|
 |
8ed14c |
From 75a5e1c7a80eaa921cb0b0531d685c9c7ed12127 Mon Sep 17 00:00:00 2001
|
|
|
8ed14c |
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
|
8ed14c |
Date: Mon, 14 Jun 2021 21:25:23 +0200
|
|
|
8ed14c |
Subject: [PATCH 1/4] krb5_child: reduce log severity in sss_send_pac() in case
|
|
|
8ed14c |
PAC responder isn't running.
|
|
|
8ed14c |
MIME-Version: 1.0
|
|
|
8ed14c |
Content-Type: text/plain; charset=UTF-8
|
|
|
8ed14c |
Content-Transfer-Encoding: 8bit
|
|
|
8ed14c |
|
|
|
8ed14c |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
8ed14c |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
8ed14c |
---
|
|
|
8ed14c |
src/providers/krb5/krb5_child.c | 5 ++++-
|
|
|
8ed14c |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
8ed14c |
|
|
|
8ed14c |
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
|
|
|
8ed14c |
index 713e90f83..4e55d9a37 100644
|
|
|
8ed14c |
--- a/src/providers/krb5/krb5_child.c
|
|
|
8ed14c |
+++ b/src/providers/krb5/krb5_child.c
|
|
|
8ed14c |
@@ -223,7 +223,10 @@ static errno_t sss_send_pac(krb5_authdata **pac_authdata)
|
|
|
8ed14c |
|
|
|
8ed14c |
ret = sss_pac_make_request(SSS_PAC_ADD_PAC_USER, &sss_data,
|
|
|
8ed14c |
NULL, NULL, &errnop);
|
|
|
8ed14c |
- if (ret != NSS_STATUS_SUCCESS || errnop != 0) {
|
|
|
8ed14c |
+ if (ret == NSS_STATUS_UNAVAIL) {
|
|
|
8ed14c |
+ DEBUG(SSSDBG_MINOR_FAILURE, "failed to contact PAC responder\n");
|
|
|
8ed14c |
+ return EIO;
|
|
|
8ed14c |
+ } else if (ret != NSS_STATUS_SUCCESS || errnop != 0) {
|
|
|
8ed14c |
DEBUG(SSSDBG_OP_FAILURE, "sss_pac_make_request failed [%d][%d].\n",
|
|
|
8ed14c |
ret, errnop);
|
|
|
8ed14c |
return EIO;
|
|
|
8ed14c |
--
|
|
|
8ed14c |
2.26.3
|
|
|
8ed14c |
|
|
|
8ed14c |
|
|
|
8ed14c |
From 9cfcbe6edc451d7187e0a89a6a5bd7125a10f1c8 Mon Sep 17 00:00:00 2001
|
|
|
8ed14c |
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
|
8ed14c |
Date: Mon, 14 Jun 2021 21:47:52 +0200
|
|
|
8ed14c |
Subject: [PATCH 2/4] secrets: reduce log severity in local_db_create() in case
|
|
|
8ed14c |
entry already exists since this is expected during normal oprations.
