Public bug reported:

[Impact]

When SSSD tries to renew the machine password, a write_to_child_fd is
open but never closed, leaking a descriptor per request until it hits
the limit and SSSD stops.

[Test Case]

1. With an AD deployed, and having the machine registered, include the
following option in sssd.conf:

# This option should only be used to test the machine account renewal task. The 
option expect 2 integers seperated by a colon (':'). The first integer defines 
the interval in
# seconds how often the task is run. The second specifies the inital timeout in 
seconds before the task is run for the first time after startup.
# Default: 86400:750 (24h and 15m)
ad_machine_account_password_renewal_opts = 5:5

2. Restart the service and monitor the use of descriptors:

root@sssd-xenial:/home/ubuntu# while true; do ll /proc/$(pidof sssd_be)/fd | wc 
-l; sleep 60; done
38
50
62
74
86
98
110
122
134
146
158
170
182
194
206
217
229
^C


[Other info]

The bug is reported and fixed upstream: https://pagure.io/SSSD/sssd/issue/3017
Trusty is not affected (feat not implemented) and A/B/C already include the fix

** Affects: sssd (Ubuntu)
     Importance: Undecided
     Assignee: Victor Tapia (vtapia)
         Status: New


** Tags: sts

** Changed in: sssd (Ubuntu)
     Assignee: (unassigned) => Victor Tapia (vtapia)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771805

Title:
  AD keytab renewal task leaks a file descriptor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1771805/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to