[SSSD] [sssd PR#50][+Changes requested] [RFC] Use GNULIB's compiler warning code
URL: https://github.com/SSSD/sssd/pull/50 Title: #50: [RFC] Use GNULIB's compiler warning code Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#54][closed] crypto: Port libcrypto code to openssl-1.1
URL: https://github.com/SSSD/sssd/pull/54 Author: lslebodn Title: #54: crypto: Port libcrypto code to openssl-1.1 Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/54/head:pr54 git checkout pr54 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#54][+Pushed] crypto: Port libcrypto code to openssl-1.1
URL: https://github.com/SSSD/sssd/pull/54 Title: #54: crypto: Port libcrypto code to openssl-1.1 Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#54][comment] crypto: Port libcrypto code to openssl-1.1
URL: https://github.com/SSSD/sssd/pull/54 Title: #54: crypto: Port libcrypto code to openssl-1.1 lslebodn commented: """ On (20/10/16 04:38), t8m wrote: >Reviewed, looks good. > Thank you very much for review. master: * 8f1316a0c677f211eaaa1346e21a03446b8c4fb1 sssd-1-14: * 81ebd058ab8f6ab08b05a7e35e04881812404d43 and pushed also to LTM branch so it can be used with the newest openssl sssd-1-13: * e1917b665ee4a51706c5f3d311d255917c72f459 LS """ See the full comment at https://github.com/SSSD/sssd/pull/54#issuecomment-255102790 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable lslebodn commented: """ We can discuss even in closed PR, but better would be move discussion on sssd-devel. """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255088564 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable mzidek-rh commented: """ Part of the key is the attribute name. My guess is that the lowercaseing before storing to the hash table is to make sure that the attribute name case will not play any role. """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255088522 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable lslebodn commented: """ On (20/10/16 05:08), Jakub Hrozek wrote: >On Thu, Oct 20, 2016 at 05:04:20AM -0700, mzidek-rh wrote: >> And yes, there are differences between plain LDAP and IPA providers. The >> netgroup code is completely different. It may be good to unify the two, but >> it is not purpose of this patch. > >Maybe it would be good to explain why do we need to lowercase anything? > Not just explain but also provide test It is still possible that bug is on IPA server LS """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255088360 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][closed] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Author: mzidek-rh Title: #59: ipa_netgroups: Lowercase key to htable Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/59/head:pr59 git checkout pr59 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable jhrozek commented: """ On Thu, Oct 20, 2016 at 05:04:20AM -0700, mzidek-rh wrote: > And yes, there are differences between plain LDAP and IPA providers. The > netgroup code is completely different. It may be good to unify the two, but > it is not purpose of this patch. Maybe it would be good to explain why do we need to lowercase anything? """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255087661 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable mzidek-rh commented: """ And yes, there are differences between plain LDAP and IPA providers. The netgroup code is completely different. It may be good to unify the two, but it is not purpose of this patch. """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255086956 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][reopened] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Author: mzidek-rh Title: #59: ipa_netgroups: Lowercase key to htable Action: reopened To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/59/head:pr59 git checkout pr59 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable mzidek-rh commented: """ IPA does not allow other then lower cased netgroup names. # ipa netgroup-add Netgroup name: WAAA - Added netgroup "waaa" - Netgroup name: waaa NIS domain name: ipadomain.test IPA unique ID: 48135db6-96bc-11e6-bad6-52540079644a I do not see reason to open a new PR with the same patch. Reopening. """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255085896 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][closed] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Author: mzidek-rh Title: #59: ipa_netgroups: Lowercase key to htable Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/59/head:pr59 git checkout pr59 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable lslebodn commented: """ I am glad that ticket #3117 cannot be reproduced. Please close it. The ticket #3116 is one of the best examples how should ticket not look like. Please open a new one. You can inspire in https://fedorahosted.org/sssd/ticket/2275 Because you want to fix a regression which should be fixed in that ticket. Anyway fix is wrong. Ipa provider is not case insensitive. And we do not lowercase anything for netgroups in ldap provider. Closing this PR as rejected. It will be much simpler to have a conversation about new patch in new PR """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255083498 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#54][comment] crypto: Port libcrypto code to openssl-1.1
URL: https://github.com/SSSD/sssd/pull/54 Title: #54: crypto: Port libcrypto code to openssl-1.1 t8m commented: """ Reviewed, looks good. """ See the full comment at https://github.com/SSSD/sssd/pull/54#issuecomment-255081904 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#54][synchronized] crypto: Port libcrypto code to openssl-1.1
URL: https://github.com/SSSD/sssd/pull/54 Author: lslebodn Title: #54: crypto: Port libcrypto code to openssl-1.1 Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/54/head:pr54 git checkout pr54 From 9fe94c77a8c505b988ee7bedca4d3d699244e502 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Mon, 17 Oct 2016 15:44:20 +0200 Subject: [PATCH] crypto: Port libcrypto code to openssl-1.1 --- Makefile.am| 1 + src/util/cert/libcrypto/cert.c | 23 ++-- src/util/crypto/libcrypto/crypto_hmac_sha1.c | 33 ++- src/util/crypto/libcrypto/crypto_nite.c| 76 +++-- src/util/crypto/libcrypto/crypto_obfuscate.c | 32 +++ src/util/crypto/libcrypto/crypto_sha512crypt.c | 77 +++--- src/util/crypto/libcrypto/sss_openssl.h| 39 + 7 files changed, 190 insertions(+), 91 deletions(-) create mode 100644 src/util/crypto/libcrypto/sss_openssl.h diff --git a/Makefile.am b/Makefile.am index 7ef2331..fc4037a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -583,6 +583,7 @@ endif dist_noinst_HEADERS = \ src/monitor/monitor.h \ src/util/crypto/sss_crypto.h \ +src/util/crypto/libcrypto/sss_openssl.h \ src/util/cert.h \ src/util/dlinklist.h \ src/util/debug.h \ diff --git a/src/util/cert/libcrypto/cert.c b/src/util/cert/libcrypto/cert.c index a7752d7..aba598d 100644 --- a/src/util/cert/libcrypto/cert.c +++ b/src/util/cert/libcrypto/cert.c @@ -182,6 +182,8 @@ errno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db, size_t c; X509 *cert = NULL; EVP_PKEY *cert_pub_key = NULL; +const BIGNUM *n; +const BIGNUM *e; int modulus_len; unsigned char modulus[OPENSSL_RSA_MAX_MODULUS_BITS/8]; int exponent_len; @@ -208,16 +210,29 @@ errno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db, goto done; } -if (cert_pub_key->type != EVP_PKEY_RSA) { +if (EVP_PKEY_base_id(cert_pub_key) != EVP_PKEY_RSA) { DEBUG(SSSDBG_CRIT_FAILURE, "Expected RSA public key, found unsupported [%d].