URL: https://github.com/SSSD/sssd/pull/5766 Title: #5766: Sources cleanup - part 3.
alexey-tikhonov commented: """ > After upgrade from json-ed ccache I got: > > ``` > [pbrezina /dev/shm/sssd]$ klist > klist: Internal credentials cache error > ``` This happens one time: ``` (2021-09-25 11:40:48): [kcm] [ccdb_secdb_list_send] (0x2000): Listing all ccaches (2021-09-25 11:40:48): [kcm] [sss_sec_list] (0x0400): Listing keys at [persistent/0/ccache/] (2021-09-25 11:40:48): [kcm] [local_dn_to_path] (0x2000): Secrets path for [cn=77aa5f1e-dd99-4479-9d5a-a1641f346505-0,cn=ccache,cn=0,cn=persistent,cn=kcm] is [77aa5f1e-dd99-4479-9d5a-a1641f346505-0] (2021-09-25 11:40:48): [kcm] [sss_sec_list] (0x1000): Returning 1 secrets (2021-09-25 11:40:48): [kcm] [ccdb_secdb_list_send] (0x2000): Found 1 ccaches ... (2021-09-25 11:40:48): [kcm] [kcm_cmd_send] (0x0400): KCM operation GET_PRINCIPAL (2021-09-25 11:40:48): [kcm] [sss_sec_get] (0x0400): Retrieving a secret from [persistent/0/ccache/77aa5f1e-dd99-4479-9d5a-a1641f346505-0] (2021-09-25 11:40:48): [kcm] [secdb_get_cc] (0x0040): Cannot convert data to ccache [12]: Cannot allocate memory, deleting this entry (2021-09-25 11:40:48): [kcm] [sss_sec_delete] (0x0400): Removing a secret from [persistent/0/ccache/77aa5f1e-dd99-4479-9d5a-a1641f346505-0] (2021-09-25 11:40:48): [kcm] [kcm_reply_error] (0x0040): KCM operation returns failure [2]: No such file or directory (2021-09-25 11:40:48): [kcm] [kcm_failbuf_construct] (0x1000): Sent reply with error -1765328188 ``` -- `sss_sec_list()` finds ccache in old format but later `sss_sec_get()` fails for this key and deletes this entry, so second `klist` doesn't fail. Options are: - try to convert ccache in `sss_sec_list()` and delete malformed entries there: unconditional perf overhead to remove outdated entries once (if any) - patch `sss2krb5_error()` to translate `ENOENT` to `KRB5_CC_NOTFOUND`. Result will be different output: ``` # klist klist: Matching credential not found ``` -- looks a little bit better, but I'm not sure this conversion is a right thing in other possible scenarios -- leave it as is. IIRC, ccaches in old format aren't created since F32 and I think we aren't going to rebase Fedora older than 35 on new 2.6 release (is this correct?) So I think chances to meet ccache in old format on F35+ are low and perhaps we can tolerate this one-time error output of klist in this case... """ See the full comment at https://github.com/SSSD/sssd/pull/5766#issuecomment-927148719
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure