zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ludwig Pummer <ludw...@chip-web.com>
Subject Re: digest ACL znodes always return ZNOAUTH (zkCLi and perl)
Date Thu, 26 Jan 2012 05:10:59 GMT
The docs say to specify it as id => "$username:$password". If I didn't 
do add_auth first, how would I be able to specify a digest ACL at all?

It also fails if I move the add_auth until after I've created the node.

I also got the idea to try doing add_auth first and then creating it 
with ZOO_CREATOR_ALL_ACL to skip generating the digest myself, but perl 
core dumps at the call. Ditto withZOO_READ_ACL_UNSAFE. The only 
predefined ACL that doesn't core dump is ZOO_OPEN_ACL_UNSAFE, which 
doesn't help me any. So it looks like the perl interface has some issues.

Do you happen to know the syntax to use CREATOR_ALL_ACL with zkCli ? Or 
syntax for using digest ACL on create or set_acl with zkCli?

On 1/25/2012 3:30 PM, Patrick Hunt wrote:
> I notice this in your perl script:
>
> $acl=[{"perms"=>ZOO_PERM_ALL,"scheme"=>"digest",id=>"user:$digest"}];
>
> have you tried using id=>"user"? I don't think you should be providing
> the digest here given you've already add_auth'd
>
> I'd try it but I'm not setup at the moment to compile/run this.
>
> Patrick
>
> On Mon, Jan 23, 2012 at 8:18 PM, Ludwig Pummer
> <ludwigp-zookeeper@chip-web.com>  wrote:
>> I used the doc's 2 lines of code to generate the digest.
>>
>> $ perl -MMIME::Base64 -MDigest -e 'print
>> MIME::Base64::encode(Digest->new("SHA-1")->add("user:pass")->digest());'
>> smGaoVKd/cQkjm7b88GyorAUz20=
>>
>> That matches the output below, but it makes sense since I *set* that? What
>> other digest value is there to compare it to?
>>
>> I have no way to see what is the digest generated by ZooKeeper on addauth,
>> do I?
>>
>> What's the digest acl syntax in zkCLI?
>>
>>
>> On 1/23/2012 12:49 PM, Patrick Hunt wrote:
>>>
>>> I'm not super familiar with the perl bindings - did you try what's
>>> documented/detailed in the perl docs?
>>>
>>> http://search.cpan.org/~cdarroch/Net-ZooKeeper-0.35/ZooKeeper.pm#Access_Control
>>>
>>> Did you compare the two base 64 encoded digests?
>>>
>>> Patrick
>>>
>>> On Mon, Jan 23, 2012 at 1:00 AM, Ludwig Pummer
>>> <ludwigp-zookeeper@chip-web.com>    wrote:
>>>>
>>>> Hello,
>>>>
>>>> I'm just getting started with ZooKeeper and am having very little luck
>>>> with
>>>> digest ACLs.
>>>>
>>>> I couldn't figure out the syntax for creating digest acls from zkCli
>>>> (create
>>>> nor setAcl), but I did manage to set ACLs on nodes using the perl
>>>> bindings.
>>>>
>>>> However, I cannot read the node back.
>>>>
>>>> "addauth digest user:pass" in zkCLI is accepted, but the subsequent get
>>>> results in a KeeperException$NoAuthException.
>>>>
>>>>   From the perl binding (Net::ZooKeeper 0.35), get always returns -102
>>>> (ZNOAUTH).
>>>>
>>>> I'm running zookeeper 3.3.4.
>>>>
>>>> -----
>>>>
>>>> $ ./acltest1.pl
>>>> add_auth ok
>>>> created path /acl0000000028 with acl
>>>> node /acl0000000028 get error: -102
>>>> node /acl0000000028 has stat info:
>>>>   czxid: 230
>>>>   mzxid: 230
>>>>   ctime: 1327308018904
>>>>   mtime: 1327308018904
>>>>   version: 0
>>>>   children_version: 0
>>>>   acl_version: 0
>>>>   ephemeral_owner: 0
>>>>   data_len: 5
>>>>   num_children: 0
>>>>   children_zxid: 230
>>>> node /acl0000000028 has ACL entry:
>>>>   perms:  31
>>>>   scheme: digest
>>>>   id:     user:smGaoVKd/cQkjm7b88GyorAUz20=
>>>>
>>


Mime
View raw message