[one-users] sunstone auth problem
Robert Parrott
parrott at seas.harvard.edu
Wed Apr 13 15:08:48 PDT 2011
Hi Folks,
A little more investigation, and I've confirmed that the issue is with
the sunstone code or with some sort of XML parsing issues,
I can call the "to_xml" method on the user_pool object (again in
SunstoneServer.authorize() method of file SunstoneServer.rb), and I
see the proper XML output, the same as if I execute "oneuser list -x"
on the command line. So the data is there in sunstone.
However, the query on the XML returns "nil" when in fact the user is
there. I.e. in the sunstone source referred to above, the line
user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
returns "nil" whether or not the data is correct and present. So it
seems that the XPath query, or the XML query library is broken.
Here's an example of a session, with tons of debugging thrown in:
user = testuser
sha1_pass = 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
user_pool.info = nil
user_pass = nil
user_pool = #<OpenNebula::UserPool:0x2b6281b765d8>
UserPool methods =
mapmethodsinstance_evalany?to_setsortdupmininstance_variablesinclude?instance_of?to_yaml_propertiesextenddclonepretty_inspecteql?namefind_alleachpretty_print_cycleto_jsonhashidsingleton_methodseach_elementinjecttaintsort_byinstance_variable_getfrozen?has_elements?pretty_printmaxkind_of?methodselectto_adisplayto_xmltypeinitialize_xmlprotected_methodsto_strpartitionpretty_print_inspectgrepinstance_variable_settextis_a?respond_to?to_srejectattrobject_idclassprivate_methods==tainted?__id__===member?to_hashuntaintnil?template_strfindeach_with_indextaguriinspectsendcollectall?pretty_print_instance_variablesinfo=~clonetaguri=retrieve_elementsentriespublic_methods__send__freezeequal?template_like_strdetectfactoryzip[]to_yamlto_yaml_style
user_pool as XML = <USER_POOL>
<USER>
<ID>0</ID>
<NAME>oneadmin</NAME>
<PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD>
<ENABLED>1</ENABLED>
</USER>
<USER>
<ID>1</ID>
<NAME>testuser</NAME>
<PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD>
<ENABLED>1</ENABLED>
</USER>
</USER_POOL>
USER object static string =
0oneadmin5baa61e4c9b93f3f0682250b6cf8331b7ee68fd811testuser5baa61e4c9b93f3f0682250b6cf8331b7ee68fd81
USER/NAME = oneadmintestuser
USER/PASSWORD =
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd85baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
USER/ID = 01
USER[NAME="testuser"] = nil
Assuming that the query is correct, I guess there's an issue in a
parser library. Further input is greatly appreciated.
Rob
On Wed, Apr 13, 2011 at 2:21 PM, Robert Parrott
<parrott at seas.harvard.edu> wrote:
> I've added some debugging to the sunstone, and see the following behavior.
>
> 1) In the build-session method of the sunstone-server.rb, the username
> and password are properly passwd into the server, and the SHA1 hash
> calculated is what is expected.
>
> 2) In the SunstoneServer.authorize() method in the file
> SunstoneServer.rb, the username and sha1 hash are passed into the
> method properly, but the query to the UserPool object,
>
> user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
>
> returns "nil."
>
> Thus it is the communication with the oned where the problem lies.
>
> 3) In the oned.log file, I see that the method UserPoolInfo method is
> executed as soon as there is a login attempt from sunstone:
>
> ==> /var/log/one/oned.log <==
> Wed Apr 13 14:11:06 2011 [ReM][D]: UserPoolInfo method invoked
>
>
>
> I've wiped the installation and reinstalled afresh, but with the same
> error. The system is a CentOS 5.5 installation, ruby v1.8.5.
>
>
> Thanks,
> rob
>
--
Robert E. Parrott, Ph.D. (Phys. '06)
Director, Academic and Research Computing
Harvard University Sch. of Eng. and App. Sci.
Maxwell-Dworkin 211,
33 Oxford St.
Cambridge, MA 02138
(617)-496-1520
More information about the Users
mailing list