\n", - cert_pub_key->type); + EVP_PKEY_base_id(cert_pub_key)); ret = EINVAL; goto done; } -modulus_len = BN_bn2bin(cert_pub_key->pkey.rsa->n, modulus); -exponent_len = BN_bn2bin(cert_pub_key->pkey.rsa->e, exponent); +#if OPENSSL_VERSION_NUMBER >= 0x1010L +RSA *rsa_pub_key = NULL; +rsa_pub_key = EVP_PKEY_get0_RSA(cert_pub_key); +if (rsa_pub_key == NULL) { +ret = ENOMEM; +goto done; +} + +RSA_get0_key(rsa_pub_key, &n, &e, NULL); +#else +n = cert_pub_key->pkey.rsa->n; +e = cert_pub_key->pkey.rsa->e; +#endif +modulus_len = BN_bn2bin(n, modulus); +exponent_len = BN_bn2bin(e, exponent); size = SSH_RSA_HEADER_LEN + 3 * sizeof(uint32_t) + modulus_len diff --git a/src/util/crypto/libcrypto/crypto_hmac_sha1.c b/src/util/crypto/libcrypto/crypto_hmac_sha1.c index 37d2579..5a4ce35 100644 --- a/src/util/crypto/libcrypto/crypto_hmac_sha1.c +++ b/src/util/crypto/libcrypto/crypto_hmac_sha1.c @@ -24,6 +24,8 @@ #include +#include "sss_openssl.h" + #define HMAC_SHA1_BLOCKSIZE 64 int sss_hmac_sha1(const unsigned char *key, @@ -33,23 +35,26 @@ int sss_hmac_sha1(const unsigned char *key, unsigned char *out) { int ret; -EVP_MD_CTX ctx; +EVP_MD_CTX *ctx; unsigned char ikey[HMAC_SHA1_BLOCKSIZE], okey[HMAC_SHA1_BLOCKSIZE]; size_t i; unsigned char hash[SSS_SHA1_LENGTH]; unsigned int res_len; -EVP_MD_CTX_init(&ctx); +ctx = EVP_MD_CTX_new(); +if (ctx == NULL) { +return ENOMEM; +} if (key_len > HMAC_SHA1_BLOCKSIZE) { /* keys longer than blocksize are shortened */ -if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) { +if (!EVP_DigestInit_ex(ctx, EVP_sha1(), NULL)) { ret = EIO; goto done; } -EVP_DigestUpdate(&ctx, (const unsigned char *)key, key_len); -EVP_DigestFinal_ex(&ctx, ikey, &res_len); +EVP_DigestUpdate(ctx, (const unsigned char *)key, key_len); +EVP_DigestFinal_ex(ctx, ikey, &res_len); memset(ikey + SSS_SHA1_LENGTH, 0, HMAC_SHA1_BLOCKSIZE - SSS_SHA1_LENGTH); } else { /* keys shorter than blocksize are zero-padded */ @@ -63,25 +68,25 @@ int sss_hmac_sha1(const unsigned char *key, ikey[i] ^= 0x36; } -if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) { +if (!EVP_DigestInit_ex(ctx, EVP_sha1(), NULL)) { ret = EIO; goto done; } -EVP_DigestUpdate(&ctx, (const unsigned char *)ikey, HMAC_SHA1_BLOCKSIZE); -EVP_DigestUpdate(&ctx, (const unsigned char *)in, in_len); -EVP_DigestFinal_ex(&ctx, hash, &res_len); +EVP_DigestUpdate(ctx, (const unsigned char *)ikey, HMAC_SHA1_
[SSSD] [sssd PR#54][-Changes requested] crypto: Port libcrypto code to openssl-1.1
URL: https://github.com/SSSD/sssd/pull/54 Title: #54: crypto: Port libcrypto code to openssl-1.1 Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable mzidek-rh commented: """ Lukas: The ticket 3116 was closed as duplicate by you. I was always saying that it is not duplicate. I even said that in order to solve them properly we need to first solve 3116 and then 3117 (I set 3117 as blocked by 3116). Because this patch is for 3116 and not for 3117, I put 3116 to the commit message. I was not able to reproduce 3117 with master anymore. I am reopening this PR. Feel free to reopen the 3116 ticket. This ticket is quite simple. We lowercase the key to htable when we store the entries, but we do not lowercase the keys that we use to search the entries. Which is IMO totally obvious bug. Btw. by not fixing this, we make other potential bugs with nested netgroups totally invisible even for manual testing and that is keeping us from discovering/fixing those. """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255078449 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][reopened] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Author: mzidek-rh Title: #59: ipa_netgroups: Lowercase key to htable Action: reopened To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/59/head:pr59 git checkout pr59 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: [PATCH SET] SYSDB: Adding message to inform about cache
