Bug 1032983

Summary: sssd_be crashes when ad_access_filter uses FOREST keyword.
Product: Red Hat Enterprise Linux 7 Reporter: Kaushik Banerjee <kbanerje>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED CURRENTRELEASE QA Contact: Kaushik Banerjee <kbanerje>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.0CC: dpal, grajaiya, jgalipea, lslebodn, mkosek, pbrezina
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.11.2-23.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 11:23:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Domain log when the crash happens
none
gzipped coredump file none

Description Kaushik Banerjee 2013-11-21 10:55:19 UTC 
Created attachment 827127 [details]
Domain log when the crash happens

Description of problem:
sssd_be crashes when ad_access_filter uses FOREST keyword

Version-Release number of selected component (if applicable):
sssd-1.11.2-1.el7

How reproducible:
Always

Steps to Reproduce:
1. In sssd.conf add:
ad_access_filter =
FOREST:SSSDAD.COM:(memberOf=cn=group1_dom1,cn=Users,dc=sssdad,dc=com)

2. Try to login as a user belonging to group1_dom1.

Actual Result:
Login fails. sssd_be crashes when trying to login as user from sssdad.com

syslog shows:
Nov 21 14:22:07 dhcp207-191 kernel: [66380.846301] sssd_be[5797]:
segfault at 0 ip 00007fdf469bb8cd sp 00007fff00c23f78 error 4 in
libc-2.17.so[7fdf46931000+1b6000]

Expected results:
sssd_be should not crash

Additional info:
Comment 1 Kaushik Banerjee 2013-11-21 10:56:57 UTC 
Created attachment 827128 [details]
gzipped coredump file
Comment 3 Lukas Slebodnik 2013-11-21 12:00:31 UTC 
Could you tell me version of some dependencies?
rpm -qa *sasl* *krb5*

Because there are few warnings, while loading coredump
warning: .dynamic section for "/lib64/libsasl2.so.3" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib64/libkeyutils.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib64/libsamba-util.so.0" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib64/libselinux.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib64/sasl2/libanonymous.so" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib64/sasl2/libgssapiv2.so" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib64/sasl2/libsasldb.so" is not at the expected address (wrong library or version mismatch?)


And back trace is unusable.
#0  _dl_close_worker (map=map@entry=0x7f6dda84da40) at dl-close.c:750
#1  0x00007f6dd91b229c in _dl_close (_map=0x7f6dda84da40) at dl-close.c:776
#2  0x00007f6dd91ac304 in _dl_catch_error (objname=0x7f6dda7f6040, errstring=0x7f6dda7f6048, 
    mallocedp=0x7f6dda7f6038, operate=0x7f6dd54090e0 <dlclose_doit>, args=0x7f6dda84da40)
    at dl-error.c:177
#3  0x00007f6dd540962d in _dlerror_run (operate=operate@entry=0x7f6dd54090e0 <dlclose_doit>, 
    args=0x7f6dda84da40) at dlerror.c:163
#4  0x00007f6dd540910f in __dlclose (handle=<optimized out>) at dlclose.c:47
#5  0x00007f6dca7b9515 in krb5int_close_plugin (h=0x7f6dda84d2e0) at plugins.c:412
#6  0x00007f6dca7b99e8 in krb5int_close_plugin_dirs (dirhandle=0x7f6dda848820) at plugins.c:669
#7  0x00007f6dcbbb7176 in krb5_init_context_profile (flags=0, 
    context_out=0x7f6dd93be930 <_rtld_local+2352>) at init_ctx.c:136
#8  0x00007f6dda848f20 in ?? ()
#9  0x00007f6dc8ca847d in krb5_gss_delete_sec_context (minor_status=0x7fff0ff12f7c, 
    context_handle=0x7f6dda833138, output_token=<optimized out>) at delete_sec_context.c:102
#10 0x00007f6dc8c97f83 in gss_delete_sec_context (minor_status=<optimized out>, 
    context_handle=0x7f6dda844dd8, output_token=<optimized out>) at g_delete_sec_context.c:90
#11 0x00007f6dc8ed0ccf in sasl_gss_seterror_ (utils=0x7f6dd93be930 <_rtld_local+2352>, maj=0, 
    min=3644582192, logonly=-628827600) at gssapi.c:201
#12 0x0000000000000003 in ?? ()
#13 0x00007fff0ff13008 in ?? ()
#14 0x00007f6dd41bd350 in default_plugin_path () from /lib64/libsasl2.so.3
#15 0x00007f6dd3fa94c4 in _sasl_print_mechanism (m=0x7f6dda844ae0, stage=SASL_INFO_LIST_START, 
    rock=0x7f6dd93be930 <_rtld_local+2352>) at client.c:1277
#16 0x00007f6dd41bd350 in default_plugin_path () from /lib64/libsasl2.so.3
#17 0x00007f6dd41bd0c0 in _sasl_mutex_utils () from /lib64/libsasl2.so.3
#18 0x00007f6dd3fac4fb in _sasl_alloc_utils (conn=0x3, global_callbacks=0x7f6dda844dc0)
    at common.c:2036
#19 0x00007f6dda846fb0 in ?? ()
#20 0x00007f6dda7fb5a0 in ?? ()
#21 0x00007f6dda833f00 in ?? ()
#22 0x00007f6dda7fb5a0 in ?? ()
#23 0x00007f6dd73b6bb0 in ldap_free_connection (ld=0x7f6dd75e4000 <ldap_int_global_options>, 
    lc=0x7fff0ff13008, force=-629164640, unbind=-628893808) at request.c:795
#24 0x00007f6dd73ae477 in ldap_ld_free (ld=0x7f6dda7fb5a0, close=1, sctrls=<optimized out>, 
    cctrls=<optimized out>) at unbind.c:122
#25 0x00007f6dcae31aa8 in sdap_handle_release (sh=0x7f6dda833e00)
    at src/providers/ldap/sdap_async.c:124

