From b12e2500237f33c44807d7e5b377ec06007c7252 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Tue, 17 Jun 2014 17:16:14 +0100
Subject: LDAP: tokengroups do not work with id_provider=ldap

With plain LDAP provider we already have a sdap_handle, so it should be possible
that in the case where sdom->pvt == NULL sdap_id_op_connect_send() can be
skipped and sdap_get_ad_tokengroups_send() can be already send with the
sdap_handle passed to sdap_ad_tokengroups_initgr_mapping_send(). So we should
only fail if sdom->pvt == NULL and sh == NULL.

if find_subdomain_by_sid() failed we can check if there is only one domain in
the domain list (state->domain) and in this case continue with this domain since
the LDAP provider does not know about sub-domains and hence can only have one
configured domain.

Resolves:
https://fedorahosted.org/sssd/ticket/2345

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/util/domain_info_utils.c | 14 ++++++++++++++
 src/util/util.h              |  5 +++++
 2 files changed, 19 insertions(+)

(limited to 'src/util')

diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index a0fb7b2ab..2a8768439 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -153,6 +153,20 @@ struct sss_domain_info *find_subdomain_by_sid(struct sss_domain_info *domain,
     return NULL;
 }
 
+struct sss_domain_info*
+sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain,
+                                    const char* sid)
+{
+    /* LDAP provider doesn't know about sub-domains and hence can only
+     * have one configured domain
+     */
+    if (strcmp(domain->provider, "ldap") == 0) {
+        return domain;
+    } else {
+        return find_subdomain_by_sid(get_domains_head(domain), sid);
+    }
+}
+
 struct sss_domain_info *
 find_subdomain_by_object_name(struct sss_domain_info *domain,
                               const char *object_name)
diff --git a/src/util/util.h b/src/util/util.h
index b605f230a..52135e6b0 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -516,6 +516,11 @@ struct sss_domain_info *find_subdomain_by_name(struct sss_domain_info *domain,
                                                bool match_any);
 struct sss_domain_info *find_subdomain_by_sid(struct sss_domain_info *domain,
                                               const char *sid);
+
+struct sss_domain_info*
+sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain,
+                                    const char* sid);
+
 struct sss_domain_info *
 find_subdomain_by_object_name(struct sss_domain_info *domain,
                               const char *object_name);
-- 
cgit