Bug 736314 - sssd crashes during auth while there exists multiple external hosts along with managed host.
Summary: sssd crashes during auth while there exists multiple external hosts along wit...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Stephen Gallagher
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 743047 748870
TreeView+ depends on / blocked
 
Reported: 2011-09-07 11:28 UTC by Gowrishankar Rajaiyan
Modified: 2015-01-04 23:50 UTC (History)
7 users (show)

Fixed In Version: sssd-1.5.1-50.el6
Doc Type: Bug Fix
Doc Text:
Do not document
Clone Of:
: 748870 (view as bug list)
Environment:
Last Closed: 2011-12-06 16:39:51 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1529 normal SHIPPED_LIVE sssd bug fix and enhancement update 2011-12-06 00:50:20 UTC

Description Gowrishankar Rajaiyan 2011-09-07 11:28:00 UTC
Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.5.1-49.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure a hbacrule on the server as (make sure to have multiple external hosts and one managed host)
[root@bumblebee ~]# ipa hbacrule-show  rule2 --all --raw
  dn: ipauniqueid=bcc94bbe-d91d-11e0-aafb-525400deab7b,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  cn: rule2
  ipaenabledflag: TRUE
  externalhost: external.lab.eng.pnq.redhat.com
  externalhost: ironhide.lab.eng.pnq.redhat.com
  sourcehost: fqdn=mudflap.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberhost: fqdn=bumblebee.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberuser: uid=shanks,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  accessruletype: allow
  ipauniqueid: bcc94bbe-d91d-11e0-aafb-525400deab7b
  memberservice: cn=vsftpd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberservice: cn=sshd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  objectclass: ipaassociation
  objectclass: ipahbacrule

2. Try ssh from the external host ironhide.lab.eng.pnq.redhat.com to the target host bumblebee.lab.eng.pnq.redhat.com

  
Actual results:
ssh auth session hangs and sssd crashes.

Expected results:
Auth should be successful without any crash.

Additional info:

Comment 2 Gowrishankar Rajaiyan 2011-09-07 12:00:14 UTC
At times I also see the following message in the sssd domain logs:

(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_host_attrs_to_rule] (8): Added host [bumblebee.lab.eng.pnq.redhat.com] to rule [rule2]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_shost_attrs_to_rule] (7): Processing source hosts for rule [rule2]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_host_attrs_to_rule] (4): No host specified, rule will never apply.
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_shost_attrs_to_rule] (8): Added external source host [ironhide.lab.eng.pnq.redhat.com] to rule [rule2]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_attrs_to_rule] (1): Could not parse source hosts for rule [rule2]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_ctx_to_rules] (1): Could not construct rules
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [ipa_hbac_evaluate_rules] (1): Could not construct HBAC rules
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_id_op_destroy] (9): releasing operation connection
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (4): Sending result [4][lab.eng.pnq.redhat.com]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (4): Sent result [4][lab.eng.pnq.redhat.com]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_process_result] (8): Trace: sh[0x22a4710], connected[1], ops[(nil)], ldap[0x22a51f0]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_process_result] (8): Trace: ldap_result found nothing!


This is reproduced more often if you have the following rule on your server:

# ipa hbacrule-show  rule2 --all --raw
  dn: ipauniqueid=bcc94bbe-d91d-11e0-aafb-525400deab7b,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  cn: rule2
  ipaenabledflag: TRUE
  externalhost: ironhide.lab.eng.pnq.redhat.com
  memberhost: fqdn=bumblebee.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberuser: uid=shanks,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  accessruletype: allow
  ipauniqueid: bcc94bbe-d91d-11e0-aafb-525400deab7b
  memberservice: cn=vsftpd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberservice: cn=sshd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  objectclass: ipaassociation
  objectclass: ipahbacrule

Comment 3 Gowrishankar Rajaiyan 2011-09-07 12:04:44 UTC
[root@bumblebee ~]# gdb --core=core.9425.1 /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit"
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
[New Thread 9425]
Missing separate debuginfo for 
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/49/0fbc77e52e600698826003dad684bbb09d149d
Reading symbols from /lib64/libpam.so.0.82.2...Reading symbols from /usr/lib/debug/lib64/libpam.so.0.82.2.debug...done.
done.
Loaded symbols for /lib64/libpam.so.0.82.2
Reading symbols from /usr/lib64/libtevent.so.0.9.8...Reading symbols from /usr/lib/debug/usr/lib64/libtevent.so.0.9.8.debug...done.
done.
Loaded symbols for /usr/lib64/libtevent.so.0.9.8
Reading symbols from /usr/lib64/libtalloc.so.2.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libtalloc.so.2.0.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtalloc.so.2.0.1
Reading symbols from /lib64/libpopt.so.0.0.0...Reading symbols from /usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done.
done.
Loaded symbols for /lib64/libpopt.so.0.0.0
Reading symbols from /usr/lib64/libldb.so.0.9.10...Reading symbols from /usr/lib/debug/usr/lib64/libldb.so.0.9.10.debug...done.
done.
Loaded symbols for /usr/lib64/libldb.so.0.9.10
Reading symbols from /lib64/libdbus-1.so.3.4.0...Reading symbols from /usr/lib/debug/lib64/libdbus-1.so.3.4.0.debug...done.
done.
Loaded symbols for /lib64/libdbus-1.so.3.4.0
Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /lib64/libpcre.so.0.0.1...Reading symbols from /usr/lib/debug/lib64/libpcre.so.0.0.1.debug...done.
done.
Loaded symbols for /lib64/libpcre.so.0.0.1
Reading symbols from /usr/lib64/libini_config.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libini_config.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libini_config.so.2.0.0
Reading symbols from /usr/lib64/libcollection.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcollection.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcollection.so.2.0.0
Reading symbols from /usr/lib64/libdhash.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libdhash.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libdhash.so.1.0.0
Reading symbols from /lib64/liblber-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/liblber-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/liblber-2.4.so.2.5.6
Reading symbols from /lib64/libldap-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/libldap-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/libldap-2.4.so.2.5.6
Reading symbols from /usr/lib64/libtdb.so.1.2.1...Reading symbols from /usr/lib/debug/usr/lib64/libtdb.so.1.2.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtdb.so.1.2.1
Reading symbols from /usr/lib64/libssl3.so...Reading symbols from /usr/lib/debug/usr/lib64/libssl3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libssl3.so
Reading symbols from /usr/lib64/libsmime3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsmime3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libsmime3.so
Reading symbols from /usr/lib64/libnss3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnss3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnss3.so
Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnssutil3.so
Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done.
done.
Loaded symbols for /lib64/libplds4.so
Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done.
done.
Loaded symbols for /lib64/libplc4.so
Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done.
done.
Loaded symbols for /lib64/libnspr4.so
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /usr/lib64/libcares.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcares.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcares.so.2.0.0
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/libaudit.so.1.0.0...Reading symbols from /usr/lib/debug/lib64/libaudit.so.1.0.0.debug...done.
done.
Loaded symbols for /lib64/libaudit.so.1.0.0
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libpath_utils.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libpath_utils.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libpath_utils.so.1.0.0
Reading symbols from /usr/lib64/libref_array.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libref_array.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libref_array.so.1.0.0
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /usr/lib64/libsasl2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/libsasl2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/libsasl2.so.2.0.23
