From 2029b7b32c868dd5ad33dcc9b078d362ee9bb602 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 20 Nov 2017 12:04:50 +0100
Subject: [PATCH 70/79] ipa: handle users from different domains in
 ipa_resolve_user_list_send()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Instead of assuming that all users in the list can be found in the
provided domain with this patch the domain name part of the user name is
preferred. The provided domain name is used as a fallback.

Related to https://pagure.io/SSSD/sssd/issue/3579

Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
---
 src/providers/ipa/ipa_id.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
index 5044577f0faa95b19de9233240e92aa60f029774..9a092bc837f762af8d229ff5a7eb4c4ba4b78f2f 100644
--- a/src/providers/ipa/ipa_id.c
+++ b/src/providers/ipa/ipa_id.c
@@ -63,6 +63,8 @@ struct ipa_resolve_user_list_state {
     struct ipa_id_ctx *ipa_ctx;
     struct ldb_message_element *users;
     const char *domain_name;
+    struct sss_domain_info *domain;
+    struct sss_domain_info *user_domain;
     size_t user_idx;
 
     int dp_error;
@@ -91,6 +93,8 @@ ipa_resolve_user_list_send(TALLOC_CTX *memctx, struct tevent_context *ev,
     state->ev = ev;
     state->ipa_ctx = ipa_ctx;
     state->domain_name = domain_name;
+    state->domain = find_domain_by_name(state->ipa_ctx->sdap_id_ctx->be->domain,
+                                        state->domain_name, true);
     state->users = users;
     state->user_idx = 0;
     state->dp_error = DP_ERR_FATAL;
@@ -132,8 +136,17 @@ static errno_t ipa_resolve_user_list_get_user_step(struct tevent_req *req)
 
     DEBUG(SSSDBG_TRACE_ALL, "Trying to resolve user [%s].\n", ar->filter_value);
 
-    if (strcasecmp(state->domain_name,
-                   state->ipa_ctx->sdap_id_ctx->be->domain->name) != 0) {
+    state->user_domain = find_domain_by_object_name_ex(
+                                        state->ipa_ctx->sdap_id_ctx->be->domain,
+                                        ar->filter_value, true);
+    /* Use provided domain as as fallback is no known domain was found in the
+     * user name. */
+    if (state->user_domain == NULL) {
+        state->user_domain = state->domain;
+    }
+    ar->domain = state->user_domain->name;
+
+    if (state->user_domain != state->ipa_ctx->sdap_id_ctx->be->domain) {
         subreq = ipa_subdomain_account_send(state, state->ev, state->ipa_ctx,
                                             ar);
     } else {
@@ -158,8 +171,7 @@ static void ipa_resolve_user_list_get_user_done(struct tevent_req *subreq)
                                             struct ipa_resolve_user_list_state);
     int ret;
 
-    if (strcasecmp(state->domain_name,
-                   state->ipa_ctx->sdap_id_ctx->be->domain->name) != 0) {
+    if (state->user_domain != state->ipa_ctx->sdap_id_ctx->be->domain) {
         ret = ipa_subdomain_account_recv(subreq, &state->dp_error);
     } else {
         ret = ipa_id_get_account_info_recv(subreq, &state->dp_error);
-- 
2.15.1