From 0d628f98500a0fd642ba0c720c40393460988f73 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 20 Mar 2015 18:41:52 +0100
Subject: [PATCH 37/99] GPO: error out instead of leaving array element
 uninitialized

In general every object created by the AD provider should have a SID
attribute. Since SIDs and GPOs are used for access control a missing SID
should be treated as error for now until it is known if there is a valid
reason why the SID is missing.

Resolves https://fedorahosted.org/sssd/ticket/2608

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 4cfab2330323834574c179f774a0c6b1fff4936e)
---
 src/providers/ad/ad_gpo.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index c45b7963e221ae30e0c003762e4a8320449cd211..69ff6daaa7e060cca4cab129ecde83d3406702d1 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -581,7 +581,10 @@ ad_gpo_get_sids(TALLOC_CTX *mem_ctx,
         group_sid = ldb_msg_find_attr_as_string(res->msgs[i+1],
                                                 SYSDB_SID_STR, NULL);
         if (group_sid == NULL) {
-            continue;
+            DEBUG(SSSDBG_CRIT_FAILURE, "Missing SID for cache entry [%s].\n",
+                  ldb_dn_get_linearized(res->msgs[i+1]->dn));
+            ret = EINVAL;
+            goto done;
         }
 
         group_sids[i] = talloc_steal(group_sids, group_sid);
-- 
2.4.0