From b9460652c3ab86b1b0cfe1e8ea868e6e0bb492ad Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>

Date: Mon, 1 May 2017 14:49:50 +0200

Subject: [PATCH 166/166] LDAP/AD: Do not fail in case

 rfc2307bis_nested_groups_recv() returns ENOENT

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Commit 25699846 introduced a regression seen when an initgroup lookup is

done and there's no nested groups involved.

In this scenario the whole lookup fails due to an ENOENT returned by

rfc2307bis_nested_groups_recv(), which leads to the user removal from

sysdb causing some authentication issues.

Resolves:

https://pagure.io/SSSD/sssd/issue/3331

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>

(cherry picked from commit df4b24bed15f45bf286fb0102fd397218fdd4186)

(cherry picked from commit 4540d9f6817c78eef7b6e2d79245434811b59ad9)

---

 src/providers/ldap/sdap_async_initgroups_ad.c | 8 +++++++-

 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c

index 1fee4ab43a6c13803a088ffa4695dde7f39b3d2b..904cffd820fa1f0aeb86929b41b0d7523f36d315 100644

--- a/src/providers/ldap/sdap_async_initgroups_ad.c

+++ b/src/providers/ldap/sdap_async_initgroups_ad.c

@@ -1746,7 +1746,13 @@ static void sdap_ad_get_domain_local_groups_done(struct tevent_req *subreq)

     ret = rfc2307bis_nested_groups_recv(subreq);

     talloc_zfree(subreq);

-    if (ret != EOK) {

+    if (ret == ENOENT) {

+        /* In case of ENOENT we can just proceed without making

+         * sdap_get_initgr_user() fail because there's no nested

+         * groups for this user/group. */

+        ret = EOK;

+        goto done;

+    } else if (ret != EOK) {

         tevent_req_error(req, ret);

         return;

     }

-- 

2.9.3