rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: upstream#4118 sssd requires timed sudoers ldap entries to be specified up to the seconds

Browse Source
This commit is contained in:
Michal Židek 2020-02-27 03:59:01 +01:00
parent 8b47371b41
commit 44805f5ff8
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
0017-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch Normal file
View File

@ -0,0 +1,52 @@
From 58a67cd38b8be9bef45ce70588763d851840dd65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?= <ppolawsk@redhat.com>
Date: Tue, 3 Dec 2019 04:13:53 +0100
Subject: [PATCH] sysdb_sudo: Enable LDAP time format compatibility
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
LDAP specification allows to ommit seconds and minutes
in time border definition. In that case they defaults to zeros.
Current sssd.sudo implementation requires precision up to
seconds in time definition. This commit allows to lower
the precision up to hours.
Resolves:
https://pagure.io/SSSD/sssd/issue/4118
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/db/sysdb_sudo.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index 59d6824c0..18088b017 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -55,6 +55,22 @@ static errno_t sysdb_sudo_convert_time(const char *str, time_t *unix_time)
"%Y%m%d%H%M%S.0%z",
"%Y%m%d%H%M%S,0Z",
"%Y%m%d%H%M%S,0%z",
+ /* LDAP specification says that minutes and seconds
+ might be omitted and in that case these are meant
+ to be treated as zeros [1].
+ */
+ "%Y%m%d%H%MZ", /* Discard seconds */
+ "%Y%m%d%H%M%z",
+ "%Y%m%d%H%M.0Z",
+ "%Y%m%d%H%M.0%z",
+ "%Y%m%d%H%M,0Z",
+ "%Y%m%d%H%M,0%z",
+ "%Y%m%d%HZ", /* Discard minutes and seconds*/
+ "%Y%m%d%H%z",
+ "%Y%m%d%H.0Z",
+ "%Y%m%d%H.0%z",
+ "%Y%m%d%H,0Z",
+ "%Y%m%d%H,0%z",
NULL};
for (format = formats; *format != NULL; format++) {
--
2.20.1

7
sssd.spec
View File

@ -36,7 +36,7 @@
Name: sssd Name: sssd
Version: 2.2.3 Version: 2.2.3
Release: 11%{?dist} Release: 12%{?dist}
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ License: GPLv3+
URL: https://pagure.io/SSSD/sssd/ URL: https://pagure.io/SSSD/sssd/
@ -59,6 +59,7 @@ Patch0013: 0013-ad-add-ad_use_ldaps.patch
Patch0014: 0014-ldap-add-new-option-ldap_sasl_maxssf.patch Patch0014: 0014-ldap-add-new-option-ldap_sasl_maxssf.patch
Patch0015: 0015-ad-set-min-and-max-ssf-for-ldaps.patch Patch0015: 0015-ad-set-min-and-max-ssf-for-ldaps.patch
Patch0016: 0016-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch Patch0016: 0016-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch
Patch0017: 0017-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch
### Downstream only patches ### ### Downstream only patches ###
Patch0502: 0502-SYSTEMD-Use-capabilities.patch Patch0502: 0502-SYSTEMD-Use-capabilities.patch
@ -1088,6 +1089,10 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so %{_libdir}/%{name}/modules/libwbclient.so
%changelog %changelog
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
- Resolves: upstream#4118 - sssd requires timed sudoers ldap entries to be
specified up to the seconds
* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11 * Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
- Add sssd-dbus package as a dependency of sssd-tools - Add sssd-dbus package as a dependency of sssd-tools