From 8b581624e18d6f232d3174ed112d032bb6deffba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 12 Nov 2013 13:52:40 +0100 Subject: [PATCH 24/31] ad: refactor tokengroups initgroups sdap_get_ad_tokengroups_initgroups is split into more parts so it can be reused later. --- src/providers/ldap/sdap_async.h | 20 +- src/providers/ldap/sdap_async_initgroups.c | 16 +- src/providers/ldap/sdap_async_initgroups_ad.c | 552 ++++++++++++++++---------- 3 files changed, 357 insertions(+), 231 deletions(-) diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index dbf572cdc82b100ba9c26b4853f05db1ba5fa4ed..67623454e675f648259c089acca59258f386ecdb 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -294,17 +294,17 @@ sdap_get_ad_match_rule_initgroups_recv(struct tevent_req *req); struct tevent_req * -sdap_get_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct sdap_options *opts, - struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - struct sdap_handle *sh, - const char *name, - const char *orig_dn, - int timeout); +sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sdap_options *opts, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + struct sdap_handle *sh, + const char *name, + const char *orig_dn, + int timeout); errno_t -sdap_get_ad_tokengroups_initgroups_recv(struct tevent_req *req); +sdap_ad_tokengroups_initgroups_recv(struct tevent_req *req); #endif /* _SDAP_ASYNC_H_ */ diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index c16d484950e06c8474cc38db45b978b624473056..7d5cd2e7cbd86e2eb9774dfee1b8e31edec57b88 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2857,13 +2857,13 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. */ - subreq = sdap_get_ad_tokengroups_initgroups_send(state, state->ev, - state->opts, - state->sysdb, - state->dom, - state->sh, - cname, orig_dn, - state->timeout); + subreq = sdap_ad_tokengroups_initgroups_send(state, state->ev, + state->opts, + state->sysdb, + state->dom, + state->sh, + cname, orig_dn, + state->timeout); } else if (state->opts->support_matching_rule && dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_INITGROUPS)) { @@ -2952,7 +2952,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) case SDAP_SCHEMA_AD: if (state->use_id_mapping && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { - ret = sdap_get_ad_tokengroups_initgroups_recv(subreq); + ret = sdap_ad_tokengroups_initgroups_recv(subreq); } else if (state->opts->support_matching_rule && dp_opt_get_bool(state->opts->basic, diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index e58d93fb2da36febd6074381882192ba9e204e86..7ba155338a358681c1bd201bee1c75f67afb4650 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -298,96 +298,87 @@ sdap_get_ad_match_rule_initgroups_recv(struct tevent_req *req) return EOK; } -struct sdap_ad_tokengroups_initgr_state { +struct sdap_get_ad_tokengroups_state { struct tevent_context *ev; - struct sdap_options *opts; - struct sysdb_ctx *sysdb; - struct sss_domain_info *domain; - struct sdap_handle *sh; + struct sss_idmap_ctx *idmap_ctx; const char *username; + + char **sids; + size_t num_sids; }; -static void -sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *req); +static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq); -struct tevent_req * -sdap_get_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct sdap_options *opts, - struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - struct sdap_handle *sh, - const char *name, - const char *orig_dn, - int timeout) +static struct tevent_req * +sdap_get_ad_tokengroups_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sdap_options *opts, + struct sdap_handle *sh, + const char *name, + const char *orig_dn, + int timeout) { - struct tevent_req *req; - struct tevent_req *subreq; - struct sdap_ad_tokengroups_initgr_state *state; + struct sdap_get_ad_tokengroups_state *state = NULL; + struct tevent_req *req = NULL; + struct tevent_req *subreq = NULL; const char *attrs[] = {AD_TOKENGROUPS_ATTR, NULL}; + errno_t ret; req = tevent_req_create(mem_ctx, &state, - struct sdap_ad_tokengroups_initgr_state); - if (!req) return NULL; + struct sdap_get_ad_tokengroups_state); + if (req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); + return NULL; + } + state->idmap_ctx = opts->idmap_ctx->map; state->ev = ev; - state->opts = opts; - state->sysdb = sysdb; - state->domain = domain; - state->sh = sh; - state->username = name; + state->username = talloc_strdup(state, name); + if (state->username == NULL) { + ret = ENOMEM; + goto immediately; + } + + subreq = sdap_get_generic_send(state, state->ev, opts, sh, orig_dn, + LDAP_SCOPE_BASE, NULL, attrs, + NULL, 0, timeout, false); + if (subreq == NULL) { + ret = ENOMEM; + goto immediately; + } + + tevent_req_set_callback(subreq, sdap_get_ad_tokengroups_done, req); + + return req; - subreq = sdap_get_generic_send( - state, state->ev, state->opts, state->sh, - orig_dn, LDAP_SCOPE_BASE, NULL, attrs, - NULL, 0, timeout, false); - if (!subreq) { - tevent_req_error(req, ENOMEM); - tevent_req_post(req, ev); - return req; +immediately: + if (ret == EOK) { + tevent_req_done(req); + } else { + tevent_req_error(req, ret); } + tevent_req_post(req, ev); - tevent_req_set_callback(subreq, - sdap_get_ad_tokengroups_initgroups_lookup_done, - req); return req; } -static void -sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) +static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq) { - errno_t ret, sret; + TALLOC_CTX *tmp_ctx = NULL; + struct sdap_get_ad_tokengroups_state *state = NULL; + struct tevent_req *req = NULL; + struct sysdb_attrs **users = NULL; + struct ldb_message_element *el = NULL; enum idmap_error_code err; - size_t user_count, group_count, i; - TALLOC_CTX *tmp_ctx; - bool in_transaction = false; char *sid_str = NULL; - gid_t gid; - time_t now; - struct sss_domain_info *group_domain; - struct sysdb_attrs **users; - struct ldb_message_element *el; - struct ldb_message *msg; - struct ldb_dn *group_ldb_dn; - const char *group_str_dn; - char **ldap_grouplist; - char **sysdb_grouplist; - char **add_groups; - char **del_groups; - const char *attrs[] = { SYSDB_NAME, NULL }; - const char *group_name; - struct tevent_req *req = - tevent_req_callback_data(subreq, struct tevent_req); - struct sdap_ad_tokengroups_initgr_state *state = - tevent_req_data(req, struct sdap_ad_tokengroups_initgr_state); + size_t num_users; + size_t i; + errno_t ret; - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - ret = ENOMEM; - goto done; - } + req = tevent_req_callback_data(subreq, struct tevent_req); + state = tevent_req_data(req, struct sdap_get_ad_tokengroups_state); - ret = sdap_get_generic_recv(subreq, tmp_ctx, &user_count, &users); + ret = sdap_get_generic_recv(subreq, tmp_ctx, &num_users, &users); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -395,226 +386,361 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) goto done; } - if (user_count != 1) { + if (num_users != 1) { DEBUG(SSSDBG_MINOR_FAILURE, ("More than one result on a base search!\n")); ret = EINVAL; goto done; } - /* Get the list of group SIDs */ - ret = sysdb_attrs_get_el_ext(users[0], AD_TOKENGROUPS_ATTR, - false, &el); - if (ret != EOK) { - if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_LIBS, - ("No tokenGroups entries for [%s]\n", - state->username)); - /* No groups in LDAP. We need to ensure that the - * sysdb matches. - */ - el = talloc_zero(tmp_ctx, struct ldb_message_element); - if (!el) { - ret = ENOMEM; - goto done; - } - el->num_values = 0; + /* get the list of sids from tokengroups */ + ret = sysdb_attrs_get_el_ext(users[0], AD_TOKENGROUPS_ATTR, false, &el); + if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_LIBS, ("No tokenGroups entries for [%s]\n", + state->username)); - /* This will skip the group-processing loop below - * and proceed to removing any sysdb groups. - */ - } else { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not read tokenGroups attribute: [%s]\n", - strerror(ret))); - goto