Issue #7497: IPA Error 903: InternalError when allowing user to retrieve keytab in WebUI - freeipa

freeipa

#7497 IPA Error 903: InternalError when allowing user to retrieve keytab in WebUI

Closed: duplicate 6 years ago Opened 7 years ago by mreznik.

When allowing user to retrieve keytab in WebUI we are getting "IPA Error 903: InternalError: an internal error has occurred" and we are not able to do anything in "Service tab" anymore.

Steps to reproduce:

In WebUI go to "Services" tab, click e.g. DNS service and at the section "Allowed to retrieve keytab" add an user and confirm. You should immediately see the error.

The given user is able to retrieve a keytab fine in CLI. Allowing user to retrieve keytab from CLI works fine too.

For recover you need to run "ipa service-disallow-retrieve-keytab" in CLI. This looks to be only related to WebUI. Maybe py2/py3 issue given the below traceback and working state in 4.5.4.

ipa ping
-----------------------------------------------------------------------------
IPA server version 4.6.90.pre1.dev201804120739+gitb7be4cf2. API version 2.229
-----------------------------------------------------------------------------

mreznik commented 7 years ago

While reproducing the issue got 3 different traceback:

[Mon Apr 16 14:04:06.479880 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562] ipa: ERROR: non-public: TypeError: ipaAllowedToPerform;read_keys[0] value must be bytes, got list object [('krbprincipalname', 'DNS/vm-181.ipa.test@IPA.TEST', 1)]
[Mon Apr 16 14:04:06.479941 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562] Traceback (most recent call last):
[Mon Apr 16 14:04:06.479954 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 367, in wsgi_execute
[Mon Apr 16 14:04:06.479979 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     result = command(*args, **options)
[Mon Apr 16 14:04:06.479991 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
[Mon Apr 16 14:04:06.480036 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     return self.__do_call(*args, **options)
[Mon Apr 16 14:04:06.480051 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
[Mon Apr 16 14:04:06.480062 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     ret = self.run(*args, **options)
[Mon Apr 16 14:04:06.480073 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
[Mon Apr 16 14:04:06.480083 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     return self.execute(*args, **options)
[Mon Apr 16 14:04:06.480094 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1324, in execute
[Mon Apr 16 14:04:06.480104 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     dn, attrs_list
[Mon Apr 16 14:04:06.480115 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1104, in wrapped
[Mon Apr 16 14:04:06.480126 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     return func(*call_args, **call_kwargs)
[Mon Apr 16 14:04:06.480136 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1549, in get_entry
[Mon Apr 16 14:04:06.480147 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     size_limit=size_limit, get_effective_rights=get_effective_rights,
[Mon Apr 16 14:04:06.480158 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1361, in get_entries
[Mon Apr 16 14:04:06.480168 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     **kwargs)
[Mon Apr 16 14:04:06.480179 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1456, in find_entries
[Mon Apr 16 14:04:06.480189 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     res_list = self._convert_result(res_list)
[Mon Apr 16 14:04:06.480200 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 992, in _convert_result
[Mon Apr 16 14:04:06.480210 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     ipa_entry.raw[attr] = original_values
[Mon Apr 16 14:04:06.480221 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 603, in __setitem__
[Mon Apr 16 14:04:06.480231 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     self._entry._set_raw(name, value)
[Mon Apr 16 14:04:06.480242 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 430, in _set_raw
[Mon Apr 16 14:04:06.480252 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562]     name, i, item.__class__.__name__, item)
[Mon Apr 16 14:04:06.480267 2018] [wsgi:error] [pid 67480:tid 140008720127744] [remote 10.0.0.2:49562] TypeError: ipaAllowedToPerform;read_keys[0] value must be bytes, got list object [('krbprincipalname', 'DNS/vm-181.ipa.test@IPA.TEST', 1)]

[Mon Apr 16 14:30:22.571731 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] ipa: ERROR: unable to convert the attribute 'ipaAllowedToPerform;read_keys' value b'DNS/vm-181.ipa.test@IPA.TEST' to type <class 'ipapython.dn.DN'>
[Mon Apr 16 14:30:22.676583 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] ipa: ERROR: non-public: ValueError: unable to convert the attribute 'ipaAllowedToPerform;read_keys' value b'DNS/vm-181.ipa.test@IPA.TEST' to type <class 'ipapython.dn.DN'> in LDAP entry 'krbprincipalname=DNS/vm-181.ipa.test@IPA.TEST,cn=services,cn=accounts,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=ipa,dc=test'
[Mon Apr 16 14:30:22.676646 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] Traceback (most recent call last):
[Mon Apr 16 14:30:22.676668 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/dn.py", line 1119, in _rdns_from_value
[Mon Apr 16 14:30:22.676693 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     rdns = str2dn(value)
[Mon Apr 16 14:30:22.676714 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib64/python3.6/site-packages/ldap/dn.py", line 53, in str2dn
[Mon Apr 16 14:30:22.676735 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     return ldap.functions._ldap_function_call(None,_ldap.str2dn,dn,flags)
[Mon Apr 16 14:30:22.676754 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib64/python3.6/site-packages/ldap/functions.py", line 66, in _ldap_function_call
[Mon Apr 16 14:30:22.676773 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     result = func(*args,**kwargs)
[Mon Apr 16 14:30:22.676803 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] ldap.DECODING_ERROR
[Mon Apr 16 14:30:22.676823 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] 
[Mon Apr 16 14:30:22.676843 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] During handling of the above exception, another exception occurred:
[Mon Apr 16 14:30:22.676862 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] 
[Mon Apr 16 14:30:22.676881 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] Traceback (most recent call last):
[Mon Apr 16 14:30:22.676921 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 941, in decode
[Mon Apr 16 14:30:22.676943 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     return target_type(val.decode('utf-8'))
[Mon Apr 16 14:30:22.676965 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/dn.py", line 1107, in __init__
[Mon Apr 16 14:30:22.676984 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     self.rdns = self._rdns_from_sequence(args)
[Mon Apr 16 14:30:22.677054 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/dn.py", line 1148, in _rdns_from_sequence
[Mon Apr 16 14:30:22.677075 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     rdn = self._rdns_from_value(item)
[Mon Apr 16 14:30:22.677095 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/dn.py", line 1121, in _rdns_from_value
[Mon Apr 16 14:30:22.677114 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     raise ValueError("malformed RDN string = \\"%s\\"" % value)
[Mon Apr 16 14:30:22.677134 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] ValueError: malformed RDN string = "DNS/vm-181.ipa.test@IPA.TEST"
[Mon Apr 16 14:30:22.677155 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] 
[Mon Apr 16 14:30:22.677174 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] During handling of the above exception, another exception occurred:
[Mon Apr 16 14:30:22.677194 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] 
[Mon Apr 16 14:30:22.677213 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] Traceback (most recent call last):
[Mon Apr 16 14:30:22.677232 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 349, in _sync_attr
[Mon Apr 16 14:30:22.677252 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     value = self._conn.decode(value, name)
[Mon Apr 16 14:30:22.677271 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 949, in decode
[Mon Apr 16 14:30:22.677291 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     raise ValueError(msg)
[Mon Apr 16 14:30:22.677310 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] ValueError: unable to convert the attribute 'ipaAllowedToPerform;read_keys' value b'DNS/vm-181.ipa.test@IPA.TEST' to type <class 'ipapython.dn.DN'>
[Mon Apr 16 14:30:22.677330 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] 
[Mon Apr 16 14:30:22.677349 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] During handling of the above exception, another exception occurred:
[Mon Apr 16 14:30:22.677368 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] 
[Mon Apr 16 14:30:22.677387 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] Traceback (most recent call last):
[Mon Apr 16 14:30:22.677406 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 367, in wsgi_execute
[Mon Apr 16 14:30:22.677425 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     result = command(*args, **options)
[Mon Apr 16 14:30:22.677444 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
[Mon Apr 16 14:30:22.677515 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     return self.__do_call(*args, **options)
[Mon Apr 16 14:30:22.677540 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
[Mon Apr 16 14:30:22.677564 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     ret = self.run(*args, **options)
[Mon Apr 16 14:30:22.677582 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
[Mon Apr 16 14:30:22.677602 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     return self.execute(*args, **options)
[Mon Apr 16 14:30:22.677622 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1337, in execute
[Mon Apr 16 14:30:22.677641 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     self, ldap, entry_attrs.dn, entry_attrs, *keys, **options)
[Mon Apr 16 14:30:22.677660 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipaserver/plugins/service.py", line 826, in post_callback
[Mon Apr 16 14:30:22.677680 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     rename_ipaallowedtoperform_from_ldap(entry_attrs, options)
[Mon Apr 16 14:30:22.677697 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipaserver/plugins/service.py", line 345, in rename_ipaallowedtoperform_from_ldap
[Mon Apr 16 14:30:22.677716 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     entry_attrs[new_name] = entry_attrs.pop(name)
[Mon Apr 16 14:30:22.677736 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib64/python3.6/_collections_abc.py", line 795, in pop
[Mon Apr 16 14:30:22.677754 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     value = self[key]
[Mon Apr 16 14:30:22.677772 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 485, in __getitem__
[Mon Apr 16 14:30:22.677789 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     return self._get_nice(name)
[Mon Apr 16 14:30:22.677807 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 460, in _get_nice
[Mon Apr 16 14:30:22.677826 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     self._sync_attr(name)
[Mon Apr 16 14:30:22.677845 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]   File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 352, in _sync_attr
[Mon Apr 16 14:30:22.677864 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082]     error=e, dn=self._dn))
[Mon Apr 16 14:30:22.677890 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] ValueError: unable to convert the attribute 'ipaAllowedToPerform;read_keys' value b'DNS/vm-181.ipa.test@IPA.TEST' to type <class 'ipapython.dn.DN'> in LDAP entry 'krbprincipalname=DNS/vm-181.ipa.test@IPA.TEST,cn=services,cn=accounts,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=ipa,dc=test'
[Mon Apr 16 14:30:22.677939 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] 
[Mon Apr 16 14:30:22.678848 2018] [wsgi:error] [pid 112216:tid 139757721827072] [remote 10.0.0.2:50082] ipa: INFO: [jsonserver_session] admin@IPA.TEST: service_show('DNS/vm-181.ipa.test@IPA.TEST', rights=True, all=True, version='2.229'): InternalError

