#1060 Memory leak in proxy auth provider
Closed: Duplicate None Opened 12 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=748819

Description of problem:


Version-Release number of selected component (if applicable):

RHEL6.1
kernel-2.6.32-131.12.1.el6.x86_64
sssd-1.5.1-34.el6_1.3.x86_64

How reproducible:



Steps to Reproduce:

1. check memory usage by ps command as follows.

[root@rhel6 /]# ps aux | grep "[s]ssd_be"
root      2568  0.0  0.5 203604  5244 ?        S    17:24   0:00
/usr/libexec/sssd/sssd_be -d 0 --debug-to-files --domain default
[root@rhel6 /]#

2. After repeating 10 times of ssh login

[root@rhel6 /]# ps aux | grep "[s]ssd_be"
root      2568  0.1  0.5 203672  5328 ?        S    17:24   0:00
/usr/libexec/sssd/sssd_be -d 0 --debug-to-files --domain default
[root@rhel6 /]#


Actual results:

  Memory leaked

Expected results:

  No memory leak.

Additional info:

  System same as Customer Portal Case 00532904.

  [Reproducer system environment at DELL]

  RHEL6.1
  kernel-2.6.32-131.12.1.el6.x86_64
  sssd-1.5.1-34.el6_1.3.x86_64

  I did yum update.

  [root@rhel6 /]# grep -v "^#" /etc/nsswitch.conf | grep -v "^$"
  passwd:     files sss
  shadow:     files sss
  group:      files sss
  hosts:      files dns
  bootparams: nisplus [NOTFOUND=return] files
  ethers:     files
  netmasks:   files
  networks:   files
  protocols:  files
  rpc:        files
  services:   files
  netgroup:   nisplus
  publickey:  nisplus
  automount:  files nisplus
  aliases:    files nisplus
[root@rhel6 /]# cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
enum_cache_timeout = 0
entry_cache_nowait_percentage = 0
entry_negative_timeout = 0
[pam]
reconnection_retries = 3
offline_credentials_expiration = 0
offline_failed_login_delay = 0
pam_verbosity = 3
[domain/default]
id_provider = ldap
chpass_provider = ldap
auth_provider = proxy
proxy_pam_target = sssdpamproxy
ldap_schema = rfc2307
ldap_id_use_start_tls = False
lookup_family_order = ipv4_only
ldap_uri = ldap://golf05
ldap_search_base = dc=hoge,dc=com
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/server.pem
enumerate = False
entry_cache_timeout = 600
cache_credentials = True
account_cache_expiration = 0
use_fully_qualified_names = False
[root@rhel6 /]# cat /etc/pam.d/sssdpamproxy
auth          required      pam_ldap.so
account       required      pam_ldap.so
password      required      pam_ldap.so
session       required      pam_ldap.so
[root@rhel6 /]# grep -v "^#" /etc/pam_ldap.conf | grep -v "^$"
host golf05
base dc=hoge,dc=com
binddn cn=root,dc=hoge,dc=com
bindpw password
rootbinddn cn=root,dc=hoge,dc=com
ssl start_tls
tls_cacertfile /etc/openldap/cacerts/server.pem
tls_cacertdir /etc/openldap/cacerts
[root@rhel6 /]# grep -v "^#" /etc/pam.d/password-auth-ac | grep -v "^$"
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so
account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so
password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass
use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet
use_uid
session     required      pam_unix.so
session     optional      pam_sss.so
[root@rhel6 /]#


-ldap server info
[root@golf05 /]# rpm -q openldap-servers
openldap-servers-2.3.43-12.el5
[root@golf05 /]# grep -v "^#" /etc/openldap/slapd.conf | grep -v "^$"
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
TLSCACertificateFile /etc/openldap/cacerts/server.pem
TLSCertificateFile /etc/openldap/cacerts/server.pem
TLSCertificateKeyFile /etc/openldap/cacerts/server.key
database        bdb
suffix          "dc=hoge,dc=com"
rootdn          "cn=root,dc=hoge,dc=com"
rootpw                  {SSHA}hl/tGErw05EWwAuXmoItilrMBFzh5Hqv
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
loglevel 1
[root@golf05 /]#

Fields changed

coverity: =>
description: https://bugzilla.redhat.com/show_bug.cgi?id=748819

{{{
Description of problem:

Version-Release number of selected component (if applicable):

RHEL6.1
kernel-2.6.32-131.12.1.el6.x86_64
sssd-1.5.1-34.el6_1.3.x86_64

How reproducible:

Steps to Reproduce:

  1. check memory usage by ps command as follows.

[root@rhel6 /]# ps aux | grep "[s]ssd_be"
root 2568 0.0 0.5 203604 5244 ? S 17:24 0:00
/usr/libexec/sssd/sssd_be -d 0 --debug-to-files --domain default
[root@rhel6 /]#

  1. After repeating 10 times of ssh login

[root@rhel6 /]# ps aux | grep "[s]ssd_be"
root 2568 0.1 0.5 203672 5328 ? S 17:24 0:00
/usr/libexec/sssd/sssd_be -d 0 --debug-to-files --domain default
[root@rhel6 /]#

Actual results:

Memory leaked

Expected results:

No memory leak.

Additional info:

System same as Customer Portal Case 00532904.

[Reproducer system environment at DELL]

RHEL6.1
kernel-2.6.32-131.12.1.el6.x86_64
sssd-1.5.1-34.el6_1.3.x86_64

I did yum update.

[root@rhel6 /]# grep -v "^#" /etc/nsswitch.conf | grep -v "^$"
passwd: files sss
shadow: files sss
group: files sss
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
[root@rhel6 /]# cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
enum_cache_timeout = 0
entry_cache_nowait_percentage = 0
entry_negative_timeout = 0
[pam]
reconnection_retries = 3
offline_credentials_expiration = 0
offline_failed_login_delay = 0
pam_verbosity = 3
[domain/default]
id_provider = ldap
chpass_provider = ldap
auth_provider = proxy
proxy_pam_target = sssdpamproxy
ldap_schema = rfc2307
ldap_id_use_start_tls = False
lookup_family_order = ipv4_only
ldap_uri = ldap://golf05
ldap_search_base = dc=hoge,dc=com
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/server.pem
enumerate = False
entry_cache_timeout = 600
cache_credentials = True
account_cache_expiration = 0
use_fully_qualified_names = False
[root@rhel6 /]# cat /etc/pam.d/sssdpamproxy
auth required pam_ldap.so
account required pam_ldap.so
password required pam_ldap.so
session required pam_ldap.so
[root@rhel6 /]# grep -v "^#" /etc/pam_ldap.conf | grep -v "^$"
host golf05
base dc=hoge,dc=com
binddn cn=root,dc=hoge,dc=com
bindpw password
rootbinddn cn=root,dc=hoge,dc=com
ssl start_tls
tls_cacertfile /etc/openldap/cacerts/server.pem
tls_cacertdir /etc/openldap/cacerts
[root@rhel6 /]# grep -v "^#" /etc/pam.d/password-auth-ac | grep -v "^$"
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass
use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet
use_uid
session required pam_unix.so
session optional pam_sss.so
[root@rhel6 /]#

-ldap server info
[root@golf05 /]# rpm -q openldap-servers
openldap-servers-2.3.43-12.el5
[root@golf05 /]# grep -v "^#" /etc/openldap/slapd.conf | grep -v "^$"
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/openldap/cacerts/server.pem
TLSCertificateFile /etc/openldap/cacerts/server.pem
TLSCertificateKeyFile /etc/openldap/cacerts/server.key
database bdb
suffix "dc=hoge,dc=com"
rootdn "cn=root,dc=hoge,dc=com"
rootpw {SSHA}hl/tGErw05EWwAuXmoItilrMBFzh5Hqv
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
loglevel 1
[root@golf05 /]#
}}}
=> https://bugzilla.redhat.com/show_bug.cgi?id=748819

{{{
Description of problem:

Version-Release number of selected component (if applicable):

RHEL6.1
kernel-2.6.32-131.12.1.el6.x86_64
sssd-1.5.1-34.el6_1.3.x86_64

How reproducible:

Steps to Reproduce:

  1. check memory usage by ps command as follows.

[root@rhel6 /]# ps aux | grep "[s]ssd_be"
root 2568 0.0 0.5 203604 5244 ? S 17:24 0:00
/usr/libexec/sssd/sssd_be -d 0 --debug-to-files --domain default
[root@rhel6 /]#

  1. After repeating 10 times of ssh login

[root@rhel6 /]# ps aux | grep "[s]ssd_be"
root 2568 0.1 0.5 203672 5328 ? S 17:24 0:00
/usr/libexec/sssd/sssd_be -d 0 --debug-to-files --domain default
[root@rhel6 /]#

Actual results:

Memory leaked

Expected results:

No memory leak.

Additional info:

System same as Customer Portal Case 00532904.

[Reproducer system environment at DELL]

RHEL6.1
kernel-2.6.32-131.12.1.el6.x86_64
sssd-1.5.1-34.el6_1.3.x86_64

I did yum update.

[root@rhel6 /]# grep -v "^#" /etc/nsswitch.conf | grep -v "^$"
passwd: files sss
shadow: files sss
group: files sss
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
[root@rhel6 /]# cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
enum_cache_timeout = 0
entry_cache_nowait_percentage = 0
entry_negative_timeout = 0
[pam]
reconnection_retries = 3
offline_credentials_expiration = 0
offline_failed_login_delay = 0
pam_verbosity = 3
[domain/default]
id_provider = ldap
chpass_provider = ldap
auth_provider = proxy
proxy_pam_target = sssdpamproxy
ldap_schema = rfc2307
ldap_id_use_start_tls = False
lookup_family_order = ipv4_only
ldap_uri = ldap://golf05
ldap_search_base = dc=hoge,dc=com
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/server.pem
enumerate = False
entry_cache_timeout = 600
cache_credentials = True
account_cache_expiration = 0
use_fully_qualified_names = False
[root@rhel6 /]# cat /etc/pam.d/sssdpamproxy
auth required pam_ldap.so
account required pam_ldap.so
password required pam_ldap.so
session required pam_ldap.so
[root@rhel6 /]# grep -v "^#" /etc/pam_ldap.conf | grep -v "^$"
host golf05
base dc=hoge,dc=com
binddn cn=root,dc=hoge,dc=com
bindpw password
rootbinddn cn=root,dc=hoge,dc=com
ssl start_tls
tls_cacertfile /etc/openldap/cacerts/server.pem
tls_cacertdir /etc/openldap/cacerts
[root@rhel6 /]# grep -v "^#" /etc/pam.d/password-auth-ac | grep -v "^$"
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass
use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet
use_uid
session required pam_unix.so
session optional pam_sss.so
[root@rhel6 /]#

-ldap server info
[root@golf05 /]# rpm -q openldap-servers
openldap-servers-2.3.43-12.el5
[root@golf05 /]# grep -v "^#" /etc/openldap/slapd.conf | grep -v "^$"
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/openldap/cacerts/server.pem
TLSCertificateFile /etc/openldap/cacerts/server.pem
TLSCertificateKeyFile /etc/openldap/cacerts/server.key
database bdb
suffix "dc=hoge,dc=com"
rootdn "cn=root,dc=hoge,dc=com"
rootpw {SSHA}hl/tGErw05EWwAuXmoItilrMBFzh5Hqv
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
loglevel 1
[root@golf05 /]#
}}}

milestone: SSSD 1.5.15 => NEEDS_TRIAGE
patch: => 0
rhbz: =>
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.7.0

Duplicate of 1056

resolution: => duplicate
status: new => closed

Metadata Update from @dpal:
- Issue set to the milestone: SSSD 1.7.0

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2102

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata