freeipa

Clone
Source Code
GIT

#1636 ipa-server-install crashes when invalid Directory Manager password is entered
Closed: Fixed None Opened 12 years ago by mkosek.

Closed: Fixed
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=716996

Description of problem:
When running ipaserver-install and choosing a Directory Manager password with a backslash in it, ipaserver-install will fail with a cryptic Exception:


ERROR: Tag=CertReqPair has no values
tag=Nickname value=caSigningCert cert-pki-ca
tag=Nickname value=ocspSigningCert cert-pki-ca
tag=Nickname value=Server-Cert cert-pki-ca
tag=Nickname value=subsystemCert cert-pki-ca
tag=Nickname value=auditSigningCert cert-pki-ca
req_list_size=5
cert_list_size=0
dn_list_size=5
Exception in CertSubjectPanel(): java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
ERROR: ConfigureCA: CertSubjectPanel() failure
ERROR: unable to create CA

#######################################################################

2011-06-27 20:56:20,748 DEBUG stderr=java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
    at java.util.ArrayList.RangeCheck(ArrayList.java:547)
    at java.util.ArrayList.get(ArrayList.java:322)
    at ConfigureCA.CertSubjectPanel(ConfigureCA.java:733)
    at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1316)
    at ConfigureCA.main(ConfigureCA.java:1761)

2011-06-27 20:56:20,748 CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname ipa01.office.aboveit.nl -cs_port 9445 -client_certdb_dir /tmp/tmp-kI8P1V -client_certdb_pwd 'XXXXXXXX' -preop_pin ly77FHMU7qr5auedXRdj -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password 'XXXXXXXX' -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=ABOVEIT" -ldap_host ipa01.office.aboveit.nl -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=ABOVEIT" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=ABOVEIT" -ca_server_cert_subject_name "CN=ipa01.office.aboveit.nl,O=ABOVEIT" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=ABOVEIT" -ca_sign_cert_subject_name "CN=Certificate Authority,O=ABOVEIT" -external false -clone false' returned non-zero exit status 255
2011-06-27 20:56:20,749 DEBUG Configuration of CA failed
  File "/usr/sbin/ipa-server-install", line 944, in <module>
    sys.exit(main())

  File "/usr/sbin/ipa-server-install", line 734, in main
    subject_base=options.subject)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 539, in configure_instance
    self.start_creation("Configuring certificate server", 360)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 301, in start_creation
    method()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 678, in __configure_instance
    raise RuntimeError('Configuration of CA failed')



Version-Release number of selected component (if applicable):
RHEL6.1, up-to-date as per report date.
ipa-pki-ca-theme-9.0.3-6.el6.noarch
python-iniparse-0.3.1-2.1.el6.noarch
ipa-client-2.0.0-23.el6_1.1.x86_64
ipa-server-2.0.0-23.el6_1.1.x86_64
ipa-pki-common-theme-9.0.3-6.el6.noarch
ipa-admintools-2.0.0-23.el6_1.1.x86_64
ipa-server-selinux-2.0.0-23.el6_1.1.x86_64
ipa-python-2.0.0-23.el6_1.1.x86_64
pki-symkey-9.0.3-10.el6.x86_64
pki-util-9.0.3-10.el6.noarch
pki-silent-9.0.3-10.el6.noarch
ipa-pki-ca-theme-9.0.3-6.el6.noarch
pki-native-tools-9.0.3-10.el6.x86_64
pki-java-tools-9.0.3-10.el6.noarch
pki-setup-9.0.3-10.el6.noarch
pki-ca-9.0.3-10.el6.noarch
ipa-pki-common-theme-9.0.3-6.el6.noarch
pki-selinux-9.0.3-10.el6.noarch
pki-common-9.0.3-10.el6.noarch
krb5-pkinit-openssl-1.9-9.el6.x86_64

How reproducible:
Run ipaserver-install; when asked for the Directory Manager password input a password with a backslash in it.

Afterwards, you can check by redoing the same install but choosing another pw withouth the backslash, which will be allright.

Additional info:
I'm pretty sure there's supposed to be more than just subject_base on that line referencing line 734

master: 209bcb0

ipa-2-1: 428d8c4

Metadata Update from @mkosek:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 2.1.2 (bug fixing)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
low
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=716996
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.