[Freeipa-users] Trying to use the CLI logs me out

Wed Feb 26 12:25:54 UTC 2014

# script /tmp/out-script
Script started, file is /tmp/out-script
# ipa help
Script done, file is /tmp/out-script
# cat /tmp/out-script

Script started on Wed 26 Feb 2014 07:18:07 AM EST
# ipa help

Script done on Wed 26 Feb 2014 07:18:14 AM EST
#

So then I tried it using script's "-c" option to see if that would make 
a difference, kind of like strace did:

#script -c 'ipa help' /tmp/out-script2
Script started, file is /tmp/out-script2
Usage: ipa [global-options] COMMAND {command-options]

Manage an IPA domain

Options:
:
:
See "ipa <COMMAND> --help" for more information on a specific command.
Script done, file is /tmp/out-script2
# cat /tmp/out-script2
Script started on Wed 26 Feb 2014 07:20:27 AM EST
Usage: ipa [global-options] COMMAND [command-options]

Manage an IPA domain

Options:
:
:
See "ipa <COMMAND> --help" for more information on a specific command.

Script done on Wed 26 Feb 2014 07:20:28 AM EST
#

It /looks/ like something is behaving differently when input comes from 
a tty vice when it doesn't. For grins, I did the same thing using "ipa 
host-find zw129.damascusgrp.com" and got basically the same result -- an 
empty log first, then successful completion (including expected results) 
using the -c option.

Bret

On 02/25/2014 08:32 PM, Bret Wortman wrote:
> I'll try that. And you're right--we've tried a number of sub commands.
>
>
> Bret Wortman
> http://bretwortman.com/
> http://twitter.com/BretWortman
>
>> On Feb 25, 2014, at 8:05 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>>
>> Dmitri Pal wrote:
>>>> On 02/25/2014 07:31 PM, Bret Wortman wrote:
>>>> Nope, running with strace lets us use the IPA command again with impunity. Without it, process termination.
>>> A theory. Your data has some output that is treated as escape sequence
>>> that crushes the shell so your connection is closed.
>>> Do you test it with the same command all the time?
>>>
>>> Have you tried other commands?
>>> Can you do a user/group/host add?
>>>
>>> Can you try other commands?
>> I think he said it fails with a simple ipa help, which eliminates a whole lot of the work we do because it does no networking in that case.
>>
>> Maybe running inside a typescript will show something like weird characters.
>>
>> rob
>>
>>>
>>>>
>>>> Bret Wortman
>>>> http://bretwortman.com/
>>>> http://twitter.com/BretWortman
>>>>
>>>>> On Feb 25, 2014, at 6:06 PM, Rob Crittenden<rcritten at redhat.com>  wrote:
>>>>>
>>>>> Bret Wortman wrote:
>>>>>> I don't know if this will be informative or not, but:
>>>>>>
>>>>>> # strace -f -o /tmp/out ipa host-find zw129.damascusgrp.com
>>>>>> --------------
>>>>>> 1 host matched
>>>>>> --------------
>>>>>> Host name: zw129.damascusgrp.com
>>>>>>    :
>>>>>>    :
>>>>>> #
>>>>>>
>>>>>> I then found this pattern occurring a number of times within the (17564
>>>>>> line) output file:
>>>>>>
>>>>>> 4229  mmap(NULL, 1052672, PROT_READ|PROT_WRITE,
>>>>>> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
>>>>>> 4237  <... close resumed> )             = 0
>>>>>> 4229  <... mmap resumed> )              = 0x7f936aad2000
>>>>>> 4229  read(13, <unfinished ...>
>>>>>> 4237  dup2(7, 0)                        = 0
>>>>>> 4237  dup2(10, 1)                       = 1
>>>>>> 4237  dup2(12, 2)                       = 2
>>>>>> 4237  close(7)                          = 0
>>>>>> 4237  close(10)                         = 0
>>>>>> 4237  close(12)                         = 0
>>>>>> 4237  close(3)                          = 0
>>>>>> 4237  close(4)                          = 0
>>>>>> 4237  close(5)                          = 0
>>>>>> 4237  close(6)                          = 0
>>>>>> 4237  close(7)                          = -1 EBADF (Bad file descriptor)
>>>>>> 4237  close(8)                          = -1 EBADF (Bad file descriptor)
>>>>>> 4237  close(9)                          = -1 EBADF (Bad file descriptor)
>>>>>> 4237  close(10)                         = -1 EBADF (Bad file descriptor)
>>>>>> :
>>>>>> : Continues for a thousand entries or so, then
>>>>>> :
>>>>>> 4237  close(1022)                       = -1 EBADF (Bad file descriptor)
>>>>>> 4237  close(1023)                       = -1 EBADF (Bad file descriptor)
>>>>>> 4237  execve("/bin/keyctl", ["keyctl", "padd", "user",
>>>>>> "ipa_session_cookie:admin at DAMASCUSGRP.COM", "@s"], [/* 27 vars */]
>>>>>> <unfinished ...>
>>>>> Just noise while we fork off and run another process, in this case keyctl to store the session cookie in the kernel keyring.
>>>>>
>>>>> So running with strace doesn't result in the session logging out?
>>>>>
>>>>> rob
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager for IdM portfolio
>>> Red Hat Inc.
>>>
>>>
>>> -------------------------------
>>> Looking to carve out IT costs?
>>> www.redhat.com/carveoutcosts/
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140226/f9804bfb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140226/f9804bfb/attachment.p7s>