date:20161020

[SSSD] [sssd PR#50][+Changes requested] [RFC] Use GNULIB's compiler warning code

2016-10-20 Thread fidencio

  URL: https://github.com/SSSD/sssd/pull/50
Title: #50: [RFC] Use GNULIB's compiler warning code

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#54][closed] crypto: Port libcrypto code to openssl-1.1

2016-10-20 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/54
Author: lslebodn
 Title: #54: crypto: Port libcrypto code to openssl-1.1
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/54/head:pr54
git checkout pr54
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#54][+Pushed] crypto: Port libcrypto code to openssl-1.1

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/54
Title: #54: crypto: Port libcrypto code to openssl-1.1

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#54][comment] crypto: Port libcrypto code to openssl-1.1

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/54
Title: #54: crypto: Port libcrypto code to openssl-1.1

lslebodn commented:
"""
On (20/10/16 04:38), t8m wrote:
>Reviewed, looks good.
>
Thank you very much for review.

master:
* 8f1316a0c677f211eaaa1346e21a03446b8c4fb1
sssd-1-14:
* 81ebd058ab8f6ab08b05a7e35e04881812404d43

and pushed also to LTM branch so it can be used with the newest openssl
sssd-1-13:
* e1917b665ee4a51706c5f3d311d255917c72f459

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/54#issuecomment-255102790
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

lslebodn commented:
"""
We can discuss  even in closed PR, but better would be move discussion on 
sssd-devel.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255088564
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread mzidek-rh

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

mzidek-rh commented:
"""
Part of the key is the attribute name. My guess is that the lowercaseing before 
storing to the hash table is to make sure that the attribute name case will not 
play any role.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255088522
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

lslebodn commented:
"""
On (20/10/16 05:08), Jakub Hrozek wrote:
>On Thu, Oct 20, 2016 at 05:04:20AM -0700, mzidek-rh wrote:
>> And yes, there are differences between plain LDAP and IPA providers. The 
>> netgroup code is completely different. It may be good to unify the two, but 
>> it is not purpose of this patch.
>
>Maybe it would be good to explain why do we need to lowercase anything?
>
Not just explain but also provide test
It is still possible that bug is on IPA server

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255088360
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][closed] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/59
Author: mzidek-rh
 Title: #59: ipa_netgroups: Lowercase key to htable
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/59/head:pr59
git checkout pr59
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

jhrozek commented:
"""
On Thu, Oct 20, 2016 at 05:04:20AM -0700, mzidek-rh wrote:
> And yes, there are differences between plain LDAP and IPA providers. The 
> netgroup code is completely different. It may be good to unify the two, but 
> it is not purpose of this patch.

Maybe it would be good to explain why do we need to lowercase anything?

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255087661
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread mzidek-rh

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

mzidek-rh commented:
"""
And yes, there are differences between plain LDAP and IPA providers. The 
netgroup code is completely different. It may be good to unify the two, but it 
is not purpose of this patch.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255086956
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][reopened] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread mzidek-rh

   URL: https://github.com/SSSD/sssd/pull/59
Author: mzidek-rh
 Title: #59: ipa_netgroups: Lowercase key to htable
Action: reopened

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/59/head:pr59
git checkout pr59
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread mzidek-rh

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

mzidek-rh commented:
"""
IPA does not allow other then lower cased netgroup names.
# ipa netgroup-add
Netgroup name: WAAA
-
Added netgroup "waaa"
-
  Netgroup name: waaa
  NIS domain name: ipadomain.test
  IPA unique ID: 48135db6-96bc-11e6-bad6-52540079644a

I do not see reason to open a new PR with the same patch. Reopening.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255085896
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][closed] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/59
Author: mzidek-rh
 Title: #59: ipa_netgroups: Lowercase key to htable
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/59/head:pr59
git checkout pr59
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

lslebodn commented:
"""
I am glad that ticket #3117 cannot be reproduced. Please close it.

The ticket #3116 is one of the best examples how should ticket not look like.
Please open a new one. You can inspire in 
https://fedorahosted.org/sssd/ticket/2275
Because you want to fix a regression which should be fixed in that ticket.

Anyway fix is wrong. Ipa provider is not case insensitive. And we do not 
lowercase anything for netgroups in ldap provider.

