group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #13675
[Bug 1669712] Re: Newline characters (\n) must be sanitized before LDAP requests take place.
Fixed in sssd 1.15.2 upstream (which is in 17.04 and 17.10).
** Changed in: sssd (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1669712
Title:
Newline characters (\n) must be sanitized before LDAP requests take
place.
Status in sssd package in Ubuntu:
Fix Released
Status in sssd source package in Trusty:
Fix Released
Status in sssd source package in Xenial:
Fix Released
Status in sssd source package in Yakkety:
Fix Released
Bug description:
[Impact]
* When a username with a trailing newline or carriage return
character is used for authentication, the malformed LDAP query will
return that the username does not exist and then the username will be
erased from the LDB cache.
[Test Case]
1. While the provider is online, request a valid user and confirm
it's cached:
ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1'
ad1:*:1500:1500:ad1:/home/ad:/bin/bash
ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
asq: Unable to register control with rootdse!
# 1 entries
2. Request an invalid username:
ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1
'
3. Confirm the cache entry has disappeared:
ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
asq: Unable to register control with rootdse!
# 0 entries
[Regression Potential]
* None, the sanitizer code is just extended for these two characters
[Other Info]
* Upstream bug: https://pagure.io/SSSD/sssd/issue/3317
* Fix has been merged upstream
[Original Description]
Introducing valid usernames with trailing newline characters triggers
the removal of valid LDB cache entries
Reproducer:
1. Request a valid user and confirm it's cached:
ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1'
ad1:*:1500:1500:ad1:/home/ad:/bin/bash
ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
asq: Unable to register control with rootdse!
# 1 entries
2. Request an invalid username:
ubuntu@ubuntu:~⟫ sudo sss_cache -E; getent passwd 'ad1
'
3. Confirm the cache entry has disappeared:
ubuntu@ubuntu:~⟫ sudo ldbsearch -H /var/lib/sss/db/cache_UBUNTU.TEST.ldb -b name=ad1,cn=users,cn=UBUNTU.TEST,cn=sysdb | grep entries
asq: Unable to register control with rootdse!
# 0 entries
This is an excerpt from the logs of the request with the newline char:
(Tue Feb 28 16:07:40 2017) [sssd[be[UBUNTU.TEST]]] [be_get_account_info] (0x0200): Got request for [0x1001][FAST BE_REQ_USER][1][name=ad1
]
(Tue Feb 28 16:08:33 2017) [sssd[be[UBUNTU.TEST]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=ad1
)(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][CN=Users,DC=ubuntu,DC=test].
(Tue Feb 28 16:08:33 2017) [sssd[be[UBUNTU.TEST]]] [sdap_get_users_done] (0x0040): Failed to retrieve users
(Tue Feb 28 16:08:33 2017) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/UBUNTU.TEST/ad1
] to negative cache
(Tue Feb 28 16:08:33 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call
At this point, the ldb entry removal request for ad1 (without \n)
takes place via sysdb_delete_user.
Adding '\n' to the character list in sss_filter_sanitize_ex() seems to
fix this issue.
Upstream bug: https://pagure.io/SSSD/sssd/issue/3317
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1669712/+subscriptions