Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=833789 (Fedora)
Description of problem: Version-Release number of selected component (if applicable): sssd-1.8.93-0.20120618T1837Zgitbb79e75.fc17.x86_64 How reproducible: Always Steps to Reproduce: (Not sure if this is related, but the case where crash was detected is) 1. # ipa sudorule-show sudorule1 --all --raw dn: ipauniqueid=8d023938-bac0-11e1-b429-525400951069,cn=sudorules,cn=sudo,dc= testrelm,dc=com cn: sudorule1 ipaenabledflag: TRUE memberhost: cn=hostgrp1,cn=hostgroups,cn=accounts,dc=testrelm,dc=com memberuser: uid=user1,cn=users,cn=accounts,dc=testrelm,dc=com ipauniqueid: 8d023938-bac0-11e1-b429-525400951069 objectclass: ipaassociation objectclass: ipasudorule 2. # ldapsearch -LLL -Y GSSAPI -b ou=SUDOers,dc=testrelm,dc=com SASL/GSSAPI authentication started SASL username: admin@TESTRELM.COM SASL SSF: 56 SASL data security layer installed. dn: ou=sudoers,dc=testrelm,dc=com objectClass: extensibleObject ou: sudoers dn: cn=sudorule1,ou=sudoers,dc=testrelm,dc=com objectClass: sudoRole sudoUser: user1 sudoHost: +hostgrp1 cn: sudorule1 3. [root@dhcp201-207 ~]# ssh -o StrictHostKeyChecking=no -l user1 dhcp201-207.testrelm.com user1@dhcp201-207.testrelm.com's password: Last login: Wed Jun 20 07:06:09 2012 from dhcp201-207.testrelm.com -sh-4.2$ 4. -sh-4.2$ sudo -l Actual results: /var/log/messages: Jun 20 07:06:17 dhcp201-207 kernel: [1039881.361685] sssd_nss[20374]: segfault at 20 ip 0000003af5e89d8d sp 00007fff523572d8 e rror 4 in libc-2.15.so[3af5e00000+1ac000] Jun 20 07:06:17 dhcp201-207 abrtd: Directory 'ccpp-2012-06-20-07:06:17-20374' creation detected Jun 20 07:06:17 dhcp201-207 abrt[20454]: Saved core dump of pid 20374 (/usr/libexec/sssd/sssd_nss) to /var/spool/abrt/ccpp-201 2-06-20-07:06:17-20374 (1142784 bytes) Jun 20 07:06:17 dhcp201-207 sssd[nss]: Starting up Expected results: No crash detected. Additional info: relevant sssd.conf: --8<-- [domain/testrelm.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = testrelm.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = dhcp201-207.testrelm.com chpass_provider = ipa ipa_server = dhcp201-207.testrelm.com ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, pam, ssh config_file_version = 2 domains = testrelm.com -->8-- sudo debug: -sh-4.2$ sudo -l LDAP Config Summary =================== uri ldap://dhcp201-207.testrelm.com ldap_version 3 sudoers_base ou=SUDOers,dc=testrelm,dc=com binddn uid=sudo,cn=sysaccounts,cn=etc,dc=testrelm,dc=com bindpw bind123 bind_timelimit 5 timelimit 15 ssl no tls_checkpeer (yes) tls_cacertfile /etc/ipa/ca.crt tls_cacertdir /etc/ipa =================== sudo: ldap_initialize(ld, ldap://dhcp201-207.testrelm.com) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_checkpeer -> 1 sudo: ldap_set_option: tls_cacertfile -> /etc/ipa/ca.crt sudo: ldap_set_option: tls_cacert -> /etc/ipa/ca.crt sudo: ldap_set_option: tls_cacertdir -> /etc/ipa sudo: ldap_set_option: timelimit -> 15 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5) sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=defaults: cn=defaults sudo: no default options found in ou=SUDOers,dc=testrelm,dc=com sudo: ldap search '(|(sudoUser=user1)(sudoUser=%user1)(sudoUser=ALL))' sudo: searching from base 'ou=SUDOers,dc=testrelm,dc=com' sudo: adding search result sudo: ldap sudoHost '+hostgrp1' ... not sudo: result now has 0 entries sudo: ldap search '(sudoUser=+*)' sudo: searching from base 'ou=SUDOers,dc=testrelm,dc=com' sudo: adding search result sudo: result now has 0 entries sudo: sorting remaining 0 entries sudo: perform search for pwflag 52 sudo: done with LDAP searches sudo: user_matches=1 sudo: host_matches=0 sudo: sudo_ldap_lookup(52)=0x42 [sudo] password for user1:
Backtrace sssd_nss_backtrace_2012-06-20
Fields changed
blockedby: => blocking: => coverity: => feature_milestone: => keywords: => Regression milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 3 owner: somebody => sgallagh patch: 0 => 1 priority: major => blocker status: new => assigned tests: => 0 testsupdated: => 0 upgrade: => 0
Don't think this is related to sudo since the same crash is detected while doing a "getent netgroup hostgrp1"
You are correct, Shanks. It was due to the recent patches to the name/domain parsing. A patch is on the sssd-devel list now.
summary: sssd_nss segfaults when sudo operation is performed. => sssd_nss segfaults performing netgroup lookups without a specified domain
Fixed by 4b0b0bc (master)
resolution: => fixed status: assigned => closed
Metadata Update from @sgallagh: - Issue assigned to sgallagh - Issue set to the milestone: SSSD 1.9.0 beta 3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2425
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.