Reading symbols from /lib64/libz.so.1.2.3...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done.
done.
Loaded symbols for /lib64/libz.so.1.2.3
Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done.
done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /usr/lib64/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib64/ldb/memberof.so.debug...done.
done.
Loaded symbols for /usr/lib64/ldb/memberof.so
Reading symbols from /usr/lib64/sssd/libsss_ipa.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/sssd/libsss_ipa.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/sssd/libsss_ipa.so.1.0.0
Reading symbols from /lib64/libkeyutils.so.1.3...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done.
done.
Loaded symbols for /lib64/libkeyutils.so.1.3
Reading symbols from /lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5.so.3
Reading symbols from /lib64/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libk5crypto.so.3
Reading symbols from /lib64/libcom_err.so.2.1...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib64/libcom_err.so.2.1
Reading symbols from /usr/lib64/libipa_hbac.so.0.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libipa_hbac.so.0.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libipa_hbac.so.0.0.0
Reading symbols from /usr/lib64/libunistring.so.0.1.2...Reading symbols from /usr/lib/debug/usr/lib64/libunistring.so.0.1.2.debug...done.
done.
Loaded symbols for /usr/lib64/libunistring.so.0.1.2
Reading symbols from /lib64/libkrb5support.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /lib64/libnss_dns.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnss_dns.so.2
Reading symbols from /lib64/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_sss.so.2.debug...done.
done.
Loaded symbols for /lib64/libnss_sss.so.2
Reading symbols from /usr/lib64/sasl2/libgssapiv2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libgssapiv2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libgssapiv2.so.2.0.23
Reading symbols from /lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libgssapi_krb5.so.2
Reading symbols from /usr/lib64/sasl2/libplain.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libplain.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libplain.so.2.0.23
Reading symbols from /usr/lib64/sasl2/libcrammd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libcrammd5.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libcrammd5.so.2.0.23
Reading symbols from /usr/lib64/sasl2/libsasldb.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libsasldb.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libsasldb.so.2.0.23
Reading symbols from /lib64/libdb-4.7.so...Reading symbols from /usr/lib/debug/lib64/libdb-4.7.so.debug...done.
done.
Loaded symbols for /lib64/libdb-4.7.so
Reading symbols from /usr/lib64/sasl2/libanonymous.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libanonymous.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libanonymous.so.2.0.23
Reading symbols from /usr/lib64/sasl2/libdigestmd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libdigestmd5.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libdigestmd5.so.2.0.23
Reading symbols from /usr/lib64/libcrypto.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcrypto.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcrypto.so.1.0.0
Reading symbols from /usr/lib64/sasl2/liblogin.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/liblogin.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/liblogin.so.2.0.23
Reading symbols from /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so...Reading symbols from /usr/lib/debug/usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so.debug...done.
done.
Loaded symbols for /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
Reading symbols from /usr/lib64/libsoftokn3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsoftokn3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libsoftokn3.so
Reading symbols from /usr/lib64/libsqlite3.so.0.8.6...Reading symbols from /usr/lib/debug/usr/lib64/libsqlite3.so.0.8.6.debug...done.
done.
Loaded symbols for /usr/lib64/libsqlite3.so.0.8.6
Core was generated by `/usr/libexec/sssd/sssd_be -d 10 --domain lab.eng.pnq.redhat.com'.
Program terminated with signal 11, Segmentation fault.
#0  0x000000316f07fa81 in __strlen_sse2 () from /lib64/libc.so.6

