From nobody Sat Dec 09 14:40:59 2023 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SnW0D015Qz5465B for ; Sat, 9 Dec 2023 14:41:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SnW0C5czjz3W2M for ; Sat, 9 Dec 2023 14:40:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1702132859; a=rsa-sha256; cv=none; b=MJqO0Wwcc9VaVvq/GEdpwDU1ko41K+lqU1D2xDUsbhnQMTmtuf2iXjPmR3WzcFyB0zK9WC PY4HZA7XlIsqCqD6dG3OeVUuXOiV5dmISR2Mu4Py2+DnzKUhFC7DIg2DdUX+w3fuCrWwsa Xck/W4cO/Dds+UhLLjoUxFoetdfNrBAlsM5PsqgH8mvbBQ8BNptwDiGu0omFPgXX5r3+CV /NiJT9i2F2UZIScvnV1tdTQ4GRdKDxzAJHkngj10bX/FiZ6vra8kCdh+RZKzyGGz21AV9m QiYew7bnnwKk/V1PQOibqGmMWUir5kj6v2WvogS6pEgfbbEtOH1uDFYcsp1pvw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1702132859; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oOmJ1wCgJnqenc8bqzy2HL0dXILq/VDzFuflh0NpbAA=; b=gv5b0UHx85xqTFAJVseXY4U4CCqKsLjlp2JCQLbI/IxY3eVhV9J+cGQaZCIybhlcgOqqDw e0NPscb0QXIK88rgJHswB+1uL7J0nNZJG82g37GRklfwmylgGyKLwSsRt3YNtLHZTtwyaL wrrrX6HvTT0LpmhXtO8/HeHYNDkCBizqwcNRIqOOa75x+JuKktJaOiKKmEpcrDVyyP/nFs eKpPMqq/yWcghO99AAcI0IBOlCmw/gQLmnreKgKHZSO0Rspr0Tyw75sA4RHwz6vHO4B8fY HmsHE0GSBVvO+XJMESIB/sQbXIGdeleYOr3hDdiQf9OLg6rVstun01qQkGrs8w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SnW0C4jmbz17nD for ; Sat, 9 Dec 2023 14:40:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3B9Eexug014645 for ; Sat, 9 Dec 2023 14:40:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3B9EexV2014643 for ports-bugs@FreeBSD.org; Sat, 9 Dec 2023 14:40:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 275657] security/sssd: SSSD (sssd_be) core dumps on exit Date: Sat, 09 Dec 2023 14:40:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: lloydsystems1@tpg.com.au X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jhixson@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275657 Bug ID: 275657 Summary: security/sssd: SSSD (sssd_be) core dumps on exit Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: jhixson@FreeBSD.org Reporter: lloydsystems1@tpg.com.au Flags: maintainer-feedback?(jhixson@FreeBSD.org) Assignee: jhixson@FreeBSD.org Overview: SSSD is installed and working, connected to Active Directory (Windows Server 2016) by LDAP/Kerberos. However, SSSD core dumps (sssd_be.core) whenever the service is stopped. Steps to Reproduce: Start the SSSD service. Stop the SSSD service or shutdown the host. Actual Results: SSSD core dumps, leaving sssd_be.core file. The following entries are recorded in the various log files. /var/log/messages: kernel: pid 63617 (sssd_be), jid 0, uid 0: exited on signal 11 (= core dumped) /var/log/sssd/sssd.log: [sssd] [monitor_quit_signal] (0x0040): Monitor received Terminated: termina= ting children [sssd] [monitor_quit] (0x0040): Returned with: 0 [sssd] [monitor_quit] (0x0020): Terminating [pam][63888] [sssd] [monitor_quit] (0x0020): Child [pam] exited gracefully [sssd] [monitor_quit] (0x0020): Terminating [nss][63806] [sssd] [monitor_quit] (0x0020): Child [nss] exited gracefully [sssd] [monitor_quit] (0x0020): Terminating [ad.example.com][63617] [sssd] [monitor_quit] (0x0020): Child [ad.example.com] terminated with a si= gnal /var/log/sssd/sssd_ad.example.com.log (with debug level 9): [sssd[be[ad.example.com]]] [sbus_remove_watch] (0x2000): 0x835eabb00/0x835e1c4c0 [sssd[be[ad.example.com]]] [sbus_remove_watch] (0x2000): 0x835eabb00/0x835e1c3c0 [sssd[be[ad.example.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x835e88b80 [sssd[be[ad.example.com]]] [sbus_dispatch] (0x0080): Connection is not open= for dispatching. [sssd[be[ad.example.com]]] [dp_client_destructor] (0x0400): Removed PAM cli= ent [sssd[be[ad.example.com]]] [sbus_remove_watch] (0x2000): 0x835eab240/0x835e1c840 [sssd[be[ad.example.com]]] [sbus_remove_watch] (0x2000): 0x835eab240/0x835e1c800 [sssd[be[ad.example.com]]] [sbus_dispatch] (0x4000): dbus conn: 0x835e88540 [sssd[be[ad.example.com]]] [sbus_dispatch] (0x0080): Connection is not open= for dispatching. [sssd[be[ad.example.com]]] [dp_client_destructor] (0x0400): Removed