On 09/22/2016 01:04 PM, Lukas Slebodnik wrote: Attached is an alternative solution for debugging ldb functions How to test: LD_PRELOAD=.libs/sss_ldb_debug.so ./sysdb-tests -d 10 The only think would be to find out why LD_PRELOAD in /etc/sysconfig/sssd is not passwd to child processes. MY_LD_PRELOAD is passed without issue. LS Hello all, I just replaced wrappers with Lukas patch. Thanks. I tested manually LD_PRELOAD, it worked fine if you use export LD_PRELOAD... how it has been described above in Lukas answer. I wasn't successful with /etc/sysconfig/sssd too. And uncle google is silent :-( I propose to change the commit message of the third patch to `export LD_PRELAOD=...` instead of `/etc/sysconfig/sssd`. So it should work. Any other idea? Regards -- Petr^4 Čech >From 15b113dcea02e445dc297f336c543d71cb4ea338 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Tue, 16 Aug 2016 09:32:18 +0200 Subject: [PATCH 1/3] SYSDB: Adding message to inform which cache is used Resolves: https://fedorahosted.org/sssd/ticket/3060 --- src/db/sysdb_ops.c | 31 +++ 1 file changed, 31 insertions(+) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 29f4b1d1597bd98541a152dd6462caa864fbf2fd..8b194e3db48870aecd54b21bd3d0b77dc342f9e5 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -27,6 +27,11 @@ #include "util/cert.h" #include + +#define SSS_SYSDB_NO_CACHE 0x0 +#define SSS_SYSDB_CACHE 0x1 +#define SSS_SYSDB_TS_CACHE 0x2 + static uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr) { const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr); @@ -1176,6 +1181,21 @@ done: return ret; } +static const char *get_attr_storage(int state_mask) +{ +const char *storage = "unknown"; + +if (state_mask == (SSS_SYSDB_CACHE | SSS_SYSDB_TS_CACHE)) { +storage = "cache, ts_cache"; +} else if (state_mask == SSS_SYSDB_TS_CACHE) { +storage = "ts_cache"; +} else if (state_mask == SSS_SYSDB_CACHE) { +storage = "cache"; +} + +return storage; +} + int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, struct ldb_dn *entry_dn, struct sysdb_attrs *attrs, @@ -1184,6 +1204,7 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, bool sysdb_write = true; errno_t ret = EOK; errno_t tret = EOK; +int state_mask = SSS_SYSDB_NO_CACHE; sysdb_write = sysdb_entry_attrs_diff(sysdb, entry_dn, attrs, mod_op); if (sysdb_write == true) { @@ -1192,6 +1213,8 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set attrs for %s, %d [%s]\n", ldb_dn_get_linearized(entry_dn), ret, sss_strerror(ret)); +} else { +state_mask |= SSS_SYSDB_CACHE; } } @@ -1201,9 +1224,17 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set ts attrs for %s\n", ldb_dn_get_linearized(entry_dn)); /* Not fatal */ +} else { +state_mask |= SSS_SYSDB_TS_CACHE; } } +if (state_mask != SSS_SYSDB_NO_CACHE) { +DEBUG(SSSDBG_FUNC_DATA, "Entry [%s] has set [%s] attrs.\n", +ldb_dn_get_linearized(entry_dn), +get_attr_storage(state_mask)); +} + return ret; } -- 2.7.4 >From 6b3eea9fbdc0775bce530a1567e51bafcfee3163 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Tue, 16 Aug 2016 09:33:46 +0200 Subject: [PATCH 2/3] SYSDB: Adding message about reason why cache changed Resolves: https://fedorahosted.org/sssd/ticket/3060 --- src/db/sysdb.c | 24 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/src/db/sysdb.c b/src/db/sysdb.c index 6f0b1b9e9b52bede68f03cb5674f65b91cc28c98..b67769ed11fc0796d1987f09aa568c2db4a0ffab 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -1821,7 +1821,8 @@ bool sysdb_msg_attrs_modts_differs(struct ldb_message *old_entry, return true; } -static bool sysdb_ldb_msg_difference(struct ldb_message *db_msg, +static bool sysdb_ldb_msg_difference(struct ldb_dn *entry_dn, + struct ldb_message *db_msg, struct ldb_message *mod_msg) { struct ldb_message_element *mod_msg_el; @@ -1848,6 +1849,9 @@ static bool sysdb_ldb_msg_difference(struct ldb_message *db_msg, */ if (mod_msg_el->num_values > 0) { /* We can ignore additions of timestamp attributes */ +DEBUG(SSSDBG_TRACE_INTERNAL, + "Added attr [%s] to entry [%s]\n", + mod_msg_el->name, ldb_dn_get_linearized(entry_dn)); return true; } break; @@ -1855,12 +1859,15 @@ static bool sysdb_ldb_msg_difference(struct ldb_m
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable lslebodn commented: """ On (20/10/16 02:58), Jakub Hrozek wrote: >On Thu, Oct 20, 2016 at 02:55:12AM -0700, lslebodn wrote: >> Here is a hierarchy based on descition in ticket >> ng1: user1 >> ng2: user2, ng1 >> >> So getent netgroup shoudl return for >> >> ng1 -> just a "(-,user1,-)" >> ng2 -> "(-,user1,-)" "(-,user2,-)" >> >> >> This is exactly a reason why I require to write a test for each bugfix. >> Manual testing if error-prone and wasting of time. >> Reviewer need a reliable reproducer and not just some "steps to reproduce" > >OK, then my setup is different, sorry: >[jhrozek@unidirect] ~ $ [] ipa netgroup-show ngr1 > Netgroup name: ngr1 > NIS domain name: ipa.test > Member of netgroups: ngr2 > Member User: user1 >[jhrozek@unidirect] ~ $ [] ipa netgroup-show ngr2 > Netgroup name: ngr2 > NIS domain name: ipa.test > Member netgroups: ngr1 > Member User: user1 > Thank you for confirmation that manual testing is error-prone and reviewer need a reliable (automated) reproducer LS """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255067918 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][closed] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Author: mzidek-rh Title: #59: ipa_netgroups: Lowercase key to htable Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/59/head:pr59 git checkout pr59 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][-Changes requested] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable lslebodn commented: """ On (20/10/16 02:58), Jakub Hrozek wrote: >On Thu, Oct 20, 2016 at 02:55:12AM -0700, lslebodn wrote: >> On (20/10/16 02:20), Jakub Hrozek wrote: >> >On Thu, Oct 20, 2016 at 01:40:15AM -0700, lslebodn wrote: >> >> On (20/10/16 01:21), Jakub Hrozek wrote: >> >> >before the patch: >> >> >``` >> >> >[jhrozek@client] sssd $ [] getent netgroup ngr1 >> >> >ngr1 (-,user1,ipa.test) >> >> >[jhrozek@client] sssd $ [] getent netgroup ngr2 >> >> > >> >> >[jhrozek@client] sssd $ [] >> >> >``` >> >> > >> >> >After the patch: >> >> >``` >> >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr1 >> >> >ngr1 (-,user1,ipa.test) >> >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr2 >> >> >ngr2 (-,user1,ipa.test) (-,user1,ipa.test) >> >> >[jhrozek@client] sssd $ [(review)] >> >> >``` >> >> > >> >> >So the netgroup can be resolved, but is it correct that the netgroup >> >> >member is listed twice? >> >> > >> >> It's impossible to say without content of netgroups on server. >> >> Could you provide them? >> > >> >Same as the reproducer in the ticket. But the point is, is it ever OK to >> >print duplicates? I guess they are harmless, but it just looks odd. >> > >> Then the bug is not fixed > >Well, a different bug is fixed (and Michal was arguing there are two >bugs..). Before, the netgroup was not resolved at all, after the patch it is. > Thank you very much for reminder. I look closer to the ticket https://fedorahosted.org/sssd/ticket/3116 and it was closed as a duplicate of #3117 We should not used closed ticket in commit message. Therefore closing this PR as rejected. LS """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255066482 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][+Rejected] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable Label: +Rejected ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable jhrozek commented: """ On Thu, Oct 20, 2016 at 02:55:12AM -0700, lslebodn wrote: > On (20/10/16 02:20), Jakub Hrozek wrote: > >On Thu, Oct 20, 2016 at 01:40:15AM -0700, lslebodn wrote: > >> On (20/10/16 01:21), Jakub Hrozek wrote: > >> >before the patch: > >> >``` > >> >[jhrozek@client] sssd $ [] getent netgroup ngr1 > >> >ngr1 (-,user1,ipa.test) > >> >[jhrozek@client] sssd $ [] getent netgroup ngr2 > >> > > >> >[jhrozek@client] sssd $ [] > >> >``` > >> > > >> >After the patch: > >> >``` > >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr1 > >> >ngr1 (-,user1,ipa.test) > >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr2 > >> >ngr2 (-,user1,ipa.test) (-,user1,ipa.test) > >> >[jhrozek@client] sssd $ [(review)] > >> >``` > >> > > >> >So the netgroup can be resolved, but is it correct that the netgroup > >> >member is listed twice? > >> > > >> It's impossible to say without content of netgroups on server. > >> Could you provide them? > > > >Same as the reproducer in the ticket. But the point is, is it ever OK to > >print duplicates? I guess they are harmless, but it just looks odd. > > > Then the bug is not fixed Well, a different bug is fixed (and Michal was arguing there are two bugs..). Before, the netgroup was not resolved at all, after the patch it is. > > Here is a hierarchy based on descition in ticket > ng1: user1 > ng2: user2, ng1 > > So getent netgroup shoudl return for > > ng1 -> just a "(-,user1,-)" > ng2 -> "(-,user1,-)" "(-,user2,-)" > > > This is exactly a reason why I require to write a test for each bugfix. > Manual testing if error-prone and wasting of time. > Reviewer need a reliable reproducer and not just some "steps to reproduce" OK, then my setup is different, sorry: [jhrozek@unidirect] ~ $ [] ipa netgroup-show ngr1 Netgroup name: ngr1 NIS domain name: ipa.test Member of netgroups: ngr2 Member User: user1 [jhrozek@unidirect] ~ $ [] ipa netgroup-show ngr2 Netgroup name: ngr2 NIS domain name: ipa.test Member netgroups: ngr1 Member User: user1 """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255062876 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable lslebodn commented: """ On (20/10/16 02:20), Jakub Hrozek wrote: >On Thu, Oct 20, 2016 at 01:40:15AM -0700, lslebodn wrote: >> On (20/10/16 01:21), Jakub Hrozek wrote: >> >before the patch: >> >``` >> >[jhrozek@client] sssd $ [] getent netgroup ngr1 >> >ngr1 (-,user1,ipa.test) >> >[jhrozek@client] sssd $ [] getent netgroup ngr2 >> > >> >[jhrozek@client] sssd $ [] >> >``` >> > >> >After the patch: >> >``` >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr1 >> >ngr1 (-,user1,ipa.test) >> >[jhrozek@client] sssd $ [(review)] getent netgroup ngr2 >> >ngr2 (-,user1,ipa.test) (-,user1,ipa.test) >> >[jhrozek@client] sssd $ [(review)] >> >``` >> > >> >So the netgroup can be resolved, but is it correct that the netgroup member >> >is listed twice? >> > >> It's impossible to say without content of netgroups on server. >> Could you provide them? > >Same as the reproducer in the ticket. But the point is, is it ever OK to >print duplicates? I guess they are harmless, but it just looks odd. > Then the bug is not fixed Here is a hierarchy based on descition in ticket ng1: user1 ng2: user2, ng1 So getent netgroup shoudl return for ng1 -> just a "(-,user1,-)" ng2 -> "(-,user1,-)" "(-,user2,-)" This is exactly a reason why I require to write a test for each bugfix. Manual testing if error-prone and wasting of time. Reviewer need a reliable reproducer and not just some "steps to reproduce" LS """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255062193 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable jhrozek commented: """ On Thu, Oct 20, 2016 at 01:40:15AM -0700, lslebodn wrote: > On (20/10/16 01:21), Jakub Hrozek wrote: > >before the patch: > >``` > >[jhrozek@client] sssd $ [] getent netgroup ngr1 > >ngr1 (-,user1,ipa.test) > >[jhrozek@client] sssd $ [] getent netgroup ngr2 > > > >[jhrozek@client] sssd $ [] > >``` > > > >After the patch: > >``` > >[jhrozek@client] sssd $ [(review)] getent netgroup ngr1 > >ngr1 (-,user1,ipa.test) > >[jhrozek@client] sssd $ [(review)] getent netgroup ngr2 > >ngr2 (-,user1,ipa.test) (-,user1,ipa.test) > >[jhrozek@client] sssd $ [(review)] > >``` > > > >So the netgroup can be resolved, but is it correct that the netgroup member > >is listed twice? > > > It's impossible to say without content of netgroups on server. > Could you provide them? Same as the reproducer in the ticket. But the point is, is it ever OK to print duplicates? I guess they are harmless, but it just looks odd. """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255054042 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: [sssd PR#58][comment] Fix bug in libcrypto version of sss_decrypt
