Bug 1032983
Summary: | sssd_be crashes when ad_access_filter uses FOREST keyword. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Kaushik Banerjee <kbanerje> | ||||||
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Kaushik Banerjee <kbanerje> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 7.0 | CC: | dpal, grajaiya, jgalipea, lslebodn, mkosek, pbrezina | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | sssd-1.11.2-23.el7 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2014-06-13 11:23:40 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Created attachment 827128 [details]
gzipped coredump file
Could you tell me version of some dependencies? rpm -qa *sasl* *krb5* Because there are few warnings, while loading coredump warning: .dynamic section for "/lib64/libsasl2.so.3" is not at the expected address (wrong library or version mismatch?) warning: .dynamic section for "/lib64/libkeyutils.so.1" is not at the expected address (wrong library or version mismatch?) warning: .dynamic section for "/lib64/libsamba-util.so.0" is not at the expected address (wrong library or version mismatch?) warning: .dynamic section for "/lib64/libselinux.so.1" is not at the expected address (wrong library or version mismatch?) warning: .dynamic section for "/usr/lib64/sasl2/libanonymous.so" is not at the expected address (wrong library or version mismatch?) warning: .dynamic section for "/usr/lib64/sasl2/libgssapiv2.so" is not at the expected address (wrong library or version mismatch?) warning: .dynamic section for "/usr/lib64/sasl2/libsasldb.so" is not at the expected address (wrong library or version mismatch?) And back trace is unusable. #0 _dl_close_worker (map=map@entry=0x7f6dda84da40) at dl-close.c:750 #1 0x00007f6dd91b229c in _dl_close (_map=0x7f6dda84da40) at dl-close.c:776 #2 0x00007f6dd91ac304 in _dl_catch_error (objname=0x7f6dda7f6040, errstring=0x7f6dda7f6048, mallocedp=0x7f6dda7f6038, operate=0x7f6dd54090e0 <dlclose_doit>, args=0x7f6dda84da40) at dl-error.c:177 #3 0x00007f6dd540962d in _dlerror_run (operate=operate@entry=0x7f6dd54090e0 <dlclose_doit>, args=0x7f6dda84da40) at dlerror.c:163 #4 0x00007f6dd540910f in __dlclose (handle=<optimized out>) at dlclose.c:47 #5 0x00007f6dca7b9515 in krb5int_close_plugin (h=0x7f6dda84d2e0) at plugins.c:412 #6 0x00007f6dca7b99e8 in krb5int_close_plugin_dirs (dirhandle=0x7f6dda848820) at plugins.c:669 #7 0x00007f6dcbbb7176 in krb5_init_context_profile (flags=0, context_out=0x7f6dd93be930 <_rtld_local+2352>) at init_ctx.c:136 #8 0x00007f6dda848f20 in ?? () #9 0x00007f6dc8ca847d in krb5_gss_delete_sec_context (minor_status=0x7fff0ff12f7c, context_handle=0x7f6dda833138, output_token=<optimized out>) at delete_sec_context.c:102 #10 0x00007f6dc8c97f83 in gss_delete_sec_context (minor_status=<optimized out>, context_handle=0x7f6dda844dd8, output_token=<optimized out>) at g_delete_sec_context.c:90 #11 0x00007f6dc8ed0ccf in sasl_gss_seterror_ (utils=0x7f6dd93be930 <_rtld_local+2352>, maj=0, min=3644582192, logonly=-628827600) at gssapi.c:201 #12 0x0000000000000003 in ?? () #13 0x00007fff0ff13008 in ?? () #14 0x00007f6dd41bd350 in default_plugin_path () from /lib64/libsasl2.so.3 #15 0x00007f6dd3fa94c4 in _sasl_print_mechanism (m=0x7f6dda844ae0, stage=SASL_INFO_LIST_START, rock=0x7f6dd93be930 <_rtld_local+2352>) at client.c:1277 #16 0x00007f6dd41bd350 in default_plugin_path () from /lib64/libsasl2.so.3 #17 0x00007f6dd41bd0c0 in _sasl_mutex_utils () from /lib64/libsasl2.so.3 #18 0x00007f6dd3fac4fb in _sasl_alloc_utils (conn=0x3, global_callbacks=0x7f6dda844dc0) at common.c:2036 #19 0x00007f6dda846fb0 in ?? () #20 0x00007f6dda7fb5a0 in ?? () #21 0x00007f6dda833f00 in ?? () #22 0x00007f6dda7fb5a0 in ?? () #23 0x00007f6dd73b6bb0 in ldap_free_connection (ld=0x7f6dd75e4000 <ldap_int_global_options>, lc=0x7fff0ff13008, force=-629164640, unbind=-628893808) at