jhrozek's pull request #19: "KRB5: Send the output username, not internal fqname to krb5_child" was opened
PR body: """ Resolves: https://fedorahosted.org/sssd/ticket/3172
krb5_child calls krb5_kuserok() during the access phase which checks if a particular user is allowed to authenticate as a particular principal. We used to pass the internal fqname to krb5_kuserok() which broke the functionality and all users were denied access.
This patch changes that to send the 'output' username to krb5_child, because that's the username the system receives through getpwnam() or getpwuid() anyway. The patch also adds a new structure member fo the krb5child_req structure to avoid reusing the pd->user variable but have an explicit one that serves as the input for the child process. """
See the full pull-request at https://github.com/SSSD/sssd/pull/19 ... or pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/19/head:pr19 git checkout pr19
jhrozek commented on a pull request
""" btw feel free to ping me on RH IRC for a link that shows the patch fixes the RH tests.. """
See the full comment at https://github.com/SSSD/sssd/pull/19#issuecomment-245325705
lslebodn commented on a pull request
""" On (07/09/16 08:49), Jakub Hrozek wrote:
btw feel free to ping me on RH IRC for a link that shows the patch fixes the RH tests..
When I was looking into this bug https://bugzilla.redhat.com/show_bug.cgi?id=1372753#c7 I verified in gdb that setting kr->pd->user to shorname (after krb5_setup) fixed the issue. And you fixed it in right way :-)
ACK
Local CI passed. Feel free to push
LS
"""
See the full comment at https://github.com/SSSD/sssd/pull/19#issuecomment-245340476
jhrozek's pull request #19: "KRB5: Send the output username, not internal fqname to krb5_child" label *Accepted* has been added
See the full pull-request at https://github.com/SSSD/sssd/pull/19
lslebodn commented on a pull request
""" On (07/09/16 10:07), Jakub Hrozek wrote:
Assigned #19 to @lslebodn.
master: * fedfb7c62b4efa89d18d0d3a7895a2a34ec4ce42
LS
"""
See the full comment at https://github.com/SSSD/sssd/pull/19#issuecomment-245742253
jhrozek's pull request #19: "KRB5: Send the output username, not internal fqname to krb5_child" label *Pushed* has been added
See the full pull-request at https://github.com/SSSD/sssd/pull/19
jhrozek's pull request #19: "KRB5: Send the output username, not internal fqname to krb5_child" label *Accepted* has been removed
See the full pull-request at https://github.com/SSSD/sssd/pull/19
jhrozek's pull request #19: "KRB5: Send the output username, not internal fqname to krb5_child" was closed
See the full pull-request at https://github.com/SSSD/sssd/pull/19 ... or pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/19/head:pr19 git checkout pr19
sssd-devel@lists.fedorahosted.org