering, do the iCommands lock, in some sense, the network interface or IP-number? If so, is it possible to tie the "lock" to a specific interface/IP-number?
When I run the iCommand "ils", logged on to the Samba server in my AD user context via ssh, there is no problem. I don't use Kerberos authentication to iRODS, but native. The below listing is to show that this is not an account from the servers /etc/passwd. iCommand "ils" return the content of my rodsHome.
davor@isamba-c:~$ klist -e
Ticket cache: FILE:/tmp/krb5cc_11104
Default principal: da...@TEST.VUSIR.SE
When I run the iCommand "ils", logged on to the Samba server in my AD user context via ssh, there is no problem. I don't use Kerberos authentication to iRODS, but native. The below listing is to show that this is not an account from the servers /etc/passwd. iCommand "ils" return the content of my rodsHome.
davor@isamba-c:~$ klist -e
Ticket cache: FILE:/tmp/krb5cc_11104
Default principal: da...@TEST.VUSIR.SE
Valid starting Expires Service principal
03/29/2018 18:55:35 03/30/2018 04:55:34 krbtgt/TEST.V...@TEST.VUSIR.SE
renew until 04/05/2018 18:55:35, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
03/29/2018 18:55:35 03/30/2018 04:55:34 ISAMBA$@TEST.VUSIR.SE
renew until 04/05/2018 18:55:35, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
03/29/2018 18:55:35 03/30/2018 04:55:34 ISAMBA$@TEST.VUSIR.SE
Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
davor@isamba-c:~$ ils
/tempZone/home/davor:
test1.txt
test2.txt
C- /tempZone/home/davor/test
davor@isamba-c:~$
When issuing "ils" it will run the function rcConnect(), which, eventually, will run the function sendRodsMsg() and it calls irods::error sendRodsMsg(). Well here (https://github.com/irods/irods/blob/8fafad56abce19f6019dcf8a93be54049e4fd240/lib/core/src/sockComm.cpp#L1222) it tries to resolve
"// =-=-=-=-=-=-=-
// resolve a network interface plugin from the
// network object".
Is the interface/IP-number "locked" for iRODS to use?
Samba gives the opportunity to lock, as I understand, a interface/IP-number of choice.
In Samba log:
interpret_interface: Adding interface 192.168.1.8/24
added interface 192.168.1.8/24 ip=192.168.1.8 bcast=192.168.1.255 netmask=255.255.255.0
because of this entry in smb.conf:
interfaces = 192.168.1.8/24
bind interfaces only = yes
When I run rcConnect() from within Samba I end up with:
/tempZone/home/davor:
test1.txt
test2.txt
C- /tempZone/home/davor/test
davor@isamba-c:~$
When issuing "ils" it will run the function rcConnect(), which, eventually, will run the function sendRodsMsg() and it calls irods::error sendRodsMsg(). Well here (https://github.com/irods/irods/blob/8fafad56abce19f6019dcf8a93be54049e4fd240/lib/core/src/sockComm.cpp#L1222) it tries to resolve
"// =-=-=-=-=-=-=-
// resolve a network interface plugin from the
// network object".
Is the interface/IP-number "locked" for iRODS to use?
Samba gives the opportunity to lock, as I understand, a interface/IP-number of choice.
In Samba log:
interpret_interface: Adding interface 192.168.1.8/24
added interface 192.168.1.8/24 ip=192.168.1.8 bcast=192.168.1.255 netmask=255.255.255.0
because of this entry in smb.conf:
interfaces = 192.168.1.8/24
bind interfaces only = yes
When I run rcConnect() from within Samba I end up with:
#2 0x00007fffdff55b7f in irods::error irods::plugin_base::call<char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t>(rsComm_t*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, boost::shared_ptr<irods::first_class_object>, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t) () from /usr/lib/libirods_client.so.4.2.2
#3 0x00007fffdff51cf3 in sendRodsMsg(boost::shared_ptr<irods::network_object>, char const*, BytesBuf*, BytesBuf*, BytesBuf*, int, irodsProt_t) () from /usr/lib/libirods_client.so.4.2.2
#4 0x00007fffdff51283 in sendStartupPack () from /usr/lib/libirods_client.so.4.2.2
#5 0x00007fffdff50175 in connectToRhost () from /usr/lib/libirods_client.so.4.2.2
#6 0x00007fffdff3c65d in _rcConnect () from /usr/lib/libirods_client.so.4.2.2
#7 0x00007fffdff3c3fb in rcConnect () from /usr/lib/libirods_client.so.4.2.2
#8 0x00007fffe01a9eba in connect_to_irods (handle=0x555555814d70, cti=0x555555814e10,
user=0x5555557f3590 "TEST\\davor") at ../source3/modules/vfs_stor.c:149
And in rodsLog:
Mar 29 05:25:28 pid:1462 DEBUG: Rule [network_read_header] failed with error code [0], post-pep not executed
Mar 29 05:25:28 pid:1462 remote addresses: 192.168.1.8 ERROR: readWorkerTask - readStartupPack failed. -115000
sending header: len = 139
<MsgHeader_PI>
<type>RODS_VERSION</type>
<msgLen>188</msgLen>
<errorLen>0</errorLen>
<bsLen>0</bsLen>
<intInfo>0</intInfo>
</MsgHeader_PI>
For a while I thought that this was a product of iRODS always is using the "primary interface". I changed it to 192.168.1.5 while Samba still is bound to 192.168.1.8 (see above). Same result (crash) but rodsLog says:
Mar 29 06:33:53 pid:1462 DEBUG: Rule [network_read_header] failed with error code [0], post-pep not executed
Mar 29 06:33:53 pid:1462 remote addresses: 192.168.1.5 ERROR: readWorkerTask - readStartupPack failed. -4000
sending header: len = 139
<MsgHeader_PI>
<type>RODS_VERSION</type>
<msgLen>186</msgLen>
<errorLen>0</errorLen>
<bsLen>0</bsLen>
<intInfo>0</intInfo>
</MsgHeader_PI>
Does my explanation make any sense?
iCommands are dependent of $HOME. When I mimic/set the calling users $, iCommands fails to connect when called from a third-party program. How come?
Is there any way forward? If iRODS does not accept connections/logons from a third-party, this is a dead end.
Anyhow, have a nice Easter holiday.
Regards
Davor Vusir
user=0x5555557f3590 "TEST\\davor") at ../source3/modules/vfs_stor.c:149
And in rodsLog:
Mar 29 05:25:28 pid:1462 DEBUG: Rule [network_read_header] failed with error code [0], post-pep not executed
Mar 29 05:25:28 pid:1462 remote addresses: 192.168.1.8 ERROR: readWorkerTask - readStartupPack failed. -115000
sending header: len = 139
<MsgHeader_PI>
<type>RODS_VERSION</type>
<msgLen>188</msgLen>
<errorLen>0</errorLen>
<bsLen>0</bsLen>
<intInfo>0</intInfo>
</MsgHeader_PI>
For a while I thought that this was a product of iRODS always is using the "primary interface". I changed it to 192.168.1.5 while Samba still is bound to 192.168.1.8 (see above). Same result (crash) but rodsLog says:
Mar 29 06:33:53 pid:1462 DEBUG: Rule [network_read_header] failed with error code [0], post-pep not executed
Mar 29 06:33:53 pid:1462 remote addresses: 192.168.1.5 ERROR: readWorkerTask - readStartupPack failed. -4000
sending header: len = 139
<MsgHeader_PI>
<type>RODS_VERSION</type>
<msgLen>186</msgLen>
<errorLen>0</errorLen>
<bsLen>0</bsLen>
<intInfo>0</intInfo>
</MsgHeader_PI>
Does my explanation make any sense?
iCommands are dependent of $HOME. When I mimic/set the calling users $, iCommands fails to connect when called from a third-party program. How come?
Is there any way forward? If iRODS does not accept connections/logons from a third-party, this is a dead end.
Anyhow, have a nice Easter holiday.
Regards
Davor Vusir
Davor Vusir
Apr 13, 2018, 2:04:49 AM4/13/18
to iRODS-Chat
Hi all!
I have managed to get pass rcConnect() successfully, but get stuck at clientLogin() with the following message during a gdb session:
[VFS_STOR], act_user - pw_uid, pw_gid, pw_name: 11109, 10513, davor
Enter your current iRODS password:
[-] /tmp/tmp0dyJrt/plugins/auth/native/libnative.cpp:342:irods::error native_auth_client_response(irods::plugin_context &, rcComm_t *) : status [CAT_INVALID_AUTHENTICATION] errno [] -- message [Call to rcAuthResponseFailed.]
failed with error -826000 CAT_INVALID_AUTHENTICATION
How do pass a password to clientLogin() programmatically? Is it possible?
