I'll look at this in detail in a but, but if you can change your logging
configuration to print some line numbers and class name, that would be most
useful. For example, for log4j, here is what we use by default in GT:
log4j.rootCategory=ERROR, A1
# A1 is set to be a ConsoleAppender.
log4j.appender.A1=org.apache.log4j.ConsoleAppender
# A1 uses PatternLayout.
log4j.appender.A1.layout=org.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} [%t,%M:%L]
%m%n
Rachana
> -----Original Message-----
> From: Neha Sharma [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 19, 2008 11:51 AM
> To: Rachana Ananthakrishnan
> Cc: Neha Sharma; [email protected]
> Subject: Re: [gt-user] Any known limitation
> in"globus_gss_assist_init_sec_context" ??
>
>
> On Aug 19, 2008, at 11:05 AM, Rachana Ananthakrishnan wrote:
>
> >>
> >> This is what is happening on server side: (I have included relevant
> >> code)
> >>
> >> - once server receives request from client, it gets out of the
> >> accept() method call and forks a client thread (passes the
> socket as
> >> an argument)
> >>
> >> server = new ServerSocket(port);
> >> socket = server.accept();
> >> sazInit=new SAZInit(socket,confObject);
> >> SAZClientThread sazClientThread=new SAZClientThread(sazInit);
> >> sazClientThread.start();
> >>
> >> - within this client thread, the first thing it does is obtain an
> >> ExtendedGSSContext (using the servers host cert and host key) and
> >> passes it as an argument to another function
> >> "getGsiServerSocket " . I
> >> have attached file called ANAM.java which contains these functions.
> >
> > This class has an implementation of the handshake itself - is that
> > being
> > used at all?
>
> No, it was used in very early stages of this project but not now.
>
> > Is there a log trace of these calls?
>
> Not at the moment. I will put in as many debug messages as possible
> and send you the output
>
> > It would help better
> > understand flow, rather then correlating this explanation against
> > code.
> >
> >> context = anamObject.getGsiServerContext
> >> (confObject.SAZ_SERVER_CERT,confObject.SAZ_SERVER_KEY);
> >> clientSocket =
> anamObject.getGsiServerSocket(clientSocket,context);
> >
> > How is the clientSocket passed as argumnet here created?
> >
>
> Let me try to explain in more detail..
>
> There are 3 main java classes: (all of which I will send you in
> separate email, along with my phone number, if you think that would
> make debugging faster)
>
> SAZServer.java
> SAZInit.java
> SAZClientThread.java
>
> SAZServer.java - is the main class which brings up the SAZ Server,
> creates a SAZ server configuration object, creates a server side
> socket , listens for client requests, forks a thread (an instance of
> SAZClientThread.java) for each incoming client request etc.
>
> SAZInit.java - basically contains the values for the client socket
> object and the SAZ configuration object
>
> SAZClientThread.java - this is where the main functionality of saz
> server lies - handshake, authorization ,parsing credentials, etc.
>
> Flow
> +++++
> SAZServer class first calls SAZInit (passing it the value of client
> socket and configuration object) and then SAZClientThread class.
> SAZInit is called only once and SAZClientThread.java is called once
> for each incoming client request
>
> SAZClientThread class calls the SAZInit class to get the
> value of SAZ
> configuration object and client socket which have been
> created by the
> SAZ Server.
>
> I am including parts of code for your understanding of the flow below.
>
> SAZServer.java
> ++++++++++++
> try{
> socket = server.accept();
> }catch(IOException e){
> socket.close();
> }
> try{
> sazInit=new SAZInit(socket,confObject);
> SAZClientThread sazClientThread=new SAZClientThread(sazInit);
> PropertyConfigurator.configure("../log/log4j.saz.properties");
> sazClientThread.start();
> }catch (Exception e){
> logger.debug("SAZServer: Exception occured "+e.getMessage());
> System.out.println(e.getMessage());
> }
>
> SAZInit.java
> +++++++++
> public Socket clientSocket;
> public SAZConfiguration confObject;
> /**
> * An object for holding various other objects used for
> authorization.
> * @param clientSocket The socket to which the server is
> connected to.
> * @param confObject An object contanning all the
> fields from
> the configuration file.
> */
> SAZInit(Socket clientSocket,SAZConfiguration confObject){
> this.clientSocket=clientSocket;
> this.confObject=confObject;
> }
>
>
> SAZClientThread.java
> ++++++++++++++++++++
> public SAZClientThread(SAZInit sazInit){
> this.confObject=sazInit.confObject;
> this.clientSocket=sazInit.clientSocket;
> utilObject=new SAZUtil();
> }
>
> NOTE ******* this is how the socket gets passed to the client
>
> public void run(){ try{
> //initialize some variables
> ...
>
> JDKX509CertificateFactory cf=new
> JDKX509CertificateFactory();
>
> context
> =
> anamObject
> .getGsiServerContext
> (confObject.SAZ_SERVER_CERT,confObject.SAZ_SERVER_KEY);
> clientSocket =
> anamObject.getGsiServerSocket(clientSocket,context);
> InetAddress
> remoteHost=clientSocket.getInetAddress();
> ...
> ...
> rwSocket=new ReadWriteSocket(clientSocket);
>
> *****this is where code hangs
>
> ...
> ...
> }
>
>
> >> I believe handshake is being done by function "getGsiClientSocket",
> >> (Socket clientSocket =
> >> GssSocketFactory.getDefault().createSocket(host, port, context);)
> >
> > The code you sent me just creates a socket - I don't see how you
> > expect that
> > handshake is done as part of the above code?
> >
>
> I assumed that this must be the pace where handshake is being done
> (since there is no function named handshake() which was being called
> explicitly anywhere )
> But from your email, looks like the handshake happens when
> getInputStream is invoked..that makes sense as thats where the code
> hangs..
>
> > Enable the following logger to see start and end of handshake
> > messages:
> >
> > log4j.category.org.globus.gsi.gssapi.net=DEBUG
>
>
> I enabled this and only debug output I see is
>
> 2008-08-19 11:35:06 :DEBUG:Thread-0: Handshake start
>
> and then it hangs...
>
> Comparing this with debug output in case of a working proxy, I see
>
> 2008-08-19 11:43:22 :DEBUG:Thread-0: Handshake start
> 2008-08-19 11:43:24 :DEBUG:Thread-0: Handshake end
> 2008-08-19 11:43:24 :DEBUG:Thread-0: Performing authorization.
>
> >
> >>
> >> - then it tries to obtain a input and output stream using
> >> this client socket. This is where it hangs...
> >
> > The getInputStream() in GssSocket() intiates handshake using the
> > startHandshake() method.
> >
> > Can you enable the following logger also to see context
> establishment
> > pieces:
> >
> > log4j.category.org.globus.gsi.gssapi=DEBUG
> >
> > Please send me logs with above logging enabled.
> >
>
> Here they are:
>
> ...
> ...
> 2008-08-19 11:38:47 :DEBUG:Thread-7: Handshake start
> 2008-08-19 11:38:47 :DEBUG:Thread-7: enter acceptSecContext
> 2008-08-19 11:38:47 :DEBUG:Thread-7: put token: 104
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte array: 99
> 2008-08-19 11:38:47 :DEBUG:Thread-7: exit acceptSeContext
> 2008-08-19 11:38:47 :DEBUG:Thread-7: enter acceptSecContext
> 2008-08-19 11:38:47 :DEBUG:Thread-7: put token: 16389
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte array: 16384
> 2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
>
> ...thats it..no more debug output..
>
>
> -Neha
>
>
> > Rachana
> >
> >>
> >> the code which does this is :
> >> rwSocket=new ReadWriteSocket(clientSocket);
> >>
> >> and I have attached file called ReadWriteSocket.java.
> >>
> >> Basically this is what the constructor is doing..
> >>
> >> public ReadWriteSocket(Socket clientSocket){
> >> this.clientSocket=clientSocket;
> >> try{
> >> in=clientSocket.getInputStream();
> >> out=clientSocket.getOutputStream();
> >> reader =new BufferedReader(new
> >> InputStreamReader(in));
> >> writer=new PrintStream(out);
> >> din=new DataInputStream(in);
> >> dout=new DataOutputStream(out);
> >> }catch(IOException e){
> >> System.out.println("Exception "+e);
> >> }
> >> }
> >>
> >> The code hangs on the getInputStream() function...
> >>
> >> I have also tested that if I just try to get input and
> output stream
> >> from the socket object (when it gets created by server and
> is passed
> >> to the thread before globus libraries are used), i can get them.
> >>
> >> So obviously globus libraries are modifying the client socket
> >> in a way
> >> that is causing the problem in case of proxy delegated 5 times and
> >> above..
> >>
> >> At this stage, I am not sure what else I can try at my end and am
> >> looking forward for any support from the Globus folks..
> >>
> >> If you need any other information, please let me know
> >> -Neha
> >>
> >>
> >
>
