RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1454559 - python-sssdconfig doesn't parse hexadecimal debug_level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError
Summary: python-sssdconfig doesn't parse hexadecimal debug_level, resulting in set_opt...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Amith
URL: http://faf.lab.eng.brq.redhat.com/faf...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-23 04:16 UTC by Steeve Goveas
Modified: 2020-05-02 18:42 UTC (History)
9 users (show)

Fixed In Version: sssd-1.16.0-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-10 17:11:33 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 4437 0 None None None 2020-05-02 18:42:04 UTC
Red Hat Product Errata RHEA-2018:0929 0 None None None 2018-04-10 17:12:38 UTC

Description Steeve Goveas 2017-05-23 04:16:08 UTC 
This bug has been created based on an anonymous crash report requested by the package maintainer.

Report URL: http://faf.lab.eng.brq.redhat.com/faf/reports/bthash/c5890d5ad2a56b029bec2e4e54ffff1725885aaa/

time:           Mon 22 May 2017 05:27:03 PM EDT
package:        authconfig-6.2.8-28.el7
reason:         __init__.py:932:set_option:TypeError: Expected <type 'int'> for debug_level, received <type 'str'>
cmdline:        /usr/bin/python /usr/sbin/authconfig --enablesssd --enablesssdauth --updateall
executable:     /usr/sbin/authconfig
component:      authconfig
uid:            0
username:       root
hostname:       cloud-qe-03.idmqe.lab.eng.bos.redhat.com
os_release:     Red Hat Enterprise Linux Server release 7.4 Beta (Maipo)
architecture:   x86_64
kernel:         3.10.0-670.el7.x86_64
abrt_version:   2.1.11

Reports:
uReport: BTHASH=c5890d5ad2a56b029bec2e4e54ffff1725885aaa
ABRT Server: URL=http://faf.lab.eng.brq.redhat.com/faf/reports/bthash/c5890d5ad2a56b029bec2e4e54ffff1725885aaa
ABRT Server: URL=http://faf.lab.eng.brq.redhat.com/faf/reports/2882/
CI Job: https://platform-stg-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/sssd-rhel-7.4-candidate-runtest-ldap-provider-cached-auth-timeout/34/


Full Backtrace:
__init__.py:932:set_option:TypeError: Expected <type 'int'> for debug_level, received <type 'str'>

Traceback (most recent call last):
 File "/usr/sbin/authconfig", line 1081, in <module>
   sys.exit(module.run())
 File "/usr/sbin/authconfig", line 676, in run
   self.writeAuthInfo()
 File "/usr/sbin/authconfig", line 639, in writeAuthInfo
   if not self.info.write():
 File "/usr/share/authconfig/authinfo.py", line 4208, in write
   ret = ret and self.writeSSSDPAM(True)
 File "/usr/share/authconfig/authinfo.py", line 3356, in writeSSSDPAM
   pam = self.sssdConfig.get_service('pam')
 File "/usr/lib/python2.7/site-packages/SSSDConfig/__init__.py", line 1620, in get_service
   service.set_option(opt['name'], opt['value'])
 File "/usr/lib/python2.7/site-packages/SSSDConfig/__init__.py", line 932, in set_option
   (option_schema[0], optionname, type(value)))
TypeError: Expected <type 'int'> for debug_level, received <type 'str'>

Local variables in innermost frame:
raise_error: True
option_schema: (<type 'int'>, None, False, u'Set the verbosity of the debug logging', None)
optionname: 'debug_level'
self: <SSSDConfig.SSSDService object at 0x1868790>
value: '0xFFF0'
Comment 2 Pavel Březina 2017-05-24 09:25:34 UTC 
I'm switching component to sssd since this is a bug in sssd config api.

I can reproduce it by having debug_level = 0x3ff0 in [pam] section of sssd.conf. Authconfig method writeSSSDPAM calls "sssdConfig.get_service('pam')" which internally call "set_option" which triggers this invalid type expection since it expect integer but read string. Authconfig does not manipulate debug_level option itself.
Comment 3 Lukas Slebodnik 2017-05-24 10:57:01 UTC 
Agree that's bug in python-sssdconfig and definition of type for debug_level.

It looks line "int" is considered just a decimal number and not hexa-decimal number e.g. "0x3ff0"
Comment 4 Jakub Hrozek 2017-05-24 18:38:49 UTC 
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/3410
Comment 5 Lukas Slebodnik 2017-05-29 10:15:11 UTC 
master:
* fca26b76f23ee4457d6796b19892ed97362b6c8d
* 6df5b36008fef9c1f6dcf8f31af033a467e744c7

sssd-1-14:
* 712f1cc9acb8b71e6906d7a168a045920d491d96
* facc24ec969087bd20e58636d263553ccc97ab4e

sssd-1-13:
* 5de29e378bc7f44874626c1db954fc403aaec5d6
* 9e896d643c5524b78fb0a2fa7de0e4675f524731
Comment 6 Amith 2017-07-05 12:15:07 UTC 
This crash caused the authentication failures in "cached_auth_timeout" test suite. Reason being the PAM files which were not configured with pam_sss.so modules. I had to manually configure the /etc/pam.d/system-auth and /etc/pam.d/password-auth files to rectify the failures. This issue was not seen with build sssd-1.15.1-1.el7.x86_64 as we had a successful beaker run -- https://beaker.engineering.redhat.com/jobs/1759805

Looks like a regression after build sssd-1.15.1-1.
Comment 8 Lukas Slebodnik 2017-07-05 13:53:42 UTC 
It is not a regression because hexadecimal numbers for debug_level never worked with python-sssdconfig in services sections. They worked just in domain sections.
Comment 9 Amith 2017-07-05 16:44:27 UTC 
Yes, you are right. I executed another run with "debug_level = 9" in PAM section, and the SSSD crash disappeared. 
We have always executed this testsuite with "debug_level=0xFFF0" in PAM section and strangely never seen a crash prior to build sssd-1.15.1-1 and that is why i marked it as "Regression". 

Thank you.
Comment 10 Lukas Slebodnik 2017-07-05 17:44:24 UTC 
(In reply to Amith from comment #9)
> Yes, you are right. I executed another run with "debug_level = 9" in PAM
> section, and the SSSD crash disappeared. 
> We have always executed this testsuite with "debug_level=0xFFF0" in PAM
> section and strangely never seen a crash prior to build sssd-1.15.1-1 and
> that is why i marked it as "Regression". 
> 
> Thank you.

As you can see in description of ticket; python-sssdocnfig is used by authconfig.
And previously authconfig dif not set anything in "[pam]" section. Therefore you could not hit this bug.

BTW it is already fixed and covered by unit test in upstream since 2017-05-29. I have not idea why it was not backported to downstream. Probably it was too late.
Comment 11 Jakub Hrozek 2017-07-10 14:56:03 UTC 
(In reply to Lukas Slebodnik from comment #10)
> BTW it is already fixed and covered by unit test in upstream since
> 2017-05-29. I have not idea why it was not backported to downstream.
> Probably it was too late.

Yes, RHEL was in the exception mode since Thu 2017-05-18 according to the schedule, so at the moment, we are targetting 7.5 with this fix.
Comment 13 Amith 2017-11-30 12:01:50 UTC 
Verified the bug on SSSD Version : sssd-1.16.0-7.el7.x86_64

This bug is based on one of the crash report generated after the failed execution of cached_auth_timeout test suite. The beaker job failed with a crash due to the execution of "/usr/sbin/authconfig --enablesssd --enablesssdauth --updateall" when "debug_level=0xFFF0" is set in pam section of sssd.conf.

Verified this bug by executing beaker job for "cached_auth_timeout" test suite on rhel-7.5 with latest sssd build.
Beaker job : https://beaker.engineering.redhat.com/jobs/2171645

Steps in test suite that verifies this bug:

1. The runtest file in this test suite configures sssd.conf as follows:

    [sssd]
    config_file_version = 2
    services = nss, pam
    domains = LDAP

    [pam]
    debug_level=0xFFF0
    pam_id_timeout = 30
    offline_failed_login_attempts = 0
    offline_failed_login_delay = 5

    [domain/LDAP]
    debug_level=0xFFF0
    id_provider = ldap
    auth_provider = ldap
    ldap_uri = ldap://$SERVER
    ldap_tls_cacert = /etc/openldap/certs/cacert.asc
    ldap_search_base = $DS_BASE_DN
    cache_credentials = True

2. The pam section in above sssd.conf is set with required debug_level in hexadecimal. The next set of commands execute authconfig which caused crash in the earlier builds.

chmod 0600 /etc/sssd/sssd.conf
authconfig --enablesssd --enablesssdauth --updateall

3. The beaker job ran successfully without failures or crash, which verifies this bug.
Comment 16 errata-xmlrpc 2018-04-10 17:11:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0929
Note You need to log in before you can comment on or make changes to this bug.