788979 – sssd crashes during initgroups against a user belonging to nested rfc2307bis group.

Bug 788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group.

Summary: sssd crashes during initgroups against a user belonging to nested rfc2307bis ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Stephen Gallagher
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-02-09 13:17 UTC by Kaushik Banerjee
Modified:	2020-05-02 16:44 UTC (History)
CC List:	4 users (show)
Fixed In Version:	sssd-1.8.0-4.el6.beta3
Doc Type:	Bug Fix
Doc Text:	No documentation needed.
Clone Of:
Environment:
Last Closed:	2012-06-20 11:54:57 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 2228	0	None	closed	sssd crashes during initgroups against a user belonging to nested rfc2307bis group.	2020-10-02 18:35:52 UTC
Red Hat Product Errata	RHBA-2012:0747	0	normal	SHIPPED_LIVE	sssd bug fix and enhancement update	2012-06-19 19:31:43 UTC

Description Kaushik Banerjee 2012-02-09 13:17:32 UTC

Description of problem:
sssd crashes during initgroups against a user belonging to nested rfc2307bis group.

Version-Release number of selected component (if applicable):
sssd-1.8.0-2.el6.beta2.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure sssd as follows:
[domain/openldap]
debug_level = 9
id_provider = ldap
ldap_uri = ldap://ldapserver.example.com
ldap_search_base = dc=example,dc=com
cache_credentials = true
ldap_tls_cacert = /etc/openldap/cacerts/server.pem
ldap_schema = rfc2307bis
ldap_group_object_class = groupOfNames

2. Add a user using the following ldif:
dn: uid=mof_user2,dc=example,dc=com
objectClass: account
objectClass: posixAccount
cn: memberof_user2
uidNumber: 22222
gidNumber: 22222
homeDirectory: /home/mof_user2
loginShell: /bin/bash
gecos: MEMBEROF USER2
userPassword: Secret123

dn: cn=mof_user2_grp1,dc=example,dc=com
gidNumber: 22222
objectClass: extensibleObject
objectClass: groupOfNames
member: uid=mof_user2,dc=example,dc=com

dn: cn=mof_user2_grp2,dc=example,dc=com
gidNumber: 22223
objectClass: extensibleObject
objectClass: groupOfNames
member: cn=mof_user2_grp1,dc=example,dc=com

dn: cn=mof_user2_grp3,dc=example,dc=com
gidNumber: 22224
objectClass: extensibleObject
objectClass: groupOfNames
member: cn=mof_user2_grp2,dc=example,dc=com

dn: cn=mof_user2_grp4,dc=example,dc=com
gidNumber: 22225
objectClass: extensibleObject
objectClass: groupOfNames
member: cn=mof_user2_grp3,dc=example,dc=com


3. Perform initgroups operation on the user:
# id mof_user2
  
Actual results:
Running "id mof_user2" hangs. And sssd_be crashes.

Expected results:
initgroups operation succeeds.

