Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1454559 - python-sssdconfig doesn't parse hexadecimal debug_level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError
python-sssdconfig doesn't parse hexadecimal debug_level, resulting in set_opt...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: SSSD Maintainers
Amith
http://faf.lab.eng.brq.redhat.com/faf...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-23 00:16 EDT by Steeve Goveas
Modified: 2018-04-10 13:12 EDT (History)
9 users (show)

See Also:
Fixed In Version: sssd-1.16.0-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 13:11:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2018:0929 None None None 2018-04-10 13:12 EDT

  None (edit)
Description Steeve Goveas 2017-05-23 00:16:08 EDT 
This bug has been created based on an anonymous crash report requested by the package maintainer.

Report URL: http://faf.lab.eng.brq.redhat.com/faf/reports/bthash/c5890d5ad2a56b029bec2e4e54ffff1725885aaa/

time:           Mon 22 May 2017 05:27:03 PM EDT
package:        authconfig-6.2.8-28.el7
reason:         __init__.py:932:set_option:TypeError: Expected <type 'int'> for debug_level, received <type 'str'>
cmdline:        /usr/bin/python /usr/sbin/authconfig --enablesssd --enablesssdauth --updateall
executable:     /usr/sbin/authconfig
component:      authconfig
uid:            0
username:       root
hostname:       cloud-qe-03.idmqe.lab.eng.bos.redhat.com
os_release:     Red Hat Enterprise Linux Server release 7.4 Beta (Maipo)
architecture:   x86_64
kernel:         3.10.0-670.el7.x86_64
abrt_version:   2.1.11

Reports:
uReport: BTHASH=c5890d5ad2a56b029bec2e4e54ffff1725885aaa
ABRT Server: URL=http://faf.lab.eng.brq.redhat.com/faf/reports/bthash/c5890d5ad2a56b029bec2e4e54ffff1725885aaa
ABRT Server: URL=http://faf.lab.eng.brq.redhat.com/faf/reports/2882/
CI Job: https://platform-stg-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/sssd-rhel-7.4-candidate-runtest-ldap-provider-cached-auth-timeout/34/


Full Backtrace:
__init__.py:932:set_option:TypeError: Expected <type 'int'> for debug_level, received <type 'str'>

Traceback (most recent call last):
 File "/usr/sbin/authconfig", line 1081, in <module>
   sys.exit(module.run())
 File "/usr/sbin/authconfig", line 676, in run
   self.writeAuthInfo()
 File "/usr/sbin/authconfig", line 639, in writeAuthInfo
   if not self.info.write():
 File "/usr/share/authconfig/authinfo.py", line 4208, in write
   ret = ret and self.writeSSSDPAM(True)
 File "/usr/share/authconfig/authinfo.py", line 3356, in writeSSSDPAM
   pam = self.sssdConfig.get_service('pam')
 File "/usr/lib/python2.7/site-packages/SSSDConfig/__init__.py", line 1620, in get_service
   service.set_option(opt['name'], opt['value'])
 File "/usr/lib/python2.7/site-packages/SSSDConfig/__init__.py", line 932, in set_option
   (option_schema[0], optionname, type(value)))
TypeError: Expected <type 'int'> for debug_level, received <type 'str'>

Local variables in innermost frame:
raise_error: True
option_schema: (<type 'int'>, None, False, u'Set the verbosity of the debug logging', None)
optionname: 'debug_level'
self: <SSSDConfig.SSSDService object at 0x1868790>
value: '0xFFF0'
Comment 2 Pavel Březina 2017-05-24 05:25:34 EDT 
I'm switching component to sssd since this is a bug in sssd config api.

I can reproduce it by having debug_level = 0x3ff0 in [pam] section of sssd.conf. Authconfig method writeSSSDPAM calls "sssdConfig.get_service('pam')" which internally call "set_option" which triggers this invalid type expection since it expect integer but read string. Authconfig does not manipulate debug_level option itself.
Comment 3 Lukas Slebodnik 2017-05-24 06:57:01 EDT 
Agree that's bug in python-sssdconfig and definition of type for debug_level.

