From 0b3f10fbb2f342577029eed8900713029acd3948 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Mon, 13 Sep 2010 11:42:36 -0400
Subject: [PATCH 1/2] Initgroups on a non-cached user should go to the data provider

We were accidentally returning an error when sysdb_getpwnam()
returned zero results internally in sysdb_initgroups(). The
correct behavior here is to return EOK and a result object with
zero entries.

https://fedorahosted.org/sssd/ticket/620
---
 src/db/sysdb_ops.c             |    5 +++--
 src/db/sysdb_search.c          |   12 +++++++++++-
 src/responder/nss/nsssrv_cmd.c |    3 ++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 017f8ebce9fefa4a747bf502c8c7f6ba61193ff8..3d660710b96b66c350625fae0b96b2917457ae16 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -1039,6 +1039,7 @@ int sysdb_mod_group_member(TALLOC_CTX *mem_ctx,
     }
 
     ret = ldb_modify(ctx->ldb, msg);
+
     ret = sysdb_error_to_errno(ret);
 
 fail:
@@ -2227,7 +2228,7 @@ errno_t sysdb_update_members(struct sysdb_ctx *sysdb,
                                          add_groups[i], user);
             if (ret != EOK) {
                 DEBUG(1, ("Could not add user [%s] to group [%s]. "
-                          "Skipping.\n"));
+                          "Skipping.\n", user, add_groups[i]));
                 /* Continue on, we should try to finish the rest */
             }
         }
@@ -2240,7 +2241,7 @@ errno_t sysdb_update_members(struct sysdb_ctx *sysdb,
                                             del_groups[i], user);
             if (ret != EOK) {
                 DEBUG(1, ("Could not remove user [%s] from group [%s]. "
-                          "Skipping\n"));
+                          "Skipping\n", user, del_groups[i]));
                 /* Continue on, we should try to finish the rest */
             }
         }
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index 6029b99d810835d874d69bc5a60cad6529ce93e1..a24ea5b17103e1d190ec0a6d764fe378ed5b31af 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -383,10 +383,20 @@ int sysdb_initgroups(TALLOC_CTX *mem_ctx,
 
     ret = sysdb_getpwnam(tmpctx, ctx, domain, name, &res);
     if (ret != EOK) {
+        DEBUG(1, ("sysdb_getpwnam failed: [%d][%s]\n",
+                  ret, strerror(ret)));
         goto done;
     }
-    if (res->count != 1) {
+
+    if (res->count == 0) {
+        /* User is not cached yet */
+        *_res = talloc_steal(mem_ctx, res);
+        ret = EOK;
+        goto done;
+
+    } else if (res->count != 1) {
         ret = EIO;
+        DEBUG(1, ("sysdb_getpwnam returned count: [%d]\n", res->count));
         goto done;
     }
 
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 6df705fb6354dca0fe48c098264a6270d6160321..c3f35e13a48c9c00be9a6e5bde7968445c37e67f 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -2895,7 +2895,8 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
 
         ret = sysdb_initgroups(cmdctx, sysdb, dom, name, &dctx->res);
         if (ret != EOK) {
-            DEBUG(1, ("Failed to make request to our cache!\n"));
+            DEBUG(1, ("Failed to make request to our cache! [%d][%s]\n",
+                      ret, strerror(ret)));
             return EIO;
         }
 
-- 
1.7.2.2