Learn more about these different git repos.
Other Git URLs
Introducing valid usernames with trailing newline characters triggers the removal of valid LDB cache entries
Reproducer:
ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1' ad1:*:1500:1500:ad1:/home/ad:/bin/bash ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries asq: Unable to register control with rootdse! # 1 entries
ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1 '
ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries asq: Unable to register control with rootdse! # 0 entries
This is an excerpt from the logs of the request with the newline char:
(Tue Feb 28 16:07:40 2017) [sssd[be[UBUNTU.TEST]]] [be_get_account_info] (0x0200): Got request for [0x1001][FAST BE_REQ_USER][1][name=ad1 ] (Tue Feb 28 16:08:33 2017) [sssd[be[UBUNTU.TEST]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=ad1 )(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][CN=Users,DC=ubuntu,DC=test]. (Tue Feb 28 16:08:33 2017) [sssd[be[UBUNTU.TEST]]] [sdap_get_users_done] (0x0040): Failed to retrieve users (Tue Feb 28 16:08:33 2017) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/UBUNTU.TEST/ad1 ] to negative cache (Tue Feb 28 16:08:33 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call
At this point, the ldb entry removal request for ad1 (without \n) takes place via sysdb_delete_user.
Adding '\n' to the character list in sss_filter_sanitize_ex() seems to fix this issue (see attachment).
I cannot see any attachment but suggestion make sense. We did something similar in ticket https://pagure.io/SSSD/sssd/issue/1955 Feel free to send a pull request on github https://github.com/SSSD/sssd/
We have not integrated CI with PR on pagure yet. We use pagure for tracking issue so far.
For some reason the patch wasn't attached.
Thanks for the info, I'll send a pull request.
thanks for the PR!
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.15.2
master:
sssd-1-14:
sssd-1-13:
Metadata Update from @lslebodn: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4350
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.