From 6c7e10cfa53c3bb1e80a7e440a44428992e973b1 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 19 Aug 2014 19:27:23 +0200
Subject: Revert "IPA: process non-posix nested groups"

This reverts commit 4417c874595600cd93e12822fab54aa5753df74a.
---
 src/providers/ldap/sdap_async_initgroups.c | 75 ++----------------------------
 1 file changed, 3 insertions(+), 72 deletions(-)

diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 6c10c4ce7..712811f83 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -709,7 +709,6 @@ struct sdap_initgr_nested_state {
 
     struct ldb_message_element *memberof;
     char *filter;
-    char *np_grp_filter;
     char **group_dns;
     int cur;
 
@@ -717,11 +716,6 @@ struct sdap_initgr_nested_state {
 
     struct sysdb_attrs **groups;
     int groups_cur;
-    /* state of resolving group:
-     *  try_as_non_posix => suppose the group is a non-posix group
-     * !try_as_non_posix => suppose the group is a posix group
-     */
-    bool try_as_non_posix;
 };
 
 static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req);
@@ -751,10 +745,6 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
     state->dom = dom;
     state->sh = sh;
     state->grp_attrs = grp_attrs;
-    state->np_grp_attrs = np_grp_attrs;
-    /* initially suppose that group is posix group */
-    state->try_as_non_posix = false;
-
     state->user = user;
     state->op = NULL;
 
@@ -840,15 +830,6 @@ static errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req)
         return ENOMEM;
     }
 
-    state->np_grp_filter = talloc_asprintf(
-        state,"(&(objectclass=%s)(%s=*))",
-        state->opts->np_group_map[SDAP_OC_NP_GROUP].name,
-        state->opts->np_group_map[SDAP_AT_NP_GROUP_NAME].name);
-
-    if (state->np_grp_filter == NULL) {
-        return ENOMEM;
-    }
-
     subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
                                    state->group_dns[state->cur],
                                    LDAP_SCOPE_BASE,
@@ -979,56 +960,9 @@ static void sdap_initgr_nested_search(struct tevent_req *subreq)
                                                         groups[0]);
         state->groups_cur++;
     } else {
-        if (count > 1) {
-            /* Got more than 1 result which is wrong! */
-            DEBUG(SSSDBG_OP_FAILURE,
-                  "Search for group %s, returned %zu results - "
-                  "expecting only 1. Skipping\n",
-                  state->group_dns[state->cur], count);
-
-        } else {
-            /* (count == 0) => failed to resolve group */
-            if (state->try_as_non_posix) {
-                /* Group was tried to be resolved as both posix and non-posix
-                 * group but both attempts failed. Succumb on this one and try
-                 * to continue with another group.
-                 */
-                DEBUG(SSSDBG_MINOR_FAILURE,
-                      "Group %s, failed to be resolved as posix or non-posix "
-                      "group. Skipping\n.",
-                      state->group_dns[state->cur]);
-            } else {
-                /* Getting group as posix group failed, try to get the group as
-                 * non-posix one instead.
-                 */
-                state->try_as_non_posix = true;
-
-                DEBUG(SSSDBG_TRACE_FUNC,
-                      "The group %s failed to be resolved as posix. "
-                      "Trying to get it as non-posix\n",
-                      state->group_dns[state->cur]);
-
-                subreq = sdap_get_generic_send(state, state->ev,
-                                               state->opts, state->sh,
-                                               state->group_dns[state->cur],
-                                               LDAP_SCOPE_BASE,
-                                               state->np_grp_filter,
-                                               state->np_grp_attrs,
-                                               state->opts->np_group_map,
-                                               SDAP_OPTS_NP_GROUP,
-                                               dp_opt_get_int(
-                                                   state->opts->basic,
-                                                   SDAP_SEARCH_TIMEOUT),
-                                               false);
-                if (!subreq) {
-                    tevent_req_error(req, ENOMEM);
-                    return;
-                }
-                tevent_req_set_callback(subreq,
-                                        sdap_initgr_nested_search, req);
-                return;
-            }
-        }
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Search for group %s, returned %zu results. Skipping\n",
+               state->group_dns[state->cur], count);
     }
 
     state->cur++;
@@ -1036,8 +970,6 @@ static void sdap_initgr_nested_search(struct tevent_req *subreq)
      * memberOf which might not be only groups, but permissions, etc.
      * Use state->groups_cur for group index cap */
     if (state->cur < state->memberof->num_values) {
-        /* first try to resolve group as posix group */
-        state->try_as_non_posix = false;
         subreq = sdap_get_generic_send(state, state->ev,
                                        state->opts, state->sh,
                                        state->group_dns[state->cur],
@@ -2721,7 +2653,6 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
     state->conn = conn;
     state->name = name;
     state->grp_attrs = grp_attrs;
-    state->np_grp_attrs = np_grp_attrs;
     state->orig_user = NULL;
     state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
     state->user_base_iter = 0;
-- 
cgit