You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1088564
Description of problem:
sudoNotBefore time is not always respected
Version-Release number of selected component (if applicable):
1.11.2-65
How reproducible:
Very often
Steps to Reproduce:
1. On the ldapserver:
ldapsearch -xv -h ldapserver -b "dc=example,dc=com" cn=test
dn: cn=test,ou=Sudoers,dc=example,dc=com
objectClass: top
objectClass: sudoRole
sudoHost: ALL
sudoCommand: ALL
sudoUser: ALL
cn: test
sudoRunAsUser: ALL
sudoNotBefore: 20140409090729-0400
2. On the client:
# date +'%Y%m%d%H%M%S%z'
20140409092740-0400 <== Which is way past the sudoNotBefore time
3. Try to sudo to a user.
# su user1 -c "sudo -u user2 ${*-true}"
user1 is not allowed to run sudo on client. This incident will be reported.
Actual results:
sudo access is denied
Expected results:
sudo should work
Additional info:
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2316
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1088564
Comments
Comment from pbrezina at 2014-04-17 13:31:55
It looks like a DST issue. It may be a bug in glibc, but it needs more investigation.
blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
review: True => 0
selected: =>
testsupdated: => 0
Comment from jhrozek at 2014-04-17 15:57:13
Not critical for the 1.12 release.
milestone: NEEDS_TRIAGE => SSSD 1.13 beta
Comment from jhrozek at 2014-04-17 15:57:45
In the meantime, Pavel would check with libc developers on the details of mktime that are currently unclear to him.
Comment from dpal at 2014-09-26 18:49:59
Fields changed
mark: => 0
Comment from jhrozek at 2015-02-10 14:28:49
Fields changed
milestone: SSSD 1.13 beta => SSSD 1.13 backlog
priority: major => minor
Comment from jhrozek at 2015-02-12 20:27:26
Mass-moving tickets not planned for the next two releases.
Please reply with a comment if you disagree about the move..
milestone: SSSD 1.13 backlog => SSSD 1.15 beta
Comment from jhrozek at 2017-02-24 15:02:49
Metadata Update from @jhrozek:
Comment from thalman at 2020-03-11 15:30:06
Metadata Update from @thalman:
The text was updated successfully, but these errors were encountered: