[Freeipa-users] FreeOTP
Nathaniel McCallum
npmccallum at redhat.com
Tue Jun 21 20:23:25 UTC 2016
I have found and fixed what I believe to be the issue. I have submitted
a patch upstream for review: https://github.com/krb5/krb5/pull/471
Once merged, we will backport the fix into all existing Fedora
releases. So you should get an update via a simple: dnf update.
On Thu, 2016-06-16 at 10:28 +0200, Winfried de Heiden wrote:
> Hi all,
>
> "So it looks a bit like a libverto 32bit issue"; any news or progress
> on
> this? Bugzilla?
>
> Winny
>
>
> Op 09-06-16 om 18:51 schreef Sumit Bose:
> > On Thu, Jun 09, 2016 at 08:42:59AM -0400, Nathaniel McCallum wrote:
> > > On Thu, 2016-06-09 at 10:46 +0200, Sumit Bose wrote:
> > > > On Thu, Jun 09, 2016 at 08:16:13AM +0200, Winfried de Heiden
> > > > wrote:
> > > > > Hi all,
> > > > >
> > > > > I can install libvert-libev but removing libverto-tevent will
> > > > > remove 123
> > > > > dependencies also. (wget, tomcat and much more...)
> > > > >
> > > > > Hence, I installed libverto-libev, but dit not remove
> > > > > libverto-
> > > > > tevent to give
> > > > > it a try. After ipactl restart still the same problem:
> > > > fyi, I think I can reproduce the issue on 32bit Fedora. I tried
> > > > libverto-libev as well but I removed libverto-tevent after
> > > > installing
> > > > libverto-libev with 'rpm -e --nodeps ....' to make sure
> > > > libverto has
> > > > no
> > > > other chance.
> > > >
> > > > So it looks a bit like a libverto 32bit issue. I used
> > > > libverto-0.2.6-4.fc22. Since I knew that is was working before
> > > > on
> > > > 32bits
> > > > I tried libverto-0.2.5 and libverto-0.2.4 as well with no lock.
> > > >
> > > > Nathaniel, do you have any suggestions what to check with gdb?
> > > It may not be a libverto issue at all. Just to summarize, krb5kdc
> > > sends
> > > the otp request to ipa-otpd using RADIUS-over-UNIX-socket.
> > >
> > > It appears that ipa-otpd receives the request and sends the
> > > appropriate
> > > response. However, krb5kdc never appears to receive the request
> > > and
> > > times out. Once it times out, it closes the socket and ipa-otpd
> > > exits.
> > >
> > > The question is: why?
> > >
> > > This could be a bug in krb5kdc, libkrad or libverto. Does the
> > > event
> > > actually fire from libverto? Does libkrad process it correctly?
> > > Does
> > > krb5kdc process it correctly?
> > >
> > > There are lots of places to attach gdb. I would probably start
> > > here:
> > > https://github.com/krb5/krb5/blob/master/src/lib/krad/client.c#L1
> > > 93
> > It looks like the 3rd argument of recv(), the buffer length,
> > becomes
> > negative aka very big in on_io_read()
> >
> > i = recv(verto_get_fd(rr->io), rr->buffer.data + rr-
> > >buffer.length,
> > pktlen - rr->buffer.length, 0);
> >
> > because pktlen is 4 and rr->buffer.length is 16 on my 32bit system.
> > I
> > wonder if pktlen isn't sufficient here because it already is the
> > result
> > of 'len - buffer->length' which is calculated in
> > krad_packet_bytes_needed() ?
> >
> > bye,
> > Sumit
> >
>
More information about the Freeipa-users
mailing list