sssd-2.8.0-2: fix syslog spamming
Resolves: rhbz#2133437
This commit is contained in:
parent
ac043fc3b6
commit
d24bcc9e43
@ -0,0 +1,96 @@
|
|||||||
|
From b38fdc8185fcd6a2e5d4b483d3119964f9922070 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
|
Date: Tue, 11 Oct 2022 12:10:25 +0200
|
||||||
|
Subject: [PATCH 1/6] confdb: avoid syslog message when no domains are enabled
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
This syslog message would also appear when calling other tools like
|
||||||
|
sss_cache which is confusing. We return specific error code instead
|
||||||
|
and let the error be syslogged in the monitor in monitor.c:main (this
|
||||||
|
is already implemented).
|
||||||
|
|
||||||
|
Resolves: https://github.com/SSSD/sssd/issues/6387
|
||||||
|
|
||||||
|
:fixes: A regression when running sss_cache when no SSSD domain is
|
||||||
|
enabled would produce a syslog critical message was fixed.
|
||||||
|
|
||||||
|
Reviewed-by: Alejandro López <allopez@redhat.com>
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
---
|
||||||
|
src/confdb/confdb.c | 8 ++++----
|
||||||
|
src/monitor/monitor.c | 2 +-
|
||||||
|
src/util/util_errors.c | 1 +
|
||||||
|
src/util/util_errors.h | 1 +
|
||||||
|
4 files changed, 7 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
|
||||||
|
index ae2d90bf5e4bc231e878c0d5e2c84e46abd9f999..9465bffe394ebed783b8217f96049f3d07ba7e77 100644
|
||||||
|
--- a/src/confdb/confdb.c
|
||||||
|
+++ b/src/confdb/confdb.c
|
||||||
|
@@ -1800,10 +1800,10 @@ int confdb_get_domains(struct confdb_ctx *cdb,
|
||||||
|
ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domlist);
|
||||||
|
if (ret == ENOENT) {
|
||||||
|
DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n");
|
||||||
|
- sss_log(SSS_LOG_CRIT, "No domains configured, fatal error!\n");
|
||||||
|
+ ret = ERR_NO_DOMAIN_ENABLED;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
- if (ret != EOK ) {
|
||||||
|
+ if (ret != EOK) {
|
||||||
|
DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n");
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
@@ -2472,9 +2472,9 @@ int confdb_expand_app_domains(struct confdb_ctx *cdb)
|
||||||
|
ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domlist);
|
||||||
|
if (ret == ENOENT) {
|
||||||
|
DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n");
|
||||||
|
- sss_log(SSS_LOG_CRIT, "No domains configured, fatal error!\n");
|
||||||
|
+ ret = ERR_NO_DOMAIN_ENABLED;
|
||||||
|
goto done;
|
||||||
|
- } else if (ret != EOK ) {
|
||||||
|
+ } else if (ret != EOK) {
|
||||||
|
DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n");
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
|
||||||
|
index 17bb1d6685257f204e56baad43919366b75a140d..7670114d37646ebcacd1d0f8c6876e40ff03938e 100644
|
||||||
|
--- a/src/monitor/monitor.c
|
||||||
|
+++ b/src/monitor/monitor.c
|
||||||
|
@@ -2566,7 +2566,7 @@ int main(int argc, const char *argv[])
|
||||||
|
"SSSD couldn't load the configuration database.\n");
|
||||||
|
sss_log(SSS_LOG_CRIT,
|
||||||
|
"SSSD couldn't load the configuration database [%d]: %s.\n",
|
||||||
|
- ret, strerror(ret));
|
||||||
|
+ ret, sss_strerror(ret));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return 4;
|
||||||
|
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
|
||||||
|
index 647bc70a77ec8697e287f61d5895143f0a575157..899bef2f40e4f1c503c843b8307120e18c6c2d52 100644
|
||||||
|
--- a/src/util/util_errors.c
|
||||||
|
+++ b/src/util/util_errors.c
|
||||||
|
@@ -64,6 +64,7 @@ struct err_string error_to_str[] = {
|
||||||
|
{ "Cannot parse input" }, /* ERR_INPUT_PARSE */
|
||||||
|
{ "Entry not found" }, /* ERR_NOT_FOUND */
|
||||||
|
{ "Domain not found" }, /* ERR_DOMAIN_NOT_FOUND */
|
||||||
|
+ { "No domain is enabled" }, /* ERR_NO_DOMAIN_ENABLED */
|
||||||
|
{ "Malformed search filter" }, /* ERR_INVALID_FILTER, */
|
||||||
|
{ "No POSIX attributes detected" }, /* ERR_NO_POSIX */
|
||||||
|
{ "Extra attribute is a duplicate" }, /* ERR_DUP_EXTRA_ATTR */
|
||||||
|
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
|
||||||
|
index 1a752753e4df2a9de5913920bb75ebf49a8f60a6..b55b340fcdcfd9b01a9053b6b2a24b68243f14f5 100644
|
||||||
|
--- a/src/util/util_errors.h
|
||||||
|
+++ b/src/util/util_errors.h
|
||||||
|
@@ -85,6 +85,7 @@ enum sssd_errors {
|
||||||
|
ERR_INPUT_PARSE,
|
||||||
|
ERR_NOT_FOUND,
|
||||||
|
ERR_DOMAIN_NOT_FOUND,
|
||||||
|
+ ERR_NO_DOMAIN_ENABLED,
|
||||||
|
ERR_INVALID_FILTER,
|
||||||
|
ERR_NO_POSIX,
|
||||||
|
ERR_DUP_EXTRA_ATTR,
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
101
0002-monitor-read-all-enabled-domains-in-add_implicit_ser.patch
Normal file
101
0002-monitor-read-all-enabled-domains-in-add_implicit_ser.patch
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
From 4da861368b88c03b22993f95de5b508ad5637c25 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
|
Date: Tue, 11 Oct 2022 12:30:56 +0200
|
||||||
|
Subject: [PATCH 2/6] monitor: read all enabled domains in
|
||||||
|
add_implicit_services
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Reading sssd/domains option is no longer sufficient since domains
|
||||||
|
can be enabled through domain/enabled.
|
||||||
|
|
||||||
|
Reviewed-by: Alejandro López <allopez@redhat.com>
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
---
|
||||||
|
src/confdb/confdb.c | 15 ++-------------
|
||||||
|
src/confdb/confdb.h | 11 +++++++++++
|
||||||
|
src/monitor/monitor.c | 9 +++++----
|
||||||
|
3 files changed, 18 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
|
||||||
|
index 9465bffe394ebed783b8217f96049f3d07ba7e77..3ecdaa3b91e3b550f670768d336e9d7d85bb66e6 100644
|
||||||
|
--- a/src/confdb/confdb.c
|
||||||
|
+++ b/src/confdb/confdb.c
|
||||||
|
@@ -45,9 +45,6 @@
|
||||||
|
/* SSSD domain name that is used for the auto-configured files domain */
|
||||||
|
#define IMPLICIT_FILES_DOMAIN_NAME "implicit_files"
|
||||||
|
|
||||||
|
-
|
||||||
|
-static int confdb_get_enabled_domain_list(struct confdb_ctx *cdb,
|
||||||
|
- TALLOC_CTX *ctx, char ***_result);
|
||||||
|
static int confdb_get_domain_enabled(struct confdb_ctx *cdb,
|
||||||
|
const char *domain, bool *_enabled);
|
||||||
|
|
||||||
|
@@ -2675,16 +2672,8 @@ done:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
-/**
|
||||||
|
- * Retrieve the list of enabled domains considering the explicit list
|
||||||
|
- * and the 'enabled' attribute.
|
||||||
|
- * @param cdb The database configuration context.
|
||||||
|
- * @param ctx The memory context.
|
||||||
|
- * @param result Output variable where the list of domains will be stored.
|
||||||
|
- * @return 0 if the list was retrieved properly, another value on error.
|
||||||
|
- */
|
||||||
|
-static int confdb_get_enabled_domain_list(struct confdb_ctx *cdb,
|
||||||
|
- TALLOC_CTX *ctx, char ***_result)
|
||||||
|
+int confdb_get_enabled_domain_list(struct confdb_ctx *cdb,
|
||||||
|
+ TALLOC_CTX *ctx, char ***_result)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
char **domlist = NULL;
|
||||||
|
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
|
||||||
|
index 0effd1193708676ade230d8922ab78fae9b5c15a..a53894846737467f12e5dcd99ce35ebee165ccf7 100644
|
||||||
|
--- a/src/confdb/confdb.h
|
||||||
|
+++ b/src/confdb/confdb.h
|
||||||
|
@@ -497,6 +497,17 @@ int confdb_get_domain(struct confdb_ctx *cdb,
|
||||||
|
int confdb_get_domains(struct confdb_ctx *cdb,
|
||||||
|
struct sss_domain_info **domains);
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * Retrieve the list of enabled domains considering the explicit list
|
||||||
|
+ * and the 'enabled' attribute.
|
||||||
|
+ * @param cdb The database configuration context.
|
||||||
|
+ * @param ctx The memory context.
|
||||||
|
+ * @param result Output variable where the list of domains will be stored.
|
||||||
|
+ * @return 0 if the list was retrieved properly, ENOENT if no domain is enabled, another value on error.
|
||||||
|
+ */
|
||||||
|
+int confdb_get_enabled_domain_list(struct confdb_ctx *cdb,
|
||||||
|
+ TALLOC_CTX *ctx, char ***_result);
|
||||||
|
+
|
||||||
|
int confdb_expand_app_domains(struct confdb_ctx *cdb);
|
||||||
|
|
||||||
|
/**
|
||||||
|
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
|
||||||
|
index 7670114d37646ebcacd1d0f8c6876e40ff03938e..511e13971d253bc25cb9a04008c1a363f2182748 100644
|
||||||
|
--- a/src/monitor/monitor.c
|
||||||
|
+++ b/src/monitor/monitor.c
|
||||||
|
@@ -777,13 +777,14 @@ static errno_t add_implicit_services(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx
|
||||||
|
return ENOMEM;
|
||||||
|
}
|
||||||
|
|
||||||
|
- ret = confdb_get_string_as_list(cdb, tmp_ctx,
|
||||||
|
- CONFDB_MONITOR_CONF_ENTRY,
|
||||||
|
- CONFDB_MONITOR_ACTIVE_DOMAINS,
|
||||||
|
- &domain_names);
|
||||||
|
+ ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domain_names);
|
||||||
|
if (ret == ENOENT) {
|
||||||
|
DEBUG(SSSDBG_OP_FAILURE, "No domains configured!\n");
|
||||||
|
goto done;
|
||||||
|
+ } else if (ret != EOK) {
|
||||||
|
+ DEBUG(SSSDBG_FATAL_FAILURE, "Error retrieving domains list [%d]: %s\n",
|
||||||
|
+ ret, sss_strerror(ret));
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = confdb_get_bool(cdb, CONFDB_MONITOR_CONF_ENTRY,
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -0,0 +1,39 @@
|
|||||||
|
From 64c22dd1c4f79f953b879fc167b535de928f4bfd Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
|
Date: Tue, 11 Oct 2022 14:51:53 +0200
|
||||||
|
Subject: [PATCH 3/6] sss_cache: use ERR_NO_DOMAIN_ENABLED instead of ENOENT
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Reviewed-by: Alejandro López <allopez@redhat.com>
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
---
|
||||||
|
src/tools/sss_cache.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
|
||||||
|
index 6740e83b0359911824805d565c7c3e5a6d36f68c..79de13ac8725acd4cdde92a8869fcf1a3c289bb3 100644
|
||||||
|
--- a/src/tools/sss_cache.c
|
||||||
|
+++ b/src/tools/sss_cache.c
|
||||||
|
@@ -165,7 +165,7 @@ int main(int argc, const char *argv[])
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = init_context(argc, argv, &tctx);
|
||||||
|
- if (ret == ENOENT) {
|
||||||
|
+ if (ret == ERR_NO_DOMAIN_ENABLED) {
|
||||||
|
/* nothing to invalidate; no reason to fail */
|
||||||
|
ret = EOK;
|
||||||
|
goto done;
|
||||||
|
@@ -909,7 +909,7 @@ static errno_t init_context(int argc, const char *argv[],
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = init_domains(ctx, values.domain);
|
||||||
|
- if (ret == ENOENT && values.domain == NULL) {
|
||||||
|
+ if (ret == ERR_NO_DOMAIN_ENABLED && values.domain == NULL) {
|
||||||
|
/* Nothing to invalidate; do not log confusing messages. */
|
||||||
|
goto fini;
|
||||||
|
} else if (ret != EOK) {
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -0,0 +1,63 @@
|
|||||||
|
From df55b1f16ea2fb5e56f0fe69419904d50b7e2476 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
|
Date: Wed, 12 Oct 2022 14:32:31 +0200
|
||||||
|
Subject: [PATCH 4/6] confdb: chande debug level when no domain are found in
|
||||||
|
confdb_get_domains
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
We print the error as fatal error in the monitor to make sure the
|
||||||
|
message is correctly visible. However, the error is not fatal for tools
|
||||||
|
like sss_cache and it should not be printed there by default.
|
||||||
|
|
||||||
|
Since the tools have default debug level set to SSSDBG_FATAL_FAILURE, it
|
||||||
|
is sufficient to just drop the level to critical.
|
||||||
|
|
||||||
|
Resolves: https://github.com/SSSD/sssd/issues/6387
|
||||||
|
|
||||||
|
Reviewed-by: Alejandro López <allopez@redhat.com>
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
---
|
||||||
|
src/confdb/confdb.c | 5 ++---
|
||||||
|
src/monitor/monitor.c | 5 +++--
|
||||||
|
2 files changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
|
||||||
|
index 3ecdaa3b91e3b550f670768d336e9d7d85bb66e6..cf0476f759827f3e1aa1f445d4e71c09b3ec3239 100644
|
||||||
|
--- a/src/confdb/confdb.c
|
||||||
|
+++ b/src/confdb/confdb.c
|
||||||
|
@@ -1796,11 +1796,10 @@ int confdb_get_domains(struct confdb_ctx *cdb,
|
||||||
|
|
||||||
|
ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domlist);
|
||||||
|
if (ret == ENOENT) {
|
||||||
|
- DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n");
|
||||||
|
+ DEBUG(SSSDBG_CRIT_FAILURE, "No domains configured, fatal error!\n");
|
||||||
|
ret = ERR_NO_DOMAIN_ENABLED;
|
||||||
|
goto done;
|
||||||
|
- }
|
||||||
|
- if (ret != EOK) {
|
||||||
|
+ } else if (ret != EOK) {
|
||||||
|
DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n");
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
|
||||||
|
index 511e13971d253bc25cb9a04008c1a363f2182748..2196c2e0b0fdd630335333e7d53026e34302e512 100644
|
||||||
|
--- a/src/monitor/monitor.c
|
||||||
|
+++ b/src/monitor/monitor.c
|
||||||
|
@@ -2564,9 +2564,10 @@ int main(int argc, const char *argv[])
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
DEBUG(SSSDBG_FATAL_FAILURE,
|
||||||
|
- "SSSD couldn't load the configuration database.\n");
|
||||||
|
+ "SSSD couldn't load the configuration database [%d]: %s\n",
|
||||||
|
+ ret, sss_strerror(ret));
|
||||||
|
sss_log(SSS_LOG_CRIT,
|
||||||
|
- "SSSD couldn't load the configuration database [%d]: %s.\n",
|
||||||
|
+ "SSSD couldn't load the configuration database [%d]: %s\n",
|
||||||
|
ret, sss_strerror(ret));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
10
sssd.spec
10
sssd.spec
@ -43,7 +43,7 @@
|
|||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.8.0
|
Version: 2.8.0
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: https://github.com/SSSD/sssd/
|
URL: https://github.com/SSSD/sssd/
|
||||||
@ -51,6 +51,11 @@ Source0: https://github.com/SSSD/sssd/releases/download/2.8.0/sssd-2.8.0.tar.gz
|
|||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
|
|
||||||
|
Patch0001: 0001-confdb-avoid-syslog-message-when-no-domains-are-enab.patch
|
||||||
|
Patch0002: 0002-monitor-read-all-enabled-domains-in-add_implicit_ser.patch
|
||||||
|
Patch0003: 0003-sss_cache-use-ERR_NO_DOMAIN_ENABLED-instead-of-ENOEN.patch
|
||||||
|
Patch0004: 0004-confdb-chande-debug-level-when-no-domain-are-found-i.patch
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
Requires: sssd-ad = %{version}-%{release}
|
Requires: sssd-ad = %{version}-%{release}
|
||||||
@ -1058,6 +1063,9 @@ fi
|
|||||||
%systemd_postun_with_restart sssd.service
|
%systemd_postun_with_restart sssd.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 24 2022 Pavel Březina <pbrezina@redhat.com> - 2.8.0-2
|
||||||
|
- Fix regression, syslog is no longer spammed when no SSSD domain is configured (#2133437)
|
||||||
|
|
||||||
* Fri Oct 7 2022 Pavel Březina <pbrezina@redhat.com> - 2.8.0-1
|
* Fri Oct 7 2022 Pavel Březina <pbrezina@redhat.com> - 2.8.0-1
|
||||||
- Rebase to SSSD 2.8.0
|
- Rebase to SSSD 2.8.0
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user