#1416 sssd_be crashes on using inappropriate keytab file
Closed: Fixed None Opened 7 years ago by kaushikub.

Version of sssd used:

# rpm -qa | grep sssd
sssd-debuginfo-1.9.0-9.fc18.beta4.x86_64
sssd-1.9.0-9.fc18.beta4.x86_64
sssd-client-1.9.0-9.fc18.beta4.x86_64

=============================================================================

[sssd]
config_file_version = 2
services = nss, pam
domains = ADTEST

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/ADTEST]
debug_level = 0xFFF0
id_provider = ad
ad_server = pluto.sssdad.com
ad_domain = sssdad.com
krb5_keytab = /root/sssd_client_valid.keytab    <== Keytab from a different KRB5 Server

========================================

Restart sssd

========================================

/var/log/messages shows:

Jul 12 21:01:01 dhcp201-207 [sssd[ldap_child[9352]]]: Failed to initialize credentials using keytab [/root/sssd_client_valid.keytab]: Cannot find KDC for requested realm. Unable to create GSSAPI-encrypted LDAP connection.
Jul 12 21:01:01 dhcp201-207 [sssd[ldap_child[9352]]]: Cannot find KDC for requested realm
Jul 12 21:02:23 dhcp201-207 kernel: [193681.390565] sssd_be[9269]: segfault at 18 ip 00007fb8f6f3beb4 sp 00007fff98cc4e10 error 4 in libsss_ad.so[7fb8f6ec5000+149000]

===================================================

Backtrace:

# gdb --core=/var/spool/abrt/ccpp-2012-07-12-20\:16\:36-8694/coredump /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit"
Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done.
done.
[New LWP 8694]

warning: Skipping deprecated .gdb_index section in /usr/lib/debug/lib64/libpam.so.0.83.1.debug, pass --use-deprecated-index-sections to use them anyway
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/libexec/sssd/sssd_be --domain ADTEST --debug-to-files'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f84c83d4eb4 in sdap_do_online_check (be_req=0x7f84d557e910, ctx=0x0)
    at src/providers/ldap/ldap_id.c:785
785     req = sdap_cli_connect_send(be_req, be_req->be_ctx->ev, ctx->opts,

Thread 1 (Thread 0x7f84d500a740 (LWP 8694)):
#0  0x00007f84c83d4eb4 in sdap_do_online_check (be_req=0x7f84d557e910, ctx=0x0)
    at src/providers/ldap/ldap_id.c:785
        req = <optimized out>
        check_ctx = 0x7f84d557fa60
        ret = <optimized out>
        __FUNCTION__ = "sdap_do_online_check"
#1  0x00007f84d47ed310 in tevent_common_loop_timer_delay (
    ev=ev@entry=0x7f84d5543510) at ../tevent_timed.c:254
        current_time = {tv_sec = 0, tv_usec = 0}
        te = 0x7f84d55800e0
#2  0x00007f84d47ec9ec in std_event_loop_once (ev=0x7f84d5543510, 
    location=<optimized out>) at ../tevent_standard.c:558
        std_ev = 0x7f84d55435d0
        tval = {tv_sec = 0, tv_usec = 0}
#3  0x00007f84d47e9cb0 in _tevent_loop_once (ev=ev@entry=0x7f84d5543510, 
Missing separate debuginfos, use: debuginfo-install libgcc-4.7.0-5.fc17.x86_64
---Type <return> to continue, or q <return> to quit---
    location=location@entry=0x7f84d50a113f "src/util/server.c:554")
    at ../tevent.c:504
        ret = <optimized out>
        nesting_stack_ptr = 0x0
#4  0x00007f84d47e9e3b in tevent_common_loop_wait (ev=0x7f84d5543510, 
    location=0x7f84d50a113f "src/util/server.c:554") at ../tevent.c:605
        ret = <optimized out>
#5  0x00007f84d507ba13 in server_loop (main_ctx=0x7f84d5544610)
    at src/util/server.c:554
No locals.
#6  0x00007f84d503e5a9 in main (argc=<optimized out>, argv=<optimized out>)
    at src/providers/data_provider_be.c:2310
        opt = <optimized out>
        pc = <optimized out>
        be_domain = 0x7f84d5542400 "ADTEST"
        srv_name = <optimized out>
        main_ctx = 0x7f84d5544610
        confdb_path = <optimized out>
        ret = <optimized out>
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, 
            arg = 0x7f84d45da200 <poptHelpOptions>, val = 0, 
            descrip = 0x7f84d5097fef "Help options:", argDescrip = 0x0}, {
            longName = 0x7f84d5097ffd "debug-level", shortName = 100 'd', 
---Type <return> to continue, or q <return> to quit---
            argInfo = 2, arg = 0x7f84d52ac6a4 <debug_level>, val = 0, 
            descrip = 0x7f84d5098009 "Debug level", argDescrip = 0x0}, {
            longName = 0x7f84d5098015 "debug-to-files", shortName = 102 'f', 
            argInfo = 0, arg = 0x7f84d52ac6a0 <debug_to_file>, val = 0, 
            descrip = 0x7f84d50991b0 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x7f84d5098024 "debug-timestamps", 
            shortName = 0 '\000', argInfo = 2, 
            arg = 0x7f84d52ac4f4 <debug_timestamps>, val = 0, 
            descrip = 0x7f84d5098035 "Add debug timestamps", 
            argDescrip = 0x0}, {
            longName = 0x7f84d509804a "debug-microseconds", 
            shortName = 0 '\000', argInfo = 2, 
            arg = 0x7f84d52ac4f0 <debug_microseconds>, val = 0, 
            descrip = 0x7f84d50991e8 "Show timestamps with microseconds", 
            argDescrip = 0x0}, {longName = 0x7f84d50996ca "domain", 
            shortName = 0 '\000', argInfo = 1, arg = 0x7fff54dc7090, val = 0, 
            descrip = 0x7f84d5099210 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, 
            arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "main"

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0
rhbz: => 0

Fields changed

milestone: SSSD 1.9.0 => SSSD 1.9.0 RC1

Fields changed

owner: somebody => okos

Fields changed

status: new => assigned

Fields changed

patch: 0 => 1
proposed_priority: => Undefined

Fixed in e523233

resolution: => fixed
status: assigned => closed

Metadata Update from @kaushikub:
- Issue assigned to okos
- Issue set to the milestone: SSSD 1.9.0 beta 7

2 years ago

Login to comment on this ticket.

Metadata