From ee7e72a65d323636600ffda271d5b5c4ddbc78b1 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Jun 01 2017 14:49:59 +0000
Subject: sysdb: sysdb_get_certmap() allow empty certmap


Since sysdb_get_certmap() returns the user name hint information as well
it should return a result even if there are no certmaps.

Related to https://pagure.io/SSSD/sssd/issue/3395

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

---

diff --git a/src/db/sysdb_certmap.c b/src/db/sysdb_certmap.c
index 4917796..2d89c08 100644
--- a/src/db/sysdb_certmap.c
+++ b/src/db/sysdb_certmap.c
@@ -269,7 +269,7 @@ errno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
     size_t d;
     struct ldb_dn *container_dn = NULL;
     int ret;
-    struct certmap_info **maps;
+    struct certmap_info **maps = NULL;
     TALLOC_CTX *tmp_ctx = NULL;
     struct ldb_result *res;
     const char *tmp_str;
@@ -320,7 +320,7 @@ errno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
 
     if (res->count == 0) {
         DEBUG(SSSDBG_TRACE_FUNC, "No certificate maps found.\n");
-        ret = ENOENT;
+        ret = EOK;
         goto done;
     }
 
@@ -377,7 +377,7 @@ errno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
                                                SYSDB_CERTMAP_PRIORITY,
                                                (uint64_t) -1);
         if (tmp_uint != (uint64_t) -1) {
-            if (tmp_uint >= UINT32_MAX) {
+            if (tmp_uint > UINT32_MAX) {
                 DEBUG(SSSDBG_OP_FAILURE, "Priority value [%lu] too large.\n",
                                          (unsigned long) tmp_uint);
                 ret = EINVAL;
@@ -414,11 +414,14 @@ errno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
         }
     }
 
-    *certmaps = talloc_steal(mem_ctx, maps);
-    *user_name_hint = hint;
     ret = EOK;
 
 done:
+    if (ret == EOK) {
+        *certmaps = talloc_steal(mem_ctx, maps);
+        *user_name_hint = hint;
+    }
+
     talloc_free(tmp_ctx);
 
     return ret;
diff --git a/src/tests/cmocka/test_sysdb_certmap.c b/src/tests/cmocka/test_sysdb_certmap.c
index fb07165..72edf5f 100644
--- a/src/tests/cmocka/test_sysdb_certmap.c
+++ b/src/tests/cmocka/test_sysdb_certmap.c
@@ -88,8 +88,8 @@ static void test_sysdb_get_certmap_not_exists(void **state)
 
     ret = sysdb_get_certmap(ctctx, ctctx->tctx->sysdb, &certmap,
                             &user_name_hint);
-    assert_int_equal(ret, ENOENT);
-
+    assert_int_equal(ret, EOK);
+    assert_null(certmap);
 }
 
 static void check_certmap(struct certmap_info *m, struct certmap_info *r,
@@ -134,7 +134,7 @@ static void test_sysdb_update_certmap(void **state)
     int ret;
     const char *domains[] = { "dom1.test", "dom2.test", "dom3.test", NULL };
     struct certmap_info map_a = { discard_const("map_a"), 11, discard_const("abc"), discard_const("def"), NULL };
-    struct certmap_info map_b = { discard_const("map_b"), 22, discard_const("abc"), NULL, domains };
+    struct certmap_info map_b = { discard_const("map_b"), UINT_MAX, discard_const("abc"), NULL, domains };
     struct certmap_info *certmap_empty[] = { NULL };
     struct certmap_info *certmap_a[] = { &map_a, NULL };
     struct certmap_info *certmap_b[] = { &map_b, NULL };
@@ -152,7 +152,8 @@ static void test_sysdb_update_certmap(void **state)
 
     ret = sysdb_get_certmap(ctctx, ctctx->tctx->sysdb, &certmap,
                             &user_name_hint);
-    assert_int_equal(ret, ENOENT);
+    assert_int_equal(ret, EOK);
+    assert_null(certmap);
 
     ret = sysdb_update_certmap(ctctx->tctx->sysdb, certmap_a, false);
     assert_int_equal(ret, EOK);