This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword.
sssd_be crashes when ad_access_filter uses FOREST keyword.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity high
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-21 05:55 EST by Kaushik Banerjee
Modified: 2014-06-18 00:04 EDT (History)
6 users (show)

See Also:
Fixed In Version: sssd-1.11.2-23.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-13 07:23:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Domain log when the crash happens (132.67 KB, text/plain)
2013-11-21 05:55 EST, Kaushik Banerjee
no flags Details
gzipped coredump file (948.86 KB, application/gzip)
2013-11-21 05:56 EST, Kaushik Banerjee
no flags Details

  None (edit)
Description Kaushik Banerjee 2013-11-21 05:55:19 EST
Created attachment 827127 [details]
Domain log when the crash happens

Description of problem:
sssd_be crashes when ad_access_filter uses FOREST keyword

Version-Release number of selected component (if applicable):
sssd-1.11.2-1.el7

How reproducible:
Always

Steps to Reproduce:
1. In sssd.conf add:
ad_access_filter =
FOREST:SSSDAD.COM:(memberOf=cn=group1_dom1,cn=Users,dc=sssdad,dc=com)

2. Try to login as a user belonging to group1_dom1.

Actual Result:
Login fails. sssd_be crashes when trying to login as user from sssdad.com

syslog shows:
Nov 21 14:22:07 dhcp207-191 kernel: [66380.846301] sssd_be[5797]:
segfault at 0 ip 00007fdf469bb8cd sp 00007fff00c23f78 error 4 in
libc-2.17.so[7fdf46931000+1b6000]

Expected results:
sssd_be should not crash

Additional info:
Comment 1 Kaushik Banerjee 2013-11-21 05:56:57 EST
Created attachment 827128 [details]
gzipped coredump file
Comment 3 Lukas Slebodnik 2013-11-21 07:00:31 EST
Could you tell me version of some dependencies?
rpm -qa *sasl* *krb5*

Because there are few warnings, while loading coredump
warning: .dynamic section for "/lib64/libsasl2.so.3" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib64/libkeyutils.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib64/libsamba-util.so.0" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib64/libselinux.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib64/sasl2/libanonymous.so" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib64/sasl2/libgssapiv2.so" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib64/sasl2/libsasldb.so" is not at the expected address (wrong library or version mismatch?)


And back trace is unusable.
#0  _dl_close_worker (map=map@entry=0x7f6dda84da40) at dl-close.c:750
#1  0x00007f6dd91b229c in _dl_close (_map=0x7f6dda84da40) at dl-close.c:776
#2  0x00007f6dd91ac304 in _dl_catch_error (objname=0x7f6dda7f6040, errstring=0x7f6dda7f6048, 
    mallocedp=0x7f6dda7f6038, operate=0x7f6dd54090e0 <dlclose_doit>, args=0x7f6dda84da40)
    at dl-error.c:177
#3  0x00007f6dd540962d in _dlerror_run (operate=operate@entry=0x7f6dd54090e0 <dlclose_doit>, 
    args=0x7f6dda84da40) at dlerror.c:163
#4  0x00007f6dd540910f in __dlclose (handle=<optimized out>) at dlclose.c:47
#5  0x00007f6dca7b9515 in krb5int_close_plugin (h=0x7f6dda84d2e0) at plugins.c:412
#6  0x00007f6dca7b99e8 in krb5int_close_plugin_dirs (dirhandle=0x7f6dda848820) at plugins.c:669
#7  0x00007f6dcbbb7176 in krb5_init_context_profile (flags=0, 
    context_out=0x7f6dd93be930 <_rtld_local+2352>) at init_ctx.c:136
#8  0x00007f6dda848f20 in ?? ()
#9  0x00007f6dc8ca847d in krb5_gss_delete_sec_context (minor_status=0x7fff0ff12f7c, 
    context_handle=0x7f6dda833138, output_token=<optimized out>) at delete_sec_context.c:102
#10 0x00007f6dc8c97f83 in gss_delete_sec_context (minor_status=<optimized out>, 
    context_handle=0x7f6dda844dd8, output_token=<optimized out>) at g_delete_sec_context.c:90
#11 0x00007f6dc8ed0ccf in sasl_gss_seterror_ (utils=0x7f6dd93be930 <_rtld_local+2352>, maj=0, 
    min=3644582192, logonly=-628827600) at gssapi.c:201
#12 0x0000000000000003 in ?? ()
#13 0x00007fff0ff13008 in ?? ()
#14 0x00007f6dd41bd350 in default_plugin_path () from /lib64/libsasl2.so.3
#15 0x00007f6dd3fa94c4 in _sasl_print_mechanism (m=0x7f6dda844ae0, stage=SASL_INFO_LIST_START, 
    rock=0x7f6dd93be930 <_rtld_local+2352>) at client.c:1277
#16 0x00007f6dd41bd350 in default_plugin_path () from /lib64/libsasl2.so.3
#17 0x00007f6dd41bd0c0 in _sasl_mutex_utils () from /lib64/libsasl2.so.3
#18 0x00007f6dd3fac4fb in _sasl_alloc_utils (conn=0x3, global_callbacks=0x7f6dda844dc0)
    at common.c:2036
#19 0x00007f6dda846fb0 in ?? ()
#20 0x00007f6dda7fb5a0 in ?? ()
#21 0x00007f6dda833f00 in ?? ()
#22 0x00007f6dda7fb5a0 in ?? ()
#23 0x00007f6dd73b6bb0 in ldap_free_connection (ld=0x7f6dd75e4000 <ldap_int_global_options>, 
    lc=0x7fff0ff13008, force=-629164640, unbind=-628893808) at request.c:795
#24 0x00007f6dd73ae477 in ldap_ld_free (ld=0x7f6dda7fb5a0, close=1, sctrls=<optimized out>, 
    cctrls=<optimized out>) at unbind.c:122
#25 0x00007f6dcae31aa8 in sdap_handle_release (sh=0x7f6dda833e00)
    at src/providers/ldap/sdap_async.c:124

