summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_async.c')
-rw-r--r--src/providers/ldap/sdap_async.c45
1 files changed, 40 insertions, 5 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 2b9268de4..306d76227 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -870,7 +870,8 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx,
"", LDAP_SCOPE_BASE,
"(objectclass=*)", attrs, NULL, 0,
dp_opt_get_int(state->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_SEARCH_TIMEOUT),
+ false);
if (!subreq) {
talloc_zfree(req);
return NULL;
@@ -1023,6 +1024,7 @@ struct sdap_get_generic_ext_state {
sdap_parse_cb parse_cb;
void *cb_data;
+ bool allow_paging;
};
static errno_t sdap_get_generic_ext_step(struct tevent_req *req);
@@ -1045,6 +1047,7 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx,
LDAPControl **clientctrls,
int sizelimit,
int timeout,
+ bool allow_paging,
sdap_parse_cb parse_cb,
void *cb_data)
{
@@ -1052,6 +1055,7 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx,
struct sdap_get_generic_ext_state *state;
struct tevent_req *req;
int i;
+ LDAPControl *control;
req = tevent_req_create(memctx, &state, struct sdap_get_generic_ext_state);
if (!req) return NULL;
@@ -1073,6 +1077,35 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx,
state->cb_data = cb_data;
state->clientctrls = clientctrls;
+
+ /* Be extra careful and never allow paging for BASE searches,
+ * even if requested.
+ */
+ if (scope == LDAP_SCOPE_BASE) {
+ state->allow_paging = false;
+ } else {
+ state->allow_paging = allow_paging;
+ }
+
+ /* Also check for deref/asq requests and force
+ * paging on for those requests
+ */
+ /* X-DEREF */
+ control = ldap_control_find(LDAP_CONTROL_X_DEREF,
+ serverctrls,
+ NULL);
+ if (control) {
+ state->allow_paging = true;
+ }
+
+ /* ASQ */
+ control = ldap_control_find(LDAP_SERVER_ASQ_OID,
+ serverctrls,
+ NULL);
+ if (control) {
+ state->allow_paging = true;
+ }
+
for (state->nserverctrls=0;
serverctrls && serverctrls[state->nserverctrls];
state->nserverctrls++) ;
@@ -1135,6 +1168,7 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req)
disable_paging = dp_opt_get_bool(state->opts->basic, SDAP_DISABLE_PAGING);
if (!disable_paging
+ && state->allow_paging
&& sdap_is_control_supported(state->sh,
LDAP_CONTROL_PAGEDRESULTS)) {
lret = ldap_create_page_control(state->sh->ldap,
@@ -1347,7 +1381,8 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx,
const char **attrs,
struct sdap_attr_map *map,
int map_num_attrs,
- int timeout)
+ int timeout,
+ bool allow_paging)
{
struct tevent_req *req = NULL;
struct tevent_req *subreq = NULL;
@@ -1361,7 +1396,7 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx,
subreq = sdap_get_generic_ext_send(state, ev, opts, sh, search_base,
scope, filter, attrs, false, NULL,
- NULL, 0, timeout,
+ NULL, 0, timeout, allow_paging,
sdap_get_generic_parse_entry, state);
if (!subreq) {
talloc_zfree(req);
@@ -1495,7 +1530,7 @@ sdap_x_deref_search_send(TALLOC_CTX *memctx, struct tevent_context *ev,
subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn,
LDAP_SCOPE_BASE, NULL, attrs,
false, state->ctrls, NULL, 0, timeout,
- sdap_x_deref_parse_entry,
+ true, sdap_x_deref_parse_entry,
state);
if (!subreq) {
talloc_zfree(req);
@@ -1720,7 +1755,7 @@ sdap_asq_search_send(TALLOC_CTX *memctx, struct tevent_context *ev,
subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn,
LDAP_SCOPE_BASE, NULL, attrs,
false, state->ctrls, NULL, 0, timeout,
- sdap_asq_search_parse_entry,
+ true, sdap_asq_search_parse_entry,
state);
if (!subreq) {
talloc_zfree(req);
generated by cgit (git 2.34.1) at 2024-05-05 01:11:57 +0000