From cf2cbdba823bb48edab32ae6d7eb02ad41d79a84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 4 Nov 2022 12:25:36 +0100 Subject: [PATCH] sssd-2.8.1-1: Rebase to latest upstream release --- .gitignore | 1 + ...log-message-when-no-domains-are-enab.patch | 96 ----------------- ...-enabled-domains-in-add_implicit_ser.patch | 101 ------------------ ...R_NO_DOMAIN_ENABLED-instead-of-ENOEN.patch | 39 ------- ...bug-level-when-no-domain-are-found-i.patch | 63 ----------- sources | 2 +- sssd.spec | 14 ++- 7 files changed, 8 insertions(+), 308 deletions(-) delete mode 100644 0001-confdb-avoid-syslog-message-when-no-domains-are-enab.patch delete mode 100644 0002-monitor-read-all-enabled-domains-in-add_implicit_ser.patch delete mode 100644 0003-sss_cache-use-ERR_NO_DOMAIN_ENABLED-instead-of-ENOEN.patch delete mode 100644 0004-confdb-chande-debug-level-when-no-domain-are-found-i.patch diff --git a/.gitignore b/.gitignore index 20d39de..240b604 100644 --- a/.gitignore +++ b/.gitignore @@ -103,3 +103,4 @@ sssd-1.2.91.tar.gz /sssd-2.7.3.tar.gz /sssd-2.7.4.tar.gz /sssd-2.8.0.tar.gz +/sssd-2.8.1.tar.gz diff --git a/0001-confdb-avoid-syslog-message-when-no-domains-are-enab.patch b/0001-confdb-avoid-syslog-message-when-no-domains-are-enab.patch deleted file mode 100644 index 03142a9..0000000 --- a/0001-confdb-avoid-syslog-message-when-no-domains-are-enab.patch +++ /dev/null @@ -1,96 +0,0 @@ -From b38fdc8185fcd6a2e5d4b483d3119964f9922070 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 11 Oct 2022 12:10:25 +0200 -Subject: [PATCH 1/6] confdb: avoid syslog message when no domains are enabled -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This syslog message would also appear when calling other tools like -sss_cache which is confusing. We return specific error code instead -and let the error be syslogged in the monitor in monitor.c:main (this -is already implemented). - -Resolves: https://github.com/SSSD/sssd/issues/6387 - -:fixes: A regression when running sss_cache when no SSSD domain is - enabled would produce a syslog critical message was fixed. - -Reviewed-by: Alejandro López -Reviewed-by: Sumit Bose ---- - src/confdb/confdb.c | 8 ++++---- - src/monitor/monitor.c | 2 +- - src/util/util_errors.c | 1 + - src/util/util_errors.h | 1 + - 4 files changed, 7 insertions(+), 5 deletions(-) - -diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c -index ae2d90bf5e4bc231e878c0d5e2c84e46abd9f999..9465bffe394ebed783b8217f96049f3d07ba7e77 100644 ---- a/src/confdb/confdb.c -+++ b/src/confdb/confdb.c -@@ -1800,10 +1800,10 @@ int confdb_get_domains(struct confdb_ctx *cdb, - ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domlist); - if (ret == ENOENT) { - DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n"); -- sss_log(SSS_LOG_CRIT, "No domains configured, fatal error!\n"); -+ ret = ERR_NO_DOMAIN_ENABLED; - goto done; - } -- if (ret != EOK ) { -+ if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n"); - goto done; - } -@@ -2472,9 +2472,9 @@ int confdb_expand_app_domains(struct confdb_ctx *cdb) - ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domlist); - if (ret == ENOENT) { - DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n"); -- sss_log(SSS_LOG_CRIT, "No domains configured, fatal error!\n"); -+ ret = ERR_NO_DOMAIN_ENABLED; - goto done; -- } else if (ret != EOK ) { -+ } else if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n"); - goto done; - } -diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c -index 17bb1d6685257f204e56baad43919366b75a140d..7670114d37646ebcacd1d0f8c6876e40ff03938e 100644 ---- a/src/monitor/monitor.c -+++ b/src/monitor/monitor.c -@@ -2566,7 +2566,7 @@ int main(int argc, const char *argv[]) - "SSSD couldn't load the configuration database.