Closing this PR as rejected. It will be much simpler to have a conversation 
about new patch in new PR
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255083498
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#54][comment] crypto: Port libcrypto code to openssl-1.1

2016-10-20 Thread t8m

  URL: https://github.com/SSSD/sssd/pull/54
Title: #54: crypto: Port libcrypto code to openssl-1.1

t8m commented:
"""
Reviewed, looks good.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/54#issuecomment-255081904
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#54][synchronized] crypto: Port libcrypto code to openssl-1.1

2016-10-20 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/54
Author: lslebodn
 Title: #54: crypto: Port libcrypto code to openssl-1.1
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/54/head:pr54
git checkout pr54
From 9fe94c77a8c505b988ee7bedca4d3d699244e502 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik 
Date: Mon, 17 Oct 2016 15:44:20 +0200
Subject: [PATCH] crypto: Port libcrypto code to openssl-1.1

---
 Makefile.am|  1 +
 src/util/cert/libcrypto/cert.c | 23 ++--
 src/util/crypto/libcrypto/crypto_hmac_sha1.c   | 33 ++-
 src/util/crypto/libcrypto/crypto_nite.c| 76 +++--
 src/util/crypto/libcrypto/crypto_obfuscate.c   | 32 +++
 src/util/crypto/libcrypto/crypto_sha512crypt.c | 77 +++---
 src/util/crypto/libcrypto/sss_openssl.h| 39 +
 7 files changed, 190 insertions(+), 91 deletions(-)
 create mode 100644 src/util/crypto/libcrypto/sss_openssl.h

diff --git a/Makefile.am b/Makefile.am
index 7ef2331..fc4037a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -583,6 +583,7 @@ endif
 dist_noinst_HEADERS = \
 src/monitor/monitor.h \
 src/util/crypto/sss_crypto.h \
+src/util/crypto/libcrypto/sss_openssl.h \
 src/util/cert.h \
 src/util/dlinklist.h \
 src/util/debug.h \
diff --git a/src/util/cert/libcrypto/cert.c b/src/util/cert/libcrypto/cert.c
index a7752d7..aba598d 100644
--- a/src/util/cert/libcrypto/cert.c
+++ b/src/util/cert/libcrypto/cert.c
@@ -182,6 +182,8 @@ errno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db,
 size_t c;
 X509 *cert = NULL;
 EVP_PKEY *cert_pub_key = NULL;
+const BIGNUM *n;
+const BIGNUM *e;
 int modulus_len;
 unsigned char modulus[OPENSSL_RSA_MAX_MODULUS_BITS/8];
 int exponent_len;
@@ -208,16 +210,29 @@ errno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db,
 goto done;
 }
 
-if (cert_pub_key->type != EVP_PKEY_RSA) {
+if (EVP_PKEY_base_id(cert_pub_key) != EVP_PKEY_RSA) {
 DEBUG(SSSDBG_CRIT_FAILURE,
   "Expected RSA public key, found unsupported [%d].\n",
-  cert_pub_key->type);
+  EVP_PKEY_base_id(cert_pub_key));
 ret = EINVAL;
 goto done;
 }
 
-modulus_len = BN_bn2bin(cert_pub_key->pkey.rsa->n, modulus);
-exponent_len = BN_bn2bin(cert_pub_key->pkey.rsa->e, exponent);
+#if OPENSSL_VERSION_NUMBER >= 0x1010L
+RSA *rsa_pub_key = NULL;
+rsa_pub_key = EVP_PKEY_get0_RSA(cert_pub_key);
+if (rsa_pub_key == NULL) {
+ret = ENOMEM;
+goto done;
+}
+
+RSA_get0_key(rsa_pub_key, &n, &e, NULL);
+#else
+n = cert_pub_key->pkey.rsa->n;
+e = cert_pub_key->pkey.rsa->e;
+#endif
+modulus_len = BN_bn2bin(n, modulus);
+exponent_len = BN_bn2bin(e, exponent);
 
 size = SSH_RSA_HEADER_LEN + 3 * sizeof(uint32_t)
 + modulus_len
diff --git a/src/util/crypto/libcrypto/crypto_hmac_sha1.c b/src/util/crypto/libcrypto/crypto_hmac_sha1.c
index 37d2579..5a4ce35 100644
--- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c
+++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c
@@ -24,6 +24,8 @@
 
