[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DanteServer has a Timing Error Error on Startup?
>> I'm seeing a failure (when running the dante test script).
>> The failure is that the Principal for the DanteProtocol thread is set
>> to "RemoteUsers" instead of "DanteUser".
>
>The DanteCapsule and DanteClasses used in the protocol don't do
>anything that requires special privs. All the privileged operations
>are done in DanteClient or DanteServer. So, that means that only the
>applications need the special privs and not the protocol that shuttles
>data between them. (The apps and the protocol are run in separate
>"flows" so they can have separate ids.) Do you have any mods to
>DanteCapsule/DanteConstants that change this assumption?
No changed code here on my part. DanteCapsule attempts to
call sendToNeighbor(), which needs rawSend privilege. It fails because
it's running under the the wrong Principal. See the trace excerpt below.
>> The following trace output is for a modified "dante.{start,conf}"
>> and "nodesetup.sh". I've also added additional trace statements and
>> stack dumps in the code.
>
>I don't see any errors in this trace. (I do see that DanteProtocol is
>started with principal=RemoteUsers, if that's what you're trying to
>show.)
Yes. That's a big error, I think. Sometimes something
wonderful happens (the timing is different, I think), and DanteProtocol
is started with the correct principal, and dante packets are exchanged
as expected.
>Could you give me a trace of the error you're seeing?
On the way home, after I sent my prior message, I realize that
I had focused so much on what I'd uncovered in my attempt to pinpoint
the problem, that I'd failed to include the original error message itself.
I guess I'd hoped you'd take me on faith. :-) Here's an excerpt:
Flow[name=Protocol ants.core.DLProtocol;objid=0x50cfad1] loading LOCAL_PROTOCOL
ants.core.DLProtocol
new capsule channel: class=class ants.core.DLRequestCapsule; classifier=pj_Demul
tiplexKey[totalLength=84; segments={pj_DemultiplexKey.ANEPHeader[offset=0; heade
rMask=pj_DemultiplexKey.ByteMask[offset=0; length=4; sequence='01 XX 00 02 '; ma
sk=[Z@50d0486]]+pj_DemultiplexKey.ByteMask[offset=4; length=16; sequence='fb f1
f9 06 08 f4 fb f8 fb 0f 04 0a 03 0c 0d fd '; mask=null]+pj_DemultiplexKey.ByteMa
sk[offset=16; length=16; sequence='00 fa ff f5 fa f9 f7 0a 03 f9 fb fa f6 f3 f5
f2 '; mask=null]}]
Flow[name=Protocol ants.dante.DanteProtocol;objid=0x50d0831] loading LOCAL_PROTO
COL ants.dante.DanteProtocol
buf.length = 112, payloadStart = 52
capsule channel instantiating class ants.dante.DanteCapsule
Capsule ants.dante.DanteCapsule[s=255.255.255.255;d=18.31.12.255;p=0.0.0.0] exploded: Invalid access: Principal[RemoteUsers] rawSend execute
ants.core.security.ReferenceMonitorException: Invalid access: Principal[RemoteUsers] rawSend execute
at ants.core.security.ReferenceMonitor.checkPermission(ReferenceMonitor.java:98)
at ants.core.Node.sendToNeighbor(Node.java:524)
at ants.dante.DanteCapsule.evaluate(DanteCapsule.java:97)
at ants.core.CapsuleChannel.receive(CapsuleChannel.java:161)
at edu.utah.janos.nodeos.pj_ThreadPool.run(pj_ThreadPool.java:212)
at edu.utah.janos.nodeos.pj_Thread$ThreadWrapper.run(pj_Thread.java:71)
Craig Milo Rogers
[ Janos ] [ OSKit ] [ Network Testbed ] [ Flick ] [ Fluke ]
Flux Research Group / Department of Computer Science / University of Utah