On (19/10/16 18:09), lslebodn wrote: > URL: https://github.com/SSSD/sssd/pull/58 >Title: #58: Fix bug in libcrypto version of sss_decrypt > >lslebodn commented: >""" >Tomas Mraz asked me to do some changes. >""" This should have beed added to the different PR. I removed comment from GH. LS ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable lslebodn commented: """ On (20/10/16 01:21), Jakub Hrozek wrote: >before the patch: >``` >[jhrozek@client] sssd $ [] getent netgroup ngr1 >ngr1 (-,user1,ipa.test) >[jhrozek@client] sssd $ [] getent netgroup ngr2 > >[jhrozek@client] sssd $ [] >``` > >After the patch: >``` >[jhrozek@client] sssd $ [(review)] getent netgroup ngr1 >ngr1 (-,user1,ipa.test) >[jhrozek@client] sssd $ [(review)] getent netgroup ngr2 >ngr2 (-,user1,ipa.test) (-,user1,ipa.test) >[jhrozek@client] sssd $ [(review)] >``` > >So the netgroup can be resolved, but is it correct that the netgroup member is >listed twice? > It's impossible to say without content of netgroups on server. Could you provide them? """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255044661 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#59][comment] ipa_netgroups: Lowercase key to htable
URL: https://github.com/SSSD/sssd/pull/59 Title: #59: ipa_netgroups: Lowercase key to htable jhrozek commented: """ before the patch: ``` [jhrozek@client] sssd $ [] getent netgroup ngr1 ngr1 (-,user1,ipa.test) [jhrozek@client] sssd $ [] getent netgroup ngr2 [jhrozek@client] sssd $ [] ``` After the patch: ``` [jhrozek@client] sssd $ [(review)] getent netgroup ngr1 ngr1 (-,user1,ipa.test) [jhrozek@client] sssd $ [(review)] getent netgroup ngr2 ngr2 (-,user1,ipa.test) (-,user1,ipa.test) [jhrozek@client] sssd $ [(review)] ``` So the netgroup can be resolved, but is it correct that the netgroup member is listed twice? """ See the full comment at https://github.com/SSSD/sssd/pull/59#issuecomment-255040368 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#34][-Accepted] cache_req: move from switch to plugins
URL: https://github.com/SSSD/sssd/pull/34 Title: #34: cache_req: move from switch to plugins Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#34][+Pushed] cache_req: move from switch to plugins
URL: https://github.com/SSSD/sssd/pull/34 Title: #34: cache_req: move from switch to plugins Label: +Pushed ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#34][comment] cache_req: move from switch to plugins
URL: https://github.com/SSSD/sssd/pull/34 Title: #34: cache_req: move from switch to plugins jhrozek commented: """ Pushed in ef39016..e083a6b """ See the full comment at https://github.com/SSSD/sssd/pull/34#issuecomment-255036044 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#34][closed] cache_req: move from switch to plugins
URL: https://github.com/SSSD/sssd/pull/34 Author: pbrezina Title: #34: cache_req: move from switch to plugins Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/34/head:pr34 git checkout pr34 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: master/1.14 split and 1.14.2 release
On Wed, Oct 19, 2016 at 12:09:30PM +0200, Jakub Hrozek wrote: > Hi, > > some refactoring patches were already acked > (https://github.com/SSSD/sssd/pull/34) and I would prefer them to not > land in the 1.14 branch. Therefore I propose we split master and 1.14. The branches have been split. ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] Re: [SSSD-users] Announcing SSSD 1.14.2
