736314 – sssd crashes during auth while there exists multiple external hosts along with managed host.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 736314 - sssd crashes during auth while there exists multiple external hosts along with managed host.

Summary: sssd crashes during auth while there exists multiple external hosts along wit...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Stephen Gallagher
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	743047 748870
TreeView+	depends on / blocked

Reported:	2011-09-07 11:28 UTC by Gowrishankar Rajaiyan
Modified:	2020-05-02 16:25 UTC (History)
CC List:	7 users (show)
Fixed In Version:	sssd-1.5.1-50.el6
Doc Type:	Bug Fix
Doc Text:	Do not document
Clone Of:
Clones:	748870 (view as bug list)
Environment:
Last Closed:	2011-12-06 16:39:51 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 2032	0	None	None	None	2020-05-02 16:25:13 UTC
Red Hat Product Errata	RHBA-2011:1529	0	normal	SHIPPED_LIVE	sssd bug fix and enhancement update	2011-12-06 00:50:20 UTC

Description Gowrishankar Rajaiyan 2011-09-07 11:28:00 UTC

Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.5.1-49.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure a hbacrule on the server as (make sure to have multiple external hosts and one managed host)
[root@bumblebee ~]# ipa hbacrule-show  rule2 --all --raw
  dn: ipauniqueid=bcc94bbe-d91d-11e0-aafb-525400deab7b,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  cn: rule2
  ipaenabledflag: TRUE
  externalhost: external.lab.eng.pnq.redhat.com
  externalhost: ironhide.lab.eng.pnq.redhat.com
  sourcehost: fqdn=mudflap.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberhost: fqdn=bumblebee.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberuser: uid=shanks,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  accessruletype: allow
  ipauniqueid: bcc94bbe-d91d-11e0-aafb-525400deab7b
  memberservice: cn=vsftpd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberservice: cn=sshd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  objectclass: ipaassociation
  objectclass: ipahbacrule

2. Try ssh from the external host ironhide.lab.eng.pnq.redhat.com to the target host bumblebee.lab.eng.pnq.redhat.com

  
Actual results:
ssh auth session hangs and sssd crashes.

Expected results:
Auth should be successful without any crash.

Additional info:

Comment 2 Gowrishankar Rajaiyan 2011-09-07 12:00:14 UTC

At times I also see the following message in the sssd domain logs:

(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_host_attrs_to_rule] (8): Added host [bumblebee.lab.eng.pnq.redhat.com] to rule [rule2]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_shost_attrs_to_rule] (7): Processing source hosts for rule [rule2]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_host_attrs_to_rule] (4): No host specified, rule will never apply.
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_shost_attrs_to_rule] (8): Added external source host [ironhide.lab.eng.pnq.redhat.com] to rule [rule2]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_attrs_to_rule] (1): Could not parse source hosts for rule [rule2]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_ctx_to_rules] (1): Could not construct rules
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [ipa_hbac_evaluate_rules] (1): Could not construct HBAC rules
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_id_op_destroy] (9): releasing operation connection
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (4): Sending result [4][lab.eng.pnq.redhat.com]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (4): Sent result [4][lab.eng.pnq.redhat.com]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_process_result] (8): Trace: sh[0x22a4710], connected[1], ops[(nil)], ldap[0x22a51f0]
(Wed Sep  7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_process_result] (8): Trace: ldap_result found nothing!


This is reproduced more often if you have the following rule on your server:

# ipa hbacrule-show  rule2 --all --raw
  dn: ipauniqueid=bcc94bbe-d91d-11e0-aafb-525400deab7b,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  cn: rule2
  ipaenabledflag: TRUE
  externalhost: ironhide.lab.eng.pnq.redhat.com
  memberhost: fqdn=bumblebee.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberuser: uid=shanks,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  accessruletype: allow
  ipauniqueid: bcc94bbe-d91d-11e0-aafb-525400deab7b
  memberservice: cn=vsftpd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberservice: cn=sshd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  objectclass: ipaassociation
  objectclass: ipahbacrule

Comment 3 Gowrishankar Rajaiyan 2011-09-07 12:04:44 UTC

[root@bumblebee ~]# gdb --core=core.9425.1 /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit"
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
[New Thread 9425]
Missing separate debuginfo for 
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/49/0fbc77e52e600698826003dad684bbb09d149d
Reading symbols from /lib64/libpam.so.0.82.2...Reading symbols from /usr/lib/debug/lib64/libpam.so.0.82.2.debug...done.
done.
Loaded symbols for /lib64/libpam.so.0.82.2
Reading symbols from /usr/lib64/libtevent.so.0.9.8...Reading symbols from /usr/lib/debug/usr/lib64/libtevent.so.0.9.8.debug...done.
done.
Loaded symbols for /usr/lib64/libtevent.so.0.9.8
Reading symbols from /usr/lib64/libtalloc.so.2.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libtalloc.so.2.0.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtalloc.so.2.0.1
Reading symbols from /lib64/libpopt.so.0.0.0...Reading symbols from /usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done.
done.
Loaded symbols for /lib64/libpopt.so.0.0.0
Reading symbols from /usr/lib64/libldb.so.0.9.10...Reading symbols from /usr/lib/debug/usr/lib64/libldb.so.0.9.10.debug...done.
done.
Loaded symbols for /usr/lib64/libldb.so.0.9.10
Reading symbols from /lib64/libdbus-1.so.3.4.0...Reading symbols from /usr/lib/debug/lib64/libdbus-1.so.3.4.0.debug...done.
done.
Loaded symbols for /lib64/libdbus-1.so.3.4.0
Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /lib64/libpcre.so.0.0.1...Reading symbols from /usr/lib/debug/lib64/libpcre.so.0.0.1.debug...done.
done.
Loaded symbols for /lib64/libpcre.so.0.0.1
Reading symbols from /usr/lib64/libini_config.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libini_config.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libini_config.so.2.0.0
Reading symbols from /usr/lib64/libcollection.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcollection.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcollection.so.2.0.0
Reading symbols from /usr/lib64/libdhash.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libdhash.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libdhash.so.1.0.0
Reading symbols from /lib64/liblber-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/liblber-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/liblber-2.4.so.2.5.6
Reading symbols from /lib64/libldap-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/libldap-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/libldap-2.4.so.2.5.6
Reading symbols from /usr/lib64/libtdb.so.1.2.1...Reading symbols from /usr/lib/debug/usr/lib64/libtdb.so.1.2.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtdb.so.1.2.1
Reading symbols from /usr/lib64/libssl3.so...Reading symbols from /usr/lib/debug/usr/lib64/libssl3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libssl3.so
Reading symbols from /usr/lib64/libsmime3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsmime3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libsmime3.so
Reading symbols from /usr/lib64/libnss3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnss3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnss3.so
Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnssutil3.so
Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done.
done.
Loaded symbols for /lib64/libplds4.so
Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done.
done.
Loaded symbols for /lib64/libplc4.so
Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done.
done.
Loaded symbols for /lib64/libnspr4.so
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /usr/lib64/libcares.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcares.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcares.so.2.0.0
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/libaudit.so.1.0.0...Reading symbols from /usr/lib/debug/lib64/libaudit.so.1.0.0.debug...done.
done.
Loaded symbols for /lib64/libaudit.so.1.0.0
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libpath_utils.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libpath_utils.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libpath_utils.so.1.0.0
Reading symbols from /usr/lib64/libref_array.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libref_array.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libref_array.so.1.0.0
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /usr/lib64/libsasl2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/libsasl2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/libsasl2.so.2.0.23
Reading symbols from /lib64/libz.so.1.2.3...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done.
done.
Loaded symbols for /lib64/libz.so.1.2.3
Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done.
done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /usr/lib64/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib64/ldb/memberof.so.debug...done.
done.
Loaded symbols for /usr/lib64/ldb/memberof.so
Reading symbols from /usr/lib64/sssd/libsss_ipa.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/sssd/libsss_ipa.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/sssd/libsss_ipa.so.1.0.0
Reading symbols from /lib64/libkeyutils.so.1.3...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done.
done.
Loaded symbols for /lib64/libkeyutils.so.1.3
Reading symbols from /lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5.so.3
Reading symbols from /lib64/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libk5crypto.so.3
Reading symbols from /lib64/libcom_err.so.2.1...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib64/libcom_err.so.2.1
Reading symbols from /usr/lib64/libipa_hbac.so.0.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libipa_hbac.so.0.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libipa_hbac.so.0.0.0
Reading symbols from /usr/lib64/libunistring.so.0.1.2...Reading symbols from /usr/lib/debug/usr/lib64/libunistring.so.0.1.2.debug...done.
done.
Loaded symbols for /usr/lib64/libunistring.so.0.1.2
Reading symbols from /lib64/libkrb5support.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /lib64/libnss_dns.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnss_dns.so.2
Reading symbols from /lib64/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_sss.so.2.debug...done.
done.
Loaded symbols for /lib64/libnss_sss.so.2
Reading symbols from /usr/lib64/sasl2/libgssapiv2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libgssapiv2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libgssapiv2.so.2.0.23
Reading symbols from /lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libgssapi_krb5.so.2
Reading symbols from /usr/lib64/sasl2/libplain.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libplain.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libplain.so.2.0.23
Reading symbols from /usr/lib64/sasl2/libcrammd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libcrammd5.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libcrammd5.so.2.0.23
Reading symbols from /usr/lib64/sasl2/libsasldb.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libsasldb.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libsasldb.so.2.0.23
Reading symbols from /lib64/libdb-4.7.so...Reading symbols from /usr/lib/debug/lib64/libdb-4.7.so.debug...done.
done.
Loaded symbols for /lib64/libdb-4.7.so
Reading symbols from /usr/lib64/sasl2/libanonymous.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libanonymous.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libanonymous.so.2.0.23
Reading symbols from /usr/lib64/sasl2/libdigestmd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libdigestmd5.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libdigestmd5.so.2.0.23
Reading symbols from /usr/lib64/libcrypto.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcrypto.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcrypto.so.1.0.0
Reading symbols from /usr/lib64/sasl2/liblogin.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/liblogin.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/liblogin.so.2.0.23
Reading symbols from /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so...Reading symbols from /usr/lib/debug/usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so.debug...done.
done.
Loaded symbols for /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
Reading symbols from /usr/lib64/libsoftokn3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsoftokn3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libsoftokn3.so
Reading symbols from /usr/lib64/libsqlite3.so.0.8.6...Reading symbols from /usr/lib/debug/usr/lib64/libsqlite3.so.0.8.6.debug...done.
done.
Loaded symbols for /usr/lib64/libsqlite3.so.0.8.6
Core was generated by `/usr/libexec/sssd/sssd_be -d 10 --domain lab.eng.pnq.redhat.com'.
Program terminated with signal 11, Segmentation fault.
#0  0x000000316f07fa81 in __strlen_sse2 () from /lib64/libc.so.6

Thread 1 (Thread 0x7f4afd54e700 (LWP 9425)):
#0  0x000000316f07fa81 in __strlen_sse2 () from /lib64/libc.so.6
No symbol table info available.
#1  0x0000003170804ef4 in talloc_strdup (t=0x131e690, p=0x62376261 <Address 0x62376261 out of bounds>) at talloc.c:1581
No locals.
#2  0x00007f4af71c5c87 in hbac_shost_attrs_to_rule (mem_ctx=0x131fac0, sysdb=<value optimized out>, domain=<value optimized out>, rule_name=0x134e770 "rule2", 
    rule_attrs=<value optimized out>, source_hosts=0x131fae8) at src/providers/ipa/ipa_hbac_hosts.c:504
        ret = <value optimized out>
        host_count = 1
        tmp_ctx = 0x134ed50
        idx = 2
        el = 0x134e200
        shosts = 0x13115a0
        __FUNCTION__ = "hbac_shost_attrs_to_rule"
#3  0x00007f4af71cb1d4 in hbac_attrs_to_rule (mem_ctx=0x1350800, hbac_ctx=0x1350800, rules=0x7fffccbea0f8, request=0x7fffccbea0f0)
    at src/providers/ipa/ipa_hbac_common.c:460
        ret = <value optimized out>
        rule_type = 0x1346200 "allow"
        new_rule = 0x131fac0
        el = 0x134e1e0
#4  hbac_ctx_to_rules (mem_ctx=0x1350800, hbac_ctx=0x1350800, rules=0x7fffccbea0f8, request=0x7fffccbea0f0) at src/providers/ipa/ipa_hbac_common.c:347
        ret = <value optimized out>
        new_rules = 0x131ec40
        new_request = <value optimized out>
        i = <value optimized out>
        tmp_ctx = 0x1311710
        __FUNCTION__ = "hbac_ctx_to_rules"
#5  0x00007f4af71c04e8 in ipa_hbac_evaluate_rules (hbac_ctx=0x1350800) at src/providers/ipa/ipa_access.c:566
        ret = <value optimized out>
        hbac_rules = <value optimized out>
        eval_req = <value optimized out>
        result = <value optimized out>
        info = <value optimized out>
        __FUNCTION__ = "ipa_hbac_evaluate_rules"
#6  0x00007f4af71c267c in hbac_sysdb_save (req=0x0) at src/providers/ipa/ipa_access.c:534
        ret = <value optimized out>
        in_transaction = true
        hbac_ctx = 0x1350800
        domain = <value optimized out>
        sysdb = <value optimized out>
        base_dn = <value optimized out>
        be_ctx = <value optimized out>
        access_ctx = 0x130b550
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.38.el6.x86_64 krb5-libs-1.9-20.el6.x86_64
---Type <return> to continue, or q <return> to quit---
        tmp_ctx = <value optimized out>
        __FUNCTION__ = "hbac_sysdb_save"
#7  0x00007f4af71c7487 in ipa_hbac_rule_info_done (subreq=<value optimized out>) at src/providers/ipa/ipa_hbac_rules.c:213
        ret = 0
        req = 0x131b9d0
        state = 0x134a010
        __FUNCTION__ = "ipa_hbac_rule_info_done"
#8  0x00007f4af71dd406 in sdap_get_generic_done (op=<value optimized out>, reply=<value optimized out>, error=<value optimized out>, pvt=<value optimized out>)
    at src/providers/ldap/sdap_async.c:1024
        req = 0x131d860
        state = 0x1329590
        attrs = <value optimized out>
        errmsg = 0x0
        result = 0
        ret = <value optimized out>
        lret = 0
        total_count = 0
        cookie = {bv_len = 0, bv_val = 0x132f010 "P\205\064\001"}
        returned_controls = 0x1347d40
        page_control = <value optimized out>
        __FUNCTION__ = "sdap_get_generic_done"
#9  0x00007f4af71defb5 in sdap_process_message (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:307
        msgtype = <value optimized out>
        ret = 0
        reply = 0x131fac0
        op = 0x1311310
        msgid = 13
#10 sdap_process_result (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:207
        sh = <value optimized out>
        no_timeout = {tv_sec = 0, tv_usec = 0}
        te = <value optimized out>
        msg = 0x132e8f0
        ret = <value optimized out>
        __FUNCTION__ = "sdap_process_result"
#11 0x0000003173c034e5 in tevent_common_loop_timer_delay (ev=0x12e24a0) at tevent_timed.c:254
        current_time = {tv_sec = 0, tv_usec = 0}
        te = 0x131f930
#12 0x0000003173c0531b in std_event_loop_once (ev=<value optimized out>, location=<value optimized out>) at tevent_standard.c:537
        std_ev = 0x12e2560
        tval = {tv_sec = 0, tv_usec = 0}
#13 0x0000003173c026d0 in _tevent_loop_once (ev=0x12e24a0, location=0x4421d5 "src/util/server.c:526") at tevent.c:490
        ret = <value optimized out>
        nesting_stack_ptr = 0x0
#14 0x0000003173c0273b in tevent_common_loop_wait (ev=0x12e24a0, location=0x4421d5 "src/util/server.c:526") at tevent.c:591
        ret = <value optimized out>
#15 0x00000000004341b1 in server_loop (main_ctx=0x12e3610) at src/util/server.c:526
No locals.
---Type <return> to continue, or q <return> to quit---
#16 0x000000000040ed0b in main (argc=5, argv=<value optimized out>) at src/providers/data_provider_be.c:1333
        opt = <value optimized out>
        pc = <value optimized out>
        be_domain = 0x12e1460 "lab.eng.pnq.redhat.com"
        srv_name = <value optimized out>
        conf_entry = <value optimized out>
        main_ctx = 0x12e3610
        ret = 0
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x648800, val = 0, descrip = 0x4391d2 "Help options:", argDescrip = 0x0}, {
            longName = 0x4391e0 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x6488e0, val = 0, descrip = 0x4391b1 "Debug level", argDescrip = 0x0}, {
            longName = 0x4391ec "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x6488e4, val = 0, 
            descrip = 0x439e48 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x4391fb "debug-timestamps", 
            shortName = 0 '\000', argInfo = 2, arg = 0x6487c0, val = 0, descrip = 0x4391bd "Add debug timestamps", argDescrip = 0x0}, {
            longName = 0x43a7c0 "domain", shortName = 0 '\000', argInfo = 1, arg = 0x7fffccbea608, val = 0, 
            descrip = 0x439e80 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, 
            val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"

Comment 5 Stephen Gallagher 2011-09-07 18:45:26 UTC

Upstream ticket:
https://fedorahosted.org/sssd/ticket/990

Comment 8 Gowrishankar Rajaiyan 2011-09-08 04:36:56 UTC

[root@bumblebee ~]# ipa hbacrule-show  rule2 --all --raw
  dn:
ipauniqueid=bcc94bbe-d91d-11e0-aafb-525400deab7b,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  cn: rule2
  ipaenabledflag: TRUE
  externalhost: external.lab.eng.pnq.redhat.com
  externalhost: ironhide.lab.eng.pnq.redhat.com
  sourcehost:
fqdn=mudflap.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberhost:
fqdn=bumblebee.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberuser:
uid=shanks,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  accessruletype: allow
  ipauniqueid: bcc94bbe-d91d-11e0-aafb-525400deab7b
  memberservice:
cn=vsftpd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  memberservice:
cn=sshd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  objectclass: ipaassociation
  objectclass: ipahbacrule


/var/log/secure:
Sep  7 23:47:24 bumblebee sshd[13345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ironhide.lab.eng.pnq.redhat.com  user=shanks
Sep  7 23:47:25 bumblebee sshd[13345]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=ironhide.lab.eng.pnq.redhat.com user=shanks
Sep  7 23:47:26 bumblebee sshd[13345]: Accepted password for shanks from 10.65.201.65 port 45251 ssh2
Sep  7 23:47:26 bumblebee sshd[13345]: pam_unix(sshd:session): session opened for user shanks by (uid=0)


- authentication successful as expected.
- no crash detected.

Comment 10 Gowrishankar Rajaiyan 2011-09-08 04:57:38 UTC

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 50.el6                        Build Date: Wed 07 Sep 2011 04:17:16 PM EDT
Install Date: Thu 08 Sep 2011 12:26:38 AM EDT      Build Host: x86-002.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-50.el6.src.rpm
Size        : 3550272                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 11 Jakub Hrozek 2011-10-27 14:31:52 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Do not document

Comment 12 errata-xmlrpc 2011-12-06 16:39:51 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1529.html

Note You need to log in before you can comment on or make changes to this bug.