Bug 1202724
Summary: | [RFE] Add a way to lookup users based on CAC identity certificates | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jakub Hrozek <jhrozek> | |
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> | |
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | medium | |||
Version: | 7.0 | CC: | grajaiya, jgalipea, jhrozek, jpazdziora, lslebodn, mkosek, mzidek, nsoman, pbrezina, preichl, sbose, spoore | |
Target Milestone: | rc | Keywords: | FutureFeature | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | sssd-1.13.0-20.el7 | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1270029 (view as bug list) | Environment: | ||
Last Closed: | 2015-11-19 11:36:41 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1127787, 1169972, 1181710, 1241089, 1270029 |
Description
Jakub Hrozek
2015-03-17 10:16:04 UTC
Related upstream tickets: 827a016a07d5f911cc4195be89896a376fd71f59 a99845006f96f9d1e7af871ec67c71cee8408a62 8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98 caacea0dbfdc92613ae992681053b1d2665b80ca 7d8b7d82f0a91ed656320577fc781f24a66db9f8 bf01e8179cbb2be476805340636098deda7e1366 e22e04517b9f9d0c7759dc4768eedfd05908e9b6 070bb515321a7de091b884d9e0ab357b7b5ae578 Upstream ticket: https://fedorahosted.org/sssd/ticket/2742 Additional fix for #2742 is coming up, moving back to ASSIGNED. * master: 619e21ed9c7a71e35e53f38867b53ed974f1d36a How can I test this? Would the same test as for bug #1241089 cover this as well? Sounds like that bug specifically asks for an update to mod_lookup_identity to use the fix from this for org.freedesktop.sssd.infopipe.Users.FindByCertificate. If I can't use the verification for that bug to verify this, please list steps to test. Thanks, Scott Please see 'How to Test' section of https://fedorahosted.org/sssd/wiki/DesignDocs/LookupUsersByCertificate for details. Verified. Version :: sssd-1.13.0-26.el7.x86_64 Results :: [root@blade05 ~]# ipa user-add-cert bob20669 --certificate="$(cat bob20669.pem|grep -v -- '----' | tr -d '[\n\r]')" ------------------------------------- Added certificates to user "bob20669" ------------------------------------- User login: bob20669 Certificate: MIIECjCCAvKgAwIBAgIBDDANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQKDAxFWEFNUExFLlRFU1QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA5MjEyMTE4MDRaFw0xNzA5MjEyMTE4MDRaMCoxFTATBgNVBAoMDEVYQU1QTEUuVEVTVDERMA8GA1UEAwwIYm9iMjA2NjkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEsRZW2sEvczwkF5LJ5f/3QyQFzxMYz2shUCDvzYXvSRQdosSAIcpI65tTzxvhBKn8+zslL2+IULb4ZvhycrhIoAjOKammZLiYYIpyjgkatmNu9V9UKwWsKxAgg75338ZnVGq9RrjwOtVwHhZ7oGvk0O3+k09iTsmXP8cP2QQQEh1XaNxhqB+WO2XbLLV9lefFJlZl3DQdERPQ6/M8aBKwnMuoJwFE+zFKaAda70wjmUiCCeJCIm0gpyEr71PX4eTP/b2nkANJT4LWNd8eeSuY0PL4o6FerEjoLmSLEL0/MNDY5mj1qNcqKVRC/q9mEIOvRQtFZSKexHLVjzoLa/J3AgMBAAGjggEsMIIBKDAfBgNVHSMEGDAWgBQpLLhxktYerqlf4Sv2wTEeOoy+fzA+BggrBgEFBQcBAQQyMDAwLgYIKwYBBQUHMAGGImh0dHA6Ly9pcGEtY2EuZXhhbXBsZS50ZXN0L2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB3BgNVHR8EcDBuMGygNKAyhjBodHRwOi8vaXBhLWNhLmV4YW1wbGUudGVzdC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFDSTSIzglpbODRtGBUW6w520IimgMA0GCSqGSIb3DQEBCwUAA4IBAQBn21OvjmAFw0RDX6y8oo80FuTgCJ2hKkKt2QAhpFtirM2kNSJG7+E//Dwbs4Tyg5CSBOPXsdFi2NkRTA4/pXVmNx2Q2uu8ypcC9ZzuykVIy38RY6SETr5yPmkBM0NL5TeNVNdy9+06FmL/0QDVisfW5sNncxzfIO0LOQJp6gyMAXc2bGeeLlk2SR8aKPtyz5kNFKYUWaA4F2ZeAPsb0zU9JIu237FCgxU7L3c9fp0ZXPE1NPWZD3h7hCdZAvQ03SdTzMJlUJiARTbfeUr152i+3JJL7Yoop2/VoQb/FkA22oBFtfZW/GSZTN9p+e4HXH390oS+LphonPf1u/1EQsGN [root@blade05 ~]# dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByCertificate string:"$(cat bob20669.pem)" method return sender=:1.7 -> dest=:1.17 reply_serial=2 object path "/org/freedesktop/sssd/infopipe/Users/example_2etest/1690400001" [root@blade05 ~]# dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/example_2etest/1690400001 org.freedesktop.DBus.Properties.Get string:"org.freedesktop.sssd.infopipe.Users.User" string:"name" method return sender=:1.7 -> dest=:1.18 reply_serial=2 variant string "bob20669" [root@blade05 ~]# dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/example_2etest/1690400001 org.freedesktop.DBus.Properties.GetAll string:"org.freedesktop.sssd.infopipe.Users.User" method return sender=:1.7 -> dest=:1.29 reply_serial=2 array [ dict entry( string "name" variant string "bob20669" ) dict entry( string "uidNumber" variant uint32 1690400001 ) dict entry( string "gidNumber" variant uint32 1690400001 ) dict entry( string "gecos" variant string "Robert Chase" ) dict entry( string "homeDirectory" variant string "/home/bob20669" ) dict entry( string "loginShell" variant string "/bin/sh" ) dict entry( string "groups" variant array [ object path "/org/freedesktop/sssd/infopipe/Groups/example_2etest/1690400001" object path "/org/freedesktop/sssd/infopipe/Groups/example_2etest/1690400006" ] ) dict entry( string "extraAttributes" variant array [ ] ) ] [root@blade05 ~]# getent group 1690400006 webgroup1:*:1690400006:bob20669 [root@blade05 ~]# getent group 1690400001 bob20669:*:1690400001: [root@blade05 ~]# getent passwd 1690400001 bob20669:*:1690400001:1690400001:Robert Chase:/home/bob20669:/bin/sh Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2355.html |