RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1077695 - Negative value for parameters in sssd.conf shows different value in logs
Summary: Negative value for parameters in sssd.conf shows different value in logs
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-03-18 12:39 UTC by Kaushik Banerjee
Modified: 2020-05-02 16:15 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-04-24 11:25:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 1458 0 None closed SSSD should perform input-validation for values in sssd.conf 2020-05-02 16:14:59 UTC

Description Kaushik Banerjee 2014-03-18 12:39:49 UTC 
Description of problem:
Negative value for parameters in sssd.conf shows 4294966296 in logs

Version-Release number of selected component (if applicable):
1.11.2-54.el7

How reproducible:
Always

Steps to Reproduce:
1. Add an option "ldap_idmap_range_min=-1000" in sssd.conf
2. Restart sssd

Actual results:

Domain log shows:
[sssd[be[ADTEST]]] [sdap_idmap_init] (0x0010): Invalid settings for
range selection: [4294966296][2000200000][200000]

Expected results:


Additional info:
Logging as a low priority bug. Part of negative tests in our automation suite.
Comment 1 Kaushik Banerjee 2014-03-18 12:41:04 UTC 
Also adding a comment from Jakub on discussing this issue:

This is a peculiarity of C and I'm not sure there's much we can sensibly
do about this. In C, the info on whether the value is signed or unsigned
is not stored anywhere except the type of the variable. So 0xFF can be
either -1 or 255 depending on how you look at the bytes.

What we should do instead is implement the ding-libs validator which
would disallow negative values for parameters that can only hold
positive values.
Comment 3 Lukas Slebodnik 2014-03-18 13:08:08 UTC 
Manual pages says:
Specifies the lower bound of the range of POSIX IDs to use for
mapping Active Directory user and group SIDs.

And POSIX IDs are unsigned integers.

I think it is a use case for sssd_check BZ1072458
Comment 4 Jakub Hrozek 2014-03-20 14:48:09 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/416
Comment 5 Jakub Hrozek 2014-03-20 14:49:38 UTC 
(In reply to Lukas Slebodnik from comment #3)
> Manual pages says:
> Specifies the lower bound of the range of POSIX IDs to use for
> mapping Active Directory user and group SIDs.
> 
> And POSIX IDs are unsigned integers.
> 
> I think it is a use case for sssd_check BZ1072458

I agree this should be solved at a different level. I've linked this bugzilal with a ticket to implement the sssd.conf validator.
Comment 6 Martin Kosek 2015-04-24 11:25:08 UTC 
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. Unfortunately, this bug was not given a priority and was deferred both in the upstream project and in Red Hat Enterprise Linux.

Given that we are unable to fulfill this request in following Red Hat Enterprise Linux releases, I am closing the Bugzilla as DEFERRED. To request that Red Hat re-considers the decision, please re-open the Bugzilla via appropriate support channels and provide additional business and/or technical details about its importance to you.

Note that you can still track this request or even contribute patches in the referred upstream Trac ticket.
Note You need to log in before you can comment on or make changes to this bug.