← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1669712] Re: Newline characters (\n) must be sanitized before LDAP requests take place.

 

This bug was fixed in the package sssd - 1.11.8-0ubuntu0.6

---------------
sssd (1.11.8-0ubuntu0.6) trusty; urgency=medium

  * d/p/pidfile-creation.diff: Delay the pidfile creation until the
    responders are up (LP: #1566508)
  * d/p/sanitize_newline.diff: Sanitize newline and carriage return
    characters before LDAP queries. (LP: #1669712)

 -- Victor Tapia <victor.tapia@xxxxxxxxxxxxx>  Fri, 24 Mar 2017 11:26:41
+0100

** Changed in: sssd (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1669712

Title:
  Newline characters (\n) must be sanitized before LDAP requests take
  place.

Status in sssd package in Ubuntu:
  Triaged
Status in sssd source package in Trusty:
  Fix Released
Status in sssd source package in Xenial:
  Fix Released
Status in sssd source package in Yakkety:
  Fix Released

Bug description:
  [Impact]

   * When a username with a trailing newline or carriage return
  character is used for authentication, the malformed LDAP query will
  return that the username does not exist and then the username will be
  erased from the LDB cache.

  [Test Case]

   1. While the provider is online, request a valid user and confirm
  it's cached:

  ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1'
  ad1:*:1500:1500:ad1:/home/ad:/bin/bash

  ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
  asq: Unable to register control with rootdse!
  # 1 entries

   2. Request an invalid username:
  ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1
  '

   3. Confirm the cache entry has disappeared:
  ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
  asq: Unable to register control with rootdse!
  # 0 entries

  [Regression Potential]

   * None, the sanitizer code is just extended for these two characters

  [Other Info]

   * Upstream bug: https://pagure.io/SSSD/sssd/issue/3317
   * Fix has been merged upstream 


  [Original Description]

  Introducing valid usernames with trailing newline characters triggers
  the removal of valid LDB cache entries

  Reproducer:

  1. Request a valid user and confirm it's cached:
  ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1'
  ad1:*:1500:1500:ad1:/home/ad:/bin/bash

  ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
  asq: Unable to register control with rootdse!
  # 1 entries

  2. Request an invalid username:
  ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1
  '

  3. Confirm the cache entry has disappeared:
  ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
  asq: Unable to register control with rootdse!
  # 0 entries

  This is an excerpt from the logs of the request with the newline char:

  (Tue Feb 28 16:07:40 2017) [sssd[be[UBUNTU.TEST]]] [be_get_account_info] (0x0200): Got request for [0x1001][FAST BE_REQ_USER][1][name=ad1
  ]

  (Tue Feb 28 16:08:33 2017) [sssd[be[UBUNTU.TEST]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=ad1
  )(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][CN=Users,DC=ubuntu,DC=test].
  (Tue Feb 28 16:08:33 2017) [sssd[be[UBUNTU.TEST]]] [sdap_get_users_done] (0x0040): Failed to retrieve users
  (Tue Feb 28 16:08:33 2017) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/UBUNTU.TEST/ad1
  ] to negative cache
  (Tue Feb 28 16:08:33 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call

  At this point, the ldb entry removal request for ad1 (without \n)
  takes place via sysdb_delete_user.

  Adding '\n' to the character list in sss_filter_sanitize_ex() seems to
  fix this issue.

  Upstream bug: https://pagure.io/SSSD/sssd/issue/3317

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1669712/+subscriptions