From 4b59b0af3d97b2a6b0acc08fa80377a5f59e5bfe Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 8 Oct 2021 12:44:37 +0200 Subject: [PATCH 78/83] ad: require name when looking up root domain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To properly identify the forest root domain the name of this domain is needed. It is discovered with a cldap-ping requesting the netlogon attribute. If the name is missing it does not make sense to proceed further because there is currently no other way to determine the forest root domain. Resolves: https://github.com/SSSD/sssd/issues/5820 Reviewed-by: Pavel Březina (cherry picked from commit b37e2713a9b86936f5b82a17e47757562900b911) Reviewed-by: Pavel Březina --- src/providers/ad/ad_subdomains.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 6b98cdf1d..5be7c2003 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -1431,7 +1431,12 @@ ad_get_root_domain_send(TALLOC_CTX *mem_ctx, return NULL; } - if (forest != NULL && strcasecmp(domain, forest) == 0) { + if (forest == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Name of forest root domain not available, l" + "using cached data, if available.\n"); + ret = EINVAL; + goto immediately; + } else if (strcasecmp(domain, forest) == 0) { state->root_id_ctx = sd_ctx->ad_id_ctx; state->root_domain_attrs = NULL; ret = EOK; -- 2.26.3