Resolves: upstream#3660 - confdb_expand_app_domains() always fails

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

0003-CONFDB-Start-a-ldb-transaction-from-sss_ldb_modify_p.patch

@@ -0,0 +1,94 @@
+From d38421b5beb91de9213203bee87a3717952f52bc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Wed, 14 Mar 2018 22:55:21 +0100
+Subject: [PATCH 03/15] CONFDB: Start a ldb transaction from
+ sss_ldb_modify_permissive()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The reason why confdb_expand_app_domains() always fails is because we
+try to do a ldb_request() without starting a ldb transaction.
+
+When we're dealing with ldb_modify(), ldb_add(), ldb_delete() kind of
+messages, those call ldb_autotransaction_request() which will start a
+new transaction and treat it properly when doing the ldb_request(). In
+our case that we're calling ldb_request() by our own, we must ensure
+that the transaction is started and properly deal with it._
+
+It's never been noticed because in the only place the function is used
+its errors are ignored.
+
+Resolves:
+https://pagure.io/SSSD/sssd/issue/3660
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+
+Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
+---
+ src/db/sysdb_ops.c | 39 ++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 38 insertions(+), 1 deletion(-)
+
+diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
+index 15915101e..cc86a114e 100644
+--- a/src/db/sysdb_ops.c
++++ b/src/db/sysdb_ops.c
+@@ -66,7 +66,9 @@ int sss_ldb_modify_permissive(struct ldb_context *ldb,
+                               struct ldb_message *msg)
+ {
+     struct ldb_request *req;
+-    int ret = EOK;
++    int ret;
++    int cancel_ret;
++    bool in_transaction = false;
+ 
+     ret = ldb_build_mod_req(&req, ldb, ldb,
+                             msg,
+@@ -84,9 +86,44 @@ int sss_ldb_modify_permissive(struct ldb_context *ldb,
+         return ret;
+     }
+ 
++    ret = ldb_transaction_start(ldb);
++    if (ret != LDB_SUCCESS) {
++        DEBUG(SSSDBG_CRIT_FAILURE,
++              "Failed to start ldb transaction [%d]: %s\n",
++              ret, sss_strerror(ret));
++        goto done;
++    }
++
++    in_transaction = true;
++
+     ret = ldb_request(ldb, req);
+     if (ret == LDB_SUCCESS) {
+         ret = ldb_wait(req->handle, LDB_WAIT_ALL);
++        if (ret != LDB_SUCCESS) {
++            goto done;
++        }
++    }
++
++    ret = ldb_transaction_commit(ldb);
++    if (ret != LDB_SUCCESS) {
++        DEBUG(SSSDBG_CRIT_FAILURE,
++              "Failed to commit ldb transaction [%d]: %s\n",
++              ret, sss_strerror(ret));
++        goto done;
++    }
++
++    in_transaction = false;
++
++    ret = LDB_SUCCESS;
++
++done:
++    if (in_transaction) {
++        cancel_ret = ldb_transaction_cancel(ldb);
++        if (cancel_ret != LDB_SUCCESS) {
++            DEBUG(SSSDBG_CRIT_FAILURE,
++                  "Failed to cancel ldb transaction [%d]: %s\n",
++                  cancel_ret, sss_strerror(cancel_ret));
++        }
+     }
+ 
+     talloc_free(req);
+-- 
+2.14.3
+

sssd.spec

@@ -44,6 +44,7 @@ Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
 ### Patches ###
 Patch0001: 0001-IPA-Handle-empty-nisDomainName.patch
 Patch0002: 0002-intg-enhance-netgroups-test.patch
+Patch0003: 0003-CONFDB-Start-a-ldb-transaction-from-sss_ldb_modify_p.patch
 
 Patch0502: 0502-SYSTEMD-Use-capabilities.patch
 Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
@@ -1247,6 +1248,7 @@ fi
 %changelog
 * Fri Mar 30 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-2
 - Resolves: upstream#3573 - sssd won't show netgroups with blank domain
+- Resolves: upstream#3660 - confdb_expand_app_domains() always fails
 
 * Fri Mar  9 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-1
 - New upstream release 1.16.1