Bug 1138255

Summary: RFE: sssd should support time format without minutes and seconds in sudo entries
Product: Red Hat Enterprise Linux 7 Reporter: David Spurek <dspurek>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED WONTFIX QA Contact: Namita Soman <nsoman>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: grajaiya, jgalipea, jhrozek, lslebodn, mkosek, pbrezina, pkis
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1138555 (view as bug list) Environment:
Last Closed: 2017-03-28 07:57:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1138555    

Description David Spurek 2014-09-04 11:36:08 UTC 
Description of problem:
sssd doesn't support time format without minutes and seconds in sudo entries (sudoNotBefore and sudoNotAfter).

Minutes and seconds portions are optional according to sudoers.ldap man page. It says:
he minute and seconds portions are optional, but some LDAP servers require that they be present (contrary to the RFC).


dn: cn=rule_allow,ou=Sudoers,dc=my-domain,dc=com
objectClass: top
objectClass: sudoRole
cn: rule_allow
sudoHost: ALL
sudoUser: userallowed
sudoCommand: ALL
sudoNotBefore: 2014090309Z
 
[test]date -u
Thu Sep  4 09:27:38 UTC 2014
 
[test]su - userallowed -c 'sudo true'
su: warning: cannot change directory to /home/userallowed: No such file or directory
userallowed is not allowed to run sudo on rhel7.  This incident will be reported.

/var/log/sssd/sssd_sudo.log contains 'Invalid time format in rule [rule_allow]!'

Version-Release number of selected component (if applicable):
sssd-1.11.2-65.el7
sudo-1.8.6p7-11.el7

How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Jakub Hrozek 2014-09-05 08:33:27 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2432
Comment 2 Martin Kosek 2014-09-11 12:55:24 UTC 
*** Bug 1138555 has been marked as a duplicate of this bug. ***
Comment 3 Martin Kosek 2014-09-11 13:08:38 UTC 
It is too late for considering the bug for 7.1, moving to later RHEL version. If there is any pending customer request, please bump this bug to achieve a more expedite fix.
Comment 6 Jakub Hrozek 2016-11-23 14:24:42 UTC 
Thank you for filing this bug report.

Since fixing this bug requires work in the upstream SSSD project which is not scheduled for the immediate future, I added a conditional development nack, pending upstream availability.
Comment 7 Jakub Hrozek 2017-03-28 07:57:44 UTC 
Upstream has declined the request, therefore I'm closing this downstream tracking bugzilla as well.