#1416 sssd_be crashes on using inappropriate keytab file
Closed: Fixed None Opened 8 years ago by kaushikub.

Version of sssd used:

# rpm -qa | grep sssd
sssd-debuginfo-1.9.0-9.fc18.beta4.x86_64
sssd-1.9.0-9.fc18.beta4.x86_64
sssd-client-1.9.0-9.fc18.beta4.x86_64

=============================================================================

[sssd]
config_file_version = 2
services = nss, pam
domains = ADTEST

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/ADTEST]
debug_level = 0xFFF0
id_provider = ad
ad_server = pluto.sssdad.com
ad_domain = sssdad.com
krb5_keytab = /root/sssd_client_valid.keytab    <== Keytab from a different KRB5 Server

========================================

Restart sssd

========================================

/var/log/messages shows:

Jul 12 21:01:01 dhcp201-207 [sssd[ldap_child[9352]]]: Failed to initialize credentials using keytab [/root/sssd_client_valid.keytab]: Cannot find KDC for requested realm. Unable to create GSSAPI-encrypted LDAP connection.
Jul 12 21:01:01 dhcp201-207 [sssd[ldap_child[9352]]]: Cannot find KDC for requested realm
Jul 12 21:02:23 dhcp201-207 kernel: [193681.390565] sssd_be[9269]: segfault at 18 ip 00007fb8f6f3beb4 sp 00007fff98cc4e10 error 4 in libsss_ad.so[7fb8f6ec5000+149000]

===================================================

Backtrace:

# gdb --core=/var/spool/abrt/ccpp-2012-07-12-20\:16\:36-8694/coredump /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit"
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
[New LWP 8694]

warning: Skipping deprecated .gdb_index section in /usr/lib/debug/lib64/libpam.so.0.83.1.debug, pass --use-deprecated-index-sections to use them anyway
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/libexec/sssd/sssd_be --domain ADTEST --debug-to-files'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f84c83d4eb4 in sdap_do_online_check (be_req=0x7f84d557e910, ctx=0x0)
    at src/providers/ldap/ldap_id.c:785
785     req = sdap_cli_connect_send(be_req, be_req->be_ctx->ev, ctx->opts,

Thread 1 (Thread 0x7f84d500a740 (LWP 8694)):
#0  0x00007f84c83d4eb4 in sdap_do_online_check (be_req=0x7f84d557e910, ctx=0x0)
    at src/providers/ldap/ldap_id.c:785
        req = <optimized out>
        check_ctx = 0x7f84d557fa60
        ret = <optimized out>
        __FUNCTION__ = "sdap_do_online_check"
#1  0x00007f84d47ed310 in tevent_common_loop_timer_delay (
    ev=ev@entry=0x7f84d5543510) at ../tevent_timed.c:254
        current_time = {tv_sec = 0, tv_usec = 0}
        te = 0x7f84d55800e0
#2  0x00007f84d47ec9ec in std_event_loop_once (ev=0x7f84d5543510, 
    location=<optimized out>) at ../tevent_standard.c:558
        std_ev = 0x7f84d55435d0
        tval = {tv_sec = 0, tv_usec = 0}
#3  0x00007f84d47e9cb0 in _tevent_loop_once (ev=ev@entry=0x7f84d5543510, 
Missing separate debuginfos, use: debuginfo-install libgcc-4.7.0-5.fc17.x86_64
---Type <return> to continue, or q <return> to quit---
    location=location@entry=0x7f84d50a113f "src/util/server.c:554")
    at ../tevent.c:504
        ret = <optimized out>
        nesting_stack_ptr = 0x0
#4  0x00007f84d47e9e3b in tevent_common_loop_wait (ev=0x7f84d5543510, 
    location=0x7f84d50a113f "src/util/server.c:554") at ../tevent.c:605
        ret = <optimized out>
#5  0x00007f84d507ba13 in server_loop (main_ctx=0x7f84d5544610)
    at src/util/server.c:554
No locals.
#6  0x00007f84d503e5a9 in main (argc=<optimized out>, argv=<optimized out>)
    at src/providers/data_provider_be.c:2310
        opt = <optimized out>
        pc = <optimized out>
        be_domain = 0x7f84d5542400 "ADTEST"
        srv_name = <optimized out>
        main_ctx = 0x7f84d5544610
        confdb_path = <optimized out>
        ret = <optimized out>
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, 
            arg = 0x7f84d45da200 <poptHelpOptions>, val = 0, 
            descrip = 0x7f84d5097fef "Help options:", argDescrip = 0x0}, {
            longName = 0x7f84d5097ffd "debug-level", shortName = 100 'd', 
---Type <return> to continue, or q <return> to quit---
            argInfo = 2, arg = 0x7f84d52ac6a4 <debug_level>, val = 0, 
            descrip = 0x7f84d5098009 "Debug level", argDescrip = 0x0}, {
            longName = 0x7f84d5098015 "debug-to-files", shortName = 102 'f', 
            argInfo = 0, arg = 0x7f84d52ac6a0 <debug_to_file>, val = 0, 
            descrip = 0x7f84d50991b0 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x7f84d5098024 "debug-timestamps", 
            shortName = 0 '\000', argInfo = 2, 
            arg = 0x7f84d52ac4f4 <debug_timestamps>, val = 0, 
            descrip = 0x7f84d5098035 "Add debug timestamps", 
            argDescrip = 0x0}, {
            longName = 0x7f84d509804a "debug-microseconds", 
            shortName = 0 '\000', argInfo = 2, 
            arg = 0x7f84d52ac4f0 <debug_microseconds>, val = 0, 
            descrip = 0x7f84d50991e8 "Show timestamps with microseconds", 
            argDescrip = 0x0}, {longName = 0x7f84d50996ca "domain", 
            shortName = 0 '\000', argInfo = 1, arg = 0x7fff54dc7090, val = 0, 
            descrip = 0x7f84d5099210 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, 
            arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0
rhbz: => 0

Fields changed

milestone: SSSD 1.9.0 => SSSD 1.9.0 RC1

Fields changed

owner: somebody => okos

Fields changed

status: new => assigned

Fields changed

patch: 0 => 1
proposed_priority: => Undefined

Fixed in e523233

resolution: => fixed
status: assigned => closed

Metadata Update from @kaushikub:
- Issue assigned to okos
- Issue set to the milestone: SSSD 1.9.0 beta 7

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2458

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata