Replace SDAP_ID_MAPPING checks with sdap_idmap_domain_has_algorithmic_mapping

Currently the decision if external or algorithmic mapping should be used
in the LDAP or AD provider was based on the value of the ldap_id_mapping
config option. Since now all information about ID mapping is handled by
libsss_idmap the check for this options can be replace with a call which
checks the state via libss_idmap.

https://fedorahosted.org/sssd/ticket/1961

5 files changed, 38 insertions, 14 deletions

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index d76a81a3e..addb2f3cb 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -79,6 +79,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
     uid_t uid;
     enum idmap_error_code err;
     char *sid;
+    bool use_id_mapping;
 
     req = tevent_req_create(memctx, &state, struct users_get_state);
     if (!req) return NULL;
@@ -102,6 +103,9 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
     state->name = name;
     state->filter_type = filter_type;
 
+    use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
+                                                          ctx->opts->idmap_ctx,
+                                                          sdom->dom->domain_id);
     switch (filter_type) {
     case BE_FILTER_NAME:
         attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name;
@@ -111,7 +115,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
         }
         break;
     case BE_FILTER_IDNUM:
-        if (dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING)) {
+        if (use_id_mapping) {
             /* If we're ID-mapping, we need to use the objectSID
              * in the search filter.
              */
@@ -416,7 +420,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
     gid_t gid;
     enum idmap_error_code err;
     char *sid;
-    bool use_id_mapping = dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING);
+    bool use_id_mapping;
     const char *member_filter[2];
 
     req = tevent_req_create(memctx, &state, struct groups_get_state);
@@ -441,6 +445,10 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
     state->name = name;
     state->filter_type = filter_type;
 
+    use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
+                                                          ctx->opts->idmap_ctx,
+                                                          sdom->dom->domain_id);
+
     switch(filter_type) {
     case BE_FILTER_NAME:
         attr_name = ctx->opts->group_map[SDAP_AT_GROUP_NAME].name;
@@ -451,7 +459,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
         }
         break;
     case BE_FILTER_IDNUM:
-        if (dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING)) {
+        if (use_id_mapping) {
             /* If we're ID-mapping, we need to use the objectSID
              * in the search filter.
              */
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index 719b13010..06d6e8772 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -30,6 +30,7 @@
 #include "db/sysdb.h"
 #include "providers/ldap/ldap_common.h"
 #include "providers/ldap/sdap_async.h"
+#include "providers/ldap/sdap_idmap.h"
 
 extern struct tevent_req *ldap_id_cleanup_send(TALLOC_CTX *memctx,
                                                struct tevent_context *ev,
@@ -498,7 +499,9 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
     state->ctx = ctx;
     state->op = op;
 
-    use_mapping = dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING);
+    use_mapping = sdap_idmap_domain_has_algorithmic_mapping(
+                                                          ctx->opts->idmap_ctx,
+                                                          sdom->dom->domain_id);
 
     /* We always want to filter on objectclass and an available name */
     state->filter = talloc_asprintf(state,
@@ -663,7 +666,9 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
     state->ctx = ctx;
     state->op = op;
 
-    use_mapping = dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING);
+    use_mapping = sdap_idmap_domain_has_algorithmic_mapping(
+                                                          ctx->opts->idmap_ctx,
+                                                          sdom->dom->domain_id);
 
     /* We always want to filter on objectclass and an available name */
     state->filter = talloc_asprintf(state,
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 04ce2f9fb..c3b5914a6 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -435,7 +435,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     char *usn_value = NULL;
     TALLOC_CTX *tmpctx = NULL;
     bool posix_group;
-    bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING);
+    bool use_id_mapping;
     char *sid_str;
 
     tmpctx = talloc_new(NULL);
@@ -480,6 +480,8 @@ static int sdap_save_group(TALLOC_CTX *memctx,
         sid_str = NULL;
     }
 
+    use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx,
+                                                               sid_str);
     if (use_id_mapping) {
         posix_group = true;
 
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 7678c7b36..4c379fdfd 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -49,7 +49,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
     bool posix;
     time_t now;
     char *sid_str;
-    bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING);
+    bool use_id_mapping;
 
     /* There are no groups in LDAP but we should add user to groups ?? */
     if (ldap_groups_count == 0) return EOK;
@@ -89,6 +89,9 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
         goto done;
     }
 
+    use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx,
+                                                             domain->domain_id);
+
     ret = sysdb_transaction_start(sysdb);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -2522,6 +2525,8 @@ struct sdap_get_initgr_state {
 
     size_t user_base_iter;
     struct sdap_search_base **user_search_bases;
+
+    bool use_id_mapping;
 };
 
 static errno_t sdap_get_initgr_next_base(struct tevent_req *req);
@@ -2590,6 +2595,10 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
         return NULL;
     }
 
+    state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
+                                                         state->opts->idmap_ctx,
+                                                         state->dom->domain_id);
+
     ret = sdap_get_initgr_next_base(req);
 
 done:
@@ -2649,8 +2658,6 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
     const char *orig_dn;
     const char *cname;
     bool in_transaction = false;
-    bool use_id_mapping =
-            dp_opt_get_bool(state->opts->basic, SDAP_ID_MAPPING);
 
     DEBUG(9, ("Receiving info for the user\n"));
 
@@ -2753,7 +2760,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
             return;
         }
 
-        if (use_id_mapping
+        if (state->use_id_mapping
                 && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) {
             /* Take advantage of AD's tokenGroups mechanism to look up all
              * parent groups in a single request.
@@ -2835,7 +2842,6 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
     char *dom_sid_str;
     char *group_sid_str;
     struct sdap_options *opts = state->opts;
-    bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING);
 
     DEBUG(9, ("Initgroups done\n"));
 
@@ -2852,7 +2858,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
 
     case SDAP_SCHEMA_RFC2307BIS:
     case SDAP_SCHEMA_AD:
-        if (use_id_mapping
+        if (state->use_id_mapping
                 && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) {
             ret = sdap_get_ad_tokengroups_initgroups_recv(subreq);
         }
@@ -2886,7 +2892,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
      * the user may not be an explicit member of that group
      */
 
-    if (use_id_mapping) {
+    if (state->use_id_mapping) {
         DEBUG(SSSDBG_TRACE_LIBS,
               ("Mapping primary group to unix ID\n"));
 
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index a368965f6..b3a5c3de8 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -122,7 +122,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
     char *usn_value = NULL;
     char **missing = NULL;
     TALLOC_CTX *tmpctx = NULL;
-    bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING);
+    bool use_id_mapping;
     char *sid_str;
     char *dom_sid_str = NULL;
 
@@ -216,6 +216,9 @@ int sdap_save_user(TALLOC_CTX *memctx,
     }
 
 
+    use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx,
+                                                               sid_str);
+
     /* Retrieve or map the UID as appropriate */
     if (use_id_mapping) {