How do I make clientLogin() aware of the password-file ".irodsA"? Is it possible?
What is possible to pass to clientLogin() except the digit 0 (const char* _context, const char* _scheme_override) https://github.com/irods/irods/blob/4-2-stable/lib/core/include/rcConnect.h#L236? What effect does it have?
Regards
Davor
I have managed to get pass rcConnect() successfully, but get stuck at clientLogin() with the following message during a gdb session:
[VFS_STOR], act_user - pw_uid, pw_gid, pw_name: 11109, 10513, davor
Enter your current iRODS password:
[-] /tmp/tmp0dyJrt/plugins/auth/native/libnative.cpp:342:irods::error native_auth_client_response(irods::plugin_context &, rcComm_t *) : status [CAT_INVALID_AUTHENTICATION] errno [] -- message [Call to rcAuthResponseFailed.]
failed with error -826000 CAT_INVALID_AUTHENTICATION
How do pass a password to clientLogin() programmatically? Is it possible?
How do I make clientLogin() aware of the password-file ".irodsA"? Is it possible?
What is possible to pass to clientLogin() except the digit 0 (const char* _context, const char* _scheme_override) https://github.com/irods/irods/blob/4-2-stable/lib/core/include/rcConnect.h#L236? What effect does it have?
Regards
Davor
Den onsdag 17 januari 2018 kl. 16:53:11 UTC+1 skrev Davor Vusir:
Hi all!I'm programming a VFS module for Samba to make it possible for Windows clients to use iRODS. My project is outlined in a Github project, https://github.com/davorvusir/vfs_stor.iRODS is configured to use Kerberos and authenticates against Active Directory.When I ssh to the Samba server I am automatically logged on to the iRODS zone. There are no problems issuing an 'ils' or 'iput', I get a listing or the file is transfered to the iRODS server. But if I run 'smbclient -C \\\\isamba\\test' (where '-C' means "-C|--use-ccache Try to use the credentials cached by winbind.") the following happens:The connection seems to go fine until the function 'setRhostInfo' is called. Somewhere on the way between '_rcConnect' and 'setRhostInfo' the content of myEnv.rodsHost is lost and error -302000 is produced. This error makes 'clientLogin' later on to fail with error -13000. See log below.I willingly admit that I am a poor programmer, but I expect other errors after being authenticated to iRODS. And to me it looks like I am never authenticated because of portions of the authenticationinformation is lost on the way to the iRODS server.The code for the VFS module: https://github.com/davorvusir/vfs_stor/blob/master/source3/modules/vfs_stor.c and it is the function 'stor_connect' that I have problem with.The server is a Ubuntu 16.04 and iRODS 4.2.2 installed via apt.What did I miss? Grateful for any pointers.RegardsDavor Vusir---davor@isamba:~$ klist -eTicket cache: FILE:/tmp/krb5cc_11104Default principal: da...@DATADELIKATESSER.SEValid starting Expires Service principal
01/17/2018 11:09:32 01/17/2018 21:09:32 krbtgt/DATADELIKATESSER.SE@DATADELIKATESSER.SE
renew until 01/24/2018 11:09:29, Etype (skey, tkt): arcfour-hmac, aes256-cts-hmac-sha1-96
01/17/2018 11:09:44 01/17/2018 21:09:32 cifs/ISAMBA@DATADELIKATESSER.SE
korydraughn.renci
Jul 23, 2018, 6:37:20 PM7/23/18
to iRODS-Chat
Hi Davor,
I'm part of the iRODS dev team. Hopefully, I can help you in completing this.
I've been trying to reproduce what you've done so far (without Kerberos support) and I'm experiencing the boost issue you mentioned in a previous message.
What did you do to get rcConnect to succeed?
Kory
01/17/2018 11:09:32 01/17/2018 21:09:32 krbtgt/DATADELIK...@DATADELIKATESSER.SE
renew until 01/24/2018 11:09:29, Etype (skey, tkt): arcfour-hmac, aes256-cts-hmac-sha1-96
01/17/2018 11:09:44 01/17/2018 21:09:32 cifs/ISA...@DATADELIKATESSER.SE
Reply all
Reply to author
Forward
0 new messages