File 140513-AD-Do-not-remove-non-root-domains-when-looking-up-ro.patch of Package sssd.openSUSE_Leap_42.1_Update

From 1f5eca38ab43953aacb89a4f6dc4c550a0baef9b Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 13 May 2014 15:18:07 +0200
Subject: [PATCH] AD: Do not remove non-root domains when looking up root
 domain

https://fedorahosted.org/sssd/ticket/2322

When the AD subdomains code looked up the root domain subsequently
(after the domain list was already populated), the non-root domains
might have been removed along with their respective tasks, because the
root domain lookup only ever matched a single root domain.

This could cause havoc especially during login when different lookups
for different domains might be going on during user group refresh.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 66e1502f956ee71de6cd51c37f7752f8aa14f5f5)


diff -rupN sssd-1.11.5.1-original/src/providers/ad/ad_subdomains.c sssd-1.11.5.1-patched/src/providers/ad/ad_subdomains.c
--- sssd-1.11.5.1-original/src/providers/ad/ad_subdomains.c	2017-01-30 16:30:54.741786045 +0100
+++ sssd-1.11.5.1-patched/src/providers/ad/ad_subdomains.c	2017-01-30 16:31:08.893963715 +0100
@@ -325,13 +325,15 @@ done:
 }
 
 static errno_t ad_subdomains_refresh(struct ad_subdomains_ctx *ctx,
-                                     int count, struct sysdb_attrs **reply,
+                                     int count, bool root_domain,
+                                     struct sysdb_attrs **reply,
                                      bool *changes)
 {
     struct sdap_domain *sdom;
     struct sss_domain_info *domain, *dom;
     bool handled[count];
     const char *value;
+    const char *root_name = NULL;
     int c, h;
     int ret;
     bool enumerate;
@@ -340,10 +342,27 @@ static errno_t ad_subdomains_refresh(str
     memset(handled, 0, sizeof(bool) * count);
     h = 0;
 
+    if (root_domain) {
+        ret = sysdb_attrs_get_string(reply[0], AD_AT_TRUST_PARTNER,
+                                     &root_name);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
+            goto done;
+        }
+    }
+
     /* check existing subdomains */
     for (dom = get_next_domain(domain, true);
          dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
          dom = get_next_domain(dom, false)) {
+
+        /* If we are handling root domain, skip all the other domains. We don't
+         * want to accidentally remove non-root domains
+         */
+        if (root_name && strcmp(root_name, dom->name) != 0) {
+            continue;
+        }
+
         for (c = 0; c < count; c++) {
             if (handled[c]) {
                 continue;
@@ -720,7 +739,7 @@ static void ad_subdomains_get_root_domai
         goto fail;
     }
 
-    ret = ad_subdomains_refresh(ctx->sd_ctx, 1, reply, &has_changes);
+    ret = ad_subdomains_refresh(ctx->sd_ctx, 1, true, reply, &has_changes);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("ad_subdomains_refresh failed.\n"));
         goto fail;
@@ -1014,7 +1033,7 @@ static void ad_subdomains_get_slave_doma
     }
 
     /* Got all the subdomains, let's process them */
-    ret = ad_subdomains_refresh(ctx->sd_ctx, nsubdoms, subdoms,
+    ret = ad_subdomains_refresh(ctx->sd_ctx, nsubdoms, false, subdoms,
                                 &refresh_has_changes);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("Failed to refresh subdomains.\n"));