|
 |
6cf099 |
From 179ac94a4910150b846ff1c959e766c5a31274cf Mon Sep 17 00:00:00 2001
|
|
|
6cf099 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
6cf099 |
Date: Fri, 8 May 2015 14:49:09 +0200
|
|
|
6cf099 |
Subject: [PATCH 10/13] LDAP: Add sdap_lookup_type enum
|
|
|
6cf099 |
MIME-Version: 1.0
|
|
|
6cf099 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6cf099 |
Content-Transfer-Encoding: 8bit
|
|
|
6cf099 |
|
|
|
6cf099 |
Related:
|
|
|
6cf099 |
https://fedorahosted.org/sssd/ticket/2553
|
|
|
6cf099 |
|
|
|
6cf099 |
Change the boolan parameter of sdap_get_users_send and sdap_get_groups_send
|
|
|
6cf099 |
to a tri-state that controls whether we expect only a single entry
|
|
|
6cf099 |
(ie don't use the paging control), multiple entries with a search limit
|
|
|
6cf099 |
(wildcard request) or multiple entries with no limit (enumeration).
|
|
|
6cf099 |
|
|
|
6cf099 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
6cf099 |
---
|
|
|
6cf099 |
src/providers/ldap/ldap_auth.c | 2 +-
|
|
|
6cf099 |
src/providers/ldap/ldap_id.c | 16 +++++++-------
|
|
|
6cf099 |
src/providers/ldap/sdap_async.h | 12 +++++++---
|
|
|
6cf099 |
src/providers/ldap/sdap_async_enum.c | 4 ++--
|
|
|
6cf099 |
src/providers/ldap/sdap_async_groups.c | 40 ++++++++++++++++++++++++----------
|
|
|
6cf099 |
src/providers/ldap/sdap_async_users.c | 32 ++++++++++++++++++++-------
|
|
|
6cf099 |
6 files changed, 73 insertions(+), 33 deletions(-)
|
|
|
6cf099 |
|
|
|
6cf099 |
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
|
|
|
6cf099 |
index 81717942613b4a91ebab668ba2ecfe13caab38be..217e80fd07abc41f2594d19397783683d44600cd 100644
|
|
|
6cf099 |
--- a/src/providers/ldap/ldap_auth.c
|
|
|
6cf099 |
+++ b/src/providers/ldap/ldap_auth.c
|
|
|
6cf099 |
@@ -418,7 +418,7 @@ static struct tevent_req *get_user_dn_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
sh, attrs, filter,
|
|
|
6cf099 |
dp_opt_get_int(opts->basic,
|
|
|
6cf099 |
SDAP_SEARCH_TIMEOUT),
|
|
|
6cf099 |
- false);
|
|
|
6cf099 |
+ SDAP_LOOKUP_SINGLE);
|
|
|
6cf099 |
if (!subreq) {
|
|
|
6cf099 |
ret = ENOMEM;
|
|
|
6cf099 |
goto done;
|
|
|
6cf099 |
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
|
|
|
6cf099 |
index 61f09fc41d3210af5044f5338dd90db67e0123a7..73840d2885ed15a7a9dae2e9175d8361c8fdfe7d 100644
|
|
|
6cf099 |
--- a/src/providers/ldap/ldap_id.c
|
|
|
6cf099 |
+++ b/src/providers/ldap/ldap_id.c
|
|
|
6cf099 |
@@ -396,12 +396,12 @@ static void users_get_search(struct tevent_req *req)
|
|
|
6cf099 |
struct users_get_state *state = tevent_req_data(req,
|
|
|
6cf099 |
struct users_get_state);
|
|
|
6cf099 |
struct tevent_req *subreq;
|
|
|
6cf099 |
- bool multiple_results;
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type;
|
|
|
6cf099 |
|
|
|
6cf099 |
if (state->filter_type == BE_FILTER_WILDCARD) {
|
|
|
6cf099 |
- multiple_results = true;
|
|
|
6cf099 |
+ lookup_type = SDAP_LOOKUP_WILDCARD;
|
|
|
6cf099 |
} else {
|
|
|
6cf099 |
- multiple_results = false;
|
|
|
6cf099 |
+ lookup_type = SDAP_LOOKUP_SINGLE;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
subreq = sdap_get_users_send(state, state->ev,
|
|
|
6cf099 |
@@ -412,7 +412,7 @@ static void users_get_search(struct tevent_req *req)
|
|
|
6cf099 |
state->attrs, state->filter,
|
|
|
6cf099 |
dp_opt_get_int(state->ctx->opts->basic,
|
|
|
6cf099 |
SDAP_SEARCH_TIMEOUT),
|
|
|
6cf099 |
- multiple_results);
|
|
|
6cf099 |
+ lookup_type);
|
|
|
6cf099 |
if (!subreq) {
|
|
|
6cf099 |
tevent_req_error(req, ENOMEM);
|
|
|
6cf099 |
return;
|
|
|
6cf099 |
@@ -901,12 +901,12 @@ static void groups_get_search(struct tevent_req *req)
|
|
|
6cf099 |
struct groups_get_state *state = tevent_req_data(req,
|
|
|
6cf099 |
struct groups_get_state);
|
|
|
6cf099 |
struct tevent_req *subreq;
|
|
|
6cf099 |
- bool multiple_results;
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type;
|
|
|
6cf099 |
|
|
|
6cf099 |
if (state->filter_type == BE_FILTER_WILDCARD) {
|
|
|
6cf099 |
- multiple_results = true;
|
|
|
6cf099 |
+ lookup_type = SDAP_LOOKUP_WILDCARD;
|
|
|
6cf099 |
} else {
|
|
|
6cf099 |
- multiple_results = false;
|
|
|
6cf099 |
+ lookup_type = SDAP_LOOKUP_SINGLE;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
subreq = sdap_get_groups_send(state, state->ev,
|
|
|
6cf099 |
@@ -916,7 +916,7 @@ static void groups_get_search(struct tevent_req *req)
|
|
|
6cf099 |
state->attrs, state->filter,
|
|
|
6cf099 |
dp_opt_get_int(state->ctx->opts->basic,
|
|
|
6cf099 |
SDAP_SEARCH_TIMEOUT),
|
|
|
6cf099 |
- multiple_results,
|
|
|
6cf099 |
+ lookup_type,
|
|
|
6cf099 |
state->no_members);
|
|
|
6cf099 |
if (!subreq) {
|
|
|
6cf099 |
tevent_req_error(req, ENOMEM);
|
|
|
6cf099 |
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
|
|
|
6cf099 |
index b23dfc313905d01caedd1eace6bcb525481b9ebe..09bc0d65407253f93514b30877850cc38009c625 100644
|
|
|
6cf099 |
--- a/src/providers/ldap/sdap_async.h
|
|
|
6cf099 |
+++ b/src/providers/ldap/sdap_async.h
|
|
|
6cf099 |
@@ -59,6 +59,12 @@ errno_t sdap_connect_host_recv(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
struct sdap_handle **_sh);
|
|
|
6cf099 |
|
|
|
6cf099 |
/* Search users in LDAP, return them as attrs */
|
|
|
6cf099 |
+enum sdap_entry_lookup_type {
|
|
|
6cf099 |
+ SDAP_LOOKUP_SINGLE, /* Direct single-user/group lookup */
|
|
|
6cf099 |
+ SDAP_LOOKUP_WILDCARD, /* Multiple entries with a limit */
|
|
|
6cf099 |
+ SDAP_LOOKUP_ENUMERATE, /* Fetch all entries from the server */
|
|
|
6cf099 |
+};
|
|
|
6cf099 |
+
|
|
|
6cf099 |
struct tevent_req *sdap_search_user_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
struct tevent_context *ev,
|
|
|
6cf099 |
struct sss_domain_info *dom,
|
|
|
6cf099 |
@@ -68,7 +74,7 @@ struct tevent_req *sdap_search_user_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
const char **attrs,
|
|
|
6cf099 |
const char *filter,
|
|
|
6cf099 |
int timeout,
|
|
|
6cf099 |
- bool enumeration);
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type);
|
|
|
6cf099 |
int sdap_search_user_recv(TALLOC_CTX *memctx, struct tevent_req *req,
|
|
|
6cf099 |
char **higher_usn, struct sysdb_attrs ***users,
|
|
|
6cf099 |
size_t *count);
|
|
|
6cf099 |
@@ -84,7 +90,7 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
const char **attrs,
|
|
|
6cf099 |
const char *filter,
|
|
|
6cf099 |
int timeout,
|
|
|
6cf099 |
- bool enumeration);
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type);
|
|
|
6cf099 |
int sdap_get_users_recv(struct tevent_req *req,
|
|
|
6cf099 |
TALLOC_CTX *mem_ctx, char **timestamp);
|
|
|
6cf099 |
|
|
|
6cf099 |
@@ -96,7 +102,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
const char **attrs,
|
|
|
6cf099 |
const char *filter,
|
|
|
6cf099 |
int timeout,
|
|
|
6cf099 |
- bool enumeration,
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type,
|
|
|
6cf099 |
bool no_members);
|
|
|
6cf099 |
int sdap_get_groups_recv(struct tevent_req *req,
|
|
|
6cf099 |
TALLOC_CTX *mem_ctx, char **timestamp);
|
|
|
6cf099 |
diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c
|
|
|
6cf099 |
index 35afc55f809669a44aa2beda7d87dfe62d6ec10b..f22276c3ce6f839b765bbc1602fafb010cc37d89 100644
|
|
|
6cf099 |
--- a/src/providers/ldap/sdap_async_enum.c
|
|
|
6cf099 |
+++ b/src/providers/ldap/sdap_async_enum.c
|
|
|
6cf099 |
@@ -635,7 +635,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
state->attrs, state->filter,
|
|
|
6cf099 |
dp_opt_get_int(state->ctx->opts->basic,
|
|
|
6cf099 |
SDAP_ENUM_SEARCH_TIMEOUT),
|
|
|
6cf099 |
- true);
|
|
|
6cf099 |
+ SDAP_LOOKUP_ENUMERATE);
|
|
|
6cf099 |
if (!subreq) {
|
|
|
6cf099 |
ret = ENOMEM;
|
|
|
6cf099 |
goto fail;
|
|
|
6cf099 |
@@ -811,7 +811,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
state->attrs, state->filter,
|
|
|
6cf099 |
dp_opt_get_int(state->ctx->opts->basic,
|
|
|
6cf099 |
SDAP_ENUM_SEARCH_TIMEOUT),
|
|
|
6cf099 |
- true, false);
|
|
|
6cf099 |
+ SDAP_LOOKUP_ENUMERATE, false);
|
|
|
6cf099 |
if (!subreq) {
|
|
|
6cf099 |
ret = ENOMEM;
|
|
|
6cf099 |
goto fail;
|
|
|
6cf099 |
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
|
|
|
6cf099 |
index e785307e60d0df5be96a5b2de2c07baabaf1e371..ad0354df1fce9011c68cabb6049e7feee92a44c0 100644
|
|
|
6cf099 |
--- a/src/providers/ldap/sdap_async_groups.c
|
|
|
6cf099 |
+++ b/src/providers/ldap/sdap_async_groups.c
|
|
|
6cf099 |
@@ -1721,7 +1721,7 @@ struct sdap_get_groups_state {
|
|
|
6cf099 |
const char *base_filter;
|
|
|
6cf099 |
char *filter;
|
|
|
6cf099 |
int timeout;
|
|
|
6cf099 |
- bool enumeration;
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type;
|
|
|
6cf099 |
bool no_members;
|
|
|
6cf099 |
|
|
|
6cf099 |
char *higher_usn;
|
|
|
6cf099 |
@@ -1752,7 +1752,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
const char **attrs,
|
|
|
6cf099 |
const char *filter,
|
|
|
6cf099 |
int timeout,
|
|
|
6cf099 |
- bool enumeration,
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type,
|
|
|
6cf099 |
bool no_members)
|
|
|
6cf099 |
{
|
|
|
6cf099 |
errno_t ret;
|
|
|
6cf099 |
@@ -1775,7 +1775,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
state->groups = NULL;
|
|
|
6cf099 |
state->count = 0;
|
|
|
6cf099 |
state->timeout = timeout;
|
|
|
6cf099 |
- state->enumeration = enumeration;
|
|
|
6cf099 |
+ state->lookup_type = lookup_type;
|
|
|
6cf099 |
state->no_members = no_members;
|
|
|
6cf099 |
state->base_filter = filter;
|
|
|
6cf099 |
state->base_iter = 0;
|
|
|
6cf099 |
@@ -1855,6 +1855,7 @@ static errno_t sdap_get_groups_next_base(struct tevent_req *req)
|
|
|
6cf099 |
{
|
|
|
6cf099 |
struct tevent_req *subreq;
|
|
|
6cf099 |
struct sdap_get_groups_state *state;
|
|
|
6cf099 |
+ bool need_paging = false;
|
|
|
6cf099 |
|
|
|
6cf099 |
state = tevent_req_data(req, struct sdap_get_groups_state);
|
|
|
6cf099 |
|
|
|
6cf099 |
@@ -1870,6 +1871,19 @@ static errno_t sdap_get_groups_next_base(struct tevent_req *req)
|
|
|
6cf099 |
"Searching for groups with base [%s]\n",
|
|
|
6cf099 |
state->search_bases[state->base_iter]->basedn);
|
|
|
6cf099 |
|
|
|
6cf099 |
+ switch (state->lookup_type) {
|
|
|
6cf099 |
+ case SDAP_LOOKUP_SINGLE:
|
|
|
6cf099 |
+ need_paging = false;
|
|
|
6cf099 |
+ break;
|
|
|
6cf099 |
+ /* Only requests that can return multiple entries should require
|
|
|
6cf099 |
+ * the paging control
|
|
|
6cf099 |
+ */
|
|
|
6cf099 |
+ case SDAP_LOOKUP_WILDCARD:
|
|
|
6cf099 |
+ case SDAP_LOOKUP_ENUMERATE:
|
|
|
6cf099 |
+ need_paging = true;
|
|
|
6cf099 |
+ break;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
subreq = sdap_get_and_parse_generic_send(
|
|
|
6cf099 |
state, state->ev, state->opts,
|
|
|
6cf099 |
state->ldap_sh != NULL ? state->ldap_sh : state->sh,
|
|
|
6cf099 |
@@ -1878,7 +1892,7 @@ static errno_t sdap_get_groups_next_base(struct tevent_req *req)
|
|
|
6cf099 |
state->filter, state->attrs,
|
|
|
6cf099 |
state->opts->group_map, SDAP_OPTS_GROUP,
|
|
|
6cf099 |
0, NULL, NULL, 0, state->timeout,
|
|
|
6cf099 |
- state->enumeration); /* If we're enumerating, we need paging */
|
|
|
6cf099 |
+ need_paging);
|
|
|
6cf099 |
if (!subreq) {
|
|
|
6cf099 |
return ENOMEM;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
@@ -1914,14 +1928,17 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
|
|
|
6cf099 |
DEBUG(SSSDBG_TRACE_FUNC,
|
|
|
6cf099 |
"Search for groups, returned %zu results.\n", count);
|
|
|
6cf099 |
|
|
|
6cf099 |
- if (!state->enumeration && count > 1) {
|
|
|
6cf099 |
+ if (state->lookup_type == SDAP_LOOKUP_SINGLE && count > 1) {
|
|
|
6cf099 |
DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
6cf099 |
"Individual group search returned multiple results\n");
|
|
|
6cf099 |
tevent_req_error(req, EINVAL);
|
|
|
6cf099 |
return;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
- if (state->enumeration || count == 0) {
|
|
|
6cf099 |
+ if (state->lookup_type == SDAP_LOOKUP_WILDCARD || \
|
|
|
6cf099 |
+ state->lookup_type == SDAP_LOOKUP_ENUMERATE || \
|
|
|
6cf099 |
+ count == 0) {
|
|
|
6cf099 |
+ /* No users found in this search or looking up multiple entries */
|
|
|
6cf099 |
next_base = true;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
@@ -2003,7 +2020,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
|
|
|
6cf099 |
* LDAP_MATCHING_RULE_IN_CHAIN available in
|
|
|
6cf099 |
* AD 2008 and later
|
|
|
6cf099 |
*/
|
|
|
6cf099 |
- if (!state->enumeration) {
|
|
|
6cf099 |
+ if (state->lookup_type == SDAP_LOOKUP_SINGLE) {
|
|
|
6cf099 |
if ((state->opts->schema_type != SDAP_SCHEMA_RFC2307)
|
|
|
6cf099 |
&& (dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0)
|
|
|
6cf099 |
&& !dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_GROUPS)) {
|
|
|
6cf099 |
@@ -2026,7 +2043,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
|
|
|
6cf099 |
/* If we're using LDAP_MATCHING_RULE_IN_CHAIN, start a subreq to
|
|
|
6cf099 |
* retrieve the members so we can save them in a single step.
|
|
|
6cf099 |
*/
|
|
|
6cf099 |
- if (!state->enumeration
|
|
|
6cf099 |
+ if (state->lookup_type == SDAP_LOOKUP_SINGLE
|
|
|
6cf099 |
&& (state->opts->schema_type != SDAP_SCHEMA_RFC2307)
|
|
|
6cf099 |
&& state->opts->support_matching_rule
|
|
|
6cf099 |
&& dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_GROUPS)) {
|
|
|
6cf099 |
@@ -2050,7 +2067,8 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
|
|
|
6cf099 |
return;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
- if (state->enumeration
|
|
|
6cf099 |
+ if ((state->lookup_type == SDAP_LOOKUP_ENUMERATE
|
|
|
6cf099 |
+ || state->lookup_type == SDAP_LOOKUP_WILDCARD)
|
|
|
6cf099 |
&& state->opts->schema_type != SDAP_SCHEMA_RFC2307
|
|
|
6cf099 |
&& dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0) {
|
|
|
6cf099 |
DEBUG(SSSDBG_TRACE_ALL, "Saving groups without members first "
|
|
|
6cf099 |
@@ -2069,7 +2087,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
|
|
|
6cf099 |
subreq = sdap_process_group_send(state, state->ev, state->dom,
|
|
|
6cf099 |
state->sysdb, state->opts,
|
|
|
6cf099 |
state->sh, state->groups[i],
|
|
|
6cf099 |
- state->enumeration);
|
|
|
6cf099 |
+ state->lookup_type == SDAP_LOOKUP_ENUMERATE);
|
|
|
6cf099 |
|
|
|
6cf099 |
if (!subreq) {
|
|
|
6cf099 |
tevent_req_error(req, ENOMEM);
|
|
|
6cf099 |
@@ -2116,7 +2134,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq)
|
|
|
6cf099 |
ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts,
|
|
|
6cf099 |
state->groups, state->count,
|
|
|
6cf099 |
!state->dom->ignore_group_members, NULL,
|
|
|
6cf099 |
- !state->enumeration,
|
|
|
6cf099 |
+ state->lookup_type == SDAP_LOOKUP_SINGLE,
|
|
|
6cf099 |
&state->higher_usn);
|
|
|
6cf099 |
if (ret) {
|
|
|
6cf099 |
DEBUG(SSSDBG_OP_FAILURE, "Failed to store groups.\n");
|
|
|
6cf099 |
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
|
|
|
6cf099 |
index 216b49477bf21481265444c5c03df0aac7ee84e4..f66ae2604c867d4a5e8d223081ece9f1e474cf73 100644
|
|
|
6cf099 |
--- a/src/providers/ldap/sdap_async_users.c
|
|
|
6cf099 |
+++ b/src/providers/ldap/sdap_async_users.c
|
|
|
6cf099 |
@@ -606,7 +606,7 @@ struct sdap_search_user_state {
|
|
|
6cf099 |
const char *base_filter;
|
|
|
6cf099 |
const char *filter;
|
|
|
6cf099 |
int timeout;
|
|
|
6cf099 |
- bool enumeration;
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type;
|
|
|
6cf099 |
|
|
|
6cf099 |
char *higher_usn;
|
|
|
6cf099 |
struct sysdb_attrs **users;
|
|
|
6cf099 |
@@ -628,7 +628,7 @@ struct tevent_req *sdap_search_user_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
const char **attrs,
|
|
|
6cf099 |
const char *filter,
|
|
|
6cf099 |
int timeout,
|
|
|
6cf099 |
- bool enumeration)
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type)
|
|
|
6cf099 |
{
|
|
|
6cf099 |
errno_t ret;
|
|
|
6cf099 |
struct tevent_req *req;
|
|
|
6cf099 |
@@ -649,7 +649,7 @@ struct tevent_req *sdap_search_user_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
state->base_filter = filter;
|
|
|
6cf099 |
state->base_iter = 0;
|
|
|
6cf099 |
state->search_bases = search_bases;
|
|
|
6cf099 |
- state->enumeration = enumeration;
|
|
|
6cf099 |
+ state->lookup_type = lookup_type;
|
|
|
6cf099 |
|
|
|
6cf099 |
if (!state->search_bases) {
|
|
|
6cf099 |
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
6cf099 |
@@ -673,6 +673,7 @@ static errno_t sdap_search_user_next_base(struct tevent_req *req)
|
|
|
6cf099 |
{
|
|
|
6cf099 |
struct tevent_req *subreq;
|
|
|
6cf099 |
struct sdap_search_user_state *state;
|
|
|
6cf099 |
+ bool need_paging = false;
|
|
|
6cf099 |
|
|
|
6cf099 |
state = tevent_req_data(req, struct sdap_search_user_state);
|
|
|
6cf099 |
|
|
|
6cf099 |
@@ -688,6 +689,19 @@ static errno_t sdap_search_user_next_base(struct tevent_req *req)
|
|
|
6cf099 |
"Searching for users with base [%s]\n",
|
|
|
6cf099 |
state->search_bases[state->base_iter]->basedn);
|
|
|
6cf099 |
|
|
|
6cf099 |
+ switch (state->lookup_type) {
|
|
|
6cf099 |
+ case SDAP_LOOKUP_SINGLE:
|
|
|
6cf099 |
+ need_paging = false;
|
|
|
6cf099 |
+ break;
|
|
|
6cf099 |
+ /* Only requests that can return multiple entries should require
|
|
|
6cf099 |
+ * the paging control
|
|
|
6cf099 |
+ */
|
|
|
6cf099 |
+ case SDAP_LOOKUP_WILDCARD:
|
|
|
6cf099 |
+ case SDAP_LOOKUP_ENUMERATE:
|
|
|
6cf099 |
+ need_paging = true;
|
|
|
6cf099 |
+ break;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
subreq = sdap_get_and_parse_generic_send(
|
|
|
6cf099 |
state, state->ev, state->opts, state->sh,
|
|
|
6cf099 |
state->search_bases[state->base_iter]->basedn,
|
|
|
6cf099 |
@@ -695,7 +709,7 @@ static errno_t sdap_search_user_next_base(struct tevent_req *req)
|
|
|
6cf099 |
state->filter, state->attrs,
|
|
|
6cf099 |
state->opts->user_map, state->opts->user_map_cnt,
|
|
|
6cf099 |
0, NULL, NULL, 0, state->timeout,
|
|
|
6cf099 |
- state->enumeration); /* If we're enumerating, we need paging */
|
|
|
6cf099 |
+ need_paging);
|
|
|
6cf099 |
if (subreq == NULL) {
|
|
|
6cf099 |
return ENOMEM;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
@@ -726,8 +740,10 @@ static void sdap_search_user_process(struct tevent_req *subreq)
|
|
|
6cf099 |
DEBUG(SSSDBG_TRACE_FUNC,
|
|
|
6cf099 |
"Search for users, returned %zu results.\n", count);
|
|
|
6cf099 |
|
|
|
6cf099 |
- if (state->enumeration || count == 0) {
|
|
|
6cf099 |
- /* No users found in this search or enumerating */
|
|
|
6cf099 |
+ if (state->lookup_type == SDAP_LOOKUP_WILDCARD || \
|
|
|
6cf099 |
+ state->lookup_type == SDAP_LOOKUP_ENUMERATE || \
|
|
|
6cf099 |
+ count == 0) {
|
|
|
6cf099 |
+ /* No users found in this search or looking up multiple entries */
|
|
|
6cf099 |
next_base = true;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
@@ -827,7 +843,7 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
const char **attrs,
|
|
|
6cf099 |
const char *filter,
|
|
|
6cf099 |
int timeout,
|
|
|
6cf099 |
- bool enumeration)
|
|
|
6cf099 |
+ enum sdap_entry_lookup_type lookup_type)
|
|
|
6cf099 |
{
|
|
|
6cf099 |
errno_t ret;
|
|
|
6cf099 |
struct tevent_req *req;
|
|
|
6cf099 |
@@ -842,7 +858,7 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
|
|
|
6cf099 |
state->dom = dom;
|
|
|
6cf099 |
|
|
|
6cf099 |
subreq = sdap_search_user_send(state, ev, dom, opts, search_bases,
|
|
|
6cf099 |
- sh, attrs, filter, timeout, enumeration);
|
|
|
6cf099 |
+ sh, attrs, filter, timeout, lookup_type);
|
|
|
6cf099 |
if (subreq == NULL) {
|
|
|
6cf099 |
ret = ENOMEM;
|
|
|
6cf099 |
goto done;
|
|
|
6cf099 |
--
|
|
|
6cf099 |
2.4.3
|
|
|
6cf099 |
|