From b9460652c3ab86b1b0cfe1e8ea868e6e0bb492ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Mon, 1 May 2017 14:49:50 +0200
Subject: [PATCH 166/166] LDAP/AD: Do not fail in case
rfc2307bis_nested_groups_recv() returns ENOENT
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit 25699846 introduced a regression seen when an initgroup lookup is
done and there's no nested groups involved.
In this scenario the whole lookup fails due to an ENOENT returned by
rfc2307bis_nested_groups_recv(), which leads to the user removal from
sysdb causing some authentication issues.
Resolves:
https://pagure.io/SSSD/sssd/issue/3331
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit df4b24bed15f45bf286fb0102fd397218fdd4186)
(cherry picked from commit 4540d9f6817c78eef7b6e2d79245434811b59ad9)
---
src/providers/ldap/sdap_async_initgroups_ad.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 1fee4ab43a6c13803a088ffa4695dde7f39b3d2b..904cffd820fa1f0aeb86929b41b0d7523f36d315 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -1746,7 +1746,13 @@ static void sdap_ad_get_domain_local_groups_done(struct tevent_req *subreq)
ret = rfc2307bis_nested_groups_recv(subreq);
talloc_zfree(subreq);
- if (ret != EOK) {
+ if (ret == ENOENT) {
+ /* In case of ENOENT we can just proceed without making
+ * sdap_get_initgr_user() fail because there's no nested
+ * groups for this user/group. */
+ ret = EOK;
+ goto done;
+ } else if (ret != EOK) {
tevent_req_error(req, ret);
return;
}
--
2.9.3