summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-10-03 11:28:35 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-11-02 11:12:12 -0400
commitf26b61dfe246c750a42f1f9fb28f9df5981bc841 (patch)
treece9eeafc93507354f386416f46872e9840319687
parent357efd33759fd1297723d9956a7f77226fe26871 (diff)
downloadsssd-f26b61dfe246c750a42f1f9fb28f9df5981bc841.tar.gz
sssd-f26b61dfe246c750a42f1f9fb28f9df5981bc841.tar.bz2
sssd-f26b61dfe246c750a42f1f9fb28f9df5981bc841.zip
LDAP: Add support for multiple search bases for user enumeration
-rw-r--r--src/providers/ldap/ldap_id.c3
-rw-r--r--src/providers/ldap/ldap_id_enum.c3
-rw-r--r--src/providers/ldap/sdap_async.h3
-rw-r--r--src/providers/ldap/sdap_async_users.c48
4 files changed, 49 insertions, 8 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 3e93bb85..c381c19b 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -172,7 +172,8 @@ static void users_get_connect_done(struct tevent_req *subreq)
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index 45f4ef78..9923379d 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -482,7 +482,8 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ true);
if (!subreq) {
ret = ENOMEM;
goto fail;
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index ef18c775..262c04a0 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -49,7 +49,8 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
struct sdap_handle *sh,
const char **attrs,
const char *filter,
- int timeout);
+ int timeout,
+ bool enumeration);
int sdap_get_users_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx, char **timestamp);
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index b2623a3f..cf9a8d33 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -433,6 +433,7 @@ struct sdap_get_users_state {
const char *base_filter;
char *filter;
int timeout;
+ bool enumeration;
char *higher_usn;
struct sysdb_attrs **users;
@@ -454,7 +455,8 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
struct sdap_handle *sh,
const char **attrs,
const char *filter,
- int timeout)
+ int timeout,
+ bool enumeration)
{
errno_t ret;
struct tevent_req *req;
@@ -476,6 +478,7 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
state->base_filter = filter;
state->base_iter = 0;
state->search_bases = search_bases;
+ state->enumeration = enumeration;
ret = sdap_get_users_next_base(req);
if (ret != EOK) {
@@ -527,19 +530,49 @@ static void sdap_get_users_process(struct tevent_req *subreq)
struct sdap_get_users_state *state = tevent_req_data(req,
struct sdap_get_users_state);
int ret;
+ size_t count, i;
+ struct sysdb_attrs **users;
+ bool next_base = false;
ret = sdap_get_generic_recv(subreq, state,
- &state->count, &state->users);
+ &count, &users);
talloc_zfree(subreq);
if (ret) {
tevent_req_error(req, ret);
return;
}
- DEBUG(6, ("Search for users, returned %d results.\n", state->count));
+ DEBUG(6, ("Search for users, returned %d results.\n", count));
- if (state->count == 0) {
- /* No users found in this search */
+ if (state->enumeration || count == 0) {
+ /* No users found in this search or enumerating */
+ next_base = true;
+ }
+
+ /* Add this batch of users to the list */
+ if (count > 0) {
+ state->users =
+ talloc_realloc(state,
+ state->users,
+ struct sysdb_attrs *,
+ state->count + count + 1);
+ if (!state->users) {
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+
+ /* Copy the new users into the list
+ * They're already allocated on 'state'
+ */
+ for (i = 0; i < count; i++) {
+ state->users[state->count + i] = users[i];
+ }
+
+ state->count += count;
+ state->users[state->count] = NULL;
+ }
+
+ if (next_base) {
state->base_iter++;
if (state->search_bases[state->base_iter]) {
/* There are more search bases to try */
@@ -549,7 +582,12 @@ static void sdap_get_users_process(struct tevent_req *subreq)
}
return;
}
+ }
+ /* No more search bases
+ * Return ENOENT if no users were found
+ */
+ if (state->count == 0) {
tevent_req_error(req, ENOENT);
return;
}