Bug 1351295
| Summary: | Dogtag 10.3.4: Miscellaneous Enhancements | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Matthew Harmsen <mharmsen> |
| Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | akahat, akasurde, edewata, ssidhaye |
| Target Milestone: | rc | ||
| Target Release: | 7.3 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | pki-core-10.3.3-3.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-04 05:25:38 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Matthew Harmsen
2016-06-29 15:58:10 UTC
Upstream ticket: https://fedorahosted.org/pki/ticket/2390 FROM https://bugzilla.redhat.com/show_bug.cgi?id=1351096 - - pki-server db-schema-upgrade fails to verify instance and subsystem: Abhijeet Kasurde 2016-06-29 04:55:52 EDT Description of problem: While providing invalid or non-existent instance id for command pki-server db-schema-upgrade, command fails to verify instance id and throws stack trace like # pki-server db-schema-upgrade -i nonexistent_instance -D "cn=Directory Manager" -w Secret123 Traceback (most recent call last): File "/usr/sbin/pki-server", line 107, in <module> cli.execute(sys.argv) File "/usr/sbin/pki-server", line 102, in execute super(PKIServerCLI, self).execute(args) File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 203, in execute module.execute(module_args) File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 203, in execute module.execute(module_args) File "/usr/lib/python2.7/site-packages/pki/server/cli/db.py", line 99, in execute self.update_schema(instance, bind_dn, bind_password) File "/usr/lib/python2.7/site-packages/pki/server/cli/db.py", line 108, in update_schema subsystem = instance.subsystems[0] IndexError: list index out of range Version-Release number of selected component (if applicable): pki-core-debuginfo-10.3.4-0.1.fc24.x86_64 How reproducible: 100% Steps to Reproduce: 1. Install PKI server packages 2. pki-server db-schema-upgrade -i nonexistent_instance -D "cn=Directory Manager" -w Secret123 Actual results: Stack trace as above Expected results: Error message stating about non-existent or invalid instance id. *** Bug 1351096 has been marked as a duplicate of this bug. *** FROM https://bugzilla.redhat.com/show_bug.cgi?id=1349769 - pki-server db-schema-upgrade shows "upgrade complete" message for wrong parameters. Amol K 2016-06-24 04:11:49 EDT Description of problem: pki-server db-schema-upgrade shows "Upgrade complete" message when specify wrong bind-dn and password. Version-Release number of selected component (if applicable): 10.3.2-4.el7 How reproducible: Always Steps to Reproduce: 1. pki-server db-schema-upgrade -i FoobarCA -D "cn=Directory" -w Secret123 2. pki-server db-schema-upgrade -i FoobarCA -D "cn=Directory manager" -w Secret123dsdf 3. Actual results: 1. Wrong bind-dn message. ldap_bind: No such object (32) ldapmodify returns 32: ---------------- Upgrade complete ---------------- 2. Wrong password message. ldap_bind: Invalid credentials (49) ldapmodify returns 49: ---------------- Upgrade complete ---------------- Expected results: 1. For wrong dn : It should throws error and exit with error return code. 2. For wrong password: It should throws error and exit with error return code. Additional info: It is good if it throws ldap error message in commands. *** Bug 1349769 has been marked as a duplicate of this bug. *** Description of problem:
pki-server kra-clone-prepare command throws exception when provided with invalid or non-existent instance id.
# pki-server kra-clone-prepare -i a --pkcs12-file /tmp/a.p12 --pkcs12-password Secret123 -v
Traceback (most recent call last):
File "/usr/sbin/pki-server", line 107, in <module>
cli.execute(sys.argv)
File "/usr/sbin/pki-server", line 102, in execute
super(PKIServerCLI, self).execute(args)
File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 203, in execute
module.execute(module_args)
File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 203, in execute
module.execute(module_args)
File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 203, in execute
module.execute(module_args)
File "/usr/lib/python2.7/site-packages/pki/server/cli/kra.py", line 145, in execute
subsystem.export_system_cert(
AttributeError: 'NoneType' object has no attribute 'export_system_cert'
Version-Release number of selected component (if applicable):
pki-core-debuginfo-10.3.4-0.1.fc24.x86_64
How reproducible:
100%
Steps to Reproduce:
1. Install PKI server packages
2. pki-server kra-clone-prepare -i a --pkcs12-file /tmp/a.p12 --pkcs12-password Secret123 -v
Actual results:
Stack trace as above
Expected results:
Error message stating about non-existent or invalid instance id.
Description of problem:
pki-server kra-db-vlv-del command throws exception when no instance id is provided.
# pki-server kra-db-vlv-del
Traceback (most recent call last):
File "/usr/sbin/pki-server", line 107, in <module>
cli.execute(sys.argv)
File "/usr/sbin/pki-server", line 102, in execute
super(PKIServerCLI, self).execute(args)
File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 203, in execute
module.execute(module_args)
File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 203, in execute
module.execute(module_args)
File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 203, in execute
module.execute(module_args)
File "/usr/lib/python2.7/site-packages/pki/cli/__init__.py", line 203, in execute
module.execute(module_args)
File "/usr/lib/python2.7/site-packages/pki/server/cli/kra.py", line 466, in execute
self.delete_vlv(instance, bind_dn, bind_password)
File "/usr/lib/python2.7/site-packages/pki/server/cli/kra.py", line 475, in delete_vlv
database = subsystem.config['internaldb.database']
AttributeError: 'NoneType' object has no attribute 'config'
Version-Release number of selected component (if applicable):
pki-core-debuginfo-10.3.4-0.1.fc24.x86_64
How reproducible:
100%
Steps to Reproduce:
1. Install PKI server packages
2. pki-server kra-db-vlv-del
Actual results:
Stack trace as above
Expected results:
Error message stating about no KRA subsystem.
Additional Info:
If you provide -v argument, then stack trace is hidden.
Fixed in master: * 097e116c8557e7bee170bc2764c2e000bd49d4c9 * 1913ff38f04dd27641f23cb76b13cb4806720946 * 99a93af1ca5cce26d625ce7cee07dab4a890f1be * 8e40b74dc5d314912c65722b4284cab0ffbffbcc * 943e8231fc77ed0ccb6ed34b71817a6d3927d3e5 Additional changes in master: * e81cf4e11ca86562b27548d469fa606a072da23b * a646c1b6e67a5c4d105208254fa3288cdbd86c6e * ab8655ca693ddf5afc0579db42cfbea61e8fee89 * eb0f8d0f1e9d396efb071c6432aa22ff0a39d613 * aef84ae829bf2645937363ee3e61f002c2682869 Following scenarios are working as expected with error messages instead of stack traces: pki-server db-schema-upgrade With invalid instance ID [root@qe-blade-03 ~]# pki-server db-schema-upgrade -i FoobarCA -D "cn=Directory Manager" -w Secret123 ERROR: Invalid instance FoobarCA. [root@qe-blade-03 ~]# ls /var/lib/pki/ pki-tomcat [root@qe-blade-03 ~]# With invalid credentials [root@qe-blade-03 ~]# pki-server db-schema-upgrade -i pki-tomcat -D "cn=Directory manager" -w Secret123dsdf ERROR: ldap_bind: Invalid credentials (49) [root@qe-blade-03 ~]# With invalid bindDN [root@qe-blade-03 ~]# pki-server db-schema-upgrade -i pki-tomcat -D "cn=Directory" -w Secret123 ERROR: ldap_bind: No such object (32) [root@qe-blade-03 ~]# With valid instance ID and credentials upgrade completes with relevant message [root@qe-blade-03 ~]# pki-server db-schema-upgrade -i pki-tomcat -D "cn=Directory Manager" -w Secret123 ---------------- Upgrade complete ---------------- Run kra-db-vlv-del for default tomcat instance when KRA is not installed [root@qe-blade-03 ~]# pki-server kra-db-vlv-del ERROR: No KRA subsystem in instance pki-tomcat. [root@qe-blade-03 ~]# With invalid instance ID [root@qe-blade-03 ~]# pki-server kra-clone-prepare -i a --pkcs12-file /tmp/a.p12 --pkcs12-password Secret123 -v ERROR: Invalid instance a. [root@qe-blade-03 ~]# Tested above cases with following packages: pki-base.noarch 10.3.3-5.el7 pki-base-java.noarch 10.3.3-5.el7 pki-ca.noarch 10.3.3-5.el7 pki-console.noarch 10.3.3-1.el7pki pki-core-debuginfo.x86_6410.3.3-5.el7pki pki-javadoc.noarch 10.3.3-5.el7 pki-kra.noarch 10.3.3-5.el7 pki-ocsp.noarch 10.3.3-5.el7pki pki-server.noarch 10.3.3-5.el7 pki-symkey.x86_64 10.3.3-5.el7 pki-tks.noarch 10.3.3-5.el7pki pki-tools.x86_64 10.3.3-5.el7 pki-tps.x86_64 10.3.3-5.el7pki Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2396.html |