Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sudoNotBefore time is not always respected #3358

Closed
sssd-bot opened this issue May 2, 2020 · 1 comment
Closed

sudoNotBefore time is not always respected #3358

sssd-bot opened this issue May 2, 2020 · 1 comment
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.

Comments

@sssd-bot
Copy link

sssd-bot commented May 2, 2020

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2316

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1088564

Description of problem:
sudoNotBefore time is not always respected

Version-Release number of selected component (if applicable):
1.11.2-65

How reproducible:
Very often

Steps to Reproduce:
1. On the ldapserver:
ldapsearch -xv -h ldapserver -b "dc=example,dc=com" cn=test
dn: cn=test,ou=Sudoers,dc=example,dc=com
objectClass: top
objectClass: sudoRole
sudoHost: ALL
sudoCommand: ALL
sudoUser: ALL
cn: test
sudoRunAsUser: ALL
sudoNotBefore: 20140409090729-0400

2. On the client:
# date +'%Y%m%d%H%M%S%z'
20140409092740-0400       <== Which is way past the sudoNotBefore time

3. Try to sudo to a user.
# su user1 -c "sudo -u user2 ${*-true}"
user1 is not allowed to run sudo on client.  This incident will be reported.

Actual results:
sudo access is denied

Expected results:
sudo should work

Additional info:

Comments

Comment from pbrezina at 2014-04-17 13:31:55

It looks like a DST issue. It may be a bug in glibc, but it needs more investigation.

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
review: True => 0
selected: =>
testsupdated: => 0

Comment from jhrozek at 2014-04-17 15:57:13

Not critical for the 1.12 release.

milestone: NEEDS_TRIAGE => SSSD 1.13 beta

Comment from jhrozek at 2014-04-17 15:57:45

In the meantime, Pavel would check with libc developers on the details of mktime that are currently unclear to him.

Comment from dpal at 2014-09-26 18:49:59

Fields changed

mark: => 0

Comment from jhrozek at 2015-02-10 14:28:49

Fields changed

milestone: SSSD 1.13 beta => SSSD 1.13 backlog
priority: major => minor

Comment from jhrozek at 2015-02-12 20:27:26

Mass-moving tickets not planned for the next two releases.

Please reply with a comment if you disagree about the move..

milestone: SSSD 1.13 backlog => SSSD 1.15 beta

Comment from jhrozek at 2017-02-24 15:02:49

Metadata Update from @jhrozek:

  • Issue set to the milestone: SSSD Future releases (no date set yet)

Comment from thalman at 2020-03-11 15:30:06

Metadata Update from @thalman:

  • Custom field design_review reset (from 0)
  • Custom field mark reset (from 0)
  • Custom field patch reset (from 0)
  • Custom field review reset (from 0)
  • Custom field testsupdated reset (from 0)
  • Issue close_status updated to: None
  • Issue tagged with: bugzilla
@alexey-tikhonov alexey-tikhonov mentioned this issue Sep 26, 2022
Closed
@pbrezina
Copy link
Member

Pushed PR: #6351

  • master

    • 0198f64 - SUDO: Fix timezone issues with sudoNotBefore and sudoNotAfter

  • sssd-1-16

    • 1bb93f7 - SUDO: Fix timezone issues with sudoNotBefore and sudoNotAfter

  • sssd-2-7

    • 9a8b925 - SUDO: Fix timezone issues with sudoNotBefore and sudoNotAfter

@pbrezina pbrezina added the Closed: Fixed Issue was closed as fixed. label Sep 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pbrezina @sssd-bot