Bug 959999

Summary: Corrupted custom krb5.conf file used by adcli
Product: [Fedora] Fedora Reporter: David Spurek <dspurek>
Component: realmdAssignee: Stef Walter <stefw>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 19CC: dspurek, ebenes, jhrozek, pkis, stefw, yaneti, yelley
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: adcli-0.7-1.fc19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-13 15:09:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 959458    

Description David Spurek 2013-05-06 11:48:53 UTC
Description of problem:
Join the domain, but instead of specifying the domain name, specify the server host name. This test case not works. 

More informations you can find here:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.realm join --user=Administrator <server host name>
Actual results:

Expected results:

Additional info:
host -t SRV _ldap._tcp.security.baseos.qe
_ldap._tcp.security.baseos.qe has SRV record 0 100 389 dc.security.baseos.qe.

realm join -v -U Amy dc.security.baseos.qe
 * Resolving: _ldap._tcp.dc._msdcs.dc.security.baseos.qe
 * Resolving: _ldap._tcp.dc.security.baseos.qe
 * Resolving: dc.security.baseos.qe
 * Sending MS-CLDAP ping to:
 * Performing LDAP DSE lookup on:
 * Successfully discovered: security.baseos.qe
Password for Amy: 
 * Required files: /usr/sbin/sss_cache, /usr/sbin/sssd, /usr/sbin/adcli
 * LANG=C /usr/sbin/adcli join --verbose --domain security.baseos.qe --domain-realm SECURITY.BASEOS.QE --domain-controller dc.security.baseos.qe --login-type user --login-user Amy --stdin-password
 * Using domain name: security.baseos.qe
 * Calculated computer account name from fqdn: CLIENT
 * Using domain realm: security.baseos.qe
 * Sending cldap pings to domain controller: dc.security.baseos.qe
 * Received NetLogon info from: DC.security.baseos.qe
 * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-cQKlym/krb5.d/adcli-krb5-conf-Umffqe
 ! Failed to create kerberos context: Improper format of Kerberos configuration file
adcli: couldn't connect to security.baseos.qe domain: Failed to create kerberos context: Improper format of Kerberos configuration file
 ! Internal unexpected error joining the domain
realm: Couldn't join realm: Internal unexpected error joining the domain

Comment 1 Stef Walter 2013-05-06 11:50:53 UTC
This should be fixed by git commit '00e99ec714bba89c2c484fd90c12de600b7c0de0' in adcli.

Comment 2 Stef Walter 2013-05-06 12:15:48 UTC
There's a use-after-free memory corruption issue that causes adcli to write out invalid memory to its own temporary custom krb5.conf file.

Comment 3 Fedora Update System 2013-05-06 19:08:27 UTC
adcli-0.7-1.fc19 has been submitted as an update for Fedora 19.

Comment 4 Fedora Update System 2013-05-07 20:45:40 UTC
Package adcli-0.7-1.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing adcli-0.7-1.fc19'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 5 Stef Walter 2013-05-13 15:09:48 UTC
This will be in fixed in Fedora 19 after this update: https://admin.fedoraproject.org/updates/FEDORA-2013-7599/adcli-0.7-1.fc19

Comment 6 Fedora Update System 2013-05-14 04:39:21 UTC
adcli-0.7-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.