Bug 1458913 - gssproxy silently dies at startup if config files contain duplicate sections
Summary: gssproxy silently dies at startup if config files contain duplicate sections
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gssproxy
Version: 7.4
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Robbie Harwood
QA Contact: Michal Reznik
URL: https://pagure.io/gssproxy/issue/194
Whiteboard:
Keywords:
Depends On: 1469759
Blocks: 1420851 1472344
TreeView+ depends on / blocked
 
Reported: 2017-06-05 19:49 UTC by James Ralston
Modified: 2018-04-10 11:10 UTC (History)
7 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2018-04-10 11:09:51 UTC


Attachments (Terms of Use)
1458913 _ver (12.59 KB, text/plain)
2018-01-12 11:25 UTC, Michal Reznik
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0709 None None None 2018-04-10 11:10 UTC

Description James Ralston 2017-06-05 19:49:18 UTC
Description of problem:

The RHEL 7.4 beta includes gssproxy-0.7.0-3.el7, which includes the ability to have multiple configuration files.

Unfortunately, this version of gssproxy will also silently die at startup if the same section is defined more than once in any configuration file.

To make this worse, gssproxy-0.7.0-3.el7 includes a new /etc/gssproxy/99-nfs-client.conf file, which includes a [service/nfs-client] section definition.

This means that for any site that is already using gssproxy on NFSv4 clients, and has thus already has a [service/nfs-client] section in /etc/gssproxy.conf, upgrading to gssproxy-0.7.0-3.el7 will cause gssproxy to stop working on that host.

Version-Release number of selected component (if applicable):

gssproxy-0.7.0-3.el7

How reproducible:

Replicate the contents of /etc/gssproxy/99-nfs-client.conf in the /etc/gssproxy.conf file.

Actual results:

gssproxy will silently die at startup without logging any error message whatsoever, even if debugging is enabled.

Expected results:

gssproxy should emit a warning that it is ignoring the duplicate [service/nfs-client] section definition, but still start up successfully.

Additional info:

While permitting multiple gssproxy configuration files is a welcome feature, the presence of multiple configuration files increases the chances of gssproxy encountering duplicate section definitions.

For that reason, gssproxy *must* cope reasonably when it encounters duplicate section definition. And "silently dying without logging anything whatsoever" is not a reasonable way to cope with duplicate section definitions.

Comment 2 Robbie Harwood 2017-06-06 16:25:12 UTC
Users are expected to manage configuration files on update with rpmnew/rpmsave.  We'll fix the silent part.

Comment 3 James Ralston 2017-06-06 18:22:54 UTC
(In reply to Robbie Harwood from comment #2)

> Users are expected to manage configuration files on update with
> rpmnew/rpmsave.

But rpmnew/rpmsave files won't prevent a package from contributing a new /etc/gssproxy/*.conf file that breaks gssproxy because the new file contains a section name that was already defined in another /etc/gssproxy/*.conf file.

> We'll fix the silent part.

Thanks, but the core issue is that gssproxy dies if it encounters duplicate section names. The fact that it does so silently is annoying, but not the main problem.

(See my comments on <https://pagure.io/gssproxy/issue/194>.)

Comment 4 Robbie Harwood 2017-06-07 15:48:54 UTC
Please keep comments on one bugtracker or the other.  Moving to pagure for discussion.  Thanks!

Comment 7 Michal Reznik 2018-01-12 11:25 UTC
Created attachment 1380399 [details]
1458913 _ver

Comment 8 Michal Reznik 2018-01-12 11:26:48 UTC
Verified on:

ipa-server-4.5.4-7.el7.x86_64
gssproxy-0.7.0-17.el7.x86_64

Comment 11 errata-xmlrpc 2018-04-10 11:09:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0709


Note You need to log in before you can comment on or make changes to this bug.