SSSD / sssd

Clone

#3964 Responders: `is_user_local_by_name()` should avoid calling nss API entirely
Closed: Fixed 5 years ago by jhrozek. Opened 6 years ago by atikhonov.

Closed: Fixed
Reopen Issue

Generally, responders should avoid any blocking calls (without configurable timeouts) at all to prevent termination by own watchdog.
So ideally is_user_local_by_name() should be re-worked to avoid calling nss API (one of proposed solutions is to dlopen nss_files and use the functions from there).

For details see https://bugzilla.redhat.com/show_bug.cgi?id=1666819

Metadata Update from @atikhonov:
- Custom field rhbz adjusted to 1666819
6 years ago

Metadata Update from @atikhonov:
- Issue assigned to atikhonov
6 years ago

Metadata Update from @atikhonov:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1666819 (was: 1666819)
6 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2
6 years ago

Full list of functions to re-work:
is_user_local_by_name()
is_group_local_by_name()
is_user_local_by_uid()
is_group_local_by_gid()

Metadata Update from @atikhonov:
- Issue tagged with: PR
6 years ago

Commit 2b564f8 fixes this issue

Commit 6a6aad2 relates to this ticket

Metadata Update from @lslebodn:
- Custom field design_review adjusted to on
- Custom field mark adjusted to on
- Custom field patch adjusted to on
- Custom field review adjusted to on
- Custom field sensitive adjusted to on
- Custom field testsupdated adjusted to on
- Issue status updated to: Open (was: Closed)
5 years ago

Patches which "fix" this issue introduced regression.
test_ncache_local_uid fails if system /etc/passwd contais uid 1001 or 1002 which are hardcoded in "new" test.

Relying on system /etc/{passwd,group} is ideal if you want to have unreliable tests.

FAIL: negcache_2-tests
======================
[==========] Running 16 test(s).
[ RUN      ] test_ncache_nocache_user
[       OK ] test_ncache_nocache_user
[ RUN      ] test_ncache_local_user
[       OK ] test_ncache_local_user
[ RUN      ] test_ncache_domain_user
[       OK ] test_ncache_domain_user
[ RUN      ] test_ncache_both_user
[       OK ] test_ncache_both_user
[ RUN      ] test_ncache_nocache_uid
[       OK ] test_ncache_nocache_uid
[ RUN      ] test_ncache_local_uid
Leak report for src/tests/cmocka/test_negcache_2.c:187:
full talloc report on 'struct ncache_test_ctx' (total   6349 bytes in 101 blocks)
    struct sss_nc_ctx              contains    176 bytes in   1 blocks (ref 0) 0x55e37af67850
    struct sss_test_ctx            contains   6087 bytes in  95 blocks (ref 0) 0x55e37af48870
        config/domain/test_domain.test contains     31 bytes in   1 blocks (ref 0) 0x55e37af7f010
        struct confdb_ctx              contains   5624 bytes in  89 blocks (ref 0) 0x55e37af71520
            struct sss_domain_info         contains   4459 bytes in  70 blocks (ref 0) 0x55e37af75020
                struct sss_names_ctx           contains    128 bytes in   3 blocks (ref 0) 0x55e37af65090
                    %1$s@%2$s                      contains     10 bytes in   1 blocks (ref 0) 0x55e37af7e710
                    (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$)) contains     94 bytes in   1 blocks (ref 0) 0x55e37af62cd0
                struct sysdb_ctx               contains   3917 bytes in  61 blocks (ref 0) 0x55e37af72b30
                    struct ldb_context             contains   1350 bytes in  24 blocks (ref 0) 0x55e37af6c6d0
                        struct ldb_schema_attribute    contains    171 bytes in   2 blocks (ref 0) 0x55e37af751f0
                            dn                             contains      3 bytes in   1 blocks (ref 0) 0x55e37af74400
                        ldb_tdb backend                contains    415 bytes in   9 blocks (ref 0) 0x55e37af647d0
                            struct ltdb_private            contains    375 bytes in   8 blocks (ref 0) 0x55e37af698f0
                                struct ltdb_cache              contains    207 bytes in   6 blocks (ref 0) 0x55e37af58710
                                    struct ldb_message             contains    175 bytes in   5 blocks (ref 0) 0x55e37af8a8b0
                                        struct ldb_message_element     contains     80 bytes in   3 blocks (ref 0) 0x55e37af6e390
                                            struct ldb_val                 contains     32 bytes in   1 blocks (ref 0) 0x55e37af6b420
                                            struct ldb_val                 contains     16 bytes in   1 blocks (ref 0) 0x55e37af7f650
                                        ../ldb_tdb/ldb_search.c:205    contains     71 bytes in   1 blocks (ref 0) 0x55e37af8a800
                                struct ltdb_wrap               contains     48 bytes in   1 blocks (ref 0) 0x55e37af65840
                        struct ldb_opaque              contains     24 bytes in   1 blocks (ref 0) 0x55e37af65190
                        tp_negcache_2_tests-test_negcache_2/timestamps_test_domain.test.ldb contains     68 bytes in   1 blocks (ref 0) 0x55e37af845f0
                        struct ldb_extended_match_entry contains     24 bytes in   1 blocks (ref 0) 0x55e37af6deb0
                        struct ldb_extended_match_rule contains     16 bytes in   1 blocks (ref 0) 0x55e37af6de30
                        struct ldb_extended_match_entry contains     24 bytes in   1 blocks (ref 0) 0x55e37af65110
                        struct ldb_extended_match_rule contains     16 bytes in   1 blocks (ref 0) 0x55e37af6cd40
                        struct ldb_extended_match_entry contains     24 bytes in   1 blocks (ref 0) 0x55e37af6a330
                        struct ldb_extended_match_rule contains     16 bytes in   1 blocks (ref 0) 0x55e37af781d0
                        struct tevent_context          contains    368 bytes in   4 blocks (ref 0) 0x55e37af762a0
                            struct epoll_event_context     contains     40 bytes in   1 blocks (ref 0) 0x55e37af8df40
                            struct std_event_glue          contains    112 bytes in   2 blocks (ref 0) 0x55e37af7a730
                                struct tevent_ops              contains     80 bytes in   1 blocks (ref 0) 0x55e37af7fac0
                    struct ldb_context             contains   2396 bytes in  34 blocks (ref 0) 0x55e37af67f80
                        ldb_module: asq                contains     56 bytes in   2 blocks (ref 0) 0x55e37af58680
                            .name                          contains     16 bytes in   1 blocks (ref 0) 0x55e37af78ec0
