Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 674172 - Group members are not sanitized in nested group processing
Group members are not sanitized in nested group processing
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.0
All Linux
unspecified Severity high
: rc
: ---
Assigned To: Stephen Gallagher
Chandrasekar Kannan
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-01-31 15:48 EST by Stephen Gallagher
Modified: 2015-01-04 18:46 EST (History)
6 users (show)

See Also:
Fixed In Version: sssd-1.5.1-4.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-19 07:38:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0560 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2011-05-19 07:38:17 EDT

  None (edit)
Description Stephen Gallagher 2011-01-31 15:48:21 EST
Description of problem:

rfc2307bis_nested_groups_update_sysdb() and save_rfc2307bis_user_memberships() both call sysdb_search_groups() with a non-sanitized member_dn.

Version-Release number of selected component (if applicable):
sssd-1.5.1-3.el6

How reproducible:
Every time

Steps to Reproduce:
1. Create a series of groups in RFC2307bis whose names include parentheses. e.g. "Group (Group with parens)"
2. Create a user whose memberships indirectly include a group from above (not direct members, only parent groups of direct members)
3. Attempt to run "id username"
  
Actual results:
The user is missing several groups from the results

Expected results:
All groups should be represented correctly.

Additional info:
Tracked upstream at
https://fedorahosted.org/sssd/ticket/785
Comment 3 Gowrishankar Rajaiyan 2011-04-11 02:48:23 EDT
# id rfc2307bis_user1
uid=99999(rfc2307bis_user1) gid=99999(rfc2307bis_group1)
groups=99999(rfc2307bis_group1),100000(rfc2307bis(group2),100003(rfc2307bis)(group5),100002(rfc2307bis()group4),100001(rfc2307bis)group3)

Groups with parenthesis displayed as expected.

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 25.el6                        Build Date: Fri 08 Apr 2011 10:53:31 PM IST
Install Date: Mon 11 Apr 2011 11:27:08 AM IST      Build Host: x86-003.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-25.el6.src.rpm
Size        : 3462773                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Comment 4 errata-xmlrpc 2011-05-19 07:38:29 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0560.html
Comment 5 errata-xmlrpc 2011-05-19 09:09:25 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0560.html

Note You need to log in before you can comment on or make changes to this bug.