group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1669712] Re: Newline characters (\n) must be sanitized before LDAP requests take place.

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Andy Whitcroft <apw@xxxxxxxxxxxxx>
Date: Mon, 22 May 2017 14:44:36 -0000
Reply-to: Bug 1669712 <1669712@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Hello Victor, or anyone else affected,

Accepted sssd into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/sssd/1.11.8-0ubuntu0.6
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Also affects: sssd (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Changed in: sssd (Ubuntu Trusty)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1669712

Title:
  Newline characters (\n) must be sanitized before LDAP requests take
  place.

Status in sssd package in Ubuntu:
  Triaged
Status in sssd source package in Trusty:
  Fix Committed
Status in sssd source package in Xenial:
  Fix Released
Status in sssd source package in Yakkety:
  Fix Released

Bug description:
  [Impact]

   * When a username with a trailing newline or carriage return
  character is used for authentication, the malformed LDAP query will
  return that the username does not exist and then the username will be
  erased from the LDB cache.

  [Test Case]

   1. While the provider is online, request a valid user and confirm
  it's cached:

  ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1'
  ad1:*:1500:1500:ad1:/home/ad:/bin/bash

  ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
  asq: Unable to register control with rootdse!
  # 1 entries

   2. Request an invalid username:
  ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1
  '

   3. Confirm the cache entry has disappeared:
  ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
  asq: Unable to register control with rootdse!
  # 0 entries

  [Regression Potential]

   * None, the sanitizer code is just extended for these two characters

  [Other Info]

   * Upstream bug: https://pagure.io/SSSD/sssd/issue/3317
   * Fix has been merged upstream 


  [Original Description]

  Introducing valid usernames with trailing newline characters triggers
  the removal of valid LDB cache entries

  Reproducer:

  1. Request a valid user and confirm it's cached:
  ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1'
  ad1:*:1500:1500:ad1:/home/ad:/bin/bash

  ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
  asq: Unable to register control with rootdse!
  # 1 entries

  2. Request an invalid username:
  ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1
  '

  3. Confirm the cache entry has disappeared:
  ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
  asq: Unable to register control with rootdse!
  # 0 entries

  This is an excerpt from the logs of the request with the newline char:

  (Tue Feb 28 16:07:40 2017) [sssd[be[UBUNTU.TEST]]] [be_get_account_info] (0x0200): Got request for [0x1001][FAST BE_REQ_USER][1][name=ad1
  ]

  (Tue Feb 28 16:08:33 2017) [sssd[be[UBUNTU.TEST]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=ad1
  )(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][CN=Users,DC=ubuntu,DC=test].
  (Tue Feb 28 16:08:33 2017) [sssd[be[UBUNTU.TEST]]] [sdap_get_users_done] (0x0040): Failed to retrieve users
  (Tue Feb 28 16:08:33 2017) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/UBUNTU.TEST/ad1
  ] to negative cache
  (Tue Feb 28 16:08:33 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call

  At this point, the ldb entry removal request for ad1 (without \n)
  takes place via sysdb_delete_user.

  Adding '\n' to the character list in sss_filter_sanitize_ex() seems to
  fix this issue.

  Upstream bug: https://pagure.io/SSSD/sssd/issue/3317

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1669712/+subscriptions