#2301 deleting replica crashes for non-fqdn hostnames
Closed: Fixed None Opened 12 years ago by ohamada.

Description:
have master with one replica. Segmentation fault appeard when running ipa-replica-manage del vm-082.

How reproducible:
always

Steps to reproduce:
1. install ipa-server
2. kinit admin
3. run ipa-replica-manage del $addr
where $addr is the first part of master's (or replica's) hostname

Actual result:
Segmetnation fault


Do you get a core file? Can you install python-debuginfo and get a stack trace of where this is core dumping?

The problem is also appearing in other situations where hostname is needed:

this example also causes segmentation fault: ipa-replica-manage force_sync --from=vm-082

Pretty easy to duplicate. You need to have a valid Kerberos ticket to see this.

#0  0x00007f1a54739f3b in ldap_int_sasl_bind (ld=0x2eae0c0, dn=
    0x7f1a5afab644 "", mechs=0x1274474 "GSSAPI", sctrls=0x0, cctrls=0x0, 
    flags=2, interact=0x7f1a549777a0, defaults=0x14ccd88, result=0x0, rmech=
    0x7fff0e2aeda8, msgid=0x7fff0e2aedbc) at cyrus.c:440
#1  0x00007f1a5473d657 in ldap_sasl_interactive_bind (ld=0x2eae0c0, dn=
    0x7f1a5afab644 "", mechs=0x1274474 "GSSAPI", serverControls=0x0, 
    clientControls=0x0, flags=2, interact=0x7f1a549777a0, defaults=0x14ccd88, 
    result=0x0, rmech=0x7fff0e2aeda8, msgid=0x7fff0e2aedbc) at sasl.c:474
#2  0x00007f1a5473d838 in ldap_sasl_interactive_bind_s (ld=0x2eae0c0, dn=
    0x7f1a5afab644 "", mechs=0x1274474 "GSSAPI", serverControls=0x0, 
    clientControls=0x0, flags=2, interact=0x7f1a549777a0, defaults=0x14ccd88)
    at sasl.c:511
#3  0x00007f1a5497713d in ?? ()
#4  0x00007f1a549777a0 in ?? ()
#5  0x00000000014ccd88 in ?? ()
#6  0x0000000000c1a0a0 in ?? ()
#7  0x00000000020382d0 in ?? ()
#8  0x00007f1a5afab644 in ?? ()
#9  0x0000003866d87900 in _Py_NotImplementedStruct ()
   from /usr/lib64/libpython2.7.so.1.0
#10 0x0000003866d87900 in _Py_NotImplementedStruct ()
   from /usr/lib64/libpython2.7.so.1.0
#11 0x0000000000000000 in ?? ()

I tried writing a simple program to reproduce this and wasn't able to. The difference is that ipa-replica-manage makes several connections before getting around to trying to connect to a non-fqdn.

What I see in my test is the connection fails on a TLS error:

TLS: hostname (doberman) does not match common name in certificate (doberman.example.com).

In ipa-replica-manage this does not raise a ldap.SERVER_DOWN exception and crashes in the sasl bind. In my program it raises an exception and stops there.

I think we'll need to come up with a reproducible test case so we can submit this upstream, probably to the openldap devs.

I think I have it worked out and while things probably shouldn't segfault I think this is our bug.

I haven't tracked it down yet but it appears we are catching the ldap.SERVER_DOWN, ignoring it and trying the bind again.

Metadata Update from @ohamada:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01

7 years ago

Login to comment on this ticket.

Metadata