Bug 1667252
Summary: | crash when requesting extra attributes | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Jakub Hrozek <jhrozek> |
Component: | sssd | Assignee: | Pavel Březina <pbrezina> |
Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.0 | CC: | agk, grajaiya, jhrozek, lslebodn, mniranja, mzidek, pbrezina, sgoveas, tscherf, wchadwic |
Target Milestone: | rc | ||
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-2.1.0-1.el8 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-05 22:34:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1682305 | ||
Bug Blocks: |
Description
Jakub Hrozek
2019-01-17 20:51:25 UTC
* master: bc1e8ffd5cca74aa8408c1c6bce0a3cf42a0974b Version: sssd-nfs-idmap-2.0.0-1.el8.x86_64 sssd-client-2.0.0-1.el8.x86_64 sssd-common-pac-2.0.0-1.el8.x86_64 sssd-proxy-2.0.0-1.el8.x86_64 sssd-tools-2.0.0-1.el8.x86_64 python3-sssdconfig-2.0.0-1.el8.noarch sssd-krb5-common-2.0.0-1.el8.x86_64 sssd-ad-2.0.0-1.el8.x86_64 sssd-ldap-2.0.0-1.el8.x86_64 sssd-2.0.0-1.el8.x86_64 sssd-common-2.0.0-1.el8.x86_64 sssd-krb5-2.0.0-1.el8.x86_64 sssd-ipa-2.0.0-1.el8.x86_64 sssd-dbus-2.0.0-1.el8.x86_64 I am trying to reproduce the issue on 8.1 with above installed versions. [sssd] config_file_version = 2 services = nss, pam, ifp domains = example1 [domain/example1] ldap_search_base = dc=example,dc=test id_provider = ldap auth_provider = ldap ldap_user_home_directory = /export/home/%u ldap_uri = ldaps://cdardine.testrelm.test ldap_tls_cacert = /etc/openldap/cacerts/cacert.pem use_fully_qualified_names = True debug_level = 9 ldap_user_extra_attrs = test:blablabla [ifp] user_attributes = +test when i run sssctl user-check foo1@example1, i don't see any sssd crash. [root@katherine ~]# sssctl user-checks foo1@example1 user: foo1@example1 action: acct service: system-auth SSSD nss user lookup result: - user name: foo1@example1 - user id: 14583101 - group id: 14564100 - gecos: foo1 User - home directory: / - shell: /bin/bash SSSD InfoPipe user lookup result: - name: foo1@example1 - uidNumber: 14583101 - gidNumber: 14564100 - gecos: foo1 User - homeDirectory: not set - loginShell: /bin/bash testing pam_acct_mgmt pam_acct_mgmt: Success Can you let me know if there is anything i am missing , I believe the extra attributes must actually exist. So instead of 'blablabla' which you would need to extend the ldap schema in order to create it on the user object, use 'homeDirectory' which already exist. Even when i set with attribute of Home Directory which actually exists: [root@katherine ~]# ldapsearch -x -b "dc=example,dc=test" -D "cn=Directory Manager" -w Secret123 -h cdardine.testrelm.test uid=foo1 homeDirectory -LLL dn: uid=foo1,ou=People,dc=example,dc=test homeDirectory: /home/foo1 [root@katherine ~]# sssctl user-checks foo1@example1 user: foo1@example1 action: acct service: system-auth SSSD nss user lookup result: - user name: foo1@example1 - user id: 14583101 - group id: 14564100 - gecos: foo1 User - home directory: / - shell: /bin/bash SSSD InfoPipe user lookup result: - name: foo1@example1 - uidNumber: 14583101 - gidNumber: 14564100 - gecos: foo1 User - homeDirectory: not set - loginShell: /bin/bash testing pam_acct_mgmt pam_acct_mgmt: Success PAM Environment: - no env - I didn't notice any crash Reproducing the issue: ====================== Red Hat Enterprise Linux release 8.0 (Ootpa) [root@dell-r730-015 ~]# rpm -qa | grep sss sssd-common-pac-2.0.0-43.el8.x86_64 sssd-ldap-2.0.0-43.el8.x86_64 python3-sssdconfig-2.0.0-43.el8.noarch sssd-tools-2.0.0-43.el8.x86_64 libsss_idmap-2.0.0-43.el8.x86_64 libsss_autofs-2.0.0-43.el8.x86_64 libsss_certmap-2.0.0-43.el8.x86_64 sssd-nfs-idmap-2.0.0-43.el8.x86_64 sssd-kcm-2.0.0-43.el8.x86_64 libsss_nss_idmap-2.0.0-43.el8.x86_64 sssd-krb5-2.0.0-43.el8.x86_64 sssd-proxy-2.0.0-43.el8.x86_64 sssd-2.0.0-43.el8.x86_64 sssd-dbus-2.0.0-43.el8.x86_64 python3-sss-2.0.0-43.el8.x86_64 sssd-krb5-common-2.0.0-43.el8.x86_64 sssd-ad-2.0.0-43.el8.x86_64 sssd-ipa-2.0.0-43.el8.x86_64 libsss_simpleifp-2.0.0-43.el8.x86_64 sssd-client-2.0.0-43.el8.x86_64 sssd-common-2.0.0-43.el8.x86_64 libsss_sudo-2.0.0-43.el8.x86_64 Configure sssd.conf as shown below: [sssd] config_file_version = 2 services = nss, pam, ifp domains = example1 [domain/example1] ldap_search_base = dc=example,dc=test id_provider = ldap auth_provider = ldap ldap_user_home_directory = /home/%u ldap_uri = ldaps://dell-r730-015.dsal.lab.eng.rdu2.redhat.com ldap_tls_cacert = /etc/openldap/cacerts/cacert.pem use_fully_qualified_names = True debug_level = 9 ldap_user_extra_attrs = test:homeDirectory [ifp] user_attributes = +test [root@dell-r730-015 ~]# id foo1@example1 uid=14583101(foo1@example1) gid=14564100(ldapusers@example1) groups=14564100(ldapusers@example1) User's foo entry in cache # record 2 dn: name=foo1@example1,cn=users,cn=example1,cn=sysdb createTimestamp: 1567504649 fullName: foo1 User gecos: foo1 User gidNumber: 14564100 loginShell: /bin/bash name: foo1@example1 objectCategory: user uidNumber: 14583101 originalDN: uid=foo1,ou=People,dc=example,dc=test originalModifyTimestamp: 20190903095525Z entryUSN: 20190903095525Z mail: foo1 test: /home/foo1 nameAlias: foo1@example1 isPosix: TRUE lastUpdate: 1567504649 dataExpireTimestamp: 1567510049 initgrExpireTimestamp: 1567510049 distinguishedName: name=foo1@example1,cn=users,cn=example1,cn=sysdb [root@dell-r730-015 ~]# sssctl user-checks foo1@example1 user: foo1@example1 action: acct service: system-auth SSSD nss user lookup result: - user name: foo1@example1 - user id: 14583101 - group id: 14564100 - gecos: foo1 User - home directory: - shell: /bin/bash InfoPipe operation failed. Check that SSSD is running and the InfoPipe responder is enabled. Make sure 'ifp' is listed in the 'services' option in sssd.conf.InfoPipe User lookup with [foo1@example1] failed. testing pam_acct_mgmt pam_acct_mgmt: Success PAM Environment: - no env - sssd-ifp coredumps : Sep 03 05:57:29 dell-r730-015.dsal.lab.eng.rdu2.redhat.com systemd-coredump[28368]: Process 28356 (sssd_ifp) of user 0 dumped core. Stack trace of thread 28356: #0 0x00007f5e6930593f raise (libc.so.6) #1 0x00007f5e692efc95 abort (libc.so.6) #2 0x00007f5e696a282d _dbus_abort.cold.0 (libdbus-1.so.3) #3 0x00007f5e696c4c20 _dbus_warn_check_failed (libdbus-1.so.3) #4 0x00007f5e696b654f dbus_message_iter_open_container (libdbus-1.so.3) #5 0x00007f5e69f316c7 sbus_copy_iterator_value.part.0 (libsss_sbus.so) #6 0x00007f5e69f316d6 sbus_copy_iterator_value.part.0 (libsss_sbus.so) #7 0x00007f5e69f316d6 sbus_copy_iterator_value.part.0 (libsss_sbus.so) #8 0x00007f5e69f326c8 sbus_properties_getall_done (libsss_sbus.so) #9 0x00007f5e69b05bd9 tevent_common_invoke_timer_handler (libtevent.so.0) #10 0x00007f5e69b05d7e tevent_common_loop_timer_delay (libtevent.so.0) #11 0x00007f5e69b07219 epoll_event_loop_once (libtevent.so.0) #12 0x00007f5e69b051bb std_event_loop_once (libtevent.so.0) #13 0x00007f5e69b00395 _tevent_loop_once (libtevent.so.0) #14 0x00007f5e69b0063b tevent_common_loop_wait (libtevent.so.0) #15 0x00007f5e69b0514b std_event_loop_wait (libtevent.so.0) #16 0x00007f5e6cfbaa07 