 #include 
 
+#include "sss_openssl.h"
+
 #define HMAC_SHA1_BLOCKSIZE 64
 
 int sss_hmac_sha1(const unsigned char *key,
@@ -33,23 +35,26 @@ int sss_hmac_sha1(const unsigned char *key,
   unsigned char *out)
 {
 int ret;
-EVP_MD_CTX ctx;
+EVP_MD_CTX *ctx;
 unsigned char ikey[HMAC_SHA1_BLOCKSIZE], okey[HMAC_SHA1_BLOCKSIZE];
 size_t i;
 unsigned char hash[SSS_SHA1_LENGTH];
 unsigned int res_len;
 
-EVP_MD_CTX_init(&ctx);
+ctx = EVP_MD_CTX_new();
+if (ctx == NULL) {
+return ENOMEM;
+}
 
 if (key_len > HMAC_SHA1_BLOCKSIZE) {
 /* keys longer than blocksize are shortened */
-if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) {
+if (!EVP_DigestInit_ex(ctx, EVP_sha1(), NULL)) {
 ret = EIO;
 goto done;
 }
 
-EVP_DigestUpdate(&ctx, (const unsigned char *)key, key_len);
-EVP_DigestFinal_ex(&ctx, ikey, &res_len);
+EVP_DigestUpdate(ctx, (const unsigned char *)key, key_len);
+EVP_DigestFinal_ex(ctx, ikey, &res_len);
 memset(ikey + SSS_SHA1_LENGTH, 0, HMAC_SHA1_BLOCKSIZE - SSS_SHA1_LENGTH);
 } else {
 /* keys shorter than blocksize are zero-padded */
@@ -63,25 +68,25 @@ int sss_hmac_sha1(const unsigned char *key,
 ikey[i] ^= 0x36;
 }
 
-if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) {
+if (!EVP_DigestInit_ex(ctx, EVP_sha1(), NULL)) {
 ret = EIO;
 goto done;
 }
 
-EVP_DigestUpdate(&ctx, (const unsigned char *)ikey, HMAC_SHA1_BLOCKSIZE);
-EVP_DigestUpdate(&ctx, (const unsigned char *)in, in_len);
-EVP_DigestFinal_ex(&ctx, hash, &res_len);
+EVP_DigestUpdate(ctx, (const unsigned char *)ikey, HMAC_SHA1_

[SSSD] [sssd PR#54][-Changes requested] crypto: Port libcrypto code to openssl-1.1

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/54
Title: #54: crypto: Port libcrypto code to openssl-1.1

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread mzidek-rh

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

mzidek-rh commented:
"""
Lukas: The ticket 3116 was closed as duplicate by you. I was always saying that 
it is not duplicate. I even said that in order to solve them properly we need 
to first solve 3116 and then 3117 (I set 3117 as blocked by 3116). Because this 
patch is for 3116 and not for 3117, I put 3116 to the commit message. I was not 
able to reproduce 3117 with master anymore.

I am reopening this PR. Feel free to reopen the 3116 ticket. This ticket is 
quite simple. We lowercase the key to htable when we store the entries, but we 
do not lowercase the keys that we use to search the entries. Which is IMO 
totally obvious bug. Btw. by not fixing this, we make other potential bugs with 
nested netgroups totally invisible even for manual testing and that is keeping 
us from discovering/fixing those.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255078449
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][reopened] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread mzidek-rh

   URL: https://github.com/SSSD/sssd/pull/59
Author: mzidek-rh
 Title: #59: ipa_netgroups: Lowercase key to htable
Action: reopened

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/59/head:pr59
git checkout pr59
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache

2016-10-20 Thread Petr Cech


On 09/22/2016 01:04 PM, Lukas Slebodnik wrote:

Attached is an alternative solution for debugging ldb functions
How to test:
LD_PRELOAD=.libs/sss_ldb_debug.so ./sysdb-tests -d 10

The only think would be to find out why LD_PRELOAD in
/etc/sysconfig/sssd is not passwd to child processes.
MY_LD_PRELOAD is passed without issue.

LS


Hello all,

I just replaced wrappers with Lukas patch. Thanks.

I tested manually LD_PRELOAD, it worked fine if you use
export LD_PRELOAD... how it has been described above in Lukas answer.
I wasn't successful with /etc/sysconfig/sssd too. And uncle google is 
silent :-(


I propose to change the commit message of the third patch to `export 
LD_PRELAOD=...` instead of `/etc/sysconfig/sssd`. So it should work.


