#1429 IPA session code returns error when SELinux mapping rule links to an HBAC rule
Closed: Fixed None Opened 7 years ago by jhrozek.

Whenever one of the SELinux rules links to an HBAC rule, the back end outputs this error:

[be_pam_handler_callback] (0x0100): Backend returned: (3, 12, <NULL>) [Internal Error (Authentication token is no longer valid; new one required)]
[be_pam_handler_callback] (0x0100): Sending result [4][idm.lab.bos.redhat.com]

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 6
rhbz: => 0

Fields changed

owner: somebody => jzeleny
status: new => assigned

Jan's patches on the list seems to have fixed the issue.

patch: 0 => 1

For the record the bug was in ipa_selinux_map_merge, one of Jan's patches on the list removed that function completely, which got rid of the bug.

Breakpoint 2, ipa_selinux_map_merge (map=0x1a47870, rule=0x1a27de0, attr=
    0x7f0050ec7320 "originalMemberUser") at src/providers/ipa/ipa_selinux_common.c:38
38      int i = 0;
(gdb) n
40      ret = sysdb_attrs_get_el(map, attr, &map_el);
(gdb) 
41      if (ret != EOK) {
(gdb) 
45      ret = sysdb_attrs_get_el(rule, attr, &rule_el);
(gdb) 
46      if (ret != EOK) {
(gdb) 
50      total_cnt = map_el->num_values + rule_el->num_values;
(gdb) 
51      map_el->values = talloc_realloc(map->a, map_el->values,
(gdb) 
53      if (map_el->values == NULL) {
(gdb) 
54          ret = ENOMEM;
(gdb) p map_el->num_values
$1 = 0
(gdb) p rule_el->num_values 
$2 = 0

master: 28aa01a

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jzeleny
- Issue set to the milestone: SSSD 1.9.0 beta 6

2 years ago

Login to comment on this ticket.

Metadata