Additional info:
1. Crash backtrace:
# gdb --core=/var/spool/abrt/ccpp-2012-02-09-12\:29\:34-32139/coredump /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit"
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
[New Thread 32139]
Missing separate debuginfo for 
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/15/aeeb89cdee58e81ee8e0ccc5f7c79dac280dcf
Reading symbols from /lib64/libpam.so.0.82.2...Reading symbols from /usr/lib/debug/lib64/libpam.so.0.82.2.debug...done.
done.
Loaded symbols for /lib64/libpam.so.0.82.2
Reading symbols from /usr/lib64/libcares.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcares.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcares.so.2.0.0
Reading symbols from /usr/lib64/libtevent.so.0.9.8...Reading symbols from /usr/lib/debug/usr/lib64/libtevent.so.0.9.8.debug...done.
done.
Loaded symbols for /usr/lib64/libtevent.so.0.9.8
Reading symbols from /usr/lib64/libtalloc.so.2.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libtalloc.so.2.0.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtalloc.so.2.0.1
Reading symbols from /lib64/libpopt.so.0.0.0...Reading symbols from /usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done.
done.
Loaded symbols for /lib64/libpopt.so.0.0.0
Reading symbols from /usr/lib64/libldb.so.0.9.10...Reading symbols from /usr/lib/debug/usr/lib64/libldb.so.0.9.10.debug...done.
done.
Loaded symbols for /usr/lib64/libldb.so.0.9.10
Reading symbols from /lib64/libdbus-1.so.3.4.0...Reading symbols from /usr/lib/debug/lib64/libdbus-1.so.3.4.0.debug...done.
done.
Loaded symbols for /lib64/libdbus-1.so.3.4.0
Reading symbols from /lib64/librt-2.12.so...Reading symbols from /usr/lib/debug/lib64/librt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/librt-2.12.so
Reading symbols from /lib64/libpcre.so.0.0.1...Reading symbols from /usr/lib/debug/lib64/libpcre.so.0.0.1.debug...done.
done.
Loaded symbols for /lib64/libpcre.so.0.0.1
Reading symbols from /usr/lib64/libini_config.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libini_config.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libini_config.so.2.0.0
Reading symbols from /usr/lib64/libcollection.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcollection.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcollection.so.2.0.0
Reading symbols from /usr/lib64/libdhash.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libdhash.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libdhash.so.1.0.0
Reading symbols from /lib64/liblber-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/liblber-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/liblber-2.4.so.2.5.6
Reading symbols from /lib64/libldap-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/libldap-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/libldap-2.4.so.2.5.6
Reading symbols from /usr/lib64/libtdb.so.1.2.1...Reading symbols from /usr/lib/debug/usr/lib64/libtdb.so.1.2.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtdb.so.1.2.1
Reading symbols from /usr/lib64/libunistring.so.0.1.2...Reading symbols from /usr/lib/debug/usr/lib64/libunistring.so.0.1.2.debug...done.
done.
Loaded symbols for /usr/lib64/libunistring.so.0.1.2
Reading symbols from /usr/lib64/libssl3.so...Reading symbols from /usr/lib/debug/usr/lib64/libssl3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libssl3.so
Reading symbols from /usr/lib64/libsmime3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsmime3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libsmime3.so
Reading symbols from /usr/lib64/libnss3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnss3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnss3.so
Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnssutil3.so
Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done.
done.
Loaded symbols for /lib64/libplds4.so
Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done.
done.
Loaded symbols for /lib64/libplc4.so
Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done.
done.
Loaded symbols for /lib64/libnspr4.so
Reading symbols from /lib64/libpthread-2.12.so...Reading symbols from /usr/lib/debug/lib64/libpthread-2.12.so.debug...done.
[Thread debugging using libthread_db enabled]
done.
Loaded symbols for /lib64/libpthread-2.12.so
Reading symbols from /lib64/libdl-2.12.so...Reading symbols from /usr/lib/debug/lib64/libdl-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libdl-2.12.so
Reading symbols from /lib64/libc-2.12.so...Reading symbols from /usr/lib/debug/lib64/libc-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libc-2.12.so
Reading symbols from /lib64/libaudit.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libaudit.so.1
Reading symbols from /lib64/libcrypt-2.12.so...Reading symbols from /usr/lib/debug/lib64/libcrypt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libcrypt-2.12.so
Reading symbols from /lib64/ld-2.12.so...Reading symbols from /usr/lib/debug/lib64/ld-2.12.so.debug...done.
done.
Loaded symbols for /lib64/ld-2.12.so
Reading symbols from /usr/lib64/libpath_utils.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libpath_utils.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libpath_utils.so.1.0.0
Reading symbols from /usr/lib64/libref_array.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libref_array.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libref_array.so.1.0.0
Reading symbols from /lib64/libresolv-2.12.so...Reading symbols from /usr/lib/debug/lib64/libresolv-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libresolv-2.12.so
Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libsasl2.so.2
Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libz.so.1
Reading symbols from /lib64/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /usr/lib64/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib64/ldb/memberof.so.debug...done.
done.
Loaded symbols for /usr/lib64/ldb/memberof.so
Reading symbols from /usr/lib64/sssd/libsss_ldap.so...Reading symbols from /usr/lib/debug/usr/lib64/sssd/libsss_ldap.so.debug...done.
done.
Loaded symbols for /usr/lib64/sssd/libsss_ldap.so
Reading symbols from /lib64/libkrb5.so.3.3...Reading symbols from /usr/lib/debug/lib64/libkrb5.so.3.3.debug...done.
done.
Loaded symbols for /lib64/libkrb5.so.3.3
Reading symbols from /lib64/libk5crypto.so.3.1...Reading symbols from /usr/lib/debug/lib64/libk5crypto.so.3.1.debug...done.
done.
Loaded symbols for /lib64/libk5crypto.so.3.1
Reading symbols from /lib64/libcom_err.so.2.1...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib64/libcom_err.so.2.1
Reading symbols from /lib64/libkrb5support.so.0.1...Reading symbols from /usr/lib/debug/lib64/libkrb5support.so.0.1.debug...done.
done.
Loaded symbols for /lib64/libkrb5support.so.0.1
Reading symbols from /lib64/libkeyutils.so.1.3...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done.
done.
Loaded symbols for /lib64/libkeyutils.so.1.3
Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libnss_files-2.12.so...Reading symbols from /usr/lib/debug/lib64/libnss_files-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libnss_files-2.12.so
Reading symbols from /lib64/libnss_dns-2.12.so...Reading symbols from /usr/lib/debug/lib64/libnss_dns-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libnss_dns-2.12.so
Reading symbols from /lib64/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_sss.so.2.debug...done.
done.
Loaded symbols for /lib64/libnss_sss.so.2
Core was generated by `/usr/libexec/sssd/sssd_be --domain openldap --debug-to-files'.
Program terminated with signal 11, Segmentation fault.
#0  sysdb_attrs_get_el_int (attrs=0x1d3ec40, name=0x461123 "name", alloc=true, el=0x7fffaef75db8) at src/db/sysdb.c:310
310	        if (strcasecmp(name, attrs->a[i].name) == 0)

Thread 1 (Thread 0x7fc12ca8c700 (LWP 32139)):
#0  sysdb_attrs_get_el_int (attrs=0x1d3ec40, name=0x461123 "name", alloc=true, el=0x7fffaef75db8) at src/db/sysdb.c:310
        e = <value optimized out>
        i = <value optimized out>
#1  0x000000000042d8b8 in sysdb_attrs_primary_name (sysdb=0x1d06600, attrs=0x1d3ec40, ldap_attr=0x1d24160 "cn", _primary=0x7fffaef75e98)
    at src/db/sysdb.c:1579
        ret = <value optimized out>
        rdn_attr = 0x0
        rdn_val = 0x0
        sysdb_name_el = 0x60
        orig_dn_el = <value optimized out>
        i = <value optimized out>
        tmp_ctx = 0x1d40660
        __FUNCTION__ = "sysdb_attrs_primary_name"
#2  0x000000000042e408 in sysdb_attrs_primary_name_list (sysdb=0x1d06600, mem_ctx=<value optimized out>, attr_list=0x1d3e7a0, attr_count=1, 
    ldap_attr=0x1d24160 "cn", name_list=0x7fffaef75f40) at src/db/sysdb.c:1771
        ret = <value optimized out>
        i = <value optimized out>
        j = <value optimized out>
        list = 0x1d3eb20
        name = 0x1d3e2f0 "name=mof_user2_grp3,cn=groups,cn=openldap,cn=sysdb"
        __FUNCTION__ = "sysdb_attrs_primary_name_list"
#3  0x00007fc12670cec0 in rfc2307bis_group_memberships_build (item=<value optimized out>, user_data=<value optimized out>)
    at src/providers/ldap/sdap_async_initgroups.c:1847
        mstate = 0x1d41240
        group = 0x1d3eab0
        group_name = 0x1d3ebd0 "mof_user2_grp3"
        tmp_ctx = 0x1d3af30
        ret = 0
        sysdb_parents_names_list = <value optimized out>
        ldap_parents_names_list = 0x0
        mdiff = <value optimized out>
        __FUNCTION__ = "rfc2307bis_group_memberships_build"
#4  0x0000003474000d72 in hash_iterate (table=0x1d49d80, callback=0x7fc12670cc50 <rfc2307bis_group_memberships_build>, user_data=0x1d41240)
    at dhash/dhash.c:656
        i = <value optimized out>
        j = <value optimized out>
Missing separate debuginfos, use: debuginfo-install audit-libs-2.1.3-3.el6.x86_64 cyrus-sasl-lib-2.1.23-13.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 zlib-1.2.3-27.el6.x86_64
---Type <return> to continue, or q <return> to quit---
        s = 0x1d4a600
        p = 0x1d3e4d0
#5  0x00007fc12670dc06 in save_rfc2307bis_group_memberships (subreq=0x0) at src/providers/ldap/sdap_async_initgroups.c:1769
        ret = <value optimized out>
        tmp_ctx = 0x1d48d60
        membership_state = 0x1d41240
        iter = <value optimized out>
        in_transaction = false
        tret = <value optimized out>
        hret = <value optimized out>
#6  sdap_initgr_rfc2307bis_done (subreq=0x0) at src/providers/ldap/sdap_async_initgroups.c:1643
        ret = <value optimized out>
        req = 0x1d482d0
        state = 0x1d4a280
        in_transaction = true
        tret = <value optimized out>
        __FUNCTION__ = "sdap_initgr_rfc2307bis_done"
#7  0x00007fc1267144c8 in rfc2307bis_nested_groups_done (subreq=0x0) at src/providers/ldap/sdap_async_initgroups.c:2345
        ret = <value optimized out>
        req = 0x1d48e30
        state = 0x1d49050
        __FUNCTION__ = "rfc2307bis_nested_groups_done"
#8  0x00007fc1267144c8 in rfc2307bis_nested_groups_done (subreq=0x0) at src/providers/ldap/sdap_async_initgroups.c:2345
        ret = <value optimized out>
        req = 0x1d4a4e0
        state = 0x1d4ad20
        __FUNCTION__ = "rfc2307bis_nested_groups_done"
#9  0x00007fc1267144c8 in rfc2307bis_nested_groups_done (subreq=0x0) at src/providers/ldap/sdap_async_initgroups.c:2345
        ret = <value optimized out>
        req = 0x1d49150
        state = 0x1d3e000
        __FUNCTION__ = "rfc2307bis_nested_groups_done"
#10 0x0000003473403707 in tevent_common_loop_immediate (ev=0x1d04490) at tevent_immediate.c:135
        im = 0x1d3eb20
        handler = 0x34734046d0 <tevent_req_trigger>
        private_data = 0x1d3e360
#11 0x000000347340530a in std_event_loop_once (ev=0x1d04490, location=<value optimized out>) at tevent_standard.c:532
        std_ev = 0x1d04550
        tval = {tv_sec = 0, tv_usec = 0}
#12 0x00000034734026d0 in _tevent_loop_once (ev=0x1d04490, location=0x467083 "src/util/server.c:572") at tevent.c:490
        ret = <value optimized out>
        nesting_stack_ptr = 0x0
---Type <return> to continue, or q <return> to quit---
#13 0x000000347340273b in tevent_common_loop_wait (ev=0x1d04490, location=0x467083 "src/util/server.c:572") at tevent.c:591
        ret = <value optimized out>
#14 0x00000000004402b3 in server_loop (main_ctx=0x1d05590) at src/util/server.c:572
No locals.
#15 0x0000000000415376 in main (argc=<value optimized out>, argv=<value optimized out>) at src/providers/data_provider_be.c:2012
        opt = <value optimized out>
        pc = <value optimized out>
        be_domain = 0x1d03400 "openldap"
        srv_name = <value optimized out>
        main_ctx = 0x1d05590
        confdb_path = <value optimized out>
        ret = <value optimized out>
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x671d80, val = 0, descrip = 0x45e89c "Help options:", 
            argDescrip = 0x0}, {longName = 0x45e8aa "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x671e60, val = 0, 
            descrip = 0x45e87b "Debug level", argDescrip = 0x0}, {longName = 0x45e8b6 "debug-to-files", shortName = 102 'f', argInfo = 0, 
            arg = 0x671e64, val = 0, descrip = 0x45f858 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {
            longName = 0x45e8c5 "debug-timestamps", shortName = 0 '\000', argInfo = 2, arg = 0x671bd8, val = 0, 
            descrip = 0x45e887 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x45e8d6 "debug-microseconds", shortName = 0 '\000', 
            argInfo = 2, arg = 0x671bdc, val = 0, descrip = 0x45f890 "Show timestamps with microseconds", argDescrip = 0x0}, {
            longName = 0x4602e4 "domain", shortName = 0 '\000', argInfo = 1, arg = 0x7fffaef764c8, val = 0, 
            descrip = 0x45f8b8 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', 
            argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"

Comment 2 Stephen Gallagher 2012-02-09 16:12:21 UTC

Upstream ticket:
https://fedorahosted.org/sssd/ticket/1186

Comment 5 Jakub Hrozek 2012-04-03 18:16:35 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.

Comment 7 Kaushik Banerjee 2012-04-05 09:15:54 UTC

Verified in version:

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.8.0                             Vendor: Red Hat, Inc.
Release     : 20.el6                        Build Date: Fri 30 Mar 2012 06:45:57 PM IST
Install Date: Mon 02 Apr 2012 05:36:37 PM IST      Build Host: x86-002.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.8.0-20.el6.src.rpm
Size        : 7865577                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 9 errata-xmlrpc 2012-06-20 11:54:57 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html

Note You need to log in before you can comment on or make changes to this bug.