File 0039-sss_cache-Do-not-fail-for-missing-domains.patch of Package sssd.24394

From 622a518995865a949ba25ed3d097987eb2bc85be Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Fri, 25 Jan 2019 12:13:45 +0100
Subject: [PATCH 1/3] sss_cache: Do not fail for missing domains

The conf.db needn't exist(sssd has never been started) and in such situation
sss_cache failed when trying to invalidate all entries.

There is nothing to invalidate and therefore we are already in state
which we want to achieve with calling sss_cache.
No reason to fail.

Resolves:
https://pagure.io/SSSD/sssd/issue/3919

Merges: https://pagure.io/SSSD/sssd/pull-request/3926

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/confdb/confdb.c   |  2 +-
 src/tools/sss_cache.c | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index cef9831eb..d89254b3f 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1511,7 +1511,7 @@ int confdb_get_domains(struct confdb_ctx *cdb,
                                     CONFDB_MONITOR_ACTIVE_DOMAINS,
                                     &domlist);
     if (ret == ENOENT) {
-        DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured, fatal error!\n");
+        DEBUG(SSSDBG_MINOR_FAILURE, "No domains configured, fatal error!\n");
         goto done;
     }
     if (ret != EOK ) {
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 8a40b38c0..eb310d39a 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -148,7 +148,11 @@ int main(int argc, const char *argv[])
     struct sss_domain_info *dinfo;
 
     ret = init_context(argc, argv, &tctx);
-    if (ret != EOK) {
+    if (ret == ENOENT) {
+        /* nothing to invalidate; no reason to fail */
+        ret = EOK;
+        goto done;
+    } else if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE,
               "Error initializing context for the application\n");
         goto done;
@@ -847,7 +851,10 @@ static errno_t init_context(int argc, const char *argv[],
     }
 
     ret = init_domains(ctx, values.domain);
-    if (ret != EOK) {
+    if (ret == ENOENT) {
+        /* Nothing to invalidate; do not log confusing messages. */
+        goto fini;
+    } else if (ret != EOK) {
         if (values.domain) {
             ERROR("Could not open domain %1$s. If the domain is a subdomain "
                   "(trusted domain), use fully qualified name instead of "
-- 
2.31.1


From 55cee526cd57efb399bf55e4756e81663d0908e2 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Fri, 25 Jan 2019 12:17:59 +0100
Subject: [PATCH 2/3] sss_cache: Do not fail if noting was cached

It might happen that we have some domains in conf.db but nothing
has been cached yet. sss_cache failed in such situation,

bash-4.4# sss_cache -E
No cache object matched the specified search
bash-4.4# echo $?
2

Because there is nothing to invalidate and so we are already in state
which we want to achieve with calling sss_cache.
There is no reason to fail.

We will still fail for invalidating particular entry. User might have a
typo in the name and should be informed about possible mistake.

bash-4.4# sss_cache -u test_user
No cache object matched the specified search
bash-4.4# echo $?
2

Resolves:
https://pagure.io/SSSD/sssd/issue/3919

Merges: https://pagure.io/SSSD/sssd/pull-request/3926

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/tools/sss_cache.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index eb310d39a..b6ff87402 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -488,6 +488,13 @@ static bool invalidate_entries(TALLOC_CTX *ctx,
         if (ret == ENOENT) {
             DEBUG(SSSDBG_TRACE_FUNC, "'%s' %s: Not found in domain '%s'\n",
                   type_string, name ? name : "", dinfo->name);
+            if (name == NULL) {
+                /* nothing to invalidate in that domain, no reason to fail */
+                return true;
+            } else {
+                /* we failed to invalidate explicit name; inform about it */
+                return false;
+            }
         } else {
             DEBUG(SSSDBG_CRIT_FAILURE,
                   "Searching for %s in domain %s with filter %s failed\n",
-- 
2.31.1


From 7ea4f2168a4e7898f034b267656f8785f26eacca Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Fri, 1 Feb 2019 19:17:08 +0100
Subject: [PATCH 3/3] sss_cache: Fail if unknown domain is passed in parameter

If sss_cache is called with --domain parameter we should fail
in case of unknown domain. It might be a typo and user should know
about such case.

Resolves:
https://pagure.io/SSSD/sssd/issue/3919

Merges: https://pagure.io/SSSD/sssd/pull-request/3940

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/tools/sss_cache.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index b6ff87402..6bdcf610c 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -152,6 +152,12 @@ int main(int argc, const char *argv[])
         /* nothing to invalidate; no reason to fail */
         ret = EOK;
         goto done;
+    } else if (ret == ERR_DOMAIN_NOT_FOUND) {
+        /* Cannot find domain specified in the parameter --domain.
+         * It might be a typo and therefore we will fail.
+         */
+        ret = ENOENT;
+        goto done;
     } else if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE,
               "Error initializing context for the application\n");
@@ -858,7 +864,7 @@ static errno_t init_context(int argc, const char *argv[],
     }
 
     ret = init_domains(ctx, values.domain);
-    if (ret == ENOENT) {
+    if (ret == ENOENT && values.domain == NULL) {
         /* Nothing to invalidate; do not log confusing messages. */
         goto fini;
     } else if (ret != EOK) {
@@ -866,6 +872,7 @@ static errno_t init_context(int argc, const char *argv[],
             ERROR("Could not open domain %1$s. If the domain is a subdomain "
                   "(trusted domain), use fully qualified name instead of "
                   "--domain/-d parameter.\n", values.domain);
+            ret = ERR_DOMAIN_NOT_FOUND;
         } else {
             ERROR("Could not open available domains\n");
         }
-- 
2.31.1

openSUSE Build Service is sponsored by