Hi Adrian,

It’s better you create an issue in GitHub. Fabrizio is probably the right person to answer your question, once we have a ticket I will point him to it.

Cheers,
Michal

On 3 Nov 2020, at 20:55, Adrian Sevcenco <[log in to unmask]> wrote:

On 11/3/20 5:43 PM, Adrian Sevcenco wrote:
Hi! I just observed on my servers (4.12.3) that http is no longer working (it seems that at one moment it was working)
at this moment when trying with curl i get:
*   Trying 85.120.46.25:1094...
* TCP_NODELAY set
* Connected to storage05.spacescience.ro (85.120.46.25) port 1094 (#0)
> GET //home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c?authz=-----BEGIN+SEALED+CIPHER-----long_auth_envelope-----END+SEALED+ENVELOPE-----%0A HTTP/1.1
> Host: storage05.spacescience.ro:1094
> User-Agent: curl/7.66.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Connection: Close
Connection: Close
< Content-Length: 99
Content-Length: 99
<
Unable to open /home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c; permission denied
and in logs i see:
201103 17:01:34 1572 XrootdBridge: unknown.9:129@[::46.243.114.230] login as nobody
XrdAggregatingN2N processing. buff='/home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c'
Error: nothing could be decrypted
201103 17:01:35 1572 XrdAliceTokenAcc::Access: Unable to read provided authz for /home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c; permission denied
201103 17:01:35 1572 ofs_open: unknown.9:129@[::46.243.114.230] Unable to open /home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c; permission denied
201103 17:01:35 1572 XrootdXeq: unknown.9:129@[::46.243.114.230] disc 0:00:01 (send failure)
e metafile that have a working xrootd path can be found here:
https://cernbox.cern.ch/index.php/s/V21naWT790be6p8
first thing to suspect is that the envelope it was not correctly converted to be used by curl ... is there any facility that would halp with this?
Can be any other problem? (this is 4.12.3 xrootd server)

so, i forgot to add the details about the settings:
the serve settings have this
if exec xrootd
   xrd.protocol http /usr/lib64/libXrdHttp.so
   http.exthandler xrdtpc /usr/lib64/libXrdHttpTPC.so
   http.header2cgi Authorization authz
   http.header2cgi authz authz
   http.listingdeny yes
   http.trace all
fi

and with trace all on the server i see:

sec_PM: Using unix protocol, args=''
--

201103 20:38:39 26982 sysXrdHttp:  rc:38 got hdr line: Host: storage05.spacescience.ro:1094

201103 20:38:39 26982 sysXrdHttp:  rc:25 got hdr line: User-Agent: curl/7.66.0

201103 20:38:39 26982 sysXrdHttp:  rc:13 got hdr line: Accept: */*

201103 20:38:39 26982 sysXrdHttp:  rc:2 got hdr line:

201103 20:38:39 26982 sysXrdHttp:  rc:2 detected header end.
201103 20:38:39 26982 XrootdBridge: unknown.3:98@[::46.243.114.230] login as nobody

So, any idea what i'm missing?
Thanks a lot!
Adrian







########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1


Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1