Proxy Delegation problem in FTS 2.2

Problem: In some cases, the delegated proxies got corrupted during FTS run. The origin of the problem was a race condition, covered by Savannah bug #33641. The fixed release did not get to FTS 2.2.

Reproducing the problem was not easy, we did it in the following way:

The test that reproduces the race condition and corrupts the delegation is in Compilation produces the executable test-glite-delegation-bug-33641. To create corrupted proxy, we executed the following commands (change the host to the one running the buggy service):

export WEB_SERVICE_ENDPOINT=https://$WEB_SERVICE_HOST:8443/glite-data-transfer-fts/services/gridsite-delegation
glite-delegation-destroy -v -s $WEB_SERVICE_ENDPOINT
glite-delegation-init -v -s $WEB_SERVICE_ENDPOINT
glite-delegation-init -v -s $WEB_SERVICE_ENDPOINT
glite-delegation-destroy -v -s $WEB_SERVICE_ENDPOINT
test-glite-delegation-bug-33641 -v -f -s $WEB_SERVICE_ENDPOINT

Then, we logged in to lxbrb1410, and checked directly the proxy. We used the follwing sqlplus command:

sqlplus '__database_user_name__/__database__password__@(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = = 10121)) (ADDRESS = (PROTOCOL = TCP)(HOST = = 10121)) (ADDRESS = (PROTOCOL = TCP)(HOST = = 10121)) (ADDRESS = (PROTOCOL = TCP)(HOST = = 10121)) (ADDRESS = (PROTOCOL = TCP)(HOST = = 10121)) (ADDRESS = (PROTOCOL = TCP)(HOST = = 10121)) (ADDRESS = (PROTOCOL = TCP)(HOST = = 10121)) (ADDRESS = (PROTOCOL = TCP)(HOST = = 10121)) (ENABLE=BROKEN) (LOAD_BALANCE = yes) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = (FAILOVER_MODE = (TYPE = SELECT)(METHOD = BASIC)(RETRIES = 200)(DELAY = 15)) ) )'

(__database_user_name__/__database__password__ : certainly, we do not write them here smile ).

and the queried for the proxy in the following way:

set page 999
set long 10000
select * from t_credential where dlg_id='dbc257a65b77841f151e5b9fed950d1daf77ffbf';

The last SQL command required the delegation ID. That is why we executed the glite-delegation-init command TWICE, because the second one displayed it in the error message...

We copied the displayed proxy into a file (/tmp/a in the example), and executed the following commands:

openssl x509 -in /tmp/a -text -noout

                Modulus (512 bit):

openssl rsa -in /tmp/a -text -noout


Then we looked for the "modulus" part in the output of the commands. They were different, the proxy got corrupted -> problem reproduced.

-- ZsoltMolnar - 03-Feb-2010

Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2010-02-03 - unknown
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback