From ae8d047122c7ba8123f72b2eac68944868ac37d4 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 8 May 2012 08:47:33 -0400
Subject: LDAP: Handle very large Active Directory groups

Active Directory 2008R2 allows only 1500 group members to be
retrieved in a single lookup. However, when we hit such a
situation, we can take advantage of the ASQ lookups, which are not
similarly limited.

With this patch, we will add any members found by ASQ that were
not found by the initial lookup so we will end with a complete
group listing.

https://fedorahosted.org/sssd/ticket/783
---
 src/providers/ldap/sdap_range.c | 130 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 130 insertions(+)
 create mode 100644 src/providers/ldap/sdap_range.c

(limited to 'src/providers/ldap/sdap_range.c')

diff --git a/src/providers/ldap/sdap_range.c b/src/providers/ldap/sdap_range.c
new file mode 100644
index 00000000..295b6605
--- /dev/null
+++ b/src/providers/ldap/sdap_range.c
@@ -0,0 +1,130 @@
+/*
+    SSSD
+
+    Authors:
+        Stephen Gallagher <sgallagh@redhat.com>
+
+    Copyright (C) 2012 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "providers/ldap/sdap_range.h"
+#include "util/util.h"
+#include "util/strtonum.h"
+
+#define SDAP_RANGE_STRING "range="
+
+errno_t sdap_parse_range(TALLOC_CTX *mem_ctx,
+                         const char *attr_desc,
+                         char **base_attr,
+                         uint32_t *range_offset)
+{
+    errno_t ret;
+    TALLOC_CTX *tmp_ctx;
+    char *endptr;
+    char *end_range;
+    char *base;
+    size_t rangestringlen = sizeof(SDAP_RANGE_STRING) - 1;
+
+    *range_offset = 0;
+
+    tmp_ctx = talloc_new(NULL);
+    if (!tmp_ctx) return ENOMEM;
+
+    /* The base_attr is the portion before the semicolon (if it exists) */
+    endptr = strchr(attr_desc, ';');
+    if (endptr == NULL) {
+        /* Not a ranged attribute. Just copy the attribute desc */
+        *base_attr = talloc_strdup(mem_ctx, attr_desc);
+        if (!*base_attr) {
+            ret = ENOMEM;
+        } else {
+            ret = EOK;
+        }
+        DEBUG(SSSDBG_TRACE_INTERNAL,
+              ("No sub-attributes for [%s]\n", attr_desc));
+        goto done;
+    }
+
+    /* This is a complex attribute. First get the base attribute name */
+    base = talloc_strndup(tmp_ctx, attr_desc,
+                          endptr - attr_desc);
+    if (!base) {
+        ret = ENOMEM;
+        goto done;
+    }
+    DEBUG(SSSDBG_TRACE_LIBS,
+          ("Base attribute of [%s] is [%s]\n",
+           attr_desc, base));
+
+    /* Next, determine if this is a ranged attribute */
+    if (strncmp(endptr+1, SDAP_RANGE_STRING, rangestringlen) != 0) {
+        /* This is some other sub-attribute. We'll just return the whole
+         * thing in case it's dealt with elsewhere.
+         */
+        *base_attr = talloc_strdup(mem_ctx, attr_desc);
+        if (!*base_attr) {
+            ret = ENOMEM;
+        } else {
+            ret = EOK;
+        }
+        DEBUG(SSSDBG_TRACE_LIBS,
+              ("[%s] contains sub-attribute other than a range, returning whole\n",
+               attr_desc));
+        goto done;
+    }
+
+    /* Get the end of the range */
+    end_range = strchr(endptr + rangestringlen +1, '-');
+    if (!end_range) {
+        ret = EINVAL;
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              ("Cannot find hyphen in [%s]\n",
+               endptr + rangestringlen +1));
+        goto done;
+    }
+    end_range++; /* advance past the hyphen */
+
+    if (*end_range == '*') {
+        /* this was the last iteration of range retrievals */
+        *base_attr = talloc_steal(mem_ctx, base);
+        *range_offset = 0;
+        DEBUG(SSSDBG_TRACE_LIBS,
+              ("[%s] contained the last set of values for this attribute\n",
+               attr_desc));
+        return EOK;
+    }
+
+    *range_offset = strtouint32(end_range, &endptr, 10);
+    if (*endptr != '\0') {
+        *range_offset = 0;
+        ret = errno;
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              ("[%s] did not parse as an unsigned integer: [%s]\n",
+               end_range, strerror(ret)));
+        goto done;
+    }
+    (*range_offset)++;
+
+    *base_attr = talloc_steal(mem_ctx, base);
+    DEBUG(SSSDBG_TRACE_LIBS,
+          ("Parsed range values: [%s][%d]\n",
+           base, *range_offset));
+
+    ret = EAGAIN;
+done:
+    talloc_free(tmp_ctx);
+    return ret;
+}
-- 
cgit