Bug 878420

Summary: SIGSEGV in IPA provider when ldap_sasl_authid is not set
Product: Red Hat Enterprise Linux 6 Reporter: Pavel Březina <pbrezina>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.4CC: codezilla, dpal, grajaiya, jgalipea, maxim.yegorushkin, nsoman, okos, pbrezina, sgoveas, stephane.lebreton
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.9.2-30.el6 Doc Type: Bug Fix
Doc Text:
No documentation needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:40:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 881827    

Description Pavel Březina 2012-11-20 11:47:48 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1657

When id_provider = ipa and ldap_sasl_authid option is not configure, sssd_be crashes with SIGSEGV.

{{{
#0  __strchr_sse2 () at ../sysdeps/x86_64/strchr.S:33
#1  0x00007f76fd08f261 in sdap_set_sasl_options (id_opts=0xddfaf0, default_primary=0x0, default_realm=0xddf360 "IPA.PB", keytab_path=0x0) at src/providers/ldap/ldap_common.c:1028
#2  0x00007f76fcfc3eef in ipa_get_id_options (ipa_opts=0xddd960, cdb=0xdba740, conf_path=0xdc1240 "config/domain/IPA", _opts=0xddfa48) at src/providers/ipa/ipa_common.c:246
#3  0x00007f76fcfc03f1 in sssm_ipa_id_init (bectx=0xdc25e0, ops=0xdc2750, pvt_data=0xdc2758) at src/providers/ipa/ipa_init.c:145
#4  0x0000000000418fac in load_backend_module (ctx=0xdc25e0, bet_type=BET_ID, bet_info=0xdc2748, default_mod_name=0x0) at src/providers/data_provider_be.c:2055
#5  0x000000000041a678 in be_process_init (mem_ctx=0xdba650, be_domain=0xdb8420 "IPA", ev=0xdb94d0, cdb=0xdba740) at src/providers/data_provider_be.c:2208
#6  0x000000000041d2c9 in main (argc=5, argv=0x7fff94756a78) at src/providers/data_provider_be.c:2429
}}}
Comment 1 Pavel Březina 2012-11-20 11:52:31 UTC 
How to test:
1. remove ldap_sasl_authid from sssd.conf
2. run sssd
3. sssd_be should not crash
Comment 4 Jakub Hrozek 2012-12-06 09:43:46 UTC 
*** Bug 883882 has been marked as a duplicate of this bug. ***
Comment 5 Jakub Hrozek 2013-01-31 16:25:03 UTC 
*** Bug 906363 has been marked as a duplicate of this bug. ***
Comment 7 Steeve Goveas 2013-02-01 11:11:57 UTC 
    [root@hp-bl480c-01 sssd]# rpm -qa | grep sssd
    sssd-client-1.9.2-25.el6.i686
    sssd-1.9.2-25.el6.i686
    sssd-debuginfo-1.9.2-25.el6.i686
    sssd-tools-1.9.2-25.el6.i686

    * Setup hung at restarting web server for long time till it was aborted

    [root@hp-bl480c-01 ~]# ipa-server-install -p Secret123 -a Secret123 -r IPA.EXAMPLE.COM -n ipa.example.com --hostname=hp-bl480c-01.ipa.example.com --ip-address=10.16.64.241 -U
    ..
    .
    Done configuring the web interface (httpd).
    Applying LDAP updates
    Restarting the directory server
    Restarting the KDC
    Sample zone file for bind has been created in /tmp/sample.zone.tKKl0G.db
    Restarting the web server

    [root@hp-bl480c-01 sssd]# tail -f /var/log/sssd/sssd.log 
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]

