diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-03-20 18:41:52 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-23 07:47:02 +0100 |
| commit | 4cfab2330323834574c179f774a0c6b1fff4936e (patch) | |
| tree | 1856d55e5b361e576e22ee38c6da5200e539d2bf /src | |
| parent | 1d93029624d708119bbf803e6647a2cbb271f001 (diff) | |
| download | sssd-4cfab2330323834574c179f774a0c6b1fff4936e.tar.gz sssd-4cfab2330323834574c179f774a0c6b1fff4936e.tar.xz sssd-4cfab2330323834574c179f774a0c6b1fff4936e.zip | |
GPO: error out instead of leaving array element uninitialized
In general every object created by the AD provider should have a SID
attribute. Since SIDs and GPOs are used for access control a missing SID
should be treated as error for now until it is known if there is a valid
reason why the SID is missing.
Resolves https://fedorahosted.org/sssd/ticket/2608
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ad/ad_gpo.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index a9879b41b..ecb65a8cf 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -581,7 +581,10 @@ ad_gpo_get_sids(TALLOC_CTX *mem_ctx, group_sid = ldb_msg_find_attr_as_string(res->msgs[i+1], SYSDB_SID_STR, NULL); if (group_sid == NULL) { - continue; + DEBUG(SSSDBG_CRIT_FAILURE, "Missing SID for cache entry [%s].\n", + ldb_dn_get_linearized(res->msgs[i+1]->dn)); + ret = EINVAL; + goto done; } group_sids[i] = talloc_steal(group_sids, group_sid); |