784420 – Offline(network disconnect) authentication using proxy provider crashes sssd.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 784420 - Offline(network disconnect) authentication using proxy provider crashes sssd.

Summary: Offline(network disconnect) authentication using proxy provider crashes sssd.

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	7.0
Hardware:	i386
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	7.1
Assignee:	SSSD Maintainers
QA Contact:	Kaushik Banerjee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-01-24 20:46 UTC by Amith
Modified:	2020-05-02 17:31 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-04-24 11:22:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
backtrace from reproducer (14.42 KB, text/plain) 2013-08-07 10:36 UTC, Nirupama Karandikar	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 2195	0	None	closed	Offline(network disconnect) authentication using proxy provider crashes sssd.	2020-07-09 08:54:45 UTC
Github	SSSD sssd issues 3186	0	None	closed	proxy backend might get killed if proxied operation takes too long	2020-07-09 08:54:45 UTC

Description Amith 2012-01-24 20:46:42 UTC

Description of problem:
Authentication from the sssd client fails when the client is disconnected from network and sssd crashes.

Version-Release number of selected component (if applicable):
sssd-1.5.1-49.el5

How reproducible:
Always
 
Steps to Reproduce:
1. Edit /etc/ldap.conf and add the following:
uri ldap://<hostname.com>:<port>
ssl no
base <basedn> 

2. Create and edit /etc/pam.d/sssdproxyldap with the following contents:
auth          required      pam_ldap.so
account       required      pam_ldap.so
password      required      pam_ldap.so
session       required      pam_ldap.so

3. The issue was produced on 2 different configurations for /etc/sssd/sssd.conf file. The test setup for first SSSD configuration requires a Redhat or 389 directory server. The test setup for second SSSD configuration requires both directory server and KDC server. The kerberos user with userid matching the ldap user. Both the configurations are defined below:

(i)First SSSD Configuration:
[sssd]
config_file_version = 2
domains = LDAP
sbus_timeout = 30
services = nss, pam

[nss]
entry_cache_timeout = 30
entry_negative_timeout  = 1
enum_cache_timeout = 30
filter_groups = root
filter_users = root

[pam]

[domain/LDAP]
auth_provider = proxy
cache_credentials = TRUE
id_provider = proxy
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
use_fully_qualified_names = TRUE

(ii) Second SSSD Configuration:
[sssd]
config_file_version = 2
domains = LDAP
sbus_timeout = 30
services = nss, pam

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/LDAP]
id_provider = proxy
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap

auth_provider = krb5
krb5_kdcip = <ip_address of KDC>
krb5_realm = <EXAMPLE.COM>
chpass_provider = krb5

4. After setting the above configurations, start sssd service and authenticate from the sssd client atleast once online to get the credentials cached. Following step was executed to do this:
$ ssh -l <user> localhost

5. Simulate offline authentication by disconnecting network connection and login again using ssh. 
  
Actual results: 
Authenticaton fails. Please review the sample steps below:
# ssh -l anup1@LDAP localhost
anup1@LDAP@localhost's password:
Connection closed by 127.0.0.1

Expected results:
Authentication should be successful.

Additional info:
1) sssd_be crash backtrace for first SSSD Configuration:

[root@localhost ~]# gdb -p 1734
GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-42.el5)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 1734
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
Reading symbols from /lib/libpam.so.0...Reading symbols from /usr/lib/debug/lib/libpam.so.0.81.5.debug...done.
done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /usr/lib/libtevent.so.0...Reading symbols from /usr/lib/debug/usr/lib/libtevent.so.0.9.8.debug...done.
done.
Loaded symbols for /usr/lib/libtevent.so.0
Reading symbols from /usr/lib/libtalloc.so.2...Reading symbols from /usr/lib/debug/usr/lib/libtalloc.so.2.0.1.debug...done.
done.
Loaded symbols for /usr/lib/libtalloc.so.2
Reading symbols from /usr/lib/libpopt.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpopt.so.0
Reading symbols from /usr/lib/libldb.so.0...Reading symbols from /usr/lib/debug/usr/lib/libldb.so.0.9.10.debug...done.
done.
Loaded symbols for /usr/lib/libldb.so.0
Reading symbols from /lib/libdbus-1.so.3...Reading symbols from /usr/lib/debug/lib/libdbus-1.so.3.4.0.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Loaded symbols for /lib/libdbus-1.so.3
Reading symbols from /lib/libpcre.so.0...Reading symbols from /usr/lib/debug/lib/libpcre.so.0.0.1.debug...done.
done.
Loaded symbols for /lib/libpcre.so.0
Reading symbols from /usr/lib/libini_config.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libini_config.so.2
Reading symbols from /usr/lib/libcollection.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcollection.so.2
Reading symbols from /usr/lib/libdhash.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libdhash.so.1
Reading symbols from /usr/lib/liblber-2.4.so.2...Reading symbols from /usr/lib/debug/usr/lib/liblber-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /usr/lib/liblber-2.4.so.2
Reading symbols from /usr/lib/libldap-2.4.so.2...Reading symbols from /usr/lib/debug/usr/lib/libldap-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /usr/lib/libldap-2.4.so.2
Reading symbols from /usr/lib/libtdb.so.1...Reading symbols from /usr/lib/debug/usr/lib/libtdb.so.1.2.1.debug...done.
done.
Loaded symbols for /usr/lib/libtdb.so.1
Reading symbols from /usr/lib/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libssl3.so
Reading symbols from /usr/lib/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libsmime3.so
Reading symbols from /usr/lib/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libnss3.so
Reading symbols from /usr/lib/libnssutil3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libnssutil3.so
Reading symbols from /usr/lib/libplds4.so...Reading symbols from /usr/lib/debug/usr/lib/libplds4.so.debug...done.
done.
Loaded symbols for /usr/lib/libplds4.so
Reading symbols from /usr/lib/libplc4.so...Reading symbols from /usr/lib/debug/usr/lib/libplc4.so.debug...done.
done.
Loaded symbols for /usr/lib/libplc4.so
Reading symbols from /usr/lib/libnspr4.so...Reading symbols from /usr/lib/debug/usr/lib/libnspr4.so.debug...done.
done.
Loaded symbols for /usr/lib/libnspr4.so
Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libglib-2.0.so.0...Reading symbols from /usr/lib/debug/lib/libglib-2.0.so.0.1200.3.debug...done.
done.
Loaded symbols for /lib/libglib-2.0.so.0
Reading symbols from /usr/lib/libcares.so.2...Reading symbols from /usr/lib/debug/usr/lib/libcares.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib/libcares.so.2
Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libaudit.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib/libaudit.so.0
Reading symbols from /lib/libcap.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libcap.so.1
