Bug 1396485
Summary: | sssd_be keeps crashing if id_provider=ad or ipa and auth_provider=krb5 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Marcel Kolaja <mkolaja> |
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
Status: | CLOSED ERRATA | QA Contact: | Steeve Goveas <sgoveas> |
Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
Priority: | high | ||
Version: | 7.3 | CC: | ashbyj, cww, grajaiya, jhrozek, jstephen, lslebodn, minyu, mkolaja, mkosek, mupadhye, mzidek, pbrezina, sbose, sgoveas, sssd-maint, striker, tscherf |
Target Milestone: | rc | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.14.0-43.el7_3.6 | Doc Type: | Bug Fix |
Doc Text: |
Previously, if the "ipa" or "ad" subdomain provider was set in the /etc/sssd/sssd.conf file, the System Security Services Daemon (SSSD) accessed only data that the respective authentication provider sets up. As a consequence, if the user configured the "ipa" or "ad" subdomain provider with a different authentication provider, SSSD accessed uninitialized memory and terminated unexpectedly. A patch has been applied and SSSD now only accesses data if the same authentication and subdomain provider are configured. As a result, SSSD no longer fails in the described scenario.
|
Story Points: | --- |
Clone Of: | 1392444 | Environment: | |
Last Closed: | 2017-01-17 18:09:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1392444 | ||
Bug Blocks: |
Description
Marcel Kolaja
2016-11-18 13:13:09 UTC
Tested with sssd-1.14.0-43.el7_3.11.x86_64 Steps followed during verification: 1) Configure sssd on client. 2) Set id_provider=ad and auth_provider= krb5 in sssd.conf. 3) Start the sssd service. # cat /etc/sssd/sssd.conf | grep provider id_provider = ad auth_provider = krb5 # systemctl status sssd ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/sssd.service.d └─journal.conf Active: active (running) since Thu 2017-01-05 12:33:31 EST; 5min ago Process: 4212 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS) Main PID: 4213 (sssd) CGroup: /system.slice/sssd.service ├─4213 /usr/sbin/sssd -D -f ├─4214 /usr/libexec/sssd/sssd_be --domain EXAMPLE.COM --uid 0 --gid 0 --debug-to-files ├─4215 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files └─4216 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 –debug-to-files # getent passwd test test:*:715401139:715400513:test:/home/EXAMPLE.COM/test:/bin/bash # id test uid=715401139(test) gid=715400513(domain users) groups=715400513(domain users) *** Bug 1412170 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0078.html |