From 4e758eca20f257662ea089a03b074d4bb708f499 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 6 Dec 2017 15:30:28 +0100
Subject: Always send empty search replies for unknown queries, fixes sssd sudo
 queries

---
 proxy.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/proxy.c b/proxy.c
index ad7496d..0eba792 100644
--- a/proxy.c
+++ b/proxy.c
@@ -854,6 +854,7 @@ static BOOL proxy_clientSearchRequest(epoll_client_t *client, const unsigned lon
 		}
 		const BOOL ret = proxy_localSearchRequest(client, messageId, &req);
 		free_ldapsearchrequest(&req);
+		plog(DEBUG_TRACE, "[Client] Result: %d\n", (int)ret);
 		return ret;
 	}
 	// Forward
@@ -1131,13 +1132,13 @@ static BOOL proxy_localSearchRequest(epoll_client_t *client, const unsigned long
 		} else {
 			plog(DEBUG_VERBOSE, "[Proxy] Sending empty posixGroup search result to client.");
 		}
-		const size_t doneLen = fmt_ldapsearchresultdone(NULL, success, "", "", "");
-		const size_t doneHeaderLen = fmt_ldapmessage(NULL, messageId, SearchResultDone, doneLen);
-		char buffer[doneLen + doneHeaderLen];
-		fmt_ldapsearchresultdone(buffer + doneHeaderLen, success, "", "", "");
-		fmt_ldapmessage(buffer, messageId, SearchResultDone, doneLen);
-		return client_send(client, buffer, doneHeaderLen + doneLen, FALSE);
 	}
-	return FALSE;
+	// Always send SearchResultDone here, so if we have no match above it results in
+	// an empty reply.
+	const size_t doneLen = fmt_ldapsearchresultdone(NULL, success, "", "", "");
+	const size_t doneHeaderLen = fmt_ldapmessage(NULL, messageId, SearchResultDone, doneLen);
+	char buffer[doneLen + doneHeaderLen];
+	fmt_ldapsearchresultdone(buffer + doneHeaderLen, success, "", "", "");
+	fmt_ldapmessage(buffer, messageId, SearchResultDone, doneLen);
+	return client_send(client, buffer, doneHeaderLen + doneLen, FALSE);
 }
-
-- 
cgit v1.2.3-55-g7522