On Wed, 2016-10-19 at 21:48 +0200, Jakub Hrozek wrote: > === SSSD 1.14.2 === > > The SSSD team is proud to announce the release of version 1.14.2 of > the System Security Services Daemon. > > As always, the source is available from https://fedorahosted.org/sssd > > RPM packages will be made available for Fedora shortly. > > == Feedback == > Please provide comments, bugs and other feedback via the sssd-devel > or sssd-users mailing lists: > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > hmm, I still get: libtool: link: x86_64-pc-linux-gnu-gcc -shared -fPIC -DPIC src/providers/krb5/.libs/libsss_krb5_la-krb5_init.o -Wl,-rpath -Wl,/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs -Wl,-rpath -Wl,/usr/lib64/sssd -L/var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs -Wl,--as-needed -L/usr/lib64 ./.libs/libsss_util.so -lpopt -lldb -ldbus-1 -lpcre /usr/lib64/libini_config.so /usr/lib64/libpath_utils.so /usr/lib64/libbasicobjects.so /usr/lib64/libref_array.so /usr/lib64/libcollection.so /usr/lib64/libldap.so /usr/lib64/liblber.so -lresolv -lsasl2 -lgnutls /usr/lib64/libgcrypt.so -lgpg-error -ltdb -lglib-2.0 /var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_child.so /var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_cert.so /var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_crypt.so ./.libs/libsss_crypt.so -lcrypto ./.libs/libsss_debug.so ./.libs/libsss_child.so -ltevent -ltalloc /var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_debug.so ./.libs/libsss_krb5_common.so -lkeyutils /usr/lib64/libdhash.so -lkrb5 -lk5crypto -lcom_err -O2 -Wl,-O1 -Wl,-soname -Wl,libsss_krb5.so -o .libs/libsss_krb5.so ./.libs/libsss_util.so: undefined reference to `timer_settime' ./.libs/libsss_util.so: undefined reference to `timer_delete' ./.libs/libsss_util.so: undefined reference to `timer_create' collect2: error: ld returned 1 exit status libtool: link: x86_64-pc-linux-gnu-gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wundef -Werror-implicit-function-declaration -Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99 -O2 -pipe -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,-O1 -o .libs/sss_ssh_knownhostsproxy src/sss_client/sss_ssh_knownhostsproxy-common.o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.o -Wl,-rpath -Wl,/usr/lib64 -Wl,--as-needed ./.libs/libsss_util.so -L/usr/lib64 -lldb -ldbus-1 -lpcre /usr/lib64/libini_config.so /usr/lib64/libpath_utils.so /usr/lib64/libbasicobjects.so /usr/lib64/libref_array.so /usr/lib64/libcollection.so /usr/lib64/libldap.so /usr/lib64/liblber.so -lresolv -lsasl2 -lgnutls /usr/lib64/libgcrypt.so -lgpg-error -ltdb -lglib-2.0 /var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_child.so /var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_cert.so /var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_crypt.so ./.libs/libsss_crypt.so -lcrypto ./.libs/libsss_debug.so ./.libs/libsss_child.so -ltevent /usr/lib64/libdhash.so /var/tmp/portage/sys-auth/sssd-1.14.2/work/sssd-1.14.2-abi_x86_64.amd64/.libs/libsss_debug.so -lpthread -ltalloc -lpopt -Wl,-rpath -Wl,/usr/lib64/sssd Makefile:11323: recipe for target 'sss_ssh_authorizedkeys' failed make[2]: *** [sss_ssh_authorizedkeys] Error 1 make[2]: *** Waiting for unfinished jobs ./.libs/libsss_util.so: undefined reference to `timer_settime' ./.libs/libsss_util.so: undefined reference to `timer_delete' ./.libs/libsss_util.so: undefined reference to `timer_create' collect2: error: ld returned 1 exit status Makefile:11336: recipe for target 'sss_ssh_knownhostsproxy' failed make[2]: *** [sss_ssh_knownhostsproxy] Error 1 I thought this was fixed(linking with librt that is)? Also, could you fix this warning: /etc/init.d/sssd[3049]: /etc/init.d/sssd uses runscript, please convert to openrc-run. Just apply sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' src/sysv/gentoo/sssd.in Jocke ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org