Learn more about these different git repos.
Other Git URLs
Description[[BR]] sssd_be segfaults when attempting to getent groups with LDAP Domain configured with ldap_schema = rfc2307bis.[[BR]]
sssd.conf[[BR]]
[sssd] config_file_version = 2 domains = LDAP sbus_timeout = 30 services = nss, pam [nss] filter_groups = root filter_users = root [pam] [domain/LDAP] auth_provider = ldap cache_credentials = TRUE enumerate = TRUE id_provider = ldap ldap_group_search_base = ou=SSSD,dc=example,dc=com ldap_group_object_class = groupofnames ldap_tls_reqcert = hard ldap_tls_cacertdir = /etc/openldap/cacerts ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc ldap_id_use_start_tls = TRUE ldap_uri = ldaps://jennyv4.bos.redhat.com:636 ldap_user_search_base = ou=SSSD,dc=example,dc=com ldap_user_object_class = person ldap_schema = rfc2307bis
Directory Objects[[BR]]
# MBO, SSSD, example.com dn: cn=MBO,ou=SSSD,dc=example,dc=com objectClass: top objectClass: groupOfNames objectClass: posixgroup cn: MBO ou: groups description: SSSD Memberof and Schema Test Group member: uid=mbo1,dc=example,dc=com member: uid=Mbo2,dc=example,dc=com gidNumber: 2000 # mbo1, SSSD, example.com dn: uid=mbo1,ou=SSSD,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: inetuser objectClass: posixaccount givenName: mbo1 cn: mbo1 mbo1 uid: mbo1 sn: mbo1 memberOf: cn=MBO,ou=SSSD,dc=example,dc=com gidNumber: 2000 uidNumber: 3000 homeDirectory: /home/mbo1 # mbo2, SSSD, example.com dn: uid=mbo2,ou=SSSD,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: inetuser objectClass: posixAccount givenName: mbo2 cn: mbo2 mbo2 uid: mbo2 sn: mbo2 memberOf: cn=MBO,ou=SSSD,dc=example,dc=com uidNumber: 3001 gidNumber: 2000 homeDirectory: /home/mbo2 loginShell: /bin/bash
Steps to Reproduce[[BR]] 1. Add objects to directory server as above.[[BR]] 2. Install sssd and configure as above.[[BR]] 3. getent -s sss passwd (users returned)[[BR]] 4. getent -s sss group (nothing returned)[[BR]] 5. wait about 5 seconds - segfault[[BR]]
Version[[BR]] sssd-1.0.0-0.2009120312git2d717db.fc11.i586
Fields changed
description: '''Description'''[[BR]] sssd_be segfaults when attempting to getent groups with LDAP Domain configured with ldap_schema = rfc2307bis.[[BR]]
'''sssd.conf'''[[BR]] {{{ [sssd] config_file_version = 2 domains = LDAP sbus_timeout = 30 services = nss, pam
[nss] filter_groups = root filter_users = root
[pam]
[domain/LDAP] auth_provider = ldap cache_credentials = TRUE enumerate = TRUE id_provider = ldap ldap_group_search_base = ou=SSSD,dc=example,dc=com ldap_group_object_class = groupofnames ldap_tls_reqcert = hard ldap_tls_cacertdir = /etc/openldap/cacerts ldap_tls_cacert = /etc/openldap/cacerts/cacert.asc ldap_id_use_start_tls = TRUE ldap_uri = ldaps://jennyv4.bos.redhat.com:636 ldap_user_search_base = ou=SSSD,dc=example,dc=com ldap_user_object_class = person ldap_schema = rfc2307bis }}}
'''Directory Objects'''[[BR]] {{{
dn: cn=MBO,ou=SSSD,dc=example,dc=com objectClass: top objectClass: groupOfNames objectClass: posixgroup cn: MBO ou: groups description: SSSD Memberof and Schema Test Group member: uid=mbo1,dc=example,dc=com member: uid=Mbo2,dc=example,dc=com gidNumber: 2000
dn: uid=mbo1,ou=SSSD,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: inetuser objectClass: posixaccount givenName: mbo1 cn: mbo1 mbo1 uid: mbo1 sn: mbo1 memberOf: cn=MBO,ou=SSSD,dc=example,dc=com gidNumber: 2000 uidNumber: 3000 homeDirectory: /home/mbo1
dn: uid=mbo2,ou=SSSD,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: inetuser objectClass: posixAccount givenName: mbo2 cn: mbo2 mbo2 uid: mbo2 sn: mbo2 memberOf: cn=MBO,ou=SSSD,dc=example,dc=com uidNumber: 3001 gidNumber: 2000 homeDirectory: /home/mbo2 loginShell: /bin/bash }}}
'''Steps to Reproduce'''[[BR]] 1. Add objects to directory server as above.[[BR]] 2. Install sssd and configure as above.[[BR]]
'''Version'''[[BR]] sssd-1.0.0-0.2009120312git2d717db.fc11.i586
=> '''Description'''[[BR]] sssd_be segfaults when attempting to getent groups with LDAP Domain configured with ldap_schema = rfc2307bis.[[BR]]
'''Steps to Reproduce'''[[BR]] 1. Add objects to directory server as above.[[BR]] 2. Install sssd and configure as above.[[BR]] 3. getent -s sss passwd (users returned)[[BR]] 4. getent -s sss group (nothing returned)[[BR]] 5. wait about 5 seconds - segfault[[BR]]
Backtrace:
(gdb) bt full #0 strcspn () at ../sysdeps/i386/strcspn.S:218 No locals. #1 0x0806b40d in build_dom_dn_str_escape (memctx=0x900d0c8, template=0x8080958 "name=%s,cn=users,cn=%s,cn=sysdb", domain=0x8f5ff30 "LDAP", name=0x653d6364 <Address 0x653d6364 out of bounds>) at db/sysdb_ops.c:2778 ret = 0x900d290 "\370\301" l = 0 #2 0x0806b8b9 in sysdb_store_group_check (subreq=0x0) at db/sysdb_ops.c:2912 member = 0x900c408 "name=Mbo2,cn=users,cn=LDAP,cn=sysdb" req = 0x900d068 state = 0x900d0c8 msg = 0x9cb667 now = 1259953228 new_group = true ret = 0 i = 2 __FUNCTION__ = "sysdb_store_group_check" #3 0x00e9b4f4 in tevent_req_finish (req=0x653d6364, state=<value optimized out>) at tevent_req.c:118 No locals. #4 0x00e9b550 in tevent_req_error (req=0x0, error=2) at tevent_req.c:171 No locals. #5 0x080641b6 in sysdb_search_group_done (subreq=0x0) at db/sysdb_ops.c:979 req = 0x900d128 state = 0x900d188 ret = 2 #6 0x00e9b4f4 in tevent_req_finish (req=0x653d6364, state=<value optimized out>) at tevent_req.c:118 No locals. #7 0x00e9b550 in tevent_req_error (req=0x0, error=2) at tevent_req.c:171 No locals. #8 0x08062e0f in sysdb_search_entry_done (subreq=0x0) at db/sysdb_ops.c:555 req = 0x900bd40 state = 0x900bda0 ldbreply = 0x0 dummy = 0x900c0b0 ret = 0 __FUNCTION__ = "sysdb_search_entry_done" #9 0x00e9b4f4 in tevent_req_finish (req=0x653d6364, state=<value optimized out>) at tevent_req.c:118 No locals. #10 0x08061838 in sldb_request_callback (ldbreq=0x900c008, ldbreply=0x900c318) at db/sysdb_ops.c:163 req = 0x900c0b0 state = 0x900c110 err = 10455995 __FUNCTION__ = "sldb_request_callback" #11 0x009f3549 in ltdb_request_done (ctx=<value optimized out>, error=0) at ldb_tdb/ldb_tdb.c:1011 ldb = 0x8f5fc98 req = 0x900c008 #12 0x009f46f2 in ltdb_callback (ev=0x8f5e090, te=0x900c158, t= {tv_sec = 0, tv_usec = 0}, private_data=0x900d1e0) at ldb_tdb/ldb_tdb.c:1120 ctx = 0x900d1e0 ret = 0 #13 0x00e9a74a in tevent_common_loop_timer_delay (ev=0x8f5e090) at tevent_timed.c:254 current_time = {tv_sec = 0, tv_usec = 0} te = 0x900c158 #14 0x00e9c0b7 in std_event_loop_once (ev=0x8f5e090) at tevent_standard.c:543 tval = {tv_sec = 0, tv_usec = 0} #15 0x00e9c396 in std_event_loop_wait (ev=0x8f5e090) at tevent_standard.c:567 std_ev = 0x8f5e0e8 #16 0x00e99ca1 in tevent_loop_wait (ev=0x8f5e090) at tevent.c:357 No locals. #17 0x0807aa27 in server_loop (main_ctx=0x8f5e138) at util/server.c:431 No locals. #18 0x080539b2 in main (argc=5, argv=0xbffe2ce4) at providers/data_provider_be.c:1187 opt = -1 pc = 0x8f5d600 be_domain = 0x8f5d810 "LDAP" srv_name = 0x8f5d670 "sssd[be[LDAP]]" conf_entry = 0x8f5d6b8 "config/domain/LDAP" main_ctx = 0x8f5e138 ret = 0 long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, arg = 0x8087860, val = 0, descrip = 0x807e213 "Help options:", argDescrip = 0x0}, {longName = 0x807e221 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x80878dc, val = 0, descrip = 0x807e22d "Debug level", argDescrip = 0x0}, { longName = 0x807e239 "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x80878e4, val = 0, descrip = 0x807e248 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x807e279 "debug-timestamps", shortName = 0 '\0', argInfo = 0, arg = 0x80878e0, val = 0, descrip = 0x807e28a "Add debug timestamps", argDescrip = 0x0}, { longName = 0x807e29f "domain", shortName = 0 '\0', argInfo = 1, arg = 0xbffe2c08, val = 0, descrip = 0x807e2a8 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} __FUNCTION__ = "main" arg = 0xbffe2c08, val = 0, descrip = 0x807e2a8 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} __FUNCTION__ = "main"
Examining sysdb_store_group_check produces this:
(gdb) print state->member_users[0] $6 = 0x900cb28 "mbo1" (gdb) print state->member_users[1] $7 = 0x900cd90 "Mbo2" (gdb) print state->member_users[2] $8 = 0x653d6364 <Address 0x653d6364 out of bounds>
Proper termination of this list requires that {{{state->member_users[2]}}} should have been {{{NULL}}}.
component: SSSD => SysDB milestone: NEEDS_TRIAGE => SSSD 1.0 owner: somebody => sgallagh
Fixed by de1c7b4
fixedin: => 1.0.0 resolution: => fixed status: new => closed
rhbz: => 0
Metadata Update from @jgalipea: - Issue assigned to sgallagh - Issue set to the milestone: SSSD 1.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1349
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.