Bug 876578

Summary: erealloc3 error on sssd sudoHost netgroup mismatch
Product: Red Hat Enterprise Linux 6 Reporter: Nikolai Kondrashov <nikolai.kondrashov>
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED ERRATA QA Contact: Aleš Mareček <amarecek>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.4CC: amarecek, dspurek, jgalipea, jhrozek, kbanerje, ksrot, pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sudo-1.8.6p3-6.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:45:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 881827    
Attachments:
Description Flags
Patch fixing the problem
none
Base LDIF file
none
sssd.conf none

Description Nikolai Kondrashov 2012-11-14 14:04:38 UTC 
Description of problem:
sudo outputs an erealloc3 error whenever all retrieved sssd rules fail sudoHost netgroup match

Version-Release number of selected component (if applicable):
sudo-1.8.6p3-5.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. Use the attached LDIF file to fill a LDAP directory.
2. Use the attached sssd.conf as the base for SSSD configuration.
3. Execute "su -c 'sudo -u user2 whoami' user1" as root.
  
Actual results:
sudo: internal error, tried to erealloc3(0)

Expected results:
sudo: no tty present and no askpass program specified

(NOTE: the expected result above is probably still incorrect due to Bug 875740)

Additional info:
The LDAP backend works as expected.
The attached patch fixes the problem.
Comment 1 Nikolai Kondrashov 2012-11-14 14:06:09 UTC 
Created attachment 644899 [details]
Patch fixing the problem
Comment 2 Nikolai Kondrashov 2012-11-14 14:06:37 UTC 
Created attachment 644900 [details]
Base LDIF file
Comment 3 Nikolai Kondrashov 2012-11-14 14:07:00 UTC 
Created attachment 644901 [details]
sssd.conf
Comment 6 David Spurek 2012-11-21 10:19:25 UTC 
Hi Nikolai, thank you for your reproducer.
But in my case "su -c 'sudo -u user2 whoami' user1" pass without errors.

In ldap entry "dn: cn=netgroup_server,ou=Netgroups,dc=example,dc=com"
you have "nisNetgroupTriple: (server.sss-test.test,,)".

server.sss-test.test is hostname of the machine, where ldap server run?
Comment 8 Nikolai Kondrashov 2012-12-03 11:15:59 UTC 
Verified fixed in 1.8.6p3-6.el6.
Relevant sssd sudo suite test passes:

:: [   PASS   ] :: attrs_host_netgroup_mismatch
Comment 10 errata-xmlrpc 2013-02-21 09:45:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0363.html