Bug 1340176

Summary: The AD keytab renewal task leaks a file descriptor
Product: Red Hat Enterprise Linux 6 Reporter: Jakub Hrozek <jhrozek>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Steeve Goveas <sgoveas>
Severity: urgent Docs Contact: Aneta Šteflová Petrová <apetrova>
Priority: urgent    
Version: 6.0CC: apetrova, dlavu, ekeck, enewland, grajaiya, jhrozek, lslebodn, mkolaja, mkosek, mzidek, pbrezina, sgoveas
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: sssd-1.13.3-25.el6 Doc Type: Bug Fix
Doc Text:
Attempts to renew the system password in a keytab no longer cause SSSD to stop working When attempting to renew the system password stored in a keytab, System Security Services Daemon (SSSD) leaked a file descriptor. The leaked file descriptors gradually accumulated, which caused SSSD to stop working. With this update, SSSD no longer leaks file descriptors in this situation. As a result, SSSD is able to keep updating the system password without the described negative impact on the system.
 Story Points: ---
Clone Of:
: 1344657 (view as bug list) Environment:
Last Closed: 2017-03-21 09:56:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1344657    

Description Jakub Hrozek 2016-05-26 15:46:58 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/3017

The renewal task opens a write_to_child_fd but never closes it, leading to a leak of fd.
Comment 1 Jakub Hrozek 2016-05-26 15:49:54 UTC 
To reproduce, configure sssd to renew the machine credentials frequently and watch /proc/$(pidof sssd_be)/fds. With the unpatched version, sssd will leak a file descriptor after each iteration and you should see a new fd as a new number in the /proc output. With the patched version, the number of fds should be stable (after the initial connections are established).
Comment 2 Jakub Hrozek 2016-05-26 15:50:24 UTC 
Steeve, can you please qa_ack this bug given the reproducer above?
Comment 3 Jakub Hrozek 2016-05-26 15:51:18 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/3006
Comment 4 Jakub Hrozek 2016-05-31 11:22:51 UTC 
Fixed in:
    master: 518f5b83fd546e3188da01e4743ddb27a574e08f
    sssd-1-13: 312d211e03b9f3769a0362f1767cc59792e32746 
and:
    master: 45e11be651dbd3855a35de4abd2922e5b9d4b963
    sssd-1-13: 2fb750062a665dbf318b5ffb2e53f1060e43b8dc
Comment 11 Dan Lavu 2016-07-01 17:29:52 UTC 
Verified.

Failing in sssd-1.13.3-22.el6.

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bug_automation_013: bz1340176 - The AD keytab renewal task leaks a file descriptor
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 12:33:36 ] :: File descriptors on initial start: 22
:: [ 12:35:36 ] :: File descriptors open after running for 2 minutes: 33
:: [ 12:37:36 ] :: File descriptors open after running for 4 minutes: 45


Working in sssd-client-1.13.3-25.el6

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bug_automation_013: bz1340176 - The AD keytab renewal task leaks a file descriptor
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 13:25:31 ] :: File descriptors open on initial start: 22
:: [ 13:27:31 ] :: File descriptors open after running for 2 minutes: 22
:: [ 13:29:31 ] :: File descriptors open after running for 4 minutes: 22
Comment 16 Dan Lavu 2016-12-21 15:41:56 UTC 
Now verifying the right bug, against version 1.13.3-54.el6.


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: The AD keytab renewal task leaks a file descriptor bz1340176
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: File descriptors open on initial start: 4
:: [   LOG    ] :: File descriptors open after running for 2 minutes: 4
:: [   LOG    ] :: File descriptors open after running for 4 minutes: 4
:: [   PASS   ] :: File descriptors are not increasing 
:: [   LOG    ] :: Duration: 4m 16s
:: [   LOG    ] :: Assertions: 1 good, 0 bad
:: [   PASS   ] :: RESULT: The AD keytab renewal task leaks a file descriptor bz1340176
Comment 18 errata-xmlrpc 2017-03-21 09:56:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0632.html