1379582 – ding-libs don't parse lines without an equal sign

Bug 1379582 - ding-libs don't parse lines without an equal sign

Summary: ding-libs don't parse lines without an equal sign

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ding-libs
Sub Component:
Version:	6.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Jakub Hrozek
QA Contact:	Steeve Goveas
Docs Contact:
URL:
Whiteboard:
Depends On:	1377213
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-27 07:41 UTC by Marcel Kolaja
Modified:	2020-05-04 11:14 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ding-libs-0.4.0-11.el6_8.1
Doc Type:	Bug Fix
Doc Text:	CCFR Cause: SSSD is not able to process GPO ini file if it contains attributes with no equal sign (in other words, attributes with values that are not written in "key = value" format). These values are not important for GPO processing. Consequence: SSSD fails GPO processing and denies access to users if the GPO contains lines without equal sign. Fix: libini (part of ding-libs used by SSSD to manipulate INI files) was enhanced and is able to ignore lines that are not "key = value". SSSD was modified to use this new feature. Result: SSSD does not fail GPO processing if GPO INI file contains lines without equal sign.
Clone Of:	1377213
Environment:
Last Closed:	2017-02-23 17:39:10 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 3792	0	None	None	None	2020-05-04 11:14:36 UTC
Red Hat Product Errata	RHBA-2017:0302	0	normal	SHIPPED_LIVE	sssd and ding-libs bug fix update	2017-02-23 22:35:25 UTC

Description Marcel Kolaja 2016-09-27 07:41:52 UTC

This bug has been copied from bug #1377213 and has been proposed
to be backported to 6.8 z-stream (EUS).

Comment 5 Dan Lavu 2017-01-12 00:55:07 UTC

Verified against sssd-1.13.3-22.el6_8.6.x86_64.rpm

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ad_gpo_010: bz 1316164 invalid/empty values in GptTmpl.inf
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

spawn su --shell /bin/sh nobody -- -c su --shell /bin/true -- "$1" -- allow_u-18520
Password: :: [   PASS   ] :: File '/var/log/sssd/sssd_sssdad2012r2.com.log' should contain 'Option ad_gpo_access_control has value enforcing' 
:: [  BEGIN   ] :: Running 'su_success 'allow_u-18520' Secret123'
spawn su --shell /bin/sh nobody -- -c su --shell /bin/true -- "$1" -- allow_u-18520

Comment 7 errata-xmlrpc 2017-02-23 17:39:10 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0302.html

Note You need to log in before you can comment on or make changes to this bug.