sssd-2.8.0-2: fix syslog spamming

Resolves: rhbz#2133437
This commit is contained in:
Pavel Březina 2022-10-24 12:36:08 +02:00
parent ac043fc3b6
commit d24bcc9e43
5 changed files with 308 additions and 1 deletions

View File

@ -0,0 +1,96 @@
From b38fdc8185fcd6a2e5d4b483d3119964f9922070 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 11 Oct 2022 12:10:25 +0200
Subject: [PATCH 1/6] confdb: avoid syslog message when no domains are enabled
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This syslog message would also appear when calling other tools like
sss_cache which is confusing. We return specific error code instead
and let the error be syslogged in the monitor in monitor.c:main (this
is already implemented).
Resolves: https://github.com/SSSD/sssd/issues/6387
:fixes: A regression when running sss_cache when no SSSD domain is
enabled would produce a syslog critical message was fixed.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/confdb/confdb.c | 8 ++++----
src/monitor/monitor.c | 2 +-
src/util/util_errors.c | 1 +
src/util/util_errors.h | 1 +
4 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index ae2d90bf5e4bc231e878c0d5e2c84e46abd9f999..9465bffe394ebed783b8217f96049f3d07ba7e77 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1800,10 +1800,10 @@ int confdb_get_domains(struct confdb_ctx *cdb,
ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domlist);
if (ret == ENOENT) {
DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n");
- sss_log(SSS_LOG_CRIT, "No domains configured, fatal error!\n");
+ ret = ERR_NO_DOMAIN_ENABLED;
goto done;
}
- if (ret != EOK ) {
+ if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n");
goto done;
}
@@ -2472,9 +2472,9 @@ int confdb_expand_app_domains(struct confdb_ctx *cdb)
ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domlist);
if (ret == ENOENT) {
DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n");
- sss_log(SSS_LOG_CRIT, "No domains configured, fatal error!\n");
+ ret = ERR_NO_DOMAIN_ENABLED;
goto done;
- } else if (ret != EOK ) {
+ } else if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n");
goto done;
}
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 17bb1d6685257f204e56baad43919366b75a140d..7670114d37646ebcacd1d0f8c6876e40ff03938e 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -2566,7 +2566,7 @@ int main(int argc, const char *argv[])
"SSSD couldn't load the configuration database.\n");
sss_log(SSS_LOG_CRIT,
"SSSD couldn't load the configuration database [%d]: %s.\n",
- ret, strerror(ret));
+ ret, sss_strerror(ret));
break;
}
return 4;
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
index 647bc70a77ec8697e287f61d5895143f0a575157..899bef2f40e4f1c503c843b8307120e18c6c2d52 100644
--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
@@ -64,6 +64,7 @@ struct err_string error_to_str[] = {
{ "Cannot parse input" }, /* ERR_INPUT_PARSE */
{ "Entry not found" }, /* ERR_NOT_FOUND */
{ "Domain not found" }, /* ERR_DOMAIN_NOT_FOUND */
+ { "No domain is enabled" }, /* ERR_NO_DOMAIN_ENABLED */
{ "Malformed search filter" }, /* ERR_INVALID_FILTER, */
{ "No POSIX attributes detected" }, /* ERR_NO_POSIX */
{ "Extra attribute is a duplicate" }, /* ERR_DUP_EXTRA_ATTR */
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
index 1a752753e4df2a9de5913920bb75ebf49a8f60a6..b55b340fcdcfd9b01a9053b6b2a24b68243f14f5 100644
--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
@@ -85,6 +85,7 @@ enum sssd_errors {
ERR_INPUT_PARSE,
ERR_NOT_FOUND,
ERR_DOMAIN_NOT_FOUND,
+ ERR_NO_DOMAIN_ENABLED,
ERR_INVALID_FILTER,
ERR_NO_POSIX,
ERR_DUP_EXTRA_ATTR,
--
2.37.3

View File

@ -0,0 +1,101 @@
From 4da861368b88c03b22993f95de5b508ad5637c25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 11 Oct 2022 12:30:56 +0200
Subject: [PATCH 2/6] monitor: read all enabled domains in
add_implicit_services
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reading sssd/domains option is no longer sufficient since domains
can be enabled through domain/enabled.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/confdb/confdb.c | 15 ++-------------
src/confdb/confdb.h | 11 +++++++++++
src/monitor/monitor.c | 9 +++++----
3 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 9465bffe394ebed783b8217f96049f3d07ba7e77..3ecdaa3b91e3b550f670768d336e9d7d85bb66e6 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -45,9 +45,6 @@
/* SSSD domain name that is used for the auto-configured files domain */
#define IMPLICIT_FILES_DOMAIN_NAME "implicit_files"
-
-static int confdb_get_enabled_domain_list(struct confdb_ctx *cdb,
- TALLOC_CTX *ctx, char ***_result);
static int confdb_get_domain_enabled(struct confdb_ctx *cdb,
const char *domain, bool *_enabled);
@@ -2675,16 +2672,8 @@ done:
return ret;
}
-/**
- * Retrieve the list of enabled domains considering the explicit list
- * and the 'enabled' attribute.
- * @param cdb The database configuration context.
- * @param ctx The memory context.
- * @param result Output variable where the list of domains will be stored.
- * @return 0 if the list was retrieved properly, another value on error.
- */
-static int confdb_get_enabled_domain_list(struct confdb_ctx *cdb,
- TALLOC_CTX *ctx, char ***_result)
+int confdb_get_enabled_domain_list(struct confdb_ctx *cdb,
+ TALLOC_CTX *ctx, char ***_result)
{
int ret;
char **domlist = NULL;
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 0effd1193708676ade230d8922ab78fae9b5c15a..a53894846737467f12e5dcd99ce35ebee165ccf7 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -497,6 +497,17 @@ int confdb_get_domain(struct confdb_ctx *cdb,
int confdb_get_domains(struct confdb_ctx *cdb,
struct sss_domain_info **domains);
+/**
+ * Retrieve the list of enabled domains considering the explicit list
+ * and the 'enabled' attribute.
+ * @param cdb The database configuration context.
+ * @param ctx The memory context.
+ * @param result Output variable where the list of domains will be stored.
+ * @return 0 if the list was retrieved properly, ENOENT if no domain is enabled, another value on error.
+ */
+int confdb_get_enabled_domain_list(struct confdb_ctx *cdb,
+ TALLOC_CTX *ctx, char ***_result);
+
int confdb_expand_app_domains(struct confdb_ctx *cdb);
/**
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 7670114d37646ebcacd1d0f8c6876e40ff03938e..511e13971d253bc25cb9a04008c1a363f2182748 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -777,13 +777,14 @@ static errno_t add_implicit_services(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx
return ENOMEM;
}
- ret = confdb_get_string_as_list(cdb, tmp_ctx,
- CONFDB_MONITOR_CONF_ENTRY,
- CONFDB_MONITOR_ACTIVE_DOMAINS,
- &domain_names);
+ ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domain_names);
if (ret == ENOENT) {
DEBUG(SSSDBG_OP_FAILURE, "No domains configured!\n");
goto done;
+ } else if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE, "Error retrieving domains list [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto done;
}
ret = confdb_get_bool(cdb, CONFDB_MONITOR_CONF_ENTRY,
--
2.37.3

