Backport PR #904 to fix RHBZ #1757224

2019-10-22 10:04:39 -07:00 · 2019-10-22 10:04:39 -07:00 · 460a59ec3d
commit 460a59ec3d
parent 0aaf839d04
2 changed files with 51 additions and 1 deletions
--- a/0001-KCM-Set-kdc_offset-to-zero-initially.patch
+++ b/0001-KCM-Set-kdc_offset-to-zero-initially.patch
@ -0,0 +1,41 @@
+From 2c9bdcf579e430fa8f7e5595a17cf7242adb5216 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Fri, 11 Oct 2019 09:20:20 +0200
+Subject: [PATCH] KCM: Set kdc_offset to zero initially
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Resolves: https://pagure.io/SSSD/sssd/issue/4100
+
+KCM assumed that the client library would always set the KDC offset, but
+that's not always the case, especially when using multiple krb contexts
+from the client application:
+    https://bugzilla.redhat.com/show_bug.cgi?id=1757224#c64
+
+Heimdal also creates ccaches with zero kdc_offset:
+    https://github.com/heimdal/heimdal/commit/9f58896af958ae5e6e3ebde8c48dad4eda841986
+so we should do the same..
+
+Reviewed-by: Michal Židek <mzidek@redhat.com>
+Reviewed-by: Robbie Harwood <rharwood@redhat.com>
+---
+ src/responder/kcm/kcmsrv_ccache.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c
+index e24da9aa2..66e2752ba 100644
+--- a/src/responder/kcm/kcmsrv_ccache.c
+++ b/src/responder/kcm/kcmsrv_ccache.c
+@@ -82,7 +82,7 @@ errno_t kcm_cc_new(TALLOC_CTX *mem_ctx,
+ 
+     cc->owner.uid = cli_creds_get_uid(owner);
+     cc->owner.gid = cli_creds_get_gid(owner);
+-    cc->kdc_offset = INT32_MAX;
+    cc->kdc_offset = 0;
+ 
+     talloc_set_destructor(cc, kcm_cc_destructor);
+     *_cc = cc;
+-- 
+2.23.0
+
--- a/sssd.spec
+++ b/sssd.spec
@ -36,7 +36,7 @@

 Name: sssd
 Version: 2.2.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: System Security Services Daemon
 License: GPLv3+
 URL: https://pagure.io/SSSD/sssd/
@ -44,6 +44,11 @@ Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz

 ### Patches ###

+# Fix KCM cached tickets behaving as if expired shortly after issue
+# https://github.com/SSSD/sssd/pull/904
+# https://bugzilla.redhat.com/show_bug.cgi?id=1757224
+Patch0: 0001-KCM-Set-kdc_offset-to-zero-initially.patch
+
 ### Downstream only patches ###
 Patch0502: 0502-SYSTEMD-Use-capabilities.patch

@ -1067,6 +1072,10 @@ fi
                                %{_libdir}/%{name}/modules/libwbclient.so

 %changelog
+* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-2
+- Resolves: rhbz#1757224 - Tickets act like they're expiring prematurely
+                           when using KCM cache
+
 * Wed Sep 11 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1
 - Update to latest released upstream version
 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html