Bug 1274150

Summary: krb5_init_context failed with -1429577697
Product: [Fedora] Fedora Reporter: Lukas Slebodnik <lslebodn>
Component: krb5Assignee: Robbie Harwood <rharwood>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: abokovoy, nalin, nathaniel, nmavrogi, rharwood
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-23 07:56:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Slebodnik 2015-10-22 06:08:06 UTC 
Description of problem:
We have few unit tests in sssd related to krb5 behaviour and they are failing with the latest release.

e.g. test_copy_ccache
(gdb) bt
#0  setup_ccache (state=0x60be00) at /home/build/sssd/src/tests/cmocka/test_copy_ccache.c:64
#1  0x00007ffff79d0712 in cmocka_run_one_test_or_fixture () from /lib64/libcmocka.so.0
#2  0x00007ffff79d0d5e in _cmocka_run_group_tests () from /lib64/libcmocka.so.0
#3  0x0000000000402df4 in main (argc=1, argv=<optimized out>) at /home/build/sssd/src/tests/cmocka/test_copy_ccache.c:237
(gdb) l 64
59
60          test_ctx = talloc_zero(global_talloc_context, struct ccache_test_ctx);
61          assert_non_null(test_ctx);
62
63          kerr = krb5_init_context(&test_ctx->kctx);
64          assert_int_equal(kerr, 0);
65
66          addr.magic = KV5M_ADDRESS;
67          addr.addrtype = ADDRTYPE_INET;
68          addr.length = 4;
(gdb) p kerr
$3 = -1429577697 

Version-Release number of selected component (if applicable):
$ rpm -qa | grep krb5-
krb5-devel-1.14-3.fc24.x86_64
krb5-libs-1.14-3.fc24.x86_64

How reproducible:
deterministic

Steps to Reproduce:
1. try to initialize krb5 contest with function rkrb5_init_context()

Actual results:
return code -1429577697

Expected results:
return code 0

Additional info:
It is caused by broken symbolic link provided by krb5-libs

[build@host ~]$ file /etc/krb5.conf.d/crypto-policies 
/etc/krb5.conf.d/crypto-policies: broken symbolic link to /etc/crypto-policies/back-ends/krb5.conf
[build@host ~]$ rpm -qf /etc/krb5.conf.d/crypto-policies
krb5-libs-1.14-3.fc24.x86_64

BTW. The symbolic link refers to file(/etc/crypto-policies/back-ends/krb5.conf) which is not provided by any package.

[root@host build]# dnf provides */back-ends/krb5.conf
Fedora - Rawhide - Developmental packages for the next Fedora release                                                                                      50 MB/s |  44 MB     00:00    
Last metadata expiration check performed 0:00:25 ago on Thu Oct 22 06:00:45 2015.
Error: No Matches found


[build@733d9bcc150c ~]$ rpm -q crypto-policies
crypto-policies-20151005-1.gitc8452f8.fc24.noarch
[build@733d9bcc150c ~]$ rpm -ql crypto-policies | grep krb


IMHO, if crypto policies want to ship krb5 configuration snippet then it can
store it directly in /etc/krb5.conf.d/. But krb5-libs
Comment 1 Robbie Harwood 2015-10-22 14:00:51 UTC 
Nikos, this is the symlink you mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1225792 ; what am I missing here?
Comment 2 Nikos Mavrogiannopoulos 2015-10-22 14:14:31 UTC 
Hi,
 The file is autogenerated and thus not owned, and its location is:
/etc/crypto-policies/back-ends/krb5.config

(there is a typo in the symlink which uses .conf)
Comment 3 Nalin Dahyabhai 2015-10-22 14:18:43 UTC 
That PROF_FAIL_INCLUDE_FILE error suggests that the library wasn't able to open an "include"d file.
Comment 4 Robbie Harwood 2015-10-22 14:43:42 UTC 
Thanks Nikos, I'll have this fixed presently.
Comment 5 Robbie Harwood 2015-10-22 16:47:20 UTC 
krb5-1.14-4.fc24

Thanks for your patience
Comment 6 Lukas Slebodnik 2015-10-23 06:16:15 UTC 
Thank you very much for fast workaround in rawhide.

However the same problem can occur in future.

[user@host][~]$ls -l /etc/krb5.conf.d/
total 0
lrwxrwxrwx. 1 root root 13 Oct 23 08:11 asdasdasdasd -> /asdasdasdasd

[user@host][~]$klist 
klist: Included profile file could not be read while initializing krb5

I'm able to reproduce it also on fedora 23 and the same bug can be also in older versions of fedora.
Comment 7 Alexander Bokovoy 2015-10-23 07:45:48 UTC 
For solving profile issue Robbie created a separate bug #1274424.
Comment 8 Lukas Slebodnik 2015-10-23 07:56:30 UTC 
(In reply to Alexander Bokovoy from comment #7)
> For solving profile issue Robbie created a separate bug #1274424.

OK