| SCRIPT_URL="https://raw.github.com/italiangrid/voms-deployment-test/master/voms-deployment-test.sh" | |
| wget --no-check-certificate $SCRIPT_URL -O voms-deployment-test.sh | |
| chmod +x voms-deployment-test.sh | |
| DB_UPGRADE="no" | |
| if [ "$PERFORM_DATABASE_UPGRADE" = "true" ]; then | |
| DB_UPGRADE="yes" | |
| fi |
This bug:
https://issues.infn.it/jira/browse/STOR-779
prevents the proper cleanup of ongoing PtPs on a surl when srmRm is called on that surl on all StoRM versions >= 1.11.5.
This bug will be fixed in StoRM 1.11.8, scheduled for release on Friday, March 13th 2015.
| package org.italiangrid.test_oom; | |
| import java.io.IOException; | |
| import java.security.cert.CRLException; | |
| import java.security.cert.CertificateException; | |
| import java.security.cert.X509Certificate; | |
| import java.util.Arrays; | |
| import java.util.concurrent.TimeUnit; | |
| import org.apache.log4j.BasicConfigurator; | |
| import org.apache.log4j.Logger; |
| public class TestOOM2 { | |
| public static final Logger log = Logger.getLogger(TestOOM.class); | |
| public TestOOM2() throws CertificateException { | |
| X509Certificate[] proxyChain = PKIUtils.loadCertificates("/tmp/x509up_u504"); | |
| while(true){ | |
| [ceccanti@emitestbed43 ~]$ ldapsearch -x -h localhost -p 2170 -b 'GLUE2GroupID=resource,o=glue' objectCLass=GLUE2Endpoint | |
| # extended LDIF | |
| # | |
| # LDAPv3 | |
| # base <GLUE2GroupID=resource,o=glue> with scope subtree | |
| # filter: objectCLass=GLUE2Endpoint | |
| # requesting: ALL | |
| # | |
| # emitestbed43.cnaf.infn.it_VOMS_2715298739_voms_2715298739_testers3.eu-emi.e |
| def a(): | |
| time.sleep(1) | |
| def b(): | |
| time.sleep(2) | |
| class TestRunner: | |
| def _run(self): | |
| a() |
As reported in this ggus-ticket, in certain circumstances VOMS Admin accepts membership requests from users without a valid X.509 certificate.
This has no security impact on the server, but can lead to VO admins receiving membership request with strange user certificate subject, like the following:
![Strange request
| #!/bin/bash | |
| IAM_CLIENT_ID=${IAM_CLIENT_ID:-iam-client} | |
| IAM_CLIENT_SECRET=${IAM_CLIENT_SECRET} | |
| IAM_TOKEN_ENDPOINT=${IAM_TOKEN_ENDPOINT:-https://iam-test.indigo-datacloud.eu/token} | |
| if [[ -z "${IAM_CLIENT_SECRET}" ]]; then | |
| echo "Please provide a client secret setting the IAM_CLIENT_SECRET env variable." | |
| exit 1; |
| -- Selects and displays PtP requests that are stuck in progress for one month | |
| SELECT rq.ID, rq.timeStamp, rp.targetSURL, sp.statusCode, sp.explanation | |
| FROM storm_db.request_queue rq, storm_db.request_Put rp, storm_db.status_Put sp | |
| WHERE rq.ID = rp.request_queueID and rp.ID = sp.request_PutID | |
| and rq.status = 18 and rq.timeStamp <= DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 1 MONTH); | |
| -- Marks PtP requests stuck in progress for one month as expired, so that the StoRM | |
| -- request garbage collector will remove them from the database | |
| UPDATE storm_db.request_queue rq, storm_db.request_Put rp, storm_db.status_Put sp | |
| SET sp.statusCode = 1, sp.explanation = "Request expired.", rq.status = 1 |