We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1383
https://bugzilla.redhat.com/show_bug.cgi?id=833789 (Fedora)
Description of problem: Version-Release number of selected component (if applicable): sssd-1.8.93-0.20120618T1837Zgitbb79e75.fc17.x86_64 How reproducible: Always Steps to Reproduce: (Not sure if this is related, but the case where crash was detected is) 1. # ipa sudorule-show sudorule1 --all --raw dn: ipauniqueid=8d023938-bac0-11e1-b429-525400951069,cn=sudorules,cn=sudo,dc= testrelm,dc=com cn: sudorule1 ipaenabledflag: TRUE memberhost: cn=hostgrp1,cn=hostgroups,cn=accounts,dc=testrelm,dc=com memberuser: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=com ipauniqueid: 8d023938-bac0-11e1-b429-525400951069 objectclass: ipaassociation objectclass: ipasudorule 2. # ldapsearch -LLL -Y GSSAPI -b ou=SUDOers,dc=testrelm,dc=com SASL/GSSAPI authentication started SASL username: admin@TESTRELM.COM SASL SSF: 56 SASL data security layer installed. dn: ou=sudoers,dc=testrelm,dc=com objectClass: extensibleObject ou: sudoers dn: cn=sudorule1,ou=sudoers,dc=testrelm,dc=com objectClass: sudoRole sudoUser: user1 sudoHost: +hostgrp1 cn: sudorule1 3. [root@dhcp201-207 ~]# ssh -o StrictHostKeyChecking=no -l user1 dhcp201-207.testrelm.com user1@dhcp201-207.testrelm.com's password: Last login: Wed Jun 20 07:06:09 2012 from dhcp201-207.testrelm.com -sh-4.2$ 4. -sh-4.2$ sudo -l Actual results: /var/log/messages: Jun 20 07:06:17 dhcp201-207 kernel: [1039881.361685] sssd_nss[20374]: segfault at 20 ip 0000003af5e89d8d sp 00007fff523572d8 e rror 4 in libc-2.15.so[3af5e00000+1ac000] Jun 20 07:06:17 dhcp201-207 abrtd: Directory 'ccpp-2012-06-20-07:06:17-20374' creation detected Jun 20 07:06:17 dhcp201-207 abrt[20454]: Saved core dump of pid 20374 (/usr/libexec/sssd/sssd_nss) to /var/spool/abrt/ccpp-201 2-06-20-07:06:17-20374 (1142784 bytes) Jun 20 07:06:17 dhcp201-207 sssd[nss]: Starting up Expected results: No crash detected. Additional info: relevant sssd.conf: --8<-- [domain/testrelm.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = testrelm.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = dhcp201-207.testrelm.com chpass_provider = ipa ipa_server = dhcp201-207.testrelm.com ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, pam, ssh config_file_version = 2 domains = testrelm.com -->8-- sudo debug: -sh-4.2$ sudo -l LDAP Config Summary =================== uri ldap://dhcp201-207.testrelm.com ldap_version 3 sudoers_base ou=SUDOers,dc=testrelm,dc=com binddn uid=sudo,cn=sysaccounts,cn=etc,dc=testrelm,dc=com bindpw bind123 bind_timelimit 5 timelimit 15 ssl no tls_checkpeer (yes) tls_cacertfile /etc/ipa/ca.crt tls_cacertdir /etc/ipa =================== sudo: ldap_initialize(ld, ldap://dhcp201-207.testrelm.com) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_checkpeer -> 1 sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt sudo: ldap_set_option: tls_cacert -> /etc/ipa/ca.crt sudo: ldap_set_option: tls_cacertdir -> /etc/ipa sudo: ldap_set_option: timelimit -> 15 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5) sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=defaults: cn=defaults sudo: no default options found in ou=SUDOers,dc=testrelm,dc=com sudo: ldap search '(|(sudoUser=user1)(sudoUser=%user1)(sudoUser=ALL))' sudo: searching from base 'ou=SUDOers,dc=testrelm,dc=com' sudo: adding search result sudo: ldap sudoHost '+hostgrp1' ... not sudo: result now has 0 entries sudo: ldap search '(sudoUser=+*)' sudo: searching from base 'ou=SUDOers,dc=testrelm,dc=com' sudo: adding search result sudo: result now has 0 entries sudo: sorting remaining 0 entries sudo: perform search for pwflag 52 sudo: done with LDAP searches sudo: user_matches=1 sudo: host_matches=0 sudo: sudo_ldap_lookup(52)=0x42 [sudo] password for user1:
Comment from sgallagh at 2012-06-20 21:37:08
Backtrace sssd_nss_backtrace_2012-06-20
Comment from sgallagh at 2012-06-20 21:52:34
Fields changed
blockedby: => blocking: => coverity: => feature_milestone: => keywords: => Regression milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 3 owner: somebody => sgallagh patch: 0 => 1 priority: major => blocker status: new => assigned tests: => 0 testsupdated: => 0 upgrade: => 0
Comment from shanks at 2012-06-21 12:55:05
Don't think this is related to sudo since the same crash is detected while doing a "getent netgroup hostgrp1"
Comment from sgallagh at 2012-06-21 13:44:32
You are correct, Shanks. It was due to the recent patches to the name/domain parsing. A patch is on the sssd-devel list now.
summary: sssd_nss segfaults when sudo operation is performed. => sssd_nss segfaults performing netgroup lookups without a specified domain
Comment from sgallagh at 2012-06-25 18:48:43
Fixed by 4b0b0bc (master)
resolution: => fixed status: assigned => closed
Comment from sgallagh at 2017-02-24 14:42:54
Metadata Update from @sgallagh:
The text was updated successfully, but these errors were encountered:
sgallagher
No branches or pull requests
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1383
https://bugzilla.redhat.com/show_bug.cgi?id=833789 (Fedora)
Comments
Comment from sgallagh at 2012-06-20 21:37:08
Backtrace
sssd_nss_backtrace_2012-06-20
Comment from sgallagh at 2012-06-20 21:52:34
Fields changed
blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
keywords: => Regression
milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 3
owner: somebody => sgallagh
patch: 0 => 1
priority: major => blocker
status: new => assigned
tests: => 0
testsupdated: => 0
upgrade: => 0
Comment from shanks at 2012-06-21 12:55:05
Don't think this is related to sudo since the same crash is detected while doing a "getent netgroup hostgrp1"
Comment from sgallagh at 2012-06-21 13:44:32
You are correct, Shanks. It was due to the recent patches to the name/domain parsing. A patch is on the sssd-devel list now.
summary: sssd_nss segfaults when sudo operation is performed. => sssd_nss segfaults performing netgroup lookups without a specified domain
Comment from sgallagh at 2012-06-25 18:48:43
Fixed by 4b0b0bc (master)
resolution: => fixed
status: assigned => closed
Comment from sgallagh at 2017-02-24 14:42:54
Metadata Update from @sgallagh:
The text was updated successfully, but these errors were encountered: