Ubuntu
freeradius package

Bug #1955009
Comment #1

Comment 1 for bug 1955009

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2021-12-16:

Reproducible in local autopkgtest

Good:
### gss_eap_shib_attr_provider::init(): Initializing ShibResolver library
### finalize_class::finalize_class(): Constructing
Sending init_sec_context token (size=81)...continue needed...
Sending init_sec_context token (size=50)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=235)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=173)...continue needed...
Sending init_sec_context token (size=99)...continue needed...
Sending init_sec_context token (size=142)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=60)...continue needed...

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_SEQUENCE_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"<email address hidden>" to "host/localhost", lifetime -1, flags 13e, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 3 6 1 5 5 15 1 1 17 } supports 6 names
  0: { 1 2 840 113554 1 2 1 1 }
  1: { 1 2 840 113554 1 2 1 4 }
  2: { 1 3 6 1 5 6 4 }
  3: { 1 3 6 1 5 6 6 }
  4: { 1 3 6 1 5 5 15 2 1 }
  5: { 1 3 6 1 5 6 3 }
Signature verified.
### finalize_class::finalize_class(): Constructing
2021-12-16 09:44:16 WARN Shibboleth.Application : no MetadataProvider available, configure at least one for standard SSO usage
2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/bio/bss_file.c, line 288
2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('/etc/shibboleth/sp-signing-key.pem','r')
2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/bio/bss_file.c, line 290
2021-12-16 09:44:16 ERROR XMLTooling.CredentialResolver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibboleth/sp-signing-key.pem).
2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/bio/bss_file.c, line 288
2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('/etc/shibboleth/sp-encrypt-key.pem','r')
2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/bio/bss_file.c, line 290
2021-12-16 09:44:16 ERROR XMLTooling.CredentialResolver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibboleth/sp-encrypt-key.pem).
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_SEQUENCE_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
Attribute urn:ietf:params:gss:radius-attribute 79 Authenticated Complete

03070004

Attribute urn:ietf:params:gss:radius-attribute 80 Authenticated Complete

fea2dc1b41a181201e5650cd85cf90f5

Attribute urn:ietf:params:gss:radius-attribute 1 Authenticated Complete

@test.com

40746573742e636f6d

Accepted connection: "@test.com"
Received message: "testmessage"
NOOP token
### ShibFinalizer::ShibFinalizer(): Constructing
### gssEapAttrProvidersInitInternal(): Calling gssEapSamlAttrProvidersInit()
### gssEapAttrProvidersInitInternal(): Setting gssEapAttrProvidersInitStatus to 00000000
gss_accept_sec_context: 1/0
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
gss_init_sec_context: 1/0
gss_accept_sec_context: 0/0
gss_init_sec_context: 0/0
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
### ~finalize_class::~finalize_class() : initStatus=00100000
### gssEapFinalize()
### ShibFinalizer::~ShibFinalizer(): Destructing
### gss_eap_shib_attr_provider::finalize(): calling ShibbolethResolver::term()
### ~finalize_class::~finalize_class() : initStatus=00000000
### ~finalize_class::~finalize_class() : really finalizing
### gssEapFinalize()

Bad:
### finalize_class::finalize_class(): Constructing
GSS-API error accepting context: Invalid credential was supplied
GSS-API error accepting context: Authentication rejected by RADIUS server
gss_accept_sec_context: 655360/2109382925
### ~finalize_class::~finalize_class() : initStatus=00100000
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
gss_init_sec_context: 655360/2109382925
sending token length: Broken pipe
### gssEapFinalize()
### ~finalize_class::~finalize_class() : initStatus=00100000
### finalize_class::finalize_class(): Constructing
Sending init_sec_context token (size=81)...continue needed...
Sending init_sec_context token (size=50)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=235)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=173)...continue needed...
Sending init_sec_context token (size=99)...continue needed...
Sending init_sec_context token (size=142)...continue needed...
Sending init_sec_context token (size=42)...continue needed...
Sending init_sec_context token (size=9)...### gssEapFinalize()

Reproducible in local autopkgtest

context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_SEQUENCE_FLAG
context flag: GSS_C_CONF_FLAG 
context flag: GSS_C_INTEG_FLAG 
"steve@test.com" to "host/localhost", lifetime -1, flags 13e, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 3 6 1 5 5 15 1 1 17 } supports 6 names
  0: { 1 2 840 113554 1 2 1 1 }
  1: { 1 2 840 113554 1 2 1 4 }
  2: { 1 3 6 1 5 6 4 }
  3: { 1 3 6 1 5 6 6 }
  4: { 1 3 6 1 5 5 15 2 1 }
  5: { 1 3 6 1 5 6 3 }
Signature verified.
### finalize_class::finalize_class(): Constructing
2021-12-16 09:44:16 WARN Shibboleth.Application : no MetadataProvider available, configure at least one for standard SSO usage
2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/bio/bss_file.c, line 288
2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('/etc/shibboleth/sp-signing-key.pem','r')
2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/bio/bss_file.c, line 290
2021-12-16 09:44:16 ERROR XMLTooling.CredentialResolver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibboleth/sp-signing-key.pem).
2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/bio/bss_file.c, line 288
2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('/etc/shibboleth/sp-encrypt-key.pem','r')
2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/bio/bss_file.c, line 290
2021-12-16 09:44:16 ERROR XMLTooling.CredentialResolver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibboleth/sp-encrypt-key.pem).
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_SEQUENCE_FLAG
context flag: GSS_C_CONF_FLAG 
context flag: GSS_C_INTEG_FLAG 
Attribute urn:ietf:params:gss:radius-attribute 79 Authenticated Complete

03070004

Attribute urn:ietf:params:gss:radius-attribute 80 Authenticated Complete

fea2dc1b41a181201e5650cd85cf90f5

Attribute urn:ietf:params:gss:radius-attribute 1 Authenticated Complete

@test.com

40746573742e636f6d

Ubuntufreeradius package

Comment 1 for bug 1955009

Ubuntu
freeradius package