done; - } + state->sids = NULL; + state->num_sids = 0; + ret = EOK; + goto done; + } else if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not read tokenGroups attribute: " + "[%s]\n", strerror(ret))); + goto done; } - /* Process the groups */ - now = time(NULL); - - ret = sysdb_transaction_start(state->sysdb); - if (ret != EOK) goto done; - in_transaction = true; - - ldap_grouplist = talloc_array(tmp_ctx, char *, el->num_values + 1); - if (!ldap_grouplist) { + state->num_sids = 0; + state->sids = talloc_zero_array(state, char*, el->num_values); + if (state->sids == NULL) { ret = ENOMEM; goto done; } - group_count = 0; + /* convert binary sid to string */ for (i = 0; i < el->num_values; i++) { - /* Get the SID and convert it to a GID */ - - err = sss_idmap_bin_sid_to_sid(state->opts->idmap_ctx->map, - el->values[i].data, - el->values[i].length, - &sid_str); + err = sss_idmap_bin_sid_to_sid(state->idmap_ctx, el->values[i].data, + el->values[i].length, &sid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert binary SID to string: [%s]. Skipping\n", idmap_error_string(err))); continue; } - DEBUG(SSSDBG_TRACE_LIBS, - ("Processing membership SID [%s]\n", - sid_str)); - ret = sdap_idmap_sid_to_unix(state->opts->idmap_ctx, sid_str, - &gid); + + state->sids[i] = talloc_move(state->sids, &sid_str); + state->num_sids++; + } + + /* shrink array to final number of elements */ + state->sids = talloc_realloc(state, state->sids, char*, state->num_sids); + if (state->sids == NULL) { + ret = ENOMEM; + goto done; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + if (ret != EOK) { + tevent_req_error(req, ret); + return; + } + + tevent_req_done(req); +} + +static errno_t sdap_get_ad_tokengroups_recv(TALLOC_CTX *mem_ctx, + struct tevent_req *req, + size_t *_num_sids, + char ***_sids) +{ + struct sdap_get_ad_tokengroups_state *state = NULL; + state = tevent_req_data(req, struct sdap_get_ad_tokengroups_state); + + TEVENT_REQ_RETURN_ON_ERROR(req); + + if (_num_sids != NULL) { + *_num_sids = state->num_sids; + } + + if (_sids != NULL) { + *_sids = talloc_steal(mem_ctx, state->sids); + } + + return EOK; +} + +static errno_t +sdap_ad_tokengroups_update_members(TALLOC_CTX *mem_ctx, + const char *username, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + char **ldap_groups) +{ + TALLOC_CTX *tmp_ctx = NULL; + char **sysdb_groups = NULL; + char **add_groups = NULL; + char **del_groups = NULL; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); + return ENOMEM; + } + + /* Get the current sysdb group list for this user so we can update it. */ + ret = get_sysdb_grouplist_dn(tmp_ctx, sysdb, domain, + username, &sysdb_groups); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the list of groups for " + "[%s] in the sysdb: [%s]\n", username, strerror(ret))); + goto done; + } + + /* Find the differences between the sysdb and LDAP lists. + * Groups in the sysdb only must be removed. */ + ret = diff_string_lists(tmp_ctx, ldap_groups, sysdb_groups, + &add_groups, &del_groups, NULL); + if (ret != EOK) { + goto done; + } + + DEBUG(SSSDBG_TRACE_LIBS, ("Updating memberships for [%s]\n", username)); + + ret = sysdb_update_members_dn(domain->sysdb, domain, username, + SYSDB_MEMBER_USER, + (const char *const *) add_groups, + (const char *const *) del_groups); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Membership update failed [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + +done: + talloc_free(tmp_ctx); + return ret; +} + +struct sdap_ad_tokengroups_initgroups_state { + struct sdap_idmap_ctx *idmap_ctx; + struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; + const char *username; +}; + +static void sdap_ad_tokengroups_initgroups_done(struct tevent_req *subreq); + +struct tevent_req * +sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sdap_options *opts, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + struct sdap_handle *sh, + const char *name, + const char *orig_dn, + int timeout) +{ + struct sdap_ad_tokengroups_initgroups_state *state = NULL; + struct tevent_req *req = NULL; + struct tevent_req *subreq = NULL; + errno_t ret; + + req = tevent_req_create(mem_ctx, &state, + struct sdap_ad_tokengroups_initgroups_state); + if (req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); + return NULL; + } + + state->idmap_ctx = opts->idmap_ctx; + state->sysdb = sysdb; + state->domain = domain; + state->username = talloc_strdup(state, name); + if (state->username == NULL) { + ret = ENOMEM; + goto immediately; + } + + subreq = sdap_get_ad_tokengroups_send(state, ev, opts, sh, name, orig_dn, + timeout); + if (subreq == NULL) { + ret = ENOMEM; + goto immediately; + } + + tevent_req_set_callback(subreq, sdap_ad_tokengroups_initgroups_done, req); + + return req; + +immediately: + if (ret == EOK) { + tevent_req_done(req); + } else { + tevent_req_error(req, ret); + } + tevent_req_post(req, ev); + + return req; +} + +static void sdap_ad_tokengroups_initgroups_done(struct tevent_req *subreq) +{ + TALLOC_CTX *tmp_ctx = NULL; + struct sdap_ad_tokengroups_initgroups_state *state = NULL; + struct tevent_req *req = NULL; + struct sss_domain_info *domain = NULL; + struct ldb_message *msg = NULL; + const char *attrs[] = {SYSDB_NAME, NULL}; + const char *name = NULL; + const char *sid = NULL; + char **sids = NULL; + size_t num_sids; + size_t i; + time_t now; + gid_t gid; + char **groups = NULL; + size_t num_groups; + errno_t ret, sret; + bool in_transaction; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); + ret = ENOMEM; + goto done; + } + + req = tevent_req_callback_data(subreq, struct tevent_req); + state = tevent_req_data(req, struct sdap_ad_tokengroups_initgroups_state); + + ret = sdap_get_ad_tokengroups_recv(state, subreq, &num_sids, &sids); + talloc_zfree(subreq); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to acquire tokengroups [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + + num_groups = 0; + groups = talloc_zero_array(tmp_ctx, char*, num_sids + 1); + if (groups == NULL) { + ret = ENOMEM; + goto done; + } + + now = time(NULL); + ret = sysdb_transaction_start(state->sysdb); + if (ret != EOK) { + goto done; + } + in_transaction = true; + + for (i = 0; i < num_sids; i++) { + sid = sids[i]; + DEBUG(SSSDBG_TRACE_LIBS, ("Processing membership SID [%s]\n", sid)); + + ret = sdap_idmap_sid_to_unix(state->idmap_ctx, sid, &gid); if (ret == ENOTSUP) { DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n")); ret = EOK; continue; } else if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not convert SID to GID: [%s]. Skipping\n", - strerror(ret))); + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert SID to GID: [%s]. " + "Skipping\n", strerror(ret))); continue; } - group_domain = find_subdomain_by_sid(get_domains_head(state->domain), - sid_str); - if (group_domain == NULL) { - DEBUG(SSSDBG_MINOR_FAILURE, ("Domain not found for SID %s\n", - sid_str)); + domain = find_subdomain_by_sid(get_domains_head(state->domain), sid); + if (domain == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Domain not found for SID %s\n", sid)); continue; } - DEBUG(SSSDBG_TRACE_LIBS, - ("Processing membership GID [%"SPRIgid"]\n", gid)); + DEBUG(SSSDBG_TRACE_LIBS, ("SID [%s] maps to GID [%"SPRIgid"]\n", + sid, gid)); /* Check whether this GID already exists in the sysdb */ - ret = sysdb_search_group_by_gid(tmp_ctx, group_domain->sysdb, - group_domain, gid, attrs, &msg); + ret = sysdb_search_group_by_gid(tmp_ctx, domain->sysdb, domain, + gid, attrs, &msg); if (ret == EOK) { - group_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); - if (!group_name) { + name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + if (name == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not retrieve group name from sysdb\n")); ret = EINVAL; goto done; } } else if (ret == ENOENT) { - /* This is a new group. For now, we will store it - * under the name of its SID. When a direct lookup of - * the group or its GID occurs, it will