[Bug 1955009] [NEW] Freeradius 3.0.21+dfsg-3build1 fails test of moonshot-gss-eap

Christian Ehrhardt  Thu, 16 Dec 2021 00:15:46 -0800

Public bug reported:

As part of the openssl3 transition [1] built fine.
But it got stuck in proposed due to the test of moonshot-gss-eap failing on all 
architectures [2].


Note: ssl deps worked find
 Depends: libc6 (>= 2.34), libcap2 (>= 1:2.10), libpcap0.8 (>= 1.0.0), 
libpcre3, libssl3 (>= 3.0.0~~alpha1), libtalloc2 (>= 2.0.4~git20101213)


Ginggs and Vorlon already tried to retry the run, but the result seems to be 
reproducible.
A migration-reference/0 run worked so we can't reset it that way either and 
need to investigate what is broken.

The error around gss eap encryption might indicate a real issue with
openssl3 in this case:

autopkgtest [01:23:20]: test gss-client: [-----------------------
/etc/freeradius/3.0/sites-enabled /tmp/autopkgtest.n36ySc/build.67K/src
/tmp/autopkgtest.n36ySc/build.67K/src
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
starting...
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
gss_acquire_cred: 0/0
dbus-daemon[3317]: [session uid=0 pid=3317] Activating service 
name='org.janet.Moonshot' requested by ':1.0' (uid=0 pid=3314 comm="gss-client 
-spnego localhost host@localhost testme" label="unconfined")
dbus-daemon[3317]: [session uid=0 pid=3317] Successfully activated service 
'org.janet.Moonshot'
gss_init_sec_context: 1/0
gss_accept_sec_context: 1/0
EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=9):
Could not connect to dbus session bus. 
(DBUS_SESSION_BUS_ADDRESS="unix:abstract=/tmp/dbus-x7alEQSVuk,guid=58444b39b51122ff1552b7e561ba9509")
You may want to unset DBUS_SESSION_BUS_ADDRESS or try 'dbus-run-session' to 
start a session bus.
     40 74 65 73 74 2e 63 6f 6d                        @test.com       
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: 1/0
gss_accept_sec_context: 1/0
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 15
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: 1/0
gss_accept_sec_context: 1/0
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
EAP: Status notification: accept proposed method (param=TTLS)
EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS)
EAP-TTLS: Phase2 type: EAP
TLS: Phase2 EAP types - hexdump(len=72): 00 00 00 00 04 00 00 00 00 00 00 00 1a 
00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 
00 00 00 00 00 2f 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 
00 00 00 33 00 00 00
TLS: using phase1 config options
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start (server ver=0, own ver=0)
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x301 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=183): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 188 bytes pending from ssl_out
SSL: 188 bytes left to be sent out (of total 188 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL 
eapRespData=0x562fe1abccd0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: 1/0
gss_accept_sec_context: 1/0
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 1262
SSL: Need 268 bytes more input data
SSL: Building ACK (type=21 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL 
eapRespData=0x562fe1abd950
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: 1/0
gss_accept_sec_context: 1/0
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=278) - Flags 0x80
SSL: TLS Message Length: 1262
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=61): [REMOVED]
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=844): [REMOVED]
TLS: tls_verify_cb - preverify_ok=1 err=18 (self-signed certificate) 
ca_cert_verify=0 depth=0 buf='/CN=autopkgtest'
EAP: Status notification: remote certificate verification (param=success)
TLS: tls_verify_cb - preverify_ok=1 err=18 (self-signed certificate) 
ca_cert_verify=0 depth=0 buf='/CN=autopkgtest'
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=333): [REMOVED]
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=70): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 126 bytes pending from ssl_out
SSL: 126 bytes left to be sent out (of total 126 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL 
eapRespData=0x562fe1ad9b10
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: 1/0
gss_accept_sec_context: 1/0
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=61) - Flags 0x80
SSL: TLS Message Length: 51
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read change cipher spec
OpenSSL: RX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): [REMOVED]
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: No data to be sent out
EAP-TTLS: TLS done, proceed to Phase 2
EAP-TTLS: Derived key - hexdump(len=64): [REMOVED]
EAP-TTLS: Derived EMSK - hexdump(len=64): [REMOVED]
EAP-TTLS: Derived Session-Id - hexdump(len=65): 15 35 93 ac a6 ce 34 49 a7 3c 
e9 38 71 78 d0 62 9a ac 71 00 a2 b6 13 cf 35 60 f4 6a 36 80 64 2f c1 4e 5e 8a 
13 30 b3 89 bd 13 fa 84 72 4b 1e 82 3d 6a 61 eb d5 15 e2 b9 80 af c8 54 ed 8a 
63 4e 0a
EAP-TTLS: received 0 bytes encrypted data for Phase 2
EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity
EAP-TTLS: Phase 2 EAP Request: type=1
EAP: using real identity - hexdump_ascii(len=14):
     73 74 65 76 65 40 74 65 73 74 2e 63 6f 6d         st...@test.com  
EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=19): 02 00 00 13 01 73 74 
65 76 65 40 74 65 73 74 2e 63 6f 6d
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=28): [REMOVED]
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: 57 bytes left to be sent out (of total 57 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL 
eapRespData=0x562fe1abda70
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: 1/0
gss_accept_sec_context: 1/0
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=71) - Flags 0x80
SSL: TLS Message Length: 61
EAP-TTLS: received 61 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
EAP-TTLS: Decrypted Phase 2 AVPs - hexdump(len=32): 00 00 00 4f 40 00 00 1e 01 
01 00 16 04 10 b2 0e 3d 18 38 47 0e 21 a4 89 f8 17 5a 3a 34 e4 00 00
EAP-TTLS: AVP: code=79 flags=0x40 length=30
EAP-TTLS: AVP data - hexdump(len=22): 01 01 00 16 04 10 b2 0e 3d 18 38 47 0e 21 
a4 89 f8 17 5a 3a 34 e4
EAP-TTLS: AVP - EAP Message
EAP-TTLS: Phase 2 EAP - hexdump(len=22): 01 01 00 16 04 10 b2 0e 3d 18 38 47 0e 
21 a4 89 f8 17 5a 3a 34 e4
EAP-TTLS: received Phase 2: code=1 identifier=1 length=22
EAP-TTLS: Phase 2 EAP Request: type=4
EAP-TTLS: Selected Phase 2 EAP vendor 0 method 4
EAP-MD5: Challenge - hexdump(len=16): b2 0e 3d 18 38 47 0e 21 a4 89 f8 17 5a 3a 
34 e4
EAP-MD5: Generating Challenge Response
EAP-MD5: Response - hexdump(len=16): 15 e3 07 81 04 1a 85 18 ee fc 53 db 85 89 
d9 2d
EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=22): 02 01 00 16 04 10 15 
e3 07 81 04 1a 85 18 ee fc 53 db 85 89 d9 2d
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=68): [REMOVED]
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: 97 bytes left to be sent out (of total 97 bytes)
EAP-TTLS: Authentication completed successfully (MAY_CONT)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=COND_SUCC 
eapRespData=0x562fe1ad02a0
EAP: Session-Id - hexdump(len=65): 15 35 93 ac a6 ce 34 49 a7 3c e9 38 71 78 d0 
62 9a ac 71 00 a2 b6 13 cf 35 60 f4 6a 36 80 64 2f c1 4e 5e 8a 13 30 b3 89 bd 
13 fa 84 72 4b 1e 82 3d 6a 61 eb d5 15 e2 b9 80 af c8 54 ed 8a 63 4e 0a
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: 1/0
gss_accept_sec_context: 1/0
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=75) - Flags 0x80
SSL: TLS Message Length: 65
EAP-TTLS: received 65 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
EAP-TTLS: Decrypted Phase 2 AVPs - hexdump(len=36): 00 00 00 87 c0 00 00 21 00 
00 64 16 02 00 11 01 a4 06 68 6f 73 74 a5 0b 6c 6f 63 61 6c 68 6f 73 74 00 00 00
EAP-TTLS: AVP: code=135 flags=0xc0 length=33
EAP-TTLS: AVP vendor_id 25622
EAP-TTLS: AVP data - hexdump(len=21): 02 00 11 01 a4 06 68 6f 73 74 a5 0b 6c 6f 
63 61 6c 68 6f 73 74
EAP-TTLS: AVP - Channel Binding Message
EAP-TTLS: Authentication completed successfully
SSL: Building ACK (type=21 id=7 ver=0)
EAP: method process -> ignore=FALSE methodState=DONE decision=COND_SUCC 
eapRespData=0x562fe1abdca0
EAP: Session-Id - hexdump(len=65): 15 35 93 ac a6 ce 34 49 a7 3c e9 38 71 78 d0 
62 9a ac 71 00 a2 b6 13 cf 35 60 f4 6a 36 80 64 2f c1 4e 5e 8a 13 30 b3 89 bd 
13 fa 84 72 4b 1e 82 3d 6a 61 eb d5 15 e2 b9 80 af c8 54 ed 8a 63 4e 0a
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
gss_init_sec_context: 1/0
### finalize_class::finalize_class(): Constructing
GSS-API error accepting context: Invalid credential was supplied
GSS-API error accepting context: Authentication rejected by RADIUS server
gss_accept_sec_context: 655360/2109382925
### ~finalize_class::~finalize_class() : initStatus=00100000
### gssEapFinalize()
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
gss_init_sec_context: 655360/2109382925
sending token length: Broken pipe
### finalize_class::finalize_class(): Constructing
Sending init_sec_context token (size=81)...continue needed...
Sending init_sec_context token (size=50)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=235)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=173)...continue needed...
Sending init_sec_context token (size=99)...continue needed...
Sending init_sec_context token (size=142)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=9)...### 
~finalize_class::~finalize_class() : initStatus=00100000
### gssEapFinalize()
autopkgtest [01:23:23]: test gss-client: -----------------------]
gss-client           FAIL non-zero exit status 1autopkgtest [01:23:23]: test 
gss-client:  - - - - - - - - - - results - - - - - - - - - -

[1]: https://launchpad.net/ubuntu/+source/freeradius/3.0.21+dfsg-3build1
[2]: 
https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/amd64/m/moonshot-gss-eap/20211216_012335_fb8b5@/log.gz

** Affects: freeradius (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: moonshot-gss-eap (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: server-next update-excuse

** Also affects: moonshot-gss-eap (Ubuntu)
   Importance: Undecided
       Status: New

** Tags added: server-next

** Tags added: update-excuse

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1955009

Title:
  Freeradius 3.0.21+dfsg-3build1 fails test of moonshot-gss-eap

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/1955009/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1955009] [NEW] Freeradius 3.0.21+dfsg-3build1 fails test of moonshot-gss-eap

Reply via email to