Bug 824616 - sssd_nss crashes when configured with use_fully_qualified_names = true
sssd_nss crashes when configured with use_fully_qualified_names = true
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.3
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Stephen Gallagher
IDM QE LIST
: Regression
Depends On:
Blocks: 826592
  Show dependency treegraph
 
Reported: 2012-05-23 16:28 EDT by Kaushik Banerjee
Modified: 2012-06-20 07:45 EDT (History)
4 users (show)

See Also:
Fixed In Version: sssd-1.8.0-30.el6
Doc Type: Bug Fix
Doc Text:
No documentation required
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 07:45:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
crash backtrace (18.11 KB, application/octet-stream)
2012-05-23 16:28 EDT, Kaushik Banerjee
no flags Details

  None (edit)
Description Kaushik Banerjee 2012-05-23 16:28:22 EDT
Created attachment 586452 [details]
crash backtrace

Description of problem:
sssd_nss crashes when configured with use_fully_qualified_names = true

Version-Release number of selected component (if applicable):
sssd-1.8.0-29.el6.i686

How reproducible:
Always

Steps to Reproduce:
1. Add users/groups on ldap server as follows:
 
dn: uid=user1,ou=People,dc=example,dc=com
cn: User1
uid: user1
uidNumber: 3000
gidNumber: 3000
homeDirectory: /export/user1
objectClass: top
objectClass: posixAccount
 
dn: uid=user2,ou=People,dc=example,dc=com
cn: User2
uid: user2
uidNumber: 3001
gidNumber: 3001
homeDirectory: /export/user2
objectClass: top
objectClass: posixAccount
 
dn: cn=child,ou=Groups,dc=example,dc=com
gidNumber: 4001
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: child
memberUid: user2
 
dn: cn=parent,ou=Groups,dc=example,dc=com
gidNumber: 4000
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
cn: parent
memberUid: child
memberUid: user1
 

2. Configure sssd for lookup via proxy provider:
 
[domain/PROXY]
id_provider = proxy
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
enumerate = true
debug_level = 0xFFF0
use_fully_qualified_names = TRUE
cache_credentials = TRUE
 
3. Lookup group
# getent -s ldap group child
child:*:4001:user2

# getent -s sss group child@PROXY   <== crashes here

Actual results:
sssd_nss crashes

Expected results:
sssd_nss should not crash

Additional info:
Comment 1 Stephen Gallagher 2012-05-23 16:31:05 EDT
Patch is available upstream and is trivial (simple typo).
Comment 7 Amith 2012-05-29 10:11:34 EDT
Verified the bug on sssd-1.8.0-31.el6. This bug was discovered during the automation runs on RHEL-6.3 i386 and ppc64 architecutures against sssd version:1.8.0-28.el6. 
All the automation runs against the latest build passed. Please review the related beaker output below:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: SSSD proxy-ldap test 022 >>> id Command and Group Memberships
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

adding new entry "uid=user1,ou=People,dc=example,dc=com"

adding new entry "uid=user2,ou=People,dc=example,dc=com"

adding new entry "cn=child,ou=Groups,dc=example,dc=com"

adding new entry "cn=parent,ou=Groups,dc=example,dc=com"

:: [   PASS   ] :: Running '/usr/bin/ldapmodify -x -h dell-pe1855-02.rhts.eng.bos.redhat.com -p 389 -D "cn=Directory Manager" -w Secret123 -af setup.ldif'
Stopping sssd: [  OK  ]
:: [   PASS   ] :: Running 'service sssd stop'
:: [   PASS   ] :: Running 'rm -fr /var/lib/sss/db/*.ldb'
Starting sssd: [  OK  ]
[  OK  ]
:: [   PASS   ] :: Running 'service sssd start'
:: [   PASS   ] :: napping for 5 secs...
:: [   PASS   ] :: Running 'restart_clearing_cache'
user1@PROXY:*:3000:3000:User1:/export/user1:
:: [   PASS   ] :: Running 'getent -s sss passwd user1@PROXY'
user2@PROXY:*:3001:3001:User2:/export/user2:
:: [   PASS   ] :: Running 'getent -s sss passwd user2@PROXY'
child@PROXY:*:4001:user2@PROXY
:: [   PASS   ] :: Running 'getent -s sss group child@PROXY'
parent@PROXY:*:4000:user1@PROXY,child@PROXY
:: [   PASS   ] :: Running 'getent -s sss group parent@PROXY'
3000 4000
:: [   PASS   ] :: Running 'echo 3000 4000 | grep 3000'
3000 4000
:: [   PASS   ] :: Running 'echo 3000 4000 | grep 4000'
:: [   PASS   ] :: Running 'echo 3000 4000 | grep 4001'
3001 4001
:: [   PASS   ] :: Running 'echo 3001 4001 | grep 3001'
:: [   PASS   ] :: Running 'echo 3001 4001 | grep 4000'
3001 4001
:: [   PASS   ] :: Running 'echo 3001 4001 | grep 4001'
deleting entry "uid=user1,ou=People,dc=example,dc=com"

deleting entry "uid=user2,ou=People,dc=example,dc=com"

deleting entry "cn=child,ou=Groups,dc=example,dc=com"

deleting entry "cn=parent,ou=Groups,dc=example,dc=com"

'7d620d60-8a6d-4c57-a04d-4a52bd0be1ff'
SSSD-proxy-ldap-test-022-id-Command-and-Group-Memberships result: PASS
   metric: 0
   Log: /tmp/beakerlib-6010170/journal.txt
    Info: Searching AVC errors produced since 1338297807.32 (Tue May 29 09:23:27 2012)
     Searching logs...
     Info: No AVC messages found.
 Writing to /mnt/testarea/tmp.39dhcf
:
   AvcLog: /mnt/testarea/tmp.39dhcf
:: [   PASS   ] :: Running 'proxyldap_022'
Comment 8 Stephen Gallagher 2012-06-12 09:03:45 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation required
Comment 10 errata-xmlrpc 2012-06-20 07:45:03 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html

Note You need to log in before you can comment on or make changes to this bug.