** Description changed:
[Impact]
When running in a multithreaded environment each pthread that opens the
/var/lib/sss/pipes/nss socket retains the file descriptor in a thread
specific structure. This file descriptor should be closed when the
thread is destroyed but due to a bug it is left open thus generating the
leak.
[Test Plan]
Start two VMs. One will be a ldap client, the other will be a ldap
server.
On the server:
$ sudo apt install slapd ldap-utils
$ sudo dpkg-reconfigure slapd
Set DNS to example.com
$ ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn
dn: dc=example,dc=com
$ vim add_content.ldif
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups
dn: cn=miners,ou=Groups,dc=example,dc=com
objectClass: posixGroup
cn: miners
gidNumber: 5000
dn: uid=john,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 10000
gidNumber: 5000
userPassword: {CRYPT}x
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
$ ldapsearch -x -LLL -b dc=example,dc=com '(uid=john)' cn gidNumber
dn: uid=john,ou=People,dc=example,dc=com
cn: John Doe
gidNumber: 5000
$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif
$ ldappasswd -x -D cn=admin,dc=example,dc=com -W -S
uid=john,ou=people,dc=example,dc=com
New password:
Re-enter new password:
Enter LDAP Password:
On the client, open /etc/hosts and add:
$ sudo vim /etc/hosts
192.168.122.150 ldap01.example.com
+ $ sudo apt install sssd
$ sudo vim /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
domains = example.com
[domain/example.com]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://ldap01.example.com
cache_credentials = True
ldap_search_base = dc=example,dc=com
$ sudo chmod 600 /etc/sssd/sssd.conf
$ sudo systemctl restart sssd
$ getent passwd john
john:*:10000:5000:John Doe:/home/john:/bin/bash
Now we are set up for nss, try the reproducer:
This code generates many threads that open the mentioned socket.
- $ sudo apt install sssd build-essential
+ $ sudo apt install build-essential
$ cat > test_code.c < EOF
#include <pwd.h>
#include <unistd.h>
#include <pthread.h>
static void *client(void *arg)
{
int i = *((int *)arg);
struct passwd pwd;
char buf[10000];
struct passwd *r;
getpwuid_r(i, &pwd, buf, 10000, &r);
return NULL;
}
int main(void)
{
pthread_t thread;
int arg;
void *t_ret;
for (int i = 0; i < 1000; ++i) {
arg = 100000+i;
pthread_create(&thread, NULL, client, &arg);
pthread_join(thread, &t_ret);
}
while (1) {
sleep(1);
}
return 0;
}
EOF
$ gcc -o test_code test_code.c -lpthread
$ ./test_code
The file descriptor leak problem can be tested by compiling this code as
a test_code binary for example and running
$ lsof -p `pidof test_code` | wc -l
1015
The count can reach more than a thousand when should not be bigger than
around 20 normally.
[Where problems could occur]
The patched code correctly accesses the thread specific structure to get
the file descriptor and close the socket. Previously it just considered
the structure was null and did nothing. The only new problems that could
occur are related to the closing of the socket but that would be not
worse than the previous situation.
If a regression were to occur this would affect most sssd users, as it
is in the core sssd component, and not any subcomponents. Worst case, it
would affect fd leaks, leading to intermittent crashes when they hit
rlimits.
[Other Info]
This bug only affects Noble. This is the original github issue that was
patched:
https://github.com/SSSD/sssd/issues/7189
Fixed in commit:
commit b439847bc88ad7b89f0596af822c0ffbf2a579df
From: Sumit Bose <sb...@redhat.com>
Date: Tue, 23 Jan 2024 09:28:26 +0100
Subject: sss-client: handle key value in destructor
Link: https://github.com/SSSD/sssd/commit/b439847
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085389
Title:
File descriptor leak on /var/lib/sss/pipes/nss socket
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2085389/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
