Bug 824616

Summary: sssd_nss crashes when configured with use_fully_qualified_names = true
Product: Red Hat Enterprise Linux 6 Reporter: Kaushik Banerjee <kbanerje>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.3CC: apeetham, grajaiya, jgalipea, prc
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.8.0-30.el6 Doc Type: Bug Fix
Doc Text:
No documentation required
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 11:45:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 826592    
Attachments:
Description Flags
crash backtrace none

Description Kaushik Banerjee 2012-05-23 20:28:22 UTC 
Created attachment 586452 [details]
crash backtrace

Description of problem:
sssd_nss crashes when configured with use_fully_qualified_names = true

Version-Release number of selected component (if applicable):
sssd-1.8.0-29.el6.i686

How reproducible:
Always

Steps to Reproduce:
1. Add users/groups on ldap server as follows:
 
dn: uid=user1,ou=People,dc=example,dc=com
cn: User1
uid: user1
uidNumber: 3000
gidNumber: 3000
homeDirectory: /export/user1
objectClass: top
objectClass: posixAccount
 
dn: uid=user2,ou=People,dc=example,dc=com
cn: User2
uid: user2
uidNumber: 3001
gidNumber: 3001
homeDirectory: /export/user2
objectClass: top
objectClass: posixAccount
 
dn: cn=child,ou=Groups,dc=example,dc=com
gidNumber: 4001
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: child
memberUid: user2
 
dn: cn=parent,ou=Groups,dc=example,dc=com
gidNumber: 4000
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: parent
memberUid: child
memberUid: user1
 

2. Configure sssd for lookup via proxy provider:
 
[domain/PROXY]
id_provider = proxy
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
enumerate = true
debug_level = 0xFFF0
use_fully_qualified_names = TRUE
cache_credentials = TRUE
 
3. Lookup group
# getent -s ldap group child
child:*:4001:user2

# getent -s sss group child@PROXY   <== crashes here

Actual results:
sssd_nss crashes

Expected results:
sssd_nss should not crash

Additional info:
Comment 1 Stephen Gallagher 2012-05-23 20:31:05 UTC 
Patch is available upstream and is trivial (simple typo).
Comment 7 Amith 2012-05-29 14:11:34 UTC 
Verified the bug on sssd-1.8.0-31.el6. This bug was discovered during the automation runs on RHEL-6.3 i386 and ppc64 architecutures against sssd version:1.8.0-28.el6. 
All the automation runs against the latest build passed. Please review the related beaker output below:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: SSSD proxy-ldap test 022 >>> id Command and Group Memberships
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

adding new entry "uid=user1,ou=People,dc=example,dc=com"

adding new entry "uid=user2,ou=People,dc=example,dc=com"

adding new entry "cn=child,ou=Groups,dc=example,dc=com"

adding new entry "cn=parent,ou=Groups,dc=example,dc=com"

:: [   PASS   ] :: Running '/usr/bin/ldapmodify -x -h dell-pe1855-02.rhts.eng.bos.redhat.com -p 389 -D "cn=Directory Manager" -w Secret123 -af setup.ldif'
Stopping sssd: [  OK  ]
:: [   PASS   ] :: Running 'service sssd stop'
:: [   PASS   ] :: Running 'rm -fr /var/lib/sss/db/*.ldb'
Starting sssd: [  OK  ]
[  OK  ]
:: [   PASS   ] :: Running 'service sssd start'
:: [   PASS   ] :: napping for 5 secs...
:: [   PASS   ] :: Running 'restart_clearing_cache'
user1@PROXY:*:3000:3000:User1:/export/user1:
:: [   PASS   ] :: Running 'getent -s sss passwd user1@PROXY'
user2@PROXY:*:3001:3001:User2:/export/user2:
:: [   PASS   ] :: Running 'getent -s sss passwd user2@PROXY'
child@PROXY:*:4001:user2@PROXY
:: [   PASS   ] :: Running 'getent -s sss group child@PROXY'
parent@PROXY:*:4000:user1@PROXY,child@PROXY
:: [   PASS   ] :: Running 'getent -s sss group parent@PROXY'
3000 4000
:: [   PASS   ] :: Running 'echo 3000 4000 | grep 3000'
3000 4000
:: [   PASS   ] :: Running 'echo 3000 4000 | grep 4000'
:: [   PASS   ] :: Running 'echo 3000 4000 | grep 4001'
3001 4001
:: [   PASS   ] :: Running 'echo 3001 4001 | grep 3001'
:: [   PASS   ] :: Running 'echo 3001 4001 | grep 4000'
3001 4001
:: [   PASS   ] :: Running 'echo 3001 4001 | grep 4001'
deleting entry "uid=user1,ou=People,dc=example,dc=com"

deleting entry "uid=user2,ou=People,dc=example,dc=com"

deleting entry "cn=child,ou=Groups,dc=example,dc=com"

deleting entry "cn=parent,ou=Groups,dc=example,dc=com"

'7d620d60-8a6d-4c57-a04d-4a52bd0be1ff'
SSSD-proxy-ldap-test-022-id-Command-and-Group-Memberships result: PASS
   metric: 0
   Log: /tmp/beakerlib-6010170/journal.txt
    Info: Searching AVC errors produced since 1338297807.32 (Tue May 29 09:23:27 2012)
     Searching logs...
     Info: No AVC messages found.
 Writing to /mnt/testarea/tmp.39dhcf
:
   AvcLog: /mnt/testarea/tmp.39dhcf
:: [   PASS   ] :: Running 'proxyldap_022'
Comment 8 Stephen Gallagher 2012-06-12 13:03:45 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation required
Comment 10 errata-xmlrpc 2012-06-20 11:45:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html