Closed jthiltges closed 7 months ago
Great issue description. Since you did all this work already, do you have a suggested fix?
Fair question! I didn't... but spent a little more time poking and might now. I suspect the issue is that the anonymous user gets a macaroon without a username. Then nothing is set for the request.name
.
If we have no secEnv
and the request.name
is unset, we need to treat it as anonymous. I'm not sure of a clean way to handle this. We could extend UserSentry(const std::string username
to treat an empty username string as anonymous.
following the pattern of UserSentry(const XrdSecEntity *client
above
When it doesn't have a credential, gfal-sum appears to retrieve a macaroon, then uses it to contact the server. This causes a segfault.
If the incoming request doesn't have a username, the
sentryPtr
is returned as a nullptr https://github.com/opensciencegrid/xrootd-multiuser/blob/c50f8cb33921907fb32e4e8f1dda96da1261017a/src/multiuser.cpp#L246-L249Then
sentryPtr->IsValid()
hits the nullptr and segfaults https://github.com/opensciencegrid/xrootd-multiuser/blob/c50f8cb33921907fb32e4e8f1dda96da1261017a/src/multiuser.cpp#L259-L260Backtrace segfault
``` Thread 5 "xrootd" received signal SIGSEGV, Segmentation fault. MultiuserChecksum::Calc (this=Reproducing
To reproduce, make an unauthenticated request with gfal-sum
Environment
Further debugging
Setting a breakpoint on MultiuserChecksum::GenerateUserSentry and submitting an unauthenticated checksum request with gfal-sum, we get two breakpoint hits. The first time,
env->secEnv()
is defined,m_is_anonymous
gets set, and thesentryPtr
is assigned as expected. https://github.com/opensciencegrid/xrootd-multiuser/blob/c50f8cb33921907fb32e4e8f1dda96da1261017a/src/UserSentry.hh#L77-L78Backtrace 1
``` (gdb) bt #0 MultiuserChecksum::GenerateUserSentry (env=0x7f87b4891d40, this=0x150b040) at /usr/src/debug/xrootd-multiuser-2.1.2-1.osg36.el8.x86_64/src/multiuser.cpp:242 #1 MultiuserChecksum::Get (this=0x150b040, Xfn=0x7f87a0008000 "/store/hello_world.txt", Cks=...) at /usr/src/debug/xrootd-multiuser-2.1.2-1.osg36.el8.x86_64/src/multiuser.cpp:282 #2 0x00007f87b8f4a9b4 in XrdOfs::chksum (this=0x7f87b91cbc40But then there's a second breakpoint hit--from the same client request--and the env hash is empty, leading to the segfault.
Backtrace 2
``` #0 MultiuserChecksum::GenerateUserSentry (env=0x7f87b4893290, this=0x150b040) at /usr/src/debug/xrootd-multiuser-2.1.2-1.osg36.el8.x86_64/src/multiuser.cpp:241 #1 MultiuserChecksum::Calc (this=0x150b040, Xfn=0x7f87a0012f60 "/store/hello_world.txt", Cks=..., doSet=1) at /usr/src/debug/xrootd-multiuser-2.1.2-1.osg36.el8.x86_64/src/multiuser.cpp:259 #2 0x00007f87b8f4aa07 in XrdOfs::chksum (this=0x7f87b91cbc40