Hi,
The Directory Services crashes several times a day. It's installed on CentOS 7 VM :
Installed Packages Name : ipa-server Arch : x86_64 Version : 4.2.0
Directory Service: STOPPED
krb5kdc Service: RUNNING
kadmin Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was successful
Before each crash, I have these messages in /var/log/dirsrv/slapd-XXXXX/errors :
[30/Jun/2016:09:35:19 +0100] ipapwd_encrypt_encode_key - [file encoding.c, line 171]: generating kerberos keys failed [Invalid argument] [30/Jun/2016:09:35:19 +0100] ipapwd_gen_hashes - [file encoding.c, line 225]: key encryption/encoding failed
There is a bug in ipapwd plugin which causes Directory Service crash when some users try to bind.
Please take a look to attached core file.
Best regards
core file ipacrash.txt
https://www.redhat.com/archives/freeipa-users/2016-July/msg00055.html
Is your server configured in migration mode ? Is there any chance to capture a core dump or make sure at least all debugging packages are instaled and a complete backtrace can be provided ?
Note that the attached file is not a core file, it is just the text output of gdb printing a backtrace, however you seem to have the wrong debug files (or missing debug files) so most of the useful debug information is missing.
If you get a good backtrace please carefully check not critical info is exposed in the data (passwords or keys) and then attach it here.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1356099
According to the log ipapwd_encrypt_encode_key failed during an operation, but ipapwd_encrypt_encode_key returned (before ipapwd_keyset_free) and the operation failed in LDAP_OPERATION_ERROR. There is no clue if the operation that triggered those logs was a bind/add/mod.
Also ipapwd_encrypt_encode_key reports EINVAL, that could occur if principal->realm.data==NULL
Then there was a BIND that updated some kerberos keys. ipa_krb5_generate_key_data was successful but likely keys were referring to invalid pointers. So it is looking like the crashing BIND was victim of a heap corruption but did not trigger it.
If ipa_krb5_generate_key_data fails, the value of kset->num_keys and kset->keys is not initialize and there is a possibility that ipapwd_keyset_free will free random pointers.
If we manage to reproduce the crash, it would worth testing the attached patch
attachment 0001-Ticket-6030.patch
attachment freeipa-44-tbordaz-0023-2-Heap-corruption-in-ipapwd-plugin.patch
fixing owner
master:
Metadata Update from @oakham: - Issue assigned to tbordaz - Issue set to the milestone: FreeIPA 4.4.1
Login to comment on this ticket.