IPA: Retry fetching keytab if IPA user lookup fails

Required for:
    https://fedorahosted.org/sssd/ticket/2639

Instead of calling ipa_get_ad_acct_send directly, call a new request
ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and
either tries to request a new keytab every time the lookup fails but the
domain is online.

be_mark_dom_offline() is called when the retry fails with the new code.

The retry tries to re-setup the trusted domain. With two-way setups, the
request is a no-op. With one-way trust setups, the request re-fetches
new keytab unconditionally.

Reviewed-by: Sumit Bose <sbose@redhat.com>

1 files changed, 0 insertions, 9 deletions

diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h
index c03ca037a..91a941153 100644
--- a/src/providers/ipa/ipa_id.h
+++ b/src/providers/ipa/ipa_id.h
@@ -70,15 +70,6 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx,
                                             struct be_acct_req *ar);
 int ipa_get_subdom_acct_recv(struct tevent_req *req, int *dp_error_out);
 
-struct tevent_req *ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx,
-                                        struct tevent_context *ev,
-                                        struct ipa_id_ctx *ipa_ctx,
-                                        struct be_req *be_req,
-                                        struct sysdb_attrs *override_attrs,
-                                        struct be_acct_req *ar);
-
-errno_t ipa_get_ad_acct_recv(struct tevent_req *req, int *dp_error_out);
-
 errno_t get_be_acct_req_for_sid(TALLOC_CTX *mem_ctx, const char *sid,
                                 const char *domain_name,
                                 struct be_acct_req **_ar);