It looks line "int" is considered just a decimal number and not hexa-decimal number e.g. "0x3ff0"
Comment 4 Jakub Hrozek 2017-05-24 14:38:49 EDT 
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/3410
Comment 5 Lukas Slebodnik 2017-05-29 06:15:11 EDT 
master:
* fca26b76f23ee4457d6796b19892ed97362b6c8d
* 6df5b36008fef9c1f6dcf8f31af033a467e744c7

sssd-1-14:
* 712f1cc9acb8b71e6906d7a168a045920d491d96
* facc24ec969087bd20e58636d263553ccc97ab4e

sssd-1-13:
* 5de29e378bc7f44874626c1db954fc403aaec5d6
* 9e896d643c5524b78fb0a2fa7de0e4675f524731
Comment 6 Amith 2017-07-05 08:15:07 EDT 
This crash caused the authentication failures in "cached_auth_timeout" test suite. Reason being the PAM files which were not configured with pam_sss.so modules. I had to manually configure the /etc/pam.d/system-auth and /etc/pam.d/password-auth files to rectify the failures. This issue was not seen with build sssd-1.15.1-1.el7.x86_64 as we had a successful beaker run -- https://beaker.engineering.redhat.com/jobs/1759805

Looks like a regression after build sssd-1.15.1-1.
Comment 8 Lukas Slebodnik 2017-07-05 09:53:42 EDT 
It is not a regression because hexadecimal numbers for debug_level never worked with python-sssdconfig in services sections. They worked just in domain sections.
Comment 9 Amith 2017-07-05 12:44:27 EDT 
Yes, you are right. I executed another run with "debug_level = 9" in PAM section, and the SSSD crash disappeared. 
We have always executed this testsuite with "debug_level=0xFFF0" in PAM section and strangely never seen a crash prior to build sssd-1.15.1-1 and that is why i marked it as "Regression". 

Thank you.
Comment 10 Lukas Slebodnik 2017-07-05 13:44:24 EDT 
(In reply to Amith from comment #9)
> Yes, you are right. I executed another run with "debug_level = 9" in PAM
> section, and the SSSD crash disappeared. 
> We have always executed this testsuite with "debug_level=0xFFF0" in PAM
> section and strangely never seen a crash prior to build sssd-1.15.1-1 and
> that is why i marked it as "Regression". 
> 
> Thank you.

As you can see in description of ticket; python-sssdocnfig is used by authconfig.
And previously authconfig dif not set anything in "[pam]" section. Therefore you could not hit this bug.

BTW it is already fixed and covered by unit test in upstream since 2017-05-29. I have not idea why it was not backported to downstream. Probably it was too late.
Comment 11 Jakub Hrozek 2017-07-10 10:56:03 EDT 
(In reply to Lukas Slebodnik from comment #10)
> BTW it is already fixed and covered by unit test in upstream since
> 2017-05-29. I have not idea why it was not backported to downstream.
> Probably it was too late.

Yes, RHEL was in the exception mode since Thu 2017-05-18 according to the schedule, so at the moment, we are targetting 7.5 with this fix.
Comment 13 Amith 2017-11-30 07:01:50 EST 
Verified the bug on SSSD Version : sssd-1.16.0-7.el7.x86_64

This bug is based on one of the crash report generated after the failed execution of cached_auth_timeout test suite. The beaker job failed with a crash due to the execution of "/usr/sbin/authconfig --enablesssd --enablesssdauth --updateall" when "debug_level=0xFFF0" is set in pam section of sssd.conf.

Verified this bug by executing beaker job for "cached_auth_timeout" test suite on rhel-7.5 with latest sssd build.
Beaker job : https://beaker.engineering.redhat.com/jobs/2171645

Steps in test suite that verifies this bug:

1. The runtest file in this test suite configures sssd.conf as follows:

    [sssd]
    config_file_version = 2
    services = nss, pam
    domains = LDAP

    [pam]
    debug_level=0xFFF0
    pam_id_timeout = 30
    offline_failed_login_attempts = 0
    offline_failed_login_delay = 5

    [domain/LDAP]
    debug_level=0xFFF0
    id_provider = ldap
    auth_provider = ldap
    ldap_uri = ldap://$SERVER
    ldap_tls_cacert = /etc/openldap/certs/cacert.asc
    ldap_search_base = $DS_BASE_DN
    cache_credentials = True

2. The pam section in above sssd.conf is set with required debug_level in hexadecimal. The next set of commands execute authconfig which caused crash in the earlier builds.

chmod 0600 /etc/sssd/sssd.conf
authconfig --enablesssd --enablesssdauth --updateall

3. The beaker job ran successfully without failures or crash, which verifies this bug.
Comment 16 errata-xmlrpc 2018-04-10 13:11:33 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0929
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.