    [root@hp-bl480c-01 sssd]# tail -100 /var/log/messages| less
    Feb  1 05:28:50 hp-bl480c-01 sssd: Starting up
    Feb  1 05:28:51 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:28:51 hp-bl480c-01 kernel: sssd_be[29388]: segfault at 0 ip 00d05443 sp bfab8f98 error 4 in libc-2.12.so[c8c000+190000]
    Feb  1 05:28:51 hp-bl480c-01 abrtd: Directory 'ccpp-2013-02-01-05:28:51-29388' creation detected
    Feb  1 05:28:51 hp-bl480c-01 abrt[29389]: Saved core dump of pid 29388 (/usr/libexec/sssd/sssd_be) to /var/spool/abrt/ccpp-2013-02-01-05:28:51-29388 (937984 bytes)
    Feb  1 05:28:51 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:28:51 hp-bl480c-01 kernel: sssd_be[29391]: segfault at 0 ip 00983443 sp bfc57818 error 4 in libc-2.12.so[90a000+190000]
    Feb  1 05:28:51 hp-bl480c-01 abrt[29393]: Not saving repeating crash in '/usr/libexec/sssd/sssd_be'
    Feb  1 05:28:51 hp-bl480c-01 abrtd: Package 'sssd' isn't signed with proper key
    Feb  1 05:28:51 hp-bl480c-01 abrtd: 'post-create' on '/var/spool/abrt/ccpp-2013-02-01-05:28:51-29388' exited with 1
    Feb  1 05:28:51 hp-bl480c-01 abrtd: Corrupted or bad directory '/var/spool/abrt/ccpp-2013-02-01-05:28:51-29388', deleting
    Feb  1 05:28:53 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:28:53 hp-bl480c-01 kernel: sssd_be[29394]: segfault at 0 ip 00974443 sp bf859938 error 4 in libc-2.12.so[8fb000+190000]
    Feb  1 05:28:53 hp-bl480c-01 abrt[29395]: Not saving repeating crash in '/usr/libexec/sssd/sssd_be'
    Feb  1 05:28:56 hp-bl480c-01 sssd[nss]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[pam]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[ssh]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[pac]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[nss]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[pam]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[ssh]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[pac]: Starting up
    Feb  1 05:28:57 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:28:57 hp-bl480c-01 kernel: sssd_be[29404]: segfault at 0 ip 00d82443 sp bfe46c68 error 4 in libc-2.12.so[d09000+190000]
    Feb  1 05:28:57 hp-bl480c-01 abrt[29405]: Not saving repeating crash in '/usr/libexec/sssd/sssd_be'
    Feb  1 05:50:46 hp-bl480c-01 sssd: Starting up
    Feb  1 05:50:46 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:50:46 hp-bl480c-01 sssd[nss]: Starting up


    [root@hp-bl480c-01 ~]# cat /etc/sssd/sssd.conf 
    [domain/ipa.example.com]

    cache_credentials = True
    krb5_store_password_if_offline = True
    ipa_domain = ipa.example.com
    id_provider = ipa
    auth_provider = ipa
    access_provider = ipa
    ipa_hostname = hp-bl480c-01.ipa.example.com
    chpass_provider = ipa
    ipa_server = hp-bl480c-01.ipa.example.com
    ldap_tls_cacert = /etc/ipa/ca.crt
    [sssd]
    services = nss, pam, ssh
    config_file_version = 2

    domains = ipa.example.com
    [nss]

    [pam]

    [sudo]

    [autofs]

    [ssh]

    [pac]

    * After adding ldap_sasl_authid

    [root@hp-bl480c-01 sssd]# cat /etc/sssd/sssd.conf  | grep ldap_sasl_authid
    ldap_sasl_authid = host/hp-bl480c-01.ipa.example.com

    [root@hp-bl480c-01 sssd]# killall sssd

    [root@hp-bl480c-01 sssd]# service sssd restart
    Stopping sssd: [FAILED]
    [  OK  ] sssd: [  OK  ]


    # On Server with fixed sssd version

    [root@athlon6 ~]# rpm -qa | grep sssd
    sssd-client-1.9.2-82.el6.i686
    sssd-1.9.2-82.el6.i686

    [root@athlon6 ~]# ps awux | grep sssd
    root     20781  0.0  0.1  12008  2492 ?        Ss   Jan28   0:46 /usr/sbin/sssd -f -D
    root     20782  0.0  0.3  19948  5624 ?        S    Jan28   0:16 /usr/libexec/sssd/sssd_be --domain ipalab.qe --debug-to-files
    root     20783  0.0  0.9  24456 14512 ?        S    Jan28   0:05 /usr/libexec/sssd/sssd_nss --debug-to-files
    root     20784  0.0  0.1  12724  2596 ?        S    Jan28   0:06 /usr/libexec/sssd/sssd_pam --debug-to-files
    root     20785  0.0  0.1  12564  2564 ?        S    Jan28   0:06 /usr/libexec/sssd/sssd_ssh --debug-to-files
    root     20786  0.0  0.1  16616  2940 ?        S    Jan28   0:05 /usr/libexec/sssd/sssd_pac --debug-to-files
    root     32397  0.0  0.0   4360   728 pts/0    S+   06:00   0:00 grep sssd

    [root@athlon6 ~]# grep ldap_sasl_authid /etc/sssd/sssd.conf  ; echo $?
    1

    [root@athlon6 ~]# kinit 
    Password for admin: 

    [root@athlon6 ~]# ipa host-find
    ---------------
    2 hosts matched
    ---------------
      Host name: athlon6.ipalab.qe
      Principal name: host/athlon6.ipalab.qe
      Password: False
      Keytab: True
      Managed by: athlon6.ipalab.qe
      SSH public key fingerprint: 8C:3B:C7:9A:7D:37:3F:48:B2:B4:3D:7C:D6:C2:0E:2B (ssh-rsa), CA:56:A7:40:F0:6D:CF:03:F6:2E:E0:14:58:9C:CB:65
                                  (ssh-dss)

    .........Truncated............
Comment 8 errata-xmlrpc 2013-02-21 09:40:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html