Bug 1918433
Summary: | sssd unable to lookup certmap rules | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Scott Poore <spoore> |
Component: | sssd | Assignee: | Sumit Bose <sbose> |
Status: | CLOSED ERRATA | QA Contact: | Scott Poore <spoore> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.4 | CC: | atikhono, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, tscherf |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | sync-to-jira review | ||
Fixed In Version: | sssd-2.4.0-7.el8 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-05-18 15:04:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Scott Poore
2021-01-20 17:20:04 UTC
Upstream ticket: https://github.com/SSSD/sssd/issues/5469 *** Bug 1918429 has been marked as a duplicate of this bug. *** Pushed PR: https://github.com/SSSD/sssd/pull/5470 * `master` * cb936e92041d63f79a74c30bae8140c74a18dbc0 - pam: refresh certificate maps at the end of initial domains lookup * e07eeea7df55ede36ac0978ac904c1bb11188265 - responders: add callback to schedule_get_domains_task() Verified.
Version ::
sssd-client-2.4.0-7.el8.x86_64
Results ::
Since this is a race condition bug, I ran a subset of regression tests multiple times.
I also ran a quick loop attempting to reproduce the scenario:
# for i in {1..10}; do
> systemctl stop sssd; rm -rf /var/lib/sss/{db,mc}/*; systemctl start sssd
> expect -f /tmp/su_test.exp
> done
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
spawn su - ipauser1 -c su - ipauser1 -c "echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output"
PIN for ipauser1:
# cat /tmp/su_test.exp
set timeout 20
set send_slow {1 .1}
spawn su - ipauser1 -c "su - ipauser1 -c \"echo success > /tmp/ipa_sc_test.d/SGFFOTGRHB.output\""
expect {
"PIN for*" {
send -- "redhat\r"
}
"Please select a certificate by typing the corresponding number*" {
send -- "1\r"
exp_continue
}
}
expect eof
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:1666 |