After recent changes the ipa provider was broken.
The problem is in the code the looks at the rootdse, it assumed the
sudorule_map to be always available and unconditionally referenced that.
That map is configured only if sudo_provider = ldap is configure in the
ldap case, however it is never configured in the ipa case as a
sudo_provider = ipa has not been made available.
This may not be the ultimate way to fix the issue however because there
is no sudo provider for ipa there is no other workaround to avoid
sssd_be crashing so I pushed this patch under the onliner and unbreak
the ipa provider rule (yes I made that last one up :-D but I use it
daily so it is important to never completely break it for me).
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From 78e77f2d1ee0017e1e1c0bf5efe0e94a70930980 Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Sat, 30 Jun 2012 11:04:31 -0400
Subject: [PATCH] Fix segfault when sudo is not configured.
Sudo support is optional, when it is not configured sudorules_map is not
initialized and dereferencing it will cause a segmentation fault.
---
src/providers/ldap/sdap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index cc073412b12722051f9136e3b2be422241d994f7..65fbc8c1e79802bd5355a083434e5c88100b8c5a 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -994,7 +994,8 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
talloc_strdup(opts->service_map,
opts->gen_map[SDAP_AT_ENTRY_USN].name);
}
- if (!opts->sudorule_map[SDAP_AT_SUDO_USN].name) {
+ if (opts->sudorule_map &&
+ !opts->sudorule_map[SDAP_AT_SUDO_USN].name) {
opts->sudorule_map[SDAP_AT_SUDO_USN].name =
talloc_strdup(opts->sudorule_map,
opts->gen_map[SDAP_AT_ENTRY_USN].name);
--
1.7.10.4
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
