Uploaded image for project: 'FTS'
  1. FTS
  2. FTS-463

SSL_SERVER_S_DN and Credentials.user_dn provide different formats in Centos7

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: fts 3.4.1
    • Fix Version/s: fts 3.5.0
    • Component/s: REST API
    • Security Level: Public Data (This ticket is visible to anyone on the internet and will be indexed by search engines)
    • Labels:
      None

      Description

      When we run the command whoami by being root, REST do not identify root since the dn strings have different formats in Centos7.

      Example:
      curl --cert "/etc/grid-security/hostcert.pem" --key "/etc/grid-security/hostkey.pem" --capath "/etc/grid-security/certificates" https://s3-centos7.cern.ch:8446/whoami

      {"dn": ["/DC=ch/DC=cern/OU=computers/CN=s3-centos7.cern.ch"], "vos_id": ["2eb294a6-ea45-5ff6-a6ed-df071b2b3902"], "roles": [], "delegation_id": "5d04877f4a0ffe16", "user_dn": "/DC=ch/DC=cern/OU=computers/CN=s3-centos7.cern.ch", "level":

      {"transfer": "vo"}

      , "is_root": false, "base_id": "01874efb-4735-4595-bc9c-591aef8240c9", "vos": ["s3-centos7.cern.ch@cern.ch"], "voms_cred": [], "method": "certificate"}[root@s3-centos7 Public]#

      Writing the logs you see different formats:
      16:35:49,877 INFO [ssl] Host dn: CN=s3-centos7.cern.ch,OU=computers,DC=cern,DC=ch
      16:35:49,877 INFO [ssl] Credentials user_dn: /DC=ch/DC=cern/OU=computers/CN=s3-centos7.cern.ch

      In the code:
      host_dn = env.get('SSL_SERVER_S_DN', None)
      logging.debug("Host dn: "+str(host_dn))
      logging.debug("Credentials user_dn: "+str(credentials.user_dn))
      if host_dn and host_dn == credentials.user_dn:
      credentials.is_root = True
      return True

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                marsuaga Maria Arsuaga Rios
                Reporter:
                marsuaga Maria Arsuaga Rios
                Component Watchers:
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: