Uploaded image for project: 'StoRM'
  1. StoRM
  2. STOR-1439

Enabling security.enable.mapping causes failures for all users whose DN is not contained in the grid-mapfile

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major Major
    • 1.12.0
    • 1.11.21
    • frontend, puppet-modules
    • Security Level: Public (Visbile by non-authn users.)
    • None

      Enabling security.enable.mapping:

      class { 'storm::frontend':
  ...
  security_enable_mapping => true,
}

      causes a lot of cgsi-gsoap failures because it fails on mapping users through the grid-mapfile:

      StoRM Frontend's log:

      06/08 12:04:15.458 Thread 0 -  INFO [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : Connection from 131.154.100.192
06/08 12:04:15.458 Thread 0 -  DEBUG2 [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : -- Start soap_serve
06/08 12:04:15.472 Thread 0 -  DEBUG2 [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : End soap_serve
06/08 12:04:15.472 Thread 0 -  DEBUG2 [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : Start soap_destroy
06/08 12:04:15.472 Thread 0 -  DEBUG2 [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : End soap_destroy
06/08 12:04:15.472 Thread 0 -  DEBUG2 [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : Start soap_end
06/08 12:04:15.472 Thread 0 -  DEBUG2 [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : End soap_end
06/08 12:04:15.472 Thread 0 -  DEBUG2 [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : Start soap_free
06/08 12:04:15.472 Thread 0 -  DEBUG2 [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : End soap_free
06/08 12:04:15.472 Thread 0 -  DEBUG [46be5056-ee90-4161-bba6-3b52fc80a7a3]: process_request : -- END process_request [took 15068 us]

      cgsi-gsoap tracefile:

      ### Establishing new context !
Server accepting context with flags: 33d
The server is:</DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=omii005-vm03.cnaf.infn.it>
================= RECVING: 301
================= SENDING: 6802
================= RECVING: 5528
================= RECVING: 75
================= RECVING: 141
================= RECVING: 6
================= RECVING: 45
================= SENDING: 3938
================= RECVING: 30
The client is:</C=IT/O=IGI/CN=test0>
retrieve_userca_and_voms_creds: got VO test.vo
retrieve_userca_and_voms_creds: got FQAN /test.vo/Role=NULL/Capability=NULL
retrieve_userca_and_voms_creds: got FQAN /test.vo/G1/Role=NULL/Capability=NULL
retrieve_userca_and_voms_creds: got FQAN /test.vo/G2/Role=NULL/Capability=NULL
retrieve_userca_and_voms_creds: got FQAN /test.vo/G2/G3/Role=NULL/Capability=NULL
deleg_cred 0
Could not find mapping for: /C=IT/O=IGI/CN=test0
<Sending SOAP Packet>-------------
HTTP/1.1 500 Internal Server Error
Server: gSOAP/2.8
Content-Type: text/xml; charset=utf-8
Content-Length: 512
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ns1="http://srm.lbl.gov/StorageResourceManager"><faultcode>SOAP-ENV:Server</faultcode><faultstring>CGSI-gSOAP running on omii005-vm03.cnaf.infn.it reports Could not find mapping for: /C=IT/O=IGI/CN=test0</faultstring></SOAP-ENV:Fault>
----------------------------------
================= SENDING: 677

      Adding:

      "/C=IT/O=IGI/CN=test0" .tstvo

      to the /etc/grid-security/grid-mapfile could solve this issue.
      Anyway the evaluated solution is to remove this check from StoRM Frontend (and StoRM Puppet Module).

            Unassigned Unassigned
            vianello Enrico Vianello
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: