diff options
author | Sumit Bose <sbose@redhat.com> | 2015-03-20 18:41:52 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-26 11:43:09 +0100 |
commit | a3568a96411e819f4c00b1a6c6633707427658d2 (patch) | |
tree | 4af9e96e3702abc32379dc63dabb9d6c1130e815 | |
parent | 45635162563e07d1c302e197c439b14ba32b04b8 (diff) | |
download | sssd-a3568a96411e819f4c00b1a6c6633707427658d2.tar.gz sssd-a3568a96411e819f4c00b1a6c6633707427658d2.tar.xz sssd-a3568a96411e819f4c00b1a6c6633707427658d2.zip |
GPO: error out instead of leaving array element uninitialized
In general every object created by the AD provider should have a SID
attribute. Since SIDs and GPOs are used for access control a missing SID
should be treated as error for now until it is known if there is a valid
reason why the SID is missing.
Resolves https://fedorahosted.org/sssd/ticket/2608
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 4cfab2330323834574c179f774a0c6b1fff4936e)
-rw-r--r-- | src/providers/ad/ad_gpo.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index c45b7963e..69ff6daaa 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -581,7 +581,10 @@ ad_gpo_get_sids(TALLOC_CTX *mem_ctx, group_sid = ldb_msg_find_attr_as_string(res->msgs[i+1], SYSDB_SID_STR, NULL); if (group_sid == NULL) { - continue; + DEBUG(SSSDBG_CRIT_FAILURE, "Missing SID for cache entry [%s].\n", + ldb_dn_get_linearized(res->msgs[i+1]->dn)); + ret = EINVAL; + goto done; } group_sids[i] = talloc_steal(group_sids, group_sid); |