SSSD / sssd

Clone

#1131 sssd_be creates the krb5_child processes in a loop if changing passwords using kdc and kpasswd is unreachable
Closed: Fixed None Opened 12 years ago by jhrozek.

Closed: Fixed
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=771702

Description of problem:


Version-Release number of selected component (if applicable):
sssd-1.5.1-66.el6_2.1.x86_64.rpm

How reproducible:
100%

Steps to Reproduce:
1. Make sure "allow_all" hbacrule is enabled.
2. Create an IPA user.
3. From client do "ssh -l shanks SERVER.hostname"
4. Enter password, and change password requested.
5. Enter and re-enter new password.

Actual results:
Re-enter new password prompt hangs. sssd_pam crash detected in
/var/log/messages.

Expected results:
Password changed successfully with no crash detected.

Additional info:

relevant ipa server sssd.conf:
[domain/lab.eng.pnq.redhat.com]
timeout = 30000
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = lab.eng.pnq.redhat.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = bumblebee.lab.eng.pnq.redhat.com
chpass_provider = ipa
ipa_server = bumblebee.lab.eng.pnq.redhat.com
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 9

relevant client sssd.conf:
[domain/LDAP-KRB5]
debug_level = 9
id_provider = ldap
ldap_uri = ldap://bumblebee.lab.eng.pnq.redhat.com
ldap_search_base = cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
auth_provider = krb5
krb5_server = bumblebee.lab.eng.pnq.redhat.com
krb5_realm = LAB.ENG.PNQ.REDHAT.COM
krb5_lifetime = 120
krb5_renew_interval = 10
krb5_renewable_lifetime = 300


# gdb --core=/var/spool/abrt/ccpp-2012-01-03-05\:36\:27-23164/coredump
/usr/libexec/sssd/sssd_pam --quiet -ex "thread apply all bt full" -ex "quit"
Reading symbols from /usr/libexec/sssd/sssd_pam...Reading symbols from
/usr/lib/debug/usr/libexec/sssd/sssd_pam.debug...done.
done.
[New Thread 23164]
Missing separate debuginfo for
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/0a/c87124da6b3667e15d65262886e136d5682803
Reading symbols from /usr/lib64/libtevent.so.0.9.8...Reading symbols from
/usr/lib/debug/usr/lib64/libtevent.so.0.9.8.debug...done.
done.
Loaded symbols for /usr/lib64/libtevent.so.0.9.8
Reading symbols from /usr/lib64/libtalloc.so.2.0.1...Reading symbols from
/usr/lib/debug/usr/lib64/libtalloc.so.2.0.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtalloc.so.2.0.1
Reading symbols from /lib64/libpopt.so.0.0.0...Reading symbols from
/usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done.
done.
Loaded symbols for /lib64/libpopt.so.0.0.0
Reading symbols from /usr/lib64/libldb.so.0.9.10...Reading symbols from
/usr/lib/debug/usr/lib64/libldb.so.0.9.10.debug...done.
done.
Loaded symbols for /usr/lib64/libldb.so.0.9.10
Reading symbols from /lib64/libdbus-1.so.3.4.0...Reading symbols from
/usr/lib/debug/lib64/libdbus-1.so.3.4.0.debug...done.
done.
Loaded symbols for /lib64/libdbus-1.so.3.4.0
Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/librt.so.1
Reading symbols from /lib64/libpcre.so.0.0.1...Reading symbols from
/usr/lib/debug/lib64/libpcre.so.0.0.1.debug...done.
done.
Loaded symbols for /lib64/libpcre.so.0.0.1
Reading symbols from /usr/lib64/libini_config.so.2.0.0...Reading symbols from
/usr/lib/debug/usr/lib64/libini_config.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libini_config.so.2.0.0
Reading symbols from /usr/lib64/libcollection.so.2.0.0...Reading symbols from
/usr/lib/debug/usr/lib64/libcollection.so.2.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcollection.so.2.0.0
Reading symbols from /usr/lib64/libdhash.so.1.0.0...Reading symbols from
/usr/lib/debug/usr/lib64/libdhash.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libdhash.so.1.0.0
Reading symbols from /lib64/liblber-2.4.so.2.5.6...Reading symbols from
/usr/lib/debug/lib64/liblber-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/liblber-2.4.so.2.5.6
Reading symbols from /lib64/libldap-2.4.so.2.5.6...Reading symbols from
/usr/lib/debug/lib64/libldap-2.4.so.2.5.6.debug...done.
done.
Loaded symbols for /lib64/libldap-2.4.so.2.5.6
Reading symbols from /usr/lib64/libtdb.so.1.2.1...Reading symbols from
/usr/lib/debug/usr/lib64/libtdb.so.1.2.1.debug...done.
done.
Loaded symbols for /usr/lib64/libtdb.so.1.2.1
Reading symbols from /usr/lib64/libssl3.so...
warning: the debug information found in
"/usr/lib/debug//usr/lib64/libssl3.so.debug" does not match
"/usr/lib64/libssl3.so" (CRC mismatch).


warning: the debug information found in
"/usr/lib/debug/usr/lib64/libssl3.so.debug" does not match
"/usr/lib64/libssl3.so" (CRC mismatch).

(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libssl3.so
Reading symbols from /usr/lib64/libsmime3.so...
warning: the debug information found in
"/usr/lib/debug//usr/lib64/libsmime3.so.debug" does not match
"/usr/lib64/libsmime3.so" (CRC mismatch).


warning: the debug information found in
"/usr/lib/debug/usr/lib64/libsmime3.so.debug" does not match
"/usr/lib64/libsmime3.so" (CRC mismatch).

(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libsmime3.so
Reading symbols from /usr/lib64/libnss3.so...
warning: the debug information found in
"/usr/lib/debug//usr/lib64/libnss3.so.debug" does not match
"/usr/lib64/libnss3.so" (CRC mismatch).


warning: the debug information found in
"/usr/lib/debug/usr/lib64/libnss3.so.debug" does not match
"/usr/lib64/libnss3.so" (CRC mismatch).

(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libnss3.so
Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from
/usr/lib/debug/usr/lib64/libnssutil3.so.debug...done.
done.
Loaded symbols for /usr/lib64/libnssutil3.so
Reading symbols from /lib64/libplds4.so...Reading symbols from
/usr/lib/debug/lib64/libplds4.so.debug...done.
done.
Loaded symbols for /lib64/libplds4.so
Reading symbols from /lib64/libplc4.so...Reading symbols from
/usr/lib/debug/lib64/libplc4.so.debug...done.
done.
Loaded symbols for /lib64/libplc4.so
Reading symbols from /lib64/libnspr4.so...Reading symbols from
/usr/lib/debug/lib64/libnspr4.so.debug...done.
done.
Loaded symbols for /lib64/libnspr4.so
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols
found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /usr/lib64/libunistring.so.0.1.2...Reading symbols from
/usr/lib/debug/usr/lib64/libunistring.so.0.1.2.debug...done.
done.
Loaded symbols for /usr/lib64/libunistring.so.0.1.2
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libpath_utils.so.1.0.0...Reading symbols from
/usr/lib/debug/usr/lib64/libpath_utils.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libpath_utils.so.1.0.0
Reading symbols from /usr/lib64/libref_array.so.1.0.0...Reading symbols from
/usr/lib/debug/usr/lib64/libref_array.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libref_array.so.1.0.0
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /usr/lib64/libsasl2.so.2.0.23...Reading symbols from
/usr/lib/debug/usr/lib64/libsasl2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/libsasl2.so.2.0.23
Reading symbols from /lib64/libz.so.1.2.3...Reading symbols from
/usr/lib/debug/lib64/libz.so.1.2.3.debug...done.
done.
Loaded symbols for /lib64/libz.so.1.2.3
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libfreebl3.so...Reading symbols from
/usr/lib/debug/lib64/libfreebl3.so.debug...done.
done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /usr/lib64/ldb/memberof.so...Reading symbols from
/usr/lib/debug/usr/lib64/ldb/memberof.so.debug...done.
done.
Loaded symbols for /usr/lib64/ldb/memberof.so
Core was generated by `/usr/libexec/sssd/sssd_pam -d 0 --debug-to-files'.
Program terminated with signal 6, Aborted.
#0  0x0000003e37a32885 in raise () from /lib64/libc.so.6

Thread 1 (Thread 0x7f3a64d23700 (LWP 23164)):
#0  0x0000003e37a32885 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x0000003e37a34065 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x0000003e39e2a975 in _dbus_abort () at dbus-sysdeps.c:88
        s = <value optimized out>
#3  0x0000003e39e26845 in _dbus_warn_check_failed (
    format=0x3e39e339e0 "arguments to %s() were incorrect, assertion \"%s\"
failed in file %s line %d.\nThis is normally a bug in some application using
the D-Bus library.\n") at dbus-internals.c:283
        args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fff654e8990, reg_save_area = 0x7fff654e88c0}}
#4  0x0000003e39e10471 in dbus_connection_send_with_reply (connection=0x0,
message=0x1d59750, pending_return=0x7fff654e89d8,
    timeout_milliseconds=150000) at dbus-connection.c:3226
        pending = <value optimized out>
        serial = -1
        status = <value optimized out>
        __FUNCTION__ = "dbus_connection_send_with_reply"
#5  0x0000000000423144 in sbus_conn_send (conn=<value optimized out>,
msg=<value optimized out>, timeout_ms=<value optimized out>,
    reply_handler=0x430c60 <sss_dp_send_acct_callback>, pvt=0x1d6bd80,
pending=0x7fff654e8ad8) at src/sbus/sssd_dbus_connection.c:711
        pending_reply = <value optimized out>
        dbus_conn = <value optimized out>
        dbret = <value optimized out>
        __FUNCTION__ = "sbus_conn_send"
#6  0x000000000043088d in sss_dp_send_acct_req_create (rctx=0x1d54830,
callback_memctx=0x1d5c0e0,
    callback=0x409cc0 <pam_check_user_dp_callback>, callback_ctx=0x1d5c0e0,
timeout=150000, domain=0x1d530e0 "lab.eng.pnq.redhat.com",
    fast_reply=false, type=3, opt_name=0x1d63d40 "shanks", opt_id=0) at
src/responder/common/responder_dp.c:493
        msg = 0x1d59750
        dbret = <value optimized out>
        ret = <value optimized out>
        pending_reply = <value optimized out>
        cb = <value optimized out>
        sdp_req = 0x1d6bd80
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.47.el6.x86_64
nss-3.12.10-16.el6.x86_64
---Type <return> to continue, or q <return> to quit---
        attrs = 1
        be_conn = 0x1d58180
#7  sss_dp_send_acct_req (rctx=0x1d54830, callback_memctx=0x1d5c0e0,
callback=0x409cc0 <pam_check_user_dp_callback>,
    callback_ctx=0x1d5c0e0, timeout=150000, domain=0x1d530e0
"lab.eng.pnq.redhat.com", fast_reply=false, type=3,
    opt_name=0x1d63d40 "shanks", opt_id=0) at
src/responder/common/responder_dp.c:385
        ret = <value optimized out>
        hret = <value optimized out>
        be_type = <value optimized out>
        filter = 0x1d6c110 "name=shanks"
        key = {type = HASH_KEY_STRING, {str = 0x1d55810
"3shanks@lab.eng.pnq.redhat.com", ul = 30758928}}
        value = {type = 1699646224, {ptr = 0x3e37a722f5, i = 933700341, ui =
933700341, l = 267221672693, ul = 267221672693,
            f = 1.99242295e-05, d = 1.3202504830184524e-312}}
        tmp_ctx = 0x1d652d0
        tv = {tv_sec = 206158430248, tv_usec = 140734893034448}
        sdp_req = 0x0
        cb = <value optimized out>
        __FUNCTION__ = "sss_dp_send_acct_req"
#8  0x0000000000408093 in pam_check_user_search (preq=0x1d5c0e0) at
src/responder/pam/pamsrv_cmd.c:902
        dom = 0x1d54da0
        cctx = <value optimized out>
        name = 0x1d63d40 "shanks"
        sysdb = 0x1d55810
        cacheExpire = <value optimized out>
        ret = <value optimized out>
        __FUNCTION__ = "pam_check_user_search"
#9  0x000000000040a8f1 in pam_forwarder (cctx=<value optimized out>,
pam_cmd=<value optimized out>) at src/responder/pam/pamsrv_cmd.c:796
        dom = 0x1d54da0
        preq = 0x1d5c0e0
        pd = 0x1d5bd20
        body = 0x1d6f770 "IPAM\001"
        blen = 124
        ret = <value optimized out>
        ncret = <value optimized out>
        terminator = 1229996365
        __FUNCTION__ = "pam_forwarder"
#10 0x000000000040b641 in pam_cmd_authenticate (cctx=0x1d5ba50) at
src/responder/pam/pamsrv_cmd.c:1003
---Type <return> to continue, or q <return> to quit---
        __FUNCTION__ = "pam_cmd_authenticate"
#11 0x000000000042d950 in client_recv (ev=<value optimized out>, fde=<value
optimized out>, flags=1, ptr=<value optimized out>)
    at src/responder/common/responder_common.c:183
        ret = <value optimized out>
#12 client_fd_handler (ev=<value optimized out>, fde=<value optimized out>,
flags=1, ptr=<value optimized out>)
    at src/responder/common/responder_common.c:221
        cctx = 0x1d5ba50
#13 0x0000003e3d605456 in epoll_event_loop (ev=<value optimized out>,
location=<value optimized out>) at tevent_standard.c:309
        fde = <value optimized out>
        flags = <value optimized out>
        ret = 1
        i = <value optimized out>
        events = {{events = 1, data = {ptr = 0x1d6ad00, fd = 30846208, u32 =
30846208, u64 = 30846208}}}
        timeout = <value optimized out>
#14 std_event_loop_once (ev=<value optimized out>, location=<value optimized
out>) at tevent_standard.c:544
        std_ev = 0x1d513e0
        tval = {tv_sec = 0, tv_usec = 34450}
#15 0x0000003e3d6026d0 in _tevent_loop_once (ev=0x1d51320, location=0x439595
"src/util/server.c:526") at tevent.c:490
        ret = <value optimized out>
        nesting_stack_ptr = 0x0
#16 0x0000003e3d60273b in tevent_common_loop_wait (ev=0x1d51320,
location=0x439595 "src/util/server.c:526") at tevent.c:591
        ret = <value optimized out>
#17 0x0000000000427921 in server_loop (main_ctx=0x1d52420) at
src/util/server.c:526
No locals.
#18 0x0000000000407aa0 in main (argc=<value optimized out>, argv=<value
optimized out>) at src/responder/pam/pamsrv.c:230
        opt = <value optimized out>
        pc = <value optimized out>
        main_ctx = 0x1d52420
        ret = <value optimized out>
        long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg
= 0x6408a0, val = 0, descrip = 0x433242 "Help options:",
            argDescrip = 0x0}, {longName = 0x433250 "debug-level", shortName =
100 'd', argInfo = 2, arg = 0x640998, val = 0,
            descrip = 0x433221 "Debug level", argDescrip = 0x0}, {longName =
0x43325c "debug-to-files", shortName = 102 'f', argInfo = 0,
            arg = 0x64099c, val = 0, descrip = 0x433388 "Send the debug output
to files instead of stderr", argDescrip = 0x0}, {
            longName = 0x43326b "debug-timestamps", shortName = 0 '\000',
argInfo = 2, arg = 0x640860, val = 0,
            descrip = 0x43322d "Add debug timestamps", argDescrip = 0x0},
{longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0,
            val = 0, descrip = 0x0, argDescrip = 0x0}}
---Type <return> to continue, or q <return> to quit---
        __FUNCTION__ = "main"

Fields changed

blockedby: =>
blocking: =>
coverity: =>
milestone: NEEDS_TRIAGE => SSSD 1.8.0
patch: => 0
priority: major => blocker
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

owner: somebody => jhrozek

Fixed in 58e7599

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.8.0 (LTM)
7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2173

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
blocker
defect
SSSD
None
None
0
0
https://bugzilla.redhat.com/show_bug.cgi?id=771702
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.