Bug 1464381

Summary: The test for fallback realm for GSSAPI ccache selection is failing
Product: [Fedora] Fedora Reporter: Patrik Kis <pkis>
Component: krb5Assignee: Robbie Harwood <rharwood>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 26CC: abokovoy, j, mrogers, nalin, npmccallum, rharwood
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: krb5-1.15.1-13.fc27 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-26 20:37:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Patrik Kis 2017-06-23 09:55:12 UTC 
Description of problem:

The commit pulled from http://krbdev.mit.edu/rt/Ticket/Display.html?id=8549 seems have a fix and also a test for it. It was added to F25 and F26 in Use-fallback-realm-for-GSSAPI-ccache-selection.patch.

The issue is that the the test t_ccselect.py is failing the the new part. I'm not sure if the issue is in the test or fix as the upstream ticket is not reviewed yet.

Version-Release number of selected component (if applicable):
krb5-1.14.4-7.fc25
krb5-1.15.1-8.fc26

How reproducible:
always

Steps to Reproduce:

# PYTHONPATH=../../util VALGRIND="" python ./t_ccselect.py -v
*** [1] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/dbutil/kdb5_util create -W -s -P master
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'KRBTEST.COM',
master key name 'K/M'
*** [1] Completed with return code 0
*** [2] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local addprinc -randkey host/qeos-100.lab.eng.rdu2.redhat.com
*** [2] Completed with return code 0
*** [3] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local ktadd -k /root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/keytab -norandkey host/qeos-100.lab.eng.rdu2.redhat.com
Entry for principal host/qeos-100.lab.eng.rdu2.redhat.com with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/keytab.
Entry for principal host/qeos-100.lab.eng.rdu2.redhat.com with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/keytab.
*** [3] Completed with return code 0
*** [4] Starting: /root/rpmbuild/BUILD/krb5-1.15.1/src/kdc/krb5kdc -n
krb5kdc: starting...
*** [4] Started with pid 28906
*** [5] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/dbutil/kdb5_util create -W -s -P master
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'KRBTEST2.COM',
master key name 'K/M'
*** [5] Completed with return code 0
*** [6] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local addprinc -randkey host/qeos-100.lab.eng.rdu2.redhat.com
*** [6] Completed with return code 0
*** [7] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local ktadd -k /root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/r2/keytab -norandkey host/qeos-100.lab.eng.rdu2.redhat.com
Entry for principal host/qeos-100.lab.eng.rdu2.redhat.com with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/r2/keytab.
Entry for principal host/qeos-100.lab.eng.rdu2.redhat.com with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/r2/keytab.
*** [7] Completed with return code 0
*** [8] Starting: /root/rpmbuild/BUILD/krb5-1.15.1/src/kdc/krb5kdc -n
krb5kdc: starting...
*** [8] Started with pid 28910
*** [9] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com -
gss_acquire_cred: Unspecified GSS failure.  Minor code may provide more information
gss_acquire_cred: No Kerberos credentials available (default cache: /root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/ccache)
*** [9] Completed with return code 1
*** [10] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local addprinc -pw alice28902 alice
*** [10] Completed with return code 0
*** [11] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local addprinc -pw bob28902 bob
*** [11] Completed with return code 0
*** [12] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local addprinc -pw zaphod28902 zaphod
*** [12] Completed with return code 0
*** [13] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local addprinc -randkey host/localhost
*** [13] Completed with return code 0
*** [14] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local addprinc -randkey host/localhost
*** [14] Completed with return code 0
*** [15] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local addprinc -randkey host/foo.krbtest.com
*** [15] Completed with return code 0
*** [16] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local addprinc -randkey host/foo.krbtest2.com
*** [16] Completed with return code 0
*** [17] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local ktadd -k /root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/keytab -norandkey host/localhost
Entry for principal host/localhost with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/keytab.
Entry for principal host/localhost with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/keytab.
*** [17] Completed with return code 0
*** [18] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local ktadd -k /root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/r2/keytab -norandkey host/localhost
Entry for principal host/localhost with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/r2/keytab.
Entry for principal host/localhost with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/r2/keytab.
*** [18] Completed with return code 0
*** [19] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local ktadd -k /root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/keytab -norandkey host/foo.krbtest.com
Entry for principal host/foo.krbtest.com with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/keytab.
Entry for principal host/foo.krbtest.com with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/keytab.
*** [19] Completed with return code 0
*** [20] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/kadmin/cli/kadmin.local ktadd -k /root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/r2/keytab -norandkey host/foo.krbtest2.com
Entry for principal host/foo.krbtest2.com with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/r2/keytab.
Entry for principal host/foo.krbtest2.com with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/root/rpmbuild/BUILD/krb5-1.15.1/src/tests/gssapi/testdir/r2/keytab.
*** [20] Completed with return code 0
*** [21] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/clients/kinit/kinit alice
Password for alice: 
*** [21] Completed with return code 0
*** [22] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/clients/kinit/kinit zaphod
Password for zaphod: 
*** [22] Completed with return code 0
*** [23] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com p:alice
alice
*** [23] Completed with return code 0
*** [24] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com p:zaphod
zaphod
*** [24] Completed with return code 0
*** [25] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com
alice
*** [25] Completed with return code 0
*** [26] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com -
alice
*** [26] Completed with return code 0
*** [27] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com
zaphod
*** [27] Completed with return code 0
*** [28] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com -
zaphod
*** [28] Completed with return code 0
*** [29] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com@
zaphod
*** [29] Completed with return code 0
*** [30] Executing: ./t_ccselect h:host.com
gss_init_sec_context: Unspecified GSS failure.  Minor code may provide more information
gss_init_sec_context: Cannot find KDC for realm "KRBTEST2.COM"
*** [30] Completed with return code 1
*** [31] Executing: ./t_ccselect h:host.com
alice
*** [31] Completed with return code 0
*** [32] Executing: ./t_ccselect h:host.com
zaphod
*** [32] Completed with return code 0
*** [33] Executing: ./t_ccselect h:host@localhost
alice
*** [33] Completed with return code 0
*** [34] Executing: ./t_ccselect h:host@localhost
zaphod
*** [34] Completed with return code 0
*** [35] Executing: /root/rpmbuild/BUILD/krb5-1.15.1/src/clients/kinit/kinit bob
Password for bob: 
*** [35] Completed with return code 0
*** [36] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com
alice
*** [36] Completed with return code 0
*** [37] Executing: ./t_ccselect h:host@localhost
zaphod
*** [37] Completed with return code 0
*** [38] Executing: ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com@
bob
*** [38] Completed with return code 0
*** Failure: Expected error not seen when k5identity selects bad principal.
*** Last command (#38): ./t_ccselect p:host/qeos-100.lab.eng.rdu2.redhat.com@
*** Output of last command:
bob

Use --debug=NUM to run a command under a debugger.  Use
--stop-after=NUM to stop after a daemon is started in order to
attach to it with a debugger.  Use --help to see other options.
Comment 1 Robbie Harwood 2017-06-23 14:56:40 UTC 
(In reply to Patrik Kis from comment #0)
> Description of problem:
> 
> The commit pulled from http://krbdev.mit.edu/rt/Ticket/Display.html?id=8549
> seems have a fix and also a test for it. It was added to F25 and F26 in
> Use-fallback-realm-for-GSSAPI-ccache-selection.patch.
> 
> The issue is that the the test t_ccselect.py is failing the the new part.
> I'm not sure if the issue is in the test or fix as the upstream ticket is
> not reviewed yet.

That ticket is actually tied to PR#606, which has merged: https://github.com/krb5/krb5/pull/606  (Upstream's ticketing doesn't have a notion of review-before-commit, so "reviewed" on RT means "merged upstream", basically.)

I will look into what broke here.
Comment 2 Patrik Kis 2017-06-26 12:58:56 UTC 
(In reply to Robbie Harwood from comment #1)
> (In reply to Patrik Kis from comment #0)
> > Description of problem:
> > 
> > The commit pulled from http://krbdev.mit.edu/rt/Ticket/Display.html?id=8549
> > seems have a fix and also a test for it. It was added to F25 and F26 in
> > Use-fallback-realm-for-GSSAPI-ccache-selection.patch.
> > 
> > The issue is that the the test t_ccselect.py is failing the the new part.
> > I'm not sure if the issue is in the test or fix as the upstream ticket is
> > not reviewed yet.
> 
> That ticket is actually tied to PR#606, which has merged:
> https://github.com/krb5/krb5/pull/606  (Upstream's ticketing doesn't have a
> notion of review-before-commit, so "reviewed" on RT means "merged upstream",
> basically.)
> 
I didn't know that.

> I will look into what broke here.

Thank you.
Comment 3 Robbie Harwood 2017-06-26 20:37:10 UTC 
This is just test suite breakage, fortunately.

Due to #1464381, I have had to disable running tests on ppc64le for the time being.  (Unrelated to this, just poorly timed.)
Comment 4 Patrik Kis 2017-06-29 07:49:47 UTC 
Thanks for the investigation.