[gfal2] Backporting fix for turl protocol honoring
Alejandro Alvarez
aalvarez at fedoraproject.org
Mon Nov 17 10:23:12 UTC 2014
commit 8133b8ad9da34e941681c977ad0dfc5fc80a5c06
Author: Alejandro Alvarez Ayllon <alejandro.alvarez.ayllon at cern.ch>
Date: Mon Nov 17 10:40:41 2014 +0100
Backporting fix for turl protocol honoring
gfal2-srm-honor-protocol.patch | 100 ++++++++++++++++++++++++++++++++++++++++
gfal2.spec | 10 ++++-
2 files changed, 109 insertions(+), 1 deletions(-)
---
diff --git a/gfal2-srm-honor-protocol.patch b/gfal2-srm-honor-protocol.patch
new file mode 100644
index 0000000..4106907
--- /dev/null
+++ b/gfal2-srm-honor-protocol.patch
@@ -0,0 +1,100 @@
+commit 8ee578131b0ce334c0c5bd6f5a2bd96097875514
+Author: Alejandro Alvarez Ayllon <alejandro.alvarez.ayllon at cern.ch>
+Date: Mon Nov 17 10:01:38 2014 +0100
+
+ DMC-553: Accept only turls that have been requested
+
+diff --git a/src/plugins/srm/gfal_srm_getput.c b/src/plugins/srm/gfal_srm_getput.c
+index 94f5904..aaf8f19 100644
+--- a/src/plugins/srm/gfal_srm_getput.c
++++ b/src/plugins/srm/gfal_srm_getput.c
+@@ -26,6 +26,61 @@
+ #include "gfal_srm_endpoint.h"
+
+
++// Make sure the TURL returned by the endpoint is one of the requested protocols
++static int validate_turls(int n_results, gfal_srm_result** resu,
++ gfal_srm_params_t params, GError** tmp_err)
++{
++ int failed = 0;
++ int n_protocols = g_strv_length(params->protocols);
++ int i, j;
++
++ for (i = 0; i < n_results && !failed; ++i) {
++ const char* turl = (*resu)[i].turl;
++
++ // Never ever accept file, even if it was asked for
++ if (strncmp("file:", turl, 5) == 0) {
++ failed = -1;
++ gfal2_set_error(tmp_err, gfal2_get_plugin_srm_quark(), EBADMSG, __func__,
++ "file:// is not a valid turl");
++ break;
++ }
++ else if (turl[0] == '/') {
++ failed = -1;
++ gfal2_set_error(tmp_err, gfal2_get_plugin_srm_quark(), EBADMSG, __func__,
++ "A turl can not start with /");
++ break;
++ }
++
++ // If error is set, skip the check
++ if ((*resu)[i].err_code != 0)
++ continue;
++
++ // Check the turl protocol is in the request list
++ int matching_protocol = 0;
++ for (j = 0; j < n_protocols; ++j) {
++ size_t proto_len = strlen(params->protocols[j]);
++ if (strncmp(params->protocols[j], turl, proto_len) == 0 && turl[proto_len] == ':') {
++ matching_protocol = 1;
++ break;
++ }
++ }
++
++ // If no matching protocol, fail already
++ if (!matching_protocol) {
++ failed = -1;
++ gfal2_set_error(tmp_err, gfal2_get_plugin_srm_quark(), EBADMSG, __func__,
++ "The SRM endpoint returned a protocol that wasn't requested: %s");
++ }
++ }
++ // Didn't match, so free and set an error
++ if (failed) {
++ free(*resu);
++ *resu = NULL;
++ }
++ return failed;
++}
++
++
+ static int gfal_srm_convert_filestatuses_to_srm_result(struct srmv2_pinfilestatus* statuses, char* reqtoken, int n, gfal_srm_result** resu, GError** err){
+ g_return_val_err_if_fail(statuses && n && resu, -1, err, "[gfal_srm_convert_filestatuses_to_srm_result] args invalids");
+ *resu = calloc(n, sizeof(gfal_srm_result));
+@@ -167,8 +222,16 @@ static int gfal_srm_mTURLS_internal(gfal_srmv2_opt* opts, gfal_srm_params_t para
+ ret = gfal_srm_putTURLS_srmv2_internal(context, opts, params, surls, resu, &tmp_err);
+ }
+
+- if (ret < 0)
++ if (ret < 0) {
+ gfal2_propagate_prefixed_error(err, tmp_err, __func__);
++ }
++ else {
++ int n_results = g_strv_length(surls);
++ if (validate_turls(n_results, resu, params, &tmp_err)) {
++ gfal2_propagate_prefixed_error(err, tmp_err, __func__);
++ ret = -1;
++ }
++ }
+
+ return ret;
+ }
+@@ -232,9 +295,6 @@ int gfal_srm_getTURL_checksum(plugin_handle ch, const char* surl, char* buff_tur
+ G_RETURN_ERR(ret, tmp_err, err);
+ }
+
+-
+-
+-
+ // execute a get for thirdparty transfer turl
+ int gfal_srm_get_rd3_turl(plugin_handle ch, gfalt_params_t p, const char* surl,
+ char* buff_turl, int size_turl,
diff --git a/gfal2.spec b/gfal2.spec
index 11405f7..ae7c60e 100644
--- a/gfal2.spec
+++ b/gfal2.spec
@@ -4,11 +4,14 @@
Name: gfal2
Version: 2.7.7
# https://fedoraproject.org/wiki/Packaging:NamingGuidelines#Release_Tag
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Grid file access library 2.0
Group: Applications/Internet
License: ASL 2.0
URL: http://dmc.web.cern.ch
+# TURLS retrieved from a SRM endpoint should be of one of the requested protocols
+# https://its.cern.ch/jira/browse/DMC-553
+Patch0: %{name}-srm-honor-protocol.patch
# svn export http://svn.cern.ch/guest/lcgutil/gfal2/tags/data-gfal2_R_2_7_7 gfal2-2.7.7
# tar czf gfal2-2.7.7.tar.gz gfal2-2.7.7
Source0: %{name}/%{name}-%{version}.tar.gz
@@ -193,6 +196,8 @@ make clean
%prep
%setup -q
+%patch0 -p1
+
%build
%cmake \
-DDOC_INSTALL_DIR=%{_pkgdocdir} \
@@ -289,6 +294,9 @@ make DESTDIR=%{buildroot} install
%changelog
+* Mon Nov 17 2014 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 2.7.7-2
+- Backporting fix for protocol honoring on SRM GET and PUT
+
* Mon Nov 10 2014 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 2.7.7-1
- Upgraded to upstream release 2.7.7
More information about the scm-commits
mailing list