#7862 "ccache" may not exist if GSSError occurs in ipa-client-automount causing an exception to be thrown
Closed: fixed 4 years ago by frenaud. Opened 5 years ago by jplsek.

Issue

"ccache" may not exist if GSSError occurs in ipa-client-automount causing an exception to be thrown.

I had to comment out line 490 in ipa-client-automount to continue (then uncommented after reinstalling the ipa client).

Steps to Reproduce

A new host I was setting up wasn't mounting properly and went into a bad state. I had unregistered the host from the server, then put it back. When I logged into the host, I went to uninstall the automount, and this is when the error occurred. (With my host issue, I just needed to reinstall the ipa client to fix it.)

Actual behavior

$ sudo ipa-client-automount --unattended
Searching for IPA server...
IPA server: DNS discovery
Location: default
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-automount", line 518, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-automount", line 490, in main
    os.remove(ccache_name)
OSError: [Errno 2] No such file or directory: '/tmp/tmpvcc0jg/ccache'

Expected behavior

$ sudo ipa-client-automount --unattended
Searching for IPA server...
IPA server: DNS discovery
Location: default
Failed to obtain host TGT: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529639122): Generic preauthentication failure

Version/Release/Distribution

Client:
Ubuntu Server 18.04.2
freeipa-client: 4.7.0~pre1+git2

Server (if that matters):
RHEL 7.6
ipa-server: 4.6.4-10.el7_6.2.x86_64


I don't quite follow the sequence of events.

You had previous installed the client and configured automount, then uninstalled the client, reinstalled it and re-running ipa-client-automount failed?

It failed in trying to kinit as itself using the host keytab. I imagine that the keytab was bad, but knowing the order of operations would help.

This is just an error reporting issue. The script would have failed with Failed to obtain host TGT ... any way. This bug hides the original error message.

kinit_keytab() creates the ccache file. In case kinit fails, the ccache is not present, however the finally block always tries to os.remove() the file. My patch simpy replaces the explicit remove and rmdir with shutil.rmtree to remove the temporary directory tree.

Metadata Update from @cheimes:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/3002
- Issue assigned to cheimes
- Issue priority set to: normal
- Issue set to the milestone: FreeIPA 4.6.6

4 years ago

master:

  • 6fed170 automount: rmtree temp directory

ipa-4-7:

  • eccdcf6 automount: rmtree temp directory

Metadata Update from @frenaud:
- Issue set to the milestone: FreeIPA 4.7.3 (was: FreeIPA 4.6.6)

4 years ago

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Login to comment on this ticket.

Metadata