Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 894997 - sssd_be crashes looking up members with groups outside the nesting limit
sssd_be crashes looking up members with groups outside the nesting limit
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.4
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
: Regression
Depends On:
Blocks: 902691
  Show dependency treegraph
 
Reported: 2013-01-14 04:27 EST by Kaushik Banerjee
Modified: 2013-05-30 13:59 EDT (History)
6 users (show)

See Also:
Fixed In Version: sssd-1.9.2-72.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:43:33 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
LDIF used to upload users and groups to ldap server (1.24 KB, text/plain)
2013-01-14 04:27 EST, Kaushik Banerjee 		no flags Details
Backtrace of sssd_be crash (4.31 KB, text/plain)
2013-01-14 04:29 EST, Kaushik Banerjee 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0508 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 16:30:10 EST

  None (edit)
Description Kaushik Banerjee 2013-01-14 04:27:43 EST 
Created attachment 678136 [details]
LDIF used to upload users and groups to ldap server

Description of problem:
sssd_be crashes looking up members with groups outside the nesting limit

Version-Release number of selected component (if applicable):
1.9.2-68

How reproducible:
Always

Steps to Reproduce:
1. Use the attached ldif to add users and groups to the ldap server.
The structure is as follows:
Top:    Group1(member:nest_user1)
Mid:    Group2(member:nest_user2)
Lowest: Group3(member:nest_user3)

2. Add ldap_group_nesting_level = 1 in sssd.conf

3. # id nest_user3
uid=10297(nest_user3) gid=10002(Group_3) groups=10002(Group_3)

Actual results:
sssd_be crashes after id lookup is run. See attached backtrace.

Expected results:
sssd_be should not crash.

Additional info:
There is no crash with the following set of commands:
# id nest_user1; id nest_user3
uid=10299(nest_user1) gid=10000(Group_1) groups=10000(Group_1)
uid=10297(nest_user3) gid=10002(Group_3) groups=10002(Group_3),10001(Group_2),10000(Group_1)  <= But Group1 and Group2 should not be displayed here.
Comment 1 Kaushik Banerjee 2013-01-14 04:29:34 EST 
Created attachment 678137 [details]
Backtrace of sssd_be crash
Comment 3 Jakub Hrozek 2013-01-14 04:49:55 EST 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1761
Comment 4 Jakub Hrozek 2013-01-15 14:51:45 EST 
Pushed upstream.
Comment 6 Kaushik Banerjee 2013-01-20 06:02:52 EST 
Verified with version 1.9.2-74

Report from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Verify BZ-790848 and BZ-894997 -- when nesting limit is reached
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Sleeping for 5 seconds
:: [   PASS   ] :: Running 'restart_clearing_cache'
:: [   PASS   ] :: Running 'groups nest_user3'
:: [   PASS   ] :: File '/var/log/sssd/sssd_LDAP.log' should not contain '\[sysdb_update_members\] (0x0020): Could not add member \[Group_2\] to group \[Group_1\]'
:: [   PASS   ] :: File '/var/log/messages' should not contain 'segfault'
:: [   LOG    ] :: Duration: 20s
:: [   LOG    ] :: Assertions: 9 good, 0 bad
:: [   PASS   ] :: RESULT: Verify BZ-790848 and BZ-894997 -- when nesting limit is reached
Comment 7 errata-xmlrpc 2013-02-21 04:43:33 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.