1396485 – sssd_be keeps crashing if id_provider=ad or ipa and auth_provider=krb5

Bug 1396485 - sssd_be keeps crashing if id_provider=ad or ipa and auth_provider=krb5

Summary: sssd_be keeps crashing if id_provider=ad or ipa and auth_provider=krb5

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	SSSD Maintainers
QA Contact:	Steeve Goveas
Docs Contact:	Marc Muehlfeld
URL:
Whiteboard:
Duplicates (1):	1412170 (view as bug list)
Depends On:	1392444
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-18 13:13 UTC by Marcel Kolaja
Modified:	2020-09-10 09:58 UTC (History)
CC List:	17 users (show)
Fixed In Version:	sssd-1.14.0-43.el7_3.6
Doc Type:	Bug Fix
Doc Text:	Previously, if the "ipa" or "ad" subdomain provider was set in the /etc/sssd/sssd.conf file, the System Security Services Daemon (SSSD) accessed only data that the respective authentication provider sets up. As a consequence, if the user configured the "ipa" or "ad" subdomain provider with a different authentication provider, SSSD accessed uninitialized memory and terminated unexpectedly. A patch has been applied and SSSD now only accesses data if the same authentication and subdomain provider are configured. As a result, SSSD no longer fails in the described scenario.
Clone Of:	1392444
Environment:
Last Closed:	2017-01-17 18:09:59 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 4267	0	None	closed	sssd_be keeps crashing	2020-09-03 11:56:06 UTC
Red Hat Product Errata	RHBA-2017:0078	0	normal	SHIPPED_LIVE	sssd bug fix update	2017-01-17 22:51:58 UTC

Description Marcel Kolaja 2016-11-18 13:13:09 UTC

This bug has been copied from bug #1392444 and has been proposed
to be backported to 7.3 z-stream (EUS).

Comment 5 Madhuri 2017-01-06 06:57:04 UTC

Tested with 
sssd-1.14.0-43.el7_3.11.x86_64

Steps followed during verification:
1) Configure sssd on client.
2) Set id_provider=ad and auth_provider= krb5 in sssd.conf.
3) Start the sssd service.

# cat  /etc/sssd/sssd.conf | grep provider
id_provider = ad
auth_provider = krb5

# systemctl status sssd
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/sssd.service.d
           └─journal.conf
   Active: active (running) since Thu 2017-01-05 12:33:31 EST; 5min ago
  Process: 4212 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS)
 Main PID: 4213 (sssd)
   CGroup: /system.slice/sssd.service
           ├─4213 /usr/sbin/sssd -D -f
           ├─4214 /usr/libexec/sssd/sssd_be --domain EXAMPLE.COM --uid 0 --gid 0 --debug-to-files
           ├─4215 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
           └─4216 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 –debug-to-files

# getent passwd test
test:*:715401139:715400513:test:/home/EXAMPLE.COM/test:/bin/bash

# id test
uid=715401139(test) gid=715400513(domain users) groups=715400513(domain users)

Comment 6 Lukas Slebodnik 2017-01-11 13:35:40 UTC

*** Bug 1412170 has been marked as a duplicate of this bug. ***

Comment 8 errata-xmlrpc 2017-01-17 18:09:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0078.html

Note You need to log in before you can comment on or make changes to this bug.