|
|
|
8ed14c |
MIME-Version: 1.0
|
|
|
8ed14c |
Content-Type: text/plain; charset=UTF-8
|
|
|
8ed14c |
Content-Transfer-Encoding: 8bit
|
|
|
8ed14c |
|
|
|
8ed14c |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
8ed14c |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
8ed14c |
---
|
|
|
8ed14c |
src/util/secrets/secrets.c | 2 +-
|
|
|
8ed14c |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
8ed14c |
|
|
|
8ed14c |
diff --git a/src/util/secrets/secrets.c b/src/util/secrets/secrets.c
|
|
|
8ed14c |
index 6e99e291d..f12b615f8 100644
|
|
|
8ed14c |
--- a/src/util/secrets/secrets.c
|
|
|
8ed14c |
+++ b/src/util/secrets/secrets.c
|
|
|
8ed14c |
@@ -476,7 +476,7 @@ static int local_db_create(struct sss_sec_req *req)
|
|
|
8ed14c |
ret = ldb_add(req->sctx->ldb, msg);
|
|
|
8ed14c |
if (ret != LDB_SUCCESS) {
|
|
|
8ed14c |
if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
|
|
|
8ed14c |
- DEBUG(SSSDBG_OP_FAILURE,
|
|
|
8ed14c |
+ DEBUG(SSSDBG_FUNC_DATA,
|
|
|
8ed14c |
"Secret %s already exists\n", ldb_dn_get_linearized(msg->dn));
|
|
|
8ed14c |
} else {
|
|
|
8ed14c |
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
8ed14c |
--
|
|
|
8ed14c |
2.26.3
|
|
|
8ed14c |
|
|
|
8ed14c |
|
|
|
8ed14c |
From 32a1fbfb262ea9657fa268f7ce09ef6e942b0829 Mon Sep 17 00:00:00 2001
|
|
|
8ed14c |
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
|
8ed14c |
Date: Mon, 14 Jun 2021 21:56:16 +0200
|
|
|
8ed14c |
Subject: [PATCH 3/4] KCM: use SSSDBG_MINOR_FAILURE for
|
|
|
8ed14c |
ERR_KCM_OP_NOT_IMPLEMENTED
|
|
|
8ed14c |
MIME-Version: 1.0
|
|
|
8ed14c |
Content-Type: text/plain; charset=UTF-8
|
|
|
8ed14c |
Content-Transfer-Encoding: 8bit
|
|
|
8ed14c |
|
|
|
8ed14c |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
8ed14c |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
8ed14c |
---
|
|
|
8ed14c |
src/responder/kcm/kcmsrv_cmd.c | 13 +++++++++----
|
|
|
8ed14c |
src/responder/kcm/kcmsrv_ops.c | 2 +-
|
|
|
8ed14c |
2 files changed, 10 insertions(+), 5 deletions(-)
|
|
|
8ed14c |
|
|
|
8ed14c |
diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c
|
|
|
8ed14c |
index 3ad17ef43..49518920b 100644
|
|
|
8ed14c |
--- a/src/responder/kcm/kcmsrv_cmd.c
|
|
|
8ed14c |
+++ b/src/responder/kcm/kcmsrv_cmd.c
|
|
|
8ed14c |
@@ -195,7 +195,7 @@ static errno_t kcm_input_parse(struct kcm_reqbuf *reqbuf,
|
|
|
8ed14c |
|
|
|
8ed14c |
op_io->op = kcm_get_opt(be16toh(opcode_be));
|
|
|
8ed14c |
if (op_io->op == NULL) {
|
|
|
8ed14c |
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
8ed14c |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
8ed14c |
"Did not find a KCM operation handler for the requested opcode\n");
|
|
|
8ed14c |
return ERR_KCM_OP_NOT_IMPLEMENTED;
|
|
|
8ed14c |
}
|
|
|
8ed14c |
@@ -312,7 +312,8 @@ static void kcm_reply_error(struct cli_ctx *cctx,
|
|
|
8ed14c |
errno_t ret;
|
|
|
8ed14c |
krb5_error_code kerr;
|
|
|
8ed14c |
|
|
|
8ed14c |
- DEBUG(SSSDBG_OP_FAILURE,
|
|
|
8ed14c |
+ DEBUG(retcode == ERR_KCM_OP_NOT_IMPLEMENTED ?
|
|
|
8ed14c |
+ SSSDBG_MINOR_FAILURE : SSSDBG_OP_FAILURE,
|
|
|
8ed14c |
"KCM operation returns failure [%d]: %s\n",
|
|
|
8ed14c |
retcode, sss_strerror(retcode));
|
|
|
8ed14c |
kerr = sss2krb5_error(retcode);
|
|
|
8ed14c |
@@ -405,8 +406,12 @@ static void kcm_cmd_request_done(struct tevent_req *req)
|
|
|
8ed14c |
&req_ctx->op_io.reply);
|
|
|
8ed14c |
talloc_free(req);
|
|
|
8ed14c |
if (ret != EOK) {
|
|
|
8ed14c |
- DEBUG(SSSDBG_OP_FAILURE,
|
|
|
8ed14c |
- "KCM operation failed [%d]: %s\n", ret, sss_strerror(ret));
|
|
|
8ed14c |
+ if (ret == ERR_KCM_OP_NOT_IMPLEMENTED) {
|
|
|
8ed14c |
+ DEBUG(SSSDBG_MINOR_FAILURE, "%s\n", sss_strerror(ret));
|
|
|
8ed14c |
+ } else {
|
|
|
8ed14c |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
8ed14c |
+ "KCM operation failed [%d]: %s\n", ret, sss_strerror(ret));
|
|
|
8ed14c |
+ }
|
|
|
8ed14c |
kcm_reply_error(req_ctx->cctx, ret, &req_ctx->repbuf);
|
|
|
8ed14c |
return;
|
|
|
8ed14c |
}
|
|
|
8ed14c |
diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c
|
|
|
8ed14c |
index a8f49cedb..f7f80d850 100644
|
|
|
8ed14c |
--- a/src/responder/kcm/kcmsrv_ops.c
|
|
|
8ed14c |
+++ b/src/responder/kcm/kcmsrv_ops.c
|
|
|
8ed14c |
@@ -122,7 +122,7 @@ struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx,
|
|
|
8ed14c |
}
|
|
|
8ed14c |
|
|
|
8ed14c |
if (op->fn_send == NULL) {
|
|
|
8ed14c |
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
8ed14c |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
8ed14c |
"KCM op %s has no handler\n", kcm_opt_name(op));
|
|
|
8ed14c |
ret = ERR_KCM_OP_NOT_IMPLEMENTED;
|
|
|
8ed14c |
goto immediate;
|
|
|
8ed14c |
--
|
|
|
8ed14c |
2.26.3
|
|
|
8ed14c |
|
|
|
8ed14c |
|
|
|
8ed14c |
From 5ead448c859860a4eb57a529a5b85eca1815e73a Mon Sep 17 00:00:00 2001
|
|
|
8ed14c |
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
|
8ed14c |
Date: Mon, 14 Jun 2021 22:04:21 +0200
|
|
|
8ed14c |
Subject: [PATCH 4/4] KCM: reduce log severity in sec_get() in case entry not
|
|
|
8ed14c |
found
|
|
|
8ed14c |
MIME-Version: 1.0
|
|
|
8ed14c |
Content-Type: text/plain; charset=UTF-8
|
|
|
8ed14c |
Content-Transfer-Encoding: 8bit
|
|
|
8ed14c |
|
|
|
8ed14c |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
8ed14c |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
8ed14c |
---
|
|
|
8ed14c |
src/responder/kcm/kcmsrv_ccache_secdb.c | 2 +-
|
|
|
8ed14c |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
8ed14c |
|
|
|
8ed14c |
diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c
|
|
|
8ed14c |
index 6c8c35b86..4631bfea0 100644
|
|
|
8ed14c |
--- a/src/responder/kcm/kcmsrv_ccache_secdb.c
|
|
|
8ed14c |
+++ b/src/responder/kcm/kcmsrv_ccache_secdb.c
|
|
|
8ed14c |
@@ -58,7 +58,7 @@ static errno_t sec_get(TALLOC_CTX *mem_ctx,
|
|
|
8ed14c |
|
|
|
8ed14c |
ret = sss_sec_get(tmp_ctx, req, &data, &len, &datatype);
|
|
|
8ed14c |
if (ret != EOK) {
|
|
|
8ed14c |
- DEBUG(SSSDBG_OP_FAILURE,
|
|
|
8ed14c |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
8ed14c |
"Cannot retrieve the secret [%d]: %s\n", ret, sss_strerror(ret));
|
|
|
8ed14c |
goto done;
|
|
|
8ed14c |
}
|
|
|
8ed14c |
--
|
|
|
8ed14c |
2.26.3
|
|
|
8ed14c |
|