On Wed, Dec 10, 2014 at 10:44:32AM +0100, Pavel Reichl wrote:
>
> On 12/09/2014 01:36 PM, Sumit Bose wrote:
> >On Tue, Nov 25, 2014 at 03:42:14PM +0100, Pavel Reichl wrote:
> >>Hello,
> >>
> >>please see attached patch for
https://fedorahosted.org/sssd/ticket/2492
> >>
> >>Thanks!
> >Hi Pavel,
> >
> >thank you for the patch, it works well in my tests and I didn't see any
> >regressions in IPA setup with and without trsut to AD, so ACK.
> >
> >I would just like to ask you to add a comment to
> >
> >>@@ -842,6 +913,23 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,
> >> goto fail;
> >> }
> >> }
> >>+ if (opts->schema_type == SDAP_SCHEMA_IPA_V1) {
> >>+ ret = sysdb_attrs_get_string(attrs, SYSDB_SID_STR, &group_sid);
> >>+ if (ret != EOK) {
> >>+ DEBUG(SSSDBG_TRACE_FUNC, "Failed to get group
sid\n");
> >>+ group_sid = NULL;
> >>+ }
> >>+
> >>+ if (group_sid != NULL) {
> >>+ ret = retain_extern_members(memctx, dom, group_name, group_sid,
> >>+ &userdns, &nuserdns);
> >>+ if (ret != EOK) {
> >>+ DEBUG(SSSDBG_MINOR_FAILURE,
> >>+ "retain_extern_members failed: %d:[%s].\n",
> >>+ ret, sss_strerror(ret));
> >>+ }
> >>+ }
> >>+ }
> >which explains that this is a temporary solution until the IPA provider
> >can resolve external group membership. I have created
> >https://fedorahosted.org/sssd/ticket/2522 for this. Feel free to
> >explicitly add the ticket URL into the comment.
> >
> >bye,
> >Sumit
> Thanks for review.
> Please see updated patch.
>
Thank you, ACK.
NACK, sssd crashed with this patch.
How to reproduce:
sssd with ipa server mode:
id admin(a)rdustv1911.test //ipa admin
id aduser1(a)ipaad2012r2.test // aduser
id aduser2(a)ipaad2012r2.test
sss_cache -E
id aduser1(a)ipaad2012r2.test // aduser
==14009== Use of uninitialised value of size 8
==14009== at 0x13ABE6B7: retain_extern_members (sdap_async_groups.c:864)
==14009== by 0x13ABE6B7: sdap_save_grpmem (sdap_async_groups.c:929)
==14009== by 0x13ABE6B7: sdap_save_groups (sdap_async_groups.c:1094)
==14009== by 0x13AC09CC: sdap_nested_done (sdap_async_groups.c:2305)
==14009== by 0x13AC3E35: sdap_nested_group_process_done
(sdap_async_nested_groups.c:994)
==14009== by 0x54BB7E3: tevent_common_loop_immediate (in
/usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54C00CD: ??? (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BE7D6: ??? (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BAFBC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BB15A: tevent_common_loop_wait (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BE776: ??? (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x52904A2: server_loop (server.c:668)
==14009== by 0x10E971: main (data_provider_be.c:2915)
==14009==
==14009== Use of uninitialised value of size 8
==14009== at 0x4C2CB62: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14009== by 0x13ABEEF7: has_member (sdap_async_groups.c:200)
==14009== by 0x13ABEEF7: link_pgroup_members (sdap_async_groups.c:222)
==14009== by 0x13ABEEF7: sdap_fill_memberships (sdap_async_groups.c:331)
==14009== by 0x13ABEEF7: sdap_save_grpmem (sdap_async_groups.c:961)
==14009== by 0x13ABEEF7: sdap_save_groups (sdap_async_groups.c:1094)
==14009== by 0x13AC09CC: sdap_nested_done (sdap_async_groups.c:2305)
==14009== by 0x13AC3E35: sdap_nested_group_process_done
(sdap_async_nested_groups.c:994)
==14009== by 0x54BB7E3: tevent_common_loop_immediate (in
/usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54C00CD: ??? (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BE7D6: ??? (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BAFBC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BB15A: tevent_common_loop_wait (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BE776: ??? (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x52904A2: server_loop (server.c:668)
==14009== by 0x10E971: main (data_provider_be.c:2915)
==14009==
==14009== Invalid read of size 1
==14009== at 0x4C2CB62: strlen (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14009== by 0x13ABEEF7: has_member (sdap_async_groups.c:200)
==14009== by 0x13ABEEF7: link_pgroup_members (sdap_async_groups.c:222)
==14009== by 0x13ABEEF7: sdap_fill_memberships (sdap_async_groups.c:331)
==14009== by 0x13ABEEF7: sdap_save_grpmem (sdap_async_groups.c:961)
==14009== by 0x13ABEEF7: sdap_save_groups (sdap_async_groups.c:1094)
==14009== by 0x13AC09CC: sdap_nested_done (sdap_async_groups.c:2305)
==14009== by 0x13AC3E35: sdap_nested_group_process_done
(sdap_async_nested_groups.c:994)
==14009== by 0x54BB7E3: tevent_common_loop_immediate (in
/usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54C00CD: ??? (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BE7D6: ??? (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BAFBC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BB15A: tevent_common_loop_wait (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x54BE776: ??? (in /usr/lib64/libtevent.so.0.9.21)
==14009== by 0x52904A2: server_loop (server.c:668)
==14009== by 0x10E971: main (data_provider_be.c:2915)
==14009== Address 0xdededede is not stack'd, malloc'd or (recently) free'd
LS