Bug 1993463

upstream trunk is broken as well, even on rawhide.

This is a bit awkward since resolv_wrapper isn't packaged for RHEL, so rather than reassign I'm going to mark this as blocked on the Fedora ticket.

I tried to reproduce this error on RHEL-9.1.0-20220424.2 with:
* krb5-1.19.1-18
* resolv_wrapper-1.1.7-4.fc36

# PYTHONPATH=/root/rpmbuild/BUILD/krb5-1.19.1/src/util /usr/bin/python3 ./t_discover_uri.py -v
*** [1] Executing: ./t_locate_kdc TEST
in module_locate_server
element 0 is 0x7fbd56369cc0
plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)
ran off end of plugin list
looking in krb5.conf for realm TEST entry kdc; ports 88,0
config file lookup failed: Profile relation not found
7 servers:
0: h:kdc1 t:https p:443 m:0 P:
1: h:kdc2 t:https p:443 m:1 P:path
2: h:kdc3 t:https p:300 m:0 P:path
3: h:KDC4 t:udp p:88 m:1 P:
4: h:kdc5 t:tcp p:500 m:0 P:
5: h:192.168.1.6 t:tcp p:88 m:0 P:
6: h:dead:beef:cafe:7 t:tcp p:700 m:0 P:
*** [1] Completed with return code 0
*** Failure: URI answers do not match
*** Last command (#1): ./t_locate_kdc TEST
*** Output of last command:
in module_locate_server
element 0 is 0x7fbd56369cc0
plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)
ran off end of plugin list
looking in krb5.conf for realm TEST entry kdc; ports 88,0
config file lookup failed: Profile relation not found
7 servers:
0: h:kdc1 t:https p:443 m:0 P:
1: h:kdc2 t:https p:443 m:1 P:path
2: h:kdc3 t:https p:300 m:0 P:path
3: h:KDC4 t:udp p:88 m:1 P:
4: h:kdc5 t:tcp p:500 m:0 P:
5: h:192.168.1.6 t:tcp p:88 m:0 P:
6: h:dead:beef:cafe:7 t:tcp p:700 m:0 P:
Use --debug=NUM to run a command under a debugger.  Use
--stop-after=NUM to stop after a daemon is started in order to
attach to it with a debugger.  Use --help to see other
options.

Filip, do you think this error is still related to resolv_wrapper?

Looking at this code from t_discover_uri.py[1], we see the error is caused by a mismatch between the expected and actual outputs:

===
j = 0
for i in range(4, 12):
    if l[i].strip() != expected[j]:
        fail('URI answers do not match')
    j += 1
===

Lines are compared one buy one, but skipping the 4 first lines are skipped. This is because these lines are log messages. However, we have 6 lines:

===
in module_locate_server
element 0 is 0x7fbd56369cc0
plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)
ran off end of plugin list
looking in krb5.conf for realm TEST entry kdc; ports 88,0
config file lookup failed: Profile relation not found
===

Actually, this is because the default "service_locator" plugin is not the only one being, as it should be. The SSSD one is tried first:

/usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so provided by sssd-client

However, this plugin ignores some parts of the custom environment that is being setup for this test, including the TEST realm which is unknown to SSSD. Hence the get_krb5info() call[2] fails for this realm, resulting in 2 extra lines of error logs.

After uninstalling sssd-client, we obtain the 4 expected heading log lines, and the test succeed:

===
in module_locate_server
ran off end of plugin list
looking in krb5.conf for realm TEST entry kdc; ports 88,0
config file lookup failed: Profile relation not found
===

I think we are 2 options here:
* Modify t_discover_uri.py to start comparison at the 7th line
* Make sure sssd-client is not installed on the test host


[1] https://github.com/krb5/krb5/blob/krb5-1.19.1-final/src/lib/krb5/os/t_discover_uri.py
[2] https://github.com/SSSD/sssd/blob/2.6.2/src/krb5_plugin/sssd_krb5_locator_plugin.c#L493