640602 – sssd is not escaping correctly LDAP searches

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 640602 - sssd is not escaping correctly LDAP searches

Summary: sssd is not escaping correctly LDAP searches

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Stephen Gallagher
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:	640597
Blocks:	640601
TreeView+	depends on / blocked

Reported:	2010-10-06 12:55 UTC by Dmitri Pal
Modified:	2015-01-04 23:44 UTC (History)
CC List:	5 users (show)
Fixed In Version:	sssd-1.5.0-1.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:	640597
Environment:
Last Closed:	2011-05-19 11:41:32 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0560	0	normal	SHIPPED_LIVE	Low: sssd security, bug fix, and enhancement update	2011-05-19 11:38:17 UTC

Description Dmitri Pal 2010-10-06 12:55:44 UTC

+++ This bug was initially created as a clone of Bug #640597 +++

Description of problem:

sssd is not escaping correctly LDAP searches, and when it receives an error from the LDAP server is going offline

Version-Release number of selected component (if applicable):

sssd-1.2.1-27.el5

How reproducible:

always

Steps to Reproduce:

I noticed that sssd in some of our servers was going offline with no apparent reason, so bumping up the debug_level I found this in the logs:

(Wed Oct  6 07:27:09 2010) [sssd[be[ALMACARONI]]] [be_get_account_info] (4): Got request for [4097][1][name=hacienda\eladio]
(Wed Oct  6 07:27:09 2010) [sssd[be[ALMACARONI]]] [sdap_get_generic_send] (3): ldap_search_ext failed: Bad search filter
(Wed Oct  6 07:27:09 2010) [sssd[be[ALMACARONI]]] [be_run_offline_cb] (3): Going offline. Running callbacks.

A bit of investigation turned up that the query was initiated by winbind, which was running on the server, so it was a matter of changing the "winbind separator" and restarting winbind and sssd to hide the problem.

Now is evident that this is a bug in SSSD, where it is sufficient that any user queryiing for a username with an '\' in its name to have SSSD going offline.

I reproduced this executing "id hacienda\\eladio"

Comment 2 Gowrishankar Rajaiyan 2011-04-07 12:10:04 UTC

On server:
# user\5Ca, People, example.com
dn: uid=user\5Ca,ou=People,dc=example,dc=com
uidNumber: 29201
gidNumber: 29201
objectClass: top
objectClass: posixAccount
objectClass: inetuser
cn: user\5Ca
homeDirectory: /home/usera
loginShell: /bin/bash
uid: user\a
userPassword:: U2VjcmV0MTIz

# group\5Ca, Groups, example.com
dn: cn=group\5Ca,ou=Groups,dc=example,dc=com
gidNumber: 29201
objectClass: top
objectClass: posixGroup
memberUid: uid=user\5Ca,ou=People,dc=example,dc=com
cn: group\a

# user\5C001, People, example.com
dn: uid=user\5C001,ou=People,dc=example,dc=com
uidNumber: 29204
gidNumber: 29204
objectClass: top
objectClass: posixAccount
objectClass: inetuser
cn: user001
homeDirectory: /home/user001
loginShell: /bin/bash
uid: user\001
userPassword:: U2VjcmV0MTIz

# group\5C001, Groups, example.com
dn: cn=group\5C001,ou=Groups,dc=example,dc=com
gidNumber: 29204
objectClass: top
objectClass: posixGroup
memberUid: uid=user\5C001,ou=People,dc=example,dc=com
cn: group\001

On Client:
[domain/default]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldaps://sssdldap.redhat.com:636
ldap_search_base = dc=example,dc=com
ldap_tls_reqcert = demand
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc
cache_credentials = true
enumerate = false
debug_level = 9

# id user\\a
uid=29201(user\a) gid=29201(group\a) groups=29201(group\a)

# id -G -n user\\a
group\a

# id user\\001
uid=29204(user\001) gid=29204(group\001) groups=29204(group\001)

# id -G -n user\\001
group\001

# ssh -l user\\a localhost
user\a@localhost's password: 
Creating directory '/home/usera'.
Last login: Thu Apr  7 15:35:18 2011 from localhost
[user\a@rhel6-1 ~]$ id
uid=29201(user\a) gid=29201(group\a) groups=29201(group\a) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Comment 4 Gowrishankar Rajaiyan 2011-04-07 12:14:26 UTC

Verified.

# rpm -qi sssd
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 24.el6                        Build Date: Sat 02 Apr 2011 01:24:54 AM IST
Install Date: Tue 05 Apr 2011 11:11:29 AM IST      Build Host: x86-012.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-24.el6.src.rpm
Size        : 3462740                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 5 errata-xmlrpc 2011-05-19 11:41:32 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0560.html

Comment 6 errata-xmlrpc 2011-05-19 13:08:45 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0560.html

Note You need to log in before you can comment on or make changes to this bug.