798317 – sssd crashes when ipa_hbac_support_srchost is set to true.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 798317 - sssd crashes when ipa_hbac_support_srchost is set to true.

Summary: sssd crashes when ipa_hbac_support_srchost is set to true.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Stephen Gallagher
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-02-28 15:57 UTC by Gowrishankar Rajaiyan
Modified:	2020-05-02 16:46 UTC (History)
CC List:	3 users (show)
Fixed In Version:	sssd-1.8.0-12.el6
Doc Type:	Bug Fix
Doc Text:	No technical note required
Clone Of:
Environment:
Last Closed:	2012-06-20 11:55:14 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
sssd_lab.eng.pnq.redhat.com.log (297.27 KB, text/plain) 2012-02-28 15:59 UTC, Gowrishankar Rajaiyan	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 2257	0	None	None	None	2020-05-02 16:46:29 UTC
Red Hat Product Errata	RHBA-2012:0747	0	normal	SHIPPED_LIVE	sssd bug fix and enhancement update	2012-06-19 19:31:43 UTC

Description Gowrishankar Rajaiyan 2012-02-28 15:57:15 UTC

Description of problem:
No crash detected when it is set to false which is the default and authentication is successful as expected ([ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [rule1]) since srchost is set to ALL ([hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled, setting ALL). However, if you set this value to true, authentication hangs and sssd crash detected. 

Version-Release number of selected component (if applicable):
sssd-1.8.0-4.el6.beta3.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure ipa hbac rule as:
[root@rodimus ~]# ipa hbacrule-find
--------------------
2 HBAC rules matched
--------------------
  Rule name: allow_all
  User category: all
  Host category: all
  Source host category: all
  Service category: all
  Description: Allow all users to access any host from any host
  Enabled: FALSE

  Rule name: rule1
  Enabled: TRUE
  Users: shanks
  Hosts: primenova.lab.eng.pnq.redhat.com
  Source Hosts: bumblebee.lab.eng.pnq.redhat.com
  Services: sshd
----------------------------
Number of entries returned 2
----------------------------
[root@rodimus ~]# 


2. # hostname 
primenova.lab.eng.pnq.redhat.com

3. Configure sssd.conf as:
[root@primenova ~]# egrep -v ^# /etc/sssd/sssd.conf 
[domain/lab.eng.pnq.redhat.com]
debug_level = 9
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = lab.eng.pnq.redhat.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = _srv_, rodimus.lab.eng.pnq.redhat.com
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hbac_support_srchost = True
[sssd]
config_file_version = 2
services = nss, pam

domains = lab.eng.pnq.redhat.com
[nss]

[pam]


[root@primenova ~]# 

4. [root@primenova ~]# ssh -l shanks $HOSTNAME
shanks.eng.pnq.redhat.com's password: 
<hangs>

  
Actual results:
Feb 28 17:59:27 primenova kernel: sssd_be[17620]: segfault at 0 ip 0000003cab804510 sp 00007fff4513a5c8 error 6 in libtevent.so.0.9.8[3cab800000+9000]
Feb 28 17:59:28 primenova abrt[17631]: Saved core dump of pid 17620 (/usr/libexec/sssd/sssd_be) to /var/spool/abrt/ccpp-2012-02-28-17:59:27-17620 (22183936 bytes)

Expected results: No crash detected.

Additional info:
# gdb --core=/var/spool/abrt/ccpp-2012-02-28-17\:59\:27-17620/coredump /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit"
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
[New Thread 17620]
Missing separate debuginfo for 
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/15/aeeb89cdee58e81ee8e0ccc5f7c79dac280dcf
Reading symbols from /lib64/libpam.so.0.82.2...Reading symbols from /usr/lib/debug/lib64/libpam.so.0.82.2.debug...done.
done.
Loaded symbols for /lib64/libpam.so.0.82.2
Reading symbols from /usr/lib64/libcares.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcares.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcares.so.2.0.0
Reading symbols from /usr/lib64/libtevent.so.0.9.8...Reading symbols from /usr/lib/debug/usr/lib64/libtevent.so.0.9.8.debug...done.
done.
Loaded symbols for /usr/lib64/libtevent.so.0.9.8
Reading symbols from /usr/lib64/libtalloc.so.2.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libtalloc.so.2.0.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtalloc.so.2.0.1
Reading symbols from /lib64/libpopt.so.0.0.0...Reading symbols from /usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done.
done.
Loaded symbols for /lib64/libpopt.so.0.0.0
Reading symbols from /usr/lib64/libldb.so.0.9.10...Reading symbols from /usr/lib/debug/usr/lib64/libldb.so.0.9.10.debug...done.
done.
Loaded symbols for /usr/lib64/libldb.so.0.9.10
Reading symbols from /lib64/libdbus-1.so.3.4.0...Reading symbols from /usr/lib/debug/lib64/libdbus-1.so.3.4.0.debug...done.
done.
Loaded symbols for /lib64/libdbus-1.so.3.4.0
Reading symbols from /lib64/librt-2.12.so...Reading symbols from /usr/lib/debug/lib64/librt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/librt-2.12.so
Reading symbols from /lib64/libpcre.so.0.0.1...Reading symbols from /usr/lib/debug/lib64/libpcre.so.0.0.1.debug...done.
done.
Loaded symbols for /lib64/libpcre.so.0.0.1
Reading symbols from /usr/lib64/libini_config.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libini_config.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libini_config.so.2.0.0
Reading symbols from /usr/lib64/libcollection.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcollection.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcollection.so.2.0.0
Reading symbols from /usr/lib64/libdhash.so.1.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libdhash.so.1.0.1.debug...done.
done.
Loaded symbols for /usr/lib64/libdhash.so.1.0.1
Reading symbols from /lib64/liblber-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/liblber-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/liblber-2.4.so.2.5.6
Reading symbols from /lib64/libldap-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/libldap-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/libldap-2.4.so.2.5.6
Reading symbols from /usr/lib64/libtdb.so.1.2.1...Reading symbols from /usr/lib/debug/usr/lib64/libtdb.so.1.2.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtdb.so.1.2.1
Reading symbols from /usr/lib64/libunistring.so.0.1.2...Reading symbols from /usr/lib/debug/usr/lib64/libunistring.so.0.1.2.debug...done.
done.
Loaded symbols for /usr/lib64/libunistring.so.0.1.2
Reading symbols from /usr/lib64/libssl3.so...Reading symbols from /usr/lib/debug/usr/lib64/libssl3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libssl3.so
Reading symbols from /usr/lib64/libsmime3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsmime3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libsmime3.so
Reading symbols from /usr/lib64/libnss3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnss3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnss3.so
Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnssutil3.so
Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done.
done.
Loaded symbols for /lib64/libplds4.so
Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done.
done.
Loaded symbols for /lib64/libplc4.so
Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done.
done.
Loaded symbols for /lib64/libnspr4.so
Reading symbols from /lib64/libpthread-2.12.so...Reading symbols from /usr/lib/debug/lib64/libpthread-2.12.so.debug...done.
[Thread debugging using libthread_db enabled]
done.
Loaded symbols for /lib64/libpthread-2.12.so
Reading symbols from /lib64/libdl-2.12.so...Reading symbols from /usr/lib/debug/lib64/libdl-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libdl-2.12.so
Reading symbols from /lib64/libc-2.12.so...Reading symbols from /usr/lib/debug/lib64/libc-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libc-2.12.so
Reading symbols from /lib64/libaudit.so.1.0.0...Reading symbols from /usr/lib/debug/lib64/libaudit.so.1.0.0.debug...done.
done.
Loaded symbols for /lib64/libaudit.so.1.0.0
Reading symbols from /lib64/libcrypt-2.12.so...Reading symbols from /usr/lib/debug/lib64/libcrypt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libcrypt-2.12.so
Reading symbols from /lib64/ld-2.12.so...Reading symbols from /usr/lib/debug/lib64/ld-2.12.so.debug...done.
done.
Loaded symbols for /lib64/ld-2.12.so
Reading symbols from /usr/lib64/libpath_utils.so.1...
warning: the debug information found in "/usr/lib/debug//usr/lib64/libpath_utils.so.1.0.0.debug" does not match "/usr/lib64/libpath_utils.so.1" (CRC mismatch).


warning: the debug information found in "/usr/lib/debug/usr/lib64/libpath_utils.so.1.0.0.debug" does not match "/usr/lib64/libpath_utils.so.1" (CRC mismatch).

(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libpath_utils.so.1
Reading symbols from /usr/lib64/libref_array.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libref_array.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libref_array.so.1.0.0
Reading symbols from /lib64/libresolv-2.12.so...Reading symbols from /usr/lib/debug/lib64/libresolv-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libresolv-2.12.so
Reading symbols from /usr/lib64/libsasl2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/libsasl2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/libsasl2.so.2.0.23
Reading symbols from /lib64/libz.so.1.2.3...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done.
done.
Loaded symbols for /lib64/libz.so.1.2.3
Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done.
done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /usr/lib64/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib64/ldb/memberof.so.debug...done.
done.
Loaded symbols for /usr/lib64/ldb/memberof.so
Reading symbols from /usr/lib64/sssd/libsss_ipa.so...Reading symbols from /usr/lib/debug/usr/lib64/sssd/libsss_ipa.so.debug...done.
done.
Loaded symbols for /usr/lib64/sssd/libsss_ipa.so
Reading symbols from /lib64/libkeyutils.so.1.3...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done.
done.
Loaded symbols for /lib64/libkeyutils.so.1.3
Reading symbols from /lib64/libkrb5.so.3.3...Reading symbols from /usr/lib/debug/lib64/libkrb5.so.3.3.debug...done.
done.
Loaded symbols for /lib64/libkrb5.so.3.3
Reading symbols from /lib64/libk5crypto.so.3.1...Reading symbols from /usr/lib/debug/lib64/libk5crypto.so.3.1.debug...done.
done.
Loaded symbols for /lib64/libk5crypto.so.3.1
Reading symbols from /lib64/libcom_err.so.2.1...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib64/libcom_err.so.2.1
Reading symbols from /usr/lib64/libipa_hbac.so.0.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libipa_hbac.so.0.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libipa_hbac.so.0.0.0
Reading symbols from /lib64/libkrb5support.so.0.1...Reading symbols from /usr/lib/debug/lib64/libkrb5support.so.0.1.debug...done.
done.
Loaded symbols for /lib64/libkrb5support.so.0.1
Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libnss_files-2.12.so...Reading symbols from /usr/lib/debug/lib64/libnss_files-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libnss_files-2.12.so
Reading symbols from /lib64/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_sss.so.2.debug...done.
done.
Loaded symbols for /lib64/libnss_sss.so.2
Reading symbols from /usr/lib64/sasl2/libdigestmd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libdigestmd5.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libdigestmd5.so.2.0.23
Reading symbols from /usr/lib64/libcrypto.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcrypto.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcrypto.so.1.0.0
Reading symbols from /usr/lib64/sasl2/libcrammd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libcrammd5.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libcrammd5.so.2.0.23
Reading symbols from /usr/lib64/sasl2/libplain.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libplain.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libplain.so.2.0.23
Reading symbols from /usr/lib64/sasl2/liblogin.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/liblogin.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/liblogin.so.2.0.23
Reading symbols from /usr/lib64/sasl2/libanonymous.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libanonymous.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libanonymous.so.2.0.23
Reading symbols from /usr/lib64/sasl2/libgssapiv2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libgssapiv2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libgssapiv2.so.2.0.23
Reading symbols from /lib64/libgssapi_krb5.so.2.2...Reading symbols from /usr/lib/debug/lib64/libgssapi_krb5.so.2.2.debug...done.
done.
Loaded symbols for /lib64/libgssapi_krb5.so.2.2
Reading symbols from /usr/lib64/sasl2/libsasldb.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libsasldb.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libsasldb.so.2.0.23
Reading symbols from /lib64/libdb-4.7.so...Reading symbols from /usr/lib/debug/lib64/libdb-4.7.so.debug...done.
done.
Loaded symbols for /lib64/libdb-4.7.so
Reading symbols from /lib64/libnss_dns-2.12.so...Reading symbols from /usr/lib/debug/lib64/libnss_dns-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libnss_dns-2.12.so
Reading symbols from /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so...Reading symbols from /usr/lib/debug/usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so.debug...done.
done.
Loaded symbols for /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
Core was generated by `/usr/libexec/sssd/sssd_be --domain lab.eng.pnq.redhat.com --debug-to-files'.
Program terminated with signal 11, Segmentation fault.
#0  tevent_req_set_callback (req=0x0, fn=0x7f1b092ed440 <ipa_hostgroup_info_done>, pvt=0x169f9f0) at tevent_req.c:372
372		req->async.fn = fn;

Thread 1 (Thread 0x7f1b0f6dc700 (LWP 17620)):
#0  tevent_req_set_callback (req=0x0, fn=0x7f1b092ed440 <ipa_hostgroup_info_done>, pvt=0x169f9f0) at tevent_req.c:372
No locals.
#1  0x00007f1b092ecec2 in ipa_host_info_done (subreq=<value optimized out>) at src/providers/ipa/ipa_hosts.c:284
        ret = <value optimized out>
        req = 0x169f9f0
        state = 0x1680430
        host_dn = 0x7f1b093cdf48 "src/providers/ldap/sdap_async.c:1407"
        __FUNCTION__ = "ipa_host_info_done"
#2  0x00007f1b093130ae in sdap_get_generic_done (subreq=0x0) at src/providers/ldap/sdap_async.c:1415
        req = 0x1682250
        ret = <value optimized out>
        __FUNCTION__ = "sdap_get_generic_done"
#3  0x00007f1b093168d4 in sdap_get_generic_ext_done (op=<value optimized out>, reply=<value optimized out>, error=<value optimized out>, pvt=<value optimized out>)
    at src/providers/ldap/sdap_async.c:1307
        req = 0x167f260
        state = 0x16a0a60
        errmsg = 0x0
        result = 0
        ret = <value optimized out>
        lret = <value optimized out>
        total_count = 0
        cookie = {bv_len = 0, bv_val = 0x16823b0 ""}
        returned_controls = 0x167f6b0
        page_control = <value optimized out>
        __FUNCTION__ = "sdap_get_generic_ext_done"
#4  0x00007f1b0931b1f2 in sdap_process_message (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:364
        msgtype = <value optimized out>
        ret = 0
        reply = 0x167f970
        op = 0x16a0d10
        msgid = <value optimized out>
#5  sdap_process_result (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:207
        sh = <value optimized out>
        no_timeout = {tv_sec = 0, tv_usec = 0}
        te = <value optimized out>
        msg = 0x1675470
        ret = <value optimized out>
        __FUNCTION__ = "sdap_process_result"
#6  0x0000003cab8034e5 in tevent_common_loop_timer_delay (ev=0x163c4b0) at tevent_timed.c:254
        current_time = {tv_sec = 0, tv_usec = 0}
        te = 0x1691580
#7  0x0000003cab80531b in std_event_loop_once (ev=<value optimized out>, location=<value optimized out>) at tevent_standard.c:537
        std_ev = 0x163c570
Missing separate debuginfos, use: debuginfo-install libpath_utils-0.2.1-8.el6.x86_64
---Type <return> to continue, or q <return> to quit---
        tval = {tv_sec = 0, tv_usec = 0}
#8  0x0000003cab8026d0 in _tevent_loop_once (ev=0x163c4b0, location=0x467063 "src/util/server.c:572") at tevent.c:490
        ret = <value optimized out>
        nesting_stack_ptr = 0x0
#9  0x0000003cab80273b in tevent_common_loop_wait (ev=0x163c4b0, location=0x467063 "src/util/server.c:572") at tevent.c:591
        ret = <value optimized out>
#10 0x00000000004402a3 in server_loop (main_ctx=0x163d620) at src/util/server.c:572
No locals.
#11 0x0000000000415366 in main (argc=<value optimized out>, argv=<value optimized out>) at src/providers/data_provider_be.c:2003
        opt = <value optimized out>
        pc = <value optimized out>
        be_domain = 0x163b400 "lab.eng.pnq.redhat.com"
        srv_name = <value optimized out>
        main_ctx = 0x163d620
        confdb_path = <value optimized out>
        ret = <value optimized out>
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x671d60, val = 0, descrip = 0x45e87c "Help options:", argDescrip = 0x0}, {
            longName = 0x45e88a "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x671e40, val = 0, descrip = 0x45e85b "Debug level", argDescrip = 0x0}, {
            longName = 0x45e896 "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x671e44, val = 0, 
            descrip = 0x45f838 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x45e8a5 "debug-timestamps", 
            shortName = 0 '\000', argInfo = 2, arg = 0x671bb8, val = 0, descrip = 0x45e867 "Add debug timestamps", argDescrip = 0x0}, {
            longName = 0x45e8b6 "debug-microseconds", shortName = 0 '\000', argInfo = 2, arg = 0x671bbc, val = 0, 
            descrip = 0x45f870 "Show timestamps with microseconds", argDescrip = 0x0}, {longName = 0x4602c4 "domain", shortName = 0 '\000', argInfo = 1, 
            arg = 0x7fff4513aaf8, val = 0, descrip = 0x45f898 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, 
            shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"

Comment 1 Gowrishankar Rajaiyan 2012-02-28 15:59:09 UTC

Created attachment 566329 [details]
sssd_lab.eng.pnq.redhat.com.log

Comment 3 Jakub Hrozek 2012-02-28 16:41:22 UTC

Upstream ticket:
https://fedorahosted.org/sssd/ticket/1215

Comment 6 Stephen Gallagher 2012-04-10 16:50:37 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No technical note required

Comment 7 Gowrishankar Rajaiyan 2012-05-29 17:03:36 UTC

verified as part of ipa automation::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-hbacsvc-client-bug766876_2: ipa_hbac_support_srchost is set to true - Case 2
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Kinit as admin user
:: [   PASS   ] :: Running 'cat /etc/sssd/sssd.conf'
:: [   PASS   ] :: Running 'cat /etc/sssd/sssd.conf'
:: [   PASS   ] :: Clearing cache
:: [   PASS   ] :: Running 'service sssd restart'
:: [   LOG    ] :: Verifies https://bugzilla.redhat.com/show_bug.cgi?id=798317
:: [   PASS   ] :: Authentication successful for user766876, as expected
:: [   PASS   ] :: Running 'ssh_auth_success user766876 testpw123 beast.testrelm.com'
:: [   PASS   ] :: Running 'sed -i 's/ipa_hbac_support_srchost = true/ipa_hbac_support_srchost = false/g' /etc/sssd/sssd.conf'
:: [   PASS   ] :: Running 'service sssd restart'
:: [   LOG    ] :: Duration: 28s
:: [   LOG    ] :: Assertions: 9 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-hbacsvc-client-bug766876_2: ipa_hbac_support_srchost is set to true - Case 2
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


Manual verification:

[root@primenova ~]# ipa hbacrule-add-service rule1
[member HBAC service]: sshd
[member HBAC service group]: 
  Rule name: rule1
  Enabled: TRUE
  Users: shanks
  Hosts: primenova.lab.eng.pnq.redhat.com
  Source Hosts: rodimus.lab.eng.pnq.redhat.com
  Services: sshd
-------------------------
Number of members added 1
-------------------------
[root@primenova ~]# 

[root@primenova ~]# egrep -v ^# /etc/sssd/sssd.conf 
[domain/lab.eng.pnq.redhat.com]
ipa_hbac_support_srchost = True
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = lab.eng.pnq.redhat.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = primenova.lab.eng.pnq.redhat.com
chpass_provider = ipa
ipa_server = primenova.lab.eng.pnq.redhat.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2

domains = lab.eng.pnq.redhat.com
[nss]

[pam]

[sudo]

[autofs]

[ssh]

[root@primenova ~]# 


[root@primenova ~]# ssh -l shanks $HOSTNAME
shanks.eng.pnq.redhat.com's password: 
Connection closed by 10.65.201.100
[root@primenova ~]# 


Verified: sssd-1.8.0-31.el6.x86_64

Comment 9 errata-xmlrpc 2012-06-20 11:55:14 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html

Note You need to log in before you can comment on or make changes to this bug.