Bug 877130 - LDAP provider fails to save empty groups
Summary: LDAP provider fails to save empty groups
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks: 881827
TreeView+ depends on / blocked
 
Reported: 2012-11-15 18:48 UTC by Dmitri Pal
Modified: 2020-05-02 17:06 UTC (History)
4 users (show)

Fixed In Version: sssd-1.9.2-20.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2013-02-21 09:40:26 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 2689 None None None 2020-05-02 17:06:10 UTC
Red Hat Product Errata RHSA-2013:0508 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 21:30:10 UTC

Description Dmitri Pal 2012-11-15 18:48:34 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1647

This is another ghost-users related regression. A logic bug in the LDAP provider causes an attempt to allocate a zero-length array for group members while processing an empty group. The allocation would return NULL and saving the empty group would fail.

Comment 1 Jakub Hrozek 2012-11-15 19:26:40 UTC
To reproduce configure a group hierarchy like this:

nonempty_gr1 -> empty_gr -> nonempty_gr2
   +                           +
   \                            \
    - User1                       - User2

Then getent group nonempty_gr1.

The logs would show an ENOMEM bug and the memberships would be wrong in sysdb as empty_gr wouldn't be saved at all.

Comment 3 Kaushik Banerjee 2013-01-08 10:27:52 UTC
Verified in version 1.9.2-65

Output of beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: 2307bis_010 - bz 877130 - LDAP provider fails to save empty groups
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]
[  OK  ]
:: [03:10:55] ::  Sleeping for 5 seconds
:: [   PASS   ] :: Running 'getent group mofuser7_grp2 | grep mof_user7_2 | grep mof_user7_1'
empty_grp:*:77779:mof_user7_1
:: [   PASS   ] :: Running 'getent group empty_grp | grep mof_user7_1'
mofuser7_grp1:*:77777:mof_user7_1
:: [   PASS   ] :: Running 'getent group mofuser7_grp1 | grep mof_user7_1'
uid=77777(mof_user7_1) gid=77777(mofuser7_grp1) groups=77777(mofuser7_grp1),77778(mofuser7_grp2),77779(empty_grp)
:: [   PASS   ] :: Running 'id mof_user7_1 | grep mofuser7_grp2 | grep mofuser7_grp1 | grep empty_grp'
uid=77778(mof_user7_2) gid=77778(mofuser7_grp2) groups=77778(mofuser7_grp2)
:: [   PASS   ] :: Running 'id mof_user7_2 | grep mofuser7_grp2'
:: [   PASS   ] :: File '/var/log/sssd/sssd_LDAP.log' should not contain 'Failed to save '
:: [   PASS   ] :: File '/var/log/sssd/sssd_LDAP.log' should not contain 'Error'

Comment 4 errata-xmlrpc 2013-02-21 09:40:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html


Note You need to log in before you can comment on or make changes to this bug.