Re: [Freeipa-devel] [PATCH 0149] Clean up PTR record synchronization code and make it more robust

2013-05-14 Thread Tomas Babej

On 05/13/2013 05:22 PM, Petr Spacek wrote:

On 13.5.2013 16:49, Simo Sorce wrote:

On Mon, 2013-05-13 at 16:32 +0200, Petr Spacek wrote:

+   if ((ip = inet_addr(ip_str)) == INADDR_NONE) {



This kind of construct is hard to read and debug in gdb
I would suggest you do:
ip = inet_addr(ip_str);
if (ip == INADDER_NONE) {


I agree, done.



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

I tested the patch, works fine. ACK

Tomas
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0149] Clean up PTR record synchronization code and make it more robust

2013-05-14 Thread Petr Spacek

On 14.5.2013 16:41, Tomas Babej wrote:

On 05/13/2013 05:22 PM, Petr Spacek wrote:

On 13.5.2013 16:49, Simo Sorce wrote:

On Mon, 2013-05-13 at 16:32 +0200, Petr Spacek wrote:

+   if ((ip = inet_addr(ip_str)) == INADDR_NONE) {



This kind of construct is hard to read and debug in gdb
I would suggest you do:
ip = inet_addr(ip_str);
if (ip == INADDER_NONE) {


I agree, done.


I tested the patch, works fine. ACK


Pushed to master: 8d12512d0eb4445f4966fd0e326cde9823f6a0bb

--
Petr^2 Spacek

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH 0149] Clean up PTR record synchronization code and make it more robust

2013-05-13 Thread Lukas Slebodnik
On (06/05/13 14:03), Petr Spacek wrote:
On 18.4.2013 11:04, Petr Spacek wrote:
Hello,

Clean up PTR record synchronization code and make it more robust.

PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.

Tbabej's GCC cries about uninitialized variable 'ptr_a_equal', but we
weren't able to find any real error.

This version of the patch contains a workaround for the GCC oddities.

-- 
Petr^2 Spacek

From 5e6abb29df58ce00ecf7045254dfc7fb09fc4650 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 16 Apr 2013 16:10:09 +0200
Subject: [PATCH] Clean up PTR record synchronization code and make it more
 robust.

PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.

Signed-off-by: Petr Spacek pspa...@redhat.com
---
 src/ldap_helper.c | 507 --
 1 file changed, 342 insertions(+), 165 deletions(-)

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 
8448412b7a1a9150bd24d9ca46575c0402be0c9f..6c5cf2e79d762251954e3bb099dbef98a0b2d805
 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2830,35 +2830,360 @@ cleanup:
 #undef SET_LDAP_MOD
 }
 
+
+#define SYNCPTR_PREFPTR record synchronization 
+#define SYNCPTR_FMTPRE  SYNCPTR_PREF (%s) for A/ '%s' 
+#define SYNCPTR_FMTPOST ldap_modop_str(mod_op), a_name_str
+
+static const char *
+ldap_modop_str(unsigned int mod_op) {
+  static const char add[] = addition;
+  static const char del[] = deletion;
   ^
Declaration(definition) of string should be consistent everywhere in the source 
code.
Please change char _name[] to char * _name
Sorry for nitpicking, I know that semantically is it the same,
but in the other places in source code, strings are
defined like (const)? char *.
If you don't believe me, you can run next command :-)

grep -Rn -E 'char.*=.*[^]*' path_to_bind-dyndb-ldap

[snip]

+static isc_result_t
+ldap_find_ptr(ldap_instance_t *ldap_inst, const char *ip_str,
+dns_name_t *ptr_name, ld_string_t *ptr_dn,
+dns_name_t *zone_name) {
+  isc_result_t result;
+  isc_mem_t *mctx = ldap_inst-mctx;
+
+  in_addr_t ip;
+
+  /* Get string with IP address from change request
+   * and convert it to in_addr structure. */
+  if ((ip = inet_addr(ip_str)) t) == 0) {

If the input is invalid, INADDR_NONE (usually -1) is returned.
For details: man inet_addr

+  log_bug(SYNCPTR_PREF  could not convert IP address 
+  from string '%s', ip_str);
+  CLEANUP_WITH(ISC_R_UNEXPECTED);
+  }

LS

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH 0149] Clean up PTR record synchronization code and make it more robust

2013-05-13 Thread Petr Spacek

On 13.5.2013 15:23, Lukas Slebodnik wrote:

On (06/05/13 14:03), Petr Spacek wrote:

On 18.4.2013 11:04, Petr Spacek wrote:

Hello,

Clean up PTR record synchronization code and make it more robust.

PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.


Tbabej's GCC cries about uninitialized variable 'ptr_a_equal', but we
weren't able to find any real error.

This version of the patch contains a workaround for the GCC oddities.

--
Petr^2 Spacek



From 5e6abb29df58ce00ecf7045254dfc7fb09fc4650 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 16 Apr 2013 16:10:09 +0200
Subject: [PATCH] Clean up PTR record synchronization code and make it more
robust.

PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.

Signed-off-by: Petr Spacek pspa...@redhat.com
---
src/ldap_helper.c | 507 --
1 file changed, 342 insertions(+), 165 deletions(-)

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 
8448412b7a1a9150bd24d9ca46575c0402be0c9f..6c5cf2e79d762251954e3bb099dbef98a0b2d805
 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2830,35 +2830,360 @@ cleanup:
#undef SET_LDAP_MOD
}

+
+#define SYNCPTR_PREFPTR record synchronization 
+#define SYNCPTR_FMTPRE  SYNCPTR_PREF (%s) for A/ '%s' 
+#define SYNCPTR_FMTPOST ldap_modop_str(mod_op), a_name_str
+
+static const char *
+ldap_modop_str(unsigned int mod_op) {
+   static const char add[] = addition;
+   static const char del[] = deletion;

^
Declaration(definition) of string should be consistent everywhere in the source 
code.
Please change char _name[] to char * _name
Sorry for nitpicking, I know that semantically is it the same,
but in the other places in source code, strings are
defined like (const)? char *.
If you don't believe me, you can run next command :-)

 grep -Rn -E 'char.*=.*[^]*' path_to_bind-dyndb-ldap

[snip]


+static isc_result_t
+ldap_find_ptr(ldap_instance_t *ldap_inst, const char *ip_str,
+ dns_name_t *ptr_name, ld_string_t *ptr_dn,
+ dns_name_t *zone_name) {
+   isc_result_t result;
+   isc_mem_t *mctx = ldap_inst-mctx;
+
+   in_addr_t ip;
+
+   /* Get string with IP address from change request
+* and convert it to in_addr structure. */
+   if ((ip = inet_addr(ip_str)) t) == 0) {

 
If the input is invalid, INADDR_NONE (usually -1) is returned.
For details: man inet_addr


+   log_bug(SYNCPTR_PREF  could not convert IP address 
+   from string '%s', ip_str);
+   CLEANUP_WITH(ISC_R_UNEXPECTED);
+   }


Thank you for catching this! Nobody noticed it for one and half year :-)

In any case, this code can't handle IPv6 addresses. We will triage it 
tomorrow: https://fedorahosted.org/bind-dyndb-ldap/ticket/118


Fixed patch is attached. The new version includes also typo fix:  could = 
could.


--
Petr Spacek
From 9642cc19136ae69d0ac161f97d01f0e26fe6c772 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 16 Apr 2013 16:10:09 +0200
Subject: [PATCH] Clean up PTR record synchronization code and make it more
 robust.

PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.

Signed-off-by: Petr Spacek pspa...@redhat.com
---
 src/ldap_helper.c | 507 --
 1 file changed, 342 insertions(+), 165 deletions(-)

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index af630e53dde36c3eec4d1a286cb096bcd8f3b0ca..b8d79de15d2f4ba5784bb314fc52cc8eae74a700 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2830,35 +2830,360 @@ cleanup:
 #undef SET_LDAP_MOD
 }
 
+
+#define SYNCPTR_PREFPTR record synchronization 
+#define SYNCPTR_FMTPRE  SYNCPTR_PREF (%s) for A/ '%s' 
+#define SYNCPTR_FMTPOST ldap_modop_str(mod_op), a_name_str
+
+static const char *
+ldap_modop_str(unsigned int mod_op) {
+	static const char *add = addition;
+	static const char *del = deletion;
+
+	switch (mod_op) {
+	case LDAP_MOD_ADD:
+		return add;
+
+	case LDAP_MOD_DELETE:
+		return del;
+
+	default:
+		INSIST(unsupported LDAP mod_op == NULL);
+		return NULL;
+	}
+}
+
+static void
+append_trailing_dot(char *str, unsigned int size) {
+	unsigned int length = strlen(str);
+	if (str[length] != '.') {
+		REQUIRE(length + 1  size);
+		str[length] = '.';
+		str[length+1] = '\0';
+	}
+}
+
+static isc_result_t
+ldap_find_ptr(ldap_instance_t *ldap_inst, const char *ip_str,
+	  dns_name_t *ptr_name, ld_string_t *ptr_dn,
+	  dns_name_t *zone_name) {
+	isc_result_t result;
+	isc_mem_t *mctx = ldap_inst-mctx;
+
+	in_addr_t ip;
+
+	/* Get string with IP address from change request
+	 * and convert it to in_addr structure. */

Re: [Freeipa-devel] [PATCH 0149] Clean up PTR record synchronization code and make it more robust

2013-05-13 Thread Petr Spacek

On 13.5.2013 16:49, Simo Sorce wrote:

On Mon, 2013-05-13 at 16:32 +0200, Petr Spacek wrote:

+   if ((ip = inet_addr(ip_str)) == INADDR_NONE) {



This kind of construct is hard to read and debug in gdb
I would suggest you do:
ip = inet_addr(ip_str);
if (ip == INADDER_NONE) {


I agree, done.

--
Petr^2 Spacek
From 8d12512d0eb4445f4966fd0e326cde9823f6a0bb Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 16 Apr 2013 16:10:09 +0200
Subject: [PATCH] Clean up PTR record synchronization code and make it more
 robust.

PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.

Signed-off-by: Petr Spacek pspa...@redhat.com
---
 src/ldap_helper.c | 508 --
 1 file changed, 343 insertions(+), 165 deletions(-)

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index af630e53dde36c3eec4d1a286cb096bcd8f3b0ca..4baf7437d1666915729562b5465f0553a32c45a0 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2830,35 +2830,361 @@ cleanup:
 #undef SET_LDAP_MOD
 }
 
+
+#define SYNCPTR_PREFPTR record synchronization 
+#define SYNCPTR_FMTPRE  SYNCPTR_PREF (%s) for A/ '%s' 
+#define SYNCPTR_FMTPOST ldap_modop_str(mod_op), a_name_str
+
+static const char *
+ldap_modop_str(unsigned int mod_op) {
+	static const char *add = addition;
+	static const char *del = deletion;
+
+	switch (mod_op) {
+	case LDAP_MOD_ADD:
+		return add;
+
+	case LDAP_MOD_DELETE:
+		return del;
+
+	default:
+		INSIST(unsupported LDAP mod_op == NULL);
+		return NULL;
+	}
+}
+
+static void
+append_trailing_dot(char *str, unsigned int size) {
+	unsigned int length = strlen(str);
+	if (str[length] != '.') {
+		REQUIRE(length + 1  size);
+		str[length] = '.';
+		str[length+1] = '\0';
+	}
+}
+
+static isc_result_t
+ldap_find_ptr(ldap_instance_t *ldap_inst, const char *ip_str,
+	  dns_name_t *ptr_name, ld_string_t *ptr_dn,
+	  dns_name_t *zone_name) {
+	isc_result_t result;
+	isc_mem_t *mctx = ldap_inst-mctx;
+
+	in_addr_t ip;
+
+	/* Get string with IP address from change request
+	 * and convert it to in_addr structure. */
+	ip = inet_addr(ip_str);
+	if (ip == INADDR_NONE) {
+		log_bug(SYNCPTR_PREF could not convert IP address 
+			from string '%s', ip_str);
+		CLEANUP_WITH(ISC_R_UNEXPECTED);
+	}
+
+	/* Use internal net address representation. */
+	isc_netaddr_t isc_ip;
+	/* Only copy data to isc_ip stucture. */
+	isc_netaddr_fromin(isc_ip,(struct in_addr *) ip);
+
+	/*
+	 * Convert IP address to PTR record.
+	 *
+	 * @example
+	 * 192.168.0.1 - 1.0.168.192.in-addr.arpa
+	 *
+	 * @todo Check if it works for IPv6 correctly.
+	 */
+	CHECK(dns_byaddr_createptrname2(isc_ip, 0, ptr_name));
+
+	/* Get LDAP entry indentifier. */
+	CHECK(dnsname_to_dn(ldap_inst-zone_register, ptr_name, ptr_dn));
+
+	/*
+	 * @example
+	 * owner_dn_ptr = idnsName=100.0.168, idnsname=192.in-addr.arpa,cn=dns,$SUFFIX
+	 * owner_zone_dn_ptr = idnsname=192.in-addr.arpa,cn=dns,$SUFFIX
+	 */
+	char *owner_zone_dn_ptr = strstr(str_buf(ptr_dn),, ) + 1;
+
+	/* Get attribute idnsAllowDynUpdate for reverse zone or use default. */
+	CHECK(dn_to_dnsname(mctx, owner_zone_dn_ptr, zone_name, NULL));
+
+cleanup:
+	return result;
+}
+
+/**
+ * Check if PTR record's value in LDAP == name of the modified A/ record.
+ * Update will be refused if the PTR name contains multiple PTR records or
+ * if the value in LDAP != expected name.
+ *
+ * @param[in] a_name Name of modified A/ record.
+ * @param[in] a_name_str Name of modified A/ record as NUL terminated string.
+ * @param[in] ptr_name   Name of PTR record generated from IP address in A/.
+ * @param[in] mod_op LDAP_MOD_DELETE if A/ record is being deleted
+ *   or LDAP_MOD_ADD if A/ record is being added.
+ *
+ * @retval ISC_R_IGNORE  A and PTR records match, no change is required.
+ * @retval ISC_R_SUCCESS Prerequisites fulfilled, update is allowed.
+ * @retval other Errors
+ *
+ * @code
+ * ** A record deletion **
+ * ; nsupdate command:
+ * update delete www.example.com. IN A	192.0.2.1
+ *
+ * ; PTR update will be allowed if the zone contains following data:
+ * www.example.com.		A	192.0.2.1
+ * 1.2.0.192.in-addr.arpa. 	PTR	www.example.com.
+
+ * ; PTR update will not be allowed if the zone contains following data:
+ * www.example.com.		A	192.0.2.1
+ * 1.2.0.192.in-addr.arpa. 	PTR	mail.example.com.
+ * @endcode
+ *
+ * @code
+ * ** A record addition **
+ * ; nsupdate command:
+ * update add www.example.com. 3600 IN A 192.0.2.1
+ *
+ * ; PTR update will be allowed if the zone does not contain A and PTR record.
+ *
+ * ; PTR update will not be allowed if the zone contains following data:
+ * 1.2.0.192.in-addr.arpa. 	PTR	mail.example.com.
+ * @endcode
+ */
+static isc_result_t
+ldap_sync_ptr_validate(ldap_instance_t *ldap_inst, dns_name_t *a_name,
+		   const char *a_name_str, dns_name_t *ptr_name,
+		   int mod_op) {
+	

Re: [Freeipa-devel] [PATCH 0149] Clean up PTR record synchronization code and make it more robust

2013-05-09 Thread Tomas Hozza
On 04/18/2013 11:04 AM, Petr Spacek wrote:
 Hello,
 
 Clean up PTR record synchronization code and make it more robust.
 
 PTR record synchronization was split to smaller functions.
 Input validation, error handling and logging was improved
 significantly.
 

ACK.

The patch looks OK!

Regards,

Tomas Hozza

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH 0149] Clean up PTR record synchronization code and make it more robust

2013-05-06 Thread Petr Spacek

On 18.4.2013 11:04, Petr Spacek wrote:

Hello,

Clean up PTR record synchronization code and make it more robust.

PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.


Tbabej's GCC cries about uninitialized variable 'ptr_a_equal', but we weren't 
able to find any real error.


This version of the patch contains a workaround for the GCC oddities.

--
Petr^2 Spacek
From 5e6abb29df58ce00ecf7045254dfc7fb09fc4650 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 16 Apr 2013 16:10:09 +0200
Subject: [PATCH] Clean up PTR record synchronization code and make it more
 robust.

PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.

Signed-off-by: Petr Spacek pspa...@redhat.com
---
 src/ldap_helper.c | 507 --
 1 file changed, 342 insertions(+), 165 deletions(-)

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 8448412b7a1a9150bd24d9ca46575c0402be0c9f..6c5cf2e79d762251954e3bb099dbef98a0b2d805 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2830,35 +2830,360 @@ cleanup:
 #undef SET_LDAP_MOD
 }
 
+
+#define SYNCPTR_PREFPTR record synchronization 
+#define SYNCPTR_FMTPRE  SYNCPTR_PREF (%s) for A/ '%s' 
+#define SYNCPTR_FMTPOST ldap_modop_str(mod_op), a_name_str
+
+static const char *
+ldap_modop_str(unsigned int mod_op) {
+	static const char add[] = addition;
+	static const char del[] = deletion;
+
+	switch (mod_op) {
+	case LDAP_MOD_ADD:
+		return add;
+
+	case LDAP_MOD_DELETE:
+		return del;
+
+	default:
+		INSIST(unsupported LDAP mod_op == NULL);
+		return NULL;
+	}
+}
+
+static void
+append_trailing_dot(char *str, unsigned int size) {
+	unsigned int length = strlen(str);
+	if (str[length] != '.') {
+		REQUIRE(length + 1  size);
+		str[length] = '.';
+		str[length+1] = '\0';
+	}
+}
+
+static isc_result_t
+ldap_find_ptr(ldap_instance_t *ldap_inst, const char *ip_str,
+	  dns_name_t *ptr_name, ld_string_t *ptr_dn,
+	  dns_name_t *zone_name) {
+	isc_result_t result;
+	isc_mem_t *mctx = ldap_inst-mctx;
+
+	in_addr_t ip;
+
+	/* Get string with IP address from change request
+	 * and convert it to in_addr structure. */
+	if ((ip = inet_addr(ip_str)) == 0) {
+		log_bug(SYNCPTR_PREF  could not convert IP address 
+			from string '%s', ip_str);
+		CLEANUP_WITH(ISC_R_UNEXPECTED);
+	}
+
+	/* Use internal net address representation. */
+	isc_netaddr_t isc_ip;
+	/* Only copy data to isc_ip stucture. */
+	isc_netaddr_fromin(isc_ip,(struct in_addr *) ip);
+
+	/*
+	 * Convert IP address to PTR record.
+	 *
+	 * @example
+	 * 192.168.0.1 - 1.0.168.192.in-addr.arpa
+	 *
+	 * @todo Check if it works for IPv6 correctly.
+	 */
+	CHECK(dns_byaddr_createptrname2(isc_ip, 0, ptr_name));
+
+	/* Get LDAP entry indentifier. */
+	CHECK(dnsname_to_dn(ldap_inst-zone_register, ptr_name, ptr_dn));
+
+	/*
+	 * @example
+	 * owner_dn_ptr = idnsName=100.0.168, idnsname=192.in-addr.arpa,cn=dns,$SUFFIX
+	 * owner_zone_dn_ptr = idnsname=192.in-addr.arpa,cn=dns,$SUFFIX
+	 */
+	char *owner_zone_dn_ptr = strstr(str_buf(ptr_dn),, ) + 1;
+
+	/* Get attribute idnsAllowDynUpdate for reverse zone or use default. */
+	CHECK(dn_to_dnsname(mctx, owner_zone_dn_ptr, zone_name, NULL));
+
+cleanup:
+	return result;
+}
+
+/**
+ * Check if PTR record's value in LDAP == name of the modified A/ record.
+ * Update will be refused if the PTR name contains multiple PTR records or
+ * if the value in LDAP != expected name.
+ *
+ * @param[in] a_name Name of modified A/ record.
+ * @param[in] a_name_str Name of modified A/ record as NUL terminated string.
+ * @param[in] ptr_name   Name of PTR record generated from IP address in A/.
+ * @param[in] mod_op LDAP_MOD_DELETE if A/ record is being deleted
+ *   or LDAP_MOD_ADD if A/ record is being added.
+ *
+ * @retval ISC_R_IGNORE  A and PTR records match, no change is required.
+ * @retval ISC_R_SUCCESS Prerequisites fulfilled, update is allowed.
+ * @retval other Errors
+ *
+ * @code
+ * ** A record deletion **
+ * ; nsupdate command:
+ * update delete www.example.com. IN A	192.0.2.1
+ *
+ * ; PTR update will be allowed if the zone contains following data:
+ * www.example.com.		A	192.0.2.1
+ * 1.2.0.192.in-addr.arpa. 	PTR	www.example.com.
+
+ * ; PTR update will not be allowed if the zone contains following data:
+ * www.example.com.		A	192.0.2.1
+ * 1.2.0.192.in-addr.arpa. 	PTR	mail.example.com.
+ * @endcode
+ *
+ * @code
+ * ** A record addition **
+ * ; nsupdate command:
+ * update add www.example.com. 3600 IN A 192.0.2.1
+ *
+ * ; PTR update will be allowed if the zone does not contain A and PTR record.
+ *
+ * ; PTR update will not be allowed if the zone contains following data:
+ * 1.2.0.192.in-addr.arpa. 	PTR	mail.example.com.
+ * @endcode
+ */
+static isc_result_t

Re: [Freeipa-devel] [PATCH 0149] Clean up PTR record synchronization code and make it more robust

2013-05-06 Thread Tomas Babej

On 05/06/2013 02:03 PM, Petr Spacek wrote:

On 18.4.2013 11:04, Petr Spacek wrote:

Hello,

Clean up PTR record synchronization code and make it more robust.

PTR record synchronization was split to smaller functions.
Input validation, error handling and logging was improved
significantly.


Tbabej's GCC cries about uninitialized variable 'ptr_a_equal', but we 
weren't able to find any real error.


This version of the patch contains a workaround for the GCC oddities.



This fixes the problem. It was caused by turning on the gcc's 
optimalization flag -O2.


ACK from me. Since this was a rather robust code change, a look second 
pair of eyes would be helpful.


Tomas

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel