[Bug 1771805] Re: AD keytab renewal task leaks a file descriptor

Launchpad Bug Tracker 1771805 at bugs.launchpad.net
Thu Jun 7 15:24:38 UTC 2018 

This bug was fixed in the package sssd - 1.13.4-1ubuntu1.11

---------------
sssd (1.13.4-1ubuntu1.11) xenial; urgency=medium

  * d/p/fix-ad-passwd-renewal-fd-leak.diff: Fix fd leak triggered by the AD
    machine password renewal task (LP: #1771805).

 -- Victor Tapia <victor.tapia at canonical.com>  Thu, 17 May 2018 12:49:25
+0200

** Changed in: sssd (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1771805

Title:
  AD keytab renewal task leaks a file descriptor

Status in sssd package in Ubuntu:
  Fix Released
Status in sssd source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  When SSSD tries to renew the machine password, a write_to_child_fd is
  open but never closed, leaking a descriptor per request until it hits
  the limit and SSSD stops.

  [Test Case]

  1. With an AD deployed, and having the machine registered, include the
  following option in sssd.conf:

  # This option should only be used to test the machine account renewal task. The option expect 2 integers seperated by a colon (':'). The first integer defines the interval in
  # seconds how often the task is run. The second specifies the inital timeout in seconds before the task is run for the first time after startup.
  # Default: 86400:750 (24h and 15m)
  ad_machine_account_password_renewal_opts = 5:5

  2. Restart the service and monitor the use of descriptors:

  root at sssd-xenial:/home/ubuntu# while true; do ll /proc/$(pidof sssd_be)/fd | wc -l; sleep 60; done
  38
  50
  62
  74
  86
  98
  110
  122
  134
  146
  158
  170
  182
  194
  206
  217
  229
  ^C

  [Regression potential]

  * Small, the fix comes from upstream and it's been present for some time.
  * A fd could still leak, or the AD machine password renewal could stop working.

  [Other info]

  The bug is reported and fixed upstream:
  https://pagure.io/SSSD/sssd/issue/3017

  Upstream fix commit:
  https://pagure.io/SSSD/sssd/c/312d211e03b9f3769a0362f1767cc59792e32746

  Trusty is not affected (feat not implemented) and A/B/C already
  include the fix :

  $ git describe 312d211e03b9f3769a0362f1767cc59792e32746
  sssd-1_13_4-10-g312d211e0

  $ rmadison sssd
  ==> sssd | 1.13.4-1ubuntu1.10 | xenial-updates
      sssd | 1.15.3-2ubuntu1    | artful
      sssd | 1.16.1-1ubuntu1    | bionic
      sssd | 1.16.1-1ubuntu1    | cosmic
      sssd | 1.16.1-1ubuntu3    | cosmic-proposed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1771805/+subscriptions

More information about the Ubuntu-sponsors mailing list