Thread 1 (Thread 0x7f4afd54e700 (LWP 9425)):
#0  0x000000316f07fa81 in __strlen_sse2 () from /lib64/libc.so.6
No symbol table info available.
#1  0x0000003170804ef4 in talloc_strdup (t=0x131e690, p=0x62376261 <Address 0x62376261 out of bounds>) at talloc.c:1581
No locals.
#2  0x00007f4af71c5c87 in hbac_shost_attrs_to_rule (mem_ctx=0x131fac0, sysdb=<value optimized out>, domain=<value optimized out>, rule_name=0x134e770 "rule2", 
    rule_attrs=<value optimized out>, source_hosts=0x131fae8) at src/providers/ipa/ipa_hbac_hosts.c:504
        ret = <value optimized out>
        host_count = 1
        tmp_ctx = 0x134ed50
        idx = 2
        el = 0x134e200
        shosts = 0x13115a0
        __FUNCTION__ = "hbac_shost_attrs_to_rule"
#3  0x00007f4af71cb1d4 in hbac_attrs_to_rule (mem_ctx=0x1350800, hbac_ctx=0x1350800, rules=0x7fffccbea0f8, request=0x7fffccbea0f0)
    at src/providers/ipa/ipa_hbac_common.c:460
        ret = <value optimized out>
        rule_type = 0x1346200 "allow"
        new_rule = 0x131fac0
        el = 0x134e1e0
#4  hbac_ctx_to_rules (mem_ctx=0x1350800, hbac_ctx=0x1350800, rules=0x7fffccbea0f8, request=0x7fffccbea0f0) at src/providers/ipa/ipa_hbac_common.c:347
        ret = <value optimized out>
        new_rules = 0x131ec40
        new_request = <value optimized out>
        i = <value optimized out>
        tmp_ctx = 0x1311710
        __FUNCTION__ = "hbac_ctx_to_rules"
#5  0x00007f4af71c04e8 in ipa_hbac_evaluate_rules (hbac_ctx=0x1350800) at src/providers/ipa/ipa_access.c:566
        ret = <value optimized out>
        hbac_rules = <value optimized out>
        eval_req = <value optimized out>
        result = <value optimized out>
        info = <value optimized out>
        __FUNCTION__ = "ipa_hbac_evaluate_rules"
#6  0x00007f4af71c267c in hbac_sysdb_save (req=0x0) at src/providers/ipa/ipa_access.c:534
        ret = <value optimized out>
        in_transaction = true
        hbac_ctx = 0x1350800
        domain = <value optimized out>
        sysdb = <value optimized out>
        base_dn = <value optimized out>
        be_ctx = <value optimized out>
        access_ctx = 0x130b550
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.38.el6.x86_64 krb5-libs-1.9-20.el6.x86_64
---Type <return> to continue, or q <return> to quit---
        tmp_ctx = <value optimized out>
        __FUNCTION__ = "hbac_sysdb_save"
#7  0x00007f4af71c7487 in ipa_hbac_rule_info_done (subreq=<value optimized out>) at src/providers/ipa/ipa_hbac_rules.c:213
        ret = 0
        req = 0x131b9d0
        state = 0x134a010
        __FUNCTION__ = "ipa_hbac_rule_info_done"
#8  0x00007f4af71dd406 in sdap_get_generic_done (op=<value optimized out>, reply=<value optimized out>, error=<value optimized out>, pvt=<value optimized out>)
    at src/providers/ldap/sdap_async.c:1024
        req = 0x131d860
        state = 0x1329590
        attrs = <value optimized out>
        errmsg = 0x0
        result = 0
        ret = <value optimized out>
        lret = 0
        total_count = 0
        cookie = {bv_len = 0, bv_val = 0x132f010 "P\205\064\001"}
        returned_controls = 0x1347d40
        page_control = <value optimized out>
        __FUNCTION__ = "sdap_get_generic_done"
#9  0x00007f4af71defb5 in sdap_process_message (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:307
        msgtype = <value optimized out>
        ret = 0
        reply = 0x131fac0
        op = 0x1311310
        msgid = 13
#10 sdap_process_result (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:207
        sh = <value optimized out>
        no_timeout = {tv_sec = 0, tv_usec = 0}
        te = <value optimized out>
        msg = 0x132e8f0
        ret = <value optimized out>
        __FUNCTION__ = "sdap_process_result"
#11 0x0000003173c034e5 in tevent_common_loop_timer_delay (ev=0x12e24a0) at tevent_timed.c:254
        current_time = {tv_sec = 0, tv_usec = 0}
        te = 0x131f930
#12 0x0000003173c0531b in std_event_loop_once (ev=<value optimized out>, location=<value optimized out>) at tevent_standard.c:537
        std_ev = 0x12e2560
        tval = {tv_sec = 0, tv_usec = 0}
#13 0x0000003173c026d0 in _tevent_loop_once (ev=0x12e24a0, location=0x4421d5 "src/util/server.c:526") at tevent.c:490
        ret = <value optimized out>
        nesting_stack_ptr = 0x0
#14 0x0000003173c0273b in tevent_common_loop_wait (ev=0x12e24a0, location=0x4421d5 "src/util/server.c:526") at tevent.c:591
        ret = <value optimized out>
#15 0x00000000004341b1 in server_loop (main_ctx=0x12e3610) at src/util/server.c:526
No locals.
---Type <return> to continue, or q <return> to quit---
#16 0x000000000040ed0b in main (argc=5, argv=<value optimized out>) at src/providers/data_provider_be.c:1333
        opt = <value optimized out>
        pc = <value optimized out>
        be_domain = 0x12e1460 "lab.eng.pnq.redhat.com"
        srv_name = <value optimized out>
        conf_entry = <value optimized out>
        main_ctx = 0x12e3610
        ret = 0
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x648800, val = 0, descrip = 0x4391d2 "Help options:", argDescrip = 0x0}, {
            longName = 0x4391e0 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x6488e0, val = 0, descrip = 0x4391b1 "Debug level", argDescrip = 0x0}, {
            longName = 0x4391ec "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x6488e4, val = 0, 
            descrip = 0x439e48 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x4391fb "debug-timestamps", 
            shortName = 0 '\000', argInfo = 2, arg = 0x6487c0, val = 0, descrip = 0x4391bd "Add debug timestamps", argDescrip = 0x0}, {
            longName = 0x43a7c0 "domain", shortName = 0 '\000', argInfo = 1, arg = 0x7fffccbea608, val = 0, 
            descrip = 0x439e80 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, 
            val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"

