Resolves: rhbz#1561105 - sssd update prevented login using kerberos user
(cherry picked from commit a5e12d6904)
This commit is contained in:
Michal Židek
parent
1d4426f19f
commit
5bf25dd87d
|
|
@ -0,0 +1,44 @@
|
|||
From ae98cc4985bd3a19bbcadb5c4b77c5e01819e8ac Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||
Date: Tue, 21 Aug 2018 13:59:33 +0200
|
||||
Subject: [PATCH] SYSDB: Prepend cached hash with the salt identifier if it's
|
||||
not there
|
||||
|
||||
This is a downstream-only patch for
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1561105#c13
|
||||
|
||||
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
||||
---
|
||||
src/db/sysdb_ops.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
|
||||
index df0fb83c5546809a2d643e2e585153ad61a6a334..3a7e8fed507e9d96301f97112f9230e031cb5896 100644
|
||||
--- a/src/db/sysdb_ops.c
|
||||
+++ b/src/db/sysdb_ops.c
|
||||
@@ -4516,6 +4516,7 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
|
||||
time_t expire_date = -1;
|
||||
time_t delayed_until = -1;
|
||||
int ret;
|
||||
+ const char *salt_prefix = "$6$";
|
||||
|
||||
if (name == NULL || *name == '\0') {
|
||||
DEBUG(SSSDBG_CRIT_FAILURE, "Missing user name.\n");
|
||||
@@ -4601,6 +4602,14 @@ int sysdb_cache_auth(struct sss_domain_info *domain,
|
||||
goto done;
|
||||
}
|
||||
|
||||
+ if (strncmp(userhash, salt_prefix, strlen(salt_prefix)) != 0) {
|
||||
+ userhash = talloc_asprintf(tmp_ctx, "%s%s", salt_prefix, userhash);
|
||||
+ if (userhash == NULL) {
|
||||
+ ret = ENOMEM;
|
||||
+ goto done;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
ret = s3crypt_sha512(tmp_ctx, password, userhash, &comphash);
|
||||
if (ret) {
|
||||
DEBUG(SSSDBG_CONF_SETTINGS, "Failed to create password hash.\n");
|
||||
--
|
||||
2.14.4
|
||||
|
||||
11
sssd.spec
11
sssd.spec
|
|
@ -38,7 +38,7 @@
|
|||
|
||||
Name: sssd
|
||||
Version: 1.16.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Group: Applications/System
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
|
|
@ -59,6 +59,12 @@ Patch0007: 0007-PAM-Allow-to-configure-pam-services-for-Smartcards.patch
|
|||
Patch0502: 0502-SYSTEMD-Use-capabilities.patch
|
||||
Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
|
||||
|
||||
# Keep this downstream patch for the lifetime of f27 and f28.
|
||||
# It fixes offline authentication of users that were cached in sysdb
|
||||
# with SSSD version affected by this BZ#1602781. Note that this patch
|
||||
# only fixes the offline authentication (not the local provider).
|
||||
Patch1000: 1000-SYSDB-Prepend-cached-hash-with-the-salt-identifier-i.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
|
|
@ -1269,6 +1275,9 @@ fi
|
|||
%{_libdir}/%{name}/modules/libwbclient.so
|
||||
|
||||
%changelog
|
||||
* Tue Aug 21 2018 Michal Židek <mzidek@redhat.com> - 1.16.3-2
|
||||
- Resolves: rhbz#1561105 - sssd update prevented login using kerberos user
|
||||
|
||||
* Tue Aug 14 2018 Michal Židek <mzidek@redhat.com> - 1.16.3-1
|
||||
- New upstream release 1.16.3
|
||||
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_3.html
|
||||
|
|
|
|||
Loading…
Reference in New Issue