Add input validation for Kerberos auxiliary parameters
Description
Problem/Justification
None
Impact
None
SmartDraw Connector
Katalon Manual Tests (BETA)
Activity
Show:
Bug Clerk July 15, 2019 at 7:58 PM
Complete
Pinned fields
Click on the next to a field label to start pinning.
Details
Details
Assignee
Andrew WalkerReporter
Edmond ShwayriLabels
Components
Fix versions
Affects versions
Priority
Low
More fields
Time tracking
More fields
Time trackingKatalon Platform
Linked Test Cases, Katalon Defect Results, Katalon Studio Test Results
Katalon Platform
Linked Test Cases, Katalon Defect Results, Katalon Studio Test Results
Created June 19, 2019 at 10:46 PM
Updated July 1, 2022 at 4:35 PM
Resolved October 30, 2019 at 5:16 PM
My domain is still Windows 2003 so I have to append "allow_weak_crypto = true" to the krb5.conf file under libdefaults. I have the appropriate line added in the GUI under Directory Services / Kerberos Settings in the "Libdefaults auxiliary parameters" box. Under 9.10 I had no isses, but when I upgraded to FreeNAS 11.2 I could suddenly no longer start directory services. Looking at the krb5.conf file from the console, I can see that it isn't adding the proper line. When I try to start from the command line I get:
root@riva:~ # /etc/directoryservice/ActiveDirectory/ctl start
False
kinit: krb5_get_init_creds: KDC has no support for encryption type
I tried manually editing the file, but quickly found it gets over-written on every start. Since I am rather stuboorn, I edited it AND did a chattr to make the file immutable. With the line where it's supposed to be and running the same command I get:
root@riva:/etc/rc.d # chattr +i /etc/krb5.conf
root@riva:/etc/rc.d # /etc/directoryservice/ActiveDirectory/ctl start
False
[Errno 1] Operation not permitted: '/etc/krb5.conf'
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 166, in call_method
result = await self.middleware.call_method(self, message)
File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 1097, in call_method
return await self._call(message['method'], serviceobj, methodobj, params, app=app, io_thread=False)
File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 1045, in _call
return await methodobj(*args)
File "/usr/local/lib/python3.6/site-packages/middlewared/plugins/etc.py", line 153, in generate
with open(outfile, 'w') as f:
PermissionError: [Errno 1] Operation not permitted: '/etc/krb5.conf'
True
Join is OK
False
True
Everything starts as it should; the new "error" is expected with the file being immutable. Under services SMB is started as expected, and I can browse and use my shares as needed. I shouldn't have to do this work-around to get it running. Something is wrong about how it updated the krb5.conf file before starting the service.