request.c:795 #24 0x00007f6dd73ae477 in ldap_ld_free (ld=0x7f6dda7fb5a0, close=1, sctrls=<optimized out>, cctrls=<optimized out>) at unbind.c:122 #25 0x00007f6dcae31aa8 in sdap_handle_release (sh=0x7f6dda833e00) at src/providers/ldap/sdap_async.c:124 (gdb) l 124 119 /* check if it is still the same or avoid freeing */ 120 if (op == sh->ops) talloc_free(op); 121 } 122 123 if (sh->ldap) { 124 ldap_unbind_ext(sh->ldap, NULL, NULL); <<frame 25 is here 125 sh->ldap = NULL; 126 } 127 128 /* ok, we have done the job, unlock now */ (In reply to Lukas Slebodnik from comment #3) > Could you tell me version of some dependencies? > rpm -qa *sasl* *krb5* # rpm -qa *sasl* *krb5* krb5-libs-1.11.3-19.el7.1.x86_64 cyrus-sasl-2.1.26-12.1.el7.x86_64 cyrus-sasl-lib-2.1.26-12.1.el7.x86_64 cyrus-sasl-gssapi-2.1.26-12.1.el7.x86_64 sssd-krb5-common-1.11.2-1.el7.x86_64 cyrus-sasl-plain-2.1.26-12.1.el7.x86_64 cyrus-sasl-md5-2.1.26-12.1.el7.x86_64 krb5-workstation-1.11.3-19.el7.1.x86_64 sssd-krb5-1.11.2-1.el7.x86_64 cyrus-sasl-scram-2.1.26-12.1.el7.x86_64 Upstream ticket: https://fedorahosted.org/sssd/ticket/2160 #0 0x00007f112bdfd8cd in __strcasecmp_l_sse2 () from /lib64/libc.so.6 #1 0x00007f1122d38f1a in ad_parse_access_filter (dom=<optimized out>, dom=<optimized out>, _filter=0x7f1130417d48, filter_list=<optimized out>, mem_ctx=0x7f1130417d20) at src/providers/ad/ad_access.c:213 #2 ad_access_send (pd=<optimized out>, ctx=0x7f11303fc1c0, domain=0x7f11303cdbc0, be_ctx=<optimized out>, ev=0x7f11303c5640, mem_ctx=0x7f1130419650) at src/providers/ad/ad_access.c:269 #3 ad_access_handler (breq=0x7f1130419650) at src/providers/ad/ad_access.c:429 #4 0x00007f112f633a2f in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0 #5 0x00007f112f634a23 in epoll_event_loop_once () from /lib64/libtevent.so.0 #6 0x00007f112f633107 in std_event_loop_once () from /lib64/libtevent.so.0 #7 0x00007f112f62fbcd in _tevent_loop_once () from /lib64/libtevent.so.0 #8 0x00007f112f62fd6b in tevent_common_loop_wait () from /lib64/libtevent.so.0 #9 0x00007f112f6330a7 in std_event_loop_wait () from /lib64/libtevent.so.0 #10 0x00007f112f8843b3 in server_loop (main_ctx=0x7f11303c6a10) at src/util/server.c:602 #11 0x00007f11300f239b in main (argc=<optimized out>, argv=<optimized out>) at src/providers/data_provider_be.c:2992 In the function ad_parse_access_filter: strcasecmp(spec, dom->forest) was called and dom->forest is NULL Pushed to master: master: 17195241500e46272018d7897d6e87249870caf2 sssd-1-11: 98869bb5e22774dc02dacd93e411975fa839b616 Verified in version 1.11.2-23.el7 Output from beaker automation run: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ad_access_control_09: ad_access_filter=FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'su_success user1_dom1 Secret123' (Expected 0, got 0) :: [ PASS ] :: Running 'su_permission_denied user1_dom2 Secret123' (Expected 0, got 0) :: [ PASS ] :: Running 'su_permission_denied user1_dom3.com Secret123' (Expected 0, got 0) This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Created attachment 827127 [details] Domain log when the crash happens Description of problem: sssd_be crashes when ad_access_filter uses FOREST keyword Version-Release number of selected component (if applicable): sssd-1.11.2-1.el7 How reproducible: Always Steps to Reproduce: 1. In sssd.conf add: ad_access_filter = FOREST:SSSDAD.COM:(memberOf=cn=group1_dom1,cn=Users,dc=sssdad,dc=com) 2. Try to login as a user belonging to group1_dom1. Actual Result: Login fails. sssd_be crashes when trying to login as user from sssdad.com syslog shows: Nov 21 14:22:07 dhcp207-191 kernel: [66380.846301] sssd_be[5797]: segfault at 0 ip 00007fdf469bb8cd sp 00007fff00c23f78 error 4 in libc-2.17.so[7fdf46931000+1b6000] Expected results: sssd_be should not crash Additional info: