Date: Sat, 09 Dec 2023 14:40:59 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 275657] security/sssd: SSSD (sssd_be) core dumps on exit Message-ID: <bug-275657-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275657 Bug ID: 275657 Summary: security/sssd: SSSD (sssd_be) core dumps on exit Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: jhixson@FreeBSD.org Reporter: lloydsystems1@tpg.com.au Flags: maintainer-feedback?(jhixson@FreeBSD.org) Assignee: jhixson@FreeBSD.org Overview: SSSD is installed and working, connected to Active Directory (Windows Server 2016) by LDAP/Kerberos. However, SSSD core dumps (sssd_be.core) whenever the service is stopped. Steps to Reproduce: Start the SSSD service. Stop the SSSD service or shutdown the host. Actual Results: SSSD core dumps, leaving sssd_be.core file. The following entries are recorded in the various log files. /var/log/messages: <hostname> kernel: pid 63617 (sssd_be), jid 0, uid 0: exited on signal 11 (= core dumped) /var/log/sssd/sssd.log: [sssd] [monitor_quit_signal] (0x0040): Monitor received Terminated: termina= ting children [sssd] [monitor_quit] (0x0040): Returned with: 0 [sssd] [monitor_quit] (0x0020): Terminating [pam][63888] [sssd] [monitor_quit] (0x0020): Child [pam] exited gracefully [sssd] [monitor_quit] (0x0020): Terminating [nss][63806] [sssd] [monitor_quit] (0x0020): Child [nss] exited gracefully [sssd] [monitor_quit] (0x0020): Terminating [ad.example.com][63617] [sssd] [monitor_quit] (0x0020): Child [ad.example.com] terminated with a si= gnal /var/log/sssd/sssd_ad.example.com.log (with debug level 9): [sssd[be[ad.example.com]]] [sbus_remove_watch] (0x2000): 0x835eabb00/0x835e1c4c0 [sssd[be[ad.example.com]]] [sbus_remove_watch] (0x2000): 0x835eabb00/0x835e1c3c0 [sssd[be[ad.example.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x835e88b80 [sssd[be[ad.example.com]]] [sbus_dispatch] (0x0080): Connection is not open= for dispatching. [sssd[be[ad.example.com]]] [dp_client_destructor] (0x0400): Removed PAM cli= ent [sssd[be[ad.example.com]]] [sbus_remove_watch] (0x2000): 0x835eab240/0x835e1c840 [sssd[be[ad.example.com]]] [sbus_remove_watch] (0x2000): 0x835eab240/0x835e1c800 [sssd[be[ad.example.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x835e88540 [sssd[be[ad.example.com]]] [sbus_dispatch] (0x0080): Connection is not open= for dispatching. [sssd[be[ad.example.com]]] [dp_client_destructor] (0x0400): Removed NSS cli= ent [sssd[be[ad.example.com]]] [orderly_shutdown] (0x0010): SIGTERM: killing children [sssd[be[ad.example.com]]] [remove_krb5_info_files] (0x0200): Could not rem= ove [/var/db/sss/pubconf/kpasswdinfo.AD.EXAMPLE.COM], [2][No such file or directory] [sssd[be[ad.example.com]]] [remove_krb5_info_files] (0x0200): Could not rem= ove [/var/db/sss/pubconf/kdcinfo.AD.EXAMPLE.COM], [2][No such file or directory] [sssd[be[ad.example.com]]] [remove_krb5_info_files] (0x0200): Could not rem= ove [/var/db/sss/pubconf/kpasswdinfo.AD.EXAMPLE.COM], [2][No such file or directory] [sssd[be[ad.example.com]]] [be_ptask_destructor] (0x0400): Terminating peri= odic task [SUDO Smart Refresh] [sssd[be[ad.example.com]]] [be_ptask_destructor] (0x0400): Terminating peri= odic task [SUDO Full Refresh] [sssd[be[ad.example.com]]] [dp_terminate_active_requests] (0x0400): Termina= ting active data provider requests [sssd[be[ad.example.com]]] [sdap_handle_release] (0x2000): Trace: sh[0x835e60720], connected[1], ops[0x0], ldap[0x835e1d4b0], destructor_lock= [0], release_memory[0] [sssd[be[ad.example.com]]] [remove_connection_callback] (0x4000): Successfu= lly removed connection callback. Expected Results: SSSD should exit cleanly and not core dump. Additional Information: 1. SSSD works properly when running, but core dumps on exit. 2. SSSD is installed on three FreeBSD servers and all exhibit the core dump problem. 3. I have used SSSD on RHEL/CentOS with the AD provider. However, to use th= e AD provider on FreeBSD requires the sssd-smb package, which installs the full samba package as a dependency. This is undesireable as it leads to a much bigger installation and exposure to Samba bugs and security issues. The SSS= D AD provider does not require Samba to work; it only needs some of its shared libraries. This is a packaging issue that does not exist with RHEL/CentOS. 4. To avoid Samba, I installed the basic sssd package and changed the configuration to use LDAP/Kerberos providers. 5. The SSSD configuration (sssd.conf) is shown below with ad.example.com as= the AD domain. [sssd] config_file_version =3D 2 services =3D nss, pam domains =3D ad.example.com debug_level =3D 2 # ---------- [nss] ; enum_cache_timeout =3D 120 ; filter_users =3D root ; filter_groups =3D root fallback_homedir =3D /usr/home/%H/%u default_shell =3D /sbin/nologin ; reconnection_retries =3D 3 debug_level =3D 3 # ---------- [pam] offline_credentials_expiration =3D 7 ; reconnection_retries =3D 3 debug_level =3D 3 # ---------- [domain/ad.example.com] id_provider =3D ldap auth_provider =3D krb5 access_provider =3D ldap ; chpass_provider =3D krb5 selinux_provider =3D none krb5_server =3D dc.ad.example.com krb5_realm =3D AD.EXAMPLE.COM krb5_use_fast =3D try krb5_fast_principal =3D bsd$@AD.EXAMPLE.COM krb5_canonicalize =3D false ldap_uri =3D ldap://dc.ad.example.com ; ldap_sasl_authid =3D host/dc.ad.example.com@AD.EXAMPLE.COM ldap_sasl_authid =3D dc$@AD.EXAMPLE.COM ldap_sasl_mech =3D GSSAPI ldap_force_upper_case_realm =3D true ldap_search_base =3D dc=3Dad,dc=3Dexample,dc=3Dcom ldap_referrals =3D false ldap_access_order =3D filter, expire ldap_access_filter =3D (&(objectClass=3Duser) (primaryGroupID=3D513)) ldap_account_expire_policy =3D ad ldap_schema =3D ad ldap_user_object_class =3D user ; ldap_user_name =3D sAMAccountName ; ldap_user_primary_group =3D primaryGroupID ldap_user_gecos =3D displayName ldap_user_home_directory =3D unixHomeDirectory ; ldap_user_shell =3D loginShell ldap_user_principal =3D userPrincipalName ldap_group_object_class =3D group ldap_group_name =3D sAMAccountName ldap_group_member =3D member ldap_id_mapping =3D true homedir_substring =3D AD case_sensitive =3D preserving enumerate =3D true cache_credentials =3D true ; pwd_expiration_warning =3D 7 lookup_family_order =3D ipv4_only debug_level =3D 4 Software Versions: FreeBSD version 13.2-p4. sssd version 1.16.5_10 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275657-7788>