Testing the dacs.quick procedure is failing

Help
Craig Ruff
2009-08-05
2013-04-25
  • Craig Ruff
    Craig Ruff
    2009-08-05

    I'm trying out the 1.4.22 dacs.quick procedure.  Everything seems to be working ok until I get to Step 6 #5 where you try to access the http://dodgers.dacstest.dss.ca:18123/cgi-bin/dacs/dacs_prenv?FORMAT=html link again.  Since I'm following the procedure step by step, I expected this should have worked.  Here is the LA-05-Aug-09.log file contents for the access attempt:

    [Wed Aug  5 15:51:07 2009] [info] [32046,299,-] [dacs_acs:"dacslib",dacslib.c:875]
    ----- ----- ----- ----- ----- Execution begins ----- ----- ----- ----- -----
    dacs_acs: DACS V1.4R1.4.22 (Release date 13-Jan-09 12:06:13)
    [Wed Aug  5 15:51:07 2009] [info] [32046,300,-] [dacs_acs:"dacslib",dacslib.c:878] This is jurisdiction DACSTEST::LA
    [Wed Aug  5 15:51:07 2009] [trace] [32046,301,-] [dacs_acs:"dacslib",dacslib.c:882] Effective dacs_service_uri is "http://dodgers.dacstest.dss.ca"
    [Wed Aug  5 15:51:07 2009] [trace] [32046,302,-] [dacs_acs:"dacs_acs",acs.c:652] Command line: 1 arg
    [Wed Aug  5 15:51:07 2009] [trace] [32046,303,-] [dacs_acs:"dacs_acs",acs.c:654]   Arg0: "dacs_acs"
    [Wed Aug  5 15:51:07 2009] [trace] [32046,304,-] [dacs_acs:"dacs_acs",acs.c:658] proxy_static=0, proxy_exec=0, proxy_pass_authorization=0
    [Wed Aug  5 15:51:07 2009] [info] [32046,305,-] [dacs_acs:"dacs_acs",acs.c:692] Read 417 bytes from mod_auth_dacs (limit is 65536)
    [Wed Aug  5 15:51:07 2009] [info] [32046,306,-] [dacs_acs:"dacs_acs",acs.c:718] SERVICE_URI=/cgi-bin/dacs/dacs_prenv
    [Wed Aug  5 15:51:07 2009] [debug] [32046,307,-] [dacs_acs:"dacs_acs",acs.c:847] Arg count: 1
    [Wed Aug  5 15:51:07 2009] [debug] [32046,308,-] [dacs_acs:"dacs_acs",acs.c:896] 0 credentials found
    [Wed Aug  5 15:51:07 2009] [info] [32046,309,-] [dacs_acs:"dacs_acs",acs.c:915] REQUEST_URI path=/cgi-bin/dacs/dacs_prenv
    [Wed Aug  5 15:51:07 2009] [info] [32046,310,-] [dacs_acs:"dacs_acs",acs.c:922] REMOTE_ADDR=127.0.0.1
    [Wed Aug  5 15:51:07 2009] [info] [32046,311,-] [dacs_acs:"dacs_acs",acs.c:928] HOSTNAME=dodgers.dacstest.dss.ca
    [Wed Aug  5 15:51:07 2009] [trace] [32046,312,-] [dacs_acs:"authlib",authlib.c:3993] valid_for_acs=1
    [Wed Aug  5 15:51:07 2009] [debug] [32046,313,-] [dacs_acs:"dacs_acs",acs.c:939] 0 valid selected credentials found
    [Wed Aug  5 15:51:07 2009] [debug] [32046,314,-] [dacs_acs:"acslib",acslib.c:4530] No RLINKs were enabled
    [Wed Aug  5 15:51:07 2009] [trace] [32046,315,-] [dacs_acs:"authlib",authlib.c:4590] Checking "revocations" for revocations...
    [Wed Aug  5 15:51:07 2009] [trace] [32046,316,-] [dacs_acs:"vfs",vfs.c:618] vfs_open(fs,/usr/local/dacs/federations/dacstest.dss.ca/LA/acls/revocations)
    [Wed Aug  5 15:51:07 2009] [trace] [32046,317,-] [dacs_acs:"vfs",vfs.c:686] vfs_get(fs,/usr/local/dacs/federations/dacstest.dss.ca/LA/acls/revocations,"")
    [Wed Aug  5 15:51:07 2009] [trace] [32046,318,-] [dacs_acs:"vfs",vfs.c:637] vfs_close(fs,/usr/local/dacs/federations/dacstest.dss.ca/LA/acls/revocations)
    [Wed Aug  5 15:51:07 2009] [info] [32046,319,-] [dacs_acs:"acslib",acslib.c:3167] No identities have been revoked
    [Wed Aug  5 15:51:07 2009] [trace] [32046,320,-] [dacs_acs:"acslib",acslib.c:2300] Contents of Env namespace:
    HTTP_HOST="dodgers.dacstest.dss.ca:18123"
    HTTP_USER_AGENT="Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2"
    HTTP_ACCEPT="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
    HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.8,fr;q=0.5,de;q=0.3"
    HTTP_ACCEPT_ENCODING="gzip,deflate"
    HTTP_ACCEPT_CHARSET="UTF-8,*"
    HTTP_KEEP_ALIVE="300"
    HTTP_CONNECTION="keep-alive"
    HTTP_REFERER="http://dodgers.dacstest.dss.ca:18123/man/dacs.quick.7.html"
    HTTP_IF_MODIFIED_SINCE="Wed, 05 Aug 2009 21:46:03 GMT"
    HTTP_IF_NONE_MATCH=""308090-23b-4706bedf65cc0""
    PATH="/usr/local/krb5/bin:/usr/local/krb5/sbin:/usr/local/rip/bin:/usr/local/docbook/bin:/usr/local/pgsql-8.3/bin:/usr/local/R-2.9.0/bin:/usr/local/dcs-4.0/bin:/usr/local/dcs-4.0/server:/fs/scd/home
    0/cruff/bin:/fs/scd/home0/cruff/bin/linux:/usr/local/bin:/usr/ucb:/bin:/usr/bin:/usr/local/etc:/etc:/usr/etc:.:/sbin:/usr/sbin:/usr/games:/opt/kde3/bin"
    SERVER_SIGNATURE=""
    SERVER_SOFTWARE="Apache/2.2.12 (Unix) mod_ssl/2.2.12 OpenSSL/0.9.8h mod_auth_dacs/1.4.22"
    SERVER_NAME="dodgers.dacstest.dss.ca"
    SERVER_ADDR="127.0.0.1"
    SERVER_PORT="18123"
    REMOTE_ADDR="127.0.0.1"
    DOCUMENT_ROOT="/usr/local/apache-dacs/htdocs"
    SERVER_ADMIN="cruff@bells.scd.ucar.edu"
    SCRIPT_FILENAME="/usr/local/apache-dacs/cgi-bin/dacs/dacs_prenv"
    REMOTE_PORT="54594"
    GATEWAY_INTERFACE="CGI/1.1"
    SERVER_PROTOCOL="HTTP/1.1"
    REQUEST_METHOD="GET"
    QUERY_STRING="FORMAT=html"
    REQUEST_URI="/cgi-bin/dacs/dacs_prenv?FORMAT=html"
    SCRIPT_NAME="/cgi-bin/dacs/dacs_prenv"
    DACS_CONF="/usr/local/dacs/federations/dacs.conf"
    DACS_MOD_AUTH_DACS="Aug  5 2009 13:41:36"

