[Pkg-sssd-devel] Bug#892315: sssd: secrets service does not work due to lack of /var/lib/sss/secrets

Thu Mar 8 08:04:30 UTC 2018

Package: sssd
Version: 1.16.0-5
Severity: normal

Dear Maintainer,

The (socket activated) secrets service doesn't work because it can't
create a secrets database due to the lack of the /var/lib/sss/secrets
directory.

Right after installation, if you try to access it like this for example:

$ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XGET http://localhost/secrets/
<html>
<head>
<title>500 Internal Server Error</title></head>
<body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error.</p>

/var/log/syslog log shows:
Mar  8 07:38:58 sid-sssd sssd_secrets[6272]: ltdb: tdb(/var/lib/sss/secrets/secrets.ldb): tdb_open_ex: could not open file /var/lib/sss/secrets/secrets.ldb: No such file or directory
Mar  8 07:38:58 sid-sssd sssd_secrets[6272]: Unable to open tdb '/var/lib/sss/secrets/secrets.ldb': No such file or directory
Mar  8 07:38:58 sid-sssd sssd_secrets[6272]: Failed to connect to '/var/lib/sss/secrets/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/sss/secrets/secrets.ldb': No such file or directory

Once that directory is created, the service works:

# mkdir -m 0700 /var/lib/sss/secrets

$ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XGET http://localhost/secrets/
<html>
<head>
<title>404 Not Found</title></head>
<body>
<h1>Not Found</h1>
<p>The requested resource was not found.</p>

And you can create secrets:
$ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XPUT http://localhost/secrets/foo -d'{"type":"simple","value":"foosecret"}'
<html>
<head>
<title>200 OK</title></head>
<body>
<h1>OK</h1>
<p>Success</p>

root at sid-sssd:~# ls -lah /var/lib/sss/secrets/
total 5.5K
drwx------ 2 root root    4 Mar  8 08:02 .
drwxr-xr-x 9 root root    9 Mar  8 08:02 ..
-rw------- 1 root root   32 Mar  8 08:02 .secrets.mkey
-rw------- 1 root root 1.3M Mar  8 08:03 secrets.ldb

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-36-generic (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sssd depends on:
ii  python3-sss  1.16.0-5
ii  sssd-ad      1.16.0-5
ii  sssd-common  1.16.0-5
ii  sssd-ipa     1.16.0-5
ii  sssd-krb5    1.16.0-5
ii  sssd-ldap    1.16.0-5
ii  sssd-proxy   1.16.0-5

sssd recommends no packages.

sssd suggests no packages.

-- no debconf information