kofemann
commented
3 years ago @alrossi are you ok if I squash both commits?
Closed alrossi closed 3 years ago
kofemann
commented
3 years ago @alrossi are you ok if I squash both commits?
Motivation:
When doing TPC with authorization tokens, the xrdcp client prepares the path URL it gives to the destination server with two tokens, authz= and tpc.scgi=authz=.
The former is to be used to authorize at the server/door/pool
endpoint, whereas the latter is to used by the TPC client
to authorize against the source.
Currently there is a flaw in the implementation of the TPC client whereby it uses the authz token to communicate
with the source. This problem went undiscovered in
the prototyping of SciToken authorization because the
same configuration was used on both dCache endpoints
(and the vanilla xrootd server implemetation was not yet
available to test).
Modification:
Add the necessary parsing and swap of the query elements in the XrootdTPCInfo object and include the source token on the full path constructed by the XrootdTPCClient.
Result:
Authorization where the tokens/requirements on the source and destination endpoints are distinct now succeeds.
In addition, this correction should make the ALICE xrootd plugin work properly as well.
Target: master Request: 4.0 Patch: https://rb.dcache.org/r/12828/ Acked-by: Tigran Acked-by: Dmitry Acked-by: Paul