rpms/sssd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport PR #904 to fix RHBZ #1757224

Browse Source
This commit is contained in:
Adam Williamson 2019-10-22 10:04:39 -07:00
parent 0aaf839d04
commit 460a59ec3d
2 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
0001-KCM-Set-kdc_offset-to-zero-initially.patch Normal file
View File

@ -0,0 +1,41 @@
From 2c9bdcf579e430fa8f7e5595a17cf7242adb5216 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 11 Oct 2019 09:20:20 +0200
Subject: [PATCH] KCM: Set kdc_offset to zero initially
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Resolves: https://pagure.io/SSSD/sssd/issue/4100
KCM assumed that the client library would always set the KDC offset, but
that's not always the case, especially when using multiple krb contexts
from the client application:
https://bugzilla.redhat.com/show_bug.cgi?id=1757224#c64
Heimdal also creates ccaches with zero kdc_offset:
https://github.com/heimdal/heimdal/commit/9f58896af958ae5e6e3ebde8c48dad4eda841986
so we should do the same..
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
---
src/responder/kcm/kcmsrv_ccache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c
index e24da9aa2..66e2752ba 100644
--- a/src/responder/kcm/kcmsrv_ccache.c
+++ b/src/responder/kcm/kcmsrv_ccache.c
@@ -82,7 +82,7 @@ errno_t kcm_cc_new(TALLOC_CTX *mem_ctx,
cc->owner.uid = cli_creds_get_uid(owner);
cc->owner.gid = cli_creds_get_gid(owner);
- cc->kdc_offset = INT32_MAX;
+ cc->kdc_offset = 0;
talloc_set_destructor(cc, kcm_cc_destructor);
*_cc = cc;
--
2.23.0

11
sssd.spec
View File

@ -36,7 +36,7 @@
Name: sssd Name: sssd
Version: 2.2.2 Version: 2.2.2
Release: 1%{?dist} Release: 2%{?dist}
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ License: GPLv3+
URL: https://pagure.io/SSSD/sssd/ URL: https://pagure.io/SSSD/sssd/
@ -44,6 +44,11 @@ Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
### Patches ### ### Patches ###
# Fix KCM cached tickets behaving as if expired shortly after issue
# https://github.com/SSSD/sssd/pull/904
# https://bugzilla.redhat.com/show_bug.cgi?id=1757224
Patch0: 0001-KCM-Set-kdc_offset-to-zero-initially.patch
### Downstream only patches ### ### Downstream only patches ###
Patch0502: 0502-SYSTEMD-Use-capabilities.patch Patch0502: 0502-SYSTEMD-Use-capabilities.patch
@ -1067,6 +1072,10 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so %{_libdir}/%{name}/modules/libwbclient.so
%changelog %changelog
* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-2
- Resolves: rhbz#1757224 - Tickets act like they're expiring prematurely
when using KCM cache
* Wed Sep 11 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1 * Wed Sep 11 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1
- Update to latest released upstream version - Update to latest released upstream version
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html