[Freeipa-users] FreeOTP

Sumit Bose sbose at redhat.com
Thu Jun 9 16:51:09 UTC 2016 

On Thu, Jun 09, 2016 at 08:42:59AM -0400, Nathaniel McCallum wrote:
> On Thu, 2016-06-09 at 10:46 +0200, Sumit Bose wrote:
> > On Thu, Jun 09, 2016 at 08:16:13AM +0200, Winfried de Heiden wrote:
> > > Hi all,
> > > 
> > > I can install libvert-libev but removing libverto-tevent will
> > > remove 123
> > > dependencies also. (wget, tomcat and much more...)
> > > 
> > > Hence, I installed libverto-libev, but dit not remove libverto-
> > > tevent to give
> > > it a try. After ipactl restart still the same problem:
> > 
> > fyi, I think I can reproduce the issue on 32bit Fedora. I tried
> > libverto-libev as well but I removed libverto-tevent after installing
> > libverto-libev with 'rpm -e --nodeps ....' to make sure libverto has
> > no
> > other chance.
> > 
> > So it looks a bit like a libverto 32bit issue. I used
> > libverto-0.2.6-4.fc22. Since I knew that is was working before on
> > 32bits
> > I tried libverto-0.2.5 and libverto-0.2.4 as well with no lock.
> > 
> > Nathaniel, do you have any suggestions what to check with gdb?
> 
> It may not be a libverto issue at all. Just to summarize, krb5kdc sends
> the otp request to ipa-otpd using RADIUS-over-UNIX-socket.
> 
> It appears that ipa-otpd receives the request and sends the appropriate
> response. However, krb5kdc never appears to receive the request and
> times out. Once it times out, it closes the socket and ipa-otpd exits.
> 
> The question is: why?
> 
> This could be a bug in krb5kdc, libkrad or libverto. Does the event
> actually fire from libverto? Does libkrad process it correctly? Does
> krb5kdc process it correctly?
> 
> There are lots of places to attach gdb. I would probably start here:
> https://github.com/krb5/krb5/blob/master/src/lib/krad/client.c#L193

It looks like the 3rd argument of recv(), the buffer length, becomes
negative aka very big in on_io_read()

    i = recv(verto_get_fd(rr->io), rr->buffer.data + rr->buffer.length,
             pktlen - rr->buffer.length, 0);

because pktlen is 4 and rr->buffer.length is 16 on my 32bit system. I
wonder if pktlen isn't sufficient here because it already is the result
of 'len - buffer->length' which is calculated in
krad_packet_bytes_needed() ?

bye,
Sumit

More information about the Freeipa-users mailing list