Bug 513038

Summary: sss_groupmod: Aborted (core dumped) Adding circular nested groups
Product: [Fedora] Fedora Reporter: Jenny Severance <jgalipea>
Component: sssdAssignee: Simo Sorce <ssorce>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 11CC: jhrozek, sbose, sgallagh, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-12 13:40:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jenny Severance 2009-07-21 18:07:04 UTC 
Description of problem:
If you create two groups and add the second group as a member of the first group, subsequently adding the first group as a member of the second group aborts and dumps core.

[root@jennyF11 sssd]# sss_groupmod -a group1000 group1001
Aborted (core dumped)

gbd debug:

Core was generated by `sss_groupmod -a group1000 group1001'.
Program terminated with signal 6, Aborted.
#0  0x0099e424 in __kernel_vsyscall ()

However, it appears to be successful:

dn: name=group1000,cn=groups,cn=LOCAL,cn=sysdb
objectClass: group
name: group1000
gidNumber: 1000
createTimestamp: 1248199094
memberof: name=group1001,cn=groups,cn=LOCAL,cn=sysdb
member: name=group1001,cn=groups,cn=LOCAL,cn=sysdb
distinguishedName: name=group1000,cn=groups,cn=LOCAL,cn=sysdb

# record 2
dn: cn=Groups,cn=LOCAL,cn=sysdb
cn: groups
description: Local POSIX groups
distinguishedName: cn=Groups,cn=LOCAL,cn=sysdb

# record 3
dn: name=group1001,cn=groups,cn=LOCAL,cn=sysdb
objectClass: group
name: group1001
gidNumber: 1001
createTimestamp: 1248199115
member: name=group1000,cn=groups,cn=LOCAL,cn=sysdb
memberof: name=group1000,cn=groups,cn=LOCAL,cn=sysdb
distinguishedName: name=group1001,cn=groups,cn=LOCAL,cn=sysdb

Then trying to delete the first group also results in Aborted (core dumped)
[root@jennyF11 sssd]# sss_groupdel group1000
Aborted (core dumped)

gdb debug:
Core was generated by `sss_groupdel group1000'.
Program terminated with signal 6, Aborted.
#0  0x0031c424 in __kernel_vsyscall ()

However, again it appears to be successful:

[root@jennyF11 sssd]# ldbsearch -H /var/lib/sss/db/sssd.ldb -b "cn=groups,cn=LOCAL,cn=sysdb"
asq: Unable to register control with rootdse!
# record 1
dn: cn=Groups,cn=LOCAL,cn=sysdb
cn: groups
description: Local POSIX groups
distinguishedName: cn=Groups,cn=LOCAL,cn=sysdb

# record 2
dn: name=group1001,cn=groups,cn=LOCAL,cn=sysdb
objectClass: group
name: group1001
gidNumber: 1001
createTimestamp: 1248199115
distinguishedName: name=group1001,cn=groups,cn=LOCAL,cn=sysdb

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. sss_groupadd -g 1000 group1000
2. sss_groupadd -g 1001 group1001
3. sss_groupmod -a group1001 group1000
4. sss_groupmod -a group1000 group1001
    Aborted (core dumped)
5. sss_groupdel group1000
  
Actual results:
Aborted (core dumped)

Expected results:


Additional info:

[root@jennyF11 sssd]# uname -a
Linux jennyF11 2.6.29.5-191.fc11.i686.PAE #1 SMP Tue Jun 16 23:19:53 EDT 2009 i686 i686 i386 GNU/Linux

[root@jennyF11 sssd]# rpm -qa sssd
sssd-0.4.1-1.fc11.i586

sssd.conf LOCAL configuration:
[domains]
description = Domains served by SSSD
domains = LOCAL

[domains/LOCAL]
description = LOCAL Users domain
enumerate = 3
minId = 1000
maxId = 1010
legacy = FALSE
magicPrivateGroups = TRUE
provider = local
Comment 1 Jakub Hrozek 2009-07-30 15:38:24 UTC 
The backtrace looks like this:
---
#0  0x00000035a9a332f5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00000035a9a34b20 in *__GI_abort () at abort.c:88
#2  0x0000003eaf20183c in ?? () from /usr/lib64/libtalloc.so.1
#3  0x0000003eaf206a81 in talloc_free () from /usr/lib64/libtalloc.so.1
#4  0x00007ffff21645d9 in mbof_next_add_callback (req=<value optimized out>, ares=0x637330) at ldb_modules/memberof.c:433
#5  0x00007ffff7dced7f in ltdb_callback (ev=<value optimized out>, te=<value optimized out>, t={tv_sec = 0, tv_usec = 0}, 
    private_data=<value optimized out>) at ldb_tdb/ldb_tdb.c:1120
#6  0x0000003eada02f25 in tevent_common_loop_timer_delay (ev=0x61d940) at tevent_timed.c:254
#7  0x0000003eada0455b in std_event_loop_once (ev=0x61d940) at tevent_standard.c:543
#8  0x0000000000404d67 in main (argc=<value optimized out>, argv=<value optimized out>) at tools/sss_groupmod.c:445
---

Which looks like a bug in memberof, not the tool itself, so I'll leave this bug assigned to Simo.
Comment 2 Stephen Gallagher 2010-01-12 13:40:32 UTC 
Core dump is no longer present in sssd-1.0.1-1.fc11