SCAS Patch 3100 test report

Setup

The certification was done on the cern testbed. One machine was set up to be a SCAS server, and a glexec worker node was installed as a client. Both machines were SLC4 32bit. For both a normal yum install and yaim configure was done. The server was first installed as 0.2.6-1c and then upgraded to the patch version 0.2.6-7. After the update the service was restarted

Bugs

Only two bugs were attached to this. Both bugs were fixed, but since neither bug was trivially testable, no regression tests were created

bug #52648 [SCAS] Userban fails due to incorrect construction of pemstring

Could not verify the problem, user banning worked with both versions

bug #53524 SCAS: Denial of Service on SCAS daemon

Did a massive telnet test against the host, and it definately was adveresly affected and stoppead accepting client connections

After update ran the same test, and the server stayed responsive the whole time

Certification

The SCAS test suite is only partially related to SCAS, more to glexex. Hence the SCAS was tested with a number of proxy certificates to check that the mapping/denial works correctly. The utility glexec-test.sh was used, which connects to the SCAS service using given certificate, and prints the mapping received. After that also ran tests with combinations of GLEXEC_CLIENT_CERT and GLEXEC_SOURCE_PROXY to see that the user mapping is done correctly, even if another certificate was used to connect to the service. The following certificates were used:

  • proxy1: normal user proxy
  • proxy2: another user proxy
  • proxy3: the same user, different role
  • proxy4: proxy without voms extensions
  • proxy5: malformed proxy
  • proxy6: proxy from an untrusted CA
  • proxy7: banned user

All tests passed, the result is attached. Test with proxy4 should fail, since the DN is not explicitly in the grid mapfile.

-- KalleHapponen - 09-Nov-2009

Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatext certoutput r2 r1 manage 2.1 K 2009-11-09 - 10:58 UnknownUser Ouput of the certifcation test
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2009-11-09 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback