Do not lookup up the domain too early if only the SID is known

Request with a SID as input parameter do not contain the domain name,
hence is must be tried to resolve the SID first before the corresponding
domain can be looked up.

https://fedorahosted.org/freeipa/ticket/3596

1 files changed, 13 insertions, 3 deletions

diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
index 660ed04c2..e532807aa 100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
@@ -332,10 +332,13 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct extdom_req *req,
     enum idmap_error_code err;
     char *sid_str;
 
-    ret = get_domain_info(ctx, req->data.name.domain_name, &domain_info);
-    if (ret != 0) {
-        return LDAP_OPERATIONS_ERROR;
+    if (req->input_type != INP_SID) {
+        ret = get_domain_info(ctx, req->data.name.domain_name, &domain_info);
+        if (ret != 0) {
+            return LDAP_OPERATIONS_ERROR;
+        }
     }
+
     if (req->input_type == INP_POSIX_UID || req->input_type == INP_POSIX_GID) {
         if (req->input_type == INP_POSIX_UID) {
             id = req->data.posix_uid.uid;
@@ -374,6 +377,13 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct extdom_req *req,
                 goto done;
             }
 
+            if (req->input_type == INP_SID) {
+                ret = get_domain_info(ctx, domain_name, &domain_info);
+                if (ret != 0) {
+                    return LDAP_OPERATIONS_ERROR;
+                }
+            }
+
             ret = create_response(req, domain_info, domain_name, name, &sid,
                                   name_type, res);
             if (ret != 0) {