Bug 1396485 - sssd_be keeps crashing if id_provider=ad or ipa and auth_provider=krb5
Summary: sssd_be keeps crashing if id_provider=ad or ipa and auth_provider=krb5
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.3
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Steeve Goveas
Marc Muehlfeld
URL:
Whiteboard:
: 1412170 (view as bug list)
Depends On: 1392444
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-18 13:13 UTC by Marcel Kolaja
Modified: 2020-09-10 09:58 UTC (History)
17 users (show)

Fixed In Version: sssd-1.14.0-43.el7_3.6
Doc Type: Bug Fix
Doc Text:
Previously, if the "ipa" or "ad" subdomain provider was set in the /etc/sssd/sssd.conf file, the System Security Services Daemon (SSSD) accessed only data that the respective authentication provider sets up. As a consequence, if the user configured the "ipa" or "ad" subdomain provider with a different authentication provider, SSSD accessed uninitialized memory and terminated unexpectedly. A patch has been applied and SSSD now only accesses data if the same authentication and subdomain provider are configured. As a result, SSSD no longer fails in the described scenario.
Clone Of: 1392444
Environment:
Last Closed: 2017-01-17 18:09:59 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 4267 None closed sssd_be keeps crashing 2020-09-03 11:56:06 UTC
Red Hat Product Errata RHBA-2017:0078 normal SHIPPED_LIVE sssd bug fix update 2017-01-17 22:51:58 UTC

Description Marcel Kolaja 2016-11-18 13:13:09 UTC
This bug has been copied from bug #1392444 and has been proposed
to be backported to 7.3 z-stream (EUS).

Comment 5 Madhuri 2017-01-06 06:57:04 UTC
Tested with 
sssd-1.14.0-43.el7_3.11.x86_64

Steps followed during verification:
1) Configure sssd on client.
2) Set id_provider=ad and auth_provider= krb5 in sssd.conf.
3) Start the sssd service.

# cat  /etc/sssd/sssd.conf | grep provider
id_provider = ad
auth_provider = krb5

# systemctl status sssd
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/sssd.service.d
           └─journal.conf
   Active: active (running) since Thu 2017-01-05 12:33:31 EST; 5min ago
  Process: 4212 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS)
 Main PID: 4213 (sssd)
   CGroup: /system.slice/sssd.service
           ├─4213 /usr/sbin/sssd -D -f
           ├─4214 /usr/libexec/sssd/sssd_be --domain EXAMPLE.COM --uid 0 --gid 0 --debug-to-files
           ├─4215 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
           └─4216 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 –debug-to-files

# getent passwd test@EXAMPLE.COM
test@EXAMPLE.COM:*:715401139:715400513:test:/home/EXAMPLE.COM/test:/bin/bash

# id test@EXAMPLE.COM
uid=715401139(test@EXAMPLE.COM) gid=715400513(domain users@EXAMPLE.COM) groups=715400513(domain users@EXAMPLE.COM)

Comment 6 Lukas Slebodnik 2017-01-11 13:35:40 UTC
*** Bug 1412170 has been marked as a duplicate of this bug. ***

Comment 8 errata-xmlrpc 2017-01-17 18:09:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0078.html


Note You need to log in before you can comment on or make changes to this bug.