Red Hat Bugzilla – Bug 877130
LDAP provider fails to save empty groups
Last modified: 2014-07-23 05:47:41 EDT
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/1647 This is another ghost-users related regression. A logic bug in the LDAP provider causes an attempt to allocate a zero-length array for group members while processing an empty group. The allocation would return NULL and saving the empty group would fail.
To reproduce configure a group hierarchy like this: nonempty_gr1 -> empty_gr -> nonempty_gr2 + + \ \ - User1 - User2 Then getent group nonempty_gr1. The logs would show an ENOMEM bug and the memberships would be wrong in sysdb as empty_gr wouldn't be saved at all.
Verified in version 1.9.2-65 Output of beaker automation run: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: 2307bis_010 - bz 877130 - LDAP provider fails to save empty groups :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Stopping sssd: [ OK ] Starting sssd: [ OK ] [ OK ] :: [03:10:55] :: Sleeping for 5 seconds :: [ PASS ] :: Running 'getent group mofuser7_grp2 | grep mof_user7_2 | grep mof_user7_1' empty_grp:*:77779:mof_user7_1 :: [ PASS ] :: Running 'getent group empty_grp | grep mof_user7_1' mofuser7_grp1:*:77777:mof_user7_1 :: [ PASS ] :: Running 'getent group mofuser7_grp1 | grep mof_user7_1' uid=77777(mof_user7_1) gid=77777(mofuser7_grp1) groups=77777(mofuser7_grp1),77778(mofuser7_grp2),77779(empty_grp) :: [ PASS ] :: Running 'id mof_user7_1 | grep mofuser7_grp2 | grep mofuser7_grp1 | grep empty_grp' uid=77778(mof_user7_2) gid=77778(mofuser7_grp2) groups=77778(mofuser7_grp2) :: [ PASS ] :: Running 'id mof_user7_2 | grep mofuser7_grp2' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should not contain 'Failed to save ' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should not contain 'Error'
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0508.html