8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek LDAP Enumeration Module
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek Simo Sorce <ssorce@redhat.com>
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek Jakub Hrozek <jhrozek@redhat.com>
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek Copyright (C) 2013 Red Hat
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek This program is free software; you can redistribute it and/or modify
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek it under the terms of the GNU General Public License as published by
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek the Free Software Foundation; either version 3 of the License, or
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek (at your option) any later version.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek This program is distributed in the hope that it will be useful,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek but WITHOUT ANY WARRANTY; without even the implied warranty of
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek GNU General Public License for more details.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek You should have received a copy of the GNU General Public License
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek along with this program. If not, see <http://www.gnu.org/licenses/>.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic errno_t enum_users_recv(struct tevent_req *req);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic errno_t enum_groups_recv(struct tevent_req *req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek/* ==Enumeration-Request-with-connections=================================== */
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic errno_t sdap_dom_enum_ex_retry(struct tevent_req *req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic bool sdap_dom_enum_ex_connected(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_users(struct tevent_req *subreq);
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozekstatic void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq);
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozekstatic errno_t sdap_dom_enum_search_users(struct tevent_req *req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_users_done(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_groups(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_groups_done(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_svcs(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_svcs_done(struct tevent_req *subreq);
725bb2a9901c4f673b107ed179f5d68ec443ca63Pavel Březina req = tevent_req_create(memctx, &state, struct sdap_dom_enum_ex_state);
4b1a46396caf656095e5f5e90d43996bdeaba0f3Pavel Reichl t = dp_opt_get_int(ctx->opts->basic, SDAP_PURGE_CACHE_TIMEOUT);
66edf42c51f8591c93204b6490c103fa51346f47Jakub Hrozek if ((sdom->last_purge.tv_sec + t) < sdom->last_enum.tv_sec) {
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek state->user_op = sdap_id_op_create(state, user_conn->conn_cache);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_create failed for users\n");
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->user_op,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sdap_dom_enum_ex_retry failed\n");
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic errno_t sdap_dom_enum_ex_retry(struct tevent_req *req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek subreq = sdap_id_op_connect_send(op, state, &ret);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "sdap_id_op_connect_send failed: %d\n", ret);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic bool sdap_dom_enum_ex_connected(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ret = sdap_id_op_connect_recv(subreq, &dp_error);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Backend is marked offline, retry later!\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Domain enumeration failed to connect to " \
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "LDAP server: (%d)[%s]\n", ret, strerror(ret));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek return false;
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek return true;
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_users(struct tevent_req *subreq)
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek if (sdap_dom_enum_ex_connected(subreq) == false) {
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* If POSIX attributes have been requested with an AD server and we
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek * have no idea about POSIX attributes support, run a one-time check
ba8a92bbd59f189bd1323dd0c4010cdfc694be35Jakub Hrozek subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts,
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* Execution resumes in sdap_dom_enum_ex_users_done */
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozekstatic void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq)
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
ba8a92bbd59f189bd1323dd0c4010cdfc694be35Jakub Hrozek ret = sdap_gc_posix_check_recv(subreq, &has_posix);
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* We can only finish the id_op on error as the connection
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek * is re-used by the user search
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek ret = sdap_id_op_done(state->user_op, ret, &dp_error);
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->user_op,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Backend is offline, retrying later\n");
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek /* Non-recoverable error */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "POSIX check failed: %d: %s\n", ret, sss_strerror(ret));
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* If the check ran to completion, we know for certain about the attributes
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek if (has_posix == false) {
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* Execution resumes in sdap_dom_enum_ex_users_done */
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozekstatic errno_t sdap_dom_enum_search_users(struct tevent_req *req)
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek tevent_req_set_callback(subreq, sdap_dom_enum_ex_users_done, req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_users_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_id_op_done(state->user_op, ret, &dp_error);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->user_op,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Backend is offline, retrying later\n");
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek /* Non-recoverable error */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "User enumeration failed: %d: %s\n", ret, sss_strerror(ret));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek state->group_op = sdap_id_op_create(state, state->group_conn->conn_cache);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_create failed for groups\n");
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->group_op,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek /* Continues to sdap_dom_enum_ex_get_groups */
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_groups(struct tevent_req *subreq)
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek if (sdap_dom_enum_ex_connected(subreq) == false) {
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek subreq = enum_groups_send(state, state->ev, state->ctx,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek tevent_req_set_callback(subreq, sdap_dom_enum_ex_groups_done, req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_groups_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_id_op_done(state->group_op, ret, &dp_error);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->group_op,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Backend is offline, retrying later\n");
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek /* Non-recoverable error */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Group enumeration failed: %d: %s\n", ret, sss_strerror(ret));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek state->svc_op = sdap_id_op_create(state, state->svc_conn->conn_cache);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_create failed for svcs\n");
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->svc_op,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_svcs(struct tevent_req *subreq)
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek if (sdap_dom_enum_ex_connected(subreq) == false) {
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek subreq = enum_services_send(state, state->ev, state->ctx,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek tevent_req_set_callback(subreq, sdap_dom_enum_ex_svcs_done, req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_svcs_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_id_op_done(state->svc_op, ret, &dp_error);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->user_op,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Backend is offline, retrying later\n");
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek /* Non-recoverable error */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Service enumeration failed: %d: %s\n", ret, sss_strerror(ret));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* Ok, we've completed an enumeration. Save this to the
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * sysdb so we can postpone starting up the enumeration
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * process on the next SSSD service restart (to avoid
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * slowing down system boot-up
e2ac9be4f293b96f3c8992f1171e44bc1da5cfcaMichal Zidek ret = sysdb_set_enumerated(state->sdom->dom, true);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Could not mark domain as having enumerated.\n");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* This error is non-fatal, so continue */
fc6afb011198f84a30e6598c62923b5a588ccd54Jakub Hrozek ret = ldap_id_cleanup(state->ctx->opts, state->sdom);
34a63c4a00096da7a8e09d49b5970bb1f807eddcJakub Hrozek /* Not fatal, worst case we'll have stale entries that would be
34a63c4a00096da7a8e09d49b5970bb1f807eddcJakub Hrozek * removed on a subsequent online lookup
4772d3f1fe5015a25ba1fb4c3779ee3117ec6fcbPavel Reichl DEBUG(SSSDBG_MINOR_FAILURE, "Cleanup failed: [%d]: %s\n",
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekerrno_t sdap_dom_enum_ex_recv(struct tevent_req *req)
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek/* ==Enumeration-Request==================================================== */
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek return sdap_dom_enum_ex_send(memctx, ev, ctx, sdom, conn, conn, conn);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekerrno_t sdap_dom_enum_recv(struct tevent_req *req)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek/* ==User-Enumeration===================================================== */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic void enum_users_done(struct tevent_req *subreq);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek req = tevent_req_create(memctx, &state, struct enum_users_state);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek use_mapping = sdap_idmap_domain_has_algorithmic_mapping(
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* We always want to filter on objectclass and an available name */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek "(&(objectclass=%s)(%s=*)",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to build base filter\n");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* If we're ID-mapping, check for the objectSID as well */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* We're not ID-mapping, so make sure to only get entries
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * that have UID and GID
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to build base filter\n");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek if (ctx->srv_opts && ctx->srv_opts->max_user_value && !purge) {
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* If we have lastUSN available and we're not doing a full
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * refresh, limit to changes with a higher entryUSN value.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek "(%s>=%s)(!(%s=%s))",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to build base filter\n");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* Terminate the search filter */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek state->filter = talloc_asprintf_append_buffer(state->filter, ")");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to build base filter\n");
4dd38025efda88f123eac672f87d3cda12f050c8Jakub Hrozek ret = build_attrs_from_map(state, ctx->opts->user_map,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* TODO: restrict the enumerations to using a single
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * search base at a time.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek tevent_req_set_callback(subreq, enum_users_done, req);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic void enum_users_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct enum_users_state *state = tevent_req_data(req,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ret = sdap_get_users_recv(subreq, state, &usn_value);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek talloc_zfree(state->ctx->srv_opts->max_user_value);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek if ((endptr == NULL || (*endptr == '\0' && endptr != usn_value))
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek && (usn_number > state->ctx->srv_opts->last_usn)) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CONF_SETTINGS, "Users higher USN value: [%s]\n",
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic errno_t enum_users_recv(struct tevent_req *req)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek/* =Group-Enumeration===================================================== */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic void enum_groups_done(struct tevent_req *subreq);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek req = tevent_req_create(memctx, &state, struct enum_groups_state);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek use_mapping = sdap_idmap_domain_has_algorithmic_mapping(
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* We always want to filter on objectclass and an available name */
7ba70236daccb48432350147d0560b3302518ceeMichal Zidek oc_list = sdap_make_oc_list(state, ctx->opts->group_map);
7ba70236daccb48432350147d0560b3302518ceeMichal Zidek DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create objectClass list.\n");
7ba70236daccb48432350147d0560b3302518ceeMichal Zidek state->filter = talloc_asprintf(state, "(&(%s)(%s=*)", oc_list,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ctx->opts->group_map[SDAP_AT_GROUP_NAME].name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to build base filter\n");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* If we're ID-mapping, check for the objectSID as well */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* We're not ID-mapping, so make sure to only get entries
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * that have a non-zero GID.
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to build base filter\n");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek if (ctx->srv_opts && ctx->srv_opts->max_group_value && !purge) {
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek "(%s>=%s)(!(%s=%s))",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to build base filter\n");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* Terminate the search filter */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek state->filter = talloc_asprintf_append_buffer(state->filter, ")");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to build base filter\n");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* TODO: restrict the enumerations to using a single
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * search base at a time.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek subreq = sdap_get_groups_send(state, state->ev,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek tevent_req_set_callback(subreq, enum_groups_done, req);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic void enum_groups_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct enum_groups_state *state = tevent_req_data(req,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ret = sdap_get_groups_recv(subreq, state, &usn_value);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek talloc_zfree(state->ctx->srv_opts->max_group_value);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek if ((endptr == NULL || (*endptr == '\0' && endptr != usn_value))
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek && (usn_number > state->ctx->srv_opts->last_usn)) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CONF_SETTINGS, "Groups higher USN value: [%s]\n",