(gdb) l 124
119             /* check if it is still the same or avoid freeing */
120             if (op == sh->ops) talloc_free(op);
121         }
122
123         if (sh->ldap) {
124             ldap_unbind_ext(sh->ldap, NULL, NULL); <<frame 25 is here
125             sh->ldap = NULL;
126         }
127
128         /* ok, we have done the job, unlock now */
Comment 4 Kaushik Banerjee 2013-11-21 12:04:58 UTC 
(In reply to Lukas Slebodnik from comment #3)
> Could you tell me version of some dependencies?
> rpm -qa *sasl* *krb5*

# rpm -qa *sasl* *krb5*
krb5-libs-1.11.3-19.el7.1.x86_64
cyrus-sasl-2.1.26-12.1.el7.x86_64
cyrus-sasl-lib-2.1.26-12.1.el7.x86_64
cyrus-sasl-gssapi-2.1.26-12.1.el7.x86_64
sssd-krb5-common-1.11.2-1.el7.x86_64
cyrus-sasl-plain-2.1.26-12.1.el7.x86_64
cyrus-sasl-md5-2.1.26-12.1.el7.x86_64
krb5-workstation-1.11.3-19.el7.1.x86_64
sssd-krb5-1.11.2-1.el7.x86_64
cyrus-sasl-scram-2.1.26-12.1.el7.x86_64
Comment 5 Jakub Hrozek 2013-11-21 12:55:54 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2160
Comment 6 Lukas Slebodnik 2013-11-21 15:40:41 UTC 
#0  0x00007f112bdfd8cd in __strcasecmp_l_sse2 () from /lib64/libc.so.6
#1  0x00007f1122d38f1a in ad_parse_access_filter (dom=<optimized out>, 
    dom=<optimized out>, _filter=0x7f1130417d48, filter_list=<optimized out>, 
    mem_ctx=0x7f1130417d20) at src/providers/ad/ad_access.c:213
#2  ad_access_send (pd=<optimized out>, ctx=0x7f11303fc1c0, 
    domain=0x7f11303cdbc0, be_ctx=<optimized out>, ev=0x7f11303c5640, 
    mem_ctx=0x7f1130419650) at src/providers/ad/ad_access.c:269
#3  ad_access_handler (breq=0x7f1130419650) at src/providers/ad/ad_access.c:429
#4  0x00007f112f633a2f in tevent_common_loop_timer_delay ()
   from /lib64/libtevent.so.0
#5  0x00007f112f634a23 in epoll_event_loop_once () from /lib64/libtevent.so.0
#6  0x00007f112f633107 in std_event_loop_once () from /lib64/libtevent.so.0
#7  0x00007f112f62fbcd in _tevent_loop_once () from /lib64/libtevent.so.0
#8  0x00007f112f62fd6b in tevent_common_loop_wait () from /lib64/libtevent.so.0
#9  0x00007f112f6330a7 in std_event_loop_wait () from /lib64/libtevent.so.0
#10 0x00007f112f8843b3 in server_loop (main_ctx=0x7f11303c6a10)
    at src/util/server.c:602
#11 0x00007f11300f239b in main (argc=<optimized out>, argv=<optimized out>)
    at src/providers/data_provider_be.c:2992

In the function ad_parse_access_filter:
  strcasecmp(spec, dom->forest) was called and dom->forest is NULL
Comment 7 Jakub Hrozek 2014-01-09 10:57:32 UTC 
Pushed to master:
    master: 17195241500e46272018d7897d6e87249870caf2
    sssd-1-11: 98869bb5e22774dc02dacd93e411975fa839b616
Comment 9 Kaushik Banerjee 2014-01-14 12:38:53 UTC 
Verified in version 1.11.2-23.el7

Output from beaker automation run:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ad_access_control_09: ad_access_filter=FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'su_success user1_dom1 Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_permission_denied user1_dom2 Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_permission_denied user1_dom3.com Secret123' (Expected 0, got 0)
Comment 10 Ludek Smid 2014-06-13 11:23:40 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.