Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: sssd should support time format without minutes and seconds in sudo entries #3474

Closed
sssd-bot opened this issue May 2, 2020 · 0 comments
Closed

RFE: sssd should support time format without minutes and seconds in sudo entries #3474

sssd-bot opened this issue May 2, 2020 · 0 comments
Labels
Bugzilla Closed: Not a bug

Comments

@sssd-bot
Copy link

sssd-bot commented May 2, 2020

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2432

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1138255

Description of problem:
sssd doesn't support time format without minutes and seconds in sudo entries
(sudoNotBefore and sudoNotAfter).

Minutes and seconds portions are optional according to sudoers.ldap man page.
It says:
he minute and seconds portions are optional, but some LDAP servers require that
they be present (contrary to the RFC).


dn: cn=rule_allow,ou=Sudoers,dc=my-domain,dc=com
objectClass: top
objectClass: sudoRole
cn: rule_allow
sudoHost: ALL
sudoUser: userallowed
sudoCommand: ALL
sudoNotBefore: 2014090309Z

[test]date -u
Thu Sep  4 09:27:38 UTC 2014

[test]su - userallowed -c 'sudo true'
su: warning: cannot change directory to /home/userallowed: No such file or
directory
userallowed is not allowed to run sudo on rhel7.  This incident will be
reported.

/var/log/sssd/sssd_sudo.log contains 'Invalid time format in rule
[rule_allow]!'

Version-Release number of selected component (if applicable):
sssd-1.11.2-65.el7
sudo-1.8.6p7-11.el7

How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comments

Comment from jhrozek at 2014-09-05 10:37:30

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1138555 (Red Hat Enterprise Linux 6)

rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1138255 1138255] => [https://bugzilla.redhat.com/show_bug.cgi?id=1138255 1138255], [https://bugzilla.redhat.com/show_bug.cgi?id=1138555 1138555]

Comment from jhrozek at 2014-09-16 10:52:13

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.15 beta
review: True => 0
selected: =>
testsupdated: => 0

Comment from jhrozek at 2016-11-25 10:25:45

I would just close this as wontfix.

mark: => 0
review: 0 => 1
selected: => Not need
sensitive: => 0

Comment from jhrozek at 2016-12-05 15:27:20

We decided we woulnd't implement this RFE because it was opened for more than 2 years without a patch being submitted or anyone being really interested in contributing a patch. Closing.

resolution: => wontfix
status: new => closed

Comment from jhrozek at 2017-02-24 14:56:13

Metadata Update from @jhrozek:

  • Issue set to the milestone: SSSD Future releases (no date set yet)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bugzilla Closed: Not a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sssd-bot