NSS cli= ent [sssd[be[ad.example.com]]] [orderly_shutdown] (0x0010): SIGTERM: killing children [sssd[be[ad.example.com]]] [remove_krb5_info_files] (0x0200): Could not rem= ove [/var/db/sss/pubconf/kpasswdinfo.AD.EXAMPLE.COM], [2][No such file or directory] [sssd[be[ad.example.com]]] [remove_krb5_info_files] (0x0200): Could not rem= ove [/var/db/sss/pubconf/kdcinfo.AD.EXAMPLE.COM], [2][No such file or directory] [sssd[be[ad.example.com]]] [remove_krb5_info_files] (0x0200): Could not rem= ove [/var/db/sss/pubconf/kpasswdinfo.AD.EXAMPLE.COM], [2][No such file or directory] [sssd[be[ad.example.com]]] [be_ptask_destructor] (0x0400): Terminating peri= odic task [SUDO Smart Refresh] [sssd[be[ad.example.com]]] [be_ptask_destructor] (0x0400): Terminating peri= odic task [SUDO Full Refresh] [sssd[be[ad.example.com]]] [dp_terminate_active_requests] (0x0400): Termina= ting active data provider requests [sssd[be[ad.example.com]]] [sdap_handle_release] (0x2000): Trace: sh[0x835e60720], connected[1], ops[0x0], ldap[0x835e1d4b0], destructor_lock= [0], release_memory[0] [sssd[be[ad.example.com]]] [remove_connection_callback] (0x4000): Successfu= lly removed connection callback. Expected Results: SSSD should exit cleanly and not core dump. Additional Information: 1. SSSD works properly when running, but core dumps on exit. 2. SSSD is installed on three FreeBSD servers and all exhibit the core dump problem. 3. I have used SSSD on RHEL/CentOS with the AD provider. However, to use th= e AD provider on FreeBSD requires the sssd-smb package, which installs the full samba package as a dependency. This is undesireable as it leads to a much bigger installation and exposure to Samba bugs and security issues. The SSS= D AD provider does not require Samba to work; it only needs some of its shared libraries. This is a packaging issue that does not exist with RHEL/CentOS. 4. To avoid Samba, I installed the basic sssd package and changed the configuration to use LDAP/Kerberos providers. 5. The SSSD configuration (sssd.conf) is shown below with ad.example.com as= the AD domain. [sssd] config_file_version =3D 2 services =3D nss, pam domains =3D ad.example.com debug_level =3D 2 # ---------- [nss] ; enum_cache_timeout =3D 120 ; filter_users =3D root ; filter_groups =3D root fallback_homedir =3D /usr/home/%H/%u default_shell =3D /sbin/nologin ; reconnection_retries =3D 3 debug_level =3D 3 # ---------- [pam] offline_credentials_expiration =3D 7 ; reconnection_retries =3D 3 debug_level =3D 3 # ---------- [domain/ad.example.com] id_provider =3D ldap auth_provider =3D krb5 access_provider =3D ldap ; chpass_provider =3D krb5 selinux_provider =3D none krb5_server =3D dc.ad.example.com krb5_realm =3D AD.EXAMPLE.COM krb5_use_fast =3D try krb5_fast_principal =3D bsd$@AD.EXAMPLE.COM krb5_canonicalize =3D false ldap_uri =3D ldap://dc.ad.example.com ; ldap_sasl_authid =3D host/dc.ad.example.com@AD.EXAMPLE.COM ldap_sasl_authid =3D dc$@AD.EXAMPLE.COM ldap_sasl_mech =3D GSSAPI ldap_force_upper_case_realm =3D true ldap_search_base =3D dc=3Dad,dc=3Dexample,dc=3Dcom ldap_referrals =3D false ldap_access_order =3D filter, expire ldap_access_filter =3D (&(objectClass=3Duser) (primaryGroupID=3D513)) ldap_account_expire_policy =3D ad ldap_schema =3D ad ldap_user_object_class =3D user ; ldap_user_name =3D sAMAccountName ; ldap_user_primary_group =3D primaryGroupID ldap_user_gecos =3D displayName ldap_user_home_directory =3D unixHomeDirectory ; ldap_user_shell =3D loginShell ldap_user_principal =3D userPrincipalName ldap_group_object_class =3D group ldap_group_name =3D sAMAccountName ldap_group_member =3D member ldap_id_mapping =3D true homedir_substring =3D AD case_sensitive =3D preserving enumerate =3D true cache_credentials =3D true ; pwd_expiration_warning =3D 7 lookup_family_order =3D ipv4_only debug_level =3D 4 Software Versions: FreeBSD version 13.2-p4. sssd version 1.16.5_10 --=20 You are receiving this mail because: You are the assignee for the bug.=