From 3dcc8efe27567bfa5300db1dd5e971571b671706 Mon Sep 17 00:00:00 2001
From: Petr Cech <pcech@redhat.com>
Date: Mon, 27 Jun 2016 11:51:30 +0200
Subject: [PATCH 4/5] AD_PROVIDER: ad_enabled_domains - other then master

We can skip looking up other domains if
option ad_enabled_domains doesn't contain them.

Resolves:
https://fedorahosted.org/sssd/ticket/2828
---
 src/providers/ad/ad_subdomains.c | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 6fa134eed69aa8f0a672bc53c9b0d7dd0d7f37b1..f9e4ac57904514c89bcc3a8160194fd0be246a21 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -497,6 +497,7 @@ done:
 
 static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
                                      struct sss_domain_info *domain,
+                                     const char **enabled_domains_list,
                                      size_t nsd, struct sysdb_attrs **sd,
                                      struct sysdb_attrs *root,
                                      size_t *_nsd_out,
@@ -505,9 +506,11 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
     size_t i, sdi;
     struct sysdb_attrs **sd_out;
     const char *sd_name;
+    const bool is_sd_filtered = (enabled_domains_list == NULL) ? false : true;
+    bool is_sd_enabled;
     errno_t ret;
 
-    if (root == NULL) {
+    if (root == NULL && is_sd_filtered == false) {
         /* We are connected directly to the root domain. The 'sd'
          * list is complete and we can just use it
          */
@@ -534,6 +537,17 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
             goto fail;
         }
 
+        is_sd_enabled = true;
+        if (is_sd_filtered == true) {
+            is_sd_enabled = false;
+            for (size_t j = 0; enabled_domains_list[j] != NULL; j++) {
+                if (strcmp(sd_name, enabled_domains_list[j]) == 0) {
+                    is_sd_enabled = true;
+                    break;
+                }
+            }
+        }
+
         if (strcasecmp(sd_name, domain->name) == 0) {
             DEBUG(SSSDBG_TRACE_INTERNAL,
                   "Not including primary domain %s in the subdomain list\n",
@@ -541,14 +555,19 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
             continue;
         }
 
-        sd_out[sdi] = talloc_steal(sd_out, sd[i]);
-        sdi++;
+        if (is_sd_enabled) {
+            sd_out[sdi] = talloc_steal(sd_out, sd[i]);
+            sdi++;
+        }
     }
 
     /* Now include the root */
-    sd_out[sdi] = talloc_steal(sd_out, root);
+    if (root != NULL) {
+        sd_out[sdi] = talloc_steal(sd_out, root);
+        sdi++;
+    }
 
-    *_nsd_out = sdi+1;
+    *_nsd_out = sdi;
     *_sd_out = sd_out;
     return EOK;
 
@@ -789,6 +808,7 @@ static void ad_get_slave_domain_done(struct tevent_req *subreq)
      * subdomains.
      */
     ret = ad_subdomains_process(state, state->be_ctx->domain,
+                                state->sd_ctx->ad_enabled_domains,
                                 reply_count, reply, state->root_attrs,
                                 &nsubdoms, &subdoms);
     if (ret != EOK) {
@@ -1448,7 +1468,7 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx,
 {
     struct ad_subdomains_ctx *sd_ctx;
     const char *ad_domain;
-    char **ad_enabled_domains = NULL;
+    const char **ad_enabled_domains = NULL;
     time_t period;
     errno_t ret;
 
-- 
2.5.5