\n"); - sss_log(SSS_LOG_CRIT, - "SSSD couldn't load the configuration database [%d]: %s.\n", -- ret, strerror(ret)); -+ ret, sss_strerror(ret)); - break; - } - return 4; -diff --git a/src/util/util_errors.c b/src/util/util_errors.c -index 647bc70a77ec8697e287f61d5895143f0a575157..899bef2f40e4f1c503c843b8307120e18c6c2d52 100644 ---- a/src/util/util_errors.c -+++ b/src/util/util_errors.c -@@ -64,6 +64,7 @@ struct err_string error_to_str[] = { - { "Cannot parse input" }, /* ERR_INPUT_PARSE */ - { "Entry not found" }, /* ERR_NOT_FOUND */ - { "Domain not found" }, /* ERR_DOMAIN_NOT_FOUND */ -+ { "No domain is enabled" }, /* ERR_NO_DOMAIN_ENABLED */ - { "Malformed search filter" }, /* ERR_INVALID_FILTER, */ - { "No POSIX attributes detected" }, /* ERR_NO_POSIX */ - { "Extra attribute is a duplicate" }, /* ERR_DUP_EXTRA_ATTR */ -diff --git a/src/util/util_errors.h b/src/util/util_errors.h -index 1a752753e4df2a9de5913920bb75ebf49a8f60a6..b55b340fcdcfd9b01a9053b6b2a24b68243f14f5 100644 ---- a/src/util/util_errors.h -+++ b/src/util/util_errors.h -@@ -85,6 +85,7 @@ enum sssd_errors { - ERR_INPUT_PARSE, - ERR_NOT_FOUND, - ERR_DOMAIN_NOT_FOUND, -+ ERR_NO_DOMAIN_ENABLED, - ERR_INVALID_FILTER, - ERR_NO_POSIX, - ERR_DUP_EXTRA_ATTR, --- -2.37.3 - diff --git a/0002-monitor-read-all-enabled-domains-in-add_implicit_ser.patch b/0002-monitor-read-all-enabled-domains-in-add_implicit_ser.patch deleted file mode 100644 index bc20edb..0000000 --- a/0002-monitor-read-all-enabled-domains-in-add_implicit_ser.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 4da861368b88c03b22993f95de5b508ad5637c25 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 11 Oct 2022 12:30:56 +0200 -Subject: [PATCH 2/6] monitor: read all enabled domains in - add_implicit_services -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reading sssd/domains option is no longer sufficient since domains -can be enabled through domain/enabled. - -Reviewed-by: Alejandro López -Reviewed-by: Sumit Bose ---- - src/confdb/confdb.c | 15 ++------------- - src/confdb/confdb.h | 11 +++++++++++ - src/monitor/monitor.c | 9 +++++---- - 3 files changed, 18 insertions(+), 17 deletions(-) - -diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c -index 9465bffe394ebed783b8217f96049f3d07ba7e77..3ecdaa3b91e3b550f670768d336e9d7d85bb66e6 100644 ---- a/src/confdb/confdb.c -+++ b/src/confdb/confdb.c -@@ -45,9 +45,6 @@ - /* SSSD domain name that is used for the auto-configured files domain */ - #define IMPLICIT_FILES_DOMAIN_NAME "implicit_files" - -- --static int confdb_get_enabled_domain_list(struct confdb_ctx *cdb, -- TALLOC_CTX *ctx, char ***_result); - static int confdb_get_domain_enabled(struct confdb_ctx *cdb, - const char *domain, bool *_enabled); - -@@ -2675,16 +2672,8 @@ done: - return ret; - } - --/** -- * Retrieve the list of enabled domains considering the explicit list -- * and the 'enabled' attribute. -- * @param cdb The database configuration context. -- * @param ctx The memory context. -- * @param result Output variable where the list of domains will be stored. -- * @return 0 if the list was retrieved properly, another value on error. -- */ --static int confdb_get_enabled_domain_list(struct confdb_ctx *cdb, -- TALLOC_CTX *ctx, char ***_result) -+int confdb_get_enabled_domain_list(struct confdb_ctx *cdb, -+ TALLOC_CTX *ctx, char ***_result) - { - int ret; - char **domlist = NULL; -diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h -index 0effd1193708676ade230d8922ab78fae9b5c15a..a53894846737467f12e5dcd99ce35ebee165ccf7 100644 ---- a/src/confdb/confdb.h -+++ b/src/confdb/confdb.h -@@ -497,6 +497,17 @@ int confdb_get_domain(struct confdb_ctx *cdb, - int confdb_get_domains(struct confdb_ctx *cdb, - struct sss_domain_info **domains); - -+/** -+ * Retrieve the list of enabled domains considering the explicit list -+ * and the 'enabled' attribute. -+ * @param cdb The database configuration context. -+ * @param ctx The memory context. -+ * @param result Output variable where the list of domains will be stored. -+ * @return 0 if the list was retrieved properly, ENOENT if no domain is enabled, another value on error. -+ */ -+int confdb_get_enabled_domain_list(struct confdb_ctx *cdb, -+ TALLOC_CTX *ctx, char ***_result); -+ - int confdb_expand_app_domains(struct confdb_ctx *cdb); - - /** -diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c -index 7670114d37646ebcacd1d0f8c6876e40ff03938e..511e13971d253bc25cb9a04008c1a363f2182748 100644 ---- a/src/monitor/monitor.c -+++ b/src/monitor/monitor.c -@@ -777,13 +777,14 @@ static errno_t add_implicit_services(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx - return ENOMEM; - } - -- ret = confdb_get_string_as_list(cdb, tmp_ctx, -- CONFDB_MONITOR_CONF_ENTRY, -- CONFDB_MONITOR_ACTIVE_DOMAINS, -- &domain_names); -+ ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domain_names); - if (ret == ENOENT) { - DEBUG(SSSDBG_OP_FAILURE, "No domains configured!\n"); - goto done; -+ } else if (ret != EOK) { -+ DEBUG(SSSDBG_FATAL_FAILURE, "Error retrieving domains list [%d]: %s\n", -+ ret, sss_strerror(ret)); -+ goto done; - } - - ret = confdb_get_bool(cdb, CONFDB_MONITOR_CONF_ENTRY, --- -2.37.3 - diff --git a/0003-sss_cache-use-ERR_NO_DOMAIN_ENABLED-instead-of-ENOEN.patch b/0003-sss_cache-use-ERR_NO_DOMAIN_ENABLED-instead-of-ENOEN.patch deleted file mode 100644 index 5342920..0000000 --- a/0003-sss_cache-use-ERR_NO_DOMAIN_ENABLED-instead-of-ENOEN.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 64c22dd1c4f79f953b879fc167b535de928f4bfd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 11 Oct 2022 14:51:53 +0200 -Subject: [PATCH 3/6] sss_cache: use ERR_NO_DOMAIN_ENABLED instead of ENOENT -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Alejandro López -Reviewed-by: Sumit Bose ---- - src/tools/sss_cache.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c -index 6740e83b0359911824805d565c7c3e5a6d36f68c..79de13ac8725acd4cdde92a8869fcf1a3c289bb3 100644 ---- a/src/tools/sss_cache.c -+++ b/src/tools/sss_cache.c -@@ -165,7 +165,7 @@ int main(int argc, const char *argv[]) - } - - ret = init_context(argc, argv, &tctx); -- if (ret == ENOENT) { -+ if (ret == ERR_NO_DOMAIN_ENABLED) { - /* nothing to invalidate; no reason to fail */ - ret = EOK; - goto done; -@@ -909,7 +909,7 @@ static errno_t init_context(int argc, const char *argv[], - } - - ret = init_domains(ctx, values.domain); -- if (ret == ENOENT && values.domain == NULL) { -+ if (ret == ERR_NO_DOMAIN_ENABLED && values.domain == NULL) { - /* Nothing to invalidate; do not log confusing messages. */ - goto fini; - } else if (ret != EOK) { --- -2.37.3 - diff --git a/0004-confdb-chande-debug-level-when-no-domain-are-found-i.patch b/0004-confdb-chande-debug-level-when-no-domain-are-found-i.patch deleted file mode 100644 index 46f0688..0000000 --- a/0004-confdb-chande-debug-level-when-no-domain-are-found-i.patch +++ /dev/null @@ -1,63 +0,0 @@ -From df55b1f16ea2fb5e56f0fe69419904d50b7e2476 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Wed, 12 Oct 2022 14:32:31 +0200 -Subject: [PATCH 4/6] confdb: chande debug level when no domain are found in - confdb_get_domains -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We print the error as fatal error in the monitor to make sure the -message is correctly visible. However, the error is not fatal for tools -like sss_cache and it should not be printed there by default. - -Since the tools have default debug level set to SSSDBG_FATAL_FAILURE, it -is sufficient to just drop the level to critical. - -Resolves: https://github.com/SSSD/sssd/issues/6387 - -Reviewed-by: Alejandro López -Reviewed-by: Sumit Bose ---- - src/confdb/confdb.c | 5 ++--- - src/monitor/monitor.c | 5 +++-- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c -index 3ecdaa3b91e3b550f670768d336e9d7d85bb66e6..cf0476f759827f3e1aa1f445d4e71c09b3ec3239 100644 ---- a/src/confdb/confdb.c -+++ b/src/confdb/confdb.c -@@ -1796,11 +1796,10 @@ int confdb_get_domains(struct confdb_ctx *cdb, - - ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domlist); - if (ret == ENOENT) { -- DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n"); -+ DEBUG(SSSDBG_CRIT_FAILURE, "No domains configured, fatal error!\n"); - ret = ERR_NO_DOMAIN_ENABLED; - goto done; -- } -- if (ret != EOK) { -+ } else if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n"); - goto done; - } -diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c -index 511e13971d253bc25cb9a04008c1a363f2182748..2196c2e0b0fdd630335333e7d53026e34302e512 100644 ---- a/src/monitor/monitor.c -+++ b/src/monitor/monitor.c -@@ -2564,9 +2564,10 @@ int main(int argc, const char *argv[]) - break; - default: - DEBUG(SSSDBG_FATAL_FAILURE, -- "SSSD couldn't load the configuration database.\n"); -+ "SSSD couldn't load the configuration database [%d]: %s\n", -+ ret, sss_strerror(ret)); - sss_log(SSS_LOG_CRIT, -- "SSSD couldn't load the configuration database [%d]: %s.\n", -+ "SSSD couldn't load the configuration database [%d]: %s\n", - ret, sss_strerror(ret)); - break; - } --- -2.37.3 - diff --git a/sources b/sources index a9b3c4f..5693232 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sssd-2.8.0.tar.gz) = 25a96b1d14a113c7e388e7f8053668b6262c391413771cd85f4293a3162dcb4403956f4519f3a206095fcee83b0399648c948b25215f1c33dba01d199f01b1ea +SHA512 (sssd-2.8.1.tar.gz) = 419798fa3e7ab0ad407d9f53ead183e6c4ffb534c93ed20a944a2eea6760bffaa2336373a8d52bd43f8e7c100e52fccecc9d0859bde04f8ce4e7406102024c0e diff --git a/sssd.spec b/sssd.spec index 4730830..9812a22 100644 --- a/sssd.spec +++ b/sssd.spec @@ -42,20 +42,15 @@ %global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release}) Name: sssd -Version: 2.8.0 -Release: 2%{?dist} +Version: 2.8.1 +Release: 1%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://github.com/SSSD/sssd/ -Source0: https://github.com/SSSD/sssd/releases/download/2.8.0/sssd-2.8.0.tar.gz +Source0: https://github.com/SSSD/sssd/releases/download/2.8.1/sssd-2.8.1.tar.gz ### Patches ### -Patch0001: 0001-confdb-avoid-syslog-message-when-no-domains-are-enab.patch -Patch0002: 0002-monitor-read-all-enabled-domains-in-add_implicit_ser.patch -Patch0003: 0003-sss_cache-use-ERR_NO_DOMAIN_ENABLED-instead-of-ENOEN.patch -Patch0004: 0004-confdb-chande-debug-level-when-no-domain-are-found-i.patch - ### Dependencies ### Requires: sssd-ad = %{version}-%{release} @@ -1063,6 +1058,9 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Fri Nov 4 2022 Pavel Březina - 2.8.1-1 +- Rebase to SSSD 2.8.1 + * Mon Oct 24 2022 Pavel Březina - 2.8.0-2 - Fix regression, syslog is no longer spammed when no SSSD domain is configured (#2133437)