Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 525674 - app-admin/sudo: add support for sys-auth/sssd via USE=sssd
Summary: app-admin/sudo: add support for sys-auth/sssd via USE=sssd
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 5 votes (vote)
Assignee: Mikle Kolyada
URL:
Whiteboard:
Keywords:
: 553676 (view as bug list)
Depends on: 540540
Blocks:
  Show dependency tree
 
Reported: 2014-10-17 18:23 UTC by Paul Sands
Modified: 2018-10-05 21:38 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch to sudo-1.8.11_p1.ebuild to add sssd support (sudo-1.8.11_p1.ebuild.patch,1.46 KB, patch)
2014-10-31 15:09 UTC, Richard Ostrow
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Sands 2014-10-17 18:23:30 UTC
sys-auth/sssd support was added to sudo in version 1.8.6. The current ebuilds for sudo (from 1.8.6 through 1.8.11_p1) do not include support by default of have a USE falg to enable support.

Editing the current ebuild and added --with-sssd to src_configure() does work correctly when sys-auth/sssd is installed (i.e. sssd successfully handles the sudo request to an ldap server).

I am not sure what the best way to handle is. The documentation I could find on --with-sssd suggests that it merely adds support and does not add a dependency on sys-auth/sssd but I have not tested. I am not sure if it should be a default to add the --with-sssd to the ebuild or add a use flag for sssd.

Reproducible: Always

Steps to Reproduce:
1. emerge sys-auth/sssd app-admin/sudo
2. setup pam rules to use sssd and configure sssd to handle sudo requests
3. edit /etc/nsswitch.conf to include "sudoers: files sss" (instead of ldap)
4. attempt sudo with an ldap user without a local account
Actual Results:  
sudo fails to use the sssd service and only looks at the local /etc/sudoers file

Expected Results:  
sudo should success in using sssd (at least assuming the ldap user is configured to have sudo access)
Comment 1 Richard Ostrow 2014-10-31 15:09:03 UTC
Created attachment 387890 [details, diff]
Patch to sudo-1.8.11_p1.ebuild to add sssd support

Confirmed that by default, app-admin/sudo-1.8.11_p1 does not build support for sssd. app-admin/sudo-1.8.11_p1 does, however, have support for sssd if it is enabled during the configure stage. This ebuild patch for app-admin/sudo-1.8.11_p1.ebuild builds sudo with support for sssd with the sssd USE flag enabled, with some brief instructions on what needs to be done from that point (similar to the LDAP USE flag instructions already there).
Comment 2 zunkree 2015-02-18 09:55:26 UTC
Could you please apply this patch to portage tree?
Comment 3 SpanKY gentoo-dev 2015-02-18 16:25:00 UTC
patch as-is is fine, but we can't add it until bug 540540 is resolved
Comment 4 Brett Merrick 2015-05-17 22:49:57 UTC
Is bug 540540 not a duplicate of this?
Comment 5 Richard Ostrow 2015-05-18 04:44:17 UTC
(In reply to Brett Merrick from comment #4)
> Is bug 540540 not a duplicate of this?

No, bug 540540 is against sys-auth/sssd, while this one is against app-admin/sudo. They are tightly related, but not the same.
Comment 6 Alex Xu (Hello71) 2015-06-30 21:39:08 UTC
*** Bug 553676 has been marked as a duplicate of this bug. ***
Comment 7 T-Dawg 2015-07-01 12:21:18 UTC
I would have to politely disagree nsswitch.conf should contain sudoers: files sss, not sss then files. Also, shouldn't sssd be included as an RDEPEND?
Thanks for the patch!
Comment 8 Thomas Berger 2016-06-12 21:05:59 UTC
According to the Changelog, the sssd useflag was present in sudo-1.8.12-r1.

Any reasons why the flag is missing again?
Comment 9 SpanKY gentoo-dev 2016-06-12 22:46:44 UTC
(In reply to Thomas Berger from comment #8)

please read comment #3
Comment 10 Chris Paras 2016-12-01 19:42:23 UTC
Any progress ?
Comment 11 Oleg Gawriloff 2017-05-22 13:21:03 UTC
Any news on that?
Comment 12 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-10-05 20:53:46 UTC
Finally on it
Comment 13 Larry the Git Cow gentoo-dev 2018-10-05 21:38:56 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45151dcfac954a3de23e9980fb29b43a69244ad7

commit 45151dcfac954a3de23e9980fb29b43a69244ad7
Author:     Mikle Kolyada <zlogene@gentoo.org>
AuthorDate: 2018-10-05 21:37:29 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2018-10-05 21:37:29 +0000

    app-admin/sudo: Add sys-auth/sssd support
    
    Closes: https://bugs.gentoo.org/525674
    Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
    Package-Manager: Portage-2.3.49, Repoman-2.3.11

 app-admin/sudo/metadata.xml             |   1 +
 app-admin/sudo/sudo-1.8.25_p1-r1.ebuild | 242 ++++++++++++++++++++++++++++++++
 2 files changed, 243 insertions(+)