[Mon Apr 16 15:12:36.888667 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746] ipa: ERROR: non-public: AttributeError: 'Principal' object has no attribute 'decode'
[Mon Apr 16 15:12:36.888721 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746] Traceback (most recent call last):
[Mon Apr 16 15:12:36.888732 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]   File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 370, in wsgi_execute
[Mon Apr 16 15:12:36.888742 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]     result = command(*args, **options)
[Mon Apr 16 15:12:36.888752 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
[Mon Apr 16 15:12:36.888781 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]     return self.__do_call(*args, **options)
[Mon Apr 16 15:12:36.888791 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
[Mon Apr 16 15:12:36.888800 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]     ret = self.run(*args, **options)
[Mon Apr 16 15:12:36.888809 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
[Mon Apr 16 15:12:36.888819 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]     return self.execute(*args, **options)
[Mon Apr 16 15:12:36.888828 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]   File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1339, in execute
[Mon Apr 16 15:12:36.888837 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]     self.obj.convert_attribute_members(entry_attrs, *keys, **options)
[Mon Apr 16 15:12:36.888847 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]   File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 657, in convert_attribute_members
[Mon Apr 16 15:12:36.888856 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746]     memberdn = DN(member.decode('utf-8'))
[Mon Apr 16 15:12:36.888868 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746] AttributeError: 'Principal' object has no attribute 'decode'
[Mon Apr 16 15:12:36.888885 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746] 
[Mon Apr 16 15:12:36.889397 2018] [wsgi:error] [pid 3078:tid 139816948324096] [remote 10.43.21.184:41746] ipa: INFO: [jsonserver_session] admin@IPA.TEST: service_show('DNS/vm-171-160.ipa.test@IPA.TEST', rights=True, all=True, version='2.229'): InternalError

mreznik commented 7 years ago

Ok, looks like it can be also reproduced without WebUI where we are using --all and --rights options:

[root@vm-232 ~]# ipa service-allow-retrieve-keytab
Principal name: DNS/vm-232.ipa.test@IPA.TEST
[member user]: test2
[member group]: 
[member host]: 
[member host group]: 
  Principal name: DNS/vm-232.ipa.test@IPA.TEST
  Principal alias: DNS/vm-232.ipa.test@IPA.TEST
  Managed by: vm-232.ipa.test
  Users allowed to retrieve keytab: test2
-------------------------
Number of members added 1
-------------------------
[root@vm-232 ~]# 
[root@vm-232 ~]# 
[root@vm-232 ~]# 
[root@vm-232 ~]# ipa service-show --all --rights
Principal name: DNS/vm-232.ipa.test@IPA.TEST
ipa: ERROR: an internal error has occurred
[root@vm-232 ~]#

Metadata Update from @mreznik:
- Issue untagged with: webui
- Issue priority set to: critical

7 years ago

mreznik commented 7 years ago

Sometimes also "httpd" is segfaulting when reproducing the issue:

[Mon Apr 16 18:12:49.655038 2018] [core:notice] [pid 99273:tid 140285960814592] AH00051: child pid 99280 exit signal Segmentation fault (11), possible coredump in /tmp/

