Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set
SIGSEGV in IPA provider when ldap_sasl_authid is not set
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.4
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
: Regression
: 883882 906363 (view as bug list)
Depends On:
Blocks: 881827
  Show dependency treegraph
 
Reported: 2012-11-20 06:47 EST by Pavel Březina
Modified: 2015-05-12 06:43 EDT (History)
10 users (show)

See Also:
Fixed In Version: sssd-1.9.2-30.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:40:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0508 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 16:30:10 EST

  None (edit)
Description Pavel Březina 2012-11-20 06:47:48 EST 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1657

When id_provider = ipa and ldap_sasl_authid option is not configure, sssd_be crashes with SIGSEGV.

{{{
#0  __strchr_sse2 () at ../sysdeps/x86_64/strchr.S:33
#1  0x00007f76fd08f261 in sdap_set_sasl_options (id_opts=0xddfaf0, default_primary=0x0, default_realm=0xddf360 "IPA.PB", keytab_path=0x0) at src/providers/ldap/ldap_common.c:1028
#2  0x00007f76fcfc3eef in ipa_get_id_options (ipa_opts=0xddd960, cdb=0xdba740, conf_path=0xdc1240 "config/domain/IPA", _opts=0xddfa48) at src/providers/ipa/ipa_common.c:246
#3  0x00007f76fcfc03f1 in sssm_ipa_id_init (bectx=0xdc25e0, ops=0xdc2750, pvt_data=0xdc2758) at src/providers/ipa/ipa_init.c:145
#4  0x0000000000418fac in load_backend_module (ctx=0xdc25e0, bet_type=BET_ID, bet_info=0xdc2748, default_mod_name=0x0) at src/providers/data_provider_be.c:2055
#5  0x000000000041a678 in be_process_init (mem_ctx=0xdba650, be_domain=0xdb8420 "IPA", ev=0xdb94d0, cdb=0xdba740) at src/providers/data_provider_be.c:2208
#6  0x000000000041d2c9 in main (argc=5, argv=0x7fff94756a78) at src/providers/data_provider_be.c:2429
}}}
Comment 1 Pavel Březina 2012-11-20 06:52:31 EST 
How to test:
1. remove ldap_sasl_authid from sssd.conf
2. run sssd
3. sssd_be should not crash
Comment 4 Jakub Hrozek 2012-12-06 04:43:46 EST 
*** Bug 883882 has been marked as a duplicate of this bug. ***
Comment 5 Jakub Hrozek 2013-01-31 11:25:03 EST 
*** Bug 906363 has been marked as a duplicate of this bug. ***
Comment 7 Steeve Goveas 2013-02-01 06:11:57 EST 
    [root@hp-bl480c-01 sssd]# rpm -qa | grep sssd
    sssd-client-1.9.2-25.el6.i686
    sssd-1.9.2-25.el6.i686
    sssd-debuginfo-1.9.2-25.el6.i686
    sssd-tools-1.9.2-25.el6.i686

    * Setup hung at restarting web server for long time till it was aborted

    [root@hp-bl480c-01 ~]# ipa-server-install -p Secret123 -a Secret123 -r IPA.EXAMPLE.COM -n ipa.example.com --hostname=hp-bl480c-01.ipa.example.com --ip-address=10.16.64.241 -U
    ..
    .
    Done configuring the web interface (httpd).
    Applying LDAP updates
    Restarting the directory server
    Restarting the KDC
    Sample zone file for bind has been created in /tmp/sample.zone.tKKl0G.db
    Restarting the web server

    [root@hp-bl480c-01 sssd]# tail -f /var/log/sssd/sssd.log 
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]
    (Fri Feb  1 05:46:11 2013) [sssd] [monitor_quit] (0x0010): [10][No child processes] while waiting for [pac]

    [root@hp-bl480c-01 sssd]# tail -100 /var/log/messages| less
    Feb  1 05:28:50 hp-bl480c-01 sssd: Starting up
    Feb  1 05:28:51 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:28:51 hp-bl480c-01 kernel: sssd_be[29388]: segfault at 0 ip 00d05443 sp bfab8f98 error 4 in libc-2.12.so[c8c000+190000]
    Feb  1 05:28:51 hp-bl480c-01 abrtd: Directory 'ccpp-2013-02-01-05:28:51-29388' creation detected
    Feb  1 05:28:51 hp-bl480c-01 abrt[29389]: Saved core dump of pid 29388 (/usr/libexec/sssd/sssd_be) to /var/spool/abrt/ccpp-2013-02-01-05:28:51-29388 (937984 bytes)
    Feb  1 05:28:51 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:28:51 hp-bl480c-01 kernel: sssd_be[29391]: segfault at 0 ip 00983443 sp bfc57818 error 4 in libc-2.12.so[90a000+190000]
    Feb  1 05:28:51 hp-bl480c-01 abrt[29393]: Not saving repeating crash in '/usr/libexec/sssd/sssd_be'
    Feb  1 05:28:51 hp-bl480c-01 abrtd: Package 'sssd' isn't signed with proper key
    Feb  1 05:28:51 hp-bl480c-01 abrtd: 'post-create' on '/var/spool/abrt/ccpp-2013-02-01-05:28:51-29388' exited with 1
    Feb  1 05:28:51 hp-bl480c-01 abrtd: Corrupted or bad directory '/var/spool/abrt/ccpp-2013-02-01-05:28:51-29388', deleting
    Feb  1 05:28:53 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:28:53 hp-bl480c-01 kernel: sssd_be[29394]: segfault at 0 ip 00974443 sp bf859938 error 4 in libc-2.12.so[8fb000+190000]
    Feb  1 05:28:53 hp-bl480c-01 abrt[29395]: Not saving repeating crash in '/usr/libexec/sssd/sssd_be'
    Feb  1 05:28:56 hp-bl480c-01 sssd[nss]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[pam]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[ssh]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[pac]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[nss]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[pam]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[ssh]: Starting up
    Feb  1 05:28:56 hp-bl480c-01 sssd[pac]: Starting up
    Feb  1 05:28:57 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:28:57 hp-bl480c-01 kernel: sssd_be[29404]: segfault at 0 ip 00d82443 sp bfe46c68 error 4 in libc-2.12.so[d09000+190000]
    Feb  1 05:28:57 hp-bl480c-01 abrt[29405]: Not saving repeating crash in '/usr/libexec/sssd/sssd_be'
    Feb  1 05:50:46 hp-bl480c-01 sssd: Starting up
    Feb  1 05:50:46 hp-bl480c-01 sssd[be[ipa.example.com]]: Starting up
    Feb  1 05:50:46 hp-bl480c-01 sssd[nss]: Starting up


    [root@hp-bl480c-01 ~]# cat /etc/sssd/sssd.conf 
    [domain/ipa.example.com]

    cache_credentials = True
    krb5_store_password_if_offline = True
    ipa_domain = ipa.example.com
    id_provider = ipa
    auth_provider = ipa
    access_provider = ipa
    ipa_hostname = hp-bl480c-01.ipa.example.com
    chpass_provider = ipa
    ipa_server = hp-bl480c-01.ipa.example.com
    ldap_tls_cacert = /etc/ipa/ca.crt
    [sssd]
    services = nss, pam, ssh
    config_file_version = 2

    domains = ipa.example.com
    [nss]

    [pam]

    [sudo]

    [autofs]

    [ssh]

    [pac]

    * After adding ldap_sasl_authid

    [root@hp-bl480c-01 sssd]# cat /etc/sssd/sssd.conf  | grep ldap_sasl_authid
    ldap_sasl_authid = host/hp-bl480c-01.ipa.example.com

    [root@hp-bl480c-01 sssd]# killall sssd

    [root@hp-bl480c-01 sssd]# service sssd restart
    Stopping sssd: [FAILED]
    [  OK  ] sssd: [  OK  ]


    # On Server with fixed sssd version

    [root@athlon6 ~]# rpm -qa | grep sssd
    sssd-client-1.9.2-82.el6.i686
    sssd-1.9.2-82.el6.i686

    [root@athlon6 ~]# ps awux | grep sssd
    root     20781  0.0  0.1  12008  2492 ?        Ss   Jan28   0:46 /usr/sbin/sssd -f -D
    root     20782  0.0  0.3  19948  5624 ?        S    Jan28   0:16 /usr/libexec/sssd/sssd_be --domain ipalab.qe --debug-to-files
    root     20783  0.0  0.9  24456 14512 ?        S    Jan28   0:05 /usr/libexec/sssd/sssd_nss --debug-to-files
    root     20784  0.0  0.1  12724  2596 ?        S    Jan28   0:06 /usr/libexec/sssd/sssd_pam --debug-to-files
    root     20785  0.0  0.1  12564  2564 ?        S    Jan28   0:06 /usr/libexec/sssd/sssd_ssh --debug-to-files
    root     20786  0.0  0.1  16616  2940 ?        S    Jan28   0:05 /usr/libexec/sssd/sssd_pac --debug-to-files
    root     32397  0.0  0.0   4360   728 pts/0    S+   06:00   0:00 grep sssd

    [root@athlon6 ~]# grep ldap_sasl_authid /etc/sssd/sssd.conf  ; echo $?
    1

    [root@athlon6 ~]# kinit 
    Password for admin@IPALAB.QE: 

    [root@athlon6 ~]# ipa host-find
    ---------------
    2 hosts matched
    ---------------
      Host name: athlon6.ipalab.qe
      Principal name: host/athlon6.ipalab.qe@IPALAB.QE
      Password: False
      Keytab: True
      Managed by: athlon6.ipalab.qe
      SSH public key fingerprint: 8C:3B:C7:9A:7D:37:3F:48:B2:B4:3D:7C:D6:C2:0E:2B (ssh-rsa), CA:56:A7:40:F0:6D:CF:03:F6:2E:E0:14:58:9C:CB:65
                                  (ssh-dss)

    .........Truncated............
Comment 8 errata-xmlrpc 2013-02-21 04:40:53 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.