Bug 1314877 - Segfault during ipa client install for 7.2 client with 6.8 IPA Server
Segfault during ipa client install for 7.2 client with 6.8 IPA Server
Status: CLOSED DUPLICATE of bug 1311559
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity high
: rc
: ---
Assigned To: Christian Heimes
Kaleem
Aneta Šteflová Petrová
: Regression, TestBlocker
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-04 13:06 EST by Kaleem
Modified: 2016-03-08 07:20 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
Enrolling a Red Hat Enterprise Linux 7.2 IdM client with a Red Hat Enterprise Linux 6.8 server fails A segmentation fault prevents an Identity Management (IdM) client based on Red Hat Enterprise Linux 7.2 to be successfully enrolled with an IdM server running Red Hat Enterprise Linux 6.8. The segmentation fault occurs after the user runs the ipa-client-install utility and causes the client installation process to fail. No workaround is currently available.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-08 07:20:52 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
mail text received for segfault seen (52.55 KB, text/plain)
2016-03-04 13:06 EST, Kaleem
no flags Details

  None (edit)
Description Kaleem 2016-03-04 13:06:05 EST
Created attachment 1133230 [details]
mail text received for segfault seen

Description of problem:

This segfault observed when we tried to install a 7.2.update2 IPA client to 6.8 IPA server.

Version-Release number of selected component (if applicable):
6.8 IPA:
========
[root@auto-hv-02-guest02 ~]# rpm -q ipa-server
ipa-server-3.0.0-50.el6.x86_64
[root@auto-hv-02-guest02 ~]# 

7.2 IPA:
========
[root@hp-dl380pgen8-02-vm-8 ~]# rpm -q ipa-client
ipa-client-4.2.0-15.el7_2.6.x86_64
[root@hp-dl380pgen8-02-vm-8 ~]# 

How reproducible:
Always

Steps to Reproduce:
1. Install 7.2 IPA client with 6.8 IPA Server.

Actual results:
Segfault seen during ipa-join and client install fails.

Expected results:
No segfault and client install should be successful.


Additional info:
(1) Please find the attached segfault info
Comment 1 Petr Vobornik 2016-03-04 13:13:59 EST
Kaleem what is the version of nss?

I wonder if it is bug 1312449
Comment 2 Kaleem 2016-03-04 13:15:13 EST
[root@hp-dl380pgen8-02-vm-8 ~]# rpm -q nss
nss-3.21.0-1.el7_2.x86_64
[root@hp-dl380pgen8-02-vm-8 ~]#
Comment 8 Christian Heimes 2016-03-07 09:20:56 EST
Kai, can you have a look? Petr thinks this looks like BZ #1312449. The segfault occurs in ssl3_InitHandshakeHashes(). The system has nss-3.21.0-1.el7_2.x86_64.
Comment 10 Christian Heimes 2016-03-07 10:51:24 EST
I'm getting a segfault for TLS/SSL handshake in libldap and NSS:

(gdb) run /usr/sbin/ipa-client-install
Starting program: /usr/bin/python /usr/sbin/ipa-client-install
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 583.
Detaching after fork from child process 585.
Detaching after fork from child process 586.
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Using existing certificate '/etc/ipa/ca.crt'.

Program received signal SIGSEGV, Segmentation fault.
0x00007fffeb57d5ff in ssl3_InitHandshakeHashes () from /lib64/libssl3.so

(gdb) bt
#0  0x00007fffeb57d5ff in ssl3_InitHandshakeHashes () from /lib64/libssl3.so
#1  0x00007fffeb588292 in ssl3_HandleHandshakeMessage () from /lib64/libssl3.so
#2  0x00007fffeb58b091 in ssl3_HandleRecord () from /lib64/libssl3.so
#3  0x00007fffeb58c4e2 in ssl3_GatherCompleteHandshake () from /lib64/libssl3.so
#4  0x00007fffeb58d2c5 in ssl_GatherRecord1stHandshake () from /lib64/libssl3.so
#5  0x00007fffeb595a65 in ssl_Do1stHandshake () from /lib64/libssl3.so
#6  0x00007fffeb596067 in SSL_ForceHandshake () from /lib64/libssl3.so
#7  0x00007fffe98d39d6 in tlsm_session_accept_or_connect () from /lib64/libldap_r-2.4.so.2
#8  0x00007fffe98cfd35 in ldap_int_tls_connect.isra.2 () from /lib64/libldap_r-2.4.so.2
#9  0x00007fffe98d05b8 in ldap_int_tls_start () from /lib64/libldap_r-2.4.so.2
#10 0x00007fffe98d09b1 in ldap_start_tls_s () from /lib64/libldap_r-2.4.so.2
#11 0x00007fffe9af61ff in l_ldap_start_tls_s (self=0x15d6648, args=<optimized out>) at Modules/LDAPObject.c:1164
#12 0x00007ffff7af6702 in ext_do_call (nk=<optimized out>, na=<optimized out>, flags=<optimized out>, pp_stack=0x7fffffffcc20, 
    func=<built-in method start_tls_s of LDAP object at remote 0x15d6648>) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4408
#13 PyEval_EvalFrameEx (
    f=f@entry=Frame 0x163f660, for file /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 99, in _ldap_call (self=<SimpleLDAPObject(_ldap_object_lock=<LDAPLock(_lock=<thread.lock at remote 0x15d71f0>, _desc='opcall within <ldap.ldapobject.SimpleLDAPObject instance at 0x15eb758>') at remote 0x15ebab8>, _l=<LDAP at remote 0x15d6648>, _trace_stack_limit=None, timeout=-1, _uri='ldap://auto-hv-02-guest02.testrelm.test:389', _trace_file=<file at remote 0x7ffff7fc4150>, _trace_level=0) at remote 0x15eb758>, func=<built-in method start_tls_s of LDAP object at remote 0x15d6648>, args=(), kwargs={}, diagnostic_message_success=None), 
    throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:2779
#14 0x00007ffff7af71ed in PyEval_EvalCodeEx (co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=<optimized out>, argcount=argcount@entry=2, 
    kws=0x1642ad0, kwcount=0, defs=0x0, defcount=0, closure=closure@entry=0x0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:3330
#15 0x00007ffff7af589f in fast_function (nk=<optimized out>, na=2, n=2, pp_stack=0x7fffffffce20, func=<function at remote 0xc7a398>)
    at /usr/src/debug/Python-2.7.5/Python/ceval.c:4194
#16 call_function (oparg=<optimized out>, pp_stack=0x7fffffffce20) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4119
#17 PyEval_EvalFrameEx (
    f=f@entry=Frame 0x1642940, for file /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 564, in start_tls_s (self=<SimpleLDAPObject(_ldap_object_lock=<LDAPLock(_lock=<thread.lock at remote 0x15d71f0>, _desc='opcall within <ldap.ldapobject.SimpleLDAPObject instance at 0x15eb758>') at remote 0x15ebab8>, _l=<LDAP at remote 0x15d6648>, _trace_stack_limit=None, timeout=-1, _uri='ldap://auto-hv-02-guest02.testrelm.test:389', _trace_file=<file at remote 0x7ffff7fc4150>, _trace_level=0) at remote 0x15eb758>), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:2740
#18 0x00007ffff7af5990 in fast_function (nk=<optimized out>, na=1, n=1, pp_stack=0x7fffffffcf80, func=<function at remote 0xc7b9b0>)
    at /usr/src/debug/Python-2.7.5/Python/ceval.c:4184
#19 call_function (oparg=<optimized out>, pp_stack=0x7fffffffcf80) at /usr/src/debug/Python-2.7.5/Python/ceval.c:4119
#20 PyEval_EvalFrameEx (
    f=f@entry=Frame 0x1636880, for file /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line 1571, in __init__ (self=<IPAdmin(_schema=None, cacert='/etc/ipa/ca.crt', warning=<instancemethod at remote 0x1296af0>, port=389, _conn=<SimpleLDAPObject(_ldap_object_lock=<LDAPLock(_lock=<thread.lock at remote 0x15d71f0>, _desc='opcall within <ldap.ldapobject.SimpleLDAPObject instance at 0x15eb758>') at remote 0x15ebab8>, _l=<LDAP at remote 0x15d6648>, _trace_stack_limit=None, timeout=-1, _uri='ldap://auto-hv-02-guest02.testrelm.test:389', _trace_file=<file at remote 0x7ffff7fc4150>, _trace_level=0) at remote 0x15eb758>, realm=None, __log_manager=<IPALogManager(loggers={'ipa.ipaplatform.base.tasks': <Logger(name='ipa.ipaplatform.base.tasks', parent=<Logger(name='ipa', parent=<RootLogger(name='root', parent=None, handlers=[], level=30, disabled=0, propagate=1, filters=[]) at remote 0xa1be90>, handlers=[<FileHandler(stream=<file at remote 0x156cae0>, level=10, lock=<_RLock(_Verbose__verbose=False, _RLock__owner=None, _RLock__b...(truncated), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.5/Python/ceval.c:2740


I've tcpdumped port 389 and analyzed the traffic with wireshark. The client does a proper START TLS and requests TLSv1.2. The server replies with a TLSv1.2 ServerHello, Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f). The connection breaks down after ServerHelloDone.
Comment 11 Kai Engert (:kaie) 2016-03-08 06:44:44 EST
This was a known broken build, which I believe, was never shipped to customers.


Please tell me, 

(a) from where did you get nss-3.21.0-1.el7_2 ?

(b) does downgrading to nss-3.19.1-19.el7_2 fixes the bug for you ?

If (b) fixes it for you, then this is a duplicate of bug 1311559

Note You need to log in before you can comment on or make changes to this bug.