Bug 1349286

Summary: authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned.
Product: [Fedora] Fedora Reporter: Viktor Ashirov <vashirov>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: abokovoy, jhrozek, jlieskov, lleung, lslebodn, pbrezina, preichl, rharwood, sbose, ssorce, tmraz, vashirov
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.14.1-3.fc24 sssd-1.14.1-3.fc23 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-30 15:51:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Viktor Ashirov 2016-06-23 07:21:10 UTC
Description of problem:
If nonexistent domain is defined in sssd.conf, authconfig fails with a traceback.

Version-Release number of selected component (if applicable):
sssd-1.13.4-3.fc24.x86_64

How reproducible:
always

Steps to Reproduce:
1. Set in [sssd] section:
domains = redhat, nonexistent

2. authconfig --test

Actual results:
Traceback (most recent call last):
  File "/usr/share/authconfig/authinfo.py", line 1901, in readSSSD
    domain = self.sssdDomain = self.sssdConfig.get_domain(SSSD_AUTHCONFIG_DOMAIN)
  File "/usr/lib/python3.4/site-packages/SSSDConfig/__init__.py", line 1856, in get_domain
    raise NoDomainError(name)
SSSDConfig.NoDomainError: default

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/authconfig", line 1078, in <module>
    sys.exit(module.run())
  File "/usr/sbin/authconfig", line 654, in run
    self.readAuthInfo()
  File "/usr/sbin/authconfig", line 425, in readAuthInfo
    self.info = authinfo.read(self.printError)
  File "/usr/share/authconfig/authinfo.py", line 1029, in read
    info.read()
  File "/usr/share/authconfig/authinfo.py", line 2529, in read
    self.readSSSD(ref)
  File "/usr/share/authconfig/authinfo.py", line 1904, in readSSSD
    domname = self.sssdConfig.list_active_domains()[0]
  File "/usr/lib/python3.4/site-packages/SSSDConfig/__init__.py", line 1784, in list_active_domains
    for dom in domain_dict.keys():
RuntimeError: dictionary changed size during iteration


Expected results:
Nonexistent domains should be ignored.

Additional info:

Comment 1 Jakub Hrozek 2016-06-23 08:21:51 UTC
Well, I would say sssd's configAPI does exactly what it was asked to do, there was an operation on non-existing domain and the API returned an exception.

If this is supposed to be ignored, then it should be ignored in authconfig

(That said, I'm not sure if we should invest much development time into fixing authconfig at this point..)

Comment 2 Viktor Ashirov 2016-06-23 08:35:16 UTC
This works on RHEL6 and RHEL7, but not on Fedora. I suppose because of Python 3.
There was a similar problem, introduced by migration to Python 3: https://fedorahosted.org/sssd/ticket/2699

Comment 3 Lukas Slebodnik 2016-06-23 09:32:16 UTC
(In reply to Viktor Ashirov from comment #0)
> Description of problem:
> If nonexistent domain is defined in sssd.conf, authconfig fails with a
> traceback.
> 
> Version-Release number of selected component (if applicable):
> sssd-1.13.4-3.fc24.x86_64
> 
> How reproducible:
> always
> 
> Steps to Reproduce:
> 1. Set in [sssd] section:
> domains = redhat, nonexistent
> 
> 2. authconfig --test
> 
> Actual results:
> Traceback (most recent call last):
>   File "/usr/share/authconfig/authinfo.py", line 1901, in readSSSD
>     domain = self.sssdDomain =
> self.sssdConfig.get_domain(SSSD_AUTHCONFIG_DOMAIN)
>   File "/usr/lib/python3.4/site-packages/SSSDConfig/__init__.py", line 1856,
Fedora 24 does not have a python3.4
There is python3.5


> in get_domain
>     raise NoDomainError(name)
> SSSDConfig.NoDomainError: default
> 
> During handling of the above exception, another exception occurred:
> 
> Traceback (most recent call last):
>   File "/usr/sbin/authconfig", line 1078, in <module>
>     sys.exit(module.run())
>   File "/usr/sbin/authconfig", line 654, in run
>     self.readAuthInfo()
>   File "/usr/sbin/authconfig", line 425, in readAuthInfo
>     self.info = authinfo.read(self.printError)
>   File "/usr/share/authconfig/authinfo.py", line 1029, in read
>     info.read()
>   File "/usr/share/authconfig/authinfo.py", line 2529, in read
>     self.readSSSD(ref)
>   File "/usr/share/authconfig/authinfo.py", line 1904, in readSSSD
>     domname = self.sssdConfig.list_active_domains()[0]
>   File "/usr/lib/python3.4/site-packages/SSSDConfig/__init__.py", line 1784,
> in list_active_domains
>     for dom in domain_dict.keys():
> RuntimeError: dictionary changed size during iteration
> 
> 
> Expected results:
> Nonexistent domains should be ignored.
> 
> Additional info:

If you want to assign back to sssd then please provide python reproducer
without authconfig.