Any other idea?

Regards

--
Petr^4 Čech
>From 15b113dcea02e445dc297f336c543d71cb4ea338 Mon Sep 17 00:00:00 2001
From: Petr Cech 
Date: Tue, 16 Aug 2016 09:32:18 +0200
Subject: [PATCH 1/3] SYSDB: Adding message to inform which cache is used

Resolves:
https://fedorahosted.org/sssd/ticket/3060
---
 src/db/sysdb_ops.c | 31 +++
 1 file changed, 31 insertions(+)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 29f4b1d1597bd98541a152dd6462caa864fbf2fd..8b194e3db48870aecd54b21bd3d0b77dc342f9e5 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -27,6 +27,11 @@
 #include "util/cert.h"
 #include 
 
+
+#define SSS_SYSDB_NO_CACHE 0x0
+#define SSS_SYSDB_CACHE 0x1
+#define SSS_SYSDB_TS_CACHE 0x2
+
 static uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr)
 {
 const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr);
@@ -1176,6 +1181,21 @@ done:
 return ret;
 }
 
+static const char *get_attr_storage(int state_mask)
+{
+const char *storage = "unknown";
+
+if (state_mask == (SSS_SYSDB_CACHE | SSS_SYSDB_TS_CACHE)) {
+storage = "cache, ts_cache";
+} else if (state_mask == SSS_SYSDB_TS_CACHE) {
+storage = "ts_cache";
+} else if (state_mask == SSS_SYSDB_CACHE) {
+storage = "cache";
+}
+
+return storage;
+}
+
 int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
  struct ldb_dn *entry_dn,
  struct sysdb_attrs *attrs,
@@ -1184,6 +1204,7 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
 bool sysdb_write = true;
 errno_t ret = EOK;
 errno_t tret = EOK;
+int state_mask = SSS_SYSDB_NO_CACHE;
 
 sysdb_write = sysdb_entry_attrs_diff(sysdb, entry_dn, attrs, mod_op);
 if (sysdb_write == true) {
@@ -1192,6 +1213,8 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
 DEBUG(SSSDBG_MINOR_FAILURE,
   "Cannot set attrs for %s, %d [%s]\n",
   ldb_dn_get_linearized(entry_dn), ret, sss_strerror(ret));
+} else {
+state_mask |= SSS_SYSDB_CACHE;
 }
 }
 
@@ -1201,9 +1224,17 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
 DEBUG(SSSDBG_MINOR_FAILURE,
 "Cannot set ts attrs for %s\n", ldb_dn_get_linearized(entry_dn));
 /* Not fatal */
+} else {
+state_mask |= SSS_SYSDB_TS_CACHE;
 }
 }
 
+if (state_mask != SSS_SYSDB_NO_CACHE) {
+DEBUG(SSSDBG_FUNC_DATA, "Entry [%s] has set [%s] attrs.\n",
+ldb_dn_get_linearized(entry_dn),
+get_attr_storage(state_mask));
+}
+
 return ret;
 }
 
-- 
2.7.4

>From 6b3eea9fbdc0775bce530a1567e51bafcfee3163 Mon Sep 17 00:00:00 2001
From: Petr Cech 
Date: Tue, 16 Aug 2016 09:33:46 +0200
Subject: [PATCH 2/3] SYSDB: Adding message about reason why cache changed

Resolves:
https://fedorahosted.org/sssd/ticket/3060
---
 src/db/sysdb.c | 24 
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index 6f0b1b9e9b52bede68f03cb5674f65b91cc28c98..b67769ed11fc0796d1987f09aa568c2db4a0ffab 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -1821,7 +1821,8 @@ bool sysdb_msg_attrs_modts_differs(struct ldb_message *old_entry,
 return true;
 }
 
-static bool sysdb_ldb_msg_difference(struct ldb_message *db_msg,
+static bool sysdb_ldb_msg_difference(struct ldb_dn *entry_dn,
+ struct ldb_message *db_msg,
  struct ldb_message *mod_msg)
 {
 struct ldb_message_element *mod_msg_el;
@@ -1848,6 +1849,9 @@ static bool sysdb_ldb_msg_difference(struct ldb_message *db_msg,
  */
 if (mod_msg_el->num_values > 0) {
 /* We can ignore additions of timestamp attributes */
+DEBUG(SSSDBG_TRACE_INTERNAL,
+  "Added attr [%s] to entry [%s]\n",
+  mod_msg_el->name, ldb_dn_get_linearized(entry_dn));
 return true;
 }
 break;
@@ -1855,12 +1859,15 @@ static bool sysdb_ldb_msg_difference(struct ldb_m

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

lslebodn commented:
"""
On (20/10/16 02:58), Jakub Hrozek wrote:
>On Thu, Oct 20, 2016 at 02:55:12AM -0700, lslebodn wrote:
>> Here is a hierarchy based on descition in ticket
>> ng1: user1
>> ng2: user2, ng1
>> 
>> So getent netgroup shoudl return for
>> 
>> ng1 -> just a "(-,user1,-)"
>> ng2 -> "(-,user1,-)" "(-,user2,-)"
>> 
>> 
>> This is exactly a reason why I require to write a test for each bugfix.
>> Manual testing if error-prone and wasting of time.
>> Reviewer need a reliable reproducer and not just some "steps to reproduce"
>
>OK, then my setup is different, sorry:
>[jhrozek@unidirect] ~ $ [] ipa netgroup-show ngr1
>  Netgroup name: ngr1
>  NIS domain name: ipa.test
>  Member of netgroups: ngr2
>  Member User: user1
>[jhrozek@unidirect] ~ $ [] ipa netgroup-show ngr2
>  Netgroup name: ngr2
>  NIS domain name: ipa.test
>  Member netgroups: ngr1
>  Member User: user1
>
Thank you for confirmation that manual testing is error-prone
and reviewer need a reliable (automated) reproducer

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255067918
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][closed] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

   URL: https://github.com/SSSD/sssd/pull/59
Author: mzidek-rh
 Title: #59: ipa_netgroups: Lowercase key to htable
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/59/head:pr59
git checkout pr59
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][-Changes requested] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

lslebodn commented:
"""
On (20/10/16 02:58), Jakub Hrozek wrote:
>On Thu, Oct 20, 2016 at 02:55:12AM -0700, lslebodn wrote:
>> On (20/10/16 02:20), Jakub Hrozek wrote:
>> >On Thu, Oct 20, 2016 at 01:40:15AM -0700, lslebodn wrote:
>> >> On (20/10/16 01:21), Jakub Hrozek wrote:
>> >> >before the patch:
>> >> >```
>> >> >[jhrozek@client] sssd $ [] getent netgroup ngr1
>> >> >ngr1  (-,user1,ipa.test)
>> >> >[jhrozek@client] sssd $ [] getent netgroup ngr2  
>> >> >
>> >> >[jhrozek@client] sssd $ [] 
>> >> >```
>> >> >
>> >> >After the patch:
>> >> >```
>> >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr1
>> >> >ngr1  (-,user1,ipa.test)
>> >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr2
>> >> >ngr2  (-,user1,ipa.test) (-,user1,ipa.test)
>> >> >[jhrozek@client] sssd $ [(review)] 
>> >> >```
>> >> >
>> >> >So the netgroup can be resolved, but is it correct that the netgroup 
>> >> >member is listed twice?
>> >> >
>> >> It's impossible to say without content of netgroups on server.
>> >> Could you provide them?
>> >
>> >Same as the reproducer in the ticket. But the point is, is it ever OK to
>> >print duplicates? I guess they are harmless, but it just looks odd.
>> >
>> Then the bug is not fixed
>
>Well, a different bug is fixed (and Michal was arguing there are two
>bugs..). Before, the netgroup was not resolved at all, after the patch it is.
>
Thank you very much for reminder.
I look closer to the ticket https://fedorahosted.org/sssd/ticket/3116
and it was closed as a duplicate of #3117
We should not used closed ticket in commit message.
Therefore closing this PR as rejected.

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255066482
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][+Rejected] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

Label: +Rejected
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

jhrozek commented:
"""
On Thu, Oct 20, 2016 at 02:55:12AM -0700, lslebodn wrote:
> On (20/10/16 02:20), Jakub Hrozek wrote:
> >On Thu, Oct 20, 2016 at 01:40:15AM -0700, lslebodn wrote:
> >> On (20/10/16 01:21), Jakub Hrozek wrote:
> >> >before the patch:
> >> >```
> >> >[jhrozek@client] sssd $ [] getent netgroup ngr1
> >> >ngr1  (-,user1,ipa.test)
> >> >[jhrozek@client] sssd $ [] getent netgroup ngr2   
> >> >   
> >> >[jhrozek@client] sssd $ [] 
> >> >```
> >> >
> >> >After the patch:
> >> >```
> >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr1
> >> >ngr1  (-,user1,ipa.test)
> >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr2
> >> >ngr2  (-,user1,ipa.test) (-,user1,ipa.test)
> >> >[jhrozek@client] sssd $ [(review)] 
> >> >```
> >> >
> >> >So the netgroup can be resolved, but is it correct that the netgroup 
> >> >member is listed twice?
> >> >
> >> It's impossible to say without content of netgroups on server.
> >> Could you provide them?
> >
> >Same as the reproducer in the ticket. But the point is, is it ever OK to
> >print duplicates? I guess they are harmless, but it just looks odd.
> >
> Then the bug is not fixed

Well, a different bug is fixed (and Michal was arguing there are two
bugs..). Before, the netgroup was not resolved at all, after the patch it is.

> 
> Here is a hierarchy based on descition in ticket
> ng1: user1
> ng2: user2, ng1
> 
> So getent netgroup shoudl return for
> 
> ng1 -> just a "(-,user1,-)"
> ng2 -> "(-,user1,-)" "(-,user2,-)"
> 
> 
> This is exactly a reason why I require to write a test for each bugfix.
> Manual testing if error-prone and wasting of time.
> Reviewer need a reliable reproducer and not just some "steps to reproduce"

OK, then my setup is different, sorry:
[jhrozek@unidirect] ~ $ [] ipa netgroup-show ngr1
  Netgroup name: ngr1
  NIS domain name: ipa.test
  Member of netgroups: ngr2
  Member User: user1
[jhrozek@unidirect] ~ $ [] ipa netgroup-show ngr2
  Netgroup name: ngr2
  NIS domain name: ipa.test
  Member netgroups: ngr1
  Member User: user1

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255062876
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

lslebodn commented:
"""
On (20/10/16 02:20), Jakub Hrozek wrote:
>On Thu, Oct 20, 2016 at 01:40:15AM -0700, lslebodn wrote:
>> On (20/10/16 01:21), Jakub Hrozek wrote:
>> >before the patch:
>> >```
>> >[jhrozek@client] sssd $ [] getent netgroup ngr1
>> >ngr1  (-,user1,ipa.test)
>> >[jhrozek@client] sssd $ [] getent netgroup ngr2 
>> > 
>> >[jhrozek@client] sssd $ [] 
>> >```
>> >
>> >After the patch:
>> >```
>> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr1
>> >ngr1  (-,user1,ipa.test)
>> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr2
>> >ngr2  (-,user1,ipa.test) (-,user1,ipa.test)
>> >[jhrozek@client] sssd $ [(review)] 
>> >```
>> >
>> >So the netgroup can be resolved, but is it correct that the netgroup member 
>> >is listed twice?
>> >
>> It's impossible to say without content of netgroups on server.
>> Could you provide them?
>
>Same as the reproducer in the ticket. But the point is, is it ever OK to
>print duplicates? I guess they are harmless, but it just looks odd.
>
Then the bug is not fixed

Here is a hierarchy based on descition in ticket
ng1: user1
ng2: user2, ng1

So getent netgroup shoudl return for

ng1 -> just a "(-,user1,-)"
ng2 -> "(-,user1,-)" "(-,user2,-)"


This is exactly a reason why I require to write a test for each bugfix.
Manual testing if error-prone and wasting of time.
Reviewer need a reliable reproducer and not just some "steps to reproduce"

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255062193
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

jhrozek commented:
"""
On Thu, Oct 20, 2016 at 01:40:15AM -0700, lslebodn wrote:
> On (20/10/16 01:21), Jakub Hrozek wrote:
> >before the patch:
> >```
> >[jhrozek@client] sssd $ [] getent netgroup ngr1
> >ngr1  (-,user1,ipa.test)
> >[jhrozek@client] sssd $ [] getent netgroup ngr2  
> >
> >[jhrozek@client] sssd $ [] 
> >```
> >
> >After the patch:
> >```
> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr1
> >ngr1  (-,user1,ipa.test)
> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr2
> >ngr2  (-,user1,ipa.test) (-,user1,ipa.test)
> >[jhrozek@client] sssd $ [(review)] 
> >```
> >
> >So the netgroup can be resolved, but is it correct that the netgroup member 
> >is listed twice?
> >
> It's impossible to say without content of netgroups on server.
> Could you provide them?

Same as the reproducer in the ticket. But the point is, is it ever OK to
print duplicates? I guess they are harmless, but it just looks odd.

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255054042
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [sssd PR#58][comment] Fix bug in libcrypto version of sss_decrypt

2016-10-20 Thread Lukas Slebodnik

On (19/10/16 18:09), lslebodn wrote:
>  URL: https://github.com/SSSD/sssd/pull/58
>Title: #58: Fix bug in libcrypto version of sss_decrypt
>
>lslebodn commented:
>"""
>Tomas Mraz asked me to do some changes.
>"""
This should have beed added to the different PR.
I removed comment from GH.

LS
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread lslebodn

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

lslebodn commented:
"""
On (20/10/16 01:21), Jakub Hrozek wrote:
>before the patch:
>```
>[jhrozek@client] sssd $ [] getent netgroup ngr1
>ngr1  (-,user1,ipa.test)
>[jhrozek@client] sssd $ [] getent netgroup ngr2
>  
>[jhrozek@client] sssd $ [] 
>```
>
>After the patch:
>```
>[jhrozek@client] sssd $ [(review)] getent netgroup ngr1
>ngr1  (-,user1,ipa.test)
>[jhrozek@client] sssd $ [(review)] getent netgroup ngr2
>ngr2  (-,user1,ipa.test) (-,user1,ipa.test)
>[jhrozek@client] sssd $ [(review)] 
>```
>
>So the netgroup can be resolved, but is it correct that the netgroup member is 
>listed twice?
>
It's impossible to say without content of netgroups on server.
Could you provide them?

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255044661
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable

2016-10-20 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/59
Title: #59: ipa_netgroups: Lowercase key to htable

jhrozek commented:
"""
before the patch:
```
[jhrozek@client] sssd $ [] getent netgroup ngr1
ngr1  (-,user1,ipa.test)
[jhrozek@client] sssd $ [] getent netgroup ngr2 
 
[jhrozek@client] sssd $ [] 
```

After the patch:
```
[jhrozek@client] sssd $ [(review)] getent netgroup ngr1
ngr1  (-,user1,ipa.test)
[jhrozek@client] sssd $ [(review)] getent netgroup ngr2
ngr2  (-,user1,ipa.test) (-,user1,ipa.test)
[jhrozek@client] sssd $ [(review)] 
```

So the netgroup can be resolved, but is it correct that the netgroup member is 
listed twice?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/59#issuecomment-255040368
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#34][-Accepted] cache_req: move from switch to plugins

2016-10-20 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/34
Title: #34: cache_req: move from switch to plugins

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#34][+Pushed] cache_req: move from switch to plugins

2016-10-20 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/34
Title: #34: cache_req: move from switch to plugins

Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#34][comment] cache_req: move from switch to plugins

2016-10-20 Thread jhrozek

  URL: https://github.com/SSSD/sssd/pull/34
Title: #34: cache_req: move from switch to plugins

jhrozek commented:
"""
Pushed in ef39016..e083a6b
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/34#issuecomment-255036044
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#34][closed] cache_req: move from switch to plugins

2016-10-20 Thread jhrozek

   URL: https://github.com/SSSD/sssd/pull/34
Author: pbrezina
 Title: #34: cache_req: move from switch to plugins
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/34/head:pr34
git checkout pr34
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: master/1.14 split and 1.14.2 release

2016-10-20 Thread Jakub Hrozek

On Wed, Oct 19, 2016 at 12:09:30PM +0200, Jakub Hrozek wrote:
> Hi,
> 
> some refactoring patches were already acked
> (https://github.com/SSSD/sssd/pull/34) and I would prefer them to not
> land in the 1.14 branch. Therefore I propose we split master and 1.14.

The branches have been split.
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Re: [SSSD-users] Announcing SSSD 1.14.2

2016-10-20 Thread Joakim Tjernlund

On Wed, 2016-10-19 at 21:48 +0200, Jakub Hrozek wrote:
>   === SSSD 1.14.2 ===
> 
> The SSSD team is proud to announce the release of version 1.14.2 of
> the System Security Services Daemon.
> 
> As always, the source is available from https://fedorahosted.org/sssd
> 
> RPM packages will be made available for Fedora shortly.
> 
> == Feedback ==
> Please provide comments, bugs and other feedback via the sssd-devel
> or sssd-users mailing lists:
> https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
> 

hmm, I still get:
libtool: link: x86_64-pc-linux-gnu-gcc -shared  -fPIC -DPIC  
src/providers/krb5/.libs/libsss_krb5_la-krb5_init.o   -Wl,-rpath 
-Wl,/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs
 -Wl,-rpath -Wl,/usr/lib64/sssd 
-L/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs 
-Wl,--as-needed -L/usr/lib64 ./.libs/libsss_util.so -lpopt -lldb -ldbus-1 
-lpcre /usr/lib64/libini_config.so /usr/lib64/libpath_utils.so 
/usr/lib64/libbasicobjects.so /usr/lib64/libref_array.so 
/usr/lib64/libcollection.so /usr/lib64/libldap.so /usr/lib64/liblber.so 
-lresolv -lsasl2 -lgnutls /usr/lib64/libgcrypt.so -lgpg-error -ltdb -lglib-2.0 
/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_child.so
 
/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_cert.so
 
/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_crypt.so
 ./.libs/libsss_crypt.so -lcrypto ./.libs/libsss_debug.so 
./.libs/libsss_child.so -ltevent -ltalloc 
/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_debug.so
 ./.libs/libsss_krb5_common.so -lkeyutils /usr/lib64/libdhash.so -lkrb5 
-lk5crypto -lcom_err  -O2 -Wl,-O1   -Wl,-soname -Wl,libsss_krb5.so -o 
.libs/libsss_krb5.so
./.libs/libsss_util.so: undefined reference to `timer_settime'
./.libs/libsss_util.so: undefined reference to `timer_delete'
./.libs/libsss_util.so: undefined reference to `timer_create'
collect2: error: ld returned 1 exit status
libtool: link: x86_64-pc-linux-gnu-gcc -Wall -Wshadow -Wstrict-prototypes 
-Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wundef 
-Werror-implicit-function-declaration -Winit-self -Wmissing-include-dirs 
-fno-strict-aliasing -std=gnu99 -O2 -pipe -D_FILE_OFFSET_BITS=64 
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,-O1 -o 
.libs/sss_ssh_knownhostsproxy src/sss_client/sss_ssh_knownhostsproxy-common.o 
src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.o 
src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.o -Wl,-rpath 
-Wl,/usr/lib64  -Wl,--as-needed ./.libs/libsss_util.so -L/usr/lib64 -lldb 
-ldbus-1 -lpcre /usr/lib64/libini_config.so /usr/lib64/libpath_utils.so 
/usr/lib64/libbasicobjects.so /usr/lib64/libref_array.so 
/usr/lib64/libcollection.so /usr/lib64/libldap.so /usr/lib64/liblber.so 
-lresolv -lsasl2 -lgnutls /usr/lib64/libgcrypt.so -lgpg-error -ltdb -lglib-2.0 
/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_child.so
 
/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_cert.so
 
/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_crypt.so
 ./.libs/libsss_crypt.so -lcrypto ./.libs/libsss_debug.so 
./.libs/libsss_child.so -ltevent /usr/lib64/libdhash.so 
/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_debug.so
 -lpthread -ltalloc -lpopt -Wl,-rpath -Wl,/usr/lib64/sssd
Makefile:11323: recipe for target 'sss_ssh_authorizedkeys' failed
make[2]: *** [sss_ssh_authorizedkeys] Error 1
make[2]: *** Waiting for unfinished jobs
./.libs/libsss_util.so: undefined reference to `timer_settime'
./.libs/libsss_util.so: undefined reference to `timer_delete'
./.libs/libsss_util.so: undefined reference to `timer_create'
collect2: error: ld returned 1 exit status
Makefile:11336: recipe for target 'sss_ssh_knownhostsproxy' failed
make[2]: *** [sss_ssh_knownhostsproxy] Error 1

I thought this was fixed(linking with librt that is)?

Also, could you fix this warning:
  /etc/init.d/sssd[3049]: /etc/init.d/sssd uses runscript, please convert to 
openrc-run.

Just apply 
 sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' src/sysv/gentoo/sssd.in

Jocke
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

37 matches

Mail list logo