1032983 – sssd_be crashes when ad_access_filter uses FOREST keyword.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword.

Summary: sssd_be crashes when ad_access_filter uses FOREST keyword.

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Jakub Hrozek
QA Contact:	Kaushik Banerjee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-21 10:55 UTC by Kaushik Banerjee
Modified:	2020-05-02 17:33 UTC (History)
CC List:	6 users (show)
Fixed In Version:	sssd-1.11.2-23.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 11:23:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Domain log when the crash happens (132.67 KB, text/plain) 2013-11-21 10:55 UTC, Kaushik Banerjee	no flags	Details
gzipped coredump file (948.86 KB, application/gzip) 2013-11-21 10:56 UTC, Kaushik Banerjee	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 3202	0	None	None	None	2020-05-02 17:33:20 UTC

Description Kaushik Banerjee 2013-11-21 10:55:19 UTC

Created attachment 827127 [details]
Domain log when the crash happens

Description of problem:
sssd_be crashes when ad_access_filter uses FOREST keyword

Version-Release number of selected component (if applicable):
sssd-1.11.2-1.el7

How reproducible:
Always

Steps to Reproduce:
1. In sssd.conf add:
ad_access_filter =
FOREST:SSSDAD.COM:(memberOf=cn=group1_dom1,cn=Users,dc=sssdad,dc=com)

2. Try to login as a user belonging to group1_dom1.

Actual Result:
Login fails. sssd_be crashes when trying to login as user from sssdad.com

syslog shows:
Nov 21 14:22:07 dhcp207-191 kernel: [66380.846301] sssd_be[5797]:
segfault at 0 ip 00007fdf469bb8cd sp 00007fff00c23f78 error 4 in
libc-2.17.so[7fdf46931000+1b6000]

Expected results:
sssd_be should not crash

Additional info:

Comment 1 Kaushik Banerjee 2013-11-21 10:56:57 UTC

Created attachment 827128 [details]
gzipped coredump file

Comment 3 Lukas Slebodnik 2013-11-21 12:00:31 UTC

Could you tell me version of some dependencies?
rpm -qa *sasl* *krb5*

Because there are few warnings, while loading coredump
warning: .dynamic section for "/lib64/libsasl2.so.3" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib64/libkeyutils.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib64/libsamba-util.so.0" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib64/libselinux.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib64/sasl2/libanonymous.so" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib64/sasl2/libgssapiv2.so" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib64/sasl2/libsasldb.so" is not at the expected address (wrong library or version mismatch?)


And back trace is unusable.
#0  _dl_close_worker (map=map@entry=0x7f6dda84da40) at dl-close.c:750
#1  0x00007f6dd91b229c in _dl_close (_map=0x7f6dda84da40) at dl-close.c:776
#2  0x00007f6dd91ac304 in _dl_catch_error (objname=0x7f6dda7f6040, errstring=0x7f6dda7f6048, 
    mallocedp=0x7f6dda7f6038, operate=0x7f6dd54090e0 <dlclose_doit>, args=0x7f6dda84da40)
    at dl-error.c:177
#3  0x00007f6dd540962d in _dlerror_run (operate=operate@entry=0x7f6dd54090e0 <dlclose_doit>, 
    args=0x7f6dda84da40) at dlerror.c:163
#4  0x00007f6dd540910f in __dlclose (handle=<optimized out>) at dlclose.c:47
#5  0x00007f6dca7b9515 in krb5int_close_plugin (h=0x7f6dda84d2e0) at plugins.c:412
#6  0x00007f6dca7b99e8 in krb5int_close_plugin_dirs (dirhandle=0x7f6dda848820) at plugins.c:669
#7  0x00007f6dcbbb7176 in krb5_init_context_profile (flags=0, 
    context_out=0x7f6dd93be930 <_rtld_local+2352>) at init_ctx.c:136
#8  0x00007f6dda848f20 in ?? ()
#9  0x00007f6dc8ca847d in krb5_gss_delete_sec_context (minor_status=0x7fff0ff12f7c, 
    context_handle=0x7f6dda833138, output_token=<optimized out>) at delete_sec_context.c:102
#10 0x00007f6dc8c97f83 in gss_delete_sec_context (minor_status=<optimized out>, 
    context_handle=0x7f6dda844dd8, output_token=<optimized out>) at g_delete_sec_context.c:90
#11 0x00007f6dc8ed0ccf in sasl_gss_seterror_ (utils=0x7f6dd93be930 <_rtld_local+2352>, maj=0, 
    min=3644582192, logonly=-628827600) at gssapi.c:201
#12 0x0000000000000003 in ?? ()
#13 0x00007fff0ff13008 in ?? ()
#14 0x00007f6dd41bd350 in default_plugin_path () from /lib64/libsasl2.so.3
#15 0x00007f6dd3fa94c4 in _sasl_print_mechanism (m=0x7f6dda844ae0, stage=SASL_INFO_LIST_START, 
    rock=0x7f6dd93be930 <_rtld_local+2352>) at client.c:1277
#16 0x00007f6dd41bd350 in default_plugin_path () from /lib64/libsasl2.so.3
#17 0x00007f6dd41bd0c0 in _sasl_mutex_utils () from /lib64/libsasl2.so.3
#18 0x00007f6dd3fac4fb in _sasl_alloc_utils (conn=0x3, global_callbacks=0x7f6dda844dc0)
    at common.c:2036
#19 0x00007f6dda846fb0 in ?? ()
#20 0x00007f6dda7fb5a0 in ?? ()
#21 0x00007f6dda833f00 in ?? ()
#22 0x00007f6dda7fb5a0 in ?? ()
#23 0x00007f6dd73b6bb0 in ldap_free_connection (ld=0x7f6dd75e4000 <ldap_int_global_options>, 
    lc=0x7fff0ff13008, force=-629164640, unbind=-628893808) at request.c:795
#24 0x00007f6dd73ae477 in ldap_ld_free (ld=0x7f6dda7fb5a0, close=1, sctrls=<optimized out>, 
    cctrls=<optimized out>) at unbind.c:122
#25 0x00007f6dcae31aa8 in sdap_handle_release (sh=0x7f6dda833e00)
    at src/providers/ldap/sdap_async.c:124

(gdb) l 124
119             /* check if it is still the same or avoid freeing */
120             if (op == sh->ops) talloc_free(op);
121         }
122
123         if (sh->ldap) {
124             ldap_unbind_ext(sh->ldap, NULL, NULL); <<frame 25 is here
125             sh->ldap = NULL;
126         }
127
128         /* ok, we have done the job, unlock now */

Comment 4 Kaushik Banerjee 2013-11-21 12:04:58 UTC

(In reply to Lukas Slebodnik from comment #3)
> Could you tell me version of some dependencies?
> rpm -qa *sasl* *krb5*

# rpm -qa *sasl* *krb5*
krb5-libs-1.11.3-19.el7.1.x86_64
cyrus-sasl-2.1.26-12.1.el7.x86_64
cyrus-sasl-lib-2.1.26-12.1.el7.x86_64
cyrus-sasl-gssapi-2.1.26-12.1.el7.x86_64
sssd-krb5-common-1.11.2-1.el7.x86_64
cyrus-sasl-plain-2.1.26-12.1.el7.x86_64
cyrus-sasl-md5-2.1.26-12.1.el7.x86_64
krb5-workstation-1.11.3-19.el7.1.x86_64
sssd-krb5-1.11.2-1.el7.x86_64
cyrus-sasl-scram-2.1.26-12.1.el7.x86_64

Comment 5 Jakub Hrozek 2013-11-21 12:55:54 UTC

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2160

Comment 6 Lukas Slebodnik 2013-11-21 15:40:41 UTC

#0  0x00007f112bdfd8cd in __strcasecmp_l_sse2 () from /lib64/libc.so.6
#1  0x00007f1122d38f1a in ad_parse_access_filter (dom=<optimized out>, 
    dom=<optimized out>, _filter=0x7f1130417d48, filter_list=<optimized out>, 
    mem_ctx=0x7f1130417d20) at src/providers/ad/ad_access.c:213
#2  ad_access_send (pd=<optimized out>, ctx=0x7f11303fc1c0, 
    domain=0x7f11303cdbc0, be_ctx=<optimized out>, ev=0x7f11303c5640, 
    mem_ctx=0x7f1130419650) at src/providers/ad/ad_access.c:269
#3  ad_access_handler (breq=0x7f1130419650) at src/providers/ad/ad_access.c:429
#4  0x00007f112f633a2f in tevent_common_loop_timer_delay ()
   from /lib64/libtevent.so.0
#5  0x00007f112f634a23 in epoll_event_loop_once () from /lib64/libtevent.so.0
#6  0x00007f112f633107 in std_event_loop_once () from /lib64/libtevent.so.0
#7  0x00007f112f62fbcd in _tevent_loop_once () from /lib64/libtevent.so.0
#8  0x00007f112f62fd6b in tevent_common_loop_wait () from /lib64/libtevent.so.0
#9  0x00007f112f6330a7 in std_event_loop_wait () from /lib64/libtevent.so.0
#10 0x00007f112f8843b3 in server_loop (main_ctx=0x7f11303c6a10)
    at src/util/server.c:602
#11 0x00007f11300f239b in main (argc=<optimized out>, argv=<optimized out>)
    at src/providers/data_provider_be.c:2992

In the function ad_parse_access_filter:
  strcasecmp(spec, dom->forest) was called and dom->forest is NULL

Comment 7 Jakub Hrozek 2014-01-09 10:57:32 UTC

Pushed to master:
    master: 17195241500e46272018d7897d6e87249870caf2
    sssd-1-11: 98869bb5e22774dc02dacd93e411975fa839b616

Comment 9 Kaushik Banerjee 2014-01-14 12:38:53 UTC

Verified in version 1.11.2-23.el7

Output from beaker automation run:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ad_access_control_09: ad_access_filter=FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'su_success user1_dom1 Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_permission_denied user1_dom2 Secret123' (Expected 0, got 0)
:: [   PASS   ] :: Running 'su_permission_denied user1_dom3.com Secret123' (Expected 0, got 0)

Comment 10 Ludek Smid 2014-06-13 11:23:40 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.