Hide Forgot
Description of problem: Hosts, hostgroups and other attributes of IPA HBAC rules may have names in non-English UTF-8 languages. We need to support comparisons against these rules. Version-Release number of selected component (if applicable): sssd-1.5.1-43.el6 How reproducible: Every time Steps to Reproduce: Use extended UTF-8 characters in a hostname or hostgroup in IPA's LDAP. Actual results: Case-insensitive omparisons fail against UTF-8 characters. Expected results: UTF-8 should be handled correctly. Additional info:
[root@bumblebee ~]# ipa hostgroup-find ------------------- 1 hostgroup matched ------------------- Host-group: 㜠Description: ÃŒ Member hosts: mudflap.lab.eng.pnq.redhat.com ---------------------------- Number of entries returned 1 ---------------------------- [root@bumblebee ~]# ipa hbacrule-show rule1 Rule name: rule1 Enabled: TRUE Users: shanks Hosts: bumblebee.lab.eng.pnq.redhat.com Source host groups: 㜠Services: sshd [root@mudflap ~]# ssh -l shanks bumblebee.lab.eng.pnq.redhat.com shanks.eng.pnq.redhat.com's password: Last login: Mon Oct 3 14:06:09 2011 from mudflap.lab.eng.pnq.redhat.com [root@bumblebee ~]# ipa hbacrule-disable rule1 -------------------------- Disabled HBAC rule "rule1" -------------------------- [root@mudflap ~]# ssh -l shanks bumblebee.lab.eng.pnq.redhat.com shanks.eng.pnq.redhat.com's password: Connection closed by 10.65.201.64 [root@bumblebee ~]# ipa hbacrule-show rule㜠Rule name: rule㜠Enabled: TRUE Users: shanks Hosts: bumblebee.lab.eng.pnq.redhat.com Source host groups: 㜠Services: sshd [root@mudflap ~]# ssh -l shanks bumblebee.lab.eng.pnq.redhat.com shanks.eng.pnq.redhat.com's password: Last login: Mon Oct 3 22:12:20 2011 from mudflap.lab.eng.pnq.redhat.com [root@bumblebee ~]# ipa hbacrule-disable rule㜠--------------------------- Disabled HBAC rule "ruleãœ" --------------------------- [root@mudflap ~]# ssh -l shanks bumblebee.lab.eng.pnq.redhat.com shanks.eng.pnq.redhat.com's password: Connection closed by 10.65.201.64 Verified. # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 53.el6 Build Date: Fri 30 Sep 2011 10:08:08 AM EDT Install Date: Mon 03 Oct 2011 08:28:17 AM EDT Build Host: x86-005.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-53.el6.src.rpm Size : 3671137 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: The host based access control part of SSSD treated all its attributes as plain strings Consequence: case-insensitive comparisons of attributes such as host group names would fail in case they contained UTF-8 characters Fix: The SSSD host based access control provider utilizes libunistring for performing string comparisons where applicable Result: SSSD is able to handle UTF-8 strings in host based access control rules
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html