search

cern-fts / davix

High-performance file management over WebDAV / HTTP
GNU Lesser General Public License v2.1
84 stars 36 forks source link

[0.7.6.200.3c48eab] davix-get failing auth with DAVIX_USE_LIBCURL #71

Closed chaen closed 3 years ago

chaen commented 3 years ago

Hi,

there seems to be an auth problem when running davix-get with DAVIX_USE_LIBCURL

[root@d1b4129fd75a davix]# davix-get  --capath /etc/grid-security/certificates/ --cert $X509_USER_PROXY https://lhcbwebdav-kit.gridka.de:2880/pnfs/gridka.de/lhcb/LHCb_USER/lhcb/user/c/chaen/zozo.xml zozo.xml
[root@d1b4129fd75a davix]# export DAVIX_USE_LIBCURL=1
[root@d1b4129fd75a davix]# davix-get  --capath /etc/grid-security/certificates/ --cert $X509_USER_PROXY https://lhcbwebdav-kit.gridka.de:2880/pnfs/gridka.de/lhcb/LHCb_USER/lhcb/user/c/chaen/zozo.xml zozo.xml
(Davix::HttpRequest) Error: Result HTTP 401 : Authentification Error  after 3 attempts

This is done on a cern/cc7-base docker container with the lcg-CA and the following davix rpms

https://storage-ci.web.cern.ch/storage-ci/davix/devel/el7/x86_64/davix-0.7.6.200.3c48eab-1.el7.cern.x86_64.rpm
https://storage-ci.web.cern.ch/storage-ci/davix/devel/el7/x86_64/davix-devel-0.7.6.200.3c48eab-1.el7.cern.x86_64.rpm
https://storage-ci.web.cern.ch/storage-ci/davix/devel/el7/x86_64/davix-libs-0.7.6.200.3c48eab-1.el7.cern.x86_64.rpm
https://storage-ci.web.cern.ch/storage-ci/davix/devel/el7/x86_64/davix-debuginfo-0.7.6.200.3c48eab-1.el7.cern.x86_64.rpm
https://storage-ci.web.cern.ch/storage-ci/davix/devel/el7/x86_64/davix-doc-0.7.6.200.3c48eab-1.el7.cern.noarch.rpm

Here is an extract of the debug logs that keeps repeating

DAVIX(socket): ssl: Initialized OpenSSL thread-safety callbacks for 41 locks.

DAVIX(core): HTTP/SSL Session caching ENABLED
DAVIX(core): Redirection Session caching ENABLED
DAVIX(core): libdavix path /lib64/libdavix.so.0, version: 0.7.6.200.3c48eab
DAVIX(chain):  -> readToFd
DAVIX(chain): request size 0
DAVIX(http): Create HttpRequest for https://lhcbwebdav-kit.gridka.de:2880/pnfs/gridka.de/lhcb/LHCb_USER/lhcb/user/c/chaen/zozo.xml
DAVIX(http):  -> negotiateRequest
DAVIX(http): NEON start internal request
DAVIX(http): add CA PATH /etc/grid-security/certificates/

< GET /pnfs/gridka.de/lhcb/LHCb_USER/lhcb/user/c/chaen/zozo.xml HTTP/1.1
< Host: lhcbwebdav-kit.gridka.de:2880
< Accept: */*
< User-Agent: libdavix/0.7.6.200.3c48eab libcurl/7.69.0-DEV

> HTTP/1.1 401 login failed
> Date: Fri, 06 Aug 2021 09:06:53 GMT
> Server: dCache/6.2.24
> WWW-Authenticate: Basic realm=""
> Cache-Control: must-revalidate,no-cache,no-store
> Content-Type: text/html;charset=iso-8859-1
> Content-Length: 379
DAVIX(http):  ->  Error when using reycling of session/redirect : cancel and try again
DAVIX(http):  -> negotiateRequest
mpatrascoiu commented 3 years ago

Hello Chris,

I had a look and the quick workaround is to add -P grid to the command.

The underlying issue is that libcurl requests don't load the certificate via callback functions. I have a fix in the works for that.

Cheers, Mihai

mpatrascoiu commented 3 years ago

Tracked in JIRA: DMC-1279 Fix implemented for release 0.8.1.

Closing ticket.