Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-68369

sssd backend process segfaults when krb5.conf is invalid

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-9.6
    • rhel-9.5
    • sssd
    • No
    • Moderate
    • ZStream
    • rhel-sst-idm-sssd
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • Approved Blocker
    • Unspecified
    • None

      What were you trying to do that didn't work?

      I created the file:

      [realms]
  IPA.ROBOTS.ORG.UK = {
    pkinit_revoke = FILE:/var/local/pki/crl/ipa-ca.crl
    pkinit_require_crl_checking = true
  }
}

      which is invalid (because of the second } character).

      This causes sssd to segfault:

      Starting System Security Services Daemon...                                     Starting up                                                                     Starting up                                                                     Failed to init Kerberos context [Improper format of Kerberos configuration file]
Process 495435 (sssd_be) of user 0 dumped core.Stack trace of thread 495435:
#0  0x00007f02c1b46876 krb5_kt_default_name (libkrb5.so.3 + 0x76876)
#1  0x00007f02c01ee165 sss_printable_keytab_name (libsss_krb5_common.so + 0x16165)
#2  0x00007f02c01efe5c select_principal_from_keytab (libsss_krb5_common.so + 0x17e5c)
#3  0x00007f02c05e77fa sdap_set_sasl_options (libsss_ldap_common.so + 0x1b7fa)
#4  0x00007f02c0710d89 ipa_get_id_options (libsss_ipa.so + 0x1cd89)
#5  0x00007f02c071425e sssm_ipa_init (libsss_ipa.so + 0x2025e)
#6  0x00005648959f36f5 dp_load_module (sssd_be + 0x126f5)
#7  0x00005648959f3f7a dp_init_targets (sssd_be + 0x12f7a)
#8  0x00005648959f4686 dp_init_done (sssd_be + 0x13686)
#9  0x00007f02c2f22f2f sbus_connect_init_done (libsss_sbus.so + 0x18f2f)
#10 0x00007f02c2f2579d sbus_method_in_su_out_u_done (libsss_sbus.so + 0x1b79d)
#11 0x00007f02c2ea6b4a complete_pending_call_and_unlock.lto_priv.0 (libdbus-1.so.3 + 0x16b4a)
#12 0x00007f02c2eaafec dbus_connection_dispatch (libdbus-1.so.3 + 0x1afec)
#13 0x00007f02c2f23adf sbus_dispatch (libsss_sbus.so + 0x19adf)
#14 0x00007f02c2f018cd tevent_common_invoke_timer_handler (libtevent.so.0 + 0xf8cd)
#15 0x00007f02c2f01ae0 tevent_common_loop_timer_delay (libtevent.so.0 + 0xfae0)
#16 0x00007f02c2f0237c epoll_event_loop_once (libtevent.so.0 + 0x1037c)
#17 0x00007f02c2ef982b std_event_loop_once (libtevent.so.0 + 0x782b)
#18 0x00007f02c2efb368 _tevent_loop_once (libtevent.so.0 + 0x9368)
#19 0x00007f02c2efb48b tevent_common_loop_wait (libtevent.so.0 + 0x948b)
#20 0x00007f02c2ef989b std_event_loop_wait (libtevent.so.0 + 0x789b)
#21 0x00007f02c301e227 server_loop (libsss_util.so + 0x50227)
#22 0x00005648959eac1a main (sssd_be + 0x9c1a)
#23 0x00007f02c2c295d0 __libc_start_call_main (libc.so.6 + 0x295d0)
#24 0x00007f02c2c29680 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x29680)
#25 0x00005648959eadb5 _start (sssd_be + 0x9db5)
ELF object binary architecture: AMD x86-64

Starting up
Exiting the SSSD. Could not restart critical service [ipa.robots.org.uk].

      What is the impact of this issue to you?

      Low

      Please provide the package NVR for which the bug is seen:

      sssd-common-2.9.5-4.el9_5.1.x86_64

      How reproducible is this bug?:

      Very

      Steps to reproduce

      1. Create config file as above
      2. Start sssd

      Expected results

      No segfault.

      Actual results

      Setfault!

              sbose@redhat.com Sumit Bose
              staticyrro7 Sam Morris
              SSSD Maintainers SSSD Maintainers
              SSSD QE SSSD QE
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: