Closed jnimoth closed 11 months ago
Some addition to the problem/issue:
I tested again today on another system (MacOS). While testing, I realized that the .irodsA
file is generated when running the gocmd init
to its completion after entering the password.
I adjusted the generated irods_environment.json
afterwards in this way:
{
"irods_authentication_scheme": "PAM",
"irods_client_server_negotiation": "request_server_negotiation",
"irods_client_server_policy": "CS_NEG_REQUIRE",
"irods_host": "<servername>",
"irods_port": 1247,
"irods_user_name": "<username>",
"irods_zone_name": "<zonename> ",
"irods_default_resource": "rootResc",
"irods_encryption_algorithm": "AES-256-CBC",
"irods_encryption_key_size": 32,
"irods_encryption_num_hash_rounds": 16,
"irods_encryption_salt_size": 8,
"irods_ssl_ca_certificate_file": "/etc/ssl/cert.pem"
}
According to gocmd env
, it also seems as everything is properly recognized:
jelte@Jeltes-iMac-Pro \~ % ./gocmd env
+------------------------------------+------------------------------------------------+|
iRODS Session Environment File | /Users/jelte/.irods/irods_environment.json.879 ||
iRODS Environment File | /Users/jelte/.irods/irods_environment.json ||
iRODS Host | <servername> ||
iRODS Port | 1247 ||
iRODS Zone | <zonename> ||
iRODS Username | <username> ||
iRODS Default Resource | rootResc ||
iRODS Authentication Scheme | PAM ||
iRODS Client Server Negotiation | request_server_negotiation ||
iRODS Client Server Policy | CS_NEG_REQUIRE ||
iRODS SSL CA Certification File | /etc/ssl/cert.pem ||
iRODS SSL Encryption Key Size | 32 ||
iRODS SSL Encryption Key Algorithm | AES-256-CBC ||
iRODS SSL Encryption Salt Size | 8 ||
iRODS SSL Encryption Hash Rounds | 16 |
+------------------------------------+------------------------------------------------+
But when trying to run a command, I get:
jelte@Jeltes-iMac-Pro \~ % ./gocmd ls -d
DEBU[2023-09-01 17:35:36.333\] use sessionID - 879 function=ProcessCommonFlags package=flag
DEBU[2023-09-01 17:35:36.333\] reading config file/dir - /Users/jelte/.irods function=LoadConfigFromFile package=commons
DEBU[2023-09-01 17:35:36.333\] reading icommands environment file - /Users/jelte/.irods/irods_environment.json function=LoadConfigFromFile package=commons
DEBU[2023-09-01 17:35:36.333\] Connecting to <servername>:1247 function=Connect package=connection struct=IRODSConnection
DEBU[2023-09-01 17:35:36.352\] Start up a connection with CS Negotiation function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-01 17:35:36.604\] Start up CS Negotiation function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-01 17:35:36.604\] Client policy - CS_NEG_REQUIRE, server policy - CS_NEG_DONT_CARE function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-01 17:35:36.606\] Start up SSL function=sslStartup package=connection struct=IRODSConnection
DEBU[2023-09-01 17:35:36.627\] Logging in using native authentication method function=loginNative package=connection struct=IRODSConnection
ERRO[2023-09-01 17:35:37.985\] failed to login to irods:
github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).Connect
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/connection/connection.go:244
- received irods authentication error (CAT_INVALID_AUTHENTICATION):
github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).login
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/connection/connection.go:459
- authentication failed:
github.com/cyverse/go-irodsclient/irods/types.init
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/types/error.go:14 function=Connect package=connection struct=IRODSConnection
ERRO[2023-09-01 17:35:37.986\] failed to get iRODS FS Client:
github.com/cyverse/gocommands/cmd/subcmd.processLsCommand
/github/workspace/cmd/subcmd/ls.go:57
- failed to create connection pool:
github.com/cyverse/go-irodsclient/irods/session.NewIRODSSession
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/session/session.go:69
- failed to init connection pool:
github.com/cyverse/go-irodsclient/irods/session.NewConnectionPool
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/session/pool.go:54
- failed to connect to irods server:
github.com/cyverse/go-irodsclient/irods/session.(*ConnectionPool).init
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/session/pool.go:148
- failed to login to irods:
github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).Connect
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/connection/connection.go:244
- received irods authentication error (CAT_INVALID_AUTHENTICATION):
github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).login
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/connection/connection.go:459
- authentication failed:
github.com/cyverse/go-irodsclient/irods/types.init
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/types/error.go:14 function=main package=main
Authentication failed!
Moreover:
pam_password
or pam
instead of PAM
in the config file, but that did not help either. I think there's a hidden bug in icommands password file (.irodsA) handling. Can you quick check if gocommands works after iinit
? Then, try gocmd init
then try ils
to verify if gocommands created the password file correctly.
Last time, I got a report that gocommands generates the password file incorrectly sometimes. Even with the same password, many times it worked, but rarely it didn't work. I guess there's a bug in password file encryption algorithm. Just want to get your confirmation if this is the same issue.
Thanks for the report!
I think you might be correct to assume that it is somehow related to the generation of the .irodsA file.
Okay, so I have this ~/.irods/irods_environment.json
file inititally:
$ cat irods_environment.json
{
"irods_authentication_scheme": "PAM",
"irods_client_server_negotiation": "request_server_negotiation",
"irods_client_server_policy": "CS_NEG_REQUIRE",
"irods_ssl_ca_certificate_file": "/etc/ssl/certs/ca-certificates.crt",
"irods_default_resource": "rootResc",
"irods_encryption_algorithm": "AES-256-CBC",
"irods_encryption_key_size": 32,
"irods_encryption_num_hash_rounds": 16,
"irods_encryption_salt_size": 8,
"irods_host": "<server>",
"irods_port": 1247,
"irods_ssl_verify_server": "cert",
"irods_user_name": "<user>",
"irods_zone_name": "rug"
}
When I execute gocmd env
at this point, I see:
$ v0.7.6/gocmd env
+------------------------------------+-------------------------------------------------+
| iRODS Session Environment File | /home/jelte/.irods/irods_environment.json.77517 |
| iRODS Environment File | /home/jelte/.irods/irods_environment.json |
| iRODS Host | |
| iRODS Port | 1247 |
| iRODS Zone | |
| iRODS Username | |
| iRODS Default Resource | |
| iRODS Authentication Scheme | native |
| iRODS Client Server Negotiation | |
| iRODS Client Server Policy | CS_NEG_REFUSE |
| iRODS SSL CA Certification File | |
| iRODS SSL Encryption Key Size | 32 |
| iRODS SSL Encryption Key Algorithm | AES-256-CBC |
| iRODS SSL Encryption Salt Size | 8 |
| iRODS SSL Encryption Hash Rounds | 16 |
+------------------------------------+-------------------------------------------------+
iinit
, then gocommands
If I now run iinit
, the following happens:
$ iinit
Enter your current PAM password:
$ v0.7.6/gocmd env
+------------------------------------+-------------------------------------------------+
| iRODS Session Environment File | /home/jelte/.irods/irods_environment.json.75567 |
| iRODS Environment File | /home/jelte/.irods/irods_environment.json |
| iRODS Host | <server> |
| iRODS Port | 1247 |
| iRODS Zone | rug |
| iRODS Username | <user> |
| iRODS Default Resource | rootResc |
| iRODS Authentication Scheme | PAM |
| iRODS Client Server Negotiation | request_server_negotiation |
| iRODS Client Server Policy | CS_NEG_REQUIRE |
| iRODS SSL CA Certification File | /etc/ssl/certs/ca-certificates.crt |
| iRODS SSL Encryption Key Size | 32 |
| iRODS SSL Encryption Key Algorithm | AES-256-CBC |
| iRODS SSL Encryption Salt Size | 8 |
| iRODS SSL Encryption Hash Rounds | 16 |
+------------------------------------+-------------------------------------------------+
So the information about the environment are now filled in and the other gocommands
also work.
The ~/.irods/.irodsA
file exists at this point.
If I now run iexit full
, I get the following:
$ iexit full
$ v0.7.6/gocmd env
+------------------------------------+-------------------------------------------------+
| iRODS Session Environment File | /home/jelte/.irods/irods_environment.json.75567 |
| iRODS Environment File | /home/jelte/.irods/irods_environment.json |
| iRODS Host | |
| iRODS Port | 1247 |
| iRODS Zone | |
| iRODS Username | |
| iRODS Default Resource | |
| iRODS Authentication Scheme | native |
| iRODS Client Server Negotiation | |
| iRODS Client Server Policy | CS_NEG_REFUSE |
| iRODS SSL CA Certification File | |
| iRODS SSL Encryption Key Size | 32 |
| iRODS SSL Encryption Key Algorithm | AES-256-CBC |
| iRODS SSL Encryption Salt Size | 8 |
| iRODS SSL Encryption Hash Rounds | 16 |
+------------------------------------+-------------------------------------------------+
So the environment is again not filled in.
After iexit full
, the .irodsA
file did also get removed.
gocmd init
, then test iinit
If I run gocmd init
now, the program asks me for different values and displays as standard the cyverse/iplant entries:
$ v0.7.6/gocmd init
iRODS Host [data.cyverse.org]: <server>
iRODS Port [1247]:
iRODS Zone [iplant]: rug
iRODS Username: <user>
iRODS Password: [typed and confirmed user password]
After filling in all the values, I get the following file:
$ cat ~/.irods/irods_environment.json
{
"irods_authentication_scheme": "native",
"irods_client_server_policy": "CS_NEG_REFUSE",
"irods_host": "<server>",
"irods_port": 1247,
"irods_user_name": "<user>",
"irods_zone_name": "rug",
"irods_encryption_algorithm": "AES-256-CBC",
"irods_encryption_key_size": 32,
"irods_encryption_num_hash_rounds": 16,
"irods_encryption_salt_size": 8
}⏎
Which I now again modify to have the information also contained the in environment file above (so for PAM etc.) like:
$ cat ~/.irods/irods_environment.json
{
"irods_authentication_scheme": "pam",
"irods_client_server_negotiation": "request_server_negotiation",
"irods_client_server_policy": "CS_NEG_REQUIRE",
"irods_ssl_ca_certificate_file": "/etc/ssl/certs/ca-certificates.crt",
"irods_default_resource": "rootResc",
"irods_ssl_verify_server": "cert",
"irods_host": "<server>",
"irods_port": 1247,
"irods_user_name": "<user>",
"irods_zone_name": "rug",
"irods_encryption_algorithm": "AES-256-CBC",
"irods_encryption_key_size": 32,
"irods_encryption_num_hash_rounds": 16,
"irods_encryption_salt_size": 8
}
Also, when I now execute gocmd env
, everything looks okay on first sight:
$ v0.7.6/gocmd env
+------------------------------------+-------------------------------------------------+
| iRODS Session Environment File | /home/jelte/.irods/irods_environment.json.75567 |
| iRODS Environment File | /home/jelte/.irods/irods_environment.json |
| iRODS Host | <server> |
| iRODS Port | 1247 |
| iRODS Zone | rug |
| iRODS Username | <user> |
| iRODS Default Resource | rootResc |
| iRODS Authentication Scheme | pam |
| iRODS Client Server Negotiation | request_server_negotiation |
| iRODS Client Server Policy | CS_NEG_REQUIRE |
| iRODS SSL CA Certification File | /etc/ssl/certs/ca-certificates.crt |
| iRODS SSL Encryption Key Size | 32 |
| iRODS SSL Encryption Key Algorithm | AES-256-CBC |
| iRODS SSL Encryption Salt Size | 8 |
| iRODS SSL Encryption Hash Rounds | 16 |
+------------------------------------+-------------------------------------------------+
I can also see that an ~/.irods/.irodsA
file was created!
But running commands does not work
$ v0.7.6/gocmd ls -d
DEBU[2023-09-04 16:39:02.813] use sessionID - 75567 function=ProcessCommonFlags package=flag
DEBU[2023-09-04 16:39:02.813] reading config file/dir - /home/jelte/.irods function=LoadConfigFromFile package=commons
DEBU[2023-09-04 16:39:02.813] reading icommands environment file - /home/jelte/.irods/irods_environment.json function=LoadConfigFromFile package=commons
DEBU[2023-09-04 16:39:02.813] Connecting to <server>:1247 function=Connect package=connection struct=IRODSConnection
DEBU[2023-09-04 16:39:02.820] Start up a connection with CS Negotiation function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-04 16:39:03.065] Start up CS Negotiation function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-04 16:39:03.065] Client policy - CS_NEG_REQUIRE, server policy - CS_NEG_DONT_CARE function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-04 16:39:03.068] Start up SSL function=sslStartup package=connection struct=IRODSConnection
DEBU[2023-09-04 16:39:03.084] Logging in using native authentication method function=loginNative package=connection struct=IRODSConnection
ERRO[2023-09-04 16:39:04.482] failed to login to irods:
github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).Connect
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/connection/connection.go:244
- received irods authentication error (CAT_INVALID_AUTHENTICATION):
github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).login
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/connection/connection.go:459
- authentication failed:
github.com/cyverse/go-irodsclient/irods/types.init
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/types/error.go:14 function=Connect package=connection struct=IRODSConnection
ERRO[2023-09-04 16:39:04.482] failed to get iRODS FS Client:
github.com/cyverse/gocommands/cmd/subcmd.processLsCommand
/github/workspace/cmd/subcmd/ls.go:57
- failed to create connection pool:
github.com/cyverse/go-irodsclient/irods/session.NewIRODSSession
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/session/session.go:69
- failed to init connection pool:
github.com/cyverse/go-irodsclient/irods/session.NewConnectionPool
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/session/pool.go:54
- failed to connect to irods server:
github.com/cyverse/go-irodsclient/irods/session.(*ConnectionPool).init
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/session/pool.go:148
- failed to login to irods:
github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).Connect
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/connection/connection.go:244
- received irods authentication error (CAT_INVALID_AUTHENTICATION):
github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).login
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/connection/connection.go:459
- authentication failed:
github.com/cyverse/go-irodsclient/irods/types.init
/go/pkg/mod/github.com/cyverse/go-irodsclient@v0.12.7/irods/types/error.go:14 function=main package=main
Authentication failed!
Also when trying an icommand
now, like ils
gives the CAT_INVALID_AUTHENTICATION
message:
$ ils
[-] /irods_source/plugins/auth_legacy/src/native.cpp:275:irods::error native_auth_client_response(irods::plugin_context &, rcComm_t *) : status [CAT_INVALID_AUTHENTICATION] errno [] -- message [Call to rcAuthResponseFailed.]
failed with error -826000 CAT_INVALID_AUTHENTICATION
I can then run iinit
again (without changing the irods_environment.json
or so). Both programs, icommands
and gocommands
work after that:
$ iinit
Enter your current PAM password:
$ v0.7.6/gocmd ls -d
DEBU[2023-09-04 16:41:39.446] use sessionID - 75567 function=ProcessCommonFlags package=flag
DEBU[2023-09-04 16:41:39.446] reading config file/dir - /home/jelte/.irods function=LoadConfigFromFile package=commons
DEBU[2023-09-04 16:41:39.446] reading icommands environment file - /home/jelte/.irods/irods_environment.json function=LoadConfigFromFile package=commons
DEBU[2023-09-04 16:41:39.446] Connecting to <server>:1247 function=Connect package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:39.452] Start up a connection with CS Negotiation function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:39.692] Start up CS Negotiation function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:39.692] Client policy - CS_NEG_REQUIRE, server policy - CS_NEG_DONT_CARE function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:39.694] Start up SSL function=sslStartup package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:39.710] Logging in using native authentication method function=loginNative package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:40.235] testing connection function=NewIRODSSession package=session
DEBU[2023-09-04 16:41:40.235] Reuse an idle connection function=Get package=session struct=ConnectionPool
DEBU[2023-09-04 16:41:40.235] support parallel upload: true function=checkConnection package=session
DEBU[2023-09-04 16:41:40.235] Returning a connection function=Return package=session struct=ConnectionPool
DEBU[2023-09-04 16:41:40.235] Connecting to <server>:1247 function=Connect package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:40.240] Start up a connection with CS Negotiation function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:40.471] Start up CS Negotiation function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:40.471] Client policy - CS_NEG_REQUIRE, server policy - CS_NEG_DONT_CARE function=connectWithCSNegotiation package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:40.473] Start up SSL function=sslStartup package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:40.492] Logging in using native authentication method function=loginNative package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:41.001] testing connection function=NewIRODSSession package=session
DEBU[2023-09-04 16:41:41.001] Reuse an idle connection function=Get package=session struct=ConnectionPool
DEBU[2023-09-04 16:41:41.001] support parallel upload: true function=checkConnection package=session
DEBU[2023-09-04 16:41:41.001] Returning a connection function=Return package=session struct=ConnectionPool
DEBU[2023-09-04 16:41:41.001] Reuse an idle connection function=Get package=session struct=ConnectionPool
[files and folder listed here]
DEBU[2023-09-04 16:41:41.062] Returning a connection function=Return package=session struct=ConnectionPool
DEBU[2023-09-04 16:41:41.062] Disconnecting the connection function=Disconnect package=connection struct=IRODSConnection
DEBU[2023-09-04 16:41:41.062] Disconnecting the connection function=Disconnect package=connection struct=IRODSConnection
It looks like there are two issues.
.irodsA
file is missing..irodsA
file. The first bug can be easily fixed. I'll work on it as soon as possible. But the second one will take longer. I need a full review of .irodsA
file generation.
I'll keep you posted.
Thanks!
Can you try the new release v0.7.7 and let me know if it fixes the issues?
I tried the new version 0.7.7 today and it seems that the issue is solved!
gocmd init
create the .irodsA
file.
gocommands
do not ask for the password in this case.irodsA
file that was created with gocommands
now works with icommands
if they are also installed. Thanks again!
Hey Illyoung, we have an issue when trying to use
gocommands
and reading the parameters from theirods_environment.json
file. As you know, we are using PAM as authentication scheme.Here our file at
$HOME/.irods/irods_environment.json
:When I now run the gocmmand
env
command, I see:So, it does not have the information from the environment file listed.
When trying the same by explicitly specifying the path to the environment file:
But when I first run the
iinit
command oficommands
, everything directly works (here just shown forenv
, but also the other commands work then):I am not sure if this is now a bug or if I just do not properly configured my
irods_environment.json
file or misunderstand howgocommands
works in connection the theirods_environment.json
file. Might also be similar to the issue #13.I used the current version
v.0.7.6
Thanks!