From 6f15f531c83468bdde72f6109bd7153e9833763c Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Jun 14 2016 21:28:54 +0000
Subject: ipa-submit: Retry without "ca" on OptionError


Add a fallback for when the IPA server returns error 3005 ("OptionError")
when we've tried to use the "ca" named argument in a request.  As we did
with "profile_id" earlier, take a guess that it didn't understand the
most recently-added option that we're setting, and retry without it set.

---

diff --git a/src/ipa.c b/src/ipa.c
index f2736c6..f8abe60 100644
--- a/src/ipa.c
+++ b/src/ipa.c
@@ -387,6 +387,14 @@ submit:
 		switch (i / 1000) {
 		case 2: /* authorization error - permanent */
 		case 3: /* invocation error - permanent */
+			if ((i == 3005) && (issuer != NULL)) {
+				/* Most likely the server didn't understand the
+				 * "ca" argument.  At least, at this
+				 * point.  Randomly dropping arguments is not
+				 * really an extensible solution, though. */
+				issuer = NULL;
+				goto submit;
+			}
 			if ((i == 3005) && (profile != NULL)) {
 				/* Most likely the server didn't understand the
 				 * "profile_id" argument.  At least, at this