    [Wed Aug  5 15:51:07 2009] [trace] [32046,321,-] [dacs_acs:"acslib",acslib.c:2355] Environment initialized
    [Wed Aug  5 15:51:07 2009] [trace] [32046,322,-] [dacs_acs:"vfs",vfs.c:618] vfs_open(fs,/usr/local/dacs/federations/dacstest.dss.ca/LA/acls)
    [Wed Aug  5 15:51:07 2009] [debug] [32046,323,-] [dacs_acs:"acslib",acslib.c:2813] Scanning "acls" for a match
    [Wed Aug  5 15:51:07 2009] [trace] [32046,324,-] [dacs_acs:"acslib",acslib.c:2648] Scanning indexed rules to match "/cgi-bin/dacs/dacs_prenv"
    [Wed Aug  5 15:51:07 2009] [debug] [32046,325,-] [dacs_acs:"dacsacl",aclcheck.c:516] Reading index file "INDEX"
    [Wed Aug  5 15:51:07 2009] [trace] [32046,326,-] [dacs_acs:"vfs",vfs.c:686] vfs_get(fs,/usr/local/dacs/federations/dacstest.dss.ca/LA/acls,"INDEX")
    [Wed Aug  5 15:51:07 2009] [error] [32046,327,-] [dacs_acs:"dacsacl",aclcheck.c:518] Error reading ACL index
    [Wed Aug  5 15:51:07 2009] [error] [32046,328,-] [dacs_acs:"acslib",acslib.c:2820] Can't obtain list of ACLs - check configuration file
    [Wed Aug  5 15:51:07 2009] [trace] [32046,329,-] [dacs_acs:"vfs",vfs.c:637] vfs_close(fs,/usr/local/dacs/federations/dacstest.dss.ca/LA/acls)
    [Wed Aug  5 15:51:07 2009] [debug] [32046,330,-] [dacs_acs:"dacs_acs",acs.c:235] Command line: 3 args
    [Wed Aug  5 15:51:07 2009] [debug] [32046,331,-] [dacs_acs:"dacs_acs",acs.c:237]   Arg0: "/usr/local/dacs/bin/dacs_acs"
    [Wed Aug  5 15:51:07 2009] [debug] [32046,332,-] [dacs_acs:"dacs_acs",acs.c:237]   Arg1: "-t"
    [Wed Aug  5 15:51:07 2009] [debug] [32046,333,-] [dacs_acs:"dacs_acs",acs.c:237]   Arg2: "-v"
    [Wed Aug  5 15:51:07 2009] [notice] [32046,334,-] [dacs_acs:"dacs_acs",acs.c:240] Can't obtain list of ACLs - check configuration file
    [Wed Aug  5 15:51:07 2009] [trace] [32046,335,-] [dacs_acs:"authlib",authlib.c:1421] UA="Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2", outlen=20, uahash
    ="QpPFZI47vICUdQ=="
    [Wed Aug  5 15:51:07 2009] [notice] [32046,336,A] [dacs_acs:"authlib",authlib.c:1421] *** Access denied to unauthenticated user (KJGWIHWe) for /cgi-bin/dacs/dacs_prenv
    [Wed Aug  5 15:51:07 2009] [debug] [32046,337,-] [dacs_acs:"dacs_acs",acs.c:482] Looking up handler for reason code 998
    [Wed Aug  5 15:51:07 2009] [trace] [32046,338,-] [dacs_acs:"acslib",acslib.c:3852] ACS_ERROR_HANDLER: "/* * /handlers/acs_failed.html"
    [Wed Aug  5 15:51:07 2009] [trace] [32046,339,-] [dacs_acs:"acslib",acslib.c:1684] match (wildcard)
    [Wed Aug  5 15:51:07 2009] [debug] [32046,340,-] [dacs_acs:"acslib",acslib.c:3940] Using error handler: "/* * /handlers/acs_failed.html"
    [Wed Aug  5 15:51:07 2009] [debug] [32046,341,-] [dacs_acs:"dacs_acs",acs.c:511] Invoking handler type 'Local URL' for reason code 998
    [Wed Aug  5 15:51:07 2009] [debug] [32046,342,-] [dacs_acs:"dacs_acs",acs.c:548] Redirecting to: "/handlers/acs_failed.html?DACS_ERROR_CODE=998&DACS_VERSION=1.4&DACS_FEDERATION=DACSTEST&DACS_JURISDI
    CTION=LA&DACS_HOSTNAME=dodgers.dacstest.dss.ca&DACS_USER_AGENT=Mozilla%2F5.0%20(X11%3B%20U%3B%20Linux%20i686%20(x86_64)%3B%20en-US%3B%20rv%3A1.9.1.2)%20Gecko%2F20090729%20Firefox%2F3.5.2&DACS_REQUES
    T_METHOD=GET&DACS_ERROR_URL=http%3A%2F%2Fdodgers.dacstest.dss.ca%3A18123%2Fcgi-bin%2Fdacs%2Fdacs_prenv%3FFORMAT%3Dhtml"
    [Wed Aug  5 15:51:07 2009] [debug] [32046,343,-] [dacs_acs:"dacslib",dacslib.c:908] malloc=8892, realloc=17, calloc=0, free=2443, alloc=504750
    [Wed Aug  5 15:51:07 2009] [info] [32046,344,-] [dacs_acs:"dacslib",dacslib.c:929] Elapsed time: 19 msec
    [Wed Aug  5 15:51:07 2009] [info] [32046,345,-] [dacs_acs:"dacslib",dacslib.c:931]
    ----- ----- ----- ----- ----- Execution ends ----- ----- ----- ----- -----

    Is the configuration file reference in the log "$la/dacs.conf"?  This symlink exists and the contents of the file appears to match that in the dacs.quick Step 5 #8.

     
    • Craig Ruff
      Craig Ruff
      2009-08-05

      Never mind, I found that the /usr/local/dacs/federations/dacstest.dss.ca/LA/acls/INDEX file group owner ship was wrong.  Changing it to group www fixed the problem.