[root@vm-232 ~]# coredumpctl info
           PID: 99280 (httpd)
           UID: 385 (ipaapi)
           GID: 385 (ipaapi)
        Signal: 11 (SEGV)
     Timestamp: Mon 2018-04-16 18:12:48 CEST (11min ago)
  Command Line: (wsgi:ipa)      -DFOREGROUND
    Executable: /usr/sbin/httpd
 Control Group: /system.slice/httpd.service
          Unit: httpd.service
         Slice: system.slice
       Boot ID: e7c929e3758f4f12828cd5bdd150c834
    Machine ID: 2d1e3533a2ac4762ade2e2a334abedaf
      Hostname: vm-232.ipa.test
       Storage: /var/lib/systemd/coredump/core.httpd.385.e7c929e3758f4f12828cd5bdd150c834.99280.1523895168000000.lz4
       Message: Process 99280 (httpd) of user 385 dumped core.

                Stack trace of thread 99544:
                #0  0x00007f96ced966d9 _PyObject_Alloc.isra.0 (libpython3.6m.so.1.0)
                #1  0x00007f96ceddb530 PyList_Append (libpython3.6m.so.1.0)
                #2  0x00007f96c51465bb l_ldap_str2dn (_ldap.cpython-36m-x86_64-linux-gnu.so)
                #3  0x00007f96cee134d0 PyCFunction_Call (libpython3.6m.so.1.0)
                #4  0x00007f96cee50b44 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #5  0x00007f96cedb1073 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)
                #6  0x00007f96cede3511 fast_function (libpython3.6m.so.1.0)
                #7  0x00007f96cee20d1e call_function (libpython3.6m.so.1.0)
                #8  0x00007f96cee4ae9a _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #9  0x00007f96cedb1073 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)
                #10 0x00007f96cede3511 fast_function (libpython3.6m.so.1.0)
                #11 0x00007f96cee20d1e call_function (libpython3.6m.so.1.0)
                #12 0x00007f96cee4ae9a _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #13 0x00007f96cede32ea fast_function (libpython3.6m.so.1.0)
                #14 0x00007f96cee20d1e call_function (libpython3.6m.so.1.0)
                #15 0x00007f96cee4ae9a _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #16 0x00007f96cede32ea fast_function (libpython3.6m.so.1.0)
                #17 0x00007f96cee20d1e call_function (libpython3.6m.so.1.0)
                #18 0x00007f96cee4ae9a _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #19 0x00007f96cedb1073 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)
                #20 0x00007f96cedb1d2c _PyFunction_FastCallDict (libpython3.6m.so.1.0)
                #21 0x00007f96cedb22ce _PyObject_FastCallDict (libpython3.6m.so.1.0)
                #22 0x00007f96cedbc101 _PyObject_Call_Prepend (libpython3.6m.so.1.0)
                #23 0x00007f96cedb270b PyObject_Call (libpython3.6m.so.1.0)
                #24 0x00007f96cee16b79 slot_tp_init (libpython3.6m.so.1.0)
                #25 0x00007f96cee136fe type_call (libpython3.6m.so.1.0)
                #26 0x00007f96cedb20f4 _PyObject_FastCallDict (libpython3.6m.so.1.0)
                #27 0x00007f96cee20d8d call_function (libpython3.6m.so.1.0)
                #28 0x00007f96cee4ae9a _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #29 0x00007f96cede32ea fast_function (libpython3.6m.so.1.0)
                #30 0x00007f96cee20d1e call_function (libpython3.6m.so.1.0)
                #31 0x00007f96cee4ae9a _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #32 0x00007f96cedb1073 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)
                #33 0x00007f96cedb1f7d _PyFunction_FastCallDict (libpython3.6m.so.1.0)
                #34 0x00007f96cedb22ce _PyObject_FastCallDict (libpython3.6m.so.1.0)
                #35 0x00007f96cedbc101 _PyObject_Call_Prepend (libpython3.6m.so.1.0)
                #36 0x00007f96cedb270b PyObject_Call (libpython3.6m.so.1.0)
                #37 0x00007f96cee4c976 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #38 0x00007f96cedb13cd _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)
                #39 0x00007f96cede3511 fast_function (libpython3.6m.so.1.0)
                #40 0x00007f96cee20d1e call_function (libpython3.6m.so.1.0)
                #41 0x00007f96cee4bd9e _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #42 0x00007f96cedb13cd _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)
                #43 0x00007f96cedb1f7d _PyFunction_FastCallDict (libpython3.6m.so.1.0)
                #44 0x00007f96cedb22ce _PyObject_FastCallDict (libpython3.6m.so.1.0)
                #45 0x00007f96cedbc101 _PyObject_Call_Prepend (libpython3.6m.so.1.0)
                #46 0x00007f96cedb270b PyObject_Call (libpython3.6m.so.1.0)
                #47 0x00007f96cee4c976 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #48 0x00007f96cedb1073 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)
                #49 0x00007f96cedb1f7d _PyFunction_FastCallDict (libpython3.6m.so.1.0)
                #50 0x00007f96cedb22ce _PyObject_FastCallDict (libpython3.6m.so.1.0)
                #51 0x00007f96cedbc101 _PyObject_Call_Prepend (libpython3.6m.so.1.0)
                #52 0x00007f96cedb270b PyObject_Call (libpython3.6m.so.1.0)
                #53 0x00007f96cee4c976 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #54 0x00007f96cedb1073 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)
                #55 0x00007f96cedb1f7d _PyFunction_FastCallDict (libpython3.6m.so.1.0)
                #56 0x00007f96cedb22ce _PyObject_FastCallDict (libpython3.6m.so.1.0)
                #57 0x00007f96cedbc101 _PyObject_Call_Prepend (libpython3.6m.so.1.0)
                #58 0x00007f96cedb270b PyObject_Call (libpython3.6m.so.1.0)
                #59 0x00007f96cee4c976 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)
                #60 0x00007f96cedb1073 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)
                #61 0x00007f96cedb1f7d _PyFunction_FastCallDict (libpython3.6m.so.1.0)
                #62 0x00007f96cedb22ce _PyObject_FastCallDict (libpython3.6m.so.1.0)
                #63 0x00007f96cedbc101 _PyObject_Call_Prepend (libpython3.6m.so.1.0)