Comment 4 Viktor Ashirov 2016-06-23 10:31:55 UTC
(In reply to Lukas Slebodnik from comment #3)
> (In reply to Viktor Ashirov from comment #0)
> > Description of problem:
> > If nonexistent domain is defined in sssd.conf, authconfig fails with a
> > traceback.
> > 
> > Version-Release number of selected component (if applicable):
> > sssd-1.13.4-3.fc24.x86_64
> > 
> > How reproducible:
> > always
> > 
> > Steps to Reproduce:
> > 1. Set in [sssd] section:
> > domains = redhat, nonexistent
> > 
> > 2. authconfig --test
> > 
> > Actual results:
> > Traceback (most recent call last):
> >   File "/usr/share/authconfig/authinfo.py", line 1901, in readSSSD
> >     domain = self.sssdDomain =
> > self.sssdConfig.get_domain(SSSD_AUTHCONFIG_DOMAIN)
> >   File "/usr/lib/python3.4/site-packages/SSSDConfig/__init__.py", line 1856,
> Fedora 24 does not have a python3.4
> There is python3.5
Copy-paste error, I've tested on Fedora 23 as well and copied output from there. It happens on Fedora 24 too with Python 3.5
> 
> 
> > in get_domain
> >     raise NoDomainError(name)
> > SSSDConfig.NoDomainError: default
> > 
> > During handling of the above exception, another exception occurred:
> > 
> > Traceback (most recent call last):
> >   File "/usr/sbin/authconfig", line 1078, in <module>
> >     sys.exit(module.run())
> >   File "/usr/sbin/authconfig", line 654, in run
> >     self.readAuthInfo()
> >   File "/usr/sbin/authconfig", line 425, in readAuthInfo
> >     self.info = authinfo.read(self.printError)
> >   File "/usr/share/authconfig/authinfo.py", line 1029, in read
> >     info.read()
> >   File "/usr/share/authconfig/authinfo.py", line 2529, in read
> >     self.readSSSD(ref)
> >   File "/usr/share/authconfig/authinfo.py", line 1904, in readSSSD
> >     domname = self.sssdConfig.list_active_domains()[0]
> >   File "/usr/lib/python3.4/site-packages/SSSDConfig/__init__.py", line 1784,
> > in list_active_domains
> >     for dom in domain_dict.keys():
> > RuntimeError: dictionary changed size during iteration
> > 
> > 
> > Expected results:
> > Nonexistent domains should be ignored.
> > 
> > Additional info:
> 
> If you want to assign back to sssd then please provide python reproducer
> without authconfig.
Here you go:
----
from __future__ import print_function
import SSSDConfig

sssdConfig = SSSDConfig.SSSDConfig()
sssdConfig.import_config('sssd.conf')
print(sssdConfig.list_active_domains())
----

sssd.conf:
----
[domain/redhat]
 
[sssd]
config_file_version = 2
domains = nonexistent, redhat
----

RHEL6:
$ python --version
Python 2.6.6
$ python reproducer.py
['redhat']

RHEL7:
$ python --version
Python 2.7.5
$ python reproducer.py 
['redhat']

Fedora 24
$ python3 --version
Python 3.5.1
$ python3 reproducer.py 
Traceback (most recent call last):
  File "reproducer.py", line 6, in <module>
    print(sssdConfig.list_active_domains())
  File "/usr/lib/python3.5/site-packages/SSSDConfig/__init__.py", line 1784, in list_active_domains
    for dom in domain_dict.keys():
RuntimeError: dictionary changed size during iteration

Comment 5 Viktor Ashirov 2016-06-23 10:37:41 UTC
And on Fedora 24 with Python 2:

$ python --version
Python 2.7.11
$ python reproducer.py        
['redhat']

Comment 6 lleung 2016-07-25 17:04:45 UTC
I ran across the same error on Fedora 24 when my sssd domain didn't match because it wasn't cased properly (eg. EXAMPLE.COM and example.com).

Looking at the lines in the trace, I don't see how it would ever succeed if the the active domains are not configured as it always tries to modify the dictionary as it's being iterated.

/usr/lib/python3.5/site-packages/SSSDConfig/__init__.py:
1783             configured_domains = self.list_domains()
1784             for dom in domain_dict.keys():
1785                 if dom not in configured_domains:
1786                     del domain_dict[dom]
1787

A quick fix is to iterate over a copy of the list from domain_dict.keys(), eg:
/usr/lib/python3.5/site-packages/SSSDConfig/__init__.py:
1784             for dom in list(domain_dict.keys()):

Comment 7 Jakub Hrozek 2016-07-25 17:23:19 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/3107

Comment 8 Jakub Hrozek 2016-07-25 17:24:01 UTC
Thank you,this indeed sounds like a bug. I opened upstream ticket #3107 to track that.

Comment 9 Lukas Slebodnik 2016-09-22 19:42:24 UTC
master:
* 1773fdad2730f3f910782781fa286f402ce36cca

sssd-1-13:
* a85253ab5ad24c02055496aca64e96d833aa70ab

Comment 10 Fedora Update System 2016-09-24 00:53:28 UTC
sssd-1.14.1-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-33f0007fb9

Comment 11 Fedora Update System 2016-09-24 00:53:33 UTC
sssd-1.14.1-3.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3107ac53e5

Comment 12 Fedora Update System 2016-09-24 01:51:18 UTC
sssd-1.14.1-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1306e3da3c

Comment 13 Fedora Update System 2016-09-27 00:32:32 UTC
sssd-1.14.1-3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2016-09-30 15:51:58 UTC
sssd-1.14.1-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2016-10-09 09:23:21 UTC
sssd-1.14.1-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.