903230 – [abrt] freeipa-client-3.0.0-3.fc18: xmlrpc_env_clean: Process /usr/sbin/ipa-join was killed by signal 11 (SIGSEGV)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 903230 - [abrt] freeipa-client-3.0.0-3.fc18: xmlrpc_env_clean: Process /usr/sbin/ipa-join was killed by signal 11 (SIGSEGV)

Summary: [abrt] freeipa-client-3.0.0-3.fc18: xmlrpc_env_clean: Process /usr/sbin/ipa-j...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	961132
TreeView+	depends on / blocked

Reported:	2013-01-23 14:31 UTC by Ann Marie Rubin
Modified:	2014-06-18 00:04 UTC (History)
CC List:	2 users (show)
Fixed In Version:	ipa-3.2.1-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	961132 (view as bug list)
Environment:
Last Closed:	2014-06-13 10:14:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Ann Marie Rubin 2013-01-23 14:31:45 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3275

https://bugzilla.redhat.com/show_bug.cgi?id=880563 (''Fedora'')

{{{
Description of problem:
Ran this:

/usr/sbin/ipa-client-install --domain idm.lab.bos.redhat.com --realm
IDM.LAB.BOS.REDHAT.COM --principal admin -W --mkhomedir --no-ntp
--enable-dns-updates --permit --unattended

Output:

Discovery was successful!
Hostname: stef-rawhide.thewalter.lan
Realm: IDM.LAB.BOS.REDHAT.COM
DNS Domain: idm.lab.bos.redhat.com
IPA Server: vm-101.idm.lab.bos.redhat.com
BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
Synchronizing time with KDC...
Enrolled in IPA realm IDM.LAB.BOS.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm IDM.LAB.BOS.REDHAT.COM
trying https://vm-101.idm.lab.bos.redhat.com/ipa/xml
Failed to update DNS records.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server 'http://vm-101.idm.lab.bos.redhat.com/ipa/xml'
host_mod: invalid 'sshpubkey': must be binary data
Failed to upload host SSH public keys.
SSSD enabled
Configured /etc/openldap/ldap.conf


Version-Release number of selected component:
freeipa-client-3.0.0-3.fc18

Additional info:
libreport version: 2.0.18
abrt_version:   2.0.18
backtrace_rating: 4
cmdline:        /usr/sbin/ipa-join --unenroll -h stef-rawhide.thewalter.lan
crash_function: xmlrpc_env_clean
kernel:         3.6.6-3.fc18.x86_64

truncated backtrace:
:Thread no. 1 (2 frames)
: #1 xmlrpc_env_clean at /usr/src/debug/xmlrpc-c-1.32.1/lib/libutil/error.c:52
: #2 unenroll_host at ipa-join.c:919
}}}

Comment 2 Martin Kosek 2013-02-21 09:10:37 UTC

Fixed upstream:

master: 0d836cd6ee9d7b29808cbf36582eed71a5b6a32a
ipa-3-0: babde7374ad946fa7617b56b662ab4fb3211b14f

Comment 5 Namita Soman 2014-01-29 20:37:31 UTC

Verified using ipa-client-3.3.3-13.el7.x86_64

Followed steps as in https://bugzilla.redhat.com/show_bug.cgi?id=961132#c7

tested that the client install had to be rolled back, and there was no seg fault.

Steps taken:
# cp -f /dev/null /etc/pki/nssdb/cert8.db
# cp -f /dev/null /etc/pki/nssdb/key3.db
# cp -f /dev/null /etc/pki/nssdb/secmod.db

# ls -l /etc/pki/nssdb/
total 60
-rw-r--r--. 1 root root     0 Jan 29 15:28 cert8.db
-rw-r--r--. 1 root root  9216 Jan 29 15:14 cert9.db
-rw-r--r--. 1 root root 16384 Jan 29 15:20 key3.db
-rw-r--r--. 1 root root 11264 Jan 29 15:14 key4.db
-rw-r--r--. 1 root root   451 Jan 17 18:57 pkcs11.txt
-rw-r--r--. 1 root root 16384 Jan 12  2010 secmod.db

# ipa-client-install 
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Discovery was successful!
Hostname: sparks.testrelm.com
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: cloud-qe-17.testrelm.com
BaseDN: dc=testrelm,dc=com

Continue to configure the system with these values? [no]: y
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin: 
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=TESTRELM.COM
    Issuer:      CN=Certificate Authority,O=TESTRELM.COM
    Valid From:  Wed Jan 29 14:58:18 2014 UTC
    Valid Until: Sun Jan 29 14:58:18 2034 UTC

Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Failed to add CA to the default NSS database.
Installation failed. Rolling back changes.
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.


ipaclient-install.log includes:
<..snip..>
2014-01-29T20:29:37Z DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2014-01-29T20:29:37Z DEBUG Process finished, return code=255
2014-01-29T20:29:37Z DEBUG stdout=
2014-01-29T20:29:37Z DEBUG stderr=certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

2014-01-29T20:29:37Z INFO Failed to add CA to the default NSS database.
2014-01-29T20:29:37Z ERROR Installation failed. Rolling back changes.
<..snip..>
2014-01-29T20:29:42Z DEBUG args=/usr/sbin/ipa-join --unenroll -h sparks.testrelm.com
2014-01-29T20:29:43Z DEBUG Process finished, return code=0
2014-01-29T20:29:43Z DEBUG stdout=
2014-01-29T20:29:43Z DEBUG stderr=Unenrollment successful.
<..snip..>

Comment 6 Ludek Smid 2014-06-13 10:14:39 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.