Bug 1202724

Related upstream tickets:
    827a016a07d5f911cc4195be89896a376fd71f59
    a99845006f96f9d1e7af871ec67c71cee8408a62
    8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98
    caacea0dbfdc92613ae992681053b1d2665b80ca
    7d8b7d82f0a91ed656320577fc781f24a66db9f8
    bf01e8179cbb2be476805340636098deda7e1366
    e22e04517b9f9d0c7759dc4768eedfd05908e9b6
    070bb515321a7de091b884d9e0ab357b7b5ae578

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2742

Additional fix for #2742 is coming up, moving back to ASSIGNED.

* master: 619e21ed9c7a71e35e53f38867b53ed974f1d36a

How can I test this?  

Would the same test as for bug #1241089 cover this as well?  Sounds like that bug specifically asks for an update to mod_lookup_identity to use the fix from this for org.freedesktop.sssd.infopipe.Users.FindByCertificate.

If I can't use the verification for that bug to verify this, please list steps to test.

Thanks,
Scott

Please see 'How to Test' section of https://fedorahosted.org/sssd/wiki/DesignDocs/LookupUsersByCertificate for details.

Verified.

Version ::

sssd-1.13.0-26.el7.x86_64

Results ::

[root@blade05 ~]# ipa user-add-cert bob20669 --certificate="$(cat bob20669.pem|grep -v -- '----' | tr -d '[\n\r]')"
-------------------------------------
Added certificates to user "bob20669"
-------------------------------------
  User login: bob20669
  Certificate: MIIECjCCAvKgAwIBAgIBDDANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQKDAxFWEFNUExFLlRFU1QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA5MjEyMTE4MDRaFw0xNzA5MjEyMTE4MDRaMCoxFTATBgNVBAoMDEVYQU1QTEUuVEVTVDERMA8GA1UEAwwIYm9iMjA2NjkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEsRZW2sEvczwkF5LJ5f/3QyQFzxMYz2shUCDvzYXvSRQdosSAIcpI65tTzxvhBKn8+zslL2+IULb4ZvhycrhIoAjOKammZLiYYIpyjgkatmNu9V9UKwWsKxAgg75338ZnVGq9RrjwOtVwHhZ7oGvk0O3+k09iTsmXP8cP2QQQEh1XaNxhqB+WO2XbLLV9lefFJlZl3DQdERPQ6/M8aBKwnMuoJwFE+zFKaAda70wjmUiCCeJCIm0gpyEr71PX4eTP/b2nkANJT4LWNd8eeSuY0PL4o6FerEjoLmSLEL0/MNDY5mj1qNcqKVRC/q9mEIOvRQtFZSKexHLVjzoLa/J3AgMBAAGjggEsMIIBKDAfBgNVHSMEGDAWgBQpLLhxktYerqlf4Sv2wTEeOoy+fzA+BggrBgEFBQcBAQQyMDAwLgYIKwYBBQUHMAGGImh0dHA6Ly9pcGEtY2EuZXhhbXBsZS50ZXN0L2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB3BgNVHR8EcDBuMGygNKAyhjBodHRwOi8vaXBhLWNhLmV4YW1wbGUudGVzdC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFDSTSIzglpbODRtGBUW6w520IimgMA0GCSqGSIb3DQEBCwUAA4IBAQBn21OvjmAFw0RDX6y8oo80FuTgCJ2hKkKt2QAhpFtirM2kNSJG7+E//Dwbs4Tyg5CSBOPXsdFi2NkRTA4/pXVmNx2Q2uu8ypcC9ZzuykVIy38RY6SETr5yPmkBM0NL5TeNVNdy9+06FmL/0QDVisfW5sNncxzfIO0LOQJp6gyMAXc2bGeeLlk2SR8aKPtyz5kNFKYUWaA4F2ZeAPsb0zU9JIu237FCgxU7L3c9fp0ZXPE1NPWZD3h7hCdZAvQ03SdTzMJlUJiARTbfeUr152i+3JJL7Yoop2/VoQb/FkA22oBFtfZW/GSZTN9p+e4HXH390oS+LphonPf1u/1EQsGN

[root@blade05 ~]# dbus-send --system --print-reply  --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByCertificate string:"$(cat bob20669.pem)"
method return sender=:1.7 -> dest=:1.17 reply_serial=2
   object path "/org/freedesktop/sssd/infopipe/Users/example_2etest/1690400001"


[root@blade05 ~]# dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/example_2etest/1690400001 org.freedesktop.DBus.Properties.Get string:"org.freedesktop.sssd.infopipe.Users.User" string:"name"
method return sender=:1.7 -> dest=:1.18 reply_serial=2
   variant       string "bob20669"


[root@blade05 ~]# dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/example_2etest/1690400001 org.freedesktop.DBus.Properties.GetAll string:"org.freedesktop.sssd.infopipe.Users.User"
method return sender=:1.7 -> dest=:1.29 reply_serial=2
   array [
      dict entry(
         string "name"
         variant             string "bob20669"
      )
      dict entry(
         string "uidNumber"
         variant             uint32 1690400001
      )
      dict entry(
         string "gidNumber"
         variant             uint32 1690400001
      )
      dict entry(
         string "gecos"
         variant             string "Robert Chase"
      )
      dict entry(
         string "homeDirectory"
         variant             string "/home/bob20669"
      )
      dict entry(
         string "loginShell"
         variant             string "/bin/sh"
      )
      dict entry(
         string "groups"
         variant             array [
               object path "/org/freedesktop/sssd/infopipe/Groups/example_2etest/1690400001"
               object path "/org/freedesktop/sssd/infopipe/Groups/example_2etest/1690400006"
            ]
      )
      dict entry(
         string "extraAttributes"
         variant             array [
            ]
      )
   ]


[root@blade05 ~]# getent group  1690400006
webgroup1:*:1690400006:bob20669

[root@blade05 ~]# getent group  1690400001
bob20669:*:1690400001:

[root@blade05 ~]# getent passwd 1690400001
bob20669:*:1690400001:1690400001:Robert Chase:/home/bob20669:/bin/sh

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html