Bug 833789 - sssd_nss segfaults when sudo operation is performed.
Summary: sssd_nss segfaults when sudo operation is performed.
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-20 11:19 UTC by Gowrishankar Rajaiyan
Modified: 2020-05-02 16:55 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-06-20 12:06:50 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
bt full (4.78 KB, text/plain)
2012-06-20 11:19 UTC, Gowrishankar Rajaiyan
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 2425 0 None None None 2020-05-02 16:55:15 UTC

Description Gowrishankar Rajaiyan 2012-06-20 11:19:37 UTC
Created attachment 593181 [details]
bt full

Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.8.93-0.20120618T1837Zgitbb79e75.fc17.x86_64

How reproducible:
Always

Steps to Reproduce: (Not sure if this is related, but the case where crash was detected is)

1. # ipa sudorule-show sudorule1 --all --raw
  dn: ipauniqueid=8d023938-bac0-11e1-b429-525400951069,cn=sudorules,cn=sudo,dc=testrelm,dc=com
  cn: sudorule1
  ipaenabledflag: TRUE
  memberhost: cn=hostgrp1,cn=hostgroups,cn=accounts,dc=testrelm,dc=com
  memberuser: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=com
  ipauniqueid: 8d023938-bac0-11e1-b429-525400951069
  objectclass: ipaassociation
  objectclass: ipasudorule

2. # ldapsearch -LLL -Y GSSAPI -b ou=SUDOers,dc=testrelm,dc=com
SASL/GSSAPI authentication started
SASL username: admin
SASL SSF: 56
SASL data security layer installed.
dn: ou=sudoers,dc=testrelm,dc=com
objectClass: extensibleObject
ou: sudoers

dn: cn=sudorule1,ou=sudoers,dc=testrelm,dc=com
objectClass: sudoRole
sudoUser: user1
sudoHost: +hostgrp1
cn: sudorule1

3. [root@dhcp201-207 ~]#  ssh -o StrictHostKeyChecking=no -l user1 dhcp201-207.testrelm.com
user1.com's password: 
Last login: Wed Jun 20 07:06:09 2012 from dhcp201-207.testrelm.com
-sh-4.2$ 

4. -sh-4.2$ sudo -l

  
Actual results:
/var/log/messages:
Jun 20 07:06:17 dhcp201-207 kernel: [1039881.361685] sssd_nss[20374]: segfault at 20 ip 0000003af5e89d8d sp 00007fff523572d8 e
rror 4 in libc-2.15.so[3af5e00000+1ac000]
Jun 20 07:06:17 dhcp201-207 abrtd: Directory 'ccpp-2012-06-20-07:06:17-20374' creation detected
Jun 20 07:06:17 dhcp201-207 abrt[20454]: Saved core dump of pid 20374 (/usr/libexec/sssd/sssd_nss) to /var/spool/abrt/ccpp-201
2-06-20-07:06:17-20374 (1142784 bytes)
Jun 20 07:06:17 dhcp201-207 sssd[nss]: Starting up



Expected results: No crash detected.


Additional info:

relevant sssd.conf:
--8<--
[domain/testrelm.com]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = testrelm.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = dhcp201-207.testrelm.com
chpass_provider = ipa
ipa_server = dhcp201-207.testrelm.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2

domains = testrelm.com
-->8--

sudo debug:
-sh-4.2$ sudo -l
LDAP Config Summary
===================
uri              ldap://dhcp201-207.testrelm.com
ldap_version     3
sudoers_base     ou=SUDOers,dc=testrelm,dc=com
binddn           uid=sudo,cn=sysaccounts,cn=etc,dc=testrelm,dc=com
bindpw           bind123
bind_timelimit   5
timelimit        15
ssl              no
tls_checkpeer    (yes)
tls_cacertfile   /etc/ipa/ca.crt
tls_cacertdir    /etc/ipa
===================
sudo: ldap_initialize(ld, ldap://dhcp201-207.testrelm.com)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 1
sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt
sudo: ldap_set_option: tls_cacert -> /etc/ipa/ca.crt
sudo: ldap_set_option: tls_cacertdir -> /etc/ipa
sudo: ldap_set_option: timelimit -> 15
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5)
sudo: ldap_sasl_bind_s() ok
sudo: Looking for cn=defaults: cn=defaults
sudo: no default options found in ou=SUDOers,dc=testrelm,dc=com
sudo: ldap search '(|(sudoUser=user1)(sudoUser=%user1)(sudoUser=ALL))'
sudo: searching from base 'ou=SUDOers,dc=testrelm,dc=com'
sudo: adding search result
sudo: ldap sudoHost '+hostgrp1' ... not
sudo: result now has 0 entries
sudo: ldap search '(sudoUser=+*)'
sudo: searching from base 'ou=SUDOers,dc=testrelm,dc=com'
sudo: adding search result
sudo: result now has 0 entries
sudo: sorting remaining 0 entries
sudo: perform search for pwflag 52
sudo: done with LDAP searches
sudo: user_matches=1
sudo: host_matches=0
sudo: sudo_ldap_lookup(52)=0x42
[sudo] password for user1:

Comment 1 Stephen Gallagher 2012-06-20 12:01:45 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1383

Comment 2 Stephen Gallagher 2012-06-20 12:06:50 UTC
Closing as an UPSTREAM bug. This was reported against an unreleased upstream nightly build. It belongs in the upstream bug tracker, not Fedora.


Note You need to log in before you can comment on or make changes to this bug.