(gdb) l 124
119             /* check if it is still the same or avoid freeing */
120             if (op == sh->ops) talloc_free(op);
121         }
122
123         if (sh->ldap) {
124             ldap_unbind_ext(sh->ldap, NULL, NULL); <<frame 25 is here
125             sh->ldap = NULL;
126         }
127
128         /* ok, we have done the job, unlock now */
Comment 4 Kaushik Banerjee 2013-11-21 07:04:58 EST
(In reply to Lukas Slebodnik from comment #3)
> Could you tell me version of some dependencies?
> rpm -qa *sasl* *krb5*

# rpm -qa *sasl* *krb5*
krb5-libs-1.11.3-19.el7.1.x86_64
cyrus-sasl-2.1.26-12.1.el7.x86_64
cyrus-sasl-lib-2.1.26-12.1.el7.x86_64
cyrus-sasl-gssapi-2.1.26-12.1.el7.x86_64
sssd-krb5-common-1.11.2-1.el7.x86_64
cyrus-sasl-plain-2.1.26-12.1.el7.x86_64
cyrus-sasl-md5-2.1.26-12.1.el7.x86_64
krb5-workstation-1.11.3-19.el7.1.x86_64
sssd-krb5-1.11.2-1.el7.x86_64
cyrus-sasl-scram-2.1.26-12.1.el7.x86_64
Comment 5 Jakub Hrozek 2013-11-21 07:55:54 EST
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2160
Comment 6 Lukas Slebodnik 2013-11-21 10:40:41 EST
#0  0x00007f112bdfd8cd in __strcasecmp_l_sse2 () from /lib64/libc.so.6
#1  0x00007f1122d38f1a in ad_parse_access_filter (dom=<optimized out>, 
    dom=<optimized out>, _filter=0x7f1130417d48, filter_list=<optimized out>, 
    mem_ctx=0x7f1130417d20) at src/providers/ad/ad_access.c:213
#2  ad_access_send (pd=<optimized out>, ctx=0x7f11303fc1c0, 
    domain=0x7f11303cdbc0, be_ctx=<optimized out>, ev=0x7f11303c5640, 
    mem_ctx=0x7f1130419650) at src/providers/ad/ad_access.c:269
#3  ad_access_handler (breq=0x7f1130419650) at src/providers/ad/ad_access.c:429
#4  0x00007f112f633a2f in tevent_common_loop_timer_delay ()
   from /lib64/libtevent.so.0
#5  0x00007f112f634a23 in epoll_event_loop_once () from /lib64/libtevent.so.0
#6  0x00007f112f633107 in std_event_loop_once () from /lib64/libtevent.so.0
#7  0x00007f112f62fbcd in _tevent_loop_once () from /lib64/libtevent.so.0
#8  0x00007f112f62fd6b in tevent_common_loop_wait () from /lib64/libtevent.so.0
#9  0x00007f112f6330a7 in std_event_loop_wait () from /lib64/libtevent.so.0
#10 0x00007f112f8843b3 in server_loop (main_ctx=0x7f11303c6a10)
    at src/util/server.c:602
#11 0x00007f11300f239b in main (argc=<optimized out>, argv=<optimized out>)
    at src/providers/data_provider_be.c:2992

In the function ad_parse_access_filter:
  strcasecmp(spec, dom->forest) was called and dom->forest is NULL
Comment 7 Jakub Hrozek 2014-01-09 05:57:32 EST
Pushed to master:
    master: 17195241500e46272018d7897d6e87249870caf2
    sssd-1-11: 98869bb5e22774dc02dacd93e411975fa839b616
Comment 9 Kaushik Banerjee 2014-01-14 07:38:53 EST
Verified in version 1.11.2-23.el7

Output from beaker automation run:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ad_access_control_09: ad_access_filter=FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'su_success user1_dom1@sssdad.com Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_permission_denied user1_dom2@sssdad_tree.com Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_permission_denied user1_dom3@child1.sssdad.com Secret123' (Expected 0, got 0)
Comment 10 Ludek Smid 2014-06-13 07:23:40 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.