replace this - * temporary entry. - */ - - group_name = sid_str; - ret = sysdb_add_incomplete_group(group_domain->sysdb, - group_domain, - group_name, gid, - NULL, sid_str, false, now); + /* This is a new group. For now, we will store it under the name + * of its SID. When a direct lookup of the group or its GID occurs, + * it will replace this temporary entry. */ + name = sid; + ret = sysdb_add_incomplete_group(domain->sysdb, domain, name, gid, + NULL, sid, false, now); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not create incomplete group: [%s]\n", - strerror(ret))); + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not create incomplete " + "group: [%s]\n", strerror(ret))); goto done; } } else { /* Unexpected error */ - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not look up group in sysdb: [%s]\n", - strerror(ret))); + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not look up group in sysdb: " + "[%s]\n", strerror(ret))); goto done; } - group_ldb_dn = sysdb_group_dn(group_domain->sysdb, tmp_ctx, - group_domain, group_name); - if (group_ldb_dn == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_group_dn() failed\n")); + groups[num_groups] = sysdb_group_strdn(tmp_ctx, domain->name, name); + if (groups[num_groups] == NULL) { ret = ENOMEM; goto done; } - - group_str_dn = ldb_dn_get_linearized(group_ldb_dn); - if (group_str_dn == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("ldb_dn_get_linearized() failed\n")); - ret = EINVAL; - goto done; - } - - ldap_grouplist[group_count] = - talloc_strdup(ldap_grouplist, group_str_dn); - if (!ldap_grouplist[group_count]) { - ret = ENOMEM; - goto done; - } - - talloc_zfree(group_ldb_dn); /* also frees group_str_dn */ - group_str_dn = NULL; - - group_count++; - } - ldap_grouplist[group_count] = NULL; - - /* Get the current sysdb group list for this user - * so we can update it. - */ - ret = get_sysdb_grouplist_dn(state, state->sysdb, state->domain, - state->username, &sysdb_grouplist); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not get the list of groups for [%s] in the sysdb: " - "[%s]\n", - state->username, strerror(ret))); - goto done; + num_groups++; } - /* Find the differences between the sysdb and LDAP lists - * Groups in the sysdb only must be removed. - */ - ret = diff_string_lists(tmp_ctx, ldap_grouplist, sysdb_grouplist, - &add_groups, &del_groups, NULL); - if (ret != EOK) goto done; + groups[num_groups] = NULL; - DEBUG(SSSDBG_TRACE_LIBS, - ("Updating memberships for [%s]\n", state->username)); - ret = sysdb_update_members_dn(state->sysdb, state->domain, - state->username, SYSDB_MEMBER_USER, - (const char *const *) add_groups, - (const char *const *) del_groups); + ret = sdap_ad_tokengroups_update_members(state, state->username, + state->sysdb, state->domain, + groups); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Membership update failed [%d]: %s\n", - ret, strerror(ret))); + DEBUG(SSSDBG_MINOR_FAILURE, ("Membership update failed [%d]: %s\n", + ret, strerror(ret))); goto done; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("Could not commit transaction! [%s]\n", - strerror(ret))); + DEBUG(SSSDBG_CRIT_FAILURE, ("Could not commit transaction! [%s]\n", + strerror(ret))); goto done; } in_transaction = false; done: - sss_idmap_free_sid(state->opts->idmap_ctx->map, sid_str); + talloc_free(tmp_ctx); if (in_transaction) { sret = sysdb_transaction_cancel(state->sysdb); - DEBUG(SSSDBG_FATAL_FAILURE, - ("Could not cancel transaction! [%s]\n", - strerror(sret))); + DEBUG(SSSDBG_FATAL_FAILURE, ("Could not cancel transaction! [%s]\n", + strerror(sret))); } - if (ret == EOK) { - tevent_req_done(req); - } else { + if (ret != EOK) { tevent_req_error(req, ret); + return; } - talloc_free(tmp_ctx); - return; + + tevent_req_done(req); } -errno_t -sdap_get_ad_tokengroups_initgroups_recv(struct tevent_req *req) +errno_t sdap_ad_tokengroups_initgroups_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); + return EOK; } -- 1.8.4.2