Bug 1379582

Summary: ding-libs don't parse lines without an equal sign
Product: Red Hat Enterprise Linux 6 Reporter: Marcel Kolaja <mkolaja>
Component: ding-libsAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Steeve Goveas <sgoveas>
Severity: high Docs Contact:
Priority: high    
Version: 6.8CC: dlavu, enewland, jhrozek, mkosek, mzidek, tscherf
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ding-libs-0.4.0-11.el6_8.1 Doc Type: Bug Fix
Doc Text:
CCFR Cause: SSSD is not able to process GPO ini file if it contains attributes with no equal sign (in other words, attributes with values that are not written in "key = value" format). These values are not important for GPO processing. Consequence: SSSD fails GPO processing and denies access to users if the GPO contains lines without equal sign. Fix: libini (part of ding-libs used by SSSD to manipulate INI files) was enhanced and is able to ignore lines that are not "key = value". SSSD was modified to use this new feature. Result: SSSD does not fail GPO processing if GPO INI file contains lines without equal sign.
 Story Points: ---
Clone Of: 1377213 Environment:
Last Closed: 2017-02-23 17:39:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1377213    
Bug Blocks:    

Description Marcel Kolaja 2016-09-27 07:41:52 UTC 
This bug has been copied from bug #1377213 and has been proposed
to be backported to 6.8 z-stream (EUS).
Comment 5 Dan Lavu 2017-01-12 00:55:07 UTC 
Verified against sssd-1.13.3-22.el6_8.6.x86_64.rpm

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ad_gpo_010: bz 1316164 invalid/empty values in GptTmpl.inf
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

spawn su --shell /bin/sh nobody -- -c su --shell /bin/true -- "$1" -- allow_u-18520
Password: :: [   PASS   ] :: File '/var/log/sssd/sssd_sssdad2012r2.com.log' should contain 'Option ad_gpo_access_control has value enforcing' 
:: [  BEGIN   ] :: Running 'su_success 'allow_u-18520' Secret123'
spawn su --shell /bin/sh nobody -- -c su --shell /bin/true -- "$1" -- allow_u-18520
Comment 7 errata-xmlrpc 2017-02-23 17:39:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0302.html