Bug 573922

Summary:	voms-proxy-init does not work reliably
Product:	[Fedora] Fedora	Reporter:	Lev Shamardin <shamardin>
Component:	voms	Assignee:	Mattias Ellert <mattias.ellert>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	urgent	Docs Contact:
Priority:	low
Version:	12	CC:	mattias.ellert
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	voms-1.9.16.1-1.fc13	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2010-04-03 04:37:22 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Lev Shamardin 2010-03-16 07:50:44 UTC

Description of problem:
With voms-clients on Fedora 12 and on sometimes on CentOS 5 I observe the following strange behavior:

[shamardin@abbot ~]$ voms-proxy-init -debug -rfc  -voms dteam
Detected Globus version: 22
PCI extension info: 
 Path length: -1
 Policy language not specified.
 Policy file not specified.
Number of bits in key :1024
Loading configuration file /home/shamardin/.voms/vomses
Loading configuration file /etc/vomses
Files being used:
 CA certificate file: none
 Trusted certificates directory : /etc/grid-security/certificates
 Proxy certificate file : /tmp/x509up_u500
 User certificate file: /home/shamardin/.globus/usercert.pem
 User key file: /home/shamardin/.globus/userkey.pem
Output to /tmp/x509up_u500
Enter GRID pass phrase:
Your identity: /C=RU/O=RDIG/OU=users/OU=sinp.msu.ru/CN=Lev Shamardin
Using configuration file /home/shamardin/.voms/vomses
Using configuration file /etc/vomses
Loading configuration file /home/shamardin/.voms/vomses
Loading configuration file /etc/vomses
Creating temporary proxy to /tmp/tmp_x509up_u500_29500 ........++++++
........++++++
No policy language specified, Gsi impersonation proxy assumed.
 Done
Contacting  voms114.cern.ch:15004 [/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch] "dteam" Done
Creating proxy to /tmp/x509up_u500 ..........................++++++
.++++++
error:22097088:X509 V3 routines:DO_EXT_NCONF:no config database:v3_conf.c:156
error:80065414:lib(128):proxy_sign:problem adding CLASS_ADD Extension:vomsclient.cc:1210
ERROR: 
[shamardin@abbot ~]$ grep dteam /etc/vomses
"dteam" "voms114.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "dteam" 

Or even this:

[shamardin@abbot ~]$ voms-proxy-init -debug -rfc  -voms dteam
Detected Globus version: 22
PCI extension info: 
 Path length: -1
 Policy language not specified.
 Policy file not specified.
Number of bits in key :1024
Loading configuration file /home/shamardin/.voms/vomses
Loading configuration file /etc/vomses
Files being used:
 CA certificate file: none
 Trusted certificates directory : /etc/grid-security/certificates
 Proxy certificate file : /tmp/x509up_u500
 User certificate file: /home/shamardin/.globus/usercert.pem
 User key file: /home/shamardin/.globus/userkey.pem
Output to /tmp/x509up_u500
Enter GRID pass phrase:
Your identity: /C=RU/O=RDIG/OU=users/OU=sinp.msu.ru/CN=Lev Shamardin
Using configuration file /home/shamardin/.voms/vomses
Using configuration file /etc/vomses
Loading configuration file /home/shamardin/.voms/vomses
Loading configuration file /etc/vomses
Creating temporary proxy to /tmp/tmp_x509up_u500_29601 ................++++++
..............++++++
No policy language specified, Gsi impersonation proxy assumed.
 Done
Contacting  voms114.cern.ch:15004 [/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch] "dteam" Done
Creating proxy to /tmp/x509up_u500 .....................................................................++++++
...........++++++
 Done
Your proxy is valid until Tue Mar 16 22:46:26 2010
Error: verify failed.
Cannot verify AC signature!

These errors are not always reproducible, sometimes you need to run voms-proxy-init several times to cath those (especially the DO_EXT_NCONF one).

Version-Release number of selected component (if applicable):
voms-clients-1.9.14.3-1.fc12.i686
voms-1.9.14.3-1.fc12.i686
openssl-1.0.0-0.13.beta4.fc12.i686

How reproducible:
Always, but you may need to give it a few tries.

Steps to Reproduce:
1. run voms-proxy-init -rfc -voms something

Sometimes you can trigger this more quickly running first:
1. voms-proxy-init -rfc
and then:
2. voms-proxy-init -rfc -noregen -voms something
  
Actual results:
no proxy

Expected results:
working proxy with voms AC.

Additional info:
glite-security-voms-clients-1.8.12-1.sl5.x86_64 does not have this problem.

Comment 1 Mattias Ellert 2010-03-20 14:45:24 UTC

After some debugging the problem has been identified to be due to an uninitialized variable in the voms-proxy-init source file. A patch has been created and a new version will be built shortly.

Comment 2 Fedora Update System 2010-03-20 15:30:22 UTC

voms-1.9.16.1-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.el5

Comment 3 Fedora Update System 2010-03-20 15:30:27 UTC

voms-1.9.16.1-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc13

Comment 4 Fedora Update System 2010-03-20 15:30:32 UTC

voms-1.9.16.1-1.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.el4

Comment 5 Fedora Update System 2010-03-20 15:30:37 UTC

voms-1.9.16.1-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc12

Comment 6 Fedora Update System 2010-03-20 15:30:43 UTC

voms-1.9.16.1-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc11

Comment 7 Fedora Update System 2010-03-23 01:58:58 UTC

voms-1.9.16.1-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update voms'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc12

Comment 8 Fedora Update System 2010-03-23 02:10:31 UTC

voms-1.9.16.1-1.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update voms'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc11

Comment 9 Fedora Update System 2010-03-23 02:20:43 UTC

voms-1.9.16.1-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update voms'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc13

Comment 10 Fedora Update System 2010-03-24 17:59:43 UTC

voms-1.9.16.1-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update voms'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.el5

Comment 11 Fedora Update System 2010-03-24 18:00:27 UTC

voms-1.9.16.1-1.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update voms'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.el4

Comment 12 Fedora Update System 2010-04-03 04:37:17 UTC

voms-1.9.16.1-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2010-04-03 04:49:48 UTC

voms-1.9.16.1-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2010-04-07 22:16:46 UTC

voms-1.9.16.1-1.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2010-04-07 22:17:22 UTC

voms-1.9.16.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2010-04-09 03:50:43 UTC

voms-1.9.16.1-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.