From 81dce19792cf300950411722d16b72f8816aecb0 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 28 Aug 2018 14:47:44 +0200 Subject: [PATCH] KCM: Don't error out if creating a new ID as the first step MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need to handle the case where the nextID operation is ran, but the secdb is totally empty, otherwise logins with sssd's krb5_child would fail. Resolves: https://pagure.io/SSSD/sssd/issue/3815 Reviewed-by: Michal Židek --- src/responder/kcm/kcmsrv_ccache_secdb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c index 0f1c037..a61d7b1 100644 --- a/src/responder/kcm/kcmsrv_ccache_secdb.c +++ b/src/responder/kcm/kcmsrv_ccache_secdb.c @@ -595,7 +595,10 @@ static struct tevent_req *ccdb_secdb_nextid_send(TALLOC_CTX *mem_ctx, } ret = sss_sec_list(state, sreq, &keys, &nkeys); - if (ret != EOK) { + if (ret == ENOENT) { + keys = NULL; + nkeys = 0; + } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot list keys [%d]: %s\n", ret, sss_strerror(ret)); -- 2.9.5