From 4b59b0af3d97b2a6b0acc08fa80377a5f59e5bfe Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 8 Oct 2021 12:44:37 +0200
Subject: [PATCH 78/83] ad: require name when looking up root domain
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

To properly identify the forest root domain the name of this domain is
needed. It is discovered with a cldap-ping requesting the netlogon
attribute. If the name is missing it does not make sense to proceed
further because there is currently no other way to determine the forest
root domain.

Resolves: https://github.com/SSSD/sssd/issues/5820

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit b37e2713a9b86936f5b82a17e47757562900b911)

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
 src/providers/ad/ad_subdomains.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 6b98cdf1d..5be7c2003 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -1431,7 +1431,12 @@ ad_get_root_domain_send(TALLOC_CTX *mem_ctx,
         return NULL;
     }
 
-    if (forest != NULL && strcasecmp(domain, forest) == 0) {
+    if (forest == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "Name of forest root domain not available, l"
+                                 "using cached data, if available.\n");
+        ret = EINVAL;
+        goto immediately;
+    } else if (strcasecmp(domain, forest) == 0) {
         state->root_id_ctx = sd_ctx->ad_id_ctx;
         state->root_domain_attrs = NULL;
         ret = EOK;
-- 
2.26.3