#1596 Sudo smart refresh doesn't occur on time
Closed: Fixed None Opened 6 years ago by jhrozek.

https://bugzilla.redhat.com/show_bug.cgi?id=869013 (Red Hat Enterprise Linux 6)

Description of problem:
A sudo rule node newly added to the LDAP server doesn't get noticed by sssd
within smart refresh interval, only within full refresh interval.

Version-Release number of selected component (if applicable):
libsss_autofs-1.9.2-3.el6.x86_64
libsss_idmap-1.9.2-3.el6.x86_64
libsss_sudo-1.9.2-3.el6.x86_64
sssd-client-1.9.2-3.el6.x86_64
sssd-1.9.2-3.el6.x86_64

How reproducible:
Always.

Steps to Reproduce:
#
# Setup
#
service sssd stop
echo "ldap_sudo_smart_refresh_interval = 10" >> /etc/sssd/sssd.conf
echo "ldap_sudo_full_refresh_interval = 30" >> /etc/sssd/sssd.conf
rm /var/lib/sss/db/*.ldb
service sssd start
# Wait for the service to really come up,
# see https://fedorahosted.org/sssd/ticket/1357
# Without this delay the bug won't reproduce
sleep 3
check_sudo() { su user1 -c 'sudo -u user2 true' 2>/dev/null && echo ALLOWED ||
echo DENIED; }
#
# Test
#
check_sudo
ldapmodify -x -h server -D 'cn=Directory Manager' -w Secret123 -a <<EOF
dn: cn=test,ou=Sudoers,dc=example,dc=com
cn: test
objectClass: top
objectClass: sudoRole
sudoOption: !authenticate
sudoUser: ALL
sudoHost: ALL
sudoCommand: ALL
sudoRunAsUser: ALL
EOF
check_sudo; sleep 12; check_sudo; sleep 10; check_sudo; sleep 10; check_sudo
#
# Teardown
#
unset check_sudo
service sssd stop
grep -v 'ldap_sudo_\(smart\|full\)_refresh_interval' /etc/sssd/sssd.conf >
/etc/sssd/sssd.conf.new
mv /etc/sssd/sssd.conf{.new,}
chmod 0600 /etc/sssd/sssd.conf
ldapdelete -x -h server -D 'cn=Directory Manager' -w Secret123
cn=test,ou=Sudoers,dc=example,dc=com
rm /var/lib/sss/db/*.ldb
service sssd start

Actual results:
DENIED
DENIED
DENIED
DENIED
ALLOWED

Expected results:
DENIED
DENIED
ALLOWED
ALLOWED
ALLOWED

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => pbrezina
patch: 0 => 1
status: new => assigned
testsupdated: => 0

milestone: NEEDS_TRIAGE => SSSD 1.9.3
resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.3

2 years ago

Login to comment on this ticket.

Metadata