From 7d4d2a29a210964024f971708e82c441034d49a7 Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Thu, 4 Dec 2014 13:26:32 +0100

Subject: [PATCH 161/167] IPA: do not look up overrides on client with default

 view

The IPA extdom plugin returns the data with the default view already

applied hence it is on needed to look up the override data if the client

has the default view assigned.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

(cherry picked from commit d8ceb194023a2cdc8bc183acc322e9a7fb6fe2b1)

---

 src/providers/ipa/ipa_s2n_exop.c | 63 +++++++++++++++++++++++++++++++---------

 1 file changed, 49 insertions(+), 14 deletions(-)

diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c

index 55450c7029391a99bfc33b8446765f71c4d0928a..1d9a79a383e47fcdd37f30a24327ae76facea5b9 100644

--- a/src/providers/ipa/ipa_s2n_exop.c

+++ b/src/providers/ipa/ipa_s2n_exop.c

@@ -888,11 +888,13 @@ struct ipa_s2n_get_groups_state {

     int exop_timeout;

     struct resp_attrs *attrs;

     struct sss_domain_info *obj_domain;

+    struct sysdb_attrs *override_attrs;

 };

 static errno_t ipa_s2n_get_groups_step(struct tevent_req *req);

 static void ipa_s2n_get_groups_get_override_done(struct tevent_req *subreq);

 static void ipa_s2n_get_groups_next(struct tevent_req *subreq);

+static errno_t ipa_s2n_get_groups_save_step(struct tevent_req *req);

 static struct tevent_req *ipa_s2n_get_groups_send(TALLOC_CTX *mem_ctx,

                                                   struct tevent_context *ev,

@@ -921,6 +923,7 @@ static struct tevent_req *ipa_s2n_get_groups_send(TALLOC_CTX *mem_ctx,

     state->req_input.inp.name = NULL;

     state->exop_timeout = exop_timeout;

     state->attrs = NULL;

+    state->override_attrs = NULL;

     ret = ipa_s2n_get_groups_step(req);

     if (ret != EOK) {

@@ -1018,6 +1021,18 @@ static void ipa_s2n_get_groups_next(struct tevent_req *subreq)

         goto fail;

     }

+    if (strcmp(state->ipa_ctx->view_name, SYSDB_DEFAULT_VIEW_NAME) == 0) {

+        ret = ipa_s2n_get_groups_save_step(req);

+        if (ret == EOK) {

+            tevent_req_done(req);

+        } else if (ret != EAGAIN) {

+            DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_groups_save_step failed.\n");

+            goto fail;

+        }

+

+        return;

+    }

+

     ret = sysdb_attrs_get_string(state->attrs->sysdb_attrs, SYSDB_SID_STR,

                                  &sid_str);

     if (ret != EOK) {

@@ -1059,39 +1074,55 @@ static void ipa_s2n_get_groups_get_override_done(struct tevent_req *subreq)

                                                       struct tevent_req);

     struct ipa_s2n_get_groups_state *state = tevent_req_data(req,

                                                struct ipa_s2n_get_groups_state);

-    struct sysdb_attrs *override_attrs = NULL;

-    ret = ipa_get_ad_override_recv(subreq, NULL, state, &override_attrs);

+    ret = ipa_get_ad_override_recv(subreq, NULL, state, &state->override_attrs);

     talloc_zfree(subreq);

     if (ret != EOK) {

         DEBUG(SSSDBG_OP_FAILURE, "IPA override lookup failed: %d\n", ret);

         goto fail;

     }

+    ret = ipa_s2n_get_groups_save_step(req);

+    if (ret == EOK) {

+        tevent_req_done(req);

+    } else if (ret != EAGAIN) {

+        DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_groups_save_step failed.\n");

+        goto fail;

+    }

+

+    return;

+

+fail:

+    tevent_req_error(req,ret);

+    return;

+}

+

+static errno_t ipa_s2n_get_groups_save_step(struct tevent_req *req)

+{

+    int ret;

+    struct ipa_s2n_get_groups_state *state = tevent_req_data(req,

+                                               struct ipa_s2n_get_groups_state);

+

     ret = ipa_s2n_save_objects(state->dom, &state->req_input, state->attrs,

-                               NULL, state->ipa_ctx->view_name, override_attrs);

+                               NULL, state->ipa_ctx->view_name,

+                               state->override_attrs);

     if (ret != EOK) {

         DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");

-        goto fail;

+        return ret;

     }

     state->group_idx++;

     if (state->group_list[state->group_idx] == NULL) {

-        tevent_req_done(req);

-        return;

+        return EOK;

     }

     ret = ipa_s2n_get_groups_step(req);

     if (ret != EOK) {

         DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_groups_step failed.\n");

-        goto fail;

+        return ret;

     }

-    return;

-

-fail:

-    tevent_req_error(req,ret);

-    return;

+    return EAGAIN;

 }

 static int ipa_s2n_get_groups_recv(struct tevent_req *req)

@@ -1484,7 +1515,9 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)

         ret = ENOENT;

     }

-    if (ret == ENOENT) {

+    if (ret == ENOENT

+            || strcmp(state->ipa_ctx->view_name,

+                      SYSDB_DEFAULT_VIEW_NAME) == 0) {

         ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,

                                    state->simple_attrs, NULL, NULL);

         if (ret != EOK) {

@@ -2046,7 +2079,9 @@ static void ipa_s2n_get_groups_done(struct tevent_req  *subreq)

         goto fail;

     }

-    if (state->override_attrs == NULL) {

+    if (state->override_attrs == NULL

+            && strcmp(state->ipa_ctx->view_name,

+                      SYSDB_DEFAULT_VIEW_NAME) != 0) {

         subreq = ipa_get_ad_override_send(state, state->ev,

                            state->ipa_ctx->sdap_id_ctx,

                            state->ipa_ctx->ipa_options,

-- 

2.1.0