                Stack trace of thread 99280:
                #0  0x00007f96dd4e7c6b __poll (libc.so.6)
                #1  0x00007f96ddbfb435 apr_poll (libapr-1.so.0)
                #2  0x00007f96cf215282 wsgi_start_process (mod_wsgi_python3.so)
                #3  0x00007f96cf216a38 wsgi_start_daemons (mod_wsgi_python3.so)
                #4  0x0000565379902ecb ap_run_pre_mpm (httpd)
                #5  0x00007f96d2c07192 event_run (mod_mpm_event.so)
                #6  0x00005653798ffe3e ap_run_mpm (httpd)
                #7  0x00005653798f8722 main (httpd)
                #8  0x00007f96dd41df2a __libc_start_main (libc.so.6)
                #9  0x00005653798f881a _start (httpd)

                Stack trace of thread 99543:
                #0  0x00007f96dd4e9b23 __select (libc.so.6)
                #1  0x00007f96ddbff7e5 apr_sleep (libapr-1.so.0)
                #2  0x00007f96cf209aeb wsgi_deadlock_thread (mod_wsgi_python3.so)
                #3  0x00007f96dd9be50b start_thread (libpthread.so.0)
                #4  0x00007f96dd4f216f __clone (libc.so.6)

                Stack trace of thread 99542:
                #0  0x00007f96dd4e9b23 __select (libc.so.6)
                #1  0x00007f96ddbff7e5 apr_sleep (libapr-1.so.0)
                #2  0x00007f96cf207290 wsgi_monitor_thread (mod_wsgi_python3.so)
                #3  0x00007f96dd9be50b start_thread (libpthread.so.0)
                #4  0x00007f96dd4f216f __clone (libc.so.6)

fbarreto commented 7 years ago

The root cause of these errors seems to be the same for ticket https://pagure.io/freeipa/issue/7324.

Some bad conversion from ldap.get_entry to DN. Check the ticket above for more details about it.

Metadata Update from @fbarreto:
- Issue set to the milestone: FreeIPA 4.7

7 years ago

Metadata Update from @cheimes:
- Issue tagged with: py3

7 years ago

cheimes commented 7 years ago

@ftweedal The issue seems to be related to get effective rights. Can you take a look, please?

Metadata Update from @mreznik:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

6 years ago

mreznik commented 6 years ago

Closed as duplicate of https://pagure.io/freeipa/issue/7324

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

critical

Milestone

FreeIPA 4.7

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

tester

None

changelog

None

design

None

rhbz

None

freeipa

Source Code

#7497 IPA Error 903: InternalError when allowing user to retrieve keytab in WebUI Closed: duplicate 6 years ago Opened 7 years ago by mreznik.

Metadata

py3

#7497 IPA Error 903: InternalError when allowing user to retrieve keytab in WebUI

Closed: duplicate 6 years ago Opened 7 years ago by mreznik.