summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/providers/ipa/ipa_auth.c3
-rw-r--r--src/providers/ipa/ipa_hbac_hosts.c12
-rw-r--r--src/providers/ipa/ipa_hbac_rules.c3
-rw-r--r--src/providers/ipa/ipa_hbac_services.c6
-rw-r--r--src/providers/ldap/ldap_id.c6
-rw-r--r--src/providers/ldap/ldap_id_enum.c6
-rw-r--r--src/providers/ldap/sdap_access.c3
-rw-r--r--src/providers/ldap/sdap_async.c22
-rw-r--r--src/providers/ldap/sdap_async.h9
-rw-r--r--src/providers/ldap/sdap_async_accounts.c44
-rw-r--r--src/providers/ldap/sdap_async_netgroups.c5
11 files changed, 82 insertions, 37 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index d8d8ad5ae..3b125e30d 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -155,7 +155,8 @@ static void get_password_migration_flag_auth_done(struct tevent_req *subreq)
state->sh, search_base, LDAP_SCOPE_SUBTREE,
IPA_CONFIG_FILTER, attrs, NULL, 0,
dp_opt_get_int(state->sdap_auth_ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c
index 5626bd22e..667cf9066 100644
--- a/src/providers/ipa/ipa_hbac_hosts.c
+++ b/src/providers/ipa/ipa_hbac_hosts.c
@@ -125,7 +125,8 @@ ipa_hbac_host_info_send(TALLOC_CTX *mem_ctx,
LDAP_SCOPE_SUB, host_filter,
state->attrs, NULL, 0,
dp_opt_get_int(opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ true);
if (subreq == NULL) {
DEBUG(1, ("Error requesting host info\n"));
ret = EIO;
@@ -211,7 +212,8 @@ ipa_hbac_host_info_done(struct tevent_req *subreq)
hostgroup_filter, state->attrs, hostgroup_map,
HOSTGROUP_MAP_ATTRS_COUNT,
dp_opt_get_int(state->opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ true);
if (subreq == NULL) {
DEBUG(1, ("Error requesting host info\n"));
goto error;
@@ -372,7 +374,8 @@ ipa_hbac_get_hostgroups_send(TALLOC_CTX *mem_ctx,
LDAP_SCOPE_BASE, NULL, state->attrs,
hostgroup_map, HOSTGROUP_MAP_ATTRS_COUNT,
dp_opt_get_int(state->opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
ret = ENOMEM;
goto error;
@@ -437,7 +440,8 @@ next:
LDAP_SCOPE_BASE, NULL, state->attrs,
hostgroup_map, HOSTGROUP_MAP_ATTRS_COUNT,
dp_opt_get_int(state->opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
ret = ENOMEM;
goto done;
diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c
index 43e1e4263..1818a5c1d 100644
--- a/src/providers/ipa/ipa_hbac_rules.c
+++ b/src/providers/ipa/ipa_hbac_rules.c
@@ -162,7 +162,8 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
LDAP_SCOPE_SUB, rule_filter, rule_attrs,
NULL, 0,
dp_opt_get_int(state->opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ true);
if (subreq == NULL) {
DEBUG(1, ("sdap_get_generic_send failed.\n"));
ret = ENOMEM;
diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c
index d5390e519..b636576ad 100644
--- a/src/providers/ipa/ipa_hbac_services.c
+++ b/src/providers/ipa/ipa_hbac_services.c
@@ -98,7 +98,8 @@ ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx,
LDAP_SCOPE_SUB, service_filter,
state->attrs, NULL, 0,
dp_opt_get_int(opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ true);
if (subreq == NULL) {
DEBUG(1, ("Error requesting service info\n"));
ret = EIO;
@@ -170,7 +171,8 @@ ipa_hbac_service_info_done(struct tevent_req *subreq)
state->search_base, LDAP_SCOPE_SUB,
servicegroup_filter, state->attrs, NULL, 0,
dp_opt_get_int(state->opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ true);
if (subreq == NULL) {
DEBUG(1, ("Error requesting host info\n"));
ret = EIO;
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 709f2ca05..02f55d8b9 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -171,7 +171,8 @@ static void users_get_connect_done(struct tevent_req *subreq)
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false); /* No enumeration */
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
@@ -407,7 +408,8 @@ static void groups_get_connect_done(struct tevent_req *subreq)
state->ctx->opts, sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false); /* No enumeration */
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index 2e47722a1..581776587 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -479,7 +479,8 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ true); /* Enumeration */
if (!subreq) {
ret = ENOMEM;
goto fail;
@@ -589,7 +590,8 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
state->ctx->opts, sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ true); /* Enumeration */
if (!subreq) {
ret = ENOMEM;
goto fail;
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index 8757510c3..712c76f5e 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -745,7 +745,8 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq)
state->filter, NULL,
NULL, 0,
dp_opt_get_int(state->sdap_ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (subreq == NULL) {
DEBUG(1, ("Could not start LDAP communication\n"));
state->pam_status = PAM_SYSTEM_ERR;
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 6412666d0..1547e8850 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -681,7 +681,8 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx,
"", LDAP_SCOPE_BASE,
"(objectclass=*)", attrs, NULL, 0,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
talloc_zfree(req);
return NULL;
@@ -757,6 +758,7 @@ struct sdap_get_generic_state {
struct sdap_attr_map *map;
int map_num_attrs;
int timeout;
+ bool allow_paging;
struct sdap_op *op;
@@ -784,7 +786,8 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx,
const char **attrs,
struct sdap_attr_map *map,
int map_num_attrs,
- int timeout)
+ int timeout,
+ bool allow_paging)
{
errno_t ret;
struct sdap_get_generic_state *state;
@@ -810,6 +813,15 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx,
state->cookie.bv_len = 0;
state->cookie.bv_val = NULL;
+ /* Be extra careful and never allow paging for BASE searches,
+ * even if requested.
+ */
+ if (scope == LDAP_SCOPE_BASE) {
+ state->allow_paging = false;
+ } else {
+ state->allow_paging = allow_paging;
+ }
+
ret = sdap_get_generic_step(req);
if (ret != EOK) {
tevent_req_error(req, ret);
@@ -854,9 +866,9 @@ static errno_t sdap_get_generic_step(struct tevent_req *req)
disable_paging = dp_opt_get_bool(state->opts->basic, SDAP_DISABLE_PAGING);
- if (!disable_paging
- && sdap_is_control_supported(state->sh,
- LDAP_CONTROL_PAGEDRESULTS)) {
+ if (!disable_paging && state->allow_paging &&
+ sdap_is_control_supported(state->sh,
+ LDAP_CONTROL_PAGEDRESULTS)) {
lret = ldap_create_page_control(state->sh->ldap,
state->sh->page_size,
state->cookie.bv_val ?
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 346940b00..5c011b301 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -48,7 +48,8 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
struct sdap_handle *sh,
const char **attrs,
const char *wildcard,
- int timeout);
+ int timeout,
+ bool enumeration);
int sdap_get_users_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx, char **timestamp);
@@ -60,7 +61,8 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
struct sdap_handle *sh,
const char **attrs,
const char *wildcard,
- int timeout);
+ int timeout,
+ bool enumeration);
int sdap_get_groups_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx, char **timestamp);
@@ -147,7 +149,8 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx,
const char **attrs,
struct sdap_attr_map *map,
int map_num_attrs,
- int timeout);
+ int timeout,
+ bool allow_paging);
int sdap_get_generic_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx, size_t *reply_count,
struct sysdb_attrs ***reply_list);
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index 8fdadb1b2..f4a460af9 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -428,6 +428,7 @@ struct sdap_get_users_state {
struct sysdb_ctx *sysdb;
const char **attrs;
const char *filter;
+ bool enumeration;
char *higher_usn;
struct sysdb_attrs **users;
@@ -444,7 +445,8 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
struct sdap_handle *sh,
const char **attrs,
const char *filter,
- int timeout)
+ int timeout,
+ bool enumeration)
{
struct tevent_req *req, *subreq;
struct sdap_get_users_state *state;
@@ -462,6 +464,7 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
state->higher_usn = NULL;
state->users = NULL;
state->count = 0;
+ state->enumeration = enumeration;
subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
dp_opt_get_string(state->opts->basic,
@@ -469,7 +472,7 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
LDAP_SCOPE_SUBTREE,
state->filter, state->attrs,
state->opts->user_map, SDAP_OPTS_USER,
- timeout);
+ timeout, state->enumeration);
if (!subreq) {
talloc_zfree(req);
return NULL;
@@ -1458,7 +1461,8 @@ sdap_process_missing_member_2307bis(struct tevent_req *req,
grp_state->opts->user_map,
SDAP_OPTS_USER,
dp_opt_get_int(grp_state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
return ENOMEM;
}
@@ -1659,7 +1663,8 @@ next:
state->opts->user_map,
SDAP_OPTS_USER,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
@@ -1711,6 +1716,7 @@ struct sdap_get_groups_state {
struct sysdb_ctx *sysdb;
const char **attrs;
const char *filter;
+ bool enumeration;
char *higher_usn;
struct sysdb_attrs **groups;
@@ -1732,7 +1738,8 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
struct sdap_handle *sh,
const char **attrs,
const char *filter,
- int timeout)
+ int timeout,
+ bool enumeration)
{
struct tevent_req *req, *subreq;
struct sdap_get_groups_state *state;
@@ -1750,6 +1757,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
state->higher_usn = NULL;
state->groups = NULL;
state->count = 0;
+ state->enumeration = enumeration;
subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
dp_opt_get_string(state->opts->basic,
@@ -1757,7 +1765,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
LDAP_SCOPE_SUBTREE,
state->filter, state->attrs,
state->opts->group_map, SDAP_OPTS_GROUP,
- timeout);
+ timeout, state->enumeration);
if (!subreq) {
talloc_zfree(req);
return NULL;
@@ -2320,7 +2328,8 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
filter, attrs,
state->opts->group_map, SDAP_OPTS_GROUP,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ true);
if (!subreq) {
talloc_zfree(req);
return NULL;
@@ -2646,7 +2655,8 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
state->filter, state->grp_attrs,
state->opts->group_map, SDAP_OPTS_GROUP,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
talloc_zfree(req);
return NULL;
@@ -2696,7 +2706,8 @@ static void sdap_initgr_nested_search(struct tevent_req *subreq)
state->opts->group_map,
SDAP_OPTS_GROUP,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
@@ -3243,7 +3254,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
filter, state->ldap_attrs,
state->opts->user_map, SDAP_OPTS_USER,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
talloc_zfree(req);
return NULL;
@@ -3835,7 +3847,8 @@ static errno_t sdap_nested_group_lookup_user(struct tevent_req *req,
state->opts->user_map,
SDAP_OPTS_USER,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
talloc_free(sdap_attrs);
return EIO;
@@ -3878,7 +3891,8 @@ static errno_t sdap_nested_group_lookup_group(struct tevent_req *req)
state->opts->group_map,
SDAP_OPTS_GROUP,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
talloc_free(sdap_attrs);
return EIO;
@@ -4242,7 +4256,8 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send(
filter, attrs,
state->opts->group_map, SDAP_OPTS_GROUP,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ true);
if (!subreq) {
talloc_zfree(req);
return NULL;
@@ -4820,7 +4835,8 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req)
filter, attrs,
state->opts->group_map, SDAP_OPTS_GROUP,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ true);
if (!subreq) {
ret = EIO;
goto error;
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index 1f6c6d063..36dcd40d9 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -469,7 +469,8 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req)
cn_attr, state->opts->netgroup_map,
SDAP_OPTS_NETGROUP,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
DEBUG(1, ("sdap_get_generic_send failed.\n"));
return ENOMEM;
@@ -610,7 +611,7 @@ struct tevent_req *sdap_get_netgroups_send(TALLOC_CTX *memctx,
LDAP_SCOPE_SUBTREE,
state->filter, state->attrs,
state->opts->netgroup_map,
- SDAP_OPTS_NETGROUP, timeout);
+ SDAP_OPTS_NETGROUP, timeout, false);
if (!subreq) {
talloc_zfree(req);
return NULL;
generated by cgit (git 2.34.1) at 2024-05-03 17:14:17 +0000