Learn more about these different git repos.
Other Git URLs
I spent several hours today tracking this down. It's very easy to reproduce: simply stand up a single AD domain with one or more users. I didn't add them to any non-default groups, so Domain Users should be the only one they belong to.
Then run
getent group "Domain Users@windows.domain"
and it will crash with a NULL-dereference:
#0 0x00007f3c6fa0ba07 in sysdb_group_dn (mem_ctx=0x7f3c7168a190, dom=0x7f3c71625110, name=<optimized out>) at src/db/sysdb.c:187 ret = <optimized out> clean_name = 0x7f3c71689550 "Domain Users" dn = <optimized out> #1 0x00007f3c6fa0fc0a in sysdb_search_group_by_name (mem_ctx=0x7f3c71672c20, domain=0x7f3c71625110, name=0x7f3c7168a300 "Domain Users", attrs=0x7f3c6fc4e020 <src_attrs>, msg=0x7fff61282a10) at src/db/sysdb_ops.c:524 tmp_ctx = 0x7f3c7168a190 def_attrs = {0x7f3c6fa36806 "name", 0x7f3c6fa377cf "gidNumber", 0x0} msgs = 0x0 basedn = 0x0 msgs_count = 0 ret = 1875173408 __FUNCTION__ = "sysdb_search_group_by_name" #2 0x00007f3c6fa1401a in sysdb_store_group (domain=0x7f3c71625110, name=0x7f3c7168a300 "Domain Users", gid=1872980432, attrs=0x7f3c71664410, cache_timeout=139897576952848, now=1411517599) at src/db/sysdb_ops.c:2028 tmp_ctx = 0x7f3c71672c20 src_attrs = {0x7f3c6fa36806 "name", 0x7f3c6fa377cf "gidNumber", 0x7f3c6fa3824e "originalModifyTimestamp", 0x0} msg = 0x7f3c7168a110 new_group = 13 ret = 12 __FUNCTION__ = "sysdb_store_group" #3 0x00007f3c61219f05 in sdap_store_group_with_gid (now=<optimized out>, posix_group=<optimized out>, cache_timeout=<optimized out>, group_attrs=<optimized out>, gid=<optimized out>, name=<optimized out>, domain=<optimized out>) at src/providers/ldap/sdap_async_groups.c:365 No locals. #4 sdap_save_group (now=<optimized out>, _usn_value=<optimized out>, ghosts=<optimized out>, store_original_member=<optimized out>, populate_members=<optimized out>, attrs=<optimized out>, dom=<optimized out>, opts=<optimized out>, memctx=<optimized out>) at src/providers/ldap/sdap_async_groups.c:756 gid = 1501400513 tmpctx = 0x7f3c71673130 use_id_mapping = false ad_group_type = -2147483646 group_name = 0x7f3c7168a300 "Domain Users" el = 0x7f3c7168a150 posix_group = true sid_str = 0x7f3c716771e0 "S-1-5-21-2358827345-190803116-1095511743-513" #5 sdap_save_groups (memctx=0x7f3c7168a190, sysdb=0x7f3c71672c20, dom=0x7f3c6fa369d0, opts=0x7f3c7164ca50, groups=0x7f3c71611410, num_groups=1, populate_members=false, ghosts=0x0, save_orig_member=true, _usn_value=0x7f3c71677860) at src/providers/ldap/sdap_async_groups.c:944 ret = 1902588208 sret = 0 __FUNCTION__ = "sdap_save_groups"
The issue is that {{{dom->sysdb}}} is NULL:
(gdb) print *dom $2 = {name = 0x7f3c71611410 "default", conn_name = 0x7f3c71611410 "default", provider = 0x7f3c71611480 "ldap", timeout = 0, enumerate = false, sd_enumerate = 0x7f3c71628120, fqnames = false, mpg = false, ignore_group_members = true, id_min = 1, id_max = 0, cache_credentials = true, legacy_passwords = false, case_sensitive = true, case_preserve = true, override_gid = 0, override_homedir = 0x7f3c71611810 "/home/%u", fallback_homedir = 0x0, subdomain_homedir = 0x7f3c7160f250 "/home/%d/%u", homedir_substr = 0x0, override_shell = 0x0, default_shell = 0x0, user_timeout = 5400, group_timeout = 5400, netgroup_timeout = 5400, service_timeout = 5400, autofsmap_timeout = 5400, sudo_timeout = 5400, ssh_host_timeout = 5400, refresh_expired_interval = 0, subdomain_refresh_interval = 14400, pwd_expiration_warning = -1, sysdb = 0x0, names = 0x0, parent = 0x0, subdomains = 0x0, realm = 0x0, flat_name = 0x0, domain_id = 0x0, forest = 0x0, subdomains_last_checked = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x7f3c71625b80, disabled = false}
I ran a {{{git bisect}}} until I discovered that the bug was caused by git commit b12e250
I will look into this further, but I'm opening a ticket to track it.
For more detail, we discovered that this bug only happens when the AD provider is not the first domain in the set of active domains.
My configuration had the first domain as id_provider = ldap and the second as id_provider = ad, which made this bug trivially reproducible.
Fixed by a2147c6
resolution: => fixed status: new => closed
Thanks for marking the ticket as fixed, I meant to ask you if some other patches are needed and apparently this means "no" :-)
mark: => 0 milestone: NEEDS_TRIAGE => SSSD 1.12.2
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1148573 (Red Hat Enterprise Linux 7)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1148573 1148573]
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1148582 (Red Hat Enterprise Linux 6)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1148573 1148573] => [https://bugzilla.redhat.com/show_bug.cgi?id=1148573 1148573], [https://bugzilla.redhat.com/show_bug.cgi?id=1148582 1148582]
Metadata Update from @sgallagh: - Issue assigned to sgallagh - Issue marked as depending on: #2345 - Issue set to the milestone: SSSD 1.12.2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3489
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.