On Aug 19, 2008, at 11:05 AM, Rachana Ananthakrishnan wrote:
This is what is happening on server side: (I have included relevant
code)
- once server receives request from client, it gets out of the
accept() method call and forks a client thread (passes the socket as
an argument)
server = new ServerSocket(port);
socket = server.accept();
sazInit=new SAZInit(socket,confObject);
SAZClientThread sazClientThread=new SAZClientThread(sazInit);
sazClientThread.start();
- within this client thread, the first thing it does is obtain an
ExtendedGSSContext (using the servers host cert and host key) and
passes it as an argument to another function
"getGsiServerSocket " . I
have attached file called ANAM.java which contains these functions.
This class has an implementation of the handshake itself - is that
being
used at all?
No, it was used in very early stages of this project but not now.
Is there a log trace of these calls?
Not at the moment. I will put in as many debug messages as possible
and send you the output
It would help better
understand flow, rather then correlating this explanation against
code.
context = anamObject.getGsiServerContext
(confObject.SAZ_SERVER_CERT,confObject.SAZ_SERVER_KEY);
clientSocket = anamObject.getGsiServerSocket(clientSocket,context);
How is the clientSocket passed as argumnet here created?
Let me try to explain in more detail..
There are 3 main java classes: (all of which I will send you in
separate email, along with my phone number, if you think that would
make debugging faster)
SAZServer.java
SAZInit.java
SAZClientThread.java
SAZServer.java - is the main class which brings up the SAZ Server,
creates a SAZ server configuration object, creates a server side
socket , listens for client requests, forks a thread (an instance of
SAZClientThread.java) for each incoming client request etc.
SAZInit.java - basically contains the values for the client socket
object and the SAZ configuration object
SAZClientThread.java - this is where the main functionality of saz
server lies - handshake, authorization ,parsing credentials, etc.
Flow
+++++
SAZServer class first calls SAZInit (passing it the value of client
socket and configuration object) and then SAZClientThread class.
SAZInit is called only once and SAZClientThread.java is called once
for each incoming client request
SAZClientThread class calls the SAZInit class to get the value of SAZ
configuration object and client socket which have been created by the
SAZ Server.
I am including parts of code for your understanding of the flow below.
SAZServer.java
++++++++++++
try{
socket = server.accept();
}catch(IOException e){
socket.close();
}
try{
sazInit=new SAZInit(socket,confObject);
SAZClientThread sazClientThread=new SAZClientThread(sazInit);
PropertyConfigurator.configure("../log/log4j.saz.properties");
sazClientThread.start();
}catch (Exception e){
logger.debug("SAZServer: Exception occured "+e.getMessage());
System.out.println(e.getMessage());
}
SAZInit.java
+++++++++
public Socket clientSocket;
public SAZConfiguration confObject;
/**
* An object for holding various other objects used for
authorization.
* @param clientSocket The socket to which the server is
connected to.
* @param confObject An object contanning all the fields from
the configuration file.
*/
SAZInit(Socket clientSocket,SAZConfiguration confObject){
this.clientSocket=clientSocket;
this.confObject=confObject;
}
SAZClientThread.java
++++++++++++++++++++
public SAZClientThread(SAZInit sazInit){
this.confObject=sazInit.confObject;
this.clientSocket=sazInit.clientSocket;
utilObject=new SAZUtil();
}
NOTE ******* this is how the socket gets passed to the client
public void run(){ try{
//initialize some variables
...
JDKX509CertificateFactory cf=new
JDKX509CertificateFactory();
context
=
anamObject
.getGsiServerContext
(confObject.SAZ_SERVER_CERT,confObject.SAZ_SERVER_KEY);
clientSocket =
anamObject.getGsiServerSocket(clientSocket,context);
InetAddress
remoteHost=clientSocket.getInetAddress();
...
...
rwSocket=new ReadWriteSocket(clientSocket);
*****this is where code hangs
...
...
}
I believe handshake is being done by function "getGsiClientSocket",
(Socket clientSocket =
GssSocketFactory.getDefault().createSocket(host, port, context);)
The code you sent me just creates a socket - I don't see how you
expect that
handshake is done as part of the above code?
I assumed that this must be the pace where handshake is being done
(since there is no function named handshake() which was being called
explicitly anywhere )
But from your email, looks like the handshake happens when
getInputStream is invoked..that makes sense as thats where the code
hangs..
Enable the following logger to see start and end of handshake
messages:
log4j.category.org.globus.gsi.gssapi.net=DEBUG
I enabled this and only debug output I see is
2008-08-19 11:35:06 :DEBUG:Thread-0: Handshake start
and then it hangs...
Comparing this with debug output in case of a working proxy, I see
2008-08-19 11:43:22 :DEBUG:Thread-0: Handshake start
2008-08-19 11:43:24 :DEBUG:Thread-0: Handshake end
2008-08-19 11:43:24 :DEBUG:Thread-0: Performing authorization.
- then it tries to obtain a input and output stream using
this client socket. This is where it hangs...
The getInputStream() in GssSocket() intiates handshake using the
startHandshake() method.
Can you enable the following logger also to see context establishment
pieces:
log4j.category.org.globus.gsi.gssapi=DEBUG
Please send me logs with above logging enabled.
Here they are:
...
...
2008-08-19 11:38:47 :DEBUG:Thread-7: Handshake start
2008-08-19 11:38:47 :DEBUG:Thread-7: enter acceptSecContext
2008-08-19 11:38:47 :DEBUG:Thread-7: put token: 104
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte array: 99
2008-08-19 11:38:47 :DEBUG:Thread-7: exit acceptSeContext
2008-08-19 11:38:47 :DEBUG:Thread-7: enter acceptSecContext
2008-08-19 11:38:47 :DEBUG:Thread-7: put token: 16389
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte array: 16384
2008-08-19 11:38:47 :DEBUG:Thread-7: read byte
...thats it..no more debug output..
-Neha
Rachana
the code which does this is :
rwSocket=new ReadWriteSocket(clientSocket);
and I have attached file called ReadWriteSocket.java.
Basically this is what the constructor is doing..
public ReadWriteSocket(Socket clientSocket){
this.clientSocket=clientSocket;
try{
in=clientSocket.getInputStream();
out=clientSocket.getOutputStream();
reader =new BufferedReader(new
InputStreamReader(in));
writer=new PrintStream(out);
din=new DataInputStream(in);
dout=new DataOutputStream(out);
}catch(IOException e){
System.out.println("Exception "+e);
}
}
The code hangs on the getInputStream() function...
I have also tested that if I just try to get input and output stream
from the socket object (when it gets created by server and is passed
to the thread before globus libraries are used), i can get them.
So obviously globus libraries are modifying the client socket
in a way
that is causing the problem in case of proxy delegated 5 times and
above..
At this stage, I am not sure what else I can try at my end and am
looking forward for any support from the Globus folks..
If you need any other information, please let me know
-Neha