server_loop (libsss_util.so) #17 0x000055c77c9cf24d main (sssd_ifp) #18 0x00007f5e692f1813 __libc_start_main (libc.so.6) #19 0x000055c77c9cf2de _start (sssd_ifp) Update sssd to latest from 8.1: libsss_certmap-2.2.0-16.el8.x86_64 libsss_autofs-2.0.0-43.el8.x86_64 sssd-common-2.2.0-16.el8.x86_64 sssd-ad-2.2.0-16.el8.x86_64 sssd-proxy-2.2.0-16.el8.x86_64 sssd-tools-2.2.0-16.el8.x86_64 sssd-nfs-idmap-2.0.0-43.el8.x86_64 libsss_nss_idmap-2.0.0-43.el8.x86_64 libsss_idmap-2.2.0-16.el8.x86_64 sssd-client-2.2.0-16.el8.x86_64 sssd-krb5-common-2.2.0-16.el8.x86_64 sssd-dbus-2.2.0-16.el8.x86_64 sssd-krb5-2.2.0-16.el8.x86_64 python3-sss-2.2.0-16.el8.x86_64 sssd-2.2.0-16.el8.x86_64 libsss_simpleifp-2.2.0-16.el8.x86_64 python3-sssdconfig-2.2.0-16.el8.noarch libsss_sudo-2.0.0-43.el8.x86_64 sssd-common-pac-2.2.0-16.el8.x86_64 sssd-ldap-2.2.0-16.el8.x86_64 sssd-ipa-2.2.0-16.el8.x86_64 sssd-kcm-2.2.0-16.el8.x86_64 [root@dell-r730-015 yum.repos.d]# sssctl user-checks foo1@example1 user: foo1@example1 action: acct service: system-auth SSSD nss user lookup result: - user name: foo1@example1 - user id: 14583101 - group id: 14564100 - gecos: foo1 User - home directory: - shell: /bin/bash SSSD InfoPipe user lookup result: - name: foo1@example1 - uidNumber: 14583101 - gidNumber: 14564100 - gecos: foo1 User - homeDirectory: not set - loginShell: /bin/bash - test: /home/foo1 testing pam_acct_mgmt pam_acct_mgmt: Success PAM Environment: - no env - ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-09-03 06:09:29 EDT; 1min 19s ago Main PID: 30075 (sssd) Tasks: 6 (limit: 39320) Memory: 40.4M CGroup: /system.slice/sssd.service ├─30075 /usr/sbin/sssd -i --logger=files ├─30076 /usr/libexec/sssd/sssd_be --domain implicit_files --uid 0 --gid 0 --logger=files ├─30077 /usr/libexec/sssd/sssd_be --domain example1 --uid 0 --gid 0 --logger=files ├─30079 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files ├─30080 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files └─30081 /usr/libexec/sssd/sssd_ifp --uid 0 --gid 0 --logger=files Sep 03 06:09:28 dell-r730-015.dsal.lab.eng.rdu2.redhat.com sssd[30075]: (Tue Sep 3 06:09:28 2019) [sssd[be[example1]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x564942e2e650 Sep 03 06:09:28 dell-r730-015.dsal.lab.eng.rdu2.redhat.com sssd[30075]: (Tue Sep 3 06:09:28 2019) [sssd[be[example1]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x564942e2e720 Sep 03 06:09:28 dell-r730-015.dsal.lab.eng.rdu2.redhat.com sssd[30075]: (Tue Sep 3 06:09:28 2019) [sssd[be[example1]]] [ldb] (0x4000): Running timer event 0x564942e2e650 "ltdb_callback" Sep 03 06:09:28 dell-r730-015.dsal.lab.eng.rdu2.redhat.com sssd[30075]: (Tue Sep 3 06:09:28 2019) [sssd[be[example1]]] [ldb] (0x4000): Destroying timer event 0x564942e2e720 "ltdb_timeout" Sep 03 06:09:28 dell-r730-015.dsal.lab.eng.rdu2.redhat.com sssd[30075]: (Tue Sep 3 06:09:28 2019) [sssd[be[example1]]] [ldb] (0x4000): Destroying timer event 0x564942e2e650 "ltdb_callback" Sep 03 06:09:28 dell-r730-015.dsal.lab.eng.rdu2.redhat.com sssd[be[example1]][30077]: Starting up Sep 03 06:09:29 dell-r730-015.dsal.lab.eng.rdu2.redhat.com sssd[nss][30079]: Starting up Sep 03 06:09:29 dell-r730-015.dsal.lab.eng.rdu2.redhat.com sssd[pam][30080]: Starting up Sep 03 06:09:29 dell-r730-015.dsal.lab.eng.rdu2.redhat.com sssd[ifp][30081]: Starting up Sep 03 06:09:29 dell-r730-015.dsal.lab.eng.rdu2.redhat.com systemd[1]: Started System Security Services Daemon. No crashes seen. Marking it verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3651 |