Difference: WMSTask21060SL5 (50 vs. 51)

Revision 512012-10-08 - DaniloDongiovanni

Line: 1 to 1
 
META TOPICPARENT name="WMSTask21060"

WMS v. 3.4 (SL5) test report

Line: 2523 to 2523
 -rw-r--r-- 1 glite glite 531456 Sep 26 15:23 ice.db
Changed:
<
<

Vulnerability bug in ICE's proxy renewal (Advisory-SVG-2012-4039) - PARTLY PASSED

>
>

Vulnerability bug in ICE's proxy renewal (Advisory-SVG-2012-4039) - PASSED

 Link to Advisory: SVG:Advisory-SVG-2012-4039
Changed:
<
<
Only tested that proxy-renewal is working correctly.
>
>
Tested that proxy-renewal is working correctly.
 
2012-09-18 17:25:11,329 DEBUG - iceCommandDelegationRenewal::renewAllDelegations() - There are [1] Delegation(s) to check...
2012-09-18 17:25:11,329 DEBUG - iceCommandDelegationRenewal::renewAllDelegations() - Contacting MyProxy server [emitb2.ics.muni.cz] for user dn [/C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Fabio Capannini-/dteam/Role=NULL/Capability=NULL] with proxy certificate [/var/ice/persist_dir/899FDB7C8E0983614A314BDD4D565D2117AF5DC6.betterproxy] to renew it...
Line: 2534 to 2534
 2012-09-18 17:25:12,864 DEBUG - iceCommandDelegationRenewal::renewAllDelegations() - Looking for the better proxy for DN [/C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Fabio Capannini-/dteam/Role=NULL/Capability=NULL] MyProxy Server name [emitb2.ics.muni.cz]... 2012-09-18 17:25:12,864 INFO - iceCommandDelegationRenewal::renewAllDelegations() - Will Renew Delegation ID [13479818552E316336cert2D132Ecnaf2Einfn2Eit] with BetterProxy [/var/ice/persist_dir/899FDB7C8E0983614A314BDD4D565D2117AF5DC6.betterproxy] that will expire on [Wed Sep 19 03:25:11 2012]
Added:
>
>
Tested that jdl with nasty commands is not exectued.
2012-10-08 11:58:17,632 INFO - proxyRenewal::body() - new iteration
2012-10-08 11:58:17,682 ERROR - iceCommandDelegationRenewal::renewAllDelegations() - Proxy renewal failed: [ERROR - /usr/bin/glite-wms-ice-proxy-renew: glite_renewal_core_renew() failed: Error connecting Myproxy server emitb-myproxy.civ.zcu.cz; echo MC was here > /tmp/intrusion; for proxy /var/ice/persist_dir/84EC42AD362E62283BE3B74622EA779A659F7F2C.betterproxy: Unknown host "emitb-myproxy.civ.zcu.cz; echo MC was here > /tmp/intrusion;"Unable to connect to emitb-myproxy.civ.zcu.cz; echo MC was here > /tmp/intrusion; - timeout=[120] - myproxyserver=[emitb-myproxy.civ.zcu.cz; echo MC was here > /tmp/intrusion;] - proxy=[/var/ice/persist_dir/84EC42AD362E62283BE3B74622EA779A659F7F2C.betterproxy] - HOSTCERT=/var/glite/wms.proxy - HOSTKEY=/var/glite/wms.proxy]
2012-10-08 11:58:17,683 WARN - iceCommandProxyRenewal::renewAllDelegations() - The better proxy [/var/ice/persist_dir/84EC42AD362E62283BE3B74622EA779A659F7F2C.betterproxy] is expiring NOT AFTER the current delegation [13496901582E488852cert2D132Ecnaf2Einfn2Eit]. Skipping ...
2012-10-08 12:09:44,718 ERROR - iceCommandSubmit::execute() -  TID=[25977088] Error during submission of jdl= Transient Exception is:Failed to create a delegation
 id for job https://cert-27.cnaf.infn.it:9000/NkVc8BIJMAXbjDGby9waeQ: reason is Authorization failure: Cannot map grid user onto a local account
2012-10-08 12:09:44,799 ERROR - iceThreadPoolWorker::body() - Command execution got FATAL exception: Error submitting job to CE [https://tutor04-cream.cnaf.infn.i
t:8443/ce-cream/services/CREAM2]: Failed to create a delegation id for job https://cert-27.cnaf.infn.it:9000/NkVc8BIJMAXbjDGby9waeQ: reason is Authorization failu
re: Cannot map grid user onto a local account
2012-10-08 12:09:54,706 ERROR - iceCommandDelegationRenewal::renewAllDelegations() - Proxy renewal failed: [ERROR - /usr/bin/glite-wms-ice-proxy-renew: glite_rene
wal_core_renew() failed: Error connecting Myproxy server emitb-myproxy.civ.zcu.cz; echo MC was here > /tmp/intrusion; for proxy /var/ice/persist_dir/84EC42AD362E6
2283BE3B74622EA779A659F7F2C.betterproxy: Unknown host "emitb-myproxy.civ.zcu.cz; echo MC was here > /tmp/intrusion;"Unable to connect to emitb-myproxy.civ.zcu.cz;
 echo MC was here > /tmp/intrusion; - timeout=[120] - myproxyserver=[emitb-myproxy.civ.zcu.cz; echo MC was here > /tmp/intrusion;] - proxy=[/var/ice/persist_dir/8
4EC42AD362E62283BE3B74622EA779A659F7F2C.betterproxy] - HOSTCERT=/var/glite/wms.proxy - HOSTKEY=/var/glite/wms.proxy]
 

glite-wms-ice-proxy-renew can block undefinitely (https://savannah.cern.ch/bugs/?95584) - PASSED

- A short proxy was created:
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback