[one-users] sunstone auth problem
Robert Parrott
parrott at seas.harvard.edu
Thu Apr 14 10:18:06 PDT 2011
Hi Daniel et.al.,
nokigiri was installed, as per the installation documentation:
[root ~]# ls -ld /usr/lib/ruby/gems/1.8/gems/noko*
drwxr-xr-x 4 root root 4096 Apr 8 14:07
/usr/lib/ruby/gems/1.8/gems/nokogiri-1.3.1
Is there somehing that needs to be done in order to ensure that it it
used instead of the default REXML?
Rob
On Thu, Apr 14, 2011 at 5:07 AM, Daniel Molina <dmolina at opennebula.org> wrote:
> I think the problem is the ruby version, are you using the default
> REXML gem? if so, would you mind to try installing the nokogiri gem
> (and restart both one and sunstone). If this gem is installed
> OpenNebula will use it instead of REXML.
>
> $ gem install nokogiri.
>
> Hope this helps
>
> On 14 April 2011 00:08, Robert Parrott <parrott at seas.harvard.edu> wrote:
>> Hi Folks,
>>
>> A little more investigation, and I've confirmed that the issue is with
>> the sunstone code or with some sort of XML parsing issues,
>>
>> I can call the "to_xml" method on the user_pool object (again in
>> SunstoneServer.authorize() method of file SunstoneServer.rb), and I
>> see the proper XML output, the same as if I execute "oneuser list -x"
>> on the command line. So the data is there in sunstone.
>>
>> However, the query on the XML returns "nil" when in fact the user is
>> there. I.e. in the sunstone source referred to above, the line
>>
>> user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
>>
>> returns "nil" whether or not the data is correct and present. So it
>> seems that the XPath query, or the XML query library is broken.
>>
>> Here's an example of a session, with tons of debugging thrown in:
>>
>> user = testuser
>> sha1_pass = 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
>> user_pool.info = nil
>> user_pass = nil
>> user_pool = #<OpenNebula::UserPool:0x2b6281b765d8>
>> UserPool methods =
>> mapmethodsinstance_evalany?to_setsortdupmininstance_variablesinclude?instance_of?to_yaml_propertiesextenddclonepretty_inspecteql?namefind_alleachpretty_print_cycleto_jsonhashidsingleton_methodseach_elementinjecttaintsort_byinstance_variable_getfrozen?has_elements?pretty_printmaxkind_of?methodselectto_adisplayto_xmltypeinitialize_xmlprotected_methodsto_strpartitionpretty_print_inspectgrepinstance_variable_settextis_a?respond_to?to_srejectattrobject_idclassprivate_methods==tainted?__id__===member?to_hashuntaintnil?template_strfindeach_with_indextaguriinspectsendcollectall?pretty_print_instance_variablesinfo=~clonetaguri=retrieve_elementsentriespublic_methods__send__freezeequal?template_like_strdetectfactoryzip[]to_yamlto_yaml_style
>> user_pool as XML = <USER_POOL>
>> <USER>
>> <ID>0</ID>
>> <NAME>oneadmin</NAME>
>> <PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD>
>> <ENABLED>1</ENABLED>
>> </USER>
>> <USER>
>> <ID>1</ID>
>> <NAME>testuser</NAME>
>> <PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD>
>> <ENABLED>1</ENABLED>
>> </USER>
>> </USER_POOL>
>> USER object static string =
>> 0oneadmin5baa61e4c9b93f3f0682250b6cf8331b7ee68fd811testuser5baa61e4c9b93f3f0682250b6cf8331b7ee68fd81
>> USER/NAME = oneadmintestuser
>> USER/PASSWORD =
>> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd85baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
>> USER/ID = 01
>> USER[NAME="testuser"] = nil
>>
>> Assuming that the query is correct, I guess there's an issue in a
>> parser library. Further input is greatly appreciated.
>>
>> Rob
>>
>>
>>
>>
>>
>> On Wed, Apr 13, 2011 at 2:21 PM, Robert Parrott
>> <parrott at seas.harvard.edu> wrote:
>>> I've added some debugging to the sunstone, and see the following behavior.
>>>
>>> 1) In the build-session method of the sunstone-server.rb, the username
>>> and password are properly passwd into the server, and the SHA1 hash
>>> calculated is what is expected.
>>>
>>> 2) In the SunstoneServer.authorize() method in the file
>>> SunstoneServer.rb, the username and sha1 hash are passed into the
>>> method properly, but the query to the UserPool object,
>>>
>>> user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
>>>
>>> returns "nil."
>>>
>>> Thus it is the communication with the oned where the problem lies.
>>>
>>> 3) In the oned.log file, I see that the method UserPoolInfo method is
>>> executed as soon as there is a login attempt from sunstone:
>>>
>>> ==> /var/log/one/oned.log <==
>>> Wed Apr 13 14:11:06 2011 [ReM][D]: UserPoolInfo method invoked
>>>
>>>
>>>
>>> I've wiped the installation and reinstalled afresh, but with the same
>>> error. The system is a CentOS 5.5 installation, ruby v1.8.5.
>>>
>>>
>>> Thanks,
>>> rob
>>>
>>
>>
>>
>> --
>> Robert E. Parrott, Ph.D. (Phys. '06)
>> Director, Academic and Research Computing
>> Harvard University Sch. of Eng. and App. Sci.
>> Maxwell-Dworkin 211,
>> 33 Oxford St.
>> Cambridge, MA 02138
>> (617)-496-1520
>>
>
>
>
> --
> Daniel Molina, Cloud Technology Engineer/Researcher
> Major Contributor
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org | dmolina at opennebula.org
>
--
Robert E. Parrott, Ph.D. (Phys. '06)
Director, Academic and Research Computing
Harvard University Sch. of Eng. and App. Sci.
Maxwell-Dworkin 211,
33 Oxford St.
Cambridge, MA 02138
(617)-496-1520
More information about the Users
mailing list