From 4b59b0af3d97b2a6b0acc08fa80377a5f59e5bfe Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Fri, 8 Oct 2021 12:44:37 +0200

Subject: [PATCH 78/83] ad: require name when looking up root domain

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

To properly identify the forest root domain the name of this domain is

needed. It is discovered with a cldap-ping requesting the netlogon

attribute. If the name is missing it does not make sense to proceed

further because there is currently no other way to determine the forest

root domain.

Resolves: https://github.com/SSSD/sssd/issues/5820

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

(cherry picked from commit b37e2713a9b86936f5b82a17e47757562900b911)

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

---

 src/providers/ad/ad_subdomains.c | 7 ++++++-

 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c

index 6b98cdf1d..5be7c2003 100644

--- a/src/providers/ad/ad_subdomains.c

+++ b/src/providers/ad/ad_subdomains.c

@@ -1431,7 +1431,12 @@ ad_get_root_domain_send(TALLOC_CTX *mem_ctx,

         return NULL;

     }

-    if (forest != NULL && strcasecmp(domain, forest) == 0) {

+    if (forest == NULL) {

+        DEBUG(SSSDBG_OP_FAILURE, "Name of forest root domain not available, l"

+                                 "using cached data, if available.\n");

+        ret = EINVAL;

+        goto immediately;

+    } else if (strcasecmp(domain, forest) == 0) {

         state->root_id_ctx = sd_ctx->ad_id_ctx;

         state->root_domain_attrs = NULL;

         ret = EOK;

-- 

2.26.3