Hi Derek,
Well, that sounds like a bug. Could you give me a stack trace? Anyway,
when you use "++" the "add" entry is called and that one is given the
previously stacked plugin address. Which code are you working with (i.e.
give me a url)?
Andy
On Mon, 4 Jan 2021, Derek Weitzel wrote:
> @abh3 continuing this debugging.
>
> I think there is a fundamental mis-understanding on the expected new behavior in the SciTokens plugin with pass through authorization. I have been running test on the rc4, with no token given.
>
> ## Scenerio 1:
> The configuration line is specified like:
> ```ofs.authlib libXrdAccSciTokens.so config=/run/stash-origin-auth/scitokens.conf```
>
> In this case, the scitokens library returns a failure because there is no token in the request, which is correct. It tries to ?pass through? the authorization, but there is no chained authorization so it returns XrdAccPriv_None
> https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/src/XrdAccSciTokens.cc#L488
>
> It appears that XRootD then returns failure to the client. The old behavior was to then go to the Authfile, I believe.
>
> ## Scenerio 2:
> The configuration line is specified like:
> ```ofs.authlib ++ libXrdAccSciTokens.so config=/run/stash-origin-auth/scitokens.conf```
>
> It tries to ?pass through? the authorization, and there is an object passed through the chain, but it immediately segfaults when trying to call ?Access? on the chained auth.
> https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/src/XrdAccSciTokens.cc#L488
>
>
> --
> You are receiving this because you were mentioned.
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/issues/1353#issuecomment-754278299
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/1353#issuecomment-754280014",
"url": "https://github.com/xrootd/xrootd/issues/1353#issuecomment-754280014",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1