Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 909704

Summary: [Infra] Authentication Failed (401) Occasionally due to Null Pointer Exception in Kerberos (Failed ldap search server LDAP://qa1.qa.lab.tlv.redhat.com:389 due to Kerberos error)
Product: Red Hat Enterprise Virtualization Manager Reporter: Tareq Alayan <talayan>
Component: ovirt-engineAssignee: Ravi Nori <rnori>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Pavel Stehlik <pstehlik>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.2.0CC: acathrow, dyasny, hateya, iheim, lpeer, Rhev-m-bugs, sgrinber, yeylon, ykaul
Target Milestone: ---Keywords: Regression
Target Release: 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-06 12:13:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
engine.log
none
krb5 none

Description Tareq Alayan 2013-02-10 15:50:46 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
sf6

How reproducible:
not constantly. 

Steps to Reproduce:
1. attempting to create VM from template via rest api
  
Actual results:
401 Failed to authenticate 

Expected results:
fail cleanly without nullPointer exception

Additional info:
see engine log
Comment 1 Tareq Alayan 2013-02-10 15:51:47 UTC 
Created attachment 695802 [details]
engine.log
Comment 2 Haim 2013-02-10 15:59:37 UTC 
      2013-02-10 15:04:13,833 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (ajp-/127.0.0.1:8702-1) Error from Kerberos: java.lang.NullPointerException
        at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:106)
        at sun.security.util.DerValue.<init>(DerValue.java:294)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:58)
        at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319)
        at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:721)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:580)
        at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
  at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticateToKDC(GSSAPIDirContextAuthenticationStrategy.java:127)
        at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.explicitAuth(GSSAPIDirContextAuthenticationStrategy.java:119)
        at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticate(GSSAPIDirContextAuthenticationStrategy.java:111)
        at org.ovirt.engine.core.bll.adbroker.GSSAPILdapTemplateWrapper.useAuthenticationStrategy(GSSAPILdapTemplateWrapper.java:86)
        at org.ovirt.engine.core.bll.adbroker.PrepareLdapConnectionTask.call(PrepareLdapConnectionTask.java:56)
        at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.findAndOrderServers(DirectorySearcher.java:114)
        at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:84)
        at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindOne(DirectorySearcher.java:40)
        at org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand.executeQuery(LdapAuthenticateUserCommand.java:44)
        at org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.execute(LdapBrokerCommandBase.java:69)
        at org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18)
        at org.ovirt.engine.core.bll.LoginUserCommand.authenticateUser(LoginUserCommand.java:30)
        at org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:175)
        at org.ovirt.engine.core.bll.LoginBaseCommand.canDoAction(LoginBaseCommand.java:146)
        at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:623)
        at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:298)
        at org.ovirt.engine.core.bll.Backend.Login(Backend.java:515)
        at sun.reflect.GeneratedMethodAccessor30.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
        at org.ovirt.engine.core.utils.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:11)
        at sun.reflect.GeneratedMethodAccessor22.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
        at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
        at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:209)
        at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:361)
        at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:192)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:42)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
        at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
        at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:181)
        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
        at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
        at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view6.Login(Unknown Source)
        at org.ovirt.engine.api.restapi.security.auth.LoginValidator.validate(LoginValidator.java:75)
        at org.ovirt.engine.api.common.security.auth.Challenger.executeBasicAuthentication(Challenger.java:129)
        at org.ovirt.engine.api.common.security.auth.Challenger.preProcess(Challenger.java:103)
        at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:247)
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:211)
        at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:536)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:513)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:125)
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:372)
        at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
        at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:453)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:931)
        at java.lang.Thread.run(Thread.java:722)
Comment 4 Barak 2013-02-11 09:36:57 UTC 
Tareq
(Was the authentication domain up ?)
The response from API is good,
The exception in the log is good for debugging.
What is the bug than ?
Comment 5 Yaniv Kaul 2013-02-11 11:19:46 UTC 
(In reply to comment #4)
> Tareq
> (Was the authentication domain up ?)

Yes.

> The response from API is good,
> The exception in the log is good for debugging.

It's NPE, how can it be good?

> What is the bug than ?
Comment 6 Ravi Nori 2013-02-18 20:34:15 UTC 
Can you provide me the details of the environment

Version of JDK, operating system and version

If possible also provide me the krb5.conf file from /etc/ovirt-engine
Comment 7 Tareq Alayan 2013-02-18 20:51:15 UTC 
uname -a
Linux monique-vdc2.qa.lab.tlv.redhat.com 2.6.32-348.el6.x86_64 #1 SMP Mon Dec 10 12:48:03 EST 2012 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.4 Beta (Santiago)

java -version
java version "1.7.0_09-icedtea"
OpenJDK Runtime Environment (rhel-2.3.4.1.el6_3-x86_64)
OpenJDK 64-Bit Server VM (build 23.2-b09, mixed mode)
Comment 8 Tareq Alayan 2013-02-18 20:51:50 UTC 
Created attachment 699145 [details]
krb5
Comment 9 Ravi Nori 2013-02-22 19:48:35 UTC 
Hi Tareq

I have been unable to reproduce this bug. I have setup the exact environment that you have but fail to reproduce it. Can you give me a more reproducible scenario.