sssd_nss segfaults performing netgroup lookups without a specified domain

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1383

• Created at 2012-06-20 14:01:38 by sgallagh
• Closed as Fixed
• Assigned to sgallagh
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=833789

---

https://bugzilla.redhat.com/show_bug.cgi?id=833789 (Fedora)

Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.8.93-0.20120618T1837Zgitbb79e75.fc17.x86_64

How reproducible:
Always

Steps to Reproduce: (Not sure if this is related, but the case where crash was
detected is)

1. # ipa sudorule-show sudorule1 --all --raw
  dn: ipauniqueid=8d023938-bac0-11e1-b429-525400951069,cn=sudorules,cn=sudo,dc=
testrelm,dc=com
  cn: sudorule1
  ipaenabledflag: TRUE
  memberhost: cn=hostgrp1,cn=hostgroups,cn=accounts,dc=testrelm,dc=com
  memberuser: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=com
  ipauniqueid: 8d023938-bac0-11e1-b429-525400951069
  objectclass: ipaassociation
  objectclass: ipasudorule

2. # ldapsearch -LLL -Y GSSAPI -b ou=SUDOers,dc=testrelm,dc=com
SASL/GSSAPI authentication started
SASL username: admin@TESTRELM.COM
SASL SSF: 56
SASL data security layer installed.
dn: ou=sudoers,dc=testrelm,dc=com
objectClass: extensibleObject
ou: sudoers

dn: cn=sudorule1,ou=sudoers,dc=testrelm,dc=com
objectClass: sudoRole
sudoUser: user1
sudoHost: +hostgrp1
cn: sudorule1

3. [root@dhcp201-207 ~]#  ssh -o StrictHostKeyChecking=no -l user1
dhcp201-207.testrelm.com
user1@dhcp201-207.testrelm.com's password:
Last login: Wed Jun 20 07:06:09 2012 from dhcp201-207.testrelm.com
-sh-4.2$

4. -sh-4.2$ sudo -l


Actual results:
/var/log/messages:
Jun 20 07:06:17 dhcp201-207 kernel: [1039881.361685] sssd_nss[20374]: segfault
at 20 ip 0000003af5e89d8d sp 00007fff523572d8 e
rror 4 in libc-2.15.so[3af5e00000+1ac000]
Jun 20 07:06:17 dhcp201-207 abrtd: Directory 'ccpp-2012-06-20-07:06:17-20374'
creation detected
Jun 20 07:06:17 dhcp201-207 abrt[20454]: Saved core dump of pid 20374
(/usr/libexec/sssd/sssd_nss) to /var/spool/abrt/ccpp-201
2-06-20-07:06:17-20374 (1142784 bytes)
Jun 20 07:06:17 dhcp201-207 sssd[nss]: Starting up



Expected results: No crash detected.


Additional info:

relevant sssd.conf:
--8<--
[domain/testrelm.com]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = testrelm.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = dhcp201-207.testrelm.com
chpass_provider = ipa
ipa_server = dhcp201-207.testrelm.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2

domains = testrelm.com
-->8--

sudo debug:
-sh-4.2$ sudo -l
LDAP Config Summary
===================
uri              ldap://dhcp201-207.testrelm.com
ldap_version     3
sudoers_base     ou=SUDOers,dc=testrelm,dc=com
binddn           uid=sudo,cn=sysaccounts,cn=etc,dc=testrelm,dc=com
bindpw           bind123
bind_timelimit   5
timelimit        15
ssl              no
tls_checkpeer    (yes)
tls_cacertfile   /etc/ipa/ca.crt
tls_cacertdir    /etc/ipa
===================
sudo: ldap_initialize(ld, ldap://dhcp201-207.testrelm.com)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 1
sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt
sudo: ldap_set_option: tls_cacert -> /etc/ipa/ca.crt
sudo: ldap_set_option: tls_cacertdir -> /etc/ipa
sudo: ldap_set_option: timelimit -> 15
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5)
sudo: ldap_sasl_bind_s() ok
sudo: Looking for cn=defaults: cn=defaults
sudo: no default options found in ou=SUDOers,dc=testrelm,dc=com
sudo: ldap search '(|(sudoUser=user1)(sudoUser=%user1)(sudoUser=ALL))'
sudo: searching from base 'ou=SUDOers,dc=testrelm,dc=com'
sudo: adding search result
sudo: ldap sudoHost '+hostgrp1' ... not
sudo: result now has 0 entries
sudo: ldap search '(sudoUser=+*)'
sudo: searching from base 'ou=SUDOers,dc=testrelm,dc=com'
sudo: adding search result
sudo: result now has 0 entries
sudo: sorting remaining 0 entries
sudo: perform search for pwflag 52
sudo: done with LDAP searches
sudo: user_matches=1
sudo: host_matches=0
sudo: sudo_ldap_lookup(52)=0x42
[sudo] password for user1:

Comments

---

Comment from sgallagh at 2012-06-20 21:37:08

Backtrace
sssd_nss_backtrace_2012-06-20

---

Comment from sgallagh at 2012-06-20 21:52:34

Fields changed

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
keywords: => Regression
milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 3
owner: somebody => sgallagh
patch: 0 => 1
priority: major => blocker
status: new => assigned
tests: => 0
testsupdated: => 0
upgrade: => 0

---

Comment from shanks at 2012-06-21 12:55:05

Don't think this is related to sudo since the same crash is detected while doing a "getent netgroup hostgrp1"

---

Comment from sgallagh at 2012-06-21 13:44:32

You are correct, Shanks. It was due to the recent patches to the name/domain parsing. A patch is on the sssd-devel list now.

summary: sssd_nss segfaults when sudo operation is performed. => sssd_nss segfaults performing netgroup lookups without a specified domain

---

Comment from sgallagh at 2012-06-25 18:48:43

Fixed by 4b0b0bc (master)

resolution: => fixed
status: assigned => closed

---

Comment from sgallagh at 2017-02-24 14:42:54

Metadata Update from @sgallagh:

• Issue assigned to sgallagh
• Issue set to the milestone: SSSD 1.9.0 beta 3