#VERIFICATION FOR XENIAL (1.13.4-1ubuntu1.5)
Using the following script to test "faulty" users (with trailing /r /n):
ubuntu@vtapia-xenial:~$ cat san.sh #!/bin/bash
echo '- SSSD version' dpkg -l | grep sssd-common
echo '- Query "user1"' sss_cache -E; getent passwd 'user1' ldbsearch -H /var/lib/sss/db/cache_openstacklocal.ldb -b name=user1,cn=users,cn=openstacklocal,cn=sysdb 2>&1 | grep entries
echo '- Query "user1\n"' sudo sss_cache -E; getent passwd 'user1 ' ldbsearch -H /var/lib/sss/db/cache_openstacklocal.ldb -b name=user1,cn=users,cn=openstacklocal,cn=sysdb 2>&1 | grep entries
echo '- Query "user1\r"' sudo sss_cache -E; getent passwd $(echo -e "user1\r") ldbsearch -H /var/lib/sss/db/cache_openstacklocal.ldb -b name=user1,cn=users,cn=openstacklocal,cn=sysdb 2>&1 | grep entries
echo '- SSSD log' grep 'calling ldap_search_ext with' /var/log/sssd/sssd_openstacklocal.log | grep user1 | tail -n3
I can confirm the bug is fixed:
ubuntu@vtapia-xenial:~$ sudo ./san.sh - SSSD version ii sssd-common 1.13.4-1ubuntu1.5 amd64 System Security Services Daemon -- common files - Query "user1" user1:*:10000:5000:user1:/home/user1:/bin/bash # 1 entries - Query "user1\n" # 1 entries - Query "user1\r" # 1 entries - SSSD log (Thu May 4 10:51:52 2017) [sssd[be[openstacklocal]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=user1)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=openstacklocal]. (Thu May 4 10:51:52 2017) [sssd[be[openstacklocal]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=user1\0a)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=openstacklocal]. (Thu May 4 10:51:52 2017) [sssd[be[openstacklocal]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=user1\0d)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=openstacklocal].
The correct entry persists as the queries are sanitized (user\0a / user\0d)
#VERIFICATION FOR XENIAL (1.13.4-1ubuntu1.5)
Using the following script to test "faulty" users (with trailing /r /n):
ubuntu@ vtapia- xenial: ~$ cat san.sh
#!/bin/bash
echo '- SSSD version'
dpkg -l | grep sssd-common
echo '- Query "user1"' sss/db/ cache_openstack local.ldb -b name=user1, cn=users, cn=openstackloc al,cn=sysdb 2>&1 | grep entries
sss_cache -E; getent passwd 'user1'
ldbsearch -H /var/lib/
echo '- Query "user1\n"' sss/db/ cache_openstack local.ldb -b name=user1, cn=users, cn=openstackloc al,cn=sysdb 2>&1 | grep entries
sudo sss_cache -E; getent passwd 'user1
'
ldbsearch -H /var/lib/
echo '- Query "user1\r"' sss/db/ cache_openstack local.ldb -b name=user1, cn=users, cn=openstackloc al,cn=sysdb 2>&1 | grep entries
sudo sss_cache -E; getent passwd $(echo -e "user1\r")
ldbsearch -H /var/lib/
echo '- SSSD log' sssd/sssd_ openstacklocal. log | grep user1 | tail -n3
grep 'calling ldap_search_ext with' /var/log/
I can confirm the bug is fixed:
ubuntu@ vtapia- xenial: ~$ sudo ./san.sh :10000: 5000:user1: /home/user1: /bin/bash openstacklocal] ]] [sdap_get_ generic_ ext_step] (0x0400): calling ldap_search_ext with [(&(uid= user1)( objectclass= posixAccount) (uid=*) (&(uidNumber= *)(!(uidNumber= 0))))][ dc=openstackloc al]. openstacklocal] ]] [sdap_get_ generic_ ext_step] (0x0400): calling ldap_search_ext with [(&(uid= user1\0a) (objectclass= posixAccount) (uid=*) (&(uidNumber= *)(!(uidNumber= 0))))][ dc=openstackloc al]. openstacklocal] ]] [sdap_get_ generic_ ext_step] (0x0400): calling ldap_search_ext with [(&(uid= user1\0d) (objectclass= posixAccount) (uid=*) (&(uidNumber= *)(!(uidNumber= 0))))][ dc=openstackloc al].
- SSSD version
ii sssd-common 1.13.4-1ubuntu1.5 amd64 System Security Services Daemon -- common files
- Query "user1"
user1:*
# 1 entries
- Query "user1\n"
# 1 entries
- Query "user1\r"
# 1 entries
- SSSD log
(Thu May 4 10:51:52 2017) [sssd[be[
(Thu May 4 10:51:52 2017) [sssd[be[
(Thu May 4 10:51:52 2017) [sssd[be[
The correct entry persists as the queries are sanitized (user\0a / user\0d)