#3137 secrets: creating a secret in a container doesn't work
Closed: Fixed None Opened 2 years ago by jhrozek.

The container never matches. Looks like we do something wrong when searching for the parent of the container:

Breakpoint 1, local_db_check_containers (mem_ctx=0x19fa980, lctx=0x19f8760, leaf_dn=0x19fbb90)
    at /sssd/src/responder/secrets/local.c:294
294         struct ldb_result *res = NULL;
(gdb) p /r leaf_dn
$3 = (struct ldb_dn *) 0x19fbb90
(gdb) p /r *leaf_dn
$4 = {ldb = 0x19f9c60, special = false, invalid = false, valid_case = false, 
  linearized = 0x19fc890 "cn=foo,cn=keyring,cn=0,cn=users,cn=secrets", ext_linearized = 0x0, 
  casefold = 0x0, comp_num = 5, components = 0x19fc060, ext_comp_num = 0, ext_components = 0x0}
(gdb) p /r *dn
$5 = {ldb = 0x19f9c60, special = false, invalid = false, valid_case = false, 
  linearized = 0x19fb770 "cn=foo,cn=keyring,cn=0,cn=users,cn=secrets", ext_linearized = 0x0, 
  casefold = 0x0, comp_num = 5, components = 0x19fb610, ext_comp_num = 0, ext_components = 0x0}
(gdb) n
308         for (int i = 0; i < num; i++) {
(gdb) 
310             if (!ldb_dn_remove_child_components(dn, 1)) return EFAULT;
(gdb) 
313             ret = ldb_search(lctx->ldb, mem_ctx, &res, dn, LDB_SCOPE_BASE,
(gdb) p *dn
$6 = { <struct ldb_dn>  linearized:0x0 }
(gdb) p /e *dn
$7 = { <struct ldb_dn>  linearized:0x0 }
(gdb) p /r *dn
$8 = {ldb = <error reading variable>, special = <error reading variable>, invalid = <error reading variable>, valid_case = <error reading variable>, linearized = <error reading variable>, 
  ext_linearized = <error reading variable>, casefold = <error reading variable>, comp_num = <error reading variable>, components = <error reading variable>, ext_comp_num = <error reading variable>, 
  ext_components = <error reading variable>

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14.2

Fields changed

owner: somebody => fidencio

btw I would suggest to first take the sssd-secrets out of the equation and write a simple C program that just links with libldb and munges the DNs. The goal would be to have a for-loop that chops one RDN in each iteration.

Fields changed

rhbz: => todo

Fields changed

patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to fidencio
- Issue set to the milestone: SSSD 1.14.2

2 years ago

Login to comment on this ticket.

Metadata