                        ldb_module: memberof           contains     61 bytes in   2 blocks (ref 0) 0x55e37af712f0
                            .name                          contains     21 bytes in   1 blocks (ref 0) 0x55e37af688f0
                        struct ldb_schema_attribute    contains    437 bytes in   8 blocks (ref 0) 0x55e37af84a10
                            userPrincipalName              contains     18 bytes in   1 blocks (ref 0) 0x55e37af6d510
                            originalDN                     contains     11 bytes in   1 blocks (ref 0) 0x55e37af62510
                            objectclass                    contains     12 bytes in   1 blocks (ref 0) 0x55e37af42520
                            dn                             contains      3 bytes in   1 blocks (ref 0) 0x55e37af64f20
                            dc                             contains      3 bytes in   1 blocks (ref 0) 0x55e37af748a0
                            cn                             contains      3 bytes in   1 blocks (ref 0) 0x55e37af7e4b0
                            canonicalUserPrincipalName     contains     27 bytes in   1 blocks (ref 0) 0x55e37af74650
                        ldb_tdb backend                contains   1083 bytes in   9 blocks (ref 0) 0x55e37af894e0
                            struct ltdb_private            contains   1043 bytes in   8 blocks (ref 0) 0x55e37af78f40
                                struct ltdb_cache              contains    875 bytes in   6 blocks (ref 0) 0x55e37af7e810
                                    struct ldb_message             contains    843 bytes in   5 blocks (ref 0) 0x55e37af4c640
                                        struct ldb_message_element     contains    416 bytes in   3 blocks (ref 0) 0x55e37af487e0
                                            struct ldb_val                 contains    368 bytes in   1 blocks (ref 0) 0x55e37af4c0d0
                                            struct ldb_val                 contains     16 bytes in   1 blocks (ref 0) 0x55e37af63200
                                        ../ldb_tdb/ldb_search.c:205    contains    403 bytes in   1 blocks (ref 0) 0x55e37af686f0
                                struct ltdb_wrap               contains     48 bytes in   1 blocks (ref 0) 0x55e37af4ad50
                        struct ldb_opaque              contains     24 bytes in   1 blocks (ref 0) 0x55e37af6dcb0
                        tp_negcache_2_tests-test_negcache_2/cache_test_domain.test.ldb contains     63 bytes in   1 blocks (ref 0) 0x55e37af725a0
                        struct ldb_extended_match_entry contains     24 bytes in   1 blocks (ref 0) 0x55e37af7e790
                        struct ldb_extended_match_rule contains     16 bytes in   1 blocks (ref 0) 0x55e37af696f0
                        struct ldb_extended_match_entry contains     24 bytes in   1 blocks (ref 0) 0x55e37af89100
                        struct ldb_extended_match_rule contains     16 bytes in   1 blocks (ref 0) 0x55e37af68d90
                        struct ldb_extended_match_entry contains     24 bytes in   1 blocks (ref 0) 0x55e37af62e20
                        struct ldb_extended_match_rule contains     16 bytes in   1 blocks (ref 0) 0x55e37af62da0
                        struct tevent_context          contains    368 bytes in   4 blocks (ref 0) 0x55e37af749d0
                            struct epoll_event_context     contains     40 bytes in   1 blocks (ref 0) 0x55e37af7e420
                            struct std_event_glue          contains    112 bytes in   2 blocks (ref 0) 0x55e37af6e420
                                struct tevent_ops              contains     80 bytes in   1 blocks (ref 0) 0x55e37af7ec40
                    tp_negcache_2_tests-test_negcache_2/timestamps_test_domain.test.ldb contains     68 bytes in   1 blocks (ref 0) 0x55e37af63050
                    tp_negcache_2_tests-test_negcache_2/cache_test_domain.test.ldb contains     63 bytes in   1 blocks (ref 0) 0x55e37af891f0
                char*                          contains     21 bytes in   2 blocks (ref 0) 0x55e37af7aee0
                    none                           contains      5 bytes in   1 blocks (ref 0) 0x55e37af72bc0
                /home/%d/%u                    contains     12 bytes in   1 blocks (ref 0) 0x55e37af64330
                ipa                            contains      4 bytes in   1 blocks (ref 0) 0x55e37af65610
                test_domain.test               contains     17 bytes in   1 blocks (ref 0) 0x55e37af6d900
            struct ldb_context             contains    773 bytes in  14 blocks (ref 0) 0x55e37af73ce0
                ldb_tdb backend                contains    240 bytes in   4 blocks (ref 0) 0x55e37af6d1b0
                    struct ltdb_private            contains    200 bytes in   3 blocks (ref 0) 0x55e37af6b7e0
                        struct ltdb_cache              contains     32 bytes in   1 blocks (ref 0) 0x55e37af65cd0
                        struct ltdb_wrap               contains     48 bytes in   1 blocks (ref 0) 0x55e37af85140
                struct ldb_opaque              contains     24 bytes in   1 blocks (ref 0) 0x55e37af8dd50
                tp_negcache_2_tests-test_negcache_2/test_negcache_confdb.ldb contains     61 bytes in   1 blocks (ref 0) 0x55e37af7eb20
                struct ldb_extended_match_entry contains     24 bytes in   1 blocks (ref 0) 0x55e37af8dbd0
                struct ldb_extended_match_rule contains     16 bytes in   1 blocks (ref 0) 0x55e37af8ec70
                struct ldb_extended_match_entry contains     24 bytes in   1 blocks (ref 0) 0x55e37af8e0c0
                struct ldb_extended_match_rule contains     16 bytes in   1 blocks (ref 0) 0x55e37af8dfd0
                struct ldb_extended_match_entry contains     24 bytes in   1 blocks (ref 0) 0x55e37af637b0
                struct ldb_extended_match_rule contains     16 bytes in   1 blocks (ref 0) 0x55e37af71770
                struct ldb_schema_attribute    contains    144 bytes in   1 blocks (ref 0) 0x55e37af8dc50
            struct tevent_context          contains    368 bytes in   4 blocks (ref 0) 0x55e37af74b10
                struct epoll_event_context     contains     40 bytes in   1 blocks (ref 0) 0x55e37af682a0
                struct std_event_glue          contains    112 bytes in   2 blocks (ref 0) 0x55e37af6bc60
                    struct tevent_ops              contains     80 bytes in   1 blocks (ref 0) 0x55e37af78110
        struct tevent_context          contains    368 bytes in   4 blocks (ref 0) 0x55e37af4c350
            struct epoll_event_context     contains     40 bytes in   1 blocks (ref 0) 0x55e37af6a630
            struct std_event_glue          contains    112 bytes in   2 blocks (ref 0) 0x55e37af6c640
                struct tevent_ops              contains     80 bytes in   1 blocks (ref 0) 0x55e37af7fa00
    daemon                         contains      7 bytes in   1 blocks (ref 0) 0x55e37af73160
    bin                            contains      4 bytes in   1 blocks (ref 0) 0x55e37af76a40
    daemon                         contains      7 bytes in   1 blocks (ref 0) 0x55e37af76400
    bin                            contains      4 bytes in   1 blocks (ref 0) 0x55e37af89180
Could not run test: 0x11 != 0x2
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:377: error: Failure!check_leaks_pop(test_ctx)
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:187: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_local_uid
[ RUN      ] test_ncache_domain_uid
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_domain_uid
[ RUN      ] test_ncache_both_uid
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_both_uid
[ RUN      ] test_ncache_nocache_group
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_nocache_group
[ RUN      ] test_ncache_local_group
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_local_group
[ RUN      ] test_ncache_domain_group
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_domain_group
[ RUN      ] test_ncache_both_group
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_both_group
[ RUN      ] test_ncache_nocache_gid
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_nocache_gid
[ RUN      ] test_ncache_local_gid
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_local_gid
[ RUN      ] test_ncache_domain_gid
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_domain_gid
[ RUN      ] test_ncache_both_gid
Could not run test: leak_check_teardown()
[   LINE   ] --- src/tests/cmocka/test_negcache_2.c:189: error: Failure!Test teardown failed
[  ERROR   ] test_ncache_both_gid
[==========] 16 test(s) run.
[  PASSED  ] 5 test(s).
FAIL negcache_2-tests (exit status: 11)
Edited 5 years ago by lslebodn

Metadata Update from @atikhonov:
- Issue untagged with: PR
5 years ago

test_ncache_local_uid fails if system /etc/passwd contais uid 1001 or 1002

Confirmed. Thanks for the catch.

1-16 backport PR is amended.

Metadata Update from @atikhonov:
- Issue tagged with: PR
5 years ago

Commit 0204511 fixes this issue

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4937

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Log in to comment on this ticket.

Metadata

PR

None
None
minor
None
None
None
None
on
on
https://bugzilla.redhat.com/show_bug.cgi?id=1666819
on
on
None
None
None
on
None
None
on
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.