Comment 5 Stephen Gallagher 2011-09-07 18:45:26 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/990

Comment 8 Gowrishankar Rajaiyan 2011-09-08 04:36:56 UTC
[root@bumblebee ~]# ipa hbacrule-show  rule2 --all --raw
  dn:
ipauniqueid=bcc94bbe-d91d-11e0-aafb-525400deab7b,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  cn: rule2
  ipaenabledflag: TRUE
  externalhost: external.lab.eng.pnq.redhat.com
  externalhost: ironhide.lab.eng.pnq.redhat.com
  sourcehost:
fqdn=mudflap.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberhost:
fqdn=bumblebee.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberuser:
uid=shanks,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  accessruletype: allow
  ipauniqueid: bcc94bbe-d91d-11e0-aafb-525400deab7b
  memberservice:
cn=vsftpd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberservice:
cn=sshd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  objectclass: ipaassociation
  objectclass: ipahbacrule


/var/log/secure:
Sep  7 23:47:24 bumblebee sshd[13345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ironhide.lab.eng.pnq.redhat.com  user=shanks
Sep  7 23:47:25 bumblebee sshd[13345]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=ironhide.lab.eng.pnq.redhat.com user=shanks
Sep  7 23:47:26 bumblebee sshd[13345]: Accepted password for shanks from 10.65.201.65 port 45251 ssh2
Sep  7 23:47:26 bumblebee sshd[13345]: pam_unix(sshd:session): session opened for user shanks by (uid=0)


- authentication successful as expected.
- no crash detected.

Comment 10 Gowrishankar Rajaiyan 2011-09-08 04:57:38 UTC
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 50.el6                        Build Date: Wed 07 Sep 2011 04:17:16 PM EDT
Install Date: Thu 08 Sep 2011 12:26:38 AM EDT      Build Host: x86-002.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-50.el6.src.rpm
Size        : 3550272                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 11 Jakub Hrozek 2011-10-27 14:31:52 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Do not document

Comment 12 errata-xmlrpc 2011-12-06 16:39:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1529.html


Note You need to log in before you can comment on or make changes to this bug.