From 31dd31b00ad759f256282ef0f7054e60672161ce Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 21 Aug 2013 05:15:36 +0200
Subject: IPA: enable enumeration if parent domain enumerates in server mode

https://fedorahosted.org/sssd/ticket/1963
---
 src/providers/ipa/ipa_subdomains.c | 70 +++++++++++++++++++++++++++++++-------
 1 file changed, 58 insertions(+), 12 deletions(-)

diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 8f494fc1..6a4a6b7c 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -179,6 +179,18 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
         return ret;
     }
 
+    sdom = sdap_domain_get(ad_id_ctx->sdap_id_ctx->opts, subdom);
+    if (sdom == NULL) {
+        return EFAULT;
+    }
+
+    ret = sdap_id_setup_tasks(ad_id_ctx->sdap_id_ctx,
+                              ad_id_ctx->ldap_ctx, sdom);
+    if (ret != EOK) {
+        talloc_free(ad_options);
+        return ret;
+    }
+
     /* Set up the ID mapping object */
     ad_id_ctx->sdap_id_ctx->opts->idmap_ctx =
         id_ctx->sdap_id_ctx->opts->idmap_ctx;
@@ -259,6 +271,7 @@ ipa_ad_subdom_remove(struct ipa_subdomains_ctx *ctx,
                      struct sss_domain_info *subdom)
 {
     struct ipa_ad_server_ctx *iter;
+    struct sdap_domain *sdom;
 
     if (dp_opt_get_bool(ctx->id_ctx->ipa_options->basic,
                         IPA_SERVER_MODE) == false) {
@@ -277,6 +290,10 @@ ipa_ad_subdom_remove(struct ipa_subdomains_ctx *ctx,
 
     sdap_domain_remove(iter->ad_id_ctx->sdap_id_ctx->opts, subdom);
     DLIST_REMOVE(ctx->id_ctx->server_mode->trusts, iter);
+
+    sdom = sdap_domain_get(iter->ad_id_ctx->sdap_id_ctx->opts, subdom);
+    if (sdom == NULL) return;
+    be_ptask_destroy(&sdom->enum_task);
 }
 
 const char *get_flat_name_from_subdomain_name(struct be_ctx *be_ctx,
@@ -419,9 +436,27 @@ done:
     return ret;
 }
 
-static errno_t ipa_subdom_store(struct sss_domain_info *domain,
+static errno_t ipa_subdom_enumerates(struct sss_domain_info *parent,
+                                     struct sysdb_attrs *attrs,
+                                     bool *_enumerates)
+{
+    errno_t ret;
+    const char *name;
+
+    ret = sysdb_attrs_get_string(attrs, IPA_CN, &name);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
+        return ret;
+    }
+
+    *_enumerates = subdomain_enumerates(parent, name);
+    return EOK;
+}
+
+static errno_t ipa_subdom_store(struct sss_domain_info *parent,
                                 struct sdap_idmap_ctx *sdap_idmap_ctx,
-                                struct sysdb_attrs *attrs)
+                                struct sysdb_attrs *attrs,
+                                bool enumerate)
 {
     TALLOC_CTX *tmp_ctx;
     const char *name;
@@ -431,7 +466,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *domain,
     int ret;
     bool mpg;
 
-    tmp_ctx = talloc_new(domain);
+    tmp_ctx = talloc_new(parent);
     if (tmp_ctx == NULL) {
         return ENOMEM;
     }
@@ -462,8 +497,8 @@ static errno_t ipa_subdom_store(struct sss_domain_info *domain,
 
     mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, id);
 
-    ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat,
-                                id, mpg, false);
+    ret = sysdb_subdomain_store(parent->sysdb, name, realm, flat,
+                                id, mpg, enumerate);
     if (ret) {
         DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n"));
         goto done;
@@ -479,18 +514,19 @@ static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,
                                       int count, struct sysdb_attrs **reply,
                                       bool *changes)
 {
-    struct sss_domain_info *domain, *dom;
+    struct sss_domain_info *parent, *dom;
     bool handled[count];
     const char *value;
     int c, h;
     int ret;
+    bool enumerate;
 
-    domain = ctx->be_ctx->domain;
+    parent = ctx->be_ctx->domain;
     memset(handled, 0, sizeof(bool) * count);
     h = 0;
 
     /* check existing subdomains */
-    for (dom = get_next_domain(domain, true);
+    for (dom = get_next_domain(parent, true);
          dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
          dom = get_next_domain(dom, false)) {
         for (c = 0; c < count; c++) {
@@ -519,8 +555,13 @@ static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,
             ipa_ad_subdom_remove(ctx, dom);
         } else {
             /* ok let's try to update it */
-            ret = ipa_subdom_store(domain, ctx->sdap_id_ctx->opts->idmap_ctx,
-                                   reply[c]);
+            ret = ipa_subdom_enumerates(parent, reply[c], &enumerate);
+            if (ret != EOK) {
+                goto done;
+            }
+
+            ret = ipa_subdom_store(parent, ctx->sdap_id_ctx->opts->idmap_ctx,
+                                   reply[c], enumerate);
             if (ret) {
                 /* Nothing we can do about the errorr. Let's at least try
                  * to reuse the existing domain
@@ -549,8 +590,13 @@ static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,
         /* Nothing we can do about the errorr. Let's at least try
          * to reuse the existing domain.
          */
-        ret = ipa_subdom_store(domain, ctx->sdap_id_ctx->opts->idmap_ctx,
-                               reply[c]);
+        ret = ipa_subdom_enumerates(parent, reply[c], &enumerate);
+        if (ret != EOK) {
+            goto done;
+        }
+
+        ret = ipa_subdom_store(parent, ctx->sdap_id_ctx->opts->idmap_ctx,
+                               reply[c], enumerate);
         if (ret) {
             DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, "
                   "will try to use cached subdomain\n"));
-- 
cgit