Reading symbols from /usr/lib/libpath_utils.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpath_utils.so.1
Reading symbols from /usr/lib/libref_array.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libref_array.so.1
Reading symbols from /lib/libresolv.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /usr/lib/libsasl2.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libsasl2.so.2
Reading symbols from /lib/libssl.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libssl.so.6
Reading symbols from /lib/libcrypto.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /lib/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /lib/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/libgssapi_krb5.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /lib/libcom_err.so.2...Reading symbols from /usr/lib/debug/lib/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /usr/lib/libkrb5support.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /lib/libkeyutils.so.1...Reading symbols from /usr/lib/debug/lib/libkeyutils-1.2.so.debug...done.
done.
Loaded symbols for /lib/libkeyutils.so.1
Reading symbols from /lib/libselinux.so.1...Reading symbols from /usr/lib/debug/lib/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /lib/libsepol.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libsepol.so.1
Reading symbols from /usr/lib/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib/ldb/memberof.so.debug...done.
done.
Loaded symbols for /usr/lib/ldb/memberof.so
Reading symbols from /usr/lib/sssd/libsss_proxy.so...Reading symbols from /usr/lib/debug/usr/lib/sssd/libsss_proxy.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib/sssd/libsss_proxy.so
Reading symbols from /lib/libnss_ldap.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_ldap.so.2
Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib/libnss_sss.so.2.debug...done.
done.
Loaded symbols for /lib/libnss_sss.so.2
0x00778402 in __kernel_vsyscall ()
(gdb) cont
Continuing.
Detaching after fork from child process 6529.
(gdb) bt full
#0  0x00778402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00a7ba2b in poll () from /lib/libc.so.6
No symbol table info available.
#2  0x00e70965 in ?? () from /lib/libnss_ldap.so.2
No symbol table info available.
#3  0x00e61500 in ?? () from /lib/libnss_ldap.so.2
No symbol table info available.
#4  0x00e63b61 in ?? () from /lib/libnss_ldap.so.2
No symbol table info available.
#5  0x00e5477b in ?? () from /lib/libnss_ldap.so.2
No symbol table info available.
#6  0x00e53bcc in ?? () from /lib/libnss_ldap.so.2
No symbol table info available.
#7  0x00e5450c in _nss_ldap_search_s () from /lib/libnss_ldap.so.2
No symbol table info available.
#8  0x00e553da in _nss_ldap_getbyname () from /lib/libnss_ldap.so.2
No symbol table info available.
#9  0x00e55b48 in _nss_ldap_getpwnam_r () from /lib/libnss_ldap.so.2
No symbol table info available.
#10 0x00e2b6bc in get_initgr (mem_ctx=<value optimized out>, ctx=0x92a6608, sysdb=0x9296fa0, dom=0x9296628, 
    name=0x92abb50 "anup1") at src/providers/proxy/proxy_id.c:906
        tmpctx = 0x92ad9c8
        status = <value optimized out>
        ret = 0
        __FUNCTION__ = "get_initgr"
#11 0x00e2c292 in proxy_get_account_info (breq=0x92aac08) at src/providers/proxy/proxy_id.c:1125
        ctx = 0x1d4c0
        sysdb = 0x9296fa0
        domain = 0x9296628
        uid = <value optimized out>
        gid = <value optimized out>
        ret = <value optimized out>
        endptr = <value optimized out>
        __FUNCTION__ = "proxy_get_account_info"
#12 0x00bedec6 in tevent_common_loop_timer_delay (ev=0x9294fa0) at tevent_timed.c:254

---Type <return> to continue, or q <return> to quit---

  current_time = {tv_sec = 0, tv_usec = 0}
        te = 0x92b6df8
#13 0x00befd9d in std_event_loop_once (ev=0x9294fa0, location=0x808d2c1 "src/util/server.c:526") at tevent_standard.c:537
        std_ev = <value optimized out>
        tval = {tv_sec = 0, tv_usec = 0}
#14 0x00becec6 in _tevent_loop_once (ev=0x9294fa0, location=0x808d2c1 "src/util/server.c:526") at tevent.c:490
        ret = 153702304
        nesting_stack_ptr = 0x0
#15 0x00becf4f in tevent_common_loop_wait (ev=0x9294fa0, location=0x808d2c1 "src/util/server.c:526") at tevent.c:591
        ret = 0
#16 0x00becc58 in _tevent_loop_wait (ev=0x9294fa0, location=0x808d2c1 "src/util/server.c:526") at tevent.c:610
No locals.
#17 0x0807f0dc in server_loop (main_ctx=0x9295b68) at src/util/server.c:526
No locals.
#18 0x0805560c in main (argc=6, argv=0xbf897374) at src/providers/data_provider_be.c:1333
        opt = <value optimized out>
        pc = 0x1
        be_domain = 0x9294180 "LDAP"
        srv_name = <value optimized out>
        conf_entry = <value optimized out>
        main_ctx = 0x9295b68
        ret = 0
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x8092f60, val = 0, 
            descrip = 0x808488c "Help options:", argDescrip = 0x0}, {longName = 0x808489a "debug-level", 
            shortName = 100 'd', argInfo = 2, arg = 0x8092fe0, val = 0, descrip = 0x808486b "Debug level", 
            argDescrip = 0x0}, {longName = 0x80848a6 "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x8092fe4, 
            val = 0, descrip = 0x80854b8 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {
            longName = 0x80848b5 "debug-timestamps", shortName = 0 '\000', argInfo = 2, arg = 0x8092f50, val = 0, 
            descrip = 0x8084877 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x8085d10 "domain", 
            shortName = 0 '\000', argInfo = 1, arg = 0xbf8972a4, val = 0, 
            descrip = 0x80854ec "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, 
            shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"
(gdb) 



