Bug 1147497

Summary: duplicate sss module in nsswitch breaks sudo
Product: Red Hat Enterprise Linux 7 Reporter: Daniel Kopeček <dkopecek>
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED ERRATA QA Contact: Eduard Benes <ebenes>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.0CC: dkopecek, ebenes, extras-qa, jhrozek, kzak, pkis, pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sudo-1.8.6p7-12.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1133657 Environment:
Last Closed: 2015-03-05 11:06:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1133657, 1147498    
Bug Blocks:    

Description Daniel Kopeček 2014-09-29 12:15:44 UTC 
+++ This bug was initially created as a clone of Bug #1133657 +++

Description of problem:
As a result of ipa-client-install bug[1] my machine had the following nsswitch entry:
# grep sudo /etc/nsswitch.conf
sudoers: files sss sss

This broke sudo completely, the sudo binary never finishes.

Version-Release number of selected component (if applicable):
sudo-1.8.8-7.fc21.x86_64

How reproducible:
easy peasy

Steps to Reproduce:
1. put "sudoers: files sss sss" into nsswitch.conf
2. sudo ls
3.

Actual results:
sudo hangs

Expected results:
sudo runs to completion

Additional info:
[1] https://fedorahosted.org/freeipa/ticket/4508

This is the backtrace I'm seeing:
(gdb) bt
#0  0x00007f7f234cc21a in __libc_waitpid (pid=pid@entry=21813, stat_loc=stat_loc@entry=0x7fffbc70f64c, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:31
#1  0x00007f7f1c38944a in send_mail (fmt=fmt@entry=0x7f7f1c3b78a0 "%s") at ./logging.c:597
#2  0x00007f7f1c389e6c in vlog_warning (flags=flags@entry=8, fmt=fmt@entry=0x7f7f1c3b919e "problem with defaults entries", ap=ap@entry=0x7fffbc70faf0) at ./logging.c:467
#3  0x00007f7f1c38a7ad in log_warning (flags=flags@entry=8, fmt=fmt@entry=0x7f7f1c3b919e "problem with defaults entries") at ./logging.c:513
#4  0x00007f7f1c391c3b in sudoers_policy_init (info=info@entry=0x7fffbc70fc80, envp=envp@entry=0x7fffbc70ff08) at ./sudoers.c:158
#5  0x00007f7f1c38d4ed in sudoers_policy_open (version=65540, conversation=0x7f7f24249e30 <sudo_conversation>, plugin_printf=0x7f7f2425cde0 <_sudo_printf>, settings=0x7f7f24c8e080, 
    user_info=0x7f7f24c8c110, envp=0x7fffbc70ff08, args=0x0) at ./policy.c:547
#6  0x00007f7f242485f4 in policy_open (plugin=<optimized out>, plugin=<optimized out>, user_env=<optimized out>, user_info=<optimized out>, settings=<optimized out>) at ./sudo.c:1100
#7  main (argc=3, argv=0x7f7f24c8e080, envp=0x7fffbc70ff08) at ./sudo.c:206
(gdb) quit

--- Additional comment from Daniel Kopeček on 2014-09-15 08:18:20 EDT ---

Confirmed and reported upstream.

--- Additional comment from Daniel Kopeček on 2014-09-15 08:22:53 EDT ---

Proposed patch for the most recent upstream version. I'll fix this in Fedora as soon as upstream accepts the patch or pushes a better fix.
Comment 6 errata-xmlrpc 2015-03-05 11:06:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0515.html