Bug 1274150 - krb5_init_context failed with -1429577697
krb5_init_context failed with -1429577697
Product: Fedora
Classification: Fedora
Component: krb5 (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Robbie Harwood
Fedora Extras Quality Assurance
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2015-10-22 02:08 EDT by Lukas Slebodnik
Modified: 2015-10-23 03:56 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-10-23 03:56:30 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lukas Slebodnik 2015-10-22 02:08:06 EDT
Description of problem:
We have few unit tests in sssd related to krb5 behaviour and they are failing with the latest release.

e.g. test_copy_ccache
(gdb) bt
#0  setup_ccache (state=0x60be00) at /home/build/sssd/src/tests/cmocka/test_copy_ccache.c:64
#1  0x00007ffff79d0712 in cmocka_run_one_test_or_fixture () from /lib64/libcmocka.so.0
#2  0x00007ffff79d0d5e in _cmocka_run_group_tests () from /lib64/libcmocka.so.0
#3  0x0000000000402df4 in main (argc=1, argv=<optimized out>) at /home/build/sssd/src/tests/cmocka/test_copy_ccache.c:237
(gdb) l 64
60          test_ctx = talloc_zero(global_talloc_context, struct ccache_test_ctx);
61          assert_non_null(test_ctx);
63          kerr = krb5_init_context(&test_ctx->kctx);
64          assert_int_equal(kerr, 0);
66          addr.magic = KV5M_ADDRESS;
67          addr.addrtype = ADDRTYPE_INET;
68          addr.length = 4;
(gdb) p kerr
$3 = -1429577697 

Version-Release number of selected component (if applicable):
$ rpm -qa | grep krb5-

How reproducible:

Steps to Reproduce:
1. try to initialize krb5 contest with function rkrb5_init_context()

Actual results:
return code -1429577697

Expected results:
return code 0

Additional info:
It is caused by broken symbolic link provided by krb5-libs

[build@host ~]$ file /etc/krb5.conf.d/crypto-policies 
/etc/krb5.conf.d/crypto-policies: broken symbolic link to /etc/crypto-policies/back-ends/krb5.conf
[build@host ~]$ rpm -qf /etc/krb5.conf.d/crypto-policies

BTW. The symbolic link refers to file(/etc/crypto-policies/back-ends/krb5.conf) which is not provided by any package.

[root@host build]# dnf provides */back-ends/krb5.conf
Fedora - Rawhide - Developmental packages for the next Fedora release                                                                                      50 MB/s |  44 MB     00:00    
Last metadata expiration check performed 0:00:25 ago on Thu Oct 22 06:00:45 2015.
Error: No Matches found

[build@733d9bcc150c ~]$ rpm -q crypto-policies
[build@733d9bcc150c ~]$ rpm -ql crypto-policies | grep krb

IMHO, if crypto policies want to ship krb5 configuration snippet then it can
store it directly in /etc/krb5.conf.d/. But krb5-libs
Comment 1 Robbie Harwood 2015-10-22 10:00:51 EDT
Nikos, this is the symlink you mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1225792 ; what am I missing here?
Comment 2 Nikos Mavrogiannopoulos 2015-10-22 10:14:31 EDT
 The file is autogenerated and thus not owned, and its location is:

(there is a typo in the symlink which uses .conf)
Comment 3 Nalin Dahyabhai 2015-10-22 10:18:43 EDT
That PROF_FAIL_INCLUDE_FILE error suggests that the library wasn't able to open an "include"d file.
Comment 4 Robbie Harwood 2015-10-22 10:43:42 EDT
Thanks Nikos, I'll have this fixed presently.
Comment 5 Robbie Harwood 2015-10-22 12:47:20 EDT

Thanks for your patience
Comment 6 Lukas Slebodnik 2015-10-23 02:16:15 EDT
Thank you very much for fast workaround in rawhide.

However the same problem can occur in future.

[user@host][~]$ls -l /etc/krb5.conf.d/
total 0
lrwxrwxrwx. 1 root root 13 Oct 23 08:11 asdasdasdasd -> /asdasdasdasd

klist: Included profile file could not be read while initializing krb5

I'm able to reproduce it also on fedora 23 and the same bug can be also in older versions of fedora.
Comment 7 Alexander Bokovoy 2015-10-23 03:45:48 EDT
For solving profile issue Robbie created a separate bug #1274424.
Comment 8 Lukas Slebodnik 2015-10-23 03:56:30 EDT
(In reply to Alexander Bokovoy from comment #7)
> For solving profile issue Robbie created a separate bug #1274424.


Note You need to log in before you can comment on or make changes to this bug.