#1779 Rule mismatch isn't noticed before smart refresh on ppc64 and s390x
Closed: Fixed None Opened 6 years ago by pbrezina.

https://bugzilla.redhat.com/show_bug.cgi?id=902716 (Red Hat Enterprise Linux 6)

Description of problem:
SSSD doesn't notice rule becoming a mismatch immediately, but only after a
smart refresh on ppc64 and s390x with directory server running on x86_64.

Version-Release number of selected component (if applicable):
sssd-client-1.9.2-74.el6.s390x
libsss_idmap-1.9.2-74.el6.s390x
libsss_sudo-1.9.2-74.el6.s390x
sssd-1.9.2-74.el6.s390x

How reproducible:
always

Steps to Reproduce:
1. Setup LDAP directory, using the attached mismatch_refresh_test.ldif file as
reference.
2. Setup SSSD client using the attached sssd.conf as reference.
3. Execute the following, replacing the server hostname:
---:<---
service sssd restart >/dev/null
ldapmodify -h dell-pe840-01.rhts.eng.bos.redhat.com -x -D
cn=Manager,dc=example,dc=com -w Secret123 <<<"
dn: cn=test,ou=Sudoers,dc=example,dc=com
replace: sudoUser
sudoUser: user2" >/dev/null
su -c 'sudo -u user2 true' user1 && echo ALLOWED || echo DENIED
sleep 11
su -c 'sudo -u user2 true' user1 && echo ALLOWED || echo DENIED
--->:---

Actual results:
ALLOWED
user1 is not allowed to run sudo on ibm-z10-02.  This incident will be
reported.
DENIED

Expected results:
user1 is not allowed to run sudo on ibm-z10-02.  This incident will be
reported.
DENIED
user1 is not allowed to run sudo on ibm-z10-02.  This incident will be
reported.
DENIED

Additional info:
This works as documented on x86_64 and i386.

Use the following command for test teardown, replacing the server hostname:
---:<---
ldapmodify  -h dell-pe840-01.rhts.eng.bos.redhat.com -x -D
cn=Manager,dc=example,dc=com -w Secret123 <<<"
dn: cn=test,ou=Sudoers,dc=example,dc=com
replace: sudoUser
sudoUser: user1" >/dev/null
--->:---

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => pbrezina
patch: 0 => 1
selected: =>
status: new => assigned
testsupdated: => 0

milestone: NEEDS_TRIAGE => SSSD 1.9.4
priority: major => blocker
resolution: => fixed
status: assigned => closed

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.4

2 years ago

Login to comment on this ticket.

Metadata