From e5c74ab068d87b598d1090c83f1c4d9e47939c83 Mon Sep 17 00:00:00 2001
From: Fabiano Fidêncio <fidencio@redhat.com>
Date: Mar 26 2018 18:55:04 +0000
Subject: CONFDB: Start a ldb transaction from sss_ldb_modify_permissive()


The reason why confdb_expand_app_domains() always fails is because we
try to do a ldb_request() without starting a ldb transaction.

When we're dealing with ldb_modify(), ldb_add(), ldb_delete() kind of
messages, those call ldb_autotransaction_request() which will start a
new transaction and treat it properly when doing the ldb_request(). In
our case that we're calling ldb_request() by our own, we must ensure
that the transaction is started and properly deal with it._

It's never been noticed because in the only place the function is used
its errors are ignored.

Resolves:
https://pagure.io/SSSD/sssd/issue/3660

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

---

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 1591510..cc86a11 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -66,7 +66,9 @@ int sss_ldb_modify_permissive(struct ldb_context *ldb,
                               struct ldb_message *msg)
 {
     struct ldb_request *req;
-    int ret = EOK;
+    int ret;
+    int cancel_ret;
+    bool in_transaction = false;
 
     ret = ldb_build_mod_req(&req, ldb, ldb,
                             msg,
@@ -84,9 +86,44 @@ int sss_ldb_modify_permissive(struct ldb_context *ldb,
         return ret;
     }
 
+    ret = ldb_transaction_start(ldb);
+    if (ret != LDB_SUCCESS) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Failed to start ldb transaction [%d]: %s\n",
+              ret, sss_strerror(ret));
+        goto done;
+    }
+
+    in_transaction = true;
+
     ret = ldb_request(ldb, req);
     if (ret == LDB_SUCCESS) {
         ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+        if (ret != LDB_SUCCESS) {
+            goto done;
+        }
+    }
+
+    ret = ldb_transaction_commit(ldb);
+    if (ret != LDB_SUCCESS) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Failed to commit ldb transaction [%d]: %s\n",
+              ret, sss_strerror(ret));
+        goto done;
+    }
+
+    in_transaction = false;
+
+    ret = LDB_SUCCESS;
+
+done:
+    if (in_transaction) {
+        cancel_ret = ldb_transaction_cancel(ldb);
+        if (cancel_ret != LDB_SUCCESS) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "Failed to cancel ldb transaction [%d]: %s\n",
+                  cancel_ret, sss_strerror(cancel_ret));
+        }
     }
 
     talloc_free(req);