diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-17 17:11:34 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-23 23:08:50 +0200 |
commit | 42bd89dbe77846b6ee60365bba50da521745bca1 (patch) | |
tree | e227ad3ebdf6d958e9a3878fbcff3d521637aee3 /src/providers/ipa/ipa_id.h | |
parent | bc58e1cfee742178f95922d964349d6c262f6df7 (diff) | |
download | sssd-42bd89dbe77846b6ee60365bba50da521745bca1.tar.gz sssd-42bd89dbe77846b6ee60365bba50da521745bca1.tar.xz sssd-42bd89dbe77846b6ee60365bba50da521745bca1.zip |
IPA: Retry fetching keytab if IPA user lookup fails
Required for:
https://fedorahosted.org/sssd/ticket/2639
Instead of calling ipa_get_ad_acct_send directly, call a new request
ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and
either tries to request a new keytab every time the lookup fails but the
domain is online.
be_mark_dom_offline() is called when the retry fails with the new code.
The retry tries to re-setup the trusted domain. With two-way setups, the
request is a no-op. With one-way trust setups, the request re-fetches
new keytab unconditionally.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_id.h')
-rw-r--r-- | src/providers/ipa/ipa_id.h | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index c03ca037a..91a941153 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -70,15 +70,6 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, struct be_acct_req *ar); int ipa_get_subdom_acct_recv(struct tevent_req *req, int *dp_error_out); -struct tevent_req *ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct ipa_id_ctx *ipa_ctx, - struct be_req *be_req, - struct sysdb_attrs *override_attrs, - struct be_acct_req *ar); - -errno_t ipa_get_ad_acct_recv(struct tevent_req *req, int *dp_error_out); - errno_t get_be_acct_req_for_sid(TALLOC_CTX *mem_ctx, const char *sid, const char *domain_name, struct be_acct_req **_ar); |