View File

@ -0,0 +1,39 @@
From 64c22dd1c4f79f953b879fc167b535de928f4bfd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 11 Oct 2022 14:51:53 +0200
Subject: [PATCH 3/6] sss_cache: use ERR_NO_DOMAIN_ENABLED instead of ENOENT
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/tools/sss_cache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 6740e83b0359911824805d565c7c3e5a6d36f68c..79de13ac8725acd4cdde92a8869fcf1a3c289bb3 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -165,7 +165,7 @@ int main(int argc, const char *argv[])
}
ret = init_context(argc, argv, &tctx);
- if (ret == ENOENT) {
+ if (ret == ERR_NO_DOMAIN_ENABLED) {
/* nothing to invalidate; no reason to fail */
ret = EOK;
goto done;
@@ -909,7 +909,7 @@ static errno_t init_context(int argc, const char *argv[],
}
ret = init_domains(ctx, values.domain);
- if (ret == ENOENT && values.domain == NULL) {
+ if (ret == ERR_NO_DOMAIN_ENABLED && values.domain == NULL) {
/* Nothing to invalidate; do not log confusing messages. */
goto fini;
} else if (ret != EOK) {
--
2.37.3

View File

@ -0,0 +1,63 @@
From df55b1f16ea2fb5e56f0fe69419904d50b7e2476 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 12 Oct 2022 14:32:31 +0200
Subject: [PATCH 4/6] confdb: chande debug level when no domain are found in
confdb_get_domains
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We print the error as fatal error in the monitor to make sure the
message is correctly visible. However, the error is not fatal for tools
like sss_cache and it should not be printed there by default.
Since the tools have default debug level set to SSSDBG_FATAL_FAILURE, it
is sufficient to just drop the level to critical.
Resolves: https://github.com/SSSD/sssd/issues/6387
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/confdb/confdb.c | 5 ++---
src/monitor/monitor.c | 5 +++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 3ecdaa3b91e3b550f670768d336e9d7d85bb66e6..cf0476f759827f3e1aa1f445d4e71c09b3ec3239 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1796,11 +1796,10 @@ int confdb_get_domains(struct confdb_ctx *cdb,
ret = confdb_get_enabled_domain_list(cdb, tmp_ctx, &domlist);
if (ret == ENOENT) {
- DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "No domains configured, fatal error!\n");
ret = ERR_NO_DOMAIN_ENABLED;
goto done;
- }
- if (ret != EOK) {
+ } else if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Fatal error retrieving domains list!\n");
goto done;
}
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 511e13971d253bc25cb9a04008c1a363f2182748..2196c2e0b0fdd630335333e7d53026e34302e512 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -2564,9 +2564,10 @@ int main(int argc, const char *argv[])
break;
default:
DEBUG(SSSDBG_FATAL_FAILURE,
- "SSSD couldn't load the configuration database.\n");
+ "SSSD couldn't load the configuration database [%d]: %s\n",
+ ret, sss_strerror(ret));
sss_log(SSS_LOG_CRIT,
- "SSSD couldn't load the configuration database [%d]: %s.\n",
+ "SSSD couldn't load the configuration database [%d]: %s\n",
ret, sss_strerror(ret));
break;
}
--
2.37.3

View File

@ -43,7 +43,7 @@
Name: sssd
Version: 2.8.0
Release: 1%{?dist}
Release: 2%{?dist}
Summary: System Security Services Daemon
License: GPLv3+
URL: https://github.com/SSSD/sssd/
@ -51,6 +51,11 @@ Source0: https://github.com/SSSD/sssd/releases/download/2.8.0/sssd-2.8.0.tar.gz
### Patches ###
Patch0001: 0001-confdb-avoid-syslog-message-when-no-domains-are-enab.patch
Patch0002: 0002-monitor-read-all-enabled-domains-in-add_implicit_ser.patch
Patch0003: 0003-sss_cache-use-ERR_NO_DOMAIN_ENABLED-instead-of-ENOEN.patch
Patch0004: 0004-confdb-chande-debug-level-when-no-domain-are-found-i.patch
### Dependencies ###
Requires: sssd-ad = %{version}-%{release}
@ -1058,6 +1063,9 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
* Mon Oct 24 2022 Pavel Březina <pbrezina@redhat.com> - 2.8.0-2
- Fix regression, syslog is no longer spammed when no SSSD domain is configured (#2133437)
* Fri Oct 7 2022 Pavel Březina <pbrezina@redhat.com> - 2.8.0-1
- Rebase to SSSD 2.8.0