#1429 IPA session code returns error when SELinux mapping rule links to an HBAC rule
Closed: Fixed None Opened 9 years ago by jhrozek.

Whenever one of the SELinux rules links to an HBAC rule, the back end outputs this error:

[be_pam_handler_callback] (0x0100): Backend returned: (3, 12, <NULL>) [Internal Error (Authentication token is no longer valid; new one required)]
[be_pam_handler_callback] (0x0100): Sending result [4][idm.lab.bos.redhat.com]

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 6
rhbz: => 0

Fields changed

owner: somebody => jzeleny
status: new => assigned

Jan's patches on the list seems to have fixed the issue.

patch: 0 => 1

For the record the bug was in ipa_selinux_map_merge, one of Jan's patches on the list removed that function completely, which got rid of the bug.

Breakpoint 2, ipa_selinux_map_merge (map=0x1a47870, rule=0x1a27de0, attr=
    0x7f0050ec7320 "originalMemberUser") at src/providers/ipa/ipa_selinux_common.c:38
38      int i = 0;
(gdb) n
40      ret = sysdb_attrs_get_el(map, attr, &map_el);
41      if (ret != EOK) {
45      ret = sysdb_attrs_get_el(rule, attr, &rule_el);
46      if (ret != EOK) {
50      total_cnt = map_el->num_values + rule_el->num_values;
51      map_el->values = talloc_realloc(map->a, map_el->values,
53      if (map_el->values == NULL) {
54          ret = ENOMEM;
(gdb) p map_el->num_values
$1 = 0
(gdb) p rule_el->num_values 
$2 = 0

master: 28aa01a

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jzeleny
- Issue set to the milestone: SSSD 1.9.0 beta 6

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2471

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.