Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 409701 - sys-auth/sssd: add multilib support
Summary: sys-auth/sssd: add multilib support
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: All Linux
: Normal enhancement (vote)
Assignee: Multilib team
URL: https://fedorahosted.org/sssd/ticket/...
Whiteboard:
Keywords: NeedPatch
: 524170 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-03-25 22:09 UTC by Petr Polezhaev
Modified: 2014-11-20 19:40 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Polezhaev 2012-03-25 22:09:36 UTC
This is required for anyone who are using sys-auth/sssd for system auth and trying to launch 32bit application, which needs user authentication info.

Way to reproduce:
1. Install and configure sssd for external login storage use
2. emerge acroread
3. acroread

Results:
acroread doesn't start without any error particular error or action (no splash, nothing), with exception of
"(acroread:6960): GLib-WARNING **: getpwuid_r(): failed due to unknown user id (5000)"

Workaround:
/etc/init.d/nscd start

but it conflicts with sssd caching capabilities.
Comment 1 Andreis Vinogradovs ( slepnoga ) 2013-01-26 07:48:37 UTC
In my opinion, a branch of 1.8 not vulnerable
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2014-05-21 18:52:55 UTC
Re-assigning to multilib@
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2014-05-27 13:06:23 UTC
What do we need in multilib here?

I would suspect at least the PAM and NSS modules. Likely also the libraries in /usr/lib64, and probably the krb5 plugin.

What about /usr/lib64/sssd? Is that used by the daemon or by the libraries?
Comment 4 Petr Polezhaev 2014-05-27 18:11:59 UTC
I don't see any use of this libraries by anything aside the daemon. They seems to be it's plugins for various techniques.

PAM, NSS and krb5 32bit plugins should do the trick, IMO.

BTW that's still an issue (I need to run nscd from time to time to work with 32bit apps, namely a lot of Steam games), if you wonder.
Comment 5 Lukas Slebodnik 2014-06-28 14:34:52 UTC
The only necessary files which should be multilib(32,64) are files which are packaged in sssd-client on fedora. http://koji.fedoraproject.org/koji/rpminfo?rpmID=5208096

Some of them will not be build on gentoo, because sssd is built without samba.

It should be these thee files.
/lib64/libnss_sss.so.2
/lib64/security/pam_sss.so
/usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
Comment 6 Joakim Tjernlund 2014-09-21 16:54:43 UTC
Just got bitten by this problem too. Is there any progrees w.r.t multilib and sssd?
Comment 7 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2014-09-21 17:24:18 UTC
Thanks for the reminder. I will try to do it today, though it seems to have grown in new dependencies ;/.
Comment 8 Joakim Tjernlund 2014-09-22 10:27:20 UTC
(In reply to Michał Górny from comment #7)
> Thanks for the reminder. I will try to do it today, though it seems to have
> grown in new dependencies ;/.

Very much appriciated, thank you.
Comment 9 Joakim Tjernlund 2014-09-24 15:14:14 UTC
(In reply to Michał Górny from comment #7)
> Thanks for the reminder. I will try to do it today, though it seems to have
> grown in new dependencies ;/.

I guess this was not an easy task :)
Seems like you have to rebuild the whole stack just to get to the
client libs.
sssd really needs separate server and client build targets
Comment 10 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2014-09-24 16:33:08 UTC
(In reply to Joakim Tjernlund from comment #9)
> (In reply to Michał Górny from comment #7)
> > Thanks for the reminder. I will try to do it today, though it seems to have
> > grown in new dependencies ;/.
> 
> I guess this was not an easy task :)
> Seems like you have to rebuild the whole stack just to get to the
> client libs.
> sssd really needs separate server and client build targets

It is not. The whole thing would be much better as separate packages. I'm still trying to find out how much of configure we need to stub.
Comment 11 Pacho Ramos gentoo-dev 2014-10-01 11:47:29 UTC
*** Bug 524170 has been marked as a duplicate of this bug. ***
Comment 12 Michael Sudnick 2014-10-28 00:28:54 UTC
Hate to be a pest, but has there been any progress?
Comment 13 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2014-10-28 07:28:04 UTC
Not really. Need a patch, and a good one.
Comment 14 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2014-11-20 17:57:54 UTC
Good news, everyone!

$ qlist sssd | grep lib32
/lib32/security/pam_sss.so
/lib32/libnss_sss.so.2.0.0
/usr/lib32/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
/lib32/libnss_sss.so.2
/lib32/libnss_sss.so

Now I just have to test it in a dedicated chroot to make sure it doesn't depend on some unnecessary multilib libraries being installed.
Comment 15 Joakim Tjernlund 2014-11-20 18:03:13 UTC
(In reply to Michał Górny from comment #14)
> Good news, everyone!
> 
> $ qlist sssd | grep lib32
> /lib32/security/pam_sss.so
> /lib32/libnss_sss.so.2.0.0
> /usr/lib32/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
> /lib32/libnss_sss.so.2
> /lib32/libnss_sss.so
> 
> Now I just have to test it in a dedicated chroot to make sure it doesn't
> depend on some unnecessary multilib libraries being installed.

Nice!

It will be interesting to see what magic you had to do for this :)
Comment 16 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2014-11-20 19:40:43 UTC
+*sssd-1.12.2-r1 (20 Nov 2014)
+
+  20 Nov 2014; Michał Górny <mgorny@gentoo.org> +sssd-1.12.2-r1.ebuild:
+  Enable multilib support, bug #409701.

Hopefully it builds fine with minimal set of dependencies necessary.