Uploaded image for project: 'FTS'
  1. FTS
  2. FTS-463

SSL_SERVER_S_DN and Credentials.user_dn provide different formats in Centos7

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • fts 3.4.1
    • fts 3.5.0
    • REST API
    • Security Level: Public Data (This ticket is visible to anyone on the internet and will be indexed by search engines)
    • None

    Description

      When we run the command whoami by being root, REST do not identify root since the dn strings have different formats in Centos7.

      Example:
      curl --cert "/etc/grid-security/hostcert.pem" --key "/etc/grid-security/hostkey.pem" --capath "/etc/grid-security/certificates" https://s3-centos7.cern.ch:8446/whoami

      {"dn": ["/DC=ch/DC=cern/OU=computers/CN=s3-centos7.cern.ch"], "vos_id": ["2eb294a6-ea45-5ff6-a6ed-df071b2b3902"], "roles": [], "delegation_id": "5d04877f4a0ffe16", "user_dn": "/DC=ch/DC=cern/OU=computers/CN=s3-centos7.cern.ch", "level":

      {"transfer": "vo"}

      , "is_root": false, "base_id": "01874efb-4735-4595-bc9c-591aef8240c9", "vos": ["s3-centos7.cern.ch@cern.ch"], "voms_cred": [], "method": "certificate"}[root@s3-centos7 Public]#

      Writing the logs you see different formats:
      16:35:49,877 INFO [ssl] Host dn: CN=s3-centos7.cern.ch,OU=computers,DC=cern,DC=ch
      16:35:49,877 INFO [ssl] Credentials user_dn: /DC=ch/DC=cern/OU=computers/CN=s3-centos7.cern.ch

      In the code:
      host_dn = env.get('SSL_SERVER_S_DN', None)
      logging.debug("Host dn: "+str(host_dn))
      logging.debug("Credentials user_dn: "+str(credentials.user_dn))
      if host_dn and host_dn == credentials.user_dn:
      credentials.is_root = True
      return True

      Attachments

        Issue Links

          Activity

            People

              marsuaga Maria Arsuaga Rios
              marsuaga Maria Arsuaga Rios
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: