Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=798317 (Red Hat Enterprise Linux 6)
Description of problem: No crash detected when it is set to false which is the default and authentication is successful as expected ([ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [rule1]) since srchost is set to ALL ([hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled, setting ALL). However, if you set this value to true, authentication hangs and sssd crash detected. Version-Release number of selected component (if applicable): sssd-1.8.0-4.el6.beta3.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure ipa hbac rule as: [root@rodimus ~]# ipa hbacrule-find -------------------- 2 HBAC rules matched -------------------- Rule name: allow_all User category: all Host category: all Source host category: all Service category: all Description: Allow all users to access any host from any host Enabled: FALSE Rule name: rule1 Enabled: TRUE Users: shanks Hosts: primenova.lab.eng.pnq.redhat.com Source Hosts: bumblebee.lab.eng.pnq.redhat.com Services: sshd ---------------------------- Number of entries returned 2 ---------------------------- [root@rodimus ~]# 2. # hostname primenova.lab.eng.pnq.redhat.com 3. Configure sssd.conf as: [root@primenova ~]# egrep -v ^# /etc/sssd/sssd.conf [domain/lab.eng.pnq.redhat.com] debug_level = 9 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = lab.eng.pnq.redhat.com id_provider = ipa auth_provider = ipa access_provider = ipa chpass_provider = ipa ipa_server = _srv_, rodimus.lab.eng.pnq.redhat.com ldap_tls_cacert = /etc/ipa/ca.crt ipa_hbac_support_srchost = True [sssd] config_file_version = 2 services = nss, pam domains = lab.eng.pnq.redhat.com [nss] [pam] [root@primenova ~]# 4. [root@primenova ~]# ssh -l shanks $HOSTNAME shanks@primenova.lab.eng.pnq.redhat.com's password: <hangs> Actual results: Feb 28 17:59:27 primenova kernel: sssd_be[17620]: segfault at 0 ip 0000003cab804510 sp 00007fff4513a5c8 error 6 in libtevent.so.0.9.8[3cab800000+9000] Feb 28 17:59:28 primenova abrt[17631]: Saved core dump of pid 17620 (/usr/libexec/sssd/sssd_be) to /var/spool/abrt/ccpp-2012-02-28-17:59:27-17620 (22183936 bytes) Expected results: No crash detected. Additional info: # gdb --core=/var/spool/abrt/ccpp-2012-02-28-17\:59\:27-17620/coredump /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit" Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done. done. [New Thread 17620] Missing separate debuginfo for Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/15/aeeb89cdee58e81ee8e0ccc5f7c79dac280dcf Reading symbols from /lib64/libpam.so.0.82.2...Reading symbols from /usr/lib/debug/lib64/libpam.so.0.82.2.debug...done. done. Loaded symbols for /lib64/libpam.so.0.82.2 Reading symbols from /usr/lib64/libcares.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcares.so.2.0.0.debug...done. done. Loaded symbols for /usr/lib64/libcares.so.2.0.0 Reading symbols from /usr/lib64/libtevent.so.0.9.8...Reading symbols from /usr/lib/debug/usr/lib64/libtevent.so.0.9.8.debug...done. done. Loaded symbols for /usr/lib64/libtevent.so.0.9.8 Reading symbols from /usr/lib64/libtalloc.so.2.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libtalloc.so.2.0.1.debug...done. done. Loaded symbols for /usr/lib64/libtalloc.so.2.0.1 Reading symbols from /lib64/libpopt.so.0.0.0...Reading symbols from /usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done. done. Loaded symbols for /lib64/libpopt.so.0.0.0 Reading symbols from /usr/lib64/libldb.so.0.9.10...Reading symbols from /usr/lib/debug/usr/lib64/libldb.so.0.9.10.debug...done. done. Loaded symbols for /usr/lib64/libldb.so.0.9.10 Reading symbols from /lib64/libdbus-1.so.3.4.0...Reading symbols from /usr/lib/debug/lib64/libdbus-1.so.3.4.0.debug...done. done. Loaded symbols for /lib64/libdbus-1.so.3.4.0 Reading symbols from /lib64/librt-2.12.so...Reading symbols from /usr/lib/debug/lib64/librt-2.12.so.debug...done. done. Loaded symbols for /lib64/librt-2.12.so Reading symbols from /lib64/libpcre.so.0.0.1...Reading symbols from /usr/lib/debug/lib64/libpcre.so.0.0.1.debug...done. done. Loaded symbols for /lib64/libpcre.so.0.0.1 Reading symbols from /usr/lib64/libini_config.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libini_config.so.2.0.0.debug...done. done. Loaded symbols for /usr/lib64/libini_config.so.2.0.0 Reading symbols from /usr/lib64/libcollection.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcollection.so.2.0.0.debug...done. done. Loaded symbols for /usr/lib64/libcollection.so.2.0.0 Reading symbols from /usr/lib64/libdhash.so.1.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libdhash.so.1.0.1.debug...done. done. Loaded symbols for /usr/lib64/libdhash.so.1.0.1 Reading symbols from /lib64/liblber-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/liblber-2.4.so.2.5.6.debug...done. done. Loaded symbols for /lib64/liblber-2.4.so.2.5.6 Reading symbols from /lib64/libldap-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/libldap-2.4.so.2.5.6.debug...done. done. Loaded symbols for /lib64/libldap-2.4.so.2.5.6 Reading symbols from /usr/lib64/libtdb.so.1.2.1...Reading symbols from /usr/lib/debug/usr/lib64/libtdb.so.1.2.1.debug...done. done. Loaded symbols for /usr/lib64/libtdb.so.1.2.1 Reading symbols from /usr/lib64/libunistring.so.0.1.2...Reading symbols from /usr/lib/debug/usr/lib64/libunistring.so.0.1.2.debug...done. done. Loaded symbols for /usr/lib64/libunistring.so.0.1.2 Reading symbols from /usr/lib64/libssl3.so...Reading symbols from /usr/lib/debug/usr/lib64/libssl3.so.debug...done. done. Loaded symbols for /usr/lib64/libssl3.so Reading symbols from /usr/lib64/libsmime3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsmime3.so.debug...done. done. Loaded symbols for /usr/lib64/libsmime3.so Reading symbols from /usr/lib64/libnss3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnss3.so.debug...done. done. Loaded symbols for /usr/lib64/libnss3.so Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done. done. Loaded symbols for /usr/lib64/libnssutil3.so Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done. done. Loaded symbols for /lib64/libplds4.so Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done. done. Loaded symbols for /lib64/libplc4.so Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done. done. Loaded symbols for /lib64/libnspr4.so Reading symbols from /lib64/libpthread-2.12.so...Reading symbols from /usr/lib/debug/lib64/libpthread-2.12.so.debug...done. [Thread debugging using libthread_db enabled] done. Loaded symbols for /lib64/libpthread-2.12.so Reading symbols from /lib64/libdl-2.12.so...Reading symbols from /usr/lib/debug/lib64/libdl-2.12.so.debug...done. done. Loaded symbols for /lib64/libdl-2.12.so Reading symbols from /lib64/libc-2.12.so...Reading symbols from /usr/lib/debug/lib64/libc-2.12.so.debug...done. done. Loaded symbols for /lib64/libc-2.12.so Reading symbols from /lib64/libaudit.so.1.0.0...Reading symbols from /usr/lib/debug/lib64/libaudit.so.1.0.0.debug...done. done. Loaded symbols for /lib64/libaudit.so.1.0.0 Reading symbols from /lib64/libcrypt-2.12.so...Reading symbols from /usr/lib/debug/lib64/libcrypt-2.12.so.debug...done. done. Loaded symbols for /lib64/libcrypt-2.12.so Reading symbols from /lib64/ld-2.12.so...Reading symbols from /usr/lib/debug/lib64/ld-2.12.so.debug...done. done. Loaded symbols for /lib64/ld-2.12.so Reading symbols from /usr/lib64/libpath_utils.so.1... warning: the debug information found in "/usr/lib/debug//usr/lib64/libpath_utils.so.1.0.0.debug" does not match "/usr/lib64/libpath_utils.so.1" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib64/libpath_utils.so.1.0.0.debug" does not match "/usr/lib64/libpath_utils.so.1" (CRC mismatch). (no debugging symbols found)...done. Loaded symbols for /usr/lib64/libpath_utils.so.1 Reading symbols from /usr/lib64/libref_array.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libref_array.so.1.0.0.debug...done. done. Loaded symbols for /usr/lib64/libref_array.so.1.0.0 Reading symbols from /lib64/libresolv-2.12.so...Reading symbols from /usr/lib/debug/lib64/libresolv-2.12.so.debug...done. done. Loaded symbols for /lib64/libresolv-2.12.so Reading symbols from /usr/lib64/libsasl2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/libsasl2.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/libsasl2.so.2.0.23 Reading symbols from /lib64/libz.so.1.2.3...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done. done. Loaded symbols for /lib64/libz.so.1.2.3 Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done. done. Loaded symbols for /lib64/libfreebl3.so Reading symbols from /usr/lib64/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib64/ldb/memberof.so.debug...done. done. Loaded symbols for /usr/lib64/ldb/memberof.so Reading symbols from /usr/lib64/sssd/libsss_ipa.so...Reading symbols from /usr/lib/debug/usr/lib64/sssd/libsss_ipa.so.debug...done. done. Loaded symbols for /usr/lib64/sssd/libsss_ipa.so Reading symbols from /lib64/libkeyutils.so.1.3...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done. done. Loaded symbols for /lib64/libkeyutils.so.1.3 Reading symbols from /lib64/libkrb5.so.3.3...Reading symbols from /usr/lib/debug/lib64/libkrb5.so.3.3.debug...done. done. Loaded symbols for /lib64/libkrb5.so.3.3 Reading symbols from /lib64/libk5crypto.so.3.1...Reading symbols from /usr/lib/debug/lib64/libk5crypto.so.3.1.debug...done. done. Loaded symbols for /lib64/libk5crypto.so.3.1 Reading symbols from /lib64/libcom_err.so.2.1...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done. done. Loaded symbols for /lib64/libcom_err.so.2.1 Reading symbols from /usr/lib64/libipa_hbac.so.0.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libipa_hbac.so.0.0.0.debug...done. done. Loaded symbols for /usr/lib64/libipa_hbac.so.0.0.0 Reading symbols from /lib64/libkrb5support.so.0.1...Reading symbols from /usr/lib/debug/lib64/libkrb5support.so.0.1.debug...done. done. Loaded symbols for /lib64/libkrb5support.so.0.1 Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done. done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libnss_files-2.12.so...Reading symbols from /usr/lib/debug/lib64/libnss_files-2.12.so.debug...done. done. Loaded symbols for /lib64/libnss_files-2.12.so Reading symbols from /lib64/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_sss.so.2.debug...done. done. Loaded symbols for /lib64/libnss_sss.so.2 Reading symbols from /usr/lib64/sasl2/libdigestmd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libdigestmd5.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libdigestmd5.so.2.0.23 Reading symbols from /usr/lib64/libcrypto.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcrypto.so.1.0.0.debug...done. done. Loaded symbols for /usr/lib64/libcrypto.so.1.0.0 Reading symbols from /usr/lib64/sasl2/libcrammd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libcrammd5.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libcrammd5.so.2.0.23 Reading symbols from /usr/lib64/sasl2/libplain.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libplain.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libplain.so.2.0.23 Reading symbols from /usr/lib64/sasl2/liblogin.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/liblogin.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/liblogin.so.2.0.23 Reading symbols from /usr/lib64/sasl2/libanonymous.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libanonymous.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libanonymous.so.2.0.23 Reading symbols from /usr/lib64/sasl2/libgssapiv2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libgssapiv2.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libgssapiv2.so.2.0.23 Reading symbols from /lib64/libgssapi_krb5.so.2.2...Reading symbols from /usr/lib/debug/lib64/libgssapi_krb5.so.2.2.debug...done. done. Loaded symbols for /lib64/libgssapi_krb5.so.2.2 Reading symbols from /usr/lib64/sasl2/libsasldb.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libsasldb.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libsasldb.so.2.0.23 Reading symbols from /lib64/libdb-4.7.so...Reading symbols from /usr/lib/debug/lib64/libdb-4.7.so.debug...done. done. Loaded symbols for /lib64/libdb-4.7.so Reading symbols from /lib64/libnss_dns-2.12.so...Reading symbols from /usr/lib/debug/lib64/libnss_dns-2.12.so.debug...done. done. Loaded symbols for /lib64/libnss_dns-2.12.so Reading symbols from /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so...Reading symbols from /usr/lib/debug/usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so. debug...done. done. Loaded symbols for /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so Core was generated by `/usr/libexec/sssd/sssd_be --domain lab.eng.pnq.redhat.com --debug-to-files'. Program terminated with signal 11, Segmentation fault. #0 tevent_req_set_callback (req=0x0, fn=0x7f1b092ed440 <ipa_hostgroup_info_done>, pvt=0x169f9f0) at tevent_req.c:372 372 req->async.fn = fn; Thread 1 (Thread 0x7f1b0f6dc700 (LWP 17620)): #0 tevent_req_set_callback (req=0x0, fn=0x7f1b092ed440 <ipa_hostgroup_info_done>, pvt=0x169f9f0) at tevent_req.c:372 No locals. #1 0x00007f1b092ecec2 in ipa_host_info_done (subreq=<value optimized out>) at src/providers/ipa/ipa_hosts.c:284 ret = <value optimized out> req = 0x169f9f0 state = 0x1680430 host_dn = 0x7f1b093cdf48 "src/providers/ldap/sdap_async.c:1407" __FUNCTION__ = "ipa_host_info_done" #2 0x00007f1b093130ae in sdap_get_generic_done (subreq=0x0) at src/providers/ldap/sdap_async.c:1415 req = 0x1682250 ret = <value optimized out> __FUNCTION__ = "sdap_get_generic_done" #3 0x00007f1b093168d4 in sdap_get_generic_ext_done (op=<value optimized out>, reply=<value optimized out>, error=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:1307 req = 0x167f260 state = 0x16a0a60 errmsg = 0x0 result = 0 ret = <value optimized out> lret = <value optimized out> total_count = 0 cookie = {bv_len = 0, bv_val = 0x16823b0 ""} returned_controls = 0x167f6b0 page_control = <value optimized out> __FUNCTION__ = "sdap_get_generic_ext_done" #4 0x00007f1b0931b1f2 in sdap_process_message (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:364 msgtype = <value optimized out> ret = 0 reply = 0x167f970 op = 0x16a0d10 msgid = <value optimized out> #5 sdap_process_result (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:207 sh = <value optimized out> no_timeout = {tv_sec = 0, tv_usec = 0} te = <value optimized out> msg = 0x1675470 ret = <value optimized out> __FUNCTION__ = "sdap_process_result" #6 0x0000003cab8034e5 in tevent_common_loop_timer_delay (ev=0x163c4b0) at tevent_timed.c:254 current_time = {tv_sec = 0, tv_usec = 0} te = 0x1691580 #7 0x0000003cab80531b in std_event_loop_once (ev=<value optimized out>, location=<value optimized out>) at tevent_standard.c:537 std_ev = 0x163c570 Missing separate debuginfos, use: debuginfo-install libpath_utils-0.2.1-8.el6.x86_64 ---Type <return> to continue, or q <return> to quit--- tval = {tv_sec = 0, tv_usec = 0} #8 0x0000003cab8026d0 in _tevent_loop_once (ev=0x163c4b0, location=0x467063 "src/util/server.c:572") at tevent.c:490 ret = <value optimized out> nesting_stack_ptr = 0x0 #9 0x0000003cab80273b in tevent_common_loop_wait (ev=0x163c4b0, location=0x467063 "src/util/server.c:572") at tevent.c:591 ret = <value optimized out> #10 0x00000000004402a3 in server_loop (main_ctx=0x163d620) at src/util/server.c:572 No locals. #11 0x0000000000415366 in main (argc=<value optimized out>, argv=<value optimized out>) at src/providers/data_provider_be.c:2003 opt = <value optimized out> pc = <value optimized out> be_domain = 0x163b400 "lab.eng.pnq.redhat.com" srv_name = <value optimized out> main_ctx = 0x163d620 confdb_path = <value optimized out> ret = <value optimized out> long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x671d60, val = 0, descrip = 0x45e87c "Help options:", argDescrip = 0x0}, { longName = 0x45e88a "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x671e40, val = 0, descrip = 0x45e85b "Debug level", argDescrip = 0x0}, { longName = 0x45e896 "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x671e44, val = 0, descrip = 0x45f838 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x45e8a5 "debug-timestamps", shortName = 0 '\000', argInfo = 2, arg = 0x671bb8, val = 0, descrip = 0x45e867 "Add debug timestamps", argDescrip = 0x0}, { longName = 0x45e8b6 "debug-microseconds", shortName = 0 '\000', argInfo = 2, arg = 0x671bbc, val = 0, descrip = 0x45f870 "Show timestamps with microseconds", argDescrip = 0x0}, {longName = 0x4602c4 "domain", shortName = 0 '\000', argInfo = 1, arg = 0x7fff4513aaf8, val = 0, descrip = 0x45f898 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} __FUNCTION__ = "main"
Fields changed
blockedby: => blocking: => component: SSSD => IPA Provider coverity: => feature_milestone: => patch: => 0 priority: major => blocker tests: => 0 testsupdated: => 0 upgrade: => 0 version: => 1.8.0
milestone: NEEDS_TRIAGE => SSSD 1.8.1 (LTM) owner: somebody => sgallagh status: new => assigned
patch: 0 => 1
Fixed by: - 74f8575 (master) - 09ad990 (sssd-1-8)
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to sgallagh - Issue set to the milestone: SSSD 1.8.1 (LTM)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2257
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.