Bug 690867 - Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests
Summary: Groups with a zero-length memberuid attribute can cause SSSD to stop caching ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sssd
Version: 5.7
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Stephen Gallagher
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On: 690866
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-25 16:13 UTC by Stephen Gallagher
Modified: 2015-01-04 23:47 UTC (History)
6 users (show)

Fixed In Version: sssd-1.5.1-21.el5
Doc Type: Bug Fix
Doc Text:
Clone Of: 690866
Environment:
Last Closed: 2011-07-21 08:10:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0975 0 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2011-07-21 08:09:03 UTC

Description Stephen Gallagher 2011-03-25 16:13:38 UTC 
+++ This bug was initially created as a clone of Bug #690866 +++

Description of problem:
We are not properly handling the case where a group might have a memberuid attribute with no name (zero-length string). This causes a failure in the code that does not properly clean up after itself, resulting in SSSD holding open a transaction to the ldb, making it unable to cache new lookups properly (as data is only saved when all nested transactions are marked complete).

Version-Release number of selected component (if applicable):
sssd-1.5.1-20.el6


How reproducible:
Every time

Steps to Reproduce:
1. Create an LDAP group in RFC2307 with a memberuid attribute of zero length
2. Purge the cache and restart SSSD
3. run 'getent group <groupname>'
4. run 'getent passwd <valid user>'
  
Actual results:
Neither command returns results

Expected results:
The group request should ignore the empty name and return successfully. The user request should return the user properly.


Additional info:
Comment 2 Kaushik Banerjee 2011-05-12 06:25:43 UTC 
Verified in version:
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 34.el5                        Build Date: Tue 03 May 2011 10:46:09 PM IST
Install Date: Wed 11 May 2011 02:07:53 PM IST      Build Host: x86-004.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-34.el5.src.rpm
Size        : 3508089                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon


Steps to test:
1. User and group added as:
dn: cn=user3,ou=Engineering,dc=example,dc=com
objectClass: account
objectClass: posixAccount
cn: user3
uid: user3
uidNumber: 5002
gidNumber: 5002
homeDirectory: /home/user3
loginShell: /bin/bash
userPassword:: e1NTSEF9NEFrSjNLa3I5bE5McmxaUWlmRU5acEIzQi9SM0dxTlM=

dn: cn=user3,ou=Groups,dc=example,dc=com
gidNumber: 5002
objectClass: posixGroup
cn: user3
memberUid:

2. Enumerate the user and group:
# getent -s sss passwd user3
user3:*:5002:5002:user3:/home/user3:/bin/bash

# getent -s sss group user3
user3:*:5002:

# id user3
uid=5002(user3) gid=5002(user3) groups=5002(user3) context=root:system_r:unconfined_t:SystemLow-SystemHigh

# id -G user3
5002
Comment 3 errata-xmlrpc 2011-07-21 08:10:55 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0975.html
Note You need to log in before you can comment on or make changes to this bug.