[one-users] sunstone auth problem

Daniel Molina dmolina at opennebula.org
Thu Apr 14 02:07:23 PDT 2011


I think the problem is the ruby version, are you using the default
REXML gem? if so, would you mind to try installing the nokogiri gem
(and restart both one and sunstone). If this gem is installed
OpenNebula will use it instead of REXML.

$ gem install nokogiri.

Hope this helps

On 14 April 2011 00:08, Robert Parrott <parrott at seas.harvard.edu> wrote:
> Hi Folks,
>
> A little more investigation, and I've confirmed that the issue is with
> the sunstone code or with some sort of XML parsing issues,
>
> I can call the "to_xml" method on the user_pool object (again in
> SunstoneServer.authorize() method of file SunstoneServer.rb), and I
> see the proper XML output, the same as if I execute "oneuser list -x"
> on the command line. So the data is there in sunstone.
>
> However, the query on the XML returns "nil" when in fact the user is
> there. I.e. in the sunstone source referred to above, the line
>
>  user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
>
> returns "nil" whether or not the data is correct and present. So it
> seems that the XPath query, or the XML query library is broken.
>
> Here's an example of a session, with tons of debugging thrown in:
>
> user = testuser
> sha1_pass = 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> user_pool.info = nil
> user_pass = nil
> user_pool = #<OpenNebula::UserPool:0x2b6281b765d8>
> UserPool methods =
> mapmethodsinstance_evalany?to_setsortdupmininstance_variablesinclude?instance_of?to_yaml_propertiesextenddclonepretty_inspecteql?namefind_alleachpretty_print_cycleto_jsonhashidsingleton_methodseach_elementinjecttaintsort_byinstance_variable_getfrozen?has_elements?pretty_printmaxkind_of?methodselectto_adisplayto_xmltypeinitialize_xmlprotected_methodsto_strpartitionpretty_print_inspectgrepinstance_variable_settextis_a?respond_to?to_srejectattrobject_idclassprivate_methods==tainted?__id__===member?to_hashuntaintnil?template_strfindeach_with_indextaguriinspectsendcollectall?pretty_print_instance_variablesinfo=~clonetaguri=retrieve_elementsentriespublic_methods__send__freezeequal?template_like_strdetectfactoryzip[]to_yamlto_yaml_style
> user_pool as XML = <USER_POOL>
>  <USER>
>    <ID>0</ID>
>    <NAME>oneadmin</NAME>
>    <PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD>
>    <ENABLED>1</ENABLED>
>  </USER>
>  <USER>
>    <ID>1</ID>
>    <NAME>testuser</NAME>
>    <PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD>
>    <ENABLED>1</ENABLED>
>  </USER>
> </USER_POOL>
> USER object static string =
> 0oneadmin5baa61e4c9b93f3f0682250b6cf8331b7ee68fd811testuser5baa61e4c9b93f3f0682250b6cf8331b7ee68fd81
> USER/NAME  = oneadmintestuser
> USER/PASSWORD  =
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd85baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> USER/ID = 01
> USER[NAME="testuser"] = nil
>
> Assuming that the query is correct, I guess there's an issue in a
> parser library. Further input is greatly appreciated.
>
> Rob
>
>
>
>
>
> On Wed, Apr 13, 2011 at 2:21 PM, Robert Parrott
> <parrott at seas.harvard.edu> wrote:
>> I've added some debugging to the sunstone, and see the following behavior.
>>
>> 1) In the build-session method of the sunstone-server.rb, the username
>> and password are properly passwd into the server, and the SHA1 hash
>> calculated is what is expected.
>>
>> 2) In the SunstoneServer.authorize() method in the file
>> SunstoneServer.rb, the username and  sha1 hash are passed into the
>> method properly, but the query to the UserPool object,
>>
>>   user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
>>
>> returns "nil."
>>
>> Thus it is the communication with the oned where the problem lies.
>>
>> 3) In the oned.log file, I see that the method UserPoolInfo method is
>> executed as soon as there is a login attempt from sunstone:
>>
>> ==> /var/log/one/oned.log <==
>> Wed Apr 13 14:11:06 2011 [ReM][D]: UserPoolInfo method invoked
>>
>>
>>
>> I've wiped the installation and reinstalled afresh, but with the same
>> error. The system is a CentOS 5.5 installation, ruby v1.8.5.
>>
>>
>> Thanks,
>> rob
>>
>
>
>
> --
> Robert E. Parrott, Ph.D. (Phys. '06)
> Director, Academic and Research Computing
> Harvard University Sch. of Eng. and App. Sci.
> Maxwell-Dworkin  211,
> 33 Oxford St.
> Cambridge, MA 02138
> (617)-496-1520
>



-- 
Daniel Molina, Cloud Technology Engineer/Researcher
Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | dmolina at opennebula.org



More information about the Users mailing list