Malformed scitoken can result in schedd abort

Description

When using the SCITOKENS authentication method, using a malformed scitoken can cause an the schedd daemon configured to use the SCHEDD_AUDIT_LOG to abort with signal 6 (SIGABORT).

The issue is the JWT library used by HTCondor can throw a C++ exception if it fails to decode a token, and this exception is not always being caught.

Patch will always enclose attempts to decode JWT tokens in a try/catch block.

Activity

Show:
Greg Thain
March 23, 2021, 7:20 PM
Edited

CODE REVIEW looks good to me. A search shows no other places where we seem to throw an uncaught exception. However, we have no docs or tests for scitokens as-as-auth – should we?

Also – I would hope that a malformed token would be a rare request. Should we dprintf that at D_ALWAYS in the catch block?

Todd Tannenbaum
March 4, 2021, 6:06 PM
Edited

To reproduce the original problem, setup a minicondor to use SCITOKENS authentication, and then issue a condor_q against a schedd using an empty scitoken file. Note that SCITOKENS are passed from the client to the server with SSL, so you will need to setup a host cert to test. Behold the following setup using a centos 7 container with minihtcondor:

  1. First make a self-signed localhost host cert and update the CA bundle via following commands (as root):

  2. Next setup HTCondor as follows in /etc/condor/config.d/00-test:

  3. Make an empty scitoken file, fire up HTCondor, then try condor_q

The condor_q will cause the schedd to abort.

Time remaining

0m

Assignee

Todd Tannenbaum