Null hostgroup or null service in HBAC rules may crash sssd_be during authentication when used in Identity Management / IdM / IPA
Issue
When SSSD is configured with HBAC rules and a hostgroup is null, or if a servicegroup is null, in some cases, the sssd_be process may seg fault on an IPA client during authentication.
Environment
Red Hat Enterprise Linux Server release 6.2 (Santiago)
Linux ipaserver1.example.com 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
IPA / Identity Management
ipa-server-2.1.3-9.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64
libipa_hbac-python-1.5.1-66.el6.x86_64
libipa_hbac-1.5.1-66.el6.x86_64
sssd-client-1.5.1-66.el6.x86_64
sssd-1.5.1-66.el6.x86_64
sssd-debuginfo-1.5.1-66.el6.x86_64
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