2) sssd_be crash backtrace for second SSSD Configuration:

[root@localhost ~]# gdb -p 7966
GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-42.el5)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 7966
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
Reading symbols from /lib/libpam.so.0...Reading symbols from /usr/lib/debug/lib/libpam.so.0.81.5.debug...done.
done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /usr/lib/libtevent.so.0...Reading symbols from /usr/lib/debug/usr/lib/libtevent.so.0.9.8.debug...done.
done.
Loaded symbols for /usr/lib/libtevent.so.0
Reading symbols from /usr/lib/libtalloc.so.2...Reading symbols from /usr/lib/debug/usr/lib/libtalloc.so.2.0.1.debug...done.
done.
Loaded symbols for /usr/lib/libtalloc.so.2
Reading symbols from /usr/lib/libpopt.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpopt.so.0
Reading symbols from /usr/lib/libldb.so.0...Reading symbols from /usr/lib/debug/usr/lib/libldb.so.0.9.10.debug...done.
done.
Loaded symbols for /usr/lib/libldb.so.0
Reading symbols from /lib/libdbus-1.so.3...Reading symbols from /usr/lib/debug/lib/libdbus-1.so.3.4.0.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Loaded symbols for /lib/libdbus-1.so.3
Reading symbols from /lib/libpcre.so.0...Reading symbols from /usr/lib/debug/lib/libpcre.so.0.0.1.debug...done.
done.
Loaded symbols for /lib/libpcre.so.0
Reading symbols from /usr/lib/libini_config.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libini_config.so.2
Reading symbols from /usr/lib/libcollection.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libcollection.so.2
Reading symbols from /usr/lib/libdhash.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libdhash.so.1
Reading symbols from /usr/lib/liblber-2.4.so.2...Reading symbols from /usr/lib/debug/usr/lib/liblber-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /usr/lib/liblber-2.4.so.2
Reading symbols from /usr/lib/libldap-2.4.so.2...Reading symbols from /usr/lib/debug/usr/lib/libldap-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /usr/lib/libldap-2.4.so.2
Reading symbols from /usr/lib/libtdb.so.1...Reading symbols from /usr/lib/debug/usr/lib/libtdb.so.1.2.1.debug...done.
done.
Loaded symbols for /usr/lib/libtdb.so.1
Reading symbols from /usr/lib/libssl3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libssl3.so
Reading symbols from /usr/lib/libsmime3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libsmime3.so
Reading symbols from /usr/lib/libnss3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libnss3.so
Reading symbols from /usr/lib/libnssutil3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libnssutil3.so
Reading symbols from /usr/lib/libplds4.so...Reading symbols from /usr/lib/debug/usr/lib/libplds4.so.debug...done.
done.
Loaded symbols for /usr/lib/libplds4.so
Reading symbols from /usr/lib/libplc4.so...Reading symbols from /usr/lib/debug/usr/lib/libplc4.so.debug...done.
done.
Loaded symbols for /usr/lib/libplc4.so
Reading symbols from /usr/lib/libnspr4.so...Reading symbols from /usr/lib/debug/usr/lib/libnspr4.so.debug...done.
done.
Loaded symbols for /usr/lib/libnspr4.so
Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libglib-2.0.so.0...Reading symbols from /usr/lib/debug/lib/libglib-2.0.so.0.1200.3.debug...done.
done.
Loaded symbols for /lib/libglib-2.0.so.0
Reading symbols from /usr/lib/libcares.so.2...Reading symbols from /usr/lib/debug/usr/lib/libcares.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib/libcares.so.2
Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libaudit.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib/libaudit.so.0
Reading symbols from /lib/libcap.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libcap.so.1
Reading symbols from /usr/lib/libpath_utils.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpath_utils.so.1
Reading symbols from /usr/lib/libref_array.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libref_array.so.1
Reading symbols from /lib/libresolv.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /usr/lib/libsasl2.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libsasl2.so.2
Reading symbols from /lib/libssl.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libssl.so.6
Reading symbols from /lib/libcrypto.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /lib/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /lib/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/libgssapi_krb5.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /lib/libcom_err.so.2...Reading symbols from /usr/lib/debug/lib/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /usr/lib/libkrb5support.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /lib/libkeyutils.so.1...Reading symbols from /usr/lib/debug/lib/libkeyutils-1.2.so.debug...done.
done.
Loaded symbols for /lib/libkeyutils.so.1
Reading symbols from /lib/libselinux.so.1...Reading symbols from /usr/lib/debug/lib/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /lib/libsepol.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libsepol.so.1
Reading symbols from /usr/lib/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib/ldb/memberof.so.debug...done.
done.
Loaded symbols for /usr/lib/ldb/memberof.so
Reading symbols from /usr/lib/sssd/libsss_proxy.so...Reading symbols from /usr/lib/debug/usr/lib/sssd/libsss_proxy.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib/sssd/libsss_proxy.so
Reading symbols from /lib/libnss_ldap.so.2...Reading symbols from /usr/lib/debug/lib/libnss_ldap-2.5.so.debug...done.
done.
Loaded symbols for /lib/libnss_ldap.so.2
Reading symbols from /usr/lib/sssd/libsss_krb5.so...Reading symbols from /usr/lib/debug/usr/lib/sssd/libsss_krb5.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib/sssd/libsss_krb5.so
Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib/libnss_sss.so.2.debug...done.
done.
Loaded symbols for /lib/libnss_sss.so.2
Reading symbols from /lib/libnss_dns.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_dns.so.2
Reading symbols from /usr/lib/libsoftokn3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libsoftokn3.so
Reading symbols from /usr/lib/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libfreebl3.so
0x00e73402 in __kernel_vsyscall ()
(gdb) cont
Continuing.
Detaching after fork from child process 27406.

Program received signal SIGTERM, Terminated.
0x00e73402 in __kernel_vsyscall ()
(gdb) bt full
#0  0x00e73402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00a7ba2b in poll () from /lib/libc.so.6
No symbol table info available.
#2  0x00eae965 in ldap_int_select () from /lib/libnss_ldap.so.2
No symbol table info available.
#3  0x00e9f500 in ldap_result () from /lib/libnss_ldap.so.2
No symbol table info available.
#4  0x00ea1b61 in ldap_search_st () from /lib/libnss_ldap.so.2
No symbol table info available.
#5  0x00e9277b in do_search_s (base=0x8651fb0 "dc=example,dc=com", scope=2, 
    filter=0xbfbd2e58 "(&(objectClass=posixAccount)(uid=ami1))", attrs=0x1184140, sizelimit=1, res=0xbfbd369c)
    at ldap-nss.c:2745
        rc = -4
        tv = {tv_sec = 120, tv_usec = 0}
        tvp = 0x1d4c0
#6  0x00e91bcc in do_with_reconnect (base=0x8651fb0 "dc=example,dc=com", scope=2, 
    filter=0xbfbd2e58 "(&(objectClass=posixAccount)(uid=ami1))", attrs=0x1184140, sizelimit=1, private=0xbfbd369c, 
    search_func=0xe926f0 <do_search_s>) at ldap-nss.c:2636
        tries = 0
        backoff = 0
        start_uri = 0
        log = 0
        stat = NSS_STATUS_SUCCESS
        maxtries = 7
        __PRETTY_FUNCTION__ = "do_with_reconnect"
#7  0x00e9250c in _nss_ldap_search_s (args=0xbfbd36f4, filterprot=0x118b0e0 "(&(objectClass=posixAccount)(uid=%s))", 
    sel=LM_PASSWD, user_attrs=<value optimized out>, sizelimit=1, res=0xbfbd369c) at ldap-nss.c:3160
        sdBase = "\000\000\000\000\n\000\000\000\063\067\275\277", '\000' <repeats 40 times>, " \303\034\000\000\000\000\000\364?\036\000\003\000\000\000\237p\034d\r\000\000\000\000\000\000\000\310\062\275\277\024\301\034\000\000\000\000\000\\\252d\b\330\062\275\277\364?\036\000\\\252d\b\030\063\275\277\330\062\275\277\310\344\034\000\000\000\000\000u\000\000\000(3\275\277\364?\036\000\354hf\b\004\000\000\000\004\000\000\000\022\350\034\000\350\024e\b\344\024e\b\a\000\000\000@\363d\b\000\000\000\000\000\000\000\000\024\000\000\000\364?\036\000\024\000\000\000\024\000\000\000H3\275\277\232\353\034\000\064\070\275\277\000\000\000\000\330\063\275\277d3\275\277\354hf\b\000\000\000\000\004\000\000\000\364?\036\000\354hf\b\033\000\000\000X3\275\277\200\354\034\000\004\000\000\000\354hf\b\210\063\275\277\036A\266\000\204@\030\001x3\275\277\200\000\000\000\001\000\000\000\000\000\000\000\330\065\275\277\000\000\000\000\000\000\000\000"...

---Type <return> to continue, or q <return> to quit---

        base = <value optimized out>
        filterBuf = "(&(objectClass=posixAccount)(uid=ami1))\000\000\000\000\000\334\063\275\277\177\360\236\000\000\000\000\000\000\000\000\000\n\000\000\000h4\275\277\035S\255\000\000\000\000\000\374\063\275\277\177\360\236\000\001\000\000\000\064\065\275\277\334\a\000\000;ʠ\000(5\275\277\263\206\241\000T.\275\277p.\275\277\001\000\000\000\000\000\000\000\334\a\000\000\000\000\000\000H5\275\277\000\000\000\000t.\275\277=\276\255\000 \276\255\000\006\000\000\000\v\000\000\000\000\000\000\000\263\206\241\000\000\000\000\000\377\377\377\377=\276\255\000 \276\255\000\006\000\000\000\v", '\000' <repeats 15 times>, "\n\000\000\000\370\063\275\277", '\000' <repeats 40 times>, " 5\275\277\030\000\000\000\002\000\000\000\270\064\275\277\177\360\236d\003\000\000\000\346[\241\000\067Pѷx\307c\b\"\000\000\000\001\000\000\000"...
        dynamicFilterBuf = 0x0
        attrs = 0x1184140
        filter = 0xbfbd2e58 "(&(objectClass=posixAccount)(uid=ami1))"
        scope = 2
        stat = NSS_STATUS_SUCCESS
        sd = 0x0
#8  0x00e933da in _nss_ldap_getbyname (args=0xbfbd36f4, result=0x863cf50, buffer=0x865cbe0 "\330L\b\b\020", buflen=4096, 
    errnop=0xbfbd37a8, filterprot=0x118b0e0 "(&(objectClass=posixAccount)(uid=%s))", sel=LM_PASSWD, 
    parser=0xe93b80 <_nss_ldap_parse_pw>) at ldap-nss.c:3512
        stat = <value optimized out>
        ctx = {ec_state = {ls_type = 0, ls_retry = 0, ls_info = {ls_key = 0x0, ls_index = 0}}, ec_msgid = -1, ec_res = 0x0, 
          ec_internal = 0, ec_sd = 0x0, ec_cookie = 0x0}
#9  0x00e93b48 in _nss_ldap_getpwnam_r (name=0x8650860 "ami1", result=0x863cf50, buffer=0x865cbe0 "\330L\b\b\020", 
    buflen=4096, errnop=0xbfbd37a8) at ldap-pwd.c:245
        a = {la_type = LA_TYPE_STRING, la_arg1 = {la_string = 0x8650860 "ami1", la_number = 140839008, la_triple = {
              host = 0x8650860 "ami1", user = 0xbe5694 "\205\300\211\306t\036\307@ p\f\025\350\307@$", 
              domain = 0x1030 <Address 0x1030 out of bounds>}, la_string_list = 0x8650860}, la_arg2 = {la_string = 0x0}, 
          la_base = 0x0}
        s = <value optimized out>
#10 0x001166bc in get_initgr (mem_ctx=<value optimized out>, ctx=0x8648850, sysdb=0x863cfa0, dom=0x863c420, 
    name=0x8650860 "ami1") at src/providers/proxy/proxy_id.c:906
        tmpctx = 0x866eaa0
        status = <value optimized out>
        ret = 0
        __FUNCTION__ = "get_initgr"
#11 0x00117292 in proxy_get_account_info (breq=0x86492d0) at src/providers/proxy/proxy_id.c:1125
        ctx = 0x1d4c0
        sysdb = 0x863cfa0

---Type <return> to continue, or q <return> to quit---

        domain = 0x863c420
        uid = <value optimized out>
        gid = <value optimized out>
        ret = <value optimized out>
        endptr = <value optimized out>
        __FUNCTION__ = "proxy_get_account_info"
#12 0x00bedec6 in tevent_common_loop_timer_delay (ev=0x863afa0) at tevent_timed.c:254
        current_time = {tv_sec = 0, tv_usec = 0}
        te = 0x866e9a8
#13 0x00befd9d in std_event_loop_once (ev=0x863afa0, location=0x808d2c1 "src/util/server.c:526") at tevent_standard.c:537
        std_ev = <value optimized out>
        tval = {tv_sec = 0, tv_usec = 0}
#14 0x00becec6 in _tevent_loop_once (ev=0x863afa0, location=0x808d2c1 "src/util/server.c:526") at tevent.c:490
        ret = 140750752
        nesting_stack_ptr = 0x0
#15 0x00becf4f in tevent_common_loop_wait (ev=0x863afa0, location=0x808d2c1 "src/util/server.c:526") at tevent.c:591
        ret = 0
#16 0x00becc58 in _tevent_loop_wait (ev=0x863afa0, location=0x808d2c1 "src/util/server.c:526") at tevent.c:610
No locals.
#17 0x0807f0dc in server_loop (main_ctx=0x863bb68) at src/util/server.c:526
No locals.
#18 0x0805560c in main (argc=6, argv=0xbfbd3ce4) at src/providers/data_provider_be.c:1333
        opt = <value optimized out>
        pc = 0x1
        be_domain = 0x863a180 "LDAP"
        srv_name = <value optimized out>
        conf_entry = <value optimized out>
        main_ctx = 0x863bb68
        ret = 0
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x8092f60, val = 0, 
            descrip = 0x808488c "Help options:", argDescrip = 0x0}, {longName = 0x808489a "debug-level", 
            shortName = 100 'd', argInfo = 2, arg = 0x8092fe0, val = 0, descrip = 0x808486b "Debug level", 
            argDescrip = 0x0}, {longName = 0x80848a6 "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x8092fe4, 
            val = 0, descrip = 0x80854b8 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {
            longName = 0x80848b5 "debug-timestamps", shortName = 0 '\000', argInfo = 2, arg = 0x8092f50, val = 0, 
            descrip = 0x8084877 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x8085d10 "domain", 

---Type <return> to continue, or q <return> to quit---

shortName = 0 '\000', argInfo = 1, arg = 0xbfbd3c14, val = 0, 
            descrip = 0x80854ec "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, 
            shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"

(gdb) quit

Comment 1 Stephen Gallagher 2012-01-26 12:53:37 UTC

Upstream ticket:
https://fedorahosted.org/sssd/ticket/1153

Comment 4 Stephen Gallagher 2012-03-21 13:42:12 UTC

Neither development nor the original reporter have been able to reproduce the issue recently. Closing as WORKSFORME. Please reopen this bug if the issue resurfaces.

Comment 6 Nirupama Karandikar 2013-08-07 10:36:15 UTC

Created attachment 783797 [details]
backtrace from reproducer

Comment 8 Jakub Hrozek 2013-08-29 11:48:52 UTC

This seems to be an nss_ldap bug. The getpwnam input is correct, so it should yield (some) results, not crash.

Comment 9 Nalin Dahyabhai 2013-08-29 13:04:54 UTC

The backtrace appears to show the process exiting after receiving a SIGTERM.  Is the monitor sending it a SIGTERM after a timeout expires while nss_ldap is waiting to reconnect?

Comment 10 Jakub Hrozek 2013-08-29 16:28:44 UTC

(In reply to Nalin Dahyabhai from comment #9)
> The backtrace appears to show the process exiting after receiving a SIGTERM.
> Is the monitor sending it a SIGTERM after a timeout expires while nss_ldap
> is waiting to reconnect?

Yes, but the SIGTERM would come after 30 seconds, shouldn't nss_ldap rather timeout much faster?

Comment 11 Nalin Dahyabhai 2013-09-03 13:41:22 UTC

(In reply to Jakub Hrozek from comment #10)
> Yes, but the SIGTERM would come after 30 seconds, shouldn't nss_ldap rather
> timeout much faster?

Not in the default "hard" mode, in which it does exponential backoff, starting by default with four seconds, and doubling the interval each time it needs to retry, up to the default maximum of 64 seconds.

Amith, do you have the contents of /var/log/messages from a machine where you're seeing this?  I'd expect to see nss_ldap logging messages about sleeping for some number of seconds before its next attempt at reconnecting, which would confirm that this is what's happening.

Comment 12 Jakub Hrozek 2013-11-07 09:36:23 UTC

Nalin is right this is an SSSD problem after all.

Comment 13 Jakub Hrozek 2013-11-07 09:44:04 UTC

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2144

Comment 14 Jakub Hrozek 2013-11-07 09:46:27 UTC

There is an easy workaround of setting a longer "timeout" or tweaking the nss_ldap configuration.

A better fix would be to spawn a subprocess per lookup, but that's an incremental improvement, so I'm moving this bugzilla to 7.1 for now.

Comment 15 Martin Kosek 2015-04-24 11:22:11 UTC

Thank you taking your time and submitting this request for Red Hat Enterprise Linux. Unfortunately, this bug was not given a priority and was deferred both in the upstream project and in Red Hat Enterprise Linux.

Given that we are unable to fulfill this request in following Red Hat Enterprise Linux releases, I am closing the Bugzilla as DEFERRED. To request that Red Hat re-considers the decision, please re-open the Bugzilla via appropriate support channels and provide additional business and/or technical details about its importance to you.

Note that you can still track this request or even contribute patches in the referred upstream Trac ticket.

Note You need to log in before you can comment on or make changes to this bug.