From aed255dd1ae6ec40ca15a53c38a13354dd5c88e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pcech@redhat.com>
Date: Wed, 16 Nov 2016 10:09:18 +0100
Subject: [PATCH 153/153] SYSDB: Fixing of sudorule without a sudoUser

This patch solved a regression caused by the recent patches
to lowercase sudoUser -- in case sudoUser is missing completely,
we abort the processing of this rule and all others.

With this patch, we return ERR_MALFORMED_ENTRY and gracefully
skip the malformed rule instead.

Resolves:
https://fedorahosted.org/sssd/ticket/3241

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 7e23edbaa7a6bbd0b461d5792535896b6a77928b)
---
 src/db/sysdb_sudo.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index 4bd93ffc60caa1ce48b72ee207899da0c4196d61..f5160f19012028f92723b9012fad85d803aa5137 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -874,6 +874,7 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain,
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "Unable to get %s attribute [%d]: %s\n",
               SYSDB_SUDO_CACHE_AT_USER, ret, strerror(ret));
+        ret = ERR_MALFORMED_ENTRY;
         goto done;
     }
 
@@ -977,6 +978,10 @@ sysdb_sudo_store(struct sss_domain_info *domain,
             /* Multiple CNs are error on server side, we can just ignore this
              * rule and save the others. Loud debug message is in logs. */
             continue;
+        } else if (ret == ERR_MALFORMED_ENTRY) {
+            /* Attribute SYSDB_SUDO_CACHE_AT_USER is missing but we can
+             * continue with next sudoRule. */
+            continue;
         } else if (ret != EOK) {
             goto done;
         }
-- 
2.7.4